HP 3500, 3500yl, 5400zl, 6200yl, 6600 Advanced Traffic Management Manual

HP Switch Software

3500 switches
3500yl switches
5400zl switches
6200yl switches
6600 switches
8200zl switches

Software version K.15.06
September 2011

Advanced Traffic Management Guide

HP Networking

3500 Switches
3500yl Switches
5400zl Switches
6200yl Switch
6600 Switches
8200zl Switches

September 2011

K.15.06

Advanced Traffic Management Guide

© Copyright 2005–2011 Hewlett-Packard Development Company,
L.P. The information contained herein is subject to change with­out notice. All Rights Reserved.

This document contains proprietary information, which is
protected by copyright. No part of this document may be
photocopied, reproduced, or translated into another
language without the prior written consent of Hewlett­Packard.

Publication Number

5998-2699
September 2011

Applicable Products

HP Switch E3500-24 (J9470A)
HP Switch E3500-48 (J9472A)
HP Switch E3500-24-PoE (J9471A)
HP Switch E3500-48-PoE (J9473A)
HP Switch E3500yl-24G-PWR (J8692A)
HP Switch E3500yl-48G-PWR (J8693A)
HP Switch E5406zl (J8697A)
HP Switch E5406zl-48G-PoE+ (J9447A)
HP Switch E5412zl (J8698A)
HP Switch E5412zl-96G-PoE+ (J9448A)
HP Switch E6200yl-24G (J8992A)
HP Switch E8206zl (J9475A)
HP Switch E8212zl (J8715A/B)
HP Switch E6600-24G (J9263A)
HP Switch E6600-24G-4XG (J9264A)
HP Switch E6600-24G-24XG (J9265A)
HP Switch E6600-48G (J9451A)
HP Switch E6600-48G-4XG (J9452A)

Disclaimer

The information contained in this document is subject to
change without notice.

HEWLETT-PACKARD COMPANY MAKES NO WARRANTY
OF ANY KIND WITH REGARD TO THIS MATERIAL,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not
be liable for errors contained herein or for incidental or
consequential damages in connection with the furnishing,
performance, or use of this material.

The only warranties for HP products and services are set
forth in the express warranty statements accompanying
such products and services. Nothing herein should be
construed as constituting an additional warranty. HP shall
not be liable for technical or editorial errors or omissions
contained herein.

Hewlett-Packard assumes no responsibility for the use or
reliability of its software on equipment that is not furnished
by Hewlett-Packard.

Software End User License Agreement and
Hardware Limited Warranty

For the software end user license agreement and the
hardware limited warranty information for HP Networking
products, visit

www.hp.com/networking/support.

Trademark Credits

Microsoft, Windows, and Microsoft Windows NT are US
registered trademarks of Microsoft Corporation.

Hewlett-Packard Company
8000 Foothills Boulevard, m/s 5551
Roseville, California 95747-5551
www.hp.com/networking/support

Contents

Product Documentation

About Your Switch Manual Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

Electronic Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

Software Feature Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv

1 Static Virtual LANs (VLANs)

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2

General VLAN Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2

Types of Static VLANs Available in the Switch . . . . . . . . . . . . . . . . . . . 1-3

Port-Based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3

Protocol-Based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3

Designated VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3

Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4

Static VLAN Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5

VLAN Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6

VLAN Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7

Routing Options for VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8

Overlapping (Tagged) VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9

Per-Port Static VLAN Configuration Options . . . . . . . . . . . . . . . . . . . 1-11

VLAN Operating Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12

General Steps for Using VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16

Multiple VLAN Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17

Single Forwarding Database Operation . . . . . . . . . . . . . . . . . . . . . . . . 1-18

Example of an Unsupported Configuration and How To Correct It 1-19

Multiple Forwarding Database Operation . . . . . . . . . . . . . . . . . . . . . . 1-20

Configuring VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-21

Menu: Configuring Port-Based VLAN Parameters . . . . . . . . . . . . . . . 1-21

To Change VLAN Support Settings . . . . . . . . . . . . . . . . . . . . . . . . 1-22

iii

Adding or Editing VLAN Names . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-23

Adding or Changing a VLAN Port Assignment . . . . . . . . . . . . . . . 1-25

CLI: Configuring Port-Based and Protocol-Based

VLAN Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-27

Customizing the Show VLANs Output . . . . . . . . . . . . . . . . . . . . . . 1-34

Creating an Alias for Show VLAN Commands . . . . . . . . . . . . . . . 1-36

Note on Using Pattern Matching with the

“Show VLANs Custom” Command . . . . . . . . . . . . . . . . . . . . . . . . . 1-36

Changing the Number of VLANs Allowed on the Switch . . . . . . . . . . 1-37

WebAgent: Viewing and Configuring VLAN Parameters . . . . . . . . . . 1-43

802.1Q VLAN Tagging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-44

Special VLAN Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-49

VLAN Support and the Default VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . 1-49

The Primary VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-49

The Secure Management VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-50

Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-52

Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-53

Using DHCP to Obtain an IP Address . . . . . . . . . . . . . . . . . . . . . . 1-54

Deleting the Management VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . 1-57

