Aruba JH101A Configuration Guide

HPE FlexFabric 5940 & 5930 Switch Series

Layer 2—LAN Switching Configuration Guide

P

art number: 5200-6370b

Software

version: Release 2702 and later

Document version: 6W101-20230412

The information contained herein is subject to change without notice. The only warranties for Hewlett Packard

Enterprise products and services are set forth in the express warranty statements accompanying such

products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett

Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or

copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software

Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s

standard commercial license.

Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard

Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise

website.

Acknowledgments

Intel®, Itanium®, Pentium®, Intel Inside®, and the Intel Inside logo are trademarks of Intel Corporation in the

United States and other countries.

Microsoft® and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the

United States and/or other countries.

Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.

Java and Oracle are registered trademarks of Oracle and/or its affiliates.

UNIX® is a registered trademark of The Open Group.

i

Contents

Configuring the MAC address table ······················································ 1

About the MAC address table ······································································································· 1

How a MAC address entry is created ······················································································· 1

Types of MAC address entries ······························································································· 1

MAC address table tasks at a glance ····························································································· 2

Configuring MAC address entries ·································································································· 3

About MAC address entry-based frame forwarding ····································································· 3

Restrictions and guidelines for MAC address entry configuration ··················································· 3

Prerequisites for MAC address entry configuration ····································································· 3

Adding or modifying a static or dynamic MAC address entry ························································· 4

Adding or modifying a blackhole MAC address entry ··································································· 4

Adding or modifying a multiport unicast MAC address entry ·························································· 4

Adding or modifying a multiport unicast MAC address entry for VXLAN ··········································· 6

Setting the aging timer for dynamic MAC address entries ··································································· 6

Disabling MAC address learning ··································································································· 7

About disabling MAC address learning ····················································································· 7

Disabling global MAC address learning ···················································································· 7

Disabling MAC address learning on an interface ········································································ 8

Disabling MAC address learning on a VLAN ·············································································· 8

Setting the MAC learning limit ······································································································· 8

Configuring the unknown frame forwarding rule after the MAC learning limit is reached ···························· 9

Assigning MAC learning priority to interfaces ··················································································· 9

Enabling MAC address synchronization ························································································ 10

Configuring MAC address move notifications and suppression ·························································· 12

Enabling ARP fast update for MAC address moves ········································································· 13

Disabling static source check ······································································································ 13

Enabling SNMP notifications for the MAC address table ··································································· 14

Display and maintenance commands for MAC address table ····························································· 15

MAC address table configuration examples ··················································································· 15

Example: Configuring the MAC address table ·········································································· 15

Configuring MAC Information ···························································· 17

About MAC Information ············································································································· 17

Enabling MAC Information ········································································································· 17

Configuring the MAC Information mode ························································································ 17

Setting the MAC change notification interval ·················································································· 18

Setting the MAC Information queue length ···················································································· 18

MAC Information configuration examples ······················································································ 19

Example: Configuring MAC Information ·················································································· 19

Bulk configuring interfaces ······························································· 21

About interface bulk configuration ································································································ 21

Restrictions and guidelines: Bulk interface configuration ··································································· 21

Procedure ······························································································································ 22

Display and maintenance commands for bulk interface configuration ·················································· 22

Configuring Ethernet interfaces ························································· 23

About Ethernet interface ············································································································ 23

Configuring a management Ethernet interface ················································································ 23

Ethernet interface naming conventions ························································································· 24

Restrictions and guidelines: Ethernet interface configuration ····························································· 24

100-GE interface configuration restrictions and guidelines ·························································· 24

40-GE interface configuration restrictions and guidelines ··························································· 24

Configuring common Ethernet interface settings ············································································· 25

Splitting a 100-GE interface and combining 10-GE breakout interfaces ········································· 25

Splitting a 40-GE interface and combining 10-GE breakout interfaces ··········································· 26

Configuring basic settings of an Ethernet interface ··································································· 27

ii

Configuring basic settings of an Ethernet subinterface ······························································· 28

Configuring the link mode of an Ethernet interface ···································································· 28

Configuring jumbo frame support ·························································································· 29

Configuring physical state change suppression on an Ethernet interface ······································· 29

Configuring dampening on an Ethernet interface ······································································ 30

Enabling link flapping protection on an interface ······································································· 31

Configuring fast retrain ······································································································· 32

Configuring storm suppression ····························································································· 33

Configuring generic flow control on an Ethernet interface ··························································· 33

Configuring PFC ··············································································································· 34

Setting PFC thresholds ······································································································· 35

Configuring PFC deadlock detection ······················································································ 37

Setting the statistics polling interval ······················································································· 38

Enabling loopback testing on an Ethernet interface ··································································· 39

Forcibly bringing up a fiber port ···························································································· 39

Enabling remote fault signal detection ···················································································· 40

Restoring the default settings for an interface ·········································································· 41

Configuring a Layer 2 Ethernet interface ······················································································· 41

Setting the MDIX mode of an Ethernet interface ······································································· 41

Setting the interface connection distance ················································································ 42

Configuring storm control on an Ethernet interface ··································································· 43

Changing a Layer 2 Ethernet interface to an FC interface ·························································· 44

Testing the cable connection of an Ethernet interface ································································ 44

Configuring the connection mode of an Ethernet interface ·························································· 45

Enabling bridging on an Ethernet interface ·············································································· 45

Configuring a Layer 3 Ethernet interface or subinterface··································································· 46

Setting the MTU for an Ethernet interface or subinterface ·························································· 46

Setting the MAC address of an Ethernet interface or subinterface ················································ 46

Enabling packet statistics collection on a Layer 3 Ethernet subinterface ········································ 47

Display and maintenance commands for Ethernet interfaces ····························································· 47

Configuring Ethernet link aggregation ················································· 49

About Ethernet link aggregation ·································································································· 49

Ethernet link aggregation application scenario ········································································· 49

