Configuration Guide - LAN Access and MAN Access (V600R003C00 - 01)

HUAWEI CX600 Metro Services Platform V600R003C00
Configuration Guide - LAN Access and MAN Access

Issue Date 01 2011-05-30
HUAWEI TECHNOLOGIES CO., LTD.
Copyright Huawei Technologies Co., Ltd. 2011. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China http://www.huawei.com support@huawei.com
Website: Email:
Issue 01 (2011-05-30)
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.
HUAWEI CX600 Metro Services Platform Configuration Guide - LAN Access and MAN Access
About This Document
About This Document

Purpose
This manual describes LAN access and MAN access technologies, including principles, configuration steps, and configuration examples of MAC address, Ethernet, LACP, VLAN, QinQ, MSTP, BPDU tunnel, RRPP and RPR.
NOTE
l This document takes interface numbers and link types of the CX600-X8 as an example. In working situations, the actual interface numbers and link types may be different from those used in this document. l On CX600 series excluding CX600-X1 and CX600-X2, line processing boards are called Line Processing Units (LPUs) and switching fabric boards are called Switching Fabric Units (SFUs). On the CX600-X1 and CX600-X2, there are no LPUs and SFUs, and NPUs implement the same functions of LPUs and SFUs to exchange and forward packets.
Intended Audience
This document is intended for: l l l l Commissioning engineer Data configuration engineer Network monitoring engineer System maintenance engineer
Symbol Conventions
The symbols that may be found in this document are defined as follows. Symbol Description
DANGER
Alerts you to a high risk hazard that could, if not avoided, result in serious injury or death. Alerts you to a medium or low risk hazard that could, if not avoided, result in moderate or minor injury.
WARNING
Issue 01 (2011-05-30)
iii
About This Document
Symbol
Description
CAUTION
TIP
Alerts you to a potentially hazardous situation that could, if not avoided, result in equipment damage, data loss, performance deterioration, or unanticipated results. Provides a tip that may help you solve a problem or save time. Provides additional information to emphasize or supplement important points in the main text.
NOTE
Change History
Changes between document issues are cumulative. The latest document issue contains all the changes made in earlier issues.
Changes in Issue 01 (2011-05-30)

This is the first release.
iv
Issue 01 (2011-05-30)
Contents
Contents
About This Document...................................................................................................................iii 1 MAC Address Table Configuration.......................................................................................1-1
1.1 MAC Address Table Introduction...................................................................................................................1-2 1.1.1 MAC Address Table Overview..............................................................................................................1-2 1.1.2 MAC Addresses Learning Limit Supported by the CX600...................................................................1-2 1.2 Configuring the MAC Address Table Based on the VLAN and Layer 2 Interface........................................1-3 1.2.1 Establishing the Configuration Task......................................................................................................1-3 1.2.2 Configuring MAC Address Entries........................................................................................................1-4 1.2.3 Configuring MAC Address Entries Based on the Layer 2 VE Interface...............................................1-5 1.2.4 Checking the Configuration...................................................................................................................1-6 1.3 Configuring the MAC Address Table Based on the VSI and Layer 3 Interface.............................................1-7 1.3.1 Establishing the Configuration Task......................................................................................................1-7 1.3.2 Configuring MAC Address Entries........................................................................................................1-8 1.3.3 Configuring MAC Address Entries Based on the VLANIF Interface...................................................1-9 1.3.4 Checking the Configuration.................................................................................................................1-10 1.4 Configuring the Aging Time of a MAC Address Table................................................................................1-11 1.4.1 Establishing the Configuration Task....................................................................................................1-12 1.4.2 Setting the Aging Time of a MAC Address Table...............................................................................1-12 1.4.3 Checking the Configuration.................................................................................................................1-13 1.5 Maintaining MAC Address Table.................................................................................................................1-13 1.5.1 Clearing the Dynamic MAC Address..................................................................................................1-14 1.6 Configuration Examples................................................................................................................................1-14 1.6.1 Example for Configuring the MAC Address Table Based on the Interface and VLAN......................1-15 1.6.2 Example for Configuring the MAC Address Table Based on the dot1q Termination Sub-interface and VSI................................................................................................................................................................1-19 1.6.3 Example for Configuring the MAC Address Table Based on the QinQ Termination Sub-interface and VSI................................................................................................................................................................1-26 1.6.4 Example for Configuring the MAC Address Table Based on the VLANIF Interface and VSI...........1-35 1.6.5 Example for Configuring the MAC Address Table Based on the VLAN and Layer 2 VE Interface .......................................................................................................................................................................1-44 1.6.6 Example for Configuring the MAC Address Table Based on the Interface and VSI..........................1-46
2 Ethernet Interface Configuration............................................................................................2-1

2.1 Ethernet Interface Introduction.......................................................................................................................2-2 Issue 01 (2011-05-30) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. v
Contents
HUAWEI CX600 Metro Services Platform Configuration Guide - LAN Access and MAN Access 2.1.1 Introduction to Ethernet Interfaces.........................................................................................................2-2 2.1.2 Features of Ethernet Interfaces Supported by the CX600......................................................................2-3
2.2 Configuring Ethernet Interfaces of the Interface Board..................................................................................2-7 2.2.1 Establishing the Configuration Task......................................................................................................2-8 2.2.2 Configuring the MTU of an Ethernet Interface......................................................................................2-8 2.2.3 Configuring the Working Mode of an Ethernet Interface....................................................................2-10 2.2.4 Configuring the Speed of an Ethernet Electrical Interface...................................................................2-10 2.2.5 Configuring the GE/FE Optical/Electrical Interface............................................................................2-11 2.2.6 Configuring LAN/WAN Transmission Mode for a 10 GE Interface...................................................2-12 2.2.7 Configuring Overhead Bytes of the 10GE WAN Interface.................................................................2-13 2.2.8 Configuring Flow Control on the GE Interface...................................................................................2-13 2.2.9 Configuring Self-Loop Detection on the GE Interface........................................................................2-14 2.2.10 Switching the Working Mode of an Ethernet Interface.....................................................................2-14 2.2.11 Checking the Configuration...............................................................................................................2-15 2.3 Configuring Ethernet Interfaces of the SRU.................................................................................................2-17 2.3.1 Establishing the Configuration Task....................................................................................................2-17 2.3.2 Assigning an IP Address to an Ethernet Interface................................................................................2-18 2.3.3 Configuring the Working Mode of an Ethernet Electrical Interface....................................................2-18 2.3.4 Configuring the Speed of an Ethernet Electrical Interface...................................................................2-19 2.3.5 Configuring the Promiscuity Mode......................................................................................................2-20 2.4 Configuring Ethernet Interfaces Layer 2 Parameters....................................................................................2-20 2.4.1 Establishing the Configuration Task....................................................................................................2-20 2.4.2 Configuring Link Layer Type of an Ethernet Interface.......................................................................2-21 2.5 Configuring SmartLink Flush Function........................................................................................................2-22 2.5.1 Establishing the Configuration Task....................................................................................................2-22 2.5.2 Enabling a Port to Process SmartLink Flush Packets..........................................................................2-23 2.6 Maintaining Ethernet Interfaces....................................................................................................................2-24 2.6.1 Testing the Loop of Ethernet Interfaces...............................................................................................2-24 2.7 Configuration Examples................................................................................................................................2-24 2.7.1 Example for Configuring a Layer 3 Ethernet Interface........................................................................2-25 2.7.2 Example for Configuring VLANs to Communicate Through Ethernet Sub-interfaces.......................2-27 2.7.3 Example for Configuring a Device to Handle Smartlink Flush Packets..............................................2-27
3 Eth-Trunk Interface Configuration........................................................................................3-1

3.1 Eth-Trunk Interface Introduction.................................................................................................................... 3-3 3.1.1 Introduction to Eth-Trunk Interfaces and LACP....................................................................................3-3 3.1.2 Eth-Trunk Interface and LACP Features Supported by the CX600.......................................................3-5 3.2 Configuring an Eth-Trunk Interface in Manual Load Balancing Mode..........................................................3-8 3.2.1 Establishing the Configuration Task......................................................................................................3-8 3.2.2 Creating an Eth-Trunk Interface.............................................................................................................3-9 3.2.3 (Optional) Configuring a Working Mode for an Eth-Trunk Interface.................................................3-10 3.2.4 Configuring an Eth-Trunk Interface to Work in Manual Load Balancing Mode................................3-10 3.2.5 Adding Interfaces to an Eth-Trunk Interface.......................................................................................3-11 vi Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2011-05-30)
Contents
3.2.6 Checking the Configuration.................................................................................................................3-13 3.3 Configuring an Eth-Trunk Interface in 1:1 Active/Standby Mode...............................................................3-13 3.3.1 Establishing the Configuration Task....................................................................................................3-14 3.3.2 Configuring an Eth-Trunk Interface to Work in 1:1 Active/Standby Mode........................................3-15 3.3.3 Adding Interfaces to an Eth-Trunk Interface and Setting the Master Interface...................................3-16 3.3.4 Enabling the Function of Sending Flush Packets.................................................................................3-17 3.3.5 Creating a Control VLAN....................................................................................................................3-17 3.3.6 Enabling an Interface to Receive Packets from a Control VLAN.......................................................3-18 3.3.7 Enabling an Interface to Receive Flush Packets..................................................................................3-19 3.3.8 Checking the Configuration.................................................................................................................3-19 3.4 Configuring an Eth-Trunk Interface in Static LACP Mode..........................................................................3-20 3.4.1 Establishing the Configuration Task....................................................................................................3-21 3.4.2 Creating an Eth-Trunk Interface...........................................................................................................3-22 3.4.3 (Optional) Configuring a Working Mode for an Eth-Trunk Interface.................................................3-22 3.4.4 Configuring an Eth-Trunk Interface to Work in Static LACP Mode...................................................3-23 3.4.5 Adding Interfaces to an Eth-Trunk Interface.......................................................................................3-24 3.4.6 (Optional) Setting an LACP System Priority.......................................................................................3-25 3.4.7 (Optional) Setting the Maximum Number of Active Member Interfaces............................................3-26 3.4.8 (Optional) Setting an LACP Interface Priority....................................................................................3-26 3.4.9 (Optional) Configuring the Mode for Selecting Active Member Interfaces........................................3-27 3.4.10 (Optional) Enabling LACP Preemption and Setting an LACP Preemption Delay............................3-28 3.4.11 (Optional) Setting a Timeout Period for Receiving LACPDUs.........................................................3-29 3.4.12 Checking the Configuration...............................................................................................................3-29 3.5 Associating an Eth-Trunk Interface in Static LACP Mode with an mVRRP Backup Group.......................3-31 3.5.1 Establishing the Configuration Task....................................................................................................3-31 3.5.2 Configuring VRRP to Track the Status of a Member Interface of an Eth-Trunk Interface in Static LACP Mode..............................................................................................................................................................3-34 3.5.3 Associating an Eth-Trunk Interface in Static LACP Mode with an mVRRP Backup Group..............3-35 3.5.4 Checking the Configuration.................................................................................................................3-35 3.6 Configuring Layer 2 Attributes for an Eth-Trunk Interface..........................................................................3-36 3.6.1 Establishing the Configuration Task....................................................................................................3-37 3.6.2 (Optional) Configuring the Minimum Number of Up Member Links.................................................3-38 3.6.3 (Optional) Configuring the Maximum Number of Up Member Links................................................3-39 3.6.4 (Optional) Configuring an Eth-Trunk Interface to Carry Out Load Balancing...................................3-39 3.6.5 (Optional) Configuring Weights for Member Interfaces.....................................................................3-40 3.6.6 (Optional) Configuring the Mode for Eth-Trunk Member Interfaces to Send Traps...........................3-41 3.6.7 Checking the Configuration.................................................................................................................3-41 3.7 Configuring Layer 3 Attributes for an Eth-Trunk Interface..........................................................................3-43 3.7.1 Establishing the Configuration Task....................................................................................................3-44 3.7.2 Configuring an IP address for an Eth-Trunk Interface.........................................................................3-44 3.7.3 (Optional) Configuring a MAC Address for an Eth-Trunk Interface..................................................3-45 3.7.4 (Optical) Configuring the MTU for an Eth-Trunk Interface................................................................3-45 3.7.5 (Optional) Configuring the Minimum Number of Up Member Links.................................................3-46 Issue 01 (2011-05-30) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. vii
Contents
HUAWEI CX600 Metro Services Platform Configuration Guide - LAN Access and MAN Access 3.7.6 (Optional) Configuring a Load Balancing Mode for an Eth-Trunk Interface......................................3-47 3.7.7 (Optional) Configuring Weights for Member Interfaces.....................................................................3-47 3.7.8 (Optional) Configuring the Load Balancing Mode for Access Users on an Eth-Trunk Interface.......3-48 3.7.9 (Optional) Configuring the Mode for Eth-Trunk Member Interfaces to Send Traps...........................3-49 3.7.10 Checking the Configuration...............................................................................................................3-49
3.8 Configuring an Eth-Trunk Sub-interface......................................................................................................3-51 3.8.1 Establishing the Configuration Task....................................................................................................3-52 3.8.2 Creating an Eth-Trunk Sub-interface...................................................................................................3-52 3.8.3 Configuring an IP address for an Eth-Trunk Sub-interface.................................................................3-53 3.8.4 Configuring the Encapsulation Type for an Eth-Trunk Sub-interface.................................................3-54 3.8.5 (Optical) Configuring the MTU for an Eth-Trunk Sub-interface.........................................................3-54 3.8.6 (Optional) Configuring the Rate for Eth-Trunk Sub-interfaces to Send Gratuitous ARP Packets......3-55 3.8.7 Checking the Configuration.................................................................................................................3-56 3.9 Configuring E-Trunk.....................................................................................................................................3-56 3.9.1 Establishing the Configuration Task....................................................................................................3-58 3.9.2 Configuring the LACP System ID and Priority for E-Trunk...............................................................3-59 3.9.3 Creating an E-Trunk Group and Configuring the E-Trunk Priority.....................................................3-59 3.9.4 Configuring Local and Peer IP Addresses...........................................................................................3-60 3.9.5 (Optional)Binding an E-Trunk Group to a BFD Session.....................................................................3-61 3.9.6 Adding an Eth-Trunk Interface to an E-Trunk Group..........................................................................3-61 3.9.7 (Optional) Configuring the Working Mode for an Eth-Trunk Interface..............................................3-62 3.9.8 (Optional) Configuring a Password......................................................................................................3-63 3.9.9 (Optional) Configuring a Timeout Period............................................................................................3-64 3.9.10 (Optional) Setting a Revert Delay......................................................................................................3-65 3.9.11 Checking the Configuration...............................................................................................................3-65 3.10 Maintaining Eth-Trunk Interfaces...............................................................................................................3-66 3.10.1 Clearing Statistics About an Eth-Trunk Interface..............................................................................3-66 3.11 Configuration Examples..............................................................................................................................3-67 3.11.1 Example for Configuring Eth-Trunk Interfaces in Manual Load Balancing Mode...........................3-68 3.11.2 Example for Configuring an Eth-Trunk Interface in 1:1 Active/Standby Mode...............................3-70 3.11.3 Example for Configuring Eth-Trunk Interfaces in Static LACP Mode.............................................3-75 3.11.4 Example for Associating an Eth-Trunk Interface in Static LACP Mode with an mVRRP Backup Group .......................................................................................................................................................................3-80 3.11.5 Example for Configuring Eth-Trunk Interfaces in Static LACP Mode to Communicate over a VLL Network.........................................................................................................................................................3-90 3.11.6 Example for Configuring a Layer 2 Eth-Trunk Interface to Allow VLAN Frames to Pass Through .......................................................................................................................................................................3-99 3.11.7 Example for Configuring a Layer 3 Eth-Trunk Interface in Manual Load Balancing Mode..........3-102 3.11.8 Example for Configuring Inter-VLAN Communication by Using Eth-Trunk Sub-interfaces........3-104 3.11.9 Example for Connecting an E-Trunk to a VPLS Network...............................................................3-108 3.11.10 Example for Connecting an E-Trunk to PW Redundancy.............................................................3-120
4 VLAN Configuration.................................................................................................................4-1
4.1 VLAN Introduction.........................................................................................................................................4-3 viii Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2011-05-30)
Contents
4.1.1 Introduction............................................................................................................................................4-3 4.1.2 VLAN Features Supported by the CX600...........................................................................................4-10 4.2 Configuring a VLAN Based on Ports...........................................................................................................4-15 4.2.1 Establishing the Configuration Task....................................................................................................4-15 4.2.2 Creating a VLAN.................................................................................................................................4-16 4.2.3 Configuring the Type of a Layer 2 Ethernet Port.................................................................................4-17 4.2.4 Adding a Port to a VLAN....................................................................................................................4-19 4.2.5 Checking the Configuration.................................................................................................................4-20 4.3 Creating a VLANIF Interface........................................................................................................................4-21 4.3.1 Establishing the Configuration Task....................................................................................................4-21 4.3.2 Creating a VLANIF Interface...............................................................................................................4-22 4.3.3 Assigning an IP Address to a VLANIF Interface................................................................................4-22 4.3.4 (Optional) Setting a Delay After Which a VLANIF Interface Goes Down.........................................4-23 4.3.5 (Optional) Configuring Bandwidth for a VLANIF Interface...............................................................4-24 4.3.6 Checking the Configuration.................................................................................................................4-24 4.4 Configuring Inter-VLAN Communication....................................................................................................4-25 4.4.1 Establishing the Configuration Task....................................................................................................4-25 4.4.2 Configuring Sub-interfaces for Inter-VLAN Communication.............................................................4-27 4.4.3 Configuring VLANIF Interfaces for Inter-VLAN Communication.....................................................4-29 4.4.4 Configuring VLAN Mapping for Inter-VLAN Communication.........................................................4-30 4.4.5 Checking the Configuration.................................................................................................................4-32 4.5 Configuring VLAN Security Attributes........................................................................................................4-34 4.5.1 Establishing the Configuration Task....................................................................................................4-34 4.5.2 Disabling a Port from Broadcasting Packets to Other Ports in the Same VLAN................................4-37 4.5.3 Disabling MAC Address Learning in a VLAN....................................................................................4-38 4.5.4 Enabling Flexible MAC Address Learning in a VLAN.......................................................................4-39 4.5.5 (Optional) Disabling an Interface from Sending Unknown Unicast Packets to Other Interfaces in a VLAN .......................................................................................................................................................................4-40 4.5.6 Checking the Configuration.................................................................................................................4-41 4.6 Configuring VLAN Aggregation to Save IP Addresses...............................................................................4-41 4.6.1 Establishing the Configuration Task....................................................................................................4-42 4.6.2 Creating a Sub-VLAN..........................................................................................................................4-43 4.6.3 Creating a Super-VLAN.......................................................................................................................4-44 4.6.4 Assigning an IP Address to the VLANIF Interface of a Super-VLAN................................................4-45 4.6.5 (Optional) Configuring an IP Address Pool for a Sub-VLAN.............................................................4-45 4.6.6 (Optional) Enabling Proxy ARP on the VLANIF Interface of a Super-VLAN...................................4-46 4.6.7 Checking the Configuration.................................................................................................................4-47 4.7 Configuring VLAN Policy-based VPN Access............................................................................................4-48 4.7.1 Establishing the Configuration Task....................................................................................................4-48 4.7.2 Configuring a VLAN Policy................................................................................................................4-50 4.7.3 Configuring a VPN...............................................................................................................................4-52 4.7.4 Checking the Configuration.................................................................................................................4-53 4.8 Configuring Interface Isolation in a VLAN..................................................................................................4-54 Issue 01 (2011-05-30) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. ix
Contents
HUAWEI CX600 Metro Services Platform Configuration Guide - LAN Access and MAN Access 4.8.1 Establishing the Configuration Task....................................................................................................4-54 4.8.2 Configuring Interface Isolation in a VLAN.........................................................................................4-55 4.8.3 Enabling ARP Proxy in a VLAN.........................................................................................................4-56
4.9 Configuring the Isolation Based on Interface Groups in a VLAN................................................................4-57 4.9.1 Establishing the Configuration Task....................................................................................................4-57 4.9.2 Adding an Interface to the Group to Be Isolated..................................................................................4-58 4.9.3 Checking the Configuration.................................................................................................................4-58 4.10 Configuring Ethernet Loop Detection for a VLAN....................................................................................4-59 4.10.1 Establishing the Configuation Task...................................................................................................4-59 4.10.2 Configuring Ethernet Loop Detection for a VLAN...........................................................................4-60 4.10.3 (Optional) Configuring the Block Priority for an Interface...............................................................4-61 4.10.4 Checking the Configuration...............................................................................................................4-62 4.11 Maintaining VLAN.....................................................................................................................................4-62 4.11.1 Clearing the Statistics of VLAN Packets...........................................................................................4-62 4.12 Configuration Examples..............................................................................................................................4-63 4.12.1 Example for Configuring Users in a VLAN to Communicate by Using a Trunk Link.....................4-64 4.12.2 Example for Configuring Inter-VLAN Communication by Using Sub-interfaces............................4-69 4.12.3 Example for Configuring VLAN and Non-VLAN Users to Communicate by Using Sub-interfaces .......................................................................................................................................................................4-73 4.12.4 Example for Configuring Inter-VLAN Communication by Using VLANIF Interfaces....................4-76 4.12.5 Example for Configuring 1 to 1 VLAN Mapping for Inter-VLAN Communication........................4-80 4.12.6 Example for Configuring Communication Between VLANs Through VLAN Aggregation............4-84 4.12.7 Example for Configuring VLAN+802.1p for L2VPN Access (on a Common Sub-interface)..........4-88 4.12.8 Example for Configuring VLAN+DSCP for L2VPN Access (on a Common Sub-interface)...........4-94 4.12.9 Example for Configuring VLAN+EthType for L2VPN Access (on a Common Sub-interface).....4-100 4.12.10 Example for Configuring VLAN+DSCP for L3VPN Access (on a Common Sub-interface).......4-106 4.12.11 Example for Configuring VLAN+802.1p for L3VPN Access (on a Common Sub-interface)......4-115 4.12.12 Example for Configuring Untagged+DSCP for L3VPN Access...................................................4-124 4.12.13 Example for Configuring Interface Isolation in a VLAN..............................................................4-133 4.12.14 Example for Configuring the Isolation Based on Interface Groups in a VLAN............................4-135 4.12.15 Example for Configuring Ethernet Loop Detection for a VLAN..................................................4-138
5 QinQ Configuration..................................................................................................................5-1
5.1 QinQ Introduction...........................................................................................................................................5-3 5.1.1 QinQ Overview......................................................................................................................................5-3 5.1.2 QinQ Feature Supported by the CX600.................................................................................................5-4 5.2 Configuring the QinQ Tunnel Function........................................................................................................5-13 5.2.1 Establishing the Configuration Task....................................................................................................5-14 5.2.2 Creating the Outer VLAN Tag for a Layer 2 Interface........................................................................5-14 5.2.3 Configuring QinQ for a Layer 2 Interface............................................................................................5-15 5.2.4 (Optional) Configuring the Protocol Type for the Outer Tag..............................................................5-16 5.2.5 (Optional) Configuring the Protocol Type for the InnerTag................................................................5-16 5.2.6 Checking the Configuration.................................................................................................................5-17 x Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2011-05-30)
Contents
5.3 Configuring Selective QinQ on a Layer 2 Interface......................................................................................5-17 5.3.1 Establishing the Configuration Task....................................................................................................5-18 5.3.2 Creating the Outer VLAN Tag for a Layer 2 Interface........................................................................5-19 5.3.3 Configuring Selective QinQ on a Layer 2 Interface.............................................................................5-19 5.3.4 (Optional) Configuring the Protocol Type for the Outer Tag..............................................................5-20 5.3.5 (Optional) Configuring the Protocol Type for the InnerTag................................................................5-20 5.3.6 Checking the Configuration.................................................................................................................5-21 5.4 Configuring the Sub-interface for VLAN Tag Termination to Access the IP Service.................................5-22 5.4.1 Establishing the Configuration Task....................................................................................................5-22 5.4.2 Configuring the Interface Mode as the User-Termination Mode.........................................................5-24 5.4.3 Configuring the Sub-interface for dot1q VLAN Tag Termination......................................................5-24 5.4.4 Configuring the Sub-interface for QinQ VLAN Tag Termination......................................................5-25 5.4.5 Configuring the IP Service...................................................................................................................5-25 5.4.6 Checking the Configuration.................................................................................................................5-26 5.5 Configuring the Sub-interface for VLAN Tag Termination to Access the Multicast Service......................5-27 5.5.1 Establishing the Configuration Task....................................................................................................5-28 5.5.2 Configuring the Interface Mode as the User-Termination Mode.........................................................5-29 5.5.3 Configuring the Sub-interface for dot1q VLAN Tag Termination......................................................5-29 5.5.4 Configuring the Sub-interface for QinQ VLAN Tag Termination......................................................5-30 5.5.5 Configuring the Multicast Service.......................................................................................................5-31 5.5.6 Checking the Configuration.................................................................................................................5-32 5.6 Configuring the Sub-interface for VLAN Tag Termination to Access the VPN Service.............................5-33 5.6.1 Establishing the Configuration Task....................................................................................................5-34 5.6.2 Configuring the Interface Mode as the User-Termination Mode.........................................................5-35 5.6.3 Configuring the Sub-interface for dot1q VLAN Tag Termination......................................................5-36 5.6.4 Configuring the Sub-interface for QinQ VLAN Tag Termination......................................................5-37 5.6.5 Configuring the VPN Service..............................................................................................................5-39 5.6.6 Checking the Configuration.................................................................................................................5-40 5.7 Configuring the Sub-interface for VLAN Tag Termination to Access the MPLS Service..........................5-44 5.7.1 Establishing the Configuration Task....................................................................................................5-45 5.7.2 Configuring the Interface Mode as the User-Termination Mode.........................................................5-46 5.7.3 Configuring the Sub-interface for dot1q VLAN Tag Termination......................................................5-46 5.7.4 Configuring the Sub-interface for QinQ VLAN Tag Termination......................................................5-47 5.7.5 Configuring the MPLS Service............................................................................................................5-48 5.7.6 Checking the Configuration.................................................................................................................5-48 5.8 Configuring the Sub-interface for QinQ VLAN Tag Termination to Support 802.1p Mapping..................5-49 5.8.1 Establishing the Configuration Task....................................................................................................5-49 5.8.2 Configuring the Interface Mode as the User-Termination Mode.........................................................5-50 5.8.3 Configuring the Sub-interface for QinQ VLAN Tag Termination to Support 802.1p Mapping.........5-51 5.8.4 Checking the Configuration.................................................................................................................5-51 5.9 Configuring the Sub-interface for QinQ Stacking to Access an L2VPN......................................................5-52 5.9.1 Establishing the Configuration Task....................................................................................................5-52 Issue 01 (2011-05-30) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xi
Contents
HUAWEI CX600 Metro Services Platform Configuration Guide - LAN Access and MAN Access 5.9.2 Configuring the Interface Mode as the User-Termination Mode.........................................................5-53 5.9.3 Configuring the Sub-interface for VLAN Stacking.............................................................................5-54 5.9.4 Configuring the L2VPN.......................................................................................................................5-55 5.9.5 Checking the Configuration.................................................................................................................5-56
5.10 Configuring Dynamic QinQ........................................................................................................................5-60 5.10.1 Establishing the Configuration Task..................................................................................................5-61 5.10.2 Configuring the Interface Mode as the User-Termination Mode.......................................................5-62 5.10.3 Configuring Dynamic QinQ...............................................................................................................5-62 5.10.4 Configuring DHCP Snooping............................................................................................................5-63 5.10.5 Checking the Configuration...............................................................................................................5-64 5.11 Configuring the Sub-interface for QinQ VLAN Tag Termination to Support URPF.................................5-65 5.11.1 Establishing the Configuration Task..................................................................................................5-65 5.11.2 Configuring the Ethernet Interface of the PE.....................................................................................5-66 5.11.3 Configuring the Ethernet Sub-interface of the PE..............................................................................5-66 5.11.4 Configuring URPF on the Sub-interface for QinQ VLAN Tag Termination....................................5-67 5.11.5 Checking the Configuration...............................................................................................................5-67 5.12 Configuring the User-Side QinQ.................................................................................................................5-68 5.12.1 Establishing the Configuration Task..................................................................................................5-68 5.12.2 Creating a User-Side VLAN..............................................................................................................5-69 5.12.3 Checking the Configuration...............................................................................................................5-70 5.13 Configuring VLAN Tag-based or VLAN Tag+802.1p-based Traffic Interruption....................................5-70 5.13.1 Establishing the Configuration Task..................................................................................................5-70 5.13.2 Setting the Interface Mode to user-termination..................................................................................5-71 5.13.3 Configuring VLAN Tag-based or VLAN Tag+802.1p-based Traffic Interruption...........................5-72 5.14 Maintaining QinQ.......................................................................................................................................5-72 5.14.1 Clearing QinQ Statistics.....................................................................................................................5-72 5.14.2 Monitoring the Operating Status of the Termination Sub-interface...................................................5-73 5.15 Configuration Examples..............................................................................................................................5-73 5.15.1 Example for Configuring the QinQ Tunnel.......................................................................................5-77 5.15.2 Example for Configuring Selective QinQ on a Layer 2 Interface......................................................5-81 5.15.3 Example for Configuring Compatibility of the EthType Field in the Outer Tag of QinQ Packets .......................................................................................................................................................................5-84 5.15.4 Example for Configuring the Sub-interface for dot1q VLAN Tag Termination to Support Proxy ARP .......................................................................................................................................................................5-86 5.15.5 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support Proxy ARP .......................................................................................................................................................................5-88 5.15.6 Example for Configuring the Sub-interface for dot1q VLAN Tag Termination to Support VRRP .......................................................................................................................................................................5-92 5.15.7 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support VRRP .....................................................................................................................................................................5-100 5.15.8 Example for Configuring the Sub-interface for dotlq and QinQ VLAN Tag Termination to Access an L3VPN........................................................................................................................................................5-112 5.15.9 Example for Configuring the Dot1q Termination Sub-interface to Access the VLL......................5-125
xii
Issue 01 (2011-05-30)
Contents
5.15.10 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Access a VLL .....................................................................................................................................................................5-134 5.15.11 Example for Configuring the Sub-interface for dot1q and QinQ VLAN Tag Termination to Access a VPLS...........................................................................................................................................................5-143 5.15.12 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Access a VPLS Network.......................................................................................................................................................5-154 5.15.13 Example for Configuring a Sub-interface for QinQ VLAN Tag Termination to Support the Local Connection..................................................................................................................................................5-168 5.15.14 Example for Configuring the Sub-interface for dot1q VLAN Tag Termination to Support the DHCP Relay Function............................................................................................................................................5-173 5.15.15 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support the DHCP Relay Function............................................................................................................................................5-177 5.15.16 Example for Configuring Dynamic QinQ......................................................................................5-182 5.15.17 Example for Configuring the Sub-interface for VLAN Stacking to Access a VLL......................5-190 5.15.18 Example for Configuring the Sub-interface for QinQ VLAN Stacking to Access a VPLS Network .....................................................................................................................................................................5-200 5.15.19 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support URPF .....................................................................................................................................................................5-213 5.15.20 Example for Configuring the dot1q Termination Sub-interface in a VSI to Support IGMP Snooping .....................................................................................................................................................................5-215 5.15.21 Example for Configuring the QinQ Termination Sub-interface in a VSI to Support IGMP Snooping .....................................................................................................................................................................5-223 5.15.22 Example for Configuring the dot1q Termination Sub-interface to Support IGMP and Access an L3VPN .....................................................................................................................................................................5-231 5.15.23 Example for Configuring the QinQ Termination Sub-interface to Support IGMP and Access an L3VPN .....................................................................................................................................................................5-241 5.15.24 Example for Configuring the QinQ Termination Sub-interface to Support Single-AS MD VPN .....................................................................................................................................................................5-249 5.15.25 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support MPLS TE .....................................................................................................................................................................5-260 5.15.26 Example for Configuring the User-Side QinQ...............................................................................5-268 5.15.27 Example for Configuring VLAN+802.1p for L2VPN Access (on a Sub-interface for Dot1q VLAN Tag Termination)................................................................................................................................................5-269 5.15.28 Example for Configuring VLAN+EthType for L2VPN Access (on a Sub-interface for Dot1q VLAN Tag Termination).........................................................................................................................................5-276 5.15.29 Example for Configuring VLAN+DSCP for L2VPN Access (on a Sub-interface for Dot1q VLAN Tag Termination)................................................................................................................................................5-284 5.15.30 Example for Configuring QinQ Stacking Sub-interface+802.1p for L2VPN Access...................5-291 5.15.31 Example for Configuring Stacking Sub-interface+EthType for L2VPN Access..........................5-298 5.15.32 Example for Configuring Stacking Sub-interface+DSCP for L2VPN Access..............................5-305 5.15.33 Example for Configuring VLAN+802.1p for L3VPN Access (on a Sub-interface for Dot1q VLAN Tag Termination)................................................................................................................................................5-312 5.15.34 Example for Configuring VLAN+DSCP for L3VPN Access (on a Sub-interface for Dot1q VLAN Tag Termination)................................................................................................................................................5-323
6 STP/RSTP Configuration..........................................................................................................6-1
6.1 STP/RSTP Overview.......................................................................................................................................6-2 6.1.1 STP/RSTP Overview..............................................................................................................................6-2 Issue 01 (2011-05-30) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xiii
Contents
HUAWEI CX600 Metro Services Platform Configuration Guide - LAN Access and MAN Access 6.1.2 STP/RSTP Features Supported by the CX600.......................................................................................6-7
6.2 Configuring Basic STP/RSTP Functions........................................................................................................6-9 6.2.1 Establishing the Configuration Task....................................................................................................6-10 6.2.2 Configuring the STP/RSTP Mode........................................................................................................6-12 6.2.3 (Optional) Configuring Switching Device Priorities........................................................................... 6-12 6.2.4 (Optional) Setting the Path Cost for a Port.......................................................................................... 6-13 6.2.5 (Optional) Configuring Port Priorities................................................................................................. 6-14 6.2.6 Enabling STP/RSTP.............................................................................................................................6-15 6.2.7 Checking the Configuration.................................................................................................................6-15 6.3 Configuring STP/RSTP Parameters on an Interface.....................................................................................6-17 6.3.1 Establishing the Configuration Task....................................................................................................6-19 6.3.2 Setting System Parameters...................................................................................................................6-20 6.3.3 Setting Port Parameters........................................................................................................................6-21 6.3.4 Checking the Configuration.................................................................................................................6-23 6.4 Configuring RSTP Protection Functions.......................................................................................................6-24 6.4.1 Establishing the Configuration Task....................................................................................................6-24 6.4.2 Configuring BPDU Protection on a Switching Device........................................................................6-26 6.4.3 Configuring TC Protection on a Switching Device............................................................................. 6-27 6.4.4 Configuring Root Protection on a Port.................................................................................................6-28 6.4.5 Configuring Loop Protection on a Port................................................................................................6-29 6.4.6 Checking the Configuration.................................................................................................................6-30 6.5 Configuring STP/RSTP Interoperability Between Huawei Devices and Non-Huawei Devices.................. 6-31 6.5.1 Establishing the Configuration Task....................................................................................................6-31 6.5.2 Configuring the BPDU Format on a Switching Device.......................................................................6-32 6.5.3 Configuring the Proposal/Agreement Mechanism...............................................................................6-33 6.5.4 Checking the Configuration.................................................................................................................6-34 6.6 Maintaining STP/RSTP.................................................................................................................................6-34 6.6.1 Clearing STP/RSTP Statistics..............................................................................................................6-34 6.7 Configuration Examples................................................................................................................................6-35 6.7.1 Example for Configuring Basic STP Functions...................................................................................6-35 6.7.2 Example for Configuring Basic RSTP Functions................................................................................6-41
7 MSTP Configuration.................................................................................................................7-1
7.1 MSTP Overview..............................................................................................................................................7-3 7.1.1 MSTP Introduction.................................................................................................................................7-3 7.1.2 MSTP Features Supported by the CX600............................................................................................7-11 7.2 Configuring Basic MSTP Functions.............................................................................................................7-16 7.2.1 Establishing the Configuration Task....................................................................................................7-17 7.2.2 Configuring the MSTP Mode...............................................................................................................7-19 7.2.3 Configuring and Activating an MST Region.......................................................................................7-19 7.2.4 (Optional) Setting a Priority for a Switching Device in an MSTI....................................................... 7-21 7.2.5 (Optional) Setting a Path Cost of a Port in an MSTI........................................................................... 7-22 7.2.6 (Optional) Setting a Port Priority in an MSTI......................................................................................7-23 xiv Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2011-05-30)
Contents
7.2.7 Enabling MSTP....................................................................................................................................7-24 7.2.8 Checking the Configuration.................................................................................................................7-25 7.3 Configuring MSTP Multi-process.................................................................................................................7-26 7.3.1 Establishing the Configuration Task....................................................................................................7-27 7.3.2 Creating an MSTP Process...................................................................................................................7-28 7.3.3 Adding an Interface to an MSTP Process - Access Links....................................................................7-28 7.3.4 Adding an Interface to an MSTP Process - Share Link.......................................................................7-29 7.3.5 Configuring Priorities and Root Protection in MSTP Multi-process...................................................7-30 7.3.6 Configuring TC Notification in MSTP Multi-process.........................................................................7-30 7.3.7 Checking the Configuration.................................................................................................................7-31 7.4 Configuring MSTP Parameters on an Interface............................................................................................7-31 7.4.1 Establishing the Configuration Task....................................................................................................7-32 7.4.2 Configuring System Parameters...........................................................................................................7-33 7.4.3 Configuring Port Parameters................................................................................................................7-34 7.4.4 Checking the Configuration.................................................................................................................7-36 7.5 Configuring MSTP Protection Functions......................................................................................................7-37 7.5.1 Establishing the Configuration Task....................................................................................................7-37 7.5.2 Configuring BPDU Protection on a Switching Device........................................................................7-40 7.5.3 Configuring TC Protection on a Switching Device.............................................................................7-40 7.5.4 Configuring Root Protection on an Interface.......................................................................................7-41 7.5.5 Configuring Loop Protection on an Interface.......................................................................................7-42 7.5.6 Configuring Share-Link Protection on a Switching Device.................................................................7-43 7.5.7 Checking the Configuration.................................................................................................................7-44 7.6 Configuring MSTP Interoperability Between Huawei Devices and Non-Huawei Devices.........................7-45 7.6.1 Establishing the Configuration Task....................................................................................................7-46 7.6.2 Configuring the BPDU Format on a Switching Device.......................................................................7-46 7.6.3 Configuring a Proposal/Agreement Mechanism..................................................................................7-47 7.6.4 Configuring the MSTP Protocol Packet Format on an Interface.........................................................7-48 7.6.5 Binding VLANs for an Interface to an MSTP Process........................................................................7-49 7.6.6 Enabling the Digest Snooping Function...............................................................................................7-50 7.6.7 Checking the Configuration.................................................................................................................7-51 7.7 Maintaining MSTP........................................................................................................................................7-52 7.7.1 Clearing MSTP Statistics.....................................................................................................................7-52 7.8 Configuration Examples................................................................................................................................7-52 7.8.1 Example for Configuring Basic MSTP Functions...............................................................................7-53 7.8.2 Example for Configuring MSTP Multi-process...................................................................................7-62 7.8.3 Example for Configuring MSTP Multi-process for Layer 2 Single-Access Rings and Layer 2 Multi-Access Rings..............................................................................................................................................................7-72 7.8.4 Example for Configuring E-STP - Inter-AS Option A (Martini Mode)..............................................7-79 7.8.5 Example for Configuring E-STP - Inter-AS PW Interconnection (Martini Mode).............................7-93 7.8.6 Example for Configuring E-STP for CE Dual-Homing.....................................................................7-108
8 BPDU Tunnel Configuration...................................................................................................8-1

Issue 01 (2011-05-30) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xv
Contents
8.1 BPDU Tunnel Overview.................................................................................................................................8-2 8.1.1 Introduction to BPDU............................................................................................................................8-2 8.1.2 BPDU Tunnel Features Supported by the CX600.................................................................................8-4 8.2 Configuring Interface-based BPDU Tunnels..................................................................................................8-9 8.2.1 Establishing the Configuration Task......................................................................................................8-9 8.2.2 Enabling STP function on the PEs and the CEs...................................................................................8-10 8.2.3 Adding the Interfaces of the PE Connected with the CE to a Specified VLAN..................................8-10 8.2.4 Configuring Interface-based BPDU Tunnel.........................................................................................8-11 8.2.5 Configuring PE Interfaces Connecting PSNs to Permit Packets with Specified Tags.........................8-13 8.2.6 Checking the Configuration.................................................................................................................8-13 8.3 Configuring VLAN-based BPDU Tunnels...................................................................................................8-14 8.3.1 Establishing the Configuration Task....................................................................................................8-15 8.3.2 Enabling the STP Function on CEs and PEs........................................................................................8-15 8.3.3 Configuring BPDUs from CEs to PEs to Carry Specified Tags..........................................................8-16 8.3.4 Configuring VLAN-based BPDU Tunnel............................................................................................8-17 8.3.5 Configuring PE Interfaces Connecting PSN to Permit Packets with Specified Tags..........................8-19 8.3.6 Checking the Configuration.................................................................................................................8-19 8.4 Configuring QinQ-based BPDU Tunnels..................................................................................................... 8-21 8.4.1 Establishing the Configuration Task....................................................................................................8-21 8.4.2 Enabling the STP Function on CEs and PEs........................................................................................8-22 8.4.3 Configuring the BPDUs from CEs to PEs to Carry the Specified Tags.............................................. 8-22 8.4.4 Configuring QinQ-based BPDU Tunnel..............................................................................................8-23 8.4.5 Configuring PE Interfaces Connecting PSNs to Permit the Packets with Specified Tags...................8-25 8.4.6 Checking the Configuration.................................................................................................................8-26 8.5 Configuration Examples................................................................................................................................8-27 8.5.1 Example for Configuring Interface-based BPDU Tunnel (Devices of Different Roles).....................8-28 8.5.2 Example for Configuring Interface-based BPDU Tunnel (Devices of the Same Role).......................8-35 8.5.3 Example for Configuring VLAN-based Tunnel of BPDUs.................................................................8-42 8.5.4 Example for Configuring Tunnel of BPDUs Based on QinQ..............................................................8-49
9 RRPP Configuration..................................................................................................................9-1
9.1 RRPP Introduction..........................................................................................................................................9-3 9.1.1 Overview of RRPP.................................................................................................................................9-3 9.1.2 RRPP Features Supported by the CX600...............................................................................................9-3 9.2 Configuring RRPP Functions..........................................................................................................................9-7 9.2.1 Establishing the Configuration Task......................................................................................................9-8 9.2.2 Creating the RRPP Domain....................................................................................................................9-9 9.2.3 Creating the Control VLAN...................................................................................................................9-9 9.2.4 (Optional) Setting the Values of RRPP Domain Timers......................................................................9-10 9.2.5 Configuring the Ports on a RRPP Ring................................................................................................9-11 9.2.6 Creating the RRPP Ring.......................................................................................................................9-12 9.2.7 Enabling the RRPP Ring......................................................................................................................9-13 9.2.8 Enabling RRPP.....................................................................................................................................9-14 xvi Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2011-05-30)
Contents
9.2.9 Checking the Configuration.................................................................................................................9-14 9.3 Configuring the Monitoring Interface...........................................................................................................9-15 9.3.1 Establishing the Configuration Task....................................................................................................9-16 9.3.2 Configuring the Monitoring Interface..................................................................................................9-17 9.3.3 Checking the Configuration.................................................................................................................9-18 9.4 Configuring RRPP Snooping........................................................................................................................9-18 9.4.1 Establishing the Configuration Task....................................................................................................9-19 9.4.2 Enabling RRPP Snooping....................................................................................................................9-20 9.4.3 (Optional) Configuring the VSI Associated with the RRPP Snooping................................................9-21 9.4.4 Checking the Configuration.................................................................................................................9-21 9.5 Maintaining RRPP.........................................................................................................................................9-22 9.5.1 Clearing RRPP Running Information..................................................................................................9-22 9.6 Configuration Examples................................................................................................................................9-23 9.6.1 Example for Configuring a Single RRPP Ring....................................................................................9-23 9.6.2 Example for Configuring a Crossed RRPP Ring.................................................................................9-28 9.6.3 Example for Configuring a Tangent RRPP Ring.................................................................................9-36 9.6.4 Example for Configuring a Crossed RRPP Ring to Connect Dual NPE.............................................9-44 9.6.5 Example for Configuring the RRPP Snooping....................................................................................9-59
A Glossary.....................................................................................................................................A-1 B Acronyms and Abbreviations.................................................................................................B-1
Issue 01 (2011-05-30)
xvii
Figures
Figures
Figure 1-1 Networking diagram of configuring the MAC address table based on the interface and VLAN .............................................................................................................................................................................1-16 Figure 1-2 Networking diagram of configuring the MAC address table based on the dot1q termination sub-interface and VSI................................................................................................................................................................1-19 Figure 1-3 Networking diagram of configuring the MAC address table based on the qinq termination sub-interface and VSI................................................................................................................................................................1-27 Figure 1-4 Networking diagram of configuring the MAC address table based on the VLANIF interface and VSI .............................................................................................................................................................................1-36 Figure 1-5 Networking diagram of configuring the MAC address table based on the VLAN and Layer 2 VE interface...............................................................................................................................................................1-45 Figure 2-1 Typical application of a Layer 2 Ethernet sub-interface (VRRP + TE tunnel)..................................2-4 Figure 2-2 Schematic diagram of the Smart Link in the normal state..................................................................2-5 Figure 2-3 Schematic diagram in which the active Smart link fails.....................................................................2-6 Figure 2-4 Networking diagram of Ethernet interface configuration.................................................................2-25 Figure 2-5 Networking diagram of configuring equipment to process Smart Link packets..............................2-28 Figure 3-1 Actor determines active links in static LACP mode...........................................................................3-4 Figure 3-2 Application of Layer 2 Eth-Trunk sub-interfaces (Eth-Trunk ring network).....................................3-7 Figure 3-3 Networking diagram for link aggregation in manual load balancing mode.......................................3-9 Figure 3-4 Networking diagram for link aggregation in 1:1 active/standby mode............................................3-14 Figure 3-5 Networking diagram for link aggregation in static LACP mode......................................................3-21 Figure 3-6 Typical networking for a CE dual-homed to UPEs..........................................................................3-32 Figure 3-7 Networking diagram of E-Trunk......................................................................................................3-58 Figure 3-8 Networking diagram for link aggregation in manual load balancing mode.....................................3-68 Figure 3-9 Networking diagram for configuring link aggregation in 1:1 active/standby mode........................ 3-71 Figure 3-10 Networking diagram for link aggregation in static LACP mode....................................................3-76 Figure 3-11 Typical networking for associating an Eth-Trunk interface in static LACP mode with an mVRRP backup group.......................................................................................................................................................3-80 Figure 3-12 Example for configuring Eth-Trunk interfaces in static LACP mode to communicate over a VLL network................................................................................................................................................................3-91 Figure 3-13 Configuring a Layer 2 Eth-Trunk interface to allow VLAN frames to pass through...................3-100 Figure 3-14 Networking diagram for configuring a Layer 3 Eth-Trunk interface...........................................3-102 Figure 3-15 Networking diagram for configuring VLANs to communicate by using Eth-Trunk sub-interfaces ...........................................................................................................................................................................3-105 Figure 3-16 Networking diagram for Connecting an E-Trunk to a VPLS Network........................................3-109 Figure 3-17 Networking diagram for Connecting an E-Trunk to PW Redundancy.........................................3-121 Issue 01 (2011-05-30) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xix
Figures
HUAWEI CX600 Metro Services Platform Configuration Guide - LAN Access and MAN Access Figure 4-1 Schematic diagram for a typical VLAN application..........................................................................4-4
Figure 4-2 Conventional Ethernet frame format..................................................................................................4-4 Figure 4-3 802.1Q frame format..........................................................................................................................4-5 Figure 4-4 Schematic diagram for VLAN links...................................................................................................4-6 Figure 4-5 Networking diagram for configuring a VLAN Based on Ports........................................................4-16 Figure 4-6 Networking diagram for configuring sub-interfaces for inter-VLAN communication....................4-28 Figure 4-7 Networking diagram for configuring VLANIF interfaces for inter-VLAN communication ..........4-30 Figure 4-8 Networking diagram for configuring VLAN mapping for inter-VLAN communication................4-31 Figure 4-9 Networking diagram for disabling MAC address learning in a VLAN............................................4-38 Figure 4-10 Networking diagram for enabling flexible MAC address learning in a VLAN.............................4-40 Figure 4-11 Typical networking diagram for VLAN aggregation.....................................................................4-43 Figure 4-12 Networking diagram for multiple types of services sharing one VLAN ID...................................4-49 Figure 4-13 Networking diagram for VLAN+802.1p-based L2VPN access.....................................................4-51 Figure 4-14 Networking diagram for VLAN+DSCP-based L2VPN access......................................................4-51 Figure 4-15 Networking diagram of configuring Ethernet loop detection for a VLAN....................................4-59 Figure 4-16 Networking diagram for configuring users in a VLAN to communicate by using a trunk link.....4-65 Figure 4-17 Networking diagram for configuring inter-VLAN communication by using sub-interfaces.........4-70 Figure 4-18 Networking diagram for configuring VLAN and non-VLAN users to communicate by using subinterfaces.............................................................................................................................................................4-74 Figure 4-19 Networking diagram for configuring inter-VLAN communication by using VLANIF interfaces .............................................................................................................................................................................4-77 Figure 4-20 Networking diagram for configuring 1 to 1 VLAN mapping.........................................................4-81 Figure 4-21 Networking diagram of configuring communication between VLANs through VLAN aggregation .............................................................................................................................................................................4-85 Figure 4-22 Networking diagram for VLAN+802.1p-based L2VPN access.....................................................4-89 Figure 4-23 Networking diagram for VLAN+DSCP-based L2VPN access......................................................4-95 Figure 4-24 Networking diagram of VLAN+EthType-based L2VPN access.................................................4-101 Figure 4-25 Networking diagram for VLAN+DSCP-based L3VPN access....................................................4-107 Figure 4-26 Networking diagram of VLAN+802.1p-based L3VPN access....................................................4-116 Figure 4-27 Networking diagram for untagged+DSCP-based L3VPN access................................................4-125 Figure 4-28 Networking diagram of configuring interface isolation in a VLAN............................................4-133 Figure 4-29 Networking diagram of configuring the isolation based on interface groups in a VLAN...........4-135 Figure 4-30 Networking diagram of configuring Ethernet loop detection for a VLAN..................................4-138 Figure 5-1 Intercommunication between Layer 2 LANs on the basis of the traditional IEEE 802.1Q protocol ...............................................................................................................................................................................5-3 Figure 5-2 802.1 encapsulation............................................................................................................................5-4 Figure 5-3 Compatibility of Etypes in the outer TPIDs of QinQ packets............................................................5-5 Figure 5-4 Compatibility of ETypes in the outer TPIDs of QinQ packets...........................................................5-5 Figure 5-5 Networking diagram of service deployment on the sub-interface for QinQ/dot1q VLAN tag termination ...............................................................................................................................................................................5-8 Figure 5-6 Networking diagram for dynamic QinQ...........................................................................................5-12 Figure 5-7 Typical networking diagram of the QinQ tunnel..............................................................................5-78 Figure 5-8 Typical networking diagram of Layer 2 selective QinQ..................................................................5-81
xx
Issue 01 (2011-05-30)
Figures
Figure 5-9 Networking diagram of configuring the compatibility of the EthType field in the outer tag of QinQ packets.................................................................................................................................................................5-84 Figure 5-10 Typical networking diagram of configuring the sub-interface for dot1q VLAN tag termination to support proxy ARP..............................................................................................................................................5-86 Figure 5-11 Typical networking diagram of configuring the sub-interface for QinQ VLAN tag termination to support proxy ARP..............................................................................................................................................5-89 Figure 5-12 Typical networking diagram of configuring the sub-interface for dot1q VLAN tag termination to support VRRP..................................................................................................................................................... 5-93 Figure 5-13 Typical networking diagram of configuring the sub-interface for QinQ VLAN tag termination to support VRRP...................................................................................................................................................5-101 Figure 5-14 Typical networking diagram of configuring the sub-interface for dot1q and QinQ VLAN tag termination to access an L3VPN.......................................................................................................................5-113 Figure 5-15 Networking diagram of configuring the Dot1q termination sub-interface to access the VLL.....5-126 Figure 5-16 Typical networking diagram of configuring the sub-interface for QinQ VLAN tag termination to access a VLL................................................................................................................................................................5-135 Figure 5-17 Typical networking diagram of configuring the sub-interface for dot1q and QinQ VLAN tag termination to access VPLS..............................................................................................................................5-144 Figure 5-18 Typical networking diagram of configuring the sub-interface for QinQ VLAN tag termination to access a VPLS Network...............................................................................................................................................5-155 Figure 5-19 QinQ termination sub-interface supporting the local switching...................................................5-168 Figure 5-20 Typical networking diagram of configuring the sub-interface for dot1q VLAN tag termination to support the DHCP relay function......................................................................................................................5-174 Figure 5-21 Typical networking diagram of configuring the sub-interface for QinQ VLAN tag termination to support the DHCP relay function......................................................................................................................5-178 Figure 5-22 Networking diagram of dynamic QinQ........................................................................................5-184 Figure 5-23 Typical networking diagram of configuring the sub-interface for VLAN stacking to access a VLL ...........................................................................................................................................................................5-191 Figure 5-24 Typical networking diagram of configuring the sub-interface for VLAN stacking to access VPLS ...........................................................................................................................................................................5-201 Figure 5-25 Typical networking diagram of configuring the sub-interface for QinQ VLAN tag termination to support URPF....................................................................................................................................................5-213 Figure 5-26 Networking diagram of configuring the sub-interface for dot1q VLAN tag termination in a VSI to support IGMP snooping....................................................................................................................................5-216 Figure 5-27 Networking diagram of configuring the sub-interface for QinQ VLAN tag termination to support IGMP snooping in a VPLS network.................................................................................................................5-224 Figure 5-28 Networking diagram of configuring the dot1q termination sub-interface to support IGMP and access an L3VPN..........................................................................................................................................................5-232 Figure 5-29 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support IGMP and Access an L3VPN.............................................................................................................................................5-242 Figure 5-30 Networking diagram of configuring single-AS MD VPN............................................................5-250 Figure 5-31 Networking for configuring the sub-interface for QinQ VLAN tag termination to support MPLS TE ...........................................................................................................................................................................5-261 Figure 5-32 Networking of configuring user-side QinQ VLAN......................................................................5-268 Figure 5-33 Networking diagram of VLAN+802.1p for L2VPN access (on a sub-interface for Dot1q VLAN tag termination).......................................................................................................................................................5-270 Figure 5-34 Networking diagram of VLAN+EthType for L2VPN access (on a sub-interface for Dot1q VLAN tag termination).......................................................................................................................................................5-277
Issue 01 (2011-05-30)
xxi
Figures
HUAWEI CX600 Metro Services Platform Configuration Guide - LAN Access and MAN Access Figure 5-35 Networking diagram of VLAN+DSCP for L2VPN access (on a sub-interface for Dot1q VLAN tag termination).......................................................................................................................................................5-284
Figure 5-36 Networking diagram of QinQ stacking sub-interface+802.1p-based L2VPN access..................5-292 Figure 5-37 Networking diagram of QinQ stacking sub-interface+EthType-based L2VPN access...............5-299 Figure 5-38 Networking diagram of QinQ stacking sub-interface+DSCP-based L2VPN access...................5-306 Figure 5-39 Networking diagram of VLAN+802.1p-based L3VPN access....................................................5-313 Figure 5-40 Networking diagram of VLAN+DSCP-based L3VPN access.....................................................5-324 Figure 6-1 Diagram of port roles.........................................................................................................................6-4 Figure 6-2 Diagram of a ring network................................................................................................................6-11 Figure 6-3 Networking diagram of configuring basic STP functions................................................................6-36 Figure 6-4 Networking diagram of configuring basic RSTP functions.............................................................6-42 Figure 7-1 Multiple spanning trees in an MST region.........................................................................................7-5 Figure 7-2 MST region........................................................................................................................................7-6 Figure 7-3 MSTI..................................................................................................................................................7-7 Figure 7-4 MSTP network...................................................................................................................................7-8 Figure 7-5 Port roles..........................................................................................................................................7-10 Figure 7-6 Networking diagram of MSTP multi-process..................................................................................7-14 Figure 7-7 Networking diagram of configuring basic MSTP functions.............................................................7-18 Figure 7-8 Networking diagram of MSTP multi-process..................................................................................7-27 Figure 7-9 Networking diagram of configuring basic MSTP functions.............................................................7-54 Figure 7-10 Networking for MSTP multi-process.............................................................................................7-63 Figure 7-11 Networking for MSTP multi-process for Layer 2 single-access rings and Layer 2 multi-access rings .............................................................................................................................................................................7-73 Figure 7-12 Networking diagram of configuring E-STP - inter-AS Option A (Martini mode).........................7-80 Figure 7-13 Networking diagram of configuring E-STP - inter-AS PW interconnection (Martini mode)........7-94 Figure 7-14 Networking diagram of configuring E-STP for CE dual-homing................................................7-109 Figure 8-1 Basic format of BPDU encapsulation.................................................................................................8-2 Figure 8-2 Transparent transmission of BPDUs in an ISP network.....................................................................8-3 Figure 8-3 Interface-based BPDU tunnels of different user networks.................................................................8-4 Figure 8-4 VLAN-based BPDU tunnel................................................................................................................8-6 Figure 8-5 IEEE 802.1Q encapsulation and QinQ encapsulation.......................................................................8-7 Figure 8-6 QinQ-based BPDU tunnel..................................................................................................................8-8 Figure 8-7 Networking diagram of interface-based BPDU tunnels (devices of different roles)........................8-29 Figure 8-8 Networking diagram of interface-based BPDU tunnels (device of the same role)..........................8-36 Figure 8-9 Typical networking diagram of configuring VLAN-based transparent transmission of BPDUs .............................................................................................................................................................................8-43 Figure 8-10 Networking diagram of QinQ-based BPDU tunnels......................................................................8-50 Figure 9-1 Application of crossed RRPP rings in the MAN................................................................................9-4 Figure 9-2 Networking diagram of Metro Ethernet RRPP solution.....................................................................9-6 Figure 9-3 Networking diagram of RRPP and VPLS..........................................................................................9-7 Figure 9-4 Networking diagram of the applicable environment of monitoring interfaces.................................9-16 Figure 9-5 Networking diagram of RRPP and VPLS........................................................................................9-19 Figure 9-6 Networking diagram of configuring a single RRPP ring.................................................................9-24 xxii Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2011-05-30)
Figures
Figure 9-7 Networking diagram of a crossed RRPP ring...................................................................................9-28 Figure 9-8 Networking diagram of configuring a tangent RRPP ring...............................................................9-37 Figure 9-9 Networking diagram of configuring the monitoring interface.........................................................9-45 Figure 9-10 Networking diagram of configuring the RRPP snooping...............................................................9-60
Issue 01 (2011-05-30)
xxiii
Tables
Tables
Table 4-1 Port types..............................................................................................................................................4-7 Table 4-2 Schemes for inter-VLAN communication.........................................................................................4-11 Table 4-3 Security schemes for VLANs.............................................................................................................4-12 Table 4-4 VLAN policies...................................................................................................................................4-14 Table 4-5 Port types............................................................................................................................................4-17 Table 4-6 Schemes for inter-VLAN communication.........................................................................................4-26 Table 4-7 Security schemes for VLANs.............................................................................................................4-35 Table 5-1 Differences among types of interfaces.................................................................................................5-6 Table 5-2 Packet processing on the inbound interface.........................................................................................5-7 Table 5-3 Packet processing on the outbound interface.......................................................................................5-8 Table 5-4 Services supported by the sut-interface for QinQ/dot1q VLAN tag termination................................5-9 Table 5-5 Packet processing on the inbound interface.......................................................................................5-38 Table 5-6 Packet processing on the outbound interface.....................................................................................5-38 Table 5-7 Configuration information about interfaces.....................................................................................5-250 Table 5-8 Networking requirements of Single-AS MD VPN solution............................................................5-251 Table 6-1 STP port state.......................................................................................................................................6-5 Table 6-2 RSTP port state....................................................................................................................................6-5 Table 6-3 Comparison between STP, RSTP, and MSTP.....................................................................................6-6 Table 6-4 RSTP Protection Function....................................................................................................................6-8 Table 6-5 Mappings between link rates and path cost values............................................................................6-13 Table 6-6 Parameters affecting the STP/RSTP topology convergence..............................................................6-17 Table 6-7 RSTP Protection Function..................................................................................................................6-25 Table 7-1 Comparison between STP, RSTP, and MSTP.....................................................................................7-4 Table 7-2 Port roles..............................................................................................................................................7-9 Table 7-3 Port status...........................................................................................................................................7-11 Table 7-4 Relationships between port roles and port status...............................................................................7-11 Table 7-5 MSTP protection................................................................................................................................7-12 Table 7-6 Mapping between link rates and path cost values..............................................................................7-22 Table 7-7 MSTP protection................................................................................................................................7-38 Table 8-1 Description of basic formats of fields in BPDU packets.....................................................................8-2
Issue 01 (2011-05-30)
xxv
1 MAC Address Table Configuration
MAC Address Table Configuration
About This Chapter

Each workstation or server that is connected to the Ethernet interface on a device has a unique Medium Access Control (MAC) address. The MAC address table on the device contains the MAC addresses of all the other devices that are connected to this device. The MAC address table is used for data forwarding. 1.1 MAC Address Table Introduction A MAC address table is an interface-based Layer 2 forwarding table. It stores information about the MAC addresses learned by the device. 1.2 Configuring the MAC Address Table Based on the VLAN and Layer 2 Interface If user networks are connected through Layer 2 devices and do not forward data through Layer 3 routing, you can configure a MAC address table based on Layer 2 interfaces and VLANs for data forwarding. Thus, user networks can communicate with each other. 1.3 Configuring the MAC Address Table Based on the VSI and Layer 3 Interface If user networks are connected through a Virtual Private LAN Service (VPLS) network, you can configure a MAC address table based on Layer 3 interfaces and Virtual Switch Instances (VSIs). Thus, user networks can communicate with each other. 1.4 Configuring the Aging Time of a MAC Address Table After the network topology changes, dynamic MAC address entries are not automatically updated in time. As a result, a device cannot learn new MAC addresses and thus user traffic cannot be normally forwarded. To addresses this problem, you need to configure the aging time of MAC address entries. 1.5 Maintaining MAC Address Table This section provides commands used to maintain MAC address tables, including the command that is used to delete dynamic MAC address tables. 1.6 Configuration Examples This section lists networking requirements, configuration roadmap, and data preparation to describe the typical application scenarios of MAC address tables, and provides related configuration files.
Issue 01 (2011-05-30)
1-1
1.1 MAC Address Table Introduction

A MAC address table is an interface-based Layer 2 forwarding table. It stores information about the MAC addresses learned by the device. 1.1.1 MAC Address Table Overview MAC address entries can be classified into dynamic entries, static entries, and blackhole entries. 1.1.2 MAC Addresses Learning Limit Supported by the CX600 As the capacity of a MAC address table is limited, it is necessary to specify the maximum number of MAC addresses to be learned and limit the rate at which MAC addresses are learned. In this manner, you can control the number of access users and prevent malicious users from attacking user devices and networks through MAC addresses.
1.1.1 MAC Address Table Overview

MAC address entries can be classified into dynamic entries, static entries, and blackhole entries. All workstations and servers connected by the Ethernet interfaces of a device have unique MAC (Medium Access Control) address. The MAC address table on the device contains the information about the MAC addresses of all the devices connected by this device. MAC address entries are classified into the following types: l Dynamic entries Dynamic entries are learned and stored on interface boards. The dynamic entries expire and are lost after hot swapping or interface-board resetting, or device rebooting. l Static entries Static entries are configured by users. They are automatically delivered to each interface board. Static entries do not expire and are not lost after device rebooting, hot swapping, or interface-board resetting. l Blackhole entries Blackhole entries, configured by users, are used to discard frames containing specified MAC address. They are delivered to each interface board. The blackhole entries do not expire and are not lost after device rebooting, hot swapping or interface-board resetting.
1.1.2 MAC Addresses Learning Limit Supported by the CX600

As the capacity of a MAC address table is limited, it is necessary to specify the maximum number of MAC addresses to be learned and limit the rate at which MAC addresses are learned. In this manner, you can control the number of access users and prevent malicious users from attacking user devices and networks through MAC addresses. For the MAC address learning limit, refer to the HUAWEI CX600 Metro Services Platform Configuration Guide - Security.
1-2
Issue 01 (2011-05-30)
1.2 Configuring the MAC Address Table Based on the VLAN and Layer 2 Interface
If user networks are connected through Layer 2 devices and do not forward data through Layer 3 routing, you can configure a MAC address table based on Layer 2 interfaces and VLANs for data forwarding. Thus, user networks can communicate with each other. 1.2.1 Establishing the Configuration Task Before configuring a MAC address table based on Layer 2 interfaces and VLANs, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately. 1.2.2 Configuring MAC Address Entries To enhance the security of an interface and to prevent the invalid users from accessing the interface, the network administrator can manually configure static MAC address entries and bind MAC addresses to the interface, or discard the packets with specified destination MAC addresses. The interface to which the MAC addresses are bound must be a switched interface, and must be added to a specified VLAN, or the interface allows the packets with specified VLAN IDs to pass through. 1.2.3 Configuring MAC Address Entries Based on the Layer 2 VE Interface If the interface bound to the MAC address of a user device is a Virtual Ethernet (VE) interface, you can configure a MAC address table based on Layer 2 VE interfaces. In this manner, the packets with specific destination MAC addresses are forwarded by specified interfaces. 1.2.4 Checking the Configuration After the MAC address table based on Layer 2 interfaces and VLANs is successfully configured, you can view the destination MAC addresses, outbound interfaces, and MAC address types.
1.2.1 Establishing the Configuration Task

Before configuring a MAC address table based on Layer 2 interfaces and VLANs, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
Applicable Environment
NOTE
The ATM interface cannot be configured on the X1 and X2 models of the CX600.
Generally, a device automatically creates MAC address tables by learning source addresses. To enhance the security of an interface, network administrators can manually bind a MAC address and an interface in the table. This can prevent malicious users with counterfeit MAC address from logging in to the local device through other switches. To discard the frames to the specified destination MAC address, configure blackhole entries.
Pre-configuration Tasks
Before configuring the MAC address table based on the VLAN and Layer 2 interface, complete the following tasks:
Issue 01 (2011-05-30) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 1-3
l l l
Creating a VLAN Ensuring that the Layer 2 ports in the MAC address entries are added to the VLAN Ensuring that the mapping between the VE interface and the PVC of the ATM interface is established if the outbound interface is a VE interface
NOTE
For the configuration of the mapping between the VE interface and the PVC of the ATM interface, refer to the HUAWEI CX600 Metro Services Platform Configuration Guide - WAN Access.
Data Preparation
To configure the MAC address table based on the VLAN and Layer 2 interface, you need the following data. No. 1 2 3 Data MAC address Port number VLAN ID
1.2.2 Configuring MAC Address Entries

To enhance the security of an interface and to prevent the invalid users from accessing the interface, the network administrator can manually configure static MAC address entries and bind MAC addresses to the interface, or discard the packets with specified destination MAC addresses. The interface to which the MAC addresses are bound must be a switched interface, and must be added to a specified VLAN, or the interface allows the packets with specified VLAN IDs to pass through.
Procedure
Step 1 Run:
system-view
The system view is displayed. Step 2 Run:

mac-address static mac-address interface-type interface-number vlan vlan-id [ cevlan ce-vlan]
MAC address entries are added. Note the following: l You can add only unicast MAC addresses rather than multicast MAC addresses and special MAC addresses to a MAC address table. Special MAC addresses are reserved for special usage, such as MAC addresses of special packets. l The interface type can be physical interface such as Ethernet interface and GE interface, or logical interface such as Eth-Trunk interface and MAC-Tunnel. The interface specified in the mac-address static command must be a switched interface, serving as an outbound interface for Layer 2 forwarding.
1-4 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2011-05-30)
l The vlan-id must be associated with ports. That is, the VLAN contains the port. Alternatively, this interface allows the VLAN to pass through. l When ce-vlan is used, it indicates that the interface specified by interface-type interfacenumber is added to the specified VLAN in VLAN mapping mode. The parameter ce-vlan indicates the exterior VLAN ID in frames received by the port. l When ce-vlan is not used, it indicates that the interface specified by interface-type interfacenumber is added to the specified VLAN in port default, trunk, or VLAN stacking mode. l A maximum of 1024 non-dynamic entries can be added. Step 3 Run:
mac-address blackhole mac-address vlan vlan-id
The blackhole MAC address entry is configured. ----End
1.2.3 Configuring MAC Address Entries Based on the Layer 2 VE Interface

If the interface bound to the MAC address of a user device is a Virtual Ethernet (VE) interface, you can configure a MAC address table based on Layer 2 VE interfaces. In this manner, the packets with specific destination MAC addresses are forwarded by specified interfaces.
Context
NOTE
Do as follows on the CX device where the VLAN is created:
Procedure
Step 1 Run:
system-view

mac-address static mac-address virtual-ethernet interface-number atm interfacenumber pvc { pvc-name [ vpi | vci ] | vpi | vci } vlan vlan-id
MAC address entries are added. Note the following: l You can add only unicast MAC addresses rather than multicast MAC addresses and special MAC addresses to a MAC address table. Special MAC addresses are reserved for special usage, such as MAC addresses of special packets. l The VE interface must be a switched interface. In addition, the VE interface must be associated with the VLAN specified by vlan-id. That is, the VLAN contains this VE interface; or this VE interface is added to VLAN by default. l The mapping between the VE interface and the PVC of the ATM interface is established, and the VE interface is added to the specified VLAN. l A maximum of 1024 non-dynamic entries can be added. ----End
1.2.4 Checking the Configuration

After the MAC address table based on Layer 2 interfaces and VLANs is successfully configured, you can view the destination MAC addresses, outbound interfaces, and MAC address types.
Prerequisite
The configurations of the MAC address table based on the VLAN and layer 2 interface are complete.
Procedure
l l l l Run the display mac-address [ mac-address [ vlan vlan-id | vsi vsi-name | verbose ] ] command to check information about all MAC address entries. Run the display mac-address blackhole [ vlan vlan-id | vsi vsi-name ] to check information about black-hole MAC address entries. Run the display mac-address static [ vlan vlan-id | vsi vsi-name ] to check information about static MAC address entries. Run the following commands to check information about dynamic MAC address entries. Run the display mac-address dynamic verbose command. Run the display mac-address dynamic [ slot-id ] [ vlan vlan-id | vsi vsi-name | sourceslot source-slot-id | interface-type interface-number ] command. l Run the display mac-address summary command to check statistic information about MAC address entries.
----End
Example
Run the display mac-address command. You can view the information about the MAC address, the outbound interface corresponding to the MAC address, and the MAC address type. For example:
<HUAWEI> display mac-address MAC address table of slot 0: -------------------------------------------------------------------------------MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel -------------------------------------------------------------------------------0011-2233-4455 abc 1 GE1/0/1.10 static 2/0002-0002-0002 2 GE2/0/1 static -------------------------------------------------------------------------------Total matching items on slot 0 displayed = 2 MAC address table of slot 1: -------------------------------------------------------------------------------MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel -------------------------------------------------------------------------------0000-c102-0104 200 GE1/0/1 dynamic 0000-c102-0105 200 GE1/0/1 dynamic 0000-c102-0102 200 GE1/0/1 dynamic 0000-c102-0106 200 GE1/0/1 dynamic 0000-c102-0103 200 GE1/0/1 dynamic ------------------------------------------------------------------------------Total matching items on slot 1 displayed = 5
Run the display mac-address summary command to display all the statistics of the MAC address entries. Such as:
<HUAWEI> display mac-address summary ------------------------------------------------------------Slot Total Blackhole Static Dynamic Capacity FE ------------------------------------------------------------1 1 0 0 1 0 0 2 0 0 0 0 0 0 -------------------------------------------------------------
1.3 Configuring the MAC Address Table Based on the VSI and Layer 3 Interface
If user networks are connected through a Virtual Private LAN Service (VPLS) network, you can configure a MAC address table based on Layer 3 interfaces and Virtual Switch Instances (VSIs). Thus, user networks can communicate with each other. 1.3.1 Establishing the Configuration Task Before configuring a MAC address table based on Layer 3 interfaces and VSIs, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately. 1.3.2 Configuring MAC Address Entries To enhance the security of an interface and to prevent the invalid users from connecting to the interface, the network administrator can manually configure static MAC address entries and bind MAC addresses to the main interface or sub-interfaces, or discard the packets with specified destination MAC addresses. An interface that is bound to certain MAC addresses must be bound to a specified VSI. 1.3.3 Configuring MAC Address Entries Based on the VLANIF Interface The PEs that are connected to the VPLS network are Layer 2 switching devices with Layer 2 interfaces. To enable the packets from the PEs to be transmitted on the VPLS network, you need to configure VLANIF interfaces, and bind the VLANIF interfaces to VSIs to access the VPLS network. Configuring a MAC address table based on VLANIF interfaces can prevent invalid users from connecting to the device. 1.3.4 Checking the Configuration After the MAC address table based on Layer 3 interfaces and VSIs is successfully configured, you can view the destination MAC addresses, outbound interfaces, and MAC address types.

Before configuring a MAC address table based on Layer 3 interfaces and VSIs, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
NOTE
In a Virtual Private LAN Service (VPLS) network, provider edges (PEs) learn MAC addresses. A PE learns the MAC address of the remote PE through the pseudo wire (PW) and learns the MAC address of the customer edge (CE) that directly accesses the PE through the Attachment Circuit (AC). In this manner, the PE automatically establishes the MAC address table.
To improve the network security, configure the mapping between the MAC address of the CE and the PE interface in the MAC address table of the PE, that is, the static MAC address entries on the AC side. On the PE, binding a MAC address to an interface can prevent illegal users from accessing the network. To discard the frames to the specified destination MAC address, configure blackhole entries.
NOTE
For concepts and configurations in VPLS, refer to the "VPLS Configuration" in the HUAWEI CX600 Metro Services Platform Configuration Guide - VPN.
Before configuring the MAC address table based on the virtual switching instance (VSI) and Layer 3 interface, complete the following tasks: l l l Configuring the VPLS and binding the VSI to the outbound interface Establishing the mapping between the VE interface and the PVC of the ATM interface if the outbound interface is a VE interface Configuring the sub-interface with dot1q termination or QinQ termination or qinq stacking or vlan-type dot1q if the outbound interface is a sub-interface
NOTE
l For the configuration of the mapping between the VE interface and the PVC of the ATM interface, refer to the HUAWEI CX600 Metro Services Platform Configuration Guide - WAN Access. l For the configuration of dot1q termination or QinQ termination or qinq stacking on a sub-interface, refer to QinQ Configuration.
Data Preparation
To configure the MAC address table based on the VSI and Layer 3 interface, you need the following data. No. 1 2 3 4 5 Data VSI name MAC addresses Interface type and number PE VLAN ID CE VLAN ID
1.3.2 Configuring MAC Address Entries

To enhance the security of an interface and to prevent the invalid users from connecting to the interface, the network administrator can manually configure static MAC address entries and bind MAC addresses to the main interface or sub-interfaces, or discard the packets with specified destination MAC addresses. An interface that is bound to certain MAC addresses must be bound to a specified VSI.
Context
Do as follows on the equipment where the VSI is created:
Procedure
Step 1 Run:
system-view

mac-address static mac-address interface-type interface-number vsi vsi-name [ pevid pe-vid [ ce-vid ce-vid ] ]
MAC address entries are added. Note the following: l You can add only unicast MAC addresses rather than multicast MAC addresses and special MAC addresses to a MAC address table. Special MAC addresses are reserved for special usage, such as MAC addresses of special packets. l The interface type can be Ethernet interface, Ethernet sub-interface, GE interface, GE subinterface, Eth-Trunk interface, or Eth-Trunk sub-interface. l Ensure that the interface in this command is bound to the VSI specified by vsi-name. l When pe-vid is used, the interface specified by interface-type interface-number must be a sub-interface. In addition, this sub-interface must be configured with dot1q termination, qinq stacking or vlan-type dot1q and bound to the VSI.
NOTE
The parameter pe-vid must be configured when configuring static MAC address entries based on the sub-interface of qinq stacking, or the traffic would be blocked.
l When pe-vid and ce-vid are used, the interface specified by interface-type interfacenumber must be a sub-interface. In addition, this sub-interface must be configured with QinQ termination and bound to the VSI. l A maximum of 1024 non-dynamic entries can be added. Step 3 Run:
mac-address blackhole mac-address vsi vsi-name
1.3.3 Configuring MAC Address Entries Based on the VLANIF Interface

The PEs that are connected to the VPLS network are Layer 2 switching devices with Layer 2 interfaces. To enable the packets from the PEs to be transmitted on the VPLS network, you need to configure VLANIF interfaces, and bind the VLANIF interfaces to VSIs to access the VPLS network. Configuring a MAC address table based on VLANIF interfaces can prevent invalid users from connecting to the device.
Context
Do as follows on the equipment where the VSI is created:
Procedure
Step 1 Run:
system-view

mac-address static mac-address interface-type interface-number vlanif interfacenumber vsi vsi-name
MAC address entries are added. Note the following: l You can add only unicast MAC addresses rather than multicast MAC addresses and special MAC addresses to a MAC address table. Special MAC addresses are reserved for special usage, such as MAC addresses of special packets. l The interface-type can be Ethernet interface, GE interface, or Eth-Trunk interface. l The interface specified by interface-type interface-number is added to the VLAN corresponding to the VLANIF interface, and the VLANIF interface is bound to the specified VSI. l A maximum of 1024 non-dynamic entries can be added. Step 3 Run:
mac-address blackhole mac-address { vlan vlan-id | vsi vsi-name

After the MAC address table based on Layer 3 interfaces and VSIs is successfully configured, you can view the destination MAC addresses, outbound interfaces, and MAC address types.
Prerequisite
The configurations of the MAC address table based on the VSI and layer 3 interface are complete.
Procedure
l l l l Run the display mac-address [ mac-address [ vlan vlan-id | vsi vsi-name | verbose ] ] command to check information about all MAC address entries. Run the display mac-address blackhole [ vlan vlan-id | vsi vsi-name ] to check information about black-hole MAC address entries. Run the display mac-address static [ vlan vlan-id | vsi vsi-name ] to check information about static MAC address entries. Run the following commands to check information about dynamic MAC address entries. Run the display mac-address dynamic verbose command.
Run the display mac-address dynamic [ slot-id ] [ vlan vlan-id | vsi vsi-name | sourceslot source-slot-id | interface-type interface-number ] command. l Run the display mac-address summary command to check statistic information about MAC address entries.
----End
Example
Run the display mac-address command. If information about the MAC address, the outbound interface corresponding to the MAC address, and the MAC address type is displayed, it means that the configuration succeeds. For example:
<HUAWEI> display mac-address MAC address table of slot 0: -------------------------------------------------------------------------------MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel -------------------------------------------------------------------------------0011-2233-4455 abc 1 GE1/0/1.10 static 2/0002-0002-0002 2 GE2/0/1 static -------------------------------------------------------------------------------Total matching items on slot 0 displayed = 2 MAC address table of slot 1: -------------------------------------------------------------------------------MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel -------------------------------------------------------------------------------0000-c102-0104 200 GE1/0/1 dynamic 0000-c102-0105 200 GE1/0/1 dynamic 0000-c102-0102 200 GE1/0/1 dynamic 0000-c102-0106 200 GE1/0/1 dynamic 0000-c102-0103 200 GE1/0/1 dynamic ------------------------------------------------------------------------------Total matching items on slot 1 displayed = 5
Run the display mac-address summary command to display all the statistics of the MAC address entries. Such as:
<HUAWEI> display mac-address summary ------------------------------------------------------------Slot Total Blackhole Static Dynamic Capacity FE ------------------------------------------------------------1 1 0 0 1 0 0 2 0 0 0 0 0 0 -------------------------------------------------------------
1.4 Configuring the Aging Time of a MAC Address Table

After the network topology changes, dynamic MAC address entries are not automatically updated in time. As a result, a device cannot learn new MAC addresses and thus user traffic cannot be normally forwarded. To addresses this problem, you need to configure the aging time of MAC address entries. 1.4.1 Establishing the Configuration Task Before configuring the aging time of MAC address entries, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
1.4.2 Setting the Aging Time of a MAC Address Table After the aging time of MAC address entries is configured, the dynamic MAC address entries are automatically deleted if the aging time expires. 1.4.3 Checking the Configuration After the aging time of MAC address entries is successfully configured, you can view information about the aging time of MAC address entries.

Before configuring the aging time of MAC address entries, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
After the network topology changes, dynamic MAC entries are not automatically updated in time. In this case, user traffic cannot be normally forwarded because the device cannot learn the new MAC address. Thus, you need to configure the aging time of dynamic MAC addresses. When the set aging time expires, dynamic MAC address entries are automatically deleted. The device re-learns MAC addresses to generate a new dynamic MAC address type. The aging time is valid only on dynamic MAC address entries. The configurations in this section are optional.
None
Data Preparation
To configure the aging time of a MAC address table, you need the following data. No. 1 Data Aging time
1.4.2 Setting the Aging Time of a MAC Address Table

After the aging time of MAC address entries is configured, the dynamic MAC address entries are automatically deleted if the aging time expires.
Context
Do as follows on all the devices:
Procedure
Step 1 Run:
system-view

mac-address aging-time seconds [ vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> ]
The aging time of a MAC address table is set. In a MAC address table, only dynamic entries age. The aging time ranges from 60 to 1000000 seconds. The default is 300 seconds. The aging time 0 means that no MAC address entry is aged. ----End

After the aging time of MAC address entries is successfully configured, you can view information about the aging time of MAC address entries.
Prerequisite
The configurations of the aging time of a MAC address table are complete.
Procedure
Step 1 Run the display mac-address aging-time [ vlan [ vlanid ] ] command to check the aging time of MAC address entries. ----End
Example
Run the display mac-address aging-time command. If the aging time of MAC address entries is displayed, it means that the configuration succeeds. For example:
<HUAWEI> display mac-address aging-time Aging time: 300 seconds <HUAWEI> display mac-address aging-time vlan 10 Vlan Aging Time(sec) 10 100
1.5 Maintaining MAC Address Table

This section provides commands used to maintain MAC address tables, including the command that is used to delete dynamic MAC address tables. 1.5.1 Clearing the Dynamic MAC Address The CX600 provides two methods of deleting dynamic MAC addresses. You can either use a command to delete dynamic MAC addresses or wait for the system to delete MAC entries that have become invalid after interfaces go Down, VLANs are deleted, or VSIs are deleted. In addition, the CX600 supports the batch deletion of dynamic MAC addresses in a VLAN, in a VSI, on an interface, on an interface of a VLAN, or on an interface of a VSI.
1.5.1 Clearing the Dynamic MAC Address

The CX600 provides two methods of deleting dynamic MAC addresses. You can either use a command to delete dynamic MAC addresses or wait for the system to delete MAC entries that have become invalid after interfaces go Down, VLANs are deleted, or VSIs are deleted. In addition, the CX600 supports the batch deletion of dynamic MAC addresses in a VLAN, in a VSI, on an interface, on an interface of a VLAN, or on an interface of a VSI.
Context
After the network topology changes, the CX device's failure to learn new MAC addresses interrupts the forwarding of user traffic if the dynamic MAC entries are not refreshed in time. The CX device needs to provide various entry deletion methods to: l l l l Minimize the effect on normal services Promptly delete the invalid MAC entries Release MAC address resources Ensure the generation of new MAC entries
Procedure
l l l l To delete the dynamic MAC entries based on a VLAN, run the undo mac-address dynamic vlan vlan-id command. To delete the dynamic MAC entries based on a VSI, run the undo mac-address dynamic vsi vsi-name command. To delete the dynamic MAC entries based on a port, run the undo mac-address dynamic { ethernet | gigabitethernet | eth-trunk } interface-number command. To delete the dynamic MAC entries based on a port in a VLAN, run the undo mac-address dynamic { ethernet | gigabitethernet | eth-trunk } interface-number vlan vlan-id command. To delete the dynamic MAC entries based on a port and the VSI, run the undo mac-address dynamic { ethernet | gigabitethernet | eth-trunk } interface-number vsi vsi-name command.
----End
1.6 Configuration Examples

This section lists networking requirements, configuration roadmap, and data preparation to describe the typical application scenarios of MAC address tables, and provides related configuration files.
NOTE
This document takes interface numbers and link types of the CX600-X8 as an example. In working situations, the actual interface numbers and link types may be different from those used in this document.
1.6.1 Example for Configuring the MAC Address Table Based on the Interface and VLAN In this networking, the network administrator binds MAC addresses of user devices to the access interface, which can prevent invalid users from accessing the network through other switching devices.
1.6.2 Example for Configuring the MAC Address Table Based on the dot1q Termination Subinterface and VSI In a VPLS network, MAC address learning is performed on PEs. A PE automatically sets up a MAC address table by learning the MAC address of the remote PE through a Pseudo-Wire (PW), and learning the MAC address of the directly connected CE through an AC. When a PE receives a user packet with one tag, you need to bind the Dot1q termination sub-interface on the PE to a VSI to access the VPLS network, and bind the MAC address of the packet to the VSI. This helps to prevent invalid users from accessing the VPLS network. 1.6.3 Example for Configuring the MAC Address Table Based on the QinQ Termination Subinterface and VSI In a VPLS network, MAC address learning is performed on PEs. A PE automatically sets up a MAC address table by learning the MAC address of the remote PE through a PW, and learning the MAC address of the directly connected CE through an AC. When a PE receives a user packet with double tags, you need to bind the QinQ termination sub-interface on the PE to a VSI, connect the sub-interface to the VPLS network, and bind the MAC address of the packet to the VSI. This helps to prevent invalid users from connecting to the VPLS network. 1.6.4 Example for Configuring the MAC Address Table Based on the VLANIF Interface and VSI In this networking, Layer 2 switches function as PEs accessing the VPLS network. To enable the packets from PEs to be transmitted on the VPLS network, you need to configure VLANIF interfaces, bind the VLANIF interfaces to VSIs, connect the VLANIF interfaces to the VPLS network, and bind the MAC addresses of the user packets to the VSIs. This helps to prevent invalid users from connecting to the VPLS network. 1.6.5 Example for Configuring the MAC Address Table Based on the VLAN and Layer 2 VE Interface In this networking, the outbound interfaces in the MAC address table are VE interfaces. Before you configure a MAC address table based on Layer 2 VE interfaces and VLANs, the Layer 2 VE interfaces must have already been added to the specified VLANs, and the mappings between the VE interfaces and the PVCs on ATM interfaces must be configured. 1.6.6 Example for Configuring the MAC Address Table Based on the Interface and VSI You can configure a static MAC address table based on an interface of a VSI and set the aging time for dynamic MAC entries.
1.6.1 Example for Configuring the MAC Address Table Based on the Interface and VLAN
In this networking, the network administrator binds MAC addresses of user devices to the access interface, which can prevent invalid users from accessing the network through other switching devices.
Networking Requirements
A device learns source MAC addresses and then creates a MAC address table. MAC address learning, however, cannot identify whether the packets are from legal users or hackers, which brings security threats. To improve interface security, a network administrator can manually add specific MAC address entries to the MAC address table. The MAC addresses of user devices and interfaces are then bound to prevent illegal users from obtaining data.
Issue 01 (2011-05-30)
1-15
On the network shown in Figure 1-1, static MAC address entries can be configured to be bound to interfaces, preventing attacks. Figure 1-1 Networking diagram of configuring the MAC address table based on the interface and VLAN
PE GE1/0/1 GE1/0/2 CE1 GE1/0/1 GE1/0/2 GE1/0/2 CE2 GE1/0/1
PC1
PC2 VLAN 2
PC3
PC4 VLAN 2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Create a VLAN on each CE. Configure interface attributes and associate each interface with the VLAN on each CE and the PE. Configure static MAC address entries on the PE, and bind them to interfaces.
Data Preparation
To complete the configuration, you need the following data: l l User VLAN ID MAC address of each CE In this example, CE1's MAC address is 0011-2233-44aa, and CE2's MAC address is 0011-2233-44bb.
Procedure
Step 1 Create VLANs. # Configure CE 1.
<HUAWEI> system-view <HUAWEI> sysname CE1 [CE1] vlan 2 [CE1-vlan2] quit
# Configure CE 2.
<HUAWEI> system-view <HUAWEI> sysname CE2 [CE2] vlan 2 [CE2-vlan2] quit
# Configure PE.
<HUAWEI> system-view <HUAWEI> sysname PE [PE] vlan 2 [PE-vlan2] quit
Step 2 Configure interface attributes and associate the interface to the VLAN. # Configure CE 1.
[CE1] interface gigabitethernet 1/0/1 [CE1-GigabitEthernet1/0/1] undo shutdown [CE1-GigabitEthernet1/0/1] portswitch [CE1-GigabitEthernet1/0/1] port link-type access [CE1-GigabitEthernet1/0/1] port default vlan 2 [CE1-GigabitEthernet1/0/1] quit [CE1] interface gigabitethernet 1/0/2 [CE1-GigabitEthernet1/0/2] undo shutdown [CE1-GigabitEthernet1/0/2] portswitch [CE1-GigabitEthernet1/0/2] port link-type trunk [CE1-GigabitEthernet1/0/2] port trunk allow-pass vlan 2 [CE1-GigabitEthernet1/0/2] quit
# Configure CE 2.
[CE2] interface gigabitethernet 1/0/1 [CE2-GigabitEthernet1/0/1] undo shutdown [CE2-GigabitEthernet1/0/1] portswitch [CE2-GigabitEthernet1/0/1] port link-type access [CE2-GigabitEthernet1/0/1] port default vlan 2 [CE2-GigabitEthernet1/0/1] quit [CE2] interface gigabitethernet 1/0/2 [CE2-GigabitEthernet1/0/2] undo shutdown [CE2-GigabitEthernet1/0/2] portswitch [CE2-GigabitEthernet1/0/2] port link-type trunk [CE2-GigabitEthernet1/0/2] port trunk allow-pass vlan 2 [CE2-GigabitEthernet1/0/2] quit
# Configure PE.
[PE] interface gigabitethernet 1/0/1 [PE-GigabitEthernet1/0/1] undo shutdown [PE-GigabitEthernet1/0/1] portswitch [PE-GigabitEthernet1/0/1] port link-type trunk [PE-GigabitEthernet1/0/1] port trunk allow-pass vlan 2 [PE-GigabitEthernet1/0/1] quit [PE] interface gigabitethernet 1/0/2 [PE-GigabitEthernet1/0/2] undo shutdown [PE-GigabitEthernet1/0/2] portswitch [PE-GigabitEthernet1/0/2] port link-type trunk [PE-GigabitEthernet1/0/2] port trunk allow-pass vlan 2 [PE-GigabitEthernet1/0/2] quit
Step 3 Configure static MAC address entries.

[PE] mac-address static 0011-2233-44aa gigabitethernet 1/0/1 vlan 2 [PE] mac-address static 0011-2233-44bb gigabitethernet 1/0/2 vlan 2
Step 4 Verify the configuration. # After completing the preceding configurations, run the display mac-address static command on the PE. The configured static MAC address entries are displayed.
[PE] display mac-address static
Issue 01 (2011-05-30)
1-17
MAC address table of slot 1: ------------------------------------------------------------------------------MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel ------------------------------------------------------------------------------0011-2233-44aa 2 GE1/0/1 static 0011-2233-44bb 2 GE1/0/2 static ------------------------------------------------------------------------------Total matching items on slot 1 displayed = 2
----End
Configuration Files
l Configuration file of CE1
# sysname CE1 # vlan batch 2 # interface GigabitEthernet1/0/1 portswitch undo shutdown port link-type access port default vlan 2 # interface GigabitEthernet1/0/2 portswitch undo shutdown port link-type trunk port trunk allow-pass vlan 2 # return
Configuration file of PE2

Configuration file of PE
# sysname PE # vlan batch 2 # interface GigabitEthernet1/0/1 portswitch undo shutdown port link-type trunk port trunk allow-pass vlan 2 # interface GigabitEthernet1/0/2
1-18
Issue 01 (2011-05-30)
portswitch undo shutdown port link-type trunk port trunk allow-pass vlan 2 # mac-address static 0011-2233-44aa GigabitEthernet1/0/1 vlan 2 mac-address static 0011-2233-44bb GigabitEthernet1/0/2 vlan 2 # return
1.6.2 Example for Configuring the MAC Address Table Based on the dot1q Termination Sub-interface and VSI
In a VPLS network, MAC address learning is performed on PEs. A PE automatically sets up a MAC address table by learning the MAC address of the remote PE through a Pseudo-Wire (PW), and learning the MAC address of the directly connected CE through an AC. When a PE receives a user packet with one tag, you need to bind the Dot1q termination sub-interface on the PE to a VSI to access the VPLS network, and bind the MAC address of the packet to the VSI. This helps to prevent invalid users from accessing the VPLS network.
As shown in Figure 1-2, in a VPLS networking, PEs are connected to CEs through dot1q termination sub-interfaces. On PE1, set the user who accesses PE1 through CE1 and whose MAC address is 0011-2233-4455 as a static MAC entry. This helps to prevent invalid users from accessing the VPLS network. Figure 1-2 Networking diagram of configuring the MAC address table based on the dot1q termination sub-interface and VSI
Loopback1 1.1.1.9/32 POS2/0/0 192.168.1.1/30
Loopback1 2.2.2.9/32
PE1 GE1/0/0.1
POS1/0/0 192.168.1.2/30 GE1/0/2
POS1/0/0 192.168.2.2/30 POS2/0/0 192.168.2.1/30 GE1/0/2
PE2 GE2/0/0.1
GE1/0/1 CE1 MAC:0011-2233-4455 PC1
CE2 GE1/0/1
PC2
The configuration roadmap is as follows:
1. 2. 3.
Configure a VPLS network. Bind the dot1q termination sub-interface to the VSI Configure static MAC address entries.
Data Preparation
To complete the configuration, you need the following data: l l MAC address of the user: 0011-2233-4455 VSI named ldp1
Procedure
Step 1 Configure IGP on the MPLS backbone network. OSPF is used in this example. According to Figure 1-2 configure the addresses for the interfaces on PE and P. Configure OSPF to advertise the addresses of the loopback interfaces on PE1, P, and PE2. # Configure PE1.
<HUAWEI> system-view [HUAWEI] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] ip address 192.168.1.1 30 [PE1-Pos2/0/0] undo shutdown [PE1-Pos2/0/0] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure P.
<HUAWEI> system-view [HUAWEI] sysname P [P] interface loopback 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] interface pos 1/0/0 [P-Pos1/0/0] ip address 192.168.1.2 30 [P-Pos1/0/0] undo shutdown [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] ip address 192.168.2.1 30 [P-Pos2/0/0] undo shutdown [P-Pos2/0/0] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.3 [P-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.3 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit
# Configure PE2.
<HUAWEI> system-view [HUAWEI] sysname PE2 [PE2] interface loopback 1
1-20
Issue 01 (2011-05-30)
[PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 192.168.2.2 30 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit [PE21] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.3 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
After this step, PE1 and PE2 learn the route to the loopback interface of the peer through the OSPF protocol. PE1 and PE2 can ping through each other. Take the display on PE1 as an example:
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 192.168.1.2 Pos1/0/0 3.3.3.9/32 OSPF 10 3 D 192.168.1.2 Pos1/0/0 192.168.1.0/24 Direct 0 0 D 192.168.1.1 Pos2/0/0 192.168.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.1.2/32 Direct 0 0 D 192.168.1.2 Pos1/0/0 192.168.2.0/24 OSPF 10 2 D 192.168.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 [PE1] ping 192.168.2.2 PING 192.168.2.2: 56 data bytes, press CTRL_C to break Reply from 192.168.2.2: bytes=56 Sequence=1 ttl=254 time=200 ms Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=254 time=60 ms Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=254 time=90 ms Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=254 time=90 ms Reply from 192.168.2.2: bytes=56 Sequence=5 ttl=254 time=90 ms --- 192.168.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 60/106/200 ms
Step 2 Enable the basic MPLS capabilities and LDP on the MPLS backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0
Issue 01 (2011-05-30)
1-21

[P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit
# Configure PE2.
Step 3 Set up the remote LDP session between PEs. # Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
After the configuration, the sessions between PE1 and PE2 are set up. Running the display mpls ldp sessioncommand, you can view that the Status field is "Operational". For example, the following displays the session information on PE1:
[PE1] display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:04 18/18 3.3.3.9:0 Operational DU Passive 000:00:00 2/2 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
Step 4 Enable MPLS L2VPN on PEs. # Configure PE1.

[PE1] mpls l2vpn
# Configure PE2.
[PE2] mpls l2vpn
Step 5 Create VSIs and specify LDP as the signaling protocol on VSIs. # Configure PE1.
[PE1] vsi ldp1 static [PE1-vsi-ldp1] pwsignal ldp [PE1-vsi-ldp1-ldq] vsi-id 1 [PE1-vsi-ldp1-ldq] peer 3.3.3.9 [PE1-vsi-ldp1-ldq] quit
1-22
Issue 01 (2011-05-30)
[PE1-vsi-ldp1] quit
# Configure PE2.
[PE2] vsi ldp1 static [PE2-vsi-ldp1] pwsignal ldp [PE2-vsi-ldp1-ldq] vsi-id 1 [PE2-vsi-ldp1-ldq] peer 1.1.1.9 [PE2-vsi-ldp1-ldq] quit [PE2-vsi-ldp1] quit
Step 6 Configure the interface mode to user termination. # Configure PE1.

[PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] mode user-termination [PE1-GigabitEthernet1/0/0] undo shutdown [PE1-GigabitEthernet1/0/0] quit
# Configure PE2.
Step 7 Configure the sub-interface for dot1q VLAN tag termination and bind VSIs and AC interfaces. # Configure PE1.
[PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] control-vid 1 dot1q-termination [PE1-GigabitEthernet1/0/0.1] dot1q termination vid 10 [PE1-GigabitEthernet1/0/0.1] l2 binding vsi ldp1 [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2.
[PE2] interface gigabitethernet 2/0/0.1 [PE2-GigabitEthernet2/0/0.1] control-vid 1 dot1q-termination [PE2-GigabitEthernet2/0/0.1] dot1q termination vid 10 [PE2-GigabitEthernet2/0/0.1] l2 binding vsi ldp1 [PE2-GigabitEthernet2/0/0.1] undo shutdown [PE2-GigabitEthernet2/0/0.1] quit
NOTE
On different sub-interfaces, the vid values cannot overlap.
Step 8 Configure the Layer 2 forwarding function. # Configure CE1.

