Configuration Guide - LAN Access and MAN Access

HUAWEI NetEngine80E/40E Router
V600R008C10
Configuration Guide - LAN Access
and MAN Access
Issue
02
Date
2014-09-30
HUAWEI TECHNOLOGIES CO., LTD.
Copyright © Huawei Technologies Co., Ltd. 2014. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.
Address:
Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website:
http://www.huawei.com
Email:
support@huawei.com
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
i
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
About This Document
About This Document
Purpose
This manual describes LAN access and MAN access technologies, including principles,
configuration steps, and configuration examples of MAC address, Ethernet, LACP, VLAN,
QinQ, MSTP, BPDU tunnel, and RRPP.
NOTICE
Note the following precautions:
l The encryption algorithms DES/3DES/SKIPJACK/RC2/RSA (RSA-1024 or lower)/MD2/
MD4/MD5 (in digital signature scenarios and password encryption)/SHA1 (in digital
signature scenarios) have a low security, which may bring security risks. If protocols allowed,
using more secure encryption algorithms, such as AES/RSA (RSA-2048 or higher)/SHA2/
HMAC-SHA2, is recommended.
l If the plain parameter is specified, the password will be saved in plaintext in the configuration
file, which has a high security risk. Therefore, specifying the cipher parameter is
recommended. To further improve device security, periodically change the password.
l Do not set both the start and end characters of a password to "%$%$." This causes the
password to be displayed directly in the configuration file.
Related Versions
The following table lists the product versions related to this document.
Product Name
Version
HUAWEI NetEngine80E/40E
Router
V600R008C10
Intended Audience
This document is intended for:
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
ii
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
About This Document
l
Commissioning engineer
l
Data configuration engineer
l
Network monitoring engineer
l
System maintenance engineer
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
Indicates an imminently hazardous situation which, if not
avoided, will result in death or serious injury.
Indicates a potentially hazardous situation which, if not
avoided, could result in death or serious injury.
Indicates a potentially hazardous situation which, if not
avoided, may result in minor or moderate injury.
Indicates a potentially hazardous situation which, if not
avoided, could result in equipment damage, data loss,
performance deterioration, or unanticipated results.
NOTICE is used to address practices not related to personal
injury.
Calls attention to important information, best practices and
tips.
NOTE is used to address information not related to personal
injury, equipment damage, and environment deterioration.
Command Conventions
The command conventions that may be found in this document are defined as follows.
Issue 02 (2014-09-30)
Convention
Description
Boldface
The keywords of a command line are in boldface.
Italic
Command arguments are in italics.
[]
Items (keywords or arguments) in brackets [ ] are optional.
{ x | y | ... }
Optional items are grouped in braces and separated by
vertical bars. One item is selected.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
iii
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
About This Document
Convention
Description
[ x | y | ... ]
Optional items are grouped in brackets and separated by
vertical bars. One item is selected or no item is selected.
{ x | y | ... }*
Optional items are grouped in braces and separated by
vertical bars. A minimum of one item or a maximum of all
items can be selected.
[ x | y | ... ]*
Optional items are grouped in brackets and separated by
vertical bars. Several items or no item can be selected.
&<1-n>
The parameter before the & sign can be repeated 1 to n times.
#
A line starting with the # sign is comments.
Change History
Changes between document issues are cumulative. The latest document issue contains all the
changes made in earlier issues.
Changes in Issue 02 (2014-09-30)
This issue is the second official release.
Changes in Issue 01 (2014-06-30)
This issue is the first official release.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
iv
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Contents
Contents
About This Document.....................................................................................................................ii
1 MAC Address Table Configuration...........................................................................................1
1.1 MAC Address Table Introduction..................................................................................................................................3
1.1.1 MAC Address Table Overview...................................................................................................................................3
1.1.2 MAC Addresses Learning Limit Supported by the NE80E/40E.................................................................................4
1.2 Configuring the MAC Address Table Based on the VLAN and Layer 2 Interface.......................................................5
1.2.1 Before You Start..........................................................................................................................................................5
1.2.2 Configuring MAC Address Entries.............................................................................................................................6
1.2.3 Configuring MAC Address Entries Based on the Layer 2 VE Interface.....................................................................7
1.2.4 Checking the Configurations.......................................................................................................................................7
1.3 Configuring the MAC Address Table Based on the VSI and Layer 3 Interface............................................................9
1.3.1 Before You Start..........................................................................................................................................................9
1.3.2 Configuring MAC Address Entries...........................................................................................................................10
1.3.3 Configuring MAC Address Entries Based on the VLANIF Interface.......................................................................11
1.3.4 Checking the Configurations.....................................................................................................................................12
1.4 Configuring the Aging Time of a MAC Address Table...............................................................................................13
1.4.1 Before You Start........................................................................................................................................................14
1.4.2 Setting the Aging Time of a MAC Address Table....................................................................................................14
1.4.3 Checking the Configurations.....................................................................................................................................15
1.4.4 Configuring Immediate MAC Address Synchronization on Physical Interfaces......................................................15
1.5 Maintaining MAC Address Table................................................................................................................................16
1.6 Configuring the Usage Threshold for a MAC Address Table......................................................................................16
1.6.1 Clearing the Dynamic MAC Address........................................................................................................................17
1.7 Configuration Examples...............................................................................................................................................18
1.7.1 Example for Configuring the MAC Address Table Based on the Interface and VLAN...........................................18
1.7.2 Example for Configuring the MAC Address Table Based on the dot1q Termination Sub-interface and VSI.........21
1.7.3 Example for Configuring the MAC Address Table Based on the QinQ Termination Sub-interface and VSI..........29
1.7.4 Example for Configuring the MAC Address Table Based on the VLANIF Interface and VSI................................38
1.7.5 Example for Configuring the MAC Address Table Based on the VLAN and Layer 2 VE Interface.......................47
1.7.6 Example for Configuring the MAC Address Table Based on the Interface and VSI................................................50
2 Ethernet Interface Configuration.............................................................................................52
2.1 Ethernet Interface Introduction.....................................................................................................................................54
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
v
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Contents
2.1.1 Introduction...............................................................................................................................................................54
2.1.2 Features of Ethernet Interfaces Supported by the NE80E/40E.................................................................................54
2.2 Configuring Ethernet Interfaces of the Interface Board...............................................................................................58
2.2.1 Before You Start........................................................................................................................................................58
2.2.2 Configuring the MTU of an Ethernet Interface.........................................................................................................58
2.2.3 Configuring the Working Mode of an Ethernet Interface.........................................................................................60
2.2.4 Configuring the Speed of an Ethernet Electrical Interface........................................................................................60
2.2.5 Configuring the GE/FE Optical/Electrical Interface.................................................................................................61
2.2.6 Configuring the LAN/WAN Transmission Mode for a 10 GE Interface..................................................................62
2.2.7 Configuring Remote-Fault Fast Detection................................................................................................................63
2.2.8 Configuring Overhead Bytes of the 10GE WAN Interface.......................................................................................63
2.2.9 Configuring Flow Control on the GE Interface.........................................................................................................64
2.2.10 Configuring Self-Loop Detection on the GE Interface............................................................................................65
2.2.11 Switching the Working Mode of an Ethernet Interface...........................................................................................66
2.2.12 Configuring Ethernet Interfaces to Reserve the Padding Fields in Upstream Packets............................................66
2.2.13 Checking the Configuration.....................................................................................................................................67
2.3 Configuring Ethernet Interfaces of the SRU................................................................................................................68
2.3.1 Before You Start........................................................................................................................................................68
2.3.2 Assigning an IP Address to an Ethernet Interface.....................................................................................................69
2.3.3 Configuring the Working Mode of an Ethernet Electrical Interface.........................................................................70
2.3.4 Configuring the Speed of an Ethernet Electrical Interface........................................................................................70
2.3.5 Configuring the Promiscuity Mode...........................................................................................................................71
2.4 Configuring Ethernet Interfaces Layer 2 Parameters...................................................................................................72
2.4.1 Before You Start........................................................................................................................................................72
2.4.2 Configuring Link Layer Type of an Ethernet Interface.............................................................................................72
2.5 Configuring SmartLink Flush Function.......................................................................................................................73
2.5.1 Before You Start........................................................................................................................................................74
2.5.2 Enabling a Port to Process SmartLink Flush Packets................................................................................................74
2.6 Configuring the Alarm Function on an Ethernet Interface...........................................................................................75
2.6.1 Before You Start........................................................................................................................................................75
2.6.2 Configuring the Alarm Function of Bandwidth Utilization on an Interface.............................................................76
2.6.3 Configuring the Alarm Function of CRC Errors on an Interface..............................................................................77
2.6.4 Configuring the Alarm Function of SDH errors on an Interface...............................................................................77
2.6.5 Configuring the Alarm Function of Error Packets on an Interface...........................................................................78
2.6.6 Configuring the Loopback Alarm Function on an Interface.....................................................................................79
2.6.7 Configuring the Alarm Function for a LocalFault or a RemoteFault on an Interface...............................................79
2.6.8 Configuring the Alarm Function in Cases of Polarity Errors on Electrical Interfaces..............................................80
2.6.9 Checking the Configurations.....................................................................................................................................80
2.7 Maintaining Ethernet Interfaces...................................................................................................................................81
2.7.1 Testing the Loop of Ethernet Interfaces....................................................................................................................81
2.8 Configuration Examples...............................................................................................................................................81
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
vi
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Contents
2.8.1 Example for Configuring a Layer 3 Ethernet Interface.............................................................................................82
2.8.2 Example for Configuring VLANs to Communicate Through Ethernet Sub-interfaces............................................84
2.8.3 Example for Configuring a Device to Handle Smartlink Flush Packets...................................................................84
3 Eth-Trunk Interface Configuration..........................................................................................89
3.1 Overview of Eth-Trunk Interfaces................................................................................................................................91
3.1.1 Introduction...............................................................................................................................................................91
3.1.2 Eth-Trunk Interface Features That the NE80E/40E Supports...................................................................................93
3.2 Configuring an Eth-Trunk Interface to Work in Static LACP Mode...........................................................................98
3.2.1 Before You Start........................................................................................................................................................98
3.2.2 Creating an Eth-Trunk Interface and Configuring It to Work in Static LACP Mode.............................................100
3.2.3 Adding Physical Interfaces to the Eth-Trunk Interface...........................................................................................101
3.2.4 Configuring Eth-Trunk Interface Parameters..........................................................................................................103
3.2.5 Configuring Parameters for Eth-Trunk Member Interfaces....................................................................................110
3.2.6 (Optical) Configuring an Eth-Trunk Sub-interface.................................................................................................110
3.2.7 Checking the Configurations...................................................................................................................................113
3.3 Configuring an Eth-Trunk Interface to Work in Manual Load Balancing Mode.......................................................115
3.3.1 Before You Start......................................................................................................................................................115
3.3.2 Creating an Eth-Trunk Interface and Configuring It to Work in Manual Load Balancing Mode...........................117
3.3.3 Adding Physical Interfaces to the Eth-Trunk Interface...........................................................................................118
3.3.4 Configuring Eth-Trunk Interface Parameters..........................................................................................................120
3.3.5 Configuring Parameters for Eth-Trunk Member Interfaces....................................................................................124
3.3.6 (Optical) Configuring an Eth-Trunk Sub-interface.................................................................................................124
3.3.7 Checking the Configurations...................................................................................................................................126
3.4 Configuring an Eth-Trunk Interface to Work in Manual 1:1 Active/Standby Mode.................................................129
3.4.1 Before You Start......................................................................................................................................................129
3.4.2 Creating an Eth-Trunk Interface to Work in Manual 1:1 Active/Standby Mode....................................................130
3.4.3 Adding Physical Interfaces to the Eth-Trunk Interface...........................................................................................131
3.4.4 Enabling an Eth-Trunk Interface to Send SmartLink Flush Packets.......................................................................132
3.4.5 Specifying the Master Member Interface in an Eth-Trunk Interface......................................................................133
3.4.6 Enabling an Intermediate Device to Receive SmartLink Flush Packets.................................................................134
3.4.7 Checking the Configurations...................................................................................................................................135
3.5 Configuring an Eth-Trunk Interface in Manual 1:1 Master/Backup Mode to Connect to a Non-Huawei Device
..........................................................................................................................................................................................137
3.6 Configuring an Eth-Trunk Interface to Work in Inter-Board Interface Standby Mode.............................................140
3.6.1 Before You Start......................................................................................................................................................140
3.6.2 Creating and Configuring an Eth-Trunk Interface to Work in Inter-Board Interface Standby Mode.....................141
3.6.3 Adding Member Interfaces to the Eth-Trunk Interface...........................................................................................142
3.6.4 (Optional) Specifying the Master Member Interface of an Eth-Trunk Interface.....................................................143
3.6.5 Checking the Configurations...................................................................................................................................144
3.7 Associating an Eth-Trunk Interface in Static LACP Mode with an mVRRP Backup Group....................................145
3.7.1 Before You Start......................................................................................................................................................145
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
vii
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Contents
3.7.2 Configuring a VRRP Backup Group to Track the Status of Member Interfaces of an Eth-Trunk Interface in Static
LACP Mode......................................................................................................................................................................148
3.7.3 Configuring an Eth-Trunk Interface in Static LACP Mode associating with an mVRRP Backup Group..............149
3.7.4 Checking the Configurations...................................................................................................................................149
3.8 Associating an Eth-Trunk Interface in Static LACP Mode with a Unicast VRRP Backup Group............................151
3.9 Configuring an E-Trunk.............................................................................................................................................153
3.9.1 Before You Start......................................................................................................................................................153
3.9.2 Creating an E-Trunk and Binding a BFD Session to the E-Trunk..........................................................................155
3.9.3 Adding an Interface to an E-Trunk..........................................................................................................................157
3.9.4 (Optional) Configuring E-Trunk Parameters...........................................................................................................158
3.9.5 (Optional) Configuring a Working Mode for an E-Trunk Member Interface.........................................................162
3.9.6 Checking the Configurations...................................................................................................................................163
3.10 Maintaining Eth-Trunk Interfaces............................................................................................................................165
3.10.1 Clearing the Statistics on an Eth-Trunk Interface..................................................................................................165
3.11 Configuration Examples...........................................................................................................................................166
3.11.1 Example for Configuring Eth-Trunk Interfaces to Work in Static LACP Mode..................................................166
3.11.2 Example for Configuring Eth-Trunk Interfaces to Work in Manual Load Balancing Mode................................171
3.11.3 Example for Configuring an Eth-Trunk Interface in Manual 1:1 Active/Standby Mode......................................174
3.11.4 Example for Configuring an Eth-Trunk Interface to Work in Inter-Board Interface Standby Mode....................180
3.11.5 Example for Configuring VLANs to Communicate Through Eth-Trunk Sub-interfaces.....................................181
3.11.6 Example for Associating Eth-Trunk Interfaces in Static LACP Mode with an mVRRP Backup Group.............186
3.11.7 Example for Configuring Eth-Trunk Interfaces in Static LACP Mode to Communicate over a VLL Network
..........................................................................................................................................................................................197
3.11.8 Example for Configuring an E-Trunk Associated with VPLS..............................................................................206
3.11.9 Example for Configuring an E-Trunk Associated with PW Redundancy.............................................................219
4 VLAN Configuration................................................................................................................234
4.1 VLAN Introduction....................................................................................................................................................236
4.1.1 Introduction.............................................................................................................................................................236
4.1.2 VLAN Features Supported by the NE80E/40E.......................................................................................................242
4.2 Configuring a VLAN Based on Ports.........................................................................................................................248
4.2.1 Before You Start......................................................................................................................................................248
4.2.2 Creating a VLAN.....................................................................................................................................................249
4.2.3 Configuring the Type of a Layer 2 Ethernet Port....................................................................................................250
4.2.4 Adding a Port to a VLAN........................................................................................................................................252
4.2.5 Checking the Configurations...................................................................................................................................253
4.3 Configuring a VLANIF Interface...............................................................................................................................254
4.3.1 Before You Start......................................................................................................................................................254
4.3.2 Creating a VLANIF Interface..................................................................................................................................255
4.3.3 Assigning an IP Address to a VLANIF Interface....................................................................................................255
4.3.4 (Optional) Setting a Delay After Which a VLANIF Interface Goes Down............................................................256
4.3.5 (Optional) Configuring Bandwidth for a VLANIF Interface..................................................................................257
4.3.6 Checking the Configurations...................................................................................................................................257
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
viii
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Contents
4.4 Configuring Inter-VLAN Communication.................................................................................................................258
4.4.1 Before You Start......................................................................................................................................................258
4.4.2 Configuring Sub-interfaces for Inter-VLAN Communication................................................................................260
4.4.3 Configuring VLANIF Interfaces for Inter-VLAN Communication........................................................................262
4.4.4 Configuring VLAN Mapping for Inter-VLAN Communication.............................................................................263
4.4.5 Checking the Configurations...................................................................................................................................265
4.5 Configuring VLAN Security Attributes.....................................................................................................................267
4.5.1 Before You Start......................................................................................................................................................267
4.5.2 Disabling a Port from Broadcasting Packets to Other Ports in the Same VLAN....................................................270
4.5.3 Disabling MAC Address Learning in a VLAN.......................................................................................................271
4.5.4 Enabling Flexible MAC Address Learning in a VLAN..........................................................................................272
4.5.5 (Optional) Disabling an Interface from Sending Unknown Unicast Packets to Other Interfaces in a VLAN........273
4.5.6 Checking the Configurations...................................................................................................................................274
4.6 Configuring VLAN Aggregation to Save IP Addresses.............................................................................................274
4.6.1 Before You Start......................................................................................................................................................275
4.6.2 Creating a Sub-VLAN.............................................................................................................................................276
4.6.3 Creating a Super-VLAN..........................................................................................................................................276
4.6.4 Assigning an IP Address to the VLANIF Interface of a Super-VLAN...................................................................277
4.6.5 (Optional) Configuring an IP Address Pool for a Sub-VLAN................................................................................278
4.6.6 (Optional) Enabling Proxy ARP on the VLANIF Interface of a Super-VLAN......................................................278
4.6.7 Checking the Configurations...................................................................................................................................279
4.7 Configuring VLAN Policy-based VPN Access..........................................................................................................281
4.7.1 Before You Start......................................................................................................................................................281
4.7.2 Configuring a VLAN Policy....................................................................................................................................282
4.7.3 Configuring a VPN..................................................................................................................................................285
4.7.4 Checking the Configurations...................................................................................................................................286
4.8 Configuring Interface Isolation in a VLAN...............................................................................................................287
4.8.1 Before You Start......................................................................................................................................................287
4.8.2 Configuring Interface Isolation in a VLAN............................................................................................................287
4.8.3 Enabling ARP Proxy in a VLAN............................................................................................................................289
4.9 Configuring the Isolation Based on Interface Groups in a VLAN.............................................................................290
4.9.1 Before You Start......................................................................................................................................................290
4.9.2 Adding an Interface to the Group to Be Isolated.....................................................................................................290
4.9.3 Checking the Configurations...................................................................................................................................291
4.10 Configuring Ethernet Loop Detection for a VLAN..................................................................................................292
4.10.1 Before You Start....................................................................................................................................................292
4.10.2 Configuring Ethernet Loop Detection for a VLAN...............................................................................................293
4.10.3 (Optional)Configuring Ethernet Loop Notification...............................................................................................294
4.10.4 (Optional) Configuring the Block Priority for an Interface...................................................................................294
4.10.5 (Optional) Configuring the Accurate Ethernet Loop Blocking Function..............................................................295
4.10.6 Checking the Configurations.................................................................................................................................296
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
ix
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Contents
4.11 Maintaining VLAN...................................................................................................................................................297
4.11.1 Clearing the Statistics of VLAN Packets..............................................................................................................297
4.12 Configuration Examples...........................................................................................................................................297
4.12.1 Example for Configuring Users in a VLAN to Communicate by Using a Trunk Link.........................................297
4.12.2 Example for Configuring Inter-VLAN Communication by Using Sub-interfaces...............................................303
4.12.3 Example for Configuring VLAN and Non-VLAN Users to Communicate by Using Sub-interfaces..................307
4.12.4 Example for Configuring Inter-VLAN Communication by Using VLANIF Interfaces.......................................310
4.12.5 Example for Configuring 1 to 1 VLAN Mapping for Inter-VLAN Communication............................................314
4.12.6 Example for Configuring Communication Between VLANs Through VLAN Aggregation................................318
4.12.7 Example for Configuring VLAN+802.1p for L2VPN Access (on a Common Sub-interface).............................323
4.12.8 Example for Configuring VLAN+DSCP for L2VPN Access (on a Common Sub-interface)..............................329
4.12.9 Example for Configuring VLAN+EthType for L2VPN Access (on a Common Sub-interface)..........................335
4.12.10 Example for Configuring VLAN+DSCP for L3VPN Access (on a Common Sub-interface)............................341
4.12.11 Example for Configuring VLAN+802.1p for L3VPN Access (on a Common Sub-interface)...........................351
4.12.12 Example for Configuring Untagged+DSCP for L3VPN Access.........................................................................360
4.12.13 Example for Configuring Interface Isolation in a VLAN....................................................................................369
4.12.14 Example for Configuring the Isolation Based on Interface Groups in a VLAN.................................................371
4.12.15 Example for Configuring Ethernet Loop Detection for a VLAN........................................................................374
4.12.16 Example for Configuring VLAN Mapping and VLANIF Interfaces for L3VPN Access...................................378
5 QinQ Configuration..................................................................................................................389
5.1 QinQ Introduction.......................................................................................................................................................391
5.1.1 QinQ Overview........................................................................................................................................................391
5.1.2 QinQ Feature Supported by the NE80E/40E...........................................................................................................392
5.2 Configuring the QinQ Tunnel Function.....................................................................................................................403
5.2.1 Before You Start......................................................................................................................................................403
5.2.2 Creating the Outer VLAN Tag for a Layer 2 Interface...........................................................................................404
5.2.3 Configuring QinQ for a Layer 2 Interface...............................................................................................................404
5.2.4 (Optional) Configuring the Protocol Type for the Outer Tag..................................................................................405
5.2.5 (Optional) Configuring the EtherType Value for VLAN TPIDs.............................................................................406
5.2.6 (Optional) Changing the Ethernet Encapsulation Type for the Outer Tag..............................................................406
5.2.7 (Optional) Configuring a Subcard to Transparently Transmit QinQ Packets Whose EType Values of the Outer TPIDs
Are Not 0x8100................................................................................................................................................................407
5.2.8 Checking the Configurations...................................................................................................................................408
5.3 Configuring Selective QinQ on a Layer 2 Interface...................................................................................................409
5.3.1 Before You Start......................................................................................................................................................409
5.3.2 Creating the Outer VLAN Tag for a QinQ Interface...............................................................................................410
5.3.3 Configuring Selective QinQ Interface on a Layer 2 Interface.................................................................................410
5.3.4 (Optional) Configuring the Protocol Type for the Outer Tag..................................................................................411
5.3.5 (Optional) Configuring the EtherType Value for VLAN TPIDs.............................................................................411
5.3.6 (Optional) Modifying the Protocol Type for the Outer Tag....................................................................................412
5.3.7 (Optional) Configuring a Subcard to Transparently Transmit QinQ Packets Whose EType Values of the Outer TPIDs
Are Not 0x8100................................................................................................................................................................413
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
x
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Contents
5.3.8 Checking the Configurations...................................................................................................................................413
5.4 Configuring QinQ-based VLAN Tag Swapping Function.........................................................................................414
5.4.1 Before You Start......................................................................................................................................................414
5.4.2 Configuring QinQ-based VLAN Tag Swapping.....................................................................................................416
5.4.3 Checking the Configurations...................................................................................................................................416
5.5 Configuring the Sub-interface for VLAN Tag Termination to Access the IP Service...............................................417
5.5.1 Before You Start......................................................................................................................................................417
5.5.2 Configuring the Interface Mode as the User-Termination Mode............................................................................418
5.5.3 Configuring the Sub-interface for dot1q VLAN Tag Termination.........................................................................419
5.5.4 Configuring the Sub-interface for QinQ VLAN Tag Termination..........................................................................419
5.5.5 Configuring the IP Service......................................................................................................................................420
5.5.6 Checking the Configurations...................................................................................................................................421
5.6 Configuring the Sub-interface for VLAN Tag Termination to Access the Multicast Service...................................422
5.6.1 Before You Start......................................................................................................................................................422
5.6.2 Configuring the Interface Mode as the User-Termination Mode............................................................................423
5.6.3 Configuring the Sub-interface for dot1q VLAN Tag Termination.........................................................................424
5.6.4 Configuring the Sub-interface for QinQ VLAN Tag Termination..........................................................................425
5.6.5 (Optional) Configuring a Push Action.....................................................................................................................426
5.6.6 (Optional) Configuring a PW-tag Action................................................................................................................428
5.6.7 Configuring the Multicast Service...........................................................................................................................430
5.6.8 Checking the Configurations...................................................................................................................................431
5.7 Configuring the Sub-interface for VLAN Tag Termination to Access the VPN Service..........................................433
5.7.1 Before You Start......................................................................................................................................................433
5.7.2 Configuring the Interface Mode as the User-Termination Mode............................................................................435
5.7.3 Configuring the Sub-interface for dot1q VLAN Tag Termination.........................................................................435
5.7.4 Configuring the Sub-interface for QinQ VLAN Tag Termination..........................................................................436
5.7.5 Configuring the VPN Service..................................................................................................................................438
5.7.6 Checking the Configurations...................................................................................................................................439
5.8 Configuring the Sub-interface for VLAN Tag Termination to Access the MPLS Service........................................443
5.8.1 Before You Start......................................................................................................................................................444
5.8.2 Configuring the Interface Mode as the User-Termination Mode............................................................................444
5.8.3 Configuring the Sub-interface for dot1q VLAN Tag Termination.........................................................................445
5.8.4 Configuring the Sub-interface for QinQ VLAN Tag Termination..........................................................................446
5.8.5 Configuring the MPLS Service...............................................................................................................................447
5.8.6 Checking the Configurations...................................................................................................................................447
5.9 Configuring the Sub-interface for QinQ VLAN Tag Termination to Support 802.1p Mapping Function................448
5.9.1 Before You Start......................................................................................................................................................448
5.9.2 Configuring the Interface Mode as the User-Termination Mode............................................................................449
5.9.3 Configuring the Sub-interface for QinQ VLAN Tag Termination to Support 802.1p Mapping............................449
5.9.4 Checking the Configurations...................................................................................................................................450
5.10 Configuring the Sub-interface for QinQ Stacking to Access an L2VPN.................................................................451
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xi
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Contents
5.10.1 Before You Start....................................................................................................................................................451
5.10.2 Configuring the Interface Mode as the User-Termination Mode..........................................................................452
5.10.3 Configuring the Sub-interface for VLAN Stacking..............................................................................................452
5.10.4 (Optional) Configuring a Push Action...................................................................................................................454
5.10.5 (Optional) Configuring a PW-tag Action..............................................................................................................457
5.10.6 Configuring the L2VPN........................................................................................................................................459
5.10.7 Checking the Configurations.................................................................................................................................460
5.11 Configuring Dynamic QinQ Function......................................................................................................................465
5.11.1 Before You Start....................................................................................................................................................465
5.11.2 Configuring the Interface Mode as the User-Termination Mode..........................................................................466
5.11.3 Configuring Dynamic QinQ..................................................................................................................................466
5.11.4 Configuring DHCP Snooping................................................................................................................................467
5.11.5 Checking the Configurations.................................................................................................................................468
5.12 Configuring the Sub-interface for QinQ VLAN Tag Termination to Support URPF..............................................469
5.12.1 Before You Start....................................................................................................................................................469
5.12.2 Configuring the Ethernet Interface of the PE........................................................................................................469
5.12.3 Configuring the Ethernet Sub-interface of the PE.................................................................................................470
5.12.4 Configuring URPF on the Sub-interface for QinQ VLAN Tag Termination........................................................471
5.12.5 Checking the Configurations.................................................................................................................................471
5.13 Configuring the User-Side QinQ..............................................................................................................................472
5.13.1 Before You Start....................................................................................................................................................472
5.13.2 Creating a User-Side VLAN..................................................................................................................................472
5.13.3 Checking the Configurations.................................................................................................................................473
5.14 Maintaining QinQ.....................................................................................................................................................474
5.14.1 Clearing QinQ Statistics........................................................................................................................................474
5.14.2 Monitoring the Operating Status of the Termination Sub-interface......................................................................474
5.15 Configuration Examples...........................................................................................................................................475
5.15.1 Example for Configuring the QinQ Tunnel...........................................................................................................475
5.15.2 Example for Configuring Selective QinQ on a Layer 2 Interface.........................................................................479
5.15.3 Example for Configuring Compatibility of the EthType Field in the Outer Tag of QinQ Packets.......................482
5.15.4 Example for Configuring the Sub-interface for dot1q VLAN Tag Termination to Support Proxy ARP.............484
5.15.5 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support Proxy ARP..............486
5.15.6 Example for Configuring the Sub-interface for dot1q VLAN Tag Termination to Support VRRP.....................490
5.15.7 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support VRRP......................499
5.15.8 Example for Configuring the Sub-interface for dot1q and QinQ VLAN Tag Termination to Access an L3VPN
..........................................................................................................................................................................................512
5.15.9 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Access a VLL.......................525
5.15.10 Example for Configuring the Dot1q Termination Sub-interface to Access the VLL..........................................534
5.15.11 Example for Configuring the Sub-interface for dot1q and QinQ VLAN Tag Termination to Access a VPLS
..........................................................................................................................................................................................544
5.15.12 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Access a VPLS Network
..........................................................................................................................................................................................556
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xii
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Contents
5.15.13 Example for Configuring a Sub-interface for QinQ VLAN Tag Termination to Support the Local Connection
..........................................................................................................................................................................................570
5.15.14 Example for Configuring the Sub-interface for dot1q VLAN Tag Termination to Support the DHCP Relay Function
..........................................................................................................................................................................................576
5.15.15 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support the DHCP Relay Function
..........................................................................................................................................................................................580
5.15.16 Example for Configuring Dynamic QinQ...........................................................................................................586
5.15.17 Example for Configuring the Sub-interface for VLAN Stacking to Access a VLL............................................593
5.15.18 Example for Configuring the Sub-interface for QinQ VLAN Stacking to Access a VPLS Network.................604
5.15.19 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support URPF....................617
5.15.20 Example for Configuring the dot1q Termination Sub-interface in a VSI to Support IGMP Snooping..............620
5.15.21 Example for Configuring the QinQ Termination Sub-interface in a VSI to Support IGMP Snooping..............628
5.15.22 Example for Configuring the dot1q Termination Sub-interface to Support IGMP and Access an L3VPN.......636
5.15.23 Example for Configuring the QinQ Termination Sub-interface to Support IGMP and Access an L3VPN........647
5.15.24 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support MPLS TE..............655
5.15.25 Example for Configuring the User-Side QinQ....................................................................................................663
5.15.26 Example for Configuring VLAN+802.1p for L2VPN Access (on a Sub-interface for Dot1q VLAN Tag
Termination).....................................................................................................................................................................664
5.15.27 Example for Configuring VLAN+EthType for L2VPN Access (on a Sub-interface for Dot1q VLAN Tag
Termination).....................................................................................................................................................................672
5.15.28 Example for Configuring VLAN+DSCP for L2VPN Access (on a Sub-interface for Dot1q VLAN Tag
Termination).....................................................................................................................................................................680
5.15.29 Example for Configuring QinQ Stacking Sub-interface+802.1p for L2VPN Access.........................................688
5.15.30 Example for Configuring Stacking Sub-interface+EthType for L2VPN Access................................................694
5.15.31 Example for Configuring Stacking Sub-interface+DSCP for L2VPN Access....................................................701
5.15.32 Example for Configuring VLAN+802.1p for L3VPN Access (on a Sub-interface for Dot1q VLAN Tag
Termination).....................................................................................................................................................................708
5.15.33 Example for Configuring VLAN+DSCP for L3VPN Access (on a Sub-interface for Dot1q VLAN Tag
Termination).....................................................................................................................................................................719
6 STP/RSTP Configuration.........................................................................................................731
6.1 STP/RSTP Overview..................................................................................................................................................733
6.1.1 Introduction.............................................................................................................................................................733
6.1.2 STP/RSTP Features Supported by the NE80E/40E................................................................................................738
6.2 Configuring Basic STP/RSTP Functions...................................................................................................................740
6.2.1 Before You Start......................................................................................................................................................740
6.2.2 Configuring the STP/RSTP Mode...........................................................................................................................742
6.2.3 (Optional) Configuring Switching Device Priorities...............................................................................................742
6.2.4 (Optional) Configuring the Path Cost for a Port......................................................................................................743
6.2.5 (Optional) Configuring Port Priorities.....................................................................................................................745
6.2.6 Enabling STP/RSTP................................................................................................................................................745
6.2.7 Checking the Configurations...................................................................................................................................746
6.3 Configuring STP/RSTP Parameters on an Interface..................................................................................................747
6.3.1 Before You Start......................................................................................................................................................749
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xiii
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Contents
6.3.2 Configuring System Parameters..............................................................................................................................750
6.3.3 Configuring Port Parameters...................................................................................................................................752
6.3.4 Checking the Configurations...................................................................................................................................754
6.4 Configuring RSTP Protection Functions....................................................................................................................755
6.4.1 Before You Start......................................................................................................................................................755
6.4.2 Configuring BPDU Protection on a Switching Device...........................................................................................757
6.4.3 Configuring TC Protection on a Switching Device.................................................................................................757
6.4.4 Configuring Root Protection on a Port....................................................................................................................758
6.4.5 Configuring Loop Protection on a Port...................................................................................................................759
6.4.6 Checking the Configurations...................................................................................................................................760
6.5 Configuring STP/RSTP Interoperability Between Huawei Devices and Non-Huawei Devices................................761
6.5.1 Before You Start......................................................................................................................................................761
6.5.2 Configuring the Proposal/Agreement Mechanism..................................................................................................762
6.5.3 (Optional) Configuring an Interface to Transparently Transmit HVRP Packets....................................................763
6.5.4 Checking the Configurations...................................................................................................................................764
6.6 Maintaining STP/RSTP..............................................................................................................................................765
6.6.1 Clearing STP/RSTP Statistics.................................................................................................................................765
6.7 Configuration Examples.............................................................................................................................................765
6.7.1 Example for Configuring Basic STP Functions......................................................................................................765
6.7.2 Example for Configuring Basic RSTP Functions....................................................................................................772
7 MSTP Configuration.................................................................................................................780
7.1 MSTP Overview.........................................................................................................................................................782
7.1.1 MSTP Introduction..................................................................................................................................................782
7.1.2 MSTP Features Supported by the NE80E/40E........................................................................................................790
7.2 Configuring Basic MSTP Functions...........................................................................................................................795
7.2.1 Before You Start......................................................................................................................................................795
7.2.2 Configuring the MSTP Mode..................................................................................................................................797
7.2.3 Configuring and Activating an MST Region..........................................................................................................798
7.2.4 (Optional) Configuring a Priority for a Switching Device in an MSTI...................................................................799
7.2.5 (Optional) Configuring a Path Cost of a Port in an MSTI.......................................................................................800
7.2.6 (Optional) Configuring a Port Priority in an MSTI.................................................................................................802
7.2.7 Enabling MSTP.......................................................................................................................................................802
7.2.8 Checking the Configurations...................................................................................................................................803
7.3 Configuring MSTP Multi-process..............................................................................................................................804
7.3.1 Before You Start......................................................................................................................................................804
7.3.2 Creating an MSTP Process......................................................................................................................................805
7.3.3 Adding an Interface to an MSTP Process - Access Links.......................................................................................806
7.3.4 Adding an Interface to an MSTP Process - Share Link...........................................................................................807
7.3.5 Configuring Priorities and Root Protection in MSTP Multi-process......................................................................807
7.3.6 Configuring TC Notification in MSTP Multi-process............................................................................................808
7.3.7 Checking the Configurations...................................................................................................................................808
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xiv
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Contents
7.4 Configuring MSTP Parameters on an Interface.........................................................................................................809
7.4.1 Before You Start......................................................................................................................................................809
7.4.2 Configuring System Parameters..............................................................................................................................810
7.4.3 Configuring Port Parameters...................................................................................................................................812
7.4.4 Checking the Configurations...................................................................................................................................814
7.5 Configuring MSTP Protection Functions...................................................................................................................815
7.5.1 Before You Start......................................................................................................................................................815
7.5.2 Configuring BPDU Protection on a Switching Device...........................................................................................817
7.5.3 Configuring TC Protection on a Switching Device.................................................................................................818
7.5.4 Configuring Root Protection on an Interface..........................................................................................................819
7.5.5 Configuring Loop Protection on an Interface..........................................................................................................820
7.5.6 Configuring Share-Link Protection on a Switching Device....................................................................................821
7.5.7 Checking the Configurations...................................................................................................................................821
7.6 Configuring MSTP Interoperability Between Huawei Devices and Non-Huawei Devices.......................................822
7.6.1 Before You Start......................................................................................................................................................822
7.6.2 Configuring the BPDU Format on a Switching Device..........................................................................................823
7.6.3 Configuring a Proposal/Agreement Mechanism.....................................................................................................824
7.6.4 Configuring the MSTP Protocol Packet Format on an Interface.............................................................................825
7.6.5 Enabling the Digest Snooping Function..................................................................................................................826
7.6.6 (Optional) Configuring an Interface to Transparently Transmit HVRP Packets....................................................827
7.6.7 Checking the Configurations...................................................................................................................................827
7.7 Maintaining MSTP.....................................................................................................................................................828
7.7.1 Clearing MSTP Statistics.........................................................................................................................................829
7.8 Configuration Examples.............................................................................................................................................829
7.8.1 Example for Configuring Basic MSTP Functions...................................................................................................829
7.8.2 Example for Configuring MSTP Multi-process......................................................................................................839
7.8.3 Example for Configuring MSTP Multi-process for Layer 2 Single-Access Rings and Layer 2 Multi-Access Rings
..........................................................................................................................................................................................849
7.8.4 Example for Configuring MSTP+VLAN Mapping and VLANIF Interfaces for L3VPN Access..........................856
7.8.5 Example for Configuring E-STP - Inter-AS Option A (Martini Mode)..................................................................870
7.8.6 Example for Configuring E-STP - Inter-AS PW Interconnection (Martini Mode).................................................885
7.8.7 Example for Configuring E-STP for CE Dual-Homing..........................................................................................900
8 BPDU Tunnel Configuration..................................................................................................912
8.1 BPDU Tunnel Overview............................................................................................................................................913
8.1.1 Introduction.............................................................................................................................................................913
8.1.2 BPDU Tunnel Features Supported by the NE80E/40E...........................................................................................914
8.2 Configuring Interface-based BPDU Tunnels.............................................................................................................919
8.2.1 Before You Start......................................................................................................................................................919
8.2.2 Enabling STP function on the PEs and the CEs......................................................................................................920
8.2.3 Adding the Interfaces of the PE Connected to the CE to a Specified VLAN.........................................................920
8.2.4 Configuring Interface-based BPDU Tunnel............................................................................................................921
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xv
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Contents
8.2.5 Configuring PE Interfaces Connecting PSNs to Permit Packets with Specified Tags............................................923
8.2.6 Checking the Configurations...................................................................................................................................923
8.3 Configuring VLAN-based BPDU Tunnels.................................................................................................................924
8.3.1 Before You Start......................................................................................................................................................925
8.3.2 Enabling the STP Function on CEs and PEs...........................................................................................................925
8.3.3 Configuring BPDUs from CEs to PEs to Carry Specified Tags..............................................................................926
8.3.4 Configuring VLAN-based BPDU Tunnel...............................................................................................................927
8.3.5 Configuring PE Interfaces Connecting PSN to Permit Packets with Specified Tags..............................................928
8.3.6 Checking the Configurations...................................................................................................................................929
8.4 Configuring QinQ-based BPDU Tunnels...................................................................................................................931
8.4.1 Before You Start......................................................................................................................................................931
8.4.2 Enabling the STP Function on CEs and PEs...........................................................................................................931
8.4.3 Configuring the BPDUs from CEs to PEs to Carry the Specified Tags..................................................................932
8.4.4 Configuring QinQ-based BPDU Tunnel.................................................................................................................933
8.4.5 Configuring PE Interfaces Connecting PSNs to Permit the Packets with Specified Tags......................................935
8.4.6 Checking the Configurations...................................................................................................................................935
8.5 Configuration Examples.............................................................................................................................................937
8.5.1 Example for Configuring Interface-based BPDU Tunnel (Devices of Different Roles).........................................937
8.5.2 Example for Configuring Interface-based BPDU Tunnel (Devices of the Same Role)..........................................944
8.5.3 Example for Configuring VLAN-based Tunnel of BPDUs....................................................................................951
8.5.4 Example for Configuring Tunnel of BPDUs Based on QinQ.................................................................................959
9 RRPP Configuration.................................................................................................................967
9.1 RRPP Introduction......................................................................................................................................................969
9.1.1 Overview of RRPP..................................................................................................................................................969
9.1.2 RRPP Features Supported by the NE80E/40E........................................................................................................969
9.2 Configuring RRPP Functions.....................................................................................................................................973
9.2.1 Before You Start......................................................................................................................................................973
9.2.2 Creating the RRPP Domain.....................................................................................................................................974
9.2.3 Creating the Control VLAN....................................................................................................................................975
9.2.4 (Optional) Setting the Values of RRPP Domain Timers.........................................................................................976
9.2.5 Configuring the Ports on an RRPP Ring.................................................................................................................976
9.2.6 Creating the RRPP Ring..........................................................................................................................................978
9.2.7 Enabling the RRPP Ring.........................................................................................................................................979
9.2.8 Enabling RRPP........................................................................................................................................................979
9.2.9 Checking the Configurations...................................................................................................................................980
9.3 Configuring the Monitoring Interface........................................................................................................................981
9.3.1 Before You Start......................................................................................................................................................981
9.3.2 Setting the Monitoring Interface..............................................................................................................................982
9.3.3 Checking the Configurations...................................................................................................................................983
9.4 Configuring RRPP Snooping......................................................................................................................................984
9.4.1 Before You Start......................................................................................................................................................984
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xvi
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Contents
9.4.2 Enabling RRPP Snooping........................................................................................................................................986
9.4.3 (Optional) Configuring the VSI Associated with the RRPP Snooping...................................................................986
9.4.4 Checking the Configurations...................................................................................................................................987
9.5 Maintaining RRPP......................................................................................................................................................988
9.5.1 Clearing RRPP Running Information......................................................................................................................988
9.6 Configuration Examples.............................................................................................................................................988
9.6.1 Example for Configuring a Single RRPP Ring.......................................................................................................988
9.6.2 Example for Configuring a Crossed RRPP Ring.....................................................................................................993
9.6.3 Example for Configuring a Tangent RRPP Ring..................................................................................................1001
9.6.4 Example for Configuring a Crossed RRPP Ring to Connect Dual NPE...............................................................1009
9.6.5 Example for Configuring the RRPP Snooping......................................................................................................1025
10 ERPS (G.8032) Configuration..............................................................................................1035
10.1 Introduction............................................................................................................................................................1036
10.1.1 Overview.............................................................................................................................................................1036
10.1.2 ERPS Features Supported by the NE80E/40E....................................................................................................1043
10.2 Configuring ERPSv1..............................................................................................................................................1048
10.2.1 Before You Start..................................................................................................................................................1048
10.2.2 Creating an ERPS Ring.......................................................................................................................................1049
10.2.3 Configuring Control VLAN................................................................................................................................1049
10.2.4 Configuring the Mapping Between Protected Instances and VLANs.................................................................1050
10.2.5 Adding Layer 2 Ports to ERPS Ring and Configuring Port Roles......................................................................1051
10.2.6 (Optional) Configuring Timers of an ERPS Ring...............................................................................................1052
10.2.7 (Optional) Configuring the MEL Value of an ERPS Ring..................................................................................1054
10.2.8 Checking the Configurations...............................................................................................................................1054
10.3 Configuring ERPSv2..............................................................................................................................................1055
10.3.1 Before You Start..................................................................................................................................................1056
10.3.2 Configuring an ERPS Ring..................................................................................................................................1057
10.3.3 Configuring the Topology Change Notification Function..................................................................................1060
10.3.4 (Optional) Configuring ERPS Protection Switching...........................................................................................1062
10.3.5 (Optional) Configuring Association Between ERPS and Ethernet CFM............................................................1063
10.3.6 (Optional) Associating an ERPS Interface with Ethernet CFM..........................................................................1064
10.3.7 Checking the Configurations...............................................................................................................................1065
10.4 Maintaining EPRS..................................................................................................................................................1066
10.4.1 Clearing ERPS Statistics.....................................................................................................................................1066
10.5 Configuration Examples.........................................................................................................................................1067
10.5.1 Example for Configuring an ERPS Single Ring.................................................................................................1067
10.5.2 Example for Configuring an ERPS Multi-ring Network.....................................................................................1077
A Glossary....................................................................................................................................1087
B Acronyms and Abbreviations...............................................................................................1094
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xvii
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1
1 MAC Address Table Configuration
MAC Address Table Configuration
About This Chapter
Each workstation or server that is connected to the Ethernet interface on a device has a unique
Medium Access Control (MAC) address. The MAC address table on the device contains the
MAC addresses of all the other devices that are connected to this device. The MAC address table
is used for data forwarding.
1.1 MAC Address Table Introduction
A MAC address table is an interface-based Layer 2 forwarding table. It stores information about
the MAC addresses learned by the device.
1.2 Configuring the MAC Address Table Based on the VLAN and Layer 2 Interface
If user networks are connected through Layer 2 devices and do not forward data through Layer
3 routing, you can configure a MAC address table based on Layer 2 interfaces and VLANs for
data forwarding. Therefore, user networks can communicate with each other.
1.3 Configuring the MAC Address Table Based on the VSI and Layer 3 Interface
If user networks are connected through a Virtual Private LAN Service (VPLS) network, you can
configure a MAC address table based on Layer 3 interfaces and Virtual Switch Instances (VSIs).
Therefore, user networks can communicate with each other.
1.4 Configuring the Aging Time of a MAC Address Table
As network topologies change constantly, a device learns more and more MAC addresses. To
avoid the explosive growth of MAC address entries, you can set a proper aging time to have the
invalid MAC address entries deleted in time.
1.5 Maintaining MAC Address Table
This section provides commands used to maintain MAC address tables, including the command
that is used to delete dynamic MAC address tables.
1.6 Configuring the Usage Threshold for a MAC Address Table
This section describes how to configure the usage threshold for a Media Access Control (MAC)
address table to control the usage of the MAC address table on a device and facilitate device
management.
1.7 Configuration Examples
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
This section lists networking requirements, configuration roadmap, and data preparation to
describe the typical application scenarios of MAC address tables, and provides related
configuration files.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
1.1 MAC Address Table Introduction
A MAC address table is an interface-based Layer 2 forwarding table. It stores information about
the MAC addresses learned by the device.
1.1.1 MAC Address Table Overview
This section briefly describes the basic concept of a MAC address table, modes for generating
MAC address entries, MAC address entry classification, and MAC address-based packet
forwarding.
Basic Concept of a MAC Address Table
Each device maintains a MAC address table. As shown in Table 1-1, a MAC address table is
used to store the MAC addresses, VLAN IDs, and outbound interfaces learned from other
devices. To forward data, the device searches the MAC address table to locate the outbound
interface quickly based on the destination MAC address and VLAN ID in the data frame. This
implementation reduces broadcast traffic.
Table 1-1 MAC address entries
MAC Address
VLAN ID
Outbound Interface
0001-0001-0001
10
GE3/0/1
0011-0022-0034
20
GE2/0/4
1011-0022-0034
30
Eth-Trunk 20
If a destination host is added to multiple VLANs, one MAC address corresponds to multiple
VLAN IDs in the MAC forwarding entries on a switch.
Modes for Generating MAC Address Entries
l
Automatic generation
Usually, a device automatically generates a MAC address table by learning source MAC
addresses. The MAC address table needs to be updated constantly to meet the requirements
of the network changes. The entries automatically generated are not always valid. If the
MAC address entry is not updated before the double aging time expires, the entry will be
deleted. The double aging time is called a lifecycle. If an entry is updated before double
aging time expires, the aging time will be recalculated for the entry.
l
Manual configuration
When a device sets up a MAC address table automatically by learning source MAC
addresses, the system cannot identify whether the packets are sent from authorized users
or hackers, bringing security risks. If hackers disguise the source MAC address of attack
packets as the authorized MAC address and send the attack packets with forged MAC
address to the device through another interface, the device will learn incorrect MAC address
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
entries. As a result, the packets that should be forwarded to authorized users are forwarded
to hackers. To improve interface security, a network administrator can add specific MAC
address entries to the MAC address table to bind the user device to the interface. In this
way, the device can stop the unauthorized users from intercepting data. The configured
MAC address entries take precedence over the automatically generated entries.
Classification of MAC Address Entries
MAC address entries can be classified into dynamic static and blackhole MAC address entries.
l
Dynamic entries
Dynamic entries are learned and stored on interface boards. The dynamic entries expire
and are lost after hot swapping or interface-board resetting, or device rebooting.
l
Static entries
Static entries are configured by users. They are automatically delivered to each interface
board. Static entries do not expire and are not lost after device rebooting, hot swapping, or
interface-board resetting.
l
Blackhole entries
Blackhole entries, configured by users, are used to discard frames containing specified
source and destination MAC addresses. They are delivered to each interface board. The
blackhole entries do not expire and are not lost after device rebooting, hot swapping or
interface-board resetting.
MAC Address-based Packet Forwarding
A device forwards packets in either of the following modes based on MAC address entries:
l
Unicast mode: If the MAC address table contains the entry matching the destination MAC
address of a packet, the device forwards the packet from the outbound interface contained
in the entry.
l
Broadcast mode: If a packet received by a device is a broadcast or a multicast packet, or if
the MAC address table of the device does not contain an entry matching the destination
MAC address of the packet, the device broadcasts the packet to all the interfaces except
the interface that has received the packet.
1.1.2 MAC Addresses Learning Limit Supported by the NE80E/40E
As the capacity of a MAC address table is limited, it is necessary to specify the maximum number
of MAC addresses to be learned and limit the rate at which MAC addresses are learned. In this
manner, you can control the number of access users and prevent malicious users from attacking
user devices and networks through MAC addresses.
For the MAC address learning limit, refer to the HUAWEI NetEngine80E/40E Router
Configuration Guide - Security.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
1.2 Configuring the MAC Address Table Based on the
VLAN and Layer 2 Interface
If user networks are connected through Layer 2 devices and do not forward data through Layer
3 routing, you can configure a MAC address table based on Layer 2 interfaces and VLANs for
data forwarding. Therefore, user networks can communicate with each other.
1.2.1 Before You Start
Before configuring a MAC address table based on Layer 2 interfaces and VLANs, familiarize
yourself with the usage scenario, complete the pre-configuration tasks, and obtain the required
data. This can help you complete the configuration task quickly and accurately.
Applicable Environment
NOTE
The ATM interface cannot be configured on the X1 and X2 models of the NE80E/40E.
Generally, a device automatically creates MAC address tables by learning source addresses.
To enhance the security of an interface, network administrators can manually bind a MAC
address and an interface in the table. This can prevent malicious users with counterfeit MAC
address from logging in to the local device through other switches.
To discard the frames to the specified destination MAC address, configure blackhole entries.
Pre-configuration Tasks
Before configuring the MAC address table based on the VLAN and Layer 2 interface, complete
the following tasks:
l
Create a VLAN.
l
Ensure that the Layer 2 ports in the MAC address entries are added to the VLAN.
l
Ensure that the mapping between the virtual ethernet (VE) interface and the permanent
virtual channel (PVC) of the asynchronous transfer mode (ATM) interface is established
if the outbound interface is a VE interface.
NOTE
For the configuration of the mapping between the VE interface and the PVC of the ATM interface, refer
to the HUAWEI NetEngine80E/40E Router Configuration Guide - WAN Access.
Data Preparation
To configure the MAC address table based on the VLAN and Layer 2 interface, you need the
following data.
Issue 02 (2014-09-30)
No.
Data
1
MAC address, interface type and number, and VLAN ID
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
1.2.2 Configuring MAC Address Entries
To enhance the security of an interface and to prevent the unauthorized users from accessing the
interface, the network administrator can manually configure static MAC address entries and bind
MAC addresses to the interface, or discard the packets with specified destination MAC
addresses. The interface to which the MAC addresses are bound must be a Layer 2 interface,
and must be added to a specified VLAN, or the interface allows the packets with specified VLAN
IDs to pass through.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
mac-address static mac-address interface-type interface-number vlan vlan-id [ cevlan ce-vlan]
MAC address entries are added.
Note the following:
l You can add only unicast MAC addresses rather than multicast MAC addresses or special
MAC addresses to a MAC address table. Special MAC addresses are reserved for special
usage, such as MAC addresses of special packets.
l The interface type can be physical interface such as Ethernet interface and GE interface, or
logical interface such as Eth-Trunk interface and MAC-Tunnel. The interface specified in
the mac-address static command must be an outbound interface for Layer 2 forwarding.
l The vlan-id must be associated with ports. That is, the VLAN contains the port. Alternatively,
this interface allows the VLAN to pass through.
l When ce-vlan is used, it indicates that the interface specified by interface-type interfacenumber is added to the specified VLAN in VLAN mapping mode. The parameter ce-vlan
indicates the exterior VLAN ID in frames received by the port.
l When ce-vlan is not used, it indicates that the interface specified by interface-type interfacenumber is added to the specified VLAN in port default, trunk, or VLAN stacking mode.
l A maximum of 1024 non-dynamic entries can be added.
Step 3 Run:
mac-address blackhole mac-address vlan vlan-id
The blackhole MAC address entry is configured.
----End
Follow-up Procedure
After a board or an interface card is removed, the static MAC address entries configured on its
interfaces are saved as temporary MAC address entries. If the board or interface card is reinserted, the static MAC address entries are restored.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
However, if the board or interface card do not need to be re-inserted, the temporary MAC address
entries are useless and still occupy the MAC address resources of the system. In this situation,
run the undo mac-address temporary command to delete all temporary MAC address entries
in the system.
1.2.3 Configuring MAC Address Entries Based on the Layer 2 VE
Interface
If the interface bound to the MAC address of a user device is a Virtual Ethernet (VE) interface,
you can configure a MAC address table based on Layer 2 VE interfaces. In this manner, the
packets with specific destination MAC addresses are forwarded by specified interfaces.
Context
NOTE
The ATM interface cannot be configured on the X1 and X2 models of the NE80E/40E.
Perform the following steps on the router where the VLAN is created:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
mac-address static mac-address virtual-ethernet interface-number atm interfacenumber pvc { pvc-name [ vpi | vci ] | vpi | vci } vlan vlan-id
MAC address entries are added. Note the following:
l You can add only unicast MAC addresses rather than multicast MAC addresses or special
MAC addresses to a MAC address table. Special MAC addresses are reserved for special
usage, such as MAC addresses of special packets.
l The VE interface must be a switched interface. In addition, the VE interface must be
associated with the VLAN specified by vlan-id. That is, the VLAN contains this VE interface;
or this VE interface is added to VLAN by default.
l The mapping between the VE interface and the permanent virtual channel (PVC) of the
asynchronous transfer mode (ATM) interface is established, and the VE interface is added
to the specified VLAN.
l A maximum of 1024 non-dynamic entries can be added.
----End
1.2.4 Checking the Configurations
After the MAC address table based on Layer 2 interfaces and VLANs is successfully configured,
you can view the destination MAC addresses, outbound interfaces, and MAC address types.
Prerequisites
The MAC address table based on the VLAN and layer 2 interface has been configured.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
Procedure
l
Run the following commands to check information about all MAC address entries.
– Run the display mac-address mac-address [ vlan vlan-id | vsi vsi-name ] [ verbose ]
command.
– Run the display mac-address [ { vlan vlan-id | vsi vsi-name } | interface-type interfacenumber ] * [ verbose ] command.
l
Run the display mac-address blackhole [ vlan vlan-id | vsi vsi-name ] to check information
about black-hole MAC address entries.
l
Run the display mac-address static [ { vlan vlan-id | vsi vsi-name } | interface-type
interface-number ] * [ verbose ] to check information about static MAC address entries.
l
Run the following commands to check information about dynamic MAC address entries.
– Run the display mac-address dynamic [ [ slot ] slot-id | source-slot source-slot-id ]
* [ verbose ] command.
– Run the display mac-address dynamic [ [ slot ] slot-id ] { { vlan vlan-id | vsi vsiname } | interface-type interface-number } * [ verbose ] command.
– Run the display mac-address dynamic [ [ slot ] slot-id ] vsi vsi-name [ peer peer-ip
pw-id pw-id ] [ verbose ] command.
l
Run the display mac-address summary command to check statistic information about
MAC address entries.
----End
Example
Run the display mac-address command. You can view the information about the MAC address,
the outbound interface corresponding to the MAC address, and the MAC address type. For
example:
<HUAWEI> display mac-address
MAC address table of slot 0:
-------------------------------------------------------------------------------MAC Address
VLAN/
PEVLAN CEVLAN Port
Type
LSP/LSR-ID
VSI/SI
MAC-Tunnel
-------------------------------------------------------------------------------0011-2233-4455 abc
1
GE1/0/1.10
static
2/0002-0002-0002 2
GE2/0/1
static
-------------------------------------------------------------------------------Total matching items on slot 0 displayed = 2
MAC address table of slot 1:
-------------------------------------------------------------------------------MAC Address
VLAN/
PEVLAN CEVLAN Port
Type
LSP/LSR-ID
VSI/SI
MAC-Tunnel
-------------------------------------------------------------------------------0000-c102-0104 200
GE1/0/1
dynamic
0000-c102-0105 200
GE1/0/1
dynamic
0000-c102-0102 200
GE1/0/1
dynamic
0000-c102-0106 200
GE1/0/1
dynamic
0000-c102-0103 200
GE1/0/1
dynamic
------------------------------------------------------------------------------Total matching items on slot 1 displayed = 5
Run the display mac-address summary command to display all the statistics of the MAC
address entries. Such as:
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
<HUAWEI> display mac-address summary
------------------------------------------------------------Slot
Total
Blackhole Static Dynamic
------------------------------------------------1
1
0
0
1
2
0
0
0
0
-------------------------------------------------
1.3 Configuring the MAC Address Table Based on the VSI
and Layer 3 Interface
If user networks are connected through a Virtual Private LAN Service (VPLS) network, you can
configure a MAC address table based on Layer 3 interfaces and Virtual Switch Instances (VSIs).
Therefore, user networks can communicate with each other.
1.3.1 Before You Start
Before configuring a MAC address table based on Layer 3 interfaces and VSIs, familiarize
yourself with the usage scenario, complete the pre-configuration tasks, and obtain the required
data. This can help you complete the configuration task quickly and accurately.
Applicable Environment
NOTE
The ATM interface cannot be configured on the X1 and X2 models of the NE80E/40E.
In a Virtual Private LAN Service (VPLS) network, provider edges (PEs) learn MAC addresses.
A PE learns the MAC address of the remote PE through the pseudo wire (PW) and learns the
MAC address of the customer edge (CE) that directly accesses the PE through the Attachment
Circuit (AC). In this manner, the PE automatically establishes the MAC address table.
To improve the network security, configure the mapping between the MAC address of the CE
and the PE interface in the MAC address table of the PE, that is, the static MAC address entries
on the AC side. On the PE, binding a MAC address to an interface can prevent illegal users from
accessing the network.
To discard the frames to the specified destination MAC address, configure blackhole entries.
NOTE
For concepts and configurations in VPLS, refer to the "VPLS Configuration" in the NE80E/40E
Configuration Guide - VPN.
Pre-configuration Tasks
Before configuring the MAC address table based on the virtual switching instance (VSI) and
Layer 3 interface, complete the following tasks:
l
Configure the VPLS and binding the VSI to the outbound interface.
l
Establish the mapping between the VE interface and the PVC of the ATM interface if the
outbound interface is a VE interface.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
l
1 MAC Address Table Configuration
Configure the sub-interface with dot1q termination or QinQ termination or qinq stacking
or vlan-type dot1q if the outbound interface is a sub-interface.
NOTE
l For the configuration of the mapping between the VE interface and the PVC of the ATM interface,
refer to the HUAWEI NetEngine80E/40E Router Configuration Guide - WAN Access.
l For the configuration of dot1q termination or QinQ termination or qinq stacking on a sub-interface,
refer to QinQ Configuration.
Data Preparation
To configure the MAC address table based on the VSI and Layer 3 interface, you need the
following data.
No.
Data
1
VSI name
2
MAC addresses
3
Interface type and number
4
PE VLAN ID
5
CE VLAN ID
1.3.2 Configuring MAC Address Entries
To enhance the security of an interface and to prevent the unauthorized users from connecting
to the interface, the network administrator can manually configure static MAC address entries
and bind MAC addresses to the main interface or sub-interfaces, or discard the packets with
specified destination MAC addresses. An interface that is bound to certain MAC addresses must
be bound to a specified virtual switching instance (VSI).
Context
Perform the following steps on the equipment where the VSI is created:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
mac-address static mac-address interface-type interface-number vsi vsi-name [ pevid pe-vid [ ce-vid ce-vid ] ]
MAC address entries are added.
Note the following:
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
10
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
l You can add only unicast MAC addresses rather than multicast MAC addresses or special
MAC addresses to a MAC address table. Special MAC addresses are reserved for special
usage, such as MAC addresses of special packets.
l The interface type can be Ethernet interface, Ethernet sub-interface, GE interface, GE subinterface, Eth-Trunk interface, or Eth-Trunk sub-interface.
l Ensure that the interface in this command is bound to the VSI specified by vsi-name.
l When pe-vid is used, the interface specified by interface-type interface-number must be a
sub-interface. In addition, this sub-interface must be configured with dot1q termination, qinq
stacking or vlan-type dot1q and bound to the VSI.
NOTE
The parameter pe-vid must be configured when configuring static MAC address entries based on the
sub-interface of qinq stacking, or the traffic would be blocked.
l When pe-vid and ce-vid are used, the interface specified by interface-type interfacenumber must be a sub-interface. In addition, this sub-interface must be configured with QinQ
termination and bound to the VSI.
l A maximum of 1024 non-dynamic entries can be added.
Step 3 Run:
mac-address blackhole mac-address vsi vsi-name
The blackhole MAC address entry is configured.
----End
Follow-up Procedure
After a board or an interface card is removed, the static MAC address entries configured on its
interfaces are saved as temporary MAC address entries. If the board or interface card is reinserted, the static MAC address entries are restored.
However, if the board or interface card do not need to be re-inserted, the temporary MAC address
entries are useless and still occupy the MAC address resources of the system. In this situation,
run the undo mac-address temporary command to delete all temporary MAC address entries
in the system.
1.3.3 Configuring MAC Address Entries Based on the VLANIF
Interface
The PEs that are connected to the virtual private LAN service (VPLS) network are Layer 2
switching devices with Layer 2 interfaces. To enable the packets from the PEs to be transmitted
on the VPLS network, you need to configure VLANIF interfaces, and bind the VLANIF
interfaces to virtual switching instances (VSI) to access the VPLS network. Configuring a MAC
address table based on VLANIF interfaces can prevent unauthorized users from connecting to
the device.
Context
Perform the following steps on the equipment where the VSI is created:
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
mac-address static mac-address interface-type interface-number vlanif interfacenumber vsi vsi-name
MAC address entries are added. Note the following:
l You can add only unicast MAC addresses rather than multicast MAC addresses or special
MAC addresses to a MAC address table. Special MAC addresses are reserved for special
usage, such as MAC addresses of special packets.
l The interface-type can be Ethernet interface, GE interface, or Eth-Trunk interface.
l The interface specified by interface-type interface-number is added to the VLAN
corresponding to the VLANIF interface, and the VLANIF interface is bound to the specified
VSI.
l A maximum of 1024 non-dynamic entries can be added.
Step 3 Run:
mac-address blackhole mac-address { vlan vlan-id | vsi vsi-name
The blackhole MAC address entry is configured.
----End
1.3.4 Checking the Configurations
After the MAC address table based on Layer 3 interfaces and VSIs is successfully configured,
you can view the destination MAC addresses, outbound interfaces, and MAC address types.
Prerequisites
The MAC address table based on the VSI and layer 3 interface has been configured.
Procedure
l
Run the following commands to check information about all MAC address entries.
– Run the display mac-address mac-address [ vlan vlan-id | vsi vsi-name ] [ verbose ]
command.
– Run the display mac-address [ { vlan vlan-id | vsi vsi-name } | interface-type interfacenumber ] * [ verbose ] command.
l
Run the display mac-address blackhole [ vlan vlan-id | vsi vsi-name ] to check information
about black-hole MAC address entries.
l
Run the display mac-address static [ { vlan vlan-id | vsi vsi-name } | interface-type
interface-number ] * [ verbose ] to check information about static MAC address entries.
l
Run the following commands to check information about dynamic MAC address entries.
– Run the display mac-address dynamic [ [ slot ] slot-id | source-slot source-slot-id ]
* [ verbose ] command.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
– Run the display mac-address dynamic [ [ slot ] slot-id ] { { vlan vlan-id | vsi vsiname } | interface-type interface-number } * [ verbose ] command.
– Run the display mac-address dynamic [ [ slot ] slot-id ] vsi vsi-name [ peer peer-ip
pw-id pw-id ] [ verbose ] command.
l
Run the display mac-address summary command to check statistic information about
MAC address entries.
----End
Example
Run the display mac-address command. If information about the MAC address, the outbound
interface corresponding to the MAC address, and the MAC address type is displayed, it means
that the configuration succeeds. For example:
<HUAWEI> display mac-address
MAC address table of slot 0:
-------------------------------------------------------------------------------MAC Address
VLAN/
PEVLAN CEVLAN Port
Type
LSP/LSR-ID
VSI/SI
MAC-Tunnel
-------------------------------------------------------------------------------0011-2233-4455 abc
1
GE1/0/1.10
static
2/0002-0002-0002 2
GE2/0/1
static
-------------------------------------------------------------------------------Total matching items on slot 0 displayed = 2
MAC address table of slot 1:
-------------------------------------------------------------------------------MAC Address
VLAN/
PEVLAN CEVLAN Port
Type
LSP/LSR-ID
VSI/SI
MAC-Tunnel
-------------------------------------------------------------------------------0000-c102-0104 200
GE1/0/1
dynamic
0000-c102-0105 200
GE1/0/1
dynamic
0000-c102-0102 200
GE1/0/1
dynamic
0000-c102-0106 200
GE1/0/1
dynamic
0000-c102-0103 200
GE1/0/1
dynamic
------------------------------------------------------------------------------Total matching items on slot 1 displayed = 5
Run the display mac-address summary command to display all the statistics of the MAC
address entries. Such as:
<HUAWEI> display mac-address summary
------------------------------------------------------------Slot
Total
Blackhole Static Dynamic
-----------------------------------------------1
1
0
0
1
2
0
0
0
0
------------------------------------------------
1.4 Configuring the Aging Time of a MAC Address Table
As network topologies change constantly, a device learns more and more MAC addresses. To
avoid the explosive growth of MAC address entries, you can set a proper aging time to have the
invalid MAC address entries deleted in time.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
13
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
1.4.1 Before You Start
Before configuring the aging time of MAC address entries, familiarize yourself with the usage
scenario, complete the pre-configuration tasks, and obtain the required data. This can help you
complete the configuration task quickly and accurately.
Applicable Environment
After the network topology changes, dynamic MAC entries are not automatically updated in
time. In this case, user traffic cannot be normally forwarded because the device cannot learn the
new MAC address.
Therefore, you need to configure the aging time of dynamic MAC addresses. When the set aging
time expires, dynamic MAC address entries are automatically deleted. The device re-learns
MAC addresses to generate a new dynamic MAC address type.
The aging time is valid only on dynamic MAC address entries.
The configurations in this section are optional.
Pre-configuration Tasks
None
Data Preparation
To configure the aging time of a MAC address table, you need the following data.
No.
Data
1
Aging time
1.4.2 Setting the Aging Time of a MAC Address Table
After the aging time of MAC address entries is configured, the dynamic MAC address entries
are automatically deleted if the aging time expires.
Context
Perform the following steps on all the devices:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
mac-address aging-time seconds
The aging time of a MAC address table is set.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
14
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
In a MAC address table, only dynamic entries age.
The aging time ranges from 60 to 1000000 seconds. The default is 300 seconds.
The aging time 0 means that no MAC address entry is aged.
----End
1.4.3 Checking the Configurations
After the aging time of MAC address entries is successfully configured, you can view
information about the aging time of MAC address entries.
Prerequisites
The aging time of a MAC address table has been configured.
Procedure
Step 1 Run the display mac-address aging-time [ vlan [ vlanid ] | vsi [ name name ] ] command to
check the aging time of MAC address entries.
----End
Example
Run the display mac-address aging-time command. If the aging time of MAC address entries
is displayed, it means that the configuration succeeds. For example:
<HUAWEI> display mac-address aging-time
Aging time: 300 seconds
<HUAWEI> display mac-address aging-time vlan 10
Vlan
Aging Time(sec)
10
100
1.4.4 Configuring Immediate MAC Address Synchronization on
Physical Interfaces
Context
Media Access Control (MAC) address synchronization is applicable to the following usage
scenarios:
l
When pseudo wires (PWs) carry services, each PW is built over two label switched paths
(LSPs) or traffic engineering (TE) tunnels in opposite directions, because PWs are
bidirectional and LSPs and TE tunnels are unidirectional. If the LSPs or TE tunnels reside
on different boards, MAC address entries must be synchronized on the boards. If MAC
address entries are not synchronized, the board that receives traffic can learn the source
MAC address of the traffic, but the board that replies cannot. As a result, return traffic is
lost.
l
When an Eth-Trunk interface whose member interfaces reside on different boards is used
to transmit traffic, MAC address entries must be synchronized on the boards. If MAC
address entries are not synchronized, the board that receives traffic can learn the source
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
15
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
MAC address of the traffic, but the board that replies cannot. As a result, return traffic is
lost.
By default, MAC addresses are synchronized periodically in the system. Specifically, the system
periodically broadcasts and synchronizes the MAC addresses it has learned on all boards.
However, when an inbound interface learns a new MAC address, the system may not be able to
synchronize the MAC address on all boards in time. To address this problem, you can configure
immediate MAC address synchronization on the device so that the system can update MAC
address entries on all boards whenever it learns a new MAC address.
The X1 and X2 models of the NE80E/40E do not support this function.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
mac-address phy-port synchronize enable
Immediate MAC address synchronization on physical interfaces is configured.
----End
1.5 Maintaining MAC Address Table
This section provides commands used to maintain MAC address tables, including the command
that is used to delete dynamic MAC address tables.
1.6 Configuring the Usage Threshold for a MAC Address
Table
This section describes how to configure the usage threshold for a Media Access Control (MAC)
address table to control the usage of the MAC address table on a device and facilitate device
management.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
mac-address-usage threshold threshold [ slot slot-number ]
The usage threshold is configured for a MAC address table.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
16
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
Example
Run the display mac-address-usage command in the user view to view the usage of the MAC
address table.
<HUAWEI> display mac-address-usage
MAC address usage information:
Slot #
Type
Use-Rate Threshold
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 0
MPU
0%
13%
2
LPU
0%
13%
3
LPU
0%
13%
6
LPU
0%
13%
1.6.1 Clearing the Dynamic MAC Address
The NE80E/40E provides two methods of deleting dynamic MAC addresses. You can either use
a command to delete dynamic MAC addresses or wait for the system to delete MAC entries that
have become invalid after interfaces go Down, VLANs are deleted, or VSIs are deleted. In
addition, the NE80E/40E supports the batch deletion of dynamic MAC addresses in a VLAN,
in a VSI, on an interface, on an interface of a VLAN, or on an interface of a VSI.
Context
After the network topology changes, the router's failure to learn new MAC addresses interrupts
the forwarding of user traffic if the dynamic MAC entries are not refreshed in time.
The router needs to provide various entry deletion methods to:
l
Minimize the effect on normal services
l
Promptly delete the invalid MAC entries
l
Release MAC address resources
l
Ensure the generation of new MAC entries
l
To delete the dynamic MAC entries based on a VLAN, run the undo mac-address
dynamic vlan vlan-id command.
l
To delete the dynamic MAC entries based on a VSI, run the undo mac-address
dynamic vsi vsi-name command.
l
To delete the dynamic MAC entries based on a port, run the undo mac-address
dynamic { ethernet | gigabitethernet | eth-trunk } interface-number command.
l
To delete the dynamic MAC entries based on a port in a VLAN, run the undo mac-address
dynamic { ethernet | gigabitethernet | eth-trunk } interface-number vlan vlan-id
command.
l
To delete the dynamic MAC entries based on a port and the VSI, run the undo mac-address
dynamic { ethernet | gigabitethernet | eth-trunk } interface-number vsi vsi-name
command.
Procedure
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
17
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
1.7 Configuration Examples
This section lists networking requirements, configuration roadmap, and data preparation to
describe the typical application scenarios of MAC address tables, and provides related
configuration files.
NOTE
This document takes interface numbers and link types of the NE40E-X8 as an example. In working
situations, the actual interface numbers and link types may be different from those used in this document.
1.7.1 Example for Configuring the MAC Address Table Based on
the Interface and VLAN
In this networking, the network administrator binds MAC addresses of user devices to the access
interface, which can prevent unauthorized users from accessing the network through other
switching devices.
Networking Requirements
A device learns source MAC addresses and then creates a MAC address table. MAC address
learning, however, cannot identify whether the packets are from legal users or hackers, which
brings security risks.
To improve interface security, a network administrator can manually add specific MAC address
entries to the MAC address table. The MAC addresses of user devices and interfaces are then
bound to prevent illegal users from obtaining data.
On the network shown in Figure 1-1, static MAC address entries can be configured to be bound
to interfaces, preventing attacks.
Figure 1-1 Networking diagram of configuring the MAC address table based on the interface
and VLAN
PE
GE1/0/1
GE1/0/2
GE1/0/2
GE1/0/2
CE1
CE2
GE1/0/1
PC2
PC3
GE1/0/1
PC1
VLAN 2
Issue 02 (2014-09-30)
PC4
VLAN 2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
18
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a VLAN on each CE.
2.
Configure interface attributes and associate each interface with the VLAN on each CE and
the PE.
3.
Configure static MAC address entries on the PE, and bind them to interfaces.
Data Preparation
To complete the configuration, you need the following data:
l
User VLAN ID
l
MAC address of each CE
In this example, CE1's MAC address is 0011-2233-44aa, and CE2's MAC address is
0011-2233-44bb.
Procedure
Step 1 Create VLANs.
# Configure CE 1.
<HUAWEI> system-view
<HUAWEI> sysname CE1
[CE1] vlan 2
[CE1-vlan2] quit
# Configure CE 2.
<HUAWEI> system-view
<HUAWEI> sysname CE2
[CE2] vlan 2
[CE2-vlan2] quit
# Configure PE.
<HUAWEI> system-view
<HUAWEI> sysname PE
[PE] vlan 2
[PE-vlan2] quit
Step 2 Configure interface attributes and associate the interface to the VLAN.
# Configure CE 1.
[CE1] interface gigabitethernet 1/0/1
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] portswitch
[CE1-GigabitEthernet1/0/1] port link-type access
[CE1-GigabitEthernet1/0/1] port default vlan 2
[CE1-GigabitEthernet1/0/1] quit
[CE1] interface gigabitethernet 1/0/2
[CE1-GigabitEthernet1/0/2] undo shutdown
[CE1-GigabitEthernet1/0/2] portswitch
[CE1-GigabitEthernet1/0/2] port link-type trunk
[CE1-GigabitEthernet1/0/2] port trunk allow-pass vlan 2
[CE1-GigabitEthernet1/0/2] quit
# Configure CE 2.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
19
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
[CE2] interface gigabitethernet 1/0/1
[CE2-GigabitEthernet1/0/1] undo shutdown
[CE2-GigabitEthernet1/0/1] portswitch
[CE2-GigabitEthernet1/0/1] port link-type access
[CE2-GigabitEthernet1/0/1] port default vlan 2
[CE2-GigabitEthernet1/0/1] quit
[CE2] interface gigabitethernet 1/0/2
[CE2-GigabitEthernet1/0/2] undo shutdown
[CE2-GigabitEthernet1/0/2] portswitch
[CE2-GigabitEthernet1/0/2] port link-type trunk
[CE2-GigabitEthernet1/0/2] port trunk allow-pass vlan 2
[CE2-GigabitEthernet1/0/2] quit
# Configure PE.
[PE] interface gigabitethernet 1/0/1
[PE-GigabitEthernet1/0/1] undo shutdown
[PE-GigabitEthernet1/0/1] portswitch
[PE-GigabitEthernet1/0/1] port link-type trunk
[PE-GigabitEthernet1/0/1] port trunk allow-pass vlan 2
[PE-GigabitEthernet1/0/1] quit
[PE] interface gigabitethernet 1/0/2
[PE-GigabitEthernet1/0/2] undo shutdown
[PE-GigabitEthernet1/0/2] portswitch
[PE-GigabitEthernet1/0/2] port link-type trunk
[PE-GigabitEthernet1/0/2] port trunk allow-pass vlan 2
[PE-GigabitEthernet1/0/2] quit
Step 3 Configure static MAC address entries.
[PE] mac-address static 0011-2233-44aa gigabitethernet 1/0/1 vlan 2
[PE] mac-address static 0011-2233-44bb gigabitethernet 1/0/2 vlan 2
Step 4 Verify the configuration.
# After completing the preceding configurations, run the display mac-address static command
on the PE. The configured static MAC address entries are displayed.
[PE] display mac-address static
MAC address table of slot 1:
------------------------------------------------------------------------------MAC Address
VLAN/
PEVLAN CEVLAN Port
Type
LSP/LSR-ID
VSI/SI
MAC-Tunnel
------------------------------------------------------------------------------0011-2233-44aa 2
GE1/0/1
static
0011-2233-44bb 2
GE1/0/2
static
------------------------------------------------------------------------------Total matching items on slot 1 displayed = 2
----End
Configuration Files
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 2
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type access
port default vlan 2
#
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
20
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 2
#
return
l
Configuration file of PE2
#
sysname CE2
#
vlan batch 2
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type access
port default vlan 2
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 2
#
return
l
Configuration file of PE
#
sysname PE
#
vlan batch 2
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 2
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 2
#
mac-address static 0011-2233-44aa GigabitEthernet1/0/1 vlan 2
mac-address static 0011-2233-44bb GigabitEthernet1/0/2 vlan 2
#
return
1.7.2 Example for Configuring the MAC Address Table Based on
the dot1q Termination Sub-interface and VSI
In a VPLS network, MAC address learning is performed on PEs. A PE automatically sets up a
MAC address table by learning the MAC address of the remote PE through a Pseudo-Wire (PW),
and learning the MAC address of the directly connected CE through an AC. When a PE receives
a user packet with one tag, you need to bind the Dot1q termination sub-interface on the PE to a
VSI to access the VPLS network, and bind the MAC address of the packet to the VSI. This helps
to prevent unauthorized users from accessing the VPLS network.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
21
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
Networking Requirements
As shown in Figure 1-2, in a VPLS networking, PEs are connected to CEs through dot1q
termination sub-interfaces.
On PE1, set the user who accesses PE1 through CE1 and whose MAC address is 0011-2233-4455
as a static MAC entry. This helps to prevent unauthorized users from accessing the VPLS
network.
Figure 1-2 Networking diagram of configuring the MAC address table based on the dot1q
termination sub-interface and VSI
Loopback1
1.1.1.9/32
Loopback1
2.2.2.9/32
POS2/0/0
192.168.1.1/30
PE1
POS1/0/0
192.168.1.2/30
GE1/0/0.1
P
Loopback1
3.3.3.9/32
POS1/0/0
192.168.2.2/30
POS2/0/0
192.168.2.1/30
GE1/0/2
PE2
GE2/0/0.1
GE1/0/2
GE1/0/1 CE1
CE2 GE1/0/1
MAC:0011-2233-4455
PC1
PC2
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure a VPLS network.
2.
Bind the dot1q termination sub-interface to the VSI
3.
Configure static MAC address entries.
Data Preparation
To complete the configuration, you need the following data:
l
MAC address of the user: 0011-2233-4455
l
VSI named ldp1
Procedure
Step 1 Configure IGP on the MPLS backbone network. OSPF is used in this example.
According to Figure 1-2 configure the addresses for the interfaces on PE and P. Configure OSPF
to advertise the addresses of the loopback interfaces on PE1, P, and PE2.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
22
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] interface pos 2/0/0
[PE1-Pos2/0/0] ip address 192.168.1.1 30
[PE1-Pos2/0/0] undo shutdown
[PE1-Pos2/0/0] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.3
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.9 32
[P-LoopBack1] quit
[P] interface pos 1/0/0
[P-Pos1/0/0] ip address 192.168.1.2 30
[P-Pos1/0/0] undo shutdown
[P-Pos1/0/0] quit
[P] interface pos 2/0/0
[P-Pos2/0/0] ip address 192.168.2.1 30
[P-Pos2/0/0] undo shutdown
[P-Pos2/0/0] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.3
[P-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.3
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.9 32
[PE2-LoopBack1] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] ip address 192.168.2.2 30
[PE2-Pos1/0/0] undo shutdown
[PE2-Pos1/0/0] quit
[PE21] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.3
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
After this step, PE1 and PE2 learn the route to the loopback interface of the peer through the
OSPF protocol. PE1 and PE2 can ping through each other.
Take the display on PE1 as an example:
[PE1] display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
23
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
Routing Tables: Public
Destinations : 9
Routes : 9
Destination/Mask
Proto
Pre Cost
Flags NextHop
Interface
1.1.1.9/32
Direct 0
0
D 127.0.0.1
LoopBack1
2.2.2.9/32
OSPF
10
2
D 192.168.1.2
Pos1/0/0
3.3.3.9/32
OSPF
10
3
D 192.168.1.2
Pos1/0/0
192.168.1.0/24
Direct 0
0
D 192.168.1.1
Pos2/0/0
192.168.1.1/32
Direct 0
0
D 127.0.0.1
Pos2/0/0
192.168.1.2/32
Direct 0
0
D 192.168.1.2
Pos1/0/0
192.168.2.0/24
OSPF
10
2
D 192.168.1.2
Pos1/0/0
127.0.0.0/8
Direct 0
0
D 127.0.0.1
InLoopBack0
127.0.0.1/32
Direct 0
0
D 127.0.0.1
InLoopBack0
[PE1] ping 192.168.2.2
PING 192.168.2.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.2.2: bytes=56 Sequence=1 ttl=254 time=200 ms
Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=254 time=60 ms
Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=254 time=90 ms
Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=254 time=90 ms
Reply from 192.168.2.2: bytes=56 Sequence=5 ttl=254 time=90 ms
--- 192.168.2.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 60/106/200 ms
Step 2 Enable the basic MPLS capabilities and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos 2/0/0
[PE1-Pos2/0/0] mpls
[PE1-Pos2/0/0] mpls ldp
[PE1-Pos2/0/0] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface pos 1/0/0
[P-Pos1/0/0] mpls
[P-Pos1/0/0] mpls ldp
[P-Pos1/0/0] quit
[P] interface pos 2/0/0
[P-Pos2/0/0] mpls
[P-Pos2/0/0] mpls ldp
[P-Pos2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] mpls
[PE2-Pos1/0/0] mpls ldp
[PE2-Pos1/0/0] quit
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
24
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
Step 3 Set up the remote LDP session between PEs.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration, the sessions between PE1 and PE2 are set up. Running the display mpls
ldp session command, you can view that the Status field is "Operational".
For example, the following displays the session information on PE1:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
-----------------------------------------------------------------------------Peer-ID
Status
LAM SsnRole SsnAge
KA-Sent/Rcv
-----------------------------------------------------------------------------2.2.2.9:0
Operational DU
Passive 000:00:04
18/18
3.3.3.9:0
Operational DU
Passive 000:00:00
2/2
-----------------------------------------------------------------------------TOTAL: 2 session(s) Found.
LAM : Label Advertisement Mode
SsnAge Unit : DDD:HH:MM
Step 4 Enable MPLS L2VPN on PEs.
# Configure PE1.
[PE1] mpls l2vpn
# Configure PE2.
[PE2] mpls l2vpn
Step 5 Create VSIs and specify LDP as the signaling protocol on VSIs.
# Configure PE1.
[PE1] vsi ldp1 static
[PE1-vsi-ldp1] pwsignal ldp
[PE1-vsi-ldp1-ldq] vsi-id 1
[PE1-vsi-ldp1-ldq] peer 3.3.3.9
[PE1-vsi-ldp1-ldq] quit
[PE1-vsi-ldp1] quit
# Configure PE2.
[PE2] vsi ldp1 static
[PE2-vsi-ldp1] pwsignal ldp
[PE2-vsi-ldp1-ldq] vsi-id 1
[PE2-vsi-ldp1-ldq] peer 1.1.1.9
[PE2-vsi-ldp1-ldq] quit
[PE2-vsi-ldp1] quit
Step 6 Configure the interface mode to user termination.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] mode user-termination
[PE1-GigabitEthernet1/0/0] undo shutdown
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
25
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
[PE1-GigabitEthernet1/0/0] quit
# Configure PE2.
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] mode user-termination
[PE2-GigabitEthernet2/0/0] undo shutdown
[PE2-GigabitEthernet2/0/0] quit
Step 7 Configure the sub-interface for dot1q VLAN tag termination and bind VSIs and AC interfaces.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/0.1
[PE1-GigabitEthernet1/0/0.1] control-vid 1 dot1q-termination
[PE1-GigabitEthernet1/0/0.1] dot1q termination vid 10
[PE1-GigabitEthernet1/0/0.1] l2 binding vsi ldp1
[PE1-GigabitEthernet1/0/0.1] undo shutdown
[PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2.
[PE2] interface gigabitethernet 2/0/0.1
[PE2-GigabitEthernet2/0/0.1] control-vid 1 dot1q-termination
[PE2-GigabitEthernet2/0/0.1] dot1q termination vid 10
[PE2-GigabitEthernet2/0/0.1] l2 binding vsi ldp1
[PE2-GigabitEthernet2/0/0.1] undo shutdown
[PE2-GigabitEthernet2/0/0.1] quit
NOTE
On different sub-interfaces, the vid values cannot overlap.
Step 8 Configure the Layer 2 forwarding function.
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1]interface gigabitethernet 1/0/1
[CE1-GigabitEthernet1/0/1] portswitch
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] quit
[CE1] vlan 10
[CE1-vlan10] port gigabitethernet 1/0/1
[CE1-vlan10] quit
[CE1]interface gigabitethernet 1/0/2
[CE1-GigabitEthernet1/0/2] portswitch
[CE1-GigabitEthernet1/0/2] undo shutdown
[CE1-GigabitEthernet1/0/2] port trunk allow-pass vlan 10
[CE1-GigabitEthernet1/0/2] quit
# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2]interface gigabitethernet 1/0/1
[CE2-GigabitEthernet1/0/1] portswitch
[CE2-GigabitEthernet1/0/1] undo shutdown
[CE2-GigabitEthernet1/0/1] quit
[CE2] vlan 10
[CE2-vlan10] port gigabitethernet 1/0/1
[CE2-vlan10] quit
[CE2]interface gigabitethernet 1/0/2
[CE2-GigabitEthernet1/0/2] portswitch
[CE2-GigabitEthernet1/0/2] undo shutdown
[CE2-GigabitEthernet1/0/2] port trunk allow-pass vlan 10
[CE2-GigabitEthernet1/0/2] quit
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
26
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
Step 9 Configure the MAC address table based on the dot1q termination sub-interface and VSI.
[PE1] mac-address static 0011-2233-4455 gigabitethernet 1/0/0.1 vsi ldp1 pe-vid 10
Step 10 Verify the configuration.
# After completing the preceding configurations, run the display mac-address static command
on the PE1. The configured static MAC address entries are displayed.
[PE1] display mac-address static
MAC address table of slot 1:
-------------------------------------------------------------------------------MAC Address
VLAN/
PEVLAN
CEVLAN
Port
Type
LSP/LSRID
VSI/SI
MAC-Tunnel
-------------------------------------------------------------------------------0011-2233-4455
ldp1
10
GE1/0/0.1
static
-------------------------------------------------------------------------------Total matching items on slot 1 displayed = 1
----End
Configuration Files
l
Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 3.3.3.9
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
mode user-termination
#
interface GigabitEthernet1/0/0.1
undo shutdown
control-vid 1 dot1q-termination
dot1q termination vid 10
l2 binding vsi ldp1
#
interface Pos2/0/0
undo shutdown
ip address 192.168.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 192.168.1.0 0.0.0.3
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
27
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
#
mac-address static 0011-2233-4455 gigabitethernet 1/0/0.1 vsi ldp1 pe-vid 10
#
return
l
Configuration file of P
#
sysname P
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Pos1/0/0
undo shutdown
ip address 192.168.1.2 255.255.255.252
mpls
mpls ldp
#
interface Pos2/0/0
undo shutdown
ip address 192.1168.2.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 192.168.1.0 0.0.0.3
network 192.168.2.0 0.0.0.3
#
return
l
Configuration file of PE2
#
sysname PE2
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 1.1.1.9
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
mode user-termination
#
interface GigabitEthernet2/0/0.1
undo shutdown
control-vid 1 dot1q-termination
dot1q termination vid 10
l2 binding vsi ldp1
#
interface Pos1/0/0
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
28
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
undo shutdown
ip address 192.168.2.2 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 192.168.2.0 0.0.0.3
#
return
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port default vlan 10
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port trunk allow-pass vlan 10
#
return
l
Configuration file of CE2
#
sysname CE2
#
vlan batch 10
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port default vlan 10
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port trunk allow-pass vlan 10
#
return
1.7.3 Example for Configuring the MAC Address Table Based on
the QinQ Termination Sub-interface and VSI
In a VPLS network, MAC address learning is performed on PEs. A PE automatically sets up a
MAC address table by learning the MAC address of the remote PE through a PW, and learning
the MAC address of the directly connected CE through an AC. When a PE receives a user packet
with double tags, you need to bind the QinQ termination sub-interface on the PE to a VSI, connect
the sub-interface to the VPLS network, and bind the MAC address of the packet to the VSI. This
helps to prevent unauthorized users from connecting to the VPLS network.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
29
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
Networking Requirements
As shown in Figure 1-3, in a VPLS networking, PEs are connected to CEs through QinQ
termination sub-interfaces.
On PE1, set the user who accesses PE1 through CE1 and whose MAC address is 0011-2233-4455
as a static MAC entry.
Figure 1-3 Networking diagram of configuring the MAC address table based on the qinq
termination sub-interface and VSI
Loopback1
1.1.1.9/32
POS1/0/0
192.168.2.2/30
POS2/0/0
192.168.1.1/30
PE1
POS1/0/0
192.168.1.2/30
GE1/0/0.1
GE1/0/2
Loopback1
3.3.3.9/32
Loopback1
2.2.2.9/32
P
POS2/0/0
192.168.2.1/30
GE1/0/2
GE1/0/1 Switch1
GE1/0/1.1
10.1.1.1/24
CE1
GE1/0/1
GE1/0/1.1
10.1.1.2
CE2
PC1
MAC:0011-2233-4455
PE2
GE2/0/0.1
Switch2
PC2
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure a VPLS network.
2.
Bind the QinQ termination sub-interface to the VSI
3.
Configure static MAC address entries.
Data Preparation
To complete the configuration, you need the following data:
l
MAC address of the user: 0011-2233-4455
l
VSI named ldp1
Procedure
Step 1 Configure IGP on the MPLS backbone network. OSPF is used in this example.
According to Figure 1-3 configure the addresses for the interfaces on PE and P. Configure OSPF
to advertise the addresses of the loopback interfaces on PE1, P, and PE2.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
30
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] interface pos 2/0/0
[PE1-Pos2/0/0] ip address 192.168.1.1 30
[PE1-Pos2/0/0] undo shutdown
[PE1-Pos2/0/0] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.3
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.9 32
[P-LoopBack1] quit
[P] interface pos 1/0/0
[P-Pos1/0/0] ip address 192.168.1.2 30
[P-Pos1/0/0] undo shutdown
[P-Pos1/0/0] quit
[P] interface pos 2/0/0
[P-Pos2/0/0] ip address 192.168.2.1 30
[P-Pos2/0/0] undo shutdown
[P-Pos2/0/0] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.3
[P-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.3
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.9 32
[PE2-LoopBack1] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] ip address 192.168.2.2 30
[PE2-Pos1/0/0] undo shutdown
[PE2-Pos1/0/0] quit
[PE21] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.3
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
After this step, PE1 and PE2 learn the route to the loopback interface of the peer through the
OSPF protocol. PE1 and PE2 can ping through each other.
Take the display on PE1 as an example:
[PE1] display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
31
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
Routing Tables: Public
Destinations : 9
Routes : 9
Destination/Mask
Proto
Pre Cost
Flags NextHop
1.1.1.9/32
Direct 0
0
D 127.0.0.1
2.2.2.9/32
OSPF
10
2
D 192.168.1.2
3.3.3.9/32
OSPF
10
3
D 192.168.1.2
192.168.1.0/24
Direct 0
0
D 192.168.1.1
192.168.1.1/32
Direct 0
0
D 127.0.0.1
192.168.1.2/32
Direct 0
0
D 192.168.1.2
192.168.2.0/24
OSPF
10
2
D 192.168.1.2
127.0.0.0/8
Direct 0
0
D 127.0.0.1
127.0.0.1/32
Direct 0
0
D 127.0.0.1
[PE1] ping 192.168.2.2
PING 192.168.2.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.2.2: bytes=56 Sequence=1 ttl=254 time=200 ms
Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=254 time=60 ms
Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=254 time=90 ms
Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=254 time=90 ms
Reply from 192.168.2.2: bytes=56 Sequence=5 ttl=254 time=90 ms
--- 192.168.2.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 60/106/200 ms
Interface
LoopBack1
Pos1/0/0
Pos1/0/0
Pos2/0/0
Pos2/0/0
Pos1/0/0
Pos1/0/0
InLoopBack0
InLoopBack0
Step 2 Enable the basic MPLS capabilities and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos 2/0/0
[PE1-Pos2/0/0] mpls
[PE1-Pos2/0/0] mpls ldp
[PE1-Pos2/0/0] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface pos 1/0/0
[P-Pos1/0/0] mpls
[P-Pos1/0/0] mpls ldp
[P-Pos1/0/0] quit
[P] interface pos 2/0/0
[P-Pos2/0/0] mpls
[P-Pos2/0/0] mpls ldp
[P-Pos2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] mpls
[PE2-Pos1/0/0] mpls ldp
[PE2-Pos1/0/0] quit
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
32
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
Step 3 Set up the remote LDP session between PEs.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration, the sessions between PE1 and PE2 are set up. Running the display mpls
ldp session command, you can view that the Status field is "Operational".
For example, the following displays the session information on PE1:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
-----------------------------------------------------------------------------Peer-ID
Status
LAM SsnRole SsnAge
KA-Sent/Rcv
-----------------------------------------------------------------------------2.2.2.9:0
Operational DU
Passive 000:00:04
18/18
3.3.3.9:0
Operational DU
Passive 000:00:00
2/2
-----------------------------------------------------------------------------TOTAL: 2 session(s) Found.
LAM : Label Advertisement Mode
SsnAge Unit : DDD:HH:MM
Step 4 Enable MPLS L2VPN on PEs.
# Configure PE1.
[PE1] mpls l2vpn
# Configure PE2.
[PE2] mpls l2vpn
Step 5 Configure the interface mode to user termination.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] mode user-termination
[PE1-GigabitEthernet1/0/0] undo shutdown
[PE1-GigabitEthernet1/0/0] quit
# Configure PE2.
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] mode user-termination
[PE2-GigabitEthernet2/0/0] undo shutdown
[PE2-GigabitEthernet2/0/0] quit
Step 6 Create VSIs and specify LDP as the signaling protocol on VSIs.
# Configure PE1.
[PE1] vsi ldp1 static
[PE1-vsi-ldp1] pwsignal ldp
[PE1-vsi-ldp1-ldq] vsi-id 1
[PE1-vsi-ldp1-ldq] peer 3.3.3.9
[PE1-vsi-ldp1-ldq] quit
[PE1-vsi-ldp1] quit
# Configure PE12.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
33
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
[PE2] vsi ldp1 static
[PE2-vsi-ldp1] pwsignal ldp
[PE2-vsi-ldp1-ldq] vsi-id 1
[PE2-vsi-ldp1-ldq] peer 1.1.1.9
[PE2-vsi-ldp1-ldq] quit
[PE2-vsi-ldp1] quit
Step 7 Configure the sub-interface for qinq VLAN tag termination and bind VSIs and AC interfaces.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/0.1
[PE1-GigabitEthernet1/0/0.1] control-vid 1 qinq-termination
[PE1-GigabitEthernet1/0/0.1] qinq termination l2 symmetry
[PE1-GigabitEthernet1/0/0.1] qinq termination pe-vid 10 ce-vid 100 to 200
[PE1-GigabitEthernet1/0/0.1] l2 binding vsi ldp1
[PE1-GigabitEthernet1/0/0.1] undo shutdown
[PE1-GigabitEthernet1/0/0.1] quit
# Configure PE21.
[PE2] interface gigabitethernet 2/0/0.1
[PE1-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination
[PE1-GigabitEthernet2/0/0.1] qinq termination l2 symmetry
[PE1-GigabitEthernet2/0/0.1] qinq termination pe-vid 10 ce-vid 100 to 200
[PE2-GigabitEthernet2/0/0.1] l2 binding vsi ldp1
[PE2-GigabitEthernet2/0/0.1] undo shutdown
[PE2-GigabitEthernet2/0/0.1] quit
NOTE
When the qinq termination command is used, the ranges of ce-vid cannot overlap if pe-vid of two subinterfaces is the same.
Step 8 Configure QinQ and set the packets sent from the switch to the PE to carry double tags.
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1]vlan batch 100 to 200
[CE1]interface gigabitethernet 1/0/1.1
[CE1-GigabitEthernet1/0/1.1] undo shutdown
[CE1-GigabitEthernet1/0/1.1] ip address 10.1.1.1 24
[CE1-GigabitEthernet1/0/1.1] vlan-type dot1q 100 200
[CE1-GigabitEthernet1/0/1.1] quit
# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2]vlan batch 100 to 200
[CE2]interface gigabitethernet 1/0/1.1
[CE2-GigabitEthernet1/0/1.1] undo shutdown
[CE2-GigabitEthernet1/0/1.1] ip address 10.1.1.2 24
[CE2-GigabitEthernet1/0/1.1] vlan-type dot1q 100 200
[CE2-GigabitEthernet1/0/1.1] quit
# Configure Switch 1.
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1]interface gigabitethernet 1/0/1
[Switch1-GigabitEthernet1/0/1] portswitch
[Switch1-GigabitEthernet1/0/1] undo shutdown
[Switch1-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[Switch1-GigabitEthernet1/0/1] quit
[Switch1]interface gigabitethernet 1/0/2
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
34
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
[Switch1-GigabitEthernet1/0/2]
[Switch1-GigabitEthernet1/0/2]
[Switch1-GigabitEthernet1/0/2]
[Switch1-GigabitEthernet1/0/2]
1 MAC Address Table Configuration
portswitch
undo shutdown
port vlan-stacking vlan 100 to 200 stack-vlan 10
quit
# Configure Switch 2.
<HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2]interface gigabitethernet 1/0/1
[Switch2-GigabitEthernet1/0/1] portswitch
[Switch2-GigabitEthernet1/0/1] undo shutdown
[Switch2-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[Switch2-GigabitEthernet1/0/1] quit
[Switch2]interface gigabitethernet 1/0/2
[Switch2-GigabitEthernet1/0/2] portswitch
[Switch2-GigabitEthernet1/0/2] undo shutdown
[Switch2-GigabitEthernet1/0/2] port vlan-stacking outside-vlan 100 to 200 stackvlan 10
[Switch2-GigabitEthernet1/0/2] quit
NOTE
If the device does not support the port vlan-stacking command, you can run the commands port linktype dot1q-tunnel and port default vlan to configure QinQ.
Step 9 Configure the MAC address table based on the qinq termination sub-interface and VSI.
[PE1] mac-address static 0011-2233-4455 gigabitethernet 1/0/0.1 vsi ldp1 pe-vid 10
ce-vid 100
Step 10 Verify the configuration.
