Huawei AR530 Series Configuration manual

Huawei AR530&AR550 Series Industrial Switch

Routers

V200R005C70

Configuration Guide - Ethernet

Switching

Issue

01

Date 2014-11-30

HUAWEI TECHNOLOGIES CO., LTD.

No part of this document may be reproduced or transmitted in any form or by any means without prior written

consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.

All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice

The purchased products, services and features are stipulated by the contract made between Huawei and the

customer. All or part of the products, services and features described in this document may not be within the

purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,

and recommendations in this document are provided "AS IS" without warranties, guarantees or representations

of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in the

preparation of this document to ensure accuracy of the contents, but all statements, information, and

recommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base

Bantian, Longgang

Shenzhen 518129

People's Republic of China

Website: http://enterprise.huawei.com

Issue 01 (2014-11-30) Huawei Proprietary and Confidential

i

About This Document

Intended Audience

This document describes how to configure the components for LAN services, including link

aggregation groups, VLANs, voice VLANs, MAC address tables, transparent bridging, as well

as GVRP, STP/RSTP, and MSTP protocols.

This document provides procedures and examples to illustrate the methods and application

scenarios for the service configurations.

This document is intended for:

l Data configuration engineers

l Commissioning engineers

l Network monitoring engineers

l System maintenance engineers

Symbol Conventions

The symbols that may be found in this document are defined as follows.

Symbol Description

Indicates an imminently hazardous situation

which, if not avoided, will result in death or

serious injury.

Indicates a potentially hazardous situation

which, if not avoided, could result in death or

serious injury.

Indicates a potentially hazardous situation

which, if not avoided, may result in minor or

moderate injury.

Huawei AR530&AR550 Series Industrial Switch Routers

Configuration Guide - Ethernet Switching About This Document

Issue 01 (2014-11-30) Huawei Proprietary and Confidential

ii

Symbol Description

Indicates a potentially hazardous situation

which, if not avoided, could result in

equipment damage, data loss, performance

deterioration, or unanticipated results.

NOTICE is used to address practices not

related to personal injury.

NOTE

Calls attention to important information, best

practices and tips.

NOTE is used to address information not

related to personal injury, equipment damage,

and environment deterioration.

Command Conventions

The command conventions that may be found in this document are defined as follows.

Convention Description

Boldface The keywords of a command line are in boldface.

Italic Command arguments are in italics.

[ ] Items (keywords or arguments) in brackets [ ] are optional.

{ x | y | ... } Optional items are grouped in braces and separated by

vertical bars. One item is selected.

[ x | y | ... ] Optional items are grouped in brackets and separated by

vertical bars. One item is selected or no item is selected.

{ x | y | ... }

*

Optional items are grouped in braces and separated by

vertical bars. A minimum of one item or a maximum of all

items can be selected.

[ x | y | ... ]

*

Optional items are grouped in brackets and separated by

vertical bars. Several items or no item can be selected.

&<1-n> The parameter before the & sign can be repeated 1 to n times.

# A line starting with the # sign is comments.

Interface Numbering Conventions

Interface numbers used in this manual are examples. In device configuration, use the existing

interface numbers on devices.

Huawei AR530&AR550 Series Industrial Switch Routers

Configuration Guide - Ethernet Switching

About This Document

Issue 01 (2014-11-30) Huawei Proprietary and Confidential

iii

Security Conventions

l Password setting

– When configuring a password, the cipher text is recommended. To ensure device

security, change the password periodically.

– When you configure a password in plain text that starts and ends with %@%@ (the

password can be decrypted by the device), the password is displayed in the same manner

as the configured one in the configuration file. Do not use this setting.

– When you configure a password in cipher text, different features cannot use the same

cipher-text password. For example, the cipher-text password set for the AAA feature

cannot be used for other features.

l Encryption algorithm

Currently, the device uses the following encryption algorithms: 3DES, AES, RSA, SHA1,

SHA2, and MD5. 3DES, RSA and AES are reversible, while SHA1, SHA2, and MD5 are

irreversible. The encryption algorithms DES/3DES/RSA (RSA-1024 or lower)/MD5 (in

digital signature scenarios and password encryption)/SHA1 (in digital signature scenarios)

have a low security, which may bring security risks. If protocols allowed, using more secure

encryption algorithms, such as AES/RSA (RSA-2048 or higher)/SHA2/HMAC-SHA2, is

recommended. The encryption algorithm depends on actual networking. The irreversible

encryption algorithm must be used for the administrator password, SHA2 is recommended.

l Personal data

Some personal data may be obtained or used during operation or fault location of your

purchased products, services, features, so you have an obligation to make privacy policies

and take measures according to the applicable law of the country to protect personal data.

l The terms mirrored port, port mirroring, traffic mirroring, and mirroing in this manual are

mentioned only to describe the product's function of communication error or failure

detection, and do not involve collection or processing of any personal information or

communication data of users.

Change History

Changes between document issues are cumulative. Therefore, the latest document version

contains all updates made to previous versions.

Changes in Issue 01 (2014-11-30)

Initial commercial release.