<HUAWEI> system-view [HUAWEI] sysname CE1 [CE1]interface gigabitethernet 1/0/1 [CE1-GigabitEthernet1/0/1] portswitch [CE1-GigabitEthernet1/0/1] undo shutdown [CE1-GigabitEthernet1/0/1] quit [CE1] vlan 10 [CE1-vlan10] port gigabitethernet 1/0/1 [CE1-vlan10] quit [CE1]interface gigabitethernet 1/0/2 [CE1-GigabitEthernet1/0/2] portswitch [CE1-GigabitEthernet1/0/2] undo shutdown [CE1-GigabitEthernet1/0/2] port trunk allow-pass vlan 10 [CE1-GigabitEthernet1/0/2] quit
# Configure CE2.
<HUAWEI> system-view [HUAWEI] sysname CE2 [CE2]interface gigabitethernet 1/0/1 [CE2-GigabitEthernet1/0/1] portswitch [CE2-GigabitEthernet1/0/1] undo shutdown [CE2-GigabitEthernet1/0/1] quit [CE2] vlan 10 [CE2-vlan10] port gigabitethernet 1/0/1 [CE2-vlan10] quit [CE2]interface gigabitethernet 1/0/2 [CE2-GigabitEthernet1/0/2] portswitch [CE2-GigabitEthernet1/0/2] undo shutdown [CE2-GigabitEthernet1/0/2] port trunk allow-pass vlan 10 [CE2-GigabitEthernet1/0/2] quit
Step 9 Configure the MAC address table based on the dot1q termination sub-interface and VSI.
[PE1] mac-address static 0011-2233-4455 gigabitethernet 1/0/0.1 vsi ldp1 pe-vid 10
Step 10 Verify the configuration. # After completing the preceding configurations, run the display mac-address static command on the PE1. The configured static MAC address entries are displayed.
[PE1] display mac-address static MAC address table of slot 1: -------------------------------------------------------------------------------MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSRID VSI/SI MAC-Tunnel -------------------------------------------------------------------------------0011-2233-4455 ldp1 10 GE1/0/0.1 static -------------------------------------------------------------------------------Total matching items on slot 1 displayed = 1
----End
Configuration Files
l Configuration file of PE1
# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 1 peer 3.3.3.9 # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown mode user-termination # interface GigabitEthernet1/0/0.1 undo shutdown control-vid 1 dot1q-termination dot1q termination vid 10 l2 binding vsi ldp1 # interface Pos2/0/0
1-24
Issue 01 (2011-05-30)
undo shutdown ip address 192.168.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 192.168.1.0 0.0.0.3 # mac-address static 0011-2233-4455 gigabitethernet 1/0/0.1 vsi ldp1 pe-vid 10 # return
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 undo shutdown ip address 192.168.1.2 255.255.255.252 mpls mpls ldp # interface Pos2/0/0 undo shutdown ip address 192.1168.2.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 192.168.1.0 0.0.0.3 network 192.168.2.0 0.0.0.3 # return

# sysname PE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 1 peer 1.1.1.9 # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # mpls ldp # interface GigabitEthernet2/0/0 undo shutdown
Issue 01 (2011-05-30)
1-25
mode user-termination # interface GigabitEthernet2/0/0.1 undo shutdown control-vid 1 dot1q-termination dot1q termination vid 10 l2 binding vsi ldp1 # interface Pos1/0/0 undo shutdown ip address 192.168.2.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 192.168.2.0 0.0.0.3 # return
Configuration file of CE1

# sysname CE1 # vlan batch 10 # interface GigabitEthernet1/0/1 portswitch undo shutdown port default vlan 10 # interface GigabitEthernet1/0/2 portswitch undo shutdown port trunk allow-pass vlan 10 # return

# sysname CE2 # vlan batch 10 # interface GigabitEthernet1/0/1 portswitch undo shutdown port default vlan 10 # interface GigabitEthernet1/0/2 portswitch undo shutdown port trunk allow-pass vlan 10 # return
1.6.3 Example for Configuring the MAC Address Table Based on the QinQ Termination Sub-interface and VSI
In a VPLS network, MAC address learning is performed on PEs. A PE automatically sets up a MAC address table by learning the MAC address of the remote PE through a PW, and learning the MAC address of the directly connected CE through an AC. When a PE receives a user packet with double tags, you need to bind the QinQ termination sub-interface on the PE to a VSI, connect
the sub-interface to the VPLS network, and bind the MAC address of the packet to the VSI. This helps to prevent invalid users from connecting to the VPLS network.
As shown in Figure 1-3, in a VPLS networking, PEs are connected to CEs through QinQ termination sub-interfaces. On PE1, set the user who accesses PE1 through CE1 and whose MAC address is 0011-2233-4455 as a static MAC entry. Figure 1-3 Networking diagram of configuring the MAC address table based on the qinq termination sub-interface and VSI
Loopback1 1.1.1.9/32 POS2/0/0 192.168.1.1/30 POS1/0/0 192.168.1.2/30 P Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32 POS1/0/0 192.168.2.2/30 POS2/0/0 192.168.2.1/30 GE1/0/2 PE2 GE2/0/0.1
PE1
GE1/0/0.1
GE1/0/2
GE1/0/1 Switch1 GE1/0/1.1 10.1.1.1/24 CE1
GE1/0/1 GE1/0/1.1 10.1.1.2 CE2
Switch2
PC1 MAC:0011-2233-4455
PC2
The configuration roadmap is as follows: 1. 2. 3. Configure a VPLS network. Bind the QinQ termination sub-interface to the VSI Configure static MAC address entries.
Data Preparation
To complete the configuration, you need the following data: l l MAC address of the user: 0011-2233-4455 VSI named ldp1
Procedure
Step 1 Configure IGP on the MPLS backbone network. OSPF is used in this example.
According to Figure 1-3 configure the addresses for the interfaces on PE and P. Configure OSPF to advertise the addresses of the loopback interfaces on PE1, P, and PE2. # Configure PE1.
# Configure P.
# Configure PE2.
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib
1-28
Issue 01 (2011-05-30)
-----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 192.168.1.2 Pos1/0/0 3.3.3.9/32 OSPF 10 3 D 192.168.1.2 Pos1/0/0 192.168.1.0/24 Direct 0 0 D 192.168.1.1 Pos2/0/0 192.168.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.1.2/32 Direct 0 0 D 192.168.1.2 Pos1/0/0 192.168.2.0/24 OSPF 10 2 D 192.168.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 [PE1] ping 192.168.2.2 PING 192.168.2.2: 56 data bytes, press CTRL_C to break Reply from 192.168.2.2: bytes=56 Sequence=1 ttl=254 time=200 ms Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=254 time=60 ms Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=254 time=90 ms Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=254 time=90 ms Reply from 192.168.2.2: bytes=56 Sequence=5 ttl=254 time=90 ms --- 192.168.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 60/106/200 ms
# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit
# Configure PE2.
Issue 01 (2011-05-30)
1-29
# Configure PE2.
After the configuration, the sessions between PE1 and PE2 are set up. Running the display mpls ldp session command, you can view that the Status field is "Operational". For example, the following displays the session information on PE1:
[PE1] display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:04 18/18 3.3.3.9:0 Operational DU Passive 000:00:00 2/2 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

[PE1] mpls l2vpn
# Configure PE2.
[PE2] mpls l2vpn

# Configure PE2.
# Configure PE12.
Step 7 Configure the sub-interface for qinq VLAN tag termination and bind VSIs and AC interfaces. # Configure PE1.
[PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] control-vid 1 qinq-termination [PE1-GigabitEthernet1/0/0.1] qinq termination l2 symmetry [PE1-GigabitEthernet1/0/0.1] qinq termination pe-vid 100 ce-vid 10 [PE1-GigabitEthernet1/0/0.1] l2 binding vsi ldp1 [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit
# Configure PE21.
[PE2] interface gigabitethernet 2/0/0.1 [PE1-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination [PE1-GigabitEthernet2/0/0.1] qinq termination l2 symmetry [PE1-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10 [PE2-GigabitEthernet2/0/0.1] l2 binding vsi ldp1 [PE2-GigabitEthernet2/0/0.1] undo shutdown [PE2-GigabitEthernet2/0/0.1] quit
NOTE
When the qinq termination command is used, the ranges of ce-vid cannot overlap if pe-vid of two subinterfaces is the same.
Step 8 Configure QinQ and set the packets sent from the switch to the PE to carry double tags. # Configure CE1.
<HUAWEI> system-view [HUAWEI] sysname CE1 [CE1]vlan batch 100 to 200 [CE1]interface gigabitethernet 1/0/1.1 [CE1-GigabitEthernet1/0/1.1] undo shutdown [CE1-GigabitEthernet1/0/1.1] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/1.1] vlan-type dot1q 100 200 [CE1-GigabitEthernet1/0/1.1] quit
# Configure CE2.
<HUAWEI> system-view [HUAWEI] sysname CE2 [CE2]vlan batch 100 to 200 [CE2]interface gigabitethernet 1/0/1.1 [CE2-GigabitEthernet1/0/1.1] undo shutdown [CE2-GigabitEthernet1/0/1.1] ip address 10.1.1.2 24 [CE2-GigabitEthernet1/0/1.1] vlan-type dot1q 100 200 [CE2-GigabitEthernet1/0/1.1] quit
# Configure Switch 1.
<HUAWEI> system-view [HUAWEI] sysname Switch1 [Switch1]interface gigabitethernet 1/0/1 [Switch1-GigabitEthernet1/0/1] portswitch [Switch1-GigabitEthernet1/0/1] undo shutdown [Switch1-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 [Switch1-GigabitEthernet1/0/1] quit [Switch1]interface gigabitethernet 1/0/2 [Switch1-GigabitEthernet1/0/2] portswitch [Switch1-GigabitEthernet1/0/2] undo shutdown
Issue 01 (2011-05-30)
1-31
[Switch1-GigabitEthernet1/0/2] port vlan-stacking vlan 100 to 200 stack-vlan 10 [Switch1-GigabitEthernet1/0/2] quit
<HUAWEI> system-view [HUAWEI] sysname Switch2 [Switch2]interface gigabitethernet 1/0/1 [Switch2-GigabitEthernet1/0/1] portswitch [Switch2-GigabitEthernet1/0/1] undo shutdown [Switch2-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 [Switch2-GigabitEthernet1/0/1] quit [Switch2]interface gigabitethernet 1/0/2 [Switch2-GigabitEthernet1/0/2] portswitch [Switch2-GigabitEthernet1/0/2] undo shutdown [Switch2-GigabitEthernet1/0/2] port vlan-stacking outside-vlan 100 to 200 stackvlan 10 [Switch2-GigabitEthernet1/0/2] quit
NOTE
If the device does not support the port vlan-stacking command, you can run the commands port linktype dot1q-tunnel and port default vlan to configure QinQ.
Step 9 Configure the MAC address table based on the qinq termination sub-interface and VSI.
[PE1] mac-address static 0011-2233-4455 gigabitethernet 1/0/0.1 vsi ldp1 pe-vid 10 ce-vid 100
Step 10 Verify the configuration. # View the static MAC address table.
[PE1] display mac-address static MAC address table of slot 1: -------------------------------------------------------------------------------MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSRID VSI/SI MAC-Tunnel -------------------------------------------------------------------------------0011-2233-4455 ldp1 10 100 GE1/0/0.1 static -------------------------------------------------------------------------------Total matching items on slot 1 displayed = 1
----End
Configuration Files
# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 1 peer 3.3.3.9 # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown
1-32
Issue 01 (2011-05-30)
mode user-termination # interface GigabitEthernet1/0/0.1 control-vid 1 qinq-termination qinq termination l2 symmetry qinq termination pe-vid 10 ce-vid 100 to 200 l2 binding vsi ldp1 # interface Pos2/0/0 undo shutdown ip address 192.168.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 192.168.1.0 0.0.0.3 # mac-address static 0011-2233-4455 gigabitethernet 1/0/0.1 vsi ldp1 pe-vid 10 ce-vid 100 # return
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 undo shutdown ip address 192.168.1.2 255.255.255.252 mpls mpls ldp # interface Pos2/0/0 undo shutdown ip address 192.1168.2.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 192.168.1.0 0.0.0.3 network 192.168.2.0 0.0.0.3 # return

# sysname PE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp
Issue 01 (2011-05-30)
1-33

vsi-id 1 peer 1.1.1.9
# mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # mpls ldp # interface GigabitEthernet2/0/0 undo shutdown mode user-termination # interface GigabitEthernet2/0/0.1 control-vid 1 qinq-termination qinq termination l2 symmetry qinq termination pe-vid 10 ce-vid 100 to 200 l2 binding vsi ldp1 # interface Pos1/0/0 undo shutdown ip address 192.168.2.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 192.168.2.0 0.0.0.3 # return
Configuration file of Switch1

# sysname Switch1 # vlan batch 10 # interface GigabitEthernet1/0/1 portswitch undo shutdown port trunk allow-pass vlan 10 # interface GigabitEthernet1/0/2 portswitch undo shutdown port vlan-stacking vlan 100 to 200 stack-vlan 10 # return

# sysname Switch2 # vlan batch 10 # interface GigabitEthernet1/0/1 portswitch undo shutdown port trunk allow-pass vlan 10 # interface GigabitEthernet1/0/2 portswitch undo shutdown port vlan-stacking vlan 100 to 200 stack-vlan 10 # return
1-34
Issue 01 (2011-05-30)

# sysname CE1 # vlan batch 100 to 200 # interface GigabitEthernet1/0/1.1 vlan-type dot1q 100 200 ip address 10.1.1.1 255.255.255.0 # return

# sysname CE2 # vlan batch 100 to 200 # interface GigabitEthernet1/0/1.1 vlan-type dot1q 100 200 ip address 10.1.1.2 255.255.255.0 # return
1.6.4 Example for Configuring the MAC Address Table Based on the VLANIF Interface and VSI
In this networking, Layer 2 switches function as PEs accessing the VPLS network. To enable the packets from PEs to be transmitted on the VPLS network, you need to configure VLANIF interfaces, bind the VLANIF interfaces to VSIs, connect the VLANIF interfaces to the VPLS network, and bind the MAC addresses of the user packets to the VSIs. This helps to prevent invalid users from connecting to the VPLS network.
As shown in Figure 1-4, in a VPLS networking, PEs are connected to CEs through a VLANIF interface. On PE1, set the user who accesses PE1 through CE1 and whose MAC address is 0011-2233-4455 as a static MAC entry.
Issue 01 (2011-05-30)
1-35
Figure 1-4 Networking diagram of configuring the MAC address table based on the VLANIF interface and VSI
Loopback1
Loopback1
Loopback1
PE1 GE1/0/0 VLANIF10 GE1/0/0
POS2/0/0 POS1/0/0 P
POS1/0/0 POS2/0/0
PE2 GE2/0/0
GE1/0/0 CE1 CE2
PC1 MAC:0011-2233-4455
PC2
The configuration roadmap is as follows: 1. 2. 3. 4. Configure a VPLS network. Configure a VLAN and create a VLANIF interface. Bind the VLANIF interface to the VSI. Configure static MAC address entries.
Data Preparation
To complete the configuration, you need the following data: l l l l MAC address of the user PC1 GE 1/0/1, an interface in VLAN 10 VLANIF 10, an interface on PE1 VSI named abc
Procedure
Step 1 Configure IGP on the MPLS backbone network. OSPF is used in this example. According to Figure 1-4 configure the addresses for the interfaces on PE and P. Configure OSPF to advertise the addresses of the loopback interfaces on PE1, P, and PE2. # Configure PE1.
<HUAWEI> system-view [HUAWEI] sysname PE1
1-36
Issue 01 (2011-05-30)
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] ip address 192.168.1.1 30 [PE1-Pos2/0/0] undo shutdown [PE1-Pos2/0/0] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure P.
# Configure PE2.
[PE1] display ip routing-table Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask 1.1.1.9/32 2.2.2.9/32 Proto Direct OSPF Pre 0 10 Cost 0 1 Flags NextHop D D 127.0.0.1 192.168.1.2 Interface InLoopBack0 Pos2/0/0
Issue 01 (2011-05-30)
1-37
Pos2/0/0 InLoopBack0 InLoopBack0 Pos2/0/0 InLoopBack0 Pos2/0/0 Pos2/0/0 ms ms ms ms ms
3.3.3.9/32 OSPF 10 2 D 192.168.1.2 127.0.0.0/8 Direct 0 0 D 127.0.0.1 127.0.0.1/32 Direct 0 0 D 127.0.0.1 192.168.1.0/30 Direct 0 0 D 192.168.1.1 192.168.1.1/32 Direct 0 0 D 127.0.0.1 192.168.1.2/32 Direct 0 0 D 192.168.1.2 192.168.2.0/30 OSPF 10 2 D 192.168.1.2 [PE1] ping 192.168.2.2 PING 192.168.2.2: 56 data bytes, press CTRL_C to break Reply from 192.168.2.2: bytes=56 Sequence=1 ttl=254 time=140 Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=254 time=140 Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=254 time=100 Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=254 time=140 Reply from 192.168.2.2: bytes=56 Sequence=5 ttl=254 time=140 --- 192.168.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 100/132/140 ms
# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit
# Configure PE2.
1-38
Issue 01 (2011-05-30)
# Configure PE2.
After the configuration, the sessions between PE1 and PE2 are set up. Running the display mpls ldp session command, you can view that the Status field is "Operational".
[PE1] display mpls ldp session LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. -----------------------------------------------------------------------------PeerID Status LAM SsnRole SsnAge KASent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 0000:00:01 8/8 3.3.3.9:0 Operational DU Passive 0000:00:00 1/1 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found.

[PE1] mpls l2vpn [PE1-l2vpn] quit
# Configure PE2.
# Configure PE2.
Step 6 # Create VLANIF 10 and bind it to the VSI. # Configure PE1.

[PE1] vlan 10 [PE1-vlan10] quit [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] undo shutdown [PE1-GigabitEthernet1/0/1] portswitch [PE1-GigabitEthernet1/0/1] port default vlan 10 [PE1-GigabitEthernet1/0/1] quit [PE1] interface vlanif 10 [PE1-Vlanif10] l2 binding vsi ldp1 [PE1-Vlanif10] quit
# Configure PE2.
[PE2] vlan 10 [PE2-vlan10] quit [PE2] interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] undo shutdown [PE2-GigabitEthernet2/0/0] portswitch [PE2-GigabitEthernet2/0/0] port default vlan 10 [PE2-GigabitEthernet2/0/0] quit [PE2] interface vlanif 10 [PE2-Vlanif10] l2 binding vsi ldp1 [PE2-Vlanif10] quit
After the preceding configuration, run the display vsi name ldp1 verbose command on PE1. you can find that PWs to PE2 and PE3 are set up on the VSI named ldp1. The VSI status is Up. Take the display on PE1 as an example:
[PE1] display vsi name ldp1 verbose ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Diffserv Mode Service Class Color DomainId Domain Name Ignore AcState Create Time VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID Broadcast Tunnel ID CKey NKey StpEnable PwIndex Interface Name State Last Up Time Total Up Time **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID Broadcast Tunnel ID Ckey Nkey Main PW Token Slave PW Token Tnl Type OutInterface Stp Enable Mac Flapping : : : : : : : : : : : : : : : 3.3.3.9 up 1026 1026 label 0x1000005 0x1000005 0x2 0x1 0x1000005 0x0 LSP Pos2/0/0 0 0 : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : ldp1 no disable 0 ldp static unqualify vlan 1500 uniform --255 disable 0 days, 0 hours, 3 minutes, 48 seconds up 1 3.3.3.9 1026 dynamic up 0x1000005 0x1000005 2 1 0 0 Vlanif10 up 2010/05/06 19:15:24 0 days, 0 hours, 0 minutes, 33 seconds
1-40
Issue 01 (2011-05-30)
PW Last Up Time PW Total Up Time
: 2010/05/06 19:15:24 : 0 days, 0 hours, 0 minutes, 17 seconds
Step 7 Configure a MAC address table based on VLANIF 10 and VSI.

[PE1] mac-address static 0011-2233-4455 gigabitethernet 1/0/1 vlanif 10 vsi ldp1
Step 8 Configure the basic Layer 2 forwarding function on CEs. # Configure CE1.
<HUAWEI> system-view [HUAWEI] sysname CE1 [CE1]vlan 10 [CE1-vlan10] quit [CE1]interface gigabitethernet 1/0/1 [CE1-GigabitEthernet1/0/1] undo shutdown [CE1-GigabitEthernet1/0/1] portswitch [CE1-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 [CE1-GigabitEthernet1/0/1] quit [CE1]interface gigabitethernet 1/0/2 [CE1-GigabitEthernet1/0/2] undo shutdown [CE1-GigabitEthernet1/0/2] portswitch [CE1-GigabitEthernet1/0/2] port trunk allow-pass vlan 10 [CE1-GigabitEthernet1/0/2] quit
# Configure CE2.
<HUAWEI> system-view [HUAWEI] sysname CE2 [CE2]vlan 10 [CE2-vlan10] quit [CE2]interface gigabitethernet 1/0/1 [CE2-GigabitEthernet1/0/1] undo shutdown [CE2-GigabitEthernet1/0/1] portswitch [CE2-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 [CE2-GigabitEthernet1/0/1] quit [CE2]interface gigabitethernet 1/0/2 [CE2-GigabitEthernet1/0/2] undo shutdown [CE2-GigabitEthernet1/0/2] portswitch [CE2-GigabitEthernet1/0/2] port trunk allow-pass vlan 10 [CE2-GigabitEthernet1/0/2] quit
Step 9 Verify the configuration. # View the static MAC address table.
[PE1] display mac-address static MAC address table of slot 0: ------------------------------------------------------------------------------MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel ------------------------------------------------------------------------------0011-2233-4455 ldp1 10 GE1/0/1 static ------------------------------------------------------------------------------Total matching items on slot 0 displayed = 1
----End
Configuration Files
# sysname PE1 # vlan batch 10 # mpls lsr-id 1.1.1.9
Issue 01 (2011-05-30)
1-41
mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 1 peer 3.3.3.9 # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 undo remote-ip pwe3 # interface Vlanif10 l2 binding vsi ldp1 # interface GigabitEthernet1/0/1 portswitch undo shutdown port default vlan 10 # interface Pos2/0/0 link-protocol ppp ip address 192.168.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 192.168.1.0 0.0.0.3 # mac-address static 0011-2233-4455 GigabitEthernet1/0/1 Vlanif10 vsi ldp1 # return
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 192.168.1.2 255.255.255.252 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 192.168.2.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 192.168.1.0 0.0.0.3 network 192.168.2.0 0.0.0.3
1-42
Issue 01 (2011-05-30)
# return

# sysname PE2 # vlan batch 10 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 1 peer 1.1.1.9 # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 undo remote-ip pwe3 # interface Vlanif10 l2 binding vsi ldp1 # interface GigabitEthernet2/0/0 portswitch undo shutdown port default vlan 10 # interface Pos1/0/0 link-protocol ppp ip address 192.168.2.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 192.168.2.0 0.0.0.3 # return

# sysname CE1 # vlan batch 10 # interface GigabitEthernet1/0/1 portswitch port trunk allow-pass vlan 10 # interface GigabitEthernet1/0/2 portswitch undo shutdown port trunk allow-pass vlan 10 # return

# sysname CE2 #
Issue 01 (2011-05-30)
1-43

vlan batch 10 # interface GigabitEthernet1/0/1 portswitch undo shutdown port trunk allow-pass vlan 10 # interface GigabitEthernet1/0/2 portswitch undo shutdown port trunk allow-pass vlan 10 # return
1.6.5 Example for Configuring the MAC Address Table Based on the VLAN and Layer 2 VE Interface
In this networking, the outbound interfaces in the MAC address table are VE interfaces. Before you configure a MAC address table based on Layer 2 VE interfaces and VLANs, the Layer 2 VE interfaces must have already been added to the specified VLANs, and the mappings between the VE interfaces and the PVCs on ATM interfaces must be configured.
NOTE
NOTE
MAC address entries based on the VE interface can be configured only on the ATM interfaces of the ATM flexible plug-in card.
As shown in Figure 1-5, the hosts in two Ethernet networks are connected to the Digital Subscriber Line Access Multiplexer (DSLAM) through CX- ADSL and access the ATM network through CX- C. The specific networking is as follows: l l l The VE interface on CX- C is added to VLAN 100. Configure an IP address for VLANIF 100 that acts as an IPoEoA gateway. The virtual path identifiers (VPIs) or virtual channel identifiers (VCIs) of the two PVCs through which CX- C is connected to the DSLAM are 0/60 and 0/61 respectively. The two PVCs are connected to ADSL CX- A and ADSL CX- B respectively.
Workstation A accesses CX- C in ATM 1483B mode. On CX- C, configure the MAC address entry of workstation A to be the static MAC address entry. In this manner, the MAC address entry of workstation A cannot be aged.
1-44
Issue 01 (2011-05-30)
Figure 1-5 Networking diagram of configuring the MAC address table based on the VLAN and Layer 2 VE interface
workstation A MAC: 00e0-3344-5566 workstation B
Ethernet
ADSL router A
server
DSLAM
Ethernet
workstation C
CX-C To ADSL router A:0/60 To ADSL router B:0/61 Interface:Virtual-ethernet1/0/0 ADSL router B
server
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Create a VE interface and switch it to a Layer 2 interface. Create a VLAN and add the VE interface to the VLAN. Enter the ATM interface and create PVCs. Establish the mapping between the PVC and VE interface. Configure static MAC address entries.
Data Preparation
To complete the configuration, you need the following data: l l l l l l MAC address of workstation A: 00e0-3344-5566 VLAN ID of 100 VE 1/0/0 ATM 1/0/0 PVC named to_adsl_a VPI/VCI of the PVC network: 0/60 and 0/61
Procedure
Step 1 Create VE 1/0/0 and switch it to a Layer 2 interface.
<HUAWEI> system-view [HUAWEI] sysname CX- C [CX- C] interface virtual-ethernet 1/0/0 [CX- C-Virtual-Ethernet1/0/0] undo shutdown [CX- C-Virtual-Ethernet1/0/0] portswitch [CX- C-Virtual-Ethernet1/0/0] quit
Issue 01 (2011-05-30)
1-45
Step 2 Create VLAN 100 and add VE 1/0/0 to VLAN 100.

[CX- C] vlan 100 [CX- C-vlan100] port virtual-ethernet 1/0/0 [CX- C-vlan100] quit
Step 3 Create a PVC and associate the VPI/VCI of 0/60 in the ATM network with VE 1/0/0.
[CX[CX[CX[CX[CX[CXC] interface atm 1/0/0 C-Atm1/0/0] undo shutdown C-Atm1/0/0] pvc to_adsl_a 0/60 C-atm-pvc-Atm1/0/0-0/60-to_adsl_a] map bridge virtual-ethernet 1/0/0 C-atm-pvc-Atm1/0/0-0/60-to_adsl_a] quit C-Atm1/0/0] quit
Step 4 Configure static MAC address entries.

[CX- C] mac-address static 00e0-3344-5566 virtual-ethernet 1/0/0 atm 1/0/0 pvc to_adsl_a 0/60 vlan 100
Step 5 Verify the configuration. Run the display mac-address static command. If information about MAC address entries is displayed, it means that the configuration succeeds. For example:
<CX- C> display mac-address static MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSRID VSI/SI MACTunnel --------------------------------------------------------------------------------00e0-3344-5566 100 VE1/0/0 static Total matching items displayed = 1
----End
Configuration Files
# sysname CX- C # vlan batch 100 # interface Atm1/0/0 undo shutdown pvc to_adsl_a 0/60 map bridge Virtual-Ethernet1/0/0 # interface Virtual-Ethernet1/0/0 undo shutdown portswitch port default vlan 100 # mac-address static 00e0-3344-5566 Virtual-Ethernet1/0/0 Atm1/0/0 pvc 0/60 vlan 100 return
1.6.6 Example for Configuring the MAC Address Table Based on the Interface and VSI
You can configure a static MAC address table based on an interface of a VSI and set the aging time for dynamic MAC entries.
For an existing user, MAC address is 0011-2233-4455, VSI name is vsi2 and the port is GE 1/0/0.
Set this entry as static to prevent it from aging and set the aging time of other dynamic entries as 500 seconds.
The configuration roadmap is as follows: 1. 2. 3. Create a VSI, and then configure port to join the VSI. Configure the static address entry. Configure the aging time.
Data Preparation
To complete the configuration, you need the following data: l l l MAC address: 0011-2233-4455 VSI name and the interface Aging time
Procedure
Step 1 Create vsi2 and configure interface GE 1/0/0 to join the vsi. Step 2 Configure static MAC address entries.
[HUAWEI] mac-address static 0011-2233-4455 gigabitethernet 1/0/0 vsi2
Step 3 Set the aging time of dynamic entries to 500 seconds.

[HUAWEI] mac-address aging-time 500
Step 4 Verify the configuration. # View the aging time of the dynamic MAC address table.
[HUAWEI] display mac-address aging-time Aging time: 500 seconds
----End
Configuration Files
# sysname HUAWEI # mac-address aging-time 500 # mac-address static 0011-2233-4455 GigabitEthernet1/0/0 vsi 2 # return
Issue 01 (2011-05-30)
1-47
2 Ethernet Interface Configuration
Ethernet Interface Configuration
About This Chapter

Being flexible, simple, and easy to implement, the Ethernet becomes the most important LAN networking technology. 2.1 Ethernet Interface Introduction Ehthernet interfaces include traditional Ethernet interfaces, Fast Ethernet (FE) interfaces, and Gigabit Ethernet (GE) interfaces. 2.2 Configuring Ethernet Interfaces of the Interface Board You can configure Ethernet interfaces on the Interface Boards to ensure correct physical connections between CX600s. 2.3 Configuring Ethernet Interfaces of the SRU By configuring an Ethernet interface on an MPU, you can connect the CX600 to a network management system (NMS) for management. 2.4 Configuring Ethernet Interfaces Layer 2 Parameters After an Ethernet interface is configured with Layer 2 attributes, it can access a device or directly forward Ethernet frames on a Layer 2 network. Layer 2 attributes define link layer information of Ethernet interfaces. 2.5 Configuring SmartLink Flush Function Some Layer 2 devices in the network support the Smart Link function. By default, Huawei data communication devices do not process the SmartLink flush packets sent from these Layer 2 devices. To enable the communication between the Huawei devices and the devices of other vendors, you need to configure the SmartLink Flush function on Huawei data communication devices. 2.6 Maintaining Ethernet Interfaces The commands related to Ethernet interfaces can be used to locate the faults on an Ethernet interface. 2.7 Configuration Examples This section lists the networking requirements, configuration roadmap, and data preparation to describe the typical application scenarios of Ethernet interfaces, and provides related configuration files.
Issue 01 (2011-05-30)
2-1
2.1 Ethernet Interface Introduction

Ehthernet interfaces include traditional Ethernet interfaces, Fast Ethernet (FE) interfaces, and Gigabit Ethernet (GE) interfaces. 2.1.1 Introduction to Ethernet Interfaces There are two types of Ethernet interfaces, namely, Fast Ethernet (FE) interfaces and Gigabit Ethernet (GE) interfaces. Ethernet interfaces support both the half duplex mode and the full duplex mode and can work in auto-negotiation mode. 2.1.2 Features of Ethernet Interfaces Supported by the CX600 In a LAN, an Ethernet interface can transmit Layer 2 and Layer 3 services according to different interface attributes. An Ethernet interface has both Layer 2 and Layer 3 attributes.
2.1.1 Introduction to Ethernet Interfaces

There are two types of Ethernet interfaces, namely, Fast Ethernet (FE) interfaces and Gigabit Ethernet (GE) interfaces. Ethernet interfaces support both the half duplex mode and the full duplex mode and can work in auto-negotiation mode. The Ethernet is one of the most important types of Local Area Network (LAN). The Ethernet is flexible, simple, and easy to be deployed. Therefore, it is the most important LAN networking technology. The interface board of the CX600 supports the Ethernet interfaces such as the 10M/100M/1000M auto-sense Ethernet electrical interface, 100M Ethernet optical interface, GE optical interface, GE/FE optical/electrical interface, 10GE optical interface (LAN), and 10GE optical interface (WAN). MPU/SRU supports the 10M/100M/1000M auto-sense Ethernet electrical interface. l l l Traditional Ethernet interface: It complies with 10Base-T specifications, and can work at the speed of 10 Mbit/s. Fast Ethernet (FE) interface: It complies with 100Base-TX specifications and is compatible with 10Base-T specifications. Gigabit Ethernet (GE) interface: It complies with 1000Base-TX specifications, and is compatible with 10Base-T and 100Base-TX specifications.
The GE/FE optical/electrical interface has the following functions: l l l Provides the functions of a GE optical interface by the GE optical module plugged into the interface. Provides the functions of an FE optical interface by the FE optical module plugged into the interface. Provides the functions of a 10M/100M/1000M auto-sensing electrical interface by the electrical module plugged into the interface.
Ethernet electrical interfaces can work in either the full-duplex mode or the half-duplex mode. They support auto-negotiation. In the auto-negotiation mode, they negotiate with other network devices for the most suitable working mode and speed. This simplifies system configuration and management.
NOTE
This chapter explains the configuration of the FE and GE interfaces. The configuration of traditional Ethernet interface is simple and similar to that of the fast Ethernet interface.
2.1.2 Features of Ethernet Interfaces Supported by the CX600

In a LAN, an Ethernet interface can transmit Layer 2 and Layer 3 services according to different interface attributes. An Ethernet interface has both Layer 2 and Layer 3 attributes.
Ethernet Sub-interface
You can create the sub-interface on an Ethernet main interface. LAN interfaces that can be configured with sub-interfaces include the following types: l l l Ethernet interfaces GE interfaces Eth-Trunk interfaces
The CX600 supports the configuration of sub-interfaces on both the Layer 3 Ethernet interface and the Layer 2 Ethernet interface. After Ethernet sub-interfaces are encapsulated with 802.1Q and associated with the VLAN, the VLAN can communicate with devices out of the VLAN through Ethernet sub-interface. An Ethernet sub-interface can associate with one VLAN. The Ethernet sub-interface is also applied to dot1q termination and QinQ termination mode. For details about the principle, see the chapter QinQ Configuration. Besides the preceding applications, the Layer 2 Ethernet sub-interface can transmit the Layer 2 and Layer 3 services simultaneously on one physical link. As shown in Figure 2-1, the Universal Media Gateway (UMG) is dual-homed to two PEs. PE1 and PE2 run VRRP. A layer 2 link is required between PE1 and PE2 to prevent the route change when the UMG active/standby switchover is performed. At the same time, the TE tunnel is required between PE1 and remote PE3. The active TE tunnel is PE1 to P1 to PE3 and the standby TE tunnel is PE1 to PE2 to P2 to PE3. A Layer 3 link is required between PE1 and PE2 to configure the Layer 3 service and TE tunnel. When a single physical link exists between PE1 and PE2, The Layer 2 Ethernet sub-interface is applicable. That is, a Layer 2 Ethernet sub-interface can be set up for the implementation of MPLS TE functions. Then, the Layer 2 primary interface can send VRRP packets as usual. Moreover, the route does not change because of the active/standby switchover.
Issue 01 (2011-05-30)
2-3
Figure 2-1 Typical application of a Layer 2 Ethernet sub-interface (VRRP + TE tunnel)
PE2
p ku )
P2
VRRP UMG8900 PE1
TE
l ne un
c Ba
TE Tu
ain) nnel (M
PE3
P1
Handling the SmartLink Flush Packet

The Smart Link is a function supported by non-Huawei switches. The Smart Link adopts dual uplinks or downlinks to realize redundancy backup by active/standby switchover, and the switchover of Layer 2 traffic between the active link and standby link. To ensure that the Smart Link function can take effect on theses non-Huawei switches, Huawei data communication devices must be capable of recognizing and handling SmartLink Flush packets. In Figure 2-2 and Figure 2-3, CX-A, CX-B, and CX- C are Huawei data communication devices, and the Switch is a non-Huawei switch that supports Smart Link function. The ports of CX-A, CX- B, and CX-C are working on Layer 2 and enable SmartLink Flush packets to be processed.
2-4
Issue 01 (2011-05-30)
Figure 2-2 Schematic diagram of the Smart Link in the normal state
Backbone network CX-C
CX-A
CX-B
Active link
Inactive link
Switch Link Data flow
As shown in Figure 2-2, the switch enables the Smart Link function with two uplinks, namely, an active link and a standby link. The active and standby links constitute the Smart Link Group, namely, a backup link group. Normally, the Layer 2 traffic flows to backbone network through active link. The standby link is blocked by Switch and cannot forward the traffic. If the active link fails, the traffic will quickly switch to the standby link, through which the traffic flows to backbone network as shown in Figure 2-3.
Issue 01 (2011-05-30)
2-5
Figure 2-3 Schematic diagram in which the active Smart link fails
Backbone network CX-C
CX-A
CX-B
In active link Switch
Active link
Link Data flow SmartLink flush
When the active link fails, the Switch unblocks the standby link and at the same time, sends SmartLink Flush packets to notify other equipments on the network to delete dynamic MAC and ARP entries. The SmartLink Flush packet contains the control VLAN ID and all IDs of the VLANs whose packets are permitted on the Switch port that connects the active link. Through the control VLAN, the SmartLink Flush packets are transmitted in the control VLAN only. All VLAN IDs that are permitted passing the active link port are used to indicate the VLAN whose dynamic MAC and ARP entries need to be deleted. CX-B processes SmartLink Flush packets as follows: 1. Compare the control VLAN ID of the port that receives the SmartLink Flush packet with the VLAN ID contained in the SmartLink Flush packet. l If they are the same, CX-B deletes the dynamic MAC and ARP entries of the VLAN according to VLAN data contained in the SmartLink Flush packet. l If they are different, the packet is directly forwarded. 2. CX-B broadcasts SmartLink Flush packets within the control VLAN. After receiving SmartLink Flush packets, CX-A and CX-C process packets in the same way as CX-B. By now, CX-A, CX-B, and CX-C have deleted the dynamic MAC and ARP entries before the active link fails. When the downstream traffic of the backbone network reaches CX-C, CX-C forwards the Layer 2 traffic to CX-B according to the refreshed MAC and ARP entries.
On Smart Link networking, after the active link returns to the normal state, to keep the stable traffic, the traffic does not switch back to the active link voluntarily.
2.2 Configuring Ethernet Interfaces of the Interface Board

You can configure Ethernet interfaces on the Interface Boards to ensure correct physical connections between CX600s. 2.2.1 Establishing the Configuration Task Before configuring Ethernet interfaces, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately. 2.2.2 Configuring the MTU of an Ethernet Interface The Maximum Transfer Unit (MTU), which is expressed in bytes, is closely associated with the link layer protocol. The MTU varies according to the network type. Correctly configuring MTUs is a prerequisite to network communication. 2.2.3 Configuring the Working Mode of an Ethernet Interface There are two working modes at the physical layer of an Ethernet network, namely, half duplex mode and full duplex mode. Correctly configuring working modes for Ethernet electrical interfaces is a prerequisite to network communication. 2.2.4 Configuring the Speed of an Ethernet Electrical Interface Ethernet electrical interfaces working at different speeds transmit different volumes of data during the same period of time. Correctly configuring speeds of Ethernet electrical interfaces is a prerequisite to network communication. 2.2.5 Configuring the GE/FE Optical/Electrical Interface Generally, the CX600 sets an Ethernet interface to an optical or electrical interface based on the interface module's type. If the CX600 cannot identify an interface module, you need to manually set the interface to the optical or electrical mode. 2.2.6 Configuring LAN/WAN Transmission Mode for a 10 GE Interface The 10G XFP multi-mode optical transceiver works in either LAN or WAN mode. You can set a proper mode as required. 2.2.7 Configuring Overhead Bytes of the 10GE WAN Interface The Synchronous Optical Network/Synchronous Digital Hierarchy (SONET/SDH) provides various overhead bytes to implement monitoring functions in different hierarchies. 2.2.8 Configuring Flow Control on the GE Interface Configuring flow control on an interface ensures that the interface can properly process received frames. 2.2.9 Configuring Self-Loop Detection on the GE Interface After the self-loop detection function is enabled, the self-loop on an interface can be detected and then the interface is blocked. 2.2.10 Switching the Working Mode of an Ethernet Interface By default, Ethernet interfaces on the CX600 are Layer 3 interfaces. To use Layer 2 attributes of Ethernet interfaces, you need to convert Ethernet interfaces into Layer 2 interfaces. 2.2.11 Checking the Configuration After an Ethernet interface is configured, you can check information about the interface, including the IP address, MTU, speed, working mode, interface mode, and number of received and sent frames.

Before configuring Ethernet interfaces, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
When configuring an Ethernet interface, you must assign an IP address to it. For other parameters, you can use default values. If you have to change them, keep them consistent with the peer device. When a CX device has the function of the Layer 2 switch and the function is in use, you need to configure the Layer 2 parameters of the Ethernet interface.
NOTE
For the application of the Layer 2 features, refer to "VLAN Configuration" and "MSTP Configuration" in this manual.
None
Data Preparation
To configure an Ethernet interface, you need the following data. No. 1 2 3 Data Interface number IP address and mask of the Ethernet interface MTU of the Ethernet interface
2.2.2 Configuring the MTU of an Ethernet Interface

The Maximum Transfer Unit (MTU), which is expressed in bytes, is closely associated with the link layer protocol. The MTU varies according to the network type. Correctly configuring MTUs is a prerequisite to network communication.
Context
Do as follows on each CX device:
Procedure
l Configuring the IPv4 MTU 1. Run:
system-view
The system view is displayed.

2.
Run:
interface { ethernet | gigabitethernet } interface-number
The Ethernet interface view is displayed. 3. Run:

mtu mtu
TheIPv4 MTU of the Ethernet interface is configured. The MTU is expressed in bytes. The MTU range of Ethernet interfaces depends on devices. By default, the MTU is 1500 bytes.
CAUTION
If IPv6 is run on an Ethernet interface and the MTU set by using the mtu command on the interface is smaller than 1280 bytes, IPv6 works abnormally on this interface. To avoid this situation, when IPv6 is run on an Ethernet interface, set the MTU of the interface to a value greater than or equal to 1280. l Configuring the IPv6 MTU 1. Run:
system-view
The system view is displayed. 2. Run:

The Ethernet interface view is displayed. 3. Run:

ipv6 enable
The IPv6 is enabled in this interface. 4. Run:

ipv6 mtu mtu
The IPv6 MTU of the Ethernet interface is configured. The MTU is measured in bytes. The MTU range of Ethernet interfaces depends on physical devices. By default, MTU is 1500 bytes. ----End
Follow-up Procedure
If the MTU is too small whereas the packet size is large, the packet is probably split into many fragments. Thus, the packet may be discarded due to the insufficient QoS queue length. To avoid this situation, lengthen the QoS queue accordingly. The default queue scheduling mechanism is First in First out (FIFO), and the queue length can be changed. For the configuration of a QoS queue, refer to the HUAWEI CX600 Metro Services Platform Configuration Guide - QoS.
2.2.3 Configuring the Working Mode of an Ethernet Interface

There are two working modes at the physical layer of an Ethernet network, namely, half duplex mode and full duplex mode. Correctly configuring working modes for Ethernet electrical interfaces is a prerequisite to network communication.
Context
Do as follows on each interface of the CX device:
Procedure
Step 1 Run:
system-view

The Ethernet interface view is displayed. Step 3 Perform the following as required: l Run the duplex { full | half | auto } command to configure the working mode of the interface. l Run the negotiation auto command to configure the working mode of the interface to be the auto-negotiation mode.
NOTE
l Ethernet optical interfaces can work only in the full-duplex mode. l When connected to a Hub, Ethernet electrical interfaces of a CX device must work in half-duplex mode. When connected to a LAN Switch, the interfaces can work in either full-duplex mode or half-duplex mode only if the mode is consistent with that on the peer device. l The speed of 1000 Mbit/s and the half-duplex mode cannot be configured simultaneously on a GE electrical interface. l When a GE electrical interface works in auto-negotiation mode and at a rate of 1000 Mbit/s, you cannot set the simplex or duplex mode for the interface or delete the auto-negotiation mode l When a GE electrical interface works at a rate of 10 Mbit/s or 100 Mbit/s, you can set the simplex or duplex mode, and auto-negotiation mode for the interface. l If the auto-negotiation mode is enabled on the GE optical interface, the two connected ends must enable the auto-negotiation mode.
----End
2.2.4 Configuring the Speed of an Ethernet Electrical Interface

Ethernet electrical interfaces working at different speeds transmit different volumes of data during the same period of time. Correctly configuring speeds of Ethernet electrical interfaces is a prerequisite to network communication.
Context
The speed of electrical interfaces needs to be set; while that of optical interface need not be set. Do as follows on each CX device:
Procedure
Step 1 Run:
system-view

The interface view is displayed. Step 3 Run:

speed { 10 | 100 | auto }
The speed on the Ethernet interface is configured.

NOTE
By default, GE electrical interfaces work at a rate of 1000 Mbit/s and in auto-negotiation mode. You can manually change the rate if you can ensure that the rate of the local interface is the same as that of the remote interface. When a GE electrical interface works at 10 Mbit/s or 100 Mbit/s, the auto-negotiation mode is deleted.
----End
2.2.5 Configuring the GE/FE Optical/Electrical Interface

Generally, the CX600 sets an Ethernet interface to an optical or electrical interface based on the interface module's type. If the CX600 cannot identify an interface module, you need to manually set the interface to the optical or electrical mode.
Context
Do as follows on each CX device:
Procedure
Step 1 Run:
system-view

The Ethernet interface view is displayed. Step 3 Run:

port-type { copper | fiber-100 | fiber-1000 }
The interface type is set. Once the SFP module is identified, the system can automatically set the interface type according to the type of the SFP module. No configuration is required. If the SFP module that cannot be identified works well, you need to forcibly set the interface type.

NOTE
l When an SFP module is being replaced, the configurations such as the loopback test, interface speed, auto-negotiation mode, and duplex mode on the interface are all restored to default ones. You need to reconfigure them on the interface. l After the port-type command is run, the configurations such as the loopback test, interface speed, autonegotiation mode, and duplex mode on the interface are all restored to default ones. You need to reconfigure them on the interface. l The parameter copper can be configured in the port-type command only when an optical/electrical SFP module is installed.
----End
2.2.6 Configuring LAN/WAN Transmission Mode for a 10 GE Interface

The 10G XFP multi-mode optical transceiver works in either LAN or WAN mode. You can set a proper mode as required.
Context
Do as follows on the CX device:
Procedure
Step 1 Run:
system-view

interface gigabitethernet interface-number
The view of the 10 GE interface is displayed. Step 3 Run:

shutdown
The interface is shut down. Step 4 Run:

set transfer-mode { lan | wan }
The transmission mode is configured for the 10 GE interface. The transmission mode of the 10GE LAN/WAN interface on the local end and that on the remote end must be consistent. Step 5 Run:
undo shutdown
The interface is started.

NOTE
Before configuring the transmission mode of an interface to WAN or LAN, you need to shut down the interface and clear all configurations except ip address.
----End
2.2.7 Configuring Overhead Bytes of the 10GE WAN Interface

The Synchronous Optical Network/Synchronous Digital Hierarchy (SONET/SDH) provides various overhead bytes to implement monitoring functions in different hierarchies.
Context
The 10GE WAN LPU shall adapt SDH/SONET during the packet processing. Therefore, the interface need configure the flag parameters. Do as follows on the CX devices:
Procedure
Step 1 Run:
system-view

The 10GE interface view is displayed. Step 3 To configure the overhead bytes of the 10GE WAN interface, choose the following commands as required: l Run the flag j0 64byte-or-null-mode [ j0-value ] or the flag j0 { 16byte-mode | 1bytemode } j0-value command to configure the overhead byte j0. l Run the flag j1 64byte-or-null-mode [ j1-value ] or the flag j1 { 16byte-mode | 1bytemode } j1-value command to configure the overhead byte j1. l Run the flag c2 c2-value command to configure the overhead byte c2 of the 10GE WAN interface. ----End
2.2.8 Configuring Flow Control on the GE Interface

Configuring flow control on an interface ensures that the interface can properly process received frames.
Context
Do as follows on the CX devices:
Procedure
Step 1 Run:
system-view

The GE interface view is displayed.

Step 3 Run:
flow control [ receive | send ]
The flow control function is enabled. By default, flow control is enabled on a GE interface. After flow control is enabled on an interface, the interface sends a Pause frame to notify the peer interface to send traffic at a slower rate, if the received traffic reaches the set threshold (for example, when the traffic rate on a GE interface exceeds 1 Gbit/s). If the peer interface also supports flow control, it sends traffic at a slower rate after receiving the Pause frame so that the local interface can process received frames properly. ----End
2.2.9 Configuring Self-Loop Detection on the GE Interface

After the self-loop detection function is enabled, the self-loop on an interface can be detected and then the interface is blocked.
Context
Procedure
Step 1 Run:
system-view

The GE interface view is displayed. Step 3 Run:

loopback-detect enable
The self-loop detection function is enabled. Step 4 Run:

loopback-detect block block-time
Set the delay time of the interface recovery after the self-loop on the interface is eliminated. By default, the interface recovers 10 seconds after the self-loop on the interface is eliminated. ----End
2.2.10 Switching the Working Mode of an Ethernet Interface

By default, Ethernet interfaces on the CX600 are Layer 3 interfaces. To use Layer 2 attributes of Ethernet interfaces, you need to convert Ethernet interfaces into Layer 2 interfaces.
Context
After a Layer 3 interface switches to the Layer 2 mode, the Layer 3 ID and functions are disabled, and the MAC address is adopted. Do as follows on each CX device:
Procedure
l Switching the Working Mode of a Specified Ethernet Interface 1. Run:
system-view

The specified Ethernet interface is displayed. 3. Run:

portswitch
The Ethernet interface is switched to a Layer 2 interface. l Switching the Working Mode of Ethernet Interfaces in Batch 1. Run:
system-view

portswitch batch interface-type { interface-number1 [ to interfacenumber2 ] } &<1-10>
The working mode of Ethernet interfaces are switched in batch. By default, Ethernet interfaces work in the Layer 3 mode. ----End

After an Ethernet interface is configured, you can check information about the interface, including the IP address, MTU, speed, working mode, interface mode, and number of received and sent frames.
Procedure
l l Run the display interface { ethernet | gigabitethernet } [ interface-number ] command to check the status of the specified Ethernet interface. Run the display interface ethernet brief command to check the brief information about the Ethernet interface.
----End
Example
Run the display interface command. You can view the MTU, IP address and mask, working speed and mode. For example:
<HUAWEI> display interface gigabitethernet 2/0/0 GigabitEthernet2/0/0 current state : UP Line protocol current state : UP Description : GigabitEthernet2/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 bytes, Hold timer is 10(sec) Internet Address is 1.1.3.1/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc01-0054 Media type: twisted-pair ,Link type: auto negotiation Loopback:none, Maximal BW:1G, Current BW:100M, full-duplex mode, Pause Flowcontrol:Send and Receive Enable Statistics last cleared:never Last 30 seconds input rate: 0 bits/sec, 0 packets/sec Last 30 seconds output rate: 0 bits/sec, 0 packets/sec Input: 0 Bytes, 0 Packets Output: 0 Bytes, 0 Packets Input: Unicast: 0, Multicast: 0 Broadcast: 0, JumboOctets: 0 CRC: 0, Symbol: 0 Overrun: 0 , InRangeLength: 0 LongPacket: 0 , Jabber: 0, Alignment: 0 Fragment: 0, Undersized Frame: 0 RxPause: 0 Output: Unicast: 0, Multicast: 0 Broadcast: 0, JumboOctets: 0 Lost: 0, Overflow: 0, Underrun: 0 TxPause: 0 Input bandwidth utilization : 0.01% Output bandwidth utilization : 0.01%
Running the display interface ethernet brief command, you can view the brief information about the Ethernet interface. The information includes the physical status, auto-negotiation mode, full-duplex mode, interface rate, and the average bandwidth utility in the recent period in the receiving direction and sending direction.
<HUAWEI> display interface ethernet brief *down: administratively down ^down: standby (l): loopback (b): BFD down InUti/OutUti: input utility/output utility Interface Physical Auto-Neg Duplex Trunk GigabitEthernet0/0/0 up enable half -GigabitEthernet2/0/0 up disable full -GigabitEthernet2/0/1 up disable full -GigabitEthernet2/0/2 down disable full -GigabitEthernet3/0/0 down enable full -GigabitEthernet3/0/1 down enable full -GigabitEthernet3/0/1.1 down enable full -GigabitEthernet3/0/2 up enable full -GigabitEthernet3/0/3 down enable full --
Bandwidth 100M 1000M 1000M 1000M 1000M 100M 100M 1000M 1000M
InUti 0% 0.01% 0% 0% 0% 0% 0% 0.01% 0%
OutUti 0% 0.01% 0% 0% 0% 0% 0% 0.01% 0%
2-16
Issue 01 (2011-05-30)
2.3 Configuring Ethernet Interfaces of the SRU

By configuring an Ethernet interface on an MPU, you can connect the CX600 to a network management system (NMS) for management. 2.3.1 Establishing the Configuration Task Before configuring an Ethernet interface on an MPU, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately. 2.3.2 Assigning an IP Address to an Ethernet Interface You can assign an IP address to an Ethernet interface on the CX600to implement communication between the CX600 and the NMS. 2.3.3 Configuring the Working Mode of an Ethernet Electrical Interface There are two working modes at the physical layer of an Ethernet network, namely, half duplex mode and full duplex mode. Correctly configuring working modes for Ethernet electrical interfaces is a prerequisite to network communication. 2.3.4 Configuring the Speed of an Ethernet Electrical Interface Ethernet electrical interfaces working at different speeds transmit different volumes of data during the same period of time. Correctly configuring speeds of Ethernet electrical interfaces is a prerequisite to network communication. 2.3.5 Configuring the Promiscuity Mode The promiscuity mode of an interface determines how the CX600 receives frames from the physical layer.

Before configuring an Ethernet interface on an MPU, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
Ethernet interface of the MPU/SRU is used to connect the network management station of the system.
Pre-configured Tasks
None
Data Preparation
To configure the Ethernet interface, you need the following data. No. 1 2 Data Ethernet interface number IP address and mask of the Ethernet interface
Issue 01 (2011-05-30)
2-17
2.3.2 Assigning an IP Address to an Ethernet Interface

You can assign an IP address to an Ethernet interface on the CX600to implement communication between the CX600 and the NMS.
Context
For detailed information about IP address configuration, refer to the HUAWEI CX600 Metro Services Platform Configuration Guide - IP Services. Do as follows on the CX devices:
Procedure
Step 1 Run:
system-view

The GigabitEthernet interface view is displayed. Step 3 Run:

ip address { mask |mask-length } [ sub ]
An IP address is assigned for the interface. Note that the parameter sub is used to configure the second or more IP addresses for the interface. ----End
2.3.3 Configuring the Working Mode of an Ethernet Electrical Interface

There are two working modes at the physical layer of an Ethernet network, namely, half duplex mode and full duplex mode. Correctly configuring working modes for Ethernet electrical interfaces is a prerequisite to network communication.
Context
Procedure
Step 1 Run:
system-view

The GigabitEthernet interface view is displayed.

Step 3 Run
duplex { auto | half | full }
The working mode of the Ethernet electrical interface is configured. The Ethernet electrical interface can work in both full-duplex and half-duplex mode.
NOTE
l When connected to a Hub, Ethernet electrical interfaces of the CX device must work in half-duplex mode. l When connected to a LAN Switch, Ethernet electrical interfaces of the CX devices can work in either full-duplex mode or half-duplex mode only if consistent with the configuration on the peer device. l The operating mode of the Ethernet interface on the local end and that on the remote end must be consistent.
By default, the auto mode, which is the best half-duplex mode of system auto-negotiation, is adopted. ----End
2.3.4 Configuring the Speed of an Ethernet Electrical Interface

Ethernet electrical interfaces working at different speeds transmit different volumes of data during the same period of time. Correctly configuring speeds of Ethernet electrical interfaces is a prerequisite to network communication.
Context
Procedure
Step 1 Run:
system-view


speed { auto | 10 | 100 | 1000 }
The speed on the Ethernet electrical interface is configured. The CX600 Ethernet electrical interface supports three kinds of operating speed: 10Mbit/s, 100Mbit/s, and 1000Mbit/s. By default, the auto mode, which is the best half-duplex mode of system auto-negotiation, is adopted. You can specify the operating speed of an interface manually. Do keep the rate the same as that of the peer device. ----End
2.3.5 Configuring the Promiscuity Mode

The promiscuity mode of an interface determines how the CX600 receives frames from the physical layer.
Context
Procedure
Step 1 Run:
system-view


promode { on | off }
The Promiscuity Mode is set. By default, the promiscuity mode of the Ethernet interface on SRU/MPU is off. ----End
2.4 Configuring Ethernet Interfaces Layer 2 Parameters

After an Ethernet interface is configured with Layer 2 attributes, it can access a device or directly forward Ethernet frames on a Layer 2 network. Layer 2 attributes define link layer information of Ethernet interfaces. 2.4.1 Establishing the Configuration Task Before configuring Layer 2 attributes for Ethernet interfaces, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately. 2.4.2 Configuring Link Layer Type of an Ethernet Interface Link types of Ethernet interfaces are access, hybrid, trunk, and dot1q-tunnel. You need to configure a proper link type for an Ethernet interface so that the interface can transmit VLANtagged frames.

Before configuring Layer 2 attributes for Ethernet interfaces, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
The Ethernet interfaces provided by the CX600 can work in the following two modes: routed mode (Layer 3 mode) and switched mode (Layer 2 mode).
Routed mode: can be configured with the Layer 3 attributes and switched to the Layer 2 mode by commands. By default, the Ethernet interface is in the Layer 3 mode. Switched mode: can be configured with the Layer 2 attributes and switched to the Layer 3 mode by commands.
When the CX device is used as a Layer 2 switch, Layer 2 parameters are required on Ethernet interface.
Pre-configured Tasks
None
Data Preparation
To configure the Ethernet interface, you need the following data. No. 1 2 Data Ethernet interface number 802.1p priority value of the Ethernet interface
2.4.2 Configuring Link Layer Type of an Ethernet Interface

Link types of Ethernet interfaces are access, hybrid, trunk, and dot1q-tunnel. You need to configure a proper link type for an Ethernet interface so that the interface can transmit VLANtagged frames.
Context
The Ethernet interface supports four types of links: Access, dot1q-tunnel, Trunk and Hybrid. l l l l Access: In this mode, the interface belongs to only one VLAN and is generally used to connect PCs. dot1q-tunnel: In this mode, the interface is enabled Q-in-Q function. Hybrid: In this mode, the interface can belong to multiple VLANs to receive and send packets of these VLANs. It is used to connect switches or PCs. Trunk: In this mode, the interface can belong to multiple VLANs to receive and send packets of these VLANs. It is used to connect switches.
The difference between the Hybrid interface and the trunk interface lies that, the Hybrid interface allows transmitting untagged packets of multiple VLANs whereas the trunk interface allows that of the default VLAN only. Do as follows on the CX devices:
Procedure
Step 1 Run:
system-view
Issue 01 (2011-05-30)
2-21


portswitch
The Ethernet interface is switched to Layer 2 mode. Step 4 Run:

port link-type { access | hybrid | trunk | dot1q-tunnel }
The interface type is specified. By default, the link type is Hybrid. ----End
2.5 Configuring SmartLink Flush Function

Some Layer 2 devices in the network support the Smart Link function. By default, Huawei data communication devices do not process the SmartLink flush packets sent from these Layer 2 devices. To enable the communication between the Huawei devices and the devices of other vendors, you need to configure the SmartLink Flush function on Huawei data communication devices. 2.5.1 Establishing the Configuration Task Before configuring the SmartLink Flush function, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately. 2.5.2 Enabling a Port to Process SmartLink Flush Packets The Huawei device can process the SmartLink flush packets only after being enabled with the SmartLink Flush function; otherwise, the device discards the SmartLink flush packets.

Before configuring the SmartLink Flush function, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
Some Layer 2 devices on network support the Smart Link function. By default, Huawei data communication devices do not process the SmartLink Flush packets sent by these devices. To ensure the Smart Link function to be enabled on these Layer 2 devices, Huawei data communication devices are required processing SmartLink Flush packets when working with non-Huawei switches supporting the Smart Link function on a network.
Before configuring equipment to process SmartLink Flush packets, complete the following tasks: l l Ensuring that the physical interfaces on network devices are correctly connected and in the state of Up. Enabling the port that can process SmartLink Flush packets to allow the packet that carries the control VLAN tag passing.
Data Preparation
Before configuring equipment to process SmartLink Flush packets, you need the following data. No. 1 2 Data Number of the interface that can recognize SmartLink Flush packets Control VLAN ID
2.5.2 Enabling a Port to Process SmartLink Flush Packets

The Huawei device can process the SmartLink flush packets only after being enabled with the SmartLink Flush function; otherwise, the device discards the SmartLink flush packets.
Context
Do as follows on CX devices that are deployed together with the switch enabled with the Smart Link function.
Procedure
Step 1 Run:
system-view


portswitch
The Ethernet interface is switched to Layer 2 mode. Step 4 Run:

smart-link flush enable control-vlan vlan-id
The Ethernet interface is switched to Layer 2 mode. The Ethernet interface is enabled to process SmartLink Flush packets.
If the SmartLink Flush packet carries the control VLAN Tag, vlan-id must accord with the control VLAN ID in the SmartLink Flush packet. Otherwise, the equipment does not process this SmartLink Flush packet. ----End
2.6 Maintaining Ethernet Interfaces

The commands related to Ethernet interfaces can be used to locate the faults on an Ethernet interface. 2.6.1 Testing the Loop of Ethernet Interfaces To test an Ethernet interface itself, you can run the loopback command in the Ethernet interface view. When the interface works normally, you must disable the loopback function.
2.6.1 Testing the Loop of Ethernet Interfaces

To test an Ethernet interface itself, you can run the loopback command in the Ethernet interface view. When the interface works normally, you must disable the loopback function.
Context
The loop of Ethernet interfaces is generally used to test the interfaces. Run the following command in the Ethernet interface view. When interfaces work normally, disable the loop.
Procedure
Step 1 Run the loopback { local | remote } command in Ethernet interface view or GE interface view to enable the loop on interfaces. ----End

This section lists the networking requirements, configuration roadmap, and data preparation to describe the typical application scenarios of Ethernet interfaces, and provides related configuration files.
NOTE
2.7.1 Example for Configuring a Layer 3 Ethernet Interface In this networking, you need to configure only the IP address, because other configuration items retain their default values. If the values of other configuration items need to be changed, you must set them to be the same as those on the remote device. 2.7.2 Example for Configuring VLANs to Communicate Through Ethernet Sub-interfaces To enable communications between different VLANs, you can create sub-interfaces specific to VLANs on the Ethernet interfaces that connect a router and a switch. In addition, you can
configure 802.1Q encapsulation on and assign IP addresses to the sub-interfaces. In this manner, communications between VLANs can be implemented through Layer 2 switches and routers. 2.7.3 Example for Configuring a Device to Handle Smartlink Flush Packets In this networking, the devices of other vendors support the SmartLink function but the Huawei devices do not support the SmartLink function by default. When the Huawei data communication devices need to communicate with the switches of other vendors that support the SmartLink function, you need to enable the Huawei devices to process SmartLink flush packets.
2.7.1 Example for Configuring a Layer 3 Ethernet Interface

In this networking, you need to configure only the IP address, because other configuration items retain their default values. If the values of other configuration items need to be changed, you must set them to be the same as those on the remote device.
As shown in Figure 2-4, Ethernet interfaces of CX-A, CX-B, and CX-C are connected to the IP network 100.1.1.0/24. Figure 2-4 Networking diagram of Ethernet interface configuration
CX-A
CX-B
GE1/0/0 100.1.1.1/24
GE1/0/0 100.1.1.2/24 GE1/0/0 100.1.1.3/24
CX-C
The configuration roadmap is as follows: 1. 2. Configure description about each CX device. Configure IP addresses for interfaces on each CX device.
Data Preparation
To configure an Ethernet interface, you need the following data: l l
Issue 01 (2011-05-30)
Interface number IP address of the interface

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2-25
Procedure
Step 1 Configure CX-A.
<HUAWEI> system-view [HUAWEI] sysname CX-A [CX-A] interface gigabitethernet 1/0/0 [CX-A-GigabitEthernet1/0/0] undo shutdown [CX-A-GigabitEthernet1/0/0] description CX-A [CX-A-GigabitEthernet1/0/0] ip address 100.1.1.1 255.255.255.0 [CX-A-GigabitEthernet1/0/0] quit
Step 2 Configure CX-B.

<HUAWEI> system-view [HUAWEI] sysname CX-B [CX-B] interface gigabitethernet 1/0/0 [CX-B-GigabitEthernet1/0/0] undo shutdown [CX-B-GigabitEthernet1/0/0] description CX-B [CX-B-GigabitEthernet1/0/0] ip address 100.1.1.2 255.255.255.0 [CX-B-GigabitEthernet1/0/0] quit
Step 3 Configure CX-C.

<HUAWEI> system-view [HUAWEI] sysname CX-C [CX-C] interface gigabitethernet 1/0/0 [CX-C-GigabitEthernet1/0/0] undo shutdown [CX-C-GigabitEthernet1/0/0] description CX-C [CX-C-GigabitEthernet1/0/0] ip address 100.1.1.3 255.255.255.0 [CX-C-GigabitEthernet1/0/0] quit
Step 4 Verify the configuration. After the configuration, using the following methods, you can check whether the interface works normally with the configuration. l In the case of small traffic volume, ping Ethernet interfaces of a CX device from another CX device. The interfaces are normal if all the ping packets are returned. l Check the statistics of a CX device. The interfaces are normal if the number of received error frames does not change. Check the interface status of each CX device. In the normal situation, the physical status and protocol status are Up. Take CX-A as an example:
<CX-A> display ip interface brief *down: administratively down !down: FIB overload down (l): loopback (s): spoofing The number of interface that is UP in Physical is 2 The number of interface that is DOWN in Physical is 0 The number of interface that is UP in Protocol is 2 The number of interface that is DOWN in Protocol is 0 Interface IP Address/Mask Physical Protocol GigabitEthernet1/0/0 100.1.1.1 up up NULL0 unassigned up up(s)
----End
Configuration Files
l Configuration file of CX-A
# sysname CX-A
2-26
Issue 01 (2011-05-30)
# interface GigabitEthernet1/0/0 undo shutdown ip address 100.1.1.1 255.255.255.0 description CX-A # return
Configuration file of CX-B

# sysname CX-B # interface GigabitEthernet1/0/0 undo shutdown ip address 100.1.1.2 255.255.255.0 description CX-B # return
Configuration file of CX-C

# sysname CX-C # interface GigabitEthernet1/0/0 undo shutdown ip address 100.1.1.3 255.255.255.0 description CX-C # return
2.7.2 Example for Configuring VLANs to Communicate Through Ethernet Sub-interfaces

To enable communications between different VLANs, you can create sub-interfaces specific to VLANs on the Ethernet interfaces that connect a router and a switch. In addition, you can configure 802.1Q encapsulation on and assign IP addresses to the sub-interfaces. In this manner, communications between VLANs can be implemented through Layer 2 switches and routers.
Context
For details, refer to 4.12.2 Example for Configuring Inter-VLAN Communication by Using Sub-interfaces in the 4 VLAN Configuration.
2.7.3 Example for Configuring a Device to Handle Smartlink Flush Packets

In this networking, the devices of other vendors support the SmartLink function but the Huawei devices do not support the SmartLink function by default. When the Huawei data communication devices need to communicate with the switches of other vendors that support the SmartLink function, you need to enable the Huawei devices to process SmartLink flush packets.
As shown in Figure 2-5, CX-A, CX-B, and CX-C are Huawei devices and the Switch supports the Smart Link function. The Smart Link is enabled on the Switch. Two uplinks constitute a Smart Link Group, namely, a backup link group. CX-A is the active link for the Switch and CX-B is the standby link. At last, the data reach the backbone network through CX-C.
The control VLAN ID of the Switch is 10. It requires the interfaces on CX-A, CX-B, and CX-C to enable to process SmartLink Flush packet. This can help the Switch to realize the switchover between active and standby links. Figure 2-5 Networking diagram of configuring equipment to process Smart Link packets
Backbone network CX-C GE1/0/0 GE2/0/0
GE2/0/0 CX-A GE1/0/0 Active link VLAN 10
GE2/0/0 CX-B GE1/0/0 Inactive link VLAN 10 smart-link Switch Link
The configuration roadmap is as follows: 1. 2. Change the interface on the CX device to Layer 2 mode and configure the port to allow packets from VLAN 10 to pass. Enable a Layer 2 port to recognize the SmartLink Flush packet.
Data Preparation
To complete the configuration, you need the following data: l l Control VLAN ID Number of the interface on the CX device
Procedure
Step 1 Configure the interface on a CX device # Create VLAN 1 to VLAN 4094 on CX-A.
<HUAWEI> system-view [HUAWEI] syname CX-A [CX-A] vlan batch 1 to 4094
2-28
Issue 01 (2011-05-30)
# Switch the interfaces GE 1/0/0 and GE 2/0/0 on CX-A to Layer 2 mode and configure them as VLAN trunk ports that allow all VLAN frames to pass.
[CX-A] interface gigabitethernet 1/0/0 [CX-A-GigabitEthernet1/0/0] undo shutdown [CX-A-GigabitEthernet1/0/0] portswitch [CX-A-GigabitEthernet1/0/0] port link-type trunk [CX-A-GigabitEthernet1/0/0] port trunk allow-pass vlan all [CX-A-GigabitEthernet1/0/0] quit [CX-A] interface gigabitethernet 2/0/0 [CX-A-GigabitEthernet2/0/0] undo shutdown [CX-A-GigabitEthernet2/0/0] portswitch [CX-A-GigabitEthernet2/0/0] port link-type trunk [CX-A-GigabitEthernet2/0/0] port trunk allow-pass vlan all [CX-A-GigabitEthernet2/0/0] quit
# Create VLAN 1 to VLAN 4094 on CX-B.

<HUAWEI> system-view [HUAWEI] syname CX-B [CX-B] vlan batch 1 to 4094
# Switch GE 1/0/0 and GE 2/0/0 on CX-B to Layer 2 mode and configure them as VLAN trunk ports that allow all VLAN frames to pass.
[CX-B] interface gigabitethernet 1/0/0 [CX-B-GigabitEthernet1/0/0] undo shutdown [CX-B-GigabitEthernet1/0/0] portswitch [CX-B-GigabitEthernet1/0/0] port link-type trunk [CX-B-GigabitEthernet1/0/0] port trunk allow-pass vlan all [CX-B-GigabitEthernet1/0/0] quit [CX-B] interface gigabitethernet 2/0/0 [CX-B-GigabitEthernet2/0/0] undo shutdown [CX-B-GigabitEthernet2/0/0] portswitch [CX-B-GigabitEthernet2/0/0] port link-type trunk [CX-B-GigabitEthernet2/0/0] port trunk allow-pass vlan all [CX-B-GigabitEthernet2/0/0] quit
# Create VLAN 1 to VLAN 4094 on CX-C.

<HUAWEI> system-view [HUAWEI] syname CX-C [CX-C] vlan batch 1 to 4094
# Switch GE 1/0/0 and GE 2/0/0 on CX-C to Layer 2 mode and configure them as VLAN trunk ports that allow all VLAN frames to pass.
[CX-C] interface gigabitethernet 1/0/0 [CX-C-GigabitEthernet1/0/0] undo shutdown [CX-C-GigabitEthernet1/0/0] portswitch [CX-C-GigabitEthernet1/0/0] port link-type trunk [CX-C-GigabitEthernet1/0/0] port trunk allow-pass vlan all [CX-C-GigabitEthernet1/0/0] quit [CX-C] interface gigabitethernet 2/0/0 [CX-C-GigabitEthernet2/0/0] undo shutdown [CX-C-GigabitEthernet2/0/0] portswitch [CX-C-GigabitEthernet2/0/0] port link-type trunk [CX-C-GigabitEthernet2/0/0] port trunk allow-pass vlan all [CX-C-GigabitEthernet2/0/0] quit
Step 2 Enable the port to recognize SmartLink Flush packets # Enable GE 1/0/0 and GE 2/0/0 on CX-A to recognize SmartLink Flush packets.
[CX-A] interface gigabitethernet 1/0/0 [CX-A-GigabitEthernet1/0/0] smart-link flush enable control-vlan 10 [CX-A-GigabitEthernet1/0/0] quit [CX-A] interface gigabitethernet 2/0/0 [CX-A-GigabitEthernet2/0/0] smart-link flush enable control-vlan 10
Issue 01 (2011-05-30)
2-29

[CX-A-GigabitEthernet2/0/0] quit
# Enable GE 1/0/0 and GE 2/0/0 on CX-B to recognize SmartLink Flush packets.

[CX-B] interface gigabitethernet 1/0/0 [CX-B-GigabitEthernet1/0/0] smart-link flush enable control-vlan 10 [CX-B-GigabitEthernet1/0/0] quit [CX-B] interface gigabitethernet 2/0/0 [CX-B-GigabitEthernet2/0/0] smart-link flush enable control-vlan 10 [CX-B-GigabitEthernet2/0/0] quit
# Enable GE 1/0/0 and GE 2/0/0 on CX-C to recognize SmartLink Flush packets.

[CX-C] interface gigabitethernet 1/0/0 [CX-C-GigabitEthernet1/0/0] smart-link flush enable control-vlan 10 [CX-C-GigabitEthernet1/0/0] quit [CX-C] interface gigabitethernet 2/0/0 [CX-C-GigabitEthernet2/0/0] smart-link flush enable control-vlan 10 [CX-C-GigabitEthernet2/0/0] quit
Step 3 Verify the configuration. # Run the display this command. You can check whether the smart-link flush enable command is configured and a correct VLAN ID is specified. Take CX-A as an example:
[CX-A-GigabitEthernet1/0/0] display this # interface GigabitEthernet1/0/0 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 1 to 4094 smart-link flush enable control-vlan 10 #return
----End
Configuration Files
# sysname CX-A # vlan batch 1 to 4094 # interface GigabitEthernet1/0/0 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 1 to 4094 smart-link flush enable control-vlan 10 # interface GigabitEthernet2/0/0 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 1 to 4094 smart-link flush enable control-vlan 10 # return

# sysname CX-B # vlan batch 1 to 4094 # interface GigabitEthernet1/0/0
2-30
Issue 01 (2011-05-30)
undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 1 to 4094 smart-link flush enable control-vlan 10 # interface GigabitEthernet2/0/0 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 1 to 4094 smart-link flush enable control-vlan 10 # return

# sysname CX-C # vlan batch 1 to 4094 # interface GigabitEthernet1/0/0 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 1 to 4094 smart-link flush enable control-vlan 10 # interface GigabitEthernet2/0/0 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 1 to 4094 smart-link flush enable control-vlan 10 # return
Issue 01 (2011-05-30)
2-31
3 Eth-Trunk Interface Configuration
Eth-Trunk Interface Configuration
About This Chapter

You can configure Eth-Trunk interfaces to implement load balancing, increase interface bandwidth, and improve transmission reliability. 3.1 Eth-Trunk Interface Introduction Trunk is a binding technology. Multiple Ethernet interfaces can be bound into a logical interface, which is called an Eth-Trunk interface. The Ethernet interfaces are called member interfaces. 3.2 Configuring an Eth-Trunk Interface in Manual Load Balancing Mode Of the two directly connected devices between which an Eth-Trunk connection is established, one device does not support the Link Aggregation Control Protocol (LACP). In this case, you can create an Eth-Trunk interface in manual load balancing mode on each device, and then add interfaces to the Eth-Trunk interface to increase bandwidth and improve reliability. 3.3 Configuring an Eth-Trunk Interface in 1:1 Active/Standby Mode Eth-Trunk interfaces in 1:1 active/standby mode can be configured on two devices so that data can be transmitted over the links working in 1:1 backup mode. 3.4 Configuring an Eth-Trunk Interface in Static LACP Mode LACP provides a standard negotiation mode for the devices that exchange data. In this negotiation mode, the system can automatically form aggregation links based on its configuration and enable the aggregation links to receive and send data, which thus improves fault tolerance. In addition, member links can work in M:N backup mode, ensuring reliable data transmission. 3.5 Associating an Eth-Trunk Interface in Static LACP Mode with an mVRRP Backup Group After an Eth-Trunk interface in static LACP mode is associated with an mVRRP backup group, the Eth-Trunk interface can detect the status change in the mVRRP backup group, and thus rapidly switch traffic to an available path. This ensures reliable data transmission. 3.6 Configuring Layer 2 Attributes for an Eth-Trunk Interface Layer 2 attributes define link layer attributes for an Eth-Trunk interface. 3.7 Configuring Layer 3 Attributes for an Eth-Trunk Interface To use an Eth-Trunk interface to transmit Layer 3 packets, you need to configure Layer 3 attributes for the Eth-Trunk interface. 3.8 Configuring an Eth-Trunk Sub-interface
Layer 2 and Layer 3 Eth-Trunk interfaces on the CX600 can be configured with sub-interfaces. Creating a sub-interface on a Layer 2 Eth-Trunk interface and then configuring MPLS TE on the sub-interface enable a physical link to transmit both Layer 2 and Layer 3 services. 3.9 Configuring E-Trunk Enhanced Trunk (E-Trunk) is an extension of LACP to implement link aggregation among multiple devices. It guarantees device-level link reliability. 3.10 Maintaining Eth-Trunk Interfaces Statistics clearing commands helps to locate faults on Eth-Trunk interfaces. 3.11 Configuration Examples This section describes typical application scenarios for Eth-Trunk interfaces, providing networking requirements, configuration roadmap, data preparation, and configuration files.
3-2
Issue 01 (2011-05-30)
3.1 Eth-Trunk Interface Introduction

Trunk is a binding technology. Multiple Ethernet interfaces can be bound into a logical interface, which is called an Eth-Trunk interface. The Ethernet interfaces are called member interfaces. 3.1.1 Introduction to Eth-Trunk Interfaces and LACP In addition to all functions of an Ethernet interface, an Eth-Trunk interface provides wider bandwidth and higher transmission reliability. 3.1.2 Eth-Trunk Interface and LACP Features Supported by the CX600 Before configuring Eth-Trunk interfaces, familiarize yourself with the concepts such as link aggregation modes, load balancing, lower and upper thresholds for Up member links, member interface backup, and Eth-Trunk sub-interfaces. This will help you complete the configuration tasks quickly and accurately.
3.1.1 Introduction to Eth-Trunk Interfaces and LACP

In addition to all functions of an Ethernet interface, an Eth-Trunk interface provides wider bandwidth and higher transmission reliability.
Eth-Trunk Interfaces
Trunk interfaces are classified into Eth-Trunk interfaces and IP-Trunk interfaces. An Eth-Trunk link consists of Ethernet links only. For detailed configurations of IP-Trunk interfaces, refer to the HUAWEI CX600 Metro Services Platform Configuration Guide - WAN Access. A maximum of 64 trunk interfaces (including Eth-Trunk and IP-Trunk interfaces) can be created on one CX device; each Eth-Trunk interface contains up to 16 physical member links. The Eth-Trunk technology has the following advantages: l l Increasing bandwidth: The bandwidth of an Eth-Trunk interface is the sum of the bandwidth of all member interfaces. Improving reliability: If a member link fails, traffic automatically switches to another available link.
An Eth-Trunk interface has the following characteristics: l l l l l l Supports the features of an Ethernet interface. Supports the configuration of an IP address, and its member interfaces borrow this IP address. Supports Layer 2 forwarding, MPLS forwarding, and Layer 3 unicast and multicast forwarding. The Hash algorithm can be used in load balancing by flow. Supports QoS based on physical interfaces and logical interfaces. Supports MPLS and VPN instance binding. Supports hot backup and hot swap.
NOTE
Eth-Trunk sub-interfaces are used between VLANs. For the configuration of Eth-Trunk sub-interfaces, refer to the chapter "VLAN Configuration" in this manual.
Issue 01 (2011-05-30)
3-3
LACP
Link aggregation is a method of binding a group of physical interfaces into a logical interface to increase bandwidth. The bound interfaces are called a multi-interface load sharing group or a link aggregation group (LAG). For more information about link aggregation, refer to IEEE 802.3ad. Establishing an LAG between two devices provides wider bandwidth and greater reliability. Link aggregation provides protection for communications between devices without the need of upgrading the devices' hardware. l Active and inactive interfaces Interfaces that are in the active state and responsible for forwarding data are called active interfaces. On the contrary, interfaces that are in the inactive state and do not forward data are called inactive interfaces. Based on working modes, active and inactive interfaces are classified as follows: Manual load balancing mode: generally, all member interfaces are active ones unless a fault occurs on a member interface. 1:1 active/standby mode: normally, the master interface is the active interface and the backup interface is the inactive interface. If the master interface fails, the backup interface is activated and the master interface becomes inactive. Static LACP mode: the interfaces connected to M links are active interfaces that are responsible for forwarding data; the interfaces connected to N links are inactive interfaces that back up the active interfaces. l Actor and Partner In static LACP mode, the device with a higher LACP priority in an LAG is the Actor and the device with a lower LACP priority is the Partner. Differentiating the Actor and the Partner helps both devices to select the same interfaces as the active interfaces. If the two devices select active interfaces based on interface priorities, different interfaces are probably selected. As a result, active links cannot be established. Therefore, the Actor must be determined. The Partner then selects active interfaces based on interface priorities of the Actor, as shown in Figure 3-1. Figure 3-1 Actor determines active links in static LACP mode
CX-A
CX-B
The device with higher system priority
The device with lower system priority The actor determines the active links
CX-A
CX-B
l
3-4
Control VLAN
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2011-05-30)
In 1:1 active/standby mode, a VLAN that sends or receives Flush packets is called a control VLAN.
3.1.2 Eth-Trunk Interface and LACP Features Supported by the CX600

Before configuring Eth-Trunk interfaces, familiarize yourself with the concepts such as link aggregation modes, load balancing, lower and upper thresholds for Up member links, member interface backup, and Eth-Trunk sub-interfaces. This will help you complete the configuration tasks quickly and accurately.
Lower and Upper Thresholds for Up Member Links

The number of Up member links of an Eth-Trunk link affects the status and bandwidth of the Eth-Trunk link. To stabilize the Eth-Trunk link, you can set thresholds to limit the number of Up member interfaces, thus reducing the possibilities of status changes of the Eth-Trunk link. l l Lower threshold for Up member links: If the number of Up member links falls below this threshold, the Eth-Trunk link becomes Down. Upper threshold for Up member links: After the number of Up member links reaches this threshold, more member interfaces becoming Up will not increase the bandwidth of the Eth-Trunk link. If the number of Up member links falls below this threshold, the bandwidth of the Eth-Trunk link will decrease.
Load Balancing
Traffic transmitted over an Eth-Trunk link are distributed to member links. The volume of traffic transmitted over a member interface is determined by the weight configured for the member link. Load balancing can be carried out in the following ways: l Per-destination load balancing: packets with the same source and destination IP addresses or with the same source and destination MAC addresses are transmitted over one member link. Layer 2 Eth-Trunk interfaces support only per-destination load balancing for packets with the same source and destination MAC addresses. Layer 3 Eth-Trunk interfaces support only per-destination load balancing for packets with the same source and destination IP addresses. l Per-packet load balancing: packets are transmitted over different member links. Both Layer 2 and Layer 3 Eth-Trunk interfaces support per-packet load balancing.
Member Interface Backup

To improve the reliability of an Eth-Trunk interface, you can configure member interface backup. If a member interface goes Down, traffic rapidly switches to another member interface. The backup interface is an Up member interface of the same Eth-Trunk interface.
Issue 01 (2011-05-30)
3-5

NOTE
If member interfaces of a trunk interface reside on different LPUs, a BFD session needs to be configured to detect the member link status, with the process-pst command being used to associate the BFD session with member interfaces. Otherwise, traffic will be lost in certain situations (for example, when the LPU where a member interface resides is restarted). For the configuration of a BFD session, refer to the HUAWEI CX600 Metro Services Platform Configuration Guide - Reliability.
Eth-Trunk Sub-interfaces
Sub-interfaces can be created on an Eth-Trunk interface. The CX600 supports creation of subinterfaces on both Layer 3 Eth-Trunk interfaces and Layer 2 Eth-Trunk interfaces. After an Eth-Trunk sub-interface is encapsulated with 802.1Q and associated with a VLAN, devices in this VLAN can communicate with other devices by using the Eth-Trunk sub-interface. An Eth-Trunk sub-interface can be configured with dot1q termination or QinQ termination. For details, see QinQ Configuration. In addition to the preceding applications, a Layer 2 Eth-Trunk sub-interface can transmit both Layer 2 and Layer 3 services along one physical link. As shown in Figure 3-2, the backbone of the MAN is a Layer 2 Eth-Trunk ring network that supports QinQ services. On the Eth-Trunk ring network. Each CX600 is connected to a Layer 2 ring network consisting of several switches. The digital subscriber line access multiplexer (DSLAM) devices are connected to switches and access the broadband remote access servers (BRASs) by using VLAN mapping over the Layer 2 ring network and the Eth-Trunk network. The entire Eth-Trunk ring network supporting Layer 2 functions is required. In addition, the CX600 provides access for CEs and provides L3VPN services by using TE tunnels. This requires the Layer 2 interfaces of the CX600s forming the Eth-Trunk ring network support TE tunnels based on Layer 3 interfaces. In this case, Layer 2 Eth-Trunk sub-interfaces can be configured to meet the requirements. On the Eth-Trunk ring network, Eth-Trunk interfaces provide Layer 2 functions and Layer 2 EthTrunk sub-interfaces provide MPLS TE functions.
3-6
Issue 01 (2011-05-30)
Figure 3-2 Application of Layer 2 Eth-Trunk sub-interfaces (Eth-Trunk ring network)

CX600
Layer2 Ring
CX600
TE Tunnel (Backup) BRAS Eth-Trunk Ring CX600
TE Tunnel (Main) CX600 CX600 L3VPN Network DSLAM CE1 CE2 BRAS
Manual Load Balancing Mode

The manual load balancing mode allows interfaces to be manually added to an LAG to transmit packets. The CX600 supports these manual load balancing modes: IP, MAC, and Packet-all. IP and MAC are applicable to per-destination load balancing and Packet-all is applicable to perpacket load balancing.
1:1 Active/Standby Mode

In 1:1 active/standby mode, an LAG contains only two member interfaces. One is master and the other is backup. In manual mode, an Eth-Trunk interface is manually created; interfaces are manually added to the Eth-Trunk; member interfaces are manually set to the active or inactive state. In this mode, Link Aggregation Control Protocol Date Units (LACPDUs) are not involved. The manual mode is used when the peer device does not support LACP.
Static LACP Mode

The static LACP mode is a link aggregation method of determining active and inactive interfaces by using LACPDUs to negotiate parameters. In static LACP mode, an Eth-Trunk is manually created and interfaces are manually added to the Eth-Trunk interface. LACP is then used to determine active and inactive member interfaces. The static LACP mode is also called the M: N mode, which implements both load balancing and member interface backup. In an LAG, M links are active to forward data and perform load balancing; N links are inactive, which function as backup links and do not forward data. When
a link of M links fails, the system selects the link with the highest priority from N links to replace the faulty link. In this case, the backup link becomes active and starts to forward data.
3.2 Configuring an Eth-Trunk Interface in Manual Load Balancing Mode

Of the two directly connected devices between which an Eth-Trunk connection is established, one device does not support the Link Aggregation Control Protocol (LACP). In this case, you can create an Eth-Trunk interface in manual load balancing mode on each device, and then add interfaces to the Eth-Trunk interface to increase bandwidth and improve reliability. 3.2.1 Establishing the Configuration Task Before configuring an Eth-Trunk interfaces in manual load balancing mode, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately. 3.2.2 Creating an Eth-Trunk Interface An Eth-Trunk ID uniquely identifies an Eth-Trunk link. Physical interfaces can be added to an Eth-Trunk interface only after the Eth-Trunk interface is created. 3.2.3 (Optional) Configuring a Working Mode for an Eth-Trunk Interface To transmit Layer 2 services, an Eth-Trunk interface needs to be switched into a Layer 2 interface. 3.2.4 Configuring an Eth-Trunk Interface to Work in Manual Load Balancing Mode The manual load balancing mode allows interfaces to be manually added to an Eth-Trunk interface. 3.2.5 Adding Interfaces to an Eth-Trunk Interface After an Eth-Trunk interface is successfully configured, interfaces need to be added to the EthTrunk interface to increase bandwidth, improve reliability, and implement load balancing. 3.2.6 Checking the Configuration After an Eth-Trunk interface in manual load balancing mode is successfully configured, you can check information about the Eth-Trunk interface, including the Eth-Trunk ID, working mode, and status of member interfaces.

Before configuring an Eth-Trunk interfaces in manual load balancing mode, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately.
To improve link communication capabilities, you can bind multiple Ethernet interfaces to form an Eth-Trunk interface. The bandwidth of the Eth-Trunk interface is the total bandwidth of all member interfaces. In this manner, the interface bandwidth is increased. Load balancing can be carried out on an Eth-Trunk interface by distributing traffic to member links to send the traffic to the same destination. This prevents network congestion.
Configuring an Eth-Trunk interface improves the link reliability. If a member interface of the Eth-Trunk interface goes Down, traffic switches to other member interfaces. If one of two directly-connected devices does not support LACP, an Eth-Trunk in manual load balancing mode can be configured on the CX- and interfaces can be added to the Eth-Trunk interface to increase bandwidth and reliability. As shown in Figure 3-3, CX-A supports LACP, but CX-B does not support LACP.
NOTE
In manual load balancing mode, interfaces at different speeds, in different duplex modes, or on different boards can be added to one Eth-Trunk interface.
Figure 3-3 Networking diagram for link aggregation in manual load balancing mode
Eth-Trunk 1 Eth-Trunk Eth-Trunk 1
CX-A
CX-B
Before configuring an Eth-Trunk interface in manual load balancing mode, complete the following task: l Powering on the CX- and ensuring a successful self-check.
Data Preparation
To create an Eth-Trunk interface in manual load balancing mode, you need the following data. No. 1 2 Data Eth-Trunk ID Type and number of each interface to be added to the Eth-Trunk interface
3.2.2 Creating an Eth-Trunk Interface

An Eth-Trunk ID uniquely identifies an Eth-Trunk link. Physical interfaces can be added to an Eth-Trunk interface only after the Eth-Trunk interface is created.
Context
Do as follows on the device where an Eth-Trunk interface needs to be configured.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-05-30)
3-9

interface eth-trunk trunk-id
An Eth-Trunk interface is created. ----End
3.2.3 (Optional) Configuring a Working Mode for an Eth-Trunk Interface

To transmit Layer 2 services, an Eth-Trunk interface needs to be switched into a Layer 2 interface.
Procedure
Step 1 Run:
system-view

The Eth-Trunk interface view is displayed. Step 3 Run:

portswitch
The Layer 3 Eth-Trunk interface is switched into a Layer 2 interface. By default, an Eth-Trunk interface works in Layer 3 mode. After an Eth-Trunk interface is switched into a Layer 2 interface, its Layer 3 functions are disabled and the interface is identified by the system MAC address. An Eth-Trunk interface needs to be switched into a Layer 2 interface before being bound to a VLAN. Before switching between working modes, delete all configurations of the Eth-Trunk interface. The undo portswitch command is used to switch a Layer 2 Eth-Trunk interface into a Layer 3 one.
NOTE
l The minimum interval between the portswitch command and the undo portswitch command is 30 seconds. l The working mode of an Eth-Trunk interface does not affect the addition of interfaces. An Ethernet interface can join either a Layer 2 Eth-Trunk interface or a Layer 3 Eth-Trunk interface.
----End
3.2.4 Configuring an Eth-Trunk Interface to Work in Manual Load Balancing Mode

The manual load balancing mode allows interfaces to be manually added to an Eth-Trunk interface.
Context
NOTE
Before configuring a working mode for an Eth-Trunk interface, ensure that the Eth-Trunk interface does not have any member interface; otherwise, the working mode cannot be changed. To delete a member interface, run the undo eth-trunk trunk-id command in the interface view. Both Layer 2 and Layer 3 Eth-Trunk interfaces support the manual load balancing mode.
Do as follows on the devices at the two ends of an Eth-Trunk link:
Procedure
Step 1 Run:
system-view


mode manual load-balance
The working mode of the Eth-Trunk interface is set to manual load balancing. By default, an Eth-Trunk interface works in manual load balancing mode. ----End
3.2.5 Adding Interfaces to an Eth-Trunk Interface

After an Eth-Trunk interface is successfully configured, interfaces need to be added to the EthTrunk interface to increase bandwidth, improve reliability, and implement load balancing.
Context
NOTE
A physical interface added to an Eth-Trunk interface is affected by the Eth-Trunk interface: l If the shutdown command is run on the Eth-Trunk interface before or after the physical interface is added, the physical status of the Eth-Trunk interface becomes Administratively DOWN. Accordingly, the configuration file shows that the physical interface is shutdown and its physical status is Administratively DOWN. If the undo shutdown command is run on the Eth-Trunk interface after the physical interface is added, the configuration file shows that the physical interface is undo shutdown.
Do as follows as required:
Procedure
l To add one or more physical interfaces to an Eth-Trunk interface in the Eth-Trunk interface view 1. Run:
system-view
Issue 01 (2011-05-30)
3-11

The Eth-Trunk interface view is displayed. 3. Run the following command as required.
trunkport interface-type { interface-number1 [ to interface-number2 ] } &<1-16>
Interfaces are added to the Eth-Trunk interface in batches.

trunkport interface-type interface-number
An interface is added to the Eth-Trunk interface. A maximum of 16 interfaces can be added to or deleted from an Eth-Trunk interface once. l To add a physical interface to an Eth-Trunk interface in the view of the physical interface 1. Run:
system-view

The view of an interface to be added to an Eth-Trunk interface is displayed. 3. Run:

eth-trunk trunk-id
The interface is added to the Eth-Trunk interface. Before adding interfaces to an Eth-Trunk interface, note the following points: An Eth-Trunk interface can have a maximum of 16 member interfaces. The interfaces cannot be configured with either Layer 3 configurations such as IP addresses or services. The interfaces cannot be configured with static MAC addresses. The interfaces cannot be Eth-Trunk interfaces. An Ethernet interface can join only one Eth-Trunk interface. To join another EthTrunk interface, the Ethernet interface must quit from the original Eth-Trunk first. Fast Ethernet and Gigabit Ethernet interfaces can be added to one Eth-Trunk interface. Ethernet interfaces on different boards can be added to one Eth-Trunk interface. Before adding a Layer 2 interface on the CX device to an Eth-Trunk interface, you need to run the undo portswitch command to switch it into a Layer 3 interface. An Eth-Trunk interface works in either Layer 2 mode or Layer 3 mode. An Ethernet interface can be added to either a Layer 2 Eth-Trunk interface or a Layer 3 EthTrunk interface. If an Eth-Trunk interface is created on a device, the peer device's interfaces that are directly connected to the member interfaces of the Eth-Trunk interface must be bound into an Eth-Trunk interface. Otherwise, the two devices cannot communicate. ----End

After an Eth-Trunk interface in manual load balancing mode is successfully configured, you can check information about the Eth-Trunk interface, including the Eth-Trunk ID, working mode, and status of member interfaces.
Prerequisite
The configurations of an Eth-Trunk interface in manual load balancing mode are complete.
Procedure
Step 1 Run the display trunkmembership eth-trunk trunk-id command to check information about Eth-Trunk member interfaces. ----End
Example
Run the display trunkmembership eth-trunk command. If information about the working mode of the Eth-Trunk interface and the usage status of member interfaces is displayed, it means that the configuration succeeds. For example:
<HUAWEI> display trunkmembership eth-trunk 1 Trunk ID: 1 used status: VALID TYPE: ethernet Working Mode : Normal Working State: Normal Number Of Ports in Trunk = 2 Number Of UP Ports in Trunk = 2 operate status: up Interface GigabitEthernet1/0/0, valid, operate up, weight=1, Interface GigabitEthernet1/0/1, valid, operate up, weight=1,
3.3 Configuring an Eth-Trunk Interface in 1:1 Active/ Standby Mode

Eth-Trunk interfaces in 1:1 active/standby mode can be configured on two devices so that data can be transmitted over the links working in 1:1 backup mode. 3.3.1 Establishing the Configuration Task Before configuring an Eth-Trunk interface in 1:1 active/standby mode, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately. 3.3.2 Configuring an Eth-Trunk Interface to Work in 1:1 Active/Standby Mode Link aggregation in 1:1 active/standby mode provides a backup link for data transmission. One Eth-Trunk interface has only two member interfaces, namely, an active interface and a standby interface. 3.3.3 Adding Interfaces to an Eth-Trunk Interface and Setting the Master Interface After link aggregation in 1:1 active/standby mode is successfully configured, two interfaces need to be added to each Eth-Trunk interface and set one interface as the master interface. In this manner, links are in 1:1 backup mode.
3.3.4 Enabling the Function of Sending Flush Packets After the function of sending Flush packets is enabled and the master/backup interface switchover is performed, Flush packets are sent by the new master interface to instruct the peer to age MAC entries. This prevents service interruption caused by asynchronous MAC address information. 3.3.5 Creating a Control VLAN A control VLAN is used to receive Flush packets sent between the two devices on which EthTrunk interfaces in 1:1 active/standby mode are configured. 3.3.6 Enabling an Interface to Receive Packets from a Control VLAN Intermediate devices must be enabled with the function of receiving packets from a control VLAN. In this manner, a remote device can receive Flush packets, and then delete dynamic MAC entries and ARP entries based on the Flush packets. 3.3.7 Enabling an Interface to Receive Flush Packets Intermediate devices are able to process Flush packets only after being enabled with the function of receiving Flush packets. 3.3.8 Checking the Configuration After an Eth-Trunk interface in 1:1 active/standby mode is successfully configured, you can view the Eth-Trunk ID, working mode, and local member interface status of the Eth-Trunk interface.