# View the static MAC address table.
[PE1] display mac-address static
MAC address table of slot 1:
-------------------------------------------------------------------------------MAC Address
VLAN/
PEVLAN
CEVLAN
Port
Type
LSP/LSRID
VSI/SI
MAC-Tunnel
-------------------------------------------------------------------------------0011-2233-4455
ldp1
10
100
GE1/0/0.1
static
-------------------------------------------------------------------------------Total matching items on slot 1 displayed = 1
----End
Configuration Files
l
Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 3.3.3.9
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
35
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
mode user-termination
#
interface GigabitEthernet1/0/0.1
control-vid 1 qinq-termination
qinq termination l2 symmetry
qinq termination pe-vid 10 ce-vid 100 to 200
l2 binding vsi ldp1
#
interface Pos2/0/0
undo shutdown
ip address 192.168.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 192.168.1.0 0.0.0.3
#
mac-address static 0011-2233-4455 gigabitethernet 1/0/0.1 vsi ldp1 pe-vid 10
ce-vid 100
#
return
l
Configuration file of P
#
sysname P
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Pos1/0/0
undo shutdown
ip address 192.168.1.2 255.255.255.252
mpls
mpls ldp
#
interface Pos2/0/0
undo shutdown
ip address 192.1168.2.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 192.168.1.0 0.0.0.3
network 192.168.2.0 0.0.0.3
#
return
l
Configuration file of PE2
#
sysname PE2
#
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
36
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 1.1.1.9
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
mode user-termination
#
interface GigabitEthernet2/0/0.1
control-vid 1 qinq-termination
qinq termination l2 symmetry
qinq termination pe-vid 10 ce-vid 100 to 200
l2 binding vsi ldp1
#
interface Pos1/0/0
undo shutdown
ip address 192.168.2.2 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 192.168.2.0 0.0.0.3
#
return
l
Configuration file of Switch1
#
sysname Switch1
#
vlan batch 10
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port trunk allow-pass vlan 10
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port vlan-stacking vlan 100 to 200 stack-vlan 10
#
return
l
Configuration file of Switch2
#
sysname Switch2
#
vlan batch 10
#
interface GigabitEthernet1/0/1
portswitch
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
37
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
undo shutdown
port trunk allow-pass vlan 10
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port vlan-stacking vlan 100 to 200 stack-vlan 10
#
return
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 100 to 200
#
interface GigabitEthernet1/0/1.1
vlan-type dot1q 100 200
ip address 10.1.1.1 255.255.255.0
#
return
l
Configuration file of CE2
#
sysname CE2
#
vlan batch 100 to 200
#
interface GigabitEthernet1/0/1.1
vlan-type dot1q 100 200
ip address 10.1.1.2 255.255.255.0
#
return
1.7.4 Example for Configuring the MAC Address Table Based on
the VLANIF Interface and VSI
In this networking, Layer 2 switches function as PEs accessing the VPLS network. To enable
the packets from PEs to be transmitted on the VPLS network, you need to configure VLANIF
interfaces, bind the VLANIF interfaces to VSIs, connect the VLANIF interfaces to the VPLS
network, and bind the MAC addresses of the user packets to the VSIs. This helps to prevent
unauthorized users from connecting to the VPLS network.
Networking Requirements
As shown in Figure 1-4, in a VPLS networking, PEs are connected to CEs through a VLANIF
interface.
On PE1, set the user who accesses PE1 through CE1 and whose MAC address is 0011-2233-4455
as a static MAC entry.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
38
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
Figure 1-4 Networking diagram of configuring the MAC address table based on the VLANIF
interface and VSI
Loopback1
1.1.1.9/32
POS1/0/0
192.168.2.2/30
POS2/0/0
192.168.1.1/30
PE1
POS1/0/0
192.168.1.2/30
GE1/0/1
VLANIF10
Loopback1
3.3.3.9/32
Loopback1
2.2.2.9/32
P
PE2
POS2/0/0
192.168.2.1/30
GE2/0/0
VLANIF10
GE1/0/2
GE1/0/2
GE1/0/1 CE1
GE1/0/1 CE2
MAC:0011-2233-4455
PC1
PC2
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure a VPLS network.
2.
Configure a VLAN and create a VLANIF interface.
3.
Bind the VLANIF interface to the VSI.
4.
Configure static MAC address entries.
Data Preparation
To complete the configuration, you need the following data:
l
MAC address of the user PC1
l
GE 1/0/1, an interface in VLAN 10
l
VLANIF 10, an interface on PE1
l
VSI named abc
Procedure
Step 1 Configure IGP on the MPLS backbone network. OSPF is used in this example.
According to Figure 1-4 configure the addresses for the interfaces on PE and P. Configure OSPF
to advertise the addresses of the loopback interfaces on PE1, P, and PE2.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface loopback 1
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
39
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] interface pos 2/0/0
[PE1-Pos2/0/0] ip address 192.168.1.1 30
[PE1-Pos2/0/0] undo shutdown
[PE1-Pos2/0/0] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.3
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.9 32
[P-LoopBack1] quit
[P] interface pos 1/0/0
[P-Pos1/0/0] ip address 192.168.1.2 30
[P-Pos1/0/0] undo shutdown
[P-Pos1/0/0] quit
[P] interface pos 2/0/0
[P-Pos2/0/0] ip address 192.168.2.1 30
[P-Pos2/0/0] undo shutdown
[P-Pos2/0/0] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.3
[P-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.3
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.9 32
[PE2-LoopBack1] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] ip address 192.168.2.2 30
[PE2-Pos1/0/0] undo shutdown
[PE2-Pos1/0/0] quit
[PE21] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.3
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
After this step, PE1 and PE2 learn the route to the loopback interface of the peer through the
OSPF protocol. PE1 and PE2 can ping through each other.
Take the display on PE1 as an example:
[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 9
Routes : 9
Destination/Mask
Issue 02 (2014-09-30)
Proto
Pre
Cost
Flags NextHop
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Interface
40
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
1.1.1.9/32 Direct 0
0
D
127.0.0.1
2.2.2.9/32 OSPF
10
1
D
192.168.1.2
3.3.3.9/32 OSPF
10
2
D
192.168.1.2
127.0.0.0/8
Direct 0
0
D
127.0.0.1
127.0.0.1/32 Direct 0
0
D
127.0.0.1
192.168.1.0/30 Direct 0
0
D
192.168.1.1
192.168.1.1/32 Direct 0
0
D
127.0.0.1
192.168.1.2/32 Direct 0
0
D
192.168.1.2
192.168.2.0/30 OSPF
10
2
D
192.168.1.2
[PE1] ping 192.168.2.2
PING 192.168.2.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.2.2: bytes=56 Sequence=1 ttl=254 time=140
Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=254 time=140
Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=254 time=100
Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=254 time=140
Reply from 192.168.2.2: bytes=56 Sequence=5 ttl=254 time=140
LoopBack1
Pos2/0/0
Pos2/0/0
InLoopBack0
InLoopBack0
Pos2/0/0
Pos2/0/0
Pos2/0/0
Pos2/0/0
ms
ms
ms
ms
ms
--- 192.168.2.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 100/132/140 ms
Step 2 Enable the basic MPLS capabilities and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos 2/0/0
[PE1-Pos2/0/0] mpls
[PE1-Pos2/0/0] mpls ldp
[PE1-Pos2/0/0] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface pos 1/0/0
[P-Pos1/0/0] mpls
[P-Pos1/0/0] mpls ldp
[P-Pos1/0/0] quit
[P] interface pos 2/0/0
[P-Pos2/0/0] mpls
[P-Pos2/0/0] mpls ldp
[P-Pos2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] mpls
[PE2-Pos1/0/0] mpls ldp
[PE2-Pos1/0/0] quit
Step 3 Set up the remote LDP session between PEs.
# Configure PE1.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
41
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
[PE1] mpls ldp remote-peer 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration, the sessions between PE1 and PE2 are set up. Running the display mpls
ldp session command, you can view that the Status field is "Operational".
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
-----------------------------------------------------------------------------PeerID
Status
LAM SsnRole SsnAge
KASent/Rcv
-----------------------------------------------------------------------------2.2.2.9:0
Operational DU
Passive 0000:00:01 8/8
3.3.3.9:0
Operational DU
Passive 0000:00:00 1/1
-----------------------------------------------------------------------------TOTAL: 2 session(s) Found.
Step 4 Enable MPLS L2VPN on PEs.
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
Step 5 Create VSIs and specify LDP as the signaling protocol on VSIs.
# Configure PE1.
[PE1] vsi ldp1 static
[PE1-vsi-ldp1] pwsignal ldp
[PE1-vsi-ldp1-ldq] vsi-id 1
[PE1-vsi-ldp1-ldq] peer 3.3.3.9
[PE1-vsi-ldp1-ldq] quit
[PE1-vsi-ldp1] quit
# Configure PE2.
[PE2] vsi ldp1 static
[PE2-vsi-ldp1] pwsignal ldp
[PE2-vsi-ldp1-ldq] vsi-id 1
[PE2-vsi-ldp1-ldq] peer 1.1.1.9
[PE2-vsi-ldp1-ldq] quit
[PE2-vsi-ldp1] quit
Step 6 # Create VLANIF 10 and bind it to the VSI.
# Configure PE1.
[PE1] vlan 10
[PE1-vlan10] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] undo shutdown
[PE1-GigabitEthernet1/0/1] portswitch
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
42
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
[PE1-GigabitEthernet1/0/1] port default vlan 10
[PE1-GigabitEthernet1/0/1] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] l2 binding vsi ldp1
[PE1-Vlanif10] quit
# Configure PE2.
[PE2] vlan 10
[PE2-vlan10] quit
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] undo shutdown
[PE2-GigabitEthernet2/0/0] portswitch
[PE2-GigabitEthernet2/0/0] port default vlan 10
[PE2-GigabitEthernet2/0/0] quit
[PE2] interface vlanif 10
[PE2-Vlanif10] l2 binding vsi ldp1
[PE2-Vlanif10] quit
After the preceding configuration, run the display vsi name ldp1 verbose command on PE1.
you can find that PWs to PE2 and PE3 are set up on the VSI named ldp1. The VSI status is Up.
Take the display on PE1 as an example:
[PE1] display vsi name ldp1 verbose
***VSI Name
Administrator VSI
Isolate Spoken
VSI Index
PW Signaling
Member Discovery Style
PW MAC Learn Style
Encapsulation Type
MTU
Diffserv Mode
Service Class
Color
DomainId
Domain Name
Ignore AcState
Create Time
VSI State
Resource Status
VSI ID
*Peer Router ID
VC Label
Peer Type
Session
Tunnel ID
Broadcast Tunnel ID
CKey
NKey
StpEnable
PwIndex
Interface Name
State
Last Up Time
Total Up Time
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
ldp1
no
disable
0
ldp
static
unqualify
vlan
1500
uniform
--255
:
:
:
:
:
:
:
:
:
:
:
1
3.3.3.9
1026
dynamic
up
0x1000005
0x1000005
2
1
0
0
:
:
:
:
Vlanif10
up
2010/05/06 19:15:24
0 days, 0 hours, 0 minutes, 33 seconds
disable
0 days, 0 hours, 3 minutes, 48 seconds
up
Valid
**PW Information:
*Peer Ip Address
PW State
Local VC Label
Issue 02 (2014-09-30)
: 3.3.3.9
: up
: 1026
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
43
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Remote VC Label
PW Type
Tunnel ID
Broadcast Tunnel ID
Ckey
Nkey
Main PW Token
Slave PW Token
Tnl Type
OutInterface
Stp Enable
Mac Flapping
PW Last Up Time
PW Total Up Time
:
:
:
:
:
:
:
:
:
:
:
:
:
:
1 MAC Address Table Configuration
1026
label
0x1000005
0x1000005
0x2
0x1
0x1000005
0x0
LSP
Pos2/0/0
0
0
2010/05/06 19:15:24
0 days, 0 hours, 0 minutes, 17 seconds
Step 7 Configure a MAC address table based on VLANIF 10 and VSI.
[PE1] mac-address static 0011-2233-4455 gigabitethernet 1/0/1 vlanif 10 vsi ldp1
Step 8 Configure the basic Layer 2 forwarding function on CEs.
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1]vlan 10
[CE1-vlan10] quit
[CE1]interface gigabitethernet 1/0/1
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] portswitch
[CE1-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet1/0/1] quit
[CE1]interface gigabitethernet 1/0/2
[CE1-GigabitEthernet1/0/2] undo shutdown
[CE1-GigabitEthernet1/0/2] portswitch
[CE1-GigabitEthernet1/0/2] port trunk allow-pass vlan 10
[CE1-GigabitEthernet1/0/2] quit
# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2]vlan 10
[CE2-vlan10] quit
[CE2]interface gigabitethernet 1/0/1
[CE2-GigabitEthernet1/0/1] undo shutdown
[CE2-GigabitEthernet1/0/1] portswitch
[CE2-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[CE2-GigabitEthernet1/0/1] quit
[CE2]interface gigabitethernet 1/0/2
[CE2-GigabitEthernet1/0/2] undo shutdown
[CE2-GigabitEthernet1/0/2] portswitch
[CE2-GigabitEthernet1/0/2] port trunk allow-pass vlan 10
[CE2-GigabitEthernet1/0/2] quit
Step 9 Verify the configuration.
# View the static MAC address table.
[PE1] display mac-address static
MAC address table of slot 0:
------------------------------------------------------------------------------MAC Address
VLAN/
PEVLAN CEVLAN Port
Type
LSP/LSR-ID
VSI/SI
MAC-Tunnel
------------------------------------------------------------------------------0011-2233-4455 ldp1
10
GE1/0/1
static
-
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
44
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
------------------------------------------------------------------------------Total matching items on slot 0 displayed = 1
----End
Configuration Files
l
Configuration file of PE1
#
sysname PE1
#
vlan batch 10
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 3.3.3.9
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
undo remote-ip pwe3
#
interface Vlanif10
l2 binding vsi ldp1
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port default vlan 10
#
interface Pos2/0/0
link-protocol ppp
ip address 192.168.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 192.168.1.0 0.0.0.3
#
mac-address static 0011-2233-4455 GigabitEthernet1/0/1 Vlanif10 vsi ldp1
#
return
l
Configuration file of P
#
sysname P
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Pos1/0/0
link-protocol ppp
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
45
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
ip address 192.168.1.2 255.255.255.252
mpls
mpls ldp
#
interface Pos2/0/0
link-protocol ppp
ip address 192.168.2.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 192.168.1.0 0.0.0.3
network 192.168.2.0 0.0.0.3
#
return
l
Configuration file of PE2
#
sysname PE2
#
vlan batch 10
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 1.1.1.9
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
undo remote-ip pwe3
#
interface Vlanif10
l2 binding vsi ldp1
#
interface GigabitEthernet2/0/0
portswitch
undo shutdown
port default vlan 10
#
interface Pos1/0/0
link-protocol ppp
ip address 192.168.2.2 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 192.168.2.0 0.0.0.3
#
return
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
46
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
l
1 MAC Address Table Configuration
Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface GigabitEthernet1/0/1
portswitch
port trunk allow-pass vlan 10
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port trunk allow-pass vlan 10
#
return
l
Configuration file of CE2
#
sysname CE2
#
vlan batch 10
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port trunk allow-pass vlan 10
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port trunk allow-pass vlan 10
#
return
1.7.5 Example for Configuring the MAC Address Table Based on
the VLAN and Layer 2 VE Interface
In this networking, the outbound interfaces in the MAC address table are VE interfaces. Before
you configure a MAC address table based on Layer 2 VE interfaces and VLANs, the Layer 2
VE interfaces must have already been added to the specified VLANs, and the mappings between
the VE interfaces and the PVCs on ATM interfaces must be configured.
Networking Requirements
NOTE
The ATM interface cannot be configured on the X1 and X2 models of the NE80E/40E.
NOTE
MAC address entries based on the VE interface can be configured only on the ATM interfaces of the ATM
flexible plug-in card.
As shown in Figure 1-5, the hosts in two Ethernet networks are connected to the Digital
Subscriber Line Access Multiplexer (DSLAM) through Router ADSL and access the ATM
network through Router C.
The specific networking is as follows:
l
Issue 02 (2014-09-30)
The VE interface on Router C is added to VLAN 100.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
47
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
l
Configure an IP address for VLANIF 100 that acts as a gateway.
l
The virtual path identifiers (VPIs) or virtual channel identifiers (VCIs) of the two PVCs
through which Router C is connected to the DSLAM are 0/60 and 0/61 respectively. The
two PVCs are connected to ADSL Router A and ADSL Router B respectively.
Workstation A accesses Router C in ATM 1483B mode. On Router C, configure the MAC
address entry of workstation A to be the static MAC address entry. In this manner, the MAC
address entry of workstation A cannot be aged.
Figure 1-5 Networking diagram of configuring the MAC address table based on the VLAN and
Layer 2 VE interface
workstation A
MAC:00e0-3344-5566
ADSL router A
Ethernet
workstation B
DSLAM
server
workstation C
server
Ethernet
router C
To ADSL router A:0/60
To ADSL router B:0/61
Interface:Virtual-ethernet1/0/0
ADSL router B
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a VE interface and switch it to a Layer 2 interface.
2.
Create a VLAN and add the VE interface to the VLAN.
3.
Enter the ATM interface and create PVCs.
4.
Establish the mapping between the PVC and VE interface.
5.
Configure static MAC address entries.
Data Preparation
To complete the configuration, you need the following data:
l
MAC address of workstation A: 00e0-3344-5566
l
VLAN ID of 100
l
VE 1/0/0
l
ATM 1/0/0
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
48
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
l
PVC named to_adsl_a
l
VPI/VCI of the PVC network: 0/60 and 0/61
1 MAC Address Table Configuration
Procedure
Step 1 Create VE 1/0/0 and switch it to a Layer 2 interface.
<HUAWEI> system-view
[HUAWEI] sysname Router C
[Router C] interface virtual-ethernet 1/0/0
[Router C-Virtual-Ethernet1/0/0] undo shutdown
[Router C-Virtual-Ethernet1/0/0] portswitch
[Router C-Virtual-Ethernet1/0/0] quit
Step 2 Create VLAN 100 and add VE 1/0/0 to VLAN 100.
[Router C] vlan 100
[Router C-vlan100] port virtual-ethernet 1/0/0
[Router C-vlan100] quit
Step 3 Create a PVC and associate the VPI/VCI of 0/60 in the ATM network with VE 1/0/0.
[Router
[Router
[Router
[Router
[Router
[Router
C] interface atm 1/0/0
C-Atm1/0/0] undo shutdown
C-Atm1/0/0] pvc to_adsl_a 0/60
C-atm-pvc-Atm1/0/0-0/60-to_adsl_a] map bridge virtual-ethernet 1/0/0
C-atm-pvc-Atm1/0/0-0/60-to_adsl_a] quit
C-Atm1/0/0] quit
Step 4 Configure static MAC address entries.
[Router C] mac-address static 00e0-3344-5566 virtual-ethernet 1/0/0 atm 1/0/0 pvc
to_adsl_a 0/60 vlan 100
Step 5 Verify the configuration.
Run the display mac-address static command. If information about MAC address entries is
displayed, it means that the configuration succeeds. For example:
<Router C> display mac-address static
MAC Address
VLAN/
PEVLAN
CEVLAN
Port
Type
LSP/LSRID
VSI/SI
MACTunnel
--------------------------------------------------------------------------------00e0-3344-5566
100
VE1/0/0
static
Total matching items displayed = 1
----End
Configuration Files
#
sysname Router C
#
vlan batch 100
#
interface Atm1/0/0
undo shutdown
pvc to_adsl_a 0/60
map bridge Virtual-Ethernet1/0/0
#
interface Virtual-Ethernet1/0/0
undo shutdown
portswitch
port default vlan 100
#
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
49
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
mac-address static 00e0-3344-5566 Virtual-Ethernet1/0/0 Atm1/0/0 pvc 0/60 vlan 100
return
1.7.6 Example for Configuring the MAC Address Table Based on
the Interface and VSI
You can configure a static MAC address table based on an interface of a VSI and set the aging
time for dynamic MAC entries.
Networking Requirements
For an existing user, MAC address is 0011-2233-4455, VSI name is vsi2 and the port is GE
1/0/0.
Set this entry as static to prevent it from aging and set the aging time of other dynamic entries
as 500 seconds.
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a VSI, and then configure port to join the VSI.
2.
Configure the static address entry.
3.
Configure the aging time.
Data Preparation
To complete the configuration, you need the following data:
l
MAC address: 0011-2233-4455
l
VSI name and the interface
l
Aging time
Procedure
Step 1 Create vsi2 and configure interface GE 1/0/0 to join the vsi.
Step 2 Configure static MAC address entries.
[HUAWEI] mac-address static 0011-2233-4455 gigabitethernet 1/0/0 vsi2
Step 3 Set the aging time of dynamic entries to 500 seconds.
[HUAWEI] mac-address aging-time 500
Step 4 Verify the configuration.
# View the aging time of the dynamic MAC address table.
[HUAWEI] display mac-address aging-time
Aging time: 500 seconds
----End
Configuration Files
#
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
50
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1 MAC Address Table Configuration
sysname HUAWEI
#
mac-address aging-time 500
#
mac-address static 0011-2233-4455 GigabitEthernet1/0/0 vsi 2
#
return
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
51
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2
2 Ethernet Interface Configuration
Ethernet Interface Configuration
About This Chapter
Being flexible, simple, and easy to implement, the Ethernet becomes the most important LAN
networking technology.
2.1 Ethernet Interface Introduction
Ethernet interfaces include traditional Ethernet interfaces, Fast Ethernet (FE) interfaces, Gigabit
Ethernet (GE) interfaces.
2.2 Configuring Ethernet Interfaces of the Interface Board
You can configure Ethernet interfaces on the Interface Boards to ensure correct physical
connections between NE80E/40Es.
2.3 Configuring Ethernet Interfaces of the SRU
By configuring an Ethernet interface on an MPU, you can connect the NE80E/40E to a network
management system (NMS) for management.
2.4 Configuring Ethernet Interfaces Layer 2 Parameters
After an Ethernet interface is configured with Layer 2 attributes, it can access a device or directly
forward Ethernet frames on a Layer 2 network. Layer 2 attributes define link layer information
of Ethernet interfaces.
2.5 Configuring SmartLink Flush Function
Some Layer 2 devices in the network support the Smart Link function. By default, Huawei data
communication devices do not process the SmartLink flush packets sent from these Layer 2
devices. To enable the communication between the Huawei devices and the devices of other
vendors, you need to configure the SmartLink Flush function on Huawei data communication
devices.
2.6 Configuring the Alarm Function on an Ethernet Interface
If a large number of alarms are generated on a link, the system is busy dealing with various
alarms and the system performance is therefore degraded. To solve this problem, you can enable
the alarm function on an interface.
2.7 Maintaining Ethernet Interfaces
The commands related to Ethernet interfaces can be used to locate the faults on an Ethernet
interface.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
52
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
2.8 Configuration Examples
This section lists the networking requirements, configuration roadmap, and data preparation to
describe the typical application scenarios of Ethernet interfaces, and provides related
configuration files.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
53
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
2.1 Ethernet Interface Introduction
Ethernet interfaces include traditional Ethernet interfaces, Fast Ethernet (FE) interfaces, Gigabit
Ethernet (GE) interfaces.
2.1.1 Introduction
There are two types of Ethernet interfaces, namely, Fast Ethernet (FE) interfaces and Gigabit
Ethernet (GE) interfaces. Ethernet interfaces support both the half duplex mode and the full
duplex mode and can work in auto-negotiation mode.
The Ethernet is one of the most important types of Local Area Network (LAN).
The Ethernet is flexible, simple, and easy to be deployed. Therefore, it is the most important
LAN networking technology.
The interface board of the NE80E/40E supports the Ethernet interfaces such as the 10M/100M/
1000M auto-sense Ethernet electrical interface, 100M Ethernet optical interface, GE optical
interface, GE/FE optical/electrical interface, 10GE optical interface (LAN), and 10GE optical
interface (WAN).
MPU/SRU supports the 10M/100M/1000M auto-sense Ethernet electrical interface.
l
Traditional Ethernet interface: It complies with 10Base-T specifications, and can work at
the speed of 10 Mbit/s.
l
Fast Ethernet (FE) interface: It complies with 100Base-TX specifications and is compatible
with 10Base-T specifications.
l
Gigabit Ethernet (GE) interface: It complies with 1000Base-TX specifications, and is
compatible with 10Base-T and 100Base-TX specifications.
The GE/FE optical/electrical interface has the following functions:
l
Provides the functions of a GE optical interface by the GE optical module plugged into the
interface.
l
Provides the functions of an FE optical interface by the FE optical module plugged into the
interface.
l
Provides the functions of a 10M/100M/1000M auto-sensing electrical interface by the
electrical module plugged into the interface.
Ethernet electrical interfaces can work in either the full-duplex mode or the half-duplex mode.
They support auto-negotiation. In the auto-negotiation mode, they negotiate with other network
devices for the most suitable working mode and speed. This simplifies system configuration and
management.
NOTE
This chapter explains the configuration of the FE and GE interfaces. The configuration of traditional
Ethernet interface is simple and similar to that of the fast Ethernet interface.
2.1.2 Features of Ethernet Interfaces Supported by the NE80E/40E
In a LAN, an Ethernet interface can transmit Layer 2 and Layer 3 services according to different
interface attributes. An Ethernet interface has both Layer 2 and Layer 3 attributes.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
54
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
Ethernet Sub-interface
You can create the sub-interface on an Ethernet main interface. LAN interfaces that can be
configured with sub-interfaces include the following types:
l
Ethernet interfaces
l
GE interfaces
l
Eth-Trunk interfaces
The NE80E/40E supports the configuration of sub-interfaces on both the Layer 3 Ethernet
interface and the Layer 2 Ethernet interface. After Ethernet sub-interfaces are encapsulated with
802.1Q and associated with the VLAN, the VLAN can communicate with devices out of the
VLAN through Ethernet sub-interface. An Ethernet sub-interface can associate with one VLAN.
The Ethernet sub-interface is also applied to dot1q termination and QinQ termination mode. For
details about the principle, see the chapter QinQ Configuration.
Besides the preceding applications, the Layer 2 Ethernet sub-interface can transmit the Layer 2
and Layer 3 services simultaneously on one physical link. As shown in Figure 2-1, the Universal
Media Gateway (UMG) is dual-homed to two PEs. PE1 and PE2 run VRRP. A layer 2 link is
required between PE1 and PE2 to prevent the route change when the UMG active/standby
switchover is performed.
At the same time, the TE tunnel is required between PE1 and remote PE3. The active TE tunnel
is PE1 to P1 to PE3 and the standby TE tunnel is PE1 to PE2 to P2 to PE3. A Layer 3 link is
required between PE1 and PE2 to configure the Layer 3 service and TE tunnel.
When a single physical link exists between PE1 and PE2, The Layer 2 Ethernet sub-interface is
applicable. That is, a Layer 2 Ethernet sub-interface can be set up for the implementation of
MPLS TE functions.
Then, the Layer 2 primary interface can send VRRP packets as usual. Moreover, the route does
not change because of the active/standby switchover.
Figure 2-1 Typical application of a Layer 2 Ethernet sub-interface (VRRP + TE tunnel)
PE2
P2
el
nn
Tu up)
TE ack
(B
VRRP
nnel
TE Tu
(Main)
PE3
UMG8900
PE1
Issue 02 (2014-09-30)
P1
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
55
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
Handling the SmartLink Flush Packet
The Smart Link is a function supported by non-Huawei switches. The Smart Link adopts dual
uplinks or downlinks to realize redundancy backup by active/standby switchover, and the
switchover of Layer 2 traffic between the active link and standby link. To ensure that the Smart
Link function can take effect on theses non-Huawei switches, Huawei data communication
devices must be capable of recognizing and handling SmartLink Flush packets. In Figure 2-2
and Figure 2-3, Router A, Router B, and Router C are Huawei data communication devices,
and the Switch is a non-Huawei switch that supports Smart Link function.
The ports of Router A, Router B, and Router C are working on Layer 2 and enable SmartLink
Flush packets to be processed.
Figure 2-2 Schematic diagram of the Smart Link in the normal state
Backbone
network
RouterC
RouterA
RouterB
Inactive link
Active link
Switch
Link
Data flow
As shown in Figure 2-2, the switch enables the Smart Link function with two uplinks, namely,
an active link and a standby link. The active and standby links constitute the Smart Link Group,
namely, a backup link group. Normally, the Layer 2 traffic flows to backbone network through
active link. The standby link is blocked by Switch and cannot forward the traffic.
If the active link fails, the traffic will quickly switch to the standby link, through which the traffic
flows to backbone network as shown in Figure 2-3.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
56
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
Figure 2-3 Schematic diagram in which the active Smart link fails
Backbone
network
RouterC
RouterA
RouterB
Inactive link
Active link
Switch
Link
Data flow
SmartLink flush
When the active link fails, the Switch unblocks the standby link and at the same time, sends
SmartLink Flush packets to notify other devices on the network to delete dynamic MAC and
ARP entries.
The SmartLink Flush packet contains the control VLAN ID and all IDs of the VLANs whose
packets are permitted on the Switch port that connects the active link. Through the control
VLAN, the SmartLink Flush packets are transmitted in the control VLAN only. All VLAN IDs
that are permitted passing the active link port are used to indicate the VLAN whose dynamic
MAC and ARP entries need to be deleted.
Router B processes SmartLink Flush packets as follows:
1.
Compare the control VLAN ID of the port that receives the SmartLink Flush packet with
the VLAN ID contained in the SmartLink Flush packet.
l If they are the same, Router B deletes the dynamic MAC and ARP entries of the VLAN
according to VLAN data contained in the SmartLink Flush packet.
l If they are different, the packet is directly forwarded.
2.
Router B broadcasts SmartLink Flush packets within the control VLAN.
After receiving SmartLink Flush packets, Router A and Router C process packets in the
same way as Router B.
By now, Router A, Router B, and Router C have deleted the dynamic MAC and ARP entries
before the active link fails. When the downstream traffic of the backbone network reaches
Router C, Router C forwards the Layer 2 traffic to Router B according to the refreshed
MAC and ARP entries.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
57
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
On Smart Link networking, after the active link returns to the normal state, to keep the
stable traffic, the traffic does not switch back to the active link voluntarily.
2.2 Configuring Ethernet Interfaces of the Interface Board
You can configure Ethernet interfaces on the Interface Boards to ensure correct physical
connections between NE80E/40Es.
2.2.1 Before You Start
Before configuring Ethernet interfaces, familiarize yourself with the usage scenario, complete
the pre-configuration tasks, and obtain the required data. This can help you complete the
configuration task quickly and accurately.
Applicable Environment
When configuring an Ethernet interface, you must assign an IP address to it. For other
parameters, you can use default values. If you have to change them, keep them consistent with
the peer device.
When a router has the function of the Layer 2 switch and the function is in use, you need to
configure the Layer 2 parameters of the Ethernet interface.
NOTE
For the application of the Layer 2 features, refer to "VLAN Configuration" and "MSTP Configuration" in
this manual.
Pre-configuration Tasks
None
Data Preparation
To configure an Ethernet interface, you need the following data.
No.
Data
1
Interface number
2
IP address and mask of the Ethernet interface
3
MTU of the Ethernet interface
2.2.2 Configuring the MTU of an Ethernet Interface
The Maximum Transfer Unit (MTU), which is expressed in bytes, is closely associated with the
link layer protocol. The MTU varies according to the network type. Correctly configuring MTUs
is a prerequisite to network communication.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
58
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
Context
Perform the following steps on each router:
Procedure
l
Configuring the IPv4 MTU
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface { ethernet | gigabitethernet } interface-number
The Ethernet interface view is displayed.
3.
Run:
mtu mtu
TheIPv4 MTU of the Ethernet interface is configured.
The MTU is expressed in bytes. The MTU range of Ethernet interfaces depends on
devices. By default, the MTU is 1500 bytes.
NOTICE
If IPv6 is run on an Ethernet interface and the MTU set by using the mtu command
on the interface is smaller than 1280 bytes, IPv6 works abnormally on this interface.
To avoid this situation, when IPv6 is run on an Ethernet interface, set the MTU of the
interface to a value greater than or equal to 1280.
l
Configuring the IPv6 MTU
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface { ethernet | gigabitethernet } interface-number
The Ethernet interface view is displayed.
3.
Run:
ipv6 enable
The IPv6 is enabled in this interface.
4.
Run:
ipv6 mtu mtu
The IPv6 MTU of the Ethernet interface is configured.
The MTU is measured in bytes. The MTU range of Ethernet interfaces depends on
physical devices.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
59
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
By default, MTU is 1500 bytes.
----End
2.2.3 Configuring the Working Mode of an Ethernet Interface
There are two working modes at the physical layer of an Ethernet network, namely, half duplex
mode and full duplex mode. Correctly configuring working modes for Ethernet electrical
interfaces is a prerequisite to network communication.
Context
Perform the following steps on each interface of the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface { ethernet | gigabitethernet } interface-number
The Ethernet interface view is displayed.
Step 3 Perform the following as required:
l Run the duplex { full | half | auto } command to configure the working mode of the interface.
l Run the negotiation auto command to configure the working mode of the interface to be the
auto-negotiation mode.
NOTE
l Ethernet optical interfaces can work only in the full-duplex mode.
l When connected to a Hub, Ethernet electrical interfaces of a router must work in half-duplex mode.
When connected to a LAN Switch, the interfaces can work in either full-duplex mode or half-duplex
mode only if the mode is consistent with that on the peer device.
l The speed of 1000 Mbit/s and the half-duplex mode cannot be configured simultaneously on a GE
electrical interface.
l When a GE electrical interface works in auto-negotiation mode and at a rate of 1000 Mbit/s, you cannot
set the simplex or duplex mode for the interface or delete the auto-negotiation mode
l When a GE electrical interface works at a rate of 10 Mbit/s or 100 Mbit/s, you can set the simplex or
duplex mode, and auto-negotiation mode for the interface.
l If the auto-negotiation mode is enabled on the GE optical interface, the two connected ends must enable
the auto-negotiation mode.
l Interfaces on the 24-Port 1000Base-X-SFP Flexible Card E(P51-E) subcard can work only in the fullduplex mode.
----End
2.2.4 Configuring the Speed of an Ethernet Electrical Interface
Ethernet electrical interfaces working at different speeds transmit different volumes of data
during the same period of time. Correctly configuring speeds of Ethernet electrical interfaces is
a prerequisite to network communication.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
60
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
Context
The speed of electrical interfaces needs to be set; while that of optical interface need not be set.
Perform the following steps on each router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface { ethernet | gigabitethernet } interface-number
The interface view is displayed.
Step 3 Run:
speed { 10 | 100 | 1000 | auto }
The speed on the Ethernet interface is configured.
NOTE
By default, GE electrical interfaces work at a rate of 1000 Mbit/s and in auto-negotiation mode. You can
manually change the rate if you can ensure that the rate of the local interface is the same as that of the
remote interface. When a GE electrical interface works at 10 Mbit/s or 100 Mbit/s or 1000 Mbit/s, the autonegotiation mode is deleted.
----End
2.2.5 Configuring the GE/FE Optical/Electrical Interface
Generally, the NE80E/40E sets an Ethernet interface to an optical or electrical interface based
on the interface module's type. If the NE80E/40E cannot identify an interface module, you need
to manually set the interface to the optical or electrical mode.
Context
Perform the following steps on each router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface { ethernet | gigabitethernet } interface-number
The Ethernet interface view is displayed.
Step 3 Run:
port-type { copper | fiber-100 | fiber-1000 }
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
61
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
The interface type is set.
Once the SFP module is identified, the system can automatically set the interface type according
to the type of the SFP module. No configuration is required.
NOTE
l When an SFP module is being replaced, the configurations such as the loopback test, interface speed,
auto-negotiation mode, and duplex mode on the interface are all restored to default ones. You need to
reconfigure them on the interface.
l After the port-type command is run, the configurations such as the loopback test, interface speed, autonegotiation mode, and duplex mode on the interface are all restored to default ones. You need to
reconfigure them on the interface.
l The parameter copper can be configured in the port-type command only when an optical/electrical
SFP module is installed.
l fiber-100 cannot be set for interfaces on the 24-Port 1000Base-X-SFP Flexible Card E(P51-E) subcard.
----End
2.2.6 Configuring the LAN/WAN Transmission Mode for a 10 GE
Interface
The 10G XFP multi-mode optical transceiver works in either LAN or WAN mode. You can set
a proper mode as required.
Context
Perform the following steps on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface gigabitethernet interface-number
The view of the 10 GE interface is displayed.
Step 3 Run:
shutdown
The interface is shut down.
Step 4 Run:
set transfer-mode { lan | wan | otn }
The transmission mode is configured for the 10 GE interface.
The transmission mode of the 10GE LAN/WAN/OTN interface on the local end and that on the
remote end must be consistent.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
62
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
The default interface transmission mode is OTN for an OTN subcard (12-port OTU2-SFP+
flexible card or 6-port OTU2-SFP+ flexible card). This command enables you to switch an OTN
subcard from the OTN mode to the LAN mode.
Step 5 Run:
undo shutdown
The interface is started.
NOTE
Before configuring the transmission mode of an interface to WAN or LAN, you need to shut down the
interface and clear all configurations except ip address.
----End
2.2.7 Configuring Remote-Fault Fast Detection
Context
Some 10 GE LAN interfaces do not support the remote-fault interruption function. Therefore,
a mechanism is used to ensure that 10 GE LAN interfaces can rapidly detect the fault on the
remote end.
Perform the following operations on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
slot slot-id
The specified slot view is displayed.
Step 3 Run:
interface remote-fault fastfeeling
The remote-fault fast detection function is configured on the 10 GE LAN interfaces in the
specified slot.
----End
2.2.8 Configuring Overhead Bytes of the 10GE WAN Interface
The Synchronous Optical Network/Synchronous Digital Hierarchy (SONET/SDH) provides
various overhead bytes to implement monitoring functions in different hierarchies.
Context
The 10GE WAN LPU shall adapt SDH/SONET during the packet processing. Therefore, the
interface need configure the flag parameters.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
63
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
Perform the following steps on the routers:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface gigabitethernet interface-number
The 10GE interface view is displayed.
Step 3 To configure the overhead bytes of the 10GE WAN interface, choose the following commands
as required:
l Run the flag j0 64byte-or-null-mode [ j0-value ] or the flag j0 { 16byte-mode | 1bytemode } j0-value command to configure the overhead byte j0.
l Run the flag j1 64byte-or-null-mode [ j1-value ] or the flag j1 { 16byte-mode | 1bytemode } j1-value command to configure the overhead byte j1.
l Run the flag c2 c2-value command to configure the overhead byte c2 of the 10GE WAN
interface.
----End
2.2.9 Configuring Flow Control on the GE Interface
Configuring flow control on an interface ensures that the interface can properly process received
frames.
Context
Perform the following steps on the routers:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface gigabitethernet interface-number
The GE interface view is displayed.
Step 3 Run:
flow control [ receive | send ]
The flow control function is enabled.
By default, flow control is enabled on a GE interface.
After flow control is enabled on an interface, the interface sends a Pause frame to notify the peer
interface to send traffic at a slower rate, if the received traffic reaches the set threshold (for
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
64
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
example, when the traffic rate on a GE interface exceeds 1 Gbit/s). If the peer interface also
supports flow control, it sends traffic at a slower rate after receiving the Pause frame so that the
local interface can process received frames properly.
----End
2.2.10 Configuring Self-Loop Detection on the GE Interface
After the self-loop detection function is enabled, the self-loop on an interface can be detected
and then the interface is blocked.
Context
Perform the following steps on the routers:
NOTICE
A router enabled with the loopback detect function periodically sends specially constructed
loopback detect packets. If a self-loop exists on an interface, the loopback detect packets will
be looped back to the router, and the router can then determine that a self-loop has occurred. A
malicious attacker can trick a loopback-detect-enabled router into believing that a self-loop has
occurred, by sending loopback detect packet headers obtained using Sniffer back to the router.
It is recommended that you disable the loopback detect function on properly operating routers.
If you need the loopback detect function to detect link connectivity during the site deployment
stage, disable this function after this stage.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface gigabitethernet interface-number
The GE interface view is displayed.
Step 3 Run:
loopback-detect enable
The self-loop detection function is enabled.
Step 4 Run:
loopback-detect block block-time
Set the delay time of the interface recovery after the self-loop on the interface is eliminated.
By default, the interface recovers 10 seconds after the self-loop on the interface is eliminated.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
65
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
2.2.11 Switching the Working Mode of an Ethernet Interface
By default, Ethernet interfaces on the NE80E/40E are Layer 3 interfaces. To use Layer 2
attributes of Ethernet interfaces, you need to convert Ethernet interfaces into Layer 2 interfaces.
Context
After a Layer 3 interface switches to the Layer 2 mode, the Layer 3 ID and functions are disabled,
and the MAC address is adopted.
Perform the following steps on each router:
Procedure
l
Switching the Working Mode of a Specified Ethernet Interface
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface { ethernet | gigabitethernet } interface-number
The specified Ethernet interface is displayed.
3.
Run:
portswitch
The Ethernet interface is switched to a Layer 2 interface.
l
Switching the Working Mode of Ethernet Interfaces in Batch
1.
Run:
system-view
The system view is displayed.
2.
Run:
portswitch batch interface-type { interface-number1 [ to interfacenumber2 ] } &<1-10>
The working modes of Ethernet interfaces are switched in batch.
By default, Ethernet interfaces work in the Layer 3 mode.
----End
2.2.12 Configuring Ethernet Interfaces to Reserve the Padding
Fields in Upstream Packets
Context
By default, Huawei devices delete the padding fields in upstream packets. If Huawei devices
are connected to non-Huawei devices, non-Huawei devices cannot identify these packets without
the padding fields. To enable non-Huawei devices to identify these packets, configure the frame
padding fixed enable command on Huawei devices to enable the Ethernet interfaces to reserve
the padding fields in upstream packets.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
66
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
Perform the following steps on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
slot slot-id
The slot view is displayed.
Step 3 Run:
frame padding fixed enable
Ethernet interfaces on the board are configured to reserve the padding fields in upstream packets.
----End
2.2.13 Checking the Configuration
After an Ethernet interface is configured, you can check information about the interface,
including the IP address, MTU, speed, working mode, interface mode, and number of received
and sent frames.
Procedure
l
Run the display interface { ethernet | gigabitethernet } [ interface-number ] command
to check the status of the specified Ethernet interface.
l
Run the display interface ethernet brief command to check the brief information about
the Ethernet interface.
l
Run the display transfer-modecommand to check the transfer mode of a 10 GE LAN/
WAN interface.
----End
Example
Run the display interface command. You can view the MTU, IP address and mask, working
speed and mode. For example:
<HUAWEI> display interface gigabitethernet 2/0/0
GigabitEthernet2/0/0 current state : UP
Line protocol current state : UP
Description : GigabitEthernet2/0/0 Interface, Route Port
The Maximum Transmit Unit is 1500 bytes, Hold timer is 10(sec)
Internet Address is 10.1.1.1/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc01-0054
Media type: twisted-pair ,Link type: auto negotiation
Loopback:none, Maximal BW:1G, Current BW:100M, full-duplex mode,
Pause Flowcontrol:Send and Receive Enable
Statistics last cleared:never
Last 30 seconds input rate: 0 bits/sec, 0 packets/sec
Last 30 seconds output rate: 0 bits/sec, 0 packets/sec
Input: 0 Bytes, 0 Packets
Output: 0 Bytes, 0 Packets
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
67
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
Input:
Unicast: 0, Multicast: 0
Broadcast: 0, JumboOctets: 0
CRC: 0, Symbol: 0
Overrun: 0 , InRangeLength: 0
LongPacket: 0 , Jabber: 0, Alignment: 0
Fragment: 0, Undersized Frame: 0
RxPause: 0
Output:
Unicast: 0, Multicast: 0
Broadcast: 0, JumboOctets: 0
Lost: 0, Overflow: 0, Underrun: 0
TxPause: 0
Input bandwidth utilization : 0.01%
Output bandwidth utilization : 0.01%
Running the display interface ethernet brief command, you can view the brief information
about the Ethernet interface. The information includes the physical status, auto-negotiation
mode, full-duplex mode, interface rate, and the average bandwidth utility in the recent period in
the receiving direction and sending direction.
<HUAWEI> display interface ethernet brief
*down: administratively down
^down: standby
(l): loopback
(b): BFD down
InUti/OutUti: input utility/output utility
Interface
Physical Auto-Neg Duplex
Trunk
GigabitEthernet0/0/0
up
enable
half
-GigabitEthernet2/0/0
up
disable full
-GigabitEthernet2/0/1
up
disable full
-GigabitEthernet2/0/2
down
disable full
-GigabitEthernet3/0/0
down
enable
full
-GigabitEthernet3/0/1
down
enable
full
-GigabitEthernet3/0/1.1
down
enable
full
-GigabitEthernet3/0/2
up
enable
full
-GigabitEthernet3/0/3
down
enable
full
--
Bandwidth
InUti
OutUti
100M
0%
0%
1000M
0.01%
0.01%
1000M
0%
0%
1000M
0%
0%
1000M
0%
0%
100M
0%
0%
100M
0%
0%
1000M
0.01%
0.01%
1000M
0%
0%
2.3 Configuring Ethernet Interfaces of the SRU
By configuring an Ethernet interface on an MPU, you can connect the NE80E/40E to a network
management system (NMS) for management.
2.3.1 Before You Start
Before configuring an Ethernet interface on a main control board, familiarize yourself with the
usage scenario and obtain the data required for the configuration.
Applicable Environment
Ethernet interfaces on main control boards are used to connect to the network management
system (NMS).
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
68
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
NOTICE
A management network interface is also an Ethernet interface. The management network
interfaces on main control boards mainly support the Simple Network Management Protocol
(SNMP) and remote login functions, including Telnet, Secure Shell Telnet (STelnet), File
Transfer Protocol (FTP), and Secure File Transfer Protocol (SFTP). Configuring other functions
are not recommended, because it may affect traffic forwarding and device performance.
The management network interface on a slave main control board is set to Down. To ensure high
network reliability, the management network interfaces on both the master and slave main
control boards are connected to the network. If a master/slave main control board switchover is
performed, the slave main control board takes over services and the management network
interface on it goes Up. Therefore, the device can still communicate with the network.
Data Preparation
To configure an Ethernet interface, you need the following data.
No.
Data
1
Ethernet interface number
2
IP address and mask of the Ethernet interface
2.3.2 Assigning an IP Address to an Ethernet Interface
You can assign an IP address to an Ethernet interface on the NE80E/40E to implement
communication between the NE80E/40E and the NMS.
Context
For detailed information about IP address configuration, refer to the HUAWEI NetEngine80E/
40E Router Configuration Guide - IP Services.
Perform the following steps on the routers:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface gigabitethernet interface-number
The GigabitEthernet interface view is displayed.
Step 3 Run:
ip address { mask |mask-length } [ sub ]
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
69
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
An IP address is assigned for the interface.
Note that the parameter sub is used to configure the second or more IP addresses for the interface.
----End
2.3.3 Configuring the Working Mode of an Ethernet Electrical
Interface
There are two working modes at the physical layer of an Ethernet network, namely, half duplex
mode and full duplex mode. Correctly configuring working modes for Ethernet electrical
interfaces is a prerequisite to network communication.
Context
Perform the following steps on the routers:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface gigabitethernet interface-number
The GigabitEthernet interface view is displayed.
Step 3 Run
duplex { auto | half | full }
The working mode of the Ethernet electrical interface is configured.
The Ethernet electrical interface can work in both full-duplex and half-duplex mode.
NOTE
l When connected to a Hub, Ethernet electrical interfaces of the router must work in half-duplex mode.
l When connected to a LAN Switch, Ethernet electrical interfaces of the routers can work in either fullduplex mode or half-duplex mode only if consistent with the configuration on the peer device.
l The operating mode of the Ethernet interface on the local end and that on the remote end must be
consistent.
By default, the auto mode, which is the best half-duplex mode of system auto-negotiation, is
adopted.
----End
2.3.4 Configuring the Speed of an Ethernet Electrical Interface
Ethernet electrical interfaces working at different speeds transmit different volumes of data
during the same period of time. Correctly configuring speeds of Ethernet electrical interfaces is
a prerequisite to network communication.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
70
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
Context
Perform the following steps on the routers:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface gigabitethernet interface-number
The GigabitEthernet interface view is displayed.
Step 3 Run:
speed { auto | 10 | 100 | 1000 }
The speed on the Ethernet electrical interface is configured.
The NE80E/40E Ethernet electrical interface supports three kinds of operating speed: 10Mbit/
s, 100Mbit/s, and 1000Mbit/s.
By default, the auto mode, which is the best half-duplex mode of system auto-negotiation, is
adopted.
You can specify the operating speed of an interface manually. Do keep the rate the same as that
of the peer device.
----End
2.3.5 Configuring the Promiscuity Mode
The promiscuity mode of an interface determines how the NE80E/40E receives frames from the
physical layer.
Context
Perform the following steps on the routers:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface gigabitethernet interface-number
The GigabitEthernet interface view is displayed.
Step 3 Run:
promode { on | off }
The Promiscuity Mode is set.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
71
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
By default, the promiscuity mode of the Ethernet interface on SRU/MPU is off.
----End
2.4 Configuring Ethernet Interfaces Layer 2 Parameters
After an Ethernet interface is configured with Layer 2 attributes, it can access a device or directly
forward Ethernet frames on a Layer 2 network. Layer 2 attributes define link layer information
of Ethernet interfaces.
2.4.1 Before You Start
Before configuring Layer 2 attributes for Ethernet interfaces, familiarize yourself with the usage
scenario, complete the pre-configuration tasks, and obtain the required data. This can help you
complete the configuration task quickly and accurately.
Applicable Environment
The Ethernet interfaces provided by the NE80E/40E can work in the following two modes:
routed mode (Layer 3 mode) and switched mode (Layer 2 mode).
l
Routed mode: can be configured with the Layer 3 attributes and switched to the Layer 2
mode by commands.
By default, the Ethernet interface is in the Layer 3 mode.
l
Switched mode: can be configured with the Layer 2 attributes and switched to the Layer 3
mode by commands.
When the router is used as a Layer 2 switch, Layer 2 parameters are required on Ethernet
interface.
Pre-configured Tasks
None
Data Preparation
To configure the Ethernet interface, you need the following data.
No.
Data
1
Ethernet interface number
2
802.1p priority value of the Ethernet interface
2.4.2 Configuring Link Layer Type of an Ethernet Interface
Link types of Ethernet interfaces are access, hybrid, trunk, and dot1q-tunnel. You need to
configure a proper link type for an Ethernet interface so that the interface can transmit VLANtagged frames.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
72
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
Context
The Ethernet interface supports four types of links: Access, dot1q-tunnel, Trunk and Hybrid.
l
Access: In this mode, the interface belongs to only one VLAN and is generally used to
connect PCs.
l
Hybrid: In this mode, the interface can belong to multiple VLANs to receive and send
packets of these VLANs. It is used to connect switches or PCs.
l
Trunk: In this mode, the interface can belong to multiple VLANs to receive and send packets
of these VLANs. It is used to connect switches.
l
dot1q-tunnel: In this mode, the interface is enabled Q-in-Q function.
The difference between the Hybrid interface and the trunk interface lies that, the Hybrid interface
allows transmitting untagged or tagged packets of VLANs whereas the trunk interface allows
that of the tagged VLAN only.
Perform the following steps on the routers:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface { ethernet | gigabitethernet } interface-number
The Ethernet interface view is displayed.
Step 3 Run:
portswitch
The Ethernet interface is switched to Layer 2 mode.
Step 4 Run:
port link-type { access | hybrid | trunk | dot1q-tunnel }
The interface type is specified.
By default, the link type is Hybrid.
----End
2.5 Configuring SmartLink Flush Function
Some Layer 2 devices in the network support the Smart Link function. By default, Huawei data
communication devices do not process the SmartLink flush packets sent from these Layer 2
devices. To enable the communication between the Huawei devices and the devices of other
vendors, you need to configure the SmartLink Flush function on Huawei data communication
devices.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
73
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
2.5.1 Before You Start
Before configuring the SmartLink Flush function, familiarize yourself with the usage scenario,
complete the pre-configuration tasks, and obtain the required data. This can help you complete
the configuration task quickly and accurately.
Applicable Environment
Some Layer 2 devices on network support the Smart Link function. By default, Huawei data
communication devices do not process the SmartLink Flush packets sent by these devices.
To ensure the Smart Link function to be enabled on these Layer 2 devices, Huawei data
communication devices are required processing SmartLink Flush packets when working with
non-Huawei switches supporting the Smart Link function on a network.
Pre-configuration Tasks
Before configuring equipment to process SmartLink Flush packets, complete the following
tasks:
l
Ensure that the physical interfaces on network devices are correctly connected and in the
state of Up.
l
Enable the port that can process SmartLink Flush packets to allow the packet that carries
the control VLAN tag passing.
Data Preparation
Before configuring equipment to process SmartLink Flush packets, you need the following data.
No.
Data
1
Number of the interface that can recognize SmartLink Flush packets
2
Control VLAN ID
2.5.2 Enabling a Port to Process SmartLink Flush Packets
The Huawei device can process the SmartLink flush packets only after being enabled with the
SmartLink Flush function; otherwise, the device discards the SmartLink flush packets.
Context
Perform the following steps on routers that are deployed together with the switch enabled with
the Smart Link function.
Procedure
Step 1 Run:
system-view
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
74
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
The system view is displayed.
Step 2 Run:
interface { ethernet | gigabitethernet } interface-number
The Ethernet interface view is displayed.
Step 3 Run:
portswitch
The Ethernet interface is switched to Layer 2 mode.
Step 4 Run:
smart-link flush enable control-vlan vlan-id
The Ethernet interface is switched to Layer 2 mode.
The Ethernet interface is enabled to process SmartLink Flush packets.
If the SmartLink Flush packet carries the control VLAN Tag, vlan-id must accord with the
control VLAN ID in the SmartLink Flush packet. Otherwise, the equipment does not process
this SmartLink Flush packet.
----End
2.6 Configuring the Alarm Function on an Ethernet Interface
If a large number of alarms are generated on a link, the system is busy dealing with various
alarms and the system performance is therefore degraded. To solve this problem, you can enable
the alarm function on an interface.
2.6.1 Before You Start
Before enabling the alarm function on an ethernet interface, familiarize yourself with the usage
scenario, complete the pre-configuration tasks, and obtain the required data. This can help you
complete the configuration task quickly and accurately.
Applicable Environment
If a large number of alarms are generated on a link, the system is busy dealing with various
alarms. The system performance is therefore degraded. In this manner, you can set the threshold
that triggers the alarm for interfaces. When the number of errors exceeds the set threshold, an
alarm is generated. You can then take measures for troubleshooting to ensure the normal
transmission of services.
Pre-configuration Tasks
Before configuring the interface description, complete the following task:
l
Power on the router and ensuring that the self-test is successful.
l
The Ethernet interface can work normally.
Data Preparation
To configure the alarm function for ethernet interfaces, you need the following data.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
75
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
No.
Data
1
Interface type and interface number
2
Thresholds for alarms of the expiration of the input-rate, and expiration of the
output-rate
3
Thresholds for alarms of the CRC error
4
Thresholds for alarms of the SDH error
5
Thresholds for alarms of the error packets
2.6.2 Configuring the Alarm Function of Bandwidth Utilization on
an Interface
This section describes how to configure the alarm function of bandwidth usage on an interface.
Context
If a device is attacked or the network traffic on a device has exceeded the amount that the device
can process, the bandwidth usage of interfaces on the device may become extremely high. If
high bandwidth usage lasts for a long time, device performance and service forwarding are
affected. After you configure the alarm function of bandwidth usage on an Ethernet interface
and the bandwidth usage exceeds a specified threshold, an alarm is generated to inform
administrators for device maintenance.
Perform the following steps on the interface connected to the transmission device:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
l To set the alarm threshold for the bandwidth utilization of the incoming traffic, run:
trap-threshold input-rate bandwidth-in-use [ resume-rate resume-rate-value ]
l To set the alarm threshold for the bandwidth utilization of the outgoing traffic, run:
trap-threshold output-rate bandwidth-in-use [ resume-rate resume-rate-value ]
NOTE
The alarm function can be configured on 10GE LAN/WAN interfaces and GE interfaces.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
76
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
2.6.3 Configuring the Alarm Function of CRC Errors on an Interface
This section describes how to configure the alarm function of CRC error packets on an interface.
Context
After you configure the alarm function of CRC error packets on an Ethernet interface and the
number of CRC error packets the interface received exceeds a specified threshold, an alarm is
generated to inform administrators for device maintenance.
Perform the following steps on the interface connected to the transmission device:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
l To set the alarm threshold for CRC errors, run:
trap-threshold crc-error threshold interval-second interval-value
Step 3 Run:
quit
The interface view is quit.
Step 4 Run:
snmp-agent trap enable port crc-error-rising
The alarm function of CRC errors is enabled on an interface.
----End
2.6.4 Configuring the Alarm Function of SDH errors on an Interface
This section describes how to configure the alarm function of SDH error packets on an interface.
Context
After you configure the alarm function of SDH error packets on an Ethernet interface and the
number of SDH error packets the interface received exceeds a specified threshold, an alarm is
generated to inform administrators for device maintenance.
Perform the following steps on the interface connected to the transmission device:
Procedure
Step 1 Run:
system-view
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
77
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
l To set the alarm threshold for SDH errors, run:
trap-threshold sdh-error threshold interval-second interval-value
NOTE
This command can be run on 10GE-WAN interfaces.
Step 3 Run:
quit
The interface view is quit.
Step 4 Run:
snmp-agent trap enable port sdh-error-rising
The alarm function of SDH errors is enabled on an interface.
----End
2.6.5 Configuring the Alarm Function of Error Packets on an
Interface
This section describes how to configure the alarm function of error packets on an interface.
Context
After you configure the alarm function of error packets on an Ethernet interface and the number
of error packets the interface received exceeds a specified threshold, an alarm is generated to
inform administrators for device maintenance.
Perform the following steps on the interface connected to the transmission device:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
l To set the alarm threshold for error packets, run:
trap-threshold bad-bytes
threshold interval-second interval
NOTE
This command can be run on GE and 10GE-LAN interfaces.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
78
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
Step 3 Run:
quit
The interface view is quit.
Step 4 Run:
snmp-agent trap enable port bad-bytes
The alarm function of error packets is enabled on an interface.
----End
2.6.6 Configuring the Loopback Alarm Function on an Interface
The loopback alarm function on an interface allows the system to generate an alarm when a loop
is manually configured on the interface.
Context
If a user configures the loopback function on an interface to test whether the interface or link
works properly, but does not delete the function after the test, the interface will work improperly.
To solve the problem, you can configure the loopback alarm function on the interface. When
the loopback alarm function is configured on the interface and a loop occurs, the system generates
and sends an alarm to the NMS when a loop occurs. When the loopback alarm function is deleted,
the system generates a related alarm to the NMS. Based on the loopback alarm function, users
can monitor whether a loop occurs.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
snmp-agent trap enable feature-name port
hwloopbackalarmresume } ]
[ trap-name { hwloopbackalarm |
The system is enabled to generate and send an alarm to the NMS when a loop occurs on an
interface.
----End
2.6.7 Configuring the Alarm Function for a LocalFault or a
RemoteFault on an Interface
Users can enable the system to generate an alarm and report the alarm to the NMS when a
LocalFault or a RemoteFault occurs on an interface.
Context
If a LocalFault or a RemoteFault occurs on an interface, the system generates an alarm. If the
device administrator wants to monitor the alarms in real time, enable the system to generate an
alarm and report the alarm to the NMS when a LocalFault or a RemoteFault occurs on an
interface.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
79
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
snmp-agent trap enable feature-name port [ trap-name { hwlocalfaultalarm |
hwlocalfaultalarmresume | hwremotefaultalarm | hwremotefaultalarmresume } ]
The system is enabled to generate an alarm and report the alarm to the NMS when a LocalFault
or a RemoteFault occurs on an interface.
----End
2.6.8 Configuring the Alarm Function in Cases of Polarity Errors on
Electrical Interfaces
You can configure the system to generate an alarm and report the alarm to the network
management system (NMS) when a polarity error occur on an electrical interface.
Context
In most cases, if a polarity error occurs on an electrical interface, service traffic is interrupted.
To prompt users with polarity errors, configure the system to generate an alarm and report the
alarm to the NMS.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
snmp-agent trap enable feature-name port
hwcopperpolarityerrorresume } ]
[ trap-name { hwcopperpolarityerror |
The system is configured to generate an alarm and report the alarm to the NMS when a polarity
error occur on an electrical interface.
----End
2.6.9 Checking the Configurations
After the alarm function is enabled on an interface, you need to check the configuration and
ensure that the configuration is correct.
Prerequisites
Run the following commands to check the previous configuration.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
80
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
Procedure
Step 1 Run the display current-configuration [ interface-type interface-number ] command to check
the alarm messages on the interface.
----End
Example
# Display the alarm function on GE 1/0/0.
<HUAWEI>display current-configuration interface GigabitEthernet1/0/0
#
interface GigabitEthernet1/0/0
trap-threshold input-rate 80
trap-threshold output-rate 80
2.7 Maintaining Ethernet Interfaces
The commands related to Ethernet interfaces can be used to locate the faults on an Ethernet
interface.
2.7.1 Testing the Loop of Ethernet Interfaces
To test an Ethernet interface itself, you can run the loopback command in the Ethernet interface
view. When the interface works normally, you must disable the loopback function.
Context
The loop of Ethernet interfaces is generally used to test the interfaces. Run the following
command in the Ethernet interface view.
When interfaces work normally, disable the loop.
Procedure
Step 1 Run the loopback { local | remote } command in Ethernet interface view or GE interface view
to enable the loop on interfaces.
----End
2.8 Configuration Examples
This section lists the networking requirements, configuration roadmap, and data preparation to
describe the typical application scenarios of Ethernet interfaces, and provides related
configuration files.
NOTE
This document takes interface numbers and link types of the NE40E-X8 as an example. In working
situations, the actual interface numbers and link types may be different from those used in this document.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
81
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
2.8.1 Example for Configuring a Layer 3 Ethernet Interface
In this networking, you need to configure only the IP address, because other configuration items
retain their default values. If the values of other configuration items need to be changed, you
must set them to be the same as those on the remote device.
Networking Requirements
As shown in Figure 2-4, Ethernet interfaces of RouterA, RouterB, and RouterC are connected
to the IP network 10.1.1.0/24.
Figure 2-4 Networking diagram of Ethernet interface configuration
RouterA
RouterB
GE1/0/0
10.1.1.1/24
GE1/0/0
10.1.1.2/24
GE1/0/0
10.1.1.3/24
RouterC
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure description about each router.
2.
Configure IP addresses for interfaces on each router.
Data Preparation
To configure an Ethernet interface, you need the following data:
l
Interface number
l
IP address of the interface
Procedure
Step 1 Configure RouterA.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] undo shutdown
[RouterA-GigabitEthernet1/0/0] description RouterA
[RouterA-GigabitEthernet1/0/0] ip address 10.1.1.1 255.255.255.0
[RouterA-GigabitEthernet1/0/0] quit
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
82
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
Step 2 Configure RouterB.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] undo shutdown
[RouterB-GigabitEthernet1/0/0] description RouterB
[RouterB-GigabitEthernet1/0/0] ip address 10.1.1.2 255.255.255.0
[RouterB-GigabitEthernet1/0/0] quit
Step 3 Configure RouterC.
<HUAWEI> system-view
[HUAWEI] sysname RouterC
[RouterC] interface gigabitethernet 1/0/0
[RouterC-GigabitEthernet1/0/0] undo shutdown
[RouterC-GigabitEthernet1/0/0] description RouterC
[RouterC-GigabitEthernet1/0/0] ip address 10.1.1.3 255.255.255.0
[RouterC-GigabitEthernet1/0/0] quit
Step 4 Verify the configuration.
After the configuration, using the following methods, you can check whether the interface works
normally with the configuration.
l In the case of small traffic volume, ping Ethernet interfaces of a router from another router.
The interfaces are normal if all the ping packets are returned.
l Check the statistics of a router. The interfaces are normal if the number of received error
frames does not change.
Check the interface status of each router. In the normal situation, the physical status and protocol
status are Up.
Take RouterA as an example:
<RouterA> display ip interface brief
*down: administratively down
!down: FIB overload down
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 2
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 2
The number of interface that is DOWN in Protocol is 0
Interface
IP Address/Mask
Physical
GigabitEthernet1/0/0
10.1.1.1
up
NULL0
unassigned
up
Protocol
up
up(s)
----End
Configuration Files
l
Configuration file of RouterA
#
sysname RouterA
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.1.1 255.255.255.0
description RouterA
#
return
l
Configuration file of RouterB
#
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
83
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
sysname RouterB
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.1.2 255.255.255.0
description RouterB
#
return
l
Configuration file of RouterC
#
sysname RouterC
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.1.3 255.255.255.0
description RouterC
#
return
2.8.2 Example for Configuring VLANs to Communicate Through
Ethernet Sub-interfaces
To enable communications between different VLANs, you can create sub-interfaces specific to
VLANs on the Ethernet interfaces that connect a router and a switch. In addition, you can
configure 802.1Q encapsulation on and assign IP addresses to the sub-interfaces. In this manner,
communications between VLANs can be implemented through Layer 2 switches and routers.
Context
For details, refer to 4.12.2 Example for Configuring Inter-VLAN Communication by Using
Sub-interfaces in the 4 VLAN Configuration.
2.8.3 Example for Configuring a Device to Handle Smartlink Flush
Packets
In this networking, the devices of other vendors support the SmartLink function but the Huawei
devices do not support the SmartLink function by default. When the Huawei data communication
devices need to communicate with the switches of other vendors that support the SmartLink
function, you need to enable the Huawei devices to process SmartLink flush packets.
Networking Requirements
As shown in Figure 2-5, RouterA, RouterB, and RouterC are Huawei devices and the Switch
supports the Smart Link function. The Smart Link is enabled on the Switch. Two uplinks
constitute a Smart Link Group, namely, a backup link group.
RouterA is the active link for the Switch and RouterB is the standby link. At last, the data reach
the backbone network through RouterC.
The control VLAN ID of the Switch is 10.
It requires the interfaces on RouterA, RouterB, and RouterC to enable processing SmartLink
Flush packet. This can help the Switch to realize the switchover between active and standby
links.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
84
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
Figure 2-5 Networking diagram of configuring equipment to process Smart Link packets
Backbone
network
RouterC
GE1/0/0
GE2/0/0
GE2/0/0
GE2/0/0
RouterA
RouterB
GE1/0/0
GE1/0/0
Inactive link
Active link
VLAN 10
VLAN 10
smart-link
Switch
Link
Configuration Roadmap
The configuration roadmap is as follows:
1.
Change the interface on the router to Layer 2 mode and configure the port to allow packets
from VLAN 10 to pass.
2.
Enable a Layer 2 port to recognize the SmartLink Flush packet.
Data Preparation
To complete the configuration, you need the following data:
l
Control VLAN ID
l
Number of the interface on the router
Procedure
Step 1 Configure the interface on a router
# Create VLAN 1 to VLAN 4094 on RouterA.
<HUAWEI> system-view
[HUAWEI] syname RouterA
[RouterA] vlan batch 1 to 4094
# Switch the interfaces GE 1/0/0 and GE 2/0/0 on RouterA to Layer 2 mode and configure them
as VLAN trunk ports that allow all VLAN frames to pass.
[RouterA] interface gigabitethernet 1/0/0
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
85
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
[RouterA-GigabitEthernet1/0/0] undo shutdown
[RouterA-GigabitEthernet1/0/0] portswitch
[RouterA-GigabitEthernet1/0/0] port link-type trunk
[RouterA-GigabitEthernet1/0/0] port trunk allow-pass vlan all
[RouterA-GigabitEthernet1/0/0] quit
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] undo shutdown
[RouterA-GigabitEthernet2/0/0] portswitch
[RouterA-GigabitEthernet2/0/0] port link-type trunk
[RouterA-GigabitEthernet2/0/0] port trunk allow-pass vlan all
[RouterA-GigabitEthernet2/0/0] quit
# Create VLAN 1 to VLAN 4094 on RouterB.
<HUAWEI> system-view
[HUAWEI] syname RouterB
[RouterB] vlan batch 1 to 4094
# Switch GE 1/0/0 and GE 2/0/0 on RouterB to Layer 2 mode and configure them as VLAN
trunk ports that allow all VLAN frames to pass.
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] undo shutdown
[RouterB-GigabitEthernet1/0/0] portswitch
[RouterB-GigabitEthernet1/0/0] port link-type trunk
[RouterB-GigabitEthernet1/0/0] port trunk allow-pass vlan all
[RouterB-GigabitEthernet1/0/0] quit
[RouterB] interface gigabitethernet 2/0/0
[RouterB-GigabitEthernet2/0/0] undo shutdown
[RouterB-GigabitEthernet2/0/0] portswitch
[RouterB-GigabitEthernet2/0/0] port link-type trunk
[RouterB-GigabitEthernet2/0/0] port trunk allow-pass vlan all
[RouterB-GigabitEthernet2/0/0] quit
# Create VLAN 1 to VLAN 4094 on RouterC.
<HUAWEI> system-view
[HUAWEI] syname RouterC
[RouterC] vlan batch 1 to 4094
# Switch GE 1/0/0 and GE 2/0/0 on RouterC to Layer 2 mode and configure them as VLAN
trunk ports that allow all VLAN frames to pass.
[RouterC] interface gigabitethernet 1/0/0
[RouterC-GigabitEthernet1/0/0] undo shutdown
[RouterC-GigabitEthernet1/0/0] portswitch
[RouterC-GigabitEthernet1/0/0] port link-type trunk
[RouterC-GigabitEthernet1/0/0] port trunk allow-pass vlan all
[RouterC-GigabitEthernet1/0/0] quit
[RouterC] interface gigabitethernet 2/0/0
[RouterC-GigabitEthernet2/0/0] undo shutdown
[RouterC-GigabitEthernet2/0/0] portswitch
[RouterC-GigabitEthernet2/0/0] port link-type trunk
[RouterC-GigabitEthernet2/0/0] port trunk allow-pass vlan all
[RouterC-GigabitEthernet2/0/0] quit
Step 2 Enable the port to recognize SmartLink Flush packets
# Enable GE 1/0/0 and GE 2/0/0 on RouterA to recognize SmartLink Flush packets.
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] smart-link flush enable control-vlan 10
[RouterA-GigabitEthernet1/0/0] quit
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] smart-link flush enable control-vlan 10
[RouterA-GigabitEthernet2/0/0] quit
# Enable GE 1/0/0 and GE 2/0/0 on RouterB to recognize SmartLink Flush packets.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
86
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] smart-link flush enable control-vlan 10
[RouterB-GigabitEthernet1/0/0] quit
[RouterB] interface gigabitethernet 2/0/0
[RouterB-GigabitEthernet2/0/0] smart-link flush enable control-vlan 10
[RouterB-GigabitEthernet2/0/0] quit
# Enable GE 1/0/0 and GE 2/0/0 on RouterC to recognize SmartLink Flush packets.
[RouterC] interface gigabitethernet 1/0/0
[RouterC-GigabitEthernet1/0/0] smart-link flush enable control-vlan 10
[RouterC-GigabitEthernet1/0/0] quit
[RouterC] interface gigabitethernet 2/0/0
[RouterC-GigabitEthernet2/0/0] smart-link flush enable control-vlan 10
[RouterC-GigabitEthernet2/0/0] quit
Step 3 Verify the configuration.
# Run the display this command. You can check whether the smart-link flush enable command
is configured and a correct VLAN ID is specified. Take RouterA as an example:
[RouterA-GigabitEthernet1/0/0] display this
#
interface GigabitEthernet1/0/0
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 1 to 4094
smart-link flush enable control-vlan 10
#return
----End
Configuration Files
l
Configuration file of RouterA
#
sysname RouterA
#
vlan batch 1 to 4094
#
interface GigabitEthernet1/0/0
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 1 to 4094
smart-link flush enable control-vlan 10
#
interface GigabitEthernet2/0/0
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 1 to 4094
smart-link flush enable control-vlan 10
#
return
l
Configuration file of RouterB
#
sysname RouterB
#
vlan batch 1 to 4094
#
interface GigabitEthernet1/0/0
undo shutdown
portswitch
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
87
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2 Ethernet Interface Configuration
port link-type trunk
port trunk allow-pass vlan 1 to 4094
smart-link flush enable control-vlan 10
#
interface GigabitEthernet2/0/0
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 1 to 4094
smart-link flush enable control-vlan 10
#
return
l
Configuration file of RouterC
#
sysname RouterC
#
vlan batch 1 to 4094
#
interface GigabitEthernet1/0/0
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 1 to 4094
smart-link flush enable control-vlan 10
#
interface GigabitEthernet2/0/0
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 1 to 4094
smart-link flush enable control-vlan 10
#
return
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
88
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3
3 Eth-Trunk Interface Configuration
Eth-Trunk Interface Configuration
About This Chapter
Eth-Trunk interfaces have all functions of Ethernet interfaces and are more reliable due to the
use of the link aggregation technique.
3.1 Overview of Eth-Trunk Interfaces
Eth-Trunk bundles physical interfaces together to increase interface bandwidth. In addition to
the interface bandwidth increase, Eth-Trunk can implement load balancing and link backup.
3.2 Configuring an Eth-Trunk Interface to Work in Static LACP Mode
If two LACP-capable devices are directly connected through an Eth-Trunk link, you can
configure the Eth-Trunk interfaces on the two devices to work in static LACP mode. Eth-Trunk
interfaces working in static LACP mode implement both load balancing and link backup.
3.3 Configuring an Eth-Trunk Interface to Work in Manual Load Balancing Mode
Of the two directly-connected devices between which an Eth-Trunk is set up, if at least one
device does not support LACP, you can create an Eth-Trunk interface working in manual load
balancing mode on each device, and add physical interfaces to the Eth-Trunk interfaces to
increase bandwidth and improve reliability.
3.4 Configuring an Eth-Trunk Interface to Work in Manual 1:1 Active/Standby Mode
If there are intermediate devices between the two devices connected through two Eth-Trunk
links, configure each Eth-Trunk interface to work in manual 1:1 active/standby mode. After the
configuration, data is transmitted over the active link and the standby link takes over the traffic
if the active link fails.
3.5 Configuring an Eth-Trunk Interface in Manual 1:1 Master/Backup Mode to Connect to a
Non-Huawei Device
To allow a Huawei device to communicate with a non-Huawei device that uses master and
backup interfaces (both in the Up state), configure an Eth-Trunk interface in manual 1:1 master/
backup mode on the Huawei device.
3.6 Configuring an Eth-Trunk Interface to Work in Inter-Board Interface Standby Mode
On a network where a downstream device is connected to a passive optical splitter (POS), the
POS splits one optical fiber into two optical fibers, which then connect to two different boards
on an upstream device. To implement board redundancy for the upstream device, you can
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
89
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
configure an Eth-Trunk interface on the device to work in inter-board interface standby mode
and add the interfaces on the two boards to the Eth-Trunk interface.
3.7 Associating an Eth-Trunk Interface in Static LACP Mode with an mVRRP Backup Group
This section describes how to associate an Eth-Trunk interface in static LACP mode with an
manage Virtual Router Redundancy Protocol (mVRRP) backup group. This configuration
allows the Eth-Trunk interface to rapidly detect the status change of the mVRRP backup group.
After detecting the status change of the mVRRP backup group, the Eth-Trunk interface can
rapidly switch traffic to an available link. This ensures reliable service transmission.
3.8 Associating an Eth-Trunk Interface in Static LACP Mode with a Unicast VRRP Backup
Group
When non-Huawei devices are connected to Huawei devices through Eth-Trunk interfaces,
configure a unicast VRRP backup group on the Huawei devices to implement redundancy. To
ensure reliable service transmission, associate the Eth-Trunk interfaces in static LACP mode
with the unicast VRRP backup group. If the unicast VRRP backup group status changes, the
associated Eth-Trunk interfaces can quickly detect the status change and immediately perform
traffic switching.
3.9 Configuring an E-Trunk
Unlike Eth-Trunk that provides board-level link reliability, E-Trunk provides device-level link
reliability.
3.10 Maintaining Eth-Trunk Interfaces
The statistics reset commands help to locate faults in Eth-Trunk interfaces.
3.11 Configuration Examples
This section describes the typical application scenario of an Eth-Trunk interface, including
networking requirements, configuration roadmap, and data preparation, and provides related
configuration files.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
90
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
3.1 Overview of Eth-Trunk Interfaces
Eth-Trunk bundles physical interfaces together to increase interface bandwidth. In addition to
the interface bandwidth increase, Eth-Trunk can implement load balancing and link backup.
3.1.1 Introduction
Multiple physical interfaces can be bundled into an Eth-Trunk using the link aggregation
technique. The Eth-Trunk interface is a logical interface, having all functions of an Ethernet
interface and is more reliable.
Brief Introduction
As the volume of services deployed on networks increases, the bandwidth provided by a single
P2P physical link working in full-duplex mode cannot meet the requirements of service traffic.
To increase bandwidth, the existing interface boards can be replaced with interface boards of
higher bandwidth capacity. However, this would waste existing device resources and increase
upgrade expenditure. If more links are used to interconnect devices, each Layer 3 interface must
be configured with an IP address, wasting IP addresses.
To increase bandwidth without replacing the existing interface boards or wasting IP address
resources, bundle physical interfaces into a logical interface using the link aggregation technique
to provide higher bandwidth.
Trunk is a bundling technique. Trunk can be used to bundle physical interfaces into a logical
interface, which is called a trunk interface. An Eth-Trunk interface is formed by bundling
Ethernet interfaces.
Concepts
This part describes the link aggregation mode, load balancing mode, member interface
backup, and maximum/minimum number of Up member links for Eth-Trunk interfaces.
l
Issue 02 (2014-09-30)
Table 3-1 shows the Eth-Trunk link aggregation modes.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
91
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Table 3-1 Eth-Trunk link aggregation modes
l
EthTrunk
Link
Aggreg
ation
Mode
Description
Usage Scenario
Static
Link
Aggregat
ion
Control
Protocol
(LACP)
mode
In static LACP mode, two ends exchange
LACP packets to negotiate link aggregation
parameters to determine active and inactive
interfaces.
If the directly-connected
two ends support LACP,
configuring the static
LACP mode is
recommended.
Manual
load
balancin
g mode
In manual load balancing mode, you can
manually add interfaces to an Eth-Trunk
interface. All the member interfaces are in the
forwarding state and carry out load balancing.
If either of the directlyconnected two ends does
not support LACP,
configure the manual load
balancing mode.
Manual
1:1
active/
standby
mode
An Eth-Trunk interface working in manual 1:1
active/standby mode contains only two
member interfaces. Of the two member
interfaces, one is active and the other standby.
The active member interface forwards traffic
when it functions properly. If the active
member interface fails, the standby member
interface takes over the traffic.
If the two ends of an EthTrunk are connected over
intermediate devices,
configure the manual 1:1
active/standby mode.
The static LACP mode is called M:N mode,
which implements both load balancing and
link backup. M active links in the link
aggregation group are responsible for
forwarding data, while the other N inactive
links are standby and do not forward data. If an
active link becomes faulty, the system selects
the link with the highest priority from the N
inactive links.
NOTE
The manual 1:1 active/
standby mode is applicable
only to Layer 2 Eth-Trunk
interfaces.
Load balancing
There are two load balancing modes: per-destination and per-packet. Eth-Trunk member
links can be configured with different weights to carry out load balancing.
– Per-destination load balancing: Packets with the same source and destination IP
addresses or with the same source and destination MAC addresses are transmitted over
the same member link.
Layer 2 Eth-Trunk interfaces support per-destination load balancing based on the MAC
addresses or the IP addresses of packets.
Layer 3 Eth-Trunk interfaces only support per-destination load balancing based on the
IP addresses of packets.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
92
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
– Per-destination load balancing: Packets with the same source and destination IP
addresses or with the same source and destination MAC addresses are transmitted over
the same member link.
Layer 2 Eth-Trunk interfaces support per-destination load balancing based on the MAC
addresses or the IP addresses of packets.
Layer 3 Eth-Trunk interfaces only support per-destination load balancing based on the
IP addresses of packets.
– Per-packet load balancing: Packets are transmitted over different member links.
Both Layer 2 and Layer 3 Eth-Trunk interfaces support per-packet load balancing.
l
Maximum/Minimum number of Up member links
The number of Up member links determines the status and bandwidth of an Eth-Trunk
interface. To keep stability, set the maximum and minimum numbers of Up member links
to reduce the impact of Eth-Trunk member link status changes.
– Minimum number of Up member links: After the number of Up member links falls
below the set value, the Eth-Trunk interface goes Down.
– Maximum number of Up member links: After the number of Up member links reaches
the set value, the bandwidth of the Eth-Trunk interface does not increase regardless of
whether more member links go Up.
l
Member Interface Backup
To improve the reliability of an Eth-Trunk interface, you can configure member interface
backup.
If a member interface goes Down, traffic rapidly switches to another member interface.
The backup interface is an Up member interface of the same Eth-Trunk interface.
NOTE
If member interfaces of a trunk interface reside on different LPUs, a BFD session needs to be
configured to detect the member link status, with the process-pst command being used to associate
the BFD session with member interfaces. Otherwise, traffic will be lost in certain situations (for
example, when the LPU where a member interface resides is restarted).
For the configuration of a BFD session, refer to the HUAWEI NetEngine80E/40E Router
Configuration Guide - Reliability.
3.1.2 Eth-Trunk Interface Features That the NE80E/40E Supports
This section describes Ethernet interface features supported by the NE80E/40E. Familiarizing
yourself with these features helps you complete the configuration tasks quickly and accurately.
Eth-Trunk is a bundling technique. You can use Eth-Trunk to bundle Ethernet interfaces into a
logical interface to increase bandwidth.
An Eth-Trunk interface can be configured with a proper link aggregation mode to increase
bandwidth, implement load balancing, and improve network reliability. Table 3-2 shows the
usage of link aggregation modes.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
93
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Table 3-2 Eth-Trunk link aggregation modes
Link
Aggregation
Mode
Usage Scenario
Static Link
Aggregation
Control Protocol
(LACP) mode
If the directly-connected two ends support LACP, as shown in Figure
3-1, configuring the static LACP mode is recommended.
On the network shown in Figure 3-1, PE1 and PE2 are directly connected.
Both PEs support LACP. Eth-Trunk interfaces working in static LACP
mode can be configured on the two PEs to implement load balancing and
link backup.
Figure 3-1 Schematic diagram for Eth-Trunk interfaces in static LACP
mode
Eth-Trunk1
PE1
GE 1/0/1
GE 1/0/2
GE 1/0/3
Eth-Trunk1
Eth-Trunk
CE1
user
network 1
GE 1/0/1 PE2
GE 1/0/2
GE 1/0/3
CE2
user
network 2
Active links
Backup links
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
94
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Link
Aggregation
Mode
Usage Scenario
Manual load
balancing mode
If either of the directly-connected two ends does not support LACP, as
shown in Figure 3-2, configure the manual load balancing mode.
On the network shown in Figure 3-2, PE1 and PE2 are directly connected.
PE1 or PE2 does not support LACP (or neither PE1 nor PE2 supports
LACP). Eth-Trunk interfaces working in manual load balancing mode can
be configured on the two PEs to implement load balancing.
Figure 3-2 Schematic diagram for Eth-Trunk interfaces in manual load
balancing mode
Eth-Trunk1
PE1
GE 1/0/1
GE 1/0/2
GE 1/0/3
Eth-Trunk1
Eth-Trunk
CE1
user
network 1
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
GE 1/0/1 PE2
GE 1/0/2
GE 1/0/3
CE2
user
network 2
95
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Link
Aggregation
Mode
Usage Scenario
Manual 1:1
active/standby
mode
If the two ends of an Eth-Trunk are connected over intermediate devices,
as shown in Figure 3-3, configure the manual 1:1 active/standby mode.
On the network shown in Figure 3-3, PE1 and PE2 are connected over
PE3 and PE4. Eth-Trunk interfaces working in manual 1:1 active/standby
mode can be configured on PE1 and PE2. After the configuration is
complete, data is transmitted over the active link when the link functions
properly. If the active link fails, the standby link takes over the traffic.
Figure 3-3 Schematic diagram for Eth-Trunk interfaces in manual 1:1
active/standby mode
PE3
GE1/0/1
GE2/0/2
Act
iv
GE2/0/1
ink
ve l
GE2/0/3
i
t
c
A
e li
nk
GE1/0/1
Eth-Trunk 1
PE1
Eth-Trunk 1
GE1/0/2
Bac
kup
link
GE2/0/3
Bac
GE2/0/2
GE2/0/1
PE2
GE1/0/2
nk
p li
ku
PE4
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
96
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Link
Aggregation
Mode
Usage Scenario
Inter-Board
interface
standby mode
On a live network, many users lease only one link to carry their services,
posing a risk of service interruption. To improve service transmission
reliability, a device must support board redundancy.
On the network shown in Figure 3-4, a downstream CE is connected to a
passive optical splitter (POS). The POS splits one optical fiber into two
optical fibers, which then connect to two different boards on an upstream
PE. To implement board redundancy for the upstream PE, you can
configure an Eth-Trunk interface on the PE to work in inter-board interface
standby mode and add the interfaces on the two boards to the Eth-Trunk
interface.
Figure 3-4 Schematic diagram for Eth-Trunk interfaces in inter-Board
interface standby mode
Eth-Trunk
Master link
CE
Optical
splitter
Backup link
port1
port2
PE
Eth-Trunk interfaces support the following features to meet special requirements:
l
Association between an Eth-Trunk interface in static LACP mode and an manage virtual
router redundancy protocol (mVRRP) backup group: After an Eth-Trunk interface in static
LACP mode is associated with an mVRRP backup group, the Eth-Trunk link can rapidly
detect the status change of the mVRRP backup group. When detecting a status change of
the mVRRP backup group, the Eth-Trunk interface can rapidly switch traffic to an available
link. This ensures reliable service transmission. For detailed configurations, see 3.7
Associating an Eth-Trunk Interface in Static LACP Mode with an mVRRP Backup
Group.
l
E-Trunk controls inter-device link aggregation and implements link aggregation among
devices. Eth-Trunk provides board-level reliability, while E-Trunk provides device-level
reliability. For detailed configurations, see 3.9 Configuring an E-Trunk.
l
Error code detection
The link-quality command enables error code detection on an Eth-Trunk interface. If the
Eth-Trunk interface uses this function to find that the performance of a member interface
deteriorates, this member interface can leave the Eth-Trunk interface as long as the EthTrunk interface can work properly.
– If the performance of all Eth-Trunk member interfaces deteriorates, to allow the EhTrunk interface to work properly, member interfaces do not leave the Eth-Trunk
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
97
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
interface, and their forwarding entries remain in the Eth-Trunk interface forwarding
table.
– Eth-Trunk interface working in static LACP mode
A lower threshold of the minimum number of active member interfaces is set on the
Eth-Trunk interface. This Eth-Trunk interface has the minimum number of member
links with proper performance less than the lower threshold. In this situation, forwarding
entries for these member interfaces remain in the Eth-Trunk forwarding table.
On an Eth-Trunk interface, a lower threshold of the minimum number of member links
in the Up state is set. Before the Eth-Trunk working mode is changed to static LACP,
the two ends of the Eth-Trunk interface must have the same lower threshold. A lower
threshold inconsistency causes link flapping after the Eth-Trunk interface is switched
to the static LACP mode.
– Eth-Trunk interface working in static LACP mode
A lower threshold, not upper threshold, for active member interfaces is set on the EthTrunk interface. This Eth-Trunk interface has the minimum number of active member
interfaces with proper performance less than the lower threshold. In this situation,
forwarding entries for these member interfaces remain in the Eth-Trunk forwarding
table.
If the upper and lower thresholds of the minimum number of active member interfaces
are the same, and the active member interface performance deteriorates, forwarding
entries for these member interfaces remain in the Eth-Trunk forwading table, and nonactive member interfaces do not switch to active member interfaces.
– Eth-Trunk interfaces working in manual 1:1 active/standby mode
An Eth-Trunk interface working in manual 1:1 active/standby mode selects an interface
with better link quality as the active link. If both Eth-Trunk member interfaces have the
same link quality, the existing active link remains.
NOTE
Error code detection is not supported when E-Trunk interfaces are used or when VRRP is associated
with Eth-Trunk interfaces working in static LACP.
3.2 Configuring an Eth-Trunk Interface to Work in Static
LACP Mode
If two LACP-capable devices are directly connected through an Eth-Trunk link, you can
configure the Eth-Trunk interfaces on the two devices to work in static LACP mode. Eth-Trunk
interfaces working in static LACP mode implement both load balancing and link backup.
3.2.1 Before You Start
Before configuring an Eth-Trunk interface to work in static LACP mode, familiarize yourself
with the usage scenario, complete the pre-configuration tasks, and obtain the data required for
the configuration. This helps you complete the configuration task quickly and accurately.
Applicable Environment
As network services expand, the bandwidth provided by a single P2P physical link working in
full-duplex mode cannot meet the requirement.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
98
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
To increase bandwidth without obtaining more hardware resources or requiring more IP
addresses, configure Eth-Trunk interfaces using the link aggregation technique. Configuring an
Eth-Trunk interface to work in static LACP mode increases interface bandwidth and provides
reliability. When an Eth-Trunk member link fails, traffic is automatically switched to other
available links, preventing traffic interruption. In addition, Eth-Trunk interfaces working in static
LACP mode can implement load balancing. The configuration is simple and easy to upgrade.
As shown in Figure 3-5, the Eth-Trunk interfaces on the two directly-connected devices can be
configured to work in static LACP mode to implement load balancing. The static LACP mode
is also called the M:N mode. M links function as active links and N links function as standby
links to implement link backup.
Figure 3-5 Schematic diagram for Eth-Trunk interfaces in static LACP mode
Eth-Trunk1
PE1
GE 1/0/1
GE 1/0/2
GE 1/0/3
CE1
user
network 1
Eth-Trunk1
Eth-Trunk
GE 1/0/1 PE2
GE 1/0/2
GE 1/0/3
CE2
user
network 2
Active links
Backup links
NOTE
Interfaces operating at different rates, in different duplex modes, and on different boards can be added to
the same Eth-Trunk interface working in static LACP mode. Member interfaces working at different rate,
however, cannot be in the forwarding state at the same time, and member interfaces working in half-duplex
mode cannot forward traffic. Confirm the boards where member interfaces reside, interface rate, and duplex
mode.
Pre-configuration Tasks
Before configuring an Eth-Trunk interfaces to work in static LACP mode, connect interfaces
and setting their physical parameters to ensure that the physical interface status is Up.
Data Preparation
To configure an Eth-Trunk interface to work in static LACP mode, you need the following data.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
99
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
No.
Data
1
Eth-Trunk ID and LACP system priority value
2
Type and number of each Eth-Trunk member interface
3
l Public parameters for Layer 2 and Layer 3 Eth-Trunk interfaces: maximum
number of Up member links, minimum number of Up member links, load
balancing mode of the Eth-Trunk interface, mode used by the Eth-Trunk
interface to select active member interfaces, LACP preemption delay, and
timeout period for the Eth-Trunk interface to receive LACP packets
l Parameter for a Layer 2 Eth-Trunk interface: maximum number of Up member
links that determine the Eth-Trunk link bandwidth
l Parameters for a Layer 3 Eth-Trunk interface: IP address, MAC address, and
Maximum Transmission Unit (MTU) of the Eth-Trunk interface
4
Weight and LACP priority of each member interface
5
(Optional) IP address, encapsulation type, associated VLAN ID, and MTU of an
Eth-Trunk sub-interface
3.2.2 Creating an Eth-Trunk Interface and Configuring It to Work
in Static LACP Mode
Before bundling physical interfaces into an Eth-Trunk, create an Eth-Trunk interface.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
lacp priority priority
The LACP system priority is configured.
The default LACP system priority is 32768. The smaller the value, the higher the priority.
To configure one end as the Actor, set its LACP system priority to a value smaller than the
default value. This end can serve as the Actor because the other end uses the default LACP
system priority.
Step 3 Run:
interface eth-trunk trunk-id
An Eth-Trunk interface is created and the Eth-Trunk interface view is displayed.
Step 4 (Optional) Run:
portswitch
The Eth-Trunk interface is switched to the Layer 2 mode.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
100
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
By default, an Eth-Trunk interface works in Layer 3 mode.
NOTE
Physical interfaces can be added to an Eth-Trunk interface regardless of which mode the Eth-Trunk
interface works in. If the Eth-Trunk interface needs to work in Layer 3 mode, skip this step and go to the
next step.
Step 5 Run:
mode lacp-static
The Eth-Trunk interface is configured to work in static LACP mode.
By default, an Eth-Trunk interface works in manual load balancing mode.
----End
3.2.3 Adding Physical Interfaces to the Eth-Trunk Interface
After an Eth-Trunk interface is created and configured to work in static LACP mode, add
physical interfaces to the Eth-Trunk interface to increase interface bandwidth, carry out load
balancing, and improve reliability.
Context
There are two methods for adding physical interfaces to an Eth-Trunk interface:
l
Add physical interfaces in the view of the Eth-Trunk interface. Using this method, you can
add a single physical interface or physical interfaces in batches.
l
Add a physical interface in the view of the physical interface. When adding physical
interfaces to an Eth-Trunk interface, note the following points:
– Eth-Trunk interfaces cannot be added to Eth-Trunk interfaces.
– Different Ethernet interfaces can be added to the same Eth-Trunk interface.
– Ethernet interfaces on different interface boards can be added to the same Eth-Trunk
interface.
– Eth-Trunk interfaces work in either Layer 2 or Layer 3 mode. Ethernet interfaces can
join an Eth-Trunk interface regardless of which mode the Eth-Trunk interface works
in.
NOTE
A physical interface added to an Eth-Trunk interface is affected by the Eth-Trunk interface:
l
If the shutdown command is run on the Eth-Trunk interface before or after the physical interface is
added, the physical status of the Eth-Trunk interface becomes Administratively DOWN.
Accordingly, the configuration file shows that the physical interface is shutdown and its physical
status is Administratively DOWN.
l
If the undo shutdown command is run on the Eth-Trunk interface after the physical interface is
added, the configuration file shows that the physical interface is undo shutdown.
Procedure
l
Add one or more physical interfaces in the Eth-Trunk interface view.
1.
Run:
system-view
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
101
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
The system view is displayed.
2.
Run:
interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
3.
Run either of the following commands as required:
– To add physical interfaces to the Eth-Trunk interface in batches and configure the
mode in which member interfaces of an Eth-Trunk interface send packets., run:
trunkport interface-type { interface-number1 [ to interface-number2 ] }
&<1-16> [ mode { active | passive } ]
A maximum of 16 interfaces can be added to an Eth-Trunk interface in batches.
– To add a single physical interface to an Eth-Trunk interface, run:
trunkport interface-type interface-number
l
Add a physical interface to an Eth-Trunk interface in the view of the physical interface.
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface interface-type interface-number
The view of a physical interface that needs to be added to an Eth-Trunk interface is
displayed.
3.
Run:
eth-trunk trunk-id
The physical interface is added to the Eth-Trunk interface.
NOTE
l Each Eth-Trunk interface contains a maximum of 16 member interfaces.
l Member interfaces cannot be configured with services or Layer 3 configurations such as
IP addresses.
l Member interfaces cannot be manually configured with MAC addresses.
l An Ethernet interface can be added to only one Eth-Trunk interface. The Ethernet interface
must be deleted from the original Eth-Trunk interface before joining another Eth-Trunk
interface.
l Before adding a Layer 2 interface on the router to an Eth-Trunk interface, run the undo
portswitch command to configure the Eth-Trunk interface to work in Layer 3 mode.
l If an Eth-Trunk member interface is directly connected to an interface on the peer, the
interface must also be an Eth-Trunk member interface; otherwise, the devices cannot
communicate with each other.
----End
Follow-up Procedure
You can configure Eth-Trunk member interfaces to send trap messages after the status of the
Eth-Trunk member interfaces changes. After receiving a trap message, check whether the device
fails or recovers.
If you need to know the status change of the member interface of a specified Eth-Trunk interface,
run the trunk-member trap in private-mib enable command to enable Eth-Trunk member
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
102
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
interfaces to use the proprietary MIB to send trap messages. The trap messages sent by using
the proprietary MIB carry Eth-Trunk IDs, whereas the trap messages sent by using the public
MIB do not carry Eth-Trunk IDs.
After the trunk-member trap in private-mib enable command is configured, Eth-Trunk
member interfaces only use the proprietary MIB to send trap messages. To view these trap
messages, use the Huawei proprietary MIB.
3.2.4 Configuring Eth-Trunk Interface Parameters
Layer 2 and Layer 3 Eth-Trunk interfaces need to be configured with different parameters.
Configure the parameters as required.
Prerequisites
An Eth-Trunk interface works in Layer 3 mode by default. Before configuring Layer 2
parameters for an Eth-Trunk interface, run the portswitch command to configure the Eth-Trunk
interface to work in Layer 2 mode.
Context
Different types of Eth-Trunk interfaces need to be configured with different parameters, shown
in Table 3-3. Configure the parameters as required.
Table 3-3 Eth-Trunk interface parameters
Interfac
e Type
Parameter Type
Description
Layer 2
and
Layer 3
EthTrunk
interface
s
Maximum number
of Up member links
Setting the maximum number of Up member links
improves network reliability on the basis of sufficient
bandwidth.
After the number of Up member links reaches the upper
limit, the bandwidth of the Eth-Trunk interface does not
increase even if more member links go Up.
Minimum number of
Up member links
Issue 02 (2014-09-30)
Setting the minimum number of Up member links aims to
ensure the minimum bandwidth of the Eth-Trunk
interface.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
103
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Interfac
e Type
3 Eth-Trunk Interface Configuration
Parameter Type
Description
Load balancing
mode
To ensure the bandwidth usage of each Eth-Trunk member
link, configure per-packet load balancing.
l Using a packet (rather than a data flow) as the
transmission unit, per-packet load balancing disperses
and transmits packets among member links.
l Per-packet load balancing guarantees the bandwidth
usage but not the data sequence. It is applicable to the
scenario where the data sequence is not strictly
required.
To ensure that packets arrive at the destination in order,
configure per-destination load balancing.
l Per-destination load balancing differentiates data
flows based on MAC or IP addresses of packets to
ensure that the packets of the same data flow are
transmitted over the same member link.
l Per-destination load balancing guarantees the data
sequence but not the bandwidth usage.
Mode in which
active member
interfaces are
selected
If active member interfaces are selected based on interface
priorities, low-speed member interfaces may be selected.
To select high-speed member interfaces as active member
interfaces, select them based on interface rates.
LACP preemption
delay
Enabling LACP preemption on an Eth-Trunk interface
ensures that member interfaces with higher priorities are
selected as active interfaces. For example, if an active
member interface with a high priority fails and then
recovers, LACP preemption helps the interface to become
active again. If LACP preemption is disabled, this member
interface cannot become active again.
LACP preemption delay refers to the period of time that
an inactive member interface of an Eth-Trunk interface in
static LACP mode waits for becoming active.
Layer 2
EthTrunk
interface
Issue 02 (2014-09-30)
Timeout period for
an Eth-Trunk
interface to receive
LACP packets
If a local member interface does not receive any LACP
packets within the configured timeout period, it goes
Down immediately and no longer forwards data.
Maximum number
of Up member links
that determine the
Eth-Trunk link
bandwidth
This parameter directly affects effective link bandwidth
and indirectly affects interface costs. If the cost of an EthTrunk needs to be changed for other configurations, such
as STP calculation, this parameter must be configured.
NOTE
After the number of Up member links that determine the EthTrunk link bandwidth reaches the upper limit, the STP calculation
is not affected even if more member links go Up.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
104
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Interfac
e Type
Parameter Type
Description
Layer 3
EthTrunk
interface
IP address of the EthTrunk interface
IP addresses are assigned to Layer 3 Eth-Trunk interfaces
for data communication between network devices.
MAC address of the
Eth-Trunk interface
When a Layer 3 router is connected to a Layer 2 switch
through two Eth-Trunk links to transmit different services,
if both Eth-Trunk interfaces on the router use the default
system MAC address, the switch can learn the system
MAC address from either of the two Eth-Trunk interfaces.
This probably causes a loop between the two devices. To
prevent loops, change the MAC address of an Eth-Trunk
interface as required. Configuring the source and
destination MAC addresses for the two Eth-Trunk links
guarantees transmission of service data flows and
improves network reliability.
If an Eth-Trunk interface is configured with a large
number of sub-interfaces, and the MAC address of the
Eth-Trunk interface is changed, it sends a large number of
ARP updates to its peer. If the peer is configured with the
Central Processing-Committed Access Rate (CP-CAR),
increasing bandwidth for receiving ARP packets is
recommended to prevent loss of ARP updates.
MTU of the EthTrunk interface
Generally, the IP layer limits the length of a packet to be
sent each time. Any time the IP layer receives an IP packet
to be sent, it checks to which local interface the packet
needs to be sent and obtains the MTU configured on the
interface. Then, the IP layer compares the MTU with the
packet length. If the packet length is longer than the MTU,
the IP layer disassembles the packet to fragments, each no
longer than the MTU.
If forcible unfragmentation is configured, some packets
may be discarded when being transmitted at the IP layer.
To ensure that large packets are not discarded during
transmission, configure forcible fragmentation for large
packets.
Procedure
l
Configure parameters for a Layer 2 Eth-Trunk interface.
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
105
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3.
3 Eth-Trunk Interface Configuration
Perform one or more operations shown in Table 3-4 as needed.
Table 3-4 Configuring parameters for a Layer 2 Eth-Trunk interface
Parameter for a
Layer 2 Eth-Trunk
Interface
Operation
Maximum number of
Up member links that
determine the EthTrunk link
bandwidth
Run the max bandwidth-affected-linknumber linknumber command.
