H3c-technologies H3C WX5500E Series Access Controllers Manuel d'utilisateur

H3C WX5540E Access ControllerSwitching EngineLayer 2-LAN Switching Configuration Guide Hangzhou H3C Technologies Co., Ltd. http:

v Security mode and normal mode of voice VLANs ··························································································· 149Configu

89 Figure 22 Rapid state transition of an RSTP designated port If the upstream device is a third-party device, the rapid state transition implemen

90 Configuration example Network requirements As shown in Figure 23, Device A connects to a third-party device that has a different spanning tree imp

91 Configure BPDU guard on a device with edge ports configured. BPDU guard does not take effect on loopback testing-enabled ports. For more informati

92 transition to the forwarding state, resulting in loops in the switched network. The loop guard function can suppress the occurrence of such loops.

93 Step Command Remarks 3. Configure the maximum number of forwarding address entry flushes that the device can perform every 10 seconds. stp tc-pro

94 Task Command Remarks Display the statistics of TC/TCN BPDUs sent and received by all ports in the specified MSTI or all MSTIs. display stp [ insta

95 Figure 24 Network diagram Configuration procedure 1. Configure VLANs and VLAN member ports. (Details not shown.) Create VLAN 10, VLAN 20, and V

96 [DeviceB-mst-region] region-name example [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] inst

97 6. Verify the configuration: In this example, suppose Device B has the lowest root bridge ID. As a result, Device B is elected as the root bridge

98 Figure 25 MSTIs mapped to different VLANs PVST configuration example Network requirements As shown in Figure 26: • Device A and Device B work a

vi Configuring service loopback groups ···············································································································

99 Configuration procedure 1. Configure VLANs and VLAN member ports. (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on Device A and Devic

100 VLAN Port Role STP State Protection 10 GigabitEthernet1/0/1 DESI DISCARDING

101 Figure 27 Spanning trees mapped to different VLANs

102 Configuring BPDU tunneling This chapter describes how to configure BPDU tunneling. Overview As a Layer 2 tunneling technology, BPDU tunneling ena

103 • CDP • DLDP • EOAM • GVRP • HGMP • LACP • LLDP • PAGP • PVST • STP • UDLD • VTP BPDU tunneling implementation The BPDU tunneling imp

104 Figure 29 BPDU tunneling implementation The upper section of Figure 29 represents the service provider network (ISP network). The lower section

105 • Before you enable BPDU tunneling for DLDP, EOAM, GVRP, HGMP, LLDP, or STP on a port, disable the protocol on the port. • Because PVST is a s

106 For BPDUs to be recognized, the destination multicast MAC addresses configured for BPDU tunneling must be the same on the edge devices on the ser

107 [PE1] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0 # Create VLAN 2 and assign GigabitEthernet 1/0/1 to VLAN 2. [PE1] vlan 2 [PE1-vlan2] quit [PE1] int

108 Figure 31 Network diagram Configuration procedure 1. Configure PE 1: # Configure the destination multicast MAC address for BPDUs as 0x0100-0CC

1 Configuring Ethernet interfaces Ethernet interface naming conventions The Ethernet interfaces on the WX5540E switching engines are named in the form

109 Configuring VLANs This chapter describes how to configure VLANs. Overview Ethernet is a shared-media network based on the CSMA/CD mechanism. A l

110 VLAN frame encapsulation In order that a Layer 2 switch can identify frames of different VLANs, a VLAN tag field is inserted into the data link l

111 VLAN types You can implement VLANs based on the following criteria: • Port • MAC address • Protocol • IP subnet • Policy • Other criteria

112 Step Command Remarks 4. Configure a name for the VLAN. name text Optional. The default name is VLAN vlan-id, which is the ID of the VLAN. For ex

113 Step Command Remarks 7. Cancel the action of manually shutting down the VLAN interface. undo shutdown Optional. By default, a VLAN interface is

114 [SwitchA-Vlan-interface10] return 2. Configure the default gateway of PC A as 192.168.0.10. 3. Configure the default gateway of PC B as 192.168