Huawei AR530&AR550 Series Industrial Switch Routers

Configuration Guide - Ethernet Switching

About This Document

Issue 01 (2014-11-30) Huawei Proprietary and Confidential

iv

Contents

About This Document.....................................................................................................................ii

1 MAC Address Table Configuration...........................................................................................1

1.1 Introduction to the MAC Address..................................................................................................................................2

1.2 Principles........................................................................................................................................................................2

1.2.1 MAC Address Table....................................................................................................................................................2

1.2.2 Disabling MAC Address Learning and Limiting the Number of MAC Addresses....................................................4

1.2.3 Port Security................................................................................................................................................................5

1.2.4 MAC Address Flapping...............................................................................................................................................5

1.3 Application Environment...............................................................................................................................................7

1.4 Configuration Task Summary........................................................................................................................................7

1.5 Default Configuration.....................................................................................................................................................9

1.6 Configuring the MAC Address Table............................................................................................................................9

1.6.1 Configuring the MAC Address Table.........................................................................................................................9

1.6.1.1 Configuring a Static MAC Address Entry..............................................................................................................10

1.6.1.2 Configuring a Blackhole MAC Address Entry.......................................................................................................10

1.6.1.3 Setting the Aging Time of Dynamic MAC Address Entries..................................................................................11

1.6.1.4 Disabling MAC Address Learning.........................................................................................................................11

1.6.1.5 Limiting the Number of Learned MAC Addresses................................................................................................12

1.6.1.6 Checking the Configuration....................................................................................................................................13

1.6.2 Configuring Port Security..........................................................................................................................................14

1.6.2.1 Configuring the Secure MAC Function on an Interface.........................................................................................14

1.6.2.2 Configuring the Sticky MAC Function on an Interface.........................................................................................16

1.6.2.3 Checking the Configuration....................................................................................................................................17

1.6.3 Configuring MAC Address Flapping Detection........................................................................................................17

1.6.4 Configuring the Router to Discard Packets with an All-0 MAC Address.................................................................18

1.7 Configuration Examples...............................................................................................................................................19

1.7.1 Example for Configuring the MAC Address Table...................................................................................................19

1.7.2 Example for Configuring Port Security.....................................................................................................................21

1.7.3 Example for Configuring MAC Address Limiting Rules on Interfaces....................................................................23

1.7.4 Example for Configuring a MAC Address Learning Rule in a VLAN.....................................................................24

1.8 Common Configuration Errors.....................................................................................................................................26

1.8.1 Correct MAC Address Entry Cannot Be Learned on the Device..............................................................................26

Huawei AR530&AR550 Series Industrial Switch Routers

Configuration Guide - Ethernet Switching

Contents

Issue 01 (2014-11-30) Huawei Proprietary and Confidential

v

1.9 Reference......................................................................................................................................................................29

2 Link Aggregation Configuration..............................................................................................30

2.1 Introduction to Link Aggregation.................................................................................................................................31

2.2 Principles......................................................................................................................................................................31

2.2.1 Concepts....................................................................................................................................................................31

2.2.2 Forwarding Principle.................................................................................................................................................33

2.2.3 Link Aggregation in Manual Load Balancing Mode.................................................................................................33

2.2.4 Link Aggregation in LACP Mode.............................................................................................................................33

2.2.5 Load Balancing Using Link Aggregation..................................................................................................................39

2.3 Application Environment.............................................................................................................................................39

2.3.1 Application of Eth-Trunk..........................................................................................................................................39

2.4 Configuration Task Summary......................................................................................................................................40

2.5 Default Settings............................................................................................................................................................41

2.6 Configuring Ethernet Link Aggregation.......................................................................................................................42

2.6.1 Configuring Link Aggregation in Manual Load Balancing Mode............................................................................42

2.6.1.1 Creating an Eth-Trunk............................................................................................................................................42

2.6.1.2 Setting the Manual Load Balancing Mode.............................................................................................................43

2.6.1.3 Adding Member Interfaces to an Eth-Trunk..........................................................................................................44

2.6.1.4 (Optional) Setting the Lower Threshold for the Number of Active Interfaces......................................................45

2.6.1.5 (Optional) Configuring a Load Balancing Mode...................................................................................................46

2.6.1.6 Checking the Configuration....................................................................................................................................47

2.6.2 Configuring Link Aggregation in LACP Mode........................................................................................................47

2.6.2.1 Creating an Eth-Trunk............................................................................................................................................47

2.6.2.2 Setting the LACP Mode.........................................................................................................................................48

2.6.2.3 Adding Member Interfaces to an Eth-Trunk..........................................................................................................49

2.6.2.4 (Optional) Setting the Upper and Lower Thresholds for the Number of Active Interfaces...................................51

2.6.2.5 (Optional) Configuring a Load Balancing Mode...................................................................................................52

2.6.2.6 (Optional) Setting the LACP System Priority........................................................................................................52

2.6.2.7 (Optional) Setting the LACP Interface Priority......................................................................................................53

2.6.2.8 (Optional) Configuring LACP Preemption............................................................................................................54

2.6.2.9 (Optional) Setting the Timeout Interval for Receiving LACPDUs........................................................................55

2.6.2.10 Checking the Configuration..................................................................................................................................56

2.6.3 Creating an Eth-Trunk Sub-interface.........................................................................................................................56

2.7 Maintaining Link Aggregation.....................................................................................................................................57

2.7.1 Clearing LACP Packet Statistics...............................................................................................................................57

2.7.2 Monitoring the LAG Operating.................................................................................................................................57

2.7.3 Using Ping to Monitor the Reachability of Layer 3 Eth-Trunk Member Interfaces.................................................58

2.8 Configuration Examples...............................................................................................................................................60

2.8.1 Example for Configuring Link Aggregation in Manual Load Balancing Mode.......................................................60

2.8.2 Example for Configuring Link Aggregation in LACP Mode....................................................................................62

2.8.3 Example for Configuring Layer 3 Link Aggregation................................................................................................66

Huawei AR530&AR550 Series Industrial Switch Routers

Configuration Guide - Ethernet Switching

Contents

Issue 01 (2014-11-30) Huawei Proprietary and Confidential

vi

2.9 Common Configuration Errors.....................................................................................................................................68