Aggregate interface, aggregation group, and member port ························································· 49

Operational key ················································································································· 50

Configuration types ············································································································ 50

Link aggregation modes ······································································································ 51

How static link aggregation works ························································································· 51

Dynamic link aggregation ···································································································· 52

How dynamic link aggregation works ····················································································· 55

Edge aggregate interface ···································································································· 57

Load sharing modes for link aggregation groups ······································································ 57

S-MLAG ·························································································································· 57

Restrictions and guidelines: Mixed use of manual and automatic link aggregation configuration ················ 58

Ethernet link aggregation tasks at a glance ···················································································· 58

Configuring a manual link aggregation ·························································································· 59

Restrictions and guidelines for aggregation group configuration ·················································· 59

Configuring a Layer 2 aggregation group ················································································ 61

Configuring a Layer 3 aggregation group ················································································ 62

Configuring an S-channel bundle group·················································································· 64

Configuring S-MLAG················································································································· 65

Configuring an aggregate interface ······························································································ 66

Configuring the description of an aggregate interface ································································ 66

Setting the MAC address for an aggregate interface ································································· 67

Configuring jumbo frame support ·························································································· 67

Setting the MTU for a Layer 3 aggregate interface ···································································· 68

Setting the expected bandwidth for an aggregate interface ························································· 68

Configuring an edge aggregate interface ················································································ 69

Configuring physical state change suppression on an aggregate interface ····································· 69

Shutting down an aggregate interface ···················································································· 70

Enabling packet statistics on Layer 3 aggregate subinterfaces ···················································· 71

iii

Restoring the default settings for an aggregate interface ···························································· 71

Enabling transparent LACPDU transmission ·················································································· 72

Setting the minimum and maximum numbers of Selected ports for an aggregation group ························ 73

Disabling the default action of selecting a Selected port for dynamic aggregation groups that have not received

LACPDUs ······························································································································ 74

Configuring a dynamic aggregation group to use port speed as the prioritized criterion for reference port

selection ································································································································ 75

Ignoring port speed in setting the aggregation states of member ports ················································· 75

Specifying ignored VLANs for a Layer 2 aggregate interface ····························································· 76

Configuring load sharing for link aggregation groups ······································································· 77

Restrictions and guidelines for link-aggregation load sharing ······················································ 77

Setting static load sharing modes for link aggregation groups ····················································· 77

Specifying ignored packet fields for default link-aggregation load sharing ······································ 78

Enabling local-first load sharing for link aggregation ·································································· 79

Configuring link aggregation load sharing algorithm and hash seed settings ··································· 80

Setting a hash offset to adjust the load balancing results on link aggregations ································ 80

Setting the global load sharing mode for MAC-in-MAC traffic ······················································ 81

Setting the load sharing mode for tunneled traffic ····································································· 81

Specifying link aggregation management VLANs and link aggregation management port ························ 81

Excluding a subnet from load sharing on aggregate links ·································································· 82

Enabling a Layer 2 aggregate interface to reflect incoming packets back ············································· 83

Enabling link-aggregation traffic redirection ··················································································· 84

About link-aggregation traffic redirection ················································································· 84

Restrictions and guidelines for link-aggregation traffic redirection ················································ 84

Enabling link-aggregation traffic redirection globally ·································································· 84

Enabling link-aggregation traffic redirection for an aggregation group ··········································· 85

Enabling BFD for an aggregation group ························································································ 85

Display and maintenance commands for Ethernet link aggregation ····················································· 86

Ethernet link aggregation configuration examples ··········································································· 87

Example: Configuring a Layer 2 static aggregation group ··························································· 87

Example: Configuring a Layer 2 dynamic aggregation group ······················································· 89

Example: Configuring Layer 2 aggregation load sharing ···························································· 91

Example: Configuring a Layer 2 edge aggregate interface ·························································· 93

Example: Configuring a Layer 3 static aggregation group ··························································· 95

Example: Configuring a Layer 3 dynamic aggregation group ······················································· 96

Example: Configuring Layer 3 aggregation load sharing ···························································· 97

Example: Configuring a static S-channel bundle group ······························································ 99

Example: Configuring a dynamic S-channel bundle group ························································ 100

Example: Configuring S-MLAG ··························································································· 101

Configuring DRNI ········································································· 105

About DRNI ·························································································································· 105

DRNI network model ········································································································ 105

DRCP ··························································································································· 106

Keepalive and failover mechanism ······················································································ 106

MAD mechanism ············································································································· 107

DR system setup process ································································································· 107

Configuration consistency check ························································································· 108

DRNI failure handling mechanisms······················································································ 109

Protocols and standards ··································································································· 111

Restrictions and guidelines: DRNI configuration ··········································································· 111

DRNI tasks at a glance············································································································ 112

Configuring DR system settings ································································································ 112

Configuring the DR system MAC address ············································································· 112

Setting the DR system number ··························································································· 113

Setting the DR system priority ···························································································· 113

Setting the DR role priority of the device ····················································································· 113

Configuring DR keepalive settings ····························································································· 114

Restrictions and guidelines for configuring DR keepalive settings ·············································· 114

Configuring DR keepalive packet parameters ········································································ 114

Setting the DR keepalive interval and timeout timer ································································ 115

Excluding an interface from the shutdown action by DRNI MAD ······················································· 115

iv

Configuring a DR interface ······································································································· 116

Specifying a Layer 2 aggregate interface or VXLAN tunnel interface as the IPP ·································· 116

Disabling configuration consistency check ··················································································· 117

Enabling the short DRCP timeout timer on the IPP or a DR interface ················································ 117

Setting the keepalive hold timer for identifying the cause of IPL down events ······································ 118

Configuring DR system auto-recovery ························································································ 118

Setting the data restoration interval ···························································································· 119

Displaying and maintaining DRNI ······························································································ 119

DRNI configuration examples ··································································································· 120

Example: Configuring basic DRNI functions ·········································································· 120