115 of the port changes to VLAN 1. However, the removal of the VLAN specified as the PVID of a trunk or hybrid port does not affect the PVID setting

116 Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view or port group view. • Enter Layer 2 Ethernet interface vie

117 Step Command Remarks 2. Enter interface view or port group view. • Enter Layer 2 Ethernet interface view: interface interface-type interface-nu

118 Step Command Remarks 2. Enter interface view or port group view. • Enter Layer 2 Ethernet interface view: interface interface-type interface-nu

2 Step Command Remarks 4. Set the duplex mode of the interface. duplex { auto | full | half } Optional. By default, the duplex mode is auto. 5. Set

119 Figure 36 Network diagram Configuration procedure 1. Configure Device A: # Create VLAN 100, and assign port GigabitEthernet 1/0/1 to VLAN 100.

120 Untagged Ports: GigabitEthernet1/0/1 [DeviceA-GigabitEthernet1/0/3] display vlan 200 VLAN ID: 200 VLAN Type: static Route Interface: not

121 Dynamic MAC-based VLAN assignment When you cannot determine the target MAC-based VLANs of a port, you can use dynamic MAC-based VLAN assignment o

122 Figure 37 Flowchart for processing a frame in dynamic MAC-based VLAN assignment When you configure dynamic MAC-based VLAN assignment, follow th

123 • The MAC-based VLAN feature is mainly configured on downlink ports of user access devices. Do not enable this function together with link aggre

124 Step Command Remarks 2. Associate MAC addresses with a VLAN. mac-vlan mac-address mac-address vlan vlan-id [ priority priority ] With dynamic MA

125 Configure MAC-based VLANs, so that each laptop is able to access only its own department server, no matter which meeting room it is used in. Figu

126 [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type hybrid [DeviceA-GigabitEthernet1/0/1] port hybrid vlan 10

127 Total MAC VLAN address count:2 Configuration guidelines 1. MAC-based VLAN can be configured only on hybrid ports. 2. MAC-based VLAN is usuall

128 Step Command Remarks 3. Create a protocol template for the VLAN. protocol-vlan [ protocol-index ] { at | ipv4 | ipx { ethernetii | llc | raw | s

3 • Rx mode—Enables an interface to receive but not send common pause frames. In Figure 1, when both Port A and Port B forward packets at 1000 Mbps,

129 Step Command Remarks 1. Enter system view. system-view N/A 2. Enter VLAN view. vlan vlan-id N/A 3. Associate an IP subnet with the VLAN. ip-s

130 Figure 39 Network diagram Configuration considerations • Create VLANs 100 and 200. • Associate IP subnets with the VLANs. • Assign ports to

131 Please wait... Done. [DeviceC-GigabitEthernet1/0/12] quit # Associate interface GigabitEthernet 1/0/1 with IP subnet-based VLANs 100 and 200. [D

132 Task Command Remarks Display MAC address-to-VLAN entries. display mac-vlan { all | dynamic | mac-address mac-address [ mask mac-mask ] | static |

133 Configuring super VLANs Super VLAN, also called VLAN aggregation, was introduced to save IP address space. A super VLAN is associated with multi

134 Step Command Remarks 2. Enter VLAN view. vlan vlan-id If the specified VLAN does not exist, this command creates the VLAN first, and then enters

135 • Assign GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to VLAN 2, GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 to VLAN 3, and GigabitEthern

136 Verifying the configuration # Display information about VLAN 10, the super VLAN, to verify the configuration. <Sysname> display supervlan

137 Name: VLAN 0005 Tagged Ports: none Untagged Ports: GigabitEthernet1/0/5 GigabitEthernet1/0/6

138 Configuring isolate-user-VLANs An isolate-user-VLAN uses a two-tier VLAN structure. In this approach, both an isolate-user-VLAN and secondary VLA

4 the physical link is still down when the timer expires, the interface reports the link-down event to the upper layers. Link-up event suppression en

139 { The latter configures a port to permit packets from only one isolate-user-VLAN to pass through. Configuration procedure To configure an isola

140 Step Command Remarks 9. Configure the uplink port for the isolate-user-VLAN. a. Enter Layer 2 Ethernet or aggregate interface view: interface i

141 Isolate-user-VLAN configuration example Network requirements As shown in Figure 42, connect Device A to downstream devices Device B and Device C.

