HP A6600 Layer 2 - LAN Switching Configuration Guide

HP A6600 Routers Layer 2 - LAN Switching

Configuration Guide

Abstract

This document describes the software features for the HP A Series products and guides you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.

This documentation is intended for network planners, field technical support and servicing engineers, and network administrators working with the HP A Series products.

Part number: 5998-1501 Software version: A6600-CMW520-R2603 Document version: 6PW101-20110630

Legal and notice information

No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P.

The information contained herein is subject to change without notice.

HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.

The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

MAC address table configuration ······························································································································ 1

How a MAC address table entry is created ·········································································································· 1 Types of MAC address table entries ······················································································································ 2 MAC address table-based frame forwarding ······································································································· 2

Configuring the MAC address table ······························································································································· 2

Configuring static, dynamic, and blackhole MAC address table entries ·························································· 2 Disabling MAC address learning ··························································································································· 3 Configuring the aging timer for dynamic MAC address entries ········································································· 4

Configuring the MAC learning limit on ports ········································································································ 5 Displaying and maintaining MAC address tables ········································································································ 5 MAC address table configuration example ··················································································································· 6

MAC information configuration ·································································································································· 8

How MAC information works ································································································································· 8 Configuring MAC information ········································································································································· 8

Enabling MAC information globally ······················································································································ 8

Enabling MAC information on an interface ·········································································································· 8

Configuring MAC information mode ····················································································································· 9

Configuring the interval for sending Syslog or trap messages ············································································ 9

Configuring the MAC information queue length ·································································································· 9 MAC information configuration example ······················································································································· 9

Ethernet link aggregation configuration ··················································································································· 11

Basic concepts ······················································································································································· 11

Aggregating links in static mode ························································································································· 14

Aggregating links in dynamic mode ··················································································································· 15

Load sharing criteria for link aggregation groups ····························································································· 17 Ethernet link aggregation configuration task list ········································································································· 17 Configuring an aggregation group ····························································································································· 17

Configuration guidelines ······································································································································ 17

Configuring a static aggregation group ············································································································· 18

Configuring a dynamic aggregation group ······································································································· 19 Configuring an aggregate interface ···························································································································· 21

Configuring the description of an aggregate interface or subinterface ·························································· 21

Configuring the MTU of a Layer 3 aggregate interface or subinterface ························································· 22

Specifying a card to process or forward traffic for a Layer 3 aggregate interface ······································· 22

Enabling link state traps for an aggregate interface ························································································· 23

Shutting down an aggregate interface ··············································································································· 23 Configuring load sharing for link aggregation groups ······························································································ 24

Configuring the global link-aggregation load sharing criteria ········································································· 24

Configuring group-specific load sharing criteria ······························································································· 25 Displaying and maintaining Ethernet link aggregation ····························································································· 25 Ethernet link aggregation configuration examples ····································································································· 26

Layer 2 static aggregation configuration example ···························································································· 26

Layer 2 dynamic aggregation configuration example ······················································································ 28

Layer 2 aggregation load sharing configuration example ··············································································· 30

Layer 3 static aggregation configuration example ···························································································· 33

Layer 3 dynamic aggregation configuration example ······················································································ 34

Layer 3 aggregation load sharing configuration example ··············································································· 36

iii

Port isolation configuration ········································································································································ 39

Configuring an isolation group ···································································································································· 39

Assigning a port to the isolation group ·············································································································· 39 Displaying and maintaining isolation groups ············································································································· 39 Port isolation configuration example ··························································································································· 40

MSTP configuration ···················································································································································· 41

Why STP ································································································································································· 41

Protocol packets of STP ········································································································································· 41

Basic concepts in STP············································································································································ 41

How STP works ······················································································································································ 43 RSTP ················································································································································································· 48 MSTP ··············································································································································································· 49

Why MSTP ····························································································································································· 49

Basic concepts in MSTP ········································································································································ 50

How MSTP works ·················································································································································· 53

Implementation of MSTP on devices ···················································································································· 54

Configuring an MST region ································································································································· 56

Configuring the root bridge or a secondary root bridge ·················································································· 57

Configuring the work mode of an MSTP device ································································································ 58

Configuring the priority of a device ···················································································································· 58

Configuring the maximum hops of an MST region ··························································································· 59

Configuring the network diameter of a switched network ················································································ 59

Configuring timers of MSTP ································································································································· 60

Configuring the timeout factor ····························································································································· 61

Configuring the maximum port rate ···················································································································· 61

Configuring ports as edge ports ·························································································································· 62

Configuring path costs of ports ···························································································································· 62

Configuring port priority ······································································································································· 65

Configuring the link type of ports ························································································································ 65

Configuring the mode a port uses to recognize/send MSTP packets ····························································· 66

Enabling the output of port state transition information ···················································································· 67

Enabling the MSTP feature ··································································································································· 67

Performing mCheck ··············································································································································· 68

Configuring digest snooping ································································································································ 69

Configuring no agreement check ························································································································ 70

Configuring protection functions ·························································································································· 72 MSTP configuration example ········································································································································ 76

BPDU tunneling configuration ··································································································································· 81

BPDU tunneling implementation ··························································································································· 82 Configuring BPDU tunneling ········································································································································· 83

Configuration prerequisites ·································································································································· 83

Enabling BPDU tunneling ······································································································································ 83

Configuring destination multicast MAC address for BPDUs ············································································· 84 BPDU tunneling configuration examples······················································································································ 85

BPDU tunneling for STP configuration example ································································································· 85

BPDU tunneling for PVST configuration example ······························································································· 86

VLAN configuration ··················································································································································· 88

VLAN fundamentals ·············································································································································· 88

VLAN types ···························································································································································· 89 Configuring basic VLAN settings ································································································································· 90

Configuring basic settings of a VLAN interface ········································································································· 90 Port-based VLAN configuration ···································································································································· 91

Assigning an access port to a VLAN ·················································································································· 93

Assigning a trunk port to a VLAN ······················································································································· 94

Assigning a hybrid port to a VLAN ····················································································································· 95

Port-based VLAN configuration example ············································································································ 96 MAC-based VLAN configuration ·································································································································· 98

Configuring a MAC-based VLAN ························································································································ 99