Example: Configuring Layer 3 gateways on a DR system ························································· 124

Configuring port isolation ······························································· 132

About port isolation················································································································· 132

Assigning a port to an isolation group ························································································· 132

Display and maintenance commands for port isolation ··································································· 132

Port isolation configuration examples ························································································· 133

Example: Configuring port isolation ····················································································· 133

Configuring VLANs ······································································· 135

About VLANs ························································································································ 135

VLAN frame encapsulation ································································································ 135

VLAN types ···················································································································· 136

Port-based VLANs ··········································································································· 136

MAC-based VLANs ·········································································································· 137

IP subnet-based VLANs ···································································································· 139

Protocol-based VLANs ····································································································· 140

Layer 3 communication between VLANs ·············································································· 140

Protocols and standards ··································································································· 140

Configuring a VLAN ················································································································ 140

Restrictions and guidelines ································································································ 140

VLAN configuration tasks at a glance ·················································································· 140

Creating VLANs ·············································································································· 140

Enabling packet dropping in the VLAN ················································································· 141

Configuring port-based VLANs ·································································································· 141

Restrictions and guidelines for port-based VLANs ·································································· 141

Assigning an access port to a VLAN ···················································································· 141

Assigning a trunk port to a VLAN ························································································ 142

Assigning a hybrid port to a VLAN ······················································································· 143

Configuring MAC-based VLANs ································································································ 144

Restrictions and guidelines for MAC-based VLANs ································································· 144

Configuring static MAC-based VLAN assignment ··································································· 144

Configuring dynamic MAC-based VLAN assignment ······························································· 145

Configuring server-assigned MAC-based VLAN ····································································· 146

Configuring IP subnet-based VLANs ·························································································· 147

Configuring protocol-based VLANs ···························································································· 147

Configuring a VLAN group ······································································································· 149

Configuring VLAN interfaces ···································································································· 149

Restrictions and guidelines ································································································ 149

VLAN interfaces configuration tasks at a glance ····································································· 149

Prerequisites ·················································································································· 149

Creating a VLAN interface ································································································· 149

Specifying a traffic processing slot for the VLAN interface ························································ 150

Restoring the default settings for the VLAN interface ······························································· 150

Display and maintenance commands for VLANs ··········································································· 151

VLAN configuration examples ··································································································· 152

Example: Configuring port-based VLANs ·············································································· 152

Example: Configuring MAC-based VLANs ············································································ 153

Example: Configuring IP subnet-based VLANs ······································································ 155

Example: Configuring protocol-based VLANs ········································································ 157

v

Configuring super VLANs ······························································· 161

About super VLANs ················································································································ 161

Restrictions and guidelines: Super VLAN configuration ·································································· 161

Super VLAN tasks at a glance ·································································································· 161

Creating a sub-VLAN ·············································································································· 161

Configuring a super VLAN ······································································································· 162

Configuring a super VLAN interface ··························································································· 162

Display and maintenance commands for super VLANs ·································································· 163

Super VLAN configuration examples ·························································································· 163

Example: Configuring a super VLAN···················································································· 163

Configuring private VLAN ······························································· 166

About private VLAN ················································································································ 166

Restrictions and guidelines: Private VLAN configuration ································································· 167

Private VLAN tasks at a glance ································································································· 167

Creating a primary VLAN ········································································································· 167

Creating secondary VLANs ······································································································ 167

Associating the primary VLAN with secondary VLANs···································································· 168

Configuring the uplink port ······································································································· 168

Configuring a downlink port ······································································································ 168

Configuring Layer 3 communication for secondary VLANs ······························································ 169

Display and maintenance commands for the private VLAN ····························································· 170

Private VLAN configuration examples ························································································· 170

Example: Configuring promiscuous ports ·············································································· 170

Example: Configuring trunk promiscuous ports ······································································ 173

Example: Configuring trunk promiscuous and trunk secondary ports ·········································· 176

Example: Configuring Layer 3 communication for secondary VLANs ·········································· 180

Configuring voice VLANs ······························································· 183

About voice VLANs ················································································································ 183

Working mechanism ········································································································ 183

Methods of identifying IP phones ························································································ 183

Advertising the voice VLAN information to IP phones ······························································ 184

IP phone access methods ································································································· 184

Voice VLAN assignment modes ························································································· 185

Cooperation of voice VLAN assignment modes and IP phones ················································· 186

Security mode and normal mode of voice VLANs ··································································· 187

Restrictions and guidelines: Voice VLAN configuration ··································································· 188

Voice VLAN tasks at a glance ··································································································· 188

Configuring the QoS priority settings for voice traffic ······································································ 188

Configuring voice VLAN assignment modes for a port ···································································· 189

Configuring a port to operate in automatic voice VLAN assignment mode ···································· 189

Configuring a port to operate in manual voice VLAN assignment mode ······································· 190

Enabling LLDP for automatic IP phone discovery ·········································································· 191

Configuring LLDP or CDP to advertise a voice VLAN ····································································· 192

Configuring LLDP to advertise a voice VLAN ········································································· 192

Configuring CDP to advertise a voice VLAN ·········································································· 192

Display and maintenance commands for voice VLANs ··································································· 193

Voice VLAN configuration examples ·························································································· 193

Example: Configuring automatic voice VLAN assignment mode ················································ 193

Example: Configuring manual voice VLAN assignment mode ··················································· 195

Configuring MVRP ········································································ 198

About MVRP ························································································································· 198

MRP implementation ········································································································ 198

MRP messages ·············································································································· 198

MRP timers ···················································································································· 200

MVRP registration modes ································································································· 200

Protocols and standards ··································································································· 201

Restrictions and guidelines: MVRP configuration ·········································································· 201

MVRP tasks at a glance ·········································································································· 201

vi

Prerequisites ························································································································· 201

Enabling MVRP ····················································································································· 202

Setting an MVRP registration mode ··························································································· 202