Maximum number of
Up member links
Run the max active-linknumber link-number command.
Minimum number of
Up member links
Run the least active-linknumber link-number command.
Load balancing
mode
The default value is 16.
NOTE
To ensure normal forwarding, you are advised to configure the two
ends of an Eth-Trunk link with the same upper limit.
The default maximum number is 16.
The default minimum number is 1. An Eth-Trunk interface
is Up as long as one member interface is Up.
Run the load-balance { src-dst-mac | src-dst-ip | packetall } command.
By default, a Layer 2 Eth-Trunk interface carries out load
balancing based on MAC addresses.
Mode in which active
member interfaces
are selected
Run the lacp selected { priority | speed } command.
By default, active member interfaces are selected based on
interface priorities.
NOTE
To ensure that an Eth-Trunk works properly, you are advised to
configure the Eth-Trunk interfaces on both ends to select active
member interfaces in the same mode.
LACP preemption
delay
1. Run the lacp preempt enable command to enable
LACP preemption.
2. Run the lacp preempt delay delay-time command to
configure an LACP preemption delay.
The default LACP preemption delay is 30 seconds.
NOTE
l To ensure that an Eth-Trunk works properly, you are
advised to enable or disable LACP preemption on both
ends.
l The two ends of an Eth-Trunk link can be configured with
different LACP preemption delays. If the two ends are
configured with different preemption delays, Eth-Trunk
uses the greater delay-time value as the preemption delay.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
106
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Parameter for a
Layer 2 Eth-Trunk
Interface
Operation
Timeout period for
an Eth-Trunk
interface to receive
LACP packets
Run the lacp timeout { fast [ user-defined user-defined ]
| slow } command.
By default, the lacp timeoutslow command is used to set
the timeout period to 90 seconds and the interval at which
the peer sends LACP packets to 30 seconds.
If the lacp timeout fast [ user-defined user-defined ]
command is used, the timeout period is 3 seconds and the
peer sends LACP packets every second.
NOTE
The two ends of an Eth-Trunk link can be configured with different
timeout periods. To facilitate maintenance, you are advised to
configure the same timeout period for both ends.
l
Configure parameters for a Layer 3 Eth-Trunk interface.
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
3.
Perform one or more operations shown in Table 3-5 as needed.
Table 3-5 Configuring parameters for a Layer 3 Eth-Trunk interface
Issue 02 (2014-09-30)
Parameter for a
Layer 3 Eth-Trunk
Interface
Operation
IP address of the EthTrunk interface
Run the ip address ip-address { mask | mask-length }
[ sub ] command.
MAC address of the
Eth-Trunk interface
Run the mac-address mac-address command.
The default MAC address of an Eth-Trunk interface is the
system MAC address, namely, the MAC address of the
Ethernet interface on the main control board.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
107
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Parameter for a
Layer 3 Eth-Trunk
Interface
Operation
MTU of the EthTrunk interface
Run the mtu mtu command.
The MTU is measured in bytes and the default MTU is 1500
bytes.
NOTICE
l The MTUs of two directly-connected interfaces must be the
same. After using the mtu mtu command to change the MTU
of an interface, change the MTU of the directly-connected
interface on another device to ensure that the MTUs of the two
ends are the same. Otherwise, services may be interrupted.
l If IPv6 runs on an Eth-Trunk interface, and the MTU set by
using the mtu mtu command on the interface is smaller than
1280 bytes, IPv6 does not properly work on this interface. To
prevent such a problem, set the MTU of the interface to a value
equal to or greater than 1280 when IPv6 runs on the interface.
Maximum number of
Up member links
Run the max active-linknumber link-number command.
Minimum number of
Up member links
Run the least active-linknumber link-number command.
Load balancing
mode
The default maximum number is 16.
The default minimum number is 1. An Eth-Trunk interface
is Up as long as one member interface is Up.
Run the load-balance { src-dst-mac | src-dst-ip | packetall } command.
By default, a Layer 3 Eth-Trunk interface carries out load
balancing based on IP addresses.
Mode in which active
member interfaces
are selected
Run the lacp selected { priority | speed } command.
By default, active member interfaces are selected based on
interface priorities.
NOTE
To ensure that an Eth-Trunk works properly, you are advised to
configure the Eth-Trunk interfaces on both ends to select active
member interfaces in the same mode.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
108
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Parameter for a
Layer 3 Eth-Trunk
Interface
Operation
LACP preemption
delay
1. Run the lacp preempt enable command to enable
LACP preemption.
2. Run the lacp preempt delay delay-time command to
configure an LACP preemption delay.
The default LACP preemption delay is 30 seconds.
NOTE
l To ensure that an Eth-Trunk works properly, you are
advised to enable or disable LACP preemption on both
ends.
l The two ends of an Eth-Trunk link can be configured with
different LACP preemption delays. If the two ends are
configured with different preemption delays, Eth-Trunk
uses the greater delay-time value as the preemption delay.
Timeout period for
an Eth-Trunk
interface to receive
LACP packets
Run the lacp timeout { fast [ user-defined user-defined ]
| slow } command.
By default, the lacp timeoutslow command is used to set
the timeout period to 90 seconds and the interval at which
the peer sends LACP packets to 30 seconds.
If the lacp timeout fast [ user-defined user-defined ]
command is used, the timeout period is 3 seconds and the
peer sends LACP packets every second.
NOTE
The two ends of an Eth-Trunk link can be configured with different
timeout periods. To facilitate maintenance, you are advised to
configure the same timeout period for both ends.
Load Balancing
Mode for Access
Users on an EthTrunk Interface
Run the
bas-load-balance { flow-mode | user-mode } command.
By default, an Eth-Trunk interface implements load
balancing based on the number of access users.
NOTE
l The router supports the configuration of a load balancing mode
based on the traffic volume of access users or the number of
access users.
l When users get online, the control plane identifies different
user traffic based on the HQoS configurations and the status
of online users, and then distributes traffic to member
interfaces of the Eth-Trunk interface to minimize the number
of access users on each member interface or to maximize the
remaining bandwidth of each member interface.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
109
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
3.2.5 Configuring Parameters for Eth-Trunk Member Interfaces
To ensure reliable communication between Eth-Trunk interfaces, properly configure parameters
for Eth-Trunk member interfaces.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The view of an Eth-Trunk member interface is displayed.
Step 3 Run:
distribute-weight weight-value
The load balancing weight is configured for the Eth-Trunk member interface.
The default weight of an Eth-Trunk member interface is 1.
The total load balancing weights of all member interfaces of an Eth-Trunk interface cannot be
greater than 16.
The Eth-Trunk interface performs load balancing based on the weights of its member interfaces.
The greater the weight of an Eth-Trunk member interface, the heavier the load carried by the
member interface.
NOTE
Assume that an Eth-Trunk interface transmits multicast traffic. If the distribute-weight command is run
to change the load balancing weight of its member interface, run the shutdown command and the undo
shutdown command to restart this member interface.
Step 4 Run:
lacp priority priority
The LACP priority is configured for the member interface.
The default LACP interface priority value is 32768.
NOTE
The LACP interface priority indicates the preference of the interface to become active. The smaller the
value, the higher the priority.
----End
3.2.6 (Optical) Configuring an Eth-Trunk Sub-interface
To transmit both Layer 2 and Layer 3 services over the same physical link, create a sub-interface
on a Layer 2 Eth-Trunk interface.
Context
If Layer 2 switching devices belong to different VLANs, and hosts in the VLANs need to
communicate with each other, you need to create sub-interfaces on the Eth-Trunk interface
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
110
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
connecting a Layer 3 device to a Layer 2 switching device, bind a VLAN to each sub-interface,
configure 802.1Q encapsulation on the sub-interfaces, and assign an IP address to each subinterface.
After the configuration is complete, hosts in the VLANs can use these sub-interfaces to
communicate with each other. Eth-Trunk sub-interfaces can be configured to terminate dot1q
and QinQ VLAN tags.
After sub-interfaces are configured for Layer 2 Eth-Trunk interfaces, the Eth-Trunk interfaces
provide Layer 2 functions, and their sub-interfaces provide Layer 3 functions.
Figure 3-6 Typical usage scenario of Layer 2 Eth-Trunk sub-interfaces
VPLS/MPLS/IP
PE2
PE1
Eth-Trunk
Sub-interface
Eth-Trunk
CE2
CE1
S1
S2
S4
S3
VLAN
VLAN
NOTE
l For applications of Eth-Trunk sub-interfaces in VLAN services, see VLAN Configuration.
l For applications of Eth-Trunk sub-interfaces in QinQ services, see QinQ Configuration.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface eth-trunk trunk-id.subnumber
A Layer 2 Eth-Trunk sub-interface is created.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
111
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
A maximum of 4094 sub-interfaces can be created on an Eth-Trunk interface and a maximum
of 16376 Eth-Trunk sub-interfaces can be created on the device.
Step 3 Run:
ip address ip-address { mask | mask-length } [ sub ]
An IP address is assigned to the Eth-Trunk sub-interface.
When more than one IP address is configured for an Eth-Trunk interface, the keyword sub must
be used to indicate the second and later IP addresses.
Step 4 Run:
vlan-type dot1q vlan-id
The encapsulation type and associated VLAN ID is configured for the Eth-Trunk sub-interface.
By default, an Eth-Trunk sub-interface is not configured with any encapsulation types or
associated with any VLAN IDs.
The VLAN IDs associated with the two communicating Eth-Trunk sub-interfaces must be the
same.
The VLAN ID associated with a sub-interface of a Layer 2 Eth-Trunk interface cannot be the
VLAN ID associated with the Eth-Trunk interface.
NOTE
On the router, a sub-interface can be associated with only one VLAN ID.
For configurations of sub-interfaces for dot1q or QinQ VLAN tag termination, see QinQ
Configuration.
Step 5 Run:
mtu mtu
The MTU is configured for the Eth-Trunk sub-interface.
The MTU value of an Eth-Trunk interface ranges from 46 to 9600, in bytes. The default value
is 1500.
NOTE
The Quality of Service (QoS) queue length is limited. If the MTU is too small whereas the packet size is
large, the packet is probably divided into many fragments and discarded by the QoS queue. To avoid this
situation, lengthen the QoS queue accordingly.
Step 6 Run:
arp send-speed-limit limit
The rate at which the Eth-Trunk sub-interface sends gratuitous Address Resolution Protocol
(ARP) packets is configured.
The default rate is 2000 packets per second.
To prevent the peer from discarding gratuitous ARP packets, configure the rate at which the EthTrunk sub-interface on the local end sends gratuitous ARP packets to a proper value so that the
peer can process all the gratuitous packets from the local end.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
112
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
3.2.7 Checking the Configurations
After an Eth-Trunk interface in static LACP mode is successfully configured, you can view
information about the Eth-Trunk interface, including the interface ID, working mode, member
interface status, LACP system priority, LACP interface priority, and LACP preemption delay.
Prerequisites
An Eth-Trunk interface in static LACP mode has been configured.
Procedure
l
Run the display trunkmembership eth-trunk trunk-id command to check information
about member interfaces of the Eth-Trunk interface.
l
Run the display eth-trunk [ trunk-id [ interface interface-type interface-number ] ]
command to check information about the Eth-Trunk link aggregation group and active
member interfaces.
l
Run the display interface eth-trunk [ trunk-id | main ] command to check the status of
the Eth-Trunk interface.
l
Run the display interface brief command to check brief information about the Eth-Trunk
interface, including the physical status, link protocol status, and bandwidth usage.
l
Run the display trunkfwdtbl eth-trunk trunk-id [ slot slot-id ] command to check the
forwarding table on the Eth-Trunk interface.
----End
Example
Run the display trunkmembership eth-trunk command to view the configured working mode
and LACP system priority of the Eth-Trunk interface, LACP priority of each member interface,
and active member interfaces.
<HUAWEI> display trunkmembership eth-trunk 1
Trunk ID: 1
used status: VALID
TYPE: ethernet
Working Mode : Static
Number Of Ports in Trunk = 3
Number Of UP Ports in Trunk = 2
operate status: up
Interface GigabitEthernet1/0/1, valid, operate up, weight=1
Interface GigabitEthernet1/0/2, valid, operate up, weight=1
Interface GigabitEthernet1/0/3, valid, operate down, weight=1
Run the display eth-trunk command to view information about the Eth-Trunk link aggregation
group and active member interfaces.
<HUAWEI> display eth-trunk 1
Eth-Trunk1's state information is:
Local:
LAG ID: 1
WorkingMode: STATIC
Preempt Delay: Disabled
Hash arithmetic: According to MAC
System Priority: 10
System ID: 00e0-fca8-041a
Least Active-linknumber: 1 Max active-linknumber: 2
Operate status: up
Number Of Up Port In Trunk: 2
------------------------------------------------------------------------------
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
113
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
ActorPortName
Weight
GigabitEthernet1/0/1
1
GigabitEthernet1/0/2
1
GigabitEthernet1/0/3
1
3 Eth-Trunk Interface Configuration
Status
PortType
PortPri PortNo
PortKey
PortState
Selected
1GE
32768
387
561
11111100
Selected
1GE
10
388
561
11111100
Unselect
1GE
32768
389
577
11111100
Partner:
-----------------------------------------------------------------------------ActorPortName
SysPri
SystemID
PortPri PortNo PortKey
PortState
GigabitEthernet1/0/1
10
00e0-fca6-7f85
32768
387
561
11111100
GigabitEthernet1/0/2
10
00e0-fca6-7f85
32768
388
561
11111100
GigabitEthernet1/0/3
10
00e0-fca6-7f85
32768
389
577
11111100
Run the display interface eth-trunk command to view the status of the Eth-Trunk interface.
For example:
<HUAWEI> display interface eth-trunk 1
Eth-Trunk1 current state : UP
Line protocol current state : UP
Last line protocol up time: 2008-04-02, 11:00:19
Description : Eth-Trunk1 Interface
Route Port,Hash arithmatic : According to flow,The Maximum Transmit Unit is 1500
Internet protocol processing : disabled
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc09-9722
Physical is ETH_TRUNK
Current system time: 2010-08-29 20:26:18
Statistics last cleared: 2008-03-02 15:32:27
Last 300 seconds input rate 0 bytes/sec, 0 packets/sec
Last 300 seconds output rate 0 bytes/sec, 0 packets/sec
Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec
Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec
Input:
24 packets,3 bytes,
7 unicast,9 broadcast,8 multicasts
10 errors,5 drops,11 unknowprotocol
Output:
39 packets,4 bytes,
12 unicast,14 broadcast,13 multicasts
15 errors,6 drops
Input bandwidth utilization : 0.00%
Output bandwidth utilization : 0.00%
----------------------------------------------------PortName
Status
Weight
----------------------------------------------------GigabitEthernet1/0/1
UP
1
GigabitEthernet1/0/2
UP
1
GigabitEthernet1/0/3
DOWN
1
----------------------------------------------------The Number of Ports in Trunk : 3
The Number of UP Ports in Trunk : 2
Run the display interface brief command to view brief information about the Eth-Trunk
interface, including the physical status, link protocol status, bandwidth usage, and statistics about
error packets. For example:
<HUAWEI> display interface brief | begin Eth-Trunk
PHY: Physical
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
(b): BFD down
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
114
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
(d): Dampening Suppressed
InUti/OutUti: input utility/output utility
Interface
PHY
Protocol
Eth-Trunk1
up
up
GigabitEthernet1/0/1
up
down
GigabitEthernet1/0/2
up
down
GigabitEthernet1/0/3
up
down
Eth-Trunk1.1
up
up
3 Eth-Trunk Interface Configuration
InUti
0%
0%
0%
0%
0%
OutUti
0%
0%
0%
0%
0%
inErrors
0
0
0
0
0
outErrors
0
0
0
0
0
Run the display trunkfwdtbl eth-trunk command to view the forwarding table on the EthTrunk interface. For example:
<HUAWEI> display trunkfwdtbl eth-trunk 1
Eth-Trunk1's forwarding table is:
MASTER
SLAVE
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/1
GigabitEthernet1/0/2
3.3 Configuring an Eth-Trunk Interface to Work in Manual
Load Balancing Mode
Of the two directly-connected devices between which an Eth-Trunk is set up, if at least one
device does not support LACP, you can create an Eth-Trunk interface working in manual load
balancing mode on each device, and add physical interfaces to the Eth-Trunk interfaces to
increase bandwidth and improve reliability.
3.3.1 Before You Start
Before configuring an Eth-Trunk interface to work in manual load balancing mode, familiarize
yourself with the usage scenario, complete the pre-configuration tasks, and obtain the data
required for the configuration. This helps you complete the configuration task quickly and
accurately.
Applicable Environment
As the volume of services deployed on networks expands, the bandwidth provided by a single
P2P physical link working in full-duplex mode cannot meet the requirement.
To increase bandwidth without obtaining more hardware resources or requiring more IP
addresses, configure Eth-Trunk interfaces using the link aggregation technique. When at least
one of the devices at the two ends of an Eth-Trunk link does not support LACP, you can configure
the Eth-Trunk interface to work in manual load balancing mode. In addition, you can add multiple
member interfaces to increase the bandwidth between the two devices and improve reliability.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
115
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
On the network shown in Figure 3-7, configure an Eth-Trunk interface working in manual load
balancing mode on each of the two directly-connected devices to implement load balancing.
Figure 3-7 Schematic diagram for Eth-Trunk interfaces in manual load balancing mode
Eth-Trunk1
PE1
GE 1/0/1
GE 1/0/2
GE 1/0/3
CE1
user
network 1
Eth-Trunk1
Eth-Trunk
GE 1/0/1 PE2
GE 1/0/2
GE 1/0/3
CE2
user
network 2
NOTE
An Eth-Trunk interface working in manual load balancing mode can contain member interfaces at different
rates, in different duplex modes, and on different boards.
Pre-configuration Tasks
Before configuring an Eth-Trunk interface to work in manual load balancing mode, connect
interfaces and configuring physical parameters for the interfaces to make sure that the physical
status of the interfaces is Up.
Data Preparation
To configure an Eth-Trunk interface to work in manual load balancing mode, you need the
following data.
Issue 02 (2014-09-30)
No.
Data
1
Eth-Trunk ID of an Eth-Trunk interface that needs to work in manual load
balancing mode
2
Type and number of each Eth-Trunk member interface
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
116
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
No.
Data
3
l Public parameters for both Layer 2 and Layer 3 Eth-Trunk interfaces: minimum
number of Up member links and load balancing mode of the Eth-Trunk
interface
l Parameter for a Layer 2 Eth-Trunk interface: maximum number of Up member
links that determine the Eth-Trunk link bandwidth
l Parameters for a Layer 3 Eth-Trunk interface: IP address, MAC address, and
MTU of the Eth-Trunk interface
4
Load balancing weight of each Eth-Trunk member link
5
(Optional) IP address, encapsulation type, associated VLAN ID, and MTU of an
Eth-Trunk sub-interface and the rate at which the Eth-Trunk sub-interface sends
gratuitous ARP packets
3.3.2 Creating an Eth-Trunk Interface and Configuring It to Work
in Manual Load Balancing Mode
You can add physical interfaces to an Eth-Trunk interface working in manual load balancing
mode. All the member interfaces are in the forwarding state and carry out load balancing.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface eth-trunk trunk-id
An Eth-Trunk interface is created and the Eth-Trunk interface view is displayed.
Step 3 (Optional) Run:
portswitch
The Eth-Trunk interface is switched to the Layer 2 mode.
By default, an Eth-Trunk interface works in Layer 3 mode.
NOTE
Physical interfaces can be added to an Eth-Trunk interface regardless of which mode the Eth-Trunk
interface works in. If the Eth-Trunk interface needs to work in Layer 3 mode, skip this step and go to the
next step.
Step 4 Run:
mode manual load-balance
The Eth-Trunk interface is configured to work in manual load balancing mode.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
117
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
By default, an Eth-Trunk interface works in manual load balancing mode.
----End
3.3.3 Adding Physical Interfaces to the Eth-Trunk Interface
After an Eth-Trunk interface is created and configured to work in manual load balancing mode,
add physical interfaces to the Eth-Trunk interface to increase interface bandwidth and improve
reliability.
Context
There are two methods for adding physical interfaces to an Eth-Trunk interface:
l
Add physical interfaces in the view of the Eth-Trunk interface. Using this method, you can
add a single physical interface or physical interfaces in batches.
l
Add a physical interface in the view of the physical interface. When adding physical
interfaces to an Eth-Trunk interface, note the following points:
– Eth-Trunk interfaces cannot be added to Eth-Trunk interfaces.
– Different Ethernet interfaces can be added to the same Eth-Trunk interface.
– Ethernet interfaces on different interface boards can be added to the same Eth-Trunk
interface.
– Eth-Trunk interfaces work in either Layer 2 or Layer 3 mode. Ethernet interfaces can
join an Eth-Trunk interface regardless of which mode the Eth-Trunk interface works
in.
NOTE
A physical interface added to an Eth-Trunk interface is affected by the Eth-Trunk interface:
l
If the shutdown command is run on the Eth-Trunk interface before or after the physical interface is
added, the physical status of the Eth-Trunk interface becomes Administratively DOWN.
Accordingly, the configuration file shows that the physical interface is shutdown and its physical
status is Administratively DOWN.
l
If the undo shutdown command is run on the Eth-Trunk interface after the physical interface is
added, the configuration file shows that the physical interface is undo shutdown.
Procedure
l
Add one or more physical interfaces in the Eth-Trunk interface view.
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
3.
Run either of the following commands as required:
– To add physical interfaces to the Eth-Trunk interface in batches and configure the
mode in which member interfaces of an Eth-Trunk interface send packets., run:
trunkport interface-type { interface-number1 [ to interface-number2 ] }
&<1-16>
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
118
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
A maximum of 16 interfaces can be added to an Eth-Trunk interface in batches.
– To add a single physical interface to an Eth-Trunk interface, run:
trunkport interface-type interface-number
l
Add a physical interface to an Eth-Trunk interface in the view of the physical interface.
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface interface-type interface-number
The view of a physical interface that needs to be added to an Eth-Trunk interface is
displayed.
3.
Run:
eth-trunk trunk-id
The physical interface is added to the Eth-Trunk interface.
NOTE
l Each Eth-Trunk interface contains a maximum of 16 member interfaces.
l Member interfaces cannot be configured with services or Layer 3 configurations such as
IP addresses.
l Member interfaces cannot be manually configured with MAC addresses.
l An Ethernet interface can be added to only one Eth-Trunk interface. The Ethernet interface
must be deleted from the original Eth-Trunk interface before joining another Eth-Trunk
interface.
l Before adding a Layer 2 interface on the router to an Eth-Trunk interface, run the undo
portswitch command to configure the Eth-Trunk interface to work in Layer 3 mode.
l If an Eth-Trunk member interface is directly connected to an interface on the peer, the
interface must also be an Eth-Trunk member interface; otherwise, the devices cannot
communicate with each other.
----End
Follow-up Procedure
You can configure Eth-Trunk member interfaces to send trap messages after the status of the
Eth-Trunk member interfaces changes. After receiving a trap message, check whether the device
fails or recovers.
If you need to know the status change of the member interface of a specified Eth-Trunk interface,
run the trunk-member trap in private-mib enable command to enable Eth-Trunk member
interfaces to use the proprietary MIB to send trap messages. The trap messages sent by using
the proprietary MIB carry Eth-Trunk IDs, whereas the trap messages sent by using the public
MIB do not carry Eth-Trunk IDs.
After the trunk-member trap in private-mib enable command is configured, Eth-Trunk
member interfaces only use the proprietary MIB to send trap messages. To view these trap
messages, use the Huawei proprietary MIB.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
119
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
3.3.4 Configuring Eth-Trunk Interface Parameters
Eth-Trunk interfaces in manual load balancing mode working in Layer 2 and Layer 3 modes
need to be configured with different parameters.
Prerequisites
An Eth-Trunk interface works in Layer 3 mode by default. Before configuring Layer 2
parameters for an Eth-Trunk interface, run the portswitch command to configure the Eth-Trunk
interface to work in Layer 2 mode.
Context
Different types of Eth-Trunk interfaces need to be configured with different parameters, shown
in Table 3-6. Configure the parameters as required.
Table 3-6 Eth-Trunk interface parameters
Interfac
e Type
Parameter Type
Description
Layer 2
and
Layer 3
EthTrunk
interface
s
Load balancing
mode
To ensure the bandwidth usage of each Eth-Trunk member
link, configure per-packet load balancing.
l Using a packet (rather than a data flow) as the
transmission unit, per-packet load balancing disperses
and transmits packets among member links.
l Per-packet load balancing guarantees the bandwidth
usage but not the data sequence. It is applicable to the
scenario where the data sequence is not strictly
required.
To ensure that packets arrive at the destination in order,
configure per-destination load balancing.
l Per-destination load balancing differentiates data
flows based on MAC or IP addresses of packets to
ensure that the packets of the same data flow are
transmitted over the same member link.
l Per-destination load balancing guarantees the data
sequence but not the bandwidth usage.
Minimum number of
Up member links
Issue 02 (2014-09-30)
Setting the minimum number of Up member links aims to
ensure the minimum bandwidth of the Eth-Trunk
interface.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
120
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Interfac
e Type
Parameter Type
Description
Layer 2
EthTrunk
interface
Maximum number
of Up member links
that determine the
Eth-Trunk link
bandwidth
This parameter directly affects effective link bandwidth
and indirectly affects interface costs. If the cost of an EthTrunk needs to be changed for other configurations, such
as STP calculation, this parameter must be configured.
IP address of the EthTrunk interface
IP addresses are assigned to Layer 3 Eth-Trunk interfaces
for data communication between network devices.
MAC address of the
Eth-Trunk interface
When a Layer 3 router is connected to a Layer 2 switch
through two Eth-Trunk links to transmit different services,
if both Eth-Trunk interfaces on the router use the default
system MAC address, the switch can learn the system
MAC address from either of the two Eth-Trunk interfaces.
This probably causes a loop between the two devices. To
prevent loops, change the MAC address of an Eth-Trunk
interface as required. Configuring the source and
destination MAC addresses for the two Eth-Trunk links
guarantees transmission of service data flows and
improves network reliability.
Layer 3
EthTrunk
interface
NOTE
After the number of Up member links that determine the EthTrunk link bandwidth reaches the upper limit, the STP calculation
is not affected even if more member links go Up.
If an Eth-Trunk interface is configured with a large
number of sub-interfaces, and the MAC address of the
Eth-Trunk interface is changed, it sends a large number of
ARP updates to its peer. If the peer is configured with the
Central Processing-Committed Access Rate (CP-CAR),
increasing bandwidth for receiving ARP packets is
recommended to prevent loss of ARP updates.
MTU of the EthTrunk interface
Generally, the IP layer limits the length of a packet to be
sent each time. Any time the IP layer receives an IP packet
to be sent, it checks to which local interface the packet
needs to be sent and obtains the MTU configured on the
interface. Then, the IP layer compares the MTU with the
packet length. If the packet length is longer than the MTU,
the IP layer disassembles the packet to fragments, each no
longer than the MTU.
If forcible unfragmentation is configured, some packets
may be discarded when being transmitted at the IP layer.
To ensure that large packets are not discarded during
transmission, configure forcible fragmentation for large
packets.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
121
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Procedure
l
Configure parameters for a Layer 2 Eth-Trunk interface.
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface eth-trunk trunk-id
An Eth-Trunk interface is created and the Eth-Trunk interface view is displayed.
3.
Perform one or more operations shown in Table 3-7 as needed.
Table 3-7 Parameter for a Layer 2 Eth-Trunk Interface
Parameter for a
Layer 2 Eth-Trunk
Interface
Operation
Maximum number of
Up member links that
determine the EthTrunk link
bandwidth
Run the max bandwidth-affected-linknumber linknumber command.
Minimum number of
Up member links
Run the least active-linknumber link-number command.
Load balancing
mode
The default value is 16.
NOTE
To ensure normal forwarding, you are advised to configure the two
ends of an Eth-Trunk link with the same upper limit.
The default minimum number is 1. An Eth-Trunk interface
is Up as long as one member interface is Up.
Run the load-balance { src-dst-mac | src-dst-ip | packetall } command.
By default, a Layer 2 Eth-Trunk interface carries out load
balancing based on MAC addresses.
Load Balancing
Mode for Access
Users on an EthTrunk Interface
Run the
bas-load-balance { flow-mode | user-mode } command.
By default, an Eth-Trunk interface implements load
balancing based on the number of access users.
NOTE
l The router supports the configuration of a load balancing mode
based on the traffic volume of access users or the number of
access users.
l When users get online, the control plane identifies different
user traffic based on the HQoS configurations and the status
of online users, and then distributes traffic to member
interfaces of the Eth-Trunk interface to minimize the number
of access users on each member interface or to maximize the
remaining bandwidth of each member interface.
l
Issue 02 (2014-09-30)
Configure parameters for a Layer 3 Eth-Trunk interface.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
122
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1.
3 Eth-Trunk Interface Configuration
Run:
system-view
The system view is displayed.
2.
Run:
interface eth-trunk trunk-id
An Eth-Trunk interface is created and the Eth-Trunk interface view is displayed.
3.
Perform one or more operations shown in Table 3-8 as needed.
Table 3-8 Eth-Trunk interface parameters
Parameter for a
Layer 3 Eth-Trunk
Interface
Operation
IP address of the EthTrunk interface
Run the ip address ip-address { mask | mask-length }
[ sub ] command.
MAC address of the
Eth-Trunk interface
Run the mac-address mac-address command.
MTU of the EthTrunk interface
Run the mtu mtu command.
The default MAC address of an Eth-Trunk interface is the
system MAC address, namely, the MAC address of the
Ethernet interface on the main control board.
The MTU is measured in bytes and the default MTU is 1500
bytes.
NOTICE
l The MTUs of two directly-connected interfaces must be the
same. After using the mtu mtu command to change the MTU
of an interface, change the MTU of the directly-connected
interface on another device to ensure that the MTUs of the two
ends are the same. Otherwise, services may be interrupted.
l If IPv6 runs on an Eth-Trunk interface, and the MTU set by
using the mtu mtu command on the interface is smaller than
1280 bytes, IPv6 does not properly work on this interface. To
prevent such a problem, set the MTU of the interface to a value
equal to or greater than 1280 when IPv6 runs on the interface.
Minimum number of
Up member links
Load balancing
mode
Run the least active-linknumber link-number command.
The default minimum number is 1. An Eth-Trunk interface
is Up as long as one member interface is Up.
Run the load-balance { src-dst-mac | src-dst-ip | packetall } command.
By default, a Layer 3 Eth-Trunk interface carries out load
balancing based on IP addresses.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
123
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
3.3.5 Configuring Parameters for Eth-Trunk Member Interfaces
To ensure reliable communication between Eth-Trunk interfaces, properly configure parameters
for Eth-Trunk member interfaces.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The view of an Eth-Trunk member interface is displayed.
Step 3 Run:
distribute-weight weight-value
The load balancing weight is configured for the Eth-Trunk member interface.
The default weight of an Eth-Trunk member interface is 1.
The total load balancing weights of all member interfaces of an Eth-Trunk interface cannot be
greater than 16.
The Eth-Trunk interface performs load balancing based on the weights of its member interfaces.
The greater the weight of an Eth-Trunk member interface, the heavier the load carried by the
member interface.
NOTE
Assume that an Eth-Trunk interface transmits multicast traffic. If the distribute-weight command is run
to change the load balancing weight of its member interface, run the shutdown command and the undo
shutdown command to restart this member interface.
----End
3.3.6 (Optical) Configuring an Eth-Trunk Sub-interface
To transmit both Layer 2 and Layer 3 services over the same physical link, create a sub-interface
on a Layer 2 Eth-Trunk interface.
Context
If Layer 2 switching devices belong to different VLANs, and hosts in the VLANs need to
communicate with each other, you need to create sub-interfaces on the Eth-Trunk interface
connecting a Layer 3 device to a Layer 2 switching device, bind a VLAN to each sub-interface,
configure 802.1Q encapsulation on the sub-interfaces, and assign an IP address to each subinterface.
After the configuration is complete, hosts in the VLANs can use these sub-interfaces to
communicate with each other. Eth-Trunk sub-interfaces can be configured to terminate dot1q
and QinQ VLAN tags.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
124
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
After sub-interfaces are configured for Layer 2 Eth-Trunk interfaces, the Eth-Trunk interfaces
provide Layer 2 functions, and their sub-interfaces provide Layer 3 functions.
Figure 3-8 Typical usage scenario of Layer 2 Eth-Trunk sub-interfaces
VPLS/MPLS/IP
PE2
PE1
Eth-Trunk
Sub-interface
Eth-Trunk
CE2
CE1
S1
S2
S4
S3
VLAN
VLAN
NOTE
l For applications of Eth-Trunk sub-interfaces in VLAN services, see VLAN Configuration.
l For applications of Eth-Trunk sub-interfaces in QinQ services, see QinQ Configuration.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface eth-trunk trunk-id.subnumber
A Layer 2 Eth-Trunk sub-interface is created.
A maximum of 4094 sub-interfaces can be created on an Eth-Trunk interface and a maximum
of 16376 Eth-Trunk sub-interfaces can be created on the device.
Step 3 Run:
ip address ip-address { mask | mask-length } [ sub ]
An IP address is assigned to the Eth-Trunk sub-interface.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
125
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
When more than one IP address is configured for an Eth-Trunk interface, the keyword sub must
be used to indicate the second and later IP addresses.
Step 4 Run:
vlan-type dot1q vlan-id
The encapsulation type and associated VLAN ID is configured for the Eth-Trunk sub-interface.
By default, an Eth-Trunk sub-interface is not configured with any encapsulation types or
associated with any VLAN IDs.
The VLAN IDs associated with the two communicating Eth-Trunk sub-interfaces must be the
same.
The VLAN ID associated with a sub-interface of a Layer 2 Eth-Trunk interface cannot be the
VLAN ID associated with the Eth-Trunk interface.
NOTE
On the router, a sub-interface can be associated with only one VLAN ID.
For configurations of sub-interfaces for dot1q or QinQ VLAN tag termination, see QinQ
Configuration.
Step 5 Run:
mtu mtu
The MTU is configured for the Eth-Trunk sub-interface.
The MTU value of an Eth-Trunk interface ranges from 46 to 9600, in bytes. The default value
is 1500.
NOTE
The Quality of Service (QoS) queue length is limited. If the MTU is too small whereas the packet size is
large, the packet is probably divided into many fragments and discarded by the QoS queue. To avoid this
situation, lengthen the QoS queue accordingly.
Step 6 Run:
arp send-speed-limit limit
The rate at which the Eth-Trunk sub-interface sends gratuitous Address Resolution Protocol
(ARP) packets is configured.
The default rate is 2000 packets per second.
To prevent the peer from discarding gratuitous ARP packets, configure the rate at which the EthTrunk sub-interface on the local end sends gratuitous ARP packets to a proper value so that the
peer can process all the gratuitous packets from the local end.
----End
3.3.7 Checking the Configurations
After an Eth-Trunk interface in manual load balancing mode is successfully configured, you can
view information about the Eth-Trunk interface, including the Eth-Trunk ID, working mode,
and status of member interfaces.
Prerequisites
An Eth-Trunk interface in manual load balancing mode has been configured.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
126
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Procedure
l
Run the display trunkmembership eth-trunk trunk-id command to check information
about member interfaces of the Eth-Trunk interface.
l
Run the display eth-trunk [ trunk-id [ interface interface-type interface-number ] ]
command to check information about the Eth-Trunk link aggregation group and active
member interfaces.
l
Run the display interface eth-trunk [ trunk-id | main ] command to check the status of
the Eth-Trunk interface.
l
Run the display interface brief command to check brief information about the Eth-Trunk
interface, including the physical status, link protocol status, and bandwidth usage.
l
Run the display trunkfwdtbl eth-trunk trunk-id [ slot slot-id ] command to check the
forwarding table on the Eth-Trunk interface.
----End
Example
Run the display trunkmembership eth-trunk command to view the configured working mode
and LACP system priority of the Eth-Trunk interface, LACP priority of each member interface,
and active member interfaces.
<HUAWEI> display trunkmembership eth-trunk 1
Trunk ID: 1
used status: VALID
TYPE: ethernet
Working Mode : Normal
Number Of Ports in Trunk = 3
Number Of UP Ports in Trunk = 3
operate status: up
Interface GigabitEthernet1/0/1, valid, operate up, weight=1
Interface GigabitEthernet1/0/2, valid, operate up, weight=1
Interface GigabitEthernet1/0/3, valid, operate up, weight=1
Run the display eth-trunk command to check information about the Eth-Trunk link aggregation
group and active member interfaces.
<HUAWEI> display eth-trunk 1
Eth-Trunk1's state information is:
WorkingMode: NORMAL
Hash arithmetic: According to flow
Least Active-linknumber: 1 Max Bandwidth-affected-linknumber: 16
Operate status: up
Number Of Up Port In Trunk: 3
-------------------------------------------------------------------------------PortName
Status
Weight
GigabitEthernet1/0/1
Up
1
GigabitEthernet1/0/2
Up
1
GigabitEthernet1/0/3
Up
1
Run the display interface eth-trunk command to view the status of the Eth-Trunk interface.
For example:
<HUAWEI> display interface eth-trunk 1
Eth-Trunk1 current state : UP
Line protocol current state : UP
Last line protocol up time: 2008-04-02, 11:00:19
Description : Eth-Trunk1 Interface
Route Port,Hash arithmatic : According to flow,The Maximum Transmit Unit is 1500
Internet protocol processing : disabled
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc09-9722
Physical is ETH_TRUNK
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
127
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Current system time: 2010-08-29 20:26:18
Statistics last cleared: 2008-03-02 15:32:27
Last 300 seconds input rate 0 bytes/sec, 0 packets/sec
Last 300 seconds output rate 0 bytes/sec, 0 packets/sec
Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec
Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec
Input:
24 packets,3 bytes,
7 unicast,9 broadcast,8 multicasts
10 errors,5 drops,
Output:
39 packets,4 bytes,
12 unicast,14 broadcast,13 multicasts
15 errors,6 drops
Input bandwidth utilization : 0.00%
Output bandwidth utilization : 0.00%
----------------------------------------------------PortName
Status
Weight
----------------------------------------------------GigabitEthernet1/0/1
UP
1
GigabitEthernet1/0/2
UP
1
GigabitEthernet1/0/3
UP
1
----------------------------------------------------The Number of Ports in Trunk : 3
The Number of UP Ports in Trunk : 3
Run the display interface brief command to view brief information about the Eth-Trunk
interface, including the physical status, link protocol status, bandwidth usage, and statistics about
error packets. For example:
<HUAWEI> display interface brief | begin Eth-Trunk
PHY: Physical
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
(b): BFD down
(d): Dampening Suppressed
InUti/OutUti: input utility/output utility
Interface
PHY
Protocol InUti
Eth-Trunk1
up
up
0%
GigabitEthernet1/0/1
up
down
0%
GigabitEthernet1/0/2
up
down
0%
GigabitEthernet1/0/3
up
down
0%
Eth-Trunk1.1
up
up
0%
OutUti
0%
0%
0%
0%
0%
inErrors
0
0
0
0
0
outErrors
0
0
0
0
0
Run the display trunkfwdtbl eth-trunk command to view the forwarding table on the EthTrunk interface. For example:
<HUAWEI> display trunkfwdtbl eth-trunk 1
Eth-Trunk1's forwarding table is:
MASTER
SLAVE
GigabitEthernet1/0/1
GigabitEthernet1/0/3
GigabitEthernet1/0/3
GigabitEthernet1/0/2
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/1
GigabitEthernet1/0/3
GigabitEthernet1/0/3
GigabitEthernet1/0/2
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/1
GigabitEthernet1/0/3
GigabitEthernet1/0/3
GigabitEthernet1/0/2
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/1
GigabitEthernet1/0/3
GigabitEthernet1/0/3
GigabitEthernet1/0/2
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/1
GigabitEthernet1/0/3
GigabitEthernet1/0/3
GigabitEthernet1/0/2
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/1
GigabitEthernet1/0/3
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
128
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
3.4 Configuring an Eth-Trunk Interface to Work in Manual
1:1 Active/Standby Mode
If there are intermediate devices between the two devices connected through two Eth-Trunk
links, configure each Eth-Trunk interface to work in manual 1:1 active/standby mode. After the
configuration, data is transmitted over the active link and the standby link takes over the traffic
if the active link fails.
3.4.1 Before You Start
Before configuring an Eth-Trunk interface to work in manual 1:1 active/standby mode,
familiarize yourself with the usage scenario, complete the pre-configuration tasks, and obtain
the data required for the configuration. This helps you complete the configuration task quickly
and accurately.
Applicable Environment
As the volume of services deployed on networks expands, higher network reliability is needed.
On the network shown in Figure 3-9, there are intermediate devices between the two devices
connected through two Eth-Trunk links. In this scenario, you can configure each Eth-Trunk
interface to work in manual 1:1 active/standby mode. The networking provides an active link
as well as a standby link for data transmission.
Figure 3-9 Schematic diagram for Eth-Trunk interfaces in manual 1:1 active/standby mode
PE3
GE1/0/1
A
GE2/0/2
Act
iv
GE2/0/1
k
e lin
GE2/0/3
ctiv
e li
nk
GE1/0/1
Eth-Trunk 1
PE1
Eth-Trunk 1
GE1/0/2
Bac
kup
link
GE2/0/3
Bac
GE2/0/2
GE2/0/1
nk
p li
PE2
GE1/0/2
ku
PE4
NOTE
Ethernet interfaces on different boards, at different rates, or in different duplex modes can be added to the
same Eth-Trunk interface working in manual 1:1 active/standby mode.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
129
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Pre-configuration Tasks
Before configuring an Eth-Trunk interface to work in manual 1:1 active/standby mode, connect
interfaces and configuring physical parameters for the interfaces to make sure that the physical
status of the interfaces is Up.
Data Preparation
To configure an Eth-Trunk interface to work in manual 1:1 active/standby mode, you need the
following data.
No.
Data
1
Eth-Trunk ID of an Eth-Trunk interface to be configured to work in manual 1:1
active/standby mode
2
Type and number of each interface to be added to the Eth-Trunk interface
3
Type and number of the active Eth-Trunk member interface
4
Control VLAN ID
3.4.2 Creating an Eth-Trunk Interface to Work in Manual 1:1 Active/
Standby Mode
Before bundling physical interfaces into an Eth-Trunk, create an Eth-Trunk interface.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface eth-trunk trunk-id
An Eth-Trunk interface is created and the Eth-Trunk interface view is displayed.
Step 3 Run:
portswitch
The Eth-Trunk interface is switched to the Layer 2 mode.
By default, an Eth-Trunk interface works in Layer 3 mode.
Step 4 Run:
mode manual backup
The Eth-Trunk interface is configured to work in manual 1:1 active/standby mode.
By default, an Eth-Trunk interface works in manual load balancing mode.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
130
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
3.4.3 Adding Physical Interfaces to the Eth-Trunk Interface
An Eth-Trunk interface working in manual 1:1 active/standby mode contains only two member
interfaces. Of the two member interfaces, one is active and the other standby.
Context
There are two methods for adding physical interfaces to an Eth-Trunk interface:
l
Add physical interfaces in the view of the Eth-Trunk interface. Using this method, you can
add a single physical interface or physical interfaces in batches.
l
Add a physical interface in the view of the physical interface. When adding physical
interfaces to an Eth-Trunk interface, note the following points:
– Eth-Trunk interfaces cannot be added to Eth-Trunk interfaces.
– Different Ethernet interfaces can be added to the same Eth-Trunk interface.
– Ethernet interfaces on different interface boards can be added to the same Eth-Trunk
interface.
NOTE
A physical interface added to an Eth-Trunk interface is affected by the Eth-Trunk interface:
l
If the shutdown command is run on the Eth-Trunk interface before or after the physical interface is
added, the physical status of the Eth-Trunk interface becomes Administratively DOWN.
Accordingly, the configuration file shows that the physical interface is shutdown and its physical
status is Administratively DOWN.
l
If the undo shutdown command is run on the Eth-Trunk interface after the physical interface is
added, the configuration file shows that the physical interface is undo shutdown.
Procedure
l
Add one or more physical interfaces in the Eth-Trunk interface view.
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
3.
Run either of the following commands as required:
– To add physical interfaces to the Eth-Trunk interface in batches and configure the
mode in which member interfaces of an Eth-Trunk interface send packets., run:
trunkport interface-type { interface-number1 [ to interface-number2 ] }
&<1-16>
A maximum of 2 interfaces can be added to an Eth-Trunk interface in batches.
– To add a single physical interface to an Eth-Trunk interface, run:
trunkport interface-type interface-number
l
Add a physical interface to an Eth-Trunk interface in the view of the physical interface.
1.
Run:
system-view
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
131
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
The system view is displayed.
2.
Run:
interface interface-type interface-number
The view of a physical interface that needs to be added to an Eth-Trunk interface is
displayed.
3.
Run:
eth-trunk trunk-id
The physical interface is added to the Eth-Trunk interface.
NOTE
l Member interfaces cannot be configured with services or Layer 3 configurations such as
IP addresses.
l Member interfaces cannot be manually configured with MAC addresses.
l An Ethernet interface can be added to only one Eth-Trunk interface. The Ethernet interface
must be deleted from the original Eth-Trunk interface before joining another Eth-Trunk
interface.
l Before adding a Layer 2 interface on the router to an Eth-Trunk interface, run the undo
portswitch command to configure the Eth-Trunk interface to work in Layer 3 mode.
----End
Follow-up Procedure
You can configure Eth-Trunk member interfaces to send trap messages after the status of the
Eth-Trunk member interfaces changes. After receiving a trap message, check whether the device
fails or recovers.
If you need to know the status change of the member interface of a specified Eth-Trunk interface,
run the trunk-member trap in private-mib enable command to enable Eth-Trunk member
interfaces to use the proprietary MIB to send trap messages. The trap messages sent by using
the proprietary MIB carry Eth-Trunk IDs, whereas the trap messages sent by using the public
MIB do not carry Eth-Trunk IDs.
After the trunk-member trap in private-mib enable command is configured, Eth-Trunk
member interfaces only use the proprietary MIB to send trap messages. To view these trap
messages, use the Huawei proprietary MIB.
3.4.4 Enabling an Eth-Trunk Interface to Send SmartLink Flush
Packets
Assume that the function of sending Flush packets is enabled. After the active/standby Eth-Trunk
member interface switchover is performed, the new active member interface sends Flush packets
to instruct the peer to age the corresponding MAC entry. This prevents data transmission
interruption caused by asynchronous MAC entries.
Procedure
Step 1 Run:
system-view
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
132
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
The system view is displayed.
Step 2 Run:
vlan vlan-id
A control VLAN is created and its view is displayed.
The control VLAN is used to send SmartLink Flush packets between Eth-Trunk interfaces in
manual 1:1 master/backup mode. The control VLAN ID must be the same as the VLAN ID of
sent SmartLink Flush packets.
Step 3 Run:
quit
Return to the system view.
Step 4 Run:
interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
Step 5 Run:
port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }
The Eth-Trunk interface is enabled to allow packets from the control VLAN to pass through.
The control VLAN ID must be the same as the VLAN ID carried in a Flush packet.
Step 6 Run:
smart-link flush send vlan vlan-id
The Eth-Trunk interface is enabled to send SmartLink Flush packets.
----End
3.4.5 Specifying the Master Member Interface in an Eth-Trunk
Interface
By default, the member interface that is first added to the Eth-Trunk interface and the interface
status is Up in manual 1:1 master/backup mode will automatically become the master one. To
ensure a reliable communication, specifying a master interface is recommended.
Context
In normal situations, the master member interface in an Eth-Trunk interface in manual 1:1
master/backup mode is active and can forward data. The backup member interface is inactive
and cannot forward data. To change the backup interface to the master interface, perform either
of the following operations:
l
Run the undo port-master command in the master interface view to delete the master
interface configuration, and run the port-master command in the backup interface view to
specify the interface as the master interface. Specifying a new master interface causes a
short data interruption.
l
Run the protect-switch command in the view of the Eth-Trunk interface in manual 1:1
master/backup mode to manually switch the active and inactive interfaces. Each time the
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
133
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
protect-switch command is run, the active and inactive interfaces are switched once. This
switching does not cause any data interruption.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The view of an Eth-Trunk member interface is displayed.
Step 3 (Optional) Run:
port-master
This member interface is specified as the active one.
Of the two member interfaces, only one can be configured as the active member interface.
----End
Follow-up Procedure
If the master member interface fails, it becomes inactive. If the master member interface
recovers, it needs to become active again. You can run the preempt enable [ delay delaytime ] command in the view of the Eth-Trunk interface in manual 1:1 master/backup mode to
enable delayed switchback and also specify a switchback delay for the master member interface.
l
If you want the master member interface to become active immediately after it recovers,
you do not need to specify a switchback delay.
l
If you want the recovered master member interface to become active after a delay, specify
a switchback delay.
3.4.6 Enabling an Intermediate Device to Receive SmartLink Flush
Packets
Link reliability can be implemented between master and backup links only after intermediate
devices are enabled to receive SmartLink Flush packets so that they can transparently transmit
the SmartLink Flush packets.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
vlan vlan-id
A control VLAN is created and its view is displayed.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
134
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
The control VLAN is used to send SmartLink Flush packets between Eth-Trunk interfaces in
manual 1:1 master/backup mode. The control VLAN ID must be the same as the VLAN ID of
sent SmartLink Flush packets.
Step 3 Run:
quit
Return to the system view.
Step 4 Run:
interface interface-type interface-number
The interface view is displayed. The intermediate devices' interfaces that connect to the EthTrunk interfaces at both ends of the Eth-Trunk link as well as the intermediate devices' interfaces
that connect to each other must all be specified.
Step 5 Run:
portswitch
The Layer 3 interface is configured to work in Layer 2 mode.
Step 6 Run:
port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }
The interface is enabled to allow packets from the control VLAN to pass through.
The VLAN ID of received and sent SmartLink Flush packets must be the same.
Step 7 Run:
smart-link flush enable control-vlan vlan-id
The function of receiving Flush packets is enabled.
----End
3.4.7 Checking the Configurations
After an Eth-Trunk interface in manual 1:1 active/standby mode is successfully configured, you
can view information about the Eth-Trunk interface, including the Eth-Trunk ID, working mode,
and status of member interfaces.
Prerequisites
An Eth-Trunk interface in manual 1:1 active/standby mode has been configured.
Procedure
l
Run the display trunkmembership eth-trunk trunk-id command to check information
about member interfaces of the Eth-Trunk interface.
l
Run the display eth-trunk [ trunk-id [ interface interface-type interface-number ] ]
command to view information about the Eth-Trunk link aggregation group and active
member interfaces.
l
Run the display interface eth-trunk [ trunk-id | main ] command to check the status of
the Eth-Trunk interface.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
135
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
l
Run the display interface brief command to check brief information about the Eth-Trunk
interface, including the physical status, link protocol status, and bandwidth usage.
l
Run the display trunkfwdtbl eth-trunk trunk-id [ slot slot-id ] command to check the
forwarding table on the Eth-Trunk interface.
----End
Example
Run the display trunkmembership eth-trunk command to view the configured working mode
and LACP system priority of the Eth-Trunk interface, LACP priority of each member interface,
and active member interfaces.
<HUAWEI> display trunkmembership eth-trunk 1
Trunk ID: 1
used status: VALID
TYPE: ethernet
Working Mode : Backup-access
Working State: Master
Number Of Ports in Trunk = 2
Number Of UP Ports in Trunk = 2
operate status: up
Interface GigabitEthernet1/0/1, master port, valid, operate up, weight=1
Interface GigabitEthernet1/0/2, valid, operate up, weight=1
Run the display eth-trunk command to view information about the Eth-Trunk link aggregation
group and active member interfaces.
<HUAWEI> display eth-trunk 1
Eth-Trunk1's state information is:
WorkingMode: BACKUP
WorkingState: Master
-------------------------------------------------------------------------------PortName
Slave/Master
GigabitEthernet1/0/1
M
GigabitEthernet1/0/2
S
Run the display interface eth-trunk command to view the status of the Eth-Trunk interface.
For example:
<HUAWEI> display interface eth-trunk 1
Eth-Trunk1 current state : UP
Line protocol current state : UP
Description:HUAWEI, Eth-Trunk1 Interface
Switch Port,Hash arithmetic : According to flow,Maximal BW: 2G, Current BW: 2G,
The Maximum Transmit Unit is 1500
Internet protocol processing : disabled
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-3063-7200
Physical is ETH_TRUNK
Current system time: 2011-02-12 17:34:49-08:00
Last 300 seconds input rate 0 bits/sec, 0 packets/sec
Last 300 seconds output rate 0 bits/sec, 0 packets/sec
Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec
Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec
Input: 24 packets,3 bytes,
7 unicast,9 broadcast,8 multicasts
10 errors,5 drops
Output:39 packets,4 bytes,
12 unicast,14 broadcast,13 multicasts
15 errors,6 drops
Input bandwidth utilization : 0.00%
Output bandwidth utilization : 0.00%
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
136
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
----------------------------------------------------PortName
Status
Weight
----------------------------------------------------GigabitEthernet1/0/1
UP
1
GigabitEthernet1/0/2
UP
1
----------------------------------------------------The Number of Ports in Trunk : 2
The Number of UP Ports in Trunk : 2
Run the display interface brief command to view brief information about the Eth-Trunk
interface, including the physical status, link protocol status, bandwidth usage, and statistics about
error packets. For example:
<HUAWEI> display interface brief | begin Eth-Trunk
PHY: Physical
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
(b): BFD down
(e): ETHOAM down
(d): Dampening Suppressed
InUti/OutUti: input utility/output utility
Interface
PHY
Protocol InUti OutUti
Eth-Trunk1
up
up
0%
0%
GigabitEthernet1/0/1
up
down
0%
0%
GigabitEthernet1/0/2
up
down
0%
0%
inErrors
0
0
0
outErrors
0
0
0
Run the display trunkfwdtbl eth-trunk command to view the forwarding table on the EthTrunk interface. For example:
<HUAWEI> display trunkfwdtbl eth-trunk 1
Eth-Trunk1's forwarding table is:
MASTER
SLAVE
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/1
GigabitEthernet1/0/2
3.5 Configuring an Eth-Trunk Interface in Manual 1:1
Master/Backup Mode to Connect to a Non-Huawei Device
To allow a Huawei device to communicate with a non-Huawei device that uses master and
backup interfaces (both in the Up state), configure an Eth-Trunk interface in manual 1:1 master/
backup mode on the Huawei device.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
137
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Usage Scenario
On the network shown in Figure 3-10, a non-Huawei device uses master and backup interfaces
(both in the Up state) to directly connect to a Huawei device. However, communication may fail
because Huawei engineers cannot identify the master and backup interfaces on the connected
non-Huawei device during network planning or maintenance and therefore cannot correctly
specify the master and backup interfaces when configuring the Eth-Trunk interface in manual
1:1 master/backup mode.
Figure 3-10 Configuring an Eth-Trunk interface in manual 1:1 master/backup mode to connect
to a non-Huawei device
nonHuawei
Master device
interface
Huawei
device
Slave
interface
To address this problem, run the inactive-port shutdown enable command on the Huawei
device to forcibly set the backup member interface in the Eth-Trunk interface in manual 1:1
master/backup mode to the Down state. This configuration allows the non-Huawei device to
communicate with the Huawei device both through the master interfaces, ensuring
communication.
If the master member interface for forwarding traffic fails, the system automatically disables the
forcible Down state of the backup member interface and restores the backup member interface
to the Up state so that it can communicate with the non-Huawei device.
NOTE
The inactive-port shutdown enable and preempt enable commands are mutually exclusive in this
scenario.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface eth-trunk trunk-id
An Eth-Trunk interface is created, and the Eth-Trunk interface view is displayed.
Step 3 Run:
portswitch
The Eth-Trunk interface is switched to Layer 2 mode.
By default, an Eth-Trunk interface works in Layer 3 mode.
Step 4 Run:
mode manual backup
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
138
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
The Eth-Trunk interface is configured to work in manual 1:1 master/backup mode.
By default, an Eth-Trunk interface works in manual load balancing mode.
Step 5 Run:
inactive-port shutdown enable
The backup member interface in the Eth-Trunk interface that works in manual 1:1 master/backup
mode is forcibly set to the Down state.
Step 6 Run:
trunkport interface-type { interface-number1 [ to interface-number2 ] } &<1-16>
Interfaces are added to the Eth-Trunk interface in batches.
A maximum of two interfaces can be added to or deleted from an Eth-Trunk interface in a batch.
NOTE
Before adding an interface to an Eth-Trunk interface, ensure that the following condition is met:
l Member interfaces cannot be configured with services or Layer 3 configurations such as IP addresses.
l Member interfaces cannot be manually configured with MAC addresses.
l An Ethernet interface can be added to only one Eth-Trunk interface. The Ethernet interface must be
deleted from the original Eth-Trunk interface before joining another Eth-Trunk interface.
l Before adding a Layer 2 interface on the router to an Eth-Trunk interface, run the undo portswitch
command to configure the Eth-Trunk interface to work in Layer 3 mode.
An interface can be added to an Eth-Trunk interface in the Eth-Trunk interface view or in the interface
view. For details, see 3.4.3 Adding Physical Interfaces to the Eth-Trunk Interface.
Step 7 Run:
quit
Return to the system view.
Step 8 Run:
interface interface-type interface-number
The Eth-Trunk member interface view is displayed.
Step 9 Run:
port-master
The master member interface is specified.
Only one master interface can be specified between the two member interfaces in an Eth-Trunk
interface in manual 1:1 master/backup mode.
----End
Checking the Configurations
After configuring an Eth-Trunk interface in manual 1:1 master/backup mode, check the
configurations.
Run the display interface command. The command output shows that the interface status is
TRUNK BACKUP DOWN.
<HUAWEI> display interface gigabitethernet1/0/1
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
139
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
GigabitEthernet1/0/1 current state : TRUNK BACKUP DOWN
Line protocol current state : DOWN
Link quality grade : GOOD
Description:HUAWEI, GigabitEthernet1/0/1 Interface
Route Port,The Maximum Transmit Unit is 1500
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-7020-8242
Last physical up time
: 2013-10-17 16:30:25 UTC-08:00
Last physical down time : 2013-10-17 16:39:05 UTC-08:00
Current system time: 2013-10-17 16:42:41-08:00
Hardware address is 00e0-7020-8242
Last 300 seconds input rate 0 bytes/sec, 0 packets/sec
Last 300 seconds output rate 0 bytes/sec, 0 packets/sec
Input: 0 bytes, 0 packets
Output: 0 bytes, 0 packets
Input:
Unicast: 0 packets, Multicast: 0 packets
Broadcast: 0 packets
Output:
Unicast: 0 packets, Multicast: 0 packets
Broadcast: 0 packets
Input bandwidth utilization :
0%
Output bandwidth utilization :
0%
3.6 Configuring an Eth-Trunk Interface to Work in InterBoard Interface Standby Mode
On a network where a downstream device is connected to a passive optical splitter (POS), the
POS splits one optical fiber into two optical fibers, which then connect to two different boards
on an upstream device. To implement board redundancy for the upstream device, you can
configure an Eth-Trunk interface on the device to work in inter-board interface standby mode
and add the interfaces on the two boards to the Eth-Trunk interface.
3.6.1 Before You Start
Before configuring an Eth-Trunk interface to work in inter-board interface standby mode,
familiarize yourself with the usage scenario, complete the pre-configuration tasks, and obtain
the data required for the configuration.
Usage Scenario
On a live network, many users lease only one link to carry their services, posing a risk of service
interruption. To improve service transmission reliability, a device must support board
redundancy.
On the network shown in Figure 3-11, a downstream CE is connected to a passive optical splitter
(POS). The POS changes one channel of optical signals to two channels, which then connect to
two different boards on an upstream PE. To implement board redundancy for the upstream PE,
you can configure an Eth-Trunk interface on the PE to work in inter-board interface standby
mode and add the interfaces on the two boards to the Eth-Trunk interface.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
140
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Figure 3-11 Eth-Trunk interface in inter-board interface standby mode
Eth-Trunk
port1
Master link
Optical
splitter
CE
Backup link
port2
PE
Pre-configuration Tasks
Before configuring an Eth-Trunk interface to work in inter-board interface standby mode,
connect interfaces and set their physical parameters to ensure that their physical status is Up.
Data Preparation
To complete the configuration, you need the following data:
No.
Data
1
Eth-Trunk interface ID
2
Member interface type and number
3
(Optional) Master interface type and number
3.6.2 Creating and Configuring an Eth-Trunk Interface to Work in
Inter-Board Interface Standby Mode
Create an Eth-Trunk interface and then bundle physical interfaces into it.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface eth-trunk trunk-id
An Eth-Trunk interface is created, and the Eth-Trunk interface view is displayed.
Step 3 Run:
mode manual port-standby
The Eth-Trunk interface is configured to work in inter-board interface standby mode.
By default, an Eth-Trunk interface works in manual load balancing mode.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
141
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
3.6.3 Adding Member Interfaces to the Eth-Trunk Interface
An Eth-Trunk interface in inter-board interface standby mode can contain a maximum of two
member interfaces.
Context
Two methods are available for adding member interfaces to an Eth-Trunk interface:
l
In the Eth-Trunk interface view, add member interfaces to an Eth-Trunk interface either in
batches or one by one.
l
In the view of an interface, add the interface as a member interface to an Eth-Trunk interface.
When adding member interfaces to an Eth-Trunk interface, note the following:
– An Eth-Trunk interface cannot be added to another Eth-Trunk interface.
– Interfaces to be added to an Eth-Trunk interface must reside on different boards.
NOTE
After interfaces are added to an Eth-Trunk interface, the following situations occur:
l
If the Eth-Trunk interface is shut down using the shutdown command, the physical status of both
the Eth-Trunk interface and member interfaces becomes Administratively DOWN, and the
shutdown command configuration is automatically generated for the member interfaces in the
configuration file.
l
If the Eth-Trunk interface is enabled using the undo shutdown command, the undo shutdown
command configuration is automatically generated for the member interfaces in the configuration
file.
If only one interface is added to an Eth-Trunk interface in inter-board interface standby mode, disabling
the interface that is not added to the Eth-Trunk interface from sending optical signals is recommended to
prevent optical signal interference and traffic transmission unstability.
Procedure
l
Add member interfaces in the view of an Eth-Trunk interface.
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
3.
Run either of the following commands:
– To add member interfaces to the Eth-Trunk interface in batches, run the
trunkport interface-type { interface-number1 [ to interface-number2 ] } &<1-16>
command.
A maximum of two member interfaces can be added to or deleted from an EthTrunk interface that works in inter-board interface standby mode.
– To add a single member interface to the Eth-Trunk interface, run the trunkport
interface-type interface-number command.
l
Add an interface to an Eth-Trunk interface in the view of the interface.
1.
Issue 02 (2014-09-30)
Run:
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
142
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
system-view
The system view is displayed.
2.
Run:
interface interface-type interface-number
The interface view is displayed.
3.
Run:
eth-trunk trunk-id
The interface is added to an Eth-Trunk interface.
NOTE
l Interfaces to be added to an Eth-Trunk interface cannot have services configured, static
MAC addresses configured, or Layer 3 configuration data such as IP addresses.
l Before Layer 2 interfaces can be added to an Eth-Trunk interface, they must be switched
to Layer 3 interfaces using the undo portswitch command.
l An Ethernet interface can be added to only one Eth-Trunk interface. Before adding it to
another Eth-Trunk interface, delete it from the current Eth-Trunk interface.
----End
3.6.4 (Optional) Specifying the Master Member Interface of an EthTrunk Interface
By default, the interface that is first added to an Eth-Trunk interface is the master member
interface. To ensure reliable service transmission, you are advised to specify the master member
interface for an Eth-Trunk interface.
Context
In normal situations, the master member interface in an Eth-Trunk interface in inter-board
interface standby mode is active and used to forward data. The backup member interface is
inactive and does not forward data. To change the backup interface to the master interface,
perform either of the following operations:
l
Run the undo port-master command in the master interface view to delete the master
interface configuration, and run the port-master command in the backup interface view
to specify the desired interface as the master member interface.
l
Run the protect-switch command in the view of the Eth-Trunk interface in inter-board
interface standby mode to manually switch the active and inactive interfaces. Each time
the protect-switch command is executed, the active and inactive interfaces are switched
once.
NOTE
Performing either of the preceding operations will cause a short data interruption.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
143
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Step 2 Run:
interface interface-type interface-number
The Eth-Trunk member interface view is displayed.
Step 3 Run:
port-master
The master member interface is specified.
Only one of the two member interfaces in an Eth-Trunk interface in inter-board interface standby
mode can be the master interface.
----End
3.6.5 Checking the Configurations
After configuring an Eth-Trunk interface in inter-board interface standby mode, check the EthTrunk interface configurations, including the Eth-Trunk ID, working mode, and member
interface status.
Prerequisites
Configurations of an Eth-Trunk interface in inter-board interface standby mode have been
complete.
Procedure
l
Run the display eth-trunk [ trunk-id [ interface interface-type interface-number ] ]
command to check the configurations of an Eth-Trunk interface in inter-board interface
standby mode.
l
Run the display trunk membership eth-trunk trunk-id command to check information
about the Eth-Trunk interface and its member interfaces.
l
Run the display trunkfwdtbl eth-trunk trunk-id command to check information about the
Eth-Trunk forwarding table.
----End
Example
# Run the display eth-trunk command. The command output shows that the Eth-Trunk interface
works in inter-board interface standby mode and its working status is Slave. The output also
shows member interface information.
<HUAWEI> display eth-trunk 10
Eth-Trunk10's state information is:
WorkingMode: PORT-STANDBY
WorkingState: Slave
-------------------------------------------------------------------------------PortName
Slave/Master
GigabitEthernet1/0/1
M
GigabitEthernet2/0/1
S
# Run the display trunkmembership eth-trunk command. The command output shows
information about the Eth-Trunk interface and its member interfaces.
<HUAWEI> display trunkmembership eth-trunk 10
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
144
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Trunk ID: 10
Used status: VALID
TYPE: ethernet
Working Mode : Port-standby
Working State: Slave
Number Of Ports in Trunk = 2
Number Of Up Ports in Trunk = 2
Operate status: up
Interface GigabitEthernet1/0/1, master port, valid, operate up, weight=1
Interface GigabitEthernet2/0/1, valid, operate up, weight=1
# Run the display trunkfwdtbl eth-trunk command. The command output shows information
about the Eth-Trunk forwarding table.
<HUAWEI> display trunkfwdtbl eth-trunk 10
Eth-Trunk10's forwarding table is:
MASTER
SLAVE
GigabitEthernet2/0/1
GigabitEthernet1/0/1
GigabitEthernet2/0/1
GigabitEthernet1/0/1
GigabitEthernet2/0/1
GigabitEthernet1/0/1
GigabitEthernet2/0/1
GigabitEthernet1/0/1
GigabitEthernet2/0/1
GigabitEthernet1/0/1
GigabitEthernet2/0/1
GigabitEthernet1/0/1
GigabitEthernet2/0/1
GigabitEthernet1/0/1
GigabitEthernet2/0/1
GigabitEthernet1/0/1
GigabitEthernet2/0/1
GigabitEthernet1/0/1
GigabitEthernet2/0/1
GigabitEthernet1/0/1
GigabitEthernet2/0/1
GigabitEthernet1/0/1
GigabitEthernet2/0/1
GigabitEthernet1/0/1
GigabitEthernet2/0/1
GigabitEthernet1/0/1
GigabitEthernet2/0/1
GigabitEthernet1/0/1
GigabitEthernet2/0/1
GigabitEthernet1/0/1
GigabitEthernet2/0/1
GigabitEthernet1/0/1
3.7 Associating an Eth-Trunk Interface in Static LACP Mode
with an mVRRP Backup Group
This section describes how to associate an Eth-Trunk interface in static LACP mode with an
manage Virtual Router Redundancy Protocol (mVRRP) backup group. This configuration
allows the Eth-Trunk interface to rapidly detect the status change of the mVRRP backup group.
After detecting the status change of the mVRRP backup group, the Eth-Trunk interface can
rapidly switch traffic to an available link. This ensures reliable service transmission.
3.7.1 Before You Start
Before associating an Eth-Trunk interface in static LACP mode with an Manage Virtual Router
Redundancy Protocol (mVRRP) backup group, familiarize yourself with the usage scenario,
complete the pre-configuration tasks, and obtain the data required for the configuration.
Applicable Environment
Reliable networking usually integrates device-level reliability and link-level reliability. In
certain scenarios where the VRRP technology is used for device-level reliability and the trunk
technology is used for link-level reliability, traffic on the master device and active link cannot
be switched to the slave device and standby link at the same time when a fault occurs on the
master device or the active link. As a result, traffic is interrupted. To solve this problem, you
can associate trunk with VRRP.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
145
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Figure 3-12 Typical networking diagram for a CE being dual-homed to UPEs
IP/MPLS
Core
UPE1
IP/MPLS
Core
UPE2
UPE1
VRRP
CE
UPE2
CE
Active link
Standby link
Eth-Trunk interface
VRRP-tracked interface
As shown in Figure 3-12, a CE is dual-homed to UPEs. A VRRP backup group is configured
on UPE1 and UPE2 to allow UPE1 to function as the master device and UPE2 to function as
the slave device. The physical links between the CE and UPEs are bundled into an Eth-Trunk
link to improve link reliability and increase bandwidth.
To implement this networking, ensure that the switchover of the master and slave devices and
the switchover of the active and standby links are performed at the same time. When UPE1
functions as the master device, the link between the CE and UPE1 must be the active link.
Otherwise, traffic is interrupted. If UPE1 becomes slave whereas the link between the CE and
UPE1 still functions as the active link, traffic is still transmitted along this link to UPE1. The
slave device UPE1, however, does not forward packets, which causes traffic interruption.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
146
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
NOTE
l Though the Eth-Trunk technology is a point-to-point technology, and the networking is a point-tomultipoint networking, the Eth-Trunk technology still functions well in this networking. VRRP
configured on UPEs groups the UPEs into a virtual router, which makes this networking still a P2P
networking for the Eth-Trunk technology.
l Eth-Trunk interfaces configured on the CE and UPEs must be in static LACP mode. The master/slave
UPEs require the active/standby links, and only Eth-Trunk links in static LACP mode can work in
active/standby mode.
l An mVRRP backup group must be configured on directly-connected UPEs to implement fast
switchover in the VRRP backup group.
An mVRRP backup group ignores the event that an interface goes Down. When the interface where
the mVRRP backup group resides goes Down, the VRRP backup group rapidly changes to Master but
not Initialize.
VRRP can track the status of Eth-Trunk member interfaces on the local device. When the master
device or the active link becomes faulty, the backup device and standby link become master and
active at the same time. In the following situations, however, the switchovers cannot occur at
the same time.
l
When the upstream interface on the master UPE becomes faulty, the device switchover
occurs but the link switchover does not occur.
l
When the device switchover occurs after the priorities of the master and backup UPEs are
changed, the link switchover does not occur.
To solve the problem of traffic interruption caused by asynchronous switchovers in the integrated
networking, Huawei provides the technology that associates an Eth-Trunk interface in static
LACP mode with an mVRRP backup group.
When the upstream interface on the master device becomes faulty or the network is adjusted,
the master device in the mVRRP backup group becomes backup. This allows the Eth-Trunk
interface associated with the mVRRP backup group to rapidly detect the status change of the
mVRRP backup group and perform the link switchover between the active and standby EthTrunk links. This ensures reliable traffic transmission.
NOTE
On a dual-homing network, besides associating an Eth-Trunk interface in static LACP mode with an
mVRRP backup group, you can use only the Eth-Trunk technology to implement both device-level and
link-level reliability. For configurations about E-Trunk, see 3.9 Configuring an E-Trunk.
Pre-configuration Tasks
Before associating an Eth-Trunk interface in static LACP mode with an mVRRP backup group,
complete the following tasks:
l
Configure Eth-Trunk interfaces in static LACP mode.
l
Configure VRRP IPv4 Association. and Configure an mVRRP IPv6 Backup Group.
Data Preparation
To associate an Eth-Trunk interface in static LACP mode with an mVRRP backup group, you
need the following data.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
147
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
No.
Data
1
Types and numbers of tracked Eth-Trunk member interfaces in static LACP mode,
VRRP backup group ID, and priorities of devices in the VRRP backup group
2
ID of the Eth-Trunk interface in static LACP mode, number of the mVRRP backup
group that is associated with the Eth-Trunk interface in static LACP mode, and types
and numbers of tracked Eth-Trunk member interfaces
3.7.2 Configuring a VRRP Backup Group to Track the Status of
Member Interfaces of an Eth-Trunk Interface in Static LACP Mode
When a member interface of an Eth-Trunk interface becomes faulty, the Virtual Router
Redundancy Protocol (VRRP) backup group that is configured to track the status of the member
interface can detect the fault and implement a master/slave switchover in the VRRP backup
group.
Context
A VRRP backup group can track a maximum of eight interfaces in either Increase or Reduce
mode.
l
When the increased mode is used and the tracked interface goes Down, the priority of the
VRRP backup group on the device increases.
increased value-increased specifies the value added to the current priority value each time
the tracked interface goes Down. The value ranges from 1 to 255.
l
When the reduced mode is used and the tracked interface goes Down, the priority of the
VRRP backup group on the device where the tracked interface resides reduces.
reduced value-increased specifies the value deducted from the current priority value each
time the tracked interface goes Down. The value ranges from 1 to 255.
l
The interface specified by the interface interface-type interface-number parameter must
be a member interface of an Eth-Trunk interface in static LACP mode.
NOTE
You are recommended to configure reduced value-reduced on the interface on which the VRRP backup
group is configured when the device where the interface resides has the active Eth-Trunk link, and configure
increased value-increased on the interface on which the VRRP backup group is configured when the device
where the interface resides has the standby Eth-Trunk link.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The view of the interface where the VRRP backup group resides is displayed.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
148
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Step 3 Run:
vrrp vrid virtual-router-id track interface interface-type interface-number
[ increased value-increased | reduced value-reduced ]
A VRRP backup group is configured to track the status of member interfaces of the Eth-Trunk
interface in static LACP mode.
By default, when the tracked interface goes Down, the priority of the VRRP backup group on
the interface reduces by 10.
The interface specified by the interface interface-type interface-number parameter must be a
member interface of an Eth-Trunk interface in static LACP mode.
NOTE
For details about the interface status tracking by VRRP, see Associating a VRRP IPv4 Backup Group with
a VRRP-Disabled Interface and Associating a VRRP IPv6 Backup Group with a VRRP-Disabled Interface.
----End
3.7.3 Configuring an Eth-Trunk Interface in Static LACP Mode
associating with an mVRRP Backup Group
Before associating an Eth-Trunk interface with an Manage Virtual Router Redundancy Protocol
(mVRRP) backup group, ensure that the Eth-Trunk interface works in static LACP mode and
the VRRP backup group is an mVRRP backup group.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface eth-trunk trunk-id
The view of an Eth-Trunk interface in static LACP mode is displayed.
Step 3 Run:
lacp track vrrp vrid vrid interface interface-type interface-number
The Eth-Trunk interface in static LACP mode is associated with an mVRRP backup group.
l The ID specified by vrid vrid must be the ID of the mVRRP backup group.
l The interface specified by interface interface-type interface-number must be the interface
where the mVRRP backup group function is configured.
----End
3.7.4 Checking the Configurations
After an Eth-Trunk interface in static LACP mode is associated with an mVRRP backup group,
the status of the Eth-Trunk link varies with the status of the associated mVRRP backup group.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
149
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Prerequisites
Associating an Eth-Trunk interface in static LACP mode with an mVRRP backup group has
been configured.
Procedure
l
Run the display vrrp [ interface interface-type interface-number [ virtual-router-id ] ]
[ brief ] command to check the status and configurations of the current VRRP backup
group.
l
Run the display eth-trunk [ trunk-id [ interface interface-type interface-number |
verbose ] ] command to check the configurations of the Eth-Trunk interface in static LACP
mode and information about its member interfaces.
----End
Example
Run the display vrrp command to view the status and type of the VRRP backup group as well
as the types, numbers, and status of the Eth-Trunk member interfaces that are tracked by the
VRRP backup group.
<HUAWEI> display vrrp
GigabitEthernet1/0/3 | Virtual Router
State : Master
Virtual IP : 1.1.1.10
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES
Delay Time : 0
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Config type : admin-vrrp
Track IF : GigabitEthernet1/0/1
IF State : UP
Track IF : GigabitEthernet1/0/2
IF State : UP
Config track link-bfd down-number
1
priority reduced : 40
priority reduced : 40
: 0
Run the display eth-trunk command to view the working mode of the Eth-Trunk interface and
information about its member interfaces.
<HUAWEI> display eth-trunk 20
Eth-Trunk20's state information is:
Local:
LAG ID: 20
WorkingMode: STATIC
Preempt Delay: Disabled
Hash arithmetic: According to flow
System Priority: 32768
System ID: 00e0-6923-4900
Least Active-linknumber: 1 Max Active-linknumber: 16
Operate status: up
Number Of Up Port In Trunk: 2
-------------------------------------------------------------------------------ActorPortName
Status
PortType PortPri PortNo PortKey PortState Weight
GigabitEthernet1/0/1
Selected 1GE
32768
257
5169
10111100 1
GigabitEthernet1/0/2
Selected 1GE
32768
258
5169
10111100 1
Partner:
-------------------------------------------------------------------------------ActorPortName
SysPri
SystemID
PortPri PortNo PortKey
PortState
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
150
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
GigabitEthernet1/0/1
GigabitEthernet1/0/2
32768
32768
3 Eth-Trunk Interface Configuration
00e0-b94e-fb00
00e0-b94e-fb00
32768
32768
257
258
2609
2609
10111100
10111100
3.8 Associating an Eth-Trunk Interface in Static LACP Mode
with a Unicast VRRP Backup Group
When non-Huawei devices are connected to Huawei devices through Eth-Trunk interfaces,
configure a unicast VRRP backup group on the Huawei devices to implement redundancy. To
ensure reliable service transmission, associate the Eth-Trunk interfaces in static LACP mode
with the unicast VRRP backup group. If the unicast VRRP backup group status changes, the
associated Eth-Trunk interfaces can quickly detect the status change and immediately perform
traffic switching.
Usage Scenario
On the network shown in Figure 3-13, NPE1 and NPE2 are non-Huawei devices, and PE1 and
PE2 are Huawei devices. NPE1 and NPE2 are respectively connected to PE1 and PE2 through
Eth-Trunk links. A unicast VRRP backup group is configured on PE1 and PE2 with PE1
functioning as the master device and PE2 functioning as the backup device.
The unicast VRRP backup group monitors the status of PE1 and PE2 and interfaces on PE1 and
PE2. If the user-side interface on PE1 fails, NPE1 can rapidly perform a master/backup link
switchover on the user side using its own security function. This ensures reliable service
transmission. However, NPE1 is unaware of the status change of the unicast VRRP backup group
in the following conditions and will continue forwarding traffic along the original faulty link,
causing a traffic interruption.
l
A fault occurs on the network-side interface on PE1.
l
The priorities of PE1 (master) and PE2 (backup) in the unicast VRRP backup group are
manually changed.
To prevent traffic interruptions, associate the Eth-Trunk interfaces in static LACP with the
unicast VRRP backup group. If the status of the unicast VRRP backup group changes from
master to backup, the associated Eth-Trunk interface on the master device can quickly detect
the status change. In this way, NPE1 connected to the Eth-Trunk interface can detect that a fault
occurs and promptly performs a master/backup link switchover using its own security function,
thereby ensuring proper traffic transmission.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
151
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Figure 3-13 Associating an Eth-Trunk interface in static LACP mode with a unicast VRRP
backup group
IP Core
PE1
Huawei
device
P1
P2
Master
Backup
Unicast
VRRP
PE2
Huawei
device
Eth-Trunk
NPE1
non-Huawei
device
Metro Network
CE1
NPE2
non-Huawei
device
CE2
NOTE
A unicast VRRP backup group applies to a Layer 3 network, whereas a common VRRP backup group
applies to a Layer 2 network. This is because a common VRRP backup group is a multicast VRRP backup
group and sends only multicast VRRP Advertisement packets within a broadcast domain, such as a VLAN
or a VSI.
For detailed information about a unicast VRRP backup group, see Unicast VRRP.
Pre-configuration Tasks
Before associating an Eth-Trunk interface in static LACP mode with a unicast VRRP backup
group, complete the following tasks:
l
Configure an Eth-Trunk interface to work in static LACP mode.
l
Configure a unicast VRRP backup group.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
152
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Step 2 Run:
interface eth-trunk trunk-id
The view of the Eth-Trunk interface in static LACP mode is displayed.
Step 3 Run:
lacp track vrrp vrid vrid interface loopback loopback-number
The Eth-Trunk interface in static LACP mode is associated with a unicast VRRP backup group.
A unicast VRRP backup group can be created only on loopback interfaces.
----End
Follow-up Procedure
Configure a unicast VRRP backup group on PE1 and PE2 to monitor the status of a member
interface of the Eth-Trunk interfaces in static LACP mode. As shown in the preceding figure in
which PE1 functions as the master device and PE2 functions as the backup device, if a member
interface of the Eth-Trunk interface on PE1 fails, the unicast VRRP backup group immediately
performs a master/backup switchover after detecting that the member interface status has
changed. The configurations are as follows:
1.
Run the system-view command to enter the system view.
2.
Run the interface loopback loopback-number command to enter the view of the loopback
interface on which a unicast VRRP backup group is configured.
3.
Run the vrrp vrid virtual-router-id track interface interface-type interface-number
[ increased value-increased | reduced value-reduced ] command to configure the unicast
VRRP backup group to monitor the status of a member interface of the Eth-Trunk interface
in static LACP mode.
The interface specified by interface interface-type interface-number must be a member
interface of the Eth-Trunk interface in static LACP mode.
NOTE
By default, the VRRP priority decreases by 10 if an interface monitored by a unicast VRRP backup
group goes Down. You are advised to specify reduced value-reduced on the monitored interface of
the master device in the unicast VRRP backup group, and specify increased value-increased on the
monitored interface of the backup device in the unicast VRRP backup group.
3.9 Configuring an E-Trunk
Unlike Eth-Trunk that provides board-level link reliability, E-Trunk provides device-level link
reliability.
3.9.1 Before You Start
Before configuring an E-Trunk, familiarize yourself with the usage scenario, complete the preconfiguration tasks, and obtain the data required for the configuration.
Applicable Environment
In this example, Eth-Trunk interfaces in static LACP mode are added to an E-Trunk. E-Trunk
is used to perform link or node protection in the networking where a CE is dual-homed to two
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
153
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
PEs on a Virtual Private LAN Service (VPLS), Virtual Leased Line (VLL), or Pseudo-Wire
Emulation Edge to Edge (PWE3) network. As shown in Figure 3-14, E-Trunk is used to perform
link protection in the networking where a CE is dual-homed to two PEs on the L2VPN network.
The CE is dual-homed to PE1 and PE2 through respective Eth-Trunk interfaces in static LACP
mode. The two Eth-Trunk interfaces compose an E-Trunk.
Figure 3-14 Networking diagram for configuring an E-Trunk
PE1 E-Trunk Priority: 10
E-Trunk1
MPLS/IP core
CE
PE2 E-Trunk Priority: 20
NOTE
Currently, only global VE and Eth-Trunk interfaces can be added to an E-Trunk. Global VE interfaces can
be added to an E-Trunk only in scenarios where an L2VPN is used to provide access to an L3VPN.
Pre-configuration Tasks
Before configuring an E-Trunk, complete the following task:
l
Before adding an Eth-Trunk interface to an E-Trunk, configure the Eth-Trunk interface
to work in static LACP mode or configure the Eth-Trunk interface to work in manual
load balancing mode.
l
Before adding a global VE interface to an E-Trunk, create a global VE interface and
configure it as an L2VE interface.
l
Add Eth-Trunk interfaces working in manual load balancing mode to an E-Trunk.
– 3.3 Configuring an Eth-Trunk Interface to Work in Manual Load Balancing
Mode on the PEs.
– Configure Ethernet operation, administration and maintenance (OAM) on the CE and
PEs to improve link reliability.
– Enabling BFD Globally on the PEs.
l
Add Eth-Trunk interfaces working in static LACP mode to an E-Trunk.
– 3.2 Configuring an Eth-Trunk Interface to Work in Static LACP Mode on the CE
and PEs.
– Enabling BFD Globally on the PEs.
l
Add a global VE interface to an E-Trunk.
– Create a global VE interface and configure it as an L2VE interface on the PEs.
– Enabling BFD Globally on the PEs.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
154
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Data Preparation
To configure an E-Trunk, you need the following data.
No.
Data
1
E-Trunk ID, (Optional)system ID, and (Optional)LACP priority
2
IDs of member Eth-Trunk interfaces of an E-Trunk and IDs of member global VE
interface of an E-Trunk
3
E-Trunk priority, IP addresses of the local and peer ends, identifier of the BFD
session bound to the E-Trunk, password for encrypting packets, interval at which
Hello packets are sent, time multiplier for detecting Hello packets, and switchover
delay time
4
Working mode of member interfaces in an E-Trunk
3.9.2 Creating an E-Trunk and Binding a BFD Session to the ETrunk
An E-Trunk implements inter-device link aggregation. Binding a Bidirectional Forwarding
Detection (BFD) session to an E-Trunk provides rapid link fault detection for the devices in the
E-Trunk.
Context
A BFD session can be bound to an E-Trunk in either of the following modes:
l
l
Manually create a BFD session and bind it to an E-Trunk.
1.
Manually create a BFD session, which is also called a static BFD session. The type
of the BFD session must be BFD for IP.
2.
Manually bind the BFD session to an E-Trunk.
Enable a device to automatically create a BFD session and bind the session to an E-Trunk.
After a device is enabled to create a dynamic BFD session, the device automatically creates
a BFD session and binds it to an E-Trunk.
Procedure
l
Manually create a BFD session and bind it to an E-Trunk.
1.
Run:
system-view
The system view is displayed.
2.
Run:
e-trunk e-trunk-id
An E-Trunk is created and the E-Trunk view is displayed.
3.
Run:
peer-address peer-ip-address source-address source-ip-address
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
155
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
IP addresses of the local and peer ends are configured.
One IP address is the peer address for the other IP address. For example, an E-trunk
is created between device A at 1.1.1.1 and device B at 2.2.2.2. The peer IP address of
device A is 2.2.2.2, and the peer IP address of device B is 1.1.1.1.
4.
Run:
e-trunk track bfd-session session-name bfd-session-name
A BFD session is bound to the E-Trunk.
l
Enable a device to automatically create a BFD session and bind the session to an E-Trunk.
1.
Run:
system-view
The system view is displayed.
2.
Run:
e-trunk e-trunk-id
An E-Trunk is created and the E-Trunk view is displayed.
3.
Run:
peer-address peer-ip-address source-address source-ip-address
IP addresses of the local and peer ends are configured.
One IP address is the peer address for the other IP address. For example, an E-trunk
is created between device A at 1.1.1.1 and device B at 2.2.2.2. The peer IP address of
device A is 2.2.2.2, and the peer IP address of device B is 1.1.1.1.
4.
Run:
e-trunk bfd enable [ track interface interface-type interface-number ]
The device is enabled to create a dynamic BFD session. The device automatically
creates a BFD session and binds it to an E-Trunk.
By default, a device is disabled from creating a dynamic BFD session.
For example, an E-Trunk is deployed on PE1 and PE2. To enable a dynamic BFD
session to rapidly detect the changes in the user-side interface on a PE, run the e-trunk
bfd enable track interface interface-type interface-number command to associate
the dynamic BFD session with the interface.
5.
(Optional) Run:
e-trunk bfd { detect-multiplier multiplier | min-rx-interval interval |
min-tx-interval interval }*
The local detection multiplier, minimum interval between receiving BFD packets, and
minimum interval between sending BFD packets are set for the dynamic BFD session.
The default local detection multiplier, minimum interval between receiving BFD
packets, and minimum interval between sending BFD packets are 3, 10 ms, and 10
ms, respectively.
You can set proper BFD session parameters as required.
If a device does not receive BFD packets from its peer within a specified detection
period, the device considers the link faulty and sets the BFD session to Down. To
reduce system resource consumption, the device automatically changes the local
receive interval to a random value greater than 1000 ms after detecting that the BFD
session goes Down. When the BFD session goes Up again, the device restores the
configured receive interval.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
156
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
– Interval between sending BFD packets = max (Local minimum interval between
sending BFD packets, Peer minimum interval between receiving BFD packets)
– Interval between receiving BFD packets = max (Peer minimum interval between
sending BFD packets, Local minimum interval between receiving BFD packets)
– Detection period = Peer detection multiplier x max (Peer minimum interval
between sending BFD packets, Local minimum interval between receiving BFD
packets)
----End
3.9.3 Adding an Interface to an E-Trunk
An Eth-Trunk or global VE interface can be added to an E-Trunk to forward traffic.
Context
The two devices on which an E-Trunk is deployed must have the same E-Trunk ID, whereas the
member interfaces of the E-Trunk can have the same or different IDs. If the member interfaces
have different IDs, you must specify the ID of the remote member interface when adding a local
member interface to the E-Trunk.
Procedure
l
Add Eth-Trunk interfaces to an E-Trunk:
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
Only Eth-Trunk interfaces in static LACP mode and manual load balancing mode can
be added to an E-Trunk.
NOTICE
If an Eth-Trunk in static LACP mode is added to an E-Trunk, do not configure the
maximum number of active links for the Eth-Trunk on the user-side device. Otherwise,
active interfaces are incorrectly selected during LACP negotiation, affecting service
forwarding.
3.
Run:
e-trunk e-trunk-id [ remote-eth-trunk eth-trunk-id ]
An Eth-Trunk interface is added to a specified E-Trunk.
One Eth-Trunk interface can be added to only one E-Trunk.
If the Eth-Trunk interfaces with different IDs on two devices are added to an E-Trunk,
you must configure remote-eth-trunk on each device. The Eth-Trunk interface on
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
157
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
one device must be specified as the remote Eth-Trunk interfaces on the other device
so that the E-Trunk can work properly.
l
Add a global VE interface to an E-Trunk:
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface global-ve ve-number
A global VE interface is created, and the global VE interface view is displayed.
3.
Run:
ve-group ve-group-id l2-terminate
The global VE interface is specified as an L2VE interface.
4.
Run:
e-trunk e-trunk-id [ remote-global-ve global-ve-id ]
A global VE interface is added to a specified E-Trunk.
A global VE interface can be added to only one E-Trunk. A global VE interface must
be removed from an E-Trunk before it is added to another one, and an E-Trunk can
have only one member global VE interface.
----End
3.9.4 (Optional) Configuring E-Trunk Parameters
To ensure reliable E-Trunk communication, configure proper E-Trunk parameters.
Procedure
l
Configure E-Trunk parameters in the system view.
After Eth-Trunk interfaces in static LACP mode are added to an E-Trunk, they exchange
LACPDUs carrying the system ID and LACP priority. The two devices in an E-Trunk must
be configured with the same system ID and LACP priority.
E-Trunk is a Huawei proprietary protocol. The default UDP port number 1025 used to send
and receive E-Trunk packets may conflict with the UDP port number used by another
protocol. To ensure forwarding of E-Trunk packets, change the UDP port number used to
send and receive E-Trunk packets.
1.
Run:
system-view
The system view is displayed.
2.
Issue 02 (2014-09-30)
Perform one or more operations in Table 3-9 to set desired E-Trunk parameters.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
158
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Table 3-9 E-Trunk Parameters
E-Trunk
Parameter
s
Command
Description
Configure
the LACP
system ID
of the ETrunk
lacp e-trunk system-id
mac-address
The master and backup devices of the ETrunk must be configured with the same
system ID.
NOTE
If the Eth-Trunk interfaces in manual load
balancing mode or global VE interface are
added to an E-Trunk, this step can be
skipped.
By default, the MAC address of the
Ethernet interface on the MPU/SRU is
used as the system ID of the E-Trunk.
Configure
the LACP
priority of
the E-Trunk
lacp e-trunk priority
priority
The master and backup devices of the ETrunk must be configured with the same
LACP priority.
NOTE
If the Eth-Trunk interfaces in manual load
balancing mode or global VE interface are
added to an E-Trunk, this step can be
skipped.
By default, the LACP priority value of
the E-Trunk is 32768.
UDP port
number
used to send
and receive
E-Trunk
packets
e-trunk port portnumber
The port-number value is
in the range of 1025 to
65535. If the UDP port
number in this range is
used by another protocol,
the port number cannot
be used to send or receive
E-Trunk packets.
The two devices in an E-Trunk must
have the same UDP port number. If you
change the UDP port number when ETrunk is running, complete the change
before E-Trunk negotiation times out.
If you change the UDP port number
when E-Trunk is running, the two
devices in the E-Trunk may not be able
to communicate. If E-Trunk negotiation
times out, both devices in the E-Trunk
may become master devices.
By default, the UDP port number 1025
is used to send and receive E-Trunk
packets.
l
Configure E-Trunk parameters in the E-Trunk view.
1.
Run:
system-view
The system view is displayed.
2.
Run:
e-trunk e-trunk-id
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
159
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
The E-Trunk view is displayed.
3.
Perform one or more operations in Table 3-10 to set the desired E-Trunk parameters.
Table 3-10 E-Trunk Parameters
E-Trunk
Parameter
s
Command
Description
Configure
the E-Trunk
priority
priority priority
The priority values of the two devices
are used to determine their master and
backup status. The smaller the value, the
higher the priority. The device with a
higher E-Trunk priority functions as the
master device. If the two devices have
the same E-Trunk priority, the device
with the smaller system ID functions as
the master device.
The default E-Trunk priority value is
100.
Configure
the
password
for
encrypting
packets
security-key { simple
simple-key | cipher
cipher-key }
This enhances system security. The
passwords for encrypting packets on the
two ends in an E-Trunk must be the
same. By default, the simple password
is 00E0FC0000000000.
You can store the password in plain text
or cipher text mode.
l When the password is stored in
plaintext mode, the password is
displayed in plaintext in the
configuration file.
l When the password is encrypted in
cipher text mode, the password is
displayed as garbled characters in
the configuration file but not the real
password.
NOTICE
If the simple parameter is configured, the
password is saved in the configuration file
as plaintext. Users at a lower level can easily
obtain the password by viewing the
configuration file. This threatens network
security. Therefore, using the cipher
parameter to save the password is
recommended.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
160
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
E-Trunk
Parameter
s
Command
Description
Configure
the internal
at which
Hello
packets are
send
timer hello hello-value
If the peer device is the backup and does
not receive Hello packets sent by the
local device within the timeout period,
the peer device becomes the master after
timeout. The timeout period referred to
in this case is contained in the Hello
packet sent by the peer device rather
than the local device.
If the Hello packet from the peer device
does not contain the timeout period, the
timeout period of the local device is
used.
NOTE
Timeout period = Interval at which Hello
packets are sent x Time multiplier for
detecting Hello packets You are
recommended to set the Timeout period to
larger than 5 minutes.
By default, the value is 10, in 100 ms,
meaning Hello packets are sent at 1s.
Configure
the time
multiplier
for
detecting
Hello
packets
timer hold-on-failure
multiplier multiplier
The peer end checks the timeout period
contained in received packets to check
whether the local device times out. If the
peer device is in the backup state and
does not receive any Hello packets from
the local end within the timeout period,
the device enters the master state.
By default, the time multiplier for
detecting Hello packets is 20.
Configure a
switchback
delay time
timer revert delay
delay-value
After an E-Trunk switchover delay is
configured, the local member Eth-Trunk
interface of the E-Trunk becomes
master only when the switchback delay
times out. This delays traffic switchback
to the master device, and therefore
prevents a service interruption.
By default, the E-Trunk switchback
delay time is 120s.
NOTE
When a master device in an E-Trunk restores
from an fault, run the revert disable
command to enable the non-revertive
function on the E-Trunk to prevent traffic
loss caused by the traffic switchback.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
161
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
E-Trunk
Parameter
s
Command
Description
Configure a
description
for an ETrunk
description description
The description command can be used
to configure a description for an ETrunk configured on a device. The
description can contain the name of the
remote device. This is convenient for
maintenance.
By default, no description is provided
for an E-Trunk.
----End
3.9.5 (Optional) Configuring a Working Mode for an E-Trunk
Member Interface
To enable proper traffic transmission, configure a working mode for an E-Trunk member
interface. An E-Trunk member interface can work in automatic, forcible master, or forcible
backup mode.
Context
If a member interface in an E-Trunk works in automatic mode or is switched to the automatic
mode from the forcible master or backup mode, the master/backup status of the member interface
is determined by the master/backup status of the local E-Trunk and the peer member interface
status.
l
If the local E-Trunk works in master mode, the local member interface also works in master
mode.
l
If the local E-Trunk works in backup mode and the peer member interface fails, the local
member interface works in master mode. If the local member interface receives a recovery
message from the peer member interface, the local member interface enters the backup
mode.
By default, an E-Trunk member interface works in automatic mode. After the working mode of
an E-Trunk member interface is changed, the working mode of the member interface
automatically returns to the automatic mode once the member interface is removed from the ETrunk.
When E-Trunk member interfaces work in automatic mode, a change in the interval at which
Hello packets are exchanged or the timeout period will result in master/backup status flapping.
Therefore, configure the member interfaces to work in forcible master/backup mode before
changing the interval at which Hello packets are exchanged. After master/backup status
negotiation is complete, restore the member interfaces to the automatic mode.
Procedure
l
Issue 02 (2014-09-30)
Configure a working mode for a member Eth-Trunk interface of an E-Trunk.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
162
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1.
3 Eth-Trunk Interface Configuration
Run:
system-view
The system view is displayed.
2.
Run:
interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
Only Eth-Trunk interfaces in static LACP mode and manual load balancing mode can
be added to an E-Trunk.
NOTICE
If an Eth-Trunk in static LACP mode is added to an E-Trunk, do not configure the
maximum number of active links for the Eth-Trunk on the user-side device. Otherwise,
active interfaces are incorrectly selected during LACP negotiation, affecting service
forwarding.
3.
Run:
e-trunk mode { auto | force-master | force-backup }
A working mode is configured for the Eth-Trunk interface that is added to the E-Trunk.
l
Configure a working mode for a member global VE interface of an E-Trunk.
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface global-ve ve-number
A global VE interface is created, and the global VE interface view is displayed.
3.
Run:
e-trunk mode { auto | force-master | force-backup }
A working mode is configured for the global VE interface that is added to the E-Trunk.
----End
3.9.6 Checking the Configurations
This section describes how to check information about a configured E-Trunk, including the ETrunk priority, system ID, source and peer IP addresses of the E-Trunk, switchback delay time,
causes for the active and standby states, and description of the E-Trunk.
Prerequisites
An E-Trunk has been configured.
Procedure
l
Issue 02 (2014-09-30)
Run the display e-trunk etrunk-id command to check information about the E-Trunk.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
163
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
l
3 Eth-Trunk Interface Configuration
Run the display e-trunk bfd session command to check the binding between the dynamic
BFD session and E-Trunk.
----End
Example
l
After an Eth-Trunk interface is added to an E-Trunk and a BFD session is manually created
and bound to the E-Trunk, run the display e-trunk command to view the E-Trunk priority,
system ID, source and destination IP addresses, switchback delay, master and backup status,
and E-Trunk description.
<HUAWEI> display e-trunk 1
The E-Trunk information
E-Trunk-ID : 1
Revert-Delay-Time (s) :
120
Priority : 100
System-ID :
001E-90A0-56D3
Peer-IP : 2.2.2.2
Source-IP :
1.1.1.1
State : Master
Causation :
PRI
Send-Period (100ms) : 10
Fail-Time (100ms) :
30
Receive : 440
Send :
450
RecDrop : 0
SndDrop :
0
Peer-Priority : 100
Peer-System-ID :
00E0-4C84-2B74
Peer-Fail-Time (100ms) : 30
BFD-Session : hello
Description : PE1_to_PE2
------------------------------------------------------------------------------The Member
information
Type
ID
LocalPhyState
Work-Mode
State
Causation
RemoteID
Eth-Trunk 1
Up
auto
Master
ETRUNK_MASTER 1
l
After an Eth-Trunk interface is added to an E-Trunk and a BFD session is automatically
created and bound to the E-Trunk, run the display e-trunk command to view the E-Trunk
priority, system ID, source and destination IP addresses, switchback delay, master and
backup status, E-Trunk description, and dynamic BFD session name.
<HUAWEI> display e-trunk 1
The E-Trunk information
E-Trunk-ID : 1
120
Priority : 100
001E-90A0-56D3
Peer-IP : 2.2.2.2
1.1.1.1
State : Master
PRI
Send-Period (100ms) : 10
30
Receive : 440
450
RecDrop : 0
0
Peer-Priority : 100
00E0-4C84-2B74
Issue 02 (2014-09-30)
Revert-Delay-Time (s) :
System-ID :
Source-IP :
Causation :
Fail-Time (100ms) :
Send :
SndDrop :
Peer-System-ID :
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
164
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Peer-Fail-Time (100ms) : 30
BFD-Session : dyn_8192
Description : PE1_to_PE2
------------------------------------------------------------------------------The Member
information
Type
ID
LocalPhyState
Work-Mode
State
Causation
RemoteID
Eth-Trunk 1
Up
auto
Master
ETRUNK_MASTER 1
Run the display e-trunk bfd session all command to view the minimum intervals at which
BFD packets are sent and received, local BFD detection multiplier, and source and
destination IP addresses.