2.9.1 Traffic Is Unevenly Load Balanced Among Eth-Trunk Member Interfaces Because the Load Balancing Mode Is

Incorrect..............................................................................................................................................................................68

2.10 References..................................................................................................................................................................68

3 VLAN Configuration..................................................................................................................70

3.1 Introduction to VLAN..................................................................................................................................................71

3.2 Principles......................................................................................................................................................................72

3.2.1 Basic Concepts of VLAN..........................................................................................................................................72

3.2.2 VLAN Assignment....................................................................................................................................................76

3.2.3 Principle of VLAN Communication..........................................................................................................................76

3.2.4 VLAN Aggregation...................................................................................................................................................81

3.2.5 VLAN Damping........................................................................................................................................................88

3.2.6 VLAN Management..................................................................................................................................................88

3.3 Application Environment.............................................................................................................................................88

3.3.1 VLAN Assignment....................................................................................................................................................89

3.3.2 Inter-VLAN Communication....................................................................................................................................90

3.3.3 VLAN Aggregation...................................................................................................................................................91

3.4 Configuration Task Summary......................................................................................................................................92

3.5 Default Configuration...................................................................................................................................................93

3.6 Configuring VLAN.......................................................................................................................................................93

3.6.1 Assigning a LAN to VLANs.....................................................................................................................................93

3.6.2 Configuring Inter-VLAN Communication................................................................................................................95

3.6.2.1 Configuring VLANIF Interfaces for Inter-VLAN Communication.......................................................................96

3.6.2.2 Configuring Sub-Interfaces for Inter-VLAN Communication...............................................................................97

3.6.2.3 Checking the Configuration....................................................................................................................................98

3.6.3 Configuring VLAN Aggregation to Save IP Addresses............................................................................................98

3.6.3.1 Creating a Sub-VLAN............................................................................................................................................98

3.6.3.2 Creating a Super-VLAN.........................................................................................................................................99

3.6.3.3 Assigning an IP Address to the VLANIF Interface of a Super-VLAN................................................................100

3.6.3.4 (Optional) Configuring an IP Address Pool for a Sub-VLAN.............................................................................101

3.6.3.5 (Optional) Enabling Proxy ARP on the VLANIF Interface of a Super-VLAN...................................................101

3.6.3.6 Checking the Configuration..................................................................................................................................102

3.6.4 Configuring an mVLAN to Implement Integrated Management............................................................................102

3.7 Configuration Examples.............................................................................................................................................104

3.7.1 Example for Configuring Interface-based VLAN Assignment...............................................................................104

3.7.2 Example for Configuring Communication Between VLANs Using VLANIF Interfaces......................................106

3.7.3 Example for Configuring VLAN Damping.............................................................................................................108

3.7.4 Example for Configuring VLAN Aggregation........................................................................................................110

3.7.5 Example for Configuring Communication Across a Layer 3 Network Using VLANIF Interfaces........................113

3.8 Common Configuration Errors...................................................................................................................................116

3.8.1 User Terminals in the Same VLAN Cannot Ping Each Other.................................................................................117

Huawei AR530&AR550 Series Industrial Switch Routers

Configuration Guide - Ethernet Switching

Contents

Issue 01 (2014-11-30) Huawei Proprietary and Confidential

vii

3.8.2 VLANIF Interface Goes Down...............................................................................................................................119

3.9 References..................................................................................................................................................................119

4 QinQ Configuration..................................................................................................................121

4.1 Introduction to QinQ..................................................................................................................................................122

4.2 QinQ Principles..........................................................................................................................................................122

4.2.1 QinQ Fundamentals.................................................................................................................................................122

4.2.2 Basic QinQ..............................................................................................................................................................124

4.2.3 Selective QinQ.........................................................................................................................................................125

4.2.4 TPID........................................................................................................................................................................126

4.3 Application Environment...........................................................................................................................................127

4.4 Configuration Task Summary....................................................................................................................................129

4.5 Configuration Notes...................................................................................................................................................129

4.6 Configuring QinQ.......................................................................................................................................................130

4.6.1 Configuring QinQ Tunneling..................................................................................................................................130

4.6.1.1 Configuring Basic QinQ.......................................................................................................................................130

4.6.1.2 Configuring Selective QinQ.................................................................................................................................131

4.6.2 Configuring the TPID Value in an Outer VLAN Tag.............................................................................................133

4.7 Configuration Examples.............................................................................................................................................134

4.7.1 Example for Configuring Basic QinQ.....................................................................................................................134

4.7.2 Example for Configuring Selective QinQ...............................................................................................................137

4.8 References..................................................................................................................................................................141

5 GVRP Configuration................................................................................................................142

5.1 Introduction to GVRP.................................................................................................................................................143

5.2 Principles....................................................................................................................................................................144

5.2.1 Basic Concepts........................................................................................................................................................144

5.2.2 Packet Structure.......................................................................................................................................................147

5.2.3 Working Procedure..................................................................................................................................................148

5.3 Applications................................................................................................................................................................152

5.4 Default Configuration.................................................................................................................................................152

5.5 Configuring GVRP.....................................................................................................................................................153

5.5.1 Enabling GVRP.......................................................................................................................................................153

5.5.2 (Optional) Setting the Registration Mode for a GVRP Interface............................................................................154

5.5.3 (Optional) Setting the GARP Timers......................................................................................................................155

5.5.4 Checking the Configuration.....................................................................................................................................156

5.6 Maintaining GVRP.....................................................................................................................................................156

5.6.1 Clearing GVRP Statistics........................................................................................................................................156

5.7 Configuration Examples.............................................................................................................................................157

5.7.1 Example for Configuring GVRP.............................................................................................................................157

5.8 References..................................................................................................................................................................160