Setting MRP timers ················································································································ 202

Enabling GVRP compatibility ···································································································· 203

Display and maintenance commands for MVRP ··········································································· 204

MVRP configuration examples ·································································································· 204

Example: Configuring basic MVRP functions ········································································· 204

Configuring loopback, null, and inloopback interfaces ·························· 214

About loopback, null, and inloopback interfaces ············································································ 214

About loopback interfaces ································································································· 214

About null interfaces ········································································································ 214

About inloopback interfaces ······························································································· 214

Configuring a loopback interface ······························································································· 214

Configuring a null interface ······································································································· 215

Restoring the default settings for an interface ··············································································· 215

Display and maintenance commands for loopback, null, and inloopback interfaces ······························ 216

Configuring QinQ ········································································· 217

About QinQ ·························································································································· 217

QinQ benefits ················································································································· 217

How QinQ works ············································································································· 217

QinQ implementations ······································································································ 218

Protocols and standards ··································································································· 219

Restrictions and guidelines: QinQ configuration ············································································ 219

Enabling QinQ ······················································································································· 219

Configuring transmission for transparent VLANs ··········································································· 220

Configuring the TPID for VLAN tags ··························································································· 221

About TPID ···················································································································· 221

Restrictions and guidelines ································································································ 221

Configuring the TPID for CVLAN tags ·················································································· 222

Configuring the TPID for SVLAN tags ·················································································· 222

Setting the 802.1p priority in SVLAN tags ···················································································· 222

About the 802.1p priority in SVLAN tags ··············································································· 222

Prerequisites for setting the 802.1p priority in SVLAN tags ······················································· 222

Tasks at a glance ············································································································ 223

Creating a traffic class and configuring CVLAN match criteria ··················································· 223

Creating a traffic behavior and configuring a priority marking action for SVLAN tags ······················ 223

Creating a QoS policy ······································································································ 223

Applying the QoS policy ···································································································· 224

Display and maintenance commands for QinQ ············································································· 224

QinQ configuration examples ···································································································· 224

Example: Configuring basic QinQ ······················································································· 224

Example: Configuring VLAN transparent transmission ····························································· 226

Configuring VLAN mapping ···························································· 229

About VLAN mapping ············································································································· 229

VLAN mapping types ······································································································· 229

VLAN mapping application scenarios ··················································································· 229

VLAN mapping implementations ························································································· 232

Restrictions and guidelines: VLAN mapping configuration ······························································· 235

VLAN mapping tasks at a glance ······························································································· 235

Prerequisites ························································································································· 236

Configuring one-to-one VLAN mapping ······················································································· 236

Configuring many-to-one VLAN mapping ···················································································· 236

About many-to-one VLAN mapping ····················································································· 236

Configuring many-to-one VLAN mapping in dynamic IP address assignment environment ·············· 237

Configuring many-to-one VLAN mapping in static IP address assignment environment ·················· 239

Configuring one-to-two VLAN mapping ······················································································· 241

Configuring two-to-one VLAN mapping ······················································································· 241

Configuring two-to-two VLAN mapping ······················································································· 242

vii

Display and maintenance commands for VLAN mapping ································································ 243

VLAN mapping configuration examples ······················································································ 243

Example: Configuring one-to-one and many-to-one VLAN mapping ··········································· 243

Example: Configuring one-to-two and two-to-two VLAN mapping ··············································· 248

Configuring PBB ·········································································· 251

About PBB ··························································································································· 251

PBB network model ········································································································· 251

Terminology ··················································································································· 252

PBB frame format ············································································································ 252

PBB frame forwarding ······································································································ 253

PBB data encapsulation types ···························································································· 254

Protocols and standards ··································································································· 255

PBB tasks at a glance ············································································································· 255

Enabling L2VPN ···················································································································· 255

Creating a PBB VSI ················································································································ 255

Configuring a B-VLAN for a PBB VSI ························································································· 256

Configuring an uplink port ········································································································ 256

Configuring a downlink port ······································································································ 257

Configuring the data encapsulation type ····················································································· 257

Display and maintenance commands for PBB ·············································································· 258

PBB configuration examples ····································································································· 258

Example: Configuring a basic PBB network ··········································································· 258

Troubleshooting PBB ·············································································································· 259

Failed to transmit customer frames to peer ··········································································· 259

Configuring loop detection ······························································ 261

About loop detection ··············································································································· 261

Loop detection mechanism ································································································ 261

Loop detection interval ····································································································· 262

Loop protection actions ····································································································· 262

Port status auto recovery ·································································································· 262

Loop detection tasks at a glance ······························································································· 263

Enabling loop detection ··········································································································· 263

Restrictions and guidelines for loop detection configuration ······················································ 263

Enabling loop detection globally ························································································· 263

Enabling loop detection on a port ························································································ 264

Setting the loop protection action ······························································································· 264

Restrictions and guidelines for loop protection action configuration ············································ 264

Setting the global loop protection action ··············································································· 264

Setting the loop protection action on an interface ··································································· 264

Setting the loop detection interval ······························································································ 265

Display and maintenance commands for loop detection ································································· 265

Loop detection configuration examples ······················································································· 265

Example: Configuring basic loop detection functions ······························································· 265

Spanning tree protocol overview ······················································ 269

About STP ···························································································································· 269

STP protocol frames ········································································································ 269

Basic concepts in STP ······································································································ 271

Calculation process of the STP algorithm ············································································· 272

Example of STP calculation ······························································································· 273

The configuration BPDU forwarding mechanism of STP ·························································· 277

STP timers ····················································································································· 278

About RSTP ························································································································· 278

RSTP protocol frames ······································································································ 279

Basic concepts in RSTP ··································································································· 279

How RSTP works ············································································································ 279

RSTP BPDU processing ··································································································· 280

About PVST ·························································································································· 280

PVST protocol frames ······································································································ 281