Operating Notes for Management VLANs . . . . . . . . . . . . . . . . . . . 1-57

Voice VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-58

Operating Rules for Voice VLANs . . . . . . . . . . . . . . . . . . . . . . . . . 1-58

Components of Voice VLAN Operation . . . . . . . . . . . . . . . . . . . . . 1-59

Voice VLAN QoS Prioritizing (Optional) . . . . . . . . . . . . . . . . . . . . 1-59

Voice VLAN Access Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-60

Effect of VLANs on Other Switch Features . . . . . . . . . . . . . . . . . . . . 1-60

Spanning Tree Operation with VLANs . . . . . . . . . . . . . . . . . . . . . . . . . 1-60

IP Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-61

VLAN MAC Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-61

Port Trunks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-61

Port Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-61

Jumbo Packet Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-61

VLAN Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-62

Migrating Layer 3 VLANs Using VLAN MAC Configuration . . . . . . 1-63

VLAN MAC Address Reconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . 1-63

iv

Handling Incoming and Outgoing VLAN Traffic . . . . . . . . . . . . . . . . . 1-64

Sending Heartbeat Packets with a Configured MAC Address . . . . . 1-65

Configuring a VLAN MAC Address with Heartbeat Interval . . . . . . . 1-66

Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-66

Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-67

Verifying a VLAN MAC Address Configuration . . . . . . . . . . . . . . 1-67

2 GVRP

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

General Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

Per-Port Options for Handling GVRP “Unknown VLANs” . . . . . . . . 2-6

Per-Port Options for Dynamic VLAN Advertising and Joining . . . . 2-8

GVRP and VLAN Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10

Advertisements and Dynamic Joins . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10

Port-Leave From a Dynamic VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10

Planning for GVRP Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11

Configuring GVRP On a Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12

Menu: Viewing and Configuring GVRP . . . . . . . . . . . . . . . . . . . . . . . . . 2-12

CLI: Viewing and Configuring GVRP . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13

Web: Viewing and Configuring GVRP . . . . . . . . . . . . . . . . . . . . . . . . . . 2-17

GVRP Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-17

3 Multiple Instance Spanning-Tree Operation

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

802.1s Multiple Spanning Tree Protocol (MSTP) . . . . . . . . . . . . . . . . 3-4

MSTP Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5

How MSTP Operates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7

MST Regions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7

Regions, Legacy STP and RSTP Switches, and the

Common Spanning Tree (CST) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9

MSTP Operation with 802.1Q VLANs . . . . . . . . . . . . . . . . . . . . . . 3-10

Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11

v

Operating Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13

MSTP Compatibility with RSTP or STP . . . . . . . . . . . . . . . . . . . . . . . . 3-14

Configuring MSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15

Planning an MSTP Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15

MSTP Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17

Configuring MSTP Operation Mode and Global Settings . . . . . . . . . . 3-19

Configuring MSTP Per-Port Parameters . . . . . . . . . . . . . . . . . . . . . . . 3-24

Configuring Per Port Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25

Configuring BPDU Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-28

Configuring BPDU Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29

PVST Protection and Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-32

Configuring MST Instance Parameters . . . . . . . . . . . . . . . . . . . . . . . . . 3-37

Configuring MST Instance Per-Port Parameters . . . . . . . . . . . . . . . . . 3-39

Enabling or Disabling Spanning Tree Operation . . . . . . . . . . . . . . . . . 3-42

Enabling an Entire MST Region at Once or

Exchanging One Region Configuration for Another . . . . . . . . . . 3-42

MSTP VLAN Configuration Enhancement . . . . . . . . . . . . . . . . . . . . . . 3-44

PreConfiguring VLANs in an MST Instance . . . . . . . . . . . . . . . . . 3-45

Configuring MSTP Instances with the VLAN Range Option . . . . 3-46

Operating Notes for the VLAN Configuration Enhancement . . . 3-48

How to Save Your Current Configuration . . . . . . . . . . . . . . . . . . . 3-49

Displaying MSTP Statistics and Configuration . . . . . . . . . . . . . . . . . 3-51

Displaying Global MSTP Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-52

Displaying Detailed Port Information . . . . . . . . . . . . . . . . . . . . . . 3-54

Displaying Status for a Specific MST Instance . . . . . . . . . . . . . . . 3-55

Displaying the MSTP Configuration . . . . . . . . . . . . . . . . . . . . . . . 3-56

Troubleshooting an MSTP Configuration . . . . . . . . . . . . . . . . . . . . . . 3-60

Displaying the Change History of Root Bridges . . . . . . . . . . . . . . . . . 3-60

Displaying Debug Counters for All MST Instances . . . . . . . . . . . . . . . 3-63

Displaying Debug Counters for One MST Instance . . . . . . . . . . . . . . 3-64

Displaying Debug Counters for Ports in an MST Instance . . . . . . . . . 3-66

Field Descriptions in MSTP Debug Command Output . . . . . . . . . . . . 3-68

Troubleshooting MSTP Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-71

Loop Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-72

Configuring Loop Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-74

vi

Loop Protection in Port Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-75

Loop Protection in VLAN Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-75

Changing Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-75

Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-76

Viewing Loop Protection Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-76

Displaying Loop Protection Status in Port Mode . . . . . . . . . . . . . 3-76

Displaying Loop Protection Status in VLAN Mode . . . . . . . . . . . 3-77

STP Loop Guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-78

4 Switch Meshing

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Switch Meshing Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

