H3C S5500-SI Series Operating instructions

H3C
Brand
H3C
Model
S5500-SI Series
Type
Operating instructions
Operation Manual – QinQ-BPDU TUNNEL
H3C S5500-SI Series Ethernet Switches Table of Contents
i
Table of Contents
Chapter 1 QinQ Configuration .....................................................................................................1-1
1.1 Introduction to QinQ...........................................................................................................1-1
1.1.1 Understanding QinQ ...............................................................................................1-1
1.1.2 Implementations of QinQ ........................................................................................1-2
1.1.3 Adjustable TPID Value of QinQ Frames.................................................................1-2
1.2 Configuring Basic QinQ.....................................................................................................1-3
1.3 Configuring Selective QinQ ...............................................................................................1-4
1.4 Configuring TPID to be Adjustable....................................................................................1-5
1.5 QinQ Configuration Example.............................................................................................1-5
1.6 QinQ-MSTP Cooperation Configuration Example.............................................................1-8
Chapter 2 BPDU Tunnel Configuration.......................................................................................2-1
2.1 Introduction to BPDU Tunnel.............................................................................................2-1
2.1.1 Problems in QinQ-Enabled Network.......................................................................2-1
2.1.2 Why BPDTU Tunnel................................................................................................2-1
2.2 Configuring BPDU Tunnel .................................................................................................2-2
2.2.1 Configuration Prerequisites.....................................................................................2-2
2.2.2 Configuring BPDU Tunnel.......................................................................................2-3
2.3 BPDU Tunnel Configuration Example...............................................................................2-4
Operation Manual – QinQ-BPDU TUNNEL
H3C S5500-SI Series Ethernet Switches Chapter 1 QinQ Configuration
1-1
Chapter 1 QinQ Configuration
1.1 Introduction to QinQ
1.1.1 Understanding QinQ
In the VLAN tag field defined in IEEE 802.1Q, only 12 bits are used for VLAN IDs, so a
device can support a maximum of 4,094 VLANs. In actual applications, however, a
large number of VLAN are required to isolate users, especially in metropolitan area
networks (MANs), and 4,094 VLANs are far from satisfying such requirements.
The port QinQ feature provided by the device enables the encapsulation of double
VLAN tags within an Ethernet frame, with the inner VLAN tag being the customer
network VLAN tag while the outer one being the VLAN tag assigned by the service
provider to the customer. The devices of the service provider forward frames based on
the outer VLAN tag and add the source MAC addresses to the MAC address table of
the VLANs corresponding to the outer VLAN tags. However, the customer network
VLAN tag is shielded during data transmission.
Figure 1-1 shows the structure of 802.1Q-tagged and double-tagged Ethernet frames.
The QinQ feature enables a device to support up to 4,094 x 4,094 VLANs to satisfy the
requirement for the amount of VLANs in the MAN.
DA
(6B)
Etype
(2B)
SA
(6B)
User VLAN tag
(2B)
Data FCS
(4B)
Len/Etype
DA
(6B)
ETYPE
(2B)
SA
(6B)
Nested VLAN TAG
(2B)
Dat aLEN/ ETYPE
(2B)
F CS
(4B)
User VLAN TAG
(2B)
ETYPE
(2B)
Inner VLAN
TAG
Outer VLAN
TAG by Q-in-Q
Single-tag
frame struc
(2B) (0 to 1500B)
(0 to 1500B)
ged
ture
Double-tagged
frame structure
Figure 1-1 802.1Q-tagged frame structure vs. double-tagged Ethernet frame structure
Advantages of QinQ:
z Addresses the shortage of public VLAN ID resource
z Enables customers to plan their own VLAN IDs, with running into conflicts with
public network VLAN IDs.
z Provides a simple Layer 2 VPN solution for small-sized MANs or intranets.
Operation Manual – QinQ-BPDU TUNNEL
H3C S5500-SI Series Ethernet Switches Chapter 1 QinQ Configuration
1-2
Note:
The QinQ feature requires configurations only on the service provider network, and not
on the customer network.