6 STP/RSTP Configuration.........................................................................................................161

Huawei AR530&AR550 Series Industrial Switch Routers

Configuration Guide - Ethernet Switching

Contents

Issue 01 (2014-11-30) Huawei Proprietary and Confidential

viii

6.1 Introduction to STP/RSTP..........................................................................................................................................162

6.2 Principles....................................................................................................................................................................163

6.2.1 Background..............................................................................................................................................................163

6.2.2 Basic Concepts........................................................................................................................................................164

6.2.3 BPDU Format..........................................................................................................................................................171

6.2.4 STP Topology Calculation......................................................................................................................................173

6.2.5 Improvements in RSTP...........................................................................................................................................180

6.2.6 RSTP Technology Details.......................................................................................................................................185

6.3 Application.................................................................................................................................................................187

6.4 Configuration Task Summary....................................................................................................................................188

6.5 Default Configuration.................................................................................................................................................189

6.6 Configuring STP/RSTP..............................................................................................................................................190

6.6.1 Configuring Basic STP/RSTP Functions................................................................................................................190

6.6.1.1 Configuring the STP/RSTP Mode........................................................................................................................190

6.6.1.2 (Optional) Configuring the Root Bridge and Secondary Root Bridge.................................................................190

6.6.1.3 (Optional) Setting a Priority for a Switching Device...........................................................................................191

6.6.1.4 (Optional) Setting a Path Cost for a Port..............................................................................................................192

6.6.1.5 (Optional) Setting a Priority for a Port.................................................................................................................193

6.6.1.6 Enabling STP/RSTP.............................................................................................................................................194

6.6.1.7 Checking the Configuration..................................................................................................................................195

6.6.2 Setting STP Parameters that Affect STP Convergence...........................................................................................195

6.6.2.1 Setting the STP Network Diameter......................................................................................................................195

6.6.2.2 Setting the STP Timeout Interval.........................................................................................................................196

6.6.2.3 Setting the STP Timers.........................................................................................................................................196

6.6.2.4 Setting the Maximum Number of Connections in an Eth-Trunk that Affects Spanning Tree Calculation..........198

6.6.2.5 Checking the Configuration..................................................................................................................................199

6.6.3 Setting RSTP Parameters that Affect RSTP Convergence......................................................................................199

6.6.3.1 Setting the RSTP Network Diameter....................................................................................................................199

6.6.3.2 Setting the RSTP Timeout Interval......................................................................................................................200

6.6.3.3 Setting RSTP Timers............................................................................................................................................201

6.6.3.4 Setting the Maximum Number of Connections in an Eth-Trunk that Affects Spanning Tree Calculation..........202

6.6.3.5 Setting the Link Type for a Port...........................................................................................................................203

6.6.3.6 Setting the Maximum Transmission Rate of an Interface....................................................................................204

6.6.3.7 Switching to the RSTP Mode...............................................................................................................................204

6.6.3.8 Configuring Edge Ports and BPDU Filter Ports...................................................................................................205

6.6.3.9 Checking the Configuration..................................................................................................................................207

6.6.4 Configuring RSTP Protection Functions.................................................................................................................207

6.6.4.1 Configuring BPDU Protection on a Switching Device........................................................................................207

6.6.4.2 Configuring TC Protection on a Switching Device..............................................................................................208

6.6.4.3 Configuring Root Protection on a Port.................................................................................................................208

6.6.4.4 Configuring Loop Protection on a Port................................................................................................................208

Huawei AR530&AR550 Series Industrial Switch Routers

Configuration Guide - Ethernet Switching

Contents

Issue 01 (2014-11-30) Huawei Proprietary and Confidential

ix

6.6.4.5 Checking the Configuration..................................................................................................................................209

6.6.5 Setting Parameters for Interoperation Between Huawei and Non-Huawei Devices...............................................209

6.7 Maintaining STP/RSTP..............................................................................................................................................211

6.7.1 Clearing STP/RSTP Statistics.................................................................................................................................211

6.7.2 Monitoring STP/RSTP Topology Change Statistics...............................................................................................211

6.8 Configuration Examples.............................................................................................................................................211

6.8.1 Example for Configuring Basic STP Functions......................................................................................................212

6.8.2 Example for Configuring Basic RSTP Functions....................................................................................................216

6.9 References..................................................................................................................................................................220

7 MSTP Configuration.................................................................................................................222

7.1 Introduction to MSTP.................................................................................................................................................223

7.2 MSTP Principles.........................................................................................................................................................224

7.2.1 MSTP Background..................................................................................................................................................224

7.2.2 Basic MSTP Concepts.............................................................................................................................................226

7.2.3 MST BPDUs............................................................................................................................................................233

7.2.4 MSTP Topology Calculation...................................................................................................................................237

7.2.5 MSTP Fast Convergence.........................................................................................................................................239

7.3 Application Environment...........................................................................................................................................240

7.4 Configuration Task Summary....................................................................................................................................241

7.5 Default Configuration.................................................................................................................................................242

7.6 Configuring MSTP.....................................................................................................................................................243

7.6.1 Configuring Basic MSTP Functions........................................................................................................................243

7.6.1.1 Configuring the MSTP Mode...............................................................................................................................244

7.6.1.2 Configuring and Activating an MST Region.......................................................................................................244

7.6.1.3 (Optional) Configuring the Root Bridge and Secondary Root Bridge.................................................................246

7.6.1.4 (Optional) Configuring a Priority for a Switching Device in an MSTI................................................................247

7.6.1.5 (Optional) Configuring a Path Cost of a Port in an MSTI....................................................................................248

7.6.1.6 (Optional) Configuring a Port Priority in an MSTI..............................................................................................249