Operating Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4

Using a Heterogeneous Switch Mesh . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6

Bringing Up a Switch Mesh Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7

Further Operating Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7

Configuring Switch Meshing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8

Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8

Menu: To Configure Switch Meshing . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8

CLI: To Configure and View Switch Meshing . . . . . . . . . . . . . . . . . . . 4-11

CLI: Configuring Switch Meshing . . . . . . . . . . . . . . . . . . . . . . . . . 4-11

Viewing Switch Mesh Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12

Operating Notes for Switch Meshing . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17

Flooded Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17

Unicast Packets with Unknown Destinations . . . . . . . . . . . . . . . . . . . 4-18

Spanning Tree Operation with Switch Meshing . . . . . . . . . . . . . . . . . 4-19

Filtering/Security in Meshed Switches . . . . . . . . . . . . . . . . . . . . . . . . . 4-21

IP Multicast (IGMP) in Meshed Switches . . . . . . . . . . . . . . . . . . . . . . 4-21

Static VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21

Dynamic VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22

Jumbo Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22

Mesh Design Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23

Other Requirements and Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . 4-24

vii

5 Quality of Service: Managing Bandwidth More Effectively

Using Quality of Service Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1

QoS Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4

QoS Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6

Globally-Configured QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7

Classifier-Based QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8

QoS Packet Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9

Globally-Configured Packet Classification . . . . . . . . . . . . . . . . . . . . . . 5-9

Classifier-Based Match Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10

QoS Traffic Marking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11

Globally-Configured Traffic Marking . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11

Layer 2 802.1p Prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11

Layer 3 DSCP Marking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13

VLAN and Untagged VLAN Environments . . . . . . . . . . . . . . . . . . 5-14

Classifier-Based Traffic Marking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15

Globally-Configured QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-16

Global QoS Configuration Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . 5-16

Viewing a Global QoS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 5-18

Global QoS Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-19

Global TCP/UDP Classifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-21

Assigning an 802.1p Priority for a Global TCP/UDP Classifier . 5-22

Operating Notes on Using TCP/UDP Port Ranges . . . . . . . . . . . . 5-23

Assigning a DSCP Policy for a Global TCP/UDP Classifier . . . . 5-24

Displaying Resource Usage for QoS Policies . . . . . . . . . . . . . . . . . . . 5-30

Global IP-Device Classifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-32

Assigning a Priority for a Global IP-Device Classifier . . . . . . . . . 5-33

Assigning a DSCP Policy For a Global IP-Device Classifier . . . . 5-35

Global IP Type-of-Service Classifier . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-40

IPv4 ToS/IPv6 Traffic Class Byte . . . . . . . . . . . . . . . . . . . . . . . . . . 5-41

Assigning an 802.1p Priority for a Global

IP-Precedence Classifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-43

Assigning an 802.1p Priority for a Global IP-Diffserv Classifier 5-44

Assigning a DSCP Policy for a Global IP-Diffserv Classifier . . . 5-48

Comparison of Global IP Type-of-Service Classifiers . . . . . . . . . 5-52

viii

Global Layer-3 Protocol Classifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-53

Assigning a Priority for a Global Layer-3 Protocol Classifier . . . 5-53

Global VLAN-ID Classifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-55

Assigning a Priority for a Global VLAN-ID Classifier . . . . . . . . . 5-55

Assigning a DSCP Policy for a Global VLAN-ID Classifier . . . . . 5-57

Global Source-Port Classifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-62

Assigning a Priority for a Global Source-Port Classifier . . . . . . . 5-62

Assigning a DSCP Policy for a Global Source-Port Classifier . . 5-64

IP Multicast (IGMP) Interaction with QoS . . . . . . . . . . . . . . . . . . . . . . 5-70

Advanced Classifier-Based QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-71

Classifier-Based QoS Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-72

Classifier-Based QoS Configuration Procedure . . . . . . . . . . . . . . . . . 5-72

Configuring QoS Actions in a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-77

Override of Global QoS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-82

Viewing a Classifier-Based QoS Configuration . . . . . . . . . . . . . . . . . . 5-83

Classifier-Based QoS Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-87

Interaction with Other Software Features . . . . . . . . . . . . . . . . . . . . . . 5-87

Classifier-Based QoS Configuration Examples . . . . . . . . . . . . . . . . . . 5-88

QoS Policy for Layer 4 TCP/UDP Traffic . . . . . . . . . . . . . . . . . . . 5-89

QoS Policy for Subnet Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-89

Differentiated Services Codepoint (DSCP) Mapping . . . . . . . . . . . 5-90

Default Priority Settings for Selected Codepoints . . . . . . . . . . . . . . . 5-91

Displaying Non-Default Codepoint Settings . . . . . . . . . . . . . . . . . 5-92

Notes on Changing a Priority Setting . . . . . . . . . . . . . . . . . . . . . . . . . . 5-93