MAC-based VLAN configuration example ······································································································· 100 Protocol-based VLAN configuration ··························································································································· 102

Introduction to protocol-based VLAN ················································································································ 102

Configuring a protocol-based VLAN ················································································································· 103

Protocol-based VLAN configuration example ·································································································· 104 IP subnet-based VLAN configuration ·························································································································· 107

Configuring an IP subnet-based VLAN ············································································································· 107 Displaying and maintaining VLAN ···························································································································· 108

Super VLAN configuration ····································································································································· 109

Configuring a super VLAN ········································································································································· 109 Displaying and maintaining super VLAN ·················································································································· 111 Super VLAN configuration example ·························································································································· 111

Isolate-user-VLAN configuration ····························································································································· 114

Configuring an isolate-user-VLAN ······························································································································ 114 Displaying and maintaining isolate-user-VLAN ········································································································· 115 Isolate-user-VLAN configuration example ·················································································································· 116

Voice VLAN configuration ······································································································································ 119

OUI addresses ····················································································································································· 119

Voice VLAN assignment modes ························································································································· 120

Security mode and normal mode of voice VLANs ··························································································· 122 Configuring a voice VLAN ·········································································································································· 123

Configuring QoS priority settings for voice traffic on an interface ································································ 123

Configuring a port to operate in automatic voice VLAN assignment mode ················································· 124

Configuring a port to operate in manual voice VLAN assignment mode ····················································· 125 Displaying and maintaining voice VLAN ·················································································································· 126 Voice VLAN configuration examples ························································································································· 126

Automatic voice VLAN mode configuration example ····················································································· 126

Manual voice VLAN assignment mode configuration example ····································································· 128

GVRP configuration ················································································································································· 131

GARP ···································································································································································· 131

GVRP ···································································································································································· 134

Protocols and standards ····································································································································· 134 GVRP configuration task list ········································································································································ 135 Configuring GVRP functions ······································································································································· 135 Configuring the garp timers ········································································································································ 136 Displaying and maintaining GVRP····························································································································· 137 GVRP configuration examples ···································································································································· 138

GVRP normal registration mode configuration example ················································································· 138

GVRP fixed registration mode configuration example ···················································································· 139

GVRP forbidden registration mode configuration example ············································································ 140

QinQ configuration ················································································································································ 143

Background and benefits ···································································································································· 143

How QinQ works ················································································································································ 143

QinQ frame structure ·········································································································································· 144

Implementations of QinQ ··································································································································· 145

Modifying the TPID in a VLAN tag ···················································································································· 145

Enabling basic QinQ ·········································································································································· 147

Configuring VLAN transparent transmission ···································································································· 147 Configuring selective QinQ ········································································································································ 148

Configuring an outer VLAN tagging policy ····································································································· 148

Configuring an inner-outer VLAN 802.1p priority mapping ·········································································· 149

Configuring inner VLAN ID substitution ············································································································ 150 Configuring the TPID value in VLAN tags ················································································································· 151 QinQ configuration examples ···································································································································· 152

Basic QinQ configuration example ··················································································································· 152

Selective QinQ configuration example ············································································································· 154

VLAN transparent transmission configuration example ·················································································· 157

VLAN termination configuration ···························································································································· 160

VLAN termination types ······································································································································ 160

Application scenarios ········································································································································· 160 VLAN termination configuration task list ··················································································································· 162 Configuring TPID for VLAN-tagged packets ·············································································································· 162

Introduction to TPID ············································································································································· 162

Configuring TPID on Layer 3 Ethernet/aggregate subinterfaces ··································································· 163 Enabling an ambiguous Dot1q/QinQ termination-enabled subinterface to transmit broadcasts and multicasts ······································································································································································· 164 Configuring Dot1q termination ··································································································································· 165

Configuring unambiguous Dot1q termination ·································································································· 165

Unambiguous Dot1q termination configuration example ··············································································· 165

Configuring ambiguous Dot1q termination ······································································································ 167

Ambiguous Dot1q termination configuration examples ·················································································· 168

Configuration examples for Dot1q termination supporting PPPoE server ····················································· 169 Configuring QinQ termination ··································································································································· 170

Configuring unambiguous QinQ termination ·································································································· 170

Unambiguous QinQ termination configuration example ················································································ 170

Configuring ambiguous QinQ termination ······································································································ 172

Ambiguous QinQ termination configuration example ···················································································· 173

Configuration example for QinQ termination supporting PPPoE server ······················································· 174

Configuration example for QinQ termination supporting DHCP relay ························································· 174



VLAN mapping configuration ································································································································ 178

Application scenario of one-to-one VLAN mapping ························································································ 179

Application scenario of one-to-two and two-to-two VLAN mapping ······························································ 180

Concepts and terms ············································································································································ 181

VLAN mapping implementations ······················································································································· 182 Configuring VLAN mapping ······································································································································· 183

Configuring one-to-one VLAN mapping ··········································································································· 183

Configuring one-to-two VLAN mapping ············································································································ 186

Configuring two-to-two VLAN mapping ············································································································ 187 VLAN mapping configuration examples ··················································································································· 191

One-to-one VLAN mapping configuration example ························································································ 191

One-to-two and two-to-two VLAN mapping configuration example ······························································ 195

LLDP configuration ··················································································································································· 199

How LLDP works ·················································································································································· 203

Enabling LLDP ······················································································································································ 204

Setting the LLDP operating mode ······················································································································· 205

Setting the LLDP re-initialization delay ·············································································································· 205

Enabling LLDP polling ········································································································································· 206

Configuring the advertisable TLVs ····················································································································· 206

Configuring the management address and its encoding format ···································································· 207

Setting other LLDP parameters ···························································································································· 208

Setting an encapsulation format for LLDPDUs ·································································································· 208 Configuring CDP compatibility ··································································································································· 209

Configuration procedure ···································································································································· 209 Configuring LLDP trapping ·········································································································································· 210 Displaying and maintaining LLDP ······························································································································· 210 LLDP configuration examples ······································································································································ 211

Basic LLDP configuration example ····················································································································· 211

CDP-compatible LLDP configuration example ··································································································· 214

Support and other resources ·································································································································· 216

Contacting HP ······························································································································································ 216

Subscription service ············································································································································ 216 Related information ······················································································································································ 216

Documents ···························································································································································· 216

Websites ······························································································································································ 216 Conventions ·································································································································································· 217

Index ········································································································································································ 219

vii

MAC address table configuration

The MAC address table configuration applies only to Layer 2 interfaces, including Layer 2 Ethernet interfaces and Layer 2 aggregate interfaces.