<HUAWEI> display e-trunk bfd session all
BFD session information for E-Trunk, Total BFD session(s): 1
--------------------------------------------------------------------E-TRUNK-ID : 1
TX(ms) : 40
RX(ms) : 20
Multiplier : 8
LocalIP : 1.1.1.1
PeerIP : 2.2.2.2
BFD State : Up
Local Discriminator : 8195 Remote Discriminator : 8195
l
After a global VE interface is added to an E-Trunk, run the display e-trunk command to
view the E-Trunk priority, E-Trunk member interface type, source and destination IP
addresses, timer values, and packet statistics.
<HUAWEI> display e-trunk 1
The E-Trunk information
E-TRUNK-ID : 1
Revert-Delay-Time (s) : 0
Priority : 100
System-ID : e024-7f04-28dd
Peer-IP : 2.2.2.2
Source-IP : 3.3.3.3
State : Master
Causation : PRI
Send-Period (100ms) : 5
Fail-Time (100ms) : 15
Receive : 183257
Send : 183295
RecDrop : 0
SndDrop : 0
Peer-Priority : 200
Peer-System-ID : e024-7f04-28c9
Peer-Fail-Time (100ms) : 15
BFD-Session : Description : PE1_to_PE2
------------------------------------------------------------------------------The Member information
Type
ID LocalPhyState Work-Mode
State
Causation
RemoteID
Global-VE 11 Up
auto
Master ETRUNK_MASTER
1
3.10 Maintaining Eth-Trunk Interfaces
The statistics reset commands help to locate faults in Eth-Trunk interfaces.
3.10.1 Clearing the Statistics on an Eth-Trunk Interface
Before collecting traffic information about a specific interface within a period, clear the existing
traffic statistics on this interface.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
165
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Context
NOTICE
Statistics cannot be restored after they are cleared. Exercise caution when running reset
commands.
Procedure
l
Run the reset counters interface eth-trunk [ trunk-id ] command in the user view to clear
the statistics on an Eth-Trunk interface.
l
Run the reset e-trunk packet-statistics [ e-trunk-id e-trunk-id ] command in the user view
to clear the statistics on an E-Trunk.
----End
3.11 Configuration Examples
This section describes the typical application scenario of an Eth-Trunk interface, including
networking requirements, configuration roadmap, and data preparation, and provides related
configuration files.
3.11.1 Example for Configuring Eth-Trunk Interfaces to Work in
Static LACP Mode
Eth-Trunk interfaces working in static LACP mode exchange LACP packets to determine active
and inactive member interfaces, then implement load balancing and interface backup to improve
link reliability.
Networking Requirements
As network services expand, the bandwidth provided by a single P2P physical link working in
full-duplex mode cannot meet the requirement.
The link aggregation technique can be used to configure Eth-Trunk interfaces to increase link
bandwidth and save IP addresses without deploying new hardware. If the two directly-connected
devices support LACP, Eth-Trunk interfaces working in static LACP mode can be configured
on the devices. Eth-Trunk interfaces working in static LACP mode exchange LACP packets to
determine active and inactive member interfaces. Traffic is transmitted over active links in load
balancing mode. If an active link fails, traffic transmitted over the link is automatically switched
to an available link, preventing service interruption. In addition, it is simple to configure EthTrunk interfaces to work in static LACP mode.
As shown in Figure 3-15, the static LACP link aggregation groups are configured on two PEs
to increase bandwidth and reliability between the two devices.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
166
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Figure 3-15 Networking diagram for configuring Eth-Trunk interfaces to work in static LACP
mode
Eth-Trunk1
PE1
GE 1/0/1
GE 1/0/2
GE 1/0/3
Eth-Trunk1
Eth-Trunk
CE1
user
network 1
GE 1/0/1 PE2
GE 1/0/2
GE 1/0/3
CE2
user
network 2
Active links
Backup links
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure an Eth-Trunk interface on each PE to increase bandwidth and implement load
balancing and link backup.
a.
Configure the Eth-Trunk interfaces to work in static Eth-Trunk mode.
b.
Configure a system priority for each PE to determine the active end.
2.
Add member interfaces to the Eth-Trunk interface.
3.
Configure the following Eth-Trunk interface parameters:
l Configure the maximum number of active member interfaces to improve network
reliability without affecting interface bandwidth.
l Enable LACP preemption and the delay time for LACP preemption on the Eth-Trunk
interface to ensure that a member interface with the highest LACP priority is selected
as an active interface.
4.
Configure member interface parameters, including interface priorities for determining
active links.
5.
Verify the configuration.
Data Preparation
To complete the configuration, you need the following data:
l
Issue 02 (2014-09-30)
Number of the link aggregation group on each PE
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
167
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
l
Device priorities
l
Maximum number of active Eth-Trunk member interfaces
l
Delay time for LACP preemption
l
LACP priorities of active member interfaces
Procedure
Step 1 Create Eth-Trunk 1 and configure it to work in static LACP mode.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface eth-trunk 1
[PE1-Eth-Trunk1] mode lacp-static
[PE1-Eth-Trunk1] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface eth-trunk 1
[PE2-Eth-Trunk1] mode lacp-static
[PE2-Eth-Trunk1] quit
Step 2 Configure the LACP system priority on PE1 to be 100, allowing PE1 to function as the LACP
active end.
[PE1] lacp priority 100
Step 3 Add member interfaces to Eth-Trunk 1.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/1
[PE1-Gigabitethernet1/0/1] undo shutdown
[PE1-Gigabitethernet1/0/1] eth-trunk 1
[PE1-Gigabitethernet1/0/1] quit
[PE1] interface gigabitethernet 1/0/2
[PE1-Gigabitethernet1/0/2] undo shutdown
[PE1-Gigabitethernet1/0/2] eth-trunk 1
[PE1-Gigabitethernet1/0/2] quit
[PE1] interface gigabitethernet 1/0/3
[PE1-Gigabitethernet1/0/3] undo shutdown
[PE1-Gigabitethernet1/0/3] eth-trunk 1
[PE1-Gigabitethernet1/0/3] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1
[PE2-Gigabitethernet1/0/1] undo shutdown
[PE2-Gigabitethernet1/0/1] eth-trunk 1
[PE2-Gigabitethernet1/0/1] quit
[PE2] interface gigabitethernet 1/0/2
[PE2-Gigabitethernet1/0/2] undo shutdown
[PE2-Gigabitethernet1/0/2] eth-trunk 1
[PE2-Gigabitethernet1/0/2] quit
[PE2] interface gigabitethernet 1/0/3
[PE2-Gigabitethernet1/0/3] undo shutdown
[PE2-Gigabitethernet1/0/3] eth-trunk 1
[PE2-Gigabitethernet1/0/3] quit
Step 4 Configure the maximum number of active member interfaces on PE1 to be 2.
[PE1] interface eth-trunk 1
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
168
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
[PE1-Eth-Trunk1] max active-linknumber 2
[PE1-Eth-Trunk1] quit
NOTE
As PA1 is the active end, the maximum number of active member interfaces does not need to be configured
on PE2.
Step 5 Configure LACP preemption and the LACP preemption delay time.
# Configure PE1.
[PE1] interface eth-trunk 1
[PE1-Eth-Trunk1] lacp preempt enable
[PE1-Eth-Trunk1] lacp preempt delay 20
[PE1-Eth-Trunk1] quit
# Configure PE2.
[PE2] interface eth-trunk 1
[PE2-Eth-Trunk1] lacp preempt enable
[PE2-Eth-Trunk1] lacp preempt delay 20
[PE2-Eth-Trunk1] quit
Step 6 Configure interface priorities to determine active links.
# Configure PE1.
[PE1] interface gigabitethernet
[PE1-Gigabitethernet1/0/1] lacp
[PE1-Gigabitethernet1/0/1] quit
[PE1] interface gigabitethernet
[PE1-Gigabitethernet1/0/2] lacp
[PE1-Gigabitethernet1/0/2] quit
[PE1] interface gigabitethernet
[PE1-Gigabitethernet1/0/3] lacp
[PE1-Gigabitethernet1/0/3] quit
1/0/1
priority 100
1/0/2
priority 100
1/0/3
priority 150
# Configure PE2.
[PE2] interface gigabitethernet
[PE2-Gigabitethernet1/0/1] lacp
[PE2-Gigabitethernet1/0/1] quit
[PE2] interface gigabitethernet
[PE2-Gigabitethernet1/0/2] lacp
[PE2-Gigabitethernet1/0/2] quit
[PE2] interface gigabitethernet
[PE2-Gigabitethernet1/0/3] lacp
[PE2-Gigabitethernet1/0/3] quit
1/0/1
priority 100
1/0/2
priority 100
1/0/3
priority 150
Step 7 Verify the configuration.
# Check Eth-Trunk information about each PE and check whether Eth-Trunk link negotiation
succeeds.
[PE1] display eth-trunk 1
Eth-Trunk1's state information is:
Local:
LAG ID: 1
WorkingMode: STATIC
Preempt Delay: 20
Hash arithmetic: According to MAC
System Priority: 100
System ID: 00e0-fca8-0417
Least Active-linknumber: 1
Max active-linknumber: 2
Operate status: up
Number Of Up Port In Trunk: 2
-------------------------------------------------------------------------------ActorPortName
Status
PortType PortPri PortNo PortKey PortState Weight
GigabitEthernet1/0/1
Selected 1GE
100
6145
2865
11111100 1
GigabitEthernet1/0/2
Selected 1GE
100
6146
2865
11111100 1
GigabitEthernet1/0/3
Unselect 1GE
150
6147
2865
11100000 1
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
169
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Partner:
----------------------------------------------------------------------------ActorPortName
SysPri
SystemID
PortPri PortNo PortKey
PortState
GigabitEthernet1/0/1
32768
00e0-fca6-7f85
32768
6145
2609
11111100
GigabitEthernet1/0/2
32768
00e0-fca6-7f85
32768
6146
2609
11111100
GigabitEthernet1/0/3
32768
00e0-fca6-7f85
32768
6147
2609
11110000
[PE2] display eth-trunk 1
Eth-Trunk1's state information is:
Local:
LAG ID: 1
WorkingMode: STATIC
Preempt Delay: 20
Hash arithmetic: According to MAC
System Priority: 32768
System ID: 00e0-fca6-7f85
Least Active-linknumber: 1
Max active-linknumber: 16
Operate status: up
Number Of Up Port In Trunk: 2
--------------------------------------------------------------------------------ActorPortName
Status
PortType PortPri PortNo PortKey PortState Weight
GigabitEthernet1/0/1
Selected 1GE
32768
6145
2609
11111100 1
GigabitEthernet1/0/2
Selected 1GE
32768
6146
2609
11111100 1
GigabitEthernet1/0/3
Unselect 1GE
32768
6147
2609
11100000 1
Partner:
-----------------------------------------------------------------------------ActorPortName
SysPri
SystemID
PortPri PortNo PortKey
PortState
GigabitEthernet1/0/1
32768
00e0-fca8-0417
100
6145
2865
11111100
GigabitEthernet1/0/2
32768
00e0-fca8-0417
100
6146
2865
11111100
GigabitEthernet1/0/3
32768
00e0-fca8-0417
150
6147
2865
11110000
The preceding information indicates that the system priority of PE1 is 100, which is higher than
the system priority of PE2. GE 1/0/1 and GE 1/0/2 of the Eth-Trunk interface are in the Selected
state, and GE 1/0/3 of the Eth-Trunk interface is in the Unselect state. The links of GE1/0/1 and
GE1/0/2 are the M links that are used for load balancing, and the link of GE 1/0/3 is the N link
that functions as a backup link.
----End
Configuration Files
l
Configuration file of PE1
#
sysname PE1
#
lacp priority 100
#
interface Eth-Trunk1
mode lacp-static
max active-linknumber 2
lacp preempt enable
lacp preempt delay 20
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 1
lacp priority 100
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 1
lacp priority 100
#
interface GigabitEthernet1/0/3
undo shutdown
eth-trunk 1
lacp priority 150
#
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
170
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
return
l
Configuration file of PE2
#
sysname PE2
#
interface Eth-Trunk1
mode lacp-static
lacp preempt enable
lacp preempt delay 20
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 1
lacp priority 100
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 1
lacp priority 100
#
interface GigabitEthernet1/0/3
undo shutdown
eth-trunk 1
lacp priority 150
#
return
3.11.2 Example for Configuring Eth-Trunk Interfaces to Work in
Manual Load Balancing Mode
All active member interfaces of an Eth-Trunk interface working in manual load balancing mode
participate in data forwarding. Traffic is distributed among these member links, improving link
reliability.
Networking Requirements
As network services expand, the bandwidth provided by a single P2P physical link working in
full-duplex mode cannot meet the requirement.
To increase bandwidth without obtaining more hardware resources or requiring more IP
addresses, configure Eth-Trunk interfaces using the link aggregation technique. When at least
one of the two directly-connected devices in communication does not support LACP, you can
configure an Eth-Trunk interface in manual load balancing mode on each device. Then, add
interfaces to each Eth-Trunk interface to increase the bandwidth between the two devices and
improve reliability.
As shown in Figure 3-16, the links between the two NE80E/40Es (PE1 and PE2) need high
reliability and need to implement traffic load balancing.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
171
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Figure 3-16 Networking diagram for configuring Eth-Trunk interfaces to work in manual load
balancing mode
Eth-Trunk1
PE1
GE 1/0/1
GE 1/0/2
GE 1/0/3
Eth-Trunk1
Eth-Trunk
CE1
user
network 1
GE 1/0/1 PE2
GE 1/0/2
GE 1/0/3
CE2
user
network 2
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create an Eth-Trunk interface in order to increase bandwidth.
2.
Add member interfaces to the Eth-Trunk interface.
3.
Verify the configuration.
NOTE
By default, a created Eth-Trunk interface works in manual load balancing mode. Therefore, this mode does
not need to be configured. If the current work mode is not the manual load balancing mode, run the
mode command to change the working mode.
Data Preparation
To complete the configuration, you need the following data:
l
Number of the link aggregation group
l
Types and numbers of Eth-Trunk member interfaces
Procedure
Step 1 Create an Eth-Trunk interface on each PE.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface eth-trunk 1
[PE1-Eth-Trunk1] quit
# Configure PE2.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
172
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface eth-trunk 1
[PE2-Eth-Trunk1] quit
Step 2 Add member interfaces to each Eth-Trunk interface.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/1
[PE1-Gigabitethernet1/0/1] undo shutdown
[PE1-Gigabitethernet1/0/1] eth-trunk 1
[PE1-Gigabitethernet1/0/1] quit
[PE1] interface gigabitethernet 1/0/2
[PE1-Gigabitethernet1/0/2] undo shutdown
[PE1-Gigabitethernet1/0/2] eth-trunk 1
[PE1-Gigabitethernet1/0/2] quit
[PE1] interface gigabitethernet 1/0/3
[PE1-Gigabitethernet1/0/3] undo shutdown
[PE1-Gigabitethernet1/0/3] eth-trunk 1
[PE1-Gigabitethernet1/0/3] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1
[PE2-Gigabitethernet1/0/1] undo shutdown
[PE2-Gigabitethernet1/0/1] eth-trunk 1
[PE2-Gigabitethernet1/0/1] quit
[PE2] interface gigabitethernet 1/0/2
[PE2-Gigabitethernet1/0/2] undo shutdown
[PE2-Gigabitethernet1/0/2] eth-trunk 1
[PE2-Gigabitethernet1/0/2] quit
[PE2] interface gigabitethernet 1/0/3
[PE2-Gigabitethernet1/0/3] undo shutdown
[PE2-Gigabitethernet1/0/3] eth-trunk 1
[PE2-Gigabitethernet1/0/3] quit
Step 3 Verify the configuration.
Run the display trunkmembership command in any view. You can check whether Eth-Trunk
1 on PE1 has been created, and whether the member interfaces have been added to Eth-Trunk
1. Use the display on PE1 as an example.
[PE1] display trunkmembership eth-trunk 1
Trunk ID: 1
used status: VALID
TYPE: ethernet
Working Mode : Normal
Working State: Normal
Number Of Ports in Trunk = 3
Number Of UP Ports in Trunk = 3
operate status: up
Interface GigabitEthernet1/0/1, valid, operate up, weight=1
Interface GigabitEthernet1/0/2, valid, operate up, weight=1
Interface GigabitEthernet1/0/3, valid, operate up, weight=1
----End
Configuration Files
l
Configuration file of PE1
#
sysname PE1
#
interface Eth-Trunk1
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
173
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 1
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 1
#
interface GigabitEthernet1/0/3
undo shutdown
eth-trunk 1
#
return
l
Configuration file of PE2
#
sysname PE2
#
interface Eth-Trunk1
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 1
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 1
#
interface GigabitEthernet1/0/3
undo shutdown
eth-trunk 1
#
return
3.11.3 Example for Configuring an Eth-Trunk Interface in Manual
1:1 Active/Standby Mode
One Eth-Trunk interface in manual 1:1 active/standby mode comprises only two member
interfaces. One of the two members is active and the other one is standby. The active member
interface forwards traffic when it functions properly. If the active member interface fails, the
standby member interface takes over the traffic.
Networking Requirements
As network services expand, higher network reliability is needed. An active link and a standby
link can be deployed to ensure non-stop traffic forwarding. The active link forwards traffic when
it functions properly. If the active link fails, the standby link takes over the traffic.
As shown in Figure 3-17, the intermediate device between PE1 and PE2 can receive Flush
packets. Active/standby links need to be deployed between PE1 and PE2 to ensure reliable traffic
transmission between them.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
174
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Figure 3-17 Networking diagram for configure an Eth-Trunk interface in manual 1:1 active/
standby mode
PE3
GE1/0/1
GE2/0/2
Act
iv
GE2/0/1
ink
ve l
GE2/0/3
i
t
c
A
e li
nk
GE1/0/1
Eth-Trunk 1
PE1
Eth-Trunk 1
GE1/0/2
Bac
kup
link
GE2/0/3
Bac
GE2/0/2
GE2/0/1
nk
p li
PE2
GE1/0/2
ku
PE4
Configuration Roadmap
The configuration roadmap is as follows:
Configure the manual 1:1 active/standby mode on the PEs:
1.
Create an Eth-Trunk interface on each PE and configure the interface to work in manual
1:1 active/standby mode.
2.
Add member interfaces to each Eth-Trunk interface and specify the active member
interface.
3.
Enable the sending of Flush packets.
Configure the intermediate devices:
1.
Create a control VLAN.
2.
Enable the Eth-Trunk interfaces on PE3 and PE4 to receive packets from the control VLAN.
3.
Enable the receiving of Flush packets.
Data Preparation
To complete the configuration, you need the following data:
l
Numbers of link aggregation groups on PE1 and PE2.
l
Member interface types and numbers
l
Control VLAN ID
Procedure
Step 1 Create Eth-Trunk 1 and configure it to work in manual 1:1 active/standby mode.
# Create an Eth-Trunk interface on PE1 and configure it to work in manual 1:1 active/standby
mode.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
175
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface eth-trunk 1
[PE1-Eth-Trunk1] portswitch
[PE1-Eth-Trunk1] mode manual backup
[PE1-Eth-Trunk1] quit
# Create an Eth-Trunk interface on PE2 and configure it to work in manual 1:1 active/standby
mode.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface eth-trunk 1
[PE2-Eth-Trunk1] portswitch
[PE2-Eth-Trunk1] mode manual backup
[PE2-Eth-Trunk1] quit
Step 2 Add member interfaces to each Eth-Trunk interface and specify the active member interface.
# Add GE 1/0/1 and GE 1/0/2 on PE1 to Eth-Trunk 1 and specify GE 1/0/1 to be the active
member interface.
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] undo shutdown
[PE1-GigabitEthernet1/0/1] eth-trunk 1
[PE1-GigabitEthernet1/0/1] port-master
[PE1-GigabitEthernet1/0/1] quit
[PE1] interface gigabitethernet 1/0/2
[PE1-GigabitEthernet1/0/2] undo shutdown
[PE1-GigabitEthernet1/0/2] eth-trunk 1
[PE1-GigabitEthernet1/0/2] quit
# Add GE 1/0/1 and GE 1/0/2 to Eth-Trunk 1 and specify GE 1/0/1 to be the active member
interface on PE2.
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] undo shutdown
[PE2-GigabitEthernet1/0/1] eth-trunk 1
[PE2-GigabitEthernet1/0/1] port-master
[PE2-GigabitEthernet1/0/1] quit
[PE2] interface gigabitethernet 1/0/2
[PE2-GigabitEthernet1/0/2] undo shutdown
[PE2-GigabitEthernet1/0/2] eth-trunk 1
[PE2-GigabitEthernet1/0/2] quit
Step 3 Enable the sending of Flush packets.
# Enable the sending of Flush packets on PE1.
[PE1] vlan 5
[PE1-vlan5] quit
[PE1] interface eth-trunk 1
[PE1-Eth-Trunk1] port trunk allow-pass vlan 5
[PE1-Eth-Trunk1] smart-link flush send vlan 5
[PE1-Eth-Trunk1] quit
# Enable the sending of Flush packets on PE2.
[PE2] vlan 5
[PE2-vlan5] quit
[PE2] interface eth-trunk 1
[PE2-Eth-Trunk1] port trunk allow-pass vlan 5
[PE2-Eth-Trunk1] smart-link flush send vlan 5
[PE2-Eth-Trunk1] quit
Step 4 Create a control VLAN on each intermediate device.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
176
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
# Configure PE3.
<HUAWEI> system-view
[HUAWEI] sysname PE3
[PE3] vlan 5
[PE3-vlan5] quit
# Configure PE4.
<HUAWEI> system-view
[HUAWEI] sysname PE4
[PE4] vlan 5
[PE4-vlan5] quit
Step 5 Enable the interfaces on the intermediate devices to receive control VLAN packets.
# Configure PE3.
[PE3] interface gigabitethernet 2/0/1
[PE3-GigabitEthernet2/0/1] undo shutdown
[PE3-GigabitEthernet2/0/1] portswitch
[PE3-GigabitEthernet2/0/1] port trunk allow-pass vlan 5
[PE3-GigabitEthernet2/0/1] quit
[PE3] interface gigabitethernet 2/0/2
[PE3-GigabitEthernet2/0/2] undo shutdown
[PE3-GigabitEthernet2/0/2] portswitch
[PE3-GigabitEthernet2/0/2] port trunk allow-pass vlan 5
[PE3-GigabitEthernet2/0/2] quit
[PE3] interface gigabitethernet 2/0/3
[PE3-GigabitEthernet2/0/3] undo shutdown
[PE3-GigabitEthernet2/0/3] portswitch
[PE3-GigabitEthernet2/0/3] port trunk allow-pass vlan 5
[PE3-GigabitEthernet2/0/3] quit
# Configure PE4.
[PE4] interface gigabitethernet 2/0/1
[PE4-GigabitEthernet2/0/1] undo shutdown
[PE4-GigabitEthernet2/0/1] portswitch
[PE4-GigabitEthernet2/0/1] port trunk allow-pass vlan 5
[PE4-GigabitEthernet2/0/1] quit
[PE4] interface gigabitethernet 2/0/2
[PE4-GigabitEthernet2/0/2] undo shutdown
[PE4-GigabitEthernet2/0/2] portswitch
[PE4-GigabitEthernet2/0/2] port trunk allow-pass vlan 5
[PE4-GigabitEthernet2/0/2] quit
[PE4] interface gigabitethernet 2/0/3
[PE4-GigabitEthernet2/0/3] undo shutdown
[PE4-GigabitEthernet2/0/3] portswitch
[PE4-GigabitEthernet2/0/3] port trunk allow-pass vlan 5
[PE4-GigabitEthernet2/0/3] quit
Step 6 Enable the interfaces on the intermediate devices to receive Flush packets.
# Configure PE3.
[PE3] interface gigabitethernet 2/0/1
[PE3-GigabitEthernet2/0/1] smart-link flush enable control-vlan 5
[PE3-GigabitEthernet2/0/1] quit
[PE3] interface gigabitethernet 2/0/2
[PE3-GigabitEthernet2/0/2] smart-link flush enable control-vlan 5
[PE3-GigabitEthernet2/0/2] quit
[PE3] interface gigabitethernet 2/0/3
[PE3-GigabitEthernet2/0/3] smart-link flush enable control-vlan 5
[PE3-GigabitEthernet2/0/3] quit
# Configure PE4.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
177
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
[PE4] interface gigabitethernet 2/0/1
[PE4-GigabitEthernet2/0/1] smart-link flush enable control-vlan 5
[PE4-GigabitEthernet2/0/1] quit
[PE4] interface gigabitethernet 2/0/2
[PE4-GigabitEthernet2/0/2] smart-link flush enable control-vlan 5
[PE4-GigabitEthernet2/0/2] quit
[PE4] interface gigabitethernet 2/0/3
[PE4-GigabitEthernet2/0/3] smart-link flush enable control-vlan 5
[PE4-GigabitEthernet2/0/3] quit
Step 7 Verify the configuration.
# Check the link aggregation group of the PEs configured with the manual 1:1 active/standby
link aggregation In the following example, the display on PE1 is used. If the configuration is
correct, you can view the correct working mode and active and standby interfaces.
[PE1] display eth-trunk 1
Eth-Trunk1's state information is:
WorkingMode: BACKUP
WorkingState: Master
-------------------------------------------------------------------------------PortName
Slave/Master
GigabitEthernet1/0/1
M
GigabitEthernet1/0/2
S
# Check the configuration of the interfaces on the intermediate devices. In the following example,
the display on GE 2/0/1 of PE3 is used.
[PE3-GigabitEthernet2/0/1] display this
port trunk allow-pass vlan 5
smart-link flush enable control-vlan 5
----End
Configuration Files
l
Configuration file of PE1
#
sysname PE1
#
vlan batch 5
#
interface Eth-Trunk1
portswitch
port trunk allow-pass vlan 5
mode manual backup
smart-link flush send vlan 5
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 1
port-master
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 1
#
return
l
Configuration file of PE2
#
sysname PE2
#
vlan batch 5
#
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
178
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
interface Eth-Trunk1
portswitch
port trunk allow-pass vlan 5
mode manual backup
smart-link flush send vlan 5
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 1
port-master
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 1
#
return
l
Configuration file of PE3
#
sysname PE3
#
vlan batch 5
#
interface GigabitEthernet2/0/1
undo shutdown
portswitch
port trunk allow-pass vlan 5
smart-link flush enable control-vlan 5
#
interface GigabitEthernet2/0/2
undo shutdown
portswitch
port trunk allow-pass vlan 5
smart-link flush enable control-vlan 5
#
interface GigabitEthernet2/0/3
undo shutdown
portswitch
port trunk allow-pass vlan 5
smart-link flush enable control-vlan 5
#
return
l
Configuration file of PE4
#
sysname PE4
#
vlan batch 5
#
interface GigabitEthernet2/0/1
undo shutdown
portswitch
port trunk allow-pass vlan 5
smart-link flush enable control-vlan 5
#
interface GigabitEthernet2/0/2
undo shutdown
portswitch
port trunk allow-pass vlan 5
smart-link flush enable control-vlan 5
#
interface GigabitEthernet2/0/3
undo shutdown
portswitch
port trunk allow-pass vlan 5
smart-link flush enable control-vlan 5
#
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
179
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
return
3.11.4 Example for Configuring an Eth-Trunk Interface to Work in
Inter-Board Interface Standby Mode
This section provides an example for configuring an Eth-Trunk interface to work in inter-board
interface standby mode.
Networking requirements
On a live network, many users lease only one link to carry their services, posing a risk of service
interruption. To improve service transmission reliability, a device must support board
redundancy.
On the network shown in Figure 3-18, a downstream CE is connected to a passive optical splitter
(POS). The POS changes one channel of optical signals to two channels, which then connect to
two different boards on an upstream PE. To implement board redundancy for the upstream PE,
you can configure an Eth-Trunk interface on the PE to work in inter-board interface standby
mode and add the interfaces on the two boards to the Eth-Trunk interface.
Figure 3-18 Configuring an Eth-Trunk interface to work in inter-board interface standby mode
Eth-Trunk
Master link
Optical
splitter
CE
GE1/0/1
Backup link
GE2/0/1 PE
Precautions
The interfaces to be added to an Eth-Trunk interface in inter-board interface standby mode must
reside on different boards.
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create an Eth-Trunk interface on the PE, configure the Eth-Trunk interface to work in interboard interface standby mode, and add Ethernet interfaces to the Eth-Trunk interface.
2.
Specify the most reliable interface as the master interface of the Eth-Trunk interface on the
PE to improve link reliability.
Data Preparation
To complete the configuration, you need the following data:
l
Eth-Trunk interface ID
l
Eth-Trunk member interface type and number
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
180
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Procedure
Step 1 Create an Eth-Trunk interface on the PE, configure the Eth-Trunk interface to work in interboard interface standby mode, and add Ethernet interfaces to the Eth-Trunk interface.
<HUAWEI> system-view
[HUAWEI] sysname PE
[PE] interface eth-trunk 10
[PE-Eth-Trunk10] mode manual port-standby
[PE-Eth-Trunk10] trunkport GigabitEthernet 1/0/1 2/0/1
[PE-Eth-Trunk10] quit
Step 2 Specify the master member interface of the Eth-Trunk interface on the PE.
[PE] interface gigabitethernet 1/0/1
[PE-GigabitEthernet1/0/1] undo shutdown
[PE-GigabitEthernet1/0/1] port-master
[PE-GigabitEthernet1/0/1] quit
[PE] interface gigabitethernet 2/0/1
[PE-GigabitEthernet2/0/1] undo shutdown
[PE-GigabitEthernet2/0/1] quit
Step 3 Verify the configuration.
After completing the configurations, run the display eth-trunk command on PE. The command
output shows that the Eth-Trunk ID is 10, the Eth-Trunk interface works in inter-board interface
standby mode, and GE 1/0/1 is the master member interface.
[PE] display eth-trunk 10
Eth-Trunk10's state information is:
WorkingMode: PORT-STANDBY
WorkingState: Master
-------------------------------------------------------------------------------PortName
Slave/Master
GigabitEthernet1/0/1
M
GigabitEthernet2/0/1
S
----End
PE configuration file
#
sysname PE
#
interface Eth-Trunk10
portswitch
mode manual port-standby
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 10
port-master
#
interface GigabitEthernet2/0/1
undo shutdown
eth-trunk 10
#
return
3.11.5 Example for Configuring VLANs to Communicate Through
Eth-Trunk Sub-interfaces
To implement communication between VLANs, you can create Eth-Trunk sub-interfaces on the
Eth-Trunk interfaces between routers and switches. In addition, you need to configure an IP
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
181
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
address and 802.1Q encapsulation for every Eth-Trunk sub-interface, and configure associated
VLANs on them. Inter-VLAN communication can be implemented by using Layer 2 switches
and routers.
Networking Requirements
Users in different residential areas on different network segments require various services such
as Internet, IPTV, and VoIP services. The network administrator of each residential area
configures a VLAN for each service to simplify management. Currently, the same type of service
in different residential areas belongs to different VLANs. It is required that users in different
VLANs communicate with each other through load balanced links that provide higher bandwidth
to ensure high-quality communication.
As shown in Figure 3-19, CE1 is connected to the PE by using Eth-Trunk1, and CE2 is connected
to the PE by using Eth-Trunk2. Configure VLAN 10 on CE1 and VLAN 20 on CE2. Create EthTrunk sub-interfaces on the PE to allow VLAN 10 and VLAN 20 to communicate through the
sub-interfaces.
Figure 3-19 Networking diagram for configuring VLANs to communicate through Eth-Trunk
sub-interfaces
CE1 Eth-Trunk1
GE1/0/1
GE1/0/2
Eth-Trunk1.1
10.10.1.10/24
GE1/0/1
GE1/0/2
PE
Eth-Trunk2.1
10.10.2.10/24
GE2/0/1
GE2/0/2
VLAN10
Eth-Trunk2
GE1/0/1
CE2
GE1/0/2
VLAN20
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create Eth-Trunk sub-interfaces and configure IP addresses for them to implement
communication between CE1 and CE2.
2.
Configure the encapsulation mode of each Eth-Trunk sub-interface as 802.1Q and
configure the associated VLANs.
3.
Configure the Eth-Trunk interfaces on CE1 and CE2 as Layer 2 interfaces and allow VLAN
frames to pass through.
4.
Verify the configuration.
Data Preparation
To complete the configuration, you need the following data:
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
182
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
l
Numbers of Eth-Trunk interfaces on CE1 and CE2, and member interfaces of each EthTrunk interface
l
Numbers of Eth-Trunk interfaces on the PE, and member interfaces of each Eth-Trunk
interface
l
Numbers of Eth-Trunk sub-interfaces on the PE and associated VLANs
l
IP addresses of Eth-Trunk sub-interfaces
Procedure
Step 1 Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
# Create Eth-Trunk 1 and configure the VLANs whose packets can pass through Eth-Trunk 1.
[CE1] interface eth-trunk 1
[CE1-Eth-Trunk1] portswitch
[CE1-Eth-Trunk1] port link-type trunk
[CE1-Eth-Trunk1] port trunk allow-pass vlan 10
[CE1-Eth-Trunk1] quit
# Add GE 1/0/1 and GE 1/0/2 to Eth-Trunk 1.
[CE1] interface gigabitethernet 1/0/1
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] eth-trunk 1
[CE1-GigabitEthernet1/0/1] quit
[CE1] interface gigabitethernet 1/0/2
[CE1-GigabitEthernet1/0/2] undo shutdown
[CE1-GigabitEthernet1/0/2] eth-trunk 1
[CE1-GigabitEthernet1/0/2] quit
Step 2 # Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
# Create Eth-Trunk 2 and configure the VLANs whose packets can pass through Eth-Trunk 2.
[CE2] interface eth-trunk 2
[CE2-Eth-Trunk2] portswitch
[CE2-Eth-Trunk2] port link-type trunk
[CE2-Eth-Trunk2] port trunk allow-pass vlan 20
[CE2-Eth-Trunk2] quit
# Add GE 1/0/1 and GE 1/0/2 to Eth-Trunk 2.
[CE2] interface gigabitethernet 1/0/1
[CE2-GigabitEthernet1/0/1] undo shutdown
[CE2-GigabitEthernet1/0/1] eth-trunk 2
[CE2-GigabitEthernet1/0/1] quit
[CE2] interface gigabitethernet 1/0/2
[CE2-GigabitEthernet1/0/2] undo shutdown
[CE2-GigabitEthernet1/0/2] eth-trunk 2
[CE2-GigabitEthernet1/0/2] quit
Step 3 Configure the PE.
<HUAWEI> system-view
[HUAWEI] sysname PE
# Create Eth-Trunk 1.
[PE] interface eth-trunk 1
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
183
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
[PE-Eth-Trunk1] quit
# Add GE 1/0/1 and GE 1/0/2 to Eth-Trunk 1.
[PE] interface gigabitethernet 1/0/1
[PE-GigabitEthernet1/0/1] undo shutdown
[PE-GigabitEthernet1/0/1] eth-trunk 1
[PE-GigabitEthernet1/0/1] quit
[PE] interface gigabitethernet 1/0/2
[PE-GigabitEthernet1/0/2] undo shutdown
[PE-GigabitEthernet1/0/2] eth-trunk 1
[PE-GigabitEthernet1/0/2] quit
# Create Eth-Trunk 1.1 and configure an IP address for it.
[PE] interface eth-trunk 1.1
[PE-Eth-Trunk1.1] ip address 10.10.1.10 255.255.255.0
# Configure the 802.1Q encapsulation on Eth-Trunk 1.1 and associate Eth-Trunk 1.1 with VLAN
10.
[PE-Eth-Trunk1.1] vlan-type dot1q 10
[PE-Eth-Trunk1.1] quit
# Create Eth-Trunk 2.
[PE] interface eth-trunk 2
[PE-Eth-Trunk2] quit
# Add GE 2/0/1 and GE 2/0/2 to Eth-Trunk 2.
[PE] interface gigabitethernet 2/0/1
[PE-GigabitEthernet2/0/1] undo shutdown
[PE-GigabitEthernet2/0/1] eth-trunk 2
[PE-GigabitEthernet2/0/1] quit
[PE] interface gigabitethernet 2/0/2
[PE-GigabitEthernet2/0/2] undo shutdown
[PE-GigabitEthernet2/0/2] eth-trunk 2
[PE-GigabitEthernet2/0/2] quit
# Create Eth-Trunk 2.1 and configure an IP address for it.
[PE] interface eth-trunk 2.1
[PE-Eth-Trunk2.1] ip address 10.10.2.10 255.255.255.0
# Configure Eth-Trunk 2.1 to be encapsulated with 802.1Q and be associated with VLAN 20.
[PE-Eth-Trunk2.1] vlan-type dot1q 20
[PE-Eth-Trunk2.1] quit
Step 4 Verify the configuration.
Assign IP addresses on the same network segment with that of Eth-Trunk1.1 to the hosts in
VLAN 10. Specify the IP address 10.110.2.10/24 of Eth-Trunk 1.1 as the default gateway.
Assign IP addresses on the same network segment with that of Eth-Trunk 2.1 to the hosts in
VLAN 20. Specify the IP address 10.110.2.10/24 of Eth-Trunk 2.1 as the default gateway.
After the configurations are complete, PCs in VLAN 10 and VLAN 20 can successfully ping
each other.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
184
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Configuration Files
l
Configuration file of CE1
#
sysname CE1
#
interface Eth-Trunk1
portswitch
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 1
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 1
#
return
l
Configuration file of the PE
#
sysname PE
#
interface Eth-Trunk1
#
interface Eth-Trunk1.1
vlan-type dot1q 10
ip address 10.10.1.10 255.255.255.0
#
interface Eth-Trunk2
#
interface Eth-Trunk2.1
vlan-type dot1q 20
ip address 10.10.2.10 255.255.255.0
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 1
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 1
#
interface GigabitEthernet2/0/1
undo shutdown
eth-trunk 2
#
interface GigabitEthernet2/0/2
undo shutdown
eth-trunk 2
#
return
l
Configuration file of CE2
#
sysname CE2
#
interface Eth-Trunk2
portswitch
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 2
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
185
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 2
#
return
3.11.6 Example for Associating Eth-Trunk Interfaces in Static LACP
Mode with an mVRRP Backup Group
In the networking, the status of devices in the mVRRP backup group determines the status of
the associated Eth-Trunk interface in static LACP mode.
Networking Requirements
A CE is dual-homed to two UPEs through Eth-Trunk links in static LACP mode, and an mVRRP
backup group is configured between the UPEs and configured with the function for tracking the
status of physical interfaces.
As shown in Figure 3-20, initially, UPE1 was the master device and UPE2 was the backup
device. When the mVRRP backup group detected that the physical interface GE 1/0/4 on UPE1
went Down, a master/backup switchover occurred on the mVRRP backup group. The traffic,
however, was still interrupted. Analysis shows that traffic cannot be switched from the link
between the CE and UPE1 to the link between the CE to UPE2, causing traffic interruption.
To solve the problem, you can associate the Eth-Trunk interface in static LACP mode with the
mVRRP backup group configured between the UPEs.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
186
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Figure 3-20 Typical networking diagram for associating an Eth-Trunk interface in static LACP
mode with an mVRRP backup group
IP/MPLS
Core
Backup group 1
Virtual IP address:10.1.1.10
GE1/0/3
10.1.1.2/24
GE1/0/3
10.1.1.1/24
Eth-Trunk 20
1
mVRRP
0/
2
UPE2
GE1/0/2
G
E1
/
G
E1
/
GE1/0/1
GE1/0/4
Eth-Trunk 10
Eth-Trunk 30
GE
1/0
/1
1/0
/2
GE
GE
1/0
/3
GE
1/0
/4
UPE1
0/
GE1/0/4
CE
VRRP-tracked interface
The association enables the status of the UPEs in the mVRRP backup group to determine the
status of the associated Eth-Trunk links.
l
When UPE1 is the master device, the Eth-Trunk link between the CE and UPE1 is Up and
the Eth-Trunk link between the CE and UPE2 is Down.
l
When UPE1 is the backup device, the Eth-Trunk link between the CE and UPE1 is Down
and the Eth-Trunk link between the CE and UPE2 is Up.
l
The IDs of Eth-Trunk interfaces to which GE interfaces on the CE, UPE1, and UPE2 are
added can be different.
Precautions
Eth-Trunk interfaces must work in static LACP mode.
l
An mVRRP backup group must be configured on directly-connected UPEs to implement
fast switchover in the VRRP backup group.
An mVRRP backup group ignores the event that an interface goes Down. When the
interface where the mVRRP backup group resides goes Down, the VRRP backup group
rapidly changes to Master but not Initialize.
Configuration Roadmap
The configuration roadmap is as follows:
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
187
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
1.
3 Eth-Trunk Interface Configuration
Configure Eth-Trunk interfaces working in static LACP mode.
2.
a.
Configure Eth-Trunk interfaces of different IDs working in static LACP mode on the
CE, UPE1, and UPE2.
b.
Add GE interfaces to the Eth-Trunk interfaces.
Configure an mVRRP backup group between the UPEs.
a.
Create the mVRRP backup group on the GE interface of UPE1 and configure UPE1
with a higher mVRRP backup group priority to ensure that UPE1 is the master device.
b.
Create the mVRRP backup group on the GE interface of UPE2 and configure UPE2
with the default mVRRP backup group priority (lower than the mVRRP backup group
priority of UPE1) to ensure that UPE2 is the backup device.
3.
Configure the function of tracking status of physical interfaces for the mVRRP backup
group.
4.
Associate the Eth-Trunk interfaces in static LACP mode on the UPEs with the mVRRP
backup group.
5.
Verify the configuration.
Data Preparation
To complete the configuration, you need the following data:
l
Numbers of the Eth-Trunk interfaces in static LACP mode on the CE, UPE1, and UPE2
l
Member interfaces of Eth-Trunk interfaces in static LACP mode
l
ID and virtual IP address of the mVRRP backup group, and ID of the VRRP backup group
on the UPEs
l
Priority of UPE1 in the VRRP backup group
Procedure
Step 1 Configure Eth-Trunk interfaces in static LACP mode and add GE interfaces to them.
NOTE
Ensure that the GE interfaces to be added to the Eth-Trunk interfaces in static LACP mode are Up. If a GE
interface is Down, run the undo shutdown command in the view of the GE interface.
# Configure the CE.
<HUAWEI> system-view
[HUAWEI] sysname CE
[CE] interface Eth-Trunk 10
[CE-Eth-Trunk10] mode lacp-static
[CE-Eth-Trunk10] trunkport gigabitethernet 1/0/1 to 1/0/4
[CE-Eth-Trunk10] quit
# Configure UPE1.
<HUAWEI> system-view
[HUAWEI] sysname UPE1
[UPE1] interface Eth-Trunk 20
[UPE1-Eth-Trunk20] mode lacp-static
[UPE1-Eth-Trunk20] trunkport gigabitethernet 1/0/1 to 1/0/2
[UPE1-Eth-Trunk20] quit
# Configure UPE2.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
188
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
<HUAWEI> system-view
[HUAWEI] sysname UPE2
[UPE2] interface Eth-Trunk 30
[UPE2-Eth-Trunk30] mode lacp-static
[UPE2-Eth-Trunk30] trunkport gigabitethernet 1/0/1 to 1/0/2
[UPE2-Eth-Trunk30] quit
After the preceding configurations are complete, you can run the display eth-trunk command
on the CE or UPEs to check whether the working mode of an Eth-Trunk interface is STATIC
and view the configurations of its member interfaces. Use the display on UPE1 as an example:
[UPE1] display eth-trunk 20
Eth-Trunk20's state information is:
Local:
LAG ID: 20
WorkingMode: STATIC
Preempt Delay: Disabled
Hash arithmetic: According to flow
System Priority: 32768
System ID: 00e0-6923-4900
Least Active-linknumber: 1 Max Active-linknumber: 16
Operate status: up
Number Of Up Port In Trunk: 2
-------------------------------------------------------------------------------ActorPortName
Status
PortType PortPri PortNo PortKey PortState Weight
GigabitEthernet1/0/1
Selected 1GE
32768
257
5169
10111100 1
GigabitEthernet1/0/2
Selected 1GE
32768
258
5169
10111100 1
Partner:
-------------------------------------------------------------------------------ActorPortName
SysPri SystemID
PortPri PortNo PortKey
PortState
GigabitEthernet1/0/1
32768 00e0-b94e-fb00 32768
257
2609
10111100
GigabitEthernet1/0/2
32768 00e0-b94e-fb00 32768
258
2609
10111100
Step 2 Configure the mVRRP backup group
NOTE
l In this example, the keyword ignore-if-down must be configured when the mVRRP backup group is
being configured. When the interface where the mVRRP backup group resides goes Down, the status
of the VRRP backup group changes to Master but not Initialize.
If the keyword is not configured, and GE 1/0/3 on UPE1 goes Down, GE 1/0/3 on UPE2 also goes
Down. As a result, the status of VRRP configured on GE 1/0/3 of UPE2 changes from Backup to
Initialize, and therefore a master/slave switchover cannot be implemented in the mVRRP backup group.
l Except for a fault in UPE1, you are recommended not to run the shutdown command on GE 1/0/3 of
UPE1. Otherwise, the status of mVRRP backup group on both UPE1 and UPE2 becomes Master,
causing service interruption.
l In other scenarios, you are recommended not to configure the keyword ignore-if-down unless
otherwise stated. Otherwise, the VRRP state machine is inconsistent with that defined in the RFC file.
# Configure IP addresses for GE interfaces on UPE1 as described in Figure 3-20 and create
mVRRP backup group 1. Set the mVRRP backup group priority on UPE1 to 120, allowing UPE1
to function as the master device.
[UPE1] interface gigabitethernet 1/0/3
[UPE1-GigabitEthernet1/0/3] undo shutdown
[UPE1-GigabitEthernet1/0/3] ip address 10.1.10.1 255.255.255.0
[UPE1-GigabitEthernet1/0/3] vrrp vrid 1 virtual-ip 10.1.10.10
[UPE1-GigabitEthernet1/0/3] vrrp vrid 1 priority 120
[UPE1-GigabitEthernet1/0/3] admin-vrrp vrid 1 ignore-if-down
# Configure IP addresses for GE interfaces on UPE2 as described in Figure 3-20 and create
mVRRP backup group 1. Configure the mVRRP backup group priority on UPE2 to be the default
value, allowing UPE2 to function as the backup device.
[UPE2] interface gigabitethernet 1/0/3
[UPE2-GigabitEthernet1/0/3] undo shutdown
[UPE2-GigabitEthernet1/0/3] ip address 10.1.1.2 255.255.255.0
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
189
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
[UPE2-GigabitEthernet1/0/3] vrrp vrid 1 virtual-ip 10.1.10.10
[UPE2-GigabitEthernet1/0/3] admin-vrrp vrid 1 ignore-if-down
Step 3 Configure the function of tracking interface status for the mVRRP backup group.
# Configure UPE1.
[UPE1-GigabitEthernet1/0/3]
reduced 40
[UPE1-GigabitEthernet1/0/3]
reduced 40
[UPE1-GigabitEthernet1/0/3]
reduced 40
[UPE1-GigabitEthernet1/0/3]
vrrp vrid 1 track interface gigabitethernet1/0/1
vrrp vrid 1 track interface gigabitethernet1/0/2
vrrp vrid 1 track interface gigabitethernet1/0/4
quit
# Configure UPE2.
[UPE2-GigabitEthernet1/0/3]
reduced 40
[UPE2-GigabitEthernet1/0/3]
reduced 40
[UPE2-GigabitEthernet1/0/3]
reduced 40
[UPE2-GigabitEthernet1/0/3]
vrrp vrid 1 track interface gigabitethernet1/0/1
vrrp vrid 1 track interface gigabitethernet1/0/2
vrrp vrid 1 track interface gigabitethernet1/0/4
quit
After the preceding configurations are complete, you can run the display vrrp command on
UPE1 to check whether the status of UPE1 is Master or run the display vrrp command on UPE2
to check whether the status of UPE2 is Backup. In addition, you can view the type of the VRRP
backup group and the tracked member interface.
[UPE1] display vrrp
GigabitEthernet1/0/3 | Virtual Router
State : Master
Virtual IP : 10.1.10.10
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES
Delay Time : 0
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Config type : admin-vrrp
Backup-forward : disabled
Track IF : GigabitEthernet1/0/1
IF State : UP
Track IF : GigabitEthernet1/0/2
IF State : UP
Track IF : GigabitEthernet1/0/4
IF State : UP
Config track link-bfd down-number
[UPE2] display vrrp
GigabitEthernet1/0/3 | Virtual Router
State : Backup
Virtual IP : 10.1.10.10
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES
Delay Time : 0
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Config type : admin-vrrp
Backup-forward : disabled
Issue 02 (2014-09-30)
1
priority reduced : 40
priority reduced : 40
priority reduced : 40
: 0
1
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
190
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Track IF : GigabitEthernet1/0/1
IF State : UP
Track IF : GigabitEthernet1/0/2
IF State : UP
Track IF : GigabitEthernet1/0/4
IF State : UP
Config track link-bfd down-number
3 Eth-Trunk Interface Configuration
priority reduced : 40
priority reduced : 40
priority reduced : 40
: 0
Step 4 Associate the Eth-Trunk Interfaces in Static LACP Mode with the mVRRP backup group.
# Configure UPE1.
[UPE1] interface Eth-Trunk 20
[UPE1-Eth-Trunk20] lacp track vrrp vrid 1 interface gigabitethernet1/0/3
[UPE1-Eth-Trunk20] quit
# Configure UPE2.
[UPE2] interface Eth-Trunk 30
[UPE2-Eth-Trunk30] lacp track vrrp vrid 1 interface gigabitethernet1/0/3
[UPE2-Eth-Trunk30] quit
Step 5 Verify the configuration.
l Run the display interface eth-trunk command on each UPE. The command output shows
that the Eth-Trunk link between the CE and UPE1 is Up and the Eth-Trunk link between the
CE and UPE2 is Down.
[UPE1] display interface eth-trunk 20
Eth-Trunk20 current state : UP
Line protocol current state : DOWN
Description:HUAWEI, Eth-Trunk20 Interface
Route Port,Hash arithmetic : According to flow,Maximal BW: 2G, Current BW: 2G,
The Maximum Transmit Unit is 1500
Internet protocol processing : disabled
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-6923-4900
Physical is ETH_TRUNK
Current system time: 2010-08-29 20:26:18
QoS max-bandwidth : 0 Kbps
Output queue : (Urgent queue : Size/Length/Discards) 0/50/0
Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0
Output queue : (FIFO queue : Size/Length/Discards) 0/256/0
Last 300 seconds input rate 64 bits/sec, 0 packets/sec
Last 300 seconds output rate 56 bits/sec, 0 packets/sec
Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec
Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec
Input: 1044 packets,129456 bytes,
0 unicast,0 broadcast,1044 multicast
0 errors,0 drops,0 unknownprotocol
Output:1051 packets,130324 bytes,
0 unicast,0 broadcast,1051 multicast
0 errors,0 drops
Input bandwidth utilization : 0.00%
Output bandwidth utilization : 0.00%
----------------------------------------------------PortName
Status
Weight
----------------------------------------------------GigabitEthernet1/0/1
UP
1
GigabitEthernet1/0/2
UP
1
----------------------------------------------------The Number of Ports in Trunk : 2
The Number of UP Ports in Trunk : 2
[UPE2] display interface eth-trunk 30
Eth-Trunk30 current state : DOWN
Line protocol current state : DOWN
Description:HUAWEI, Eth-Trunk30 Interface
Route Port,Hash arithmetic : According to flow,Maximal BW: 2G, Current BW: 0M,
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
191
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
The Maximum Transmit Unit is 1500
Internet protocol processing : disabled
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-4c45-3500
Physical is ETH_TRUNK
Current system time: 2010-08-29 20:30:18
QoS max-bandwidth : 0 Kbps
Output queue : (Urgent queue : Size/Length/Discards) 0/50/0
Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0
Output queue : (FIFO queue : Size/Length/Discards) 0/256/0
Last 300 seconds input rate 64 bits/sec, 0 packets/sec
Last 300 seconds output rate 64 bits/sec, 0 packets/sec
Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec
Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec
Input: 1060 packets,131440 bytes,
0 unicast,0 broadcast,1060 multicast
0 errors,0 drops,0 unknownprotocol
Output:1057 packets,131068 bytes,
0 unicast,0 broadcast,1057 multicast
0 errors,0 drops
Input bandwidth utilization : 0.00%
Output bandwidth utilization : 0.00%
----------------------------------------------------PortName
Status
Weight
----------------------------------------------------GigabitEthernet1/0/1
DOWN
1
GigabitEthernet1/0/2
DOWN
1
----------------------------------------------------The Number of Ports in Trunk : 2
The Number of UP Ports in Trunk : 0
l Run the vrrp vrid 1 priority 140 command in the view of GE 1/0/3 on UPE2 to increase
the mVRRP backup group priority on UPE2. This allows UPE2 to become the master device
and UPE1 to become the backup device. Then, perform the following steps on UPEs:
– Run the display vrrp command on UPE1. The command output shows that UPE1 is the
backup device. Run the display interface eth-trunk command on UPE1. The command
output shows that the status of the Eth-Trunk link between the CE and UPE1 is Down.
[UPE1] display vrrp
GigabitEthernet1/0/3 | Virtual Router 1
State : Backup
Virtual IP : 10.1.10.10
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 140
Preempt : YES
Delay Time : 0
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Config type : admin-vrrp
Backup-forward : disabled
Track IF : GigabitEthernet1/0/1
priority reduced
IF State : UP
Track IF : GigabitEthernet1/0/2
priority reduced
IF State : UP
Track IF : GigabitEthernet1/0/4
priority reduced
IF State : UP
Config track link-bfd down-number : 0
[UPE1] display interface Eth-Trunk 20
Eth-Trunk20 current state : DOWN
Line protocol current state : DOWN
Description:HUAWEI, Eth-Trunk20 Interface
Route Port,Hash arithmetic : According to flow,Maximal
0M, T
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
: 40
: 40
: 40
BW: 2G, Current BW:
192
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
he Maximum Transmit Unit is 1500
Internet protocol processing : disabled
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is
00e0-6923-4900
Physical is ETH_TRUNK
Current system time: 2010-08-29 20:31:45
QoS max-bandwidth : 0 Kbps
Output queue : (Urgent queue : Size/Length/Discards) 0/50/0
Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0
Output queue : (FIFO queue : Size/Length/Discards) 0/256/0
Last 300 seconds input rate 96 bits/sec, 0 packets/sec
Last 300 seconds output rate 104 bits/sec, 0 packets/sec
Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec
Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec
Input: 1109 packets,137516 bytes,
0 unicast,0 broadcast,1109 multicast
0 errors,0 drops,0 unknownprotocol
Output:1117 packets,138508 bytes,
0 unicast,0 broadcast,1117 multicast
0 errors,0 drops
Input bandwidth utilization : 0.00%
Output bandwidth utilization : 0.00%
----------------------------------------------------PortName
Status
Weight
----------------------------------------------------GigabitEthernet1/0/1
DOWN
1
GigabitEthernet1/0/2
DOWN
1
----------------------------------------------------The Number of Ports in Trunk : 2
The Number of UP Ports in Trunk : 0
– Run the display vrrp command on UPE2. The command output shows that UPE2 is the
master device. Run the display interface eth-trunk command on UPE2. The command
output shows that the status of the Eth-Trunk link between the CE and UPE2 is Up.
[UPE2] display vrrp
GigabitEthernet1/0/3 | Virtual Router 1
State : Master
Virtual IP : 10.1.10.10
PriorityRun : 140
PriorityConfig : 140
MasterPriority : 140
Preempt : YES
Delay Time : 0
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Config type : admin-vrrp
Backup-forward : disabled
Track IF : GigabitEthernet1/0/1
priority reduced : 40
IF State : UP
Track IF : GigabitEthernet1/0/2
priority reduced : 40
IF State : UP
Track IF : GigabitEthernet1/0/4
priority reduced : 40
IF State : UP
Config track link-bfd down-number : 0
[UPE2] display interface Eth-Trunk 30
Eth-Trunk30 current state : UP
Line protocol current state : DOWN
Description:HUAWEI, Eth-Trunk30 Interface
Route Port,Hash arithmetic : According to flow,Maximal BW: 2G, Current BW:
2G,
The Maximum Transmit Unit is 1500
Internet protocol processing : disabled
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is
00e0-4c45-3500
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
193
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Physical is ETH_TRUNK
Current system time: 2010-08-29 20:35:08
QoS max-bandwidth : 0 Kbps
Output queue : (Urgent queue : Size/Length/Discards) 0/50/0
Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0
Output queue : (FIFO queue : Size/Length/Discards) 0/256/0
Last 300 seconds input rate 0 bits/sec, 0 packets/sec
Last 300 seconds output rate 0 bits/sec, 0 packets/sec
Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec
Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec
Input: 1124 packets,139376 bytes,
0 unicast,0 broadcast,1124 multicast
0 errors,0 drops,0 unknownprotocol
Output:1121 packets,139004 bytes,
0 unicast,0 broadcast,1121 multicast
0 errors,0 drops
Input bandwidth utilization : 0.00%
Output bandwidth utilization : 0.00%
----------------------------------------------------PortName
Status
Weight
----------------------------------------------------GigabitEthernet1/0/1
UP
1
GigabitEthernet1/0/2
UP
1
----------------------------------------------------The Number of Ports in Trunk : 2
The Number of UP Ports in Trunk : 2
l Run the shutdown command on the member interface GE 1/0/1 of the Eth-Trunk interface
on UPE2 to simulate the fault that a member interface goes Down. Then, perform the
following steps on the UPEs:
– Run the display vrrp command on UPE2. The command output shows that UPE2 changes
from master to backup and the tracked interface goes Down. Run the display interface
eth-trunk command on UPE2. The command output shows that the Eth-Trunk link
between the CE and UPE2 goes Down.
[UPE2] display vrrp
GigabitEthernet1/0/3 | Virtual Router 1
State : Backup
Virtual IP : 10.1.10.10
PriorityRun : 100
PriorityConfig : 140
MasterPriority : 120
Preempt : YES
Delay Time : 0
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Config type : admin-vrrp
Backup-forward : disabled
Track IF : GigabitEthernet1/0/1
priority reduced
IF State : DOWN
Track IF : GigabitEthernet1/0/2
priority reduced
IF State : UP
Track IF : GigabitEthernet1/0/4
priority reduced
IF State : UP
Config track link-bfd down-number : 0
[UPE2] display interface Eth-Trunk 30
Eth-Trunk30 current state : DOWN
Line protocol current state : DOWN
Description:HUAWEI, Eth-Trunk30 Interface
Route Port,Hash arithmetic : According to flow,Maximal
0M,
The Maximum Transmit Unit is 1500
Internet protocol processing : disabled
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
: 40
: 40
: 40
BW: 2G, Current BW:
194
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is
00e0-4c45-3500
Physical is ETH_TRUNK
Current system time: 2010-08-29 20:36:10
QoS max-bandwidth : 0 Kbps
Output queue : (Urgent queue : Size/Length/Discards) 0/50/0
Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0
Output queue : (FIFO queue : Size/Length/Discards) 0/256/0
Last 300 seconds input rate 0 bits/sec, 0 packets/sec
Last 300 seconds output rate 0 bits/sec, 0 packets/sec
Realtime 163 seconds input rate 24 bits/sec, 0 packets/sec
Realtime 163 seconds output rate 24 bits/sec, 0 packets/sec
Input: 1203 packets,149172 bytes,
0 unicast,0 broadcast,1203 multicast
0 errors,0 drops,0 unknownprotocol
Output:1197 packets,148428 bytes,
0 unicast,0 broadcast,1197 multicast
0 errors,0 drops
Input bandwidth utilization : 0.00%
Output bandwidth utilization : 0.00%
----------------------------------------------------PortName
Status
Weight
----------------------------------------------------GigabitEthernet1/0/1
DOWN
1
GigabitEthernet1/0/2
DOWN
1
----------------------------------------------------The Number of Ports in Trunk : 2
The Number of UP Ports in Trunk : 0
– Run the display vrrp command on UPE1. The command output shows that UPE1 changes
from backup to master. Run the display interface eth-trunk command on UPE1. The
command output shows that the Eth-Trunk link between the CE and UPE1 goes Up.
[UPE1] display vrrp
GigabitEthernet1/0/3 | Virtual Router 1
State : Master
Virtual IP : 10.1.10.10
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES
Delay Time : 0
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Config type : admin-vrrp
Backup-forward : disabled
Track IF : GigabitEthernet1/0/1
priority reduced : 40
IF State : UP
Track IF : GigabitEthernet1/0/2
priority reduced : 40
IF State : UP
Track IF : GigabitEthernet1/0/4
priority reduced : 40
IF State : UP
Config track link-bfd down-number : 0
[UPE1] display interface Eth-Trunk 20
Eth-Trunk20 current state : UP
Line protocol current state : DOWN
Description:HUAWEI, Eth-Trunk20 Interface
Route Port,Hash arithmetic : According to flow,Maximal BW: 2G, Current BW: 2G,
The Maximum Transmit Unit is 1500
Internet protocol processing : disabled
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-6923-4900
Physical is ETH_TRUNK
Current system time: 2010-08-29 20:37:18
QoS max-bandwidth : 0 Kbps
Output queue : (Urgent queue : Size/Length/Discards) 0/50/0
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
195
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0
Output queue : (FIFO queue : Size/Length/Discards) 0/256/0
Last 300 seconds input rate 120 bits/sec, 0 packets/sec
Last 300 seconds output rate 120 bits/sec, 0 packets/sec
Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec
Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec
Input: 1225 packets,151900 bytes,
0 unicast,0 broadcast,1225 multicast
0 errors,0 drops,0 unknownprotocol
Output:1236 packets,153264 bytes,
0 unicast,0 broadcast,1236 multicast
0 errors,0 drops
Input bandwidth utilization : 0.00%
Output bandwidth utilization : 0.00%
----------------------------------------------------PortName
Status
Weight
----------------------------------------------------GigabitEthernet1/0/1
UP
1
GigabitEthernet1/0/2
UP
1
----------------------------------------------------The Number of Ports in Trunk : 2
The Number of UP Ports in Trunk : 2
----End
Configuration Files
l
Configuration file of the CE
#
sysname CE
#
interface Eth-Trunk10
mode lacp-static
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 10
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 10
#
interface GigabitEthernet1/0/3
undo shutdown
eth-trunk 10
#
interface GigabitEthernet1/0/4
undo shutdown
eth-trunk 10
#
return
l
Configuration file of UPE1
#
sysname UPE1
#
interface Eth-Trunk20
mode lacp-static
lacp track vrrp vrid 1 interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 20
#
interface GigabitEthernet1/0/2
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
196
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
undo shutdown
eth-trunk 20
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.1.10.1 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.10.10
admin-vrrp vrid 1 ignore-if-down
vrrp vrid 1 priority 120
vrrp vrid 1 track interface GigabitEthernet1/0/1 reduced 40
vrrp vrid 1 track interface GigabitEthernet1/0/2 reduced 40
vrrp vrid 1 track interface GigabitEthernet1/0/4 reduced 40
#
return
l
Configuration file of UPE2
#
sysname UPE2
#
interface Eth-Trunk30
mode lacp-static
lacp track vrrp vrid 1 interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/1
shutdown
eth-trunk 30
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 30
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.1.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.10.10
admin-vrrp vrid 1 ignore-if-down
vrrp vrid 1 priority 140
vrrp vrid 1 track interface GigabitEthernet1/0/1 reduced 40
vrrp vrid 1 track interface GigabitEthernet1/0/2 reduced 40
vrrp vrid 1 track interface GigabitEthernet1/0/4 reduced 40
#
return
3.11.7 Example for Configuring Eth-Trunk Interfaces in Static
LACP Mode to Communicate over a VLL Network
Networking Requirements
Establishing an Eth-Trunk between a CE and a PE can effective improve the reliability and
bandwidth utilization of the link between the CE and the PE. The Eth-Trunk on the PE, however,
can be bound to only one VLL. Therefore, the VCs between PEs cannot be effectively used, that
is, the utilization of the bandwidths of the network between the CEs cannot be increased.
After a link aggregation group between the CEs is configured, that is, the Eth-Trunk between
the CEs crosses VLLs, the interfaces connecting PEs and CEs do not need to be added to the
Eth-Trunk and can be added to different VLLs. LACP packets can be transparently transmitted
over VLLs, and the transparent transmission paths do not interfere with each other. The EthTrunk status of the CEs is therefore ensured. In this manner, the bandwidth utilization and
reliability of the link between the CEs are improved.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
197
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
As shown in Figure 3-21, CE1 and CE2 communicate through Eth-Trunk interfaces in static
LACP mode over a VLL network in Martini mode. The Eth-Trunk interface on CE1 has two
member interfaces, which are connected to two interfaces on PE1 at the user side. Another two
interfaces on PE1 at the network side are bound to different VLLs. That is, GE 1/0/0 on PE1 is
bound to VLL1 and GE 1/0/1 is bound to VLL2. Member interfaces of the Eth-Trunk interface
on CE2 are connected to GE 2/0/0s on PE2 and PE3. GE 2/0/0 on PE2 is bound to VLL1 and
GE 2/0/0 on PE3 is bound to VLL2.
It is required that LACP packets be transparently transmitted over the VLL network to maintain
Eth-Trunk interfaces on CE1 and CE2 and untagged Layer 2 packets be transparently transmitted
from CE1 to CE2.
Figure 3-21 Example for configuring Eth-Trunk interfaces in static LACP mode to communicate
over a VLL network
PE2
Loopback2
P1
Loopback4
Eth-Trunk1
GE1/0/0
Loopback1
GE1/0/0
GE2/0/0
GE2/0/0
GE1/0/1
Loopback3
GE1/0/0
GE2/0/1
PE1
GE1/0/0
GE1/0/0
Loopback5
CE1 GE1/0/1
Eth-Trunk1
GE2/0/0
GE1/0/0
GE1/0/0
CE2
GE2/0/0
GE2/0/0
P2
PE3
Item
Interface
IP Address
PE1
GE 2/0/0
10.1.1.1/24
GE 2/0/1
10.1.3.1/24
Loopback1
1.1.1.9/32
GE 1/0/0
10.1.2.2/24
Loopback2
2.2.2.9/32
GE 1/0/0
10.1.4.2/24
Loopback3
3.3.3.9/32
GE 1/0/0
10.1.1.2/24
GE 2/0/0
10.1.2.1/24
Loopback4
4.4.4.9/32
GE 1/0/0
10.1.3.2/24
GE 2/0/0
10.1.4.1/24
Loopback5
5.5.5.9/32
PE2
PE3
P1
P2
GE1/0/1
Configuration Roadmap
The configuration roadmap is as follows:
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
198
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
1.
Configure a routing protocol on the devices (PEs and the Ps) on the backbone network to
make them reachable to each other, and enable MPLS.
2.
Use the default tunnel policy and set up LSPs to transmit user traffic.
3.
Enable MPLS L2VPN on PEs and establish VCs.
4.
Create Eth-Trunk interfaces on CEs and configure the Eth-Trunk interfaces to work in static
LACP mode.
Data Preparation
To complete the configuration, you need the following data:
l
VLAN ID tagged with which packets can be transmitted on links between CEs
l
Name of the remote peer of each PE
l
ID of each VC
Procedure
Step 1 Configure CEs.
# Configure CE1 to be the LACP Actor.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan 10
[CE1-vlan10] quit
[CE1] interface eth-trunk 1
[CE1-Eth-Trunk1] quit
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] eth-trunk 1
[CE1-GigabitEthernet1/0/0] quit
[CE1] interface gigabitethernet 1/0/1
[CE1-GigabitEthernet1/0/1] eth-trunk 1
[CE1-GigabitEthernet1/0/0] quit
[CE1] interface eth-trunk1
[CE1-Eth-Trunk1] portswitch
[CE1-Eth-Trunk1] port default vlan 10
[CE1-Eth-Trunk1] mode lacp-static
[CE1-Eth-Trunk1] quit
[CE1] lacp priority 100
# Configure CE2 to be the LACP Partner.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan 10
[CE2-vlan10] quit
[CE2] interface eth-trunk 1
[CE2-Eth-Trunk1] quit
[CE2] interface gigabitethernet 1/0/0
[CE2-GigabitEthernet1/0/0] eth-trunk 1
[CE2-GigabitEthernet1/0/0] quit
[CE2] interface gigabitethernet 1/0/1
[CE2-GigabitEthernet1/0/1] eth-trunk 1
[CE2-GigabitEthernet1/0/0] quit
[CE2] interface eth-trunk1
[CE2-Eth-Trunk1] portswitch
[CE2-Eth-Trunk1] port default vlan 10
[CE2-Eth-Trunk1] mode lacp-static
[CE2-Eth-Trunk1] quit
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
199
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
NOTE
You can configure either the same interface number or different interface numbers for Eth-Trunk interfaces
on CE1 and CE2.
Step 2 Configure an IGP on the MPLS backbone network (in this example, OSPF is used).
As shown in Figure 3-21, configure an IP address for each interface on PEs and P1. When
configuring OSPF, note that the 32-bit loopback addresses of PE1, PE2, PE3, P1, and P2, which
are used as LSR IDs, must be advertised.
For configuration details, see "Configuration Files" in this section.
After the configuration, OSPF neighbor relationships can be established between PE1, P1, and
PE2 and between PE1, P2, and PE3. By running the display ospf peer command, you can view
that OSPF neighbor relationships are Full. By running the display ip routing-table command,
you can view that PEs have learned loopback addresses from each other.
Step 3 Configure based MPLS functions and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface gigabitethernet
[PE1-GigabitEthernet2/0/0] mpls
[PE1-GigabitEthernet2/0/0] mpls
[PE1-GigabitEthernet2/0/0] quit
[PE1] interface gigabitethernet
[PE1-GigabitEthernet2/0/1] mpls
[PE1-GigabitEthernet2/0/1] mpls
[PE1-GigabitEthernet2/0/1] quit
2/0/0
ldp
2/0/1
ldp
# Configure P1.
[P1] mpls lsr-id 4.4.4.9
[P1] mpls
[P1-mpls] quit
[P1] mpls ldp
[P1-mpls-ldp] quit
[P1] interface gigabitethernet
[P1-GigabitEthernet1/0/0] mpls
[P1-GigabitEthernet1/0/0] mpls
[P1-GigabitEthernet1/0/0] quit
[P1] interface gigabitethernet
[P1-GigabitEthernet2/0/0] mpls
[P1-GigabitEthernet2/0/0] mpls
[P1-GigabitEthernet2/0/0] quit
1/0/0
ldp
2/0/0
ldp
# Configure P2.
[P2] mpls lsr-id 5.5.5.9
[P2] mpls
[P2-mpls] quit
[P2] mpls ldp
[P2-mpls-ldp] quit
[P2] interface gigabitethernet 1/0/0
[P2-GigabitEthernet1/0/0] mpls
[P2-GigabitEthernet1/0/0] mpls ldp
[P2-GigabitEthernet1/0/0] quit
[P2] interface gigabitethernet 2/0/0
[P2-GigabitEthernet2/0/0] mpls
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
200
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
[P2-GigabitEthernet2/0/0] mpls ldp
[P2-GigabitEthernet2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] mpls
[PE2-GigabitEthernet1/0/0] mpls ldp
[PE2-GigabitEthernet1/0/0] quit
# Configure PE3.
[PE3] mpls lsr-id 3.3.3.9
[PE3] mpls
[PE3-mpls] quit
[PE3] mpls ldp
[PE3-mpls-ldp] quit
[PE3] interface gigabitethernet 1/0/0
[PE3-GigabitEthernet1/0/0] mpls
[PE3-GigabitEthernet1/0/0] mpls ldp
[PE3-GigabitEthernet1/0/0] quit
Step 4 Establish remote LDP sessions between PE1 and PE2 and between PE1 and PE3.
# Configure PE1.
[PE1] mpls ldp remote-peer 2.2.2.9
[PE1-mpls-ldp-remote-2.2.2.9] remote-ip 2.2.2.9
[PE1-mpls-ldp-remote-2.2.2.9] quit
[PE1] mpls ldp remote-peer 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
# Configure PE3.
[PE3] mpls ldp remote-peer 1.1.1.9
[PE3-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE3-mpls-ldp-remote-1.1.1.9] quit
After the configuration, run the display mpls ldp session command on PE1 to view information
about LDP sessions. You can view that both remote LDP sessions have been established.
Take the display on PE1 as an example:
<PE1> display mpls ldp session
LDP Session(s) in Public Network
-----------------------------------------------------------------------------Peer-ID
Status
LAM SsnRole SsnAge
KA-Sent/Rcv
-----------------------------------------------------------------------------2.2.2.9:0
Operational DU
Passive 000:00:09
37/37
3.3.3.9:0
Operational DU
Passive 000:00:10
40/40
4.4.4.9:0
Operational DU
Passive 000:00:05
20/20
5.5.5.9:0
Operational DU
Passive 000:00:06
31/31
-----------------------------------------------------------------------------TOTAL: 4 session(s) Found.
LAM : Label Advertisement Mode
SsnAge Unit : DDD:HH:MM
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
201
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Step 5 Enable MPLS L2VPN on PEs and create VCs.
# Configure PE1: create VC1 on GE 1/0/0 and VC2 on GE 1/0/1.
[PE1] mpls l2vpn
[PE1-l2vpn] mpls l2vpn default martini
[PE1-l2vpn] quit
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] undo shutdown
[PE1-GigabitEthernet1/0/0] mpls l2vc 2.2.2.9 101
[PE1-GigabitEthernet1/0/0] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/0] undo shutdown
[PE1-GigabitEthernet1/0/1] mpls l2vc 3.3.3.9 111
[PE1-GigabitEthernet1/0/1] quit
# Configure PE2: create VC1 on GE 2/0/0.
[PE2] mpls l2vpn
[PE2-l2vpn] mpls l2vpn default martini
[PE2-l2vpn] quit
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] undo shutdown
[PE2-GigabitEthernet2/0/0] mpls l2vc 1.1.1.9 101
[PE2-GigabitEthernet2/0/0] quit
# Configure PE3: create VC2 on GE 2/0/0.
[PE3] mpls l2vpn
[PE3-l2vpn] mpls l2vpn default martini
[PE3-l2vpn] quit
[PE3] interface gigabitethernet 2/0/0
[PE3-GigabitEthernet2/0/0] undo shutdown
[PE3-GigabitEthernet2/0/0] mpls l2vc 1.1.1.9 111
[PE3-GigabitEthernet2/0/0] quit
Step 6 Verify the configuration.
On PE1, check information about L2VPN connections. You can view that two L2VCs have been
created and are in the Up state.
Take the display on GE 1/0/0 as an example:
<PE1> display mpls l2vc interface gigabitethernet 1/0/0
*client interface
: GigabitEthernet1/0/0 is up
Administrator PW
: no
session state
: up
AC state
: up
VC state
: up
VC ID
: 101
VC type
: VLAN
destination
: 2.2.2.9
local group ID
: 0
remote group ID
local VC label
: 146433
remote VC label
local AC OAM State
: up
local PSN State
: up
local forwarding state : forwarding
local status code
: 0x0
remote AC OAM state
: up
remote PSN state
: up
remote forwarding state: forwarding
remote status code
: 0x0
BFD for PW
: unavailable
manual fault
: not set
active state
: active
forwarding entry
: exist
link state
: up
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
: 0
: 133121
202
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
local VC MTU
local VCCV
remote VCCV
local control word
tunnel policy name
traffic behavior name
PW template name
primary or secondary
VC tunnel/token info
NO.0 TNL type : lsp
create time
up time
last change time
VC last up time
VC total up time
CKey
NKey
PW redundancy mode
AdminPw interface
AdminPw link state
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
3 Eth-Trunk Interface Configuration
1500
remote VC MTU
: 1500
alert lsp-ping bfd
alert lsp-ping bfd
disable
remote control word : disable
---primary
1 tunnels/tokens
, TNL ID : 0x2008007
0 days, 1 hours, 25 minutes, 29 seconds
0 days, 1 hours, 19 minutes, 52 seconds
0 days, 1 hours, 19 minutes, 52 seconds
2010/01/03 05:54:05
0 days, 1 hours, 25 minutes, 18 seconds
3
1
----
In this case, untagged Layer 2 packets can be transparently transmitted from CE1 to CE2.
----End
Configuration Files
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
lacp priority 100
#
interface GigabitEthernet1/0/0
undo shutdown
eth-trunk 1
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 1
#
interface Eth-Trunk1
portswitch
port default vlan 10
mode lacp-static
#
return
l
Configuration file of CE2
#
sysname CE2
#
vlan batch 10
#
interface GigabitEthernet1/0/0
undo shutdown
eth-trunk 1
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 1
#
interface Eth-Trunk1
portswitch
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
203
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
port default vlan 10
mode lacp-static
#
return
l
Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
mpls ldp remote-peer 2.2.2.9
remote-ip 2.2.2.9
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
interface GigabitEthernet1/0/0
undo shutdown
mpls l2vc 2.2.2.9 101
#
interface GigabitEthernet1/0/1
undo shutdown
mpls l2vc 3.3.3.9 111
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet2/0/1
undo shutdown
ip address 10.1.3.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.3.0 0.0.0.255
#
return
l
Configuration file of P1
#
sysname P1
#
mpls lsr-id 4.4.4.9
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.1.2 255.255.255.0
mpls
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
204
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.1.2.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack4
ip address 4.4.4.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
#
return
l
Configuration file of P2
#
sysname P2
#
mpls lsr-id 5.5.5.9
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.3.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.1.4.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack5
ip address 5.5.5.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 5.5.5.9 0.0.0.0
network 10.1.3.0 0.0.0.255
network 10.1.4.0 0.0.0.255
#
return
l
Configuration file of PE2
#
sysname PE2
#
mpls lsr-id 2.2.2.9
mpls
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
interface GigabitEthernet2/0/0
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
205
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
undo shutdown
mpls l2vc 1.1.1.9 101
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.2.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack2
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.2.0 0.0.0.255
#
return
l
Configuration file of PE3
#
sysname PE3
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
interface GigabitEthernet2/0/0
undo shutdown
mpls l2vc 1.1.1.9 111
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.4.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack3
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.1.4.0 0.0.0.255
#
return
3.11.8 Example for Configuring an E-Trunk Associated with VPLS
Before Enhanced Trunk (E-Trunk) is used, if the Eth-Trunk interface or the PE becomes faulty,
the CE cannot communicate with the PE. By using E-Trunk, the CE can be dual-homed to PEs.
This ensures device-level reliability.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
206
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Networking Requirements
A CE is dual-homed to PEs on a Virtual Private LAN Service (VPLS) network through respective
Eth-Trunk interfaces in static LACP mode. The CE initially communicates with remote devices
on the VPLS network through the active PE.
As shown in Figure 3-22, if the Eth-Trunk link between the CE and PE1 or PE1 becomes faulty,
the CE cannot communicate with PE1. To prevent service interruption, you can configure an ETrunk on PE1 and PE2. When the Eth-Trunk link between the CE and PE1 or PE1 becomes
faulty, the traffic from the CE to PE1 can be sent to PE2. This allows the CE to communicate
with remote devices on the VPLS network. When the Eth-Trunk link between the CE and PE1
or PE1 is restored, traffic is switched back to PE1. E-Trunk implements backup between PE1
and PE2, which improves network reliability.
Figure 3-22 Networking diagram for configuring an E-Trunk associated with VPLS
Loopback1
1.1.1.9/32
GE1/0/1
CE
Eth-Trunk 20
E-Trunk 1
0
k1 2
n
u
/
/0
-T r
1
h
t
E
E
G
PE1
GE1/0/1
172.16.1.1/24
VPLS
GE1/0/2
GE
Eth
1/0
-Tr
/1
un
k1
0
GE1/0/2
192.168.1.2/24
PE2
Loopback2
2.2.2.9/32
E-Trunk is an extension to the link aggregation control protocol (LACP), which implements
inter-device link aggregation. Unlike LACP that provides board-level reliability, E-Trunk
provides device-level reliability.
E-Trunk is used to perform link protection in the networking where a CE is dual-homed to two
PEs on a VPLS, Virtual Leased Line (VLL), or Pseudo-Wire Emulation Edge to Edge (PWE3)
network, and protect traffic when a PE becomes faulty.
Configuration Roadmap
The configuration roadmap is as follows:
1.
Issue 02 (2014-09-30)
Configure basic VPLS functions for the CE:
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
207
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2.
3 Eth-Trunk Interface Configuration
a.
Enable an interior gateway protocol (IGP) on the backbone network to allow devices
on the backbone network to communicate with each other.
b.
Enable basic multiprotocol label switching (MPLS) functions, and set up an label
switched path (LSP) between PEs.
c.
Enable MPLS L2VPN on each PE.
d.
Create virtual switching instances (VSI) and configure them.
Configure an E-Trunk:
a.
On the CE, create an Eth-Trunk interface between the CE and PE1 and between the
CE and PE2. Configure the Eth-Trunk interfaces to work in static LACP mode. Add
member interfaces to the Eth-Trunk interfaces.
b.
Create an E-Trunk between PE1 and PE2, and add the Eth-Trunk interfaces in static
LACP mode to the E-Trunk.
c.
Configure the E-Trunk attributes:
l Priorities of the E-Trunk
l System ID and LACP priority of the E-Trunk
l Period for sending Hello packets by the E-Trunk
l Time multiplier for detecting Hello packets by the E-Trunk
l Descriptions of the E-Trunk.
l IP addresses of the local and peer ends of the E-Trunk
3.
Verify the configuration.
Data Preparation
To complete the configuration, you need the following data:
l
VSI IDs on each PE (VSI IDs on the PEs must be the same.)
l
MPLS LSR ID of each PE
l
Names of the VSIs on PE1 and PE2
l
Interfaces to which VSIs are bound
l
Priorities of the E-Trunk
l
System ID and LACP priority of the E-Trunk
l
Interface numbers and working mode of the Eth-Trunk interfaces
l
Local and peer IP addresses
l
Period for sending Hello packets and time multiplier for detecting Hello packets
Procedure
Step 1 Configure VPLS.
1.
Configure an IGP on the MPLS backbone network. The Open Shortest Path First (OSPF)
protocol is used as the IGP protocol in this example.
Assign an IP address to each member interface on each PE as shown in Figure 3-22. After
OSPF is enabled, the 32-bit loopback address of each PE must be advertised.
# Configure PE1.
<HUAWEI> system-view
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
208
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
[HUAWEI] sysname PE1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 255.255.255.255
[PE1-LoopBack1] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] undo shutdown
[PE1-GigabitEthernet1/0/1] ip address 172.16.1.1 255.255.255.0
[PE1-GigabitEthernet1/0/1] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 172.16.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 2.2.2.9 255.255.255.255
[PE2-LoopBack1] quit
[PE2] interface gigabitethernet 1/0/2
[PE2-GigabitEthernet1/0/2] undo shutdown
[PE2-GigabitEthernet1/0/2] ip address 192.168.1.2 255.255.255.0
[PE2-GigabitEthernet1/0/2] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
After the configuration is complete, PE1and PE2 can discover IP routes of the peer
loopback1 by OSPF. The IP addresses in these routes can ping each other.
[PE1] ping 2.2.2.9
PING 2.2.2.9: 56 data bytes, press CTRL_C to break
Reply from 2.2.2.9: bytes=56 Sequence=1 ttl=255
Reply from 2.2.2.9: bytes=56 Sequence=2 ttl=255
Reply from 2.2.2.9: bytes=56 Sequence=3 ttl=255
Reply from 2.2.2.9: bytes=56 Sequence=4 ttl=255
Reply from 2.2.2.9: bytes=56 Sequence=5 ttl=255
time=260 ms
time=30 ms
time=50 ms
time=30 ms
time=60 ms
--- 2.2.2.9 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/86/260 ms
2.
Enable basic MPLS functions and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] mpls
[PE1-GigabitEthernet1/0/1] mpls ldp
[PE1-GigabitEthernet1/0/1] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
209
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
[PE2] interface gigabitethernet 1/0/2
[PE2-GigabitEthernet1/0/2] mpls
[PE2-GigabitEthernet1/0/2] mpls ldp
[PE2-GigabitEthernet1/0/2] quit
After the preceding configurations are complete, LDP sessions are set up between the PEs.
Run the display mpls ldp session command and you can see that the Status field displays
Operational.
Use the display on PE1 as an example:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
-----------------------------------------------------------------------------Peer-ID
Status
LAM SsnRole SsnAge
KA-Sent/Rcv
-----------------------------------------------------------------------------2.2.2.9:0
Operational DU
Passive 000:00:00
1/1
-----------------------------------------------------------------------------TOTAL: 1 session(s) Found.
[PE1] display mpls ldp lsp
LDP LSP Information
--------------------------------------------------------------------------------------------------DestAddress/Mask
In/OutLabel
NextHop
OutInterface
UpstreamPeer
--------------------------------------------------------------------------------------------------1.1.1.9/32
3/NULL
127.0.0.1
InLoop0
2.2.2.9
*1.1.1.9/32
Liberal
DS/2.2.2.9
2.2.2.9/32
NULL/3
192.168.1.2
GE1/0/1
2.2.2.9/32
1024/3
192.168.1.2
GE1/0/1/
2.2.2.9
--------------------------------------------------------------------------------------------------TOTAL: 3 Normal LSP(s) Found.
TOTAL: 1 Liberal LSP(s) Found.
A '*' before an LSP means the LSP is not established
A '*' before a Label means the USCB or DSCB is stale
A '*' before a UpstreamPeer means the session is in GR state
NOTE
If PEs are indirectly connected, run the mpls ldp remote-peer and remote-ip commands to set up
remote LDP sessions between the PEs.
3.
Enable MPLS L2VPN on each PE.
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
4.
Create VSIs and specify LDP as the signaling protocol for the VSIs.
# Configure PE1.
[PE1] vsi ldp1 static
[PE1-vsi-ldp1] pwsignal ldp
[PE1-vsi-ldp1-ldp] vsi-id 2
[PE1-vsi-ldp1-ldp] peer 2.2.2.9
[PE1-vsi-ldp1-ldp] mac-withdraw enable
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
210
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
[PE1-vsi-ldp1-ldp] interface-status-change mac-withdraw enable
[PE1-vsi-ldp1-ldp] quit
[PE1-vsi-ldp1] ignore-ac-state
[PE1-vsi-ldp1] quit
# Configure PE2.
[PE2] vsi ldp1 static
[PE2-vsi-ldp1] pwsignal ldp
[PE2-vsi-ldp1-ldp] vsi-id 2
[PE2-vsi-ldp1-ldp] peer 1.1.1.9
[PE2-vsi-ldp1-ldp] mac-withdraw enable
[PE2-vsi-ldp1-ldp] interface-status-change mac-withdraw enable
[PE2-vsi-ldp1-ldp] quit
[PE2-vsi-ldp1] ignore-ac-state
[PE2-vsi-ldp1] quit
NOTICE
The ignore-ac-state command is configured to prevent VSI status from being affected by
the Attachment Circuit (AC) status. After the configuration is complete, a VSI is still Up
even though no AC is associated with the VSI. Exercise caution when running this
command.
5.
Configure Eth-Trunk sub-interfaces on PEs and bind VSIs to AC interfaces.
# Configure PE1.
[PE1] interface Eth-Trunk 10
[PE1-Eth-Trunk10] quit
[PE1] interface Eth-Trunk 10.1
[PE1-Eth-Trunk10.1] vlan-type dot1q 1
[PE1-Eth-Trunk10.1] l2 binding vsi ldp1
[PE1-Eth-Trunk10.1] undo shutdown
[PE1-Eth-Trunk10.1] quit
# Configure PE2.
[PE2] interface Eth-Trunk 10
[PE2-Eth-Trunk10] quit
[PE2] interface Eth-Trunk 10.1
[PE2-Eth-Trunk10.1] vlan-type dot1q 1
[PE2-Eth-Trunk10.1] l2 binding vsi ldp1
[PE2-Eth-Trunk10.1] undo shutdown
[PE2-Eth-Trunk10.1] quit
6.
Configure the Layer 2 forwarding function on the CE.
# Add the configured Eth-Trunk 20 to VLAN 1.
<HUAWEI> system-view
[HUAWEI] sysname CE
[CE] interface Eth-Trunk 20
[CE-Eth-Trunk20] portswitch
[CE-Eth-Trunk20] quit
[CE] vlan 1
[CE-vlan1] port Eth-Trunk 20
[CE-vlan1] quit
[CE] interface Eth-Trunk 20
[CE-Eth-Trunk20] port trunk allow-pass vlan 1
# Configure Eth-Trunk 20 to work in static LACP mode.
[CE-Eth-Trunk20] mode lacp-static
[CE-Eth-Trunk20] quit
# Add member interfaces to Eth-Trunk 20.
[CE] interface gigabitethernet 1/0/1
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
211
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
[CE-GigabitEthernet1/0/1] undo shutdown
[CE-GigabitEthernet1/0/1] eth-trunk 20
[CE-GigabitEthernet1/0/1] quit
[CE] interface gigabitethernet 1/0/2
[CE-GigabitEthernet1/0/2] undo shutdown
[CE-GigabitEthernet1/0/2] eth-trunk 20
[CE-GigabitEthernet1/0/2] quit
Step 2 Configure an E-Trunk.
1.
Create Eth-Trunk 10 and configure it to work in static LACP mode.
# Configure PE1.
[PE1] interface eth-trunk 10
[PE1-Eth-Trunk10] mode lacp-static
[PE1-Eth-Trunk10] quit
# Configure PE2.
[PE2] interface eth-trunk 10
[PE2-Eth-Trunk10] mode lacp-static
[PE2-Eth-Trunk10] quit
2.
Add member interfaces to Eth-Trunk 10.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/2
[PE1-GigabitEthernet1/0/2] undo shutdown
[PE1-GigabitEthernet1/0/2] eth-trunk 10
[PE1-GigabitEthernet1/0/2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] undo shutdown
[PE2-GigabitEthernet1/0/1] eth-trunk 10
[PE2-GigabitEthernet1/0/1] quit
3.
Create an E-Trunk between PE1 and PE2, and add Eth-Trunk 10 in static LACP mode to
the E-Trunk.
# Configure PE1.
[PE1] e-trunk 1
[PE1-e-trunk-1] quit
[PE1] interface eth-trunk 10
[PE1-Eth-Trunk10] e-trunk 1
[PE1-Eth-Trunk10] quit
# Configure PE2.
[PE2] e-trunk 1
[PE2-e-trunk-1] quit
[PE2] interface eth-trunk 10
[PE2-Eth-Trunk10] e-trunk 1
[PE2-Eth-Trunk10] quit
4.
Configure E-Trunk attributes.
l Configure E-Trunk priorities.
# Configure PE1.
[PE1] e-trunk 1
[PE1-e-trunk-1] priority 10
[PE1-e-trunk-1] quit
# Configure PE2.
[PE2] e-trunk 1
[PE2-e-trunk-1] priority 20
[PE2-e-trunk-1] quit
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
212
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
l Configuring the system ID and LACP priority of the E-Trunk.
# Configure PE1.
[PE1] lacp e-trunk priority 1
[PE1] lacp e-trunk system-id 00E0-FC00-0000
# Configure PE2.
[PE2] lacp e-trunk priority 1
[PE2] lacp e-trunk system-id 00E0-FC00-0000
The LACP priorities and system IDs on the devices in the same E-Trunk must be the
same.
l Configure the period for sending Hello packets by the E-Trunk.
# Configure PE1.
[PE1-e-trunk-1] timer hello 9
# Configure PE2.
[PE2-e-trunk-1] timer hello 9
l Configure the time multiplier for detecting Hello packets by the E-Trunk.
# Configure PE1.
[PE1] e-trunk 1
[PE1-e-trunk-1] timer hold-on-failure multiplier 30
# Configure PE2.
[PE2] e-trunk 1
[PE2-e-trunk-1] timer hold-on-failure multiplier 30
l Configure the description of the E-Trunk.
# Configure PE1.
[PE1-e-trunk-1] description PE1_to_PE2
# Configure PE2.
[PE2-e-trunk-1] description PE2_to_PE1
5.
Configure IP addresses for the local and peer ends of the E-Trunk.
# Configure PE1.
[PE1-e-trunk-1] peer-address 192.168.1.2 source-address 172.16.1.1
[PE1-e-trunk-1] quit
# Configure PE2.
[PE2-e-trunk-1] peer-address 172.16.1.1 source-address 192.168.1.2
[PE2-e-trunk-1] quit
6.
Bind the E-Trunk to a BFD session.
l Create a BFD session.
# Configure PE1.
[PE1] bfd
[PE1-bfd] quit
[PE1] bfd hello bind peer-ip 192.168.1.2 source-ip 172.16.1.1
[PE1-bfd-session-hello] discriminator local 1
[PE1-bfd-session-hello] discriminator remote 2
[PE1-bfd-session-hello] commit
[PE1-bfd-session-hello] quit
The IP addresses of the local and peer ends of a BFD session must be the same as that
of the E-Trunk.
# Configure PE2.
[PE2] bfd
[PE2-bfd] quit
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
213
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
[PE2] bfd hello bind peer-ip 172.16.1.1 source-ip 192.168.1.2
[PE2-bfd-session-hello] discriminator local 2
[PE2-bfd-session-hello] discriminator remote 1
[PE2-bfd-session-hello] commit
[PE2-bfd-session-hello] quit
l Bind the E-Trunk to a BFD session.
# Configure PE1.
[PE1] e-trunk 1
[PE1-e-trunk-1] e-trunk track bfd-session session-name hello
[PE1-e-trunk-1] quit
# Configure PE2.
[PE2] e-trunk 1
[PE2-e-trunk-1] e-trunk track bfd-session session-name hello
[PE2-e-trunk-1] quit
After the preceding configurations are complete, run the display bfd session all
verbose command on PE1 and PE2. The command output shows that the BFD session
has been created and is in the Up state.
Use the display on PE1 as an example:
[PE1] display bfd session all verbose
------------------------------------------------------------------------------Session MIndex : 256
(Multi Hop) State : Up
Name : hello
------------------------------------------------------------------------------Local Discriminator
: 1
Remote Discriminator
: 2
Session Detect Mode
: Asynchronous Mode Without Echo Function
BFD Bind Type
: Peer IP Address
Bind Session Type
: Static
Bind Peer IP Address
: 192.168.1.2
Bind Interface
: Bind Source IP Address : 172.16.1.1
FSM Board Id
: 1
TOS-EXP
: 7
Min Tx Interval (ms)
: 1000
Min Rx Interval (ms)
: 1000
Actual Tx Interval (ms): Actual Rx Interval (ms): Local Detect Multi
: 3
Detect Interval (ms)
: Echo Passive
: Disable
Acl Number
: Destination Port
: 3784
TTL
: 254
Proc Interface Status : Disable
Process PST
:
Disable
WTR Interval (ms)
: Local Demand Mode
:
Disable
Last Local Diagnostic : No Diagnostic
Bind Application
: E-TRUNK
Session TX TmrID
: Session Detect TmrID
: Session Init TmrID
: Session WTR TmrID
: Session Echo Tx TmrID : PDT Index
: FSM-0 | RCV-0 | IF-0 | TOKEN-0
Session Description
: ------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Step 3 Verify the configuration.
# Run the display eth-trunk command on the CE. You can view the configuration of the EthTrunk interface.
[CE] display eth-trunk 20
Eth-Trunk20's state information is:
Local:
LAG ID: 20
WorkingMode: STATIC
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
214
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Preempt Delay: Disabled
Hash arithmetic: According to flow
System Priority: 32768
System ID: 00e0-657a-6300
Least Active-linknumber: 1 Max Active-linknumber: 16
Operate status: up
Number Of Up Port In Trunk: 1
-------------------------------------------------------------------------------ActorPortName
Status
PortType PortPri PortNo PortKey PortState
Weight
GigabitEthernet1/0/1
Selected 100M
32768
128
2593
11111100 1
GigabitEthernet1/0/2
Unselect 100M
32768
129
2593
11100010 1
Partner:
-------------------------------------------------------------------------------ActorPortName
SysPri
SystemID
PortPri PortNo PortKey
PortState
GigabitEthernet1/0/1
1
00e0-fc00-0000 32768 129
2593
11111100
GigabitEthernet1/0/2
1
00e0-fc00-0000 32768 32896
2593
11010000
The command output on the CE shows that the member interfaces GE 1/0/1 and GE 1/0/2 are
in the Selected and Unselect state respectively.
# Run the display e-trunk command. You can view information about the E-Trunk.
[PE1] display e-trunk 1
The E-Trunk information
E-TRUNK-ID
: 1
Revert-Delay-Time (s) : 120
Priority
: 10
System-ID
: 00e0-0f74-eb00
Peer-IP
: 192.168.1.2
Source-IP
: 172.16.1.1
State
: Master
Causation
: PRI
Send-Period (100ms)
: 9
Fail-Time (100ms)
: 27
Receive
: 41
Send
: 42
RecDrop
: 0
SndDrop
: 0
Peer-Priority
: 20
Peer-System-ID
: 00e0-3b6c-6100
Peer-Fail-Time (100ms) : 27
BFD-Session
: 1
Description
: PE1_to_PE2
-------------------------------------------------------------------------------The Member information
Type
ID LocalPhyState
Work-Mode
State
Causation
Eth-Trunk
10 Up
auto
Master
PEER_MEMBER_DOWN
[PE2] display e-trunk 1
The E-Trunk information
E-TRUNK-ID
: 1
Revert-Delay-Time (s) : 120
Priority
: 20
System-ID
: 00e0-3b6c-6100
Peer-IP
: 172.16.1.1
Source-IP
: 192.168.1.2
State
: Backup
Causation
: PRI
Send-Period (100ms)
: 9
Fail-Time (100ms)
: 27
Receive
: 43
Send
: 42
RecDrop
: 3
SndDrop
: 0
Peer-Priority
: 10
Peer-System-ID
: 00e0-0f74-eb00
Peer-Fail-Time (100ms) : 27
BFD-Session
: 2
Description
: PE2_to_PE1
-------------------------------------------------------------------------------The Member information
Type
ID LocalPhyState
Work-Mode
State
Causation
Eth-Trunk
10 Down
auto
Backup
PEER_MEMBER_UP
The command output shows that the E-Trunk priority on PE1 is 10 and the status of the E-Trunk
on PE1 is master, and the E-Trunk priority on PE2 is 20, and the status of the E-Trunk on PE2
is backup. This implements link backup between PE1 and PE2.
