H3C S3100-52P Command Manual

  • Hello! I am an AI chatbot trained to assist you with the H3C S3100-52P Command Manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Command Manual – VLAN-VPN
H3C S3100-52P Ethernet Switch Table of Contents
i
Table of Contents
Chapter 1 VLAN-VPN Configuration Commands.......................................................................1-1
1.1 VLAN-VPN Configuration Commands...............................................................................1-1
1.1.1 display port vlan-vpn ...............................................................................................1-1
1.1.2 vlan-vpn enable.......................................................................................................1-2
1.1.3 vlan-vpn inner-cos-trust...........................................................................................1-3
1.1.4 vlan-vpn priority.......................................................................................................1-3
1.1.5 vlan-vpn tpid............................................................................................................1-5
Chapter 2 Selective QinQ Configuration Commands................................................................2-1
2.1 Selective QinQ Configuration Commands.........................................................................2-1
2.1.1 mac-address-mapping ............................................................................................2-1
2.1.2 raw-vlan-id inbound.................................................................................................2-2
2.1.3 vlan-vpn vid.............................................................................................................2-3
Chapter 3 BPDU Tunnel Configuration Commands .................................................................. 3-1
3.1 BPDU Tunnel Configuration Commands...........................................................................3-1
3.1.1 bpdu-tunnel .............................................................................................................3-1
3.1.2 bpdu-tunnel tunnel-dmac ........................................................................................3-3
3.1.3 display bpdu-tunnel.................................................................................................3-4
Command Manual – VLAN-VPN
H3C S3100-52P Ethernet Switch Chapter 1 VLAN-VPN Configuration Commands
1-1
Chapter 1 VLAN-VPN Configuration Commands
1.1 VLAN-VPN Configuration Commands
1.1.1 display port vlan-vpn
Syntax
display port vlan-vpn
View
Any view
Parameters
None
Description
Use the display port vlan-vpn command to display the information about VLAN-VPN
configuration of the current system.
Related commands: vlan-vpn enable, vlan-vpn inner-cos-trust, vlan-vpn tpid.
Examples
# Display the VLAN-VPN configuration of the current system.
<Sysname> display port vlan-vpn
Ethernet1/0/6
VLAN-VPN status: enabled
VLAN-VPN VLAN: 1
VLAN-VPN inner-cos-trust status: disable
VLAN-VPN TPID: 8100
Table 1-1 Description on the fields of the display port vlan-vpn command
Field Description
Ethernet1/0/6 The port with the VLAN VPN feature enabled
VLAN-VPN status
The operation status of the VLAN VPN feature on the port
enabled indicates that VLAN VPN is enabled on the port.
You can use the vlan-vpn enable command to enable
VLAN VPN on a port.
VLAN-VPN VLAN
The VLAN corresponding to the tag that the port tags
packets with, that is, the default VLAN of the port. For
descriptions on default VLAN, refer to VLAN Operation.
Command Manual – VLAN-VPN
H3C S3100-52P Ethernet Switch Chapter 1 VLAN-VPN Configuration Commands
1-2
Field Description
VLAN-VPN
inner-cos-trust
The status of the inner-to-outer tag priority replicating
feature, enable (enabled) or disable (disabled).
You can use the vlan-vpn inner-cos-trust command to
configure the feature.
VLAN-VPN TPID
TPID value of the port, which can be configured through
the vlan-vpn tpid command.
1.1.2 vlan-vpn enable
Syntax
vlan-vpn enable
undo vlan-vpn
View
Ethernet port view
Parameters
None
Description
Use the vlan-vpn enable command to enable the VLAN-VPN feature for a port.
Use the undo vlan-vpn command to disable the VLAN-VPN feature for a port.
By default, the VLAN-VPN feature is disabled.
With the VLAN-VPN feature enabled, a received packet is tagged with the default
VLAN tag of the receiving port no matter whether or not the packet already carries a
VLAN tag.
z If the packet already carries a VLAN tag, the packet becomes a dual-tagged
packet.
z Otherwise, the packet becomes a packet carrying the default VLAN tag of the port.
You can use the display port vlan-vpn command to display the configuration
information of VLAN-VPN on the ports to verity your configuration.