1.1.2 Implementations of QinQ
There are two types of QinQ implementations: basic QinQ and selective QinQ.
1) Basic QinQ
Basic QinQ is a port-based feature, which is implemented through VLAN VPN.
With the VLAN VPN feature enabled on a port, when a frame arrives at the port, the port
will tag it with the port’s default VLAN tag, regardless of whether the frame is tagged or
untagged. If the received frame is already tagged, this frame becomes a double-tagged
frame; if it is an untagged frame, it is tagged with the port’s default VLAN tag.
2) Selective QinQ
z Selective QinQ is more flexible and is implemented based on both VLAN tag and
port. In addition to all the functions of basic QinQ, selective QinQ can take different
actions based on the VLAN tags carried by received frames, including to tag
received frames with different outer VLAN tags based on the inner VLAN tags.
Note:
For an S5500-SI switch with both basic QinQ function and selective QinQ function
enabled, packets received are processed according to the settings of selective QinQ
first. Those that do not match selective QinQ settings are tagged with outer VLAN tags
according to the basic QinQ settings.
1.1.3 Adjustable TPID Value of QinQ Frames
A VLAN tag uses the tag protocol identifier (TPID) field to identify the protocol type of
the tag. The value of this field, as defined in IEEE 802.1Q, is 0x8100.
Figure 1-2 shows the structure of an Ethernet frame defined in IEEE802.1Q.
Operation Manual – QinQ-BPDU TUNNEL
H3C S5500-SI Series Ethernet Switches Chapter 1 QinQ Configuration
1-3
DA SA Tag Frame Load
6 bytes 6 bytes 4 bytes 46 ~1500 bytes
FCS
4 bytes
TPID User Priority CFI VLAN ID
2 bytes 3 bits 1bit 12 bits
DA SA Tag Frame Load FCS
4 bytes
TPID User Priority CFI VLAN ID
2 bytes 3 bits 1bit 12 bits
DA SA Tag Frame Load
6 bytes 6 bytes 4 bytes 46 ~1500 bytes
FCS
4 bytes
TPID User Priority CFI VLAN ID
2 bytes 3 bits 1bit 12 bits
DA SA Tag Frame Load FCS
4 bytes
TPID User Priority CFI VLAN ID
2 bytes 3 bits 1bit 12 bits
Figure 1-2 Tag structure of an Ethernet frame
On devices of different vendors, the TPID field of the outer VLAN tag of QinQ frames
may have different default values. You can set and/or modify this TPID value.
Normally, a frame with the TPID field being 0x8100 is regarded carrying a VLAN tag
with it and is processed in the preset way when it reaches a switch. Those with their
TPID not being 0x8100 are regarded carrying no VLAN tag.
After you configure the TPID value to be adjustable, the switch replaces the TPID value
in the outer VLAN tag of a received frame with the customer-defined value before
forwarding the frame, so that the frame, when arriving at the public network, is of
specific protocol type. This enables a switch to communicate with devices of other
vendors.
1.2 Configuring Basic QinQ
Follow these steps to configure basic QinQ:
To do... Use the command... Remarks
Enter system view
system-view
Enter
Ethernet
port view
interface interface-type
interface-number
Enter
Etherne
t port
view or
port
group
view
Enter port
group
view
port-group { manual
port-group-name | aggregation
agg-id }
Use either command
Configured in Ethernet
port view, the setting is
effective on the current
port only; configured in
port group view, the
setting is effective on all
ports in the port group
Enable QinQ for the
Ethernet port
qinq enable
Required
Disabled by default.
Operation Manual – QinQ-BPDU TUNNEL
H3C S5500-SI Series Ethernet Switches Chapter 1 QinQ Configuration
1-4
1.3 Configuring Selective QinQ
The outer VLAN tag inserted by the basic QinQ feature is the VLAN tag corresponding
to the port’s default VLAN ID, while the selective QinQ feature can add different VLAN
tags according to the inner VLAN tags carried in received frames.
Frames that do not match tag mapping rules defined for the selective QinQ function are
tagged with the default outer VLAN tag of the port they reach if the basic QinQ function
is enabled. However, if the basic QinQ function is not enabled, the packets will be
dropped.