Error Messages for DSCP Policy Changes . . . . . . . . . . . . . . . . . . 5-94

Example of Changing the Priority Setting on a Policy
When One or More Classifiers Are Currently Using the Policy . 5-95

QoS Queue Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-97

Mapping of Outbound Port Queues . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-98

Impact of QoS Queue Configuration on Guaranteed

Minimum Bandwidth (GMB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-98

Minimum Guaranteed Bandwidth with 8 Queues . . . . . . . . . . . . . . . . 5-99

Configuring the Number of Priority Queues . . . . . . . . . . . . . . . . . . . 5-100

Viewing the QoS Queue Configuration . . . . . . . . . . . . . . . . . . . . . . . . 5-101

ix

6 Stack Management for the 3500, 3500yl, 6200yl

and 6600 Switches

Introduction to Stack Management on

the 3500, 3500yl, 6200yl and 6600 Switches . . . . . . . . . . . . . . . . . . . . . 6-1

Components of HP Stack Management . . . . . . . . . . . . . . . . . . . . . . . . . 6-3

General Stacking Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3

Operating Rules for Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5

General Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5

Specific Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6

Configuring Stack Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7

Overview of Configuring and Bringing Up a Stack . . . . . . . . . . . . . . . . 6-7

General Steps for Creating a Stack . . . . . . . . . . . . . . . . . . . . . . . . . 6-9

Using the Menu Interface To View Stack Status

and Configure Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11

Using the Menu Interface To View and Configure a

Commander Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11

Using the Menu To Manage a Candidate Switch . . . . . . . . . . . . . 6-13

Using the Commander To Manage The Stack . . . . . . . . . . . . . . . . . . . 6-15

Using the Commander To Access Member Switches for

Configuration Changes and Monitoring Traffic . . . . . . . . . . . . . . 6-21

Converting a Commander or Member to a Member

of Another Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-22

Monitoring Stack Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-23

Using the CLI To View Stack Status and Configure Stacking . . . . . . 6-27

Using the CLI To View Stack Status . . . . . . . . . . . . . . . . . . . . . . . 6-29

Using the CLI To Configure a Commander Switch . . . . . . . . . . . 6-31

Adding to a Stack or Moving Switches Between Stacks . . . . . . . 6-33

Using the CLI To Remove a Member from a Stack . . . . . . . . . . . 6-38

Using the CLI To Access Member Switches for Configuration

Changes and Traffic Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-40

SNMP Community Operation in a Stack . . . . . . . . . . . . . . . . . . . . . . . 6-42

Using the CLI To Disable or Re-Enable Stacking . . . . . . . . . . . . . . . . 6-43

Transmission Interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-43

Stacking Operation with Multiple VLANs Configured . . . . . . . . . . . . 6-43

Status Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-44

x

7 QinQ (Provider Bridging)

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2

How QinQ Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3

Features and Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3

Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4

Operating Rules and Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5

Enabling QinQ and Configuring QinQ Modes . . . . . . . . . . . . . . . . . 7-5

QinQ Mixed Vlan Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6

Configuring VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6

Operating Notes and Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8

Configuring QinQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11

General Configuration Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11

Enabling QinQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12

Setting up S-VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12

Configuring Per-Port S-VLAN Membership . . . . . . . . . . . . . . . . . 7-13

Configuring Port-Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-14

Configuration Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-15

Updating QinQ Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-20

Changing QinQ Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-20

Disabling QinQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-20

Changing VLAN Port Memberships (Mixed Vlan Mode) . . . . . . . . . . 7-20

Moving Ports between C-VLANs and S-VLANs (Mixed Vlan Mode) . 7-21

Displaying QinQ Config and Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-22

Show Commands for QinQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-22

Show Commands for VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-23

Displaying Spanning Tree Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-25

Effects of QinQ on Other Switch Features . . . . . . . . . . . . . . . . . . . . . 7-26

Event Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-32

8 Classifier-Based Software Configuration

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1

Traffic Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2

xi

Traffic Class-Based Configuration Model . . . . . . . . . . . . . . . . . . . . . . . 8-2

Creating a Traffic Class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4

Using Match Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4

Traffic Class Configuration Procedure . . . . . . . . . . . . . . . . . . . . . . 8-5

Optional ICMP Match Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-14

Optional IGMP Match Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-17

Optional TCP and UDP Match Criteria . . . . . . . . . . . . . . . . . . . . . 8-18

Using CIDR Notation for IPv4/IPv6 Addresses . . . . . . . . . . . . . . 8-20

Resequencing Match/Ignore Statements . . . . . . . . . . . . . . . . . . . . 8-24

Creating a Service Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-25

Creating a PBR Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-29

Troubleshooting PBR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-31

Modifying Classes in a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-31

Resequencing Classes in a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-33

Applying a Service Policy to an Interface . . . . . . . . . . . . . . . . . . . . . . 8-34

Displaying Statistics for a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . 8-37

Where to Go From Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-38

Zone Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-39

Zone Class-Based Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-40

Creating a Zone Class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-41

Creating a Zone Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-43

Modifying Zones and Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-45

Applying a Zone Policy to a ONE Application . . . . . . . . . . . . . . . . . . . 8-46

Troubleshooting Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-48

Where to Go From Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-49

xii

Index

Product Documentation

About Your Switch Manual Set

Note For the latest version of all HP switch documentation, including Release Notes

covering recently added features, please visit the HP Networking web site at
www.hp.com/Networking/support.