Before configuring an Eth-Trunk interface in 1:1 active/standby mode, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately.
On the network shown in Figure 3-4, CX- A and CX- D are CX600 devices. The transit device can receive Flush packets. Backup links are required to be configured between CX- A and CX- D to ensure reliable data transmission. Figure 3-4 Networking diagram for link aggregation in 1:1 active/standby mode
CX-B
CX-A Eth-Trunk 1 Eth-Trunk 1
CX-D
CX-C Active links Backup links
3-14
Issue 01 (2011-05-30)
NOTE
In 1:1 active/standby mode, interfaces at different speeds, in different duplex modes, or on different boards can be added to one Eth-Trunk interface.
Before configuring an Eth-Trunk interface in 1:1 active/standby mode, complete the following task: l Creating an Eth-Trunk interface
Data Preparation
To configure an Eth-Trunk interface in 1:1 active/standby mode, you need the following data. No. 1 2 3 Data ID of the LAG of CX- A and CX- D Type and number of each interface to be added to the Eth-Trunk interface ID of the control VLAN that is used to send or receive Flush packets
3.3.2 Configuring an Eth-Trunk Interface to Work in 1:1 Active/ Standby Mode

Link aggregation in 1:1 active/standby mode provides a backup link for data transmission. One Eth-Trunk interface has only two member interfaces, namely, an active interface and a standby interface.
Context
NOTE
Ensure that an Eth-Trunk interface does not have any member interface before configuring the working mode for the Eth-Trunk interface; otherwise, the working mode cannot be changed. To delete a member interface, run the undo eth-trunk command in the interface view. For details, refer to the chapter "Link Aggregation" in the Command Reference. Layer 2 Eth-Trunk interfaces support the 1:1 active/standby mode, but Layer 3 Eth-Trunk interfaces do not.
Do as follows on CX- A and CX- D:
Procedure
Step 1 Run:
system-view

Issue 01 (2011-05-30)
3-15

portswitch
The Eth-Trunk interface is switched from a Layer 3 interface to a Layer 2 interface. Step 4 Run:
mode manual backup
The Eth-Trunk interface is configured to work in 1:1 active/standby mode. By default, an Eth-Trunk interface works in manual load balancing mode. ----End
3.3.3 Adding Interfaces to an Eth-Trunk Interface and Setting the Master Interface
After link aggregation in 1:1 active/standby mode is successfully configured, two interfaces need to be added to each Eth-Trunk interface and set one interface as the master interface. In this manner, links are in 1:1 backup mode.
Context
NOTE
Procedure
Step 1 Run:
system-view

interface interface-type interface-number
The view of the interface to be added to an Eth-Trunk interface is displayed. Step 3 Run:
eth-trunk trunk-id
The interface is added to the Eth-Trunk interface. In 1:1 active/standby mode, only two interfaces can be added to one Eth-Trunk interface.
NOTE
Before adding an interface to an Eth-Trunk interface, ensure that the interface does not have any configuration. The display this command can be used to check the configurations of an interface. Except for shutdown, undo shutdown, and description, the configurations must be deleted by using corresponding undo commands.
Step 4 Run:
port-master
The member interface of the Eth-Trunk interface is specified as the master interface. By default, each member interface of an Eth-Trunk interface in 1:1 active/standby mode is the backup interface. Therefore, only the master interface needs to be specified. Of the two member interfaces of an Eth-Trunk interface, only one interface can be specified as the master interface. ----End
3.3.4 Enabling the Function of Sending Flush Packets

After the function of sending Flush packets is enabled and the master/backup interface switchover is performed, Flush packets are sent by the new master interface to instruct the peer to age MAC entries. This prevents service interruption caused by asynchronous MAC address information.
Context
Procedure
Step 1 Run:
system-view


smart-link flush send vlan vlan-id
The function of sending Flush packets is enabled.

NOTE
The VLAN specified in this command is a control VLAN. After the command is used, Flush packets are sent from the new master interface after a master/backup interface switchover to instruct the peer to age MAC entries, thus preventing service interruption caused by asynchronous MAC address information.
----End
3.3.5 Creating a Control VLAN

A control VLAN is used to receive Flush packets sent between the two devices on which EthTrunk interfaces in 1:1 active/standby mode are configured.
Context
Do as follows on CX- B and CX- C:
Procedure
Step 1 Run:
system-view

vlan vlan-id
A VLAN is created and the VLAN view is displayed. The VLAN is used to receive Flush packets sent by CX- A or CX- D. Therefore, the VLAN ID must be the same as the VLAN ID used to send Flush packets. ----End
3.3.6 Enabling an Interface to Receive Packets from a Control VLAN

Intermediate devices must be enabled with the function of receiving packets from a control VLAN. In this manner, a remote device can receive Flush packets, and then delete dynamic MAC entries and ARP entries based on the Flush packets.
Context
Do as follows on the interfaces of active and standby links connecting to CX- B and CX- C:
Procedure
Step 1 Run:
system-view


portswitch
The Ethernet interface is switched from a Layer 3 interface to a Layer 2 interface. Step 4 Run:
port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] } & <1-10> | all }
The function of receiving packets from a control VLAN is enabled. The VLAN ID used to receive Flush packets must be the same as the VLAN ID used to send Flush packets. ----End
3.3.7 Enabling an Interface to Receive Flush Packets

Intermediate devices are able to process Flush packets only after being enabled with the function of receiving Flush packets.
Context
Do as follows on the interfaces of active and standby links connecting to CX- B and CX- C:
Procedure
Step 1 Run:
system-view


smart-link flush enable control-vlan vlan-id
The function of receiving Flush packets is enabled. ----End

After an Eth-Trunk interface in 1:1 active/standby mode is successfully configured, you can view the Eth-Trunk ID, working mode, and local member interface status of the Eth-Trunk interface.
Prerequisite
The configurations of an Eth-Trunk interface in 1:1 active/standby mode function are complete.
Procedure
l l Run the display trunkmembership eth-trunk trunk-id command to check the member interfaces of the Eth-Trunk interface. Run the display eth-trunk [ trunk-id [ interface interface-type interface-number ] ] command to check the working mode of the Eth-Trunk interface and the master and backup member interfaces.
----End
Example
Use CX- A as an example. Run the display trunkmembership eth-trunk command. If the working mode is Backup and the master interface GigabitEthernet1/0/1 is Up, it means that the configuration succeeds.
<HUAWEI> display trunkmembership eth-trunk 1 Trunk ID: 1 used status: VALID
Issue 01 (2011-05-30)
3-19

TYPE: ethernet Working Mode : Backup-access Number Of Ports in Trunk = 2 Number Of UP Ports in Trunk = 1 operate status: up
Interface GigabitEthernet1/0/1, valid, operate up, weight=1, Interface GigabitEthernet1/0/2, valid, operate down, weight=1, <HUAWEI> display eth-trunk 1 Eth-Trunk1's state information is: WorkingMode: BACKUP WorkingState: Master -------------------------------------------------------------------------------PortName Slave/Master GigabitEthernet1/0/1 M GigabitEthernet1/0/2 S
3.4 Configuring an Eth-Trunk Interface in Static LACP Mode

LACP provides a standard negotiation mode for the devices that exchange data. In this negotiation mode, the system can automatically form aggregation links based on its configuration and enable the aggregation links to receive and send data, which thus improves fault tolerance. In addition, member links can work in M:N backup mode, ensuring reliable data transmission. 3.4.1 Establishing the Configuration Task Before configuring an Eth-Trunk interface in static LACP mode, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately. 3.4.2 Creating an Eth-Trunk Interface An Eth-Trunk ID uniquely identifies an Eth-Trunk link. Physical interfaces can be added to an Eth-Trunk interface only after the Eth-Trunk interface is created. 3.4.3 (Optional) Configuring a Working Mode for an Eth-Trunk Interface To transmit Layer 2 services, an Eth-Trunk interface needs to be switched into a Layer 2 interface. 3.4.4 Configuring an Eth-Trunk Interface to Work in Static LACP Mode In addition to improving reliability and increasing bandwidth, an Eth-Trunk interface in static LACP mode can automatically adjust or disassemble link aggregation. 3.4.5 Adding Interfaces to an Eth-Trunk Interface After an Eth-Trunk interface is successfully configured, interfaces need to be added to the EthTrunk interface to increase bandwidth, improve reliability, and implement load balancing. 3.4.6 (Optional) Setting an LACP System Priority LACP system priorities are used to prioritize devices. The device of a high LACP priority is selected as the Actor, which determines active interfaces in the link aggregation group. 3.4.7 (Optional) Setting the Maximum Number of Active Member Interfaces After the maximum number of active member interfaces is set for an Eth-Trunk interface, adding more interfaces to the Eth-Trunk interface does not increase the number of its active member interfaces. 3.4.8 (Optional) Setting an LACP Interface Priority
3-20
Issue 01 (2011-05-30)
LACP interface priorities are used to prioritize member interfaces of an Eth-Trunk interface. Interfaces of high priorities are selected as active interfaces. 3.4.9 (Optional) Configuring the Mode for Selecting Active Member Interfaces As defined in LACP, active member interfaces are selected based on interface LACP priorities. In certain cases, low-speed member interfaces may be selected. To make the system select only high-speed member interfaces, configure the mode for selecting active member interfaces. 3.4.10 (Optional) Enabling LACP Preemption and Setting an LACP Preemption Delay After LACP preemption is enabled, Eth-Trunk member interfaces with high priorities are always active interfaces. 3.4.11 (Optional) Setting a Timeout Period for Receiving LACPDUs After a timeout period for receiving LACPDUs is set, the local end sends an LACPDU to inform the peer of the timeout period. 3.4.12 Checking the Configuration After an Eth-Trunk interface in static LACP mode is successfully configured, you can view information about the Eth-Trunk interface, including the Eth-Trunk ID, working mode, status of each member interface, LACP system priority, LACP priority of each member interface, and LACP preemption delay.

Before configuring an Eth-Trunk interface in static LACP mode, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately.
To increase bandwidth between two devices and improve reliability, you can configure an LAG on the devices. After the configurations: l l The links between the two devices back up each other. After a fault occurs on a link, a backup link replaces the faulty one to transmit data. Active links carry out load balancing.
Figure 3-5 Networking diagram for link aggregation in static LACP mode
Eth-Trunk 1 Eth-Trunk 1
Eth-Trunk
CX-A
CX-B Active links Backup links
NOTE
In static LACP mode, interfaces at different speeds, in different duplex modes, and on different boards can be added to one Eth-Trunk interface. Member interfaces at different speeds cannot be in the forwarding state at the same time; member interfaces in half duplex mode cannot forward data.
Issue 01 (2011-05-30)
3-21
Before configuring an Eth-Trunk interface in static LACP mode, complete the following task: l Powering on the device and starting it normally.
Data Preparation
To configure an Eth-Trunk interface in static LACP mode, you need the following data. No. 1 2 3 Data Number of the Eth-Trunk interface Type and number of each member interface Maximum number of active member interfaces
3.4.2 Creating an Eth-Trunk Interface

An Eth-Trunk ID uniquely identifies an Eth-Trunk link. Physical interfaces can be added to an Eth-Trunk interface only after the Eth-Trunk interface is created.
Context
Do as follows on the device where an Eth-Trunk interface needs to be configured.
Procedure
Step 1 Run:
system-view

An Eth-Trunk interface is created. ----End
3.4.3 (Optional) Configuring a Working Mode for an Eth-Trunk Interface

To transmit Layer 2 services, an Eth-Trunk interface needs to be switched into a Layer 2 interface.
Procedure
Step 1 Run:
system-view

Step 2 Run:

portswitch
The Layer 3 Eth-Trunk interface is switched into a Layer 2 interface. By default, an Eth-Trunk interface works in Layer 3 mode. After an Eth-Trunk interface is switched into a Layer 2 interface, its Layer 3 functions are disabled and the interface is identified by the system MAC address. An Eth-Trunk interface needs to be switched into a Layer 2 interface before being bound to a VLAN. Before switching between working modes, delete all configurations of the Eth-Trunk interface. The undo portswitch command is used to switch a Layer 2 Eth-Trunk interface into a Layer 3 one.
NOTE
l The minimum interval between the portswitch command and the undo portswitch command is 30 seconds. l The working mode of an Eth-Trunk interface does not affect the addition of interfaces. An Ethernet interface can join either a Layer 2 Eth-Trunk interface or a Layer 3 Eth-Trunk interface.
----End
3.4.4 Configuring an Eth-Trunk Interface to Work in Static LACP Mode

In addition to improving reliability and increasing bandwidth, an Eth-Trunk interface in static LACP mode can automatically adjust or disassemble link aggregation.
Context
NOTE
Before configuring a working mode for an Eth-Trunk interface, ensure that the Eth-Trunk interface does not have any member interface. Otherwise, the working mode cannot be changed. To delete an existing member interface, run the undo eth-trunk command in the interface view. For details, see the chapter "Link Aggregation" in the Command Reference. Both Layer 2 and Layer 3 Eth-Trunk interfaces support the static LACP mode.
Do as follows on the devices at both ends:
Procedure
Step 1 Run:
system-view

Issue 01 (2011-05-30)
3-23

mode lacp-static
The Eth-Trunk interface is configured to work in static LACP mode. By default, an Eth-Trunk interface works in manual load balancing mode. ----End
3.4.5 Adding Interfaces to an Eth-Trunk Interface

After an Eth-Trunk interface is successfully configured, interfaces need to be added to the EthTrunk interface to increase bandwidth, improve reliability, and implement load balancing.
Context
NOTE
Do as follows as required:
Procedure
l To add one or more physical interfaces to an Eth-Trunk interface in the Eth-Trunk interface view 1. Run:
system-view

The Eth-Trunk interface view is displayed. 3. Run the following command as required.
trunkport interface-type { interface-number1 [ to interface-number2 ] } &<1-16>
Interfaces are added to the Eth-Trunk interface in batches.

trunkport interface-type interface-number
An interface is added to the Eth-Trunk interface. A maximum of 16 interfaces can be added to or deleted from an Eth-Trunk interface once. l To add a physical interface to an Eth-Trunk interface in the view of the physical interface 1. Run:
system-view
3-24
Issue 01 (2011-05-30)

The view of an interface to be added to an Eth-Trunk interface is displayed. 3. Run:

eth-trunk trunk-id
The interface is added to the Eth-Trunk interface. Before adding interfaces to an Eth-Trunk interface, note the following points: An Eth-Trunk interface can have a maximum of 16 member interfaces. The interfaces cannot be configured with either Layer 3 configurations such as IP addresses or services. The interfaces cannot be configured with static MAC addresses. The interfaces cannot be Eth-Trunk interfaces. An Ethernet interface can join only one Eth-Trunk interface. To join another EthTrunk interface, the Ethernet interface must quit from the original Eth-Trunk first. Fast Ethernet and Gigabit Ethernet interfaces can be added to one Eth-Trunk interface. Ethernet interfaces on different boards can be added to one Eth-Trunk interface. Before adding a Layer 2 interface on the CX device to an Eth-Trunk interface, you need to run the undo portswitch command to switch it into a Layer 3 interface. An Eth-Trunk interface works in either Layer 2 mode or Layer 3 mode. An Ethernet interface can be added to either a Layer 2 Eth-Trunk interface or a Layer 3 EthTrunk interface. If an Eth-Trunk interface is created on a device, the peer device's interfaces that are directly connected to the member interfaces of the Eth-Trunk interface must be bound into an Eth-Trunk interface. Otherwise, the two devices cannot communicate. ----End
3.4.6 (Optional) Setting an LACP System Priority

LACP system priorities are used to prioritize devices. The device of a high LACP priority is selected as the Actor, which determines active interfaces in the link aggregation group.
Context
Procedure
Step 1 Run:
system-view

lacp priority priority
Issue 01 (2011-05-30)
3-25
The LACP system priority is set. The smaller the priority value, the higher the LACP system priority. The device with a smaller LACP system priority value functions as the Actor. By default, the LACP system priority value is 32768. To make a device function as the Actor, set its LACP system priority value to be smaller than 32768, leaving the LACP system priority value of the peer device unchanged. ----End
3.4.7 (Optional) Setting the Maximum Number of Active Member Interfaces

After the maximum number of active member interfaces is set for an Eth-Trunk interface, adding more interfaces to the Eth-Trunk interface does not increase the number of its active member interfaces.
Context
In static LACP mode, after the maximum number of active member interfaces is set to M, the remaining member interfaces are in the standby state. If the upper threshold is not configured, a maximum of 16 member interfaces of an Eth-Trunk interface can be in the active state.
NOTE
The maximum number of active member interfaces set for one device can be different from that set for the peer device. In this case, the maximum number of active member interfaces is subject to the smaller one.
Procedure
Step 1 Run:
system-view


max active-linknumber link-number
The maximum number of active member interfaces is set. By default, the maximum number of active member interfaces is 16. ----End
3.4.8 (Optional) Setting an LACP Interface Priority

LACP interface priorities are used to prioritize member interfaces of an Eth-Trunk interface. Interfaces of high priorities are selected as active interfaces.
Context
Procedure
Step 1 Run:
system-view


lacp priority priority
The interface is configured with an LACP priority value.

NOTE
Active member interfaces are selected based on LACP interface priorities. The smaller the priority value, the higher the LACP interface priority. By default, the LACP interface priority value is 32768.
----End
3.4.9 (Optional) Configuring the Mode for Selecting Active Member Interfaces
As defined in LACP, active member interfaces are selected based on interface LACP priorities. In certain cases, low-speed member interfaces may be selected. To make the system select only high-speed member interfaces, configure the mode for selecting active member interfaces.
Context
Procedure
Step 1 Run:
system-view


lacp selected { priority | speed }
The mode for selecting active member interfaces is configured. As defined in LACP, active member interfaces are selected based on interface LACP priorities. In certain cases, low-speed member interfaces are selected. To make the system select only highspeed member interfaces, run the lacp selected speed command.
By default, member interfaces of high LACP priorities are selected as active member interfaces.
NOTE
To ensure that Eth-Trunk interfaces work normally, configure the same mode for selecting active member interfaces for both ends of an Eth-Trunk link.
----End
3.4.10 (Optional) Enabling LACP Preemption and Setting an LACP Preemption Delay
After LACP preemption is enabled, Eth-Trunk member interfaces with high priorities are always active interfaces.
Context
Procedure
Step 1 Run:
system-view


lacp preempt enable
LACP preemption is enabled. If LACP preemption is enabled, member interfaces with high LACP priorities are always active interfaces. For example, if LACP preemption is enabled, an interface with a high priority becomes active immediately after it recovers; if LACP preemption is disabled, the interface cannot become active after it recovers.
NOTE
Enabling or disabling LACP preemption for both ends of an Eth-Trunk link is recommended.
Step 4 Run:
lacp preempt delay delay-time
An LACP preemption delay is set. The LACP preemption delay is a period of time before an inactive member interface of an EthTrunk interface in static LACP mode becomes active. LACP preemption delays set for the two ends may be different. In this case, the system uses the longer one. ----End
3.4.11 (Optional) Setting a Timeout Period for Receiving LACPDUs

After a timeout period for receiving LACPDUs is set, the local end sends an LACPDU to inform the peer of the timeout period.
Context
Procedure
Step 1 Run:
system-view


lacp timeout { fast | slow }
A timeout period for receiving LACPDUs is set. By default, the timeout period for receiving LACPDUs is 90 seconds (slow).
NOTE
l After the command is used, the local end sends an LACPDU to inform the peer of the timeout period for receiving LACPDUs. l If fast is configured, the timeout period for receiving LACPDUs is 3 seconds, and the peer sends an LACPDU every second. l If slow is configured, the timeout period for receiving LACPDUs is 90 seconds, and the peer sends an LACPDU every 30 seconds. l Timeout periods set for the two ends can be different. Setting the same timeout period for the two ends to receive LACPDUs is recommended to facilitate maintenance.
----End

After an Eth-Trunk interface in static LACP mode is successfully configured, you can view information about the Eth-Trunk interface, including the Eth-Trunk ID, working mode, status of each member interface, LACP system priority, LACP priority of each member interface, and LACP preemption delay.
Prerequisite
The configurations of an Eth-Trunk interface in static LACP mode are complete.
Procedure
l Run the display trunkmembership eth-trunk trunk-id command to check information about member interfaces of the Eth-Trunk interface.
Issue 01 (2011-05-30)
Run the display eth-trunk [ trunk-id [ interface interface-type interface-number ] ] command to check information about the Eth-Trunk interface and its active member interfaces.
----End
Example
Run the display trunkmembership eth-trunk command. If the working mode, LACP system priority, LACP interface priority, and active member interfaces are displayed, it means that the configuration succeeds.
<HUAWEI> display eth-trunk 1 Eth-Trunk1's state information is: Local: LAG ID: 1 WorkingMode: STATIC Preempt Delay: Disabled Hash arithmetic: According to flow System Priority: 60 System ID: 00e0-fca8-041a Least Active-linknumber: 1 Max active-linknumber: 3 Operate status: up Number Of Up Port In Trunk: 3 -----------------------------------------------------------------------------ActorPortName Status PortType PortPri PortNo PortKey PortState Weight GigabitEthernet3/0/3 Selected 1GE 32768 387 561 11111100 1 GigabitEthernet3/0/4 Selected 1GE 10 388 561 11111100 1 GigabitEthernet3/0/5 Selected 1GE 32768 389 561 11111100 1 GigabitEthernet1/0/0 Unselect 10GE 32768 64 577 11100000 1 GigabitEthernet2/0/0 Unselect 10GE 32768 192 577 11100010 1 Partner: -----------------------------------------------------------------------------ActorPortName SysPri SystemID PortPri PortNo PortKey PortState GigabitEthernet3/0/3 32768 00e0-fca6-7f85 32768 387 561 11111100 GigabitEthernet3/0/4 32768 00e0-fca6-7f85 32768 388 561 11111100 GigabitEthernet3/0/5 32768 00e0-fca6-7f85 32768 389 561 11111100 GigabitEthernet1/0/0 32768 00e0-fca6-7f85 32768 64 577 11100000 GigabitEthernet2/0/0 0 0000-0000-0000 0 0 0 11100011 <HUAWEI> display trunkmembership eth-trunk 1 Trunk ID: 1 used status: VALID TYPE: ethernet Working Mode : Static Number Of Ports in Trunk = 3 Number Of UP Ports in Trunk = 2 operate status: up Interface GigabitEthernet1/0/1, valid, operate up, weight=1, Interface GigabitEthernet1/0/2, valid, operate up, weight=1, Interface GigabitEthernet1/0/3, valid, operate down, weight=1,
3-30
Issue 01 (2011-05-30)
3.5 Associating an Eth-Trunk Interface in Static LACP Mode with an mVRRP Backup Group
After an Eth-Trunk interface in static LACP mode is associated with an mVRRP backup group, the Eth-Trunk interface can detect the status change in the mVRRP backup group, and thus rapidly switch traffic to an available path. This ensures reliable data transmission. 3.5.1 Establishing the Configuration Task Before associating an Eth-Trunk interface in static LACP mode with an mVRRP backup group, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately. 3.5.2 Configuring VRRP to Track the Status of a Member Interface of an Eth-Trunk Interface in Static LACP Mode If VRRP is configured to track the status of a member interface of an Eth-Trunk interface, after the member interface fails, VRRP can detect the fault and carry out the device switchover in the VRRP backup group. 3.5.3 Associating an Eth-Trunk Interface in Static LACP Mode with an mVRRP Backup Group Before associating an Eth-Trunk interface with a VRRP backup group, ensure that the Eth-Trunk interface works in static LACP mode and the VRRP backup group is an mVRRP backup group. 3.5.4 Checking the Configuration After an Eth-Trunk interface in static LACP mode is associated with an mVRRP backup group, the Eth-Trunk link switchover is performed along with the device switchover in the mVRRP backup group.

Before associating an Eth-Trunk interface in static LACP mode with an mVRRP backup group, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately.
Reliable networking usually involves both device-level reliability and link-level reliability techniques. If VRRP is used to provide device-level reliability and the trunk technique is used to provide link-level reliability, the device switchover and link switchover may not be performed simultaneously after a fault occurs on the master device or the active link. As a result, traffic is interrupted. To prevent such a problem, you can associate a trunk interface with a VRRP backup group.
Issue 01 (2011-05-30)
3-31
Figure 3-6 Typical networking for a CE dual-homed to UPEs
IP/MPLS Core
IP/MPLS Core
UPE1
UPE2
UPE1
VRRP
UPE2
CE
CE Active link Standby link Eth-Trunk interface VRRP-tracked interface
As shown in Figure 3-6, a CE is dual-homed to UPEs. UPEs are configured with VRRP so that UPE1 and UPE2 function as the master and backup devices respectively. In addition, the physical links between the CE and UPEs are bundled into Eth-Trunk links to improve link reliability and increase bandwidth. To implement the integrated networking, you need to ensure that the device switchover and the link switchover are performed at the same time. When UPE1 functions as the master device, the link between CE1 and UPE1 must be the active link; otherwise, traffic is interrupted. For example, if UPE1 becomes backup while the link between CE1 and UPE1 is the active link, traffic is still transmitted along this link to UPE1. However, the backup device UPE1 does not forward packets. As a result, traffic is interrupted.
3-32
Issue 01 (2011-05-30)
NOTE
l The point-to-point (P2P) Eth-Trunk technique can be used in this point-to-multipoint (P2MP) networking because VRRP is configured on UPEs so that the UPEs are grouped to function as a virtual router. Therefore, this networking can be considered as a P2P networking. l Eth-Trunk interfaces configured on the CE and UPEs must work in static LACP mode. This is because the master/backup UPEs require the active/standby links, and only Eth-Trunk interfaces in static LACP mode can work in either active or standby mode. l An mVRRP backup group must be configured on directly-connected UPEs to implement a fast switchover in the VRRP backup group. An mVRRP backup group is able to ignore the event that the interface goes Down. If the interface where the mVRRP backup group resides goes Down, the mVRRP backup group rapidly changes to Master but not Initialize. For detailed information about VRRP, see the chapter that describes VRRP principles in the CX600 Feature Description - Reliability.
VRRP is able to monitor the status of the local device. After being configured to track interface status, VRRP monitors the status of upstream and downstream interfaces on UPEs. If the master device or the active link fails, the backup device and the standby link become master and active at the same time. In the following situations, however, the switchover cannot be performed synchronously: l l If the upstream interface of the master UPE fails, the device switchover is performed but the link switchover does not take place. If the device switchover is performed after the priority of a UPE is changed, the link switchover does not take place.
To prevent traffic interruption caused by asynchronous switchovers in such an integrated networking, Huawei develops the technique to associate an Eth-Trunk interface in static LACP mode with an mVRRP backup group. On a network where the interface connecting the master device to the upstream device fails or on a trouble-free network, when the master device in the mVRRP backup group changes to backup, the Eth-Trunk interface associated with the mVRRP backup group can detect the status change in the mVRRP backup group and thus perform the link switchover between Eth-Trunk member links. This ensures reliable data transmission.
NOTE
On a dual-homing network, you can either associate an Eth-Trunk interface in static LACP mode with an mVRRP backup group or use the E-Trunk technique to implement both device-level and link-level reliability. For E-Trunk configurations, see 3.9 Configuring E-Trunk.
Before associating an Eth-Trunk interface in static LACP mode with an mVRRP backup group, complete the following tasks: l l 3.4 Configuring an Eth-Trunk Interface in Static LACP Mode Configuring mVRRP Backup Groups
Data Preparation
To associate an Eth-Trunk interface in static LACP mode with an mVRRP backup group, you need the following data.
No. 1 2 3 4 5 6
Data Number of the Eth-Trunk interface Type and number of each member interface ID of the VRRP backup group VRRP priority of each UPE Virtual IP address of the VRRP backup group ID of the mVRRP backup group
3.5.2 Configuring VRRP to Track the Status of a Member Interface of an Eth-Trunk Interface in Static LACP Mode
If VRRP is configured to track the status of a member interface of an Eth-Trunk interface, after the member interface fails, VRRP can detect the fault and carry out the device switchover in the VRRP backup group.
Procedure
Step 1 Run:
system-view

The view of the interface where the VRRP backup group resides is displayed. Step 3 Run:
vrrp vrid virtual-router-id track interface interface-type interface-number [ increased value-increased | reduced value-reduced ]
A VRRP backup group is configured to track the status of the member interface. By default, if the tracked interface goes Down, the VRRP priority value of the device reduces by 10. A VRRP backup group can track a maximum of eight interfaces in either Increase or Reduce mode. l In Increase mode, after the tracked interface goes Down, the VRRP priority value of the device where the tracked interface resides increases. increased value-increased specifies the value by which the VRRP priority value increases once the tracked interface goes Down. The value is an integer ranging from 1 to 255. This parameter takes effect only when the device is the backup device in the VRRP backup group. l In Reduce mode, after the tracked interface goes Down, the VRRP priority value of the device where the tracked interface resides decreases. reduced value-reduced specifies the value by which the VRRP priority value decreases once the tracked interface goes Down. The value is an integer ranging from 1 to 255.
If the VRRP priority of either device reduces to 0, the device switchover will be performed in the VRRP backup group. l The interface specified by interface interface-type interface-number must be a member interface of an Eth-Trunk interface in static LACP mode.
NOTE
For detailed information about VRRP tracking interface status, see Configuring VRRP to Track the Status of an Interface.
----End
3.5.3 Associating an Eth-Trunk Interface in Static LACP Mode with an mVRRP Backup Group
Before associating an Eth-Trunk interface with a VRRP backup group, ensure that the Eth-Trunk interface works in static LACP mode and the VRRP backup group is an mVRRP backup group.
Procedure
Step 1 Run:
system-view

The view of an Eth-Trunk interface in static LACP mode is displayed. Step 3 Run:
lacp track vrrp vrid vrid interface interface-type interface-number
The Eth-Trunk interface in static LACP mode is associated with an mVRRP backup group. l vrid vrid must specify an mVRRP backup group. l The interface specified by interface interface-type interface-number must have been configured with the mVRRP backup group. ----End

After an Eth-Trunk interface in static LACP mode is associated with an mVRRP backup group, the Eth-Trunk link switchover is performed along with the device switchover in the mVRRP backup group.
Prerequisite
The configurations of associating an Eth-Trunk interface in static LACP mode with an mVRRP backup group are complete.
Procedure
Step 1 Run the display vrrp [ interface interface-type interface-number [ virtual-router-id ] ] [ brief ] command to check the status and configurations of the VRRP backup group.
Step 2 Run the display eth-trunk [ trunk-id [ interface interface-type interface-number | verbose ] ] command to check the configurations of the Eth-Trunk interface in static LACP mode and information about its member interfaces. ----End
Example
Run the display vrrp command. If the status and type of the VRRP backup group as well as the type, number, and status of the tracked interface are displayed, it means that the configuration succeeds.
<HUAWEI> display vrrp GigabitEthernet1/0/3 | Virtual Router 1 State : Master Virtual IP : 1.1.1.10 Master IP : 1.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Track IF : GigabitEthernet1/0/1 priority reduced : 40 IF State : UP Track IF : GigabitEthernet1/0/2 priority reduced : 40 IF State : UP Config track link-bfd down-number : 0
Run the display eth-trunk command. If the working mode of the Eth-Trunk interface and information about its member interfaces are displayed, it means that the configuration succeeds.
<HUAWEI> display eth-trunk 20 Eth-Trunk20's state information is: Local: LAG ID: 20 WorkingMode: STATIC Preempt Delay: Disabled Hash arithmetic: According to flow System Priority: 32768 System ID: 00e0-6923-4900 Least Active-linknumber: 1 Max Active-linknumber: 16 Operate status: up Number Of Up Port In Trunk: 2 -------------------------------------------------------------------------------ActorPortName Status PortType PortPri PortNo PortKey PortState Weight GigabitEthernet1/0/1 Selected 1GE 32768 257 5169 10111100 1 GigabitEthernet1/0/2 Selected 1GE 32768 258 5169 10111100 1 Partner: -------------------------------------------------------------------------------ActorPortName SysPri SystemID PortPri PortNo PortKey PortState GigabitEthernet1/0/1 32768 00e0-b94e-fb00 32768 257 2609 10111100 GigabitEthernet1/0/2 32768 00e0-b94e-fb00 32768 258 2609 10111100
3.6 Configuring Layer 2 Attributes for an Eth-Trunk Interface

Layer 2 attributes define link layer attributes for an Eth-Trunk interface. 3.6.1 Establishing the Configuration Task
Before configuring Layer 2 attributes for an Eth-Trunk interface, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately. 3.6.2 (Optional) Configuring the Minimum Number of Up Member Links After the number of Up member links falls below the minimum number, the Eth-Trunk link goes Down. Configuring the minimum number of Up member links guarantees the minimum bandwidth provided by the Eth-Trunk link. 3.6.3 (Optional) Configuring the Maximum Number of Up Member Links After the number of Up member links reaches the upper threshold, the bandwidth of the EthTrunk link does not increase even if more member links go Up. This ensures high network reliability and guarantees sufficient bandwidth. 3.6.4 (Optional) Configuring an Eth-Trunk Interface to Carry Out Load Balancing Configuring a load balancing mode ensures bandwidth utilization or orderly packet transmission. 3.6.5 (Optional) Configuring Weights for Member Interfaces Member interfaces of an Eth-Trunk interface can be configured with different weights to carry out load balancing. 3.6.6 (Optional) Configuring the Mode for Eth-Trunk Member Interfaces to Send Traps After an Eth-Trunk member interface goes Up or Down, the trap sent by using a public MIB does not carry information about the Eth-Trunk interface. To allow the trap to carry information about the Eth-Trunk interface, you can configure traps to be sent by using a private MIB. 3.6.7 Checking the Configuration After Layer 2 attributes are successfully configured for an Eth-Trunk interface, you can view brief information about the Eth-Trunk interface, including physical status, protocol status, and interface bandwidth utilization.

Before configuring Layer 2 attributes for an Eth-Trunk interface, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately.
Before adding an Eth-Trunk interface to a VLAN, you need to configure Layer 2 attributes for the Eth-Trunk interface. Layer 2 Eth-Trunk interfaces are mainly used to increase bandwidth for communication between devices in different VLANs. Configuration procedures in this section are optional.
Before configuring Layer 2 attributes for an Eth-Trunk interface, complete the fallowing tasks: l l Configuring an Eth-Trunk Interface in Manual Load Balancing Mode Configuring an Eth-Trunk Interface in Static LACP Mode
Data Preparation
To configure Layer 2 attributes for an Eth-Trunk interface, you need the following data.
No. 1 2 3 4 5
Data Eth-Trunk ID Type and number of each Eth-Trunk member interface Upper and lower thresholds of Up member links Weight of each member interface Mode for Eth-Trunk member interfaces to send trap messages
3.6.2 (Optional) Configuring the Minimum Number of Up Member Links

After the number of Up member links falls below the minimum number, the Eth-Trunk link goes Down. Configuring the minimum number of Up member links guarantees the minimum bandwidth provided by the Eth-Trunk link.
Procedure
Step 1 Run:
system-view


portswitch
The Layer 3 Eth-Trunk interface is switched to the Layer 2 mode. Step 4 Run:
least active-linknumber link-number
The minimum number of Up member links is set. The default value is 1. That is, the Eth-Trunk link is Up as long as one member link is Up.
NOTE
l The minimum number of Up member links can be configured on both Layer 2 and Layer 3 Eth-Trunk interfaces. l Configuring the same minimum number of Up member links for Eth-Trunk interfaces at the two ends of a link is recommended for data transmission.
----End
3-38
Issue 01 (2011-05-30)
3.6.3 (Optional) Configuring the Maximum Number of Up Member Links

After the number of Up member links reaches the upper threshold, the bandwidth of the EthTrunk link does not increase even if more member links go Up. This ensures high network reliability and guarantees sufficient bandwidth.
Procedure
Step 1 Run:
system-view


portswitch
max bandwidth-affected-linknumber link-number
The maximum number of Up member links is set. The default value is 16.
NOTE
The max bandwidth-affected-linknumber command can be configured only on Layer 2 Eth-Trunk interfaces.
----End
3.6.4 (Optional) Configuring an Eth-Trunk Interface to Carry Out Load Balancing

Configuring a load balancing mode ensures bandwidth utilization or orderly packet transmission.
Procedure
Step 1 Run:
system-view


portswitch
Issue 01 (2011-05-30)
3-39
load-balance { src-dst-mac | src-dst-ip | packet-all }
A load balancing mode is configured for the Eth-Trunk interface. By default, Layer 3 Eth-Trunk interfaces carry out load balancing based on IP addresses; Layer 2 Eth-Trunk interfaces carry out load balancing based on MAC addresses. To ensure the bandwidth usage of each member link, configure packet-all to allow the EthTrunk interface to carry out per-packet load balancing. l Per-packet load balancing distributes traffic among member links. Data is transmitted packet by packet. l Per-packet load balancing guarantees bandwidth usage of each member link, but not orderly packet transmission. Therefore, it is applicable to the scenario where orderly packet transmission is not strictly required. l Layer 3 Eth-Trunk interfaces cannot carry out load balancing based on MAC addresses. To ensure that packets arrive at the destination in sequence, configure src-dst-ip, src-dst-mac to allow the Eth-Trunk interface to carry out per-destination load balancing. l Per-destination load balancing differentiates data flows based on MAC addresses or IP addresses and allows packets of one data flow to be transmitted through the same member link. l Per-destination load balancing guarantees orderly data transmission, but not the bandwidth usage of each member link. ----End
3.6.5 (Optional) Configuring Weights for Member Interfaces

Member interfaces of an Eth-Trunk interface can be configured with different weights to carry out load balancing.
Procedure
Step 1 Run:
system-view

The view of an Eth-Trunk member interface is displayed. Step 3 Run:

distribute-weight weight-value
A weight is configured for the interface. For an Eth-Trunk interface, the sum of weights of all its member interfaces cannot be greater than 16. The Eth-Trunk interface implements load balancing based on the weight of each member interface.
On an Eth-Trunk interface, the greater the weight of a member interface is, the heavier traffic the member interface carries. By default, the weight of a member interface is 1.
NOTE
If an Eth-Trunk interface transmits multicast traffic and the distribute-weight command is used to change the load balancing weight for a member interface, run the shutdown and undo shutdown commands to restart the member interface to make the configuration take effect.
----End
3.6.6 (Optional) Configuring the Mode for Eth-Trunk Member Interfaces to Send Traps
After an Eth-Trunk member interface goes Up or Down, the trap sent by using a public MIB does not carry information about the Eth-Trunk interface. To allow the trap to carry information about the Eth-Trunk interface, you can configure traps to be sent by using a private MIB.
Context
Do as follows on the devices at both ends.
Procedure
Step 1 Run:
system-view

trunk-member trap in private-mib enable
Eth-Trunk member interfaces are configured to send traps by using a private MIB after EthTrunk member interfaces go Up or Down. By default, traps are sent by using a public MIB after Eth-Trunk member interfaces go Up or Down. Traps sent by using a public MIB do not carry information about the Eth-Trunk interface. To allow traps to carry information about the Eth-Trunk interface, use this command to change the mode for sending traps by using a private MIB. ----End

After Layer 2 attributes are successfully configured for an Eth-Trunk interface, you can view brief information about the Eth-Trunk interface, including physical status, protocol status, and interface bandwidth utilization.
Prerequisite
The configurations of Layer 2 attributes for an Eth-Trunk interface are complete.
Procedure
l l Run the display interface eth-trunk [ trunk-id ] command to check the Eth-Trunk interface status. Run the display interface brief command to check brief information about the Eth-Trunk interface, including physical status, protocol status, and bandwidth utilization.
----End
Example
Run the display interface eth-trunk command. If information about the Eth-Trunk interface, including the IP address, MAC address, and load balancing mode, is displayed, it means that the configuration succeeds. For example:
<HUAWEI> display interface Eth-Trunk 1 Eth-Trunk1 current state : UP Line protocol current state : UP Last line protocol up time: 2008-04-02, 11:00:19 Description : Eth-Trunk1 Interface Route Port,Hash arithmatic : According to flow,The Maximum Transmit Unit is 1500 Internet protocol processing : disabled IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc09-9722 Physical is ETH_TRUNK Current system time: 2010-08-29 20:26:18 Statistics last cleared: 2008-08-02 15:32:27 Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec Input: 1 packets,3 bytes, 7 unicast,9 broadcast,8 multicasts 10 errors,5 drops,11 unknowprotocol Output: 2 packets,4 bytes, 12 unicast,14 broadcast,13x multicasts 15 errors,6 drops Input bandwidth utilization : 0.00% Output bandwidth utilization : 0.00% ----------------------------------------------------PortName Status Weight ----------------------------------------------------GigabitEthernet1/0/1 UP 1 GigabitEthernet1/0/2 UP 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 2
Run the display interface brief command. If the brief information about the Eth-Trunk interface, including the physical status, link protocol status, bandwidth utilization, and error packet number, is displayed, it means that the configuration succeeds. For example:
<HUAWEI> display interface brief | begin Eth-Trunk PHY: Physical *down: administratively down ^down: standby (l): loopback (s): spoofing (b): BFD down (d): Dampening Suppressed InUti/OutUti: input utility/output utility Interface PHY Protocol InUti Eth-Trunk1 up up 0% GigabitEthernet2/0/1 up up 0% GigabitEthernet3/0/1 up up 0% Eth-Trunk1.1 up up 0%
OutUti 0% 0% 0% 0%
inErrors 0 0 0 0
outErrors 0 0 0 0
3-42
Issue 01 (2011-05-30)
3.7 Configuring Layer 3 Attributes for an Eth-Trunk Interface

To use an Eth-Trunk interface to transmit Layer 3 packets, you need to configure Layer 3 attributes for the Eth-Trunk interface. 3.7.1 Establishing the Configuration Task Before configuring Layer 3 attributes for an Eth-Trunk interface, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately. 3.7.2 Configuring an IP address for an Eth-Trunk Interface IP addresses are assigned to Eth-Trunk interfaces for communication between network devices. 3.7.3 (Optional) Configuring a MAC Address for an Eth-Trunk Interface If multiple Layer 3 Eth-Trunk interfaces on the CX device are connected to Layer 2 interfaces on a switch, the Layer 3 Eth-Trunk interfaces must be configured with MAC addresses to ensure that packets from the switch can be correctly sent to the Layer 3 Eth-Trunk interfaces. 3.7.4 (Optical) Configuring the MTU for an Eth-Trunk Interface Configuring the maximum transmission unit (MTU) for each Eth-Trunk interface to ensure communications between network devices. 3.7.5 (Optional) Configuring the Minimum Number of Up Member Links If the number of Up member links of an Eth-Trunk link falls below the minimum number, the Eth-Trunk link goes Down. Configuring the minimum number of Up member links guarantees the minimum bandwidth provided by the Eth-Trunk link. 3.7.6 (Optional) Configuring a Load Balancing Mode for an Eth-Trunk Interface Configuring a load balancing mode ensures bandwidth utilization or orderly packet transmission. 3.7.7 (Optional) Configuring Weights for Member Interfaces Member interfaces of an Eth-Trunk interface can be configured with different weights to carry out load balancing. 3.7.8 (Optional) Configuring the Load Balancing Mode for Access Users on an Eth-Trunk Interface Load balancing can be implemented among member interfaces of an Eth-Trunk interface based on the traffic volume of access users or the number of access users. 3.7.9 (Optional) Configuring the Mode for Eth-Trunk Member Interfaces to Send Traps After an Eth-Trunk member interface goes Up or Down, the trap sent by using a public MIB does not carry information about the Eth-Trunk interface. To allow the trap to carry information about the Eth-Trunk interface, you can configure traps to be sent by using a private MIB. 3.7.10 Checking the Configuration After Layer 3 attributes are successfully configured for an Eth-Trunk interface, you can view information about the Eth-Trunk interface, including the interface status, information about its member interfaces, and the forwarding table for the Eth-Trunk interface.
Issue 01 (2011-05-30)
3-43

Before configuring Layer 3 attributes for an Eth-Trunk interface, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately.
To use an Eth-Trunk interface as a Layer 3 interface, you need to configure Layer 3 attributes for the Eth-Trunk interface.
Before configuring Layer 3 attributes for an Eth-Trunk interface, complete the following task: l Creating an Eth-Trunk interface
Data Preparation
Before configuring Layer 3 attributes for an Eth-Trunk interface, you need the following data. No. 1 2 3 4 Data IP address of the Eth-Trunk interface MAC address of the Eth-Trunk interface Minimum number of Up member links Weight of each member interface
3.7.2 Configuring an IP address for an Eth-Trunk Interface

IP addresses are assigned to Eth-Trunk interfaces for communication between network devices.
Procedure
Step 1 Run:
system-view


ip address ip-address { mask | mask-length } [ sub ]
An IP address is assigned to the Eth-Trunk interface. ----End

3.7.3 (Optional) Configuring a MAC Address for an Eth-Trunk Interface

If multiple Layer 3 Eth-Trunk interfaces on the CX device are connected to Layer 2 interfaces on a switch, the Layer 3 Eth-Trunk interfaces must be configured with MAC addresses to ensure that packets from the switch can be correctly sent to the Layer 3 Eth-Trunk interfaces.
Procedure
Step 1 Run:
system-view


mac-address mac-address
A MAC address is configured for the Eth-Trunk interface.

NOTE
The mac-address command is available for only Layer 3 Eth-Trunk interfaces. If the MAC address of an Eth-Trunk interface that has a large number of sub-interfaces is changed, many ARP update packets will be sent to the peer. If the peer is configured with CP CAR, increase the bandwidth for ARP packets to prevent the loss of ARP update packets.
----End
3.7.4 (Optical) Configuring the MTU for an Eth-Trunk Interface

Configuring the maximum transmission unit (MTU) for each Eth-Trunk interface to ensure communications between network devices.
Procedure
Step 1 Run:
system-view

An Eth-Trunk interface is created. By default, the Eth-Trunk interface works in Layer 3 mode. Step 3 Run:
mtu mtu
The MTU is set for the Eth-Trunk interface. The MTU is expressed in bytes.
By default, the MTU is 1500 bytes.
CAUTION
l Layer 2 Eth-Trunk interfaces cannot be configured with MTUs. l Interfaces at both ends of a directly-connected link must be the same. If the mtu command is used to change the MTU of an interface, use this command to change the MTU of the peer interface. Otherwise, there is a possibility that services are interrupted. l If IPv6 runs on an Eth-Trunk interface, running the mtu command to set the MTU value to be smaller than 1280 bytes will cause IPv6 unable to work properly on this interface. To prevent such a problem, setting the MTU to a value not less than 1280 bytes is recommended for an Eth-Trunk interface that uses IPv6. ----End
3.7.5 (Optional) Configuring the Minimum Number of Up Member Links

If the number of Up member links of an Eth-Trunk link falls below the minimum number, the Eth-Trunk link goes Down. Configuring the minimum number of Up member links guarantees the minimum bandwidth provided by the Eth-Trunk link.
Procedure
Step 1 Run:
system-view


least active-linknumber link-number
The minimum number of Up member links is configured. The default value is 1. That is, the Eth-Trunk link is Up as long as one member link is Up.
NOTE
l The minimum number of Up member links can be configured on both Layer 2 and Layer 3 Eth-Trunk interfaces. l Configuring the same minimum number of Up member links for Eth-Trunk interfaces at the two ends of a link is recommended for data transmission.
----End
3-46
Issue 01 (2011-05-30)
3.7.6 (Optional) Configuring a Load Balancing Mode for an EthTrunk Interface

Configuring a load balancing mode ensures bandwidth utilization or orderly packet transmission.
Procedure
Step 1 Run:
system-view


load-balance { src-dst-mac | src-dst-ip | packet-all }
A load balancing mode is configured for the Eth-Trunk interface. By default, Layer 3 Eth-Trunk interfaces carry out load balancing based on IP addresses; Layer 2 Eth-Trunk interfaces carry out load balancing based on MAC addresses. To ensure the bandwidth usage of each member link, configure packet-all to allow the EthTrunk interface to carry out per-packet load balancing. l Per-packet load balancing distributes traffic among member links. Data is transmitted packet by packet. l Per-packet load balancing guarantees bandwidth usage of each member link, but not orderly packet transmission. Therefore, it is applicable to the scenario where orderly packet transmission is not strictly required. l Layer 3 Eth-Trunk interfaces cannot carry out load balancing based on MAC addresses. To ensure that packets arrive at the destination in sequence, configure src-dst-ip, src-dst-mac to allow the Eth-Trunk interface to carry out per-destination load balancing. l Per-destination load balancing differentiates data flows based on MAC addresses or IP addresses and allows packets of one data flow to be transmitted through the same member link. l Per-destination load balancing guarantees orderly data transmission, but not the bandwidth usage of each member link. ----End
3.7.7 (Optional) Configuring Weights for Member Interfaces

Member interfaces of an Eth-Trunk interface can be configured with different weights to carry out load balancing.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-05-30)
3-47

The view of an Eth-Trunk member interface is displayed. Step 3 Run:

distribute-weight weight-value
A weight is configured for the interface. For an Eth-Trunk interface, the sum of weights of all its member interfaces cannot be greater than 16. The Eth-Trunk interface implements load balancing based on the weight of each member interface. On an Eth-Trunk interface, the greater the weight of a member interface is, the heavier traffic the member interface carries. By default, the weight of a member interface is 1.
NOTE
If an Eth-Trunk interface transmits multicast traffic and the distribute-weight command is used to change the load balancing weight for a member interface, run the shutdown and undo shutdown commands to restart the member interface to make the configuration take effect.
----End
3.7.8 (Optional) Configuring the Load Balancing Mode for Access Users on an Eth-Trunk Interface
Load balancing can be implemented among member interfaces of an Eth-Trunk interface based on the traffic volume of access users or the number of access users.
Context
NOTE
The load balancing mode for access users on an Eth-Trunk interface cannot be configured on the X1 models of the CX600 series.
Procedure
Step 1 Run:
system-view


bas-load-balance { flow-mode | user-mode }
The load balancing mode is configured on the Eth-Trunk interface for access users. The CX device supports the configuration of a load balancing mode based on the traffic volume of access users or the number of access users.
When users get online, the control plane identifies different user traffic based on the HQoS configurations and the status of online users, and then distributes traffic to member interfaces of the Eth-Trunk interface to minimize the number of access users on each member interface or to maximize the remaining bandwidth of each member interface. By default, an Eth-Trunk interface implements load balancing based on the number of access users. ----End
3.7.9 (Optional) Configuring the Mode for Eth-Trunk Member Interfaces to Send Traps
After an Eth-Trunk member interface goes Up or Down, the trap sent by using a public MIB does not carry information about the Eth-Trunk interface. To allow the trap to carry information about the Eth-Trunk interface, you can configure traps to be sent by using a private MIB.
Context
Do as follows on the devices at both ends.
Procedure
Step 1 Run:
system-view

trunk-member trap in private-mib enable
Eth-Trunk member interfaces are configured to send traps by using a private MIB after EthTrunk member interfaces go Up or Down. By default, traps are sent by using a public MIB after Eth-Trunk member interfaces go Up or Down. Traps sent by using a public MIB do not carry information about the Eth-Trunk interface. To allow traps to carry information about the Eth-Trunk interface, use this command to change the mode for sending traps by using a private MIB. ----End

After Layer 3 attributes are successfully configured for an Eth-Trunk interface, you can view information about the Eth-Trunk interface, including the interface status, information about its member interfaces, and the forwarding table for the Eth-Trunk interface.
Prerequisite
The configurations of Layer 3 attributes for an Eth-Trunk interface are complete.
Procedure
l l l Run the display interface eth-trunk [ trunk-id ] command to check the status of the EthTrunk interface. Run the display trunkmembership eth-trunk trunk-id command to check information about member interfaces of the Eth-Trunk interface. Run the display trunkfwdtbl eth-trunk trunk-id [ slot slot-id ] command to check the forwarding table for the Eth-Trunk interface.
----End
Example
Run the display interface eth-trunk command. If information about the Eth-Trunk interface, such as the IP address, MAC address, and load balancing mode, is displayed, it means that the configuration succeeds. For example:
<HUAWEI> display interface Eth-Trunk 1 Eth-Trunk1 current state : UP Line protocol current state : UP Last line protocol up time: 2008-04-02, 11:00:19 Description : Eth-Trunk1 Interface, Route Port Route Port,Hash arithmatic : According to flow,The Maximum Transmit Unit is 1500 Internet Address is 100.1.1.1/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc09-9722 Physical is ETH_TRUNK Current system time: 2010-08-29 20:26:18 Statistics last cleared: 2008-08-02 15:32:27 Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec Input: 1 packets,3 bytes, 7 unicast,9 broadcast,8 multicasts 10 errors,5 drops,11 unknowprotocol Output: 2 packets,4 bytes, 12 unicast,14 broadcast,13x multicasts 15 errors,6 drops Input bandwidth utilization : 0.00% Output bandwidth utilization : 0.00% ----------------------------------------------------PortName Status Weight ----------------------------------------------------GigabitEthernet1/0/1 UP 1 GigabitEthernet1/0/2 UP 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 2
Run the display trunkmembership eth-trunk command. If the usage and working modes of member interfaces are displayed, it means that the configuration succeeds. For example:
<HUAWEI> display trunkmembership eth-trunk 0 Trunk ID: 0 used status: VALID TYPE: ethernet Working Mode : Normal Working State: Normal Number Of Ports in Trunk = 2 Number Of UP Ports in Trunk = 1 operate status: up Interface GigabitEthernet1/0/1, valid, operate up, weight=1, Interface GigabitEthernet1/0/2, valid, operate down, weight=1,
3-50
Issue 01 (2011-05-30)
Run the display trunkfwdtbl eth-trunk command. If the number of the interfaces on the active and standby Eth-Trunk member links is displayed, it means that the configuration succeeds. For example:
<HUAWEI> display trunkfwdtbl eth-trunk 1 Show the Trunk Forwarding Table Eth-Trunk1's forwarding table is: MASTER GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0
SLAVE GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0 GigabitEthernet1/0/0
3.8 Configuring an Eth-Trunk Sub-interface

Layer 2 and Layer 3 Eth-Trunk interfaces on the CX600 can be configured with sub-interfaces. Creating a sub-interface on a Layer 2 Eth-Trunk interface and then configuring MPLS TE on the sub-interface enable a physical link to transmit both Layer 2 and Layer 3 services. 3.8.1 Establishing the Configuration Task Before configuring an Eth-Trunk sub-interface, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately. 3.8.2 Creating an Eth-Trunk Sub-interface If a Layer 3 device uses an Eth-Trunk interface to connect to a Layer 2 device, a sub-interface needs to be created on the Eth-Trunk interface to make the two devices communicate with each other. 3.8.3 Configuring an IP address for an Eth-Trunk Sub-interface IP addresses are assigned to Eth-Trunk sub-interfaces for communication between network devices. 3.8.4 Configuring the Encapsulation Type for an Eth-Trunk Sub-interface If a Layer 3 device uses an Eth-Trunk sub-interface to connect to a Layer 2 device and the EthTrunk interface connecting the Layer 2 device to the Layer 3 device has been added to a specified VLAN, configure the encapsulation type for the Eth-Trunk sub-interface on the Layer 3 device for communication between the two devices. 3.8.5 (Optical) Configuring the MTU for an Eth-Trunk Sub-interface Configuring a proper MTU is the prerequisite for communication between network devices. 3.8.6 (Optional) Configuring the Rate for Eth-Trunk Sub-interfaces to Send Gratuitous ARP Packets To prevent the peer CX device from discarding gratuitous ARP packets, set a proper rate for Eth-Trunk sub-interfaces on the local CX device to send gratuitous ARP packets so that the peer CX device can receive all the packets.
3.8.7 Checking the Configuration After an Eth-Trunk sub-interface is successfully configured, you can view information about the sub-interface, including the IP address and MAC address.

Before configuring an Eth-Trunk sub-interface, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately.
Layer 2 and Layer 3 Eth-Trunk interfaces on the CX600 can be configured with sub-interfaces.
NOTE
l For applications of Eth-Trunk sub-interfaces in a VLAN, see VLAN Configuration. l For applications of Eth-Trunk sub-interfaces in QinQ, see QinQ Configuration.
In addition to the preceding applications, Layer 2 Eth-Trunk sub-interfaces can be used in the following situation: If MPLS TE is required and devices are connected by using Layer 2 Eth-Trunk interfaces that cannot be configured with MPLS TE, you can configure a sub-interface on the Layer 2 EthTrunk interface and configure MPLS TE on the sub-interface. In this manner, a physical link can transmit both Layer 2 and Layer 3 services.
Before configuring an Eth-Trunk sub-interface, complete the following tasks: l l Creating an Eth-Trunk interface Using physical links to connect devices
Data Preparation
To configure an Eth-Trunk sub-interface, you need the following data. No. 1 2 3 4 Data Number of the Eth-Trunk interface Number of the Eth-Trunk sub-interface VLAN ID associated with the sub-interface Rate at which gratuitous ARP packets are sent
3.8.2 Creating an Eth-Trunk Sub-interface

If a Layer 3 device uses an Eth-Trunk interface to connect to a Layer 2 device, a sub-interface needs to be created on the Eth-Trunk interface to make the two devices communicate with each other.
Procedure
l Creating a Layer 3 Eth-Trunk sub-interface 1. Run:
system-view

interface eth-trunk trunk-id.subnumber
A sub-interface is created and the sub-interface view is displayed. subnumber specifies the number of the Eth-Trunk sub-interface. The number ranges from 1 to 4096. l Creating a Layer 2 Eth-Trunk sub-interface 1. Run:
system-view

A Layer 3 Eth-Trunk interface is created. 3. Run:

portswitch
The Layer 3 Eth-Trunk interface is switched to the Layer 2 mode. By default, an Eth-Trunk interface works in Layer 3 mode. 4. Run:
A sub-interface is created for the Layer 2 Eth-Trunk interface. ----End
3.8.3 Configuring an IP address for an Eth-Trunk Sub-interface

IP addresses are assigned to Eth-Trunk sub-interfaces for communication between network devices.
Procedure
Step 1 Run:
system-view

interface eth-trunk interface-number.subinterface-number
The Eth-Trunk sub-interface view is displayed. Step 3 Run:

An IP address is assigned to the Eth-Trunk sub-interface.

For details about IP address configuration, see the HUAWEI CX600 Metro Services Platform Configuration Guide - IP Services. If two or more IP addresses are configured for an Eth-Trunk interface, the keyword sub must be used to indicate the second ip address and the following ip addresses. ----End
3.8.4 Configuring the Encapsulation Type for an Eth-Trunk Subinterface

If a Layer 3 device uses an Eth-Trunk sub-interface to connect to a Layer 2 device and the EthTrunk interface connecting the Layer 2 device to the Layer 3 device has been added to a specified VLAN, configure the encapsulation type for the Eth-Trunk sub-interface on the Layer 3 device for communication between the two devices.
Procedure
Step 1 Run:
system-view


vlan-type dot1q vlan-id
The encapsulation type and associated VLAN ID are configured for the Eth-Trunk sub-interface.
NOTE
An Eth-Trunk sub-interface on the CX600 can be associated with one VLAN. For the configuration about sub-interfaces for dot1q or QinQ VLAN tag termination, see QinQ Configuration.
By default, a sub-interface is not configured with any encapsulation type or VLAN ID. For communication in a VLAN, the interfaces at the two ends of a link must be configured with the same VLAN ID. VLAN IDs configured for the Layer 2 Eth-Trunk interface and its sub-interface must be different. ----End
3.8.5 (Optical) Configuring the MTU for an Eth-Trunk Subinterface

Configuring a proper MTU is the prerequisite for communication between network devices.
3-54
Issue 01 (2011-05-30)
Context
NOTE
If the mtu command is used to change the MTU of an interface, run this command on each peer interface to change its MTU to the same value. Otherwise, there is a possibility that services are interrupted.
Do as follows on each device:
Procedure
Step 1 Run:
system-view

interface eth-trunk interface-number.subinterface-number

mtu mtu
The MTU is set for the Eth-Trunk sub-interface. The MTU ranges from 46 to 9600, in bytes. By default, the MTU is 1500 bytes.
NOTE
The Quality of Service (QoS) queue length is limited. If the MTU is too small whereas the packet size is large, packets are probably divided into many fragments, and thus discarded by the QoS queue. To resolve this problem, lengthen the QoS queue.
----End
3.8.6 (Optional) Configuring the Rate for Eth-Trunk Sub-interfaces to Send Gratuitous ARP Packets
To prevent the peer CX device from discarding gratuitous ARP packets, set a proper rate for Eth-Trunk sub-interfaces on the local CX device to send gratuitous ARP packets so that the peer CX device can receive all the packets.
Procedure
Step 1 Run:
system-view


arp send-speed-limit limit
The rate for sub-interfaces of the Eth-Trunk interface to send gratuitous ARP packets is set. By default, the rate is 2000 packets per second.
To prevent the peer CX device from discarding gratuitous ARP packets, limit the rate for EthTrunk sub-interfaces on the local CX device to send gratuitous ARP packets so that the peer CX device is able to receive all the gratuitous ARP packets sent by the local CX device. ----End

After an Eth-Trunk sub-interface is successfully configured, you can view information about the sub-interface, including the IP address and MAC address.
Prerequisite
The configurations of an Eth-Trunk sub-interface are complete.
Procedure
Step 1 Run the display interface eth-trunk [ trunk-id [ .subnumber ] ] command to check the status of the Eth-Trunk sub-interface. ----End
Example
Run the display interface eth-trunk command. If information about the Eth-Trunk subinterface, including its IP address and MAC address, is displayed, it means that the configuration succeeds. For example:
<HUAWEI> display interface eth-trunk 1.1 Eth-Trunk1.1 current state : UP Line protocol current state : UP Description : Eth-Trunk1.1 Interface Hash arithmetic : According to IP, The Maximum Transmit Unit is 1500 Internet Address is 10.10.10.100/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-3f60-ec00 Encapsulation dot1q Virtual LAN, The number of Vlan is 1, Vlan ID 2 Current system time: 2010-08-25 00:28:20 Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Realtime 77 seconds input rate 0 bits/sec, 0 packets/sec Realtime 77 seconds output rate 0 bits/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknowprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops Input bandwidth utilization : 0.00% Output bandwidth utilization : 0.00% ----------------------------------------------------PortName Status Weight ----------------------------------------------------GigabitEthernet1/0/0 UP 1 ----------------------------------------------------The Number of Ports in Trunk : 1 The Number of UP Ports in Trunk : 1
3.9 Configuring E-Trunk

Enhanced Trunk (E-Trunk) is an extension of LACP to implement link aggregation among multiple devices. It guarantees device-level link reliability.
3.9.1 Establishing the Configuration Task Before configuring E-Trunk, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately. 3.9.2 Configuring the LACP System ID and Priority for E-Trunk To make the CE consider the two PEs as one device, configure the same LACP priority and system ID for both the master PE and the backup PE in the E-Trunk group. 3.9.3 Creating an E-Trunk Group and Configuring the E-Trunk Priority E-Trunk priorities determine the master and backup devices in the E-Trunk group. 3.9.4 Configuring Local and Peer IP Addresses E-Trunk packets carry the source IP address and protocol port number that are configured on the local device. To change either of the IP addresses of the two devices, change the other IP address accordingly. Otherwise, E-Trunk packets will be discarded. 3.9.5 (Optional)Binding an E-Trunk Group to a BFD Session A device cannot rapidly detect a fault on the peer by merely relying on the timeout period for receiving packets. To help the device rapidly detect a fault on the peer, configure Bidirectional Forwarding Detection (BFD) on the device. Each device in the E-Trunk group must be specified with a peer IP address, and a BFD session is configured on both devices. In this manner, if a fault occurs, the BFD session notifies the devices of the fault so that the devices can respond in time. 3.9.6 Adding an Eth-Trunk Interface to an E-Trunk Group After an E-Trunk group is successfully configured, add Eth-Trunk interfaces to the E-Trunk group to enable LACP on the two devices. E-Trunk helps to implement inter-device link aggregation, thus improving network reliability. 3.9.7 (Optional) Configuring the Working Mode for an Eth-Trunk Interface Only Eth-Trunk interfaces that have been added to E-Trunk groups can be configured with working modes. An Eth-Trunk interface can work in automatic, forcible master, or forcible backup mode. 3.9.8 (Optional) Configuring a Password To enhance system security, set a password on each device. The passwords set for the two devices in an E-Trunk group must be the same. 3.9.9 (Optional) Configuring a Timeout Period If the backup E-Trunk does not receive any Hello packet from the peer before the timeout period expires, the backup E-Trunk becomes the master E-Trunk after the timeout period expires. The timeout period refers to the one contained in the Hello packet sent from the peer but not the one set on the local device. 3.9.10 (Optional) Setting a Revert Delay If a revert delay is set for the master E-Trunk, after the E-Trunk recovers, it becomes the master E-Trunk only after the revert delay expires. This delays the switching of traffic from the backup E-Trunk to the master E-Trunk, thus preventing service interruption. 3.9.11 Checking the Configuration After an E-Trunk group is successfully configured, you can view information about the E-Trunk group, including the E-Trunk priority, system ID, source IP address, peer IP address, revert delay, master/backup status, and reason for the master/backup status.
Issue 01 (2011-05-30)
3-57

Before configuring E-Trunk, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately.
As shown in Figure 3-7, two Eth-Trunk interfaces in static LACP mode connect a CE to two PEs to access the VPLS network. The two links back up each other. In addition, the two EthTrunk interfaces on the PEs are configured as an E-Trunk group so that PE1 and PE2 back up each other. In this manner, the network reliability is enhanced. Figure 3-7 Networking diagram of E-Trunk
PE1
-T Eth
k run
10
LACP E-Trunk System ID:1-1-1 LACP E-Trunk Priority:100 E-Trunk Priority:10
E-Trunk1 CE E th-T runk 10 PE2
MPLS/IP core
LACP E-Trunk System ID:1-1-1 LACP E-Trunk Priority:100 E-Trunk Priority:20
Before configuring E-Trunk, complete the following tasks: l l Using physical links to connect devices Configuring Eth-Trunk interfaces in static LACP mode
Data Preparation
To configure E-Trunk, you need the following data. No. 1 2 3 4 5
3-58
Data LACP system ID and priority E-Trunk ID and priority Eth-Trunk interface number and working mode IP address of each interface Password
No. 6
Data Interval at which Hello packets are sent and multiplier for detecting Hello packets
3.9.2 Configuring the LACP System ID and Priority for E-Trunk

To make the CE consider the two PEs as one device, configure the same LACP priority and system ID for both the master PE and the backup PE in the E-Trunk group.
Context
Do as follows on the devices in the E-Trunk group:
Procedure
Step 1 Run:
system-view

lacp e-trunk system-id mac-address
The LACP system ID is configured for the E-Trunk group. By default, the LACP system ID of an E-Trunk group is the MAC address of the Ethernet interface on the MPU/SRU. The LACP system ID of the master device in the E-Trunk group must be the same as that of the backup device. Step 3 Run:
lacp e-trunk priority priority
The LACP priority is configured for the E-Trunk group. By default, the LACP priority for the E-Trunk group is 32768. The LACP priority of the master device in the E-Trunk group must be the same as that of the backup device. ----End
3.9.3 Creating an E-Trunk Group and Configuring the E-Trunk Priority

E-Trunk priorities determine the master and backup devices in the E-Trunk group.
Context
Procedure
Step 1 Run:
system-view

e-trunk e-trunk-id
An E-Trunk group is created. A maximum of 64 E-Trunk groups can be created on a device. If the E-Trunk group already exists, running the e-trunk e-trunk-id command displays the ETrunk view. Step 3 Run:
priority priority
The E-Trunk priority is configured for the local device. The E-Trunk priority determines the master/backup status of the local device in the E-Trunk group. The device with a higher priority is the master. The smaller the priority value, the higher the priority. If the E-Trunk priorities of the two devices are the same, the device with the smaller system ID is the master. By default, the E-Trunk priority value is 100. ----End
3.9.4 Configuring Local and Peer IP Addresses

E-Trunk packets carry the source IP address and protocol port number that are configured on the local device. To change either of the IP addresses of the two devices, change the other IP address accordingly. Otherwise, E-Trunk packets will be discarded.
Context
Procedure
Step 1 Run:
system-view

e-trunk e-trunk-id
The E-Trunk view is displayed. Step 3 Run:

peer-address peer-ip-address source-address source-ip-address
The local and peer IP addresses are configured.

The peer IP address of the local device is the source IP address of the peer device. The source IP address of the local device is the peer IP address of the peer device. For example, an E-Trunk group is configured on device A and device B. If the peer and local IP addresses of device A are set to 2.2.2.2 and 1.1.1.1 respectively, the peer and local IP addresses of device B must be set to 1.1.1.1 and 2.2.2.2 respectively. ----End
3.9.5 (Optional)Binding an E-Trunk Group to a BFD Session

A device cannot rapidly detect a fault on the peer by merely relying on the timeout period for receiving packets. To help the device rapidly detect a fault on the peer, configure Bidirectional Forwarding Detection (BFD) on the device. Each device in the E-Trunk group must be specified with a peer IP address, and a BFD session is configured on both devices. In this manner, if a fault occurs, the BFD session notifies the devices of the fault so that the devices can respond in time. Do as follows on the devices in the E-Trunk group:
Procedure
Step 1 Run:
system-view

e-trunk e-trunk-id

e-trunk track bfd-session session-id
The E-Trunk group is bound to a BFD session. The BFD session is configured to rapidly detect a fault on the control link between the two devices in the E-Trunk group. ----End
3.9.6 Adding an Eth-Trunk Interface to an E-Trunk Group

After an E-Trunk group is successfully configured, add Eth-Trunk interfaces to the E-Trunk group to enable LACP on the two devices. E-Trunk helps to implement inter-device link aggregation, thus improving network reliability.
Context
Procedure
Step 1 Run:
system-view
Issue 01 (2011-05-30)
3-61

The Eth-Trunk interface view is displayed. Only Eth-Trunk interfaces in static LACP mode can be added to E-Trunk groups. Step 3 Run:
e-trunk e-trunk-id remote-eth-trunk eth-trunk-id
The Eth-Trunk interface is added to the E-Trunk group. An Eth-Trunk interface can be added to only one E-Trunk group. If Eth-Trunk IDs created on one PE are different from those created on the other PE, configure remote-eth-trunk with specified peer Eth-Trunk IDs when adding Eth-Trunk interfaces in static LACP mode to the E-Trunk group, thus ensuring that the E-Trunk group works properly. ----End
3.9.7 (Optional) Configuring the Working Mode for an Eth-Trunk Interface

Only Eth-Trunk interfaces that have been added to E-Trunk groups can be configured with working modes. An Eth-Trunk interface can work in automatic, forcible master, or forcible backup mode.
Context
Procedure
Step 1 Run:
system-view

The Eth-Trunk interface view is displayed. Only Eth-Trunk interfaces in static LACP mode can be added to an E-Trunk group. Step 3 Run:
e-trunk mode { auto | force-master | force-backup }
A work mode is configured for the Eth-Trunk interface. By default, Eth-Trunk interfaces in an E-Trunk group work in automatic mode. This command can be used for only Eth-Trunk interfaces that have been added to an E-Trunk group, and the configuration will be automatically deleted after the Eth-Trunk interface exits from the E-Trunk group.
If the working mode of the Eth-Trunk interface is set to automatic or is switched from forcible master/backup to automatic, the status of the local Eth-Trunk interface will be determined by the local E-Trunk status and whether the peer Eth-Trunk interface is faulty. l If the local E-Trunk status is Master, the local Eth-Trunk interface works in forcible master mode. l If the local E-Trunk status is Backup and the peer Eth-Trunk is faulty, the local Eth-Trunk interface works in forcible master mode. After the local Eth-Trunk interface receives a message indicating that the peer Eth-Trunk interface recovers, the local Eth-Trunk interface becomes Backup. Changing the interval at which packets are sent or the timeout period for receiving packets when the E-Trunk group works properly will cause the E-Trunk status to alternate between Master and Backup. Therefore, set the working mode of the Eth-Trunk interface to forcible master/ backup before changing the interval or timeout period. After new configurations take effect, restore the working mode to automatic. ----End
3.9.8 (Optional) Configuring a Password

To enhance system security, set a password on each device. The passwords set for the two devices in an E-Trunk group must be the same.
Context
CAUTION
If simple is configured, the password will be saved into the configuration file in plain text. Users at low levels can easily obtain the password by viewing the configuration file, threatening the network security. Therefore, configuring cipher to save the password in cipher text is recommended. Do as follows on the devices in the E-Trunk group:
Procedure
Step 1 Run:
system-view

e-trunk e-trunk-id

security-key { simple simple-key | cipher cipher-key }
A password is configured for encrypting packets. A password can be configured to enhance the system security. Passwords configured on the two devices in an E-Trunk group must be the same.
The password can be configured in either plain or cipher text. l If the password is in plain text, it is directly displayed in the configuration file. l If the password is in cipher text, the password is displayed as illegible characters in the configuration file. ----End
3.9.9 (Optional) Configuring a Timeout Period

If the backup E-Trunk does not receive any Hello packet from the peer before the timeout period expires, the backup E-Trunk becomes the master E-Trunk after the timeout period expires. The timeout period refers to the one contained in the Hello packet sent from the peer but not the one set on the local device.
Context
Procedure
Step 1 Run:
system-view

e-trunk e-trunk-id

timer hello hello-value
The interval at which Hello packets are sent is configured. By default, the interval is 10 x 100 ms, that is, a Hello packet is sent every second. Step 4 Run:
timer hold-on-failure multiplier multiplier
The multiplier for detecting Hello packets is configured. The peer device checks the timeout period carried in the received packet to determine whether the local device times out. If the peer device is Backup and does not receive Hello packets sent by the local device within the timeout period, the peer device becomes Master after the timeout period. Timeout period = Sending interval x Multiplier. It is recommended to set the multiplier to 3 or larger. By default, the multiplier for detecting Hello packets is 20. ----End
3.9.10 (Optional) Setting a Revert Delay

If a revert delay is set for the master E-Trunk, after the E-Trunk recovers, it becomes the master E-Trunk only after the revert delay expires. This delays the switching of traffic from the backup E-Trunk to the master E-Trunk, thus preventing service interruption.
Context
If E-Trunk works together with other features, after the fault on the original master E-Trunk is rectified, the Eth-Trunk interface becomes the master E-Trunk again prior to restoration of other services. If traffic is switched back immediately after the master E-Trunk recovers, services will be interrupted. If a revert delay is set for the master E-Trunk, after the E-Trunk recovers, it becomes the master E-Trunk only after the revert delay expires. This delays the switching of traffic from the backup E-Trunk to the master E-Trunk, thus preventing service interruption. Do as follows on the devices in the E-Trunk group:
Procedure
Step 1 Run:
system-view

e-trunk e-trunk-id

timer revert delay delay-value
A revert delay is set. By default, the revert delay is 120 seconds. ----End

After an E-Trunk group is successfully configured, you can view information about the E-Trunk group, including the E-Trunk priority, system ID, source IP address, peer IP address, revert delay, master/backup status, and reason for the master/backup status.
Prerequisite
The configurations of the E-Trunk group are complete.
Procedure
Step 1 Run the display e-trunk etrunk-id command to check configurations of the E-Trunk group. ----End
Example
Run the display e-trunk command. If the E-Trunk priority, system ID, source and peer IP addresses, timeout period, and statistics about packets are displayed, it means that the configuration succeeds. For example:
<HUAWEI> display e-trunk 1 The E-Trunk information E-TRUNK-ID : 1 Revert-Delay-Time (s) : 120 Priority : 10 System-ID : 00e0-e213-9100 Peer-IP : 1.1.1.2 Source-IP : 1.1.1.1 State : Master Causation : TIMEOUT Send-Period (100ms) : 9 Fail-Time (100ms) : 27 Receive : 1 Send : 1006 RecDrop : 0 SndDrop : 0 Peer-Priority : Peer-System-ID : Peer-Fail-Time (100ms) : BFD-Session : 1 -------------------------------------------------------------------------------The Member information Type ID LocalPhyState Work-Mode State Causation Eth-Trunk 10 Up auto Master ETRUNK_MASTER
3.10 Maintaining Eth-Trunk Interfaces

Statistics clearing commands helps to locate faults on Eth-Trunk interfaces. 3.10.1 Clearing Statistics About an Eth-Trunk Interface Before collecting traffic statistics in a specified time period on an interface, clear the existing statistics on the interface.
3.10.1 Clearing Statistics About an Eth-Trunk Interface

Before collecting traffic statistics in a specified time period on an interface, clear the existing statistics on the interface.
Context
CAUTION
Statistics cannot be restored after it is cleared. Exercise caution when running the commands. To clear the statistics, run the following reset command in the user view:
Procedure
l l Run the reset counters interface eth-trunk [ trunk-id ] command to clear statistics about an Eth-Trunk interface. Run the reset e-trunk packet-statistics [ e-trunk-id e-trunk-id ] command to clear statistics about E-Trunk packets.
----End

This section describes typical application scenarios for Eth-Trunk interfaces, providing networking requirements, configuration roadmap, data preparation, and configuration files.
NOTE
3.11.1 Example for Configuring Eth-Trunk Interfaces in Manual Load Balancing Mode In this networking, establishing an Eth-Trunk interface, adding interfaces to the Eth-Trunk interface, and selecting active member interfaces are all manually configured, without the participation of LACP. In manual load balancing mode, all active member interfaces participate in data forwarding and load balancing. 3.11.2 Example for Configuring an Eth-Trunk Interface in 1:1 Active/Standby Mode In this networking, an Eth-Trunk interface has only two member interfaces: an active interface and a standby interface. This networking is applicable to the scenario where one end or both ends do not support LACP. 3.11.3 Example for Configuring Eth-Trunk Interfaces in Static LACP Mode In static LACP mode, creating an Eth-Trunk interface and adding interfaces to the Eth-Trunk interface are manually configured. LACP packets are sent to negotiate link aggregation parameters to determine active and non-active member interfaces in an LAG. 3.11.4 Example for Associating an Eth-Trunk Interface in Static LACP Mode with an mVRRP Backup Group In the networking, the status of the mVRRP backup group determines the status of the associated Eth-Trunk interface in static LACP mode. 3.11.5 Example for Configuring Eth-Trunk Interfaces in Static LACP Mode to Communicate over a VLL Network 3.11.6 Example for Configuring a Layer 2 Eth-Trunk Interface to Allow VLAN Frames to Pass Through Eth-Trunk interfaces on two devices are configured to allow all VLAN frames between the two devices to pass through, and thus the two devices can communicate with each other. 3.11.7 Example for Configuring a Layer 3 Eth-Trunk Interface in Manual Load Balancing Mode In this networking, only the configuration of the IP addresses of Layer 3 Eth-Trunk interfaces differs from that in the example for configuring an Eth-Trunk interface in manual load balancing mode. 3.11.8 Example for Configuring Inter-VLAN Communication by Using Eth-Trunk Subinterfaces To allow devices in different VLANs to communicate with each other, create Eth-Trunk subinterfaces on the Eth-Trunk interfaces interconnecting a router and a switch, configure the 802.1Q encapsulation mode and an IP address on each sub-interface, and associate each subinterface with a VLAN. In this manner, the devices in different VLANs can communicate with each other by using a Layer 2 switch and a router. 3.11.9 Example for Connecting an E-Trunk to a VPLS Network Without E-Trunk, a CE can be connected to only one PE by using an Eth-Trunk link. In this case, if the Eth-Trunk link or the PE fails, the CE cannot communicate with the PE. By using E-Trunk, a CE can be dual-homed to two PEs, which implements device-level link reliability.
3.11.10 Example for Connecting an E-Trunk to PW Redundancy
3.11.1 Example for Configuring Eth-Trunk Interfaces in Manual Load Balancing Mode
In this networking, establishing an Eth-Trunk interface, adding interfaces to the Eth-Trunk interface, and selecting active member interfaces are all manually configured, without the participation of LACP. In manual load balancing mode, all active member interfaces participate in data forwarding and load balancing.
As shown in Figure 3-8, CX- A and CX- B are two CX600s. It is required that the link between CX- A and CX- B be highly reliable and traffic be transmitted through member links. Figure 3-8 Networking diagram for link aggregation in manual load balancing mode
Eth-Trunk 1 GE1/0/1 GE1/0/2 GE1/0/3 Eth-Trunk 1 GE1/0/1 GE1/0/2 GE1/0/3
Eth-Trunk
CX-A
CX-B
The configuration roadmap is as follows: 1. 2. 3. Create an Eth-Trunk interface. Add interfaces to the Eth-Trunk interface. Verify the configuration.
NOTE
After an Eth-Trunk interface is created, it works in the default mode, that is, the manual load balancing mode. Therefore, the manual load balancing mode does not need to be configured for an Eth-Trunk interface by default. If the current working mode is not manual load balancing, use the mode command to change the mode to manual load balancing. For details, see the chapter "Link Aggregation" in the Command Reference.
Data Preparation
To complete the configuration, you need the following data: l l Number of the LAG Type and number of the member interface of the Eth-Trunk
Procedure
Step 1 Create an Eth-Trunk interface. # Configure CX- A.
<HUAWEI> system-view
3-68
Issue 01 (2011-05-30)
[HUAWEI] sysname CX-A [CX-A] interface eth-trunk 1 [CX-A-Eth-Trunk1] quit
# Configure CX- B.
<HUAWEI> system-view [HUAWEI] sysname CX-B [CX-B] interface eth-trunk 1 [CX-B-Eth-Trunk1] quit
Step 2 Add interfaces to the Eth-Trunk interface. # Configure CX-A.

[CX-A] interface gigabitethernet 1/0/1 [CX-A-Gigabitethernet1/0/1] undo shutdown [CX-A-Gigabitethernet1/0/1] eth-trunk 1 [CX-A-Gigabitethernet1/0/1] quit [CX-A] interface gigabitethernet 1/0/2 [CX-A-Gigabitethernet1/0/2] undo shutdown [CX-A-Gigabitethernet1/0/2] eth-trunk 1 [CX-A-Gigabitethernet1/0/2] quit [CX-A] interface gigabitethernet 1/0/3 [CX-A-Gigabitethernet1/0/3] undo shutdown [CX-A-Gigabitethernet1/0/3] eth-trunk 1 [CX-A-Gigabitethernet1/0/3] quit
# Configure CX-B.
[CX-B] interface gigabitethernet 1/0/1 [CX-B-Gigabitethernet1/0/1] undo shutdown [CX-B-Gigabitethernet1/0/1] eth-trunk 1 [CX-B-Gigabitethernet1/0/1] quit [CX-B] interface gigabitethernet 1/0/2 [CX-B-Gigabitethernet1/0/2] undo shutdown [CX-B-Gigabitethernet1/0/2] eth-trunk 1 [CX-B-Gigabitethernet1/0/2] quit [CX-B] interface gigabitethernet 1/0/3 [CX-B-Gigabitethernet1/0/3] undo shutdown [CX-B-Gigabitethernet1/0/3] eth-trunk 1 [CX-B-Gigabitethernet1/0/3] quit
Step 3 Verify the configuration. Run the display trunkmembership command in any view. You can check whether Eth-Trunk 1 is created and whether interfaces are correctly added. Use CX- A as an example.
[CX-A] display trunkmembership eth-trunk 1 Trunk ID: 1 used status: VALID TYPE: ethernet Working Mode : Normal Working State: Normal Number Of Ports in Trunk = 3 Number Of UP Ports in Trunk = 3 operate status: up Interface GigabitEthernet1/0/1, valid, operate up, weight=1, Interface GigabitEthernet1/0/2, valid, operate up, weight=1, Interface GigabitEthernet1/0/3, valid, operate up, weight=1,
----End
Configuration Files
l Configuration file of CX- A
#
Issue 01 (2011-05-30)
3-69

sysname CX-A # interface Eth-Trunk1 # interface GigabitEthernet1/0/1 undo shutdown eth-trunk 1 # interface GigabitEthernet1/0/2 undo shutdown eth-trunk 1 # interface GigabitEthernet1/0/3 undo shutdown eth-trunk 1 # return
Configuration file of CX- B

# sysname CX-B # interface Eth-Trunk1 # interface GigabitEthernet1/0/1 undo shutdown eth-trunk 1 # interface GigabitEthernet1/0/2 undo shutdown eth-trunk 1 # interface GigabitEthernet1/0/3 undo shutdown eth-trunk 1 # return
3.11.2 Example for Configuring an Eth-Trunk Interface in 1:1 Active/Standby Mode

In this networking, an Eth-Trunk interface has only two member interfaces: an active interface and a standby interface. This networking is applicable to the scenario where one end or both ends do not support LACP.
As shown in Figure 3-9, CX- A and CX- D are CX600s. Transit devices can receive Flush packets. Master and backup links need to be configured between CX- A and CX- D to implement reliable transmission.
3-70
Issue 01 (2011-05-30)
Figure 3-9 Networking diagram for configuring link aggregation in 1:1 active/standby mode
CX-B GE 2/0/1 GE 2/0/2 GE 2/0/3
CX-A GE 1/0/1
Main interface
Main interface CX-D GE 1/0/1
Eth -Trunk 1 GE 1/0/2 GE 2/0/2 GE 2/0/1 CX-C
Eth - Trunk 1 GE 1/0/2 GE 2/0/3
Active links Backup links
The configuration roadmap is as follows: Do as follows on theCX-s that need to be configured with link aggregation in 1:1 active/standby mode. 1. 2. 3. Create an Eth-Trunk interface and set the working mode of the Eth-Trunk interface to 1:1 active/standby. Add interfaces to the Eth-Trunk interface and specify an active member interface. Enable interfaces to send Flush packets.
Do as follows on each transit device: 1. 2. 3. Create a control VLAN. Enable interfaces to receive packets from the control VLAN. Enable interfaces to receive Flush packets.
Data Preparation
To complete the configuration, you need the following data: l l l Number of the LAG on CX- A and CX- D Type and number of each member interface Control VLAN ID
Procedure
Step 1 Create an Eth-Trunk interface and set the working mode of the Eth-Trunk interface to 1:1 active/ standby.
# Create an Eth-Trunk interface on CX- A and set the working mode of the Eth-Trunk interface to 1:1 active/standby.
<HUAWEI> system-view [HUAWEI] sysname CX-A [CX-A] interface eth-trunk 1 [CX-A-Eth-Trunk1] portswitch [CX-A-Eth-Trunk1] mode manual backup [CX-A-Eth-Trunk1] quit
# Create an Eth-Trunk interface on CX- D and set the working mode of the Eth-Trunk interface to 1:1 active/standby.
<HUAWEI> system-view [HUAWEI] sysname CX-D [CX-D] interface eth-trunk 1 [CX-D-Eth-Trunk1] portswitch [CX-D-Eth-Trunk1] mode manual backup [CX-D-Eth-Trunk1] quit
Step 2 Add interfaces to the Eth-Trunk interface and specify an active member interface. # On CX- A, add GE 1/0/1 and GE 1/0/2 to Eth-Trunk 1 and specify GE 1/0/1 as the active interface.
[CX-A] interface gigabitethernet 1/0/1 [CX-A-GigabitEthernet1/0/1] undo shutdown [CX-A-GigabitEthernet1/0/1] eth-trunk 1 [CX-A-GigabitEthernet1/0/1] port-master [CX-A-GigabitEthernet1/0/1] quit [CX-A] interface gigabitethernet 1/0/2 [CX-A-GigabitEthernet1/0/2] undo shutdown [CX-A-GigabitEthernet1/0/2] eth-trunk 1 [CX-A-GigabitEthernet1/0/2] quit
# On CX- D, add GE 1/0/1 and GE 1/0/2 to Eth-Trunk 1 and specify GE 1/0/1 as the active interface.
[CX-D] interface gigabitethernet 1/0/1 [CX-D-GigabitEthernet1/0/1] undo shutdown [CX-D-GigabitEthernet1/0/1] eth-trunk 1 [CX-D-GigabitEthernet1/0/1] port-master [CX-D-GigabitEthernet1/0/1] quit [CX-D] interface gigabitethernet 1/0/2 [CX-D-GigabitEthernet1/0/2] undo shutdown [CX-D-GigabitEthernet1/0/2] eth-trunk 1 [CX-D-GigabitEthernet1/0/2] quit
Step 3 Enable interfaces to send Flush packets. # Enable the interface on CX- A to send Flush packets.
[CX-A] interface eth-trunk 1 [CX-A-Eth-Trunk1] smart-link flush send vlan 5 [CX-A-Eth-Trunk1] quit
# Enable the interface on CX- D to send Flush packets.

[CX-D] interface eth-trunk 1 [CX-D-Eth-Trunk1] smart-link flush send vlan 5 [CX-D-Eth-Trunk1] quit
Step 4 Create a control VLAN on each transit device. # Configure CX- B.

<HUAWEI> system-view [HUAWEI] sysname CX-B
3-72
Issue 01 (2011-05-30)
[CX-B] vlan 5 [CX-B-vlan5] quit
# Configure CX- C.
<HUAWEI> system-view [HUAWEI] sysname CX-C [CX-C] vlan 5 [CX-C-vlan5] quit
Step 5 Enable interfaces on the transit devices to receive packets from the control VLAN. # Configure CX- B.
[CX-B] interface gigabitethernet 2/0/1 [CX-B-GigabitEthernet2/0/1] undo shutdown [CX-B-GigabitEthernet2/0/1] portswitch [CX-B-GigabitEthernet2/0/1] port trunk allow-pass vlan 5 [CX-B-GigabitEthernet2/0/1] quit [CX-B] interface gigabitethernet 2/0/2 [CX-B-GigabitEthernet2/0/2] undo shutdown [CX-B-GigabitEthernet2/0/2] portswitch [CX-B-GigabitEthernet2/0/2] port trunk allow-pass vlan 5 [CX-B-GigabitEthernet2/0/2] quit [CX-B] interface gigabitethernet 2/0/3 [CX-B-GigabitEthernet2/0/3] undo shutdown [CX-B-GigabitEthernet2/0/3] portswitch [CX-B-GigabitEthernet2/0/3] port trunk allow-pass vlan 5 [CX-B-GigabitEthernet2/0/3] quit
# Configure CX- C.
[CX-C] interface gigabitethernet 2/0/1 [CX-C-GigabitEthernet2/0/1] undo shutdown [CX-C-GigabitEthernet2/0/1] portswitch [CX-C-GigabitEthernet2/0/1] port trunk allow-pass vlan 5 [CX-C-GigabitEthernet2/0/1] quit [CX-C] interface gigabitethernet 2/0/2 [CX-C-GigabitEthernet2/0/2] undo shutdown [CX-C-GigabitEthernet2/0/2] portswitch [CX-C-GigabitEthernet2/0/2] port trunk allow-pass vlan 5 [CX-C-GigabitEthernet2/0/2] quit [CX-C] interface gigabitethernet 2/0/3 [CX-C-GigabitEthernet2/0/3] undo shutdown [CX-C-GigabitEthernet2/0/3] portswitch [CX-C-GigabitEthernet2/0/3] port trunk allow-pass vlan 5 [CX-C-GigabitEthernet2/0/3] quit
Step 6 Enable interfaces on the transit devices to receive Flush packets. # Configure CX- B.
[CX-B] interface gigabitethernet 2/0/1 [CX-B-GigabitEthernet2/0/1] smart-link flush enable control-vlan 5 [CX-B-GigabitEthernet2/0/1] quit [CX-B] interface gigabitethernet 2/0/2 [CX-B-GigabitEthernet2/0/2] smart-link flush enable control-vlan 5 [CX-B-GigabitEthernet2/0/2] quit [CX-B] interface gigabitethernet 2/0/3 [CX-B-GigabitEthernet2/0/3] smart-link flush enable control-vlan 5 [CX-B-GigabitEthernet2/0/3] quit
# Configure CX- C.
[CX-C] interface gigabitethernet 2/0/1 [CX-C-GigabitEthernet2/0/1] smart-link flush enable control-vlan 5 [CX-C-GigabitEthernet2/0/1] quit [CX-C] interface gigabitethernet 2/0/2 [CX-C-GigabitEthernet2/0/2] smart-link flush enable control-vlan 5 [CX-C-GigabitEthernet2/0/2] quit
Issue 01 (2011-05-30)
3-73
[CX-C] interface gigabitethernet 2/0/3 [CX-C-GigabitEthernet2/0/3] smart-link flush enable control-vlan 5 [CX-C-GigabitEthernet2/0/3] quit
Step 7 Verify the configuration. # Check information about the LAG on the CX-s that are configured with link aggregation in 1:1 active/standby mode. Use CX- A as an example. If the configuration is correct, you can view information about the working mode, active member interface, and standby member interface.
[CX-A] display eth-trunk 1 Eth-Trunk1's state information is: WorkingMode: BACKUP WorkingState: Master -------------------------------------------------------------------------------PortName Slave/Master GigabitEthernet1/0/1 M GigabitEthernet1/0/2 S
# Check the configurations about the interfaces on the transit devices. Use GE 2/0/1 on CX- B as an example.
[CX-B-GigabitEthernet2/0/1] display current-configuration interface gigabitethernet 2/0/1 port trunk allow-pass vlan 5 smart-link flush enable control-vlan 5
----End
Configuration Files
# sysname CX-A # interface Eth-Trunk1 portswitch mode manual backup smart-link flush send vlan 5 # interface GigabitEthernet1/0/1 undo shutdown eth-trunk 1 port-master # interface GigabitEthernet1/0/2 undo shutdown eth-trunk 1 # return

# sysname CX-B # vlan batch 5 # interface GigabitEthernet2/0/1 undo shutdown portswitch port trunk allow-pass vlan 5 smart-link flush enable control-vlan 5 # interface GigabitEthernet2/0/2 undo shutdown portswitch port trunk allow-pass vlan 5
3-74
Issue 01 (2011-05-30)
smart-link flush enable control-vlan 5 # interface GigabitEthernet2/0/3 undo shutdown portswitch port trunk allow-pass vlan 5 smart-link flush enable control-vlan 5 # return
Configuration file of CX- C

# sysname CX-C # vlan batch 5 # interface GigabitEthernet2/0/1 undo shutdown portswitch port trunk allow-pass vlan 5 smart-link flush enable control-vlan 5 # interface GigabitEthernet2/0/2 undo shutdown portswitch port trunk allow-pass vlan 5 smart-link flush enable control-vlan 5 # interface GigabitEthernet2/0/3 undo shutdown portswitch port trunk allow-pass vlan 5 smart-link flush enable control-vlan 5 # return
Configuration file of CX- D

# sysname CX-D # interface Eth-Trunk1 portswitch mode manual backup smart-link flush send vlan 5 # interface GigabitEthernet1/0/1 undo shutdown eth-trunk 1 port-master # interface GigabitEthernet1/0/2 undo shutdown eth-trunk 1 # return
3.11.3 Example for Configuring Eth-Trunk Interfaces in Static LACP Mode

In static LACP mode, creating an Eth-Trunk interface and adding interfaces to the Eth-Trunk interface are manually configured. LACP packets are sent to negotiate link aggregation parameters to determine active and non-active member interfaces in an LAG.
Issue 01 (2011-05-30)
3-75
On the two CX-s shown in Figure 3-10, an LAG in static LACP mode needs to be configured to improve bandwidth and reliability. The requirements are as follows: l l l m active links carry out load balancing. n backup links exist between two devices. If a fault occurs on an active link, a backup link replaces the faulty link to ensure reliable data transmission. A member interface enabled with preemption becomes active after it recovers.
Figure 3-10 Networking diagram for link aggregation in static LACP mode
Eth-Trunk 1 GE1/0/1 GE1/0/2 GE1/0/3 Eth-Trunk 1 GE1/0/1 GE1/0/2 GE1/0/3
Eth-Trunk
CX-A
CX-B
Active links Backup links
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. 7. Create an Eth-Trunk interface on the CX- and configure the Eth-Trunk interface to work in static LACP mode. Add interfaces to the Eth-Trunk interface. Configure LACP system priorities to determine the Actor. Configure the maximum number of active member interfaces. Configure LACP interface priorities to determine active member links. Configure LACP preemption and set a delay for LACP preemption. Verify the configuration.
Data Preparation
To complete the configuration, you need the following data: l l l l l Number of the LAG on CX-s LACP system priority of CX- A Maximum number of active member interfaces LACP priority of each active member interface Delay for LACP preemption
Procedure
Step 1 Create an Eth-Trunk interface and configure the Eth-Trunk interface to work in static LACP mode.
# Configure CX- A.
<CX-A> system-view [CX-A] interface eth-trunk 1 [CX-A-Eth-Trunk1] mode lacp-static [CX-A-Eth-Trunk1] quit
# Configure CX- B.
<CX-B> system-view [CX-B] interface eth-trunk 1 [CX-B-Eth-Trunk1] mode lacp-static [CX-B-Eth-Trunk1] quit
Step 2 Add interfaces to the Eth-Trunk interface. # Configure CX- A.

[CX-A] interface gigabitethernet 1/0/1 [CX-A-Gigabitethernet1/0/1] undo shutdown [CX-A-Gigabitethernet1/0/1] eth-trunk 1 [CX-A-Gigabitethernet1/0/1] quit [CX-A] interface gigabitethernet 1/0/2 [CX-A-Gigabitethernet1/0/2] undo shutdown [CX-A-Gigabitethernet1/0/2] eth-trunk 1 [CX-A-Gigabitethernet1/0/2] quit [CX-A] interface gigabitethernet 1/0/3 [CX-A-Gigabitethernet1/0/3] undo shutdown [CX-A-Gigabitethernet1/0/3] eth-trunk 1 [CX-A-Gigabitethernet1/0/3] quit
# Configure CX- B.
[CX-B] interface gigabitethernet 1/0/1 [CX-B-Gigabitethernet1/0/1] undo shutdown [CX-B-Gigabitethernet1/0/1] eth-trunk 1 [CX-B-Gigabitethernet1/0/1] quit [CX-B] interface gigabitethernet 1/0/2 [CX-B-Gigabitethernet1/0/2] undo shutdown [CX-B-Gigabitethernet1/0/2] eth-trunk 1 [CX-B-Gigabitethernet1/0/2] quit [CX-B] interface gigabitethernet 1/0/3 [CX-B-Gigabitethernet1/0/3] undo shutdown [CX-B-Gigabitethernet1/0/3] eth-trunk 1 [CX-B-Gigabitethernet1/0/3] quit
Step 3 Set the LACP system priority of CX- A to 100 so that CX- A functions as the Actor.
[CX-A] lacp priority 100
Step 4 Set the maximum number of active member interfaces on CX- A to 2.