This document covers only the configuration of unicast MAC address table entries, including static, dynamic, and blackhole MAC address table entries. For more information about configuring static multicast MAC address table entries, see IP Multicast Configuration Guide.

The SAP cards support the MAC address table configuration only when they work in Layer 2 mode.

An Ethernet router uses a MAC address table for forwarding frames through unicast instead of broadcast. This table describes from which port a MAC address (or host) can be reached. When forwarding a frame, the router first looks up the MAC address of the frame in the MAC address table for a match. If an entry is found, the router forwards the frame out of the outgoing port in the entry. If no entry is found, the router broadcasts the frame out of all but the incoming port.

How a MAC address table entry is created

The entries in the MAC address table come from two sources: automatically learned by the router and manually added by the administrator.

MAC address learning

The router can populate its MAC address table automatically by learning the source MAC addresses of incoming frames on each port.

When a frame arrives at a port, Port A for example, the router performs the following tasks:

1. Checks the source MAC address (for example, MAC-SOURCE) of the frame.

2. Looks up the MAC address in the MAC address table.

3. If an entry is found, updates the entry. If no entry is found, adds an entry for MAC-SOURCE and Port

The router performs the learning process each time it receives a frame from an unknown source MAC address, until the MAC address table is fully populated.

After learning the source MAC address of a frame, the router looks up the destination MAC address in the MAC address table. If an entry is found for the MAC address, the router forwards the frame out of the specific outgoing port. In this example, it is Port A.

Manually configuring MAC address entries

With dynamic MAC address learning, a router does not distinguish between illegitimate and legitimate frames. This can invite security hazards. For example, when a hacker sends frames with a forged source MAC address to a port different from the one to which the real MAC address is connected, the router creates an entry for the forged MAC address, and forwards frames destined for the legal user to the hacker instead.

To enhance the security of a port, manually add MAC address entries to the MAC address table of the router to bind specific user devices to the port. Because manually configured entries have higher priority than dynamically learned ones, you can prevent hackers from stealing data using forged MAC addresses.

Types of MAC address table entries

A MAC address table can contain the following types of entries:

• Static entries, which are manually added and never age out.

• Dynamic entries, which can be manually added or dynamically learned and may age out.

• Blackhole entries, which are manually configured and never age out. Blackhole entries are

configured for filtering out frames with specific MAC addresses. For example, to block all packets destined for a specific user for security concerns, configure the MAC address of this user as a blackhole MAC address entry.

To adapt to network changes and prevent inactive entries from occupying table space, an aging mechanism is adopted for dynamic MAC address entries. Each time a dynamic MAC address entry is learned or created, an aging time starts. If the entry has not updated when the aging timer expires, the router deletes the entry. If the entry has updated before the aging timer expires, the aging timer restarts.

A static or blackhole MAC address entry can overwrite a dynamic MAC address entry, but not vice versa.

MAC address table-based frame forwarding

When forwarding a frame, the router adopts the following forwarding modes based on the MAC address table:

• Unicast mode: If an entry is available for the destination MAC address, the router forwards the

frame out the outgoing interface indicated by the MAC address table entry.

• Broadcast mode: If the router receives a frame with the destination address being all ones, or no

entry is available for the destination MAC address, the router broadcasts the frame to all interfaces except the receiving interface.

Configuring the MAC address table

These configuration tasks are all optional and can be performed in any order.

Configuring static, dynamic, and blackhole MAC address table entries

To fence off MAC address spoofing attacks and improve port security, manually add MAC address table entries to bind ports with MAC addresses.

Also, configure blackhole MAC address entries to filter out packets with certain MAC addresses.

Add or modify a static, dynamic, or blackhole MAC address table entry globally

To add or modify a static, dynamic, or blackhole MAC address table entry in system view:

To do… Use the command… Remarks

1. Enter system view

2. Add or modify a

dynamic or static MAC address entry

3. Add or modify a

blackhole MAC address entry

system-view —

mac-address { dynamic | static } mac-address interface interface-type interface-number vlan

vlan-id

mac-address blackhole mac-address vlan vlan-id

Add or modify a static or dynamic MAC address table entry on an interface

To add or modify a static or dynamic MAC address table entry in interface view:

To do… Use the command… Remarks

1. Enter system view

2. Enter interface view

3. Add or modify a static or

dynamic MAC address entry

system-view —

interface interface-type interface-number

mac-address { dynamic | static }

mac-address vlan vlan-id

—

Required.

Ensure that you have created the VLAN and assign the interface to the VLAN.

Required.

Use either command.

Ensure that you have created the VLAN and assign the interface to the VLAN.

Disabling MAC address learning

You may need to disable MAC address learning sometimes to prevent the MAC address table from being saturated. For example, you may need to do it when your router is being attacked by a large amount of packets with different source MAC addresses.

Disabling global MAC address learning

Disabling global MAC address learning disables the learning function on all ports.

To disable MAC address learning:

To do… Use the command… Remarks

1. Enter system view

2. Disable global MAC address

learning

Disabling MAC address learning on ports

After enabling global MAC address learning, you may disable the function on a single port, or on all ports in a port group as needed.

system-view —

mac-address mac-learning disable

Required

Enabled by default

To disable MAC address learning on an interface or a port group:

To do… Use the command… Remarks

1. Enter system view

system-view —

2. Enable global MAC address

learning

Enter Layer 2

3. Enter

interface view or port group view

4. Disable MAC address learning on

the interface or all ports in the port group

Ethernet/aggregate interface view

Enter port group view

For configuration about port groups, see the chapter “Ethernet interface configuration.”

Disabling MAC address learning on a VLAN

You may disable MAC address learning on a per-VLAN basis.

To disable MAC address learning on a VLAN:

To do… Use the command… Remarks

undo mac-address mac-learning disable

interface interface-type interface-number

port-group manual port-group-name

mac-address mac-learning disable

Optional.