How PVST works ············································································································ 281

viii

About MSTP ························································································································· 281

MSTP features ················································································································ 281

MSTP protocol frames ······································································································ 282

Basic concepts in MSTP ··································································································· 283

How MSTP works ············································································································ 286

MSTP implementation on devices ······················································································· 287

Rapid transition mechanism ····································································································· 287

Edge port rapid transition ·································································································· 287

Root port rapid transition ··································································································· 288

P/A transition ·················································································································· 288

Protocols and standards ·········································································································· 290

Configuring spanning tree protocols ················································· 291

Restrictions and guidelines: spanning tree protocol configuration ····················································· 291

Restrictions: Compatibility with other features ········································································ 291

Restrictions: Interface configuration ····················································································· 291

Spanning tree protocol tasks at a glance ····················································································· 292

STP tasks at a glance ······································································································ 292

RSTP tasks at a glance ···································································································· 293

PVST tasks at a glance ···································································································· 294

MSTP tasks at a glance ···································································································· 295

Setting the spanning tree mode ································································································· 296

Configuring an MST region ······································································································ 297

Configuring the root bridge or a secondary root bridge ··································································· 298

Restrictions and guidelines ································································································ 298

Configuring the device as the root bridge of a spanning tree ····················································· 298

Configuring the device as a secondary root bridge of a spanning tree ········································· 298

Configuring the device priority ··································································································· 299

Configuring the maximum hops of an MST region ········································································· 299

Configuring the network diameter of a switched network································································· 300

Setting spanning tree timers ····································································································· 300

Setting the timeout factor ········································································································· 302

Configuring the BPDU transmission rate ····················································································· 302

Configuring edge ports ············································································································ 303

Configuring path costs of ports ·································································································· 303

About path cost ··············································································································· 303

Specifying a standard for the default path cost calculation ························································ 303

Configuring path costs of ports ··························································································· 306

Configuring the port priority ······································································································ 306

Configuring the port link type ···································································································· 307

Configuring the mode a port uses to recognize and send MSTP frames ············································· 308

Enabling outputting port state transition information ······································································· 308

Enabling the spanning tree feature ···························································································· 309

Restrictions and guidelines ································································································ 309

Enabling the spanning tree feature in STP/RSTP/MSTP mode ·················································· 309

Enabling the spanning tree feature in PVST mode ·································································· 309

Performing mCheck ················································································································ 310

About mCheck ················································································································ 310

Restrictions and guidelines ································································································ 310

Performing mCheck globally ······························································································ 310

Performing mCheck in interface view ··················································································· 310

Disabling inconsistent PVID protection ······················································································· 311

Configuring Digest Snooping ···································································································· 311

Configuring No Agreement Check ····························································································· 312

Configuring TC Snooping ········································································································· 314

Configuring protection features ································································································· 315

Spanning tree protection tasks at a glance ············································································ 315

Configuring BPDU guard ··································································································· 315

Enabling root guard ········································································································· 316

Enabling loop guard ········································································································· 317

Configuring port role restriction ··························································································· 318

Configuring TC-BPDU transmission restriction ······································································· 318

ix

Enabling TC-BPDU guard ································································································· 319

Enabling BPDU drop ········································································································ 319

Enabling PVST BPDU guard ······························································································ 320

Disabling dispute guard ···································································································· 320

Enabling the device to log events of detecting or receiving TC BPDUs ·············································· 322

Disabling the device from reactivating edge ports shut down by BPDU guard ····································· 323

Enabling BPDU transparent transmission on a port ······································································· 323

Enabling SNMP notifications for new-root election and topology change events ·································· 324

Display and maintenance commands for the spanning tree protocols ················································ 324

Spanning tree configuration examples ························································································ 325

Example: Configuring MSTP ······························································································ 325

Example: Configuring PVST ······························································································ 329

Example: Configuring DRNI with PVST ················································································ 332

Configuring LLDP ········································································· 335

About LLDP ·························································································································· 335

LLDP agents and bridge modes ························································································· 335

LLDP frame formats ········································································································· 336

LLDPDUs ······················································································································ 337

TLVs····························································································································· 337

Management address ······································································································· 340

LLDP operating modes ····································································································· 340

Transmitting and receiving LLDP frames ·············································································· 341

Collaboration with Track ··································································································· 341

Protocols and standards ··································································································· 341

Restrictions and guidelines: LLDP configuration ··········································································· 342

LLDP tasks at a glance ··········································································································· 342

Enabling LLDP ······················································································································ 343

Setting the LLDP bridge mode ·································································································· 343

Setting the LLDP operating mode ······························································································ 343

Setting the LLDP reinitialization delay ························································································· 344

Configuring the advertisable TLVs ····························································································· 344

Configuring advertisement of the management address TLV ··························································· 347

Setting the encapsulation format for LLDP frames ········································································· 348

Setting LLDP frame transmission parameters ·············································································· 349

Setting the timeout for receiving LLDP frames ·············································································· 349

Enabling LLDP polling ············································································································· 350

Disabling LLDP PVID inconsistency check ·················································································· 350

Configuring CDP compatibility ·································································································· 350

Configuring LLDP trapping and LLDP-MED trapping······································································ 352

Configuring LLDP neighbor validation and aging ··········································································· 353

Configuring LLDP neighbor validation on an interface ····························································· 353

Configuring LLDP neighbor aging on an interface ··································································· 353

Configuring MAC address learning for DCN ················································································· 354

About MAC address learning for DCN ·················································································· 354

MAC address learning for DCN tasks at a glance ··································································· 354

Setting the source MAC address of LLDP frames ··································································· 354

Enabling generation of ARP or ND entries for received management address TLVs ······················ 355

Display and maintenance commands for LLDP ············································································ 355

LLDP configuration examples ··································································································· 356

Example: Configuring basic LLDP functions ·········································································· 356

Example: Configuring CDP-compatible LLDP ········································································ 360