7.6.1.7 Enabling MSTP....................................................................................................................................................249

7.6.1.8 Checking the Configuration..................................................................................................................................250

7.6.2 Configuring MSTP Parameters on an Interface......................................................................................................251

7.6.2.1 Setting the MSTP Network Diameter...................................................................................................................251

7.6.2.2 Setting the MSTP Timeout Interval......................................................................................................................252

7.6.2.3 Setting the Values of MSTP Timers.....................................................................................................................252

7.6.2.4 Setting the Maximum Number of Connections in an Eth-Trunk that Affects Spanning Tree Calculation..........253

7.6.2.5 Setting the Link Type of a Port............................................................................................................................255

7.6.2.6 Setting the Maximum Transmission Rate of an Interface....................................................................................255

7.6.2.7 Switching to the MSTP Mode..............................................................................................................................256

7.6.2.8 Configuring a Port as an Edge Port and BPDU Filter Port..................................................................................257

7.6.2.9 Setting the Maximum Number of Hops in an MST Region.................................................................................258

7.6.2.10 Checking the Configuration................................................................................................................................259

Huawei AR530&AR550 Series Industrial Switch Routers

Configuration Guide - Ethernet Switching

Contents

Issue 01 (2014-11-30) Huawei Proprietary and Confidential

x

7.6.3 Configuring MSTP Protection Functions................................................................................................................259

7.6.3.1 Configuring BPDU Protection on a Switching Device........................................................................................259

7.6.3.2 Configuring TC Protection on a Switching Device..............................................................................................260

7.6.3.3 Configuring Root Protection on an Interface.......................................................................................................261

7.6.3.4 Configuring Loop Protection on an Interface.......................................................................................................261

7.6.3.5 Checking the Configuration..................................................................................................................................262

7.6.4 Configuring MSTP Interoperability Between Huawei Devices and Non-Huawei Devices....................................262

7.6.4.1 Configuring a Proposal/Agreement Mechanism..................................................................................................262

7.6.4.2 Configuring the MSTP Protocol Packet Format on an Interface..........................................................................263

7.6.4.3 Enabling the Digest Snooping Function...............................................................................................................264

7.6.4.4 Checking the Configuration..................................................................................................................................265

7.7 Maintaining MSTP.....................................................................................................................................................265

7.7.1 Clearing MSTP Statistics.........................................................................................................................................265

7.7.2 Monitoring the Statistics on MSTP Topology Changes..........................................................................................265

7.8 Configuration Examples.............................................................................................................................................265

7.8.1 Example for Configuring Basic MSTP Functions...................................................................................................266

7.9 References..................................................................................................................................................................273

8 SEP Configuration.....................................................................................................................274

8.1 Introduction to SEP....................................................................................................................................................275

8.2 Principles....................................................................................................................................................................275

8.2.1 Principles of SEP.....................................................................................................................................................275

8.2.2 Basic Concepts of SEP............................................................................................................................................278

8.2.3 SEP Implementation Mechanisms...........................................................................................................................282

8.3 Applications................................................................................................................................................................294

8.3.1 Open-Ring Networking...........................................................................................................................................294

8.3.2 Closed-Ring Networking.........................................................................................................................................295

8.3.3 Multi-Ring Networking...........................................................................................................................................296

8.3.4 Hybrid SEP+MSTP Ring Networking....................................................................................................................297

8.3.5 SEP Multi-Instance..................................................................................................................................................298

8.4 Configuration Task Summary....................................................................................................................................299

8.5 Configuring SEP.........................................................................................................................................................300

8.5.1 Configuring Basic SEP Functions...........................................................................................................................300

8.5.1.1 Configuring a SEP Segment.................................................................................................................................301

8.5.1.2 Configuring a Control VLAN...............................................................................................................................301

8.5.1.3 Creating a Protected Instance...............................................................................................................................302

8.5.1.4 Adding a Layer 2 Interface to a SEP Segment and Configuring a Role for the Interface....................................303

8.5.1.5 Checking the Configuration..................................................................................................................................306

8.5.2 Specifying an Interface to Block.............................................................................................................................306

8.5.2.1 Setting an Interface Blocking Mode.....................................................................................................................306

8.5.2.2 Configuring the Preemption Mode.......................................................................................................................307

8.5.2.3 Checking the Configuration..................................................................................................................................309

Huawei AR530&AR550 Series Industrial Switch Routers

Configuration Guide - Ethernet Switching

Contents

Issue 01 (2014-11-30) Huawei Proprietary and Confidential

xi

8.5.3 Configuring SEP Multi-Instance.............................................................................................................................309

8.5.4 Configuring the Topology Change Notification Function......................................................................................311

8.5.4.1 Reporting Topology Changes in a Lower-Layer Network - SEP Topology Change Notification.......................311

8.5.4.2 Checking the Configuration..................................................................................................................................313

8.6 Maintaining SEP.........................................................................................................................................................313

8.6.1 Clearing SEP Statistics............................................................................................................................................313

8.7 Configuration Examples.............................................................................................................................................313

8.7.1 Example for Configuring SEP on a Closed Ring Network.....................................................................................313

8.7.2 Example for Configuring SEP on a Multi-Ring Network.......................................................................................319

8.7.3 Example for Configuring a Hybrid SEP+MSTP Ring Network.............................................................................330

8.7.4 Example for Configuring SEP Multi-Instance........................................................................................................338

9 Transparent Bridging Configuration.....................................................................................346

9.1 Introduction to Transparent Bridge............................................................................................................................347

9.2 Principles....................................................................................................................................................................347

9.2.1 Basic Principles of Transparent Bridging................................................................................................................347

9.2.2 Local Bridging.........................................................................................................................................................350