After the VLAN-VPN function is enabled, you can use the vlan-vpn vid command and
the raw-vlan-id inbound command to configure the selective QinQ function. Refer to
Selective QinQ Configuration Commands for details.
Examples
# Enable the VLAN-VPN feature for Ethernet 1/0/1 port.
<Sysname> system-view
Command Manual – VLAN-VPN
H3C S3100-52P Ethernet Switch Chapter 1 VLAN-VPN Configuration Commands
1-3
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] vlan-vpn enable
1.1.3 vlan-vpn inner-cos-trust
Syntax
vlan-vpn inner-cos-trust enable
undo vlan-vpn inner-cos-trust
View
Ethernet port view
Parameters
None
Description
Use the vlan-vpn inner-cos-trust enable command to enable the inner-to-outer tag
priority replicating feature.
With the feature enabled, a port replicates the inner tag priority to the outer tag when
adding an outer tag for a packet.
Use the undo vlan-vpn inner-cos-trust command to disable the feature.
By default, the inner-to-outer tag priority replicating feature is disabled, and the switch
will use the priority of the receiving port as the outer tag priority of packets. For
descriptions on receiving port priority, refer to QoS-QoS Profile Operation.
Note that:
z This feature can be enabled only on VLAN-VPN-enabled ports.
z This command is mutually exclusive with the vlan-vpn priority command.
Examples
# Enable the inner-to-outer tag priority replicating feature for Ethernet 1/0/2.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/2
[Sysname-Ethernet1/0/2] vlan-vpn inner-cos-trust enable
1.1.4 vlan-vpn priority
Syntax
vlan-vpn priority inner-priority remark outer-priority
Command Manual – VLAN-VPN
H3C S3100-52P Ethernet Switch Chapter 1 VLAN-VPN Configuration Commands
1-4
undo vlan-vpn priority inner-priority
View
Ethernet port view
Parameters
inner-priority: 802.1p priority of the inner VLAN tag in a packet. This argument can be in
the range 0 to 7 or a keyword listed in
Table 1-2.
outer-priority: Priority for the outer VLAN tag in a packet. This argument can be in the
range 0 to 7 or a keyword listed
Table 1-2.
Table 1-2 Description on 802.1p priority
IP Precedence (decimal) Keyword
0 Best-effort
1 Background
2 Spare
3 Excellent-effort
4 Controlled-load
5 Video
6 Voice
7 Network-management
Note:
For descriptions on the 802.1p priority values and the keywords listed in Table 1-2,
refer to Qos-QoS Profile Operation.
Description
Use the vlan-vpn priority command to configure the mapping between the inner VLAN
priority and the outer VLAN priority. With the mapping configured, a port will
encapsulate a packet with the specified inner tag priority with an outer tag that has the
corresponding priority.
Use the undo vlan-vpn priority command to remove the configuration.
By default, no mapping between the inner tag priority and the outer tag priority is
configured, and the switch uses the priority of the receiving port as the outer tag priority
of packets. For descriptions on receiving port priority, refer to QoS-QoS Profile
Operation.
Command Manual – VLAN-VPN
H3C S3100-52P Ethernet Switch Chapter 1 VLAN-VPN Configuration Commands
1-5
Note that:
z This command is applicable to only the VLAN-VPN enabled ports.
z This command is mutually exclusive with the vlan-vpn inner-cos-trust command.
Examples
# Enable the inner-to-outer tag priority mapping feature for Ethernet 1/0/1. Insert outer
tags with the priorities being 5 to packets with the priorities of their inner tags being 3.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] vlan-vpn priority 3 remark 5
1.1.5 vlan-vpn tpid
Syntax
vlan-vpn tpid value
undo vlan-vpn tpid
View
Ethernet port view
Parameters
value: User-defined TPID value (in hexadecimal format), in the range 0x0001 to
0xFFFF.
Description
Use the vlan-vpn tpid command to set the TPID value for a port. With the TPID value
set on a port, the port fills the value to the TPID field of the outer tag to be added for a
packet and, upon receiving a packet, compares the TPID value with the TPID field of
the packet to determine whether the packet carries a VLAN tag or not.
Use the undo vlan-vpn tpid command to restore the default TPID value.