Follow these steps to configure the selective QinQ function
To do... Use the command... Remarks
Enter system view
system-view
Enter
Ethernet
port view
interface interface-type
interface-number
Enter
Ethernet port
view or port
group view
Enter port
group view
port-group { manual
port-group-name |
aggregation agg-id }
Use either command
Configured in Ethernet
port view, the setting is
effective on the current
port only; configured in
port group view, the
setting is effective on all
ports in the port group
Configure the outer VLAN
tag to be added to received
frames and enter QinQ
view
qinq vid vlan-id
Required
By default, no outer VLAN
tag is specified.
Specify the VLANs whose
frames are to be tagged
with the outer VLAN tag
raw-vlan-id inbound
{ all | vlan-id-list }
Required
By default, a frame is not
tagged with an outer
VLAN tag no matter which
VLAN it belongs to.
Caution:
z Selective QinQ can be configured on access ports/trunk ports/hybrid ports
connecting customer networks to service provider networks.
z An inner VLAN tag corresponds to only one outer VLAN tag. To change an outer
VLAN tag, you must remove it first and then reconfigure one.
z When you use the qing vid command to configure selective QinQ, the configuration
to remove tags of the packets on the outgoing port of the local switch or the
configuration to permit the packets with tags on the corresponding ports of the other
switches is required.
Operation Manual – QinQ-BPDU TUNNEL
H3C S5500-SI Series Ethernet Switches Chapter 1 QinQ Configuration
1-5
1.4 Configuring TPID to be Adjustable
Follow these steps to configure TPID to be adjustable:
To do... Use the command... Remarks
Enter system view
system-view
-
Configure a global
QinQ TPID
qinq ethernet-type
hex-value
Optional
0x8100 by default
Note:
Enable the TPID adjustable function in service provider networks only.
1.5 QinQ Configuration Example
I. Network requirements
z Provider 1 and Provider 2 service provider network access devices.
z Customer 1, Customer 2 and Customer 3 are customer network access devices.
z Provider 1 and Provider 2 are interconnected through trunk ports. Frames of VLAN
1000 and VLAN 2000 in the service provider network are permitted.
z Customer 1 can send frames of VLAN 10 and VLAN 20. It is required that frames
of VLAN 10 can be exchanged between Customer 1 and Customer 2, and those of
VLAN 20 can be exchanged between Customer 1 and Customer 3.
z QinQ is enabled for GigabitEthernet1/0/2 of Provider 1 and GigabitEthernet1/0/3
of Provider 2. The QinQ TPID of the both is 0x8200.
Operation Manual – QinQ-BPDU TUNNEL
H3C S5500-SI Series Ethernet Switches Chapter 1 QinQ Configuration
1-6
II. Network diagram
1/0/2
1/0/3
Customer 1
Customer
Provider 1
3
Provider 2
GigabitEthernet
1/0/2
GigabitEthernet
1/0/3
Customer 1
Customer
Provider 1
3
Provider 2
Customer 2
VLAN 20VLAN 10
VLAN 10
VLAN20
Trunk
GigabitEthernet
1/0/1
1/0/4
GigabitEthernet
1/0/
1/
Gig
1/
0/5
abitEthernet
0/
1/0/2
1/0/3
Customer 1
Customer
Provider 1
3
Provider 2
GigabitEthernet
1/0/2
GigabitEthernet
1/0/3
Customer 1
Customer
Provider 1
3
Provider 2
Customer 2
VLAN 20VLAN 10
VLAN 10
VLAN20
Trunk
GigabitEthernet
1/0/1
1/0/4
GigabitEthernet
1/0/
1/
Gig
1/
0/5
abitEthernet
0/
Figure 1-3 Network diagram for QinQ configuration
III. Configuration procedure
Note:
With this configuration, the user must allow the QinQ packets to pass between the
devices of the service providers.
1) Configuration on Provider 1
Enter system view
<Sysname> system-view
# Configure GigabitEthernet1/0/1 as a hybrid port, and permit frames of VLAN 1000
and VLAN 2000 to pass without outer VLAN tags.