9.2.3 Remote Bridging......................................................................................................................................................351

9.2.4 Integrated Bridging and Routing.............................................................................................................................352

9.2.5 VLAN ID Transparent Transmission......................................................................................................................353

9.3 Applications................................................................................................................................................................354

9.4 Configuration Task Summary....................................................................................................................................359

9.5 Default Configuration.................................................................................................................................................359

9.6 Configuring Transparent Bridging.............................................................................................................................359

9.6.1 Configuring Local Bridging....................................................................................................................................360

9.6.1.1 Creating a Bridge Group.......................................................................................................................................360

9.6.1.2 Adding Local Interfaces to a Bridge Group.........................................................................................................360

9.6.1.3 (Optional) Disabling a Bridge Group from Bridging Specified Protocol Packets...............................................361

9.6.1.4 (Optional) Configuring a MAC Address Table for a Bridge Group....................................................................362

9.6.1.5 Checking the Configuration..................................................................................................................................363

9.6.2 Configuring Local Bridging Integrated with IP Routing.........................................................................................363

9.6.2.1 Creating a Bridge Group.......................................................................................................................................363

9.6.2.2 Adding Local Interfaces to a Bridge Group.........................................................................................................364

9.6.2.3 Enabling IP Routing for a Bridge Group..............................................................................................................365

9.6.2.4 (Optional) Disabling a Bridge Group from Bridging Specified Protocol Packets...............................................366

9.6.2.5 (Optional) Configuring a MAC Address Table for a Bridge Group....................................................................366

9.6.2.6 Checking the Configuration..................................................................................................................................367

9.6.3 Configuring Remote Bridging.................................................................................................................................368

9.6.3.1 Creating a Bridge Group.......................................................................................................................................368

9.6.3.2 Adding a LAN-side Interface to a Bridge Group.................................................................................................368

9.6.3.3 Adding a WAN-side Interface to a Bridge Group................................................................................................370

9.6.3.4 (Optional) Disabling a Bridge Group from Bridging Specified Protocol Packets...............................................370

Huawei AR530&AR550 Series Industrial Switch Routers

Configuration Guide - Ethernet Switching

Contents

Issue 01 (2014-11-30) Huawei Proprietary and Confidential

xii

9.6.3.5 (Optional) Configuring VLAN ID Transparent Transmission.............................................................................371

9.6.3.6 (Optional) Configuring a MAC Address Table for a Bridge Group....................................................................372

9.6.3.7 Checking the Configuration..................................................................................................................................373

9.6.4 Configuring Remote Bridging Integrated with IP Routing.....................................................................................373

9.6.4.1 Creating a Bridge Group.......................................................................................................................................373

9.6.4.2 Adding a LAN-side Interface to a Bridge Group.................................................................................................373

9.6.4.3 Adding a WAN-side Interface to a Bridge Group................................................................................................375

9.6.4.4 Enabling IP Routing for a Bridge Group..............................................................................................................376

9.6.4.5 (Optional) Disabling a Bridge Group from Bridging Specified Protocol Packets...............................................377

9.6.4.6 (Optional) Configuring a MAC Address Table for a Bridge Group....................................................................377

9.6.4.7 Checking the Configuration..................................................................................................................................378

9.7 Maintaining Transparent Bridging.............................................................................................................................378

9.7.1 Monitoring the Operation of Bridge Groups...........................................................................................................379

9.7.2 Clearing the Traffic Statistics of a Bridge Group....................................................................................................379

9.7.3 Clearing the Traffic Statistics on the Bridge-if Interface of a Bridge Group..........................................................380

9.8 Configuration Example...............................................................................................................................................380

9.8.1 Example for Configuring Local Bridging...............................................................................................................380

9.8.2 Example for Configuring Local Bridging with IP Routing.....................................................................................383

9.8.3 Example for Configuring Remote Bridging............................................................................................................385

9.8.4 Example for Configuring Remote Bridging with IP Routing..................................................................................387

9.8.5 Example for Configuring Remote Bridging with VLAN ID Transparent Transmission........................................391

Huawei AR530&AR550 Series Industrial Switch Routers

Configuration Guide - Ethernet Switching Contents

Issue 01 (2014-11-30) Huawei Proprietary and Confidential

xiii

1 MAC Address Table Configuration

About This Chapter

This chapter provides the basics for MAC address table, configuration procedure, and

configuration examples.

1.1 Introduction to the MAC Address

This section describes the concept of the MAC address.

1.2 Principles

This section describes principles of MAC address table.

1.3 Application Environment

This section describes the applicable environment of MAC address flapping.

1.4 Configuration Task Summary

This chapter describes the configuration task summary of MAC.

1.5 Default Configuration

This section describes the default configuration of a MAC address table.

1.6 Configuring the MAC Address Table

This section describes the MAC address table configuration.

1.7 Configuration Examples

This section provides several configuration examples of MAC address.

1.8 Common Configuration Errors

This section describes how to process common configuration errors in MAC address entries.

1.9 Reference

This section describes references of MAC address table.

Huawei AR530&AR550 Series Industrial Switch Routers

Configuration Guide - Ethernet Switching

1 MAC Address Table Configuration

Issue 01 (2014-11-30) Huawei Proprietary and Confidential

1

1.1 Introduction to the MAC Address

This section describes the concept of the MAC address.

A Media Access Control (MAC) address defines the location of a network device. A MAC

address consists of 48 bits and is displayed as a 12-digit hexadecimal number. Bits 0 to 23 are

assigned by the IETF and other institutions to identify vendors, and bits 24 to 47 are the unique

ID assigned by vendors to identify their network adapters.