The default TPID value is 0x8100.
For the position and function of the TPID field in a packet, refer to VLAN Operation.
The TPID field in an Ethernet frame has the same position with the protocol type field in
a frame without a VLAN tag. To prevent other devices in the network from recognizing
the tag-encapsulated packets of the current switch as protocol packets, you are not
allowed to set the TPID value to any of the values in the table below.
Command Manual – VLAN-VPN
H3C S3100-52P Ethernet Switch Chapter 1 VLAN-VPN Configuration Commands
1-6
Table 1-3 Common Ethernet frame protocol type values
Protocol type Value
ARP 0x0806
IP 0x0800
MPLS 0x8847/0x8848
IPX 0x8137
IS-IS 0x8000
LACP 0x8809
802.1x 0x888E
Note:
Besides the default TPID value, you can configure only one TPID value on an
S3100-52P switch.
Examples
# Set the TPID value to 0x9100 for Ethernet 1/0/2 port.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/2
[Sysname-Ethernet1/0/2] vlan-vpn tpid 9100
Command Manual – VLAN-VPN
H3C S3100-52P Ethernet Switch Chapter 2 Selective QinQ Configuration Commands
2-1
Chapter 2 Selective QinQ Configuration
Commands
Note:
The selective QinQ feature is new to H3C S3100-52P Ethernet Switch.
2.1 Selective QinQ Configuration Commands
2.1.1 mac-address-mapping
Syntax
mac-address-mapping index source-vlan source-vlan-list destination-vlan
dest-vlan-id
undo mac-address-mapping { index | all }
View
Ethernet port view
Parameters
index: Index of the inter-VLAN MAC address replicating configuration to be created or
removed. This argument is in the range 0 to 7.
source-vlan source-vlan-list: Specifies a list of the IDs of the VLANs, whose MAC
address entries are to be replicated to the MAC address table of the destination VLAN.
You need to provide the source-vlan-list argument in the form of { vlan-id [ to
vlan-id ] }&<1-10>, where the VLAN ID after the to keyword must be larger than or
equal to the VLAN ID before the to keyword and &<1-10> means that you can specify
up to 10 VLANs/VLAN ranges for this argument.
dest-vlan-id: ID of the destination VLAN for replication, in the range 1 to 4094.
all: Removes all the inter-VLAN MAC address replicating configurations created on the
current port.
Description
Use the mac-address-mapping command to configure the inter-VLAN MAC address
replicating feature for a port. This feature can replicate MAC address entries of the
Command Manual – VLAN-VPN
H3C S3100-52P Ethernet Switch Chapter 2 Selective QinQ Configuration Commands
2-2
MAC address tables of specified source VLANs to the MAC address table of the
specified destination VLAN.
Use the undo mac-address-mapping command to disable this feature.
The inter-VLAN MAC address replicating feature is disabled on any port by default.
In a selective QinQ application, you can configure this feature to:
z Replicate MAC address entries in the MAC address tables of the outer VLANs
configured in selective QinQ to the MAC address table of the default VLAN of the
downlink port. This is for forwarding uplink packets to the operator network.
z Replicate MAC address entries in the MAC address table of the default VLAN of
the downlink port to the MAC address tables of all the outer VLANs configured in
selective QinQ. This is for forwarding packets from the operator network to the
user networks.
Examples
# Enable the inter-VLAN MAC address replicating feature for Ethernet1/0/1 to replicate
the MAC address entries between the MAC address table of VLAN 4 (the default VLAN)
and that of the outer VLAN 10.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] mac-address-mapping 0 source-vlan 4 destination-vlan
10
[Sysname-Ethernet1/0/1] mac-address-mapping 1 source-vlan 10
destination-vlan 4
2.1.2 raw-vlan-id inbound
Syntax
raw-vlan-id inbound vlan-id-list
undo raw-vlan-id inbound { all | vlan-id-list }
View
QinQ view
Parameters
vlan-id-list: Lists of VLAN IDs. After receiving packets of these VLANs, the switch will
encapsulate the packets with the specified outer VLAN tag. You need to provide this
argument in the form of { vlan-id [ to vlan-id ] }&<1-10>, where the VLAN ID after the to
keyword must be larger than or equal to the VLAN ID before the to keyword and
&<1-10> means that you can specify up to 10 VLANs/VLAN ranges for this argument.
