Add to collection(s) Add to saved
  1. No category
Uploaded by Gábor Dudás

S2350&S5300&S6300 V200R003(C00&C02) Typical Configuration Examples 04

S2350&S5300&S6300 Series Ethernet Switches
V200R003(C00&C02)
Typical Configuration Examples
Issue
04
Date
2013-11-06
HUAWEI TECHNOLOGIES CO., LTD.
Copyright © Huawei Technologies Co., Ltd. 2013. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.
Address:
Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website:
http://www.huawei.com
Email:
support@huawei.com
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
i
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
About This Document
About This Document
This document provides the typical configuration examples supported by the
S2350&S5300&S6300 device.
This document is intended for:
l
Data configuration engineers
l
Commissioning engineers
l
Network monitoring engineers
l
System maintenance engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
Indicates an imminently hazardous situation
which, if not avoided, will result in death or
serious injury.
Indicates a potentially hazardous situation
which, if not avoided, could result in death or
serious injury.
Indicates a potentially hazardous situation
which, if not avoided, may result in minor or
moderate injury.
Indicates a potentially hazardous situation
which, if not avoided, could result in
equipment damage, data loss, performance
deterioration, or unanticipated results.
NOTICE is used to address practices not
related to personal injury.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
ii
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
About This Document
Symbol
Description
Calls attention to important information, best
practices and tips.
NOTE
NOTE is used to address information not
related to personal injury, equipment damage,
and environment deterioration.
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention
Description
Boldface
The keywords of a command line are in boldface.
Italic
Command arguments are in italics.
[]
Items (keywords or arguments) in brackets [ ] are optional.
{ x | y | ... }
Optional items are grouped in braces and separated by
vertical bars. One item is selected.
[ x | y | ... ]
Optional items are grouped in brackets and separated by
vertical bars. One item is selected or no item is selected.
{ x | y | ... }*
Optional items are grouped in braces and separated by
vertical bars. A minimum of one item or a maximum of all
items can be selected.
[ x | y | ... ]*
Optional items are grouped in brackets and separated by
vertical bars. Several items or no item can be selected.
&<1-n>
The parameter before the & sign can be repeated 1 to n times.
#
A line starting with the # sign is comments.
Interface Numbering Conventions
Interface numbers used in this manual are examples. In device configuration, use the existing
interface numbers on devices.
Security Conventions
l
Issue 04 (2013-11-06)
Password setting
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
iii
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
About This Document
– When configuring a password in plain text, the password is saved in the configuration
file in plain text. The plain text has high security risks. The cipher text is recommended.
To ensure device security, change the password periodically.
– When you configure a password in cipher text that starts and ends with %@%@ (the
password can be decrypted by the device), the password is displayed in the same manner
as the configured one in the configuration file. Do not use this setting.
l
Encryption algorithm
Currently, the device uses the following encryption algorithms: DES, AES, SHA-1, SHA-2,
and MD5. DES and AES are reversible, and SHA-1, SHA-2, and MD5 are irreversible.
The encryption algorithm depends on actual networking. If protocols are used for
interconnection, the locally stored password must be reversible. It is recommended that the
irreversible encryption algorithm be used for the administrator password.
l
Personal data
Some personal data may be obtained or used during operation or fault location of your
purchased products, services, features, so you have an obligation to make privacy policies
and take measures according to the applicable law of the country to protect personal data.
Mappings between Product Software Versions and NMS
Versions
The mappings between product software versions and NMS versions are as follows.
Product Software Version
iManager U2000
V200R003C00
V100R009C00
V200R003C02
V100R009C10
Change History
Changes between document issues are cumulative. The latest document issue contains all the
changes made in earlier issues.
Changes in Issue 04 (2013-11-06) V200R003(C00&C02)
This version has the following updates:
l
Some contents are modified according to updates in the product such as features and
commands.
l
Output information of some commands is modified.
Changes in Issue 03 (2013-09-30) V200R003(C00&C02)
This version has the following updates:
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
iv
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
About This Document
l
Some contents are modified according to updates in the product such as features and
commands.
l
Output information of some commands is modified.
Changes in Issue 02 (2013-07-25) V200R003C00
This version has the following updates:
l
Some contents are modified according to updates in the product such as features and
commands.
l
Output information of some commands is modified.
Changes in Issue 01 (2013-05-30) V200R003C00
Initial commercial release.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
v
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Contents
Contents
About This Document.....................................................................................................................ii
1 Basic Configuration.......................................................................................................................1
1.1 CLI Overview.................................................................................................................................................................2
1.1.1 Example for Using Tab................................................................................................................................................2
1.2 Logging In to the System for the First Time..................................................................................................................3
1.2.1 Example for Performing Basic Configuration on the Device at First Login...............................................................3
1.2.2 Example of Configuring the Console User Interface..................................................................................................5
1.2.3 Example of Configuring a VTY User Interface..........................................................................................................6
1.3 Configuring User Login..................................................................................................................................................8
1.3.1 Example for Logging In to the Device Through a Console Port.................................................................................8
1.3.2 Example for Logging In to the Device Through Telnet............................................................................................10
1.3.3 Example for Logging In to the Device Through STelnet..........................................................................................12
1.3.4 Example for Logging In to the Device Through the Web System............................................................................22
1.3.5 Example for Logging In to the Device Through the Safe Web System....................................................................25
1.3.6 Example for Configuring the Device as the Telnet Client to Log In to Another Device..........................................28
1.3.7 Example for Configuring the Device as the STelnet Client to Log In to Another Device........................................30
1.3.8 Example for Configuring the Public SSH Client to Log In to the Private SSH Server.............................................36
1.3.9 Example for Configuring RADIUS Authentication for SSH Users..........................................................................42
1.4 File Management..........................................................................................................................................................46
1.4.1 Example of Logging In to the Device to Manage Files.............................................................................................46
1.4.2 Example for Managing Files When the Device Functions as an FTP Server...........................................................47
1.4.3 Example for Managing Files Using SFTP When the Device Functions as an SSH Server......................................49
1.4.4 Example for Managing Files When the Device Functions as an FTPS Server.........................................................51
1.4.5 Example for Managing Files When the Device Functions as a TFTP Client............................................................54
1.4.6 Example for Managing Files When the Device Functions as an FTP Client............................................................56
1.4.7 Example for Managing Files When the Device Functions as an SFTP Client..........................................................57
1.4.8 Example for Managing Files When the Device Functions as an FTPS Client..........................................................63
1.4.9 Example for Managing Files When the Device Functions as an SCP Client............................................................67
1.5 Configuring System Startup.........................................................................................................................................69
1.5.1 Example for Backing Up the Configuration File.......................................................................................................69
1.5.2 Example for Recovering the Configuration File.......................................................................................................70
1.5.3 Example of Configuring System Startup...................................................................................................................71
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
vi
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Contents
2 Interface Management................................................................................................................75
2.1 Ethernet Interfaces Configuration.................................................................................................................................76
2.1.1 Example for Configuring Interface Isolation.............................................................................................................76
3 Ethernet..........................................................................................................................................78
3.1 Link Aggregation Configuration..................................................................................................................................80
3.1.1 Example for Configuring Link Aggregation in Manual Load Balancing Mode.......................................................80
3.1.2 Example for Configuring Link Aggregation in LACP Mode....................................................................................82
3.2 VLAN Configuration....................................................................................................................................................86
3.2.1 Example for Assigning VLANs Based on Ports.......................................................................................................86
3.2.2 Example for Assigning VLANs based on MAC Addresses......................................................................................88
3.2.3 Example for Assigning VLANs Based on IP Subnets..............................................................................................90
3.2.4 Example for Assigning VLANs Based on Protocols.................................................................................................93
3.2.5 Example for Implementing Inter-VLAN Communication Using VLANIF Interfaces.............................................96
3.2.6 Example for Configuring VLAN Aggregation..........................................................................................................98
3.2.7 Example for Configuring MUX VLAN on the Access Layer Device.....................................................................100
3.2.8 Example for Configuring the MUX VLAN on the Aggregation Device................................................................103
3.3 VLAN Mapping Configuration..................................................................................................................................105
3.3.1 Example for Configuring VLAN ID-based 1 to 1 VLAN Mapping.......................................................................105
3.3.2 Example for Configuring VLAN ID-based N to 1 VLAN Mapping......................................................................109
3.3.3 Example for Configuring VLAN ID-based 2 to 1 VLAN Mapping.......................................................................110
3.4 Voice VLAN Configuration.......................................................................................................................................115
3.4.1 Example for Configuring a Voice VLAN in Auto Mode........................................................................................115
3.4.2 Example for Configuring a Voice VLAN in Manual Mode....................................................................................117
3.5 QinQ Configuration....................................................................................................................................................120
3.5.1 Example for Configuring basic QinQ......................................................................................................................120
3.5.2 Example for Configuring Selective QinQ...............................................................................................................123
3.5.3 Example for Configuring Selective QinQ with VLAN Mapping............................................................................126
3.5.4 Example for Configuring VLL Access Through Dot1q Sub-interfaces..................................................................128
3.5.5 Example for Configuring a QinQ Sub-interface to Access a VLL Network...........................................................135
3.5.6 Example for Configuring a Single-tagged VLAN Mapping Sub-interface to Access a VLL network...................143
3.5.7 Example for Configuring a Double-tagged VLAN Mapping Sub-interface to Access a VLL Network................150
3.5.8 Example for Configuring a VLAN Stacking Sub-interface to Access a VLL Network.........................................157
3.5.9 Example for Configuring a Sub-interface for Dot1q VLAN Tag Termination to Access a VPLS Network..........165
3.5.10 Example for Configuring a Sub-interface for QinQ VLAN Tag Termination to Access a VPLS Network.........172
3.5.11 Example for Configuring a Single-tagged VLAN Mapping Sub-interface to Access a VPLS Network..............180
3.5.12 Example for Configuring a Double-tagged VLAN Mapping Sub-interface to Access a VPLS Network............187
3.5.13 Example for Configuring a VLAN Stacking Sub-interface to Access a VPLS Network.....................................195
3.5.14 Example for Configuring QinQ Stacking on a VLANIF Interface.......................................................................203
3.6 GVRP Configuration..................................................................................................................................................206
3.6.1 Example for Configuring GVRP.............................................................................................................................206
3.7 MAC Address Table Configuration...........................................................................................................................209
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
vii
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Contents
3.7.1 Example for Configuring the MAC Address Table.................................................................................................209
3.7.2 Example for Configuring MAC Address Learning in a VLAN..............................................................................211
3.7.3 Example for Configuring Port Security...................................................................................................................213
3.7.4 Example for Configuring MAC Address Anti-flapping..........................................................................................215
3.7.5 Example for Configuring MAC Address Flapping Detection.................................................................................217
3.8 STP/RSTP Configuration...........................................................................................................................................219
3.8.1 Example for Configuring Basic STP Functions......................................................................................................219
3.8.2 Example for Configuring Basic RSTP Functions....................................................................................................223
3.9 MSTP Configuration..................................................................................................................................................228
3.9.1 Example for Configuring MSTP.............................................................................................................................228
3.9.2 Example for Configuring MSTP + VRRP Network................................................................................................236
3.9.3 Example for Connecting CEs to the VPLS in Dual-Homing Mode Through MSTP..............................................246
3.9.4 Example for Configuring MSTP Multi-Process for Layer 2 Single-Access Rings and Layer 2 Multi-Access Rings
..........................................................................................................................................................................................259
3.10 SEP Configuration....................................................................................................................................................266
3.10.1 Example for Configuring SEP on a Closed Ring Network...................................................................................266
3.10.2 Example for Configuring SEP on a Multi-Ring Network.....................................................................................273
3.10.3 Example for Configuring a Hybrid SEP+MSTP Ring Network...........................................................................285
3.10.4 Example for Configuring a Hybrid SEP+RRPP Ring Network............................................................................294
3.10.5 Example for Configuring SEP Multi-Instance......................................................................................................306
3.10.6 Example for Configuring Association Between SEP and VPLS (Reporting Topology Changes of a Lower-Layer
Network)...........................................................................................................................................................................314
3.11 Layer 2 Protocol Transparent Transmission Configuration.....................................................................................326
3.11.1 Example for Configuring Interface-based Layer 2 Protocol Transparent Transmission.......................................327
3.11.2 Example for Configuring VLAN-based Layer 2 Protocol Transparent Transmission..........................................331
3.11.3 Example for Configuring QinQ-based Layer 2 Protocol Transparent Transmission............................................337
3.12 Loopback Detection Configuration..........................................................................................................................343
3.12.1 Example for Configuring Loopback Detection to Detect Loops on the Downstream Network...........................344
3.13 VoIP Access Configuration......................................................................................................................................345
3.13.1 Example for Configuring LLDP on a Switch to Provide VoIP Access.................................................................345
3.13.2 Example for Configuring a DHCP Server on a Switch to Provide VoIP Access..................................................348
3.13.3 Example for Configuring MAC Address-based VLAN Assignment on a Switch to Provide VoIP Access.........350
3.13.4 Example for Configuring an ACL on a Switch to Provide VoIP Access..............................................................352
3.13.5 Example for Configuring an Simplified ACL on a Switch to Provide VoIP Access............................................354
4 IP Service.....................................................................................................................................357
4.1 IP Address Configuration...........................................................................................................................................359
4.1.1 Example for Configuring IP Addresses for an Interface.........................................................................................359
4.1.2 Example for Configuring an IP Unnumbered Interface..........................................................................................360
4.2 ARP Configuration.....................................................................................................................................................365
4.2.1 Example for Configuring ARP................................................................................................................................365
4.2.2 Example for Configuring Routed Proxy ARP.........................................................................................................367
4.2.3 Example for Configuring Intra-VLAN Proxy ARP................................................................................................369
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
viii
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Contents
4.2.4 Example for Configuring Inter-VLAN Proxy ARP................................................................................................371
4.2.5 Example for Configuring Layer 2 Topology Detection..........................................................................................374
4.2.6 Example for Configuring ARP Packet Forwarding Between Isolated Interfaces...................................................376
4.3 DHCP Configuration..................................................................................................................................................380
4.3.1 Example for Configuring a DHCP Server Based on the Global Address Pool.......................................................380
4.3.2 Example for Configuring a DHCP Server Based on the Interface Address Pool....................................................383
4.3.3 Example for Configuring a DHCP Server and a DHCP Relay Agent.....................................................................387
4.3.4 Example for Configuring the DHCP Clients...........................................................................................................390
4.3.5 Example for Configuring the BOOTP Clients........................................................................................................393
4.4 DHCP Policy VLAN Configuration...........................................................................................................................397
4.4.1 Example for Configuring DHCP Policy VLAN Based on MAC Addresses..........................................................397
4.4.2 Example for Configuring DHCP Policy VLAN Based on Interfaces.....................................................................399
4.5 DHCPv6 Configuration..............................................................................................................................................400
4.5.1 Example for Configuring a DHCPv6 Server...........................................................................................................400
4.5.2 Example for Configuring a DHCPv6 PD Server.....................................................................................................402
4.5.3 Example for Configuring a DHCPv6 Relay to Assign IPv6 Addresses to the Clients in One Network Segment
Connected to the Relay.....................................................................................................................................................405
4.6 IP Performance Configuration....................................................................................................................................407
4.6.1 Example for Configuring ICMP Redirection Packets.............................................................................................407
4.6.2 Example for Configuring ICMP Host Unreachable Packets...................................................................................410
4.6.3 Example for Optimizing System Performance by Discarding Certain ICMP Packets............................................414
4.7 DNS Configuration.....................................................................................................................................................415
4.7.1 Example for Configuring the DNS Client...............................................................................................................415
4.8 Basic IPv6 Configurations..........................................................................................................................................419
4.8.1 Example for Configuring IPv6 Addresses for Interfaces........................................................................................419
4.9 IPv6 DNS configuration.............................................................................................................................................423
4.9.1 Example for Configuring IPv6 DNS Client............................................................................................................423
4.10 IPv6 over IPv4 Tunnel Configuration......................................................................................................................426
4.10.1 Example for Configuring a Manual IPv6 over IPv4 Tunnel.................................................................................426
4.10.2 Example for Configuring a 6to4 Tunnel................................................................................................................431
4.10.3 Example for Configuring an ISATAP Tunnel.......................................................................................................436
5 IP Routing...................................................................................................................................440
5.1 IP Routing Basic Configuration.................................................................................................................................442
5.1.1 Example for Configuring IP FRR on the Public Network.......................................................................................442
5.2 Static Route Configuration.........................................................................................................................................446
5.2.1 Example for Configuring IPv4 Static Routes..........................................................................................................446
5.2.2 Example for Configuring IPv6 Static Routes..........................................................................................................450
5.2.3 Example for Configuring Static BFD for IPv4 Static Routes.................................................................................454
5.3 RIP Configuration.......................................................................................................................................................457
5.3.1 Example for Configuring Basic RIP Functions.......................................................................................................457
5.3.2 Example for Configuring RIP to Import Routes.....................................................................................................461
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
ix
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Contents
5.3.3 Example for Configuring One-Arm Static BFD for RIP.........................................................................................465
5.3.4 Example for Configuring Dynamic BFD for RIP...................................................................................................471
5.4 RIPng Configuration...................................................................................................................................................476
5.4.1 Example for Configuring RIPng to Filter the Received Routes..............................................................................476
5.5 OSPF Configuration...................................................................................................................................................480
5.5.1 Example for Configuring Basic OSPF Functions....................................................................................................480
5.5.2 Example for Configuring a Stub Area of OSPF......................................................................................................487
5.5.3 Example for Configuring an OSPF NSSA Area.....................................................................................................491
5.5.4 Example for Configuring DR Election of an OSPF Process...................................................................................495
5.5.5 Example for Configuring OSPF Load Balancing....................................................................................................500
5.5.6 Example for Configuring OSPF GR........................................................................................................................505
5.5.7 Example for Configuring OSPF-BGP.....................................................................................................................508
5.5.8 Example for Configuring OSPF GTSM..................................................................................................................517
5.5.9 Example for Configuring BFD for OSPF................................................................................................................523
5.6 OSPFv3 Configuration...............................................................................................................................................528
5.6.1 Example for Configuring OSPFv3 Areas................................................................................................................528
5.6.2 Example for Configuring DR Election Through OSPFv3.......................................................................................534
5.6.3 Example for Configuring the OSPFv3 Virtual Link...............................................................................................539
5.6.4 Example for Configuring OSPFv3 GR....................................................................................................................543
5.7 IPv4 IS-IS Configuration............................................................................................................................................547
5.7.1 Example for Configuring Basic IS-IS Functions.....................................................................................................547
5.7.2 Example for Configuring IS-IS Route Aggregation................................................................................................554
5.7.3 Example for Configuring the DIS Election.............................................................................................................558
5.7.4 Example for Configuring IS-IS Load Balancing.....................................................................................................563
5.7.5 Example for Configuring Static BFD for IS-IS.......................................................................................................568
5.7.6 Example for Configuring Dynamic BFD for IS-IS.................................................................................................572
5.7.7 Example for Configuring IS-IS GR.........................................................................................................................579
5.8 IPv6 IS-IS Configuration............................................................................................................................................582
5.8.1 Example for Configuring Basic IS-IS IPv6 Functions............................................................................................582
5.9 BGP Configuration.....................................................................................................................................................588
5.9.1 Example for Configuring Basic BGP Functions.....................................................................................................589
5.9.2 Example for Configuring Basic BGP4+ Functions.................................................................................................594
5.9.3 Example for Configuring Basic MBGP Functions..................................................................................................600
5.9.4 Example for Configuring BGP to Interact With an IGP.........................................................................................608
5.9.5 Example for Configuring AS-Path Filter.................................................................................................................613
5.9.6 Example for Configuring MED Attributes to Control BGP Route Selection.........................................................618
5.9.7 Example for Configuring a BGP Route Reflector...................................................................................................623
5.9.8 Example for Configuring a BGP4+ Route Reflection.............................................................................................629
5.9.9 Example for Configuring a BGP Confederation.....................................................................................................634
5.9.10 Example for Configuring the BGP Community Attribute.....................................................................................641
5.9.11 Example for Configuring BGP Load Balancing....................................................................................................646
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
x
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Contents
5.9.12 Example for Associating BGP with BFD..............................................................................................................651
5.9.13 Example for Configuring BGP GTSM..................................................................................................................656
5.10 Routing Policy Configuration...................................................................................................................................665
5.10.1 Example for Filtering the Routes to Be Received or Advertised..........................................................................665
5.10.2 Example for Applying a Routing Policy for Importing Routes.............................................................................670
6 IP Multicast.................................................................................................................................676
6.1 IGMP Configuration...................................................................................................................................................678
6.1.1 Example for Configuring Basic IGMP Functions...................................................................................................678
6.1.2 Example for Configuring a Static Multicast Group on an Interface........................................................................682
6.1.3 Example for Configuring IGMP SSM Mapping.....................................................................................................687
6.1.4 Example for Configuring IGMP Limit....................................................................................................................693
6.2 PIM-DM (IPv4) Configuration...................................................................................................................................698
6.2.1 Example for Configuring Basic PIM-DM Functions..............................................................................................698
6.3 PIM-SM (IPv4) Configuration...................................................................................................................................705
6.3.1 Example for Configuring PIM-SM in the ASM Model..........................................................................................705
6.3.2 Example for Configuring PIM-SM in the SSM Model...........................................................................................714
6.3.3 Example for Configuring PIM BFD........................................................................................................................723
6.4 MSDP Configuration..................................................................................................................................................726
6.4.1 Example for Configuring PIM-SM Inter-domain Multicast Using MSDP.............................................................726
6.4.2 Example for Configuring Inter-AS Multicast Using Static RPF Peers...................................................................736
6.4.3 Example for Configuring Anycast RP in a PIM-SM Domain.................................................................................745
6.4.4 Example for Configuring SA Message Filtering.....................................................................................................752
6.5 Multicast Route Management (IPv4) Configuration..................................................................................................760
6.5.1 Example for Configuring a Multicast Static Route to Change the RPF Route.......................................................760
6.5.2 Example for Configuring Multicast Static Routes to Connect RPF Routes............................................................765
6.5.3 Example for Configuring Multicast Load Splitting.................................................................................................771
6.6 VLAN-based IGMP Snooping Configuration............................................................................................................779
6.6.1 Example for Configuring VLAN-based IGMP Snooping.......................................................................................779
6.6.2 Example for Configuring VLAN-based Layer 2 Multicast Through Static Interfaces...........................................782
6.6.3 Example for Configuring an VLAN-based IGMP Snooping Querier.....................................................................786
6.6.4 Example for Configuring VLAN-based IGMP Snooping Proxy............................................................................790
6.6.5 Example for Configuring VLAN-based IGMP Snooping SSM Mapping..............................................................792
6.7 Configuring VSI-based IGMP Snooping...................................................................................................................795
6.7.1 Example for Configuring IGMP Snooping in a VSI...............................................................................................795
6.8 Static Multicast MAC Address Configuration...........................................................................................................801
6.9 Multicast VLAN Replication Configuration..............................................................................................................802
6.9.1 Example for Configuring 1-to-N Multicast Replication Based on User VLANs....................................................802
6.9.2 Example for Configuring N-to-N Multicast VLAN Replication Based on User VLANs.......................................804
6.9.3 Example for Configuring Interface-based Multicast VLAN Replication................................................................807
6.10 Controllable Multicast Configuration.......................................................................................................................810
6.10.1 Example for Configuring Controllable Multicast..................................................................................................810
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xi
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Contents
6.11 MLD Configuration..................................................................................................................................................814
6.11.1 Example for Configuring Basic MLD Functions..................................................................................................814
6.11.2 Example for Configuring the MLD Limit.............................................................................................................818
6.12 PIM-DM (IPv6) Configuration.................................................................................................................................821
6.12.1 Example for Configuring Basic PIM-DM (IPv6) Functions.................................................................................821
6.13 PIM-SM (IPv6) Configuration.................................................................................................................................828
6.13.1 Example for Configuring PIM-SM (IPv6) in the ASM Model.............................................................................828
6.13.2 Example for Configuring PIM-SM (IPv6) in the SSM Model..............................................................................838
6.14 Multicast Route Management (IPv6) Configuration................................................................................................847
6.14.1 Example for Configuring IPv6 Multicast Load Splitting......................................................................................847
6.15 MLD Snooping Configuration..................................................................................................................................856
6.15.1 Example for Configuring MLD Snooping.............................................................................................................856
6.15.2 Example for Configuring a Static Interface to Implement Layer 2 Multicast.......................................................859
6.15.3 Example for Configuring the MLD Snooping Querier.........................................................................................862
6.15.4 Example for Configuring MLD Snooping Proxy..................................................................................................866
6.15.5 Example for Configuring Prompt Leave for Interfaces.........................................................................................868
6.15.6 Example for Configuring MLD Snooping to Respond to Network Topology Change.........................................870
7 QoS...............................................................................................................................................878
7.1 Priority Mapping Configuration on the S5300HI, S5306, S5310EI, and S6300........................................................879
7.1.1 Example for Configuring Priority Mapping............................................................................................................879
7.2 Priority Mapping Configuration on S2350, S5300SI, S5300EI, and S5300LI..........................................................881
7.2.1 Example for Configuring Priority Mapping............................................................................................................881
7.3 Traffic Policing and Traffic Shaping Configurations.................................................................................................885
7.3.1 Example for Configuring Interface-based Traffic Policing.....................................................................................885
7.3.2 Example for Configuring Flow-based Traffic Policing...........................................................................................888
7.3.3 Example for Configuring Hierarchical Traffic Policing on the S5300HI, S5306, and S5310EI............................892
7.3.4 Example for Configuring Traffic Shaping on the S2350, S5300SI, S5300LI, and S5300EI..................................897
7.4 Congestion Avoidance and Congestion Management Configuration........................................................................900
7.4.1 Example for Configuring Congestion Management on the S2350, S5300SI, and S5300LI...................................900
7.4.2 Example for Configuring Congestion Avoidance and Congestion Management on the S5300EI..........................903
7.4.3 Example for Configuring Congestion Avoidance and Congestion Management on the S5300HI, S5306, and S6300
..........................................................................................................................................................................................906
7.5 MQC Configuration....................................................................................................................................................910
7.5.1 Example for Configuring Traffic Statistics.............................................................................................................910
7.5.2 Example for Configuring Priority Re-marking Based on Complex Traffic Classification.....................................913
7.5.3 Example for Configuring PBR................................................................................................................................917
7.5.4 Example for Configuring Packet Filtering..............................................................................................................921
8 Security........................................................................................................................................925
8.1 AAA Configuration....................................................................................................................................................927
8.1.1 Example for Configuring RADIUS Authentication and Accounting......................................................................927
8.1.2 Example for Configuring HWTACACS Authentication, Accounting, and Authorization.....................................930
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xii
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Contents
8.1.3 Example for Configuring Domain-based User Management..................................................................................933
8.2 NAC Configuration....................................................................................................................................................939
8.2.1 Example for Configuring 802.1x Authentication....................................................................................................939
8.2.2 Example for Configuring MAC Address Authentication........................................................................................943
8.2.3 Example for Configuring Portal Authentication.....................................................................................................946
8.3 ACL Configuration.....................................................................................................................................................951
8.3.1 Example for Configuring a Basic ACL to Limit Access to the FTP Server............................................................951
8.3.2 Example for Using an Advanced ACL to Configure Traffic Classifiers.................................................................953
8.3.3 Example for Using a Layer 2 ACL to Configure a Traffic Classifier.....................................................................958
8.3.4 Example for Using a User-defined ACL to Configure a Traffic Classifier.............................................................960
8.3.5 Example for Using an ACL6 to Configure a Traffic Classifier...............................................................................963
8.4 DHCP Snooping Configuration..................................................................................................................................965
8.4.1 Example for Configuring DHCP Snooping Attack Defense...................................................................................966
8.5 Local Attack Defense Configuration..........................................................................................................................970
8.5.1 Example for Configuring Local Attack Defense.....................................................................................................970
8.6 Attack Defense Configuration....................................................................................................................................973
8.6.1 Example for Configuring Attack Defense...............................................................................................................973
8.7 IPSG Configuration....................................................................................................................................................975
8.7.1 Example for Configuring IPSG...............................................................................................................................975
8.8 URPF Configuration...................................................................................................................................................977
8.8.1 Example for Configuring URPF..............................................................................................................................977
8.9 ARP Security Configuration.......................................................................................................................................979
8.9.1 Example for Configuring ARP Security Functions.................................................................................................979
8.9.2 Example for Configuring Defense Against ARP MITM Attacks...........................................................................983
8.10 MFF Configuration...................................................................................................................................................986
8.10.1 Example for Configuring MFF to Implement Layer 2 Isolation and Layer 3 Connection of Users.....................986
8.11 Traffic Suppression and Storm Control Configuration............................................................................................991
8.11.1 Example for Configuring Traffic Suppression......................................................................................................991
8.11.2 Example for Configuring Storm Control...............................................................................................................992
8.12 PPPoE+ Configuration.............................................................................................................................................994
8.12.1 Example for Configuring PPPoE+........................................................................................................................994
8.13 Keychain Configuration...........................................................................................................................................996
8.13.1 Example for Applying the Keychain to RIP..........................................................................................................997
8.13.2 Example for Applying the Keychain to BGP......................................................................................................1000
8.14 ND Snooping Configuration...................................................................................................................................1004
8.14.1 Example for Configuring ND Snooping..............................................................................................................1005
8.15 SAVI Configurations.............................................................................................................................................. 1008
8.15.1 Example for Configuring the SAVI Function in a DHCPv6-Only Scenario......................................................1008
8.15.2 Example for Configuring the SAVI Function in an SLAAC-Only Scenario......................................................1011
8.15.3 Example for Configuring the SAVI Function in a DHCPv6+SLAAC Scenario................................................1014
9 Reliability..................................................................................................................................1019
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xiii
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Contents
9.1 BFD Configuration...................................................................................................................................................1021
9.1.1 Example for Configuring Single-hop BFD for Detecting Faults on a Layer 2 Link.............................................1021
9.1.2 Example for Configuring Single-Hop BFD on a VLANIF Interface....................................................................1023
9.1.3 Example for Configuring Multi-Hop BFD............................................................................................................1026
9.1.4 Example for Associating the BFD Session Status with the Interface Status.........................................................1030
9.1.5 Example for Configuring Association Between a BFD Session and an Interface................................................1034
9.1.6 Example for Configuring the BFD Echo Function................................................................................................1041
9.2 VRRP Configuration................................................................................................................................................1044
9.2.1 Example for Configuring a VRRP Group in Active/Standby Mode.....................................................................1044
9.2.2 Example for Configuring a VRRP Group in Load Balancing Mode....................................................................1051
9.2.3 Example for Configuring Association Between VRRP and BFD to Implement a Rapid Active/Standby Switchover
........................................................................................................................................................................................1056
9.2.4 Example for Configuring a VRRP6 Group in Active/Standby Mode...................................................................1062
9.2.5 Example for Configuring a VRRP6 Group in Load Balancing Mode..................................................................1069
9.3 DLDP Configuration................................................................................................................................................1075
9.3.1 Example for Configuring DLDP to Detect a Disconnected Optical Fiber Link....................................................1075
9.3.2 Example for Configuring DLDP to Detect Cross-Connected Optical Fibers........................................................1077
9.4 Smart Link Configuration.........................................................................................................................................1080
9.4.1 Example for Configuring Load Balancing on a Smart Link Instance...................................................................1080
9.4.2 Example for Configuring the Integrated Application of Monitor Link and Smart Link.......................................1085
9.5 MAC Swap Loopback Configuration.......................................................................................................................1090
9.5.1 Example for Configuring Local MAC Swap Loopback........................................................................................1090
9.5.2 Example for Configuring Remote MAC Swap Loopback....................................................................................1092
9.6 EFM Configuration...................................................................................................................................................1094
9.6.1 Example for Configuring Basic EFM Functions...................................................................................................1094
9.6.2 Example for Configuring Association Between an EFM Module and an Interface..............................................1098
9.6.3 Example for Configuring Association Between EFM Modules............................................................................1100
9.7 CFM Configuration..................................................................................................................................................1103
9.7.1 Example for Configuring VLAN-based Ethernet CFM on a Layer 2 Network....................................................1104
9.7.2 Example for Associating Ethernet CFM with an Interface...................................................................................1108
9.7.3 Example for Configuring Association Between CFM Modules...........................................................................1115
9.7.4 Example for Configuring Association Between CFM and EFM..........................................................................1119
9.8 Y.1731 Configuration...............................................................................................................................................1124
9.8.1 Example for Configuring One-way Frame Delay Measurement in a VLAN........................................................1124
9.8.2 Example for Configuring Two-way Frame Delay Measurement in a VLAN.......................................................1127
9.8.3 Example for Configuring AIS...............................................................................................................................1130
9.9 ERPS (G.8032) Configuration..................................................................................................................................1136
9.9.1 Example for Configuring ERPS............................................................................................................................1136
9.9.2 Example for Configuring ERPS Multi-Instance....................................................................................................1142
9.10 RRPP Configuration...............................................................................................................................................1150
9.10.1 Example for Configuring a Single RRPP Ring with a Single Instance...............................................................1150
9.10.2 Example for Configuring Intersecting RRPP Rings with a Single Instance.......................................................1155
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xiv
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Contents
9.10.3 Example for Configuring Tangent RRPP Rings..................................................................................................1165
9.10.4 Example for Configuring a Single RRPP Ring with Multiple Instances............................................................1174
9.10.5 Example for Configuring Intersecting RRPP Rings with Multiple Instances.....................................................1183
9.10.6 Example for Configuring Tangent RRPP Rings with Multiple Instances...........................................................1200
10 Device Management.............................................................................................................1212
10.1 Energy-Saving Management..................................................................................................................................1214
10.1.1 Example for Configuring ALS............................................................................................................................1214
10.1.2 Example for Configuring Device Dormancy.......................................................................................................1215
10.2 Information Center Configuration..........................................................................................................................1218
10.2.1 Example for Outputting Logs to a Log Host.......................................................................................................1218
10.2.2 Example for Outputting Traps to the SNMP Agent............................................................................................1220
10.2.3 Example for Outputting Traps to the Console.....................................................................................................1223
10.3 USB-based Deployment Configuration..................................................................................................................1224
10.3.1 Example for Configuring USB-based Deployment.............................................................................................1224
10.4 EasyDeploy Configuration.....................................................................................................................................1225
10.4.1 Example for Deploying Unconfigured Devices Through the Commander.........................................................1226
10.4.2 Example for Replacing Faulty Devices Through the Commander......................................................................1230
10.4.3 Example for Implementing a Batch Upgrade Through the Commander.............................................................1233
10.4.4 Example for Deploying Unconfigured Devices Through Option Fields.............................................................1238
10.4.5 Example for Deploying Unconfigured Devices Through an Intermediate File..................................................1240
10.5 NAP Configuration.................................................................................................................................................1244
10.5.1 Example for Configuring NAP-based Remote Deployment...............................................................................1244
10.6 Mirroring Configuration.........................................................................................................................................1246
10.6.1 Example for Configuring Local Port Mirroring..................................................................................................1246
10.6.2 Example for Configuring Layer 2 Remote Port Mirroring..................................................................................1247
10.6.3 Example for Configuring Local Traffic Mirroring..............................................................................................1250
10.6.4 Example for Configuring Local VLAN Mirroring..............................................................................................1252
10.6.5 Example for Configuring Local MAC Address Mirroring..................................................................................1254
10.7 PoE Configuration..................................................................................................................................................1255
10.7.1 Example for Configuring PoE.............................................................................................................................1255
10.8 iStack Configuration...............................................................................................................................................1257
10.8.1 Example for Configuring the iStack Function.....................................................................................................1258
10.8.2 Example for Configuring MAD in Direct Mode.................................................................................................1261
10.8.3 Example for Configuring MAD in Relay Mode..................................................................................................1263
10.9 Configuring a Monitoring Interface.......................................................................................................................1265
10.9.1 Example for Configuring a Monitoring Interface................................................................................................1265
11 Network Management..........................................................................................................1268
11.1 SNMP Configuration..............................................................................................................................................1270
11.1.1 Example for Configuring a Switch to Communicate with NMSs Using SNMPv1.............................................1270
11.1.2 Example for Configuring a Switch to Communicate with an NMS Using SNMPv2c........................................1273
11.1.3 Example for Configuring a Switch to Communicate with an NMS Using SNMPv3.........................................1276
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xv
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Contents
11.2 RMON Configuration.............................................................................................................................................1280
11.2.1 Example for Configuring RMON........................................................................................................................1280
11.3 NTP Configuration.................................................................................................................................................1284
11.3.1 Example for Configuring Authenticated NTP Unicast Server/Client Mode.......................................................1285
11.3.2 Example for Configuring NTP Symmetric Peer Mode.......................................................................................1289
11.3.3 Example for Configuring Authenticated NTP Broadcast Mode..........................................................................1292
11.3.4 Example for Configuring NTP Multicast Mode..................................................................................................1297
11.4 Ping and Tracert Configuration..............................................................................................................................1301
11.4.1 Example for Performing Ping and Tracert Operations........................................................................................1301
11.5 NQA Configuration................................................................................................................................................1302
11.5.1 Example for Configuring a DNS Test Instance...................................................................................................1303
11.5.2 Example for Configuring an FTP Download Test Instance................................................................................1304
11.5.3 Example for Configuring an FTP Upload Test Instance.....................................................................................1307
11.5.4 Example for Configuring an HTTP Test Instance...............................................................................................1309
11.5.5 Example for Configuring an ICMP Test Instance...............................................................................................1311
11.5.6 Example for Configuring an ICMP Jitter Test Instance......................................................................................1313
11.5.7 Example for Configuring an SNMP Query Test Instance...................................................................................1315
11.5.8 Example for Configuring a TCP Test Instance...................................................................................................1318
11.5.9 Example for Configuring a Trace Test Instance..................................................................................................1320
11.5.10 Example for Configuring a UDP Test Instance.................................................................................................1322
11.5.11 Example for Configuring a UDP Jitter Test Instance........................................................................................1325
11.5.12 Example for Configuring the MAC Ping Test...................................................................................................1327
11.5.13 Example for Configuring MAC Ping to Detect the Connectivity of a VLAN network....................................1330
11.5.14 Example for Configuring the LSP Ping Test for a Common Tunnel................................................................1333
11.5.15 Example for Configuring the LSP Jitter Test for a Common Tunnel...............................................................1337
11.5.16 Example for Configuring the LSP Jitter Test for the MPLS TE Tunnel...........................................................1340
11.5.17 Example for Configuring the LSP Trace Test for the TE Tunnel.....................................................................1343
11.5.18 Example for Configuring the LSP Trace Test for Checking the CR-LSP Hotstandby Tunnel.........................1347
11.5.19 Example for Configuring the PWE3 Ping Test on a Single-Hop PW...............................................................1352
11.5.20 Example for Configuring the PWE3 Ping Test on a Multi-Hop PW................................................................1357
11.5.21 Example for Configuring the PWE3 Trace Test on a Single-Hop PW.............................................................1363
11.5.22 Example for Configuring the PWE3 Trace Test on a Multi-Hop PW...............................................................1367
11.5.23 Example for Sending Trap Massages to the NMS When the Threshold Is Exceeded......................................1374
11.6 LLDP Configuration...............................................................................................................................................1378
11.6.1 Example for Configuring LLDP on the Device That Has a Single Neighbor.....................................................1378
11.6.2 Example for Configuring LLDP on the Device That Has Multiple Neighbors...................................................1384
11.6.3 Example for Configuring LLDP on the Network with link aggregation configured..........................................1392
11.6.4 Example for Configuring CDP-Compatible LLDP.............................................................................................1398
11.6.5 Example for Configuring the Voice VLAN Capability of LLDP to Provide VoIP Service...............................1400
11.7 sFlow Overview......................................................................................................................................................1404
11.7.1 Example for Configuring sFlow..........................................................................................................................1404
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xvi
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Contents
11.8 Packet Capture Configuration................................................................................................................................1407
11.8.1 Example for Configuring Packet Capture Function............................................................................................1408
12 MPLS........................................................................................................................................1411
12.1 Static LSPs Configuration......................................................................................................................................1412
12.1.1 Example for Configuring Static LSPs.................................................................................................................1412
12.1.2 Example for Configuring Static BFD to Monitor Static LSPs............................................................................1419
12.2 MPLS LDP Configuration......................................................................................................................................1428
12.2.1 Example for Configuring Local LDP Sessions...................................................................................................1428
12.2.2 Example for Configuring Remote MPLS LDP Sessions.....................................................................................1432
12.2.3 Example for Configuring Automatic Triggering of a Request for a Label Mapping Message in DoD Mode
........................................................................................................................................................................................1436
12.2.4 Example for Configuring a Policy for Triggering LSP Establishment...............................................................1442
12.2.5 Example for Configuring a Policy for Triggering Transit LSP Establishment...................................................1446
12.2.6 Example for Disabling Devices from Distributing LDP Labels to Remote Peers..............................................1451
12.2.7 Example for Configuring Static BFD to Detect LDP LSPs................................................................................1459
12.2.8 Example for Configuring Dynamic BFD to Detect LDP LSPs...........................................................................1466
12.2.9 Example for Configuring Synchronization Between LDP and IGP....................................................................1471
12.2.10 Example for Configuring LDP GR....................................................................................................................1478
12.2.11 Example for Configuring LDP GTSM..............................................................................................................1483
12.2.12 Example for Configuring LDP Extension for Inter-Area LSP..........................................................................1486
12.2.13 Example for Configuring MPLS QoS...............................................................................................................1493
12.3 MPLS TE Configuration........................................................................................................................................1505
12.3.1 Example for Configuring a Static MPLS TE Tunnel..........................................................................................1505
12.3.2 Example for Configuring a Dynamic MPLS TE Tunnel.....................................................................................1510
12.3.3 Example for Setting Up CR-LSPs Using CR-LSP Attribute Templates.............................................................1516
12.3.4 Example for Configuring IGP Shortcut to Direct Traffic to an MPLS TE Tunnel.............................................1529
12.3.5 Example for Configuring Forwarding Adjacency to Direct Traffic to an MPLS TE Tunnel.............................1536
12.3.6 Example for Setting Attributes for an MPLS TE Tunnel....................................................................................1544
12.3.7 Example for Configuring Srefresh Based on Manual TE FRR...........................................................................1553
12.3.8 Example for Configuring RSVP Authentication.................................................................................................1561
12.3.9 Example for Configuring RSVP Authentication Based on Manual TE FRR......................................................1566
12.3.10 Example for Configuring SRLG Based on Auto TE FRR................................................................................1574
12.3.11 Example for Configuring SRLG Based on CR-LSP Hot Standby....................................................................1586
12.3.12 Example for Configuring CR-LSP Hot Standby...............................................................................................1596
12.3.13 Example for Configuring Manual TE FRR.......................................................................................................1606
12.3.14 Example for Configuring Auto TE FRR...........................................................................................................1618
12.3.15 Example for Configuring Association Between TE FRR and CR-LSP Backup...............................................1631
12.3.16 Example for Configuring an MPLS TE Tunnel Protection Group....................................................................1643
12.3.17 Example for Configuring Dynamic BFD for an MPLS TE Tunnel Protection Group......................................1651
12.3.18 Example for Configuring Static BFD for CR-LSPs..........................................................................................1657
12.3.19 Example for Configuring Dynamic BFD for CR-LSPs.....................................................................................1665
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xvii
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Contents
12.3.20 Example for Configuring RSVP GR.................................................................................................................1671
13 VPN..........................................................................................................................................1678
13.1 BGP MPLS IP VPN Configuration........................................................................................................................1679
13.1.1 Example for Configuring BGP/MPLS IP VPN...................................................................................................1679
13.1.2 Example for Configuring BGP/MPLS IP VPNs with Overlapping Address Spaces..........................................1691
13.1.3 Example for Configuring Communication Between Local VPNs......................................................................1702
13.1.4 Example for Configuring Hub and Spoke...........................................................................................................1707
13.1.5 Example for Configuring Inter-AS VPN Option A.............................................................................................1717
13.1.6 Example for Configuring an MCE......................................................................................................................1729
13.1.7 Example for Configuring an OSPF Sham Link...................................................................................................1742
13.1.8 Example for Configuring BGP AS Number Substitution...................................................................................1753
13.1.9 Example for Configuring CE Dual-Homing.......................................................................................................1760
13.1.10 Example for Configuring VPN FRR.................................................................................................................1776
13.1.11 Example for Configuring IP FRR for VPN Routes...........................................................................................1785
13.1.12 Example for Configuring Double RRs to Optimize the VPN Backbone Layer................................................1791
13.1.13 Example for Connecting a VPN to the Internet.................................................................................................1802
13.1.14 Example for Configuring a Tunnel Policy for an L3VPN.................................................................................1811
13.2 BGP/MPLS IPv6 VPN Configuration....................................................................................................................1824
13.2.1 Example for Configuring Basic BGP/MPLS IPv6 VPN.....................................................................................1824
13.2.2 Example for Configuring Hub and Spoke (Using BGP4+ Between the PE and CE).........................................1837
13.2.3 Example for Configuring Hub and Spoke (Using a Default Route Between Hub-PE and Hub-CE)..................1849
13.2.4 Example for Configuring Inter-AS IPv6 VPN Option A....................................................................................1861
13.2.5 Example for Configuring CE Dual-Homing.......................................................................................................1873
13.2.6 Example for Configuring a VPNv6 RR...............................................................................................................1890
13.3 VLL Configuration.................................................................................................................................................1898
13.3.1 Example for Configuring a Local CCC Connection...........................................................................................1898
13.3.2 Example for Configuring a Remote CCC Connection........................................................................................1901
13.3.3 Example for Configuring a VLL Connection in SVC Mode...............................................................................1907
13.3.4 Example for Configuring a VLL Connection in Martini Mode..........................................................................1913
13.3.5 Example for Configuring a Local VLL Connection in Kompella Mode.............................................................1919
13.3.6 Example for Configuring a Remote VLL Connection in Kompella Mode.........................................................1923
13.3.7 Example for Configuring Inter-AS Martini VLL (Option A).............................................................................1930
13.3.8 Example for Configuring Inter-AS Kompella VLL (Option A)..........................................................................1938
13.3.9 Example for Configuring Martini VLL FRR (Asymmetrically Connected CEs)...............................................1948
13.4 PWE3 Configuration..............................................................................................................................................1965
13.4.1 Example for Configuring a Dynamic Single-hop PW.........................................................................................1965
13.4.2 Example for Configuring a Static Multi-hop PW................................................................................................1972
13.4.3 Example for Configuring a Dynamic Multi-hop PW..........................................................................................1980
13.4.4 Example for Configuring a Mixed Multi-hop PW..............................................................................................1991
13.4.5 Example for Configuring Static BFD for PWs....................................................................................................2000
13.4.6 Example for Configuring Dynamic BFD for a Single-hop PW..........................................................................2017
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xviii
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Contents
13.4.7 Example for Configuring Dynamic BFD for a Multi-hop PW............................................................................2028
13.4.8 Example for Configuring Inter-AS PWE3-Option A..........................................................................................2041
13.5 VPLS Configuration...............................................................................................................................................2050
13.5.1 Example for Configuring Martini VPLS.............................................................................................................2050
13.5.2 Example for Configuring Kompella VPLS.........................................................................................................2057
13.5.3 Example for Configuring BGP AD VPLS..........................................................................................................2064
13.5.4 Example for Configuring VPLS over TE in Martini Mode.................................................................................2074
13.5.5 Example for Configuring LDP HVPLS...............................................................................................................2085
13.5.6 Example for Configuring Static VLLs to Access a VPLS Network...................................................................2093
13.5.7 Example for Configuring Dynamic VLLs to Access a VPLS Network..............................................................2105
13.5.8 Example for Configuring CE Dual-Homed Kompella VPLS.............................................................................2115
13.5.9 Example for Configuring Inter-AS Martini VPLS in OptionA Mode.................................................................2125
13.5.10 Example for Configuring Inter-AS Kompella VPLS in OptionA Mode...........................................................2134
14 Miscellaneous Configuration Examples...........................................................................2144
14.1 Example for Configuring MSTP and VRRP..........................................................................................................2145
14.2 Example for Configuring SEP and MSTP in Hybrid Networking.........................................................................2156
14.3 Example for Configuring a QinQ Termination Sub-interface to Access a VLL Network.....................................2164
14.4 Example for Configuring Users in a Super-VLAN to Request IP Addresses from DHCP Servers.......................2172
14.5 Example for Associating the BFD Session Status with the Interface Status..........................................................2183
14.6 Example for Configuring Load Balancing Between Active and Standby Links of a Smart Link Group..............2188
14.7 Example for Configuring Association Between VRRP and the Interface Status...................................................2193
14.8 Example for Configuring RRPP Snooping.............................................................................................................2203
14.9 Example for Deploying BGP/MPLS IP VPN and VPLS on One ISP Network.....................................................2211
14.10 Example for Deploying a High-Reliability Multi-Service VPN Network...........................................................2229
14.11 Example for Configuring a CSS to Transmit VoD and IPTV Data.....................................................................2245
14.12 Example for Configuring VRRP to Ensure Reliable Multicast Data Transmission.............................................2254
14.13 Example for Configuring Multicast VPN Access Through an MCE Device.......................................................2269
14.14 Example for Configuring Unicast and Multicast VLANs....................................................................................2284
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xix
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
1
Basic Configuration
About This Chapter
This document describes methods to use command line interface and to log in to the device, file
operations, and system startup configurations.
1.1 CLI Overview
Users perform configuration and routine maintenance on devices by running commands.
1.2 Logging In to the System for the First Time
This section describes how to log in to a new device to configure the device. You can log in
through the console port or mini USB port.
1.3 Configuring User Login
Users can log in to the device through a console port, Telnet, STelnet, or web to perform local
or remote device maintenance.
1.4 File Management
All files on the device are stored in storage devices and can be managed in multiple modes. The
current device can function as a client to access files on other devices.
1.5 Configuring System Startup
When the device is powered on, system software starts and configuration files are loaded. To
ensure smooth running of the device, manage system software and configuration files efficiently.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
1.1 CLI Overview
Users perform configuration and routine maintenance on devices by running commands.
1.1.1 Example for Using Tab
Networking Requirements
The user wants to enter commands in fast and convenient mode to facilitate completion of service
configurations. The device supports the function that the user enters the first character or first
several characters of the keyword and presses Tab to complete the keyword, which improves
input efficiency.
Configuration Roadmap
The configuration roadmap is as follows:
1.
If there is only one match for the incomplete keyword, enter the incomplete keyword and
press Tab.
2.
If there are several matches for the keyword, enter the incomplete keyword and press
Tab repeatedly until the desired keyword is displayed.
3.
Enter the incorrect keyword and press Tab. In this case, the incorrect keyword remains
unchanged.
Use Tab if:
There Is Only One Match for an Incomplete Keyword
1.
Enter an incomplete keyword.
[HUAWEI] info-
2.
Press Tab.
The system replaces the entered keyword and displays it in a new line with the complete
keyword followed by a space.
[HUAWEI] info-center
There Are Several Matches for an Incomplete Keyword
# The keyword info-center can be followed by the following keywords. (The command output
provided here is used for reference only. The actual output information may differ from the
following information.)
[HUAWEI] info-center ?
channel
Set the name of information channel
console
Setting of console configuration
enable
Enable the information center
filter-id
Specify the configuration of the ID filtering table
local
Setting of logging configuraitons except loghost
logbuffer
Setting of log buffer configuration
loghost
Setting of logging host configuration
monitor
Setting of monitor configuration
rate-limit
Specify the rate at which the information center
processes information
snmp
Setting of snmp configuration
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
source
statistic-suppress
timestamp
trapbuffer
1.
1 Basic Configuration
Informational source setting
Suppression that the first occurrence of an event is
always logged immediately, but subsequence identical
messages are suppressed
Set the time stamp type of information
Setting of trap buffer configuration
Enter an incomplete keyword.
[HUAWEI] info-center log
2.
Press Tab.
The system displays the prefixes of all the matched keywords. In this example, the prefix
is log.
[HUAWEI] info-center loghost
Press Tab to switch from one matched keyword to another. In this case, the cursor closely
follows the end of a word.
[HUAWEI] info-center logbuffer
Stop pressing Tab when the desired keyword is displayed.
An Incorrect keyword Is Entered
1.
Enter an incorrect keyword.
[HUAWEI] info-center loglog
2.
Press Tab.
[HUAWEI] info-center loglog
The system displays information in a new line, but the keyword loglog remains unchanged
and there is no space between the cursor and the keyword, indicating that this keyword
does not exist.
1.2 Logging In to the System for the First Time
This section describes how to log in to a new device to configure the device. You can log in
through the console port or mini USB port.
NOTE
Only the S5300LI and S5310EI support login through the mini USB port. The S5300-28P-LI-BAT and
S5300-28P-LI-24S-BAT in the S5300LI series do not provide mini USB ports; therefore, they do not
support login through the mini USB port.
1.2.1 Example for Performing Basic Configuration on the Device at
First Login
Networking Requirements
After logging in to the device through the console port, perform basic device configuration, and
set the user level to 15 and authentication mode to AAA for users 0-4 who perform remote login
through Telnet.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Figure 1-1 Networking diagram for configuring the device through the console port
Console
Network
Switch
PC1
PC2
Configuration Roadmap
1.
Log in to the device through the console port.
NOTE
The HyperTerminal of Windows XP can be used as the terminal emulation software on the PC.
2.
Configure the device.
Procedure
Step 1 Log in to the device from PC1 through the console port. For details, see Logging In Through
the Console Port.
Step 2 Configure the device.
# Set the system date, time, and time zone.
<HUAWEI> clock timezone BJ add 08:00:00
<HUAWEI> clock datetime 20:10:0 2012-07-26
# Set the device name and IP address of the management interface.
<HUAWEI> system-view
[HUAWEI] sysname Server
[Server] interface meth 0/0/1
[Server-MEth0/0/1] ip address 10.137.217.177 24
[Server-MEth0/0/1] quit
# Configure a default route for the device supposing that the device gateway address is
10.137.217.1.
[HUAWEI] ip route-static 0.0.0.0 0 10.137.217.1
# Set the user level and authentication mode for Telnet users.
[Server] user-interface vty 0 4
[Server-ui-vty0-4] user privilege level 15
[Server-ui-vty0-4] authentication-mode aaa
[Server-ui-vty0-4] quit
[Server] aaa
[Server-aaa] local-user admin1234 password cipher Helloworld@6789
[Server-aaa] local-user admin1234 privilege level 15
[Server-aaa] local-user admin1234 service-type telnet
[Server-aaa] quit
Step 3 Verify the configuration.
When completing the configuration, you can log in to the device through Telnet on PC2.
Access the command line interface of Windows XP and log in to the device through Telnet.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
C:\Documents and Settings\Administrator> telnet 10.137.217.177
Press Enter. On the displayed login page, enter the user name and password. If the authentication
succeeds, the command line interface for the user view is displayed. (The following information
is only for reference.)
Login authentication
Username:admin1234
Password:
Info: The max number of VTY users is 20, and the number
of current VTY users on line is 1.
The current login time is 2012-07-26 20:10:05+08:00.
<Server>
----End
Configuration Files
Configuration file of the device
#
sysname Server
#
clock timezone BJ add 08:00:00
#
aaa
local-user admin1234 password cipher %@%@#N&)XdgB87~RcnU9upv6,.d;,uXe*#IeEywBaSmj:\@.d>,%@%@
local-user admin1234 privilege level 15
local-user admin1234 service-type telnet
#
interface MEth0/0/1
ip address 10.137.217.177 255.255.255.0
#
ip route-static 0.0.0.0 0.0.0.0 10.137.217.1
#
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
#
return
1.2.2 Example of Configuring the Console User Interface
Networking Requirements
Before logging in to the device using the console user interface to maintain the device locally,
a user can configure the attributes of the console user interface to ensure device security.
In this example, the level of console users is 15. The password authentication mode and
authentication password Helloworld@6789 are configured for console users to log in to the
device.
Configuration Roadmap
The configuration roadmap is as follows:
1.
Issue 04 (2013-11-06)
Configure the user level on the console user interface.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
2.
1 Basic Configuration
Configure the authentication mode and password on the console user interface.
Procedure
Step 1 Configure the user level on the console user interface.
<HUAWEI> system-view
[HUAWEI] user-interface console 0
[HUAWEI-ui-console0] user privilege level 15
Step 2 Configure the authentication mode and password on the console user interface.
[HUAWEI-ui-console0] authentication-mode password
[HUAWEI-ui-console0] set authentication password cipher Helloworld@6789
[HUAWEI-ui-console0] quit
After the console user interface is configured, users can use the console interface to log in to the
device in the password authentication mode to maintain the device locally. For details on how
to log in to the device see Logging In to the Device Through a Console Port.
Step 3 Verify the configuration.
# Run the quit command to disconnect the terminal from the device, connect the terminal to the
device using a console cable, and verify that the new password is valid.
# Run the user-interface console 0 command to enter the console interface view, and run the
display this command to check the configurations on the console interface.
[HUAWEI] user-interface console 0
[HUAWEI-ui-console0] display this
#
user-interface con 0
authentication-mode password
user privilege level 15
set authentication password cipher %@%@#N&)XdgB87~RcnU9upv6,.d;,uXe*#IeE-ywBaSmj:
\@.d>,%@%@
#
return
----End
Configuration File
#
user-interface con 0
authentication-mode password
user privilege level 15
set authentication password cipher %@%@#N&)XdgB87~RcnU9upv6,.d;,uXe*#IeE-ywBaSmj:
\@.d>,%@%@
#
return
1.2.3 Example of Configuring a VTY User Interface
Networking Requirements
A user can use the VTY interface to log in to a remote device using Telnet. The device
administrator can configure the attributes of the VTY user interface to ensure device security.
In this example, the level of VTY users is 2. The password authentication mode and
authentication password Helloworld@6789 are configured for VTY users to log in to the device.
Only the user whose IP address is 10.1.1.1 can log in to the device.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
If a user logs in to the device and does not perform an operation within 30 minutes, the user's
terminal disconnects from the device.
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the maximum number of concurrent VTY user interfaces to 8.
2.
Configure restrictions on call-in and call-out permissions on the VTY user interface to
allow users at a specified address or address segment to log in to the device.
3.
Configure terminal attributes on the VTY user interface.
4.
Configure the user level on the VTY user interface.
5.
Configure the authentication mode and password of the VTY user interface.
Procedure
Step 1 Configure the maximum number of concurrent VTY user interfaces.
<HUAWEI> system-view
[HUAWEI] user-interface maximum-vty 8
Step 2 Configure restrictions on call-in and call-out permissions on the VTY user interface.
[HUAWEI] acl 2000
[HUAWEI-acl-basic-2000] rule deny source 10.1.1.1 0
[HUAWEI-acl-basic-2000] rule permit source any
[HUAWEI-acl-basic-2000] quit
[HUAWEI] user-interface vty 0 7
[HUAWEI-ui-vty0-7] acl 2000 inbound
Step 3 Configure terminal attributes on the VTY user interface.
[HUAWEI-ui-vty0-7]
[HUAWEI-ui-vty0-7]
[HUAWEI-ui-vty0-7]
[HUAWEI-ui-vty0-7]
shell
idle-timeout 30
screen-length 30
history-command max-size 20
Step 4 Configure the user level on the VTY user interface.
[HUAWEI-ui-vty0-7] user privilege level 2
Step 5 Configure the authentication mode and password of the VTY user interface.
[HUAWEI-ui-vty0-7] authentication-mode password
[HUAWEI-ui-vty0-7] set authentication password cipher Helloworld@6789
[HUAWEI-ui-vty0-7] quit
After the VTY user interface is configured, users can log in to the device in the password
authentication mode using Telnet to maintain the device locally or remotely. For details on how
to log in to the device see Logging In to the Device Through Telnet.
Step 6 Verify the configuration.
# Connect the terminal to the device using Telnet, and verify that the new password is valid.
# Use 10.1.1.1 to log in to the device using Telnet. The login fails.
# Run the user-interface vty 0 7 command to enter the VTY interface view, and run the display
this command to check the configurations on the VTY interface.
[HUAWEI] user-interface vty 0 7
[HUAWEI-ui-vty0-7] display this
#
user-interface maximum-vty 8
user-interface vty 0 7
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
acl 2000 inbound
authentication-mode password
user privilege level 2
set authentication password cipher %@%@#N&)XdgB87~RcnU9upv6,.d;,uXe*#IeE-ywBaSmj:
\@.d>,%@%@
history-command max-size 20
idle-timeout 30 0
screen-length 30
#
return
----End
Configuration File
#
acl number 2000
rule 5 deny source 10.1.1.1 0
rule 10 permit
#
user-interface maximum-vty 8
user-interface vty 0 7
acl 2000 inbound
authentication-mode password
user privilege level 2
set authentication password cipher %@%@#N&)XdgB87~RcnU9upv6,.d;,uXe*#IeE-ywBaSmj:
\@.d>,%@%@
history-command max-size 20
idle-timeout 30 0
screen-length 30
#
return
1.3 Configuring User Login
Users can log in to the device through a console port, Telnet, STelnet, or web to perform local
or remote device maintenance.
1.3.1 Example for Logging In to the Device Through a Console Port
Networking Requirements
When you cannot remotely log in to the device, you can perform local login through a console
port. If you log in to the device through a console port, only password authentication is required.
To improve security, use AAA on the console user interface.
Figure 1-2 Networking diagram of user login through a console port
PC
Switch
Configuration Roadmap
The configuration roadmap is as follows:
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
1.
Use the terminal simulation software to log in to the device through a console port.
2.
Configure the authentication mode of the console user interface.
Procedure
Step 1 Use the terminal simulation software to log in to the device through a console port.
1.
Insert the DB9 connector of the console cable delivered with the product to the 9-pin serial
port on the PC, and insert the RJ45 connector to the console port of the device, as shown
in Figure 1-3.
Figure 1-3 Connecting to the device through the console port
2.
Start the terminal simulation software on the PC. Establish a connection, and set the
connected port and communication parameters.
NOTE
A PC may have multiple connection ports; therefore, the port connected through the console cable
is selected in this example. Generally, COM1 is selected.
If the serial port communication parameters of the device are modified, modify the communication
parameters on the PC accordingly (ensure that the parameter values are the same) and re-establish
the connection.
3.
Press Enter until the system prompts you to enter the password. (The system will prompt
you to enter the user name and password in AAA authentication. The following information
is only for reference.)
Login authentication
Password:
You can run commands to configure the device. Enter a question mark (?) whenever you
need help.
Step 2 Configure the authentication mode of the console user interface.
<HUAWEI> system-view
[HUAWEI] user-interface console 0
[HUAWEI-ui-console0] authentication-mode aaa
[HUAWEI-ui-console0] user privilege level 15
[HUAWEI-ui-console0] quit
[HUAWEI] aaa
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
[HUAWEI-aaa] local-user admin1234 password cipher Helloworld@6789
[HUAWEI-aaa] local-user admin1234 privilege level 3
[HUAWEI-aaa] local-user admin1234 service-type terminal
After the preceding operations, you can re-log in to the device on the console user interface only
by entering the user name admin1234 and password Helloworld@6789.
----End
Configuration Files
#
aaa
local-user admin1234 password cipher %@%@#N&)XdgB87~RcnU9upv6,.d;,uXe*#IeEywBaSmj:\@.d>,%@%@
local-user admin1234 privilege level 3
local-user admin1234 service-type terminal
#
user-interface con 0
authentication-mode aaa
user privilege level 15
#
return
1.3.2 Example for Logging In to the Device Through Telnet
Networking Requirements
As shown in Figure 1-4, the PC and the server (Huawei device) are reachable to each other. To
implement easy remote configuration and management of the device, configure AAA
authentication for Telnet users on the server and configure a security policy that allows only the
administrator to log in to the device.
Figure 1-4 Networking diagram of logging in to the device through Telnet
10.1.1.1/32
10.137.217.177/24
Network
PC
Telnet Server
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the Telnet login mode to implement remote network device maintenance.
2.
Configure the administrator's user name and password and the AAA authentication mode
to ensure that only the administrator can log in to the device.
3.
Configure a security policy to ensure that the administrator's PC can be used to log in to
the device.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
10
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Procedure
Step 1 Set the server listening port number and enable the server function.
<HUAWEI> system-view
[HUAWEI] sysname Telnet Server
[Telnet Server] telnet server enable
[Telnet Server] telnet server port 1025
Step 2 Set the VTY user interface parameters.
# Set the maximum number of VTY user interfaces.
[Telnet Server] user-interface maximum-vty 8
# Set the IP address of the device to which the user is allowed to log in.
[Telnet
[Telnet
[Telnet
[Telnet
[Telnet
Server] acl 2001
Server-acl-basic-2001] rule permit source 10.1.1.1 0
Server-acl-basic-2001] quit
Server] user-interface vty 0 7
Server-ui-vty0-7] acl 2001 inbound
# Configure the terminal attributes of the VTY user interface.
[Telnet
[Telnet
[Telnet
[Telnet
Server-ui-vty0-7]
Server-ui-vty0-7]
Server-ui-vty0-7]
Server-ui-vty0-7]
shell
idle-timeout 20
screen-length 30
history-command max-size 20
# Configure the user authentication mode of the VTY user interface.
[Telnet Server-ui-vty0-7] authentication-mode aaa
[Telnet Server-ui-vty0-7] quit
Step 3 Configure the login user information.
# Configure the login authentication mode.
[Telnet
[Telnet
[Telnet
[Telnet
[Telnet
Server] aaa
Server-aaa]
Server-aaa]
Server-aaa]
Server-aaa]
local-user admin1234 password cipher Helloworld@6789
local-user admin1234 service-type telnet
local-user admin1234 privilege level 3
quit
Step 4 Configure the client login.
Enter commands at the command line prompt to log in to the device through Telnet.
C:\Documents and Settings\Administrator> telnet 10.137.217.177 1025
Press Enter, and enter the user name and password in the login window. If the authentication
is successful, the command line prompt of the user view is displayed. The user view
configuration environment is displayed.
Login authentication
Username:admin1234
Password:
Info: The max number of VTY users is 8, and the number
of current VTY users on line is 2.
The current login time is 2012-08-06 18:33:18+00:00.
<Telnet Server>
----End
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Configuration Files
Telnet server configuration file
#
sysname Telnet Server
#
telnet server port 1025
#
acl number 2001
rule 5 permit source 10.1.1.1 0
#
aaa
local-user admin1234 password cipher %@%@#N&)XdgB87~RcnU9upv6,.d;,uXe*#IeEywBaSmj:\@.d>,%@%@
local-user admin1234 privilege level 3
local-user admin1234 service-type telnet
#
user-interface maximum-vty 8
user-interface vty 0 7
acl 2001 inbound
authentication-mode aaa
history-command max-size 20
idle-timeout 20 0
screen-length 30
#
return
1.3.3 Example for Logging In to the Device Through STelnet
Networking Requirements
As shown in Figure 1-5, users require secure remote login, but Telnet cannot provide a secure
authentication method. In this scenario, STelnet can be configured to ensure security of remote
login. PC1 and PC2 have reachable routes to the SSH server, and 10.137.217.203 is the IP address
of the management interface on the SSH server. Two login users client001 and client002 need
to be configured on the SSH server. PC1 uses the account of client001 to log in to the SSH server
through password authentication; PC2 uses the account of client002 to log in to the SSH server
through RSA authentication.
Figure 1-5 Networking diagram of logging in to the device through STelnet
10.137.217.203/16
Network
Network
PC1
SSH Server
PC2
Configuration Roadmap
The configuration roadmap is as follows:
1.
Issue 04 (2013-11-06)
Install the SSH server software on PC1. Install the key pair generation software, public key
conversion software, and SSH server login software on PC2.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
2.
Generate a local key pair on the SSH server to implement secure data exchange between
the server and client.
3.
Configure different authentication modes for the SSH users client001 and client002 on the
SSH server.
4.
Enable the STelnet service on the SSH server.
5.
Configure the STelnet server type for the SSH users client001 and client002 on the SSH
server.
6.
Log in to the SSH server as the client001 and client002 users through STelnet.
Procedure
Step 1 Generate a local key pair on the server.
<HUAWEI> system-view
[HUAWEI] sysname SSH Server
[SSH Server] rsa local-key-pair create
The key name will be: SSH Server_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 2048]:1024
Generating keys...
......................++++++++
........................................................++++++++
........+++++++++
.....+++++++++
Step 2 Create an SSH user on the server.
# Configure the VTY user interface.
[SSH
[SSH
[SSH
[SSH
[SSH
Server] user-interface vty 0 4
Server-ui-vty0-4] authentication-mode aaa
Server-ui-vty0-4] protocol inbound all
Server-ui-vty0-4] user privilege level 5
Server-ui-vty0-4] quit
l Create an SSH user named client001.
# Create an SSH user named client001 and configure the password authentication mode for
the user.
[SSH
[SSH
[SSH
[SSH
[SSH
[SSH
Server] aaa
Server-aaa]
Server-aaa]
Server-aaa]
Server-aaa]
Server] ssh
local-user client001 password cipher Huawei@123
local-user client001 privilege level 3
local-user client001 service-type ssh
quit
user client001 authentication-type password
l Create an SSH user named client002.
# Create an SSH user named client002 and configure the RSA authentication mode for the
user.
[SSH Server] ssh user client002 authentication-type rsa
# Generate a local key pair of the client on PC2.
1.
Run puttygen.exe on the client. It is used to generate the public and private key files.
Select SSH2 RSA and click Generate. By moving the cursor in the blank area, you can
find that the key is being generated.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
13
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Figure 1-6 PuTTY Key Generate page (1)
After the key is generated, click save public key to save the key in the key.pub file.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
14
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Figure 1-7 PuTTY Key Generate page (2)
Click save private key. The PuTTYgen Warning dialog box is displayed. Click
Yes. The private key is saved in the private.ppk file.
Figure 1-8 PuTTY Key Generate page (3)
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
15
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
2.
1 Basic Configuration
Run sshkey.exe on the client. Convert the generated public key to the character string
required for the device.
Open the key.pub file.
Figure 1-9 ssh key converter page (1)
Click Convert(C). You can see the public keys before and after conversion.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
16
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Figure 1-10 ssh key converter page (2)
# Enter the RSA public key generated on PC2 to the SSH server.
[SSH Server] rsa peer-public-key rsakey001
Enter "RSA public key" view, return system view with "peer-public-key end".
[SSH Server-rsa-public-key] public-key-code begin
Enter "RSA key code" view, return last view with "public-key-code end".
[SSH Server-rsa-key-code] 30818702 818100CD 1ACDD096 5E779319 F6A88F9E E7669F0A
[SSH Server-rsa-key-code] 5F898844 09961F38 7215B1D6 98380C6E B4A52BEF B421023D
[SSH Server-rsa-key-code] 3E6F9732 69FB08B8 2713BE30 8F587C07 80B37D5C 5D3D4E61
[SSH Server-rsa-key-code] 8F30F514 AEC917F8 F6D91F90 948D89CD F5E4ED58 E24AE5E7
[SSH Server-rsa-key-code] 6CA9CB13 713680AC C24265DA 33D4E7B2 B80A4CD9 FE897BC5
[SSH Server-rsa-key-code] 457A8D31 23B82692 93F3D7CE EFE74102 0125
[SSH Server-rsa-key-code] public-key-code end
[SSH Server-rsa-public-key] peer-public-key end
# Bind the RSA public key of the STelnet client to the SSH user client002 on the SSH server.
[SSH Server] ssh user client002 assign rsa-key rsakey001
Step 3 Enable the STelnet service on the SSH server.
# Enable the STelnet service.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
17
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
[SSH Server] stelnet server enable
Step 4 Configure the STelnet service type for the client001 and client002 users.
[SSH Server] ssh user client001 service-type stelnet
[SSH Server] ssh user client002 service-type stelnet
Step 5 Verify the configuration.
l Log in to the SSH server as the client001 user from PC1 using the password authentication
mode.
# Use the PuTTY software to log in to the device, enter the device IP address, and select the
SSH protocol type.
Figure 1-11 PuTTY Configuration page - password authentication mode
# Click Open. Enter the user name and password at the prompt, and press Enter. You have
logged in to the SSH server.
login as: client001
Sent username "client001"
client001@10.137.217.203's password:
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
18
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Info: The max number of VTY users is 8, and the number
of current VTY users on line is 5.
The current login time is 2012-08-06 09:35:28.
<SSH Server>
l Log in to the SSH server as the client002 user from PC2 using the RSA authentication mode.
# Use the PuTTY software to log in to the device, enter the device IP address, and select the
SSH protocol type.
Figure 1-12 PuTTY Configuration page - RSA authentication mode (1)
# Choose Connection > SSH in the navigation tree. The page shown in Figure 1-13 is
displayed. Select 2 for Preferred SSH protocol version
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
19
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Figure 1-13 PuTTY Configuration page - RSA authentication mode (2)
# Choose Connection > SSH > Auth in the navigation tree. The page shown in Figure
1-14 is displayed. Select the private.ppk file corresponding to the public key configured on
the server.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
20
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Figure 1-14 PuTTY Configuration page - RSA authentication mode (3)
# Click Open. Enter the user name at the prompt, and press Enter. You have logged in to
the SSH server.
login as: client002
Authenticating with public key "rsa-key"
Info: The max number of VTY users is 8, and the number
of current VTY users on line is 5.
The current login time is 2012-08-06 09:35:28.
<SSH Server>
----End
Configuration Files
SSH server configuration file
#
sysname SSH Server
#
rsa peer-public-key rsakey001
public-key-code begin
308186
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
21
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
028180
CD1ACDD0 965E7793 19F6A88F 9EE7669F 0A5F8988 4409961F 387215B1 D698380C
6EB4A52B EFB42102 3D3E6F97 3269FB08 B82713BE 308F587C 0780B37D 5C5D3D4E
618F30F5 14AEC917 F8F6D91F 90948D89 CDF5E4ED 58E24AE5 E76CA9CB 13713680
ACC24265 DA33D4E7 B2B80A4C D9FE897B C5457A8D 3123B826 9293F3D7 CEEFE741
0201
25
public-key-code end
peer-public-key end
#
aaa
local-user client001 password cipher %@%@~)5r!#>ZoLU0T^*IoFR'i_^*%@%@
local-user client001 privilege level 3
local-user client001 service-type ssh
#
stelnet server enable
ssh user client001
ssh user client001 authentication-type password
ssh user client001 service-type stelnet
ssh user client002
ssh user client002 authentication-type rsa
ssh user client002 assign rsa-key rsakey001
ssh user client002 service-type stelnet
#
user-interface vty 0 4
authentication-mode aaa
user privilege level 5
protocol inbound ssh
#
return
1.3.4 Example for Logging In to the Device Through the Web System
Networking Requirements
As shown in Figure 1-15, the device is logged in through HTTP from a PC and the device works
as the web server to implement the graphical user management and device maintenance.
Figure 1-15 Networking diagram of logging in to the device through HTTP
192.168.0.1/24
Network
PC
HTTP Server
Configuration Roadmap
The configuration roadmap is as follows:
1.
Upload the web page file.
2.
Load the web page file.
3.
Enable the HTTPS/HTTP service and configure an HTTP user.
4.
Log in to the web system.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
22
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Procedure
Step 1 Upload the web page file.
# Enable the FTP service.
<HUAWEI> system-view
[HUAWEI] sysname HTTP-Server
[HTTP-Server] ftp server enable
# Configure the FTP user verification information, and authentication mode and directory.
[HTTP-Server] aaa
[HTTP-Server-aaa] local-user
[HTTP-Server-aaa] local-user
[HTTP-Server-aaa] local-user
[HTTP-Server-aaa] local-user
[HTTP-Server-aaa] quit
[HTTP-Server] quit
huawei
huawei
huawei
huawei
password cipher hello@123
service-type ftp
privilege level 15
ftp-directory flash:
# Upload the web page file to the HTTP server from the user terminal. (The operation details
are not provided here.)
After the preceding operations are completed, run the dir command on the HTTP server to check
the web page file that have been uploaded.
<HTTP-Server> dir
Directory of flash:/
Idx
0
1
2
3
4
5
6
7
8
9
...
Attr
-rw-rw-rwdrw-rw-rwdrw-rwdrwdrw-
Size(Byte)
524,558
1,302
951
421
1,308,478
4
-
Date
Apr 14
Apr 14
Apr 14
Apr 09
Apr 09
Apr 14
Apr 10
Apr 14
Apr 11
Apr 13
2011
2011
2011
2011
2011
2011
2011
2011
2011
2011
Time
16:24:39
19:22:30
19:22:35
19:46:14
19:46:14
19:22:45
01:35:54
04:56:35
16:18:53
11:37:40
FileName
private-data.txt
back_time_a
back_time_b
src
vrpcfg.zip
webtest.7z
logfile
snmpnotilog.txt
security
lam
65,233 KB total (7,289 KB free)
Step 2 Load the web page file.
<HTTP-Server> system-view
[HTTP-Server] http server load webtest.7z
Step 3 Enable the HTTPS/HTTP service and configure an HTTP user.
# Enable the HTTPS and HTTP services.
[HTTP-Server] http secure-server enable
[HTTP-Server] http server enable
# Configure an HTTP user.
[HTTP-Server] aaa
[HTTP-Server-aaa]
[HTTP-Server-aaa]
[HTTP-Server-aaa]
[HTTP-Server-aaa]
local-user admin password cipher huawei
local-user admin privilege level 15
local-user admin service-type http
quit
Step 4 Log in to the web system.
Open the web browser on the PC, enter http://192.168.0.1 in the address box, and press
Enter. The Login dialog box is displayed, as shown in Figure 1-16.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
23
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Figure 1-16 Login page
Enter the correct HTTP user name, password, and verification code, and click Login or press
Enter. The home page of the web system is displayed.
Step 5 Verify the configuration.
# Run the display http server command on the HTTP server to check the HTTP server status.
[HTTP-Server] display http server
HTTP Server Status
HTTP Server Port
HTTP Timeout Interval
Current Online Users
Maximum Users Allowed
HTTP Secure-server Status
HTTP Secure-server Port
HTTP SSL Policy
:
:
:
:
:
:
:
:
enabled
80(80)
20
1
5
enabled
443(443)
Default
----End
Configuration Files of the HTTP Server
#
sysname HTTP-Server
#
FTP server enable
#
http server load webtest.7z
#
aaa
local-user admin password cipher %@%@#N&)XdgB87~RcnU9upv6,.d;,uXe*#IeE-ywBaSmj:
\@.d>,%@%@
local-user admin privilege level 15
local-user admin service-type http
local-user huawei password cipher %@%@d!<oHRKqQUj}R[>jpxNT\E)>%@%@
local-user huawei privilege level 15
local-user huawei ftp-directory flash:
local-user huawei service-type ftp
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
24
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
1.3.5 Example for Logging In to the Device Through the Safe Web
System
Networking Requirements
HTTP enables the device supporting the web system to function as a web server. You can log
in to this device using HTTP and manage the device on web pages. HTTP cannot authenticate
web servers or encrypt data, so it cannot protect data privacy or security. HTTPS is used on
devices to provide encrypted communication and secure identification of web servers.
As shown in Figure 1-17, an SSL policy is configured on the device that works as an HTTP
server. After the digital certificate is loaded and the HTTPS service is enabled on the device,
you can log in to the device through HTTPS and manage the device on web pages.(Use the
certificate form the CA and manually configure an SSL policy.)
Figure 1-17 Networking diagram of logging in to the device through HTTPS
192.168.0.1/24
Network
PC
HTTPS Server
Configuration Roadmap
The configuration roadmap is as follows:
1.
Upload the digital certificate and web page file saved in the PC to the device that works as
the HTTPS server.
2.
Copy the digital certificate from the root directory on the HTTPS server to the security
subdirectory, configure the SSL policy, and load the digital certificate.
3.
Load the web page file.
4.
Enable the HTTPS service and configure an HTTP user.
5.
Log in to the web system.
Procedure
Step 1 Upload the digital certificate and web page file.
# Enable the FTP service.
<HUAWEI> system-view
[HUAWEI] sysname HTTPS-Server
[HTTPS-Server] ftp server enable
# Configure the FTP user verification information, and authentication mode and directory.
[HTTPS-Server] aaa
[HTTPS-Server-aaa]
[HTTPS-Server-aaa]
[HTTPS-Server-aaa]
[HTTPS-Server-aaa]
Issue 04 (2013-11-06)
local-user
local-user
local-user
local-user
huawei
huawei
huawei
huawei
password cipher hello@123
service-type ftp
privilege level 15
ftp-directory flash:
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
25
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
[HTTPS-Server-aaa] quit
[HTTPS-Server] quit
# Open the command line window on the PC, run the ftp 192.168.0.1 command to set up an FTP
connection with the device, and then run the put command to upload the digital certificate and
web page file to the device.
You can run the dir command on the HTTP server to check the digital certificate and web page
file that have been uploaded.
<HTTPS-Server> dir
Directory of flash:/
Idx
0
1
2
3
4
5
6
7
8
9
...
Attr
-rw-rw-rwdrw-rw-rwdrw-rwdrwdrw-
Size(Byte)
524,558
1,302
951
421
1,308,478
4
-
Date
Apr 14
Apr 14
Apr 14
Apr 09
Apr 09
Apr 14
Apr 10
Apr 14
Apr 11
Apr 13
2011
2011
2011
2011
2011
2011
2011
2011
2011
2011
Time
16:24:39
19:22:30
19:22:35
19:46:14
19:46:14
19:22:45
01:35:54
04:56:35
16:18:53
11:37:40
FileName
private-data.txt
1_servercert_pem_rsa.pem
1_serverkey_pem_rsa.pem
src
vrpcfg.zip
web001.7z
logfile
snmpnotilog.txt
security
lam
65,233 KB total (7,289 KB free)
Step 2 Configure the SSL policy and load the digital certificate.
# Create the security subdirectory and copy the certificates from the CA to the subdirectory.
<HTTPS-Server> mkdir security/
<HTTPS-Server> copy 1_servercert_pem_rsa.pem security/
<HTTPS-Server> copy 1_serverkey_pem_rsa.pem security/
You can run the dir command in the security subdirectory to check the digital certificate.
<HTTPS-Server> cd security/
<HTTPS-Server> dir
Directory of flash:/security/
Idx
0
1
Attr
-rw-rw-
Size(Byte)
1,302
951
Date
Time
Apr 13 2011 14:29:31
Apr 13 2011 14:29:49
FileName
1_servercert_pem_rsa.pem
1_serverkey_pem_rsa.pem
65,233 KB total (7,287 KB free)
# Create the SSL policy and load the digital certificate in the PEM format.
<HTTPS-Server> system-view
[HTTPS-Server] ssl policy http_server
[HTTPS-Server-ssl-policy-http_server] certificate load pem-cert
1_servercert_pem_rsa.pem key-pair rsa key-file 1_serverkey_pem_rsa.pem auth-code
cipher 123456
[HTTPS-Server-ssl-policy-http_server] quit
You can run the display ssl policy command on the HTTPS server to check the details about
the digital certificate that has been loaded.
[HTTPS-Server] display ssl policy
SSL Policy Name: http_server
Policy Applicants:
Key-pair Type: RSA
Certificate File Type: PEM
Certificate Type: certificate
Certificate Filename: 1_servercert_pem_rsa.pem
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
26
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Key-file Filename: 1_serverkey_pem_rsa.pem
Auth-code: 123456
MAC:
CRL File:
Trusted-CA File:
Step 3 Load the web page file.
[HTTPS-Server] http server load web001.7z
Step 4 Enable the HTTPS service and configure an HTTP user.
# Enable the HTTPS service.
[HTTPS-Server] http secure-server ssl-policy http_server
[HTTPS-Server] http secure-server enable
# Configure an HTTP user.
[HTTPS-Server] aaa
[HTTPS-Server-aaa]
[HTTPS-Server-aaa]
[HTTPS-Server-aaa]
[HTTPS-Server-aaa]
local-user admin password cipher huawei
local-user admin privilege level 15
local-user admin service-type http
quit
Step 5 Log in to the web system.
Open the web browser on the PC, enter https://192.168.0.1 in the address box, and press
Enter. The Login dialog box is displayed, as shown in Figure 1-18.
Figure 1-18 Login page
Enter the correct HTTP user name, password, and verification code, and click Login or press
Enter. The home page of the web system is displayed.
Step 6 Verify the configuration.
# Run the display http server command on the HTTPS server to check the SSL policy name
and HTTPS server status.
[HTTPS-Server] display http server
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
27
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
HTTP Server Status
HTTP Server Port
HTTP Timeout Interval
Current Online Users
Maximum Users Allowed
HTTP Secure-server Status
HTTP Secure-server Port
HTTP SSL Policy
1 Basic Configuration
:
:
:
:
:
:
:
:
disabled
80(80)
20
1
5
enabled
443(443)
http_server
----End
Configuration Files of the HTTPS Server
#
sysname HTTPS-Server
#
FTP server enable
#
http server load web001.7z
http secure-server ssl-policy http_server
#
aaa
local-user admin password cipher %@%@#N&)XdgB87~RcnU9upv6,.d;,uXe*#IeE-ywBaSmj:
\@.d>,%@%@
local-user admin privilege level 15
local-user admin service-type http
local-user huawei password cipher %@%@d!<oHRKqQUj}R[>jpxNT\E)>%@%@
local-user huawei privilege level 15
local-user huawei ftp-directory flash:
local-user huawei service-type ftp
#
ssl policy http_server
certificate load pem-cert 1_servercert_pem_rsa.pem key-pair rsa key-file
1_serverkey_pem_rsa.pem auth-code cipher %@%@"DlqKik*GE*~`u4H+LFJ(K-=%@%@
#
return
1.3.6 Example for Configuring the Device as the Telnet Client to Log
In to Another Device
Networking Requirements
As shown in Figure 1-19, the PC and Switch1 have reachable routes to each other; Switch1 and
Switch2 have reachable routes to each other. The user needs to manage and maintain Switch2
remotely. However, the PC cannot directly log in to Switch2 through Telnet because it has no
reachable route to Switch2. The user can log in to Switch1 through Telnet, and then log in to
Switch2 from Switch1. To prevent unauthorized devices from logging in to Switch2 through
Telnet, an ACL needs to be configured to allow only the Telnet connection from Switch1 to
Switch2.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
28
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Figure 1-19 Networking diagram of configuring the device as the Telnet client to log in to
another device
Session
Session
1.1.1.1/24
Network
PC
2.1.1.1/24
Network
Switch1
Switch2
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the Telnet authentication mode and password on Switch2.
2.
Configure the Switch2 to allow Switch1 access with ACL.
3.
Log in to Switch2 from Switch1 through Telnet.
Procedure
Step 1 Configure the Telnet authentication mode and password on Switch2.
<HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2] user-interface vty 0 4
[Switch2-ui-vty0-4] user privilege level 15
[Switch2-ui-vty0-4] authentication-mode password
[Switch2-ui-vty0-4] set authentication password cipher huawei2012
[Switch2-ui-vty0-4] quit
Step 2 Configure the Switch2 to allow Switch1 access with ACL.
[Switch2] acl 2000
[Switch2-acl-basic-2000] rule permit source 1.1.1.1 0
[Switch2-acl-basic-2000] quit
[Switch2] user-interface vty 0 4
[Switch2-ui-vty0-4] acl 2000 inbound
[Switch2-ui-vty0-4] quit
NOTE
It is optional to configure an ACL for Telnet services.
Step 3 Verify the configuration.
# After the preceding configuration, you can log in to Switch2 from Switch1 through Telnet.
You cannot log in to Switch2 from other devices.
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] quit
<Switch1> telnet 2.1.1.1
Trying 2.1.1.1 ...
Press CTRL+K to abort
Connected to 2.1.1.1 ...
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
29
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Login authentication
Password:
Info: The max number of VTY users is 8, and the number
of current VTY users on line is 2.
The current login time is 2012-10-05 02:46:05-05:13.
<Switch2>
----End
Configuration Files
Switch2 configuration file
#
sysname Switch2
#
acl number 2000
rule 5 permit source 1.1.1.1 0
#
user-interface vty 0 4
acl 2000 inbound
authentication-mode password
user privilege level 15
set authentication password cipher %@%@#N&)XdgB87~RcnU9upv6,.d;,uXe*#IeE-ywBaSmj:
\@.d>,%@%@
#
return
1.3.7 Example for Configuring the Device as the STelnet Client to
Log In to Another Device
Networking Requirements
The enterprise requires that secure data exchange should be performed between the server and
client. As shown in Figure 1-20, two login users client001 and client002 are configured and
they use the password and RSA authentication modes respectively to log in to the SSH server.
A new port number is configured and the default port number is not used.
Figure 1-20 Networking diagram of logging in to another device through STelnet
SSH Server
10.1.1.1/16
10.1.2.2/16
10.1.3.3/16
Client001 Client002
Configuration Roadmap
The configuration roadmap is as follows:
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
30
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
1.
Generate a local key pair on the SSH server to implement secure data exchange between
the server and client.
2.
Configure different authentication modes for the SSH users client001 and client002 on the
SSH server.
3.
Enable the STelnet service on the SSH server.
4.
Configure the STelnet server type for the SSH users client001 and client002 on the SSH
server.
5.
Set the SSH server listening port number on the SSH server to prevent attackers from
accessing the SSH service standard port and ensure security.
6.
Log in to the SSH server as the client001 and client002 users through STelnet.
Procedure
Step 1 Generate a local key pair on the server.
<HUAWEI> system-view
[HUAWEI] sysname SSH Server
[SSH Server] rsa local-key-pair create
The key name will be: SSH Server_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 2048]:1024
Generating keys...
......................++++++++
........................................................++++++++
........+++++++++
.....+++++++++
Step 2 Create an SSH user on the server.
# Configure the VTY user interface.
[SSH
[SSH
[SSH
[SSH
[SSH
Server] user-interface vty 0 4
Server-ui-vty0-4] authentication-mode aaa
Server-ui-vty0-4] protocol inbound all
Server-ui-vty0-4] user privilege level 5
Server-ui-vty0-4] quit
l Create an SSH user named client001.
# Create an SSH user named client001 and configure the password authentication mode for
the user.
[SSH
[SSH
[SSH
[SSH
[SSH
[SSH
[SSH
Server] aaa
Server-aaa]
Server-aaa]
Server-aaa]
Server-aaa]
Server] ssh
Server] ssh
local-user client001 password cipher Huawei@123
local-user client001 privilege level 3
local-user client001 service-type ssh
quit
user client001
user client001 authentication-type password
l Create an SSH user named client002.
# Create an SSH user named client002 and configure the RSA authentication mode for the
user.
[SSH Server] ssh user client002
[SSH Server] ssh user client002 authentication-type rsa
# Generate a local key pair for Client002.
<HUAWEI> system-view
[HUAWEI] sysname client002
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
31
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
[client002] rsa local-key-pair create
The key name will be: client002_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 2048]:1024
Generating keys...
......................++++++++
........................................................++++++++
........+++++++++
.....+++++++++
# Check the public key in the RSA key pair generated on the client.
[client002] display rsa local-key-pair public
=====================================================
Time of Key pair created: 2012-05-03 17:07:29+00:00
Key name: client002_Host
Key type: RSA encryption Key
=====================================================
Key code:
308188
028180
B21315DD 859AD7E4 A6D0D9B8 121F23F0 006BB1BB
A443130F 7CDB95D8 4A4AE2F3 D94A73D7 36FDFD5F
411B8B73 3CDD494A 236F35AB 9BBFE19A 7336150B
40A35DE6 2C6A82D7 5C5F2C36 67FBC275 2DF7E4C5
1987178B 8C364D57 DD0AA24A A0C2F87F 474C7931
A9F7E8FE E0D5A1B5 092F7112 660BD153 7FB7D5B2
171896FB 1FFC38CD
0203
010001
Host public key for PEM format code:
---- BEGIN SSH2 PUBLIC KEY ---AAAAB3NzaC1yc2EAAAADAQABAAAAQQDOA7vPdHr+mR9lCZXI8loF3ws7eewGCPcB
r2tt9HlGdXKY5waGdDwgJMtvI+5B7/9bZb+tADLHiubqAVLwDpf5
---- END SSH2 PUBLIC KEY ---Public key code for pasting into OpenSSH authorized_keys file :
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAQQDOA7vPdHr
+mR9lCZXI8loF3ws7eewGCPcBr2tt9HlG
dXKY5waGdDwgJMtvI+5B7/9bZb+tADLHiubqAVLwDpf5 rsa-key
=====================================================
Time of Key pair created: 2012-05-03 17:07:45+00:00
Key name: client002_Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
0260
D1792921 5DFF9F87 EB606267 227BD303 379EF5F9
E987B7BC A408A692 14E71149 FC32F8FB A790684E
0441DFB0 1C3125D8 4E097F47 76E57B18 65CF46FC
914DBF53 43F5AAA3 BAB1A6D9 5C0EBA4F 16DC4A36
D54EE51E C91E08E4 93127550 874EA1BB
0203
010001
# Configure the RSA public key on the SSH server. (Information in bold in the display
command output is the RSA public key. Copy the information to the server.)
[SSH Server] rsa peer-public-key rsakey001
Enter "RSA public key" view, return system view with "peer-public-key end".
[SSH Server-rsa-public-key] public-key-code begin
Enter "RSA key code" view, return last view with "public-key-code end".
[SSH Server-rsa-key-code] 308188
[SSH Server-rsa-key-code] 028180
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
32
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
[SSH
[SSH
[SSH
[SSH
[SSH
[SSH
[SSH
[SSH
[SSH
[SSH
[SSH
Server-rsa-key-code] B21315DD 859AD7E4 A6D0D9B8
Server-rsa-key-code] A443130F 7CDB95D8 4A4AE2F3
Server-rsa-key-code] 411B8B73 3CDD494A 236F35AB
Server-rsa-key-code] 40A35DE6 2C6A82D7 5C5F2C36
Server-rsa-key-code] 1987178B 8C364D57 DD0AA24A
Server-rsa-key-code] A9F7E8FE E0D5A1B5 092F7112
Server-rsa-key-code] 171896FB 1FFC38CD
Server-rsa-key-code] 0203
Server-rsa-key-code] 010001
Server-rsa-key-code] public-key-code end
Server-rsa-public-key] peer-public-key end
1 Basic Configuration
121F23F0
D94A73D7
9BBFE19A
67FBC275
A0C2F87F
660BD153
006BB1BB
36FDFD5F
7336150B
2DF7E4C5
474C7931
7FB7D5B2
# Bind the RSA public key of the STelnet client to the SSH user client002 on the SSH server.
[SSH Server] ssh user client002 assign rsa-key rsakey001
Step 3 Enable the STelnet service on the SSH server.
# Enable the STelnet service.
[SSH Server] stelnet server enable
Step 4 Configure the STelnet service type for the client001 and client002 users.
[SSH Server] ssh user client001 service-type stelnet
[SSH Server] ssh user client002 service-type stelnet
Step 5 Configure a new listening port number on the SSH server.
[SSH Server] ssh server port 1025
Step 6 Connect the STelnet client to the SSH server.
# Enable the first authentication function on the SSH client upon the first login.
Enable the first authentication function for Client001.
<HUAWEI> system-view
[HUAWEI] sysname client001
[client001] ssh client first-time enable
Enable the first authentication function for Client002.
[client002] ssh client first-time enable
# Log in to the SSH server from Client001 in password authentication mode by entering the user
name and password.
[client001] stelnet 10.1.1.1 1025
Please input the username:client001
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
The server is not authenticated. Continue to access it?[Y/N]:y
Save the server's public key?[Y/N]:y
The server's public key will be saved with the name 10.1.1.1. Please wait...
Enter password:
Enter the password. The following information indicates that you have logged in successfully:
Info: The max number of VTY users is 8, and the number
of current VTY users on line is 2.
The current login time is 2012-08-16 10:33:18+00:00.
<SSH Server>
# Log in to the SSH server from Client002 in RSA authentication mode.
[client002] stelnet 10.1.1.1 1025
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
33
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Please input the username: client002
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
The server is not authenticated. Continue to access it?[Y/N]:y
Save the server's public key?[Y/N]:y
The server's public key will be saved with the name 10.1.1.1. Please wait...
Info: The max number of VTY users is 8, and the number
of current VTY users on line is 3.
The current login time is 2012-08-16 11:48:42+00:00.
<SSH Server>
If the user view is displayed, you have logged in successfully. If the message "Session is
disconnected" is displayed, the login fails.
Step 7 Verify the configuration.
Attackers fail to log in to the SSH server using the default listening port number 22.
[client002] stelnet 10.1.1.1
Please input the username:client002
Trying 10.1.1.1 ...
Press CTRL+K to abort
Error: Failed to connect to the remote host.
Run the display ssh server status and display ssh server session commands. You can see that
the STelnet service has been enabled and the STelnet clients have logged in to the server
successfully.
# Check the status of the SSH server.
[SSH Server] display ssh server status
SSH version
:1.99
SSH connection timeout
:60 seconds
SSH server key generating interval :0 hours
SSH authentication retries
:3 times
SFTP server
:Disable
Stelnet server
:Enable
Scp server
:Disable
SSH server port
:1025
SSH server source
:0.0.0.0
# Check the SSH server connections.
[SSH Server] display ssh server session
Session 1:
Conn
: VTY 3
Version
: 2.0
State
: started
Username
: client001
Retry
: 1
CTOS Cipher
: aes128-cbc
STOC Cipher
: aes128-cbc
CTOS Hmac
: hmac-sha1-96
STOC Hmac
: hmac-sha1-96
CTOS Compress
: none
STOC Compress
: none
Kex
: diffie-hellman-group1-sha1
Public Key
: rsa
Service Type
: stelnet
Authentication Type : password
Session 2:
Conn
: VTY 4
Version
: 2.0
State
: started
Username
: client002
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
34
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Retry
CTOS Cipher
STOC Cipher
CTOS Hmac
STOC Hmac
CTOS Compress
STOC Compress
Kex
Public Key
Service Type
Authentication Type
1 Basic Configuration
:
:
:
:
:
:
:
:
:
:
:
1
aes128-cbc
aes128-cbc
hmac-sha1-96
hmac-sha1-96
none
none
diffie-hellman-group1-sha1
rsa
stelnet
rsa
# Check information about SSH users.
[SSH Server] display ssh user-information
User 1:
User Name
: client001
Authentication-type : password
User-public-key-name : User-public-key-type : Sftp-directory
: Service-type
: stelnet
Authorization-cmd
: No
User 2:
User Name
: client002
Authentication-type : rsa
User-public-key-name : rsakey001
User-public-key-type : rsa
Sftp-directory
: Service-type
: stelnet
Authorization-cmd
: No
----End
Configuration Files
l
SSH server configuration file
#
sysname SSH Server
#
rsa peer-public-key rsakey001
public-key-code begin
308188
028180
B21315DD 859AD7E4 A6D0D9B8 121F23F0 006BB1BB A443130F 7CDB95D8 4A4AE2F3
D94A73D7 36FDFD5F 411B8B73 3CDD494A 236F35AB 9BBFE19A 7336150B 40A35DE6
2C6A82D7 5C5F2C36 67FBC275 2DF7E4C5 1987178B 8C364D57 DD0AA24A A0C2F87F
474C7931 A9F7E8FE E0D5A1B5 092F7112 660BD153 7FB7D5B2 171896FB 1FFC38CD
0203
010001
public-key-code end
peer-public-key end
#
aaa
local-user client001 password cipher %@%@#N&)XdgB87~RcnU9upv6,.d;,uXe*#IeEywBaSmj:\@.d>,%@%@
local-user client001 privilege level 3
local-user client001 service-type ssh
#
stelnet server enable
ssh server port 1025
ssh user client001
ssh user client001 authentication-type password
ssh user client001 service-type stelnet
ssh user client002
ssh user client002 authentication-type rsa
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
35
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
ssh user client002 assign rsa-key rsakey001
ssh user client002 service-type stelnet
#
user-interface vty 0 4
authentication-mode aaa
user privilege level 5
protocol inbound ssh
#
return
l
Client001 configuration file
#
sysname client001
#
ssh client first-time enable
#
return
l
Client002 configuration file
#
sysname client002
#
ssh client first-time enable
#
return
1.3.8 Example for Configuring the Public SSH Client to Log In to
the Private SSH Server
Networking Requirements
The VPN multi-instance function enables an SSH client on the public network to log in to the
device that works as the SSH server on the private network. An IP address can be duplicate in
different VPN instances. Before logging in to a certain device, you must specify a VPN instance
for the device.
As shown in Figure 1-21, the PE3 user on the public network can perform secure login to CE1
and CE2 that enable the SSH service in the VPN. The PE3 user creates two VPN instance VPN1
and VPN2, and the VPN instances on the public and private networks are connected.
Figure 1-21 Networking diagram of configuring the public SSH client to log in to the private
SSH server
VPN 1
Site
CE3
SSH Server2
10.1.2.2/24
VPN 2
CE2
Site
MPLS backbone
P
P
PE2
PE3
SSH Client
10.1.3.3/24
PE1
VPN 2
Site
Issue 04 (2013-11-06)
CE4
P
P
CE1
SSH Server1
10.1.1.1/24
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
VPN 1
Site
36
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
Generate a local key pair on SSH Server1. Create an SSH user user1 and configure the
password authentication mode for the user to implement secure data exchange on the server
and client.
2.
Enable the STelnet service on SSH Server1.
3.
Configure the STelnet service type for the SSH user on SSH Server1.
4.
Generate a local key pair on SSH Server2. Create an SSH user user2 and configure the
RSA authentication mode for the user to implement secure data exchange on the server and
client.
5.
Enable the STelnet service on SSH Server2.
6.
Configure the STelnet service type for the SSH user on SSH Server2.
7.
Enable the first authentication function on SSH Client to ensure that the first-time
connection is successful.
8.
Log in to the SSH server on the private network through STelnet from SSH Client on the
public network.
Procedure
Step 1 Generate a key pair on SSH Server1. Create an SSH user user1 and configure the password
authentication mode for the user.
<HUAWEI> system-view
[HUAWEI] sysname SSH Server1
[SSH Server1] rsa local-key-pair create
The key name will be: SSH Server1_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 512]:1024
Generating keys...
......................++++++++
........................................................++++++++
........+++++++++
.....+++++++++
[SSH Server1] user-interface vty 0 4
[SSH Server1-ui-vty0-4] authentication-mode aaa
[SSH Server1-ui-vty0-4] protocol inbound ssh
[SSH Server1-ui-vty0-4] user privilege level 5
[SSH Server1-ui-vty0-4] quit
[SSH Server1] ssh user user1
[SSH Server1] ssh user user1 authentication-type password
[SSH Server1] aaa
[SSH Server1-aaa] local-user user1 password cipher huawei@123
[SSH Server1-aaa] local-user user1 privilege level 3
[SSH Server1-aaa] local-user user1 service-type ssh
[SSH Server1-aaa] quit
Step 2 Enable the STelnet service on SSH Server1.
[SSH Server1] stelnet server enable
Step 3 Configure the STelnet service type for the SSH user on SSH Server1.
[SSH Server1] ssh user user1 service-type stelnet
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
37
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Step 4 Generate a key pair on SSH Server2. Create an SSH user user2 and configure the RSA
authentication mode for the user.
<HUAWEI> system-view
[HUAWEI] sysname SSH Server2
[SSH Server2] rsa local-key-pair create
The key name will be: SSH Server2_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 512]:1024
Generating keys...
......................++++++++
........................................................++++++++
........+++++++++
.....+++++++++
[SSH Server2] user-interface vty 0 4
[SSH Server2-ui-vty0-4] authentication-mode aaa
[SSH Server2-ui-vty0-4] protocol inbound ssh
[SSH Server2-ui-vty0-4] user privilege level 5
[SSH Server2-ui-vty0-4] quit
[SSH Server2] ssh user user2 authentication-type rsa
# Generate a local key pair for the STelnet client.
<HUAWEI> system-view
[HUAWEI] sysname client
[client] rsa local-key-pair create
The key name will be: client_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 512]:1024
Generating keys...
......................++++++++
........................................................++++++++
........+++++++++
.....+++++++++
# Check the public key in the RSA key pair generated on the STelnet client.
[client] display rsa local-key-pair public
=====================================================
Time of Key pair created: 17:53:29
2012/8/7
Key name:
client002_Host
Key type: RSA encryption
Key
=====================================================
Key
code:
308188
028180
B21315DD
A443130F
411B8B73
40A35DE6
1987178B
A9F7E8FE
171896FB
0203
Issue 04 (2013-11-06)
859AD7E4
7CDB95D8
3CDD494A
2C6A82D7
8C364D57
E0D5A1B5
1FFC38CD
A6D0D9B8
4A4AE2F3
236F35AB
5C5F2C36
DD0AA24A
092F7112
121F23F0
D94A73D7
9BBFE19A
67FBC275
A0C2F87F
660BD153
006BB1BB
36FDFD5F
7336150B
2DF7E4C5
474C7931
7FB7D5B2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
38
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
010001
Host public key for PEM format
code:
---- BEGIN SSH2 PUBLIC KEY
---AAAAB3NzaC1yc2EAAAADAQABAAAAQQDOA7vPdHr
+mR9lCZXI8loF3ws7eewGCPcB
r2tt9HlGdXKY5waGdDwgJMtvI+5B7/9bZb
+tADLHiubqAVLwDpf5
---- END SSH2 PUBLIC KEY
----
Public key code for pasting into OpenSSH authorized_keys
file :
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAQQDOA7vPdHr+mR9lCZXI8loF3ws7eewGCPcBr2tt9HlG
dXKY5waGdDwgJMtvI+5B7/9bZb+tADLHiubqAVLwDpf5 rsa-key
=====================================================
Time of Key pair created: 17:53:36
2012/8/7
Key name:
client002_Server
Key type: RSA encryption
Key
=====================================================
Key
code:
3067
0260
D1792921
379EF5F9
E987B7BC
A790684E
0441DFB0
65CF46FC
914DBF53
16DC4A36
D54EE51E
874EA1BB
5DFF9F87 EB606267 227BD303
A408A692 14E71149 FC32F8FB
1C3125D8 4E097F47 76E57B18
43F5AAA3 BAB1A6D9 5C0EBA4F
C91E08E4 93127550
0203
010001
# Configure the RSA public key generated on the STelnet client to SSH Server2.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
39
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
[SSH Server2] rsa peer-public-key rsakey001
Enter "RSA public key" view, return system view with "peer-public-key end".
[SSH Server2-rsa-public-key] public-key-code begin
Enter "RSA key code" view, return last view with "public-key-code end".
[SSH Server2-rsa-key-code] 308188
[SSH Server2-rsa-key-code] 028180
[SSH Server2-rsa-key-code] B21315DD 859AD7E4 A6D0D9B8 121F23F0 006BB1BB
[SSH Server2-rsa-key-code] A443130F 7CDB95D8 4A4AE2F3 D94A73D7 36FDFD5F
[SSH Server2-rsa-key-code] 411B8B73 3CDD494A 236F35AB 9BBFE19A 7336150B
[SSH Server2-rsa-key-code] 40A35DE6 2C6A82D7 5C5F2C36 67FBC275 2DF7E4C5
[SSH Server2-rsa-key-code] 1987178B 8C364D57 DD0AA24A A0C2F87F 474C7931
[SSH Server2-rsa-key-code] A9F7E8FE E0D5A1B5 092F7112 660BD153 7FB7D5B2
[SSH Server2-rsa-key-code] 171896FB 1FFC38CD
[SSH Server2-rsa-key-code] 0203
[SSH Server2-rsa-key-code] 010001
[SSH Server2-rsa-key-code] public-key-code end
[SSH Server2-rsa-public-key] peer-public-key end
# Bind the RSA public key of the STelnet client to the SSH user user2 on SSH Server2.
[SSH Server2] ssh user user2 assign rsa-key rsakey001
Step 5 Enable the STelnet service on SSH Server2.
[SSH Server2] stelnet server enable
Step 6 Configure the STelnet service type for the SSH user on SSH Server2.
[SSH Server2] ssh user user2 service-type stelnet
Step 7 Enable the first authentication function on SSH Client.
[client] ssh client first-time enable
Step 8 Log in to the SSH server on the private network through STelnet from SSH Client on the public
network.
# Use the password authentication mode to connect the STelnet client to SSH Server1 in VPN1.
[client] stelnet 10.1.1.1 -vpn-instance vpn1
Please input the username:user1
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
The server is not authenticated. Continue to access it?(Y/N):y
Save the server's public key?(Y/N):y
The server's public key will be saved with the name 10.1.1.1. Please wait...
Enter password:
Enter the password. The following information indicates that you have logged in successfully:
Info: The max number of VTY users is 20, and the
number
of current VTY users on line is
8.
The current login time is 2012-08-06 18:33:18.
<SSH Server1>
# Use the RSA authentication mode to connect the STelnet client to SSH Server2 in VPN2.
[client] stelnet 10.1.2.2 -vpn-instance vpn2
Please input the username: user2
Trying 10.1.1.2 ...
Press CTRL+K to abort
Connected to 10.1.1.2 ...
The server is not authenticated. Continue to access it?(Y/N):y
Save the server's public key?(Y/N):y
The server's public key will be saved with the name 10.1.1.2. Please wait...
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
40
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Info: The max number of VTY users is 20, and the
number
of current VTY users on line is
8.
The current login time is 2012-08-06 18:33:18.
<SSH Server2>
Step 9 Verify the configuration.
# Check the SSH Server1 connections.
[SSH Server1] display ssh server session
Session 1:
Conn
: VTY 0
Version
: 2.0
State
: started
Username
: user1
Retry
: 1
CTOS Cipher
: aes128-cbc
STOC Cipher
: aes128-cbc
CTOS Hmac
: hmac-sha1-96
STOC Hmac
: hmac-sha1-96
CTOS Compress
: none
STOC Compress
: none
Kex
: diffie-hellman-group1-sha1
Public Key
: rsa
Service Type
: stelnet
Authentication Type : password
# Check the SSH Server2 connections.
[SSH Server2] display ssh server session
Session 1:
Conn
: VTY 0
Version
: 2.0
State
: started
Username
: user2
Retry
: 1
CTOS Cipher
: aes128-cbc
STOC Cipher
: aes128-cbc
CTOS Hmac
: hmac-sha1-96
STOC Hmac
: hmac-sha1-96
CTOS Compress
: none
STOC Compress
: none
Kex
: diffie-hellman-group1-sha1
Public Key
: rsa
Service Type
: stelnet
Authentication Type : rsa
----End
Configuration Files
l
SSH Server1 configuration file
#
sysname SSH Server1
#
stelnet server enable
ssh user user1
ssh user user1 authentication-type password
ssh user user1 service-type stelnet
#
aaa
local-user user1 password %$%$bn[j7'Fn>3x[kk-R+jx%f*!u%$%$
local-user user1 privilege level 3
local-user user1 service-type ssh
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
41
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
user privilege level 5
#
return
l
SSH Server2 configuration file
#
sysname SSH Server2
#
rsa peer-public-key rsakey001
public-key-code begin
308188
028180
B21315DD 859AD7E4 A6D0D9B8 121F23F0
D94A73D7 36FDFD5F 411B8B73 3CDD494A
2C6A82D7 5C5F2C36 67FBC275 2DF7E4C5
474C7931 A9F7E8FE E0D5A1B5 092F7112
0203
010001
public-key-code end
peer-public-key end
#
stelnet server enable
ssh user user2
ssh user user2 assign rsa-key rsakey001
ssh user user2 authentication-type rsa
ssh user user2 service-type stelnet
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
user privilege level 5
#
return
l
006BB1BB
236F35AB
1987178B
660BD153
A443130F
9BBFE19A
8C364D57
7FB7D5B2
7CDB95D8
7336150B
DD0AA24A
171896FB
4A4AE2F3
40A35DE6
A0C2F87F
1FFC38CD
SSH Client configuration file
#
sysname client
#
ssh client first-time enable
#
return
1.3.9 Example for Configuring RADIUS Authentication for SSH
Users
Networking Requirements
If a RADIUS user connects to the SSH server, the SSH server sends the user name and password
of the SSH client to the RADIUS server (compatible with the TACACS server for SSH
authentication).