MAC addresses fall into the following types:

l Physical MAC address: uniquely identifies a terminal on an Ethernet network and is the

globally unique hardware address.

l Broadcast MAC address: indicates all terminals on a LAN. The broadcast address is all 1s

(FF-FF-FF-FF-FF-FF).

l Multicast MAC address: indicates a group of terminals on a LAN. All the MAC addresses

with the eighth bit as 1 are multicast MAC addresses (for example, 01-00-00-00-00-00),

excluding the broadcast MAC address.

1.2 Principles

This section describes principles of MAC address table.

1.2.1 MAC Address Table

Each device maintains a MAC address table. A MAC address table records the MAC address,

VLAN ID and outbound interfaces learned from other devices. When forwarding a data frame,

the device searches the MAC table for the outbound interface according to the destination MAC

address and VLAN ID in the frame. This helps the device reduce broadcasting.

Packet Forwarding Based on the MAC Address Table

The device forwards packets based on the MAC address table in either of the following modes:

l Unicast mode: If the destination MAC address of a packet can be found in the MAC address

table, the device forwards the packet through the outbound interface specified in the

matching entry.

l Broadcast mode: If a packet is a broadcast or multicast packet or its destination MAC

address cannot be found in the MAC address table, the device broadcasts the packet to all

the interfaces in the VLAN except the inbound interface.

Categories of MAC Address Entries

The MAC address entry can be classified into the dynamic entry, the static entry and the

blackhole entry.

l The dynamic entry is created by learning the source MAC address. It has aging time.

l The static entry is set by users and is delivered to each SIC. It does not age.

Huawei AR530&AR550 Series Industrial Switch Routers

Configuration Guide - Ethernet Switching

1 MAC Address Table Configuration

Issue 01 (2014-11-30) Huawei Proprietary and Confidential

2

l The blackhole entry is used to discard the frame with the specified source MAC address or

destination MAC address. Users manually set the blackhole entries and send them to each

SIC. Blackhole entries have no aging time.

The dynamic entry will be lost after the system is reset or the interface board is hot swapped or

reset. The static entry and the blackhole entry, however, will not be lost.

Generation of a MAC address entry

MAC address entries are generated automatically or configured manually.

l Automatically Generated MAC Address Entries

MAC address entries are learned by the system automatically. For example, RouterA and

RouterB are connected. When RouterB sends a frame to RouterA, RouterA obtains the

source MAC address (the MAC address of RouterB) from the frame and adds the source

MAC address and the interface number to the MAC address table. When RouterA receives

a frame sent to RouterB again, RouterA can search the MAC address table to find the correct

outbound interface.

The entries in the MAC table will not be valid all the time. Each entry has its own lifetime.

If the entry has not been refreshed at the expiration of its lifetime, the device will delete

that entry from the MAC table. That lifetime is called aging time. If the entry is refreshed

before its lifetime expires, the device resets the aging time for it.

NOTE

The system do not generate MAC address entries when receiving multicast packets or broadcast

packets.

l Manually Configured MAC Address Entries

When creating MAC address entries by itself, the device cannot identify whether the

packets are from the legal users or the hackers. This threatens the network safety.

Hackers can fake the source MAC address in attack packets. The packet with a forged

address enters the device from the other port. Then the device learns a fault MAC table

entry. That is why the packets sent to the legal users are forwarded to the hackers.

For security, the network administrator can add static entries to the MAC table manually

to bind the user's device and the port of the device. In this way, the device can stop the

illegal users from stealing data.

By configuring blackhole MAC address entries, you can configure the specified user traffic

not to pass through a switch to prevent attacks from unauthorized users.

The priority of MAC entries set up by users is higher than that generated by the device

itself.

Aging Time of MAC Addresses

To adapt to the changes of networks, the MAC table needs to be updated constantly. The dynamic

entries automatically created in a MAC address table are not always valid. Each entry has a life

cycle. The entry that has never been updated till its life cycle ends will be deleted. This life cycle

is called aging time. If the entry is updated before its life cycle ends, the aging time of the entry

is recalculated.

Huawei AR530&AR550 Series Industrial Switch Routers

Configuration Guide - Ethernet Switching

1 MAC Address Table Configuration

Issue 01 (2014-11-30) Huawei Proprietary and Confidential

3

Figure 1-1 Aging of MAC addresses

Port3

Port1

Port2

MAC Address

Port

MAC1 Port1

MAC2 Port2

MAC3 Port3

VLANID

10

PC1

PC2

PC3

Swtich

MAC3 MAC1 VLAN10 Type Data

M

A

C

3

M

A

C

1

V

L

A

N

1

0

T

y

p

e

D

a

t

a

As shown in the preceding figure, the aging time of MAC addresses is set to T. At t

1

, packets

with the source MAC address 00e0-fc00-0001 and VLAN ID 1 reach an interface. Assume that

the interface is added to VLAN 1. If no entry with the MAC address as 00e0-fc00-0001 and the

VLAN ID as 1 exists in the MAC address table, the MAC address is added to the MAC address

table as a dynamic MAC address entry and the flag of the matching entry is set to 1.

The switch checks all learned dynamic MAC address entries at an interval of T. For example,

at t

2

, if the switch discovers that the flag of the matching dynamic MAC address entry with the

MAC address as 00e0-fc00-0001 and the VLAN ID as 1 is 1, the flag of the matching MAC

address entry is set to 0 and the MAC address entry is not deleted. If packets with the source

MAC address as 00e0-fc00-0001 and the VLAN ID as 1 enter the switch between t

2

and t

3

, the

flag of the matching MAC address entry is set to 1 again. If no packet with the source MAC

address as 00e0-fc00-0001 and the VLAN ID as 1 enters the switch between t

2

and t

3

, the flag

of the matching MAC address entry is always 0. At t

3

, after discovering that the flag of the

matching MAC address entry is 0, the switch assumes that the aging time of the MAC address

entry expires and deletes the MAC address entry.