142 [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port access vlan 3 [DeviceB-GigabitEthernet1/0/1] port isolate-user-vlan

143 GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/5 VLAN ID: 2 VLAN Type: static Isolate-user-VLAN type

144 Figure 43 Network diagram Configuration procedure 1. Configure Device B: # Configure VLAN 5 and VLAN 10 as isolate-user-VLANs. <DeviceB>

145 [DeviceB-GigabitEthernet1/0/2] port access vlan 2 [DeviceB-GigabitEthernet1/0/2] port isolate-user-vlan host [DeviceB-GigabitEthernet1/0/2] quit

146 VLAN ID: 2 VLAN Type: static Isolate-user-VLAN type : secondary Route Interface: not configured Description: VLAN 0002 Name: VLAN 0002

147 Configuring voice VLANs This chapter describes how to configure voice VLANs. Overview A voice VLAN is configured for voice traffic. After assign

148 it automatically assigns the receiving port to the voice VLAN, issues ACL rules and configures the packet precedence. You can configure a voice V

5 • The speed, duplex, mdi, and shutdown commands are not available during loopback testing. • During loopback testing, the Ethernet interface opera

149 Table 15 Required configurations on ports of different link types for supporting tagged voice traffic Port link type Voice VLAN assignment modes

150 Table 17 How a voice VLAN-enabled port processes packets in security and normal mode Voice VLAN mode Packet processing mode Security mode • For

151 QoS priority settings. You can configure the device either to modify or not to modify the QoS priority settings that the incoming voice traffic c

152 delivering them to the CPU. As a result, the receiving port will not be dynamically assigned to the corresponding VLAN. To set a port to operate

153 Step Command Remarks 3. Add a recognizable OUI address. voice vlan mac-address oui mask oui-mask [ description text ] Optional. By default, each

154 • The MAC address of IP phone A is 0011-1100-0001. The phone connects to a downstream device named PC A whose MAC address is 0022-1100-0002 and

155 [DeviceA-GigabitEthernet1/0/1] port link-type hybrid # (Optional.) Configure GigabitEthernet 1/0/1 to operate in automatic voice VLAN assignment

156 OUI address of 0011-2200-0000, a mask of ffff-ff00-0000, and a description string of test to be forwarded in the voice VLAN. Figure 47 Network d

157 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3com phone # Display the states of voice VLANs. <DeviceA> dis

158 Configuring GVRP This section describes how to configure GVRP. Overview The Generic Attribute Registration Protocol (GARP) provides a generic fr

6 Enabling auto power-down With the auto power-down function, the system automatically stops supplying power to an interface if the interface is in th

159 • Join messages A GARP participant sends Join messages when it wishes to declare its attribute values or receives Join messages from other GARP

160 When a GARP application is enabled, it starts a LeaveAll timer. The GARP participant sends a LeaveAll message when the timer expires. Then, the L

161 Field Description Value Attribute type Defined by the GARP application. 0x01 for GVRP, indicating the VLAN ID attribute. Attribute list Conta

162 • Forbidden mode—Disables the trunk port from registering or withdrawing dynamic VLAN information, and allows the port to send declarations only

163 Configuration procedure To configure GVRP functions on a trunk port: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable GV

164 Step Command Remarks 3. Enter Ethernet interface view. • Enter Ethernet interface view or Layer 2 aggregate interface view: interface interface

165 Task Command Remarks Display GVRP statistics on ports. display gvrp statistics [ interface interface-list ] [ | { begin | exclude | include } reg

166 <DeviceB> system-view [DeviceB] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, and assign it to all VLANs. [DeviceB] interfa

167 # Configure port GigabitEthernet 1/0/1 as a trunk port, and assign it to all VLANs. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEt

168 GVRP forbidden registration mode configuration example Network requirements As shown in Figure 52, enable GVRP and configure the forbidden regist

7 Task Remarks Configuring storm suppression Optional. Applicable to Layer 2 Ethernet interfaces. Enabling loopback detection on an Ethernet interface

169 Verifying the configuration Use the display gvrp local-vlan command to display the local VLAN information that GVRP maintains on ports. For examp

170 Configuring LLDP This chapter describes how to configure LLDP. Overview In a heterogeneous network, a standard configuration exchange platform i

171 Field Description Source MAC address MAC address of the sending port. Type Ethernet type for the upper layer protocol. It is 0x88CC for LLDP.