The RADIUS server authenticates the user and sends the authentication result (containing the
user level if the authentication is successful) to the SSH server. The SSH server determines
whether to establish a connection with the SSH client according to the authentication result.
As shown in Figure 1-22, the routes between SSH Client and SSH Server and between SSH
Server and Radius Server are reachable.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
42
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Figure 1-22 Networking diagram of configuring RADIUS authentication for SSH users
10.1.1.1/24
10.1.2.2/24 10.1.3.3/24
Network
10.1.4.4/24
Network
Radius Server
SSH Server
SSH Client
Configuration Roadmap
The configuration roadmap is as follows:
1.
Generate a local key pair on the SSH server to implement secure data exchange between
the server and client.
2.
Create an SSH user.
3.
Configure the AAA scheme and RADIUS template to prepare for RADIUS authentication.
4.
Configure a domain to authenticate login users and manage rights.
5.
Log in to the SSH server through STelnet.
Procedure
Step 1 Generate a local key pair on the SSH server.
<HUAWEI> system-view
[HUAWEI] rsa local-key-pair create
The key name will be: HUAWEI_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 2048]:1024
Generating keys...
......................++++++++
........................................................++++++++
........+++++++++
.....+++++++++
Step 2 Create an SSH user.
Create a user named ssh1@ssh.com on the RADIUS server. Specify the NAS IP address to
10.1.2.2 and the key to huawei. The NAS IP address is the IP address of the SSH server connected
to the RADIUS server.
# Configure the VTY user interface on the SSH server.
[HUAWEI] user-interface vty 0 4
[HUAWEI-ui-vty0-4] authentication-mode aaa
[HUAWEI-ui-vty0-4] protocol inbound ssh
[HUAWEI-ui-vty0-4] user privilege level 5
[HUAWEI-ui-vty0-4] quit
# Create an SSH user named ssh1@ssh.com on the SSH server and specify the authentication
mode.
[HUAWEI] ssh user ssh1@ssh.com authentication-type password
[HUAWEI] ssh user ssh1@ssh.com service-type stelnet
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
43
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Step 3 Configure the AAA scheme and RADIUS template.
# Configure an authentication scheme newscheme and the RADIUS authentication mode.
[HUAWEI] aaa
[HUAWEI-aaa] authentication-scheme newscheme
[HUAWEI-aaa-authen-newscheme] authentication-mode radius
[HUAWEI-aaa-authen-newscheme] quit
# Configure a RADIUS server template ssh on the SSH server.
[HUAWEI] radius-server template ssh
# Set the IP address 10.1.4.4 and port 1812 for the RADIUS server.
[HUAWEI-radius-ssh] radius-server authentication 10.1.4.4 1812
# Set the RADIUS server key to huawei.
[HUAWEI-radius-ssh] radius-server shared-key cipher huawei
[HUAWEI-radius-ssh] quit
Step 4 Configure a domain.
# Set the RADIUS domain name to ssh.com and apply the authentication scheme newscheme
and RADIUS server template ssh to the RADIUS domain.
[HUAWEI] aaa
[HUAWEI-aaa] domain ssh.com
[HUAWEI-aaa-domain-ssh.com] authentication-scheme newscheme
[HUAWEI-aaa-domain-ssh.com] radius-server ssh
[HUAWEI-aaa-domain-ssh.com] quit
[HUAWEI-aaa] quit
Step 5 Connect the SSH client and the SSH server.
# Enable the STelnet service on the SSH server.
[HUAWEI] stelnet server enable
# Enable the first authentication function on the SSH client upon the first login.
<HUAWEI> system-view
[HUAWEI] sysname client
[client] ssh client first-time enable
# Log in to the SSH server from the STelnet client in RADIUS authentication mode.
[client] stelnet 10.1.2.2
Please input the username:ssh1@ssh.com
Trying 10.1.2.2 ...
Press CTRL+K to abort
Connected to 10.1.2.2 ...
The server is not authenticated. Continue to access it?(Y/N):y
Save the server's public key?(Y/N):y
The server's public key will be saved with the name 10.1.2.2. Please wait...
Enter password:
Enter the password. The following information indicates that you have logged in successfully:
Info: The max number of VTY users is 20, and the
number
of current VTY users on line is
8.
The current login time is 2012-08-06 18:33:18.
<HUAWEI>
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
44
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Step 6 Verify the configuration.
Run the display radius-server configuration and display ssh server session commands on the
SSH server to check the RADIUS server configuration. The command output shows that the
SSH client has successfully connected to the SSH server.
# Check the RADIUS server configuration.
<HUAWEI> display radius-server configuration
-----------------------------------------------------------------------------Server-template-name
: ssh
Protocol-version
: standard
Traffic-unit
: B
Shared-secret-key
: %$%$]*6iWr7EVM|uc:"B/A=FF}tk%$%
$
Timeout-interval(in second)
: 5
Primary-authentication-server
: 10.1.4.4
:
1812
:LoopBack:NULL
Source-IP:0.0.0.0
Primary-accounting-server
: 0.0.0.0
:0
:LoopBack:NULL
Source-IP:0.0.0.0
Secondary-authentication-server : 0.0.0.0
:0
:LoopBack:NULL
Source-IP:0.0.0.0
Secondary-accounting-server
: 0.0.0.0
:0
:LoopBack:NULL
Source-IP:0.0.0.0
Retransmission
: 3
EndPacketSendTime
: 0
Dead time(in minute)
: 5
Domain-included
: YES
NAS-IP-Address
: 10.1.2.2
NAS-IPv6-Address
: ::
Calling-station-id MAC-format
: xxxx-xxxx-xxxx
-----------------------------------------------------------------------------Total of radius template :1
# Check the SSH server connections.
[HUAWEI] display ssh server
Session 1:
Conn
Version
State
Username
Retry
CTOS Cipher
STOC Cipher
CTOS Hmac
STOC Hmac
CTOS Compress
STOC Compress
Kex
Public Key
Service Type
Authentication Type
session
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
VTY 0
2.0
started
ssh1@ssh.com
1
aes128-cbc
aes128-cbc
hmac-sha1-96
hmac-sha1-96
none
none
diffie-hellman-group1-sha1
rsa
stelnet
password
----End
Configuration Files
SSH server configuration file
#
radius-server template ssh
radius-server shared-key cipher %$%$]*6iWr7EVM|uc:"B/A=FF}tk%$%$
radius-server authentication 10.1.4.4 1812
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
45
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
#
aaa
authentication-scheme newscheme
authentication-mode radius
domain ssh.com
authentication-scheme newscheme
radius-server ssh
#
stelnet server enable
ssh user ssh1@ssh.com authentication-type password
ssh user ssh1@ssh.com service-type stelnet
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
user privilege level 5
#
return
1.4 File Management
All files on the device are stored in storage devices and can be managed in multiple modes. The
current device can function as a client to access files on other devices.
1.4.1 Example of Logging In to the Device to Manage Files
Configuration Requirements
After logging in to the device through the console interface, Telnet, or STelnet, perform the
following operations:
l
View files and subdirectories in the current directory.
l
Create the test directory, copy the vrpcfg.zip file to test, and rename vrpcfg.zip as
backup.zip.
l
View files in the test directory.
Procedure
Step 1 View files and subdirectories in the current directory.
<HUAWEI> dir
Directory of flash:/
Idx
0
1
2
3
4
5
...
65,233
Attr
-rw-rw-rw-rwdrw-rw-
Size(Byte)
889
6,311
2,393
812
540
Date
Mar 01
Feb 17
Mar 06
Dec 12
Mar 01
Dec 12
2012
2012
2012
2011
2012
2011
Time
14:41:56
14:05:04
17:20:10
15:43:10
14:41:46
15:43:12
FileName
private-data.txt
backup.cfg
vrpcfg.zip
hostkey
compatible
serverkey
KB total (7,289 KB free)
Step 2 Create the test directory, copy the vrpcfg.zip file to test, and rename vrpcfg.zip as
backup.zip.
# Create the test directory.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
46
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
<HUAWEI> mkdir test
Info: Create directory flash:/test......Done.
# Copy the vrpcfg.zip file to test and rename vrpcfg.zip as backup.zip.
<HUAWEI> copy vrpcfg.zip flash:/test/backup.zip
Copy flash:/vrpcfg.zip to flash:/test/backup.zip?[Y/N]:y
100% complete.
Info: Copied file flash:/vrpcfg.zip to flash:/test/backup.zip...Done.
NOTE
If no destination file name is specified, the destination file is set to the source file name by default.
Step 3 View files in the test directory.
# Access the test directory.
<HUAWEI> cd test
# View the current working directory.
<HUAWEI> pwd
flash:/test
# View files in the test directory.
<HUAWEI> dir
Directory of flash:/test/
Idx
0
Attr
-rw-
Size(Byte)
2,399
Date
Time
Mar 12 2012 11:16:44
FileName
backup.zip
65,233 KB total (7,285 KB free)
----End
Configuration File
None
1.4.2 Example for Managing Files When the Device Functions as an
FTP Server
Networking Requirements
As shown in Figure 1-23, routes between the PC and the device functioning as an FTP server
are reachable. 10.136.23.5 is the management IP address on the FTP server. To upgrade the
device, you must upload the system software devicesoft.cc to and download the configuration
file vrpcfg.zip from the FTP server.
Figure 1-23 Network for managing files when the device functions as an FTP server
Network
10.136.23.5/24
PC
Issue 04 (2013-11-06)
FTP Server
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
47
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the FTP function and FTP user information including user name, password, user
level, service type, and authorized directory on the FTP server.
2.
Save the vrpcfg.zip file on the FTP server.
3.
Connect to the FTP server on the PC.
4.
Upload devicesoft.cc to and download vrpcfg.zip from the FTP server.
Procedure
Step 1 Configure the FTP function and FTP user information on the FTP server.
<HUAWEI> system-view
[HUAWEI] ftp server enable
[HUAWEI] aaa
[HUAWEI-aaa] local-user admin1234
[HUAWEI-aaa] local-user admin1234
[HUAWEI-aaa] local-user admin1234
[HUAWEI-aaa] local-user admin1234
[HUAWEI-aaa] quit
password cipher Helloworld@6789
privilege level 15
service-type ftp
ftp-directory flash:
Step 2 Save the vrpcfg.zip file on the FTP server.
<HUAWEI> save
Step 3 Connect to the FTP server on the PC as the admin1234 user whose password is
Helloworld@6789.
Assume that the PC runs the Window XP operating system.
C:\Documents and Settings\Administrator> ftp 10.136.23.5
Connected to 10.136.23.5.
220 FTP service ready.
User (10.136.23.5:(none)): admin1234
331 Password required for admin1234.
Password:
230 User logged in.
ftp> binary
200 Type set to I.
ftp>
Step 4 Upload devicesoft.cc to and download vrpcfg.zip from the FTP server.
# Upload the devicesoft.cc file to the FTP server.
ftp> put devicesoft.cc
200 Port command okay.
150 Opening BINARY mode data connection for devicesoft.cc
226 Transfer complete.
ftp: 23876556 bytes sent in 25.35Seconds 560.79Kbytes/sec.
# Download the vrpcfg.zip file.
ftp> get vrpcfg.zip
200 Port command okay.
150 Opening BINARY mode data connection for vrpcfg.zip.
226 Transfer complete.
ftp: 1257 bytes received in 0.03Seconds 40.55Kbytes/sec.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
48
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
NOTE
The devicesoft.cc file to upload and the vrpcfg.zip file to download are stored in the local directory on the
FTP client. Before uploading and downloading files, obtain the local directory on the client. The default
FTP user's local directory on the Windows XP operating system is C:\Documents and Settings
\Administrator.
Step 5 Verify the configuration.
# Run the dir command on the FTP server to check the devicesoft.cc file.
<HUAWEI> dir
Directory of flash:/
Idx
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
...
65,233
Attr
-rwdrw-rw-rw-rw-rw-rwdrwdrwdrw-rw-rw-rw-rwdrw-
Size(Byte)
14
4
11,238
1,257
14
23,876,556
19,174
23,496
588
320
-
Date
Mar 13
Mar 11
Nov 17
Mar 12
Mar 12
Mar 13
Mar 13
Oct 31
Feb 21
Feb 09
Feb 20
Dec 15
Nov 04
Nov 04
Nov 04
2012
2012
2011
2012
2012
2012
2012
2011
2012
2012
2012
2011
2011
2011
2011
Time
14:13:38
00:58:54
09:33:58
21:15:56
21:15:54
14:13:38
14:24:24
10:20:28
17:16:36
14:20:10
18:55:32
20:59:36
13:54:04
13:54:26
13:58:36
FileName
back_time_a
logfile
snmpnotilog.txt
private-data.txt
vrpcfg.zip
back_time_b
devicesoft.cc
sysdrv
compatible
selftest
backup.cfg
20111215.zip
servercert.der
serverkey.der
security
KB total (7,289 KB free)
# Access the FTP user's local directory on the PC and check the vrpcfg.zip file.
----End
Configuration File
#
sysname HUAWEI
#
FTP server enable
#
aaa
local-user admin1234 password cipher %@%@#N&)XdgB87~RcnU9upv6,.d;,uXe*#IeEywBaSmj:\@.d>,%@%@
local-user admin1234 privilege level 15
local-user admin1234 ftp-directory flash:/
local-user admin1234 service-type ftp
#
interface MEth0/0/1
ip address 10.136.23.5 255.255.255.0
#
return
1.4.3 Example for Managing Files Using SFTP When the Device
Functions as an SSH Server
Networking Requirements
As shown in Figure 1-24, routes between the PC and the device functioning as an SSH server
are reachable. 10.136.23.4 is the management IP address on the SSH server. Configure the device
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
49
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
as an SSH server so that the server can authenticate the client and encrypt data in bidirectional
mode, preventing man-in-middle attacks and MAC/IP address spoofing to ensure secure file
transfer.
Figure 1-24 Network for managing files using SFTP when the device functions as an SSH server
Network
10.136.23.4/24
SSH Server
PC
Configuration Roadmap
The configuration roadmap is as follows:
1.
Generate a local key pair and enable the SFTP server function on the SSH server so that
the server and client can securely exchange data.
2.
Configure the VTY user interface on the SSH server.
3.
Configure SSH user information including the authentication mode, service type,
authorized directory, user name, and password.
4.
Connect to the SSH server using the third-party software OpenSSH on the PC.
Procedure
Step 1 Generate a local key pair on the SSH server.
<HUAWEI> system-view
[HUAWEI] sysname SSH Server
[SSH Server] rsa local-key-pair create
The key name will be: SSH Server_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 2048]:1024
Generating keys...
...........++++++++++++
..................++++++++++++
...++++++++
...........++++++++
[SSH Server] sftp server enable
Step 2 Configure the VTY user interface on the SSH server.
[SSH
[SSH
[SSH
[SSH
Server] user-interface vty 0 4
Server-ui-vty0-4] authentication-mode aaa
Server-ui-vty0-4] protocol inbound all
Server-ui-vty0-4] quit
Step 3 Configure SSH user information including the authentication mode, service type, authorized
directory, user name, and password.
[SSH
[SSH
[SSH
[SSH
[SSH
Issue 04 (2013-11-06)
Server] ssh
Server] ssh
Server] ssh
Server] aaa
Server-aaa]
user client001 authentication-type password
user client001 service-type sftp
user client001 sftp-directory flash:
local-user client001 password cipher Huawei@123
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
50
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
[SSH Server-aaa] local-user client001 privilege level 15
[SSH Server-aaa] local-user client001 service-type ssh
[SSH Server-aaa] quit
Step 4 Connect to the SSH server using the third-party software OpenSSH on the PC.
The Windows CLI can identify OpenSSH commands only when the OpenSSH is installed on
the PC.
Figure 1-25 Connecting to the SSH server
After connecting to the SSH server, the SFTP view is displayed. Users can run SFTP commands
to perform file-related operations in the SFTP view.
----End
Configuration File
#
sysname SSH Server
#
aaa
local-user client001 password cipher %@%@#N&)XdgB87~RcnU9upv6,.d;,uXe*#IeEywBaSmj:\@.d>,%@%@
local-user client001 privilege level 15
local-user client001 service-type ssh
#
sftp server enable
ssh user client001
ssh user client001 authentication-type password
ssh user client001 service-type sftp
ssh user client001 sftp-directory flash:
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound all
#
return
1.4.4 Example for Managing Files When the Device Functions as an
FTPS Server
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
51
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Networking Requirements
As shown in Figure 1-26, routes between the PC and the device functioning as an FTPS server
are reachable. 10.137.217.201 is the management IP address on the FTPS server.
The FTP server function does not provide security mechanisms. Data are transmitted in plain
text, which cannot prevent man-in-middle attacks and MAC/IP address spoofing. To overcome
this limitation, configure the SSL policy, data encryption, user identity authentication, and
message integrity check mechanisms on the FTPS server to ensure secure file transfer. SSL
ensures secure connection based on the FTP server function.
Figure 1-26 Network for managing files when the device functions as an FTPS server
Network
10.137.217.201/24
PC
FTPS Server
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the FTP server function on the device and upload the digital certificate to the
root directory on the device.
2.
On the device, copy the digital certificate to the security directory, configure the SSL
policy, and load the digital certificate so that the client can authenticate the server.
3.
Enable the FTPS server function and configure the local FTP user.
4.
Connect to the FTPS server using a third-party software.
Procedure
Step 1 Configure the FTP server function on the server and upload the digital certificate to the server.
# Enable the FTP server function and configure FTP user information.
<HUAWEI> system-view
[HUAWEI] sysname FTPS-Server
[FTPS-Server] ftp server enable
[FTPS-Server] aaa
[FTPS-Server-aaa] local-user admin
[FTPS-Server-aaa] local-user admin
[FTPS-Server-aaa] local-user admin
[FTPS-Server-aaa] local-user admin
[FTPS-Server-aaa] quit
[FTPS-Server] quit
password cipher huawei@123
service-type ftp
privilege level 3
ftp-directory flash:
# Access the Windows CLI and run the ftp FTP server IP address command to connect to the
FTP server. Enter the correct user name and password to connect to the FTP server. Upload the
digital certificate and private key to the FTP server.
Run the dir command on the FTP server to check the digital certificate and private key.
<FTPS-Server> dir
Directory of flash:/
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
52
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Idx
Attr
0 drw1 -rw2 -rw3 -rw4 -rw-
Size(Byte)
1 Basic Configuration
Date
May
May
May
May
May
524,575
446
1,302
951
10
10
10
10
10
Time
2011 05:05:40
2011 05:05:53
2011 05:05:51
2011 05:32:05
2011 05:32:44
FileName
src
private-data.txt
vrpcfg.zip
servercert.der
serverkey.der
...
65,233 KB total (7,289 KB free)
Step 2 Configure the SSL policy and load the digital certificate.
# Create the security directory and copy the digital certificate to the security directory.
<FTPS-Server> mkdir security/
<FTPS-Server> move servercert.der security/
<FTPS-Server> move serverkey.der security/
Run the dir command in the security directory to check the digital certificate and private key.
<FTPS-Server> cd security/
<FTPS-Server> dir
Directory of flash:/security/
Idx
0
1
Attr
-rw-rw-
Size(Byte)
1,302
951
Date
Time
May 10 2011 05:44:34
May 10 2011 05:45:22
FileName
servercert.der
serverkey.der
65,233 KB total (7,289 KB free)
# Configure the SSL policy and load the digital certificate in the ASN1 format.
<FTPS-Server> system-view
[FTPS-Server] ssl policy ftp_server
[FTPS-Server-ssl-policy-ftp_server] certificate load asn1-cert servercert.der keypair rsa key-file serverkey.der
[FTPS-Server-ssl-policy-ftp_server] quit
Step 3 Enable the FTPS server function and configure the local FTP user.
# Enable the FTPS server function.
NOTE
Disable the FTP server function before enabling the FTPS server function.
[FTPS-Server] undo ftp server
[FTPS-Server] ftp secure-server ssl-policy ftp_server
[FTPS-Server] ftp secure-server enable
# Configure the local FTP user.
Use the admin user configured in the preceding step.
Step 4 Connect to the FTPS server using a third-party software.
For details, see the appropriate third-party documentation.
Step 5 Verify the configurations.
# Run the display ssl policy command on the FTPS server to view detailed certificate
information.
[FTPS-Server] display ssl policy
SSL Policy Name: ftp_server
Policy Applicants:
Key-pair Type: RSA
Certificate File Type: ASN1
Certificate Type: certificate
Certificate Filename: servercert.der
Key-file Filename: serverkey.der
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
53
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Auth-code:
MAC:
CRL File:
Trusted-CA File:
# Run the display ftp-server command on the FTPS server to view the SSL policy name and
the FTPS server status.
[FTPS-Server] display ftp-server
FTP server is stopped
Max user number
User count
Timeout value(in minute)
Listening port
Acl number
FTP server's source address
FTP SSL policy
FTP Secure-server is running
5
1
30
21
0
0.0.0.0
ftp_server
The FTP server supporting SSL can securely connect to the FTPS server, upload files, and
download files.
----End
Configuration File on the FTPS Server
#
sysname FTPS-Server
#
FTP secure-server enable
ftp secure-server ssl-policy ftp_server
#
aaa
local-user admin password cipher %@%@#N&)XdgB87~RcnU9upv6,.d;,uXe*#IeE-ywBaSmj:
\@.d>,%@%@
local-user admin privilege level 3
local-user admin ftp-directory flash:
local-user admin service-type ftp
#
ssl policy ftp_server
certificate load asn1-cert servercert.der key-pair rsa key-file serverkey.der
#
return
1.4.5 Example for Managing Files When the Device Functions as a
TFTP Client
Networking Requirements
As shown in Figure 1-27, the remote device at 10.1.1.1/24 functions as the TFTP server. The
device at 10.2.1.1/24 functions as the TFTP client. Routes between the device and the server are
reachable.
The device needs to be upgraded. To upgrade the device, you must download system software
devicesoft.cc from and upload the configuration file vrpcfg.zip to the TFTP server.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
54
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Figure 1-27 Network for managing files when the device functions as a TFTP client
10.2.1.1/24
Network
10.1.1.1/24
TFTP Server
TFTP Client
Configuration Roadmap
The configuration roadmap is as follows:
1.
Run the TFTP software on the TFTP server and configure the working directory.
2.
Run TFTP commands to download devicesoft.cc from and upload vrpcfg.zip to the TFTP
server.
Procedure
Step 1 Run the TFTP software on the TFTP server and configure the working directory. (For details,
see the appropriate third-party documentation.)
Step 2 Run TFTP commands to download devicesoft.cc from and upload vrpcfg.zip to the TFTP
server.
<HUAWEI> tftp 10.1.1.1 get devicesoft.cc
Info: Transfer file in binary mode.
Downloading the file from the remote TFTP server. Please wait...\
TFTP: Downloading the file successfully.
23876556 bytes received in 199 seconds.
<HUAWEI> tftp 10.1.1.1 put vrpcfg.zip
Info: Transfer file in binary mode.
Uploading the file to the remote TFTP server. Please wait...|
TFTP: Uploading the file successfully.
7717 bytes send in 1 second.
Step 3 Verify the configuration.
# Run the dir command on the TFTP client to check the devicesoft.cc file.
<HUAWEI> dir
Directory of flash:/
Idx
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
...
Issue 04 (2013-11-06)
Attr
-rwdrw-rw-rw-rw-rw-rwdrwdrwdrw-rw-rw-rw-rwdrw-
Size(Byte)
14
4
11,238
7,717
14
23,876,556
19,174
43,496
588
320
-
Date
Mar 13
Mar 11
Nov 17
Mar 12
Mar 12
Mar 13
Mar 13
Oct 31
Feb 21
Feb 09
Feb 20
Dec 15
Nov 04
Nov 04
Nov 04
2012
2012
2011
2012
2012
2012
2012
2011
2012
2012
2012
2011
2011
2011
2011
Time
14:13:38
00:58:54
09:33:58
21:15:56
21:15:54
14:13:38
14:24:24
10:20:28
17:16:36
14:20:10
18:55:32
20:59:36
13:54:04
13:54:26
13:58:36
FileName
back_time_a
logfile
snmpnotilog.txt
private-data.txt
vrpcfg.zip
back_time_b
devicesoft.cc
sysdrv
compatible
selftest
backup.cfg
20111215.zip
servercert.der
serverkey.der
security
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
55
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
65,233 KB total (7,289 KB free)
# Access the working directory on the TFTP server and check the vrpcfg.zip file.
----End
Configuration File
None
1.4.6 Example for Managing Files When the Device Functions as an
FTP Client
Networking Requirements
As shown in Figure 1-28, the remote device at 10.1.1.1/24 functions as the FTP server. The
device at 10.2.1.1/24 functions as the FTP client. Routes between the device and the server are
reachable.
The device needs to be upgraded. To upgrade the device, you must download system software
devicesoft.cc from and upload the configuration file vrpcfg.zip to the FTP server.
Figure 1-28 Network for managing files when the device functions as an FTP client
10.2.1.1/24
Network
10.1.1.1/24
FTP Server
FTP Client
Configuration Roadmap
The configuration roadmap is as follows:
1.
Run the FTP software on the FTP server and configure FTP user information.
2.
Connect to the FTP server.
3.
Run FTP commands to download devicesoft.cc from and upload vrpcfg.zip to the FTP
server.
Procedure
Step 1 Run the FTP software on the FTP server and configure FTP user information. (For details, see
the appropriate third-party documentation.)
Step 2 Connect to the FTP server.
<HUAWEI> ftp 10.1.1.1
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
56
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
220 FTP service ready.
User(10.1.1.1:(none)):admin
331 Password required for admin.
Enter password:
230 User logged in.
[ftp]
Step 3 Run FTP commands to download devicesoft.cc from and upload vrpcfg.zip to the FTP server.
[ftp]
[ftp]
[ftp]
[ftp]
binary
get devicesoft.cc
put vrpcfg.zip
quit
Step 4 Verify the configuration.
# Run the dir command on the FTP client to check the devicesoft.cc file.
<HUAWEI> dir
Directory of flash:/
Idx
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
...
65,233
Attr
-rwdrw-rw-rw-rw-rw-rwdrwdrwdrw-rw-rw-rw-rwdrw-
Size(Byte)
14
4
11,238
7,717
14
23,876,556
19,174
43,496
588
320
-
Date
Mar 13
Mar 11
Nov 17
Mar 12
Mar 12
Mar 13
Mar 13
Oct 31
Feb 21
Feb 09
Feb 20
Dec 15
Nov 04
Nov 04
Nov 04
2012
2012
2011
2012
2012
2012
2012
2011
2012
2012
2012
2011
2011
2011
2011
Time
14:13:38
00:58:54
09:33:58
21:15:56
21:15:54
14:13:38
14:24:24
10:20:28
17:16:36
14:20:10
18:55:32
20:59:36
13:54:04
13:54:26
13:58:36
FileName
back_time_a
logfile
snmpnotilog.txt
private-data.txt
vrpcfg.zip
back_time_b
devicesoft.cc
sysdrv
compatible
selftest
backup.cfg
20111215.zip
servercert.der
serverkey.der
security
KB total (7,289 KB free)
# Access the working directory on the FTP server and check the vrpcfg.zip file.
----End
Configuration File
None
1.4.7 Example for Managing Files When the Device Functions as an
SFTP Client
Networking Requirements
SSH secures file transfer on a traditional insecure network by authenticating the client and
encrypting data in bidirectional mode. The client uses SFTP to securely connect to the SSH
server and transfer files.
As shown in Figure 1-29, routes between the SSH server and clients client001 and client002
are reachable. In this example, Huawei device functions as an SSH server.
Client001 connects to the SSH server using the password authentication mode, and client002
using the RSA authentication mode.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
57
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Figure 1-29 Example for managing files when the device functions as an SFTP client
10.2.1.1/24
client001
Network
10.1.1.1/24
SSH Server
10.3.1.1/24
client002
Configuration Roadmap
The configuration roadmap is as follows:
1.
Generate a local key pair and enable the SFTP server function on the SSH server so that
the server and client can securely exchange data.
2.
Create users client001 and client002 and set their authentication modes on the SSH server.
3.
Generate a local key pair on client002 and configure the RSA public key of client002 on
the SSH server so that the server can authenticate the client when the client connects to the
server.
4.
Log in to the SSH server as users client001 and client002 using SFTP and manage files.
Procedure
Step 1 Generate a local key pair and enable the SFTP server function on the SSH server.
<HUAWEI> system-view
[HUAWEI] sysname SSH Server
[SSH Server] rsa local-key-pair create
The key name will be: SSH Server_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 2048]:1024
Generating keys...
...........++++++++++++
..................++++++++++++
...++++++++
...........++++++++
[SSH Server] sftp server enable
Step 2 Create SSH users on the SSH server.
# Configure the VTY user interface.
[SSH
[SSH
[SSH
[SSH
[SSH
Server] user-interface vty 0 4
Server-ui-vty0-4] authentication-mode aaa
Server-ui-vty0-4] protocol inbound all
Server-ui-vty0-4] user privilege level 15
Server-ui-vty0-4] quit
# Create the client001 user and set the authentication mode to password for the user.
[SSH Server] aaa
[SSH Server-aaa] local-user client001 password cipher Huawei@123
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
58
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
[SSH
[SSH
[SSH
[SSH
[SSH
[SSH
Server-aaa]
Server-aaa]
Server] ssh
Server] ssh
Server] ssh
Server] ssh
1 Basic Configuration
local-user client001 service-type ssh
quit
user client001
user client001 authentication-type password
user client001 service-type sftp
user client001 sftp-directory flash:
# Create an SSH user named client002 and set the authentication mode to rsa for the user.
[SSH
[SSH
[SSH
[SSH
Server]
Server]
Server]
Server]
ssh
ssh
ssh
ssh
user
user
user
user
client002
client002 authentication-type rsa
client002 service-type sftp
client002 sftp-directory flash:
Step 3 Generate a local key pair on client002 and configure the RSA public key of client002 on the
SSH server.
# Generate a local key pair on client002.
<HUAWEI> system-view
[HUAWEI] sysname client002
[client002] rsa local-key-pair create
The key name will be: client002_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 2048]:1024
Generating keys...
...........++++++++++++
..................++++++++++++
...++++++++
...........++++++++
# Check the RSA public key of the client.
[client002] display rsa local-key-pair public
=====================================================
Time of Key pair created: 2012-05-03 17:07:45
Key name: client002_Host
Key type: RSA encryption Key
=====================================================
Key code:
3048
0241
009C6217 C9B04540 656E55A8 9D8BC81A 89D46DA8
436065F4 6087345D 7294CFA7 DFE19D71 8E7EE0E3
F5B5CBE1 E1D97852 B98561C9 626A27E3 9A73348B
622E9797 D8A43EB0 EC3394E2 FB33EC51 748E79E7
D1D5F4AE B6F5891C 739FB235 76E51B1C 69
0203
010001
Host public key for PEM format code:
---- BEGIN SSH2 PUBLIC KEY ---AAAAB3NzaC1yc2EAAAADAQABAAAAQQC/815LxhvXhvkHtd59Z3DD5f0XqyA8j8u7
yP3y98tnTlGehBkPa5eo6pH8S7nhiDZedL/VTGh3Z6ica0Mdfj4b
---- END SSH2 PUBLIC KEY ---Public key code for pasting into OpenSSH authorized_keys file :
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAQQC/815LxhvXhvkHtd59Z3DD5f0XqyA8j8u7yP3y98tn
TlGehBkPa5eo6pH8S7nhiDZedL/VTGh3Z6ica0Mdfj4b rsa-key
=====================================================
Time of Key pair created: 2012-05-03 17:07:45
Key name: client002_Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
59
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
0260
BCFAC085
D2797280
9B2AF4CB
1C76ABAB
BC89D3DB
0203
010001
49A2E70E
4BCA86C0
69FA6483
743C568B
5A83698C
1284F901
4CD18B70
E87DA590
1B35EC7A
9063DB39
1 Basic Configuration
937D7B63
5DFAC9D3
7B47721A
8572A096
A279DD89
D7A077AB
9A3F3E74
16391E27
BCA9DF0E
# Configure the RSA public key of client002 on the SSH server. (Information in bold in the
display command output is the RSA public key of client002. Copy the information to the server.)
[SSH Server] rsa peer-public-key rsakey001
Enter "RSA public key" view, return system view with "peer-public-key end".
[SSH Server-rsa-public-key] public-key-code begin
Enter "RSA key code" view, return last view with "public-key-code end".
[SSH Server-rsa-key-code] 3048
[SSH Server-rsa-key-code] 0241
[SSH Server-rsa-key-code] 009C6217 C9B04540 656E55A8 9D8BC81A 89D46DA8
[SSH Server-rsa-key-code] 436065F4 6087345D 7294CFA7 DFE19D71 8E7EE0E3
[SSH Server-rsa-key-code] F5B5CBE1 E1D97852 B98561C9 626A27E3 9A73348B
[SSH Server-rsa-key-code] 622E9797 D8A43EB0 EC3394E2 FB33EC51 748E79E7
[SSH Server-rsa-key-code] D1D5F4AE B6F5891C 739FB235 76E51B1C 69
[SSH Server-rsa-key-code] 0203
[SSH Server-rsa-key-code] 010001
[SSH Server-rsa-key-code] public-key-code end
[SSH Server-rsa-public-key] peer-public-key end
# Bind the client002 user to the RSA public key of client002.
[SSH Server] ssh user client002 assign rsa-key rsakey001
Step 4 Connect SFTP clients to the SSH server.
# If the clients connect to the SSH server for the first time, enable the initial authentication
function on the clients.
Enable the initial authentication function on client001.
<HUAWEI> system-view
[HUAWEI] sysname client001
[client001] ssh client first-time enable
Enable the initial authentication function on client002.
[client002] ssh client first-time enable
# Log in to the SSH server from client001 in password authentication mode.
<client001> system-view
[client001] sftp 10.1.1.1
Please input the username: client001
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
The server is not authenticated. Continue to access it?[Y/N]:y
Save the server's public key?[Y/N]:y
The server's public key will be saved with the name 10.1.1.1. Please wait.
..
Enter password:
sftp-client>
# Log in to the SSH server from client002 in RSA authentication mode.
<client002> system-view
[client002] sftp 10.1.1.1
Please input the username: client002
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
60
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
The server is not authenticated. Continue to access it? [Y/N] :y
Save the server's public key? [Y/N] :y
The server's public key will be saved with the name 10.1.1.1. Please wait.
..
sftp-client>
Step 5 Verify the configurations.
Run the display ssh server status and display ssh server session commands. You can see that
the SFTP service has been enabled, and the SFTP clients have connected to the server
successfully. Run the display ssh user-information command. Information about the
configured SSH users is displayed.
# Check the SSH server status.
[SSH Server] display ssh server status
SSH version
:1.99
SSH connection timeout
:60 seconds
SSH server key generating interval :0 hours
SSH authentication retries
:3 times
SFTP server
:Enable
Stelnet server
:Disable
Scp server
:Disable
SSH server source
:0.0.0.0
# Check the SSH session status.
[SSH Server] display ssh server session
Session 1:
Conn
: VTY 1
Version
: 2.0
State
: started
Username
: client001
Retry
: 1
CTOS Cipher
: aes128-cbc
STOC Cipher
: aes128-cbc
CTOS Hmac
: hmac-sha1-96
STOC Hmac
: hmac-sha1-96
CTOS Compress
: none
STOC Compress
: none
Kex
: diffie-hellman-group1-sha1
Public Key
: rsa
Service Type
: sftp
Authentication Type : password
Session 2:
Conn
: VTY 2
Version
: 2.0
State
: started
Username
: client002
Retry
: 1
CTOS Cipher
: aes128-cbc
STOC Cipher
: aes128-cbc
CTOS Hmac
: hmac-sha1-96
STOC Hmac
: hmac-sha1-96
CTOS Compress
: none
STOC Compress
: none
Kex
: diffie-hellman-group1-sha1
Public Key
: rsa
Service Type
: sftp
Authentication Type : rsa
# Check information about SSH users.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
61
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
[SSH Server] display ssh user-information
User 1:
User Name
: client001
Authentication-type : password
User-public-key-name : User-public-key-type : Sftp-directory
: flash:
Service-type
: sftp
Authorization-cmd
: No
User 2:
User Name
Authentication-type
User-public-key-name
User-public-key-type
Sftp-directory
Service-type
Authorization-cmd
:
:
:
:
:
:
:
client002
rsa
rsakey001
rsa
flash:
sftp
No
----End
Configuration Files
l
Configure file on the SSH server
#
sysname SSH Server
#
rsa peer-public-key rsakey001
public-key-code begin
3048
0241
DD9A793D 4B231FDB 7BEF8545 0B466FB5 1A1EA9CE F345E468 56948790 18244678
D2264734 AA8135BE 7F8FA0BC 2A4F600E C8622818 A994698F 0F45E870 8EC551DA
EC77948C AE191111 316F5604 F45F3301 F1F92C38 84484F3F D97B3F01 1FC2C9CE
1367AE88 3DC1B47A BDE05F28 DC400CEE B773C580 13313DB0 33D297E9 538FC459
4B
0203
010001
public-key-code end
peer-public-key end
#
aaa
local-user client001 password cipher %@%@#N&)XdgB87~RcnU9upv6,.d;,uXe*#IeEywBaSmj:\@.d>,%@%@
local-user client001 service-type ssh
#
sftp server enable
ssh user client001
ssh user client001 authentication-type password
ssh user client001 service-type sftp
ssh user client001 sftp-directory flash:
ssh user client002
ssh user client002 authentication-type rsa
ssh user client002 assign rsa-key rsakey001
ssh user client002 service-type sftp
ssh user client002 sftp-directory flash:
#
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
protocol inbound ssh
#
return
l
Issue 04 (2013-11-06)
Configuration file on client001
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
62
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
#
sysname client001
#
ssh client first-time enable
#
return
l
Configuration file on client002
#
sysname client002
#
ssh client first-time enable
#
return
1.4.8 Example for Managing Files When the Device Functions as an
FTPS Client
Networking Requirements
The FTP server function does not provide security mechanisms. Data are transmitted in plain
text, which cannot prevent man-in-middle attacks and MAC/IP address spoofing. To overcome
this limitation, configure the SSL policy, data encryption, user identity authentication, and
message integrity check mechanisms on the FTPS server to ensure secure file transfer. SSL
ensures secure connection based on the FTP server function.
As shown in Figure 1-30, routes between the device functioning as the FTPS client and the
FTPS server are reachable. The FTPS client can securely connect to the FTPS server and manage
files.
l
On the FTPS client, configure the SSL policy and load the CA certificate to check the
owner's identity.
l
On the FTPS server, configure the SSL policy, load the digital certificate to check the
owner's identity, and enable the FTPS server function.
Obtain required certificates for the FTPS client and server from the CA. In this example, Huawei
device functions as the FTPS server.
Figure 1-30 Network for managing files when the device functions as an FTPS client
10.2.1.1/24
10.1.1.1/24
Network
PC
FTPS Client
FTPS Server
Configuration Roadmap
The configuration roadmap is as follows:
1.
Issue 04 (2013-11-06)
Upload the certificates.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
63
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
l Upload the digital certificate and private key to the root directory on the FTPS server.
l Upload the CA certificate to the root directory on the FTPS client.
2.
Load the certificates and configure SSL policies.
l On the FTPS server, copy the digital certificate to the security directory, configure the
SSL policy, and load the digital certificate.
l On the FTPS client, copy the CA certificate to the security directory, configure the SSL
policy, and load the digital certificate.
3.
Enable the FTPS server function and configure the local FTP user.
4.
Run the FTP command to connect to the FTPS server and remotely manage files.
Procedure
Step 1 Upload the certificates.
l Configure the FTP function on the client and server and upload the certificates to the client
and server. For details, see Managing Files When the Device Functions as an FTP Server.
# Run the dir command on the FTPS server to check the digital certificate and private key.
<HUAWEI> system-view
[HUAWEI] sysname FTPS-Server
[FTPS-Server] quit
<FTPS-Server> dir
Directory of flash:/
Idx
0
1
2
3
4
...
Attr
drw-rw-rw-rw-rw-
Size(Byte)
524,575
446
1,302
951
Date
May 10
May 10
May 10
Mar 13
Mar 13
2011
2011
2011
2012
2012
Time
05:05:40
05:05:53
05:05:51
18:23:28
18:30:20
FileName
src
private-data.txt
vrpcfg.zip
servercert.der
serverkey.der
65,233 KB total (7,289 KB free)
# Run the dir command on the client to check the CA certificate.
<HUAWEI> system-view
[HUAWEI] sysname FTPS-Client
[FTPS-Client] quit
<FTPS-Client> dir
Directory of flash:/
Idx
0
1
2
3
4
5
6
7
8
...
Attr
-rw-rw-rwdrw-rw-rwdrw-rwdrw-
Size(Byte)
524,558
1,237
1,241
421
1,308,478
4
-
Date
May 10
Mar 14
Mar 14
Apr 09
Apr 09
Apr 14
Apr 10
Apr 19
Apr 13
2011
2012
2012
2011
2011
2011
2011
2011
2011
Time
04:50:39
07:46:24
07:46:20
19:46:14
19:46:14
19:22:45
01:35:54
04:24:28
11:37:40
FileName
private-data.txt
cacert.der
rootcert.der
src
vrpcfg.zip
web.zip
logfile
snmpnotilog.txt
lam
65,233 KB total (17,489 KB free)
Step 2 Configure the SSL policy and load the certificates.
l Perform the following operations on the FTPS server.
# Create the security directory and move the digital certificate to the security directory.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
64
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
<FTPS-Server> mkdir security/
<FTPS-Server> move servercert.der security/
<FTPS-Server> move serverkey.der security/
# Run the dir command in the security directory to check the digital certificate and private
key.
<FTPS-Server> cd security/
<FTPS-Server> dir
Directory of flash:/security/
Idx
0
1
Attr
-rw-rw-
Size(Byte)
1,302
951
Date
Time
Mar 13 2012 18:23:28
Mar 13 2012 18:30:20
FileName
servercert.der
serverkey.der
65,233 KB total (7,289 KB free)
# Configure the SSL policy and load the digital certificate in the ASN1 format.
<FTPS-Server> system-view
[FTPS-Server] ssl policy ftp_server
[FTPS-Server-ssl-policy-ftp_server] certificate load asn1-cert servercert.der
key-pair rsa key-file serverkey.der
[FTPS-Server-ssl-policy-ftp_server] quit
# Run the display ssl policy command on the FTPS server to view detailed certificate
information.
[FTPS-Server] display ssl policy
SSL Policy Name: ftp_server
Policy Applicants:
Key-pair Type: RSA
Certificate File Type: ASN1
Certificate Type: certificate
Certificate Filename: servercert.der
Key-file Filename: serverkey.der
Auth-code:
MAC:
CRL File:
Trusted-CA File:
l Perform the following operations on the FTPS client:
# Create the security directory and move the CA certificate to the security directory.
<FTPS-Client> mkdir security/
<FTPS-Client> move cacert.der security/
<FTPS-Client> move rootcert.der security/
# When the CA certificate is copied to the security directory, run the dir command in the
security directory to check the CA certificate.
<FTPS-Client> cd security/
<FTPS-Client> dir
Directory of flash:/security/
Idx
0
1
Attr
-rw-rw-
Size(Byte)
1,237
1,241
Date
Time
Mar 14 2012 07:46:24
Mar 14 2012 07:46:20
FileName
cacert.der
rootcert.der
65,233 KB total (17,489 KB free)
# Configure the SSL policy and load the CA certificate.
<FTPS-Client> system-view
[FTPS-Client] ssl policy ftp_client
[FTPS-Client-ssl-policy-ftp_client] trusted-ca load asn1-ca cacert.der
[FTPS-Client-ssl-policy-ftp_client] trusted-ca load asn1-ca rootcert.der
[FTPS-Client-ssl-policy-ftp_client] quit
# Run the display ssl policy command on the FTPS client to view detailed certificate
information.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
65
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
[FTPS-Client] display ssl policy
SSL Policy Name: ftp_client
Policy Applicants:
Key-pair Type:
Certificate File Type:
Certificate Type:
Certificate Filename:
Key-file Filename:
Auth-code:
MAC:
CRL File:
Trusted-CA File:
Trusted-CA File 1: Format = ASN1, Filename = cacert.der
Trusted-CA File 2: Format = ASN1, Filename = rootcert.der
Step 3 Enable the FTPS server function and configure the local FTP user.
# Enable the FTPS server function.
NOTE
Disable the FTP server function before enabling the FTPS server function.
[FTPS-Server] undo ftp server
[FTPS-Server] ftp secure-server ssl-policy ftp_server
[FTPS-Server] ftp secure-server enable
# Configure the local FTP user.
[FTPS-Server] aaa
[FTPS-Server-aaa] local-user
[FTPS-Server-aaa] local-user
[FTPS-Server-aaa] local-user
[FTPS-Server-aaa] local-user
[FTPS-Server-aaa] quit
[FTPS-Server] quit
admin
admin
admin
admin
password cipher huawei@123
service-type ftp
privilege level 3
ftp-directory flash:
You can use the user who uploads the certificates or create a new user.
Step 4 On the FTPS client, run the FTP command to connect to the FTPS server and remotely manage
files.
<FTPS-Client> ftp ssl-policy ftp_client 10.1.1.1
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1.
220 FTP service ready.
234 AUTH command successfully, Security mechanism accepted.
200 PBSZ is ok.
200 Data channel security level is changed to private.
User(10.1.1.1:(none)):admin
331 Password required for admin.
Enter password:
230 User logged in.
[ftp]
To connect to the FTPS server, enter the correct user name and password.
Step 5 Verify the configurations.
# Run the display ftp-server command on the FTPS server to view the SSL policy name and
the FTPS server status.
[FTPS-Server] display ftp-server
FTP server is stopped
Max user number
User count
Timeout value(in minute)
Issue 04 (2013-11-06)
5
1
30
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
66
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Listening port
Acl number
FTP server's source address
FTP SSL policy
FTP Secure-server is running
21
0
0.0.0.0
ftp_server
Manage files remotely on the FTPS client.
----End
Configuration File
l
Configuration file on the FTPS server
#
sysname FTPS-Server
#
FTP secure-server enable
ftp secure-server ssl-policy ftp_server
#
aaa
local-user admin password cipher %@%@#N&)XdgB87~RcnU9upv6,.d;,uXe*#IeEywBaSmj:\@.d>,%@%@
local-user admin privilege level 3
local-user admin ftp-directory flash:
local-user admin service-type ftp
#
ssl policy ftp_server
certificate load asn1-cert servercert.der key-pair rsa key-file serverkey.der
#
return
l
Configuration file on the FTPS client
#
sysname FTPS-Client
#
ssl policy ftp_client
trusted-ca load asn1-ca cacert.der
trusted-ca load asn1-ca rootcert.der
#
return
1.4.9 Example for Managing Files When the Device Functions as an
SCP Client
Networking Requirements
Compared to the SFTP protocol, the SCP protocol combines the process of authenticating user
identity and transferring files, improving configuration efficiency.
As shown in Figure 1-31, routes between the device functioning as the SCP client and the SSH
server are reachable. The SCP client can download files from the SSH server.
Figure 1-31 Network for managing files when the device functions as an SCP client
10.2.1.1/24
10.1.1.1/24
Network
PC
Issue 04 (2013-11-06)
SCP Client
SSH Server
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
67
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
Generate a local key pair on the SSH server.
2.
Create an SSH user on the SSH server.
3.
Enable the SCP function on the SSH server.
4.
Download the backup.cfg file from the SSH server.
Procedure
Step 1 Generate a local key pair on the SSH server.
<HUAWEI> system-view
[HUAWEI] sysname SSH Server
[SSH Server] rsa local-key-pair create
The key name will be: SSH Server_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 2048]: 1024
Generating keys...
.....++++++++++++
....++++++++++++
......++++++++
................................++++++++
Step 2 Create an SSH user on the SSH server.
# Configure the VTY user interface.
[SSH
[SSH
[SSH
[SSH
Server] user-interface vty 0 4
Server-ui-vty0-4] authentication-mode aaa
Server-ui-vty0-4] protocol inbound ssh
Server-ui-vty0-4] quit
# Create an SSH user named client001 and set the authentication mode to password and service
type to all.
[SSH Server] ssh user client001
[SSH Server] ssh user client001 authentication-type password
[SSH Server] ssh user client001 service-type all
# Set the password of the client001 user to huawei@123.
[SSH
[SSH
[SSH
[SSH
[SSH
Server] aaa
Server-aaa]
Server-aaa]
Server-aaa]
Server-aaa]
local-user client001 password cipher huawei@123
local-user client001 service-type ssh
local-user client001 privilege level 3
quit
Step 3 Enable the SCP function on the SSH server.
[SSH Server] scp server enable
Step 4 Download the backup.cfg file from the SSH server.
# If the client connects to the SSH server for the first time, enable the initial authentication
function on the client.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
68
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
<HUAWEI> system-view
[HUAWEI] sysname SCP Client
[SCP Client] ssh client first-time enable
# Use the 3des encryption algorithm to download the backup.cfg file from the SSH server to
the local user's directory.
[SCP Client] scp -cipher 3des client001@10.1.1.1:backup.cfg backup.cfg
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
The server is not authenticated. Continue to access it? [Y/N] :y
Save the server's public key? [Y/N] :y
The server's public key will be saved with the name 10.1.1.1. Please wait.
..
Enter password:
backup.cfg
100%
19174Bytes
7Kb/s
----End
Configuration File
l
Configuration file on the SSH server
#
sysname SSH Server
#
aaa
local-user client001 password cipher %@%@#N&)XdgB87~RcnU9upv6,.d;,uXe*#IeEywBaSmj:\@.d>,%@%@
local-user client001 privilege level 3
local-user client001 service-type ssh
#
scp server enable
ssh user client001
ssh user client001 authentication-type password
ssh user client001 service-type all
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
#
return
l
Configuration file on the SCP client
#
sysname SCP Client
#
ssh client first-time enable
#
return
1.5 Configuring System Startup
When the device is powered on, system software starts and configuration files are loaded. To
ensure smooth running of the device, manage system software and configuration files efficiently.
1.5.1 Example for Backing Up the Configuration File
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
69
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Networking Requirements
As shown in Figure 1-32, a user logs in to the device and backs up the configuration file to the
TFTP server. So the configuration file can be recovered in case that the device is damaged.
Figure 1-32 Networking diagram of backing up the configuration file
Switch
TFTP Server
Network
Configuration Roadmap
The configuration roadmap is as follows:
1.
Save the configuration file.
2.
Back up the configuration file through TFTP.
Procedure
Step 1 Save configurations to the config.cfg file.
<HUAWEI> save config.cfg
Step 2 Back up the configuration file through TFTP.
1.
Start the TFTP server program.
Start the TFTP server program on the PC. Set the path for transmitting the configuration
file, and the IP address and port number of the TFTP server.
2.
Transfer the configuration file.
Run the tftp command in the user view to back up the specified configuration file.
<HUAWEI> tftp 10.110.24.254 put flash:/config.cfg backup.cfg
----End
1.5.2 Example for Recovering the Configuration File
Networking Requirements
As shown in Figure 1-33, a user logs in to the device and finds that some incorrect configurations
cause errors in the system. To recover the original configuration, the user downloads the
configuration file saved in the TFTP server to the device and specifies the configuration file for
the next startup.
Figure 1-33 Network diagram of recovering the configuration file
Switch
TFTP Server
Network
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
70
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
Recover the configuration file that is backed up on the PC through TFTP.
2.
Specify the recovered configuration file for the next startup.
Procedure
Step 1 Recover the configuration file that is backed up on the PC through TFTP.
1.
Start the TFTP server program.
Start the TFTP server program on the PC. Set the path for transmitting the configuration
file, and the IP address and port number of the TFTP server.
2.
Transfer the configuration file.
Run the tftp command in the user view.
<HUAWEI> tftp 10.110.24.254 get backup.cfg config.cfg
Step 2 Specify the recovered configuration file for the next startup.
<HUAWEI> startup saved-configuration config.cfg
----End
1.5.3 Example of Configuring System Startup
Networking Requirements
As shown in Figure 1-34, the current system software cannot meet user needs. The device must
load new software version with more features. Then the device software needs to be upgraded
remotely.
Figure 1-34 Configuring System Startup Networking
Network
10.1.1.1/24
PC
Switch
Configuration Roadmap
The configuration roadmap is as follows:
1.
Upload the new system software to the root directory of the device.
2.
Save the current configuration so that it remains active after upgrade.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
71
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
3.
Specify the system software for next startup.
4.
Specify the configuration file for next startup of the device.
5.
Restart the device to complete upgrade.
Procedure
Step 1 Upload the new system software to the root directory of the device.
Before configuration, run the display startup command to view the files for next startup.
<HUAWEI> display startup
MainBoard:
Configured startup system software:
Startup system software:
Next startup system software:
Startup saved-configuration file:
Next startup saved-configuration file:
Startup paf file:
Next startup paf file:
Startup license file:
Next startup license file:
Startup patch package:
Next startup patch package:
flash:/basicsoft.cc
flash:/basicsoft.cc
flash:/basicsoft.cc
flash:/vrpcfg.zip
flash:/vrpcfg.zip
NULL
NULL
NULL
NULL
NULL
NULL
Upload the new system software to the device. This example uses FTP to transfer the system
software. Configure the device as an FTP server and upload the system software to the device
from the FTP client. Make sure there is enough space in the storage device before uploading
files. If the space is insufficient, delete unnecessary files to free up space in the storage device.
<HUAWEI> system-view
[HUAWEI] ftp server enable
[HUAWEI] aaa
[HUAWEI-aaa] local-user huawei
[HUAWEI-aaa] local-user huawei
[HUAWEI-aaa] local-user huawei
[HUAWEI-aaa] local-user huawei
[HUAWEI-aaa] quit
[HUAWEI] quit
password cipher Huawei@123
service-type ftp
ftp-directory flash:
privilege level 15
Run the ftp 10.1.1.1 command in the command line window of the PC to set up an FTP
connection with the device. Run the put command to upload new system software
newbasicsoft.cc. After the upload completes, run the dir command to check the system software.
<HUAWEI> dir
Directory of flash:/
Idx
0
1
2
3
4
5
6
...
Attr
-rw-rwdrwdrw-rw-rwdrw-
Size(Byte)
515,160
1,799
26,493,884
1,111
27,403,824
Date
Oct 01
Jan 01
Jan 01
Jan 29
Dec 31
Nov 29
Jul 16
2008
2012
2012
2012
2011
2011
2012
Time
00:06:14
00:22:58
00:25:20
00:00:54
23:46:52
19:43:54
19:14:26
FileName
bootrom.bin
private-data.txt
syslogfile
resetinfo
basicsoft.cc
vrpcfg.zip
newbasicsoft.cc
65,233 KB total (8,284 KB free)
Step 2 Save the current configuration.
<HUAWEI> save
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
72
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
The system displays a message indicating that the current configuration will be saved and asks
you whether to continue. Enter y and the configuration will be saved to the device.
Step 3 Specify the system software to be loaded for next startup.
<HUAWEI> startup system-software newbasicsoft.cc
Step 4 Specify the configuration file for next startup.
<HUAWEI> startup saved-configuration vrpcfg.zip
NOTE
In step 1, you can run the display startup command to check the configuration file for next startup. The
message "Next startup saved-configuration file: flash:/vrpcfg.zip" will be displayed. This means the
vrpcfg.zip configuration file has been specified for next startup, so you do not need to perform this step.
To specify another file for next startup, perform this step.
Step 5 Checking the configuration
Run the following command to view the system software and configuration file for next startup.
<HUAWEI> display startup
MainBoard:
Configured startup system software:
Startup system software:
Next startup system software:
Startup saved-configuration file:
Next startup saved-configuration file:
Startup paf file:
Next startup paf file:
Startup license file:
Next startup license file:
Startup patch package:
Next startup patch package:
flash:/basicsoft.cc
flash:/basicsoft.cc
flash:/newbasicsoft.cc
flash:/vrpcfg.zip
flash:/vrpcfg.zip
NULL
NULL
NULL
NULL
NULL
NULL
Step 6 Restart the device.
# Since the configuration file has been saved, run the reboot fast command to restart the device
quickly.
<HUAWEI> reboot fast
When the system asks you whether to start the device, enter y.
Step 7 Verify the configuration.
# Wait for several minutes until the device restart is complete. Run the display version command
to check the current system version. If the current system software is new, the upgrading has
succeeded.
The display version command output is not provided here.
----End
Configuration File
#
sysname HUAWEI
#
FTP server enable
#
vlan batch 10
#
aaa
local-user huawei password cipher %@%@gVq*NB}t==u!hl<vesQ+%W@}%@%@
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
73
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 Basic Configuration
local-user huawei privilege level 15
local-user huawei ftp-directory flash:
local-user huawei service-type ftp
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
74
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
2 Interface Management
2
Interface Management
About This Chapter
This document describes configuration examples of interfaces supported by the
S2350&S5300&S6300.
2.1 Ethernet Interfaces Configuration
Ethernet is flexible, simple, and easy to implement, and therefore it becomes an important local
area network (LAN) networking technology. You need to configure Ethernet interfaces when
using Ethernet technology to establish LANs.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
75
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
2 Interface Management
2.1 Ethernet Interfaces Configuration
Ethernet is flexible, simple, and easy to implement, and therefore it becomes an important local
area network (LAN) networking technology. You need to configure Ethernet interfaces when
using Ethernet technology to establish LANs.
2.1.1 Example for Configuring Interface Isolation
Networking Requirements
As shown in Figure 2-1, PC1, PC2, and PC3 belong to VLAN 10. PC1 and PC2 are not allowed
to communicate with each other in VLAN 10 but are allowed to communicate with PC3.
Figure 2-1 Networking diagram of interface isolation configuration
Switch
GE0/0/2
GE0/0/1
GE0/0/3
PC1
PC2
PC3
10.10.10.1/24 10.10.10.2/24 10.10.10.3/24
VLAN10
Configuration Roadmap
The configuration roadmap is as follows:
1.
By default, interfaces are isolated at Layer 2 but can communicate at Layer 3. You can add
interfaces to an isolation group to implement Layer 2 isolation between these interfaces.
Procedure
Step 1 Configure interface isolation.
# Configure interface isolation for GE0/0/1.
<HUAWEI> system-view
[HUAWEI] vlan 10
[HUAWEI-vlan10] quit
[HUAWEI] interface gigabitethernet 0/0/1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
76
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
[HUAWEI-GigabitEthernet0/0/1]
[HUAWEI-GigabitEthernet0/0/1]
[HUAWEI-GigabitEthernet0/0/1]
[HUAWEI-GigabitEthernet0/0/1]
2 Interface Management
port link-type access
port default vlan 10
port-isolate enable
quit
# Configure interface isolation for GE0/0/2.
[HUAWEI] interface gigabitethernet 0/0/2
[HUAWEI-GigabitEthernet0/0/2] port link-type access
[HUAWEI-GigabitEthernet0/0/2] port default vlan 10
[HUAWEI-GigabitEthernet0/0/2] port-isolate enable
[HUAWEI-GigabitEthernet0/0/2] quit
# Add interface GE0/0/3 to VLAN10.
[HUAWEI] interface gigabitethernet 0/0/3
[HUAWEI-GigabitEthernet0/0/3] port link-type access
[HUAWEI-GigabitEthernet0/0/3] port default vlan 10
[HUAWEI-GigabitEthernet0/0/3] quit
Step 2 Verify the configuration.
# PC1 and PC2 cannot ping each other.
# PC1 and PC3 can ping each other.
# PC2 and PC3 can ping each other.
----End
Configuration Files
Configuration file of Switch
#
vlan batch 10
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
port-isolate enable group 1
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
port-isolate enable group 1
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 10
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
77
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
3
Ethernet
About This Chapter
This document provides configuration examples of Ethernet.
3.1 Link Aggregation Configuration
Link aggregation is a technology that bundles multiple Ethernet links into a logical link to
increase bandwidth, improve reliability, and load balance traffic.
3.2 VLAN Configuration
VLANs have advantages of broadcast domain isolation, security hardening, flexible networking,
and good extensibility.
3.3 VLAN Mapping Configuration
VLAN mapping is configured on the edge device of the public network so that the VLANs of
private networks are isolated from S-VLANs. This saves S-VLAN resources.
3.4 Voice VLAN Configuration
This chapter describes voice VLAN concepts and how to configure voice VLAN.
3.5 QinQ Configuration
This chapter describes the concepts and configuration procedure of 802.1Q-in-802.1Q (QinQ),
and provides configuration examples.
3.6 GVRP Configuration
This chapter describes basic GVRP concepts, GVRP configuration procedures, and concludes
with a GVRP configuration example.
3.7 MAC Address Table Configuration
This chapter provides the basics for MAC address table configuration, configuration procedure,
and configuration examples.
3.8 STP/RSTP Configuration
This chapter describes the concepts and configuration procedure of STP/RSTP, and provides
configuration examples.
3.9 MSTP Configuration
This chapter describes the concepts and configuration procedure of MSTP, and provides
configuration examples.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
78
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
3.10 SEP Configuration
Smart Ethernet Protection (SEP) is a ring network protocol specially used for the Ethernet link
layer. It blocks redundant links to prevent logical loops on a ring network.
3.11 Layer 2 Protocol Transparent Transmission Configuration
This chapter describes the concept, configuration procedure, and configuration examples of
Layer 2 protocol transparent transmission.
3.12 Loopback Detection Configuration
Loopback detection can detect loops on the network connected to the device and reduce impacts
on the network.
3.13 VoIP Access Configuration
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
79
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
3.1 Link Aggregation Configuration
Link aggregation is a technology that bundles multiple Ethernet links into a logical link to
increase bandwidth, improve reliability, and load balance traffic.
3.1.1 Example for Configuring Link Aggregation in Manual Load
Balancing Mode
Networking Requirements
As shown in Figure 3-1, SwitchA and SwitchB connect to devices in VLAN 10 and VLAN 20
through Ethernet links, and heavy traffic is transmitted between SwitchA and SwitchB.
SwitchA and SwitchB can provide higher link bandwidth to implement inter-VLAN
communication. Reliability of data transmission needs to be ensured.
Figure 3-1 Networking diagram for configuring link aggregation in manual load balancing mode
VLAN10
GE0/0/4
VLAN10
GE0/0/1
GE0/0/2
GE0/0/3
SwitchA
GE0/0/5
Eth-Trunk
Eth-Trunk 1
GE0/0/4
GE0/0/1
GE0/0/2
GE0/0/3
SwitchB
Eth-Trunk 1
VLAN20
GE0/0/5
VLAN20
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create an Eth-Trunk and add member interfaces to the Eth-Trunk to increase link
bandwidth.
NOTE
An interface is added to VLAN1 by default. To avoid broadcast strom, shut down the interface or
remove the interface from VLAN1 before adding it to an Eth-Trunk interface.
2.
Create VLANs and add interfaces to the VLANs.
3.
Set the load balancing mode to ensure that traffic is load balanced between member
interfaces of the Eth-Trunk.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
80
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Procedure
Step 1 Create an Eth-Trunk on SwitchA and add member interfaces to the Eth-Trunk. The configuration
of SwitchB is similar to the configuration of SwitchA, and the configuration details are not
mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] interface Eth-Trunk1
[SwitchA-Eth-Trunk1] trunkport gigabitethernet 0/0/1 to 0/0/3
[SwitchA-Eth-Trunk1] quit
Step 2 Create VLANs and add interfaces to the VLANs. The configuration of SwitchB is similar to the
configuration of SwitchA, and the configuration details are not mentioned here.
# Create VLAN 10 and VLAN 20, and add interfaces to VLAN 10 and VLAN 20.
[SwitchA] vlan batch 10 20
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/4] port
[SwitchA-GigabitEthernet0/0/4] port
[SwitchA-GigabitEthernet0/0/4] quit
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/5] port
[SwitchA-GigabitEthernet0/0/5] port
[SwitchA-GigabitEthernet0/0/5] quit
0/0/4
link-type trunk
trunk allow-pass vlan 10
0/0/5
link-type trunk
trunk allow-pass vlan 20
# Configure Eth-Trunk 1 to allow packets from VLAN 10 and VLAN 20 to pass through.
[SwitchA] interface Eth-Trunk1
[SwitchA-Eth-Trunk1] port link-type trunk
[SwitchA-Eth-Trunk1] port trunk allow-pass vlan 10 20
Step 3 Set the load balancing mode of Eth-Trunk 1. The configuration of SwitchB is similar to the
configuration of SwitchA, and the configuration details are not mentioned here.
[SwitchA-Eth-Trunk1] load-balance src-dst-mac
[SwitchA-Eth-Trunk1] quit
Step 4 Verify the configuration.
Run the display eth-trunk 1 command in any view to check whether the Eth-Trunk is created
and whether member interfaces are added.
[SwitchA] display eth-trunk 1
Eth-Trunk1's state information is:
WorkingMode: NORMAL
Hash arithmetic: According to SA-XOR-DA
Least Active-linknumber: 1
Max Bandwidth-affected-linknumber: 8
Operate status: up
Number Of Up Port In Trunk: 3
-------------------------------------------------------------------------------PortName
Status
Weight
GigabitEthernet0/0/1
Up
1
GigabitEthernet0/0/2
Up
1
GigabitEthernet0/0/3
Up
1
The preceding command output shows that Eth-Trunk 1 has three member interfaces:
GigabitEthernet0/0/1, GigabitEthernet0/0/2, and GigabitEthernet0/0/3. The member interfaces
are both in Up state.
----End
Configuration Files
l
Issue 04 (2013-11-06)
Configuration file of SwitchA
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
81
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
sysname SwitchA
#
vlan batch 10 20
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10 20
load-balance src-dst-mac
#
interface GigabitEthernet0/0/1
eth-trunk 1
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 20
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10 20
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10 20
load-balance src-dst-mac
#
interface GigabitEthernet0/0/1
eth-trunk 1
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 20
#
return
3.1.2 Example for Configuring Link Aggregation in LACP Mode
Networking Requirements
To improve bandwidth and connection reliability, configure a link aggregation group on two
directly connected Switches, as shown in Figure 3-2. The requirements are as follows:
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
82
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
l
Two active links implement load balancing.
l
One link function as the backup link. When a fault occurs on an active link, the backup link
replaces the faulty link to maintain reliable data transmission.
Figure 3-2 Networking diagram for configuring link aggregation in LACP mode
SwitchA
GE0/0/1
GE0/0/2
GE0/0/3
SwitchB
GE0/0/1
GE0/0/2
GE0/0/3
Eth-Trunk
Eth-Trunk 1
Eth-Trunk 1
Active link
Backup link
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create an Eth-Trunk and configure the Eth-Trunk to work in LACP mode to implement
link aggregation.
2.
Add member interfaces to the Eth-Trunk.
NOTE
An interface is added to VLAN1 by default. To avoid broadcast strom, shut down the interface or
remove the interface from VLAN1 before adding it to an Eth-Trunk interface.
3.
Set the system priority and determine the Actor so that the Partner selects active interfaces
based on the Actor interface priority.
4.
Set the upper threshold for the number of active interfaces to improve reliability.
5.
Set interface priorities and determine active interfaces so that interfaces with higher
priorities are selected as active interfaces.
Procedure
Step 1 Create Eth-Trunk 1 on SwitchA and configure Eth-Trunk 1 to work in LACP mode. The
configuration of SwitchB is similar to the configuration of SwitchA, and the configuration details
are not mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] interface eth-trunk 1
[SwitchA-Eth-Trunk1] mode lacp
[SwitchA-Eth-Trunk1] quit
Step 2 Add member interfaces to Eth-Trunk 1 on SwitchA. The configuration of SwitchB is similar to
the configuration of SwitchA, and the configuration details are not mentioned here.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] eth-trunk 1
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] eth-trunk 1
[SwitchA-GigabitEthernet0/0/2] quit
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] eth-trunk 1
[SwitchA-GigabitEthernet0/0/3] quit
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
83
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Step 3 Set the system priority on SwitchA to 100 so that SwitchA becomes the Actor.
[SwitchA] lacp priority 100
Step 4 On SwitchA, set the upper threshold for the number of active interfaces to 2.
[SwitchA] interface eth-trunk 1
[SwitchA-Eth-Trunk1] max active-linknumber 2
[SwitchA-Eth-Trunk1] quit
Step 5 Set the priority of the interface and determine active links on SwitchA.
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/1] lacp
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/2] lacp
[SwitchA-GigabitEthernet0/0/2] quit
0/0/1
priority 100
0/0/2
priority 100
Step 6 Verify the configuration.
# Check information about the Eth-Trunk of the Switchs and check whether negotiation is
successful on the link.
[SwitchA] display eth-trunk 1
Eth-Trunk1's state information is:
Local:
LAG ID: 1
WorkingMode: LACP
Preempt Delay: Disabled
Hash arithmetic: According to SIP-XOR-DIP
System Priority: 100
System ID: 00e0-fca8-0417
Least Active-linknumber: 1
Max Active-linknumber: 2
Operate status: up
Number Of Up Port In Trunk: 2
-------------------------------------------------------------------------------ActorPortName
Status
PortType PortPri
PortNo PortKey
PortState Weight
GigabitEthernet0/0/1
Selected 1GE
100
6145
2865
11111100
1
GigabitEthernet0/0/2
Selected 1GE
100
6146
2865
11111100
1
GigabitEthernet0/0/3
Unselect 1GE
32768
6147
2865
11100000
1
Partner:
-----------------------------------------------------------------------------ActorPortName
SysPri
SystemID
PortPri PortNo PortKey
PortState
GigabitEthernet0/0/1
32768 00e0-fca6-7f85 32768
6145
2609
11111100
GigabitEthernet0/0/2
32768 00e0-fca6-7f85 32768
6146
2609
11111100
GigabitEthernet0/0/3
32768 00e0-fca6-7f85 32768
6147
2609
11110000
[SwitchB] display eth-trunk 1
Eth-Trunk1's state information is:
Local:
LAG ID: 1
WorkingMode: LACP
Preempt Delay: Disabled
Hash arithmetic: According to SIP-XOR-DIP
System Priority: 32768
System ID: 00e0-fca6-7f85
Least Active-linknumber: 1
Max Active-linknumber: 8
Operate status: up
Number Of Up Port In Trunk: 2
-----------------------------------------------------------------------------ActorPortName
Status
PortType
PortPri
PortNo PortKey
PortState Weight
GigabitEthernet0/0/1
Selected
1GE
32768
6145
2609
11111100
1
GigabitEthernet0/0/2
Selected
1GE
32768
6146
2609
11111100
1
GigabitEthernet0/0/3
Unselect
1GE
32768
6147
2609
11100000
1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
84
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Partner:
-----------------------------------------------------------------------------ActorPortName
SysPri
SystemID
PortPri PortNo PortKey
PortState
GigabitEthernet0/0/1
100
00e0-fca8-0417 100
6145
2865
11111100
GigabitEthernet0/0/2
100
00e0-fca8-0417 100
6146
2865
11111100
GigabitEthernet0/0/3
100
00e0-fca8-0417 32768
6147
2865
11110000
The preceding information shows that the system priority of SwitchA is 100, which is higher
than the system priority of SwitchB. Member interfaces GigabitEthernet0/0/1 and
GigabitEthernet0/0/2 become the active interfaces and are in Selected state. Interface
GigabitEthernet0/0/3 is in Unselect state. Two links are active and working in load balancing
mode, and one link is the backup links.
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
lacp priority 100
#
interface Eth-Trunk1
mode lacp
max active-linknumber 2
#
interface GigabitEthernet0/0/1
eth-trunk 1
lacp priority 100
#
interface GigabitEthernet0/0/2
eth-trunk 1
lacp priority 100
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
interface Eth-Trunk1
mode lacp
#
interface GigabitEthernet0/0/1
eth-trunk 1
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
85
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
3.2 VLAN Configuration
VLANs have advantages of broadcast domain isolation, security hardening, flexible networking,
and good extensibility.
3.2.1 Example for Assigning VLANs Based on Ports
Networking Requirements
As shown in Figure 3-3, multiple user terminals are connected to switches in an enterprise.
Users who use the same service access the enterprise network using different devices.
To ensure the communication security and avoid broadcast storms, the enterprise wants to allow
users who use the same service to communicate with each other but isolate users who use
different services.
Configure port-based VLANs on the switch and add ports connecting to terminals of users who
use the same service to the same VLAN. Users in different VLANs cannot perform Layer 2
communication. Users in the same VLAN can communicate directly.
Figure 3-3 Networking diagram for assigning VLANs based on ports
SwitchA
GE0/0/1
User1
VLAN2
GE0/0/3
GE0/0/2
User3
VLAN3
GE0/0/3
GE0/0/1
User2
VLAN2
SwitchB
GE0/0/2
User4
VLAN3
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create VLANs and add ports connecting to user terminals to VLANs to isolate Layer 2
traffic between users who use different services.
2.
Configure the type of link between SwitchA and SwitchB and VLANs to allow users who
use the same service to communicate.
Procedure
Step 1 Create VLAN2 and VLAN3 on SwitchA, and add ports connecting to user terminals to different
VLANs. Configuration of SwitchB is similar to that of SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 2 3
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type access
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
86
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] quit
3 Ethernet
default vlan 2
0/0/2
link-type access
default vlan 3
Step 2 Configure the type of port connecting to SwitchB on SwitchA and VLANs. Configuration of
SwitchB is similar to that of SwitchA.
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] port link-type trunk
[SwitchA-GigabitEthernet0/0/3] port trunk allow-pass vlan 2 3
Step 3 Verify the configuration.
Add User1 and User2 to the same IP address segment, for example, 192.168.100.0/24. Add
User3 and User4 to the same IP address segment, for example, 192.168.200.0/24.
Only User1's and User2's terminals can ping each other. Only User3's and User4's terminals can
ping each other.
----End
Configuration Files
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 2 to 3
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 3
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
return
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 2 to 3
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 3
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 3
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
87
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
return
3.2.2 Example for Assigning VLANs based on MAC Addresses
Networking Requirements
On a company intranet, the network administrator adds the PCs in a department to the same
VLAN. To improve information security, only employees in this department are allowed to
access the intranet.
As shown in Figure 3-4, only PC1, PC2, and PC3 are allowed to access the intranet through
Switch.
You can assign VLANs based on MAC addresses and associate MAC addresses of PCs with the
specified VLAN.
Figure 3-4 Networking diagram for assigning VLANs based on MAC addresses
Enterprise
network
GE0/0/1
Switch
GE0/0/2
GE0/0/3
GE0/0/4
MAC:22-22-22 MAC:33-33-33 MAC:44-44-44
User1
User2
User3
VLAN 10
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create VLANs and determine which VLAN the PCs of employees belong to.
2.
Add Ethernet interfaces to VLANs so that packets of the VLANs can pass through the
interfaces.
3.
Associate MAC addresses of PC1, PC2, and PC3 with the specified VLAN so that the
VLAN of the packet can be determined based on the source MAC address.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
88
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Procedure
Step 1 Configure the Switch.
# Create VLANs.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 10
# Add interfaces to the VLANs. The configuration of GE0/0/3 or GE0/0/4 is similar to the
configuration of GE0/0/2 and the configuration details are not mentioned here.
[Switch] interface gigabitethernet
[Switch-GigabitEthernet0/0/1] port
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet
[Switch-GigabitEthernet0/0/2] port
[Switch-GigabitEthernet0/0/2] quit
0/0/1
hybrid tagged vlan 10
0/0/2
hybrid untagged vlan 10
# Associate MAC addresses of PC1, PC2, and PC3 with VLAN 10.
[Switch] vlan 10
[Switch-vlan10] mac-vlan mac-address 22-22-22
[Switch-vlan10] mac-vlan mac-address 33-33-33
[Switch-vlan10] mac-vlan mac-address 44-44-44
[Switch-vlan10] quit
# Enable MAC address-based VLAN assignment on GE0/0/2. The configuration of GE0/0/3 or
GE0/0/4 is similar to the configuration of GE0/0/2 and the configuration details are not
mentioned here.
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] mac-vlan enable
[Switch-GigabitEthernet0/0/2] quit
Step 2 Verify the configuration.
PC1, PC2, and PC3 can access the intranet, whereas other PCsUsers cannot access the intranet.
----End
Configuration Files
Configuration file of the Switch
#
sysname Switch
#
vlan batch 10
#
vlan 10
mac-vlan mac-address 0022-0022-0022 priority 0
mac-vlan mac-address 0033-0033-0033 priority 0
mac-vlan mac-address 0044-0044-0044 priority 0
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid untagged vlan 10
mac-vlan enable
#
interface GigabitEthernet0/0/3
port hybrid untagged vlan 10
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
89
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
mac-vlan enable
#
interface GigabitEthernet0/0/4
port hybrid untagged vlan 10
mac-vlan enable
#
return
3.2.3 Example for Assigning VLANs Based on IP Subnets
Networking Requirements
A company has multiple services, including IPTV, VoIP, and Internet access. Each service uses
a unique IP subnet. Packets of the same service must be transmitted in the same VLAN, and
packets of different services must be transmitted in different VLANs.
On the network shown in Figure 3-5, the Switch receives Internet, IPTV, and voice services
from users with diverse IP subnets. Packets of different services need to be transmitted in
different VLANs, and packets of each service need to be sent to a specified remote server.
Figure 3-5 Networking diagram for assigning VLANs based on IP subnets
IPTV
server
Voice
Network
Internet
RouterB
RouterA
RouterC
GE0/0/3
GE0/0/4
Switch
GE0/0/5
GE0/0/7
192.168.1.2
/24
GE0/0/6
GE0/0/2
192.168.2.2
/24
192.168.3.2
/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Issue 04 (2013-11-06)
Create VLANs and determine which VLAN each service belongs to.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
90
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
2.
Associate IP subnets with VLANs so that VLANs of packets can be determined based on
the source IP addresses or specified network segments.
3.
Add interfaces to VLANs so that packets of the IP subnet-based VLANs can pass through
the interfaces.
4.
Enable IP subnet-based VLAN assignment.
Procedure
Step 1 Create VLANs.
# Create VLAN 100, VLAN 200, and VLAN 300 on the Switch.
<HUAWEI> system-view
[HUAWEI] vlan batch 100 200 300
Step 2 Configure interfaces.
# Set the link type of GE0/0/5,GE0/0/6, and GE0/0/7 to hybrid and add it to VLAN 100, VLAN
200, and VLAN 300 respectively in untagged mode. And enable IP subnet-based VLAN
assignment on GE0/0/5,GE0/0/6, and GE0/0/7.
[HUAWEI] interface gigabitethernet 0/0/5
[HUAWEI-GigabitEthernet0/0/5] port link-type hybrid
[HUAWEI-GigabitEthernet0/0/5] port hybrid untagged vlan 100
[HUAWEI-GigabitEthernet0/0/5] ip-subnet-vlan enable
[HUAWEI-GigabitEthernet0/0/5] quit
[HUAWEI] interface gigabitethernet 0/0/6
[HUAWEI-GigabitEthernet0/0/6] port link-type hybrid
[HUAWEI-GigabitEthernet0/0/6] port hybrid untagged vlan 200
[HUAWEI-GigabitEthernet0/0/6] ip-subnet-vlan enable
[HUAWEI-GigabitEthernet0/0/6] quit
[HUAWEI] interface gigabitethernet 0/0/7
[HUAWEI-GigabitEthernet0/0/7] port link-type hybrid
[HUAWEI-GigabitEthernet0/0/7] port hybrid untagged vlan 300
[HUAWEI-GigabitEthernet0/0/7] ip-subnet-vlan enable
[HUAWEI-GigabitEthernet0/0/7] quit
# Add GE0/0/2 of the Switch to VLAN 100.
[HUAWEI] interface gigabitethernet 0/0/2
[HUAWEI-GigabitEthernet0/0/2] port link-type trunk
[HUAWEI-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[HUAWEI-GigabitEthernet0/0/2] quit
# Add GE0/0/3 of the Switch to VLAN 200.
[HUAWEI] interface gigabitethernet 0/0/3
[HUAWEI-GigabitEthernet0/0/3] port link-type trunk
[HUAWEI-GigabitEthernet0/0/3] port trunk allow-pass vlan 200
[HUAWEI-GigabitEthernet0/0/3] quit
# Add GE0/0/4 of the Switch to VLAN 300.
[HUAWEI] interface gigabitethernet 0/0/4
[HUAWEI-GigabitEthernet0/0/4] port link-type trunk
[HUAWEI-GigabitEthernet0/0/4] port trunk allow-pass vlan 300
[HUAWEI-GigabitEthernet0/0/4] quit
Step 3 Configure IP subnet-based VLAN assignment.
# Associate 192.168.1.2/24 to VLAN 100 and set the 802.1p priority of VLAN 100 to 2.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
91
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[HUAWEI] vlan 100
[HUAWEI-vlan100] ip-subnet-vlan 1 ip 192.168.1.2 24 priority 2
[HUAWEI-vlan100] quit
# Associate 192.168.2.2/24 to VLAN 200 and set the 802.1p priority of VLAN 200 to 3.
[HUAWEI] vlan 200
[HUAWEI-vlan200] ip-subnet-vlan 1 ip 192.168.2.2 24 priority 3
[HUAWEI-vlan200] quit
# Associate IP subnet 192.168.3.2/24 to VLAN 100 and set the 802.1p priority of VLAN 300
to 4.
[HUAWEI] vlan 300
[HUAWEI-vlan300] ip-subnet-vlan 1 ip 192.168.3.2 24 priority 4
[HUAWEI-vlan300] quit
Step 4 Verify the configuration.
Run the display ip-subnet-vlan vlan all command on the Switch. The following information
is displayed:
[HUAWEI] display ip-subnet-vlan vlan all
---------------------------------------------------------------Vlan
Index
IpAddress
SubnetMask
Priority
---------------------------------------------------------------100
1
192.168.1.2
255.255.255.0
2
200
1
192.168.2.2
255.255.255.0
3
300
1
192.168.3.2
255.255.255.0
4
---------------------------------------------------------------ip-subnet-vlan count: 3
total count: 3
----End
Configuration Files
l
Configuration file of the Switch
#
sysname HUAWEI
#
vlan batch 100 200 300
#
vlan 100
ip-subnet-vlan 1 ip 192.168.1.2 255.255.255.0 priority 2
vlan 200
ip-subnet-vlan 1 ip 192.168.2.2 255.255.255.0 priority 3
vlan 300
ip-subnet-vlan 1 ip 192.168.3.2 255.255.255.0 priority 4
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 200
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 300
#
interface GigabitEthernet0/0/5
port hybrid untagged vlan 100
ip-subnet-vlan enable
#
interface GigabitEthernet0/0/6
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
92
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
port hybrid untagged vlan 200
ip-subnet-vlan enable
#
interface GigabitEthernet0/0/7
port hybrid untagged vlan 300
ip-subnet-vlan enable
#
return
3.2.4 Example for Assigning VLANs Based on Protocols
Networking Requirements
A company has multiple services, including IPTV, VoIP, and Internet access. Each service uses
a unique protocol. To facilitate network management, each service is added to a different VLAN.
As shown in Figure 3-6, Swithc1 receives packets of multiple services that use different
protocols. Users in VLAN 10 use IPv4 to communicate with remote users, and users in VLAN
20 use IPv6 to communicate with the servers. Switch1 needs to assign VLANs to packets of
different services and transmit packets with different VLAN IDs to different servers.
Figure 3-6 Networking diagram for assigning VLANs based on protocols
Voice
Network
Internet
RouterA
RouterB
GE0/0/2
GE0/0/3
Switch
GE0/0/1
GE0/0/1
Switch1
GE0/0/2
IPv4
VLAN 10
GE0/0/3
IPv6
VLAN 20
Configuration Roadmap
The configuration roadmap is as follows:
1.
Issue 04 (2013-11-06)
Create VLANs and determine which VLAN each service belongs to.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
93
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
2.
Associate protocols with VLANs so that VLAN IDs that received packets belong to can
be assigned based on the protocol types.
3.
Add interfaces to VLANs so that packets of the protocol-based VLANs can pass through
the interfaces.
4.
Associate ports with VLANs.
After the Switch receives a frame of a specified protocol, it assigns the VLAN ID associated
with the protocol to the frame.
Procedure
Step 1 Create VLANs.
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan batch 10 20
Step 2 Configure protocol-based VLANs.
# Associate IPv4 with VLAN 10 on Switch1.
[Switch1] vlan 10
[Switch1-vlan10] protocol-vlan ipv4
[Switch1-vlan10] quit
# Associate IPv6 with VLAN 20 on Switch1.
[Switch1] vlan 20
[Switch1-vlan20] protocol-vlan ipv6
[Switch1-vlan20] quit
Step 3 Associate interfaces with protocol-based VLANs.
# Associate GE0/0/2 with VLAN 10 and set the 802.1p priority of VLAN 10 to 5 on Switch1.
[Switch1] interface gigabitethernet 0/0/2
[Switch1-GigabitEthernet0/0/2] protocol-vlan vlan 10 all priority 5
[Switch1-GigabitEthernet0/0/2] quit
# Associate GE0/0/3 with VLAN 20 and set the 802.1p priority of VLAN 20 to 6 on Switch1.
[Switch1] interface gigabitethernet 0/0/3
[Switch1-GigabitEthernet0/0/3] protocol-vlan vlan 20 all priority 6
[Switch1-GigabitEthernet0/0/3] quit
Step 4 Configure interfaces.
# Add GE0/0/1 to VLAN 10 and VLAN 20 in trunk mode on Switch1.
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type trunk
[Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 20
[Switch-GigabitEthernet0/0/1] quit
# Add GE0/0/2 to VLAN 10 in untagged mode on Switch1.
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type hybrid
[Switch-GigabitEthernet0/0/2] port hybrid untagged vlan 10
[Switch-GigabitEthernet0/0/2] quit
# Add GE0/0/3 to VLAN 20 in untagged mode on Switch1.
[Switch] interface gigabitethernet 0/0/3
[Switch-GigabitEthernet0/0/3] port link-type hybrid
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
94
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[Switch-GigabitEthernet0/0/3] port hybrid untagged vlan 20
[Switch-GigabitEthernet0/0/3] quit
# Add GE0/0/1 to VLAN 10 and VLAN 20 in trunk mode on Switch.
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type trunk
[Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 20
[Switch-GigabitEthernet0/0/1] quit
# Add GE0/0/2 to VLAN 10 in trunk mode on Switch.
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type trunk
[Switch-GigabitEthernet0/0/2] port trunk allow-pass vlan 10
[Switch-GigabitEthernet0/0/2] quit
# Add GE0/0/3 to VLAN 20 in trunk mode on Switch.
[Switch] interface gigabitethernet 0/0/3
[Switch-GigabitEthernet0/0/3] port link-type trunk
[Switch-GigabitEthernet0/0/3] port trunk allow-pass vlan 20
[Switch-GigabitEthernet0/0/3] return
Step 5 Verify the configuration.
After you complete the configuration, run the display protocol-vlan interface all command on
Switch1 to view the protocol-based VLAN assignment.
<Switch1> display protocol-vlan interface all
------------------------------------------------------------------------------Interface
VLAN
Index
Protocol Type
Priority
------------------------------------------------------------------------------GigabitEthernet0/0/2
10
0
IPv4
5
GigabitEthernet0/0/3
20
0
IPv6
6
----End
Configuration Files
l
Configuration file of the Switch1
#
sysname Switch1
#
vlan batch 10 20
#
vlan 10
protocol-vlan 0 ipv4
vlan 20
protocol-vlan 0 ipv6
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/2
port hybrid untagged vlan 10
protocol-vlan vlan 10 0 priority 5
#
interface GigabitEthernet0/0/3
port hybrid untagged vlan 20
protocol-vlan vlan 20 0 priority 6
#
return
l
Issue 04 (2013-11-06)
Configuration file of the Switch
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
95
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
sysname Switch
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 20
#
return
3.2.5 Example for Implementing Inter-VLAN Communication
Using VLANIF Interfaces
Networking Requirements
Users in an enterprise use different services and locate at different network segments. Users who
use the same service belong to different VLANs and they want to communicate with each other.
As shown in Figure 3-7, User 1 and User 2 use the same service but belong to different VLANs
and locate at different network segments. User 1 wants to communicate with User 2.
Figure 3-7 Networking diagram for implementing inter-VLAN communication using VLANIF
interfaces
Switch
GE0/0/1
VLANIF10
10.10.10.2/24
GE0/0/2
VLANIF20
20.20.20.2/24
VLAN 10
VLAN 20
User1
10.10.10.3/24
User2
20.20.20.3/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create VLANs on the switches for different users.
2.
Add interfaces to VLANs so that packets of the VLANs can pass through the interfaces.
3.
Create VLANIF interfaces and configure IP addresses for the VLANIF interfaces to
implement Layer 3 communication.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
96
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
NOTE
To implement communication between VLANs, hosts in each VLAN must use the IP address of the
corresponding VLANIF interface as the gateway address.
Procedure
Step 1 Configure the Switch.
# Create VLANs.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 10 20
# Add interfaces to VLANs.
[Switch] interface gigabitethernet
[Switch-GigabitEthernet0/0/1] port
[Switch-GigabitEthernet0/0/1] port
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet
[Switch-GigabitEthernet0/0/2] port
[Switch-GigabitEthernet0/0/2] port
[Switch-GigabitEthernet0/0/2] quit
0/0/1
link-type access
default vlan 10
0/0/2
link-type access
default vlan 20
# Assign IP addresses to the VLANIF interfaces.
[Switch] interface vlanif 10
[Switch-Vlanif10] ip address 10.10.10.2 24
[Switch-Vlanif10] quit
[Switch] interface vlanif 20
[Switch-Vlanif20] ip address 20.20.20.2 24
[Switch-Vlanif20] quit
Step 2 Verify the configuration.
Configure the IP address 10.10.10.3/24 on user 1's host, configure the VLANIF 10 interface IP
address 10.10.10.2/24 as the gateway address.
Configure the IP address 20.20.20.3/24 on user 1's host, configure the VLANIF 10 interface IP
address 20.20.20.2/24 as the gateway address.
After the preceding configurations are complete, User 1 in VLAN 10 and User 2 in VLAN 20
can communicate.
----End
Configuration Files
Configuration file of the Switch
#
sysname Switch
#
vlan batch 10 20
#
interface Vlanif10
ip address 10.10.10.2 255.255.255.0
#
interface Vlanif20
ip address 20.20.20.2 255.255.255.0
#
interface GigabitEthernet0/0/1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
97
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
#
return
3.2.6 Example for Configuring VLAN Aggregation
Networking Requirements
Multiple departments in an enterprise locate at the same network segment. To improve the
service security, assign departments to different VLANs. Some departments need to
communicate.
As shown in Figure 3-8, departments in VLAN 2 and VLAN 3 want to communicate with each
other.
You can configure VLAN aggregation on the switch to isolate VLAN 2 from VLAN 3 at Layer
2 and allow them to communicate at Layer 3. VLAN 2 and VLAN 3 use the same subnet segment,
saving IP addresses.
NOTE
The S2350, S5306 and S5300LI do not support VLAN aggregation.
Figure 3-8 Networking diagram for configuring VLAN aggregation
Switch
GE0/0/1
GE0/0/3
GE0/0/2
GE0/0/4
VLAN2
VLAN3
VLAN4
VLANIF4:100.1.1.12/24
VLAN 2
VLAN 3
Configuration Roadmap
The configuration roadmap is as follows:
1.
Issue 04 (2013-11-06)
Add interfaces of the Switch to sub-VLANs to isolate sub-VLANs at Layer 2.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
98
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
2.
Add the sub-VLANs to a super-VLAN.
3.
Configure the IP address for the VLANIF interface.
4.
Configure proxy ARP for the super-VLAN to allow sub-VLANs to communicate at Layer
3.
Procedure
Step 1 Set the interface type.
# Configure GE 0/0/1 as an access interface.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type access
[Switch-GigabitEthernet0/0/1] quit
Configurations of GE0/0/2, GE0/0/3, and GE0/0/4 are the same as that of GE0/0/1.
Step 2 Create VLAN 2 and add GE0/0/1 and GE0/0/2 to VLAN 2.
[Switch] vlan 2
[Switch-vlan2] port gigabitethernet 0/0/1 0/0/2
[Switch-vlan2] quit
Step 3 Create VLAN 3 and add GE0/0/3 and GE0/0/4 to VLAN 3.
[Switch] vlan 3
[Switch-vlan3] port gigabitethernet 0/0/3 0/0/4
[Switch-vlan3] quit
Step 4 Configure VLAN 4.
# Configure the super-VLAN.
[Switch] vlan 4
[Switch-vlan4] aggregate-vlan
[Switch-vlan4] access-vlan 2 to 3
[Switch-vlan4] quit
# Configure the VLANIF interface.
[Switch] interface vlanif 4
[Switch-Vlanif4] ip address 100.1.1.12 255.255.255.0
[Switch-Vlanif4] quit
Step 5 Configure the PCs.
Configure an IP address for each PC. Ensure that the PC IP addresses are in the same network
segment as VLAN 4.
When the configuration is complete, the PCs and the Switch can ping each other, but the PCs in
VLAN 2 and the PCs in VLAN 3 cannot ping each other. You need to configure proxy ARP on
the switch.
Step 6 Configure proxy ARP.
[Switch] interface vlanif 4
[Switch-Vlanif4] arp-proxy inter-sub-vlan-proxy enable
[Switch-Vlanif4] quit
Step 7 Verify the configuration.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
99
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
When the configuration is complete, the PCs in VLAN 2 and VLAN 3 can ping each other.
----End
Configuration Files
Configuration file of the Switch
#
sysname switch
#
vlan batch 2 to 4
#
vlan 4
aggregate-vlan
access-vlan 2 to 3
#
interface Vlanif4
ip address 100.1.1.12 255.255.255.0
arp-proxy inter-sub-vlan-proxy enable
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 3
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 3
#
return
3.2.7 Example for Configuring MUX VLAN on the Access Layer
Device
Networking Requirements
On an enterprise network, all users can access the enterprise server. Some users need to
communicate with each other, whereas some users must be isolated each other.
As shown in Figure 3-9, MUX VLAN can be configured on the Switch to meet the enterprise's
requirements using fewer VLAN IDs. In addition, MUX VLAN reduces the configuration
workload of the network administrator, and facilitates network maintenance.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
100
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-9 MUX VLAN configuration
Switch
GE0/0/1
Server
VLAN2
(Principal VLAN)
GE0/0/2
GE0/0/5
GE0/0/3 GE0/0/4
HostB
HostC
VLAN3(Group VLAN)
HostD
HostE
VLAN4(Separate VLAN)
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the principal VLAN.
2.
Configure the group VLAN.
3.
Configure the separate VLAN.
4.
Add interfaces to the VLANs and enable the MUX VLAN function.
Procedure
Step 1 Configure the MUX VLAN.
# Create VLAN 2, VLAN 3, and VLAN 4.
<HUAWEI> system-view
[HUAWEI] vlan batch 2 3 4
# Configure the Group VLAN and Separate VLAN in the MUX VLAN.
[HUAWEI] vlan 2
[HUAWEI-vlan2] mux-vlan
[HUAWEI-vlan2] subordinate group 3
[HUAWEI-vlan2] subordinate separate 4
[HUAWEI-vlan2] quit
# Add interfaces to the VLANs and enable the MUX VLAN function on the interfaces.
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/1] port
[HUAWEI-GigabitEthernet0/0/1] port
[HUAWEI-GigabitEthernet0/0/1] port
[HUAWEI-GigabitEthernet0/0/1] quit
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/2] port
[HUAWEI-GigabitEthernet0/0/2] port
[HUAWEI-GigabitEthernet0/0/2] port
[HUAWEI-GigabitEthernet0/0/2] quit
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/3] port
[HUAWEI-GigabitEthernet0/0/3] port
[HUAWEI-GigabitEthernet0/0/3] port
[HUAWEI-GigabitEthernet0/0/3] quit
Issue 04 (2013-11-06)
0/0/1
link-type access
default vlan 2
mux-vlan enable vlan 2
0/0/2
link-type access
default vlan 3
mux-vlan enable vlan 3
0/0/3
link-type access
default vlan 3
mux-vlan enable vlan 3
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
101
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/4] port
[HUAWEI-GigabitEthernet0/0/4] port
[HUAWEI-GigabitEthernet0/0/4] port
[HUAWEI-GigabitEthernet0/0/4] quit
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/5] port
[HUAWEI-GigabitEthernet0/0/5] port
[HUAWEI-GigabitEthernet0/0/5] port
[HUAWEI-GigabitEthernet0/0/5] quit
3 Ethernet
0/0/4
link-type access
default vlan 4
mux-vlan enable vlan 4
0/0/5
link-type access
default vlan 4
mux-vlan enable vlan 4
Step 2 Verify the configuration.
The server can communicate with HostB, HostC, HostD, and HostE at Layer 2.
HostB can communicate with HostC at Layer 2.
HostD cannot communicate with HostE at Layer 2.
HostB and HostC cannot communicate with HostD and HostE at Layer 2.
----End
Configuration Files
Configuration file of the Switch
#
sysname HUAWEI
#
vlan batch 2 to 4
#
vlan 2
mux-vlan
subordinate separate 4
subordinate group 3
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
port mux-vlan enable vlan 2
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 3
port mux-vlan enable vlan 3
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 3
port mux-vlan enable vlan 3
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 4
port mux-vlan enable vlan 4
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 4
port mux-vlan enable vlan 4
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
102
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
3.2.8 Example for Configuring the MUX VLAN on the Aggregation
Device
Networking Requirements
All employees of an enterprise can access the server on the enterprise network. The enterprise
allows some employees to communicate but expects to isolate some employees.
As shown in Figure 3-10, Switch1 is deployed at the aggregation layer and used as the gateway
of downstream terminals. Switch2, Switch3, Switch4, Switch5, and Switch6 are access layer
devices. You can configure MUX VLAN on Switch1. This saves VLAN IDs on the enterprise
network and facilitates network management.
Figure 3-10 Network of MUX VLAN
Internet
Switch2
GE0/0/3
GE0/0/6
HostB
VLAN2
(Principal VLAN)
/5
Switch3
Server
0/0
GE
0/0
/
4
GE0/0/2
GE
Switch1
Switch4 Switch5
HostC
VLAN3(Group VLAN)
Switch6
HostD
HostE
VLAN4(Separate VLAN)
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the principal VLAN and a VLANIF interface. The IP address of the VLANIF
interface is used as the gateway IP address of downstream hosts and server.
2.
Configure the group VLAN.
3.
Configure the separate VLAN.
4.
Add interfaces to the VLANs and enable the MUX VLAN function on the interfaces.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
103
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5.
3 Ethernet
Add interfaces of access layer devices to VLANs.
Procedure
Step 1 Configure the MUX VLAN.
# Create VLAN 2, VLAN 3, and VLAN 4, and a VLANIF interface for VLAN 2. The IP address
of the VLANIF interface is used as the gateway IP address of downstream hosts and server.
<HUAWEI> system-view
[HUAWEI] vlan batch 2 3 4
[HUAWEI] interface vlanif 2
[HUAWEI-Vlanif2] ip address 192.168.100.100 24
[HUAWEI-Vlanif2] quit
# Configure the group VLAN and separate VLAN.
[HUAWEI] vlan 2
[HUAWEI-vlan2] mux-vlan
[HUAWEI-vlan2] subordinate group 3
[HUAWEI-vlan2] subordinate separate 4
[HUAWEI-vlan2] quit
# Add interfaces to the VLANs and enable the MUX VLAN function on the interfaces.
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/2] port
[HUAWEI-GigabitEthernet0/0/2] port
[HUAWEI-GigabitEthernet0/0/2] port
[HUAWEI-GigabitEthernet0/0/2] quit
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/3] port
[HUAWEI-GigabitEthernet0/0/3] port
[HUAWEI-GigabitEthernet0/0/3] port
[HUAWEI-GigabitEthernet0/0/3] quit
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/4] port
[HUAWEI-GigabitEthernet0/0/4] port
[HUAWEI-GigabitEthernet0/0/4] port
[HUAWEI-GigabitEthernet0/0/4] quit
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/5] port
[HUAWEI-GigabitEthernet0/0/5] port
[HUAWEI-GigabitEthernet0/0/5] port
[HUAWEI-GigabitEthernet0/0/5] quit
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/6] port
[HUAWEI-GigabitEthernet0/0/6] port
[HUAWEI-GigabitEthernet0/0/6] port
[HUAWEI-GigabitEthernet0/0/6] quit
0/0/2
link-type trunk
trunk allow-pass vlan 2
mux-vlan enable vlan 2
0/0/3
link-type trunk
trunk allow-pass vlan 3
mux-vlan enable vlan 3
0/0/4
link-type trunk
trunk allow-pass vlan 3
mux-vlan enable vlan 3
0/0/5
link-type trunk
trunk allow-pass vlan 4
mux-vlan enable vlan 4
0/0/6
link-type trunk
trunk allow-pass vlan 4
mux-vlan enable vlan 4
Step 2 Add interfaces of access layer switches to VLANs. The configuration details are not mentioned
here.
Step 3 Verify the configuration.
The server can communicate with HostB, HostC, HostD, and HostE at Layer 2.
HostB can communicate with HostC at Layer 2.
HostD cannot communicate with HostE at Layer 2.
HostB and HostC cannot communicate with HostD and HostE at Layer 2.
----End
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
104
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Configuration Files
Configuration file of Switch1
#
sysname HUAWEI
#
vlan batch 2 to 4
#
vlan 2
mux-vlan
subordinate separate 4
subordinate group 3
#
interface Vlanif2
ip address 192.168.100.100 255.255.255.0
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2
port mux-vlan enable vlan 2
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 3
port mux-vlan enable vlan 3
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 3
port mux-vlan enable vlan 3
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 4
port mux-vlan enable vlan 4
#
interface GigabitEthernet0/0/6
port link-type trunk
port trunk allow-pass vlan 4
port mux-vlan enable vlan 4
#
return
3.3 VLAN Mapping Configuration
VLAN mapping is configured on the edge device of the public network so that the VLANs of
private networks are isolated from S-VLANs. This saves S-VLAN resources.
3.3.1 Example for Configuring VLAN ID-based 1 to 1 VLAN
Mapping
Networking Requirements
Users in different communities use same services, such as the web, IPTV, and VoIP services.
To facilitate management, the network administrator of each community adds different services
to different VLANs. Communities in different VLANs need to use the same service, so
communication between VLANs must be implemented.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
105
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
As shown in Figure 3-11, community 1 and community 2 have the same services, but belong
to different VLANs. Communication between community 1 and community 2 needs to be
implemented with low costs.
Figure 3-11 Networking diagram for configuring 1 to 1 VLAN mapping
PE1
GE0/0/1
PE2
GE0/0/1
ISP
VLAN10
CE1 GE0/0/3
GE0/0/1
GE0/0/2
GE0/0/3 CE2
GE0/0/1
GE0/0/2
Community1
VLAN6
Community2
VLAN5
172.16.0.2/16
172.16.0.1/16
172.16.0.3/16
172.16.0.6/16
172.16.0.5/16
172.16.0.7/16
IP addresses of devices in the VLAN5 and VLAN6 must be in the same network segment.
Configuration Roadmap
The configuration roadmap is as follows:
1.
Add the switch port connecting to community 1 to VLAN6 and add the switch port
connecting to community 2 to VLAN5.
2.
Configure VLAN mapping on GE0/0/1 of PE1 and PE2 and map C-VLAN IDs to S-VLAN
IDs so that users in different VLANs can communicate with each other.
Procedure
Step 1 Add downlink interfaces on switches to specified VLANs.
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan 6
[CE1-vlan6] quit
[CE1] interface gigabitethernet
[CE1-GigabitEthernet0/0/1] port
[CE1-GigabitEthernet0/0/1] port
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface gigabitethernet
[CE1-GigabitEthernet0/0/2] port
[CE1-GigabitEthernet0/0/2] port
[CE1-GigabitEthernet0/0/2] quit
[CE1] interface gigabitethernet
[CE1-GigabitEthernet0/0/3] port
Issue 04 (2013-11-06)
0/0/1
link-type access
default vlan 6
0/0/2
link-type access
default vlan 6
0/0/3
link-type trunk
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
106
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[CE1-GigabitEthernet0/0/3] port trunk allow-pass vlan 6
[CE1-GigabitEthernet0/0/3] quit
# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan 5
[CE2-vlan5] quit
[CE2] interface gigabitethernet
[CE2-GigabitEthernet0/0/1] port
[CE2-GigabitEthernet0/0/1] port
[CE2-GigabitEthernet0/0/1] quit
[CE2] interface gigabitethernet
[CE2-GigabitEthernet0/0/2] port
[CE2-GigabitEthernet0/0/2] port
[CE2-GigabitEthernet0/0/2] quit
[CE2] interface gigabitethernet
[CE2-GigabitEthernet0/0/3] port
[CE2-GigabitEthernet0/0/3] port
[CE2-GigabitEthernet0/0/3] quit
0/0/1
link-type access
default vlan 5
0/0/2
link-type access
default vlan 5
0/0/3
link-type trunk
trunk allow-pass vlan 5
Step 2 Configure VLAN mapping on the GE0/0/1 of PE1 and PE2.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan 10
[PE1-vlan10] quit
[PE1] interface gigabitethernet
[PE1-GigabitEthernet0/0/1] port
[PE1-GigabitEthernet0/0/1] port
[PE1-GigabitEthernet0/0/1] qinq
[PE1-GigabitEthernet0/0/1] port
[PE1-GigabitEthernet0/0/1] quit
0/0/1
link-type trunk
trunk allow-pass vlan 10
vlan-translation enable
vlan-mapping vlan 6 map-vlan 10
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] vlan 10
[PE2-vlan10] quit
[PE2] interface gigabitethernet
[PE2-GigabitEthernet0/0/1] port
[PE2-GigabitEthernet0/0/1] port
[PE1-GigabitEthernet0/0/1] qinq
[PE2-GigabitEthernet0/0/1] port
[PE2-GigabitEthernet0/0/1] quit
0/0/1
link-type trunk
trunk allow-pass vlan 10
vlan-translation enable
vlan-mapping vlan 5 map-vlan 10
Step 3 Verify the configurations.
Verify that users in community 1 and community 2 can communicate each other.
----End
Configuration Files
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 6
#
interface GigabitEthernet0/0/1
port link-type access
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
107
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
port default vlan 6
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 6
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 6
#
return
l
Configuration file of CE2
#
sysname CE2
#
vlan batch 5
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 5
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 5
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 5
#
return
l
Configuration file of PE1
#
sysname PE1
#
vlan batch 10
#
interface GigabitEthernet0/0/1
qinq vlan-translation enable
port link-type trunk
port trunk allow-pass vlan 10
port vlan-mapping vlan 6 map-vlan 10
#
return
l
Configuration file of PE2
#
sysname PE2
#
vlan batch 10
#
interface GigabitEthernet0/0/1
qinq vlan-translation enable
port link-type trunk
port trunk allow-pass vlan 10
port vlan-mapping vlan 5 map-vlan 10
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
108
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
3.3.2 Example for Configuring VLAN ID-based N to 1 VLAN
Mapping
Networking Requirements
As shown in Figure 3-12, a large number of switches need to be deployed at the corridor so that
the same service used by different users can be sent on different VLANs. To save VLAN
resources, configure the VLAN aggregation function (N to 1) on the switches so that same
services are sent on the same VLAN.
Figure 3-12 Networking diagram for configuring N to 1 VLAN mapping
Internet
Switch
VLAN100~200
SwitchA
……
SwitchB
GE0/0/1
SwitchC
……
……
SwitchD
SwitchE
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create the original VLAN and the translated VLAN on the Switch and add GE0/0/1 to the
VLANs in the tagged mode.
2.
Configure VLAN mapping on GE0/0/1 on the Switch.
Procedure
Step 1 Configure the Switch.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
109
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
# Create a VLAN.
<HUAWEI> system-view
[HUAWEI] vlan batch 10 100 to 200
# Add GE0/0/1 to the VLAN.
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port hybrid tagged vlan 10 100 to 200
# Configure VLAN mapping on GE0/0/1.
[HUAWEI-GigabitEthernet0/0/1] qinq vlan-translation enable
[HUAWEI-GigabitEthernet0/0/1] port vlan-mapping vlan 100 to 200 map-vlan 10
Step 2 Verify the configurations.
Verify that users in VLAN 100 to VLAN 200 can connect to the Internet through the Switch.
----End
Configuration Files
l
Configuration file of Switch
#
sysname HUAWEI
#
vlan batch 10 100 to 200
#
interface gigabitethernet0/0/1
qinq vlan-translation enable
port hybrid tagged vlan 10 100 to 200
port vlan-mapping vlan 100 to 200 map-vlan 10
#
return
3.3.3 Example for Configuring VLAN ID-based 2 to 1 VLAN
Mapping
Networking Requirements
As shown in Figure 3-13, Residential Gateway, Corridor Switch, and Community Switch allow
users to connect to the aggregation layer. To save VLAN resources and isolate same services
used by different users, configure the QinQ function on the Corridor Switch and configure VLAN
mapping on the Community Switch.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
110
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-13 Networking diagram for configuring 2 to 1 VLAN mapping
Internet
Aggregate switch of carrier
Community
Switch
GE0/0/3
S5
GE0/0/1
GE0/0/2
GE0/0/2
GE0/0/1
4
501
IPTV
VLAN 4
GE0/0/2
1
PC
VLAN 2
IP
2 ~3
201
IP
4
401
S2
VoIP
VLAN 3
3
GE0/0/2
IP
/ 0/
GE
0/0
/
501
0
GE
3
VoIP
VLAN 3
/ 0/
PC
VLAN 2
GE0/0/4
GE0/0/4
Residential
Gateway
0
GE
1
S1
2 ~3
GE0/0/2
S4
Corridor
GE0/0/1
Switch
GE
0/0
/
S3
IP
IPTV
VLAN 4
Configuration Roadmap
The configuration roadmap is as follows:
1.
Add switch ports connecting to users to specified VLANs to distinguish different services.
2.
Configure the QinQ function on the Corridor Switch to distinguish users and services.
3.
Configure VLAN mapping on the Community Switch to save VLAN resources.
Procedure
Step 1 Add downlink interfaces of S1 and S2 to specified VLANs.