Enabled by default.

Required.

Use either command.

Settings in Layer 2 Ethernet/aggregate interface view take effect on the current interface only.

Settings in port group view take effect on all member ports in the port group.

Required.

By default, MAC address learning is enabled on ports.

1. Enter system view

2. Enable global MAC address

learning

3. Enter VLAN view

4. Disable MAC address

learning on the VLAN

system-view —

undo mac-address mac-learning disable

vlan vlan-id —

mac-address mac-learning disable

Optional

Enabled by default

Required

Enabled by default

Configuring the aging timer for dynamic MAC address entries

The MAC address table uses an aging timer for dynamic MAC address entries for security and efficient use of table space. If a dynamic MAC address entry has failed to update before the aging timer expires, the router deletes the entry. This aging mechanism ensures that the MAC address table could timely update to accommodate latest network changes.

Set the aging timer appropriately. A long aging interval may cause the MAC address table to retain outdated entries, exhaust the MAC address table resources, and fail to update its entries to accommodate the latest network changes. A short interval may result in the removal of valid entries and unnecessary broadcasts, which may affect router performance.

To configure the aging timer for dynamic MAC address entries:

To do… Use the command… Remarks

1. Enter system view

2. Configure the aging timer for

dynamic MAC address entries

system-view —

mac-address timer { aging

seconds | no-aging }

Optional

300 seconds by default

Reduce broadcasts on a stable network by disabling the aging timer to prevent dynamic entries from aging out unnecessarily. By reducing broadcasts, you improve not only network performance, but also security, because the chances for a data packet to reach unintended destinations are reduced.

Configuring the MAC learning limit on ports

As the MAC address table is growing, the forwarding performance of your router may degrade. To prevent the MAC address table from getting so large that the forwarding performance is affected, limit the number of MAC addresses that can be learned on a port.

To configure the MAC learning limit on a Layer 2 Ethernet interface, Layer 2 VE interface, Layer 2 aggregate interface, or all ports in a port group:

To do… Use the command… Remarks

1. Enter system view

Enter Layer 2

2. Enter

interface view or port group view

3. Configure the MAC learning limit

on the interface or port group, and configure whether frames with unknown source MAC addresses can be forwarded or not when the MAC learning limit is reached

Ethernet/aggregate interface view

Enter port group view

system-view —

interface interface-type interface-number

port-group manual port-group-name

mac-address max-mac-count

count

Required.

Use either command.

Settings in Layer 2 Ethernet/aggregate interface view take effect on the current interface only.

Settings in port group view take effect on all member ports in the port group.

Required.

By default, the MAC learning limit is not configured on ports.

Displaying and maintaining MAC address tables

To do… Use the command… Remarks

display mac-address [ mac-address [ vlan vlan-id ] |

Display MAC address table information

[ [ dynamic | static ] [ interface interface-type interface-number ] | blackhole ] [ vlan vlan-id ] [ count ] ] [ | { begin | exclude | include } regular-expression ]

Available in any view

To do… Use the command… Remarks

Display the aging timer for dynamic MAC address entries

Display the system or interface MAC address learning state

Display MAC address statistics

display mac-address aging-time [ | { begin | exclude | include } regular-expression ]

display mac-address mac-learning [ interface-type

interface-number ] [ | { begin | exclude | include } regular-expression ]

display mac-address statistics [ | { begin | exclude | include } regular-expression ]

Available in any view

MAC address table configuration example

Network requirements

As shown in Figure 1:

• The MAC address of Host A is 000f-e235-dc71 and belongs to VLAN 1. It is connected to

GigabitEthernet 4/0/1 of the router. To prevent MAC address spoofing, add a static entry into the MAC address table of the router for the host.

• The MAC address of Host B is 000f-e235-abcd and belongs to VLAN 1. Because this host once

behaved suspiciously on the network, you can add a blackhole MAC address entry for the MAC address to drop all packets destined for the host.

• Set the aging timer for dynamic MAC address entries to 500 seconds.

Figure 1 Network diagram for MAC address table configuration

Configuration procedure

# Add a static MAC address entry.

<Router> system-view

[Router] mac-address static 000f-e235-dc71 interface gigabitethernet 4/0/1 vlan 1

# Add a blackhole MAC address entry.

[Router] mac-address blackhole 000f-e235-abcd vlan 1

# Set the aging timer for dynamic MAC address entries to 500 seconds.

[Router] mac-address timer aging 500

# Display the MAC address entry for port GigabitEthernet 4/0/1.

[Router] display mac-address interface gigabitethernet 4/0/1

MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)

000f-e235-dc71 1 Config static GigabitEthernet 4/0/1 NOAGED

--- 1 mac address(es) found ---

# Display information about the blackhole MAC address table.

[Router] display mac-address blackhole

MAC ADDR VLAN ID STATE PORT INDEX AGING TIME

000f-e235-abcd 1 Blackhole N/A NOAGED

--- 1 mac address(es) found ---

# View the aging time of dynamic MAC address entries.

[Router] display mac-address aging-time

Mac address aging time: 500s

MAC information configuration

The SAP cards support this feature only when they work in Layer 2 mode.

To monitor a network, you need to monitor users joining and leaving the network. Because a MAC address uniquely identifies a network user, monitor those users joining and leaving a network by monitoring their MAC addresses.

With the MAC information function, Layer 2 Ethernet interfaces send Syslog or trap messages to the monitor end in the network when they learn or delete MAC addresses. By analyzing these messages, the monitor end can monitor users accessing the network.

How MAC information works

When a new MAC address is learned or an existing MAC address is deleted on a router, the router writes related information about the MAC address to the buffer area used to store user information. When the timer set for sending MAC address monitoring Syslog or trap messages expires, or when the buffer is used up, the router sends the Syslog or trap messages to the monitor end immediately.

Configuring MAC information

Enabling MAC information globally

To enable MAC information globally:

To do… Use the command… Remarks

1. Enter system view

2. Enable MAC information

globally

Enabling MAC information on an interface

To enable MAC information on an interface:

To do… Use the command… Remarks

1. Enter system view

2. Enter Layer 2 Ethernet

interface view

3. Enable MAC information on

the interface

system-view —

mac-address information enable

system-view —

interface interface-type interface-number

mac-address information enable

{ added | deleted }

Required

Disabled by default

—

Required

Disabled by default

To enable MAC information on an Ethernet interface, enable MAC information globally first.