172 TLVs TLVs are type, length, and value sequences that carry information elements. The type field identifies the type of information, the length fi

173 Type Description Protocol Identity Indicates protocols supported on the port. An LLDPDU can carry multiple different TLVs of this type. NOTE:

174 Type Description Firmware Revision Allows a terminal device to advertise its firmware version. Software Revision Allows a terminal device to ad

175 This is the fast sending mechanism of LLDP. With this mechanism, a specific number of LLDPDUs are sent successively at 1-second intervals, to hel

176 To enable LLDP: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable LLDP globally. lldp enable By default, LLDP is globally

177 Step Command Remarks 2. Set the LLDP re-initialization delay. lldp timer reinit-delay delay Optional. The default setting is 2 seconds. Enablin

178 By default, management addresses are encoded in numeric format. If a neighbor encodes its management address in character string format, you must

8 Step Command 1. Enter system view. system-view 2. Enter Ethernet interface view. interface interface-type interface-number 3. Set speed options f

179 • If the LLDPDU transmit delay is greater than the LLDPDU transmit interval, the device uses the LLDPDU transmit delay as the transmit interval.

180 Configuring CDP compatibility To make your device work with Cisco IP phones, you must enable CDP compatibility. If your LLDP-enabled device canno

181 Step Command Remarks 3. Enter Ethernet interface view or port group view. • Enter Layer 2 Ethernet interface view: interface interface-type int

182 IMPORTANT: • When the switch is enabled to automatically discover IP phones through LLDP, you can connect at mostfive IP phones to each port of

183 Task Command Remarks Display LLDP status of a port. display lldp status [ interface interface-type interface-number ] [ | { begin | exclude | inc

184 # Enable LLDP globally. <SwitchB> system-view [SwitchB] lldp enable # Enable LLDP on GigabitEthernet1/0/1. (You can skip this step because

185 As the sample output shows, GigabitEthernet 1/0/1 of Switch A connects to an MED device, and GigabitEthernet 1/0/2 of Switch A connects to a non-

186 CDP-compatible LLDP configuration example Network requirements As shown in Figure 57, GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 of Switch A

187 [SwitchA-GigabitEthernet1/0/2] lldp compliance admin-status cdp txrx [SwitchA-GigabitEthernet1/0/2] quit Verifying the configuration # Display ne

188 Configuring service loopback groups This chapter describes how to configure service loopback groups. Overview A service loopback group contains

Copyright © 2014, Hangzhou H3C Technologies Co., Ltd. and its licensors All rights reserved No part of this manual may be reproduced or transmitted

9 Step Command Remarks 5. Set the unknown unicast suppression threshold ratio. unicast-suppression { ratio | pps max-pps | kbps max-kbps } Optional.

189 Figure 58 Setting the state of each member port in a service loopback group Each time a new port is assigned to the service loopback group, the

190 • To change the service type of a service loopback group successfully, make sure the following requirements are met: { The service group has no

191 [DeviceA] service-loopback group 1 type tunnel # Disable MSTP and NDP on GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3, and then assign the

192 Configuring MVRP This section describes how to configure MVRP. Overview Multiple Registration Protocol (MRP) is an attribute registration protoc

193 Figure 59 MRP implementation MVRP registers and deregisters VLAN attributes as follows: • When a port receives the declaration of a VLAN attri

194 { When receiving a Leave message, an MRP participant sends a Leave message to all participants except the sender. • LeaveAll message { Each MR

195 MVRP registration modes The VLAN information propagated by MVRP includes not only locally, manually configured static VLAN information but also d

196 Enabling MVRP This section describes how to enable MVRP. Configuration restrictions and guidelines • MVRP can work with STP, RSTP, or MSTP, but

197 Configuring the MVRP registration mode Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. • Enter Layer 2 E

198 Step Command Remarks 5. Configure the Leave timer. mrp timer leave timer-value Optional. The default setting is 60 centiseconds. 6. Configure

10 Table 1 Actions to take upon detection of a loop condition Port type Actions No protective action is configured A protective action is configured A

199 Displaying and maintaining MVRP Task Command Remarks Display the MVRP status of the specified port and each MVRP interface in the specified VLAN.