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] port link-type hybrid
[Sysname-GigabitEthernet1/0/1] port hybrid vlan 1000 2000 untagged
# Tag the frames of VLAN 10 with the tag of VLAN 1000 as the outer tags.
[Sysname-GigabitEthernet1/0/1] qinq vid 1000
[Sysname-GigabitEthernet1/0/1-vid-1000] raw-vlan-id inbound 10
[Sysname-GigabitEthernet1/0/1-vid-1000] quit
# Tag the frames of VLAN 20 with the tag VLAN 2000 as the outer tags.
[Sysname-GigabitEthernet1/0/1] qinq vid 2000
[Sysname-GigabitEthernet1/0/1-vid-2000] raw-vlan-id inbound 20
Operation Manual – QinQ-BPDU TUNNEL
H3C S5500-SI Series Ethernet Switches Chapter 1 QinQ Configuration
1-7
[Sysname-GigabitEthernet1/0/1-vid-2000] quit
[Sysname-GigabitEthernet1/0/1] quit
# Configure GigabitEthernet 1/0/2 as a trunk port, and permit frames of VLAN 1000 and
VLAN 2000 to pass.
[Sysname] interface GigabitEthernet 1/0/2
[Sysname-GigabitEthernet1/0/2] port link-type trunk
[Sysname-GigabitEthernet1/0/2] port trunk permit vlan 1000 2000
[Sysname-GigabitEthernet1/0/2] quit
# Set the global QinQ TPID to 0x8200.
[Sysname] qinq ethernet-type 8200
# Configure GigabitEthernet1/0/4 as a hybrid port, and configure the port to send
packets of VLAN 1000 without outer VLAN tags.
[Sysname] interface GigabitEthernet 1/0/4
[Sysname-GigabitEthernet1/0/4] port link hybrid
[Sysname-GigabitEthernet1/0/4] port hybrid vlan 1000 untagged
# Tag frames of VLAN 10 with the VLAN tag of VLAN 1000 as the outer tags.
[Sysname-GigabitEthernet1/0/4] qinq vid 1000
[Sysname-GigabitEthernet1/0/4-vid-1000] raw-vlan-id inbound 10
[Sysname-GigabitEthernet1/0/4-vid-1000] quit
2) Configuration on Provider 2
# Configure GigabitEthernet 1/0/3 as a trunk port, and permit frames of VLAN 1000 and
VLAN 2000 to pass.
<Sysname> system-view
[Sysname] interface GigabitEthernet 1/0/3
[Sysname-GigabitEthernet1/0/3] port link-type trunk
[Sysname-GigabitEthernet1/0/3] port trunk permit vlan 1000 2000
[Sysname-GigabitEthernet1/0/3] quit
# Set the global QinQ TPID to 0x8200.
[Sysname] qinq ethernet-type 8200
# Configure GigabitEthernet1/0/5 as a hybrid port, and configure the port to send
packets of VLAN 2000 without outer VLAN tags.
[Sysname] interface GigabitEthernet 1/0/5
[Sysname-GigabitEthernet1/0/5] port link hybrid
[Sysname-GigabitEthernet1/0/5] port hybrid vlan 2000 untagged
# Tag frames of VLAN 20 with the VLAN tag of VLAN 2000 as the outer tags.
[Sysname-GigabitEthernet1/0/4] qinq vid 2000
[Sysname-GigabitEthernet1/0/4-vid-2000] raw-vlan-id inbound 20
[Sysname-GigabitEthernet1/0/4-vid-2000] quit
Operation Manual – QinQ-BPDU TUNNEL
H3C S5500-SI Series Ethernet Switches Chapter 1 QinQ Configuration
1-8
After the above configuration, frames from VLAN 10 and VLAN 20 on Customer 1 are
double-tagged when transmitted by the trunk ports of Provider 1 and Provider 2:
z Frames from VLAN 10 are transmitted with the tag of VLAN 1000 as the outer tag,
and the TPID carried in the outer tag being 0x8200.
z Frames from VLAN 20 are transmitted with the tag of VLAN 2000 as the outer tags
and the TPID carried in the outer tag being 0x8200.