Configuring MAC information mode

To configure MAC information mode:

To do… Use the command… Remarks

1. Enter system view

system-view —

2. Configure MAC information

mode

mac-address information mode { syslog | trap }

Optional

trap by default

Configuring the interval for sending Syslog or trap messages

To prevent Syslog or trap messages from being sent too frequently, set the interval for sending Syslog or trap messages.

To set the interval for sending Syslog or trap messages:

To do… Use the command… Remarks

1. Enter system view

2. Set the interval for sending

Syslog or trap messages

system-view

mac-address information interval

interval-time

—

Optional

One second by default

Configuring the MAC information queue length

To avoid losing user MAC address information, when the buffer storing user MAC address information is used up, the user MAC address information in the buffer is sent to the monitor end in the network, even if the timer set for sending MAC address monitoring Syslog or trap messages has not expired yet.

To configure the MAC information queue length:

To do… Use the command… Remarks

1. Enter system view

2. Configure the MAC

information queue length

system-view —

mac-address information queue-length value

Optional

50 by default

MAC information configuration example

Network requirements

As shown in Figure 2:

• Host A is connected to a remote server (Server) through Router.

• Enable MAC information on GigabitEthernet 4/0/1 on Router. Router sends MAC address changes

in Syslog messages to Host B through GigabitEthernet 4/0/3. Host B analyzes and displays the Syslog messages.

Figure 2 Network diagram for MAC information configuration

Configuration procedure

1. Configure Router to send Syslog messages to Host B.

For more information, see Network Management and Monitoring Configuration Guide.

2. Enable MAC information.

# Enable MAC information on Router.

<Router> system-view

[Router] mac-address information enable

# Configure MAC information mode as Syslog.

[Router] mac-address information mode syslog

# Enable MAC information on GigabitEthernet 4/0/1.

[Router] interface gigabitethernet 4/0/1

[Router-GigabitEthernet4/0/1] mac-address information enable added

[Router-GigabitEthernet4/0/1] mac-address information enable deleted

[Router-GigabitEthernet4/0/1] quit

# Set the MAC information queue length to 100.

[Router] mac-address information queue-length 100

# Set the interval for sending Syslog or trap messages to 20 seconds.

[Router] mac-address information interval 20

Ethernet link aggregation configuration

The SAP cards support the feature only when they work in Layer 2 mode.

The SAP cards can be installed on distributed routers only.

Ethernet link aggregation, or simply link aggregation, combines multiple physical Ethernet ports into one logical link, called an aggregate link. Link aggregation delivers the following benefits:

• Increases bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed

across the member ports.

• Improves link reliability. The member ports back up one another dynamically. When a member port

fails, its traffic is switched to other member ports automatically.

As shown in Figure 3, Devic physical Ethernet links are combined into an aggregate link, Link aggregation 1. The bandwidth of this aggregate link is as high as the total bandwidth of these three physical Ethernet links. At the same time, the three Ethernet links back up one another.

Figure 3 Diagram for Ethernet link aggregation

e A and Device B are connected by three physical Ethernet links. These

Basic concepts

Aggregation group, member port, aggregate interface

Link aggregation is implemented through link aggregation groups. An aggregation group is a group of Ethernet interfaces combined together, which are called member ports of the aggregation group. For each aggregation group, a logical interface, called an aggregate interface, is created. To an upper layer entity that uses the link aggregation service, a link aggregation group looks like a single logical link and data traffic is transmitted through the aggregate interface.

Aggregate interfaces have the following types: BAGG interfaces, also called Layer 2 aggregate interfaces, and RAGG interfaces, also called Layer 3 aggregate interfaces. When you create an aggregate interface, the switch automatically creates an aggregation group of the same type and number as the aggregate interface. For example, when you create interface Bridge-aggregation 1, Layer 2 aggregation group 1 is created.

Assign Layer 2 Ethernet interfaces only to a Layer 2 aggregation group, and Layer 3 Ethernet interfaces only to a Layer 3 aggregation group.

On a Layer 3 aggregate interface, you can create subinterfaces. These subinterfaces are logical interfaces that operate at the network layer. They can receive VLAN tagged packets for their Layer 3 aggregate interface.

The rate of an aggregate interface equals the total rate of its member ports in the selected state, and its duplex mode is the same as the selected member ports. For more information about the states of member ports in an aggregation group, see “Aggregation states of member ports in an aggregation group.”

Aggregation states of member ports in an aggregation group

A member port in an aggregation group can be in either of the following aggregation states:

• Selected: A selected port can forward user traffic.

• Unselected: An unselected port cannot forward user traffic.

Operational key

When aggregating ports, the system automatically assigns each port an operational key based on port information such as port rate and duplex mode. Any change to this information triggers a recalculation of the operational key.

In an aggregation group, all selected member ports are assigned the same operational key.

Configuration classes

Every configuration setting on a port may affect its aggregation state. Port configurations fall into the following classes:

• Port attribute configurations, including port rate, duplex mode, and link status (up/down), which are

the most basic port configurations.

• Class-two configurations, as described in Table 1. A member port c

an be placed in the selected

state only if it has the same class-two configurations as the aggregate interface.

Table 1 Class-two configurations

Feature Considerations

Port isolation

QinQ

VLAN

MAC address learning

Whether the port has joined an isolation group, and the isolation group to which the port belongs

QinQ enable state (enable/disable), TPID for VLAN tags, outer VLAN tags to be added, inner-to-outer VLAN priority mappings, inner-to-outer VLAN tag mappings, inner VLAN ID substitution mappings

Permitted VLAN IDs, PVID, link type (trunk, hybrid, or access), IP subnet-based VLAN configuration, protocol-based VLAN configuration, VLAN tagging mode

MAC address learning capability, MAC address learning limit, forwarding of frames with unknown destination MAC addresses after the MAC address learning limit is reached

Class-two configurations made on an aggregate interface are automatically synchronized to all its member ports. These configurations are retained on the member ports even after the aggregate interface is removed.