Configuring DCBX ········································································ 363

About DCBX ························································································································· 363

DCBX versions ··············································································································· 363

DCBX functions ·············································································································· 363

DCBX application scenario ································································································ 363

Protocols and standards ··································································································· 364

DCBX tasks at a glance ··········································································································· 364

Enabling LLDP and DCBX TLV advertising ·················································································· 364

Setting the DCBX version ········································································································ 365

x

Configuring APP parameters ···································································································· 365

Configuring ETS parameters ···································································································· 367

About ETS parameters ····································································································· 367

Restrictions and guidelines ································································································ 367

Configuring the 802.1p-to-local priority mapping ····································································· 367

Configuring group-based WRR queuing ··············································································· 368

Configuring PFC parameters ···································································································· 369

DCBX configuration examples ·································································································· 369

Example: Configuring DCBX ······························································································ 369

Configuring L2PT ········································································· 375

About L2PT ·························································································································· 375

L2PT application scenario ································································································· 375

Supported protocols ········································································································· 375

L2PT operating mechanism ······························································································· 376

L2PT tasks at a glance ············································································································ 377

Enabling L2PT ······················································································································ 377

Restrictions and guidelines for L2PT···················································································· 377

Enabling L2PT for a protocol in Layer 2 Ethernet interface view ················································ 378

Enabling L2PT for a protocol in Layer 2 aggregate interface view ·············································· 378

Setting the destination multicast MAC address for tunneled packets ················································· 378

Display and maintenance commands for L2PT ············································································· 379

L2PT configuration examples ··································································································· 379

Example: Configuring L2PT for STP ···················································································· 379

Example: Configuring L2PT for LACP ·················································································· 380

Configuring service loopback groups ················································ 385

About service loopback groups ································································································· 385

Restrictions and guidelines: Service loopback group configuration ···················································· 385

Configuring a service loopback group ························································································· 385

Display and maintenance commands for service loopback groups ···················································· 386

Service loopback group configuration examples ··········································································· 386

Example: Configuring a service loopback group ····································································· 386

Configuring cut-through Layer 2 forwarding········································ 387

About cut-through Layer 2 forwarding ························································································· 387

Restrictions and guidelines for cut-through Layer 2 forwarding configuration ······································· 387

Procedure ···························································································································· 387

Document conventions and icons ···················································· 388

Conventions ························································································································· 388

Network topology icons ··········································································································· 389

Support and other resources ·························································· 390

Accessing Hewlett Packard Enterprise Support ············································································ 390

Accessing updates ················································································································· 390

Websites ······················································································································· 391

Customer self repair ········································································································· 391

Remote support ·············································································································· 391

Documentation feedback ·································································································· 391

Index ························································································· 393

1

Configuring the MAC address table

About the MAC address table

An Ethernet device uses a MAC address table to forward frames. A MAC address entry includes a

destination MAC address, an outgoing interface, and a VLAN ID. When the device receives a frame,

it uses the destination MAC address of the frame to look for a match in the MAC address table.

• The device forwards the frame out of the outgoing interface in the matching entry if a match is

found.

• The device floods the frame in the VLAN of the frame if no match is found.

How a MAC address entry is created

The entries in the MAC address table include entries automatically learned by the device and entries

manually added.

MAC address learning

The device can automatically populate its MAC address table by learning the source MAC addresses

of incoming frames on each interface.

The device performs the following operations to learn the source MAC address of incoming packets:

1. Checks the source MAC address (for example, MAC-SOURCE) of the frame.

2. Looks up the source MAC address in the MAC address table.

 The device updates the entry if an entry is found.

 The device adds an entry for MAC-SOURCE and the incoming port if no entry is found.

When the device receives a frame destined for MAC-SOURCE after learning this source MAC

address, the device performs the following operations:

3. Finds the MAC-SOURCE entry in the MAC address table.

4. Forwards the frame out of the port in the entry.

The device performs the learning process for each incoming frame with an unknown source MAC

address until the table is fully populated.

Manually configuring MAC address entries

Dynamic MAC address learning does not distinguish between illegitimate and legitimate frames,

which can invite security hazards. When Host A is connected to Port A, a MAC address entry will be

learned for the MAC address of Host A (for example, MAC A). When an illegal user sends frames

with MAC A as the source MAC address to Port B, the device performs the following operations:

1. Learns a new MAC address entry with Port B as the outgoing interface and overwrites the old

entry for MAC A.

2. Forwards frames destined for MAC A out of Port B to the illegal user.

As a result, the illegal user obtains the data of Host A. To improve the security for Host A, manually

configure a static entry to bind Host A to Port A. Then, the frames destined for Host A are always sent

out of Port A. Other hosts using the forged MAC address of Host A cannot obtain the frames destined

for Host A.

Types of MAC address entries

A MAC address table can contain the following types of entries:

2

• Static entries—A static entry is manually added to forward frames with a specific destination

MAC address out of the associated interface, and it never ages out. A static entry has higher

priority than a dynamically learned one.

• Dynamic entries—A dynamic entry can be manually configured or dynamically learned to

forward frames with a specific destination MAC address out of the associated interface. A

dynamic entry might age out. A manually configured dynamic entry has the same priority as a

dynamically learned one.

• Blackhole entries—A blackhole entry is manually configured and never ages out. A blackhole

entry is configured for filtering out frames with a specific source or destination MAC address.

For example, to block all frames destined for or sourced from a user, you can configure the

MAC address of the user as a blackhole MAC address entry. A blackhole entry has higher

priority than a dynamically learned one.

• Multiport unicast entries—A multiport unicast entry is manually added to send frames with a

specific unicast destination MAC address out of multiple ports, and it never ages out. A multiport

unicast entry has higher priority than a dynamically learned one.

A static or blackhole MAC address entry can overwrite a dynamic MAC address entry. A dynamic

MAC address entry cannot overwrite a static, blackhole, or multiport unicast MAC address entry. A

static entry, a blackhole entry, and a multiport unicast entry cannot overwrite one another.