Command Manual – VLAN-VPN
H3C S3100-52P Ethernet Switch Chapter 2 Selective QinQ Configuration Commands
2-3
all: Removes all configurations of encapsulating an outer VLAN tag for specified inner
VLANs in the current view.
Description
Use the raw-vlan-id inbound command to specify to encapsulate packets with the
specified inner VLAN tags with the specified outer tag. This command must be
configured on ports connecting the user network.
Use the undo raw-vlan-id inbound command to remove the configuration.
By default, the switch does not encapsulate packets with any outer VLAN tag.
Caution:
A packet cannot be tagged with different outer VLAN tags. To change the outer VLAN
tag of a packet, you need to remove the existing outer VLAN tag configuration and
configure a new outer VLAN tag.
Before configuring this command in QinQ view, you need to use the vlan-vpn vid
command to configure the outer VLAN tag to be used in the selective QinQ policy.
Related commands: vlan-vpn vid.
Examples
# Configure Ethernet 1/0/1 to add the tag of VLAN 20 as the outer tag to packets with
their inner VLAN IDs being 8 through 15.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] vlan-vpn vid 20
[Sysname-Ethernet1/0/1-vid-20] raw-vlan-id inbound 8 to 15
2.1.3 vlan-vpn vid
Syntax
vlan-vpn vid vlan-id
undo vlan-vpn vid vlan-id
View
Ethernet port view
Command Manual – VLAN-VPN
H3C S3100-52P Ethernet Switch Chapter 2 Selective QinQ Configuration Commands
2-4
Parameters
vlan-id: VLAN ID, in the range 1 to 4094.
Description
Use the vlan-vpn vid command to configure the outer VLAN tag for a selective QinQ
policy (that is, the outer VLAN tag to be used by a port to encapsulate received packets)
and to enter QinQ view.
Use the undo vlan-vpn vid command to remove the configured outer VLAN tag. Note
that this command will also remove all configurations configured by the raw-vlan-id
inbound command in QinQ view.
Before configuring this command on a port, make sure that the vlan-vpn enable
command is configured on the port.
By default, no selective QinQ policy is configured on a port.
After specifying an outer VLAN tag and enter QinQ view, you need to use the
raw-vlan-id inbound command to specify which VLANs’ packets will be encapsulated
with the specified outer VLAN tag. Otherwise, the configuration of the outer VLAN tag is
of no use.
Related commands: raw-vlan-id inbound.
Examples
# Specify Ethernet 1/0/1 add VLAN 20 tag as the outer tag to the packets with their
inner VLAN IDs being 2 through 14.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] vlan-vpn vid 20
[Sysname-Ethernet1/0/1-vid-20] raw-vlan-id inbound 2 to 14
Command Manual – VLAN-VPN
H3C S3100-52P Ethernet Switch Chapter 3 BPDU Tunnel Configuration Commands
3-1
Chapter 3 BPDU Tunnel Configuration Commands
Note:
Two features, the BPDU Tunnel support for packets of multiple protocols and adjusting
tunnel packet MAC addresses, are newly added. For details, refer to
bpdu-tunnel and
bpdu-tunnel tunnel-dmac.
3.1 BPDU Tunnel Configuration Commands
3.1.1 bpdu-tunnel
Syntax
bpdu-tunnel protocol-type
undo bpdu-tunnel { protocol-type | all }
View
Ethernet port view
Parameters
protocol-type: Protocol type, packets of which will be transmitted through a BPDU
tunnel, This argument can be a keyword listed in
Table 3-1.
Table 3-1 Description on the protocol-name argument
Value Description
cdp
Enable/Disable BPDU tunnel for CISCO discovery protocol
(CDP).
hgmp
Enable/Disable BPDU tunnel for Huawei group management
protocol (HGMP) related protocols, including neighbor
discovery protocol (NDP), neighbor topology discovery
protocol, cluster member remote control (MRC), and Huawei
authentication bypass protocol (HABP).
lacp
Enable/Disable BPDU tunnel for link aggregation control
protocol (LACP).
pagp
Enable/Disable BPDU tunnel for port aggregation protocol
(PAGP).