As stated above, the minimum holdtime of a dynamic MAC address entry in the MAC address

table ranges from the aging time T to 2 T configured on the switch through automatic aging.

The aging time of MAC addresses is configurable. By setting the aging time of MAC addresses,

you can flexibly control the holdtime of learned dynamic MAC address entries in the MAC

address table.

1.2.2 Disabling MAC Address Learning and Limiting the Number

of MAC Addresses

The capacity of a MAC address table is limited. Therefore, when hackers forge a large quantity

of packets with different source MAC addresses and send the packets to a device, the MAC

address table of the device may reach its full capacity. When the MAC address table is full, the

device cannot learn source MAC addresses of valid packets.

A device limits the number of learned MAC addresses in one of the following modes:

Huawei AR530&AR550 Series Industrial Switch Routers

Configuration Guide - Ethernet Switching

1 MAC Address Table Configuration

Issue 01 (2014-11-30) Huawei Proprietary and Confidential

4

l Disabling MAC address learning on an interface or a VLAN

l Limiting the number of MAC addresses on an interface or a VLAN

After MAC address learning is disabled on an interface or a VLAN, no MAC address entry can

be learned on the interface or VLAN. The system deletes the previously learned dynamic MAC

entries after the aging time expires. You can also manually delete these entries.

You can limit the maximum number of dynamic MAC address entries on a specified VLAN or

interface. After the number of MAC address entries learned by the VLAN or interface reaches

the limit, no MAC address entry can be learned on the VLAN or interface until the previously

learned MAC address entries age out.

In most cases, attack packets sent by a hacker enter a switch through the same interface.

Therefore, you can set the limit on the number of MAC address entries or disable MAC address

learning on an interface to prevent attack packets from exhausting the MAC address table.

1.2.3 Port Security

Introduction to Port Security

The port security function changes MAC addresses learned on an interface into secure MAC

addresses (including dynamic secure MAC addresses and sticky MAC addresses). Only hosts

using secure MAC addresses or static MAC addresses can communicate with the device through

the interface. This function enhances device security.

Secure MAC Address Learning

Secure MAC addresses are classified into dynamic secure MAC addresses and sticky MAC

addresses:

l Dynamic secure MAC addresses: are learned on an interface where port security is enabled

but the sticky MAC function is disabled. By default, secure dynamic MAC addresses will

never be aged out. After the switch restarts, secure dynamic MAC addresses are lost and

need to be learned again.

l Sticky MAC addresses: are learned on an interface where both port security and sticky

MAC function are enabled. Sticky MAC addresses will not be aged out. After you save the

configuration and restart the switch, sticky MAC addresses still exist.

Before port security is enabled on an interface, MAC address entries can be configured statically

or learned dynamically on the interface. After port security is enabled on an interface, dynamic

MAC address entries that have been learned on the interface are deleted and MAC address entries

learned subsequently turn into secure dynamic MAC address entries. Only packets with source

MAC addresses matching the secure dynamic MAC address entries or static MAC address

entries can pass through the interface. After the sticky MAC function is enabled on the interface,

existing secure dynamic MAC address entries and MAC address entries learned subsequently

on the interface turn into sticky MAC address entries. When the number of secure MAC

addresses reaches the limit, the switch stops learning MAC addresses on the interface and takes

a protection action on the interface or packets received.

1.2.4 MAC Address Flapping

MAC address flapping occurs when a MAC address is learned by two interfaces in the same

VLAN. The MAC address entry learned later replaces the earlier one. If a large number of MAC

Huawei AR530&AR550 Series Industrial Switch Routers

Configuration Guide - Ethernet Switching

1 MAC Address Table Configuration

Issue 01 (2014-11-30) Huawei Proprietary and Confidential

5

addresses flap in a short time on the network, MAC address flapping is caused by loops. When

a loop occurs and causes a broadcast storm, MAC address flapping occurs on each switch

affected by the broadcast storm. Therefore, MAC address flapping detection can be used to check

for loops on a network.

MAC Address Flapping Detection

The device can detect MAC address flapping. When MAC address flapping occurs, the device

can provide diagnosis information, including the flapping MAC address, interfaces between

which the MAC address flaps, and VLAN that the interfaces belong to. A loop may exist on the

interfaces between which the MAC address flaps. You will know how the loop is generated by

checking interfaces where MAC addresses are flapping.

Figure 1-2 MAC address flapping detection

SwitchA

Router

SwitchB SwitchC

Broadcast

storm

Network

Users

Port1

Port2

MAC:11-22-33

Data flow

Incorrect

connection

Access port

As shown in Figure 1-2, Switch B should not be connected to Switch C. When the two switches

are connected, Router, Switch B, and Switch C form a loop. When Port1 of Switch A receives

a broadcast packet, Switch A forwards the packet to Switch B. The packet is then sent to Port2

of Switch A. Switch A detects that the source MAC address of the packet flaps from Port1 to

Port2. If the MAC address flaps between the two ports frequently, Switch A considers that MAC

address flapping occurs.

NOTE

l MAC address flapping detection allows a router to detect changes in traffic based on learned MAC addresses,

but the router cannot obtain the entire network topology. It is recommended that this function be used on an

interface when the interface connects to a user network where loops may occur.

Huawei AR530&AR550 Series Industrial Switch Routers

Configuration Guide - Ethernet Switching

1 MAC Address Table Configuration

Issue 01 (2014-11-30) Huawei Proprietary and Confidential

6

Huawei AR530 Series, AR550 Series Configuration manual

Related papers

Other documents