[CX-A] interface eth-trunk 1 [CX-A-Eth-Trunk1] max active-linknumber 2
NOTE
When CX- A functions as the Actor, CX- B does not need to be configured with the maximum number of active member interfaces.
Step 5 Set LACP interface priorities to determine active member links. # Configure CX- A.
[CX-A] interface gigabitethernet [CX-A-Gigabitethernet1/0/1] lacp [CX-A-Gigabitethernet1/0/1] quit [CX-A] interface gigabitethernet [CX-A-Gigabitethernet1/0/2] lacp [CX-A-Gigabitethernet1/0/2] quit [CX-A] interface gigabitethernet 1/0/1 priority 100 1/0/2 priority 100 1/0/3
Issue 01 (2011-05-30)
3-77
[CX-A-Gigabitethernet1/0/3] lacp priority 150 [CX-A-Gigabitethernet1/0/3] quit
# Configure CX- B.
[CX-B] interface gigabitethernet [CX-B-Gigabitethernet1/0/1] lacp [CX-B-Gigabitethernet1/0/1] quit [CX-B] interface gigabitethernet [CX-B-Gigabitethernet1/0/2] lacp [CX-B-Gigabitethernet1/0/2] quit [CX-B] interface gigabitethernet [CX-B-Gigabitethernet1/0/3] lacp [CX-B-Gigabitethernet1/0/3] quit 1/0/1 priority 100 1/0/2 priority 100 1/0/3 priority 150
Step 6 Configure LACP preemption and set a delay for LACP preemption. # Configure CX- A.
[CX-A] interface eth-trunk 1 [CX-A-Eth-Trunk1] lacp preempt enable [CX-A-Eth-Trunk1] lacp preempt delay 20
# Configure CX- B.
[CX-B] interface eth-trunk 1 [CX-B-Eth-Trunk1] lacp preempt enable [CX-B-Eth-Trunk1] lacp preempt delay 20
Step 7 Verify the configuration. # View information about the LAG on the CX-s to check whether the LACP negotiation succeeds.
[CX-A] display eth-trunk 1 Eth-Trunk1's state information is: Local: LAG ID: 1 WorkingMode: STATIC Preempt Delay: 20 Hash arithmetic: According to flow System Priority: 100 System ID: 00e0-fca8-0417 Least Active-linknumber: 1 Max active-linknumber: 2 Operate status: up Number Of Up Port In Trunk: 2 ---------------------------------------------------------------------------------------ActorPortName Status PortType PortPri PortNo PortKey PortState Weight GigabitEthernet1/0/1 Selected 1GE 100 6145 2865 11111100 1 GigabitEthernet1/0/2 Selected 1GE 100 6146 2865 11111100 1 GigabitEthernet1/0/3 Unselect 1GE 150 6147 2865 11100000 1 Partner: ActorPortName SysPri SystemID PortPri PortNo PortKey PortState GigabitEthernet1/0/1 32768 00e0-fca6-7f85 32768 6145 2609 11111100 GigabitEthernet1/0/2 32768 00e0-fca6-7f85 32768 6146 2609 11111100 GigabitEthernet1/0/3 32768 00e0-fca6-7f85 32768 6147 2609 11110000 <CX-B> display eth-trunk 1 Eth-Trunk1's state information is: Local: LAG ID: 1 WorkingMode: STATIC Preempt Delay: 20 Hash arithmetic: According to flow System Priority: 32768 System ID: 00e0-fca6-7f85 Least Active-linknumber: 1 Max active-linknumber: 16 Operate status: up Number Of Up Port In Trunk: 2 -------------------------------------------------------------------------------------------ActorPortName Status PortType PortPri PortNo PortKey PortState Weight GigabitEthernet1/0/1 Selected 1GE 32768 6145 2609 11111100 1
3-78
Issue 01 (2011-05-30)
GigabitEthernet1/0/2 Selected 1GE 32768 6146 2609 11111100 1 GigabitEthernet1/0/3 Unselect 1GE 32768 6147 2609 11100000 1 Partner: -----------------------------------------------------------------------------ActorPortName SysPri SystemID PortPri PortNo PortKey PortState GigabitEthernet1/0/1 32768 00e0-fca8-0417 100 6145 2865 11111100 GigabitEthernet1/0/2 32768 00e0-fca8-0417 100 6146 2865 11111100 GigabitEthernet1/0/3 32768 00e0-fca8-0417 150 6147 2865 11110000
The preceding information shows that the LACP system priority of CX- A is 100, which is higher than the LACP system priority of CX- B. In the LAG, GE 1/0/1 and GE 1/0/2 are active and in the Selected state. GE 1/0/3 is in the Unselected state. In this case, load balancing can be implemented on two member links and the remaining member link backs up. ----End
Configuration Files
# sysname CX-A # lacp priority 100 # interface Eth-Trunk1 mode lacp-static max active-linknumber 2 lacp preempt enable lacp preempt delay 20 # interface GigabitEthernet1/0/1 undo shutdown eth-trunk 1 lacp priority 100 # interface GigabitEthernet1/0/2 undo shutdown eth-trunk 1 lacp priority 100 # interface GigabitEthernet1/0/3 undo shutdown eth-trunk 1 lacp priority 150 # return

# sysname CX-B # interface Eth-Trunk1 mode lacp-static lacp preempt enable lacp preempt delay 20 # interface GigabitEthernet1/0/1 undo shutdown eth-trunk 1 lacp priority 100 # interface GigabitEthernet1/0/2 undo shutdown eth-trunk 1 lacp priority 100
Issue 01 (2011-05-30)
3-79

# interface GigabitEthernet1/0/3 undo shutdown eth-trunk 1 lacp priority 150 # return
3.11.4 Example for Associating an Eth-Trunk Interface in Static LACP Mode with an mVRRP Backup Group
In the networking, the status of the mVRRP backup group determines the status of the associated Eth-Trunk interface in static LACP mode.
As shown in Figure 3-11, a CE is dual-homed to two UPEs by using Eth-Trunk interfaces in static LACP mode. An mVRRP backup group is configured on the two UPEs and VRRP tracking interface status is configured. Initially, UPE1 is Master and UPE2 is Backup. After VRRP detects that the physical interface GE 1/0/4 on UPE1 goes Down, the master/backup switchover is performed in the mVRRP backup group but traffic is still interrupted. Analysis shows that traffic is not switched from the link between the CE and UPE1 to the link between the CE and UPE2, causing traffic interruption. To prevent the problem, associate the Eth-Trunk interface in static LACP mode with the mVRRP backup group on the UPEs. Figure 3-11 Typical networking for associating an Eth-Trunk interface in static LACP mode with an mVRRP backup group
IP/MPLS Core
Backup group 1 Virtual IP address:1.1.1.10 GE1/0/4 UPE1 GE1/0/1 Eth-Trunk 20 GE1/0/3 1.1.1.1/24 GE1/0/3 1.1.1.2/24 GE1/0/4 UPE2 GE1/0/2 Eth-Trunk 30
Eth-Trunk 10
GE 1
/0/
CE VRRP-tracked interface
3 GE 1 /0/ 4
3-80
G E1
1 GE /0/ 2 1
G E1
/0 /2
/0 /1
mVRRP
1 GE /0/
Issue 01 (2011-05-30)
After the Eth-Trunk interface in static LACP mode is associated with the mVRRP backup group, the master/backup status of the UPEs in the mVRRP backup group determines the status of the Eth-Trunk links: l l When UPE1 is Master and the Eth-Trunk link between the CE and UPE1 is Up, the EthTrunk link between the CE and UPE2 is Down. When UPE1 is Backup and the Eth-Trunk link between the CE and UPE1 is Down, the Eth-Trunk link between the CE and UPE2 is Up.
Configuration Notes
l The IDs of Eth-Trunk interfaces to which GE interfaces on the CE, UPE1, and UPE2 are added can be different. The Eth-Trunk interfaces must work in static LACP mode. l An mVRRP backup group must be configured on directly-connected UPEs to implement a fast switchover in the VRRP backup group. An mVRRP backup group is able to ignore the event that the interface goes Down. If the interface where the mVRRP backup group resides goes Down, the mVRRP backup group rapidly changes to Master but not Initialize.
The configuration roadmap is as follows: 1. Configure Eth-Trunk interfaces to work in static LACP mode. (1) Configure Eth-Trunk interfaces with different IDs to work in static LACP mode on the CE, UPE1, and UPE2. (2) Add GE interfaces to the Eth-Trunk interfaces. 2. Configure an mVRRP backup group on UPEs. (1) Create VRRP backup group 1 on GE 1/0/3 of UPE1 and configure UPE1 with a higher VRRP priority to ensure that UPE1 is Master. (2) Create VRRP backup group 1 on GE 1/0/3 of UPE2 and configure UPE2 with the default VRRP priority (lower than the VRRP priority of UPE1) to ensure that UPE2 is Backup. 3. 4. Configure VRRP tracking interface status on UPEs. Associate the Eth-Trunk interfaces in static LACP mode with the mVRRP backup group.
Data Preparation
To complete the configuration, you need the following data: l l l l
Issue 01 (2011-05-30)
IDs of the Eth-Trunk interfaces in static LACP mode on the CE, UPE1, and UPE2 Types and numbers of interfaces that will be added to the Eth-Trunk interfaces in static LACP mode IDs and virtual IP addresses of the VRRP backup group and mVRRP backup group VRRP priority of UPE1
Procedure
Step 1 Configure Eth-Trunk interfaces in static LACP mode and add GE interfaces to the Eth-Trunk interfaces.
NOTE
Ensure that the GE interfaces to be added to Eth-Trunk interfaces in static LACP mode are Up. If a GE interface is Down, run the undo shutdown command in the view of the GE interface.
# Configure the CE.

<HUAWEI> system-view [HUAWEI] sysname CE [CE] interface Eth-Trunk 10 [CE-Eth-Trunk10] mode lacp-static [CE-Eth-Trunk10] trunkport gigabitethernet 1/0/1 to 1/0/4 [CE-Eth-Trunk10] quit
# Configure UPE1.
<HUAWEI> system-view [HUAWEI] sysname UPE1 [UPE1] interface Eth-Trunk 20 [UPE1-Eth-Trunk20] mode lacp-static [UPE1-Eth-Trunk20] trunkport gigabitethernet 1/0/1 to 1/0/2 [UPE1-Eth-Trunk20] quit
# Configure UPE2.
<HUAWEI> system-view [HUAWEI] sysname UPE2 [UPE2] interface Eth-Trunk 30 [UPE2-Eth-Trunk30] mode lacp-static [UPE2-Eth-Trunk30] trunkport gigabitethernet 1/0/1 to 1/0/2 [UPE2-Eth-Trunk30] quit
After the configurations, run the display eth-trunk command on the CE or a UPE to check whether the working mode of the Eth-Trunk interface is STATIC and to view the configuration of member interfaces. Use UPE1 as an example:
[UPE1] display eth-trunk 20 Eth-Trunk20's state information is: Local: LAG ID: 20 WorkingMode: STATIC Preempt Delay: Disabled Hash arithmetic: According to flow System Priority: 32768 System ID: 00e0-6923-4900 Least Active-linknumber: 1 Max Active-linknumber: 16 Operate status: up Number Of Up Port In Trunk: 2 -------------------------------------------------------------------------------ActorPortName Status PortType PortPri PortNo PortKey PortState Weight GigabitEthernet1/0/1 Selected 1GE 32768 257 5169 10111100 1 GigabitEthernet1/0/2 Selected 1GE 32768 258 5169 10111100 1 Partner: -------------------------------------------------------------------------------ActorPortName SysPri SystemID PortPri PortNo PortKey PortState GigabitEthernet1/0/1 32768 00e0-b94e-fb00 32768 257 2609 10111100 GigabitEthernet1/0/2 32768 00e0-b94e-fb00 32768 258 2609 10111100
Step 2 Configure the mVRRP backup group.
3-82
Issue 01 (2011-05-30)
NOTE
l In this example, you must configure the keyword ignore-if-down when configuring the mVRRP backup group. In this manner, if the interface where the mVRRP backup group resides goes Down, the VRRP backup group changes to Master but not Initialize. If the keyword ignore-if-down is not configured, when GE 1/0/3 on UPE1 goes Down, GE 1/0/3 on UPE2 also changes to Down. As a result, VRRP configured on GE 1/0/3 of UPE2 changes from Backup to Initialize, and the master/backup switchover in the mVRRP backup group cannot be implemented. l Except for a failure of UPE1, it is not recommended to run the shutdown command on GE 1/0/3 of UPE1. Otherwise, VRRP on both UPE1 and UPE2 becomes Master, causing service interruption. l In other scenarios, it is not recommended to configure the keyword ignore-if-down unless otherwise stated. Otherwise, the VRRP state machine is inconsistent with that defined in the RFC.
# Configure IP addresses of GE interfaces on UPE1 as described in Figure 3-11 and create VRRP backup group 1. Set the VRRP priority of UPE1 to 120 so that UPE1 functions as the master.
[UPE1] interface gigabitethernet 1/0/3 [UPE1-GigabitEthernet1/0/3] undo shutdown [UPE1-GigabitEthernet1/0/3] ip address 1.1.1.1 255.255.255.0 [UPE1-GigabitEthernet1/0/3] vrrp vrid 1 virtual-ip 1.1.1.10 [UPE1-GigabitEthernet1/0/3] vrrp vrid 1 priority 120 [UPE1-GigabitEthernet1/0/3] admin-vrrp vrid 1 ignore-if-down
# Configure IP addresses of GE interfaces on UPE2 as described in Figure 3-11 and create VRRP backup group 1. Configure the default VRRP priority value for UPE2. Thus, UPE2 functions as the backup.
[UPE2] interface gigabitethernet 1/0/3 [UPE2-GigabitEthernet1/0/3] undo shutdown [UPE2-GigabitEthernet1/0/3] ip address 1.1.1.2 255.255.255.0 [UPE2-GigabitEthernet1/0/3] vrrp vrid 1 virtual-ip 1.1.1.10 [UPE2-GigabitEthernet1/0/3] admin-vrrp vrid 1 ignore-if-down
Step 3 Configure VRRP tracking interface status. # Configure UPE1.

[UPE1-GigabitEthernet1/0/3] reduced 40 [UPE1-GigabitEthernet1/0/3] reduced 40 [UPE1-GigabitEthernet1/0/3] reduced 40 [UPE1-GigabitEthernet1/0/3] vrrp vrid 1 track interface gigabitethernet1/0/1 vrrp vrid 1 track interface gigabitethernet1/0/2 vrrp vrid 1 track interface gigabitethernet1/0/4 quit
# Configure UPE2.
[UPE2-GigabitEthernet1/0/3] reduced 40 [UPE2-GigabitEthernet1/0/3] reduced 40 [UPE2-GigabitEthernet1/0/3] reduced 40 [UPE2-GigabitEthernet1/0/3] vrrp vrid 1 track interface gigabitethernet1/0/1 vrrp vrid 1 track interface gigabitethernet1/0/2 vrrp vrid 1 track interface gigabitethernet1/0/4 quit
After the configurations, you can run the display vrrp command on UPE1 to check whether the status of UPE1 is Master or run the display vrrp command on UPE2 to check whether the status of UPE2 is Backup and view the type of the VRRP backup group and the tracked interface.
[UPE1] display vrrp GigabitEthernet1/0/3 | Virtual Router 1 State : Master Virtual IP : 1.1.1.10 Master IP : 1.1.1.1 PriorityRun : 120
Issue 01 (2011-05-30)
3-83
PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Track IF : GigabitEthernet1/0/1 priority reduced : 40 IF State : UP Track IF : GigabitEthernet1/0/2 priority reduced IF State : UP Track IF : GigabitEthernet1/0/4 priority reduced IF State : UP Config track link-bfd down-number : 0 [UPE2] display vrrp GigabitEthernet1/0/3 | Virtual Router 1 State : Backup Virtual IP : 1.1.1.10 Master IP : 1.1.1.2 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Track IF : GigabitEthernet1/0/1 priority reduced : 40 IF State : UP Track IF : GigabitEthernet1/0/2 priority reduced IF State : UP Track IF : GigabitEthernet1/0/4 priority reduced IF State : UP Config track link-bfd down-number : 0
: 40 : 40
: 40 : 40
Step 4 Associate an Eth-Trunk interface in static LACP mode with an mVRRP backup group. # Configure UPE1.
[UPE1] interface Eth-Trunk 20 [UPE1-Eth-Trunk20] lacp track vrrp vrid 1 interface gigabitethernet1/0/3 [UPE1-Eth-Trunk20] quit
# Configure UPE2.
[UPE2] interface Eth-Trunk 30 [UPE2-Eth-Trunk30] lacp track vrrp vrid 1 interface gigabitethernet1/0/3 [UPE2-Eth-Trunk30] quit
Step 5 Verify the configuration. l Run the display interface eth-trunk command on each UPE. You can see that the Eth-Trunk link between the CE and UPE1 is Up and the Eth-Trunk link between the CE and UPE2 is Down.
[UPE1] display interface eth-trunk 20 Eth-Trunk20 current state : UP Line protocol current state : DOWN Description:HUAWEI, Eth-Trunk20 Interface Route Port,Hash arithmetic : According to flow,Maximal BW: 2G, Current BW: 2G, The Maximum Transmit Unit is 1500 Internet protocol processing : disabled IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-6923-4900 Physical is ETH_TRUNK Current system time: 2010-08-29 20:26:18 QoS max-bandwidth : 0 Kbps
3-84
Issue 01 (2011-05-30)
Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queue : Size/Length/Discards) 0/256/0 Last 300 seconds input rate 64 bits/sec, 0 packets/sec Last 300 seconds output rate 56 bits/sec, 0 packets/sec Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec Input: 1044 packets,129456 bytes, 0 unicast,0 broadcast,1044 multicast 0 errors,0 drops,0 unknownprotocol Output:1051 packets,130324 bytes, 0 unicast,0 broadcast,1051 multicast 0 errors,0 drops Input bandwidth utilization : 0.00% Output bandwidth utilization : 0.00% ----------------------------------------------------PortName Status Weight ----------------------------------------------------GigabitEthernet1/0/1 UP 1 GigabitEthernet1/0/2 UP 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 2 [UPE2] display interface eth-trunk 30 Eth-Trunk30 current state : DOWN Line protocol current state : DOWN Description:HUAWEI, Eth-Trunk30 Interface Route Port,Hash arithmetic : According to flow,Maximal BW: 2G, Current BW: 0M, The Maximum Transmit Unit is 1500 Internet protocol processing : disabled IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-4c45-3500 Physical is ETH_TRUNK Current system time: 2010-08-29 20:30:18 QoS max-bandwidth : 0 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queue : Size/Length/Discards) 0/256/0 Last 300 seconds input rate 64 bits/sec, 0 packets/sec Last 300 seconds output rate 64 bits/sec, 0 packets/sec Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec Input: 1060 packets,131440 bytes, 0 unicast,0 broadcast,1060 multicast 0 errors,0 drops,0 unknownprotocol Output:1057 packets,131068 bytes, 0 unicast,0 broadcast,1057 multicast 0 errors,0 drops Input bandwidth utilization : 0.00% Output bandwidth utilization : 0.00% ----------------------------------------------------PortName Status Weight ----------------------------------------------------GigabitEthernet1/0/1 DOWN 1 GigabitEthernet1/0/2 DOWN 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 0
l Run the vrrp vrid 1 priority 140 command in the view of GE 1/0/3 on UPE2 to increase the VRRP priority of UPE2 so that UPE2 becomes Master and UPE1 becomes Backup. Then, do as follows on UPEs: On UPE1, run the display vrrp command and you can see that UPE1 is Backup; run the display interface eth-trunk command and you can see that the Eth-Trunk link between the CE and UPE1 is Down.
[UPE1] display vrrp
Issue 01 (2011-05-30)
3-85
GigabitEthernet1/0/3 | Virtual Router 1 State : Backup Virtual IP : 1.1.1.10 Master IP : 1.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 140 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Track IF : GigabitEthernet1/0/1 priority reduced : 40 IF State : UP Track IF : GigabitEthernet1/0/2 priority reduced : 40 IF State : UP Track IF : GigabitEthernet1/0/4 priority reduced : 40 IF State : UP Config track link-bfd down-number : 0 [UPE1] display interface Eth-Trunk 20 Eth-Trunk20 current state : DOWN Line protocol current state : DOWN Description:HUAWEI, Eth-Trunk20 Interface Route Port,Hash arithmetic : According to flow,Maximal BW: 2G, Current BW: 0M, T he Maximum Transmit Unit is 1500 Internet protocol processing : disabled IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-6923-4900 Physical is ETH_TRUNK Current system time: 2010-08-29 20:31:45 QoS max-bandwidth : 0 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queue : Size/Length/Discards) 0/256/0 Last 300 seconds input rate 96 bits/sec, 0 packets/sec Last 300 seconds output rate 104 bits/sec, 0 packets/sec Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec Input: 1109 packets,137516 bytes, 0 unicast,0 broadcast,1109 multicast 0 errors,0 drops,0 unknownprotocol Output:1117 packets,138508 bytes, 0 unicast,0 broadcast,1117 multicast 0 errors,0 drops Input bandwidth utilization : 0.00% Output bandwidth utilization : 0.00% ----------------------------------------------------PortName Status Weight ----------------------------------------------------GigabitEthernet1/0/1 DOWN 1 GigabitEthernet1/0/2 DOWN 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 0
On UPE2, run the display vrrp command and you can see that UPE2 is Master; run the display interface eth-trunk command and you can see that the Eth-Trunk link between the CE and UPE2 is Up.
[UPE2] display vrrp GigabitEthernet1/0/3 | Virtual Router 1 State : Master Virtual IP : 1.1.1.10 Master IP : 1.1.1.2 PriorityRun : 140 PriorityConfig : 140
3-86
Issue 01 (2011-05-30)
MasterPriority : 140 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Track IF : GigabitEthernet1/0/1 priority reduced : 40 IF State : UP Track IF : GigabitEthernet1/0/2 priority reduced : 40 IF State : UP Track IF : GigabitEthernet1/0/4 priority reduced : 40 IF State : UP Config track link-bfd down-number : 0 [UPE2] display interface Eth-Trunk 30 Eth-Trunk30 current state : UP Line protocol current state : DOWN Description:HUAWEI, Eth-Trunk30 Interface Route Port,Hash arithmetic : According to flow,Maximal BW: 2G, Current BW: 2G, The Maximum Transmit Unit is 1500 Internet protocol processing : disabled IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-4c45-3500 Physical is ETH_TRUNK Current system time: 2010-08-29 20:35:08 QoS max-bandwidth : 0 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queue : Size/Length/Discards) 0/256/0 Last 300 seconds input rate 0 bits/sec, 0 packets/sec Last 300 seconds output rate 0 bits/sec, 0 packets/sec Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec Input: 1124 packets,139376 bytes, 0 unicast,0 broadcast,1124 multicast 0 errors,0 drops,0 unknownprotocol Output:1121 packets,139004 bytes, 0 unicast,0 broadcast,1121 multicast 0 errors,0 drops Input bandwidth utilization : 0.00% Output bandwidth utilization : 0.00% ----------------------------------------------------PortName Status Weight ----------------------------------------------------GigabitEthernet1/0/1 UP 1 GigabitEthernet1/0/2 UP 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 2
l Run the shutdown command on GE 1/0/1 that is a member interface of the Eth-Trunk interface on UPE2 to simulate a failure of the member interface. Then, do as follows on UPEs: On UPE2, run the display vrrp command and you can see that UPE2 changes from Master to Backup and the tracked interface goes Down; run the display interface eth-trunk command and you can see that the Eth-Trunk link between the CE and UPE2 goes Down.
[UPE2] display vrrp GigabitEthernet1/0/3 | Virtual Router 1 State : Backup Virtual IP : 1.1.1.10 Master IP : 1.1.1.2 PriorityRun : 100 PriorityConfig : 140 MasterPriority : 120 Preempt : YES Delay Time : 0
Issue 01 (2011-05-30)
3-87
TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Track IF : GigabitEthernet1/0/1 priority reduced : 40 IF State : DOWN Track IF : GigabitEthernet1/0/2 priority reduced : 40 IF State : UP Track IF : GigabitEthernet1/0/4 priority reduced : 40 IF State : UP Config track link-bfd down-number : 0 [UPE2] display interface Eth-Trunk 30 Eth-Trunk30 current state : DOWN Line protocol current state : DOWN Description:HUAWEI, Eth-Trunk20 Interface Route Port,Hash arithmetic : According to flow,Maximal BW: 2G, Current BW: 0M, The Maximum Transmit Unit is 1500 Internet protocol processing : disabled IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-4c45-3500 Physical is ETH_TRUNK Current system time: 2010-08-29 20:36:10 QoS max-bandwidth : 0 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queue : Size/Length/Discards) 0/256/0 Last 300 seconds input rate 0 bits/sec, 0 packets/sec Last 300 seconds output rate 0 bits/sec, 0 packets/sec Realtime 163 seconds input rate 24 bits/sec, 0 packets/sec Realtime 163 seconds output rate 24 bits/sec, 0 packets/sec Input: 1203 packets,149172 bytes, 0 unicast,0 broadcast,1203 multicast 0 errors,0 drops,0 unknownprotocol Output:1197 packets,148428 bytes, 0 unicast,0 broadcast,1197 multicast 0 errors,0 drops Input bandwidth utilization : 0.00% Output bandwidth utilization : 0.00% ----------------------------------------------------PortName Status Weight ----------------------------------------------------GigabitEthernet1/0/1 DOWN 1 GigabitEthernet1/0/2 DOWN 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 0
On UPE1, run the display vrrp command and you can see that UPE1 changes from Backup to Master; run the display interface eth-trunk command and you can see that the Eth-Trunk link between the CE and UPE1 goes Up.
[UPE1] display vrrp GigabitEthernet1/0/3 | Virtual Router 1 State : Master Virtual IP : 1.1.1.10 Master IP : 1.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp
3-88
Issue 01 (2011-05-30)
Track IF : GigabitEthernet1/0/1 priority reduced : 40 IF State : UP Track IF : GigabitEthernet1/0/2 priority reduced : 40 IF State : UP Track IF : GigabitEthernet1/0/4 priority reduced : 40 IF State : UP Config track link-bfd down-number : 0 [UPE1] display interface Eth-Trunk 20 Eth-Trunk20 current state : UP Line protocol current state : DOWN Description:HUAWEI, Eth-Trunk20 Interface Route Port,Hash arithmetic : According to flow,Maximal BW: 2G, Current BW: 2G, The Maximum Transmit Unit is 1500 Internet protocol processing : disabled IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-6923-4900 Physical is ETH_TRUNK Current system time: 2010-08-29 20:37:18 QoS max-bandwidth : 0 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queue : Size/Length/Discards) 0/256/0 Last 300 seconds input rate 120 bits/sec, 0 packets/sec Last 300 seconds output rate 120 bits/sec, 0 packets/sec Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec Input: 1225 packets,151900 bytes, 0 unicast,0 broadcast,1225 multicast 0 errors,0 drops,0 unknownprotocol Output:1236 packets,153264 bytes, 0 unicast,0 broadcast,1236 multicast 0 errors,0 drops Input bandwidth utilization : 0.00% Output bandwidth utilization : 0.00% ----------------------------------------------------PortName Status Weight ----------------------------------------------------GigabitEthernet1/0/1 UP 1 GigabitEthernet1/0/2 UP 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 2
----End
Configuration Files
l Configuration file of the CE
# sysname CE # interface Eth-Trunk10 mode lacp-static # interface GigabitEthernet1/0/1 undo shutdown eth-trunk 10 # interface GigabitEthernet1/0/2 undo shutdown eth-trunk 10 # interface GigabitEthernet1/0/3 undo shutdown eth-trunk 10 # interface GigabitEthernet1/0/4 undo shutdown
Issue 01 (2011-05-30)
3-89

eth-trunk 10 # return
Configuration file of UPE1

# sysname UPE1 # interface Eth-Trunk20 mode lacp-static lacp track vrrp vrid 1 interface GigabitEthernet1/0/3 # interface GigabitEthernet1/0/1 undo shutdown eth-trunk 20 # interface GigabitEthernet1/0/2 undo shutdown eth-trunk 20 # interface GigabitEthernet1/0/3 undo shutdown ip address 1.1.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 1.1.1.10 admin-vrrp vrid 1 ignore-if-down vrrp vrid 1 priority 120 vrrp vrid 1 track interface GigabitEthernet1/0/1 reduced 40 vrrp vrid 1 track interface GigabitEthernet1/0/2 reduced 40 vrrp vrid 1 track interface GigabitEthernet1/0/4 reduced 40 # return

# sysname UPE2 # interface Eth-Trunk30 mode lacp-static lacp track vrrp vrid 1 interface GigabitEthernet1/0/3 # interface GigabitEthernet1/0/1 shutdown eth-trunk 30 # interface GigabitEthernet1/0/2 undo shutdown eth-trunk 30 # interface GigabitEthernet1/0/3 undo shutdown ip address 1.1.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 1.1.1.10 admin-vrrp vrid 1 ignore-if-down vrrp vrid 1 priority 140 vrrp vrid 1 track interface GigabitEthernet1/0/1 reduced 40 vrrp vrid 1 track interface GigabitEthernet1/0/2 reduced 40 vrrp vrid 1 track interface GigabitEthernet1/0/4 reduced 40 # return
3.11.5 Example for Configuring Eth-Trunk Interfaces in Static LACP Mode to Communicate over a VLL Network
3-90
Issue 01 (2011-05-30)
Establishing an Eth-Trunk between a CE and a PE can effective improve the reliability and bandwidth utilization of the link between the CE and the PE. The Eth-Trunk on the PE, however, can be bound to only one VLL. Therefore, the VCs between PEs cannot be effectively used, that is, the utilization of the bandwidths of the network between the CEs cannot be increased. After a link aggregation group between the CEs is configured, that is, the Eth-Trunk between the CEs crosses VLLs, the interfaces connecting PEs and CEs do not need to be added to the Eth-Trunk and can be added to different VLLs. LACP packets can be transparently transmitted over VLLs, and the transparent transmission paths do not interfere with each other. The EthTrunk status of the CEs is thus ensured. In this manner, the bandwidth utilization and reliability of the link between the CEs are improved. As shown in Figure 3-12, CE1 and CE2 communicate through Eth-Trunk interfaces in static LACP mode over a VLL network in Martini mode. The Eth-Trunk interface on CE1 has two member interfaces, which are connected to two interfaces on PE1 at the user side. Another two interfaces on PE1 at the network side are bound to different VLLs. That is, GE 1/0/0 on PE1 is bound to VLL1 and GE 1/0/1 is bound to VLL2. Member interfaces of the Eth-Trunk interface on CE2 are connected to GE 2/0/0s on PE2 and PE3. GE 2/0/0 on PE2 is bound to VLL1 and GE 2/0/0 on PE3 is bound to VLL2. It is required that LACP packets be transparently transmitted over the VLL network to maintain Eth-Trunk interfaces on CE1 and CE2 and untagged Layer 2 packets be transparently transmitted from CE1 to CE2. Figure 3-12 Example for configuring Eth-Trunk interfaces in static LACP mode to communicate over a VLL network
P1 Loopback4 Eth-Trunk1
GE1/0/0
PE2 Loopback2 Eth-Trunk1

GE2/0/0 GE1/0/0 GE1/0/0
Loopback1
GE2/0/0 GE1/0/0
GE1/0/0
GE2/0/0
Loopback5 CE1 GE1/0/1

GE1/0/1
Loopback3
GE1/0/0
PE1
GE2/0/1 GE1/0/0
CE2
GE2/0/0 GE1/0/1
GE2/0/0
P2
Item PE1 Interface GE 2/0/0 GE 2/0/1 Loopback1 PE2 GE 1/0/0 Loopback2 PE3 GE 1/0/0 Loopback3 P1 GE 1/0/0
PE3
IP Address 10.1.1.1/24 10.1.3.1/24 1.1.1.9/32 10.1.2.2/24 2.2.2.9/32 10.1.4.2/24 3.3.3.9/32 10.1.1.2/24
Issue 01 (2011-05-30)
3-91

GE 2/0/0 Loopback4 P2 GE 1/0/0 GE 2/0/0 Loopback5
10.1.2.1/24 4.4.4.9/32 10.1.3.2/24 10.1.4.1/24 5.5.5.9/32
The configuration roadmap is as follows: 1. 2. 3. 4. Configure a routing protocol on the devices (PEs and the Ps) on the backbone network to make them reachable to each other, and enable MPLS. Use the default tunnel policy and set up LSPs to transmit user data. Enable MPLS L2VPN on PEs and establish VCs. Create Eth-Trunk interfaces on CEs and configure the Eth-Trunk interfaces to work in static LACP mode.
Data Preparation
To complete the configuration, you need the following data: l l l VLAN ID tagged with which packets can be transmitted on links between CEs Name of the remote peer of each PE ID of each VC
Procedure
Step 1 Configure CEs. # Configure CE1 to be the LACP Actor.
<HUAWEI> system-view [HUAWEI] sysname CE1 [CE1] vlan 10 [CE1-vlan10] quit [CE1] interface eth-trunk 1 [CE1-Eth-Trunk1] quit [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] eth-trunk 1 [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 1/0/1 [CE1-GigabitEthernet1/0/1] eth-trunk 1 [CE1-GigabitEthernet1/0/0] quit [CE1] interface eth-trunk1 [CE1-Eth-Trunk1] portswitch [CE1-Eth-Trunk1] port default vlan 10 [CE1-Eth-Trunk1] mode lacp-static [CE1-Eth-Trunk1] quit [CE1] lacp priority 100
# Configure CE2 to be the LACP Partner.

<HUAWEI> system-view [HUAWEI] sysname CE2
3-92
Issue 01 (2011-05-30)
[CE2] vlan 10 [CE2-vlan10] quit [CE2] interface eth-trunk 1 [CE2-Eth-Trunk1] quit [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] eth-trunk 1 [CE2-GigabitEthernet1/0/0] quit [CE2] interface gigabitethernet 1/0/1 [CE2-GigabitEthernet1/0/1] eth-trunk 1 [CE2-GigabitEthernet1/0/0] quit [CE2] interface eth-trunk1 [CE2-Eth-Trunk1] portswitch [CE2-Eth-Trunk1] port default vlan 10 [CE2-Eth-Trunk1] mode lacp-static [CE2-Eth-Trunk1] quit
NOTE
You can configure either the same interface number or different interface numbers for Eth-Trunk interfaces on CE1 and CE2.
Step 2 Configure an IGP on the MPLS backbone network (in this example, OSPF is used). As shown in Figure 3-12, configure an IP address for each interface on PEs and P1. When configuring OSPF, note that the 32-bit loopback addresses of PE1, PE2, PE3, P1, and P2, which are used as LSR IDs, must be advertised. Configuration details are not mentioned here. After the configuration, OSPF neighbor relationships can be established between PE1, P1, and PE2 and between PE1, P2, and PE3. By running the display ospf peer command, you can view that OSPF neighbor relationships are Full. By running the display ip routing-table command, you can view that PEs have learned loopback addresses from each other. Step 3 Configure based MPLS functions and LDP on the MPLS backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface gigabitethernet [PE1-GigabitEthernet2/0/0] mpls [PE1-GigabitEthernet2/0/0] mpls [PE1-GigabitEthernet2/0/0] quit [PE1] interface gigabitethernet [PE1-GigabitEthernet2/0/1] mpls [PE1-GigabitEthernet2/0/1] mpls [PE1-GigabitEthernet2/0/1] quit
2/0/0 ldp 2/0/1 ldp
# Configure P1.
[P1] mpls lsr-id 4.4.4.9 [P1] mpls [P1-mpls] quit [P1] mpls ldp [P1-mpls-ldp] quit [P1] interface gigabitethernet [P1-GigabitEthernet1/0/0] mpls [P1-GigabitEthernet1/0/0] mpls [P1-GigabitEthernet1/0/0] quit [P1] interface gigabitethernet [P1-GigabitEthernet2/0/0] mpls [P1-GigabitEthernet2/0/0] mpls [P1-GigabitEthernet2/0/0] quit
1/0/0 ldp 2/0/0 ldp
# Configure P2.

[P2] mpls lsr-id 5.5.5.9 [P2] mpls [P2-mpls] quit [P2] mpls ldp [P2-mpls-ldp] quit [P2] interface gigabitethernet [P2-GigabitEthernet1/0/0] mpls [P2-GigabitEthernet1/0/0] mpls [P2-GigabitEthernet1/0/0] quit [P2] interface gigabitethernet [P2-GigabitEthernet2/0/0] mpls [P2-GigabitEthernet2/0/0] mpls [P2-GigabitEthernet2/0/0] quit
1/0/0 ldp 2/0/0 ldp
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] mpls [PE2-GigabitEthernet1/0/0] mpls ldp [PE2-GigabitEthernet1/0/0] quit
# Configure PE3.
Step 4 Establish remote LDP sessions between PE1 and PE2 and between PE1 and PE3. # Configure PE1.
[PE1] mpls ldp remote-peer 2.2.2.9 [PE1-mpls-ldp-remote-2.2.2.9] remote-ip 2.2.2.9 [PE1-mpls-ldp-remote-2.2.2.9] quit [PE1] mpls ldp remote-peer 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
# Configure PE3.
After the configuration, run the display mpls ldp session command on PE1 to view information about LDP sessions. You can view that both remote LDP sessions have been established. Take the display on PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv
3-94
Issue 01 (2011-05-30)
-----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:09 37/37 3.3.3.9:0 Operational DU Passive 000:00:10 40/40 4.4.4.9:0 Operational DU Passive 000:00:05 20/20 5.5.5.9:0 Operational DU Passive 000:00:06 31/31 -----------------------------------------------------------------------------TOTAL: 4 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
Step 5 Enable MPLS L2VPN on PEs and create VCs. # Configure PE1: create VC1 on GE 1/0/0 and VC2 on GE 1/0/1.
[PE1] mpls l2vpn [PE1-l2vpn] mpls l2vpn default martini [PE1-l2vpn] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] undo shutdown [PE1-GigabitEthernet1/0/0] mpls l2vc 2.2.2.9 101 [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/0] undo shutdown [PE1-GigabitEthernet1/0/1] mpls l2vc 3.3.3.9 111 [PE1-GigabitEthernet1/0/1] quit
# Configure PE2: create VC1 on GE 2/0/0.

[PE2] mpls l2vpn [PE2-l2vpn] mpls l2vpn default martini [PE2-l2vpn] quit [PE2] interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] undo shutdown [PE2-GigabitEthernet2/0/0] mpls l2vc 1.1.1.9 101 [PE2-GigabitEthernet2/0/0] quit
# Configure PE3: create VC2 on GE 2/0/0.

[PE3] mpls l2vpn [PE3-l2vpn] mpls l2vpn default martini [PE3-l2vpn] quit [PE3] interface gigabitethernet 2/0/0 [PE3-GigabitEthernet2/0/0] undo shutdown [PE3-GigabitEthernet2/0/0] mpls l2vc 1.1.1.9 111 [PE3-GigabitEthernet2/0/0] quit
Step 6 Verify the configuration. On PE1, check information about L2VPN connections. You can view that two L2VCs have been created and are in the Up state. Take the display on GE 1/0/0 as an example:
<PE1> display mpls l2vc interface gigabitethernet 1/0/0 *client interface : GigabitEthernet1/0/0 is up Administrator PW : no session state : up AC state : up VC state : up VC ID : 101 VC type : VLAN destination : 2.2.2.9 local group ID : 0 remote group ID local VC label : 146433 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding local status code : 0x0 remote AC OAM state : up remote PSN state : up
: 0 : 133121
Issue 01 (2011-05-30)
3-95

remote forwarding state: remote status code : BFD for PW : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local control word : tunnel policy name : traffic behavior name : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time : VC last up time : VC total up time : CKey : NKey : PW redundancy mode : AdminPw interface : AdminPw link state :
forwarding 0x0 unavailable not set active exist up 1500 remote VC MTU : 1500 alert lsp-ping bfd alert lsp-ping bfd disable remote control word : disable ---primary 1 tunnels/tokens , TNL ID : 0x2008007 0 days, 1 hours, 25 minutes, 29 seconds 0 days, 1 hours, 19 minutes, 52 seconds 0 days, 1 hours, 19 minutes, 52 seconds 2010/01/03 05:54:05 0 days, 1 hours, 25 minutes, 18 seconds 3 1 ----
In this case, untagged Layer 2 packets can be transparently transmitted from CE1 to CE2. ----End
Configuration Files
# sysname CE1 # vlan batch 10 # lacp priority 100 # interface GigabitEthernet1/0/0 undo shutdown eth-trunk 1 # interface GigabitEthernet1/0/1 undo shutdown eth-trunk 1 # interface Eth-Trunk1 portswitch port default vlan 10 mode lacp-static # return

# sysname CE2 # vlan batch 10 # interface GigabitEthernet1/0/0 undo shutdown eth-trunk 1 # interface GigabitEthernet1/0/1
3-96
Issue 01 (2011-05-30)
undo shutdown eth-trunk 1 # interface Eth-Trunk1 portswitch port default vlan 10 mode lacp-static # return

# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn mpls l2vpn default martini # mpls ldp # mpls ldp remote-peer 2.2.2.9 remote-ip 2.2.2.9 # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface GigabitEthernet1/0/0 undo shutdown mpls l2vc 2.2.2.9 101 # interface GigabitEthernet1/0/1 undo shutdown mpls l2vc 3.3.3.9 111 # interface GigabitEthernet2/0/0 undo shutdown ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/1 undo shutdown ip address 10.1.3.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 10.1.3.0 0.0.0.255 # return
Configuration file of P1
# sysname P1 # mpls lsr-id 4.4.4.9 mpls # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown
Issue 01 (2011-05-30)
3-97
ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip address 10.1.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack4 ip address 4.4.4.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 10.1.2.0 0.0.0.255 # return
Configuration file of P2
# sysname P2 # mpls lsr-id 5.5.5.9 mpls # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.3.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip address 10.1.4.1 255.255.255.0 mpls mpls ldp # interface LoopBack5 ip address 5.5.5.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 5.5.5.9 0.0.0.0 network 10.1.3.0 0.0.0.255 network 10.1.4.0 0.0.0.255 # return

# sysname PE2 # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn mpls l2vpn default martini # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # interface GigabitEthernet2/0/0 undo shutdown
3-98
Issue 01 (2011-05-30)
mpls l2vc 1.1.1.9 101 # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.2.2 255.255.255.0 mpls mpls ldp # interface LoopBack2 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.2.0 0.0.0.255 # return

# sysname PE3 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn mpls l2vpn default martini # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # interface GigabitEthernet2/0/0 undo shutdown mpls l2vc 1.1.1.9 111 # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.4.2 255.255.255.0 mpls mpls ldp # interface LoopBack3 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 10.1.4.0 0.0.0.255 # return
3.11.6 Example for Configuring a Layer 2 Eth-Trunk Interface to Allow VLAN Frames to Pass Through
Eth-Trunk interfaces on two devices are configured to allow all VLAN frames between the two devices to pass through, and thus the two devices can communicate with each other.
As shown in Figure 3-13, CX- A is connected to CX- B by using Eth-Trunk 1, which is a Layer 2 interface. Configure Eth-Trunk 1 to allow all VLAN frames transmitted between CX- A and CX- B to pass through.
Figure 3-13 Configuring a Layer 2 Eth-Trunk interface to allow VLAN frames to pass through
CX-A GE1/0/0 GE2/0/0 Eth-Trunk1 CX-B GE1/0/0 GE2/0/0
The configuration roadmap is as follows: 1. 2. 3. 4. Create an Eth-Trunk interface. Switch the Eth-Trunk interface to the Layer 2 mode. Configure the Eth-Trunk interface to allow VLAN frames to pass through. Add Ethernet interfaces to the Eth-Trunk interface.
Data Preparation
To complete the configuration, you need the following data: l l Two Eth-Trunk member interfaces GE 1/0/0 and GE 2/0/0 on CX- A Two Eth-Trunk member interfaces GE 1/0/0 and GE 2/0/0 on CX- B
Procedure
Step 1 Configure CX- A.
<HUAWEI> system-view [HUAWEI] sysname CX-A
# Configure VLAN IDs on the interface.

[CX-A] interface eth-trunk 1 [CX-A-Eth-Trunk1] portswitch [CX-A-Eth-Trunk1] port link-type trunk [CX-A-Eth-Trunk1] port trunk allow-pass vlan all [CX-A-Eth-Trunk1] quit
# Add GE 1/0/0 and GE 2/0/0 to Eth-Trunk 1.

[CX-A] interface gigabitethernet 1/0/0 [CX-A-GigabitEthernet1/0/0] undo shutdown [CX-A-GigabitEthernet1/0/0] eth-trunk 1 [CX-A-GigabitEthernet1/0/0] quit [CX-A] interface gigabitethernet 2/0/0 [CX-A-GigabitEthernet2/0/0] undo shutdown [CX-A-GigabitEthernet2/0/0] eth-trunk 1 [CX-A-GigabitEthernet2/0/0] quit
Step 2 Configure CX- B.

# Create Eth-Trunk 1 and configure VLAN IDs on the interface.

[CX-B] interface eth-trunk 1 [CX-B-Eth-Trunk1] portswitch [CX-B-Eth-Trunk1] port link-type trunk [CX-B-Eth-Trunk1] port trunk allow-pass vlan all
3-100
Issue 01 (2011-05-30)
[CX-B-Eth-Trunk1] quit

[CX-B] interface gigabitethernet 1/0/0 [CX-B-GigabitEthernet1/0/0] undo shutdown [CX-B-GigabitEthernet1/0/0] eth-trunk 1 [CX-B-GigabitEthernet1/0/0] quit [CX-B] interface gigabitethernet 2/0/0 [CX-B-GigabitEthernet2/0/0] undo shutdown [CX-B-GigabitEthernet2/0/0] eth-trunk 1 [CX-B-GigabitEthernet2/0/0] quit
Step 3 Verify the configuration. You can see that the interface is Up. Use the display of CX- A as an example.
[CX-A] display trunkmembership eth-trunk 1 Trunk ID: 1 used status: VALID TYPE: ethernet Working Mode : Normal Working State: Normal Number Of Ports in Trunk = 2 Number Of UP Ports in Trunk = 2 operate status: up Interface GigabitEthernet1/0/0, valid, operate up, weight=1, Interface GigabitEthernet2/0/0, valid, operate up, weight=1,
Run the display port vlan command. You can view information about the VLAN IDs allowed on the Eth-Trunk interface. Use CX- A as an example.
[CX-A] display port vlan Eth-Trunk 1 Port Link Type PVID Trunk VLAN List ----------------------------------------------------------------Eth-Trunk1 trunk 0 1-4094
----End
Configuration Files
# sysname CX-A # interface Eth-Trunk1 portswitch port link-type trunk port trunk allow-pass vlan 1 to 4094 # interface GigabitEthernet1/0/0 undo shutdown eth-trunk 1 # interface GigabitEthernet2/0/0 undo shutdown eth-trunk 1 # return

# sysname CX-B # interface Eth-Trunk1 portswitch port link-type trunk
Issue 01 (2011-05-30)
3-101
port trunk allow-pass vlan 1 to 4094 # interface GigabitEthernet1/0/0 undo shutdown eth-trunk 1 # interface GigabitEthernet2/0/0 undo shutdown eth-trunk 1 # return
3.11.7 Example for Configuring a Layer 3 Eth-Trunk Interface in Manual Load Balancing Mode
In this networking, only the configuration of the IP addresses of Layer 3 Eth-Trunk interfaces differs from that in the example for configuring an Eth-Trunk interface in manual load balancing mode.
As shown in Figure 3-14, an Eth-Trunk interface formed by bundling two GE interfaces is created between CX- A and CX- B. Figure 3-14 Networking diagram for configuring a Layer 3 Eth-Trunk interface
CX-A GE1/0/0 GE2/0/0 Eth-Trunk1 100.1.1.1/24 Eth-Trunk1 100.1.1.2/24 CX-B GE1/0/0 GE2/0/0
The configuration roadmap is as follows: 1. 2. Create an Eth-Trunk interface and configure an IP address for it. Add Ethernet interfaces to the Eth-Trunk interface.
Data Preparation
To complete the configuration, you need the following data: l l l Layer 3 GE interface through which CX- A is connected to CX- B IP address of the Eth-Trunk interface on CX- A IP address of the Eth-Trunk interface on CX- B
Procedure
3-102
Issue 01 (2011-05-30)
# Create an Eth-Trunk interface and configure an IP address for it.

[CX-A] interface eth-trunk 1 [CX-A-Eth-Trunk1] ip address 100.1.1.1 255.255.255.0 [CX-A-Eth-Trunk1] quit


# Create an Eth-Trunk interface and configure an IP addresses for it.

[CX-B] interface eth-trunk 1 [CX-B-Eth-Trunk1] ip address 100.1.1.2 255.255.255.0 [CX-B-Eth-Trunk1] quit

Step 3 Verify the configuration. Run the display interface eth-trunk command. You can see that the interface is Up. Use the display of CX- A as an example.
[CX-A] display interface eth-trunk 1 Eth-Trunk1 current state : UP Line protocol current state : UP Last line protocol up time: 2008-04-02, 11:00:19 Description : Eth-Trunk1 Interface Internet Address is 100.1.1.1/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc09-9722 Physical is ETH_TRUNK
Current system time: 2010-08-29 20:26:18

Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 1 packets,3 bytes, 7 unicast,9 broadcast,8 multicasts 10 errors,5 drops,11 unknowprotocol Output: 2 packets,4 bytes, 12 unicast,14 broadcast,13x multicasts 15 errors,6 drops ----------------------------------------------------PortName Status Weight ----------------------------------------------------GigabitEthernet1/0/0 UP 1 GigabitEthernet2/0/0 UP 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 2
Issue 01 (2011-05-30)
3-103
Eth-Trunk interfaces on CX- A and CX- B can ping through each other.
[CX-A] ping -a 100.1.1.1 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=31 Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=62 Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=62 Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=62 --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/49/62 ms
ms ms ms ms ms
----End
Configuration Files
# sysname CX-A # interface Eth-Trunk1 ip address 100.1.1.1 255.255.255.0 # interface GigabitEthernet1/0/0 undo shutdown eth-trunk 1 # interface GigabitEthernet2/0/0 undo shutdown eth-trunk 1 # return

# sysname CX-B # interface Eth-Trunk1 ip address 100.1.1.2 255.255.255.0 # interface GigabitEthernet1/0/0 undo shutdown eth-trunk 1 # interface GigabitEthernet2/0/0 undo shutdown eth-trunk 1 # return
3.11.8 Example for Configuring Inter-VLAN Communication by Using Eth-Trunk Sub-interfaces

To allow devices in different VLANs to communicate with each other, create Eth-Trunk subinterfaces on the Eth-Trunk interfaces interconnecting a router and a switch, configure the 802.1Q encapsulation mode and an IP address on each sub-interface, and associate each subinterface with a VLAN. In this manner, the devices in different VLANs can communicate with each other by using a Layer 2 switch and a router.
3-104
Issue 01 (2011-05-30)
As shown in Figure 3-15, CX- A is connected to CX- B by using Eth-Trunk 1, and CX- B is connected to CX- C by using Eth-Trunk 2. Configure VLAN 10 on CX- A and VLAN 20 on CX- C. Create a sub-interface on CX- B so that VLAN 10 and VLAN 20 can communicate by using the Eth-Trunk sub-interface. Figure 3-15 Networking diagram for configuring VLANs to communicate by using Eth-Trunk sub-interfaces
CX-A Eth-Trunk1 GE1/0/0 GE2/0/0 Eth-Trunk1.1 Eth-Trunk2.1 10.110.1.10/24 10.110.2.10/24 GE1/0/1 GE1/0/0 GE2/0/0 CX-B
VLAN10
Eth-Trunk2 CX-C GE1/0/0 GE2/0/0
GE2/0/1
VLAN20
The configuration roadmap is as follows: 1. 2. 3. On CX-B, create an Eth-Trunk sub-interface and configure an IP address for it. Configure the encapsulation mode of the Eth-Trunk sub-interface as 802.1Q and configure the associated VLANs. Configure Eth-Trunk interfaces on CX- A and CX- C as Layer 2 interfaces to allow VLAN frames to pass through.
Data Preparation
To complete the configuration, you need the following data: l l l l l l Two member interfaces GE 1/0/0 and GE 2/0/0 of a Layer 2 interface Eth-Trunk 1 on CX- A Two member interfaces GE 1/0/0 and GE 2/0/0 of a Layer 3 interface Eth-Trunk 1 on CX- B Two member interfaces GE 1/0/1 and GE 2/0/1 of a Layer 3 interface Eth-Trunk 2 on CX- B Two member interfaces GE 1/0/0 and GE 2/0/0 of a Layer 2 interface Eth-Trunk 2 on CX- C VLAN 10 associated with sub-interface Eth-Trunk 1.1 and VLAN 20 associated with EthTrunk 2.1 on CX- B IP address 10.110.1.10 of sub-interface Eth-Trunk 1.1 and IP address 10.110.2.10 of subinterface Eth-Trunk 2.1
Issue 01 (2011-05-30)
Procedure

[CX-A] interface eth-trunk 1 [CX-A-Eth-Trunk1] portswitch [CX-A-Eth-Trunk1] port link-type trunk [CX-A-Eth-Trunk1] port trunk allow-pass vlan 10 [CX-A-Eth-Trunk1] quit

Step 2 Configure CX- C.

<HUAWEI> system-view [HUAWEI] sysname CX-C

[CX-C] interface eth-trunk 2 [CX-C-Eth-Trunk2] portswitch [CX-C-Eth-Trunk2] port link-type trunk [CX-C-Eth-Trunk2] port trunk allow-pass vlan 20 [CX-C-Eth-Trunk2] quit

[CX-C] interface gigabitethernet 1/0/0 [CX-C-GigabitEthernet1/0/0] undo shutdown [CX-C-GigabitEthernet1/0/0] eth-trunk 2 [CX-C-GigabitEthernet1/0/0] quit [CX-C] interface gigabitethernet 2/0/0 [CX-C-GigabitEthernet2/0/0] undo shutdown [CX-C-GigabitEthernet2/0/0] eth-trunk 2 [CX-C-GigabitEthernet2/0/0] quit

# Create Eth-Trunk 1.
[CX-B] interface eth-trunk 1 [CX-B-Eth-Trunk1] quit

3-106
Issue 01 (2011-05-30)
# Create Eth-Trunk 1.1 and configure an IP address for it.

[CX-B] interface eth-trunk 1.1 [CX-B-Eth-Trunk1.1] ip address 10.110.1.10 24
# Configure 802.1Q as the encapsulation mode for Eth-Trunk 1.1 and associate the sub-interface with VLAN 10.
[CX-B-Eth-Trunk1.1] vlan-type dot1q 10 [CX-B-Eth-Trunk1.1] quit
# Create Eth-Trunk 2.
[CX-B] interface eth-trunk 2 [CX-B-Eth-Trunk2] quit

# Create Eth-Trunk 2.1 and configure an IP address for it.

[CX-B] interface eth-trunk 2.1 [CX-B-Eth-Trunk2.1] ip address 10.110.2.10 24
# Configure 802.1Q as the encapsulation mode for Eth-Trunk 2.1 and associate the sub-interface with VLAN 20.
[CX-B-Eth-Trunk2.1] vlan-type dot1q 20 [CX-B-Eth-Trunk2.1] quit
Step 4 Verify the configuration. On the hosts in VLAN 10, configure the IP address of the host to be in the same network segment as the address of Eth-Trunk 1.1 and configure the default gateway address as the IP address 10.110.1.10/24 of Eth-Trunk 1.1. On the host in VLAN 20, configure the IP address of the host to be in the same network segment as the address of Eth-Trunk 2.1 and configure the default gateway address as the IP address 10.110.2.10/24 of Eth-Trunk 2.1. After the configuration, the hosts between VLAN 10 and VLAN 20 can ping through each other. ----End
Configuration Files
# sysname CX-A # interface Eth-Trunk1 portswitch port link-type trunk port trunk allow-pass vlan 10 # interface GigabitEthernet1/0/0 undo shutdown eth-trunk 1
Issue 01 (2011-05-30)
3-107

# interface GigabitEthernet2/0/0 undo shutdown eth-trunk 1 # return

# sysname CX-B # interface Eth-Trunk1 # interface Eth-Trunk1.1 vlan-type dot1q 10 ip address 10.110.1.10 255.255.255.0 # interface Eth-Trunk2 # interface Eth-Trunk2.1 vlan-type dot1q 20 ip address 10.110.2.10 255.255.255.0 # interface GigabitEthernet1/0/0 undo shutdown eth-trunk 1 # interface GigabitEthernet1/0/1 undo shutdown eth-trunk 2 # interface GigabitEthernet2/0/0 undo shutdown eth-trunk 1 # interface GigabitEthernet2/0/1 undo shutdown eth-trunk 2 # return
Configuration file of CX- C

# sysname CX-C # interface Eth-Trunk2 portswitch port link-type trunk port trunk allow-pass vlan 20 # interface GigabitEthernet1/0/0 undo shutdown eth-trunk 2 # interface GigabitEthernet2/0/0 undo shutdown eth-trunk 2 # return
3.11.9 Example for Connecting an E-Trunk to a VPLS Network

Without E-Trunk, a CE can be connected to only one PE by using an Eth-Trunk link. In this case, if the Eth-Trunk link or the PE fails, the CE cannot communicate with the PE. By using E-Trunk, a CE can be dual-homed to two PEs, which implements device-level link reliability.
3-108
Issue 01 (2011-05-30)
As shown in Figure 3-16, the CE is dual-homed to PE1 and PE2 by using two Eth-Trunk links to access a VPLS network. Normally, the CE communicates with devices on the VPLS network by using PE1. If the EthTrunk link between the CE and PE1 becomes faulty, or PE1 becomes faulty, the CE is no longer able to communicate with PE1. To prevent services from being interrupted, E-Trunk needs to be deployed on PE1 and PE2 so that traffic sent by the CE can be switched from PE1 to PE2, and the CE can continue to communicate with devices on the VPLS network by using PE2. When the fault on the Eth-Trunk link between the CE and PE1 or on PE1 is rectified, traffic is switched back to PE1. In this manner, E-Trunk implements the backup of PE1 and PE2 that are in a link aggregation group, thus enhancing network stability. Figure 3-16 Networking diagram for Connecting an E-Trunk to a VPLS Network
Loopback1 1.1.1.9/32 PE1 GE1/0/1 100.1.1.1/30
Eth
un -Tr
GE1/0/1 CE GE1/0/2
Eth
E-Trunk 1
0 k1 2 / /0 E1 G
VPLS
Eth-Trunk 20
GE 1/ 0 -Tr /1 un k1 0
GE1/0/2 100.1.1.2/30 PE2
E-Trunk, as an extension of LACP, is a protocol that controls and implements link aggregation among multiple devices. E-Trunk can implement device-level link reliability, instead of boardlevel link reliability implemented by LACP. E-Trunk is mainly applied to the scenario where a CE is dual homed to two PEs to access the VPLS, VLL, or PWE3 network. In this scenario, E-Trunk is used to protect the PEs and the links between the CE and PEs through the link and PE switchover.
The configuration roadmap is as follows: 1.
Issue 01 (2011-05-30)
Configure the CE to access the VLPS network as follows:

(1) Run an IGP to ensure the connectivity of devices on the backbone network. (2) Run a routing protocol to ensure connectivity of routes on the backbone network, enable basic MPLS capabilities, and set up an LSP tunnel between the PEs. (3) Enable MPLS L2VPN on the PEs. (4) Establish a VSI and then configure the VSI. 2. Configure the E-Trunk group as follows: (1) Create an Eth-Trunk link between the CE and PE1 and between the CE and PE2 separately. Set the two Eth-Trunk interfaces to the static LACP mode and add interfaces to the two Eth-Trunk interfaces. (2) Create an E-Trunk group on PE1 and PE2 and add the two Eth-Trunk interfaces in static LACP mode to the E-Trunk group. (3) Configure the following attributes for the E-Trunk group: l Priority l LACP system ID and priority l Interval at which Hello packets are sent l Multiplier for detecting Hello packets l Local and peer IP addresses in the E-Trunk group 3. Verify the configuration.
Data Preparation
To complete the configuration, you need the following data: l l l l l l l l l VSI IDs on PEs (they must be consistent) MPLS LSR ID of each PE Names of the VSIs on PE1 and PE2 Interfaces to which the VSIs are bound E-Trunk priority E-Trunk LACP system ID and priority Eth-Trunk interface numbers and working modes Local and peer IP addresses Interval at which Hello packets are sent and multiplier for detecting Hello packets
Procedure
Step 1 Configure a VPLS network. 1. Configure an IGP for the MPLS backbone network. OSPF is used in this example. Assign an IP address to each interface on the PEs as shown in Figure 3-16. When configuring OSPF, configure PEs to advertise the 32-bit addresses of loopback interfaces. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 255.255.255.255 [PE1-LoopBack1] quit [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] undo shutdown [PE1-GigabitEthernet1/0/1] ip address 100.1.1.10 255.255.255.252 [PE1-GigabitEthernet1/0/1] quit
3-110
Issue 01 (2011-05-30)
[PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 2.2.2.9 255.255.255.255 [PE2-LoopBack1] quit [PE2] interface gigabitethernet 1/0/2 [PE2-GigabitEthernet1/0/2] undo shutdown [PE2-GigabitEthernet1/0/2] ip address 100.1.1.2 255.255.255.252 [PE2-GigabitEthernet1/0/2] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
After the configuration, PE1 and PE2 detect IP routes to the peer loopback1 by using OSPF. PE1 and PE2 can ping through each other. Use the display on PE1 as an example.
[PE1] display ip routing-table Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 6 Routes : 6 Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 1 D 100.1.1.2 GigabitEthernet1/0/1 100.1.1.0/30 Direct 0 0 D 100.1.1.10 GigabitEthernet1/0/1 100.1.1.10/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 [PE1] ping 2.2.2.9 PING 2.2.2.9: 56 data bytes, press CTRL_C to break Reply from 2.2.2.9: bytes=56 Sequence=1 ttl=255 time=260 ms Reply from 2.2.2.9: bytes=56 Sequence=2 ttl=255 time=30 ms Reply from 2.2.2.9: bytes=56 Sequence=3 ttl=255 time=50 ms Reply from 2.2.2.9: bytes=56 Sequence=4 ttl=255 time=30 ms Reply from 2.2.2.9: bytes=56 Sequence=5 ttl=255 time=60 ms --- 2.2.2.9 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 30/86/260 ms
2.
Enable basic MPLS functions and LDP on the MPLS backbone network. # Configure PE1.
# Configure PE2.
After the configuration, LDP sessions are established between the PEs. Run the display mpls ldp session command. The Status field displays Operational. Run the display mpls ldp lsp command. You can see that LDP LSPs have been established. Use the display on PE1 as an example.
[PE1] display mpls ldp session LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:00 1/1 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. [PE1] display mpls ldp lsp LDP LSP Information --------------------------------------------------------------------------------------------------DestAddress/Mask In/OutLabel NextHop OutInterface UpstreamPeer --------------------------------------------------------------------------------------------------1.1.1.9/32 3/NULL 127.0.0.1 InLoop0 2.2.2.9 *1.1.1.9/32 Liberal 2.2.2.9/32 NULL/3 100.1.1.2 GE1/0/1 2.2.2.9/32 1024/3 100.1.1.2 GE1/0/1/ 2.2.2.9 --------------------------------------------------------------------------------------------------TOTAL: 3 Normal LSP(s) Found. TOTAL: 1 Liberal LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale A '*' before a UpstreamPeer means the session is in GR state
NOTE
If PEs are indirectly connected, run the mpls ldp remote-peer command and the remote-ip command to establish remote LDP sessions between the PEs.
3.
Enable MPLS L2VPN on the PEs. # Configure PE1.

# Configure PE2.
4.
Create VSIs and specify LDP as the signaling protocol for VSIs. # Configure PE1.
[PE1] vsi ldp1 static [PE1-vsi-ldp1] pwsignal ldp
3-112
Issue 01 (2011-05-30)
[PE1-vsi-ldp1-ldp] vsi-id 2 [PE1-vsi-ldp1-ldp] peer 2.2.2.9 [PE1-vsi-ldp1-ldp] mac-withdraw enable [PE1-vsi-ldp1-ldp] interface-status-change mac-withdraw enable [PE1-vsi-ldp1-ldp] quit [PE1-vsi-ldp1] ignore-ac-state [PE1-vsi-ldp1] quit
# Configure PE2.
[PE2] vsi ldp1 static [PE2-vsi-ldp1] pwsignal ldp [PE2-vsi-ldp1-ldp] vsi-id 2 [PE2-vsi-ldp1-ldp] peer 1.1.1.9 [PE2-vsi-ldp1-ldp] mac-withdraw enable [PE2-vsi-ldp1-ldp] interface-status-change mac-withdraw enable [PE2-vsi-ldp1-ldp] quit [PE2-vsi-ldp1] ignore-ac-state [PE2-vsi-ldp1] quit
NOTE
The ignore-ac-state command is configured to prevent VSI status from being affected by the Attachment Circuit (AC) status. In this manner, the VSI can still be Up even if no AC is connected to the VSI. Exercise caution when using the ignore-ac-state command.
5.
Configure Eth-Trunk sub-interfaces on PEs and bind VSIs to AC interfaces. # Configure PE1.
[PE1] interface Eth-Trunk 10 [PE1-Eth-Trunk10] quit [PE1] interface Eth-Trunk 10.1 [PE1-Eth-Trunk10.1] vlan-type dot1q 1 [PE1-Eth-Trunk10.1] l2 binding vsi ldp1 [PE1-Eth-Trunk10.1] undo shutdown [PE1-Eth-Trunk10.1] quit
# Configure PE2.
[PE2] interface Eth-Trunk 10 [PE2-Eth-Trunk10] quit [PE2] interface Eth-Trunk 10.1 [PE2-Eth-Trunk10.1] vlan-type dot1q 1 [PE2-Eth-Trunk10.1] l2 binding vsi ldp1 [PE2-Eth-Trunk10.1] undo shutdown [PE2-Eth-Trunk10.1] quit
6.
Configure Layer 2 forwarding on the CE. # Add Eth-Trunk 20 to VLAN 1.

<HUAWEI> system-view [HUAWEI] sysname CE [CE] interface Eth-Trunk 20 [CE-Eth-Trunk20] portswitch [CE-Eth-Trunk20] quit [CE] vlan 1 [CE-vlan1] port Eth-Trunk 20 [CE-vlan1] quit [CE] interface Eth-Trunk 20 [CE-Eth-Trunk20] port trunk allow-pass vlan 1
# Configure the work mode of Eth-Trunk 20 as the static LACP mode.

[CE-Eth-Trunk20] mode lacp-static [CE-Eth-Trunk20] quit
# Add the member interface to Eth-Trunk 20.

[CE] interface gigabitethernet 1/0/1 [CE-GigabitEthernet1/0/1] undo shutdown [CE-GigabitEthernet1/0/1] eth-trunk 20 [CE-GigabitEthernet1/0/1] quit [CE] interface gigabitethernet 1/0/2 [CE-GigabitEthernet1/0/2] undo shutdown
Issue 01 (2011-05-30)
3-113
[CE-GigabitEthernet1/0/2] eth-trunk 20 [CE-GigabitEthernet1/0/2] quit
Step 2 Configure the E-Trunk. 1. Create Eth-Trunk 10 and configure the Eth-Trunk interface to work in static LACP mode. # Configure PE1.
[PE1] interface eth-trunk 10 [PE1-Eth-Trunk10] mode lacp-static [PE1-Eth-Trunk10] quit
# Configure PE2.
[PE2] interface eth-trunk 10 [PE2-Eth-Trunk10] mode lacp-static [PE2-Eth-Trunk10] quit
2.
Add interfaces to the Eth-Trunk interface. # Configure PE1.

[PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] undo shutdown [PE1-GigabitEthernet1/0/2] eth-trunk 10 [PE1-GigabitEthernet1/0/2] quit
# Configure PE2.
3.
Create an E-Trunk group and add the two static LACP Eth-Trunk interfaces to the E-Trunk group. # Configure PE1.
[PE1] e-trunk 1 [PE1-e-trunk-1] quit [PE1] interface eth-trunk 10 [PE1-Eth-Trunk10] e-trunk 1 [PE1-Eth-Trunk10] quit
# Configure PE2.
[PE2] e-trunk 1 [PE2-e-trunk-1] quit [PE2] interface eth-trunk 10 [PE2-Eth-Trunk10] e-trunk 1 [PE2-Eth-Trunk10] quit
4.
Configure E-Trunk attributes. l Configure the E-Trunk priority. # Configure PE1.

[PE1] e-trunk 1 [PE1-e-trunk-1] priority 10 [PE1-e-trunk-1] quit
# Configure PE2.
[PE2] e-trunk 1 [PE2-e-trunk-1] priority 20 [PE2-e-trunk-1] quit
l Configure the E-Trunk LACP system ID and priority. # Configure PE1.

[PE1] lacp e-trunk priority 1 [PE1] lacp e-trunk system-id 00E0-FC00-0000
# Configure PE2.
[PE2] lacp e-trunk priority 1
3-114
Issue 01 (2011-05-30)
[PE2] lacp e-trunk system-id 00E0-FC00-0000
The E-Trunk LACP system IDs and priorities configured on PE1 and PE2 must be the same. l Configure a multiple for E-Trunk to detect Hello packets. # Configure PE1.
[PE1] e-trunk 1 [PE1-e-trunk-1] timer hold-on-failure multiplier 3
# Configure PE2.
l Configure the interval at which E-Trunk members send Hello packets. # Configure PE1.
[PE1-e-trunk-1] timer hello 9
# Configure PE2.
5.
Configure the local and peer IP addresses for devices in the E-Trunk group. # Configure PE1.
[PE1-e-trunk-1] peer-address 100.1.1.2 source-address 100.1.1.10 [PE1-e-trunk-1] quit
# Configure PE2.
6.
Bind E-Trunk to a BFD session. l Create a BFD session. # Configure PE1.

[PE1] bfd [PE1-bfd] quit [PE1] bfd hello bind peer-ip 100.1.1.2 source-ip 100.1.1.10 [PE1-bfd-session-hello] discriminator local 1 [PE1-bfd-session-hello] discriminator remote 2 [PE1-bfd-session-hello] commit [PE1-bfd-session-hello] quit
The local and peer IP addresses to which the BFD session is bound must be consistent with the local and peer IP addresses of devices in the E-Trunk group. # Configure PE2.
l Bind E-Trunk to the BFD session. # Configure PE1.

[PE1] e-trunk 1 [PE1-e-trunk-1] e-trunk track bfd-session 1 [PE1-e-trunk-1] quit
# Configure PE2.
Issue 01 (2011-05-30)
3-115
After the configuration, run the display bfd session all verbose command on PE1 and PE2. The command output shows that the BFD session has been established and the session status is Up. Use the display on PE1 as an example.
[PE1] display bfd session all verbose ------------------------------------------------------------------------------Session MIndex : 256 (Multi Hop) State : Up Name : hello ------------------------------------------------------------------------------Local Discriminator : 1 Remote Discriminator : 2 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Peer IP Address Bind Session Type : Static Bind Peer IP Address : 100.1.1.2 Bind Interface : Bind Source IP Address : 100.1.1.10 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000 Actual Tx Interval (ms): Actual Rx Interval (ms): Local Detect Multi : 3 Detect Interval (ms) : Echo Passive : Disable Acl Number : Destination Port : 3784 TTL : 254 Proc Interface Status : Disable Process PST : Disable WTR Interval (ms) : Local Demand Mode : Disable Last Local Diagnostic : No Diagnostic Bind Application : E-TRUNK Session TX TmrID : Session Detect TmrID : Session Init TmrID : Session WTR TmrID : Session Echo Tx TmrID : PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0 Session Description : ------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Step 3 Verify the configuration. # Run the display eth-trunk command on the CE to check the configurations of Eth-Trunk interfaces.
[CE] display eth-trunk 20 Eth-Trunk10's state information is: Local: LAG ID: 20 WorkingMode: STATIC Preempt Delay: Disabled Hash arithmetic: According to flow System Priority: 32768 System ID: 00e0-657a-6300 Least Active-linknumber: 1 Max Active-linknumber: 16 Operate status: up Number Of Up Port In Trunk: 1 -------------------------------------------------------------------------------ActorPortName Status PortType PortPri PortNo PortKey PortState Weight GigabitEthernet1/0/1 Selected 100M 32768 128 2593 11111100 1 GigabitEthernet1/0/2 Unselect 100M 32768 129 2593 11100010 1 Partner: -------------------------------------------------------------------------------ActorPortName SysPri SystemID PortPri PortNo PortKey PortState GigabitEthernet1/0/1 1 00e0-fc00-0000 32768 129 2593 11111100 GigabitEthernet1/0/2 1 00e0-fc00-0000 32768 32896 2593 11010000
3-116
Issue 01 (2011-05-30)
The command output shows on the CE that the member interfaces GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 are in the Selected and Unselect state respectively. # Run the display e-trunk command to check configurations of the E-Trunk.
[PE1] display e-trunk 1 The E-Trunk information E-TRUNK-ID : 1 Revert-Delay-Time (s) : 120 Priority : 10 System-ID : 00e0-0f74-eb00 Peer-IP : 100.1.1.2 Source-IP : 100.1.1.10 State : Master Causation : PRI Send-Period (100ms) : 9 Fail-Time (100ms) : 27 Receive : 41 Send : 42 RecDrop : 0 SndDrop : 0 Peer-Priority : 20 Peer-System-ID : 00e0-3b6c-6100 Peer-Fail-Time (100ms) : 27 BFD-Session : 1 -------------------------------------------------------------------------------The Member information Type ID LocalPhyState Work-Mode State Causation Eth-Trunk 10 Up auto Master PEER_MEMBER_DOWN [PE2] display e-trunk 1 The E-Trunk information E-TRUNK-ID : 1 Revert-Delay-Time (s) : 120 Priority : 20 System-ID : 00e0-3b6c-6100 Peer-IP : 100.1.1.10 Source-IP : 100.1.1.2 State : Backup Causation : PRI Send-Period (100ms) : 9 Fail-Time (100ms) : 27 Receive : 43 Send : 42 RecDrop : 3 SndDrop : 0 Peer-Priority : 10 Peer-System-ID : 00e0-0f74-eb00 Peer-Fail-Time (100ms) : 27 BFD-Session : 2 -------------------------------------------------------------------------------The Member information Type ID LocalPhyState Work-Mode State Causation Eth-Trunk 10 Down auto Backup PEER_MEMBER_UP
The command output shows priority of the E-Trunk on PE1 is 10 and the E-Trunk is in the Master state. The priority of the E-Trunk on PE2 is 20 and the E-Trunk is in the Backup state. In this manner, the link backup is implemented. # Run the display vsi name ldp1 verbose command to check PW information. Use the display on PE1 as an example.
[PE1] display vsi name ldp1 verbose ***VSI Name : ldp1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Diffserv Mode : uniform Service Class : -Color : -DomainId : 255 Domain Name : Ignore AcState : enable Create Time : 0 days, 0 hours, 32 minutes, 30 seconds VSI State : up VSI ID LDP MAC-WITHDRAW *Peer Router ID VC Label Peer Type : : : : : 2 Interface-status-change Enable 2.2.2.9 19456 dynamic
Issue 01 (2011-05-30)
3-117

Session Tunnel ID Broadcast Tunnel ID CKey NKey StpEnable PwIndex Interface Name State Last Up Time Total Up Time **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID Broadcast Tunnel ID Ckey Nkey Main PW Token Slave PW Token Tnl Type OutInterface Stp Enable Mac Flapping PW Last Up Time PW Total Up Time : : : : : : : : : : : : : : : : : : : : : : : : : : : : up 0x801002 0x801002 2 1 0 0
Eth-Trunk10.1 up 2009/03/28 15:32:50 0 days, 0 hours, 8 minutes, 22 seconds
2.2.2.9 up 19456 19456 label 0x801002 0x801002 0x2 0x1 0x801002 0x0 LSP GigabitEthernet1/0/1 0 0 2009/03/28 15:12:13 0 days, 0 hours, 26 minutes, 39 seconds
The command output shows that a PW has been established between the VSI named ldp1 and PE2; both the VSI and PW are Up; the Eth-Trunk sub-interface bound to the VSI is Up. ----End
Configuration Files
l Configuration file of the CE
# sysname CE # vlan batch 1 # interface Eth-Trunk20 portswitch port default vlan 1 port trunk allow-pass vlan 1 mode lacp-static # interface GigabitEthernet1/0/1 undo shutdown eth-trunk 20 # interface GigabitEthernet1/0/2 undo shutdown eth-trunk 20 # return

# sysname PE1 # e-trunk 1 #
3-118
Issue 01 (2011-05-30)
lacp e-trunk system-id 00e0-fc00-0000 lacp e-trunk priority 1 # bfd # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 2 mac-withdraw enable interface-status-change mac-withdraw enable peer 2.2.2.9 ignore-ac-state # mpls ldp # interface Eth-Trunk10 mode lacp-static e-trunk 1 # interface Eth-Trunk10.1 vlan-type dot1q 1 l2 binding vsi ldp1 # interface GigabitEthernet1/0/1 undo shutdown ip address 100.1.1.10 255.255.255.252 mpls mpls ldp # interface GigabitEthernet1/0/2 undo shutdown eth-trunk 10 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bfd hello bind peer-ip 100.1.1.2 source-ip 100.1.1.10 discriminator local 1 discriminator remote 2 commit # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.3 # e-trunk 1 priority 10 peer-address 100.1.1.2 source-address 100.1.1.10 timer hello 9 e-trunk track bfd-session 1 # return

# sysname PE2 # e-trunk 1 # lacp e-trunk system-id 00e0-fc00-0000 lacp e-trunk priority 1 # bfd #
Issue 01 (2011-05-30)
3-119
mpls lsr-id 2.2.2.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 2 mac-withdraw enable interface-status-change mac-withdraw enable peer 1.1.1.9 ignore-ac-state # mpls ldp # interface Eth-Trunk10 mode lacp-static e-trunk 1 # interface Eth-Trunk10.1 vlan-type dot1q 1 l2 binding vsi ldp1 # interface GigabitEthernet1/0/1 undo shutdown eth-trunk 10 # interface GigabitEthernet1/0/2 undo shutdown ip address 100.1.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bfd hello bind peer-ip 100.1.1.10 source-ip 100.1.1.2 discriminator local 2 discriminator remote 1 commit # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.3 # e-trunk 1 priority 20 peer-address 100.1.1.10 source-address 100.1.1.2 timer hello 9 e-trunk track bfd-session 2 # return
3.11.10 Example for Connecting an E-Trunk to PW Redundancy

As shown in Figure 3-17, CE1 is dual-homed to PE1 and PE2 by using Eth-Trunk links to access a PWE3 network. Normally, CE1 communicates with devices on the PWE3 network by using PE1. If the EthTrunk link between CE1 and PE1 becomes faulty, or PE1 becomes faulty, CE1 is no longer able to communicate with PE1. To prevent services from being interrupted, E-Trunk needs to be deployed on PE1 and PE2 so that traffic sent by CE1 can be switched from PE1 to PE2, and CE1 can continue to communicate with devices on the PWE3 network by using PE2.
If the fault on the Eth-Trunk link between CE1 and PE1 or on PE1 is rectified, traffic is switched back to PE1. In this manner, E-Trunk implements the backup of PE1 and PE2 that are in a link aggregation group, thus enhancing network stability. Figure 3-17 Networking diagram for Connecting an E-Trunk to PW Redundancy
Loopback0 1.1.1.1/32 GE1/0/0 10.1.3.2/24
GE1/0/2 GE1/0/1 CE1
Loopback0 PE1 GE1/0/1 3.3.3.3/32 10.1.4.1/24 GE1/0/0 GE1/0/1 10.1.1.1/24 Eth-Trunk20 10.1.3.1/24 GE1/0/0 GE1/0/1 10.1.4.2/24 GE1/0/2 PE2 GE1/0/2 PE3 10.1.2.1/24 GE1/0/0 GE1/0/2 10.1.2.2/24 Loopback0 2.2.2.2/32
CE2
E-Trunk, as an extension of LACP, is a protocol that controls and implements link aggregation among multiple devices. E-Trunk implements device-level link reliability, instead of board-level link reliability implemented by LACP. E-Trunk is mainly applied to the scenario where a CE is dual-homed to two PEs to access the VPLS, VLL, or PWE3 network. In this scenario, E-Trunk is used to protect the PEs and the links between the CE and PEs by using the link and PE switchover.
The configuration roadmap is as follows: 1. Configure PW redundancy. (1) Configure an IGP to ensure connectivity of devices on the backbone network. (2) Configure a routing protocol to ensure connectivity of routes on the backbone network, enable basic MPLS capabilities, and set up an LDP LSP between PE1 and PE3, and set up another LDP LSP between PE2 and PE3. (3) Set up the remote LDP session between PE1 and PE3, and between PE2 and PE3. (4) Configure LDP FRR and Synchronization Between LDP and IGP. (5) Enable MPLS L2VPN on the PEs. (6) Configure a PW between PE1 and PE3. (7) Configure a secondary PW between PE2 and PE3. 2.
Issue 01 (2011-05-30)
Configure E-Trunk.
(1) Create an Eth-Trunk link between CE1 and PE1 and between CE1 and PE2 separately. Configure the two Eth-Trunk interfaces to work in static LACP mode and add interfaces to the two Eth-Trunk interfaces. (2) Create an E-Trunk group on PE1 and PE2 and add the two Eth-Trunk interfaces in static LACP mode to the E-Trunk group. (3) Configure the following E-Trunk attributes: l Priority l LACP system ID and priority l Interval at which Hello packets are sent l Multiplier for detecting Hello packets l Local and peer IP addresses for the E-Trunk group 3. Verify the configuration.
Data Preparation
To complete the configuration, you need the following data: l l l l l l l MPLS LSR ID of each PE VC IDs and VC-Types on PEs E-Trunk priority E-Trunk LACP system ID and priority Eth-Trunk interface numbers and working modes Local and peer IP addresses Interval at which Hello packets are sent and multiplier for detecting Hello packets
Procedure
Step 1 Configure the MPLS backbone network. 1. Configure an IGP on the MPLS backbone network. OSPF is used in this example. Assign an IP address to each interface on the PEs as shown in Figure 3-17. When configuring OSPF, configure PEs to advertise the 32-bit addresses of loopback interfaces. # Configure PE1.
<HUAWEI> system-view [HUAWEI] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.1 255.255.255.255 [PE1-LoopBack0] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] undo shutdown [PE1-GigabitEthernet1/0/0] ip address 10.1.3.2 255.255.255.0 [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] undo shutdown [PE1-GigabitEthernet1/0/1] ip address 10.1.4.1 255.255.255.0 [PE1-GigabitEthernet1/0/1] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 10.1.4.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
3-122
Issue 01 (2011-05-30)
# Configure PE2.
# Configure PE3.
After the configuration, PEs detect IP routes to the peer loopback0 by using OSPF. PE1 and PE3, PE2 and PE3 can ping through each other. Use the display on PE1 as an example.
[PE1] ping 3.3.3.3 PING 3.3.3.3: 56 data bytes, press CTRL_C to break Reply from 3.3.3.3: bytes=56 Sequence=1 ttl=255 Reply from 3.3.3.3: bytes=56 Sequence=2 ttl=255 Reply from 3.3.3.3: bytes=56 Sequence=3 ttl=255 Reply from 3.3.3.3: bytes=56 Sequence=4 ttl=255 Reply from 3.3.3.3: bytes=56 Sequence=5 ttl=255 --- 3.3.3.3 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 30/86/260 ms time=260 ms time=30 ms time=50 ms time=30 ms time=60 ms
2.
Enable basic MPLS functions and MPLS LDP on the MPLS backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp
Issue 01 (2011-05-30)
3-123

[PE1-mpls-ldp] quit [PE1] interface gigabitethernet [PE1-GigabitEthernet1/0/0] mpls [PE1-GigabitEthernet1/0/0] mpls [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet [PE1-GigabitEthernet1/0/1] mpls [PE1-GigabitEthernet1/0/1] mpls [PE1-GigabitEthernet1/0/1] quit
1/0/0 ldp 1/0/1 ldp
# Configure PE2.
1/0/0 ldp 1/0/1 ldp
# Configure PE3.
1/0/1 ldp 1/0/2 ldp
After the configuration, LDP sessions are set up. Run the display mpls ldp session command. The Status field displays Operational. Use the display on PE1 as an example.
[PE1] display mpls ldp session LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------3.3.3.3:0 Operational DU Passive 000:00:13 23/21 2.2.2.2:0 Operational DU Passive 000:00:02 1/1 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found.
3.
Configure LDP FRR and synchronization between LDP and IGP. Configure LDP FRR on PE3.
[PE3] interface gigabitethernet1/0/1 [PE3-GigabitEthernet1/0/1] mpls ldp frr nexthop 10.1.2.2
Configure synchronization between LDP and IGP. Configure PE1.

[PE1] interface gigabitethernet1/0/0
3-124
Issue 01 (2011-05-30)
[PE1-GigabitEthernet1/0/0] ospf ldp-sync [PE1-GigabitEthernet1/0/0] quit
Configure PE2.
[PE2] interface gigabitethernet1/0/0 [PE2-GigabitEthernet1/0/0] ospf ldp-sync [PE2-GigabitEthernet1/0/0] quit
Configure PE3.
[PE3-GigabitEthernet1/0/1] ospf ldp-sync [PE3-GigabitEthernet1/0/1] quit [PE3] interface gigabitethernet1/0/2 [PE3-GigabitEthernet1/0/2] ospf ldp-sync [PE3-GigabitEthernet1/0/2] quit
4.
Configure remote MPLS LDP peers. # Configure PE1.

# Configure PE2.
# Configure PE3.
[PE3] mpls ldp remote-peer 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] quit [PE3] mpls ldp remote-peer 2.2.2.2 [PE3-mpls-ldp-remote-2.2.2.2] remote-ip 2.2.2.2 [PE3-mpls-ldp-remote-2.2.2.2] quit
5.
Enable MPLS L2VPN on PEs. # Configure PE1.

# Configure PE2.
# Configure PE3.
Step 2 Configure an E-Trunk group on PE1 and PE2. 1. Configure Eth-Trunk on PE1 and PE2. # Create an Eth-Trunk interface on PE1.
[PE1] interface Eth-Trunk 20 [PE1-Eth-Trunk20] portswitch [PE1-Eth-Trunk20] mode user-termination
# Configure the Eth-Trunk interface to work in static LACP mode.

[PE1-Eth-Trunk20] mode lacp-static [PE1-Eth-Trunk20] quit
# Add an interface to the Eth-Trunk interface.

# Create an Eth-Trunk sub-interface on PE1.


[PE1] interface Eth-Trunk 20.100
# Configure QinQ termination on the Eth-Trunk sub-interface.

[PE1-Eth-Trunk20.100] [PE1-Eth-Trunk20.100] [PE1-Eth-Trunk20.100] [PE1-Eth-Trunk20.100] control-vid 100 qinq-termination qinq termination pe-vid 100 ce-vid 100 undo shutdown quit
# Configure PE2.
[PE2] interface Eth-Trunk 20 [PE2-Eth-Trunk20] portswitch [PE2-Eth-Trunk20] mode user-termination [PE2-Eth-Trunk20] mode lacp-static [PE2-Eth-Trunk20] quit [PE2] interface gigabitethernet 1/0/2 [PE2-GigabitEthernet1/0/2] undo shutdown [PE2-GigabitEthernet1/0/2] eth-trunk 20 [PE2-GigabitEthernet1/0/2] quit [PE2] interface Eth-Trunk 20.100 [PE2-Eth-Trunk20.100] control-vid 100 qinq-termination [PE2-Eth-Trunk20.100] qinq termination pe-vid 100 ce-vid 100 [PE2-Eth-Trunk20.100] undo shutdown [PE2-Eth-Trunk20.100] quit
2.
Configure Eth-Trunk on CE1. # Add Eth-Trunk 20 to VLAN 100.

<HUAWEI> system-view [HUAWEI] sysname CE1 [CE1] interface Eth-Trunk 20 [CE1-Eth-Trunk20] portswitch [CE1-Eth-Trunk20] quit [CE1] vlan 100 [CE1-vlan100] port Eth-Trunk 20 [CE1-vlan100] quit [CE1] interface Eth-Trunk 20 [CE-Eth-Trunk20] port trunk allow-pass vlan 100
# Configure Eth-Trunk 20 to work in static LACP mode.

[CE1-Eth-Trunk20] mode lacp-static [CE1-Eth-Trunk20] quit
# Add interfaces to Eth-Trunk 20.

[CE1] interface gigabitethernet 1/0/1 [CE1-GigabitEthernet1/0/1] undo shutdown [CE1-GigabitEthernet1/0/1] eth-trunk 20 [CE1-GigabitEthernet1/0/1] quit [CE1] interface gigabitethernet 1/0/2 [CE1-GigabitEthernet1/0/2] undo shutdown [CE1-GigabitEthernet1/0/2] eth-trunk 20 [CE1-GigabitEthernet1/0/2] quit
3.
Create an E-Trunk group on PE1 and PE2, and add the two Eth-Trunk interfaces in static LACP mode to the E-Trunk group. # Configure PE1.
[PE1] e-trunk 1 [PE1-e-trunk-1] quit [PE1] interface eth-trunk 20 [PE1-Eth-Trunk20] e-trunk 1
# Configure E-Trunk system ID. The system IDs of devices in the same E-Trunk group must be the same.
[PE1-Eth-Trunk20] quit [PE1] lacp e-trunk system-id 0000-0000-0001
# Configure PE2.
[PE2] e-trunk 1 [PE2-e-trunk-1] quit
3-126
Issue 01 (2011-05-30)
[PE2] interface eth-trunk 20 [PE2-Eth-Trunk20] e-trunk 1 [PE2-Eth-Trunk20] quit [PE2] lacp e-trunk system-id 0000-0000-0001
4.
Configure E-Trunk attributes. l Configure the E-Trunk priority and specify the local and peer IP addresses. # Configure PE1. Configure the E-Trunk priority.
[PE1] e-trunk 1 [PE1-e-trunk-1] priority 10
Specify the local and peer IP addresses for the E-Trunk group.
# Configure PE2. Configure the E-Trunk priority.

[PE2] e-trunk 1 [PE2-e-trunk-1] priority 20 [PE2-e-trunk-1] peer-address 1.1.1.1 source-address 2.2.2.2 [PE2-e-trunk-1] quit
l Configure the E-Trunk LACP priority. The LACP priorities of devices in the same E-Trunk group must be the same. # Configure PE1.
# Configure PE2.
l Configure the multiple for the E-Trunk group to detect Hello packets. # Configure PE1.
# Configure PE2.
l Configure the interval at which Hello packets are sent. # Configure PE1.
# Configure PE2.
l Set the revert delay for the E-Trunk group. # Configure PE1.
[PE1-e-trunk-1] timer revert delay 0 [PE1-e-trunk-1] quit
# Configure PE2.
[PE2-e-trunk-1] timer revert delay 0 [PE2-e-trunk-1] quit
5.
Bind the E-Trunk group to a BFD session. l Create a BFD session. # Configure PE1.
[PE1] bfd
Issue 01 (2011-05-30)
3-127
[PE1-bfd] quit [PE1] bfd hello bind peer-ip 2.2.2.2 source-ip 1.1.1.1 [PE1-bfd-session-hello] discriminator local 1 [PE1-bfd-session-hello] discriminator remote 2 [PE1-bfd-session-hello] commit [PE1-bfd-session-hello] quit
The local and peer IP addresses to which the BFD session is bound must be consistent with the local and peer IP addresses for the E-Trunk group. # Configure PE2.
l Bind the E-Trunk group to the BFD session. # Configure PE1.

# Configure PE2.
# After the configuration, run the display bfd session all verbose command on PE1 and PE2. The command output shows that the BFD session has been established and the session is Up. Use the display on PE1 as an example.
[PE1] display bfd session all verbose ------------------------------------------------------------------------------Session MIndex : 256 (Multi Hop) State : Up Name : hello ------------------------------------------------------------------------------Local Discriminator : 1 Remote Discriminator : 2 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Peer IP Address Bind Session Type : Static Bind Peer IP Address : 2.2.2.2 Bind Interface : Bind Source IP Address : 1.1.1.1 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000 Actual Tx Interval (ms): Actual Rx Interval (ms): Local Detect Multi : 3 Detect Interval (ms) : Echo Passive : Disable Acl Number : Destination Port : 3784 TTL : 254 Proc Interface Status : Disable Process PST : Disable WTR Interval (ms) : Local Demand Mode : Disable Last Local Diagnostic : No Diagnostic Bind Application : E-TRUNK Session TX TmrID : Session Detect TmrID : Session Init TmrID : Session WTR TmrID : Session Echo Tx TmrID : PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0 Session Description : -------------------------------------------------------------------------------
3-128
Issue 01 (2011-05-30)
Total UP/DOWN Session Number : 1/0
Step 3 Configure PW. # Configure PE1.