Electronic Publications

The latest version of each of the publications listed below is available in PDF
format on the HP Networking web site, as described in the Note at the top of
this page.

■ Installation and Getting Started Guide—Explains how to prepare for

and perform the physical installation and connect the switch to your
network.

■ Basic Operation Guide—Describes how to use the switch interfaces and

introduces basic operations.

■ Management and Configuration Guide—Describes how to configure,

manage, and monitor basic switch operation.

■ Advanced Traffic Management Guide—Explains how to configure traffic

management features such as VLANs, MSTP, QoS, and Meshing.

■ Multicast and Routing Guide—Explains how to configure IGMP, PIM, IP

routing, and VRRP features.

■ Access Security Guide—Explains how to configure access security fea-

tures and user authentication on the switch.

■ IPv6 Configuration Guide—Describes the IPv6 protocol operations that

are supported on the switch.

■ Command Line Interface Reference Guide—Provides a comprehensive

description of CLI commands, syntax, and operations.

■ Event Log Message Reference Guide—Provides a comprehensive descrip-

tion of event log messages.

■ Release Notes—Describe new features, fixes, and enhancements that

become available between revisions of the main product guide.

xiii

Software Feature Index

For the software manual set supporting your 3500/3500yl/5400zl/6200yl/6600/
8200zl switch model, this feature index indicates which manual to consult for
information on a given software feature.

Intelligent Edge Software Features. These features are automatically
included on all switches.

Premium License Software Features. For the HP 3500, 3500yl, 5400zl,
6600, and 8200zl switches, Premium License features can be acquired by
purchasing the optional Premium License and installing it on the Intelligent
Edge version of these switches. (These features are automatically included on
the HP 6200yl switches.)

Premium License
Software Features

OSPFv2 (IPv4) X

OSPFv3 (IPv6) X

PIM-DM (Dense Mode) X

PIM-SM (Sparse Mode) X

QinQ (Provider Bridging) X

VRRP X

Management

and

Configuration

Advanced

Traff ic

Management

Intelligent Edge
Software Features

802.1Q VLAN Tagging X

802.1X Port-Based Priority X

802.1X Multiple
Authenticated Clients Per
Port

Management

and

Configura-

tion

Advanced

Tra ffic

Management

Manual

Multicast and

Routing

Manual

Multicast and

Routing

Access

Security

Guide

Access

Security

Guide

X

IPv6
Configura­tion Guide

IPv6

Configura-

tion Guide

Basic

Operation

Guide

xiv

Intelligent Edge
Software Features

Management

and

Configura-

tion

Advanced

Tra ffic

Management

Multicast and

Routing

Manual

Access

Security

Guide

Access Control Lists (ACLs) X

IPv6

Configura-

tion Guide

Basic

Operation

Guide

Access Control Lists (ACLs)

X

(IPv6)

AAA Authentication X

Authorized IP Managers X

Authorized IP Managers

X

(IPv6)

Authorized Manager List

X

(Web, Telnet, TFTP)

Auto MDIX Configuration X

BOOTP X

Config File X

Console Access X

Copy Command X

Core Dump X

CoS (Class of Service) X

Debug X

DHCP Configuration X

DHCPv6 Relay X

DHCP Option 82 X

DHCP Snooping X

DHCP/Bootp Operation X

Diagnostic Tools X

Diagnostics and

X

Troubleshooting (IPv6)

Distributed Trunking X

Downloading Software X

xv

Intelligent Edge
Software Features

Management

and

Configura-

tion

Advanced

Tra ffic

Management

Multicast and

Routing

Manual

Access

Security

Guide

Dynamic ARP Protection X

IPv6

Configura-

tion Guide

Basic

Operation

Guide

Dynamic Configuration

X

Arbiter

Dynamic IP Lockdown X

Eavesdrop Protection X

PCM/PCM+ X

Equal Cost Multi-Path

X

(ECMP)

Event Log X

Factory Default Settings X

Flow Control (802.3x) X

File Management X

File Transfers X

Friendly Port Names X

Guaranteed Minimum

X

Bandwidth (GMB)

GVRP X

Identity-Driven

X

Management (IDM)

IGMP X

Interface Access (Telnet,
Console/Serial, Web)

IP Addressing X

IPv6 Addressing X

IP Preserve (IPv6) X

IP Routing X

IPv6 Static Routing X

Jumbo Packets X

xvi

X

Intelligent Edge
Software Features

Management

and

Configura-

tion

Advanced

Tra ffic

Management

Manual

Multicast and

Routing

Access

Security

Guide

IPv6

Configura-

tion Guide

Basic

Operation

Guide

Key Management System

X

(KMS)

LACP X

LLDP X

LLDP-MED X

Loop Protection X

MAC Address Management X

MAC Lockdown X

MAC Lockout X

MAC-based Authentication X

Management VLAN X

Management Security (IPv6) X

Meshing X

MLDv1/MLDv2 X

Monitoring and Analysis X

Multicast Filtering X

Multiple Configuration Files X

Network Management

X

Applications (SNMP)