1.6 QinQ-MSTP Cooperation Configuration Example
I. Network requirements
Configure MSTP so that packets of different VLANs are forwarded along different
spanning trees. Configurations concerning MSTP are as follows:
z All the devices in the network belong to the same MST region.
z Packets of VLAN 10 are forwarded along MST instance 1, those of VLAN 30 are
forwarded along MST instance 3, those of VLAN 40 are forwarded along MST
instance 4, and those of VLAN 20 are forwarded along MST instance 0.
z Switch A and Switch B operate on the convergence layer, while Switch C and
Switch D operate on access layer. VLAN 10 and VLAN 30 are terminated on the
convergence layer devices, and VLAN 40 is terminated on the access layer
devices. So the root bridges of MST instance 1 and MST instance 3 are Switch A
and Switch B, and that of MST instance 4 is Switch C.
The specific QinQ configuration requirements are as follows:
z QinQ is enabled on GigabitEthernet1/0/4 of Switch C. The port belongs to VLAN
10 and VLAN 20. This port tags packets from VLAN 10 with outer VLAN tag of
VLAN 1000 and packets from VLAN 20 with outer VLAN tag of VLAN 2000.
z Outer VLAN tags of VLAN 1000 and VLAN 2000 are removed on
GigabitEthernet1/0/2.
II. Network diagram
Switch A
Switch C
Permit :
VLAN 10, 20
Permit :
VLAN 20, 30
Pe
VL
Permit :all VLAN
Permit :VLAN 20, 40
Switch B
Switch D
rmit :
AN 20, 30
Switch C
Permit :
VLAN 10, 20
Permit :
VLAN 20, 30
Pe
VL
Permit :all VLAN
Permit :VLAN 20, 40
G
i
g
a
b
i
t
E
t
h
e
r
n
e
t
1
/
0
/
2
GigabitEthernet1/0/4
Switch B
Switch D
rmit :
AN 20, 30
Switch A
Switch C
Permit :
VLAN 10, 20
Permit :
VLAN 20, 30
Pe
VL
Permit :all VLAN
Permit :VLAN 20, 40
Switch B
Switch D
rmit :
AN 20, 30
Switch C
Permit :
VLAN 10, 20
Permit :
VLAN 20, 30
Pe
VL
Permit :all VLAN
Permit :VLAN 20, 40
Switch B
Switch D
rmit :
AN 20, 30
Switch A
Switch C
Permit :
VLAN 10, 20
Permit :
VLAN 20, 30
Pe
VL
Permit :all VLAN
Permit :VLAN 20, 40
Switch B
Switch D
rmit :
AN 20, 30
Switch C
Permit :
VLAN 10, 20
Permit :
VLAN 20, 30
Pe
VL
Permit :all VLAN
Permit :VLAN 20, 40
G
i
g
a
b
i
t
E
t
h
e
r
n
e
t
1
/
0
/
2
GigabitEthernet1/0/4
Switch B
Switch D
rmit :
AN 20, 30
n
Figure 1-4 Network diagram for QinQ-MSTP cooperation configuratio
Operation Manual – QinQ-BPDU TUNNEL
H3C S5500-SI Series Ethernet Switches Chapter 1 QinQ Configuration
1-9
Note:
“Permit:” beside each link in the above figure is followed by the VLANs whose packets
are permitted to pass the link.