[PE1] interface Eth-Trunk20.100 [PE1-Eth-Trunk20.100] mpls l2vc 3.3.3.3 103
# Configure PE2.
[PE2] interface Eth-Trunk20.100 [PE2-Eth-Trunk20.100] mpls l2vc 3.3.3.3 203
# Configure PE3.
[PE3] interface GigabitEthernet1/0/0.100 [PE3-GigabitEthernet1/0/0.100] control-vid 100 qinq-termination [PE3-GigabitEthernet1/0/0.100] qinq termination pe-vid 100 ce-vid 100 [PE3-GigabitEthernet1/0/0.100] mpls l2vc 1.1.1.1 103 [PE3-GigabitEthernet1/0/0.100] mpls l2vc 2.2.2.2 203 secondary [PE3-GigabitEthernet1/0/0.100] mpls l2vpn redundancy independent
Step 4 Verify the configuration. # Run the display eth-trunk command on CE1. You can view the configurations of Eth-Trunk interfaces.
[CE1] display eth-trunk 20 Eth-Trunk20's state information is: Local: LAG ID: 20 WorkingMode: STATIC Preempt Delay: Disabled Hash arithmetic: According to flow System Priority: 32768 System ID: 00e0-657a-6300 Least Active-linknumber: 1 Max Active-linknumber: 16 Operate status: up Number Of Up Port In Trunk: 1 -------------------------------------------------------------------------------ActorPortName Status PortType PortPri PortNo PortKey PortState Weight GigabitEthernet1/0/1 Selected 100M 32768 128 2593 11111100 1 GigabitEthernet1/0/2 Unselect 100M 32768 129 2593 11100010 1 Partner: -------------------------------------------------------------------------------ActorPortName SysPri SystemID PortPri PortNo PortKey PortState GigabitEthernet1/0/1 1 0000-0000-0001 32768 129 2593 11111100 GigabitEthernet1/0/2 1 0000-0000-0001 32768 32896 2593 11010000
On CE1, the command output shows that the member interfaces GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 are in the Selected and Unselect state respectively. # Run the display e-trunk command. You can view the configurations of the E-Trunk group.
[PE1] display e-trunk 1 The E-Trunk information E-TRUNK-ID : 1 Revert-Delay-Time (s) : 0 Priority : 10 System-ID : 0018-82d7-b58b Peer-IP : 2.2.2.2 Source-IP : 1.1.1.1 State : Master Causation : PRI Send-Period (100ms) : 9 Fail-Time (100ms) : 27 Receive : 41 Send : 42 RecDrop : 0 SndDrop : 0 Peer-Priority : 20 Peer-System-ID : 0018-82f7-c752 Peer-Fail-Time (100ms) : 27 BFD-Session : 1 --------------------------------------------------------------------------------
Issue 01 (2011-05-30)
3-129
The Member information Type ID LocalPhyState Work-Mode State Causation Eth-Trunk 20 Up auto Master PEER_MEMBER_DOWN [PE2] display e-trunk 1 The E-Trunk information E-TRUNK-ID : 1 Revert-Delay-Time (s) : 0 Priority : 20 System-ID : 0018-82f7-c752 Peer-IP : 1.1.1.1 Source-IP : 2.2.2.2 State : Backup Causation : PRI Send-Period (100ms) : 9 Fail-Time (100ms) : 27 Receive : 43 Send : 42 RecDrop : 3 SndDrop : 0 Peer-Priority : 10 Peer-System-ID : 0018-82d7-b58b Peer-Fail-Time (100ms) : 27 BFD-Session : 2 -------------------------------------------------------------------------------The Member information Type ID LocalPhyState Work-Mode State Causation Eth-Trunk 20 Down auto Backup PEER_MEMBER_UP
The command output shows that the E-Trunk priority of PE1 is 10 and PE1 is in the Master state. The E-Trunk priority of PE2 is 20 and PE2 is in the Backup state. In this manner, link backup is implemented. # Run the display mpls l2vc brief command. You can view the PW status. Use the display on PE3 as an example.
[PE3] display mpls l2vc brief Total ldp vc : 2 2 up *Client Interface Administrator PW AC status VC State VC ID VC Type session state Destination link state *Client Interface Administrator PW AC status VC State VC ID VC Type session state Destination link state : : : : : : : : : : : : : : : : : : 0 down
GigabitEthernet1/0/0.100 no up up 103 VLAN up 1.1.1.1 up GigabitEthernet1/0/0.100 no up up 203 VLAN up 2.2.2.2 up
The command output shows that the PWs have been established. ----End
Configuration Files
# sysname CE1 # vlan batch 1 # interface Eth-Trunk20 portswitch port trunk allow-pass vlan 100 mode lacp-static #
3-130
Issue 01 (2011-05-30)
interface GigabitEthernet1/0/1 undo shutdown eth-trunk 20 # interface GigabitEthernet1/0/2 undo shutdown eth-trunk 20 # return

# sysname PE1 # e-trunk 1 # lacp e-trunk priority 1 # bfd # mpls lsr-id 1.1.1.1 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 3.3.3.3 remote-ip 3.3.3.3 undo remote-ip pwe3 # interface Eth-Trunk20 portswitch mode user-termination mode lacp-static e-trunk 1 lacp e-trunk system-id 0000-0000-0001 # interface Eth-Trunk20.100 control-vid 100 qinq-termination qinq termination pe-vid 100 ce-vid 100 mpls l2vc 3.3.3.3 103 # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.3.2 255.255.255.0 ospf ldp-sync mpls mpls ldp # interface GigabitEthernet1/0/1 undo shutdown ip address 10.1.4.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/2 undo shutdown eth-trunk 20 # interface LoopBack0 ip address 1.1.1.1 255.255.255.255 # bfd hello bind peer-ip 2.2.2.2 source-ip 1.1.1.1 discriminator local 1 discriminator remote 2 commit # ospf 1 area 0.0.0.0
Issue 01 (2011-05-30)
3-131

network 1.1.1.1 0.0.0.0 network 10.1.3.0 0.0.0.255 network 10.1.4.0 0.0.0.255
# e-trunk 1 priority 10 peer-address 2.2.2.2 source-address 1.1.1.1 timer hello 9 timer hold-on-failure multiplier 3 timer revert delay 0 e-trunk track bfd-session 1 # return

# sysname PE2 # e-trunk 1 # lacp e-trunk priority 1 # bfd # mpls lsr-id 2.2.2.2 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 3.3.3.3 remote-ip 3.3.3.3 undo remote-ip pwe3 # interface Eth-Trunk20 portswitch mode user-termination mode lacp-static e-trunk 1 lacp e-trunk system-id 0000-0000-0001 # interface Eth-Trunk20.100 control-vid 100 qinq-termination qinq termination pe-vid 100 ce-vid 100 mpls l2vc 3.3.3.3 203 # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.2.2 255.255.255.0 ospf ldp-sync mpls mpls ldp # interface GigabitEthernet1/0/1 undo shutdown ip address 10.1.4.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/2 undo shutdown eth-trunk 20 # interface LoopBack0 ip address 2.2.2.2 255.255.255.255 # bfd hello bind peer-ip 1.1.1.1 source-ip 2.2.2.2 discriminator local 2 discriminator remote 1
3-132
Issue 01 (2011-05-30)
commit # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 10.1.2.0 0.0.0.255 network 10.1.4.0 0.0.0.255 # e-trunk 1 priority 20 peer-address 1.1.1.1 source-address 2.2.2.2 timer hello 9 timer hold-on-failure multiplier 3 timer revert delay 0 e-trunk track bfd-session 2 # return

# sysname PE3 # mpls lsr-id 2.2.2.2 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 1.1.1.1 remote-ip 1.1.1.1 undo remote-ip pwe3 # mpls ldp remote-peer 2.2.2.2 remote-ip 2.2.2.2 undo remote-ip pwe3 # interface GigabitEthernet1/0/1 undo shutdown ip address 10.1.3.1 255.255.255.0 ospf ldp-sync mpls mpls ldp mpls ldp frr nexthop 10.1.2.2 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.2.1 255.255.255.0 ospf ldp-sync mpls mpls ldp # interface GigabitEthernet1/0/0.100 undo shutdown control-vid 100 qinq-termination qinq termination pe-vid 100 ce-vid 100 mpls l2vc 1.1.1.1 103 mpls l2vc 2.2.2.2 203 secondary mpls l2vpn redundancy independent # interface LoopBack0 ip address 3.3.3.3 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 10.1.2.0 0.0.0.255 network 10.1.3.0 0.0.0.255
Issue 01 (2011-05-30)
3-133

# return
3-134
Issue 01 (2011-05-30)
4 VLAN Configuration
4
About This Chapter
VLAN Configuration
Virtual Local Area Networks (VLANs) have advantages of broadcast domain isolation, security enhancement, flexible networking, and good extensibility. 4.1 VLAN Introduction The VLAN technology logically divides a physical LAN into multiple broadcast domains (VLANs). 4.2 Configuring a VLAN Based on Ports Configuring a VLAN based on ports allows PCs in the VLAN to communicate with each other. 4.3 Creating a VLANIF Interface VLANIF interfaces are Layer 3 logical interfaces. After creating VLANIF interfaces on Layer 2 devices, you can configure Layer 3 features on these interfaces. 4.4 Configuring Inter-VLAN Communication Configuring inter-VLAN communication allows users in different VLANs to communicate with each other. Currently, the CX600 supports several inter-VLAN communication schemes. Choose one of them as required. 4.5 Configuring VLAN Security Attributes Configuring VLAN security attributes ensures reliable transmission of user data. Currently, the CX600 supports several security attributes. You can configure security attributes as required. 4.6 Configuring VLAN Aggregation to Save IP Addresses VLAN aggregation prevents the waste of IP addresses and implements inter-VLAN communication. 4.7 Configuring VLAN Policy-based VPN Access VLAN policy-based VPN access allows VLLs, VSIs, or VPN instances to transmit separate services. Currently, the CX600 supports several VLAN policy-based VPN access schemes. Choose one of them as required. 4.8 Configuring Interface Isolation in a VLAN After interface isolation in a VLAN is configured, interfaces in the VLAN cannot communicate with each other. To have isolated interfaces communicate with each other, you need to configure ARP proxy in the VLAN. In this manner, you can monitor traffic in the VLAN at Layer 3.
4.9 Configuring the Isolation Based on Interface Groups in a VLAN You can isolate interfaces in a VLAN by adding interfaces to different interface groups. 4.10 Configuring Ethernet Loop Detection for a VLAN In the case of an uncontrollable user network, the CX600 supports the deployment of Ethernet loop detection on the provider's network to prevent loops in a VLAN. 4.11 Maintaining VLAN A command of clearing statistics helps to locate the faults in a VLAN. 4.12 Configuration Examples This section describes the typical application scenarios of VLANs, including networking requirements, configuration roadmap, and data preparation, and provides related configuration files.
4-2
Issue 01 (2011-05-30)
4.1 VLAN Introduction

The VLAN technology logically divides a physical LAN into multiple broadcast domains (VLANs). 4.1.1 Introduction The VLAN technology is important for forwarding on Layer 2 networks. This section describes the background, functions, and advantages of the VLAN technology. 4.1.2 VLAN Features Supported by the CX600 This section describes VLAN features supported by the CX600 in light of better understanding the process of configuring VLANs.
4.1.1 Introduction
The VLAN technology is important for forwarding on Layer 2 networks. This section describes the background, functions, and advantages of the VLAN technology.
Overview of VLAN
The Ethernet technology is for sharing communication mediums and data based on the Carrier Sense Multiple Access/Collision Detect (CSMA/CD). If there are a large number of PCs on an Ethernet network, collision becomes a serious problem and can lead to broadcast storms. As a result, network performance deteriorates. This can even cause the Ethernet network to become unavailable. Switches can be used to interconnect local area networks (LANs). Switches forward information received by inbound ports to specified outbound ports, thereby preventing access collision in a shared medium. If no specified outbound port is found for information received by an inbound port, the switch will forward the information from all ports except the inbound port. This forms a broadcast domain. To prevent broadcast domains from being too broad and causing problems, you can divide a network into segments. In this manner, a large broadcast domain is divided into multiple small broadcast domains to confine the possible scope of broadcast packets. Routers can be deployed at the network layer to separate broadcast domains, but this method has disadvantages, which include: complex network planning, inflexible networking, and high levels of expenditure. The Virtual Local Area Network (VLAN) technology can divide a large Layer 2 network into broadcast domains to prevent broadcast storms and protect network security.
Definition of VLAN
The VLAN technology is used to divide a physical LAN into multiple logical broadcast domains, each of which is called a VLAN. Each VLAN contains a group of PCs that have the same requirements. A VLAN has the same attributes as a LAN. PCs of a VLAN can be placed on different LAN segments. If two PCs are located on one LAN segment but belong to different VLANs, they do not broadcast packets to each other. With VLAN, the broadcast traffic volume is reduced; fewer devices are required; network management is simplified; and network security is improved. Figure 4-1 shows a typical VLAN application. Three switches are placed in different locations, for example, different stories of an office building. If each enterprise builds up a LAN, a high level of expenditure is required. If enterprises in the office building use the existing LAN, enterprise information security cannot be guaranteed. The VLAN technology allows enterprises to share LAN facilities and ensures information security for each enterprise network.
Figure 4-1 Schematic diagram for a typical VLAN application
CX
Switch1
Switch2
Switch3
VLAN-A VLAN-B VLAN-C
This application shows the following VLAN advantages: l l l l Broadcast domains are confined. A broadcast domain is confined to a VLAN. This saves bandwidth and improves network processing capabilities. Network security is enhanced. Packets from different VLANs are separately transmitted. PCs in one VLAN cannot directly communicate with PCs in another VLAN. Network robustness is improved. A fault in a VLAN does not affect PCs in other VLANs. Virtual groups are set up flexibly. With the VLAN technology, PCs in different geographical areas can be grouped together. This facilitates network construction and maintenance.
Basic VLAN Concepts and Principles

l 802.1Q and VLAN frame format A conventional Ethernet frame is encapsulated with the Length/Type field for an upperlayer protocol following the Destination address and Source address fields, as shown in Figure 4-2. Figure 4-2 Conventional Ethernet frame format
IEEE 802.1Q is an Ethernet networking standard for a specified Ethernet frame format. It adds a 32-bit field between the Source address and the Length/Type fields of the original frame, as shown in Figure 4-3.
Figure 4-3 802.1Q frame format
6 bytes 6 bytes 4 bytes 2 bytes 42-1500 bytes 4 bytes Destination Source 802.1Q Length/ Data FCS Tag Type address address
TPID
PRI
CFI
VID
2 bytes 3bits 1bit 12bits
Tag Protocol Identifier (TPID): a 16-bit field set to a value of 0x8100 in order to identify the frame as an IEEE 802.1Q-tagged frame. If an 802.1Q-incapable device receives an 802.1Q frame, it will discard the frame. Priority (PRI): a 3-bit field which indicates the frame priority. The value ranges from 0 to 7. The greater the value, the higher the priority. These values can be used to prioritize different classes of traffic to ensure that frames with high priorities are transmitted first when traffic is heavy. For details, see the CX600 Configuration Guide - QoS. Canonical Format Indicator (CFI): a 1-bit field. If the value of this field is 1, the MAC address is in the non-canonical format. If the value is 0, the MAC address is in the canonical format. CFI is used to ensure compatibility between Ethernet networks and Token Ring networks. It is always set to zero for Ethernet switches. VLAN Identifier (VID): a 12-bit field specifying the VLAN to which the frame belongs. On the CX600, VLAN IDs range from 0 to 4095. The values 0 and 4095 are reserved, and therefore VLAN IDs range from 1 to 4094. Each frame sent by an 802.1Q-capable switch carries a VLAN ID. On a VLAN, Ethernet frames are classified into the following types: Tagged frames: frames with 32-bits 802.1Q tags. Untagged frames: frames without 32-bits 802.1Q tags. l Type of VLAN links
Issue 01 (2011-05-30)
4-5
Figure 4-4 Schematic diagram for VLAN links
VLAN3 PC3
VLAN3 PC4
Access link 3 3 2 CE1 Trunk link PE 2 Access link Trunk link 3 2 CE2
PC3 VLAN2
PC4 VLAN2
As shown in Figure 4-4, there are the following types of VLAN links: Access link: connects a PC to a switch. Generally, a PC does not know which VLAN it belongs to, and PC hardware cannot distinguish frames with VLAN tags. Therefore, PCs send and receive only untagged frames. Trunk link: connects a switch to another switch or to a router. Data of different VLANs are transmitted along a trunk link. The two ends of a trunk link must be able to distinguish frames with VLAN tags. Therefore, only tagged frames are transmitted along trunk links. l Port types Table 4-1 lists VLAN port types.
4-6
Issue 01 (2011-05-30)
Table 4-1 Port types Port Type Method of Processing Received Untagged Frames Accepts an untagged frame and adds a tag with the default VLAN ID to the frame. Method of Processing Received Tagged Frames l Accepts a tagged frame if the VLAN ID carried in the frame is the same as the default VLAN ID. l Discards a tagged frame if the VLAN ID carried in the frame is different from the default VLAN ID. Method of Sending Frames Application
Access port
Removes the tag from a frame and sends the frame.
An access port connects a switch to a PC and can be added to only one VLAN.
Issue 01 (2011-05-30)
4-7
Port Type
Method of Processing Received Untagged Frames Discards the frame.
Method of Processing Received Tagged Frames l Accepts a tagged frame if the port permits the VLAN ID carried in the frame. l Discards a tagged frame if the port denies the VLAN ID carried in the frame.
Method of Sending Frames
Application
Trunk port
l Removes the tag from a received frame and sends the frame if the VLAN ID carried in the frame is the same as the default VLAN ID and permitted by the port. l Directly sends a received frame if the VLAN ID carried in the frame is different from the default VLAN ID but permitted by the port.
A trunk port can be added to multiple VLANs to send and receive frames for these VLANs. A trunk port connects a switch to another switch or to a router.
Hybrid port
Sends a received frame if the port permits the VLAN ID carried in the frame. A specified command can be used to determine whether a hybrid port sends frames with or without tags.
A hybrid port can be added to multiple VLANs to send and receive frames for these VLANs. A hybrid port can connect a switch to a PC or connect a network device to another network device.
4-8
Issue 01 (2011-05-30)
Port Type
Method of Processing Received Untagged Frames
Method of Processing Received Tagged Frames
Application
QinQ port
QinQ ports are enabled with the IEEE 802.1QinQ protocol. A QinQ port adds a tag to a single-tagged frame, and thus supports a maximum of 4094 x 4094 VLAN tags, which meets the requirement of a Metropolitan Area Network (MAN)for the number of VLANs. For details about QinQ, see 5 QinQ Configuration.
Each access, trunk, hybrid, or QinQ port can be configured with a default VLAN, namely, the port default VLAN ID (PVID) to specify the VLAN to which the port belongs. The PVID of an access port indicates the VLAN to which the port belongs. As a trunk or hybrid port can be added to multiple VLANs, the port must be configured with PVIDs. By default, a port is added to VLAN 0. l Principle for data switching in a VLAN Use the network shown in Figure 4-4 as an example. If PC 1 in VLAN 2 intends to send data to PC 2, the data is forwarded as follows: 1. An access port on CE 1 receives an untagged frame from PC 1 and adds a PVID (VLAN 2) to the frame. CE 1 searches the MAC address table for an outbound port.
NOTE
Assume that VLANs are configured based on MAC addresses. After an access port on CE 1 receives an untagged frame from PC 1, the port checks the VLAN mapping table for a VLAN ID corresponding to the source MAC address, and adds a tag with the obtained VLAN ID to the frame.
2.
After the trunk port on CE 1 and PE receives the frame, the port checks whether the VLAN ID carried in the frame is the same as that configured on the port. If the VLAN ID has been configured on the port, the port transparently transmits the frame to CE 2. If the VLAN ID is not configured on the port, the port discards the frame. After a trunk port on CE 2 receives the frame, the system searches the MAC address table for an outbound port. After the frame is sent to the access port connecting CE 2 to PC 2, the port checks that the VLAN ID carried in the frame is the same as that configured on the port. The port then removes the tag from the frame and sends the untagged frame to PC 2.
3. 4.
VLANIF interface A VLANIF interface is a Layer 3 logical interface, which can be configured on either a Layer 3 switch or a router. Layer 3 switching combines routing and switching techniques to implement routing on a switch, thus improving the overall network performance. After sending the first data flow, a Layer 3 switch generates mappings between MAC addresses and IP addresses. To send the same data flow, the switch directly sends the data flow at Layer 2 but not Layer 3 based on this mapping table. In this manner, delays on the network caused by route selection are eliminated, thus improving data forwarding efficiency. Layer 3 switches have both switching and routing functions.
Issue 01 (2011-05-30)
4-9
To allow that new data flows are correctly forwarded based on the routing table, be sure that the routing table's routing entries are correct. Therefore, VLANIF interfaces and routing protocols must be configured on Layer 3 switches for reachable Layer 3 routes.
NOTE
Key points are summarized as follows: l l A PC does not need to know the VLAN to which it belongs. It sends only untagged frames. After receiving an untagged frame from a PC, a switching device determines the VLAN to which the frame belongs. The determination is based on the configured VLAN division method such as port information, and then the switching device processes the frame accordingly. If the frame needs to be forwarded to another switching device, the frame must be transparently transmitted along a trunk link. Frames transmitted along trunk links must carry VLAN tags to allow other switching devices to properly forward the frame based on the VLAN information. Before sending the frame to the destination PC, the switching device connected to the destination PC removes the VLAN tag from the frame to ensure that the PC receives an untagged frame.
Generally, only tagged frames are transmitted on trunk links; only untagged frames are transmitted on access links. In this manner, switching devices on the network can properly process VLAN information and PCs are not concerned about VLAN information.
4.1.2 VLAN Features Supported by the CX600

This section describes VLAN features supported by the CX600 in light of better understanding the process of configuring VLANs. The VLAN technology helps set up virtual groups to separate broadcast domains and implements both intra-VLAN and inter-VLAN communication. 1. 2. After VLANs are configured, users in a VLAN can communicate with each other. In addition to intra-VLAN communication, users in different VLANs need to communicate with each other sometimes.
NOTE
Intra-VLAN communication and inter-VLAN communication are basic VLAN functions.
3. 4.
Security configurations are required to ensure reliable VLAN data transmission. The following VLAN features are also supported to meet requirements of special applications and extended functions: l VLAN aggregation: prevents the waste of IP addresses and implements inter-VLAN communication. l VLAN policy: allows user traffic of different types in a VPN to be distinguished and reasonably scheduled on the backbone network. This provides better service quality experience for users.
Port-based VLAN Division

Ports on Layer 2 switches can be added to a specific VLAN to forward frames of the VLAN. PCs in the VLAN can directly communicate with each other, whereas PCs in different VLANs cannot directly communicate with each other. In this manner, broadcast packets are forwarded only within a single VLAN. To classify VLANs based on ports, you only need to add ports on Layer 2 switches to VLANs. Port-based VLAN classification is applicable to large-scale and topology-stable networks.
Inter-VLAN Communication
After VLANs are configured, users in a VLAN can communicate with each other. Users in different VLANs cannot directly communicate with each other. Table 4-2 lists schemes for interVLAN communication. Table 4-2 Schemes for inter-VLAN communication Inter-VLAN Communica tion Scheme Sub-interface Advantage Disadvantage Usage Scenario
After sub-interfaces are configured, users in different VLANs and network segments can communicate with each other as long as routes are reachable.
l Both Layer 2 and Layer 3 devices are required, which increases expenditure. l If multiple users on a network belong to different VLANs, each VLAN requires a sub-interface on a Layer 3 device. Each sub-interface needs to be assigned an IP address. This increases configuration workload and uses up a large number of IP addresses. If multiple users on a network belong to different VLANs, each VLAN requires a VLANIF interface. Each VLANIF interface needs to be assigned an IP address. This increases configuration workload and uses a lot of IP addresses.
This scheme is applicable to smallscale networks on which users belong to different network segments.
VLANIF interface
After VLANIF interfaces are configured, users in different VLANs and network segments can communicate with each other as long as routes are reachable. Inter-VLAN communication can also be implemented by Layer 3 switches if routes are reachable. This scheme boasts of low operating costs.
This scheme is applicable to smallscale networks on which users belong to different network segments and IP addresses of these users are seldom changed.
Issue 01 (2011-05-30)
4-11
Inter-VLAN Communica tion Scheme VLAN mapping
Advantage
Disadvantage
Usage Scenario
This scheme is easily configured and does not rely on routes.
IP addresses of users in different VLANs must belong to the same network segment.
This scheme is applicable to largescale networks on which multiple users belong to one network segment.
VLAN Security Deployment

Table 4-3 lists schemes that can be deployed to ensure reliable transmission of VLAN data. Table 4-3 Security schemes for VLANs Securit y Schem e Disabli ng a port from broadca sting packets to other ports in the same VLAN Description Advantage Disadvantage Usage Scenario
If a port in a VLAN receives a broadcast or unknown unicast packet, it will broadcast the packet to other ports in the VLAN. If the broadcast or unknown unicast packet is malicious, system resources waste and device performance deteriorates or even the device malfunctions. Disabling the port from broadcasting packets to other ports in the VLAN prevents malicious attacks.
This security scheme is applicable to topology-stable networks or networks on which MAC addresses are configured and forwarding paths are specified.
4-12
Issue 01 (2011-05-30)
Securit y Schem e Disabli ng MAC address learning in a VLAN
Description
Advantage
Disadvantage
Usage Scenario
l If a device has only one inbound port and one outbound port, MAC address learning in a VLAN can be disabled. l This security scheme is applicable to networks that are no longer accommodatin g new users.
l MAC address entries are saved. l Security is guaranteed because no new users will be connected to the network.
This security scheme requires that the network has fixed users and forwarding paths have been established by using dynamic MAC address learning or by manually configuring MAC addresses. If there are a large number of users connected to a switch, each user needs to be configured with a static forwarding path. This imposes a configuration burden on network administrators. This security scheme prohibits new users from visiting the network.
Enablin g flexible MAC address learning in a VLAN
If a device has only one inbound port and one outbound port, enabling flexible MAC address learning saves MAC address entries. When a new user connects to the device, MAC address learning is automatically enabled.
This security scheme saves MAC address entries and allows new users to visit the network.
This scheme allows malicious users to visit the network and the system learns MAC addresses of these users, which threatens network security.
This security scheme is applicable to all Layer 2 networks.
VLAN Policy-based VPN Access

On a Metro Ethernet (ME) network, devices use VLAN IDs to identify various services or user data flows before sending them to various Virtual Switching Instances (VSIs), Virtual Leased
Lines (VLLs), or Virtual Private Network (VPN) instances. In some scenarios (such as multiple users or services sharing one VLAN), services or user data flows cannot be distinguished by merely using VLAN IDs. To prevent this problem, you can configure a VLAN policy to use combinations of VLAN IDs and traffic priorities to distinguish services or user data flows. Table 4-4 shows VLAN policies. Table 4-4 VLAN policies VLAN Policy VLAN +802.1p Description VLAN IDs and 802.1p priority values in frames are used to distinguish users or services. This policy helps user data flows or services access L2VPNs or L3VPNs. VLAN +DSCP VLAN IDs and DSCP priority values in packets are used to distinguish users or services. This policy helps user data flows or services access L2VPNs or L3VPNs. VLAN +EthType VLAN IDs and EthType values in frames are used to distinguish users or services. This policy helps user data flows or services access only L2VPNs.
Port Isolation in a VLAN

The CX600 supports port isolation in a VLAN. One or a group of ports can be isolated in the VLAN. For port-based isolation in a VLAN, the isolated ports cannot communicate with each other at the data link layer. For communication, ARP proxy in the VLAN must be configured for the isolated ports. In this way, traffic in the VLAN can be monitored at the network layer. For the isolation based on port groups in a VLAN, you can isolate the packets between port groups by adding ports to different port groups. The ports in an isolated port group can communicate with each other and with the ports that are not added to an isolated port group. The isolation based on port groups supports the flexible planning of a VLAN and is mainly applied on the RRPP network. A VLAN involves multiple RRPP rings. The ports on different RRPP rings can be added to different port groups to avoid the broadcast storm.
Ethernet Loop Detection for a VLAN

To avoid the impact of single point failures on services, user networks are connected to the VLAN network of a carrier through redundant links. The redundant links, however, lead to loops, which further causes the broadcast storm. In networking applications, you can deploy the Spanning Tree Protocol (STP) or common loopback detection technologies to avoid the preceding problems. In practice, however, STP should be deployed at the user side, and the common loopback detection technology requires the devices at the user side to allow special Layer 2 loopback detection packets to pass through. When user networks cannot be controlled, you can deploy Ethernet loop detection supported by the CX600 over the carrier network. Ethernet loop detection need not be deployed at the user side. This also avoids the broadcast storm caused by loops formed in a VLAN network.
4.2 Configuring a VLAN Based on Ports

Configuring a VLAN based on ports allows PCs in the VLAN to communicate with each other. 4.2.1 Establishing the Configuration Task Before configuring a VLAN based on ports, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately. 4.2.2 Creating a VLAN Creating a VLAN isolates PCs that do not need to communicate with each other. This improves network security, reduces broadcast traffic, and prevents broadcast storms. 4.2.3 Configuring the Type of a Layer 2 Ethernet Port On a Layer 2 switching device, some ports identify frames with VLAN tags, whereas the others do not. Configure ports types for Layer 2 Ethernet ports as needed. 4.2.4 Adding a Port to a VLAN Adding a port to a VLAN associates the port with the VLAN. 4.2.5 Checking the Configuration After VLANs are configured based on ports, you can view the number of created VLANs and VLAN types.

Before configuring a VLAN based on ports, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately.
A company has multiple departments located in different buildings. For service security, it is required that employees in one department be able to communicate with each other, whereas employees in different departments be prohibited from communicating with each other. Devices on the network shown in Figure 4-5 are configured as follows: l Add ports connecting switches to PCs of the financial department to VLAN 5 and ports connecting switches to PCs of the marketing department to VLAN 9. This configuration prevents employees in financial and marketing departments from communicating with each other. Configure links between switches and CX device as trunk links to allow frames from VLAN 5 and VLAN 9 to pass through, allowing employees of the same department but different buildings to communicate with each other.
Issue 01 (2011-05-30)
4-15
Figure 4-5 Networking diagram for configuring a VLAN Based on Ports
network
CE1
PE GE1/0/1 GE1/0/1 GE1/0/1 GE1/0/2 Trunk ( VLAN 5 VLAN 9 )
CE2
VLAN 5 Finance Department
VLAN 9 Marketing Department
VLAN
Marketing Department
Before configuring a VLAN based on ports, complete the following task: l Connecting ports and configuring physical parameters of the ports, ensuring that the ports are physically Up
Data Preparation
To configure a VLAN based on ports, you need the following data. No. 1 2 3 Data ID of a VLAN Number of each Ethernet port to be added to the VLAN Type and priority of each Ethernet port
4.2.2 Creating a VLAN

Creating a VLAN isolates PCs that do not need to communicate with each other. This improves network security, reduces broadcast traffic, and prevents broadcast storms.
Procedure
Step 1 Run:
system-view

vlan vlan-id
A VLAN is created, and the VLAN view is displayed. If the specified VLAN has been created, the VLAN view is directly displayed. By default, the VLAN ID is 0. The VLAN ID ranges from 1 to 4094. If VLANs need to be created in batches, you can run the vlan batch command to create VLANs in batches, and then run the vlan vlan-id command to enter the view of a specified VLAN. ----End
4.2.3 Configuring the Type of a Layer 2 Ethernet Port

On a Layer 2 switching device, some ports identify frames with VLAN tags, whereas the others do not. Configure ports types for Layer 2 Ethernet ports as needed.
Context
Table 4-5 lists Layer 2 Ethernet port types. Table 4-5 Port types Port Type Method of Processing Received Untagged Frames Accepts an untagged frame and adds a tag with the default VLAN ID to the frame. Method of Processing Received Tagged Frames l Accepts a tagged frame if the VLAN ID carried in the frame is the same as the default VLAN ID. l Discards a tagged frame if the VLAN ID carried in the frame is different from the default VLAN ID. Method of Sending Frames Application
Access port
Removes the tag from a frame and sends the frame.
An access port connects a switch to a PC and can be added to only one VLAN.
Issue 01 (2011-05-30)
4-17
Port Type
Method of Processing Received Untagged Frames Discards the frame.
Method of Processing Received Tagged Frames l Accepts a tagged frame if the port permits the VLAN ID carried in the frame. l Discards a tagged frame if the port denies the VLAN ID carried in the frame.
Application
Trunk port
l Removes the tag from a received frame and sends the frame if the VLAN ID carried in the frame is the same as the default VLAN ID and permitted by the port. l Directly sends a received frame if the VLAN ID carried in the frame is different from the default VLAN ID but permitted by the port.
A trunk port can be added to multiple VLANs to send and receive frames for these VLANs. A trunk port connects a switch to another switch or to a router.
Hybrid port
Sends a received frame if the port permits the VLAN ID carried in the frame. A specified command can be used to determine whether a hybrid port sends frames with or without tags.
A hybrid port can be added to multiple VLANs to send and receive frames for these VLANs. A hybrid port can connect a switch to a PC or connect a network device to another network device.
QinQ port
QinQ ports are enabled with the IEEE 802.1QinQ protocol. A QinQ port adds a tag to a single-tagged frame, and thus supports a maximum of 4094 x 4094 VLAN tags, which meets the requirement of a Metropolitan Area Network (MAN)for the number of VLANs. For details about QinQ, see 5 QinQ Configuration.
4-18
Issue 01 (2011-05-30)
Do as follows on the PE.
Procedure
Step 1 Run:
system-view

The view of a Layer 3 Ethernet interface to be added to a VLAN is displayed. Step 3 Run:
portswitch
The Layer 3 interface is switched to the Layer 2 mode. l If an interface is borrowing the IP address of an Ethernet, a GE, or an Eth-Trunk, the portswitch command cannot be run on the Ethernet, GE, or Eth-Trunk. l If the Ethernet, GE, or Eth-Trunk has any Layer 3 configuration, the portswitch command cannot be run on the interface. Before running the portswitch command on the interface, clear all Layer 3 configurations on the interface. Step 4 Run:
port link-type trunk
The port type is configured. By default, the port type is hybrid. ----End
4.2.4 Adding a Port to a VLAN

Adding a port to a VLAN associates the port with the VLAN.
Context
l l A port connecting a switch to a PC must be configured as an access or a hybrid port. The port trunk allow-pass vlan command is invalid on access ports. A port connecting one switch to another must be configured as a trunk or hybrid port. The port default vlan command cannot be used on trunk ports.
Procedure
l Add an Ethernet port to a VLAN in the port view. 1. Run:
system-view
The system view is displayed. 2.

Issue 01 (2011-05-30)
Run:
The view of a Layer 2 Ethernet interface to be added to a VLAN is displayed. 3. Run:

port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }
To add a port to a VLAN in tagged mode. l Add an Ethernet port to a VLAN in the VLAN view. 1. Run:
system-view

vlan vlan-id
The view of the created VLAN is displayed. 3. Run:

port interface-type { interface-number1 [ to interface-number2 ] } &<1-10>
A port or a group of ports are added to a VLAN.

NOTE
The input port format must be correct. The port number following to must be greater than the port number before to. If a group of ports are specified, ensure that these ports are of the same type and all specified ports exist. In one port command, a maximum of 10 groups of ports can be specified by using to.
----End

After VLANs are configured based on ports, you can view the number of created VLANs and VLAN types.
Prerequisite
The configurations of port-based VLAN division are complete.
Procedure
Step 1 Run the display vlan [ vlan-id [ verbose ] ] command to check VLAN information. ----End
Example
Run the display vlan command. The command output shows the number of created VLANs on the device and information about VLANs such as VLAN types. For example:
<HUAWEI> display vlan The total number of vlans is : 6 VLAN ID Type Status MAC Learning Broadcast/Multicast/Unicast Property --------------------------------------------------------------------------------1 sub enable enable forward forward forward default 2 super enable enable forward forward forward default 3 sub enable enable forward forward forward default
4-20
Issue 01 (2011-05-30)
4 common 5 common 10 common backboneVLAN enable enable enable enable enable disable forward forward discard forward forward discard
forward forward discard default default
4.3 Creating a VLANIF Interface

VLANIF interfaces are Layer 3 logical interfaces. After creating VLANIF interfaces on Layer 2 devices, you can configure Layer 3 features on these interfaces. 4.3.1 Establishing the Configuration Task Before creating a VLANIF interface, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately. 4.3.2 Creating a VLANIF Interface Before configure Layer 3 features on a Layer 2 device, you must create a VLANIF interface on the device. 4.3.3 Assigning an IP Address to a VLANIF Interface As a VLANIF interface is a Layer 3 logical interface, it can communicate with other interfaces at the network layer only after being assigned an IP address. 4.3.4 (Optional) Setting a Delay After Which a VLANIF Interface Goes Down Setting a delay after which a VLANIF interface goes Down prevents network flapping caused by changes of VLANIF interface status. This function is also called VLAN damping. 4.3.5 (Optional) Configuring Bandwidth for a VLANIF Interface After configuring bandwidth for VLANIF interfaces, you can use the NMS to query the bandwidth. This facilitates traffic monitoring. 4.3.6 Checking the Configuration After a VLANIF interface is configured for communication at the network layer, you can check the IP address and status of a specified VLANIF interface.

Before creating a VLANIF interface, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately.
Layer 3 switching combines routing and switching techniques to implement routing on a switch, thus improving the overall network performance. After sending the first data flow, a Layer 3 switch generates mappings between MAC addresses and IP addresses. To send the same data flow, the switch directly sends the data flow at Layer 2 but not Layer 3 based on this mapping table. In this manner, delays on the network caused by route selection are eliminated, thus improving data forwarding efficiency. Layer 3 switches have both switching and routing functions. To allow that new data flows are correctly forwarded based on the routing table, be sure that the routing table's routing entries are correct. Therefore, VLANIF interfaces and routing protocols must be configured on Layer 3 switches for reachable Layer 3 routes.
Before creating a VLANIF interface, complete the following task: l Creating a VLAN
Data Preparation
To create a VLANIF interface, you need to the following data. No. 1 2 3 4 Data VLAN ID IP address to be assigned to the VLANIF interface (Optional) Delay after which the VLANIF interface goes Down (Optional) Bandwidth of the VLANIF interface
4.3.2 Creating a VLANIF Interface

Before configure Layer 3 features on a Layer 2 device, you must create a VLANIF interface on the device.
Procedure
Step 1 Run:
system-view

interface vlanif vlan-id
A VLANIF interface is created and the VLAIF interface view is displayed. The VLAN ID specified in this command must be the ID of an existing VLAN.
NOTE
A VLANIF interface is Up only when at least one physical port added to the corresponding VLAN is Up.
----End
4.3.3 Assigning an IP Address to a VLANIF Interface

As a VLANIF interface is a Layer 3 logical interface, it can communicate with other interfaces at the network layer only after being assigned an IP address.
Procedure
Step 1 Run:
system-view
4-22
Issue 01 (2011-05-30)

The VLANIF interface view is displayed. The VLAN ID specified in this command must be the ID of an existing VLAN. Step 3 Run:
An IP address is assigned to the VLANIF interface for communication at the network layer.
NOTE
If IP addresses assigned to VLANIF interfaces on a Layer 3 device belong to different network segments, a routing protocol must be configured on the Layer 3 switch to provide reachable routes. Otherwise, VLANIF interfaces cannot communicate with each other at the network layer. For configurations of routing protocols, see the CX600 Configuration Guide - IP Routing.
----End
4.3.4 (Optional) Setting a Delay After Which a VLANIF Interface Goes Down
Setting a delay after which a VLANIF interface goes Down prevents network flapping caused by changes of VLANIF interface status. This function is also called VLAN damping.
Context
If a VLAN goes Down because all ports in the VLAN go Down, the system immediately reports the VLAN Down event to the corresponding VLANIF interface, instructing the VLANIF interface to go Down. To prevent network flapping caused by changes of VLANIF interface status, enable VLAN damping on the VLANIF interface. After the last Up port in a VLAN goes Down, the system starts a delay timer and informs the corresponding VLANIF interface of the VLAN Down event after the timer expires. If a port in the VLAN goes Up during the delay period, the VLANIF interface remains Up.
Procedure
Step 1 Run:
system-view

damping time delay-time
The delay for VLAN damping is set.

The delay-time value ranges from 0 to 20, in seconds. By default, the value is 0 seconds, indicating that VLAN damping is disabled. ----End
4.3.5 (Optional) Configuring Bandwidth for a VLANIF Interface

After configuring bandwidth for VLANIF interfaces, you can use the NMS to query the bandwidth. This facilitates traffic monitoring.
Procedure
Step 1 Run:
system-view

bandwidth bandwidth
The VLANIF interface is configured with bandwidth. By default, the bandwidth of a VLANIF interface is 1000 Mbit/s. ----End

After a VLANIF interface is configured for communication at the network layer, you can check the IP address and status of a specified VLANIF interface.
Prerequisite
The configurations of a VLANIF interface are complete.
Procedure
l Run the display interface vlanif [ vlan-id ] command to check the physical status, link protocol status, description, and IP address of the VLANIF interface.
----End
Example
Run the display interface vlanif command. The command output shows the physical status, link protocol status, IP address, and mask of a VLANIF interface. For example:
<HUAWEI> display interface Vlanif 10 Vlanif10 current state : UP Line protocol current state : UP Last line protocol up time : 2010-08-10 15:13:07 UTC-08:00
4-24
Issue 01 (2011-05-30)
Description:HUAWEI, Vlanif10 Interface Route Port,The Maximum Transmit Unit is 1500 Internet Address is 1.1.1.1/30 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0018-2000-0140 Physical is VLANIF Current system time: 2010-08-15 14:24:02 Last 300 seconds input rate 0 bits/sec, 0 packets/sec Last 300 seconds output rate 0 bits/sec, 0 packets/sec Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicast Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicast Input bandwidth utilization : -Output bandwidth utilization : --
4.4 Configuring Inter-VLAN Communication

Configuring inter-VLAN communication allows users in different VLANs to communicate with each other. Currently, the CX600 supports several inter-VLAN communication schemes. Choose one of them as required. 4.4.1 Establishing the Configuration Task Before configuring inter-VLAN communication, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately. 4.4.2 Configuring Sub-interfaces for Inter-VLAN Communication If users belong to different VLANs and reside on different network segments, sub-interfaces can be created on a CX device and assigned IP addresses to allow these users to communicate with each other at the network layer. 4.4.3 Configuring VLANIF Interfaces for Inter-VLAN Communication Configuring VLANIF interfaces for inter-VLAN communication saves expenditure and helps implement fast forwarding. 4.4.4 Configuring VLAN Mapping for Inter-VLAN Communication The configuration of VLAN mapping is simple and independent of Layer 3 routing. 4.4.5 Checking the Configuration After inter-VLAN communication is configured, you can check whether users in different VLANs can communicate with each other and check information about VLANs to which users belong.

Before configuring inter-VLAN communication, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately.
Currently, schemes listed in Table 4-6 are provided for inter-VLAN communication. You can choose one of them based on the real world situation.
Issue 01 (2011-05-30)
4-25
Table 4-6 Schemes for inter-VLAN communication Inter-VLAN Communica tion Scheme Sub-interface Advantage Disadvantage Usage Scenario
After sub-interfaces are configured, users in different VLANs and network segments can communicate with each other as long as routes are reachable.
l Both Layer 2 and Layer 3 devices are required, which increases expenditure. l If multiple users on a network belong to different VLANs, each VLAN requires a sub-interface on a Layer 3 device. Each sub-interface needs to be assigned an IP address. This increases configuration workload and uses up a large number of IP addresses. If multiple users on a network belong to different VLANs, each VLAN requires a VLANIF interface. Each VLANIF interface needs to be assigned an IP address. This increases configuration workload and uses a lot of IP addresses.
This scheme is applicable to smallscale networks on which users belong to different network segments.
VLANIF interface
After VLANIF interfaces are configured, users in different VLANs and network segments can communicate with each other as long as routes are reachable. Inter-VLAN communication can also be implemented by Layer 3 switches if routes are reachable. This scheme boasts of low operating costs.
This scheme is applicable to smallscale networks on which users belong to different network segments and IP addresses of these users are seldom changed.
VLAN mapping
This scheme is easily configured and does not rely on routes.
IP addresses of users in different VLANs must belong to the same network segment.
This scheme is applicable to largescale networks on which multiple users belong to one network segment.
Before configuring inter-VLAN communication, complete the following task:
Creating VLANs
Data Preparation
To configure inter-VLAN communication, you need the following data. No. 1 2 3 Data Number of each Ethernet sub-interface, IP address and mask of the sub-interface, and VLAN ID associated with the sub-interface VLAN ID, VLANIF interface number, IP address and mask of the VLANIF interface, and (optional) bandwidth of the VLANIF interface (Optional) Port type, VLAN ID before mapping, and VLAN ID after mapping
4.4.2 Configuring Sub-interfaces for Inter-VLAN Communication

If users belong to different VLANs and reside on different network segments, sub-interfaces can be created on a CX device and assigned IP addresses to allow these users to communicate with each other at the network layer.
Context
During communication at the data link layer on a LAN, source MAC addresses identify where data comes from, and destination MAC addresses guide data to destinations. If the source and destination PCs reside on different network segments, a Layer 2 network is unable to send data from the source to the destination. In this case, data has to be forwarded at the network layer 3. After the default gateway address of the switch is specified as the IP address of the CX device, the switch sends data that needs to be forwarded at the network layer to the CX device. After receiving a packet, the CX device searches its routing table according to the destination address in the packet. If the CX device finds a matching route in the routing table, the CX device directly forwards the packet to another network segment. If the CX device does not find any matching route, it discards the packet. On the network shown in Figure 4-6, VLANs 2 to n belong to different network segments. To allow users in VLANs 2 to n to communicate with each other, you can create a sub-interface on the CX device for each VLAN and assign an IP address to each sub-interface. After VLANs are configured, the switch is logically divided into n parts. Accordingly, the CX device must have n logical interfaces corresponding to n VLANs. The detailed implementation process is as follows: 1. 2. A PC in VLAN 2 checks the destination IP address and finds that the destination PC in VLAN n is on a different network segment. The PC in VLAN 2 sends an ARP request. After receiving the request, the CX device considers itself the destination, translates its MAC address into an IP address, and sends an ARP reply to the PC in VLAN 2. After receiving data from the PC in VLAN 2, the Layer 2 switch adds a VLAN tag to the data and searches the MAC address table for an outbound port. The CX device receives the frame and sends it to sub-interface 2.
3. 4.
Issue 01 (2011-05-30)
5. 6.
Sub-interface 2 removes the VLAN tag from the frame, searches for an ARP entry based on the IP address in the IP header, and forwards the packet at the network layer. Sub-interface n receives the packet, reencapsulates the packet with the VLAN ID of n and the destination MAC address of the MAC address of the destination PC, and sends the frame. After receiving the frame, the Layer 2 switch searches the MAC address table for the destination MAC address based on the VLAN ID carried in the packet to determine the outbound port. The PC in VLAN n receives the frame from VLAN 2. If a PC in VLAN n sends a packet to a PC in VLAN 2, the process is similar and not described in this document.
7.
8.
Figure 4-6 Networking diagram for configuring sub-interfaces for inter-VLAN communication
CX600 GE1/0/1.1 IP Address:x.x.x.x/x GE1/0/1.n IP Address:x.x.x.x/x

Trunk
Switch
Access port
VLAN2
-
VLANn
On the network shown in Figure 4-6, downstream ports on the switch are separately added to VLAN 2 to VLAN n. The configuration roadmap for communication between these VLANs is as follows: 1. 2. 3. 4. Create n-1 sub-interfaces on the Etherent interface connecting the CX device to the switch. The sub-interface is associated with a VLAN. Assign an IP address to each sub-interface for communication at the network layer. Configure the port connecting the switch to the CX device as a trunk or hybrid port to allow frames with VLAN IDs from 2 to n to pass through.
NOTE
The default gateway address of each PC in a VLAN must be the IP address of the corresponding subinterface. Otherwise, inter-VLAN communication fails.
4-28
Issue 01 (2011-05-30)
Procedure
l Do as follows on the CX device: 1. Run:
system-view

interface { ethernet | gigabitethernet } interface-number.subinterfacenumber
An Ethernet sub-interface is created and the view of the Ethernet sub-interface is displayed. The Ethernet interface in this step is the interface connecting the CX device to the switch. 3. Run:
vlan-type dot1q vlan-id
The sub-interface is associated with a VLAN.

NOTE
Sub-interfaces of different interfaces can be associated with the same VLAN; sub-interfaces of one interface cannot be associated with the same VLAN.
4.
Run:
An IP address is assigned to the sub-interface for communication at the network layer. l Do as follows on the switch: Configure VLANs. For details, see 4.2 Configuring a VLAN Based on Ports. ----End
4.4.3 Configuring VLANIF Interfaces for Inter-VLAN Communication

Configuring VLANIF interfaces for inter-VLAN communication saves expenditure and helps implement fast forwarding.
Context
VLAIF interfaces are Layer 3 logical interfaces. After being assigned IP addresses, VLANIF interfaces are able to communicate at the network layer. Layer 3 switches and routers can be configured with VLANIF interfaces. By using VLANIF interfaces to implement inter-VLAN communication, you need to configure a VLANIF interface for each VLAN and assign an IP address to each VLANIF interface. The communication process by using VLANIF interfaces is similar to that by using sub-interfaces.
Issue 01 (2011-05-30)
4-29
Figure 4-7 Networking diagram for configuring VLANIF interfaces for inter-VLAN communication
PE
VLANIF2
VLANIFn
CE1
CE2
VLAN2
VLANn
NOTE
The default gateway address of each PC in a VLAN must be the IP address of the corresponding VLANIF interface. Otherwise, inter-VLAN communication will fail.
Procedure
Step 1 Run:
system-view

A VLANIF interface is created and the VLAIF interface view is displayed. The VLAN ID specified in this command must be the ID of an existing VLAN.
NOTE
A VLANIF interface is Up only when at least one physical port added to the corresponding VLAN is Up.
Step 3 Run:
An IP address is assigned to the VLANIF interface. VLANIF interfaces must belong to different network segments. ----End
4.4.4 Configuring VLAN Mapping for Inter-VLAN Communication

The configuration of VLAN mapping is simple and independent of Layer 3 routing.
Context
VLAN mapping is also called VLAN translation. With VLAN mapping, a switch maps the VLAN tag of a frame to another VLAN tag after receiving the frame and before sending the frame. On the network shown in Figure 4-8, ports connecting CE 1 to users are added to VLAN 2 and ports connecting CE 2 to users are added to VLAN 3. To allow users in VLAN 2 and VLAN 3 to communicate with each other, configure VLAN mapping on GE 1/0/1 connecting CE 1 to CE 2. l l Before sending a frame to VLAN 3, GE 1/0/1 on CE 1 replaces the VLAN ID 2 in the frame with the VLAN ID 3. After receiving a frame from VLAN 3, GE 1/0/1 on CE 1 replaces the VLAN ID 3 in the frame with the VLAN ID 2.
Figure 4-8 Networking diagram for configuring VLAN mapping for inter-VLAN communication
VLAN2 2 3
VLAN3
CE1
GE1/0/1
CE2
2 2
172.16.0.1/16
172.16.0.7/16
NOTE
Before configuring VLAN mapping to allow PCs in two VLANs to communicate, IP addresses of the PCs must belong to the same network segment. Otherwise, devices in different VLANs must communicate with each other at the network layer. In this case, VLAN mapping does not make sense.
Procedure
Step 1 Run:
system-view
The system view is displayed. Step 2 Add ports connecting CE 1 and CE 2 to users to separate VLANs.
Configure VLANs. For details, see 4.2 Configuring a VLAN Based on Ports. Step 3 Configure the Layer 2 port type. 1. 2. Run the interface interface-ytpe interface-number command to enter the view of an Ethernet port to be configured with VLAN mapping. Run the port link-type trunk command to configure the Layer 2 Ethernet port as a trunk port. By default, the port type is hybrid. Step 4 Run:
port vlan-mapping vlan vlan-id1 [ to vlan-id2 ] map-vlan vlan-id3
VLAN mapping is configured to change the outer VLAN tag to vlan-id3. By default, VLAN mapping is disabled on ports. Step 5 Run the port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all } command to specify the VLAN IDs. Frames carrying these VLAN IDs can pass through the port configured with VLAN mapping. The VLAN ID specified in this command must be private VLAN IDs but not public VLAN IDs. ----End

After inter-VLAN communication is configured, you can check whether users in different VLANs can communicate with each other and check information about VLANs to which users belong.
Prerequisite
The configurations of inter-VLAN communication are complete.
Procedure
l Run the ping [ ip ] [ -a source-ip-address | -c count | -d | -f | -h ttl-value | -i interfacetype interface-number | -m time | -n | -p pattern | -q | -r | -s packetsize | -system-time | -t timeout | -tos tos-value | -v | -vpn-instance vpn-instance-name ] * host command to check whether users in different VLANs can communicate with each other. If the ping fails, you can run the following commands to locate the fault: Run the display vlan [ vlan-id [ verbose ] ] command to check information about all VLANs or a specified VLAN. Run the display interface vlanif [ vlan-id ] command to check information about VLANIF interfaces. Before running this command, ensure that VLANIF interfaces have been configured. If VLAN aggregation is configured, run the following commands: Run the display super-vlan [ vlan-id ] command to check sub-VLANs contained in a super-VLAN. Run the display sub-vlan [ vlan-id ] command to check mappings between subVLANs and super-VLANs. ----End
Example
Check whether the PC at 10.1.1.2 is reachable.
<HUAWEI> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=2 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=1 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=1 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=1 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=1 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/2 ms
ms ms ms ms ms
If the ping fails, you can run the following commands to locate the fault: l Run the display vlan command. The command output shows the VLAN ID, VLAN type, and VLAN status. For example:
<HUAWEI> display vlan The total number of vlans is : 3 VLAN ID Type Status MAC Learning Broadcast/Multicast/Unicast Property ------------------------------------------------------------------------------10 common enable enable forward forward forward default 20 common enable enable forward forward forward default 30 *common enable enable forward forward forward default
<HUAWEI> display interface Vlanif 10 Vlanif10 current state : UP Line protocol current state : UP Last line protocol up time : 2010-08-10 15:13:07 UTC-08:00 Description:HUAWEI, Vlanif10 Interface Route Port,The Maximum Transmit Unit is 1500 Internet Address is 1.1.1.1/30 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0018-2000-0140 Last 300 seconds input rate 0 bits/sec, 0 packets/sec Last 300 seconds output rate 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes Output: 0 packets, 0 bytes Input bandwidth utilization : -Output bandwidth utilization : --
Run the display sub-vlan command. The command output shows the VLAN ID of each sub-VLAN and the VLAN ID of each super-VLAN to which a sub-VLAN belongs.
<HUAWEI> display sub-vlan VLAN ID Super-vlan ----------------------------10 40 20 40 30 40
Run the display super-vlan command. The command output shows the VLAN ID of each sub-VLAN and the VLAN ID of each super-VLAN to which a sub-VLAN belongs.
<HUAWEI> display super-vlan VLAN ID Sub-vlan -------------------------40 10 20 30
Issue 01 (2011-05-30)
4-33
4.5 Configuring VLAN Security Attributes

Configuring VLAN security attributes ensures reliable transmission of user data. Currently, the CX600 supports several security attributes. You can configure security attributes as required. 4.5.1 Establishing the Configuration Task Before configuring VLAN security attributes, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately. 4.5.2 Disabling a Port from Broadcasting Packets to Other Ports in the Same VLAN Disabling a port from broadcasting packets to other ports in the same VLAN prevents malicious attacks and improves network security. 4.5.3 Disabling MAC Address Learning in a VLAN If a device has only one inbound port and one outbound port, or the network topology is stable, MAC address learning in a VLAN can be disabled. 4.5.4 Enabling Flexible MAC Address Learning in a VLAN If a Layer 2 switching device enabled with flexible MAC address learning in a VLAN has only one inbound port and one outbound port, the system automatically disables MAC address learning to release resources that have been used for MAC address learning. 4.5.5 (Optional) Disabling an Interface from Sending Unknown Unicast Packets to Other Interfaces in a VLAN Prohibiting interfaces in a VLAN from sending unknown unicast packets can effectively guard against the broadcast of malicious packets within the VLAN. 4.5.6 Checking the Configuration After VLAN security attributes are configured, you can check whether a VLAN is enabled with the broadcast function and the MAC address learning function.

Before configuring VLAN security attributes, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately.
Table 4-7 lists VLAN security attribute schemes.
4-34
Issue 01 (2011-05-30)
Table 4-7 Security schemes for VLANs Securit y Schem e Disabli ng a port from broadca sting packets to other ports in the same VLAN Description Advantage Disadvantage Usage Scenario
If a port in a VLAN receives a broadcast or unknown unicast packet, it will broadcast the packet to other ports in the VLAN. If the broadcast or unknown unicast packet is malicious, system resources waste and device performance deteriorates or even the device malfunctions. Disabling the port from broadcasting packets to other ports in the VLAN prevents malicious attacks.
Issue 01 (2011-05-30)
4-35
Securit y Schem e Disabli ng MAC address learning in a VLAN
Description
Advantage
Disadvantage
Usage Scenario
l If a device has only one inbound port and one outbound port, MAC address learning in a VLAN can be disabled. l This security scheme is applicable to networks that are no longer accommodatin g new users.
l MAC address entries are saved. l Security is guaranteed because no new users will be connected to the network.
This security scheme requires that the network has fixed users and forwarding paths have been established by using dynamic MAC address learning or by manually configuring MAC addresses. If there are a large number of users connected to a switch, each user needs to be configured with a static forwarding path. This imposes a configuration burden on network administrators. This security scheme prohibits new users from visiting the network.
Enablin g flexible MAC address learning in a VLAN
If a device has only one inbound port and one outbound port, enabling flexible MAC address learning saves MAC address entries. When a new user connects to the device, MAC address learning is automatically enabled.
This security scheme saves MAC address entries and allows new users to visit the network.
This scheme allows malicious users to visit the network and the system learns MAC addresses of these users, which threatens network security.
This security scheme is applicable to all Layer 2 networks.
Before configuring VLAN security attributes, complete the following task:
Creating VLANs
Data Preparation
To configure VLAN security attributes, you need the following data. No. 1 Data VLAN ID and (optional) VLAN name
4.5.2 Disabling a Port from Broadcasting Packets to Other Ports in the Same VLAN
Disabling a port from broadcasting packets to other ports in the same VLAN prevents malicious attacks and improves network security.
Context
If a port in a VLAN receives a broadcast or unknown unicast packet, it will broadcast the packet to other ports in the VLAN. If the broadcast or unknown unicast packet is malicious, system resources waste and device performance deteriorates or even the device malfunctions. Disabling the port from broadcasting packets to other ports in the VLAN prevents malicious attacks. This security scheme is applicable to topology-stable networks or networks on which MAC addresses are configured and forwarding paths are specified.
Procedure
Step 1 Run:
system-view

vlan vlan-id
The VLAN view is displayed.

TIP
If a device is configured with multiple VLANs, do as follows to configure a name for each VLAN: Run the name vlan-name command in the VLAN view. After a VLAN name is configured, you can run the vlan vlan-name vlan-name command in the system view to enter the corresponding VLAN view.
Step 3 Run:
broadcast discard
The port is disabled from broadcasting packets to other ports in the same VLAN. By default, a port can broadcast packets to other ports in the same VLAN. ----End
4.5.3 Disabling MAC Address Learning in a VLAN

If a device has only one inbound port and one outbound port, or the network topology is stable, MAC address learning in a VLAN can be disabled.
Context
A company has multiple departments located in different stories of a building. It is required that PCs of one department be grouped into a VLAN and PCs in different departments be grouped into different VLANs. On the network shown in Figure 4-9, department 1 belongs to VLAN 2; department 2 belongs to VLAN 3; the public sector belongs to VLAN 10. Users in VLANs 2 and 3 can access VLAN 10. Users in VLAN 2 or 3 can communicate with each other. Users in VLAN 2 cannot communicate with users in VLAN 3. To reduce the number of MAC address entries saved on the core switching device and prevent visitors from accessing the company's network, you can disable MAC address learning in a VLAN on CE 1 and CE 5.
NOTE
Disabling MAC address learning in a VLAN is suitable for a device that has only one inbound port and one outbound port or a network with a stable topology.
Figure 4-9 Networking diagram for disabling MAC address learning in a VLAN
CX mac-address learning disable
mac-address learning disable Switch1 Switch5 Switch7 Switch6
Switch4
Switch2
Switch3
Department1 Department2 VLAN2 VLAN3
Department1 VLAN2
Public sector VLAN 10
Procedure
Step 1 Run:
system-view
4-38
Issue 01 (2011-05-30)

vlan vlan-id
The VLAN view is displayed.

TIP
Step 3 Run:
mac-address learning disable
MAC address learning in a VLAN is disabled. By default, MAC address learning is enabled in a VLAN. ----End
Follow-up Procedure
After MAC address learning in a VLAN is disabled, to guarantee high forwarding efficiency, do as follows: l l Limit the number of MAC addresses in the MAC address table. Select an action to be taken when the number of MAC addresses exceeds the upper threshold, such as discard, forward, or alarm.
4.5.4 Enabling Flexible MAC Address Learning in a VLAN

If a Layer 2 switching device enabled with flexible MAC address learning in a VLAN has only one inbound port and one outbound port, the system automatically disables MAC address learning to release resources that have been used for MAC address learning.
Context
If the core switching device of a company has only one inbound port and one outbound port, you can disable MAC address learning in a VLAN to save resources. On the network shown in Figure 4-10, after MAC address learning in a VLAN is disabled on CE 1, S1 cannot access the network. This hinders network expansion. To address this problem, you can enable flexible MAC address learning in a VLAN on CE 1. After flexible MAC address learning is enabled on CE 1: l l If CE 1 has only one inbound port and one outbound port, the system automatically disables MAC address learning to save resources. If CE 1 has multiple inbound or outbound ports, the system automatically enables MAC address learning.
NOTE
l Newly-added users must be in the VLAN enabled with MAC address learning. l Any Layer 2 network can be enabled with flexible MAC address learning in a VLAN.
Issue 01 (2011-05-30)
4-39
Figure 4-10 Networking diagram for enabling flexible MAC address learning in a VLAN
CX mac-learning smart vlan enable
CX
mac-address learning disable
Switch1 Switch3 Switch2 Switch3 Switch2
Department1 Departmentn VLAN2 VLANn
Department1 Departmentn VLAN2 VLANn
Procedure
Step 1 Run:
system-view

mac-learning smart vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> enable
Flexible MAC address learning is enabled in a VLAN. By default, flexible MAC address learning is disabled in a VLAN. ----End
4.5.5 (Optional) Disabling an Interface from Sending Unknown Unicast Packets to Other Interfaces in a VLAN
Prohibiting interfaces in a VLAN from sending unknown unicast packets can effectively guard against the broadcast of malicious packets within the VLAN.
Procedure
Step 1 Run:
system-view

Step 2 Run:
vlan vlan-id
A VLAN is created and the VLAN view is displayed. Step 3 Run:

unknown-unicast discard [ mac-learning ]
The interfaces in the VLAN are configured to discard unknown unicast packets. When an interface in a VLAN receives an unknown unicast packet, the interface broadcasts the packet in the VLAN by default. When the discarding of unknown unicast packets is configured, you can forbid interfaces in a VLAN to forward unknown unicast packets to restrict broadcast of malicious packets. If mac-learning is configured, the interfaces in the VLAN can learn the source MAC addresses of the received unknown unicast packets when discarding the packets. ----End

After VLAN security attributes are configured, you can check whether a VLAN is enabled with the broadcast function and the MAC address learning function.
Prerequisite
The configurations of VLAN security attributes are complete.
Procedure
l Run the display vlan [ vlan-id [ verbose ] ] command to check information about all VLANs or a specified VLAN.
----End
Example
Run the display vlan command. The command output shows that VLANs have been enabled with the broadcast function and the MAC address learning function. For example:
<HUAWEI> display vlan The total number of vlans is : 4 VLAN ID Type Status MAC Learning Broadcast/Multicast/Unicast Property -------------------------------------------------------------------------------10 common enable enable forward forward forward default 20 common enable enable forward forward forward default 30 common enable enable forward forward forward default 40 common enable enable forward forward forward default
4.6 Configuring VLAN Aggregation to Save IP Addresses

VLAN aggregation prevents the waste of IP addresses and implements inter-VLAN communication. 4.6.1 Establishing the Configuration Task
Before configuring VLAN aggregation, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately. 4.6.2 Creating a Sub-VLAN Each sub-VLAN functions as a broadcast domain. 4.6.3 Creating a Super-VLAN A super-VLAN consists of several sub-VLANs. No physical port can be added to a super-VLAN, but a VLANIF interface can be configured for the super-VLAN and an IP address can be assigned to the VLANIF interface. 4.6.4 Assigning an IP Address to the VLANIF Interface of a Super-VLAN The IP address of the VLANIF interface of a super-VLAN must contain the subnet segments where users in sub-VLANs reside. All the sub-VLANs use the IP address of the VLANIF interface of the super-VLAN, thus saving IP addresses. 4.6.5 (Optional) Configuring an IP Address Pool for a Sub-VLAN Specifying an IP address range for users in a sub-VLAN filters out invalid users of which IP addresses are beyond the range. 4.6.6 (Optional) Enabling Proxy ARP on the VLANIF Interface of a Super-VLAN PCs in different sub-VLANs cannot directly communicate with each other. To allow these PCs to communicate with each other at Layer 3, enable proxy ARP on the VLANIF interface of the super-VLAN. 4.6.7 Checking the Configuration After VLAN aggregation is configured, you can view VLAN types and information about VLANIF interfaces, such as the physical status, link protocol status, IP address, and mask.

Before configuring VLAN aggregation, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately.
As networks expand, address resources become insufficient. VLAN aggregation is developed to save IP addresses. In VLAN aggregation, one super-VLAN is associated with multiple sub-VLANs. Physical ports cannot join a super-VLAN but a VLANIF interface can be created for the super-VLAN and an IP address can be assigned to the VLANIF interface. Physical ports can join a sub-VLAN but no VLANIF interface can be created for the sub-VLAN. All the ports in the sub-VLAN use the same IP address with the VLANIF interface of the super-VLAN. This saves subnet IDs, default gateway addresses of the subnets, and directed broadcast addresses of the subnets. In addition, different broadcast domains can use the addresses in the same subnet segment. As a result, subnet differences are eliminated, addressing becomes flexible, and the number of idle addresses is reduced. VLAN aggregation allows each sub-VLAN to function as a broadcast domain and reduces the waste of IP addresses to be assigned to ordinary VLANs. Figure 4-11 shows the typical VLAN aggregation networking.
4-42
Issue 01 (2011-05-30)
Figure 4-11 Typical networking diagram for VLAN aggregation
PE
Super VLAN4
CE1
CE2
Sub-VLAN 2
Sub-VLAN 3
Before configuring VLAN aggregation, complete the following task: l Connecting ports and configuring physical parameters of the ports, ensuring that the ports are physically Up
Data Preparation
To configure VLAN aggregation, you need the following data. No. 1 2 3 Data ID of each sub-VLAN and number of each port belonging to the sub-VLAN ID of a super-VLAN IP address and mask of a VLANIF interface
4.6.2 Creating a Sub-VLAN

Each sub-VLAN functions as a broadcast domain.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-05-30)
4-43

vlan vlan-id
A sub-VLAN is created and the sub-VLAN view is displayed.

TIP
Step 3 Run:
A port is added to the sub-VLAN. ----End
4.6.3 Creating a Super-VLAN

A super-VLAN consists of several sub-VLANs. No physical port can be added to a super-VLAN, but a VLANIF interface can be configured for the super-VLAN and an IP address can be assigned to the VLANIF interface.
Context
NOTE
Before configuring a super-VLAN, ensure that sub-VLANs have been configured.
Procedure
Step 1 Run:
system-view

vlan vlan-id
A VLAN is created, and the VLAN view is displayed. The VLAN ID of a super-VLAN must be different from every sub-VLAN ID. Step 3 Run:
aggregate-vlan
A super-VLAN is created. Using the undo aggregate-vlan command in the VLAN view changes a super-VLAN to a subVLAN. Step 4 Run:
access-vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>
A sub-VLAN is added to a super-VLAN.

Only sub-VLANs can be added to a super-VLAN. Before adding sub-VLANs to a super-VLAN in batches, ensure that these sub-VLANs are not configured with VLANIF interfaces. ----End
4.6.4 Assigning an IP Address to the VLANIF Interface of a SuperVLAN

The IP address of the VLANIF interface of a super-VLAN must contain the subnet segments where users in sub-VLANs reside. All the sub-VLANs use the IP address of the VLANIF interface of the super-VLAN, thus saving IP addresses.
Procedure
Step 1 Run:
system-view

A VLANIF interface is created for a super-VLAN, and the view of the VLANIF interface is displayed. Step 3 Run:
An IP address is assigned to the VLANIF interface. ----End
4.6.5 (Optional) Configuring an IP Address Pool for a Sub-VLAN

Specifying an IP address range for users in a sub-VLAN filters out invalid users of which IP addresses are beyond the range.
Context
After configuring an IP address pool for a sub-VLAN, note the following points: l l The sub-VLAN processes only packets carrying IP addresses in this address pool, such as ARP Request, ARP Reply, ARP Proxy, and ARP Miss packets. If the super VLAN is enabled with proxy ARP, the system directly sends an ARP Request packet from a user in the sub-VLAN to the sub-VLAN based on the IP address carried in the packet. This reduces broadcast traffic. When sending an ARP Miss packet carrying the IP address in the address pool, the system directly broadcasts the packet in the sub-VLAN to ensure that traffic is properly forwarded.
Procedure
Step 1 Run:
system-view

Step 2 Run:
vlan vlan-id
The view of a created sub-VLAN is displayed. Step 3 Run:

ip pool start-address [ to end-address ]]
An IP address pool is configured for the sub-VLAN. ----End
4.6.6 (Optional) Enabling Proxy ARP on the VLANIF Interface of a Super-VLAN

PCs in different sub-VLANs cannot directly communicate with each other. To allow these PCs to communicate with each other at Layer 3, enable proxy ARP on the VLANIF interface of the super-VLAN.
Context
VLAN aggregation allows sub-VLANs to use the same subnet address, but prevents PCs in different sub-VLANs from communicating with each other at the network layer. PCs in ordinary VLANs can communicate with each other at the network layer by using different gateway addresses. In VLAN aggregation, PCs in a super-VLAN use the same subnet address and gateway address. As PCs in different sub-VLANs belong to one subnet, they communicate with each other only at Layer 2, not Layer 3. These PCs are isolated from each other at Layer 2. Consequently, PCs in different sub-VLANs cannot communicate with each other. Proxy ARP is required to enable PCs in a sub-VLAN to communicate with PCs in another subVLAN or PCs on other networks. After a super-VLAN and its VLANIF interface are created, proxy ARP must be enabled to allow the super-VLAN to forward or process ARP request and reply packets. Proxy ARP helps PCs in sub-VLANs communicate with each other at the network layer.
NOTE
An IP address must have been assigned to the VLANIF interface corresponding to the super-VLAN. Otherwise, proxy ARP cannot take effect.
VLAN aggregation simplifies configurations for the network where many VLANs are configured and PCs in different VLANs need to communicate with each other.
Procedure
Step 1 Run:
system-view

The view of the VLANIF interface of the super-VLAN is displayed. Step 3 Run:
arp-proxy enable
4-46
Issue 01 (2011-05-30)
Proxy ARP is enabled on the VLANIF interface. Step 4 Run:

arp-proxy inter-sub-vlan-proxy enable
Inter-sub-VLAN proxy ARP is enabled. ----End

After VLAN aggregation is configured, you can view VLAN types and information about VLANIF interfaces, such as the physical status, link protocol status, IP address, and mask.
Prerequisite
The VLAN aggregation configurations are complete.
Procedure
l l l l Run the display vlan [ vlan-id [ verbose ] ] command to check VLAN information. Run the display interface vlanif [ vlan-id ] command to check information about a specific VLANIF interface. Run the display sub-vlan command to check mappings between sub-VLANs and superVLANs. Run the display super-vlan command to check sub-VLANs contained in a super-VLAN.
----End
Example
Run the display vlan verbose command. The command output shows the VLAN type. For example:
<HUAWEI> display vlan 40 verbose VLAN ID : 40 VLAN Type : Super Description : VLAN 0040 Status : Enable Broadcast : Enable MAC learning : Enable Statistics : Disable --------------sub-VLAN List: 3
<HUAWEI> display interface vlanif 2 Vlanif2 current state : UP Line protocol current state : UP Last line protocol up time : 2009-04-07 10:51:54 Description : Vlanif10 Interface, Route Port Route Port,The Maximum Transmit Unit is 1500 Internet Address is 10.110.10.11/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-ab74-7700 Physical is VLANIF Last 300 seconds input rate 0 bits/sec, 0 packets/sec Last 300 seconds output rate 0 bits/sec, 0 packets/sec Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec
Issue 01 (2011-05-30)
4-47
Input: 0 0 0 Output:0 0 0
packets,0 bytes, unicast,0 broadcast,0 multicast errors,0 drops,0 unknowprotocol packets,0 bytes, unicast,0 broadcast,0 multicast errors,0 drops
Run the display sub-vlan command. The command output shows mappings between subVLANs and super-VLANs.
<HUAWEI> display sub-vlan VLAN ID Super-vlan ----------------------------10 40 20 40 30 40
Run the display super-vlan command. The command output shows sub-VLANs contained in a super-VLAN.
<HUAWEI> display super-vlan VLAN ID Sub-vlan -------------------------40 10 20 30
4.7 Configuring VLAN Policy-based VPN Access

VLAN policy-based VPN access allows VLLs, VSIs, or VPN instances to transmit separate services. Currently, the CX600 supports several VLAN policy-based VPN access schemes. Choose one of them as required. 4.7.1 Establishing the Configuration Task Before configuring VLAN policy-based VPN access, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately. 4.7.2 Configuring a VLAN Policy VLAN policies refer to VLAN+802.1p, VLAN+DSCP, and VLAN+EthType policies. With VLAN policies, a device can send services to corresponding VLLs, VSIs, or VPN instances. In this manner, Different types of services are transmitted in separate VLLs, VSIs, or VPN instances. 4.7.3 Configuring a VPN After a VLAN matching policy is configured, you need to configure a VPN so that users over an L2VPN and an L3VPN can communicate with each other. 4.7.4 Checking the Configuration After VLAN policy-based VPN access is configured, you can check information about subinterfaces with the same VLAN ID on an interface.

Before configuring VLAN policy-based VPN access, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately.
On a Metro Ethernet (ME) network, VLAN IDs are used to identify various services or user packets before them access to various VSIs, VLLs, or VPN instances. If multiple types of
services share one VLAN ID, as shown in Figure 4-12, services cannot be differentiated merely by using VLAN IDs. As a result, part of high-priority traffic over the operator's network cannot be scheduled in time, which deteriorates users' experience. Figure 4-12 Networking diagram for multiple types of services sharing one VLAN ID
BTV VOD Platform SR HSI UPE

PW1
Video
VoIP
Switch
PW2
Internet BRAS Data flow1 Data flow2
IPTV VLAN 10
It is required that the UPE be able to identify VLAN IDs carried in frames and parse priorities of the frames. The UPE sends frames to different PWs based on the VLAN IDs and priorities of the frames. In this manner, frames with high priorities can be scheduled in time.
Before configuring VLAN policy-based VPN access, complete the following task: l Ensuring that the UPE receives only untagged or single-tagged frames
Data Preparation
To configure VLAN policy-based VPN access, you need the following data. No. 1 Data 802.1p priority, DCSP priority, or EthType value
Issue 01 (2011-05-30)
4-49
No. 2
Data Number of the interface connecting the UPE to users and IP address of this interface l Data for configuring an L2VPN, including: VSI ID (Two ends of a PW must be configured with the same VSI ID.) MPLS LSR ID VSI name Interface to which the VSI is bound l Data for configuring an L3VPN, including: VPN instance name and RD VPN target AS number of the UPE IP address and interface by which the UPE establishes a BGP peer relationship Mode for the UPE and switch to exchange routing information: static routes, Routing Information Protocol (RIP), Open Shortest Path First (OSPF), Intermediate System to Intermediate System (IS-IS), or Border Gateway Protocol (BGP) (Optional) Description of the VPN instance (Optional) Routing policy for sending and receiving VPN routing information (Optional) Tunnel policy (Optional) Maximum number of routes allowed by the VPN instance
4.7.2 Configuring a VLAN Policy

VLAN policies refer to VLAN+802.1p, VLAN+DSCP, and VLAN+EthType policies. With VLAN policies, a device can send services to corresponding VLLs, VSIs, or VPN instances. In this manner, Different types of services are transmitted in separate VLLs, VSIs, or VPN instances.
Context
If non-IP services are transmitted between the Base Transceiver Station (BTS) and the CSG, either of the following policies can be configured: l VLAN+802.1p On the network shown in Figure 4-13, Asynchronous Transfer Mode (ATM) or Time Division Multiplex (TDM) links interconnect the BTS and CSG, and the Mobile Aggregation Site Gateway (MASG) and Base Station Controller (BSC). To transmit ATM services from the BTS to the remote BSC, you need to configure PWE3 between the CSG and the MASG to transparently transmit ATM cells. Figure 4-13 uses the VLAN+802.1p-based L2VPN access as an example. The process for VLAN+802.1p-based L3VPN access is similar and not described in this document.
Figure 4-13 Networking diagram for VLAN+802.1p-based L2VPN access
Signal Voice Manage Data
PWE3 xDSL IP/Eth PE1 VSI VSI VSI VSI IP/Eth PE2 MASG BSC
BTS
CSG IP DSLAM
PE3
PE4 Per Service Per VSI Ethernet Ethernet ATM/TDM over VSI
ATM/TDM
Ethernet
VLAN+DSCP On the network shown in Figure 4-14, ATM or TDM links interconnect the BTS and CSG, and the MASG and BSC. To allow ATM cells to be transmitted over an IPv4 network, you need to configure Generic Routing Encapsulation (GRE) for ATM cells. To transmit ATM services from the BTS to the remote BSC, you need to configure PWE3 between the CSG and the MASG to transparently transmit ATM cells. Figure 4-14 uses VLAN+DSCP-based L2VPN access as an example. The process for VLAN+DSCP-based L3VPN access, untagged+DSCP-based L3VPN access, or VLAN +DSCP-based L2VPN access is similar and not described in this document. Figure 4-14 Networking diagram for VLAN+DSCP-based L2VPN access
GRE encapsulation
Signal Voice Manage Data
PW
GRE decapsulation
CSG VLAN+DSCP L2VPN PE1 BTS GRE ATM/TDM PW over GRE ATM/TDM PE2 MASG BSC
Issue 01 (2011-05-30)
4-51
NOTE
l The DSCP value is carried in IP packets. To make the VLAN+DSCP policy take effect, ensure that only IP services are sent to the CSG. If non-IP services are sent to the CSG, a GRE tunnel must be configured on the CSG to transparently transmit the non-IP services over the IPv4 network. l There is no difference in PE configurations regardless of whether IP or non-IP services are sent to the BTS. In this usage scenario, only PE configurations are concerned. For configurations of other devices, see related configuration manuals. l 802.1p or DSCP priorities can be changed on the CSG by using commands.
Procedure
Step 1 Run:
system-view

interface { ethernet | gigabitethernet } interface-number.subinterface-number
The view of an Ethernet sub-interface connecting PE 1 to users is displayed. Step 3 Run:

vlan-type dot1q vlanid { 8021p { 8021p-value1 [ to 8021p-value2 ] } &<1-10> | dscp { dscp-value1 [ to dscp-value2 ] } &<1-10> | eth-type eth-type-value | default }
A VLAN policy is configured on the sub-interface for dot1q VLAN tag termination.
NOTE
If the sub-interfaces of one interface are configured with the same VLAN ID, only one type of VLAN policies (VLAN+802.1p, VLAN+DSCP, or VLAN+EthType) can be configured on these sub-interfaces. A VLAN ID can be assigned to a maximum of eight sub-interfaces.
l The eth-type parameter takes effect only on PPPoE services currently. If the eth-type parameter is configured, IPoE packets will be processed by the default sub-interface. l If the default parameter is configured, all the services that do not match any VLAN policy will be processed by the default sub-interface. l If the vlan-type dot1q command has been used in the view of an Ethernet sub-interface, the sub-interface exclusively uses this VLAN, and the VLAN ID can no longer be configured in any VLAN policy for other sub-interfaces. l If the undo vlan-type dot1q command is used with a specified VLAN ID and an 802.1p priority value, a DSCP priority value, or an EtherType value, only the specified VLAN policy associated with this VLAN ID is deleted from the sub-interface. If the undo vlan-type dot1q vlanid command is used with a specified VLAN ID but not an 802.1p priority value, a DSCP priority value, or an EtherType value, all VLAN policies associated with this VLAN ID are deleted from the sub-interface. ----End
4.7.3 Configuring a VPN

After a VLAN matching policy is configured, you need to configure a VPN so that users over an L2VPN and an L3VPN can communicate with each other.
Procedure
Step 1 Run:
system-view

interface { ethernet | gigabitethernet } interface-number.subinterface-number
The view of an Ethernet sub-interface to be configured with a VLAN policy is displayed. Step 3 Configure the VPN service. Deploy one of the following services as required: l L2VPN For detailed information, see the chapters "VLL Configuration", "PWE3 Configuration", and "VPLS Configuration" in the HUAWEI CX600 Metro Services Platform Configuration Guide - VPN. The sub-interface for QinQ VLAN tag termination can be bound to a homogeneous VLL in the following modes: Local CCC connection Remote CCC connection Remote SVC connection Local Kompella connection Remote Kompella connection Remote Martini connection The sub-interface for dot1q VLAN tag termination can be bound to a homogeneous VLL or a heterogeneous VLL in the following modes: Local Kompella connection Remote Kompella remote connection Local Martini connection Remote Martini connection The sub-interface for QinQ/dot1q VLAN tag termination can be bound to VPLS in the following modes: Martini VPLS Kompella VPLS l L3VPN For detailed information, see the chapter "BGP MPLS IP VPN Configuration" in the HUAWEI CX600 Metro Services Platform Configuration Guide - VPN. ----End

After VLAN policy-based VPN access is configured, you can check information about subinterfaces with the same VLAN ID on an interface.
Prerequisite
The configurations of VLAN policy-based VPN access are complete.
Procedure
l Run the display interface interface-type interface-number vlan { vlan-id | untagged } command to check VLAN policies configured for sub-interfaces with a specified VLAN ID or without VLAN IDs.
----End
Example
Run the display interface vlan command. The command output shows VLAN policies configured for sub-interfaces on an interface with a specified VLAN ID. For example:
<HUAWEI> display interface gigabitethernet1/0/1 vlan 1 Sub-Interface VlanPolicy ----------------------------------------------------------GE1/0/1.1 8021p 1 3 to 7 GE1/0/1.2 dscp 3 6 to 10 GE1/0/1.3 default ----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 1 Sub-Interface num: 3
4.8 Configuring Interface Isolation in a VLAN

After interface isolation in a VLAN is configured, interfaces in the VLAN cannot communicate with each other. To have isolated interfaces communicate with each other, you need to configure ARP proxy in the VLAN. In this manner, you can monitor traffic in the VLAN at Layer 3. 4.8.1 Establishing the Configuration Task Before configuring interface isolation in a VLAN, familiarize yourself with the applicable environment, pre-configuration tasks, and required data. This can help you complete the configuration task quickly and accurately. 4.8.2 Configuring Interface Isolation in a VLAN Isolated interfaces in a VLAN cannot communicate with each other, but can communicate with non-isolated interfaces. 4.8.3 Enabling ARP Proxy in a VLAN To have isolated interfaces in a VLAN communicate with each other, you must create a VLANIF interface and enable ARP proxy in the VLAN.

Before configuring interface isolation in a VLAN, familiarize yourself with the applicable environment, pre-configuration tasks, and required data. This can help you complete the configuration task quickly and accurately.
When some interfaces are limited not to connect directly, you can configure the interface isolation in a VLAN.
When the interfaces isolated in a VLAN need to connect, the connection must be implemented through the layer 3 route. In this way, the users in a VLAN can be managed and controlled flexibly.
Before configuring the interface isolation in VLAN, complete the configuration of VLAN based on the interface.
Data Preparation
To configure the interface isolation in VLAN, you need the following data. No. 1 2 3 Data VLAN number Numbers of interfaces that need to be isolated in a VLAN IP addresses and sub net masks of the VLANIF interfaces
4.8.2 Configuring Interface Isolation in a VLAN

Isolated interfaces in a VLAN cannot communicate with each other, but can communicate with non-isolated interfaces.
Context
The device provides the following two methods of isolating the interfaces in a VLAN: l l Enabling the interface isolation state in a VLAN. Configuring the interfaces that need to be isolated in the VLAN view.
You can choose one of the following methods as required:
Procedure
l Enabling the Interface Isolation 1. Run:
system-view

interface { gigabitethernet | eth-trunk } interface-number
The specified Ethernet interface view is displayed. 3. Run:

portswitch
The interface is set to the switched interface. 4. Run:

port default vlan vlan-id
Issue 01 (2011-05-30)
4-55
The default VLAN to which the port belongs is configured. 5. Run:

port isolate-state enable vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>
The interface isolation is enabled in a VLAN. When this command is run, the VLAN should include this interface. l Configuring the Interface Isolation in the VLAN View 1. Run:
system-view

vlan vlan-id
The VLAN view is displayed. 3. Run:

port isolate { { interface-type interface-number} &<1-10>| all }
The interfaces that need to be isolated are configured in a VLAN. ----End
4.8.3 Enabling ARP Proxy in a VLAN

To have isolated interfaces in a VLAN communicate with each other, you must create a VLANIF interface and enable ARP proxy in the VLAN.
Context
Do as follows on the devices:
Procedure
Step 1 Run:
system-view

The VLANIF interface is created. Step 3 Run:

The IP addresses are configured for the VLANIF interfaces. The IP addresses of the VLANIF interfaces and those of the hosts in the VLAN are on the same network segment. The IP addresses of different VLANIF interfaces should be on the different network segments, so that there are reachable routes between the users in different VLANs. Step 4 Run:
arp-proxy inner-sub-vlan-proxy enable
4-56
Issue 01 (2011-05-30)
The ARP proxy is enabled in a VLAN. ----End
4.9 Configuring the Isolation Based on Interface Groups in a VLAN

You can isolate interfaces in a VLAN by adding interfaces to different interface groups. 4.9.1 Establishing the Configuration Task Before configuring interface group isolation in a VLAN, familiarize yourself with the applicable environment, pre-configuration tasks, and required data. This can help you complete the configuration task quickly and accurately. 4.9.2 Adding an Interface to the Group to Be Isolated Interfaces in the same isolation group are not isolated from each other. Interfaces in an isolation group can communicate with interfaces that do not belong to any isolation group. 4.9.3 Checking the Configuration After interfaces are added to an isolation group, you can check information about the interface isolation group.

Before configuring interface group isolation in a VLAN, familiarize yourself with the applicable environment, pre-configuration tasks, and required data. This can help you complete the configuration task quickly and accurately.
NOTE
The interface group isolation in a VLAN is not supported in X1 and X2 of the CX600.
When you need to isolate packets between interface groups, you can configure the isolation based on interface groups in a VLAN. You can add the interfaces to be isolated to different interface groups and the interfaces in the interface groups cannot communicate with each other.
Before configuring the isolation based on interface groups in a VLAN, complete the configuration of the interface-based VLAN.
Data Preparation
To configure the isolation based on interface groups in a VLAN, you need the following data. No. 1 2 Data VLAN number Numbers of interfaces and interface groups to be isolated in a VLAN
Issue 01 (2011-05-30)
4-57
4.9.2 Adding an Interface to the Group to Be Isolated

Interfaces in the same isolation group are not isolated from each other. Interfaces in an isolation group can communicate with interfaces that do not belong to any isolation group.
Context
Do as follows on the devices:
Procedure
Step 1 Run:
system-view


portswitch
The interface is set as a switched interface. Step 4 Run:

port-isolation group group-id
The interface is added to a specific group. The interface must be added to the VLAN before you run this command. ----End

After interfaces are added to an isolation group, you can check information about the interface isolation group.
Procedure
Step 1 Run the display port-isolation group { group-id | brief } command to view information about an isolated interface group. ----End
Example
Run the display port-isolation group group-id command. You can view the information about an isolated interface group. For example:
[HUAWEI] display port-isolation group 4 Port islation group 4 Eth-Trunk3 Eth-Trunk5 port islation group 4 has 2 ports
4-58
Issue 01 (2011-05-30)
Run the display port-isolation group brief command. You can view the information about all isolated interface groups. For example:
[HUAWEI] display port-isolation group brief Port islation group 4 Eth-Trunk3 Eth-Trunk5 port islation group 4 has 2 ports Port islation group 5 Eth-Trunk4 Eth-Trunk6 port islation group 5 has 2 ports
4.10 Configuring Ethernet Loop Detection for a VLAN

In the case of an uncontrollable user network, the CX600 supports the deployment of Ethernet loop detection on the provider's network to prevent loops in a VLAN. 4.10.1 Establishing the Configuation Task Before configuring Ethernet loop detection for a VLAN, familiarize yourself with the applicable environment, pre-configuration tasks, and required data. This can help you complete the configuration task quickly and accurately. 4.10.2 Configuring Ethernet Loop Detection for a VLAN After Ethernet loop detection is configured for a VLAN, the CX600 blocks a certain interface, records a log, and sends an alarm after detecting a loop in the VLAN. 4.10.3 (Optional) Configuring the Block Priority for an Interface You can configure block priorities for interfaces so that a specific link is preferentially blocked when a loop is detected. 4.10.4 Checking the Configuration After Ethernet loop detection for a VLAN is configured, you can check information about Ethernet loop detection.
4.10.1 Establishing the Configuation Task

Before configuring Ethernet loop detection for a VLAN, familiarize yourself with the applicable environment, pre-configuration tasks, and required data. This can help you complete the configuration task quickly and accurately.
As shown in Figure 4-15, when CE1, the Customer Edge (CE) device, accesses to the Provider Edge (PE) devices in the same VLAN through redundant links, you can configure Ethernet loop detection for the VLAN on PE devices. This avoids the broadcast storm on the network. Figure 4-15 Networking diagram of configuring Ethernet loop detection for a VLAN
PE1 AC1 VLAN 100 AC2 PE2
CE1
Issue 01 (2011-05-30)
4-59
Before configuring Ethernet loop detection for a VLAN, complete the following tasks: l l Connecting the interfaces and configuring the physical parameters of the interfaces to make the physical status of the interfaces Up Creating a VLAN in the carrier network and connecting a CE device to PE devices
Data Preparation
To configure Ethernet loop detection for a VLAN, you need the following data. No. 1 2 Data Times of loopback, interval of the detection time, cycle of the detection interval, time for blocking a loop, and retry times for blocking an interface permanently (Optional) Block priority of an interface
4.10.2 Configuring Ethernet Loop Detection for a VLAN

After Ethernet loop detection is configured for a VLAN, the CX600 blocks a certain interface, records a log, and sends an alarm after detecting a loop in the VLAN.
Context
Do as follows on the PE devices:
Procedure
Step 1 Run:
system-view

vlan vlan-id
The VLAN view is displayed. Step 3 Run:

loop-detect eth-loop loop-times loop-times detect-cycle detect-cycle-time cycles cycles { retry-times retry-times block-time block-time | alarm-only }
Ethernet loop detection is enabled for the VLAN. When block-time and retry-times are selected, the CX device blocks a certain interface in the VLAN after a loop is detected in the VLAN. In addition, the CX device records the event in the log and sends an alarm message to the NMS.
When alarm-only is selected, the CX device does not block the interface in the VLAN after detecting a loop. Instead, the CX device only records the event in the log and sends an alarm message to the NMS. Step 4 Run:
quit
The system view is displayed. Step 5 (Optional) Run:

reset loop-detect eth-loop vlan vlan-id { all | interface interface-type interfacenumber }
The interface which blocked by the Ethernet loop detetion for a VLAN is restored. As shown in Figure 4-15, if Ethernet loop detection is configured for both PE1 and PE2 in VLAN 100, you can set different values for cycles to first block the link on either device first. For example, if cycles is set to 1 on PE1 and 3 on PE2, PE1 blocks the port the first time a loop is detected. PE2, however, blocks the port when a loop is detected for three times. Therefore, PE1 blocks a loop faster than PE2. ----End
4.10.3 (Optional) Configuring the Block Priority for an Interface

You can configure block priorities for interfaces so that a specific link is preferentially blocked when a loop is detected.
Context
Do as follows on the PE devices:
Procedure
Step 1 Run:
system-view

interface { ethernet | gigabitethernet | eth-trunk } interface-number
The view of the specified Ethernet interface is displayed. The specified interface must be an interface in a VLAN enabled with Ethernet loop detection. Step 3 Run:
loop-detect eth-loop priority priority
The block priority is configured for the interface. The smaller priority is, the faster an interface is blocked. As shown in Figure 4-15, if you want to block the link between PE1 and PE2 first, you can configure different priority values for interfaces on the PE devices, when a loop is formed between CE1, PE1, and PE2. In this manner, you can first block the link between PE1 and PE2. ----End

After Ethernet loop detection for a VLAN is configured, you can check information about Ethernet loop detection.
Context
Run the following command to check the previous configuration. Action Check information about Ethernet loop detection in a VLAN. Command display loop-detect eth-loop vlan vlan-id
Run the display loop-detect eth-loop vlan vlan-id command. You can view the information about Ethernet loop detection in a VLAN. For example:
<HUAWEI> display loop-detect eth-loop vlan 100 VLAN/VSI LTimes D-Cycle Cycles Retry Action BPolicy -----------------------------------------------------------------------VLAN 100 1 2 3 -Alarm-only -Total Items = 1 Blocked Port: ---------------
4.11 Maintaining VLAN

A command of clearing statistics helps to locate the faults in a VLAN. 4.11.1 Clearing the Statistics of VLAN Packets Before collecting traffic statistics in a specified time period on an interface, you need to reset the original statistics on the interface.
4.11.1 Clearing the Statistics of VLAN Packets

Before collecting traffic statistics in a specified time period on an interface, you need to reset the original statistics on the interface.
Context
CAUTION
Statistics about VLAN packets cannot be restored after you clear it. So, confirm the action before you use the command. To clear the Statistics of VLAN Packets, run the following reset command in the user view:
4-62
Issue 01 (2011-05-30)
Procedure
l l Run the reset vlan statistics [ vid ] vlan-id command to clear packets of a specified VLAN statistics. Run the reset vlan statistics interface interface-type interface-number.subinterfacenumber command to clear the VLAN packets on a specified sub-interface statistics.
----End

This section describes the typical application scenarios of VLANs, including networking requirements, configuration roadmap, and data preparation, and provides related configuration files.
NOTE
4.12.1 Example for Configuring Users in a VLAN to Communicate by Using a Trunk Link If employees of a department work in different buildings, switches in the buildings can be connected by using a trunk link to allow the employees to communicate. 4.12.2 Example for Configuring Inter-VLAN Communication by Using Sub-interfaces Configuring sub-interfaces enables users in different VLANs and network segments to communicate with each other. 4.12.3 Example for Configuring VLAN and Non-VLAN Users to Communicate by Using Subinterfaces This example describes how to configure communication between VLAN users and non-VLAN users. 4.12.4 Example for Configuring Inter-VLAN Communication by Using VLANIF Interfaces In this example, Layer 3 forwarding is performed by a Layer 3 PE instead of a router. This allows PCs in different VLANs to communicate with each other and reduces operating costs. 4.12.5 Example for Configuring 1 to 1 VLAN Mapping for Inter-VLAN Communication 1 to 1 VLAN mapping allows user VLAN IDs and the ISP VLAN ID to be replaced with each other to help users in different VLANs to communicate with each other. 4.12.6 Example for Configuring Communication Between VLANs Through VLAN Aggregation This part describes how to configure communication between VLANs with fewer IP addresses. 4.12.7 Example for Configuring VLAN+802.1p for L2VPN Access (on a Common Subinterface) In the networking of this configuration example, VLAN+802.1p is configured on the subinterface at the AC side of PE1; the sub-interface is bound to different VSIs. Packets are transmitted through different VSIs based on the 802.1p priorities of the packets. The following takes the scenario where a CSG accesses IP services as an example. 4.12.8 Example for Configuring VLAN+DSCP for L2VPN Access (on a Common Subinterface) In the networking of this configuration example, VLAN+DSCP is configured on the subinterface at the AC side of PE1; the sub-interface is bound to different VPN instances. Packets are transmitted through different VSIs based on the DSCP values of the packets. The following takes the scenario where a CSG accesses IP services as an example.
4.12.9 Example for Configuring VLAN+EthType for L2VPN Access (on a Common Subinterface) In the networking of this configuration example, VLAN+EthType is configured on the subinterface at the AC side of PE1; the sub-interface is bound to different VSIs. In this manner, packets of different EthTypes enter different VSIs, and different services can be transmitted through different VSIs. 4.12.10 Example for Configuring VLAN+DSCP for L3VPN Access (on a Common Subinterface) In the networking of this configuration example, VLAN+DSCP is configured on the subinterface at the AC side of PE1; the sub-interface is bound to different VPN instances. In this manner, packets of different DSCP values enter different VPN instances, and different services can be transmitted through different VPN instances. The following takes the scenario where a CSG accesses IP services as an example. 4.12.11 Example for Configuring VLAN+802.1p for L3VPN Access (on a Common Subinterface) In the networking of this configuration example, VLAN+802.1p is configured on the subinterface at the AC side of a PE; the sub-interfaces are bound to different VPN instances. Packets are transmitted through different VPN instances based on the 802.1p priorities of the packets. The following takes the scenario where a CSG accesses IP services as an example. 4.12.12 Example for Configuring Untagged+DSCP for L3VPN Access In the networking of this configuration example, PE1 receives untagged packets with different DSCP values; untagged+DSCP is configured on the sub-interface at the AC side of PE1; the sub-interface is bound to different VPN instances. Packets are transmitted through different VPN instances based on the DSCP values of the packets. The following takes the scenario where a CSG accesses IP services as an example. 4.12.13 Example for Configuring Interface Isolation in a VLAN After interface isolation in a VLAN is configured, isolated interfaces cannot communicate with each other in the VLAN. 4.12.14 Example for Configuring the Isolation Based on Interface Groups in a VLAN After interface group isolation in a VLAN is configured, interfaces that belong to different groups in a VLAN cannot communication with each other, but interfaces in the same isolation group can communication with each other. 4.12.15 Example for Configuring Ethernet Loop Detection for a VLAN After Ethernet loop detection for a VLAN is configured, the CX600 can block a corresponding interface when detecting a loop, thus preventing broadcast storms on the network.
4.12.1 Example for Configuring Users in a VLAN to Communicate by Using a Trunk Link
If employees of a department work in different buildings, switches in the buildings can be connected by using a trunk link to allow the employees to communicate.
A company has several departments. Employees of each department reside in different buildings. On the network shown in Figure 4-16, employees of the financial or marketing department work in different buildings. It is required that employees of the same department be able to communicate with each other, whereas employees of different departments not communicate with each other.
Figure 4-16 Networking diagram for configuring users in a VLAN to communicate by using a trunk link
network
SwitchA
GE1/0/5 GE1/0/1
CX-A
SwitchB GE1/0/5 GE1/0/2 GE1/0/4
GE1/0/1
Trunk ( VLAN 5 VLAN 9 ) GE1/0/4 GE1/0/1 GE1/0/2
GE1/0/2
GE1/0/3
GE1/0/3
VLAN 9 Marketing Department
VLAN
Marketing Department
The configuration roadmap is as follows: 1. Add ports connecting switches to PCs of the financial department to VLAN 5 and ports connecting switches to PCs of the marketing department to VLAN 9. This configuration prevents employees in financial and marketing departments from communicating with each other. Configure links between switches and PE as trunk links to allow frames from VLAN 5 and VLAN 9 to pass through, allowing employees of the same department but different buildings to communicate with each other.
NOTE
2.
Only Layer 2 ports are able to identify frames with tags. All interfaces on PE and CEs 1 and 2 must function as Layer 2 ports.
Data Preparation
To complete the configuration, you need the following data: l l
Issue 01 (2011-05-30)
Number of each port connecting a switch to a PC Number of each port connecting a switch to the CX device
l l
Number of each port connecting the CX device to a switch ID of each VLAN
Procedure
Step 1 Add ports connecting switches to PCs to specified VLANs. # Configure CE 1.
<HUAWEI> system-view [HUAWEI] sysname CE1 [CE1] vlan batch 5 9 [CE1] interface GigabitEthernet 1/0/1 [CE1-GigabitEthernet1/0/1] portswitch [CE1-GigabitEthernet1/0/1] undo shutdown [CE1-GigabitEthernet1/0/1] port link-type access [CE1-GigabitEthernet1/0/1] port default vlan 5 [CE1-GigabitEthernet1/0/1] quit [CE1] interface GigabitEthernet 1/0/2 [CE1-GigabitEthernet1/0/2] portswitch [CE1-GigabitEthernet1/0/2] undo shutdown [CE1-GigabitEthernet1/0/2] port link-type access [CE1-GigabitEthernet1/0/2] port default vlan 5 [CE1-GigabitEthernet1/0/2] quit [CE1] interface GigabitEthernet 1/0/3 [CE1-GigabitEthernet1/0/3] portswitch [CE1-GigabitEthernet1/0/3] undo shutdown [CE1-GigabitEthernet1/0/3] port link-type access [CE1-GigabitEthernet1/0/3] port default vlan 9 [CE1-GigabitEthernet1/0/3] quit [CE1] interface GigabitEthernet 1/0/4 [CE1-GigabitEthernet1/0/4] portswitch [CE1-GigabitEthernet1/0/4] undo shutdown [CE1-GigabitEthernet1/0/4] port link-type access [CE1-GigabitEthernet1/0/4] port default vlan 9 [CE1-GigabitEthernet1/0/4] quit
# Configure CE 2.
<HUAWEI> system-view [HUAWEI] sysname CE2 [CE2] vlan batch 5 9 [CE2] interface GigabitEthernet 1/0/1 [CE2-GigabitEthernet1/0/1] portswitch [CE2-GigabitEthernet1/0/1] undo shutdown [CE2-GigabitEthernet1/0/1] port link-type access [CE2-GigabitEthernet1/0/1] port default vlan 5 [CE2-GigabitEthernet1/0/1] quit [CE2] interface GigabitEthernet 1/0/2 [CE2-GigabitEthernet1/0/2] portswitch [CE2-GigabitEthernet1/0/2] undo shutdown [CE2-GigabitEthernet1/0/2] port link-type access [CE2-GigabitEthernet1/0/2] port default vlan 5 [CE2-GigabitEthernet1/0/2] quit [CE2] interface GigabitEthernet 1/0/3 [CE2-GigabitEthernet1/0/3] portswitch [CE2-GigabitEthernet1/0/3] undo shutdown [CE2-GigabitEthernet1/0/3] port link-type access [CE2-GigabitEthernet1/0/3] port default vlan 9 [CE2-GigabitEthernet1/0/3] quit [CE2] interface GigabitEthernet 1/0/4 [CE2-GigabitEthernet1/0/4] portswitch [CE2-GigabitEthernet1/0/4] undo shutdown [CE2-GigabitEthernet1/0/4] port link-type access [CE2-GigabitEthernet1/0/4] port default vlan 9 [CE2-GigabitEthernet1/0/4] quit
4-66
Issue 01 (2011-05-30)
Step 2 Configure links between switches and the CX device as trunk links. # Configure CE 1.
[CE1] interface GigabitEthernet 1/0/5 [CE1-GigabitEthernet1/0/5] portswitch [CE1-GigabitEthernet1/0/5] undo shutdown [CE1-GigabitEthernet1/0/5] port link-type trunk [CE1-GigabitEthernet1/0/5] port trunk allow-pass vlan 5 9 [CE1-GigabitEthernet1/0/5] quit
# Configure CE 2.
Step 3 # Configure PE.