200 Figure 60 Network diagram Configuration procedure Configuring Device A # Enter MST region view. <DeviceA> system-view [DeviceA] stp regio

201 [DeviceA] stp enable # Globally enable MVRP. [DeviceA] mvrp global enable # Configure port GigabitEthernet 1/0/1 as a trunk port, and configure i

202 # Globally enable MVRP. [DeviceB] mvrp global enable # Configure port GigabitEthernet 1/0/1 as a trunk port, and configure it to permit VLANs 20

203 [DeviceC] mvrp global enable # Configure port GigabitEthernet 1/0/1 as a trunk port, and configure it to permit all VLANs. [DeviceC] interface gi

204 [DeviceD-GigabitEthernet1/0/2] mvrp enable[DeviceD-GigabitEthernet1/0/2] quit Verifying the configuration 1. Verify the normal registration mode

205 [DeviceB] display mvrp running-status -------[MVRP Global Info]------- Global Status : Enabled Compliance-GVRP : False ----[GigabitEth

206 Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60

207 Local VLANs : 1(default), The output shows that: port GigabitEthernet 1/0/1 has learned VLAN 1 and dynamic VLAN 20 created on Device B throug

208 1(default), 10, The output shows that the dynamic VLAN information on GigabitEthernet 1/0/3 is not changed after you set the MVRP registration

11 Step Command Remarks 5. Enter Ethernet interface view or port group view. • Enter Ethernet interface view: interface interface-type interface-num

209 Index A B C D E G H I L M O P R S V A Assigning ports to the isolation group,52 B BPDU tunneling configuration examples,106 C Configuration exam

210 Displaying and maintaining loopback and null interfaces,17 Displaying and maintaining MAC address tables,25 Displaying and maintaining MVRP,199 D

12 • In normal mode, pins 1 and 2 are transmit pins, and pins 3 and 6 are receive pins. • In across mode, pins 1 and 2 are receive pins, and pins 3

13 Testing the cable connection of an Ethernet interface IMPORTANT: • Fiber ports do not support this feature. • If the link of an Ethernet port is

14 • The storm control function allows you to set the upper and lower thresholds for all three types of packets separately on the same interface. Con

15 Task Command Remarks Display traffic rate statistics over the last sampling interval. display counters rate { inbound | outbound } interface [ inte

16 Configuring loopback and null interfaces This section describes how to configure loopback and null interfaces. Configuring a loopback interface A l

17 Configuring the null interface A null interface is a completely software-based logical interface, and is always up. However, you cannot use it to f

18 Task Command Remarks Clear the statistics on the null interface. reset counters interface [ null [ 0 ] ] Available in user view.

Preface The H3C WX5540E Access Controller Switching Engine documentation set describes the software features for the H3C WX5540E Access Controller Swi

19 Bulk configuring interfaces You can enter interface range view to bulk configure multiple interfaces with the same feature instead of configuring

20 Configuration guidelines When you bulk configure interfaces in interface range view, follow these restrictions and guidelines: • In interface ran

21 Configuring the MAC address table This chapter describes how to configure the MAC address table. Overview An Ethernet device uses a MAC address t

22 To improve the port security and prevent hackers from stealing data by using forged MAC addresses, you can bind specific user devices to the port

23 Configuring static, dynamic, and blackhole MAC address entries To help prevent MAC address spoofing attacks and improve port security, you can man

24 Step Command Remarks 2. Add or modify a blackhole MAC address entry. mac-address blackhole mac-address vlan vlan-id By default, no MAC address en