Command Manual – VLAN-VPN
H3C S3100-52P Ethernet Switch Chapter 3 BPDU Tunnel Configuration Commands
3-2
Value Description
pvst
Enable/Disable BPDU tunnel for per-VLAN spanning tree
(PVST).
stp
Enable/Disable BPDU tunnel for spanning tree protocol (STP).
vtp
Enable/Disable BPDU tunnel for VLAN trunk protocol (VTP).
udld
Enable/Disable BPDU tunnel for uni-directional link direction
(UDLD).
all: Disables BPDU tunnel for all protocol packets.
Description
Use the bpdu-tunnel command to enable BPDU tunnel on a port, so that packets of the
specified protocol will be transparently transmitted through the BPDU tunnel on the
port.
Use the undo bpdu-tunnel command to disable BPDU tunnel on a port.
By default, BPDU tunnel is disabled on a port.
After you enable a port to transmit packets of a specified protocol type through the
BPDU tunnel, when the port receives such a packet, it will use the specified private
multicast MAC address to replace the original destination MAC address of the packet
before sending it. As a result, the packet will not be recognized as a protocol packet by
other devices in the operator network during transmission. In this way, transparent
transmission is implemented.
You can use the bpdu-tunnel tunnel-dmac command to change the destination MAC
addresses of protocol packets to a specified multicast MAC address.
Caution:
z If this command is enabled on a port for a specific protocol, the specific protocol
cannot be enabled on the port. For example, if you have configured the
bpdu-tunnel lacp command, the lacp enable command cannot be enabled on the
port.
z The commands configured for service provider’s devices at both ends of a BPDU
tunnel must be consistent. Otherwise, BPDU packets of the customer network
cannot be transparently transmitted properly.
Examples
# Enable BPDU tunnel for packets of LACP.
Command Manual – VLAN-VPN
H3C S3100-52P Ethernet Switch Chapter 3 BPDU Tunnel Configuration Commands
3-3
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] bpdu-tunnel lacp
3.1.2 bpdu-tunnel tunnel-dmac
Syntax
bpdu-tunnel tunnel-dmac mac-address
undo bpdu-tunnel tunnel-dmac
View
System view
Parameters
mac-address: Destination MAC address to be assigned to the protocol packets
transmitted along a BPDU tunnel. This argument must be a multicast MAC address.
Description
Use the bpdu-tunnel tunnel-dmac command to configure the destination MAC
address for protocol packets transmitted along a BPDU tunnel.
Use the undo bpdu-tunnel tunnel-dmac command to restore the default destination
MAC address.
By default, the destination MAC address for protocol packets transmitted along a BPDU
tunnel is 010f-e200-0003.
Caution:
z To prevent the devices in the service provider network from processing the tunnel
packets as other protocol packets, the MAC address for tunnel packets must be a
multicast address specially for BPDU tunnels in the service provider network.
z The destination MAC addresses configured at the two ends of a BPDU tunnel must
be the same; otherwise, the protocol packets cannot be transmitted and forwarded
normally.
Related commands: display bpdu-tunnel.
Command Manual – VLAN-VPN
H3C S3100-52P Ethernet Switch Chapter 3 BPDU Tunnel Configuration Commands
3-4
Examples
# Set the destination MAC address for protocol packets transmitted along BPDU
tunnels to 010f-e266-c3ab.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] bpdu-tunnel tunnel-dmac 010f-e266-c3ab
3.1.3 display bpdu-tunnel
Syntax
display bpdu-tunnel
View
Any view
Parameters
None
Description
Use the display bpdu-tunnel command to display the private multicast MAC address
configured for protocol packets transmitted along the BPDU tunnel(s).
Related commands: bpdu-tunnel tunnel-dmac.
Examples
# Display the private multicast MAC address configured for packets transmitted along
the BPDU tunnel(s).
<Sysname> display bpdu-tunnel
Tunnel packet's destination-mac-address: 010f-e2cd-0003
The above output information indicates that all the protocol packets transmitted along
the BPDU tunnel(s) use 010f-e2cd-0003 as their destination MAC addresses.
/