# Run the display vsi name ldp1 verbose command. You can view information about PWs.
Use the display on PE1 as an example:
[PE1] display vsi name ldp1 verbose
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
215
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
***VSI Name
Administrator VSI
Isolate Spoken
VSI Index
PW Signaling
Member Discovery Style
PW MAC Learn Style
Encapsulation Type
MTU
Diffserv Mode
Service Class
Color
DomainId
Domain Name
Ignore AcState
Create Time
VSI State
Resource Status
VSI ID
LDP MAC-WITHDRAW
*Peer Router ID
VC Label
Peer Type
Session
Tunnel ID
Broadcast Tunnel ID
CKey
NKey
StpEnable
PwIndex
Interface Name
State
Last Up Time
Total Up Time
3 Eth-Trunk Interface Configuration
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
ldp1
no
disable
0
ldp
static
unqualify
vlan
1500
uniform
--255
:
:
:
:
:
:
:
:
:
:
:
:
2
Interface-status-change Enable
2.2.2.9
19456
dynamic
up
0x801002
0x801002
2
1
0
0
:
:
:
:
Eth-Trunk10.1
up
2009/03/28 15:32:50
0 days, 0 hours, 8 minutes, 22 seconds
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
2.2.2.9
up
19456
19456
label
0x801002
0x801002
0x2
0x1
0x801002
0x0
LSP
GigabitEthernet1/0/1
0
0
2009/03/28 15:12:13
0 days, 0 hours, 26 minutes, 39 seconds
enable
0 days, 0 hours, 32 minutes, 30 seconds
up
Valid
**PW Information:
*Peer Ip Address
PW State
Local VC Label
Remote VC Label
PW Type
Tunnel ID
Broadcast Tunnel ID
Ckey
Nkey
Main PW Token
Slave PW Token
Tnl Type
OutInterface
Stp Enable
Mac Flapping
PW Last Up Time
PW Total Up Time
The preceding information indicates that a PW is set up between the PE1 and PE2 in the VSI
named ldp1, the VSI and PW are all Up, and the Eth-Trunk sub-interface to which the VSI is
bound is also Up.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
216
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Configuration Files
l
Configuration file of the CE
#
sysname CE
#
vlan batch 1
#
interface Eth-Trunk20
portswitch
port default vlan 1
port trunk allow-pass vlan 1
mode lacp-static
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 20
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 20
#
return
l
Configuration file of PE1
#
sysname PE1
#
e-trunk 1
priority 10
timer hello 9
timer hold-on-failure multiplier 30
description PE1_to_PE2
#
lacp e-trunk system-id 00e0-fc00-0000
lacp e-trunk priority 1
#
bfd
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 2
mac-withdraw enable
interface-status-change mac-withdraw enable
peer 2.2.2.9
ignore-ac-state
#
mpls ldp
#
interface Eth-Trunk10
mode lacp-static
e-trunk 1
#
interface Eth-Trunk10.1
vlan-type dot1q 1
l2 binding vsi ldp1
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 172.16.1.1 255.255.255.0
mpls
mpls ldp
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
217
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 10
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bfd hello bind peer-ip 192.168.1.2 source-ip 172.16.1.1
discriminator local 1
discriminator remote 2
commit
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 172.16.1.0 0.0.0.255
#
e-trunk 1
priority 10
peer-address 192.168.1.2 source-address 172.16.1.1
timer hello 9
e-trunk track bfd-session session-name hello
#
return
l
Configuration file of PE2
#
sysname PE2
#
e-trunk 1
priority 20
timer hello 9
timer hold-on-failure multiplier 30
description PE2_to_PE1
#
lacp e-trunk system-id 00e0-fc00-0000
lacp e-trunk priority 1
#
bfd
#
mpls lsr-id 2.2.2.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 2
mac-withdraw enable
interface-status-change mac-withdraw enable
peer 1.1.1.9
ignore-ac-state
#
mpls ldp
#
interface Eth-Trunk10
mode lacp-static
e-trunk 1
#
interface Eth-Trunk10.1
vlan-type dot1q 1
l2 binding vsi ldp1
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 10
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
218
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 192.168.1.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bfd hello bind peer-ip 172.16.1.1 source-ip 192.168.1.2
discriminator local 2
discriminator remote 1
commit
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 192.168.1.0 0.0.0.255
#
e-trunk 1
priority 20
peer-address 172.16.1.1 source-address 192.168.1.2
timer hello 9
e-trunk track bfd-session session-name hello
#
return
3.11.9 Example for Configuring an E-Trunk Associated with PW
Redundancy
In the networking where E-Trunk is not used, if the Eth-Trunk link between a CE and a PE
becomes faulty or a PE becomes faulty, the CE cannot communicate with the PE. To solve this
problem, E-Trunk is used to implement the link aggregation group backup between PE1 and
PE2, improving network reliability.
Networking Requirements
A CE is dual-homed to PE1 and PE2 on a Pseudo-Wire Emulation Edge to Edge (PWE3) network
through respective Eth-Trunk interfaces in static LACP mode.
As shown in Figure 3-23, CE1 initially communicates with remote devices on the PWE3
network through PE1. If the Eth-Trunk link between CE1 and PE1 or PE1 becomes faulty, CE1
cannot communicate with PE1. To prevent service interruption, E-Trunk can be configured on
PE1 and PE2. When the Eth-Trunk link between CE1 and PE1 or PE1 becomes faulty, this
configuration allows the traffic from CE1 to PE1 to be sent to PE2. This allows CE1 to
communicate with remote devices on the PWE3 network.
When the Eth-Trunk link between CE1 and PE1 or PE1 is restored, traffic is switched back to
PE1. E-Trunk implements backup between PE1 and PE2, which improves network reliability.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
219
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Figure 3-23 Example for configuring an E-Trunk associated with PW redundancy
Loopback0
1.1.1.1/32
GE1/0/2
GE1/0/3
10.1.3.2/24
Loopback0
PE1 GE1/0/1
3.3.3.3/32
10.1.4.1/24
GE1/0/3
GE1/0/1
10.1.1.1/24
Eth-Trunk20
10.1.3.1/24
GE1/0/3
GE1/0/1
10.1.4.2/24
GE1/0/2
PE2
GE1/0/2 PE3
10.1.2.1/24
GE1/0/3
GE1/0/2
10.1.2.2/24
GE1/0/1
CE1
CE2
Loopback0
2.2.2.2/32
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Configure PW redundancy:
a.
Enable an interior gateway protocol (IGP) on the backbone network to allow devices
on the backbone network to communicate with each other.
b.
Run a routing protocol to ensure connectivity of routers on the backbone network,
enable basic basic multiprotocol label switching (MPLS) functions, and set up an label
switched path (LSP) between PE1 and PE3 and between PE2 and PE3.
c.
Configure LDP Fast Reroute (FRR) and IGP-LDP synchronization.
d.
Enable MPLS L2VPN on PE1, PE2, and PE3.
e.
Create an active Pseudo Wire (PW) between PE1 and PE3.
f.
Create a standby PW between PE2 and PE3.
Configure an E-Trunk:
a.
Create an Eth-Trunk between the CE and PE1 and between the CE and PE2
respectively, configure the Eth-Trunk interfaces to work in static LACP mode, and
add member interfaces to the Eth-Trunk interfaces.
b.
Create an E-Trunk between PE1 and PE2, and add the Eth-Trunk interfaces in static
LACP mode to the E-Trunk.
c.
Configure E-Trunk attributes:
l Priorities of the E-Trunk
l System ID and LACP priority of the E-Trunk
l Period for sending Hello packets by the E-Trunk
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
220
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
l Time multiplier for detecting Hello packets by the E-Trunk
l Descriptions of the E-Trunk.
l IP addresses of the local and peer ends of the E-Trunk
3.
Verify the configuration.
Data Preparation
To complete the configuration, you need the following data:
l
MPLS LSR ID of each PE
l
VC ID and VC type of each PE
l
Priorities of the E-Trunk
l
System ID and LACP priority of the E-Trunk
l
Number and working mode of each Eth-Trunk interface
l
Local and peer IP addresses
l
Period for sending Hello packets and time multiplier for detecting Hello packets
Procedure
Step 1 Configure the MPLS backbone network.
1.
Configure an IGP on the MPLS backbone network. The Open Shortest Path First (OSPF)
protocol is used as the IGP protocol in this example.
Assign an IP address to each member interface on each PE as shown in Figure 3-23. After
OSPF is enabled, the 32-bit loopback address of each PE must be advertised.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.1 255.255.255.255
[PE1-LoopBack0] quit
[PE1] interface gigabitethernet 1/0/3
[PE1-GigabitEthernet1/0/3] undo shutdown
[PE1-GigabitEthernet1/0/3] ip address 10.1.3.2 255.255.255.0
[PE1-GigabitEthernet1/0/3] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] undo shutdown
[PE1-GigabitEthernet1/0/1] ip address 10.1.4.1 255.255.255.0
[PE1-GigabitEthernet1/0/1] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 10.1.4.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 2.2.2.2 255.255.255.255
[PE2-LoopBack0] quit
[PE2] interface gigabitethernet 1/0/3
[PE2-GigabitEthernet1/0/3] undo shutdown
[PE2-GigabitEthernet1/0/3] ip address 10.1.2.2 255.255.255.0
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
221
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
[PE2-GigabitEthernet1/0/3] quit
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] undo shutdown
[PE2-GigabitEthernet1/0/1] ip address 10.1.4.2 255.255.255.0
[PE2-GigabitEthernet1/0/1] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 10.1.4.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# Configure PE3.
<HUAWEI> system-view
[HUAWEI] sysname PE3
[PE3] interface loopback 0
[PE3-LoopBack0] ip address 3.3.3.3 255.255.255.255
[PE3-LoopBack0] quit
[PE3] interface gigabitethernet 1/0/1
[PE3-GigabitEthernet1/0/1] undo shutdown
[PE3-GigabitEthernet1/0/1] ip address 10.1.3.1 255.255.255.0
[PE3-GigabitEthernet1/0/1] quit
[PE3] interface gigabitethernet 1/0/2
[PE3-GigabitEthernet1/0/2] undo shutdown
[PE3-GigabitEthernet1/0/2] ip address 10.1.2.1 255.255.255.0
[PE3-GigabitEthernet1/0/2] quit
[PE3] ospf
[PE3-ospf-1] area 0
[PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE3-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[PE3-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255
[PE3-ospf-1-area-0.0.0.0] quit
[PE3-ospf-1] quit
After the preceding configurations are complete, PE1 and PE3, and PE2 and PE3 can learn
routes to interfaces loopback 0 from each other and can be pinged successfully.
Use the display on PE1 as an example:
[PE1] ping 3.3.3.3
PING 3.3.3.3: 56 data bytes, press CTRL_C to break
Reply from 3.3.3.3: bytes=56 Sequence=1 ttl=255
Reply from 3.3.3.3: bytes=56 Sequence=2 ttl=255
Reply from 3.3.3.3: bytes=56 Sequence=3 ttl=255
Reply from 3.3.3.3: bytes=56 Sequence=4 ttl=255
Reply from 3.3.3.3: bytes=56 Sequence=5 ttl=255
time=260 ms
time=30 ms
time=50 ms
time=30 ms
time=60 ms
--- 3.3.3.3 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/86/260 ms
2.
Enable basic MPLS functions and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface gigabitethernet
[PE1-GigabitEthernet1/0/3] mpls
[PE1-GigabitEthernet1/0/3] mpls
[PE1-GigabitEthernet1/0/3] quit
[PE1] interface gigabitethernet
[PE1-GigabitEthernet1/0/1] mpls
[PE1-GigabitEthernet1/0/1] mpls
Issue 02 (2014-09-30)
1/0/3
ldp
1/0/1
ldp
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
222
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
[PE1-GigabitEthernet1/0/1] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface gigabitethernet
[PE2-GigabitEthernet1/0/3] mpls
[PE2-GigabitEthernet1/0/3] mpls
[PE2-GigabitEthernet1/0/3] quit
[PE2] interface gigabitethernet
[PE2-GigabitEthernet1/0/1] mpls
[PE2-GigabitEthernet1/0/1] mpls
[PE2-GigabitEthernet1/0/1] quit
1/0/3
ldp
1/0/1
ldp
# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3
[PE3] mpls
[PE3-mpls] quit
[PE3] mpls ldp
[PE3-mpls-ldp] quit
[PE3] interface gigabitethernet
[PE3-GigabitEthernet1/0/1] mpls
[PE3-GigabitEthernet1/0/1] mpls
[PE3-GigabitEthernet1/0/1] quit
[PE3] interface gigabitethernet
[PE3-GigabitEthernet1/0/2] mpls
[PE3-GigabitEthernet1/0/2] mpls
[PE3-GigabitEthernet1/0/2] quit
1/0/1
ldp
1/0/2
ldp
After the preceding configurations are complete, LDP sessions are set up between PE1 and
PE3, and between PE2 and PE3. Run the display mpls ldp session command and you can
see that the Status field displays Operational.
Use the display on PE1 as an example:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
-----------------------------------------------------------------------------Peer-ID
Status
LAM SsnRole SsnAge
KA-Sent/Rcv
-----------------------------------------------------------------------------3.3.3.3:0
Operational DU
Passive 000:00:13
23/21
2.2.2.2:0
Operational DU
Passive 000:00:00
1/1
-----------------------------------------------------------------------------TOTAL: 1 session(s) Found.
3.
Configure LDP FRR and IGP-LDP synchronization.
Configure LDP FRR on PE3.
[PE3] interface gigabitethernet1/0/1
[PE3-GigabitEthernet1/0/1] mpls ldp frr nexthop 10.1.2.2
Configure IGP-LDP synchronization.
Configure PE1.
[PE1] interface gigabitethernet1/0/3
[PE1-GigabitEthernet1/0/3] ospf ldp-sync
[PE1-GigabitEthernet1/0/3] quit
Configure PE2.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
223
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
[PE2] interface gigabitethernet1/0/3
[PE2-GigabitEthernet1/0/3] ospf ldp-sync
[PE2-GigabitEthernet1/0/3] quit
Configure PE3.
[PE3-GigabitEthernet1/0/1] ospf ldp-sync
[PE3-GigabitEthernet1/0/1] quit
[PE3] interface gigabitethernet1/0/2
[PE3-GigabitEthernet1/0/2] ospf ldp-sync
[PE3-GigabitEthernet1/0/2] quit
4.
Configure remote MPLS LDP connections between PE1 and PE3, and between PE2 and
PE3.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 3.3.3.3
[PE2-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
[PE2-mpls-ldp-remote-3.3.3.3] quit
# Configure PE3.
[PE3] mpls ldp remote-peer 1.1.1.1
[PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
[PE3-mpls-ldp-remote-1.1.1.1] quit
[PE3] mpls ldp remote-peer 2.2.2.2
[PE3-mpls-ldp-remote-2.2.2.2] remote-ip 2.2.2.2
[PE3-mpls-ldp-remote-2.2.2.2] quit
5.
Enable MPLS L2VPN on each PE.
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
# Configure PE3.
[PE3] mpls l2vpn
[PE3-l2vpn] quit
Step 2 Configure an E-Trunk.
1.
Configure Eth-Trunk interfaces on the PEs.
# Create an Eth-Trunk interface on PE1.
[PE1] interface Eth-Trunk 20
[PE1-Eth-Trunk20] portswitch
[PE1-Eth-Trunk20] mode user-termination
# Configure the Eth-Trunk interface to work in static LACP mode.
[PE1-Eth-Trunk20] mode lacp-static
[PE1-Eth-Trunk20] quit
# Add member interfaces to the Eth-Trunk interface.
[PE1] interface gigabitethernet 1/0/2
[PE1-GigabitEthernet1/0/2] undo shutdown
[PE1-GigabitEthernet1/0/2] eth-trunk 20
[PE1-GigabitEthernet1/0/2] quit
# Create an Eth-Trunk sub-interface on PE1.
[PE1] interface Eth-Trunk 20.100
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
224
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
# Configure QinQ termination on the Eth-Trunk sub-interface.
[PE1-Eth-Trunk20.100]
[PE1-Eth-Trunk20.100]
[PE1-Eth-Trunk20.100]
[PE1-Eth-Trunk20.100]
control-vid 100 qinq-termination
qinq termination pe-vid 100 ce-vid 100
undo shutdown
quit
# Configure PE2.
[PE2] interface Eth-Trunk 20
[PE2-Eth-Trunk20] portswitch
[PE2-Eth-Trunk20] mode user-termination
[PE2-Eth-Trunk20] mode lacp-static
[PE2-Eth-Trunk20] quit
[PE2] interface gigabitethernet 1/0/2
[PE2-GigabitEthernet1/0/2] undo shutdown
[PE2-GigabitEthernet1/0/2] eth-trunk 20
[PE2-GigabitEthernet1/0/2] quit
[PE2] interface Eth-Trunk 20.100
[PE2-Eth-Trunk20.100] control-vid 100 qinq-termination
[PE2-Eth-Trunk20.100] qinq termination pe-vid 100 ce-vid 100
[PE2-Eth-Trunk20.100] undo shutdown
[PE2-Eth-Trunk20.100] quit
2.
Configure an Eth-Trunk interface on CE1.
# Add the Eth-Trunk Interface to VLAN 100.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] interface Eth-Trunk 20
[CE1-Eth-Trunk20] portswitch
[CE1-Eth-Trunk20] quit
[CE1] vlan 100
[CE1-vlan100] port Eth-Trunk 20
[CE1-vlan100] quit
[CE1] interface Eth-Trunk 20
[CE1-Eth-Trunk20] port trunk allow-pass vlan 100
# Configure the Eth-Trunk interface to work in static LACP mode.
[CE1-Eth-Trunk20] mode lacp-static
[CE1-Eth-Trunk20] quit
# Add member interfaces to the Eth-Trunk interface.
[CE1] interface gigabitethernet 1/0/1
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] eth-trunk 20
[CE1-GigabitEthernet1/0/1] quit
[CE1] interface gigabitethernet 1/0/2
[CE1-GigabitEthernet1/0/2] undo shutdown
[CE1-GigabitEthernet1/0/2] eth-trunk 20
[CE1-GigabitEthernet1/0/2] quit
3.
Configure an E-Trunk between PE1 and PE2, and add the Eth-Trunk interfaces in static
LACP mode to the E-Trunk.
# Configure PE1.
[PE1] e-trunk 1
[PE1-e-trunk-1] quit
[PE1] interface eth-trunk 20
[PE1-Eth-Trunk20] e-trunk 1
# Configure the system ID for the Eth-trunk interface. The system IDs in the same E-Trunk
must be the same.
[PE1-Eth-Trunk20] quit
[PE1] lacp e-trunk system-id 0000-0000-0001
# Configure PE2.
[PE2] e-trunk 1
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
225
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
[PE2-e-trunk-1] quit
[PE2] interface eth-trunk 20
[PE2-Eth-Trunk20] e-trunk 1
[PE2-Eth-Trunk20] quit
[PE2] lacp e-trunk system-id 0000-0000-0001
4.
Configure E-Trunk attributes.
l Configure E-Trunk priorities, and specify the IP addresses for the local and remote ends
in the E-Trunk.
# Configure PE1.
[PE1] e-trunk 1
[PE1-e-trunk-1] priority 10
[PE1-e-trunk-1] peer-address 2.2.2.2 source-address 1.1.1.1
[PE1-e-trunk-1] quit
# Configure PE2.
[PE2] e-trunk 1
[PE2-e-trunk-1] priority 20
[PE2-e-trunk-1] peer-address 1.1.1.1 source-address 2.2.2.2
[PE2-e-trunk-1] quit
l Configure the LACP priority of the E-Trunk.
The LACP priorities in the same E-Trunk must be the same.
# Configure PE1.
[PE1] lacp e-trunk priority 1
# Configure PE2.
[PE2] lacp e-trunk priority 1
l Configure the time multiplier for detecting Hello packets by the E-Trunk.
# Configure PE1.
[PE1] e-trunk 1
[PE1-e-trunk-1] timer hold-on-failure multiplier 30
# Configure PE2.
[PE2] e-trunk 1
[PE2-e-trunk-1] timer hold-on-failure multiplier 30
l Configure the period for sending Hello packets by the E-Trunk.
# Configure PE1.
[PE1-e-trunk-1] timer hello 9
# Configure PE2.
[PE2-e-trunk-1] timer hello 9
l Configure the switchback delay time of the E-Trunk.
# Configure PE1.
[PE1-e-trunk-1] timer revert delay 0
[PE1-e-trunk-1] quit
# Configure PE2.
[PE2-e-trunk-1] timer revert delay 0
[PE2-e-trunk-1] quit
l Configure the description of the E-Trunk.
# Configure PE1.
[PE1-e-trunk-1] description PE1_to_PE2
# Configure PE2.
[PE2-e-trunk-1] description PE2_to_PE1
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
226
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5.
3 Eth-Trunk Interface Configuration
Bind the E-Trunk to a BFD session.
l Create a BFD session.
# Configure PE1.
[PE1] bfd
[PE1-bfd] quit
[PE1] bfd hello bind peer-ip 2.2.2.2 source-ip 1.1.1.1
[PE1-bfd-session-hello] discriminator local 1
[PE1-bfd-session-hello] discriminator remote 2
[PE1-bfd-session-hello] commit
[PE1-bfd-session-hello] quit
The IP addresses of the local and peer ends that are bound to a BFD session must be
the same as that of the E-Trunk.
# Configure PE2.
[PE2] bfd
[PE2-bfd] quit
[PE2] bfd hello bind peer-ip 1.1.1.1 source-ip 2.2.2.2
[PE2-bfd-session-hello] discriminator local 2
[PE2-bfd-session-hello] discriminator remote 1
[PE2-bfd-session-hello] commit
[PE2-bfd-session-hello] quit
l Bind the E-Trunk to a BFD session.
# Configure PE1.
[PE1] e-trunk 1
[PE1-e-trunk-1] e-trunk track bfd-session session-name hello
[PE1-e-trunk-1] quit
# Configure PE2.
[PE2] e-trunk 1
[PE2-e-trunk-1] e-trunk track bfd-session session-name hello
[PE2-e-trunk-1] quit
After the preceding configurations are complete, run the display bfd session all
verbose command on PE1 and PE2. The command output shows that the BFD session
has been created and in the Up state.
Use the display on PE1 as an example:
[PE1] display bfd session all verbose
------------------------------------------------------------------------------Session MIndex : 256
(Multi Hop) State : Up
Name : hello
------------------------------------------------------------------------------Local Discriminator
: 1
Remote Discriminator
: 2
Session Detect Mode
: Asynchronous Mode Without Echo Function
BFD Bind Type
: Peer IP Address
Bind Session Type
: Static
Bind Peer IP Address
: 2.2.2.2
Bind Interface
: Bind Source IP Address : 1.1.1.1
FSM Board Id
: 1
TOS-EXP
: 7
Min Tx Interval (ms)
: 1000
Min Rx Interval (ms)
: 1000
Actual Tx Interval (ms): Actual Rx Interval (ms): Local Detect Multi
: 3
Detect Interval (ms)
: Echo Passive
: Disable
Acl Number
: Destination Port
: 3784
TTL
: 254
Proc Interface Status : Disable
Process PST
:
Disable
WTR Interval (ms)
: Local Demand Mode
:
Disable
Last Local Diagnostic : No Diagnostic
Bind Application
: E-TRUNK
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
227
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Session TX TmrID
: Session Detect TmrID
: Session Init TmrID
: Session WTR TmrID
: Session Echo Tx TmrID : PDT Index
: FSM-0 | RCV-0 | IF-0 | TOKEN-0
Session Description
: ------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Step 3 Configure PWs.
# Configure PE1.
[PE1] interface Eth-Trunk20.100
[PE1-Eth-Trunk20.100] mpls l2vc 3.3.3.3 103
# Configure PE2.
[PE2] interface Eth-Trunk20.100
[PE2-Eth-Trunk20.100] mpls l2vc 3.3.3.3 203
# Configure PE3.
[PE3] interface GigabitEthernet1/0/3.100
[PE3-GigabitEthernet1/0/3.100] control-vid 100 qinq-termination
[PE3-GigabitEthernet1/0/3.100] qinq termination pe-vid 100 ce-vid 100
[PE3-GigabitEthernet1/0/3.100] mpls l2vc 1.1.1.1 103
[PE3-GigabitEthernet1/0/3.100] mpls l2vc 2.2.2.2 203 secondary
[PE3-GigabitEthernet1/0/3.100] mpls l2vpn redundancy independent
Step 4 Verify the configuration.
# Run the display eth-trunk command on CE1. You can view the configurations of the EthTrunk interfaces.
[CE1] display eth-trunk 20
Eth-Trunk20's state information is:
Local:
LAG ID: 20
WorkingMode: STATIC
Preempt Delay: Disabled
Hash arithmetic: According to flow
System Priority: 32768
System ID: 0018-82f7-c74c
Least Active-linknumber: 1 Max Active-linknumber: 16
Operate status: up
Number Of Up Port In Trunk: 1
-------------------------------------------------------------------------------ActorPortName
Status
PortType PortPri PortNo PortKey PortState
Weight
GigabitEthernet1/0/1
Selected 100M
32768
128
2593
11111100 1
GigabitEthernet1/0/2
Unselect 100M
32768
129
2593
11100010 1
Partner:
-------------------------------------------------------------------------------ActorPortName
SysPri
SystemID
PortPri PortNo PortKey
PortState
GigabitEthernet1/0/1
1
0000-0000-0001 32768 129
2593
11111100
GigabitEthernet1/0/2
1
0000-0000-0001 32768 32896
2593
11010000
The command output on CE1 shows that the member interfaces GE 1/0/1 and GE 1/0/2 are in
the Selected and Unselect state respectively.
# Run the display e-trunk command. You can view information about the E-Trunk.
[PE1] display e-trunk 1
The E-Trunk information
E-TRUNK-ID
: 1
Revert-Delay-Time (s) : 0
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
228
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Priority
: 10
System-ID
: 0018-82d7-b58b
Peer-IP
: 2.2.2.2
Source-IP
: 1.1.1.1
State
: Master
Causation
: PRI
Send-Period (100ms)
: 9
Fail-Time (100ms)
: 27
Receive
: 41
Send
: 42
RecDrop
: 0
SndDrop
: 0
Peer-Priority
: 20
Peer-System-ID
: 0018-82f7-c752
Peer-Fail-Time (100ms) : 27
BFD-Session
: 1
Description
: PE1_to_PE2
-------------------------------------------------------------------------------The Member information
Type
ID LocalPhyState
Work-Mode
State
Causation
Eth-Trunk
20 Up
auto
Master
PEER_MEMBER_DOWN
[PE2] display e-trunk 1
The E-Trunk information
E-TRUNK-ID
: 1
Revert-Delay-Time (s) : 0
Priority
: 20
System-ID
: 0018-82f7-c752
Peer-IP
: 1.1.1.1
Source-IP
: 2.2.2.2
State
: Backup
Causation
: PRI
Send-Period (100ms)
: 9
Fail-Time (100ms)
: 27
Receive
: 43
Send
: 42
RecDrop
: 3
SndDrop
: 0
Peer-Priority
: 10
Peer-System-ID
: 0018-82d7-b58b
Peer-Fail-Time (100ms) : 27
BFD-Session
: 2
Description
: PE2_to_PE1
-------------------------------------------------------------------------------The Member information
Type
ID LocalPhyState
Work-Mode
State
Causation
Eth-Trunk
20 Down
auto
Backup
PEER_MEMBER_UP
The command output shows that the E-Trunk priority on PE1 is 10 and the status of the E-Trunk
on PE1 is master, and the E-Trunk priority on PE2 is 20 and the status of the E-Trunk on PE2
is backup. This implements link backup between PE1 and PE2.
# Run the display mpls l2vc brief command. You can view the status about the PWs.
Use the display on PE1 as an example:
[PE3] display mpls l2vc brief
Total ldp vc : 2
2 up
0 down
*Client Interface
Administrator PW
AC status
VC State
VC ID
VC Type
session state
Destination
link state
:
:
:
:
:
:
:
:
:
GigabitEthernet1/0/3.100
no
up
up
103
VLAN
up
1.1.1.1
up
*Client Interface
Administrator PW
AC status
VC State
VC ID
VC Type
session state
Destination
link state
:
:
:
:
:
:
:
:
:
GigabitEthernet1/0/3.100
no
up
up
203
VLAN
up
2.2.2.2
up
The command output shows that both PWs are Up.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
229
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
Configuration Files
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 1
#
interface Eth-Trunk20
portswitch
port trunk allow-pass vlan 100
mode lacp-static
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 20
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 20
#
return
l
Configuration file of PE1
#
sysname PE1
#
e-trunk 1
priority 10
timer hello 9
timer hold-on-failure multiplier 30
description PE1_to_PE2
#
lacp e-trunk priority 1
#
bfd
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
undo remote-ip pwe3
#
interface Eth-Trunk20
portswitch
mode user-termination
mode lacp-static
e-trunk 1
lacp e-trunk system-id 0000-0000-0001
#
interface Eth-Trunk20.100
control-vid 100 qinq-termination
qinq termination pe-vid 100 ce-vid 100
mpls l2vc 3.3.3.3 103
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.1.3.2 255.255.255.0
ospf ldp-sync
mpls
mpls ldp
#
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
230
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
interface GigabitEthernet1/0/1
undo shutdown
ip address 10.1.4.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 20
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
bfd hello bind peer-ip 2.2.2.2 source-ip 1.1.1.1
discriminator local 1
discriminator remote 2
commit
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.3.0 0.0.0.255
network 10.1.4.0 0.0.0.255
#
e-trunk 1
priority 10
peer-address 2.2.2.2 source-address 1.1.1.1
timer hello 9
timer hold-on-failure multiplier 3
timer revert delay 0
e-trunk track bfd-session session-name hello
#
return
l
Configuration file of PE2
#
sysname PE2
#
e-trunk 1
priority 20
timer hello 9
timer hold-on-failure multiplier 30
description PE2_to_PE1
#
lacp e-trunk priority 1
#
bfd
#
mpls lsr-id 2.2.2.2
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
undo remote-ip pwe3
#
interface Eth-Trunk20
portswitch
mode user-termination
mode lacp-static
e-trunk 1
lacp e-trunk system-id 0000-0000-0001
#
interface Eth-Trunk20.100
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
231
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
control-vid 100 qinq-termination
qinq termination pe-vid 100 ce-vid 100
mpls l2vc 3.3.3.3 203
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.1.2.2 255.255.255.0
ospf ldp-sync
mpls
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 10.1.4.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 20
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
bfd hello bind peer-ip 1.1.1.1 source-ip 2.2.2.2
discriminator local 2
discriminator remote 1
commit
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.2.0 0.0.0.255
network 10.1.4.0 0.0.0.255
#
e-trunk 1
priority 20
peer-address 1.1.1.1 source-address 2.2.2.2
timer hello 9
timer hold-on-failure multiplier 3
timer revert delay 0
e-trunk track bfd-session session-name hello
#
return
l
Configuration file of PE3
#
sysname PE3
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
undo remote-ip pwe3
#
mpls ldp remote-peer 2.2.2.2
remote-ip 2.2.2.2
undo remote-ip pwe3
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 10.1.3.1 255.255.255.0
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
232
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3 Eth-Trunk Interface Configuration
ospf ldp-sync
mpls
mpls ldp
mpls ldp frr nexthop 10.1.2.2
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.2.1 255.255.255.0
ospf ldp-sync
mpls
mpls ldp
#
interface GigabitEthernet1/0/3.100
undo shutdown
control-vid 100 qinq-termination
qinq termination pe-vid 100 ce-vid 100
mpls l2vc 1.1.1.1 103
mpls l2vc 2.2.2.2 203 secondary
mpls l2vpn redundancy independent
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
#
return
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
233
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
4
VLAN Configuration
About This Chapter
Virtual Local Area Networks (VLANs) have advantages of broadcast domain isolation, security
enhancement, flexible networking, and good extensibility.
4.1 VLAN Introduction
The VLAN technology logically divides a physical LAN into multiple broadcast domains
(VLANs).
4.2 Configuring a VLAN Based on Ports
Configuring a VLAN based on ports allows PCs in the VLAN to communicate with each other.
4.3 Configuring a VLANIF Interface
VLANIF interfaces are Layer 3 logical interfaces. After creating VLANIF interfaces on Layer
2 devices, you can configure Layer 3 features on these interfaces.
4.4 Configuring Inter-VLAN Communication
Configuring inter-VLAN communication allows users in different VLANs to communicate with
each other. Currently, the NE80E/40E supports several inter-VLAN communication schemes.
Choose one of them as required.
4.5 Configuring VLAN Security Attributes
Configuring VLAN security attributes ensures reliable transmission of user package. Currently,
the NE80E/40E supports several security attributes. You can configure security attributes as
required.
4.6 Configuring VLAN Aggregation to Save IP Addresses
VLAN aggregation prevents the waste of IP addresses and implements inter-VLAN
communication.
4.7 Configuring VLAN Policy-based VPN Access
VLAN policy-based VPN access allows VLLs, VSIs, or VPN instances to transmit separate
services. Currently, the NE80E/40E supports several VLAN policy-based VPN access schemes.
Choose one of them as required.
4.8 Configuring Interface Isolation in a VLAN
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
234
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
After interface isolation in a VLAN is configured, interfaces in the VLAN cannot communicate
with each other. To have isolated interfaces communicate with each other, you need to configure
ARP proxy in the VLAN. In this manner, you can monitor traffic in the VLAN at Layer 3.
4.9 Configuring the Isolation Based on Interface Groups in a VLAN
You can isolate interfaces in a VLAN by adding interfaces to different interface groups.
4.10 Configuring Ethernet Loop Detection for a VLAN
In the case of an uncontrollable user network, the NE80E/40E supports the deployment of
Ethernet loop detection on the provider's network to prevent loops in a VLAN.
4.11 Maintaining VLAN
A command of clearing statistics helps to locate the faults in a VLAN.
4.12 Configuration Examples
This section describes the typical application scenarios of VLANs, including networking
requirements, configuration roadmap, and data preparation, and provides related configuration
files.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
235
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
4.1 VLAN Introduction
The VLAN technology logically divides a physical LAN into multiple broadcast domains
(VLANs).
4.1.1 Introduction
The VLAN technology is important for forwarding on Layer 2 networks. This section describes
the background, functions, and advantages of the VLAN technology.
Overview of VLAN
The Ethernet technology is for sharing communication mediums and data based on the Carrier
Sense Multiple Access/Collision Detect (CSMA/CD). If there are a large number of PCs on an
Ethernet network, collision becomes a serious problem and can lead to broadcast storms. As a
result, network performance deteriorates. This can even cause the Ethernet network to become
unavailable. Switches can be used to interconnect local area networks (LANs). Switches forward
information received by inbound ports to specified outbound ports, thereby preventing access
collision in a shared medium. If no specified outbound port is found for information received
by an inbound port, the switch will forward the information from all ports except the inbound
port. This forms a broadcast domain.
To prevent broadcast domains from being too broad and causing problems, you can divide a
network into segments. In this manner, a large broadcast domain is divided into multiple small
broadcast domains to confine the possible scope of broadcast packets. Routers can be deployed
at the network layer to separate broadcast domains, but this method has disadvantages, which
include: complex network planning, inflexible networking, and high levels of expenditure. The
Virtual Local Area Network (VLAN) technology can divide a large Layer 2 network into
broadcast domains to prevent broadcast storms and protect network security.
Definition of VLAN
The VLAN technology is used to divide a physical LAN into multiple logical broadcast domains,
each of which is called a VLAN. Each VLAN contains a group of PCs that have the same
requirements. A VLAN has the same attributes as a LAN. PCs of a VLAN can be placed on
different LAN segments. If two PCs are located on one LAN segment but belong to different
VLANs, they do not broadcast packets to each other. With VLAN, the broadcast traffic volume
is reduced; fewer devices are required; network management is simplified; and network security
is improved.
Figure 4-1 shows a typical VLAN application. Three switches are placed in different locations,
for example, different stories of an office building. The VLAN technology allows enterprises to
share LAN facilities and ensures information security for each enterprise network.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
236
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Figure 4-1 Schematic diagram for a typical VLAN application
Router
Switch1
Switch2
Switch3
VLAN-A
VLAN-B
VLAN-C
This application shows the following VLAN advantages:
l
Broadcast domains are confined. A broadcast domain is confined to a VLAN. This saves
bandwidth and improves network processing capabilities.
l
Network security is enhanced. Packets from different VLANs are separately transmitted.
PCs in one VLAN cannot directly communicate with PCs in another VLAN.
l
Network robustness is improved. A fault in a VLAN does not affect PCs in other VLANs.
l
Virtual groups are set up flexibly. With the VLAN technology, PCs in different
geographical areas can be grouped together. This facilitates network construction and
maintenance.
Basic VLAN Concepts and Principles
l
802.1Q and VLAN frame format
A conventional Ethernet frame is encapsulated with the Length/Type field for an upperlayer protocol following the Destination address and Source address fields, as shown in
Figure 4-2.
Figure 4-2 Conventional Ethernet frame format
6bytes
Destination
address
6bytes
2bytes
46-1500bytes 4bytes
Source
Data
FCS
Length/Type
address
IEEE 802.1Q is an Ethernet networking standard for a specified Ethernet frame format. It
adds a 32-bit field between the Source address and the Length/Type fields of the original
frame, as shown in Figure 4-3.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
237
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Figure 4-3 802.1Q frame format
6bytes
6bytes
4bytes
Destination Source 802.1Q
address
address
Tag
TPID
2bytes
PRI
2bytes 46-1500bytes 4bytes
Length/
Type
Data
FCS
CFI VID
3bits 1bit 12bits
– Tag Protocol Identifier (TPID): a 16-bit field set to a value of 0x8100 in order to identify
the frame as an IEEE 802.1Q-tagged frame. If an 802.1Q-incapable device receives an
802.1Q frame, it will discard the frame.
– Priority (PRI): a 3-bit field which indicates the frame priority. The value ranges from 0
to 7. The greater the value, the higher the priority. These values can be used to prioritize
different classes of traffic to ensure that frames with high priorities are transmitted first
when traffic is heavy.
For details, see the NE80E/40E Configuration Guide - QoS.
– Canonical Format Indicator (CFI): a 1-bit field. If the value of this field is 1, the MAC
address is in the non-canonical format. If the value is 0, the MAC address is in the
canonical format. CFI is used to ensure compatibility between Ethernet networks and
Token Ring networks. It is always set to zero for Ethernet switches.
– VLAN Identifier (VID): a 12-bit field specifying the VLAN to which the frame belongs.
On the NE80E/40E, VLAN IDs range from 0 to 4095. The values 0 and 4095 are
reserved, and therefore VLAN IDs range from 1 to 4094.
Each frame sent by an 802.1Q-capable switch carries a VLAN ID. On a VLAN, Ethernet
frames are classified into the following types:
– Tagged frames: frames with 32-bits 802.1Q tags.
– Untagged frames: frames without 32-bits 802.1Q tags.
l
Issue 02 (2014-09-30)
Type of VLAN links
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
238
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Figure 4-4 Schematic diagram for VLAN links
VLAN3
PC3
VLAN3
PC4
Access link
3
3
2
Trunk link
CE1
3
2
Trunk link
PE
2
Access link
PC1
VLAN2
CE2
PC2
VLAN2
As shown in Figure 4-4, there are the following types of VLAN links:
– Access link: connects a PC to a switch. Generally, a PC does not know which VLAN
it belongs to, and PC hardware cannot distinguish frames with VLAN tags. Therefore,
PCs send and receive only untagged frames.
– Trunk link: connects a switch to another switch or to a router. Data of different VLANs
are transmitted along a trunk link. The two ends of a trunk link must be able to distinguish
frames with VLAN tags. Therefore, only tagged frames are transmitted along trunk
links.
l
Port types
Table 4-1 lists VLAN port types.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
239
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Table 4-1 Port types
Port
Type
Method of
Processing
Received
Untagged Frames
Method of
Processing
Received
Tagged
Frames
Method of
Sending
Frames
Application
Access
port
Accepts an untagged
frame and adds a tag
with the default
VLAN ID to the
frame.
l Accepts a
tagged
frame if the
port permits
the VLAN
ID carried in
the frame.
Removes the tag
from a frame and
sends the frame.
An access port
connects a
switch to a PC
and can be
added to only
one VLAN.
Directly sends a
received frame if
the VLAN ID
carried in the
frame is
permitted by the
port.
A trunk port
can be added to
multiple
VLANs to send
and receive
frames for these
VLANs. A
trunk port
connects a
switch to
another switch
or to a router.
l Discards a
tagged
frame if the
port denies
the VLAN
ID carried in
the frame.
Trunk
port
Discards the frame.
l Accepts a
tagged
frame if the
port permits
the VLAN
ID carried in
the frame.
l Discards a
tagged
frame if the
port denies
the VLAN
ID carried in
the frame.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
240
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Port
Type
Method of
Processing
Received
Untagged Frames
Hybrid
port
l Adds a tag with
the default
VLAN ID to an
untagged frame
and accepts the
frame if the port
permits the
default VLAN
ID.
4 VLAN Configuration
Method of
Processing
Received
Tagged
Frames
Method of
Sending
Frames
Application
Sends a received
frame if the port
permits the
VLAN ID
carried in the
frame.
A hybrid port
can be added to
multiple
VLANs to send
and receive
frames for these
VLANs. A
hybrid port can
connect a
switch to a PC
or connect a
network device
to another
network
device.
l By default, on
VLAN is
configured on the
interface. The
frames are
discarded
directly.
QinQ
port
QinQ ports are enabled with the IEEE 802.1QinQ protocol. A QinQ port adds
a tag to a single-tagged frame, and therefore supports a maximum of 4094 x
4094 VLAN tags, which meets the requirement of a Metropolitan Area
Network (MAN)for the number of VLANs.
For details about QinQ, see 5 QinQ Configuration.
Each access, hybrid, or QinQ port can be configured with a default VLAN, namely, the
port default VLAN ID (PVID) to specify the VLAN to which the port belongs.
– The PVID of an access port indicates the VLAN to which the port belongs.
– As a hybrid port can be added to multiple VLANs, the port must be configured with
PVIDs.
By default, a port is added to VLAN 0.
l
Principle for data switching in a VLAN
Use the network shown in Figure 4-4 as an example. If PC 1 in VLAN 2 intends to send
data to PC 2, the data is forwarded as follows:
1.
An access port on CE 1 receives an untagged frame from PC 1 and adds a PVID
(VLAN 2) to the frame. CE 1 searches the MAC address table for an outbound port.
Then the frame is transmitted from the outbound port.
NOTE
Assume that VLANs are configured based on MAC addresses. After an access port on CE 1
receives an untagged frame from PC 1, the port checks the VLAN mapping table for a VLAN
ID corresponding to the source MAC address, and adds a tag with the obtained VLAN ID to
the frame.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
241
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
l
4 VLAN Configuration
2.
After the trunk port on PE receives the frame, the port checks whether the VLAN ID
carried in the frame is the same as that configured on the port. If the VLAN ID has
been configured on the port, the port transparently transmits the frame to CE 2. If the
VLAN ID is not configured on the port, the port discards the frame.
3.
After a trunk port on CE 2 receives the frame, the system searches the MAC address
table for an outbound port which connects CE 2 to PC 2.
4.
After the frame is sent to the access port connecting CE 2 to PC 2, the port checks that
the VLAN ID carried in the frame is the same as that configured on the port. The port
then removes the tag from the frame and sends the untagged frame to PC 2.
VLANIF interface
A VLANIF interface is a Layer 3 logical interface, which can be configured on either a
Layer 3 switch or a router.
Layer 3 switching combines routing and switching techniques to implement routing on a
switch, therefore improving the overall network performance. After sending the first data
flow, a Layer 3 switch generates mappings between MAC addresses and IP addresses. To
send the same data flow, the switch directly sends the data flow at Layer 2 but not Layer 3
based on this mapping table.
To allow that new data flows are correctly forwarded based on the routing table, be sure
that the routing table's routing entries are correct. Therefore, VLANIF interfaces and
routing protocols must be configured on Layer 3 switches for reachable Layer 3 routes.
NOTE
Key points are summarized as follows:
l
A PC does not need to know the VLAN to which it belongs. It sends only untagged frames.
l
After receiving an untagged frame from a PC, a switching device determines the VLAN to which
the frame belongs. The determination is based on the configured VLAN division method such as port
information, and then the switching device processes the frame accordingly.
l
If the frame needs to be forwarded to another switching device, the frame must be transparently
transmitted along a trunk link. Frames transmitted along trunk links must carry VLAN tags to allow
other switching devices to properly forward the frame based on the VLAN information.
l
Before sending the frame to the destination PC, the switching device connected to the destination PC
removes the VLAN tag from the frame to ensure that the PC receives an untagged frame.
Generally, only tagged frames are transmitted on trunk links; only untagged frames are transmitted on
access links. In this manner, switching devices on the network can properly process VLAN information
and PCs are not concerned about VLAN information.
4.1.2 VLAN Features Supported by the NE80E/40E
This section describes the VLAN features supported by the NE80E/40E to help you better
understand the process of configuring VLANs.
The VLAN technology partitions a single Layer 2 network into multiple broadcast domains that
are mutually isolated. Each of the broadcast domain can be referred to as a VLAN, and the VLAN
technology implements both intra-VLAN and inter-VLAN communication. The general process
of configuring VLANs is described as follows.
1.
After VLANs are configured, users in a VLAN can communicate with each other.
2.
Further configurations are needed for users in different VLANs to communicate with each
other.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
242
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
NOTE
Intra-VLAN communication and inter-VLAN communication are basic VLAN functions.
3.
Security configurations are needed to ensure reliable VLAN data transmission.
4.
The following VLAN features are also supported to meet the requirements of special
applications and implement extended functions:
l VLAN aggregation: prevents the waste of IP addresses and implements inter-VLAN
communication.
l VLAN policy: allows user traffic of different types in a VPN to be distinguished and
scheduled on the backbone network. This provides better quality of service (QoS) for
users.
l Link-type Negotiation Protocol (LNP): dynamically negotiates the link type of an
Ethernet interface. The negotiated link type can be access or trunk.
l VLAN Central Management Protocol (VCMP): runs on all Layer 2 devices. In a VCMP
domain, a server the creation, deletion, or modification of VLAN information. Each
time VLAN information is changed, the server sends VCMP packets to clients in the
same VCMP domain as the server so that the clients can update their VLAN information.
Port-based VLAN Division
Ports on Layer 2 switches can be added to a specific VLAN to forward frames of the VLAN.
PCs in the VLAN can directly communicate with each other, whereas PCs in different VLANs
cannot directly communicate with each other. With port-based VLAN division, broadcast
packets can be forwarded only within a single VLAN.
To classify VLANs based on ports, you need to add ports on Layer 2 switches to VLANs. Portbased VLAN classification is applicable to large-scale and topology-stable networks.
Inter-VLAN Communication
After VLANs are configured, users in the same VLAN can communicate with each other. Users
in different VLANs cannot directly communicate with each other. Table 4-2 lists the schemes
for inter-VLAN communication.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
243
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Table 4-2 Schemes for inter-VLAN communication
Inter-VLAN
Communica
tion Scheme
Advantage
Disadvantage
Usage Scenario
Sub-interface
After sub-interfaces are
configured, users in
different VLANs and
network segments can
communicate with
each other as long as
routes are reachable.
l Both Layer 2 and
Layer 3 devices are
required, which
increases
expenditure.
This scheme is
applicable to smallscale networks on
which users belong to
different network
segments.
After VLANIF
interfaces are
configured, users in
different VLANs and
network segments can
communicate with
each other as long as
routes are reachable.
If multiple users on a
network belong to
different VLANs, each
VLAN requires a
VLANIF interface.
Each VLANIF interface
needs to be assigned an
IP address. This
increases the
configuration workload
and requires a lot of IP
addresses.
This scheme is
applicable to smallscale networks on
which users belong to
different network
segments and IP
addresses of these
users are seldom
changed.
IP addresses of users in
different VLANs must
belong to the same
network segment.
This scheme is
applicable to largescale networks on
which multiple users
belong to one network
segment.
VLANIF
interface
Inter-VLAN
communication can
also be implemented by
Layer 3 switches if
routes are reachable.
This scheme reduces
the operating costs.
VLAN
mapping
Issue 02 (2014-09-30)
This scheme is easily
configured and does
not rely on routes.
l If multiple users on a
network belong to
different VLANs,
each VLAN requires
a sub-interface on a
Layer 3 device. Each
sub-interface needs
to be assigned an IP
address. This
increases
configuration
workload and
requires a large
number of IP
addresses.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
If traffic is forwarded
mainly at Layer 3, use
sub-interfaces.
If a large number of
VLANs are configured
and both Layer 2 and
Layer 3 forwarding of
packets are involved,
use VLANIF
interfaces.
244
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
VLAN Security Deployment
Table 4-3 lists the schemes that can be deployed to ensure reliable transmission of VLAN data.
Table 4-3 Security schemes for VLANs
Issue 02 (2014-09-30)
Securit
y
Schem
e
Description
Advantage
Disadvantage
Usage
Scenario
Disabli
ng a
port
from
broadca
sting
packets
to other
ports in
the
same
VLAN
If a port in a
VLAN receives
broadcast or
unknown unicast
packets, it will
broadcast the
packets to other
ports in the
VLAN. If the
broadcast or
unknown unicast
packets are attack
packets, system
resources are
wasted and device
performance
deteriorates or
even the device
malfunctions.
Disabling the port
from broadcasting
packets to other
ports in the VLAN
prevents such
malicious attacks.
-
-
This security
scheme is
applicable to
topology-stable
networks or
networks on
which MAC
addresses are
configured and
forwarding
paths are
specified.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
245
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Securit
y
Schem
e
Description
Advantage
Disadvantage
Usage
Scenario
Disabli
ng
MAC
address
learning
in a
VLAN
l If a device has
only one
inbound port
and one
outbound port,
MAC address
learning in a
VLAN can be
disabled.
l MAC address
entries are
saved.
This security scheme
requires that the
network has fixed
users and forwarding
paths have been
established by using
dynamic MAC
address learning or
by manually
configuring MAC
addresses.
This security
scheme is
applicable to
topology-stable
networks or
networks on
which MAC
addresses are
configured and
forwarding
paths are
specified.
l This security
scheme is
applicable to
networks that
do not provide
access for new
users.
l Security is
enhanced
because new
users are not
allowed to
access the
network.
If a large number of
users are connected
to a switch, each user
needs to be
configured a static
forwarding path.
This imposes a heavy
configuration burden
on network
administrators.
This security scheme
prohibits new users
from accessing the
network.
Enablin
g
flexible
MAC
address
learning
in a
VLAN
If a device has
only one inbound
port and one
outbound port,
enabling flexible
MAC address
learning saves
MAC address
entries.
This security
scheme saves
MAC address
entries while
allowing new
users to access the
network.
Malicious users may
access the network
and the system learns
the MAC addresses
of these users, which
weakens the network
security.
This security
scheme is
applicable to all
Layer 2
networks.
When a new user
connects to the
device, MAC
address learning is
automatically
enabled.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
246
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
VLAN Policy-based VPN Access
On a Metro Ethernet (ME) network, devices use VLAN IDs to identify services or user package
flows before sending them to various Virtual Switching Instances (VSIs), Virtual Leased Lines
(VLLs), or Virtual Private Network (VPN) instances. In some scenarios (such as multiple users
or services sharing one VLAN), services or user package flows cannot be distinguished by
merely using VLAN IDs. To prevent this problem, you can configure a VLAN policy that uses
combinations of VLAN IDs and traffic priorities to distinguish services or user package flows.
Table 4-4 shows VLAN policies.
Table 4-4 VLAN policies
VLAN
Policy
Description
VLAN
+802.1p
VLAN IDs and 802.1p priority values in frames are used to distinguish users
or services.
This policy implements access to L2VPNs or L3VPNs.
VLAN
+DSCP
VLAN IDs and DSCP priority values in packets are used to distinguish users
or services.
This policy implements access to L2VPNs or L3VPNs.
VLAN
+EthType
VLAN IDs and EthType values in frames are used to distinguish users or
services.
This policy implements access only to L2VPNs.
Port Isolation in a VLAN
The NE80E/40E supports port isolation in a VLAN. A group of ports can be isolated in the
VLAN.
For port-based isolation in a VLAN, the isolated ports cannot communicate with each other at
the data link layer. To enable communication between the ports, ARP proxy in the VLAN must
be configured for the isolated ports. In this way, traffic in the VLAN can be monitored at the
network layer.
For isolation based on port groups in a VLAN, you can isolate the packets between port groups
by adding ports to different port groups. The ports in the same isolated port group can
communicate with each other and with the ports that are not added to an isolated port group.
The isolation based on port groups supports the flexible planning of a VLAN and is applied
mainly on the RRPP network. A VLAN involves multiple RRPP rings. The ports on different
RRPP rings can be added to different port groups to avoid broadcast storms.
Ethernet Loop Detection for a VLAN
To avoid the impact of single points of failures, user networks are connected to the VLAN
network of a carrier through redundant links. The redundant links, however, may lead to loops,
which further cause broadcast storms. In networking applications, you can deploy the Spanning
Tree Protocol (STP) or common loopback detection technologies to avoid the preceding
problems. In practice, however, STP should be deployed at the user side, and the common
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
247
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
loopback detection technology requires that devices at the user side allow special Layer 2
loopback detection packets to pass through. When modifications cannot be made to the user
networks, you can deploy Ethernet loop detection supported by the NE80E/40E over the carrier
network. Ethernet loop detection does not need to be deployed at the user side. This also avoids
the broadcast storm caused by loops formed in a VLAN network.
4.2 Configuring a VLAN Based on Ports
Configuring a VLAN based on ports allows PCs in the VLAN to communicate with each other.
4.2.1 Before You Start
Before configuring a VLAN based on ports, familiarize yourself with the usage scenario,
complete the pre-configuration tasks, and obtain the data required for the configuration.
Applicable Environment
A company has multiple departments located in different buildings. For service security, it is
required that employees in one department be able to communicate with each other, whereas
employees in different departments be prohibited from communicating with each other. Devices
on the network shown in Figure 4-5 are configured as follows:
l
Add ports connecting switches to PCs of the financial department to VLAN 5 and ports
connecting switches to PCs of the marketing department to VLAN 9. This configuration
prevents employees in financial and marketing departments from communicating with each
other.
l
Configure links between switches and router as trunk links to allow frames from VLAN 5
and VLAN 9 to pass through, allowing employees of the same department but different
buildings to communicate with each other.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
248
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Figure 4-5 Networking diagram for configuring a VLAN Based on Ports
network
CE1
VLAN 5
Finance
Department
PE
GE1/0/1
GE1/0/1
GE1/0/1
GE1/0/2
Trunk ( VLAN 5 VLAN 9 )
VLAN 9
Marketing
Department
CE2
VLAN 5
Finance
Department
VLAN 9
Marketing
Department
Pre-configuration Tasks
Before configuring a VLAN based on ports, connect ports and configuring physical parameters
of the ports, ensuring that the ports are physically Up.
Data Preparation
To configure a VLAN based on ports, you need the following data.
No.
Data
1
ID of a VLAN
2
Number of each Ethernet port to be added to the VLAN
3
Type and priority of each Ethernet port
4.2.2 Creating a VLAN
Creating a VLAN isolates PCs that do not need to communicate with each other. This improves
network security, reduces broadcast traffic, and prevents broadcast storms.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
249
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
vlan vlan-id
A VLAN is created, and the VLAN view is displayed. If the specified VLAN has been created,
the VLAN view is directly displayed.
By default, the VLAN ID is 0.
The VLAN ID ranges from 1 to 4094. If VLANs need to be created in batches, you can run the
vlan batch command to create VLANs in batches, and then run the vlan vlan-id command to
enter the view of a specified VLAN.
NOTE
If a device is configured with multiple VLANs, do as follows to configure a name for each VLAN:
Run the name vlan-name command in the VLAN view. After a VLAN name is configured, you can run
the vlan vlan-name vlan-name command in the system view to enter the corresponding VLAN view.
----End
4.2.3 Configuring the Type of a Layer 2 Ethernet Port
On a Layer 2 switching device, some ports identify frames with VLAN tags, whereas the others
do not. Configure ports types for Layer 2 Ethernet ports as needed.
Context
Table 4-5 lists Layer 2 Ethernet port types.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
250
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Table 4-5 Port types
Port
Type
Method of
Processing
Received Untagged
Frames
Method of
Processing
Received
Tagged
Frames
Method of
Sending
Frames
Application
Access
port
Accepts an untagged
frame and adds a tag
with the default
VLAN ID to the
frame.
l Accepts a
tagged frame
if the port
permits the
VLAN ID
carried in the
frame.
Removes the tag
from a frame and
sends the frame.
An access port
connects a
switch to a PC
and can be added
to only one
VLAN.
Directly sends a
received frame if
the VLAN ID
carried in the
frame is
permitted by the
port.
A trunk port can
be added to
multiple VLANs
to send and
receive frames
for these
VLANs. A trunk
port connects a
switch to
another switch
or to a router.
Sends a received
frame if the port
permits the
VLAN ID carried
in the frame.
A hybrid port
can be added to
multiple VLANs
to send and
receive frames
for these
VLANs. A
hybrid port can
connect a switch
to a PC or
connect a
network device
to another
network device.
l Discards a
tagged frame
if the port
denies the
VLAN ID
carried in the
frame.
Trunk
port
Hybrid
port
Discards the frame.
l Adds a tag with the
default VLAN ID
to an untagged
frame and accepts
the frame if the
port permits the
default VLAN ID.
l Accepts a
tagged frame
if the port
permits the
VLAN ID
carried in the
frame.
l Discards a
tagged frame
if the port
denies the
VLAN ID
carried in the
frame.
l By default, on
VLAN is
configured on the
interface. The
frames are
discarded directly.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
251
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Port
Type
Method of
Processing
Received Untagged
Frames
Method of
Processing
Received
Tagged
Frames
Method of
Sending
Frames
Application
QinQ
port
QinQ ports are enabled with the IEEE 802.1QinQ protocol. A QinQ port adds a
tag to a single-tagged frame, and therefore supports a maximum of 4094 x 4094
VLAN tags, which meets the requirement of a Metropolitan Area Network (MAN)
for the number of VLANs.
For details about QinQ, see 5 QinQ Configuration.
Perform the following steps on the PE.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The view of a Layer 3 Ethernet interface to be added to a VLAN is displayed.
Step 3 Run:
portswitch
The Layer 3 interface is switched to the Layer 2 mode.
l If an interface is borrowing the IP address of an Ethernet, a GE, or an Eth-Trunk, the
portswitch command cannot be run on the Ethernet, GE, or Eth-Trunk.
l If the Ethernet, GE, or Eth-Trunk has any Layer 3 configuration, the portswitch command
cannot be run on the interface. Before running the portswitch command on the interface,
clear all Layer 3 configurations on the interface.
Step 4 Run:
port link-type trunk
The port type is configured.
By default, the port type is hybrid.
----End
4.2.4 Adding a Port to a VLAN
Adding a port to a VLAN associates the port with the VLAN.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
252
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Context
l
A port connecting a switch to a PC must be configured as an access or a hybrid port.
The port trunk allow-pass vlan command is invalid on access ports.
l
A port connecting one switch to another must be configured as a trunk or hybrid port.
The port default vlan command cannot be used on trunk ports.
Procedure
l
Add an Ethernet port to a VLAN in the port view.
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface interface-type interface-number
The view of a Layer 2 Ethernet interface to be added to a VLAN is displayed.
3.
Run:
port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }
To add a port to a VLAN in tagged mode.
l
Add an Ethernet port to a VLAN in the VLAN view.
1.
Run:
system-view
The system view is displayed.
2.
Run:
vlan vlan-id
The view of the created VLAN is displayed.
3.
Run:
port interface-type { interface-number1 [ to interface-number2 ] } &<1-10>
A port or a group of ports are added to a VLAN.
NOTE
The input port format must be correct. The port number following to must be greater than the
port number before to. If a group of ports are specified, ensure that these ports are of the same
type and all specified ports exist.
In one port command, a maximum of 10 groups of ports can be specified by using to.
----End
4.2.5 Checking the Configurations
After VLANs are configured based on ports, you can view the number of created VLANs and
VLAN types.
Prerequisites
Port-based VLAN division has been configured.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
253
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Procedure
Step 1 Run the display vlan [ vlan-id [ verbose ] ] command to check VLAN information.
----End
Example
Run the display vlan command. The command output shows the number of created VLANs on
the device and information about VLANs such as VLAN types. For example:
<HUAWEI> display vlan
The total number of vlans is : 6
VLAN ID
Type
Status
MAC Learning
Broadcast/Multicast/Unicast
Property
--------------------------------------------------------------------------------1
sub
enable
enable
forward
forward
forward
default
2
super
enable
enable
forward
forward
forward
default
3
sub
enable
enable
forward
forward
forward
default
4
common
enable
enable
forward
forward
forward
default
5
common
enable
enable
forward
forward
forward
default
10
common
enable
disable
discard
discard
discard
backboneVLAN
4.3 Configuring a VLANIF Interface
VLANIF interfaces are Layer 3 logical interfaces. After creating VLANIF interfaces on Layer
2 devices, you can configure Layer 3 features on these interfaces.
4.3.1 Before You Start
Before creating a VLANIF interface, familiarize yourself with the usage scenario, complete the
pre-configuration tasks, and obtain the data required for the configuration.
Applicable Environment
Layer 3 switching combines routing and switching techniques to implement routing on a switch,
therefore improving the overall network performance. After sending the first data flow, a Layer
3 switch generates mappings between MAC addresses and IP addresses. To send the same data
flow, the switch directly sends the data flow at Layer 2 but not Layer 3 based on this mapping
table.
To allow that new data flows are correctly forwarded based on the routing table, be sure that the
routing table's routing entries are correct. Therefore, VLANIF interfaces and routing protocols
must be configured on Layer 3 switches for reachable Layer 3 routes.
Pre-configuration Tasks
Before creating a VLANIF interface, create a VLAN.
Data Preparation
To create a VLANIF interface, you need to the following data.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
254
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
No.
Data
1
VLAN ID and VLAN name
2
IP address to be assigned to the VLANIF interface
3
(Optional) Delay after which the VLANIF interface goes Down
4
(Optional) Bandwidth of the VLANIF interface
4.3.2 Creating a VLANIF Interface
Before configure Layer 3 features on a Layer 2 device, you must create a VLANIF interface on
the device.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface vlanif vlan-id
A VLANIF interface is created and the VLAIF interface view is displayed.
The VLAN ID specified in this command must be the ID of an existing VLAN.
NOTE
A VLANIF interface is Up only when at least one physical port added to the corresponding VLAN is Up.
----End
4.3.3 Assigning an IP Address to a VLANIF Interface
As a VLANIF interface is a Layer 3 logical interface, it can communicate with other interfaces
at the network layer only after being assigned an IP address.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface vlanif vlan-id
The VLANIF interface view is displayed.
The VLAN ID specified in this command must be the ID of an existing VLAN.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
255
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Step 3 Run:
ip address ip-address { mask | mask-length } [ sub ]
An IP address is assigned to the VLANIF interface for communication at the network layer.
NOTE
If IP addresses assigned to VLANIF interfaces on a Layer 3 device belong to different network segments,
a routing protocol must be configured on the Layer 3 switch to provide reachable routes. Otherwise,
VLANIF interfaces cannot communicate with each other at the network layer. For configurations of routing
protocols, see the NE80E/40E Configuration Guide - IP Routing.
----End
Follow-up Procedure
If you do not want users in a VLAN to communicate with users in another VLAN through a
VLANIF interface, run the shutdown command in the VLANIF interface view. In this situation,
the users in the same VLAN can still communicate with each other.
Traffic on a VLANIF interface includes Layer 2 and Layer 3 traffic. If you run the shutdown
command in the VLANIF interface view, only Layer 3 traffic on the VLANIF interface is shut
down. In this case, if you run the display interface vlanif command for several times, the
command outputs show that the traffic on the VLANIF interface increases.
To shut down all traffic on a VLANIF interface, run the shutdown vlan command in the VLAN
view.
4.3.4 (Optional) Setting a Delay After Which a VLANIF Interface
Goes Down
Setting a delay after which a VLANIF interface goes Down prevents network flapping caused
by changes of VLANIF interface status. This function is also called VLAN damping.
Context
If a VLAN goes Down because all ports in the VLAN go Down, the system immediately reports
the VLAN Down event to the corresponding VLANIF interface, instructing the VLANIF
interface to go Down.
To prevent network flapping caused by changes of VLANIF interface status, enable VLAN
damping on the VLANIF interface. After the last Up port in a VLAN goes Down, the system
starts a delay timer and informs the corresponding VLANIF interface of the VLAN Down event
after the timer expires. If a port in the VLAN goes Up during the delay period, the VLANIF
interface remains Up.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface vlanif vlan-id
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
256
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
The VLANIF interface view is displayed.
The VLAN ID specified in this command must be the ID of an existing VLAN.
Step 3 Run:
damping time delay-time
The delay for VLAN damping is set.
The delay-time value ranges from 0 to 20, in seconds. By default, the value is 0 seconds,
indicating that VLAN damping is disabled.
----End
4.3.5 (Optional) Configuring Bandwidth for a VLANIF Interface
After configuring bandwidth for VLANIF interfaces, you can use the NMS to query the
bandwidth. This facilitates traffic monitoring.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface vlanif vlan-id
The VLANIF interface view is displayed.
The VLAN ID specified in this command must be the ID of an existing VLAN.
Step 3 Run:
bandwidth bandwidth
The VLANIF interface is configured with bandwidth.
By default, the bandwidth of a VLANIF interface is 1000 Mbit/s.
----End
4.3.6 Checking the Configurations
After a VLANIF interface is configured for communication at the network layer, you can check
the IP address and status of a specified VLANIF interface.
Prerequisites
A VLANIF interface has been configured.
Procedure
l
Run the display interface vlanif [ vlan-id | main ] command to check the physical status,
link protocol status, description, and IP address of the VLANIF interface.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
257
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Example
Run the display interface vlanif command. The command output shows the physical status,
link protocol status, IP address, and mask of a VLANIF interface. For example:
<HUAWEI> display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Vlanif10 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 10.1.1.1/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-d526-ab00
Physical is VLANIF
Current system time: 2010-07-01 14:37:11-08:00
Statistics last cleared: never
Last 300 seconds input rate 941 bits/sec, 2 packets/sec
Last 300 seconds output rate 968 bits/sec, 3 packets/sec
Realtime 29 seconds input rate 0 bits/sec, 0 packets/sec
Realtime 29 seconds output rate 0 bits/sec, 0 packets/sec
Input: 827 packets,0 bytes
410 unicast,417 broadcast,0 multicast
0 errors,0 drops
Output:819 packets,0 bytes
402 unicast,417 broadcast,0 multicast
0 errors,0 drops
Last 300 seconds input utility rate: -Last 300 seconds output utility rate: --
4.4 Configuring Inter-VLAN Communication
Configuring inter-VLAN communication allows users in different VLANs to communicate with
each other. Currently, the NE80E/40E supports several inter-VLAN communication schemes.
Choose one of them as required.
4.4.1 Before You Start
Before configuring inter-VLAN communication, familiarize yourself with the usage scenario,
complete the pre-configuration tasks, and obtain the data required for the configuration.
Applicable Environment
Currently, schemes listed in Table 4-6 are provided for inter-VLAN communication. You can
choose one of them based on the real world situation.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
258
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Table 4-6 Schemes for inter-VLAN communication
Inter-VLAN
Communica
tion Scheme
Advantage
Disadvantage
Usage Scenario
Sub-interface
After sub-interfaces are
configured, users in
different VLANs and
network segments can
communicate with
each other as long as
routes are reachable.
l Both Layer 2 and
Layer 3 devices are
required, which
increases
expenditure.
This scheme is
applicable to smallscale networks on
which users belong to
different network
segments.
After VLANIF
interfaces are
configured, users in
different VLANs and
network segments can
communicate with
each other as long as
routes are reachable.
If multiple users on a
network belong to
different VLANs, each
VLAN requires a
VLANIF interface.
Each VLANIF interface
needs to be assigned an
IP address. This
increases the
configuration workload
and requires a lot of IP
addresses.
This scheme is
applicable to smallscale networks on
which users belong to
different network
segments and IP
addresses of these
users are seldom
changed.
IP addresses of users in
different VLANs must
belong to the same
network segment.
This scheme is
applicable to largescale networks on
which multiple users
belong to one network
segment.
VLANIF
interface
Inter-VLAN
communication can
also be implemented by
Layer 3 switches if
routes are reachable.
This scheme reduces
the operating costs.
VLAN
mapping
Issue 02 (2014-09-30)
This scheme is easily
configured and does
not rely on routes.
l If multiple users on a
network belong to
different VLANs,
each VLAN requires
a sub-interface on a
Layer 3 device. Each
sub-interface needs
to be assigned an IP
address. This
increases
configuration
workload and
requires a large
number of IP
addresses.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
If traffic is forwarded
mainly at Layer 3, use
sub-interfaces.
If a large number of
VLANs are configured
and both Layer 2 and
Layer 3 forwarding of
packets are involved,
use VLANIF
interfaces.
259
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Pre-configuration Tasks
Before configuring inter-VLAN communication, create VLANs.
Data Preparation
To configure inter-VLAN communication, you need the following data.
No.
Data
1
Number of each Ethernet sub-interface, IP address and mask of the sub-interface,
and VLAN ID associated with the sub-interface
2
VLAN ID, VLANIF interface number, IP address and mask of the VLANIF
interface, and (optional) bandwidth of the VLANIF interface
3
(Optional) Port type, VLAN ID before mapping, and VLAN ID after mapping
4.4.2 Configuring Sub-interfaces for Inter-VLAN Communication
If users belong to different VLANs and reside on different network segments, sub-interfaces can
be created on a router and assigned IP addresses to allow these users to communicate with each
other at the network layer.
Context
During communication at the data link layer on a LAN, source MAC addresses identify where
data comes from, and destination MAC addresses guide data to destinations. If the source and
destination PCs reside on different network segments, a Layer 2 network is unable to send data
from the source to the destination. In this case, data has to be forwarded at the network layer 3.
After the default gateway address of the switch is specified as the IP address of the router, the
switch sends data that needs to be forwarded at the network layer to the router. After receiving
a packet, the router searches its routing table according to the destination address in the packet.
If the router finds a matching route in the routing table, the router directly forwards the packet
to another network segment. If the router does not find any matching route, it discards the packet.
On the network shown in Figure 4-6, VLANs 2 to n belong to different network segments. To
allow users in VLANs 2 to n to communicate with each other, you can create a sub-interface on
the router for each VLAN and assign an IP address to each sub-interface. After VLANs are
configured, the switch is logically divided into n parts. Accordingly, the router must have n
logical interfaces corresponding to n VLANs. The detailed implementation process is as follows:
1.
A PC in VLAN 2 checks the destination IP address and finds that the destination PC in
VLAN n is on a different network segment.
2.
The PC in VLAN 2 sends an ARP request. After receiving the request, the router considers
itself the destination, translates its MAC address into an IP address, and sends an ARP reply
to the PC in VLAN 2.
3.
After receiving data from the PC in VLAN 2, the Layer 2 switch adds a VLAN tag to the
data and searches the MAC address table for an outbound port.
4.
The router receives the frame and sends it to sub-interface 2.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
260
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
5.
Sub-interface 2 removes the VLAN tag from the frame, searches for an ARP entry based
on the IP address in the IP header, and forwards the packet at the network layer.
6.
Sub-interface n receives the packet, reencapsulates the packet with the VLAN ID of n and
the destination MAC address of the MAC address of the destination PC, and sends the
frame.
7.
After receiving the frame, the Layer 2 switch searches the MAC address table for the
destination MAC address based on the VLAN ID carried in the packet to determine the
outbound port.
8.
The PC in VLAN n receives the frame from VLAN 2.
If a PC in VLAN n sends a packet to a PC in VLAN 2, the process is similar and not
described in this document.
Figure 4-6 Networking diagram for configuring sub-interfaces for inter-VLAN communication
Router
Subinterface1
IP Address:x.x.x.x/x
Subinterface2
IP Address:x.x.x.x/x
Trunk
Switch
Access port
VLAN2
VLANn
-
On the network shown in Figure 4-6, downstream ports on the switch are separately added to
VLAN 2 to VLAN n. The configuration roadmap for communication between these VLANs is
as follows:
1.
Create n-1 sub-interfaces on the Etherent interface connecting the router to the switch.
2.
The sub-interface is associated with a VLAN.
3.
Assign an IP address to each sub-interface for communication at the network layer.
4.
Configure the port connecting the switch to the router as a trunk or hybrid port to allow
frames with VLAN IDs from 2 to n to pass through.
NOTE
The default gateway address of each PC in a VLAN must be the IP address of the corresponding subinterface. Otherwise, inter-VLAN communication fails.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
261
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Procedure
l
Perform the following steps on the router:
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface { ethernet | gigabitethernet } interface-number.subinterfacenumber
An Ethernet sub-interface is created and the view of the Ethernet sub-interface is
displayed.
The Ethernet interface in this step is the interface connecting the router to the switch.
3.
Run:
vlan-type dot1q vlan-id
The sub-interface is associated with a VLAN.
NOTE
Sub-interfaces of different interfaces can be associated with the same VLAN; sub-interfaces
of one interface cannot be associated with the same VLAN.
4.
Run:
ip address ip-address { mask | mask-length } [ sub ]
An IP address is assigned to the sub-interface for communication at the network layer.
l
Perform the following steps on the switch:
Configure VLANs. For details, see 4.2 Configuring a VLAN Based on Ports.
----End
4.4.3 Configuring VLANIF Interfaces for Inter-VLAN
Communication
Configuring VLANIF interfaces for inter-VLAN communication saves expenditure and helps
implement fast forwarding.
Context
VLAIF interfaces are Layer 3 logical interfaces. After being assigned IP addresses, VLANIF
interfaces are able to communicate at the network layer. Layer 3 switches and routers can be
configured with VLANIF interfaces.
By using VLANIF interfaces to implement inter-VLAN communication, you need to configure
a VLANIF interface for each VLAN and assign an IP address to each VLANIF interface. The
communication process by using VLANIF interfaces is similar to that by using sub-interfaces.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
262
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Figure 4-7 Networking diagram for configuring VLANIF interfaces for inter-VLAN
communication
PE
VLANIF2
VLANIFn
CE1
VLAN2
CE2
VLANn
NOTE
The default gateway address of each PC in a VLAN must be the IP address of the corresponding VLANIF
interface. Otherwise, inter-VLAN communication will fail.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface vlanif vlan-id
A VLANIF interface is created and the VLAIF interface view is displayed.
The VLAN ID specified in this command must be the ID of an existing VLAN.
NOTE
A VLANIF interface is Up only when at least one physical port added to the corresponding VLAN is Up.
Step 3 Run:
ip address ip-address { mask | mask-length } [ sub ]
An IP address is assigned to the VLANIF interface.
VLANIF interfaces must belong to different network segments.
----End
4.4.4 Configuring VLAN Mapping for Inter-VLAN Communication
The configuration of VLAN mapping is simple and independent of Layer 3 routing.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
263
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Context
VLAN mapping is also called VLAN translation. With VLAN mapping, a switch maps the
VLAN tag of a frame to another VLAN tag after receiving the frame and before sending the
frame. On the network shown in Figure 4-8, ports connecting CE 1 to users are added to VLAN
2 and ports connecting CE 2 to users are added to VLAN 3. To allow users in VLAN 2 and
VLAN 3 to communicate with each other, configure VLAN mapping on GE 1/0/1 connecting
CE 1 to CE 2.
l
Before sending a frame to VLAN 3, GE 1/0/1 on CE 1 replaces the VLAN ID 2 in the frame
with the VLAN ID 3.
l
After receiving a frame from VLAN 3, GE 1/0/1 on CE 1 replaces the VLAN ID 3 in the
frame with the VLAN ID 2.
Figure 4-8 Networking diagram for configuring VLAN mapping for inter-VLAN
communication
VLAN2
VLAN3
2
CE1
3
GE1/0/1
2
2
172.16.0.1/16
3
CE2
3
3
172.16.0.7/16
NOTE
Before configuring VLAN mapping to allow PCs in two VLANs to communicate, IP addresses of the PCs
must belong to the same network segment. Otherwise, devices in different VLANs must communicate with
each other at the network layer. In this case, VLAN mapping does not make sense.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Add ports connecting CE 1 and CE 2 to users to separate VLANs.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
264
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Configure VLANs. For details, see 4.2 Configuring a VLAN Based on Ports.
Step 3 Configure the Layer 2 port type.
1.
Run the interface interface-ytpe interface-number command to enter the view of an
Ethernet port to be configured with VLAN mapping.
2.
Run the port link-type trunk command to configure the Layer 2 Ethernet port as a trunk
port.
By default, the port type is hybrid.
Step 4 Run:
port vlan-mapping vlan vlan-id1 [ to vlan-id2 ] map-vlan vlan-id3
VLAN mapping is configured to change the outer VLAN tag to vlan-id3.
By default, VLAN mapping is disabled on ports.
Step 5 Run the port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all } command to
specify the VLAN IDs. Frames carrying these VLAN IDs can pass through the port configured
with VLAN mapping.
The VLAN ID specified in this command must be private VLAN IDs but not public VLAN IDs.
----End
4.4.5 Checking the Configurations
After inter-VLAN communication is configured, you can check whether users in different
VLANs can communicate with each other and check information about VLANs to which users
belong.
Prerequisites
Inter-VLAN communication has been configured.
Procedure
l
Run the ping [ ip ] [ -a source-ip-address | -c count | -d | -f | -h ttl-value | -i interfacetype interface-number | -m time | -n | -p pattern | -q | -r | -s packetsize | -system-time | -t
timeout | -tos tos-value | -v | -vpn-instance vpn-instance-name ] * host command to check
whether users in different VLANs can communicate with each other.
If the ping fails, you can run the following commands to locate the fault:
– Run the display vlan [ vlan-id [ verbose ] ] command to check information about all
VLANs or a specified VLAN.
– Run the display interface vlanif [ vlan-id | main ] command to check information about
VLANIF interfaces.
Before running this command, ensure that VLANIF interfaces have been configured.
– If VLAN aggregation is configured, run the following commands:
– Run the display super-vlan [ vlan-id ] command to check sub-VLANs contained
in a super-VLAN.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
265
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
– Run the display sub-vlan [ vlan-id ] command to check mappings between subVLANs and super-VLANs.
----End
Example
Check whether the PC at 10.1.1.2 is reachable.
<HUAWEI> ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=2
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=1
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=1
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=1
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=1
--- 10.1.1.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/2 ms
ms
ms
ms
ms
ms
If the ping fails, you can run the following commands to locate the fault:
l
Run the display vlan command. The command output shows the VLAN ID, VLAN type,
and VLAN status. For example:
<HUAWEI> display vlan
The total number of vlans is : 3
VLAN ID Type
Status
MAC Learning Broadcast/Multicast/Unicast
Property
------------------------------------------------------------------------------10
common
enable
enable
forward
forward
forward default
20
common
enable
enable
forward
forward
forward default
30
*common
enable
enable
forward
forward
forward default
l
Run the display interface vlanif command. The command output shows the physical
status, link protocol status, IP address, and mask of a VLANIF interface. For example:
<HUAWEI> display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Vlanif10 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 10.1.1.1/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-d526ab00
Physical is VLANIF
Current system time: 2010-07-01 14:37:11-08:00
Statistics last cleared: never
Last 300 seconds input rate 941 bits/sec, 2 packets/sec
Last 300 seconds output rate 968 bits/sec, 3 packets/sec
Realtime 29 seconds input rate 0 bits/sec, 0 packets/sec
Realtime 29 seconds output rate 0 bits/sec, 0 packets/sec
Input: 827 packets,0 bytes
410 unicast,417 broadcast,0 multicast
0 errors,0 drops
Output:819 packets,0 bytes
402 unicast,417 broadcast,0 multicast
0 errors,0 drops
Last 300 seconds input utility rate: -Last 300 seconds output utility rate: --
l
Issue 02 (2014-09-30)
Run the display sub-vlan command. The command output shows the VLAN ID of each
sub-VLAN and the VLAN ID of each super-VLAN to which a sub-VLAN belongs.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
266
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
<HUAWEI> display sub-vlan
VLAN ID
Super-vlan
----------------------------10
40
20
40
30
40
l
Run the display super-vlan command. The command output shows the VLAN ID of each
sub-VLAN and the VLAN ID of each super-VLAN to which a sub-VLAN belongs.
<HUAWEI> display super-vlan
VLAN ID
Sub-vlan
-------------------------40
10 20 30
4.5 Configuring VLAN Security Attributes
Configuring VLAN security attributes ensures reliable transmission of user package. Currently,
the NE80E/40E supports several security attributes. You can configure security attributes as
required.
4.5.1 Before You Start
Before configuring VLAN security attributes, familiarize yourself with the usage scenario,
complete the pre-configuration tasks, and obtain the data required for the configuration.
Applicable Environment
Table 4-7 lists VLAN security attribute schemes.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
267
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Table 4-7 Security schemes for VLANs
Issue 02 (2014-09-30)
Securit
y
Schem
e
Description
Advantage
Disadvantage
Usage
Scenario
Disabli
ng a
port
from
broadca
sting
packets
to other
ports in
the
same
VLAN
If a port in a
VLAN receives
broadcast or
unknown unicast
packets, it will
broadcast the
packets to other
ports in the
VLAN. If the
broadcast or
unknown unicast
packets are attack
packets, system
resources are
wasted and device
performance
deteriorates or
even the device
malfunctions.
Disabling the port
from broadcasting
packets to other
ports in the VLAN
prevents such
malicious attacks.
-
-
This security
scheme is
applicable to
topology-stable
networks or
networks on
which MAC
addresses are
configured and
forwarding
paths are
specified.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
268
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Securit
y
Schem
e
Description
Advantage
Disadvantage
Usage
Scenario
Disabli
ng
MAC
address
learning
in a
VLAN
l If a device has
only one
inbound port
and one
outbound port,
MAC address
learning in a
VLAN can be
disabled.
l MAC address
entries are
saved.
This security scheme
requires that the
network has fixed
users and forwarding
paths have been
established by using
dynamic MAC
address learning or
by manually
configuring MAC
addresses.
This security
scheme is
applicable to
topology-stable
networks or
networks on
which MAC
addresses are
configured and
forwarding
paths are
specified.
l This security
scheme is
applicable to
networks that
do not provide
access for new
users.
l Security is
enhanced
because new
users are not
allowed to
access the
network.
If a large number of
users are connected
to a switch, each user
needs to be
configured a static
forwarding path.
This imposes a heavy
configuration burden
on network
administrators.
This security scheme
prohibits new users
from accessing the
network.
Enablin
g
flexible
MAC
address
learning
in a
VLAN
If a device has
only one inbound
port and one
outbound port,
enabling flexible
MAC address
learning saves
MAC address
entries.
This security
scheme saves
MAC address
entries while
allowing new
users to access the
network.
Malicious users may
access the network
and the system learns
the MAC addresses
of these users, which
weakens the network
security.
This security
scheme is
applicable to all
Layer 2
networks.
When a new user
connects to the
device, MAC
address learning is
automatically
enabled.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
269
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Pre-configuration Tasks
Before configuring VLAN security attributes, create VLANs.
Data Preparation
To configure VLAN security attributes, you need the following data.
No.
Data
1
VLAN ID and (optional) VLAN name
4.5.2 Disabling a Port from Broadcasting Packets to Other Ports in
the Same VLAN
Disabling a port from broadcasting packets to other ports in the same VLAN prevents malicious
attacks and improves network security.
Context
If a port in a VLAN receives broadcast or unknown unicast packets, it will broadcast the packets
to other ports in the VLAN. If the broadcast or unknown unicast packets are attack packets,
system resources are wasted and device performance deteriorates or even the device
malfunctions. Disabling the port from broadcasting packets to other ports in the VLAN prevents
such malicious attacks.
This security scheme is applicable to topology-stable networks or networks on which MAC
addresses are configured and forwarding paths are specified.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
vlan vlan-id
The VLAN view is displayed.
NOTE
If a device is configured with multiple VLANs, do as follows to configure a name for each VLAN:
Run the name vlan-name command in the VLAN view. After a VLAN name is configured, you can run
the vlan vlan-name vlan-name command in the system view to enter the corresponding VLAN view.
Step 3 Run:
broadcast discard
The port is disabled from broadcasting packets to other ports in the same VLAN.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
270
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
By default, a port can broadcast packets to other ports in the same VLAN.
----End
4.5.3 Disabling MAC Address Learning in a VLAN
If a device has only one inbound port and one outbound port, or the network topology is stable,
MAC address learning in a VLAN can be disabled.
Context
A company has multiple departments located in different stories of a building. It is required that
PCs of one department be grouped into a VLAN and PCs in different departments be grouped
into different VLANs.
On the network shown in Figure 4-9, department 1 belongs to VLAN 2; department 2 belongs
to VLAN 3; the public sector belongs to VLAN 10. Users in VLANs 2 and 3 can access VLAN
10. Users in VLAN 2 or 3 can communicate with each other. Users in VLAN 2 cannot
communicate with users in VLAN 3. To reduce the number of MAC address entries saved on
the core switching device and prevent visitors from accessing the company's network, you can
disable MAC address learning in a VLAN on CE 1 and CE 5.
Figure 4-9 Networking diagram for disabling MAC address learning in a VLAN
PE
mac-address
learning disable
mac-address
learning disable
CE1
CE2
S1
S4
S2
S3
Department1 Department2
VLAN2
VLAN3
S5
Department1
VLAN2
Public sector
VLAN 10
Procedure
Step 1 Run:
system-view
The system view is displayed.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
271
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Step 2 Run:
vlan vlan-id
The VLAN view is displayed.
NOTE
If a device is configured with multiple VLANs, do as follows to configure a name for each VLAN:
Run the name vlan-name command in the VLAN view. After a VLAN name is configured, you can run
the vlan vlan-name vlan-name command in the system view to enter the corresponding VLAN view.
Step 3 Run:
mac-address learning disable
MAC address learning in a VLAN is disabled.
By default, MAC address learning is enabled in a VLAN.
----End
Follow-up Procedure
After MAC address learning in a VLAN is disabled, to guarantee high forwarding efficiency,
do as follows:
l
Limit the number of MAC addresses in the MAC address table.
l
Select an action to be taken when the number of MAC addresses exceeds the upper
threshold, such as discard, forward, or alarm.
4.5.4 Enabling Flexible MAC Address Learning in a VLAN
If a Layer 2 switching device enabled with flexible MAC address learning in a VLAN has only
one inbound port and one outbound port, the system automatically disables MAC address
learning to release resources that have been used for MAC address learning.
Context
If the core switching device of a company has only one inbound port and one outbound port,
you can disable MAC address learning in a VLAN to save resources. On the network shown in
Figure 4-10, after MAC address learning in a VLAN is disabled on CE 1, S1 cannot access the
network. This hinders network expansion. To address this problem, you can enable flexible MAC
address learning in a VLAN on CE 1.
After flexible MAC address learning is enabled on CE 1:
l
If CE 1 has only one inbound port and one outbound port, the system automatically disables
MAC address learning to save resources.
l
If CE 1 has multiple inbound or outbound ports, the system automatically enables MAC
address learning.
NOTE
l Newly-added users must be in the VLAN enabled with MAC address learning.
l Any Layer 2 network can be enabled with flexible MAC address learning in a VLAN.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
272
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Figure 4-10 Networking diagram for enabling flexible MAC address learning in a VLAN
PE
PE
mac-learning
smart vlan enable
mac-address
learning disable
CE1
CE1
S1
S1
S2
Department1 Departmentn
VLAN2
VLANn
S2
Department1 Departmentn
VLAN2
VLANn
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
mac-learning smart vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> enable
Flexible MAC address learning is enabled in a VLAN.
By default, flexible MAC address learning is disabled in a VLAN.
----End
4.5.5 (Optional) Disabling an Interface from Sending Unknown
Unicast Packets to Other Interfaces in a VLAN
Prohibiting interfaces in a VLAN from sending unknown unicast packets can effectively guard
against the broadcast of malicious packets within the VLAN.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
273
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Step 2 Run:
vlan vlan-id
A VLAN is created and the VLAN view is displayed.
Step 3 Run:
unknown-unicast discard [ mac-learning ]
The interfaces in the VLAN are configured to discard unknown unicast packets.
When an interface in a VLAN receives an unknown unicast packet, the interface broadcasts the
packet in the VLAN by default. When the discarding of unknown unicast packets is configured,
you can forbid interfaces in a VLAN to forward unknown unicast packets to restrict broadcast
of malicious packets.
If mac-learning is configured, the interfaces in the VLAN can learn the source MAC addresses
of the received unknown unicast packets when discarding the packets.
----End
4.5.6 Checking the Configurations
After VLAN security attributes are configured, you can check whether a VLAN is enabled with
the broadcast function and the MAC address learning function.
Prerequisites
VLAN security attributes have been configured.
Procedure
l
Run the display vlan [ vlan-id [ verbose ] ] command to check information about all
VLANs or a specified VLAN.
----End
Example
Run the display vlan command. The command output shows that VLANs have been enabled
with the broadcast function and the MAC address learning function. For example:
<HUAWEI> display vlan
The total number of vlans is : 4
VLAN ID Type
Status
MAC Learning Broadcast/Multicast/Unicast Property
-------------------------------------------------------------------------------10
common
enable
enable
forward
forward
forward default
20
common
enable
enable
forward
forward
forward default
30
common
enable
enable
forward
forward
forward default
40
common
enable
enable
forward
forward
forward default
4.6 Configuring VLAN Aggregation to Save IP Addresses
VLAN aggregation prevents the waste of IP addresses and implements inter-VLAN
communication.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
274
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
4.6.1 Before You Start
Before configuring VLAN aggregation, familiarize yourself with the usage scenario, complete
the pre-configuration tasks, and obtain the data required for the configuration.
Applicable Environment
As networks expand, address resources become insufficient. VLAN aggregation is developed
to save IP addresses.
In VLAN aggregation, one super-VLAN is associated with multiple sub-VLANs. Physical ports
cannot join a super-VLAN but a VLANIF interface can be created for the super-VLAN and an
IP address can be assigned to the VLANIF interface. Physical ports can join a sub-VLAN but
no VLANIF interface can be created for the sub-VLAN. All the ports in the sub-VLAN use the
same IP address with the VLANIF interface of the super-VLAN. This saves subnet IDs, default
gateway addresses of the subnets, and directed broadcast addresses of the subnets. In addition,
different broadcast domains can use the addresses in the same subnet segment. As a result, subnet
differences are eliminated, addressing becomes flexible, and the number of idle addresses is
reduced. VLAN aggregation allows each sub-VLAN to function as a broadcast domain and
reduces the waste of IP addresses to be assigned to ordinary VLANs.
Figure 4-11 shows the typical VLAN aggregation networking.
Figure 4-11 Typical networking diagram for VLAN aggregation
PE
Super
VLAN4
CE1
CE2
Sub-VLAN 2
Sub-VLAN 3
Pre-configuration Tasks
Before configuring VLAN aggregation, connect ports and configuring physical parameters of
the ports, ensuring that the ports are physically Up.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
275
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Data Preparation
To configure VLAN aggregation, you need the following data.
No.
Data
1
ID of each sub-VLAN and number of each port belonging to the sub-VLAN and
(optional) VLAN name of each sub-VLAN
2
ID of a super-VLAN
3
IP address and mask of a VLANIF interface
4.6.2 Creating a Sub-VLAN
Each sub-VLAN functions as a broadcast domain.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
vlan vlan-id
A sub-VLAN is created and the sub-VLAN view is displayed.
NOTE
If a device is configured with multiple VLANs, do as follows to configure a name for each VLAN:
Run the name vlan-name command in the VLAN view. After a VLAN name is configured, you can run
the vlan vlan-name vlan-name command in the system view to enter the corresponding VLAN view.
Step 3 Run:
port interface-type { interface-number1 [ to interface-number2 ] } &<1-10>
A port is added to the sub-VLAN.
----End
4.6.3 Creating a Super-VLAN
A super-VLAN consists of several sub-VLANs. No physical port can be added to a super-VLAN,
but a VLANIF interface can be configured for the super-VLAN and an IP address can be assigned
to the VLANIF interface.
Context
NOTE
Before configuring a super-VLAN, ensure that sub-VLANs have been configured.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
276
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
vlan vlan-id
A VLAN is created, and the VLAN view is displayed.
The VLAN ID of a super-VLAN must be different from every sub-VLAN ID.
Step 3 Run:
aggregate-vlan
A super-VLAN is created.
Using the undo aggregate-vlan command in the VLAN view changes a super-VLAN to a subVLAN.
Step 4 Run:
access-vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>
A sub-VLAN is added to a super-VLAN.
Only sub-VLANs can be added to a super-VLAN. Before adding sub-VLANs to a super-VLAN
in batches, ensure that these sub-VLANs are not configured with VLANIF interfaces.
----End
4.6.4 Assigning an IP Address to the VLANIF Interface of a SuperVLAN
The IP address of the VLANIF interface of a super-VLAN must contain the subnet segments
where users in sub-VLANs reside. All the sub-VLANs use the IP address of the VLANIF
interface of the super-VLAN, therefore saving IP addresses.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface vlanif vlan-id
A VLANIF interface is created for a super-VLAN, and the view of the VLANIF interface is
displayed.
Step 3 Run:
ip address ip-address { mask | mask-length }
An IP address is assigned to the VLANIF interface.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
277
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
4.6.5 (Optional) Configuring an IP Address Pool for a Sub-VLAN
Specifying an IP address range for users in a sub-VLAN filters out unauthorized users of which
IP addresses are beyond the range.
Context
After configuring an IP address pool for a sub-VLAN, note the following points:
l
The sub-VLAN processes only packets carrying IP addresses in this address pool, such as
ARP Request, ARP Reply, ARP Proxy, and ARP Miss packets.
l
If the super VLAN is enabled with proxy ARP, the system directly sends an ARP Request
packet from a user in the sub-VLAN to the sub-VLAN based on the IP address carried in
the packet. This reduces broadcast traffic.
l
When sending an ARP Miss packet carrying the IP address in the address pool, the system
directly broadcasts the packet in the sub-VLAN to ensure that traffic is properly forwarded.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
vlan vlan-id
The view of a created sub-VLAN is displayed.
Step 3 Run:
ip pool start-address [ to end-address ]
An IP address pool is configured for the sub-VLAN.
----End
4.6.6 (Optional) Enabling Proxy ARP on the VLANIF Interface of a
Super-VLAN
PCs in different sub-VLANs cannot directly communicate with each other in Layer2 network.
To allow these PCs to communicate with each other at Layer 3, enable proxy ARP on the
VLANIF interface of the super-VLAN.
Context
VLAN aggregation allows sub-VLANs to use the same subnet address, but prevents PCs in
different sub-VLANs from communicating with each other at the network layer.
PCs in ordinary VLANs can communicate with each other at the network layer by using different
gateway addresses. In VLAN aggregation, PCs in a super-VLAN use the same subnet address
and gateway address. As PCs in different sub-VLANs belong to one subnet, they communicate
with each other only at Layer 2, not Layer 3. These PCs are isolated from each other at Layer
2. Consequently, PCs in different sub-VLANs cannot communicate with each other.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
278
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Proxy ARP is required to enable PCs in a sub-VLAN to communicate with PCs in another subVLAN or PCs on other networks. After a super-VLAN and its VLANIF interface are created,
proxy ARP must be enabled to allow the super-VLAN to forward or process ARP request and
reply packets. Proxy ARP helps PCs in sub-VLANs communicate with each other at the network
layer.
NOTE
An IP address must have been assigned to the VLANIF interface corresponding to the super-VLAN.
Otherwise, proxy ARP cannot take effect.
VLAN aggregation simplifies configurations for the network where many VLANs are
configured and PCs in different VLANs need to communicate with each other.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface vlanif vlan-id
The view of the VLANIF interface of the super-VLAN is displayed.
Step 3 Run:
arp-proxy inter-sub-vlan-proxy enable
Inter-sub-VLAN proxy ARP is enabled.
----End
4.6.7 Checking the Configurations
After VLAN aggregation is configured, you can view VLAN types and information about
VLANIF interfaces, such as the physical status, link protocol status, IP address, and mask.
Prerequisites
The VLAN aggregation has been configured.
Procedure
l
Run the display vlan [ vlan-id [ verbose ] ] command to check VLAN information.
l
Run the display interface vlanif [ vlan-id | main ] command to check information about
a specific VLANIF interface.
l
Run the display sub-vlan command to check mappings between sub-VLANs and superVLANs.
l
Run the display super-vlan command to check sub-VLANs contained in a super-VLAN.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
279
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Example
Run the display vlan verbose command. The command output shows the VLAN type. For
example:
<HUAWEI> display vlan 40 verbose
VLAN ID
: 40
VLAN Name
:
VLAN Type
: Super
Description
: VLAN 0040
Status
: Enable
Broadcast
: Enable
MAC Learning
: Enable
Smart MAC Learning
: Disable
Current MAC Learning Result : Enable
Statistics
: Disable
Property
: Default
VLAN State
: Down
--------------------Sub-VLAN list: 2-3
Run the display interface vlanif command. The command output shows the physical status,
link protocol status, IP address, and mask of a VLANIF interface. For example:
<HUAWEI> display interface vlanif 2
Vlanif2 current state : UP
Line protocol current state : UP
Description:HUAWEI, Vlanif2 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 10.1.1.1/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-d526-ab00
Physical is VLANIF
Current system time: 2010-07-01 14:37:11-08:00
Statistics last cleared: never
Last 300 seconds input rate 941 bits/sec, 2 packets/sec
Last 300 seconds output rate 968 bits/sec, 3 packets/sec
Realtime 29 seconds input rate 0 bits/sec, 0 packets/sec
Realtime 29 seconds output rate 0 bits/sec, 0 packets/sec
Input: 827 packets,0 bytes
410 unicast,417 broadcast,0 multicast
0 errors,0 drops
Output:819 packets,0 bytes
402 unicast,417 broadcast,0 multicast
0 errors,0 drops
Last 300 seconds input utility rate: -Last 300 seconds output utility rate: --
Run the display sub-vlan command. The command output shows mappings between subVLANs and super-VLANs.
<HUAWEI> display sub-vlan
VLAN ID
Super-VLAN
----------------------------10
40
20
40
30
40
Run the display super-vlan command. The command output shows sub-VLANs contained in
a super-VLAN.
<HUAWEI> display super-vlan
VLAN ID
Sub-VLAN
-------------------------40
10 20 30
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
280
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
4.7 Configuring VLAN Policy-based VPN Access
VLAN policy-based VPN access allows VLLs, VSIs, or VPN instances to transmit separate
services. Currently, the NE80E/40E supports several VLAN policy-based VPN access schemes.
Choose one of them as required.
4.7.1 Before You Start
Before configuring VLAN policy-based VPN access, familiarize yourself with the usage
scenario, complete the pre-configuration tasks, and obtain the data required for the configuration.
Applicable Environment
On a Metro Ethernet (ME) network, VLAN IDs are used to identify various services or user
packets before them access to various VSIs, VLLs, or VPN instances. If multiple types of
services share one VLAN ID, as shown in Figure 4-12, services cannot be differentiated merely
by using VLAN IDs. As a result, part of high-priority traffic over the operator's network cannot
be scheduled in time, which deteriorates users' experience.
Figure 4-12 Networking diagram for multiple types of services sharing one VLAN ID
BTV VOD
Platform
SR
HSI
VoIP
UPE
Switch
Video
PW 1
PW 2
IPTV
VLAN 10
Internet
BRAS
Data flow1
Data flow2
It is required that the UPE be able to identify VLAN IDs carried in frames and parse priorities
of the frames. The UPE sends frames to different PWs based on the VLAN IDs and priorities
of the frames. In this manner, frames with high priorities can be scheduled in time.
Pre-configuration Tasks
Before configuring VLAN policy-based VPN access, ensure that the UPE receives only
untagged or single-tagged frames.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
281
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Data Preparation
To configure VLAN policy-based VPN access, you need the following data.
No.
Data
1
802.1p priority, DSCP priority, or EthType value
2
Number of the interface connecting the UPE to users and IP address of this
interface
l Data for configuring an L2VPN, including:
– VSI ID (Two ends of a PW must be configured with the same VSI ID.)
– MPLS LSR ID
– VSI name
– Interface to which the VSI is bound
l Data for configuring an L3VPN, including:
– VPN instance name and RD
– VPN target
– AS number of the UPE
– IP address and interface by which the UPE establishes a BGP peer
relationship
– Mode for the UPE and switch to exchange routing information: static
routes, Routing Information Protocol (RIP), Open Shortest Path First
(OSPF), Intermediate System to Intermediate System (IS-IS), or Border
Gateway Protocol (BGP)
– (Optional) Description of the VPN instance
– (Optional) Routing policy for sending and receiving VPN routing
information
– (Optional) Tunnel policy
– (Optional) Maximum number of routes allowed by the VPN instance
4.7.2 Configuring a VLAN Policy
VLAN policies refer to VLAN+802.1p, VLAN+DSCP, and VLAN+EthType policies. With
VLAN policies, a device can send services to corresponding VLLs, VSIs, or VPN instances. In
this manner, Different types of services are transmitted in separate VLLs, VSIs, or VPN
instances.
Context
If non-IP services are transmitted between the Base Transceiver Station (BTS) and the CSG,
either of the following policies can be configured:
l
VLAN+802.1p
On the network shown in Figure 4-13, Asynchronous Transfer Mode (ATM) or Time
Division Multiplex (TDM) links interconnect the BTS and CSG, and the Mobile
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
282
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Aggregation Site Gateway (MASG) and Base Station Controller (BSC). To transmit ATM
services from the BTS to the remote BSC, you need to configure PWE3 between the CSG
and the MASG to transparently transmit ATM cells.
Figure 4-13 uses the VLAN+802.1p-based L2VPN access as an example. The process for
VLAN+802.1p-based L3VPN access is similar and not described in this document.
Figure 4-13 Networking diagram for VLAN+802.1p-based L2VPN access
PWE3
Signal
Manage
Data
IP/Eth
xDSL
Voice
BTS
CSG
IP DSLAM
IP/Eth
PE1
VSI
VSI
VSI
VSI
PE2
MASG
BSC
PE4
PE3
Per Service Per VSI
ATM/TDM
l
Ethernet
Ethernet over
VSI
Ethernet ATM/TDM
VLAN+DSCP
On the network shown in Figure 4-14, ATM or TDM links interconnect the BTS and CSG,
and the MASG and BSC. To allow ATM cells to be transmitted over an IPv4 network, you
need to configure Generic Routing Encapsulation (GRE) for ATM cells. To transmit ATM
services from the BTS to the remote BSC, you need to configure PWE3 between the CSG
and the MASG to transparently transmit ATM cells.
Figure 4-14 uses VLAN+DSCP-based L2VPN access as an example. The process for
VLAN+DSCP-based L3VPN access, untagged+DSCP-based L3VPN access, or VLAN
+DSCP-based L2VPN access is similar and not described in this document.
Figure 4-14 Networking diagram for VLAN+DSCP-based L2VPN access
GRE
encapsulation
Signal
PW
GRE
decapsulation
CSG VLAN+DSCP
Voice
L2VPN
Manage
Data
PE1
PE2 MASG
BTS
BSC
GRE
ATM/TDM
Issue 02 (2014-09-30)
PW over GRE
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
ATM/TDM
283
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
NOTE
l The DSCP value is carried in IP packets. To make the VLAN+DSCP policy take effect, ensure that
only IP services are sent to the CSG.