Nonstop Switching (8200zl

X

switches)

Out-of-Band Management

X

(OOBM)

OpenView Device

X

Management

OSPFv3 X

Passwords and Password

X

Clear Protection

xvii

Intelligent Edge
Software Features

Management

and

Configura-

tion

Advanced

Tra ffic

Management

Multicast and

Routing

Manual

Access

Security

Guide

Ping X

Policy-based Routing (PBR) X

Port Configuration X

Port Monitoring X

Port Security X

Port Status X

Port Trunking (LACP) X

IPv6

Configura-

tion Guide

Basic

Operation

Guide

Port-Based Access Control
(802.1X)

Power over Ethernet (PoE

X

and PoE+)

Protocol Filters X

Protocol VLANS X

Quality of Service (QoS) X

RADIUS Authentication and
Accounting

RADIUS-Based
Configuration

Rate-Limiting X

RIP X

RMON 1,2,3,9 X

Routing X

Routing - IP Static X

Route Redistribution X

SavePower Features X

X

X

X

Secure Copy X

Secure Copy (IPv6) X

xviii

Intelligent Edge
Software Features

Management

and

Configura-

tion

Advanced

Tra ffic

Management

Multicast and

Routing

Manual

Access

Security

Guide

IPv6

Configura-

tion Guide

Secure FTP (IPv6) X

sFlow X

SFTP X

SNMPv3 X

SNMP (IPv6) X

Basic

Operation

Guide

Software Downloads (SCP/

X

SFTP, TFPT, Xmodem)

Source-Port Filters X

Spanning Tree (STP, RSTP,

X

MSTP)

SSHv2 (Secure Shell)

X

Encryption

SSH (IPv6) X

SSL (Secure Socket Layer) X

Stacking (3500/3500yl/

X

6200yl/6600 switches only)

Syslog X

System Information X

TACACS+ Authentication X

Telnet Access X

Telnet (IPv6) X

TFTP X

Time Protocols (TimeP,

X

SNTP)

Time Protocols (IPv6) X

Traffic Mirroring X

Traffic/Security Filters X

Troubleshooting X

xix

Intelligent Edge
Software Features

Management

and

Configura-

tion

Advanced

Tra ffic

Management

Multicast and

Routing

Manual

Access

Security

Guide

IPv6

Configura-

tion Guide

Tunneling (6in4) X

Basic

Operation

Guide

Uni-Directional Link

X

Detection (UDLD)

UDP Forwarder X

USB Device Support X

Virus Throttling

X

(Connection-Rate Filtering)

VLANs X

VLAN Mirroring (1 static

X

VLAN)

Voice VLAN X

Web Authentication RADIUS

X

Support

Web-based Authentication X

Web UI X

xx

Static Virtual LANs (VLANs)

Overview

This chapter describes how to configure and use static, port-based and
protocol-based VLANs on the switches covered in this guide.

1

1-1

Static Virtual LANs (VLANs)

Introduction

Introduction

VLAN Features

Feature Default Menu CLI WebAgent

view existing VLANs n/a page 1-22

configuring static
VLANs

VLANs enable you to group users by logical function instead of physical
location. This helps to control bandwidth usage within your network by
allowing you to group high-bandwidth users on low-traffic segments and to
organize users from different LAN segments according to their need for
common resources and/or their use of individual protocols. You can also
improve traffic control at the edge of your network by separating traffic of
different protocol types. VLANs can also enhance your network security by
creating separate subnets to help control in-band access to specific network
resources.

default VLAN with
VID = 1

thru 1-27

page 1-22
thru 1-27

page 1-28 page 1-43

page 1-27 page 1-43

1-2

General VLAN Operation

A VLAN is comprised of multiple ports operating as members of the same
subnet (broadcast domain). Ports on multiple devices can belong to the same
VLAN, and traffic moving between ports in the same VLAN is bridged (or
“switched”). (Traffic moving between different VLANs must be routed.) A
static VLAN is an 802.1Q-compliant VLAN configured with one or more ports
that remain members regardless of traffic usage. (A dynamic VLAN is an

802.1Q-compliant VLAN membership that the switch temporarily creates on
a port to provide a link to another port in the same VLAN on another device.)

This chapter describes static VLANs configured for port-based or protocol­based operation. Static VLANs are configured with a name, VLAN ID number
(VID), and port members. (For dynamic VLANs, refer to chapter 2, “GVRP” .)

By default, the switches covered in this guide are 802.1Q VLAN-enabled and
allow up to 2048 static and dynamic VLANs. (The default static VLAN setting
is 256). 802.1Q compatibility enables you to assign each switch port to multiple
VLANs, if needed.

Static Virtual LANs (VLANs)

Introduction

Types of Static VLANs Available in the Switch

Port-Based VLANs

This type of static VLAN creates a specific layer-2 broadcast domain com­prised of member ports that bridge IPv4 traffic among themselves. Port-Based
VLAN traffic is routable on the switches covered in this guide.