<HUAWEI> system-view [HUAWEI] sysname PE [PE] interface GigabitEthernet 1/0/1 [PE-GigabitEthernet1/0/1] portswitch [PE-GigabitEthernet1/0/1] undo shutdown [PE-GigabitEthernet1/0/1] port link-type trunk [PE-GigabitEthernet1/0/1] port trunk allow-pass vlan 5 9 [PE-GigabitEthernet1/0/1] quit [PE] interface GigabitEthernet 1/0/2 [PE-GigabitEthernet1/0/2] portswitch [PE-GigabitEthernet1/0/2] undo shutdown [PE-GigabitEthernet1/0/2] port link-type trunk [PE-GigabitEthernet1/0/2] port trunk allow-pass vlan 5 9 [PE-GigabitEthernet1/0/2] quit
Step 4 Verify the configuration. After the configurations are complete, run the display vlan command to view VLAN status. In the following example, the display on PE is used:
[PE] display vlan 5 * : management-vlan --------------------VLAN ID Type Status MAC Learning Broadcast/Multicast/Unicast Property -------------------------------------------------------------------------------5 common enable enable forward forward forward default ------------------Tagged Port: GigabitEthernet1/0/1 GigabitEthernet1/0/2 ------------------Active tag Port: GigabitEthernet1/0/1 GigabitEthernet1/0/2 ------------------Interface Physical GigabitEthernet1/0/1 UP GigabitEthernet1/0/2 UP GigabitEthernet1/0/5 UP [PE] display vlan 9 * : management-vlan --------------------VLAN ID Type Status MAC Learning Broadcast/Multicast/Unicast Property -------------------------------------------------------------------------------9 common enable enable forward forward forward default ------------------Tagged Port: GigabitEthernet1/0/3 GigabitEthernet1/0/4 ------------------Active tag Port: GigabitEthernet1/0/3 GigabitEthernet1/0/4 ------------------Interface Physical GigabitEthernet1/0/3 UP
Issue 01 (2011-05-30)
4-67
GigabitEthernet1/0/4 GigabitEthernet1/0/5 UP UP
Run the display port vlan command to view the list of VLANs configured on port. In the following example, the display on PE is used:
[PE] display port vlan gigabitethernet1/0/5 Port Link Type PVID Trunk VLAN List -------------------------------------------------------------GigabitEthernet1/0/5 trunk 0 5 9
In either VLAN 5 or VLAN 9, a PC connected to CE 1 can ping a PC connected to CE 2 successfully. ----End
Configuration Files
l Configuration file of CE 1
# sysname CE1 # vlan batch 5 9 # interface GigabitEthernet1/0/1 portswitch undo shutdown port link-type access port default vlan 5 # interface GigabitEthernet1/0/2 portswitch undo shutdown port link-type access port default vlan 5 # interface GigabitEthernet1/0/3 portswitch undo shutdown port link-type access port default vlan 9 # interface GigabitEthernet1/0/4 portswitch undo shutdown port link-type access port default vlan 9 # interface GigabitEthernet1/0/5 portswitch undo shutdown port link-type trunk port default vlan 5 9 # return
Configuration file of CE 2
# sysname CE2 # vlan batch 5 9 # interface GigabitEthernet1/0/1 portswitch undo shutdown port link-type access port default vlan 5
4-68
Issue 01 (2011-05-30)
# interface GigabitEthernet1/0/2 portswitch undo shutdown port link-type access port default vlan 5 # interface GigabitEthernet1/0/3 portswitch undo shutdown port link-type access port default vlan 9 # interface GigabitEthernet1/0/4 portswitch undo shutdown port link-type access port default vlan 9 # interface GigabitEthernet1/0/5 portswitch undo shutdown port link-type trunk port default vlan 5 9 # return
# sysname PE # vlan batch 5 9 # interface GigabitEthernet1/0/1 portswitch undo shutdown port link-type trunk port trunk allow-pass vlan 5 9 # interface GigabitEthernet1/0/2 portswitch undo shutdown port link-type trunk port trunk allow-pass vlan 5 9 # return
4.12.2 Example for Configuring Inter-VLAN Communication by Using Sub-interfaces

Configuring sub-interfaces enables users in different VLANs and network segments to communicate with each other.
Users in different residential compounds in different network segments require various services such as Internet, IPTV, and VoIP services. The network administrator of each residential compound configures a VLAN for each service to simplify management. After the configuration, users in different residential compounds belong to different VLANs, but they need to communicate with each other for the same type of service. On the network shown in Figure 4-17, users in residential compounds 1 to 4 belong to different VLANs in different network segments but all require the Internet service. Therefore, communication between these users is required.
Figure 4-17 Networking diagram for configuring inter-VLAN communication by using subinterfaces
GE2/0/0.1: 10.110.4.3/24 GE2/0/0.2: 10.110.3.3/24 GE1/0/3 SwitchA GE1/0/1 GE1/0/2
CX
GE1/0/1.1: 10.110.6.3/24 GE1/0/1.2: 10.110.5.3/24 GE1/0/3 SwitchB GE1/0/1 GE1/0/2
community1
community2
community3
community4
VLAN 30 10.110.4.0/24
VLAN 40 10.110.3.0/24
VLAN 10 10.110.6.0/24
VLAN 20 10.110.5.0/24
The configuration roadmap is as follows: 1. 2. 3. 4. Create VLANs on switches and determine mappings between users and VLANs. Configure trunk ports on switches to allow frames with certain VLAN IDs to pass through. Create sub-interfaces on PE and associate the sub-interfaces with VLANs. Assign an IP address to each sub-interface for communication at the network layer.
NOTE
The default gateway address of each PC in a VLAN must be the IP address of the corresponding subinterface. Otherwise, inter-VLAN communication fails.
Data Preparation
To complete the configuration, you need the following data: l l l l l User VLAN ID User IP address Number of each port connecting a switch to a PC Number of each port connecting a switch to the CX device Number and IP address of each sub-interface on PE
4-70
Issue 01 (2011-05-30)
Procedure
Step 1 Create VLANs on CE 1 and CE 2. # Configure CE 1.
<HUAWEI> system-view [HUAWEI] sysname CE1 [CE1] vlan batch 30 40 [CE1] interface GigabitEthernet 1/0/1 [CE1-GigabitEthernet1/0/1] portswitch [CE1-GigabitEthernet1/0/1] undo shutdown [CE1-GigabitEthernet1/0/1] port link-type access [CE1-GigabitEthernet1/0/1] port default vlan 30 [CE1-GigabitEthernet1/0/1] quit [CE1] interface GigabitEthernet 1/0/2 [CE1-GigabitEthernet1/0/2] portswitch [CE1-GigabitEthernet1/0/2] undo shutdown [CE1-GigabitEthernet1/0/2] port link-type access [CE1-GigabitEthernet1/0/2] port default vlan 40 [CE1-GigabitEthernet1/0/2] quit
# Configure CE 2.
Step 2 Configure trunk ports on CE 1 and CE 2 to allow frames with certain VLAN IDs to pass through. # Configure CE 1.
# Configure CE 2.
Step 3 Create sub-interfaces on PE and associate the sub-interfaces with VLANs.

<HUAWEI> system-view [HUAWEI] sysname PE [PE] interface gigabitethernet 1/0/1 [PE-GigabitEthernet1/0/1] undo shutdown [PE-GigabitEthernet1/0/1] quit [PE] interface gigabitethernet 1/0/1.1 [PE-GigabitEthernet1/0/1.1] vlan-type dot1q 10 [PE-GigabitEthernet1/0/1.1] quit
Issue 01 (2011-05-30)
4-71
[PE] interface gigabitethernet 1/0/1.2 [PE-GigabitEthernet1/0/1.2] vlan-type dot1q 20 [PE-GigabitEthernet1/0/1.2] quit [PE] interface gigabitethernet 2/0/0 [PE-GigabitEthernet2/0/0] undo shutdown [PE-GigabitEthernet2/0/0] quit [PE] interface gigabitethernet 2/0/0.1 [PE-GigabitEthernet2/0/0.1] vlan-type dot1q 30 [PE-GigabitEthernet2/0/0.1] quit [PE] interface gigabitethernet 2/0/0.2 [PE-GigabitEthernet2/0/0.2] vlan-type dot1q 40 [PE-GigabitEthernet2/0/0.2] quit
Step 4 Configure IP addresses.

[PE] interface gigabitethernet 1/0/1.1 [PE-GigabitEthernet1/0/1.1] ip address [PE-GigabitEthernet1/0/1.1] quit [PE] interface gigabitethernet 1/0/1.2 [PE-GigabitEthernet1/0/1.2] ip address [PE-GigabitEthernet1/0/1.2] quit [PE] interface gigabitethernet 2/0/0.1 [PE-GigabitEthernet2/0/0.1] ip address [PE-GigabitEthernet2/0/0.1] quit [PE] interface gigabitethernet 2/0/0.2 [PE-GigabitEthernet2/0/0.2] ip address [PE-GigabitEthernet2/0/0.2] quit 10.110.6.3 24 10.110.5.3 24 10.110.4.3 24 10.110.3.3 24
Step 5 Verify the configuration. On PCs in VLAN 10, configure the IP address 10.110.6.3/24 of GE 1/0/1.1 as the default gateway address. On PCs in VLAN 20, configure the IP address 10.110.5.3/24 of GE 1/0/1.2 as the default gateway address. On PCs in VLAN 30, configure the IP address 10.110.4.3/24 of GE 2/0/0.1 as the default gateway address. On PCs in VLAN 40, configure the IP address 10.110.3.3/24 of GE 2/0/0.2 as the default gateway address. After the configurations, PCs in VLANs 10, 20, 30, and 40 can ping each other successfully. ----End
Configuration Files
# sysname CE1 # vlan batch 30 40 # interface GigabitEthernet1/0/1 portswitch undo shutdown port link-type access port default vlan 30 # interface GigabitEthernet1/0/2 portswitch undo shutdown port link-type access port default vlan 40 # interface GigabitEthernet1/0/3
4-72
Issue 01 (2011-05-30)
portswitch undo shutdown port link-type trunk port trunk allow-pass vlan 30 40 # return
# sysname CE2 # vlan batch 10 20 # interface GigabitEthernet1/0/1 portswitch undo shutdown port link-type access port default vlan 10 # interface GigabitEthernet1/0/2 portswitch undo shutdown port link-type access port default vlan 20 # interface GigabitEthernet1/0/3 portswitch undo shutdown port link-type trunk port trunk allow-pass vlan 10 20 # return
# sysname PE # interface GigabitEthernet1/0/1 undo shutdown # interface GigabitEthernet1/0/1.1 vlan-type dot1q 10 ip address 10.110.6.3 255.255.255.0 # interface GigabitEthernet1/0/1.2 vlan-type dot1q 20 ip address 10.110.5.3 255.255.255.0 # interface GigabitEthernet2/0/0 undo shutdown # interface GigabitEthernet2/0/0.1 vlan-type dot1q 30 ip address 10.110.4.3 255.255.255.0 # interface GigabitEthernet2/0/0.2 vlan-type dot1q 40 ip address 10.110.3.3 255.255.255.0 # return
4.12.3 Example for Configuring VLAN and Non-VLAN Users to Communicate by Using Sub-interfaces
This example describes how to configure communication between VLAN users and non-VLAN users.
Residents in a residential compound belong to different network segments. To simplify management, the network administrator of the residential compound adds users to different VLANs. Residents in another residential compound are not added to any VLAN. VLAN users must be able to communicate with non-VLAN users. On the network shown in Figure 4-18, users in residential compound 1 belong to different VLANs and reside on different network segments; users in residential compound 2 do not belong to any VLAN. It is required that users in VLAN 10 be able to communicate with users in residential compound 2. Figure 4-18 Networking diagram for configuring VLAN and non-VLAN users to communicate by using sub-interfaces
GE1/0/1.1 10.110.2.5/24
CX
GE2/0/0 10.110.3.5/24
GE1/0/3 GE1/0/1 GE1/0/2

SwitchA
GE1/0/2
SwitchB
GE1/0/1
community1 community2
User1 User2 VLAN10 VLAN20 10.110.2.0/24 10.110.4.0/24
10.110.3.0/24
The configuration roadmap is as follows: 1. 2. 3. 4. Create VLANs on switches and determine mappings between users and VLANs. Configure the trunk port on CE 1 to allow frames with certain VLAN IDs to pass through. Create a sub-interface on the interface connecting the CX device to VLAN users and associate the sub-interface with VLAN 10. Assign IP addresses to interfaces for communication at the network layer. l Assign an IP address to the sub-interface. l Assign an IP address to the interface connecting the CX device to non-VLAN users.
4-74
Issue 01 (2011-05-30)
NOTE
l The IP address assigned to the sub-interface connected to VLAN users must be on the same network segment with IP addresses of VLAN users. l The IP address assigned to the interface connected to non-VLAN users must be on the same network segment with IP addresses of non-VLAN users. l The default gateway addresses of PCs in VLAN 10 must be the IP address of the sub-interface. Otherwise, VLAN and non-VLAN users cannot communicate with each other.
Data Preparation
To complete the configuration, you need the following data: l l l l l User VLAN ID User IP address Number of each port connecting a switch to a PC Number of each port connecting a switch to the CX device Number and IP address of each sub-interface on PE
Procedure
Step 1 Create a VLAN on CE 1.
<HUAWEI> system-view [HUAWEI] sysname CE1 [CE1] vlan batch 10 [CE1-vlan10] quit [CE1] interface GigabitEthernet 1/0/1 [CE1-GigabitEthernet1/0/1] portswitch [CE1-GigabitEthernet1/0/1] undo shutdown [CE1-GigabitEthernet1/0/1] port link-type access [CE1-GigabitEthernet1/0/1] port default vlan 10 [CE1-GigabitEthernet1/0/1] quit
Step 2 Configure the trunk port on CE 1 to allow frames with certain VLAN IDs to pass through.
Step 3 Create a sub-interface on PE and associate the sub-interface with VLAN 10.
<HUAWEI> system-view [HUAWEI] sysname PE [PE] interface gigabitethernet 1/0/1 [PE-GigabitEthernet1/0/1] undo shutdown [PE-GigabitEthernet1/0/1] quit [PE] interface gigabitethernet 1/0/1.1 [PE-GigabitEthernet1/0/1.1] vlan-type dot1q 10
Step 4 Configure IP addresses.

[PE-GigabitEthernet1/0/1.1] ip address 10.110.2.5 24 [PE-GigabitEthernet1/0/1.1] quit [PE] interface gigabitethernet 2/0/0 [PE-GigabitEthernet2/0/0] undo shutdown [PE-GigabitEthernet2/0/0] ip address 10.110.3.5 24 [PE-GigabitEthernet2/0/0] quit
Step 5 Verify the configuration.

On PCs in VLAN 10, configure the IP address 10.110.2.5/24 of GE 1/0/1.1 as the default gateway address. On CE 2, configure the IP address 10.110.3.5 of GE 2/0/0 as the default gateway address. After the configurations, users in VLAN 10 and non-VLAN users can ping each other successfully. ----End
Configuration Files
# sysname PE # interface GigabitEthernet1/0/1 undo shutdown # interface GigabitEthernet1/0/1.1 vlan-type dot1q 10 ip address 10.110.2.5 255.255.255.0 # interface GigabitEthernet2/0/0 undo shutdown ip address 10.110.3.5 255.255.255.0 # return
4.12.4 Example for Configuring Inter-VLAN Communication by Using VLANIF Interfaces

In this example, Layer 3 forwarding is performed by a Layer 3 PE instead of a router. This allows PCs in different VLANs to communicate with each other and reduces operating costs.
Users in different residential compounds in different network segments require various services such as Internet, IPTV, and VoIP services. The network administrator of each residential compound configures a VLAN for each service to simplify management. After the configuration, users in different residential compounds belong to different VLANs, but they need to communicate with each other for the same type of service.
On the network shown in Figure 4-19, users in residential compounds 1 to 4 belong to different VLANs in different network segments but require the same online service. It is required that these users communicate with each other at a low operating cost. Figure 4-19 Networking diagram for configuring inter-VLAN communication by using VLANIF interfaces
VLANIF30: 10.110.4.3/24 CX VALNIF40: 10.110.3.3/24 GE1/0/1 GE1/0/3 SwitchA GE1/0/1 GE1/0/2
VLANIF10: 10.110.6.3/24 VALNIF20: 10.110.5.3/24 GE1/0/2 GE1/0/3 SwitchB GE1/0/1 GE1/0/2
community1
community2
community3
community4
VLAN 30 10.110.4.0/24
VLAN 40 10.110.3.0/24
VLAN 10 10.110.6.0/24
VLAN 20 10.110.5.0/24
The configuration roadmap is as follows: 1. 2. 3. Create VLANs on switches and determine mappings between users and VLANs. Configure trunk ports on switches to allow frames with certain VLAN IDs to pass through. Create VLANIF interfaces on the PE and assign IP addresses to the interfaces to allow Layer 3 communication.
NOTE
The default gateway address of each PC in a VLAN must be the IP address of the corresponding VLANIF interface. Otherwise, inter-VLAN communication will fail.
Data Preparation
To complete the configuration, you need the following data: l l l l l
Issue 01 (2011-05-30)
User VLAN ID User IP address Number of each port connecting a switch to a PC Number of the ports interconnecting switches Number and IP address of each VLANIF interface on the PE
Procedure
Step 1 Create VLANs on CE 1 and CE 2. # Configure CE 1.
# Configure CE 2.
Step 2 Configure trunk ports on CE 1 and CE 2 to allow frames with certain VLAN IDs to pass through. # Configure CE 1.
# Configure CE 2.
Step 3 Create VLANIF interfaces on PE and assign IP addresses to the VLANIF interfaces.
<HUAWEI> system-view [HUAWEI] sysname PE [PE] vlan batch 10 to 40 [PE] interface gigabitethernet 1/0/1 [PE-GigabitEthernet1/0/1] portswitch [PE-GigabitEthernet1/0/1] undo shutdown [PE-GigabitEthernet1/0/1] port link-type trunk [PE-GigabitEthernet1/0/1] port trunk allow-pass vlan 30 40
4-78
Issue 01 (2011-05-30)
[PE-GigabitEthernet1/0/1] quit [PE] interface gigabitethernet 1/0/2 [PE-GigabitEthernet1/0/2] portswitch [PE-GigabitEthernet1/0/2] undo shutdown [PE-GigabitEthernet1/0/2] port link-type trunk [PE-GigabitEthernet1/0/2] port trunk allow-pass vlan 10 20 [PE-GigabitEthernet1/0/2] quit [PE] interface Vlanif 10 [PE-Vlanif10]ip address 10.110.6.3 24 [PE-Vlanif10]quit [PE] interface Vlanif 20 [PE-Vlanif20]ip address 10.110.5.3 24 [PE-Vlanif20]quit [PE] interface Vlanif 30 [PE-Vlanif30]ip address 10.110.4.3 24 [PE-Vlanif30]quit [PE] interface Vlanif 40 [PE-Vlanif40]ip address 10.110.3.3 24 [PE-Vlanif40]quit
Step 4 Verify the configuration. On PCs in VLAN 10, configure the IP address 10.110.6.3/24 of VLANIF 10 as the default gateway address. On PCs in VLAN 20, configure the IP address 10.110.5.3/24 of VLANIF 20 as the default gateway address. On PCs in VLAN 30, configure the IP address 10.110.4.3/24 of VLANIF 30 as the default gateway address. On PCs in VLAN 40, configure the IP address 10.110.3.3/24 of VLANIF 40 as the default gateway address. After the configurations, PCs in VLANs 10, 20, 30, and 40 can ping each other successfully. ----End
Configuration Files
Issue 01 (2011-05-30)
4-79
# sysname PE # vlan batch 10 to 40 # interface Vlanif10 ip address 10.110.6.3 255.255.255.0 # interface Vlanif20 ip address 10.110.5.3 255.255.255.0 # interface Vlanif30 ip address 10.110.4.3 255.255.255.0 # interface Vlanif40 ip address 10.110.3.3 255.255.255.0 # interface GigabitEthernet1/0/1 portswitch undo shutdown port link-type trunk port trunk allow-pass vlan 30 40 # interface GigabitEthernet1/0/2 portswitch undo shutdown port link-type trunk port trunk allow-pass vlan 10 20 # return
4.12.5 Example for Configuring 1 to 1 VLAN Mapping for InterVLAN Communication

1 to 1 VLAN mapping allows user VLAN IDs and the ISP VLAN ID to be replaced with each other to help users in different VLANs to communicate with each other.
4-80
Issue 01 (2011-05-30)
Users in different residential compounds use IPTV, VoIP, and Internet services. To simplify management, the network administrator of each residential compound configures a separate VLAN for each type of services. After the configuration, users using the same type of services in different residential compounds belong to different VLANs, but they need to communicate with each other. On the network shown in Figure 4-20, the same type of services in residential compounds 1 and 2 belong to different VLANs. It is required that these users communicate with each other at a low operating cost. Figure 4-20 Networking diagram for configuring 1 to 1 VLAN mapping
CX-3 GE1/0/1 Switch1 GE1/0/3 GE1/0/1 GE1/0/2 Community1 VLAN6
ISP VLAN10
CX-4 GE1/0/1 GE1/0/3 GE1/0/1 Switch2 GE1/0/2
Community2 VLAN5
172.16.0.2/16 172.16.0.1/16 172.16.0.3/16
172.16.0.6/16 172.16.0.5/16 172.16.0.7/16
The configuration roadmap is as follows: 1. 2. Add ports connecting switch 1 to residential compound 1 to VLAN 6. Add ports connecting switch 2 to residential compound 2 to VLAN 5. Configure 1 to 1 VLAN mapping on switches 3 and 4 at the edge of the ISP network to map user VLAN IDs to the ISP VLAN ID to allow users in different VLANs to communicate with each other.
Data Preparation
To complete the configuration, you need the following data: l l l l
Issue 01 (2011-05-30)
Number of each port connecting a switch to a user device Number of the ports interconnecting switches VLAN IDs configured on switches VLAN ID provided by the ISP
Procedure
Step 1 Add ports connecting switches to user devices to specified VLANs. # Configure CE 1.
<HUAWEI> system-view [HUAWEI] sysname CE1 [CE1] vlan 6 [CE1-vlan6] quit [CE1] interface GigabitEthernet 1/0/1 [CE1-GigabitEthernet1/0/1] undo shutdown [CE1-GigabitEthernet1/0/1] portswitch [CE1-GigabitEthernet1/0/1] port link-type access [CE1-GigabitEthernet1/0/1] port default vlan 6 [CE1-GigabitEthernet1/0/1] quit [CE1] interface GigabitEthernet 1/0/2 [CE1-GigabitEthernet1/0/2] undo shutdown [CE1-GigabitEthernet1/0/2] portswitch [CE1-GigabitEthernet1/0/2] port link-type access [CE1-GigabitEthernet1/0/2] port default vlan 6 [CE1-GigabitEthernet1/0/2] quit [CE1] interface GigabitEthernet 1/0/3 [CE1-GigabitEthernet1/0/3] undo shutdown [CE1-GigabitEthernet1/0/3] portswitch [CE1-GigabitEthernet1/0/3] port link-type trunk [CE1-GigabitEthernet1/0/3] port trunk allow-pass vlan 6 [CE1-GigabitEthernet1/0/3] quit
# Configure CE 2.
<HUAWEI> system-view [HUAWEI] sysname CE2 [CE2] vlan 5 [CE2-vlan5] quit [CE2] interface GigabitEthernet 1/0/1 [CE2-GigabitEthernet1/0/1] undo shutdown [CE2-GigabitEthernet1/0/1] portswitch [CE2-GigabitEthernet1/0/1] port link-type access [CE2-GigabitEthernet1/0/1] port default vlan 5 [CE2-GigabitEthernet1/0/1] quit [CE2] interface GigabitEthernet 1/0/2 [CE2-GigabitEthernet1/0/2] undo shutdown [CE2-GigabitEthernet1/0/2] portswitch [CE2-GigabitEthernet1/0/2] port link-type access [CE2-GigabitEthernet1/0/2] port default vlan 5 [CE2-GigabitEthernet1/0/2] quit [CE2] interface GigabitEthernet 1/0/3 [CE2-GigabitEthernet1/0/3] undo shutdown [CE2-GigabitEthernet1/0/3] portswitch [CE2-GigabitEthernet1/0/3] port link-type trunk [CE2-GigabitEthernet1/0/3] port trunk allow-pass vlan 5 [CE2-GigabitEthernet1/0/3] quit
Step 2 Configure 1 to 1 VLAN mapping. # Configure PE 1.

<HUAWEI> system-view [HUAWEI] sysname PE1 [PE1] vlan 10 [PE1-vlan10] quit [PE1] interface GigabitEthernet 1/0/1 [PE1-GigabitEthernet1/0/1] undo shutdown [PE1-GigabitEthernet1/0/1] portswitch [PE1-GigabitEthernet1/0/1] port vlan-mapping vlan 6 map-vlan 10 [PE1-GigabitEthernet1/0/1] quit
# Configure PE 2.
<HUAWEI> system-view [HUAWEI] sysname PE2 [PE2] vlan 10 [PE2-vlan10] quit [PE2] interface GigabitEthernet 1/0/1 [PE2-GigabitEthernet1/0/1] undo shutdown [PE2-GigabitEthernet1/0/1] portswitch [PE2-GigabitEthernet1/0/1] port vlan-mapping vlan 5 map-vlan 10 [PE2-GigabitEthernet1/0/1] quit
Step 3 Verify the configuration. After completing the configurations, run the display vlan command to check information about 1 to 1 VLAN mapping. Use the display on PE 1 as an example.
[PE1] display vlan 10 * : management-vlan --------------------VLAN ID Type Status MAC Learning Broadcast/Multicast/Unicast Property -------------------------------------------------------------------------------10 common enable enable forward forward forward default ---------------QinQ-map Port: GigabitEthernet1/0/1 ---------------Interface Physical GigabitEthernet1/0/1 UP
Users in residential compounds 1 and 2 can communicate with each other. ----End
Configuration Files
# sysname CE1 # vlan batch 6 # interface GigabitEthernet1/0/1 undo shutdown portswitch port link-type access port default vlan 6 # interface GigabitEthernet1/0/2 undo shutdown portswitch port link-type access port default vlan 6 # interface GigabitEthernet1/0/3 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 6 # return
# sysname CE2 # vlan batch 5 # interface GigabitEthernet1/0/1 undo shutdown portswitch
Issue 01 (2011-05-30)
4-83
port link-type access port default vlan 5 # interface GigabitEthernet1/0/2 undo shutdown portswitch port link-type access port default vlan 5 # interface GigabitEthernet1/0/3 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 5 # return
Configuration file of PE 1
# sysname PE1 # vlan batch 10 # interface GigabitEthernet1/0/1 undo shutdown portswitch port vlan-mapping vlan 6 map-vlan 10 # return
Configuration file of PE 2
# sysname PE2 # vlan batch 10 # interface GigabitEthernet1/0/1 undo shutdown portswitch port vlan-mapping vlan 5 map-vlan 10 # return
4.12.6 Example for Configuring Communication Between VLANs Through VLAN Aggregation
This part describes how to configure communication between VLANs with fewer IP addresses.
Assume that an enterprise has many departments and IP addresses of these departments are on the same network segment, to improve the service security, IP addresses of PCs used by employees in the same department are added to the same VLAN and IP addresses of PCs used by employees in different departments are added to different VLANs. IP addresses of PCs used by employees in different departments need to communicate with each other. As shown in Figure 4-21, IP addresses of the R&D department and test department belong to different VLANs. It is required that IP addresses of PCs used by employees in different VLANs communicate with each other.
4-84
Issue 01 (2011-05-30)
Figure 4-21 Networking diagram of configuring communication between VLANs through VLAN aggregation
PE
GE1/0/1
GE1/0/2 VLAN4 VLANIF4: 100.1.1.12/24
GE1/0/1
GE1/0/3 GE1/0/3 GE1/0/2 GE1/0/1 CE1 CE2
GE1/0/2
VLAN2 Development Department 100.1.1.1/24
VLAN3 Test Department 100.1.1.2/24
IP addresses of the R&D department and test department are on the same network segment. To save IP address resources, you can deploy VLAN aggregation on devices of the R&D department and test department. This ensures that different VLANs can communicate with each other.
The configuration roadmap is as follows: 1. 2. Create VLAN on CE1 and CE2 to determine mappings between users and VLANs. Configure VLAN aggregation on PE. (1) Configure the Layer 2 forwarding function. (2) Create a super-VLAN, and add sub-VLANs to the super-VLAN for VLAN aggregation. (3) Create the VLANIF interface of the super-VLAN and assign an IP address to the VLANIF interface as the network gateway address. (4) Enable ARP proxy on the VLANIF interface of the super-VLAN and between subVLANs so that sub-VLANs can communicate with each other on the Layer 3 network.
Data Preparation
To complete the configuration, you need the following data: l
Issue 01 (2011-05-30)
User VLAN ID
l l l l
User IP address Number of each port connecting a switch to a PC Sub-VLAN ID and super-VLAN ID Number and IP address of the VLANIF interface of the super-VLAN
Procedure
Step 1 Create a VLAN on CE and add Layer 2 interfaces to the VLAN. # Configure CE 1.
<HUAWEI> system-view [HUAWEI] sysname CE1 [CE1] vlan batch 2 [CE1] interface gigabitethernet 1/0/1 [CE1-GigabitEthernet1/0/1] portswitch [CE1-GigabitEthernet1/0/1] undo shutdown [CE1-GigabitEthernet1/0/1] port link-type access [CE1-GigabitEthernet1/0/1] port default vlan 2 [CE1-GigabitEthernet1/0/1] quit [CE1] interface gigabitethernet 1/0/2 [CE1-GigabitEthernet1/0/2] portswitch [CE1-GigabitEthernet1/0/2] undo shutdown [CE1-GigabitEthernet1/0/2] port link-type access [CE1-GigabitEthernet1/0/2] port default vlan 2 [CE1-GigabitEthernet1/0/2] quit [CE1] interface gigabitethernet 1/0/3 [CE1-GigabitEthernet1/0/3] portswitch [CE1-GigabitEthernet1/0/3] undo shutdown [CE1-GigabitEthernet1/0/3] port link-type trunk [CE1-GigabitEthernet1/0/3] port trunk allow-pass vlan 2 [CE1-GigabitEthernet1/0/3] quit
# Configure CE 2.
<HUAWEI> system-view [HUAWEI] sysname CE2 [CE2] vlan batch 3 [CE2] interface gigabitethernet 1/0/1 [CE2-GigabitEthernet1/0/1] portswitch [CE2-GigabitEthernet1/0/1] undo shutdown [CE2-GigabitEthernet1/0/1] port link-type access [CE2-GigabitEthernet1/0/1] port default vlan 3 [CE2-GigabitEthernet1/0/1] quit [CE2] interface gigabitethernet 1/0/2 [CE2-GigabitEthernet1/0/2] portswitch [CE2-GigabitEthernet1/0/2] undo shutdown [CE2-GigabitEthernet1/0/2] port link-type access [CE2-GigabitEthernet1/0/2] port default vlan 3 [CE2-GigabitEthernet1/0/2] quit [CE2] interface gigabitethernet 1/0/3 [CE2-GigabitEthernet1/0/3] portswitch [CE2-GigabitEthernet1/0/3] undo shutdown [CE2-GigabitEthernet1/0/3] port link-type trunk [CE2-GigabitEthernet1/0/3] port trunk allow-pass vlan 3 [CE2-GigabitEthernet1/0/3] quit
Step 2 Configure VLAN aggregation on PE. 1. Configure the Layer 2 forwarding function.
<HUAWEI> system-view [HUAWEI] sysname PE [PE] vlan batch 2 to 4 [PE] interface gigabitethernet 1/0/1 [PE-GigabitEthernet1/0/1] portswitch [PE-GigabitEthernet1/0/1] undo shutdown
4-86
Issue 01 (2011-05-30)
[PE-GigabitEthernet1/0/1] port link-type trunk [PE-GigabitEthernet1/0/1] port trunk allow-pass vlan 2 [PE-GigabitEthernet1/0/1] quit [PE] interface gigabitethernet 1/0/2 [PE-GigabitEthernet1/0/2] portswitch [PE-GigabitEthernet1/0/2] undo shutdown [PE-GigabitEthernet1/0/2] port link-type trunk [PE-GigabitEthernet1/0/2] port trunk allow-pass vlan 3 [PE-GigabitEthernet1/0/2] quit
2.
Create a super-VLAN and add sub-VLANs to the super-VLAN.

[PE] vlan 4 [PE-vlan4] aggregate-vlan [PE-vlan4] access-vlan 2 to 3 [PE-vlan4] quit
3.
Create a VLANIF interface for the super-VLAN and assign an IP address to the VLANIF interface.
[PE] interface vlanif 4 [PE-Vlanif4] ip address 100.1.1.12 24
After the preceding configurations, you can configure IP addresses as shown in Figure 4-21 to PCs. IP address of PCs and the VLANIF interface are on the same network segment. If the configuration succeeds, IP addresses of PCs used by employees in different VLANs and the switch can ping each other; IP addresses of PCs used by employees in VLAN2 and VLAN3 cannot ping each other. 4. Enable ARP proxy on the VLANIF interface of the super-VLAN and between sub-VLANs. # Enable ARP proxy on the VLANIF interface of the super-VLAN.
[PE-Vlanif4] arp-proxy enable
# Enable ARP proxy between sub-VLANs.

[PE-Vlanif4] arp-proxy inter-sub-vlan-proxy enable [PE-Vlanif4] quit
Step 3 Verify the configuration. After the configuration, IP addresses of PCs used by employees in VLAN2 and VLAN3 can ping each other. ----End
Configuration Files
l Configuration file of the CE1
# sysname CE1 # vlan batch 2 # interface GigabitEthernet1/0/1 portswitch undo shutdown port link-type access port default vlan 2 # interface GigabitEthernet1/0/2 portswitch undo shutdown port link-type access port default vlan 2 # interface GigabitEthernet1/0/3 portswitch undo shutdown
Issue 01 (2011-05-30)
4-87
port link-type trunk port trunk allow-pass vlan 2 # return
Configuration file of the CE2

# sysname CE2 # vlan batch 3 # interface GigabitEthernet1/0/1 portswitch undo shutdown port link-type access port default vlan 3 # interface GigabitEthernet1/0/2 portswitch undo shutdown port link-type access port default vlan 3 # interface GigabitEthernet1/0/3 portswitch undo shutdown port link-type trunk port trunk allow-pass vlan 3 # return
Configuration file of the PE

# sysname PE # vlan batch 2 to 4 # vlan 4 aggregate-vlan access-vlan 2 to 3 # interface Vlanif4 ip address 100.1.1.12 255.255.255.0 arp-proxy enable arp-proxy inter-sub-vlan-proxy enable # interface GigabitEthernet1/0/1 portswitch undo shutdown port link-type trunk port trunk allow-pass vlan 2 # interface GigabitEthernet1/0/2 portswitch undo shutdown port link-type trunk port trunk allow-pass vlan 3 # return
4.12.7 Example for Configuring VLAN+802.1p for L2VPN Access (on a Common Sub-interface)
In the networking of this configuration example, VLAN+802.1p is configured on the subinterface at the AC side of PE1; the sub-interface is bound to different VSIs. Packets are transmitted through different VSIs based on the 802.1p priorities of the packets. The following takes the scenario where a CSG accesses IP services as an example.
On an ME network, VLAN IDs are used to identify various services or user packets before they access various VSIs, VLLs, or VPN instances. If multiple user packets or services share one VLAN ID, part of high-priority traffic over the operators' network cannot be scheduled in time, which deteriorates users' experience. On the network shown in Figure 4-22, various services are tagged with the same VLAN ID on a CSG. After receiving these services, PE1 cannot identify them, resulting in a failure in traffic distribution. To help resolve this problem, a VLAN matching policy needs to be configured on PE1. PE1 maps a VLAN ID to a packet priority before distributing a packet to a specific PW, ensuring correct scheduling of packets.
NOTE
In this example, PE1 parses 802.1p values in the received packets for scheduling.
Figure 4-22 Networking diagram for VLAN+802.1p-based L2VPN access
Loopback1 2.2.2.9/32 PE2 GE1/0/1.1 GE1/0/2 10.1.1.1/30 Database
CSG GE1/0/1.2 GE1/0/1.1 PE1 Loopback1 1.1.1.9/32 VLAN 10
80
2 .1
p=
GE1/0/2 10.1.1.2/30 GE1/0/3 20.1.1.2/30

80 2 .1 p= 2
GE1/0/2 20.1.1.1/30 GE1/0/1.1
Internet
PE3 Loopback1 3.3.3.9/32 VLAN PW VLAN
NOTE
L2VPN includes VLL, PWE3, and VPLS. You can configure any one of them as required. The following takes the VPLS application as an example.

1.
Configure basic VPLS functions. (1) Run an IGP to ensure intercommunication between CX device on the backbone network. (2) Configure basic MPLS functions on the backbone network. (3) Set up LSPs between PEs. (4) Enable MPLS L2VPN on PEs. (5) Create VSIs on PEs.
2. 3. 4.
Configure VLAN+802.1p. Bind AC interfaces to the VSIs. Configure the Layer 2 forwarding function on CSG.
Data Preparation
To complete the configuration, you need the following data: l l l l IP addresses of interfaces MPLS LSR IDs of PEs VSI names and VSI IDs on PEs Names of the interfaces bound to the VSIs
Procedure
Step 1 Configure basic VPLS functions. # Set up a VPLS connection between PE1 and PE2, and between PE1 and PE3, with LDP being the signaling protocol; configure the VSI names to be LDP1 and LDP2. The detailed configurations are not mentioned here. You can refer to the chapter "VPLS Configuration" in the CX600 Configuration Guide - VPN or the configuration files in this configuration example. Step 2 Configure VLAN+802.1p. # Configure PE1.
<PE1> system-view [PE1] interface gigabitethernet 1/0/1.1 [PE1-GigabitEthernet1/0/1.1] vlan-type dot1q 10 8021p 3 [PE1-GigabitEthernet1/0/1.1] quit [PE1] interface gigabitethernet 1/0/1.2 [PE1-GigabitEthernet1/0/1.2] vlan-type dot1q 10 8021p 2 [PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
<PE2> system-view [PE2] interface gigabitethernet 1/0/1.1 [PE2-GigabitEthernet1/0/1.1] vlan-type dot1q 10 [PE2-GigabitEthernet1/0/1.1] quit
# Configure PE31.
Step 3 Bind each sub-interface to a VSI.

# Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1 [PE1-GigabitEthernet1/0/1.1] l2 binding vsi ldp1 [PE1-GigabitEthernet1/0/1.1] undo shutdown [PE1-GigabitEthernet1/0/1.1] quit [PE1] interface gigabitethernet 1/0/1.2 [PE1-GigabitEthernet1/0/1.2] l2 binding vsi ldp2 [PE1-GigabitEthernet1/0/1.2] undo shutdown [PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1 [PE2-GigabitEthernet1/0/1.1] l2 binding vsi ldp1 [PE2-GigabitEthernet1/0/1.1] undo shutdown [PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
Step 4 Configure basic functions of the CSG. The detailed configurations are not mentioned here. It is required that the CSG support the following: l Configures the 802.1p priorities of packets through commands. l Differentiates service types (voice, data, or signal) based on timeslots in TDM or PVCs in ATM in the case that the CSG accesses non-IP services.
NOTE
Packets sent from CSG to PE1 carry VLAN tags with different 802.1p priorities.
Step 5 Verify the configuration. After the preceding configurations, run the display vsi name ldp1 verbose command on PEs, and you can view that a PW to PE2 is set up for a VSI named ldp1 and the VSI is in the Up state. Take the command output on PE1 as an example.
[PE1] display vsi name ldp1 verbose ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Diffserv Mode Service Class Color DomainId Domain Name Ignore AcState Create Time VSI State VSI ID *Peer Router ID : : : : : : : : : : : : : : : : : ldp1 no disable 1 ldp static unqualify vlan 1500 uniform --255 disable 0 days, 0 hours, 24 minutes, 48 seconds up
: 1 : 2.2.2.9
Issue 01 (2011-05-30)
4-91
VC Label Peer Type Session Tunnel ID Broadcast Tunnel ID CKey NKey StpEnable PwIndex Interface Name State Last Up Time Total Up Time **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID Broadcast Tunnel ID Ckey Nkey Main PW Token Slave PW Token Tnl Type OutInterface Stp Enable Mac Flapping PW Last Up Time PW Total Up Time : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 30720 dynamic up 0x81000b 0x81000b 2 1 0 0
GigabitEthernet1/0/1.1 up 2009/09/01 16:10:40 0 days, 0 hours, 4 minutes, 47 seconds
2.2.2.9 up 30720 30720 label 0x81000b 0x81000b 0x2 0x1 0x81000b 0x0 LSP GigabitEthernet1/0/2 0 0 2009/09/01 16:10:40 0 days, 0 hours, 11 minutes, 2 seconds
Run the display interface vlan command, and you can view the matching policy with the specified VLAN ID on a main interface. Take the command output on PE1 as an example.
[PE1] display interface gigabitethernet1/0/1 vlan 10 Interface VlanPolicy ----------------------------------------------------------GE1/0/1.1 8021p 3 GE1/0/1.2 8021p 2 ----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
----End
Configuration Files
# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 1 peer 2.2.2.9 # vsi ldp2 static pwsignal ldp
4-92
Issue 01 (2011-05-30)
vsi-id 2 peer 3.3.3.9 # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown # interface GigabitEthernet1/0/1.1 undo shutdown vlan-type dot1q 10 8021p 3 l2 binding vsi ldp1 # interface GigabitEthernet1/0/1.2 undo shutdown vlan-type dot1q 10 8021p 2 l2 binding vsi ldp2 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.2 255.255.255.252 mpls mpls ldp # interface GigabitEthernet1/0/3 undo shutdown ip address 20.1.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.3 network 20.1.1.0 0.0.0.3 # return

# sysname PE2 # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 1 peer 1.1.1.9 # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown # interface GigabitEthernet1/0/1.1 undo shutdown vlan-type dot1q 10 l2 binding vsi ldp1 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.1 255.255.255.252 mpls mpls ldp
Issue 01 (2011-05-30)
4-93
# interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.3 # return

# sysname PE3 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # vsi ldp2 static pwsignal ldp vsi-id 2 peer 1.1.1.9 # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown # interface GigabitEthernet1/0/1.1 undo shutdown vlan-type dot1q 10 l2 binding vsi ldp2 # interface GigabitEthernet1/0/2 undo shutdown ip address 20.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 20.1.1.0 0.0.0.3 # return
4.12.8 Example for Configuring VLAN+DSCP for L2VPN Access (on a Common Sub-interface)
In the networking of this configuration example, VLAN+DSCP is configured on the subinterface at the AC side of PE1; the sub-interface is bound to different VPN instances. Packets are transmitted through different VSIs based on the DSCP values of the packets. The following takes the scenario where a CSG accesses IP services as an example.
On an ME network, VLAN IDs are used to identify various services or user packets before they access various VSIs, VLLs, or VPN instances. If multiple user packets or services share one VLAN ID, part of high-priority traffic over the operators' network cannot be scheduled in time, which deteriorates users' experience.
As show in Figure 4-23, various services are tagged with the same VLAN ID on a CSG. After receiving these services, PE1 cannot identify them, resulting in a failure in traffic distribution. To help resolve this problem, a VLAN matching policy needs to be configured on PE1. PE1 maps a VLAN ID to a packet priority before distributing a packet to a specific PW, ensuring correct scheduling of packets.
NOTE
In this example, PE1 parses DSCP values in the received packets for scheduling. The DSCP is carried in each IP packet. For correct deployment of the VLAN+DSCP policy, you need to ensure that the CSG accesses only IP services. If the CSG accesses non-IP services, you have to configure GRE tunnels on the CSG so that encapsulated packets can be transmitted over an IPv4 network.
Figure 4-23 Networking diagram for VLAN+DSCP-based L2VPN access
Loopback1 2.2.2.9/32 PE2 GE1/0/1.1 GE1/0/2 10.1.1.1/30 Database
CSG
GE1/0/1.2 GE1/0/1.1 PE1 Loopback1 1.1.1.9/32
DS
CP
=3
GE1/0/2 10.1.1.2/30 GE1/0/3 20.1.1.2/30

DS CP
VLAN 10
GE1/0/2 Internet 20.1.1.1/30 GE1/0/1.1
=2
NOTE

Issue 01 (2011-05-30)
Configure basic VPLS functions.

(1) Run an IGP to ensure intercommunication between CX device on the backbone network. (2) Configure basic MPLS functions on the backbone network. (3) Set up LSPs between PEs. (4) Enable MPLS L2VPN on PEs. (5) Create VSIs on PEs. 2. 3. 4. Configure VLAN+DSCP. Bind AC interfaces to the VSIs. Configure the Layer 2 forwarding function on CSG.
Data Preparation
Procedure
Step 1 Configure basic VPLS functions. # Set up a VPLS connection between PE1 and PE2, and between PE1 and PE3, with LDP being the signaling protocol; configure the VSI names to be LDP1 and LDP2. The detailed configurations are not mentioned here. You can refer to the chapter "VPLS Configuration" in the CX600 Configuration Guide - VPN or the configuration files in this configuration example. Step 2 Configure VLAN+DSCP. # Configure PE1.
<PE1> system-view [PE1] interface gigabitethernet 1/0/1.1 [PE1-GigabitEthernet1/0/1.1] vlan-type dot1q 10 dscp 3 [PE1-GigabitEthernet1/0/1.1] quit [PE1] interface gigabitethernet 1/0/1.2 [PE1-GigabitEthernet1/0/1.2] vlan-type dot1q 10 dscp 2 [PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
<PE2> system-view [PE2] interface gigabitethernet 1/0/1.1 [PE2-GigabitEthernet1/0/1.1] vlan-type dot1q 10 dscp 3 [PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
<PE3> system-view [PE3] interface gigabitethernet 1/0/1.1 [PE3-GigabitEthernet1/0/1.1] vlan-type dot1q 10 dscp 2 [PE3-GigabitEthernet1/0/1.1] quit
Step 3 Bind each sub-interface to a VSI. # Configure PE1.

# Configure PE2.
# Configure PE3.
Step 4 Configure basic functions of the CSG. The detailed configurations are not mentioned here. It is required that the CSG support the following: l Configures the DSCP values of packets through commands. l Differentiates service types (voice, data, or signal) based on timeslots in TDM or PVCs in ATM in the case that the CSG accesses non-IP services.
NOTE
Packets sent from the CSG to PE1 carry VLAN tags with different DSCP values.
Step 5 Verify the configuration. After the preceding configurations, run the display vsi name ldp1 verbose command on PEs, and you can view that a PW to PE2 is set up for a VSI named ldp1 and the VSI is in the Up state. Take the command output on PE1 as an example.
[PE1] display vsi name ldp1 verbose ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Diffserv Mode Service Class Color DomainId Domain Name Ignore AcState Create Time VSI State VSI ID *Peer Router ID VC Label Peer Type Session : : : : : : : : : : : : : : : : : : : : : : ldp1 no disable 1 ldp static unqualify vlan 1500 uniform --255 disable 0 days, 0 hours, 24 minutes, 48 seconds up 1 2.2.2.9 30720 dynamic up
Issue 01 (2011-05-30)
4-97
Tunnel ID Broadcast Tunnel ID CKey NKey StpEnable PwIndex Interface Name State Last Up Time Total Up Time **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID Broadcast Tunnel ID Ckey Nkey Main PW Token Slave PW Token Tnl Type OutInterface Stp Enable Mac Flapping PW Last Up Time PW Total Up Time : : : : : : : : : : : : : : : : : : : : : : : : : : : 0x81000b 0x81000b 2 1 0 0
2.2.2.9 up 30720 30720 label 0x81000b 0x81000b 0x2 0x1 0x81000b 0x0 LSP GigabitEthernet1/0/2 0 0 2009/09/01 16:10:40 0 days, 0 hours, 11 minutes, 2 seconds
[PE1] display interface gigabitethernet1/0/1 vlan 10 Sub-Interface VlanPolicy ----------------------------------------------------------GE1/0/1.1 dscp 3 GE1/0/1.2 dscp 2 ----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
----End
Configuration Files
# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 1 peer 2.3.4.9 # vsi ldp2 static pwsignal ldp vsi-id 2 peer 3.3.3.9 #
4-98
Issue 01 (2011-05-30)
mpls ldp # interface GigabitEthernet1/0/1 undo shutdown # interface GigabitEthernet1/0/1.1 undo shutdown vlan-type dot1q 10 dscp 3 l2 binding vsi ldp1 # interface GigabitEthernet1/0/1.2 undo shutdown vlan-type dot1q 10 dscp 2 l2 binding vsi ldp2 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.2 255.255.255.252 mpls mpls ldp # interface GigabitEthernet1/0/3 undo shutdown ip address 20.1.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.3 network 20.1.1.0 0.0.0.3 # return

# sysname PE2 # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 1 peer 1.1.1.9 # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown # interface GigabitEthernet1/0/1.1 undo shutdown vlan-type dot1q 10 l2 binding vsi ldp1 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255
Issue 01 (2011-05-30)
4-99
# ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.3 # return

# sysname PE3 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # vsi ldp2 static pwsignal ldp vsi-id 2 peer 1.1.1.9 # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown # interface GigabitEthernet1/0/1.1 undo shutdown vlan-type dot1q 10 l2 binding vsi ldp2 # interface GigabitEthernet1/0/2 undo shutdown ip address 20.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 20.1.1.0 0.0.0.3 # return
4.12.9 Example for Configuring VLAN+EthType for L2VPN Access (on a Common Sub-interface)
In the networking of this configuration example, VLAN+EthType is configured on the subinterface at the AC side of PE1; the sub-interface is bound to different VSIs. In this manner, packets of different EthTypes enter different VSIs, and different services can be transmitted through different VSIs.
On an ME network, VLAN IDs are used to identify various services or user packets before they access various VSIs, VLLs, or VPN instances. If multiple user packets or services share one VLAN ID, part of high-priority traffic over the operators' network cannot be scheduled in time, which deteriorates users' experience. On the network shown in Figure 4-24, various services are tagged with the same VLAN ID on a switch. After receiving these services, PE1 cannot identify them, resulting in a failure in
distributing traffic. To help resolve this problem, a policy for mapping a VLAN ID to a priority needs to be configured on PE1. PE1 maps a VLAN ID to the packet priority before distributing the packet to a specific PW, ensuring correct scheduling of packets. Figure 4-24 Networking diagram of VLAN+EthType-based L2VPN access
Loopback1 2.2.2.9/32 PE2 GE1/0/1.1 GE1/0/2 10.1.1.1/30 Video/BTV VOD Platform
Switch
GE1/0/1.2 GE1/0/1.1 PE1 Loopback1 1.1.1.9/32
PP
Po
GE1/0/2 10.1.1.2/30 GE1/0/3 20.1.1.2/30

IP o E
VLAN 10
Internet GE1/0/2 20.1.1.1/30 GE1/0/1.1
NOTE
The configuration roadmap is as follows: 1. Configure basic VPLS functions. (1) Run an IGP to ensure intercommunication between CX device on the backbone network. (2) Configure basic MPLS functions on the backbone network. (3) Set up LSPs between PEs. (4) Enable MPLS L2VPN on PEs. (5) Create VSIs on PEs. 2.
Issue 01 (2011-05-30)
Configure VLAN+EthType.
3. 4.
Bind AC interfaces to the VSIs. Configure the Layer 2 forwarding function on Switch.
Data Preparation
Procedure
Step 1 Configure basic VPLS functions. # Set up a VPLS connection between PE1 and PE2, and between PE1 and PE3, with LDP being the signaling protocol; configure the VSI names to be LDP1 and LDP2. The detailed configurations are not mentioned here. You can refer to the chapter "VPLS Configuration" in the CX600 Configuration Guide - VPN or the configuration files in this configuration example. Step 2 Configure VLAN+EthType. # Configure PE1.
<PE1> system-view [PE1] interface gigabitethernet 1/0/1.1 [PE1-GigabitEthernet1/0/1.1] vlan-type dot1q 10 eth-type pppoe [PE1-GigabitEthernet1/0/1.1] quit [PE1] interface gigabitethernet 1/0/1.2 [PE1-GigabitEthernet1/0/1.2] vlan-type dot1q 10 default [PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
# Configure PE3.
Step 3 Bind each sub-interface to a VSI. # Configure PE1.

# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
4-102
Issue 01 (2011-05-30)
[PE2-GigabitEthernet1/0/1.1] l2 binding vsi ldp1 [PE2-GigabitEthernet1/0/1.1] undo shutdown [PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
Step 4 Configure basic functions of Switch. The configuration details are not mentioned here. For detailed configuration of Switch, refer to the related configuration guide. Step 5 Verify the configuration. After the preceding configurations, run the display vsi name ldp1 verbose command on PEs, and you can view that a PW to PE2 is set up for a VSI named ldp1 and the VSI is in the Up state. Take the command output on PE1 as an example.
[PE1] display vsi name ldp1 verbose ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Diffserv Mode Service Class Color DomainId Domain Name Ignore AcState Create Time VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID Broadcast Tunnel ID CKey NKey StpEnable PwIndex Interface Name State Last Up Time Total Up Time **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID : : : : : : 2.2.2.9 up 30720 30720 label 0x81000b : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : ldp1 no disable 1 ldp static unqualify vlan 1500 uniform --255 disable 0 days, 0 hours, 24 minutes, 48 seconds up 1 2.2.2.9 30720 dynamic up 0x81000b 0x81000b 2 1 0 0 GigabitEthernet1/0/1.1 up 2009/09/01 16:10:40 0 days, 0 hours, 4 minutes, 47 seconds
Issue 01 (2011-05-30)
4-103
Broadcast Tunnel ID Ckey Nkey Main PW Token Slave PW Token Tnl Type OutInterface Stp Enable Mac Flapping PW Last Up Time PW Total Up Time : : : : : : : : : : :
0x81000b 0x2 0x1 0x81000b 0x0 LSP GigabitEthernet1/0/2 0 0 2009/09/01 16:10:40 0 days, 0 hours, 11 minutes, 2 seconds
[PE1] display interface gigabitethernet1/0/1 vlan 10 Sub-Interface VlanPolicy ----------------------------------------------------------GE1/0/1.1 eth-type pppoe GE1/0/1.2 default ----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
----End
Configuration Files
# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 1 peer 2.2.2.9 # vsi ldp2 static pwsignal ldp vsi-id 2 peer 3.3.3.9 # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown # interface GigabitEthernet1/0/1.1 undo shutdown vlan-type dot1q 10 eth-type pppoe l2 binding vsi ldp1 # interface GigabitEthernet1/0/1.2 undo shutdown vlan-type dot1q 10 default l2 binding vsi ldp2 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.2 255.255.255.252 mpls mpls ldp
4-104
Issue 01 (2011-05-30)
# interface GigabitEthernet1/0/3 undo shutdown ip address 20.1.1.2 255.255.255.252 mpls mpls ldp interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.3 network 20.1.1.0 0.0.0.3 # return

# sysname PE2 # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 1 peer 1.1.1.9 # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown # interface GigabitEthernet1/0/1.1 undo shutdown vlan-type dot1q 10 eth-type pppoe l2 binding vsi ldp1 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.3 # return

# sysname PE3 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # vsi ldp2 static pwsignal ldp vsi-id 2 peer 1.1.1.9
Issue 01 (2011-05-30)
4-105
# mpls ldp # interface GigabitEthernet1/0/1 undo shutdown # interface GigabitEthernet1/0/1.1 undo shutdown vlan-type dot1q 10 default l2 binding vsi ldp2 # interface GigabitEthernet1/0/2 undo shutdown ip address 20.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 20.1.1.0 0.0.0.3 # return
4.12.10 Example for Configuring VLAN+DSCP for L3VPN Access (on a Common Sub-interface)
In the networking of this configuration example, VLAN+DSCP is configured on the subinterface at the AC side of PE1; the sub-interface is bound to different VPN instances. In this manner, packets of different DSCP values enter different VPN instances, and different services can be transmitted through different VPN instances. The following takes the scenario where a CSG accesses IP services as an example.
On an ME network, VLAN IDs are used to identify various services or user packets before they access various VSIs, VLLs, or VPN instances. If multiple user packets or services share one VLAN ID, part of high-priority traffic over the operators' network cannot be scheduled in time, which deteriorates users' experience. As shown in Figure 4-25, different service packets are added with the same tag on the CSG. Therefore, when PE1 receives packets, it cannot identify services based on tags, which affects the traffic distribution. To address the problem, you can deploy a VLAN policy on PE1. PE1 distributes traffic to different VPN instances based on VLAN IDs and packet priorities. This ensures that packets can be scheduled in time.
NOTE
4-106
Issue 01 (2011-05-30)
Figure 4-25 Networking diagram for VLAN+DSCP-based L3VPN access
Loopback1 2.2.2.9/32 PE2 CE2 GE1/0/1.1 100.2.1.1/24 GE1/0/1 100.2.1.2/24 GE1/0/2 Database 10.1.1.1/30 AS65420
CSG
GE1/0/1.2 200.1.1.1/24 GE1/0/1.1 100.1.1.1/24 PE1 Loopback1 1.1.1.9/32 CE1
DS
GE1/0/1.2 200.1.1.2/24 GE1/0/1.1 100.1.1.2/24
CP
=3
GE1/0/2 10.1.1.2/30 GE1/0/3 20.1.1.2/30 GE1/0/2 20.1.1.1/30 GE1/0/1 200.2.1.2/24 GE1/0/1.1 PE3 200.2.1.1/24 Loopback1 3.3.3.9/32
DS CP
Internet AS65421
=2
CE3
VLAN 10 AS65410
L3VPN AS100
The configuration roadmap is as follows: 1. Configure basic L3VPN functions. (1) Run an IGP to ensure intercommunication between CX device on the backbone network. (2) Configure basic MPLS functions and MPLS LDP, and set up MPLS LSPs on the backbone network. (3) Set up LSPs between PEs. (4) Create VPN instances on PEs. 2. 3. 4. 5. Configure VLAN+DSCP and bind AC interfaces to the VPN instances. Configure the basic Layer 2 forwarding function on CSG. Configure EBGP on CEs and PEs to exchange VPN routing information. Set up MP-IBGP peer relationships between PEs.
Data Preparation
To complete the configuration, you need the following data:
l l l l
IP addresses of interfaces Names of the VPN instances on PEs RDs and VPN targets of the VPN instances Interfaces bound to the VPN instances
Procedure
Step 1 Configure basic L3VPN functions. 1. Configure the IP addresses of interfaces on CEs and PEs as described in Figure 4-26. The detailed configurations are not mentioned here. You can see the configuration files in this configuration example. Configure an IGP on the MPLS backbone network. In this example, OSPF is adopted as an IGP. The detailed configurations are not mentioned here. You can see the configuration files in this configuration example. After the preceding configurations, PE1 and PE2, and PE1 and PE3 have routes discovered through OSPF to Loopback 1 of each other. PE1 and PE2, and PE1 and PE3 can ping through each other.
<PE1> display ip routing-table Routing Tables: Public Destinations : 9 Destination/Mask Proto Pre 0 10 10 0 0 0 0 0 0 Routes : 9 Cost 0 1 1 0 0 0 0 0 0 Flags NextHop D D D D D D D D D 127.0.0.1 10.1.1.1 20.1.1.1 10.1.1.2 127.0.0.1 20.1.1.2 127.0.0.1 127.0.0.1 127.0.0.1 InLoopBack0 InLoopBack0 InLoopBack0 InLoopBack0 Interface InLoopBack0
2.
1.1.1.9/32 Direct 2.2.2.9/32 OSPF GigabitEthernet1/0/2 3.3.3.9/32 OSPF GigabitEthernet1/0/3 10.1.1.0/30 Direct GigabitEthernet1/0/2 10.1.1.2/32 Direct 20.1.1.0/30 Direct GigabitEthernet1/0/3 20.1.1.2/32 Direct 127.0.0.0/8 Direct 127.0.0.1/32 Direct
<PE1> ping 2.2.2.9 PING 2.2.2.9: 56 data bytes, press CTRL_C to break Reply from 2.2.2.9: bytes=56 Sequence=1 ttl=255 Reply from 2.2.2.9: bytes=56 Sequence=2 ttl=255 Reply from 2.2.2.9: bytes=56 Sequence=3 ttl=255 Reply from 2.2.2.9: bytes=56 Sequence=4 ttl=255 Reply from 2.2.2.9: bytes=56 Sequence=5 ttl=255 --- 2.2.2.9 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 90/96/120 ms
time=120 ms time=90 ms time=90 ms time=90 ms time=90 ms
3.
Enable basic MPLS functions and LDP on the MPLS backbone network. The detailed configurations are not mentioned here. You can see the configuration files in this configuration example. After the preceding configurations, MPLS LSPs are successfully created, and LDP sessions are set up between PE1 and PE2 and between PE1 and PE3. Run the display mpls ldp session command, and you can view that the Status field is displayed as Operational.
4-108
Issue 01 (2011-05-30)
<PE1> display mpls ldp session
LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. -----------------------------------------------------------------------------PeerID Status LAM SsnRole SsnAge KASent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 0000:00:00 3/3 3.3.3.9:0 Operational DU Passive 0000:00:00 2/2 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found.
4.
Configure VPN instances. # Configure PE1.

<PE1> system-view [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] quit [PE1] ip vpn-instance vpn2 [PE1-vpn-instance-vpn2] route-distinguisher 100:2 [PE1-vpn-instance-vpn2] vpn-target 100:2 both [PE1-vpn-instance-vpn2] quit
# Configure PE2.
<PE2> system-view [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 100:1 [PE2-vpn-instance-vpn1] vpn-target 100:1 both [PE2-vpn-instance-vpn1] quit
# Configure PE3.
Step 2 Configure VLAN+DSCP, and bind common sub-interfaces to the VPN instances. # Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1 [PE1-GigabitEthernet1/0/1.1] vlan-type dot1q 10 dscp [PE1-GigabitEthernet1/0/1.1] ip binding vpn-instance [PE1-GigabitEthernet1/0/1.1] ip address 100.1.1.1 24 [PE1-GigabitEthernet1/0/1.1] quit [PE1] interface gigabitethernet 1/0/1.2 [PE1-GigabitEthernet1/0/1.2] vlan-type dot1q 10 dscp [PE1-GigabitEthernet1/0/1.2] ip binding vpn-instance [PE1-GigabitEthernet1/0/1.2] ip address 200.1.1.1 24 [PE1-GigabitEthernet1/0/1.2] quit 3 vpn1
2 vpn2
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1 [PE2-GigabitEthernet1/0/1.1] vlan-type dot1q 10 [PE2-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet1/0/1.1] ip address 100.2.1.1 24 [PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1 [PE3-GigabitEthernet1/0/1.1] vlan-type dot1q 10
Issue 01 (2011-05-30)
4-109
[PE3-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn2 [PE3-GigabitEthernet1/0/1.1] ip address 200.2.1.1 24 [PE3-GigabitEthernet1/0/1.1] quit
After the preceding configurations, run the display ip vpn-instance verbose command on PEs, and you can view the configurations of the VPN instances. Take the command output on PE1 as an example.
[PE1] display ip vpn-instance verbose Total VPN-Instances configured : 2 VPN-Instance Name and ID : vpn1, 1 Create date : 2009/09/01 17:22:49 Up time : 0 days, 00 hours, 11 minutes and 46 seconds Route Distinguisher : 100:1 Export VPN Targets : 100:1 Import VPN Targets : 100:1 Label Policy : label per route The diffserv-mode Information is : uniform The ttl-mode Information is : pipe Log Interval : 5 Interfaces : GigabitEthernet1/0/1.1 VPN-Instance Name and ID : vpn2, 2 Create date : 2009/09/01 17:27:07 Up time : 0 days, 00 hours, 07 minutes and 28 seconds Route Distinguisher : 100:2 Export VPN Targets : 100:2 Import VPN Targets : 100:2 Label Policy : label per route The diffserv-mode Information is : uniform The ttl-mode Information is : pipe Log Interval : 5 Interfaces : GigabitEthernet1/0/1.2
Step 3 Configure basic functions of the CSG. The detailed configurations are not mentioned here. It is required that the CSG support the following: l Configures the DSCP values of packets through commands. l Differentiates service types (voice, data, or signal) based on timeslots in TDM or PVCs in ATM in the case that the CSG accesses non-IP services.
NOTE
Packets sent from the CSG to PE1 carry VLAN tags with different DSCP values.
Step 4 Set up EBGP peer relationships between the PEs and the CEs to import VPN routes. The detailed configurations are not mentioned here. You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the CX600 Configuration Guide - VPN or the configuration files in this configuration example. Step 5 Set up MP-IBGP peer relationships between the PEs. The detailed configurations are not mentioned here. You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the CX600 Configuration Guide - VPN or the configuration files in this configuration example. Step 6 Verify the configuration. After the preceding configurations, run the display bgp peer command on the PEs, and you can view that BGP peer relationships between PEs have been established and are in the Established state.
Take the command output on PE1 as an example.

[PE1] display bgp peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 2 Peer 2.2.2.9 3.3.3.9 V 4 4 AS 100 100 MsgRcvd 10 6 MsgSent 15 11
Peers in established state : 2 OutQ 0 0 Up/Down 00:04:53 00:01:06 State Established Established PrefRcv 0 2
Run the display ip routing-table vpn-instance command on PEs, and you can view the routes to remote CEs. Take the command output on PE1 as an example.
[PE1] display ip routing-table vpn-instance vpn1 Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpn1 Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface
100.1.1.0/24 Direct 0 0 D 100.1.1.1 GigabitEthernet1/0/1.1 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.2.1.0/24 BGP 255 0 RD 2.2.2.9 GigabitEthernet1/0/2 [PE1] display ip routing-table vpn-instance vpn2 Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpn1 Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost 0 0 0 Flags NextHop D D RD 200.1.1.1 127.0.0.1 3.3.3.9 InLoopBack0 GigabitEthernet1/0/3 Interface
200.1.1.0/24 Direct 0 GigabitEthernet1/0/1.2 200.1.1.1/32 Direct 0 200.2.1.0/24 BGP 255
Run the display interface vlan command, and you can view the matching policy configured on sub-interfaces in VLAN 10. Take the command output on PE1 as an example.
[PE1] display interface gigabitethernet1/0/1 vlan 10 Interface VlanPolicy ----------------------------------------------------------GE1/0/1.2 dscp 2 GE1/0/1.1 dscp 3 ----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
----End
Configuration Files
# sysname PE1 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity ip vpn-instance vpn2
Issue 01 (2011-05-30)
4-111
route-distinguisher 100:2 vpn-target 100:2 export-extcommunity vpn-target 100:2 import-extcommunity # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # mpls ldp # interface GigabitEthernet1/0/1.1 vlan-type dot1q 10 dscp 3 ip binding vpn-instance vpn1 ip address 100.1.1.1 255.255.255.0 # interface GigabitEthernet1/0/1.2 vlan-type dot1q 10 dscp 2 ip binding vpn-instance vpn2 ip address 200.1.1.1 255.255.255.0 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.2 255.255.255.252 mpls mpls ldp # interface GigabitEthernet1/0/3 undo shutdown ip address 20.1.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable peer 3.3.3.9 enable # ipv4-family vpn-instance vpn1 import-route direct peer 100.1.1.2 as-number 65410 # ipv4-family vpn-instance vpn2 import-route direct peer 200.1.1.2 as-number 65410 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.3 network 20.1.1.0 0.0.0.3 # return
4-112
Issue 01 (2011-05-30)
# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn # mpls ldp # interface GigabitEthernet1/0/1.1 vlan-type dot1q 10 ip binding vpn-instance vpn1 ip address 100.2.1.1 255.255.255.0 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn1 import-route direct peer 100.2.1.2 as-number 65420 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.3 # return

# sysname PE3 # ip vpn-instance vpn2 route-distinguisher 100:2 vpn-target 100:2 export-extcommunity vpn-target 100:2 import-extcommunity # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # mpls ldp # interface GigabitEthernet1/0/1.1 vlan-type dot1q 10
Issue 01 (2011-05-30)
4-113
ip binding vpn-instance vpn2 ip address 200.2.1.1 255.255.255.0 # interface GigabitEthernet1/0/2 undo shutdown ip address 20.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn1 import-route direct peer 200.2.1.2 as-number 65421 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 20.1.1.0 0.0.0.3 # return

# sysname CE1 # interface GigabitEthernet1/0/1.1 undo shutdown ip address 100.1.1.2 255.255.255.0 bgp 65410 peer 100.1.1.1 as-number 100 # interface GigabitEthernet1/0/2.1 undo shutdown ip address 200.1.1.2 255.255.255.0 bgp 65410 peer 200.1.1.1 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 100.1.1.1 enable peer 200.1.1.1 enable # return

# sysname CE2 # interface GigabitEthernet1/0/1.1 undo shutdown ip address 100.2.1.2 255.255.255.0 bgp 65420 peer 100.2.1.1 as-number 100 # ipv4-family unicast
4-114
Issue 01 (2011-05-30)
undo synchronization import-route direct peer 100.2.1.1 enable # return

# sysname CE3 # interface GigabitEthernet1/0/1.1 undo shutdown ip address 200.2.1.2 255.255.255.0 bgp 65421 peer 200.2.1.1 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 200.2.1.1 enable # return
4.12.11 Example for Configuring VLAN+802.1p for L3VPN Access (on a Common Sub-interface)
In the networking of this configuration example, VLAN+802.1p is configured on the subinterface at the AC side of a PE; the sub-interfaces are bound to different VPN instances. Packets are transmitted through different VPN instances based on the 802.1p priorities of the packets. The following takes the scenario where a CSG accesses IP services as an example.
On an ME network, VLAN IDs are used to identify various services or user packets before they access various VSIs, VLLs, or VPN instances. If multiple user packets or services share one VLAN ID, part of high-priority traffic over the operators' network cannot be scheduled in time, which deteriorates users' experience. As shown in Figure 4-26, different service packets are added with the same tag on the CSG. Therefore, when PE1 receives packets, it cannot identify services based on tags, which affects the traffic distribution. To address the problem, you can deploy a VLAN policy on PE1. PE1 distributes traffic to different VPN instances based on VLAN IDs and packet priorities. This ensures that packets can be scheduled in time.
NOTE
In this example, PE1 parses 802.1p values in the received packets for scheduling.
Issue 01 (2011-05-30)
4-115
Figure 4-26 Networking diagram of VLAN+802.1p-based L3VPN access
Loopback1 2.2.2.9/32 PE2 CE2 GE1/0/1.1 100.2.1.1/24 GE1/0/1 100.2.1.2/24 GE1/0/2 Database 10.1.1.1/30 AS65420
CSG
GE1/0/1.2 200.1.1.1/24
80
GE1/0/1.1 100.1.1.1/24 PE1

80
GE1/0/1.1 GE1/0/1.2 100.1.1.2/24 200.1.1.2/24 CE1
2 .1
VLAN 10
AS65410
The configuration roadmap is as follows: 1. Configure basic L3VPN functions. (1) Run an IGP to ensure intercommunication between CX device on the backbone network. (2) Configure basic MPLS functions and MPLS LDP, and set up MPLS LSPs on the backbone network. (3) Set up LSPs between PEs. (4) Create VPN instances on PEs. 2. 3. 4. 5. Configure VLAN+802.1p and bind AC interfaces to the VPN instances. Configure the basic Layer 2 forwarding function on CSG. Configure EBGP on CEs and PEs to exchange VPN routing information. Set up MP-IBGP peer relationships between PEs.
Data Preparation
p=
L3VPN AS100
GE1/0/2 10.1.1.2/30 GE1/0/3 20.1.1.2/30 Internet GE1/0/2 20.1.1.1/30 GE1/0/1 AS65421 200.2.1.2/24 GE1/0/1.1 PE3 200.2.1.1/24 CE3 Loopback1 3.3.3.9/32
2 .1
p=
l l l l
Procedure
2.
3.
Issue 01 (2011-05-30)
4-117
4.

# Configure PE2.
# Configure PE3.
Step 2 Configure VLAN+802.1p, and bind common sub-interfaces to the VPN instances. # Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1 [PE1-GigabitEthernet1/0/1.1] vlan-type dot1q 10 8021p 3 [PE1-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet1/0/1.1] ip address 100.1.1.1 24 [PE1-GigabitEthernet1/0/1.1] quit [PE1] interface gigabitethernet 1/0/1.2 [PE1-GigabitEthernet1/0/1.2] vlan-type dot1q 10 8021p 2 [PE1-GigabitEthernet1/0/1.2] ip binding vpn-instance vpn2 [PE1-GigabitEthernet1/0/1.2] ip address 200.1.1.1 24 [PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1 [PE2-GigabitEthernet1/0/1.1] vlan-type dot1q 10 [PE2-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet1/0/1.1] ip address 100.2.1.1 24 [PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1 [PE3-GigabitEthernet1/0/1.1] vlan-type dot1q 10
4-118
Issue 01 (2011-05-30)
[PE3-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn2 [PE3-GigabitEthernet1/0/1.1] ip address 200.2.1.1 24 [PE3-GigabitEthernet1/0/1.1] quit
NOTE
Step 4 Set up EBGP peer relationships between the PEs and the CEs to import VPN routes. The detailed configurations are not mentioned here. You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the CX600 Configuration Guide - VPN or the configuration files in this configuration example. Step 5 Set up MP-IBGP peer relationships between the PEs. The detailed configurations are not mentioned here. You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the CX600 Configuration Guide - VPN or the configuration files in this configuration example. Step 6 Verify the configuration. After the preceding configurations, run the display bgp peer command on the PEs, and you can view that BGP peer relationships between PEs have been established and are in the Established state.

----End
Configuration Files
# sysname PE1 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity ip vpn-instance vpn2
4-120
Issue 01 (2011-05-30)
route-distinguisher 100:2 vpn-target 100:2 export-extcommunity vpn-target 100:2 import-extcommunity # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # mpls ldp # interface GigabitEthernet1/0/1.1 vlan-type dot1q 10 8021p 3 ip binding vpn-instance vpn1 ip address 100.1.1.1 255.255.255.0 # interface GigabitEthernet1/0/1.2 vlan-type dot1q 10 8021p 2 ip binding vpn-instance vpn2 ip address 200.1.1.1 255.255.255.0 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.2 255.255.255.252 mpls mpls ldp # interface GigabitEthernet1/0/3 undo shutdown ip address 20.1.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable peer 3.3.3.9 enable # ipv4-family vpn-instance vpn1 import-route direct peer 100.1.1.2 as-number 65410 # ipv4-family vpn-instance vpn2 import-route direct peer 200.1.1.2 as-number 65410 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.3 network 20.1.1.0 0.0.0.3 # return
Issue 01 (2011-05-30)
4-121
# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn # mpls ldp # interface GigabitEthernet1/0/1.1 vlan-type dot1q 10 ip binding vpn-instance vpn1 ip address 100.2.1.1 255.255.255.0 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn1 import-route direct peer 100.2.1.2 as-number 65420 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.3 # return

# sysname PE3 # ip vpn-instance vpn2 route-distinguisher 100:2 vpn-target 100:2 export-extcommunity vpn-target 100:2 import-extcommunity # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # mpls ldp # interface GigabitEthernet1/0/1.1 vlan-type dot1q 10
4-122
Issue 01 (2011-05-30)
ip binding vpn-instance vpn2 ip address 200.2.1.1 255.255.255.0 # interface GigabitEthernet1/0/2 undo shutdown ip address 20.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn1 import-route direct peer 200.2.1.2 as-number 65421 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 20.1.1.0 0.0.0.3 # return


# sysname CE2 # interface GigabitEthernet1/0/1.1 undo shutdown ip address 100.2.1.2 255.255.255.0 bgp 65420 peer 100.2.1.1 as-number 100 # ipv4-family unicast
Issue 01 (2011-05-30)
4-123
undo synchronization import-route direct peer 100.2.1.1 enable # return

4.12.12 Example for Configuring Untagged+DSCP for L3VPN Access

In the networking of this configuration example, PE1 receives untagged packets with different DSCP values; untagged+DSCP is configured on the sub-interface at the AC side of PE1; the sub-interface is bound to different VPN instances. Packets are transmitted through different VPN instances based on the DSCP values of the packets. The following takes the scenario where a CSG accesses IP services as an example.
On an ME network, VLAN IDs are used to identify various services or user packets before them access to various VSIs, VLLs, or VPN instances. If multiple user packets or services are not tagged, part of high-priority traffic over the operator's network cannot be scheduled in time, which deteriorates users' experience. On the network shown in Figure 4-27, a CSG forwards untagged packets. After receiving these packets, PE1 cannot identify them, resulting in a failure in distributing packets. To help resolve this problem, a DSCP-based policy needs to be configured on PE1. PE1 distributes packets to specific VPN instances based on priorities, ensuring correct scheduling of packets.
NOTE
4-124
Issue 01 (2011-05-30)
Figure 4-27 Networking diagram for untagged+DSCP-based L3VPN access
Loopback1 2.2.2.9/32 PE2 GE1/0/1.1 100.2.1.1/24 CE2
GE1/0/1.2 200.1.1.1/24 CSG GE1/0/1.1 100.1.1.1/24 untagged+ DSCP
DS
GE1/0/1 GE1/0/2 100.2.1.2/24 Database 10.1.1.1/30 AS65420
PE1 Loopback1 1.1.1.9/32 GE1/0/1.1 GE1/0/1.2 100.1.1.2/24 200.1.1.2/24 CE1
CP
AS65410
L3VPN AS100
The configuration roadmap is as follows: 1. Configure basic L3VPN functions. (1) Run an IGP to ensure intercommunication between CX device on the backbone network. (2) Configure basic MPLS functions and MPLS LDP, and set up MPLS LSPs on the backbone network. (3) Set up LSPs between PEs. (4) Create VPN instances on PEs. 2. 3. 4. 5. Configure untagged+DSCP and bind AC interfaces to the VPN instances. Configure the basic Layer 2 forwarding function on CSG. Configure EBGP on CEs and PEs to exchange VPN routing information. Set up MP-IBGP peer relationships between PEs.
Data Preparation
=3
GE1/0/2 10.1.1.2/30 GE1/0/3 20.1.1.2/30

DS CP
Internet GE1/0/2 20.1.1.1/30 GE1/0/1 AS65421 200.2.1.2/24 GE1/0/1.1 PE3 200.2.1.1/24 CE3 Loopback1 3.3.3.9/32
=2
l l l l
Procedure
2.
3.
4-126
Issue 01 (2011-05-30)
4.

# Configure PE2.
# Configure PE3.
Step 2 Configure untagged+DSCP, and bind sub-interfaces to the VPN instances. # Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1 [PE1-GigabitEthernet1/0/1.1] untagged dscp 3 [PE1-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet1/0/1.1] ip address 100.1.1.1 24 [PE1-GigabitEthernet1/0/1.1] quit [PE1] interface gigabitethernet 1/0/1.2 [PE1-GigabitEthernet1/0/1.2] untagged dscp 2 [PE1-GigabitEthernet1/0/1.2] ip binding vpn-instance vpn2 [PE1-GigabitEthernet1/0/1.2] ip address 200.1.1.1 24 [PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1 [PE2-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet1/0/1.1] ip address 100.2.1.1 24 [PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1 [PE3-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn2 [PE3-GigabitEthernet1/0/1.1] ip address 200.2.1.1 24
Issue 01 (2011-05-30)
4-127
[PE3-GigabitEthernet1/0/1.1] quit
Step 3 Configure basic functions of the CSG. The detailed configurations are not mentioned here. It is required that the CSG support the following: l Configures the DSCP values of packets through commands. l Differentiates service types (voice, data, or signal) based on timeslots in TDM or PVCs in ATM in the case that the CSG accesses non-IP services. Step 4 Set up EBGP peer relationships between the PEs and the CEs to import VPN routes. The detailed configurations are not mentioned here. You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the CX600 Configuration Guide - VPN or the configuration files in this configuration example. Step 5 Set up MP-IBGP peer relationships between the PEs. The detailed configurations are not mentioned here. You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the CX600 Configuration Guide - VPN or the configuration files in this configuration example. Step 6 Verify the configuration. After the preceding configurations, run the display bgp peer command on the PEs, and you can view that BGP peer relationships between PEs have been established and are in the Established state. Take the command output on PE1 as an example.
[PE1] display bgp peer BGP local router ID : 1.1.1.9
4-128
Issue 01 (2011-05-30)
Local AS number : 100 Total number of peers : 2 Peer 2.2.2.9 3.3.3.9 V 4 4 AS 100 100 MsgRcvd 10 6 MsgSent 15 11
Run the display interface vlan command, and you can view the matching policy on a main interface. Take the command output on PE1 as an example.
[PE1] display interface GigabitEthernet1/0/1 vlan untagged Interface VlanPolicy ----------------------------------------------------------GE1/0/1.2 dscp 2 GE1/0/1.1 dscp 3 ----------------------------------------------------------Interface:GE1/0/1 VLAN ID: UNTAGGED Sub-Interface num: 2
----End
Configuration Files
# sysname PE1 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity ip vpn-instance vpn2 route-distinguisher 100:2 vpn-target 100:2 export-extcommunity vpn-target 100:2 import-extcommunity #
Issue 01 (2011-05-30)
4-129
mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # mpls ldp # interface GigabitEthernet1/0/1.1 untagged dscp 3 ip binding vpn-instance vpn1 ip address 100.1.1.1 255.255.255.0 # interface GigabitEthernet1/0/1.2 untagged dscp 2 ip binding vpn-instance vpn2 ip address 200.1.1.1 255.255.255.0 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.2 255.255.255.252 mpls mpls ldp # interface GigabitEthernet1/0/3 undo shutdown ip address 20.1.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable peer 3.3.3.9 enable # ipv4-family vpn-instance vpn1 import-route direct peer 100.1.1.2 as-number 65410 # ipv4-family vpn-instance vpn2 import-route direct peer 200.1.1.2 as-number 65410 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.3 network 20.1.1.0 0.0.0.3 # return

# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 100:1
4-130
Issue 01 (2011-05-30)
vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn # mpls ldp # interface GigabitEthernet1/0/1.1 ip binding vpn-instance vpn1 ip address 100.2.1.1 255.255.255.0 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn1 import-route direct peer 100.2.1.2 as-number 65420 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.3 # return

# sysname PE3 # ip vpn-instance vpn2 route-distinguisher 100:2 vpn-target 100:2 export-extcommunity vpn-target 100:2 import-extcommunity # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # mpls ldp # interface GigabitEthernet1/0/1.1 ip binding vpn-instance vpn2 ip address 200.2.1.1 255.255.255.0 # interface GigabitEthernet1/0/2 undo shutdown ip address 20.1.1.1 255.255.255.252 mpls
Issue 01 (2011-05-30)
4-131
mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn1 import-route direct peer 200.2.1.2 as-number 65421 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 20.1.1.0 0.0.0.3 # return


4-132
Issue 01 (2011-05-30)

4.12.13 Example for Configuring Interface Isolation in a VLAN

After interface isolation in a VLAN is configured, isolated interfaces cannot communicate with each other in the VLAN.
As shown in Figure 4-28, the VLAN10 is configured on the CX device. GE1/0/0 and Host A are connected through switch, and GE2/0/0 and Host B are connected through switch. Requirements: Host A and Host B cannot be connected directly in a VLAN. The traffic from Host A to Host B must pass through layer 3 route, which is convenient for statistics. Figure 4-28 Networking diagram of configuring interface isolation in a VLAN
CX600
GE1/0/0
GE2/0/0
HostA
VLAN10 HostB
The configuration roadmap is as follows: 1. 2.
Issue 01 (2011-05-30)
Switch the routed interfaces to the layer 2 interfaces. Add the routed interfaces into the corresponding VLANs.
3. 4. 5.
Configure the isolated interfaces of GE1/0/0 and GE2/0/0. Enable the ARP proxy in a VLAN. Add the switch interfaces into the same VLAN.
Data Preparation
To complete the configuration, you need the following data l l GE1/0/0 and GE2/0/0 that belongs to VLAN10 The IP address 10.1.1.1/24 of VLANIF 10
Procedure
Step 1 Configuring interface isolation in a VLAN. # Create VLAN10.
<HUAWEI> system-view [HUAWEI] vlan 10 [HUAWEI-vlan10] quit
# Add the interface into VLAN10, and configure the interface isolation.
<HUAWEI> system-view [HUAWEI] interface gigabitethernet 1/0/0 [HUAWEI-GigabitEthernet1/0/0] portswitch [HUAWEI-GigabitEthernet1/0/0] port default vlan 10 [HUAWEI-GigabitEthernet1/0/0] port isolate-state enable vlan 10 [HUAWEI-GigabitEthernet1/0/0] quit [HUAWEI] interface gigabitethernet 2/0/0 [HUAWEI-GigabitEthernet2/0/0] portswitch [HUAWEI-GigabitEthernet2/0/0] port default vlan 10 [HUAWEI-GigabitEthernet2/0/0] port isolate-state enable vlan 10 [HUAWEI-GigabitEthernet2/0/0] quit
After the configuration, Host A and Host B cannot ping through each other. Step 2 Enable the ARP proxy in a VLAN. # Create the VLANIF interface.
<HUAWEI> system-view [HUAWEI] interface vlanif 10 [HUAWEI-vlanif10] ip address 10.1.1.1 24
# Enable the ARP proxy in a VLAN.

[HUAWEI-vlanif10] arp-proxy inner-sub-vlan-proxy enable
Step 3 Verify the configuration. When the configuration is complete, Host A and Host B can ping through each other. ----End
Configuration Files
Configuration file of CX device
# sysname HUAWEI # vlan 10
4-134
Issue 01 (2011-05-30)
# interface Vlanif10 ip address 10.1.1.1 255.255.255.0 arp-proxy inner-sub-vlan-proxy enable # interface GigabitEthernet1/0/0 undo shutdown portswitch port default vlan 10 port isolate-state enable vlan 10 # interface GigabitEthernet2/0/0 undo shutdown portswitch port default vlan 10 port isolate-state enable vlan 10 # return
4.12.14 Example for Configuring the Isolation Based on Interface Groups in a VLAN
After interface group isolation in a VLAN is configured, interfaces that belong to different groups in a VLAN cannot communication with each other, but interfaces in the same isolation group can communication with each other.
NOTE
The interface group isolation in a VLAN is not supported in CX600-X1 and CX600-X2.
As shown in Figure 4-29, VLAN 10 is created on the CX device. GE 1/0/0 is connected with host A through switch; GE 2/0/0 is connected with host B through switch; GE 2/0/1 is connected with host C through switch; GE 1/0/1 is connected with host D through switch; GE 3/0/0 is connected with host E through switch. The requirements are as follows: l l l host A can communicate with host B and host C can communicate with host D. host A and host B cannot communicate with host C and host D. host E can communicate with the hosts in VLAN 10.
Figure 4-29 Networking diagram of configuring the isolation based on interface groups in a VLAN
CX600 GE1/0/0 GE2/0/0 GE1/0/1 GE2/0/1 GE3/0/0
hostA
hostB
hostE VLAN10
hostC
hostD
Issue 01 (2011-05-30)
4-135
The configuration roadmap is as follows: 1. 2. 3. 4. Switch the interfaces of the CX device to be Layer 2 interfaces. Add the interfaces of the CX device to different isolated interface groups. Add the interfaces that cannot communicate with each other to different isolated interface groups. Add the switch interfaces into the same VLAN.
Data Preparation
To complete the configuration, you need the following data: l l l GE 1/0/0, GE 2/0/0, GE 2/0/1, GE 1/0/1, and GE 3/0/0 that belong to VLAN 10 GE 1/0/0 and GE 2/0/0 that belong to the isolated group 1 GE 2/0/1 and GE 1/0/1 that belong to the isolated group 2
Procedure
Step 1 Create an interface-based VLAN 10. # Create VLAN 10.
<HUAWEI> system-view [HUAWEI] vlan 10 [HUAWEI-vlan10] quit
# Add interfaces to VLAN 10.

<HUAWEI> system-view [HUAWEI] interface gigabitethernet 1/0/0 [HUAWEI-GigabitEthernet1/0/0] portswitch [HUAWEI-GigabitEthernet1/0/0] port default [HUAWEI-GigabitEthernet1/0/0] quit [HUAWEI] interface gigabitethernet 2/0/0 [HUAWEI-GigabitEthernet2/0/0] portswitch [HUAWEI-GigabitEthernet2/0/0] port default [HUAWEI-GigabitEthernet2/0/0] quit [HUAWEI] interface gigabitethernet 2/0/1 [HUAWEI-GigabitEthernet2/0/1] portswitch [HUAWEI-GigabitEthernet2/0/1] port default [HUAWEI-GigabitEthernet2/0/1] quit [HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] portswitch [HUAWEI-GigabitEthernet1/0/1] port default [HUAWEI-GigabitEthernet1/0/1] quit [HUAWEI] interface gigabitethernet 3/0/0 [HUAWEI-GigabitEthernet3/0/0] portswitch [HUAWEI-GigabitEthernet3/0/0] port default [HUAWEI-GigabitEthernet3/0/0] quit
vlan 10
vlan 10
vlan 10
vlan 10
vlan 10
Step 2 Add the interfaces to the isolated group. # Add GE 1/0/0 and GE 2/0/0 to the isolated group 1.
[HUAWEI] interface gigabitethernet 1/0/0 [HUAWEI-GigabitEthernet1/0/0] port-isolation group 1 [HUAWEI-GigabitEthernet1/0/0] quit
4-136
Issue 01 (2011-05-30)
[HUAWEI] interface gigabitethernet 2/0/0 [HUAWEI-GigabitEthernet2/0/0] port-isolation group 1 [HUAWEI-GigabitEthernet2/0/0] quit
# Add GE 2/0/1 and GE 1/0/1 to the isolated group 2.