# Configure S1.
<HUAWEI> system-view
[HUAWEI] sysname S1
[S1] vlan batch 2 to 4
[S1] interface gigabitethernet 0/0/1
[S1-GigabitEthernet0/0/1] port link-type access
[S1-GigabitEthernet0/0/1] port default vlan 2
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
111
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
[S1-GigabitEthernet0/0/1] quit
[S1] interface gigabitethernet
[S1-GigabitEthernet0/0/2] port
[S1-GigabitEthernet0/0/2] port
[S1-GigabitEthernet0/0/2] quit
[S1] interface gigabitethernet
[S1-GigabitEthernet0/0/3] port
[S1-GigabitEthernet0/0/3] port
[S1-GigabitEthernet0/0/3] quit
[S1] interface gigabitethernet
[S1-GigabitEthernet0/0/4] port
[S1-GigabitEthernet0/0/4] port
[S1-GigabitEthernet0/0/4] quit
3 Ethernet
0/0/2
link-type access
default vlan 3
0/0/3
link-type access
default vlan 4
0/0/4
link-type trunk
trunk allow-pass vlan 2 to 4
# Configure S2.
<HUAWEI> system-view
[HUAWEI] sysname S2
[S2] vlan batch 2 to 4
[S2] interface gigabitethernet
[S2-GigabitEthernet0/0/1] port
[S2-GigabitEthernet0/0/1] port
[S2-GigabitEthernet0/0/1] quit
[S2] interface gigabitethernet
[S2-GigabitEthernet0/0/2] port
[S2-GigabitEthernet0/0/2] port
[S2-GigabitEthernet0/0/2] quit
[S2] interface gigabitethernet
[S2-GigabitEthernet0/0/3] port
[S2-GigabitEthernet0/0/3] port
[S2-GigabitEthernet0/0/3] quit
[S2] interface gigabitethernet
[S2-GigabitEthernet0/0/4] port
[S2-GigabitEthernet0/0/4] port
[S2-GigabitEthernet0/0/4] quit
0/0/1
link-type access
default vlan 2
0/0/2
link-type access
default vlan 3
0/0/3
link-type access
default vlan 4
0/0/4
link-type trunk
trunk allow-pass vlan 2 to 4
Step 2 Configure the QinQ function on the Corridor Switch to allow the Corridor Switch to send doubletagged packets to the Community Switch.
# Configure S3.
<HUAWEI> system-view
[HUAWEI] sysname S3
[S3] vlan batch 201 401
[S3] interface gigabitethernet
[S3-GigabitEthernet0/0/1] port
[S3-GigabitEthernet0/0/1] port
[S3-GigabitEthernet0/0/1] port
[S3-GigabitEthernet0/0/1] port
[S3-GigabitEthernet0/0/1] quit
[S3] interface gigabitethernet
[S3-GigabitEthernet0/0/2] port
[S3-GigabitEthernet0/0/2] port
[S3-GigabitEthernet0/0/2] quit
0/0/1
link-type trunk
trunk allow-pass vlan 201 401
vlan-stacking vlan 2 to 3 stack-vlan 201
vlan-stacking vlan 4 stack-vlan 401
0/0/2
link-type trunk
trunk allow-pass vlan 201 401
# Configure S4.
<HUAWEI> system-view
[HUAWEI] sysname S4
[S4] vlan batch 201 401
[S4] interface gigabitethernet
[S4-GigabitEthernet0/0/1] port
[S4-GigabitEthernet0/0/1] port
[S4-GigabitEthernet0/0/1] port
[S4-GigabitEthernet0/0/1] port
[S4-GigabitEthernet0/0/1] quit
[S4] interface gigabitethernet
Issue 04 (2013-11-06)
0/0/1
link-type trunk
trunk allow-pass vlan 201 401
vlan-stacking vlan 2 to 3 stack-vlan 201
vlan-stacking vlan 4 stack-vlan 401
0/0/2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
112
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[S4-GigabitEthernet0/0/2] port link-type trunk
[S4-GigabitEthernet0/0/2] port trunk allow-pass vlan 201 401
[S4-GigabitEthernet0/0/2] quit
Step 3 Configure VLAN mapping on S5.
<HUAWEI> system-view
[HUAWEI] sysname S5
[S5] vlan batch 501
[S5] interface gigabitethernet
[S5-GigabitEthernet0/0/1] port
[S5-GigabitEthernet0/0/1] port
[S5-GigabitEthernet0/0/1] port
[S5-GigabitEthernet0/0/1] quit
[S5] interface gigabitethernet
[S5-GigabitEthernet0/0/2] port
[S5-GigabitEthernet0/0/2] port
[S5-GigabitEthernet0/0/2] port
[S5-GigabitEthernet0/0/2] quit
[S5] interface gigabitethernet
[S5-GigabitEthernet0/0/3] port
[S5-GigabitEthernet0/0/3] port
[S5-GigabitEthernet0/0/3] quit
0/0/1
link-type trunk
trunk allow-pass vlan 501
vlan-mapping vlan 201 to 401 map-vlan 501
0/0/2
link-type trunk
trunk allow-pass vlan 501
vlan-mapping vlan 201 to 401 map-vlan 501
0/0/3
link-type trunk
trunk allow-pass vlan 501
Step 4 Verify the configurations.
Verify that users can connect to the network and that same services are sent on the same VLAN.
----End
Configuration Files
l
Configuration file of S1
#
sysname S1
#
vlan batch 2 to 4
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 3
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 4
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4
#
return
l
Configuration file of S2
#
sysname S2
#
vlan batch 2 to 4
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
#
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
113
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
interface GigabitEthernet0/0/2
port link-type access
port default vlan 3
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 4
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4
#
return
l
Configuration file of S3
#
sysname S3
#
vlan batch 201 401
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 201 401
port vlan-stacking vlan 2 to 3 stack-vlan 201
port vlan-stacking vlan 4 stack-vlan 401
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 201 401
#
return
l
Configuration file of S4
#
sysname S4
#
vlan batch 201 401
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 201 401
port vlan-stacking vlan 2 to 3 stack-vlan 201
port vlan-stacking vlan 4 stack-vlan 401
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 201 401
#
return
l
Configuration file of S5
#
sysname S5
#
vlan batch 501
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 501
port vlan-mapping vlan 201 to 401 map-vlan 501
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 501
port vlan-mapping vlan 201 to 401 map-vlan 501
#
interface GigabitEthernet0/0/3
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
114
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
port link-type trunk
port trunk allow-pass vlan 501
#
return
3.4 Voice VLAN Configuration
This chapter describes voice VLAN concepts and how to configure voice VLAN.
3.4.1 Example for Configuring a Voice VLAN in Auto Mode
Networking Requirements
As shown in Figure 3-14, data flows of the HSI, VoIP, and IPTV services are transmitted on
the network. Users require high quality of the VoIP service. Therefore, voice data flows must
be transmitted with a high priority. Voice packets are transmitted in VLAN 2, and other packets
are transmitted in VLAN 6. IP phones can obtain voice VLAN information through LLDP.
Figure 3-14 Configuring a voice VLAN in auto mode
DHCP Server
Internet
Switch
GE0/0/1
HG
HSI
VoIP
IPTV
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create VLANs and VLANIF interfaces on Switch and configure interfaces so that users
can access the WAN.
2.
Configure a voice VLAN and set the mode in which interfaces are added to the voice VLAN
to auto so that voice data packets are transmitted in the voice VLAN with a high priority.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
115
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Procedure
Step 1 Create VLANs and configure the interface on the Switch.
# Create VLAN 2 and VLAN 6.
<HUAWEI> system-view
[HUAWEI] vlan batch 2 6
# Enable LLDP.
[HUAWEI] lldp enable
# Configure the link type and default VLAN of the interface.
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port hybrid pvid vlan 6
[HUAWEI-GigabitEthernet0/0/1] port hybrid untagged vlan 6
[HUAWEI-GigabitEthernet0/0/1] quit
Step 2 Configure the voice VLAN on the Switch.
# Configure the voice VLAN on the interface.
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] voice-vlan 2 enable
[HUAWEI-GigabitEthernet0/0/1] voice-vlan remark-mode mac-address
# Set the voice VLAN mode to auto so that the interface can be automatically added to or deleted
from the voice VLAN.
[HUAWEI-GigabitEthernet0/0/1] voice-vlan mode auto
[HUAWEI-GigabitEthernet0/0/1] quit
# Set the OUI of the voice VLAN.
[HUAWEI] voice-vlan mac-address 0011-2200-0000 mask ffff-ff00-0000
# Set the working mode of the voice VLAN.
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] voice-vlan security enable
Step 3 Verify the configuration.
Run the display voice-vlan oui command to check the OUI of the voice VLAN.
<HUAWEI> display voice-vlan oui
--------------------------------------------------OuiAddress
Mask
Description
--------------------------------------------------0011-2200-0000
ffff-ff00-0000
Run the display voice-vlan 2 status command to check the voice VLAN mode, voice security
mode, and voice VLAN aging time.
<HUAWEI> display voice-vlan 2 status
Voice VLAN Configurations:
--------------------------------------------------Voice VLAN ID
: 2
Voice VLAN status
: Enable
Voice VLAN aging time
: Voice VLAN 8021p remark : 6
Voice VLAN dscp remark
: 46
---------------------------------------------------------Port Information:
-------------------------------------------------------------------------------
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
116
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Port
Add-Mode Security-Mode Legacy
PribyVLAN Untag
------------------------------------------------------------------------------GigabitEthernet0/0/1
Auto
Security
Disable Disable
Disable
----End
Configuration Files
Configuration file of the Switch
#
sysname HUAWEI
#
vlan batch 2 6
#
lldp enable
#
voice-vlan mac-address 0011-2200-0000 mask ffff-ff00-0000
#
interface GigabitEthernet0/0/1
voice-vlan 2 enable
voice-vlan remark-mode mac-address
voice-vlan mode auto
voice-vlan security enable
port hybrid pvid vlan 6
port hybrid untagged vlan 6
#
return
3.4.2 Example for Configuring a Voice VLAN in Manual Mode
Networking Requirements
As shown in Figure 3-15, data flows of the HSI, VoIP, and IPTV services are transmitted on
the network. Users require high quality of the VoIP service. Therefore, voice data flows must
be transmitted with a high priority. Voice packets are transmitted in VLAN 2, and other packets
are transmitted in VLAN 6. IP phones can obtain voice VLAN information through LLDP.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
117
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-15 Configuring a voice VLAN in manual mode
DHCP Server
Internet
Switch
GE0/0/1
HG
HSI
VoIP
IPTV
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create VLANs and VLANIF interfaces on Switch and configure interfaces so that users
can access the WAN.
2.
Configure a voice VLAN and set the mode in which interfaces are added to the voice VLAN
to manual so that voice data packets are transmitted in the voice VLAN with a high priority.
Procedure
Step 1 Create VLANs and configure the interface on the Switch.
# Create VLAN 2 and VLAN 6.
<HUAWEI> system-view
[HUAWEI] vlan batch 2 6
# Enable LLDP.
[HUAWEI] lldp enable
# Configure the link type and default VLAN of the interface.
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port hybrid pvid vlan 6
[HUAWEI-GigabitEthernet0/0/1] port hybrid untagged vlan 6
[HUAWEI-GigabitEthernet0/0/1] quit
Step 2 Configure the voice VLAN on the Switch.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
118
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
# Configure the voice VLAN on the interface.
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] voice-vlan 2 enable
[HUAWEI-GigabitEthernet0/0/1] voice-vlan remark-mode mac-address
# Set the voice VLAN mode to manual and add the interface to the voice VLAN.
[HUAWEI-GigabitEthernet0/0/1] voice-vlan mode manual
[HUAWEI-GigabitEthernet0/0/1] port hybrid tagged vlan 2
[HUAWEI-GigabitEthernet0/0/1] quit
# Set the OUI of the voice VLAN.
[HUAWEI] voice-vlan mac-address 0011-2200-0000 mask ffff-ff00-0000
# Set the working mode of the voice VLAN.
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] voice-vlan security enable
Step 3 Verify the configuration.
Run the display voice-vlan oui command to check the OUI of the voice VLAN.
<HUAWEI> display voice-vlan oui
--------------------------------------------------OuiAddress
Mask
Description
--------------------------------------------------0011-2200-0000
ffff-ff00-0000
Run the display voice-vlan 2 status command to check the voice VLAN mode, voice security
mode, and voice VLAN aging time.
<HUAWEI> display voice-vlan 2 status
Voice VLAN Configurations:
--------------------------------------------------Voice VLAN ID
: 2
Voice VLAN status
: Enable
Voice VLAN aging time
: Voice VLAN 8021p remark : 6
Voice VLAN dscp remark
: 46
---------------------------------------------------------Port Information:
------------------------------------------------------------------------------Port
Add-Mode Security-Mode Legacy
PribyVLAN Untag
------------------------------------------------------------------------------GigabitEthernet0/0/1
Manual
Security
Disable Disable
Disable
----End
Configuration Files
Configuration file of the Switch
#
sysname HUAWEI
#
vlan batch 2 6
#
lldp enable
#
voice-vlan mac-address 0011-2200-0000 mask ffff-ff00-0000
#
interface GigabitEthernet0/0/1
voice-vlan 2 enable
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
119
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
voice-vlan remark-mode mac-address
voice-vlan security enable
port hybrid pvid vlan 6
port hybrid tagged vlan 2
port hybrid untagged vlan 6
#
return
3.5 QinQ Configuration
This chapter describes the concepts and configuration procedure of 802.1Q-in-802.1Q (QinQ),
and provides configuration examples.
3.5.1 Example for Configuring basic QinQ
Networking Requirements
As shown in Figure 3-16, there are two enterprises on the network, Enterprise 1 and Enterprise
2. Enterprise 1 has two office locations, and Enterprise 2 has 2 office locations. The office
locations of the two enterprises access SwitchA and SwitchB of the ISP network. A non-Huawei
device with the TPID value 0x9100 exists on the public network.
The requirements are as follows:
l
Enterprise 1 and Enterprise 2 plans their VLANs independently.
l
Traffic of the two branches is transparently transmitted on the public network. Users using
the same services in the two branches are allowed to communicate and users using different
services are isolated.
You can configure QinQ to meet the preceding requirements. VLAN 100 provided by the public
network can be used to implement communication of Enterprise 1 in the two branches and VLAN
200 is used for Enterprise 2. You can set the TPID value in the outer VLAN on the interface that
connects the non-Huawei device to implement communication between devices.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
120
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-16 Configuring basic QinQ
ISP
VLAN 100,200
TPID=0x9100
GE0/0/3
Switch A
GE0/0/1
GE0/0/3
GE0/0/2
GE0/0/1
Switch B
GE0/0/2
Enterprise 1
Enterprise 2
Enterprise 1
Enterprise 2
VLAN 10 to 50
VLAN 20 to 60
VLAN 10 to 50
VLAN 20 to 60
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure VLAN 100 and VLAN 200 on both SwitchA and SwitchB. Set the link type of
the interface to QinQ and add the interfaces to VLAN. In this way, different outer VLAN
tags are added to different services.
2.
Add interfaces connecting to the public network on SwitchA and SwitchB to VLAN 100
and VLAN 200 to permit packets from these VLANs to pass through.
3.
Set the TPID values in the outer VLAN tag on interfaces connecting to the public network
on SwitchA and SwitchB to implement communication between the device with devices
from other vendors.
Procedure
Step 1 Create VLANs.
# Create VLAN 100 and VLAN 200 on SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 100 200
# Create VLAN 100 and VLAN 200 on SwitchB.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 100 200
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
121
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Step 2 Set the link type of the interface to QinQ.
# Configure GE0/0/1 and GE0/0/2 of SwitchA as QinQ interfaces. Set the VLAN of GE0/0/1
to VLAN 100 and the VLAN of GE0/0/2 to VLAN 200.
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] quit
0/0/1
link-type dot1q-tunnel
default vlan 100
0/0/2
link-type dot1q-tunnel
default vlan 200
# Configure GE0/0/1 and GE0/0/2 of SwitchB as QinQ interfaces. Set the VLAN of GE0/0/1 to
VLAN 100 and the VLAN of GE0/0/2 to VLAN 200. The configuration procedure of SwitchB
is the same as that of SwitchA.
Step 3 Configure the interface connecting to the public network on the switch.
# Add GE0/0/3 of SwitchA to VLAN 100 and VLAN 200.
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] port link-type trunk
[SwitchA-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 200
[SwitchA-GigabitEthernet0/0/3] quit
# Add GE0/0/3 of SwitchB to VLAN 100 and VLAN 200. The configuration procedure of
SwitchB is the same as that of SwitchA.
Step 4 Configure the TPID value for an outer VLAN tag
# Set the TPID value of an outer VLAN tag to 0x9100 on SwitchA.
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] qinq protocol 9100
# Set the TPID value of an outer VLAN tag to 0x9100 on SwitchB.
[SwitchB] interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] qinq protocol 9100
Step 5 Verify the configuration.
In Enterprise 1, ping a PC of a VLAN in a branch from a PC of the same VLAN in another
branch. If the two PCs can ping each other, internal users of Enterprise 1 can communicate.
In Enterprise 2, ping a PC of a VLAN in a branch from a PC of the same VLAN in another
branch. If the two PCs can ping each other, internal users of Enterprise 2 can communicate.
Ping a PC in a VLAN of Enterprise 2 in a branch from a PC in the same VLAN of Enterprise 1
in either branch. If the two PCs cannot ping each other, users in Enterprise 1 and Enterprise 2
are isolated.
----End
Configuration Files
Configuration file of SwitchA
#
sysname SwitchA
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
122
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
vlan batch 100 200
#
interface GigabitEthernet0/0/1
port link-type dot1q-tunnel
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type dot1q-tunnel
port default vlan 200
#
interface GigabitEthernet0/0/3
qinq protocol 9100
port link-type trunk
port trunk allow-pass vlan 100 200
#
return
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 100 200
#
interface GigabitEthernet0/0/1
port link-type dot1q-tunnel
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type dot1q-tunnel
port default vlan 200
#
interface GigabitEthernet0/0/3
qinq protocol 9100
port link-type trunk
port trunk allow-pass vlan 100 200
#
return
3.5.2 Example for Configuring Selective QinQ
Networking Requirements
As shown in Figure 3-17, Internet access users (using PCs) and VoIP users (using VoIP
terminals) connect to the ISP network through SwitchA and SwitchB and communicate with
each other through the ISP network.
It is required that packets of PCs and VoIP terminals be tagged VLAN 2 and VLAN 3 when the
packets are transmitted through the ISP network.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
123
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-17 Networking diagram for configuring selective QinQ
SwitchA
SwitchB
GE0/0/2
Network
GE0/0/1
PC
GE0/0/2
GE0/0/1
VoIP
VoIP
PC
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create VLANs on SwitchA and SwitchB.
2.
Configure link types of interfaces on SwitchA and SwitchB and add interfaces to VLANs.
3.
Configure selective QinQ on the interfaces of SwitchA and SwitchB.
Procedure
Step 1 Create VLANs.
# On SwitchA, create VLAN 2 and VLAN 3, that is, VLAN IDs of the outer VLAN tag to be
added.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 2 3
# On SwitchB, create VLAN 2 and VLAN 3, that is, VLAN IDs of the outer VLAN tag to be
added.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 2 3
Step 2 Configure selective QinQ on interfaces.
# Configure GE0/0/1 on SwitchA.
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] qinq
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] quit
Issue 04 (2013-11-06)
0/0/1
link-type hybrid
hybrid untagged vlan 2 3
vlan-translation enable
vlan-stacking vlan 100 stack-vlan 2
vlan-stacking vlan 300 stack-vlan 3
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
124
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
# Configure GE0/0/1 on SwitchB.
[SwitchB] interface gigabitethernet
[SwitchB-GigabitEthernet0/0/1] port
[SwitchB-GigabitEthernet0/0/1] port
[SwitchB-GigabitEthernet0/0/1] qinq
[SwitchB-GigabitEthernet0/0/1] port
[SwitchB-GigabitEthernet0/0/1] port
[SwitchB-GigabitEthernet0/0/1] quit
0/0/1
link-type hybrid
hybrid untagged vlan 2 3
vlan-translation enable
vlan-stacking vlan 100 stack-vlan 2
vlan-stacking vlan 300 stack-vlan 3
Step 3 Configure other interfaces.
# Add GE0/0/2 to VLAN 2 and VLAN 3 on SwitchA.
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 3
[SwitchA-GigabitEthernet0/0/2] quit
# Add GE0/0/2 to VLAN 2 and VLAN 3 on SwitchB.
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type trunk
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 3
[SwitchB-GigabitEthernet0/0/2] quit
Step 4 Verify the configuration.
If the configurations on SwitchA and SwitchB are correct:
l PCs can communicate with each other through the ISP network.
l VoIP terminals can communicate with each other through the ISP network.
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 2 to 3
#
interface GigabitEthernet0/0/1
qinq vlan-translation enable
port hybrid untagged vlan 2 to 3
port vlan-stacking vlan 100 stack-vlan 2
port vlan-stacking vlan 300 stack-vlan 3
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 2 to 3
#
interface GigabitEthernet0/0/1
qinq vlan-translation enable
port hybrid untagged vlan 2 to 3
port vlan-stacking vlan 100 stack-vlan 2
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
125
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
port vlan-stacking vlan 300 stack-vlan 3
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
return
3.5.3 Example for Configuring Selective QinQ with VLAN
Mapping
Networking Requirements
As shown in Figure 3-18, the Internet access, IPTV, and VoIP services are provided for users
through home gateways.
The corridor switches allocate VLANs to the services as follows:
l
VLANs for the Internet access service of different users: VLAN 1000 to VLAN 1100
l
Shared VLAN for the IPTV service: VLAN 1101
l
Shared VLAN for the VoIP service: VLAN 1102
l
Shared VLAN for home gateways: VLAN 1103
Each community switch is connected to 50 downstream corridor switches, and maps the VLAN
IDs in the Internet access service packets from the corridor switches to VLAN 101 to VLAN
150.
The aggregate switch of the carrier is connected to 50 downstream community switches, and
adds outer VLAN IDs 21 to 70 to the packets sent from the community switches.
Figure 3-18 Networking diagram for configuring selective QinQ-VLAN mapping
ME60
Internet
Aggregate switch of carrier SwitchA
GE0/0/1
……
Community
switch
SwitchB
……
GE0/0/2
GE0/0/1
……
……
……
……
Corridor
switch
……
……
……
……
Home
gateway
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
126
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create VLANs on SwitchA and SwitchB.
2.
Configure VLAN mapping on SwitchB and add GE 0/0/1 and GE 0/0/2 to the VLANs.
3.
Configure selective QinQ on SwitchA and add GE 0/0/1 to VLANs.
4.
Add other downlink interfaces of SwitchA and SwitchB to the VLANs. The configurations
are similar to the configurations of their GE 0/0/1 interfaces
5.
Configure other community switches. The configuration is similar to the configuration on
SwitchB.
Procedure
Step 1 Configure SwitchA.
# Create VLANs.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 21 to 70 1101 to 1103
# Add interfaces to VLANs.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 21
[SwitchA-GigabitEthernet0/0/1] port hybrid tagged vlan 1101 to 1103
[SwitchA-GigabitEthernet0/0/1] quit
# Configure selective QinQ on interfaces.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] qinq vlan-translation enable
[SwitchA-GigabitEthernet0/0/1] port vlan-stacking vlan 101 to 150 stack-vlan 21
[SwitchA-GigabitEthernet0/0/1] quit
Step 2 Configure SwitchB.
# Create VLANs.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 101 to 150 1000 to 1103
# Add interfaces to VLANs.
[SwitchB] interface gigabitethernet
[SwitchB-GigabitEthernet0/0/1] port
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet
[SwitchB-GigabitEthernet0/0/2] port
[SwitchB-GigabitEthernet0/0/2] quit
0/0/1
hybrid tagged vlan 101 1000 to 1103
0/0/2
hybrid tagged vlan 101 to 150 1101 to 1103
# Configure VLAN mapping on interfaces.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] qinq vlan-translation enable
[SwitchB-GigabitEthernet0/0/1] port vlan-mapping vlan 1000 to 1100 map-vlan 101
[SwitchB-GigabitEthernet0/0/1] quit
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
127
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Step 3 Verify the configuration.
The Internet access service, IPTV service, and VoIP service can be used.
----End
Configuration Files
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 21 to 70 1101 to 1103
#
interface GigabitEthernet0/0/1
qinq vlan-translation enable
port hybrid tagged vlan 1101 to 1103
port hybrid untagged vlan 21
port vlan-stacking vlan 101 to 150 stack-vlan 21
#
return
Configuration file of Switch B
#
sysname SwitchB
#
vlan batch 101 to 150 1000 to 1103
#
interface GigabitEthernet0/0/1
qinq vlan-translation enable
port hybrid tagged vlan 101 1000 to 1103
port vlan-mapping vlan 1000 to 1100 map-vlan 101
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 101 to 150 1101 to 1103
#
return
3.5.4 Example for Configuring VLL Access Through Dot1q Subinterfaces
Networking Requirements
As shown in Figure 3-19, CE1 and CE2 are connected to PE1 and PE2 respectively through
VLANs.
A Martini VLL is created between CE1 and CE2 so that user networks connected to CE1 and
CE2 can communicate.
NOTE
Only the S5310EI and S5300HI support this configuration.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
128
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-19 Networking diagram for configuring a sub-interface for dot1q VLAN tag
termination to access a VLL network
Loopback1
1.1.1.9/32
Loopback1
2.2.2.9/32
GE 0/0/2
PE 1
GE 0/0/1
GE0/0/1
GE 0/0/2
GE0/0/1
Loopback1
3.3.3.9/32
P
GE0/0/1
Martini
CE 1
PE 2
GE 0/0/2
GE 0/0/1
CE 2
Switch
Interface
VLANIF Interface
IP Address
PE1
GigabitEthernet0/0/1
GigabitEthernet0/0/1.1
-
-
GigabitEthernet0/0/2
VLANIF 20
10.1.1.1/24
-
Loopback1
-
1.1.1.9/32
PE2
GigabitEthernet0/0/1
VLANIF 30
10.2.2.1/24
-
GigabitEthernet0/0/2
GigabitEthernet0/0/2.1
-
-
Loopback1
-
3.3.3.9/32
P
GigabitEthernet0/0/1
VLANIF 30
10.2.2.2/24
-
GigabitEthernet0/0/2
VLANIF 20
10.1.1.2/24
-
Loopback1
-
2.2.2.9/32
CE1
GigabitEthernet0/0/1
VLANIF 10
100.1.1.1/24
CE2
GigabitEthernet0/0/1
VLANIF 10
100.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the routing protocol on devices (PE and P) of the backbone network to implement
interworking, and enable MPLS.
2.
Use the default tunnel policy to create an LSP and configure the LSP as the tunnel for data
transmission.
3.
Enable MPLS L2VPN and create VC connections on the PEs.
4.
Configure the dot1q sub-interfaces on the PE interfaces connecting to CEs to implement
VLL access.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
129
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Procedure
Step 1 Configure the VLANs to which interfaces of CEs, PEs and P belong according to Figure
3-19, and assign IP addresses to VLANIF interfaces.
Packets sent from CEs to PEs carry a VLAN tag.
The configuration details are not mentioned here.
Step 2 Configure an IGP protocol on the MPLS backbone network. In this example, OSPF is used.
When configuring OSPF, advertise the 32-bit addresses of loopback interfaces on PE1, P, and
PE2. The loopback interface addresses are the LSR IDs.
The configuration details are not mentioned here.
After the configuration is complete, OSPF neighbor relationships can be set up among PE1, P,
and PE2. Run the display ospf peer command. You can see that the neighbor status is Full. Run
the display ip routing-table command. You can see that the PEs learn the route to each other's
Loopback1 interface.
Step 3 Configure basic MPLS functions and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls ldp
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls
[PE2-Vlanif30] mpls ldp
[PE2-Vlanif30] quit
Step 4 Create remote LDP sessions between PEs.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
130
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration is complete, run the display mpls ldp session command on PE1 to view
the setup of the LDP session. You can see that an LDP session is set up between PE1 and PE2.
The display on PE1 is used as an example.
<PE1> display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
-----------------------------------------------------------------------------PeerID
Status
LAM SsnRole SsnAge
KASent/Rcv
-----------------------------------------------------------------------------2.2.2.9:0
Operational DU Passive 000:15:29
3717/3717
3.3.3.9:0
Operational DU Passive 000:00:00
2/2
-----------------------------------------------------------------------------TOTAL: 2 session(s) Found.
Step 5 Enable MPLS L2VPN on the PEs and establish VC connections.
# Configure PE1: Create a VC connection on GigabitEthernet0/0/1.1 that is connected to CE1.
[PE1] mpls l2vpn
[PE1-l2vpn] mpls l2vpn default martini
[PE1-l2vpn] quit
[PE1] interface gigabitethernet0/0/1.1
[PE1-GigabitEthernet0/0/1.1] dot1q termination vid 10
[PE1-GigabitEthernet0/0/1.1] mpls l2vc 3.3.3.9 101
[PE1-GigabitEthernet0/0/1.1] quit
# Configure PE2: Create a VC connection on GigabitEthernet0/0/2.1 that is connected to CE2.
[PE2] mpls l2vpn
[PE2-l2vpn] mpls l2vpn default martini
[PE2-l2vpn] quit
[PE2] interface gigabitethernet0/0/2.1
[PE2-GigabitEthernet0/0/2.1] dot1q termination vid 10
[PE2-GigabitEthernet0/0/2.1] mpls l2vc 1.1.1.9 101
[PE2-GigabitEthernet0/0/2.1] quit
Step 6 Verify the configuration.
Check the L2VPN connections on PEs. You can see that an L2VC connection is set up and is
in the Up state.
The display on PE1 is used as an example.
<PE1> display mpls l2vc interface gigabitethernet0/0/1.1
*client interface
: gigabitethernet0/0/1.1 is up
Administrator PW
: no
session state
: up
AC status
: up
VC state
: up
Label state
: 0
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
131
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Token state
:
VC ID
:
VC type
:
destination
:
local group ID
:
local VC label
:
local AC OAM State
:
local PSN OAM State
:
local forwarding state :
local status code
:
remote AC OAM state
:
remote PSN OAM state
:
remote forwarding state:
remote status code
:
ignore standby state
:
BFD for PW
:
VCCV State
:
manual fault
:
active state
:
forwarding entry
:
OAM Protocol
:
OAM Status
:
OAM Fault Type
:
PW APS ID
:
PW APS Status
:
TTL Value
:
link state
:
local VC MTU
:
local VCCV
:
remote VCCV
:
local control word
:
tunnel policy name
:
PW template name
:
primary or secondary
:
load balance type
:
Access-port
:
Switchover Flag
:
VC tunnel/token info
:
NO.0 TNL type
:
Backup TNL type
:
create time
:
up time
:
last change time
:
VC last up time
:
VC total up time
:
CKey
:
NKey
:
PW redundancy mode
:
AdminPw interface
:
AdminPw link state
:
Diffserv Mode
:
Service Class
:
Color
:
DomainId
:
Domain Name
:
3 Ethernet
0
101
VLAN
3.3.3.9
0
remote group ID
: 0
23552
remote VC label
: 23552
up
up
forwarding
0x0
up
up
forwarding
0x0
no
unavailable
up
not set
active
exist
---0
-1
up
1500
remote VC MTU
: 1500
alert ttl lsp-ping bfd
alert ttl lsp-ping bfd
disable
remote control word : disable
--primary
flow
false
false
1 tunnels/tokens
lsp
, TNL ID : 0x10031
lsp
, TNL ID : 0x0
1 days, 22 hours, 15 minutes, 9 seconds
0 days, 22 hours, 54 minutes, 57 seconds
0 days, 22 hours, 54 minutes, 57 seconds
2010/10/09 19:26:37
1 days, 20 hours, 42 minutes, 30 seconds
8
3
---uniform
-----
CE1 and CE2 can ping each other.
The display on CE1 is used as an example.
<CE1> ping 100.1.1.2
PING 100.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms
Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms
Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms
Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
132
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
--- 100.1.1.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/15/31 ms
----End
Configuration Files
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
l
Configuration file of PE1
#
sysname PE1
#
vlan batch 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 10
mpls l2vc 3.3.3.9 101
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
133
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
l
3 Ethernet
Configuration file of P
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif 20
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 30
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
#
return
l
Configuration file of PE2
#
sysname PE2
#
vlan batch 30
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
interface Vlanif 30
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
134
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
interface GigabitEthernet0/0/2.1
dot1q termination vid 10
mpls l2vc 1.1.1.9 101
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.2.0 0.0.0.255
#
return
l
Configuration file of CE2
#
sysname CE2
#
vlan batch 10
#
interface Vlanif 10
ip address 100.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
3.5.5 Example for Configuring a QinQ Sub-interface to Access a
VLL Network
Networking Requirements
As shown in Figure 3-20, CE1 and CE2 are connected to PE1 and PE2 respectively through
VLANs.
A Martini VLL is set up between CE1 and CE2.
Switch1 is connected to CE1 and PE1.
Switch2 is connected to CE2 and PE2.
You are required to configure selective QinQ on the interfaces connected to CEs so that
Switch adds the VLAN tags specified by the carrier to the packets sent from CEs.
When Switch is connected to multiple CEs, Switch can add the same VLAN tags to the packets
from different CEs, which saves VLAN IDs on the public network.
NOTE
Only the S5310EI and S5300HI support this configuration.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
135
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-20 Networking diagram for configuring a QinQ sub-interface to access a VLL network
Loopback1
1.1.1.9/32
Loopback1
2.2.2.9/32
GE0/0/2
GE0/0/2
PE1
GE0/0/1
Loopback1
3.3.3.9/32
GE0/0/1
GE0/0/1
PE2
GE0/0/2
P
GE0/0/2
GE0/0/2
Switch1
Switch2
GE0/0/1
GE0/0/1
GE0/0/1
GE0/0/1
CE1
CE2
Switch
Interface
VLANIF Interface
IP Address
PE1
GigabitEthernet0/0/1
GigabitEthernet0/0/1.1
-
-
GigabitEthernet0/0/2
VLANIF 20
10.1.1.1/24
-
Loopback1
-
1.1.1.9/32
PE2
GigabitEthernet0/0/1
VLANIF 30
10.2.2.1/24
-
GigabitEthernet0/0/2
GigabitEthernet0/0/2.1
-
-
Loopback1
-
3.3.3.9/32
P
GigabitEthernet0/0/1
VLANIF 30
10.2.2.2/24
-
GigabitEthernet0/0/2
VLANIF 20
10.1.1.2/24
-
Loopback1
-
2.2.2.9/32
CE1
GigabitEthernet0/0/1
VLANIF 10
100.1.1.1/24
CE2
GigabitEthernet0/0/1
VLANIF 10
100.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the routing protocol on devices on the backbone network (PE and P) to
implement interworking, and enable MPLS.
2.
Use the default tunnel policy to create an LSP and configure the LSP as the tunnel for data
transmission.
3.
Enable MPLS L2VPN and create VC connections on the PEs.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
136
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
4.
Configure QinQ sub-interfaces on the PE interfaces connected to the switches to implement
VLL access.
5.
Configure selective QinQ on the switch interfaces connected to CEs.
Procedure
Step 1 Specify the VLANs that the interfaces of CEs, PEs, and P belong to and set the IP addresses of
the corresponding VLANIF interfaces according to Figure 3-20.
After the configuration is complete, the packets sent from a CE to Switch must contain a VLAN
tag.
The configuration details are not mentioned here.
Step 2 Configure selective QinQ on the interfaces of Switch and specify the VLANs allowed by the
interfaces.
# Configure Switch1.
[Switch1] vlan 100
[Switch1-vlan100] quit
[Switch1] interface gigabitethernet0/0/2
[Switch1-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[Switch1-GigabitEthernet0/0/2] quit
[Switch1] interface gigabitethernet0/0/1
[Switch1-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch1-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 100
[Switch1-GigabitEthernet0/0/1] quit
# Configure Switch2.
[Switch2] vlan 100
[Switch2-vlan100] quit
[Switch2] interface gigabitethernet0/0/2
[Switch2-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[Switch2-GigabitEthernet0/0/2] quit
[Switch2] interface gigabitethernet0/0/1
[Switch2-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch2-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 100
[Switch2-GigabitEthernet0/0/1] quit
Step 3 Configure an IGP protocol on the MPLS backbone network. OSPF is used as an example.
When configuring OSPF, advertise 32-bit addresses of loopback interfaces on PE1, P, and PE2,
which are used as the LSR IDs.
The configuration details are not mentioned here.
After the configuration is complete, OSPF neighbor relationships can be set up among PE1, P,
and PE2. Run the display ospf peer command. You can see that the neighbor status is Full. Run
the display ip routing-table command. You can see that the PEs learn the route to each other's
Loopback1 interface.
Step 4 Enable basic MPLS functions and MPLS LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
137
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls ldp
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls
[PE2-Vlanif30] mpls ldp
[PE2-Vlanif30] quit
Step 5 Set up a remote LDP session between PEs.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration is complete, run the display mpls ldp session command on PE1 to view
the setup of the LDP session. You can see that an LDP session is set up between PE1 and PE2.
The display on PE1 is used as an example.
<PE1> display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
-----------------------------------------------------------------------------PeerID
Status
LAM SsnRole SsnAge
KASent/Rcv
-----------------------------------------------------------------------------2.2.2.9:0
Operational DU Passive 000:15:29
3717/3717
3.3.3.9:0
Operational DU Passive 000:00:00
2/2
-----------------------------------------------------------------------------TOTAL: 2 session(s) Found.
Step 6 Enable MPLS L2VPN on PEs and set up VC connections.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
138
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
# Configure PE1. Create a VC connection on GigabitEthernet0/0/1.1 that is connected to
Switch1.
[PE1] mpls l2vpn
[PE1-l2vpn] mpls l2vpn default martini
[PE1-l2vpn] quit
[PE1] interface gigabitethernet0/0/1.1
[PE1-GigabitEthernet0/0/1.1] qinq termination pe-vid 100 ce-vid 10
[PE1-GigabitEthernet0/0/1.1] mpls l2vc 3.3.3.9 101
[PE1-GigabitEthernet0/0/1.1] quit
# Configure PE2. Create a VC connection on GigabitEthernet0/0/2.1 that is connected to
Switch2.
[PE2] mpls l2vpn
[PE2-l2vpn] mpls l2vpn default martini
[PE2-l2vpn] quit
[PE2] interface gigabitethernet0/0/2.1
[PE2-GigabitEthernet0/0/2.1] qinq termination pe-vid 100 ce-vid 10
[PE2-GigabitEthernet0/0/2.1] mpls l2vc 1.1.1.9 101
[PE2-GigabitEthernet0/0/2.1] quit
Step 7 Verify the configuration.
Check the L2VPN connections on PEs. You can see that an L2VC connection is set up and is
in the Up state.
The display on PE1 is used as an example.
<PE1> display mpls l2vc interface gigabitethernet0/0/1.1
*client interface
: gigabitethernet0/0/1.1 is up
Administrator PW
: no
session state
: up
AC status
: up
VC state
: up
Label state
: 0
Token state
: 0
VC ID
: 101
VC type
: VLAN
destination
: 3.3.3.9
local group ID
: 0
remote group ID
local VC label
: 23552
remote VC label
local AC OAM State
: up
local PSN OAM State
: up
local forwarding state : forwarding
local status code
: 0x0
remote AC OAM state
: up
remote PSN OAM state
: up
remote forwarding state: forwarding
remote status code
: 0x0
ignore standby state
: no
BFD for PW
: unavailable
VCCV State
: up
manual fault
: not set
active state
: active
forwarding entry
: exist
OAM Protocol
: -OAM Status
: -OAM Fault Type
: -PW APS ID
: 0
PW APS Status
: -TTL Value
: 1
link state
: up
local VC MTU
: 1500
remote VC MTU
local VCCV
: alert ttl lsp-ping bfd
remote VCCV
: alert ttl lsp-ping bfd
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
: 0
: 23552
: 1500
139
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
local control word
tunnel policy name
PW template name
primary or secondary
load balance type
Access-port
Switchover Flag
VC tunnel/token info
NO.0 TNL type
Backup TNL type
create time
up time
last change time
VC last up time
VC total up time
CKey
NKey
PW redundancy mode
AdminPw interface
AdminPw link state
Diffserv Mode
Service Class
Color
DomainId
Domain Name
3 Ethernet
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
disable
remote control word : disable
--primary
flow
false
false
1 tunnels/tokens
lsp
, TNL ID : 0x10031
lsp
, TNL ID : 0x0
1 days, 22 hours, 15 minutes, 9 seconds
0 days, 22 hours, 54 minutes, 57 seconds
0 days, 22 hours, 54 minutes, 57 seconds
2010/10/09 19:26:37
1 days, 20 hours, 42 minutes, 30 seconds
8
3
---uniform
-----
CE1 and CE2 can ping each other.
The display on CE1 is used as an example.
<CE1> ping 100.1.1.2
PING 100.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms
Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms
Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms
Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms
--- 100.1.1.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/15/31 ms
----End
Configuration Files
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
l
Configuration file of Switch1
#
sysname Switch1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
140
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port hybrid untagged vlan 100
port vlan-stacking vlan 10 stack-vlan 100
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 100
#
return
l
Configuration file of PE1
#
sysname PE1
#
vlan batch 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
qinq termination pe-vid 100 ce-vid 10
mpls l2vc 3.3.3.9 101
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
l
Configuration file of P
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif 20
ip address 10.1.1.2 255.255.255.0
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
141
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
mpls
mpls ldp
#
interface Vlanif 30
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
#
return
l
Configuration file of PE2
#
sysname PE2
#
vlan batch 30
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
interface Vlanif 30
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/2.1
qinq termination pe-vid 100 ce-vid 10
mpls l2vc 1.1.1.9 101
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.2.0 0.0.0.255
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
142
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
return
l
Configuration file of Switch2
#
sysname Switch2
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port hybrid untagged vlan 100
port vlan-stacking vlan 10 stack-vlan 100
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 100
#
return
l
Configuration file of CE2
#
sysname CE2
#
vlan batch 10
#
interface Vlanif 10
ip address 100.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
3.5.6 Example for Configuring a Single-tagged VLAN Mapping
Sub-interface to Access a VLL network
Networking Requirements
As shown in Figure 3-21, CE1 and CE2 are respectively connected to PE1 and PE2 through
VLANs.
A Martini VLL is set up between PE1 and PE2.
NOTE
Only the S5310EI and S5300HI support this configuration.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
143
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-21 Networking diagram for configuring a single-tagged VLAN Mapping sub-interface
to access a VLL network
Loopback1
1.1.1.9/32
Loopback1
2.2.2.9/32
GE 0/0/2
GE 0/0/2
PE 1
GE0/0/1
Loopback1
3.3.3.9/32
GE 0/0/1
GE0/0/1
PE 2
GE 0/0/2
P
GE0/0/1
GE 0/0/1
Martini
CE 2
CE 1
Switch
Interface
VLANIF Interface
IP Address
PE1
GigabitEthernet0/0/1
GigabitEthernet0/0/1.1
-
-
GigabitEthernet0/0/2
VLANIF 20
10.1.1.1/24
-
Loopback1
-
1.1.1.9/32
PE2
GigabitEthernet0/0/1
VLANIF 30
10.2.2.1/24
-
GigabitEthernet0/0/2
GigabitEthernet0/0/2.1
-
-
Loopback1
-
3.3.3.9/32
P
GigabitEthernet0/0/1
VLANIF 30
10.2.2.2/24
-
GigabitEthernet0/0/2
VLANIF 20
10.1.1.2/24
-
Loopback1
-
2.2.2.9/32
CE1
GigabitEthernet0/0/1
VLANIF 10
100.1.1.1/24
CE2
GigabitEthernet0/0/1
VLANIF 20
100.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the routing protocol on devices on the backbone network (PE and P) to
implement interworking, and enable MPLS.
2.
Use the default tunnel policy to create an LSP and configure the LSP as the tunnel for data
transmission.
3.
Enable MPLS L2VPN and create VC connections on the PEs.
4.
Create a sub-interface on the PE1 interface connected to CE1, configure VLAN mapping
of a single tag on sub-interface, and connect the sub-interface to the VLL network.
5.
Configure dot1q sub-interfaces on the PE2 interface connected to CE2 to connect the dot1q
sub-interfaces to the VLL network.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
144
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Procedure
Step 1 Add interfaces of CEs, PEs, and P to VLANs and set the IP addresses of the corresponding
VLANIF interfaces according to Figure 3-21.
After the configuration, the packets sent from a CE to a switch should contain a VLAN tag.
Step 2 Configure an IGP protocol on the MPLS backbone network. In this example, OSPF is used.
When configuring OSPF, advertise 32-bit addresses of loopback interfaces on PEs and P, which
are used as the LSR IDs.
For the configuration procedure, see the S2350&S5300&S6300 Series Ethernet Switches
Configuration Guide - IP Routing.
After the configuration is complete, OSPF neighbor relationships are established between PE1,
P, and PE2. Run the display ospf peer command to verify that the status of the OSPF neighbor
relationships is Full. Run the display ip routing-table command to verify that the PEs can learn
the routes of each other's Loopback1 interface.
Step 3 Enable the basic MPLS functions and MPLS LDP on the MPLS network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls ldp
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls
[PE2-Vlanif30] mpls ldp
[PE2-Vlanif30] quit
Step 4 Create remote LDP sessions between PEs.
# Configure PE1.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
145
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[PE1] mpls ldp remote-peer 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration is complete, run the display mpls ldp session command on PE1 to view
the LDP session status. You can see that an LDP session has been set up between PE1 and PE2.
The output on PE1 is used as an example:
<PE1> display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
-----------------------------------------------------------------------------PeerID
Status
LAM SsnRole SsnAge
KASent/Rcv
-----------------------------------------------------------------------------2.2.2.9:0
Operational DU Passive 000:15:29
3717/3717
3.3.3.9:0
Operational DU Passive 000:00:00
2/2
-----------------------------------------------------------------------------TOTAL: 2 session(s) Found.
Step 5 Enable MPLS L2VPN on the PEs and create VC connections.
# Configure PE1: Create a VC connection on GigabitEthernet0/0/1.1 that is connected to CE1.
[PE1] mpls l2vpn
[PE1-l2vpn] mpls l2vpn default martini
[PE1-l2vpn] quit
[PE1] interface gigabitethernet0/0/1.1
[PE1-GigabitEthernet0/0/1.1] qinq mapping vid 10 map-vlan vid 20
[PE1-GigabitEthernet0/0/1.1] mpls l2vc 3.3.3.9 101
[PE1-GigabitEthernet0/0/1.1] quit
# Configure PE2: Create a VC connection on GigabitEthernet0/0/2.1 that is connected to CE2.
[PE2] mpls l2vpn
[PE2-l2vpn] mpls l2vpn default martini
[PE2-l2vpn] quit
[PE2] interface gigabitethernet0/0/2.1
[PE2-GigabitEthernet0/0/2.1] dot1q termination vid 20
[PE2-GigabitEthernet0/0/2.1] mpls l2vc 1.1.1.9 101
[PE2-GigabitEthernet0/0/2.1] quit
Step 6 Verify the configuration.
On PEs, check the L2VPN connections. You can see that an L2VC connection has been set up
and is in Up state.
The output on PE1 is used as an example:
<PE1> display mpls l2vc interface gigabitethernet0/0/1.1
*client interface
: gigabitethernet0/0/1.1 is up
session state
: up
AC state
: up
VC state
: up
VC ID
: 101
VC type
: VLAN
destination
: 3.3.3.9
local group ID
: 0
remote group ID
local VC label
: 21504
remote VC label
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
: 0
: 21504
146
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
local AC OAM State
local PSN State
local forwarding state
BFD for PW
manual fault
active state
forwarding entry
link state
local VC MTU
local VCCV
remote VCCV
local control word
tunnel policy name
traffic behavior name
PW template name
primary or secondary
VC tunnel/token info
NO.0 TNL type : lsp
create time
up time
last change time
3 Ethernet
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
up
up
forwarding
unavailable
not set
active
not exist
up
1500
remote VC MTU
Disable
none
disable
remote control
---primary
1 tunnels/tokens
, TNL ID : 0x10007
: 0 days, 0 hours, 4 minutes,
: 0 days, 0 hours, 3 minutes,
: 0 days, 0 hours, 3 minutes,
: 1500
word
: none
19 seconds
45 seconds
45 seconds
CE1 and CE2 can ping each other.
The output on CE1 is used as an example:
<CE1> ping 100.1.1.2
PING 100.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms
Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms
Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms
Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms
--- 100.1.1.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/15/31 ms
----End
Configuration Files
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
l
Configuration file of PE1
#
sysname PE1
#
vlan batch 20
#
mpls lsr-id 1.1.1.9
mpls
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
147
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
qinq mapping vid 10 map-vlan vid 20
mpls l2vc 3.3.3.9 101
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
l
Configuration file of P
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif 20
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 30
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
148
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
#
return
l
Configuration file of PE2
#
sysname PE2
#
vlan batch 30
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
interface Vlanif 30
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/2.1
dot1q termination vid 20
mpls l2vc 1.1.1.9 101
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.2.0 0.0.0.255
#
return
l
Configuration file of CE2
#
sysname CE2
#
vlan batch 20
#
interface Vlanif 20
ip address 100.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
149
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
return
3.5.7 Example for Configuring a Double-tagged VLAN Mapping
Sub-interface to Access a VLL Network
Networking Requirements
As shown in Figure 3-22, CE1 and CE2 are connected to PE1 and PE2 respectively through
VLANs.
A Martini VLL is set up between PE1 and PE2.
Switch1 is connected to CE1 and PE1.
Switch2 is connected to CE2 and PE2.
Selective QinQ is configured on the switch interfaces connected to CEs so that the switches add
the VLAN tags specified by the carrier to the packets sent from CEs.
When Switch1 and Switch2 add different VLAN tags to packets, you must configure VLAN
Mapping of double tags on PE sub-interfaces, and connect the sub-interfaces to the VLL network.
Then CE1 and CE2 can communicate with each other.
When a switch is connected to multiple CEs, it can add the same VLAN tag to the packets from
different CEs. This saves VLAN IDs on the public network.
NOTE
Only the S5310EI and S5300HI support this configuration.
Figure 3-22 Networking diagram for configuring a double-tagged VLAN Mapping subinterface to access a VLL network
Loopback1
1.1.1.9/32
Loopback1
2.2.2.9/32
GE0/0/2
GE0/0/2
PE1
GE0/0/1
Loopback1
3.3.3.9/32
GE0/0/1
GE0/0/1
PE2
GE0/0/2
P
GE0/0/2
GE0/0/2
Switch1
Switch2
GE0/0/1
GE0/0/1
GE0/0/1
GE0/0/1
CE1
CE2
Switch
Interface
VLANIF Interface
IP address
PE1
GigabitEthernet0/0/1
GigabitEthernet0/0/1.1
-
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
150
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Switch
Interface
VLANIF Interface
IP address
-
GigabitEthernet0/0/2
VLANIF 20
10.1.1.1/24
-
Loopback1
-
1.1.1.9/32
PE2
GigabitEthernet0/0/1
VLANIF 30
10.2.2.1/24
-
GigabitEthernet0/0/2
GigabitEthernet0/0/2.1
-
-
Loopback1
-
3.3.3.9/32
P
GigabitEthernet0/0/1
VLANIF 30
10.2.2.2/24
-
GigabitEthernet0/0/2
VLANIF 20
10.1.1.2/24
-
Loopback1
-
2.2.2.9/32
CE1
GigabitEthernet0/0/1
VLANIF 10
100.1.1.1/24
CE2
GigabitEthernet0/0/1
VLANIF 10
100.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the routing protocol on devices on the backbone network (PE and P) to
implement interworking, and enable MPLS.
2.
Use the default tunnel policy to create an LSP and configure the LSP as the tunnel for data
transmission.
3.
Enable MPLS L2VPN and create VC connections on the PEs.
4.
Create a sub-interface on the PE1 interface connected to Switch1, configure VLAN
Mapping of double tags, and connect the QinQ sub-interface to a VLL network.
5.
Create a sub-interface on the PE2 interface connected to Switch2, and connect the QinQ
sub-interface to a VLL network.
6.
Configure selective QinQ on the switch interfaces connected to CEs.
Procedure
Step 1 Add interfaces of CEs, PEs, and P to VLANs and set the IP addresses of the corresponding
VLANIF interfaces according to Figure 3-22.
After the configuration is complete, the packets sent from a CE to a switch should contain a
VLAN tag.
Step 2 Configure selective QinQ on the switch interfaces and specify the VLANs allowed by the
interfaces.
# Configure Switch1.
[Switch1] vlan 100
[Switch1-vlan100] quit
[Switch1] interface gigabitethernet0/0/2
[Switch1-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[Switch1-GigabitEthernet0/0/2] quit
[Switch1] interface gigabitethernet0/0/1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
151
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[Switch1-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch1-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 100
[Switch1-GigabitEthernet0/0/1] quit
# Configure Switch2.
[Switch2] vlan 200
[Switch2-vlan100] quit
[Switch2] interface gigabitethernet0/0/2
[Switch2-GigabitEthernet0/0/2] port hybrid tagged vlan 200
[Switch2-GigabitEthernet0/0/2] quit
[Switch2] interface gigabitethernet0/0/1
[Switch2-GigabitEthernet0/0/1] port hybrid untagged vlan 200
[Switch2-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 200
[Switch2-GigabitEthernet0/0/1] quit
Step 3 Configure an IGP protocol on the MPLS backbone network. In this example, OSPF is used.
When configuring OSPF, advertise 32-bit addresses of loopback interfaces on PEs and P, which
are used as the LSR IDs.
The configuration details are not mentioned here.
After the configuration, OSPF neighbor relationships can be set up among PE1, P, and PE2. Run
the display ospf peer command, and you can view that the neighbor status is Full. Run the
display ip routing-table command, and you can view that the PEs learn the route to each other's
Loopback1 interface.
Step 4 Enable the basic MPLS functions and MPLS LDP on the MPLS network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls ldp
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 30
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
152
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[PE2-Vlanif30] mpls
[PE2-Vlanif30] mpls ldp
[PE2-Vlanif30] quit
Step 5 Create remote LDP sessions between PEs.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration is complete, run the display mpls ldp session command on PE1 to view
the LDP session status. You can see that an LDP session has been set up between PE1 and PE2.
The output on PE1 is used as an example:
<PE1> display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
-----------------------------------------------------------------------------PeerID
Status
LAM SsnRole SsnAge
KASent/Rcv
-----------------------------------------------------------------------------2.2.2.9:0
Operational DU Passive 000:15:29
3717/3717
3.3.3.9:0
Operational DU Passive 000:00:00
2/2
-----------------------------------------------------------------------------TOTAL: 2 session(s) Found.
Step 6 Enable MPLS L2VPN on the PEs and create VC connections.
# Configure PE1: Create a VC connection on GigabitEthernet0/0/1.1 that is connected to CE1.
[PE1] mpls l2vpn
[PE1-l2vpn] mpls l2vpn default martini
[PE1-l2vpn] quit
[PE1] interface gigabitethernet0/0/1.1
[PE1-GigabitEthernet0/0/1.1] qinq mapping pe-vid 100 ce-vid 10 map-vlan vid 200
[PE1-GigabitEthernet0/0/1.1] mpls l2vc 3.3.3.9 101
[PE1-GigabitEthernet0/0/1.1] quit
# Configure PE2: Create a VC connection on GigabitEthernet0/0/2.1 that is connected to
Switch2.
[PE2] mpls l2vpn
[PE2-l2vpn] mpls l2vpn default martini
[PE2-l2vpn] quit
[PE2] interface gigabitethernet0/0/2.1
[PE2-GigabitEthernet0/0/2.1] qinq termination pe-vid 200 ce-vid 10
[PE2-GigabitEthernet0/0/2.1] mpls l2vc 1.1.1.9 101
[PE2-GigabitEthernet0/0/2.1] quit
Step 7 Verify the configuration.
Check the L2VPN connections on the PEs. You can see that an L2VC connection has been set
up and is in Up state.
The output on PE1 is used as an example:
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
153
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
<PE1> display mpls l2vc interface gigabitethernet0/0/1.1
*client interface
: gigabitethernet0/0/1.1 is up
session state
: up
AC state
: up
VC state
: up
VC ID
: 101
VC type
: VLAN
destination
: 3.3.3.9
local group ID
: 0
remote group ID
: 0
local VC label
: 21504
remote VC label
: 21504
local AC OAM State
: up
local PSN State
: up
local forwarding state : forwarding
BFD for PW
: unavailable
manual fault
: not set
active state
: active
forwarding entry
: not exist
link state
: up
local VC MTU
: 1500
remote VC MTU
: 1500
local VCCV
: Disable
remote VCCV
: none
local control word
: disable
remote control word : none
tunnel policy name
: -traffic behavior name : -PW template name
: -primary or secondary
: primary
VC tunnel/token info
: 1 tunnels/tokens
NO.0 TNL type : lsp
, TNL ID : 0x10007
create time
: 0 days, 0 hours, 4 minutes, 19 seconds
up time
: 0 days, 0 hours, 3 minutes, 45 seconds
last change time
: 0 days, 0 hours, 3 minutes, 45 seconds
CE1 and CE2 can ping each other.
The output on CE1 is used as an example:
<CE1> ping 100.1.1.2
PING 100.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms
Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms
Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms
Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms
--- 100.1.1.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/15/31 ms
----End
Configuration Files
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
154
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
return
l
Configuration file of Switch1
#
sysname Switch1
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port hybrid untagged vlan 100
port vlan-stacking vlan 10 stack-vlan 100
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 100
#
return
l
Configuration file of PE1
#
sysname PE1
#
vlan batch 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
qinq mapping pe-vid 100 ce-vid 10 map-vlan vid 200
mpls l2vc 3.3.3.9 101
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
l
Configuration file of P
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
155
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
mpls
#
mpls ldp
#
interface Vlanif 20
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 30
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
#
return
l
Configuration file of PE2
#
sysname PE2
#
vlan batch 30
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
interface Vlanif 30
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/2.1
qinq termination pe-vid 200 ce-vid 10
mpls l2vc 1.1.1.9 101
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
156
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.2.0 0.0.0.255
#
return
l
Configuration file of Switch2
#
sysname Switch2
#
vlan batch 200
#
interface GigabitEthernet0/0/1
port hybrid untagged vlan 200
port vlan-stacking vlan 10 stack-vlan 200
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 200
#
return
l
Configuration file of CE2
#
sysname CE2
#
vlan batch 10
#
interface Vlanif 10
ip address 100.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
3.5.8 Example for Configuring a VLAN Stacking Sub-interface to
Access a VLL Network
Networking Requirements
As shown in Figure 3-23, CE1 and CE2 are respectively connected to PE1 and PE2 through
VLANs.
A Martini VLL is set up between CE1 and CE2.
Switch1 is connected to CE1 and PE1.
Switch2 is connected to CE2 and PE2.
Switch1 forwards the packets sent from CE1 without changing the VLAN tags.
Selective QinQ is configured on the interface connected to CE2 so that Switch2 adds the VLAN
tag specified by the carrier to the packets sent from CE2.
The packets sent from Switch1 to PE1 contain only one VLAN tag, and the packets sent from
Switch2 to PE2 contain two VLAN tags. To enable CE1 and CE2 can communicate to each
other, configure VLAN stacking on the sub-interface of PE1 connected to Switch1, and connect
the sub-interface to a VLL network.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
157
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
When a switch is connected to multiple CEs, it can add the same VLAN tag to the packets from
different CEs. This saves VLAN IDs on the public network.
NOTE
Only the S5310EI and S5300HI support this configuration.
Figure 3-23 Networking diagram for a VLAN stacking sub-interface to access a VLL network
Loopback1
1.1.1.9/32
Loopback1
2.2.2.9/32
GE0/0/2
GE0/0/2
PE1
GE0/0/1
Loopback1
3.3.3.9/32
GE0/0/1
GE0/0/1
PE2
GE0/0/2
P
GE0/0/2
GE0/0/2
Switch1
Switch2
GE0/0/1
GE0/0/1
GE0/0/1
GE0/0/1
CE1
CE2
Switch
Interface
VLANIF Interface
IP address
PE1
GigabitEthernet0/0/1
GigabitEthernet0/0/1.1
-
-
GigabitEthernet0/0/2
VLANIF 20
10.1.1.1/24
-
Loopback1
-
1.1.1.9/32
PE2
GigabitEthernet0/0/1
VLANIF 30
10.2.2.1/24
-
GigabitEthernet0/0/2
GigabitEthernet0/0/2.1
-
-
Loopback1
-
3.3.3.9/32
P
GigabitEthernet0/0/1
VLANIF 30
10.2.2.2/24
-
GigabitEthernet0/0/2
VLANIF 20
10.1.1.2/24
-
Loopback1
-
2.2.2.9/32
CE1
GigabitEthernet0/0/1
VLANIF 10
100.1.1.1/24
CE2
GigabitEthernet0/0/1
VLANIF 10
100.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
158
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
1.
Configure the routing protocol on devices on the backbone network (PE and P) to
implement interworking, and enable MPLS.
2.
Use the default tunnel policy to create an LSP and configure the LSP as the tunnel for data
transmission.
3.
Enable MPLS L2VPN and create VC connections on the PEs.
4.
On PE1, configure VLAN stacking on the sub-interface connected to Switch1, and connect
the sub-interface to a VLL network.
5.
On PE2, configure a QinQ sub-interface on the interface connected to Switch2, and connect
the QinQ sub-interface to a VLL network.
6.
On Switch1, add the interface connected to CE1 to a specified VLAN.
7.
On Switch2, configure selective QinQ on the interface connected to CE2.
Procedure
Step 1 Add interfaces of CEs, PEs, and P to VLANs and set the IP addresses of the corresponding
VLANIF interfaces according to Figure 3-23.
After the configuration is complete, the packets sent from a CE to a switch should contain a
VLAN tag.
Step 2 Configure selective QinQ on the interfaces of the switches and specify the VLANs allowed by
the interfaces.
# Configure Switch1.
[Switch1] vlan 10
[Switch1-vlan10] quit
[Switch1] interface gigabitethernet0/0/2
[Switch1-GigabitEthernet0/0/2] port hybrid tagged vlan 10
[Switch1-GigabitEthernet0/0/2] quit
[Switch1] interface gigabitethernet0/0/1
[Switch1-GigabitEthernet0/0/1] port hybrid tagged vlan 10
[Switch1-GigabitEthernet0/0/1] quit
# Configure Switch2.
[Switch2] vlan 100
[Switch2-vlan100] quit
[Switch2] interface gigabitethernet0/0/2
[Switch2-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[Switch2-GigabitEthernet0/0/2] quit
[Switch2] interface gigabitethernet0/0/1
[Switch2-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch2-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 100
[Switch2-GigabitEthernet0/0/1] quit
Step 3 Configure an IGP protocol on the MPLS backbone network. In this example, OSPF is used.
When configuring OSPF, advertise 32-bit addresses of loopback interfaces on PE1, P, and PE2,
which are used as the LSR IDs.
The configuration details are not mentioned here.
After the configuration is complete, OSPF neighbor relationships can be set up among PE1, P,
and PE2. Run the display ospf peer command. You can see that the neighbor status is Full. Run
the display ip routing-table command. You can see that the PEs learn the route to each other's
Loopback1 interface.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
159
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Step 4 Enable the basic MPLS functions and MPLS LDP on the MPLS network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls ldp
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls
[PE2-Vlanif30] mpls ldp
[PE2-Vlanif30] quit
Step 5 Create remote LDP sessions between PEs.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration is complete, run the display mpls ldp session command on PE1 to view
the setup of the LDP session. You can see that an LDP session is set up between PE1 and PE2.
The output on PE1 is used as an example.
<PE1> display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
160
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
PeerID
Status
LAM SsnRole SsnAge
KASent/Rcv
-----------------------------------------------------------------------------2.2.2.9:0
Operational DU Passive 000:15:29
3717/3717
3.3.3.9:0
Operational DU Passive 000:00:00
2/2
-----------------------------------------------------------------------------TOTAL: 2 session(s) Found.
Step 6 Enable MPLS L2VPN on PEs and set up VC connections.
# Configure PE1. Create a VC connection on GigabitEthernet0/0/1.1 that is connected to
Switch1.
[PE1] mpls l2vpn
[PE1-l2vpn] mpls l2vpn default martini
[PE1-l2vpn] quit
[PE1] interface gigabitethernet0/0/1.1
[PE1-GigabitEthernet0/0/1.1] qinq stacking vid 10 pe-vid 100
[PE1-GigabitEthernet0/0/1.1] mpls l2vc 3.3.3.9 101
[PE1-GigabitEthernet0/0/1.1] quit
# Configure PE2. Create a VC connection on GigabitEthernet0/0/2.1 that is connected to
Switch2.
[PE2] mpls l2vpn
[PE2-l2vpn] mpls l2vpn default martini
[PE2-l2vpn] quit
[PE2] interface gigabitethernet0/0/2.1
[PE2-GigabitEthernet0/0/2.1] qinq termination pe-vid 100 ce-vid 10
[PE2-GigabitEthernet0/0/2.1] mpls l2vc 1.1.1.9 101
[PE2-GigabitEthernet0/0/2.1] quit
Step 7 Verify the configuration.
Check the L2VPN connections on PEs. You can see that an L2VC connection is set up and is
in the Up state.
The display on PE1 is used as an example.
<PE1> display mpls l2vc interface gigabitethernet0/0/1.1
*client interface
: gigabitethernet0/0/1.1 is up
Administrator PW
: no
session state
: up
AC status
: up
VC state
: up
Label state
: 0
Token state
: 0
VC ID
: 101
VC type
: VLAN
destination
: 3.3.3.9
local group ID
: 0
remote group ID
local VC label
: 23552
remote VC label
local AC OAM State
: up
local PSN OAM State
: up
local forwarding state : forwarding
local status code
: 0x0
remote AC OAM state
: up
remote PSN OAM state
: up
remote forwarding state: forwarding
remote status code
: 0x0
ignore standby state
: no
BFD for PW
: unavailable
VCCV State
: up
manual fault
: not set
active state
: active
forwarding entry
: exist
OAM Protocol
: -OAM Status
: --
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
: 0
: 23552
161
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
OAM Fault Type
PW APS ID
PW APS Status
TTL Value
link state
local VC MTU
local VCCV
remote VCCV
local control word
tunnel policy name
PW template name
primary or secondary
load balance type
Access-port
Switchover Flag
VC tunnel/token info
NO.0 TNL type
Backup TNL type
create time
up time
last change time
VC last up time
VC total up time
CKey
NKey
PW redundancy mode
AdminPw interface
AdminPw link state
Diffserv Mode
Service Class
Color
DomainId
Domain Name
3 Ethernet
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
-0
-1
up
1500
remote VC MTU
: 1500
alert ttl lsp-ping bfd
alert ttl lsp-ping bfd
disable
remote control word : disable
--primary
flow
false
false
1 tunnels/tokens
lsp
, TNL ID : 0x10031
lsp
, TNL ID : 0x0
1 days, 22 hours, 15 minutes, 9 seconds
0 days, 22 hours, 54 minutes, 57 seconds
0 days, 22 hours, 54 minutes, 57 seconds
2010/10/09 19:26:37
1 days, 20 hours, 42 minutes, 30 seconds
8
3
---uniform
-----
CE1 and CE2 can ping each other.
The display on CE1 is used as an example.
<CE1> ping 100.1.1.2
PING 100.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms
Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms
Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms
Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms
--- 100.1.1.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/15/31 ms
----End
Configuration Files
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
162
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
port link-type trunk
port trunk allow-pass vlan 10
#
return
l
Configuration file of Switch1
#
sysname Switch1
#
vlan batch 10
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 10
#
return
l
Configuration file of PE1
#
sysname PE1
#
vlan batch 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
qinq stacking vid 10 pe-vid 100
mpls l2vc 3.3.3.9 101
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
l
Configuration file of P
#
sysname P
#
vlan batch 20 30
#
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
163
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif 20
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 30
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
#
return
l
Configuration file of PE2
#
sysname PE2
#
vlan batch 30
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
interface Vlanif 30
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/2.1
qinq termination pe-vid 100 ce-vid 10
mpls l2vc 1.1.1.9 101
#
interface LoopBack1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
164
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.2.0 0.0.0.255
#
return
l
Configuration file of Switch2
#
sysname Switch2
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port hybrid untagged vlan 100
port vlan-stacking vlan 10 stack-vlan 100
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 100
#
return
l
Configuration file of CE2
#
sysname CE2
#
vlan batch 10
#
interface Vlanif 10
ip address 100.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
3.5.9 Example for Configuring a Sub-interface for Dot1q VLAN Tag
Termination to Access a VPLS Network
Networking Requirements
As shown in Figure 3-24, VPLS is enabled on PE1 and PE2. CE1 is connected to PE1 and CE2
is connected to PE2. CE1 and CE2 are on the same VPLS network. PWs are established by using
LDP as the VPLS signaling protocol, and VPLS is configured to connect CE1 and CE2.
NOTE
Only the S5310EI and S5300HI support this configuration.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
165
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-24 Networking diagram for configuring a sub-interface for dot1q VLAN tag
termination to access a VPLS network
Loopback1
1.1.1.9/32
Loopback1
2.2.2.9/32
GE 0/0/1
GE 0/0/2
PE 1
GE0/0/1
Loopback1
3.3.3.9/32
GE 0/0/2
GE0/0/1
GE 0/0/2
P
GE0/0/1
PE 2
GE 0/0/1
Martini
CE 2
CE 1
Switch
Interface
VLANIF Interface
IP Address
PE1
GigabitEthernet0/0/1
GigabitEthernet0/0/1.1
-
-
GigabitEthernet0/0/2
VLANIF 20
168.1.1.1/24
-
Loopback1
-
1.1.1.9/32
PE2
GigabitEthernet0/0/1
VLANIF 30
169.1.1.2/24
-
GigabitEthernet0/0/2
GigabitEthernet0/0/2.1
-
-
Loopback1
-
3.3.3.9/32
P
GigabitEthernet0/0/1
VLANIF 20
168.1.1.2/24
-
GigabitEthernet0/0/2
VLANIF 30
169.1.1.1/24
-
Loopback1
-
2.2.2.9/32
CE1
GigabitEthernet0/0/1
VLANIF 10
10.1.1.1/24
CE2
GigabitEthernet0/0/1
VLANIF 10
10.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure a routing protocol on the backbone network to implement the interworking
between devices.
2.
Configure dot1q sub-interfaces on the PE interfaces connected to CEs to connect the dot1q
sub-interfaces to the VPLS network.
3.
Set up a remote LDP session between PEs.
4.
Establish tunnels between PEs for transmitting service data.
5.
Enable MPLS L2VPN on PEs.
6.
Create VSIs on PEs, specify the signaling protocol as LDP.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
166
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Procedure
Step 1 Configure the VLAN to which each interface belongs according to Figure 3-24.
The configuration details are not mentioned here.
NOTE
l The AC-side physical interface and PW-side physical interface of a PE cannot be added to the same
VLAN; otherwise, a loop occurs.
l After the configuration is complete, the packets sent from a CE to a PE must contain a VLAN tag.
Step 2 Configure IGP. OSPF is used as an example.
When configuring OSPF, advertise 32-bit loopback interface addresses of PE1, P, and PE2,
which are used as LSR IDs.
The configuration details are not mentioned here.
After the configuration is complete, run the display ip routing-table command on PE1, P, and
PE2. You can view the routes learned by PE1, P, and PE2 from each other.
Step 3 Configure the basic MPLS functions and MPLS LDP.
The configuration details are not mentioned here.
After the configuration is complete, run the display mpls ldp session command on PE1, P and
PE2. You can see that the peer relationship is set up between PE1 and P, and between P and
PE2. The status of the peer relationship is Operational. Run the display mpls lsp command to
view the configuration results.
Step 4 Set up a remote LDP session between PEs.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration is complete, run the display mpls ldp session command on PE1 or PE2.
You can see that the status of the peer relationship between PE1 and PE2 is Operational. That
is, the peer relationship is set up.
Step 5 Enable MPLS L2VPN on PEs.
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn]quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn]quit
Step 6 Configure a VSI on PEs.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
167
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
# Configure PE1.
[PE1] vsi a2 static
[PE1-vsi-a2] pwsignal ldp
[PE1-vsi-a2-ldp] vsi-id 2
[PE1-vsi-a2-ldp] peer 3.3.3.9
# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2] pwsignal ldp
[PE2-vsi-a2-ldp] vsi-id 2
[PE2-vsi-a2-ldp] peer 1.1.1.9
Step 7 Bind the interface to the VSI on the PE.
# Configure PE1.
[PE1] interface gigabitethernet0/0/1.1
[PE1-GigabitEthernet0/0/1.1] dot1q termination vid 10
[PE1-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE1-GigabitEthernet0/0/1.1] quit
# Configure PE2.
[PE2] interface gigabitethernet0/0/2.1
[PE2-GigabitEthernet0/0/2.1] dot1q termination vid 10
[PE2-GigabitEthernet0/0/2.1] l2 binding vsi a2
[PE2-GigabitEthernet0/0/2.1] quit
Step 8 Specify an IP address for each VLANIF interface on CEs.
# Configure CE1.
<HUAWEI> sysname CE1
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 255.255.255.0
[CE1-Vlanif10] quit
# Configure CE2.
<HUAWEI> sysname CE2
[CE2] interface vlanif 10
[CE2-Vlanif10] ip address 10.1.1.2 255.255.255.0
[CE2-Vlanif10] quit
Step 9 Verify the configuration.
After the configuration is complete, run the display vsi name a2 verbose command on PE1.
You can see that VSI a2 sets up a PW to PE2, and the status of the VSI is Up.
<PE1> display vsi name a2 verbose
***VSI Name
Administrator VSI
Isolate Spoken
VSI Index
PW Signaling
Member Discovery Style
PW MAC Learn Style
Encapsulation Type
MTU
Diffserv Mode
Mpls Exp
DomainId
Domain Name
Ignore AcState
Issue 04 (2013-11-06)
:
:
:
:
:
:
:
:
:
:
:
:
:
:
a2
no
disable
0
ldp
static
unqualify
vlan
1500
uniform
-0
disable
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
168
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
P2P VSI
Create Time
VSI State
VSI ID
*Peer Router ID
primary or secondary
ignore-standby-state
VC Label
Peer Type
Session
Tunnel ID
Broadcast Tunnel ID
Broad BackupTunnel ID
CKey
NKey
StpEnable
PwIndex
Interface Name
State
Access port
Last Up Time
Total Up Time
3 Ethernet
: disable
: 0 days, 0 hours, 5 minutes, 1 seconds
: up
:
:
:
:
:
:
:
:
:
:
:
:
:
:
2
3.3.3.9
primary
no
23552
dynamic
up
0x20021
0x20021
0x0
2
1
0
0
:
:
:
:
:
gigabitethernet0/0/1.1
up
false
2010/12/30 11:31:18
0 days, 0 hours, 1 minutes, 35 seconds
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
3.3.3.9
up
23552
23552
label
0x20021
0x20021
0x0
0x2
0x1
0x20021
0x0
LSP
Vlanif20
**PW Information:
*Peer Ip Address
PW State
Local VC Label
Remote VC Label
PW Type
Tunnel ID
Broadcast Tunnel ID
Broad BackupTunnel ID
Ckey
Nkey
Main PW Token
Slave PW Token
Tnl Type
OutInterface
Backup OutInterface
Stp Enable
PW Last Up Time
PW Total Up Time
0
2010/12/30 11:32:03
0 days, 0 hours, 0 minutes, 50 seconds
CE1 (10.1.1.1) can ping CE2 (10.1.1.2) successfully.
<CE1> ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94
--- 10.1.1.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 34/68/94 ms
ms
ms
ms
ms
ms
----End
Configuration Files
l
Issue 04 (2013-11-06)
Configuration file of CE1
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
169
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
l
Configuration file of CE2
#
sysname CE2
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
l
Configuration file of PE1
#
sysname PE1
#
vlan batch 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
interface Vlanif20
ip address 168.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 10
l2 binding vsi a2
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
170
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 168.1.1.0 0.0.0.255
#
return
l
Configuration file of P
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 168.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 169.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 168.1.1.0 0.0.0.255
network 169.1.1.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
return
l
Configuration file of PE2
#
sysname PE2
#
vlan batch 30
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.9
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
171
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
remote-ip 1.1.1.9
#
interface Vlanif30
ip address 169.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/2.1
dot1q termination vid 10
l2 binding vsi a2
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 169.1.1.0 0.0.0.255
#
return
3.5.10 Example for Configuring a Sub-interface for QinQ VLAN
Tag Termination to Access a VPLS Network
Networking Requirements
As shown in Figure 3-25, VPLS is enabled on PE1 and PE2. CE1 connects to PE1 through
Switch1 and CE2 connects to PE2 through Switch2. CE1 and CE2 are on the same VPLS
network. PWs are established by using LDP as the VPLS signaling protocol, and VPLS is
configured to connect CE1 and CE2.
You are required to configure selective QinQ on the interfaces connected to CEs so that
Switch adds the VLAN tags specified by the carrier to the packets sent from CEs.
When Switch is connected to multiple CEs, Switch can add the same VLAN tags to the packets
from different CEs, which saves VLAN IDs on the public network.
NOTE
Only the S5310EI and S5300HI support this configuration.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
172
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-25 Networking diagram for configuring a sub-interface for QinQ VLAN tag
termination to access a VPLS network
Loopback1
1.1.1.9/32
Loopback1
2.2.2.9/32
GE0/0/2
GE0/0/1
PE1
GE0/0/1
Loopback1
3.3.3.9/32
GE0/0/2
GE0/0/1
PE2
GE0/0/2
P
GE0/0/2
GE0/0/2
Switch1
Switch2
GE0/0/1
GE0/0/1
GE0/0/1
GE0/0/1
CE1
CE2
Switch
Interface
VLANIF Interface
IP Address
PE1
GigabitEthernet0/0/1
GigabitEthernet0/0/1.1
-
-
GigabitEthernet0/0/2
VLANIF 20
168.1.1.1/24
-
Loopback1
-
1.1.1.9/32
PE2
GigabitEthernet0/0/1
VLANIF 30
169.1.1.2/24
-
GigabitEthernet0/0/2
GigabitEthernet0/0/2.1
-
-
Loopback1
-
3.3.3.9/32
P
GigabitEthernet0/0/1
VLANIF 20
168.1.1.2/24
-
GigabitEthernet0/0/2
VLANIF 30
169.1.1.1/24
-
Loopback1
-
2.2.2.9/32
CE1
GigabitEthernet0/0/1
VLANIF 10
10.1.1.1/24
CE2
GigabitEthernet0/0/1
VLANIF 10
10.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure a routing protocol on the backbone network to implement the interworking
between devices.
2.
Configure selective QinQ on Switch interfaces connected to CEs.
3.
Set up a remote LDP session between PEs.
4.
Establish tunnels between PEs for transmitting service data.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
173
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
5.
Enable MPLS L2VPN on PEs.
6.
Create VSIs on PEs, specify the signaling protocol as LDP.
7.
Configure QinQ sub-interfaces on the PE interfaces connected to Switch to connect the
QinQ interfaces to the VPLS network.
Procedure
Step 1 Configure the VLAN to which each interface belongs according to Figure 3-25.
The configuration details are not mentioned here.
NOTE
l The AC-side physical interface and PW-side physical interface of a PE cannot be added to the same
VLAN; otherwise, a loop occurs.
l After the configuration is complete, the packets sent from a CE to Switch must contain a VLAN tag.
Step 2 Configure selective QinQ on the interfaces of Switch and specify the VLANs allowed by the
interfaces.
# Configure Switch1.
[Switch1] vlan 100
[Switch1-vlan100] quit
[Switch1] interface gigabitethernet0/0/2
[Switch1-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[Switch1-GigabitEthernet0/0/2] quit
[Switch1] interface gigabitethernet0/0/1
[Switch1-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch1-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 100
[Switch1-GigabitEthernet0/0/1] quit
# Configure Switch2.
[Switch2] vlan 100
[Switch2-vlan100] quit
[Switch2] interface gigabitethernet0/0/2
[Switch2-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[Switch2-GigabitEthernet0/0/2] quit
[Switch2] interface gigabitethernet0/0/1
[Switch2-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch2-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 100
[Switch2-GigabitEthernet0/0/1] quit
Step 3 Configure IGP. OSPF is used as an example.
When configuring OSPF, advertise 32-bit loopback interface addresses of PE1, P, and PE2,
which are used as LSR IDs.
The configuration details are not mentioned here.
After the configuration is complete, run the display ip routing-table command on PE1, P, and
PE2. You can view the routes learned by PE1, P, and PE2 from each other.
Step 4 Configure the basic MPLS functions and MPLS LDP.
The configuration details are not mentioned here.
After the configuration is complete, run the display mpls ldp session command on PE1, P and
PE2. You can see that the peer relationship is set up between PE1 and P, and between P and
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
174
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
PE2. The status of the peer relationship is Operational. Run the display mpls lsp command to
view the configuration results.
Step 5 Set up a remote LDP session between PEs.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration is complete, run the display mpls ldp session command on PE1 or PE2.
You can see that the status of the peer relationship between PE1 and PE2 is Operational. That
is, the peer relationship is set up.
Step 6 Enable MPLS L2VPN on PEs.
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn]quit
# Configure PE2.
[PE2] mpls l2vpn
[PE12-l2vpn]quit
Step 7 Configure a VSI on PEs.
# Configure PE1.
[PE1] vsi a2 static
[PE1-vsi-a2] pwsignal ldp
[PE1-vsi-a2-ldp] vsi-id 2
[PE1-vsi-a2-ldp] peer 3.3.3.9
# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2] pwsignal ldp
[PE2-vsi-a2-ldp] vsi-id 2
[PE2-vsi-a2-ldp] peer 1.1.1.9
Step 8 Bind the interface to the VSI on the PE.
# Configure PE1.
[PE1] interface gigabitethernet0/0/1.1
[PE1-GigabitEthernet0/0/1.1] qinq termination pe-vid 100 ce-vid 10
[PE1-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE1-GigabitEthernet0/0/1.1] quit
# Configure PE2.
[PE2] interface gigabitethernet0/0/2.1
[PE2-GigabitEthernet0/0/2.1] qinq termination pe-vid 100 ce-vid 10
[PE2-GigabitEthernet0/0/2.1] l2 binding vsi a2
[PE2-GigabitEthernet0/0/2.1] quit
Step 9 Specify an IP address for each VLANIF interface on CEs.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
175
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
# Configure CE1.
<HUAWEI> sysname CE1
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 255.255.255.0
[CE1-Vlanif10] quit
# Configure CE2.
<HUAWEI> sysname CE2
[CE2] interface vlanif 10
[CE2-Vlanif10] ip address 10.1.1.2 255.255.255.0
[CE2-Vlanif10] quit
Step 10 Verify the configuration.
After the configuration is complete, run the display vsi name a2 verbose command on PE1.
You can see that VSI a2 sets up a PW to PE2, and the status of the VSI is Up.
<PE1> display vsi name a2 verbose
***VSI Name
Administrator VSI
Isolate Spoken
VSI Index
PW Signaling
Member Discovery Style
PW MAC Learn Style
Encapsulation Type
MTU
Diffserv Mode
Mpls Exp
DomainId
Domain Name
Ignore AcState
P2P VSI
Create Time
VSI State
VSI ID
*Peer Router ID
primary or secondary
ignore-standby-state
VC Label
Peer Type
Session
Tunnel ID
Broadcast Tunnel ID
Broad BackupTunnel ID
CKey
NKey
StpEnable
PwIndex
Interface Name
State
Access port
Last Up Time
Total Up Time
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
a2
no
disable
0
ldp
static
unqualify
vlan
1500
uniform
-0
:
:
:
:
:
:
:
:
:
:
:
:
:
:
2
3.3.3.9
primary
no
23552
dynamic
up
0x20021,
0x20021
0x0
2
1
0
0
:
:
:
:
:
gigabitethernet0/0/1.1
up
false
2010/12/30 11:31:18
0 days, 0 hours, 1 minutes, 35 seconds
:
:
:
:
:
3.3.3.9
up
23552
23552
label
disable
disable
0 days, 0 hours, 5 minutes, 1 seconds
up
**PW Information:
*Peer Ip Address
PW State
Local VC Label
Remote VC Label
PW Type
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
176
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Tunnel ID
Broadcast Tunnel ID
Broad BackupTunnel ID
Ckey
Nkey
Main PW Token
Slave PW Token
Tnl Type
OutInterface
Backup OutInterface
Stp Enable
PW Last Up Time
PW Total Up Time
3 Ethernet
:
:
:
:
:
:
:
:
:
:
:
:
:
0x20021,
0x20021
0x0
0x2
0x1
0x20021
0x0
LSP
Vlanif20
0
2010/12/30 11:32:03
0 days, 0 hours, 0 minutes, 50 seconds
CE1 (10.1.1.1) can ping CE2 (10.1.1.2) successfully.
<CE1> ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94
--- 10.1.1.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 34/68/94 ms
ms
ms
ms
ms
ms
----End
Configuration Files
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
l
Configuration file of CE2
#
sysname CE2
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
l
Configuration file of CE2
#
sysname CE2
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
177
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
l
Configuration file of Switch1
#
sysname Switch1
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port hybrid untagged vlan 100
port vlan-stacking vlan 10 stack-vlan 100
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 100
#
return
l
Configuration file of Switch2
#
sysname Switch2
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port hybrid untagged vlan 100
port vlan-stacking vlan 10 stack-vlan 100
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 100
#
return
l
Configuration file of PE1
#
sysname PE1
#
vlan batch 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
interface Vlanif20
ip address 168.1.1.1 255.255.255.0
mpls
mpls ldp
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
178
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
qinq termination pe-vid 100 ce-vid 10
l2 binding vsi a2
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 168.1.1.0 0.0.0.255
#
return
l
Configuration file of P
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 168.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 169.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 168.1.1.0 0.0.0.255
network 169.1.1.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
return
l
Configuration file of PE2
#
sysname PE2
#
vlan batch 30
#
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
179
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.9
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
interface Vlanif30
ip address 169.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/2.1
qinq termination pe-vid 100 ce-vid 10
l2 binding vsi a2
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 169.1.1.0 0.0.0.255
#
return
3.5.11 Example for Configuring a Single-tagged VLAN Mapping
Sub-interface to Access a VPLS Network
Networking Requirements
As shown in Figure 3-26, VPLS is enabled on PE1 and PE2. CE1 is connected to PE1 and CE2
is connected to PE2. CE1 and CE2 are on the same VPLS network. PWs are established by using
LDP as the VPLS signaling protocol, and VPLS is configured to connect CE1 and CE2.
NOTE
Only the S5310EI and S5300HI support this configuration.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
180
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-26 Networking diagram for configuring a single-tagged VLAN mapping sub-interface
to access a VPLS network
Loopback1
2.2.2.9/32
Loopback1
1.1.1.9/32
GE 0/0/1
PE 1
GE 0/0/2
GE 0/0/2
GE0/0/1
Loopback1
3.3.3.9/32
GE0/0/1
P
GE0/0/1
Martini
CE 1
PE 2
GE 0/0/2
GE 0/0/1
CE 2
Switch
Interface
VLANIF Interface
IP Address
PE1
GigabitEthernet0/0/1
GigabitEthernet0/0/1.1
-
-
GigabitEthernet0/0/2
VLANIF 20
168.1.1.1/24
-
Loopback1
-
1.1.1.9/32
PE2
GigabitEthernet0/0/1
VLANIF 30
169.1.1.2/24
-
GigabitEthernet0/0/2
GigabitEthernet0/0/2.1
-
-
Loopback1
-
3.3.3.9/32
P
GigabitEthernet0/0/1
VLANIF 20
168.1.1.2/24
-
GigabitEthernet0/0/2
VLANIF 30
169.1.1.1/24
-
Loopback1
-
2.2.2.9/32
CE1
GigabitEthernet0/0/1
VLANIF 10
10.1.1.1/24
CE2
GigabitEthernet0/0/1
VLANIF 20
10.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure a routing protocol on the backbone network to implement the interworking
between devices.
2.
Set up a remote LDP session between PEs.
3.
Establish tunnels between PEs for transmitting service data.
4.
Enable MPLS L2VPN on PEs.
5.
Create VSIs on PEs, specify the signaling protocol as LDP.
6.
Configure single-tagged VLAN mapping on the sub-interface connected to CE1 on PE1
and connect the sub-interface to the VPLS network.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
181
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
7.
3 Ethernet
Configure dot1q sub-interfaces on the PE2 interface connected to CE2 to connect the dot1q
sub-interfaces to the VPLS network.
Procedure
Step 1 Configure the VLAN to which each interface belongs according to Figure 3-26.
The configuration details are not mentioned here.
NOTE
l The AC-side physical interface and PW-side physical interface of a PE cannot be added to the same
VLAN; otherwise, a loop occurs.
l After the configuration is complete, the packets sent from a CE to a PE must contain a VLAN tag.
Step 2 Configure IGP. OSPF is used as an example.
When configuring OSPF, advertise 32-bit loopback interface addresses of PE1, P, and PE2,
which are used as LSR IDs.
The configuration details are not mentioned here.
After the configuration is complete, run the display ip routing-table command on PE1, P, and
PE2. You can view the routes learned by PE1, P, and PE2 from each other.
Step 3 Configure the basic MPLS functions and MPLS LDP.
The configuration details are not mentioned here.
After the configuration is complete, run the display mpls ldp session command on PE1, P and
PE2. You can see that the peer relationship is set up between PE1 and P, and between P and
PE2. The status of the peer relationship is Operational. Run the display mpls lsp command to
view the configuration results.
Step 4 Set up a remote LDP session between PEs.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration is complete, run the display mpls ldp session command on PE1 or PE2.
You can see that the status of the peer relationship between PE1 and PE2 is Operational. That
is, the peer relationship is set up.
Step 5 Enable MPLS L2VPN on PEs.
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn]quit
# Configure PE2.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
182
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[PE2] mpls l2vpn
[PE2-l2vpn]quit
Step 6 Configure a VSI on PEs.
# Configure PE1.
[PE1] vsi a2 static
[PE1-vsi-a2] pwsignal ldp
[PE1-vsi-a2-ldp] vsi-id 2
[PE1-vsi-a2-ldp] peer 3.3.3.9
# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2] pwsignal ldp
[PE2-vsi-a2-ldp] vsi-id 2
[PE2-vsi-a2-ldp] peer 1.1.1.9
Step 7 Bind the interface to the VSI on the PE.
# Configure PE1.
[PE1] interface gigabitethernet0/0/1.1
[PE1-GigabitEthernet0/0/1.1] qinq mapping vid 10 map-vlan vid 20
[PE1-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE1-GigabitEthernet0/0/1.1] quit
# Configure PE2.
[PE2] interface gigabitethernet0/0/2.1
[PE2-GigabitEthernet0/0/2.1] dot1q termination vid 20
[PE2-GigabitEthernet0/0/2.1] l2 binding vsi a2
[PE2-GigabitEthernet0/0/2.1] quit
Step 8 Specify an IP address for each VLANIF interface on CEs.
# Configure CE1.
<HUAWEI> sysname CE1
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 255.255.255.0
[CE1-Vlanif10] quit
# Configure CE2.
<HUAWEI> sysname CE2
[CE2] interface vlanif 20
[CE2-Vlanif20] ip address 10.1.1.2 255.255.255.0
[CE2-Vlanif20] quit
Step 9 Verify the configuration.
After the configuration is complete, run the display vsi name a2 verbose command on PE1.
You can see that VSI a2 sets up a PW to PE2, and the status of the VSI is Up.
<PE1> display vsi name a2 verbose
***VSI Name
Administrator VSI
Isolate Spoken
VSI Index
PW Signaling
Member Discovery Style
PW MAC Learn Style
Encapsulation Type
Issue 04 (2013-11-06)
:
:
:
:
:
:
:
:
a2
no
disable
0
ldp
static
unqualify
vlan
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
183
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
MTU
Diffserv Mode
Mpls Exp
DomainId
Domain Name
Ignore AcState
P2P VSI
Create Time
VSI State
VSI ID
*Peer Router ID
primary or secondary
ignore-standby-state
VC Label
Peer Type
Session
Tunnel ID
Broadcast Tunnel ID
Broad BackupTunnel ID
CKey
NKey
StpEnable
PwIndex
Interface Name
State
Access port
Last Up Time
Total Up Time
3 Ethernet
:
:
:
:
:
:
:
:
:
1500
uniform
-0
:
:
:
:
:
:
:
:
:
:
:
:
:
:
2
3.3.3.9
primary
no
23552
dynamic
up
0x20021,
0x20021
0x0
2
1
0
0
:
:
:
:
:
gigabitethernet0/0/1.1
up
false
2010/12/30 11:31:18
0 days, 0 hours, 1 minutes, 35 seconds
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
3.3.3.9
up
23552
23552
label
0x20021,
0x20021
0x0
0x2
0x1
0x20021
0x0
LSP
Vlanif20
disable
disable
0 days, 0 hours, 5 minutes, 1 seconds
up
**PW Information:
*Peer Ip Address
PW State
Local VC Label
Remote VC Label
PW Type
Tunnel ID
Broadcast Tunnel ID
Broad BackupTunnel ID
Ckey
Nkey
Main PW Token
Slave PW Token
Tnl Type
OutInterface
Backup OutInterface
Stp Enable
PW Last Up Time
PW Total Up Time
0
2010/12/30 11:32:03
0 days, 0 hours, 0 minutes, 50 seconds
CE1 (10.1.1.1) can ping CE2 (10.1.1.2) successfully.
<CE1> ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94
--- 10.1.1.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 34/68/94 ms
ms
ms
ms
ms
ms
----End
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
184
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Configuration Files
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
l
Configuration file of CE2
#
sysname CE2
#
vlan batch 20
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
return
l
Configuration file of PE1
#
sysname PE1
#
vlan batch 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
interface Vlanif20
ip address 168.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
qinq mapping vid 10 map-vlan vid 20
l2 binding vsi a2
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid tagged vlan 20
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
185
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 168.1.1.0 0.0.0.255
#
return
l
Configuration file of P
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 168.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 169.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 168.1.1.0 0.0.0.255
network 169.1.1.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
return
l
Configuration file of PE2
#
sysname PE2
#
vlan batch 30
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.9
#
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
186
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
interface Vlanif30
ip address 169.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/2.1
dot1q termination vid 20
l2 binding vsi a2
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 169.1.1.0 0.0.0.255
#
return
3.5.12 Example for Configuring a Double-tagged VLAN Mapping
Sub-interface to Access a VPLS Network
Networking Requirements
As shown in Figure 3-27, VPLS is enabled on PE1 and PE2. CE1 connects to PE1 through
Switch1 and CE2 connects to PE2 through Switch2. CE1 and CE2 are on the same VPLS
network. PWs are established by using LDP as the VPLS signaling protocol, and VPLS is
configured to connect CE1 and CE2.
You are required to configure selective QinQ on the interfaces connected to CEs so that
Switch adds the VLAN tags specified by the carrier to the packets sent from CEs.
When Switch1 and Switch2 add different VLAN tags to packets, you need to configure doubletagged VLAN mapping on a sub-interface and connect the sub-interface to the VPLS. Then CE1
and CE2 can communicate with each other.
When Switch is connected to multiple CEs, Switch can add the same VLAN tags to the packets
from different CEs, which saves VLAN IDs on the public network.
NOTE
Only the S5310EI and S5300HI support this configuration.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
187
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-27 Networking diagram for configuring a double-tagged VLAN mapping sub-interface
to access a VPLS network
Loopback1
1.1.1.9/32
Loopback1
2.2.2.9/32
GE0/0/2
GE0/0/1
PE1
GE0/0/1
Loopback1
3.3.3.9/32
GE0/0/2
GE0/0/1
PE2
GE0/0/2
P
GE0/0/2
GE0/0/2
Switch1
Switch2
GE0/0/1
GE0/0/1
GE0/0/1
GE0/0/1
CE1
CE2
Switch
Interface
VLANIF Interface
IP Address
PE1
GigabitEthernet0/0/1
GigabitEthernet0/0/1.1
-
-
GigabitEthernet0/0/2
VLANIF 20
168.1.1.1/24
-
Loopback1
-
1.1.1.9/32
PE2
GigabitEthernet0/0/1
VLANIF 30
169.1.1.2/24
-
GigabitEthernet0/0/2
GigabitEthernet0/0/2.1
-
-
Loopback1
-
3.3.3.9/32
P
GigabitEthernet0/0/1
VLANIF 20
168.1.1.2/24
-
GigabitEthernet0/0/2
VLANIF 30
169.1.1.1/24
-
Loopback1
-
2.2.2.9/32
CE1
GigabitEthernet0/0/1
VLANIF 10
10.1.1.1/24
CE2
GigabitEthernet0/0/1
VLANIF 10
10.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure a routing protocol on the backbone network to implement the interworking
between devices.
2.
Configure selective QinQ on Switch interfaces connected to CEs.
3.
Set up a remote LDP session between PEs.
4.
Establish tunnels between PEs for transmitting service data.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
188
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
5.
Enable MPLS L2VPN on PEs.
6.
Create VSIs on PEs, specify the signaling protocol as LDP.
7.
Configure double-tagged VLAN mapping on the sub-interface connected to Switch1 on
PE1 and connect the sub-interface to the VPLS network.
8.
Configure a QinQ sub-interface on the interface connected to Switch2 on PE2 and connect
the sub-interface to the VPLS network.
Procedure
Step 1 Configure the VLAN to which each interface belongs according to Figure 3-27.
The configuration details are not mentioned here.
NOTE
l The AC-side physical interface and PW-side physical interface of a PE cannot be added to the same
VLAN; otherwise, a loop occurs.
l After the configuration is complete, the packets sent from a CE to Switch must contain a VLAN tag.
Step 2 Configure selective QinQ on the interfaces of Switch and specify the VLANs allowed by the
interfaces.
# Configure Switch1.
[Switch1] vlan 100
[Switch1-vlan100] quit
[Switch1] interface gigabitethernet0/0/2
[Switch1-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[Switch1-GigabitEthernet0/0/2] quit
[Switch1] interface gigabitethernet0/0/1
[Switch1-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch1-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 100
[Switch1-GigabitEthernet0/0/1] quit
# Configure Switch2.
[Switch2] vlan 200
[Switch2-vlan200] quit
[Switch2] interface gigabitethernet0/0/2
[Switch2-GigabitEthernet0/0/2] port hybrid tagged vlan 200
[Switch2-GigabitEthernet0/0/2] quit
[Switch2] interface gigabitethernet0/0/1
[Switch2-GigabitEthernet0/0/1] port hybrid untagged vlan 200
[Switch2-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 200
[Switch2-GigabitEthernet0/0/1] quit
Step 3 Configure IGP. OSPF is used as an example.
When configuring OSPF, advertise 32-bit loopback interface addresses of PE1, P, and PE2,
which are used as LSR IDs.
The configuration details are not mentioned here.
After the configuration is complete, run the display ip routing-table command on PE1, P, and
PE2. You can view the routes learned by PE1, P, and PE2 from each other.
Step 4 Configure the basic MPLS functions and MPLS LDP.
The configuration details are not mentioned here.
After the configuration is complete, run the display mpls ldp session command on PE1, P and
PE2. You can see that the peer relationship is set up between PE1 and P, and between P and
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
189
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
PE2. The status of the peer relationship is Operational. Run the display mpls lsp command to
view the configuration results.
Step 5 Set up a remote LDP session between PEs.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration is complete, run the display mpls ldp session command on PE1 or PE2.
You can see that the status of the peer relationship between PE1 and PE2 is Operational. That
is, the peer relationship is set up.
Step 6 Enable MPLS L2VPN on PEs.
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn]quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn]quit
Step 7 Configure a VSI on PEs.
# Configure PE1.
[PE1] vsi a2 static
[PE1-vsi-a2] pwsignal ldp
[PE1-vsi-a2-ldp] vsi-id 2
[PE1-vsi-a2-ldp] peer 3.3.3.9
# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2] pwsignal ldp
[PE2-vsi-a2-ldp] vsi-id 2
[PE2-vsi-a2-ldp] peer 1.1.1.9
Step 8 Bind the interface to the VSI on the PE.
# Configure PE1.
[PE1] interface gigabitethernet0/0/1.1
[PE1-GigabitEthernet0/0/1.1] qinq mapping pe-vid 100 ce-vid 10 map-vlan vid 200
[PE1-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE1-GigabitEthernet0/0/1.1] quit
# Configure PE2.
[PE2] interface gigabitethernet0/0/2.1
[PE2-GigabitEthernet0/0/2.1] qinq termination pe-vid 200 ce-vid 10
[PE2-GigabitEthernet0/0/2.1] l2 binding vsi a2
[PE2-GigabitEthernet0/0/2.1] quit
Step 9 Specify an IP address for each VLANIF interface on CEs.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
190
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
# Configure CE1.
<HUAWEI> sysname CE1
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 255.255.255.0
[CE1-Vlanif10] quit
# Configure CE2.
<HUAWEI> sysname CE2
[CE2] interface vlanif 10
[CE2-Vlanif10] ip address 10.1.1.2 255.255.255.0
[CE2-Vlanif10] quit
Step 10 Verify the configuration.
After the configuration is complete, run the display vsi name a2 verbose command on PE1.
You can see that VSI a2 sets up a PW to PE2, and the status of the VSI is Up.
<PE1> display vsi name a2 verbose
***VSI Name
Administrator VSI
Isolate Spoken
VSI Index
PW Signaling
Member Discovery Style
PW MAC Learn Style
Encapsulation Type
MTU
Diffserv Mode
Mpls Exp
DomainId
Domain Name
Ignore AcState
P2P VSI
Create Time
VSI State
VSI ID
*Peer Router ID
primary or secondary
ignore-standby-state
VC Label
Peer Type
Session
Tunnel ID
Broadcast Tunnel ID
Broad BackupTunnel ID
CKey
NKey
StpEnable
PwIndex
Interface Name
State
Access port
Last Up Time
Total Up Time
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
a2
no
disable
0
ldp
static
unqualify
vlan
1500
uniform
-0
:
:
:
:
:
:
:
:
:
:
:
:
:
:
2
3.3.3.9
primary
no
23552
dynamic
up
0x20021,
0x20021
0x0
2
1
0
0
:
:
:
:
:
gigabitethernet0/0/1.1
up
false
2010/12/30 11:31:18
0 days, 0 hours, 1 minutes, 35 seconds
:
:
:
:
:
3.3.3.9
up
23552
23552
label
disable
disable
0 days, 0 hours, 5 minutes, 1 seconds
up
**PW Information:
*Peer Ip Address
PW State
Local VC Label
Remote VC Label
PW Type
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
191
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Tunnel ID
Broadcast Tunnel ID
Broad BackupTunnel ID
Ckey
Nkey
Main PW Token
Slave PW Token
Tnl Type
OutInterface
Backup OutInterface
Stp Enable
PW Last Up Time
PW Total Up Time
3 Ethernet
:
:
:
:
:
:
:
:
:
:
:
:
:
0x20021,
0x20021
0x0
0x2
0x1
0x20021
0x0
LSP
Vlanif20
0
2010/12/30 11:32:03
0 days, 0 hours, 0 minutes, 50 seconds
CE1 (10.1.1.1) can ping CE2 (10.1.1.2) successfully.
<CE1> ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94
ms
ms
ms
ms
ms
--- 10.1.1.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 34/68/94 ms
----End
Configuration Files
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
l
Configuration file of CE2
#
sysname CE2
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
l
Configuration file of Switch1
#
sysname Switch1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
192
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port hybrid untagged vlan 100
port vlan-stacking vlan 10 stack-vlan 100
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 100
#
return
l
Configuration file of Switch2
#
sysname Switch2
#
vlan batch 200
#
interface GigabitEthernet0/0/1
port hybrid untagged vlan 200
port vlan-stacking vlan 10 stack-vlan 200
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 200
#
return
l
Configuration file of PE1
#
sysname PE1
#
vlan batch 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
interface Vlanif20
ip address 168.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
qinq mapping pe-vid 100 ce-vid 10 map-vlan vid 200
l2 binding vsi a2
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
193
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 168.1.1.0 0.0.0.255
#
return
l
Configuration file of P
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 168.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 169.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 168.1.1.0 0.0.0.255
network 169.1.1.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
return
l
Configuration file of PE2
#
sysname PE2
#
vlan batch 30
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.9
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
194
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
interface Vlanif30
ip address 169.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/2.1
qinq termination pe-vid 200 ce-vid 10
l2 binding vsi a2
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 169.1.1.0 0.0.0.255
#
return
3.5.13 Example for Configuring a VLAN Stacking Sub-interface to
Access a VPLS Network
Networking Requirements
As shown in Figure 3-28, VPLS is enabled on PE1 and PE2. CE1 connects to PE1 through
Switch1 and CE2 connects to PE2 through Switch2. CE1 and CE2 are on the same VPLS
network. PWs are established by using LDP as the VPLS signaling protocol, and VPLS is
configured to connect CE1 and CE2.
Switch1 forwards the packets sent from CE1 without changing the VLAN tags of the packets.
You are required to configure selective QinQ on the interfaces connected to CE2 so that
Switch2 adds the VLAN tag specified by the carrier to the packets sent from CE.
The packets sent from Switch1 to PE1 contain only one VLAN tag, and the packets sent
fromSwitch2 to PE2 contain double VLAN tags. Therefore, you need to configure VLAN
stacking on the sub-interface of PE1 connected to Switch1 and connect the sub-interface to the
VPLS network. Then CE1 and CE2 can communicate with each other.
When Switch is connected to multiple CEs, Switch can add the same VLAN tags to the packets
from different CEs, which saves VLAN IDs on the public network.
NOTE
Only the S5310EI and S5300HI support this configuration.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
195
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-28 Networking diagram for a VLAN stacking sub-interface to access a VPLS network
Loopback1
1.1.1.9/32
Loopback1
2.2.2.9/32
GE0/0/2
GE0/0/1
PE1
GE0/0/1
Loopback1
3.3.3.9/32
GE0/0/2
GE0/0/1
PE2
GE0/0/2
P
GE0/0/2
GE0/0/2
Switch1
Switch2
GE0/0/1
GE0/0/1
GE0/0/1
GE0/0/1
CE1
CE2
Switch
Interface
VLANIF Interface
IP Address
PE1
GigabitEthernet0/0/1
GigabitEthernet0/0/1.1
-
-
GigabitEthernet0/0/2
VLANIF 20
168.1.1.1/24
-
Loopback1
-
1.1.1.9/32
PE2
GigabitEthernet0/0/1
VLANIF 30
169.1.1.2/24
-
GigabitEthernet0/0/2
GigabitEthernet0/0/2.1
-
-
Loopback1
-
3.3.3.9/32
P
GigabitEthernet0/0/1
VLANIF 20
168.1.1.2/24
-
GigabitEthernet0/0/2
VLANIF 30
169.1.1.1/24
-
Loopback1
-
2.2.2.9/32
CE1
GigabitEthernet0/0/1
VLANIF 10
10.1.1.1/24
CE2
GigabitEthernet0/0/1
VLANIF 10
10.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure a routing protocol on the backbone network to implement the interworking
between devices.
2.
Add the interface connected to CE1 on Switch1 to a specified VLAN.
3.
Configure selective QinQ on interfaces connected to CE2 on Switch2.
4.
Set up a remote LDP session between PEs.
5.
Establish tunnels between PEs for transmitting service data.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
196
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
6.
Enable MPLS L2VPN on PEs.
7.
Create VSIs on PEs, specify the signaling protocol as LDP.
8.
Configure a VLAN stacking sub-interface connected to Switch1 on PE1 and connect the
sub-interface to the VPLS network.
9.
Configure a QinQ sub-interface on the interface connected to Switch2 on PE2 and connect
the sub-interface to the VPLS network.
Procedure
Step 1 Configure the VLAN to which each interface belongs according to Figure 3-28.
The configuration details are not mentioned here.
NOTE
l The AC-side physical interface and PW-side physical interface of a PE cannot be added to the same
VLAN; otherwise, a loop occurs.
l After the configuration, the packets sent from a CE to Switch must contain a VLAN tag.
Step 2 Configure selective QinQ on the interfaces of Switch and specify the VLANs allowed by the
interfaces.
# Configure Switch1.
[Switch1] vlan 10
[Switch1-vlan10] quit
[Switch1] interface gigabitethernet0/0/2
[Switch1-GigabitEthernet0/0/2] port hybrid tagged vlan 10
[Switch1-GigabitEthernet0/0/2] quit
[Switch1] interface gigabitethernet0/0/1
[Switch1-GigabitEthernet0/0/1] port hybrid tagged vlan 10
[Switch1-GigabitEthernet0/0/1] quit
# Configure Switch2.
[Switch2] vlan 100
[Switch2-vlan100] quit
[Switch2] interface gigabitethernet0/0/2
[Switch2-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[Switch2-GigabitEthernet0/0/2] quit
[Switch2] interface gigabitethernet0/0/1
[Switch2-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch2-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 100
[Switch2-GigabitEthernet0/0/1] quit
Step 3 Configure IGP. OSPF is used as an example.
When configuring OSPF, advertise 32-bit loopback interface addresses of PE1, P, and PE2,
which are used as LSR IDs.
The configuration details are not mentioned here.
After the configuration is complete, run the display ip routing-table command on PE1, P, and
PE2. You can view the routes learned by PE1, P, and PE2 from each other.
Step 4 Configure the basic MPLS functions and MPLS LDP.
The configuration details are not mentioned here.
After the configuration is complete, run the display mpls ldp session command on PE1, P and
PE2. You can see that the peer relationship is set up between PE1 and P, and between P and
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
197
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
PE2. The status of the peer relationship is Operational. Run the display mpls lsp command to
view the configuration results.
Step 5 Set up a remote LDP session between PEs.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration is complete, run the display mpls ldp session command on PE1 or PE2.
You can see that the status of the peer relationship between PE1 and PE2 is Operational. That
is, the peer relationship is set up.
Step 6 Enable MPLS L2VPN on PEs.
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn]quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn]quit
Step 7 Configure a VSI on PEs.
# Configure PE1.
[PE1] vsi a2 static
[PE1-vsi-a2] pwsignal ldp
[PE1-vsi-a2-ldp] vsi-id 2
[PE1-vsi-a2-ldp] peer 3.3.3.9
# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2] pwsignal ldp
[PE2-vsi-a2-ldp] vsi-id 2
[PE2-vsi-a2-ldp] peer 1.1.1.9
Step 8 Bind the interface to the VSI on the PE.