If non-IP services are sent to the CSG, a GRE tunnel must be configured on the CSG to transparently
transmit the non-IP services over the IPv4 network.
l There is no difference in PE configurations regardless of whether IP or non-IP services are sent to the
BTS.
In this usage scenario, only PE configurations are concerned. For configurations of other devices, see
related configuration manuals.
l 802.1p or DSCP priorities can be changed on the CSG by using commands.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface { ethernet | gigabitethernet } interface-number.subinterface-number
The view of an Ethernet sub-interface connecting PE 1 to users is displayed.
Step 3 Run:
vlan-type dot1q vlanid { 8021p { 8021p-value1 [ to 8021p-value2 ] } &<1-10> | dscp
{ dscp-value1 [ to dscp-value2 ] } &<1-10> | eth-type eth-type-value | default }
A VLAN policy is configured on the sub-interface for dot1q VLAN tag termination.
NOTE
If the sub-interfaces of one interface are configured with the same VLAN ID, only one type of VLAN
policies (VLAN+802.1p, VLAN+DSCP, or VLAN+EthType) can be configured on these sub-interfaces.
A VLAN ID can be assigned to a maximum of eight sub-interfaces.
l The eth-type parameter takes effect only on PPPoE services currently. If the eth-type
parameter is configured, IPoE packets will be processed by the default sub-interface.
l If the default parameter is configured, all the services that do not match any VLAN policy
will be processed by the default sub-interface.
l If the vlan-type dot1q command has been used in the view of an Ethernet sub-interface, the
sub-interface exclusively uses this VLAN, and the VLAN ID can no longer be configured
in any VLAN policy for other sub-interfaces.
l If the undo vlan-type dot1q command is used with a specified VLAN ID and an 802.1p
priority value, a DSCP priority value, or an EtherType value, only the specified VLAN policy
associated with this VLAN ID is deleted from the sub-interface. If the undo vlan-type dot1q
vlanid command is used with a specified VLAN ID but not an 802.1p priority value, a DSCP
priority value, or an EtherType value, all VLAN policies associated with this VLAN ID are
deleted from the sub-interface.
Step 4 Run:
vlan-type dot1q vlanid { 8021p { 8021p-value1 [ to 8021p-value2 ] } &<1-10>
default }
|
A VLAN policy is configured on the sub-interface for dot1q VLAN tag termination.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
284
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
NOTE
If the sub-interfaces of one interface are configured with the same VLAN ID, only one type of VLAN
policies (VLAN+802.1p) can be configured on these sub-interfaces.
A VLAN ID can be assigned to a maximum of eight sub-interfaces.
l If the default parameter is configured, all the services that do not match any VLAN policy
will be processed by the default sub-interface.
l If the vlan-type dot1q command has been used in the view of an Ethernet sub-interface, the
sub-interface exclusively uses this VLAN, and the VLAN ID can no longer be configured
in any VLAN policy for other sub-interfaces.
l If the undo vlan-type dot1q command is used with a specified VLAN ID and an 802.1p
priority value only the specified VLAN policy associated with this VLAN ID is deleted from
the sub-interface. If the undo vlan-type dot1q vlanid command is used with a specified
VLAN ID but not an 802.1p priority value, all VLAN policies associated with this VLAN
ID are deleted from the sub-interface.
----End
4.7.3 Configuring a VPN
After a VLAN matching policy is configured, you need to configure a VPN so that users over
an L2VPN and an L3VPN can communicate with each other.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface { ethernet | gigabitethernet } interface-number.subinterface-number
The view of an Ethernet sub-interface to be configured with a VLAN policy is displayed.
Step 3 Configure the VPN service.
Deploy one of the following services as required:
l L2VPN
For detailed information, see the chapters "Virtual Leased Line (VLL) Configuration",
"Pseudo-Wire Emulation Edge to Edge (PWE3) Configuration", and "Virtual Private LAN
Service (VPLS) Configuration" in the HUAWEI NetEngine80E/40E Router Configuration
Guide - VPN.
The sub-interface for QinQ VLAN tag termination can be bound to a homogeneous VLL in
the following modes:
– Local Circuit Cross Connect (CCC) connection
– Remote CCC connection
– Remote SVC connection
– Local Kompella connection
– Remote Kompella connection
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
285
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
– Remote Martini connection
The sub-interface for dot1q VLAN tag termination can be bound to a homogeneous VLL or
a heterogeneous VLL in the following modes:
– Local Kompella connection
– Remote Kompella remote connection
– Local Martini connection
– Remote Martini connection
The sub-interface for QinQ/dot1q VLAN tag termination can be bound to VPLS in the
following modes:
– Martini VPLS
– Kompella VPLS
l L3VPN
For detailed information, see the chapter "Border Gateway Protocol (BGP) Multiprotocol
Label Switching (MPLS) IP VPN Configuration" in the HUAWEI NetEngine80E/40E
CConfiguration Guide - VPN.
----End
4.7.4 Checking the Configurations
After VLAN policy-based VPN access is configured, you can check information about subinterfaces with the same VLAN ID on an interface.
Prerequisites
VLAN policy-based VPN access has been configured.
Procedure
l
Run the display interface interface-type interface-number vlan { vlan-id | untagged }
command to check VLAN policies configured for sub-interfaces with a specified VLAN
ID or without VLAN IDs.
----End
Example
Run the display interface vlan command. The command output shows VLAN policies
configured for sub-interfaces on an interface with a specified VLAN ID. For example:
<HUAWEI> display interface gigabitethernet1/0/1 vlan 1
Sub-Interface VlanPolicy
----------------------------------------------------------GE1/0/1.1
8021p 1 3 to 7
GE1/0/1.2
dscp 3 6 to 10
GE1/0/1.3
default
----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 1 Sub-Interface num: 3
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
286
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
4.8 Configuring Interface Isolation in a VLAN
After interface isolation in a VLAN is configured, interfaces in the VLAN cannot communicate
with each other. To have isolated interfaces communicate with each other, you need to configure
ARP proxy in the VLAN. In this manner, you can monitor traffic in the VLAN at Layer 3.
4.8.1 Before You Start
Before configuring interface isolation in a VLAN, familiarize yourself with the applicable
environment, pre-configuration tasks, and required data. This can help you complete the
configuration task quickly and accurately.
Applicable Environment
When some interfaces are limited not to connect directly, you can configure the interface
isolation in a VLAN.
When the interfaces isolated in a VLAN need to connect, the connection must be implemented
through the layer 3 route. In this way, the users in a VLAN can be managed and controlled
flexibly.
Pre-configuration Tasks
Before configuring the interface isolation in VLAN, complete the configuration of VLAN based
on the interface.
Data Preparation
To configure the interface isolation in VLAN, you need the following data.
No.
Data
1
VLAN number
2
Numbers of interfaces that need to be isolated in a VLAN
3
IP addresses and sub net masks of the VLANIF interfaces
4.8.2 Configuring Interface Isolation in a VLAN
Isolated interfaces in a VLAN cannot communicate with each other, but can communicate with
non-isolated interfaces.
Context
The device provides the following two methods of isolating the interfaces in a VLAN:
l
Issue 02 (2014-09-30)
Enabling the interface isolation state in a VLAN.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
287
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
l
4 VLAN Configuration
Configuring the interfaces that need to be isolated in the VLAN view.
You can choose one of the following methods as required:
Procedure
l
Enabling the Ethernet interface Isolation
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface { ethernet | gigabitethernet | eth-trunk } interface-number
The specified Ethernet interface view is displayed.
3.
Run:
portswitch
The interface is set to the switched interface.
4.
Run:
port default vlan vlan-id
The default VLAN to which the port belongs is configured.
5.
Run:
port isolate-state enable vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>
The interface isolation is enabled in a VLAN.
When this command is run, the VLAN should include this interface.
Perform the following steps to configure the device where the 1483B VE interface to be
isolated in a VLAN resides.
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface virtual-ethernet ve-number
The specified VE interface view is displayed.
3.
Run:
portswitch
The interface is switched to a Layer 2 interface.
4.
Run:
port default vlan vlan-id
The interface is added to a VLAN.
5.
Run:
port isolate-state enable vlan vlan-id1
The interface is isolated from other interfaces in the VLAN.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
288
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
In the VE interface view, you can isolate only one interface from other interfaces in
a VLAN.
l
Configuring the Interface Isolation in the VLAN View
1.
Run:
system-view
The system view is displayed.
2.
Run:
vlan vlan-id
The VLAN view is displayed.
3.
Run:
port isolate { { interface-type interface-number} &<1-10> | all }
The interfaces that need to be isolated are configured in a VLAN.
----End
4.8.3 Enabling ARP Proxy in a VLAN
To have isolated interfaces in a VLAN communicate with each other, you must create a VLANIF
interface and enable ARP proxy in the VLAN.
Context
Perform the following steps on the devices:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface vlanif vlan-id
The VLANIF interface is created.
Step 3 Run:
ip address ip-address { mask | mask-length } [ sub ]
The IP addresses are configured for the VLANIF interfaces.
The IP addresses of the VLANIF interfaces and those of the hosts in the VLAN are on the same
network segment.
The IP addresses of different VLANIF interfaces should be on the different network segments,
so that there are reachable routes between the users in different VLANs.
Step 4 Run:
arp-proxy inner-sub-vlan-proxy enable
The ARP proxy is enabled in a VLAN.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
289
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
4.9 Configuring the Isolation Based on Interface Groups in
a VLAN
You can isolate interfaces in a VLAN by adding interfaces to different interface groups.
4.9.1 Before You Start
Before configuring interface group isolation in a VLAN, familiarize yourself with the usage
scenario, pre-configuration tasks, and required data. This can help you complete the
configuration task quickly and accurately.
Applicable Environment
NOTE
The interface group isolation in a VLAN is not supported in X1 and X2 of the NE80E/40E.
When you need to isolate packets between interface groups, you can configure the isolation
based on interface groups in a VLAN.
You can add the interfaces to be isolated to different interface groups and the interfaces in the
interface groups cannot communicate with each other.
Pre-configuration Tasks
Before configuring the isolation based on interface groups in a VLAN, complete the
configuration of the interface-based VLAN.
Data Preparation
To configure the isolation based on interface groups in a VLAN, you need the following data.
No.
Data
1
VLAN number
2
Numbers of interfaces and interface groups to be isolated in a VLAN
4.9.2 Adding an Interface to the Group to Be Isolated
Interfaces in the same isolation group are not isolated from each other. Interfaces in an isolation
group can communicate with interfaces that do not belong to any isolation group.
Context
Perform the following steps on the devices:
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
290
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface { ethernet | gigabitethernet | eth-trunk } interface-number
The Ethernet interface view is displayed.
Step 3 Run:
portswitch
The interface is set as a switched interface.
Step 4 Run:
port-isolation group group-id
The interface is added to a specific group.
The interface must be added to the VLAN before you run this command.
----End
4.9.3 Checking the Configurations
After interfaces are added to an isolation group, you can check information about the interface
isolation group.
Procedure
Step 1 Run the display port-isolation group { group-id | brief } command to view information about
an isolated interface group.
----End
Example
Run the display port-isolation group group-id command. You can view the information about
an isolated interface group. For example:
[HUAWEI] display port-isolation group 4
Port islation group 4
Eth-Trunk3
Eth-Trunk5
port islation group 4 has 2 ports
Run the display port-isolation group brief command. You can view the information about all
isolated interface groups. For example:
[HUAWEI] display port-isolation group brief
Port islation group 4
Eth-Trunk3
Eth-Trunk5
port islation group 4 has 2 ports
Port islation group 5
Eth-Trunk4
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
291
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Eth-Trunk6
port islation group 5 has 2 ports
4.10 Configuring Ethernet Loop Detection for a VLAN
In the case of an uncontrollable user network, the NE80E/40E supports the deployment of
Ethernet loop detection on the provider's network to prevent loops in a VLAN.
4.10.1 Before You Start
Before configuring Ethernet loop detection for a VLAN, familiarize yourself with the usage
scenario, pre-configuration tasks, and required data. This can help you complete the
configuration task quickly and accurately.
Applicable Environment
As shown in Figure 4-15, when CE1, the Customer Edge (CE) device, accesses to the Provider
Edge (PE) devices in the same VLAN through redundant links, you can configure Ethernet loop
detection for the VLAN on PE devices. This avoids the broadcast storm on the network.
NOTE
Disabling this function is recommended in either of the following scenarios:
l
The device is running normally.
l
The link check process is complete.
Figure 4-15 Networking diagram of configuring Ethernet loop detection for a VLAN
PE1
PE2
VLAN 100
AC2
AC1
CE1
Pre-configuration Tasks
Before configuring Ethernet loop detection for a VLAN, complete the following tasks:
l
Connect the interfaces and configuring the physical parameters of the interfaces to make
the physical status of the interfaces Up.
l
Create a VLAN in the carrier network and connecting a CE device to PE devices.
Data Preparation
To configure Ethernet loop detection for a VLAN, you need the following data.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
292
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
No.
Data
1
Times of loopback, interval of the detection time, cycle of the detection interval, time
for blocking a loop, and retry times for blocking an interface permanently
2
(Optional) Block priority of an interface
4.10.2 Configuring Ethernet Loop Detection for a VLAN
After Ethernet loop detection is configured for a VLAN, the NE80E/40E blocks a certain
interface, records a log, and sends an alarm after detecting a loop in the VLAN.
Context
Perform the following steps on the PE devices:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 (Optional) Run:
loop-detect eth-loop loop-times loop-times detect-cycle detect-cycle-time cycles
cycles
The conditions for generating loop detection alarms are configured globally.
By default, a loop detection alarm is generated when loops occur three times during a detection
interval of 10s for three consecutive intervals.
Step 3 Run:
vlan vlan-id
The VLAN view is displayed.
Step 4 Run:
loop-detect eth-loop loop-times loop-times detect-cycle detect-cycle-time cycles
cycles { retry-times retry-times block-time block-time | alarm-only }
Ethernet loop detection is enabled for the VLAN.
When block-time and retry-times are selected, the router blocks a certain interface in the VLAN
after a loop is detected in the VLAN. In addition, the router records the event in the log and
sends an alarm message to the NMS.
When alarm-only is selected, the router does not block the interface in the VLAN after detecting
a loop. Instead, the router only records the event in the log and sends an alarm message to the
NMS.
Step 5 Run:
quit
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
293
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
The system view is displayed.
Step 6 (Optional) Run:
reset loop-detect eth-loop vlan vlan-id { all | interface interface-type interfacenumber }
The interface which is blocked by the Ethernet loop detection for a VLAN is restored.
As shown in Figure 4-15, if Ethernet loop detection is configured for both PE1 and PE2 in
VLAN 100, you can set different values for cycles to first block the link on either device first.
For example, if cycles is set to 1 on PE1 and 3 on PE2, PE1 blocks the port the first time a loop
is detected. PE2, however, blocks the port when a loop is detected for three times. Therefore,
PE1 blocks a loop faster than PE2.
----End
4.10.3 (Optional)Configuring Ethernet Loop Notification
After Ethernet loop notification is configured on a device, the device reports interface change
alarms to the network management system (NMS) to notify the NMS of possible Ethernet loops.
Context
A device reports an alarm to the NMS in the following situations:
l
Its AC-side or PW-side interfaces switch to the Blocking or Normal state.
l
Its Layer 2 interfaces switch to the Blocking or Normal state.
l
Its main interfaces enabled with Ethernet loop detection switch to the Blocking or Normal
state.
l
A local loop occurs and the related interfaces switch to the Blocking or Normal state. A
loop occurs in its VLAN or VSI.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
snmp-agent trap enable feature-name mflp [ trap-name { hwmflpacblock |
hwmflpacresume | hwmflpifblock | hwmflpifresume | hwmflplinkblocked |
hwmflplinkunblocked | hwmflploopbackblock | hwmflploopbackresume | hwmflppwblock |
hwmflppwresume | hwmflpvlanalarm | hwmflpvsialarm } ]
Ethernet loop notification is configured.
----End
4.10.4 (Optional) Configuring the Block Priority for an Interface
You can configure block priorities for interfaces so that a specific link is preferentially blocked
when a loop is detected.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
294
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Context
Perform the following steps on the PE devices:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface { ethernet | gigabitethernet | eth-trunk } interface-number
The view of the specified Ethernet interface is displayed.
The specified interface must be an interface in a VLAN enabled with Ethernet loop detection.
Step 3 Run:
loop-detect eth-loop priority priority
The block priority is configured for the interface.
The smaller priority is, the faster an interface is blocked.
As shown in Figure 4-15, if you want to block the link between PE1 and PE2 first, you can
configure different priority values for interfaces on the PE devices, when a loop is formed
between CE1, PE1, and PE2. In this manner, you can first block the link between PE1 and PE2.
----End
4.10.5 (Optional) Configuring the Accurate Ethernet Loop Blocking
Function
Context
The traditional Ethernet loop detection function detects Layer 2 interfaces with frequently
changed MAC addresses on the local device, and blocks the interfaces with lower priorities to
eliminate loops. However, MAC addresses of interfaces without loops may change due to the
remote loop, and traffic of these interfaces is interrupted. The accurate Ethernet loop blocking
function can prevent this issue.
The accurate Ethernet loop blocking function can accurately locate and block the interfaces with
a loop by analyzing MAC address change differences between the interfaces with and without
a loop and recording the original trusted interfaces.
If boards that do not support the accurate Ethernet loop blocking function reside on the device
and only MAC address change information about these boards is received in the last loop
detection period, interfaces in the VLAN are blocked based on interface blocking priorities. The
accurate loop blocking function does not work in this case.
Procedure
Step 1 Run:
system-view
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
295
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
The system view is displayed.
Step 2 (Optional) Run:
loop-detect eth-loop precise-block trust-port generate-time time
The interval for generating trusted interfaces is specified.
The default interval is 600s.
Step 3 (Optional) Run:
loop-detect eth-loop precise-block policy no-block
The blocking policy is specified if MAC addresses change, but the local device does not have
trusted interfaces.
By default, interfaces are blocked based on their configured blocking priorities if there is no
trusted interface.
Step 4 Run:
vlan vlan-id
The VSI view is displayed.
Step 5 Run:
loop-detect eth-loop precise-block enable
Trusted interface generation is enabled. After an interface is specified as a trusted interface, this
interface will not be blocked.
By default, interfaces are blocked based on their configured blocking priorities.
----End
4.10.6 Checking the Configurations
After Ethernet loop detection for a VLAN is configured, you can check information about
Ethernet loop detection.
Context
Run the following command to check the previous configuration.
Action
Command
Check information about Ethernet loop
detection in a VLAN.
display loop-detect eth-loop vlan vlan-id
Run the display loop-detect eth-loop vlan vlan-id command. You can view the information
about Ethernet loop detection in a VLAN. For example:
<HUAWEI> display loop-detect eth-loop vlan 100
VLAN/VSI
LTimes D-Cycle Cycles Retry
Action
BPolicy
-----------------------------------------------------------------------VLAN 100
1
2
3
-Alarm-only
-Total Items = 1
Blocked Port:
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
296
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
---------------
4.11 Maintaining VLAN
A command of clearing statistics helps to locate the faults in a VLAN.
4.11.1 Clearing the Statistics of VLAN Packets
Before collecting traffic statistics in a specified time period on an interface, you need to reset
the original statistics on the interface.
Context
NOTICE
Statistics about VLAN packets cannot be restored after you clear it. So, confirm the action before
you use the command.
To clear the Statistics of VLAN Packets, run the following reset command in the user view:
Procedure
l
Run the reset vlan statistics [ vid ] vlan-id command to clear packets of a specified VLAN
statistics.
l
Run the reset vlan statistics interface interface-type interface-number.subinterfacenumber command to clear the VLAN packets on a specified sub-interface statistics.
----End
4.12 Configuration Examples
This section describes the typical application scenarios of VLANs, including networking
requirements, configuration roadmap, and data preparation, and provides related configuration
files.
NOTE
This document takes interface numbers and link types of the NE40E-X8 as an example. In working
situations, the actual interface numbers and link types may be different from those used in this document.
4.12.1 Example for Configuring Users in a VLAN to Communicate
by Using a Trunk Link
If employees of a department work in different buildings, switches in the buildings can be
connected by using a trunk link to allow the employees to communicate.
Networking Requirements
A company has several departments. Employees of each department reside in different buildings.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
297
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
On the network shown in Figure 4-16, employees of the financial or marketing department work
in different buildings. It is required that employees of the same department be able to
communicate with each other, whereas employees of different departments not communicate
with each other.
Figure 4-16 Networking diagram for configuring users in a VLAN to communicate by using a
trunk link
network
CE1
GE1/0/1
GE1/0/5
GE1/0/1
VLAN 5
Finance
Department
GE1/0/5
GE1/0/2
CE2
Trunk ( VLAN 5 VLAN 9 )
GE1/0/4
GE1/0/2
PE
GE1/0/3
VLAN 9
Marketing
Department
GE1/0/4
GE1/0/1
GE1/0/2
VLAN 5
Finance
Department
GE1/0/3
VLAN 9
Marketing
Department
Configuration Roadmap
The configuration roadmap is as follows:
1.
Add ports connecting switches to PCs of the financial department to VLAN 5 and ports
connecting switches to PCs of the marketing department to VLAN 9. This configuration
prevents employees in financial and marketing departments from communicating with each
other.
2.
Configure links between switches and PE as trunk links to allow frames from VLAN 5 and
VLAN 9 to pass through, allowing employees of the same department but different
buildings to communicate with each other.
NOTE
Only Layer 2 ports are able to identify frames with tags. All interfaces on PE and CEs 1 and 2 must
function as Layer 2 ports.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
298
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Data Preparation
To complete the configuration, you need the following data:
l
Number of each port connecting a switch to a PC
l
Number of each port connecting a switch to the router
l
Number of each port connecting the router to a switch
l
ID of each VLAN
Procedure
Step 1 Add ports connecting switches to PCs to specified VLANs.
# Configure CE 1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 5 9
[CE1] interface GigabitEthernet 1/0/1
[CE1-GigabitEthernet1/0/1] portswitch
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] port link-type access
[CE1-GigabitEthernet1/0/1] port default vlan 5
[CE1-GigabitEthernet1/0/1] quit
[CE1] interface GigabitEthernet 1/0/2
[CE1-GigabitEthernet1/0/2] portswitch
[CE1-GigabitEthernet1/0/2] undo shutdown
[CE1-GigabitEthernet1/0/2] port link-type access
[CE1-GigabitEthernet1/0/2] port default vlan 5
[CE1-GigabitEthernet1/0/2] quit
[CE1] interface GigabitEthernet 1/0/3
[CE1-GigabitEthernet1/0/3] portswitch
[CE1-GigabitEthernet1/0/3] undo shutdown
[CE1-GigabitEthernet1/0/3] port link-type access
[CE1-GigabitEthernet1/0/3] port default vlan 9
[CE1-GigabitEthernet1/0/3] quit
[CE1] interface GigabitEthernet 1/0/4
[CE1-GigabitEthernet1/0/4] portswitch
[CE1-GigabitEthernet1/0/4] undo shutdown
[CE1-GigabitEthernet1/0/4] port link-type access
[CE1-GigabitEthernet1/0/4] port default vlan 9
[CE1-GigabitEthernet1/0/4] quit
# Configure CE 2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 5 9
[CE2] interface GigabitEthernet 1/0/1
[CE2-GigabitEthernet1/0/1] portswitch
[CE2-GigabitEthernet1/0/1] undo shutdown
[CE2-GigabitEthernet1/0/1] port link-type access
[CE2-GigabitEthernet1/0/1] port default vlan 5
[CE2-GigabitEthernet1/0/1] quit
[CE2] interface GigabitEthernet 1/0/2
[CE2-GigabitEthernet1/0/2] portswitch
[CE2-GigabitEthernet1/0/2] undo shutdown
[CE2-GigabitEthernet1/0/2] port link-type access
[CE2-GigabitEthernet1/0/2] port default vlan 5
[CE2-GigabitEthernet1/0/2] quit
[CE2] interface GigabitEthernet 1/0/3
[CE2-GigabitEthernet1/0/3] portswitch
[CE2-GigabitEthernet1/0/3] undo shutdown
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
299
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
[CE2-GigabitEthernet1/0/3] port link-type access
[CE2-GigabitEthernet1/0/3] port default vlan 9
[CE2-GigabitEthernet1/0/3] quit
[CE2] interface GigabitEthernet 1/0/4
[CE2-GigabitEthernet1/0/4] portswitch
[CE2-GigabitEthernet1/0/4] undo shutdown
[CE2-GigabitEthernet1/0/4] port link-type access
[CE2-GigabitEthernet1/0/4] port default vlan 9
[CE2-GigabitEthernet1/0/4] quit
Step 2 Configure links between switches and the router as trunk links.
# Configure CE 1.
[CE1] interface GigabitEthernet 1/0/5
[CE1-GigabitEthernet1/0/5] portswitch
[CE1-GigabitEthernet1/0/5] undo shutdown
[CE1-GigabitEthernet1/0/5] port link-type trunk
[CE1-GigabitEthernet1/0/5] port trunk allow-pass vlan 5 9
[CE1-GigabitEthernet1/0/5] quit
# Configure CE 2.
[CE2] interface GigabitEthernet 1/0/5
[CE2-GigabitEthernet1/0/5] portswitch
[CE2-GigabitEthernet1/0/5] undo shutdown
[CE2-GigabitEthernet1/0/5] port link-type trunk
[CE2-GigabitEthernet1/0/5] port trunk allow-pass vlan 5 9
[CE2-GigabitEthernet1/0/5] quit
Step 3 # Configure PE.
<HUAWEI> system-view
[HUAWEI] sysname PE
[PE] interface GigabitEthernet 1/0/1
[PE-GigabitEthernet1/0/1] portswitch
[PE-GigabitEthernet1/0/1] undo shutdown
[PE-GigabitEthernet1/0/1] port link-type trunk
[PE-GigabitEthernet1/0/1] port trunk allow-pass vlan 5 9
[PE-GigabitEthernet1/0/1] quit
[PE] interface GigabitEthernet 1/0/2
[PE-GigabitEthernet1/0/2] portswitch
[PE-GigabitEthernet1/0/2] undo shutdown
[PE-GigabitEthernet1/0/2] port link-type trunk
[PE-GigabitEthernet1/0/2] port trunk allow-pass vlan 5 9
[PE-GigabitEthernet1/0/2] quit
Step 4 Verify the configuration.
After the configurations are complete, run the display vlan command to view VLAN status. In
the following example, the display on CE1 is used:
[CE1] display vlan 5
* : management-vlan
--------------------VLAN ID Type
Status
MAC Learning Broadcast/Multicast/Unicast Property
-------------------------------------------------------------------------------5
common
enable
enable
forward
forward
forward default
------------------Tagged
Port: GigabitEthernet1/0/1
GigabitEthernet1/0/2
------------------Active tag Port: GigabitEthernet1/0/1
GigabitEthernet1/0/2
------------------Interface
Physical
GigabitEthernet1/0/1
UP
GigabitEthernet1/0/2
UP
GigabitEthernet1/0/5
UP
[CE1] display vlan 9
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
300
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
* : management-vlan
--------------------VLAN ID Type
Status
MAC Learning Broadcast/Multicast/Unicast Property
-------------------------------------------------------------------------------9
common
enable
enable
forward
forward
forward default
------------------Tagged
Port: GigabitEthernet1/0/3
GigabitEthernet1/0/4
------------------Active tag Port: GigabitEthernet1/0/3
GigabitEthernet1/0/4
------------------Interface
Physical
GigabitEthernet1/0/3
UP
GigabitEthernet1/0/4
UP
GigabitEthernet1/0/5
UP
Run the display port vlan command to view the list of VLANs configured on port. In the
following example, the display on CE1 is used:
[CE1] display port vlan gigabitethernet1/0/5
Port
Link Type
PVID
Trunk VLAN List
-------------------------------------------------------------GigabitEthernet1/0/5
trunk
0
5 9
In either VLAN 5 or VLAN 9, a PC connected to CE 1 can ping a PC connected to CE 2
successfully.
----End
Configuration Files
l
Configuration file of CE 1
#
sysname CE1
#
vlan batch 5 9
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type access
port default vlan 5
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type access
port default vlan 5
#
interface GigabitEthernet1/0/3
portswitch
undo shutdown
port link-type access
port default vlan 9
#
interface GigabitEthernet1/0/4
portswitch
undo shutdown
port link-type access
port default vlan 9
#
interface GigabitEthernet1/0/5
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 5 9
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
301
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
#
return
l
Configuration file of CE 2
#
sysname CE2
#
vlan batch 5 9
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type access
port default vlan 5
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type access
port default vlan 5
#
interface GigabitEthernet1/0/3
portswitch
undo shutdown
port link-type access
port default vlan 9
#
interface GigabitEthernet1/0/4
portswitch
undo shutdown
port link-type access
port default vlan 9
#
interface GigabitEthernet1/0/5
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 5 9
#
return
l
Configuration file of PE
#
sysname PE
#
vlan batch 5 9
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 5 9
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 5 9
#
return
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
302
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
4.12.2 Example for Configuring Inter-VLAN Communication by
Using Sub-interfaces
Configuring sub-interfaces enables users in different VLANs and network segments to
communicate with each other.
Networking Requirements
Users in different residential compounds in different network segments require various services
such as Internet, IPTV, and VoIP services. The network administrator of each residential
compound configures a VLAN for each service to simplify management. After the configuration,
users in different residential compounds belong to different VLANs, but they need to
communicate with each other for the same type of service.
On the network shown in Figure 4-17, users in residential compounds 1 to 4 belong to different
VLANs in different network segments but all require the Internet service. Therefore,
communication between these users is required.
Figure 4-17 Networking diagram for configuring inter-VLAN communication by using subinterfaces
GE2/0/0.1: 10.110.4.3/24
GE2/0/0.2: 10.110.3.3/24
GE1/0/3
PE
GE1/0/1.1: 10.110.6.3/24
GE1/0/1.2: 10.110.5.3/24
GE1/0/3
CE2
CE1
GE1/0/1
community1
VLAN 30
10.110.4.0/24
GE1/0/2
community2
VLAN 40
10.110.3.0/24
GE1/0/1
community3
VLAN 10
10.110.6.0/24
GE1/0/2
community4
VLAN 20
10.110.5.0/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create VLANs on switches and determine mappings between users and VLANs.
2.
Configure trunk ports on switches to allow frames with certain VLAN IDs to pass through.
3.
Create sub-interfaces on PE and associate the sub-interfaces with VLANs.
4.
Assign an IP address to each sub-interface for communication at the network layer.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
303
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
NOTE
The default gateway address of each PC in a VLAN must be the IP address of the corresponding subinterface. Otherwise, inter-VLAN communication fails.
Data Preparation
To complete the configuration, you need the following data:
l
User VLAN ID
l
User IP address
l
Number of each port connecting a switch to a PC
l
Number of each port connecting a switch to the router
l
Number and IP address of each sub-interface on PE
Procedure
Step 1 Create VLANs on CE 1 and CE 2.
# Configure CE 1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 30 40
[CE1] interface GigabitEthernet 1/0/1
[CE1-GigabitEthernet1/0/1] portswitch
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] port link-type access
[CE1-GigabitEthernet1/0/1] port default vlan 30
[CE1-GigabitEthernet1/0/1] quit
[CE1] interface GigabitEthernet 1/0/2
[CE1-GigabitEthernet1/0/2] portswitch
[CE1-GigabitEthernet1/0/2] undo shutdown
[CE1-GigabitEthernet1/0/2] port link-type access
[CE1-GigabitEthernet1/0/2] port default vlan 40
[CE1-GigabitEthernet1/0/2] quit
# Configure CE 2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 10 20
[CE2] interface GigabitEthernet 1/0/1
[CE2-GigabitEthernet1/0/1] portswitch
[CE2-GigabitEthernet1/0/1] undo shutdown
[CE2-GigabitEthernet1/0/1] port link-type access
[CE2-GigabitEthernet1/0/1] port default vlan 10
[CE2-GigabitEthernet1/0/1] quit
[CE2] interface GigabitEthernet 1/0/2
[CE2-GigabitEthernet1/0/2] portswitch
[CE2-GigabitEthernet1/0/2] undo shutdown
[CE2-GigabitEthernet1/0/2] port link-type access
[CE2-GigabitEthernet1/0/2] port default vlan 20
[CE2-GigabitEthernet1/0/2] quit
Step 2 Configure trunk ports on CE 1 and CE 2 to allow frames with certain VLAN IDs to pass through.
# Configure CE 1.
[CE1] interface GigabitEthernet 1/0/3
[CE1-GigabitEthernet1/0/3] portswitch
[CE1-GigabitEthernet1/0/3] undo shutdown
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
304
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
[CE1-GigabitEthernet1/0/3] port link-type trunk
[CE1-GigabitEthernet1/0/3] port trunk allow-pass vlan 30 40
[CE1-GigabitEthernet1/0/3] quit
# Configure CE 2.
[CE2] interface GigabitEthernet 1/0/3
[CE2-GigabitEthernet1/0/3] portswitch
[CE2-GigabitEthernet1/0/3] undo shutdown
[CE2-GigabitEthernet1/0/3] port link-type trunk
[CE2-GigabitEthernet1/0/3] port trunk allow-pass vlan 10 20
[CE2-GigabitEthernet1/0/3] quit
Step 3 Create sub-interfaces on PE and associate the sub-interfaces with VLANs.
<HUAWEI> system-view
[HUAWEI] sysname PE
[PE] interface gigabitethernet 1/0/1
[PE-GigabitEthernet1/0/1] undo shutdown
[PE-GigabitEthernet1/0/1] quit
[PE] interface gigabitethernet 1/0/1.1
[PE-GigabitEthernet1/0/1.1] vlan-type dot1q
[PE-GigabitEthernet1/0/1.1] quit
[PE] interface gigabitethernet 1/0/1.2
[PE-GigabitEthernet1/0/1.2] vlan-type dot1q
[PE-GigabitEthernet1/0/1.2] quit
[PE] interface gigabitethernet 2/0/0
[PE-GigabitEthernet2/0/0] undo shutdown
[PE-GigabitEthernet2/0/0] quit
[PE] interface gigabitethernet 2/0/0.1
[PE-GigabitEthernet2/0/0.1] vlan-type dot1q
[PE-GigabitEthernet2/0/0.1] quit
[PE] interface gigabitethernet 2/0/0.2
[PE-GigabitEthernet2/0/0.2] vlan-type dot1q
[PE-GigabitEthernet2/0/0.2] quit
10
20
30
40
Step 4 Configure IP addresses.
[PE] interface gigabitethernet 1/0/1.1
[PE-GigabitEthernet1/0/1.1] ip address
[PE-GigabitEthernet1/0/1.1] quit
[PE] interface gigabitethernet 1/0/1.2
[PE-GigabitEthernet1/0/1.2] ip address
[PE-GigabitEthernet1/0/1.2] quit
[PE] interface gigabitethernet 2/0/0.1
[PE-GigabitEthernet2/0/0.1] ip address
[PE-GigabitEthernet2/0/0.1] quit
[PE] interface gigabitethernet 2/0/0.2
[PE-GigabitEthernet2/0/0.2] ip address
[PE-GigabitEthernet2/0/0.2] quit
10.110.6.3 24
10.110.5.3 24
10.110.4.3 24
10.110.3.3 24
Step 5 Verify the configuration.
On PCs in VLAN 10, configure the IP address 10.110.6.3/24 of GE 1/0/1.1 as the default gateway
address.
On PCs in VLAN 20, configure the IP address 10.110.5.3/24 of GE 1/0/1.2 as the default gateway
address.
On PCs in VLAN 30, configure the IP address 10.110.4.3/24 of GE 2/0/0.1 as the default gateway
address.
On PCs in VLAN 40, configure the IP address 10.110.3.3/24 of GE 2/0/0.2 as the default gateway
address.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
305
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
After the configurations, PCs in VLANs 10, 20, 30, and 40 can ping each other successfully.
----End
Configuration Files
l
Configuration file of CE 1
#
sysname CE1
#
vlan batch 30 40
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type access
port default vlan 30
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type access
port default vlan 40
#
interface GigabitEthernet1/0/3
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 30 40
#
return
l
Configuration file of CE 2
#
sysname CE2
#
vlan batch 10 20
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type access
port default vlan 10
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type access
port default vlan 20
#
interface GigabitEthernet1/0/3
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 10 20
#
return
l
Configuration file of PE
#
sysname PE
#
interface GigabitEthernet1/0/1
undo shutdown
#
interface GigabitEthernet1/0/1.1
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
306
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
vlan-type dot1q 10
ip address 10.110.6.3 255.255.255.0
#
interface GigabitEthernet1/0/1.2
vlan-type dot1q 20
ip address 10.110.5.3 255.255.255.0
#
interface GigabitEthernet2/0/0
undo shutdown
#
interface GigabitEthernet2/0/0.1
vlan-type dot1q 30
ip address 10.110.4.3 255.255.255.0
#
interface GigabitEthernet2/0/0.2
vlan-type dot1q 40
ip address 10.110.3.3 255.255.255.0
#
return
4.12.3 Example for Configuring VLAN and Non-VLAN Users to
Communicate by Using Sub-interfaces
This example describes how to configure communication between VLAN users and non-VLAN
users.
Networking Requirements
Residents in a residential compound belong to different network segments. To simplify
management, the network administrator of the residential compound adds users to different
VLANs. Residents in another residential compound are not added to any VLAN. VLAN users
must be able to communicate with non-VLAN users.
On the network shown in Figure 4-18, users in residential compound 1 belong to different
VLANs and reside on different network segments; users in residential compound 2 do not belong
to any VLAN. It is required that users in VLAN 10 be able to communicate with users in
residential compound 2.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
307
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Figure 4-18 Networking diagram for configuring VLAN and non-VLAN users to communicate
by using sub-interfaces
GE1/0/1.1
10.110.2.5/24
PE
GE2/0/0
10.110.3.5/24
GE1/0/3
GE1/0/2
GE1/0/1
CE1
GE1/0/2
CE2
GE1/0/1
community1
community2
User1
User2
VLAN10
VLAN20
10.110.2.0/24 10.110.4.0/24
10.110.3.0/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create VLANs on switches and determine mappings between users and VLANs.
2.
Configure the trunk port on CE 1 to allow frames with certain VLAN IDs to pass through.
3.
Create a sub-interface on the interface connecting the router to VLAN users and associate
the sub-interface with VLAN 10.
4.
Assign IP addresses to interfaces for communication at the network layer.
l Assign an IP address to the sub-interface.
l Assign an IP address to the interface connecting the router to non-VLAN users.
NOTE
l The IP address assigned to the sub-interface connected to VLAN users must be on the same network
segment with IP addresses of VLAN users.
l The IP address assigned to the interface connected to non-VLAN users must be on the same network
segment with IP addresses of non-VLAN users.
l The default gateway addresses of PCs in VLAN 10 must be the IP address of the sub-interface.
Otherwise, VLAN and non-VLAN users cannot communicate with each other.
Data Preparation
To complete the configuration, you need the following data:
l
User VLAN ID
l
User IP address
l
Number of each port connecting a switch to a PC
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
308
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
l
Number of each port connecting a switch to the router
l
Number and IP address of each sub-interface on PE
4 VLAN Configuration
Procedure
Step 1 Create a VLAN on CE 1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 10
[CE1-vlan10] quit
[CE1] interface GigabitEthernet 1/0/1
[CE1-GigabitEthernet1/0/1] portswitch
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] port link-type access
[CE1-GigabitEthernet1/0/1] port default vlan 10
[CE1-GigabitEthernet1/0/1] quit
Step 2 Configure the trunk port on CE 1 to allow frames with certain VLAN IDs to pass through.
[CE1] interface GigabitEthernet 1/0/3
[CE1-GigabitEthernet1/0/3] portswitch
[CE1-GigabitEthernet1/0/3] undo shutdown
[CE1-GigabitEthernet1/0/3] port link-type trunk
[CE1-GigabitEthernet1/0/3] port trunk allow-pass vlan 10
[CE1-GigabitEthernet1/0/3] quit
Step 3 Create a sub-interface on PE and associate the sub-interface with VLAN 10.
<HUAWEI> system-view
[HUAWEI] sysname PE
[PE] interface gigabitethernet 1/0/1
[PE-GigabitEthernet1/0/1] undo shutdown
[PE-GigabitEthernet1/0/1] quit
[PE] interface gigabitethernet 1/0/1.1
[PE-GigabitEthernet1/0/1.1] vlan-type dot1q 10
Step 4 Configure IP addresses.
[PE-GigabitEthernet1/0/1.1] ip address 10.110.2.5 24
[PE-GigabitEthernet1/0/1.1] quit
[PE] interface gigabitethernet 2/0/0
[PE-GigabitEthernet2/0/0] undo shutdown
[PE-GigabitEthernet2/0/0] ip address 10.110.3.5 24
[PE-GigabitEthernet2/0/0] quit
Step 5 Verify the configuration.
On PCs in VLAN 10, configure the IP address 10.110.2.5/24 of GE 1/0/1.1 as the default gateway
address.
On CE 2, configure the IP address 10.110.3.5 of GE 2/0/0 as the default gateway address.
After the configurations, users in VLAN 10 and non-VLAN users can ping each other
successfully.
----End
Configuration Files
l
Configuration file of CE 1
#
sysname CE1
#
vlan batch 10
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
309
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type access
port default vlan 10
#
interface GigabitEthernet1/0/3
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 10
#
return
l
Configuration file of PE
#
sysname PE
#
interface GigabitEthernet1/0/1
undo shutdown
#
interface GigabitEthernet1/0/1.1
vlan-type dot1q 10
ip address 10.110.2.5 255.255.255.0
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.110.3.5 255.255.255.0
#
return
4.12.4 Example for Configuring Inter-VLAN Communication by
Using VLANIF Interfaces
In this example, Layer 3 forwarding is performed by a Layer 3 PE instead of a router. This allows
PCs in different VLANs to communicate with each other and reduces operating costs.
Networking Requirements
Users in different residential compounds in different network segments require various services
such as Internet, IPTV, and VoIP services. The network administrator of each residential
compound configures a VLAN for each service to simplify management. After the configuration,
users in different residential compounds belong to different VLANs, but they need to
communicate with each other for the same type of service.
On the network shown in Figure 4-19, users in residential compounds 1 to 4 belong to different
VLANs in different network segments but require the same online service. It is required that
these users communicate with each other at a low operating cost.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
310
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Figure 4-19 Networking diagram for configuring inter-VLAN communication by using
VLANIF interfaces
VLANIF30: 10.110.4.3/24
VALNIF40: 10.110.3.3/24
VLANIF10: 10.110.6.3/24
VALNIF20: 10.110.5.3/24
PE
GE1/0/1
GE1/0/3
GE1/0/1
GE1/0/2
GE1/0/3
CE1
CE2
GE1/0/2
GE1/0/1
community1
community2
community3
VLAN 30
10.110.4.0/24
VLAN 40
10.110.3.0/24
VLAN 10
10.110.6.0/24
GE1/0/2
community4
VLAN 20
10.110.5.0/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create VLANs on switches and determine mappings between users and VLANs.
2.
Configure trunk ports on switches to allow frames with certain VLAN IDs to pass through.
3.
Create VLANIF interfaces on the PE and assign IP addresses to the interfaces to allow
Layer 3 communication.
NOTE
The default gateway address of each PC in a VLAN must be the IP address of the corresponding VLANIF
interface. Otherwise, inter-VLAN communication will fail.
Data Preparation
To complete the configuration, you need the following data:
l
User VLAN ID
l
User IP address
l
Number of each port connecting a switch to a PC
l
Number of the ports interconnecting switches
l
Number and IP address of each VLANIF interface on the PE
Procedure
Step 1 Create VLANs on CE 1 and CE 2.
# Configure CE 1.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
311
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 30 40
[CE1] interface GigabitEthernet 1/0/1
[CE1-GigabitEthernet1/0/1] portswitch
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] port link-type access
[CE1-GigabitEthernet1/0/1] port default vlan 30
[CE1-GigabitEthernet1/0/1] quit
[CE1] interface GigabitEthernet 1/0/2
[CE1-GigabitEthernet1/0/2] portswitch
[CE1-GigabitEthernet1/0/2] undo shutdown
[CE1-GigabitEthernet1/0/2] port link-type access
[CE1-GigabitEthernet1/0/2] port default vlan 40
[CE1-GigabitEthernet1/0/2] quit
# Configure CE 2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 10 20
[CE2] interface GigabitEthernet 1/0/1
[CE2-GigabitEthernet1/0/1] portswitch
[CE2-GigabitEthernet1/0/1] undo shutdown
[CE2-GigabitEthernet1/0/1] port link-type access
[CE2-GigabitEthernet1/0/1] port default vlan 10
[CE2-GigabitEthernet1/0/1] quit
[CE2] interface GigabitEthernet 1/0/2
[CE2-GigabitEthernet1/0/2] portswitch
[CE2-GigabitEthernet1/0/2] undo shutdown
[CE2-GigabitEthernet1/0/2] port link-type access
[CE2-GigabitEthernet1/0/2] port default vlan 20
[CE2-GigabitEthernet1/0/2] quit
Step 2 Configure trunk ports on CE 1 and CE 2 to allow frames with certain VLAN IDs to pass through.
# Configure CE 1.
[CE1] interface GigabitEthernet 1/0/3
[CE1-GigabitEthernet1/0/3] portswitch
[CE1-GigabitEthernet1/0/3] undo shutdown
[CE1-GigabitEthernet1/0/3] port link-type trunk
[CE1-GigabitEthernet1/0/3] port trunk allow-pass vlan 30 40
[CE1-GigabitEthernet1/0/3] quit
# Configure CE 2.
[CE2] interface GigabitEthernet 1/0/3
[CE2-GigabitEthernet1/0/3] portswitch
[CE2-GigabitEthernet1/0/3] undo shutdown
[CE2-GigabitEthernet1/0/3] port link-type trunk
[CE2-GigabitEthernet1/0/3] port trunk allow-pass vlan 10 20
[CE2-GigabitEthernet1/0/3] quit
Step 3 Create VLANIF interfaces on PE and assign IP addresses to the VLANIF interfaces.
<HUAWEI> system-view
[HUAWEI] sysname PE
[PE] vlan batch 10 to 40
[PE] interface gigabitethernet 1/0/1
[PE-GigabitEthernet1/0/1] portswitch
[PE-GigabitEthernet1/0/1] undo shutdown
[PE-GigabitEthernet1/0/1] port link-type trunk
[PE-GigabitEthernet1/0/1] port trunk allow-pass vlan 30 40
[PE-GigabitEthernet1/0/1] quit
[PE] interface gigabitethernet 1/0/2
[PE-GigabitEthernet1/0/2] portswitch
[PE-GigabitEthernet1/0/2] undo shutdown
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
312
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
[PE-GigabitEthernet1/0/2] port link-type trunk
[PE-GigabitEthernet1/0/2] port trunk allow-pass vlan 10 20
[PE-GigabitEthernet1/0/2] quit
[PE] interface Vlanif 10
[PE-Vlanif10]ip address 10.110.6.3 24
[PE-Vlanif10]quit
[PE] interface Vlanif 20
[PE-Vlanif20]ip address 10.110.5.3 24
[PE-Vlanif20]quit
[PE] interface Vlanif 30
[PE-Vlanif30]ip address 10.110.4.3 24
[PE-Vlanif30]quit
[PE] interface Vlanif 40
[PE-Vlanif40]ip address 10.110.3.3 24
[PE-Vlanif40]quit
Step 4 Verify the configuration.
On PCs in VLAN 10, configure the IP address 10.110.6.3/24 of VLANIF 10 as the default
gateway address.
On PCs in VLAN 20, configure the IP address 10.110.5.3/24 of VLANIF 20 as the default
gateway address.
On PCs in VLAN 30, configure the IP address 10.110.4.3/24 of VLANIF 30 as the default
gateway address.
On PCs in VLAN 40, configure the IP address 10.110.3.3/24 of VLANIF 40 as the default
gateway address.
After the configurations, PCs in VLANs 10, 20, 30, and 40 can ping each other successfully.
----End
Configuration Files
l
Configuration file of CE 1
#
sysname CE1
#
vlan batch 30 40
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type access
port default vlan 30
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type access
port default vlan 40
#
interface GigabitEthernet1/0/3
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 30 40
#
return
l
Configuration file of CE 2
#
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
313
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
sysname CE2
#
vlan batch 10 20
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type access
port default vlan 10
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type access
port default vlan 20
#
interface GigabitEthernet1/0/3
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 10 20
#
return
l
Configuration file of PE
#
sysname PE
#
vlan batch 10 to 40
#
interface Vlanif10
ip address 10.110.6.3 255.255.255.0
#
interface Vlanif20
ip address 10.110.5.3 255.255.255.0
#
interface Vlanif30
ip address 10.110.4.3 255.255.255.0
#
interface Vlanif40
ip address 10.110.3.3 255.255.255.0
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 30 40
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 10 20
#
return
4.12.5 Example for Configuring 1 to 1 VLAN Mapping for InterVLAN Communication
1 to 1 VLAN mapping allows user VLAN IDs and the ISP VLAN ID to be replaced with each
other to help users in different VLANs to communicate with each other.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
314
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Networking Requirements
Users in different residential compounds use IPTV, VoIP, and Internet services. To simplify
management, the network administrator of each residential compound configures a separate
VLAN for each type of services. After the configuration, users using the same type of services
in different residential compounds belong to different VLANs, but they need to communicate
with each other.
On the network shown in Figure 4-20, the same type of services in residential compounds 1 and
2 belong to different VLANs. It is required that these users communicate with each other at a
low operating cost.
Figure 4-20 Networking diagram for configuring 1 to 1 VLAN mapping
PE1
GE1/0/1
ISP
VLAN10
CE1 GE1/0/3
GE1/0/1
GE1/0/2
GE1/0/3
GE1/0/1
Community1
VLAN6
172.16.0.2/16
172.16.0.1/16
172.16.0.3/16
PE2
GE1/0/1
CE2
GE1/0/2
Community2
VLAN5
172.16.0.6/16
172.16.0.5/16
172.16.0.7/16
Configuration Roadmap
The configuration roadmap is as follows:
1.
Add ports connecting switch 1 to residential compound 1 to VLAN 6. Add ports connecting
switch 2 to residential compound 2 to VLAN 5.
2.
Configure 1 to 1 VLAN mapping on switches 3 and 4 at the edge of the ISP network to
map user VLAN IDs to the ISP VLAN ID to allow users in different VLANs to
communicate with each other.
Data Preparation
To complete the configuration, you need the following data:
l
Number of each port connecting a switch to a user device
l
Number of the ports interconnecting switches
l
VLAN IDs configured on switches
l
VLAN ID provided by the ISP
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
315
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Procedure
Step 1 Add ports connecting switches to user devices to specified VLANs.
# Configure CE 1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan 6
[CE1-vlan6] quit
[CE1] interface GigabitEthernet 1/0/1
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] portswitch
[CE1-GigabitEthernet1/0/1] port link-type access
[CE1-GigabitEthernet1/0/1] port default vlan 6
[CE1-GigabitEthernet1/0/1] quit
[CE1] interface GigabitEthernet 1/0/2
[CE1-GigabitEthernet1/0/2] undo shutdown
[CE1-GigabitEthernet1/0/2] portswitch
[CE1-GigabitEthernet1/0/2] port link-type access
[CE1-GigabitEthernet1/0/2] port default vlan 6
[CE1-GigabitEthernet1/0/2] quit
[CE1] interface GigabitEthernet 1/0/3
[CE1-GigabitEthernet1/0/3] undo shutdown
[CE1-GigabitEthernet1/0/3] portswitch
[CE1-GigabitEthernet1/0/3] port link-type trunk
[CE1-GigabitEthernet1/0/3] port trunk allow-pass vlan 6
[CE1-GigabitEthernet1/0/3] quit
# Configure CE 2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan 5
[CE2-vlan5] quit
[CE2] interface GigabitEthernet 1/0/1
[CE2-GigabitEthernet1/0/1] undo shutdown
[CE2-GigabitEthernet1/0/1] portswitch
[CE2-GigabitEthernet1/0/1] port link-type access
[CE2-GigabitEthernet1/0/1] port default vlan 5
[CE2-GigabitEthernet1/0/1] quit
[CE2] interface GigabitEthernet 1/0/2
[CE2-GigabitEthernet1/0/2] undo shutdown
[CE2-GigabitEthernet1/0/2] portswitch
[CE2-GigabitEthernet1/0/2] port link-type access
[CE2-GigabitEthernet1/0/2] port default vlan 5
[CE2-GigabitEthernet1/0/2] quit
[CE2] interface GigabitEthernet 1/0/3
[CE2-GigabitEthernet1/0/3] undo shutdown
[CE2-GigabitEthernet1/0/3] portswitch
[CE2-GigabitEthernet1/0/3] port link-type trunk
[CE2-GigabitEthernet1/0/3] port trunk allow-pass vlan 5
[CE2-GigabitEthernet1/0/3] quit
Step 2 Configure 1 to 1 VLAN mapping.
# Configure PE 1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan 10
[PE1-vlan10] quit
[PE1] interface GigabitEthernet 1/0/1
[PE1-GigabitEthernet1/0/1] undo shutdown
[PE1-GigabitEthernet1/0/1] portswitch
[PE1-GigabitEthernet1/0/1] port vlan-mapping vlan 6 map-vlan 10
[PE1-GigabitEthernet1/0/1] quit
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
316
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
# Configure PE 2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] vlan 10
[PE2-vlan10] quit
[PE2] interface GigabitEthernet 1/0/1
[PE2-GigabitEthernet1/0/1] undo shutdown
[PE2-GigabitEthernet1/0/1] portswitch
[PE2-GigabitEthernet1/0/1] port vlan-mapping vlan 5 map-vlan 10
[PE2-GigabitEthernet1/0/1] quit
Step 3 Verify the configuration.
After completing the configurations, run the display vlan command to check information about
1 to 1 VLAN mapping. Use the display on PE 1 as an example.
[PE1] display vlan 10
* : management-vlan
--------------------VLAN ID Type
Status
MAC Learning Broadcast/Multicast/Unicast Property
-------------------------------------------------------------------------------10
common
enable
enable
forward
forward
forward default
---------------QinQ-map Port: GigabitEthernet1/0/1
---------------Interface
Physical
GigabitEthernet1/0/1
UP
Users in residential compounds 1 and 2 can communicate with each other.
----End
Configuration Files
l
Configuration file of CE 1
#
sysname CE1
#
vlan batch 6
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
port link-type access
port default vlan 6
#
interface GigabitEthernet1/0/2
undo shutdown
portswitch
port link-type access
port default vlan 6
#
interface GigabitEthernet1/0/3
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 6
#
return
l
Configuration file of CE 2
#
sysname CE2
#
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
317
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
vlan batch 5
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
port link-type access
port default vlan 5
#
interface GigabitEthernet1/0/2
undo shutdown
portswitch
port link-type access
port default vlan 5
#
interface GigabitEthernet1/0/3
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 5
#
return
l
Configuration file of PE 1
#
sysname PE1
#
vlan batch 10
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
port vlan-mapping vlan 6 map-vlan 10
#
return
l
Configuration file of PE 2
#
sysname PE2
#
vlan batch 10
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
port vlan-mapping vlan 5 map-vlan 10
#
return
4.12.6 Example for Configuring Communication Between VLANs
Through VLAN Aggregation
This part describes how to configure communication between VLANs with fewer IP addresses.
Networking Requirements
Assume that an enterprise has many departments and IP addresses of these departments are on
the same network segment, to improve the service security, IP addresses of PCs used by
employees in the same department are added to the same VLAN and IP addresses of PCs used
by employees in different departments are added to different VLANs. IP addresses of PCs used
by employees in different departments need to communicate with each other.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
318
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
As shown in Figure 4-21, IP addresses of the R&D department and test department belong to
different VLANs. It is required that IP addresses of PCs used by employees in different VLANs
communicate with each other.
Figure 4-21 Networking diagram of configuring communication between VLANs through
VLAN aggregation
PE
GE1/0/1
GE1/0/2
VLAN4
VLANIF4:
100.1.1.12/24
GE1/0/3
GE1/0/3
GE1/0/2 GE1/0/1
GE1/0/1
GE1/0/2
CE1
CE2
VLAN2
Development
Department
VLAN3
Test
Department
100.1.1.1/24
100.1.1.2/24
IP addresses of the R&D department and test department are on the same network segment. To
save IP address resources, you can deploy VLAN aggregation on devices of the R&D department
and test department. This ensures that different VLANs can communicate with each other.
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create VLAN on CE1 and CE2 to determine mappings between users and VLANs.
2.
Configure VLAN aggregation on PE.
Issue 02 (2014-09-30)
a.
Configure the Layer 2 forwarding function.
b.
Create a super-VLAN, and add sub-VLANs to the super-VLAN for VLAN
aggregation.
c.
Create the VLANIF interface of the super-VLAN and assign an IP address to the
VLANIF interface as the network gateway address.
d.
Enable ARP proxy on the VLANIF interface of the super-VLAN and between subVLANs so that sub-VLANs can communicate with each other on the Layer 3 network.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
319
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Data Preparation
To complete the configuration, you need the following data:
l
User VLAN ID
l
User IP address
l
Number of each port connecting a switch to a PC
l
Sub-VLAN ID and super-VLAN ID
l
Number and IP address of the VLANIF interface of the super-VLAN
Procedure
Step 1 Create a VLAN on CE and add Layer 2 interfaces to the VLAN.
# Configure CE 1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 2
[CE1] interface gigabitethernet 1/0/1
[CE1-GigabitEthernet1/0/1] portswitch
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] port link-type access
[CE1-GigabitEthernet1/0/1] port default vlan 2
[CE1-GigabitEthernet1/0/1] quit
[CE1] interface gigabitethernet 1/0/2
[CE1-GigabitEthernet1/0/2] portswitch
[CE1-GigabitEthernet1/0/2] undo shutdown
[CE1-GigabitEthernet1/0/2] port link-type access
[CE1-GigabitEthernet1/0/2] port default vlan 2
[CE1-GigabitEthernet1/0/2] quit
[CE1] interface gigabitethernet 1/0/3
[CE1-GigabitEthernet1/0/3] portswitch
[CE1-GigabitEthernet1/0/3] undo shutdown
[CE1-GigabitEthernet1/0/3] port link-type trunk
[CE1-GigabitEthernet1/0/3] port trunk allow-pass vlan 2
[CE1-GigabitEthernet1/0/3] quit
# Configure CE 2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 3
[CE2] interface gigabitethernet 1/0/1
[CE2-GigabitEthernet1/0/1] portswitch
[CE2-GigabitEthernet1/0/1] undo shutdown
[CE2-GigabitEthernet1/0/1] port link-type access
[CE2-GigabitEthernet1/0/1] port default vlan 3
[CE2-GigabitEthernet1/0/1] quit
[CE2] interface gigabitethernet 1/0/2
[CE2-GigabitEthernet1/0/2] portswitch
[CE2-GigabitEthernet1/0/2] undo shutdown
[CE2-GigabitEthernet1/0/2] port link-type access
[CE2-GigabitEthernet1/0/2] port default vlan 3
[CE2-GigabitEthernet1/0/2] quit
[CE2] interface gigabitethernet 1/0/3
[CE2-GigabitEthernet1/0/3] portswitch
[CE2-GigabitEthernet1/0/3] undo shutdown
[CE2-GigabitEthernet1/0/3] port link-type trunk
[CE2-GigabitEthernet1/0/3] port trunk allow-pass vlan 3
[CE2-GigabitEthernet1/0/3] quit
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
320
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Step 2 Configure VLAN aggregation on PE.
1.
Configure the Layer 2 forwarding function.
<HUAWEI> system-view
[HUAWEI] sysname PE
[PE] vlan batch 2 to 4
[PE] interface gigabitethernet 1/0/1
[PE-GigabitEthernet1/0/1] portswitch
[PE-GigabitEthernet1/0/1] undo shutdown
[PE-GigabitEthernet1/0/1] port link-type trunk
[PE-GigabitEthernet1/0/1] port trunk allow-pass vlan 2
[PE-GigabitEthernet1/0/1] quit
[PE] interface gigabitethernet 1/0/2
[PE-GigabitEthernet1/0/2] portswitch
[PE-GigabitEthernet1/0/2] undo shutdown
[PE-GigabitEthernet1/0/2] port link-type trunk
[PE-GigabitEthernet1/0/2] port trunk allow-pass vlan 3
[PE-GigabitEthernet1/0/2] quit
2.
Create a super-VLAN and add sub-VLANs to the super-VLAN.
[PE] vlan 4
[PE-vlan4] aggregate-vlan
[PE-vlan4] access-vlan 2 to 3
[PE-vlan4] quit
3.
Create a VLANIF interface for the super-VLAN and assign an IP address to the VLANIF
interface.
[PE] interface vlanif 4
[PE-Vlanif4] ip address 10.1.1.12 24
After the preceding configurations, you can configure IP addresses as shown in Figure
4-21 to PCs. IP address of PCs and the VLANIF interface are on the same network segment.
If the configuration succeeds, IP addresses of PCs used by employees in different VLANs
and the switch can ping each other; IP addresses of PCs used by employees in VLAN2 and
VLAN3 cannot ping each other.
4.
Enable ARP proxy on the VLANIF interface of the super-VLAN and between sub-VLANs.
# Enable ARP proxy on the VLANIF interface of the super-VLAN.
[PE-Vlanif4] arp-proxy enable
# Enable ARP proxy between sub-VLANs.
[PE-Vlanif4] arp-proxy inter-sub-vlan-proxy enable
[PE-Vlanif4] quit
Step 3 Verify the configuration.
After the configuration, IP addresses of PCs used by employees in VLAN2 and VLAN3 can
ping each other.
----End
Configuration Files
l
Configuration file of the CE1
#
sysname CE1
#
vlan batch 2
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
321
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
port link-type access
port default vlan 2
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type access
port default vlan 2
#
interface GigabitEthernet1/0/3
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 2
#
return
l
Configuration file of the CE2
#
sysname CE2
#
vlan batch 3
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type access
port default vlan 3
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type access
port default vlan 3
#
interface GigabitEthernet1/0/3
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 3
#
return
l
Configuration file of the PE
#
sysname PE
#
vlan batch 2 to 4
#
vlan 4
aggregate-vlan
access-vlan 2 to 3
#
interface Vlanif4
ip address 10.1.1.12 255.255.255.0
arp-proxy enable
arp-proxy inter-sub-vlan-proxy enable
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 2
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
322
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
port link-type trunk
port trunk allow-pass vlan 3
#
return
4.12.7 Example for Configuring VLAN+802.1p for L2VPN Access
(on a Common Sub-interface)
In the networking of this configuration example, VLAN+802.1p is configured on the subinterface at the attachment circuit (AC) side of PE1; the sub-interface is bound to different Virtual
Switching Instances (VSIs). Packets are transmitted through different VSIs based on the 802.1p
priorities of the packets. The following takes the scenario where a CSG accesses IP services as
an example.
Networking Requirements
On an ME network, VLAN IDs are used to identify various services or user packets before they
access various VSIs, Virtual Leased Lines (VLL), or Virtual Private Network (VPN) instances.
If multiple user packets or services share one VLAN ID, part of high-priority traffic over the
operators' network cannot be scheduled in time, which deteriorates users' experience.
On the network shown in Figure 4-22, various services are tagged with the same VLAN ID on
a CSG. After receiving these services, PE1 cannot identify them, resulting in a failure in traffic
distribution. To help resolve this problem, a VLAN matching policy needs to be configured on
PE1. PE1 maps a VLAN ID to a packet priority before distributing a packet to a specific pseudo
wire (PW), ensuring correct scheduling of packets.
NOTE
In this example, PE1 parses 802.1p values in the received packets for scheduling.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
323
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Figure 4-22 Networking diagram for VLAN+802.1p-based L2VPN access
Loopback1
2.2.2.9/32
CSG GE1/0/1.2
GE1/0/1.1
80
2.1
p=
3
PE2
PE1
VLAN 10
GE1/0/2
10.1.1.1/30
Database
GE1/0/2
10.1.1.2/30
GE1/0/3
10.2.1.2/30
2
p=
2.1
80
Loopback1
1.1.1.9/32
GE1/0/1.1
GE1/0/2
10.2.1.1/30
GE1/0/1.1
Internet
PE3
Loopback1
3.3.3.9/32
VLAN
PW
VLAN
Configuration Roadmap
NOTE
L2VPN includes VLL, Pseudo-Wire Emulation Edge to Edge (PWE3), and Virtual Private LAN Service
(VPLS). You can configure any one of them as required. The following takes the VPLS application as an
example.
The configuration roadmap is as follows:
1.
Configure basic VPLS functions.
a.
Run an Interior Gateway Protocol (IGP) to ensure intercommunication between
router on the backbone network.
b.
Configure basic Multiprotocol Label Switching (MPLS) functions on the backbone
network.
c.
Set up label switched paths (LSP) between PEs.
d.
Enable MPLS L2VPN on PEs.
e.
Create VSIs on PEs.
2.
Configure VLAN+802.1p.
3.
Bind AC interfaces to the VSIs.
4.
Configure the Layer 2 forwarding function on CSG.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
324
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Data Preparation
To complete the configuration, you need the following data:
l
IP addresses of interfaces
l
MPLS LSR IDs of PEs
l
VSI names and VSI IDs on PEs
l
Names of the interfaces bound to the VSIs
Procedure
Step 1 Configure basic VPLS functions.
# Set up a VPLS connection between PE1 and PE2, and between PE1 and PE3, with LDP being
the signaling protocol; configure the VSI names to be LDP1 and LDP2. You can refer to the
chapter "VPLS Configuration" in the NE80E/40E Configuration Guide - VPN or the
configuration files in this configuration example.
Step 2 Configure VLAN+802.1p.
# Configure PE1.
<PE1> system-view
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] vlan-type dot1q 10 8021p 3
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] vlan-type dot1q 10 8021p 2
[PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
<PE2> system-view
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] vlan-type dot1q 10
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE31.
<PE3> system-view
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] vlan-type dot1q 10
[PE3-GigabitEthernet1/0/1.1] quit
Step 3 Bind each sub-interface to a VSI.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] l2 binding vsi ldp1
[PE1-GigabitEthernet1/0/1.1] undo shutdown
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] l2 binding vsi ldp2
[PE1-GigabitEthernet1/0/1.2] undo shutdown
[PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] l2 binding vsi ldp1
[PE2-GigabitEthernet1/0/1.1] undo shutdown
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
325
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] l2 binding vsi ldp2
[PE3-GigabitEthernet1/0/1.1] undo shutdown
[PE3-GigabitEthernet1/0/1.1] quit
Step 4 Configure basic functions of the CSG.
For configuration details, see "Configuration Files" in this section. It is required that the CSG
support the following:
l Configures the 802.1p priorities of packets through commands.
l Differentiates service types (voice, data, or signal) based on timeslots in TDM or PVCs in
ATM in the case that the CSG accesses non-IP services.
NOTE
Packets sent from CSG to PE1 carry VLAN tags with different 802.1p priorities.
Step 5 Verify the configuration.
After the preceding configurations, run the display vsi name ldp1 verbose command on PEs,
and you can view that a PW to PE2 is set up for a VSI named ldp1 and the VSI is in the Up
state.
Take the command output on PE1 as an example.
[PE1] display vsi name ldp1 verbose
***VSI Name
Administrator VSI
Isolate Spoken
VSI Index
PW Signaling
Member Discovery Style
PW MAC Learn Style
Encapsulation Type
MTU
Diffserv Mode
Service Class
Color
DomainId
Domain Name
Ignore AcState
Create Time
VSI State
Resource Status
VSI ID
*Peer Router ID
VC Label
Peer Type
Session
Tunnel ID
Broadcast Tunnel ID
CKey
NKey
StpEnable
PwIndex
Interface Name
State
Last Up Time
Total Up Time
Issue 02 (2014-09-30)
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
ldp1
no
disable
1
ldp
static
unqualify
vlan
1500
uniform
--255
:
:
:
:
:
:
:
:
:
:
:
1
2.2.2.9
30720
dynamic
up
0x81000b
0x81000b
2
1
0
0
:
:
:
:
GigabitEthernet1/0/1.1
up
2009/09/01 16:10:40
0 days, 0 hours, 4 minutes, 47 seconds
disable
0 days, 0 hours, 24 minutes, 48 seconds
up
Valid
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
326
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
**PW Information:
*Peer Ip Address
PW State
Local VC Label
Remote VC Label
PW Type
Tunnel ID
Broadcast Tunnel ID
Ckey
Nkey
Main PW Token
Slave PW Token
Tnl Type
OutInterface
Stp Enable
Mac Flapping
PW Last Up Time
PW Total Up Time
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
2.2.2.9
up
30720
30720
label
0x81000b
0x81000b
0x2
0x1
0x81000b
0x0
LSP
GigabitEthernet1/0/2
0
0
2009/09/01 16:10:40
0 days, 0 hours, 11 minutes, 2 seconds
Run the display interface vlan command, and you can view the matching policy with the
specified VLAN ID on a main interface.
Take the command output on PE1 as an example.
[PE1] display interface gigabitethernet1/0/1 vlan 10
Interface
VlanPolicy
----------------------------------------------------------GE1/0/1.1
8021p 3
GE1/0/1.2
8021p 2
----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
----End
Configuration Files
l
Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 2.2.2.9
#
vsi ldp2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
#
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
#
interface GigabitEthernet1/0/1.1
undo shutdown
vlan-type dot1q 10 8021p 3
l2 binding vsi ldp1
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
327
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
#
interface GigabitEthernet1/0/1.2
undo shutdown
vlan-type dot1q 10 8021p 2
l2 binding vsi ldp2
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.2.1.2 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.2.1.0 0.0.0.3
#
return
l
Configuration file of PE2
#
sysname PE2
#
mpls lsr-id 2.2.2.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 1.1.1.9
#
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
#
interface GigabitEthernet1/0/1.1
undo shutdown
vlan-type dot1q 10
l2 binding vsi ldp1
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.3
#
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
328
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
return
l
Configuration file of PE3
#
sysname PE3
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi ldp2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.9
#
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
#
interface GigabitEthernet1/0/1.1
undo shutdown
vlan-type dot1q 10
l2 binding vsi ldp2
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.2.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.1.0 0.0.0.3
#
return
4.12.8 Example for Configuring VLAN+DSCP for L2VPN Access
(on a Common Sub-interface)
In the networking of this configuration example, VLAN+DSCP is configured on the subinterface at the AC side of PE1; the sub-interface is bound to different VPN instances. Packets
are transmitted through different virtual switching instances (VSIs) based on the DiffServ Code
Point (DSCP) values of the packets. The following takes the scenario where a CSG accesses IP
services as an example.
Networking Requirements
On an ME network, VLAN IDs are used to identify various services or user packets before they
access various VSIs, Virtual Leased Lines (VLL), or Virtual Private Network (VPN) instances.
If multiple user packets or services share one VLAN ID, part of high-priority traffic over the
operators' network cannot be scheduled in time, which deteriorates users' experience.
As show in Figure 4-23, various services are tagged with the same VLAN ID on a CSG. After
receiving these services, PE1 cannot identify them, resulting in a failure in traffic distribution.
To help resolve this problem, a VLAN matching policy needs to be configured on PE1. PE1
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
329
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
maps a VLAN ID to a packet priority before distributing a packet to a specific pseudo wire (PW),
ensuring correct scheduling of packets.
NOTE
In this example, PE1 parses DSCP values in the received packets for scheduling.
The DSCP is carried in each IP packet. For correct deployment of the VLAN+DSCP policy, you need to
ensure that the CSG accesses only IP services.
If the CSG accesses non-IP services, you have to configure GRE tunnels on the CSG so that encapsulated
packets can be transmitted over an IPv4 network.
Figure 4-23 Networking diagram for VLAN+DSCP-based L2VPN access
Loopback1
2.2.2.9/32
PE2
GE1/0/1.2
GE1/0/1.1
PE1
P=
2
VLAN 10
Database
GE1/0/2
10.1.1.2/30
GE1/0/3
10.2.1.2/30
C
DS
Loopback1
1.1.1.9/32
GE1/0/2
10.1.1.1/30
DS
CP
=3
CSG
GE1/0/1.1
GE1/0/2
Internet
10.2.1.1/30
GE1/0/1.1
PE3
Loopback1
3.3.3.9/32
VLAN
PW
VLAN
Configuration Roadmap
NOTE
L2VPN includes VLL, Pseudo-Wire Emulation Edge to Edge (PWE3), and Virtual Private LAN Service
(VPLS). You can configure any one of them as required. The following takes the VPLS application as an
example.
The configuration roadmap is as follows:
1.
Configure basic VPLS functions.
a.
Issue 02 (2014-09-30)
Run an Interior Gateway Protocol (IGP) to ensure intercommunication between
router on the backbone network.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
330
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
b.
Configure basic Multiprotocol Label Switching (MPLS) functions on the backbone
network.
c.
Set up label switched paths (LSP) between PEs.
d.
Enable MPLS L2VPN on PEs.
e.
Create VSIs on PEs.
2.
Configure VLAN+DSCP.
3.
Bind AC interfaces to the VSIs.
4.
Configure the Layer 2 forwarding function on CSG.
Data Preparation
To complete the configuration, you need the following data:
l
IP addresses of interfaces
l
MPLS LSR IDs of PEs
l
VSI names and VSI IDs on PEs
l
Names of the interfaces bound to the VSIs
Procedure
Step 1 Configure basic VPLS functions.
# Set up a VPLS connection between PE1 and PE2, and between PE1 and PE3, with LDP being
the signaling protocol; configure the VSI names to be LDP1 and LDP2. You can refer to the
chapter "VPLS Configuration" in the NE80E/40E Configuration Guide - VPN or the
configuration files in this configuration example.
Step 2 Configure VLAN+DSCP.
# Configure PE1.
<PE1> system-view
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] vlan-type dot1q 10 dscp 3
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] vlan-type dot1q 10 dscp 2
[PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
<PE2> system-view
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] vlan-type dot1q 10 dscp 3
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
<PE3> system-view
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] vlan-type dot1q 10 dscp 2
[PE3-GigabitEthernet1/0/1.1] quit
Step 3 Bind each sub-interface to a VSI.
# Configure PE1.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
331
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] l2 binding vsi ldp1
[PE1-GigabitEthernet1/0/1.1] undo shutdown
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] l2 binding vsi ldp2
[PE1-GigabitEthernet1/0/1.2] undo shutdown
[PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] l2 binding vsi ldp1
[PE2-GigabitEthernet1/0/1.1] undo shutdown
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] l2 binding vsi ldp2
[PE3-GigabitEthernet1/0/1.1] undo shutdown
[PE3-GigabitEthernet1/0/1.1] quit
Step 4 Configure basic functions of the CSG.
For configuration details, see "Configuration Files" in this section. It is required that the CSG
support the following:
l Configures the DSCP values of packets through commands.
l Differentiates service types (voice, data, or signal) based on timeslots in TDM or PVCs in
ATM in the case that the CSG accesses non-IP services.
NOTE
Packets sent from the CSG to PE1 carry VLAN tags with different DSCP values.
Step 5 Verify the configuration.
After the preceding configurations, run the display vsi name ldp1 verbose command on PEs,
and you can view that a PW to PE2 is set up for a VSI named ldp1 and the VSI is in the Up
state.
Take the command output on PE1 as an example.
[PE1] display vsi name ldp1 verbose
***VSI Name
Administrator VSI
Isolate Spoken
VSI Index
PW Signaling
Member Discovery Style
PW MAC Learn Style
Encapsulation Type
MTU
Diffserv Mode
Service Class
Color
DomainId
Domain Name
Ignore AcState
Create Time
VSI State
Resource Status
VSI ID
*Peer Router ID
Issue 02 (2014-09-30)
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
ldp1
no
disable
1
ldp
static
unqualify
vlan
1500
uniform
--255
disable
0 days, 0 hours, 24 minutes, 48 seconds
up
Valid
: 1
: 2.2.2.9
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
332
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
VC Label
Peer Type
Session
Tunnel ID
Broadcast Tunnel ID
CKey
NKey
StpEnable
PwIndex
:
:
:
:
:
:
:
:
:
30720
dynamic
up
0x81000b
0x81000b
2
1
0
0
Interface Name
State
Last Up Time
Total Up Time
:
:
:
:
GigabitEthernet1/0/1.1
up
2009/09/01 16:10:40
0 days, 0 hours, 4 minutes, 47 seconds
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
2.2.2.9
up
30720
30720
label
0x81000b
0x81000b
0x2
0x1
0x81000b
0x0
LSP
GigabitEthernet1/0/2
0
0
2009/09/01 16:10:40
0 days, 0 hours, 11 minutes, 2 seconds
**PW Information:
*Peer Ip Address
PW State
Local VC Label
Remote VC Label
PW Type
Tunnel ID
Broadcast Tunnel ID
Ckey
Nkey
Main PW Token
Slave PW Token
Tnl Type
OutInterface
Stp Enable
Mac Flapping
PW Last Up Time
PW Total Up Time
Run the display interface vlan command, and you can view the matching policy with the
specified VLAN ID on a main interface.
Take the command output on PE1 as an example.
[PE1] display interface gigabitethernet1/0/1 vlan 10
Sub-Interface VlanPolicy
----------------------------------------------------------GE1/0/1.1
dscp 3
GE1/0/1.2
dscp 2
----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
----End
Configuration Files
l
Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 2.3.4.9
#
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
333
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
vsi ldp2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
#
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
#
interface GigabitEthernet1/0/1.1
undo shutdown
vlan-type dot1q 10 dscp 3
l2 binding vsi ldp1
#
interface GigabitEthernet1/0/1.2
undo shutdown
vlan-type dot1q 10 dscp 2
l2 binding vsi ldp2
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.2.1.2 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.2.1.0 0.0.0.3
#
return
l
Configuration file of PE2
#
sysname PE2
#
mpls lsr-id 2.2.2.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 1.1.1.9
#
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
#
interface GigabitEthernet1/0/1.1
undo shutdown
vlan-type dot1q 10
l2 binding vsi ldp1
#
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
334
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.3
#
return
l
Configuration file of PE3
#
sysname PE3
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi ldp2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.9
#
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
#
interface GigabitEthernet1/0/1.1
undo shutdown
vlan-type dot1q 10
l2 binding vsi ldp2
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.2.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.1.0 0.0.0.3
#
return
4.12.9 Example for Configuring VLAN+EthType for L2VPN Access
(on a Common Sub-interface)
In the networking of this configuration example, VLAN+EthType is configured on the subinterface at the AC side of PE1; the sub-interface is bound to different virtual switching instances
(VSIs). In this manner, packets of different EthTypes enter different VSIs, and different services
can be transmitted through different VSIs.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
335
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Networking Requirements
On an ME network, VLAN IDs are used to identify various services or user packets before they
access various VSIs, Virtual Leased Lines (VLL), or Virtual Private Network (VPN) instances.
If multiple user packets or services share one VLAN ID, part of high-priority traffic over the
operators' network cannot be scheduled in time, which deteriorates users' experience.
On the network shown in Figure 4-24, various services are tagged with the same VLAN ID on
a switch. After receiving these services, PE1 cannot identify them, resulting in a failure in
distributing traffic. To help resolve this problem, a policy for mapping a VLAN ID to a priority
needs to be configured on PE1. PE1 maps a VLAN ID to the packet priority before distributing
the packet to a specific Pseudo Wire (PW), ensuring correct scheduling of packets.
Figure 4-24 Networking diagram of VLAN+EthType-based L2VPN access
Loopback1
2.2.2.9/32
PE2
GE1/0/2
10.1.1.1/30
PP
Po
E
Switch
GE1/0/1.2
GE1/0/1.1
PE1
GE1/0/2
10.1.1.2/30
GE1/0/3
10.2.1.2/30
E
VLAN 10
Video/BTV
VOD
Platform
Internet
GE1/0/2
10.2.1.1/30
GE1/0/1.1
I Po
Loopback1
1.1.1.9/32
GE1/0/1.1
PE3
Loopback1
3.3.3.9/32
VLAN
PW
VLAN
Configuration Roadmap
NOTE
L2VPN includes VLL, Pseudo-Wire Emulation Edge to Edge (PWE3), and Virtual Private LAN Service
(VPLS). You can configure any one of them as required. The following takes the VPLS application as an
example.
The configuration roadmap is as follows:
1.
Issue 02 (2014-09-30)
Configure basic VPLS functions.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
336
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
a.
Run an Interior Gateway Protocol (IGP) to ensure intercommunication between
router on the backbone network.
b.
Configure basic Multiprotocol Label Switching (MPLS) functions on the backbone
network.
c.
Set up label switched paths (LSP) between PEs.
d.
Enable MPLS L2VPN on PEs.
e.
Create VSIs on PEs.
2.
Configure VLAN+EthType.
3.
Bind AC interfaces to the VSIs.
4.
Configure the Layer 2 forwarding function on Switch.
Data Preparation
To complete the configuration, you need the following data:
l
IP addresses of interfaces
l
MPLS LSR IDs of PEs
l
VSI names and VSI IDs on PEs
l
Names of the interfaces bound to the VSIs
Procedure
Step 1 Configure basic VPLS functions.
# Set up a VPLS connection between PE1 and PE2, and between PE1 and PE3, with LDP being
the signaling protocol; configure the VSI names to be LDP1 and LDP2. You can refer to the
chapter "VPLS Configuration" in the NE80E/40E Configuration Guide - VPN or the
configuration files in this configuration example.
Step 2 Configure VLAN+EthType.
# Configure PE1.
<PE1> system-view
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] vlan-type dot1q 10 eth-type pppoe
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] vlan-type dot1q 10 default
[PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
<PE2> system-view
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] vlan-type dot1q 10
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
<PE3> system-view
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] vlan-type dot1q 10
[PE3-GigabitEthernet1/0/1.1] quit
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
337
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Step 3 Bind each sub-interface to a VSI.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] l2 binding vsi ldp1
[PE1-GigabitEthernet1/0/1.1] undo shutdown
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] l2 binding vsi ldp2
[PE1-GigabitEthernet1/0/1.2] undo shutdown
[PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] l2 binding vsi ldp1
[PE2-GigabitEthernet1/0/1.1] undo shutdown
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] l2 binding vsi ldp2
[PE3-GigabitEthernet1/0/1.1] undo shutdown
[PE3-GigabitEthernet1/0/1.1] quit
Step 4 Configure basic functions of Switch.
For detailed configuration of Switch, refer to the related configuration guide.
Step 5 Verify the configuration.
After the preceding configurations, run the display vsi name ldp1 verbose command on PEs,
and you can view that a PW to PE2 is set up for a VSI named ldp1 and the VSI is in the Up
state.
Take the command output on PE1 as an example.
[PE1] display vsi name ldp1 verbose
Issue 02 (2014-09-30)
***VSI Name
Administrator VSI
Isolate Spoken
VSI Index
PW Signaling
Member Discovery Style
PW MAC Learn Style
Encapsulation Type
MTU
Diffserv Mode
Service Class
Color
DomainId
Domain Name
Ignore AcState
Create Time
VSI State
Resource Status
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
ldp1
no
disable
1
ldp
static
unqualify
vlan
1500
uniform
--255
VSI ID
*Peer Router ID
VC Label
Peer Type
Session
Tunnel ID
Broadcast Tunnel ID
:
:
:
:
:
:
:
1
2.2.2.9
30720
dynamic
up
0x81000b
0x81000b
disable
0 days, 0 hours, 24 minutes, 48 seconds
up
Valid
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
338
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
CKey
NKey
StpEnable
PwIndex
:
:
:
:
2
1
0
0
Interface Name
State
Last Up Time
Total Up Time
:
:
:
:
GigabitEthernet1/0/1.1
up
2009/09/01 16:10:40
0 days, 0 hours, 4 minutes, 47 seconds
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
2.2.2.9
up
30720
30720
label
0x81000b
0x81000b
0x2
0x1
0x81000b
0x0
LSP
GigabitEthernet1/0/2
0
0
2009/09/01 16:10:40
0 days, 0 hours, 11 minutes, 2 seconds
**PW Information:
*Peer Ip Address
PW State
Local VC Label
Remote VC Label
PW Type
Tunnel ID
Broadcast Tunnel ID
Ckey
Nkey
Main PW Token
Slave PW Token
Tnl Type
OutInterface
Stp Enable
Mac Flapping
PW Last Up Time
PW Total Up Time
Run the display interface vlan command, and you can view the matching policy with the
specified VLAN ID on a main interface.
Take the command output on PE1 as an example.
[PE1] display interface gigabitethernet1/0/1 vlan 10
Sub-Interface VlanPolicy
----------------------------------------------------------GE1/0/1.1
eth-type pppoe
GE1/0/1.2
default
----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
----End
Configuration Files
l
Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 2.2.2.9
#
vsi ldp2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
#
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
339
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
#
interface GigabitEthernet1/0/1.1
undo shutdown
vlan-type dot1q 10 eth-type pppoe
l2 binding vsi ldp1
#
interface GigabitEthernet1/0/1.2
undo shutdown
vlan-type dot1q 10 default
l2 binding vsi ldp2
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.2.1.2 255.255.255.252
mpls
mpls ldp
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.2.1.0 0.0.0.3
#
return
l
Configuration file of PE2
#
sysname PE2
#
mpls lsr-id 2.2.2.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 1.1.1.9
#
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
#
interface GigabitEthernet1/0/1.1
undo shutdown
vlan-type dot1q 10 eth-type pppoe
l2 binding vsi ldp1
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.1 255.255.255.252
mpls
mpls ldp
#
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
340
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.3
#
return
l
Configuration file of PE3
#
sysname PE3
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi ldp2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.9
#
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
#
interface GigabitEthernet1/0/1.1
undo shutdown
vlan-type dot1q 10 default
l2 binding vsi ldp2
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.2.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.1.0 0.0.0.3
#
return
4.12.10 Example for Configuring VLAN+DSCP for L3VPN Access
(on a Common Sub-interface)
In the networking of this configuration example, VLAN+DSCP is configured on the subinterface at the attachment circuit (AC) side of PE1; the sub-interface is bound to different Virtual
Private Network (VPN) instances. In this manner, packets of different DiffServ Code Point
(DSCP) values enter different VPN instances, and different services can be transmitted through
different VPN instances. The following takes the scenario where a CSG accesses IP services as
an example.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
341
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Networking Requirements
On an ME network, VLAN IDs are used to identify various services or user packets before they
access various VSIs, Virtual Leased Lines (VLL), or Virtual Private Network (VPN) instances.
If multiple user packets or services share one VLAN ID, part of high-priority traffic over the
operators' network cannot be scheduled in time, which deteriorates users' experience.
As shown in Figure 4-25, different service packets are added with the same tag on the CSG.
Therefore, when PE1 receives packets, it cannot identify services based on tags, which affects
the traffic distribution. To address the problem, you can deploy a VLAN policy on PE1. PE1
distributes traffic to different VPN instances based on VLAN IDs and packet priorities. This
ensures that packets can be scheduled in time.
NOTE
In this example, PE1 parses DSCP values in the received packets for scheduling.
The DSCP is carried in each IP packet. For correct deployment of the VLAN+DSCP policy, you need to
ensure that the CSG accesses only IP services.
If the CSG accesses non-IP services, you have to configure GRE tunnels on the CSG so that encapsulated
packets can be transmitted over an IPv4 network.
Figure 4-25 Networking diagram for VLAN+DSCP-based L3VPN access
Loopback1
2.2.2.9/32
CSG
GE1/0/1.1
10.11.1.1/24
GE1/0/2
10.2.1.1/30
GE1/0/1
10.22.1.2/24
GE1/0/1.1
PE3
10.22.1.1/24
Loopback1
3.3.3.9/32
2
CE1
VLAN 10 AS65410
Issue 02 (2014-09-30)
P=
PE1
Loopback1
1.1.1.9/32
CE2
GE1/0/1.1
10.12.1.1/24
GE1/0/1
10.12.1.2/24
GE1/0/2
Database
10.1.1.1/30
AS65420
GE1/0/2
10.1.1.2/30
GE1/0/3
10.2.1.2/30
C
DS
GE1/0/1.2
10.21.1.2/24
GE1/0/1.1
10.11.1.2/24
GE1/0/1.2
10.21.1.1/24
DS
CP
=3
PE2
Internet
AS65421
CE3
L3VPN
AS100
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
342
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure basic Layer 3 virtual private network (L3VPN) functions.
a.
Run an Interior Gateway Protocol (IGP) to ensure intercommunication between
router on the backbone network.
b.
Configure basic Multiprotocol Label Switching (MPLS) functions and MPLS Label
Distribution Protocol (LDP), and set up MPLS label switched paths (LSPs) on the
backbone network.
c.
Set up LSPs between PEs.
d.
Create VPN instances on PEs.
2.
Configure VLAN+DSCP and bind AC interfaces to the VPN instances.
3.
Configure the basic Layer 2 forwarding function on CSG.
4.
Configure External Border Gateway Protocol (EBGP) on CEs and PEs to exchange VPN
routing information.
5.
Set up Multiprotocol Extensions for IBGP (MP-IBGP) peer relationships between PEs.
Data Preparation
To complete the configuration, you need the following data:
l
IP addresses of interfaces
l
Names of the VPN instances on PEs
l
RDs and VPN targets of the VPN instances
l
Interfaces bound to the VPN instances
Procedure
Step 1 Configure basic L3VPN functions.
1.
Configure the IP addresses of interfaces on CEs and PEs as described in Figure 4-26. You
can see the configuration files in this configuration example.
2.
Configure an IGP on the MPLS backbone network. In this example, OSPF is adopted as
an IGP.
You can see the configuration files in this configuration example.
After the preceding configurations, PE1 and PE2, and PE1 and PE3 have routes discovered
through OSPF to Loopback 1 of each other. PE1 and PE2, and PE1 and PE3 can ping
through each other.
<PE1> display ip routing-table
Routing Tables: Public
Destinations : 9
Destination/Mask
Proto
1.1.1.9/32 Direct
2.2.2.9/32 OSPF
GigabitEthernet1/0/2
3.3.3.9/32 OSPF
GigabitEthernet1/0/3
10.1.1.0/30 Direct
Issue 02 (2014-09-30)
Routes : 9
Pre
Cost
Flags NextHop
0
10
0
1
D
D
127.0.0.1
10.1.1.1
10
1
D
10.2.1.1
0
0
D
10.1.1.2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Interface
LoopBack1
343
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
GigabitEthernet1/0/2
10.1.1.2/32 Direct
GigabitEthernet1/0/2
10.2.1.0/30 Direct
GigabitEthernet1/0/3
10.2.1.2/32 Direct
GigabitEthernet1/0/3
127.0.0.0/8
Direct
127.0.0.1/32 Direct
4 VLAN Configuration
0
0
D
127.0.0.1
0
0
D
10.2.1.2
0
0
D
127.0.0.1
0
0
0
0
D
D
127.0.0.1
127.0.0.1
<PE1> ping 2.2.2.9
PING 2.2.2.9: 56 data bytes, press CTRL_C to break
Reply from 2.2.2.9: bytes=56 Sequence=1 ttl=255
Reply from 2.2.2.9: bytes=56 Sequence=2 ttl=255
Reply from 2.2.2.9: bytes=56 Sequence=3 ttl=255
Reply from 2.2.2.9: bytes=56 Sequence=4 ttl=255
Reply from 2.2.2.9: bytes=56 Sequence=5 ttl=255
InLoopBack0
InLoopBack0
time=120 ms
time=90 ms
time=90 ms
time=90 ms
time=90 ms
--- 2.2.2.9 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 90/96/120 ms
3.
Enable basic MPLS functions and LDP on the MPLS backbone network.
You can see the configuration files in this configuration example.
After the preceding configurations, MPLS LSPs are successfully created, and LDP sessions
are set up between PE1 and PE2 and between PE1 and PE3. Run the display mpls ldp
session command, and you can view that the Status field is displayed as Operational.
<PE1> display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
-----------------------------------------------------------------------------PeerID
Status
LAM SsnRole SsnAge
KASent/Rcv
-----------------------------------------------------------------------------2.2.2.9:0
Operational DU
Passive 0000:00:00 3/3
3.3.3.9:0
Operational DU
Passive 0000:00:00 2/2
-----------------------------------------------------------------------------TOTAL: 2 session(s) Found.
4.
Configure VPN instances.
# Configure PE1.
<PE1> system-view
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1-af-ipv4] vpn-target 100:1 both
[PE1-vpn-instance-vpn1-af-ipv4] quit
[PE1] ip vpn-instance vpn2
[PE1-vpn-instance-vpn2] route-distinguisher 100:2
[PE1-vpn-instance-vpn2-af-ipv4] vpn-target 100:2 both
[PE1-vpn-instance-vpn2-af-ipv4] quit
# Configure PE2.
<PE2> system-view
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
[PE2-vpn-instance-vpn1-af-ipv4] vpn-target 100:1 both
[PE2-vpn-instance-vpn1-af-ipv4] quit
# Configure PE3.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
344
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
<PE3> system-view
[PE3] ip vpn-instance vpn2
[PE3-vpn-instance-vpn2] route-distinguisher 100:2
[PE3-vpn-instance-vpn2-af-ipv4] vpn-target 100:2 both
[PE3-vpn-instance-vpn2-af-ipv4] quit
Step 2 Configure VLAN+DSCP, and bind common sub-interfaces to the VPN instances.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] vlan-type dot1q 10 dscp
[PE1-GigabitEthernet1/0/1.1] ip binding vpn-instance
[PE1-GigabitEthernet1/0/1.1] ip address 10.11.1.1 24
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] vlan-type dot1q 10 dscp
[PE1-GigabitEthernet1/0/1.2] ip binding vpn-instance
[PE1-GigabitEthernet1/0/1.2] ip address 10.21.1.1 24
[PE1-GigabitEthernet1/0/1.2] quit
3
vpn1
2
vpn2
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] vlan-type dot1q 10
[PE2-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1
[PE2-GigabitEthernet1/0/1.1] ip address 10.12.1.1 24
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] vlan-type dot1q 10
[PE3-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn2
[PE3-GigabitEthernet1/0/1.1] ip address 10.22.1.1 24
[PE3-GigabitEthernet1/0/1.1] quit
After the preceding configurations, run the display ip vpn-instance verbose command on PEs,
and you can view the configurations of the VPN instances.
Take the command output on PE1 as an example.
[PE1] display ip vpn-instance verbose
Total VPN-Instances configured : 2
Total IPv4 VPN-Instances configured : 2
Total IPv6 VPN-Instances configured : 0
VPN-Instance Name and ID : vpn1, 1
Address family ipv4
Create date : 2009/09/01 17:22:49
Up time : 0 days, 00 hours, 11 minutes and 46 seconds
Route Distinguisher : 100:1
Export VPN Targets : 100:1
Import VPN Targets : 100:1
Label Policy : label per route
The diffserv-mode Information is : uniform
The ttl-mode Information is : pipe
Log Interval : 5
Interfaces : GigabitEthernet1/0/1.1
VPN-Instance Name and ID : vpn2, 2
Address family ipv4
Create date : 2009/09/01 17:27:07
Up time : 0 days, 00 hours, 07 minutes and 28 seconds
Route Distinguisher : 100:2
Export VPN Targets : 100:2
Import VPN Targets : 100:2
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
345
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Label Policy : label per route
The diffserv-mode Information is : uniform
The ttl-mode Information is : pipe
Log Interval : 5
Interfaces : GigabitEthernet1/0/1.2
Step 3 Configure basic functions of the CSG.
For configuration details, see "Configuration Files" in this section. It is required that the CSG
support the following:
l Configures the DSCP values of packets through commands.
l Differentiates service types (voice, data, or signal) based on timeslots in TDM or PVCs in
ATM in the case that the CSG accesses non-IP services.
NOTE
Packets sent from the CSG to PE1 carry VLAN tags with different DSCP values.
Step 4 Set up EBGP peer relationships between the PEs and the CEs to import VPN routes.
You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the NE80E/40E
Configuration Guide - VPN or the configuration files in this configuration example.
Step 5 Set up MP-IBGP peer relationships between the PEs.
You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the NE80E/40E
Configuration Guide - VPN or the configuration files in this configuration example.
Step 6 Verify the configuration.
After the preceding configurations, run the display bgp peer command on the PEs, and you can
view that BGP peer relationships between PEs have been established and are in the Established
state.
Take the command output on PE1 as an example.
[PE1] display bgp peer
BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 2
Peer
V
AS
2.2.2.9
3.3.3.9
4
4
100
100
Peers in established state : 2
MsgRcvd
10
6
MsgSent
OutQ
15
11
0
0
Up/Down
State
00:04:53
00:01:06
Established
Established
PrefRcv
0
2
Run the display ip routing-table vpn-instance command on PEs, and you can view the routes
to remote CEs.
Take the command output on PE1 as an example.
[PE1] display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: vpn1
Destinations : 3
Routes : 3
Destination/Mask
Proto
Pre
10.11.1.0/24
Direct 0
GigabitEthernet1/0/1.1
10.11.1.1/32
Direct 0
GigabitEthernet1/0/1.1
10.12.1.0/24
IBGP
255
Issue 02 (2014-09-30)
Cost
Flags NextHop
0
D
10.11.1.1
0
D
127.0.0.1
0
RD
2.2.2.9
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Interface
GigabitEthernet1/0/2
346
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
[PE1] display ip routing-table vpn-instance vpn2
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: vpn1
Destinations : 3
Routes : 3
Destination/Mask
Proto
Pre
10.21.1.0/24
Direct 0
GigabitEthernet1/0/1.2
10.21.1.1/32
Direct 0
10.22.1.0/24
IBGP
255
Cost
Flags NextHop
0
D
10.21.1.1
0
0
D
RD
127.0.0.1
3.3.3.9
Interface
InLoopBack0
GigabitEthernet1/0/3
Run the display interface vlan command, and you can view the matching policy configured on
sub-interfaces in VLAN 10.
Take the command output on PE1 as an example.
[PE1] display interface gigabitethernet1/0/1 vlan 10
Interface
VlanPolicy
----------------------------------------------------------GE1/0/1.2
dscp 2
GE1/0/1.1
dscp 3
----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
----End
Configuration Files
l
Configuration file of PE1
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
ip vpn-instance vpn2
route-distinguisher 100:2
vpn-target 100:2 export-extcommunity
vpn-target 100:2 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface GigabitEthernet1/0/1.1
vlan-type dot1q 10 dscp 3
ip binding vpn-instance vpn1
ip address 10.11.1.1 255.255.255.0
#
interface GigabitEthernet1/0/1.2
vlan-type dot1q 10 dscp 2
ip binding vpn-instance vpn2
ip address 10.21.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.2 255.255.255.252
mpls
mpls ldp
#
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
347
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.2.1.2 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 10.11.1.2 as-number 65410
#
ipv4-family vpn-instance vpn2
import-route direct
peer 10.21.1.2 as-number 65410
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.2.1.0 0.0.0.3
#
return
l
Configuration file of PE2
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
mpls lsr-id 2.2.2.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface GigabitEthernet1/0/1.1
vlan-type dot1q 10
ip binding vpn-instance vpn1
ip address 10.12.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.1 255.255.255.252
mpls
mpls ldp
#
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
348
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 10.12.1.2 as-number 65420
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.3
#
return
l
Configuration file of PE3
#
sysname PE3
#
ip vpn-instance vpn2
route-distinguisher 100:2
vpn-target 100:2 export-extcommunity
vpn-target 100:2 import-extcommunity
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface GigabitEthernet1/0/1.1
vlan-type dot1q 10
ip binding vpn-instance vpn2
ip address 10.22.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.2.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpn1
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
349
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
import-route direct
peer 10.22.1.2 as-number 65421
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.1.0 0.0.0.3
#
return
l
Configuration file of CE1
#
sysname CE1
#
interface GigabitEthernet1/0/1.1
undo shutdown
ip address 10.11.1.2 255.255.255.0
bgp 65410
peer 10.11.1.1 as-number 100
#
interface GigabitEthernet1/0/2.1
undo shutdown
ip address 10.21.1.2 255.255.255.0
#
bgp 65410
peer 10.21.1.1 as-number 100
ipv4-family unicast
undo synchronization
import-route direct
peer 10.11.1.1 enable
peer 10.21.1.1 enable
#
return
l
Configuration file of CE2
#
sysname CE2
#
interface GigabitEthernet1/0/1.1
undo shutdown
ip address 10.12.1.2 255.255.255.0
#
bgp 65420
peer 10.12.1.1 as-number 100
ipv4-family unicast
undo synchronization
import-route direct
peer 10.12.1.1 enable
#
return
l
Configuration file of CE3
#
sysname CE3
#
interface GigabitEthernet1/0/1.1
undo shutdown
ip address 10.22.1.2 255.255.255.0
#
bgp 65421
peer 10.22.1.1 as-number 100
ipv4-family unicast
undo synchronization
import-route direct
peer 10.22.1.1 enable
#
return
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
350
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
4.12.11 Example for Configuring VLAN+802.1p for L3VPN Access
(on a Common Sub-interface)
In the networking of this configuration example, VLAN+802.1p is configured on the subinterface at the attachment circuit (AC) side of a PE; the sub-interfaces are bound to different
virtual private network (VPN) instances. Packets are transmitted through different VPN
instances based on the 802.1p priorities of the packets. The following takes the scenario where
a CSG accesses IP services as an example.