III. Configuration procedure
1) Configuration on Switch C
# Configure an MST region.
<Sysname> system-view
[Sysname] stp region-configuration
[Sysname-mst-region] region-name example
[Sysname-mst-region] instance 1 vlan 10
[Sysname-mst-region] instance 3 vlan 30
[Sysname-mst-region] instance 4 vlan 40
[Sysname-mst-region] revision-level 0
# Activate MST region configuration manually.
[Sysname-mst-region] active region-configuration
# Configure Switch C as the root bridge of MST instance 4.
[Sysname] stp instance 4 root primary
# Display the configuration of currently effective MST regions.
[Sysname] display stp region-configuration
Oper configuration
Format selector :0
Region name :example
Revision level :0
Instance Vlans Mapped
0 1 to 9, 11 to 29, 31 to 39, 41 to 4094
1 10
3 30
4 40
2) Configure QinQ for GigabitEthernet1/0/2 of Switch C
# Enter system view to create the corresponding VLANs.
<Sysname> system-view
[Sysname] vlan 10
[Sysname-vlan10] quit
[Sysname] vlan 20
[Sysname-vlan20] quit
Operation Manual – QinQ-BPDU TUNNEL
H3C S5500-SI Series Ethernet Switches Chapter 1 QinQ Configuration
1-10
# Enter Ethernet port view of GigabitEthernet1/0/4 to perform related configuration.
[Sysname] interface GigabitEthernet1/0/4
[Sysname-GigabitEthernet1/0/4] port link-type trunk
[Sysname-GigabitEthernet1/0/4] port trunk permit vlan 10 20 1000 2000
# Tag packets from VLAN 10 with the outer VLAN tag of VLAN 1000.
[Sysname-GigabitEthernet1/0/4] qinq vid 1000
[Sysname-GigabitEthernet1/0/4-vid-1000] raw-vlan-id inbound 10
[Sysname-GigabitEthernet1/0/4-vid-1000] quit
# Tag packets from VLAN 20 with the outer VLAN tag of VLAN 2000.
[Sysname-GigabitEthernet1/0/4] qinq vid 2000
[Sysname-GigabitEthernet1/0/4-vid-2000] raw-vlan-id inbound 20
[Sysname-GigabitEthernet1/0/4-vid-2000] quit
[Sysname-GigabitEthernet1/0/4] quit
# Configure GigabitEthernet1/0/2 as a hybrid port, and configure to remove outer VLAN
tags of VLAN 1000 and VLAN 2000.
[Sysname] interface GigabitEthernet1/0/2
[Sysname-GigabitEthernet1/0/2] port link-type hybrid
[Sysname-GigabitEthernet1/0/2] port hybrid vlan 1000 2000 untagged
Caution:
z When using the qing vid command to configure selective QinQ, you need to
remove tags of the packets on the outgoing port of the local switch or configure to
permit the packets with tags on the corresponding ports of the other switches.
z In this example, the tags of packets are removed on the outgoing port.
Operation Manual – QinQ-BPDU TUNNEL
H3C S5500-SI Series Ethernet Switches Chapter 2
BPDU Tunnel Configuration
2-1
Chapter 2 BPDU Tunnel Configuration
2.1 Introduction to BPDU Tunnel
2.1.1 Problems in QinQ-Enabled Network
In a QinQ implementation, as the service provider network is transparent to customer
networks, any redundant links between the two bring about loops. To solve this problem,
the service provider network need to be capable of transmitting STP/RSTP/MSTP
packets transparently, through which spanning trees of customer networks can be
established cross the service provider network and loops can thus be eliminated.
STP/RSTP/MSTP identifies the network topology by transmitting bridge protocol data
units (BPDUs) between network devices. For the purpose of transmitting BPDUs
transparently in service provider networks, the following requirements must be
satisfied:
z All branches in a customer network can receive their own BPDUs.
z BPDUs of different customer networks must be isolated from each other.
The above mentioned can be achieved in the following ways.
z When a port receives a BPDU, tag it with the VLAN tag assigned to the customer
by the service provider. Thus, the BPDU can be forwarded as a normal packet in
the service provider network.
z To prevent a BPDU from being processed by devices in the service provider
network, assign a specific multicast MAC address to the tagged BPDU as the
destination MAC address. At the same time, tag the BPDU with the VLAN tag of
the service provider network. Thus, BPDUs can be forwarded in VLANs of the
service provider network; on the other hand, a BPDU traveling alone a BPDU
tunnel can be identified by the specific multicast MAC address. When the BPDU
leaves the service provider network, its outer VLAN tag is removed and its
destination MAC address is restored to the original destination MAC address of
the BPDU.