[HUAWEI] interface gigabitethernet 2/0/1 [HUAWEI-GigabitEthernet2/0/1] port-isolation group 2 [HUAWEI-GigabitEthernet2/0/1] quit [HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] port-isolation group 2 [HUAWEI-GigabitEthernet1/0/1] quit
Step 3 Verify the configuration. After the configuration, you can run the display port-isolation group command to view the configuration of the isolated group.
[HUAWEI] display port-isolation group brief Port islation group 1 GigabitEthernet1/0/0 GigabitEthernet2/0/0 port islation group 1 has 2 ports Port islation group 2 GigabitEthernet2/0/1 GigabitEthernet1/0/1 port islation group 1 has 2 ports
After the configuration, host E can communicate with other hosts. host A cannot communicate with host C and host D. host B cannot communicate with host C and host D. ----End
Configuration Files
The configuration file of the CX device is as follows:
# sysname HUAWEI # vlan 10 # interface GigabitEthernet1/0/0 undo shutdown portswitch port default vlan 10 port-isolation group 1 # interface GigabitEthernet2/0/0 undo shutdown portswitch port default vlan 10 port-isolation group 1 # interface GigabitEthernet2/0/1 undo shutdown portswitch port default vlan 10 port-isolation group 2 # interface GigabitEthernet1/0/1 undo shutdown portswitch port default vlan 10 port-isolation group 2 # interface GigabitEthernet3/0/0 undo shutdown
Issue 01 (2011-05-30)
4-137
portswitch port default vlan 10 # return
4.12.15 Example for Configuring Ethernet Loop Detection for a VLAN

After Ethernet loop detection for a VLAN is configured, the CX600 can block a corresponding interface when detecting a loop, thus preventing broadcast storms on the network.
As shown in Figure 4-30, CE1 accesses PE1 and PE2 in the carrier network through redundant links. Interfaces on PE1 and PE2 belong to the same VLAN. The two interfaces that connect CE1 to PE1 and PE2 also belong to the same VLAN. It is required that Ethernet loop detection be configured for the VLAN on the PE devices and interfaces on PE2 be blocked first when a loop occurs. Figure 4-30 Networking diagram of configuring Ethernet loop detection for a VLAN
PE1
GE2/0/0 GE1/0/0
PE2
GE1/0/0
GE2/0/0
CE1
GE1/0/0 GE2/0/0
The configuration roadmap is as follows: 1. 2. 3. Create a VLAN on the PE and CE devices to ensure interworking between them. Configure Ethernet loop detection for the VLAN. Configure the block priority for each interface in the VLAN.
Data Preparation
To complete the configuration, you need the following data: l l ID of the VLAN Times of loopback, interval of the detection time, cycle of the detection interval, time for blocking a loop, and retry times for blocking a port permanently
4-138
Block priority of each interface
Procedure
Step 1 Create a VLAN on the PE and CE devices to ensure Layer 2 interworking. # Configure PE1.
<HUAWEI> system-view [HUAWEI] sysname PE1 [PE1] vlan 100 [PE1-vlan100] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] portswitch [PE1-GigabitEthernet1/0/0] port link-type access [PE1-GigabitEthernet1/0/0] port default vlan 100 [PE1-GigabitEthernet1/0/0] undo shutdown [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] portswitch [PE1-GigabitEthernet2/0/0] port link-type trunk [PE1-GigabitEthernet2/0/0] port trunk allow-pass vlan 100 [PE1-GigabitEthernet2/0/0] undo shutdown [PE1-GigabitEthernet2/0/0] quit
# Configure PE2.
<HUAWEI> system-view [HUAWEI] sysname PE2 [PE2] vlan 100 [PE2-vlan100] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] portswitch [PE2-GigabitEthernet1/0/0] port link-type trunk [PE2-GigabitEthernet1/0/0] port trunk allow-pass vlan 100 [PE2-GigabitEthernet1/0/0] undo shutdown [PE2-GigabitEthernet1/0/0] quit [PE2] interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] portswitch [PE2-GigabitEthernet2/0/0] port link-type access [PE2-GigabitEthernet2/0/0] port default vlan 100 [PE2-GigabitEthernet2/0/0] undo shutdown [PE2-GigabitEthernet2/0/0] quit
# Configure CE1. CE1 is a switch and interfaces on CE1 default to Layer 2 interfaces. In this example, you can configure GE 1/0/0 and GE 2/0/0 on CE1 as access interfaces and add them to VLAN 100. Step 2 Configure Ethernet loop detection for the VLAN and set the block priority of each interface. # Configure PE1.
[PE1] vlan 100 [PE1-vlan100] loop-detect eth-loop loop-times 10 detect-cycle 10 cycles 3 retrytimes 3 block-time 100 [PE1-vlan100] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] loop-detect eth-loop priority 1 [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] loop-detect eth-loop priority 2 [PE1-GigabitEthernet2/0/0] quit
# Configure PE2.
[PE2] vlan 100
Issue 01 (2011-05-30)
4-139
[PE2-vlan100] loop-detect eth-loop loop-times 10 detect-cycle 10 cycles 1 retrytimes 3 block-time 100 [PE2-vlan100] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] loop-detect eth-loop priority 2 [PE2-GigabitEthernet1/0/0] quit [PE2] interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] loop-detect eth-loop priority 1 [PE2-GigabitEthernet2/0/0] quit
Step 3 Verify the configuration. After the preceding configuration, run the display loop-detect eth-loop command on PE devices. You can view the parameters of Ethernet loop detection for VLAN 100.
[PE1] display loop-detect eth-loop vlan 100 VLAN/VSI LTimes D-Cycle Cycles Retry Action ----------------------------------------------------------------------VLAN 100 10 10 3 3 Block 100s Total Items = 1 Blocked Port: --------------VLAN/VSI Block Port Link-Block Port Detect MAC -----------------------------------------------------------------------------[PE2] display loop-detect eth-loop vlan 100 VLAN/VSI LTimes D-Cycle Cycles Retry Action ----------------------------------------------------------------------VLAN 100 10 10 1 3 Block 100s Total Items = 1 Blocked Port: --------------VLAN/VSI Block Port Link-Block Port Detect MAC -----------------------------------------------------------------------------1 GE2/0/0
At this time, cycles is set to 3 on PE1 and set to 1 on PE2. In this case, when a loop occurs in VLAN 100, interfaces on PE2 are blocked first. On PE2, the priority of GE 2/0/0 is lower than that of GE 1/0/0. Thus, GE 2/0/0 is blocked first. ----End
Configuration Files
# sysname PE1 # vlan batch 100 loop-detect eth-loop loop-times 10 detect-cycle 10 cycles 3 retry-times 3 block-time 100 # interface GigabitEthernet1/0/0 undo shutdown portswitch port link-type access port default vlan 100 loop-detect eth-loop priority 1 # interface GigabitEthernet2/0/0 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 100 loop-detect eth-loop priority 2 # return
4-140
Issue 01 (2011-05-30)

# sysname PE2 # vlan batch 100 loop-detect eth-loop loop-times 10 detect-cycle 10 cycles 1 retry-times 3 block-time 100 # interface GigabitEthernet1/0/0 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 100 loop-detect eth-loop priority 2 # interface GigabitEthernet2/0/0 undo shutdown portswitch port link-type access port default vlan 100 loop-detect eth-loop priority 1 # return
Issue 01 (2011-05-30)
4-141
5 QinQ Configuration
5
About This Chapter
QinQ Configuration
The QinQ technology makes up for the shortage of public VLAN ID resources, and also provides a simpler Layer 2 VPN solution for LANs or small-scale MANs. 5.1 QinQ Introduction The QinQ protocol is a Layer 2 tunneling protocol based on the IEEE 802.1Q standard. 5.2 Configuring the QinQ Tunnel Function This section describes how to configure a QinQ Layer 2 tunnel. Thus, packets with double tags can be transmitted. In addition, the EthType in the outer tag can be flexibly configured. 5.3 Configuring Selective QinQ on a Layer 2 Interface This section describes how to configure Layer 2 selective QinQ. Thus, a packet with different outer VLAN tags can be transmitted and the EthType in the outer VLAN tag can be flexibly configured. 5.4 Configuring the Sub-interface for VLAN Tag Termination to Access the IP Service IP services include proxy ARP, DHCP, and VRRP services. You can deploy IP services on subinterfaces for VLAN tag termination to enable the interworking between users in different VLANs, thus ensuring reliable, stable, and uninterrupted connections between the users and the network. 5.5 Configuring the Sub-interface for VLAN Tag Termination to Access the Multicast Service With the wide use of multicast services on the Internet, you need to deploy sub-interfaces for QinQ/dot1q VLAN tag termination to process the user packets carrying a single tag or double tags for multicast services. In this manner, the UPE can maintain information about the outbound interface of multicast packets according to the established multicast forwarding table to ensure the normal communications between hosts and the multicast source. 5.6 Configuring the Sub-interface for VLAN Tag Termination to Access the VPN Service VPN services are classified into L2VPN services and L3VPN services. You can configure subinterfaces for VLAN tag termination on PEs to access VPNs to enable the interworking between CEs and users. 5.7 Configuring the Sub-interface for VLAN Tag Termination to Access the MPLS Service The sub-interface for VLAN tag termination to access the MPLS service are classified into the following types of MPLS LDP service and MPLS TE service.
5.8 Configuring the Sub-interface for QinQ VLAN Tag Termination to Support 802.1p Mapping After tags are terminated on PEs, packets are sent to the IP or MPLS network of the ISP. To ensure the completeness of the QoS information in the packets, the 802.1p values in outer and inner tags need to be mapped to the DSCP field or the EXP field. 5.9 Configuring the Sub-interface for QinQ Stacking to Access an L2VPN You can configure sub-interfaces for QinQ stacking on PEs to access L2VPNs so that the inner tags of user packets are invisible on the ISP network. 5.10 Configuring Dynamic QinQ Dynamic QinQ is configured on the sub-interface for VLAN tag termination of the DHCP relay at the client side to allocate VLAN tag resources for login users. When a user abnormally logs out after obtaining an IP address, the system can sense the event automatically, delete the binding in the DHCP binding table, and instruct the DHCP server to release the IP address and VLAN tag resources. 5.11 Configuring the Sub-interface for QinQ VLAN Tag Termination to Support URPF Configuring sub-interfaces for QinQ VLAN tag termination to support Unicast Reverse Path Forwarding (URPF) effectively prevents attacks based on source address spoofing through subinterfaces for QinQ VLAN tag termination. 5.12 Configuring the User-Side QinQ When configuring a user VLAN on an Ethernet sub-interface, you can specify either the start and end VLAN IDs or the start and end QinQ VLAN IDs. Note that a maximum of 16 consecutive QinQ VLAN IDs can be specified in a command. When the CX600 is connected to users through two switches, the switch adjacent to users adds an inner tag to a user packet (or remove the inner tag from the user packet) and the switch adjacent to the CX600 adds an outer tag to the user packet (or remove the outer tag from the user packet). 5.13 Configuring VLAN Tag-based or VLAN Tag+802.1p-based Traffic Interruption Configuring VLAN tag-based or VLAN tag+802.1p-based traffic interruption can effectively prevent specific users from logging in and thus ensure the security and normal operation of network traffic. 5.14 Maintaining QinQ Commands of clearing statistics on a QinQ interface helps to locate the faults on a QinQ interface. 5.15 Configuration Examples This section describes the typical application scenarios of QinQ, including networking requirements, configuration roadmap, and data preparation, and provides related configuration files.
5-2
Issue 01 (2011-05-30)
5.1 QinQ Introduction

The QinQ protocol is a Layer 2 tunneling protocol based on the IEEE 802.1Q standard. 5.1.1 QinQ Overview The QinQ technology improves the utilization of VLANs by adding another 802.1Q tag to a packet with an 802.1Q tag. In this manner, services from the private VLAN can be transparently transmitted through the public network. 5.1.2 QinQ Feature Supported by the CX600 Owing to its simplicity and flexibility, QinQ plays an important role in solutions.
5.1.1 QinQ Overview

The QinQ technology improves the utilization of VLANs by adding another 802.1Q tag to a packet with an 802.1Q tag. In this manner, services from the private VLAN can be transparently transmitted through the public network. In intercommunication between Layer 2 LANs on the basis of the traditional IEEE 802.1Q protocol, when two user networks access each other through an ISP, the ISP must assign VLAN IDs to users of different VLANs, as shown in Figure 5-1. Suppose User Network1 and User Network2 access the backbone network through PE1 and PE2 of an ISP. Figure 5-1 Intercommunication between Layer 2 LANs on the basis of the traditional IEEE 802.1Q protocol
CE1
Trunk VLAN100~200
PE1
Trunk VLAN100~200 P Trunk VLAN100~200 Trunk VLAN100~200 PE2 CE2
User Network1 ISP Network
User Network2
To connect VLAN 100 - VLAN 200 on User Network1 to VLAN 100 - VLAN 200 on User Network2, you must change the attribute of the interfaces of CE1, PE1, and P that connect PE2 and CE2 to the trunk and allow packets of VLAN 100 - VLAN 200 to pass. This configuration makes user's VLANs visible on the backbone network. In this case, the VLAN ID resources (4094 VLAN IDs) of an ISP are wasted. In addition, the ISP has to manage user VLAN IDs and users have no right to manage their VLANs. A rush of too many users accessing the network may cause the ISP network to be short of VLAN IDs because an ISP network has only 4094 VLAN IDs.
In addition, different users cannot use the same VLAN ID and user's VLAN IDs must be planned by an ISP. QinQ is a technology used to expand the VLAN space by encapsulating a packet that carries an 802.1Q tag in another 802.1Q tag. The private VLANs thus can transparently transmit packets over the public network and the preceding problem is solved. The QinQ technology expands the VLAN space by encapsulating a packet that carries an 802.1Q tag in another 802.1Q tag. The private VLANs thus can transparently transmit packets over the public network. This function is the same as the Layer 2 VPN. Packets that are forwarded over the backbone network carry two 802.1Q tags, one for the public network and the other for the private network. This is called 802.1Q-in-802.1Q, or QinQ for short. The ISP network only provides one VLAN ID for different VLANs from the same user network. This saves VLAN IDs of an ISP. Meanwhile, the QinQ provides a simple Layer 2 VPN solution to a small metropolitan area network (MAN) or a local area network (LAN). The QinQ technology has been widely used on ISPs' networks because of its easy application. The QinQ technology can be applied to multiple services in a metropolitan area Ethernet solution. The emergence of flexible QinQ that is VLAN stacking enables QinQ services to widely spread among ISPs. This technology has the following features: l l Private networks are effectively segregated from the public network. ISP's VLAN IDs are saved to the maximum.
With the development of the metropolitan area Ethernet, all device vendors have put forward their solutions to the metropolitan area Ethernet. The QinQ technology plays an important role in the solutions because of its simplicity and flexibility.
5.1.2 QinQ Feature Supported by the CX600

Owing to its simplicity and flexibility, QinQ plays an important role in solutions.
QinQ of Layer 2 Interfaces

l l l QinQ tunnel Selective QinQ (VLAN stacking) Compatibility of QinQ EType in the outer tag or inner tag.
As shown in Figure 5-2, 802.1Q defines that the Ethernet encapsulation type field (EType) value of the Tag Protocol Identifier (TPID) is 0x8100. In QinQ encapsulation, the value of the EType in the inner TPID of devices from each vendor is 0x8100. The value of the EType in the outer TPID, however, varies with vendors. Figure 5-2 802.1 encapsulation
802.1Q Encapsulation
DA 6 Bytes SA ETYPE 6 Bytes 2 Bytes DATA TAG LEN/ETYPE FCS 46 Byte~1500 Bytes 4 Bytes 2 Bytes 2 Bytes
QinQ Encapsulation
DA 6 Bytes SA TAG ETYPE ETYPE TAG 6 Bytes 2 Bytes 2 Bytes 2 Bytes 2 Bytes LEN/ETYPE 2 Bytes DATA FCS 46 Byte~1500 Bytes 4 Bytes
5-4
Issue 01 (2011-05-30)
The CX600 supports the compatibility of ETypes in different QinQ outer TPIDs. That is, the CX600 can identify and encapsulate packets with different outer ETypes, thus implementing inter-operation among devices from different vendors.
NOTE
IEEE 802.1ad defines the value of the EType field in the outer TPID to 0x88a8.
As shown in Figure 5-3, on CX- B, the inbound interface can identify the QinQ packet with the Etype value in the outer TPID being 0x9100 and the outbound interface can set ETypes in the outer TPID to different values according to vendors, such as 0x9100, 0x8100, or other values. Thus, CX- B can inter-operate with the devices of different vendors. Figure 5-3 Compatibility of Etypes in the outer TPIDs of QinQ packets
0x91 00
0x9100
IP/MPLS Core
Switch A CX-B
0x81 00
Router A
Router C
As shown in Figure 5-4, Router A and Switch A are non-Huawei devices, and CX- B is a Huawei Datacom device. By default, the inbound interface on CX- B can identify the QinQ packets with ETypes of both inner and outer tags being 0x8100. Then, to implement interworking between non-Huawei devices and the Huawei device, you should configure the compatibility of ETypes of the tags carried in the QinQ packets sent by the devices of different vendors. Figure 5-4 Compatibility of ETypes in the outer TPIDs of QinQ packets
xxxx 0x9100
10
xxxx
xxxx 0x9100
100
0x9100
10
xxxx
GE1/0/1 RouterA SwitchA CX-B
Sub-interface for QinQ/Dot1q VLAN Tag Termination

Termination refers to identifying single or double tags of QinQ packets and then stripping one tag or double tags or sending the packets according to the subsequent forwarding operations. Termination is usually conducted on route sub-interfaces, that is, sub-interfaces for QinQ/dot1q VLAN tag termination. l A route sub-interface that terminates a single tag is called the sub-interface for dot1q VLAN tag termination.
Issue 01 (2011-05-30)
A route sub-interface that terminates double tags is called the sub-interface for QinQ VLAN tag termination.
Table 5-1 shows the differences among the VLANIF interface, dot1q sub-interface, subinterface for dot1q VLAN tag termination, and sub-interface for QinQ VLAN tag termination. Table 5-1 Differences among types of interfaces Interfa ce Type Description Supported Service VLL (CCC mode ) VLANI F interfac e You can run the interface vlanif command to create a VLANIF interface. A VLANIF interface is a Layer 3 logical interface, which can be configured with an IP address to communicate with devices at the network layer. You can run the vlan-type dot1q command to configure an Ethernet subinterface to be a dot1q subinterface. Not suppo rted Not suppor ted Suppor ted PWE3 VPLS L3V PN Difference
Supp orted
Dot1q subinterfac e
Suppo rted
Suppo rted
Suppor ted
Supp orted
l The dot1q sub-interface and sub-interface for dot1q VLAN tag termination have the same function. Their difference is that packets sent from the dot1q subinterface are encapsulated with only one VLAN tag; packets sent from the subinterface for dot1q VLAN tag termination can be encapsulated with multiple VLAN tags. l You can configure both sub-interfaces for dot1q VLAN tag termination and sub-interfaces for QinQ VLAN tag termination on the same main interface. In this manner, the same main interface can terminate both single-tagged packets and doubletagged packets. If a main interface is configured with QinQ VLAN tag termination, singletagged packets can be terminated only on subinterfaces for dot1q VLAN tag termination rather than on dot1q subinterfaces.
5-6
Issue 01 (2011-05-30)
Interfa ce Type
Description
Supported Service VLL (CCC mode ) PWE3 VPLS L3V PN
Difference
Subinterfac e for dot1q VLAN tag terminat ion Subinterfac e for QinQ VLAN tag terminat ion
You can run the dot1q termination vid command to configure a sub-interface to terminate single-tagged packets. You can run the qinq termination pe-vid cevid command to configure a sub-interface to terminate doubletagged packets.
Not suppo rted
Suppo rted
Suppor ted
Supp orted
Suppo rted
Suppo rted
Suppor ted
Supp orted
Table 5-2 and Table 5-3 show how interfaces of different types process VLAN tags carried in packets to be transmitted across a VPLS network. Table 5-2 Packet processing on the inbound interface Type of the Inbound Interface Procedure of Processing VLAN Tags Ethernet-encapsulated Packets Tags are stripped. Tags are stripped. VLAN-encapsulated Packets No action is performed. No action is performed. No action is performed. l No action is performed in symmetric mode. l Double tags are stripped in asymmetric mode and then a tag is added.
VLANIF interface Dot1q sub-interface
Sub-interface for dot1q Tags are stripped. VLAN tag termination Sub-interface for QinQ VLAN tag termination l Outer tags are stripped in symmetric mode. l Double tags are stripped in asymmetric mode.
Issue 01 (2011-05-30)
5-7
Table 5-3 Packet processing on the outbound interface Type of the Outbound Interface Procedure of Processing VLAN Tags Ethernet-encapsulated Packets l No action is performed by default. l A specific tag is added in trunk mode. Dot1q sub-interface A specific tag is added. VLAN-encapsulated Packets l The tag is stripped by default. l The tag is replaced in trunk mode. The tag is replaced. The tag is replaced. l Outer tags are replaced in symmetric mode. l One tag is stripped and double tags are added in asymmetric mode.
VLANIF interface
Sub-interface for dot1q A specific tag is added. VLAN tag termination Sub-interface for QinQ VLAN tag termination l Outer tags are added in symmetric mode. l Double tags are added in asymmetric mode.
Figure 5-5 Networking diagram of service deployment on the sub-interface for QinQ/dot1q VLAN tag termination
Set the interface mode to the user-termination mode
Create a sub-interface
Configure the sub-interface for dot1q VLAN tag termination
Configure the sub-interface for QinQ VLAN tag termination
Deploy services such as ARP, VRRP, L2VPN, and L3VPN services on the subinterface
The detailed implementation and function of the sub-interface for QinQ VLAN tag termination are related with the specific scenario. As shown in Figure 5-5, the sut-interface for QinQ/dot1q VLAN tag termination can be deployed with services listed in Table 5-4.
5-8
Issue 01 (2011-05-30)
Table 5-4 Services supported by the sut-interface for QinQ/dot1q VLAN tag termination Subinterface Type QinQ/Dot1q VLAN Tag Termination Supporte d Service Type IP Service Service Subtype ARP Proxy Description
The sub-interface for VLAN tag termination can connect different VLANs to the same network segment. If users on the same network segment belong to different VLANs, they cannot communicate with each other on the Layer 2 network unless the sub-interface for VLAN tag termination supports ARP proxy and thus implements IP forwarding. For details of proxy ARP, see the chapter "ARP" in the HUAWEI CX600 Feature Description - IP Services.
DHCP l DHCP Server l DHCP Relay
l The sub-interface for VLAN tag termination can be configured with the Dynamic Host Configuration Protocol (DHCP) server function to assign IP addresses to users. l The sub-interface for VLAN tag termination can be configured with the DHCP relay function to provide reference for the DHCP server to assign IP addresses and parameters by inserting tag information into Option82. For details of DHCP, see the chapter "DHCP" in the HUAWEI CX600 Feature Description IP Services.
VRRP
Users usually require communicating with certain networks at any time. In this case, The Virtual Router Redundancy Protocol (VRRP) running on the sub-interface for VLAN tag termination ensure a reliable communication and provides an active/standby mechanism for dot1q or QinQ users. For details of VRRP, see the chapter "VRRP" in the HUAWEI CX600 Feature Description Reliability.
Issue 01 (2011-05-30)
5-9
Subinterface Type
Supporte d Service Type Multicast Service
Service Subtype Layer 2 Multicast
Description
After being bound to a VSI and enabled with IGMP snooping, the sub-interface for QinQ/ dot1q VLAN tag termination can listen IGMP messages exchanged between the multicast device and hosts, and therefore can learn which interfaces have multicast receivers. In this case, multicast packets are transmitted on the Layer 2 network in multicast mode rather than broadcast mode, and consequently received only by members of the multicast group. For details of Layer 2 multicast, see the chapter "Layer 2 Multicast" in the HUAWEI CX600 Feature Description - IP Multicast.
Layer 3 Multicast
Multicast protocol packets with double tags are sent from the UPE to the upper network. After the sub-interface for QinQ or dot1q VLAN tag termination is configured on the UPE, the UPE creates the forwarding table and the routing table. When receiving multicast protocol packets from hosts, the UPE can identify the packets and correctly forward the packets. Based on the established multicast forwarding table, the UPE can replicate and deliver multicast packets correctly. In this section, Layer 3 multicast refers to IGMP. For details of IGMP, see the chapter "IGMP" in the HUAWEI CX600 Feature Description - IP Multicast.
VPN Service
L2VPN l PWE3/ VLL l VPLS
l The access of the sub-interface for QinQ/ dot1q VLAN tag termination to PWE3/ VLL means that the sub-interface for QinQ/ dot1q VLAN tag termination is configured with PWE3/VLL functions. l The support of VPLS by the sub-interface for QinQ/dot1q VLAN tag termination refers to configuring VPLS on the subinterface for VLAN tag termination. For details of L2VPN, see the chapter "PWE3", "VLL", and "VPLS" in the HUAWEI CX600 Feature Description - VPN.
5-10
Issue 01 (2011-05-30)
Subinterface Type
Supporte d Service Type
Service Subtype L3VPN
Description
The access of the sub-interface for QinQ/dot1q VLAN tag termination to L3VPN means that the sub-interface for QinQ/dot1q VLAN tag termination is configured with L3VPN functions. For details of L3VPN, see the chapter "BGP/ MPLS IP VPN" in the HUAWEI CX600 Feature Description - VPN.
QinQ termination subinterface
802.1p, DSCP Remark
After being terminated on the PE, the packet is sent to the ISP network. To ensure the completeness of the QoS information in the packet, the 802.1p values in outer and inner tags need to be mapped to the DSCP field. After being terminated on the PE, the packet is sent to the ISP MPLS network. To ensure the completeness of the QoS information in the packet, the 802.1p values in outer and inner tags need to be mapped to the EXP field.
802.1p, EXP (MPLS) Remark
NOTE
l Services that can be deployed on sub-interfaces for VLAN tag termination are not limited to those listed in Table 5-4. l For details of services that can be deployed on sub-interfaces for VLAN tag termination, see the chapter "QinQ" in the HUAWEI CX600 Feature Description - LAN Access and MAN Access.
Access to L2VPN Through the Sub-interface for QinQ Stacking

l Access to a PWE3/VLL Network Through the Sub-interface for QinQ Stacking VLL is a point-to-point L2VPN, which is not supported by the VLANIF interface. In this case, users can access the L2VPN only through a main interface. However, a physical interface is unable to access multiple users to the L2VPN at the same time. To solve the problem, you can configure the VLAN-based QinQ function at different sub-interfaces. In this scenario, CE-VLANs on both sides must be symmetrical. l Access to a VPLS Through the Sub-interface for QinQ Stacking When users access an ISP network in VPLS mode, you can enable packets from user VLANs to be transmitted transparently over ISP networks in the following two ways: Enable VLAN-based QinQ on the switched interface and bind the VLANIF interface to a VSI. Create a sub-interface on a routed interface and then configure VLAN stacking on the sub-interface.
Dynamic QinQ
A common sub-interface for QinQ termination can terminate a maximum of 16,000 doubletagged user packets. When the number of the user packets exceeds 16,000, you can use the
dynamic QinQ function. After that, the sub-interface for QinQ aggregation can terminate a maximum of 64,000 double-tagged user packets.
NOTE
After being configured with dynamic QinQ, the sub-interface for VLAN tag termination cannot support Virtual Leased Line (VLL), Pseudo Wire Emulation Edge-to-Edge (PWE3), Virtual Private LAN Service (VPLS), static ARP, and DHCP snooping static binding table.
Figure 5-6 Networking diagram for dynamic QinQ
DHCP Server GE1/0/0 100.1.1.2/24 DHCP Snooping Trusted enable DHCP Relay IP GE2/0/0 100.1.1.1/24
Untrusted GE1/0/0.1 QinQ termination 10.1.1.1/24 Dynamic QinQ IP GE2/0/0 IP 30 20 10 10
IP
20
GE
/1 1/ 0
Switch
GE 1
/0/
IP
30
DHCP Client1
DHCP Client2
As shown in Figure 5-6, the DHCP client is connected to the DHCP relay through two-hierarchy switches and requests a valid IP address from the DHCP server through the DHCP relay. Dynamic QinQ is configured on the sub-interface for VLAN tag termination on the client side of the DHCP relay to allocate VLAN tags to the login users. After ARP is associated with the DHCP binding table, when users log out abnormally after obtaining IP addresses, the system senses this failure automatically, and then deletes the binding relationship in the DHCP binding table and informs the DHCP server to release IP addresses and VLAN tags. In the case of interfaces configured with dynamic QinQ, usually it is users who send the ARP request actively to the gateway device; if ARP rigid learning is also configured on the device, all interfaces on the device learn the responses to the ARP requests that are actively sent by themselves instead of learning the requests sent by other devices. As a result, dynamic QinQ
interfaces on this device cannot learn ARP entries of users and then users fail to log in. To solve the problem, you can run the arp learning strict force-disable command on the interface configured with dynamic QinQ so that the interface can learn the ARP requests sent by users.
Sub-interfaces for QinQ VLAN Tag Termination Support URPF

Unicast Reverse Path Forwarding (URPF) is used to avoid source-address-spoofing attacks. After being configured with URPF, the sub-interface for QinQ VLAN tag can resist sourceaddress-spoofing attacks. A URPF-enabled sub-interface for QinQ VLAN tag termination resists source-address-spoofing attacks as follows: l l l Obtains the source address, the inner and outer VLAN tags, and the inbound interface of the packet. Takes the source address of the packet as the destination address and searches the forwarding table for the relevant outbound interface and the inner and outer VLAN tags. Compares the searching result and the obtained information of the packet. If they are inconsistent,sub-interface for QinQ VLAN tag termination regards the source address as spoofing and discards the packet.
In this way, hostile attacks by modifying the source address can be avoided. There are two URPF check modes: l l Loose URPF: A packet passes the URPF check if the relevant routing entry exists in the forwarding table. Strict URPF: A packet passes the URPF check only when the relevant routing entry exists in the forwarding table and the interface information matches.
NOTE
The sub-interface for QinQ VLAN tag termination on the CX600 supports only loose URPF.
Sub-interfaces for QinQ VLAN Tag Termination Support IPv6

Sub-interfaces for QinQ VLAN tag termination support IPv6 unicast and multicast, OSPFv3, IS-ISv6, BGP4+, RIPng, IPv6 BFD, IPv6 VRRP, dynamic QinQ of IPV6, and IPv6 loose and half-strict URPF. In addition, one sub-interface for QinQ VLAN tag termination can be bound to L3VPN_v4 and L3VPN_v6.
5.2 Configuring the QinQ Tunnel Function

This section describes how to configure a QinQ Layer 2 tunnel. Thus, packets with double tags can be transmitted. In addition, the EthType in the outer tag can be flexibly configured. 5.2.1 Establishing the Configuration Task Before configuring a QinQ Layer 2 tunnel, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately. 5.2.2 Creating the Outer VLAN Tag for a Layer 2 Interface After a Layer 2 interface is configured with selective QinQ, different outer tags can be added to packets and the EthType in QinQ tags can be flexibly configured.
5.2.3 Configuring QinQ for a Layer 2 Interface After a Layer 2 interface is configured with selective QinQ, the interface adds a public VLAN tag to the user packet that carries a private VLAN tag so that the user packet can be forwarded on the public network. 5.2.4 (Optional) Configuring the Protocol Type for the Outer Tag To implement interworking between devices of different vendors, in the case that QinQ is configured, devices of different vendors use 0x8100 as the value of the EType in the inner TPID but use different values as the values of EType in the outer TPID. In addition, the protocol type of the outer tag need be configured. 5.2.5 (Optional) Configuring the Protocol Type for the InnerTag To enable devices of different manufacturers to communicate, you can configure the type of Ethernet encapsulation for the inner tag of a double-tagged packet. 5.2.6 Checking the Configuration After a Layer 2 QinQ tunnel is successfully configured, you can view whether the VLAN is enabled with the broadcast function, VLAN status, whether address learning is enabled, and whether the configured Layer 2 QinQ tunnel interface is a QinQ stack interface.

Before configuring a QinQ Layer 2 tunnel, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
When multiple VLANs are required, the QinQ tunnel need be configured. You can add the outer tag to the VLAN so that the range of available number of VLANs is widen; thus, the number of VLANs is no longer insufficient.
Pre-configuration Task
Before configuring the QinQ tunnel, complete the following tasks: l l Ensuring that the device is powered on correctly and operates properly Configuring basic attributes of the Ethernet interface
Data Preparation
To configure the QinQ tunnel, you need the following data. No. 1 2 Data Interface number of the QinQ tunnel ID of the outer VLAN tag
5.2.2 Creating the Outer VLAN Tag for a Layer 2 Interface

After a Layer 2 interface is configured with selective QinQ, different outer tags can be added to packets and the EthType in QinQ tags can be flexibly configured.
Procedure
Step 1 Run:
system-view

vlan vlan-id
A VLAN is created and its view is displayed. The VLAN ID refers to the value of the outer tag specified in the QinQ tunnel function. The VLAN ID ranges from 1 to 4094. ----End
5.2.3 Configuring QinQ for a Layer 2 Interface

After a Layer 2 interface is configured with selective QinQ, the interface adds a public VLAN tag to the user packet that carries a private VLAN tag so that the user packet can be forwarded on the public network.
Procedure
Step 1 Run:
system-view

The view of the Ethernet interface that need be configured with the QinQ tunnel is displayed. Step 3 (Optional) Run:
portswitch
The interface is configured as a Layer 2 interface. If the interface is a Layer 2 interface, this step is unnecessary. Step 4 Run:
port link-type dot1q-tunnel
The interface type is configured as a QinQ interface. Step 5 Run:

port default vlan vlan-id
The outer tag is configured; namely, the default VLAN ID of the interface is configured.
NOTE
The outer tag value should be the same as the VLAN ID created in Creating the Outer VLAN Tag for a Layer 2 Interface.
----End
5.2.4 (Optional) Configuring the Protocol Type for the Outer Tag
To implement interworking between devices of different vendors, in the case that QinQ is configured, devices of different vendors use 0x8100 as the value of the EType in the inner TPID but use different values as the values of EType in the outer TPID. In addition, the protocol type of the outer tag need be configured.
Procedure
Step 1 Run:
system-view

The view of the Ethernet interface that need be configured with the QinQ tunnel is displayed. Step 3 Run:
qinq protocol ethertype-value
The protocol type of the outer tag is configured. l IEEE 802.1ad defines the value of the EType field in the outer TPID to 0x88a8. l The value of ethertype-value ranges from 0x0600 to 0xFFFF, and the default value is 0x8100.
NOTE
qinq protocol is applicable to only the packets with double tags.
----End
5.2.5 (Optional) Configuring the Protocol Type for the InnerTag

To enable devices of different manufacturers to communicate, you can configure the type of Ethernet encapsulation for the inner tag of a double-tagged packet. Do as follows on the device where the type of Ethernet encapsulation for the inner tag of a double-tagged packet needs to be configured.
Procedure
Step 1 Run:
system-view

The view of the Ethernet interface or Eth-Trunk interface where the type of Ethernet encapsulation for the inner tag of a double-tagged packet needs to be configured is displayed. Step 3 Run:
qinq protocol ce-ethtype ce-ethtype
The specified type of Ethernet encapsulation for the inner tag of a packet is configured.
The value of ce-ethtype ranges from 0x0600 to 0xFFFF, and the default value is 0x8100. ----End

After a Layer 2 QinQ tunnel is successfully configured, you can view whether the VLAN is enabled with the broadcast function, VLAN status, whether address learning is enabled, and whether the configured Layer 2 QinQ tunnel interface is a QinQ stack interface.
Prerequisite
The configurations of the QinQ tunnel function are complete.
Procedure
l l Run the display vlan [ vlan-id [ verbose ] ] command to check VLAN information. Run the display bpdu-tunnel interface config command to check the EthType encapsulation value of the outer tag of the interface.
----End
Example
Running the display vlan command, you can view whether broadcast, VLAN status, and address learning are enabled and view whether the interface configured with the QinQ tunnel function is an untagged interface. For example:
<HUAWEI> display vlan 10 verbose VLAN ID : 10 VLAN Type : Common Description : VLAN 0010 Status : Enable Broadcast : Enable MAC learning : Enable Statistics : Disable ---------------Untagged Port: GigabitEthernet1/0/0
Running the display bpdu-tunnel interface config command, you can view the configuration of TPID. For example:
<HUAWEI> system-view [HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] display bpdu-tunnel interface config BpduDot1qStatus disable BpduOneQStatus disable BpduTwoQStatus disable EtherType 9100 Dot1qVlan TwoQList
5.3 Configuring Selective QinQ on a Layer 2 Interface

This section describes how to configure Layer 2 selective QinQ. Thus, a packet with different outer VLAN tags can be transmitted and the EthType in the outer VLAN tag can be flexibly configured.
Issue 01 (2011-05-30)
5-17
5.3.1 Establishing the Configuration Task Before configuring Layer 2 selective QinQ, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately. 5.3.2 Creating the Outer VLAN Tag for a Layer 2 Interface After a Layer 2 interface is configured with selective QinQ, different outer tags can be added to packets and the EthType in QinQ tags can be flexibly configured. 5.3.3 Configuring Selective QinQ on a Layer 2 Interface After selective QinQ is configured on a Layer 2 interface, the interface adds a public VLAN tag to the user packet that carries a private VLAN tag so that the user packet can be forwarded on the public network. 5.3.4 (Optional) Configuring the Protocol Type for the Outer Tag To implement interworking between devices of different vendors, in the case that QinQ is configured, devices of different vendors use 0x8100 as the value of the EType in the inner TPID but use different values as the values of EType in the outer TPID. In addition, the protocol type of the outer tag need be configured. 5.3.5 (Optional) Configuring the Protocol Type for the InnerTag To enable devices of different manufacturers to communicate, you can configure the type of Ethernet encapsulation for the inner tag of a double-tagged packet. 5.3.6 Checking the Configuration After Layer 2 selective QinQ is successfully configured, you can view whether the VLAN is enabled with the broadcast function, VLAN status, whether address learning is enabled, and whether the interface configured with the QinQ Layer 2 tunnel is a QinQ stack interface.

Before configuring Layer 2 selective QinQ, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
Layer 2 selective QinQ is an extension of the QinQ tunnel. Layer 2 selective QinQ is more flexible than the QinQ tunnel. The major difference is as follows: l l QinQ tunnel It attaches the same outer tag to all the frames entering the Layer 2 QinQ interface. Selective QinQ on the Layer 2 interface It can attach different outer tags to the frames entering the Layer 2 QinQ interface according to different inner tags.
Before configuring selective QinQ on a Layer 2 interface, complete the following tasks: l l
5-18
Ensuring that the device is powered on correctly and operates properly. Configuring basic attributes of the Ethernet interface.
Data Preparation
To configure selective QinQ on a Layer 2 interface, you need the following data. No. 1 2 3 Data ID of the outer VLAN tag Interface number of the selective QinQ on the Layer 2 interface, ID of the inner VLAN tag (Optional) The protocol type for the outer tag
5.3.2 Creating the Outer VLAN Tag for a Layer 2 Interface

After a Layer 2 interface is configured with selective QinQ, different outer tags can be added to packets and the EthType in QinQ tags can be flexibly configured.
Procedure
Step 1 Run:
system-view

vlan vlan-id
A VLAN is created and its view is displayed. The VLAN ID refers to the value of the outer tag specified in the QinQ tunnel function. The VLAN ID ranges from 1 to 4094. ----End
5.3.3 Configuring Selective QinQ on a Layer 2 Interface

After selective QinQ is configured on a Layer 2 interface, the interface adds a public VLAN tag to the user packet that carries a private VLAN tag so that the user packet can be forwarded on the public network.
Procedure
Step 1 Run:
system-view

The view of the Ethernet interface that need be configured with the Layer 2 selective QinQ is displayed.
Step 3 (Optional) Run:

portswitch
The interface is configured as a Layer 2 interface. If the interface is a Layer 2 interface, this step is unnecessary. Step 4 Run:
port vlan-stacking vlan vlan-id1 [ to vlan-id2 ] stack-vlan vlan-id3
The interface type is configured as a Layer 2 selective QinQ interface. l In this step, vlan-id1 and vlan-id2 specify the range of the inner tag of the frame received by the interface; vlan-id3 is the value of the outer tag attached to the frame by the interface. ----End
5.3.4 (Optional) Configuring the Protocol Type for the Outer Tag
To implement interworking between devices of different vendors, in the case that QinQ is configured, devices of different vendors use 0x8100 as the value of the EType in the inner TPID but use different values as the values of EType in the outer TPID. In addition, the protocol type of the outer tag need be configured.
Procedure
Step 1 Run:
system-view

The view of the Ethernet interface that need be configured with the QinQ tunnel is displayed. Step 3 Run:
qinq protocol ethertype-value
The protocol type of the outer tag is configured. l IEEE 802.1ad defines the value of the EType field in the outer TPID to 0x88a8. l The value of ethertype-value ranges from 0x0600 to 0xFFFF, and the default value is 0x8100.
NOTE
qinq protocol is applicable to only the packets with double tags.
----End
5.3.5 (Optional) Configuring the Protocol Type for the InnerTag

To enable devices of different manufacturers to communicate, you can configure the type of Ethernet encapsulation for the inner tag of a double-tagged packet. Do as follows on the device where the type of Ethernet encapsulation for the inner tag of a double-tagged packet needs to be configured.
Procedure
Step 1 Run:
system-view

The view of the Ethernet interface or Eth-Trunk interface where the type of Ethernet encapsulation for the inner tag of a double-tagged packet needs to be configured is displayed. Step 3 Run:
qinq protocol ce-ethtype ce-ethtype
The specified type of Ethernet encapsulation for the inner tag of a packet is configured. The value of ce-ethtype ranges from 0x0600 to 0xFFFF, and the default value is 0x8100. ----End

After Layer 2 selective QinQ is successfully configured, you can view whether the VLAN is enabled with the broadcast function, VLAN status, whether address learning is enabled, and whether the interface configured with the QinQ Layer 2 tunnel is a QinQ stack interface.
Prerequisite
The configurations of selective QinQ on a layer 2 interface are complete.
Procedure
l l Run the display vlan [ vlan-id [ verbose ] ] command to check VLAN information. Run the display bpdu-tunnel interface config command to check the EthType encapsulation value of the outer tag of the interface.
----End
Example
Run the display vlan command, and you can view whether broadcast, VLAN status, and address learning are enabled and view whether the interface configured with the QinQ tunnel is a QinQ stack interface. For example:
<HUAWEI> display vlan 10 verbose VLAN ID : 10 VLAN Type : Common Description : VLAN 0010 Status : Enable Broadcast : Enable MAC learning : Enable Statistics : Disable ---------------QinQ-stack Port: GigabitEthernet1/0/0
Running the display bpdu-tunnel interface config command, you can view the configuration of TPID. For example:
Issue 01 (2011-05-30)
5-21
[HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] display bpdu-tunnel interface config BpduDot1qStatus disable BpduOneQStatus disable BpduTwoQStatus disable EtherType 9100 Dot1qVlan TwoQList
5.4 Configuring the Sub-interface for VLAN Tag Termination to Access the IP Service
IP services include proxy ARP, DHCP, and VRRP services. You can deploy IP services on subinterfaces for VLAN tag termination to enable the interworking between users in different VLANs, thus ensuring reliable, stable, and uninterrupted connections between the users and the network. 5.4.1 Establishing the Configuration Task Before configuring the sub-interface for VLAN tag termination to access the IP service, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This helps you complete the configuration task quickly and accurately. 5.4.2 Configuring the Interface Mode as the User-Termination Mode You can run the dot1q-related or QinQ-related command on the sub-interface only when the interface works in user-termination mode. 5.4.3 Configuring the Sub-interface for dot1q VLAN Tag Termination The sub-interface that terminates a single tag is called the sub-interface for dot1q VLAN tag termination. 5.4.4 Configuring the Sub-interface for QinQ VLAN Tag Termination If the route sub-interface that terminates double tags is called a sub-interface for QinQ VLAN tag termination. 5.4.5 Configuring the IP Service After the sub-interface for VLAN tag termination is successfully configured, you need to configure an IP service. In this manner, the user can access the IP service through the subinterface for VLAN tag termination. 5.4.6 Checking the Configuration After successfully configuring the sub-interface for VLAN tag termination to access the IP service, you can view detailed configurations on the sub-interface for VLAN tag termination.

Before configuring the sub-interface for VLAN tag termination to access the IP service, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This helps you complete the configuration task quickly and accurately.
IP services are classified into the following types: l Proxy ARP The sub-interface for VLAN tag termination can connect different VLANs to the same network segment. If users on the same network segment belong to different VLANs, they
cannot communicate with each other on the Layer 2 network unless the sub-interface for VLAN tag termination supports ARP proxy and thus implements IP forwarding. l DHCP The sub-interface for VLAN tag termination can be configured with the Dynamic Host Configuration Protocol (DHCP) server function to assign IP addresses to users. The sub-interface for VLAN tag termination can be configured with the DHCP relay function to provide reference for the DHCP server to assign IP addresses and parameters by inserting tag information into Option82. l VRRP Users usually require communicating with certain networks at any time. In this case, The Virtual Router Redundancy Protocol (VRRP) running on the sub-interface for VLAN tag termination ensure a reliable communication and provides an active/standby mechanism for dot1q or QinQ users.
NOTE
Proxy ARP, DHCP, and VRRP are different types of IP services, you can deploy one of them on the subinterface for VLAN tag termination as required.
Before configuring the sub-interface for VLAN tag termination to access the IP service, complete the following tasks: l l Ensuring that devices are connected correctly Configuring the correct VLANs of users to enable the packets received by the sub-interface for VLAN tag termination to carry one or double tags
Data Preparation
To configure the sub-interface for VLAN tag termination to access the IP service, you need the following data. No. 1 2 3 4 5 6 7 Data Control VLAN ID of the termination sub-interface Range of the termination tag of the interface Group number of the VRRP backup group and the virtual IP address Priorities of the CX devices in the backup group Preemption mode IP addresses that are forbidden to assign Number of the address pool
Issue 01 (2011-05-30)
5-23
5.4.2 Configuring the Interface Mode as the User-Termination Mode

You can run the dot1q-related or QinQ-related command on the sub-interface only when the interface works in user-termination mode.
Procedure
Step 1 Run:
system-view

The view of the Ethernet interface receiving user packets is displayed. Step 3 Run:
mode user-termination
The mode of the Ethernet interface is configured as user-termination mode. When this command is run on the main interface, ensure that no sub-interface is configured under this main interface. ----End
5.4.3 Configuring the Sub-interface for dot1q VLAN Tag Termination

The sub-interface that terminates a single tag is called the sub-interface for dot1q VLAN tag termination.
Procedure
Step 1 Run:
system-view

interface interface-type interface-number.subinterface-number
The Ethernet sub-interface view or the Eth-Trunk sub-interface view is displayed. Step 3 Run:
control-vid vid dot1q-termination [ rt-protocol ]
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with one tag. Step 4 (Optional) Create a user VLAN group. 1.
5-24
Run the vlan-group group-id command to create a user VLAN group.

2.
Run the quit command to return to the Ethernet sub-interface view or the Eth-Trunk subinterface view.
The purpose of configuring the VLAN group for the users is to apply different QoS policies to different VLAN groups. Step 5 Run:
dot1q termination vid low-pe-vid [ to high-pe-vid ] [ vlan-group group-id ]
The VLAN tag termination function is configured for the dotlq sub-interface. ----End
5.4.4 Configuring the Sub-interface for QinQ VLAN Tag Termination

If the route sub-interface that terminates double tags is called a sub-interface for QinQ VLAN tag termination.
Procedure
Step 1 Run:
system-view

control-vid vid qinq-termination [ local-switch | [ rt-protocol | dynamic ]
*
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with double tags. Step 4 (Optional) Create a user VLAN group. 1. 2. Run the vlan-group group-id command to create a user VLAN group. Run the quit command to return to the Ethernet sub-interface view or the Eth-Trunk subinterface view.
qinq termination pe-vid pe-vid [ to high-pe-vid ] ce-vid { low-ce-vid [ to high-cevid ] | any } [ vlan-group group-id ]
The sub-interface for VLAN tag termination is configured. ----End
5.4.5 Configuring the IP Service

After the sub-interface for VLAN tag termination is successfully configured, you need to configure an IP service. In this manner, the user can access the IP service through the subinterface for VLAN tag termination.
Procedure
Step 1 Run:
system-view

The view of the sub-interface for VLAN tag termination is displayed. Step 3 Configure the IP service. Deploy one of the following services as required: l Proxy ARP Configure proxy ARP on the device. For detailed configuration, see the chapter "ARP Configuration" in the HUAWEI CX600 Metro Services Platform Configuration Guide - IP Services. Enabling or disabling the ARP broadcast on the sub-interface makes the route status change from Down to Up on the sub-interface. This may lead to route flapping on the entire network, and even affect the running services. l DHCP Configure DHCP on the device. For detailed configuration, see the chapter "DHCP Configuration" in the HUAWEI CX600 Metro Services Platform Configuration Guide - IP Services. On a rather large network, if the PCs are connected to a CX device through other devices instead of being directly connected to the CX device through Ethernet interfaces, the DHCP server based on a global address pool needs to be configured so that the PCs can dynamically obtain IP addresses from the CX device. If a local network does not have a DHCP server, the DHCP relay function can be enabled on the CX device. In this manner, the DHCP Request packet from the client can be transmitted to the DHCP server through the DHCP relay. l VRRP Configure VRRP on the device. For detailed configuration, see the chapter "VRRP Configuration" in the HUAWEI CX600 Metro Services Platform Configuration Guide Reliability.
NOTE
When configuring VRRP and static ARP on the dot1q termination sub-interface, QinQ termination subinterface, or VLANIF interface at the same time, note the following: l Do not configure the IP address mapping to the static ARP entry on the interface as the VRRP virtual address. l Do not configure the virtual address of the VRRP backup group where the interface resides as the IP address mapping to the static ARP entry on the interface. Otherwise, incorrect host routes are generated. This affects packet forwarding between devices.
----End

After successfully configuring the sub-interface for VLAN tag termination to access the IP service, you can view detailed configurations on the sub-interface for VLAN tag termination.
Prerequisite
The configurations of the sub-interface for VLAN tag termination to access the IP service are complete.
Procedure
l Run the display dot1q information termination [ interface interface-type interfacenumber [.subinterface-number ] ] command to check information about the sub-interface for dot1q VLAN tag termination. Run the display qinq information { termination | stacking | mapping } [ interface interface-type interface-number [.subinterface-number ] ] command to check information about the sub-interface for QinQ VLAN tag termination.
----End
Example
Run the display dot1q information termination on the PE, and you can view information about the sub-interface for dot1q VLAN tag termination. For example:
<HUAWEI> display dot1q information termination interface gigabitethernet 2/0/0 GigabitEthernet2/0/0.1 Total QinQ Num: 1 dot1q termination vid 10 to 20 vlan-group 1 Total vlan-group Num: 1 vlan-group Num:1 control-vid 1 dot1q-termination
Run the display qinq information termination command on the PE, and you can view information about the sub-interface for QinQ VLAN tag termination. For example:
<HUAWEI> display qinq information termination interface gigabitethernet 2/0/0 GigabitEthernet2/0/0.1 Total QinQ Num: 1 qinq termination pe-vid 1000 ce-vid 100 to 200 vlan-group 1 Total vlan-group Num: 1 vlan-group 1 control-vid 1 qinq-termination
5.5 Configuring the Sub-interface for VLAN Tag Termination to Access the Multicast Service
With the wide use of multicast services on the Internet, you need to deploy sub-interfaces for QinQ/dot1q VLAN tag termination to process the user packets carrying a single tag or double tags for multicast services. In this manner, the UPE can maintain information about the outbound interface of multicast packets according to the established multicast forwarding table to ensure the normal communications between hosts and the multicast source. 5.5.1 Establishing the Configuration Task Before configuring the sub-interface for VLAN tag termination to access the multicast service, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This helps you complete the configuration task quickly and accurately. 5.5.2 Configuring the Interface Mode as the User-Termination Mode You can run the dot1q-related or QinQ-related command on the sub-interface only when the interface works in user-termination mode. 5.5.3 Configuring the Sub-interface for dot1q VLAN Tag Termination
The sub-interface that terminates a single tag is called the sub-interface for dot1q VLAN tag termination. 5.5.4 Configuring the Sub-interface for QinQ VLAN Tag Termination If the route sub-interface that terminates double tags is called a sub-interface for QinQ VLAN tag termination. 5.5.5 Configuring the Multicast Service After the sub-interface for VLAN tag termination is successfully configured, you need to configure the multicast service. In this manner, users can communicate with the multicast source. 5.5.6 Checking the Configuration After successfully configuring the sub-interface for VLAN tag termination to access the multicast service, you can view detailed configurations on the sub-interface for VLAN tag termination.

Before configuring the sub-interface for VLAN tag termination to access the multicast service, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This helps you complete the configuration task quickly and accurately.
Multicast services are classified into the following types: l Layer 2 multicast After being bound to a VSI and enabled with IGMP snooping, the sub-interface for QinQ/ dot1q VLAN tag termination can listen IGMP messages exchanged between the multicast device and hosts, and therefore can learn which interfaces have multicast receivers. In this case, multicast packets are transmitted on the Layer 2 network in multicast mode rather than broadcast mode, and consequently received only by members of the multicast group. l Layer 3 multicast Multicast protocol packets with double tags are sent from the UPE to the upper network. After the sub-interface for QinQ or dot1q VLAN tag termination is configured on the UPE, the UPE creates the forwarding table and the routing table. When receiving multicast protocol packets from hosts, the UPE can identify the packets and correctly forward the packets. Based on the established multicast forwarding table, the UPE can replicate and deliver multicast packets correctly. Here, Layer 3 multicast mainly refers to IGMP.
Before configuring the sub-interface for VLAN tag termination to access the multicast service, complete the following tasks: l l Ensuring that devices are correctly connected and that the physical interfaces of each device are in the Up state. Configuring the correct VLANs of users to enable the packets received by the sub-interface for VLAN tag termination to carry one or double tags
5-28
Issue 01 (2011-05-30)
Data Preparation
To configure the sub-interface for VLAN tag termination to access the multicast service, you need the following data. No. 1 2 3 4 5 Data Control VLAN ID of the termination sub-interface Range of the termination tag of the interface IGMP version Multicast group address and multicast source address (Optional) ACL rules for the filtering based on multicast group addresses

Procedure
Step 1 Run:
system-view


Issue 01 (2011-05-30)
5-29
Procedure
Step 1 Run:
system-view

The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with one tag. Step 4 (Optional) Create a user VLAN group. 1. 2. Run the vlan-group group-id command to create a user VLAN group. Run the quit command to return to the Ethernet sub-interface view or the Eth-Trunk subinterface view.

Procedure
Step 1 Run:
system-view

*
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with double tags.
Step 4 (Optional) Create a user VLAN group. 1. 2. Run the vlan-group group-id command to create a user VLAN group. Run the quit command to return to the Ethernet sub-interface view or the Eth-Trunk subinterface view.
5.5.5 Configuring the Multicast Service

After the sub-interface for VLAN tag termination is successfully configured, you need to configure the multicast service. In this manner, users can communicate with the multicast source.
Procedure
Step 1 Run:
system-view

The view of the sub-interface for VLAN tag termination is displayed. Step 3 Configure the multicast service. Deploy one of the following services as required: l Configure Layer 2 multicast. For detailed information, see the chapter "Layer 2 Multicast Configuration" in the HUAWEI CX600 Metro Services Platform Configuration Guide - IP Multicast. Before configuring Layer 2 multicast, ensure that a VSI has been successfully set up and the sub-interface for VLAN tag termination has been bound to the VSI; otherwise, Layer 2 multicast cannot be successfully configured. l Configure Layer 3 multicast. For detailed information, see the chapter "IGMP Configuration" in the HUAWEI CX600 Metro Services Platform Configuration Guide - IP Multicast.
WARNING
Ensure that all IGMP device interfaces in the same network segment are configured with the same IGMP version. Otherwise, a fault occurs. ----End

After successfully configuring the sub-interface for VLAN tag termination to access the multicast service, you can view detailed configurations on the sub-interface for VLAN tag termination.
Prerequisite
The configurations of the sub-interface for VLAN tag termination to access the multicast service are complete.
Procedure
l Run the display dot1q information termination [ interface interface-type interfacenumber [.subinterface-number ] ] command to check information about the sub-interface for dot1q VLAN tag termination. Run the display qinq information { termination | stacking | mapping } [ interface interface-type interface-number [.subinterface-number ] ] command to check information about the sub-interface for QinQ VLAN tag termination. Run the display igmp-snooping querier { vsi vsi-name | vlan vlan-id } command to check whether the IGMP querier is configured successfully. Run the display igmp-snooping router-port { vsi vsi-name | vlan vlan-id } command to check information about static router ports. Run the display igmp-snooping port-info [ { vlan vlan-id | vsi vsi-name | slot slot-id } [ group-address group-address ] ] [ verbose ] command to check information about Layer 2 multicast ports on the CX device. Run the display igmp [ vpn-instance vpn-instance-name | all-instance ] interface [ interface-type interface-number ] [ verbose ] command to check the configuration and running of IGMP on an interface. Run the display igmp [ vpn-instance vpn-instance-name | all-instance ] group [ groupaddress | interface interface-type interface-number ] [ verbose ]command to check information about the members of an IGMP multicast group.
l l l
----End
Example
5-32
Issue 01 (2011-05-30)
After the sub-interface for VLAN tag termination is successfully configured to access Layer 2 multicast: l Run the display igmp-snooping querier vsi command. You can check whether the querier is configured successfully. If the Enable state is displayed as shown in the following output, it indicates that the querier is enabled for VSI v123. For example:
<HUAWEI> display igmp-snooping querier vsi v123 VSI Querier-state ----------------------------------------------v123 Enable -----------------------------------------------
Run the display igmp-snooping router-port vsi on PE1. You can check whether the configuration of the static router port succeeds. If STATIC is displayed as shown in the following output, it indicates that GE 1/0/0 is already configured as a static router port in VSI V123. For example:
<HUAWEI> display igmp-snooping router-port vsi v123 Port Name UpTime Expires Flags --------------------------------------------------------------------VSI v123, 1 router-port(s) GE1/0/1.1 00:01:48 -STATIC
Run the display igmp-snooping port-info command, You can check information about Layer 2 multicast ports on the CX device, including SSM Mapping ports, static member ports, and dynamic member ports.
<HUAWEI> display igmp-snooping port-info ----------------------------------------------------------------------(Source, Group) Port Flag ----------------------------------------------------------------------VSI v123, 1 Entry(s) (1.1.1.1, 234.1.1.1) GE1/0/0.2(PE:20/CE:100) -D1 port(s) ----------------------------------------------------------------------<HUAWEI> display igmp-snooping port-info slot 1 ----------------------------------------------------------------------(Source, Group) Port Flag ----------------------------------------------------------------------VSI v123, 1 Entry(s) (1.1.1.1, 234.1.1.1) P-GE1/1/0.2(PE:20/CE:100) -D1 port(s) include -----------------------------------------------------------------------
After the sub-interface for VLAN tag termination is successfully configured to access Layer 3 multicast: l Run the display igmp group command. You can view information about multicast groups. For example:
<PE1> display igmp group Interface group report information of VPN-Instance: public net GigabitGigabitethernet1/0/1.1(1.1.1.9): Total 1 IGMP Group reported Group Address Last Reporter Uptime Expires 226.0.0.1 192.168.0.1 00:00:03 00:02:07
5.6 Configuring the Sub-interface for VLAN Tag Termination to Access the VPN Service
VPN services are classified into L2VPN services and L3VPN services. You can configure subinterfaces for VLAN tag termination on PEs to access VPNs to enable the interworking between CEs and users.
5.6.1 Establishing the Configuration Task Before configuring the sub-interface for VLAN tag termination to access the VPN service, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This helps you complete the configuration task quickly and accurately. 5.6.2 Configuring the Interface Mode as the User-Termination Mode You can run the dot1q-related or QinQ-related command on the sub-interface only when the interface works in user-termination mode. 5.6.3 Configuring the Sub-interface for dot1q VLAN Tag Termination The sub-interface that terminates a single tag is called the sub-interface for dot1q VLAN tag termination. 5.6.4 Configuring the Sub-interface for QinQ VLAN Tag Termination If the route sub-interface that terminates double tags is called a sub-interface for QinQ VLAN tag termination. 5.6.5 Configuring the VPN Service After successfully configuring the sub-interface for VLAN tag termination, you need to configure the VPN service. In this manner, users can communicate with each over an L2VPN or an L3VPN. 5.6.6 Checking the Configuration After successfully configuring the sub-interface for VLAN tag termination to access the VPN service, you can view detailed configurations on the sub-interface for VLAN tag termination.

Before configuring the sub-interface for VLAN tag termination to access the VPN service, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This helps you complete the configuration task quickly and accurately.
VPN services are classified into the following types: l L2VPN PWE3/VLL The access of the sub-interface for QinQ/dot1q VLAN tag termination to PWE3/VLL means that the sub-interface for QinQ/dot1q VLAN tag termination is configured with PWE3/VLL functions. VPLS The support of VPLS by the sub-interface for QinQ/dot1q VLAN tag termination refers to configuring VPLS on the sub-interface for VLAN tag termination. l L3VPN The access of the sub-interface for QinQ/dot1q VLAN tag termination to L3VPN means that the sub-interface for QinQ/dot1q VLAN tag termination is configured with L3VPN functions.
5-34
Issue 01 (2011-05-30)
NOTE
When a sub-interface for dot1q VLAN tag termination accesses user services, if it is required to differentiate the service types, you can deploy VLAN + 8021.p/DSCP/EthType on the device configured with the subinterface. l Services can be differentiated according to the 8021.p/DSCP priority or the EthType. Services are mapped to different VSIs according to their 8021.p/DSCP/EthType values, and then transmitted to the peer. l Services can be differentiated according to the 8021.p priority or the DSCP priority. Services are mapped to different VSIs according to their 8021.p or DSCP priorities, and then transmitted to the peer.
Before configuring the sub-interface for VLAN tag termination to access the VPN service, complete the following tasks: l l Ensuring that devices are correctly connected and that the physical interfaces of each device are in the Up state Configuring the correct VLANs of users to enable the packets received by the sub-interface for VLAN tag termination to carry one or double tags
Data Preparation
To configure the sub-interface for VLAN tag termination to access the VPN service, you need the following data. No. 1 2 3 4 5 6 7 8 Data Control VLAN ID of the termination sub-interface Range of the termination tag of the interface IP address of the interface The VC IDs of two PW ends (The two IDs must be the same), VSI names, MPLS LSR-ID The L2VC IDs of two PW ends (The two IDs must be the same), MPLS LSR-ID Name of the VPN instances RD and VPN target of the VPN instances 802.1p priorities, DSCP values, or EthType values

Issue 01 (2011-05-30)
5-35
Procedure
Step 1 Run:
system-view


Procedure
Step 1 Run:
system-view

The purpose of configuring the VLAN group for the users is to apply different QoS policies to different VLAN groups. Step 5 Run the following command as required. l Run:
5-36
Issue 01 (2011-05-30)
The VLAN tag termination function is configured for the dotlq sub-interface. l Run:
dot1q termination vid low-pe-vid [ to high-pe-vid ] { 8021p { 8021p-value1 [ to 8021p-value2 ] } &<1-10> | dscp { dscp-value1 [ to dscp-value2 ] } &<1-10> | eth-type eth-type-value | default } [ vlan-group group-id ]
The VLAN tag termination function and VLAN+802.1p/DSCP/EthType are configured for the dotlq sub-interface.
NOTE
l When you run the dot1q termination vid low-pe-vid [ to high-pe-vid ] [vlan-group group-id ] command on a sub-interface without specifying 8021p-value, dscp-value, or eth-type-value, it indicates that the VLAN range is exclusively occupied by the sub-interface and thus any VLAN within this range cannot be used in VLAN+802.1p/DSCP on other sub-interfaces. l eth-type eth-type-value specifies the EthType. Currently, the EthType can be PPPoE or IPoE only. To configure a sub-interface to process IPoE packets, you need to configure default when running the dot1q termination vid low-pe-vid [ to high-pe-vid ] default.

arp broadcast enable
The ARP broadcast of the sub-interface for VLAN tag termination is enabled.
NOTE
This configuration takes effect only when a sub-interface for QinQ VLAN tag termination accesses an L3VPN. So, after configuring a sub-interface for QinQ VLAN tag termination to access an L3VPN, you must enable the ARP broadcast function on the sub-interface.
Enabling or disabling the ARP broadcast on the sub-interface makes the route status change from Down to Up on the sub-interface. This may lead to route flapping on the entire network, and even affect the running services. ----End

Procedure
Step 1 Run:
system-view

*
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with double tags.

qinq termination l2 { symmetry | asymmetry }
The attributes of the sub-interface for QinQ VLAN tag termination are set.
NOTE
This configuration takes effect only when a sub-interface for QinQ VLAN tag termination accesses an L2VPN. So, after configuring a sub-interface for QinQ VLAN tag termination, you must configure the attributes of the sub-interface.
Sub-interfaces for QinQ termination access an L2VPN in symmetrical mode or in asymmetrical mode. User packets access an L2VPN in different modes. PEs process these packets in the ways described in the following tables. Table 5-5 Packet processing on the inbound interface Type of the Inbound Interface Symmetrical Asymmetrical VLL/PWE3/VPLS Ethernet Encapsulation Strips the outer tag. Strips the double tags. VLAN Encapsulation Reserves the double tags, and no action is required. Strips two tag and then adds one tags.
Table 5-6 Packet processing on the outbound interface Type of the Outbound Interface Symmetrical Asymmetrical VLL/PWE3/VPLS Ethernet Encapsulation Adds the outer tag. Adds double tags. VLAN Encapsulation Replaces the outer tag. Strips one tag and then adds double tags
Step 5 (Optional) Create a user VLAN group. 1. 2. Run the vlan-group group-id command to create a user VLAN group. Run the quit command to return to the Ethernet sub-interface view or the Eth-Trunk subinterface view.

5.6.5 Configuring the VPN Service

After successfully configuring the sub-interface for VLAN tag termination, you need to configure the VPN service. In this manner, users can communicate with each over an L2VPN or an L3VPN. Do as follows on the device that supports VPN services:
Procedure
Step 1 Run:
system-view

The view of the sub-interface for VLAN tag termination is displayed. Step 3 Configure the VPN service. Deploy one of the following services as required: l L2VPN For detailed information, see the chapters "VLL Configuration", "PWE3 Configuration", and "VPLS Configuration" in the HUAWEI CX600 Metro Services Platform Configuration Guide - VPN. The sub-interface for QinQ VLAN tag termination can be bound to a homogeneous VLL in the following modes: Local CCC connection Remote CCC connection Remote SVC connection Local Kompella connection Remote Kompella connection Remote Martini connection The sub-interface for dot1q VLAN tag termination can be bound to a homogeneous VLL or a heterogeneous VLL in the following modes: Local Kompella connection Remote Kompella remote connection Local Martini connection Remote Martini connection The sub-interface for QinQ/dot1q VLAN tag termination can be bound to VPLS in the following modes: Martini VPLS Kompella VPLS l L3VPN
For detailed information, see the chapter "BGP MPLS IP VPN Configuration" in the HUAWEI CX600 Metro Services Platform Configuration Guide - VPN. ----End

After successfully configuring the sub-interface for VLAN tag termination to access the VPN service, you can view detailed configurations on the sub-interface for VLAN tag termination.
Prerequisite
The configurations of the sub-interface for VLAN tag termination to access the VPN service are complete.
Procedure
l Run the display dot1q information termination [ interface interface-type interfacenumber [.subinterface-number ] ] command to check information about the sub-interface for dot1q VLAN tag termination. Run the display qinq information { termination | stacking | mapping } [ interface interface-type interface-number [.subinterface-number ] ] command to check information about the sub-interface for QinQ VLAN tag termination. Run the display mpls l2vpn [ l2vpn-name [ local-ce | remote-ce ] ] command to check information about the L2VPN on the PE. View the configuration of the L2VPN in CCC mode: Run the display vll ccc [ ccc-name | type { local | remote } ] command to check information about the CCC connection. Run the display l2vpn ccc-interface vc-type ccc [ up | down ] command to check information about the SVC interface in the Up or Down state. l View the configuration of the L2VPN in SVC mode: Run the display mpls static-l2vc [ interface interface-type interface-number ] command to check information about the SVC L2VPN connection. Run the display l2vpn ccc-interface vc-type static-vc { up | down } command to check information about the SVC interface in the Up or Down state. l View the configuration of the L2VPN in Martini mode: Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command to check information about the Martini MPLS L2VPN connection on the PE. Run the display mpls l2vc remote-info [ vc-id ] command to check information about the remote Martini MPLS L2VPN connection on the PE. l View the configuration of the L2VPN in Kompella mode: Run the display bgp l2vpn { all | group [ group-name ] | peer [ [ ip-address ] verbose ] | route-distinguisher route-distinguisher [ ce-id ce-id [ label-offset labeloffset ] ] } command to check BGP information about the Kompella MPLS L2VPN. Run the display mpls l2vpn connection [ vpn-name { remote-ce ce-id | down | up | verbose } | summary | interface interface-type interface-number ] command to check information about the Kompella MPLS L2VPN.
l l
Run the display interface interface-type interface-number vlan vlanid command to view configurations of all sub-interfaces on a main interface.
----End
Example
After VLL/PWE3 is successfully configured: Run the display vll ccc command, and you can find that the CCC VC status is Up. For example:
<HUAWEI> display vll ccc total ccc vc : 1 local ccc vc : 0, 0 up remote ccc vc : 1, 1 up name: ce2-ce1, type: remote, state: up, intf: GigabitEthernet2/0/0 (up), in-label: 201 , out-label: 101 , outinterface : GigabitEthernet1/0/0
Run the display l2vpn ccc-interface vc-type ccc command, and you can find that the VC type is CCC, and the CCC status is Up. For example:
<HUAWEI> display l2vpn Total ccc-interface of up (1), down (0) Interface GigabitEthernet1/0/0 ccc-interface vc-type all CCC VC: 1 Encap Type ppp State up VC Type CCC
Run the display mpls static-l2vc command, and you can find that the VC status is Up. For example:
<HUAWEI> display mpls static-l2vc Total svc connections: 1, 1 up, 0 down *Client Interface : GigabitEthernet1/0/0 is up AC Status : up VC State : up VC ID : 0 VC Type : ppp Destination : 3.3.3.9 Transmit VC Label : 100 Receive VC Label : 200 Control Word : Disable VCCV Capability : Disable Tunnel Policy Name : -Traffic Behavior : -PW Template Name : -Create time : 0 days, 0 hours, 1 minutes, 38 seconds
Issue 01 (2011-05-30)
5-41
UP time Last change time
: 0 days, 0 hours, 1 minutes, 11 seconds : 0 days, 0 hours, 1 minutes, 11 seconds
Run the display l2vpn ccc-interface vc-type static-l2vc up command, and you can find that the VC type is SVC, and the SVC status is Up. For example:
<HUAWEI> display l2vpn Total ccc-interface of up (1), down (0) Interface GigabitEthernet1/0/0 ccc-interface vc-type all CCC VC: 1 Encap Type ppp State up VC Type SVC
Run the display mpls l2vc command, and you can find that "Destination" is the peer address of the specified VC, and "VC State" is "up". For example:
<HUAWEI> display mpls l2vc total LDP VC : 2 2 up 0 down *client interface : GigabitEthernet2/0/0.1 session state : up AC status : up VC state : up VC ID : 101 VC type : VLAN destination : 3.3.3.9 local VC label : 21504 remote VC label control word : disable forwarding entry : existent local group ID : 0 manual fault : not set active state : active link state : up local VC MTU : 1500 remote VC MTU tunnel policy name : -traffic behavior name: -PW template name : -primary or secondary : primary create time : 0 days, 0 hours, 7 minutes, 53 up time : 0 days, 0 hours, 2 minutes, 29 last change time : 0 days, 0 hours, 2 minutes, 29 *client interface : GigabitEthernet2/0/0.2 session state : up AC status : up VC state : up VC ID : 102 VC type : VLAN destination : 3.3.3.9 local VC label : 21505 remote VC label control word : disable forwarding entry : existent local group ID : 0 manual fault : not set active state : active link state : up local VC MTU : 1500 remote VC MTU tunnel policy name : -traffic behavior name: -PW template name : -primary or secondary : primary create time : 0 days, 0 hours, 7 minutes, 50 up time : 0 days, 0 hours, 2 minutes, 29 last change time : 0 days, 0 hours, 2 minutes, 29
: 21504
: 1500
seconds seconds seconds
: 21505
: 1500
Run the display mpls l2vc remote-info command, and you can find that " Peer Addr" is the peer address of the specified VC. For example:
<HUAWEI> display mpls l2vc remote-info Total remote ldp vc : 1 Transport Group Peer Remote N S VC ID ID Addr Encap Bit Bit Remote VC Label C MTU/
Bit CELLS
5-42
Issue 01 (2011-05-30)
100 1 0 0 3.3.3.9 vlan 17408
0 1500
Run the display bgp l2vpn command, and you can find "Destination" is the peer address of the VC, "route-distinguisher" of the L2VPN is correctly configured, and the label is assigned to the peer device. For example:
<HUAWEI> display bgp l2vpn all BGP Local router ID : 2.2.2.9, local AS number : 100 Origin codes:i - IGP, e - EGP, ? - incomplete bgp.l2vpn: 1 destination Route Distinguisher: 100:1 CE ID Label Offset Label Base nexthop pref 4 0 132096 3.3.3.9 100
as-path
Run the display mpls l2vpn connection command, and you can find "VPN name" is correctly configured, the connection status is Up, and "route-distinguisher" is correctly configured. For example:
[HUAWEI] display mpls l2vpn connection 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown VPN name: vpn1, 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown CE name: ce1, id: 1, Rid type status peer-id route-distinguisher intf 2 rmt up 3.3.3.9 100:1 GigabitEthernet1/0/0
Run the display mpls l2vpn command on the PE, and you can view the detailed configurations of the L2VPN. For example: # Check the configurations of all the L2VPNs on the PE.
<HUAWEI> display mpls l2vpn VPN number: 1 vpn-name encap-type vpn1 ppp route-distinguisher 100:1 mtu 128 ce(L) 1 ce(R) 1
After VPLS is successfully configured: Run the display vsi [ name vsi-name ] [ verbose ] command. From the display, you can see that the "VSI State" item is "up". If you choose the parameter verbose, the "PW Signaling" item is " ldp ", and the "VSI State" item is "up". For example:
<HUAWEI> display vsi name vsi1 verbose ***VSI Name : vsi1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Mode : uniform Service Class : -Color : -DomainId : 0 Domain Name : VSI State : up VSI ID : 2 *Peer Router ID : 3.3.3.9 VC Label : 142336 Peer Type : dynamic Session : up Tunnel ID : 0x80800b, *Peer Router ID : 2.2.2.9 VC Label : 142337 Peer Type : dynamic Session : up Tunnel ID : 0x608006,
Issue 01 (2011-05-30)
5-43
Interface Name State **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID
: GigabitEthernet2/0/0.1 : up : : : : : : 3.3.3.9 up 142336 142336 label 0x80800b, : 2.2.2.9 : up : 142337 : 142336 : label : 0x608006,
After the L2VPN is successfully configured: Run the display ip vpn-instance verbose [ vpn-instance-name ] command. The details about the VPN instances created on the local device are displayed. The details cover the creation date, the time being in the Up status, the RD value, VPN target and the policy used to assign the labels.
<HUAWEI> display ip vpn-instance verbose Total VPN-Instances configured : 1 VPN-Instance Name and ID : vpn1, 1 Create date : 2006/06/06 16:30:22 Up time : 0 days, 00 hours, 01 minutes and 03 seconds Route Distinguisher : 100:1 Export VPN Targets : 1:2 Import VPN Targets : 1:2 Label policy : label per route The diffserv-mode Information is : uniform The ttl-mode Information is : uniform Interfaces : GigabitEthernet1/0/0.1
Run the display interface vlan command, and you can view the configurations of all subinterfaces on a main interface. For example:
<HUAWEI> display interface GigabitEthernet1/0/1 vlan 1 Sub-Interface VlanPolicy ----------------------------------------------------------GE1/0/1.6 DSCP 10 GE1/0/1.5 default GE1/0/1.4 8021p 2 to 5 7 ----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 1 Sub-Interface num: 3
5.7 Configuring the Sub-interface for VLAN Tag Termination to Access the MPLS Service
The sub-interface for VLAN tag termination to access the MPLS service are classified into the following types of MPLS LDP service and MPLS TE service. 5.7.1 Establishing the Configuration Task Before configuring the sub-interface for VLAN tag termination to access the MPLS service, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This helps you complete the configuration task quickly and accurately. 5.7.2 Configuring the Interface Mode as the User-Termination Mode You can run the dot1q-related or QinQ-related command on the sub-interface only when the interface works in user-termination mode. 5.7.3 Configuring the Sub-interface for dot1q VLAN Tag Termination
The sub-interface that terminates a single tag is called the sub-interface for dot1q VLAN tag termination. 5.7.4 Configuring the Sub-interface for QinQ VLAN Tag Termination If the route sub-interface that terminates double tags is called a sub-interface for QinQ VLAN tag termination. 5.7.5 Configuring the MPLS Service After successfully configuring the sub-interface for VLAN tag termination, you need to configure the MPLS service. In this manner, users can communicate with each over. 5.7.6 Checking the Configuration After successfully configuring the sub-interface for VLAN tag termination to access the MPLS service, you can view detailed configurations on the sub-interface for VLAN tag termination.

Before configuring the sub-interface for VLAN tag termination to access the MPLS service, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This helps you complete the configuration task quickly and accurately.
MPLS services are classified into the following types: l l MPLS LDP service MPLS TE service
NOTE
l Only the VLL PW over TE and the VLL PW over LDP are supported, and the VLL PW over TE FRR or the VLL PW over LDP over TE is not supported. l For the VLL PW over TE, only an RSVP-TE tunnel is supported, and only IS-IS TE rather than OSPF TE can be adopted. l Only the sub-interfaces for Dot1q termination and QinQ termination, rather than QinQ stacking subinterfaces, support the preceding services.
Before configuring the sub-interface for VLAN tag termination to access the MPLS service, complete the following tasks: l l Ensuring that devices are correctly connected and that the physical interfaces of each device are in the Up state Configuring the correct VLANs of users to enable the packets received by the sub-interface for VLAN tag termination to carry one or double tags
Data Preparation
To configure the sub-interface for VLAN tag termination to access the MPLS service, you need the following data. No. 1
Issue 01 (2011-05-30)
Data Control VLAN ID of the termination sub-interface

No. 2 3
Data Range of the termination tag of the interface IP address of the interface

Procedure
Step 1 Run:
system-view


Procedure
Step 1 Run:
system-view

5-46
Issue 01 (2011-05-30)

Procedure
Step 1 Run:
system-view

*
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with double tags. Step 4 (Optional) Create a user VLAN group. 1. 2. Run the vlan-group group-id command to create a user VLAN group. Run the quit command to return to the Ethernet sub-interface view or the Eth-Trunk subinterface view.

5.7.5 Configuring the MPLS Service

After successfully configuring the sub-interface for VLAN tag termination, you need to configure the MPLS service. In this manner, users can communicate with each over.
Context
Do as follows on the device that supports MPLS services:
Procedure
Step 1 Run:
system-view

The view of the sub-interface for VLAN tag termination is displayed. Step 3 Configure the MPLS service. Deploy one of the following services as required: l MPLS LDP For detailed information, see the chapters "MPLS LDP Configuration" in the HUAWEI CX600 Metro Services Platform Configuration Guide - MPLS. l MPLS TE For detailed information, see the chapter "MPLS TE Configuration" in the HUAWEI CX600 Metro Services Platform Configuration Guide - MPLS. ----End

After successfully configuring the sub-interface for VLAN tag termination to access the MPLS service, you can view detailed configurations on the sub-interface for VLAN tag termination.
Prerequisite
The configurations of the sub-interface for VLAN tag termination to access the MPLS service are complete.
Procedure
l l l l Run display mpls interface [ interface-type interface-number ] [ verbose ] command to check information about an interface enabled with MPLS. Run display mpls ldp [ all ] [ verbose ] command to check information about LDP. Run the display mpls rsvp-te [ interface interface-type interface-number ] command to check information about RSVP. Run the display mpls te tunnel [ destination ip-address ] [ lsp-id lsr-id session-id lspid | lsr-role { all | egress | ingress | remote | transit } ] [ name tunnel-name ] [ { incomingHuawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2011-05-30)
5-48
interface | interface | outgoing-interface } interface-type interface-number ] [ verbose ] command to check the tunnel information. ----End
5.8 Configuring the Sub-interface for QinQ VLAN Tag Termination to Support 802.1p Mapping
After tags are terminated on PEs, packets are sent to the IP or MPLS network of the ISP. To ensure the completeness of the QoS information in the packets, the 802.1p values in outer and inner tags need to be mapped to the DSCP field or the EXP field. 5.8.1 Establishing the Configuration Task Before configuring the sub-interface for QinQ VLAN tag termination to support 802.1p mapping, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately. 5.8.2 Configuring the Interface Mode as the User-Termination Mode You can run the dot1q-related or QinQ-related command on the sub-interface only when the interface works in user-termination mode. 5.8.3 Configuring the Sub-interface for QinQ VLAN Tag Termination to Support 802.1p Mapping A specific 802.1p priority in packets can be mapped to the DSCP or EXP field only after the sub-interface for QinQ VLAN tag termination is successfully configured with 802.1p mapping. 5.8.4 Checking the Configuration After successfully configuring the sub-interface for QinQ VLAN tag termination to support 802.1p mapping, you can view the detailed configurations on the sub-interface.

Before configuring the sub-interface for QinQ VLAN tag termination to support 802.1p mapping, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
l QinQ Termination Supports the 802.1p Remark and DSCP Remark According to RFC 2724, six bits of the Type of Service (ToS) field in an IPv4 packet header serve as the DiffServ Code Point (DSCP), which provides reference for differentiated services (DiffServ) and is used to ensure the Quality of Service (QoS) on the IP network. The operation of the traffic controller on the gateway depends on the DSCP field. After being terminated on the PE, the packet is sent to the ISP network. To ensure the completeness of the QoS information in the packet, the mapping relationship between the 802.1p values in outer and inner tags and the DSCP field needs to be configured. l QinQ Termination Supports the 802.1p Remark and EXP (MPLS) Remark The EXP field in an MPLS packet is used for Class of Service (CoS). The operation of the traffic controller on the gateway depends on the field.
After a user packet is terminated, it is sent to the ISP MPLS network. To ensure the completeness of the QoS information in the packet, the mapping relationship between the 802.1p values in outer and inner tags and the EXP field needs to be configured.
Before configuring the sub-interface for QinQ VLAN tag termination to support 802.1p mapping, complete the following tasks: l l Ensuring that devices are correctly connected and that the physical interfaces of each device are in the Up state Configuring the correct VLANs of users to enable the packets received by the sub-interface for VLAN tag termination to carry double tags
Data Preparation
Before configuring the sub-interface for QinQ VLAN tag termination to support 802.1p mapping, complete the following tasks: No. 1 2 3 Data Control VLAN ID of the termination sub-interface Range of the termination tag of the interface 802.1p priorities of the outer and inner tags

Procedure
Step 1 Run:
system-view

5.8.3 Configuring the Sub-interface for QinQ VLAN Tag Termination to Support 802.1p Mapping
A specific 802.1p priority in packets can be mapped to the DSCP or EXP field only after the sub-interface for QinQ VLAN tag termination is successfully configured with 802.1p mapping.
Procedure
Step 1 Run:
system-view

The view of the Ethernet sub-interface on the PE connecting to users is displayed. Step 3 Run:
*
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with double tags. Step 4 Run:
The sub-interface for VLAN tag termination is configured. Step 5 Run:

qinq 8021p-mode { trust { ce-vid-8021p | pe-vid-8021p } | precedence-value }
802.1p mapping is configured. By default, the sub-interface for QinQ VLAN tag termination trusts the 802.1p priority in the outer tag. That is, before qinq 8021p-mode is configured on the sub-interface, the sub-interface implements QoS policies according to the 802.1p priority in the outer tag of the received packets. ----End

After successfully configuring the sub-interface for QinQ VLAN tag termination to support 802.1p mapping, you can view the detailed configurations on the sub-interface.
Prerequisite
The configurations of sub-interface for QinQ VLAN tag termination to support 802.1p mapping are complete.
Procedure
l Run the display qinq information { termination | stacking | mapping } [ interface interface-type interface-number [.subinterface-number ] ] command to check information about the sub-interface for QinQ VLAN tag termination.
----End
Example
<HUAWEI> display qinq information termination interface gigabitethernet 2/0/0 GigabitEthernet 2/0/0.1 qinq 8021p-mode trust ce-vid-8021p Total QinQ Num: 1 qinq termination pe-vid 1 ce-vid 2 Total vlan-group Num: 0 control-vid 1 qinq-termination
5.9 Configuring the Sub-interface for QinQ Stacking to Access an L2VPN

You can configure sub-interfaces for QinQ stacking on PEs to access L2VPNs so that the inner tags of user packets are invisible on the ISP network. 5.9.1 Establishing the Configuration Task Before configuring the Sub-interface for VLAN stacking to access L2VPN, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This helps you complete the configuration task quickly and accurately. 5.9.2 Configuring the Interface Mode as the User-Termination Mode You can run the dot1q-related or QinQ-related command on the sub-interface only when the interface works in user-termination mode. 5.9.3 Configuring the Sub-interface for VLAN Stacking If a physical interface is used to access user packets, the interface can only access packets of a single user. In this case, you can bind sub-interfaces for QinQ stacking to VSIs or L2VCs to access an L2VPN so that a physical interface can simultaneously access packets of multiple users. 5.9.4 Configuring the L2VPN L2VPNs includes VLL, PWE3, and VPLS networks. A VLL simulates the traditional leased line on the IP network, and provides asymmetric and low-cost digital data network (DDN) services. The VLL is a point-to-point virtual private wire technology that can support almost all the link layer protocols. PWE3 is an implementation mode of the VLL and the extension of the Martini protocol. PWE3 extends the new signaling, reduces the cost of signaling, and defines the multi-hop negotiation mode. This makes the networking more flexible. The VPLS technology realizes a multipoint-to-multipoint VPN networking. Through this technology, the ISP can provide Ethernet-based multipoint-to-multipoint services for users through an MPLS backbone network. 5.9.5 Checking the Configuration After successfully configuring the sub-interface for QinQ stacking to access an L2VPN, you can view detailed configurations on the sub-interface.

Before configuring the Sub-interface for VLAN stacking to access L2VPN, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This helps you complete the configuration task quickly and accurately.
The packet of the user that accesses the CE has one tag. The CE accesses the ISP network through PEs. It is required to configure a VLL or PWE3 on the PE for the sub-interface for VLAN stacking. In this way, the user VLAN tags can be transparently transmitted on the ISP network, and the user networks connected to the CEs can communicate. To enable the PE to add an outer VLAN tag to received single-tagged packets, you can configure QinQ stacking+802.1p/DSCP/EthType on the PE. Then, each packet entering an Ethernet subinterface is attached with an outer VLAN tag based on the matching policy.
Before configuring the sub-interface for VLAN stacking to access L2VPN, complete the following tasks: l l Connecting devices correctly Configuring the VLAN of the CE and the basic Layer 2 forwarding function to make the packets sent from the CE to the PE carry one tag
Data Preparation
To configure the sub-interface for VLAN stacking to access L2VPN, you need the following data. No. 1 2 3 4 5 Data Name of the PE interface connected to the CE The VC IDs of two PW ends (The two IDs must be the same) MPLS LSR ID of each PE and P The IP address for the remote peer of the PE 802.1p priorities, DSCP values, or EthTypes

Procedure
Step 1 Run:
system-view

5.9.3 Configuring the Sub-interface for VLAN Stacking

If a physical interface is used to access user packets, the interface can only access packets of a single user. In this case, you can bind sub-interfaces for QinQ stacking to VSIs or L2VCs to access an L2VPN so that a physical interface can simultaneously access packets of multiple users.
Procedure
Step 1 Run:
system-view

The view of the Ethernet sub-interface on the PE connecting to users is displayed. Step 3 (Optional) Create a user VLAN group. 1. 2. Run the vlan-group group-id command to create a user VLAN group. Run the quit command to return to the Ethernet sub-interface view or the Eth-Trunk subinterface view.
The purpose of configuring the VLAN group for the users is to apply different QoS policies to different VLAN groups. Step 4 Run the following command as required. l Run:
qinq stacking vid low-ce-vid [ to high-ce-vid ] [ vlan-group group-id ]
User packets with VLAN IDs within the specified range are attached with an outer VLAN tag and QinQ stacking is configured to transparently transmit the user packets. User packets received on Ethernet sub-interface can carry a single VLAN tag or double VLAN tags. If an Ethernet sub-interface receives an untagged packet or a packet whose outer VLAN VLAN tag is not the user VLAN tag, the Ethernet sub-interface discards the packet. When running the qinq stacking vid command on different sub-interfaces of a main interface, the values of ce-vid cannot overlap. l Run:
qinq stacking vid low-ce-vid [ to high-ce-vid ] { 8021p { 8021p-value1 [ to 8021pvalue2 ] } &<1-10> | dscp { dscp-value1 [ to dscp-value2 ] } &<1-10> | eth-type eth-type-value | default }
5-54
Issue 01 (2011-05-30)
User packets received on Ethernet sub-interfaces are attached with an outer VLAN tag based on the matching policy. The matching policy can be VLAN+802.1p, VLAN+DSCP, or VLAN+EthType.
NOTE
l When you run the qinq stacking vid low-ce-vid [ to high-ce-vid ] [vlan-group group-id]command on a sub-interface without configuring default or specifying 8021p-value, dscp-value, or eth-type-value, it indicates that the VLAN range is exclusively occupied by the sub-interface and thus any VLAN within this range cannot be used in VLAN+802.1p/DSCP/EthType on other sub-interfaces. l eth-type eth-type-value specifies the EthType. Currently, the EthType can be PPPoE or IPoE only. To configure a sub-interface to process IPoE packets, you need to configure default when running the qinq stacking vid low-ce-vid [ to high-ce-vid ] default command. When default is configured, it indicates that all services from the VLAN are processed on the default sub-interface except that the services configured with the matching policy are processed on the corresponding sub-interface as specified in the matching policy.
----End
5.9.4 Configuring the L2VPN

L2VPNs includes VLL, PWE3, and VPLS networks. A VLL simulates the traditional leased line on the IP network, and provides asymmetric and low-cost digital data network (DDN) services. The VLL is a point-to-point virtual private wire technology that can support almost all the link layer protocols. PWE3 is an implementation mode of the VLL and the extension of the Martini protocol. PWE3 extends the new signaling, reduces the cost of signaling, and defines the multi-hop negotiation mode. This makes the networking more flexible. The VPLS technology realizes a multipoint-to-multipoint VPN networking. Through this technology, the ISP can provide Ethernet-based multipoint-to-multipoint services for users through an MPLS backbone network. Do as follows on the device that needs to be configured with an L2VPN.
Procedure
Step 1 Run:
system-view

The view of a sub-interface for QinQ stacking is displayed. Step 3 Configure the L2VPN. For detailed information, see the chapters "VLL Configuration", "PWE3 Configuration", and "VPLS Configuration" in the HUAWEI CX600 Metro Services Platform Configuration Guide - VPN. Deploy one of the following services as required: l A sub-interface for QinQ stacking can be configured with various VLL connections, including: Local CCC connection Remote CCC connection
Remote SVC connection Local Kompella connection Remote Kompella connection Remote Martini connection l A sub-interface for QinQ stacking can be configured with various VPLS connections, including: Martini VPLS Kompella VPLS ----End

After successfully configuring the sub-interface for QinQ stacking to access an L2VPN, you can view detailed configurations on the sub-interface.
Prerequisite
The configurations of the sub-interface for QinQ stacking to access an L2VPN are complete.
Procedure
l l l Run the display qinq information stacking [ interface interface-type interface-number [.subinterface-number ] ] command to check QinQ stacking information. Run the display mpls l2vpn [ l2vpn-name [ local-ce | remote-ce ] ] command to check information about the L2VPN on the PE. View the configuration of the L2VPN in CCC mode: Run the display vll ccc [ ccc-name | type { local | remote } ] command to check information about the CCC connection. Run the display l2vpn ccc-interface vc-type ccc [ up | down ] command to check information about the SVC interface in the Up or Down state. l View the configuration of the L2VPN in SVC mode: Run the display mpls static-l2vc [ interface interface-type interface-number ] command to check information about the SVC L2VPN connection. Run the display l2vpn ccc-interface vc-type static-vc { up | down } command to check information about the SVC interface in the Up or Down state. l View the configuration of the L2VPN in Martini mode: Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command to check information about the Martini MPLS L2VPN connection on the PE. Run the display mpls l2vc remote-info [ vc-id ] command to check information about the remote Martini MPLS L2VPN connection on the PE. l View the configuration of the L2VPN in Kompella mode: Run the display bgp l2vpn { all | group [ group-name ] | peer [ [ ip-address ] verbose ] | route-distinguisher route-distinguisher [ ce-id ce-id [ label-offset labeloffset ] ] } command to check BGP information about the Kompella MPLS L2VPN.
5-56
Issue 01 (2011-05-30)
Run the display mpls l2vpn connection [ vpn-name { remote-ce ce-id | down | up | verbose } | summary | interface interface-type interface-number ] command to check information about the Kompella MPLS L2VPN. l Run the display interface interface-type interface-number vlan vlanid command to view configurations of all sub-interfaces on a main interface.
----End
Example
Run the display qinq information stacking command on the PE. The details about the subinterface for VLAN stacking are displayed. For example:
<HUAWEI> display qinq information stacking interface gigabitethernet 1/0/1 GigabitEthernet1/0/1.1 VLL/PWE3 bound Total QinQ Num: 2 qinq stacking vid 100 vlan-group 1 qinq stacking vid 200 vlan-group 1 Total vlan-group Num: 1 vlan-group 1
After VLL/PWE3 is successfully configured: Run the display vll ccc command, and you can find that the CCC VC status is Up. For example:
<HUAWEI> display vll ccc total ccc vc : 1 local ccc vc : 0, 0 up remote ccc vc : 1, 1 up name: ce2-ce1, type: remote, state: up, intf: GigabitEthernet2/0/0 (up), in-label: 201 , out-label: 101 , outinterface : GigabitEthernet1/0/0
Run the display l2vpn ccc-interface vc-type ccc command, and you can find that the VC type is CCC, and the CCC status is Up. For example:
<HUAWEI> display l2vpn Total ccc-interface of up (1), down (0) Interface GigabitEthernet1/0/0 ccc-interface vc-type all CCC VC: 1 Encap Type ppp State up VC Type CCC
Run the display mpls static-l2vc command, and you can find that the VC status is Up. For example:
<HUAWEI> display mpls static-l2vc Total svc connections: 1, 1 up, 0 down *Client Interface : GigabitEthernet1/0/0 is up AC Status : up VC State : up VC ID : 0 VC Type : ppp Destination : 3.3.3.9 Transmit VC Label : 100 Receive VC Label : 200 Control Word : Disable VCCV Capability : Disable Tunnel Policy Name : -Traffic Behavior : -PW Template Name : -Create time : 0 days, 0 hours, 1 minutes, 38 seconds UP time : 0 days, 0 hours, 1 minutes, 11 seconds Last change time : 0 days, 0 hours, 1 minutes, 11 seconds
Run the display l2vpn ccc-interface vc-type static-l2vc up command, and you can find that the VC type is SVC, and the SVC status is Up. For example:
<HUAWEI> display l2vpn Total ccc-interface of up (1), down (0) Interface GigabitEthernet1/0/0
ccc-interface vc-type all CCC VC: 1 Encap Type ppp State up VC Type SVC
Run the display mpls l2vc command, and you can find that "Destination" is the peer address of the specified VC, and "VC State" is "up". For example:
<HUAWEI> display mpls l2vc total LDP VC : 2 2 up 0 down *client interface : GigabitEthernet2/0/0.1 session state : up AC status : up VC state : up VC ID : 101 VC type : VLAN destination : 3.3.3.9 local VC label : 21504 remote VC label control word : disable forwarding entry : existent local group ID : 0 manual fault : not set active state : active link state : up local VC MTU : 1500 remote VC MTU tunnel policy name : -traffic behavior name: -PW template name : -primary or secondary : primary create time : 0 days, 0 hours, 7 minutes, 53 up time : 0 days, 0 hours, 2 minutes, 29 last change time : 0 days, 0 hours, 2 minutes, 29 *client interface : GigabitEthernet2/0/0.2 session state : up AC status : up VC state : up VC ID : 102 VC type : VLAN destination : 3.3.3.9 local VC label : 21505 remote VC label control word : disable forwarding entry : existent local group ID : 0 manual fault : not set active state : active link state : up local VC MTU : 1500 remote VC MTU tunnel policy name : -traffic behavior name: -PW template name : -primary or secondary : primary create time : 0 days, 0 hours, 7 minutes, 50 up time : 0 days, 0 hours, 2 minutes, 29 last change time : 0 days, 0 hours, 2 minutes, 29
: 21504
: 1500
: 21505
: 1500
Run the display mpls l2vc remote-info command, and you can find that " Peer Addr" is the peer address of the specified VC. For example:
<HUAWEI> display mpls l2vc remote-info Total remote ldp vc : 1 Transport Group Peer Remote N S VC ID ID Addr Encap Bit Bit 100 0 3.3.3.9 vlan 1 0 Remote VC Label 17408 C MTU/
Bit CELLS 0 1500
Run the display bgp l2vpn command, and you can find "Destination" is the peer address of the VC, "route-distinguisher" of the L2VPN is correctly configured, and the label is assigned to the peer device. For example:
<HUAWEI> display bgp l2vpn all BGP Local router ID : 2.2.2.9, local AS number : 100 Origin codes:i - IGP, e - EGP, ? - incomplete bgp.l2vpn: 1 destination Route Distinguisher: 100:1 CE ID Label Offset Label Base nexthop pref 4 0 132096 3.3.3.9 100
as-path
Run the display mpls l2vpn connection command, and you can find "VPN name" is correctly configured, the connection status is Up, and "route-distinguisher" is correctly configured. For example:
[HUAWEI] display mpls l2vpn connection 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown VPN name: vpn1, 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown CE name: ce1, id: 1, Rid type status peer-id route-distinguisher intf 2 rmt up 3.3.3.9 100:1 GigabitEthernet1/0/0
Run the display mpls l2vpn command on the PE, and you can view the detailed configurations of the L2VPN. For example: # Check the configurations of all the L2VPNs on the PE.
<HUAWEI> display mpls l2vpn VPN number: 1 vpn-name encap-type vpn1 ppp route-distinguisher 100:1 mtu 128 ce(L) 1 ce(R) 1
After VPLS is successfully configured: Run the display vsi [ name vsi-name ] [ verbose ] command. From the display, you can see that the "VSI State" item is "up". If you choose the parameter verbose, the "PW Signaling" item is " ldp ", and the "VSI State" item is "up". For example:
<HUAWEI> display vsi name vsi1 verbose ***VSI Name : vsi1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Mode : uniform Service Class : -Color : -DomainId : 0 Domain Name : VSI State : up VSI ID : 2 *Peer Router ID : 3.3.3.9 VC Label : 142336 Peer Type : dynamic Session : up Tunnel ID : 0x80800b, *Peer Router ID : 2.2.2.9 VC Label : 142337 Peer Type : dynamic Session : up Tunnel ID : 0x608006, Interface Name : GigabitEthernet2/0/0.1 State : up **PW Information: *Peer Ip Address : 3.3.3.9 PW State : up Local VC Label : 142336
Issue 01 (2011-05-30)
5-59
Remote VC Label PW Type Tunnel ID *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID
: 142336 : label : 0x80800b, : 2.2.2.9 : up : 142337 : 142336 : label : 0x608006,
After the L2VPN is successfully configured: Run the display ip vpn-instance verbose [ vpn-instance-name ] command. The details about the VPN instances created on the local device are displayed. The details cover the creation date, the time being in the Up status, the RD value, VPN target and the policy used to assign the labels.
<HUAWEI> display ip vpn-instance verbose Total VPN-Instances configured : 1 VPN-Instance Name and ID : vpn1, 1 Create date : 2006/06/06 16:30:22 Up time : 0 days, 00 hours, 01 minutes and 03 seconds Route Distinguisher : 100:1 Export VPN Targets : 1:2 Import VPN Targets : 1:2 Label policy : label per route The diffserv-mode Information is : uniform The ttl-mode Information is : uniform Interfaces : GigabitEthernet1/0/0.1
Run the display interface vlan command, and you can view the configurations of all subinterfaces on a main interface. For example:
<HUAWEI> display interface GigabitEthernet1/0/1 vlan 1 Sub-Interface VlanPolicy ----------------------------------------------------------GE1/0/1.6 DSCP 10 GE1/0/1.5 default GE1/0/1.4 8021p 2 to 5 7 ----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 1 Sub-Interface num: 3
5.10 Configuring Dynamic QinQ

Dynamic QinQ is configured on the sub-interface for VLAN tag termination of the DHCP relay at the client side to allocate VLAN tag resources for login users. When a user abnormally logs out after obtaining an IP address, the system can sense the event automatically, delete the binding in the DHCP binding table, and instruct the DHCP server to release the IP address and VLAN tag resources. 5.10.1 Establishing the Configuration Task Before configuring dynamic QinQ, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This helps you complete the configuration task quickly and accurately. 5.10.2 Configuring the Interface Mode as the User-Termination Mode You can run the dot1q-related or QinQ-related command on the sub-interface only when the interface works in user-termination mode. 5.10.3 Configuring Dynamic QinQ An ordinary sub-interface for QinQ VLAN tag termination can be configured to terminate user packets with a maximum of 16 K combinations of inner and outer tags. If the number of combinations of inner and outer tags exceeds 16 K, you can configure dynamic QinQ. In this
manner, the sub-interface for QinQ VLAN tag termination can terminate user packets with a maximum of 32 K combinations of inner and outer tags on each board. 5.10.4 Configuring DHCP Snooping As a DHCP security feature, Dynamic Host Configuration Protocol (DHCP) snooping filters out untrusted DHCP messages, and creates and maintains a DHCP snooping binding table. The binding table contains the MAC address, IP address, lease, binding type, VLAN ID, and interface information. DHCP snooping acts as a firewall between DHCP clients and a DHCP server. 5.10.5 Checking the Configuration After successfully configuring dynamic QinQ, you can view the detailed configurations on the sub-interface for QinQ VLAN tag termination.

Before configuring dynamic QinQ, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This helps you complete the configuration task quickly and accurately.
A common sub-interface for QinQ termination can terminate a maximum of 16,000 doubletagged user packets. When the number of the user packets exceeds 16,000, you can use the dynamic QinQ function. After that, the sub-interface for QinQ aggregation can terminate a maximum of 64,000 double-tagged user packets. Dynamic QinQ is configured on the sub-interface for VLAN tag termination on the client side of the DHCP relay to allocate VLAN tags to the login users. After ARP is associated with the DHCP binding table, when users log out abnormally after obtaining IP addresses, the system senses this failure automatically, and then deletes the binding relationship in the DHCP binding table and informs the DHCP server to release IP addresses and VLAN tags.
Before configuring dynamic QinQ, complete the following tasks: l l Connecting devices correctly Configuring the correct VLANs of users to enable the packets received by the sub-interface for VLAN tag termination to carry double tags
Data Preparation
To configure dynamic QinQ, you need the following data. No. 1 2 3 4 5 Data IP address of the interface to be configured with DHCP relay Address pool range of the DHCP server Tag values of the sub-interface for QinQ VLAN tag termination Rate at which DHCP messages are sent to the CPU Threshold for sending alarms to the NMS
Issue 01 (2011-05-30)
5-61

Procedure
Step 1 Run:
system-view

5.10.3 Configuring Dynamic QinQ

An ordinary sub-interface for QinQ VLAN tag termination can be configured to terminate user packets with a maximum of 16 K combinations of inner and outer tags. If the number of combinations of inner and outer tags exceeds 16 K, you can configure dynamic QinQ. In this manner, the sub-interface for QinQ VLAN tag termination can terminate user packets with a maximum of 32 K combinations of inner and outer tags on each board.
Procedure
Step 1 Run:
system-view

control-vid vid qinq-termination dynamic
Configures the sub-interface to support dynamic QinQ. Step 4 Run:

qinq-dynamic max-access-user access-user-number
Dynamic QinQ resources are pre-allocated.

Step 5 Run:
qinq-dynamic user-queue queue-number bandwidth bandwidth { inbound | outbound }
The QinQ dynamic bandwidth CIR resources are pre-allocated.

NOTE
In the case of interfaces configured with dynamic QinQ, usually it is users who send the ARP request actively to the gateway device; if ARP rigid learning is also configured on the device, all interfaces on the device learn the responses to the ARP requests that are actively sent by themselves instead of learning the requests sent by other devices. As a result, dynamic QinQ interfaces on this device cannot learn ARP entries of users and then users fail to log in. To solve the problem, you can run the arp learning strict forcedisable command on the interface configured with dynamic QinQ so that the interface can learn the ARP requests sent by users.
Step 6 Run:
5.10.4 Configuring DHCP Snooping

As a DHCP security feature, Dynamic Host Configuration Protocol (DHCP) snooping filters out untrusted DHCP messages, and creates and maintains a DHCP snooping binding table. The binding table contains the MAC address, IP address, lease, binding type, VLAN ID, and interface information. DHCP snooping acts as a firewall between DHCP clients and a DHCP server.
Procedure
Step 1 Run:
system-view

The view of a sub-interface for QinQ VLAN tag termination is displayed. Step 3 Configure DHCP snooping. For detailed information, see the chapter "DHCP Snooping Configuration" in the HUAWEI CX600 Metro Services Platform Configuration Guide - Security.
Issue 01 (2011-05-30)
5-63
NOTE
l On the DHCP relay, you need to use the dhcp option82 insert enable command or the dhcp option82 rebuild enable command to enable the sub-interface for QinQ VLAN tag termination to insert the Option 82 field into the DHCP message. If the QinQ sub-interface is not configured with Option 82, when accessing the DHCP relay service, the QinQ sub-interface encapsulates all the DHCP messages received from the DHCP relay with only the smallest VLAN ID configured on it and sends the messages to the client side. The other VLAN IDs are not processed. l The DHCP server must support the Option82 return function. Namely, the Offer or ACK message returned from the DHCP server must contain the Option82 information. l Run the arp learning strict force-disable command to unfetter the dynamic QinQ interface from global ARP rigid learning so that the dynamic QinQ interface can learn the ARP request sent by users.
----End

After successfully configuring dynamic QinQ, you can view the detailed configurations on the sub-interface for QinQ VLAN tag termination.
Prerequisite
The configurations of dynamic QinQ are complete.
Procedure
l Run the display qinq information { termination | stacking | mapping } [ interface interface-type interface-number [.subinterface-number ] ] command to check information about the sub-interface for QinQ VLAN tag termination. Run the display dhcp snooping global command to check information about DHCP snooping.
----End
Example
Running the display dhcp snooping global command on the DHCP relay, you can find that DHCP snooping is enabled in the global view and interface view. In addition, you can view the statistics of the alarm message sent to the NMS.
<DHCP-Relay> display dhcp snooping global dhcp snooping enable dhcp snooping nomatch-packet ip action discard dhcp snooping nomatch-packet arp action discard dhcp snooping check dhcp-rate enable dhcp snooping check dhcp-rate alarm enable dhcp snooping check dhcp-rate 90 dhcp snooping check dhcp-rate alarm threshold 40
5-64
Issue 01 (2011-05-30)
5.11 Configuring the Sub-interface for QinQ VLAN Tag Termination to Support URPF
Configuring sub-interfaces for QinQ VLAN tag termination to support Unicast Reverse Path Forwarding (URPF) effectively prevents attacks based on source address spoofing through subinterfaces for QinQ VLAN tag termination. 5.11.1 Establishing the Configuration Task Before configuring sub-interfaces for QinQ VLAN tag termination to support URPF, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately. 5.11.2 Configuring the Ethernet Interface of the PE You can use QinQ configuration commands on sub-interfaces only when the main interface works in user termination mode. 5.11.3 Configuring the Ethernet Sub-interface of the PE For a sub-interface for QinQ VLAN tag termination, you need to configure double tags that are carried in a user packet and can be terminated by the sub-interface. 5.11.4 Configuring URPF on the Sub-interface for QinQ VLAN Tag Termination Sub-interfaces for VLAN tag termination on the CX600 support the loose URPF check only. 5.11.5 Checking the Configuration After sub-interfaces for QinQ VLAN tag termination are configured to support URPF, the CX600 can effectively defend itself against network attacks with bogus source IP addresses.