Any class-two configuration change may affect the aggregation state of link aggregation member ports and ongoing traffic. To make sure that you are aware of the risk, the system displays a warning message every time you attempt to change a class-two configuration setting on a member port.

• Class-one configurations do not affect the aggregation state of the member port even if they are

different from those on the aggregate interface. GVRP and MSTP settings are examples of class-one configurations.

The class-one configuration for a member port is effective only when the member port leaves the aggregation group.

Reference port

When setting the aggregation state of the ports in an aggregation group, the system automatically picks a member port as the reference port. A selected port must have the same port attributes and class-two configurations as the reference port.

LACP

The IEEE 802.3ad LACP enables dynamic aggregation of physical links. It uses LACPDUs for exchanging aggregation information between LACP-enabled devices.

1. LACP functions

Table 2 LACP functions

Category Description

Basic LACP functions

2. LACP priorities

Implemented through the basic LACPDU fields, including the system LACP priority, system MAC address, port aggregation priority, port number, and operational key.

Each member port in a LACP-enabled aggregation group exchanges information with its peer. When a member port receives an LACPDU, it compares the received information with the information received on the other member ports. In this way the two systems reach an agreement on which ports should be placed in the selected state.

LACP priorities have the following types: system LACP priority and port aggregation priority, as described in Table 3.

Table 3 LACP priorities

e Description Remarks

Used by two peer devices (or systems) to determine which one is

System LACP priority

Port aggregation priority

3. LACP timeout interval

superior in link aggregation.

In dynamic link aggregation, the system that has higher system LACP priority sets the selected state of member ports on its side first and then the system that has lower priority sets port state accordingly.

Determines the likelihood of a member port to be selected on a system. The higher port aggregation priority, the higher likelihood.

The smaller the priority value, the higher the priority

The LACP timeout interval specifies how long a member port waits to receive LACPDUs from the peer port. If a local member port fails to receive LACPDUs from the peer within three times the LACP timeout interval, the member port assumes that the peer port has failed. Configure the LACP timeout interval as the short timeout interval (1 second) or the long timeout interval (30 seconds).

Link aggregation modes

Link aggregation has the following modes: dynamic and static. Dynamic link aggregation uses LACP and static link aggregation does not. Table 4 c

Table 4 A comparison between static and dynamic aggregation modes

ompares the two aggregation modes.

Aggregatio n mode

Static Disabled

Dynamic Enabled

LACP status on member

orts

Pros Cons

Aggregation is stable. The aggregation state of the member ports are not affected by the peer ports.

The administrator does not need to maintain link aggregations. The peer systems maintain the aggregation state of the member ports automatically.

In a dynamic link aggregation group:

• A selected port can receive and send LACPDUs.

• An unselected port can receive and send LACPDUs only if it is up and has the same class-two

configurations as the aggregate interface.

Aggregating links in static mode

LACP is disabled on the member ports in a static aggregation group. You must manually maintain the aggregation state of the member ports.

The member ports do not adjust the aggregation state according to that of the peer ports. The administrator must manually maintain link aggregations.

Aggregation is unstable. The aggregation state of member ports is susceptible to network changes.

The static link aggregation procedure comprises:

• Selecting a reference port

• Setting the aggregation state of each member port

Selecting a reference port

The system selects a reference port from the member ports that are in the up state and have the same class-two configurations as the aggregate interface.

The candidate ports are sorted by aggregation priority, duplex, and speed in this order: lowest aggregation priority value, full duplex/high speed, full duplex/low speed, half duplex/high speed, and half duplex/low speed. The one at the top is selected as the reference port. If two ports have the same aggregation priority, duplex mode, and speed, the one with the lower port number wins out.

Setting the aggregation state of each member port

After selecting the reference port, the static aggregation group sets the aggregation state of each member port, as shown in Figure 4.

Figure 4 Set the aggregation state of a member port in a static aggregation group

To ensure stable aggregation state and service continuity, do not change port attributes or class-two configurations on any member port.

If a static aggregation group has reached the limit on selected ports, any port joins the group is placed in the unselected state to avoid traffic interruption on the current selected ports. Avoid this situation, however, because it may cause the aggregation state of a port to change after a reboot.

Aggregating links in dynamic mode

LACP is automatically enabled on all member ports in a dynamic aggregation group. The protocol automatically maintains the aggregation state of ports.

The dynamic link aggregation procedure comprises:

• Selecting a reference port

• Setting the aggregation state of each member port

Selecting a reference port

The local system (the actor) and the remote system (the partner) negotiate a reference port using the following workflow:

1. Compare the system ID (comprising the system LACP priority and the system MAC address). The

system with the lower LACP priority value wins out. If they are the same, compare the system MAC addresses. The system with the lower MAC address wins.

2. The system with the smaller system ID selects the port with the smallest port ID as the reference port.

A port ID comprises a port aggregation priority and a port number. The port with the lower

aggregation priority value wins out. If two ports have the same aggregation priority, the system compares their port numbers. The port with the smaller port number wins.

Setting the aggregation state of each member port

After the reference port is selected, the system with the lower system ID sets the state of each member port in the dynamic aggregation group on its side as shown in Figure 5.

Figure 5 Set the state o

f a member port in a dynamic aggregation group

Meanwhile, the system with the higher system ID, being aware of the aggregation state changes on the remote system, sets the aggregation state of local member ports the same as their peer ports.

To ensure stable aggregation state and service continuity, do not change port attributes or class-two configurations on any member port.

In a dynamic aggregation group, when the aggregation state of a local port changes, the aggregation state of the peer port also changes.

A port that joins a dynamic aggregation group after the selected port limit has been reached is placed in the selected state if it is more eligible for being selected than a current member port.

Load sharing criteria for link aggregation groups

In a link aggregation group, traffic may be load-shared across the selected member ports based on a set of criteria, depending on your configuration.

Choose one of the following criteria or any combination for load sharing:

• MAC addresses

• IP addresses

Alternatively, configure the system to perform per-packet link aggregation.