2.1.2 Why BPDTU Tunnel
BPDU tunnel enables customer networks to exchange BPDUs transparently through
QinQ-enabled devices in service provider networks.
After you enable STP BPDUs to be transparently transmitted in service provider
networks, uniform STP calculation can be performed in different customer networks,
and the spanning trees of customer networks and those in service provider networks
are independent of each other.
Operation Manual – QinQ-BPDU TUNNEL
H3C S5500-SI Series Ethernet Switches Chapter 2
BPDU Tunnel Configuration
2-2
As shown in Figure 2-1, the upper part is the service provider network, and the lower
part represents customer networks. The service provider network comprises BPDU
input/output devices. Network A and network B are customer networks. By enabling the
BPDU tunnel function on the BPDU input/output devices in the service provider
network, you can have BPDUs of customer networks transparently transmitted in the
service provider network.
Network B
Network A
Network
Customer networks
Network A
Network BNetwork B
Network A
Network
BPDU input/output
device
Service provider network
BPDU input/output
device
l
Figure 2-1 Network hierarchy of BPDU tunne
In this case, BPDUs are processed in the following way in the service provider network.
z At the BPDU input side, a BPDU is tagged with the VLAN tag assigned to the
customer network by the service provider, and the destination MAC address of the
BPDU is changed to a multicast MAC address.
Figure 2-2 shows the format of a
BPDU traveling in a service provider network.
Figure 2-2 Format of a BPDU packet traveling in a service provider network
z At the packet output side, BPDUs with the specific multicast MAC addresses are
sent to the customer networks after they are passed to the CPU for being
processed and are restored to the original ones.
2.2 Configuring BPDU Tunnel
2.2.1 Configuration Prerequisites
MSTP is enabled on the devices.
Operation Manual – QinQ-BPDU TUNNEL
H3C S5500-SI Series Ethernet Switches Chapter 2
BPDU Tunnel Configuration
2-3
2.2.2 Configuring BPDU Tunnel
Perform the following tasks to configure BPDU tunnel:
To do... Use the command... Remarks
Enter system view
system-view
Enable BPDU tunnel
globally
bpdu-tunnel dot1q
enable
Optional
Enabled by default
BPDU tunnel is available to
a port only when it is
enabled globally.
Enter
Ethernet
port view
interface interface-type
interface-number
Enter
Ethernet
port view
or port
group
view
Enter port
group view
port-group { manual
port-group-name |
aggregation agg-id }
Use either command
Configuration performed in
Ethernet port view applies to
the current port only.
Configuration performed in
port group view applies to all
the ports in the port group.
Enable BPDU tunnel
for the Ethernet port
bpdu-tunnel dot1q
enable
Required
Disabled by default
When BPDU tunnel is
enabled, BPDUs of the
service provider network are
isolated from those of the
customer networks.
Disable STP for the
Ethernet port
stp disable
Required
Enabled by default
Before enabling STP BDPU
tunnel for an Ethernet port,
you need to disable STP for
the port.
Enable STP BPDU
tunnel for the Ethernet
port
bpdu-tunnel dot1q stp
Required
By configuring this
command on the port with
BPDU tunnel enabled, STP
BPDU tunnel is enabled for
the port.
Operation Manual – QinQ-BPDU TUNNEL
H3C S5500-SI Series Ethernet Switches Chapter 2
BPDU Tunnel Configuration
2-4
Note:
z For an Ethernet port, as STP is incompatible with STP BPDU tunnel, the two
features cannot be enabled at the same time. Before enabling STP BPDU tunnel for
a port, make sure STP is not enabled on the port.
z For an Ethernet port, as the BPDU tunnel feature is incompatible with GVRP, the
two features cannot be enabled at the same time. Before enabling BPDU tunnel for
a port, make sure GVRP is not enabled on the port.
z For an Ethernet port, as the BPDU tunnel feature is incompatible with NTDP, the
two features cannot be enabled at the same time. Before enabling BPDU tunnel for
a port, make sure NTDP is not enabled on the port (you can use the undo ntdp
enable command to disable NTDP). For information about NTDP, refer to the
Cluster part in this manual.