# Configure PE1.
[PE1] interface gigabitethernet0/0/1.1
[PE1-GigabitEthernet0/0/1.1] qinq stacking vid 10 pe-vid 100
[PE1-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE1-GigabitEthernet0/0/1.1] quit
# Configure PE2.
[PE2] interface gigabitethernet0/0/2.1
[PE2-GigabitEthernet0/0/2.1] qinq termination pe-vid 100 ce-vid 10
[PE2-GigabitEthernet0/0/2.1] l2 binding vsi a2
[PE2-GigabitEthernet0/0/2.1] quit
Step 9 Specify an IP address for each VLANIF interface on CEs.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
198
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
# Configure CE1.
<HUAWEI> sysname CE1
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 255.255.255.0
[CE1-Vlanif10] quit
# Configure CE2.
<HUAWEI> sysname CE2
[CE2] interface vlanif 10
[CE2-Vlanif10] ip address 10.1.1.2 255.255.255.0
[CE2-Vlanif10] quit
Step 10 Verify the configuration.
After the configuration is complete, run the display vsi name a2 verbose command on PE1.
You can see that VSI a2 sets up a PW to PE2, and the status of the VSI is Up.
<PE1> display vsi name a2 verbose
***VSI Name
Administrator VSI
Isolate Spoken
VSI Index
PW Signaling
Member Discovery Style
PW MAC Learn Style
Encapsulation Type
MTU
Diffserv Mode
Mpls Exp
DomainId
Domain Name
Ignore AcState
P2P VSI
Create Time
VSI State
VSI ID
*Peer Router ID
primary or secondary
ignore-standby-state
VC Label
Peer Type
Session
Tunnel ID
Broadcast Tunnel ID
Broad BackupTunnel ID
CKey
NKey
StpEnable
PwIndex
Interface Name
State
Access port
Last Up Time
Total Up Time
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
a2
no
disable
0
ldp
static
unqualify
vlan
1500
uniform
-0
:
:
:
:
:
:
:
:
:
:
:
:
:
:
2
3.3.3.9
primary
no
23552
dynamic
up
0x20021,
0x20021
0x0
2
1
0
0
:
:
:
:
:
gigabitethernet0/0/1.1
up
false
2010/12/30 11:31:18
0 days, 0 hours, 1 minutes, 35 seconds
:
:
:
:
:
3.3.3.9
up
23552
23552
label
disable
disable
0 days, 0 hours, 5 minutes, 1 seconds
up
**PW Information:
*Peer Ip Address
PW State
Local VC Label
Remote VC Label
PW Type
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
199
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Tunnel ID
Broadcast Tunnel ID
Broad BackupTunnel ID
Ckey
Nkey
Main PW Token
Slave PW Token
Tnl Type
OutInterface
Backup OutInterface
Stp Enable
PW Last Up Time
PW Total Up Time
3 Ethernet
:
:
:
:
:
:
:
:
:
:
:
:
:
0x20021,
0x20021
0x0
0x2
0x1
0x20021
0x0
LSP
Vlan20
0
2010/12/30 11:32:03
0 days, 0 hours, 0 minutes, 50 seconds
CE1 (10.1.1.1) can ping CE2 (10.1.1.2) successfully.
<CE1> ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94
ms
ms
ms
ms
ms
--- 10.1.1.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 34/68/94 ms
----End
Configuration Files
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
l
Configuration file of CE2
#
sysname CE2
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
l
Configuration file of Switch1
#
sysname Switch1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
200
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
vlan batch 10
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 10
#
return
l
Configuration file of Switch2
#
sysname Switch2
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port hybrid untagged vlan 100
port vlan-stacking vlan 10 stack-vlan 100
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 100
#
return
l
Configuration file of PE1
#
sysname PE1
#
vlan batch 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
interface Vlanif20
ip address 168.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
qinq stacking vid 10 pe-vid 100
l2 binding vsi a2
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
201
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
network 1.1.1.9 0.0.0.0
network 168.1.1.0 0.0.0.255
#
return
l
Configuration file of P
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 168.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 169.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 168.1.1.0 0.0.0.255
network 169.1.1.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
return
l
Configuration file of PE2
#
sysname PE2
#
vlan batch 30
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.9
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
interface Vlanif30
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
202
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
ip address 169.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/2.1
qinq termination pe-vid 100 ce-vid 10
l2 binding vsi a2
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 169.1.1.0 0.0.0.255
#
return
3.5.14 Example for Configuring QinQ Stacking on a VLANIF
Interface
Networking Requirements
The management VLAN is deployed on the remote SwitchB and the VLAN ID of SwitchA is
the same as the management VLAN ID. However, the VLAN ID provided by the carrier is
different from the management VLAN ID. To remotely log in to the remote SwitchB on SwitchA,
you can configure VLAN stacking according to this example. As shown in Figure 3-29, SwitchA
is connected to the remote SwitchB through the third-party network. The management VLAN
is deployed on the remote SwitchB and the VLAN ID of SwitchA is the same as the management
VLAN ID. However, the VLAN ID provided by the carrier is different from the management
VLAN ID.
Figure 3-29 Networking diagram for configuring QinQ stacking on the VLANIF interface
20
10
GE0/0/2
IP
Internet
SwitchB
GE0/0/2
SwitchA GE0/0/1
10
IP
GE0/0/2
SwitchC
GE0/0/1
user1
VLAN 10
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
203
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
To remotely log in to the remote SwitchB for managing VLAN services on SwitchA, you can
configure QinQ stacking on the VLANIF interface corresponding to the management VLAN on
SwitchB.
NOTE
When configuring QinQ stacking on a VLANIF interface, ensure that the VLANIF interface corresponds
to the management VLAN. VLANIF interfaces corresponding to other VLANs do not support QinQ
stacking.
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure QinQ on SwitchA.
2.
Do as follows on the remote SwitchB:
a.
Create VLAN 10 and configure VLAN 10 as the management VLAN.
b.
Create a VLANIF interface on VLAN 10.
c.
Configure QinQ stacking on the VLANIF interface.
Procedure
Step 1 Configure SwitchC.
# Allow packets from VLAN 10 to pass through GE0/0/1 and GE0/0/2.
<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] vlan batch 10
[SwitchC] interface gigabitethernet
[SwitchC-GigabitEthernet0/0/1] port
[SwitchC-GigabitEthernet0/0/1] port
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface gigabitethernet
[SwitchC-GigabitEthernet0/0/2] port
[SwitchC-GigabitEthernet0/0/2] port
[SwitchC-GigabitEthernet0/0/2] quit
0/0/1
link-type hybrid
hybrid tagged vlan 10
0/0/2
link-type hybrid
hybrid tagged vlan 10
Step 2 Configure SwitchA.
# Configure QinQ so that the packets sent from SwitchA to the remote SwitchB carry double
tags.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 20
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] qinq
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] quit
0/0/1
link-type hybrid
vlan-translation enable
vlan-stacking vlan 10 stack-vlan 20
hybrid untagged vlan 20
0/0/2
link-type hybrid
hybrid tagged vlan 20
Step 3 Configure the remote SwitchB.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
204
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
# Permit packets from VLAN 20 to pass through GE0/0/2.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 10 20
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type hybrid
[SwitchB-GigabitEthernet0/0/2] port hybrid tagged vlan 10 20
[SwitchB-GigabitEthernet0/0/2] quit
# Configure QinQ stacking.
[SwitchB] vlan 10
[SwitchB-vlan10] management-vlan
[SwitchB-vlan10] quit
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] undo icmp host-unreachable send
[SwitchB-Vlanif10] qinq stacking vlan 20
[SwitchB-Vlanif10] ip address 10.10.10.1 24
[SwitchB-Vlanif10] quit
Step 4 Verify the configuration.
You can log in to the remote SwitchB for managing VLAN services on SwitchA.
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 20
#
interface GigabitEthernet0/0/1
qinq vlan-translation enable
port hybrid untagged vlan 20
port vlan-stacking vlan 10 stack-vlan 20
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 20
#
return
l
Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 10
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 10
#
return
l
Configuration file of the remote SwitchB
#
sysname SwitchB
#
vlan batch 10 20
#
vlan 10
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
205
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
management-vlan
#
interface Vlanif10
ip address 10.10.10.1 255.255.255.0
undo icmp host-unreachable send
qinq stacking vlan 20
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 10 20
#
return
3.6 GVRP Configuration
This chapter describes basic GVRP concepts, GVRP configuration procedures, and concludes
with a GVRP configuration example.
3.6.1 Example for Configuring GVRP
Networking Requirements
As shown in Figure 3-30, company A, a branch of company A, and company B are connected
using switches. To implement dynamic VLAN registration, enable GVRP. The branch of
company A can communicate with the headquarters using SwitchA and SwitchB. Company B
can communicate with company A using SwitchB and SwitchC. Interfaces connected to
company A allow only the VLAN to which company B belongs to pass.
Figure 3-30 Configuring GVRP
SwitchB
GE0/0/1
GE0/0/2
GE0/0/1 SwitchC
GE0/0/1
SwitchA
Company A
GE0/0/2
Branch of
company A
GE0/0/2
Company B
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable GVRP to implement dynamic VLAN registration.
2.
Configure GVRP on all switches of company A and set the registration mode to normal for
the interfaces to simplify configurations.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
206
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3.
3 Ethernet
Configure GVRP on all switches of company A and set the registration mode to fixed for
the interfaces connecting to company A to allow only the VLAN to which company B
belongs to pass.
Procedure
Step 1 Configure SwitchA.
# Enable GVRP globally.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] gvrp
# Set the link type of GE 0/0/1 and GE 0/0/2 to trunk and configure the interfaces to allow all
VLANs to pass through.
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] quit
0/0/1
link-type trunk
trunk allow-pass vlan all
0/0/2
link-type trunk
trunk allow-pass vlan all
# Enable GVRP and set the registration mode on the interfaces.
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/1] gvrp
[SwitchA-GigabitEthernet0/0/1] gvrp
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/2] gvrp
[SwitchA-GigabitEthernet0/0/2] gvrp
[SwitchA-GigabitEthernet0/0/2] quit
0/0/1
registration normal
0/0/2
registration normal
The configuration of SwitchB is similar to the configuration of SwitchA, and is not mentioned
here.
Step 2 Configure SwitchC.
# Create VLAN 101 to VLAN 200.
<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] vlan batch 101 to 200
# Enable GVRP globally.
[SwitchC] gvrp
# Set the link type of GE 0/0/1 and GE 0/0/2 to trunk and configure the interfaces to allow all
VLANs to pass through.
[SwitchC] interface gigabitethernet
[SwitchC-GigabitEthernet0/0/1] port
[SwitchC-GigabitEthernet0/0/1] port
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface gigabitethernet
[SwitchC-GigabitEthernet0/0/2] port
[SwitchC-GigabitEthernet0/0/2] port
[SwitchC-GigabitEthernet0/0/2] quit
0/0/1
link-type trunk
trunk allow-pass vlan all
0/0/2
link-type trunk
trunk allow-pass vlan all
# Enable GVRP and set the registration mode on the interfaces.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
207
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
[SwitchC] interface gigabitethernet
[SwitchC-GigabitEthernet0/0/1] gvrp
[SwitchC-GigabitEthernet0/0/1] gvrp
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface gigabitethernet
[SwitchC-GigabitEthernet0/0/2] gvrp
[SwitchC-GigabitEthernet0/0/2] gvrp
[SwitchC-GigabitEthernet0/0/2] quit
3 Ethernet
0/0/1
registration fixed
0/0/2
registration normal
Step 3 Verify the configuration.
After the configuration is complete, the branch of Company A can communicate with the
headquarters, and users of Company A in VLAN 101 to VLAN 200 can communicate with users
in Company B.
Run the display gvrp status command on SwitchA to check whether GVRP is enabled globally.
The following information is displayed:
<SwitchA> display gvrp status
Info:GVRP is enabled
Run the display gvrp statistics command on SwitchA to view GVRP statistics on GVRP
interfaces, including the GVRP state of each interface, number of GVRP registration failures,
source MAC address of the last GVRP PDU, and registration mode of each interface.
<SwitchA> display gvrp statistics
GVRP statistics on port GigabitEthernet0/0/1
GVRP status
: Enabled
GVRP registrations failed
: 0
GVRP last PDU origin
: 0000-0000-0000
GVRP registration type
: Normal
GVRP
GVRP
GVRP
GVRP
GVRP
statistics on port GigabitEthernet0/0/2
status
: Enabled
registrations failed
: 0
last PDU origin
: 0000-0000-0000
registration type
: Normal
Verify the configurations of SwitchB and SwitchC in the same way.
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
gvrp
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
208
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
gvrp
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
#
return
l
Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 101 to 200
#
gvrp
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
gvrp registration fixed
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
#
return
3.7 MAC Address Table Configuration
This chapter provides the basics for MAC address table configuration, configuration procedure,
and configuration examples.
3.7.1 Example for Configuring the MAC Address Table
Networking Requirements
As shown in Figure 3-31, the MAC address of the user host PC1 is 0002-0002-0002 and that
of the user host PC2 is 0003-0003-0003. PC1 and PC2 are connected to the Switch through the
LSW. The LSW is connected to GE0/0/1 of the Switch, which belongs to VLAN 2. The MAC
address of the server is 0004-0004-0004. The server is connected to GE0/0/2 of the Switch.
GE0/0/2 belongs to VLAN 2.
l
To prevent hackers from using MAC addresses to attack the network, configure two static
MAC address entries for each user host on the Switch.
l
To prevent hackers from stealing user information by forging the MAC address of the
server, configure a static MAC address entry on the Switch for the server.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
209
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-31 Configuring the MAC address table
Server
Network
Switch
MAC address: 4-4-4
GE0/0/2
GE0/0/1
LSW
PC1
PC2
MAC address: 2-2-2 MAC address: 3-3-3
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a VLAN and add an interface to the VLAN to implement Layer 2 forwarding.
2.
Configure static MAC address entries to prevent MAC address attacks.
3.
Configure the aging time of dynamic MAC address entries to update the entries.
Procedure
Step 1 Configure static MAC address entries.
# Create VLAN 2 and add GigabitEthernet0/0/1 and GigabitEthernet0/0/2 to VLAN 2.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan 2
[Switch-vlan2] quit
[Switch] interface gigabitethernet
[Switch-GigabitEthernet0/0/1] port
[Switch-GigabitEthernet0/0/1] port
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet
[Switch-GigabitEthernet0/0/2] port
[Switch-GigabitEthernet0/0/2] port
[Switch-GigabitEthernet0/0/2] quit
0/0/1
hybrid pvid vlan 2
hybrid untagged vlan 2
0/0/2
hybrid pvid vlan 2
hybrid untagged vlan 2
# Configure a static MAC address entry.
[Switch] mac-address static 2-2-2 GigabitEthernet 0/0/1 vlan 2
[Switch] mac-address static 3-3-3 GigabitEthernet 0/0/1 vlan 2
[Switch] mac-address static 4-4-4 GigabitEthernet 0/0/2 vlan 2
Step 2 Set the aging time of a dynamic MAC address entry.
[Switch] mac-address aging-time 500
Step 3 Verify the configuration.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
210
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
# Run the display mac-address static command in any view to check whether the static MAC
address entries are successfully added to the MAC address table.
[Switch] display mac-address static vlan 2
------------------------------------------------------------------------------MAC Address
VLAN/VSI
Learned-From
Type
------------------------------------------------------------------------------0002-0002-0002
2/GE0/0/1
static
0003-0003-0003
2/GE0/0/1
static
0004-0004-0004
2/GE0/0/2
static
------------------------------------------------------------------------------Total items displayed = 3
# Run the display mac-address aging-time command in any view to check whether the aging
time of dynamic entries is set successfully.
[Switch] display mac-address aging-time
Aging time: 500 second(s)
----End
Configuration Files
Configuration file of the Switch
#
sysname Switch
#
vlan batch 2
#
mac-address aging-time 500
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 2
port hybrid untagged vlan 2
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 2
port hybrid untagged vlan 2
#
mac-address static 0002-0002-0002 GigabitEthernet0/0/1 vlan 2
mac-address static 0003-0003-0003 GigabitEthernet0/0/1 vlan 2
mac-address static 0004-0004-0004 GigabitEthernet0/0/2 vlan 2
#
return
3.7.2 Example for Configuring MAC Address Learning in a VLAN
Networking Requirements
As shown in Figure 3-32, user network 1 is connected to Switch on the GigabitEthernet0/0/1
through an LSW. User network 2 is connected to Switch on the GigabitEthernet0/0/2 through
another LSW. Both GigabitEthernet0/0/1 and GigabitEthernet0/0/2 belong to VLAN 2. To
prevent MAC address attacks and limit the number of access users on the device, limit MAC
address learning on all the interfaces in VLAN 2.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
211
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-32 Networking diagram for MAC address limiting in a VLAN
Network
Switch
GE0/0/1
GE0/0/2
LSW
User
network 1
LSW
User
network 2
VLAN 2
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a VLAN and add an interface to the VLAN to implement Layer 2 forwarding.
2.
Limit MAC address learning on all the interfaces in the VLAN to prevent MAC address
attacks and limit the number of access users.
Procedure
Step 1 Limit MAC address learning.
# Add GigabitEthernet0/0/1 and GigabitEthernet0/0/2 to VLAN 2.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan 2
[Switch-vlan2] quit
[Switch] interface gigabitethernet
[Switch-GigabitEthernet0/0/1] port
[Switch-GigabitEthernet0/0/1] port
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet
[Switch-GigabitEthernet0/0/2] port
[Switch-GigabitEthernet0/0/2] port
[Switch-GigabitEthernet0/0/2] quit
0/0/1
hybrid pvid vlan 2
hybrid untagged vlan 2
0/0/2
hybrid pvid vlan 2
hybrid untagged vlan 2
# Configure the following MAC address limiting rule in VLAN 2: A maximum of 100 MAC
addresses can be learned. When the number of learned MAC addresses reaches the limit, the
device and sends an alarm.
[Switch] vlan 2
[Switch-vlan2] mac-limit maximum 100 alarm enable
[Switch-vlan2] quit
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
212
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Step 2 Verify the configuration.
# Run the display mac-limit command in any view to check whether the MAC address limiting
rule is successfully configured.
<Switch> display mac-limit
MAC Limit is enabled
Total MAC Limit rule count : 1
PORT
VLAN/VSI
SLOT Maximum Rate(ms) Action Alarm
---------------------------------------------------------------------------2
100
forward enable
----End
Configuration Files
The following lists only the configuration file of Switch.
#
sysname Switch
#
vlan batch 2
#
vlan 2
mac-limit maximum 100
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 2
port hybrid untagged vlan 2
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 2
port hybrid untagged vlan 2
#
return
3.7.3 Example for Configuring Port Security
Networking Requirements
As shown in Figure 3-33, a company wants to prevent computers of non-employees from
accessing the intranet of the company to protect information security. To achieve this goal, the
company needs to enable port security on the interface connected to computers of employees
and set the maximum number of MAC addresses learned by the interface to be the same as the
number of trusted computers.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
213
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-33 Network diagram of port security
Intranet
Switch
GE0/0/1
VLAN 10
SwitchA
PC1
PC2
PC3
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure a VLAN to implement Layer 2 forwarding.
2.
Configure port security to prevent the learned MAC addresses from aging.
Procedure
Step 1 Create a VLAN and set the link type of the interface.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan 10
[Switch-vlan10] quit
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type trunk
[Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
Step 2 Configure port security.
# Enable port security.
[Switch-GigabitEthernet0/0/1] port-security enable
# Enable the sticky MAC function.
[Switch-GigabitEthernet0/0/1] port-security mac-address sticky
# Configure the security protection action.
[Switch-GigabitEthernet0/0/1] port-security protect-action protect
# Set the limit on the number of MAC addresses that can be learned on the interface.
[Switch-GigabitEthernet0/0/1] port-security max-mac-num 4
[Switch-GigabitEthernet0/0/1] quit
To enable the port security function on other interfaces, repeat the preceding steps.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
214
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
NOTE
Assume that MAC addresses of four devices (three PCs and one access switch) connected to the Switch
have been learned. The maximum number of MAC addresses to be learned is 4.
Step 3 Verify the configuration.
If PC1 is replaced by another device, the device cannot access the intranet of the company.
----End
Configuration Files
Configuration file of the switch
#
sysname Switch
#
vlan batch 10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
port-security enable
port-security protect-action protect
port-security max-mac-num 4
port-security mac-address sticky
#
return
3.7.4 Example for Configuring MAC Address Anti-flapping
Networking Requirements
Employees of an enterprise need to access the enterprise server. If an attacker uses the server
MAC address as the source MAC address to send packets to another interface, the server MAC
address is learned on the interface. Packets sent to the server are sent to unauthorized users. In
this case, employees cannot access the server, and important data will be intercepted by the
attacker.
As shown in Figure 3-34, MAC address anti-flapping can be configured to protect the server
from attacks.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
215
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-34 Networking diagram of MAC address anti-flapping
Server
MAC:11-22-33
GE0/0/1
VLAN 10
Switch
GE0/0/2
PC4
MAC:11-22-33
LSW
PC1
PC2
PC3
VLAN10
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a VLAN and add an interface to the VLAN to implement Layer 2 forwarding.
2.
Configure MAC address anti-flapping on the server-side interface.
Procedure
Step 1 Create a VLAN and add the interfaces to the VLAN.
# Add GigabitEthernet0/0/1 and GigabitEthernet0/0/2 to VLAN 10.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan 10
[Switch-vlan10] quit
[Switch] interface gigabitethernet
[Switch-GigabitEthernet0/0/2] port
[Switch-GigabitEthernet0/0/2] port
[Switch-GigabitEthernet0/0/2] quit
[Switch] interface gigabitethernet
[Switch-GigabitEthernet0/0/1] port
[Switch-GigabitEthernet0/0/1] port
0/0/2
link-type trunk
trunk allow-pass vlan 10
0/0/1
hybrid pvid vlan 10
hybrid untagged vlan 10
Step 2 # Set the MAC address learning priority of GigabitEthernet0/0/1 to 2.
[Switch-GigabitEthernet0/0/1] mac-learning priority 2
[Switch-GigabitEthernet0/0/1] quit
Step 3 Verify the configuration.
# Run the display current-configuration command in any view to check whether the MAC
address learning priority of the interface is set correctly.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
216
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[Switch] display current-configuration interface gigabitethernet 0/0/1
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
mac-learning priority 2
#
return
----End
Configuration Files
Configuration file of the Switch
#
sysname Switch
#
vlan batch 10
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
mac-learning priority 2
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
return
3.7.5 Example for Configuring MAC Address Flapping Detection
Networking Requirements
As shown in Figure 3-35, a loop occurs on a user network because network cables between two
LSWs are incorrectly connected. The loop causes MAC address flapping and bridge table
flapping.
You can enable MAC address flapping detection on the Switch to detect MAC address flapping
and discover loops.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
217
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-35 Networking diagram of MAC address flapping detection
Network
Switch
GE0/0/1
GE0/0/2
LSW1
LSW2
Incorrect connection
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable MAC address flapping detection.
2.
Set the aging time of flapping MAC addresses.
3.
Configure the action performed on the interface when MAC address flapping is detected
on the interface to prevent loops.
Procedure
Step 1 Enable MAC address flapping detection.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] mac-address flapping detection
Step 2 Set the aging time of flapping MAC addresses.
[Switch] mac-address flapping aging-time 500
Step 3 Shut down GE0/0/1 and GE0/0/2 when MAC address flapping is detected.
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] mac-address flapping action error-down
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] mac-address flapping action error-down
[Switch-GigabitEthernet0/0/2] quit
Step 4 Configure automatic recovery and set the automatic recovery time for the shutdown interface.
[Switch] error-down auto-recovery cause mac-address-flapping interval 500
Step 5 Verify the configuration.
After the configuration is complete, when the MAC address on GE0/0/1 flaps to GE0/0/2,
GE0/0/2 is shut down. Run the display mac-address flapping record command to view the
flapping records.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
218
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
<Switch> display mac-address flapping record
S : start time
E : end time
(Q) : quit vlan
(D) : error down
------------------------------------------------------------------------------Move-Time
VLAN MAC-Address
Original-Port
Move-Ports
MoveNum
------------------------------------------------------------------------------S:2012-04-01 17:22:36
1
0000-0000-0007 GE0/0/1
GE0/0/2(D)
83
E:2012-04-01 17:22:44
------------------------------------------------------------------------------Total items on slot 0: 1
----End
Configuration Files
Configuration file of the Switch
#
sysname Switch
#
error-down auto-recovery cause mac-address-flapping interval 500
#
mac-address flapping aging-time 500
#
interface GigabitEthernet0/0/1
mac-address flapping action error-down
#
interface GigabitEthernet0/0/2
mac-address flapping action error-down
#
return
3.8 STP/RSTP Configuration
This chapter describes the concepts and configuration procedure of STP/RSTP, and provides
configuration examples.
3.8.1 Example for Configuring Basic STP Functions
Networking Requirements
Network designers tend to deploy multiple physical links between two devices (one link is the
master and the others are backups) to fulfill network redundancy requirements. Loops are bound
to occur on such types of complex networks.
Loops will cause broadcast storms, which exhaust network resources and paralyze the network.
Loops also cause MAC address flapping that damages MAC address entries.
STP can be deployed on a network to eliminate loops by blocking some ports. On the network
shown in Figure 3-36, after SwitchA, SwitchB, SwitchC, and SwitchD running STP discover
loops by exchanging information, they trim the ring topology into a loop-free tree topology by
blocking a certain port. STP prevents replication and circular propagation of packets on the
network and the release the switching devices from processing duplicate packets, improving
their processing performance.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
219
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-36 Configuring basic STP functions
Network
GE0/0/3
SwitchD
GE0/0/3
Root
GE0/0/1 GE0/0/1
Bridge
GE0/0/2 SwitchA
GE0/0/2
STP
GE0/0/3
GE0/0/3
SwitchC
GE0/0/1
SwitchB
GE0/0/1
GE0/0/2
GE0/0/2
PC1
PC2
Blocked port
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure basic STP functions, including:
a.
Configure the STP mode for the ring network.
b.
Configure primary and secondary root bridges.
c.
Set path costs for ports to block certain ports.
d.
Enable STP to eliminate loops.
NOTE
STP is not required on the interfaces connected to terminals because these interfaces do not
need to participate in STP calculation.
Procedure
Step 1 Configure basic STP functions.
1.
Configure the STP mode for the devices on the ring network.
# Configure the STP mode on SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] stp mode stp
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
220
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
# Configure the STP mode on SwitchB.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] stp mode stp
# Configure the STP mode on SwitchC.
<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] stp mode stp
# Configure the STP mode on SwitchD.
<HUAWEI> system-view
[HUAWEI] sysname SwitchD
[SwitchD] stp mode stp
2.
Configure primary and secondary root bridges.
# Configure SwitchA as a primary root bridge.
[SwitchA] stp root primary
# Configure SwitchD as a secondary root bridge.
[SwitchD] stp root secondary
3.
Set path costs for ports in each spanning tree to block certain ports.
NOTE
l The values of path costs depend on the path-cost calculation method. Huawei calculation method
is used in this example, and the path cost of the blocked port is set to 20000 (the highest value
in the range).
l All switching devices on a network must use the same path cost calculation method.
# On Switch A, configure the path cost calculation method as the Huawei calculation
method.
[SwitchA] stp pathcost-standard legacy
# On Switch B, configure the path cost calculation method as the Huawei calculation
method.
[SwitchB] stp pathcost-standard legacy
# Set the path cost of GigabitEthernet0/0/1 on SwitchC to 20000.
[SwitchC] stp pathcost-standard legacy
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] stp cost 20000
[SwitchC-GigabitEthernet0/0/1] quit
# On SwitchD, configure the path cost calculation method as the Huawei calculation
method.
[SwitchD] stp pathcost-standard legacy
4.
Enable STP to eliminate loops.
l Disable STP on interfaces connected to PCs.
# Disable STP on GigabitEthernet 0/0/2 on SwitchB.
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] stp disable
[SwitchB-GigabitEthernet0/0/2] quit
# Disable STP on GigabitEthernet 0/0/2 on SwitchC.
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] stp disable
[SwitchC-GigabitEthernet0/0/2] quit
l Enable STP globally.
# Enable STP globally on SwitchA.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
221
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[SwitchA] stp enable
# Enable STP globally on SwitchB.
[SwitchB] stp enable
# Enable STP globally on SwitchC.
[SwitchC] stp enable
# Enable STP globally on SwitchD.
[SwitchD] stp enable
Step 2 Verify the configuration.
After the previous configurations, run the following commands to verify the configuration when
the network is stable:
# Run the display stp brief command on SwitchA to view the interface status and protection
type. The displayed information is as follows:
[SwitchA] display stp brief
MSTID Port
0
GigabitEthernet0/0/1
0
GigabitEthernet0/0/2
Role
DESI
DESI
STP State
FORWARDING
FORWARDING
Protection
NONE
NONE
After SwitchA is configured as a root bridge, GigabitEthernet 0/0/2 and GigabitEthernet 0/0/1
connected to SwitchB and SwitchD respectively are elected as designated ports in spanning tree
calculation.
# Run the display stp interface gigabitethernet 0/0/1 brief command on SwitchB to view status
of GigabitEthernet 0/0/1. The displayed information is as follows:
[SwitchB] display stp interface gigabitethernet 0/0/1 brief
MSTID Port
Role STP State
Protection
0
GigabitEthernet0/0/1
DESI FORWARDING
NONE
GigabitEthernet 0/0/1 is elected as a designated port in spanning tree calculation and is in the
Forwarding state.
# Run the display stp brief command on SwitchC to view the interface status and protection
type. The displayed information is as follows:
[SwitchC] display stp brief
MSTID Port
0
GigabitEthernet0/0/1
0
GigabitEthernet0/0/3
Role
ALTE
ROOT
STP State
DISCARDING
FORWARDING
Protection
NONE
NONE
GigabitEthernet 0/0/3 is elected as a root port in spanning tree calculation and is in the
Forwarding state.
GigabitEthernet 0/0/1 is elected as an alternate port in spanning tree calculation and is in the
Discarding state.
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
stp mode stp
stp instance 0 root primary
stp pathcost-standard legacy
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
222
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
stp enable
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
stp mode stp
stp pathcost-standard legacy
stp enable
#
interface GigabitEthernet0/0/2
stp disable
#
return
l
Configuration file of SwitchC
#
sysname SwitchC
#
stp mode stp
stp pathcost-standard legacy
stp enable
#
interface GigabitEthernet0/0/1
stp instance 0 cost 20000
#
interface GigabitEthernet0/0/2
stp disable
#
return
l
Configuration file of SwitchD
#
sysname SwitchD
#
stp mode stp
stp instance 0 root secondary
stp pathcost-standard legacy
stp enable
#
return
3.8.2 Example for Configuring Basic RSTP Functions
Networking Requirements
On a complex network, loops are inevitable. With the requirement for network redundancy
backup, network designers tend to deploy multiple physical links between two devices, one of
which is the master and the others are the backup. Loops are likely or bound to occur in such a
situation.
Loops will cause broadcast storms, thereby exhausting network resources and paralyzing the
network. Loops also cause flapping of MAC address tables and damage MAC address entries.
RSTP can be deployed on a network to eliminate loops by blocking some ports. On the network
shown in Figure 3-37, after SwitchA, SwitchB, SwitchC, and SwitchD running RSTP discover
loops on the network by exchanging information with each other, they trim the ring topology
into a loop-free tree topology by blocking a certain port. In this manner, replication and circular
propagation of packets are prevented on the network and the switching devices are released from
processing duplicated packets, thereby improving their processing performance.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
223
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-37 Configuring basic RSTP configurations
Network
GE0/0/3
SwitchD
GE0/0/3
Root
GE0/0/1 GE0/0/1
Bridge
GE0/0/2 SwitchA
GE0/0/2
RSTP
GE0/0/3
GE0/0/3
SwitchC
GE0/0/1
SwitchB
GE0/0/1
GE0/0/2
GE0/0/2
PC1
PC2
Blocked port
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure basic RSTP functions, including:
a.
Configure the RSTP mode for the ring network.
b.
Configure primary and secondary root bridges.
c.
Set path costs for ports in each MSTI to block certain ports.
d.
Enable RSTP to eliminate loops.
NOTE
The port connected to the PC does not participate in RSTP calculation, so it is configured as
an edge port and BPDU filter port.
2.
Configure RSTP protection functions, for example, root protection on a designated port of
a root bridge in each MSTI.
Procedure
Step 1 Configure basic RSTP functions.
1.
Configure the RSTP mode for the devices on the ring network.
# Configure the RSTP mode on SwitchA.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
224
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] stp mode rstp
# Configure the RSTP mode on SwitchB.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] stp mode rstp
# Configure the RSTP mode on SwitchC.
<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] stp mode rstp
# Configure the RSTP mode on SwitchD.
<HUAWEI> system-view
[HUAWEI] sysname SwitchD
[SwitchD] stp mode rstp
2.
Configure primary and secondary root bridges.
# Configure SwitchA as a primary root bridge.
[SwitchA] stp root primary
# Configure SwitchD as a secondary root bridge.
[SwitchD] stp root secondary
3.
Set path costs for ports in each MSTI to block certain ports.
NOTE
l The values of path costs depend on path cost calculation methods. Use the Huawei calculation
method as an example to set the path costs of the ports to be blocked to 20000.
l All switching devices on a network must use the same path cost calculation method.
# On Switch A, configure the path cost calculation method as the Huawei calculation
method.
[SwitchA] stp pathcost-standard legacy
# On Switch B, configure the path cost calculation method as the Huawei calculation
method.
[SwitchB] stp pathcost-standard legacy
# Set the path cost of GigabitEthernet0/0/1 on SwitchC to 20000.
[SwitchC] stp pathcost-standard legacy
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] stp cost 20000
[SwitchC-GigabitEthernet0/0/1] quit
# On SwitchD, configure the path cost calculation method as the Huawei calculation
method.
[SwitchD] stp pathcost-standard legacy
4.
Enable RSTP to eliminate loops.
l Configure the port connected to the PC as an edge port and BPDU filter port.
# Configure GigabitEthernet0/0/2 on SwitchB as an edge port and BPDU filter port.
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] stp edged-port enable
[SwitchB-GigabitEthernet0/0/2] stp bpdu-filter enable
[SwitchB-GigabitEthernet0/0/2] quit
# Configure GigabitEthernet0/0/2 on SwitchC as an edge port and BPDU filter port.
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] stp edged-port enable
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
225
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[SwitchC-GigabitEthernet0/0/2] stp bpdu-filter enable
[SwitchC-GigabitEthernet0/0/2] quit
l Enable RSTP globally.
# Enable RSTP globally on SwitchA.
[SwitchA] stp enable
# Enable RSTP globally on SwitchB.
[SwitchB] stp enable
# Enable RSTP globally on SwitchC.
[SwitchC] stp enable
# Enable RSTP globally on SwitchD.
[SwitchD] stp enable
Step 2 Configure RSTP protection functions, for example, root protection on a designated port of a root
bridge in each MSTI.
# Enable root protection on GE 0/0/1 on SwitchA.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] stp root-protection
[SwitchA-GigabitEthernet0/0/1] quit
# Enable root protection on GE 0/0/2 on SwitchA.
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] stp root-protection
[SwitchA-GigabitEthernet0/0/2] quit
Step 3 Verify the configuration.
After the previous configurations, run the following commands to verify the configuration when
the network is stable:
# Run the display stp brief command on SwitchA to view the interface status and protection
type. The displayed information is as follows:
[SwitchA] display stp brief
MSTID Port
0
GigabitEthernet0/0/1
0
GigabitEthernet0/0/2
Role
DESI
DESI
STP State
FORWARDING
FORWARDING
Protection
ROOT
ROOT
After SwitchA is configured as a root bridge, GigabitEthernet0/0/2 and GigabitEthernet0/0/1
connected to SwitchB and SwitchD respectively are elected as designated ports in spanning tree
calculation. The root protection function is enabled on the designated ports.
# Run the display stp interface gigabitethernet 0/0/1 brief command on SwitchB to view status
of GigabitEthernet0/0/1. The displayed information is as follows:
[SwitchB] display stp interface gigabitethernet 0/0/1 brief
MSTID Port
Role STP State
Protection
0
GigabitEthernet0/0/1
DESI FORWARDING
NONE
GigabitEthernet0/0/1 is elected as a designated port in spanning tree calculation and is in the
Forwarding state.
# Run the display stp brief command on SwitchC to view the interface status and protection
type. The displayed information is as follows:
[SwitchC] display stp brief
MSTID Port
Issue 04 (2013-11-06)
Role
STP State
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Protection
226
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
0
0
GigabitEthernet0/0/1
GigabitEthernet0/0/3
3 Ethernet
ALTE
ROOT
DISCARDING
FORWARDING
NONE
NONE
GE0/0/1 is elected as an alternate port in spanning tree calculation and is in the Discarding state.
GE0/0/3 is elected as a root port in spanning tree calculation and is in the Forwarding state.
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
stp mode rstp
stp instance 0 root primary
stp pathcost-standard legacy
stp enable
#
interface GigabitEthernet0/0/1
stp root-protection
#
interface GigabitEthernet0/0/2
stp root-protection
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
stp mode rstp
stp pathcost-standard legacy
stp enable
#
interface GigabitEthernet0/0/2
stp bpdu-filter enable
stp edged-port enable
#
return
l
Configuration file of SwitchC
#
sysname SwitchC
#
stp mode rstp
stp pathcost-standard legacy
stp enable
#
interface GigabitEthernet0/0/1
stp instance 0 cost 20000
#
interface GigabitEthernet0/0/2
stp bpdu-filter enable
stp edged-port enable
#
return
l
Configuration file of SwitchD
#
sysname SwitchD
#
stp mode rstp
stp instance 0 root secondary
stp pathcost-standard legacy
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
227
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
stp enable
#
return
3.9 MSTP Configuration
This chapter describes the concepts and configuration procedure of MSTP, and provides
configuration examples.
3.9.1 Example for Configuring MSTP
Networking Requirements
On a complex network, to implement redundancy, network designers tend to deploy multiple
physical links between two devices, one of which is the master and the others are the backup.
Loops occur, causing broadcast storms or damaging MAC addresses. After the network designer
plans a network, you can deploy MSTP on the network to prevent loops. MSTP blocks redundant
links and prunes a network into a tree topology free from loops.
As shown in Figure 3-38,SwitchA, SwitchB, SwitchC, and SwitchD run MSTP. to load balance
traffic from VLANs 2 to 10 and VLANs 11 to 20, use MSTP multi-instance. You can configure
a VLAN mapping table to associate VLANs with MSTIs.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
228
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-38 Networking diagram of MSTP configuration
Network
RG1
GE0/0/2
GE0/0/2
SwitchA
GE0/0/1
SwitchB
GE0/0/1
GE0/0/3
GE0/0/2
SwitchC
GE0/0/3
SwitchD
GE0/0/2
GE0/0/1
GE0/0/1
VLAN2~10
VLAN11~20
MSTI1
MSTI2
MSTI1:
Root Switch:SwitchA
Blocked port
MSTI2:
Root Switch:SwitchB
Blocked port
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure basic MSTP functions on the switching device on the ring network.
2.
Configure protection functions to protect devices or links. You can configure root
protection on the designated port of the root bridge.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
229
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3.
3 Ethernet
Configure Layer 2 forwarding.
Procedure
Step 1 Configure basic MSTP functions.
1.
Configure SwitchA, SwitchB, SwitchC, and SwitchD in the same MST region named
RG1 and create MSTI 1 and MSTI 2.
NOTE
Two switching devices belong to the same MST region when they have the same:
l Name of the MST region
l Mapping between VLANs and MSTIs
l Revision level of the MST region
# Configure an MST region on SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name RG1
[SwitchA-mst-region] instance 1 vlan 2 to 10
[SwitchA-mst-region] instance 2 vlan 11 to 20
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
# Configure an MST region on SwitchB.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] stp region-configuration
[SwitchB-mst-region] region-name RG1
[SwitchB-mst-region] instance 1 vlan 2 to 10
[SwitchB-mst-region] instance 2 vlan 11 to 20
[SwitchB-mst-region] active region-configuration
[SwitchB-mst-region] quit
# Configure an MST region on SwitchC.
<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] stp region-configuration
[SwitchC-mst-region] region-name RG1
[SwitchC-mst-region] instance 1 vlan 2 to 10
[SwitchC-mst-region] instance 2 vlan 11 to 20
[SwitchC-mst-region] active region-configuration
[SwitchC-mst-region] quit
# Configure an MST region on SwitchD.
<HUAWEI> system-view
[HUAWEI] sysname SwitchD
[SwitchD] stp region-configuration
[SwitchD-mst-region] region-name RG1
[SwitchD-mst-region] instance 1 vlan 2 to 10
[SwitchD-mst-region] instance 2 vlan 11 to 20
[SwitchD-mst-region] active region-configuration
[SwitchD-mst-region] quit
2.
In the MST region RG1, configure the root bridge and secondary root bridge in MSTI 1
and MSTI 2.
l Configure the root bridge and secondary root bridge in MSTI 1.
# Configure SwitchA as the root bridge in MSTI 1.
[SwitchA] stp instance 1 root primary
# Configure SwitchB as the secondary root bridge in MSTI 1.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
230
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[SwitchB] stp instance 1 root secondary
l Configure the root bridge and secondary root bridge in MSTI 2.
# Configure SwitchB as the root bridge in MSTI 2.
[SwitchB] stp instance 2 root primary
# Configure SwitchA as the secondary root bridge in MSTI 2.
[SwitchA] stp instance 2 root secondary
3.
Set the path costs of the ports to be blocked in MSTI 1 and MSTI 2 to be greater than the
default value.
NOTE
l The values of path costs depend on path cost calculation methods. This example uses the Huawei
calculation method as an example to set the path costs of the ports to be blocked to 20000.
l All switching devices on a network must use the same path cost calculation method.
# Configure SwitchA to use Huawei calculation method to calculate the path cost.
[SwitchA] stp pathcost-standard legacy
# Configure SwitchB to use Huawei calculation method to calculate the path cost.
[SwitchB] stp pathcost-standard legacy
# Configure SwitchC to use Huawei calculation method to calculate the path cost, and set
the path cost of GE0/0/2 in MSTI 2 to 20000.
[SwitchC] stp pathcost-standard legacy
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] stp instance 2 cost 20000
[SwitchC-GigabitEthernet0/0/2] quit
# Configure SwitchD to use Huawei calculation method to calculate the path cost, and set
the path cost of GE0/0/2 in MSTI 1 to 20000.
[SwitchD] stp pathcost-standard legacy
[SwitchD] interface gigabitethernet 0/0/2
[SwitchD-GigabitEthernet0/0/2] stp instance 1 cost 20000
[SwitchD-GigabitEthernet0/0/2] quit
4.
Enable MSTP to eliminate loops.
l Enable MSTP globally.
# Enable MSTP on SwitchA.
[SwitchA] stp enable
# Enable MSTP on SwitchB.
[SwitchB] stp enable
# Enable MSTP on SwitchC.
[SwitchC] stp enable
# Enable MSTP on SwitchD.
[SwitchD] stp enable
l Disable MSTP on the interface connected to the terminal.
# Disable STP on GE0/0/1 of SwitchC.
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] stp disable
[SwitchC-GigabitEthernet0/0/1] quit
# Disable STP on GE0/0/1 of SwitchD.
[SwitchD] interface gigabitethernet 0/0/1
[SwitchD-GigabitEthernet0/0/1] stp disable
[SwitchD-GigabitEthernet0/0/1] quit
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
231
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Step 2 Configure root protection on the designated port of the root bridge.
# Enable root protection on GE0/0/1 of SwitchA.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] stp root-protection
[SwitchA-GigabitEthernet0/0/1] quit
# Enable root protection on GE0/0/1 of SwitchB.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] stp root-protection
[SwitchB-GigabitEthernet0/0/1] quit
Step 3 Configure Layer 2 forwarding on devices on the ring network.
l Create VLANs 2 to 20 on SwitchA, SwitchB, SwitchC, and SwitchD.
# Create VLANs 2 to 20 on SwitchA.
[SwitchA] vlan batch 2 to 20
# Create VLANs 2 to 20 on SwitchB.
[SwitchB] vlan batch 2 to 20
# Create VLANs 2 to 20 on SwitchC.
[SwitchC] vlan batch 2 to 20
# Create VLANs 2 to 20 on SwitchD.
[SwitchD] vlan batch 2 to 20
l Add ports on switching devices to VLANs.
# Add GE0/0/1 on SwitchA to a VLAN.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 2 to 20
[SwitchA-GigabitEthernet0/0/1] quit
# Add GE0/0/2 on SwitchA to a VLAN.
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 to 20
[SwitchA-GigabitEthernet0/0/2] quit
# Add GE0/0/1 on SwitchB to a VLAN.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type trunk
[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 2 to 20
[SwitchB-GigabitEthernet0/0/1] quit
# Add GE0/0/2 on SwitchB to a VLAN.
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type trunk
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 to 20
[SwitchB-GigabitEthernet0/0/2] quit
# Add GE0/0/1 on SwitchC to a VLAN.
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] port link-type access
[SwitchC-GigabitEthernet0/0/1] port default vlan 2
[SwitchC-GigabitEthernet0/0/1] quit
# Add GE0/0/2 on SwitchC to a VLAN.
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] port link-type trunk
[SwitchC-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 to 20
[SwitchC-GigabitEthernet0/0/2] quit
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
232
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
# Add GE0/0/3 on SwitchC to a VLAN.
[SwitchC] interface gigabitethernet 0/0/3
[SwitchC-GigabitEthernet0/0/3] port link-type trunk
[SwitchC-GigabitEthernet0/0/3] port trunk allow-pass vlan 2 to 20
[SwitchC-GigabitEthernet0/0/3] quit
# Add GE0/0/1 on SwitchD to a VLAN.
[SwitchD] interface gigabitethernet 0/0/1
[SwitchD-GigabitEthernet0/0/1] port link-type access
[SwitchD-GigabitEthernet0/0/1] port default vlan 11
[SwitchD-GigabitEthernet0/0/1] quit
# Add GE0/0/2 on SwitchD to a VLAN.
[SwitchD] interface gigabitethernet 0/0/2
[SwitchD-GigabitEthernet0/0/2] port link-type trunk
[SwitchD-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 to 20
[SwitchD-GigabitEthernet0/0/2] quit
# Add GE0/0/3 on SwitchD to a VLAN.
[SwitchD] interface gigabitethernet 0/0/3
[SwitchD-GigabitEthernet0/0/3] port link-type trunk
[SwitchD-GigabitEthernet0/0/3] port trunk allow-pass vlan 2 to 20
[SwitchD-GigabitEthernet0/0/3] quit
Step 4 Verify the configuration.
After the preceding configurations are complete and the network topology becomes stable,
perform the following operations to verify the configuration.
NOTE
MSTI 1 and MSTI 2 are used as examples. You do not need to focus on the interface status in MSTI 0.
# Run the display stp brief command on SwitchA to view the status and protection type on the
ports. The displayed information is as follows:
[SwitchA] display stp brief
MSTID Port
0
0
1
1
2
2
GigabitEthernet0/0/1
GigabitEthernet0/0/2
GigabitEthernet0/0/1
GigabitEthernet0/0/2
GigabitEthernet0/0/1
GigabitEthernet0/0/2
Role
STP State
Protection
DESI
DESI
DESI
DESI
DESI
ROOT
FORWARDING
FORWARDING
FORWARDING
FORWARDING
FORWARDING
FORWARDING
ROOT
NONE
ROOT
NONE
ROOT
NONE
In MSTI 1, GE0/0/1 and GE0/0/2 are designated ports because SwitchA is the root bridge. In
MSTI 2, GE0/0/1 on SwitchA is the designated port and GE0/0/2 is the root port.
# Run the display stp brief command on SwitchB. The displayed information is as follows:
[SwitchB] display stp brief
MSTID Port
0
GigabitEthernet0/0/1
0
GigabitEthernet0/0/2
1
GigabitEthernet0/0/1
1
GigabitEthernet0/0/2
2
GigabitEthernet0/0/1
2
GigabitEthernet0/0/2
Role
DESI
ROOT
DESI
ROOT
DESI
DESI
STP State
FORWARDING
FORWARDING
FORWARDING
FORWARDING
FORWARDING
FORWARDING
Protection
ROOT
NONE
ROOT
NONE
ROOT
NONE
In MSTI 2, GE0/0/1 and GE0/0/2 are designated ports because SwitchB is the root bridge. In
MSTI 1, GE0/0/1 on SwitchB is the designated port and GE0/0/2 is the root port.
# Run the display stp interface brief commands on SwitchC. The displayed information is as
follows:
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
233
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[SwitchC] display stp interface gigabitethernet 0/0/3 brief
MSTID Port
Role STP State
Protection
0
GigabitEthernet0/0/3
ROOT FORWARDING
NONE
1
GigabitEthernet0/0/3
ROOT FORWARDING
NONE
2
GigabitEthernet0/0/3
ROOT FORWARDING
NONE
[SwitchC] display stp interface gigabitethernet 0/0/2 brief
MSTID Port
Role STP State
Protection
0
GigabitEthernet0/0/2
DESI FORWARDING
NONE
1
GigabitEthernet0/0/2
DESI FORWARDING
NONE
2
GigabitEthernet0/0/2
ALTE DISCARDING
NONE
GE0/0/3 on SwitchC is the root port in MSTI 1 and MSTI 2. GE0/0/2 on SwitchC is the
designated port in MSTI 1 but is blocked in MSTI 2.
# Run the display stp interface brief commands on SwitchD. The displayed information is as
follows:
[SwitchD] display stp interface gigabitethernet 0/0/3 brief
MSTID Port
Role STP State
Protection
0
GigabitEthernet0/0/3
ALTE DISCARDING
NONE
1
GigabitEthernet0/0/3
ROOT FORWARDING
NONE
2
GigabitEthernet0/0/3
ROOT FORWARDING
NONE
[SwitchD] display stp interface gigabitethernet 0/0/2 brief
MSTID Port
Role STP State
Protection
0
GigabitEthernet0/0/2
ROOT FORWARDING
NONE
1
GigabitEthernet0/0/2
ALTE DISCARDING
NONE
2
GigabitEthernet0/0/2
DESI FORWARDING
NONE
GE0/0/3 on SwitchD is the root port in MSTI 1 and MSTI 2. GE0/0/2 on SwitchD is the blocked
port in MSTI 1 and is the designated port in MSTI 2.
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 2 to 20
#
stp instance 1 root primary
stp instance 2 root secondary
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 20
stp root-protection
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 20
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
234
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
vlan batch 2 to 20
#
stp instance 1 root secondary
stp instance 2 root primary
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 20
stp root-protection
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 20
#
return
l
Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 2 to 20
#
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 20
stp instance 2 cost 20000
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 20
#
return
l
Configuration file of SwitchD
#
sysname SwitchD
#
vlan batch 2 to 20
#
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
235
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 11
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 20
stp instance 1 cost 20000
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 20
#
return
3.9.2 Example for Configuring MSTP + VRRP Network
Networking Requirements
As shown in Figure 3-39, hosts connect to Switch C, and Switch C connects to the Internet
through Switch A and Switch B. To improve access reliability, the user configures redundant
links. The redundant links causes a network loop, which leads to broadcast storm and destroy
MAC address entries.
It is required that the network loop be prevented when redundant links are deployed, traffic be
switched to another link when one link is broken, and network bandwidth be effectively used.
MSTP can be configured on the network to prevent loops. MSTP blocks redundant links and
prunes a network into a tree topology free from loops. In addition, VRRP needs to be configured
on Switch A and Switch B. Host A connects to the Internet by using Switch A as the default
gateway and Switch B as the secondary gateway. Host B connects to the Internet by using Switch
B as the default gateway and Switch A as the secondary gateway. Traffic is thus load balanced
and communication reliability is improved.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
236
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-39 MSTP + VRRP network
VRRP VRID 1
Virtual IP Address:
10.1.2.100
HostA
VLAN2
10.1.2.101/24
/2
SwitchC
0
GE
3
/0/
HostB
VLAN3
10.1.3.101/24
VLAN2
0
GE
1
/0/
GE
0/0
/
MSTP
4
GE0/0/2
GE0/0/2
GE
0/0
SwitchA
VRID 1:Master
VRID 2:Backup
/1
GE
0/0
0/0
E
G
/
Internet
GE
0/0
/0 /3
GE0
/1
SwitchB
VRID 1:Backup
VRRP VRID 2
VRID 2:Master
Virtual IP Address:
10.1.3.100
MSTI1
MSTI1:
VLAN3
RouterB
MSTI2
MSTI2:
Root Switch:SwitchA
Blocked port
Root Switch:SwitchB
Blocked port
Device
Interface
VLANIF Interface
IP Address
SwitchA
GE0/0/1 and
GE0/0/2
VLANIF 2
10.1.2.102/24
GE0/0/1 and
GE0/0/2
VLANIF 3
10.1.3.102/24
GE0/0/3
VLANIF 4
10.1.4.102/24
GE0/0/1 and
GE0/0/2
VLANIF 2
10.1.2.103/24
GE0/0/1 and
GE0/0/2
VLANIF 3
10.1.3.103/24
GE0/0/3
VLANIF 5
10.1.5.103/24
SwitchB
Issue 04 (2013-11-06)
RouterA
3
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
237
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure basic MSTP on the switches, including:
a.
Configure MST and create multi-instance, map VLAN 2 to MSTI1, and map VLAN
3 to MSTI2 to load balance traffic.
b.
Configure the root bridge and backup bridge in the MST region.
c.
Configure the path cost on an interface so that the interface can be blocked.
d.
Enable MSTP to prevent loops:
l Enable MSTP globally.
l Enable MSTP on all interfaces except the interfaces connecting to hosts.
NOTE
The interfaces connecting to hosts do not participate in MSTP calculation.
2.
Enable the protection function to protect devices or links. For example, enable the
protection function on the root bridge of each instance to protect roots.
3.
Configure Layer 2 forwarding.
4.
Assign an IP address to each interface and configure the routing protocol on each device
to ensure network connectivity.
NOTE
SwitchA and SwitchB must support VRRP and OSPF. For details about models supporting VRRP
and OSPF, see relevant documentation.
5.
Create VRRP group 1 and VRRP group 2 on Switch A and Switch B. Configure Switch A
as the master device and Switch B as the backup device of VRRP group 1. Configure Switch
B as the master device and Switch A as the backup device of VRRP group 2.
Procedure
Step 1 Configure basic MSTP functions.
1.
Add Switch A, Switch B, and Switch C to region RG1, and create instances MSTI1 and
MSTI2.
# Configure an MST region on Switch A.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name RG1
[SwitchA-mst-region] instance 1 vlan 2
[SwitchA-mst-region] instance 2 vlan 3
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
# Configure an MST region on Switch B.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] stp region-configuration
[SwitchB-mst-region] region-name RG1
[SwitchB-mst-region] instance 1 vlan 2
[SwitchB-mst-region] instance 2 vlan 3
[SwitchB-mst-region] active region-configuration
[SwitchB-mst-region] quit
# Configure an MST region on Switch C.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
238
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] stp region-configuration
[SwitchC-mst-region] region-name RG1
[SwitchC-mst-region] instance 1 vlan 2
[SwitchC-mst-region] instance 2 vlan 3
[SwitchC-mst-region] active region-configuration
[SwitchC-mst-region] quit
2.
Configure the root bridges and backup bridges for MSTI1 and MSTI2 in RG1.
l Configure the root bridge and backup bridge for MSTI1.
# Set Switch A as the root bridge of MSTI1.
[SwitchA] stp instance 1 root primary
# Set Switch B as the backup bridge of MSTI1.
[SwitchB] stp instance 1 root secondary
l Configure the root bridge and backup bridge for MSTI2.
# Set Switch B as the root bridge of MSTI2.
[SwitchB] stp instance 2 root primary
# Set Switch A as the backup bridge of MSTI2.
[SwitchA] stp instance 2 root secondary
3.
Set the path costs of the interfaces that you want to block on MSTI1 and MSTI2 to be
greater than the default value.
NOTE
l The path cost range is decided by the calculation method. The Huawei calculation method is used
as an example. Set the path costs of the interfaces to 20000.
l The switches on the same network must use the same calculation method to calculate path costs.
# Set the path cost calculation method on Switch A to Huawei calculation method.
[SwitchA] stp pathcost-standard legacy
# Set the path cost calculation method on Switch B to Huawei calculation method.
[SwitchB] stp pathcost-standard legacy
# Set the path cost calculation method on Switch C to Huawei calculation method. Set the
path cost of GE0/0/1 in MSTI2 to 20000; set the path cost of GE0/0/4 in MSTI1 to 20000.
[SwitchC] stp pathcost-standard legacy
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] stp instance 2 cost 20000
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface gigabitethernet 0/0/4
[SwitchC-GigabitEthernet0/0/4] stp instance 1 cost 20000
[SwitchC-GigabitEthernet0/0/4] quit
4.
Enable MSTP to prevent loops.
l Enable MSTP globally.
# Enable MSTP on Switch A.
[SwitchA] stp enable
# Enable MSTP on Switch B.
[SwitchB] stp enable
# Enable MSTP on Switch C.
[SwitchC] stp enable
l Disable MSTP on the interfaces connecting to hosts.
# Disable STP on GE0/0/2 and GE0/0/3 of Switch C.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
239
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] stp disable
[SwitchC-GigabitEthernet0/0/2] quit
[SwitchC] interface gigabitethernet 0/0/3
[SwitchC-GigabitEthernet0/0/3] stp disable
[SwitchC-GigabitEthernet0/0/3] quit
Step 2 Enable the protection function on the designated interfaces of each root bridge.
# Enable root protection on GE0/0/1 of Switch A.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] stp root-protection
[SwitchA-GigabitEthernet0/0/1] quit
# Enable root protection on GE0/0/1 of Switch B.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] stp root-protection
[SwitchB-GigabitEthernet0/0/1] quit
Step 3 Configure Layer 2 forwarding on the switches in the ring.
l Create VLANs 2 and 3 on Switch A, Switch B, and Switch C.
# Create VLANs 2 and 3 on Switch A.
[SwitchA] vlan batch 2 to 3
# Create VLANs 2 and 3 on Switch B.
[SwitchB] vlan batch 2 to 3
# Create VLANs 2 and 3 on Switch C.
[SwitchC] vlan batch 2 to 3
l Add the interfaces connecting to the loops to VLANs.
# Add GE0/0/1 of Switch A to VLANs.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 2 to 3
[SwitchA-GigabitEthernet0/0/1] quit
# Add GE0/0/2 of Switch A to VLANs.
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 to 3
[SwitchA-GigabitEthernet0/0/2] quit
# Add GE0/0/1 of Switch B to VLANs.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type trunk
[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 2 to 3
[SwitchB-GigabitEthernet0/0/1] quit
# Add GE0/0/2 of Switch B to VLANs.
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type trunk
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 to 3
[SwitchB-GigabitEthernet0/0/2] quit
# Add GE0/0/1 of Switch C to VLANs.
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] port link-type trunk
[SwitchC-GigabitEthernet0/0/1] port trunk allow-pass vlan 2 to 3
[SwitchC-GigabitEthernet0/0/1] quit
# Add GE0/0/2 of Switch C to VLAN 2.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
240
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] port link-type access
[SwitchC-GigabitEthernet0/0/2] port default vlan 2
[SwitchC-GigabitEthernet0/0/2] quit
# Add GE0/0/3 of Switch C to VLAN 3.
[SwitchC] interface gigabitethernet 0/0/3
[SwitchC-GigabitEthernet0/0/3] port link-type access
[SwitchC-GigabitEthernet0/0/3] port default vlan 3
[SwitchC-GigabitEthernet0/0/3] quit
# Add GE0/0/4 of Switch C to VLANs.
[SwitchC] interface gigabitethernet 0/0/4
[SwitchC-GigabitEthernet0/0/4] port link-type trunk
[SwitchC-GigabitEthernet0/0/4] port trunk allow-pass vlan 2 to 3
[SwitchC-GigabitEthernet0/0/4] quit
Step 4 Verify the configuration.
After the preceding configurations are complete and the network topology becomes stable,
perform the following operations to verify the configuration.
NOTE
MSTI 1 and MSTI 2 are used as examples. You do not need to focus on the interface status in MSTI 0.
# Run the display stp brief command on Switch A to view the status and protection type on
interfaces. The displayed information is as follows:
[SwitchA] display stp brief
MSTID
Port
0
GigabitEthernet0/0/1
0
GigabitEthernet0/0/2
1
GigabitEthernet0/0/1
1
GigabitEthernet0/0/2
2
GigabitEthernet0/0/1
2
GigabitEthernet0/0/2
Role
DESI
DESI
DESI
DESI
DESI
ROOT
STP State
FORWARDING
FORWARDING
FORWARDING
FORWARDING
FORWARDING
FORWARDING
Protection
ROOT
NONE
ROOT
NONE
ROOT
NONE
In MSTI1, GE0/0/2 and GE0/0/1 of Switch A are set as designated interfaces because Switch A
is the root bridge of MSTI1. In MSTI2, GE0/0/1 of Switch A is set as the designated interface
and GE0/0/2 is set as the root interface.
# Run the display stp brief command on Switch B. The displayed information is as follows:
[SwitchB] display stp brief
MSTID
Port
0
GigabitEthernet0/0/1
0
GigabitEthernet0/0/2
1
GigabitEthernet0/0/1
1
GigabitEthernet0/0/2
2
GigabitEthernet0/0/1
2
GigabitEthernet0/0/2
Role
DESI
ROOT
DESI
ROOT
DESI
DESI
STP State
FORWARDING
FORWARDING
FORWARDING
FORWARDING
FORWARDING
FORWARDING
Protection
ROOT
NONE
ROOT
NONE
ROOT
NONE
In MSTI2, GE0/0/1 and GE0/0/2 of Switch B are set as designated interfaces because Switch B
is the root bridge of MSTI2. In MSTI1, GE0/0/1 of Switch B is set as the designated interface
and GE0/0/2 is set as the root interface.
# Run the display stp interface brief command on Switch C. The displayed information is as
follows:
[SwitchC] display stp interface gigabitethernet 0/0/1 brief
MSTID
Port
Role STP State
0
GigabitEthernet0/0/1
ROOT FORWARDING
1
GigabitEthernet0/0/1
ROOT FORWARDING
2
GigabitEthernet0/0/1
ALTE DISCARDING
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Protection
NONE
NONE
NONE
241
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[SwitchC] display stp interface gigabitethernet 0/0/4 brief
MSTID
Port
Role STP State
0
GigabitEthernet0/0/4
ALTE DISCARDING
1
GigabitEthernet0/0/4
ALTE DISCARDING
2
GigabitEthernet0/0/4
ROOT FORWARDING
Protection
NONE
NONE
NONE
GE0/0/1 of Switch C is the root interface of MSTI1, and is blocked in MSTI2. GE0/0/4 of Switch
C is the root interface of MSTI2, and is blocked in MSTI1.
Step 5 Connect devices.
# Assign an IP address to each interface, for example, the interfaces on SwitchA. The
configurations on SwitchB are similar to the configurations on SwitchA. For details, see the
configuration file.
[SwitchA] vlan batch 4
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] port link-type trunk
[SwitchA-GigabitEthernet0/0/3] port trunk allow-pass vlan 4
[SwitchA-GigabitEthernet0/0/3] quit
[SwitchA] interface vlanif 2
[SwitchA-Vlanif2] ip address 10.1.2.102 24
[SwitchA-Vlanif2] quit
[SwitchA] interface vlanif 3
[SwitchA-Vlanif3] ip address 10.1.3.102 24
[SwitchA-Vlanif3] quit
[SwitchA] interface vlanif 4
[SwitchA-Vlanif4] ip address 10.1.4.102 24
[SwitchA-Vlanif4] quit
# Run OSPF on SwitchA, SwitchB, and routers. The configurations on SwitchA are used as an
example. The configurations on SwitchB are similar to the configurations on SwitchA. For
details, see the configuration file.
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0]
[SwitchA-ospf-1-area-0.0.0.0]
[SwitchA-ospf-1-area-0.0.0.0]
[SwitchA-ospf-1-area-0.0.0.0]
[SwitchA-ospf-1] quit
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
network 10.1.4.0 0.0.0.255
quit
Step 6 Configure VRRP groups.
# Create VRRP group 1 on SwitchA and SwitchB. Set SwitchA as the master device, priority
to 120, and preemption delay to 20 seconds. Set SwitchB as the backup device and retain the
default priority.
[SwitchA] interface vlanif 2
[SwitchA-Vlanif2] vrrp vrid 1
[SwitchA-Vlanif2] vrrp vrid 1
[SwitchA-Vlanif2] vrrp vrid 1
[SwitchA-Vlanif2] quit
[SwitchB] interface vlanif 2
[SwitchB-Vlanif2] vrrp vrid 1
[SwitchB-Vlanif2] quit
virtual-ip 10.1.2.100
priority 120
preempt-mode timer delay 20
virtual-ip 10.1.2.100
# Create VRRP group 2 on SwitchA and SwitchB. Set SwitchB as the master device, priority to
120, and preemption delay to 20 seconds. Set SwitchA as the backup device and retain the default
priority.
[SwitchB] interface vlanif 3
[SwitchB-Vlanif3] vrrp vrid 2 virtual-ip 10.1.3.100
[SwitchB-Vlanif3] vrrp vrid 2 priority 120
[SwitchB-Vlanif3] vrrp vrid 2 preempt-mode timer delay 20
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
242
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[SwitchB-Vlanif3] quit
[SwitchA] interface vlanif 3
[SwitchA-Vlanif3] vrrp vrid 2 virtual-ip 10.1.3.100
[SwitchA-Vlanif3] quit
# Set the virtual IP address 10.1.2.100 of VRRP group 1 as the default gateway of Host A, and
the virtual IP address 10.1.3.100 of VRRP group 2 as the default gateway of Host B.
Step 7 Verify the configuration.
# After completing the preceding configurations, run the display vrrp command on SwitchA.
SwitchA's VRRP status is master in VRRP group 1 and backup in VRRP group 2.
<SwitchA> display vrrp
Vlanif2 | Virtual Router 1
State : Master
Virtual IP : 10.1.2.100
Master IP : 10.1.2.102
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES
Delay Time : 20 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-05-11 11:39:18 UTC
+08:00
Last change time : 2012-05-26 11:38:58 UTC+08:00
Vlanif3 | Virtual Router 2
State : Backup
Virtual IP : 10.1.3.100
Master IP : 10.1.3.103
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES
Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-05-11 11:40:18 UTC
+08:00
Last change time : 2012-05-26 11:48:58 UTC+08:00
# Run the display vrrp command on SwitchB. SwitchB's VRRP status is backup in VRRP group
1 and master in VRRP group 2.
<SwitchB> display vrrp
Vlanif2 | Virtual Router 1
State : Backup
Virtual IP : 10.1.2.100
Master IP : 10.1.2.102
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES
Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
243
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-05-11 11:39:18 UTC
+08:00
Last change time : 2012-05-26 11:38:58 UTC+08:00
Vlanif3 | Virtual Router 2
State : Master
Virtual IP : 10.1.3.100
Master IP : 10.1.3.103
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES
Delay Time : 20 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-05-11 11:40:18 UTC
+08:00
Last change time : 2012-05-26 11:48:58 UTC+08:00
----End
Configuration File
l
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 2 to 4
#
stp instance 1 root primary
stp instance 2 root secondary
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2
instance 2 vlan 3
active region-configuration
#
interface Vlanif2
ip address 10.1.2.102 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.2.100
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 20
#
interface Vlanif3
ip address 10.1.3.102 255.255.255.0
vrrp vrid 2 virtual-ip 10.1.3.100
#
interface Vlanif4
ip address 10.1.4.102 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 3
stp root-protection
#
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
244
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 4
#
ospf 1
area 0.0.0.0
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
network 10.1.4.0 0.0.0.255
#
return
l
Configuration file of Switch B
#
sysname SwitchB
#
vlan batch 2 to 3 5
#
stp instance 1 root secondary
stp instance 2 root primary
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2
instance 2 vlan 3
active region-configuration
#
interface Vlanif2
ip address 10.1.2.103 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.2.100
#
interface Vlanif3
ip address 10.1.3.103 255.255.255.0
vrrp vrid 2 virtual-ip 10.1.3.100
vrrp vrid 2 priority 120
vrrp vrid 2 preempt-mode timer delay 20
#
interface Vlanif5
ip address 10.1.5.103 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 3
stp root-protection
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 5
#
ospf 1
area 0.0.0.0
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
network 10.1.5.0 0.0.0.255
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
245
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
l
3 Ethernet
Configuration file of Switch C
#
sysname SwitchC
#
vlan batch 2 to 3
#
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2
instance 2 vlan 3
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 3
stp instance 2 cost 20000
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 2
stp disable
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 3
stp disable
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 3
stp instance 1 cost 20000
#
return
3.9.3 Example for Connecting CEs to the VPLS in Dual-Homing
Mode Through MSTP
Networking Requirements
As shown in Figure 3-40, each CE is dual-homed to PEs. The PEs establish a VPLS full mesh.
The CEs and PEs run the MSTP protocol. Generally, traffic is forwarded through the primary
link. When the primary link fails, traffic is switched to the secondary link.
NOTE
Only the S5310EI and S5300HI support this configuration.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
246
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-40 Network diagram for connecting CEs to the VPLS in dual-homing mode
1.1.1.1/32
2.2.2.2/32
PE2
PE1
GE0/0/1
GE0/0/1
GE0/0/2
GE0/0/2 GE0/0/2
GE0/0/3
VPLS
CE1
PC1
GE0/0/4
10.1.1.1/24
GE0/0/1
GE0/0/3
GE0/0/2
GE0/0/3
GE0/0/2 GE0/0/3
PE4
4.4.4.4/32
GE0/0/1
GE0/0/1
GE0/0/2
CE2
GE0/0/4
PC2
GE0/0/1
10.1.1.2/24
PE3
3.3.3.3/32
Switch
Interface
VLANIF interface
IP address
PE1
GigabitEthernet0/0/1
GigabitEthernet0/0/1.1
-
GigabitEthernet0/0/2
VLANIF 10
172.1.1.1/24
GigabitEthernet0/0/3
VLANIF 40
172.4.1.2/24
Loopback1
-
1.1.1.1/32
GigabitEthernet0/0/1
GigabitEthernet0/0/1.1
-
GigabitEthernet0/0/2
VLANIF 10
172.1.1.2/24
GigabitEthernet0/0/3
VLANIF 20
172.2.1.1/24
Loopback1
-
2.2.2.2/32
GigabitEthernet0/0/1
GigabitEthernet0/0/1.1
-
GigabitEthernet0/0/2
VLANIF 20
172.2.1.2/24
GigabitEthernet0/0/3
VLANIF 30
172.3.1.1/24
Loopback1
-
3.3.3.3/32
GigabitEthernet0/0/1
GigabitEthernet0/0/1.1
-
GigabitEthernet0/0/2
VLANIF 30
172.3.1.2/24
GigabitEthernet0/0/3
VLANIF 40
172.4.1.1/24
Loopback1
-
4.4.4.4/32
GigabitEthernet0/0/1
VLANIF 100
-
GigabitEthernet0/0/4
VLANIF 100
-
GigabitEthernet0/0/2
VLANIF 100
-
GigabitEthernet0/0/1
VLANIF 100
-
GigabitEthernet0/0/4
VLANIF 100
-
GigabitEthernet0/0/2
VLANIF 100
-
PE2
PE3
PE4
CE1
CE2
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
247
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the routing protocol on the backbone network to implement interworking.
2.
Set up a remote LDP session between the PEs.
3.
Establish a VPLS full mesh between PEs.
4.
Configure MSTP. Configure PE1 and PE2 as the primary roots, and configure PE3 and
PE4 as the secondary roots.
Procedure
Step 1 Configure the VLAN to which each interface belongs according to Figure 3-40.
NOTE
l Do not add the AC-side physical interface and PW-side physical interface of a PE to the same VLAN;
otherwise, a loop occurs.
l Packets sent from the CEs to the PEs must contain VLAN tags.
Step 2 Configure the IGP protocol. OSPF is used in this example.
When configuring OSPF, advertise 32-bit loopback interface addresses (LSR IDs) of PE1, PE2,
PE3, and PE4.
For the configuration procedure, see the S2350&S5300&S6300 Series Ethernet Switches
Configuration Guide - IP Routing.
After the configuration is complete, run the display ip routing-table command on PE1, P, and
PE2. The command output shows that PE1, P, and PE2 have learned routes from each other.
Step 3 Configure basic MPLS functions and LDP.
For the configuration details, see the S2350&S5300&S6300 Series Ethernet Switches
Configuration Guide - MPLS.
After the configuration is complete, run the display mpls ldp session command on PE1, P and
PE2. The command output shows that the peer relationships have been set up between PE1 and
P, and between P and PE2, and the status of the peer relationships is Operational. Run the display
mpls lsp command to view the information about the established LSP.
Step 4 Create a remote LDP session between PEs.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 4.4.4.4
[PE2-mpls-ldp-remote-4.4.4.4] remote-ip 4.4.4.4
[PE2-mpls-ldp-remote-4.4.4.4] quit
# Configure PE3.
[PE3] mpls ldp remote-peer 1.1.1.1
[PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
[PE3-mpls-ldp-remote-1.1.1.1] quit
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
248
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
# Configure PE4.
[PE4] mpls ldp remote-peer 2.2.2.2
[PE4-mpls-ldp-remote-2.2.2.2] remote-ip 2.2.2.2
[PE4-mpls-ldp-remote-2.2.2.2] quit
After the configuration is complete, run the display mpls ldp session command on the PEs. The
command output shows that the status of the remote LDP peer relationship is Operational,
indicating that remote LDP sessions have been set up. The output on PE1 is used as an example:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode)
SsnAge Unit(DDDD:HH:MM)
A "*" before a session means the session is being deleted.
-----------------------------------------------------------------------------PeerID
Status
LAM SsnRole SsnAge
KASent/Rcv
-----------------------------------------------------------------------------2.2.2.2:0
Operational DU
Passive 0000:00:03 15/15
3.3.3.3:0
Operational DU
Passive 0000:00:00 1/1
4.4.4.4:0
Operational DU
Passive 0000:00:03 14/14
-----------------------------------------------------------------------------TOTAL: 3 session(s) Found.
Step 5 Enable MPLS L2VPN on PE1.
# Configure PE1.
[PE1] mpls l2vpn
# Configure PE2.
[PE2] mpls l2vpn
# Configure PE3.
[PE3] mpls l2vpn
# Configure PE4.
[PE4] mpls l2vpn
Step 6 Configure a VSI on the PEs.
# Configure PE1.
[PE1] vsi a2 static
[PE1-vsi-a2] pwsignal ldp
[PE1-vsi-a2-ldp] vsi-id 2
[PE1-vsi-a2-ldp] peer 2.2.2.2
[PE1-vsi-a2-ldp] peer 3.3.3.3
[PE1-vsi-a2-ldp] peer 4.4.4.4
# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2] pwsignal ldp
[PE2-vsi-a2-ldp] vsi-id 2
[PE2-vsi-a2-ldp] peer 1.1.1.1
[PE2-vsi-a2-ldp] peer 3.3.3.3
[PE2-vsi-a2-ldp] peer 4.4.4.4
Configuration of PE3 and PE3 is similar to configuration of PE1 and PE2.
Step 7 Bind the VSI to interfaces on the PEs.
# Configure PE1.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
249
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[PE1] interface gigabitethernet 0/0/1.1
[PE1-GigabitEthernet0/0/1.1] dot1q termination vid 100
[PE1-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE1-GigabitEthernet0/0/1.1] quit
# Configure PE2.
[PE2] interface gigabitethernet 0/0/1.1
[PE2-GigabitEthernet0/0/1.1] dot1q termination vid 100
[PE2-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE2-GigabitEthernet0/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 0/0/1.1
[PE3-GigabitEthernet0/0/1.1] dot1q termination vid 100
[PE3-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE3-GigabitEthernet0/0/1.1] quit
# Configure PE4.
[PE4] interface gigabitethernet 0/0/1.1
[PE4-GigabitEthernet0/0/1.1] dot1q termination vid 100
[PE4-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE4-GigabitEthernet0/0/1.1] quit
Step 8 Configure STP.
1.
Configure the MST region and activate the region.
# Configure PE1.
[PE1] stp region-configuration
[PE1-mst-region] region-name RG1
[PE1-mst-region] active region-configuration
[PE1-mst-region] quit
# Configure PE4.
[PE4] stp region-configuration
[PE4-mst-region] region-name RG1
[PE4-mst-region] active region-configuration
[PE4-mst-region] quit
# Configure CE1.
[CE1] stp region-configuration
[CE1-mst-region] region-name RG1
[CE1-mst-region] active region-configuration
[CE1-mst-region] quit
# Configure PE2.
[PE2] stp region-configuration
[PE2-mst-region] region-name RG1
[PE2-mst-region] active region-configuration
[PE2-mst-region] quit
# Configure PE3.
[PE3] stp region-configuration
[PE3-mst-region] region-name RG1
[PE3-mst-region] active region-configuration
[PE3-mst-region] quit
# Configure CE2.
[CE2] stp region-configuration
[CE2-mst-region] region-name RG1
[CE2-mst-region] active region-configuration
[CE2-mst-region] quit
2.
Issue 04 (2013-11-06)
Configure the priorities of the PEs to make PE1 and PE2 the primary roots and PE3 and
PE4 the secondary roots.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
250
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
# Configure PE1.
[PE1] stp instance 0 priority 0
# Configure PE2.
[PE2] stp instance 0 priority 0
# Configure PE3.
[PE3] stp instance 0 priority 4096
# Configure PE4.
[PE4] stp instance 0 priority 4096
3.
Enable association between MSTP and VPLS on the CEs and PEs, and configure root
protection on the secondary roots.
# Configure CE1.
[CE1] stp enable
[CE1] interface gigabitethernet 0/0/4
[CE1-GigabitEthernet0/0/4] stp enable
[CE1-GigabitEthernet0/0/4] quit
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] stp enable
[CE1-GigabitEthernet0/0/1] quit
# Configure CE2.
[CE2] stp enable
[CE2] interface gigabitethernet 0/0/4
[CE2-GigabitEthernet0/0/4] stp enable
[CE2-GigabitEthernet0/0/4] quit
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] stp enable
[CE2-GigabitEthernet0/0/1] quit
# Configure PE1.
[PE1] stp enable
[PE1] interface gigabitethernet 0/0/1
[PE1-GigabitEthernet0/0/1] stp vpls-subinterface enable
[PE1-GigabitEthernet0/0/1] stp enable
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] stp disable
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface gigabitethernet 0/0/3
[PE1-GigabitEthernet0/0/3] stp disable
[PE1-GigabitEthernet0/0/3] quit
# Configure PE2.
[PE2] stp enable
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] stp vpls-subinterface enable
[PE2-GigabitEthernet0/0/1] stp enable
[PE2-GigabitEthernet0/0/1] quit
[PE2] interface gigabitethernet 0/0/2
[PE2-GigabitEthernet0/0/2] stp disable
[PE2-GigabitEthernet0/0/2] quit
[PE2] interface gigabitethernet 0/0/3
[PE2-GigabitEthernet0/0/3] stp disable
[PE2-GigabitEthernet0/0/3] quit
# Configure PE3.
[PE3] stp enable
[PE3] interface gigabitethernet 0/0/1
[PE3-GigabitEthernet0/0/1] stp vpls-subinterface enable
[PE3-GigabitEthernet0/0/1] stp root-protection
[PE3-GigabitEthernet0/0/1] stp enable
[PE3-GigabitEthernet0/0/1] quit
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
251
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[PE3] interface gigabitethernet 0/0/2
[PE3-GigabitEthernet0/0/2] stp disable
[PE3-GigabitEthernet0/0/2] quit
[PE3] interface gigabitethernet 0/0/3
[PE3-GigabitEthernet0/0/3] stp disable
[PE3-GigabitEthernet0/0/3] quit
# Configure PE4.
[PE4] stp enable
[PE4] interface gigabitethernet 0/0/1
[PE4-GigabitEthernet0/0/1] stp vpls-subinterface enable
[PE4-GigabitEthernet0/0/1] stp root-protection
[PE4-GigabitEthernet0/0/1] stp enable
[PE4-GigabitEthernet0/0/1] quit
[PE4] interface gigabitethernet 0/0/2
[PE4-GigabitEthernet0/0/2] stp disable
[PE4-GigabitEthernet0/0/2] quit
[PE4] interface gigabitethernet 0/0/3
[PE4-GigabitEthernet0/0/3] stp disable
[PE4-GigabitEthernet0/0/3] quit
Step 9 Verify the configuration.
Run the display vsi name a2 verbose command on PE1. The command output shows that the
VSI state is Up.
<PE1> display vsi name a2 verbose
***VSI Name
Administrator VSI
Isolate Spoken
VSI Index
PW Signaling
Member Discovery Style
PW MAC Learn Style
Encapsulation Type
MTU
Mode
Service Class
Color
DomainId
Domain Name
VSI State
VSI ID
*Peer Router ID
VC Label
Peer Type
Session
Tunnel ID
*Peer Router ID
VC Label
Peer Type
Session
Tunnel ID
*Peer Router ID
VC Label
Peer Type
Session
Tunnel ID
Interface Name
State
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
a2
no
disable
0
ldp
static
unqualify
vlan
1500
uniform
--0
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
2
2.2.2.2
27648
dynamic
up
0x10001,
3.3.3.3
27649
dynamic
up
0x10002,
4.4.4.4
27650
dynamic
up
0x10003,
up
: GigabitEthernet 0/0/1.1
: up
**PW Information:
*Peer Ip Address
Issue 04 (2013-11-06)
: 2.2.2.2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
252
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
PW State
Local VC Label
Remote VC Label
PW Type
Tunnel ID
*Peer Ip Address
PW State
Local VC Label
Remote VC Label
PW Type
Tunnel ID
*Peer Ip Address
PW State
Local VC Label
Remote VC Label
PW Type
Tunnel ID
3 Ethernet
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
up
27648
27648
label
0x10001,
3.3.3.3
up
27649
27649
label
0x10002,
4.4.4.4
up
27650
27650
label
0x10003,
PC1 (10.1.1.1) can ping PC2 (10.1.1.2).
<PC1> ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94
--- 10.1.1.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 34/68/94 ms
ms
ms
ms
ms
ms
When the link between CE1 and PE1 fails or PE1 is faulty, PE4 becomes the primary root. In
this case, PC1 and PE2 can still ping each other.
----End
Configuration Files
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 100
#
stp enable
#
interface Vlanif100
#
stp regionconfiguration
region-name
RG1
active regionconfiguration
#
interface GigabitEthernet 0/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
interface GigabitEthernet 0/0/2
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
253
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
interface GigabitEthernet 0/0/4
port link-type trunk
port trunk allow-pass vlan 100
#
return
l
Configuration file of CE2
#
sysname CE2
#
vlan batch 100
#
stp enable
#
interface Vlanif100
#
stp regionconfiguration
region-name
RG1
active regionconfiguration
#
interface GigabitEthernet 0/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
interface GigabitEthernet 0/0/2
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet 0/0/4
port link-type trunk
port trunk allow-pass vlan 100
#
return
l
Configuration file of PE1
#
sysname PE1
#
vlan batch 10 40
#
stp instance 0 priority 0
stp enable
#
stp regionconfiguration
region-name
RG1
active regionconfiguration
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 2.2.2.2
peer 3.3.3.3
peer 4.4.4.4
#
mpls ldp
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
254
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
#
interface Vlanif 10
ip address 172.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 40
ip address 172.4.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet 0/0/1
stp vpls-subinterface enable
#
interface GigabitEthernet 0/0/1.1
dot1q termination vid 100
l2 binding vsi a2
#
interface GigabitEthernet 0/0/2
port hybrid pvid vlan 10
port hybrid tagged vlan 10
stp disable
#
interface GigabitEthernet0/0/3
port hybrid pvid vlan 40
port hybrid tagged vlan 40
stp disable
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 172.1.1.0 0.0.0.255
network 172.4.1.0 0.0.0.255
#
return
l
Configuration file of PE2
#
sysname PE2
#
vlan batch 10 20
#
stp instance 0 priority 0
stp enable
#
stp regionconfiguration
region-name
RG1
active regionconfiguration
#
mpls lsr-id 2.2.2.2
mpls
#
mpls l2vpn
#
vsi a2 static
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
255
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
pwsignal ldp
vsi-id 2
peer 1.1.1.1
peer 3.3.3.3
peer 4.4.4.4
#
mpls ldp
#
mpls ldp remote-peer 4.4.4.4
remote-ip 4.4.4.4
#
interface Vlanif10
ip address 172.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif20
ip address 172.2.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet 0/0/1
stp vpls-subinterface enable
#
interface GigabitEthernet 0/0/1.1
dot1q termination vid 100
l2 binding vsi a2
#
interface GigabitEthernet 0/0/2
port link-type trunk
port trunk allow-pass vlan 10
stp disable
#
interface GigabitEthernet 0/0/3
port link-type trunk
port trunk allow-pass vlan 20
stp disable
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 172.1.1.0 0.0.0.255
network 172.2.1.0 0.0.0.255
network 2.2.2.2 0.0.0.0
#
return
l
Configuration file of PE3
#
sysname PE3
#
vlan batch 20 30
#
stp instance 0 priority 4096
stp enable
#
stp regionconfiguration
region-name
RG1
active regionconfiguration
#
mpls lsr-id 3.3.3.3
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
256
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.1
peer 2.2.2.2
peer 4.4.4.4
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
#
interface Vlanif20
ip address 172.2.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 172.3.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet 0/0/1
stp root-protection
stp vpls-subinterface enable
#
interface GigabitEthernet 0/0/1.1
dot1q termination vid 100
l2 binding vsi a2
#
interface GigabitEthernet 0/0/2
port link-type trunk
port trunk allow-pass vlan 20
stp disable
#
interface GigabitEthernet 0/0/3
port link-type trunk
port trunk allow-pass vlan 30
stp disable
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 172.2.1.0 0.0.0.255
network 172.3.1.0 0.0.0.255
network 3.3.3.3 0.0.0.0
#
return
l
Configuration file of PE4
#
sysname PE4
#
vlan batch 30 40
#
stp instance 0 priority 4096
stp enable
#
stp regionconfiguration
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
257
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
region-name
RG1
active regionconfiguration
#
mpls lsr-id 4.4.4.4
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.1
peer 2.2.2.2
peer 3.3.3.3
#
mpls ldp
#
mpls ldp remote-peer 2.2.2.2
remote-ip 2.2.2.2
#
interface Vlanif30
ip address 172.3.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 172.4.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet 0/0/1
stp root-protection
stp vpls-subinterface enable
#
interface GigabitEthernet 0/0/1.1
dot1q termination vid 100
l2 binding vsi a2
#
interface GigabitEthernet 0/0/2
port link-type trunk
port trunk allow-pass vlan 30
stp disable
#
interface GigabitEthernet 0/0/3
port link-type trunk
port trunk allow-pass vlan 40
stp disable
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
ospf 1
area 0.0.0.0
network 172.3.1.0 0.0.0.255
network 172.4.1.0 0.0.0.255
network 4.4.4.4 0.0.0.0
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
258
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
3.9.4 Example for Configuring MSTP Multi-Process for Layer 2
Single-Access Rings and Layer 2 Multi-Access Rings
Networking Requirements
On the network with both Layer 2 single-access rings and multi-access rings deployed, switching
devices transmit both Layer 2 and Layer 3 services. To enable different rings to transmit different
services, configure MSTP multi-process. Spanning trees of different processes are calculated
independently.
As shown in Figure 3-41, both Layer 2 single-access rings and dual-access rings are deployed
and switches A and B carry both Layer 2 and Layer 3 services. Switches A and B connected to
dual-access rings are also connected to a single-access ring.
NOTE
In the ring where MSTP multi-process is configured, you are advised not to block the interface directly
connected to the root protection-enabled designated port.
Figure 3-41 MSTP multi-process for Layer 2 single-access rings and multi-access rings
Network
SwitchC
GE0/0/5
GE0/0/5
Region name:RG1
PE1
CE
GE0/0/4
GE0/0/3
SwitchA
GE0/0/1
GE0/0/2
SwitchB
GE0/0/1
PE2
GE0/0/4
GE0/0/2
CE
GE0/0/3
CE
CE
Instance1:VLAN2~100
Process 1
Instance3:VLAN201~300
CE
CE
Process 3
Instance2:VLAN101~200
Process 2
Configuration Roadmap
The configuration roadmap is as follows:
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
259
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1.
3 Ethernet
Configure basic MSTP functions, add devices to MST regions, and create MSTIs.
NOTE
l Each ring can belong to only one region.
l Each CE can join only one ring.
2.
3.
Configure multiple MSTP processes:
a.
Create multiple MSTP processes and add interfaces to these processes.
b.
Configure a shared link.
Configure MSTP protection functions:
l Configure priorities of MSTP processes and enable root protection.
l Configure shared link protection.
4.
Configure the Layer 2 forwarding function on devices.
Procedure
Step 1 Configure basic MSTP functions, add devices to an MST region, and create MSTIs.
1.
Configure MST regions and create MSTIs.
# Configure an MST region and create MSTIs on SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name RG1
[SwitchA-mst-region] instance 1 vlan 2 to 100
[SwitchA-mst-region] instance 2 vlan 101 to 200
[SwitchA-mst-region] instance 3 vlan 201 to 300
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
# Configure an MST region and create MSTIs on SwitchB.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] stp region-configuration
[SwitchB-mst-region] region-name RG1
[SwitchB-mst-region] instance 1 vlan 2 to 100
[SwitchB-mst-region] instance 2 vlan 101 to 200
[SwitchB-mst-region] instance 3 vlan 201 to 300
[SwitchB-mst-region] active region-configuration
[SwitchB-mst-region] quit
2.
Enable MSTP.
# Configure SwitchA.
[SwitchA] stp enable
# Configure SwitchB.
[SwitchB] stp enable
Step 2 Configure multiple MSTP processes.
1.
Create multiple MSTP processes and add interfaces to these processes.
# Create MSTP processes 1 and 2 on SwitchA.
[SwitchA] stp process 1
[SwitchA-mst-process-1] quit
[SwitchA] stp process 2
[SwitchA-mst-process-2] quit
# Create MSTP processes 2 and 3 on SwitchB.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
260
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[SwitchB] stp process 2
[SwitchB-mst-process-2] quit
[SwitchB] stp process 3
[SwitchB-mst-process-3] quit
# Add GE 0/0/3 and GE 0/0/4 on SwitchA to MSTP process 1 and GE 0/0/2 to MSTP
process 2.
[SwitchA] interface gigabitethernet 0/0/4
[SwitchA-GigabitEthernet0/0/4] stp enable
[SwitchA-GigabitEthernet0/0/4] bpdu enable
[SwitchA-GigabitEthernet0/0/4] stp binding process 1
[SwitchA-GigabitEthernet0/0/4] quit
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] stp enable
[SwitchA-GigabitEthernet0/0/3] bpdu enable
[SwitchA-GigabitEthernet0/0/3] stp binding process 1
[SwitchA-GigabitEthernet0/0/3] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] stp enable
[SwitchA-GigabitEthernet0/0/2] bpdu enable
[SwitchA-GigabitEthernet0/0/2] stp binding process 2
[SwitchA-GigabitEthernet0/0/2] quit
# Add GE 0/0/3 and GE 0/0/4 on SwitchB to MSTP process 3 and GE 0/0/2 to MSTP
process 2.
[SwitchB] interface gigabitethernet 0/0/4
[SwitchB-GigabitEthernet0/0/4] stp enable
[SwitchB-GigabitEthernet0/0/4] bpdu enable
[SwitchB-GigabitEthernet0/0/4] stp binding process 3
[SwitchB-GigabitEthernet0/0/4] quit
[SwitchB] interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] stp enable
[SwitchB-GigabitEthernet0/0/3] bpdu enable
[SwitchB-GigabitEthernet0/0/3] stp binding process 3
[SwitchB-GigabitEthernet0/0/3] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] stp enable
[SwitchB-GigabitEthernet0/0/2] bpdu enable
[SwitchB-GigabitEthernet0/0/2] stp binding process 2
[SwitchB-GigabitEthernet0/0/2] quit
2.
Configure a shared link.
# Configure SwitchA.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] stp enable
[SwitchA-GigabitEthernet0/0/1] bpdu enable
[SwitchA-GigabitEthernet0/0/1] stp binding process 2 link-share
[SwitchA-GigabitEthernet0/0/1] quit
# Configure SwitchB.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] stp enable
[SwitchB-GigabitEthernet0/0/1] bpdu enable
[SwitchB-GigabitEthernet0/0/1] stp binding process 2 link-share
[SwitchB-GigabitEthernet0/0/1] quit
3.
Enable the MSTP function in MSTP multi-process.
# Configure SwitchA.
[SwitchA] stp process 1
[SwitchA-stp-process-1]
[SwitchA-stp-process-1]
[SwitchA] stp process 2
[SwitchA-stp-process-2]
[SwitchA-stp-process-2]
stp enable
quit
stp enable
quit
# Configure SwitchB.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
261
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
[SwitchB] stp process 3
[SwitchB-stp-process-3]
[SwitchB-stp-process-3]
[SwitchB] stp process 2
[SwitchB-stp-process-2]
[SwitchB-stp-process-2]
3 Ethernet
stp enable
quit
stp enable
quit
Step 3 Configure MSTP protection functions.
l Configure priorities of MSTP processes and enable root protection.
# Configure SwitchA.
[SwitchA] stp process 1
[SwitchA-mst-process-1] stp instance 0 root primary
[SwitchA-mst-process-1] stp instance 1 root primary
[SwitchA-mst-process-1] quit
[SwitchA] stp process 2
[SwitchA-mst-process-2] stp instance 0 root primary
[SwitchA-mst-process-2] stp instance 2 root primary
[SwitchA-mst-process-2] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] stp root-protection
[SwitchA-GigabitEthernet0/0/2] quit
# Configure SwitchB.
[SwitchB] stp process 3
[SwitchB-stp-process-3] stp instance 0 root primary
[SwitchB-stp-process-3] stp instance 3 root primary
[SwitchB-stp-process-3] quit
[SwitchB] stp process 2
[SwitchB-stp-process-2] stp instance 0 root secondary
[SwitchB-stp-process-2] stp instance 2 root secondary
[SwitchB-stp-process-2] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] stp root-protection
[SwitchB-GigabitEthernet0/0/2] quit
NOTE
l In each ring, the priority of the MSTP process on the downstream CE must be lower than the priority
of the MSTP process on the switching device.
l For switches A and B on the dual-access ring, you are recommended to configure them as the
primary root bridges of different MSTIs.
l Configure shared link protection.
# Configure SwitchA.
[SwitchA] stp process 2
[SwitchA-stp-process-2] stp link-share-protection
[SwitchA-stp-process-2] quit
# Configure SwitchB.
[SwitchB] stp process 2
[SwitchB-stp-process-2] stp link-share-protection
[SwitchB-stp-process-2] quit
Step 4 Create VLANs and add interfaces to VLANs.
# Create VLANs 2 to 200 on SwitchA. Add GE 0/0/3 and GE 0/0/4 to VLANs 2 to 100, and add
GE 0/0/1 and GE 0/0/2 to VLANs 101 to 200.
[SwitchA] vlan batch 2 to 200
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/3] port
[SwitchA-GigabitEthernet0/0/3] port
[SwitchA-GigabitEthernet0/0/3] quit
[SwitchA] interface gigabitethernet
Issue 04 (2013-11-06)
0/0/3
link-type trunk
trunk allow-pass vlan 2 to 100
0/0/4
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
262
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
[SwitchA-GigabitEthernet0/0/4] port
[SwitchA-GigabitEthernet0/0/4] port
[SwitchA-GigabitEthernet0/0/4] quit
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] quit
3 Ethernet
link-type trunk
trunk allow-pass vlan 2 to 100
0/0/1
link-type trunk
trunk allow-pass vlan 101 to 200
0/0/2
link-type trunk
trunk allow-pass vlan 101 to 200
# Create VLANs 101 to 300 on SwitchB. Add GE 0/0/3 and GE 0/0/4 to VLANs 201 to 300,
and add GE 0/0/1 and GE 0/0/2 to VLANs 101 to 200.
[SwitchB] vlan batch 101 to 300
[SwitchB] interface gigabitethernet
[SwitchB-GigabitEthernet0/0/3] port
[SwitchB-GigabitEthernet0/0/3] port
[SwitchB-GigabitEthernet0/0/3] quit
[SwitchB] interface gigabitethernet
[SwitchB-GigabitEthernet0/0/4] port
[SwitchB-GigabitEthernet0/0/4] port
[SwitchB-GigabitEthernet0/0/4] quit
[SwitchB] interface gigabitethernet
[SwitchB-GigabitEthernet0/0/1] port
[SwitchB-GigabitEthernet0/0/1] port
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet
[SwitchB-GigabitEthernet0/0/2] port
[SwitchB-GigabitEthernet0/0/2] port
[SwitchB-GigabitEthernet0/0/2] quit
0/0/3
link-type trunk
trunk allow-pass vlan 201 to 300
0/0/4
link-type trunk
trunk allow-pass vlan 201 to 300
0/0/1
link-type trunk
trunk allow-pass vlan 101 to 200
0/0/2
link-type trunk
trunk allow-pass vlan 101 to 200
Step 5 Verify the configuration.
l Run the display stp interface brief command on SwitchA.
# GE 0/0/4 is a designated port in the CIST of MSTP process 1 and in MSTI 1.
[SwitchA] display stp process 1 interface GiabitEthernet 0/0/4 brief
MSTID
Port
Role STP State
Protection
0
GigabitEthernet0/0/4
DESI FORWARDING
NONE
1
GigabitEthernet0/0/4
DESI FORWARDING
NONE
# GE 0/0/2 is a designated port in the CIST of MSTP process 2 and in MSTI 2.
[SwitchA] display stp process 2 interface giabitethernet 0/0/2 brief
MSTID
Port
Role STP State
Protection
0
GigabitEthernet0/0/2
DESI FORWARDING
ROOT
2
GigabitEthernet0/0/2
DESI FORWARDING
ROOT
l Run the display stp interface brief command on SwitchB.
# GE 0/0/4 is a designated port in the CIST of MSTP process 3 and in MSTI 3.
[SwitchB] display stp process 3 interface giabitethernet 0/0/4 brief
MSTID
Port
Role STP State
Protection
0
GigabitEthernet0/0/4
DESI FORWARDING
NONE
3
GigabitEthernet0/0/4
DESI FORWARDING
NONE
# GE 0/0/2 is a designated port in the CIST of MSTP process 2 and in MSTI 2.
[SwitchB] display stp process 2 interface giabitethernet 0/0/2 brief
MSTID
Port
Role STP State
Protection
0
GigabitEthernet0/0/2
DESI FORWARDING
ROOT
2
GigabitEthernet0/0/2
DESI FORWARDING
ROOT
----End
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
263
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Configuration Files
Only the MSTP-related configuration files are provided.
l
Configuration file of SwitchA
#
sysname
SwitchA
#
vlan batch 2 to
300
#
stp enable
#
stp regionconfiguration
region-name
RG1
instance 1 vlan 2 to
100
instance 2 vlan 101 to
200
instance 3 vlan 201 to
300
active regionconfiguration
#
stp process
1
stp instance 0 root
primary
stp instance 1 root
primary
stp
enable
stp process
2
stp instance 0 root
primary
stp instance 2 root
primary
stp link-shareprotection
stp
enable
#
interface
GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 101 to
200
stp binding process 2 link-share
#
interface
GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 101 to
200
stp binding process
2
stp rootprotection
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
264
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
100
stp binding process
1
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to
100
stp binding process 1
#
return
l
Configuration file of SwitchB
#
sysname
SwitchB
#
vlan batch 2 to
300
#
stp enable
#
stp regionconfiguration
region-name
RG1
instance 1 vlan 2 to
100
instance 2 vlan 101 to
200
instance 3 vlan 201 to
300
active regionconfiguration
#
stp process
2
stp instance 0 root
secondary
stp instance 2 root
secondary
stp link-shareprotection
stp
enable
stp process
3
stp instance 0 root
primary
stp instance 3 root
primary
stp
enable
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 101 to
200
stp binding process 2 linkshare
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 101 to
200
stp binding process
2
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
265
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
stp rootprotection
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 201 to
300
stp binding process
3
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 201 to
300
stp binding process
3
#
return
3.10 SEP Configuration
Smart Ethernet Protection (SEP) is a ring network protocol specially used for the Ethernet link
layer. It blocks redundant links to prevent logical loops on a ring network.
3.10.1 Example for Configuring SEP on a Closed Ring Network
Networking Requirements
Generally, redundant links are used to connect an Ethernet switching network to an upper-layer
network to provide link backup and enhance network reliability. The use of redundant links,
however, may produce loops, causing broadcast storms and rendering the MAC address table
unstable. As a result, communication quality deteriorates, and services may even be interrupted.
SEP can be deployed on the ring network to eliminate loops and restore communication if a link
fault occurs.
In the closed ring networking, CE1 is dual-homed to a Layer 2 network through multiple Layer
2 switching devices. The two edge devices connected to the upper-layer Layer 2 network are
directly connected to each other. The closed ring network is deployed at the aggregation layer
to transparently transmit Layer 2 unicast and multicast packets. SEP runs at the aggregation layer
to implement link redundancy.
As shown in Figure 3-42, Layer 2 switching devices LSW1 to LSW5 form a ring network.
SEP runs at the aggregation layer.
l
When there is no faulty link on a ring network, SEP can eliminate loops on the network.
l
When a link fails on the ring network, SEP can rapidly restore communication between
nodes on the network.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
266
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Core
Figure 3-42 Networking diagram of a closed ring SEP network
IP/MPLS Core
GE0/0/3
GE0/0/2
Aggregation
LSW1
GE0/0/1
GE0/0/3
GE0/0/2
LSW5
GE0/0/1
SEP
Segment1
GE0/0/1
GE0/0/1
LSW2
LSW4
GE0/0/2
GE0/0/1
LSW3
GE0/0/2
GE0/0/2
GE0/0/3
Access
GE0/0/1
CE1
VLAN
100
Primary Edge Port
Secondary Edge Port
Block Port
Configuration Roadmap
The configuration roadmap is as follows:
1.
Issue 04 (2013-11-06)
Configure basic SEP functions.
a.
Configure SEP segment 1 on LSW1 to LSW5 and configure VLAN 10 as the control
VLAN of SEP segment 1.
b.
Add all devices on the ring to SEP segment 1, and configure the roles of GE0/0/1 and
GE0/0/3 of LSW1 in SEP segment 1.
c.
On the device where the primary edge interface is located, specify the interface with
the highest priority to block.
d.
Set priorities of the interfaces in the SEP segment.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
267
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Set the highest priority for GE0/0/2 of LSW3 and retain the default priority of the
other interfaces so that GE0/0/2 of LSW3 will be blocked.
e.
2.
Configure delayed preemption on the device where the primary edge interface is
located.
Configure the Layer 2 forwarding function on CE1 and LSW1 to LSW5.
Procedure
Step 1 Configure basic SEP functions.
1.
Configure SEP segment 1 on LSW1 to LSW5 and configure VLAN 10 as the control VLAN
of SEP segment 1.
# Configure LSW1.
<HUAWEI> system-view
[HUAWEI] sysname LSW1
[LSW1] sep segment 1
[LSW1-sep-segment1] control-vlan 10
[LSW1-sep-segment1] protected-instance all
[LSW1-sep-segment1] quit
# Configure LSW2.
<HUAWEI> system-view
[HUAWEI] sysname LSW2
[LSW2] sep segment 1
[LSW2-sep-segment1] control-vlan 10
[LSW2-sep-segment1] protected-instance all
[LSW2-sep-segment1] quit
# Configure LSW3.
<HUAWEI> system-view
[HUAWEI] sysname LSW3
[LSW3] sep segment 1
[LSW3-sep-segment1] control-vlan 10
[LSW3-sep-segment1] protected-instance all
[LSW3-sep-segment1] quit
# Configure LSW4.
<HUAWEI> system-view
[HUAWEI] sysname LSW4
[LSW4] sep segment 1
[LSW4-sep-segment1] control-vlan 10
[LSW4-sep-segment1] protected-instance all
[LSW4-sep-segment1] quit
# Configure LSW5.
<HUAWEI> system-view
[HUAWEI] sysname LSW5
[LSW5] sep segment 1
[LSW5-sep-segment1] control-vlan 10
[LSW5-sep-segment1] protected-instance all
[LSW5-sep-segment1] quit
NOTE
l The control VLAN must be a VLAN that has not been created or used, but the configuration file
automatically displays the command for creating the VLAN.
l Each SEP segment must be configured with a control VLAN. After an interface is added to the
SEP segment configured with a control VLAN, the interface is automatically added to the control
VLAN.
2.
Issue 04 (2013-11-06)
Add all devices on the ring to SEP segment 1 and configure interface roles on the devices.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
268
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
NOTE
By default, STP is enabled on a Layer 2 interface. Before adding an interface to a SEP segment,
disable STP on the interface.
# On LSW1, configure GE0/0/1 as the primary edge interface and GE0/0/3 as the secondary
edge interface.
[LSW1] interface gigabitethernet 0/0/1
[LSW1-GigabitEthernet0/0/1] stp disable
[LSW1-GigabitEthernet0/0/1] sep segment 1 edge primary
[LSW1-GigabitEthernet0/0/1] quit
[LSW1] interface gigabitethernet 0/0/3
[LSW1-GigabitEthernet0/0/3] stp disable
[LSW1-GigabitEthernet0/0/3] sep segment 1 edge secondary
[LSW1-GigabitEthernet0/0/3] quit
# Configure LSW2.
[LSW2] interface gigabitethernet 0/0/1
[LSW2-GigabitEthernet0/0/1] stp disable
[LSW2-GigabitEthernet0/0/1] sep segment 1
[LSW2-GigabitEthernet0/0/1] quit
[LSW2] interface gigabitethernet 0/0/2
[LSW2-GigabitEthernet0/0/2] stp disable
[LSW2-GigabitEthernet0/0/2] sep segment 1
[LSW2-GigabitEthernet0/0/2] quit
# Configure LSW3.
[LSW3] interface gigabitethernet 0/0/1
[LSW3-GigabitEthernet0/0/1] stp disable
[LSW3-GigabitEthernet0/0/1] sep segment 1
[LSW3-GigabitEthernet0/0/1] quit
[LSW3] interface gigabitethernet 0/0/2
[LSW3-GigabitEthernet0/0/2] stp disable
[LSW3-GigabitEthernet0/0/2] sep segment 1
[LSW3-GigabitEthernet0/0/2] quit
# Configure LSW4.
[LSW4] interface gigabitethernet 0/0/1
[LSW4-GigabitEthernet0/0/1] stp disable
[LSW4-GigabitEthernet0/0/1] sep segment 1
[LSW4-GigabitEthernet0/0/1] quit
[LSW4] interface gigabitethernet 0/0/2
[LSW4-GigabitEthernet0/0/2] stp disable
[LSW4-GigabitEthernet0/0/2] sep segment 1
[LSW4-GigabitEthernet0/0/2] quit
# Configure LSW5.
[LSW5] interface gigabitethernet 0/0/1
[LSW5-GigabitEthernet0/0/1] stp disable
[LSW5-GigabitEthernet0/0/1] sep segment 1
[LSW5-GigabitEthernet0/0/1] quit
[LSW5] interface gigabitethernet 0/0/3
[LSW5-GigabitEthernet0/0/3] stp disable
[LSW5-GigabitEthernet0/0/3] sep segment 1
[LSW5-GigabitEthernet0/0/3] quit
3.
Issue 04 (2013-11-06)
Specify an interface to block.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
269
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
# On LSW1 where the primary edge interface is located, specify the interface with the
highest priority to block.
[LSW1] sep segment 1
[LSW1-sep-segment1] block port optimal
4.
Set the priority of GE0/0/2 on LSW3.
[LSW3] interface gigabitethernet 0/0/2
[LSW3-GigabitEthernet0/0/2] sep segment 1 priority 128
[LSW3-GigabitEthernet0/0/2] quit
5.
Configure the preemption mode.
# Configure delayed preemption on LSW1.
[LSW1-sep-segment1] preempt delay 30
[LSW1-sep-segment1] quit
NOTE
l You must set the preemption delay when delayed preemption is used because there is no default
delay time.
l When the last faulty interface recovers, edge interfaces do not receive any fault notification
packet. If the primary edge interface does not receive any fault notification packet, it starts the
delay timer. When the delay timer expires, nodes in the SEP segment start blocked interface
preemption.
To implement delayed preemption in this example, simulate a port fault and then rectify the fault.
For example:
Run the shutdown command on GE0/0/1 of LSW2 to simulate an interface fault, and then run
the undo shutdown command on GE0/0/2 to rectify the fault.
Step 2 Configure the Layer 2 forwarding function on CE1 and LSW1 to LSW5.
For details about the configuration, see the configuration files.
Step 3 Verify the configuration.
l Run the shutdown command on GE0/0/1 of LSW3 to simulate an interface fault, and then
run the display sep interface command on LSW3 to check whether GE0/0/2 of LSW3 has
switched from the Discarding state to the Forwarding state.
<LSW3> display sep interface gigabitethernet 0/0/2
SEP segment 1
---------------------------------------------------------------Interface
Port Role
Neighbor Status
Port Status
---------------------------------------------------------------GE0/0/2
common
up
forwarding
----End
Configuration Files
l
Configuration file of LSW1
#
sysname LSW1
#
vlan batch 10 100 200
#
sep segment 1
control-vlan 10
block port optimal
preempt delay 30
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
270
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
port hybrid tagged vlan 10 100
stp disable
sep segment 1 edge primary
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 200
port hybrid tagged vlan 100
port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1 edge secondary
#
return
l
Configuration file of LSW2
#
sysname LSW2
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
return
l
Configuration file of LSW3
#
sysname LSW3
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 10 100
stp disable
sep segment 1
sep segment 1 priority 128
#
interface GigabitEthernet0/0/3
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
271
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
port hybrid tagged vlan 100
#
return
l
Configuration file of LSW4
#
sysname LSW4
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
return
l
Configuration file of LSW5
#
sysname LSW5
#
vlan batch 10 100 200
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 200
port hybrid tagged vlan 100
port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1
#
return
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 100
#
interface GigabitEthernet0/0/1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
272
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
port hybrid tagged vlan 100
#
return
3.10.2 Example for Configuring SEP on a Multi-Ring Network
Networking Requirements
Generally, redundant links are used to connect an Ethernet switching network to an upper-layer
network to provide link backup and enhance network reliability. The use of redundant links,
however, may produce loops, causing broadcast storms and rendering the MAC address table
unstable. As a result, communication quality deteriorates, and services may even be interrupted.
SEP can be deployed on the ring network to eliminate loops and restore communication if a link
fault occurs.
In multi-ring networking, multiple rings consisting of Layer 2 switching devices are deployed
at the access layer and aggregation layer. SEP runs at the access layer and aggregation layer to
implement link redundancy.
As shown in Figure 3-43, multiple Layer 2 switching devices form ring networks at the access
layer and aggregation layer.