A multicast unicast MAC address entry does not affect learning the corresponding dynamic MAC

address entry. For the same MAC address, a multiport unicast MAC address entry and a dynamic

MAC address entry can coexist, and the multiport unicast MAC address takes priority.

This document does not cover the configuration of static multicast MAC address entries and MAC

address entries in VPLS. For more information about configuring static multicast MAC address

entries, see IGMP snooping in IP Multicast Configuration Guide. For more information about MAC

address table configuration in VPLS, see VPLS in MPLS Configuration Guide.

MAC address table tasks at a glance

All MAC address table configuration tasks are optional.

To configure the MAC address table, perform the following tasks:

• Configuring MAC address entries

 Adding or modifying a static or dynamic MAC address entry

 Adding or modifying a blackhole MAC address entry

 Adding or modifying a multiport unicast MAC address entry

 Adding or modifying a multiport unicast MAC address entry for VXLAN

• Setting the aging timer for dynamic MAC address entries

• Configuring MAC address learning

 Disabling MAC address learning

 Setting the MAC learning limit

 Configuring the unknown frame forwarding rule after the MAC learning limit is reached

 Assigning MAC learning priority to interfaces

• Enabling MAC address synchronization

• Configuring MAC address move notifications and suppression

• Enabling ARP fast update for MAC address moves

• Disabling static source check

• Enabling SNMP notifications for the MAC address table

3

Configuring MAC address entries

About MAC address entry-based frame forwarding

A frame whose source MAC address matches different types of MAC address entries is processed

differently.

Type

Description

Static MAC address entry Forwards the frame according to the destination MAC address regardless of

whether the frame's ingress interface is the same as that in the entry.

Multiport unicast MAC

address entry

• Learns the MAC address of the frame and generates a dynamic MAC

address entry, but the generated dynamic MAC address entry does not

take effect.

• Forwards the frame based on the multiport unicast MAC address entry.

Blackhole MAC address

entry Drops the frame.

Dynamic MAC address

entry

• Learns the MAC address of the frames received on a different interface

from that in the entry and overwrites the original entry.

• Forwards the frame received on the same interface as that in the entry

and updates the aging timer for the entry.

Restrictions and guidelines for MAC address entry

configuration

A manually configured dynamic MAC address entry will overwrite a learned entry that already exists

with a different outgoing interface for the MAC address.

The manually configured static, blackhole, and multiport unicast MAC address entries cannot survive

a reboot if you do not save the configuration. The manually configured dynamic MAC address entries

are lost upon reboot whether or not you save the configuration.

You cannot configure the following addresses as static, dynamic, blackhole, or multiport unicast

MAC addresses:

• Reserved MAC addresses of the device.

• MAC addresses of Layer 3 Ethernet interfaces or subinterfaces

• MAC addresses of Layer 3 aggregate interfaces or subinterfaces.

Reserved MAC addresses of the device are addresses from the bridge MAC address of the device to

the bridge MAC address plus 169. For more information about bridge MAC addresses, see IRF

Configuration Guide. For more information about the bridge MAC address, see IRF configuration in

Virtual Technologies Configuration Guide.

Prerequisites for MAC address entry configuration

Before manually configuring a MAC address entry for an interface, make sure the VLAN in the entry

has been created.

4

Adding or modifying a static or dynamic MAC address entry

Adding or modifying a static or dynamic MAC address entry globally

1. Enter system view.

system-view

2. Add or modify a static or dynamic MAC address entry.

mac-address { dynamic | static } mac-address interface interface-type

interface-number vlan vlan-id

By default, no MAC address entry is configured globally.

Make sure you have assigned the interface to the VLAN.

Adding or modifying a static or dynamic MAC address entry on an interface

1. Enter system view.

system-view

2. Enter interface view.

 Enter Layer 2 Ethernet interface view.

interface interface-type interface-number

 Enter Layer 2 aggregate interface view.

interface bridge-aggregation interface-number

 Enter S-channel interface view.

interface s-channel interface-number.channel-id

 Enter S-channel aggregate interface view.

interface schannel-aggregation interface-number:channel-id

 Enter S-channel bundle interface view.

interface schannel-bundle interface-number

3. Add or modify a static or dynamic MAC address entry.

mac-address { dynamic | static } mac-address vlan vlan-id

By default, no MAC address entry is configured on an interface.

Make sure you have assigned the interface to the VLAN.

Adding or modifying a blackhole MAC address entry

1. Enter system view.

system-view

2. Add or modify a blackhole MAC address entry.

mac-address blackhole mac-address vlan vlan-id

By default, no blackhole MAC address entry is configured.

Adding or modifying a multiport unicast MAC address entry

About multiport unicast MAC address entry configuration

You can configure a multiport unicast MAC address entry to associate a unicast destination MAC

address with multiple ports. The frame with a destination MAC address matching the entry is sent out

of multiple ports.

For example, in NLB unicast mode (see Figure 1):

5

• All servers within a cluster uses the cluster's MAC address as their own address.

• Frames destined for the cluster are forwarded to every server in the group.

In this case, you can configure a multiport unicast MAC address entry on the device connected to the

server group. Then, the device forwards the frame destined for the server group to every server

through all ports connected to the servers within the cluster.

Figure 1 NLB cluster

You can configure a multiport unicast MAC address entry globally or on an interface.

Configuring a multiport unicast MAC address entry globally

1. Enter system view.

system-view

2. Add or modify a multiport unicast MAC address entry.

mac-address multiport mac-address interface interface-list vlan

vlan-id

By default, no multiport unicast MAC address entry is configured globally.

Make sure you have assigned the interface to the VLAN.