Protocol-Based VLANs

This type of static VLAN creates a layer-3 broadcast domain for traffic of a
particular protocol, and is comprised of member ports that bridge traffic of
the specified protocol type among themselves. Some protocol types are
routable on the switches covered in this guide. Refer to table 1-1 on page 1-5.

Designated VLANs

The switch uses these static, port-based VLAN types to separate switch
management traffic from other network traffic. While these VLANs are not
limited to management traffic only, they can provide improved security and
availability for management traffic.

■ The Default VLAN: This port-based VLAN is always present in the switch

and, in the default configuration, includes all ports as members (page 1-

49).

■ The Primary VLAN: The switch uses this port-based VLAN to run certain

features and management functions, including DHCP/Bootp responses
for switch management. In the default configuration, the Default VLAN is
also the Primary VLAN. However, you can designate another, port-based,
non-default VLAN, as the Primary VLAN (page 1-49).

■ The Secure Management VLAN: This optional, port-based VLAN estab-

lishes an isolated network for managing the HP switches that support this
feature. Access to this VLAN and to the switch’s management functions
are available only through ports configured as members (page 1-50).

■ Voice VLANs: This optional, port-based VLAN type enables you to sepa-

rate, prioritize, and authenticate voice traffic moving through your net­work, and to avoid the possibility of broadcast storms affecting VoIP
(Voice-over-IP) operation (page 1-58).

1-3

Static Virtual LANs (VLANs)

Terminology

Note In a multiple-VLAN environment that includes some older switch models there

may be problems related to the same MAC address appearing on different
ports and VLANs on the same switch. In such cases the solution is to impose
some cabling and VLAN restrictions. For more on this topic, refer to “Multiple
VLAN Considerations” on page 1-17.

Terminology

Dynamic VLAN: An 802.1Q VLAN membership temporarily created on a port

linked to another device, where both devices are running GVRP. (See also

Static VLAN.) For more information, refer to chapter 2, “GVRP” .

Static VLAN: A port-based or protocol-based VLAN configured in switch

memory. (See also Dynamic VLAN.)

Tagged Packet: A packet that carries an IEEE 802.1Q VLAN ID (VID), which

is a two-byte extension that precedes the source MAC address field of an
ethernet frame. A VLAN tag is layer 2 data and is transparent to higher
layers.

1-4

Tagged VLAN: A VLAN that complies with the 802.1Q standard, including

priority settings, and allows a port to join multiple VLANs. (See also

Untagged VLAN.)

Untagged Packet: A packet that does not carry an IEEE 802.1Q VLAN ID

(VID).

Untagged VLAN: A VLAN that does not use or forward 802.1Q VLAN tagging,

including priority settings. A port can be a member of only one untagged
VLAN of a given type (port-based and the various protocol-based types).
(See also Tagged VLAN.)

VID: The acronym for a VLAN Identification Number. Each 802.1Q-compliant

VLAN must have its own unique VID number, and that VLAN must be given
the same VID in every device in which it is configured.

Static VLAN Operation

A group of networked ports assigned to a VLAN form a broadcast domain that
is separate from other VLANs that may be configured on the switch. On a given
switch, packets are bridged between source and destination ports that belong
to the same VLAN. Thus, all ports passing traffic for a particular subnet
address should be configured to the same VLAN. Cross-domain broadcast
traffic in the switch is eliminated and bandwidth is saved by not allowing
packets to flood out all ports.

Table 1-1. Comparative Operation of Port-Based and Protocol-Based VLANs

Port-Based VLANs Protocol-Based VLANs

IP
Addressing

Usually configured with at least one unique IP
address. You can create a port-based VLAN with­out an IP address. However, this limits the switch
features available to ports on that VLAN. (Refer to
“How IP Addressing Affects Switch Operation” in
the chapter “Configuring IP Addressing” in the
Basic Operation Guide.)

You can also use multiple IP addresses to create
multiple subnets within the same VLAN. (For more
on this topic, refer to the chapter on “Configuring
IP Addressing” in the Baic Operation Guide.)

You can configure IP addresses on all protocol
VLANs. However, IP addressing is used only on IPv4
and IPv6 protocol VLANs.

Restrictions: When you configure an IP address on
a VLAN interface, the following restrictions apply:

Loopback interfaces share the same IP address
space with VLAN configurations. The maximum
number of IP addresses supported on a switch is
2048, which includes all IP addresses configured
for both VLANs and loopback interfaces (except
for the default loopback IP address 127.0.0.1).

Each IP address that you configure on a VLAN
interface must be unique in the switch. This
means that the address cannot be used by a VLAN
interface or another loopback interface.

For more information, refer to the chapter on
“Configuring IP Addressing” in the Basic Operation
Guide.

Static Virtual LANs (VLANs)

Static VLAN Operation

1-5

Static Virtual LANs (VLANs)

Static VLAN Operation

Port-Based VLANs Protocol-Based VLANs

Untagged
VLAN
Membership

Tagged VLAN
Membership

Routing The switch can internally route IP (IPv4) traffic

Commands
for
Configuring
Static VLANs

A port can be a member of one untagged, port­based VLAN. All other port-based VLAN
assignments for that port must be tagged.