25 Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the aging timer for dynamic MAC address entries. mac-address timer { a

26 Task Command Remarks Display MAC address statistics. display mac-address statistics [ | { begin | exclude | include } regular-expression ] Availab

27 [Sysname] display mac-address blackhole MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s) 000f-e235-abcd 1

28 Configuring MAC Information To monitor a network, you must monitor users who are joining and leaving the network. Because a MAC address uniquely i

Convention Description [ x | y | ... ] * Asterisk marked square brackets enclose optional syntax choices separated by vertical bars, from which you se

29 Enabling MAC Information on an interface Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Layer 2 Ethernet interface view. i

30 Step Command Remarks 1. Enter system view. system-view N/A 2. (Optional) Configure the MAC Information cache queue length. mac-address informat

31 # Set the interval for sending syslog or trap messages to 20 seconds. [Device] mac-address information interval 20

32 Configuring Ethernet link aggregation This chapter describes how to configure Ethernet link aggregation. Overview Ethernet link aggregation, or s

33 • Selected—A Selected port can forward user traffic. • Unselected—An Unselected port cannot forward user traffic. When a Selected port fails, a

34 in the section Aggregating links in static mode or Choosing a reference port in the section Aggregating links in dynamic mode. Link aggregation m

35 The smaller the priority value, the higher the priority. Table 5 LACP priorities Type Description System LACP priority Used by two peer devices (o

36 The one at the top is chosen as the reference port. If two ports have the same aggregation priority, duplex mode, and speed, the one with the lowe

37 • Choosing a reference port • Setting the aggregation state of each member port Choosing a reference port The local system (the actor) and the r

38 Meanwhile, the system with the higher system ID, which has identified the aggregation state changes on the remote system, sets the aggregation sta

Category Documents Purposes Hardware specifications and installation Compliance and safety manual Provides regulatory information and the safety instr

39 Feature Reference 802.1X 802.1X in Security Configuration Guide Ports specified as source interfaces in portal-free rules Portal in Security Conf

40 Step Command Remarks 2. Set the system LACP priority. lacp system-priority system-priority Optional. By default, the system LACP priority is 32

41 Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Layer 2 aggregate interface view. interface bridge-aggregation interface-

42 Configuration restrictions and guidelines When you set the minimum number of Selected ports for an aggregation group, follow these restrictions an

43 Configuring load sharing criteria for link aggregation groups You can determine how traffic is load-shared in a link aggregation group by configur

44 Step Command Remarks 3. Configure the load sharing criteria for the aggregation group. link-aggregation load-sharing mode { destination-ip | dest

45 Ethernet link aggregation configuration examples In an aggregation group, only ports that have the same port attributes and class-two configuratio

46 # Assign ports GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to link aggregation group 1. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA

47 Layer 2 dynamic aggregation configuration example Network requirements As shown in Figure 11: • Configure a Layer 2 dynamic aggregation group on

48 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 [Device

i Contents Configuring Ethernet interfaces ···········································································································

49 • Configure two Layer 2 static aggregation groups (1 and 2) on Device A and Device B, and enable VLAN 10 at one end of the aggregate link to comm

50 [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] port link-type trunk [DeviceA-Bridge-Aggregation1] port trunk permit vlan 1

51 [DeviceA] display link-aggregation load-sharing mode interface Bridge-Aggregation1 Load-Sharing Mode: source-mac address Bridge-Aggregation2 Lo

52 Configuring port isolation Port isolation enables isolating Layer 2 traffic for data privacy and security without using VLANs. You can also use th

53 Port isolation configuration example Network requirements As shown in Figure 13, GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, GigabitEthernet 1/0

54 Configuring spanning tree protocols As a Layer 2 management protocol, the Spanning Tree Protocol (STP) eliminates Layer 2 loops by selectively blo

55 Basic concepts in STP This section describes the basic concepts in STP. Root bridge A tree network must have a root bridge. There is only one roo

56 Path cost Path cost is a reference value used for link selection in STP. STP calculates path costs to select the most robust links and block redun

57 { If configuration BPDUs have the same root bridge ID, their root path costs are compared. For example, the root path cost in a configuration BPD