Networking Requirements
On an ME network, VLAN IDs are used to identify various services or user packets before they
access various VSIs, Virtual Leased Lines (VLL), or Virtual Private Network (VPN) instances.
If multiple user packets or services share one VLAN ID, part of high-priority traffic over the
operators' network cannot be scheduled in time, which deteriorates users' experience.
As shown in Figure 4-26, different service packets are added with the same tag on the CSG.
Therefore, when PE1 receives packets, it cannot identify services based on tags, which affects
the traffic distribution. To address the problem, you can deploy a VLAN policy on PE1. PE1
distributes traffic to different VPN instances based on VLAN IDs and packet priorities. This
ensures that packets can be scheduled in time.
NOTE
In this example, PE1 parses 802.1p values in the received packets for scheduling.
Figure 4-26 Networking diagram of VLAN+802.1p-based L3VPN access
Loopback1
2.2.2.9/32
CSG
GE1/0/1.2
10.21.1.1/24
80
2.1
Loopback1
1.1.1.9/32
p=
3
PE2
GE1/0/1.1
10.11.1.1/24 PE1
CE1
VLAN 10
Issue 02 (2014-09-30)
AS65410
GE1/0/2
10.1.1.2/30
GE1/0/3
10.2.1.2/30
2
p=
2.1
80
GE1/0/1.1 GE1/0/1.2
10.11.1.2/24 10.21.1.2/24
CE2
GE1/0/1.1
10.12.1.1/24
GE1/0/1
GE1/0/2 10.12.1.2/24 Database
10.1.1.1/30
AS65420
Internet
GE1/0/2
10.2.1.1/30 GE1/0/1 AS65421
10.22.1.2/24
GE1/0/1.1
PE3
10.22.1.1/24 CE3
Loopback1
3.3.3.9/32
L3VPN
AS100
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
351
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure basic Layer 3 virtual private network (L3VPN) functions.
a.
Run an Interior Gateway Protocol (IGP) to ensure intercommunication between
router on the backbone network.
b.
Configure basic Multiprotocol Label Switching (MPLS) functions and MPLS Label
Distribution Protocol (LDP), and set up MPLS label switched paths (LSPs) on the
backbone network.
c.
Set up LSPs between PEs.
d.
Create VPN instances on PEs.
2.
Configure VLAN+802.1p and bind AC interfaces to the VPN instances.
3.
Configure the basic Layer 2 forwarding function on CSG.
4.
Configure External Border Gateway Protocol (EBGP) on CEs and PEs to exchange VPN
routing information.
5.
Set up Multiprotocol Extensions for IBGP (MP-IBGP) peer relationships between PEs.
Data Preparation
To complete the configuration, you need the following data:
l
IP addresses of interfaces
l
Names of the VPN instances on PEs
l
RDs and VPN targets of the VPN instances
l
Interfaces bound to the VPN instances
Procedure
Step 1 Configure basic L3VPN functions.
1.
Configure the IP addresses of interfaces on CEs and PEs as described in Figure 4-26. You
can see the configuration files in this configuration example.
2.
Configure an IGP on the MPLS backbone network. In this example, OSPF is adopted as
an IGP.
You can see the configuration files in this configuration example.
After the preceding configurations, PE1 and PE2, and PE1 and PE3 have routes discovered
through OSPF to Loopback 1 of each other. PE1 and PE2, and PE1 and PE3 can ping
through each other.
<PE1> display ip routing-table
Routing Tables: Public
Destinations : 9
Destination/Mask
Proto
Pre
1.1.1.9/32 Direct 0
2.2.2.9/32 OSPF
10
GigabitEthernet1/0/2
Issue 02 (2014-09-30)
Routes : 9
Cost
0
1
Flags NextHop
D
D
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
127.0.0.1
10.1.1.1
Interface
LoopBack1
352
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
3.3.3.9/32 OSPF
GigabitEthernet1/0/3
10.1.1.0/30 Direct
GigabitEthernet1/0/2
10.1.1.2/32 Direct
GigabitEthernet1/0/2
10.2.1.0/30 Direct
GigabitEthernet1/0/3
10.2.1.2/32 Direct
GigabitEthernet1/0/3
127.0.0.0/8
Direct
127.0.0.1/32 Direct
4 VLAN Configuration
10
1
D
10.2.1.1
0
0
D
10.1.1.2
0
0
D
127.0.0.1
0
0
D
10.2.1.2
0
0
D
127.0.0.1
0
0
0
0
D
D
127.0.0.1
127.0.0.1
<PE1> ping 2.2.2.9
PING 2.2.2.9: 56 data bytes, press CTRL_C to break
Reply from 2.2.2.9: bytes=56 Sequence=1 ttl=255
Reply from 2.2.2.9: bytes=56 Sequence=2 ttl=255
Reply from 2.2.2.9: bytes=56 Sequence=3 ttl=255
Reply from 2.2.2.9: bytes=56 Sequence=4 ttl=255
Reply from 2.2.2.9: bytes=56 Sequence=5 ttl=255
InLoopBack0
InLoopBack0
time=120 ms
time=90 ms
time=90 ms
time=90 ms
time=90 ms
--- 2.2.2.9 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 90/96/120 ms
3.
Enable basic MPLS functions and LDP on the MPLS backbone network.
You can see the configuration files in this configuration example.
After the preceding configurations, MPLS LSPs are successfully created, and LDP sessions
are set up between PE1 and PE2 and between PE1 and PE3. Run the display mpls ldp
session command, and you can view that the Status field is displayed as Operational.
<PE1> display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
-----------------------------------------------------------------------------PeerID
Status
LAM SsnRole SsnAge
KASent/Rcv
-----------------------------------------------------------------------------2.2.2.9:0
Operational DU
Passive 0000:00:00 3/3
3.3.3.9:0
Operational DU
Passive 0000:00:00 2/2
-----------------------------------------------------------------------------TOTAL: 2 session(s) Found.
4.
Configure VPN instances.
# Configure PE1.
<PE1> system-view
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1-af-ipv4] vpn-target 100:1 both
[PE1-vpn-instance-vpn1-af-ipv4] quit
[PE1] ip vpn-instance vpn2
[PE1-vpn-instance-vpn2] route-distinguisher 100:2
[PE1-vpn-instance-vpn2-af-ipv4] vpn-target 100:2 both
[PE1-vpn-instance-vpn2-af-ipv4] quit
# Configure PE2.
<PE2> system-view
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
353
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
[PE2-vpn-instance-vpn1-af-ipv4] vpn-target 100:1 both
[PE2-vpn-instance-vpn1-af-ipv4] quit
# Configure PE3.
<PE3> system-view
[PE3] ip vpn-instance vpn2
[PE3-vpn-instance-vpn2] route-distinguisher 100:2
[PE3-vpn-instance-vpn2-af-ipv4] vpn-target 100:2 both
[PE3-vpn-instance-vpn2-af-ipv4] quit
Step 2 Configure VLAN+802.1p, and bind common sub-interfaces to the VPN instances.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] vlan-type dot1q 10 8021p 3
[PE1-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1
[PE1-GigabitEthernet1/0/1.1] ip address 10.11.1.1 24
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] vlan-type dot1q 10 8021p 2
[PE1-GigabitEthernet1/0/1.2] ip binding vpn-instance vpn2
[PE1-GigabitEthernet1/0/1.2] ip address 10.21.1.1 24
[PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] vlan-type dot1q 10
[PE2-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1
[PE2-GigabitEthernet1/0/1.1] ip address 10.12.1.1 24
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] vlan-type dot1q 10
[PE3-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn2
[PE3-GigabitEthernet1/0/1.1] ip address 10.22.1.1 24
[PE3-GigabitEthernet1/0/1.1] quit
After the preceding configurations, run the display ip vpn-instance verbose command on PEs,
and you can view the configurations of the VPN instances.
Take the command output on PE1 as an example.
[PE1] display ip vpn-instance verbose
Total VPN-Instances configured : 2
Total IPv4 VPN-Instances configured : 2
Total IPv6 VPN-Instances configured : 0
VPN-Instance Name and ID : vpn1, 1
Address family ipv4
Create date : 2009/09/01 17:22:49
Up time : 0 days, 00 hours, 11 minutes and 46 seconds
Route Distinguisher : 100:1
Export VPN Targets : 100:1
Import VPN Targets : 100:1
Label Policy : label per route
The diffserv-mode Information is : uniform
The ttl-mode Information is : pipe
Log Interval : 5
Interfaces : GigabitEthernet1/0/1.1
VPN-Instance Name and ID : vpn2, 2
Address family ipv4
Create date : 2009/09/01 17:27:07
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
354
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Up time : 0 days, 00 hours, 07 minutes and 28 seconds
Route Distinguisher : 100:2
Export VPN Targets : 200:2
Import VPN Targets : 200:2
Label Policy : label per route
The diffserv-mode Information is : uniform
The ttl-mode Information is : pipe
Log Interval : 5
Interfaces : GigabitEthernet1/0/1.2
Step 3 Configure basic functions of the CSG.
For configuration details, see "Configuration Files" in this section. It is required that the CSG
support the following:
l Configures the 802.1p priorities of packets through commands.
l Differentiates service types (voice, data, or signal) based on timeslots in TDM or PVCs in
ATM in the case that the CSG accesses non-IP services.
NOTE
Packets sent from CSG to PE1 carry VLAN tags with different 802.1p priorities.
Step 4 Set up EBGP peer relationships between the PEs and the CEs to import VPN routes.
You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the NE80E/40E
Configuration Guide - VPN or the configuration files in this configuration example.
Step 5 Set up MP-IBGP peer relationships between the PEs.
You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the NE80E/40E
Configuration Guide - VPN or the configuration files in this configuration example.
Step 6 Verify the configuration.
After the preceding configurations, run the display bgp peer command on the PEs, and you can
view that BGP peer relationships between PEs have been established and are in the Established
state.
Take the command output on PE1 as an example.
[PE1] display bgp peer
BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 2
Peer
V
AS
2.2.2.9
3.3.3.9
4
4
100
100
Peers in established state : 2
MsgRcvd
10
6
MsgSent
OutQ
15
11
0
0
Up/Down
State
00:04:53
00:01:06
Established
Established
PrefRcv
0
2
Run the display ip routing-table vpn-instance command on PEs, and you can view the routes
to remote CEs.
Take the command output on PE1 as an example.
[PE1] display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: vpn1
Destinations : 3
Routes : 3
Destination/Mask
10.11.1.0/24
Issue 02 (2014-09-30)
Proto
Pre
Direct 0
Cost
Flags NextHop
0
D
Interface
10.11.1.1
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
355
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
GigabitEthernet1/0/1.1
10.11.1.1/32
Direct 0
0
D
127.0.0.1
GigabitEthernet1/0/1.1
10.12.1.0/24
IBGP
255 0
RD
2.2.2.9
GigabitEthernet1/0/2
[PE1] display ip routing-table vpn-instance vpn2
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: vpn1
Destinations : 3
Routes : 3
Destination/Mask
Proto
Pre
10.21.1.0/24
Direct 0
GigabitEthernet1/0/1.2
10.21.1.1/32
Direct 0
10.22.1.0/24
IBGP
255
Cost
Flags NextHop
0
D
10.21.1.1
0
0
D
RD
127.0.0.1
3.3.3.9
Interface
InLoopBack0
GigabitEthernet1/0/3
Run the display interface vlan command, and you can view the matching policy configured on
sub-interfaces in VLAN 10.
Take the command output on PE1 as an example.
[PE1] display interface gigabitethernet1/0/1 vlan 10
Interface
VlanPolicy
----------------------------------------------------------GE1/0/1.2
8021p 2
GE1/0/1.1
8021p 3
----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
----End
Configuration Files
l
Configuration file of PE1
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
ip vpn-instance vpn2
route-distinguisher 100:2
vpn-target 100:2 export-extcommunity
vpn-target 100:2 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface GigabitEthernet1/0/1.1
vlan-type dot1q 10 8021p 3
ip binding vpn-instance vpn1
ip address 10.11.1.1 255.255.255.0
#
interface GigabitEthernet1/0/1.2
vlan-type dot1q 10 8021p 2
ip binding vpn-instance vpn2
ip address 10.21.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
undo shutdown
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
356
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
ip address 10.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.2.1.2 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 10.11.1.2 as-number 65410
#
ipv4-family vpn-instance vpn2
import-route direct
peer 10.21.1.2 as-number 65410
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.2.1.0 0.0.0.3
#
return
l
Configuration file of PE2
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
mpls lsr-id 2.2.2.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface GigabitEthernet1/0/1.1
vlan-type dot1q 10
ip binding vpn-instance vpn1
ip address 10.12.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
357
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
undo shutdown
ip address 10.1.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 10.12.1.2 as-number 65420
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.3
#
return
l
Configuration file of PE3
#
sysname PE3
#
ip vpn-instance vpn2
route-distinguisher 100:2
vpn-target 100:2 export-extcommunity
vpn-target 100:2 import-extcommunity
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface GigabitEthernet1/0/1.1
vlan-type dot1q 10
ip binding vpn-instance vpn2
ip address 10.22.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.2.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
358
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpn2
import-route direct
peer 10.22.1.2 as-number 65421
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.1.0 0.0.0.3
#
return
l
Configuration file of CE1
#
sysname CE1
#
interface GigabitEthernet1/0/1.1
undo shutdown
ip address 10.11.1.2 255.255.255.0
bgp 65410
peer 10.11.1.1 as-number 100
#
interface GigabitEthernet1/0/2.1
undo shutdown
ip address 10.21.1.2 255.255.255.0
bgp 65410
peer 10.21.1.1 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.11.1.1 enable
peer 10.21.1.1 enable
#
return
l
Configuration file of CE2
#
sysname CE2
#
interface GigabitEthernet1/0/1.1
undo shutdown
ip address 10.12.1.2 255.255.255.0
bgp 65420
peer 10.12.1.1 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.12.1.1 enable
#
return
l
Configuration file of CE3
#
sysname CE2
#
interface GigabitEthernet1/0/1.1
undo shutdown
ip address 10.22.1.2 255.255.255.0
bgp 65421
peer 10.22.1.1 as-number 100
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
359
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.22.1.1 enable
#
return
4.12.12 Example for Configuring Untagged+DSCP for L3VPN
Access
In the networking of this configuration example, PE1 receives untagged packets with different
DiffServ Code Point (DSCP) values; untagged+DSCP is configured on the sub-interface at the
attachment circuit (AC) side of PE1; the sub-interface is bound to different Virtual Private
Network (VP) instances. Packets are transmitted through different VPN instances based on the
DSCP values of the packets. The following takes the scenario where a CSG accesses IP services
as an example.
Networking Requirements
On an ME network, VLAN IDs are used to identify various services or user packets before them
access to various VSIs, VLLs, or VPN instances. If multiple user packets or services are not
tagged, part of high-priority traffic over the operator's network cannot be scheduled in time,
which deteriorates users' experience.
On the network shown in Figure 4-27, a CSG forwards untagged packets. After receiving these
packets, PE1 cannot identify them, resulting in a failure in distributing packets. To help resolve
this problem, a DSCP-based policy needs to be configured on PE1. PE1 distributes packets to
specific VPN instances based on priorities, ensuring correct scheduling of packets.
NOTE
In this example, PE1 parses DSCP values in the received packets for scheduling.
The DSCP is carried in each IP packet. For correct deployment of the VLAN+DSCP policy, you need to
ensure that the CSG accesses only IP services.
If the CSG accesses non-IP services, you have to configure GRE tunnels on the CSG so that encapsulated
packets can be transmitted over an IPv4 network.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
360
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Figure 4-27 Networking diagram for untagged+DSCP-based L3VPN access
Loopback1
2.2.2.9/32
GE1/0/1.1
10.12.1.1/24
CSG
GE1/0/1.2
10.21.1.1/24
GE1/0/1.1
10.11.1.1/24
DS
CP
=3
PE2
GE1/0/1
GE1/0/2 10.12.1.2/24
Database
10.1.1.1/30
AS65420
GE1/0/2
10.1.1.2/30
GE1/0/3
10.2.1.2/30
untagged+
DSCP
C
DS
AS65410
2
CE1
Internet
GE1/0/2
10.2.1.1/30 GE1/0/1 AS65421
10.22.1.2/24
GE1/0/1.1
PE3
10.22.1.1/24
CE3
Loopback1
3.3.3.9/32
P=
PE1
Loopback1
1.1.1.9/32
GE1/0/1.1 GE1/0/1.2
10.11.1.2/24 10.21.1.2/24
CE2
L3VPN
AS100
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure basic Layer 3 virtual private network (L3VPN) functions.
a.
Run an Interior Gateway Protocol (IGP) to ensure intercommunication between
router on the backbone network.
b.
Configure basic Multiprotocol Label Switching (MPLS) functions and MPLS Label
Distribution Protocol (LDP), and set up MPLS label switched paths (LSPs) on the
backbone network.
c.
Set up LSPs between PEs.
d.
Create VPN instances on PEs.
2.
Configure untagged+DSCP and bind AC interfaces to the VPN instances.
3.
Configure the basic Layer 2 forwarding function on CSG.
4.
Configure External Border Gateway Protocol (EBGP) on CEs and PEs to exchange VPN
routing information.
5.
Set up Multiprotocol Extensions for IBGP (MP-IBGP) peer relationships between PEs.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
361
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Data Preparation
To complete the configuration, you need the following data:
l
IP addresses of interfaces
l
Names of the VPN instances on PEs
l
RDs and VPN targets of the VPN instances
l
Interfaces bound to the VPN instances
Procedure
Step 1 Configure basic L3VPN functions.
1.
Configure the IP addresses of interfaces on CEs and PEs as described in Figure 4-26. You
can see the configuration files in this configuration example.
2.
Configure an IGP on the MPLS backbone network. In this example, OSPF is adopted as
an IGP.
You can see the configuration files in this configuration example.
After the preceding configurations, PE1 and PE2, and PE1 and PE3 have routes discovered
through OSPF to Loopback 1 of each other. PE1 and PE2, and PE1 and PE3 can ping
through each other.
<PE1> display ip routing-table
Routing Tables: Public
Destinations : 9
Destination/Mask
Proto
1.1.1.9/32 Direct
2.2.2.9/32 OSPF
GigabitEthernet1/0/2
3.3.3.9/32 OSPF
GigabitEthernet1/0/3
10.1.1.0/30 Direct
GigabitEthernet1/0/2
10.1.1.2/32 Direct
GigabitEthernet1/0/2
10.2.1.0/30 Direct
GigabitEthernet1/0/3
10.2.1.2/32 Direct
GigabitEthernet1/0/3
127.0.0.0/8
Direct
127.0.0.1/32 Direct
Routes : 9
Pre
Cost
Flags NextHop
0
10
0
1
D
D
127.0.0.1
10.1.1.1
10
1
D
10.2.1.1
0
0
D
10.1.1.2
0
0
D
127.0.0.1
0
0
D
10.2.1.2
0
0
D
127.0.0.1
0
0
0
0
D
D
127.0.0.1
127.0.0.1
<PE1> ping 2.2.2.9
PING 2.2.2.9: 56 data bytes, press CTRL_C to break
Reply from 2.2.2.9: bytes=56 Sequence=1 ttl=255
Reply from 2.2.2.9: bytes=56 Sequence=2 ttl=255
Reply from 2.2.2.9: bytes=56 Sequence=3 ttl=255
Reply from 2.2.2.9: bytes=56 Sequence=4 ttl=255
Reply from 2.2.2.9: bytes=56 Sequence=5 ttl=255
Interface
LoopBack1
InLoopBack0
InLoopBack0
time=120 ms
time=90 ms
time=90 ms
time=90 ms
time=90 ms
--- 2.2.2.9 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 90/96/120 ms
3.
Enable basic MPLS functions and LDP on the MPLS backbone network.
You can see the configuration files in this configuration example.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
362
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
After the preceding configurations, MPLS LSPs are successfully created, and LDP sessions
are set up between PE1 and PE2 and between PE1 and PE3. Run the display mpls ldp
session command, and you can view that the Status field is displayed as Operational.
<PE1> display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
-----------------------------------------------------------------------------PeerID
Status
LAM SsnRole SsnAge
KASent/Rcv
-----------------------------------------------------------------------------2.2.2.9:0
Operational DU
Passive 0000:00:00 3/3
3.3.3.9:0
Operational DU
Passive 0000:00:00 2/2
-----------------------------------------------------------------------------TOTAL: 2 session(s) Found.
4.
Configure VPN instances.
# Configure PE1.
<PE1> system-view
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1-af-ipv4] vpn-target 100:1 both
[PE1-vpn-instance-vpn1-af-ipv4] quit
[PE1] ip vpn-instance vpn2
[PE1-vpn-instance-vpn2] route-distinguisher 100:2
[PE1-vpn-instance-vpn2-af-ipv4] vpn-target 100:2 both
[PE1-vpn-instance-vpn2-af-ipv4] quit
# Configure PE2.
<PE2> system-view
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
[PE2-vpn-instance-vpn1-af-ipv4] vpn-target 100:1 both
[PE2-vpn-instance-vpn1-af-ipv4] quit
# Configure PE3.
<PE3> system-view
[PE3] ip vpn-instance vpn2
[PE3-vpn-instance-vpn2] route-distinguisher 100:2
[PE3-vpn-instance-vpn2-af-ipv4] vpn-target 100:2 both
[PE3-vpn-instance-vpn2-af-ipv4] quit
Step 2 Configure untagged+DSCP, and bind sub-interfaces to the VPN instances.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] untagged dscp 3
[PE1-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1
[PE1-GigabitEthernet1/0/1.1] ip address 10.11.1.1 24
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] untagged dscp 2
[PE1-GigabitEthernet1/0/1.2] ip binding vpn-instance vpn2
[PE1-GigabitEthernet1/0/1.2] ip address 10.21.1.1 24
[PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1
[PE2-GigabitEthernet1/0/1.1] ip address 10.12.1.1 24
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
363
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn2
[PE3-GigabitEthernet1/0/1.1] ip address 10.22.1.1 24
[PE3-GigabitEthernet1/0/1.1] quit
After the preceding configurations, run the display ip vpn-instance verbose command on PEs,
and you can view the configurations of the VPN instances.
Take the command output on PE1 as an example.
[PE1] display ip vpn-instance verbose
Total VPN-Instances configured : 2
Total IPv4 VPN-Instances configured : 2
Total IPv6 VPN-Instances configured : 0
VPN-Instance Name and ID : vpn1, 1
Address family ipv4
Create date : 2009/09/01 17:22:49
Up time : 0 days, 00 hours, 11 minutes and 46 seconds
Route Distinguisher : 100:1
Export VPN Targets : 100:1
Import VPN Targets : 100:1
Label Policy : label per route
The diffserv-mode Information is : uniform
The ttl-mode Information is : pipe
Log Interval : 5
Interfaces : GigabitEthernet1/0/1.1
VPN-Instance Name and ID : vpn2, 2
Address family ipv4
Create date : 2009/09/01 17:27:07
Up time : 0 days, 00 hours, 07 minutes and 28 seconds
Route Distinguisher : 100:2
Export VPN Targets : 200:2
Import VPN Targets : 200:2
Label Policy : label per route
The diffserv-mode Information is : uniform
The ttl-mode Information is : pipe
Log Interval : 5
Interfaces : GigabitEthernet1/0/1.2
Step 3 Configure basic functions of the CSG.
For configuration details, see "Configuration Files" in this section. It is required that the CSG
support the following:
l Configures the DSCP values of packets through commands.
l Differentiates service types (voice, data, or signal) based on timeslots in TDM or PVCs in
ATM in the case that the CSG accesses non-IP services.
Step 4 Set up EBGP peer relationships between the PEs and the CEs to import VPN routes.
You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the NE80E/40E
Configuration Guide - VPN or the configuration files in this configuration example.
Step 5 Set up MP-IBGP peer relationships between the PEs.
You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the NE80E/40E
Configuration Guide - VPN or the configuration files in this configuration example.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
364
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Step 6 Verify the configuration.
After the preceding configurations, run the display bgp peer command on the PEs, and you can
view that BGP peer relationships between PEs have been established and are in the Established
state.
Take the command output on PE1 as an example.
[PE1] display bgp peer
BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 2
Peer
V
AS
2.2.2.9
3.3.3.9
4
4
100
100
Peers in established state : 2
MsgRcvd
10
6
MsgSent
OutQ
Up/Down
State
0
0
00:04:53
00:01:06
Established
Established
15
11
PrefRcv
0
2
Run the display ip routing-table vpn-instance command on PEs, and you can view the routes
to remote CEs.
Take the command output on PE1 as an example.
[PE1] display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: vpn1
Destinations : 3
Routes : 3
Destination/Mask
Proto
Pre
Cost
Flags NextHop
Interface
10.11.1.0/24
Direct 0
0
D
10.11.1.1
GigabitEthernet1/0/1.1
10.11.1.1/32
Direct 0
0
D
127.0.0.1
GigabitEthernet1/0/1.1
10.12.1.0/24
IBGP
255 0
RD
2.2.2.9
GigabitEthernet1/0/2
[PE1] display ip routing-table vpn-instance vpn2
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: vpn1
Destinations : 3
Routes : 3
Destination/Mask
Proto
Pre
10.21.1.0/24
Direct 0
GigabitEthernet1/0/1.2
10.21.1.1/32
Direct 0
10.22.1.0/24
IBGP
255
Cost
Flags NextHop
0
D
10.21.1.1
0
0
D
RD
127.0.0.1
3.3.3.9
Interface
InLoopBack0
GigabitEthernet1/0/3
Run the display interface vlan command, and you can view the matching policy on a main
interface.
Take the command output on PE1 as an example.
[PE1] display interface GigabitEthernet1/0/1 vlan untagged
Interface
VlanPolicy
----------------------------------------------------------GE1/0/1.2
dscp 2
GE1/0/1.1
dscp 3
----------------------------------------------------------Interface:GE1/0/1 VLAN ID: UNTAGGED Sub-Interface num: 2
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
365
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Configuration Files
l
Configuration file of PE1
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
ip vpn-instance vpn2
route-distinguisher 100:2
vpn-target 100:2 export-extcommunity
vpn-target 100:2 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface GigabitEthernet1/0/1.1
untagged dscp 3
ip binding vpn-instance vpn1
ip address 10.11.1.1 255.255.255.0
#
interface GigabitEthernet1/0/1.2
untagged dscp 2
ip binding vpn-instance vpn2
ip address 10.21.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.2.1.2 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 10.11.1.2 as-number 65410
#
ipv4-family vpn-instance vpn2
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
366
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
import-route direct
peer 10.21.1.2 as-number 65410
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.2.1.0 0.0.0.3
#
return
l
Configuration file of PE2
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
mpls lsr-id 2.2.2.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface GigabitEthernet1/0/1.1
ip binding vpn-instance vpn1
ip address 10.12.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 10.12.1.2 as-number 65420
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.3
#
return
l
Configuration file of PE3
#
sysname PE3
#
ip vpn-instance vpn2
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
367
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
route-distinguisher 100:2
vpn-target 100:2 export-extcommunity
vpn-target 100:2 import-extcommunity
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface GigabitEthernet1/0/1.1
ip binding vpn-instance vpn2
ip address 10.22.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.2.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 10.22.1.2 as-number 65421
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.1.0 0.0.0.3
#
return
l
Configuration file of CE1
#
sysname CE1
#
interface GigabitEthernet1/0/1.1
undo shutdown
ip address 10.11.1.2 255.255.255.0
#
bgp 65410
peer 10.11.1.1 as-number 100
#
interface GigabitEthernet1/0/2.1
undo shutdown
ip address 10.21.1.2 255.255.255.0
bgp 65410
peer 10.21.1.1 as-number 100
ipv4-family unicast
undo synchronization
import-route direct
peer 10.11.1.1 enable
peer 10.21.1.1 enable
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
368
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
#
return
l
Configuration file of CE2
#
sysname CE2
#
interface GigabitEthernet1/0/1.1
undo shutdown
ip address 10.12.1.2 255.255.255.0
#
bgp 65420
peer 10.12.1.1 as-number 100
ipv4-family unicast
undo synchronization
import-route direct
peer 10.12.1.1 enable
#
return
l
Configuration file of CE3
#
sysname CE3
#
interface GigabitEthernet1/0/1.1
undo shutdown
ip address 10.22.1.2 255.255.255.0
#
bgp 65421
peer 10.22.1.1 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.22.1.1 enable
#
return
4.12.13 Example for Configuring Interface Isolation in a VLAN
After interface isolation in a VLAN is configured, isolated interfaces cannot communicate with
each other in the VLAN.
Networking Requirements
As shown in Figure 4-28, the VLAN10 is configured on the router. GE1/0/0 and Host A are
connected through switch, and GE2/0/0 and Host B are connected through switch.
Requirements: Host A and Host B cannot be connected directly in a VLAN. The traffic from
Host A to Host B must pass through layer 3 route, which is convenient for statistics.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
369
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Figure 4-28 Networking diagram of configuring interface isolation in a VLAN
Router
GE1/0/0
HostA
GE2/0/0
VLAN10
HostB
Configuration Roadmap
The configuration roadmap is as follows:
1.
Switch the routed interfaces to the layer 2 interfaces.
2.
Add the routed interfaces into the corresponding VLANs.
3.
Configure the isolated interfaces of GE1/0/0 and GE2/0/0.
4.
Enable the ARP proxy in a VLAN.
5.
Add the switch interfaces into the same VLAN.
Data Preparation
To complete the configuration, you need the following data
l
GE1/0/0 and GE2/0/0 that belongs to VLAN10
l
The IP address 10.1.1.1/24 of VLANIF 10
Procedure
Step 1 Configuring interface isolation in a VLAN.
# Create VLAN10.
<HUAWEI> system-view
[HUAWEI] vlan 10
[HUAWEI-vlan10] quit
# Add the interface into VLAN10, and configure the interface isolation.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 1/0/0
[HUAWEI-GigabitEthernet1/0/0] portswitch
[HUAWEI-GigabitEthernet1/0/0] port default vlan 10
[HUAWEI-GigabitEthernet1/0/0] port isolate-state enable vlan 10
[HUAWEI-GigabitEthernet1/0/0] quit
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
370
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
[HUAWEI] interface gigabitethernet 2/0/0
[HUAWEI-GigabitEthernet2/0/0] portswitch
[HUAWEI-GigabitEthernet2/0/0] port default vlan 10
[HUAWEI-GigabitEthernet2/0/0] port isolate-state enable vlan 10
[HUAWEI-GigabitEthernet2/0/0] quit
After the configuration, Host A and Host B cannot ping through each other.
Step 2 Enable the ARP proxy in a VLAN.
# Create the VLANIF interface.
<HUAWEI> system-view
[HUAWEI] interface vlanif 10
[HUAWEI-vlanif10] ip address 10.1.1.1 24
# Enable the ARP proxy in a VLAN.
[HUAWEI-vlanif10] arp-proxy inner-sub-vlan-proxy enable
Step 3 Verify the configuration.
When the configuration is complete, Host A and Host B can ping through each other.
----End
Configuration Files
Configuration file of router
#
sysname HUAWEI
#
vlan 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
arp-proxy inner-sub-vlan-proxy enable
#
interface GigabitEthernet1/0/0
undo shutdown
portswitch
port default vlan 10
port isolate-state enable vlan 10
#
interface GigabitEthernet2/0/0
undo shutdown
portswitch
port default vlan 10
port isolate-state enable vlan 10
#
return
4.12.14 Example for Configuring the Isolation Based on Interface
Groups in a VLAN
After interface group isolation in a VLAN is configured, interfaces that belong to different groups
in a VLAN cannot communication with each other, but interfaces in the same isolation group
can communication with each other.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
371
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Networking Requirements
NOTE
The interface group isolation in a VLAN is not supported in NE80E/40E-X1 and NE80E/40E-X2.
As shown in Figure 4-29, VLAN 10 is created on the router. GE 1/0/0 is connected to host A
through switch; GE 2/0/0 is connected to host B through switch; GE 2/0/1 is connected to host
C through switch; GE 1/0/1 is connected to host D through switch; GE 3/0/0 is connected to host
E through switch.
The requirements are as follows:
l
host A can communicate with host B and host C can communicate with host D.
l
host A and host B cannot communicate with host C and host D.
l
host E can communicate with the hosts in VLAN 10.
Figure 4-29 Networking diagram of configuring the isolation based on interface groups in a
VLAN
Router
GE1/0/1
GE2/0/1
GE1/0/0
GE2/0/0
GE3/0/0
hostA
hostB
hostE
hostC
hostD
VLAN10
Configuration Roadmap
The configuration roadmap is as follows:
1.
Switch the interfaces of the router to be Layer 2 interfaces.
2.
Add the interfaces of the router to different isolated interface groups.
3.
Add the interfaces that cannot communicate with each other to different isolated interface
groups.
4.
Add the switch interfaces into the same VLAN.
Data Preparation
To complete the configuration, you need the following data:
l
Issue 02 (2014-09-30)
GE 1/0/0, GE 2/0/0, GE 2/0/1, GE 1/0/1, and GE 3/0/0 that belong to VLAN 10
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
372
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
l
GE 1/0/0 and GE 2/0/0 that belong to the isolated group 1
l
GE 2/0/1 and GE 1/0/1 that belong to the isolated group 2
Procedure
Step 1 Create an interface-based VLAN 10.
# Create VLAN 10.
<HUAWEI> system-view
[HUAWEI] vlan 10
[HUAWEI-vlan10] quit
# Add interfaces to VLAN 10.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 1/0/0
[HUAWEI-GigabitEthernet1/0/0] portswitch
[HUAWEI-GigabitEthernet1/0/0] port default
[HUAWEI-GigabitEthernet1/0/0] quit
[HUAWEI] interface gigabitethernet 2/0/0
[HUAWEI-GigabitEthernet2/0/0] portswitch
[HUAWEI-GigabitEthernet2/0/0] port default
[HUAWEI-GigabitEthernet2/0/0] quit
[HUAWEI] interface gigabitethernet 2/0/1
[HUAWEI-GigabitEthernet2/0/1] portswitch
[HUAWEI-GigabitEthernet2/0/1] port default
[HUAWEI-GigabitEthernet2/0/1] quit
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] portswitch
[HUAWEI-GigabitEthernet1/0/1] port default
[HUAWEI-GigabitEthernet1/0/1] quit
[HUAWEI] interface gigabitethernet 3/0/0
[HUAWEI-GigabitEthernet3/0/0] portswitch
[HUAWEI-GigabitEthernet3/0/0] port default
[HUAWEI-GigabitEthernet3/0/0] quit
vlan 10
vlan 10
vlan 10
vlan 10
vlan 10
Step 2 Add the interfaces to the isolated group.
# Add GE 1/0/0 and GE 2/0/0 to the isolated group 1.
[HUAWEI] interface gigabitethernet 1/0/0
[HUAWEI-GigabitEthernet1/0/0] port-isolation group 1
[HUAWEI-GigabitEthernet1/0/0] quit
[HUAWEI] interface gigabitethernet 2/0/0
[HUAWEI-GigabitEthernet2/0/0] port-isolation group 1
[HUAWEI-GigabitEthernet2/0/0] quit
# Add GE 2/0/1 and GE 1/0/1 to the isolated group 2.
[HUAWEI] interface gigabitethernet 2/0/1
[HUAWEI-GigabitEthernet2/0/1] port-isolation group 2
[HUAWEI-GigabitEthernet2/0/1] quit
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] port-isolation group 2
[HUAWEI-GigabitEthernet1/0/1] quit
Step 3 Verify the configuration.
After the configuration, you can run the display port-isolation group command to view the
configuration of the isolated group.
[HUAWEI] display port-isolation group brief
Port islation group 1
GigabitEthernet1/0/0
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
373
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
GigabitEthernet2/0/0
port islation group 1 has 2 ports
Port islation group 2
GigabitEthernet2/0/1
GigabitEthernet1/0/1
port islation group 1 has 2 ports
After the configuration, host E can communicate with other hosts. host A cannot communicate
with host C and host D. host B cannot communicate with host C and host D.
----End
Configuration Files
The configuration file of the router is as follows:
#
sysname HUAWEI
#
vlan 10
#
interface GigabitEthernet1/0/0
undo shutdown
portswitch
port default vlan 10
port-isolation group 1
#
interface GigabitEthernet2/0/0
undo shutdown
portswitch
port default vlan 10
port-isolation group 1
#
interface GigabitEthernet2/0/1
undo shutdown
portswitch
port default vlan 10
port-isolation group 2
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
port default vlan 10
port-isolation group 2
#
interface GigabitEthernet3/0/0
undo shutdown
portswitch
port default vlan 10
#
return
4.12.15 Example for Configuring Ethernet Loop Detection for a
VLAN
After Ethernet loop detection for a VLAN is configured, the NE80E/40E can block a
corresponding interface when detecting a loop, therefore preventing broadcast storms on the
network.
Networking Requirements
As shown in Figure 4-30, CE1 accesses PE1 and PE2 in the carrier network through redundant
links. Interfaces on PE1 and PE2 belong to the same VLAN. The two interfaces that connect
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
374
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
CE1 to PE1 and PE2 also belong to the same VLAN. It is required that Ethernet loop detection
be configured for the VLAN on the PE devices and interfaces on PE2 be blocked first when a
loop occurs.
Figure 4-30 Networking diagram of configuring Ethernet loop detection for a VLAN
PE2
PE1
GE2/0/0
GE1/0/0
GE1/0/0
GE2/0/0
CE1
GE1/0/0
GE2/0/0
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a VLAN on the PE and CE devices to ensure interworking between them.
2.
Configure Ethernet loop detection for the VLAN.
3.
Configure the block priority for each interface in the VLAN.
Data Preparation
To complete the configuration, you need the following data:
l
ID of the VLAN
l
Times of loopback, interval of the detection time, cycle of the detection interval, time for
blocking a loop, and retry times for blocking a port permanently
l
Block priority of each interface
Procedure
Step 1 Create a VLAN on the PE and CE devices to ensure Layer 2 interworking.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan 100
[PE1-vlan100] quit
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] portswitch
[PE1-GigabitEthernet1/0/0] port link-type access
[PE1-GigabitEthernet1/0/0] port default vlan 100
[PE1-GigabitEthernet1/0/0] undo shutdown
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
375
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
[PE1-GigabitEthernet1/0/0] quit
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] portswitch
[PE1-GigabitEthernet2/0/0] port link-type trunk
[PE1-GigabitEthernet2/0/0] port trunk allow-pass vlan 100
[PE1-GigabitEthernet2/0/0] undo shutdown
[PE1-GigabitEthernet2/0/0] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] vlan 100
[PE2-vlan100] quit
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] portswitch
[PE2-GigabitEthernet1/0/0] port link-type trunk
[PE2-GigabitEthernet1/0/0] port trunk allow-pass vlan 100
[PE2-GigabitEthernet1/0/0] undo shutdown
[PE2-GigabitEthernet1/0/0] quit
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] portswitch
[PE2-GigabitEthernet2/0/0] port link-type access
[PE2-GigabitEthernet2/0/0] port default vlan 100
[PE2-GigabitEthernet2/0/0] undo shutdown
[PE2-GigabitEthernet2/0/0] quit
# Configure CE1.
CE1 is a switch and interfaces on CE1 default to Layer 2 interfaces. In this example, you can
configure GE 1/0/0 and GE 2/0/0 on CE1 as access interfaces and add them to VLAN 100.
Step 2 Configure Ethernet loop detection for the VLAN and set the block priority of each interface.
# Configure PE1.
[PE1] vlan 100
[PE1-vlan100] loop-detect eth-loop loop-times 10 detect-cycle 10 cycles 3 retrytimes 3 block-time 100
[PE1-vlan100] quit
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] loop-detect eth-loop priority 1
[PE1-GigabitEthernet1/0/0] quit
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] loop-detect eth-loop priority 2
[PE1-GigabitEthernet2/0/0] quit
# Configure PE2.
[PE2] vlan 100
[PE2-vlan100] loop-detect eth-loop loop-times 10 detect-cycle 10 cycles 1 retrytimes 3 block-time 100
[PE2-vlan100] quit
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] loop-detect eth-loop priority 2
[PE2-GigabitEthernet1/0/0] quit
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] loop-detect eth-loop priority 1
[PE2-GigabitEthernet2/0/0] quit
Step 3 Verify the configuration.
After the preceding configuration, run the display loop-detect eth-loop command on PE
devices. You can view the parameters of Ethernet loop detection for VLAN 100.
[PE1] display loop-detect eth-loop vlan 100
VLAN/VSI
LTimes D-Cycle Cycles Retry
Issue 02 (2014-09-30)
Action
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
376
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
----------------------------------------------------------------------VLAN 100
10
10
3
3
Block 100s
Total Items = 1
Blocked Port:
--------------VLAN/VSI
Block Port
Link-Block Port
Detect MAC
-----------------------------------------------------------------------------[PE2] display loop-detect eth-loop vlan 100
VLAN/VSI
LTimes D-Cycle Cycles Retry
Action
----------------------------------------------------------------------VLAN 100
10
10
1
3
Block 100s
Total Items = 1
Blocked Port:
--------------VLAN/VSI
Block Port
Link-Block Port
Detect MAC
-----------------------------------------------------------------------------1
GE2/0/0
At this time, cycles is set to 3 on PE1 and set to 1 on PE2. In this case, when a loop occurs in
VLAN 100, interfaces on PE2 are blocked first. On PE2, the priority of GE 2/0/0 is lower than
that of GE 1/0/0. Therefore, GE 2/0/0 is blocked first.
----End
Configuration Files
l
Configuration file of PE1
#
sysname PE1
#
vlan batch 100
loop-detect eth-loop loop-times 10 detect-cycle 10 cycles 3 retry-times 3
block-time 100
#
interface GigabitEthernet1/0/0
undo shutdown
portswitch
port link-type access
port default vlan 100
loop-detect eth-loop priority 1
#
interface GigabitEthernet2/0/0
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 100
loop-detect eth-loop priority 2
#
return
l
Configuration file of PE2
#
sysname PE2
#
vlan batch 100
loop-detect eth-loop loop-times 10 detect-cycle 10 cycles 1 retry-times 3
block-time 100
#
interface GigabitEthernet1/0/0
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 100
loop-detect eth-loop priority 2
#
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
377
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
interface GigabitEthernet2/0/0
undo shutdown
portswitch
port link-type access
port default vlan 100
loop-detect eth-loop priority 1
#
return
4.12.16 Example for Configuring VLAN Mapping and VLANIF
Interfaces for L3VPN Access
In this networking example, VLAN mapping is configured on attachment circuit (AC) interfaces
of PE1 to map the same user VLAN IDs in user packets to different operator VLAN IDs. Then
VLANIF interfaces configured on PE1 transmit the user packets carrying the operator VLAN
IDs to an L3VPN using different virtual private network (VPN) instances.
Networking Requirements
On an ME network, VLAN IDs are used to identify various services or user packets before they
access various VSIs, Virtual Leased Lines (VLL), or Virtual Private Network (VPN) instances.
If multiple user packets or services share one VLAN ID, part of high-priority traffic over the
operators' network cannot be scheduled in time, which deteriorates users' experience.
On the network shown in Figure 4-31, CE1 and CE2 add the same VLAN tag to received packets.
After PE1 receives these packets, it cannot distinguish the packets by the VLAN tag. This process
affects traffic distribution. To resolve this problem, configure VLAN mapping on PE1 to map
the same user VLAN IDs to different operator VLAN IDs, and configure VLANIF interfaces
on PE1 to transmit the user packets carrying the operator VLAN IDs to an L3VPN using different
VPN instances. These configurations ensure that packets are scheduled promptly.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
378
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Figure 4-31 Networking for configuring VLAN mapping and VLANIF interfaces for L3VPN
access
Loopback1
2.2.2.9/32
GE1/0/1
CE1
VLAN 10
GE1/0/1.1
10.12.1.1/24
PE2
GE1/0/1
GE1/0/2 10.12.1.2/24 CE4
10.1.1.1/30
GE1/0/2
Database
AS65420
Loopback1
1.1.1.9/32
GE1/0/1
GE1/0/2
VLANIF30:10.11.1.2/24
10.1.1.2/30
VLANIF20:10.21.1.2/24
GE1/0/3
GE1/0/4 PE1 10.2.1.2/30
GE1/0/2
10.2.1.1/30 GE1/0/1
10.22.1.2/24
GE1/0/1.1
PE3
10.22.1.1/24
CE3
Loopback1
3.3.3.9/32
GE1/0/2
CE2
VLAN 10 GE1/0/1
Internet
AS65421
L3VPN
AS100
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure basic Layer 3 virtual private network (L3VPN) functions.
a.
Assign an IP address to each interface of CEs and PEs.
b.
Enable an Interior Gateway Protocol (IGP) on the backbone network to allow
routers to communicate with each other.
c.
Configure basic Multiprotocol Label Switching (MPLS) functions and MPLS Label
Distribution Protocol (LDP), and then create MPLS label switched paths (LSPs) on
the backbone network to distribute and exchange labels.
d.
Create VPN instances on PEs and establish VPN routing and forwarding (VRF) tables.
2.
Configure the VLAN mapping function and VLANIF interfaces, and then bind the VPN
instances to the VLANIF interfaces.
3.
Configure External Border Gateway Protocol (EBGP) on CEs and PEs to exchange VPN
routing information.
4.
Set up Multiprotocol Extensions for IBGP (MP-IBGP) peer relationships between PEs.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
379
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Data Preparation
To complete the configuration, you need the following data:
l
Interface IP addresses
l
VPN instance names
l
RDs and VPN targets of the VPN instances
l
Operator VLAN IDs for the VLAN mapping function
l
VLANIF interface names
Procedure
Step 1 Configure basic L3VPN functions.
1.
Assign an IP address to each interface of CEs and PEs shown in Figure 4-31. The
configuration details are not provided. For more information, see configuration files in this
example.
2.
Configure an IGP on the MPLS backbone network. In this example, Open Shortest Path
First (OSPF) is used as an IGP.
The configuration details are not provided. For more information, see configuration files
in this example.
After OSPF is configured, PEs have IP routes to the peer Loopback 1 and can ping each
other.
<PE1> display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 9
Routes : 9
Destination/Mask
Proto
Pre
Cost
Flags NextHop
1.1.1.9/32 Direct 0
0
D
127.0.0.1
2.2.2.9/32 OSPF
10
1
D
10.1.1.1
GigabitEthernet1/0/2
3.3.3.9/32 OSPF
10
1
D
20.1.1.1
GigabitEthernet1/0/3
10.1.1.0/30 Direct 0
0
D
10.1.1.2
GigabitEthernet1/0/2
10.1.1.2/32 Direct 0
0
D
127.0.0.1
GigabitEthernet1/0/2
20.1.1.0/30 Direct 0
0
D
20.1.1.2
GigabitEthernet1/0/3
20.1.1.2/32 Direct 0
0
D
127.0.0.1
GigabitEthernet1/0/3
127.0.0.0/8
Direct 0
0
D
127.0.0.1
127.0.0.1/32 Direct 0
0
D
127.0.0.1
<PE1> ping 2.2.2.9
PING 2.2.2.9: 56 data bytes, press CTRL_C to break
Reply from 2.2.2.9: bytes=56 Sequence=1 ttl=255 time=90 ms
Reply from 2.2.2.9: bytes=56 Sequence=2 ttl=255 time=60 ms
Reply from 2.2.2.9: bytes=56 Sequence=3 ttl=255 time=70 ms
Reply from 2.2.2.9: bytes=56 Sequence=4 ttl=255 time=100 ms
Reply from 2.2.2.9: bytes=56 Sequence=5 ttl=255 time=90 ms
Interface
LoopBack1
InLoopBack0
InLoopBack0
--- 2.2.2.9 ping statistics --5 packet(s) transmitted
5 packet(s) received
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
380
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
0.00% packet loss
round-trip min/avg/max = 60/82/100 ms
3.
Enable basic MPLS functions and LDP on the MPLS backbone network.
The configuration details are not provided. For more information, see configuration files
in this example.
After an MPLS LSP is created, PE1 can establish LDP sessions with both PE2 and PE3.
The display mpls ldp session command output shows that the Status field is
Operational.
<PE1> display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
-----------------------------------------------------------------------------PeerID
Status
LAM SsnRole SsnAge
KASent/Rcv
-----------------------------------------------------------------------------2.2.2.9:0
Operational DU
Passive 0001:22:42 11210/11210
3.3.3.9:0
Operational DU
Passive 0000:00:42 170/170
-----------------------------------------------------------------------------TOTAL: 2 session(s) Found.
4.
Configure VPN instances.
# Configure VPN instances on PE1.
<PE1> system-view
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1 both
[PE1-vpn-instance-vpn1] quit
[PE1] ip vpn-instance vpn2
[PE1-vpn-instance-vpn2] route-distinguisher 100:2
[PE1-vpn-instance-vpn2] vpn-target 100:2 both
[PE1-vpn-instance-vpn2] quit
# Configure a VPN instance on PE2.
<PE2> system-view
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
[PE2-vpn-instance-vpn1] vpn-target 100:1 both
[PE2-vpn-instance-vpn1] quit
# Configure a VPN instance on PE3.
<PE3> system-view
[PE3] ip vpn-instance vpn2
[PE3-vpn-instance-vpn2] route-distinguisher 100:2
[PE3-vpn-instance-vpn2] vpn-target 100:2 both
[PE3-vpn-instance-vpn2] quit
Step 2 Configure the VLAN mapping function and VLANIF interfaces, and then bind the VPN
instances to the VLANIF interfaces or sub-interfaces.
# Configure PE1.
[PE1] vlan 10
[PE1-vlan10] quit
[PE1] vlan 20
[PE1-vlan20] quit
[PE1] vlan 30
[PE1-vlan30] quit
[PE1] interface gigabitethernet 1/0/4
[PE1-GigabitEthernet1/0/4] portswitch
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
381
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
[PE1-GigabitEthernet1/0/4] undo shutdown
[PE1-GigabitEthernet1/0/4] port vlan-mapping vlan 10 map-vlan 20
[PE1-GigabitEthernet1/0/4] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip address 200.1.1.2 24
[PE1-Vlanif20] ip binding vpn-instance vpn2
[PE1-Vlanif20] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] portswitch
[PE1-GigabitEthernet1/0/1] undo shutdown
[PE1-GigabitEthernet1/0/1] port vlan-mapping vlan 10 map-vlan 30
[PE1-GigabitEthernet1/0/1] quit
[PE1] interface vlanif 30
[PE1-Vlanif10] ip address 100.1.1.2 24
[PE1-Vlanif10] ip binding vpn-instance vpn1
[PE1-Vlanif10] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1
[PE2-GigabitEthernet1/0/1.1] ip address 100.2.1.1 24
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn2
[PE3-GigabitEthernet1/0/1.1] ip address 200.2.1.1 24
[PE3-GigabitEthernet1/0/1.1] quit
After completing the configurations, run the display ip vpn-instance verbose command on PEs
to view the configurations of VPN instances.
In the following example, the display on PE1 is used.
[PE1] display ip vpn-instance verbose
Total VPN-Instances configured : 2
Total IPv4 VPN-Instances configured : 2
Total IPv6 VPN-Instances configured : 0
VPN-Instance Name and ID : vpn1, 1
Interfaces : Vlanif30
Address family ipv4
Create date : 2012-07-27 10:18:15-08:00
Up time : 0 days, 00 hours, 11 minutes and 46 seconds
Route Distinguisher : 100:1
Export VPN Targets : 100:1
Import VPN Targets : 100:1
Label Policy : label per route
The diffserv-mode Information is : uniform
The ttl-mode Information is : pipe
Log Interval : 5
VPN-Instance Name and ID : vpn2, 2
Interfaces : Vlanif20
Address family ipv4
Create date : 2012-07-27 10:19:24-08:00
Up time : 0 days, 00 hours, 07 minutes and 28 seconds
Route Distinguisher : 100:2
Export VPN Targets : 100:2
Import VPN Targets : 100:2
Label Policy : label per route
The diffserv-mode Information is : uniform
The ttl-mode Information is : pipe
Log Interval : 5
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
382
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Step 3 Set up EBGP peer relationships between PEs and CEs and import VPN routes.
The configuration details are not provided. For more information, see chapter "BGP/MPLS IP
VPN Configuration" in the NE80E/40E Configuration Guide - VPN or configuration files in this
example.
Step 4 Set up MP-IBGP peer relationships between PEs.
The configuration details are not provided. For more information, see chapter "BGP/MPLS IP
VPN Configuration" in the NE80E/40E Configuration Guide - VPN or configuration files in this
example.
Step 5 Verify the configuration.
After completing the configurations, run the display bgp peer command on PEs. The command
output shows that BGP peer relationships between PEs have been established and are in the
Established state.
In the following example, the display on PE1 is used.
[PE1] display bgp peer
BGP local router ID : 10.1.1.2
Local AS number : 100
Total number of peers : 2
Peer
PrefRcv
Peers in established state : 2
V
AS
MsgRcvd
MsgSent
OutQ
Up/Down
State
2.2.2.9
4
100
2809
2809
0 0046h47m Established
3.3.3.9
4
100
49
49
0 00:47:28 Established
0
0
Run the display ip routing-table vpn-instance command on PEs, and you can view the routes
to remote CEs.
In the following example, the display on PE1 is used.
[PE1] display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: vpn1
Destinations : 3
Routes : 3
Destination/Mask
Proto
Pre
Cost
Flags NextHop
Interface
100.2.1.0/24
IBGP
255 0
RD
2.2.2.9
GigabitEthernet1/0/2
[PE1] display ip routing-table vpn-instance vpn2
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: vpn1
Destinations : 3
Routes : 3
Destination/Mask
200.2.1.0/24
Proto
Pre
Cost
Flags NextHop
Interface
IBGP
255
0
RD
GigabitEthernet1/0/3
3.3.3.9
Run the display port vlan command to view interface information in VLANs.
In the following example, the display on PE1 is used.
[PE1] display port vlan
Port
Link Type
PVID Trunk VLAN List
------------------------------------------------------------------------------GigabitEthernet1/0/1
trunk
0
30
GigabitEthernet1/0/4
trunk
0
20
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
383
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
Run the display interface vlanif command to view the status of VLANIF interfaces, the protocol
status, interface descriptions, and interface IP addresses.
In the following example, the display of VLANIF 30 on PE1 is used.
[PE1] display interface vlanif 30
lanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Vlanif10 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet protocol processing : enabled
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-f94a-1a00
Physical is VLANIF
Current system time: 2012-08-01 16:32:44-08:00
Last 300 seconds input rate 0 bits/sec, 0 packets/sec
Last 300 seconds output rate 0 bits/sec, 0 packets/sec
Realtime 229 seconds input rate 0 bits/sec, 0 packets/sec
Realtime 229 seconds output rate 0 bits/sec, 0 packets/sec
Input: 0 packets,0 bytes
0 unicast,0 broadcast,0 multicast
0 errors,0 unknownprotocol
Output:0 packets,0 bytes
0 unicast,0 broadcast,0 multicast
0 errors
Input bandwidth utilization : -Output bandwidth utilization : --
----End
Configuration Files
l
Configuration file of PE1
#
sysname PE1
#
vlan batch 10 20 30
#
ip vpn-instance vpn1
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
ip vpn-instance vpn2
ipv4-family
route-distinguisher 100:2
vpn-target 100:2 export-extcommunity
vpn-target 100:2 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface Vlanif30
ip binding vpn-instance vpn1
#
interface Vlanif20
ip binding vpn-instance vpn2
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port vlan-mapping vlan 10 map-vlan 30
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
384
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 20.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/4
portswitch
undo shutdown
port link-type trunk
port vlan-mapping vlan 10 map-vlan 20
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 100.1.1.2 as-number 65420
#
ipv4-family vpn-instance vpn2
import-route direct
peer 100.1.1.2 as-number 65421
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.3
network 20.1.1.0 0.0.0.3
#
return
l
Configuration file of PE2
#
sysname PE2
#
ip vpn-instance vpn1
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
mpls lsr-id 2.2.2.9
mpls
#
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
385
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
mpls l2vpn
#
mpls ldp
#
interface GigabitEthernet1/0/1.1
ip binding vpn-instance vpn1
ip address 100.2.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 100.2.1.2 as-number 65420
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.3
#
return
l
Configuration file of PE3
#
sysname PE3
#
ip vpn-instance vpn2
ipv4-family
route-distinguisher 100:2
vpn-target 100:2 export-extcommunity
vpn-target 100:2 import-extcommunity
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface GigabitEthernet1/0/1.1
ip binding vpn-instance vpn2
ip address 200.2.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 20.1.1.1 255.255.255.252
mpls
mpls ldp
#
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
386
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpn2
import-route direct
peer 200.2.1.2 as-number 65421
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 20.1.1.0 0.0.0.3
#
return
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type access
port default vlan 10
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 10
#
return
l
Configuration file of CE2
#
sysname CE2
#
vlan batch 10
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type access
port default vlan 10
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 10
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
387
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
4 VLAN Configuration
#
return
l
Configuration file of CE3
#
sysname CE3
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 200.2.1.2 255.255.255.0
#
bgp 65421
peer 200.2.1.1 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 200.2.1.1 enable
#
return
l
Configuration file of CE4
#
sysname CE4
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 100.2.1.2 255.255.255.0
#
bgp 65420
peer 100.2.1.1 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 100.2.1.1 enable
#
return
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
388
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
5
QinQ Configuration
About This Chapter
The QinQ technology makes up for the shortage of public VLAN ID resources, and also provides
a simpler Layer 2 VPN solution for LANs or small-scale MANs.
5.1 QinQ Introduction
The QinQ protocol is a Layer 2 tunneling protocol based on the IEEE 802.1Q standard.
5.2 Configuring the QinQ Tunnel Function
This section describes how to configure a QinQ Layer 2 tunnel. Therefore, packets with double
tags can be transmitted. In addition, the EthType in the outer tag can be flexibly configured.
5.3 Configuring Selective QinQ on a Layer 2 Interface
This section describes how to configure Layer 2 selective QinQ. Therefore, a packet with
different outer VLAN tags can be transmitted and the EthType in the outer VLAN tag can be
flexibly configured.
5.4 Configuring QinQ-based VLAN Tag Swapping Function
This section describes how to configure VLAN tag swapping based on QinQ. Therefore, a device
can swap the inner tag with the outer tag in a packet with double VLAN tags.
5.5 Configuring the Sub-interface for VLAN Tag Termination to Access the IP Service
IP services include proxy ARP, and DHCP services. You can deploy IP services on subinterfaces for VLAN tag termination to enable the interworking between users in different
VLANs, therefore ensuring reliable, stable, and uninterrupted connections between the users
and the network.
5.6 Configuring the Sub-interface for VLAN Tag Termination to Access the Multicast Service
With the wide use of multicast services on the Internet, you need to deploy sub-interfaces for
QinQ/dot1q VLAN tag termination to process the user packets carrying a single tag or double
tags for multicast services. In this manner, the UPE can maintain information about the outbound
interface of multicast packets according to the established multicast forwarding table to ensure
the normal communications between hosts and the multicast source.
5.7 Configuring the Sub-interface for VLAN Tag Termination to Access the VPN Service
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
389
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
VPN services are classified into L2VPN services and L3VPN services. You can configure subinterfaces for VLAN tag termination on PEs to access VPNs to enable the interworking between
CEs and users.
5.8 Configuring the Sub-interface for VLAN Tag Termination to Access the MPLS Service
The sub-interface for VLAN tag termination to access the MPLS service is MPLS TE.
5.9 Configuring the Sub-interface for QinQ VLAN Tag Termination to Support 802.1p Mapping
Function
After tags are terminated on PEs, packets are sent to the IP or Multiprotocol Label Switching
(MPLS) network of the Internet Service Provider (ISP). To ensure the completeness of the
Quality of Service (QoS) information in the packets, the 802.1p values in outer and inner tags
need to be mapped to the DiffServ Code Point (DSCP) field or the EXP field.
5.10 Configuring the Sub-interface for QinQ Stacking to Access an L2VPN
You can configure sub-interfaces for QinQ stacking on PEs to access Layer 2 virtual private
networks (L2VPNs) so that the inner tags of user packets are invisible on the Internet Service
Provider (ISP) network.
5.11 Configuring Dynamic QinQ Function
Dynamic QinQ is configured on the sub-interface for VLAN tag termination of the Dynamic
Host Configuration Protocol (DHCP) relay at the client side to allocate VLAN tag resources for
login users. When a user abnormally logs out after obtaining an IP address, the system can sense
the event automatically, delete the binding in the DHCP binding table, and instruct the DHCP
server to release the IP address and VLAN tag resources.
5.12 Configuring the Sub-interface for QinQ VLAN Tag Termination to Support URPF
Configuring sub-interfaces for QinQ VLAN tag termination to support Unicast Reverse Path
Forwarding (URPF) effectively prevents attacks based on source address spoofing through subinterfaces for QinQ VLAN tag termination.
5.13 Configuring the User-Side QinQ
When configuring a user VLAN on an Ethernet sub-interface, you can specify either the start
and end VLAN IDs or the start and end QinQ VLAN IDs. Note that a maximum of 16 consecutive
QinQ VLAN IDs can be specified in a command. When the NE80E/40E is connected to users
through two switches, the switch adjacent to users adds an inner tag to a user packet (or remove
the inner tag from the user packet) and the switch adjacent to the NE80E/40E adds an outer tag
to the user packet (or remove the outer tag from the user packet).
5.14 Maintaining QinQ
Commands of clearing statistics on a QinQ interface helps to locate the faults on a QinQ interface.
5.15 Configuration Examples
This section describes the typical application scenarios of QinQ, including networking
requirements, configuration roadmap, and data preparation, and provides related configuration
files.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
390
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
5.1 QinQ Introduction
The QinQ protocol is a Layer 2 tunneling protocol based on the IEEE 802.1Q standard.
5.1.1 QinQ Overview
The QinQ technology improves the utilization of VLANs by adding another 802.1Q tag to a
packet with an 802.1Q tag. In this manner, services from the private VLAN can be transparently
transmitted through the public network.
In intercommunication between Layer 2 LANs on the basis of the traditional IEEE 802.1Q
protocol, when two user networks access each other through an Internet Service Provider (ISP),
the ISP must assign VLAN IDs to users of different VLANs, as shown in Figure 5-1. Suppose
User Network1 and User Network2 access the backbone network through PE1 and PE2 of an
ISP.
Figure 5-1 Intercommunication between Layer 2 LANs on the basis of the traditional IEEE
802.1Q protocol
CE1
Trunk
VLAN100~200
PE1
Trunk
VLAN100~200
P
User
Network1
ISP
Network
Trunk
VLAN100~200
Trunk
VLAN100~200
CE2
PE2
User
Network2
To connect VLAN 100 - VLAN 200 on User Network1 to VLAN 100 - VLAN 200 on User
Network2, you must change the attribute of the interfaces of CE1, PE1, and P that connect PE2
and CE2 to the trunk and allow packets of VLAN 100 - VLAN 200 to pass.
This configuration makes user's VLANs visible on the backbone network. In this case, the VLAN
ID resources (4094 VLAN IDs) of an ISP are wasted. In addition, the ISP has to manage user
VLAN IDs and users have no right to manage their VLANs.
A rush of too many users accessing the network may cause the ISP network to be short of VLAN
IDs because an ISP network has only 4094 VLAN IDs.
In addition, different users cannot use the same VLAN ID and user's VLAN IDs must be planned
by an ISP.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
391
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
QinQ is a technology used to expand the VLAN space by encapsulating a packet that carries an
802.1Q tag in another 802.1Q tag. The private VLANs therefore can transparently transmit
packets over the public network and the preceding problem is solved.
The QinQ technology expands the VLAN space by encapsulating a packet that carries an 802.1Q
tag in another 802.1Q tag. The private VLANs therefore can transparently transmit packets over
the public network. This function is the same as the Layer 2 VPN. Packets that are forwarded
over the backbone network carry two 802.1Q tags, one for the public network and the other for
the private network. This is called 802.1Q-in-802.1Q, or QinQ for short.
The ISP network only provides one VLAN ID for different VLANs from the same user network.
This saves VLAN IDs of an ISP. Meanwhile, the QinQ provides a simple Layer 2 VPN solution
to a small metropolitan area network (MAN) or a local area network (LAN).
The QinQ technology has been widely used on ISPs' networks because of its easy application.
The QinQ technology can be applied to multiple services in a metropolitan area Ethernet solution.
The emergence of flexible QinQ that is VLAN stacking enables QinQ services to widely spread
among ISPs.
This technology has the following features:
l
Private networks are effectively segregated from the public network.
l
ISP's VLAN IDs are saved to the maximum.
With the development of the metropolitan area Ethernet, all device vendors have put forward
their solutions to the metropolitan area Ethernet. The QinQ technology plays an important role
in the solutions because of its simplicity and flexibility.
5.1.2 QinQ Feature Supported by the NE80E/40E
Owing to its simplicity and flexibility, QinQ plays an important role in solutions.
QinQ of Layer 2 Interfaces
l
QinQ tunnel
l
Selective QinQ (VLAN stacking)
l
Compatibility of QinQ EType in the outer tag or inner tag.
As shown in Figure 5-2, 802.1Q defines that the Ethernet encapsulation type field (EType) value
of the Tag Protocol Identifier (TPID) is 0x8100. In QinQ encapsulation, the value of the EType
in the inner TPID of devices from each vendor is 0x8100. The value of the EType in the outer
TPID, however, varies with vendors.
Figure 5-2 802.1 encapsulation
802.1Q Encapsulation
DA
SA
ETYPE
6 Bytes 6 Bytes 2 Bytes
TAG LEN/ETYPE
DATA
FCS
2 Bytes 2 Bytes
46 Bytes~1500 Bytes 4 Bytes
QinQ
Encapsulation
DA
SA
DATA
ETYPE TAG ETYPE
TAG LEN/ETYPE
FCS
6 Bytes 6 Bytes 2 Bytes 2 Bytes 2 Bytes 2 Bytes
2 Bytes 46 Bytes~1500 Bytes 4 Bytes
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
392
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
The NE80E/40E supports the compatibility of ETypes in different QinQ outer TPIDs. That is,
the NE80E/40E can identify and encapsulate packets with different outer ETypes, therefore
implementing inter-operation among devices from different vendors.
NOTE
IEEE 802.1ad defines the value of the EType field in the outer TPID to 0x88a8.
As shown in Figure 5-3, on Router B, the inbound interface can identify the QinQ packet with
the Etype value in the outer TPID being 0x9100 and the outbound interface can set ETypes in
the outer TPID to different values according to vendors, such as 0x9100, 0x8100, or other values.
Therefore, Router B can inter-operate with the devices of different vendors.
Figure 5-3 Compatibility of Etypes in the outer TPIDs of QinQ packets
00
0x91
0x9100
IP/MPLS
Core
Router A
Switch A
Router B
0x81
00
Router C
As shown in Figure 5-4, Router A and Switch A are non-Huawei devices, and Router B is a
Huawei Datacom device. By default, the inbound interface on Router B can identify the QinQ
packets with ETypes of both inner and outer tags being 0x8100. Then, to implement interworking
between non-Huawei devices and the Huawei device, you should configure the compatibility of
ETypes of the tags carried in the QinQ packets sent by the devices of different vendors.
Figure 5-4 Compatibility of ETypes in the outer TPIDs of QinQ packets
xxxx 0x9100
10
RouterA
xxxx
xxxx 0x9100
100
SwitchA
0x9100
10
xxxx
GE1/0/1
RouterB
VLAN Swapping Based on QinQ
As shown in Figure 5-5, data packets sent from the DSLAM to the UPE carry double VLAN
tags. The inner tag indicates the service VLAN and the outer tag indicates the customer VLAN.
The UPE, however, can only transmit packets by adding an outer tag to the packet accessing the
service VLAN and adding an inner tag to the packet accessing the customer VLAN. To transmit
data to correct VLANs, the UPE needs to swap the inner VLAN tag with the outer VLAN tag
in the packet. In this manner, the outer tag in the packet can indicate the service VLAN and the
inner tag can indicate the customer VLAN.
In this manner, when the UPE receives packets with double VLAN tags, the inner tag is swapped
with the outer tag. The VLAN tag swapping does not take effect on packets with a single tag.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
393
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Figure 5-5 Networking diagram of the VLAN swapping feature based on QinQ
IP
UPE
IP
C
C
S
Metro
Ethernet
Network
S
VLAN Swap
Service-POP
DSLAM
IP
HSI
VOIP
IP
S
S
IP
...
RG1
PE-AGG
IPTV
C
S
RG2
HSI
VOIP
IPTV
S:Service VLAN
C:Customer VLAN
PE-AGG:PE-Aggregation
DSLAM:Digital Subscriber Line Access Multiplexer
Service POP:Service Points-of-Presence
IPTV:Internet Protocol Television
UPE:Underlayer Provider Edge
HSI:High Speed Internet
RG:Residential Gateway
VOIP:Voice Over IP
As shown in Figure 5-5, HSI, VoIP, and IPTV services access the DSLAM through a residential
gateway (RG). The RG adds inner VLAN tags identifying different services to packets and sends
these packets to the DSLAM. According to service types of the received packets, the DSLAM
adds outer VLAN tags, such as (1 to 1000)/1 to these packets and sends them to the UPE, which
supports VLAN tag swapping based on QinQ. After inner tags and outer tags of the packets are
swapped on the UPE, the outer tags can indicate the service VLAN and the inner tags can indicate
the customer VLAN, such as 1/(1 to 1000).
Sub-interface for QinQ/Dot1q VLAN Tag Termination
Termination refers to identifying single or double tags of QinQ packets and then stripping one
tag or double tags or sending the packets according to the subsequent forwarding operations.
Termination is usually conducted on route sub-interfaces, that is, sub-interfaces for QinQ/dot1q
VLAN tag termination.
l
Issue 02 (2014-09-30)
A route sub-interface that terminates a single tag is called the sub-interface for dot1q VLAN
tag termination.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
394
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
l
5 QinQ Configuration
A route sub-interface that terminates double tags is called the sub-interface for QinQ VLAN
tag termination.
Table 5-1 shows the differences among the VLANIF interface, dot1q sub-interface, subinterface for dot1q VLAN tag termination, and sub-interface for QinQ VLAN tag termination.
Table 5-1 Differences among types of interfaces
Interfa
ce
Type
Description
Supported Service
Virtu
al
Lease
d
Line
(VLL)
(CCC
mode
)
VLANI
F
interfac
e
Issue 02 (2014-09-30)
You can run
the interface
vlanif
command to
create a
VLANIF
interface.
A VLANIF
interface is a
Layer 3
logical
interface,
which can be
configured
with an IP
address to
communicate
with devices
at the
network
layer.
Not
suppo
rted
Difference
Pseud
oWire
Emul
ation
Edge
to
Edge
(PWE
3)
Virtu
al
Privat
e LAN
Servic
e
(VPL
S)
Laye
r3
virtu
al
priv
ate
netw
ork
(L3V
PN)
Not
suppor
ted
Suppor
ted
Supp
orted
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
l The dot1q sub-interface
and sub-interface for
dot1q VLAN tag
termination have the
same function. Their
difference is that packets
sent from the dot1q subinterface are
encapsulated with only
one VLAN tag; packets
sent from the subinterface for dot1q
VLAN tag termination
can be encapsulated with
multiple VLAN tags.
l You can configure both
sub-interfaces for dot1q
VLAN tag termination
and sub-interfaces for
QinQ VLAN tag
termination on the same
main interface. In this
manner, the same main
interface can terminate
both single-tagged
packets and doubletagged packets. If a main
interface is configured
with QinQ VLAN tag
termination, single-
395
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Interfa
ce
Type
Description
5 QinQ Configuration
Supported Service
Virtu
al
Lease
d
Line
(VLL)
(CCC
mode
)
Difference
Pseud
oWire
Emul
ation
Edge
to
Edge
(PWE
3)
Virtu
al
Privat
e LAN
Servic
e
(VPL
S)
Laye
r3
virtu
al
priv
ate
netw
ork
(L3V
PN)
Dot1q
subinterfac
e
You can run
the vlan-type
dot1q
command to
configure an
Ethernet subinterface to
be a dot1q
subinterface.
Suppo
rted
Suppo
rted
Suppor
ted
Supp
orted
Subinterfac
e for
dot1q
VLAN
tag
terminat
ion
You can run
the dot1q
termination
vid command
to configure a
sub-interface
to terminate
single-tagged
packets.
Suppo
rted
Suppo
rted
Suppor
ted
Supp
orted
Subinterfac
e for
QinQ
VLAN
tag
terminat
ion
You can run
the qinq
termination
pe-vid ce-vid
command to
configure a
sub-interface
to terminate
doubletagged
packets.
Suppo
rted
Suppo
rted
Suppor
ted
Supp
orted
tagged packets can be
terminated only on subinterfaces for dot1q
VLAN tag termination
rather than on dot1q subinterfaces.
Table 5-2 and Table 5-3 show how interfaces of different types process VLAN tags carried in
packets to be transmitted across a VPLS network.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
396
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Table 5-2 Packet processing on the inbound interface
Type of the Inbound
Interface
Procedure of Processing VLAN Tags
Ethernet-encapsulated
Packets
VLAN-encapsulated
Packets
VLANIF interface
l default mode: No action is
performed.
No action is performed.
l trunk mode: The outer tags
are stripped.
l default mode: Adds a tag
(default VLAN ID of the
interface).
l trunk mode: No action is
required.
Ethernet main interface
Tags are stripped.
No action is performed.
Dot1q sub-interface
Tags are stripped.
No action is performed.
Sub-interface for dot1q Tags are stripped.
VLAN tag termination
No action is performed.
Sub-interface for QinQ
VLAN tag termination
l Outer tags are stripped in
symmetric mode.
l No action is performed in
symmetric mode.
l Double tags are stripped in
asymmetric mode.
l Double tags are stripped in
asymmetric mode and then a
tag is added.
Table 5-3 Packet processing on the outbound interface
Type of the
Outbound Interface
Procedure of Processing VLAN Tags
Ethernet-encapsulated
Packets
VLAN-encapsulated
Packets
VLANIF interface
l No action is performed by
default.
l The tag is stripped by
default.
l A specific tag is added in
trunk mode.
l The tag is replaced in trunk
mode.
Ethernet main interface
A specific tag is added.
The tag is replaced.
Dot1q sub-interface
A specific tag is added.
The tag is replaced.
Sub-interface for dot1q A specific tag is added.
VLAN tag termination
The tag is replaced.
Sub-interface for QinQ
VLAN tag termination
Issue 02 (2014-09-30)
l Outer tags are added in
symmetric mode.
l Outer tags are replaced in
symmetric mode.
l Double tags are added in
asymmetric mode.
l One tag is stripped and
double tags are added in
asymmetric mode.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
397
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Figure 5-6 Networking diagram of service deployment on the sub-interface for QinQ/dot1q
VLAN tag termination
Set the interface mode to the
user-termination mode
Create a sub-interface
Configure the sub-interface
for dot1q VLAN tag
termination
Configure the sub-interface
for QinQ VLAN tag
termination
Deploy services such as ARP, VRRP,
L2VPN, and L3VPN services on the subinterface
The detailed implementation and function of the sub-interface for QinQ VLAN tag termination
are related with the specific scenario. As shown in Figure 5-6, the sut-interface for QinQ/dot1q
VLAN tag termination can be deployed with services listed in Table 5-4.
Table 5-4 Services supported by the sut-interface for QinQ/dot1q VLAN tag termination
Subinterface
Type
Supporte
d Service
Type
Service Subtype
Description
QinQ/Dot1q
VLAN Tag
Termination
IP Service
Address
Resolution
Protocol
(ARP) Proxy
The sub-interface for VLAN tag termination
can connect different VLANs to the same
network segment. If users on the same network
segment belong to different VLANs, they
cannot communicate with each other on the
Layer 2 network unless the sub-interface for
VLAN tag termination supports ARP proxy
and therefore implements IP forwarding.
For details of proxy ARP, see the chapter
"ARP" in the HUAWEI NetEngine80E/40E
Feature Description - IP Services.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
398
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Subinterface
Type
Supporte
d Service
Type
5 QinQ Configuration
Service Subtype
Description
Dynamic Host
Configuration
Protocol
(DHCP)
l The sub-interface for VLAN tag
termination can be configured with the
Dynamic Host Configuration Protocol
(DHCP) server function to assign IP
addresses to users.
l DHCP
Server
l DHCP
Relay
l The sub-interface for VLAN tag
termination can be configured with the
DHCP relay function to provide reference
for the DHCP server to assign IP addresses
and parameters by inserting tag information
into Option82.
For details of DHCP, see the chapter "DHCP"
in the HUAWEI NetEngine80E/40E Feature
Description - IP Services.
Virtual Router
Redundancy
Protocol
(VRRP)
Users usually require communicating with
certain networks at any time. In this case, The
Virtual Router Redundancy Protocol (VRRP)
running on the sub-interface for VLAN tag
termination ensure a reliable communication
and provides an active/standby mechanism for
dot1q or QinQ users.
For details of VRRP, see the chapter "VRRP"
in the HUAWEI NetEngine80E/40E Feature
Description - Reliability.
Multicast
Service
Layer 2
Multicast
After being bound to a VSI and enabled with
IGMP snooping, the sub-interface for QinQ/
dot1q VLAN tag termination can listen IGMP
messages exchanged between the multicast
device and hosts, and therefore can learn which
interfaces have multicast receivers. In this
case, multicast packets are transmitted on the
Layer 2 network in multicast mode rather than
broadcast mode, and consequently received
only by members of the multicast group.
For details of Layer 2 multicast, see the chapter
"Layer 2 Multicast" in the HUAWEI
NetEngine80E/40E Feature Description - IP
Multicast.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
399
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Subinterface
Type
Supporte
d Service
Type
5 QinQ Configuration
Service Subtype
Description
Layer 3
Multicast
Multicast protocol packets with double tags are
sent from the UPE to the upper network. After
the sub-interface for QinQ or dot1q VLAN tag
termination is configured on the UPE, the UPE
creates the forwarding table and the routing
table. When receiving multicast protocol
packets from hosts, the UPE can identify the
packets and correctly forward the packets.
Based on the established multicast forwarding
table, the UPE can replicate and deliver
multicast packets correctly.
In this section, Layer 3 multicast refers to
IGMP. For details of IGMP, see the chapter
"IGMP" in the HUAWEI NetEngine80E/40E
Feature Description - IP Multicast.
VPN
Service
L2VPN
l PWE3/
VLL
l VPLS
l The access of the sub-interface for QinQ/
dot1q VLAN tag termination to PWE3/
VLL means that the sub-interface for QinQ/
dot1q VLAN tag termination is configured
with PWE3/VLL functions.
l The support of VPLS by the sub-interface
for QinQ/dot1q VLAN tag termination
refers to configuring VPLS on the subinterface for VLAN tag termination.
For details of L2VPN, see the chapter "PWE3",
"VLL", and "VPLS" in the HUAWEI
NetEngine80E/40E Feature Description VPN.
L3VPN
The access of the sub-interface for QinQ/dot1q
VLAN tag termination to L3VPN means that
the sub-interface for QinQ/dot1q VLAN tag
termination is configured with L3VPN
functions.
For details of L3VPN, see the chapter "BGP/
MPLS IP VPN" in the HUAWEI
NetEngine80E/40E Feature Description VPN.
QinQ
termination
subinterface
Issue 02 (2014-09-30)
802.1p,
DiffServ
Code Point
(DSCP)
Remark
-
After being terminated on the PE, the packet is
sent to the ISP network. To ensure the
completeness of the QoS information in the
packet, the 802.1p values in outer and inner
tags need to be mapped to the DSCP field.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
400
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Subinterface
Type
5 QinQ Configuration
Supporte
d Service
Type
Service Subtype
Description
802.1p,
EXP
(MPLS)
Remark
-
After being terminated on the PE, the packet is
sent to the ISP MPLS network. To ensure the
completeness of the QoS information in the
packet, the 802.1p values in outer and inner
tags need to be mapped to the EXP field.
NOTE
l Services that can be deployed on sub-interfaces for VLAN tag termination are not limited to those
listed in Table 5-4.
l For details of services that can be deployed on sub-interfaces for VLAN tag termination, see the chapter
"QinQ" in the HUAWEI NetEngine80E/40E Feature Description - LAN Access and MAN Access.
Access to L2VPN Through the Sub-interface for QinQ Stacking
l
Access to a PWE3/VLL Network Through the Sub-interface for QinQ Stacking
VLL is a point-to-point L2VPN, which is not supported by the VLANIF interface. In this
case, users can access the L2VPN only through a main interface. However, a physical
interface is unable to access multiple users to the L2VPN at the same time. To solve the
problem, you can configure the VLAN-based QinQ function at different sub-interfaces. In
this scenario, CE-VLANs on both sides must be symmetrical.
l
Access to a VPLS Through the Sub-interface for QinQ Stacking
When users access an ISP network in VPLS mode, you can enable packets from user
VLANs to be transmitted transparently over ISP networks in the following two ways:
– Enable VLAN-based QinQ on the switched interface and bind the VLANIF interface
to a VSI.
– Create a sub-interface on a routed interface and then configure VLAN stacking on the
sub-interface.
Dynamic QinQ
A common sub-interface for QinQ termination can terminate a maximum of 16,000 doubletagged user packets. When the number of the user packets exceeds 16,000, you can use the
dynamic QinQ function. After that, the sub-interface for QinQ aggregation can terminate a
maximum of 64,000 double-tagged user packets.
NOTE
After being configured with dynamic QinQ, the sub-interface for VLAN tag termination cannot support
Virtual Leased Line (VLL), Pseudo Wire Emulation Edge-to-Edge (PWE3), Virtual Private LAN Service
(VPLS), static ARP, and DHCP snooping static binding table.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
401
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Figure 5-7 Networking diagram for dynamic QinQ
DHCP Server
GE1/0/0
100.1.1.2/24
DHCP Snooping Trusted
enable
DHCP Relay
IP ×× ××
GE2/0/0
100.1.1.1/24
Untrusted
GE1/0/0.1 QinQ termination
10.1.1.1/24
Dynamic QinQ
GE2/0/0
IP
20
/
1 /0
E
G
DHCP Client1
1
IP
30
10
IP
20
10
Switch
GE
1 /0
/2
IP
30
DHCP Client2
As shown in Figure 5-7, the DHCP client is connected to the DHCP relay through two-hierarchy
switches and requests a valid IP address from the DHCP server through the DHCP relay.
Dynamic QinQ is configured on the sub-interface for VLAN tag termination on the client side
of the DHCP relay to allocate VLAN tags to the login users. After ARP is associated with the
DHCP binding table, when users log out abnormally after obtaining IP addresses, the system
senses this failure automatically, and then deletes the binding relationship in the DHCP binding
table and informs the DHCP server to release IP addresses and VLAN tags.
In the case of interfaces configured with dynamic QinQ, usually it is users who send the ARP
request actively to the gateway device; if ARP rigid learning is also configured on the device,
all interfaces on the device learn the responses to the ARP requests that are actively sent by
themselves instead of learning the requests sent by other devices. As a result, dynamic QinQ
interfaces on this device cannot learn ARP entries of users and then users fail to log in. To solve
the problem, you can run the arp learning strict force-disable command on the interface
configured with dynamic QinQ so that the interface can learn the ARP requests sent by users.
Sub-interfaces for QinQ VLAN Tag Termination Support URPF
Unicast Reverse Path Forwarding (URPF) is used to avoid source-address-spoofing attacks.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
402
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
After being configured with URPF, the sub-interface for QinQ VLAN tag can resist sourceaddress-spoofing attacks.
A URPF-enabled sub-interface for QinQ VLAN tag termination resists source-address-spoofing
attacks as follows:
l
Obtains the source address, the inner and outer VLAN tags, and the inbound interface of
the packet.
l
Takes the source address of the packet as the destination address and searches the
forwarding table for the relevant outbound interface and the inner and outer VLAN tags.
l
Compares the searching result and the obtained information of the packet. If they are
inconsistent, sub-interface for QinQ VLAN tag termination regards the source address as
spoofing and discards the packet.
In this way, hostile attacks by modifying the source address can be avoided.
There are two URPF check modes:
l
Loose URPF: A packet passes the URPF check if the relevant routing entry exists in the
forwarding table.
l
Strict URPF: A packet passes the URPF check only when the relevant routing entry exists
in the forwarding table and the interface information matches.
NOTE
The sub-interface for QinQ VLAN tag termination on the NE80E/40E supports only loose URPF.
Sub-interfaces for QinQ VLAN Tag Termination Support IPv6
Sub-interfaces for QinQ VLAN tag termination support IPv6 unicast and multicast, OSPFv3,
IS-ISv6, BGP4+, RIPng, IPv6 BFD, IPv6 VRRP, dynamic QinQ of IPV6, and IPv6 loose and
half-strict URPF. In addition, one sub-interface for QinQ VLAN tag termination can be bound
to L3VPN_v4 and L3VPN_v6.
5.2 Configuring the QinQ Tunnel Function
This section describes how to configure a QinQ Layer 2 tunnel. Therefore, packets with double
tags can be transmitted. In addition, the EthType in the outer tag can be flexibly configured.
5.2.1 Before You Start
Before configuring a QinQ Layer 2 tunnel, familiarize yourself with the usage scenario, complete
the pre-configuration tasks, and obtain the required data. This can help you complete the
configuration task quickly and accurately.
Applicable Environment
When multiple VLANs are required, the QinQ tunnel need be configured. You can add the outer
tag to the VLAN so that the range of available number of VLANs is wide; therefore, the number
of VLANs is no longer insufficient.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
403
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Pre-configuration Task
Before configuring the QinQ tunnel, complete the following tasks:
l
Ensure that the device is powered on correctly and operates properly.
l
Configure basic attributes of the Ethernet interface.
Data Preparation
To configure the QinQ tunnel, you need the following data.
No.
Data
1
Interface number of the QinQ tunnel
2
ID of the outer VLAN tag
5.2.2 Creating the Outer VLAN Tag for a Layer 2 Interface
After a QinQ Layer 2 tunnel is configured, different outer tags can be added to packets and the
EthType in QinQ tags can be flexibly configured.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
vlan vlan-id
A VLAN is created and its view is displayed.
The VLAN ID refers to the value of the outer tag specified in the QinQ tunnel function. The
VLAN ID ranges from 1 to 4094.
----End
5.2.3 Configuring QinQ for a Layer 2 Interface
After a QinQ Layer 2 tunnel is configured, the interface adds an outer VLAN tag to the packet
that carries an inner VLAN tag so that the packet can be forwarded on the public network.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
404
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
The view of the Ethernet interface that need be configured with the QinQ tunnel is displayed.
Step 3 (Optional) Run:
portswitch
The interface is configured as a Layer 2 interface.
If the interface is a Layer 2 interface, this step is unnecessary.
Step 4 Run:
port link-type dot1q-tunnel
The interface type is configured as a QinQ interface.
Step 5 Run:
port default vlan vlan-id
The outer tag is configured; namely, the default VLAN ID of the interface is configured.
NOTE
The outer tag value should be the same as the VLAN ID created in Creating the Outer VLAN Tag for a
Layer 2 Interface.
----End
5.2.4 (Optional) Configuring the Protocol Type for the Outer Tag
To implement interworking between devices of different vendors, in the case that QinQ is
configured, devices of different vendors use 0x8100 as the value of the EType in the inner Tag
Protocol Identifier (TPID) but use different values as the values of EType in the outer TPID. In
addition, the protocol type of the outer tag need be configured.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The view of the Ethernet interface that need be configured with the QinQ tunnel is displayed.
Step 3 Run:
qinq protocol ethertype-value
The protocol type of the outer tag is configured.
l IEEE 802.1ad defines the value of the EType field in the outer TPID to 0x88a8.
l The value of ethertype-value ranges from 0x0600 to 0xFFFF, and the default value is 0x8100.
NOTE
qinq protocol is applicable to only the packets with double tags.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
405
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
5.2.5 (Optional) Configuring the EtherType Value for VLAN TPIDs
This section describes how to configure the EtherType value for the inner and outer tags of
double-tagged packets received by Ethernet interfaces on a Huawei device equipped with the
LPUF-41/101. This Huawei device can communicate with a non-Huawei device only when they
use the same EtherType value.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
slot slot-id
The slot view is displayed.
Step 3 Run:
vlan protocol ethertype-value
An EtherType value is specified for the inner and outer tags of double-tagged packets received
by Ethernet interfaces.
l In IEEE 802.1ad, the EtherType value of the TPID in the outer tag is defined as 0x88a8.
l The value of ethertype-value ranges from 0x0600 to 0xFFFF, and the default value is 0x8100.
NOTE
The vlan protocol ethertype-value command takes effect on all Ethernet interfaces on the board in the
specified slot and will override the qinq protocol ethertype-value configurations on the interfaces.
Running the vlan protocol ethertype-value command may interrupt ongoing services.
If the LPUF-41/101 is needed on both the AC side and the network side and different EtherType values
are required on the two sides, deploy configurations of the two sides on different boards.
----End
5.2.6 (Optional) Changing the Ethernet Encapsulation Type for the
Outer Tag
When Huawei and non-Huawei devices are connected and QinQ is configured, devices of
various vendors set the inner TPID to 0x8100 and set the outer TPID to different values. To
allow Huawei and non-Huawei devices to communicate, the Ethernet encapsulation type of the
outer tag need be configured.
Perform the following steps on a device on which the Layer 2 QinQ tunnel function is to be
configured:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
406
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Step 2 Run:
interface interface-type interface-number
The view of the Ethernet interface on which the QinQ tunnel function is to be configured is
displayed.
Step 3 Run:
protocol outer-vlan-only
The protocol type for the outer tag is specified.
NOTE
The protocol outer-vlan-only command takes effect on packets with more than one tag, but not on packets
with a single tag.
If the qinq protocol ethertype-value command has been run on the interface, the interface sets the outer
tag in packets to the ethertype-value value. If the qinq protocol ethertype-value command is not run on
the interface, the interface sets the outer tag in packets to the default value of 0x8100.
The protocol outer-vlan-only command is used on a physical interface.
----End
5.2.7 (Optional) Configuring a Subcard to Transparently Transmit
QinQ Packets Whose EType Values of the Outer TPIDs Are Not
0x8100
In the case that QinQ is configured, devices of different vendors use 0x8100 as the EType value
of the inner TPID but use different values as the EType value of the outer TPID. To implement
interworking between Huawei devices and non-Huawei devices, configure the subcards of
Huawei devices to transparently transmit QinQ packets whose EType values of the outer TPIDs
are not 0x8100.
Context
Perform the following steps on a Huawei device on which the QinQ tunnel function is to be
configured:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
slot slot-id
The slot view is displayed.
Step 3 Run:
qinq protocol transport enable
The subcards are enabled to transparently transmit QinQ packets whose EType values of the
outer TPIDs are not 0x8100.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
407
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
NOTE
qinq protocol transport enable is applicable only to the packets with double tags.
----End
5.2.8 Checking the Configurations
After a Layer 2 QinQ tunnel is successfully configured, you can view whether the VLAN is
enabled with the broadcast function, VLAN status, whether address learning is enabled, and
whether the configured Layer 2 QinQ tunnel interface is a QinQ stack interface.
Prerequisites
The QinQ tunnel function has been configured.
Procedure
l
Run the display vlan [ vlan-id [ verbose ] ] command to check VLAN information.
l
Run the display bpdu-tunnel interface config command to check the EthType
encapsulation value of the outer tag of the interface.
----End
Example
Running the display vlan command, you can view whether broadcast, VLAN status, and address
learning are enabled and view whether the interface configured with the QinQ tunnel function
is an untagged interface.
For example:
<HUAWEI> display vlan 10 verbose
VLAN ID
: 10
VLAN Type
: Common
Description : VLAN 0010
Status
: Enable
Broadcast
: Enable
MAC learning : Enable
Statistics
: Disable
---------------Untagged
Port: GigabitEthernet1/0/0
Running the display bpdu-tunnel interface config command, you can view the configuration
of TPID. For example:
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] display bpdu-tunnel interface config
BpduDot1qStatus disable
BpduOneQStatus
disable
BpduTwoQStatus
disable
EtherType
9100
Dot1qVlan
TwoQList
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
408
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
5.3 Configuring Selective QinQ on a Layer 2 Interface
This section describes how to configure Layer 2 selective QinQ. Therefore, a packet with
different outer VLAN tags can be transmitted and the EthType in the outer VLAN tag can be
flexibly configured.
5.3.1 Before You Start
Before configuring Layer 2 selective QinQ, familiarize yourself with the usage scenario,
complete the pre-configuration tasks, and obtain the required data. This can help you complete
the configuration task quickly and accurately.
Applicable Environment
Layer 2 selective QinQ is an extension of the QinQ tunnel. Layer 2 selective QinQ is more
flexible than the QinQ tunnel.
The major difference is as follows:
l
QinQ tunnel
It attaches the same outer tag to all the frames entering the Layer 2 QinQ interface.
l
Selective QinQ on the Layer 2 interface
It can attach different outer tags to the frames entering the Layer 2 QinQ interface according
to different inner tags.
Pre-configuration Task
Before configuring selective QinQ on a Layer 2 interface, complete the following tasks:
l
Ensure that the device is powered on correctly and operates properly.
l
Configure basic attributes of the Ethernet interface.
Data Preparation
To configure selective QinQ on a Layer 2 interface, you need the following data.
Issue 02 (2014-09-30)
No.
Data
1
ID of the outer VLAN tag
2
Interface number of the selective QinQ on the Layer 2 interface, ID of the inner VLAN
tag
3
(Optional) The protocol type for the outer tag
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
409
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
5.3.2 Creating the Outer VLAN Tag for a QinQ Interface
After a QinQ Layer 2 tunnel is configured, different outer tags can be added to packets and the
EthType in QinQ tags can be flexibly configured.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
vlan vlan-id
A VLAN is created and its view is displayed.
The VLAN ID refers to the value of the outer tag specified in the QinQ tunnel function. The
VLAN ID ranges from 1 to 4094.
----End
5.3.3 Configuring Selective QinQ Interface on a Layer 2 Interface
After selective QinQ is configured on a Layer 2 interface, the interface adds a public VLAN tag
to the user packet that carries a private VLAN tag so that the user packet can be forwarded on
the public network.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface { ethernet | gigabitethernet | eth-trunk } interface-number
The view of the Ethernet interface that need be configured with the Layer 2 selective QinQ is
displayed.
Step 3 (Optional) Run:
portswitch
The interface is configured as a Layer 2 interface.
If the interface is a Layer 2 interface, this step is unnecessary.
Step 4 Run the port vlan-stacking vlan vlan-id1 [ to vlan-id2 ] stack-vlan vlan-id3 command to
configure the interface type as a Layer 2 selective QinQ interface.
In this step, vlan-id1 and vlan-id2 specify the range of the inner tag of the frame received by the
interface; vlan-id3 is the value of the outer tag attached to the frame by the interface.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
410
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
5.3.4 (Optional) Configuring the Protocol Type for the Outer Tag
To implement interworking between devices of different vendors, in the case that QinQ is
configured, devices of different vendors use 0x8100 as the value of the EType in the inner Tag
Protocol Identifier (TPID) but use different values as the values of EType in the outer TPID. In
addition, the protocol type of the outer tag need be configured.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The view of the Ethernet interface that need be configured with the QinQ tunnel is displayed.
Step 3 Run:
qinq protocol ethertype-value
The protocol type of the outer tag is configured.
l IEEE 802.1ad defines the value of the EType field in the outer TPID to 0x88a8.
l The value of ethertype-value ranges from 0x0600 to 0xFFFF, and the default value is 0x8100.
NOTE
qinq protocol is applicable to only the packets with double tags.
----End
5.3.5 (Optional) Configuring the EtherType Value for VLAN TPIDs
This section describes how to configure the EtherType value for the inner and outer tags of
double-tagged packets received by Ethernet interfaces on a Huawei device equipped with the
LPUF-41/101. This Huawei device can communicate with a non-Huawei device only when they
use the same EtherType value.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
slot slot-id
The slot view is displayed.
Step 3 Run:
vlan protocol ethertype-value
An EtherType value is specified for the inner and outer tags of double-tagged packets received
by Ethernet interfaces.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
411
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
l In IEEE 802.1ad, the EtherType value of the TPID in the outer tag is defined as 0x88a8.
l The value of ethertype-value ranges from 0x0600 to 0xFFFF, and the default value is 0x8100.
NOTE
The vlan protocol ethertype-value command takes effect on all Ethernet interfaces on the board in the
specified slot and will override the qinq protocol ethertype-value configurations on the interfaces.
Running the vlan protocol ethertype-value command may interrupt ongoing services.
If the LPUF-41/101 is needed on both the AC side and the network side and different EtherType values
are required on the two sides, deploy configurations of the two sides on different boards.
----End
5.3.6 (Optional) Modifying the Protocol Type for the Outer Tag
When Huawei and non-Huawei devices are connected and QinQ is configured, devices of
various vendors set the inner TPID to 0x8100 and set the outer TPID to different values. To
allow Huawei and non-Huawei devices to communicate, the Ethernet encapsulation type of the
outer tag need be configured.
Perform the following steps on a device on which the Layer 2 QinQ tunnel function is to be
configured:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The view of the Ethernet interface on which the QinQ tunnel function is to be configured is
displayed.
Step 3 Run:
protocol outer-vlan-only
The protocol type for the outer tag is specified.
NOTE
The protocol outer-vlan-only command takes effect on packets with more than one tag, but not on packets
with a single tag.
If the qinq protocol ethertype-value command has been run on the interface, the interface sets the outer
tag in packets to the ethertype-value value. If the qinq protocol ethertype-value command is not run on
the interface, the interface sets the outer tag in packets to the default value of 0x8100.
The protocol outer-vlan-only command is used on a physical interface.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
412
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
5.3.7 (Optional) Configuring a Subcard to Transparently Transmit
QinQ Packets Whose EType Values of the Outer TPIDs Are Not
0x8100
In the case that QinQ is configured, devices of different vendors use 0x8100 as the EType value
of the inner TPID but use different values as the EType value of the outer TPID. To implement
interworking between Huawei devices and non-Huawei devices, configure the subcards of
Huawei devices to transparently transmit QinQ packets whose EType values of the outer TPIDs
are not 0x8100.
Context
Perform the following steps on a Huawei device on which the QinQ tunnel function is to be
configured:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
slot slot-id
The slot view is displayed.
Step 3 Run:
qinq protocol transport enable
The subcards are enabled to transparently transmit QinQ packets whose EType values of the
outer TPIDs are not 0x8100.
NOTE
qinq protocol transport enable is applicable only to the packets with double tags.
----End
5.3.8 Checking the Configurations
After Layer 2 selective QinQ is successfully configured, you can view whether the VLAN is
enabled with the broadcast function, VLAN status, whether address learning is enabled, and
whether the interface configured with the QinQ Layer 2 tunnel is a QinQ stack interface.
Prerequisites
Selective QinQ on a layer 2 interface has been configured.
Procedure
l
Issue 02 (2014-09-30)
Run the display vlan [ vlan-id [ verbose ] ] command to check VLAN information.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
413
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
l
5 QinQ Configuration
Run the display bpdu-tunnel interface config command to check the EthType
encapsulation value of the outer tag of the interface.
----End
Example
Run the display vlan command, and you can view whether broadcast, VLAN status, and address
learning are enabled and view whether the interface configured with the QinQ tunnel is a QinQ
stack interface. For example:
<HUAWEI> display vlan 10 verbose
VLAN ID
: 10
VLAN Type
: Common
Description : VLAN 0010
Status
: Enable
Broadcast
: Enable
MAC learning : Enable
Statistics
: Disable
---------------QinQ-stack Port: GigabitEthernet1/0/0
Running the display bpdu-tunnel interface config command, you can view the configuration
of TPID. For example:
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] display bpdu-tunnel interface config
BpduDot1qStatus disable
BpduOneQStatus
disable
BpduTwoQStatus
disable
EtherType
9100
Dot1qVlan
TwoQList
5.4 Configuring QinQ-based VLAN Tag Swapping
Function
This section describes how to configure VLAN tag swapping based on QinQ. Therefore, a device
can swap the inner tag with the outer tag in a packet with double VLAN tags.
5.4.1 Before You Start
Before configuring QinQ-based VLAN Tag Swapping, familiarize yourself with the usage
scenario, complete the pre-configuration tasks, and obtain the required data. This can help you
complete the configuration task quickly and accurately.
Applicable Environment
As shown in Figure 5-8, multiple DSLAMs access the UPE and send data packets to the UPE.
The packets received by the UPE contain double tags. The outer tag indicates the customer
VLAN and the inner tag indicates the service VLAN. For packets to be forwarded by the UPE,
their outer tag indicates the service VLAN and their inner tag indicates the customer VLAN. To
transmit packets to correct VLANs, the UPE needs to swap the inner VLAN tag with the outer
VLAN tag. In this manner, the outer tag in the packet can indicate the service VLAN and the
inner tag can indicate the customer VLAN.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
414
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Figure 5-8 Networking diagram of the VLAN swapping feature based on QinQ
IP
UPE
IP
C
C
S
Metro
Ethernet
Network
S
VLAN Swap
Service-POP
DSLAM
IP
HSI
VOIP
IP
S
S
IP
...