Configuring a multiport unicast MAC address entry on an interface

1. Enter system view.

system-view

2. Enter interface view.

 Enter Layer 2 Ethernet interface view.

interface interface-type interface-number

 Enter Layer 2 aggregate interface view.

interface bridge-aggregation interface-number

3. Add the interface to a multiport unicast MAC address entry.

mac-address multiport mac-address vlan vlan-id

By default, no multiport unicast MAC address entry is configured on an interface.

Make sure you have assigned the interface to the VLAN.

NLB cluster

Device

6

Adding or modifying a multiport unicast MAC address entry

for VXLAN

About VXLAN multiport unicast MAC address entries

VXLAN has local and remote MAC addresses. A local MAC address is the MAC address of a VM in

the local site. A remote MAC address is the MAC address of a VM in a remote site.

To send frames destined for a local or remote MAC address out of multiple ports, configure a

multiport unicast MAC address entry. For more information about VXLAN, see VXLAN Configuration

Guide.

Restrictions and guidelines

Do not specify the tunnel interfaces automatically created by using ENDP or EVPN as outgoing

interfaces for a remote multiport unicast MAC address entry. If you do so, the numbers of these

tunnel interfaces might change during tunnel re-establishment, and the related entries cannot be

restored as a result. For more information about ENDP, see VXLAN Configuration Guide. For more

information about EVPN, see EVPN Configuration Guide.

In an EVPN network, you cannot configure the same multiport unicast MAC address entry on

multiple leaf nodes or VTEPs. When configured with EVPN multihoming or EVPN distributed relay, a

VTEP does not support synchronization of multiport unicast MAC address entries. For more

information about EVPN, see EVPN Configuration Guide.

Procedure

1. Enter system view.

system-view

2. Add or modify a multiport unicast MAC address entry for VXLAN.

 Add or modify a local multiport unicast MAC address entry.

mac-address multiport mac-address { interface { interface-type

interface-number service-instance instance-id }&<1-4> } vsi

vsi-name

For successful configuration, make sure the specified Ethernet service instances have been

mapped to the specified VSI.

 Add or modify a remote multiport unicast MAC address entry.

mac-address multiport mac-address { interface { tunnel

tunnel-number1 [ to tunnel tunnel-number2 ] }&<1-4> } vsi vsi-name

For successful configuration, make sure the specified VXLAN tunnel interfaces have been

associated with the specified VSI.

Setting the aging timer for dynamic MAC address

entries

About aging timer for dynamic MAC address entries

For security and efficient use of table space, the MAC address table uses an aging timer for each

dynamic MAC address entry. If a dynamic MAC address entry is not updated before the aging timer

expires, the device deletes the entry. This aging mechanism ensures that the MAC address table can

promptly update to accommodate latest network topology changes.

A stable network requires a longer aging interval, and an unstable network requires a shorter aging

interval.

7

An aging interval that is too long might cause the MAC address table to retain outdated entries. As a

result, the MAC address table resources might be exhausted, and the MAC address table might fail

to update its entries to accommodate the latest network changes.

An interval that is too short might result in removal of valid entries, which would cause unnecessary

floods and possibly affect the device performance.

To reduce floods on a stable network, set a long aging timer or disable the timer to prevent dynamic

entries from unnecessarily aging out. Reducing floods improves the network performance. Reducing

flooding also improves the security because it reduces the chances for a data frame to reach

unintended destinations.

Procedure

1. Enter system view.

system-view

2. Set the aging timer for dynamic MAC address entries.

mac-address timer { aging seconds | no-aging }

The default setting is 300 seconds.

Disabling MAC address learning

About disabling MAC address learning

MAC address learning is enabled by default. To prevent the MAC address table from being saturated

when the device is experiencing attacks, disable MAC address learning. For example, you can

disable MAC address learning to prevent the device from being attacked by a large amount of frames

with different source MAC addresses.

After MAC address learning is disabled, the device immediately deletes existing dynamic MAC

address entries.

Disabling global MAC address learning

Restrictions and guidelines

After you disable global MAC address learning, the device cannot learn MAC addresses on any

interfaces.

Global MAC address learning does not take effect on a TRILL network, S-channel, VPLS VSI, EVB

VSI, or VXLAN VSI. For information about TRILL, see TRILL Configuration Guide. For information

about VPLS VSIs, see MPLS Configuration Guide. For information about S-channels and EVB VSIs,

see EVB Configuration Guide. For information about VXLAN VSIs, see VXLAN Configuration Guide.

Procedure

1. Enter system view.

system-view

2. Disable global MAC address learning.

undo mac-address mac-learning enable

By default, global MAC address learning is enabled.

8

Disabling MAC address learning on an interface

About disabling MAC address learning on an interface

When global MAC address learning is enabled, you can disable MAC address learning on a single

interface.

Procedure

1. Enter system view.

system-view

2. Enter interface view.

 Enter Layer 2 Ethernet interface view.

interface interface-type interface-number

 Enter Layer 2 aggregate interface view.

interface bridge-aggregation interface-number

 Enter S-channel interface view.

interface s-channel interface-number.channel-id

 Enter S-channel aggregate interface view.

interface schannel-aggregation interface-number:channel-id

 Enter S-channel bundle interface view.

interface schannel-bundle interface-number

3. Disable MAC address learning on the interface.

undo mac-address mac-learning enable

By default, MAC address learning is enabled on an interface.

Disabling MAC address learning on a VLAN

About disabling MAC address learning on a VLAN

When global MAC address learning is enabled, you can disable MAC address learning on a

per-VLAN basis.

Procedure

1. Enter system view.

system-view

2. Enter VLAN view.

vlan vlan-id

3. Disable MAC address learning on the VLAN.

undo mac-address mac-learning enable

By default, MAC address learning on the VLAN is enabled.

Setting the MAC learning limit

About interface-based MAC learning limit

This feature limits the MAC address table size. A large MAC address table will degrade forwarding

performance.

Page is loading ...

Aruba JH101A Configuration Guide

This manual is also suitable for

Aruba JH101A Configuration Guide

Related papers

Other documents