A port can be a tagged member of any port-based
VLAN. See above.

between port-based VLANs and between port­based and IPv4 protocol-based VLANs if the switch
configuration enables IP routing.

If the switch is not configured to route traffic
internally between port-based VLANs, then an
external router must be used to move traffic
between VLANs.

vlan < VID > [ tagged | untagged < [e] port-list >] vlan <

A port can be an untagged member of one protocol
VLAN of a specific protocol type (such as IPX or IPv6).
If the same protocol type is configured in multiple
protocol VLANs, then a port can be an untagged
member of only one of those protocol VLANs. For
example, if you have two protocol VLANs, 100 and
200, and both include IPX, then a port can be an
untagged member of either VLAN 100 or VLAN 200,
but not both VLANs.

A port’s untagged VLAN memberships can include up
to four different protocol types. This means that a port
can be an untagged member of one of the following:

• Four single-protocol VLANs

• Two protocol VLANs where one VLAN includes a
single protocol and the other includes up to three
protocols

• One protocol VLAN where the VLAN includes four
protocols

A port can be a tagged member of any protocol­based VLAN. See above.

If the switch configuration enables IP routing, the
switch can internally route IPv4 traffic as follows:

• Between multiple IPv4 protocol-based VLANs

• Between IPv4 protocol-based VLANs and port­based VLANs.

Other protocol-based VLANs require an external
router for moving traffic between VLANs.

Note: NETbeui and SNA are non-routable protocols.
End stations intended to receive traffic in these
protocols must be attached to the same physical
network.

VID > protocol < ipx | ipv4 | ipv6 | arp |

appletalk | sna | netbeui >
vlan <

VID > [ tagged | untagged < [e] port-list >]

1-6

VLAN Environments

You can configure different VLAN types in any combination. Note that the
default VLAN will always be present. (For more on the default VLAN, refer to
“VLAN Support and the Default VLAN” on page 1-49.)

Table 1-2. VLAN Environments

VLAN 1

A2

A3

A4

A7

A6

A5

A1

A8

VLAN Environment Elements

The default VLAN (port-based;
VID of “1”) Only

In the default VLAN configuration, all ports belong to VLAN
1 as untagged members.

VLAN 1 is a port-based VLAN, for IPv4 traffic.

Static Virtual LANs (VLANs)

Static VLAN Operation

Multiple VLAN Environment In addition to the default VLAN, the configuration can include

one or more other port-based VLANs and one or more
protocol VLANs. (The switches covered in this guide allow
up to 2048 (vids up to 4094) VLANs of all types.) Using VLAN
tagging, ports can belong to multiple VLANs of all types.

Enabling routing on the switch enables the switch to route
IPv4 traffic between port-based VLANs and between port­based VLANs and IPv4 protocol VLANs. Routing other types
of traffic between VLANs requires an external router
capable of processing the appropriate protocol(s).

VLAN Operation

The Default VLAN. In figure 1-1, all ports belong to the default VLAN, and
devices connected to these ports are in the same broadcast domain. Except
for an IP address and subnet, no configuration steps are needed.

Figure 1-1. Example of a Switch in the Default VLAN Configuration

Multiple Port-Based VLANs. In figure 1-2, routing within the switch is
disabled (the default). This means that communication between any routable
VLANs on the switch must go through the external router. In this case, VLANs
“W” and “X” can exchange traffic through the external router, but traffic in
VLANs “Y” and “Z” is restricted to the respective VLANs. Note that VLAN 1,
the default VLAN, is also present, but not shown. (The default VLAN cannot
be deleted from the switch. However, ports assigned to other VLANs can be
removed from the default VLAN, if desired.) If internal (IP) routing is enabled

1-7

Static Virtual LANs (VLANs)

External

Router

Switch with Multiple
VLANs Configured
and Internal Routing
Disabled

A2

A3

A4

A7

A6

A5

A1

A8

VLAN Z

VLAN Y

VLAN X

VLAN W

Static VLAN Operation

on the switch, then the external router is not needed for traffic to move
between port-based VLANs.

Figure 1-2. Example of Multiple VLANs on the Switch

Protocol VLAN Environment. Figure 1-2 can also be applied to a protocol
VLAN environment. In this case, VLANs “W” and “X” represent routable
protocol VLANs. VLANs “Y” and “Z” can be any protocol VLAN. As noted for
the discussion of multiple port-based VLANs, VLAN 1 is not shown. Enabling
internal (IP) routing on the switch allows IP traffic to move between VLANs
on the switch. However, routable, non-IP traffic always requires an external
router.

1-8

Routing Options for VLANs

Table 1-3. Options for Routing Between VLAN Types in the Switch

Port­Based

Port-Based Yes — Yes — — — — —

Protocol

IPX — Yes

IPX IPv4 IPv6 ARP Apple

-Talk

1

———— — —

IP v4 Yes — Yes — — — — —

1

IPv6 — — — Yes

ARP — — — — Yes

AppleTalk — — — — — Yes

—— — —

1

—— —

1

2

SNA

Netbeui

——

2