SEP runs at the access layer and aggregation layer. When there is no faulty link on a ring network,
SEP can eliminate loops on the network. When a link fails on the ring network, SEP can rapidly
restore communication between nodes on the network.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
273
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Core
Figure 3-43 Networking diagram of a multi-ring SEP network
IP/MPLS Core
GE0/0/2
GE0/0/2
GE0/0/3 GE0/0/3
LSW1
Aggregation
GE0/0/1
GE0/0/1
LSW2
GE0/0/2
LSW6
GE0/0/2
GE0/0/1
GE0/0/3
LSW4
GE0/0/1
G
GE0/0/2
E0
/0 LSW3
/3
GE0/0/4
GE0/0/2
GE0/0/1
Se S
gm E P
GE0/0/2
en
t3
LSW8
GE0/0/2
Se S
gm EP
en
t2
GE0/0/1
GE0/0/1
GE0/0/2
GE0/0/1
Access
SEP
Segment 1
LSW5
LSW11
GE0/0/1
LSW9 GE0/0/1
GE0/0/1
GE0/0/2
LSW7 GE0/0/3
LSW10 GE0/0/3
GE0/0/1
GE0/0/1
CE2
VLAN
200
CE1
VLAN
100
Primary Edge Port
Control VLAN 10
Secondary Edge Port
Control VLAN 20
Block Port
Control VLAN 30
Configuration Roadmap
The configuration roadmap is as follows:
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
274
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1.
3 Ethernet
Configure basic SEP functions.
a.
Configure SEP segments 1 to 3 and configure VLAN 10, VLAN 20, and VLAN 30
as their respective control VLANs.
l Configure SEP segment 1 on LSW1 to LSW5 and configure VLAN 10 as the
control VLAN of SEP segment 1.
l Configure SEP segment 2 on LSW2, LSW3, and LSW6 to LSW8, and configure
VLAN 20 as the control VLAN of SEP segment 2.
l Configure SEP segment 3 on LSW3, LSW4, and LSW9 to LSW11, and configure
VLAN 30 as the control VLAN of SEP segment 3.
b.
Add devices on the rings to the SEP segments and configure interface roles on the
edge devices of the SEP segments.
l On LSW1 to LSW5, add the interfaces on the ring at the access layer to SEP
segment 1. Configure the roles of GE0/0/1 and GE0/0/3 of LSW1 in SEP segment
1.
l Add GE0/0/2 of LSW2, GE0/0/1 and GE0/0/2 of LSW6 to LSW8, and GE0/0/2
of LSW3 to SEP segment 2. Configure the roles of GE0/0/2 of LSW2 and
GE0/0/2 of LSW3 in SEP segment 2.
l Add GE0/0/1 of LSW3, GE0/0/1 and GE0/0/2 of LSW9 to LSW11, and
GE0/0/1 of LSW4 to SEP segment 3. Configure the roles of GE0/0/1 of LSW3
and GE0/0/1 of LSW4 in SEP segment 3.
c.
Specify an interface to block on the device where the primary edge interface is located.
l In SEP segment 1, specify the interface with the highest priority to block.
l In SEP segment 2, specify the device and interface names to block the specified
interface.
l In SEP segment 3, specify the blocked interface based on the configured hop count.
d.
Configure the preemption mode on the device where the primary edge interface is
located.
Configure delayed preemption in SEP segment 1 and manual preemption in SEP
segment 2 and SEP segment 3.
e.
2.
Configure the topology change notification function on the edge devices between SEP
segments, namely, LSW2, LSW3, and LSW4.
Configure the Layer 2 forwarding function on CE1, CE2, and LSW1 to LSW11.
Procedure
Step 1 Configure basic SEP functions.
1.
Configure SEP segments 1 to 3 and configure VLAN 10, VLAN 20, and VLAN 30 as their
respective control VLANs, as shown in Figure 3-43.
# Configure LSW1.
<HUAWEI> system-view
[HUAWEI] sysname LSW1
[LSW1] sep segment 1
[LSW1-sep-segment1] control-vlan 10
[LSW1-sep-segment1] protected-instance all
[LSW1-sep-segment1] quit
# Configure LSW2.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
275
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
<HUAWEI> system-view
[HUAWEI] sysname LSW2
[LSW2] sep segment 1
[LSW2-sep-segment1] control-vlan 10
[LSW2-sep-segment1] protected-instance all
[LSW2-sep-segment1] quit
[LSW2] sep segment 2
[LSW2-sep-segment2] control-vlan 20
[LSW2-sep-segment2] protected-instance all
[LSW2-sep-segment2] quit
# Configure LSW3.
<HUAWEI> system-view
[HUAWEI] sysname LSW3
[LSW3] sep segment 1
[LSW3-sep-segment1] control-vlan 10
[LSW3-sep-segment1] protected-instance all
[LSW3-sep-segment1] quit
[LSW3] sep segment 2
[LSW3-sep-segment2] control-vlan 20
[LSW3-sep-segment2] protected-instance all
[LSW3-sep-segment2] quit
[LSW3] sep segment 3
[LSW3-sep-segment3] control-vlan 30
[LSW3-sep-segment3] protected-instance all
[LSW3-sep-segment3] quit
# Configure LSW4.
<HUAWEI> system-view
[HUAWEI] sysname LSW4
[LSW4] sep segment 1
[LSW4-sep-segment1] control-vlan 10
[LSW4-sep-segment1] protected-instance all
[LSW4-sep-segment1] quit
[LSW4] sep segment 3
[LSW4-sep-segment3] control-vlan 30
[LSW4-sep-segment3] protected-instance all
[LSW4-sep-segment3] quit
# Configure LSW5.
<HUAWEI> system-view
[HUAWEI] sysname LSW5
[LSW5] sep segment 1
[LSW5-sep-segment1] control-vlan 10
[LSW5-sep-segment1] protected-instance all
[LSW5-sep-segment1] quit
# Configure LSW6 to LSW11.
The configurations of LSW6 to LSW11 are similar to the configurations of LSW1 to
LSW5 except for the control VLANs of different SEP segments.
For details about the configuration, see the configuration files.
NOTE
l The control VLAN must be a VLAN that has not been created or used, but the configuration file
automatically displays the command for creating the VLAN.
l Each SEP segment must be configured with a control VLAN. After an interface is added to the
SEP segment configured with a control VLAN, the interface is automatically added to the control
VLAN.
2.
Add devices on the rings to the SEP segments and configure interface roles according to
Figure 3-43.
NOTE
By default, STP is enabled on a Layer 2 interface. Before adding an interface to a SEP segment,
disable STP on the interface.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
276
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
# On LSW1, configure GE0/0/1 as the primary edge interface and GE0/0/3 as the secondary
edge interface.
[LSW1] interface gigabitethernet 0/0/1
[LSW1-GigabitEthernet0/0/1] stp disable
[LSW1-GigabitEthernet0/0/1] sep segment 1 edge primary
[LSW1-GigabitEthernet0/0/1] quit
[LSW1] interface gigabitethernet 0/0/3
[LSW1-GigabitEthernet0/0/3] stp disable
[LSW1-GigabitEthernet0/0/3] sep segment 1 edge secondary
[LSW1-GigabitEthernet0/0/3] quit
# Configure LSW2.
[LSW2] interface gigabitethernet 0/0/1
[LSW2-GigabitEthernet0/0/1] stp disable
[LSW2-GigabitEthernet0/0/1] sep segment 1
[LSW2-GigabitEthernet0/0/1] quit
[LSW2] interface gigabitethernet 0/0/3
[LSW2-GigabitEthernet0/0/3] stp disable
[LSW2-GigabitEthernet0/0/3] sep segment 1
[LSW2-GigabitEthernet0/0/3] quit
[LSW2] interface gigabitethernet 0/0/2
[LSW2-GigabitEthernet0/0/2] stp disable
[LSW2-sGigabitEthernet0/0/2] sep segment 2 edge primary
[LSW2-GigabitEthernet0/0/2] quit
# Configure LSW3.
[LSW3] interface gigabitethernet 0/0/3
[LSW3-GigabitEthernet0/0/3] stp disable
[LSW3-GigabitEthernet0/0/3] sep segment 1
[LSW3-GigabitEthernet0/0/3] quit
[LSW3] interface gigabitethernet 0/0/4
[LSW3-GigabitEthernet0/0/4] stp disable
[LSW3-GigabitEthernet0/0/4] sep segment 1
[LSW3-GigabitEthernet0/0/4] quit
[LSW3] interface gigabitethernet 0/0/2
[LSW3-GigabitEthernet0/0/2] stp disable
[LSW3-GigabitEthernet0/0/2] sep segment 2 edge secondary
[LSW3-GigabitEthernet0/0/2] quit
[LSW3] interface gigabitethernet 0/0/1
[LSW3-GigabitEthernet0/0/1] stp disable
[LSW3-GigabitEthernet0/0/1] sep segment 3 edge secondary
[LSW3-GigabitEthernet0/0/1] quit
# Configure LSW4.
[LSW4] interface gigabitethernet 0/0/2
[LSW4-GigabitEthernet0/0/2] stp disable
[LSW4-GigabitEthernet0/0/2] sep segment 1
[LSW4-GigabitEthernet0/0/2] quit
[LSW4] interface gigabitethernet 0/0/3
[LSW4-GigabitEthernet0/0/3] stp disable
[LSW4-GigabitEthernet0/0/3] sep segment 1
[LSW4-GigabitEthernet0/0/3] quit
[LSW4] interface gigabitethernet 0/0/1
[LSW4-GigabitEthernet0/0/1] stp disable
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
277
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[LSW4-GigabitEthernet0/0/1] sep segment 3 edge primary
[LSW4-GigabitEthernet0/0/1] quit
# Configure LSW5.
[LSW5] interface gigabitethernet 0/0/1
[LSW5-GigabitEthernet0/0/1] stp disable
[LSW5-GigabitEthernet0/0/1] sep segment 1
[LSW5-GigabitEthernet0/0/1] quit
[LSW5] interface gigabitethernet 0/0/3
[LSW5-GigabitEthernet0/0/3] stp disable
[LSW5-GigabitEthernet0/0/3] sep segment 1
[LSW5-GigabitEthernet0/0/3] quit
# Configure LSW6 to LSW11.
The configurations of LSW6 to LSW11 are similar to the configurations of LSW1 to
LSW5 except for the interface roles.
For details about the configuration, see the configuration files.
3.
Specify an interface to block.
# On LSW1 where the primary edge interface of SEP segment 1 is located, specify the
interface with the highest priority to block.
[LSW1] sep segment 1
[LSW1-sep-segment1] block port optimal
[LSW1-sep-segment1] quit
# On LSW3, set the priority of GE0/0/4 to 128, which is the highest priority among the
interfaces so that GE0/0/4 will be blocked.
[LSW3] interface gigabitethernet 0/0/4
[LSW3-GigabitEthernet0/0/4] sep segment 1 priority 128
[LSW3-GigabitEthernet0/0/4] quit
Retain the default priority of the other interfaces in SEP segment 1.
# On LSW2 where the primary edge interface of SPE segment 2 is located, specify the
device and interface names so that the specified interface will be blocked.
Before specifying the interface to block, use the display sep topology command to view
the current topology information and obtain information about all the interfaces in the
topology. Then specify the device and interface names.
[LSW2] sep segment 2
[LSW2-sep-segment2] block port sysname LSW7 interface gigabitethernet 0/0/1
[LSW2-sep-segment2] quit
# On LSW4 where the primary edge interface of SEP segment 3 is located, specify the
blocked interface based on the configured hop count.
[LSW4] sep segment 3
[LSW4-sep-segment3] block port hop 5
[LSW4-sep-segment3] quit
NOTE
SEP sets the hop count of the primary edge interface to 1 and the hop count of the secondary edge
interface to 2. Hop counts of other interfaces increase by steps of 1 in the downstream direction of
the primary interface.
4.
Configure the preemption mode.
# Configure delayed preemption on LSW1.
[LSW1] sep segment 1
[LSW1-sep-segment1] preempt delay 30
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
278
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
NOTE
l You must set the preemption delay when delayed preemption is used because there is no default
delay time.
l When the last faulty interface recovers, edge interfaces do not receive any fault notification
packet. If the primary edge interface does not receive any fault notification packet, it starts the
delay timer. When the delay timer expires, nodes in the SEP segment start blocked interface
preemption.
To implement delayed preemption in this example, simulate a port fault and then rectify the fault.
For example:
Run the shutdown command on GE0/0/1 of LSW2 to simulate an interface fault, and then run
the undo shutdown command on GE0/0/2 to rectify the fault.
# Configure manual preemption on LSW2.
[LSW2] sep segment 2
[LSW2-sep-segment2] preempt manual
# Configure the manual preemption mode on LSW4.
[LSW4] sep segment 3
[LSW4-sep-segment3] preempt manual
5.
Configure the topology change notification function.
# Configure devices in SEP segment 2 to notify SEP segment 1 of topology changes.
# Configure LSW2.
[LSW2] sep segment 2
[LSW2-sep-segment2] tc-notify segment 1
[LSW2-sep-segment2] quit
# Configure LSW3.
[LSW3] sep segment 2
[LSW3-sep-segment2] tc-notify segment 1
[LSW3-sep-segment2] quit
# Configure SEP segment 3 to notify SEP segment 1 of topology changes.
# Configure LSW3.
[LSW3] sep segment 3
[LSW3-sep-segment3] tc-notify segment 1
[LSW3-sep-segment3] quit
# Configure LSW4.
[LSW4] sep segment 3
[LSW4-sep-segment3] tc-notify segment 1
[LSW4-sep-segment3] quit
NOTE
The topology change notification function is configured on edge devices between SEP segments so
that the upper-layer network can be notified of topology changes on the lower-layer network.
Step 2 Configure the Layer 2 forwarding function on the CEs and LSW1 to LSW11.
For details about the configuration, see the configuration files.
Step 3 Verify the configuration.
After completing the preceding configurations, verify the configuration. LSW1 is used as an
example.
l Run the shutdown command on GE0/0/1 of LSW2 to simulate an interface fault, and then
run the display sep interface command on LSW3 to check whether GE0/0/4 of LSW3 has
switched from the Discarding state to the Forwarding state.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
279
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
<LSW3> display sep interface gigabitethernet 0/0/4
SEP segment 1
---------------------------------------------------------------Interface
Port Role
Neighbor Status
Port Status
---------------------------------------------------------------GE0/0/4
common
up
forwarding
----End
Configuration Files
l
Configuration file of LSW1
#
sysname LSW1
#
vlan batch 10 100 200 300
#
sep segment 1
control-vlan 10
block port optimal
preempt delay 30
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1 edge primary
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 300
port hybrid tagged vlan 100 200
port hybrid untagged vlan 300
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 10 100 200 300
stp disable
sep segment 1 edge secondary
#
return
l
Configuration file of LSW2
#
sysname LSW2
#
vlan batch 10 20 100 200
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
sep segment 2
control-vlan 20
block port sysname LSW7 interface GigabitEthernet0/0/1
tc-notify segment 1
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1
#
interface GigabitEthernet0/0/2
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
280
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
port hybrid tagged vlan 20 200
stp disable
sep segment 2 edge primary
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1
#
return
l
Configuration file of LSW3
#
sysname LSW3
#
vlan batch 10 20 30 100 200
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
sep segment 2
control-vlan 20
tc-notify segment 1
protected-instance 0 to 48
sep segment 3
control-vlan 30
tc-notify segment 1
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 30 100
stp disable
sep segment 3 edge secondary
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 20 200
stp disable
sep segment 2 edge secondary
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1
#
interface GigabitEthernet0/0/4
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1
sep segment 1 priority 128
#
return
l
Configuration file of LSW4
#
sysname LSW4
#
vlan batch 10 30 100 200
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
sep segment 3
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
281
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
control-vlan 30
block port hop 5
tc-notify segment 1
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 30 100
stp disable
sep segment 3 edge primary
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1
#
return
l
Configuration file of LSW5
#
sysname LSW5
#
vlan batch 10 100 200 300
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 300
port hybrid tagged vlan 100 200
port hybrid untagged vlan 300
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 10 100 200 300
stp disable
sep segment 1
#
return
l
Configuration file of LSW6
#
sysname LSW6
#
vlan batch 20 200
#
sep segment 2
control-vlan 20
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
282
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
port hybrid tagged vlan 20 200
stp disable
sep segment 2
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 20 200
stp disable
sep segment 2
#
return
l
Configuration file of LSW7
#
sysname LSW7
#
vlan batch 20 200
#
sep segment 2
control-vlan 20
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 20 200
stp disable
sep segment 2
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 20 200
stp disable
sep segment 2
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 200
#
return
l
Configuration file of LSW8
#
sysname LSW8
#
vlan batch 20 200
#
sep segment 2
control-vlan 20
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 20 200
stp disable
sep segment 2
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 20 200
stp disable
sep segment 2
#
return
l
Configuration file of LSW9
#
sysname LSW9
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
283
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
vlan batch 30 100
#
sep segment 3
control-vlan 30
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 30 100
stp disable
sep segment 3
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 30 100
stp disable
sep segment 3
#
return
l
Configuration file of LSW10
#
sysname LSW10
#
vlan batch 30 100
#
sep segment 3
control-vlan 30
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 30 100
stp disable
sep segment 3
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 30 100
stp disable
sep segment 3
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 100
#
return
l
Configuration file of LSW11
#
sysname LSW11
#
vlan batch 30 100
#
sep segment 3
control-vlan 30
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 30 100
stp disable
sep segment 3
#
interface GigabitEthernet0/0/2
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
284
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
port hybrid tagged vlan 30 100
stp disable
sep segment 3
#
return
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 100
#
return
l
Configuration file of CE2
#
sysname CE2
#
vlan batch 200
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 200
#
return
3.10.3 Example for Configuring a Hybrid SEP+MSTP Ring Network
Networking Requirements
Generally, redundant links are used to connect an Ethernet switching network to an upper-layer
network to provide link backup and enhance network reliability. The use of redundant links,
however, may produce loops, causing broadcast storms and rendering the MAC address table
unstable. As a result, communication quality deteriorates, and services may even be interrupted.
SEP can be deployed on the ring network to eliminate loops and restore communication if a link
fault occurs.
NOTE
In this example, devices at the aggregation layer run the MSTP protocol.
As shown in Figure 3-44, multiple Layer 2 switching devices form a ring at the access layer,
and multiple Layer 3 devices form a ring at the aggregation layer. The two devices where the
access layer and the aggregation layer are intersected do not support SEP. You can configure
SEP at the access layer to implement redundancy protection switching and configure the
topology change notification function on an edge device in a SEP segment. This function enables
an upper-layer network to detect topology changes in a lower-layer network in time.
l
When there is no faulty link on the ring network, SEP can eliminate loops.
l
When a link fails on the ring network, SEP can rapidly restore communication between
nodes.
l
The topology change notification function must be configured on an edge device in a SEP
segment. This enables an upper-layer network to detect topology changes in a lower-layer
network in time.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
285
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
After receiving a message indicating the topology change in a lower-layer network, a device on
an upper-layer network sends TC packets to instruct other devices to delete original MAC
addresses and learn new MAC addresses after the topology of the lower-layer network changes.
This ensures uninterrupted traffic forwarding.
Figure 3-44 Networking diagram of a hybrid-ring SEP network
Core
IP/MPLS Core
GE0/0/2
Aggregation
GE0/0/3
PE3
GE0/0/1
MSTP
PE2 GE0/0/2
PE1
GE0/0/2
GE0/0/3
Do not Support SEP
GE0/0/1
GE0/0/1
SEP
Segment1
LSW1
GE0/0/1
GE0/0/1
LSW2
GE0/0/2
GE0/0/2
Access
GE0/0/3
PE4
GE0/0/1
GE0/0/2
GE0/0/2
GE0/0/1
LSW3
GE0/0/3
GE0/0/1
CE
VLAN100
No-neighbor Primary Edge Port
No-neighbor Secondary Edge Port
Block Port(SEP)
Block Port(MSTP)
Configuration Roadmap
The configuration roadmap is as follows:
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
286
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1.
3 Ethernet
Configure basic SEP functions.
a.
Configure SEP segment 1 on LSW1 to LSW3 and configure VLAN 10 as the control
VLAN of SEP segment 1.
b.
Add LSW1 to LSW3 to SEP segment 1 and configure interface roles on the edge
devices (LSW1 and LSW2) of the SEP segment.
NOTE
PE1 and PE2 do not support the SEP protocol; therefore, the interfaces of LSW1 and LSW2
connected to the PEs must be no-neighbor edge interfaces.
2.
3.
c.
On the device where the no-neighbor primary edge interface is located, specify the
interface in the middle of the SEP segment as the interface to block.
d.
Configure manual preemption.
e.
Configure the topology change notification function so that the upper-layer network
running MSTP can be notified of topology changes in the SEP segment.
Configure basic MSTP functions.
a.
Add LSW1, LSW2, PE1 to PE4 to an MST region RG1.
b.
Create VLANs on LSW1, LSW2, PE1 to PE4 and add interfaces on the STP ring to
the VLANs.
c.
Configure PE3 as the root bridge and PE4 as the backup root bridge.
Configure the Layer 2 forwarding function on CE and LSW1 to LSW3.
Procedure
Step 1 Configure basic SEP functions.
1.
Configure SEP segment 1 on LSW1 to LSW3 and configure VLAN 10 as the control VLAN
of SEP segment 1.
# Configure LSW1.
<HUAWEI> system-view
[HUAWEI] sysname LSW1
[LSW1] sep segment 1
[LSW1-sep-segment1] control-vlan 10
[LSW1-sep-segment1] protected-instance all
[LSW1-sep-segment1] quit
# Configure LSW2.
<HUAWEI> system-view
[HUAWEI] sysname LSW2
[LSW2] sep segment 1
[LSW2-sep-segment1] control-vlan 10
[LSW2-sep-segment1] protected-instance all
[LSW2-sep-segment1] quit
# Configure LSW3.
<HUAWEI> system-view
[HUAWEI] sysname LSW3
[LSW3] sep segment 1
[LSW3-sep-segment1] control-vlan 10
[LSW3-sep-segment1] protected-instance all
[LSW3-sep-segment1] quit
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
287
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
NOTE
l The control VLAN must be a VLAN that has not been created or used, but the configuration file
automatically displays the command for creating the VLAN.
l Each SEP segment must be configured with a control VLAN. After an interface is added to the
SEP segment configured with a control VLAN, the interface is automatically added to the control
VLAN.
2.
Add LSW1 to LSW3 to SEP segment 1 and configure interface roles.
# Configure LSW1.
[LSW1] interface gigabitethernet 0/0/1
[LSW1-GigabitEthernet0/0/1] sep segment 1 edge no-neighbor primary
[LSW1-GigabitEthernet0/0/1] quit
[LSW1] interface gigabitethernet 0/0/2
[LSW1-GigabitEthernet0/0/2] stp disable
[LSW1-GigabitEthernet0/0/2] sep segment 1
[LSW1-GigabitEthernet0/0/2] quit
# Configure LSW2.
[LSW2] interface gigabitethernet 0/0/1
[LSW2-GigabitEthernet0/0/1] sep segment 1 edge no-neighbor secondary
[LSW2-GigabitEthernet0/0/1] quit
[LSW2] interface gigabitethernet 0/0/2
[LSW2-GigabitEthernet0/0/2] stp disable
[LSW2-GigabitEthernet0/0/2] sep segment 1
[LSW2-GigabitEthernet0/0/2] quit
# Configure LSW3.
[LSW3] interface gigabitethernet 0/0/1
[LSW3-GigabitEthernet0/0/1] stp disable
[LSW3-GigabitEthernet0/0/1] sep segment 1
[LSW3-GigabitEthernet0/0/1] quit
[LSW3] interface gigabitethernet 0/0/2
[LSW3-GigabitEthernet0/0/2] stp disable
[LSW3-GigabitEthernet0/0/2] sep segment 1
[LSW3-GigabitEthernet0/0/2] quit
3.
Specify an interface to block.
# On LSW1 where the no-neighbor primary edge interface of SEP segment 1 is located,
specify the interface in the middle of the SEP segment as the interface to block.
[LSW1] sep segment 1
[LSW1-sep-segment1] block port middle
4.
Configure the preemption mode.
# Configure the manual preemption mode on LSW1.
[LSW1-sep-segment1] preempt manual
5.
Configure the topology change notification function.
# Configure devices in SEP segment 1 to notify the MSTP network of topology changes.
# Configure LSW1.
[LSW1-sep-segment1] tc-notify stp
[LSW1-sep-segment1] quit
# Configure LSW2.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
288
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[LSW2] sep segment 1
[LSW2-sep-segment1] tc-notify stp
[LSW2-sep-segment1] quit
Step 2 Configure basic MSTP functions.
1.
Configure an MST region.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] stp region-configuration
[PE1-mst-region] region-name RG1
[PE1-mst-region] active region-configuration
[PE1-mst-region] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] stp region-configuration
[PE2-mst-region] region-name RG1
[PE2-mst-region] active region-configuration
[PE2-mst-region] quit
# Configure PE3.
<HUAWEI> system-view
[HUAWEI] sysname PE3
[PE3] stp region-configuration
[PE3-mst-region] region-name RG1
[PE3-mst-region] active region-configuration
[PE3-mst-region] quit
# Configure PE4.
<HUAWEI> system-view
[HUAWEI] sysname PE4
[PE4] stp region-configuration
[PE4-mst-region] region-name RG1
[PE4-mst-region] active region-configuration
[PE4-mst-region] quit
# Configure LSW1.
[LSW1] stp region-configuration
[LSW1-mst-region] region-name RG1
[LSW1-mst-region] active region-configuration
[LSW1-mst-region] quit
# Configure LSW2.
[LSW2] stp region-configuration
[LSW2-mst-region] region-name RG1
[LSW2-mst-region] active region-configuration
[LSW2-mst-region] quit
2.
Create VLANs and add interfaces to VLANs.
# On PE1, create VLAN 100 and add GE0/0/1, GE0/0/2, and GE0/0/3 to VLAN 100.
[PE1] vlan 100
[PE1-vlan100] quit
[PE1] interface gigabitethernet 0/0/1
[PE1-GigabitEthernet0/0/1] port hybrid tagged vlan 100
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface gigabitethernet 0/0/3
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
289
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[PE1-GigabitEthernet0/0/3] port hybrid tagged vlan 100
[PE1-GigabitEthernet0/0/3] quit
# On PE2, PE3, and PE4, create VLAN 100 and add GE0/0/1, GE0/0/2, and GE0/0/3 to
VLAN 100.
The configurations of PE2, PE3, and PE4 are similar to the configuration of PE1. For details
about the configuration, see the configuration files.
# On LSW1 and LSW2, create VLAN 100 and add GE0/0/1 to VLAN 100. The
configurations of LSW1 and LSW2 are similar to the configuration of PE1. For details
about the configuration, see the configuration files.
3.
Enable MSTP.
# Configure PE1.
[PE1] stp enable
# Configure PE2.
[PE2] stp enable
# Configure PE3.
[PE3] stp enable
# Configure PE4.
[PE4] stp enable
# Configure LSW1.
[LSW1] stp enable
# Configure LSW2.
[LSW2] stp enable
4.
Configure PE3 as the root bridge and PE4 as the backup root bridge.
# Set the priority of PE3 to 0 in MSTI0 to ensure that PE3 functions as the root bridge.
[PE3] stp root primary
# Set the priority of PE4 to 4096 in MSTI0 to ensure that PE4 functions as the backup root
bridge.
[PE4] stp root secondary
Step 3 Configure the Layer 2 forwarding function on the CE and LSW1 to LSW3.
For details about the configuration, see the configuration files.
Step 4 Verify the configuration.
After the configurations are complete and network becomes stable, run the following commands
to verify the configuration. LSW1 is used as an example.
l Run the shutdown command on GE0/0/1 of LSW2 to simulate an interface fault, and then
run the display sep interface command on LSW3 to check whether GE0/0/2 of LSW3 has
switched from the Discarding state to the Forwarding state.
<LSW3> display sep interface gigabitethernet 0/0/2
SEP segment 1
---------------------------------------------------------------Interface
Port Role
Neighbor Status
Port Status
---------------------------------------------------------------GE0/0/2
common
up
forwarding
----End
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
290
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Configuration Files
l
Configuration file of LSW1
#
sysname LSW1
#
vlan batch 10 100
#
stp enable
#
stp region-configuration
region-name RG1
active region-configuration
#
sep segment 1
control-vlan 10
block port middle
tc-notify stp
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10 100
sep segment 1 edge no-neighbor primary
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
return
l
Configuration file of LSW2
#
sysname LSW2
#
vlan batch 10 100
#
stp enable
#
stp region-configuration
region-name RG1
active region-configuration
#
sep segment 1
control-vlan 10
tc-notify stp
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10 100
sep segment 1 edge no-neighbor secondary
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
return
l
Configuration file of LSW3
#
sysname LSW3
#
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
291
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
vlan batch 10 100
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan vlan 100
#
return
l
Configuration file of PE1
#
sysname PE1
#
vlan batch 100
#
stp enable
#
stp region-configuration
region-name RG1
active region-configuration
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 100
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 100
#
return
l
Configuration file of PE2
#
sysname PE2
#
vlan batch 100
#
stp enable
#
stp region-configuration
region-name RG1
active region-configuration
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 100
#
interface GigabitEthernet0/0/2
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
292
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
port hybrid tagged vlan 100
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 100
#
return
l
Configuration file of PE3
#
sysname PE3
#
vlan batch 100 200
#
stp instance 0 root primary
stp enable
#
stp region-configuration
region-name RG1
active region-configuration
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 100 200
#
interface GigabitEthernet0/0/3
port hybrid pvid vlan 200
port hybrid tagged vlan 100
port hybrid untagged vlan 200
#
return
l
Configuration file of PE4
#
sysname PE4
#
vlan batch 100 200
#
stp instance 0 root secondary
stp enable
#
stp region-configuration
region-name RG1
active region-configuration
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 100 200
#
interface GigabitEthernet0/0/3
port hybrid pvid vlan 200
port hybrid tagged vlan 100
port hybrid untagged vlan 200
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
293
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
l
3 Ethernet
Configuration file of CE
#
sysname CE
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 100
#
return
3.10.4 Example for Configuring a Hybrid SEP+RRPP Ring Network
In the networking of this example, you can configure SEP at the access layer to implement
redundancy protection switching and configure the topology change notification function on an
edge device in a SEP segment. This enables an upper-layer network to detect topology changes
in a lower-layer network in time.
Networking Requirements
Generally, redundant links are used to connect an Ethernet switching network to an upper-layer
network to provide link backup and enhance network reliability. The use of redundant links,
however, may produce loops, causing broadcast storms and rendering the MAC address table
unstable. As a result, communication quality deteriorates, and services may even be interrupted.
SEP can be deployed on the ring network to eliminate loops and restore communication if a link
fault occurs.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
294
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-45 Hybrid rings running SEP and RRPP
Network
NPE1
NPE2
GE0/0/2
Aggregation
GE0/0/3
GE0/0/3
PE4
GE0/0/1
GE0/0/2
PE3
GE0/0/1
RRPP
PE1
GE0/0/2
PE2 GE0/0/2
GE0/0/3
GE0/0/1
GE0/0/1
SEP
Segment1
LSW1
LSW2
GE0/0/2
GE0/0/2
Access
GE0/0/1
GE0/0/1
GE0/0/2
GE0/0/1
GE0/0/3LSW3
GE0/0/1
CE
VLAN100
Primary Edge Port
Secondary Edge Port
Block Port(SEP)
Block Port(RRPP)
As shown in Figure 3-45, multiple Layer 2 switching devices at the access layer and aggregation
layer form a ring network to access the core layer. RRPP has been configured at the aggregation
layer to eliminate loops. In this case, SEP needs to run at the access layer to implement the
following functions:
l
Eliminates loops when there is no faulty link on the ring network.
l
Rapidly restores communication between nodes when a link fault occurs on the ring
network.
l
Provides the topology change notification function on an edge device in a SEP segment.
This function enables an upper-layer network to detect topology changes in a lower-layer
network in time.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
295
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
After receiving a message indicating the topology change in a lower-layer network, a device
on an upper-layer network sends TC packets to instruct other devices to delete original
MAC addresses and learn new MAC addresses after the topology of the lower-layer
network changes. This ensures uninterrupted traffic forwarding.
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Configure basic SEP functions.
a.
Configure SEP segment 1 on PE1, PE2, and LSW1 to LSW3 and configure VLAN
10 as the control VLAN of SEP segment 1.
b.
Add PE1, PE2, and LSW1 to LSW3 to SEP segment 1, and configure interface roles
on edge devices (PE1 and PE2) of the SEP segment.
c.
Set an interface blocking mode on the device where a primary edge interface is located
to specify an interface to block.
d.
Configure the preemption mode to ensure that the specified interface is blocked when
a fault is rectified.
e.
Configure the topology change notification function so that the topology change in
the local SEP segment can be notified to the upper-layer network where RRPP is
enabled.
Configure basic RRPP functions.
a.
Add PE1 to PE4 to RRPP domain 1, create control VLAN 5 on PE1 to PE4, and
configure a protected VLAN.
b.
Configure PE1 as the master node and PE2 to PE4 as transit nodes on the major ring,
and configure the primary and secondary interfaces of the major ring.
c.
Create a VLAN on PE1 to PE4, and add the interfaces on the RRPP ring network to
the VLAN.
Configure the Layer 2 forwarding function on the CE, LSW1 to LSW3, and PE1 to PE4.
Procedure
Step 1 Configure basic SEP functions.
1.
Configure SEP segment 1 on PE1, PE2, and LSW1 to LSW3 and configure VLAN 10 as
the control VLAN of SEP segment 1.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] sep segment 1
[PE1-sep-segment1] control-vlan 10
[PE1-sep-segment1] protected-instance all
[PE1-sep-segment1] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] sep segment 1
[PE2-sep-segment1] control-vlan 10
[PE2-sep-segment1] protected-instance all
[PE2-sep-segment1] quit
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
296
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
# Configure LSW1.
<HUAWEI> system-view
[HUAWEI] sysname LSW1
[LSW1] sep segment 1
[LSW1-sep-segment1] control-vlan 10
[LSW1-sep-segment1] protected-instance all
[LSW1-sep-segment1] quit
# Configure LSW2.
<HUAWEI> system-view
[HUAWEI] sysname LSW2
[LSW2] sep segment 1
[LSW2-sep-segment1] control-vlan 10
[LSW2-sep-segment1] protected-instance all
[LSW2-sep-segment1] quit
# Configure LSW3.
<HUAWEI> system-view
[HUAWEI] sysname LSW3
[LSW3] sep segment 1
[LSW3-sep-segment1] control-vlan 10
[LSW3-sep-segment1] protected-instance all
[LSW3-sep-segment1] quit
2.
Add PE1, PE2, and LSW1 to LSW3 to SEP segment 1 and configure interface roles.
NOTE
By default, STP is enabled on an interface. Before adding an interface to a SEP segment, disable STP
on the interface.
# Configure PE1.
[PE1] interface gigabitethernet 0/0/1
[PE1-GigabitEthernet0/0/1] stp disable
[PE1-GigabitEthernet0/0/1] sep segment 1 edge primary
[PE1-GigabitEthernet0/0/1] quit
# Configure LSW1.
[LSW1] interface gigabitethernet 0/0/1
[LSW1-GigabitEthernet0/0/1] stp disable
[LSW1-GigabitEthernet0/0/1] sep segment 1
[LSW1-GigabitEthernet0/0/1] quit
[LSW1] interface gigabitethernet 0/0/2
[LSW1-GigabitEthernet0/0/2] stp disable
[LSW1-GigabitEthernet0/0/2] sep segment 1
[LSW1-GigabitEthernet0/0/2] quit
# Configure LSW2.
[LSW2] interface gigabitethernet 0/0/1
[LSW2-GigabitEthernet0/0/1] stp disable
[LSW2-GigabitEthernet0/0/1] sep segment 1
[LSW2-GigabitEthernet0/0/1] quit
[LSW2] interface gigabitethernet 0/0/2
[LSW2-GigabitEthernet0/0/2] stp disable
[LSW2-GigabitEthernet0/0/2] sep segment 1
[LSW2-GigabitEthernet0/0/2] quit
# Configure LSW3.
[LSW3] interface gigabitethernet 0/0/1
[LSW3-GigabitEthernet0/0/1] stp disable
[LSW3-GigabitEthernet0/0/1] sep segment 1
[LSW3-GigabitEthernet0/0/1] quit
[LSW3] interface gigabitethernet 0/0/2
[LSW3-GigabitEthernet0/0/2] stp disable
[LSW3-GigabitEthernet0/0/2] sep segment 1
[LSW3-GigabitEthernet0/0/2] quit
# Configure PE2.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
297
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] stp disable
[PE2-GigabitEthernet0/0/1] sep segment 1 edge secondary
[PE2-GigabitEthernet0/0/1] quit
After completing the preceding configurations, run the display sep topology command on
PE1 to view the topology of the SEP segment. The command output shows that the blocked
interface is one of the two interfaces that complete neighbor negotiations last.
[PE1] display sep topology
SEP segment 1
----------------------------------------------------------------System Name
Port Name
Port Role
Port Status
----------------------------------------------------------------PE1
GE0/0/1
primary
forwarding
LSW1
GE0/0/1
common
forwarding
LSW1
GE0/0/2
common
forwarding
LSW3
GE0/0/2
common
forwarding
LSW3
GE0/0/1
common
forwarding
LSW2
GE0/0/2
common
forwarding
LSW2
GE0/0/1
common
forwarding
PE2
GE0/0/1
secondary
discarding
3.
Set an interface blocking mode.
# In SEP segment 1, block the interface in the middle of the SEP segment on PE1 where
the primary edge interface resides.
[PE1] sep segment 1
[PE1-sep-segment1] block port middle
4.
Set the preemption mode.
# In SEP segment 1, set manual preemption on PE1 where the primary edge interface
resides.
[PE1-sep-segment1] preempt manual
5.
Configure the topology change notification function.
# Configure devices in SEP segment 1 to notify topology changes to the RRPP ring network.
# Configure PE1.
[PE1-sep-segment1] tc-notify rrpp
[PE1-sep-segment1] quit
# Configure PE2.
[PE2] sep segment 1
[PE2-sep-segment1] tc-notify rrpp
[PE2-sep-segment1] quit
After the preceding configurations are successful, perform the following operations to verify the
configurations. PE1 is used as an example.
l Run the display sep topology command on PE1 to view the topology of the SEP segment.
The command output shows that the status of GE 0/0/2 on LSW3 is discarding and the status
of the other interfaces is forwarding.
[PE1] display sep topology
SEP segment 1
----------------------------------------------------------------System Name
Port Name
Port Role
Port Status
----------------------------------------------------------------PE1
GE0/0/1
primary
forwarding
LSW1
GE0/0/1
common
forwarding
LSW1
GE0/0/2
common
forwarding
LSW3
GE0/0/2
common
discarding
LSW3
GE0/0/1
common
forwarding
LSW2
GE0/0/2
common
forwarding
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
298
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
LSW2
PE2
3 Ethernet
GE0/0/1
GE0/0/1
common
secondary
forwarding
forwarding
l Run the display sep interface verbose command on PE1 to view detailed information about
the interfaces added to the SEP segment.
[PE1] display sep interface verbose
SEP segment 1
Control-vlan
:10
Preempt Delay Timer
:0
TC-Notify Propagate to :rrpp
---------------------------------------------------------------Interface
:GE0/0/1
Port Role
:Config = primary / Active = primary
Port Priority
:64
Port Status
:forwarding
Neighbor Status
:up
Neighbor Port
:LSW1 - GE0/0/1 (00e0-0829-7c00.0000)
NBR TLV
rx :2124
tx :2126
LSP INFO TLV
rx :2939
tx :135
LSP ACK TLV
rx :113
tx :768
PREEMPT REQ TLV
rx :0
tx :3
PREEMPT ACK TLV
rx :3
tx :0
TC Notify
rx :5
tx :3
EPA
rx :363
tx :397
Step 2 Configure basic RRPP functions.
1.
Add PE1 to PE4 to RRPP domain 1, create control VLAN 5 on PE1 to PE4, and configure
a protected VLAN.
# Configure PE1.
[PE1] stp region-configuration
[PE1-mst-region] instance 1 vlan 5 6 100
[PE1-mst-region] active region-configuration
[PE1-mst-region] quit
[PE1] rrpp domain 1
[PE1-rrpp-domain-region1] control-vlan 5
[PE1-rrpp-domain-region1] protected-vlan reference-instance 1
# Configure PE2.
[PE2] stp region-configuration
[PE2-mst-region] instance 1 vlan 5 6 100
[PE2-mst-region] active region-configuration
[PE2-mst-region] quit
[PE2] rrpp domain 1
[PE2-rrpp-domain-region1] control-vlan 5
[PE2-rrpp-domain-region1] protected-vlan reference-instance 1
# Configure PE3.
[PE3] stp region-configuration
[PE3-mst-region] instance 1 vlan 5 6 100
[PE3-mst-region] active region-configuration
[PE3-mst-region] quit
[PE3] rrpp domain 1
[PE3-rrpp-domain-region1] control-vlan 5
[PE3-rrpp-domain-region1] protected-vlan reference-instance 1
# Configure PE4.
[PE4] stp region-configuration
[PE4-mst-region] instance 1 vlan 5 6 100
[PE4-mst-region] active region-configuration
[PE4-mst-region] quit
[PE4] rrpp domain 1
[PE4-rrpp-domain-region1] control-vlan 5
[PE4-rrpp-domain-region1] protected-vlan reference-instance 1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
299
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
2.
3 Ethernet
Create a VLAN and add interfaces on the ring network to the VLAN.
# Create VLAN 100 on PE1, and add GE 0/0/1, GE 0/0/2, and GE 0/0/3 to VLAN 100.
[PE1] vlan 100
[PE1-vlan100] quit
[PE1] interface gigabitethernet 0/0/1
[PE1-GigabitEthernet0/0/1] stp disable
[PE1-GigabitEthernet0/0/1] port link-type trunk
[PE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] stp disable
[PE1-GigabitEthernet0/0/2] port link-type trunk
[PE1-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface gigabitethernet 0/0/3
[PE1-GigabitEthernet0/0/3] stp disable
[PE1-GigabitEthernet0/0/3] port link-type trunk
[PE1-GigabitEthernet0/0/3] port trunk allow-pass vlan 100
[PE1-GigabitEthernet0/0/3] quit
# Create VLAN 100 on PE2, and add GE 0/0/1, GE 0/0/2, and GE 0/0/3 to VLAN 100.
[PE2] vlan 100
[PE2-vlan100] quit
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] stp disable
[PE2-GigabitEthernet0/0/1] port link-type trunk
[PE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[PE2-GigabitEthernet0/0/1] quit
[PE2] interface gigabitethernet 0/0/2
[PE2-GigabitEthernet0/0/2] stp disable
[PE2-GigabitEthernet0/0/2] port link-type trunk
[PE2-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[PE2-GigabitEthernet0/0/2] quit
[PE2] interface gigabitethernet 0/0/3
[PE2-GigabitEthernet0/0/3] stp disable
[PE2-GigabitEthernet0/0/3] port link-type trunk
[PE2-GigabitEthernet0/0/3] port trunk allow-pass vlan 100
[PE2-GigabitEthernet0/0/3] quit
# Create VLAN 100 on PE3, and add GE 0/0/1 and GE 0/0/2 to VLAN 100.
[PE3] vlan 100
[PE3-vlan100] quit
[PE3] interface gigabitethernet 0/0/1
[PE3-GigabitEthernet0/0/1] stp disable
[PE3-GigabitEthernet0/0/1] port link-type trunk
[PE3-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[PE3-GigabitEthernet0/0/1] quit
[PE3] interface gigabitethernet 0/0/2
[PE3-GigabitEthernet0/0/2] stp disable
[PE3-GigabitEthernet0/0/2] port link-type trunk
[PE3-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[PE3-GigabitEthernet0/0/2] quit
# Create VLAN 100 on PE4, and add GE 0/0/1 and GE 0/0/2 to VLAN 100.
[PE4] vlan 100
[PE4-vlan100] quit
[PE4] interface gigabitethernet 0/0/1
[PE4-GigabitEthernet0/0/1] stp disable
[PE4-GigabitEthernet0/0/1] port link-type trunk
[PE4-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[PE4-GigabitEthernet0/0/1] quit
[PE4] interface gigabitethernet 0/0/2
[PE4-GigabitEthernet0/0/2] stp disable
[PE4-GigabitEthernet0/0/2] port link-type trunk
[PE4-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
300
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[PE4-GigabitEthernet0/0/2] quit
3.
Configure PE1 as the master node and PE2 to PE4 as transit nodes of the major ring, and
configure the primary and secondary interfaces of the major ring.
# Configure PE1.
[PE1] rrpp domain 1
[PE1-rrpp-domain-region1] ring 1 node-mode master primary-port
gigabitethernet0/0/2 secondary-port gigabitethernet0/0/3 level 0
[PE1-rrpp-domain-region1] ring 1 enable
# Configure PE2.
[PE2] rrpp domain 1
[PE2-rrpp-domain-region1] ring 1 node-mode transit primary-port
gigabitethernet0/0/2 secondary-port gigabitethernet0/0/3 level 0
[PE2-rrpp-domain-region1] ring 1 enable
# Configure PE3.
[PE3] rrpp domain 1
[PE3-rrpp-domain-region1] ring 1 node-mode transit primary-port
gigabitethernet0/0/1 secondary-port gigabitethernet0/0/2 level 0
[PE3-rrpp-domain-region1] ring 1 enable
# Configure PE4.
[PE4] rrpp domain 1
[PE4-rrpp-domain-region1] ring 1 node-mode transit primary-port
gigabitethernet0/0/1 secondary-port gigabitethernet0/0/2 level 0
[PE4-rrpp-domain-region1] ring 1 enable
4.
Enable RRPP.
# Configure PE1.
[PE1] rrpp enable
# Configure PE2.
[PE2] rrpp enable
# Configure PE3.
[PE3] rrpp enable
# Configure PE4.
[PE4] rrpp enable
After completing the preceding configurations, run the display rrpp brief or display rrpp
verbose domain command on PE1 to check the RRPP configuration.
[PE1] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
RRPP Protocol Status: Enable
RRPP Working Mode: HW
RRPP Linkup Delay Timer: 0 sec (0 sec default)
Number of RRPP Domains: 1
Domain Index
: 1
Control VLAN
: major 5
sub 6
Protected VLAN : Reference Instance 1
Hello Timer
: 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
Ring Ring
Node Primary/Common
Secondary/Edge
Is
ID
Level Mode Port
Port
Enabled
---------------------------------------------------------------------------1
0
M
GigabitEthernet0/0/2
GigabitEthernet0/0/3
Yes
The command output shows that RRPP is enabled on PE1. In domain 1, VLAN 5 is the major
control VLAN, VLAN 6 is the sub-control VLAN, Instance 1 is the protected VLAN, and PE1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
301
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
is the master node in major ring 1 with the primary and secondary interfaces as
GigabitEthernet0/0/2 and GigabitEthernet0/0/3 respectively.
[PE1] display rrpp verbose domain 1
Domain Index
: 1
Control VLAN
: major 5
sub 6
Protected VLAN : Reference Instance 1
Hello Timer
: 1 sec(default is 1 sec)
RRPP Ring
Ring Level
Node Mode
Ring State
Is Enabled
Primary port
Secondary port
:
:
:
:
:
:
:
Fail Timer : 6 sec(default is 6 sec)
1
0
Master
Complete
Enable
GigabitEthernet0/0/2
GigabitEthernet0/0/3
Is Active: Yes
Port status: UP
Port status: BLOCKED
The command output shows that in domain 1, VLAN 5 is the major control VLAN, VLAN 6 is
the sub-control VLAN, Instance 1 is the protected VLAN, PE1 is the master node in major ring
1 with the primary and secondary interfaces as GigabitEthernet0/0/2 and GigabitEthernet0/0/3
respectively, and the node status is Complete.
Step 3 Configure the Layer 2 forwarding function on the CE, LSW1 to LSW3, and PE1 to PE4.
For the configuration details, see the configuration files.
Step 4 Verify the configuration.
After the previous configurations, run the following commands to verify the configuration when
the network is stable. LSW1 is used as an example.
l Run the shutdown command on GE0/0/1 of LSW2 to simulate an interface fault, and then
run the display sep interface command on LSW3 to check whether the status of GE0/0/2
changes from blocked to forwarding.
[LSW3] display sep interface gigabitethernet 0/0/2
SEP segment 1
---------------------------------------------------------------Interface
Port Role
Neighbor Status
Port Status
---------------------------------------------------------------GE0/0/2
common
up
forwarding
----End
Configuration Files
l
Configuration file of LSW1
#
sysname LSW1
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet0/0/2
port link-type trunk
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
302
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
#
return
l
Configuration file of LSW2
#
sysname LSW2
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
#
return
l
Configuration file of LSW3
#
sysname LSW3
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 100
#
return
l
Configuration file of PE1
#
sysname PE1
#
vlan batch 5 to 6 10 100
#
rrpp enable
#
stp region-configuration
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
303
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
instance 1 vlan 5 to 6 100
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode master primary-port GigabitEthernet 0/0/2 secondary-port
GigabitEthernet 0/0/3 level 0
ring 1 enable
#
sep segment 1
control-vlan 10
block port middle
tc-notify rrpp
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1 edge primary
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 5 to 6 100
stp disable
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 5 to 6 100
stp disable
#
return
l
Configuration file of PE2
#
sysname PE2
#
vlan batch 5 to 6 10 100
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet 0/0/2 secondary-port
GigabitEthernet 0/0/3 level 0
ring 1 enable
#
sep segment 1
control-vlan 10
tc-notify rrpp
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1 edge secondary
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 5 to 6 100
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
304
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
stp disable
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 5 to 6 100
stp disable
#
return
l
Configuration file of PE3
#
sysname PE3
#
vlan batch 5 to 6 100 200
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet 0/0/1 secondary-port
GigabitEthernet 0/0/2 level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 5 to 6 100 200
stp disable
#
interface GigabitEthernet0/0/3
port default vlan 200
port trunk allow-pass vlan 5 to 6 100
#
return
l
Configuration file of PE4
#
sysname PE4
#
vlan batch 5 to 6 100 200
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet 0/0/1 secondary-port
GigabitEthernet 0/0/2 level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
305
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 5 to 6 100 200
stp disable
#
interface GigabitEthernet0/0/3
port default vlan 200
port trunk allow-pass vlan 5 to 6 100
#
return
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
return
3.10.5 Example for Configuring SEP Multi-Instance
On a closed ring network, two SEP segments are configured to process different VLAN services,
implement load balancing, and provide link backup.
Networking Requirements
In common SEP networking, a physical ring can be configured with only one SEP segment in
which only one interface can be blocked. If an interface in a complete SEP segment is blocked,
all service data is transmitted only along the path where the primary edge interface is located.
The path where the secondary edge interface is located remains idle, wasting bandwidth.
To improve bandwidth efficiency and implement traffic load balancing, Huawei develops SEP
multi-instance.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
306
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-46 SEP multi-instance on a closed ring network
IP/MPLS Core
Core
NPE1
/
GE0
GE0/0/2
NPE2
0 /3
GE0
/0/3
GE0/0/2
Aggregation
LSW1
GE0/0/1
GE0/0/1
LSW2
GE0/0/3
LSW4
GE0/0/1
P2
P1
GE
0 /0
/2
/
GE0
0 /2
GE0/0/3
GE0/0/1
Access
GE0/0/1
LSW3
GE0/0/1
CE1
Instance1:
VLAN
100~300
CE2
Instance2:
VLAN
301~500
SEP Segment1
SEP Segment2
Primary Edge Port
Secondary Edge Port
Block Port
As shown in Figure 3-46, a ring network comprising Layer 2 switches (LSW1 to LSW5) is
connected to the network. SEP runs at the aggregation layer. SEP multi-instance is configured
on LSW1 to LSW4 to allow for two SEP segments to improve bandwidth efficiency, implement
load balancing, and provide link backup.
Configuration Roadmap
The configuration roadmap is as follows:
1.
Issue 04 (2013-11-06)
Configure basic SEP functions.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
307
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
a.
3 Ethernet
Create two SEP segments and a control VLAN on LSW1 to LSW4.
Different SEP segments can use the same control VLAN.
2.
b.
Configure SEP protected instances, and set mappings between SEP protected
instances and user VLANs to ensure that topology changes affect only corresponding
VLANs.
c.
Add all the devices on the ring network to the SEP segments, and configure
GE0/0/1 as the primary edge interface and GE0/0/3 as the secondary edge interface
on LSW1.
d.
Configure an interface blocking mode on the device where the primary edge interface
resides.
e.
Configure the preemption mode to ensure that the specified interface is blocked when
a fault is rectified.
Configure the Layer 2 forwarding function on CE1, CE2, and LSW1 to LSW4.
Procedure
Step 1 Configure basic SEP functions.
l Configure SEP segment 1 and control VLAN 10.
# Configure LSW1.
<HUAWEI> system-view
[HUAWEI] sysname LSW1
[LSW1] sep segment 1
[LSW1-sep-segment1] control-vlan 10
[LSW1-sep-segment1] quit
# Configure LSW2.
<HUAWEI> system-view
[HUAWEI] sysname LSW2
[LSW2] sep segment1
[LSW2-sep-segment1] control-vlan 10
[LSW2-sep-segment1] quit
# Configure LSW3.
<HUAWEI> system-view
[HUAWEI] sysname LSW3
[LSW3] sep segment 1
[LSW3-sep-segment1] control-vlan 10
[LSW3-sep-segment1] quit
# Configure LSW4.
<HUAWEI> system-view
[HUAWEI] sysname LSW4
[LSW4] sep segment 1
[LSW4-sep-segment1] control-vlan 10
[LSW4-sep-segment1] quit
l Configure SEP segment 2 and control VLAN 10.
# Configure LSW1.
[LSW1] sep segment 2
[LSW1-sep-segment2] control-vlan 10
[LSW1-sep-segment2] quit
# Configure LSW2.
[LSW2] sep segment2
[LSW2-sep-segment2] control-vlan 10
[LSW2-sep-segment2] quit
# Configure LSW3.
[LSW3] sep segment 2
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
308
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[LSW3-sep-segment2] control-vlan 10
[LSW3-sep-segment2] quit
# Configure LSW4.
[LSW4] sep segment 2
[LSW4-sep-segment2] control-vlan 10
[LSW4-sep-segment2] quit
NOTE
l The control VLAN must be a new one.
l The command used to create a common VLAN is automatically displayed in a configuration file.
l Each SEP segment must be configured with a control VLAN. After being added to a SEP segment
configured with a control VLAN, an interface is added to the control VLAN automatically. You do
not need to run the port trunk allow-pass vlan command. In the configuration file, the port trunk
allow-pass vlan command, however, is displayed in the view of the interface added to the SEP segment.
Step 2 Configure SEP protected instances, and configure mappings between SEP protected instances
and user VLANs.
# Configure LSW1.
[LSW1] vlan batch 100 to 500
[LSW1] sep segment 1
[LSW1-sep-segment1] protected-instance 1
[LSW1-sep-segment1] quit
[LSW1] sep segment 2
[LSW1-sep-segment2] protected-instance 2
[LSW1-sep-segment2] quit
[LSW1] stp region-configuration
[LSW1-mst-region] instance 1 vlan 100 to 300
[LSW1-mst-region] instance 2 vlan 301 to 500
[LSW1-mst-region] active region-configuration
[LSW1-mst-region] quit
The configurations of LSW2 to LSW4 are similar to that of LSW1, and are not mentioned here.
For details, see the configuration files.
Step 3 Add all the devices on the ring network to the SEP segments and configure interface roles.
NOTE
By default, STP is enabled on a Layer 2 interface. Before adding an interface to a SEP segment, disable
STP on the interface.
# On LSW1, configure GE0/0/1 as the primary edge interface and GE0/0/3 as the secondary
edge interface.
[LSW1] interface gigabitethernet 0/0/1
[LSW1-GigabitEthernet0/0/1] stp disable
[LSW1-GigabitEthernet0/0/1] sep segment
[LSW1-GigabitEthernet0/0/1] sep segment
[LSW1-GigabitEthernet0/0/1] quit
[LSW1] interface gigabitethernet 0/0/3
[LSW1-GigabitEthernet0/0/3] stp disable
[LSW1-GigabitEthernet0/0/3] sep segment
[LSW1-GigabitEthernet0/0/3] sep segment
[LSW1-GigabitEthernet0/0/3] quit
1 edge primary
2 edge primary
1 edge secondary
2 edge secondary
# Configure LSW2.
[LSW2] interface gigabitethernet 0/0/1
[LSW2-GigabitEthernet0/0/1] stp disable
[LSW2-GigabitEthernet0/0/1] sep segment 1
[LSW2-GigabitEthernet0/0/1] sep segment 2
[LSW2-GigabitEthernet0/0/1] quit
[LSW2] interface gigabitethernet 0/0/2
[LSW2-GigabitEthernet0/0/2] stp disable
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
309
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[LSW2-GigabitEthernet0/0/2] sep segment 1
[LSW2-GigabitEthernet0/0/2] sep segment 2
[LSW2-GigabitEthernet0/0/2] quit
# Configure LSW3.
[LSW3] interface gigabitethernet 0/0/1
[LSW3-GigabitEthernet0/0/1] stp disable
[LSW3-GigabitEthernet0/0/1] sep segment
[LSW3-GigabitEthernet0/0/1] sep segment
[LSW3-GigabitEthernet0/0/1] quit
[LSW3] interface gigabitethernet 0/0/2
[LSW3-GigabitEthernet0/0/2] stp disable
[LSW3-GigabitEthernet0/0/2] sep segment
[LSW3-GigabitEthernet0/0/2] sep segment
[LSW3-GigabitEthernet0/0/2] quit
1
2
1
2
# Configure LSW4.
[LSW4] interface gigabitethernet 0/0/1
[LSW4-GigabitEthernet0/0/1] stp disable
[LSW4-GigabitEthernet0/0/1] sep segment
[LSW4-GigabitEthernet0/0/1] sep segment
[LSW4-GigabitEthernet0/0/1] quit
[LSW4] interface gigabitethernet 0/0/3
[LSW4-GigabitEthernet0/0/3] stp disable
[LSW4-GigabitEthernet0/0/3] sep segment
[LSW4-GigabitEthernet0/0/3] sep segment
[LSW4-GigabitEthernet0/0/3] quit
1
2
1
2
Step 4 Specify an interface to block.
# Configure delayed preemption and block an interface based on the device and interface names
on LSW1 where the primary edge interface is located.
[LSW1] sep segment 1
[LSW1-sep-segment1] block port sysname LSW3 interface gigabitethernet 0/0/1
[LSW1-sep-segment1] preempt delay 15
[LSW1-sep-segment1] quit
[LSW1] sep segment 2
[LSW1-sep-segment2] block port sysname LSW2 interface gigabitethernet 0/0/1
[LSW1-sep-segment2] preempt delay 15
[LSW1-sep-segment2] quit
NOTE
l In this configuration example, an interface fault needs to be simulated and then rectified to implement
delayed preemption. To ensure that delayed preemption takes effect on the two SEP segments, simulate
an interface fault in the two SEP segments. For example:
l In SEP segment 1, run the shutdown command on GE 0/0/1 of LSW2 to simulate an interface
fault. Then, run the undo shutdown command on GE0/0/1 to simulate interface fault recovery.
l In SEP segment 2, run the shutdown command on GE 0/0/1 of LSW3 to simulate an interface
fault. Then, run the undo shutdown command on GE0/0/1 to simulate interface fault recovery.
Step 5 Configure the Layer 2 forwarding function on CE1, CE2, and LSW1 to LSW4.
The configuration details are not mentioned here. For details, see the configuration files.
Step 6 Verify the configuration.
Simulate a fault, and then check whether the status of the blocked interface changes from blocked
to forwarding.
Run the shutdown command on GE0/0/1 of LSW2 to simulate an interface fault.
Run the display sep interface command on LSW3 to check whether the status of GE0/0/1 in
SEP segment 1 changes from blocked to forwarding.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
310
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[LSW3] display sep interface gigabitethernet 0/0/1
SEP segment 1
---------------------------------------------------------------Interface
Port Role
Neighbor Status
Port Status
---------------------------------------------------------------GE0/0/1
common
up
forwarding
SEP segment 2
---------------------------------------------------------------Interface
Port Role
Neighbor Status
Port Status
---------------------------------------------------------------GE0/0/1
common
up
forwarding
The preceding command output shows that the status of GE0/0/1 changes from blocked to
forwarding and the forwarding path change in SEP segment 1 does not affect the forwarding
path in SEP segment 2.
----End
Configuration Files
l
Configuration file of LSW1
#
sysname LSW1
#
vlan batch 10 100 to 500
#
stp region-configuration
instance 1 vlan 100 to 300
instance 2 vlan 301 to 500
active region-configuration
#
sep segment 1
control-vlan 10
block port sysname LSW3 interface GigabitEthernet0/0/1
preempt delay 15
protected-instance 1
sep segment 2
control-vlan 10
block port sysname LSW2 interface GigabitEthernet0/0/1
preempt delay 15
protected-instance 2
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10 100 to 500
stp disable
sep segment 1 edge primary
sep segment 2 edge primary
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 10 100 to 500
stp disable
sep segment 1 edge secondary
sep segment 2 edge secondary
#
return
l
Configuration file of LSW2
#
sysname LSW2
#
vlan batch 10 100 to 500
#
stp region-configuration
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
311
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
instance 1 vlan 100 to 300
instance 2 vlan 301 to 500
active region-configuration
#
sep segment 1
control-vlan 10
protected-instance 1
sep segment 2
control-vlan 10
protected-instance 2
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10 100 to 500
stp disable
sep segment 1
sep segment 2
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 10 100 to 500
stp disable
sep segment 1
sep segment 2
#
interface GigabitEthernet0/0/3
port hybrid
#
return
l
tagged vlan 100 to 300
Configuration file of LSW3
#
sysname LSW3
#
vlan batch 10 100 to 500
#
stp region-configuration
instance 1 vlan 100 to 300
instance 2 vlan 301 to 500
active region-configuration
#
sep segment 1
control-vlan 10
protected-instance 1
sep segment 2
control-vlan 10
protected-instance 2
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10 100 to 500
stp disable
sep segment 1
sep segment 2
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 10 100 to 500
stp disable
sep segment 1
sep segment 2
#
interface GigabitEthernet0/0/3
port hybrid
Issue 04 (2013-11-06)
tagged vlan 301 to 500
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
312
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
return
l
Configuration file of LSW4
#
sysname LSW4
#
vlan batch 10 60 100 to 500
#
stp region-configuration
instance 1 vlan 100 to 300
instance 2 vlan 301 to 500
active region-configuration
#
sep segment 1
control-vlan 10
protected-instance 1
sep segment 2
control-vlan 10
protected-instance 2
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10 100 to 500
stp disable
sep segment 1
sep segment 2
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 10 100 to 500
stp disable
sep segment 1
sep segment 2
#
return
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 100 to 300
#
interface GigabitEthernet0/0/1
port hybrid
#
return
l
tagged vlan 100 to 300
Configuration file of CE2
#
sysname CE2
#
vlan batch 301 to 500
#
interface GigabitEthernet0/0/1
port hybrid
#
return
Issue 04 (2013-11-06)
tagged vlan 301 to 500
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
313
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
3.10.6 Example for Configuring Association Between SEP and VPLS
(Reporting Topology Changes of a Lower-Layer Network)
Networking Requirements
As shown in Figure 3-47, CE1 is connected to a VPLS network through an open ring. SEP is
enabled on the open ring network to eliminate redundant links. When a link on the ring network
becomes faulty, SEP can immediately restore the communication between nodes on the ring
network. The traffic between CEs, however, is still interrupted.
To solve the problem, association between SEP and VPLS must be enabled on PE1 and PE2.
With association between SEP and VPLS, PE1 and PE2 can detect topology changes of the SEP
network immediately after a fault occurs on the SEP network. This ensures reliable traffic
transmission.
NOTE
Only the S5300HI and S5310EI support this configuration.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
314
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-47 Networking diagram for configuring association between SEP and VPLS
CE2
PE3
GE0/0/3
GE0/0/1
GE0/0/2
GE0/0/3
GE0/0/2
GE0/0/1
GE0/0/3
VLAN100
GE0/0/1 GE0/0/1
PE1
GE0/0/2
GE0/0/2
LSW1
GE0/0/1
GE0/0/2
PE2
GE0/0/2
SEP
Segment1
LSW3
GE0/0/1
GE0/0/1
GE0/0/2
LSW2 GE0/0/3
GE0/0/2
CE1
GE0/0/1
Primary Edge Node
VLAN100
Secondary Edge Node
Block Port
Device
Interface
VLANIF Interface
IP Address
PE1
GE 0/0/1
VLANIF 20
10.1.1.1 30
GE 0/0/2
VLANIF 100
-
GE 0/0/3
VLANIF 30
20.1.1.1 30
Loopback1
-
1.1.1.9 32
GE 0/0/1
VLANIF 20
10.1.1.2 30
GE 0/0/2
VLANIF100
-
GE 0/0/3
VLANIF 40
30.1.1.1 30
Loopback1
-
2.2.2.9 32
GE 0/0/1
VLANIF 30
20.1.1.2 30
GE 0/0/2
VLANIF 40
30.1.1.2 30
GE 0/0/3
VLANIF 100
-
Loopback1
-
3.3.3.9 32
PE2
PE3
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
315
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure basic SEP functions.
a.
Create a SEP segment and a control VLAN.
b.
Add all the devices on the ring network to the SEP segment and configure a role for
each interface added to the SEP segment.
NOTE
When being added to multiple SEP segments, an interface must be configured with the same
role. Otherwise, SEP multi-instance fails to be configured.
c.
Enable the function of specifying an interface to block on the device where the primary
edge interface resides.
d.
Configure the SEP preemption mode to ensure that the specified blocked interface
takes effect when a fault is rectified.
2.
Configure VPLS on PE1, PE2, and PE3.
3.
Configure association between SEP and VPLS on the devices connecting the SEP network
and the VPLS network.
4.
Configure the Layer 2 forwarding function on CE1, CE2, LSW1 to LSW3, and PE1 to PE3.
Procedure
Step 1 Configure basic SEP functions.
1.
Create a SEP segment and a control VLAN.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] sep segment 1
[PE1-sep-segment1] control-vlan 10
[PE1-sep-segment1] protected-instance all
[PE1-sep-segment1] quit
# Configure LSW1.
<HUAWEI> system-view
[HUAWEI] sysname LSW1
[LSW1] sep segment 1
[LSW1-sep-segment1] control-vlan 10
[LSW1-sep-segment1] protected-instance all
[LSW1-sep-segment1] quit
# Configure LSW2.
<HUAWEI> system-view
[HUAWEI] sysname LSW2
[LSW2] sep segment1
[LSW2-sep-segment1] control-vlan 10
[LSW2-sep-segment1] protected-instance all
[LSW2-sep-segment1] quit
# Configure LSW3.
<HUAWEI> system-view
[HUAWEI] sysname LSW3
[LSW3] sep segment 1
[LSW3-sep-segment1] control-vlan 10
[LSW3-sep-segment1] protected-instance all
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
316
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[LSW3-sep-segment1] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] sep segment 1
[PE2-sep-segment1] control-vlan 10
[PE2-sep-segment1] protected-instance all
[PE2-sep-segment1] quit
NOTE
l The control VLAN must be a new one.
l After the control VLAN is created successfully, the command used to create a common VLAN
will be displayed in the configuration file.
Each SEP segment must be configured with a control VLAN. After an interface is added to a
SEP segment configured with a control VLAN, the interface will be automatically added to the
control VLAN.
l If the interface type is Trunk, in the configuration file, the port trunk allow-pass vlan
command is displayed in the view of the interface added to the SEP segment.
l If the interface type is Hybrid, in the configuration file, the port hybrid tagged vlan
command is displayed in the view of the interface added to the SEP segment.
2.
Add all the devices on the ring network to the SEP segment and configure a role for each
interface added to the SEP segment.
Configure GE 0/0/2 on PE1 as a primary edge interface, GE 0/0/2 on PE2 as a secondary
edge interface, and other interfaces as common interfaces.
# Configure PE1.
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] stp disable
[PE1-GigabitEthernet0/0/2] sep segment 1 edge primary
[PE1-GigabitEthernet0/0/2] quit
# Configure PE2.
[PE2] interface gigabitethernet 0/0/2
[PE2-GigabitEthernet0/0/2] stp disable
[PE2-GigabitEthernet0/0/2] sep segment 1 edge secondary
[PE2-GigabitEthernet0/0/2] quit
# Configure LSW1.
[LSW1] interface gigabitethernet 0/0/1
[LSW1-GigabitEthernet0/0/1] port link-type trunk
[LSW1-GigabitEthernet0/0/1] stp disable
[LSW1-GigabitEthernet0/0/1] sep segment 1
[LSW1-GigabitEthernet0/0/1] quit
[LSW1] interface gigabitethernet 0/0/2
[LSW1-GigabitEthernet0/0/2] port link-type trunk
[LSW1-GigabitEthernet0/0/2] stp disable
[LSW1-GigabitEthernet0/0/2] sep segment 1
[LSW1-GigabitEthernet0/0/2] quit
# Configure LSW2.
[LSW2] interface gigabitethernet 0/0/1
[LSW2-GigabitEthernet0/0/1] port link-type trunk
[LSW2-GigabitEthernet0/0/1] stp disable
[LSW2-GigabitEthernet0/0/1] sep segment 1
[LSW2-GigabitEthernet0/0/1] quit
[LSW2] interface gigabitethernet 0/0/2
[LSW2-GigabitEthernet0/0/2] port link-type trunk
[LSW2-GigabitEthernet0/0/2] stp disable
[LSW2-GigabitEthernet0/0/2] sep segment 1
[LSW2-GigabitEthernet0/0/2] quit
# Configure LSW3.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
317
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[LSW3] interface gigabitethernet 0/0/1
[LSW3-GigabitEthernet0/0/1] port link-type trunk
[LSW3-GigabitEthernet0/0/1] stp disable
[LSW3-GigabitEthernet0/0/1] sep segment 1
[LSW3-GigabitEthernet0/0/1] quit
[LSW3] interface gigabitethernet 0/0/2
[LSW3-GigabitEthernet0/0/2] port link-type trunk
[LSW3-GigabitEthernet0/0/2] stp disable
[LSW3-GigabitEthernet0/0/2] sep segment 1
[LSW3-GigabitEthernet0/0/2] quit
After completing the preceding configurations, run the display sep topology command on
PE1 to view the topology of the SEP segment. You can see that the blocked interface is the
one of the last two interfaces that complete neighbor negotiation.
[PE1] display sep topology
SEP segment 1
----------------------------------------------------------------System Name
Port Name
Port Role
Port Status
----------------------------------------------------------------PE1
GE0/0/2
primary
forwarding
LSW1
GE0/0/2
common
forwarding
LSW1
GE0/0/1
common
forwarding
LSW2
GE0/0/1
common
forwarding
LSW2
GE0/0/2
common
forwarding
LSW3
GE0/0/1
common
forwarding
LSW3
GE0/0/2
common
forwarding
PE2
GE0/0/2
secondary
discarding
3.
Specify an interface to block.
l Configure an interface blocking mode.
# Configure the interface priority-based interface blocking mode on PE1 where the
primary edge interface resides in SEP segment 1, and block the interface with the highest
priority.
[PE1] sep segment 1
[PE1-sep-segment1] block port optimal
# On LSW2, set the priority of GE 0/0/2 to 128 and allow the other interfaces to use the
default priority.
[LSW2] interface gigabitethernet 0/0/2
[LSW2-GigabitEthernet0/0/2] sep segment 1 priority 128
[LSW2-GigabitEthernet0/0/2] quit
l Configure the preemption mode.
# Set the preemption mode on PE1 where the primary edge interface resides as delayed
preemption.
[PE1-sep-segment1] preempt delay 600
[PE1-sep-segment1] quit
NOTE
l The preemption delay has no default value. Therefore, you must run the related command to set
the preemption delay.
l When the last faulty edge interface recovers, it does not receive any fault advertisement packet.
If the primary edge interface does not receive any fault advertisement packet within three seconds,
it immediately starts the delay timer. After the delay timer expires, the nodes on the SEP segment
block a specified interface.
Therefore, in this example, an interface fault is simulated and then rectified to implement delayed
preemption. For example:
Run the shutdown command on GE 1/0/2 of LSW2 to simulate an interface fault. Then, run the
undo shutdown command on GE 1/0/2 to rectify the fault.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
318
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
After completing the preceding operations, view the topology of the SEP segment. Use the
display on PE1 as an example.
Run the display sep topology command on PE1 to view the information about the topology
of the SEP segment.
[PE1] display sep topology
SEP segment 1
----------------------------------------------------------------System Name
Port Name
Port Role
Port Status
----------------------------------------------------------------PE1
GE0/0/2
primary
forwarding
LSW1
GE0/0/2
common
forwarding
LSW1
GE0/0/1
common
forwarding
LSW2
GE0/0/1
common
forwarding
LSW2
GE0/0/2
common
discarding
LSW3
GE0/0/1
common
forwarding
LSW3
GE0/0/2
common
forwarding
PE2
GE0/0/2
secondary
forwarding
The preceding command output shows that the status of GE 0/0/2 is discarding and the
status of the other interfaces is forwarding on LSW2 in SEP segment 1.
Step 2 Configure a VPLS network.
1.
Configure an IP address for each interface and an IGP on the VPLS backbone network. In
this example, IS-IS is used as an IGP.
Configure VPLS connections between the PEs (the VPLS connections use the LDP
signaling, and the VSI name is ldp1). The configuration details are not provided here. For
details, see the chapter "VPLS Configuration" in the S2350&S5300&S6300 Configuration
Guide - VPN or configuration files in this example.
After the preceding configurations are complete, the PEs ping each other successfully.
[PE3] ping 10.1.1.1
PING 10.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=80 ms
Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=100 ms
Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=80 ms
Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=130 ms
Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=80 ms
--- 10.1.1.1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 80/94/130 ms
[PE1] ping 2.2.2.9
PING 2.2.2.9: 56 data bytes, press CTRL_C to break
Reply from 2.2.2.9: bytes=56 Sequence=1 ttl=255 time=140 ms
Reply from 2.2.2.9: bytes=56 Sequence=2 ttl=255 time=100 ms
Reply from 2.2.2.9: bytes=56 Sequence=3 ttl=255 time=110 ms
Reply from 2.2.2.9: bytes=56 Sequence=4 ttl=255 time=90 ms
Reply from 2.2.2.9: bytes=56 Sequence=5 ttl=255 time=60 ms
--- 2.2.2.9 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 60/100/140 ms
2.
Bind the VLANIF interfaces at the user side on the PEs to the same VSI.
# Configure PE1.
[PE1] vlan 100
[PE1-vlan100] quit
[PE1] interface gigabitethernet 0/0/2
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
319
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[PE1-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface Vlanif 100
[PE1-Vlanif100] l2 binding vsi ldp1
[PE1-Vlanif100] quit
# Configure PE2.
[PE2] vlan 100
[PE2-vlan100] quit
[PE2] interface gigabitethernet 0/0/2
[PE2-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[PE2-GigabitEthernet0/0/2] quit
[PE2] interface Vlanif 100
[PE2-Vlanif100] l2 binding vsi ldp1
[PE2-Vlanif100] quit
# Configure PE3.
[PE3] vlan 100
[PE3-vlan100] quit
[PE3] interface Vlanif 100
[PE3-Vlanif100] l2 binding vsi ldp1
[PE3-Vlanif100] quit
After completing the preceding configurations, run the display vsi name ldp1 verbose
command on PE1. You can see that PE1 in a VSI named ldp1 in the Up state sets up a PW
to PE2 and another PW to PE3.
[PE1] display vsi name ldp1 verbose
Issue 04 (2013-11-06)
***VSI Name
Administrator VSI
Isolate Spoken
VSI Index
PW Signaling
Member Discovery Style
PW MAC Learn Style
Encapsulation Type
MTU
Diffserv Mode
Mpls Exp
DomainId
Domain Name
Ignore AcState
P2P VSI
Create Time
VSI State
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
ldp1
no
disable
0
ldp
static
unqualify
vlan
1500
uniform
-255
VSI ID
*Peer Router ID
primary or secondary
ignore-standby-state
VC Label
Peer Type
Session
Tunnel ID
Broadcast Tunnel ID
Broad BackupTunnel ID
CKey
NKey
StpEnable
PwIndex
*Peer Router ID
primary or secondary
ignore-standby-state
VC Label
Peer Type
Session
Tunnel ID
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
1
2.2.2.9
primary
no
1026
dynamic
up
0x5
0x5
0x0
2
1
0
0
3.3.3.9
primary
no
1027
dynamic
up
0x6
disable
disable
0 days, 0 hours, 13 minutes, 7 seconds
up
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
320
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Broadcast Tunnel ID
Broad BackupTunnel ID
CKey
NKey
StpEnable
PwIndex
:
:
:
:
:
:
0x6
0x0
4
3
0
0
Interface Name
State
Access Port
Last Up Time
Total Up Time
:
:
:
:
:
Vlanif100
up
false
2010/07/05 19:59:31
0 days, 0 hours, 10 minutes, 45 seconds
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
2.2.2.9
up
1026
1026
label
0x5
0x5
0x0
0x2
0x1
0x5
0x0
LSP
Vlanif20
**PW Information:
*Peer Ip Address
PW State
Local VC Label
Remote VC Label
PW Type
Tunnel ID
Broadcast Tunnel ID
Broad BackupTunnel ID
Ckey
Nkey
Main PW Token
Slave PW Token
Tnl Type
OutInterface
Backup OutInterface
Stp Enable
PW Last Up Time
PW Total Up Time
*Peer Ip Address
PW State
Local VC Label
Remote VC Label
PW Type
Tunnel ID
Broadcast Tunnel ID
Broad BackupTunnel ID
Ckey
Nkey
Main PW Token
Slave PW Token
Tnl Type
OutInterface
Backup OutInterface
Stp Enable
PW Last Up Time
PW Total Up Time
0
2010/07/05 20:00:21
0 days, 0 hours, 9 minutes, 55 seconds
3.3.3.9
up
1027
1026
label
0x6
0x6
0x0
0x4
0x3
0x6
0x0
LSP
Vlanif30
0
2010/07/05 20:09:01
0 days, 0 hours, 1 minutes, 15 seconds
Step 3 Configure association between SEP and VPLS.
# Configure PE1.
[PE1] sep segment 1
[PE1-sep-segment1] tc-notify vpls
[PE1-sep-segment1] quit
# Configure PE2.
[PE2] sep segment 1
[PE2-sep-segment1] tc-notify vpls
[PE2-sep-segment1] quit
Step 4 Configure the Layer 2 forwarding function on CE1, CE2, and LSW1 to LSW3.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
321
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
The configuration details are not provided here. For details, see configuration files in this
example.
Step 5 Verify the configuration.
Simulate a fault, and then check whether the status of the blocked interface changes from blocked
to forwarding.
Run the shutdown command on GE 0/0/1 of LSW2 to simulate an interface fault.
l Run the display sep interface command on LSW2 to check whether the status of GE 0/0/2
in SEP segment 1 changes from blocked to forwarding.
[LSW2] display sep interface GigabitEthernet 0/0/2
SEP segment 1
---------------------------------------------------------------Interface
Port Role
Neighbor Status
Port Status
---------------------------------------------------------------GE0/0/2
common
up
forwarding
l The CEs can ping each other successfully.
----End
Configuration Files
l
Configuration file of PE1
#
sysname PE1
#
vlan batch 10 20 30 100
#
sep segment 1
control-vlan 10
block port optimal
preempt delay 600
tc-notify vpls
protected-instance 0 to 4094
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 2.2.2.9
peer 3.3.3.9
#
mpls ldp
#
isis 1
is-level level-2
network-entity 49.0010.0100.1009.00
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface Vlanif30
ip address 20.1.1.1 255.255.255.252
isis enable 1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
322
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
mpls
mpls ldp
#
interface Vlanif100
l2 binding vsi ldp1
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 20
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 10 100
stp disable
sep segment 1 edge primary
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 30
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
isis enable 1
#
return
l
Configuration file of PE2
#
sysname PE2
#
vlan batch 10 20 40 100
#
sep segment 1
control-vlan 10
tc-notify vpls
protected-instance 0 to 4094
#
mpls lsr-id 2.2.2.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 1.1.1.9
peer 3.3.3.9
#
mpls ldp
#
isis 1
is-level level-2
network-entity 49.0020.0200.2009.00
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface Vlanif40
ip address 30.1.1.1 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface Vlanif100
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
323
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
l2 binding vsi ldp1
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 20
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 10 100
stp disable
sep segment 1 edge primary
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 40
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
isis enable 1
#
return
l
Configuration file of PE3
#
sysname PE3
#
vlan batch 30 40 100
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 1.1.1.9
peer 2.2.2.9
#
mpls ldp
#
isis 1
is-level level-2
network-entity 49.0030.0300.3009.00
#
interface Vlanif30
ip address 20.1.1.2 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface Vlanif40
ip address 30.1.1.2 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface Vlanif100
l2 binding vsi ldp1
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 40
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
324
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 100
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
isis enable 1
#
return
l
Configuration file of LSW1
#
sysname LSW1
#
vlan batch 10
#
sep segment 1
control-vlan 10
protected-instance 0 to 4094
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
#
return
l
Configuration file of LSW2
#
sysname LSW2
#
vlan batch 10
#
sep segment 1
control-vlan 10
protected-instance 0 to 4094
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
sep segment 1 priority 128
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 100
#
return
l
Configuration file of LSW3
#
sysname LSW3
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
325
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
vlan batch 10
#
sep segment 1
control-vlan 10
protected-instance 0 to 4094
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
#
return
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100
#
return
l
Configuration file of CE2
#
sysname CE2
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100
#
return
3.11 Layer 2 Protocol Transparent Transmission
Configuration
This chapter describes the concept, configuration procedure, and configuration examples of
Layer 2 protocol transparent transmission.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
326
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
3.11.1 Example for Configuring Interface-based Layer 2 Protocol
Transparent Transmission
Networking Requirements
As shown in Figure 3-48, CEs are edge devices on two private networks of an enterprise located
in different areas, and PE1 and PE2 are edge devices on the ISP network. The two private
networks of the enterprise are Layer 2 networks and they are connected through the ISP network.
STP is run on the Layer 2 networks to prevent loops. Enterprise users require that STP run only
on the private networks so that spanning trees can be generated correctly.
Figure 3-48 Networking diagram for configuring interface-based Layer 2 protocol transparent
transmission
ISP
network
PE2
GE0/0/1
CE1
GE0/0/1
GE0/0/1
PE1
GE0/0/1
CE2
User A
network2
User A
network1
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure STP on CEs to prevent loops on Layer 2 networks.
2.
Add PE interfaces connected to CEs to specified VLANs so that PEs forward packets from
the VLANs.
3.
Configure interface-based Layer 2 protocol transparent transmission on PEs so that STP
packets are not sent to the CPUs of PEs for processing.
Procedure
Step 1 Enable STP on CEs.
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan 100
[CE1-vlan100] quit
[CE1] stp enable
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
327
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[CE1-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[CE1-GigabitEthernet0/0/1] quit
# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan 100
[CE2-vlan100] quit
[CE2] stp enable
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[CE2-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[CE2-GigabitEthernet0/0/1] quit
Step 2 Add GE0/0/1 on PE1 and PE2 to VLAN 100 and enable Layer 2 protocol transparent
transmission on PEs.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan 100
[PE1-vlan100] quit
[PE1] interface gigabitethernet 0/0/1
[PE1-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[PE1-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[PE1-GigabitEthernet0/0/1] l2protocol-tunnel stp enable
[PE1-GigabitEthernet0/0/1] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] vlan 100
[PE2-vlan100] quit
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[PE2-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[PE2-GigabitEthernet0/0/1] l2protocol-tunnel stp enable
[PE2-GigabitEthernet0/0/1] quit
Step 3 Configure PEs to replace the destination MAC address of STP packets received from CEs.
# Configure PE1.
[PE1] l2protocol-tunnel stp group-mac 0100-5e00-0011
# Configure PE2.
[PE2] l2protocol-tunnel stp group-mac 0100-5e00-0011
Step 4 Verify the configuration.
After the configuration is complete, run the display l2protocol-tunnel group-mac command
on PEs. You can view the protocol type or name, multicast destination MAC address, group
MAC address, and priority of Layer 2 protocol packets to be transparently transmitted.
The display on PE1 is used as an example.
[PE1] display l2protocol-tunnel group-mac stp
Protocol
EncapeType ProtocolType Protocol-MAC
Group-MAC
Pri
----------------------------------------------------------------------------stp
llc
dsap 0x42
0180-c200-0000 0100-5e00-0011 0
ssap 0x42
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
328
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Run the display stp command on CE1 and CE2 to view the root in the MSTP region. You can
find that a spanning tree is calculated between CE1 and CE2. GE0/0/1 on CE1 is the root port
and GE0/0/1 on CE2 is the designated port.
[CE1] display stp
-------[CIST Global Info] [Mode MSTP] ------CIST Bridge
:32768.00e0-fc9f-3257
Bridge Times
:Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC
:32768.00e0-fc9a-4315 / 199999
CIST RegRoot/IRPC
:32768.00e0-fc9f-3257 / 0
CIST RootPortId
:128.82
BPDU-Protection
:Disabled
TC or TCN received :6
TC count per hello :6
STP Converge Mode
:
Time since last TC :0 days 2h:24m:36s
----[Port1(GigabitEthernet0/0/1)] [FORWARDING] ---Port Protocol
:Enabled
Port Role
:Root Port
Port Priority
:128
Port Cost(Dot1T )
:Config=auto / Active=200000000
Designated Bridge/Port
:32768.00e0-fc9a-4315 / 128.82
Port Edged
:Config=disabled / Active=disabled
Point-to-point
:Config=auto / Active=true
Transit Limit
:147 packets/hello-time
Protection Type
:None
Port STP Mode
:MSTP
Port Protocol Type
:Config=auto / Active= dot1s
PortTimes
:Hello 2s MaxAge 20s FwDly 15s RemHop 20
TC or TCN send
:0
TC or TCN received :0
BPDU Sent
:6
TCN: 0, Config: 0, RST: 0, MST: 6
BPDU Received
:4351
TCN: 0, Config: 0, RST: 0, MST: 4351
[CE2] display stp
-------[CIST Global Info] [Mode MSTP] ------CIST Bridge
:32768.00e0-fc9a-4315
Bridge Times
:Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC
:32768.00e0-fc9a-4315 / 0
CIST RegRoot/IRPC
:32768.00e0-fc9a-4315 / 0
CIST RootPortId
:0.0
BPDU-Protection
:Disabled
TC or TCN received :3
TC count per hello :3
STP Converge Mode
:
Time since last TC :0 days 2h:26m:42s
----[Port1(GigabitEthernet0/0/1)] [FORWARDING] ---Port Protocol
:Enabled
Port Role
:Designated Port
Port Priority
:128
Port Cost(Dot1T )
:Config=auto / Active=200000000
Designated Bridge/Port
:32768.00e0-fc9a-4315 / 128.82
Port Edged
:Config=disabled / Active=disabled
Point-to-point
:Config=auto / Active=true
Transit Limit
:147 packets/hello-time
Protection Type
:None
Port STP Mode
:MSTP
Port Protocol Type
:Config=auto / Active= dot1s
PortTimes
:Hello 2s MaxAge 20s FwDly 15s RemHop 20
TC or TCN send
:0
TC or TCN received :0
BPDU Sent
:4534
TCN: 0, Config: 0, RST: 0, MST: 4534
BPDU Received
:6
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
329
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
TCN: 0, Config: 0, RST: 0, MST: 6
----End
Configuration Files
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 100
#
stp enable
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
return
l
Configuration file of CE2
#
sysname CE2
#
vlan batch 100
#
stp enable
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
return
l
Configuration file of PE1
#
sysname PE1
#
vlan batch 100
#
l2protocol-tunnel stp group-mac 0100-5e00-0011
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
l2protocol-tunnel stp enable
#
return
l
Configuration file of PE2
#
sysname PE2
#
vlan batch 100
#
l2protocol-tunnel stp group-mac 0100-5e00-0011
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
l2protocol-tunnel stp enable
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
330
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
3.11.2 Example for Configuring VLAN-based Layer 2 Protocol
Transparent Transmission
Networking Requirements
As shown in Figure 3-49, CEs are edge devices on two private networks of an enterprise located
in different areas, and PE1 and PE2 are edge devices on the ISP network. VLAN 100 and VLAN
200 are Layer 2 networks for different users and are connected through the ISP network. STP
is run on the Layer 2 networks to prevent loops. Enterprise users require that STP run only on
the private networks so that spanning trees can be generated correctly.
l
All the devices in VLAN 100 participate in calculation of a spanning tree.
l
All the devices in VLAN 200 participate in calculation of a spanning tree.
Figure 3-49 Networking diagram for configuring VLAN-based Layer 2 protocol transparent
transmission
PE1
PE2
ISP
network
GE0/0/3
GE0/0/2
GE0/0/1
GE0/0/2
GE0/0/1
CE1
CE3
VLAN 200
User B
VLAN 100
User A
GE0/0/3
GE0/0/1
GE0/0/1
CE2
VLAN 100
User A
CE4
VLAN 200
User B
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure STP on CEs to prevent loops on Layer 2 networks.
2.
Configure CEs to send STP packets with specified VLAN tags to PEs so that calculation
of a spanning tree is complete independently in VLAN 100 and VLAN 200.
3.
Configure VLAN-based Layer 2 protocol transparent transmission on PEs so that STP
packets are not sent to the CPUs of PEs for processing.
Procedure
Step 1 Enable STP on CEs.
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] stp enable
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
331
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] stp enable
# Configure CE3.
<HUAWEI> system-view
[HUAWEI] sysname CE3
[CE3] stp enable
# Configure CE4.
<HUAWEI> system-view
[HUAWEI] sysname CE4
[CE4] stp enable
Step 2 Configure CE1 and CE2 to send STP packets with VLAN tag 100 to PEs, and configure CE3
and CE4 to send STP packets with VLAN tag 200 to PEs.
# Configure CE1.
[CE1] vlan 100
[CE1-vlan100] quit
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port hybrid tagged vlan 100
[CE1-GigabitEthernet0/0/1] stp bpdu vlan 100
[CE1-GigabitEthernet0/0/1] quit
# Configure CE2.
[CE2] vlan 100
[CE2-vlan100] quit
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port hybrid tagged vlan 100
[CE2-GigabitEthernet0/0/1] stp bpdu vlan 100
[CE2-GigabitEthernet0/0/1] quit
# Configure CE3.
[CE3] vlan 200
[CE3-vlan200] quit
[CE3] interface gigabitethernet 0/0/1
[CE3-GigabitEthernet0/0/1] port hybrid tagged vlan 200
[CE3-GigabitEthernet0/0/1] stp bpdu vlan 200
[CE3-GigabitEthernet0/0/1] quit
# Configure CE4.
[CE4] vlan 200
[CE4-vlan200] quit
[CE4] interface gigabitethernet 0/0/1
[CE4-GigabitEthernet0/0/1] port hybrid tagged vlan 200
[CE4-GigabitEthernet0/0/1] stp bpdu vlan 200
[CE4-GigabitEthernet0/0/1] quit
Step 3 Configure PE interfaces to transparently transmit STP packets of CEs to the peer ends.
# Configure PE1.
[PE1] vlan 100
[PE1-vlan100] quit
[PE1] vlan 200
[PE1-vlan200] quit
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] port hybrid tagged vlan 100
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
332
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[PE1-GigabitEthernet0/0/2] l2protocol-tunnel stp vlan 100
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface gigabitethernet 0/0/3
[PE1-GigabitEthernet0/0/3] port hybrid tagged vlan 200
[PE1-GigabitEthernet0/0/3] l2protocol-tunnel stp vlan 200
[PE1-GigabitEthernet0/0/3] quit
# Configure PE2.
[PE2] vlan 100
[PE2-vlan100] quit
[PE2] vlan 200
[PE2-vlan200] quit
[PE2] interface gigabitethernet 0/0/2
[PE2-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[PE2-GigabitEthernet0/0/2] l2protocol-tunnel stp vlan 100
[PE2-GigabitEthernet0/0/2] quit
[PE2] interface gigabitethernet 0/0/3
[PE2-GigabitEthernet0/0/3] port hybrid tagged vlan 200
[PE2-GigabitEthernet0/0/3] l2protocol-tunnel stp vlan 200
[PE2-GigabitEthernet0/0/3] quit
Step 4 Configure PEs to replace the destination MAC address of STP packets received from CEs.
# Configure PE1.
[PE1] l2protocol-tunnel stp group-mac 0100-5e00-0011
# Configure PE2.
[PE2] l2protocol-tunnel stp group-mac 0100-5e00-0011
Step 5 Verify the configuration.
After the configuration is complete, run the display l2protocol-tunnel group-mac command
on PEs. You can view the protocol type or name, multicast destination MAC address, group
MAC address, and priority of Layer 2 protocol packets to be transparently transmitted.
The display on PE1 is used as an example.
[PE1] display l2protocol-tunnel group-mac stp
Protocol
EncapeType ProtocolType Protocol-MAC
Group-MAC
Pri
----------------------------------------------------------------------------stp
llc
dsap 0x42
0180-c200-0000 0100-5e00-0011 0
ssap 0x42
Run the display stp command on CE1 and CE2 to view the root in the MSTP region. You can
find that a spanning tree is calculated between CE1 and CE2. GE0/0/1 on CE1 is the root port
and GE0/0/1 on CE2 is the designated port.
[CE1] display stp
-------[CIST Global Info][Mode MSTP]------CIST Bridge
:32768.000b-09f0-1b91
Bridge Times
:Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC
:32768.000b-09d4-b66c / 199999
CIST RegRoot/IRPC
:32768.000b-09f0-1b91 / 0
CIST RootPortId
:128.82
BPDU-Protection
:disabled
TC or TCN received :2
TC count per hello :2
STP Converge Mode
:
Share region-configuration :enabled
Time since last TC :0 days 3h:53m:43s
Port Protocol
:Enabled
Port Role
:Root Port
Port Priority
:128
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
333
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Port Cost(Dot1T )
:Config=auto / Active=200000000
Designated Bridge/Port
:32768.000b-09d4-b66c / 128.82
Port Edged
:Config=disabled / Active=disabled
Point-to-point
:Config=auto / Active=true
Transit Limit
:147 packets/hello-time
Protection Type
:None
Port STP Mode
:MSTP
Port Protocol Type
:Config=auto / Active= dot1s
PortTimes
:Hello 2s MaxAge 20s FwDly 15s RemHop 20
TC or TCN send
:0
TC or TCN received :0
BPDU Sent
:237
TCN: 0, Config: 0, RST: 0, MST: 237
BPDU Received
:9607
TCN: 0, Config: 0, RST: 0, MST: 9607
<CE2> display stp
-------[CIST Global Info][Mode MSTP]------CIST Bridge
:32768.000b-09d4-b66c
Bridge Times
:Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC
:32768.000b-09d4-b66c / 0
CIST RegRoot/IRPC
:32768.000b-09d4-b66c / 0
CIST RootPortId
:0.0
BPDU-Protection
:disabled
TC or TCN received :1
TC count per hello :1
STP Converge Mode
:
Time since last TC :0 days 5h:29m:6s
Port Protocol
:Enabled
Port Role
:Designated Port
Port Priority
:128
Port Cost(Dot1T )
:Config=auto / Active=200000000
Designated Bridge/Port
:32768.000b-09d4-b66c / 128.82
Port Edged
:Config=disabled / Active=disabled
Point-to-point
:Config=auto / Active=true
Transit Limit
:147 packets/hello-time
Protection Type
:None
Port STP Mode
:MSTP
Port Protocol Type
:Config=auto / Active= dot1s
PortTimes
:Hello 2s MaxAge 20s FwDly 15s RemHop 20
TC or TCN send
:0
TC or TCN received :0
BPDU Sent
:7095
TCN: 0, Config: 0, RST: 0, MST: 7095
BPDU Received
:2
TCN: 0, Config: 0, RST: 0, MST: 2
Run the display stp command on CE3 and CE4 to view the root in the MSTP region. You can
find that a spanning tree is calculated between CE3 and CE4. GE0/0/1 on CE3 is the root port
and GE0/0/1 on CE4 is the designated port.
<CE3> display stp
-------[CIST Global Info][Mode MSTP]------CIST Bridge
:32768.00e0-fc9f-3257
Bridge Times
:Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC
:32768.00e0-fc9a-4315 / 199999
CIST RegRoot/IRPC
:32768.00e0-fc9f-3257 / 0
CIST RootPortId
:128.82
BPDU-Protection
:disabled
TC or TCN received :4
TC count per hello :4
STP Converge Mode
:
Time since last TC :0 days 3h:57m:0s
Port Protocol
:Enabled
Port Role
:Root Port
Port Priority
:128
Port Cost(Dot1T )
:Config=auto / Active=200000000
Designated Bridge/Port
:32768.00e0-fc9a-4315 / 128.82
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
334
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Port Edged
:Config=disabled / Active=disabled
Point-to-point
:Config=auto / Active=true
Transit Limit
:147 packets/hello-time
Protection Type
:None
Port STP Mode
:MSTP
Port Protocol Type
:Config=auto / Active= dot1s
PortTimes
:Hello 2s MaxAge 20s FwDly 15s RemHop 20
TC or TCN send
:0
TC or TCN received :0
BPDU Sent
:238
TCN: 0, Config: 0, RST: 0, MST: 238
BPDU Received
:9745
TCN: 0, Config: 0, RST: 0, MST: 9745
<CE4> display stp
-------[CIST Global Info][Mode MSTP]------CIST Bridge
:32768.00e0-fc9a-4315
Bridge Times
:Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC
:32768.00e0-fc9a-4315 / 0
CIST RegRoot/IRPC
:32768.00e0-fc9a-4315 / 0
CIST RootPortId
:0.0
BPDU-Protection
:disabled
TC or TCN received :2
TC count per hello :2
STP Converge Mode
:
Time since last TC :0 days 5h:33m:17s
Port Protocol
:enabled
Port Role
:Designated Port
Port Priority
:128
Port Cost(Dot1T )
:Config=auto / Active=200000000
Designated Bridge/Port
:32768.00e0-fc9a-4315 / 128.82
Port Edged
:Config=disabled / Active=disabled
Point-to-point
:Config=auto / Active=true
Transit Limit
:147 packets/hello-time
Protection Type
:None
Port STP Mode
:MSTP
Port Protocol Type
:Config=auto / Active= dot1s
PortTimes
:Hello 2s MaxAge 20s FwDly 15s RemHop 20
TC or TCN send
:0
TC or TCN received :0
BPDU Sent
:7171
TCN: 0, Config: 0, RST: 0, MST: 7171
BPDU Received
:2
TCN: 0, Config: 0, RST: 0, MST: 2
----End
Configuration Files
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 100
#
stp enable
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 100
stp bpdu vlan 100
#
return
l
Configuration file of CE2
#
sysname CE2
#
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
335
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
vlan batch 100
#
stp enable
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 100
stp bpdu vlan 100
#
return
l
Configuration file of CE3
#
sysname CE3
#
vlan batch 200
#
stp enable
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 200
stp bpdu vlan 200
#
return
l
Configuration file of CE4
#
sysname CE4
#
vlan batch 200
#
stp enable
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 200
stp bpdu vlan 200
#
Return
l
Configuration file of PE1
#
sysname PE1
#
vlan batch 100 200
#
l2protocol-tunnel stp group-mac 0100-5e00-0011
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 100
l2protocol-tunnel stp vlan 100
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 200
l2protocol-tunnel stp vlan 200
#
return
l
Configuration file of PE2
#
sysname PE2
#
vlan batch 100 200
#
l2protocol-tunnel stp group-mac 0100-5e00-0011
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 100
l2protocol-tunnel stp vlan 100
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
336
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 200
l2protocol-tunnel stp vlan 200
#
return
3.11.3 Example for Configuring QinQ-based Layer 2 Protocol
Transparent Transmission
Networking Requirements
As shown in Figure 3-50, CEs are edge devices on two private networks of an enterprise located
in different areas, and PE1 and PE2 are edge devices on the ISP network. VLAN 100 and VLAN
200 are Layer 2 networks for different users and are connected through the ISP network. STP
is run on the Layer 2 networks to prevent loops. Enterprise users require that STP run only on
the private networks so that spanning trees can be generated correctly.
l
All the devices in VLAN 100 participate in calculation of a spanning tree.
l
All the devices in VLAN 200 participate in calculation of a spanning tree.
Because of shortage of public VLAN resources, VLAN IDs on carrier networks must be saved.
Figure 3-50 Networking diagram for configuring QinQ-based Layer 2 protocol transparent
transmission
User A
VLAN100
User A
VLAN100
GE0/0/1
GE0/0/1
GE0/0/2
CE1
ISP
Network
PE1
CE3
GE0/0/2
GE0/0/3
CE2
PE2
CE4
GE0/0/3
GE0/0/1
GE0/0/1
User B
VLAN200
User B
VLAN200
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure STP on CEs to prevent loops on Layer 2 networks.
2.
Configure CEs to send STP packets with specified VLAN tags to PEs so that calculation
of a spanning tree is complete independently in VLAN 100 and VLAN 200.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
337
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
3.
Configure VLAN-based Layer 2 protocol transparent transmission on PEs so that STP
packets are not sent to the CPUs of PEs for processing.
4.
Configure QinQ (VLAN stacking) on PEs so that PEs add outer VLAN tag 10 to STP
packets sent from CEs, saving public network VLAN IDs.
Procedure
Step 1 Enable STP on CEs.
# Configure CE1.
[CE1] stp enable
# Configure CE2.
[CE2] stp enable
# Configure CE3.
[CE3] stp enable
# Configure CE4.
[CE4] stp enable
Step 2 Configure CE1 and CE2 to send STP packets with VLAN tag 100 to PEs, and configure CE3
and CE4 to send STP packets with VLAN tag 200 to PEs.
# Configure CE1.
[CE1] vlan 100
[CE1-vlan100] quit
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port hybrid tagged vlan 100
[CE1-GigabitEthernet0/0/1] stp bpdu vlan 100
[CE1-GigabitEthernet0/0/1] quit
# Configure CE2.
[CE2] vlan 100
[CE2-vlan100] quit
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port hybrid tagged vlan 100
[CE2-GigabitEthernet0/0/1] stp bpdu vlan 100
[CE2-GigabitEthernet0/0/1] quit
# Configure CE3.
[CE3] vlan 200
[CE3-vlan200] quit
[CE3] interface gigabitethernet 0/0/1
[CE3-GigabitEthernet0/0/1] port hybrid tagged vlan 200
[CE3-GigabitEthernet0/0/1] stp bpdu vlan 200
[CE3-GigabitEthernet0/0/1] quit
# Configure CE4.
[CE4] vlan 200
[CE4-vlan200] quit
[CE4] interface gigabitethernet 0/0/1
[CE4-GigabitEthernet0/0/1] port hybrid tagged vlan 200
[CE4-GigabitEthernet0/0/1] stp bpdu vlan 200
[CE4-GigabitEthernet0/0/1] quit
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
338
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Step 3 Configure QinQ-based Layer 2 protocol transparent transmission on PEs so that STP packets
with VLAN tags 100 and 200 are tagged with outer VLAN 10 by PEs and can be transmitted
on the ISP network.
# Configure PE1.
[PE1] vlan 10
[PE1-Vlan10] quit
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] qinq vlan-translation enable
[PE1-GigabitEthernet0/0/2] port hybrid untagged vlan 10
[PE1-GigabitEthernet0/0/2] port vlan-stacking vlan 100 stack-vlan 10
[PE1-GigabitEthernet0/0/2] l2protocol-tunnel stp vlan 10
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface gigabitethernet 0/0/3
[PE1-GigabitEthernet0/0/3] qinq vlan-translation enable
[PE1-GigabitEthernet0/0/3] port hybrid untagged vlan 10
[PE1-GigabitEthernet0/0/3] port vlan-stacking vlan 200 stack-vlan 10
[PE1-GigabitEthernet0/0/3] l2protocol-tunnel stp vlan 10
[PE1-GigabitEthernet0/0/3] quit
# Configure PE2.
[PE2] vlan 10
[PE2-Vlan10] quit
[PE2] interface gigabitethernet 0/0/2
[PE2-GigabitEthernet0/0/2] qinq vlan-translation enable
[PE2-GigabitEthernet0/0/2] port hybrid untagged vlan 10
[PE2-GigabitEthernet0/0/2] port vlan-stacking vlan 100 stack-vlan 10
[PE2-GigabitEthernet0/0/2] l2protocol-tunnel stp vlan 10
[PE2-GigabitEthernet0/0/2] quit
[PE2] interface gigabitethernet 0/0/3
[PE2-GigabitEthernet0/0/3] qinq vlan-translation enable
[PE2-GigabitEthernet0/0/3] port hybrid untagged vlan 10
[PE2-GigabitEthernet0/0/3] port vlan-stacking vlan 200 stack-vlan 10
[PE2-GigabitEthernet0/0/3] l2protocol-tunnel stp vlan 10
[PE2-GigabitEthernet0/0/3] quit
Step 4 Configure PEs to replace the destination MAC address of STP packets received from CEs.
# Configure PE1.
[PE1] l2protocol-tunnel stp group-mac 0100-5e00-0011
# Configure PE2.
[PE2] l2protocol-tunnel stp group-mac 0100-5e00-0011
Step 5 Verify the configuration.
After the configuration is complete, run the display l2protocol-tunnel group-mac command
on PEs. You can view the protocol type or name, multicast destination MAC address, group
MAC address, and priority of Layer 2 protocol packets to be transparently transmitted.
The display on PE1 is used as an example.
<PE1> display l2protocol-tunnel group-mac stp
Protocol
EncapeType ProtocolType Protocol-MAC
Group-MAC
Pri
----------------------------------------------------------------------------stp
llc
dsap 0x42
0180-c200-0000 0100-5e00-0011 0
ssap 0x42
Run the display stp command on CE1 and CE2 to view the root in the MSTP region. You can
find that a spanning tree is calculated between CE1 and CE2. GE0/0/1 on CE1 is the root port
and GE0/0/1 on CE2 is the designated port.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
339
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
<CE1> display stp
-------[CIST Global Info][Mode MSTP]------CIST Bridge
:32768.000b-09f0-1b91
Bridge Times
:Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC
:32768.000b-09d4-b66c / 199999
CIST RegRoot/IRPC
:32768.000b-09f0-1b91 / 0
CIST RootPortId
:128.82
BPDU-Protection
:disabled
TC or TCN received :2
TC count per hello :2
STP Converge Mode
:
Time since last TC :0 days 2h:24m:36s
----[Port17(GigabitEthernet0/0/1)][FORWARDING]---Port Protocol
:Enabled
Port Role
:Root Port
Port Priority
:128
Port Cost(Dot1T )
:Config=auto / Active=200000000
Designated Bridge/Port
:32768.000b-09d4-b66c / 128.82
Port Edged
:Config=disabled / Active=disabled
Point-to-point
:Config=auto / Active=true
Transit Limit
:147 packets/hello-time
Protection Type
:None
Port STP Mode
:MSTP
Port Protocol Type
:Config=auto / Active= dot1s
PortTimes
:Hello 2s MaxAge 20s FwDly 15s RemHop 20
TC or TCN send
:0
TC or TCN received :0
BPDU Sent
:237
TCN: 0, Config: 0, RST: 0, MST: 237
BPDU Received
:9607
TCN: 0, Config: 0, RST: 0, MST: 9607
<CE2> display stp
-------[CIST Global Info][Mode MSTP]------CIST Bridge
:32768.000b-09d4-b66c
Bridge Times
:Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC
:32768.000b-09d4-b66c / 0
CIST RegRoot/IRPC
:32768.000b-09d4-b66c / 0
CIST RootPortId
:0.0
BPDU-Protection
:disabled
TC or TCN received :1
TC count per hello :1
STP Converge Mode
:
Time since last TC :0 days 2h:24m:36s
----[Port17(GigabitEthernet0/0/1)][FORWARDING]---Port Protocol
:Enabled
Port Role
:Designated Port
Port Priority
:128
Port Cost(Dot1T )
:Config=auto / Active=200000000
Designated Bridge/Port
:32768.000b-09d4-b66c / 128.82
Port Edged
:Config=disabled / Active=disabled
Point-to-point
:Config=auto / Active=true
Transit Limit
:147 packets/hello-time
Protection Type
:None
Port STP Mode
:MSTP
Port Protocol Type
:Config=auto / Active= dot1s
PortTimes
:Hello 2s MaxAge 20s FwDly 15s RemHop 20
TC or TCN send
:0
TC or TCN received :0
BPDU Sent
:7095
TCN: 0, Config: 0, RST: 0, MST: 7095
BPDU Received
:2
TCN: 0, Config: 0, RST: 0, MST: 2
Run the display stp command on CE3 and CE4 to view the root in the MSTP region. You can
find that a spanning tree is calculated between CE3 and CE4. GE0/0/1 on CE3 is the root port
and GE0/0/1 on CE4 is the designated port.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
340
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
<CE3> display stp
-------[CIST Global Info][Mode MSTP]------CIST Bridge
:32768.00e0-fc9f-3257
Bridge Times
:Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC
:32768.00e0-fc9a-4315 / 199999
CIST RegRoot/IRPC
:32768.00e0-fc9f-3257 / 0
CIST RootPortId
:128.82
BPDU-Protection
:disabled
TC or TCN received :4
TC count per hello :4
STP Converge Mode
:
Time since last TC :0 days 2h:24m:36s
----[Port17(GigabitEthernet0/0/1)][FORWARDING]---Port Protocol
:Enabled
Port Role
:Root Port
Port Priority
:128
Port Cost(Dot1T )
:Config=auto / Active=200000000
Designated Bridge/Port
:32768.00e0-fc9a-4315 / 128.82
Port Edged
:Config=disabled / Active=disabled
Point-to-point
:Config=auto / Active=true
Transit Limit
:147 packets/hello-time
Protection Type
:None
Port STP Mode
:MSTP
Port Protocol Type
:Config=auto / Active= dot1s
PortTimes
:Hello 2s MaxAge 20s FwDly 15s RemHop 20
TC or TCN send
:0
TC or TCN received :0
BPDU Sent
:238
TCN: 0, Config: 0, RST: 0, MST: 238
BPDU Received
:9745
TCN: 0, Config: 0, RST: 0, MST: 9745
<CE4> display stp
-------[CIST Global Info][Mode MSTP]------CIST Bridge
:32768.00e0-fc9a-4315
Bridge Times
:Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC
:32768.00e0-fc9a-4315 / 0
CIST RegRoot/IRPC
:32768.00e0-fc9a-4315 / 0
CIST RootPortId
:0.0
BPDU-Protection
:disabled
TC or TCN received :2
TC count per hello :2
STP Converge Mode
:
Time since last TC :0 days 2h:24m:36s
----[Port17(GigabitEthernet0/0/1)][FORWARDING]---Port Protocol
:Enabled
Port Role
:Designated Port
Port Priority
:128
Port Cost(Dot1T )
:Config=auto / Active=200000000
Designated Bridge/Port
:32768.00e0-fc9a-4315 / 128.82
Port Edged
:Config=disabled / Active=disabled
Point-to-point
:Config=auto / Active=true
Transit Limit
:147 packets/hello-time
Protection Type
:None
Port STP Mode
:MSTP
Port Protocol Type
:Config=auto / Active= dot1s
PortTimes
:Hello 2s MaxAge 20s FwDly 15s RemHop 20
TC or TCN send
:0
TC or TCN received :0
BPDU Sent
:7171
TCN: 0, Config: 0, RST: 0, MST: 7171
BPDU Received
:2
TCN: 0, Config: 0, RST: 0, MST: 2
Run the display vlan command on PEs to view the QinQ configuration.