RG1
PE-AGG
IPTV
C
S
RG2
HSI
VOIP
IPTV
S:Service VLAN
C:Customer VLAN
PE-AGG:PE-Aggregation
DSLAM:Digital Subscriber Line Access Multiplexer
Service POP:Service Points-of-Presence
IPTV:Internet Protocol Television
UPE:Underlayer Provider Edge
HSI:High Speed Internet
RG:Residential Gateway
VOIP:Voice Over IP
NOTE
l If the inner and outer tags of all the packets transmitted over a main interface need be interchanged, you can
run the vlan-swap enable command on the main interface. After the main interface is configured with VLAN
tag swapping, all its sub-interfaces are enabled with VLAN tag swapping automatically.
Pre-configuration Tasks
Before configuring VLAN tag swapping based on QinQ, complete the following task:
l
Ensure that devices are connected correctly.
l
Configure the correct VLANs of users to enable the packets received by the main interface
for VLAN tag termination to carry double tags.
Data Preparation
To configure VLAN tag swapping based on QinQ, you need the following data.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
415
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
No.
Data
1
VLAN ID of the outer tag and the inner tag
5 QinQ Configuration
5.4.2 Configuring QinQ-based VLAN Tag Swapping
The VLAN Tag Swapping takes effect on double-tagged packets rather than on single-tagged
packets.
Context
NOTE
l If the inner and outer tags of all the packets transmitted over a main interface need be interchanged, you can
run the vlan-swap enable command on the main interface. After the main interface is configured with VLAN
tag swapping, all its sub-interfaces are enabled with VLAN tag swapping automatically.
Perform the following steps on the device to be configured with VLAN tag swapping based on
QinQ:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The view of the Ethernet interface that needs to be configured with VLAN tag swapping based
on QinQ is displayed.
Step 3 Run:
mode user-termination
The mode of the Ethernet interface is configured as user-termination mode.
When this command is run on the main interface, ensure that no sub-interface is configured
under this main interface.
Step 4 Run:
vlan-swap enable
VLAN tag swapping is enabled.
----End
5.4.3 Checking the Configurations
After LAN tag swapping based on QinQ is configured, you can check whether the interface is
enabled with VLAN swapping.
Prerequisites
VLAN tag swapping based on QinQ function has been configured.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
416
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Procedure
Step 1 Run the display current-configuration command to check information about the interface.
----End
Example
Run the display current-configuration command on the device that is configured with VLAN
swapping based on QinQ, and you can view whether VLAN tag swapping is enabled.
5.5 Configuring the Sub-interface for VLAN Tag
Termination to Access the IP Service
IP services include proxy ARP, and DHCP services. You can deploy IP services on subinterfaces for VLAN tag termination to enable the interworking between users in different
VLANs, therefore ensuring reliable, stable, and uninterrupted connections between the users
and the network.
5.5.1 Before You Start
Before configuring the sub-interface for VLAN tag termination to access the IP service,
familiarize yourself with the usage scenario, complete the pre-configuration tasks, and obtain
the required data. This helps you complete the configuration task quickly and accurately.
Applicable Environment
IP services are classified into the following types:
l
Proxy Address Resolution Protocol (ARP)
The sub-interface for VLAN tag termination can connect different VLANs to the same
network segment. If users on the same network segment belong to different VLANs, they
cannot communicate with each other on the Layer 2 network unless the sub-interface for
VLAN tag termination supports ARP proxy and therefore implements IP forwarding.
l
Dynamic Host Configuration Protocol (DHCP)
– The sub-interface for VLAN tag termination can be configured with the Dynamic Host
Configuration Protocol (DHCP) server function to assign IP addresses to users.
– The sub-interface for VLAN tag termination can be configured with the DHCP relay
function to provide reference for the DHCP server to assign IP addresses and parameters
by inserting tag information into Option82.
l
Virtual Router Redundancy Protocol (VRRP)
Users usually require communicating with certain networks at any time. In this case, The
Virtual Router Redundancy Protocol (VRRP) running on the sub-interface for VLAN tag
termination ensure a reliable communication and provides an active/standby mechanism
for dot1q or QinQ users.
NOTE
Proxy ARP, DHCP, and VRRP are different types of IP services, you can deploy one of them on the subinterface for VLAN tag termination as required.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
417
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Pre-configuration Tasks
Before configuring the sub-interface for VLAN tag termination to access the IP service, complete
the following tasks:
l
Ensure that devices are connected correctly.
l
Configure the correct VLANs of users to enable the packets received by the sub-interface
for VLAN tag termination to carry one or double tags.
Data Preparation
To configure the sub-interface for VLAN tag termination to access the IP service, you need the
following data.
No.
Data
1
Control VLAN ID of the termination sub-interface
2
Range of the termination tag of the interface
3
Group number of the VRRP backup group and the virtual IP
address
4
Priorities of the routers in the backup group
5
Preemption mode
6
IP addresses that are forbidden to assign
7
Number of the address pool
5.5.2 Configuring the Interface Mode as the User-Termination
Mode
You can run the dot1q-related or QinQ-related command on the sub-interface only when the
interface works in user-termination mode.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The view of the Ethernet interface receiving user packets is displayed.
Step 3 Run:
mode user-termination
The mode of the Ethernet interface is configured as user-termination mode.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
418
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
When this command is run on the main interface, ensure that no sub-interface is configured
under this main interface.
----End
5.5.3 Configuring the Sub-interface for dot1q VLAN Tag
Termination
The sub-interface that terminates a single tag is called the sub-interface for dot1q VLAN tag
termination.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.subinterface-number
The Ethernet sub-interface view or the Eth-Trunk sub-interface view is displayed.
Step 3 Run:
control-vid vid dot1q-termination [ rt-protocol ]
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with
one tag.
Step 4 (Optional) Create a user VLAN group.
1.
Run the vlan-group group-id command to create a user VLAN group.
2.
(Optional) Run the group mode { single | multiple } ommand to configure the working
mode of the user VLAN group.
By default, the user VLAN group works in single mode.
3.
Run the quit command to return to the Ethernet sub-interface view or the Eth-Trunk subinterface view.
The purpose of configuring the VLAN group for the users is to apply different QoS policies to
different VLAN groups.
Step 5 Run:
dot1q termination vid low-pe-vid [ to high-pe-vid ] [ vlan-group group-id ]
The VLAN tag termination function is configured for the dot1q sub-interface.
----End
5.5.4 Configuring the Sub-interface for QinQ VLAN Tag
Termination
If the route sub-interface that terminates double tags is called a sub-interface for QinQ VLAN
tag termination.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
419
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.subinterface-number
The Ethernet sub-interface view or the Eth-Trunk sub-interface view is displayed.
Step 3 Run:
control-vid vid qinq-termination [ local-switch | [ rt-protocol | dynamic ]
*
]
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with
double tags.
Step 4 (Optional) Create a user VLAN group.
1.
Run the vlan-group group-id command to create a user VLAN group.
2.
(Optional) Run the group mode { single | multiple } ommand to configure the working
mode of the user VLAN group.
By default, the user VLAN group works in single mode.
3.
Run the quit command to return to the Ethernet sub-interface view or the Eth-Trunk subinterface view.
The purpose of configuring the VLAN group for the users is to apply different QoS policies to
different VLAN groups.
Step 5 Run:
qinq termination pe-vid pe-vid [ to high-pe-vid ] ce-vid { low-ce-vid [ to high-cevid ] | any } [ vlan-group group-id ]
The sub-interface for VLAN tag termination is configured.
----End
5.5.5 Configuring the IP Service
After the sub-interface for VLAN tag termination is successfully configured, you need to
configure an IP service. In this manner, the user can access the IP service through the subinterface for VLAN tag termination.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.subinterface-number
The view of the sub-interface for VLAN tag termination is displayed.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
420
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Step 3 Configure the IP service.
Deploy one of the following services as required:
l Proxy ARP
Configure proxy ARP on the device. For detailed configuration, see the chapter "ARP
Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - IP
Services.
Enabling or disabling the ARP broadcast on the sub-interface makes the route status change
from Down to Up on the sub-interface. This may lead to route flapping on the entire network,
and even affect the running services.
l DHCP
Configure DHCP on the device. For detailed configuration, see the chapter "IPv4 Address
management" in the HUAWEI NetEngine80E/40E Router Configuration Guide - User
Access.
On a rather large network, if the PCs are connected to a router through other devices instead
of being directly connected to the router through Ethernet interfaces, the DHCP server based
on a global address pool needs to be configured so that the PCs can dynamically obtain IP
addresses from the router.
If a local network does not have a DHCP server, the DHCP relay function can be enabled on
the router. In this manner, the DHCP Request packet from the client can be transmitted to
the DHCP server through the DHCP relay.
l VRRP
Configure VRRP on the device. For detailed configuration, see the chapter "VRRP
Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide Reliability.
NOTE
When configuring VRRP and static ARP on the dot1q termination sub-interface, QinQ termination subinterface, or VLANIF interface at the same time, note the following:
l Do not configure the IP address mapping to the static ARP entry on the interface as the VRRP virtual
address.
l Do not configure the virtual address of the VRRP backup group where the interface resides as the IP
address mapping to the static ARP entry on the interface.
Otherwise, incorrect host routes are generated. This affects packet forwarding between devices.
----End
5.5.6 Checking the Configurations
After successfully configuring the sub-interface for VLAN tag termination to access the IP
service, you can view detailed configurations on the sub-interface for VLAN tag termination.
Prerequisites
The sub-interface for VLAN tag termination to access the IP service has been configured.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
421
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Procedure
l
Run the display dot1q information termination [ interface interface-type interfacenumber [.subinterface-number ] ] command to check information about the sub-interface
for dot1q VLAN tag termination.
l
Run the display qinq information { termination | stacking } [ interface interface-type
interface-number [.subinterface-number ] ] command to check information about the subinterface for QinQ VLAN tag termination.
----End
Example
Run the display dot1q information termination on the PE, and you can view information about
the sub-interface for dot1q VLAN tag termination. For example:
<HUAWEI> display dot1q information termination interface gigabitethernet 2/0/0
GigabitEthernet2/0/0.1
Total QinQ Num: 1
dot1q termination vid 10 to 20 vlan-group 1
Total vlan-group Num: 1
vlan-group 1
control-vid 1 dot1q-termination
Run the display qinq information termination command on the PE, and you can view
information about the sub-interface for QinQ VLAN tag termination. For example:
<HUAWEI> display qinq information termination interface gigabitethernet 2/0/0
GigabitEthernet2/0/0.1
Total QinQ Num: 1
qinq termination pe-vid 1000 ce-vid 100 to 200 vlan-group 1
Total vlan-group Num: 1
vlan-group 1
control-vid 1 qinq-termination
5.6 Configuring the Sub-interface for VLAN Tag
Termination to Access the Multicast Service
With the wide use of multicast services on the Internet, you need to deploy sub-interfaces for
QinQ/dot1q VLAN tag termination to process the user packets carrying a single tag or double
tags for multicast services. In this manner, the UPE can maintain information about the outbound
interface of multicast packets according to the established multicast forwarding table to ensure
the normal communications between hosts and the multicast source.
5.6.1 Before You Start
Before configuring the sub-interface for VLAN tag termination to access the multicast service,
familiarize yourself with the usage scenario, complete the pre-configuration tasks, and obtain
the required data. This helps you complete the configuration task quickly and accurately.
Applicable Environment
Multicast services are classified into the following types:
l
Issue 02 (2014-09-30)
Layer 2 multicast
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
422
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
After being bound to a VSI and enabled with IGMP snooping, the sub-interface for QinQ/
dot1q VLAN tag termination can listen IGMP messages exchanged between the multicast
device and hosts, and therefore can learn which interfaces have multicast receivers. In this
case, multicast packets are transmitted on the Layer 2 network in multicast mode rather
than broadcast mode, and consequently received only by members of the multicast group.
l
Layer 3 multicast
Multicast protocol packets with double tags are sent from the UPE to the upper network.
After the sub-interface for QinQ or dot1q VLAN tag termination is configured on the UPE,
the UPE creates the forwarding table and the routing table. When receiving multicast
protocol packets from hosts, the UPE can identify the packets and correctly forward the
packets. Based on the established multicast forwarding table, the UPE can replicate and
deliver multicast packets correctly.
Here, Layer 3 multicast mainly refers to IGMP.
Pre-configuration Tasks
Before configuring the sub-interface for VLAN tag termination to access the multicast service,
complete the following tasks:
l
Ensure that devices are correctly connected and that the physical interfaces of each device
are in the Up state.
l
Configure the correct VLANs of users to enable the packets received by the sub-interface
for VLAN tag termination to carry one or double tags.
Data Preparation
To configure the sub-interface for VLAN tag termination to access the multicast service, you
need the following data.
No.
Data
1
Control VLAN ID of the termination sub-interface
2
Range of the termination tag of the interface
3
IGMP version
4
Multicast group address and multicast source address
5
(Optional) ACL rules for the filtering based on multicast group addresses
5.6.2 Configuring the Interface Mode as the User-Termination
Mode
You can run the dot1q-related or QinQ-related command on the sub-interface only when the
interface works in user-termination mode.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
423
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The view of the Ethernet interface receiving user packets is displayed.
Step 3 Run:
mode user-termination
The mode of the Ethernet interface is configured as user-termination mode.
When this command is run on the main interface, ensure that no sub-interface is configured
under this main interface.
----End
5.6.3 Configuring the Sub-interface for dot1q VLAN Tag
Termination
The sub-interface that terminates a single tag is called the sub-interface for dot1q VLAN tag
termination.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.subinterface-number
The Ethernet sub-interface view or the Eth-Trunk sub-interface view is displayed.
Step 3 Run:
control-vid vid dot1q-termination [ rt-protocol ]
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with
one tag.
Step 4 (Optional) Create a user VLAN group.
1.
Run the vlan-group group-id command to create a user VLAN group.
2.
(Optional) Run the group mode { single | multiple } command to configure the working
mode of the user VLAN group.
By default, the user VLAN group works in single mode.
3.
Issue 02 (2014-09-30)
Run the quit command to return to the Ethernet sub-interface view or the Eth-Trunk subinterface view.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
424
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
The purpose of configuring the VLAN group for the users is to apply different QoS policies to
different VLAN groups.
Step 5 Run:
dot1q termination vid low-pe-vid [ to high-pe-vid ] [ vlan-group group-id ]
The VLAN tag termination function is configured for the dot1q sub-interface.
----End
5.6.4 Configuring the Sub-interface for QinQ VLAN Tag
Termination
If the route sub-interface that terminates double tags is called a sub-interface for QinQ VLAN
tag termination.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.subinterface-number
The Ethernet sub-interface view or the Eth-Trunk sub-interface view is displayed.
Step 3 Run:
control-vid vid qinq-termination [ local-switch | [ rt-protocol | dynamic ]
*
]
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with
double tags.
Step 4 (Optional) Create a user VLAN group.
1.
Run the vlan-group group-id command to create a user VLAN group.
2.
(Optional) Run the group mode { single | multiple } ommand to configure the working
mode of the user VLAN group.
By default, the user VLAN group works in single mode.
3.
Run the quit command to return to the Ethernet sub-interface view or the Eth-Trunk subinterface view.
The purpose of configuring the VLAN group for the users is to apply different QoS policies to
different VLAN groups.
Step 5 Run:
qinq termination pe-vid pe-vid [ to high-pe-vid ] ce-vid { low-ce-vid [ to high-cevid ] | any } [ vlan-group group-id ]
The sub-interface for VLAN tag termination is configured.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
425
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
5.6.5 (Optional) Configuring a Push Action
On an L2VPN network with both Huawei and non-Huawei devices, if user packets enter the
L2VPN network through a VLAN tag termination sub-interface or QinQ stacking sub-interface
of a Huawei device, you can configure a Push action on the Huawei device to add a VLAN tag
to user packets. This configuration ensures communication between the Huawei and non-Huawei
devices.
Context
As shown in Figure 5-9, CE1 and CE2 are connected to the L2VPN network through PE subinterfaces, PE1 and CE1 are Huawei devices, and PE2 and CE2 are non-Huawei devices.
If a PE1 user-side sub-interface is configured as a sub-interface for QinQ VLAN tag termination
in asymmetric mode, when receiving user packets, the sub-interface removes the outer VLAN
tag and adds another VLAN tag to the packets and then forwards the packets to the L2VPN
network.
Packets sent by the non-Huawei device PE2 to CE2 must carry two VLAN tags, but packets
forwarded by the Huawei device PE1 to PE2 carry only one VLAN tag. As a result, PE1 cannot
communicate with PE2, and users from user networks connected to CE1 and CE2 cannot
communicate with each other.
Figure 5-9 Networking for accessing an L2VPN through sub-interfaces
PE1
PE2 Two Tag CE2
QinQ
Termination+Push
Ethernet
Header
P-Tag
L2VPN
Network
VID
Payload
QinQ Termination
Ethernet
VID
Payload
Header
Push
Ethernet
Header
CE1
User
Network
User
Network
Payload
QinQ Termination (asymmetry)
Ethernet
PE VID CE VID Payload
Header
To address this issue, configure a push action on the PE1 user-side sub-interface. After
performing QinQ VLAN tag termination, the sub-interface then adds an inner VLAN tag to user
packets. As a result, PE1 can communicate with PE2 by sending double-tagged user packets.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
426
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Table 5-5 and Table 5-6 describe the packet processing on the inbound and outbound interfaces,
after a user-side sub-interface is configured as a VLAN tag termination sub-interface or QinQ
stacking sub-interface and a push action is configured on the sub-interface.
NOTE
The PW in Tagged mode is used as an example in Table 5-5 and Table 5-6.
Table 5-5 Packet processing on the inbound interface
Sub-interface Type
Packet Processing
Dot1q sub-interface
Keeps the original VLAN tag in a packet and then adds another
VLAN tag using the push action.
Sub-interface for dot1q
VLAN tag termination
Subinterface for
QinQ
VLAN tag
termination
In
asymme
tric
mode
Removes both VLAN tags from a packet, adds another VLAN tag
using the push action, and then adds a VLAN tag.
In
symmet
ric mode
Removes the outer VLAN tag from a packet, adds another VLAN
tag using the push action, and then adds a VLAN tag.
QinQ stacking subinterface
l Adds a VLAN tag using the push action, and then adds another
VLAN tag, if the packet carries one VLAN tag specified on the
sub-interface.
l Adds a VLAN tag using the push action, and then adds another
VLAN tag, if the packet carries two VLAN tag specified on the
sub-interface. The original inner VLAN tag is transparently
transmitted as data.
Table 5-6 Packet processing on the outbound interface
Sub-interface Type
Packet Processing
Dot1q sub-interface
Removes the outer VLAN tag from a packet and replaces the
remaining VLAN tag.
Sub-interface for dot1q
VLAN tag termination
Subinterface for
QinQ
VLAN tag
termination
Issue 02 (2014-09-30)
In
asymme
tric
mode
Removes both VLAN tags from a packet and adds two VLAN tags.
In
symmet
ric mode
Removes the outer VLAN tag from a packet and replaces the outer
VLAN tag of the remaining two VLAN tag.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
427
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Sub-interface Type
Packet Processing
QinQ stacking subinterface
l Removes the outer VLAN tag from a packet and replaces the
outer VLAN tag of the remaining two VLAN tag.
l Removes both VLAN tags from a packet and replaces the outer
VLAN tag of the remaining two VLAN tag.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.subinterface-number
The view of a user-side Ethernet sub-interface on a PE is displayed.
Step 3 Run:
push { vlan-id | inner-vlan | outer-vlan } [ 8021p { 8021p-value | inner-vlan |
outer-vlan } ]
A push action is configured so that the sub-interface adds a VLAN tag to received packets.
----End
5.6.6 (Optional) Configuring a PW-tag Action
On an L2VPN network with both Huawei and non-Huawei devices, the P-Tags on a non-Huawei
device are different than the P-Tags on a Huawei device. If user packets enter the L2VPN
network through a VLAN tag termination sub-interface, QinQ stacking sub-interface, or QinQ
mapping sub-interface on a Huawei device, you can configure a PW-tag action on the Huawei
device to replace the P-Tags in user packets to ensure communication between Huawei and nonHuawei devices.
Context
As shown in Figure 5-10, CE1 and CE2 are connected to the L2VPN network through PE subinterfaces, PE1 and CE1 are Huawei devices, and PE2 and CE2 are non-Huawei devices.
When a PE transmits multiple services over one PW, the PE adds different P-Tags to packets of
different services to isolate the packets on the L2VPN network. When the packets reach the subinterfaces of another PE on the other end of the PW, each sub-interface accepts only those packets
carrying the same P-Tag as that specified on the sub-interface.
However, because the P-Tags on PE1 and PE2 are different, PE1 cannot communicate with PE2,
and users from user networks connected to CE1 and CE2 cannot communicate with each other.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
428
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Figure 5-10 Networking for accessing an L2VPN through sub-interfaces
PE1
P-Tag'
Tagged mode
L2VPN
Network
Pw-tag
VLAN access
User
Network
CE2
PE2
Ethernet Tunnel VC Ethernet
IP
P-Tag'
Payload
Header Label Label Header
Header
Pw-tag
Ethernet Tunnel
VC
Header Label Label
Ethernet
IP
P-Tag
Payload
Header
Header
VLAN access
Ethernet
IP
P-Tag
Payload
Header
Header
CE1
User
Network
To address this issue, configure a PW-tag action on the user-side sub-interface of PE1 so that
the sub-interface changes the packets' P-Tags to match PE2's before forwarding the packets to
the PW. This allows PE1 to communicate with PE2.
Table 5-7 provides the default P-Tag values and the P-Tag values after the PW-tag action.
Table 5-7 P-Tag values
Sub-interface Type
Default P-Tag
P-Tag Value After
the PW-tag Action
Dot1q sub-interface
VLAN ID in a packet
New VLAN ID
Sub-interface for dot1q VLAN tag
termination
Sub-interface for
QinQ VLAN tag
termination
In
asymmetric
mode
Outer VLAN ID in a packet
In symmetric
mode
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
429
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Sub-interface Type
Default P-Tag
QinQ stacking sub-interface
Minimum VLAN ID in the
VLAN ID range specified on
the sub-interface
QinQ mapping sub-interface
Fixed VLAN ID in the system
P-Tag Value After
the PW-tag Action
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.subinterface-number
The view of a user-side Ethernet sub-interface on a PE is displayed.
Step 3 Run:
pw-tag { vlan-id | inner-vlan | outer-vlan } [ 8021p { 8021p-value | inner-vlan |
outer-vlan } ]
A PW-tag action is configured so that the sub-interface changes the P-Tags of packets before
forwarding the packets to the PW in Tagged mode.
----End
5.6.7 Configuring the Multicast Service
After the sub-interface for VLAN tag termination is successfully configured, you need to
configure the multicast service. In this manner, users can communicate with the multicast source.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.subinterface-number
The view of the sub-interface for VLAN tag termination is displayed.
Step 3 Configure the multicast service.
Deploy one of the following services as required:
l Configure Layer 2 multicast.
For detailed information, see the chapter "Layer 2 Multicast Configuration" in the HUAWEI
NetEngine80E/40E Router Configuration Guide - IP Multicast.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
430
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Before configuring Layer 2 multicast, ensure that a VSI has been successfully set up and the
sub-interface for VLAN tag termination has been bound to the VSI; otherwise, Layer 2
multicast cannot be successfully configured.
l Configure Layer 3 multicast.
For detailed information, see the chapter "IGMP Configuration" in the HUAWEI
NetEngine80E/40E Router Configuration Guide - IP Multicast.
CAUTION
Ensure that all IGMP device interfaces in the same network segment are configured with the
same IGMP version. Otherwise, a fault occurs.
----End
5.6.8 Checking the Configurations
After successfully configuring the sub-interface for VLAN tag termination to access the
multicast service, you can view detailed configurations on the sub-interface for VLAN tag
termination.
Prerequisites
The sub-interface for VLAN tag termination to access the multicast service has been configured.
Procedure
l
Run the display dot1q information termination [ interface interface-type interfacenumber [.subinterface-number ] ] command to check information about the sub-interface
for dot1q VLAN tag termination.
l
Run the display qinq information { termination | stacking } [ interface interface-type
interface-number [.subinterface-number ] ] command to check information about the subinterface for QinQ VLAN tag termination.
l
Run the display igmp-snooping querier { vsi vsi-name | vlan vlan-id } command to check
whether the IGMP querier is configured successfully.
l
Run the display igmp-snooping router-port { vsi vsi-name | vlan vlan-id } command to
check information about static router ports.
l
Run the display igmp-snooping port-info [ { vlan vlan-id | vsi vsi-name | slot slot-id }
[ group-address group-address ] ] [ verbose ] command to check information about Layer
2 multicast ports on the router.
l
Run the display igmp [ vpn-instance vpn-instance-name | all-instance ] interface
[ interface-type interface-number ] [ verbose ] command to check the configuration and
running of IGMP on an interface.
l
Run the display igmp [ vpn-instance vpn-instance-name | all-instance ] group [ groupaddress | interface interface-type interface-number ] [ verbose ]command to check
information about the members of an IGMP multicast group.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
431
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Example
Run the display dot1q information termination on the PE, and you can view information about
the sub-interface for dot1q VLAN tag termination. For example:
<HUAWEI> display dot1q information termination interface gigabitethernet 2/0/0
GigabitEthernet2/0/0.1
Total QinQ Num: 1
dot1q termination vid 10 to 20 vlan-group 1
Total vlan-group Num: 1
vlan-group 1
control-vid 1 dot1q-termination
Run the display qinq information termination command on the PE, and you can view
information about the sub-interface for QinQ VLAN tag termination. For example:
<HUAWEI> display qinq information termination interface gigabitethernet 2/0/0
GigabitEthernet2/0/0.1
Total QinQ Num: 1
qinq termination pe-vid 1000 ce-vid 100 to 200 vlan-group 1
Total vlan-group Num: 1
vlan-group 1
control-vid 1 qinq-termination
After the sub-interface for VLAN tag termination is successfully configured to access Layer 2
multicast:
l
Run the display igmp-snooping querier vsi command. You can check whether the querier
is configured successfully. If the Enable state is displayed as shown in the following output,
it indicates that the querier is enabled for VSI v123. For example:
<HUAWEI> display igmp-snooping querier vsi v123
VSI
Querier-state
----------------------------------------------v123
Enable
-----------------------------------------------
l
Run the display igmp-snooping router-port vsi on PE1. You can check whether the
configuration of the static router port succeeds. If STATIC is displayed as shown in the
following output, it indicates that GE 1/0/0 is already configured as a static router port in
VSI V123. For example:
<HUAWEI> display igmp-snooping router-port vsi v123
Port Name
UpTime
Expires
Flags
--------------------------------------------------------------------VSI v123, 1 router-port(s)
GE1/0/1.1
00:01:48
-STATIC
l
Run the display igmp-snooping port-info command, You can check information about
Layer 2 multicast ports on the router, including SSM Mapping ports, static member ports,
and dynamic member ports.
<HUAWEI> display igmp-snooping port-info
----------------------------------------------------------------------(Source, Group) Port
Flag
----------------------------------------------------------------------VSI v123, 1 Entry(s)
(1.1.1.1, 234.1.1.1) GE1/0/0.2(PE:20/CE:100)
-D1 port(s)
----------------------------------------------------------------------<HUAWEI> display igmp-snooping port-info slot 1
----------------------------------------------------------------------(Source, Group) Port
Flag
----------------------------------------------------------------------VSI v123, 1 Entry(s)
(1.1.1.1, 234.1.1.1)
P-GE1/1/0.2(PE:20/CE:100)
-D-
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
432
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
1 port(s) include
-----------------------------------------------------------------------
After the sub-interface for VLAN tag termination is successfully configured to access Layer 3
multicast:
l
Run the display igmp group command. You can view information about multicast groups.
For example:
<PE1> display igmp group
Interface group report information of VPN-Instance: public net
GigabitGigabitethernet1/0/1.1(1.1.1.9):
Total 1 IGMP Group reported
Group Address
Last Reporter
Uptime
Expires
226.0.0.1
192.168.0.1
00:00:03
00:02:07
5.7 Configuring the Sub-interface for VLAN Tag
Termination to Access the VPN Service
VPN services are classified into L2VPN services and L3VPN services. You can configure subinterfaces for VLAN tag termination on PEs to access VPNs to enable the interworking between
CEs and users.
5.7.1 Before You Start
Before configuring the sub-interface for VLAN tag termination to access the VPN service,
familiarize yourself with the usage scenario, complete the pre-configuration tasks, and obtain
the required data. This helps you complete the configuration task quickly and accurately.
Applicable Environment
VPN services are classified into the following types:
l
Layer 2 virtual private network (L2VPN)
– Pseudo-Wire Emulation Edge to Edge (PWE3)/Virtual Leased Line (VLL)
The access of the sub-interface for QinQ/dot1q VLAN tag termination to PWE3/VLL
means that the sub-interface for QinQ/dot1q VLAN tag termination is configured with
PWE3/VLL functions.
– Virtual Private LAN Service (VPLS)
The support of VPLS by the sub-interface for QinQ/dot1q VLAN tag termination refers
to configuring VPLS on the sub-interface for VLAN tag termination.
NOTE
When Dot1q termination sub-interfaces, QinQ termination sub-interfaces, or QinQ stacking subinterfaces are used for VLL or VPLS access, BPDUs can be transparently transmitted.
l
Layer 2 virtual private network (L3VPN)
The access of the sub-interface for QinQ/dot1q VLAN tag termination to L3VPN means
that the sub-interface for QinQ/dot1q VLAN tag termination is configured with L3VPN
functions.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
433
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
NOTE
When a sub-interface for dot1q VLAN tag termination accesses user services, if it is required to differentiate
the service types, you can deploy VLAN + 8021.p/DiffServ Code Point (DSCP)/EthType on the device
configured with the sub-interface.
l Services can be differentiated according to the 8021.p/DSCP priority or the EthType. Services are
mapped to different Virtual Switching Instances (VSIs) according to their 8021.p/DSCP/EthType
values, and then transmitted to the peer.
l Services can be differentiated according to the 8021.p priority or the DSCP priority. Services are
mapped to different VSIs according to their 8021.p or DSCP priorities, and then transmitted to the peer.
Pre-configuration Tasks
Before configuring the sub-interface for VLAN tag termination to access the VPN service,
complete the following tasks:
l
Ensure that devices are correctly connected and that the physical interfaces of each device
are in the Up state.
l
Configure the correct VLANs of users to enable the packets received by the sub-interface
for VLAN tag termination to carry one or double tags.
Data Preparation
To configure the sub-interface for VLAN tag termination to access the VPN service, you need
the following data.
No.
Data
1
Range of the dot1q termination tag of the interface,
802.1p priorities, DSCP values, or EthType values
2
(Optional) Mode of the sub-interface for QinQ VLAN tag
termination, (optional) VLAN group ID, VLAN ID range
to be terminated by the sub-interface for QinQ VLAN tag
termination
3
VLAN ID to be encapsulated
4
New P-Tag
5
IP address of the interface
l VLL
IP address of the interface, The L2VC IDs of two PW
ends (The two IDs must be the same), MPLS LSR-ID
l VPLS
IP address of the interface, The VC IDs of two PW
ends (The two IDs must be the same), VSI names,
MPLS LSR-ID
l L3VPN
IP address of the interface, Name of the VPN
instances, RD and VPN target of the VPN instances
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
434
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
5.7.2 Configuring the Interface Mode as the User-Termination
Mode
You can run the dot1q-related or QinQ-related command on the sub-interface only when the
interface works in user-termination mode.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The view of the Ethernet interface receiving user packets is displayed.
Step 3 Run:
mode user-termination
The mode of the Ethernet interface is configured as user-termination mode.
When this command is run on the main interface, ensure that no sub-interface is configured
under this main interface.
----End
5.7.3 Configuring the Sub-interface for dot1q VLAN Tag
Termination
The sub-interface that terminates a single tag is called the sub-interface for dot1q VLAN tag
termination.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.subinterface-number
The Ethernet sub-interface view or the Eth-Trunk sub-interface view is displayed.
Step 3 Run:
control-vid vid dot1q-termination [ rt-protocol ]
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with
one tag.
Step 4 (Optional) Create a user VLAN group.
1.
Issue 02 (2014-09-30)
Run the vlan-group group-id command to create a user VLAN group.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
435
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
2.
5 QinQ Configuration
(Optional) Run the group mode { single | multiple } ommand to configure the working
mode of the user VLAN group.
By default, the user VLAN group works in single mode.
3.
Run the quit command to return to the Ethernet sub-interface view or the Eth-Trunk subinterface view.
The purpose of configuring the VLAN group for the users is to apply different QoS policies to
different VLAN groups.
Step 5 (Optional) Run:
arp broadcast enable
The ARP broadcast of the sub-interface for VLAN tag termination is enabled.
NOTE
This configuration takes effect only when a sub-interface for QinQ VLAN tag termination accesses an
L3VPN. So, after configuring a sub-interface for QinQ VLAN tag termination to access an L3VPN, you
must enable the ARP broadcast function on the sub-interface.
Enabling or disabling the ARP broadcast on the sub-interface makes the route status change
from Down to Up on the sub-interface. This may lead to route flapping on the entire network,
and even affect the running services.
----End
5.7.4 Configuring the Sub-interface for QinQ VLAN Tag
Termination
If the route sub-interface that terminates double tags is called a sub-interface for QinQ VLAN
tag termination.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.subinterface-number
The Ethernet sub-interface view or the Eth-Trunk sub-interface view is displayed.
Step 3 Run:
control-vid vid qinq-termination [ local-switch | [ rt-protocol | dynamic ]
*
]
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with
double tags.
Step 4 (Optional) Run:
qinq termination l2 { symmetry | asymmetry }
The attributes of the sub-interface for QinQ VLAN tag termination are set.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
436
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
NOTE
This configuration takes effect only when a sub-interface for QinQ VLAN tag termination accesses an
L2VPN. So, after configuring a sub-interface for QinQ VLAN tag termination, you must configure the
attributes of the sub-interface.
Sub-interfaces for QinQ termination access an L2VPN in symmetrical mode or in asymmetrical
mode. User packets access an L2VPN in different modes. PEs process these packets in the ways
described in the following tables.
Table 5-8 Packet processing on the inbound interface
Type of the Inbound
Interface
VLL/PWE3/VPLS
Ethernet Encapsulation
VLAN Encapsulation
Symmetrical
Strips the outer tag.
Reserves the double tags, and
no action is required.
Asymmetrical
Strips the double tags.
Strips two tags and then adds
one tag.
Table 5-9 Packet processing on the outbound interface
Type of the Outbound
Interface
VLL/PWE3/VPLS
Ethernet Encapsulation
VLAN Encapsulation
Symmetrical
Adds the outer tag.
Replaces the outer tag.
Asymmetrical
Adds double tags.
Strips one tag and then adds
double tags
Step 5 (Optional) Create a user VLAN group.
1.
Run the vlan-group group-id command to create a user VLAN group.
2.
(Optional) Run the group mode { single | multiple } ommand to configure the working
mode of the user VLAN group.
By default, the user VLAN group works in single mode.
3.
Run the quit command to return to the Ethernet sub-interface view or the Eth-Trunk subinterface view.
The purpose of configuring the VLAN group for the users is to apply different QoS policies to
different VLAN groups.
Step 6 Run:
qinq termination pe-vid pe-vid [ to high-pe-vid ] ce-vid { low-ce-vid [ to high-cevid ] | any } [ vlan-group group-id ]
The sub-interface for VLAN tag termination is configured.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
437
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
5.7.5 Configuring the VPN Service
After successfully configuring the sub-interface for VLAN tag termination, you need to
configure the Virtual Private Network (VPN) service. In this manner, users can communicate
with each over an Layer 2 virtual private network (L2VPN) or an Layer 3 virtual private network
(L3VPN).
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.subinterface-number
The view of the sub-interface for VLAN tag termination is displayed.
Step 3 Configure the VPN service.
Deploy one of the following services as required:
l L2VPN
For detailed information, see the chapters "Virtual Leased Line (VLL) Configuration",
"Pseudo-Wire Emulation Edge to Edge (PWE3) Configuration", and "Virtual Private LAN
Service (VPLS) Configuration" in the HUAWEI NetEngine80E/40E Router Configuration
Guide - VPN.
The sub-interface for QinQ VLAN tag termination can be bound to a homogeneous VLL in
the following modes:
– Local Circuit Cross Connect (CCC) connection
– Remote CCC connection
– Remote SVC connection
– Local Kompella connection
– Remote Kompella connection
– Remote Martini connection
The sub-interface for dot1q VLAN tag termination can be bound to a homogeneous VLL or
a heterogeneous VLL in the following modes:
– Local Kompella connection
– Remote Kompella remote connection
– Local Martini connection
– Remote Martini connection
The sub-interface for QinQ/dot1q VLAN tag termination can be bound to VPLS in the
following modes:
– Martini VPLS
– Kompella VPLS
l L3VPN
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
438
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
For detailed information, see the chapter "Border Gateway Protocol (BGP) Multiprotocol
Label Switching (MPLS) IP VPN Configuration" in the HUAWEI NetEngine80E/40E
CConfiguration Guide - VPN.
----End
5.7.6 Checking the Configurations
After successfully configuring the sub-interface for VLAN tag termination to access the VPN
service, you can view detailed configurations on the sub-interface for VLAN tag termination.
Prerequisites
The sub-interface for VLAN tag termination to access the VPN service has been configured.
Procedure
l
Run the display dot1q information termination [ interface interface-type interfacenumber [.subinterface-number ] ] command to check information about the sub-interface
for dot1q VLAN tag termination.
l
Run the display qinq information { termination | stacking } [ interface interface-type
interface-number [.subinterface-number ] ] command to check information about the subinterface for QinQ VLAN tag termination.
l
Run the display mpls l2vpn [ l2vpn-name [ local-ce | remote-ce ] ] command to check
information about the L2VPN on the PE.
l
View the configuration of the L2VPN in CCC mode:
– Run the display vll ccc [ ccc-name | type { local | remote } ] command to check
information about the CCC connection.
– Run the display l2vpn ccc-interface vc-type ccc [ up | down ] command to check
information about the SVC interface in the Up or Down state.
l
View the configuration of the L2VPN in SVC mode:
– Run the display mpls static-l2vc [ interface interface-type interface-number ]
command to check information about the SVC L2VPN connection.
– Run the display l2vpn ccc-interface vc-type static-vc { up | down } command to check
information about the SVC interface in the Up or Down state.
l
View the configuration of the L2VPN in Martini mode:
– Run the display mpls l2vc [ vc-id | interface interface-type interface-number ]
command to check information about the Martini MPLS L2VPN connection on the PE.
– Run the display mpls l2vc remote-info [ vc-id ] command to check information about
the remote Martini MPLS L2VPN connection on the PE.
l
View the configuration of the L2VPN in Kompella mode:
– Run the display bgp l2vpn { all | group [ group-name ] | peer [ [ ip-address ]
verbose ] | route-distinguisher route-distinguisher [ ce-id ce-id [ label-offset labeloffset ] ] } command to check BGP information about the Kompella MPLS L2VPN.
– Run the display mpls l2vpn connection [ vpn-name { remote-ce ce-id | down | up |
verbose } | summary | interface interface-type interface-number ] command to check
information about the Kompella MPLS L2VPN.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
439
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
l
5 QinQ Configuration
Run the display interface interface-type interface-number vlan vlanid command to view
configurations of all sub-interfaces on a main interface.
----End
Example
Run the display dot1q information termination on the PE, and you can view information about
the sub-interface for dot1q VLAN tag termination. For example:
<HUAWEI> display dot1q information termination interface gigabitethernet 2/0/0
GigabitEthernet2/0/0.1
Total QinQ Num: 1
dot1q termination vid 10 to 20 vlan-group 1
Total vlan-group Num: 1
vlan-group 1
control-vid 1 dot1q-termination
Run the display qinq information termination command on the PE, and you can view
information about the sub-interface for QinQ VLAN tag termination. For example:
<HUAWEI> display qinq information termination interface gigabitethernet 2/0/0
GigabitEthernet2/0/0.1
Total QinQ Num: 1
qinq termination pe-vid 1000 ce-vid 100 to 200 vlan-group 1
Total vlan-group Num: 1
vlan-group 1
control-vid 1 qinq-termination
l
After VLL/PWE3 is successfully configured:
– Run the display vll ccc command, and you can find that the CCC VC status is Up. For
example:
<HUAWEI> display vll ccc
total ccc vc : 1
local ccc vc : 0, 0 up
remote ccc vc : 1, 1 up
name: ce2-ce1, type: remote, state: up,
intf: GigabitEthernet2/0/0 (up), in-label: 201 , out-label: 101 , outinterface : GigabitEthernet1/0/0
– Run the display l2vpn ccc-interface vc-type ccc command, and you can find that the
VC type is CCC, and the CCC status is Up. For example:
<HUAWEI> display l2vpn
Total ccc-interface of
up (1), down (0)
Interface
GigabitEthernet1/0/0
ccc-interface vc-type all
CCC VC: 1
Encap Type
ppp
State
up
VC Type
CCC
– Run the display mpls static-l2vc command, and you can find that the VC status is Up.
For example:
<HUAWEI> display mpls static-l2vc
Total svc connections: 1, 1 up, 0 down
*Client Interface
: GigabitEthernet1/0/0 is up
AC Status
: up
VC State
: up
VC ID
: 0
VC Type
: ppp
Destination
: 3.3.3.9
Transmit VC Label
: 100
Receive VC Label
: 200
Control Word
: Disable
VCCV Capability
: Disable
Tunnel Policy Name
: -Traffic Behavior
: --
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
440
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
PW Template Name
Create time
UP time
Last change time
5 QinQ Configuration
:
:
:
:
-0 days, 0 hours, 1 minutes, 38 seconds
0 days, 0 hours, 1 minutes, 11 seconds
0 days, 0 hours, 1 minutes, 11 seconds
– Run the display l2vpn ccc-interface vc-type static-l2vc up command, and you can
find that the VC type is SVC, and the SVC status is Up. For example:
<HUAWEI> display l2vpn
Total ccc-interface of
up (1), down (0)
Interface
GigabitEthernet1/0/0
ccc-interface vc-type all
CCC VC: 1
Encap Type
ppp
State
up
VC Type
SVC
Run the display mpls l2vc command, and you can find that "Destination" is the peer
address of the specified VC, and "VC State" is "up". For example:
<HUAWEI> display mpls l2vc
total LDP VC : 2
2 up
0 down
*client interface
: GigabitEthernet2/0/0.1
session state
: up
AC status
: up
VC state
: up
VC ID
: 101
VC type
: VLAN
destination
: 3.3.3.9
local VC label
: 21504
remote VC label
control word
: disable
forwarding entry
: existent
local group ID
: 0
manual fault
: not set
active state
: active
link state
: up
local VC MTU
: 1500
remote VC MTU
tunnel policy name
: -traffic behavior name: -PW template name
: -primary or secondary : primary
create time
: 0 days, 0 hours, 7 minutes, 53
up time
: 0 days, 0 hours, 2 minutes, 29
last change time
: 0 days, 0 hours, 2 minutes, 29
*client interface
: GigabitEthernet2/0/0.2
session state
: up
AC status
: up
VC state
: up
VC ID
: 102
VC type
: VLAN
destination
: 3.3.3.9
local VC label
: 21505
remote VC label
control word
: disable
forwarding entry
: existent
local group ID
: 0
manual fault
: not set
active state
: active
link state
: up
local VC MTU
: 1500
remote VC MTU
tunnel policy name
: -traffic behavior name: -PW template name
: -primary or secondary : primary
create time
: 0 days, 0 hours, 7 minutes, 50
up time
: 0 days, 0 hours, 2 minutes, 29
last change time
: 0 days, 0 hours, 2 minutes, 29
: 21504
: 1500
seconds
seconds
seconds
: 21505
: 1500
seconds
seconds
seconds
– Run the display mpls l2vc remote-info command, and you can find that " Peer Addr"
is the peer address of the specified VC. For example:
<HUAWEI> display mpls l2vc remote-info
Total remote ldp vc : 1
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
441
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Transport
N
S
VC ID
Bit
Bit
100
1
0
Group
5 QinQ Configuration
Peer
Remote
Remote
C
MTU/
ID
Addr
Encap
VC Label
Bit CELLS
0
3.3.3.9
vlan
17408
0
1500
– Run the display bgp l2vpn command, and you can find "Destination" is the peer address
of the VC, "route-distinguisher" of the L2VPN is correctly configured, and the label is
assigned to the peer device. For example:
<HUAWEI> display bgp l2vpn all
BGP Local router ID : 2.2.2.9, local AS number : 100
Origin codes:i - IGP, e - EGP, ? - incomplete
bgp.l2vpn: 1 destination
Route Distinguisher: 100:1
CE ID
Label Offset
Label Base
nexthop
pref
4
0
132096
3.3.3.9
100
as-path
– Run the display mpls l2vpn connection command, and you can find "VPN name" is
correctly configured, the connection status is Up, and "route-distinguisher" is correctly
configured. For example:
[HUAWEI] display mpls l2vpn connection
1 total connections,
connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown
VPN name: vpn1,
1 total connections,
connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown
CE name: ce1, id: 1,
Rid type status peer-id
route-distinguisher
intf
2
rmt up
3.3.3.9
100:1
GigabitEthernet1/0/0
– Run the display mpls l2vpn command on the PE, and you can view the detailed
configurations of the L2VPN. For example:
# Check the configurations of all the L2VPNs on the PE.
<HUAWEI> display mpls l2vpn
VPN number: 1
vpn-name
encap-type
vpn1
ppp
l
route-distinguisher
100:1
mtu
128
ce(L)
1
ce(R)
1
After VPLS is successfully configured:
Run the display vsi [ name vsi-name ] [ verbose ] command. From the display, you can
see that the "VSI State" item is "up". If you choose the parameter verbose, the "PW
Signaling" item is " ldp ", and the "VSI State" item is "up". For example:
<HUAWEI> display vsi name vsi1 verbose
***VSI Name
: vsi1
Administrator VSI
: no
Isolate Spoken
: disable
VSI Index
: 0
PW Signaling
: ldp
Member Discovery Style : static
PW MAC Learn Style
: unqualify
Encapsulation Type
: vlan
MTU
: 1500
Mode
: uniform
Service Class
: -Color
: -DomainId
: 0
Domain Name
:
VSI State
: up
Resource Status
: Valid
VSI ID
: 2
*Peer Router ID
: 3.3.3.9
VC Label
: 142336
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
442
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Peer Type
Session
Tunnel ID
*Peer Router ID
VC Label
Peer Type
Session
Tunnel ID
Interface Name
State
**PW Information:
*Peer Ip Address
PW State
Local VC Label
Remote VC Label
PW Type
Tunnel ID
*Peer Ip Address
PW State
Local VC Label
Remote VC Label
PW Type
Tunnel ID
l
5 QinQ Configuration
:
:
:
:
:
:
:
:
:
:
dynamic
up
0x80800b,
2.2.2.9
142337
dynamic
up
0x608006,
GigabitEthernet2/0/0.1
up
:
:
:
:
:
:
3.3.3.9
up
142336
142336
label
0x80800b,
: 2.2.2.9
: up
: 142337
: 142336
: label
: 0x608006,
After the L2VPN is successfully configured:
Run the display ip vpn-instance verbose [ vpn-instance-name ] command. The details
about the VPN instances created on the local device are displayed. The details cover the
creation date, the time being in the Up status, the RD value, VPN target and the policy used
to assign the labels.
<HUAWEI> display ip vpn-instance verbose
Total VPN-Instances configured : 1
Total IPv4 VPN-Instances configured : 1
Total IPv6 VPN-Instances configured : 0
VPN-Instance Name and ID : vpn1, 1
Address family ipv4
Create date : 2006/06/06 16:30:22
Up time : 0 days, 00 hours, 01 minutes and 03 seconds
Route Distinguisher : 100:1
Export VPN Targets : 1:2
Import VPN Targets : 1:2
Label policy : label per route
The diffserv-mode Information is : uniform
The ttl-mode Information is : uniform
Interfaces : GigabitEthernet1/0/0.1
Run the display interface vlan command, and you can view the configurations of all subinterfaces on a main interface. For example:
<HUAWEI> display interface GigabitEthernet1/0/1 vlan 1
Sub-Interface VlanPolicy
----------------------------------------------------------GE1/0/1.6
DSCP 10
GE1/0/1.5
default
GE1/0/1.4
8021p 2 to 5 7
----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 1 Sub-Interface num: 3
5.8 Configuring the Sub-interface for VLAN Tag
Termination to Access the MPLS Service
The sub-interface for VLAN tag termination to access the MPLS service is MPLS TE.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
443
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
5.8.1 Before You Start
Before configuring the sub-interface for VLAN tag termination to access the MPLS service,
familiarize yourself with the usage scenario, complete the pre-configuration tasks, and obtain
the required data. This helps you complete the configuration task quickly and accurately.
Applicable Environment
MPLS services are classified into the following types:
l
MPLS TE service
NOTE
l Only the VLL PW over TE is supported, and the VLL PW over TE FRR is not supported.
l For the VLL PW over TE, only an RSVP-TE tunnel is supported, and only IS-IS TE rather than OSPF
TE can be adopted.
l Only the sub-interfaces for Dot1q termination and QinQ termination, rather than QinQ stacking subinterfaces, support the preceding services.
Pre-configuration Tasks
Before configuring the sub-interface for VLAN tag termination to access the MPLS service,
complete the following tasks:
l
Ensure that devices are correctly connected and that the physical interfaces of each device
are in the Up state.
l
Configure the correct VLANs of users to enable the packets received by the sub-interface
for VLAN tag termination to carry one or double tags.
Data Preparation
To configure the sub-interface for VLAN tag termination to access the MPLS service, you need
the following data.
No.
Data
1
Control VLAN ID of the termination sub-interface
2
Range of the termination tag of the interface
3
IP address of the interface
5.8.2 Configuring the Interface Mode as the User-Termination
Mode
You can run the dot1q-related or QinQ-related command on the sub-interface only when the
interface works in user-termination mode.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
444
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The view of the Ethernet interface receiving user packets is displayed.
Step 3 Run:
mode user-termination
The mode of the Ethernet interface is configured as user-termination mode.
When this command is run on the main interface, ensure that no sub-interface is configured
under this main interface.
----End
5.8.3 Configuring the Sub-interface for dot1q VLAN Tag
Termination
The sub-interface that terminates a single tag is called the sub-interface for dot1q VLAN tag
termination.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.subinterface-number
The Ethernet sub-interface view or the Eth-Trunk sub-interface view is displayed.
Step 3 Run:
control-vid vid dot1q-termination [ rt-protocol ]
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with
one tag.
Step 4 (Optional) Create a user VLAN group.
1.
Run the vlan-group group-id command to create a user VLAN group.
2.
(Optional) Run the group mode { single | multiple } ommand to configure the working
mode of the user VLAN group.
By default, the user VLAN group works in single mode.
3.
Issue 02 (2014-09-30)
Run the quit command to return to the Ethernet sub-interface view or the Eth-Trunk subinterface view.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
445
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
The purpose of configuring the VLAN group for the users is to apply different QoS policies to
different VLAN groups.
Step 5 Run:
dot1q termination vid low-pe-vid [ to high-pe-vid ] [ vlan-group group-id ]
The VLAN tag termination function is configured for the dot1q sub-interface.
----End
5.8.4 Configuring the Sub-interface for QinQ VLAN Tag
Termination
If the route sub-interface that terminates double tags is called a sub-interface for QinQ VLAN
tag termination.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.subinterface-number
The Ethernet sub-interface view or the Eth-Trunk sub-interface view is displayed.
Step 3 Run:
control-vid vid qinq-termination [ local-switch | [ rt-protocol | dynamic ]
*
]
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with
double tags.
Step 4 (Optional) Create a user VLAN group.
1.
Run the vlan-group group-id command to create a user VLAN group.
2.
(Optional) Run the group mode { single | multiple } ommand to configure the working
mode of the user VLAN group.
By default, the user VLAN group works in single mode.
3.
Run the quit command to return to the Ethernet sub-interface view or the Eth-Trunk subinterface view.
The purpose of configuring the VLAN group for the users is to apply different QoS policies to
different VLAN groups.
Step 5 Run:
qinq termination pe-vid pe-vid [ to high-pe-vid ] ce-vid { low-ce-vid [ to high-cevid ] | any } [ vlan-group group-id ]
The sub-interface for VLAN tag termination is configured.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
446
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
5.8.5 Configuring the MPLS Service
After successfully configuring the sub-interface for VLAN tag termination, you need to
configure the MPLS service. In this manner, users can communicate with each over.
Context
Perform the following steps on the device that supports MPLS services:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.subinterface-number
The view of the sub-interface for VLAN tag termination is displayed.
Step 3 Configure the MPLS service.
Deploy one of the following services as required:
l MPLS TE
For detailed information, see the chapter "MPLS TE Configuration" in the HUAWEI
NetEngine80E/40E Router Configuration Guide - MPLS.
----End
5.8.6 Checking the Configurations
After successfully configuring the sub-interface for VLAN tag termination to access the MPLS
service, you can view detailed configurations on the sub-interface for VLAN tag termination.
Prerequisites
The sub-interface for VLAN tag termination to access the MPLS service has been configured.
Procedure
l
Run display mpls interface [ interface-type interface-number ] [ verbose ] command to
check information about an interface enabled with MPLS.
l
Run the display mpls rsvp-te [ interface interface-type interface-number ] command to
check information about RSVP.
l
Run the display mpls te tunnel [ destination ip-address ] [ lsp-id lsr-id session-id lspid | lsr-role { all | egress | ingress | remote | transit } ] [ name tunnel-name ] [ { incominginterface | interface | outgoing-interface } interface-type interface-number ] [ verbose ]
command to check the tunnel information.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
447
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
5.9 Configuring the Sub-interface for QinQ VLAN Tag
Termination to Support 802.1p Mapping Function
After tags are terminated on PEs, packets are sent to the IP or Multiprotocol Label Switching
(MPLS) network of the Internet Service Provider (ISP). To ensure the completeness of the
Quality of Service (QoS) information in the packets, the 802.1p values in outer and inner tags
need to be mapped to the DiffServ Code Point (DSCP) field or the EXP field.
5.9.1 Before You Start
Before configuring the sub-interface for QinQ VLAN tag termination to support 802.1p
mapping, familiarize yourself with the usage scenario, complete the pre-configuration tasks, and
obtain the required data. This can help you complete the configuration task quickly and
accurately.
Applicable Environment
l
QinQ Termination Supports the 802.1p Remark and DSCP Remark
According to RFC 2724, six bits of the Type of Service (ToS) field in an IPv4 packet header
serve as the DiffServ Code Point (DSCP), which provides reference for differentiated
services (DiffServ) and is used to ensure the Quality of Service (QoS) on the IP network.
The operation of the traffic controller on the gateway depends on the DSCP field.
After being terminated on the PE, the packet is sent to the ISP network. To ensure the
completeness of the QoS information in the packet, the mapping relationship between the
802.1p values in outer and inner tags and the DSCP field needs to be configured.
l
QinQ Termination Supports the 802.1p Remark and EXP (MPLS) Remark
The EXP field in an MPLS packet is used for Class of Service (CoS). The operation of the
traffic controller on the gateway depends on the field.
After a user packet is terminated, it is sent to the ISP MPLS network. To ensure the
completeness of the QoS information in the packet, the mapping relationship between the
802.1p values in outer and inner tags and the EXP field needs to be configured.
Pre-configuration Tasks
Before configuring the sub-interface for QinQ VLAN tag termination to support 802.1p
mapping, complete the following tasks:
l
Ensure that devices are correctly connected and that the physical interfaces of each device
are in the Up state.
l
Configure the correct VLANs of users to enable the packets received by the sub-interface
for VLAN tag termination to carry double tags.
Data Preparation
Before configuring the sub-interface for QinQ VLAN tag termination to support 802.1p
mapping, complete the following tasks:
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
448
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
No.
Data
1
Control VLAN ID of the termination sub-interface
2
Range of the termination tag of the interface
3
802.1p priorities of the outer and inner tags
5 QinQ Configuration
5.9.2 Configuring the Interface Mode as the User-Termination
Mode
You can run the dot1q-related or QinQ-related command on the sub-interface only when the
interface works in user-termination mode.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The view of the Ethernet interface receiving user packets is displayed.
Step 3 Run:
mode user-termination
The mode of the Ethernet interface is configured as user-termination mode.
When this command is run on the main interface, ensure that no sub-interface is configured
under this main interface.
----End
5.9.3 Configuring the Sub-interface for QinQ VLAN Tag
Termination to Support 802.1p Mapping
A specific 802.1p priority in packets can be mapped to the DSCP or EXP field only after the
sub-interface for QinQ VLAN tag termination is successfully configured with 802.1p mapping.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.subinterface-number
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
449
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
The view of the Ethernet sub-interface on the PE connecting to users is displayed.
Step 3 Run:
control-vid vid qinq-termination [ local-switch | [ rt-protocol | dynamic ]
*
]
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with
double tags.
Step 4 Run:
qinq termination pe-vid pe-vid [ to high-pe-vid ] ce-vid { low-ce-vid [ to high-cevid ] | any } [ vlan-group group-id ]
The sub-interface for VLAN tag termination is configured.
Step 5 Run:
qinq 8021p-mode { trust { ce-vid-8021p | pe-vid-8021p } | precedence-value }
802.1p mapping is configured.
By default, the sub-interface for QinQ VLAN tag termination trusts the 802.1p priority in the
outer tag. That is, before qinq 8021p-mode is configured on the sub-interface, the sub-interface
implements QoS policies according to the 802.1p priority in the outer tag of the received packets.
----End
5.9.4 Checking the Configurations
After successfully configuring the sub-interface for QinQ VLAN tag termination to support
802.1p mapping, you can view the detailed configurations on the sub-interface.
Prerequisites
Sub-interface for QinQ VLAN tag termination to support 802.1p mapping has been configured.
Procedure
l
Run the display qinq information { termination | stacking } [ interface interface-type
interface-number [.subinterface-number ] ] command to check information about the subinterface for QinQ VLAN tag termination.
----End
Example
Run the display qinq information termination command on the PE, and you can view
information about the sub-interface for QinQ VLAN tag termination. For example:
<HUAWEI> display qinq information termination interface gigabitethernet 2/0/0
GigabitEthernet 2/0/0.1
qinq 8021p-mode trust ce-vid-8021p
Total QinQ Num: 1
qinq termination pe-vid 1 ce-vid 2
Total vlan-group Num: 0
control-vid 1 qinq-termination
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
450
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
5.10 Configuring the Sub-interface for QinQ Stacking to
Access an L2VPN
You can configure sub-interfaces for QinQ stacking on PEs to access Layer 2 virtual private
networks (L2VPNs) so that the inner tags of user packets are invisible on the Internet Service
Provider (ISP) network.
5.10.1 Before You Start
Before configuring the Sub-interface for VLAN stacking to access L2VPN, familiarize yourself
with the usage scenario, complete the pre-configuration tasks, and obtain the required data. This
helps you complete the configuration task quickly and accurately.
Applicable Environment
The packet of the user that accesses the CE has one tag. The CE accesses the Internet Service
Provider (ISP) network through PEs.
It is required to configure a VLL or PWE3 on the PE for the sub-interface for VLAN stacking.
In this way, the user VLAN tags can be transparently transmitted on the ISP network, and the
user networks connected to the CEs can communicate.
To enable the PE to add an outer VLAN tag to received single-tagged packets, you can configure
QinQ stacking+802.1p/DiffServ Code Point (DSCP)/EthType on the PE. Then, each packet
entering an Ethernet sub-interface is attached with an outer VLAN tag based on the matching
policy.
Pre-configuration Tasks
Before configuring the sub-interface for VLAN stacking to access L2VPN, complete the
following tasks:
l
Connect devices correctly.
l
Configure the VLAN of the CE and the basic Layer 2 forwarding function to make the
packets sent from the CE to the PE carry one tag.
Data Preparation
To configure the sub-interface for VLAN stacking to access L2VPN, you need the following
data.
Issue 02 (2014-09-30)
No.
Data
1
The VLAN ID of the outer tag, (optional) VLAN group ID, 802.1p priorities,
DSCP values, or EthType values
2
VLAN ID to be encapsulated
3
New P-Tag
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
451
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
No.
Data
4
IP address of the interface
5 QinQ Configuration
l Virtual Leased Line (VLL)
IP address of the interface, The L2VC IDs of two PW ends (The two IDs
must be the same), MPLS LSR-ID
l Virtual Private LAN Service (VPLS)
IP address of the interface, The VC IDs of two PW ends (The two IDs must
be the same), VSI names, MPLS LSR-ID
5.10.2 Configuring the Interface Mode as the User-Termination
Mode
You can run the dot1q-related or QinQ-related command on the sub-interface only when the
interface works in user-termination mode.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The view of the Ethernet interface receiving user packets is displayed.
Step 3 Run:
mode user-termination
The mode of the Ethernet interface is configured as user-termination mode.
When this command is run on the main interface, ensure that no sub-interface is configured
under this main interface.
----End
5.10.3 Configuring the Sub-interface for VLAN Stacking
If a physical interface is used to access user packets, the interface can only access packets of a
single user. In this case, you can bind sub-interfaces for QinQ stacking to VSIs or L2VCs to
access an L2VPN so that a physical interface can simultaneously access packets of multiple
users.
Procedure
Step 1 Run:
system-view
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
452
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.subinterface-number
The view of the Ethernet sub-interface on the PE connecting to users is displayed.
Step 3 (Optional) Create a user VLAN group.
1.
Run the vlan-group group-id command to create a user VLAN group.
2.
(Optional) Run the group mode { single | multiple } ommand to configure the working
mode of the user VLAN group.
By default, the user VLAN group works in single mode.
3.
Run the quit command to return to the Ethernet sub-interface view or the Eth-Trunk subinterface view.
The purpose of configuring the VLAN group for the users is to apply different QoS policies to
different VLAN groups.
Step 4 Run the following command as required.
l Run:
qinq stacking vid low-ce-vid [ to high-ce-vid ] [ vlan-group group-id ]
User packets with VLAN IDs within the specified range are attached with an outer VLAN
tag and QinQ stacking is configured to transparently transmit the user packets.
User packets received on Ethernet sub-interface can carry a single VLAN tag or double
VLAN tags. If an Ethernet sub-interface receives an untagged packet or a packet whose outer
VLAN tag is not the user VLAN tag, the Ethernet sub-interface discards the packet.
When running the qinq stacking vid command on different sub-interfaces of a main
interface, the values of ce-vid cannot overlap.
NOTE
The qinq stacking vid low-ce-vid [ to high-ce-vid ] [ vlan-group group-id ] command cannot configure a
PE VLAN ID. To configure the PE VLAN ID of a QinQ stacking sub-interface accessing a VPLS in VLAN
encapsulation type, run the qinq stacking pe-vid pe-vid command. In this situation, the QinQ stacking subinterface encapsulates the PE VLAN ID into the outer VLAN tag of each packet entering the public network.
l Run:
qinq stacking vid low-ce-vid [ to high-ce-vid ] { 8021p { 8021p-value1 [ to 8021pvalue2 ] } &<1-10> | dscp { dscp-value1 [ to dscp-value2 ] } &<1-10> | eth-type
eth-type-value | default }
User packets received on Ethernet sub-interfaces are attached with an outer VLAN tag based
on the matching policy. The matching policy can be VLAN+802.1p, VLAN+DSCP, or
VLAN+EthType.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
453
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
NOTE
l When you run the qinq stacking vid low-ce-vid [ to high-ce-vid ] [ vlan-group group-id]command
on a sub-interface without configuring default or specifying 8021p-value, dscp-value, or eth-typevalue, it indicates that the VLAN range is exclusively occupied by the sub-interface and therefore any
VLAN within this range cannot be used in VLAN+802.1p/DSCP/EthType on other sub-interfaces.
l eth-type eth-type-value specifies the EthType. Currently, the EthType can be PPPoE or IPoE only.
To configure a sub-interface to process IPoE packets, you need to configure default when running the
qinq stacking vid low-ce-vid [ to high-ce-vid ] default command. When default is configured, it
indicates that all services from the VLAN are processed on the default sub-interface except that the
services configured with the matching policy are processed on the corresponding sub-interface as
specified in the matching policy.
----End
5.10.4 (Optional) Configuring a Push Action
On an L2VPN network with both Huawei and non-Huawei devices, if user packets enter the
L2VPN network through a VLAN tag termination sub-interface or QinQ stacking sub-interface
of a Huawei device, you can configure a Push action on the Huawei device to add a VLAN tag
to user packets. This configuration ensures communication between the Huawei and non-Huawei
devices.
Context
As shown in Figure 5-11, CE1 and CE2 are connected to the L2VPN network through PE subinterfaces, PE1 and CE1 are Huawei devices, and PE2 and CE2 are non-Huawei devices.
If a PE1 user-side sub-interface is configured as a sub-interface for QinQ VLAN tag termination
in asymmetric mode, when receiving user packets, the sub-interface removes the outer VLAN
tag and adds another VLAN tag to the packets and then forwards the packets to the L2VPN
network.
Packets sent by the non-Huawei device PE2 to CE2 must carry two VLAN tags, but packets
forwarded by the Huawei device PE1 to PE2 carry only one VLAN tag. As a result, PE1 cannot
communicate with PE2, and users from user networks connected to CE1 and CE2 cannot
communicate with each other.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
454
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Figure 5-11 Networking for accessing an L2VPN through sub-interfaces
PE1
PE2 Two Tag CE2
QinQ
Termination+Push
Ethernet
Header
P-Tag
L2VPN
Network
VID
Payload
QinQ Termination
Ethernet
VID
Payload
Header
Push
Ethernet
Header
CE1
User
Network
User
Network
Payload
QinQ Termination (asymmetry)
Ethernet
PE VID CE VID Payload
Header
To address this issue, configure a push action on the PE1 user-side sub-interface. After
performing QinQ VLAN tag termination, the sub-interface then adds an inner VLAN tag to user
packets. As a result, PE1 can communicate with PE2 by sending double-tagged user packets.
Table 5-10 and Table 5-11 describe the packet processing on the inbound and outbound
interfaces, after a user-side sub-interface is configured as a VLAN tag termination sub-interface
or QinQ stacking sub-interface and a push action is configured on the sub-interface.
NOTE
The PW in Tagged mode is used as an example in Table 5-10 and Table 5-11.
Table 5-10 Packet processing on the inbound interface
Sub-interface Type
Packet Processing
Dot1q sub-interface
Keeps the original VLAN tag in a packet and then adds another
VLAN tag using the push action.
Sub-interface for dot1q
VLAN tag termination
Subinterface for
QinQ
VLAN tag
termination
Issue 02 (2014-09-30)
In
asymme
tric
mode
Removes both VLAN tags from a packet, adds another VLAN tag
using the push action, and then adds a VLAN tag.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
455
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
Sub-interface Type
In
symmet
ric mode
QinQ stacking subinterface
5 QinQ Configuration
Packet Processing
Removes the outer VLAN tag from a packet, adds another VLAN
tag using the push action, and then adds a VLAN tag.
l Adds a VLAN tag using the push action, and then adds another
VLAN tag, if the packet carries one VLAN tag specified on the
sub-interface.
l Adds a VLAN tag using the push action, and then adds another
VLAN tag, if the packet carries two VLAN tag specified on the
sub-interface. The original inner VLAN tag is transparently
transmitted as data.
Table 5-11 Packet processing on the outbound interface
Sub-interface Type
Packet Processing
Dot1q sub-interface
Removes the outer VLAN tag from a packet and replaces the
remaining VLAN tag.
Sub-interface for dot1q
VLAN tag termination
Subinterface for
QinQ
VLAN tag
termination
In
asymme
tric
mode
Removes both VLAN tags from a packet and adds two VLAN tags.
In
symmet
ric mode
Removes the outer VLAN tag from a packet and replaces the outer
VLAN tag of the remaining two VLAN tag.
QinQ stacking subinterface
l Removes the outer VLAN tag from a packet and replaces the
outer VLAN tag of the remaining two VLAN tag.
l Removes both VLAN tags from a packet and replaces the outer
VLAN tag of the remaining two VLAN tag.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.subinterface-number
The view of a user-side Ethernet sub-interface on a PE is displayed.
Step 3 Run:
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
456
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
push { vlan-id | inner-vlan | outer-vlan } [ 8021p { 8021p-value | inner-vlan |
outer-vlan } ]
A push action is configured so that the sub-interface adds a VLAN tag to received packets.
----End
5.10.5 (Optional) Configuring a PW-tag Action
On an L2VPN network with both Huawei and non-Huawei devices, the P-Tags on a non-Huawei
device are different than the P-Tags on a Huawei device. If user packets enter the L2VPN
network through a VLAN tag termination sub-interface, QinQ stacking sub-interface, or QinQ
mapping sub-interface on a Huawei device, you can configure a PW-tag action on the Huawei
device to replace the P-Tags in user packets to ensure communication between Huawei and nonHuawei devices.
Context
As shown in Figure 5-12, CE1 and CE2 are connected to the L2VPN network through PE subinterfaces, PE1 and CE1 are Huawei devices, and PE2 and CE2 are non-Huawei devices.
When a PE transmits multiple services over one PW, the PE adds different P-Tags to packets of
different services to isolate the packets on the L2VPN network. When the packets reach the subinterfaces of another PE on the other end of the PW, each sub-interface accepts only those packets
carrying the same P-Tag as that specified on the sub-interface.
However, because the P-Tags on PE1 and PE2 are different, PE1 cannot communicate with PE2,
and users from user networks connected to CE1 and CE2 cannot communicate with each other.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
457
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Figure 5-12 Networking for accessing an L2VPN through sub-interfaces
PE1
P-Tag'
Tagged mode
L2VPN
Network
Pw-tag
VLAN access
User
Network
CE2
PE2
Ethernet Tunnel VC Ethernet
IP
P-Tag'
Payload
Header Label Label Header
Header
Pw-tag
Ethernet Tunnel
VC
Header Label Label
Ethernet
IP
P-Tag
Payload
Header
Header
VLAN access
Ethernet
IP
P-Tag
Payload
Header
Header
CE1
User
Network
To address this issue, configure a PW-tag action on the user-side sub-interface of PE1 so that
the sub-interface changes the packets' P-Tags to match PE2's before forwarding the packets to
the PW. This allows PE1 to communicate with PE2.
Table 5-12 provides the default P-Tag values and the P-Tag values after the PW-tag action.
Table 5-12 P-Tag values
Sub-interface Type
Default P-Tag
P-Tag Value After
the PW-tag Action
Dot1q sub-interface
VLAN ID in a packet
New VLAN ID
Sub-interface for dot1q VLAN tag
termination
Sub-interface for
QinQ VLAN tag
termination
In
asymmetric
mode
Outer VLAN ID in a packet
In symmetric
mode
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
458
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Sub-interface Type
Default P-Tag
QinQ stacking sub-interface
Minimum VLAN ID in the
VLAN ID range specified on
the sub-interface
QinQ mapping sub-interface
Fixed VLAN ID in the system
P-Tag Value After
the PW-tag Action
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.subinterface-number
The view of a user-side Ethernet sub-interface on a PE is displayed.
Step 3 Run:
pw-tag { vlan-id | inner-vlan | outer-vlan } [ 8021p { 8021p-value | inner-vlan |
outer-vlan } ]
A PW-tag action is configured so that the sub-interface changes the P-Tags of packets before
forwarding the packets to the PW in Tagged mode.
----End
5.10.6 Configuring the L2VPN
L2VPNs includes VLL, PWE3, and VPLS networks. A VLL simulates the traditional leased
line on the IP network, and provides asymmetric and low-cost digital data network (DDN)
services. The VLL is a point-to-point virtual private wire technology that can support almost all
the link layer protocols. PWE3 is an implementation mode of the VLL and the extension of the
Martini protocol. PWE3 extends the new signaling, reduces the cost of signaling, and defines
the multi-hop negotiation mode. This makes the networking more flexible. The VPLS
technology realizes a multipoint-to-multipoint VPN networking. Through this technology, the
ISP can provide Ethernet-based multipoint-to-multipoint services for users through an MPLS
backbone network.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.subinterface-number
The view of a sub-interface for QinQ stacking is displayed.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
459
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Step 3 Configure the L2VPN.
For detailed information, see the chapters "Virtual Leased Line (VLL) Configuration", "PseudoWire Emulation Edge to Edge (PWE3) Configuration" in the HUAWEI NetEngine80E/40E
Router Configuration Guide - VPN.
Deploy one of the following services as required:
l A sub-interface for QinQ stacking can be configured with various VLL connections,
including:
– Local Circuit Cross Connect (CCC) connection
– Remote CCC connection
– Remote SVC connection
– Local Kompella connection
– Remote Kompella connection
– Remote Martini connection
l A sub-interface for QinQ stacking can be configured with various VPLS connections,
including:
– Martini VPLS
– Kompella VPLS
NOTE
Run the qinq stacking client-mode single command on a sub-interface for QinQ stacking so that when
this sub-interface provides VPLS services, it learns only one MAC address no matter how many VLAN
segments are configured on it.
----End
5.10.7 Checking the Configurations
After successfully configuring the sub-interface for QinQ stacking to access an L2VPN, you can
view detailed configurations on the sub-interface.
Prerequisites
The sub-interface for QinQ stacking to access an L2VPN has been configured.
Procedure
l
Run the display qinq information stacking [ interface interface-type interface-number
[.subinterface-number ] ] command to check QinQ stacking information.
l
Run the display mpls l2vpn [ l2vpn-name [ local-ce | remote-ce ] ] command to check
information about the L2VPN on the PE.
l
View the configuration of the L2VPN in CCC mode:
– Run the display vll ccc [ ccc-name | type { local | remote } ] command to check
information about the CCC connection.
– Run the display l2vpn ccc-interface vc-type ccc [ up | down ] command to check
information about the SVC interface in the Up or Down state.
l
Issue 02 (2014-09-30)
View the configuration of the L2VPN in SVC mode:
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
460
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
– Run the display mpls static-l2vc [ interface interface-type interface-number ]
command to check information about the SVC L2VPN connection.
– Run the display l2vpn ccc-interface vc-type static-vc { up | down } command to check
information about the SVC interface in the Up or Down state.
l
View the configuration of the L2VPN in Martini mode:
– Run the display mpls l2vc [ vc-id | interface interface-type interface-number ]
command to check information about the Martini MPLS L2VPN connection on the PE.
– Run the display mpls l2vc remote-info [ vc-id ] command to check information about
the remote Martini MPLS L2VPN connection on the PE.
l
View the configuration of the L2VPN in Kompella mode:
– Run the display bgp l2vpn { all | group [ group-name ] | peer [ [ ip-address ]
verbose ] | route-distinguisher route-distinguisher [ ce-id ce-id [ label-offset labeloffset ] ] } command to check BGP information about the Kompella MPLS L2VPN.
– Run the display mpls l2vpn connection [ vpn-name { remote-ce ce-id | down | up |
verbose } | summary | interface interface-type interface-number ] command to check
information about the Kompella MPLS L2VPN.
l
Run the display interface interface-type interface-number vlan vlanid command to view
configurations of all sub-interfaces on a main interface.
----End
Example
Run the display qinq information stacking command on the PE. The details about the subinterface for VLAN stacking are displayed. For example:
<HUAWEI> display qinq information stacking interface gigabitethernet 1/0/1
GigabitEthernet1/0/1.1
VLL/PWE3 bound
Total QinQ Num: 2
qinq stacking vid 100 vlan-group 1
qinq stacking vid 200 vlan-group 1
Total vlan-group Num: 1
vlan-group 1
l
After VLL/PWE3 is successfully configured:
– Run the display vll ccc command, and you can find that the CCC VC status is Up. For
example:
<HUAWEI> display vll ccc
total ccc vc : 1
local ccc vc : 0, 0 up
remote ccc vc : 1, 1 up
name: ce2-ce1, type: remote, state: up,
intf: GigabitEthernet2/0/0 (up), in-label: 201 , out-label: 101 , outinterface : GigabitEthernet1/0/0
– Run the display l2vpn ccc-interface vc-type ccc command, and you can find that the
VC type is CCC, and the CCC status is Up. For example:
<HUAWEI> display l2vpn
Total ccc-interface of
up (1), down (0)
Interface
GigabitEthernet1/0/0
ccc-interface vc-type all
CCC VC: 1
Encap Type
ppp
State
up
VC Type
CCC
– Run the display mpls static-l2vc command, and you can find that the VC status is Up.
For example:
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
461
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
<HUAWEI> display mpls static-l2vc
Total svc connections: 1, 1 up, 0 down
*Client Interface
: GigabitEthernet1/0/0 is up
AC Status
: up
VC State
: up
VC ID
: 0
VC Type
: ppp
Destination
: 3.3.3.9
Transmit VC Label
: 100
Receive VC Label
: 200
Control Word
: Disable
VCCV Capability
: Disable
Tunnel Policy Name
: -Traffic Behavior
: -PW Template Name
: -Create time
: 0 days, 0 hours, 1 minutes, 38 seconds
UP time
: 0 days, 0 hours, 1 minutes, 11 seconds
Last change time
: 0 days, 0 hours, 1 minutes, 11 seconds
– Run the display l2vpn ccc-interface vc-type static-l2vc up command, and you can
find that the VC type is SVC, and the SVC status is Up. For example:
<HUAWEI> display l2vpn
Total ccc-interface of
up (1), down (0)
Interface
GigabitEthernet1/0/0
ccc-interface vc-type all
CCC VC: 1
Encap Type
ppp
State
up
VC Type
SVC
Run the display mpls l2vc command, and you can find that "Destination" is the peer
address of the specified VC, and "VC State" is "up". For example:
<HUAWEI> display mpls l2vc
total LDP VC : 2
2 up
0 down
*client interface
: GigabitEthernet2/0/0.1
session state
: up
AC status
: up
VC state
: up
VC ID
: 101
VC type
: VLAN
destination
: 3.3.3.9
local VC label
: 21504
remote VC label
: 21504
control word
: disable
forwarding entry
: existent
local group ID
: 0
manual fault
: not set
active state
: active
link state
: up
local VC MTU
: 1500
remote VC MTU
: 1500
tunnel policy name
: -traffic behavior name: -PW template name
: -primary or secondary : primary
create time
: 0 days, 0 hours, 7 minutes, 53 seconds
up time
: 0 days, 0 hours, 2 minutes, 29 seconds
last change time
: 0 days, 0 hours, 2 minutes, 29 seconds
*client interface
: GigabitEthernet2/0/0.2
session state
: up
AC status
: up
VC state
: up
VC ID
: 102
VC type
: VLAN
destination
: 3.3.3.9
local VC label
: 21505
remote VC label
: 21505
control word
: disable
forwarding entry
: existent
local group ID
: 0
manual fault
: not set
active state
: active
link state
: up
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
462
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
local VC MTU
:
tunnel policy name
:
traffic behavior name:
PW template name
:
primary or secondary :
create time
:
up time
:
last change time
:
5 QinQ Configuration
1500
remote VC MTU
: 1500
---primary
0 days, 0 hours, 7 minutes, 50 seconds
0 days, 0 hours, 2 minutes, 29 seconds
0 days, 0 hours, 2 minutes, 29 seconds
– Run the display mpls l2vc remote-info command, and you can find that " Peer Addr"
is the peer address of the specified VC. For example:
<HUAWEI> display mpls l2vc remote-info
Total remote ldp vc : 1
Transport Group Peer
Remote
N
S
VC ID
ID
Addr
Encap
Bit
Bit
100
0
3.3.3.9
vlan
1
0
Remote
C
MTU/
VC Label
Bit CELLS
17408
0
1500
– Run the display bgp l2vpn command, and you can find "Destination" is the peer address
of the VC, "route-distinguisher" of the L2VPN is correctly configured, and the label is
assigned to the peer device. For example:
<HUAWEI> display bgp l2vpn all
BGP Local router ID : 2.2.2.9, local AS number : 100
Origin codes:i - IGP, e - EGP, ? - incomplete
bgp.l2vpn: 1 destination
Route Distinguisher: 100:1
CE ID
Label Offset
Label Base
nexthop
pref
4
0
132096
3.3.3.9
100
as-path
– Run the display mpls l2vpn connection command, and you can find "VPN name" is
correctly configured, the connection status is Up, and "route-distinguisher" is correctly
configured. For example:
[HUAWEI] display mpls l2vpn connection
1 total connections,
connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown
VPN name: vpn1,
1 total connections,
connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown
CE name: ce1, id: 1,
Rid type status peer-id
route-distinguisher
intf
2
rmt up
3.3.3.9
100:1
GigabitEthernet1/0/0
– Run the display mpls l2vpn command on the PE, and you can view the detailed
configurations of the L2VPN. For example:
# Check the configurations of all the L2VPNs on the PE.
<HUAWEI> display mpls l2vpn
VPN number: 1
vpn-name
encap-type
vpn1
ppp
l
route-distinguisher
100:1
mtu
128
ce(L)
1
ce(R)
1
After VPLS is successfully configured:
Run the display vsi [ name vsi-name ] [ verbose ] command. From the display, you can
see that the "VSI State" item is "up". If you choose the parameter verbose, the "PW
Signaling" item is " ldp ", and the "VSI State" item is "up". For example:
<HUAWEI> display vsi name vsi1 verbose
***VSI Name
: vsi1
Administrator VSI
: no
Isolate Spoken
: disable
VSI Index
: 0
PW Signaling
: ldp
Member Discovery Style : static
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
463
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
PW MAC Learn Style
Encapsulation Type
MTU
Mode
Service Class
Color
DomainId
Domain Name
VSI State
Resource Status
VSI ID
*Peer Router ID
VC Label
Peer Type
Session
Tunnel ID
*Peer Router ID
VC Label
Peer Type
Session
Tunnel ID
Interface Name
State
**PW Information:
*Peer Ip Address
PW State
Local VC Label
Remote VC Label
PW Type
Tunnel ID
*Peer Ip Address
PW State
Local VC Label
Remote VC Label
PW Type
Tunnel ID
l
5 QinQ Configuration
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
unqualify
vlan
1500
uniform
--0
up
Valid
2
3.3.3.9
142336
dynamic
up
0x80800b,
2.2.2.9
142337
dynamic
up
0x608006,
GigabitEthernet2/0/0.1
up
:
:
:
:
:
:
3.3.3.9
up
142336
142336
label
0x80800b,
: 2.2.2.9
: up
: 142337
: 142336
: label
: 0x608006,
After the L2VPN is successfully configured:
Run the display ip vpn-instance verbose [ vpn-instance-name ] command. The details
about the VPN instances created on the local device are displayed. The details cover the
creation date, the time being in the Up status, the RD value, VPN target and the policy used
to assign the labels.
<HUAWEI> display ip vpn-instance verbose
Total VPN-Instances configured : 1
Total IPv4 VPN-Instances configured : 1
Total IPv6 VPN-Instances configured : 0
VPN-Instance Name and ID : vpn1, 1
Address family ipv4
Create date : 2006/06/06 16:30:22
Up time : 0 days, 00 hours, 01 minutes and 03 seconds
Route Distinguisher : 100:1
Export VPN Targets : 1:2
Import VPN Targets : 1:2
Label policy : label per route
The diffserv-mode Information is : uniform
The ttl-mode Information is : uniform
Interfaces : GigabitEthernet1/0/0.1
Run the display interface vlan command, and you can view the configurations of all subinterfaces on a main interface. For example:
<HUAWEI> display interface GigabitEthernet1/0/1 vlan 1
Sub-Interface VlanPolicy
----------------------------------------------------------GE1/0/1.6
DSCP 10
GE1/0/1.5
default
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
464
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
GE1/0/1.4
8021p 2 to 5 7
----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 1 Sub-Interface num: 3
5.11 Configuring Dynamic QinQ Function
Dynamic QinQ is configured on the sub-interface for VLAN tag termination of the Dynamic
Host Configuration Protocol (DHCP) relay at the client side to allocate VLAN tag resources for
login users. When a user abnormally logs out after obtaining an IP address, the system can sense
the event automatically, delete the binding in the DHCP binding table, and instruct the DHCP
server to release the IP address and VLAN tag resources.
5.11.1 Before You Start
Before configuring dynamic QinQ, familiarize yourself with the usage scenario, complete the
pre-configuration tasks, and obtain the required data. This helps you complete the configuration
task quickly and accurately.
Applicable Environment
A common sub-interface for QinQ termination can terminate a maximum of 16,000 doubletagged user packets. When the number of the user packets exceeds 16,000, you can use the
dynamic QinQ function. After that, the sub-interface for QinQ aggregation can terminate a
maximum of 64,000 double-tagged user packets.
Dynamic QinQ is configured on the sub-interface for VLAN tag termination on the client side
of the DHCP relay to allocate VLAN tags to the login users. After ARP is associated with the
DHCP binding table, when users log out abnormally after obtaining IP addresses, the system
senses this failure automatically, and then deletes the binding relationship in the DHCP binding
table and informs the DHCP server to release IP addresses and VLAN tags.
Pre-configuration Tasks
Before configuring dynamic QinQ, complete the following tasks:
l
Connect devices correctly.
l
Configure the correct VLANs of users to enable the packets received by the sub-interface
for VLAN tag termination to carry double tags.
Data Preparation
To configure dynamic QinQ, you need the following data.
Issue 02 (2014-09-30)
No.
Data
1
IP address of the interface to be configured with DHCP relay
2
Address pool range of the DHCP server
3
Tag values of the sub-interface for QinQ VLAN tag termination
4
Rate at which DHCP messages are sent to the CPU
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
465
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
No.
Data
5
Threshold for sending alarms to the NMS
5 QinQ Configuration
5.11.2 Configuring the Interface Mode as the User-Termination
Mode
You can run the dot1q-related or QinQ-related command on the sub-interface only when the
interface works in user-termination mode.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The view of the Ethernet interface receiving user packets is displayed.
Step 3 Run:
mode user-termination
The mode of the Ethernet interface is configured as user-termination mode.
When this command is run on the main interface, ensure that no sub-interface is configured
under this main interface.
----End
5.11.3 Configuring Dynamic QinQ
An ordinary sub-interface for QinQ VLAN tag termination can be configured to terminate user
packets with a maximum of 16 K combinations of inner and outer tags. If the number of
combinations of inner and outer tags exceeds 16 K, you can configure dynamic QinQ. In this
manner, the sub-interface for QinQ VLAN tag termination can terminate user packets with a
maximum of 32 K combinations of inner and outer tags on each board.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.subinterface-number
The Ethernet sub-interface view or the Eth-Trunk sub-interface view is displayed.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
466
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Step 3 Run:
control-vid vid qinq-termination dynamic
Configures the sub-interface to support dynamic QinQ.
Step 4 Run:
qinq-dynamic max-access-user access-user-number
Dynamic QinQ resources are pre-allocated.
Step 5 Run:
qinq-dynamic user-queue queue-number bandwidth bandwidth { inbound | outbound }
The QinQ dynamic bandwidth CIR resources are pre-allocated.
NOTE
In the case of interfaces configured with dynamic QinQ, usually it is users who send the ARP request
actively to the gateway device; if ARP rigid learning is also configured on the device, all interfaces on the
device learn the responses to the ARP requests that are actively sent by themselves instead of learning the
requests sent by other devices. As a result, dynamic QinQ interfaces on this device cannot learn ARP entries
of users and then users fail to log in. To solve the problem, you can run the arp learning strict forcedisable command on the interface configured with dynamic QinQ so that the interface can learn the ARP
requests sent by users.
Step 6 Run:
qinq termination pe-vid pe-vid [ to high-pe-vid ] ce-vid { low-ce-vid [ to high-cevid ] | any } [ vlan-group group-id ]
The sub-interface for VLAN tag termination is configured.
----End
5.11.4 Configuring DHCP Snooping
As a Dynamic Host Configuration Protocol (DHCP) security feature, Dynamic Host
Configuration Protocol (DHCP) snooping filters out untrusted DHCP messages, and creates and
maintains a DHCP snooping binding table. The binding table contains the MAC address, IP
address, lease, binding type, VLAN ID, and interface information. DHCP snooping acts as a
firewall between DHCP clients and a DHCP server.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.subinterface-number
The view of a sub-interface for QinQ VLAN tag termination is displayed.
Step 3 Configure DHCP snooping.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
467
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
NOTE
l On the DHCP relay, you need to use the dhcp option82 insert enable command or the dhcp option82
rebuild enable command to enable the sub-interface for QinQ VLAN tag termination to insert the
Option 82 field into the DHCP message.
If the QinQ sub-interface is not configured with Option 82, when accessing the DHCP relay service,
the QinQ sub-interface encapsulates all the DHCP messages received from the DHCP relay with only
the smallest VLAN ID configured on it and sends the messages to the client side. The other VLAN
IDs are not processed.
l The DHCP server must support the Option82 return function. Namely, the Offer or ACK message
returned from the DHCP server must contain the Option82 information.
l Run the arp learning strict force-disable command to unfetter the dynamic QinQ interface from
global ARP rigid learning so that the dynamic QinQ interface can learn the ARP request sent by users.
----End
5.11.5 Checking the Configurations
After successfully configuring dynamic QinQ, you can view the detailed configurations on the
sub-interface for QinQ VLAN tag termination.
Prerequisites
Dynamic QinQ has been configured.
Procedure
l
Run the display qinq information { termination | stacking } [ interface interface-type
interface-number [.subinterface-number ] ] command to check information about the subinterface for QinQ VLAN tag termination.
l
Run the display dhcp snooping global command to check information about DHCP
snooping.
----End
Example
Run the display qinq information termination command on the PE, and you can view
information about the sub-interface for QinQ VLAN tag termination. For example:
<HUAWEI> display qinq information termination interface gigabitethernet 2/0/0
GigabitEthernet2/0/0.1
Total QinQ Num: 1
qinq termination pe-vid 1000 ce-vid 100 to 200 vlan-group 1
Total vlan-group Num: 1
vlan-group 1
control-vid 1 qinq-termination
Running the display dhcp snooping global command on the DHCP relay, you can find that
DHCP snooping is enabled in the global view and interface view. In addition, you can view the
statistics of the alarm message sent to the NMS.
<DHCP-Relay> display dhcp snooping global
dhcp snooping enable
dhcp snooping nomatch-packet ip action discard
dhcp snooping nomatch-packet arp action discard
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
468
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
5.12 Configuring the Sub-interface for QinQ VLAN Tag
Termination to Support URPF
Configuring sub-interfaces for QinQ VLAN tag termination to support Unicast Reverse Path
Forwarding (URPF) effectively prevents attacks based on source address spoofing through subinterfaces for QinQ VLAN tag termination.
5.12.1 Before You Start
Before configuring sub-interfaces for QinQ VLAN tag termination to support URPF, familiarize
yourself with the usage scenario, complete the pre-configuration tasks, and obtain the required
data. This can help you complete the configuration task quickly and accurately.
Applicable Environment
On the ISP network, a router may receive the packet with the spoofing source address. In this
case, you need to configure URPF on the relevant interface to avoid the attacks based on the
source address spoofing.
When a router receives a packet with double tags, you need to apply URPF on the sub-interface
for QinQ VLAN tag termination.
Pre-configuration Tasks
Before configuring the sub-interface for QinQ VLAN tag termination to support URPF,
complete the following tasks:
l
Configure the physical parameters of the interface.
l
Configure the link protocol of the interface.
l
Assign the IP address to the interface.
Data Preparation
To configure the sub-interface for QinQ VLAN tag termination to support URPF, you need the
following data.
No.
Data
1
The number of QinQ interface which to be configured with URPF
2
Termination range of the sub-interface for QinQ VLAN tag termination
5.12.2 Configuring the Ethernet Interface of the PE
You can use QinQ configuration commands on sub-interfaces only when the main interface
works in user termination mode.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
469
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Context
Perform the following steps on the PE.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface { gigabitethernet | eth-trunk } interface-number
The Ethernet interface view is displayed.
Step 3 Run:
mode user-termination
The mode of the Ethernet interface is configured as user-termination mode.
----End
5.12.3 Configuring the Ethernet Sub-interface of the PE
For a sub-interface for QinQ VLAN tag termination, you need to configure double tags that are
carried in a user packet and can be terminated by the sub-interface.
Context
Perform the following steps on the PE.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface { gigabitethernet | eth-trunk } interface-number.subinterface-number
The Ethernet sub-interface view is displayed.
Step 3 Run:
control-vid vid qinq-termination [ local-switch | [ rt-protocol | flexible ] * ]
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the user packets
with double tags.
Step 4 Run:
qinq termination pe-vid pe-vid ce-vid low-ce-vid [ to high-ce-vid ]
The VLAN tag termination function is configured for the sub-interface.
----End
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
470
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
5.12.4 Configuring URPF on the Sub-interface for QinQ VLAN Tag
Termination
Sub-interfaces for VLAN tag termination on the NE80E/40E support the loose URPF check
only.
Context
Perform the following steps on the PE.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface { gigabitethernet | eth-trunk } interface-number.subinterface-number
The sub-interface for QinQ VLAN tag termination view is displayed.
Step 3 Run:
ip urpf loose [ allow-default ]
URPF is enabled. That is, the IP address must be in the FIB but the interface may not be matched.
----End
5.12.5 Checking the Configurations
After sub-interfaces for QinQ VLAN tag termination are configured to support URPF, the
NE80E/40E can effectively defend itself against network attacks with bogus source IP addresses.
Procedure
Step 1 Run the display qinq information termination [ interface interface-type interface-number
[.subinterface-number ] ] command to display the information of QinQ termination.
----End
Example
Run the display qinq information termination command on PE. The details about the subinterface for QinQ termination are displayed. For example:
# Display the information on the sub-interface for QinQ termination.
<HUAWEI> display qinq information termination interface gigabitethernet 1/0/0
GigabitEthernet1/0/0.1
Total QINQ Num: 1
qinq termination pe-vid 10 ce-vid 100
Total vlan-group Num: 0
control-vid 1 qinq-termination
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
471
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
5.13 Configuring the User-Side QinQ
When configuring a user VLAN on an Ethernet sub-interface, you can specify either the start
and end VLAN IDs or the start and end QinQ VLAN IDs. Note that a maximum of 16 consecutive
QinQ VLAN IDs can be specified in a command. When the NE80E/40E is connected to users
through two switches, the switch adjacent to users adds an inner tag to a user packet (or remove
the inner tag from the user packet) and the switch adjacent to the NE80E/40E adds an outer tag
to the user packet (or remove the outer tag from the user packet).
NOTE
User-Side QinQ cannot be configured on the X1 and X2 models of the NE80E/40E.
5.13.1 Before You Start
Before configuring QinQ functions at the user side of the BRAS, familiarize yourself with the
usage scenario, complete the pre-configuration tasks, and obtain the required data. This can help
you complete the configuration task quickly and accurately.
Applicable Environment
When the number of VLANs on an interface is more than 4000, you should configure QinQ to
expand the VLAN capacity.
Pre-configuration Task
Before configuring the user-side QinQ, complete the following tasks:
l
Set the physical parameters of the relevant interfaces.
l
Configure the IP addresses and BRAS attributes of the relevant interfaces.
Data Preparation
To configure the user-side QinQ, you need the following data.
No.
Data
1
QinQ ID
2
Sub-interface number
5.13.2 Creating a User-Side VLAN
When a Layer 2 common user accesses the device through an Ethernet sub-interface, configuring
a user-side VLAN is necessary.
Context
Perform the following steps on the NE80E/40E:
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
472
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.sub-interface-nmuber
The sub-interface view is displayed.
Step 3 Run:
user-vlan { start-vlan-id [ end-vlan-id ] [ qinq start-qinq-id end-qinq-id
other }
] | any-
The user-side VLAN is created on the sub-interface.
When configuring user-side VLANs on an Ethernet sub-interface, you can specify a VLAN
range by setting start-vlan and end-vlan or specify all other VLANs by setting any-other
(containing all the VLANs that are not used by other sub-interfaces in 4094 x 4094 VLANs for
double-tag encapsulation and 4094 VLANs for one-tag encapsulation). If some VLANs are
being used by other sub-interfaces, the any-other parameter does not take effect to these VLANs.
When configuring user-side VLANs on an Ethernet sub-interface, you can also specify QinQ
VLANs. Two LAN switches are connected to the NE80E/40E. The packets of the LAN switch
close to the user are tagged with inner VLAN IDs (start-vlan-id), and the packets of the upper
LAN switch are tagged with outer QinQ VLAN IDs (qinq-id). For details, see QinQ
Configuration.
By default, no user-side VLAN is configured on the Ethernet sub-interface.
----End
5.13.3 Checking the Configurations
After QinQ functions are configured for a sub-interface at the user side of the BRAS, users can
access the network through the sub-interface.
Prerequisites
QinQ has been configured at the user side of the BRAS.
Procedure
l
Run the display this command in the sub-interface view at the user side to check QinQ
configuration.
l
Run the display user-vlan dynamic command in the user view to check VLAN information
of online dynamic users.
----End
Example
Run the display user-vlan dynamic command to check VLAN information of online dynamic
users. For example:
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
473
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
<HUAWEI> display user-vlan dynamic interface gigabitethernet1/0/1.1
pe-vlan : ce-vlan
number of online users
-------------------------------------------------------------------0 : 200
3
0 : 201
300
10 : 100
1
10 : 101
1
10 : 102
2
vlan counters : 5. Single vlan : 2 Qinq vlan: 3.
5.14 Maintaining QinQ
Commands of clearing statistics on a QinQ interface helps to locate the faults on a QinQ interface.
5.14.1 Clearing QinQ Statistics
You can run the reset command to clear the QinQ statistics before recollecting QinQ statistics.
Context
NOTICE
Statistics about QinQ packets cannot be restored after you clear it. So, confirm the action before
you use the command.
To clear the QinQ Statistics, run the following reset command in the user view:
Procedure
Step 1 Run the reset qinq statistic interface interface-type interface-number.subinterface-number
vlan-group group-id command to clear the QinQ statistics.
----End
5.14.2 Monitoring the Operating Status of the Termination Subinterface
In routine maintenance, you can run the following display commands in any view to check the
operation of the sub-interface for QinQ/dot1q VLAN tag termination.
Procedure
l
Run the display dot1q information termination [ interface interface-type interfacenumber [.subinterface-number ] ] command in any view to check information about the
sub-interface for dot1q VLAN tag termination.
l
Run the display qinq information termination [ interface interface-type interfacenumber [.subinterface-number ] ] command in any view to check information about the
sub-interface for QinQ VLAN tag termination.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
474
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
l
5 QinQ Configuration
Run the display qinq information stacking [ interface interface-type interface-number
[.subinterface-number ] ] command in any view to check information about QinQ Stacking.
----End
5.15 Configuration Examples
This section describes the typical application scenarios of QinQ, including networking
requirements, configuration roadmap, and data preparation, and provides related configuration
files.
NOTE
This document takes interface numbers and link types of the NE40E-X8 as an example. In working
situations, the actual interface numbers and link types may be different from those used in this document.
5.15.1 Example for Configuring the QinQ Tunnel
After a Layer 2 QinQ tunnel is configured, different enterprises can plan their own VLANs. In
this manner, offices in different locations of the same enterprise can communicate whereas
different enterprises cannot.
Networking Requirements
In the network as shown in Figure 5-13, enterprise 1 has two offices and enterprise 2 has three
offices; offices of enterprise 1 and enterprise 2 connect to RouterA and RouterB in the operator
network respectively. Enterprise 1 and enterprise 2 can partition their own VLANs as desired.
It is required to configure the QinQ tunnel on RouterA and RouterB. Therefore, office networks
in enterprise 1 or enterprise 2 can interwork but office networks between enterprise 1 and
enterprise 2 cannot interwork.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
475
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
Figure 5-13 Typical networking diagram of the QinQ tunnel
Company 2
Company 2
RouterB
GE1/0/1
GE2/0/1
GE3/0/1
……
RouterA
VLAN1000 VLAN4094
……
GE1/0/0
GE1/0/1
VLAN500 VLAN2500
GE3/0/1
GE2/0/1
……
……
VLAN2
VLAN500
Company 1
……
VLAN1000 VLAN2000
VLAN100 VLAN500
Company 2
Company 1
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the default outer VLAN tag.
2.
Configure QinQ for a Layer 2 interface.
3.
Configure the interfaces disabled with QinQ and allow the packets carrying the specific
outer tags to pass through the interface.
Data Preparation
To complete the configuration, you need the following data:
l
Number of the interface connecting to enterprise 1 and enterprise 2
l
Default VLAN ID of the QinQ interface connecting to enterprise 1 and enterprise 2
Procedure
Step 1 Create the default outer VLAN tag for a Layer 2 interface.
# Configure RouterA.
Issue 02 (2014-09-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
476
HUAWEI NetEngine80E/40E Router
Configuration Guide - LAN Access and MAN Access
5 QinQ Configuration
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] vlan batch 10 20
# Configure RouterB.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] vlan batch 20
Step 2 Configure QinQ for a Layer 2 interface.
# Configure RouterA.
[RouterA] interface gigabitethernet 1/0/1
[RouterA-GigabitEthernet1/0/1] portswitch
[RouterA-GigabitEthernet1/0/1] port