Ethernet link aggregation configuration task list

Complete the following tasks to configure Ethernet link aggregation:

Task Remarks

Configuring an aggregation group

Configuring an aggregate interface

Configuring load sharing for link aggregation groups

Configuring a static aggregation group

Configuring a dynamic aggregation group

Configuring the description of an aggregate interface or subinterface

Configuring the MTU of a Layer 3 aggregate interface or subinterface

Specifying a card to process or forward traffic for a Layer 3 aggregate interface

Enabling link state traps for an aggregate interface Optional

Shutting down an aggregate interface Optional

Configuring the global link-aggregation load sharing criteria

Configuring group-specific load sharing criteria Optional

Configuring an aggregation group

Choose to create a Layer 2 or Layer 3 link aggregation group depending on the ports to be aggregated:

Select either task

Optional

• To aggregate Layer 2 Ethernet interfaces, create a Layer 2 link aggregation group.

• To aggregate Layer 3 Ethernet interfaces, create a Layer 3 link aggregation group.

Configuration guidelines

Removing an aggregate interface also removes the corresponding aggregation group. At the same time, all member ports leave the aggregation group.

You cannot assign a port to a Layer 2 aggregation group if any of the features listed in Table 5 is conf

igured on the port.

Table 5 Features incompatible with Layer 2 aggregation groups

Feature Reference

RRPP RRPP in the High Availability Configuration Guide

MAC authentication

Port security Port security in the Security Configuration Guide

Packet filtering Firewall in the Security Configuration Guide

Ethernet frame filtering Firewall in the Security Configuration Guide

IP source guard IP source guard in the Security Configuration Guide

802.1X 802.1X in the Security Configuration Guide

Ports specified as source interfaces in portal-free rules

MAC authentication in the Security Configuration Guide

Portal in the Security Configuration Guide

You cannot assign a port to a Layer 3 aggregation group if any of the features listed in Table 6 is configured on the port.

Table 6 Interfaces that cannot be assigned to a Layer 3 aggregation group

Interface type Reference

Interfaces configured with IP addresses IP addressing in the Layer 3—IP Services Configuration Guide

Interfaces configured as DHCP/BOOTP clients

DHCP in the Layer 3—IP Services Configuration Guide

VRRP VRRP in the High Availability Configuration Guide

Portal Portal in the Security Configuration Guide

If a port is used as a reflector port for port mirroring, do not assign it to an aggregation group. For more information about reflector ports, see Network Management and Monitoring Configuration Guide.

Configuring a static aggregation group

To guarantee a successful static aggregation, make sure that the ports at both ends of each link are in the same aggregation state.

Configuring a Layer 2 static aggregation group

To configure a Layer 2 static aggregation group:

To do... Use the command... Remarks

1. Enter system view

2. Create a Layer 2 aggregate

interface and enter Layer 2 aggregate interface view

system-view —

interface bridge-aggregation

interface-number

Required.

When you create a Layer 2 aggregate interface, the system automatically creates a Layer 2 static aggregation group numbered the same.

3. Exit to system view

quit —

To do... Use the command... Remarks

4. Enter Layer 2 Ethernet

interface view

5. Assign the Ethernet interface

to the aggregation group

interface interface-type interface-number

port link-aggregation group

number

Configuring a Layer 3 static aggregation group

To configure a Layer 3 static aggregation group:

To do... Use the command... Remarks

1. Enter system view

2. Create a Layer 3 aggregate

interface and enter Layer 3 aggregate interface view

3. Exit to system view

4. Enter Layer 3 Ethernet

interface view

5. Assign the Ethernet interface

to the aggregation group

system-view —

interface route-aggregation

interface-number

quit —

interface interface-type

interface-number

port link-aggregation group

number

Required.

Repeat these two steps to assign more Layer 2 Ethernet interfaces to the aggregation group.

Required.

When you create a Layer 3 aggregate interface, the system automatically creates a Layer 3 static aggregation group numbered the same.

Required.

Repeat these two steps to assign more Layer 3 Ethernet interfaces to the aggregation group.

Configuring a dynamic aggregation group

To guarantee a successful dynamic aggregation, make sure that the peer ports of the ports aggregated at one end are also aggregated. The two ends can automatically negotiate the aggregation state of each member port.

Configuring a Layer 2 dynamic aggregation group

To configure a Layer 2 dynamic aggregation group:

To do... Use the command... Remarks

1. Enter system view

2. Set the system LACP priority

system-view —

lacp system-priority system-priority

Optional.

By default, the system LACP priority is 32,768.

Changing the system LACP priority may affect the aggregation state of the ports in a dynamic aggregation group.

To do... Use the command... Remarks

Required.

3. Create a Layer 2 aggregate

interface and enter Layer 2 aggregate interface view

interface bridge-aggregation

interface-number

When you create a Layer 2 aggregate interface, the system automatically creates a Layer 2 static aggregation group numbered the same.

4. Configure the aggregation

group to work in dynamic aggregation mode

5. Exit to system view

6. Enter Layer 2 Ethernet

interface view

7. Assign the Ethernet interface

to the aggregation group

8. Assign the port an

aggregation priority

9. Set the LACP timeout interval

on the port to the short timeout interval (1 second)

Required.

link-aggregation mode dynamic

quit —

interface interface-type

interface-number

port link-aggregation group

number

link-aggregation port-priority port-priority

lacp period short

By default, an aggregation group works in static aggregation mode.

Required.

Repeat these two steps to assign more Layer 2 Ethernet interfaces to the aggregation group.

Optional.

By default, the aggregation priority of a port is 32,768.

Changing the aggregation priority of a port may affect the aggregation state of the ports in the dynamic aggregation group.

Optional.

By default, the LACP timeout interval on a port is the long timeout interval (30 seconds).

Configuring a Layer 3 dynamic aggregation group

To configure a Layer 3 dynamic aggregation group:

To do... Use the command... Remarks

1. Enter system view

2. Set the system LACP

priority

3. Create a Layer 3

aggregate interface and enter Layer 3 aggregate interface view

system-view —

lacp system-priority system-priority

interface route-aggregation

interface-number

Optional.

By default, the system LACP priority is 32,768.

Changing the system LACP priority may affect the aggregation state of the ports in the dynamic aggregation group.

Required.

When you create a Layer 3 aggregate interface, the system automatically creates a Layer 3 static aggregation group numbered the same.

To do... Use the command... Remarks

4. Configure the

aggregation group to work in dynamic aggregation mode

link-aggregation mode dynamic

Required.