The display on PE1 is used as an example.
<PE1> display vlan 10 verbose
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
341
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
* : Management-VLAN
--------------------VLAN ID
VLAN Type
Description
Status
Broadcast
MAC learning
Statistics
Property
VLAN State
---------------Untagged
Port:
---------------Active Untag
Port:
---------------QinQ-stack
Port:
---------------Interface
GigabitEthernet0/0/2
GigabitEthernet0/0/3
3 Ethernet
: 10
:
:
:
:
:
:
:
:
Common
VLAN 0010
Enable
Enable
Enable
Disable
Default
Up
GigabitEthernet0/0/2
GigabitEthernet0/0/3
GigabitEthernet0/0/2
GigabitEthernet0/0/3
GigabitEthernet0/0/2
GigabitEthernet0/0/3
Physical
UP
UP
----End
Configuration Files
l
Configuration file of CE1
#
sysname CE1
#
vlan batch 100
#
stp enable
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 100
stp bpdu vlan 100
#
return
l
Configuration file of CE2
#
sysname CE2
#
vlan batch 100
#
stp enable
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 100
stp bpdu vlan 100
#
return
l
Configuration file of CE3
#
sysname CE3
#
vlan batch 200
#
stp enable
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 200
stp bpdu vlan 200
#
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
342
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
return
l
Configuration file of CE4
#
sysname CE4
#
vlan batch 200
#
stp enable
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 200
stp bpdu vlan 200
#
return
l
Configuration file of PE1
#
sysname PE1
#
vlan batch 10
#
l2protocol-tunnel stp group-mac 0100-5e00-0011
#
interface GigabitEthernet0/0/2
qinq vlan-translation enable
port hybrid untagged vlan 10
port vlan-stacking vlan 100 stack-vlan 10
l2protocol-tunnel stp vlan 10
#
interface GigabitEthernet0/0/3
qinq vlan-translation enable
port hybrid untagged vlan 10
port vlan-stacking vlan 200 stack-vlan 10
l2protocol-tunnel stp vlan 10
#
return
l
Configuration file of PE2
#
sysname PE2
#
vlan batch 10
#
l2protocol-tunnel stp group-mac 0100-5e00-0011
#
interface GigabitEthernet0/0/2
qinq vlan-translation enable
port hybrid untagged vlan 10
port vlan-stacking vlan 100 stack-vlan 10
l2protocol-tunnel stp vlan 10
#
interface GigabitEthernet0/0/3
qinq vlan-translation enable
port hybrid untagged vlan 10
port vlan-stacking vlan 200 stack-vlan 10
l2protocol-tunnel stp vlan 10
#
return
3.12 Loopback Detection Configuration
Loopback detection can detect loops on the network connected to the device and reduce impacts
on the network.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
343
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
3.12.1 Example for Configuring Loopback Detection to Detect
Loops on the Downstream Network
Networking Requirements
As shown in Figure 3-51, if there is a loop on the network connected to the GE0/0/1 interface,
broadcast storms will occur on the Switch or even the entire network.
To detect loops on the network connected to the switch and disabled downlink interfaces to
reduce impacts on the switch and other networks, enable loopback detection on the Switch.
Figure 3-51 Loopback detection network diagram
Switch
GE0/0/1
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable loopback detection on the interface to detect loops on downlink networks.
2.
Specify the VLAN ID for loopback detection packets.
3.
Set loopback detection parameters to enable the interface automatic recovery.
Procedure
Step 1 Enable loopback detection on the interface.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] loopback-detect enable
[Switch-GigabitEthernet0/0/1] quit
Step 2 Specify the VLAN ID for loopback detection packets.
[Switch] vlan 100
[Switch-vlan100] quit
[Switch] interface gigabitethernet 0/0/1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
344
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[Switch-GigabitEthernet0/0/1] port hybrid tagged vlan 100
[Switch-GigabitEthernet0/0/1] loopback-detect packet vlan 100
Step 3 Set loopback detection parameters.
# Configure the action the interface when a loopback is detected.
[Switch-GigabitEthernet0/0/1] loopback-detect action block
# Set the interface recovery time after a loop is removed.
[Switch-GigabitEthernet0/0/1] loopback-detect recovery-time 30
[Switch-GigabitEthernet0/0/1] quit
# Set the interval between sending loopback detection packets.
[Switch] loopback-detect packet-interval 10
Step 4 Check the configuration.
Run the display loopback-detect command to check the configuration.
<Switch> display loopback-detect
Loopback-detect sending-packet interval:10
Interface
RecoverTime
Action
Status
-------------------------------------------------------------------------------GigabitEthernet0/0/1
30
block
NORMAL
When loops occur on the GigabitEthernet0/0/1 interface, the interface is blocked. The interface
will recover 30s after no loopback packets are detected.
----End
Configuration Files
Configuration file of the Switch
#
sysname Switch
#
vlan batch 100
#
loopback-detect packet-interval 10
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 100
loopback-detect recovery-time 30
loopback-detect packet vlan 100
loopback-detect enable
loopback-detect action block
#
return
3.13 VoIP Access Configuration
3.13.1 Example for Configuring LLDP on a Switch to Provide VoIP
Access
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
345
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Networking Requirements
Flows of the HSI, VoIP, and IPTV services are transmitted on the network. Users require high
quality of the VoIP service. Therefore, voice data flows must be transmitted with a high priority.
If a voice device supports LLDP and has a high 802.1p priority (for example, 5), you can
configure LLDP and Voice VLAN on the switch. Then the switch uses the LLDP protocol to
deliver the Voice VLAN ID to the voice device and does not change the packet priority.
As shown in Figure 3-52, after a Voice VLAN is configured on the Switch, the voice device
learns the Voice VLAN ID using LLDP.
Figure 3-52 Configuring LLDP to provide VoIP access
DHCP Server
Internet
Switch
GE0/0/1
HG
HSI
VoIP
IPTV
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create VLANs.
2.
Configure the link type and default VLAN of the interface connected to the IP phone.
3.
Enable the Voice VLAN function on the interface.
4.
Configure the interface to join the Voice VLAN in manual mode.
5.
Set the working mode of the Voice VLAN.
6.
Configure the interface to trust the 802.1p priority of packets.
7.
Enable LLDP globally and on the interface.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
346
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Procedure
Step 1 Configure VLANs and interface on the Switch.
# Create VLAN 2 and VLAN 6.
<HUAWEI> system-view
[HUAWEI] vlan batch 2 6
# Configure the link type and default VLAN of GigabitEthernet0/0/1.
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port hybrid pvid vlan 6
[HUAWEI-GigabitEthernet0/0/1] port hybrid untagged vlan 6
Step 2 Configure the Voice VLAN on the Switch.
# Enable the Voice VLAN on GigabitEthernet0/0/1.
[HUAWEI-GigabitEthernet0/0/1] voice-vlan 2 enable
# Configure the mode in which GigabitEthernet0/0/1 is added to the Voice VLAN.
[HUAWEI-GigabitEthernet0/0/1] voice-vlan mode manual
[HUAWEI-GigabitEthernet0/0/1] port hybrid tagged vlan 2
# Configure the working mode of the Voice VLAN.
[HUAWEI-GigabitEthernet0/0/1] undo voice-vlan security enable
Step 3 Configure the interface to trust the 802.1p priority of packets.
[HUAWEI-GigabitEthernet0/0/1] trust 8021p (inner)
[HUAWEI-GigabitEthernet0/0/1] quit
NOTE
The format of the trust 8021p (inner) command varies depending on the device model.
Step 4 Enable LLDP.
[HUAWEI] lldp enable
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] lldp enable
[HUAWEI-GigabitEthernet0/0/1] return
Step 5 Verify the configuration.
Run the display voice-vlan 2 status command to check the Voice VLAN configuration,
including the mode in which the interface is added to the Voice VLAN, working mode, and
aging time of the Voice VLAN.
<HUAWEI> display voice-vlan 2 status
Voice VLAN Configurations:
--------------------------------------------------Voice VLAN ID
: 2
Voice VLAN status
: Enable
Voice VLAN aging time
: Voice VLAN 8021p remark : 6
Voice VLAN dscp remark
: 46
---------------------------------------------------------Port Information:
----------------------------------------------------------Port
Add-Mode Security-Mode Legacy
PribyVLAN Untag
------------------------------------------------------------------------------GigabitEthernet0/0/1
Auto
Normal
Disable Disable
Disable
----End
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
347
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Configuration Files
Configuration file of the Switch
#
sysname HUAWEI
#
vlan batch 2 6
#
lldp enable
#
interface GigabitEthernet0/0/1
voice-vlan 2 enable
port hybrid pvid vlan 6
port hybrid tagged vlan 2
port hybrid untagged vlan 6
trust 8021p (inner)
#
return
3.13.2 Example for Configuring a DHCP Server on a Switch to
Provide VoIP Access
Networking Requirements
Flows of the HSI, VoIP, and IPTV services are transmitted on the network. Users require high
quality of the VoIP service. Therefore, voice data flows must be transmitted with a high priority.
If a voice device supports DHCP and has a high 802.1p priority (for example, 5), you can
configure DHCP and Voice VLAN on the switch. Then the switch uses the DHCP protocol to
deliver the Voice VLAN ID to the voice device and does not change the packet priority.
As shown in Figure 3-53, the voice device does not support VLAN configuration. In this case,
you can configure the DHCP option so that the DHCP server can deliver the voice VLAN ID to
the voice device.
Figure 3-53 Configuring a DHCP server to provide VoIP access
Internet
Switch
DHCP Server
GE0/0/1
HG
HSI
Issue 04 (2013-11-06)
VoIP
IPTV
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
348
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create VLANs.
2.
Configure the link type and default VLAN of the interface connected to the IP phone.
3.
Configure the interface to trust the 802.1p priority of packets.
4.
Configure an IP address pool.
5.
Configure Option in the address pool.
6.
Enable DHCP globally and configure the DHCP server on the VLANIF interface to allocate
IP addresses using the global IP address pool.
Procedure
Step 1 Configure VLANs and interface on the Switch.
# Create VLAN 2 and VLAN 6.
<HUAWEI> system-view
[HUAWEI] vlan batch 2 6
# Configure the link type and default VLAN of GigabitEthernet0/0/1.
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/1] port
[HUAWEI-GigabitEthernet0/0/1] port
[HUAWEI-GigabitEthernet0/0/1] port
[HUAWEI-GigabitEthernet0/0/1] quit
0/0/1
hybrid pvid vlan 2
hybrid tagged vlan 6
hybrid untagged vlan 2
Step 2 Configure an IP address pool on the Switch.
# Create an IP address pool.
[HUAWEI] ip pool ip_access
# Configure the address range in the IP address pool.
[HUAWEI-ip-pool-ip_access]
[HUAWEI-ip-pool-ip_access]
[HUAWEI-ip-pool-ip_access]
[HUAWEI-ip-pool-ip_access]
network 192.168.10.0 mask 24
gateway-list 192.168.10.254
option184 voice-vlan 6
quit
NOTE
The DHCP option is configured to enable the DHCP server to deliver the voice VLAN ID to the voice
device. Option184 is used as an example here. IP phones from different vendors may use different options.
For the specific option used by an IP phone, see the user manual of the IP phone. For details on how to
configure the option, see the option command in S2350&S5300&S6300 Series Ethernet Switches IP
Service Commands - DHCP Configuration Commands.
Step 3 Configure the interface to trust the 802.1p priority of packets.
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] trust 8021p (inner)
[HUAWEI-GigabitEthernet0/0/1] quit
NOTE
The format of the trust 8021p (inner) command varies depending on the device model.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
349
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Step 4 Enable DHCP globally,
[HUAWEI] dhcp enable
Step 5 Create the VLANIF interface corresponding to the default VLAN of GigabitEthernet0/0/1.
Configure the DHCP server on the VLANIF interface to allocate IP addresses using the global
address pool.
[HUAWEI] interface Vlanif2
[HUAWEI-Vlanif2] ip address 192.168.10.1 255.255.255.0
[HUAWEI-Vlanif2] dhcp select global
----End
Configuration Files
Configuration file of the Switch
#
sysname HUAWEI
#
vlan batch 2 6
#
dhcp enable
#
ip pool ip_access
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
option184 voice-vlan 6
#
interface Vlanif2
ip address 192.168.10.1 255.255.255.0
dhcp select global
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 2
port hybrid tagged vlan 6
port hybrid untagged vlan 2
trust 8021p
#
return
3.13.3 Example for Configuring MAC Address-based VLAN
Assignment on a Switch to Provide VoIP Access
Networking Requirements
Flows of the HSI, VoIP, and IPTV services are transmitted on the network. Users require high
quality of the VoIP service. Therefore, voice data flows must be transmitted with a high priority.
If a voice device does not support LLDP or DHCP, you can configure MAC address-based
VLAN assignment on the switch. Then the switch can assign a VLAN to the voice device based
on the MAC address of the voice device.
As shown in Figure 3-54, the IP phone sends untagged packets. To ensure high-quality VoIP
service, the Switch associates the MAC address of the IP phone with VLAN 100, of which the
priority is 7.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
350
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-54 Configuring MAC address-based VLAN assignment to provide VoIP access
DHCP Server
Internet
Switch
GE0/0/1
HG
HSI
VoIP
IPTV
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create VLAN 100 for voice flows.
2.
Enable MAC address-based assignment on the interface.
3.
Associate the MAC address of the IP phone with a VLAN.
Procedure
Step 1 Configure VLANs and interface on the Switch.
Create VLAN 100 and VLAN 200.
<HUAWEI> system-view
[HUAWEI] vlan batch 100
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[HUAWEI-GigabitEthernet0/0/1] quit
Step 2 Associate the MAC address of the IP phone with VLAN 100 and set the priority of VLAN 100
to7.
[HUAWEI] vlan 100
[HUAWEI-vlan100] mac-vlan mac-address 1234-1234-1234 ffff-ff00-0000 priority 7
[HUAWEI-vlan100] quit
Step 3 Enable MAC address-based VLAN assignment.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
351
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] mac-vlan enable
[HUAWEI-GigabitEthernet0/0/1] return
Step 4 Verify the configuration.
Run the display mac-vlan mac-address all command to verify the configuration of MAC
address-based VLAN assignment.
<HUAWEI> display mac-vlan mac-address all
--------------------------------------------------MAC Address
MASK
VLAN
Priority
--------------------------------------------------1234-1234-1234 ffff-ff00-0000 100
7
Total MAC VLAN address count: 1
----End
Configuration Files
Configuration file of the Switch
#
sysname HUAWEI
#
vlan batch 100
#
vlan 100
mac-vlan mac-address 1234-1234-1234 ffff-ff00-0000 priority 7
#
interface GigabitEthernet0/0/1
port hybrid untagged vlan 100
mac-vlan enable
#
return
3.13.4 Example for Configuring an ACL on a Switch to Provide VoIP
Access
Networking Requirements
NOTE
This example does not apply to S5300SI, S2350 or S5300LI.
Flows of the HSI, VoIP, and IPTV services are transmitted on the network. Users require high
quality of the VoIP service. Therefore, voice data flows must be transmitted with a high priority.
If a voice device connected to a switch does not support LLDP or DHCP, you can configure an
ACL on the switch to implement VoIP access.
As shown in Figure 3-55, the voice device sends untagged packets. To ensure high-quality VoIP
service, the Switch identifies voice data packets based on the source MAC address, tags the
voice data packets with VLAN 200, and sets the priority of the voice data packets to 7.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
352
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-55 Configuring an ACL to provide VoIP access
DHCP Server
Internet
Switch
GE0/0/1
HG
HSI
VoIP
IPTV
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create VLAN 100 for data flows and VLAN 200 for voice flows.
2.
Configure the link type and default VLAN of the interface connected to the voice device.
3.
Configure an ACL rule to match the MAC address of the voice device.
4.
Configure the Switch to add an outer VLAN tag to the packets matching the ACL rule and
change the priority of these packets.
Procedure
Step 1 Configure VLAN and interface on the Switch.
# Create VLAN 100 and VLAN 200.
<HUAWEI> system-view
[HUAWEI] vlan batch 100 200
# Configure the link type and default VLAN of the interface connected to the voice device.
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[HUAWEI-GigabitEthernet0/0/1] port hybrid untagged vlan 100 200
[HUAWEI-GigabitEthernet0/0/1] quit
Step 2 Configure an ACL.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
353
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[HUAWEI] acl 4000
[HUAWEI-acl-L2-4000] rule permit source-mac 1234-1234-1234 ffff-ffff-ff00
[HUAWEI-acl-L2-4000] quit
Step 3 Apply the ACL to GE0/0/1.
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port add-tag acl 4000 vlan 200 remark-8021p 7
[HUAWEI-GigabitEthernet0/0/1] return
Step 4 Verify the configuration.
Run the display acl 4000 command to check the ACL configuration.
<HUAWEI> display acl 4000
L2 ACL 4000, 1 rule
Acl's step is 5
rule 5 permit source-mac 1234-1234-1200 ffff-ffff-ff00
----End
Configuration Files
Configuration file of the Switch
#
sysname HUAWEI
#
vlan batch 100 200
#
acl number 4000
rule 5 permit source-mac 1234-1234-1200 ffff-ffff-ff00
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
200
port add-tag acl 4000 vlan 200 remark-8021p 7
#
return
3.13.5 Example for Configuring an Simplified ACL on a Switch to
Provide VoIP Access
Networking Requirements
Flows of the HSI, VoIP, and IPTV services are transmitted on the network. Users require high
quality of the VoIP service. Therefore, voice data flows must be transmitted with a high priority.
If a voice device connected to a switch does not support LLDP or DHCP, you can configure an
ACL on the switch to implement VoIP access.
As shown in Figure 3-56, the voice device sends untagged packets. To ensure high-quality VoIP
service, the Switch identifies voice data packets based on the source MAC address, tags the
voice data packets with VLAN 200, and sets the priority of the voice data packets to 7.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
354
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
Figure 3-56 Configuring an ACL to provide VoIP access
DHCP Server
Internet
Switch
GE0/0/1
HG
HSI
VoIP
IPTV
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a VLAN.
2.
Configure the link type and default VLAN of the interface connected to the voice device.
3.
Configure an ACL rule to match the MAC address of the voice device.
4.
Configure the Switch to change the priority of the packets matching the ACL rule.
Procedure
Step 1 Configure VLAN and interface on the Switch.
# Create VLAN 200.
<HUAWEI> system-view
[HUAWEI] vlan 200
[HUAWEI-vlan200] quit
# Configure the link type and default VLAN of the interface connected to the voice device.
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port link-type access
[HUAWEI-GigabitEthernet0/0/1] port default vlan 200
[HUAWEI-GigabitEthernet0/0/1] quit
Step 2 Configure an ACL.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
355
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3 Ethernet
[HUAWEI] acl 4000
[HUAWEI-acl-L2-4000] rule permit source-mac 1234-1234-1234 ffff-ffff-ff00
[HUAWEI-acl-L2-4000] quit
Step 3 Apply the ACL to GE0/0/1 and re-mark the priority of the packets matching the ACL.
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] traffic-remark inbound acl 4000 8021p 7
[HUAWEI-GigabitEthernet0/0/1] traffic-remark inbound acl 4000 dscp ef
[HUAWEI-GigabitEthernet0/0/1] return
Step 4 Verify the configuration.
Run the display acl 4000 command to check the ACL configuration.
<HUAWEI> display acl 4000
L2 ACL 4000, 1 rule
Acl's step is 5
rule 5 permit source-mac 1234-1234-1200 ffff-ffff-ff00
----End
Configuration Files
Configuration file of the Switch
#
sysname HUAWEI
#
vlan batch 200
#
acl number 4000
rule 5 permit source-mac 1234-1234-1200 ffff-ffff-ff00
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 200
traffic-remark inbound acl 4000 8021p 7
traffic-remark inbound acl 4000 dscp ef
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
356
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
4
IP Service
About This Chapter
This document describes configuration of IP Service supported by the device and provides
configuration examples.
4.1 IP Address Configuration
Network devices can communicate at the network layer only after they are configured with IP
addresses.
4.2 ARP Configuration
The Address Resolution Protocol (ARP) maps IP addresses to MAC addresses so that Ethernet
frames can be transmitted on a physical network.
4.3 DHCP Configuration
DHCP dynamically manages and configures clients in a concentrated manner. It ensures proper
IP address allocation and improves IP address use efficiency.
4.4 DHCP Policy VLAN Configuration
This chapter describes the concept, operating mode, and configuration of Dynamic Host
Configuration Protocol (DHCP) policy Virtual Local Area Network (VLAN), and provides
configuration examples.
4.5 DHCPv6 Configuration
This section describes how to configure the DHCPv6 function. Currently, the switch can function
as the DHCPv6 server, DHCPv6 PD server, DHCPv6 relay on the IPv6 network.
4.6 IP Performance Configuration
You can optimize IP performance by adjusting parameters on the network.
4.7 DNS Configuration
This chapter describes the principles, basic functions and configuration procedures of DNS on
the switch, and provides configuration examples.
4.8 Basic IPv6 Configurations
The IPv6 protocol stack supports routing protocols and application protocols on an IPv6 network.
4.9 IPv6 DNS configuration
This section describes how to configure IPv6 DNS so that devices can use domain names to
communicate.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
357
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
4.10 IPv6 over IPv4 Tunnel Configuration
IPv6 over IPv4 tunnel technology enables transition from the IPv4 network to the IPv6 network.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
358
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
4.1 IP Address Configuration
Network devices can communicate at the network layer only after they are configured with IP
addresses.
4.1.1 Example for Configuring IP Addresses for an Interface
Networking Requirements
As shown in Figure 4-1, the Switch has only one idle interface GE0/0/1 to connect to a LAN.
The hosts on the LAN are located on two network segments: 172.16.1.0/24 and 172.16.2.0/24.
The interface must be configured with two interfaces to provide access for hosts on the two
network segments.
Figure 4-1 Network diagram for IP addresses configuration
172.16.1.1/24 172.16.1.2/24
Switch
GE0/0/1
VLANIF100
172.16.1.1/24
172.16.2.1/24 sub
172.16.2.1/24
172.16.2.2/24
Configuration Roadmap
The configuration roadmap is as follows:
Configure a primary IP address and a secondary IP address for the interface.
Procedure
Step 1 Add GE0/0/1 to VLAN 100, and configure a primary IP address and a secondary IP address for
VLANIF100.
<HUAWEI> system-view
[HUAWEI] vlan 100
[HUAWEI-Vlan100] quit
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[HUAWEI-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[HUAWEI-GigabitEthernet0/0/1] quit
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
359
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
[HUAWEI] interface
[HUAWEI-Vlanif100]
[HUAWEI-Vlanif100]
[HUAWEI-Vlanif100]
[HUAWEI] quit
4 IP Service
vlanif 100
ip address 172.16.1.1 24
ip address 172.16.2.1 24 sub
quit
Step 2 Verify the configuration.
# Ping a host on network segment 172.16.1.0 from the Switch. The ping operation succeeds.
<HUAWEI> ping 172.16.1.2
PING 172.16.1.2: 56 data bytes, press CTRL_C to break
Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=128
Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=128
Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=128
Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=128
Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=128
--- 172.16.1.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 25/26/27 ms
time=25
time=27
time=26
time=26
time=26
ms
ms
ms
ms
ms
# Ping a host on network segment 172.16.2.0 from the Switch. The ping operation succeeds.
<HUAWEI> ping 172.16.2.2
PING 172.16.2.2: 56 data bytes, press CTRL_C to break
Reply from 172.16.2.2: bytes=56 Sequence=1 ttl=128 time=25
Reply from 172.16.2.2: bytes=56 Sequence=2 ttl=128 time=26
Reply from 172.16.2.2: bytes=56 Sequence=3 ttl=128 time=26
Reply from 172.16.2.2: bytes=56 Sequence=4 ttl=128 time=26
Reply from 172.16.2.2: bytes=56 Sequence=5 ttl=128 time=26
--- 172.16.2.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 25/25/26 ms
ms
ms
ms
ms
ms
----End
Configuration Files
Configuration file of the Switch
#
vlan batch 100
#
interface Vlanif100
ip address 172.16.1.1 255.255.255.0
ip address 172.16.2.1 255.255.255.0 sub
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
return
4.1.2 Example for Configuring an IP Unnumbered Interface
Networking Requirements
As shown in Figure 4-2, Tunnel interfaces (Tunnel1) of SwitchA and SwitchC are seldom used,
so they have no IP address configured. IP unnumbered need to be configured on the tunnel
interfaces so that the two switches can communicate through the tunnel.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
360
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Figure 4-2 Network diagram for IP unnumbered interface configuration
SwitchB
SwitchA
GE0/0/2
VLANIF20
30.1.1.1/24
GE0/0/1
VLANIF10
20.1.1.1/24
GE0/0/1
VLANIF10
30.1.1.2/24
SwitchC
LoopBack 0
9.9.9.1/24
LoopBack 0
116.116.116.1/24
GE0/0/1
VLANIF10
20.1.1.2/24
Tunnel
Tunnel 1
Tunnel 1
PC 1
PC 2
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create tunnel interfaces on SwitchA and SwitchC, set up a GRE tunnel between them, and
specify the source and destination addresses of the tunnel interfaces.
2.
On SwitchA and SwitchC, configure an IP address for a loopback interface and configure
the tunnel interface to borrow the IP address from this loopback interface.
Procedure
Step 1 Configure public IP and the IP address of interface Loopback0
# Configure SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type access
[SwitchA-GigabitEthernet0/0/1] port default vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 20.1.1.1 24
[SwitchA-Vlanif10] quit
[SwitchA] interface loopback 0
[SwitchA-LoopBack0] ip address 116.116.116.1 24
[SwitchA-LoopBack0] quit
# Configure SwitchB.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 10 20
[SwitchB] interface gigabitethernet 0/0/1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
361
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
[SwitchB-GigabitEthernet0/0/1] port link-type access
[SwitchB-GigabitEthernet0/0/1] port default vlan 10
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type access
[SwitchB-GigabitEthernet0/0/2] port default vlan 20
[SwitchB-GigabitEthernet0/0/2] quit
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ip address 20.1.1.2 24
[SwitchB-Vlanif10] quit
[SwitchB] interface vlanif 20
[SwitchB-Vlanif20] ip address 30.1.1.1 24
[SwitchB-Vlanif20] quit
# Configure SwitchC.
<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] vlan 10
[SwitchC-vlan10] quit
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] port link-type access
[SwitchC-GigabitEthernet0/0/1] port default vlan 10
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface vlanif 10
[SwitchC-Vlanif10] ip address 30.1.1.2 24
[SwitchC-Vlanif10] quit
[SwitchC] interface loopback 0
[SwitchC-LoopBack0] ip address 9.9.9.1 24
[SwitchC-LoopBack0] quit
Step 2 Configure OSPF on the devices
# Configure SwitchA.
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# Configure SwitchB.
[SwitchB] ospf 1
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# Configure SwitchC.
[SwitchC] ospf 1
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
Step 3 Configure Tunnel1 to borrow the IP address from Loopback0 and configure the gre tunnel.
# Configure SwitchA.
[SwitchA] interface tunnel 1
[SwitchA-Tunnel1] tunnel-protocol gre
[SwitchA-Tunnel1] ip address unnumbered interface loopback 0
[SwitchA-Tunnel1] source 20.1.1.1
[SwitchA-Tunnel1] destination 30.1.1.2
[SwitchA-Tunnel1] quit
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
362
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
# Configure SwitchC.
[SwitchC] interface tunnel 1
[SwitchC-Tunnel1] tunnel-protocol gre
[SwitchC-Tunnel1] ip address unnumbered interface loopback 0
[SwitchC-Tunnel1] source 30.1.1.2
[SwitchC-Tunnel1] destination 20.1.1.1
[SwitchC-Tunnel1] quit
Step 4 Configure static routes.
# Configure SwitchA.
[SwitchA] ip route-static 9.9.9.0 255.255.255.0 tunnel 1
# Configure SwitchC.
[SwitchC] ip route-static 116.116.116.0 255.255.255.0 tunnel 1
Step 5 Verify the configuration.
# Ping 9.9.9.1 from SwitchA. The ping operation succeeds.
[SwitchA] ping 9.9.9.1
PING 9.9.9.1: 56 data bytes, press CTRL_C to break
Reply from 9.9.9.1: bytes=56 Sequence=1 ttl=255 time=2
Reply from 9.9.9.1: bytes=56 Sequence=2 ttl=255 time=3
Reply from 9.9.9.1: bytes=56 Sequence=3 ttl=255 time=3
Reply from 9.9.9.1: bytes=56 Sequence=4 ttl=255 time=3
Reply from 9.9.9.1: bytes=56 Sequence=5 ttl=255 time=3
ms
ms
ms
ms
ms
--- 9.9.9.1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/2/3 ms
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
interface Vlanif10
ip address 20.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface LoopBack0
ip address 116.116.116.1 255.255.225.0
#
interface Tunnel1
ip address unnumbered interface LoopBack0
tunnel-protocol gre
source 20.1.1.1
destination 30.1.1.2
#
ospf 1
area 0.0.0.0
network 20.1.1.0 0.0.0.255
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
363
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
#
ip route-static 9.9.9.0 255.255.255.0 Tunnel1
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10 20
#
interface Vlanif10
ip address 20.1.1.2 255.255.255.0
#
interface Vlanif20
ip address 30.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
#
ospf 1
area 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
#
return
l
Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 10
#
interface Vlanif10
ip address 30.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface LoopBack0
ip address 9.9.9.1 255.255.225.0
#
interface Tunnel1
ip address unnumbered interface LoopBack0
tunnel-protocol gre
source 30.1.1.2
destination 20.1.1.1
#
ospf 1
area 0.0.0.0
network 30.1.1.0 0.0.0.255
#
ip route-static 116.116.116.0 255.255.255.0 Tunnel1
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
364
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
4.2 ARP Configuration
The Address Resolution Protocol (ARP) maps IP addresses to MAC addresses so that Ethernet
frames can be transmitted on a physical network.
4.2.1 Example for Configuring ARP
Networking Requirements
As shown in Figure 4-3, GE0/0/1 on the switch connects to hosts through the LAN Switch
(LSW). GE0/0/2 connects to a server through the Router. Requirements are as follows:
l
GE0/0/1 belongs to VLAN2 and GE0/0/2 belongs to VLAN3.
l
Dynamic ARP parameters should be configured for VLANIF2 of the switch so that packets
are transmitted correctly regardless of network typology change.
l
A static ARP entry should be configured on GE0/0/2 of the switch to ensure secure
communication with the server and prevent illegal ARP packets. The IP address of the
router should be 10.2.2.3 and the corresponding MAC address is 00e0-fc01-0000.
Figure 4-3 Networking diagram for configuring ARP
Server
Internet
Router
GE0/0/2
GE0/0/1
VLANIF3
10.2.2.2/24
Switch
VLANIF2
2.2.2.2/24
LSW
PC1
Internet
PC3
PC2
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
365
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create VLANs and add interfaces to the VLANs.
2.
Set dynamic ARP parameters for the user-side VLANIF interface.
3.
Configure a static ARP entry.
Procedure
Step 1 Create VLANs and add interfaces to the VLANs.
# Create VLAN2 and VLAN3.
<HUAWEI> system-view
[HUAWEI] vlan batch 2 3
# Add GE0/0/1 to VLAN2 and GE0/0/2 to VLAN3.
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/1] port
[HUAWEI-GigabitEthernet0/0/1] quit
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/2] port
[HUAWEI-GigabitEthernet0/0/2] quit
0/0/1
hybrid tagged vlan 2
0/0/2
hybrid tagged vlan 3
Step 2 Set dynamic ARP parameters for the VLANIF interface.
# Create VLANIF2.
[HUAWEI] interface vlanif 2
# Configure an IP address for VLANIF2.
[HUAWEI-Vlanif2] ip address 2.2.2.2 255.255.255.0
# Set the aging time of ARP entries to 60s.
[HUAWEI-Vlanif2] arp expire-time 60
# Set the number of probes to ARP entries to 2.
[HUAWEI-Vlanif2] arp detect-times 2
[HUAWEI-Vlanif2] quit
# Create VLANIF3.
[HUAWEI] interface vlanif 3
# Configure an IP address for VLANIF3.
[HUAWEI-Vlanif3] ip address 10.2.2.2 255.255.255.0
[HUAWEI-Vlanif3] quit
Step 3 Configure a static ARP entry.
# Configure a static ARP entry with IP address 10.2.2.3, MAC address 00e0-fc01-0000, VLAN
ID 3, and outbound interface GE0/0/2.
[HUAWEI] arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface gigabitethernet 0/0/2
[HUAWEI] quit
Step 4 Verify the configuration.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
366
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
# Run the display current-configuration command to check the aging time, number of probes,
and ARP mapping entries.
<HUAWEI> display current-configuration | include arp
arp detect-times 2
arp expire-time 60
arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface GigabitEthernet0/0/2
----End
Configuration Files
Configuration file of the switch
#
sysname HUAWEI
#
vlan batch 2 to 3
#
interface Vlanif2
arp detect-times 2
arp expire-time 60
ip address 2.2.2.2 255.255.255.0
#
interface Vlanif3
ip address 10.2.2.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 2
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 3
#
arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface GigabitEthernet0/0/2
#
return
4.2.2 Example for Configuring Routed Proxy ARP
Networking Requirements
In Figure 4-4, Ethernet interfaces GE0/0/1 and GE0/0/2 connect to two LANs respectively. The
two LANs are at the same network segment 172.16.0.0/16. HostA and HostB have no default
gateway. Routed proxy ARP is required to be configured on the switch so that hosts on two
LANs can communicate.
Figure 4-4 Networking diagram for configuring routed proxy ARP
Host A
172.16.1.2/16
0000-5e33-ee20
Host B
172.16.2.2/16
0000-5e33-ee10
GE0/0/1
172.16.1.1/24
GE0/0/2
172.16.2.1/24
VLAN2
VLAN3
Switch
Ethernet A
Issue 04 (2013-11-06)
Ethernet B
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
367
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure IP addresses for interfaces.
2.
Enable routed proxy ARP on interfaces.
Procedure
Step 1 Create VLAN2 and add GE0/0/1 to VLAN2.
<HUAWEI> system-view
[HUAWEI] vlan 2
[HUAWEI-vlan2] quit
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port link-type access
[HUAWEI-GigabitEthernet0/0/1] port default vlan 2
[HUAWEI-GigabitEthernet0/0/1] quit
Step 2 Create and configure VLANIF2.
[HUAWEI] interface vlanif 2
[HUAWEI-Vlanif2] ip address 172.16.1.1 255.255.255.0
Step 3 Enable routed proxy ARP on VLANIF2.
[HUAWEI-Vlanif2] arp-proxy enable
[HUAWEI-Vlanif2] quit
Step 4 Create VLAN3 and add GE0/0/2 to VLAN3.
[HUAWEI] vlan 3
[HUAWEI-vlan3] quit
[HUAWEI] interface gigabitethernet 0/0/2
[HUAWEI-GigabitEthernet0/0/2] port link-type access
[HUAWEI-GigabitEthernet0/0/2] port default vlan 3
[HUAWEI-GigabitEthernet0/0/2] quit
Step 5 Create and configure VLANIF3.
[HUAWEI] interface vlanif 3
[HUAWEI-Vlanif3] ip address 172.16.2.1 255.255.255.0
Step 6 Enable routed proxy ARP on VLANIF3.
[HUAWEI-Vlanif3] arp-proxy enable
[HUAWEI-Vlanif3] quit
Step 7 Configure hosts.
# Configure IP address 172.16.1.2/16 for HostA.
# Configure IP address 172.16.2.2/16 for HostB.
Step 8 Verify the configuration.
# Ping Host B from Host A. Host A can ping Host B successfully.
----End
Configuration Files
Configuration file of the switch
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
368
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
#
sysname HUAWEI
#
vlan batch 2 to 3
#
interface Vlanif2
ip address 172.16.1.1 255.255.255.0
arp-proxy enable
#
interface Vlanif3
ip address 172.16.2.1 255.255.255.0
arp-proxy enable
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 3
#
return
4.2.3 Example for Configuring Intra-VLAN Proxy ARP
Networking Requirements
As shown in Figure 4-5, GE0/0/2 and GE0/0/1 on the switch belong to sub-VLAN2. SubVLAN2 belongs to super-VLAN3. Requirements are as follows:
l
HostA and HostB in VLAN2 should be isolated at Layer 2.
l
HostA and HostB can communicate at Layer 3 using intra-VLAN proxy ARP.
The IP address of the VLANIF interface corresponding to the super-VLAN is 10.10.10.1 and
the mask is 255.255.255.0.
Figure 4-5 Networking diagram for configuring intra-VLAN proxy ARP
Internet
Switch
GE0/0/2
GE0/0/1
hostB
10.10.10.3/24
00-e0-fc-00-00-03
hostA
10.10.10.2/24
00-e0-fc-00-00-02
sub-VLAN2
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
369
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create and configure a super-VLAN and a sub-VLAN.
2.
Add interfaces to the sub-VLAN.
3.
Create a VLANIF interface corresponding to the super-VLAN and assign an IP address to
the VLANIF interface.
4.
Enable intra-VLAN proxy ARP on the VLANIF interface.
Procedure
Step 1 Configure a super-VLAN and a sub-VLAN.
# Configure sub-VLAN2.
<HUAWEI> system-view
[HUAWEI] vlan 2
[HUAWEI-vlan2] quit
# Enable interface isolation on GE0/0/1 and GE0/0/2.
[HUAWEI] port-isolate mode l2
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port-isolate enable
[HUAWEI-GigabitEthernet0/0/1] quit
[HUAWEI] interface gigabitethernet 0/0/2
[HUAWEI-GigabitEthernet0/0/2] port-isolate enable
[HUAWEI-GigabitEthernet0/0/2] quit
# Add GE0/0/1 and GE0/0/2 to sub-VLAN2.
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/1] port
[HUAWEI-GigabitEthernet0/0/1] port
[HUAWEI-GigabitEthernet0/0/1] quit
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/2] port
[HUAWEI-GigabitEthernet0/0/2] port
[HUAWEI-GigabitEthernet0/0/2] quit
0/0/1
link-type access
default vlan 2
0/0/2
link-type access
default vlan 2
# Configure super-VLAN3 and add sub-VLAN2 to super-VLAN3.
[HUAWEI] vlan 3
[HUAWEI-vlan3] aggregate-vlan
[HUAWEI-vlan3] access-vlan 2
[HUAWEI-vlan3] quit
Step 2 Create and configure VLANIF3.
# Create VLANIF3.
[HUAWEI] interface vlanif 3
# Configure an IP address for VLANIF3.
[HUAWEI-Vlanif3] ip address 10.10.10.1 24
Step 3 Enable intra-VLAN proxy ARP on VLANIF3.
[HUAWEI-Vlanif3] arp-proxy inner-sub-vlan-proxy enable
[HUAWEI-Vlanif3] quit
Step 4 Verify the configuration.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
370
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
# Run the display current-configuration command to check configurations of the superVLAN, sub-VLAN, and VLANIF interface. The output of the command is displayed in the
following configuration file.
# hostA and hostB can ping each other.
----End
Configuration Files
Configuration file of the switch
#
sysname HUAWEI
#
vlan batch 2 to 3
#
vlan 3
aggregate-vlan
access-vlan 2
#
interface Vlanif3
ip address 10.10.10.1 255.255.255.0
arp-proxy inner-sub-vlan-proxy enable
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
port-isolate enable group 1
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 2
port-isolate enable group 1
#
return
4.2.4 Example for Configuring Inter-VLAN Proxy ARP
Networking Requirements
As shown in Figure 4-6, VLAN2 and VLAN3 belong to super-VLAN4. Requirements are as
follows:
l
Hosts in VLAN2 and VLAN3 cannot ping each other.
l
Hosts in VLAN2 and VLAN3 can communicate after inter-VLAN proxy ARP is
configured.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
371
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Figure 4-6 Networking diagram for configuring inter-VLAN proxy ARP
Switch
GE0/0/1
GE0/0/2
GE0/0/3
GE0/0/4
VLAN2
VLAN3
VLAN4
VLAN2
VLAN3
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure a super-VLAN and sub-VLANs.
2.
Add interfaces to the sub-VLANs.
3.
Create a VLANIF interface corresponding to the super-VLAN and assign an IP address to
the VLANIF interface.
4.
Enable inter-VLAN proxy ARP.
Procedure
Step 1 Configure a super-VLAN and sub-VLANs.
# Configure sub-VLAN2.
<HUAWEI> system-view
[HUAWEI] vlan 2
[HUAWEI-vlan2] quit
# Add GE0/0/1 and GE0/0/2 to sub-VLAN2.
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/1] port
[HUAWEI-GigabitEthernet0/0/1] port
[HUAWEI-GigabitEthernet0/0/1] quit
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/2] port
[HUAWEI-GigabitEthernet0/0/2] port
[HUAWEI-GigabitEthernet0/0/2] quit
0/0/1
link-type access
default vlan 2
0/0/2
link-type access
default vlan 2
# Configure sub-VLAN3.
<HUAWEI> system-view
[HUAWEI] vlan 3
[HUAWEI-vlan3] quit
# Add GE0/0/3 and GE0/0/4 to sub-VLAN3.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
372
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/3] port
[HUAWEI-GigabitEthernet0/0/3] port
[HUAWEI-GigabitEthernet0/0/3] quit
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/4] port
[HUAWEI-GigabitEthernet0/0/4] port
[HUAWEI-GigabitEthernet0/0/4] quit
4 IP Service
0/0/3
link-type access
default vlan 3
0/0/4
link-type access
default vlan 3
# Configure super-VLAN4, then add sub-VLAN2 and sub-VLAN3 to super-VLAN4.
[HUAWEI] vlan 4
[HUAWEI-vlan4] aggregate-vlan
[HUAWEI-vlan4] access-vlan 2
[HUAWEI-vlan4] access-vlan 3
[HUAWEI-vlan4] quit
Step 2 Create and configure VLANIF4.
# Create VLANIF4.
[HUAWEI] interface vlanif 4
# Configure an IP address for VLANIF4.
[HUAWEI-Vlanif4] ip address 10.10.10.1 24
Step 3 Enable inter-VLAN proxy ARP on VLANIF4.
[HUAWEI-Vlanif4] arp-proxy inter-sub-vlan-proxy enable
[HUAWEI-Vlanif4] quit
Step 4 Verify the configuration.
# Run the display current-configuration command to check configurations of the superVLAN, sub-VLANs, and VLANIF interface. The output of the command is displayed in the
following configuration file.
# Hosts in VLAN2 and VLAN3 can communicate after inter-VLAN proxy ARP is configured.
----End
Configuration Files
Configuration file of the switch
#
sysname HUAWEI
#
vlan batch 2 to 4
#
vlan 4
aggregate-vlan
access-vlan 2 3
#
interface Vlanif4
ip address 10.10.10.1 255.255.255.0
arp-proxy inter-sub-vlan-proxy enable
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 2
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
373
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 3
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 3
#
return
4.2.5 Example for Configuring Layer 2 Topology Detection
Networking Requirements
As shown in Figure 4-7, two GE interfaces are added to VLAN100. IP addresses of the switch
that two GE interfaces connect.
Figure 4-7 Networking diagram for configuring Layer 2 topology detection
Switch
GE0/0/1
PC A
10.1.1.1/24
GE0/0/2
VLANIF100
10.1.1.2/24
VLAN100
PC B
10.1.1.3/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Add two GE interfaces to VLAN100.
2.
Enable Layer 2 topology detection to view changes of ARP entries.
Procedure
Step 1 Create VLAN100 and add two GE interfaces on the switch to VLAN100.
# Create VLAN100 and configure an IP address for the VLANIF interface.
<HUAWEI> system-view
[HUAWEI] vlan 100
[HUAWEI-vlan100] quit
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ip address 10.1.1.2 24
[HUAWEI-Vlanif100] quit
# Add two GE interfaces to VLAN100.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
374
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/1] port
[HUAWEI-GigabitEthernet0/0/1] port
[HUAWEI-GigabitEthernet0/0/1] quit
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/2] port
[HUAWEI-GigabitEthernet0/0/2] port
[HUAWEI-GigabitEthernet0/0/2] quit
0/0/1
link-type access
default vlan 100
0/0/2
link-type access
default vlan 100
Step 2 Enable Layer 2 topology detection.
[HUAWEI] l2-topology detect enable
Step 3 Restart GE0/0/1 and view changes of ARP entries and aging time.
# View ARP entries on the switch. You can find the switch has learnt the MAC address of the
PC.
[HUAWEI] display arp all
IP ADDRESS
MAC ADDRESS
INSTANCE
EXPIRE(M)
TYPE
INTERFACE
VPN-
VLAN
----------------------------------------------------------------------------10.1.1.2
00e0-c01a-4900
I Vlanif100
10.1.1.1
00e0-c01a-4901 20
D-0
GE0/0/1
100/10.1.1.3
00e0-de24-bf04 20
D-0
GE0/0/2
100/----------------------------------------------------------------------------Total:3
Dynamic:2
Static:0
Interface:1
# Run the shutdown and undo shutdown commands on GE0/0/1 and view the aging time of
ARP entries.
l Run the shutdown command on GE0/0/1 to view the aging time of ARP entries.
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] shutdown
[HUAWEI-GigabitEthernet0/0/1] display arp all
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPNINSTANCE
VLAN
---------------------------------------------------------------------------10.1.1.2
00e0-c01a-4900
I Vlanif100
10.1.1.3
00e0-de24-bf04 18
D-0
GE0/0/2
100/-----------------------------------------------------------------------------Total:2
Dynamic:1
Static:0
Interface:1
l Run the undo shutdown command on GE0/0/1 to view the aging time of ARP entries.
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] undo shutdown
[HUAWEI-GigabitEthernet0/0/1] display arp all
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPNINSTANCE
VLAN
----------------------------------------------------------------------------10.1.1.2
00e0-c01a-4900
I Vlanif100
10.1.1.1
00e0-c01a-4901 20
D-0
GE0/0/1
100/10.1.1.3
00e0-de24-bf04 20
D-0
GE0/0/2
100/----------------------------------------------------------------------------Total:3
Dynamic:2
Static:0
Interface:1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
375
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
NOTE
The preceding command output shows that the ARP entries learned from GE 0/0/1 are deleted after GE
0/0/1 is shut down. After the undo shutdown command is run on GE 0/0/1 and GE 0/0/1 goes Up, the ARP
entry learned from GE 0/0/2 is aged, and then the device sends an ARP probe packet for updating ARP
entry. After the entry is updated, the aging time restores the default value, 20 minutes.
----End
Configuration Files
Configuration file of the switch
#
sysname HUAWEI
#
l2-topology detect enable
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 100
#
return
4.2.6 Example for Configuring ARP Packet Forwarding Between
Isolated Interfaces
Networking Requirements
As shown in Figure 4-8, SwitchB connects to SwitchA (DHCP server) through GE0/0/3 and
connects to UserA and UserB through interfaces GE0/0/1 and GE0/0/2 respectively. UserA and
UserB obtain IP addresses using DHCP. GE0/0/3 of SwitchA, GE0/0/1, GE0/0/2, GE0/0/3 of
SwitchB belong to VLAN 2. The administrator has the following requirements:
l
UserA and UserB in VLAN 2 are isolated at Layer 2 and communicate at Layer 3.
l
SwitchB does not broadcast ARP Request packets in the VLAN to reduce traffic volume
in the VLAN.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
376
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Figure 4-8 Networking diagram for configuring ARP packet forwarding between isolated
interfaces
SwitchA
DHCP Sever
GE0/0/3
GE0/0/3
VLAN2
VLANIF2
10.10.10.12/24
SwitchB
GE0/0/1
GE0/0/2
UserB
10.10.10.3/24
00-e0-fc-00-00-03
UserA
10.10.10.2/24
00-e0-fc-00-00-02
VLAN2
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure port isolation on GE0/0/1 and GE0/0/2 of SwitchB and enable intra-VLAN ARP
proxy on SwitchA so that UserA and UserB are isolated at Layer 2 and communicate at
Layer 3.
2.
Enable DHCP snooping and EAI on SwitchB so that SwitchB matches the destination IP
addresses of received ARP Request packets with the dynamic DHCP snooping binding
entries to determine the outbound interfaces, preventing ARP Request packets from being
broadcast in a VLAN.
3.
Enable ARP packet forwarding between isolated interfaces on SwitchB so that UserA and
UserB can be isolated at Layer 2 and communicate at Layer 3 after EAI is enabled on the
outbound interface.
Procedure
Step 1 Enable DHCP on SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] dhcp enable
Step 2 Create a VLAN on SwitchA, add the interface to the VLAN, and create a VLANIF interface.
# Create VLAN 2 and add GE0/0/3 to VLAN 2.
[SwitchA] vlan 2
[SwitchA-vlan2] quit
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] port link-type trunk
[SwitchA-GigabitEthernet0/0/3] port trunk allow-pass vlan 2
[SwitchA-GigabitEthernet0/0/3] quit
# Create VLANIF2, configure an IP address for VLANIF2, and enable DHCP on VLANIF2.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
377
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
[SwitchA] interface vlanif 2
[SwitchA-Vlanif2] ip address 10.10.10.12 24
[SwitchA-Vlanif2] dhcp select interface
Step 3 Create a VLAN on SwitchB and add interfaces to the VLAN.
# Create VLAN 2 and add GE0/0/1, GE0/0/2, and GE0/0/3 to VLAN 2.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan 2
[SwitchB-vlan2] quit
[SwitchB] interface gigabitethernet
[SwitchB-GigabitEthernet0/0/1] port
[SwitchB-GigabitEthernet0/0/1] port
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet
[SwitchB-GigabitEthernet0/0/2] port
[SwitchB-GigabitEthernet0/0/2] port
[SwitchB-GigabitEthernet0/0/2] quit
[SwitchB] interface gigabitethernet
[SwitchB-GigabitEthernet0/0/3] port
[SwitchB-GigabitEthernet0/0/3] port
[SwitchB-GigabitEthernet0/0/3] quit
0/0/1
link-type access
default vlan 2
0/0/2
link-type access
default vlan 2
0/0/3
link-type trunk
trunk allow-pass vlan 2
Step 4 Enable DHCP snooping on SwitchB.
# Enable DHCP snooping globally and in VLAN 2.
[SwitchB] dhcp enable
[SwitchB] dhcp snooping enable
[SwitchB] vlan 2
[SwitchB-vlan2] dhcp snooping enable
[SwitchB-vlan2] quit
# Configure GE0/0/3 as the trusted interface.
[SwitchB] interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] dhcp snooping trusted
[SwitchB-GigabitEthernet0/0/3] quit
After the configuration is complete, UserA and UserB can go online using DHCP, and UserA
and UserB can ping each other. Dynamic DHCP snooping binding entries are generated on
SwitchB.
Step 5 Configure port isolation on SwitchB.
# Configure Layer 2 isolation and Layer 3 communication.
[SwitchB] port-isolate mode l2
# Configure port isolation on GE0/0/1 and GE0/0/2.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port-isolate enable
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port-isolate enable
[SwitchB-GigabitEthernet0/0/2] quit
After the configuration is complete, UserA and UserB cannot ping each other, indicating that
UserA and UserB are isolated at Layer 2.
Step 6 Enable intra-VLAN proxy ARP on SwitchA.
# Enable intra-VLAN proxy ARP on VLANIF2.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
378
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
[SwitchA-Vlanif2] arp-proxy inner-sub-vlan-proxy enable
[SwitchA-Vlanif2] quit
After the configuration is complete, UserA and UserB can ping each other, indicating that UserA
and UserB can communicate at Layer 3.
Step 7 Enable EAI on the outbound interface of SwitchB.
# Enable EAI on the outbound interface in VLAN 2.
[SwitchB] vlan 2
[SwitchB-vlan2] dhcp snooping arp security enable
After the configuration is complete, if ARP entries corresponding to UserA and UserB have
aged, UserA sends an ARP Request packet to UserB before performing the ping operation.
After EAI is enabled, SwitchB matches the destination IP addresses of received ARP Request
packets with the dynamic DHCP snooping binding entries to determine the outbound interface.
SwitchB then forwards ARP Request packets to GE0/0/1. Intra-VLAN ARP proxy on SwitchA
does not take effect when ARP packets are forwarded to SwitchA through GE0/0/3. The
outbound interface GE0/0/1 with EAI enabled and the inbound interface GE0/0/2 are configured
with port isolation. Therefore, SwitchB discards the ARP Request packet, and UserA fails to
learn ARP entries.
UserA and UserB cannot ping each other.
Step 8 Configure ARP packet forwarding between isolated interfaces on SwitchB.
# Configure ARP packet forwarding between isolated interfaces in VLAN 2.
[SwitchB-vlan2] dhcp snooping arp security isolate-forwarding-trust
[SwitchB] quit
After the configuration is complete, SwitchB forwards ARP Request packets sent from UserA
to the trusted interface GE0/0/3. SwitchA with intra-VLAN ARP proxy enabled allows UserA
and UserB to ping each other. ARP packet forwarding between isolated interfaces is configured
successfully.
Step 9 Verify the configuration.
Run the display current-configuration command on SwitchA and SwitchB to check the
configuration. The command output is displayed in the following configuration files.
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 2
#
dhcp enable
#
interface Vlanif2
ip address 10.10.10.12 255.255.255.0
arp-proxy inner-sub-vlan-proxy enable
dhcp select interface
#
interface GigabitEthernet0/0/3
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
379
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
port link-type trunk
port trunk allow-pass vlan 2
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 2
#
dhcp
enable
#
dhcp snooping
enable
#
vlan
2
dhcp snooping
enable
dhcp snooping arp security
enable
dhcp snooping arp security isolate-forwarding-trust
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
port-isolate enable group 1
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 2
port-isolate enable group 1
#
interface GigabitEthernet0/0/3
port link-type
trunk
port trunk allow-pass vlan
2
dhcp snooping trusted
#
return
4.3 DHCP Configuration
DHCP dynamically manages and configures clients in a concentrated manner. It ensures proper
IP address allocation and improves IP address use efficiency.
4.3.1 Example for Configuring a DHCP Server Based on the Global
Address Pool
Networking Requirements
As shown in Figure 4-9, an enterprise has two offices on the same network segment. To reduce
network construction cost, the enterprise uses one DHCP server to assign IP addresses for hosts
in the two offices.
All the hosts in Office1 are on the network segment 10.1.1.0/25 and added to VLAN 10. Hosts
in Office1 only use the DNS service with a lease of ten days. All the hosts in Office2 are on the
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
380
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
network segment 10.1.1.128/25 and added to VLAN 20. Hosts in Office2 use the DNS service
and NetBIOS service with a lease of two days.
You can configure a global address pool on SwitchA and enable the server to dynamically assign
IP addresses to hosts in the two offices.
Figure 4-9 Networking diagram for configuring a DHCP server based on the global address
pool
NetBIOS
server
10.1.1.4/25
DHCP
client
DHCP
client
GE0/0/1
VLANIF10
10.1.1.1/25
DHCP
client
GE0/0/2
VLANIF20
10.1.1.129/25
SwtichC
SwtichB
SwtichA
DHCP server
10.1.1.2/25 DNS
server
DHCP
client
Network: 10.1.1.0/25
DHCP
client
DHCP
client
Network: 10.1.1.128/25
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create two global address pools on the SwitchA and set attributes of the pools. Assign IP
addresses to Office1 and Office2 as required.
2.
Configure VLANIF interfaces to use the global address pool to assign IP addresses to
clients.
Procedure
Step 1 Enable DHCP
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] dhcp enable
Step 2 Create address pools and set the attributes of the address pools
# Set the attributes of IP address pool 1, including the address pool range, DNS server address,
gateway address, and address lease.
[SwitchA] ip pool 1
[SwitchA-ip-pool-1]
[SwitchA-ip-pool-1]
[SwitchA-ip-pool-1]
[SwitchA-ip-pool-1]
Issue 04 (2013-11-06)
network 10.1.1.0 mask 255.255.255.128
dns-list 10.1.1.2
gateway-list 10.1.1.1
excluded-ip-address 10.1.1.2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
381
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
[SwitchA-ip-pool-1] excluded-ip-address 10.1.1.4
[SwitchA-ip-pool-1] lease day 10
[SwitchA-ip-pool-1] quit
# Set the attributes of IP address pool 2, including the address pool range, DNS server address,
egress gateway address, NetBIOS server address, and address lease
[SwitchA] ip pool 2
[SwitchA-ip-pool-2]
[SwitchA-ip-pool-2]
[SwitchA-ip-pool-2]
[SwitchA-ip-pool-2]
[SwitchA-ip-pool-2]
[SwitchA-ip-pool-2]
network 10.1.1.128 mask 255.255.255.128
dns-list 10.1.1.2
nbns-list 10.1.1.4
gateway-list 10.1.1.129
lease day 2
quit
Step 3 Set the address assignment mode on the VLANIF interfaces
# Add GigabitEthernet0/0/1 and GigabitEthernet0/0/2 to the corresponding VLANs.
[SwitchA] vlan batch 10 20
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] quit
0/0/1
hybrid pvid vlan 10
hybrid untagged vlan 10
0/0/2
hybrid pvid vlan 20
hybrid untagged vlan 20
# Configure clients on VLANIF 10 to obtain IP addresses from the global address pool.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 10.1.1.1 255.255.255.128
[SwitchA-Vlanif10] dhcp select global
[SwitchA-Vlanif10] quit
# Configure clients on VLANIF 20 to obtain IP addresses from the global address pool.
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ip address 10.1.1.129 255.255.255.128
[SwitchA-Vlanif20] dhcp select global
[SwitchA-Vlanif20] quit
Step 4 Verify the configuration
Run the display ip pool command on the SwitchA to view the IP address pool configuration.
[SwitchA] display ip pool
----------------------------------------------------------------------Pool-name
: 1
Pool-No
: 0
Position
: Local
Status
: Unlocked
Gateway-0
: 10.1.1.1
Mask
: 255.255.255.128
VPN instance
: -----------------------------------------------------------------------Pool-name
: 2
Pool-No
: 1
Position
: Local
Status
: Unlocked
Gateway-0
: 10.1.1.129
Mask
: 255.255.255.128
VPN instance
: --
IP address Statistic
Total
:250
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
382
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Used
Expired
:6
:0
4 IP Service
Idle
Conflict
:242
:0
Disable
:2
----End
Configuration Files
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 20
#
dhcp enable
#
ip pool 1
gateway-list 10.1.1.1
network 10.1.1.0 mask 255.255.255.128
excluded-ip-address 10.1.1.2
excluded-ip-address 10.1.1.4
lease day 10 hour 0 minute 0
dns-list 10.1.1.2
#
ip pool 2
gateway-list 10.1.1.129
network 10.1.1.128 mask 255.255.255.128
lease day 2 hour 0 minute 0
dns-list 10.1.1.2
nbns-list 10.1.1.4
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.128
dhcp select global
#
interface Vlanif20
ip address 10.1.1.129 255.255.255.128
dhcp select global
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
return
4.3.2 Example for Configuring a DHCP Server Based on the
Interface Address Pool
Networking Requirements
As shown in Figure 4-10, an enterprise has two offices on the same network segment. To reduce
network construction cost, the enterprise uses one DHCP server to assign IP addresses for hosts
in the two offices.
All the hosts in Office1 are on the network segment 10.1.1.0/24 and added to VLAN 10. Hosts
in Office1 use the DNS service and NetBIOS service with a lease of thirty days. All the hosts
in Office2 are on the network segment 10.1.2.0/24 and added to VLAN 11. Hosts in Office2 do
not use the DNS service or NetBIOS service. The lease of the IP address is tweenty days.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
383
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Figure 4-10 Networking diagram for configuring a DHCP server based on the VLANIF interface
address pool
NetBIOS Server
10.1.1.3/24
DHCP
Client
10.1.1.2/24
VLANIF10
10.1.1.1/24
GE0/0/1
SwitchB
GE0/0/2
VLANIF11
10.1.2.1/24
SwitchC
DHCP
Client
DNS Server
DHCP
Client
SwitchA
DHCP
Server
DHCP
Client
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create two interface address pools on the SwitchA and set attributes of the address pool.
Configure the interface address pools to enable the DHCP server to assign IP addresses and
configuration parameters to hosts from different interface address pools.
2.
Configure VLANIF interfaces to assign IP addresses to hosts from the interface address
pool.
Procedure
Step 1 Enable DHCP
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] dhcp enable
Step 2 Adds the interface to the VLAN
# Add GE0/0/1 to VLAN 10.
[SwitchA] vlan batch 10 to 11
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
# Add GE0/0/2 to VLAN 11.
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port hybrid pvid vlan 11
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
384
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
[SwitchA-GigabitEthernet0/0/2] port hybrid untagged vlan 11
[SwitchA-GigabitEthernet0/0/2] quit
Step 3 Assign IP addresses to VLANIF interfaces
# Assign an IP address to VLANIF 10.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 10.1.1.1 24
[SwitchA-Vlanif10] quit
# Allocate an IP address to VLANIF 11.
[SwitchA] interface vlanif 11
[SwitchA-Vlanif11] ip address 10.1.2.1 24
[SwitchA-Vlanif11] quit
Step 4 Enable the VLANIF interface address pool
# Configure clients on VLANIF 10 to obtain IP addresses from the interface address pool.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] dhcp select interface
[SwitchA-Vlanif10] quit
# Configure clients on VLANIF 11 to obtain IP addresses from the interface address pool.
[SwitchA] interface vlanif 11
[SwitchA-Vlanif11] dhcp select interface
[SwitchA-Vlanif11] quit
Step 5 Configure the DNS service and NetBIOS service for the interface address pool
# Configure the DNS service and NetBIOS service for the interface address pool on VLANIF
10.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] dhcp server
[SwitchA-Vlanif10] dhcp server
[SwitchA-Vlanif10] dhcp server
[SwitchA-Vlanif10] dhcp server
[SwitchA-Vlanif10] dhcp server
[SwitchA-Vlanif10] dhcp server
[SwitchA-Vlanif10] quit
domain-name huawei.com
dns-list 10.1.1.2
nbns-list 10.1.1.3
excluded-ip-address 10.1.1.2
excluded-ip-address 10.1.1.3
netbios-type b-node
Step 6 Set IP address leases of IP address pools
# Set the IP address lease of VLANIF 10 address pool to 30 days.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] dhcp server lease day 30
[SwitchA-Vlanif10] quit
# Set the IP address lease of VLANIF 11 address pool to 20 days.
[SwitchA] interface vlanif 11
[SwitchA-Vlanif11] dhcp server lease day 20
[SwitchA-Vlanif11] quit
Step 7 Verify the configuration
Run the display ip pool command on SwitchA to view interface address pool configuration.
[SwitchA] display ip pool interface Vlanif10
Pool-name
: Vlanif10
Pool-No
: 0
Lease
: 30 Days 0 Hours 0 Minutes
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
385
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Domain-name
: huawei.com
DNS-server0
: 10.1.1.2
NBNS-server0
: 10.1.1.3
Netbios-type
: b-node
Position
: Interface
Status
: Unlocked
Gateway-0
: 10.1.1.1
Mask
: 255.255.255.0
VPN instance
: -----------------------------------------------------------------------------Start
End
Total Used Idle(Expired) Conflict Disable
----------------------------------------------------------------------------10.1.1.1
10.1.1.254 253
1
250(0)
0
2
----------------------------------------------------------------------------[SwitchA] display ip pool interface Vlanif11
Pool-name
: Vlanif11
Pool-No
: 1
Lease
: 20 Days 0 Hours 0 Minutes
Domain-name
: DNS-server0
: NBNS-server0
: Netbios-type
: Position
: Interface
Status
: Unlocked
Gateway-0
: 10.1.2.1
Mask
: 255.255.255.0
VPN instance
: -----------------------------------------------------------------------------Start
End
Total Used Idle(Expired) Conflict Disable
----------------------------------------------------------------------------10.1.2.1
10.1.2.254
253
3
250(0)
0
0
-----------------------------------------------------------------------------
----End
Configuration Files
Configuration file of SwitchA
#
sysname HUAWEI
#
vlan batch 10 to 11
#
dhcp enable
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 10.1.1.2 10.1.1.3
dhcp server lease day 30 hour 0 minute 0
dhcp server dns-list 10.1.1.2
dhcp server netbios-type b-node
dhcp server nbns-list 10.1.1.3
dhcp server domain-name huawei.com
#
interface Vlanif11
ip address 10.1.2.1 255.255.255.0
dhcp select interface
dhcp server lease day 20 hour 0 minute 0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 11
port hybrid untagged vlan 11
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
386
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
#
return
4.3.3 Example for Configuring a DHCP Server and a DHCP Relay
Agent
Networking Requirements
When the DHCP server and clients are on different network segments, a DHCP relay agent is
required.
As shown in Figure 4-11, an enterprise has multiple offices, which are distributed in different
office buildings. The offices in different buildings belong to different VLANs. The enterprise
uses SwitchB, which functions as the DHCP server, to assign IP addresses to hosts in different
offices.
Hosts in OfficeA are on 20.20.20.0/24 and the DHCP server is on 100.10.10.0/24. By using
SwitchA enabled with DHCP relay, the DHCP clients can obtain IP addresses from the DHCP
server.
On SwitchA, the public address of VLANIF200 is 100.10.20.1/24 and the interface address of
SwitchA connected to the carrier device is 100.10.20.2/24.
On SwitchB, the public address of VLANIF300 is 100.10.10.1/24 and the interface address of
SwitchB connected to the carrier device is 100.10.10.2/24.
Figure 4-11 DHCP relay agent
VLANIF300
SwitchB
DHCP Server
Internet
100.10.10.1/24
VLANIF200
100.10.20.1/24
SwitchA
DHCP Relay
GE0/0/2
DHCP
Client
VLANIF100
20.20.20.1/24
DHCP
Client
DHCP
Client
VLAN100
OfficeA
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
387
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure DHCP relay on SwitchA to enable SwitchA to forward DHCP messages from
different network segments.
2.
Configure a global address pool at 20.20.20.0/24 to enable the DHCP server to assign IP
address to clients on different network segments.
Procedure
Step 1 Configure DHCP relay on SwitchA.
1.
Create a DHCP server group and add DHCP servers to the group.
# Create a DHCP server group.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] dhcp server group dhcpgroup1
# Add a DHCP server to the DHCP server group.
[SwitchA-dhcp-server-group-dhcpgroup1] dhcp-server 100.10.10.1
[SwitchA-dhcp-server-group-dhcpgroup1] quit
2.
Enable DHCP relay on the interface.
# Create a VLAN and add GE0/0/2 to the VLAN.
[SwitchA] vlan batch 100 200
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port hybrid pvid vlan 100
[SwitchA-GigabitEthernet0/0/2] port hybrid untagged vlan 100
[SwitchA-GigabitEthernet0/0/2] quit
# Enable DHCP globally and DHCP relay on the interface.
[SwitchA] dhcp enable
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] dhcp select relay
[SwitchA-Vlanif100] quit
3.
Bind an interface to a DHCP server group.
# Assign IP addresses to interfaces.
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] ip address 20.20.20.1 24
Bind the interface to the DHCP server group.
[SwitchA-Vlanif100] dhcp relay server-select dhcpgroup1
[SwitchA-Vlanif100] quit
Step 2 Configure a default route on SwitchA.
[SwitchA] interface vlanif 200
[SwitchA-Vlanif200] ip address 100.10.20.1 24
[SwitchA-Vlanif200] quit
[SwitchA] ip route-static 0.0.0.0 0.0.0.0 100.10.20.2
Step 3 Configure the DHCP server based on the global address pool on SwitchB.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
388
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
# Enable DHCP.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] dhcp enable
# Configure VLANIF300 to use the global address pool.
[SwitchB] vlan 300
[SwitchB-vlan300] quit
[SwitchB] interface vlanif 300
[SwitchB-Vlanif300] ip address 100.10.10.1 24
[SwitchB-Vlanif300] dhcp select global
[SwitchB-Vlanif300] quit
Create an address pool and set the attributes of the address pool.
[SwitchB] ip pool pool1
[SwitchB-ip-pool-pool1] network 20.20.20.0 mask 24
[SwitchB-ip-pool-pool1] gateway-list 20.20.20.1
[SwitchB-ip-pool-pool1] quit
Step 4 Configure a default route on SwitchB.
[SwitchB] ip route-static 0.0.0.0 0.0.0.0 100.10.10.2
Step 5 Verify the configuration.
# Run the display dhcp relay interface vlanif 100 command on SwitchA to view the DHCP
relay configuration on the interface.
[SwitchA] display dhcp relay interface vlanif 100
DHCP relay agent running information of interface Vlanif100 :
Server group name : dhcpgroup1
Gateway address in use : 20.20.20.1
# Run the display ip pool command on SwitchB to view the IP address pool configuration.
[SwitchB] display ip pool
----------------------------------------------------------------------Pool-name
: pool1
Pool-No
: 0
Position
: Local
Status
: Unlocked
Gateway-0
: 20.20.20.1
Mask
: 255.255.255.0
VPN instance
: --
IP address Statistic
Total
:253
Used
:2
Expired
:0
Idle
Conflict
:251
:0
Disable
:0
----End
Configuration Files
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100 200
#
dhcp enable
#
dhcp server group dhcpgroup1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
389
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
dhcp-server 100.10.10.1 0
#
interface Vlanif100
ip address 20.20.20.1 255.255.255.0
dhcp select relay
dhcp relay server-select dhcpgroup1
#
interface Vlanif200
ip address 100.10.20.1 255.255.255.0
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ip route-static 0.0.0.0 0.0.0.0 100.10.20.2
#
return
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 300
#
dhcp enable
#
ip pool pool1
gateway-list 20.20.20.1
network 20.20.20.0 mask 255.255.255.0
#
interface Vlanif300
ip address 100.10.10.1 255.255.255.0
dhcp select global
#
ip route-static 0.0.0.0 0.0.0.0 100.10.10.2
#
return
4.3.4 Example for Configuring the DHCP Clients
Networking Requirements
As shown in Figure 4-12, SwitchA functions as a DHCP client, and SwitchB functions as a
DHCP server. SwitchA dynamically obtains an IP address, a DNS server address, and a gateway
address from SwitchB.
Figure 4-12 Networking diagram for configuring DHCP clients
Gateway
192.168.1.126/24
GE0/0/1
VLANIF10
192.168.1.1/24
SwitchB
DHCP Server
Issue 04 (2013-11-06)
GE0/0/1
VLANIF10
192.168.1.2/24
DNS Server
SwitchA
DHCP Client
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
390
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable the DHCP client function on SwitchA so that SwitchA can dynamically obtains an
IP address from the DHCP server.
2.
Create a global address pool on SwitchB and configure related attributes.
l
Configure the DHCP client function on SwitchA
Procedure
# Enable the DHCP service
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] dhcp enable
# Create VLAN10 and add GE0/0/1 to VLAN10
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
# Enable the DHCP client function on VLANIF10
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address dhcp-alloc
l
Create a global address pool on SwitchB and configure related attributes
1.
Enable the DHCP service
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] dhcp enable
2.
Create VLAN10 and add GE0/0/1 to VLAN10
[SwitchB] vlan 10
[SwitchB-vlan10] quit
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type trunk
[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[SwitchB-GigabitEthernet0/0/1] quit
3.
Configure VLANIF10 to select a global address pool for IP address allocation
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ip address 192.168.1.1 24
[SwitchB-Vlanif10] dhcp select global
[SwitchB-Vlanif10] quit
4.
Create an address pool and configure related attributes
[SwitchB] ip pool pool1
[SwitchB-ip-pool-pool1]
[SwitchB-ip-pool-pool1]
[SwitchB-ip-pool-pool1]
[SwitchB-ip-pool-pool1]
l
network 192.168.1.0 mask 24
gateway-list 192.168.1.126
dns-list 192.168.1.2
quit
Verify the configuration
# Run the display current-configuration command on SwitchA to view the configuration
of the DHCP client function
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
391
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
[SwitchA] display current-configuration
...
#
interface Vlanif 10
ip address dhcp-alloc
#
...
# After VLANIF10 obtains an IP address, run the display dhcp client command on
SwitchA to check the status of the DHCP client on VLANIF10
[SwitchA] display dhcp client
DHCP client lease information on
Vlanif10 :
Current machine state
:
Bound
Internet address assigned via :
DHCP
Physical address
:
0018-8201-0987
IP address
:
192.168.1.254
Subnet mask
:
255.255.255.0
Gateway ip address
:
192.168.1.126
DHCP server
:
192.168.1.1
Lease obtained at
:
02:48:09
Lease expires at
:
03:48:09
Lease renews at
:
03:18:09
Lease rebinds at
:
03:40:39
DNS
:
interface
2008-11-06
2008-11-06
2008-11-06
2008-11-06
192.168.1.2
# Run the display ip pool command on SwitchB. You can view the configuration about
the IP address pool of SwitchB
[SwitchB] display ip pool
----------------------------------------------------------------------Pool-name
:
pool1
Pool-No
:
0
Position
: Local
Status
:
Unlocked
Gateway-0
:
192.168.1.126
Mask
:
255.255.255.0
VPN instance
:
--
IP address
Statistic
Total
253
Used
252
Expired
:
:1
Idle
:
:0
Conflict
:0
Disable
:0
----End
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
392
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Example
l
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
dhcp enable
#
interface
Vlanif10
ip address dhcpalloc
#
interface
GigabitEthernet0/0/1
port link-type
trunk
port trunk allow-pass vlan
10
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10
#
dhcp enable
#
ip pool pool1
gateway-list 192.168.1.126
network 192.168.1.0 mask 255.255.255.0
dns-list 192.168.1.2
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
dhcp select global
#
interface
GigabitEthernet0/0/1
port link-type
trunk
port trunk allow-pass vlan
10
#
return
4.3.5 Example for Configuring the BOOTP Clients
Networking Requirements
As shown in Figure 4-13, SwitchA functions as a BOOTP client, and SwitchB functions as a
DHCP server. SwitchA obtains an IP address from an IP-MAC binding entry, a DNS server
address, and a gateway address from SwitchB functioning as a DHCP server.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
393
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Figure 4-13 Networking diagram for configuring BOOTP clients
Gateway
192.168.1.126/24
GE0/0/1
VLANIF10
192.168.1.1/24
SwitchB
DHCP Server
GE0/0/1
VLANIF10
192.168.1.2/24
DNS Server
SwitchA
BOOTP Client
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable the DHCP client function on SwitchA so that SwitchA can dynamically obtains an
IP address from the DHCP server.
2.
Create a global address pool on SwitchB and configure related attributes.
l
Configure the DHCP client function on SwitchA
Procedure
# Enable the DHCP service.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] dhcp enable
# Create VLAN10 and add GE0/0/1 to VLAN10
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
# Enable the BOOTP client function on VLANIF10 interface
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address bootp-alloc
l
Create a global address pool on SwitchB and configure related attributes
1.
Enable the DHCP service.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] dhcp enable
[SwitchB] dhcp server bootp
[SwitchB] dhcp server bootp automatic
2.
Issue 04 (2013-11-06)
Create VLAN10 and add GE0/0/1 to VLAN10
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
394
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
[SwitchB] vlan 10
[SwitchB-Vlan10] quit
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type trunk
[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[SwitchB-GigabitEthernet0/0/1] quit
3.
Configure VLANIF10 to select a global address pool for IP address allocation
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ip address 192.168.1.1 24
[SwitchB-Vlanif10] dhcp select global
[SwitchB-Vlanif10] quit
4.
Create an address pool and configure related attributes
[SwitchB] ip pool pool1
[SwitchB-ip-pool-pool1]
[SwitchB-ip-pool-pool1]
[SwitchB-ip-pool-pool1]
[SwitchB-ip-pool-pool1]
l
network 192.168.1.0 mask 24
gateway-list 192.168.1.126
dns-list 192.168.1.2
quit
Verify the configuration.
# Run the display current-configuration command on SwitchA. You can view the
configurations of the DHCP client function
[SwitchA] display current-configuration
...
#
interface Vlanif10
ip address bootp-alloc
#
...
# After VLANIF10 obtains an IP address, run the display dhcp client command on
SwitchA to check the status of the DHCP client on VLANIF10
[SwitchA] display dhcp client
BOOTP client lease information
Vlanif10 :
Current machine state
Bound
Internet address assigned via
BOOTP
Physical address
0018-8201-0987
IP address
192.168.1.254
Subnet mask
255.255.255.0
Gateway ip address
192.168.1.126
Lease obtained at
23:04:47
DNS
on interface
:
:
:
:
:
:
: 2008-11-06
: 192.168.1.2
# Run the display ip pool command on SwitchB. You can view the configuration about
the IP address pool of SwitchB
[SwitchB] display ip pool
----------------------------------------------------------------------Pool-name
:
pool1
Pool-No
:
0
Position
: Local
Status
:
Unlocked
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
395
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Gateway-0
192.168.1.126
Mask
255.255.255.0
VPN instance
--
IP address
Statistic
Total
253
Used
252
Expired
4 IP Service
:
:
:
:
:1
Idle
:
:0
Conflict
:0
Disable
:0
----End
Example
l
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 10
#
dhcp enable
#
interface
Vlanif10
ip address bootpalloc
#
interface
GigabitEthernet0/0/1
port link-type
trunk
port trunk allow-pass vlan
10
#
return
l
Configuration file of Switch B
#
sysname SwitchB
#
vlan batch 10
#
dhcp enable
#
dhcp server
bootp
dhcp server bootp
automatic
#
ip pool pool1
gateway-list 192.168.1.126
network 192.168.1.0 mask 255.255.255.0
dns-list 192.168.1.2
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
dhcp select global
#
interface
GigabitEthernet0/0/1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
396
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
port link-type
trunk
port trunk allow-pass vlan
10
#
return
4.4 DHCP Policy VLAN Configuration
This chapter describes the concept, operating mode, and configuration of Dynamic Host
Configuration Protocol (DHCP) policy Virtual Local Area Network (VLAN), and provides
configuration examples.
4.4.1 Example for Configuring DHCP Policy VLAN Based on MAC
Addresses
Networking Requirements
As shown in Figure 4-14, on the S2350&S5300&S6300, GE 0/0/2 connects to PC1 and PC2
that access the network for the first time; GE 0/0/4 connects to the DHCP server that belongs to
VLAN 100. The MAC address of PC1 is 001E-9089-C65A; the MAC address of PC2 is
00E0-4C84-0B44.
Figure 4-14 Networking for configuring DHCP policy VLAN based on MAC addresses
PC1
001E-9089-C65A
Switch
GE 0/0/4
VLAN100
GE 0/0/2
DHCP Server
192.168.31.251/16
PC2
00E0-4C84-0B44
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable DHCP globally.
2.
Determine to which VLAN the DHCP server belongs.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
397
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3.
4 IP Service
Configure DHCP policy VLAN based on MAC addresses.
Configuration Procedure
1.
Configure the Switch
# Enable DHCP globally. Configure GE 0/0/2 and GE 0/0/4 on the Switch as a hybrid
interface, and configure frames from VLAN 100 to pass through GE 0/0/2 in untagged
mode.
<HUAWEI> system-view
[HUAWEI] dhcp enable
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/2] port
[HUAWEI-GigabitEthernet0/0/2] port
[HUAWEI-GigabitEthernet0/0/2] quit
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/4] port
[HUAWEI-GigabitEthernet0/0/4] quit
0/0/2
hybrid pvid vlan 2
hybrid untagged vlan 2 to 100
0/0/4
hybrid untagged vlan 100
# Configure DHCP policy VLAN based on MAC addresses.
<HUAWEI> system-view
[HUAWEI] vlan 100
[HUAWEI-vlan100] dhcp policy-vlan mac-address 001E-9089-C65A priority 5
[HUAWEI-vlan100] dhcp policy-vlan mac-address 00E0-4C84-0B44 priority 5
[HUAWEI-vlan100] quit
2.
Verify the configuration
# After PC1 and PC2 go online and obtain IP addresses, ping the DHCP server from PC1
and PC2. The ping operations are successful.
C:\>ping 192.168.31.251
Pinging 192.168.31.251 with 32 bytes of data:
Reply
Reply
Reply
Reply
from
from
from
from
192.168.31.251:
192.168.31.251:
192.168.31.251:
192.168.31.251:
bytes=32
bytes=32
bytes=32
bytes=32
time=126ms TTL=255
time=2ms TTL=255
time=2ms TTL=255
time=2ms TTL=255
Ping statistics for 192.168.31.251:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 126ms, Average = 33ms
Configuration Files
The following lists the configuration file of the S2350&S5300&S6300
#
dhcp enable
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 2
port hybrid untagged vlan 2 to 100
#
interface GigabitEthernet0/0/4
port hybrid untagged vlan 100
#
vlan 100
dhcp policy-vlan mac-address 001e-9089-c65a priority 5
dhcp policy-vlan mac-address 00e0-4c84-0b44 priority 5
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
398
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
4.4.2 Example for Configuring DHCP Policy VLAN Based on
Interfaces
Networking Requirements
As shown in Figure 4-15, on the S2350&S5300&S6300, GE 0/0/2 connects to an access switch;
GE 0/0/1 connects to the DHCP server that belongs to VLAN 100; the access switch connects
to 10 hosts.
Figure 4-15 Networking for configuring DHCP policy VLAN based on interfaces
Switch
GE 0/0/1
VLAN100
GE 0/0/2
DHCP Server
192.168.31.251/16
...
PC1
PC10
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable DHCP globally.
2.
Determine to which VLAN the DHCP server belongs.
3.
Configure DHCP policy VLAN based on interfaces.
Configuration Procedure
1.
Configure the S2350&S5300&S6300
# Enable DHCP globally. Configure GE 0/0/1 and GE 0/0/2 on the
S2350&S5300&S6300 as hybrid interfaces, and configure frames from VLAN 100 to pass
through GE 0/0/2 in untagged mode.
<HUAWEI> system-view
[HUAWEI] dhcp enable
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/1] port
[HUAWEI-GigabitEthernet0/0/1] port
[HUAWEI-GigabitEthernet0/0/1] quit
[HUAWEI] interface gigabitethernet
Issue 04 (2013-11-06)
0/0/1
hybrid pvid vlan 10
hybrid untagged vlan 10 to 100
0/0/2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
399
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
[HUAWEI-GigabitEthernet0/0/2] port hybrid pvid vlan 20
[HUAWEI-GigabitEthernet0/0/2] port hybrid untagged vlan 20 to 100
[HUAWEI-GigabitEthernet0/0/2] quit
2.
# Configure DHCP policy VLAN based on interfaces
<HUAWEI> system-view
[HUAWEI] vlan 100
[HUAWEI-vlan100] dhcp policy-vlan port gigabitethernet 0/0/2 priority 5
Configuration Files
The following lists the configuration file of the S2350&S5300&S6300
#
dhcp enable
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10 to 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20 to 100
#
vlan 100
dhcp policy-vlan port GigabitEthernet 0/0/2 priority 5
#
return
4.5 DHCPv6 Configuration
This section describes how to configure the DHCPv6 function. Currently, the switch can function
as the DHCPv6 server, DHCPv6 PD server, DHCPv6 relay on the IPv6 network.
4.5.1 Example for Configuring a DHCPv6 Server
Networking Requirements
If a large number of IPv6 addresses need to be manually configured, the workload on
configuration will be huge, and the manually configured addresses have poor manageability.
The administrator requires that IPv6 addresses and network configuration parameters be
obtained automatically to facilitate centralized management and hierarchical IPv6 network
deployment.
Figure 4-16 Networking diagram for configuring the DHCPv6 server
VLANIF100 Switch A
3000::1/64
GE0/0/1
DHCPv6 Client
Issue 04 (2013-11-06)
DHCPv6 Server
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
400
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable IPv6 functions on the interface so that devices can communicate using IPv6.
2.
Enable the DHCPv6 PD Server function so that devices can obtain IPv6 address prefixes
using DHCPv6.
Procedure
Step 1 Enable the DHCP service
<HUAWEI> system-view
[HUAWEI] sysname Switch A
[Switch A] dhcp enable
Step 2 Configure the ipv6 function on interfaces
[Switch
[Switch
[Switch
[Switch
[Switch
[Switch
[Switch
[Switch
[Switch
[Switch
[Switch
A] ipv6
A] vlan 100
A-vlan100] quit
A] interface gigabitethernet 0/0/1
A-GigabitEthernet0/0/1] port link-type access
A-GigabitEthernet0/0/1] port default vlan 100
A-GigabitEthernet0/0/1] quit
A] interface vlanif 100
A-Vlanif100] ipv6 enable
A-Vlanif100] ipv6 address 3000::1/64
A-Vlanif100] quit
Step 3 Configure a DHCPv6 server
[Switch
[Switch
[Switch
[Switch
A] dhcpv6 pool pool1
A-dhcpv6-pool-pool1] address prefix 3000::2/64
A-dhcpv6-pool-pool1] dns-server 4000::1
A-dhcpv6-pool-pool1] quit
Step 4 Enable the DHCPv6 server function on the interface
# Enable the DHCPv6 server function on Vlanif100.
[Switch A] interface vlanif 100
[Switch A-Vlanif100] dhcpv6 server pool1
Step 5 Verify the configuration
Run the display dhcpv6 pool command on the switch to check information about the DHCPv6
address pool.
<Switch A> display dhcpv6 pool
DHCPv6 pool: pool1
Address prefix: 3000::/64
lifetime valid 172800 seconds, preferred 86400 seconds
0 in use, 0 conflicts
Information refresh time: 86400
DNS server address: 4000::1
Conflict-address expire-time: 172800
Active normal clients: 0
Run the display dhcpv6 server command on the switch to check information about the DHCPv6
server.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
401
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
<Switch A> display
Interface
Vlanif100
dhcpv6
4 IP Service
server
DHCPv6 pool
pool1
----End
Configuration File
Configuration file of Switch A
#
sysname Switch A
#
ipv6
#
vlan batch 100
#
dhcp enable
#
dhcpv6 pool pool1
address prefix 3000::2/64
dns-server 4000::1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan
100
#
interface Vlanif100
ipv6 enable
ipv6 address 3000::1/64
dhcpv6 server pool1
#
return
4.5.2 Example for Configuring a DHCPv6 PD Server
Networking Requirements
As shown in Figure 4-17, RouterB and SwitchA are directly connected and on the same link.
RouterB cannot communicate with other devices because it has no IPv6 address and other
network configuration parameters. The Switch A needs to be configured as a DHCPv6 PD server
to assign IPv6 addresses and other network configuration parameters to DHCPv6 clients. This
facilitates centralized management and layered IPv6 network deployment.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
402
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Figure 4-17 Networking diagram of configuring the DHCPv6 PD server
IPv6 HostC
RouterB
GE0/0/1
DHCPv6 PD Client
VLANIF100 SwitchA
3000::1/64
GE0/0/1
DHCPv6 PD Server
IPv6 HostA
IPv6 HostB
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable IPv6 on interfaces so that devices can communicate using IPv6.
2.
Enable the DHCPv6 PD server function so that DHCPv6 PD server can assign IPv6
addresses using DHCPv6.
Procedure
Step 1 Enable the DHCP service
<HUAWEI> system-view
[HUAWEI] sysname Switch A
[Switch A] dhcp enable
Step 2 Configure IPv6 functions on interfaces
[Switch
[Switch
[Switch
[Switch
[Switch
[Switch
[Switch
[Switch
[Switch
[Switch
[Switch
A] ipv6
A] vlan 100
A-vlan100] quit
A] interface gigabitethernet 0/0/1
A-GigabitEthernet0/0/1] port link-type access
A-GigabitEthernet0/0/1] port default vlan 100
A-GigabitEthernet0/0/1] quit
A] interface vlanif 100
A-Vlanif100] ipv6 enable
A-Vlanif100] ipv6 address 3000::1/64
A-Vlanif100] quit
Step 3 Configure a DHCPv6 PD server
[Switch
[Switch
[Switch
[Switch
A] dhcpv6 pool pool1
A-dhcpv6-pool-pool1] prefix-delegation 3000::/60 64
A-dhcpv6-pool-pool1] dns-server 4000::1
A-dhcpv6-pool-pool1] quit
Step 4 Enable the DHCPv6 PD server function on an interface
# Enable the DHCPv6 PD server function on VLANIF 100.
[Switch A] interface vlanif 100
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
403
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
[Switch A-Vlanif100] dhcpv6 server pool1
[Switch A-Vlanif100] quit
[Switch A] quit
Step 5 Verify the configuration
Run the display dhcpv6 pool command on the switch to check information about the DHCPv6
address pool.
<Switch A> display dhcpv6 pool
DHCPv6 pool: pool1
Prefix delegation: 3000::/60 64
lifetime valid 172800 seconds, preferred 86400 seconds
0 in use
Information refresh time: 86400
DNS server address: 4000::1
Conflict-address expire-time: 172800
Active pd clients: 0
Run the display dhcpv6 server command on the switch to check information about the DHCPv6
PD server.
<Switch A> display
Interface
Vlanif100
dhcpv6
server
DHCPv6 pool
pool1
----End
Configuration File
Configuration file of SwitchA
#
sysname Switch A
#
ipv6
#
vlan batch 100
#
dhcp enable
#
dhcpv6 pool pool1
prefix-delegation 3000::/60 64
dns-server 4000::1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan
100
#
interface Vlanif100
ipv6 enable
ipv6 address 3000::1/64
dhcpv6 server pool1
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
404
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
4.5.3 Example for Configuring a DHCPv6 Relay to Assign IPv6
Addresses to the Clients in One Network Segment Connected to
the Relay
Networking Requirements
As shown in Figure 4-18, the DHCPv6 client address is 2000::/64 and the DHCPv6 server
address is 3000::3/64. The DHCPv6 client and server are on different links; therefore, a DHCPv6
relay agent is required to forward DHCPv6 packets.
The Switch needs to function as the DHCPv6 relay agent to forward DHCPv6 packets between
the DHCPv6 client and server. In addition, the Switch functions as the gateway device of the
network at 2000::/64. The M flag bit and O flag bit in RA messages allow hosts on the network
to obtain IPv6 addresses and other network configuration parameters through DHCPv6.
Figure 4-18 Networking diagram of configuring a DHCPv6 relay agent
DHCPv6 client
DHCPv6 client
GE0/0/2
GE0/0/1
Switch
VLANIF20
VLANIF10
3000::1/64
2000::1/64
DHCPv6 relay agent
3000::3/64
DHCPv6 server
DHCPv6 client
DHCPv6 client
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable IPv6 on interfaces so that devices can communicate using IPv6.
2.
Enable the DHCPv6 relay function so that the DHCPv6 server and client on different links
can transmit packets.
Procedure
Step 1 Enable the DHCPv6 service
<HUAWEI> system-view
[HUAWEI] dhcp enable
Step 2 Adding interfaces to VLANs
# Add GigabitEthernet0/0/1 to VLAN 10.
[HUAWEI] vlan batch 10 20
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port hybrid pvid vlan 10
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
405
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
[HUAWEI-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[HUAWEI-GigabitEthernet0/0/1] quit
# Add GigabitEthernet0/0/2 to VLAN 20.
[HUAWEI] interface gigabitethernet 0/0/2
[HUAWEI-GigabitEthernet0/0/2] port hybrid pvid vlan 20
[HUAWEI-GigabitEthernet0/0/2] port hybrid untagged vlan 20
[HUAWEI-GigabitEthernet0/0/2] quit
Step 3 Assign IPv6 addresses to VLANIF interfaces
# Enable the IPv6 packet forwarding function.
[HUAWEI] ipv6
# Assign an IPv6 address to VLANIF 10.
[HUAWEI] interface vlanif 10
[HUAWEI-Vlanif10] ipv6 enable
[HUAWEI-Vlanif10] ipv6 address 2000::1 64
[HUAWEI-Vlanif10] quit
# Assign an IPv6 address to VLANIF 20.
[HUAWEI] interface vlanif 20
[HUAWEI-Vlanif20] ipv6 enable
[HUAWEI-Vlanif20] ipv6 address 3000::1 64
[HUAWEI-Vlanif20] quit
Step 4 Enable the DHCPv6 relay function
# Enable the DHCPv6 relay function on VLANIF 10 and specify the IPv6 address of the DHCPv6
server.
[HUAWEI] interface vlanif 10
[HUAWEI-Vlanif10] dhcpv6 relay destination 3000::3
Step 5 Configure the Switch as the gateway
# Configure the Switch to send RA messages and configure M and O flag bits.
[HUAWEI-Vlanif10]
[HUAWEI-Vlanif10]
[HUAWEI-Vlanif10]
[HUAWEI-Vlanif10]
undo ipv6 nd ra halt
ipv6 nd autoconfig managed-address-flag
ipv6 nd autoconfig other-flag
quit
Step 6 Verify the configuration
Run the display dhcpv6 relay command on the Switch, and you can view the DHCPv6 relay
configuration.
[HUAWEI] display dhcpv6 relay
Interface
Mode
Destination
-----------------------------------------------------------------Vlanif10
Relay
3000::3
------------------------------------------------------------------
Run the display dhcpv6 relay statistics command on the Switch, and you can view statistics
about DHCPv6 packets passing through the DHCPv6 relay agent.
[HUAWEI] display dhcpv6 relay statistics
MessageType
Receive
Solicit
0
Advertise
0
Request
0
Confirm
0
Issue 04 (2013-11-06)
Send
0
0
0
0
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Error
0
0
0
0
406
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Renew
Rebind
Reply
Release
Decline
Reconfigure
Information-request
Relay-forward
Relay-reply
UnknownType
4 IP Service
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
----End
Configuration File
Configuration file of the Switch
#
sysname HUAWEI
#
vlan batch 10 20
#
ipv6
#
dhcp enable
#
interface Vlanif10
ipv6 enable
ipv6 address 2000::1/64
undo ipv6 nd ra halt
ipv6 nd autoconfig managed-address-flag
ipv6 nd autoconfig other-flag
dhcpv6 relay destination 3000::3
#
interface Vlanif20
ipv6 enable
ipv6 address 3000::1/64
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
return
4.6 IP Performance Configuration
You can optimize IP performance by adjusting parameters on the network.
4.6.1 Example for Configuring ICMP Redirection Packets
Networking Requirements
In Figure 4-19, SwitchA, SwitchB, and SwitchC are connected to the Internet through GE
interfaces. When SwitchB detects that SwitchA uses a non-optimal route, it sends an ICMP
redirection packet to SwitchA, requesting SwitchA to change the route. To prevent SwitchB
from sending ICMP packets, the function of sending ICMP redirection packets is required to be
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
407
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
disabled. Ping SwitchB from SwitchA to check whether SwitchB is disabled from sending ICMP
redirection packets.
Figure 4-19 Network diagram for configuring ICMP redirection packets
SwitchA
GE0/0/1
VLANIF100
1.1.1.1/24
Internet
GE0/0/1
GE0/0/1
VLANIF100
1.1.1.2/24
VLANIF100
2.2.2.2/24
SwitchC
SwitchB
Configuration Roadmap
The configuration roadmap is as follows:
Disable the function of sending ICMP redirection packets on VLANIF100 on SwithB. Ping
SwitchB from SwitchA. SwitchB does not send ICMP redirection packets.
Procedure
Step 1 Configure an IP address for the VLANIF interface.
# Configure SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan 100
[SwitchA-Vlan100] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid tagged vlan 100
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] ip address 1.1.1.1 24
[SwitchA-Vlanif100] quit
# Configure SwitchB.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan 100
[SwitchB-Vlan100] quit
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port hybrid tagged vlan 100
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
408
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] ip address 1.1.1.2 24
[SwitchB-Vlanif100] quit
# Configure SwitchC.
<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] vlan 100
[SwitchC-Vlan100] quit
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] port hybrid tagged vlan 100
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface vlanif 100
[SwitchC-Vlanif100] ip address 2.2.2.2 24
[SwitchC-Vlanif100] quit
Step 2 Configure static routes.
# Configure SwitchA.
[SwitchA] ip route-static 2.2.2.0 255.255.255.0 1.1.1.2
# Configure SwitchB.
[SwitchB] ip route-static 2.2.2.0 255.255.255.0 1.1.1.1
Step 3 Disable the function of sending ICMP redirection packets on VLANIF100 on SwitchB.
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] undo icmp redirect send
[SwitchB-Vlanif100] quit
Step 4 Verify the configuration.
# Enable ICMP packet debugging on SwitchB.
<SwitchB> debugging ip icmp
<SwitchA> terminal monitor
<SwitchA> terminal debugging
# Ping SwitchB from SwitchA. SwitchB does not send ICMP redirection packets.
[SwitchA] ping 2.2.2.2
PING 2.2.2.2: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 2.2.2.2 ping statistics --5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100
#
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
409
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
interface Vlanif100
ip address 1.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 100
#
ip route-static 2.2.2.0 255.255.255.0 1.1.1.2
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 100
#
interface Vlanif100
ip address 1.1.1.2 255.255.255.0
undo icmp redirect send
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 100
#
ip route-static 2.2.2.0 255.255.255.0 1.1.1.1
#
return
l
Configuration of SwitchC
#
sysname SwitchC
#
vlan batch 100
#
interface Vlanif100
ip address 2.2.2.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 100
#
return
4.6.2 Example for Configuring ICMP Host Unreachable Packets
Networking Requirements
In Figure 4-20, SwitchA, SwitchB, and SwitchC are connected to each other through GE
interfaces. To check the sending of ICMP host unreachable packets.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
410
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Figure 4-20 Network diagram for configuring ICMP host unreachable packets
GE0/0/2
VLANIF11
2.2.2.2/24
GE0/0/2
VLANIF11
2.2.2.1/24
SwitchB
GE0/0/1
SwitchC
GE0/0/1
VLANIF10
1.1.1.2/24
VLANIF10
1.1.1.1/24
SwitchA
Configuration Roadmap
The configuration roadmap is as follows:
Disable the function of sending ICMP host unreachable packets on SwitchB. Ping 2.2.2.2 on
SwitchA. SwitchA can not receive ICMP host unreachable packets sent from SwitchB.
NOTE
By default, the function of sending ICMP host unreachable packets is enabled in both the system and the
interface view. If the configuration is not modified, you do not need to use a command to enable the function
of sending ICMP host unreachable packets.
Procedure
Step 1 Configure SwitchA.
# Configure an IP address for VLANIF 10.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid tagged vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 1.1.1.1 24
[SwitchA-Vlanif10] quit
# Configure static routes on SwitchA.
[SwitchA] ip route-static 2.2.2.0 24 1.1.1.2
Step 2 Configure SwitchB.
# Configure an IP address for VLANIF 10 on SwitchB and disable the function of sending ICMP
host unreachable packets.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
411
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
[SwitchB] undo icmp host-unreachable send
[SwitchB] vlan 10
[SwitchB-vlan10] quit
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port hybrid tagged vlan 10
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ip address 1.1.1.2 24
[SwitchB-Vlanif10] quit
[SwitchB] vlan 11
[SwitchB-vlan11] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port hybrid tagged vlan 11
[SwitchB-GigabitEthernet0/0/2] quit
[SwitchB] interface vlanif 11
[SwitchB-Vlanif11] ip address 2.2.2.1 24
[SwitchB-Vlanif11] undo icmp host-unreachable send
[SwitchB-Vlanif11] quit
Step 3 Configure SwitchC.
# Configure an IP address for VLANIF 11 on SwitchC.
<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] vlan 11
[SwitchC-vlan11] quit
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] port hybrid tagged vlan 11
[SwitchC-GigabitEthernet0/0/2] quit
[SwitchC] interface vlanif 11
[SwitchC-Vlanif11] ip address 2.2.2.2 24
[SwitchC-Vlanif11] quit
# Configure static routes on SwitchC.
[SwitchC] ip route-static 1.1.1.0 24 2.2.2.1
Step 4 Verify the configuration.
# Enable ICMP packet debugging on SwitchA.
<SwitchA> debugging ip icmp
<SwitchA> terminal monitor
<SwitchA> terminal debugging
# Ping 2.2.2.2 on SwitchA.
[SwitchA] ping 2.2.2.2
PING 2.2.2.2: 56 data bytes, press CTRL_C to break
Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255
Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255
Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255
Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255
Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255
--- 2.2.2.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 25/26/27 ms
time=25
time=27
time=26
time=26
time=26
ms
ms
ms
ms
ms
# Run the display icmp statistics, If you can view that the statistics of destination
unreachable is 0, it proved that SwitchB does not send the host unreachable packets, it means
that the configuration succeeds.
<SwitchA> display icmp statistics
Input: bad format
0
echo
0
Issue 04 (2013-11-06)
bad checksum
destination unreachable
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
0
0
412
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
source quench
echo reply
timestamp
mask requests
time exceeded
Mping request
Output: echo
source quench
echo reply
timestamp
mask requests
time exceeded
Mping request
4 IP Service
0
0
0
0
0
0
0
0
0
0
0
0
0
redirects
parameter problem
information request
mask replies
other
Mping reply
destination unreachable
redirects
parameter problem
information reply
mask replies
0
0
0
0
0
0
0
0
0
0
0
Mping reply
0
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
interface Vlanif 10
ip address 1.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10
#
ip route-static 2.2.2.0 255.255.255.0 1.1.1.2
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10 to 11
#
undo icmp host-unreachable send
#
interface Vlanif 10
ip address 1.1.1.2 255.255.255.0
#
interface Vlanif 11
ip address 2.2.2.1 255.255.255.0
undo icmp host-unreachable send
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 11
#
return
l
Configuration of SwitchC
#
sysname SwitchC
#
vlan batch 11
#
interface Vlanif 11
ip address 2.2.2.2 255.255.255.0
#
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
413
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
interface GigabitEthernet0/0/2
port hybrid tagged vlan 11
#
ip route-static 1.1.1.0 24 2.2.2.1
#
return
4.6.3 Example for Optimizing System Performance by Discarding
Certain ICMP Packets
Networking Requirements
The switch in Figure 4-21 functions as the aggregation device. Enterprise users, individual users,
and DSLAMs are attached to the switch and the switch is connected to the Internet through a
BRAS. When a large amount of information is exchanged on the network or the network is
attacked, lots of ICMP packets are forwarded and the network performance is degraded. In this
case, some ICMP packets are required to be discarded to reduce the burden on the switch.
Figure 4-21 Networking diagram for configuring ICMP security function
Internet
BRAS
Swtich
DSLAM
User
network
Enterprise
user
Individual
user
Configuration Roadmap
The configuration roadmap is as follows:
Configure the function of discarding ICMP packets whose TTL value is 1, ICMP packets that
carry options, and ICMP destination unreachable packets to reduce the burden of the device in
processing a large number of ICMP packets.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
414
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Procedure
Step 1 Configure the device to discard certain ICMP packets.
# Configure the device to discard ICMP packets whose TTL value is 1.
<HUAWEI> system-view
[HUAWEI] icmp ttl-exceeded drop all
# Configure the device to discard ICMP packets that carry options.
[HUAWEI] icmp with-options drop all
# Configure the device to discard ICMP packets whose destination addresses are unreachable.
[HUAWEI] icmp unreachable drop
Step 2 Verify the configuration.
# Run the display this command in the system view to view the ICMP security configurations.
[HUAWEI] display this
#
icmp unreachable drop
icmp ttl-exceeded drop slot 0
icmp with-options drop slot 0
----End
Configuration Files
Configuration file of the switch
#
sysname HUAWEI
#
icmp unreachable drop
icmp ttl-exceeded drop slot 0
icmp with-options drop slot 0
#
return
4.7 DNS Configuration
This chapter describes the principles, basic functions and configuration procedures of DNS on
the switch, and provides configuration examples.
4.7.1 Example for Configuring the DNS Client
Networking Requirements
Compared with an IP address, the URL is easy to remember. Users want to access network
servers using domain names. It is required that the DNS server can resolve a domain name after
a user enters some fields of the domain name. For example, when a user attempts to access the
host huawei.com, the user only needs to enter huawei. It is required that the DNS server can
fast resolve common domain names.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
415
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Figure 4-22 Networking diagram for configuring the DNS client
Host B
Loopback0
4.1.1.1/32
GE0/0/1
VLANIF 101 SwitchB
1.1.1.2/16
DNS Client
SwitchA
GE0/0/2
VLANIF 101
1.1.1.1/16
Host C
Loopback0
4.1.1.2/32
SwitchC
GE0/0/1
VLANIF 100
2.1.1.1/16
GE0/0/2
VLANIF 101
3.1.1.1/16
GE0/0/1
VLANIF 100 DNS Server
2.1.1.2/16
3.1.1.2/16
huawei.com
2.1.1.3/16
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure static DNS entries on Switch A to access HostB and HostC.
2.
Configure the dynamic DNS resolution on SwitchA to access the network server.
3.
Configure the domain name suffix on SwitchA to support a domain name suffix list.
4.
Configure OSPF on switches to ensure routes among all devices are reachable.
Procedure
Step 1 Configure SwitchA.
# Configure an IP address for VLANIF101.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan 101
[SwitchA-vlan101] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type access
[SwitchA-GigabitEthernet0/0/1] port default vlan 101
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 101
[SwitchA-Vlanif101] ip address 1.1.1.2 255.255.0.0
[SwitchA-Vlanif101] quit
# Configure OSPF.
[SwitchA] ospf
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 1.1.0.0 0.0.255.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# Configure static DNS entries.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
416
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
[SwitchA] ip host hostB 4.1.1.1
[SwitchA] ip host hostC 4.1.1.2
# Enable DNS resolution.
[SwitchA] dns resolve
# Configure an IP address for the DNS server.
[SwitchA] dns server 3.1.1.2
# Set the domain name suffix to ".net".
[SwitchA] dns domain net
# Set the domain name suffix to ".com".
[SwitchA] dns domain com
[SwitchA] quit
NOTE
You need to configure OSPF on SwitchB and SwitchC to ensure reachable routes between them. For details
about OSPF configurations on SwitchB and SwitchC, see the configuration files.
Step 2 Verify the configuration.
# Run the ping hostB command on SwitchA. You can see that the ping operation succeeds and
the destination IP address is 4.1.1.1.
<SwitchA> ping hostB
PING hostB (4.1.1.1): 56 data bytes, press CTRL_C
Reply from 4.1.1.1: bytes=56 Sequence=1 ttl=126
Reply from 4.1.1.1: bytes=56 Sequence=2 ttl=126
Reply from 4.1.1.1: bytes=56 Sequence=3 ttl=126
Reply from 4.1.1.1: bytes=56 Sequence=4 ttl=126
Reply from 4.1.1.1: bytes=56 Sequence=5 ttl=126
to break
time=4 ms
time=1 ms
time=1 ms
time=1 ms
time=1 ms
--- hostB ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/4 ms
# Run the ping huawei.com command on SwitchA. You can see that the ping operation succeeds
and the destination IP address is 2.1.1.3.
<SwitchA> ping huawei.com
PING huawei.com (2.1.1.3): 56
Reply from 2.1.1.3: bytes=56
Reply from 2.1.1.3: bytes=56
Reply from 2.1.1.3: bytes=56
Reply from 2.1.1.3: bytes=56
Reply from 2.1.1.3: bytes=56
data bytes, press CTRL_C to break
Sequence=1 ttl=126 time=6 ms
Sequence=2 ttl=126 time=4 ms
Sequence=3 ttl=126 time=4 ms
Sequence=4 ttl=126 time=4 ms
Sequence=5 ttl=126 time=4 ms
--- huawei.com ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 4/4/6 ms
# Run the ping huawei command on SwitchA. You can see that the ping operation succeeds,
the domain name changes to huawei.com, and the destination IP address is 2.1.1.3.
<SwitchA> ping huawei
PING huawei.com (2.1.1.3): 56
Issue 04 (2013-11-06)
data bytes, press CTRL_C to break
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
417
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Reply
Reply
Reply
Reply
Reply
from
from
from
from
from
2.1.1.3:
2.1.1.3:
2.1.1.3:
2.1.1.3:
2.1.1.3:
4 IP Service
bytes=56
bytes=56
bytes=56
bytes=56
bytes=56
Sequence=1
Sequence=2
Sequence=3
Sequence=4
Sequence=5
ttl=126
ttl=126
ttl=126
ttl=126
ttl=126
time=6
time=4
time=4
time=4
time=4
ms
ms
ms
ms
ms
--- huawei.com ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 4/4/6 ms
Run the display ip host command on SwitchA. You can view mappings between host names
and IP addresses in static DNS entries.
<SwitchA> display ip host
Host
Age
hostB
0
hostC
0
Flags Address
static 4.1.1.1
static 4.1.1.2
# Run the display dns dynamic-host command on SwitchA. You can view information about
dynamic DNS entries saved in the cache.
<SwitchA> display dns dynamic-host
No Domain-name
IpAddress
1
huawei.com
2.1.1.3
TTL
114
Alias
----End
Configuration File
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 101
#
ip host hostB 4.1.1.1
ip host hostC 4.1.1.2
#
dns resolve
dns server 3.1.1.2
dns domain net
dns domain com
#
interface Vlanif101
ip address 1.1.1.2 255.255.0.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 101
#
ospf 1
area 0.0.0.0
network 1.1.0.0 0.0.255.255
#
return
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 100 101
#
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
418
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
interface LoopBack0
ip address 4.1.1.1 255.255.255.255
#
interface Vlanif101
ip address 1.1.1.1 255.255.0.0
#
interface Vlanif100
ip address 2.1.1.1 255.255.0.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 101
#
ospf 1
area 0.0.0.0
network 1.1.0.0 0.0.255.255
network 2.1.0.0 0.0.255.255
network 4.1.1.1 0.0.0.0
#
return
Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 100 101
#
interface LoopBack0
ip address 4.1.1.2 255.255.255.255
#
interface Vlanif101
ip address 3.1.1.1 255.255.0.0
#
interface Vlanif100
ip address 2.1.1.2 255.255.0.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 101
#
ospf 1
area 0.0.0.0
network 2.1.0.0 0.0.255.255
network 3.1.0.0 0.0.255.255
network 4.1.1.2 0.0.0.0
#
return
4.8 Basic IPv6 Configurations
The IPv6 protocol stack supports routing protocols and application protocols on an IPv6 network.
4.8.1 Example for Configuring IPv6 Addresses for Interfaces
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
419
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Networking Requirements
As shown in Figure 4-23, GE0/0/1 of SwitchA connects to GE0/0/1 of SwitchB. The two
interfaces correspond to their VLANIF interfaces (VLANIF 100). You need to configure IPv6
global unicast addresses for the VLANIF interfaces and check the Layer 3 interconnection
between the interfaces.
IPv6 global unicast addresses for the VLANIF interfaces are 3001::1/64 and 3001::2/64.