58 Device Port name Configuration BPDU on the port Device B Port B1 {1, 0, 1, Port B1} Port B2 {1, 0, 1, Port B2} Device C Port C1 {2, 0, 2, Por

ii Configuration restrictions and guidelines ·········································································································

59 Device Comparison process Configuration BPDU on ports after comparison Device C • Port C1 receives the configuration BPDU of Port A2 {0, 0, 0, P

60 Figure 16 The final calculated spanning tree The configuration BPDU forwarding mechanism of STP The configuration BPDUs of STP are forwarded ac

61 The device uses the max age to determine whether a stored configuration BPDU has expired and discards it if the max age is exceeded. RSTP RSTP ach

62 MSTP features Developed based on IEEE 802.1s, MSTP overcomes the limitations of STP, RSTP, and PVST. In addition to supporting rapid network conve

63 Figure 18 Network diagram and topology of MST region 3 MST region An MST region consists of multiple devices in a switched network and the netwo

64 IST An IST is a spanning tree that runs in an MST region. It is also called MSTI 0, a special MSTI to which all VLANs are mapped by default. In Fi

65 MSTP calculation involves the following port roles: • Root port—Forwards data for a non-root bridge to the root bridge. The root bridge does not

66 Like STP, MSTP uses configuration BPDUs to calculate spanning trees. An important difference is that an MSTP BPDU carries the MSTP configuration o

67 Configuration restrictions and guidelines • If GVRP and a spanning tree protocol are enabled on a device at the same time, GVRP packets are forwa

68 Task Remarks Configuring the timeout factor Optional. Configuring the maximum port rate Optional. Configuring path costs of ports Optional. Con

iii Setting the spanning tree mode ···················································································································

69 Task Remarks Configuring the port priority Optional. Configuring the port link type Optional. Configuring the mode a port uses to recognize and

70 Task Remarks Enabling the spanning tree feature Required. Performing mCheck Optional. Configuring protection functions Optional. MSTP configur

71 Task Remarks Configuring the mode a port uses to recognize and send MSTP packets Optional. Enabling outputting port state transition information

72 Configuration restrictions and guidelines • Two or more spanning tree devices belong to the same MST region only if they are configured to have t

73 Configuring the root bridge or a secondary root bridge You can have MSTP determine the root bridge of a spanning tree through MSTP calculation, or

74 Step Command Remarks 2. Configure the current device as a secondary root bridge. • In STP/RSTP mode: stp root secondary • In PVST mode: stp vla

75 Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the maximum hops of the MST region. stp max-hops hops The default sett

76 In the CIST of an MSTP network or each VLAN of a PVST network, the device uses the max age parameter to determine whether a configuration BPDU rec

77 Configuring the timeout factor The timeout factor is a parameter used to calculate the timeout time in the following formula: Timeout time = timeo

78 Configuring edge ports If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as

iv Configuration prerequisites ·······················································································································

79 Specifying a standard for the device to use when it calculates the default path cost CAUTION: If you change the standard that the device uses to

80 Link speed Port type Path cost IEEE 802.1d-1998 IEEE 802.1t Private standard 10 Gbps Single port 2 2000 2 Aggregate interface containing 2 Sele

81 Step Command Remarks 2. Enter interface view or port group view. • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: in

82 Step Command Remarks 2. Enter interface view or port group view. • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: in

83 Configuring the mode a port uses to recognize and send MSTP packets A port can receive and send MSTP packets in the following formats: • dot1s—80

84 Step Command Remarks 2. Enable outputting port state transition information. • In STP/RSTP mode: stp port-log instance 0 • In PVST mode: stp p

85 Step Command Remarks 1. Enter system view. system-view N/A 2. Enable the spanning tree feature globally. stp enable By default, the spanning tr

86 Step Command 2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. interface interface-type interface-number 3. Perform

87 Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view or port group view. • Enter Layer 2 Ethernet interface view

88 # Enable digest snooping on GigabitEthernet 1/0/1 of Device B and enable global digest snooping on Device B. <DeviceB> system-view [DeviceB]