By default, an aggregation group works in static aggregation mode.

5. Exit to system view

6. Enter Layer 3 Ethernet

interface view

7. Assign the Ethernet

interface to the aggregation group

8. Assign the port an

aggregation priority

9. Set the LACP timeout

interval on the port to the short timeout interval (1 second)

quit —

interface interface-type

interface-number

port link-aggregation group

number

link-aggregation port-priority port-priority

lacp period short

Required.

Repeat these two steps to assign more Layer 3 Ethernet interfaces to the aggregation group.

Optional.

By default, the aggregation priority of a port is 32,768.

Changing the aggregation priority of a port may affect the aggregation state of ports in the dynamic aggregation group.

Optional.

By default, the LACP timeout interval on a port is the long timeout interval (30 seconds).

Configuring an aggregate interface

Perform the following configurations on an aggregate interface:

• Configuring the description of an aggreg

• Configuring the MTU of a Layer 3 aggregate interface or su

• Specifying a card to process or forward traffic

ate interface or subinterface

binterface

for a Layer 3 aggregate interface

• Enabling link state traps for an aggregate interface

• Shutting down an aggregate interface

In addition to the prec

eding configurations, most of the configurations that can be performed on Layer 2

or Layer 3 Ethernet interfaces can also be performed on Layer 2 or Layer 3 aggregate interfaces.

Configuring the description of an aggregate interface or subinterface

Configure the description of an aggregate interface for administration purposes such as describing the purpose of the interface.

To configure the description of an aggregate interface or subinterface:

To do... Use the command... Remarks

1. Enter system view

system-view —

To do... Use the command... Remarks

Enter Layer 2 aggregate

2. Enter

aggregate interface view

3. Configure the description

of the aggregate interface or subinterface

interface view

Enter Layer 3 aggregate interface or subinterface view

interface bridge-aggregation interface-number

interface route-aggregation

{ interface-number | interface-number.subnumber }

description text

Use either command.

Optional.

By default, the description of an interface is in the format of

interface-name Interface, such as Bridge-Aggregation1 Interface.

Configuring the MTU of a Layer 3 aggregate interface or subinterface

The MTU of an interface affects IP packets fragmentation and reassembly on the interface.

To change the MTU of a Layer 3 aggregate interface or subinterface:

To do... Use the command... Remarks

1. Enter system view

2. Enter Layer 3 aggregate

interface or subinterface view

3. Configure the MTU of the

Layer 3 aggregate interface or subinterface

system-view —

interface route-aggregation

{ interface-number | interface-number.subnumber }

mtu size

—

Optional

1500 bytes by default

Specifying a card to process or forward traffic for a Layer 3 aggregate interface

If you do not specify a card to process or forward traffic for a Layer 3 aggregate interface whose member ports are located on different cards, the traffic may be processed or forwarded by different cards from time to time due to changes in the selected ports.

If you unplug the card configured to process traffic for a Layer 3 aggregate interface, traffic on the Layer 3 aggregate interface is interrupted. After you plug the card back in, the traffic is restored.

On a distributed router, use this feature to specify a card to process or forward traffic for a Layer 3 aggregate interface.

To specify a card to process or forward traffic for a Layer 3 aggregate interface:

To do... Use the command... Remarks

1. Enter system view

2. Enter Layer 3 aggregate

interface view

3. Specify a card to process or

forward traffic for the current interface

system-view —

interface route-aggregation interface-number

service slot slot-number

—

Required.

By default, traffic on a Layer 3 aggregate interface whose member ports are located on the same card is processed or forwarded by the card that houses the member ports, and traffic on a Layer 3 aggregate interface whose member ports are located on different cards is processed or forwarded by the card that houses the first selected member port.

Enabling link state traps for an aggregate interface

Configure an aggregate interface to generate linkUp trap messages when its link goes up and linkDown trap messages when its link goes down. For more information, see Network Management and Monitoring Configuration Guide.

To enable link state traps on an aggregate interface:

To do... Use the command... Remarks

1. Enter system view

2. Enable the trap function

globally

Enter Layer 2 aggregate

3. Enter

aggregate interface view

4. Enable link state traps for

the aggregate interface

interface view

Enter Layer 3 aggregate interface or subinterface view

system-view

snmp-agent trap enable [ standard [ linkdown | linkup ] * ]

interface bridge-aggregation interface-number

interface route-aggregation

{ interface-number | interface-number.subnumber }

enable snmp trap updown

Shutting down an aggregate interface

Shutting down or bringing up an aggregate interface affects the aggregation state and link state of ports in the corresponding aggregation group in the following ways:

—

Optional.

By default, link state trapping is enabled globally and on all interfaces.

Required.

Use either command.

Optional.

Enabled by default.

• When an aggregate interface is shut down, all selected ports in the corresponding aggregation

group become unselected and their link state becomes down.

+ 193 hidden pages

HP A6600 Layer 2 - LAN Switching Configuration Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

MAC address table configuration

How a MAC address table entry is created

Types of MAC address table entries

MAC address table-based frame forwarding

Configuring the MAC address table

Configuring static, dynamic, and blackhole MAC address table entries

Disabling MAC address learning

Configuring the aging timer for dynamic MAC address entries

Configuring the MAC learning limit on ports

Displaying and maintaining MAC address tables

MAC address table configuration example

MAC information configuration

How MAC information works

Configuring MAC information

Enabling MAC information globally

Enabling MAC information on an interface

Configuring MAC information mode

Configuring the interval for sending Syslog or trap messages

Configuring the MAC information queue length

MAC information configuration example

Ethernet link aggregation configuration

Basic concepts

Aggregating links in static mode

Aggregating links in dynamic mode

Load sharing criteria for link aggregation groups

Ethernet link aggregation configuration task list

Configuring an aggregation group

Configuration guidelines

Configuring a static aggregation group

Configuring a dynamic aggregation group

Configuring an aggregate interface

Configuring the description of an aggregate interface or subinterface

Configuring the MTU of a Layer 3 aggregate interface or subinterface

Specifying a card to process or forward traffic for a Layer 3 aggregate interface

Enabling link state traps for an aggregate interface

Shutting down an aggregate interface