Figure 4-23 Networking diagram for configuring IPv6 addresses for interfaces
SwitchA
SwitchB
GE0/0/1
VLANIF100
3001::1/64
GE0/0/1
VLANIF100
3001::2/64
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable the IPv6 forwarding function on SwitchA and SwitchB.
2.
Configure IPv6 global unicast addresses for the interfaces.
Procedure
Step 1 Enable the IPv6 forwarding function on switches.
# Configure SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] ipv6
# Configure SwitchB.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] ipv6
Step 2 Configure global unicast addresses for interfaces.
# Configure SwitchA.
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] ipv6 enable
[SwitchA-Vlanif100] ipv6 address 3001::1/64
[SwitchA-Vlanif100] quit
# Configure SwitchB.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
420
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
[SwitchB] vlan 100
[SwitchB-vlan100] quit
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SwitchB-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] ipv6 enable
[SwitchB-Vlanif100] ipv6 address 3001::2/64
[SwitchB-Vlanif100] quit
Step 3 Verify the configuration.
If the preceding configurations are successful, you can view the configured global unicast
addresses. The interface status and the IPv6 protocol are Up.
# Check interface information on SwitchA.
[SwitchA] display ipv6 interface vlanif 100
Vlanif100 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::218:20FF:FE00:83
Global unicast address(es):
3001::1, subnet is 3001::/64
Joined group address(es):
FF02::1:FF00:1
FF02::1:FF00:83
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
# Check interface information on SwitchB.
[SwitchB] display ipv6 interface vlanif 100
Vlanif100 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::2E0:FCFF:FE33:11
Global unicast address(es):
3001::2, subnet is 3001::/64
Joined group address(es):
FF02::1:FF00:2
FF02::1:FF33:11
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
# Ping the link-local address of SwitchB from SwitchA. You need to use the parameter -i to
specify the interface of the link-local address.
[SwitchA] ping ipv6 FE80::2E0:FCFF:FE33:11 -i vlanif 100
PING FE80::2E0:FCFF:FE33:11 : 56 data bytes, press CTRL_C to break
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=1 hop limit=64 time = 7 ms
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=2 hop limit=64 time = 3 ms
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=3 hop limit=64 time = 3 ms
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=4 hop limit=64 time = 3 ms
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
421
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=5 hop limit=64 time = 3 ms
--- FE80::2E0:FCFF:FE33:11 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/3/7 ms
# Ping the IPv6 global unicast address of SwitchB from SwitchA.
[SwitchA] ping ipv6 3001::2
PING 3001::2 : 56 data bytes, press CTRL_C to break
Reply from 3001::2
bytes=56 Sequence=1 hop limit=64 time = 12 ms
Reply from 3001::2
bytes=56 Sequence=2 hop limit=64 time = 3 ms
Reply from 3001::2
bytes=56 Sequence=3 hop limit=64 time = 3 ms
Reply from 3001::2
bytes=56 Sequence=4 hop limit=64 time = 3 ms
Reply from 3001::2
bytes=56 Sequence=5 hop limit=64 time = 3 ms
--- 3001::2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/4/12 ms
----End
Configuration File
l
Configuration file of SwitchA
#
sysname SwitchA
#
ipv6
#
vlan batch 100
#
interface Vlanif100
ipv6 enable
ipv6 address 3001::1/64
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
ipv6
#
vlan batch 100
#
interface Vlanif100
ipv6 enable
ipv6 address 3001::2/64
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
422
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
port hybrid untagged vlan 100
#
return
4.9 IPv6 DNS configuration
This section describes how to configure IPv6 DNS so that devices can use domain names to
communicate.
4.9.1 Example for Configuring IPv6 DNS Client
Networking Requirements
As shown in Figure 4-24, SwitchA, functioning as the IPv6 DNS client and working jointly
with IPv6 DNS server, can access the host with the IPv6 address as 2002::1/64 based on the
domain name huawei.com.
On SwitchA, the static IPv6 DNS entries of SwitchB and SwitchC are configured. This ensures
that SwitchA can manage both the devices based on the domain names SwitchB and SwitchC.
Figure 4-24 Networking diagram of IPv6 DNS configurations
Loopback0
4.1.1.1/32
GE0/0/1
VLANIF101 SwitchB
2001::1/64
DNS client
SwitchA
GE0/0/1
VLANIF101
2001::2/64
Loopback0
4.1.1.2/32
GE0/0/1
VLANIF101
2003::1/64
SwitchC
GE0/0/2
VLANIF100
2002::2/64
GE0/0/2
VLANIF100 DNS server
2002::3/64
2003::2/64
huawei.com
2002::1/64
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure static DNS entries on SwitchA to access SwitchB and SwitchC using the domain
name.
2.
Configure dynamic DNS resolution on SwithcA to enable SwitchA to access the web server
by querying dynamic DNS entries.
3.
Configure domain name suffixes on SwitchA so that SwitchA can filter domain names
using the domain name suffix list.
4.
Configure OSPF on the switches to ensure reachable routes between them.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
423
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Procedure
Step 1 Configure SwitchA.
# Configure IPv6 function.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] ipv6
[SwitchA] vlan 101
[SwitchA-vlan101] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 101
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 101
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 101
[SwitchA-Vlanif101] ipv6 enable
[SwitchA-Vlanif101] ipv6 address 2001::1/64
[SwitchA-Vlanif101] quit
# Configure static IPv6 DNS entries.
[SwitchA] ipv6 host SwitchB 2001::2
[SwitchA] ipv6 host SwitchC 2002::3
# Enable the DNS resolution function.
[SwitchA] dns resolve
# Configure the IPv6 address of the IPv6 DNS server.
[SwitchA] dns server ipv6 2003::2
# Set the domain name suffix to ".net".
[SwitchA] dns domain net
# Set the domain name suffix to ".com".
[SwitchA] dns domain com
[SwitchA] quit
NOTE
To resolve the domain name, you also need to configure the route from Switch A to the IPv6 DNS server.
For details of how to configure the route, see Configuration example of IP static route in the
S2350&S5300&S6300 Series Ethernet Switches Configuration Guide: IP Routing.
Step 2 Verify the configuration.
# Run the ping ipv6 huawei.com command on Switch A. You can find that the Ping operation
succeeds, and the destination IPv6 address is 2002::1.
<SwitchA> ping ipv6 huawei.com
Resolved Host ( huawei.com -> 2002::1)
PING huawei.com : 56 data bytes, press CTRL_C to
Reply from 2002::1: bytes=56 Sequence=1 ttl=126
Reply from 2002::1: bytes=56 Sequence=2 ttl=126
Reply from 2002::1: bytes=56 Sequence=3 ttl=126
Reply from 2002::1: bytes=56 Sequence=4 ttl=126
Reply from 2002::1: bytes=56 Sequence=5 ttl=126
break
time=6
time=4
time=4
time=4
time=4
ms
ms
ms
ms
ms
--- huawei.com ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 4/4/6 ms
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
424
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
# Run the display ipv6 host command on SwitchA. You can view the mapping relationships
between the host names and the IPv6 addresses in IPv6 static DNS entries.
<SwitchA> display ipv6 host
Host
Age
SwitchB
0
SwitchC
0
Flags
static
static
IPv6Address (es)
2001::2
2002::3
Run the display dns ipv6 dynamic-host command on SwitchA. You can view information about
IPv6 dynamic DNS entries in the dynamic cache.
<SwitchA> display dns ipv6 dynamic-host
No Domain-name
Ipv6address
1
huawei.com
2002::1
TTL
3579
NOTE
TTL in the command output indicates the life time of the entry, in seconds.
----End
Configuration Files
l
Configuration file of SwitchA
l
#
sysname SwitchA
#
vlan batch 101
#
ipv6
#
ipv6 host SwitchB 2001::2
ipv6 host SwitchC 2002::3
#
dns resolve
dns server ipv6 2003::2
dns domain net
dns domain com
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 101
port hybrid untagged vlan 101
#
interface Vlanif101
ipv6 enable
ipv6 address 2001::1/64
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 100 to 101
#
ipv6
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 101
port hybrid untagged vlan 101
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface Vlanif100
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
425
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
ipv6 enable
ipv6 address 2002::2/64
#
interface Vlanif101
ipv6 enable
ipv6 address 2001::2/64
#
return
l
Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 100 to 101
#
ipv6
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 101
port hybrid untagged vlan 101
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface Vlanif100
ipv6 enable
ipv6 address 2002::3/64
#
interface Vlanif101
ipv6 enable
ipv6 address 2003::1/64
#
return
4.10 IPv6 over IPv4 Tunnel Configuration
IPv6 over IPv4 tunnel technology enables transition from the IPv4 network to the IPv6 network.
NOTE
S2350, S5306 and S5300LI do not support IPv6 over IPv4 tunnel functions.
4.10.1 Example for Configuring a Manual IPv6 over IPv4 Tunnel
Networking Requirements
As shown in Figure 4-25, two IPv6 networks connect to SwitchB on an IPv4 backbone network
respectively through SwitchA and SwitchC. A manual IPv6 over IPv4 tunnel needs to be set up
between SwitchA and SwitchC so that hosts on the two IPv6 networks can communicate.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
426
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Figure 4-25 Networking diagram for configuring a manual IPv6 over IPv4 tunnel
GE0/0/1
VLANIF100
192.168.50.1/24
GE0/0/1
VLANIF100
192.168.50.2/24
IPv4
network
GE0/0/1
VLANIF200
192.168.51.2/24
SwitchB
Dual
stack
IPv6
GE0/0/2
VLANIF200
192.168.51.1/24
SwitchA
Dual
stack
IPv6
SwitchC
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure IP addresses for interfaces so that devices can communicate on the IPv4
backbone network.
2.
Configure IPv6 addresses, source interfaces, and destination addresses for tunnel interfaces
so that devices can communicate with hosts on the two IPv6 networks.
3.
Set the tunnel protocol to IPv6-IPv4 so that hosts on the two IPv6 networks can
communicate through the IPv4 backbone network.
Procedure
Step 1 Configure SwitchA.
# Enable the service loopback function on an Eth-Trunk.
NOTICE
The interface must be idle. That is, the interface does not transmit services.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] interface eth-trunk 1
[SwitchA-Eth-Trunk1] service type tunnel
[SwitchA-Eth-Trunk1] quit
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] eth-trunk 1
[SwitchA-GigabitEthernet0/0/3] quit
# Configure an IP address for an interface.
[SwitchA] ipv6
[SwitchA] vlan 100
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
427
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
[SwitchA-vlan100] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] ip address 192.168.50.2 255.255.255.0
[SwitchA-Vlanif100] quit
# Set the tunnel protocol to IPv6-IPv4.
[SwitchA] interface tunnel 1
[SwitchA-Tunnel1] tunnel-protocol ipv6-ipv4
[SwitchA-Tunnel1] eth-trunk 1
# Configure an IPv6 address and a destination address for the tunnel interface.
[SwitchA-Tunnel1]
[SwitchA-Tunnel1]
[SwitchA-Tunnel1]
[SwitchA-Tunnel1]
[SwitchA-Tunnel1]
ipv6 enable
ipv6 address 3001::1 64
source vlanif 100
destination 192.168.51.2
quit
# Configure a static route.
[SwitchA] ip route-static 192.168.51.2 255.255.255.0 192.168.50.1
Step 2 Configure SwitchB.
# Configure IP addresses for interfaces.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] ipv6
[SwitchB] vlan 100
[SwitchB-vlan100] quit
[SwitchB] vlan 200
[SwitchB-vlan200] quit
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SwitchB-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port hybrid pvid vlan 200
[SwitchB-GigabitEthernet0/0/2] port hybrid untagged vlan 200
[SwitchB-GigabitEthernet0/0/2] quit
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] ip address 192.168.50.1 255.255.255.0
[SwitchB-Vlanif100] quit
[SwitchB] interface vlanif 200
[SwitchB-Vlanif200] ip address 192.168.51.1 255.255.255.0
[SwitchB-Vlanif200] quit
Step 3 Configure SwitchC.
# Enable the service loopback function on an Eth-Trunk.
NOTICE
The interface must be idle. That is, the interface does not transmit services.
<HUAWEI> system-view
[HUAWEI] sysname SwitchC
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
428
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
[SwitchC] interface eth-trunk 1
[SwitchC-Eth-Trunk1] service type tunnel
[SwitchC-Eth-Trunk1] quit
[SwitchC] interface gigabitethernet 0/0/3
[SwitchC-GigabitEthernet0/0/3] eth-trunk 1
[SwitchC-GigabitEthernet0/0/3] quit
# Configure an IP address for an interface.
[SwitchC] ipv6
[SwitchC] vlan 200
[SwitchC-vlan200] quit
[SwitchC] interface gigabitethernet0/0/1
[SwitchC-GigabitEthernet0/0/1] port hybrid pvid vlan 200
[SwitchC-GigabitEthernet0/0/1] port hybrid untagged vlan 200
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface vlanif 200
[SwitchC-Vlanif200] ip address 192.168.51.2 255.255.255.0
[SwitchC-Vlanif200] quit
# Set the tunnel protocol to IPv6-IPv4.
[SwitchC] interface tunnel 1
[SwitchC-Tunnel1] tunnel-protocol ipv6-ipv4
[SwitchC-Tunnel1] eth-trunk 1
# Configure an IPv6 address and a destination address for the tunnel interface.
[SwitchC-Tunnel1]
[SwitchC-Tunnel1]
[SwitchC-Tunnel1]
[SwitchC-Tunnel1]
[SwitchC-Tunnel1]
ipv6 enable
ipv6 address 3001::2 64
source vlanif 200
destination 192.168.50.2
quit
# Configure a static route.
[SwitchC] ip route-static 192.168.50.2 255.255.255.0 192.168.51.1
Step 4 Verify the configuration.
# Ping the IPv4 address of VLANIF 100 on SwitchA from SwitchC. SwitchC can receive a
Reply packet from SwitchA.
[SwitchC] ping 192.168.50.2
PING 192.168.50.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.50.2: bytes=56 Sequence=1 ttl=255 time=84 ms
Reply from 192.168.50.2: bytes=56 Sequence=2 ttl=255 time=27 ms
Reply from 192.168.50.2: bytes=56 Sequence=3 ttl=255 time=25 ms
Reply from 192.168.50.2: bytes=56 Sequence=4 ttl=255 time=3 ms
Reply from 192.168.50.2: bytes=56 Sequence=5 ttl=255 time=24 ms
--- 192.168.50.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/32/84 ms
# Ping the IPv6 address of Tunnel0/0/1 on SwitchA from SwitchC. SwitchC can receive a Reply
packet from SwitchA.
[SwitchC] ping ipv6 3001::1
PING 3001::1 : 56 data bytes, press CTRL_C to break
Reply from 3001::1
bytes=56 Sequence=1 hop limit=64 time = 28 ms
Reply from 3001::1
bytes=56 Sequence=2 hop limit=64 time = 27 ms
Reply from 3001::1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
429
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
bytes=56 Sequence=3 hop limit=64
Reply from 3001::1
bytes=56 Sequence=4 hop limit=64
Reply from 3001::1
bytes=56 Sequence=5 hop limit=64
--- 3001::1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 26/26/28
4 IP Service
time = 26 ms
time = 27 ms
time = 26 ms
ms
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
ipv6
#
vlan batch 100
#
interface Vlanif100
ip address 192.168.50.2 255.255.255.0
#
interface Eth-Trunk1
service type tunnel
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface Tunnel1
ipv6 enable
ipv6 address 3001::1/64
tunnel-protocol ipv6-ipv4
source Vlanif100
destination 192.168.51.2
eth-trunk 1
#
ip route-static 192.168.51.0 255.255.255.0 192.168.50.1
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
ipv6
#
vlan batch 100 200
#
interface Vlanif100
ip address 192.168.50.1 255.255.255.0
#
interface Vlanif200
ip address 192.168.51.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
430
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
interface GigabitEthernet0/0/2
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
return
l
Configuration file of SwitchC
#
sysname SwitchC
#
ipv6
#
vlan batch 200
#
interface Vlanif200
ip address 192.168.51.2 255.255.255.0
#
interface Eth-Trunk1
service type tunnel
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface Tunnel1
ipv6 enable
ipv6 address 3001::2/64
tunnel-protocol ipv6-ipv4
source Vlanif200
destination 192.168.50.2
eth-trunk 1
#
ip route-static 192.168.50.0 255.255.255.0 192.168.51.1
#
return
4.10.2 Example for Configuring a 6to4 Tunnel
Networking Requirements
As shown in Figure 4-26, the IPv6 network-side interface of 6to4 SwitchA connects to a 6to4
network. SwitchB is a 6to4 relay agent and connects to the IPv6 Internet (2002::/64). SwitchA
and SwitchB are connected through an IPv4 backbone network. A 6to4 tunnel needs to be set
up between SwitchA and SwitchB so that hosts on the 6to4 network and the IPv6 network can
communicate.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
431
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Figure 4-26 Networking diagram for configuring a 6to4 tunnel
GE0/0/1
VLANIF100
2.1.1.1
SwitchA
IPv4
GE0/0/2
VLANIF200
2002:201:101:1::1/64
Tunnel1
2002:201:101::1/64
2002:201:101:1::2
PC1
IPv6
GE0/0/1
VLANIF100
2.1.1.2
SwitchB
GE0/0/2
VLANIF200
2002:201:102:1::1/64
Tunnel1
2002:201:102::1/64
2002:201:102:1::2
PC2
IPv6
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure an IPv4/IPv6 dual stack on SwitchA and SwitchB so that they can access the
IPv4 network and the IPv6 network.
2.
Configure a 6to4 tunnel on SwitchA and SwitchB to connect IPv6 networks through the
IPv4 backbone network.
3.
Configure a static route between SwitchA and SwitchB so that they can be connected
through the IPv4 backbone network.
Procedure
Step 1 Configure SwitchA.
# Enable the service loopback function on an Eth-Trunk.
NOTICE
The interface must be idle. That is, the interface does not transmit services.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] interface eth-trunk 1
[SwitchA-Eth-Trunk1] service type tunnel
[SwitchA-Eth-Trunk1] quit
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] eth-trunk 1
[SwitchA-GigabitEthernet0/0/3] quit
# Configure an IPv4/IPv6 dual stack.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
432
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
[SwitchA] ipv6
[SwitchA] vlan batch 100 200
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] ip address 2.1.1.1 8
[SwitchA-Vlanif100] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port hybrid pvid vlan 200
[SwitchA-GigabitEthernet0/0/2] port hybrid untagged vlan 200
[SwitchA-GigabitEthernet0/0/2] quit
[SwitchA] interface vlanif 200
[SwitchA-Vlanif200] ipv6 enable
[SwitchA-Vlanif200] ipv6 address 2002:0201:0101:1::1/64
[SwitchA-Vlanif200] quit
# Configure a 6to4 tunnel.
[SwitchA] interface tunnel 1
[SwitchA-Tunnel1] tunnel-protocol ipv6-ipv4 6to4
[SwitchA-Tunnel1] eth-trunk 1
[SwitchA-Tunnel1] ipv6 enable
[SwitchA-Tunnel1] ipv6 address 2002:0201:0101::1/64
[SwitchA-Tunnel1] source vlanif 100
[SwitchA-Tunnel1] quit
# Configure a route to the other 6to4 network.
[SwitchA] ipv6 route-static 2002:: 16 tunnel 1
Step 2 Configure SwitchB.
# Enable the service loopback function on an Eth-Trunk.
NOTICE
The interface must be idle. That is, the interface does not transmit services.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] interface eth-trunk 1
[SwitchB-Eth-Trunk1] service type tunnel
[SwitchB-Eth-Trunk1] quit
[SwitchB] interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] eth-trunk 1
[SwitchB-GigabitEthernet0/0/3] quit
# Configure an IPv4/IPv6 dual stack.
[SwitchB] ipv6
[SwitchB] vlan batch 100 200
[SwitchB] interface gigabitethernet0/0/1
[SwitchB-GigabitEthernet0/0/1] port hybrid
[SwitchB-GigabitEthernet0/0/1] port hybrid
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] ip address 2.1.1.2 8
[SwitchB-Vlanif100] quit
[SwitchB] interface gigabitethernet0/0/2
[SwitchB-GigabitEthernet0/0/2] port hybrid
[SwitchB-GigabitEthernet0/0/2] port hybrid
Issue 04 (2013-11-06)
pvid vlan 100
untagged vlan 100
pvid vlan 200
untagged vlan 200
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
433
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
[SwitchB-GigabitEthernet0/0/2] quit
[SwitchB] interface vlanif 200
[SwitchB-Vlanif200] ipv6 enable
[SwitchB-Vlanif200] ipv6 address 2002:0201:0102:1::1/64
[SwitchB-Vlanif200] quit
# Configure a 6to4 tunnel.
[SwitchB] interface tunnel 1
[SwitchB-Tunnel1] eth-trunk 1
[SwitchB-Tunnel1] tunnel-protocol ipv6-ipv4 6to4
[SwitchB-Tunnel1] ipv6 enable
[SwitchB-Tunnel1] ipv6 address 2002:0201:0102::1/64
[SwitchB-Tunnel1] source vlanif 100
[SwitchB-Tunnel1] quit
# Configure a route to the other 6to4 network.
[SwitchB] ipv6 route-static 2002:: 16 tunnel 1
NOTE
There must be a reachable route between SwitchA and SwitchB. In this example, a routing protocol needs
to be configured on VLANIF 100 of SwitchA and SwitchB. For details, see the S2350&S5300&S6300
Series Ethernet Switches Configuration Guide - IP Routing
Step 3 Verify the configuration.
# Check the IPv6 status of Tunnel1 on SwitchA. You can see that the tunnel status is Up.
[SwitchA] display ipv6 interface tunnel 1
Tunnel1 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::201:101
Global unicast address(es):
2002:201:101::1, subnet is 2002:201:101::/64
Joined group address(es):
FF02::1:FF01:101
FF02::1:FF00:1
FF02::2
FF02::1
MTU is 1500 bytes
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
# Ping the 6to4 address of VLANIF200 on SwitchB from SwitchA. The 6to4 address can be
pinged successfully.
[SwitchA] ping ipv6 2002:0201:0102:1::1
PING 2002:0201:0102:1::1 : 56 data bytes,
Reply from 2002:201:102:1::1
bytes=56 Sequence=1 hop limit=64 time =
Reply from 2002:201:102:1::1
bytes=56 Sequence=2 hop limit=64 time =
Reply from 2002:201:102:1::1
bytes=56 Sequence=3 hop limit=64 time =
Reply from 2002:201:102:1::1
bytes=56 Sequence=4 hop limit=64 time =
Reply from 2002:201:102:1::1
bytes=56 Sequence=5 hop limit=64 time =
press CTRL_C to break
8 ms
25 ms
4 ms
5 ms
5 ms
--- 2002:0201:0102:1::1 ping statistics --5 packet(s) transmitted
5 packet(s) received
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
434
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
0.00% packet loss
round-trip min/avg/max = 4/9/25 ms
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
ipv6
#
vlan batch 100 200
#
interface Vlanif100
ip address 2.1.1.1 255.0.0.0
#
interface Vlanif200
ipv6 enable
ipv6 address 2002:201:101:1::1/64
#
interface Eth-Trunk1
service type tunnel
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface Tunnel1
ipv6 enable
ipv6 address 2002:201:101::1/64
tunnel-protocol ipv6-ipv4 6to4
source vlanif100
eth-trunk 1
#
ipv6 route-static 2002:: 16 Tunnel1
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
ipv6
#
vlan batch 100 200
#
interface Vlanif100
ip address 2.1.1.2 255.0.0.0
#
interface Vlanif200
ipv6 enable
ipv6 address 2002:201:102:1::1/64
#
interface Eth-Trunk1
service type tunnel
#
interface GigabitEthernet0/0/1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
435
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface Tunnel1
ipv6 enable
ipv6 address 2002:201:102::1/64
tunnel-protocol ipv6-ipv4 6to4
source vlanif100
eth-trunk 1
#
ipv6 route-static 2002:: 16 Tunnel1
#
return
4.10.3 Example for Configuring an ISATAP Tunnel
Networking Requirements
As shown in Figure 4-27, an IPv6 host on the IPv4 network runs Windows XP. The IPv6 host
needs to be connected to the IPv6 network through a border device. The IPv6 host and border
device support ISATAP. An ISATAP tunnel needs to be set up between the IPv6 host and the
border device.
Figure 4-27 Networking diagram for configuring an ISATAP tunnel
IPv6
network
IPv6 host
3001::2
ISATAP
IPv4
network
Switch
GE0/0/2
GE0/0/1
VLANIF100 VLANIF200
2.1.1.1/8
3001::1/64
ISATAP host
FE80::5EFE:0201:0102
2.1.1.2
2001::5EFE:0201:0102
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure an IPv4/IPv6 dual stack on the switch so that the switch can access the IPv4
network and IPv6 network.
2.
Configure an ISATAP tunnel on the switch so that IPv6 hosts on the IPv4 network can
communicate with IPv6 hosts on the IPv6 network.
3.
Configure a static route from the IPv6 host to the ISATAP host so that the IPv6 host can
forward packets directly over the tunnel.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
436
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
Procedure
Step 1 Configure the ISATAP border device.
# Enable the service loopback function on an Eth-Trunk.
NOTICE
The interface must be idle. That is, the interface does not transmit services.
<HUAWEI> system-view
[HUAWEI] interface eth-trunk 1
[HUAWEI-Eth-Trunk1] service type tunnel
[HUAWEI-Eth-Trunk1] quit
[HUAWEI] interface gigabitethernet 0/0/3
[HUAWEI-GigabitEthernet0/0/3] eth-trunk 1
[HUAWEI-GigabitEthernet0/0/3] quit
# Enable the IPv4/IPv6 dual stack and configure an IP address for each interface.
[HUAWEI] ipv6
[HUAWEI] vlan batch 100 200
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[HUAWEI-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[HUAWEI-GigabitEthernet0/0/1] quit
[HUAWEI] interface gigabitethernet 0/0/2
[HUAWEI-GigabitEthernet0/0/2] port hybrid pvid vlan 200
[HUAWEI-GigabitEthernet0/0/2] port hybrid untagged vlan 200
[HUAWEI-GigabitEthernet0/0/2] quit
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] ipv6 address 3001::1/64
[HUAWEI-Vlanif100] quit
[HUAWEI] interface vlanif 200
[HUAWEI-Vlanif200] ip address 2.1.1.1 255.0.0.0
[HUAWEI-Vlanif200] quit
# Configure an ISATAP tunnel.
[HUAWEI] interface tunnel 1
[HUAWEI-Tunnel1] tunnel-protocol ipv6-ipv4 isatap
[HUAWEI-Tunnel1] eth-trunk 1
[HUAWEI-Tunnel1] ipv6 enable
[HUAWEI-Tunnel1] ipv6 address 2001::/64 eui-64
[HUAWEI-Tunnel1] source vlanif 200
[HUAWEI-Tunnel1] undo ipv6 nd ra halt
[HUAWEI-Tunnel1] quit
Step 2 Configure the ISATAP host.
NOTE
The ISATAP host needs to run IPv6 and be enabled with the IPv6 function.
# Run the following command to add a static route to the border device. The number of the
pseudo interface on the host is 2. You can run the ipv6 if command to check the interface
corresponding to Automatic Tunneling Pseudo-Interface.
C:\> netsh interface ipv6 isatap set router 2.1.1.1
Step 3 Configure the IPv6 host.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
437
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
# Configure a static route to the border device on the IPv6 host so that PCs on two different
networks can communicate through the ISATAP tunnel.
C:\> netsh interface ipv6 set route 2001::/64 3001::1
Step 4 Verify the configuration.
# Check the IPv6 status of Tunnel1 on the ISATAP device. You can see that the tunnel status is
Up.
[HUAWEI] display ipv6 interface tunnel 1
Tunnel1 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::5EFE:201:101
Global unicast address(es):
2001::5EFE:201:101, subnet is 2001::/64
Joined group address(es):
FF02::1:FF01:101
FF02::2
FF02::1
MTU is 1500 bytes
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisement max interval 600 seconds, min interval 200 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses
# Ping the global unicast address of the tunnel interface on the ISATAP host from the ISATAP
device.
[HUAWEI] ping ipv6 2001::5efe:2.1.1.2
PING 2001::5efe:2.1.1.2 : 56 data bytes, press CTRL_C to break
Reply from 2001::5EFE:201:102
bytes=56 Sequence=1 hop limit=64 time = 4 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=2 hop limit=64 time = 3 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=3 hop limit=64 time = 2 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=4 hop limit=64 time = 2 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=5 hop limit=64 time = 2 ms
--- 2001::5efe:2.1.1.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/2/4 ms
# Ping the global unicast address of the ISATAP device from the ISATAP host.
C:\> ping6 2001::5efe:2.1.1.1
Pinging 2001::5efe:2.1.1.1
from 2001::5efe:2.1.1.2 with 32 bytes of data:
Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms
Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms
Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms
Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms
Ping statistics for 2001::5efe:2.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
438
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4 IP Service
# Ping the IPv6 host from the ISATAP host. They can ping each other.
C:\> ping6 3001::2
Pinging 3001::2 with 32 bytes of data:
Reply
Reply
Reply
Reply
from
from
from
from
3001::2:
3001::2:
3001::2:
3001::2:
time<1ms
time<1ms
time<1ms
time<1ms
Ping statistics for 3001::2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
----End
Configuration Files
Configuration file of the Switch
#
sysname HUAWEI
#
vlan batch 100 200
#
ipv6
#
interface Vlanif100
ipv6 enable
ipv6 address 3001::1/64
#
interface Vlanif200
ip address 2.1.1.1 255.0.0.0
#
interface Eth-Trunk1
service type tunnel
#
interface Tunnel1
ipv6 enable
ipv6 address 2001::/64 eui-64
undo ipv6 nd ra halt
tunnel-protocol ipv6-ipv4 isatap
source Vlanif200
eth-trunk 1
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
439
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
5
IP Routing
About This Chapter
This document describes the IP routing features of the device and provides the configuration
examples of these features.
5.1 IP Routing Basic Configuration
You can configure IP routing to learn about basic parameters for IP routing.
5.2 Static Route Configuration
Static routes apply to simple networks. Proper static routes can improve network performance
and ensure bandwidth for important applications.
5.3 RIP Configuration
Routing Information Protocol(RIP) is widely used on small-sized networks to discover routes
and generate routing information.
5.4 RIPng Configuration
RIPng is widely used on small-sized networks to discover routes and generate routing
information.
5.5 OSPF Configuration
By building OSPF networks, you can enable OSPF to discover and calculate routes in ASs.
OSPF is applicable to a large-scale network that consists of hundreds of devices.
5.6 OSPFv3 Configuration
By building Open Shortest Path First Version 3 (OSPFv3) networks, you can enable OSPFv3
to discover and calculate routes in ASs. OSPFv3 is applicable to a large-scale network that
consists of hundreds of switches.
5.7 IPv4 IS-IS Configuration
You can build an IPv4 IS-IS network to allow IS-IS to discover and calculate routes in an
autonomous system (AS).
5.8 IPv6 IS-IS Configuration
You can build an IPv6 IS-IS network to allow IS-IS to discover and calculate routes in an
autonomous system (AS). IS-IS applies to large and medium networks.
5.9 BGP Configuration
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
440
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
The Border Gateway Protocol (BGP) is used between Autonomous Systems (ASs) to transmit
routing information. BGP applies to large and complex networks.
5.10 Routing Policy Configuration
Routing policies are applied to routing information to change the path through which network
traffic passes.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
441
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
5.1 IP Routing Basic Configuration
You can configure IP routing to learn about basic parameters for IP routing.
5.1.1 Example for Configuring IP FRR on the Public Network
Networking Requirements
As shown in Figure 5-1, RouterB and RouterC are egress routers on the Internet. SwitchA is
connected to two core switches SwitchB and SwitchC through two GE interfaces. Each of
SwitchB and SwitchC is connected to the two egress routers through two GE interfaces. When
a fault occurs on the link between SwitchB and RouterB, SwitchB must rapidly respond to the
link fault and use a backup route for data forwarding to ensure that services are forwarded
correctly.
Figure 5-1 Networking diagram of configuring IP FRR on the public network
Internet
192.168.1.1/24
100.55.1.1/24
RouterC
RouterB
GE0/0/1
VLANIF30
30.1.1.1/24
GE0/0/2
VLANIF20
20.1.1.2/24
GE0/0/2
VLANIF40
40.1.1.1/24
SwitchC
GE0/0/4
VLANIF50
50.1.1.1/24
GE0/0/3
GE0/0/3
VLANIF70 VLANIF70
70.1.1.1/24 70.1.1.2/24
GE0/0/1
VLANIF50
50.1.1.2/24
GE0/0/1
VLANIF10
10.1.1.2/24
SwitchB
GE0/0/4
VLANIF60
60.1.1.1/24
GE0/0/2
VLANIF60
60.1.1.2/24
SwitchA
Configuration Roadmap
The configuration roadmap is as follows:
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
442
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
1.
Configure static routes on SwitchA to ensure that packets destined for 192.168.1.1/24 are
forwarded by SwitchC and packets destined for 100.55.1.1/24 are forwarded by SwitchB.
2.
Configure a route-policy on SwitchB and apply this route-policy for IP FRR on the public
network so that services can be rapidly switched to the backup link SwitchB→SwitchC→
RouterB when the primary link SwitchB→RouterB fails.
Procedure
Step 1 Create VLANs and add interfaces to the VLANs.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 50 60
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] quit
0/0/1
link-type trunk
trunk allow-pass vlan 50
0/0/2
link-type trunk
trunk allow-pass vlan 60
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 2 Assign IPv4 addresses to VLANIF interfaces.
[SwitchA] interface vlanif 50
[SwitchA-Vlanif50] ip address 50.1.1.2 24
[SwitchA-Vlanif50] quit
[SwitchA] interface vlanif 60
[SwitchA-Vlanif60] ip address 60.1.1.2 24
[SwitchA-Vlanif60] quit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 3 Configure basic OSPF functions on SwitchB and SwitchC.
# Configure SwitchB.
[SwitchB] ospf
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0]
[SwitchB-ospf-1-area-0.0.0.0]
[SwitchB-ospf-1-area-0.0.0.0]
[SwitchB-ospf-1-area-0.0.0.0]
[SwitchB-ospf-1-area-0.0.0.0]
[SwitchB-ospf-1] quit
network
network
network
network
quit
10.1.1.0
20.1.1.0
60.1.1.0
70.1.1.0
0.0.0.255
0.0.0.255
0.0.0.255
0.0.0.255
network
network
network
network
quit
30.1.1.0
40.1.1.0
50.1.1.0
70.1.1.0
0.0.0.255
0.0.0.255
0.0.0.255
0.0.0.255
# Configure SwitchC.
[SwitchC] ospf
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0]
[SwitchC-ospf-1-area-0.0.0.0]
[SwitchC-ospf-1-area-0.0.0.0]
[SwitchC-ospf-1-area-0.0.0.0]
[SwitchC-ospf-1-area-0.0.0.0]
[SwitchC-ospf-1] quit
Step 4 Configure IPv4 addresses and basic OSPF functions on RouterB and RouterC to ensure that
there are reachable routes between RouterB, RouterC, SwitchB, and SwitchC.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
443
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
Step 5 Configure static routes on SwitchA to ensure that packets destined for 192.168.1.1/24 are
forwarded by SwitchC and packets destined for 100.55.1.1/24 are forwarded by SwitchB.
# Configure SwitchA.
<SwitchA> system-view
[SwitchA] ip route-static 100.55.1.1 24 vlanif 60 60.1.1.1
[SwitchA] ip route-static 192.168.1.1 24 vlanif 50 50.1.1.1
Step 6 Configure a route-policy and enable IP FRR on the public network.
# Configure an IP prefix list on SwitchB.
<SwitchB> system-view
[SwitchB] ip ip-prefix ip_frr_pre index 10 permit 100.55.1.0 24
# On SwitchB, configure a route-policy, backup next hop, and backup outbound interface.
[SwitchB] route-policy
[SwitchB-route-policy]
[SwitchB-route-policy]
[SwitchB-route-policy]
[SwitchB-route-policy]
ip_frr_rp permit node 10
if-match ip-prefix ip_frr_pre
apply backup-nexthop 70.1.1.1
apply backup-interface vlanif 70
quit
# On SwitchB, enable IP FRR on the public network.
[SwitchB] ip frr route-policy ip_frr_rp
Step 7 Check information about the backup outbound interface and backup next hop.
# Check information about the backup outbound interface and backup next hop on SwitchB.
[SwitchB] display ip routing-table verbose
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 1
Routes : 1
Destination: 100.55.1.1/32
Protocol: OSPF
Preference: 10
NextHop: 10.1.1.1
State: Active Adv Relied
1d17h58m22s
Tag: 0
medium
Label: NULL
0x0
IndirectID: 0x80000001
RelayNextHop: 0.0.0.0
TunnelID: 0x0
BkNextHop: 70.1.1.1
BkLabel: NULL
BkPETunnelID: 0x0
BkIndirectID: 0x0
Process ID: 1
Cost: 2
Neighbour: 0.0.0.0
Age:
Priority:
QoSInfo:
Interface: Vlanif10
Flags: RD
BkInterface: Vlanif70
SecTunnelID: 0x0
BkPESecTunnelID: 0x0
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 50 60
#
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
444
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
interface Vlanif50
ip address 50.1.1.2 255.255.255.0
#
interface Vlanif60
ip address 60.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 50
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 60
#
ip route-static 100.55.1.0 255.255.255.0 vlanif 60
60.1.1.1
ip route-static 192.168.1.0 255.255.255.0 vlanif 50 50.1.1.1
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10 20 60 70
#
ip frr route-policy ip_frr_rp
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif20
ip address 20.1.1.2 255.255.255.0
#
interface Vlanif60
ip address 60.1.1.1 255.255.255.0
#
interface Vlanif70
ip address 70.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 70
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 60
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 20.1.1.0 0.0.0.255
network 60.1.1.0 0.0.0.255
network 70.1.1.0 0.0.0.255
#
ip ip-prefix ip_frr_pre index 10 permit 100.55.1.0 24
#
route-policy ip_frr_rp permit node 10
if-match ip-prefix ip_frr_pre
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
445
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
apply backup-nexthop 70.1.1.1
apply backup-interface Vlanif70
#
return
l
Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 30 40 50 70
#
interface Vlanif30
ip address 30.1.1.1 255.255.255.0
#
interface Vlanif40
ip address 40.1.1.1 255.255.255.0
#
interface Vlanif50
ip address 50.1.1.1 255.255.255.0
#
interface Vlanif70
ip address 70.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 70
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 50
#
ospf 1
area 0.0.0.0
network 30.1.1.0 0.0.0.255
network 40.1.1.0 0.0.0.255
network 50.1.1.0 0.0.0.255
network 70.1.1.0 0.0.0.255
#
return
5.2 Static Route Configuration
Static routes apply to simple networks. Proper static routes can improve network performance
and ensure bandwidth for important applications.
5.2.1 Example for Configuring IPv4 Static Routes
Networking Requirements
As shown in Figure 5-2, hosts on different network segments are connected using several
Switchs. Each two hosts on different network segments can communicate with each other
without using dynamic routing protocols.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
446
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
Figure 5-2 Networking diagram of configuring IPv4 static routes
PC2
1.1.2.2/24
GE0/0/3
VLANIF40
1.1.2.1/24
GE0/0/1
GE0/0/2
VLANIF10
VLANIF20
1.1.4.2/30
1.1.4.5/30
SwitchB
SwitchA
GE0/0/2
VLANIF30
1.1.1.1/24
GE0/0/1
VLANIF10
1.1.4.1/30
PC1
1.1.1.2/24
GE0/0/1
VLANIF20
1.1.4.6/30
SwitchC
GE0/0/2
VLANIF50
1.1.3.1/24
PC3
1.1.3.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create VLANs, add interfaces to the VLANs, and assign IPv4 addresses to VLANIF
interfaces so that neighboring devices can communicate with each other.
2.
Configure the IPv4 default gateway on each host, and configure IPv4 static routes or default
static routes on each Switch so that hosts on different network segments can communicate
with each other.
Procedure
Step 1 Create VLANs and add interfaces to the VLANs.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 10 30
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] quit
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type access
default vlan 30
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 2 Assign IPv4 addresses to the VLANIF interfaces.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 1.1.4.1 30
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 30
[SwitchA-Vlanif30] ip address 1.1.1.1 24
[SwitchA-Vlanif30] quit
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
447
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 3 Configure hosts.
Set the default gateway addresses of PC1, PC2, and PC3 to 1.1.1.1, 1.1.2.1, and 1.1.3.1
respectively.
Step 4 Configure static routes.
# Configure a default IPv4 route on SwitchA.
[SwitchA] ip route-static 0.0.0.0 0.0.0.0 1.1.4.2
# Configure two IPv4 static routes on SwitchB.
[SwitchB] ip route-static 1.1.1.0 255.255.255.0 1.1.4.1
[SwitchB] ip route-static 1.1.3.0 255.255.255.0 1.1.4.6
# Configure a default IPv4 route on SwitchC.
[SwitchC] ip route-static 0.0.0.0 0.0.0.0 1.1.4.5
Step 5 Verify the configuration.
# Check the routing table on SwitchA.
[SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 7
Routes : 7
Destination/Mask
0.0.0.0/0
1.1.1.0/24
1.1.1.1/32
1.1.4.0/30
1.1.4.1/32
127.0.0.0/8
127.0.0.1/32
Proto
Pre
Cost
Static
Direct
Direct
Direct
Direct
Direct
Direct
60
0
0
0
0
0
0
0
0
0
0
0
0
0
Flags
RD
D
D
D
D
D
D
NextHop
Interface
1.1.4.2
1.1.1.1
127.0.0.1
1.1.4.1
127.0.0.1
127.0.0.1
127.0.0.1
Vlanif10
Vlanif30
Vlanif30
Vlanif10
Vlanif10
InLoopBack0
InLoopBack0
# Run the ping command to verify the connectivity.
[SwitchA] ping 1.1.3.1
PING 1.1.3.1: 56 data bytes, press CTRL_C to break
Reply from 1.1.3.1: bytes=56 Sequence=1 ttl=254 time=62
Reply from 1.1.3.1: bytes=56 Sequence=2 ttl=254 time=63
Reply from 1.1.3.1: bytes=56 Sequence=3 ttl=254 time=63
Reply from 1.1.3.1: bytes=56 Sequence=4 ttl=254 time=62
Reply from 1.1.3.1: bytes=56 Sequence=5 ttl=254 time=62
ms
ms
ms
ms
ms
--- 1.1.3.1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 62/62/63 ms
# Run the tracert command to verify the connectivity.
[SwitchA] tracert 1.1.3.1
traceroute to 1.1.3.1(1.1.3.1), max hops: 30 ,packet length: 40,press CTRL_C to
break
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
448
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1 1.1.4.2 31 ms
2 1.1.4.6 62 ms
32 ms
63 ms
5 IP Routing
31 ms
62 ms
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 30
#
interface Vlanif10
ip address 1.1.4.1 255.255.255.252
#
interface Vlanif30
ip address 1.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 30
#
ip route-static 0.0.0.0 0.0.0.0 1.1.4.2
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10 20 40
#
interface Vlanif10
ip address 1.1.4.2 255.255.255.252
#
interface Vlanif20
ip address 1.1.4.5 255.255.255.252
#
interface Vlanif40
ip address 1.1.2.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 40
#
ip route-static 1.1.1.0 255.255.255.0 1.1.4.1
ip route-static 1.1.3.0 255.255.255.0 1.1.4.6
#
return
l
Configuration file of SwitchC
#
sysname SwitchC
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
449
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
#
vlan batch 20 50
#
interface Vlanif20
ip address 1.1.4.6 255.255.255.252
#
interface Vlanif50
ip address 1.1.3.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 50
#
ip route-static 0.0.0.0 0.0.0.0 1.1.4.5
#
return
5.2.2 Example for Configuring IPv6 Static Routes
Networking requirements
As shown in Figure 5-3, on an IPv6 network, hosts on different network segments are connected
using several Switchs. Each two hosts on different network segments can communicate with
each other without using dynamic routing protocols.
Figure 5-3 Networking diagram of configuring IPv6 static routes
PC2
2::2/64
GE0/0/1
VLANIF20
10::2/64
SwitchA
GE0/0/2
VLANIF10
1::1/64
GE0/0/3
VLANIF30
2::1/64
GE0/0/2
VLANIF40
20::1/64
SwitchB
GE0/0/1
VLANIF20
10::1/64
PC1
SwitchC
GE0/0/1
VLANIF40
20::2/64
GE0/0/2
VLANIF50
3::1/64
PC3
1::2/64
3::2/64
Configuration Roadmap
The configuration roadmap is as follows:
1.
Issue 04 (2013-11-06)
Create VLANs, add interfaces to the VLANs, and assign IPv6 addresses to VLANIF
interfaces so that neighboring devices can communicate with each other.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
450
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
2.
5 IP Routing
Configure the IPv6 default gateway on each host, and configure IPv6 static routes or default
static routes on each Switch so that hosts on different network segments can communicate
with each other.
Procedure
Step 1 Add interfaces to VLANs.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 10 20
[SwitchA] interface gigabitethernet0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 20
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type access
[SwitchA-GigabitEthernet0/0/2] port default vlan 10
[SwitchA-GigabitEthernet0/0/2] quit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 2 Assign IPv6 addresses to the VLANIF interfaces.
[SwitchA] ipv6
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ipv6 enable
[SwitchA-Vlanif10] ipv6 address 1::1/64
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ipv6 enable
[SwitchA-Vlanif20] ipv6 address 10::1/64
[SwitchA-Vlanif20] quit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 3 Configure host addresses and default gateway addresses.
Assign IPv6 addresses to the hosts, and set the default gateway address of PC1, PC2, and PC3
to 1::1, 2::1, and 3::1 respectively.
Step 4 Configure static IPv6 routes.
# Configure a default IPv6 route on SwitchA.
[SwitchA] ipv6 route-static :: 0 vlanif20 10::2
# Configure two IPv6 static routes on SwitchB.
[SwitchB] ipv6 route-static 1:: 64 vlanif20 10::1
[SwitchB] ipv6 route-static 3:: 64 vlanif40 20::2
# Configure an IPv6 default route on SwitchC.
[SwitchC] ipv6 route-static :: 0 vlanif40 20::1
Step 5 Verify the configuration.
# Check the IPv6 routing table on SwitchA.
[SwitchA] display ipv6 routing-table
Routing Table : Public
Destinations : 5
Routes : 5
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
451
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
Destination
NextHop
Cost
RelayNextHop
Interface
:
:
:
:
:
::
10::2
0
::
Vlanif20
PrefixLength
Preference
Protocol
TunnelID
Flags
:
:
:
:
:
0
60
Static
0x0
D
Destination
NextHop
Cost
RelayNextHop
Interface
:
:
:
:
:
::1
::1
0
::
InLoopBack0
PrefixLength
Preference
Protocol
TunnelID
Flags
:
:
:
:
:
128
0
Direct
0x0
D
Destination
NextHop
Cost
RelayNextHop
Interface
:
:
:
:
:
1::
1::1
0
::
Vlanif10
PrefixLength
Preference
Protocol
TunnelID
Flags
:
:
:
:
:
64
0
Direct
0x0
D
Destination
NextHop
Cost
RelayNextHop
Interface
:
:
:
:
:
1::1
::1
0
::
Vlanif10
PrefixLength
Preference
Protocol
TunnelID
Flags
:
:
:
:
:
128
0
Direct
0x0
D
Destination
NextHop
Cost
RelayNextHop
Interface
:
:
:
:
:
FE80::
::
0
::
NULL0
PrefixLength
Preference
Protocol
TunnelID
Flags
:
:
:
:
:
10
0
Direct
0x0
D
# Run the ping command to verify the connectivity.
[SwitchA] ping ipv6 3::1
PING 3::1 : 56 data bytes, press CTRL_C
Reply from 3::1
bytes=56 Sequence=1 hop limit=63 time
Reply from 3::1
bytes=56 Sequence=2 hop limit=63 time
Reply from 3::1
bytes=56 Sequence=3 hop limit=63 time
Reply from 3::1
bytes=56 Sequence=4 hop limit=63 time
Reply from 3::1
bytes=56 Sequence=5 hop limit=63 time
to break
= 63 ms
= 62 ms
= 62 ms
= 63 ms
= 63 ms
--- 3::1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 62/62/63 ms
# Run the tracert command to verify the connectivity.
[SwitchA] tracert ipv6 3::1
traceroute to 3::1 30 hops max,60 bytes packet
1 2::1 31 ms 32 ms 31 ms
2 3::1 62 ms 63 ms 62 ms
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
452
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
#
ipv6
#
vlan batch 10 20
#
interface Vlanif10
ipv6 enable
ipv6 address 1::1/64
#
interface Vlanif20
ipv6 enable
ipv6 address 10::1/64
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
#
ipv6 route-static :: 0 vlanif20 10::2
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
ipv6
#
vlan batch 20 30 40
#
interface Vlanif20
ipv6 enable
ipv6 address 10::2/64
#
interface Vlanif30
ipv6 enable
ipv6 address 2::1/64
#
interface Vlanif40
ipv6 enable
ipv6 address 20::1/64
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 30
#
ipv6 route-static 1:: 64 Vlanif20 10::1
ipv6 route-static 3:: 64 Vlanif40 20::2
#
return
l
Configuration file of SwitchC
#
sysname SwitchC
#
ipv6
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
453
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
#
vlan batch 40 50
#
interface Vlanif40
ipv6 enable
ipv6 address 20::2/64
#
interface Vlanif50
ipv6 enable
ipv6 address 3::1/64
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 40
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 50
#
ipv6 route-static :: 0 Vlanif40 20::1
#
return
5.2.3 Example for Configuring Static BFD for IPv4 Static Routes
Networking Requirements
As shown in Figure 5-4, SwitchA is connected to the network management system (NMS)
through SwitchB. You need to configure static routes on SwitchA so that SwitchA can
communicate with the NMS. Link fault detection between SwitchA and SwitchB must be at the
millisecond level to improve convergence speed.
Figure 5-4 Networking diagram of configuring static BFD for IPv4 static routes
GE0/0/1
VLANIF10
1.1.1.1/24
SwitchA
GE0/0/2
VLANIF20
2.2.2.2/24
2.2.2.1/24
GE0/0/1
VLANIF10 SwitchB
1.1.1.2/24
NMS
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure a BFD session between SwitchA and SwitchB to implement link fault detection
at the millisecond level.
2.
Configure a static route from SwitchA to the NMS and bind a BFD session to the static
route. This configuration can implement link fault detection at the millisecond level and
improve convergence speed of static routes.
Procedure
Step 1 Add interfaces to the VLANs.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
454
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface gigabitethernet0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
The configurations of SwitchB are similar to the configuration of SwitchA, and are not
mentioned here.
Step 2 Assign IP addresses to the VLANIF interfaces.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 1.1.1.1 24
[SwitchA-Vlanif10] quit
The configuration of SwitchB is similar to the configuration of SwitchA, and is not mentioned
here.
Step 3 Configure a BFD session between SwitchA and SwitchB.
# Create a BFD session on SwitchA.
[SwitchA] bfd
[SwitchA-bfd] quit
[SwitchA] bfd aa bind peer-ip 1.1.1.2
[SwitchA-bfd-session-aa] discriminator local 10
[SwitchA-bfd-session-aa] discriminator remote 20
[SwitchA-bfd-session-aa] commit
[SwitchA-bfd-session-aa] quit
# Create a BFD session on SwitchB.
[SwitchB] bfd
[SwitchB-bfd] quit
[SwitchB] bfd bb bind peer-ip 1.1.1.1
[SwitchB-bfd-session-bb] discriminator local 20
[SwitchB-bfd-session-bb] discriminator remote 10
[SwitchB-bfd-session-bb] commit
[SwitchB-bfd-session-bb] quit
Step 4 Configure a static route and bind the route to the BFD session.
# Configure a default static route to the external network on SwitchA and bind the static route
to the BFD session named aa.
[SwitchA]ip route-static 2.2.2.0 24 1.1.1.2 track bfd-session aa
Step 5 Verify the configuration.
# After the configuration is complete, run the display bfd session all command on SwitchA and
SwitchB. You can view that the BFD session is established and its status is Up.
Take the display on SwitchA as an example.
[SwitchA] display bfd session all
-------------------------------------------------------------------------------Local Remote PeerIpAddr
State
Type
InterfaceName
-------------------------------------------------------------------------------10
20
1.1.1.2
Up
S_IP_PEER
-------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
# Check the IP routing table on SwitchA, and you can find that the static route exists in the
routing table.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
455
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
[SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 5
Routes : 5
Destination/Mask
1.1.1.0/24
1.1.1.1/32
2.2.2.0/24
127.0.0.0/8
127.0.0.1/32
Proto
Pre
Cost
Direct
Direct
Static
Direct
Direct
0
0
60
0
0
0
0
0
0
0
Flags NextHop
D
D
RD
D
D
1.1.1.1
127.0.0.1
1.1.1.2
127.0.0.1
127.0.0.1
Interface
Vlanif10
Vlanif10
Vlanif10
InLoopBack0
InLoopBack0
# Run the shutdown command on GE 0/0/1 of SwitchB to simulate a link fault.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] shutdown
# Check the routing table on SwitchA, and you can find that default route 2.2.2.0/24 does not
exist. The reason is that the default static route is bound to a BFD session, and BFD immediately
notifies that the bound static route is unavailable when a fault is detected.
[SwitchA]display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 2
Routes : 2
Destination/Mask
127.0.0.0/8
127.0.0.1/32
Proto
Pre
Cost
Direct
Direct
0
0
0
0
Flags NextHop
D
D
127.0.0.1
127.0.0.1
Interface
InLoopBack0
InLoopBack0
# Run the undo shutdown command on GE0/0/1 of SwitchB to simulate link recovery.
[SwitchB-GigabitEthernet0/0/1]undo shutdown
# Check the routing table on SwitchA, and you can find default route 2.2.2.0/24 in the routing
table. After detecting link recovery, BFD immediately notifies that the bound static route is
reachable.
[SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 5
Routes : 5
Destination/Mask
1.1.1.0/24
1.1.1.1/32
2.2.2.0/24
127.0.0.0/8
127.0.0.1/32
Proto
Pre
Cost
Direct
Direct
Static
Direct
Direct
0
0
60
0
0
0
0
0
0
0
Flags NextHop
D
D
RD
D
D
1.1.1.1
127.0.0.1
1.1.1.2
127.0.0.1
127.0.0.1
Interface
Vlanif10
Vlanif10
Vlanif10
InLoopBack0
InLoopBack0
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
456
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
#
bfd
#
interface Vlanif10
ip address 1.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
bfd aa bind peer-ip 1.1.1.2
discriminator local 10
discriminator remote 20
commit
#
ip route-static 2.2.2.0 255.255.255.0 1.1.1.2 track bfd-session aa
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10 20
#
bfd
#
interface Vlanif10
ip address 1.1.1.2 255.255.255.0
#
interface Vlanif20
ip address 2.2.2.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
bfd bb bind peer-ip 1.1.1.1
discriminator local 20
discriminator remote 10
commit
#
return
5.3 RIP Configuration
Routing Information Protocol(RIP) is widely used on small-sized networks to discover routes
and generate routing information.
5.3.1 Example for Configuring Basic RIP Functions
Networking Requirements
As shown in Figure 5-5, SwitchA, SwitchB, SwitchC, and SwitchD are located on a small-sized
network, and they need to communicate with each other.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
457
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
Figure 5-5 Networking diagram for configuring the RIP version
SwitchC
GE0/0/2
VLANIF20
172.16.1.2/24
GE0/0/1
VLANIF10
192.168.1.1/24
SwitchA
GE0/0/2
GE0/0/3
VLANIF20
VLANIF30
172.16.1.1/24
10.1.1.2/24
GE0/0/1
GE0/0/3
VLANIF10 SwitchB VLANIF30
192.168.1.2/24
10.1.1.1/24
SwitchD
Configuration Roadmap
The network size is small, so RIP-2 is recommended. The configuration roadmap is as follows:
1.
Configure VLAN and IP address for each interface to ensure network reachability.
2.
Enable RIP on each switch to implement network connections between processes.
3.
Configure RIP-2 on each switch to improve RIP performance.
Procedure
Step 1 Configure VLANs that the related interfaces belong to.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
The configurations of Switch B, Switch C, and Switch D are similar to the configuration of
Switch A, and are not mentioned here.
Step 2 Configure an IP address to each VLANIF interface.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 192.168.1.1 24
[SwitchA-Vlanif10] quit
The configurations of Switch B, Switch C, and Switch D are similar to the configuration of
Switch A, and are not mentioned here.
Step 3 Configure the basic RIP functions.
# Configure Switch A.
[SwitchA] rip
[SwitchA-rip-1] network 192.168.1.0
[SwitchA-rip-1] quit
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
458
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
# Configure Switch B.
[SwitchB] rip
[SwitchB-rip-1]
[SwitchB-rip-1]
[SwitchB-rip-1]
[SwitchB-rip-1]
network 192.168.1.0
network 172.16.0.0
network 10.0.0.0
quit
# Configure Switch C.
[SwitchC] rip
[SwitchC-rip-1] network 172.16.0.0
[SwitchC-rip-1] quit
# Configure Switch D.
[SwitchD] rip
[SwitchD-rip-1] network 10.0.0.0
[SwitchD-rip-1] quit
# Check the RIP routing table of Switch A.
[SwitchA] display rip 1 route
Route Flags: R - RIP
A - Aging, G - Garbage-collect
------------------------------------------------------------------------Peer 192.168.1.2 on Vlanif10
Destination/Mask
Nexthop
Cost
Tag
Flags
Sec
10.0.0.0/8
192.168.1.2
1
0
RA
14
172.16.0.0/16
192.168.1.2
1
0
RA
14
From the routing table, you can find that the routes advertised by RIP-1 use natural masks.
Step 4 Configure the RIP version.
# Configure RIPv2 on Switch A.
[SwitchA] rip
[SwitchA-rip-1] version 2
[SwitchA-rip-1] quit
# Configure RIPv2 on Switch B.
[SwitchB] rip
[SwitchB-rip-1] version 2
[SwitchB-rip-1] quit
# Configure RIPv2 on Switch C.
[SwitchC] rip
[SwitchC-rip-1] version 2
[SwitchC-rip-1] quit
# Configure RIPv2 on Switch D.
[SwitchD] rip
[SwitchD-rip-1] version 2
[SwitchD-rip-1] quit
Step 5 Verify the configuration.
# Check the RIP routing table of Switch A.
[SwitchA] display rip 1 route
Route Flags: R - RIP
A - Aging, G - Garbage-collect
------------------------------------------------------------------------Peer 192.168.1.2 on Vlanif10
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
459
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Destination/Mask
10.1.1.0/24
172.16.1.0/24
5 IP Routing
Nexthop
192.168.1.2
192.168.1.2
Cost
1
1
Tag
0
0
Flags
RA
RA
Sec
32
32
From the routing table, you can find that the routes advertised by RIP-2 contain more accurate
subnet masks.
----End
Configuration Files
l
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
rip 1
version 2
network 192.168.1.0
#
return
l
Configuration file of Switch B
#
sysname SwitchB
#
vlan batch 10 20 30
#
interface Vlanif10
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif20
ip address 172.16.1.1 255.255.255.0
#
interface Vlanif30
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
rip 1
version 2
network 10.0.0.0
network 172.16.0.0
network 192.168.1.0
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
460
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
l
5 IP Routing
Configuration file of Switch C
#
sysname SwitchC
#
vlan batch 20
#
interface Vlanif20
ip address 172.16.1.2 255.255.255.0
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
rip 1
version 2
network 172.16.0.0
#
return
l
Configuration file of Switch D
#
sysname SwitchD
#
vlan batch 30
#
interface Vlanif30
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
rip 1
version 2
network 10.0.0.0
#
return
5.3.2 Example for Configuring RIP to Import Routes
Networking Requirements
As shown in Figure 5-6, two RIP processes, RIP100 and RIP200, run on SwitchB. SwitchA
needs to communicate with network segment 192.168.3.0/24.
Figure 5-6 Network diagram of configuring RIP to import external routes
GE0/0/1
GE0/0/2
VLANIF50
VLANIF30
192.168.0.1/24
192.168.3.1/24
GE0/0/1
GE0/0/2
VLANIF20
VLANIF10
GE0/0/3
192.168.2.1/24
192.168.1.2/24
VLANIF40
GE0/0/1
GE0/0/2
192.168.4.1/24
VLANIF20
VLANIF10
SwitchA 192.168.1.1/24 SwitchB 192.168.2.2/24 SwitchC
RIP 100
Issue 04 (2013-11-06)
RIP 200
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
461
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable RIP on each switch to implement network connections between processes.
2.
Import routes between RIP100 and RIP200 on SwitchB and set the default metric of routes
imported from RIP200 to 3.
3.
Configure an ACL on SwitchB to filter route 192.168.4.0/24 imported from RIP200 so that
SwitchA can only communicate with network segment 192.168.3.0/24.
Procedure
Step 1 Configure VLANs that the related interfaces belong to.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan bath 10 50
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] quit
0/0/1
link-type trunk
trunk allow-pass vlan 50
0/0/2
link-type trunk
trunk allow-pass vlan 10
The configurations of Switch B, and Switch C are similar to the configuration of Switch A, and
are not mentioned here.
Step 2 Configure an IP address to each VLANIF interface.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 192.168.1.1 24
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 50
[SwitchA-Vlanif50] ip address 192.168.0.1 24
[SwitchA-Vlanif50] quit
The configurations of Switch B, and Switch C are similar to the configuration of Switch A, and
are not mentioned here.
Step 3 Configure the basic RIP functions.
# Enable RIP process 100 on SwitchA.
[SwitchA] rip 100
[SwitchA-rip-100] network 192.168.0.0
[SwitchA-rip-100] network 192.168.1.0
[SwitchA-rip-100] quit
# Enable RIP processes 100 and 200 on SwitchB.
[SwitchB] rip 100
[SwitchB-rip-100]
[SwitchB-rip-100]
[SwitchB] rip 200
[SwitchB-rip-200]
[SwitchB-rip-200]
network 192.168.1.0
quit
network 192.168.2.0
quit
# Enable RIP process 200 on SwitchC.
[SwitchC] rip 200
[SwitchC-rip-200] network 192.168.2.0
[SwitchC-rip-200] network 192.168.3.0
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
462
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
[SwitchC-rip-200] network 192.168.4.0
[SwitchC-rip-200] quit
# View the routing table on SwitchA.
[SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 6
Routes : 6
Destination/Mask
Proto Pre Cost
Flags
NextHop
Interface
127.0.0.0/8
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
192.168.0.0/24 Direct 0
0
D
192.168.0.1
Vlanif50
192.168.0.1/32 Direct 0
0
D
127.0.0.1
Vlanif50
192.168.1.0/24 Direct 0
0
D
192.168.1.1
Vlanif10
192.168.1.1/32 Direct 0
0
D
127.0.0.1
Vlanif10
The routing table of SwitchA does not contain the routes imported from other processes.
Step 4 Configure RIP to import external routes.
# On SwitchB, set the default metric of imported routes to 3 in RIP 100 process and configure
the RIP processes to import routes into each other's routing table.
[SwitchB] rip 100
[SwitchB-rip-100]
[SwitchB-rip-100]
[SwitchB-rip-100]
[SwitchB] rip 200
[SwitchB-rip-200]
[SwitchB-rip-200]
default-cost 3
import-route rip 200
quit
import-route rip 100
quit
# View the routing table of SwitchA after the routes are imported.
[SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 9
Routes : 9
Destination/Mask
Proto Pre Cost
Flags
NextHop
Interface
127.0.0.0/8
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
192.168.0.0/24 Direct 0
0
D
192.168.0.1
Vlanif50
192.168.0.1/32 Direct 0
0
D
127.0.0.1
Vlanif50
192.168.1.0/24 Direct 0
0
D
192.168.1.1
Vlanif10
192.168.1.1/32 Direct 0
0
D
127.0.0.1
Vlanif10
192.168.2.0/24 RIP
100 4
D
192.168.1.2
Vlanif10
192.168.3.0/24 RIP
100 4
D
192.168.1.2
Vlanif10
192.168.4.0/24 RIP
100 4
D
192.168.1.2
Vlanif10
The routing table of SwitchA contains routes 192.168.2.0/24, 192.168.3.0/24, and
192.168.4.0/24, which are learned by RIP200 on SwitchB.
Step 5 Configure RIP to filter imported routes.
# Configure an ACL on SwitchB and add a rule to the ACL. The rule denies the packets sent
from 192.168.4.0/24.
[SwitchB] acl 2000
[SwitchB-acl-basic-2000] rule deny source 192.168.4.0 0.0.0.255
[SwitchB-acl-basic-2000] rule permit
[SwitchB-acl-basic-2000] quit
# Configure SwitchB to filter route 192.168.4.0/24 imported from RIP200.
[SwitchB] rip 100
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
463
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
[SwitchB-rip-100] filter-policy 2000 export
[SwitchB-rip-100] quit
Step 6 Verify the configuration.
# Display the RIP routing table of SwitchA after the routes are filtered.
[SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 8
Routes : 8
Destination/Mask
Proto Pre Cost
Flags
NextHop
Interface
127.0.0.0/8
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
192.168.0.0/24 Direct 0
0
D
192.168.0.1
Vlanif50
192.168.0.1/32 Direct 0
0
D
127.0.0.1
Vlanif50
192.168.1.0/24 Direct 0
0
D
192.168.1.1
Vlanif10
192.168.1.1/32 Direct 0
0
D
127.0.0.1
Vlanif10
192.168.2.0/24 RIP
100 4
D
192.168.1.2
Vlanif10
192.168.3.0/24 RIP
100 4
D
192.168.1.2
Vlanif10
The routing table of SwitchA does not contain the route originating from 192.168.4.0/24.
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 50
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
#
interface Vlanif50
ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 50
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
rip 100
network 192.168.0.0
network 192.168.1.0
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10 20
#
acl number 2000
rule 5 deny source 192.168.4.0 0.0.0.255
rule 10 permit
#
interface Vlanif10
ip address 192.168.1.2 255.255.255.0
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
464
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
#
interface Vlanif20
ip address 192.168.2.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
rip 100
default-cost 3
network 192.168.1.0
filter-policy 2000 export
import-route rip 200
#
rip 200
network 192.168.2.0
import-route rip 100
#
return
l
Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 20 30 40
#
interface Vlanif20
ip address 192.168.2.2 255.255.255.0
#
interface Vlanif30
ip address 192.168.3.1 255.255.255.0
#
interface Vlanif40
ip address 192.168.4.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 40
#
rip 200
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
#
return
5.3.3 Example for Configuring One-Arm Static BFD for RIP
Networking Requirements
As shown in Figure 5-7, there are four switches that communicate using RIP on a small-sized
network. Services are transmitted through the primary link SwitchA→SwitchB→SwitchD.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
465
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
Reliability must be improved for data transmitted from SwitchA to SwitchB so that services can
be rapidly switched to another path for transmission when the primary link fails.
Figure 5-7 Networking diagram for One-Arm static BFD for RIP
GE0/0/1
SwitchA VLANIF10
2.2.2.1/24
GE0/0/3
GE0/0/1
VLANIF10 SwitchB VLANIF40 SwitchD
172.16.1.1/24
2.2.2.2/24
GE0/0/2
GE0/0/2
VLANIF20
VLANIF30
3.3.3.1/24
4.4.4.1/24
GE0/0/2
GE0/0/1
VLANIF20
VLANIF30
3.3.3.2/24 SwitchC 4.4.4.2/24
GE0/0/1
VLANIF40
172.16.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure IP address for each interface to ensure network reachability.
2.
Enable RIP on each switch to implement network connections between processes.
3.
Configure One-Arm static BFD on SwitchA. BFD can rapidly detect the link status and
help RIP speed up route convergence to implement fast link switching.
Procedure
Step 1 Configure VLANs that the related interfaces belong to.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan bath 10 20
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] quit
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 20
The configurations of Switch B, Switch C, and Switch D are similar to the configuration of
Switch A, and are not mentioned here.
Step 2 Configure an IP address to each VLANIF interface.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 2.2.2.1 24
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ip address 3.3.3.1 24
[SwitchA-Vlanif20] quit
The configurations of Switch B, Switch C, and Switch D are similar to the configuration of
Switch A, and are not mentioned here.
Step 3 Configure basic RIP functions.
# Configure Switch A.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
466
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
[SwitchA] rip 1
[SwitchA-rip-1]
[SwitchA-rip-1]
[SwitchA-rip-1]
[SwitchA-rip-1]
5 IP Routing
version 2
network 2.0.0.0
network 3.0.0.0
quit
# Configure Switch B.
[SwitchB] rip 1
[SwitchB-rip-1]
[SwitchB-rip-1]
[SwitchB-rip-1]
[SwitchB-rip-1]
[SwitchB-rip-1]
version
network
network
network
quit
2
2.0.0.0
4.0.0.0
172.16.0.0
# Configure Switch C.
[SwitchC] rip 1
[SwitchC-rip-1]
[SwitchC-rip-1]
[SwitchC-rip-1]
[SwitchC-rip-1]
version 2
network 3.0.0.0
network 4.0.0.0
quit
# Configure Switch D.
[SwitchD] rip 1
[SwitchD-rip-1] version 2
[SwitchD-rip-1] network 172.16.0.0
[SwitchD-rip-1] quit
# After completing the preceding operations, run the display rip neighbor command. The
command output shows that Switchs A, B, and C have established neighbor relationships with
each other. In the following example, the display on Switch A is used.
[SwitchA] display rip 1 neighbor
--------------------------------------------------------------------IP Address
Interface
Type
Last-Heard-Time
--------------------------------------------------------------------2.2.2.2
Vlanif10
RIP
0:0:10
Number of RIP routes : 2
3.3.3.2
Vlanif20
RIP
0:0:8
Number of RIP routes : 1
# Run the display ip routing-table command. The command output shows that the devices have
imported routes from each other. In the following example, the display on Switch A is used.
[SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 8
Routes : 9
Destination/Mask
2.2.2.0/24
2.2.2.1/32
3.3.3.0/24
3.3.3.1/32
4.4.4.0/24
127.0.0.0/8
127.0.0.1/32
172.16.1.0/24
Issue 04 (2013-11-06)
Proto
Pre
Cost
Direct
Direct
Direct
Direct
RIP
RIP
Direct
Direct
RIP
0
0
0
0
100
100
0
0
100
0
0
0
0
1
1
0
0
1
Flags NextHop
D
D
D
D
D
D
D
D
D
2.2.2.1
127.0.0.1
3.3.3.1
127.0.0.1
3.3.3.2
2.2.2.2
127.0.0.1
127.0.0.1
2.2.2.2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Interface
Vlanif10
Vlanif10
Vlanif20
Vlanif20
Vlanif20
Vlanif10
InLoopBack0
InLoopBack0
Vlanif10
467
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
The preceding command output shows that the next-hop address and outbound interface of the
route to destination 172.16.1.0/24 are 2.2.2.2 and VLANIF10 respectively, and traffic is
transmitted over the active link Switch A->Switch B.
Step 4 Configure One-Arm static BFD on Switch A.
# Configure one-arm BFD on Switch A.
[SwitchA] bfd
[SwitchA-bfd] quit
[SwitchA] bfd 1 bind peer-ip 2.2.2.2 interface vlanif 10 source-ip 1.1.1.1 one-armecho
[SwitchA-session-1] discriminator local 1
[SwitchA-session-1] min-echo-rx-interval 200
[SwitchA-session-1] commit
[SwitchA-session-1] quit
# Enable static BFD on VLANIF 10.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] rip bfd static
[SwitchA-Vlanif10] quit
# After the configurations are completed, run the display bfd sessionall command on Switch A
and you can see that a static BFD session is set up.
[SwitchA] display bfd session all
-------------------------------------------------------------------------------Local Remote
PeerIpAddr
State
Type
InterfaceName
-------------------------------------------------------------------------------1
2.2.2.2
Up
S_IP_IF
Vlanif10
-------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Step 5 Verify the configuration.
# Run the shutdown command on GE 0/0/1 of Switch B to simulate a fault in the active link.
NOTE
The link fault is simulated to verify the configuration. In actual situations, the operation is not required.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] shutdown
# Check the routing table of Switch A.
[SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 6
Routes : 6
Destination/Mask
3.3.3.0/24
3.3.3.1/32
4.4.4.0/24
127.0.0.0/8
127.0.0.1/32
172.16.1.0/24
Issue 04 (2013-11-06)
Proto
Pre
Cost
Direct
Direct
RIP
Direct
Direct
RIP
0
0
100
0
0
100
0
0
1
0
0
2
Flags NextHop
D
D
D
D
D
D
3.3.3.1
127.0.0.1
3.3.3.2
127.0.0.1
127.0.0.1
3.3.3.2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Interface
Vlanif20
Vlanif20
Vlanif20
InLoopBack0
InLoopBack0
Vlanif20
468
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
The preceding command output shows that the standby link Switch A->Switch C->Switch B is
used after the active link fails, and the next-hop address and outbound interface of the route to
destination 172.16.1.0/24 are 3.3.3.2 and VLANIF20 respectively.
----End
Configuration files
l
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 10 20
#
bfd
#
interface Vlanif10
ip address 2.2.2.1 255.255.255.0
rip bfd static
#
interface Vlanif20
ip address 3.3.3.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
bfd 1 bind peer-ip 2.2.2.2 interface Vlanif10 source-ip 1.1.1.1 one-arm-echo
discriminator local 1
min-echo-rx-interval 200
commit
#
rip 1
version 2
network 2.0.0.0
network 3.0.0.0
#
return
l
Configuration file of Switch B
#
sysname SwitchB
#
vlan batch 10 30 40
#
bfd
#
interface Vlanif10
ip address 2.2.2.2 255.255.255.0
#
interface Vlanif30
ip address 4.4.4.1 255.255.255.0
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
469
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 40
#
rip 1
version 2
network 2.0.0.0
network 4.0.0.0
network 172.16.0.0
#
return
l
Configuration file of Switch C
#
sysname SwitchC
#
vlan batch 20 30
#
interface Vlanif20
ip address 3.3.3.2 255.255.255.0
#
interface Vlanif30
ip address 4.4.4.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
rip 1
version 2
network 3.0.0.0
network 4.0.0.0
#
return
l
Configuration file of Switch D
#
sysname SwitchD
#
vlan batch 40
#
interface Vlanif40
ip address 172.16.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 40
#
rip 1
version 2
network 172.16.0.0
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
470
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
5.3.4 Example for Configuring Dynamic BFD for RIP
Networking Requirements
As shown in Figure 5-8, there are four switches that communicate using RIP on a small-sized
network. Services are transmitted through the primary link Switch A→Switch B→Switch D.
Reliability must be improved for data transmitted from Switch A to Switch B so that services
can be rapidly switched to another path for transmission when the primary link fails.
Figure 5-8 Networking diagram for configuring BFD for RIP
GE0/0/1
SwitchA VLANIF10
2.2.2.1/24
GE0/0/3
GE0/0/1
VLANIF10 SwitchB VLANIF40 SwitchD
172.16.1.1/24
2.2.2.2/24
GE0/0/2
GE0/0/2
VLANIF20
VLANIF30
3.3.3.1/24
4.4.4.1/24
GE0/0/2
GE0/0/1
VLANIF20
VLANIF30
3.3.3.2/24 SwitchC 4.4.4.2/24
GE0/0/1
VLANIF40
172.16.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure IP address for each interface to ensure network reachability.
2.
Enable RIP on each switch to implement network connections between processes.
3.
Configure BFD for RIP on interfaces at both ends of the link between Switch A and
Switch B. BFD can rapidly detect the link status and help RIP speed up route convergence
to implement fast link switching.
Procedure
Step 1 Configure VLANs that the related interfaces belong to.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan bath 10 20
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] quit
0/0/1
link-type trunk
trunk allow-pass vlan 10
0/0/2
link-type trunk
trunk allow-pass vlan 20
The configurations of Switch B, Switch C, and Switch D are similar to the configuration of
Switch A, and are not mentioned here.
Step 2 Configure an IP address to each VLANIF interface.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 2.2.2.1 24
[SwitchA-Vlanif10] quit
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
471
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ip address 3.3.3.1 24
[SwitchA-Vlanif20] quit
The configurations of Switch B, Switch C, and Switch D are similar to the configuration of
Switch A, and are not mentioned here.
Step 3 Configure basic RIP functions.
# Configure Switch A.
[SwitchA] rip 1
[SwitchA-rip-1]
[SwitchA-rip-1]
[SwitchA-rip-1]
[SwitchA-rip-1]
version 2
network 2.0.0.0
network 3.0.0.0
quit
# Configure Switch B.
[SwitchB] rip 1
[SwitchB-rip-1]
[SwitchB-rip-1]
[SwitchB-rip-1]
[SwitchB-rip-1]
[SwitchB-rip-1]
version
network
network
network
quit
2
2.0.0.0
4.0.0.0
172.16.0.0
# Configure Switch C.
[SwitchC] rip 1
[SwitchC-rip-1]
[SwitchC-rip-1]
[SwitchC-rip-1]
[SwitchC-rip-1]
version 2
network 3.0.0.0
network 4.0.0.0
quit
# Configure Switch D.
[SwitchD] rip 1
[SwitchD-rip-1] version 2
[SwitchD-rip-1] network 172.16.0.0
[SwitchD-rip-1] quit
# After completing the preceding operations, run the display rip neighbor command. The
command output shows that Switch A, Switch B, and Switch C have established neighbor
relationships with each other. In the following example, the display on Switch A is used.
[SwitchA] display rip 1 neighbor
--------------------------------------------------------------------IP Address
Interface
Type
Last-Heard-Time
--------------------------------------------------------------------2.2.2.2
Vlanif10
RIP
0:0:14
Number of RIP routes : 2
3.3.3.2
Vlanif20
RIP
0:0:19
Number of RIP routes : 1
# Run the display ip routing-table command. The command output shows that the switchs have
imported routes from each other. In the following example, the display on Switch A is used.
[SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 8
Routes : 9
Destination/Mask
2.2.2.0/24
2.2.2.1/32
Issue 04 (2013-11-06)
Proto
Pre
Cost
Direct
Direct
0
0
0
0
Flags NextHop
D
D
2.2.2.1
127.0.0.1
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Interface
Vlanif10
Vlanif10
472
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3.3.3.0/24
3.3.3.1/32
4.4.4.0/24
127.0.0.0/8
127.0.0.1/32
172.16.1.0/24
Direct
Direct
RIP
RIP
Direct
Direct
RIP
5 IP Routing
0
0
100
100
0
0
100
0
0
1
1
0
0
1
D
D
D
D
D
D
D
3.3.3.1
127.0.0.1
3.3.3.2
2.2.2.2
127.0.0.1
127.0.0.1
2.2.2.2
Vlanif20
Vlanif20
Vlanif20
Vlanif10
InLoopBack0
InLoopBack0
Vlanif10
The preceding command output shows that the next-hop address and outbound interface of the
route to destination 172.16.1.0/24 are 2.2.2.2 and VLANIF10 respectively, and traffic is
transmitted over the active link Switch A->Switch B.
Step 4 Configure BFD in RIP processes.
# Configure BFD on all interfaces of Switch A.
[SwitchA] bfd
[SwitchA-bfd] quit
[SwitchA] rip 1
[SwitchA-rip-1] bfd all-interfaces enable
[SwitchA-rip-1] bfd all-interfaces min-rx-interval 100 min-tx-interval 100 detectmultiplier 10
[SwitchA-rip-1] quit
The configuration of Switch B is similar to that of Switch A, and is not provided here.
# After completing the preceding operations, run the display rip bfd session command on
Switch A. The command output shows that Switch A and Switch B have established a BFD
session and the BFDState field value is displayed as Up. In the following example, the display
on Switch A is used.
[SwitchA] display rip 1 bfd session all
LocalIp
:2.2.2.1
RemoteIp :2.2.2.2
TX
:100
RX
:100
BFD Local Dis :8194
Interface :Vlanif10
Diagnostic Info:No diagnostic information
LocalIp
:3.3.3.1
RemoteIp :3.3.3.2
TX
:2800
RX
:2800
BFD Local Dis :8192
Interface :Vlanif20
Diagnostic Info:No diagnostic information
BFDState :Up
Multiplier:3
BFDState :Down
Multiplier:0
Step 5 Verify the configuration.
# Run the shutdown command on GE 0/0/1 of Switch B to simulate a fault in the active link.
NOTE
The link fault is simulated to verify the configuration. In actual situations, the operation is not required.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] shutdown
# Check the routing table of Switch A.
[SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 6
Routes : 6
Destination/Mask
3.3.3.0/24
3.3.3.1/32
4.4.4.0/24
Issue 04 (2013-11-06)
Proto
Pre
Cost
Direct
Direct
RIP
0
0
100
0
0
1
Flags NextHop
D
D
D
3.3.3.1
127.0.0.1
3.3.3.2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Interface
Vlanif20
Vlanif20
Vlanif20
473
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
127.0.0.0/8
127.0.0.1/32
172.16.1.0/24
Direct
Direct
RIP
5 IP Routing
0
0
100
0
0
2
D
D
D
127.0.0.1
127.0.0.1
3.3.3.2
InLoopBack0
InLoopBack0
Vlanif20
The preceding command output shows that the standby link Switch A->Switch C->Switch B is
used after the active link fails, and the next-hop address and outbound interface of the route to
destination 172.16.1.0/24 are 3.3.3.2 and VLANIF20 respectively.
----End
Configuration Files
l
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 10 20
#
bfd
#
interface Vlanif10
ip address 2.2.2.1 255.255.255.0
#
interface Vlanif20
ip address 3.3.3.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
rip 1
version 2
network 2.0.0.0
network 3.0.0.0
bfd all-interfaces enable
bfd all-interfaces min-tx 100 min-rx-interval 100 detect-multiplier 10
#
return
l
Configuration file of Switch B
#
sysname SwitchB
#
vlan batch 10 30 40
#
bfd
#
interface Vlanif10
ip address 2.2.2.2 255.255.255.0
#
interface Vlanif30
ip address 4.4.4.1 255.255.255.0
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
474
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 40
#
rip 1
version 2
network 2.0.0.0
network 4.0.0.0
network 172.16.0.0
bfd all-interfaces enable
bfd all-interfaces min-tx-interval 100 min-rx-interval 100 detect-multiplier
10
#
return
l
Configuration file of Switch C
#
sysname SwitchC
#
vlan batch 20 30
#
interface Vlanif20
ip address 3.3.3.2 255.255.255.0
#
interface Vlanif30
ip address 4.4.4.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
rip 1
version 2
network 3.0.0.0
network 4.0.0.0
#
return
l
Configuration file of Switch D
#
sysname SwitchD
#
vlan batch 40
#
interface Vlanif40
ip address 172.16.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 40
#
rip 1
version 2
network 172.16.0.0
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
475
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
5.4 RIPng Configuration
RIPng is widely used on small-sized networks to discover routes and generate routing
information.
5.4.1 Example for Configuring RIPng to Filter the Received Routes
Networking Requirements
As shown in Figure 5-9, the prefix length of all the IPv6 addresses is 64 bits. In addition, the
VLANIF interfaces between the neighboring Switches are assigned IPv6 link-local addresses.
All the Switches must learn IPv6 routing information on the network through RIPng. SwitchB
should filter the routes received from SwitchC (3::/64). That is, SwitchB does not add the routes
to its own routing table or advertise the routes to SwitchA.
Figure 5-9 Networking diagram for configuring RIPng to filter the received routes
SwitchB
GE0/0/1
VLANIF20
GE0/0/2
VLANIF30
SwitchA
SwitchC
GE0/0/1
VLANIF20
GE0/0/1
VLANIF30
GE0/0/2
VLANIF10
1::1/64
GE0/0/2
VLANIF40
2::1/64
GE0/0/3
VLANIF50
3::1/64
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable RIPng on each Switch so that the Switches can communicate with each other.
2.
Configure an ACL on SwitchB to filter the received routes.
Procedure
Step 1 Add interfaces to VLANs.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
476
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] quit
[SwitchA] vlan 20
[SwitchA-vlan20] quit
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] quit
trunk allow-pass vlan 10
0/0/1
link-type trunk
trunk allow-pass vlan 20
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA and are
not mentioned here.
Step 2 Assign IP addresses to the VLANIF interfaces.
[SwitchA] ipv6
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ipv6 enable
[SwitchA-Vlanif10] ipv6 address 1::1/64
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ipv6 enable
[SwitchA-Vlanif20] ipv6 address auto link-local
[SwitchA-Vlanif20] quit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA and are
not mentioned here.
Step 3 Configure the basic RIPng functions.
# Configure SwitchA.
[SwitchA] ripng 1
[SwitchA-ripng-1] quit
[SwitchA] interface vlanif
[SwitchA-Vlanif10] ripng 1
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif
[SwitchA-Vlanif20] ripng 1
[SwitchA-Vlanif20] quit
10
enable
20
enable
# Configure SwitchB.
[SwitchB] ripng 1
[SwitchB-ripng-1] quit
[SwitchB] interface vlaif 20
[SwitchB-Vlanif20] ripng 1 enable
[SwitchB-Vlanif20] quit
[SwitchB] interface vlanif 30
[SwitchB-Vlanif30] ripng 1 enable
[SwitchB-Vlanif30] quit
# Configure SwitchC.
[SwitchC] ripng 1
[SwitchC-ripng-1] quit
[SwitchC] interface vlanif
[SwitchC-Vlanif30] ripng 1
[SwitchC-Vlanif30] quit
[SwitchC] interface vlanif
[SwitchC-Vlanif40] ripng 1
[SwitchC-Vlanif40] quit
[SwitchC] interface vlanif
[SwitchC-Vlanif50] ripng 1
[SwitchC-Vlanif50] quit
30
enable
40
enable
50
enable
# Display the RIPng routing table of SwitchB.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
477
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
[SwitchB] display ripng 1 route
Route Flags: R - RIPng
A - Aging, G - Garbage-collect
---------------------------------------------------------------Peer FE80::F54C:0:9FDB:1 on Vlanif30
Dest 2::/64,
via FE80::F54C:0:9FDB:1, cost 1, tag 0, RA, 3 Sec
Dest 3::/64,
via FE80::F54C:0:9FDB:1, cost 1, tag 0, RA, 3 Sec
Peer FE80::D472:0:3C23:1 on Vlanif20
Dest 1::/64,
via FE80::D472:0:3C23:1, cost 1, tag 0, RA, 4 Sec
The preceding information shows that the RIPng routing table of SwitchB contains the routes
of network segment 3::/64.
# Display the RIPng routing table of SwitchA.
[SwitchA] display ripng 1 route
Route Flags: R - RIPng
A - Aging, G - Garbage-collect
---------------------------------------------------------------Peer FE80::476:0:3624:1 on Vlanif20
Dest 2::/64,
via FE80::476:0:3624:1, cost 2, tag 0, RA, 21 Sec
Dest 3::/64,
via FE80::476:0:3624:1, cost 2, tag 0, RA, 21 Sec
The preceding information shows that the RIPng routing table of SwitchA contains the routes
of network segment 3::/64 advertised by SwitchB.
Step 4 Configure SwitchB to filter the received routes.
[SwitchB] acl ipv6 number 2000
[SwitchB-acl6-basic-2000] rule deny source 3:: 64
[SwitchB-acl6-basic-2000] rule permit
[SwitchB-acl6-basic-2000] quit
[SwitchB] ripng 1
[SwitchB-ripng-1] filter-policy 2000 import
[SwitchB-ripng-1] quit
Step 5 Verify the configuration.
NOTE
After the aging time of the filtered routing entry expires, check the verification result. The default aging time is
180 seconds.
# Check the RIPng routing table of SwitchB. The RIPng routing table should not contain the
routes of network segment 3::/64.
[SwitchB] display ripng 1 route
Route Flags: R - RIPng
A - Aging, G - Garbage-collect
---------------------------------------------------------------Peer FE80::F54C:0:9FDB:1 on Vlanif30
Dest 2::/64,
via FE80::F54C:0:9FDB:1, cost 1, tag 0, RA, 14 Sec
Peer FE80::D472:0:3C23:1 on Vlanif20
Dest 1::/64,
via FE80::D472:0:3C23:1, cost 1, tag 0, RA, 25 Sec
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
478
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
# Check the RIPng routing table of SwitchA. The RIPng routing table should not contain the
routes of network segment 3::/64.
[SwitchA] display ripng 1 route
Route Flags: R - RIPng
A - Aging, G - Garbage-collect
---------------------------------------------------------------Peer FE80::476:0:3624:1 on Vlanif20
Dest 2::/64,
via FE80::476:0:3624:1, cost 2, tag 0, RA, 7 Sec
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
ipv6
#
vlan batch 10 20
#
interface Vlanif10
ipv6 enable
ipv6 address 1::1/64
ripng 1 enable
#
interface Vlanif20
ipv6 enable
ipv6 address auto link-local
ripng 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
ripng 1
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
ipv6
#
vlan batch 20 30
#
acl ipv6 number 2000
rule 0 deny source 3::/64
rule 1 permit
#
interface Vlanif20
ipv6 enable
ipv6 address auto link-local
ripng 1 enable
#
interface Vlanif30
ipv6 enable
ipv6 address auto link-local
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
479
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
ripng 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
ripng 1
filter-policy 2000 import
#
return
l
Configuration file of SwitchC
#
sysname SwitchC
#
ipv6
#
vlan batch 30 40 50
#
interface Vlanif30
ipv6 enable
ipv6 address auto link-local
ripng 1 enable
#
interface Vlanif40
ipv6 enable
ipv6 address 2::1/64
ripng 1 enable
#
interface Vlanif50
ipv6 enable
ipv6 address 3::1/64
ripng 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 50
#
ripng 1
#
return
5.5 OSPF Configuration
By building OSPF networks, you can enable OSPF to discover and calculate routes in ASs.
OSPF is applicable to a large-scale network that consists of hundreds of devices.
5.5.1 Example for Configuring Basic OSPF Functions
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
480
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
Networking Requirements
As shown in Figure 5-10, all switches run OSPF, and the entire AS is partitioned into three
areas. Switch A and Switch B serve as ABRs to forward routes between areas.
After the configuration, each Switch should learn the routes to all network segments from the
AS.
Figure 5-10 Networking diagram of basic OSPF configurations
Area 0
Switch A
Switch B
GE 0/0/1
GE 0/0/2
GE 0/0/2
GE 0/0/1
Switch C
GE 0/0/1
Area 1
GE 0/0/2
GE 0/0/1
Switch D
Area 2
GE 0/0/2
GE 0/0/1
GE 0/0/1
Switch E
Switch F
Switch
Interface
VLANIF Interface
IP Address
Switch A
GigabitEthernet 0/0/1
VLANIF 10
192.168.0.1/24
Switch A
GigabitEthernet 0/0/2
VLANIF 20
192.168.1.1/24
Switch B
GigabitEthernet 0/0/1
VLANIF 10
192.168.0.2/24
Switch B
GigabitEthernet 0/0/2
VLANIF 30
192.168.2.1/24
Switch C
GigabitEthernet 0/0/1
VLANIF 20
192.168.1.2/24
Switch C
GigabitEthernet 0/0/2
VLANIF 40
172.16.1.1/24
Switch D
GigabitEthernet 0/0/1
VLANIF 30
192.168.2.2/24
Switch D
GigabitEthernet 0/0/2
VLANIF 50
172.17.1.1/24
Switch E
GigabitEthernet 0/0/1
VLANIF 40
172.16.1.2/24
Switch F
GigabitEthernet 0/0/1
VLANIF 50
172.17.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create the ID of a VLAN to which each interface belongs.
2.
Assign an IP address to each VLANIF interface.
3.
Enable OSPF on each Switch and specify network segments in different areas.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
481
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
4.
5 IP Routing
Check the routing table and LSDB.
Configuration Procedure
1.
Create a VLAN to which each interface belongs.
The configuration details are not mentioned here.
2.
Assign an IP address to each interface.
The configuration details are not mentioned here.
3.
Configuring Basic OSPF Functions.
# Configure Switch A.
[SwitchA] router id 1.1.1.1
[SwitchA] ospf
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0]
[SwitchA-ospf-1-area-0.0.0.0]
[SwitchA-ospf-1] area 1
[SwitchA-ospf-1-area-0.0.0.1]
[SwitchA-ospf-1-area-0.0.0.1]
[SwitchA-ospf-1] quit
network 192.168.0.0 0.0.0.255
quit
network 192.168.1.0 0.0.0.255
quit
# Configure Switch B.
[SwitchB] router id 2.2.2.2
[SwitchB] ospf
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0]
[SwitchB-ospf-1-area-0.0.0.0]
[SwitchB-ospf-1] area 2
[SwitchB-ospf-1-area-0.0.0.2]
[SwitchB-ospf-1-area-0.0.0.2]
[SwitchB-ospf-1] quit
network 192.168.0.0 0.0.0.255
quit
network 192.168.2.0 0.0.0.255
quit
# Configure Switch C.
[SwitchC] router id 3.3.3.3
[SwitchC] ospf
[SwitchC-ospf-1] area 1
[SwitchC-ospf-1-area-0.0.0.1] network 192.168.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.1] network 172.16.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.1] quit
[SwitchC-ospf-1] quit
# Configure Switch D.
[SwitchD] router id 4.4.4.4
[SwitchD] ospf
[SwitchD-ospf-1] area 2
[SwitchD-ospf-1-area-0.0.0.2] network 192.168.2.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.2] network 172.17.1.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.2] quit
[SwitchD-ospf-1] quit
# Configure Switch E.
[SwitchE] router id 5.5.5.5
[SwitchE] ospf
[SwitchE-ospf-1] area 1
[SwitchE-ospf-1-area-0.0.0.1] network 172.16.1.0 0.0.0.255
[SwitchE-ospf-1-area-0.0.0.1] quit
[SwitchE-ospf-1] quit
# Configure Switch F.
[SwitchF] router id 6.6.6.6
[SwitchF] ospf
[SwitchF-ospf-1] area 2
[SwitchF-ospf-1-area-0.0.0.2] network 172.17.1.0 0.0.0.255
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
482
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
[SwitchF-ospf-1-area-0.0.0.2] quit
[SwitchF-ospf-1] quit
4.
Verify the configuration.
# Check OSPF neighbors of Switch A.
[SwitchA] display ospf peer
OSPF Process 1 with Router ID 1.1.1.1
Neighbors
Area 0.0.0.0 interface 192.168.0.1(Vlanif10)'s neighbors
Router ID: 2.2.2.2
Address: 192.168.0.2
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.0.1 BDR: 192.168.0.2 MTU: 0
Dead timer due in 36 sec
Retrans timer interval: 5
Neighbor is up for 00:15:04
Authentication Sequence: [ 0 ]
Neighbors
Area 0.0.0.1 interface 192.168.1.1(Vlanif20)'s neighbors
Router ID: 3.3.3.3
Address: 192.168.1.2
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.1.1 BDR: 192.168.1.2 MTU: 0
Dead timer due in 39 sec
Retrans timer interval: 5
Neighbor is up for 00:07:32
Authentication Sequence: [ 0 ]
# Check OSPF routing information of Switch A.
[SwitchA] display ospf routing
OSPF Process 1 with Router ID 1.1.1.1
Routing Tables
Routing for Network
Destination
Cost
172.16.1.0/24
2
172.17.1.0/24
3
192.168.0.0/24
1
192.168.1.0/24
1
192.168.2.0/24
2
Total Nets: 5
Intra Area: 3
Type
Transit
Inter-area
Transit
Transit
Inter-area
Inter Area: 2
NextHop
192.168.1.2
192.168.0.2
192.168.0.1
192.168.1.1
192.168.0.2
ASE: 0
AdvRouter
3.3.3.3
2.2.2.2
1.1.1.1
1.1.1.1
2.2.2.2
Area
0.0.0.1
0.0.0.0
0.0.0.0
0.0.0.1
0.0.0.0
NSSA: 0
# View the LSDB of Switch A.
[SwitchA] display ospf lsdb
OSPF Process 1 with Router ID 1.1.1.1
Link State Database
Type
Router
Router
Network
Sum-Net
Sum-Net
Sum-Net
Sum-Net
Type
Router
Router
Router
Issue 04 (2013-11-06)
LinkState ID
2.2.2.2
1.1.1.1
192.168.0.1
172.16.1.0
172.17.1.0
192.168.2.0
192.168.1.0
LinkState ID
5.5.5.5
3.3.3.3
1.1.1.1
Area: 0.0.0.0
AdvRouter
2.2.2.2
1.1.1.1
1.1.1.1
1.1.1.1
2.2.2.2
2.2.2.2
1.1.1.1
Age
317
316
316
250
203
237
295
Len
48
48
32
28
28
28
28
Sequence
80000003
80000002
80000001
80000001
80000001
80000002
80000002
Metric
1
1
0
2
2
1
1
Area: 0.0.0.1
AdvRouter
5.5.5.5
3.3.3.3
1.1.1.1
Age
214
217
289
Len
36
60
48
Sequence
80000004
80000008
80000002
Metric
1
1
1
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
483
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Network
Network
Sum-Net
Sum-Net
Sum-Net
5 IP Routing
192.168.1.1
172.16.1.1
172.17.1.0
192.168.2.0
192.168.0.0
1.1.1.1
3.3.3.3
1.1.1.1
1.1.1.1
1.1.1.1
202
670
202
242
300
28
32
28
28
28
80000002
80000001
80000001
80000001
80000001
0
0
3
2
1
# Check the routing table of Switch D and perform the ping operation to test the
connectivity.
[SwitchD] display ospf routing
OSPF Process 1 with Router ID 4.4.4.4
Routing Tables
Routing for Network
Destination
Cost
172.16.1.0/24
4
172.17.1.0/24
1
192.168.0.0/24
2
192.168.1.0/24
3
192.168.2.0/24
1
Total Nets: 5
Intra Area: 2
Type
NextHop
Inter-area 192.168.2.1
Transit
172.17.1.1
Inter-area 192.168.2.1
Inter-area 192.168.2.1
Transit
192.168.2.2
Inter Area: 3
ASE: 0
AdvRouter
2.2.2.2
4.4.4.4
2.2.2.2
2.2.2.2
4.4.4.4
Area
0.0.0.2
0.0.0.2
0.0.0.2
0.0.0.2
0.0.0.2
NSSA: 0
[SwitchD] ping 172.16.1.1
PING 172.16.1.1: 56 data bytes, press CTRL_C to break
Reply from 172.16.1.1: bytes=56 Sequence=1 ttl=253 time=62
Reply from 172.16.1.1: bytes=56 Sequence=2 ttl=253 time=16
Reply from 172.16.1.1: bytes=56 Sequence=3 ttl=253 time=62
Reply from 172.16.1.1: bytes=56 Sequence=4 ttl=253 time=94
Reply from 172.16.1.1: bytes=56 Sequence=5 ttl=253 time=63
ms
ms
ms
ms
ms
--- 172.16.1.1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 16/59/94 ms
Configuration Files
l
Configuration file of Switch A
#
sysname SwitchA
#
router id 1.1.1.1
#
vlan batch 10 20
#
interface Vlanif10
ip address 192.168.0.1 255.255.255.0
#
interface Vlanif20
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
484
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
network 192.168.1.0 0.0.0.255
#
return
l
Configuration file of Switch B
#
sysname SwitchB
#
router id 2.2.2.2
#
vlan batch 10 30
#
interface Vlanif10
ip address 192.168.0.2 255.255.255.0
#
interface Vlanif30
ip address 192.168.2.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.2
network 192.168.2.0 0.0.0.255
#
return
l
Configuration file of Switch C
#
sysname SwitchC
#
router id 3.3.3.3
#
vlan batch 20 40
#
interface Vlanif20
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
ospf 1
area 0.0.0.1
network 192.168.1.0 0.0.0.255
network 172.16.1.0 0.0.0.255
#
return
l
Configuration file of Switch D
#
sysname SwitchD
#
router id 4.4.4.4
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
485
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
#
vlan batch 30 50
#
interface Vlanif30
ip address 192.168.2.2 255.255.255.0
#
interface Vlanif50
ip address 172.17.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
ospf 1
area 0.0.0.2
network 192.168.2.0 0.0.0.255
network 172.17.1.0 0.0.0.255
#
return
l
Configuration file of Switch E
#
sysname SwitchE
#
router id 5.5.5.5
#
vlan batch 40
#
interface Vlanif40
ip address 172.16.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
ospf 1
area 0.0.0.1
network 172.16.1.0 0.0.0.255
#
return
l
Configuration file of Switch F
#
sysname SwitchF
#
router id 6.6.6.6
#
vlan batch 50
#
interface Vlanif50
ip address 172.17.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
ospf 1
area 0.0.0.2
network 172.17.1.0 0.0.0.255
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
486
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
5.5.2 Example for Configuring a Stub Area of OSPF
Networking Requirements
As shown in Figure 5-11, OSPF is enabled on all Switches and the entire AS is partitioned into
three areas. SwitchA and SwitchB function as ABRs to forward routes between areas. SwitchD
functions as the ASBR to import static routes.
The requirement is to configure Area 1 as the stub area, thus reducing the LSAs advertised to
this area without affecting the route reachability.
Figure 5-11 Configuring OSPF stub areas
Switch A
Area 0
GE 0/0/1
GE 0/0/2
Switch B
GE 0/0/1
Switch C
GE 0/0/1
Area 1
GE 0/0/2
GE0/0/1
GE 0/0/2
GE 0/0/1
Switch D
Area 2
GE 0/0/2
GE0/0/1
Switch E
Switch F
S-switch
Interface
VLANIF Interface
IP Address
SwitchA
GigabitEthernet 0/0/1
VLANIF 10
192.168.0.1/24
SwitchA
GigabitEthernet 0/0/2
VLANIF 20
192.168.1.1/24
SwitchB
GigabitEthernet 0/0/1
VLANIF 10
192.168.0.2/24
SwitchB
GigabitEthernet 0/0/2
VLANIF 30
192.168.2.1/24
SwitchC
GigabitEthernet 0/0/1
VLANIF 20
192.168.1.2/24
SwitchC
GigabitEthernet 0/0/2
VLANIF 40
172.16.1.1/24
SwitchD
GigabitEthernet 0/0/1
VLANIF 30
192.168.2.2/24
SwitchD
GigabitEthernet 0/0/2
VLANIF 50
172.17.1.1/24
SwitchE
GigabitEthernet 0/0/1
VLANIF 40
172.16.1.2/24
SwitchF
GigabitEthernet 0/0/1
VLANIF 50
172.17.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
487
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
1.
Enable OSPF on each Switch and configure basic OSPF functions.
2.
Configure static routes on SwitchD and import them.
3.
Configure Area 1 as a stub area. You need to run the stub command on all Switches in
Area 1.
4.
Do not advertise Type3 LSAs to the stub area on SwitchA.
Configuration Procedure
1.
5.5.1 Example for Configuring Basic OSPF Functions.
2.
Configure SwitchD to import static routes.
# Import static routes on SwitchD, as follows:
[SwitchD] ip route-static 200.0.0.0 8 null 0
[SwitchD] ospf
[SwitchD-ospf-1] import-route static type 1
[SwitchD-ospf-1] quit
# Display the ABR or ASBR of SwitchC.
[SwitchC] display ospf abr-asbr
OSPF Process 1 with Router ID 3.3.3.3
Routing Table to ABR and ASBR
Type
Intra-area
Inter-area
Destination
1.1.1.1
4.4.4.4
Area
0.0.0.1
0.0.0.1
Cost
1
3
Nexthop
192.168.1.1
192.168.1.1
RtType
ABR
ASBR
# Check the routing table of an OSPF process of SwitchC.
[SwitchC] display ospf routing
OSPF Process 1 with Router ID 3.3.3.3
Routing Tables
Routing for Network
Destination
Cost
172.16.1.0/24
1
172.17.1.0/24
4
192.168.0.0/24
2
192.168.1.0/24
1
192.168.2.0/24
3
Routing for ASEs
Destination
200.0.0.0/8
Total Nets: 6
Intra Area: 2
Type
Transit
Inter-area
Inter-area
Transit
Inter-area
Cost
4
Inter Area: 3
Type
Type1
ASE: 1
NextHop
172.16.1.1
192.168.1.1
192.168.1.1
192.168.1.2
192.168.1.1
Tag
1
AdvRouter
3.3.3.3
1.1.1.1
1.1.1.1
3.3.3.3
1.1.1.1
Area
0.0.0.1
0.0.0.1
0.0.0.1
0.0.0.1
0.0.0.1
NextHop
192.168.1.1
AdvRouter
4.4.4.4
NSSA: 0
If the area where SwitchC resides is the common area, you can view that AS external routes
exist in the routing table.
3.
Configure Area 1 as a stub area.
# Configure SwitchA.
[SwitchA] ospf
[SwitchA-ospf-1] area 1
[SwitchA-ospf-1-area-0.0.0.1] stub
[SwitchA-ospf-1-area-0.0.0.1] quit
[SwitchA-ospf-1] quit
# Configure SwitchC.
[SwitchC] ospf
[SwitchC-ospf-1] area 1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
488
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
[SwitchC-ospf-1-area-0.0.0.1] stub
[SwitchC-ospf-1-area-0.0.0.1] quit
[SwitchC-ospf-1] quit
# Configure SwitchE.
[SwitchE] ospf
[SwitchE-ospf-1] area 1
[SwitchE-ospf-1-area-0.0.0.1] stub
[SwitchE-ospf-1-area-0.0.0.1] quit
[SwitchE-ospf-1] quit
# Check the routing table of SwitchC.
[SwitchC] display ospf routing
OSPF Process 1 with Router ID 3.3.3.3
Routing Tables
Routing for Network
Destination
Cost
0.0.0.0/0
2
172.16.1.0/24
1
172.17.1.0/24
4
192.168.0.0/24
2
192.168.1.0/24
1
192.168.2.0/24
3
Total Nets: 6
Intra Area: 2
Type
Inter-area
Transit
Inter-area
Inter-area
Transit
Inter-area
Inter Area: 4
NextHop
192.168.1.1
172.16.1.1
192.168.1.1
192.168.1.1
192.168.1.2
192.168.1.1
ASE: 0
AdvRouter
1.1.1.1
3.3.3.3
1.1.1.1
1.1.1.1
3.3.3.3
1.1.1.1
Area
0.0.0.1
0.0.0.1
0.0.0.1
0.0.0.1
0.0.0.1
0.0.0.1
NSSA: 0
When the area where SwitchC resides is configured as a stub area, you may not find the
AS external route but a default route external to the AS.
# Disable Router A from advertising Type3 LSAs to the stub area.
[SwitchA] ospf
[SwitchA-ospf-1] area 1
[SwitchA-ospf-1-area-0.0.0.1] stub no-summary
[SwitchA-ospf-1-area-0.0.0.1] quit
[SwitchA-ospf-1] quit
4.
Verify the configuration.
# Check the OSPF routing table of SwitchC.
[SwitchC] display ospf routing
OSPF Process 1 with Router ID 3.3.3.3
Routing Tables
Routing for Network
Destination
Cost Type
0.0.0.0/0
2
Inter-area
172.16.1.0/24
1
Transit
192.168.1.0/24
1
Transit
Total Nets: 3
Intra Area: 2
Inter Area: 1
ASE: 0
NextHop
192.168.1.1
172.16.1.1
192.168.1.2
AdvRouter
1.1.1.1
3.3.3.3
3.3.3.3
Area
0.0.0.1
0.0.0.1
0.0.0.1
NSSA: 0
After the advertisement of Summary-LSA to the stub area is disabled, the route entries are
further reduced. The AS external routes are invisible in the routing table. Instead, there is
a default route.
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
489
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
router id 1.1.1.1
#
vlan batch 10 20
#
interface Vlanif10
ip address 192.168.0.1 255.255.255.0
#
interface Vlanif20
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
stub no-summary
#
return
NOTE
Configuration files of SwitchB and SwitchF are the same as the configuration file of SwitchA, and
are not mentioned here.
l
Configuration file of SwitchC
#
sysname SwitchC
#
router id 3.3.3.3
#
vlan batch 20 40
#
interface Vlanif20
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
ospf 1
area 0.0.0.1
network 192.168.1.0 0.0.0.255
network 172.16.1.0 0.0.0.255
stub
#
return
l
Configuration file of SwitchD
#
sysname SwitchD
#
vlan batch 30 50
#
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
490
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
router id 4.4.4.4
#
interface Vlanif30
ip address 192.168.2.2 255.255.255.0
#
interface Vlanif50
ip address 172.17.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
ospf 1
import-route static type 1
area 0.0.0.2
network 192.168.2.0 0.0.0.255
network 172.17.1.0 0.0.0.255
#
ip route-static 200.0.0.0 255.0.0.0 NULL0
#
return
l
Configuration file of SwitchE
#
sysname SwitchE
#
router id 5.5.5.5
#
vlan batch 40
#
interface Vlanif40
ip address 172.16.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
ospf 1
area 0.0.0.1
network 172.16.1.0 0.0.0.255
stub
#
return
5.5.3 Example for Configuring an OSPF NSSA Area
Networking Requirements
As shown in Figure 5-12, OSPF is enabled on all Switches and the entire AS is partitioned into
three areas. SwitchA and SwitchB function as ABRs to forward routes between areas. SwitchD
functions as the ASBR to import external routes (static routes).
The requirement is to configure Area 1 as an NSSA area and configure SwitchC as an ASBR to
import external routes (static routes). The routing information can be transmitted correctly in
the AS.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
491
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
Figure 5-12 Configuring OSPF NSSA areas
Area 0
Switch A
GE 0/0/2
Switch C
Switch B
GE 0/0/1
GE 0/0/1
GE 0/0/2
GE 0/0/1
GE 0/0/1
Area 1
GE 0/0/2
Area 2
GE 0/0/2
GE 0/0/1
Switch D
GE 0/0/1
Switch E
Switch F
S-switch
Interface
VLANIF Interface
IP Address
SwitchA
GigabitEthernet 0/0/1
VLANIF 10
192.168.0.1/24
SwitchA
GigabitEthernet 0/0/2
VLANIF 20
192.168.1.1/24
SwitchB
GigabitEthernet 0/0/1
VLANIF 10
192.168.0.2/24
SwitchB
GigabitEthernet 0/0/2
VLANIF 30
192.168.2.1/24
SwitchC
GigabitEthernet 0/0/1
VLANIF 20
192.168.1.2/24
SwitchC
GigabitEthernet 0/0/2
VLANIF 40
172.16.1.1/24
SwitchD
GigabitEthernet 0/0/1
VLANIF 30
192.168.2.2/24
SwitchD
GigabitEthernet 0/0/2
VLANIF 50
172.17.1.1/24
SwitchE
GigabitEthernet 0/0/1
VLANIF 40
172.16.1.2/24
SwitchF
GigabitEthernet 0/0/1
VLANIF 50
172.17.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable OSPF on each Switch and configure basic OSPF functions.
2.
Configure static routes on SwitchD and import them into OSPF.
3.
Configure Area 1 as an NSSA area (run the nssa command on all routers in Area 1) and
check the OSPF routing information of SwitchC.
4.
Configure static routes on SwitchC, import them into OSPF, and check the OSPF routing
information of SwitchD.