2.3 BPDU Tunnel Configuration Example
I. Network requirements
z Customer 1, Customer 2, Customer 3, and Customer 4 are access devices of
customer networks.
z Provider 1, Provider 2, and Provider 3 are access devices of the service provider
network, which are interconnected through trunk ports. They belong to VLAN 2 of
the service provider network.
z STP BPDU tunnel is enabled on GigabitEthernet1/0/4, GigabitEthernet1/0/3, and
GigabitEthernet1/0/5. STP packets from Customer 1, Customer 3 and Customer 4
can be transmitted transparently in the service provider network.
z BPDU tunnel is enabled on GigabitEthernet1/0/2 to isolate BPDUs of Customer 2
from those of the service provider network.
Operation Manual – QinQ-BPDU TUNNEL
H3C S5500-SI Series Ethernet Switches Chapter 2
BPDU Tunnel Configuration
2-5
II. Network diagram
Ethernet 1/0/ 4
Ethernet 1/0/3Ethernet
1/0/5
Customer1 Custome
Provider1
Ethernet 1/0 /2
r2
Provider2
Customer 3
Customer4
Provider 3
VLAN 2
VLAN 2VLAN 2
Trunk
Trunk
Trunk
Gigabit
Gigabit
Gigabit
Gi
gabit
Ethernet 1/0/ 4
Ethernet 1/0/3Ethernet
1/0/5
Customer1 Custome
Provider1
Ethernet 1/0 /2
r2
Provider2
Customer 3
Customer4
Provider 3
VLAN 2
VLAN 2VLAN 2
Trunk
Trunk
Trunk
Gigabit
Gigabit
Gigabit
Gi
gabit
Figure 2-3 Network diagram for BPDU tunnel configuration
III. Configuration procedure
1) Configuration on Provider 1
# Enable STP BPDU tunnel for GigabitEthernet 1/0/4.
<Sysname> system-view
[Sysname] interface GigabitEthernet 1/0/4
[Sysname-GigabitEthernet1/0/4] port access vlan 2
[Sysname-GigabitEthernet1/0/4] stp disable
[Sysname-GigabitEthernet1/0/4] bpdu-tunnel dot1q enable
[Sysname-GigabitEthernet1/0/4] bpdu-tunnel dot1q stp
2) Configuration on Provider 2
# Enable BPDU tunnel for GigabitEthernet 1/0/2.
<Sysname> system-view
[Sysname] interface GigabitEthernet 1/0/2
[Sysname-GigabitEthernet1/0/2] port access vlan 4
[Sysname-GigabitEthernet1/0/2] bpdu-tunnel dot1q enable
3) Configuration on Provider 3
# Enable STP BPDU tunnel for GigabitEthernet 1/0/3.
<Sysname> system-view
[Sysname] interface GigabitEthernet 1/0/3
[Sysname-GigabitEthernet1/0/3] port access vlan 2
[Sysname-GigabitEthernet1/0/3] stp disable
Operation Manual – QinQ-BPDU TUNNEL
H3C S5500-SI Series Ethernet Switches Chapter 2
BPDU Tunnel Configuration
2-6
[Sysname-GigabitEthernet1/0/3] bpdu-tunnel dot1q enable
[Sysname-GigabitEthernet1/0/3] bpdu-tunnel dot1q stp
[Sysname-GigabitEthernet1/0/3] quit
# Enable STP BPDU tunnel for GigabitEthernet 1/0/5.
[Sysname] interface GigabitEthernet 1/0/5
[Sysname-GigabitEthernet1/0/5] port access vlan 2
[Sysname-GigabitEthernet1/0/5] stp disable
[Sysname-GigabitEthernet1/0/5] bpdu-tunnel dot1q enable
[Sysname-GigabitEthernet1/0/5] bpdu-tunnel dot1q stp
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17

H3C S5500-SI Series Operating instructions

H3C
Brand
H3C
Model
S5500-SI Series
Type
Operating instructions
Download PDF
report

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI

Related papers

Other documents