Configuration Procedure
1.
Issue 04 (2013-11-06)
5.5.1 Example for Configuring Basic OSPF Functions.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
492
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
2.
Configure SwitchD to import static routes. See 5.5.2 Example for Configuring a Stub
Area of OSPF.
3.
Configure Area 1 as an NSSA area.
# Configure SwitchA.
[SwitchA] ospf
[SwitchA-ospf-1] area 1
[SwitchA-ospf-1-area-0.0.0.1] nssa default-route-advertise no-summary
[SwitchA-ospf-1-area-0.0.0.1] quit
[SwitchA-ospf-1] quit
# Configure SwitchC.
[SwitchC] ospf
[SwitchC-ospf-1] area 1
[SwitchC-ospf-1-area-0.0.0.1] nssa
[SwitchC-ospf-1-area-0.0.0.1] quit
[SwitchC-ospf-1] quit
# Configure SwitchE.
[SwitchE] ospf
[SwitchE-ospf-1] area 1
[SwitchE-ospf-1-area-0.0.0.1] nssa
[SwitchE-ospf-1-area-0.0.0.1] quit
[SwitchE-ospf-1] quit
NOTE
You should run the default-route-advertise no-summary command on SwitchA. In this manner,
the size of the routing table of devices in the NSSA area can be reduced. For other devices in the
NSSA area, you need to use only the nssa command.
# Check the OSPF routing table of SwitchC.
[SwitchC] display ospf routing
OSPF Process 1 with Router ID 3.3.3.3
Routing Tables
Routing for Network
Destination
Cost
0.0.0.0/0
2
172.16.1.0/24
1
192.168.1.0/24
1
Total Nets: 3
Intra Area: 2
4.
Type
Inter-area
Transit
Transit
Inter Area: 1
ASE: 0
NextHop
192.168.1.1
172.16.1.1
192.168.1.2
AdvRouter
1.1.1.1
3.3.3.3
3.3.3.3
Area
0.0.0.1
0.0.0.1
0.0.0.1
AdvRouter
2.2.2.2
4.4.4.4
Area
0.0.0.2
0.0.0.2
NSSA: 0
Configure SwitchC to import static routes.
# Import static routes on SwitchC, as follows:
[SwitchC]ip route-static 100.0.0.0 8 null 0
[SwitchC] ospf
[SwitchC-ospf-1] import-route static
[SwitchC-ospf-1] quit
5.
Verify the configuration.
# Check the OSPF routing table of SwitchD.
[SwitchD] display ospf routing
OSPF Process 1 with Router ID 4.4.4.4
Routing Tables
Routing for Network
Destination
Cost
172.16.1.0/24
4
172.17.1.0/24
1
Issue 04 (2013-11-06)
Type
Inter-area
Transit
NextHop
192.168.2.1
172.17.1.1
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
493
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
192.168.0.0/24
192.168.1.0/24
192.168.2.0/24
Routing for ASEs
Destination
100.0.0.0/8
Total Nets: 6
Intra Area: 2
5 IP Routing
2
3
1
Inter-area
Inter-area
Transit
Cost
1
Inter Area: 3
192.168.2.1
192.168.2.1
192.168.2.2
Type
Type2
ASE: 1
Tag
1
2.2.2.2
2.2.2.2
4.4.4.4
NextHop
192.168.2.1
0.0.0.2
0.0.0.2
0.0.0.2
AdvRouter
1.1.1.1
NSSA: 0
You can view one imported AS external route on SwitchD in the NSSA area.
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
router id 1.1.1.1
#
vlan batch 10 20
#
interface Vlanif10
ip address 192.168.0.1 255.255.255.0
#
interface Vlanif20
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
nssa default-route-advertise no-summary
#
return
NOTE
Configuration files of SwitchB, SwitchD, and SwitchF are the same as the configuration file of
SwitchA, and are not mentioned here.
l
Configuration file of SwitchC
#
sysname SwitchC
#
router id 3.3.3.3
#
vlan batch 20 40
#
interface Vlanif20
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
494
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
interface GigabitEthernet0/0/2
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
ospf 1
import-route static
area 0.0.0.1
network 192.168.1.0 0.0.0.255
network 172.16.1.0 0.0.0.255
nssa
#
ip route-static 100.0.0.0 255.0.0.0 NULL0
#
return
l
Configuration file of SwitchE
#
sysname SwitchE
#
router id 5.5.5.5
#
vlan batch 40
#
interface Vlanif40
ip address 172.16.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
ospf 1
area 0.0.0.1
network 172.16.1.0 0.0.0.255
nssa
#
return
5.5.4 Example for Configuring DR Election of an OSPF Process
Networking Requirements
As shown in Figure 5-13, Switch A has the highest priority of 100 in the network and is selected
as DR. Switch C has the second highest priority, and is selected as BDR. The priority of Switch
B is 0, so Switch B cannot be selected as DR. The priority of Switch D is not configured and its
default value is 1.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
495
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
Figure 5-13 Networking diagram for configuring DR election of an OSPF process
Switch A
Switch B
GE 0/0/1
GE 0/0/1
GE 0/0/1
GE 0/0/1
Switch C
Switch D
Switch
Interface
VLANIF
IP address
SwitchA
GigabitEthernet 0/0/1
VLANIF 10
192.168.1.1/24
SwitchB
GigabitEthernet 0/0/1
VLANIF 10
192.168.1.2/24
SwitchC
GigabitEthernet 0/0/1
VLANIF 10
192.168.1.3/24
SwitchD
GigabitEthernet 0/0/1
VLANIF 10
192.168.1.4/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create the ID of a VLAN to which each interface belongs.
2.
Assign an IP address to each VLANIF interface.
3.
Configure the router ID of each Switch, enable OSPF, and specify network segments.
4.
Check the DR or BDR status of each Switch.
5.
Set the DR priority of the interface and check the DR or BDR status.
Configuration Procedure
1.
Create a VLAN to which each interface belongs.
The configuration details are not mentioned here.
2.
Assign an IP address to each interface.
The configuration details are not mentioned here.
3.
5.5.1 Example for Configuring Basic OSPF Functions.
# Configure Switch A.
[SwitchA] router id 1.1.1.1
[SwitchA] ospf
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# Configure Switch B.
[SwitchB] router id 2.2.2.2
[SwitchB] ospf
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
496
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# Configure Switch C.
[SwitchC] router id 3.3.3.3
[SwitchC] ospf
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
# Configure Switch D.
[SwitchD] router id 4.4.4.4
[SwitchD] ospf
[SwitchD-ospf-1] area 0
[SwitchD-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.0] quit
[SwitchD-ospf-1] quit
# Check the DR or BDR status.
[SwitchA] display ospf peer
OSPF Process 1 with Router ID 1.1.1.1
Neighbors
Area 0.0.0.0 interface 192.168.1.1(Vlanif10)'s neighbors
Router ID: 2.2.2.2
Address: 192.168.1.2
State: 2-Way Mode:Nbr is Master Priority: 1
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
Dead timer due in 32 sec
Retrans timer interval: 5
Neighbor is up for 00:00:00
Authentication Sequence: [ 0 ]
Router ID: 3.3.3.3
Address: 192.168.1.3
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
Dead timer due in 37 sec
Retrans timer interval: 5
Neighbor is up for 00:04:06
Authentication Sequence: [ 0 ]
Router ID: 4.4.4.4
Address: 192.168.1.4
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
Dead timer due in 37 sec
Retrans timer interval: 5
Neighbor is up for 00:03:53
Authentication Sequence: [ 0 ]
Check information about the neighbor of Switch A. You can view the DR priority and
neighbor status. By default, the DR priority is 1. Now Switch D is a DR and Switch C is a
BDR.
NOTE
When the priority is the same, the Switch with a higher router ID is selected as DR. If one Ethernet
interface of the Switch becomes DR, the other broadcast interfaces of the Switch have a high priority
of being selected as DRs in future DR selection. That is, select the DR Switch as DR. DR cannot be
preempted.
4.
Configure DR priorities on the interfaces.
# Configure Switch A.
[SwitchA] interface vlanif 10
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
497
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
[SwitchA-Vlanif10] ospf dr-priority 100
[SwitchA-Vlanif10] quit
# Configure Switch B.
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ospf dr-priority 0
[SwitchB-Vlanif10] quit
# Configure Switch C.
[SwitchC] interface vlanif 10
[SwitchC-Vlanif10] ospf dr-priority 2
[SwitchC-Vlanif10] quit
# View the DR or BDR status.
[SwitchD] display ospf peer
OSPF Process 1 with Router ID 4.4.4.4
Neighbors
Area 0.0.0.0 interface 192.168.1.4(Vlanif10)'s neighbors
Router ID: 1.1.1.1
Address: 192.168.1.1
State: Full Mode:Nbr is Slave Priority: 100
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
Dead timer due in 31 sec
Retrans timer interval: 5
Neighbor is up for 00:11:17
Authentication Sequence: [ 0 ]
Router ID: 2.2.2.2
Address: 192.168.1.2
State: Full Mode:Nbr is Slave Priority: 0
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
Dead timer due in 35 sec
Retrans timer interval: 5
Neighbor is up for 00:11:19
Authentication Sequence: [ 0 ]
Router ID: 3.3.3.3
Address: 192.168.1.3
State: Full Mode:Nbr is Slave Priority: 2
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
Dead timer due in 33 sec
Retrans timer interval: 5
Neighbor is up for 00:11:15
Authentication Sequence: [ 0 ]
NOTE
The DR priority on the interface is invalid after it is configured.
5.
Restart OSPF processes.
On each Switch, run the reset ospf 1 process command in the user view to restart the OSPF
process.
6.
Verify the configuration.
# Check the status of OSPF neighbors.
[SwitchD] display ospf peer
OSPF Process 1 with Router ID 4.4.4.4
Neighbors
Area 0.0.0.0 interface 192.168.1.4(Vlanif10)'s neighbors
Router ID: 1.1.1.1
Address: 192.168.1.1
State: Full Mode:Nbr is Master Priority: 100
DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0
Dead timer due in 35 sec
Retrans timer interval: 5
Neighbor is up for 00:07:19
Authentication Sequence: [ 0 ]
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
498
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
Router ID: 2.2.2.2
Address: 192.168.1.2
State: 2-Way Mode:Nbr is Slave Priority: 0
DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0
Dead timer due in 35 sec
Retrans timer interval: 5
Neighbor is up for 00:00:00
Authentication Sequence: [ 0 ]
Router ID: 3.3.3.3
Address: 192.168.1.3
State: Full Mode:Nbr is Slave Priority: 2
DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0
Dead timer due in 37 sec
Retrans timer interval: 5
Neighbor is up for 00:07:17
Authentication Sequence: [ 0 ]
# Check the status of an interface enabled with OSPF.
[SwitchA] display ospf interface
OSPF Process 1 with Router ID 1.1.1.1
Interfaces
Area: 0.0.0.0
IP Address
192.168.1.1
Type
Broadcast
State
DR
Cost
1
Pri
100
DR
192.168.1.1
BDR
192.168.1.3
DR
192.168.1.1
BDR
192.168.1.3
[SwitchB] display ospf interface
OSPF Process 1 with Router ID 2.2.2.2
Interfaces
Area: 0.0.0.0
IP Address
192.168.1.2
Type
Broadcast
State
DROther
Cost
1
Pri
0
All neighbors are in the full state. This indicates that SwitchA sets up neighbor relationships
with all its neighbors. If the neighbor remains "2-Way", it indicates both of them are not
DRs or BDRs. Thus, they need not exchange LSAs.
All other neighbors are DR Others. This indicates that they are neither DRs nor BDRs.
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
router id 1.1.1.1
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
ospf dr-priority 100
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
499
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
l
5 IP Routing
Configuration file of SwitchB
#
sysname SwitchB
#
router id 2.2.2.2
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.2 255.255.255.0
ospf dr-priority 0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
l
Configuration file of SwitchC
#
sysname SwitchC
#
router id 3.3.3.3
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.3 255.255.255.0
ospf dr-priority 2
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
l
Configuration file of SwitchD
#
sysname SwitchD
#
router id 4.4.4.4
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.4 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
5.5.5 Example for Configuring OSPF Load Balancing
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
500
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
Networking Requirements
As shown in Figure 5-14:
l
SwitchA, SwitchB, SwitchC, and SwitchD connect to each other through OSPF.
l
SwitchA, SwitchB, SwitchC, and SwitchD belong to Area 0.
l
Load balancing is performed between SwitchB and SwitchC. The traffic of SwitchA is sent
to SwitchD by SwitchB and SwitchC.
Figure 5-14 Networking diagram for configuring OSPF load balancing
SwitchB
GE0/0/1
GE0/0/3
SwitchA
GE0/0/2
GE0/0/1
GE0/0/2
GE0/0/1
SwitchD
GE0/0/3
Area 0
GE0/0/2
GE0/0/1
GE0/0/2
SwitchC
Device
Interface
VLANIF Interface IP Address
SwitchA
GigabitEthernet 0/0/1
VLANIF 10
10.1.1.1/24
SwitchA
GigabitEthernet 0/0/2
VLANIF 20
10.1.2.1/24
SwitchA
GigabitEthernet 0/0/3
VLANIF 50
172.16.1.1/24
SwitchB
GigabitEthernet 0/0/1
VLANIF 10
10.1.1.2/24
SwitchB
GigabitEthernet 0/0/2
VLANIF 30
192.168.0.1/24
SwitchC
GigabitEthernet 0/0/1
VLANIF 20
10.1.2.2/24
SwitchC
GigabitEthernet 0/0/2
VLANIF 40
192.168.1.1/24
SwitchD
GigabitEthernet 0/0/1
VLANIF 30
192.168.0.2/24
SwitchD
GigabitEthernet 0/0/2
VLANIF 40
192.168.1.2/24
SwitchD
GigabitEthernet 0/0/3
VLANIF 60
172.17.1.1/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable OSPF on each Switch to implement interconnection.
2.
Cancel load balancing and check the routing table.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
501
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
3.
5 IP Routing
(Optional) Set the preferences for equal-cost routes on SwitchA.
Configuration Procedure
1.
Create a VLAN to which each interface belongs.
The configuration details are not mentioned here.
2.
Assign an IP address to each interface.
The configuration details are not mentioned here.
3.
5.5.1 Example for Configuring Basic OSPF Functions.
4.
Cancel load balancing on SwitchA.
[SwitchA] ospf
[SwitchA-ospf-1] maximum load-balancing 1
[SwitchA-ospf-1] quit
# Check the routing table of SwitchA.
[SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 11
Routes : 11
Destination/Mask
10.1.1.0/24
10.1.1.1/32
10.1.2.0/24
10.1.2.1/32
127.0.0.0/8
127.0.0.1/32
172.16.1.0/24
172.16.1.1/32
172.17.1.0/24
192.168.0.0/24
192.168.1.0/24
Proto
Pre
Cost
Flags
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
OSPF
OSPF
OSPF
0
0
0
0
0
0
0
0
10
10
10
0
0
0
0
0
0
0
0
3
2
2
D
D
D
D
D
D
D
D
D
D
D
NextHop
Interface
10.1.1.1
127.0.0.1
10.1.2.1
127.0.0.1
127.0.0.1
127.0.0.1
172.16.1.1
127.0.0.1
10.1.1.2
10.1.1.2
10.1.2.2
Vlanif10
Vlanif10
Vlanif20
Vlanif20
InLoopBack0
InLoopBack0
Vlanif50
Vlanif50
Vlanif10
Vlanif10
Vlanif20
As shown in the routing table, when the maximum number of the equal-cost routes is 1,
the next hop to the destination network segment 172.17.1.0 is 10.1.1.2.
NOTE
In the preceding example, 10.1.1.2 is selected as the optimal next hop. This is because OSPF selects
the next hop of the equal-cost route randomly.
5.
Restore the default number of routes for load balancing on SwitchA.
[SwitchA] ospf
[SwitchA-ospf-1] undo maximum load-balancing
[SwitchA-ospf-1] quit
# Check the routing table of SwitchA.
[SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
---------------------------------------------------------------------------Routing Tables: Public
Destinations : 11
Routes : 12
Destination/Mask
Proto
Pre
Cost Flags
NextHop
Interface
10.1.1.0/24
10.1.1.1/32
10.1.2.0/24
10.1.2.1/32
127.0.0.0/8
InLoopBack0
Issue 04 (2013-11-06)
Direct
Direct
Direct
Direct
Direct
0
0
0
0
0
0
0
0
0
D
D
D
D
0
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
D
10.1.1.1
127.0.0.1
10.1.2.1
127.0.0.1
127.0.0.1
Vlanif10
Vlanif10
Vlanif20
Vlanif20
502
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
127.0.0.1/32
InLoopBack0
172.16.1.0/24
172.16.1.1/32
172.17.1.0/24
192.168.0.0/24
192.168.1.0/24
5 IP Routing
Direct
0
Direct 0
Direct 0
OSPF
10
OSPF
10
OSPF
10
OSPF
10
0
0
0
3
3
2
2
D
D
D
D
D
D
D
127.0.0.1
172.16.1.1
127.0.0.1
10.1.1.2
10.1.2.2
10.1.1.2
10.1.2.2
Vlanif50
Vlanif50
Vlanif10
Vlanif20
Vlanif10
Vlanif20
As shown in the routing table, when the default setting of load balancing is restored, the
next hops of SwitchA, that is, 10.1.1.2 (SwitchB) and 10.1.2.2 (SwitchC), become valid
routes. This is because the default number of equal-cost routes is 8.
6.
(Optional) Set the preferences for equal-cost routes on SwitchA.
If you need not perform load balancing between SwitchB and SwitchC, set the preferences
for equal-cost routes and specify the next hop.
[SwitchA] ospf
[SwitchA-ospf-1] nexthop 10.1.2.2 weight 1
[SwitchA-ospf-1] quit
# Check the routing table of SwitchA.
[SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 11
Routes : 11
Destination/Mask
10.1.1.0/24
10.1.1.1/32
10.1.2.0/24
10.1.2.1/32
127.0.0.0/8
InLoopBack0
127.0.0.1/32
InLoopBack0
172.16.1.0/24
172.16.1.1/32
172.17.1.0/24
192.168.0.0/24
192.168.1.0/24
Proto
Pre
Direct 0
Direct 0
Direct 0
Direct 0
Direct 0
Direct
Direct
Direct
OSPF
OSPF
OSPF
Cost
0
0
0
0
0
Flags
D
D
D
D
D
NextHop
10.1.1.1
127.0.0.1
10.1.2.1
127.0.0.1
127.0.0.1
0
D
127.0.0.1
0
0
0
10
10
10
0
0
3
2
2
D
D
D
D
D
172.16.1.1
127.0.0.1
10.1.2.2
10.1.1.2
10.1.2.2
Interface
Vlanif10
Vlanif10
Vlanif20
Vlanif20
Vlanif50
Vlanif50
Vlanif20
Vlanif10
Vlanif20
As shown in the routing table, OSPF selects the next hop 10.1.2.2 as the unique optimal
route. This is because the preference of the next hop 10.1.2.2 (SwitchC) is higher than that
of the next hop 10.1.1.2 (SwitchB) after the preferences of the equal-cost routes are set.
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 20 50
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface Vlanif20
ip address 10.1.2.1 255.255.255.0
#
interface Vlanif50
ip address 172.16.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
503
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface GigabitEthernet0/0/3
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 172.16.1.0 0.0.0.255
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10 30
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif30
ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 192.168.0.0 0.0.0.255
#
return
l
Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 20 40
#
interface Vlanif20
ip address 10.1.2.2 255.255.255.0
#
interface Vlanif40
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 10.1.2.0 0.0.0.255
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
504
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
network 192.168.1.0 0.0.0.255
#
return
l
Configuration file of SwitchD
#
sysname SwitchD
#
vlan batch 30 40 60
#
interface Vlanif30
ip address 192.168.0.2 255.255.255.0
#
interface Vlanif40
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif60
ip address 172.17.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface GigabitEthernet0/0/3
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 192.168.0.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 172.17.1.0 0.0.0.255
#
return
5.5.6 Example for Configuring OSPF GR
Networking Requirements
As shown in Figure 5-15, Switch A and Switch B have two main control boards, which work
in active/standby mode. Switch A and Switch B belong to Area 0 and are connected through
OSPF. They also provide the GR feature.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
505
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
Figure 5-15 Networking diagram for configuring OSPF GR
SwitchA
SwitchB
GE0/0/1
GE0/0/1
Area 0
Switch
Interface
VLANIF interface
IP address
Switch A
GigabitEthernet0/0/1
VLANIF 10
1.1.1.1/24
Switch B
GigabitEthernet0/0/1
VLANIF 10
1.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the basic OSPF functions on each Switch to implement interconnection.
2.
Enable the Opaque LSA function.
3.
Configure GR on each Switch.
Procedure
Step 1 Configure the basic OSPF functions. See 5.5.1 Example for Configuring Basic OSPF
Functions.
Step 2 Configure the Opaque LSA function.
# Configure SwitchA.
[SwitchA] ospf
[SwitchA-ospf-1] opaque-capability enable
# Configure SwitchB.
[SwitchB] ospf
[SwitchB-ospf-1] opaque-capability enable
Step 3 Configure the OSPF GR feature.
# Configure Switch A.
[SwitchA] ospf
[SwitchA-ospf-1] graceful-restart
# Configure SwitchB.
[SwitchB] ospf
[SwitchB-ospf-1] graceful-restart
Step 4 Verify the configuration.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
506
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
# View the GR status of Switch A.
[SwitchA] display ospf graceful-restart
OSPF Process 1 with Router ID 1.1.1.1
Graceful-restart capability
: enabled
Graceful-restart support
: planned and un-planned, totally
Helper-policy support
: planned and un-planned, strict lsa check
Current GR state
: normal
Graceful-restart period
: 120 seconds
Number of neighbors under helper:
Normal neighbors
: 0
Virtual neighbors
: 0
Sham-link neighbors : 0
Total neighbors
: 0
Number of restarting neighbors : 0
Last exit reason:
On graceful restart : none
On Helper
: none
# Verify the GR feature of Switch A.
[SwitchA] quit
<SwitchA> reset ospf process graceful-restart
# View the neighbor status on SwitchB.
[SwitchB] display ospf peer
OSPF Process 1 with Router ID 1.1.1.2
Neighbors
Area 0.0.0.0 interface 1.1.1.2(Vlanif10)'s neighbors
Router ID: 1.1.1.1
Address: 1.1.1.1
State: Full Mode:Nbr is
Slave Priority: 1
DR: 1.1.1.2 BDR: 1.1.1.1
MTU: 0
Dead timer due in 29 sec
Retrans timer interval: 5
Neighbor is up for 00:01:01
Authentication Sequence: [ 0 ]
GR State: Doing GR
The status of the neighbor is Full.
----End
Configuration Files
l
Configuration file of Switch A
#
sysname SwitchA
#
router id 1.1.1.1
#
vlan batch 10
#
interface Vlanif10
ip address 1.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
ospf 1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
507
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
opaque-capability enable
graceful-restart
area 0.0.0.0
network 1.1.1.0 0.0.0.255
#
return
l
Configuration file of Switch B
#
sysname SwitchB
#
router id 2.2.2.2
#
vlan batch 10
#
interface Vlanif10
ip address 1.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
ospf 1
opaque-capability enable
graceful-restart
area 0.0.0.0
network 1.1.1.0 0.0.0.255
#
return
5.5.7 Example for Configuring OSPF-BGP
Network Requirements
As shown in Figure 5-16, all switches run BGP. An EBGP connection is established between
Switch D and Switch E. IBGP full connections are established between partial switches in AS
10, and OSPF is used as an IGP protocol.
It is required to enable OSPF-BGP linkage on Switch B so that the traffic from Switch A to AS
20 is not interrupted after Switch B restarts.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
508
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
Figure 5-16 Networking diagram for configuring OSPF-BGP linkage
Loopback0
3.3.3.3/32
GE0/0/1
10.1.4.1/30
Loopback0
1.1.1.1/32
GE0/0/2
10.1.2.2/30
GE0/0/2
10.1.2.1/30
SwitchC
GE0/0/1
10.1.4.2/30
SwitchA
Loopback0
4.4.4.4/32
GE0/0/1
10.1.1.1/30
SwitchE
EBGP
SwitchD
GE0/0/2
10.1.3.2/30
SwitchB
GE0/0/1
10.1.1.2/30
GE0/0/3
10.2.1.1/30
GE0/0/1
10.2.1.2/30
Loopback0
5.5.5.5/32
GE0/0/2
10.1.3.1/30
Loopback0
2.2.2.2/32
GE0/0/2
10.3.1.1/30
AS 10
AS 20
Switch
Interface
VLANIF interface
IP address
SwitchA
GigabitEthernet 0/0/1
VLANIF 10
10.1.1.1/30
SwitchA
GigabitEthernet 0/0/2
VLANIF 20
10.1.2.1/30
SwitchB
GigabitEthernet 0/0/1
VLANIF 10
10.1.1.2/30
SwitchB
GigabitEthernet 0/0/2
VLANIF 40
10.1.3.1/30
SwitchC
GigabitEthernet 0/0/2
VLANIF 20
10.1.2.2/30
SwitchC
GigabitEthernet 0/0/1
VLANIF 30
10.1.4.1/30
SwitchD
GigabitEthernet 0/0/1
VLANIF 30
10.1.4.2/30
SwitchD
GigabitEthernet 0/0/2
VLANIF 40
10.1.3.2/30
SwitchD
GigabitEthernet 0/0/3
VLANIF 50
10.2.1.1/30
SwitchE
GigabitEthernet 0/0/1
VLANIF 50
10.2.1.2/30
SwitchE
GigabitEthernet 0/0/2
VLANIF 60
10.3.1.1/30
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable OSPF on Switch A, Switch B, Switch C, and Switch D (except 10.2.1.1/30) and
specify the same area for all OSPF interfaces.
2.
Establish IBGP full connections between Switch A, Switch B, Switch C, and Switch D
(except 10.2.1.1/30).
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
509
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
3.
Set the OSPF cost on Switch C.
4.
Establish the EBGP connection between Switch D and Switch E.
5.
Configure the OSPF process and configure BGP to import directly connected routes on
Switch D.
6.
Configure BGP on Switch E.
Procedure
Step 1 Configure VLANs that interfaces belong to.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 10 20
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] quit
0/0/1
hybrid pvid vlan 10
hybrid untagged vlan 10
0/0/2
hybrid pvid vlan 20
hybrid untagged vlan 20
The configurations of SwitchB, SwitchC, SwitchD, and SwitchE are similar to the configuration
of SwitchA, and are not mentioned here.
Step 2 Assign an IP address to each VLANIF interface and Loopback interface.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 10.1.1.1 30
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ip address 10.1.2.1 30
[SwitchA-Vlanif20] quit
[SwitchA] interface loopback 0
[SwitchA-LoopBack0] ip address 1.1.1.1 32
[SwitchA-LoopBack0] quit
The configurations of SwitchB, SwitchC, SwitchD, and SwitchE are similar to the configuration
of SwitchA, and are not mentioned here.
Step 3 Configure basic OSPF functions.
[SwitchA] router id 1.1.1.1
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0]
[SwitchA-ospf-1-area-0.0.0.0]
[SwitchA-ospf-1-area-0.0.0.0]
[SwitchA-ospf-1-area-0.0.0.0]
[SwitchA-ospf-1] quit
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.1.2.0 0.0.0.3
quit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 4 Configure an IBGP full connection.
# Configure Switch A.
[SwitchA] bgp
[SwitchA-bgp]
[SwitchA-bgp]
[SwitchA-bgp]
[SwitchA-bgp]
[SwitchA-bgp]
Issue 04 (2013-11-06)
10
peer
peer
peer
peer
peer
2.2.2.2
2.2.2.2
3.3.3.3
3.3.3.3
4.4.4.4
as-number 10
connect-interface LoopBack 0
as-number 10
connect-interface LoopBack 0
as-number 10
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
510
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
[SwitchA-bgp] peer 4.4.4.4 connect-interface LoopBack 0
[SwitchA-bgp] quit
# Configure Switch B.
[SwitchB] bgp
[SwitchB-bgp]
[SwitchB-bgp]
[SwitchB-bgp]
[SwitchB-bgp]
[SwitchB-bgp]
[SwitchB-bgp]
[SwitchB-bgp]
10
peer
peer
peer
peer
peer
peer
quit
1.1.1.1
1.1.1.1
3.3.3.3
3.3.3.3
4.4.4.4
4.4.4.4
as-number 10
connect-interface LoopBack 0
as-number 10
connect-interface LoopBack 0
as-number 10
connect-interface LoopBack 0
# Configure Switch C.
[SwitchC] bgp
[SwitchC-bgp]
[SwitchC-bgp]
[SwitchC-bgp]
[SwitchC-bgp]
[SwitchC-bgp]
[SwitchC-bgp]
[SwitchC-bgp]
10
peer
peer
peer
peer
peer
peer
quit
1.1.1.1
1.1.1.1
2.2.2.2
2.2.2.2
4.4.4.4
4.4.4.4
as-number 10
connect-interface LoopBack 0
as-number 10
connect-interface LoopBack 0
as-number 10
connect-interface LoopBack 0
# Configure Switch D.
[SwitchD] bgp
[SwitchD-bgp]
[SwitchD-bgp]
[SwitchD-bgp]
[SwitchD-bgp]
[SwitchD-bgp]
[SwitchD-bgp]
[SwitchD-bgp]
10
peer
peer
peer
peer
peer
peer
quit
1.1.1.1
1.1.1.1
2.2.2.2
2.2.2.2
3.3.3.3
3.3.3.3
as-number 10
connect-interface LoopBack 0
as-number 10
connect-interface LoopBack 0
as-number 10
connect-interface LoopBack 0
Step 5 Configure an EBGP connection.
# Configure Switch D.
[SwitchD] bgp
[SwitchD-bgp]
[SwitchD-bgp]
[SwitchD-bgp]
[SwitchD-bgp]
10
peer 10.2.1.2 as-number 20
import-route direct
import-route ospf 1
quit
# Configure Switch E.
[SwitchE] bgp 20
[SwitchE] router-id 5.5.5.5
[SwitchE-bgp] peer 10.2.1.1 as-number 10
[SwitchE-bgp] ipv4-family unicast
[SwitchE-bgp-af-ipv4] network 10.3.1.0 30
[SwitchE-bgp-af-ipv4] quit
[SwitchE-bgp] quit
Step 6 Set the cost of OSPF on Switch C.
[SwitchC] interface vlanif 20
[SwitchC-Vlanif20] ospf cost 2
[SwitchC-Vlanif20] quit
[SwitchC] interface vlanif 30
[SwitchC-Vlanif30] ospf cost 2
[SwitchC-Vlanif30] quit
NOTE
After the cost of OSPF on Switch C is set to 2, Switch A chooses only Switch B as the intermediate router
to the network segment 10.2.1.0. Switch C becomes the backup router of Switch B.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
511
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
# View the routing table of Switch A. As shown in the routing table, the route to the network
segment 10.3.1.0 can be learned through BGP, and the outgoing interface is Vlanif10.
[SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 14
Routes : 15
Destination/Mask
Proto Pre Cost
Flags NextHop
Interface
1.1.1.1/32 Direct 0
0
D
127.0.0.1
LoopBack0
2.2.2.2/32 OSPF
10
1
D
10.1.1.2
Vlanif10
3.3.3.3/32 OSPF
10
1
D
10.1.2.2
Vlanif20
4.4.4.4/32 OSPF
10
2
D
10.1.1.2
Vlanif10
10.1.1.0/30 Direct 0
0
D
10.1.1.1
Vlanif10
10.1.1.1/32 Direct 0
0
D
127.0.0.1
Vlanif10
10.1.2.0/30 Direct 0
0
D
10.1.2.1
Vlanif20
10.1.2.1/32 Direct 0
0
D
127.0.0.1
Vlanif20
10.1.3.0/30 OSPF
10
2
D
10.1.1.2
Vlanif10
10.1.4.0/30 OSPF
10
3
D
10.1.2.2
Vlanif20
OSPF
10
3
D
10.1.1.2
Vlanif10
10.2.1.0/30 IBGP
255 0
RD
4.4.4.4
Vlanif10
10.3.1.0/30 IBGP
255 0
RD
10.2.1.2
Vlanif10
127.0.0.0/8
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
# View the routing table of Switch B.
[SwitchB] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 14
Routes : 15
Destination/Mask
Proto Pre Cost
Flags NextHop
Interface
1.1.1.1/32 OSPF
10
1
D
10.1.1.1
Vlanif10
2.2.2.2/32 Direct 0
0
D
127.0.0.1
LoopBack0
3.3.3.3/32 OSPF
10
2
D
10.1.1.1
Vlanif10
OSPF
10
2
D
10.1.3.2
Vlanif40
4.4.4.4/32 OSPF
10
1
D
10.1.3.2
Vlanif40
10.1.1.0/30 Direct 0
0
D
10.1.1.2
Vlanif10
10.1.1.2/32 Direct 0
0
D
127.0.0.1
Vlanif10
10.1.2.0/30 OSPF
10
2
D
10.1.1.1
Vlanif10
10.1.3.0/30 Direct 0
0
D
10.1.3.1
Vlanif40
10.1.3.1/32 Direct 0
0
D
127.0.0.1
Vlanif40
10.1.4.0/30 OSPF
10
2
D
10.1.3.2
Vlanif40
10.2.1.0/30 IBGP
255 0
RD
4.4.4.4
Vlanif40
10.3.1.0/30 IBGP
255 0
RD
10.2.1.2
Vlanif40
127.0.0.0/8
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
As shown in the routing table, Switch B learns the route to the network segment 10.3.1.0 through
BGP, and the outgoing interface is Vlanif40. The routes to the network segments 10.1.2.0 and
10.1.4.0 respectively can be learned through OSPF. The costs of the two routes are 2.
Step 7 Enable OSPF-BGP linkage on Switch B.
[SwitchB] ospf 1
[SwitchB-ospf-1] stub-router on-startup
[SwitchB-ospf-1] quit
[SwitchB] quit
Step 8 Verify the configuration.
# Restart Switch B.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
512
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
NOTE
Confirm the action before you use the command because the command leads to the breakdown of the
network in a short time. In addition, when restarting a switch, ensure that the configuration file of the
switch is saved.
<SwitchB> reboot
System will reboot! Continue?[Y/N] y
# View the routing table of Switch A. As shown in the routing table, the route to the network
10.3.1.0 can be learned through BGP, and the outgoing interface is Vlanif20.
[SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 10
Routes : 10
Destination/Mask
Proto Pre Cost
Flags NextHop
Interface
1.1.1.1/32 Direct 0
0
D
127.0.0.1
LoopBack0
3.3.3.3/32 OSPF
10
1
D
10.1.2.2
Vlanif20
4.4.4.4/32 OSPF
10
3
D
10.1.2.2
Vlanif20
10.1.2.0/30 Direct 0
0
D
10.1.2.1
Vlanif20
10.1.2.1/32 Direct 0
0
D
127.0.0.1
Vlanif20
10.1.4.0/30 OSPF
10
3
D
10.1.2.2
Vlanif20
10.2.1.0/30 IBGP
255 0
RD
4.4.4.4
Vlanif20
10.3.1.0/30 IBGP
255 0
RD
10.2.1.2
Vlanif20
127.0.0.0/8
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
# View the routing table of Switch B. As shown in the routing table, only OSPF routes exist in
the routing table temporarily and their costs are equal to or greater than 65535. This is because
IGP route convergence is faster than BGP route convergence.
[SwitchB] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 12
Routes : 12
Destination/Mask
Proto Pre Cost
Flags NextHop
Interface
1.1.1.1/32 OSPF
10
65535
D
10.1.1.1
Vlanif10
2.2.2.2/32 Direct 0
0
D
127.0.0.1
LoopBack0
3.3.3.3/32 OSPF
10
65536
D
10.1.1.1
Vlanif10
4.4.4.4/32 OSPF
10
65538
D
10.1.1.1
Vlanif10
10.1.1.0/30 Direct 0
0
D
10.1.1.2
Vlanif10
10.1.1.2/32 Direct 0
0
D
127.0.0.1
Vlanif10
10.1.2.0/30 OSPF
10
65536
D
10.1.1.1
Vlanif10
10.1.3.0/30 Direct 0
0
D
10.1.3.1
Vlanif40
10.1.3.1/32 Direct 0
0
D
127.0.0.1
Vlanif40
10.1.4.0/30 OSPF
10
65538
D
10.1.1.1
Vlanif10
127.0.0.0/8
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
# View the routing table of Switch B.
[SwitchB] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 14
Routes : 15
Destination/Mask
Proto Pre Cost
Flags NextHop
Interface
1.1.1.1/32 OSPF
10
1
D
10.1.1.1
Vlanif10
2.2.2.2/32 Direct 0
0
D
127.0.0.1
LoopBack0
3.3.3.3/32 OSPF
10
2
D
10.1.1.1
Vlanif10
OSPF
10
2
D
10.1.3.2
Vlanif40
4.4.4.4/32 OSPF
10
1
D
10.1.3.2
Vlanif40
10.1.1.0/30 Direct 0
0
D
10.1.1.2
Vlanif10
10.1.1.2/32 Direct 0
0
D
127.0.0.1
Vlanif10
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
513
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
10.1.2.0/30
10.1.3.0/30
10.1.3.1/32
10.1.4.0/30
10.2.1.0/30
10.3.1.0/30
127.0.0.0/8
127.0.0.1/32
OSPF
Direct
Direct
OSPF
IBGP
IBGP
Direct
Direct
5 IP Routing
10
0
0
10
255
255
0
0
2
0
0
2
0
0
0
0
D
D
D
D
RD
RD
D
D
10.1.1.1
10.1.3.1
127.0.0.1
10.1.3.2
4.4.4.4
10.2.1.2
127.0.0.1
127.0.0.1
Vlanif10
Vlanif40
Vlanif40
Vlanif40
Vlanif40
Vlanif40
InLoopBack0
InLoopBack0
As shown in the routing table, after BGP route convergence on Switch B is complete, the contents
of the routing information are the same as those before the switch restarts.
----End
Configuration Files
l
Configuration file of Switch A
#
sysname SwitchA
#
router id 1.1.1.1
#
vlan batch 10 20
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.252
#
interface Vlanif20
ip address 10.1.2.1 255.255.255.252
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
bgp 10
peer 2.2.2.2 as-number 10
peer 2.2.2.2 connect-interface LoopBack0
peer 3.3.3.3 as-number 10
peer 3.3.3.3 connect-interface LoopBack0
peer 4.4.4.4 as-number 10
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
peer 3.3.3.3 enable
peer 4.4.4.4 enable
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.1.2.0 0.0.0.3
#
return
l
Configuration file of Switch B
#
sysname SwitchB
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
514
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
#
router id 2.2.2.2
#
vlan batch 10 40
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.252
#
interface Vlanif40
ip address 10.1.3.1 255.255.255.252
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
bgp 10
peer 1.1.1.1 as-number 10
peer 1.1.1.1 connect-interface LoopBack0
peer 3.3.3.3 as-number 10
peer 3.3.3.3 connect-interface LoopBack0
peer 4.4.4.4 as-number 10
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 3.3.3.3 enable
peer 4.4.4.4 enable
#
ospf 1
stub-router on-startup
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.3.0 0.0.0.3
network 10.1.1.0 0.0.0.3
#
return
l
Configuration file of Switch C
#
sysname SwitchC
#
router id 3.3.3.3
#
vlan batch 20 30
#
interface Vlanif20
ip address 10.1.2.2 255.255.255.252
ospf cost 2
#
interface Vlanif30
ip address 10.1.4.1 255.255.255.252
ospf cost 2
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
515
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
port hybrid untagged vlan 20
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
bgp 10
peer 1.1.1.1 as-number 10
peer 1.1.1.1 connect-interface LoopBack0
peer 2.2.2.2 as-number 10
peer 2.2.2.2 connect-interface LoopBack0
peer 4.4.4.4 as-number 10
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 2.2.2.2 enable
peer 4.4.4.4 enable
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.1.2.0 0.0.0.3
network 10.1.4.0 0.0.0.3
#
return
l
Configuration file of Switch D
#
sysname SwitchD
#
router id 4.4.4.4
#
vlan batch 30 40 50
#
interface Vlanif30
ip address 10.1.4.2 255.255.255.252
#
interface Vlanif40
ip address 10.1.3.2 255.255.255.252
#
interface Vlanif50
ip address 10.2.1.1 255.255.255.252
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface GigabitEthernet0/0/3
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
bgp 10
peer 1.1.1.1 as-number 10
peer 1.1.1.1 connect-interface LoopBack0
peer 2.2.2.2 as-number 10
peer 2.2.2.2 connect-interface LoopBack0
peer 3.3.3.3 as-number 10
peer 3.3.3.3 connect-interface LoopBack0
peer 10.2.1.2 as-number 20
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
516
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
#
ipv4-family unicast
undo synchronization
import-route direct
import-route ospf 1
peer 1.1.1.1 enable
peer 2.2.2.2 enable
peer 3.3.3.3 enable
peer 10.2.1.2 enable
#
ospf 1
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 10.1.3.0 0.0.0.3
network 10.1.4.0 0.0.0.3
#
return
l
Configuration file of Switch E
#
sysname SwitchE
#
vlan batch 50 60
#
interface Vlanif50
ip address 10.2.1.2 255.255.255.252
#
interface Vlanif60
ip address 10.3.1.1 255.255.255.252
#
interface GigabitEthernet0/0/1
port hybrid untagged vlan 50
port hybrid pvid vlan 50
#
interface GigabitEthernet0/0/2
port hybrid untagged vlan 60
port hybrid pvid vlan 60
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
bgp 20
router-id 5.5.5.5
peer 10.2.1.1 as-number 10
#
ipv4-family unicast
undo synchronization
network 10.3.1.0 255.255.255.252
peer 10.2.1.1 enable
#
return
5.5.8 Example for Configuring OSPF GTSM
Networking Requirements
As shown in Figure 5-17, OSPF is run between switches, and GTSM is enabled on Switch C.
The following are the valid TTL ranges of the packets sent from each switch to Switch C:
l
Issue 04 (2013-11-06)
Switch A and Switch E are the neighboring switches of Switch C. The valid TTL range of
packets is [255, 255].
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
517
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
l
5 IP Routing
The valid TTL ranges of the packets sent from Switch B, Switch D, and Switch F to Switch
C are [254, 255], [253, 255], and [252, 255] respectively.
Figure 5-17 Networking diagram for configuring OSPF GTSM
Switch A
Area0
GE0/0/1
Switch B
GE0/0/1
192.168.0.1/24 192.168.0.2/24
GE0/0/2
192.168.2.1/24
GE0/0/1
192.168.2.2/24
GE0/0/2
192.168.1.1/24
GE0/0/1
192.168.1.2/24
Switch C
Switch D
GE0/0/2
172.17.1.1/24
GE0/0/2
172.17.1.2/24
GE0/0/2
172.16.1.1/24
GE0/0/2
172.16.1.2/24
Switch F
Switch E
Area2
PC
Area1
Switch
Interface
VLANIF interface
IP address
SwitchA
GigabitEthernet0/0/1
VLANIF 10
192.168.0.1/24
SwitchA
GigabitEthernet0/0/2
VLANIF 20
192.168.1.1/24
SwitchB
GigabitEthernet0/0/1
VLANIF 10
192.168.0.2/24
SwitchB
GigabitEthernet0/0/2
VLANIF 30
192.168.2.1/24
SwitchC
GigabitEthernet0/0/1
VLANIF 20
192.168.1.2/24
SwitchC
GigabitEthernet0/0/2
VLANIF 40
172.16.1.1/24
SwitchD
GigabitEthernet0/0/1
VLANIF 30
192.168.2.2/24
SwitchD
GigabitEthernet0/0/2
VLANIF 50
172.17.1.1/24
SwitchE
GigabitEthernet0/0/2
VLANIF 40
172.16.1.2/24
SwitchF
GigabitEthernet0/0/2
VLANIF 50
172.17.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure basic OSPF functions.
2.
Enable GTSM on each switch and specify the valid TTL range of packets.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
518
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
Procedure
Step 1 Configure VLANs that interfaces belong to.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 10 20
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] quit
0/0/1
hybrid pvid vlan 10
hybrid untagged vlan 10
0/0/2
hybrid pvid vlan 20
hybrid untagged vlan 20
The configurations of SwitchB, SwitchC, SwitchD, SwitchE, and SwitchF are similar to the
configuration of SwitchA, and are not mentioned here.
Step 2 Assign an IP address to each VLANIF interface.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 192.168.0.1 24
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ip address 192.168.1.1 24
[SwitchA-Vlanif20] quit
The configurations of SwitchB, SwitchC, SwitchD, SwitchE, and SwitchF are similar to the
configuration of SwitchA, and are not mentioned here.
Step 3 Configure basic OSPF functions. The configuration details see 5.5.1 Example for Configuring
Basic OSPF Functions.
Step 4 Configure OSPF GTSM.
# Configure the valid TTL range of packets from Switch C to other switches as [252, 255].
[SwitchC] ospf valid-ttl-hops 4
# Configure the valid TTL range of packets from Switch A to Switch C as [255, 255].
[SwitchA] ospf valid-ttl-hops 1
# Configure the valid TTL range of packets from Switch B to Switch C as [254, 255].
[SwitchB] ospf valid-ttl-hops 2
# Configure the valid TTL range of packets from Switch D to Switch C as [253, 255].
[SwitchD] ospf valid-ttl-hops 3
# Configure the valid TTL range of packets from Switch E to Switch C as [255, 255].
[SwitchE] ospf valid-ttl-hops 1
# Configure the valid TTL range of packets from Switch F to Switch C as [252, 255].
[SwitchF] ospf valid-ttl-hops 4
Step 5 Verify the configuration.
# Check whether OSPF neighbors between switches are established normally. Take Switch A
as an example. You can view the status of the neighbor relationship is Full, that is, neighbors
are established normally.
[SwitchA] display ospf peer
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
519
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
OSPF Process 1 with Router ID 1.1.1.1
Neighbors
Area 0.0.0.0 interface 192.168.0.1(Vlanif10)'s neighbors
Router ID: 2.2.2.2
Address: 192.168.0.2
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.0.1
BDR: 192.168.0.2
MTU: 0
Dead timer due in 36 sec
Retrans timer interval: 5
Neighbor is up for 00:15:04
Authentication Sequence: [ 0 ]
Neighbors
Area 0.0.0.1 interface 192.168.1.1(Vlanif20)'s neighbors
Router ID: 3.3.3.3
Address: 192.168.1.2
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.1.1
BDR: 192.168.1.2
MTU: 0
Dead timer due in 39 sec
Retrans timer interval: 5
Neighbor is up for 00:07:32
Authentication Sequence: [ 0 ]
# Run the display gtsm statistics all command on Switch C. You can view the GTSM statistics.
If the default action performed on packets is "pass" and all the packets are valid, the number of
dropped packets is 0.
<SwitchC> display gtsm statistics all
GTSM Statistics Table
---------------------------------------------------------------SlotId Protocol Total Counters Drop Counters Pass Counters
---------------------------------------------------------------0
BGP
0
0
0
0
BGPv6
0
0
0
0
OSPF
0
0
0
0
LDP
0
0
0
-------------------------------------------------------------------------------------------------------------------------------
If the host simulates the OSPF packets of Switch A to attack Switch C, the packets are dropped
because the TTL value is not 255 when the packets reach Switch C. In the GTSM statistics of
Switch C, the number of dropped packets also increases.
----End
Configuration Files
l
Configuration file of Switch A
#
sysname SwitchA
#
router id 1.1.1.1
#
vlan batch 10 20
#
interface Vlanif10
ip address 192.168.0.1 255.255.255.0
#
interface Vlanif20
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
520
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
#
ospf valid-ttl-hops 1
#
return
l
Configuration file of Switch B
#
sysname SwitchB
#
router id 2.2.2.2
#
vlan batch 10 30
#
interface Vlanif10
ip address 192.168.0.2 255.255.255.0
#
interface Vlanif30
ip address 192.168.2.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.2
network 192.168.2.0 0.0.0.255
#
ospf valid-ttl-hops 2
#
return
l
Configuration file of Switch C
#
sysname SwitchC
#
router id 3.3.3.3
#
vlan batch 20 40
#
interface Vlanif20
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
ospf 1
area 0.0.0.1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
521
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
network 192.168.1.0 0.0.0.255
network 172.16.1.0 0.0.0.255
#
ospf valid-ttl-hops 4
#
return
l
Configuration file of Switch D
#
sysname SwitchD
#
router id 4.4.4.4
#
vlan batch 30 50
#
interface Vlanif30
ip address 192.168.2.2 255.255.255.0
#
interface Vlanif50
ip address 172.17.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
ospf 1
area 0.0.0.2
network 192.168.2.0 0.0.0.255
network 172.17.1.0 0.0.0.255
#
ospf valid-ttl-hops 3
#
return
l
Configuration file of Switch E
#
sysname SwitchE
#
router id 5.5.5.5
#
vlan batch 40
#
interface Vlanif40
ip address 172.16.1.2 255.255.255.0
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
ospf 1
area 0.0.0.1
network 172.16.1.0 0.0.0.255
#
ospf valid-ttl-hops 1
#
return
l
Configuration file of Switch F
#
sysname SwitchF
#
router id 6.6.6.6
#
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
522
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
vlan batch 50
#
interface Vlanif50
ip address 172.17.1.2 255.255.255.0
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
ospf 1
area 0.0.0.2
network 172.17.1.0 0.0.0.255
#
ospf valid-ttl-hops 4
#
return
5.5.9 Example for Configuring BFD for OSPF
Networking Requirements
As shown in Figure 5-18, the networking requirements are as follows:
l
Switch A, Switch B, and Switch C run OSPF.
l
BFD for OSPF is enabled on Switch A, Switch B, and Switch C.
l
Service traffic is transmitted on the main link Switch A→Switch B. Link Switch A→Switch
C→Switch B is a backup link.
l
BFD is configured on the interfaces between Switch A and Switch B. When a fault occurs
on the link between the Switch s, BFD can quickly detect the fault and notify OSPF of the
fault. Then, the service flow is transmitted on the backup link.
Figure 5-18 Networking diagram for configuring BFD for OSPF
SwitchA
GE0/0/1
GE0/0/1
SwitchB
GE0/0/3
GE0/0/2
GE0/0/2
GE0/0/1
GE0/0/1
GE0/0/2
SwitchC
Switch
Interface
VLANIF interface
IP address
Switch A
GigabitEthernet0/0/1
VLANIF 10
1.1.1.1/24
Switch A
GigabitEthernet0/0/2
VLANIF 20
3.3.3.1/24
Switch B
GigabitEthernet0/0/1
VLANIF 30
2.2.2.2/24
Switch B
GigabitEthernet0/0/2
VLANIF 20
3.3.3.2/24
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
523
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
Switch B
GigabitEthernet0/0/3
VLANIF 40
172.16.1.1/24
Switch C
GigabitEthernet0/0/1
VLANIF 10
1.1.1.2/24
Switch C
GigabitEthernet0/0/2
VLANIF 30
2.2.2.1/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the basic OSPF functions on the Switch s.
2.
Enable the BFD feature globally.
3.
Enable BFD for OSPF on Switch A and Switch B.
Procedure
Step 1 Create VLANs and add corresponding interfaces to the VLANs.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] vlan 20
[SwitchA-vlan20] quit
[SwitchA] interface GigabitEthernet
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface GigabitEthernet
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] port
[SwitchA-GigabitEthernet0/0/2] quit
0/0/1
hybrid pvid vlan 10
hybrid untagged vlan 10
0/0/2
hybrid pvid vlan 20
hybrid untagged vlan 20
The configurations of Switch B and Switch C are similar to the configuration of Switch A, and
are not mentioned here.
Step 2 Assign an IP address to each VLANIF interface.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 1.1.1.1 24
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ip address 3.3.3.1 24
[SwitchA-Vlanif20] quit
The configurations of Switch B and Switch C are similar to the configuration of Switch A, and
are not mentioned here.
Step 3 Configure the basic OSPF functions. See 5.5.1 Example for Configuring Basic OSPF
Functions.
Step 4 Configure BFD for OSPF.
# Enable BFD globally on Switch A.
[SwitchA] bfd
[SwitchA-bfd] quit
[SwitchA] ospf
[SwitchA-ospf-1] bfd all-interfaces enable
[SwitchA-ospf-1] quit
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
524
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
# Enable BFD globally on Switch B.
[SwitchB] bfd
[SwitchB-bfd] quit
[SwitchB] ospf
[SwitchB-ospf-1] bfd all-interfaces enable
[SwitchB-ospf-1] quit
# Enable BFD globally on Switch C.
[SwitchC] bfd
[SwitchC-bfd] quit
[SwitchC] ospf
[SwitchC-ospf-1] bfd all-interfaces enable
[SwitchC-ospf-1] quit
# Run the display ospf bfd session all command on Switch A or Switch B. You can see that the
BFD state is Up.
Take Switch A for example. The display is as follows:
[SwitchA] display ospf bfd session all
OSPF Process 1 with Router ID 1.1.1.1
Area 0.0.0.0 interface 3.3.3.1(Vlanif20)'s BFD Sessions
NeighborId:2.2.2.2
BFDState:up
Multiplier:3
RemoteIpAdd:3.3.3.2
AreaId:0.0.0.0
Interface:Vlanif20
rx
:1000
tx
:1000
BFD Local Dis:8195
LocalIpAdd:3.3.3.1
Diagnostic Info:No diagnostic information
Area 0.0.0.0 interface 1.1.1.1(Vlanif10)'s BFD Sessions
NeighborId:3.3.3.3
BFDState:up
Multiplier:3
RemoteIpAdd:1.1.1.2
AreaId:0.0.0.0
Interface:Vlanif10
rx
:1000
tx
:1000
BFD Local Dis:8194
LocalIpAdd1:1.1.1.1
Diagnostic Info:No diagnostic information
Step 5 Configure the BFD feature of interfaces.
# Configure BFD on VLANIF 20 of Switch A, set the minimum interval for sending the packets
and the minimum interval for receiving the packets to 100 ms, and set the local detection time
multiplier to 4.
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ospf bfd enable
[SwitchA-Vlanif20] ospf bfd min-tx-interval 100 min-rx-interval 100 detectmultiplier 4
[SwitchA-Vlanif20] quit
# Configure BFD on VLANIF20 of Switch B and set the minimum interval for sending the
packets and the minimum interval for receiving the packets to 100 ms and the local detection
time multiplier to 4.
[SwitchB] bfd
[SwitchB-bfd] quit
[SwitchB] interface vlanif 20
[SwitchB-Vlanif20] ospf bfd enable
[SwitchB-Vlanif20] ospf bfd min-tx-interval 100 min-rx-interval 100 detectmultiplier 4
[SwitchB-Vlanif20] quit
# Run the display ospf bfd session all command on Switch A or Switch B. You can see that the
BFD state is Up.
Take Switch B for example. The display is as follows:
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
525
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
[SwitchB] display ospf bfd session all
OSPF Process 1 with Router ID 2.2.2.2
Area 0.0.0.0 interface 3.3.3.2(Vlanif20)'s BFD Sessions
NeighborId:1.1.1.1
BFDState:up
Multiplier:4
RemoteIpAdd:3.3.3.1
AreaId:0.0.0.0
Interface: Vlanif20
rx
:100
tx
:100
BFD Local Dis:8198
LocalIpAdd:3.3.3.2
Diagnostic Info:No diagnostic information
Area 0.0.0.0 interface 2.2.2.2(Vlanif30)'s BFD Sessions
NeighborId:3.3.3.3
BFDState:up
Multiplier:3
RemoteIpAdd:2.2.2.1
AreaId:0.0.0.0
Interface: Vlanif30
rx
:1000
tx
:1000
BFD Local Dis:8199
LocalIpAdd:2.2.2.2
Diagnostic Info:No diagnostic information
Step 6 Verify the configuration.
# Run the shutdown command on VLANIF 20 of Switch B to simulate a link fault.
[SwitchB] interface vlanif 20
[SwitchB-Vlanif20] shutdown
# View the routing table of Switch A.
<SwitchA> display ospf routing
OSPF Process 1 with Router ID 1.1.1.1
Routing Tables
Routing for Network
Destination
Cost
172.16.1.1/24
3
3.3.3.0/24
1
2.2.2.0/24
2
1.1.1.0/24
1
Total Nets: 4
Intra Area: 4
Type
Stub
Stub
Transit
Transit
Inter Area: 0
NextHop
1.1.1.2
3.3.3.1
1.1.1.2
1.1.1.1
ASE: 0
AdvRouter
2.2.2.2
1.1.1.1
3.3.3.3
1.1.1.1
Area
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
NSSA: 0
As shown in the OSPF routing table, the backup link Switch A→Switch C→Switch B takes
effect after the main link fails. The next hop address of the route to 172.16.1.0/24 becomes
1.1.1.2.
----End
Configuration Files
l
Configuration file of Switch A
#
sysname SwitchA
#
router id 1.1.1.1
#
vlan batch 10 20
#
bfd
#
interface Vlanif10
ip address 1.1.1.1 255.255.255.0
#
interface Vlanif20
ip address 3.3.3.1 255.255.255.0
ospf bfd enable
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
526
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
ospf bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
ospf 1
bfd all-interface enable
area 0.0.0.0
network 3.3.3.0 0.0.0.255
network 1.1.1.0 0.0.0.255
#
return
l
Configuration file of Switch B
#
sysname SwitchB
#
router id 2.2.2.2
#
vlan batch 20 30 40
#
bfd
#
interface Vlanif20
ip address 3.3.3.2 255.255.255.0
ospf bfd enable
ospf bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4
#
interface Vlanif30
ip address 2.2.2.2 255.255.255.0
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface GigabitEthernet0/0/3
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
ospf 1
bfd all-interface enable
area 0.0.0.0
network 3.3.3.0 0.0.0.255
network 2.2.2.0 0.0.0.255
network 172.16.1.0 0.0.0.255
#
return
l
Configuration file of Switch C
#
sysname SwitchC
#
router id 3.3.3.3
#
vlan batch 10 30
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
527
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
#
bfd
#
interface Vlanif10
ip address 1.1.1.2 255.255.255.0
#
interface Vlanif30
ip address 2.2.2.1 255.255.255.0
ospf bfd enable
ospf bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
ospf 1
bfd all-interface enable
area 0.0.0.0
network 1.1.1.0 0.0.0.255
network 2.2.2.0 0.0.0.255
#
return
5.6 OSPFv3 Configuration
By building Open Shortest Path First Version 3 (OSPFv3) networks, you can enable OSPFv3
to discover and calculate routes in ASs. OSPFv3 is applicable to a large-scale network that
consists of hundreds of switches.
5.6.1 Example for Configuring OSPFv3 Areas
Networking Requirements
As shown in Figure 5-19, OSPFv3 is enabled on all Switches and the AS is divided into three
areas. SwitchB and SwitchC serve as ABRs to forward the inter-area routes.
You need to configure Area 2 as a stub area. The LSAs advertised to this area can thus be reduced,
without affecting the reachability of routes.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
528
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
Figure 5-19 Networking diagram for configuring an OSPFv3 area
Area 0
SwitchB
VLANIF30
1000::1/64
GE0/0/1
VLANIF20
1001::1/64
SwitchC
VLANIF30
1000::2/64
GE0/0/2
GE0/0/2
GE0/0/1
VLANIF20
1001::2/64
GE0/0/1
VLANIF40
1002::1/64
GE0/0/2
VLANIF40
1002::2/64
SwitchA
SwitchD
GE0/0/3
VLANIF10
2000::1/64
Area 2
Stub
Area 1
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure IPv6 addresses for interfaces.
2.
Enable the basic OSPFv3 functions on each Switch.
3.
Configure Area 2 as a stub area by running the stub command on all the Switches in Area
2 and check the OSPFv3 routing table of SwitchD.
4.
Configure the Area 2 as a totally stub area and check the OSPFv3 routing table of
SwitchD.
Procedure
Step 1 Add interfaces to VLANs.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/3] port
[SwitchA-GigabitEthernet0/0/3] port
[SwitchA-GigabitEthernet0/0/3] quit
[SwitchA] vlan 20
[SwitchA-vlan20] quit
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] port
[SwitchA-GigabitEthernet0/0/1] quit
0/0/3
link-type trunk
trunk allow-pass vlan 10
0/0/1
link-type trunk
trunk allow-pass vlan 20
The configurations of SwitchB, SwitchC, SwitchD are similar to the configuration of SwitchA
and are not mentioned here.
Step 2 Assign IPv6 addresses to the VLANIF interfaces.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
529
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
[SwitchA] ipv6
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ipv6 enable
[SwitchA-Vlanif10] ipv6 address 2000::1/64
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ipv6 enable
[SwitchA-Vlanif20] ipv6 address 1001::2/64
[SwitchA-Vlanif20] quit
The configurations of SwitchB, SwitchC, SwitchD are similar to the configuration of SwitchA
and are not mentioned here.
Step 3 Configure the basic OSPFv3 functions.
# Configure SwitchA.
[SwitchA] ospfv3
[SwitchA-ospfv3-1] router-id 1.1.1.1
[SwitchA-ospfv3-1] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ospfv3 1 area 1
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ospfv3 1 area 1
[SwitchA-Vlanif20] quit
# Configure SwitchB.
[SwitchB] ospfv3
[SwitchB-ospfv3-1] router-id 2.2.2.2
[SwitchB-ospfv3-1] quit
[SwitchB] interface vlanif 20
[SwitchB-Vlanif20] ospfv3 1 area 1
[SwitchB-Vlanif20] quit
[SwitchB] interface vlanif 30
[SwitchB-Vlanif30] ospfv3 1 area 0
[SwitchB-Vlanif30] quit
# Configure SwitchC.
[SwitchC] ospfv3
[SwitchC-ospfv3-1] router-id 3.3.3.3
[SwitchC-ospfv3-1] quit
[SwitchC] interface vlanif 30
[SwitchC-Vlanif30] ospfv3 1 area 0
[SwitchC-Vlanif30] quit
[SwitchC] interface vlanif 40
[SwitchC-Vlanif40] ospfv3 1 area 2
[SwitchC-Vlanif40] quit
# Configure SwitchD.
[SwitchD] ospfv3
[SwitchD-ospfv3-1] router-id 4.4.4.4
[SwitchD-ospfv3-1] quit
[SwitchD] interface vlanif 40
[SwitchD-Vlanif40] ospfv3 1 area 2
[SwitchD-Vlanif40] quit
# View the status of the OSPFv3 neighbors of SwitchB.
[SwitchB] display ospfv3 peer
OSPFv3 Process (1)
OSPFv3 Area (0.0.0.1)
Neighbor ID
Pri
State
Issue 04 (2013-11-06)
Dead Time
Interface
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Instance ID
530
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
1.1.1.1
1
Full/DR
OSPFv3 Area (0.0.0.0)
Neighbor ID
Pri
State
3.3.3.3
1
Full/Backup
5 IP Routing
00:00:34
Vlanif20
0
Dead Time
00:00:32
Interface
Vlanif30
Instance ID
0
# View the status of the OSPFv3 neighbors of SwitchC.
[SwitchC] display ospfv3 peer
OSPFv3 Process (1)
Area (0.0.0.0)
Neighbor ID
Pri
2.2.2.2
1
OSPFv3 Area (0.0.0.2)
Neighbor ID
Pri
4.4.4.4
1
State
Full/DR
Dead Time
00:00:37
Interface
Vlanif30
Instance ID
0
State
Full/Backup
Dead Time
00:00:33
Interface
Vlanif40
Instance ID
0
# View the OSPFv3 routing table of SwitchD.
[SwitchD] display ospfv3 routing
Codes : E2 - Type 2 External, E1 - Type 1 External, IA - Inter-Area,
N - NSSA, U - Uninstalled
OSPFv3 Process (1)
Destination
Metric
Next-hop
IA 1000::/64
2
via FE80::1572:0:5EF4:1, Vlanif40
IA 1001::/64
3
via FE80::1572:0:5EF4:1, Vlanif40
1002::/64
1
directly-connected, Vlanif40
IA 2000::/64
4
via FE80::1572:0:5EF4:1, Vlanif40
Step 4 Configure the stub areas.
# Configure the stub area of SwitchD.
[SwitchD] ospfv3
[SwitchD-ospfv3-1] area 2
[SwitchD-ospfv3-1-area-0.0.0.2] stub
[SwitchD-ospfv3-1-area-0.0.0.2] quit
# Configure the stub area of SwitchC, and set the cost of the default route advertised to the stub
area to 10.
[SwitchC] ospfv3
[SwitchC-ospfv3-1] area 2
[SwitchC-ospfv3-1-area-0.0.0.2] stub
[SwitchC-ospfv3-1-area-0.0.0.2] default-cost 10
[SwitchC-ospfv3-1-area-0.0.0.2] quit
# View the OSPFv3 routing table of SwitchD, and you can see a new default route in the routing
table. The cost of the default route is the sum of the cost of the directly connected routes and the
configured cost.
[SwitchD] display ospfv3 routing
Codes : E2 - Type 2 External, E1 - Type 1 External, IA - Inter-Area,
N - NSSA, U - Uninstalled
OSPFv3 Process (1)
Destination
Metric
Next-hop
IA ::/0
11
via FE80::1572:0:5EF4:1, vlanif40
IA 1000::/64
2
via FE80::1572:0:5EF4:1, vlanif40
IA 1001::/64
3
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
531
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
via FE80::1572:0:5EF4:1, vlanif40
1002::/64
directly-connected, vlanif40
IA 2000::/64
via FE80::1572:0:5EF4:1, vlanif40
5 IP Routing
1
4
Step 5 Configure the totally sub area.
# On SwitchC, configure Area 2 as the totally stub area.
[SwitchC] ospfv3
[SwitchC-ospfv3-1] area 2
[SwitchC-ospfv3-1-area-0.0.0.2] stub no-summary
[SwitchC-ospfv3-1-area-0.0.0.2] quit
Step 6 Verify the configuration.
# View the OSPFv3 routing table of SwitchD, and you can see that the entries in the routing
table are reduced; other non-directly connected routes are suppressed; only the default route is
reserved.
[SwitchD] display ospfv3 routing
Codes : E2 - Type 2 External, E1 - Type 1 External, IA - Inter-Area,
N - NSSA, U - Uninstalled
OSPFv3 Process (1)
Destination
Metric
Next-hop
IA ::/0
11
via FE80::1572:0:5EF4:1, vlanif40
1002::/64
1
directly-connected, vlanif40
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
ipv6
#
vlan batch 10 20
#
interface Vlanif10
ipv6 enable
ipv6 address 2000::1/64
ospfv3 1 area 0.0.0.1
#
interface Vlanif20
ipv6 enable
ipv6 address 1001::2/64
ospfv3 1 area 0.0.0.1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10
#
ospfv3 1
router-id 1.1.1.1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
532
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
ipv6
#
vlan batch 20 30
#
interface Vlanif20
ipv6 enable
ipv6 address 1001::1/64
ospfv3 1 area 0.0.0.1
#
interface Vlanif30
ipv6 enable
ipv6 address 1000::1/64
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
ospfv3 1
router-id 2.2.2.2
#
return
l
Configuration file of SwitchC
#
sysname SwitchC
#
ipv6
#
vlan batch 30 40
#
interface Vlanif30
ipv6 enable
ipv6 address 1000::2/64
ospfv3 1 area 0.0.0.0
#
interface Vlanif40
ipv6 enable
ipv6 address 1002::1/64
ospfv3 1 area 0.0.0.2
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 40
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
ospfv3 1
router-id 3.3.3.3
area 0.0.0.2
stub no-summary
default-cost 10
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
533
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
l
5 IP Routing
Configuration file of SwitchD
#
sysname SwitchD
#
ipv6
#
vlan batch 40
#
interface Vlanif40
ipv6 enable
ipv6 address 1002::2/64
ospfv3 1 area 0.0.0.2
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
ospfv3 1
router-id 4.4.4.4
area 0.0.0.2
stub
#
return
5.6.2 Example for Configuring DR Election Through OSPFv3
Networking Requirements
As shown in Figure 5-20, the priority of SwitchA is 100, which is the highest priority on the
network; therefore, SwitchA is elected as the DR. SwitchC, which has the second highest
priority, is elected as the BDR. The priority of SwitchB is 0, which means that it cannot become
the DR. SwitchD is not configured with a priority, that is, SwitchD uses the default priority,
namely, 1.
Figure 5-20 Networking diagram for configuring DR election through OSPFv3
SwitchB
SwitchA
GE0/0/1
VLANIF10
1001::1/64
GE0/0/1
VLANIF10
1001::2/64
GE0/0/1
VLANIF10
1001::3/64
SwitchC
GE0/0/1
VLANIF10
1001::4/64
SwitchD
Configuration Roadmap
The configuration roadmap is as follows:
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
534
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
1.
Configure IPv6 addresses for interfaces.
2.
Configure the router ID of each Switch, enable OSPFv3, and specify the network segments.
3.
Check the DR/BDR status of each Switch when the default priority is used.
4.
Set the DR priority of the interface on each Switch and check whether the Switch becomes
the DR or BDR.
Procedure
Step 1 Add interfaces to VLANs.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
The configurations of SwitchB, SwitchC, SwitchD are similar to the configuration of SwitchA
and are not mentioned here.
Step 2 Assign IPv6 addresses to the VLANIF interfaces.
[SwitchA] ipv6
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ipv6 enable
[SwitchA-Vlanif10] ipv6 address 1001::1/64
[SwitchA-Vlanif10] quit
The configurations of SwitchB, SwitchC, SwitchD are similar to the configuration of SwitchA
and are not mentioned here.
Step 3 Configure the basic OSPFv3 functions.
# On SwitchA, enable OSPFv3 and set the router ID to 1.1.1.1.
[SwitchA] ospfv3
[SwitchA-ospfv3-1] router-id 1.1.1.1
[SwitchA-ospfv3-1] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ospfv3 1 area 0
[SwitchA-Vlanif10] quit
# On SwitchB, enable OSPFv3 and set the router ID to 2.2.2.2.
[SwitchB] ospfv3
[SwitchB-ospfv3-1] router-id 2.2.2.2
[SwitchB-ospfv3-1] quit
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ospfv3 1 area 0
[SwitchB-Vlanif10] quit
# On SwitchC, enable OSPFv3 and set the router ID to 3.3.3.3.
[SwitchC] ospfv3
[SwitchC-ospfv3-1] router-id 3.3.3.3
[SwitchC-ospfv3-1] quit
[SwitchC] interface vlanif 10
[SwitchC-Vlanif10] ospfv3 1 area 0
[SwitchC-Vlanif10] quit
# On SwitchD, enable OSPFv3 and set the router ID to 4.4.4.4.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
535
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
[SwitchD] ospfv3
[SwitchD-ospfv3-1] router-id 4.4.4.4
[SwitchD-ospfv3-1] quit
[SwitchD] interface vlanif 10
[SwitchD-Vlanif10] ospfv3 1 area 0
[SwitchD-Vlanif10] quit
Check the neighbors of SwitchA. You can view the DR priority and the neighbor status. By
default, the DR priority is 1. Now SwitchD functions as the DR and SwitchC functions as the
BDR.
NOTE
When the priorities of two Switches are the same, the Switch that has a greater router ID is elected as the
DR. If the VLANIF interface of an Switch becomes the DR, the other broadcast interfaces of this Switch
have a high priority in the future DR election. That is, the Switch still functions as the DR. The DR cannot
be preempted.
[SwitchA] display ospfv3 peer
OSPFv3 Process (1)
OSPFv3 Area (0.0.0.0)
Neighbor ID
Pri
2.2.2.2
1
3.3.3.3
1
4.4.4.4
1
State
2-Way/DROther
Full/Backup
Full/DR
Dead Time
00:00:32
00:00:36
00:00:38
Interface
Vlanif10
Vlanif10
Vlanif10
Instance ID
0
0
0
# View the neighbors of SwitchD, and you can see that the status of the neighbor relationship
between SwitchD and other devices is Full.
[SwitchD] display ospfv3 peer
OSPFv3 Process (1)
OSPFv3 Area (0.0.0.0)
Neighbor ID
Pri
1.1.1.1
1
2.2.2.2
1
3.3.3.3
1
State
Full/DROther
Full/DROther
Full/Backup
Dead Time
00:00:32
00:00:35
00:00:30
Interface
Vlanif10
Vlanif10
Vlanif10
Instance ID
0
0
0
Step 4 Configure the DR priorities of interfaces.
# Configure the DR priority of SwitchA to 100.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ospfv3 dr-priority 100
[SwitchA-Vlanif10] quit
# Configure the DR priority of SwitchB to 0.
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ospfv3 dr-priority 0
[SwitchB-Vlanif10] quit
# Configure the DR priority of SwitchC to 2.
[SwitchC] interface vlanif 10
[SwitchC-Vlanif10] ospfv3 dr-priority 2
[SwitchC-Vlanif10] quit
# View the neighbors of SwitchA, and you can see that the other DR priority is updated but the
DR and BDR are unchanged.
[SwitchA] display ospfv3 peer
OSPFv3 Process (1)
OSPFv3 Area (0.0.0.0)
Neighbor ID
Pri
State
Issue 04 (2013-11-06)
Dead Time
Interface
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Instance ID
536
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
2.2.2.2
3.3.3.3
4.4.4.4
0
2
1
2-Way/DROther
Full/Backup
Full/DR
5 IP Routing
00:00:34
00:00:38
00:00:31
Vlanif10
Vlanif10
Vlanif10
0
0
0
# View the neighbors of SwitchD, and you can see that the other DR priority is updated.
[SwitchD] display ospfv3 peer
OSPFv3 Process (1)
OSPFv3 Area (0.0.0.0)
Neighbor ID
Pri
1.1.1.1
100
2.2.2.2
0
3.3.3.3
2
State
Full/DROther
Full/DROther
Full/Backup
Dead Time
00:00:36
00:00:30
00:00:36
Interface
Vlanif10
Vlanif10
Vlanif10
Instance ID
0
0
0
Step 5 Perform DR/BDR election again.
# Restart all Switches (or run the shutdown and undo shutdown commands on the VLANIF
interface that establishes the OSPFv3 neighbor relationship) to re-elect the DR and BDR.
Step 6 Verify the configuration.
# View the neighbors of SwitchA, and you can see that SwitchC is the BDR.
[SwitchA] display ospfv3 peer
OSPFv3 Process (1)
OSPFv3 Area (0.0.0.0)
Neighbor ID
Pri
2.2.2.2
0
3.3.3.3
2
4.4.4.4
1
State
Full/DROther
Full/Backup
Full/DROther
Dead Time
00:00:31
00:00:36
00:00:39
Interface
Vlanif10
Vlanif10
Vlanif10
Instance ID
0
0
0
# View the neighbors of SwitchD, and you can see that SwitchA is the DR.
[SwitchD] display ospfv3 peer
OSPFv3 Process (1)
OSPFv3 Area (0.0.0.0)
Neighbor ID
Pri
1.1.1.1
100
2.2.2.2
0
3.3.3.3
2
State
Full/DR
2-Way/DROther
Full/Backup
Dead Time
00:00:39
00:00:35
00:00:39
Interface
Vlanif10
Vlanif10
Vlanif10
Instance ID
0
0
0
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
ipv6
#
vlan batch 10
#
interface Vlanif10
ipv6 enable
ipv6 address 1001::1/64
ospfv3 1 area 0.0.0.0
ospfv3 dr-priority 100
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
537
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
ospfv3 1
router-id 1.1.1.1
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
ipv6
#
vlan batch 10
#
interface Vlanif10
ipv6 enable
ipv6 address 1001::2/64
ospfv3 1 area 0.0.0.0
ospfv3 dr-priority 0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
ospfv3 1
router-id 2.2.2.2
#
return
l
Configuration file of SwitchC
#
sysname SwitchC
#
ipv6
#
vlan batch 10
#
interface Vlanif10
ipv6 enable
ipv6 address 1001::3/64
ospfv3 1 area 0.0.0.0
ospfv3 dr-priority 2
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
ospfv3 1
router-id 3.3.3.3
#
return
l
Configuration file of SwitchD
#
sysname SwitchD
#
ipv6
#
vlan batch 10
#
interface Vlanif10
ipv6 enable
ipv6 address 1001::4/64
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
538
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
#
ospfv3 1
router-id 4.4.4.4
#
return
5.6.3 Example for Configuring the OSPFv3 Virtual Link
Networking Requirements
As shown in Figure 5-21, OSPFv3 is enabled on all Switches and the AS is divided into three
areas. SwitchB and SwitchC serve as ABRs to forward the inter-area routes. Area 2 is not directly
connected to the backbone area, Area 0. Area 1 is the area between Area 0 and Area 2.
You need to configure a virtual link in Area 1 where SwitchB and SwitchC are located so that
SwitchA and SwitchD can communicate with each other.
Figure 5-21 Networking diagram for configuring OSPFv3 virtual links
Area 2
Area 1
VLANIF10
1001::2/64
GE0/0/1
GE0/0/1
VLANIF10
1001::1/64
SwitchA
Area 0
VLANIF30
1002::2/64
GE0/0/2
VLANIF20
1000::2/64
GE0/0/2
GE0/0/1
VLANIF30
1002::1/64
GE0/0/2
VLANIF20
1000::1/64
SwitchB
SwitchC
SwitchD
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure IPv6 addresses for interfaces.
2.
Enable the basic OSPFv3 functions on each Switch.
3.
Configure a virtual link between SwitchB and SwitchC to connect the non-backbone areas
to the backbone area.
Procedure
Step 1 Add interfaces to VLANs.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 10
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
539
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
The configurations of SwitchB, SwitchC, SwitchD are similar to the configuration of SwitchA
and are not mentioned here.
Step 2 Assign IPv6 addresses to the VLANIF interfaces.
[SwitchA] ipv6
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ipv6 enable
[SwitchA-Vlanif10] ipv6 address 1001::2/64
[SwitchA-Vlanif10] quit
The configurations of SwitchB, SwitchC, SwitchD are similar to the configuration of SwitchA
and are not mentioned here.
Step 3 Configure the basic OSPFv3 functions.
# On SwitchA, enable OSPFv3 and set the router ID to 1.1.1.1.
[SwitchA] ospfv3
[SwitchA-ospfv3-1] router-id 1.1.1.1
[SwitchA-ospfv3-1] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ospfv3 1 area 2
[SwitchA-Vlanif10] quit
# On SwitchB, enable OSPFv3 and set the router ID to 2.2.2.2.
[SwitchB] ospfv3
[SwitchB-ospfv3-1] router-id 2.2.2.2
[SwitchB-ospfv3-1] quit
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ospfv3 1 area 2
[SwitchB-Vlanif10] quit
[SwitchB] interface vlanif 20
[SwitchB-Vlanif20] ospfv3 1 area 1
[SwitchB-Vlanif20] quit
# On SwitchC, enable OSPFv3 and set the router ID to 3.3.3.3.
[SwitchC] ospfv3
[SwitchC-ospfv3-1] router-id 3.3.3.3
[SwitchC-ospfv3-1] quit
[SwitchC] interface vlanif 20
[SwitchC-Vlanif20] ospfv3 1 area 1
[SwitchC-Vlanif20] quit
[SwitchC] interface vlanif 30
[SwitchC-Vlanif30] ospfv3 1 area 0
[SwitchC-Vlanif30] quit
# On SwitchD, enable OSPFv3 and set the router ID to 4.4.4.4.
[SwitchD] ospfv3
[SwitchD-ospfv3-1] router-id 4.4.4.4
[SwitchD-ospfv3-1] quit
[SwitchD] interface vlanif 30
[SwitchD-Vlanif30] ospfv3 1 area 0
[SwitchD-Vlanif30] quit
# View the OSPFv3 routing table of SwitchC, and you can see that the routing table of
SwitchC does not contain the routes of Area 2 because Area 2 is not directly connected to Area
0.
[SwitchC] display ospfv3 routing
Codes : E2 - Type 2 External, E1 - Type 1 External, IA - Inter-Area,
N - NSSA, U - Uninstalled
OSPFv3 Process (1)
Destination
Metric
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
540
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
Next-hop
1000::/64
directly connected, Vlanif20
1002::/64
directly connected, Vlanif30
5 IP Routing
1
1
Step 4 Configure a vritual link in Area 1 where SwitchB and SwitchC are located.
# Configure SwitchB.
[SwitchB] ospfv3
[SwitchB-ospfv3-1] area 1
[SwitchB-ospfv3-1-area-0.0.0.1] vlink-peer 3.3.3.3
[SwitchB-ospfv3-1-area-0.0.0.1] return
# Configure SwitchC.
[SwitchC] ospfv3
[SwitchC-ospfv3-1] area 1
[SwitchC-ospfv3-1-area-0.0.0.1] vlink-peer 2.2.2.2
[SwitchC-ospfv3-1-area-0.0.0.1] return
Step 5 Verify the configuration.
# Check the OSPFv3 routing table of SwitchC.
<SwitchC> display ospfv3 routing
Codes : E2 - Type 2 External, E1 - Type 1 External, IA - Inter-Area,
N - NSSA, U - Uninstalled
OSPFv3 Process (1)
Destination
Metric
Next-hop
1000::/64
1
directly connected, Vlanif20
1000::1/128
1
via FE80::4D67:0:EB7D:2, Vlanif20
1000::2/128
0
directly connected, Vlanif20
IA 1001::/64
2
via FE80::4D67:0:EB7D:2, Vlanif20
1002::/64
1
directly connected, Vlanif30
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
ipv6
#
vlan batch 10
#
interface Vlanif10
ipv6 enable
ipv6 address 1001::2/64
ospfv3 1 area 0.0.0.2
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
ospfv3 1
router-id 1.1.1.1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
541
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
ipv6
#
vlan batch 10 20
#
interface Vlanif10
ipv6 enable
ipv6 address 1001::1/64
ospfv3 1 area 0.0.0.2
#
interface Vlanif20
ipv6 enable
ipv6 address 1000::1/64
ospfv3 1 area 0.0.0.1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
ospfv3 1
router-id 2.2.2.2
area 0.0.0.1
vlink-peer 3.3.3.3
#
return
l
Configuration file of SwitchC
#
sysname SwitchC
#
ipv6
#
vlan batch 20 30
#
interface Vlanif20
ipv6 enable
ipv6 address 1000::2/64
ospfv3 1 area 0.0.0.1
#
interface Vlanif30
ipv6 enable
ipv6 address 1002::1/64
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
ospfv3 1
router-id 3.3.3.3
area 0.0.0.1
vlink-peer 2.2.2.2
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
542
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
#
return
l
Configuration file of SwitchD
#
sysname SwitchD
#
ipv6
#
vlan batch 30
#
interface Vlanif30
ipv6 enable
ipv6 address 1002::2/64
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
ospfv3 1
router-id 4.4.4.4
#
return
5.6.4 Example for Configuring OSPFv3 GR
Networking Requirements
As shown in Figure 5-22, SwitchA, SwitchB, and SwitchC belong to the same OSPFv3 area.
They communicate with each other through the OSPFv3 protocol and are enabled with GR.
When OSPFv3 adjacencies are established between SwitchA, SwitchC, and SwitchB, the three
switches can exchange routing information. If the OSPFv3 protocol restarts on SwitchA,
SwitchA synchronizes data with the neighboring switches through GR.
Figure 5-22 Networking diagram for configuring OSPFv3 GR
VLANIF10
1000::1/64
GE0/0/1
SwitchA
1.1.1.1
VLANIF10
1000::2/64
GE0/0/1
VLANIF20 VLANIF20
2000::1/64 2000::2/64
GE0/0/2
GE0/0/1
SwitchB
2.2.2.2
SwitchC
3.3.3.3
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure IPv6 addresses for interfaces.
2.
Enable the basic OSPFv3 functions on each Switch.
3.
Enable the OSPFv3 helper in the OSPFv3 view of SwitchB.
4.
Enable the OSPFv3 GR in the OSPFv3 view of SwitchA.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
543
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
Procedure
Step 1 Add interfaces to VLANs.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA and are
not mentioned here.
Step 2 Assign IPv6 addresses to the VLANIF interfaces.
[SwitchA] ipv6
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ipv6 enable
[SwitchA-Vlanif10] ipv6 address 1000::1/64
[SwitchA-Vlanif10] quit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA and are
not mentioned here.
Step 3 Configure the basic OSPFv3 functions.
# On SwitchA, enable OSPFv3 and set the router ID to 1.1.1.1.
[SwitchA] ospfv3 100
[SwitchA-ospfv3-100] router-id 1.1.1.1
[SwitchA-ospfv3-100] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ospfv3 100 area 0
[SwitchA-Vlanif10] quit
# On SwitchB, enable OSPFv3 and set the router ID to 2.2.2.2.
[SwitchB] ospfv3 100
[SwitchB-ospfv3-100] router-id 2.2.2.2
[SwitchB-ospfv3-100] quit
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ospfv3 100 area 0
[SwitchB-Vlanif10] quit
[SwitchB] interface vlanif 20
[SwitchB-Vlanif20] ospfv3 100 area 0
[SwitchB-Vlanif20] quit
# On SwitchC, enable OSPFv3 and set the router ID to 3.3.3.3.
[SwitchC] ospfv3 100
[SwitchC-ospfv3-100] router-id 3.3.3.3
[SwitchC-ospfv3-100] quit
[SwitchC] interface vlanif 20
[SwitchC-Vlanif20] ospfv3 100 area 0
[SwitchC-Vlanif20] quit
Step 4 Enable OSPFv3 GR for SwitchA.
[SwitchA] ospfv3 100
[SwitchA-ospfv3-100] graceful-restart
[SwitchA-ospfv3-100] quit
Step 5 Enable OSPFv3 helper for SwitchB.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
544
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
[SwitchB] ospfv3 100
[SwitchB-ospfv3-100] helper-role
[SwitchB-ospfv3-100] quit
Step 6 Verify the configuration.
# Run the display ipv6 fib command on SwitchA to view the FIB information.
<SwitchA> display ipv6 fib
IPv6 FIB Table:
Total number of Routes : 5
Destination:
::1
NextHop
:
::1
Interface :
InLoopBack0
TimeStamp :
2007-06-25 17:31:46
Destination:
FE80::
NextHop
:
::
Interface :
NULL0
TimeStamp :
2007-06-25 17:31:46
Destination:
1000::1
NextHop
:
::1
Interface :
InLoopBack0
TimeStamp :
2007-06-25 17:31:46
Destination:
1000::
NextHop
:
1000::1
Interface :
Vlanif10
TimeStamp :
2007-06-25 17:31:46
Destination:
2000::
NextHop
:
FE80::200:1FF:FE00:200
Interface :
Vlanif10
TimeStamp :
2007-06-25 17:31:46
PrefixLength: 128
Flag
: HU
Tunnel ID
: 0x0
PrefixLength: 10
Flag
: BU
Tunnel ID
: 0x0
PrefixLength: 128
Flag
: HU
Tunnel ID
: 0x0
PrefixLength: 64
Flag
: U
Tunnel ID
: 0x0
PrefixLength: 64
Flag
: DGU
Tunnel ID
: 0x0
# Restart OSPFv3 process 100 on SwitchA without using the GR mechanism.
<SwitchA> reset ospfv3 100
# Run the display ipv6 fib command on SwitchA immediately to view the FIB information.
<SwitchA> display ipv6 fib
IPv6 FIB Table:
Total number of Routes : 4
Destination:
::1
NextHop
:
::1
Interface :
InLoopBack0
TimeStamp :
2007-06-25 17:31:46
Destination:
FE80::
NextHop
:
::
Interface :
NULL0
TimeStamp :
2007-06-25 17:31:46
Destination:
1000::1
NextHop
:
::1
Interface :
InLoopBack0
TimeStamp :
2007-06-25 17:31:46
Destination:
1000::
NextHop
:
1000::1
Interface :
Vlanif10
TimeStamp :
2007-06-25 17:31:46
PrefixLength: 128
Flag
: HU
Tunnel ID
: 0x0
PrefixLength: 10
Flag
: BU
Tunnel ID
: 0x0
PrefixLength: 128
Flag
: HU
Tunnel ID
: 0x0
PrefixLength: 64
Flag
: U
Tunnel ID
: 0x0
The preceding information shows that the FIB information on SwitchA is modified and the
forwarding service is affected.
# Restart OSPFv3 process 100 on SwitchA by using the GR mechanism.
<SwitchA> reset ospfv3 100 graceful-restart
# Run the display ipv6 fib command on SwitchA immediately to view the FIB information.
Check whether GR functions normally. If GR functions normally, the FIB information is not
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
545
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
modified and the forwarding is not affected when you restart the OSPFv3 process through GR
on SwitchA.
<SwitchA> display ipv6 fib
<SwitchA> display ipv6 fib
IPv6 FIB Table:
Total number of Routes : 5
Destination:
::1
NextHop
:
::1
Interface :
InLoopBack0
TimeStamp :
2007-06-25 17:31:46
Destination:
FE80::
NextHop
:
::
Interface :
NULL0
TimeStamp :
2007-06-25 17:31:46
Destination:
1000::1
NextHop
:
::1
Interface :
InLoopBack0
TimeStamp :
2007-06-25 17:31:46
Destination:
1000::
NextHop
:
1000::1
Interface :
Vlanif10
TimeStamp :
2007-06-25 17:31:46
Destination:
2000::
NextHop
:
FE80::200:1FF:FE00:200
Interface :
Vlanif10
TimeStamp :
2007-06-25 17:31:46
PrefixLength: 128
Flag
: HU
Tunnel ID
: 0x0
PrefixLength: 10
Flag
: BU
Tunnel ID
: 0x0
PrefixLength: 128
Flag
: HU
Tunnel ID
: 0x0
PrefixLength: 64
Flag
: U
Tunnel ID
: 0x0
PrefixLength: 64
Flag
: DGU
Tunnel ID
: 0x0
The preceding information shows that the FIB information on SwitchA is not modified and the
forwarding is not affected.
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
ipv6
#
vlan batch 10
#
interface Vlanif10
ipv6 enable
ipv6 address 1000::1/64
ospfv3 100 area 0.0.0.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
ospfv3 100
router-id 1.1.1.1
graceful-restart
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
ipv6
#
vlan batch 10 20
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
546
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
#
interface Vlanif10
ipv6 enable
ipv6 address 1000::2/64
ospfv3 100 area 0.0.0.0
#
interface Vlanif20
ipv6 enable
ipv6 address 2000::1/64
ospfv3 100 area 0.0.0.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
ospfv3 100
router-id 2.2.2.2
helper-role
#
return
l
Configuration file of SwitchC
#
sysname SwitchC
#
ipv6
#
vlan batch 20
#
interface Vlanif20
ipv6 enable
ipv6 address 2000::2/64
ospfv3 100 area 0.0.0.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
ospfv3 100
router-id 3.3.3.3
#
return
5.7 IPv4 IS-IS Configuration
You can build an IPv4 IS-IS network to allow IS-IS to discover and calculate routes in an
autonomous system (AS).
5.7.1 Example for Configuring Basic IS-IS Functions
Networking Requirements
As shown in Figure 5-23, there are four switches (SwitchA, SwitchB, SwitchC, and SwitchD)
on the network. The four switches need to communicate with each other. SwitchA and SwitchB
can only process a small amount of data because they have lower performance than the other
two switches.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
547
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
Figure 5-23 Networking diagram of configuring basic IS-IS functions
SwitchA
L1
GE0/0/1
VLANIF10
10.1.1.2/24
GE0/0/1
VLANIF10
10.1.1.1/24
IS-IS
Area 10 GE0/0/2
VLANIF20
10.1.2.1/24
SwitchC
L1/2
GE0/0/1
VLANIF30
192.168.0.2/24
GE0/0/3
VLANIF30
192.168.0.1/24
GE0/0/1
VLANIF20
10.1.2.2/24
GE0/0/2
VLANIF40
172.16.1.1/24
SwitchD
L2
IS-IS
Area 20
SwitchB
L1
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable IS-IS on each switch so that the switches can be interconnected. Configure SwitchA
and SwitchB as Level-1 devices to enable them to maintain less data.
Procedure
Step 1 Create VLANs and add corresponding interfaces to the VLANs.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 10
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 2 Assign an IP address to each VLANIF interface.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 10.1.1.2 24
[SwitchA-Vlanif10] quit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 3 Run the IS-IS progress on each Switch, specify the network entity title, and configure the level.
# Configure SwitchA.
[SwitchA] isis 1
[SwitchA-isis-1] is-level level-1
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
548
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
[SwitchA-isis-1] network-entity 10.0000.0000.0001.00
[SwitchA-isis-1] quit
# Configure SwitchB.
[SwitchB] isis 1
[SwitchB-isis-1] is-level level-1
[SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[SwitchB-isis-1] quit
# Configure SwitchC.
[SwitchC] isis 1
[SwitchC-isis-1] network-entity 10.0000.0000.0003.00
[SwitchC-isis-1] quit
# Configure SwitchD.
[SwitchD] isis 1
[SwitchD-isis-1] is-level level-2
[SwitchD-isis-1] network-entity 20.0000.0000.0004.00
[SwitchD-isis-1] quit
Step 4 Enable the IS-IS progress on each interface.
# Configure SwitchA.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] isis enable 1
[SwitchA-Vlanif10] quit
# Configure SwitchB.
[SwitchB] interface vlanif 20
[SwitchB-Vlanif20] isis enable 1
[SwitchB-Vlanif20] quit
# Configure SwitchC.
[SwitchC] interface vlanif 10
[SwitchC-Vlanif10] isis enable 1
[SwitchC-Vlanif10] quit
[SwitchC] interface vlanif 20
[SwitchC-Vlanif20] isis enable 1
[SwitchC-Vlanif20] quit
[SwitchC] interface vlanif 30
[SwitchC-Vlanif30] isis enable 1
[SwitchC-Vlanif30] quit
# Configure SwitchD.
[SwitchD] interface vlanif 30
[SwitchD-Vlanif30] isis enable 1
[SwitchD-Vlanif30] quit
[SwitchD] interface vlanif 40
[SwitchD-Vlanif40] isis enable 1
[SwitchD-Vlanif40] quit
Step 5 Verify the configuration.
# View the IS-IS LSDB of each Switch.
[SwitchA] display isis lsdb
Database information for ISIS(1)
-------------------------------Level-1 Link State Database
LSPID
Seq Num
Checksum
Holdtime
Length ATT/P/OL
------------------------------------------------------------------------------0000.0000.0001.00-00* 0x0000006e
0x953e
862
68
0/0/0
0000.0000.0002.00-00 0x0000006a
0xc015
766
68
0/0/0
0000.0000.0002.01-00 0x00000008
0xccb6
766
55
0/0/0
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
549
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
0000.0000.0003.00-00
0000.0000.0003.01-00
5 IP Routing
0x00000086
0x0000005e
0x529e
0xf238
1155
1155
111
55
1/0/0
0/0/0
Total LSP(s): 5
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
[SwitchB] display isis lsdb
Database information for ISIS(1)
-------------------------------Level-1 Link State Database
LSPID
Seq Num
Checksum
Holdtime
Length ATT/P/OL
------------------------------------------------------------------------------0000.0000.0001.00-00 0x0000006e
0x953e
899
68
0/0/0
0000.0000.0002.00-00* 0x0000006a
0xc015
808
68
0/0/0
0000.0000.0002.01-00* 0x00000008
0xccb6
808
55
0/0/0
0000.0000.0003.00-00 0x00000086
0x529e
1195
111
1/0/0
0000.0000.0003.01-00 0x0000005e
0xf238
1195
55
0/0/0
Total LSP(s): 5
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
[SwitchC] display isis lsdb
Database information for ISIS(1)
-------------------------------Level-1 Link State Database
LSPID
Seq Num
Checksum
Holdtime
Length ATT/P/OL
------------------------------------------------------------------------------0000.0000.0001.00-00 0x0000006e
0x953e
953
68
0/0/0
0000.0000.0002.00-00 0x0000006a
0xc015
859
68
0/0/0
0000.0000.0002.01-00 0x00000008
0xccb6
859
55
0/0/0
0000.0000.0003.00-00* 0x00000085
0x549d
937
111
1/0/0
0000.0000.0003.01-00* 0x0000005d
0xf437
937
55
0/0/0
Total LSP(s): 5
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
Level-2 Link State Database
LSPID
Seq Num
Checksum
Holdtime
Length ATT/P/OL
------------------------------------------------------------------------------0000.0000.0003.00-00* 0x0000008a
0x513c
876
100
0/0/0
0000.0000.0004.00-00 0x00000063
0x48ad
761
84
0/0/0
0000.0000.0004.01-00 0x0000005b
0x3aef
761
55
0/0/0
Total LSP(s): 3
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
[SwitchD] display isis lsdb
Database information for ISIS(1)
-------------------------------Level-2 Link State Database
LSPID
Seq Num
Checksum
Holdtime
Length ATT/P/OL
-------------------------------------------------------------------------------
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
550
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
0000.0000.0003.00-00 0x0000008a
0000.0000.0004.00-00* 0x00000063
0000.0000.0004.01-00* 0x0000005b
0x513c
0x48ad
0x3aef
901
789
789
100
84
55
0/0/0
0/0/0
0/0/0
Total LSP(s): 3
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
# View the IS-IS routing table of each Switch. A default route is available in the routing table
of the Level-1 devices and the next hop is a Level-1-2 device. The routing table of the Level-2
device contains all Level-1 and Level-2 routes.
[SwitchA] display isis route
Route information for ISIS(1)
----------------------------ISIS(1) Level-1 Forwarding Table
-------------------------------IPV4 Destination
IntCost
ExtCost ExitInterface
NextHop
Flags
------------------------------------------------------------------------------0.0.0.0/0
10
NULL
Vlanif10
10.1.1.1
A/-/-/192.168.0.0/24
20
NULL
Vlanif10
10.1.1.1
A/-/-/10.1.1.0/24
10
NULL
Vlanif10
Direct
D/-/L/10.1.2.0/24
20
NULL
Vlanif10
10.1.1.1
A/-/-/Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
[SwitchB] display isis route
Route information for ISIS(1)
----------------------------ISIS(1) Level-1 Forwarding Table
-------------------------------IPV4 Destination
IntCost
ExtCost ExitInterface
NextHop
Flags
------------------------------------------------------------------------------0.0.0.0/0
10
NULL
Vlanif20
10.1.2.1
A/-/-/192.168.0.0/24
20
NULL
Vlanif20
10.1.2.1
A/-/-/10.1.1.0/24
20
NULL
Vlanif20
10.1.2.1
A/-/-/10.1.2.0/24
10
NULL
Vlanif20
Direct
D/-/L/Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
[SwitchC] display isis route
Route information for ISIS(1)
----------------------------ISIS(1) Level-1 Forwarding Table
-------------------------------IPV4 Destination
IntCost
ExtCost ExitInterface
NextHop
Flags
------------------------------------------------------------------------------192.168.0.0/24
10
NULL
Vlanif30
Direct
D/-/L/10.1.1.0/24
10
NULL
Vlanif10
Direct
D/-/L/10.1.2.0/24
10
NULL
Vlanif20
Direct
D/-/L/Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
ISIS(1) Level-2 Forwarding Table
-------------------------------IPV4 Destination
IntCost
ExtCost ExitInterface
NextHop
Flags
-------------------------------------------------------------------------------
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
551
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
172.16.1.0/24
20
NULL
Vlanif30
192.168.0.2
A/-/-/192.168.0.0/24
10
NULL
Vlanif30
Direct
D/-/L/10.1.1.0/24
10
NULL
Vlanif10
Direct
D/-/L/10.1.2.0/24
10
NULL
Vlanif20
Direct
D/-/L/Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
[SwitchD] display isis route
Route information for ISIS(1)
----------------------------ISIS(1) Level-2 Forwarding Table
-------------------------------IPV4 Destination
IntCost
ExtCost ExitInterface
NextHop
Flags
------------------------------------------------------------------------------172.16.1.0/24
10
NULL
Vlanif40
Direct
D/-/L/192.168.0.0/24
10
NULL
Vlanif30
Direct
D/-/L/10.1.1.0/24
20
NULL
Vlanif30
192.168.0.1
A/-/-/10.1.2.0/24
20
NULL
Vlanif30
192.168.0.1
A/-/-/Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
isis 1
is-level level-1
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
isis enable 1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 20
#
isis 1
is-level level-1
network-entity 10.0000.0000.0002.00
#
interface Vlanif20
ip address 10.1.2.2 255.255.255.0
isis enable 1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
552
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
#
return
l
Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 10 20 30
#
isis 1
network-entity 10.0000.0000.0003.00
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
isis enable 1
#
interface Vlanif20
ip address 10.1.2.1 255.255.255.0
isis enable 1
#
interface Vlanif30
ip address 192.168.0.1 255.255.255.0
isis enable 1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
return
l
Configuration file of SwitchD
#
sysname SwitchD
#
vlan batch 30 40
#
isis 1
is-level level-2
network-entity 20.0000.0000.0004.00
#
interface Vlanif30
ip address 192.168.0.2 255.255.255.0
isis enable 1
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
isis enable 1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
Return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
553
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
5.7.2 Example for Configuring IS-IS Route Aggregation
Networking Requirements
As shown in Figure 5-24, three switches run IS-IS to communicate with each other. SwitchA
is a Level-2 device, SwitchB is a Level-1-2 device, and SwitchC is a Level-1 device. SwitchA
is heavily loaded because there are too many routing entries on the IS-IS network. Therefore,
system resource consumption of SwitchA needs to be reduced.
Figure 5-24 Networking diagram for configuring IS-IS route aggregation
Network1
172.1.1.0/24
Network2
172.1.2.0/24
GE0/0/2
VLANIF20
172.1.1.1/24
GE0/0/3
VLANIF30
172.1.2.1/24
Network3
172.1.3.0/24
SwitchB
GE0/0/1 SwitchA
GE0/0/1 L1/L2
L2
VLANIF50
VLANIF10
172.2.1.1/24
172.1.4.2/24
GE0/0/2
GE0/0/1
VLANIF50
VLANIF10
172.2.1.2/24
172.1.4.1/24
Area20
SwitchC
L1
GE0/0/4
VLANIF40
172.1.3.1/24
Area10
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure IP addresses for interfaces and enable IS-IS on each switch so that the switches
can be interconnected.
2.
Configure route summarization on SwitchB to reduce the routing table size of SwitchA
without affecting data forwarding so that the system resource consumption of SwitchA can
be reduced.
Procedure
Step 1 Create VLANs and add corresponding interfaces to the VLANs.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 10
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
554
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 2 Assign an IP address to each VLANIF interface.
[SwitchA] interface vlanif 50
[SwitchA-Vlanif50] ip address 172.2.1.1 24
[SwitchA-Vlanif50] quit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 3 Configure the basic IS-IS functions.
# Configure SwitchA.
[SwitchA] isis 1
[SwitchA-isis-1] is-level level-2
[SwitchA-isis-1] network-entity 20.0000.0000.0001.00
[SwitchA-isis-1] quit
[SwitchA] interface vlanif 50
[SwitchA-Vlanif50] isis enable 1
[SwitchA-Vlanif50] quit
# Configure SwitchB.
[SwitchB] isis 1
[SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[SwitchB-isis-1] quit
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] isis enable 1
[SwitchB-Vlanif10] quit
[SwitchB] interface vlanif 50
[SwitchB-Vlanif50] isis enable 1
[SwitchB-Vlanif50] quit
# Configure SwitchC.
[SwitchC] isis 1
[SwitchC-isis-1] is-level level-1
[SwitchC-isis-1] network-entity 10.0000.0000.0003.00
[SwitchC-isis-1] quit
[SwitchC] interface vlanif 10
[SwitchC-Vlanif10] isis enable 1
[SwitchC-Vlanif10] quit
The configurations of the VLANIF 20, VLANIF 30, and VLANIF 40 interfaces are similar to
the configuration of VLANIF 10, and are not mentioned here.
Step 4 Check the IS-IS routing table of SwitchA.
[SwitchA]display isis route
Route information for ISIS(1)
----------------------------ISIS(1) Level-2 Forwarding Table
-------------------------------IPV4 Destination
IntCost
ExtCost ExitInterface
NextHop
Flags
------------------------------------------------------------------------172.2.1.0/24
10
NULL
Vlanif50
Direct
D/-/L/172.1.1.0/24
30
NULL
Vlanif50
172.2.1.2
A/-/-/172.1.2.0/24
30
NULL
Vlanif50
172.2.1.2
A/-/-/172.1.3.0/24
30
NULL
Vlanif50
172.2.1.2
A/-/-/172.1.4.0/24
20
NULL
Vlanif50
172.2.1.2
A/-/-/-
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
555
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
Step 5 Configure route aggregation on SwitchB.
# Aggregate 172.1.1.0/24, 172.1.2.0/24, 172.1.3.0./24, and 172.1.4.0/24 as 172.1.0.0/16 on
SwitchB.
[SwitchB] isis 1
[SwitchB-isis-1] summary 172.1.0.0 255.255.0.0 level-1-2
[SwitchB-isis-1] quit
Step 6 Verify the configuration.
# Check the routing table of SwitchA, and you can find that 172.1.1.0/24, 172.1.2.0/24,
172.1.3.0./24 and 172.1.4.0/24 are aggregated as 172.1.0.0/16.
[SwitchA] display isis route
Route information for ISIS(1)
----------------------------ISIS(1) Level-2 Forwarding Table
-------------------------------IPV4 Destination
IntCost
ExtCost ExitInterface
NextHop
Flags
------------------------------------------------------------------------172.2.1.0/24
10
NULL
Vlanif50
Direct
D/-/L/172.1.0.0/16
20
NULL
Vlanif50
172.2.1.2
A/-/-/Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
----End
Configuration Files
l
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 50
#
isis 1
is-level level-2
network-entity 20.0000.0000.0001.00
#
interface Vlanif50
ip address 172.2.1.1 255.255.255.0
isis enable 1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 50
#
return
l
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10 50
#
isis 1
network-entity 10.0000.0000.0002.00
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
556
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
summary 172.1.0.0 255.255.0.0 level-1-2
#
interface Vlanif10
ip address 172.1.4.2 255.255.255.0
isis enable 1
#
interface Vlanif50
ip address 172.2.1.2 255.255.255.0
isis enable 1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 50
#
return
l
Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 10 20 30 40
#
isis 1
is-level level-1
network-entity 10.0000.0000.0003.00
#
interface Vlanif10
ip address 172.1.4.1 255.255.255.0
isis enable 1
#
interface Vlanif20
ip address 172.1.1.1 255.255.255.0
isis enable 1
#
interface Vlanif30
ip address 172.1.2.1 255.255.255.0
isis enable 1
#
interface Vlanif40
ip address 172.1.3.1 255.255.255.0
isis enable 1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 40
#
return
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
557
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
5.7.3 Example for Configuring the DIS Election
Networking Requirements
As shown in Figure 5-25, four switches on the broadcast network communicate using IS-IS.
SwitchA and SwitchB are Level-1-2 devices, SwitchC is a Level-1 device, and SwitchD is a
Level-2 device. SwitchA with high performance needs to be configured as a Level-2 DIS.
Figure 5-25 Networking diagram for configuring the DIS election
SwitchA
L1/L2
GE0/0/1
VLANIF10
10.1.1.1/24
GE0/0/1
VLANIF10
10.1.1.2/24
GE0/0/1
VLANIF10
10.1.1.3/24
SwitchC
L1
SwitchB
L1/L2
GE0/0/1
VLANIF10
10.1.1.4/24
SwitchD
L2
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure IS-IS to enable network interconnectivity.
2.
Configure the DIS priority of Switch A to 100 so that SwitchA can be elected as a Level-2
DIS.
Procedure
Step 1 Create VLANs and add corresponding interfaces to the VLANs.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 10
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 2 Assign an IP address to each VLANIF interface.
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
558
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 10.1.1.1 24
[SwitchA-Vlanif10] quit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 3 View the MAC address of the VLANIF 10 interface on each Switch.
# View the MAC address of the VLANIF 10 interface on SwitchA.
[SwitchA] display arp interface vlanif 10
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN/CEVLAN PVC
-----------------------------------------------------------------------------10.1.1.1
00e0-fc10-afec
I Vlanif10
-----------------------------------------------------------------------------Total:1
Dynamic:0
Static:0
Interface:1
# View the MAC address of the VLANIF 10 interface on SwitchB.
[SwitchB] display arp interface vlanif 10
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN/CEVLAN PVC
-----------------------------------------------------------------------------10.1.1.2
00e0-fccd-acdf
I Vlanif10
-----------------------------------------------------------------------------Total:1
Dynamic:0
Static:0
Interface:1
# View the MAC address of the VLANIF 10 interface on SwitchC.
[SwitchC] display arp interface vlanif 10
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN/CEVLAN PVC
-----------------------------------------------------------------------------10.1.1.3
00e0-fc50-25fe
I Vlanif10
-----------------------------------------------------------------------------Total:1
Dynamic:0
Static:0
Interface:1
# View the MAC address of the VLANIF 10 interface on SwitchD.
[SwitchD] display arp interface vlanif 10
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN/CEVLAN PVC
-----------------------------------------------------------------------------10.1.1.4
00e0-fcfd-305c
I Vlanif10
-----------------------------------------------------------------------------Total:1
Dynamic:0
Static:0
Interface:1
Step 4 Configure the basic IS-IS functions.
# Configure SwitchA.
[SwitchA] isis 1
[SwitchA-isis-1] network-entity 10.0000.0000.0001.00
[SwitchA-isis-1] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] isis enable 1
[SwitchA-Vlanif10] quit
# Configure SwitchB.
[SwitchB] isis 1
[SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[SwitchB-isis-1] quit
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] isis enable 1
[SwitchB-Vlanif10] quit
# Configure SwitchC.
[SwitchC] isis 1
[SwitchC-isis-1] network-entity 10.0000.0000.0003.00
Issue 04 (2013-11-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
559
S2350&S5300&S6300 Series Ethernet Switches
Typical Configuration Examples
5 IP Routing
[SwitchC-isis-1] is-level level-1
[SwitchC-isis-1] quit
[SwitchC] interface vlanif 10
[SwitchC-Vlanif10] isis enable 1
[SwitchC-Vlanif10] quit
# Configure SwitchD.
[SwitchD] isis 1
[SwitchD-isis-1] network-entity 10.0000.0000.0004.00
[SwitchD-isis-1] is-level level-2
[SwitchD-isis-1] quit
[SwitchD] interface vlanif 10
[SwitchD-Vlanif10] isis enable 1
[SwitchD-Vlanif10] quit
# View information about the IS-IS neighbors of SwitchA.
[SwitchA] display isis peer
Peer information for ISIS(1)
System Id
Interface
Circuit Id
State HoldTime Type
PRI
------------------------------------------------------------
Related documents
WORK SOCIOLOGY PRESENTATION SLIDE
WORK SOCIOLOGY PRESENTATION SLIDE
CCNA3 Skills Exam 2
CCNA3 Skills Exam 2
Northampton Community College CISC271a – CCNA 3
Northampton Community College CISC271a – CCNA 3
Readme 980
Readme 980
Fresh Graduate Software Engineers
Fresh Graduate Software Engineers
Chapter 5: Networking Components Overview
Chapter 5: Networking Components Overview
Download