Before configuring sub-interfaces for QinQ VLAN tag termination to support URPF, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
On the ISP network, a CX device may receive the packet with the spoofing source address. In this case, you need to configure URPF on the relevant interface to avoid the attacks based on the source address spoofing. When a CX device receives a packet with double tags, you need to apply URPF on the subinterface for QinQ VLAN tag termination.
Before configuring the sub-interface for QinQ VLAN tag termination to support URPF, complete the following tasks: l l l Configuring the physical parameters of the interface Configuring the link protocol of the interface Assigning the IP address to the interface
Issue 01 (2011-05-30)
5-65
Data Preparation
To configure the sub-interface for QinQ VLAN tag termination to support URPF, you need the following data. No. 1 2 Data The number of QinQ interface which to be configured with URPF Termination range of the sub-interface for QinQ VLAN tag termination
5.11.2 Configuring the Ethernet Interface of the PE

You can use QinQ configuration commands on sub-interfaces only when the main interface works in user termination mode.
Context
Procedure
Step 1 Run:
system-view


The mode of the Ethernet interface is configured as user-termination mode. ----End
5.11.3 Configuring the Ethernet Sub-interface of the PE

For a sub-interface for QinQ VLAN tag termination, you need to configure double tags that are carried in a user packet and can be terminated by the sub-interface.
Context
Procedure
Step 1 Run:
system-view
5-66
Issue 01 (2011-05-30)

interface { gigabitethernet | eth-trunk } interface-number.subinterface-number
The Ethernet sub-interface view is displayed. Step 3 Run:

control-vid vid qinq-termination [ local-switch | [ rt-protocol | flexible ] * ]
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the user packets with double tags. Step 4 Run:
qinq termination pe-vid pe-vid ce-vid low-ce-vid [ to high-ce-vid ]
The VLAN tag termination function is configured for the sub-interface. ----End
5.11.4 Configuring URPF on the Sub-interface for QinQ VLAN Tag Termination
Sub-interfaces for VLAN tag termination on the CX600 support the loose URPF check only.
Context
Procedure
Step 1 Run:
system-view

interface { gigabitethernet | eth-trunk } interface-number.subinterface-number
The sub-interface for QinQ VLAN tag termination view is displayed. Step 3 Run:
ip urpf loose [ allow-default ]
URPF is enabled. That is, the IP address must be in the FIB but the interface may not be matched. ----End

After sub-interfaces for QinQ VLAN tag termination are configured to support URPF, the CX600 can effectively defend itself against network attacks with bogus source IP addresses.
Issue 01 (2011-05-30)
5-67
Procedure
Step 1 Run the display qinq information termination [ interface interface-type interface-number [.subinterface-number ] ] command to display the information of QinQ termination. ----End
Example
Run the display qinq information termination command on PE. The details about the subinterface for QinQ termination are displayed. For example: # Display the information on the sub-interface for QinQ termination.
<HUAWEI> display qinq information termination interface gigabitethernet 1/0/0 GigabitEthernet1/0/0.1 Total QINQ Num: 1 qinq termination pe-vid 10 ce-vid 100 Total vlan-group Num: 0 control-vid 1 qinq-termination
5.12 Configuring the User-Side QinQ

When configuring a user VLAN on an Ethernet sub-interface, you can specify either the start and end VLAN IDs or the start and end QinQ VLAN IDs. Note that a maximum of 16 consecutive QinQ VLAN IDs can be specified in a command. When the CX600 is connected to users through two switches, the switch adjacent to users adds an inner tag to a user packet (or remove the inner tag from the user packet) and the switch adjacent to the CX600 adds an outer tag to the user packet (or remove the outer tag from the user packet).
NOTE
User-Side QinQ cannot be configured on the X1 and X2 models of the CX600.
5.12.1 Establishing the Configuration Task Before configuring QinQ functions at the user side of the BRAS, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately. 5.12.2 Creating a User-Side VLAN When a Layer 2 common user accesses the device through an Ethernet sub-interface, configuring a user-side VLAN is necessary. 5.12.3 Checking the Configuration After QinQ functions are configured for a sub-interface at the user side of the BRAS, users can access the network through the sub-interface.

Before configuring QinQ functions at the user side of the BRAS, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
When the number of VLANs on an interface is more than 4000, you should configure QinQ to expand the VLAN capacity.
Before configuring the user-side QinQ, complete the following tasks: l l Setting the physical parameters of the relevant interfaces Configuring the IP addresses and BRAS attributes of the relevant interfaces
Data Preparation
To configure the user-side QinQ, you need the following data. No. 1 2 Data QinQ ID Sub-interface number
5.12.2 Creating a User-Side VLAN

When a Layer 2 common user accesses the device through an Ethernet sub-interface, configuring a user-side VLAN is necessary.
Context
Do as follows on the CX600:
Procedure
Step 1 Run: system-view The system view is displayed. Step 2 Run:
interface interface-type interface-number.sub-interface-nmuber
The sub-interface view is displayed. Step 3 Run:

user-vlan { start-vlan-id [ end-vlan-id ] [ qinq start-qinq-id end-qinq-id other } ] | any-
The user-side VLAN is created on the sub-interface. When configuring user-side VLANs on an Ethernet sub-interface, you can specify a VLAN range by setting start-vlan and end-vlan or specify all other VLANs by setting any-other (containing all the VLANs that are not used by other sub-interfaces in 4094 x 4094 VLANs for double-tag encapsulation and 4094 VLANs for one-tag encapsulation). If some VLANs are being used by other sub-interfaces, the any-other parameter does not take effect to these VLANs. When configuring user-side VLANs on an Ethernet sub-interface, you can also specify QinQ VLANs. Two LAN switches are connected to the CX600. The packets of the LAN switch close to the user are tagged with inner VLAN IDs (start-vlan-id), and the packets of the upper LAN
switch are tagged with outer QinQ VLAN IDs (qinq-id). For details, see QinQ Configuration. By default, no user-side VLAN is configured on the Ethernet sub-interface. ----End

After QinQ functions are configured for a sub-interface at the user side of the BRAS, users can access the network through the sub-interface.
Context
Run the following command in the sub-interface view to check the previous configuration. Action Check the QinQ configuration on the sub-interface. Command display this
5.13 Configuring VLAN Tag-based or VLAN Tag+802.1pbased Traffic Interruption

Configuring VLAN tag-based or VLAN tag+802.1p-based traffic interruption can effectively prevent specific users from logging in and thus ensure the security and normal operation of network traffic. 5.13.1 Establishing the Configuration Task Before configuring VLAN tag-based or VLAN tag+802.1p-based traffic interruption, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately. 5.13.2 Setting the Interface Mode to user-termination Dot1q and QinQ configuration commands can be run on sub-interfaces only when the main interface works in user-termination mode. 5.13.3 Configuring VLAN Tag-based or VLAN Tag+802.1p-based Traffic Interruption After VLAN tag-based or VLAN tag+802.1p-based traffic interruption is configured, the packets with the specified 802.1p priority in the specified VLAN are discarded on the sub-interface.

Before configuring VLAN tag-based or VLAN tag+802.1p-based traffic interruption, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately.
CEs access the ISP network through PEs. The user data packets sent from CEs to PEs have one or double tags.
It is required that VLAN tag-based or VLAN tag+802.1p-based traffic interruption be configured on PEs so that certain packets cannot be transmitted on the carrier network.
Before configuring VLAN tag-based or VLAN tag+802.1p-based traffic interruption, complete the following tasks: l l Connecting devices correctly Configuring the VLAN of the CE and the basic Layer 2 forwarding function to make the packets sent from the CE to the PE carry one or double tags
Data Preparation
To configure VLAN tag-based or VLAN tag+802.1p-based traffic interruption, you need the following data. No. 1 2 3 Data Name of the PE interface connected to the CE VLAN ID associated with the sub-interface VLAN ID and 802.1p priority of the packets that need to be denied
5.13.2 Setting the Interface Mode to user-termination

Dot1q and QinQ configuration commands can be run on sub-interfaces only when the main interface works in user-termination mode.
Context
Do as follows on the PE:
Procedure
Step 1 Run:
system-view

The Ethernet interface view or the Eth-Trunk interface view is displayed. Step 3 Run:
The mode of the Ethernet interface is set to user-termination. When this command is run on the main interface, ensure that no sub-interface is configured under this main interface. ----End
5.13.3 Configuring VLAN Tag-based or VLAN Tag+802.1p-based Traffic Interruption

After VLAN tag-based or VLAN tag+802.1p-based traffic interruption is configured, the packets with the specified 802.1p priority in the specified VLAN are discarded on the sub-interface.
Context
Do as follows on the PE:
Procedure
Step 1 Run:
system-view

interface {ethernet | gigabitethernet | eth-trunk } interface-number.subinterfacenumber
The Ethernet sub-interface view or the Eth-Trunk sub-interface view is displayed.

NOTE
You can configure the sub-interface as required. The sub-interface can be only the sub-interface for QinQ VLAN tag termination, sub-interface for dot1q VLAN tag termination, sub-interface for QinQ mapping, or sub-interface for QinQ stacking.
Step 3 Run:
port-block {vlan low-vid [ to high-vid ] | [ pe-vid pe-vid [ pe-8021p pe-8021p ] [ ce-vid low-ce-vid [ to high-ce-vid ] [ ce-8021p ce-8021p ] ] ] }
VLAN tag-based or VLAN tag+802.1p-based traffic interruption is configured.

NOTE
Discarding packets based on the 802.1p priority cannot be performed on dot1q termination sub-interfaces or QinQ stacking sub-interfaces.
----End
5.14 Maintaining QinQ

Commands of clearing statistics on a QinQ interface helps to locate the faults on a QinQ interface. 5.14.1 Clearing QinQ Statistics You can run the reset command to clear the QinQ statistics before recollecting QinQ statistics. 5.14.2 Monitoring the Operating Status of the Termination Sub-interface In routine maintenance, you can run the following display commands in any view to check the operation of the sub-interface for QinQ/dot1q VLAN tag termination.
5.14.1 Clearing QinQ Statistics

You can run the reset command to clear the QinQ statistics before recollecting QinQ statistics.
Context
CAUTION
Statistics about QinQ packets cannot be restored after you clear it. So, confirm the action before you use the command. To clear the QinQ Statistics, run the following reset command in the user view:
Procedure
Step 1 Run the reset qinq statistic interface interface-type interface-number.subinterface-number vlan-group group-id command to clear the QinQ statistics. ----End
5.14.2 Monitoring the Operating Status of the Termination Subinterface

In routine maintenance, you can run the following display commands in any view to check the operation of the sub-interface for QinQ/dot1q VLAN tag termination.
Procedure
l Run the display dot1q information termination [ interface interface-type interfacenumber [.subinterface-number ] ] command in any view to check information about the sub-interface for dot1q VLAN tag termination. Run the display qinq information termination [ interface interface-type interfacenumber [.subinterface-number ] ] command in any view to check information about the sub-interface for QinQ VLAN tag termination. Run the display qinq information stacking [ interface interface-type interface-number [.subinterface-number ] ] command in any view to check information about QinQ Stacking.
----End

This section describes the typical application scenarios of QinQ, including networking requirements, configuration roadmap, and data preparation, and provides related configuration files.
NOTE
5.15.1 Example for Configuring the QinQ Tunnel After a Layer 2 QinQ tunnel is configured, different enterprises can plan their own VLANs. In this manner, offices in different locations of the same enterprise can communicate whereas different enterprises cannot. 5.15.2 Example for Configuring Selective QinQ on a Layer 2 Interface
Layer 2 selective QinQ is an extension of the QinQ Layer 2 tunnel function, and is more flexible. This example shows how a Layer 2 QinQ interface enabled with Layer 2 selective QinQ adds different outer tags to the incoming frames with different inner tags to further classify VLANs. 5.15.3 Example for Configuring Compatibility of the EthType Field in the Outer Tag of QinQ Packets This example shows how to configure the EthType of an outer tag to enable the interworking between the devices of different vendors. 5.15.4 Example for Configuring the Sub-interface for dot1q VLAN Tag Termination to Support Proxy ARP This example shows how to configure a sub-interface for dot1q VLAN tag termination to support proxy ARP, and how to enable the interworking between users in the same network segment but in different VLANs. 5.15.5 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support Proxy ARP This example shows how to configure a sub-interface for QinQ VLAN tag termination to support proxy ARP, and how to enable the interworking between users in the same network segment but in different VLANs. 5.15.6 Example for Configuring the Sub-interface for dot1q VLAN Tag Termination to Support VRRP This example shows how to ensure reliable and stable connections between the end users that send packets with one tag and the network after you configure a sub-interface for dot1q VLAN tag termination to support VRRP. 5.15.7 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support VRRP This example shows how to ensure reliable and stable connections between the end users that send packets with double tags and the network after you configure a sub-interface for QinQ VLAN tag termination to support VRRP. 5.15.8 Example for Configuring the Sub-interface for dotlq and QinQ VLAN Tag Termination to Access an L3VPN PEs are connected through an L3VPN; user packets sent to the PEs carry one tag and double tags respectively. This example describes how users communicate with each other through an L3VPN and how to configure sub-interfaces for dot1q VLAN tag termination, sub-interfaces for QinQ VLAN tag termination, and L3VPNs. 5.15.9 Example for Configuring the Dot1q Termination Sub-interface to Access the VLL PEs are connected through an L2VPN; user packets sent to the PEs carry one tag. This example describes how to communicate through an L2VPN and how to configure sub-interfaces for Dot1q VLAN tag termination and L2VPNs. 5.15.10 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Access a VLL PEs are connected through an L2VPN; user packets sent to the PEs carry double tags. This example describes how to communicate through an L2VPN and how to configure sub-interfaces for QinQ VLAN tag termination and L2VPNs. 5.15.11 Example for Configuring the Sub-interface for dot1q and QinQ VLAN Tag Termination to Access a VPLS PEs are connected through a VPLS network; user packets sent to PEs carry one tag and double tags respectively. This example describes how to communicate through a VPLS network and how to configure sub-interfaces for dot1q VLAN tag termination, sub-interfaces for QinQ VLAN tag termination, and VPLS networks.
5.15.12 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Access a VPLS Network PEs are connected through a VPLS network. Each of the user packets sent to the PEs carries double tags. This example shows how to configure the users to communicate through the VPLS network and how to configure the VPLS network and sub-interfaces for QinQ VLAN tag termination. 5.15.13 Example for Configuring a Sub-interface for QinQ VLAN Tag Termination to Support the Local Connection Different CEs access the same VSI of a PE. The packets sent from the CEs to the PE carry double tags and the outer tags are same. It is required that CEs communicate with each other. 5.15.14 Example for Configuring the Sub-interface for dot1q VLAN Tag Termination to Support the DHCP Relay Function The user packets received by the DHCP relay carry one tag. If the sub-interface for dot1q VLAN tag termination does not support the DHCP relay function, the DHCP relay regards the received packets as invalid and discards them. As a result, the DHCP client cannot obtain IP addresses from the DHCP server. 5.15.15 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support the DHCP Relay Function The user packets received by the DHCP relay carry double tags. If the sub-interface for QinQ VLAN tag termination does not support the DHCP relay function, the DHCP relay regards the received packets as invalid and discards them. As a result, the DHCP client cannot obtain IP addresses from the DHCP server. 5.15.16 Example for Configuring Dynamic QinQ A common QinQ termination sub-interface can be configured to terminate user packets with a maximum of 16,000 combinations of inner and outer tags. If the number of combinations of inner and outer tags exceeds 16,000, you can enable dynamic QinQ on a QinQ termination subinterface. In this case, the QinQ termination sub-interface can terminate user packets with a maximum of 32,000 combinations of inner and outer tags on a single board. After beingenabled with dynamic QinQ, the QinQ termination sub-interface cannot support Virtual Leased Line (VLL), Pseudo Wire Emulation Edge-to-Ede (PWE3), Virtual Private LAN Service (VPLS), static ARP, and static DHCP snooping binding table. 5.15.17 Example for Configuring the Sub-interface for VLAN Stacking to Access a VLL VLL is a point-to-point L2VPN. Because the VLANIF interface does not support VLL, you have to use the main interface to access VPN. Such a configuration is not flexible because the same physical interface cannot be accessed by multiple users. To make one physical interface accessed by multiple users, you can use the VLAN-based QinQ function at different subinterfaces as mentioned previously. In this case, CE-VLANs on both sides must be symmetrical. 5.15.18 Example for Configuring the Sub-interface for QinQ VLAN Stacking to Access a VPLS Network This example shows how to configure a Layer 3 sub-interface for QinQ stacking to access a VPLS network. The sub-interface adds an outer VLAN tag of the ISP network to the user packet. The sub-interface is bound to a VSI and accesses the VPLS network. 5.15.19 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support URPF To protect the CX600 against attacks based on source address spoofing, you need to enable URPF on the corresponding interface. This example describes how to configure sub-interfaces for QinQ VLAN tag termination to support URPF. 5.15.20 Example for Configuring the dot1q Termination Sub-interface in a VSI to Support IGMP Snooping
You can configure a sub-interface for QinQ termination to support IGMP on only Layer 3 interfaces rather than Layer 2 interfaces. 5.15.21 Example for Configuring the QinQ Termination Sub-interface in a VSI to Support IGMP Snooping You can configure a sub-interface for QinQ termination to support IGMP snooping on only Layer 2 interfaces rather than Layer 3 interfaces. 5.15.22 Example for Configuring the dot1q Termination Sub-interface to Support IGMP and Access an L3VPN IGMP is used by IP hosts and adjacent multicast static CX devices to establish multicast group memberships. Therefore, IGMP is applied where hosts and CX devices are connected. In addition, IGMP can be used where hosts and CX devices are of different versions. This example shows how to configure a sub-interface for Dot1q termination on a PE to support IGMP and to access a L3VPN. Thus, the hosts connected to the PE can join the related multicast groups to receive multicast traffic. 5.15.23 Example for Configuring the QinQ Termination Sub-interface to Support IGMP and Access an L3VPN By sending IGMP Query messages to hosts and receiving IGMP Join messages and IGMP Leave messages from hosts, a multicast CX device can identify the receivers (multicast group members) on the connected network segment. This example shows how to configure a sub-interface for QinQ termination to support IGMP on a PE and to access a L3VPN. Thus, the hosts connected to the PE can communicate with the upper-layer multicast source. 5.15.24 Example for Configuring the QinQ Termination Sub-interface to Support Single-AS MD VPN By configuring sub-interfaces for QinQ VLAN tag termination on a PE, access users can join multicast groups and receive multicast data. 5.15.25 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support MPLS TE Sub-interfaces for QinQ VLAN tag termination support MPLS TE only when the CX600 runs IS-IS. Each sub-interface can be configured with only one pair of tags. 5.15.26 Example for Configuring the User-Side QinQ When the CX600 is connected to users through two switches, the switch adjacent to users adds an inner tag to each user packet (or remove the inner tag from each user packet) and the switch adjacent to the CX600 adds an outer tag to each user packet (or remove the outer tag from each user packet). Users access the switch through BAS interfaces. 5.15.27 Example for Configuring VLAN+802.1p for L2VPN Access (on a Sub-interface for Dot1q VLAN Tag Termination) In this networking, PE1 receives tagged packets with different 802.1p priorities; a sub-interface for Dot1q VLAN tag termination and VLAN+802.1p are configured on the interface at the AC side of PE1; the sub-interface for Dot1q VLAN tag termination is bound to different VPN instances. Packets are transmitted through different VSIs based on the 802.1p priorities of the packets. The following takes the scenario where a CSG accesses IP services as an example. 5.15.28 Example for Configuring VLAN+EthType for L2VPN Access (on a Sub-interface for Dot1q VLAN Tag Termination) In this networking, PE1 receives tagged packets with different EthTypes; a sub-interface for Dot1q VLAN tag termination and VLAN+EthType are configured on the interface at the AC side of PE1; the sub-interface for Dot1q VLAN tag termination is bound to different VSIs. Packets are transmitted through different VSIs based on the EthTypes of the packets.
5-76
Issue 01 (2011-05-30)
5.15.29 Example for Configuring VLAN+DSCP for L2VPN Access (on a Sub-interface for Dot1q VLAN Tag Termination) In this networking, PE1 receives tagged packets with different DSCP values; a sub-interface for Dot1q VLAN tag termination and VLAN+DSCP are configured on the interface at the AC side of PE1; the sub-interface for Dot1q VLAN tag termination is bound to different VSIs. Packets are transmitted through different VSIs based on the DSCP values of the packets. The following takes the scenario where a CSG accesses IP services as an example. 5.15.30 Example for Configuring QinQ Stacking Sub-interface+802.1p for L2VPN Access In this networking, PE1 receives tagged packets with different 802.1p priorities; QinQ stacking +802.1p is configured on the sub-interface at the AC side of PE1 so that an outer VLAN tag of the ISP network is added to packets on the sub-interface; the sub-interface is bound to different VSIs for L2VPN access. Packets are transmitted through different VSIs based on the 802.1p priorities of the packets. The following takes the scenario where a CSG accesses IP services as an example. 5.15.31 Example for Configuring Stacking Sub-interface+EthType for L2VPN Access In this networking, PE1 receives tagged packets with different EthTypes; QinQ stacking +EthType is configured on the sub-interface at the AC side of PE1 so that an outer VLAN tag of the ISP network is added to packets on the sub-interface; the sub-interface is bound to different VSIs for L2VPN access. Packets are transmitted through different VSIs based on the EthTypes of the packets. 5.15.32 Example for Configuring Stacking Sub-interface+DSCP for L2VPN Access In this networking, PE1 receives tagged packets with different DSCP values; QinQ stacking +DSCP is configured on the sub-interface at the AC side of PE1 so that an outer VLAN tag of the ISP network is added to packets on the sub-interface; the sub-interface is bound to different VSIs for L2VPN access. Packets are transmitted through different VSIs based on the DSCP values of the packets. The following takes the scenario where a CSG accesses IP services as an example. 5.15.33 Example for Configuring VLAN+802.1p for L3VPN Access (on a Sub-interface for Dot1q VLAN Tag Termination) In this networking, a sub-interface for Dot1q VLAN tag termination and VLAN+802.1p are configured on the interface at the AC side of a PE; the sub-interface for Dot1q VLAN tag termination is bound to different VPN instances. Packets are transmitted through different VPN instances based on the 802.1p priorities of the packets. The following takes the scenario where a CSG accesses IP services as an example. 5.15.34 Example for Configuring VLAN+DSCP for L3VPN Access (on a Sub-interface for Dot1q VLAN Tag Termination) In this networking, PE1 receives tagged packets with different DSCP values; a sub-interface for Dot1q VLAN tag termination and VLAN+DSCP are configured on the interface at the AC side of PE1; the sub-interface for Dot1q VLAN tag termination is bound to different VPN instances. Packets are transmitted through different VPN instances based on the DSCP values of the packets. The following takes the scenario where a CSG accesses IP services as an example.
5.15.1 Example for Configuring the QinQ Tunnel

After a Layer 2 QinQ tunnel is configured, different enterprises can plan their own VLANs. In this manner, offices in different locations of the same enterprise can communicate whereas different enterprises cannot.
Issue 01 (2011-05-30)
5-77
In the network as shown in Figure 5-7, enterprise 1 has two offices and enterprise 2 has three offices; offices of enterprise 1 and enterprise 2 connect to CX-A and CX-B in the operator network respectively. Enterprise 1 and enterprise 2 can partition their own VLANs as desired. It is required to configure the QinQ tunnel on CX-A and CX-B. Thus, office networks in enterprise 1 or enterprise 2 can interwork but office networks between enterprise 1 and enterprise 2 cannot interwork. Figure 5-7 Typical networking diagram of the QinQ tunnel
Company 2
GE1/0/1
CX-B
GE2/0/1 GE3/0/1
Company 2
CX-A
VLAN1000 VLAN4094 GE1/0/1 GE2/0/1
GE4/0/1 GE3/0/1 VLAN500 VLAN2500
VLAN2
VLAN500
VLAN1000 VLAN2000
VLAN100 VLAN500
Company 1
Company 2
Company 1
The configuration roadmap is as follows: 1. 2. 3. Configure the default outer VLAN tag. Configure QinQ for a Layer 2 interface. Configure the interfaces disabled with QinQ and allow the packets carrying the specific outer tags to pass through the interface.
Data Preparation
5-78
Number of the interface connecting to enterprise 1 and enterprise 2

Default VLAN ID of the QinQ interface connecting to enterprise 1 and enterprise 2
Procedure
Step 1 Create the default outer VLAN tag for a Layer 2 interface. # Configure CX-A.
<HUAWEI> system-view [HUAWEI] sysname CX-A [CX-A] vlan batch 10 20
# Configure CX-B.
<HUAWEI> system-view [HUAWEI] sysname CX-B [CX-B] vlan batch 20
Step 2 Configure QinQ for a Layer 2 interface. # Configure CX-A.

[CX-A] interface gigabitethernet 1/0/1 [CX-A-GigabitEthernet1/0/1] portswitch [CX-A-GigabitEthernet1/0/1] port link-type dot1q-tunnel [CX-A-GigabitEthernet1/0/1] port default vlan 10 [CX-A-GigabitEthernet1/0/1] undo shutdown [CX-A-GigabitEthernet1/0/1] quit [CX-A] interface gigabitethernet 2/0/1 [CX-A-GigabitEthernet2/0/1] portswitch [CX-A-GigabitEthernet2/0/1] port link-type dot1q-tunnel [CX-A-GigabitEthernet2/0/1] port default vlan 20 [CX-A-GigabitEthernet2/0/1] undo shutdown [CX-A-GigabitEthernet2/0/1] quit [CX-A] interface gigabitethernet 3/0/1 [CX-A-GigabitEthernet3/0/1] portswitch [CX-A-GigabitEthernet3/0/1] port link-type dot1q-tunnel [CX-A-GigabitEthernet3/0/1] port default vlan 10 [CX-A-GigabitEthernet3/0/1] undo shutdown [CX-A-GigabitEthernet3/0/1] quit
# Configure CX-B.
[CX-B] interface gigabitethernet 1/0/1 [CX-B-GigabitEthernet1/0/1] portswitch [CX-B-GigabitEthernet1/0/1] port link-type dot1q-tunnel [CX-B-GigabitEthernet1/0/1] port default vlan 20 [CX-B-GigabitEthernet1/0/1] undo shutdown [CX-B-GigabitEthernet1/0/1] quit [CX-B] interface gigabitethernet 2/0/1 [CX-B-GigabitEthernet2/0/1] portswitch [CX-B-GigabitEthernet2/0/1] port link-type dot1q-tunnel [CX-B-GigabitEthernet2/0/1] port default vlan 20 [CX-B-GigabitEthernet2/0/1] undo shutdown [CX-B-GigabitEthernet2/0/1] quit
Step 3 Configure other interfaces. # Allow the packets in VLAN 20 to pass through GE 1/0/0 on CX-A.
[CX-A] interface gigabitethernet 1/0/0 [CX-A-GigabitEthernet1/0/0] portswitch [CX-A-GigabitEthernet1/0/0] port trunk allow-pass vlan 20 [CX-A-GigabitEthernet1/0/0] undo shutdown [CX-A-GigabitEthernet1/0/0] quit
# Allow the packets in VLAN 20 to pass through GE 3/0/1 on CX-B.

[CX-B] interface gigabitethernet 3/0/1
Issue 01 (2011-05-30)
5-79
[CX-B-GigabitEthernet3/0/1] [CX-B-GigabitEthernet3/0/1] [CX-B-GigabitEthernet3/0/1] [CX-B-GigabitEthernet3/0/1]
portswich port trunk allow-pass vlan 20 undo shutdown quit
Step 4 Verify the configuration. Hosts in different offices but the same VLAN can ping through each other in enterprise 1. Hosts in different offices but the same VLAN can ping through each other in enterprise 2. Any host in enterprise 1 and enterprise 2 cannot ping through each other. ----End
Configuration Files
# sysname CX-A # vlan batch 10 20 # interface GigabitEthernet1/0/1 undo shutdown portswitch port link-type dot1q-tunnel port default vlan 10 # interface GigabitEthernet2/0/1 undo shutdown portswitch port link-type dot1q-tunnel port default vlan 20 # interface GigabitEthernet3/0/1 undo shutdown portswitch port link-type dot1q-tunnel port default vlan 10 # interface GigabitEthernet1/0/0 undo shutdown portswitch port trunk allow-pass vlan 20 # return

# sysname CX-B # vlan batch 20 # interface GigabitEthernet1/0/1 undo shutdown portswitch port link-type dot1q-tunnel port default vlan 20 # interface GigabitEthernet2/0/1 undo shutdown portswitch port link-type dot1q-tunnel port default vlan 20 # interface GigabitEthernet3/0/1 undo shutdown
5-80
Issue 01 (2011-05-30)
portswitch port trunk allow-pass vlan 20 # return
5.15.2 Example for Configuring Selective QinQ on a Layer 2 Interface

Layer 2 selective QinQ is an extension of the QinQ Layer 2 tunnel function, and is more flexible. This example shows how a Layer 2 QinQ interface enabled with Layer 2 selective QinQ adds different outer tags to the incoming frames with different inner tags to further classify VLANs.
As shown in Figure 5-8, enterprise 1 and enterprise 2 have many offices. l l l VLAN 2 to VLAN 500 are used in the network of enterprise 1. VLAN 500 to VLAN 4094 are used in the network of enterprise 2. GE 1/0/1 on CX-A receives the packets from different VLANs of enterprise 1 and enterprise 2 simultaneously.
It is required to configure Layer 2 selective QinQ on GE 1/0/1 of CX-A. Thus, office networks in enterprise 1 or enterprise 2 can interwork but office networks between enterprise 1 and enterprise 2 cannot interwork. Figure 5-8 Typical networking diagram of Layer 2 selective QinQ
Company 2 GE1/0/1
CX-B GE2/0/1 GE3/0/1
Company 2
CX-A
VLAN1000 VLAN4094
GE3/0/1 GE2/0/1
VLAN500 VLAN2500
GE1/0/1
VLAN100 VLAN500
Company 1
VLAN2 VLAN500 VLAN1000 VLAN2000
Company 1
Issue 01 (2011-05-30)
Company 2
5-81
The configuration roadmap is as follows: 1. 2. 3. Configure the default outer VLAN tag. Configure selective QinQ for a Layer 2 interface. Configure the interfaces disabled with QinQ and allow the packets carrying the specific outer tags to pass through the interface.
Data Preparation
To complete the configuration, you need the following data: l l Number of the interface connecting to enterprise 1 and enterprise 2 Outer tags attached to the packets of different enterprises on Layer 2 interfaces of CX-A and CX-B
Procedure
Step 1 Create the default outer VLAN tag for a Layer 2 interface. # Configure CX-A.
<HUAWEI> system-view [HUAWEI] sysname CX-A [CX-A] vlan batch 10 20
# Configure CX-B.
<HUAWEI> system-view [HUAWEI] sysname CX-B [CX-B] vlan batch 20
Step 2 Configure selective QinQ for a Layer 2 interface. # Configure CX-A.

[CX-A] interface gigabitethernet 1/0/1 [CX-A-GigabitEthernet1/0/1] portswitch [CX-A-GigabitEthernet1/0/1] port vlan-stacking vlan 2 to 500 stack-vlan 10 [CX-A-GigabitEthernet1/0/1] port vlan-stacking vlan 1000 to 2000 stack-vlan 20 [CX-A-GigabitEthernet1/0/1] undo shutdown [CX-A-GigabitEthernet1/0/1] quit [CX-A] interface gigabitethernet 2/0/1 [CX-A-GigabitEthernet2/0/1] portswitch [CX-A-GigabitEthernet2/0/1] port vlan-stacking vlan 100 to 500 stack-vlan 10 [CX-A-GigabitEthernet2/0/1] undo shutdown [CX-A-GigabitEthernet2/0/1] quit
# Configure CX-B.
[CX-B] interface gigabitethernet 1/0/1 [CX-B-GigabitEthernet1/0/1] portswitch [CX-B-GigabitEthernet1/0/1] port vlan-stacking vlan 1000 to 4094 stack-vlan 20 [CX-B-GigabitEthernet1/0/1] undo shutdown [CX-B-GigabitEthernet1/0/1] quit [CX-B] interface gigabitethernet 2/0/1 [CX-B-GigabitEthernet2/0/1] portswitch [CX-B-GigabitEthernet2/0/1] port vlan-stacking vlan 500 to 2500 stack-vlan 20 [CX-B-GigabitEthernet2/0/1] undo shutdown
5-82
Issue 01 (2011-05-30)
[CX-B-GigabitEthernet2/0/1] quit
Step 3 Configure other interfaces. # Allow the packets of VLAN 20 to pass through GE 3/0/1 on CX-A.
[CX-A] interface gigabitethernet 3/0/1 [CX-A-GigabitEthernet3/0/1] portswitch [CX-A-GigabitEthernet3/0/1] port trunk allow-pass vlan 20 [CX-A-GigabitEthernet3/0/1] undo shutdown [CX-A-GigabitEthernet3/0/1] quit
# Allow the packets in VLAN 20 to pass through GE 3/0/1 on CX- B.

[CX-B] interface gigabitethernet 3/0/1 [CX-B-GigabitEthernet3/0/1] portswich [CX-B-GigabitEthernet3/0/1] port trunk allow-pass vlan 20 [CX-B-GigabitEthernet3/0/1] undo shutdown [CX-B-GigabitEthernet3/0/1] quit
Step 4 Verify the configuration. Hosts in different offices but the same VLAN can ping through each other in enterprise 1. Hosts in different offices but the same VLAN can ping through each other in enterprise 2. Any host in enterprise 1 and enterprise 2 cannot ping through each other. ----End
Configuration Files
# sysname CX-A # vlan batch 10 20 # interface GigabitEthernet1/0/1 undo shutdown portswitch port vlan-stacking vlan 2 to 500 stack-vlan 10 port vlan-stacking vlan 1000 to 2000 stack-vlan 20 # interface GigabitEthernet2/0/1 undo shutdown portswitch port vlan-stacking vlan 100 to 500 stack-vlan 10 # interface GigabitEthernet3/0/1 undo shutdown portswitch port trunk allow-pass vlan 20 # return
CX-B
# sysname CX-B # vlan batch 20 # interface GigabitEthernet1/0/1 undo shutdown portswitch port vlan-stacking vlan 1000 to 4094 stack-vlan 20 # interface GigabitEthernet2/0/1
Issue 01 (2011-05-30)
5-83
undo shutdown portswitch port vlan-stacking vlan 500 to 2500 stack-vlan 20 # interface GigabitEthernet3/0/1 undo shutdown portswitch port trunk allow-pass vlan 20 # return
5.15.3 Example for Configuring Compatibility of the EthType Field in the Outer Tag of QinQ Packets
This example shows how to configure the EthType of an outer tag to enable the interworking between the devices of different vendors.
CX- B is Huawei data communications equipment. CX-A and CX- C are the devices of other vendors. Switch A is the switch of other vendors. Figure 5-9 shows the networking diagram and the EthType value in the outer tag of QinQ packets. Devices of different vendors can cooperate by setting the EthType value in the outer tag of the interface on CX- B. Figure 5-9 Networking diagram of configuring the compatibility of the EthType field in the outer tag of QinQ packets
IP/MPLS Core
0x9100
GE1/0/0
0x9
100
Switch A GE2/0/0 CX-B

0x81 00
Router A
Router C
EthType Value in the Outer Tag 0x8100 0x9100
Device Name CX- A CX- B
EthType Value in the Outer Tag 0x9100 0x8100
Device Name CX- C Switch A
The configuration roadmap is as follows: 1. 2. Switch Layer 3 interfaces into Layer 2 interfaces. Configure the compatibility of the EthType field in the outer tag of QinQ packets on the Layer 2 interface of the device in the demand for interworking.
Data Preparation
5-84
EthType encapsulation value in the outer tag of the device of other vendors
Name of the physical interface through which CX-B connects to the devices of other vendors
Procedure
Step 1 Switch the interface connecting to the devices of other vendors into a Layer 2 interface.
<HUAWEI> system-view [HUAWEI] sysname CX-B [CX-B] interface gigabitethernet 1/0/0 [CX-B-GigabitEthernet1/0/0] portswitch [CX-B-GigabitEthernet1/0/0] undo shutdown [CX-B-GigabitEthernet1/0/0] quit [CX-B] interface gigabitethernet 2/0/0 [CX-B-GigabitEthernet2/0/0] portswitch [CX-B-GigabitEthernet2/0/0] undo shutdown [CX-B-GigabitEthernet2/0/0] quit
Step 2 Configure the EthType encapsulation value of the outer tag on the physical interface through which CX-B connects to the devices of other vendors.
[CX-B] interface gigabitethernet 1/0/0 [CX-B-GigabitEthernet1/0/0] qinq protocol 9100 [CX-B-GigabitEthernet1/0/0] undo shutdown
Step 3 Verify the configuration. After the previous configurations, running the display this command on GE 1/0/0 of CX-B, you can view the configuration of this command. Run the display bpdu-tunnel interface config command, you can view the configuration of TPID.
[CX-B-GigabitEthernet1/0/0] display bpdu-tunnel interface config BpduDot1qStatus disable BpduOneQStatus disable BpduTwoQStatus disable EtherType 9100 Dot1qVlan TwoQList
----End
Configuration Files
# sysname CX-B # interface GigabitEthernet 1/0/0 undo shutdown qinq protocol 9100 portswitch # interface GigabitEthernet 2/0/0 undo shutdown portswitch # return
Issue 01 (2011-05-30)
5-85
5.15.4 Example for Configuring the Sub-interface for dot1q VLAN Tag Termination to Support Proxy ARP
This example shows how to configure a sub-interface for dot1q VLAN tag termination to support proxy ARP, and how to enable the interworking between users in the same network segment but in different VLANs.
Network Requirements
As shown in Figure 5-10, CX- 1 and CX- 2 are connected through Ethernet sub-interfaces. GE 1/0/0 and GE 1/0/1 on CX- belong to different VLANs. CX- 2 is connected to PC 1 and PC 2. PC 1 and PC 2 are in the same network segment. PC 1 and PC 2 are not configured with the default gateway. Proxy ARP thus needs to be configured on the sub-interface GE 1/0/0.1 of CX- 1 so that PC 1 and PC 2 can communicate with each other. Figure 5-10 Typical networking diagram of configuring the sub-interface for dot1q VLAN tag termination to support proxy ARP
CX-1
GE1/0/0.1 10.1.1.254/24 GE1/0/2 CX-2 GE1/0/0 VLAN10 GE1/0/1 VLAN20
PC1:10.1.1.1/24
PC2:10.1.1.2/24
The configuration roadmap is as follows: 1. 2. 3. Switch the Layer 3 interface of CX- 2 into a Layer 2 interface. Configure the basic Layer 2 forwarding function for CX- 2. Configure a dot1q termination sub-interface for CX- 1 and enable proxy ARP.
Data Preparation
5-86
Name of the sub-interface for dot1q VLAN tag termination VLAN IDs of the interfaces on CX- 2
Procedure
Step 1 Switch the interface to a Layer 2 interface. # Configure CX- 2.
<HUAWEI> system-view [HUAWEI] sysname CX-2 [CX-2] interface gigabitethernet 1/0/0 [CX-2-GigabitEthernet1/0/0] portswitch [CX-2-GigabitEthernet1/0/0] undo shutdown [CX-2-GigabitEthernet1/0/0] quit [CX-2] interface gigabitethernet 1/0/1 [CX-2-GigabitEthernet1/0/1] portswitch [CX-2-GigabitEthernet1/0/1] undo shutdown [CX-2-GigabitEthernet1/0/1] quit [CX-2] interface gigabitethernet 1/0/2 [CX-2-GigabitEthernet1/0/2] portswitch [CX-2-GigabitEthernet1/0/2] undo shutdown [CX-2-GigabitEthernet1/0/2] quit
NOTE
If the interface is already a Layer 2 interface, the preceding operation is not required.
Step 2 Configure the basic Layer 2 forwarding function. # Configure CX- 2.

[CX-2] vlan 10 [CX-2-vlan10] port gigabitethernet 1/0/0 [CX-2-vlan10] quit [CX-2] vlan 20 [CX-2-vlan20] port gigabitethernet 1/0/1 [CX-2-vlan20] quit [CX-2] interface gigabitethernet 1/0/2 [CX-2-GigabitEthernet1/0/2] port trunk allow-pass vlan 10 20 [CX-2-GigabitEthernet1/0/2] quit
Step 3 Configure the sub-interface for dot1q VLAN tag termination and enable proxy ARP on the subinterface. # Configure CX- 1.
<HUAWEI> system-view [HUAWEI] sysname CX-1 [CX-1] interface gigabitethernet 1/0/0 [CX-1-GigabitEthernet1/0/0] mode user-termination [CX-1-GigabitEthernet1/0/0] undo shutdown [CX-1-GigabitEthernet1/0/0] quit [CX-1] interface gigabitethernet 1/0/0.1 [CX-1-GigabitEthernet1/0/0.1] control-vid 1 dot1q-termination [CX-1-GigabitEthernet1/0/0.1] dot1q termination vid 10 [CX-1-GigabitEthernet1/0/0.1] dot1q termination vid 20 [CX-1-GigabitEthernet1/0/0.1] ip address 10.1.1.254 24 [CX-1-GigabitEthernet1/0/0.1] arp-proxy inter-sub-vlan-proxy enable [CX-1-GigabitEthernet1/0/0.1] arp broadcast enable [CX-1-GigabitEthernet1/0/0.1] undo shutdown [CX-1-GigabitEthernet1/0/0.1] quit
Step 4 Verify the configuration. Ping PC 2 from PC 1. The ping succeeds. If viewing the ARP table on PC 1, you can find that the MAC address corresponding to PC 2 is the MAC address of GE 1/0/0 on CX- 1. ----End
Configuration Files
l Configuration file of CX- 1
# sysname CX-1 # interface GigabitEthernet1/0/0 undo shutdown mode user-termination # interface GigabitEthernet1/0/0.1 undo shutdown control-vid 1 dot1q-termination dot1q termination vid 10 dot1q termination vid 20 ip address 10.1.1.254 255.255.255.0 arp-proxy inter-sub-vlan-proxy enable arp broadcast enable # return
Configuration file of CX- 2

# sysname CX-2 # vlan batch 10 20 # interface GigabitEthernet1/0/0 undo shutdown portswitch port default vlan 10 # interface GigabitEthernet1/0/1 undo shutdown portswitch port default vlan 20 # interface GigabitEthernet1/0/2 undo shutdown portswitch port trunk allow-pass vlan 10 20 # return
5.15.5 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support Proxy ARP
This example shows how to configure a sub-interface for QinQ VLAN tag termination to support proxy ARP, and how to enable the interworking between users in the same network segment but in different VLANs.
As shown in Figure 5-11, CX- 1 is connected to CX- 2 through a sub-interface. GE 1/0/0 and GE 1/0/1 on CX- 2 belong to different VLANs. CX- 2 is connected to PC 1 and PC 2 through CX- 3 and CX- 4 respectively. PC 1 and PC 2 are in the same network segment but belong to different VLANs. Configure QinQ on the convergent device CX- 2, with the outer tag as 100. The packet sent from CX- 2 to CX- 1 then carries double tags. Default gateways are not configured on PC 1 and PC 2. In this case, you can configure proxy ARP on the sub-interface GE 1/0/0.1 of CX- 1 to implement inter-communication between PC 1 and PC 2.
5-88
Issue 01 (2011-05-30)
Figure 5-11 Typical networking diagram of configuring the sub-interface for QinQ VLAN tag termination to support proxy ARP
CX-1
GE1/0/0.1 10.1.1.254/24 GE1/0/2 CX-2 GE1/0/1 GE1/0/0 GE1/0/1 CX-3 GE1/0/0 VLAN10 VLAN20 GE1/0/1 CX-4 GE1/0/0
PC1:10.1.1.1/24
PC2:10.1.1.2/24
The configuration roadmap is as follows: 1. 2. 3. 4. Configure the sub-interface for QinQ VLAN tag termination on CX- 1. Enable proxy ARP on GE 1/0/0.1. Configure QinQ on CX- 2. Configure the basic Layer 2 forwarding function on CX- 2, CX- 3, and CX- 4.
Data Preparation
To complete the configuration, you need the following data: l l l Name of the sub-interface for QinQ VLAN tag termination Outer tag value of the packet sent from CX- 2 to CX- 1 VLAN IDs of the interfaces on CX- 3, and CX- 4
Procedure
Step 1 Switch the interface to a Layer 2 interface. # Configure CX- 2.
<HUAWEI> system-view [HUAWEI] sysname CX-2 [CX-2] interface gigabitethernet 1/0/0 [CX-2-GigabitEthernet1/0/0] portswitch [CX-2-GigabitEthernet1/0/0] undo shutdown [CX-2-GigabitEthernet1/0/0] quit [CX-2] interface gigabitethernet 1/0/1 [CX-2-GigabitEthernet1/0/1] portswitch [CX-2-GigabitEthernet1/0/1] undo shutdown [CX-2-GigabitEthernet1/0/1] quit
Issue 01 (2011-05-30)
5-89
[CX-2] interface gigabitethernet 1/0/2 [CX-2-GigabitEthernet1/0/2] portswitch [CX-2-GigabitEthernet1/0/2] undo shutdown [CX-2-GigabitEthernet1/0/2] quit
# Configure CX- 3.
# Configure CX- 4.
NOTE
If the interface is already a Layer 2 interface, the preceding operation is not required.
Step 2 Configure the basic Layer 2 forwarding function. # Configure CX- 3.

[CX-3] vlan 10 [CX-3-vlan10] port gigabitethernet 1/0/0 [CX-3-vlan10] quit [CX-3] interface gigabitethernet 1/0/1 [CX-3-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 [CX-3-GigabitEthernet1/0/1] quit
# Configure CX- 4.
[CX-4] vlan 20 [CX-4-vlan20] port gigabitethernet 1/0/0 [CX-4-vlan20] quit [CX-4] interface gigabitethernet 1/0/1 [CX-4-GigabitEthernet1/0/1] port trunk allow-pass vlan 20 [CX-4-GigabitEthernet1/0/1] quit
Step 3 Configure QinQ on CX- 2 and set the packet sent from CX- 2 to CX- 1 to carry double VLAN tags. # Configure CX- 2.
[CX-2] vlan 100 [CX-2-vlan100] quit [CX-2] interface gigabitethernet [CX-2-GigabitEthernet1/0/0] port [CX-2-GigabitEthernet1/0/0] quit [CX-2] interface gigabitethernet [CX-2-GigabitEthernet1/0/1] port [CX-2-GigabitEthernet1/0/1] quit [CX-2] interface gigabitethernet [CX-2-GigabitEthernet1/0/2] port
1/0/0 vlan-stacking vlan 10 stack-vlan 100 1/0/1 vlan-stacking vlan 20 stack-vlan 100 1/0/2 trunk allow-pass vlan 100
5-90
Issue 01 (2011-05-30)
[CX-2-GigabitEthernet1/0/2] quit
NOTE
If the device does not support the port vlan-stacking command, you can run the commands port linktype dot1q-tunnel and port default vlan on the interface to configure QinQ.
Step 4 Configure the sub-interface for QinQ VLAN tag termination and enable proxy ARP on the subinterface. # Configure CX- 1.
<HUAWEI> system-view [HUAWEI] sysname CX-1 [CX-1] interface gigabitethernet 1/0/0 [CX-1-GigabitEthernet1/0/0] mode user-termination [CX-1-GigabitEthernet1/0/0] undo shutdown [CX-1-GigabitEthernet1/0/0] quit [CX-1] interface gigabitethernet 1/0/0.1 [CX-1-GigabitEthernet1/0/0.1] control-vid 1 qinq-termination [CX-1-GigabitEthernet1/0/0.1] qinq termination pe-vid 100 ce-vid 10 [CX-1-GigabitEthernet1/0/0.1] qinq termination pe-vid 100 ce-vid 20 [CX-1-GigabitEthernet1/0/0.1] ip address 10.1.1.254 24 [CX-1-GigabitEthernet1/0/0.1] arp-proxy inter-sub-vlan-proxy enable [CX-1-GigabitEthernet1/0/0.1] arp broadcast enable [CX-1-GigabitEthernet1/0/0.1] undo shutdown [CX-1-GigabitEthernet1/0/0.1] quit
NOTE
When you run the qinq termination command on the same primary interface , the ce-vid values cannot be the same if the pe-vid values of the two different sub-interfaces are the same.
Step 5 Verify the configuration. Ping PC 2 from PC 1. The ping succeeds. If viewing the ARP table on PC 1, you can find that the corresponding MAC address of PC 2 is the MAC address of GE 1/0/0 on CX- 1. ----End
Configuration Files
# sysname CX-1 # interface GigabitEthernet1/0/0 undo shutdown mode user-termination # interface GigabitEthernet1/0/0.1 undo shutdown control-vid 1 qinq-termination qinq termination pe-vid 100 ce-vid 10 qinq termination pe-vid 100 ce-vid 20 ip address 10.1.1.254 255.255.255.0 arp-proxy inter-sub-vlan-proxy enable arp broadcast enable # return

# sysname CX-2 # vlan batch 100 # interface GigabitEthernet1/0/0
Issue 01 (2011-05-30)
5-91
shutdown portswitch port vlan-stacking vlan 10 stack-vlan 100 # interface GigabitEthernet1/0/1 undo shutdown portswitch port vlan-stacking vlan 20 stack-vlan 100 # interface GigabitEthernet1/0/2 undo shutdown portswitch port trunk allow-pass vlan 100 # return

# sysname CX-3 # vlan batch 10 # interface GigabitEthernet1/0/0 undo shutdown portswitch port default vlan 10 # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 10 # return

# sysname CX-4 # vlan batch 20 # interface GigabitEthernet1/0/0 undo shutdown portswitch port default vlan 20 # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 20 # return
5.15.6 Example for Configuring the Sub-interface for dot1q VLAN Tag Termination to Support VRRP
This example shows how to ensure reliable and stable connections between the end users that send packets with one tag and the network after you configure a sub-interface for dot1q VLAN tag termination to support VRRP.
As shown in Figure 5-12, a host accesses the ISP network through the default gateway. The requirements are as follows:
l l l l
As the default gateway of the host, the VRRP backup group consists of CX- 1 and CX- 2. In normal case, CX- 1 serves as the gateway. When CX- 1 is faulty, CX- 2 acts as the gateway. When CX- 1 recovers, it can become master within 20 seconds. The packets sent by Switch 1 have a single tag.
It is required to configure GE 2/0/0.1 respectively on CX- 1 and CX- 2 to implement VRRP on the sub-interface for dot1q VLAN tag termination. Figure 5-12 Typical networking diagram of configuring the sub-interface for dot1q VLAN tag termination to support VRRP
MPLS/IP backbone POS1/0/0 192.168.2.2/24 POS1/0/0 192.168.2.1/24 CX-1 GE2/0/0.1 100.1.1.1/24

Backup Group1 Virture IP Address 100.1.1.111/24
POS1/0/1 192.168.1.2/24 POS1/0/0 CX-3 192.168.1.1/24 CX-2 GE2/0/0.1 100.1.1.2/24
Switch GE1/0/1 GE1/0/0

VLAN10
GE1/0/2
Host100.1.1.2/24
The configuration roadmap is as follows: 1. 2. 3. 4. Configure the interface mode on CX- 1 and CX- 2 to the user termination mode. Run an IGP to ensure the connectivity between CX devices on the backbone network. Configure the GE 2/0/0.1 interfaces of CX- 1 and CX- 2 as the sub-interface for dot1q VLAN tag termination. Create the backup group1 on the interface GE 2/0/0.1 of CX- 1, and configure the high precedence for CX- 1 in the backup group. Ensure that CX- 1 is master, and Configure Preemption mode.
Issue 01 (2011-05-30)
5. 6.
Create the backup group1 on the interface GE 2/0/0.1 of CX- 2, and use the default precedence. Configure the basic Layer 2 forwarding function on Switch.
Data Preparation
To complete the configuration, you need the following data: l l l Number of VRRP backup group, and virtual IP address Priority of the CX- in the backup group Terminating range of the sub-interface for dot1q VLAN tag termination
Procedure
Step 1 Configure the interface mode to user termination. # Configure CX- 1.
<HUAWEI> system-view [HUAWEI] sysname CX-1 [CX-1] interface gigabitethernet 2/0/0 [CX-1-GigabitEthernet2/0/0] mode user-termination [CX-1-GigabitEthernet2/0/0] undo shutdown [CX-1-GigabitEthernet2/0/0] quit
# Configure CX- 2.
Step 2 Configure the network interconnection between the devices. Configure IP addresses of interfaces as described in Figure 5-12. Configure IGP that runs between CX- 1, CX- 2, and CX- 3. In this example, OSPF is configured. # Configure CX- 1.
[CX-1] interface pos 1/0/0 [CX-1-Pos1/0/0] ip address 192.168.2.1 24 [CX-1-Pos1/0/0] undo shutdown [CX-1-Pos1/0/0] quit [CX-1] interface gigabitethernet 2/0/0.1 [CX-1-GigabitEthernet2/0/0.1] ip address 100.1.1.1 24 [CX-1-GigabitEthernet2/0/0.1] undo shutdown [CX-1-GigabitEthernet2/0/0.1] quit [CX-1] ospf [CX-1-ospf-1] area 0 [CX-1-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255 [CX-1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [CX-1-ospf-1-area-0.0.0.0] quit [CX-1-ospf-1] quit
# Configure CX- 2.
[CX-2] interface pos 1/0/0 [CX-2-Pos1/0/0] ip address 192.168.1.1 24 [CX-2-Pos1/0/0] undo shutdown [CX-2-Pos1/0/0] quit [CX-2] interface gigabitethernet 2/0/0.1 [CX-2-GigabitEthernet2/0/0.1] ip address 100.1.1.2 24
5-94
Issue 01 (2011-05-30)
[CX-2-GigabitEthernet2/0/0.1] undo shutdown [CX-2-GigabitEthernet2/0/0.1] quit [CX-2] ospf [CX-2-ospf-1] area 0 [CX-2-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [CX-2-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [CX-2-ospf-1-area-0.0.0.0] quit [CX-2-ospf-1] quit
# Configure CX- 3.
<HUAWEI> system-view [HUAWEI] sysname CX-3 [CX-3] interface pos 1/0/0 [CX-3-Pos1/0/0] ip address 192.168.2.2 24 [CX-3-Pos1/0/0] undo shutdown [CX-3-Pos1/0/0] quit [CX-3] interface pos 1/0/1 [CX-3-Pos2/0/0] ip address 192.168.1.2 24 [CX-3-Pos2/0/0] undo shutdown [CX-3-Pos2/0/0] quit [CX-3] ospf [CX-3-ospf-1] area 0 [CX-3-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [CX-3-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255 [CX-3-ospf-1-area-0.0.0.0] quit [CX-3-ospf-1] quit
After the preceding configurations, CX- 1 and CX- 2 both have routes, discovered through OSPF, to each other. CX- 1 and CX- 2 can ping through each other. Take the display on CX- 1 as an example:
[CX-1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 6 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.1.0/24 OSPF 10 2 D 192.168.2.2 Pos1/0/0 192.168.2.0/24 Direct 0 0 D 192.168.2.1 Pos1/0/0 192.168.2.0/30 OSPF 10 2 D 192.168.2.2 Pos1/0/0 192.168.2.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.2.2/32 Direct 0 0 D 192.168.2.2 Pos1/0/0
CX- 1 and CX- 2 can ping through each other.

[CX-1] ping 192.168.1.1 PING 192.168.1.1: 56 data bytes, press CTRL_C to break Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=254 time=110 ms Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=254 time=60 ms Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=254 time=90 ms Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=254 time=90 ms Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=254 time=90 ms --- 192.168.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 60/88/110 ms
Step 3 Configure VRRP on the sub-interface for dot1q VLAN tag termination. Set the default gateway of the host to 100.1.1.111. # Configure CX- 1, create backup group 1, and set the priority of CX- 1 in this backup group to 120. (CX- 1 serves as the Master.)
[CX-1] interface gigabitethernet 2/0/0.1 [CX-1-GigabitEthernet2/0/0.1] control-vid 1 dot1q-termination [CX-1-GigabitEthernet2/0/0.1] dot1q termination vid 10 [CX-1-GigabitEthernet2/0/0.1] dot1q vrrp vid 10 [CX-1-GigabitEthernet2/0/0.1] vrrp vrid 1 virtual-ip 100.1.1.111 [CX-1-GigabitEthernet2/0/0.1] vrrp vrid 1 priority 120 [CX-1-GigabitEthernet2/0/0.1] vrrp vrid 1 preempt-mode timer delay 20 [CX-1-GigabitEthernet2/0/0.1] arp broadcast enable [CX-1-GigabitEthernet2/0/0.1] undo shutdown [CX-1-GigabitEthernet2/0/0.1] quit
# Configure CX- 2, create backup group 1, and set the priority of CX- 2 in this backup group to the default value. (CX- 2 serves as the Backup.)
[CX-2] interface gigabitethernet 2/0/0.1 [CX-2-GigabitEthernet2/0/0.1] control-vid 1 dot1q-termination [CX-2-GigabitEthernet2/0/0.1] dot1q termination vid 10 [CX-2-GigabitEthernet2/0/0.1] dot1q vrrp vid 10 [CX-2-GigabitEthernet2/0/0.1] vrrp vrid 1 virtual-ip 100.1.1.111 [CX-2-GigabitEthernet2/0/0.1] arp broadcast enable [CX-2-GigabitEthernet2/0/0.1] undo shutdown [CX-2-GigabitEthernet2/0/0.1] quit
After the preceding steps, the sub-interfaces for dot1q VLAN tag termination on CX- 1 and CX- 2 become Up. A route to the network segment 100.1.1.0/24 is generated on CX- 3. Take the display on CX- 3 as an example:
[CX-3] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 11 Routes : 12 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 OSPF 10 2 D 192.168.2.1 Pos1/0/0 OSPF 10 2 D 192.168.1.1 Pos1/0/1 100.1.1.111/32 OSPF 10 2 D 192.168.2.1 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.1.0/24 Direct 0 0 D 192.168.1.2 Pos1/0/1 192.168.1.1/32 Direct 0 0 D 192.168.1.1 Pos1/0/1 192.168.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.2.0/24 OSPF 10 2 D 192.168.2.1 Pos1/0/0 192.168.2.0/30 Direct 0 0 D 192.168.2.2 Pos1/0/0 192.168.2.1/32 Direct 0 0 D 192.168.2.1 Pos1/0/0 192.168.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Step 4 Configure the basic Layer 2 forwarding function. #Configure Switch.

<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan 10 [Switch-vlan10] port gigabitethernet 1/0/0 [Switch-vlan10] quit [Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 [Switch-GigabitEthernet1/0/1] quit [Switch-GigabitEthernet1/0/1] undo shutdown [Switch] interface gigabitethernet 1/0/2 [Switch-GigabitEthernet1/0/2] port trunk allow-pass vlan 10 [Switch-GigabitEthernet1/0/2] undo shutdown [Switch-GigabitEthernet1/0/2] quit
Step 5 Verify the configuration. l Verify that the VRRP backup group can provide the gateway function.
Running the display vrrp command on CX- 1, you can view that CX- 1 is in the master state. Running the display vrrp command, you can view that CX- 2 is in the Backup state. The results are displayed as follows:
[CX-1] display vrrp GigabitEthernet2/0/0.1 | Virtual Router 1 State : Master Virtual IP : 100.1.1.111 Master IP : 100.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay time : 20 TimerRun : 1 TimerConfig : 1 Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0 [CX-2] display vrrp GigabitEthernet2/0/0.1 | Virtual Router 1 State : Backup Virtual IP : 100.1.1.111 Master IP : 100.1.1.2 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay time : 20 TimerRun : 1 TimerConfig : 1 Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0
Running the display ip routing-table command, you can view that there is a direct route in the routing table on CX- 1. The destination address of the direct route is a virtual IP address. The route is an OSPF route on CX- 2. The command output on CX- 1 and CX- 2 are as follows:
[CX-1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 11 Routes : 12 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 0 D 100.1.1.1 GigabitEthernet2/0/0.1 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 GigabitEthernet2/0/0.1 100.1.1.111/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.1.0/24 OSPF 10 2 D 192.168.2.2 Pos1/0/0 192.168.2.0/24 Direct 0 0 D 192.168.2.1 Pos1/0/0 192.168.2.0/30 OSPF 10 2 D 192.168.2.2 Pos1/0/0 192.168.2.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.2.2/32 Direct 0 0 D 192.168.2.2 Pos1/0/0 [CX-2] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 0 D 100.1.1.2 GigabitEthernet2/0/0.1 100.1.1.1/32 Direct 0 0 D 100.1.1.1 GigabitEthernet2/0/0.1 100.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.111/32 OSPF 10 2 D 100.1.1.1 GigabitEthernet2/0/0.1
Issue 01 (2011-05-30)
5-97
127.0.0.0/8 127.0.0.1/32 192.168.1.0/24 192.168.1.1/32 192.168.1.2/32 192.168.2.0/30 Direct Direct Direct Direct Direct OSPF 0 0 0 0 0 10 0 0 0 0 0 2
D D D D D D 127.0.0.1 127.0.0.1 192.168.1.1 127.0.0.1 192.168.1.2 192.168.1.2 InLoopBack0 InLoopBack0 Pos1/0/0 InLoopBack0 Pos1/0/0 Pos1/0/0
l Verify that CX- 2 becomes master when CX- 1 is faulty. Run the shutdown command on GE 2/0/0.1 of CX- 1 and imitate that CX- 1 is faulty. Run the display vrrp command on CX- 1 and CX- 2 respectively to view VRRP status. You can find that VRRP status on CX- 1 is "Initialize" and VRRP status on CX- 2 is "Master".
[CX-1] display vrrp GigabitEthernet2/0/0.1 | Virtual Router 1 State : Initialize Virtual IP : 100.1.1.111 Master IP : 100.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 0 Preempt : YES Delay time : 20 TimerRun : 1 TimerConfig : 1 Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0 [CX-2] display vrrp GigabitEthernet2/0/0.1 | Virtual Router 1 State : Master Virtual IP : 100.1.1.111 Master IP : 100.1.1.2 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 Preempt : YES Delay time : 0 TimerRun : 1 TimerConfig : 1 Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0
l Verify that it can preempt after CX- 1 recovers. Run the undo shutdown command on GE 2/0/0.1 on CX- 1. After GE 2/0/0.1 turns Up, run the display vrrp command on CX- 1 to view VRRP status. You can find that VRRP status on CX- 1 is Backup.
[CX-1] display vrrp GigabitEthernet2/0/0.1 | Virtual Router 1 State : Backup Virtual IP : 100.1.1.111 Master IP : 100.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 100 Preempt : YES Delay time : 20 TimerRun : 1 TimerConfig : 1 Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0
After 20 seconds, run the display vrrp command on CX- 1 to view VRRP status. You can find VRRP status restores Master.
[CX-1] display vrrp GigabitEthernet2/0/0.1 | Virtual Router 1 State : Master Virtual IP : 100.1.1.111 Master IP : 100.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 100 Preempt : YES Delay time : 20 TimerRun : 1 TimerConfig : 1 Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0
----End
Configuration Files
# sysname CX-1 # interface GigabitEthernet2/0/0 undo shutdown mode user-termination # interface GigabitEthernet2/0/0.1 undo shutdown control-vid 1 dot1q-termination dot1q termination vid 10 dot1q vrrp vid 10 ip address 100.1.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 100.1.1.111 vrrp vrid 1 priority 120 vrrp vrid 1 preempt-mode timer delay 20 arp broadcast enable # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 192.168.2.1 255.255.255.0 # ospf 1 area 0.0.0.0 network 192.168.2.0 0.0.0.255 network 100.1.1.0 0.0.0.255 # return

# sysname CX-2 # interface GigabitEthernet2/0/0 undo shutdown mode user-termination # interface GigabitEthernet2/0/0.1 undo shutdown control-vid 1 dot1q-termination dot1q termination vid 10 dot1q vrrp vid 10 ip address 100.1.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 100.1.1.111 arp broadcast enable
Issue 01 (2011-05-30)
5-99
# interface Pos1/0/0 link-protocol ppp undo shutdown ip address 192.168.1.1 255.255.255.0 # ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 100.1.1.0 0.0.0.255 # return

# sysname CX-3 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 192.168.2.2 255.255.255.0 # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 192.168.1.2 255.255.255.0 # ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 192.168.2.0 0.0.0.255 # return
Configuration file of Switch

# sysname Switch # vlan batch 10 # interface GigabitEthernet1/0/0 undo shutdown port default vlan 10 # interface GigabitEthernet1/0/1 undo shutdown port trunk allow-pass vlan 10 # interface GigabitEthernet1/0/2 undo shutdown port trunk allow-pass vlan 10 # return
5.15.7 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support VRRP
This example shows how to ensure reliable and stable connections between the end users that send packets with double tags and the network after you configure a sub-interface for QinQ VLAN tag termination to support VRRP.
As shown in Figure 5-13, a host accesses the ISP network through the default gateway. The requirements are as follows:
l l l l
As the default gateway of the host, the VRRP backup group consists of CX- 1 and CX- 2. In normal case, CX- 1 serves as the gateway. When CX- 1 is faulty, CX- 2 acts as the gateway. When CX- 1 recovers, it can become master within 20 seconds. The packets sent by Switch 1 have double tags.
It is required to configure GE 2/0/0.1 respectively on CX- 1 and CX- 2 to implement VRRP on the sub-interface for QinQ VLAN tag termination. Figure 5-13 Typical networking diagram of configuring the sub-interface for QinQ VLAN tag termination to support VRRP
MPLS/IP backbone POS1/0/0 192.168.2.2/24 POS1/0/0 CX-3 192.168.2.1/24 CX-1 GE2/0/0.1 100.1.1.1/24 GE2/0/0.2 200.1.1.1/24 POS1/0/1 192.168.1.2/24 POS1/0/0 192.168.1.1/24 CX-2 GE2/0/0.1 100.1.1.2/24 GE2/0/0.2 200.1.1.2/24
Backup Group1 Virture IP Address 100.1.1.111/24 Backup Group2 Virture IP Address 200.1.1.111/24
GE1/0/2
Switch1
GE1/0/3 GE1/0/1 Switch3

VLAN20
GE1/0/0 Switch2
GE1/0/1 GE1/0/1 GE1/0/0

VLAN10
GE1/0/0
Host1:100.1.1.3/24
Host2:200.1.1.3/24
The configuration roadmap is as follows: 1. 2. 3. Configure the interface mode on CX- 1 and CX- 2 to the user termination mode. Run an IGP to ensure the connectivity between devices on the backbone network. Configure the interface GE 2/0/0.1 on CX- 1 and CX- 2 as the sub-interface for QinQ VLAN tag termination.
Issue 01 (2011-05-30)
4.
Create the backup group1 on the interface GE 2/0/0.1 of CX- 1, and configure the high precedence for CX- 1 in the backup group. Ensure that CX- 1 is master and Configure Preemption mode. Create the backup group2 on the interface GE 2/0/0.2 of CX- 1, and configure the high precedence for CX- 1 in the backup group. Ensure that CX- 1 is master and Configure Preemption mode. Create the backup group1 on the interface GE 2/0/0.1 of CX- 2 and use the default precedence. Create the backup group2 on the interface GE 2/0/0.2 of CX- 2 and use the default precedence. Configure the QinQ function on Switch 1, two tags of the packet sent from Switch1 to CX- 2 and CX- 1 Configure the basic forwarding functions on Switch 2 and Switch 3.
5.
6. 7. 8. 9.
Data Preparation
To complete the configuration, you need the following data: l l l Number of VRRP backup group, and virtual IP address CX device precedence in the backup group Terminating range of the sub-interface for QinQ VLAN tag termination
Procedure
Step 1 Configure the interface mode to user termination. # Configure CX- 1.
# Configure CX- 2.
Step 2 Configure the network interconnection between the devices. As shown in Figure 5-13, configure IP addresses of interfaces. Configure IGP run between CX- 1, CX- 2, and CX- 3. Here, OSPF is configured. # Configure CX- 1.
[CX-1] interface pos 1/0/0 [CX-1-Pos1/0/0] ip address 192.168.2.1 24 [CX-1-Pos1/0/0] undo shutdown [CX-1-Pos1/0/0] quit [CX-1] interface gigabitethernet 2/0/0.1 [CX-1-GigabitEthernet2/0/0.1] ip address 100.1.1.1 24 [CX-1-GigabitEthernet2/0/0.1] undo shutdown [CX-1-GigabitEthernet2/0/0.1] quit
5-102
Issue 01 (2011-05-30)
[CX-1] interface gigabitethernet 2/0/0.2 [CX-1-GigabitEthernet2/0/0.2] ip address 200.1.1.1 24 [CX-1-GigabitEthernet2/0/0.2] undo shutdown [CX-1-GigabitEthernet2/0/0.2] quit [CX-1] ospf [CX-1-ospf-1] area 0 [CX-1-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255 [CX-1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [CX-1-ospf-1-area-0.0.0.0] network 200.1.1.0 0.0.0.255 [CX-1-ospf-1-area-0.0.0.0] quit [CX-1-ospf-1] quit
# Configure CX- 2.
[CX-2] interface pos 1/0/0 [CX-2-Pos1/0/0] ip address 192.168.1.1 24 [CX-2-Pos1/0/0] undo shutdown [CX-2-Pos1/0/0] quit [CX-2] interface gigabitethernet 2/0/0.1 [CX-2-GigabitEthernet2/0/0.1] ip address 100.1.1.2 24 [CX-2-GigabitEthernet2/0/0.1] undo shutdown [CX-2-GigabitEthernet2/0/0.1] quit [CX-2] interface gigabitethernet 2/0/0.2 [CX-2-GigabitEthernet2/0/0.2] ip address 200.1.1.2 24 [CX-2-GigabitEthernet2/0/0.2] undo shutdown [CX-2-GigabitEthernet2/0/0.2] quit [CX-2] ospf [CX-2-ospf-1] area 0 [CX-2-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [CX-2-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [CX-2-ospf-1-area-0.0.0.0] network 200.1.1.0 0.0.0.255 [CX-2-ospf-1-area-0.0.0.0] quit [CX-2-ospf-1] quit
# Configure CX- 3.
<HUAWEI> system-view [HUAWEI] sysname CX-3 [CX-3] interface pos 1/0/0 [CX-3-Pos1/0/0] ip address 192.168.2.2 24 [CX-3-Pos1/0/0] undo shutdown [CX-3-Pos1/0/0] quit [CX-3] interface pos 1/0/1 [CX-3-Pos2/0/0] ip address 192.168.1.2 24 [CX-3-Pos2/0/0] undo shutdown [CX-3-Pos2/0/0] quit [CX-3] ospf [CX-3-ospf-1] area 0 [CX-3-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [CX-3-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255 [CX-3-ospf-1-area-0.0.0.0] quit [CX-3-ospf-1] quit
After the preceding configurations, CX- 1 and CX- 2 both have routes, discovered through OSPF, to each other. CX- 1 and CX- 2 can ping through each other. Take the display on CX- 1 as an example:
[CX-1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 10 Routes : 11 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 0 D 100.1.1.1 GigabitEthernet2/0/0.1 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.1.0/24 OSPF 10 2 D 192.168.2.2 Pos1/0/0 192.168.2.0/24 Direct 0 0 D 192.168.2.1 Pos1/0/0
Issue 01 (2011-05-30)
5-103
192.168.2.1/32 Direct 0 192.168.2.2/32 Direct 0 200.1.1.0/24 Direct 0 200.1.1.1/32 Direct 0 200.1.1.2/32 Direct 0 0 0 0 0 0
127.0.0.1 192.168.2.2 D 200.1.1.1 D 127.0.0.1 D 200.1.1.2 D D InLoopBack0 Pos1/0/0 GigabitEthernet2/0/0.2 InLoopBack0 GigabitEthernet2/0/0.2
CX- 1 and CX- 2 can ping through each other.

[CX-1] ping 192.168.1.1 PING 192.168.1.1: 56 data bytes, press CTRL_C to break Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=254 time=110 ms Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=254 time=60 ms Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=254 time=90 ms Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=254 time=90 ms Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=254 time=90 ms --- 192.168.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 60/88/110 ms
Step 3 Configure VRRP on the sub-interface for QinQ VLAN tag termination. Set the default gateway of the host to 100.1.1.111. # Configure CX- 1, create backup group 1 and backup group 2, and set the priority of CX- 1 in backup group 1 and backup group 2 to 120. (CX- 1 serves as the Master.)
[CX-1] interface gigabitethernet 2/0/0.1 [CX-1-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination [CX-1-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10 [CX-1-GigabitEthernet2/0/0.1] qinq vrrp pe-vid 100 ce-vid 10 [CX-1-GigabitEthernet2/0/0.1] vrrp vrid 1 virtual-ip 100.1.1.111 [CX-1-GigabitEthernet2/0/0.1] vrrp vrid 1 priority 120 [CX-1-GigabitEthernet2/0/0.1] vrrp vrid 1 preempt-mode timer delay 20 [CX-1-GigabitEthernet2/0/0.1] arp broadcast enable [CX-1-GigabitEthernet2/0/0.1] undo shutdown [CX-1-GigabitEthernet2/0/0.1] quit [CX-1] interface gigabitethernet 2/0/0.2 [CX-1-GigabitEthernet2/0/0.2] control-vid 2 qinq-termination [CX-1-GigabitEthernet2/0/0.2] qinq termination pe-vid 100 ce-vid 20 [CX-1-GigabitEthernet2/0/0.2] qinq vrrp pe-vid 100 ce-vid 20 [CX-1-GigabitEthernet2/0/0.2] vrrp vrid 2 virtual-ip 200.1.1.111 [CX-1-GigabitEthernet2/0/0.2] vrrp vrid 2 priority 120 [CX-1-GigabitEthernet2/0/0.2] vrrp vrid 2 preempt-mode timer delay 20 [CX-1-GigabitEthernet2/0/0.2] arp broadcast enable [CX-1-GigabitEthernet2/0/0.2] undo shutdown [CX-1-GigabitEthernet2/0/0.2] quit
# Configure CX- 2, create backup group 1 and backup group 2, and set the priority of CX- 2 in backup group 1 and backup group 2 to the default value. (CX- 2 serves as the Backup.)
[CX-2] interface gigabitethernet 2/0/0.1 [CX-2-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination [CX-2-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10 [CX-2-GigabitEthernet2/0/0.1] qinq vrrp pe-vid 100 ce-vid 10 [CX-2-GigabitEthernet2/0/0.1] vrrp vrid 1 virtual-ip 100.1.1.111 [CX-2-GigabitEthernet2/0/0.1] arp broadcast enable [CX-2-GigabitEthernet2/0/0.1] undo shutdown [CX-2-GigabitEthernet2/0/0.1] quit [CX-2] interface gigabitethernet 2/0/0.2 [CX-2-GigabitEthernet2/0/0.2] control-vid 2 qinq-termination [CX-2-GigabitEthernet2/0/0.2] qinq termination pe-vid 100 ce-vid 20 [CX-2-GigabitEthernet2/0/0.2] qinq vrrp pe-vid 100 ce-vid 20 [CX-2-GigabitEthernet2/0/0.2] vrrp vrid 2 virtual-ip 200.1.1.111 [CX-2-GigabitEthernet2/0/0.2] arp broadcast enable [CX-2-GigabitEthernet2/0/0.2] undo shutdown [CX-2-GigabitEthernet2/0/0.2] quit
5-104
Issue 01 (2011-05-30)
NOTE
After the preceding steps, the sub-interfaces for QinQ VLAN tag termination on CX- 1 and CX- 2 turn Up. Routes to the network segments 100.1.1.0/24 and 200.1.1.0/24 are generated on CX- 3. Take the display on CX- 3 as an example:
[CX-3] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 12 Routes : 14 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 OSPF 10 2 D 192.168.1.1 Pos1/0/1 OSPF 10 2 D 192.168.2.1 Pos1/0/0 100.1.1.111/32 OSPF 10 2 D 192.168.2.1 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.1.0/24 Direct 0 0 D 192.168.1.2 Pos1/0/1 192.168.1.1/32 Direct 0 0 D 192.168.1.1 Pos1/0/1 192.168.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.2.0/24 Direct 0 0 D 192.168.2.2 Pos1/0/0 192.168.2.1/32 Direct 0 0 D 192.168.2.1 Pos1/0/0 192.168.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 200.1.1.0/24 OSPF 10 2 D 192.168.2.1 Pos1/0/0 OSPF 10 2 D 192.168.1.1 Pos1/0/1 200.1.1.111/32 OSPF 10 2 D 192.168.2.1 Pos1/0/0
Step 4 Configure the basic Layer 2 forwarding functions on Switches. # Configure Switch 2.
<HUAWEI> system-view [HUAWEI] sysname Switch2 [Switch2] vlan 10 [Switch2-vlan10] port gigabitethernet 1/0/0 [Switch2-vlan10] quit [Switch2] interface gigabitethernet 1/0/1 [Switch2-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 [Switch2-GigabitEthernet1/0/1] undo shutdown [Switch2-GigabitEthernet1/0/1] quit
<HUAWEI> system-view [HUAWEI] sysname Switch3 [Switch3] vlan 20 [Switch3-vlan20] port gigabitethernet 1/0/0 [Switch3-vlan20] quit [Switch3] interface gigabitethernet 1/0/1 [Switch3-GigabitEthernet1/0/1] port trunk allow-pass vlan 20 [Switch3-GigabitEthernet1/0/1] undo shutdown [Switch3-GigabitEthernet1/0/1] quit
Step 5 Configure QinQ on Switch 1 and set the packets sent from Switch 1 to CX- 1 and CX- 2 to carry double VLAN tags. # Configure Switch 1.
<HUAWEI> system-view [HUAWEI] sysname Switch1 [Switch1] vlan 100 [Switch1-vlan100] quit [Switch1] interface gigabitethernet 1/0/0
Issue 01 (2011-05-30)
5-105
[Switch1-GigabitEthernet1/0/0] port [Switch1-GigabitEthernet1/0/0] undo [Switch1-GigabitEthernet1/0/0] quit [Switch1] interface gigabitethernet [Switch1-GigabitEthernet1/0/1] port [Switch1-GigabitEthernet1/0/1] undo [Switch1-GigabitEthernet1/0/1] quit [Switch1] interface gigabitethernet [Switch1-GigabitEthernet1/0/2] port [Switch1-GigabitEthernet1/0/2] undo [Switch1-GigabitEthernet1/0/2] quit [Switch1] interface gigabitethernet [Switch1-GigabitEthernet1/0/3] port [Switch1-GigabitEthernet1/0/3] undo [Switch1-GigabitEthernet1/0/3] quit
NOTE
vlan-stacking vlan 10 stack-vlan 100 shutdown 1/0/1 vlan-stacking vlan 20 stack-vlan 100 shutdown 1/0/2 trunk allow-pass vlan 100 shutdown 1/0/3 trunk allow-pass vlan 100 shutdown
Step 6 Verify the configuration. l Verify that the VRRP backup group can normally provide the gateway function. Running the display vrrp command on CX- 1, you can view that CX- 1 is in the master state. Running the display vrrp command on CX- 2, you can view that CX- 2 is in the Backup state. The results are displayed as follows:
[CX-1] display vrrp GigabitEthernet2/0/0.1 | Virtual Router 1 State : Master Virtual IP : 100.1.1.111 Master IP : 100.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay time : 20 TimerRun : 1 TimerConfig : 1 Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0 GigabitEthernet2/0/0.2 | Virtual Router 2 State : Master Virtual IP : 200.1.1.111 Master IP : 200.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay time : 20 TimerRun : 1 TimerConfig : 1 Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0 [CX-2] display vrrp GigabitEthernet2/0/0.2 | Virtual Router 2 State : Backup Virtual IP : 200.1.1.111 Master IP : 200.1.1.2 PriorityRun : 100 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay time : 20 TimerRun : 1
5-106
Issue 01 (2011-05-30)
TimerConfig : 1 Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0 GigabitEthernet2/0/0.1 | Virtual Router 1 State : Backup Virtual IP : 100.1.1.111 Master IP : 100.1.1.2 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay time : 20 TimerRun : 1 TimerConfig : 1 Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0
Running the display ip routing-table command on CX- 1 and CX- 2, you can view that there is a direct route in the routing table on CX- 1. The destination address of the direct route is a virtual IP address, and the route is an OSPF route on CX- 2. The command output on CX- 1 and CX- 2 are as follows:
[CX-1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 14 Routes : 16 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 0 D 100.1.1.1 GigabitEthernet2/0/0.1 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 GigabitEthernet2/0/0.1 100.1.1.111/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.1.0/24 OSPF 10 2 D 100.1.1.2 GigabitEthernet2/0/0.1 OSPF 10 2 D 200.1.1.2 GigabitEthernet2/0/0.2 OSPF 10 2 D 192.168.2.2 Pos1/0/0 192.168.2.0/24 Direct 0 0 D 192.168.2.1 Pos1/0/0 192.168.2.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.2.2/32 Direct 0 0 D 192.168.2.2 Pos1/0/0 200.1.1.0/24 Direct 0 0 D 200.1.1.1 GigabitEthernet2/0/0.2 200.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 200.1.1.2/32 Direct 0 0 D 200.1.1.2 GigabitEthernet2/0/0.2 200.1.1.111/32 Direct 0 0 D 127.0.0.1 InLoopBack0 [CX-2] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 14 Routes : 18 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 0 D 100.1.1.2 GigabitEthernet2/0/0.1 100.1.1.1/32 Direct 0 0 D 100.1.1.1 GigabitEthernet2/0/0.1 100.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.111/32 OSPF 10 2 D 100.1.1.1 GigabitEthernet2/0/0.1 OSPF 10 2 D 200.1.1.1 GigabitEthernet2/0/0.2 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.1.0/24 Direct 0 0 D 192.168.1.1 Pos1/0/0 192.168.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.1.2/32 Direct 0 0 D 192.168.1.2 Pos1/0/0 192.168.2.0/24 OSPF 10 2 D 100.1.1.1 GigabitEthernet2/0/0.1 OSPF 10 2 D 200.1.1.1 GigabitEthernet2/0/0.2 OSPF 10 2 D 192.168.1.2 Pos1/0/0
Issue 01 (2011-05-30)
5-107
200.1.1.0/24 Direct 0 0 200.1.1.1/32 Direct 0 0 200.1.1.2/32 Direct 0 0 200.1.1.111/32 OSPF 10 2 OSPF 10 2
200.1.1.2 200.1.1.1 D 127.0.0.1 D 100.1.1.1 D 200.1.1.1 D D GigabitEthernet2/0/0.2 GigabitEthernet2/0/0.2 InLoopBack0 GigabitEthernet2/0/0.1 GigabitEthernet2/0/0.2
l Verify that when CX- 1 is faulty, CX- 2 can become master. Run the shutdown command on GE 2/0/0.1 of CX- 1 and imitate that CX- 1 is faulty. Run the display vrrp command on CX- 1 and CX- 2 respectively to view VRRP status. You can find that VRRP status on CX- 1 is "Initialize" and VRRP status on CX- 2 is "Master".
[CX-1] display vrrp GigabitEthernet2/0/0.1 | Virtual Router 1 State : Initialize Virtual IP : 100.1.1.111 Master IP : 100.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 0 Preempt : YES Delay time : 20 TimerRun : 1 TimerConfig : 1 Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0 GigabitEthernet2/0/0.2 | Virtual Router 2 State : Master Virtual IP : 200.1.1.111 Master IP : 200.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay time : 20 TimerRun : 1 TimerConfig : 1 Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0 [CX-2] display vrrp GigabitEthernet2/0/0.2 | Virtual Router 2 State : Backup Virtual IP : 200.1.1.111 Master IP : 200.1.1.2 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay time : 0 TimerRun : 1 TimerConfig : 1 Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0 GigabitEthernet2/0/0.1 | Virtual Router 1 State : Master Virtual IP : 100.1.1.111 Master IP : 100.1.1.2 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 Preempt : YES Delay time : 20 TimerRun : 1
5-108
Issue 01 (2011-05-30)
TimerConfig : 1 Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0
Run the shutdown command on GE2/0/0.2 of CX- 1. The operation process is as described previously. It is not mentioned here. l Verify that after CX- 1 recovers, it can preempt. Run the undo shutdown command on GE 2/0/0.1 on CX- 1. After GE 2/0/0.1 turns Up, run the display vrrp command on CX- 1 to view VRRP status. You can find that VRRP status on CX- 1 restores Backup.
[CX-1] display vrrp GigabitEthernet2/0/0.1 | Virtual Router 1 State : Backup Virtual IP : 100.1.1.111 Master IP : 100.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 100 Preempt : YES Delay time : 20 TimerRun : 1 TimerConfig : 1 Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0 GigabitEthernet2/0/0.2 | Virtual Router 2 State : Master Virtual IP : 200.1.1.111 Master IP : 200.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay time : 20 TimerRun : 1 TimerConfig : 1 Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0
After 20 seconds, run the display vrrp command on CX- 1 to view VRRP status. You can find VRRP status restores Master.
[CX-1] display vrrp GigabitEthernet2/0/0.1 | Virtual Router 1 State : Master Virtual IP : 100.1.1.111 Master IP : 100.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay time : 20 TimerRun : 1 TimerConfig : 1 Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0 GigabitEthernet2/0/0.2 | Virtual Router 2 State : Master
Issue 01 (2011-05-30)
5-109
Virtual IP : 200.1.1.111 Master IP : 200.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay time : 20 TimerRun : 1 TimerConfig : 1 Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0
----End
Configuration Files
# sysname CX-1 # interface GigabitEthernet2/0/0 undo shutdown mode user-termination # interface GigabitEthernet2/0/0.1 undo shutdown control-vid 1 qinq-termination qinq termination pe-vid 100 ce-vid 10 qinq vrrp pe-vid 100 ce-vid 10 ip address 100.1.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 100.1.1.111 vrrp vrid 1 priority 120 vrrp vrid 1 preempt-mode timer delay 20 arp broadcast enable # interface GigabitEthernet2/0/0.2 undo shutdown control-vid 2 qinq-termination qinq termination pe-vid 100 ce-vid 20 qinq vrrp pe-vid 100 ce-vid 20 ip address 200.1.1.1 255.255.255.0 vrrp vrid 2 virtual-ip 200.1.1.111 vrrp vrid 2 priority 120 vrrp vrid 2 preempt-mode timer delay 20 arp broadcast enable # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 192.168.2.1 255.255.255.0 # ospf 1 area 0.0.0.0 network 192.168.2.0 0.0.0.255 network 100.1.1.0 0.0.0.255 network 200.1.1.0 0.0.0.255 # return

# sysname CX-2 # interface GigabitEthernet2/0/0 undo shutdown mode user-termination
5-110
Issue 01 (2011-05-30)
# interface GigabitEthernet2/0/0.1 undo shutdown control-vid 1 qinq-termination qinq termination pe-vid 100 ce-vid 10 qinq vrrp pe-vid 100 ce-vid 10 ip address 100.1.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 100.1.1.111 arp broadcast enable # interface GigabitEthernet2/0/0.2 undo shutdown control-vid 2 qinq-termination qinq termination pe-vid 100 ce-vid 20 qinq vrrp pe-vid 100 ce-vid 20 ip address 200.1.1.2 255.255.255.0 vrrp vrid 2 virtual-ip 200.1.1.111 arp broadcast enable # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 192.168.1.1 255.255.255.0 # ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 100.1.1.0 0.0.0.255 network 200.1.1.0 0.0.0.255 # return

# sysname CX-3 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 192.168.2.2 255.255.255.0 # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 192.168.1.2 255.255.255.0 # ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 192.168.2.0 0.0.0.255 # return
Configuration file of Switch 1

# sysname Switch1 # vlan batch 100 # interface GigabitEthernet1/0/0 undo shutdown port vlan-stacking vlan 10 stack-vlan 100 # interface GigabitEthernet1/0/1 undo shutdown port vlan-stacking vlan 20 stack-vlan 100 # interface GigabitEthernet1/0/2 undo shutdown port trunk allow-pass vlan 100
Issue 01 (2011-05-30)
5-111
# interface GigabitEthernet1/0/3 undo shutdown port trunk allow-pass vlan 100 # return

# sysname Switch2 # vlan batch 10 # interface GigabitEthernet1/0/0 undo shutdown port default vlan 10 # interface GigabitEthernet1/0/1 undo shutdown port trunk allow-pass vlan 10 # return

5.15.8 Example for Configuring the Sub-interface for dotlq and QinQ VLAN Tag Termination to Access an L3VPN
PEs are connected through an L3VPN; user packets sent to the PEs carry one tag and double tags respectively. This example describes how users communicate with each other through an L3VPN and how to configure sub-interfaces for dot1q VLAN tag termination, sub-interfaces for QinQ VLAN tag termination, and L3VPNs.
As shown in Figure 5-14, both GE 1/0/0.1 of CE1 and that of CE3 are connected to PE1 through Switch 1. QinQ is configured on Switch 1 so that the outer VLAN tag with the VLAN ID as 100 is added to a user packet from CE1 or CE3. The public VLAN IDs are thus saved. Then the user packet sent from Switch 1 to PE1 carries double VLAN tags. CE2 and CE4 are connected to PE2 through Switch 2 and a user packet sent from Switch 2 to PE2 carries one VLAN tag. It is required that the sub-interface for QinQ VLAN tag termination be configured on PE1 to access the L3VPN; the sub-interface for dot1q VLAN tag termination be configured on PE2 to access the L3VPN. Then the user networks connected to CE1 and CE2 can communicate with each other; the user networks connected to CE3 and CE4 can communicate with each other.
NOTE
The types of the AC interfaces at both ends of the L3VPN are not necessarily associated with each other. The interfaces at both ends can be sub-interfaces for QinQ VLAN tag termination or sub-interfaces for dot1q VLAN tag termination.
Figure 5-14 Typical networking diagram of configuring the sub-interface for dot1q and QinQ VLAN tag termination to access an L3VPN
AS100
Loopback1 1.1.1.9/32 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32
PE1
POS1/0/0 100.1.1.1/24 POS1/0/0 GE2/0/0.1 100.1.1.2/24 10.1.1.1/24 GE2/0/0.2 20.1.1.1/24 GE1/0/0
POS1/0/0 100.1.2.2/24 POS2/0/0 GE2/0/0.1 100.1.2.1/24 10.2.1.1/24 GE2/0/0.2 20.2.1.1/24 GE1/0/0
PE2
Switch1
GE1/0/1 GE1/0/2
Switch2
GE1/0/1 GE1/0/2
GE1/0/0.1 10.1.1.2/24
GE1/0/0.1 20.1.1.2/24
GE1/0/0 10.2.1.2/24
GE1/0/0 20.2.1.2/24
CE1 AS65410
CE3 AS65411
AS65420 CE2
AS65421
CE4
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. 7. Configure the interface mode to user termination on PE1 and PE2. Run the IGP protocol to interconnect the CX devices on the backbone network. Configure and enable basic MPLS capabilities on the backbone network. Create the VPN instance, and configure the RD and VPN-Target. Bind the AC interface to the VPN instance. Configure Layer 2 forwarding and QinQ on switches. Configure an EBGP between the CE and the PE to exchange VPN routing information.
Data Preparation
To complete the configuration, you need the following data: l l l
Issue 01 (2011-05-30)
Name of PE interface connected to CE IP address of the interface VPN instance names of PE1 and PE2
l l
RD and VPN-Target of the VPN-Instance Tag value of the sub-interface for dot1q VLAN tag termination and QinQ VLAN tag termination.
Procedure
<HUAWEI> system-view [HUAWEI] sysname PE1 [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] mode user-termination [PE1-GigabitEthernet2/0/0] quit
# Configure PE2.
Step 2 Configure IGP of the MPLS backbone network. OSPF is used in this example. According to Figure 5-14, configure the addresses for the interfaces on PE and P. Configure OSPF to advertise the addresses of the loopback interfaces on PE1, P, and PE2. # Configure PE1.
<PE1> system-view [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] ip address 100.1.1.1 24 [PE1-Pos1/0/0] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure P.
<HUAWEI> system-view [HUAWEI] sysname P [P] interface LoopBack 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] interface pos 1/0/0 [P-Pos1/0/0] ip address 100.1.1.2 24 [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] ip address 100.1.2.1 24 [P-Pos2/0/0] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 100.1.2.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit
# Configure PE2.
<PE2> system-view [PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 100.1.2.2 24 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.1.2.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
After the preceding steps, PE1 and PE2 have routes, discovered through OSPF, to loopback1 interface of each other. PE1 and PE2 can ping through each other. Take the display on PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 100.1.1.2 Pos1/0/0 3.3.3.9/32 OSPF 10 3 D 100.1.1.2 Pos1/0/0 100.1.1.0/24 Direct 0 0 D 100.1.1.1 Pos1/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos1/0/0 100.1.2.0/24 OSPF 10 2 D 100.1.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 <PE1> ping 100.1.2.2 PING 100.1.2.2: 56 data bytes, press CTRL_C to break Reply from 100.1.2.2: bytes=56 Sequence=1 ttl=254 time=200 ms Reply from 100.1.2.2: bytes=56 Sequence=2 ttl=254 time=60 ms Reply from 100.1.2.2: bytes=56 Sequence=3 ttl=254 time=90 ms Reply from 100.1.2.2: bytes=56 Sequence=4 ttl=254 time=90 ms Reply from 100.1.2.2: bytes=56 Sequence=5 ttl=254 time=90 ms --- 100.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 60/106/200 ms
# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit
Issue 01 (2011-05-30)
5-115
[P] interface pos1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit
# Configure PE2.
After the configuration, the sessions between PE1 and the P and between PE2 and the P are set up. Running the display mpls ldp session command, you can view that the status is "Operational". Running the display mpls ldp lsp command, you can view the establishing status of LDP LSP. For example, the following displays the session information on PE1.
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:01 5/5 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM <PE1> display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------------------1 1.1.1.9/32 3/NULL 127.0.0.1 Pos1/0/0/InLoop0 2 2.2.2.9/32 NULL/3 100.1.1.2 -------/Pos1/0/0 3 3.3.3.9/32 NULL/1024 100.1.1.2 -------/Pos1/0/0 4 100.1.2.0/24 NULL/3 100.1.1.2 -------/Pos1/0/0 -----------------------------------------------------------------------------TOTAL: 4 Normal LSP(s) Found. TOTAL: 0 Liberal LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale
Step 4 Configure VPN instances on PEs and bind the VPN instances to the sub-interface for dot1q VLAN tag termination and QinQ VLAN tag termination. # Configure PE1.
<PE1> system-view [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] quit [PE1] interface gigabitethernet 2/0/0.1 [PE1-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination [PE1-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10 [PE1-GigabitEthernet2/0/0.1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/0/0.1] ip address 10.1.1.1 24 [PE1-GigabitEthernet2/0/0.1] arp broadcast enable [PE1-GigabitEthernet2/0/0.1] undo shutdown
5-116
Issue 01 (2011-05-30)
[PE1-GigabitEthernet2/0/0.1] quit [PE1] ip vpn-instance vpn2 [PE1-vpn-instance-vpn2] route-distinguisher 100:2 [PE1-vpn-instance-vpn2] vpn-target 200:2 both [PE1-vpn-instance-vpn2] quit [PE1] interface gigabitethernet 2/0/0.2 [PE1-GigabitEthernet2/0/0.2] control-vid 2 qinq-termination [PE1-GigabitEthernet2/0/0.2] qinq termination pe-vid 100 ce-vid 20 [PE1-GigabitEthernet2/0/0.2] ip binding vpn-instance vpn2 [PE1-GigabitEthernet2/0/0.2] ip address 20.1.1.1 24 [PE1-GigabitEthernet2/0/0.2] arp broadcast enable [PE1-GigabitEthernet2/0/0.2] undo shutdown [PE1-GigabitEthernet2/0/0.2] quit
# Configure PE2.
<PE2> system-view [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 100:1 both [PE2-vpn-instance-vpn1] quit [PE2] interface gigabitethernet 2/0/0.1 [PE2-GigabitEthernet2/0/0.1] control-vid 1 dot1q-termination [PE2-GigabitEthernet2/0/0.1] dot1q termination vid 10 [PE2-GigabitEthernet2/0/0.1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/0/0.1] ip address 10.2.1.1 24 [PE2-GigabitEthernet2/0/0.1] arp broadcast enable [PE2-GigabitEthernet2/0/0.1] undo shutdown [PE2-GigabitEthernet2/0/0.1] quit [PE2] ip vpn-instance vpn2 [PE2-vpn-instance-vpn2] route-distinguisher 200:2 [PE2-vpn-instance-vpn2] vpn-target 200:2 both [PE2-vpn-instance-vpn2] quit [PE2] interface gigabitethernet 2/0/0.2 [PE2-GigabitEthernet2/0/0.2] control-vid 2 dot1q-termination [PE2-GigabitEthernet2/0/0.2] dot1q termination vid 20 [PE2-GigabitEthernet2/0/0.2] ip binding vpn-instance vpn2 [PE2-GigabitEthernet2/0/0.2] ip address 20.2.1.1 24 [PE2-GigabitEthernet2/0/0.2] arp broadcast enable [PE2-GigabitEthernet2/0/0.2] undo shutdown [PE2-GigabitEthernet2/0/0.2] quit
NOTE
On different sub-interfaces, the vid values cannot overlap.
After the preceding steps, run the display ip vpn-instance verbose command on PEs to view configurations of VPN instances. Take the display on PE1 as an example:
<PE1> display ip vpn-instance verbose Total VPN-Instances configured : 2 VPN-Instance Name and ID : vpn1, 1 Create date : 2007/03/03 16:43:43 Up time : 0 days, 00 hours, 08 minutes and 19 seconds Route Distinguisher : 100:1 Export VPN Targets : 100:1 Import VPN Targets : 100:1 Label policy : label per route The diffserv-mode Information is : uniform The ttl-mode Information is : uniform Interfaces : GigabitEthernet2/0/0.1 VPN-Instance Name and ID : vpn2, 2 Create date : 2007/03/03 16:45:21 Up time : 0 days, 00 hours, 06 minutes and 40 seconds Route Distinguisher : 100:2 Export VPN Targets : 200:2 Import VPN Targets : 200:2 Label policy : label per route
Issue 01 (2011-05-30)
5-117
The diffserv-mode Information is : uniform The ttl-mode Information is : uniform Interfaces : GigabitEthernet2/0/0.2
Step 5 Configure the basic Layer 2 forwarding function. # Configure Switch 1. Create VLAN 100 on Switch 1 so that GE 1/0/1 and GE 1/0/2 add an outer VLAN tag with the VLAN ID as 100 to a packet of VLAN 10 or VLAN 20. Specify GE 1/0/0 as a trunk interface and configure it to allow the packets of VLAN 100 to pass through.
<HUAWEI> system-view [HUAWEI] sysname switch1 [switch1] vlan 100 [switch1-vlan10] quit [switch1] interface gigabitethernet [switch1-GigabitEthernet1/0/1] port [switch1-GigabitEthernet1/0/1] quit [switch1] interface gigabitethernet [switch1-GigabitEthernet1/0/2] port [switch1-GigabitEthernet1/0/2] quit [switch1] interface gigabitethernet [switch1-GigabitEthernet1/0/0] port [switch1-GigabitEthernet1/0/0] quit
1/0/1 vlan-stacking vlan 10 stack-vlan 100 1/0/2 vlan-stacking vlan 20 stack-vlan 100 1/0/0 trunk allow-pass vlan 100
# Configure Switch 2. Create VLAN 10 and 20 on Switch 2. Specify GE 1/0/1 and GE 1/0/2 as access interfaces, and add GE 1/0/1 to VLAN 10 and GE 1/0/2 to VLAN 20. Specify GE 1/0/0 as a trunk interface and configure it to allow the packets of VLAN 10 and VLAN 20 to pass through.
<HUAWEI> system-view [HUAWEI] sysname switch2 [switch2] vlan batch 10 20 [switch2] interface gigabitethernet [switch2-GigabitEthernet1/0/1] port [switch2-GigabitEthernet1/0/1] port [switch2-GigabitEthernet1/0/1] quit [switch2] interface gigabitethernet [switch2-GigabitEthernet1/0/2] port [switch2-GigabitEthernet1/0/2] port [switch2-GigabitEthernet1/0/2] quit [switch2] interface gigabitethernet [switch2-GigabitEthernet1/0/0] port [switch2-GigabitEthernet1/0/0] quit
1/0/1 link-type access default vlan 10 1/0/2 link-type access default vlan 20 1/0/0 trunk allow-pass vlan 10 20
# Configure IP addresses for interfaces of CEs as shown in Figure 5-14. The details are not mentioned here. After the configuration, All PEs can ping through their CEs.
NOTE
When multiple interfaces on the PE are bound with the same VPN, you need to specify the source IP address that is the -a source-ip-address in the ping -vpn-instance vpn-instance-name -a source-ip-address destip-address command when you run the ping -vpn-instance command; otherwise, the ping fails.
Take the display on PE1 as an example:

[PE1] ping -vpn-instance vpn1 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=50 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=60 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=60 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=40 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=60 --- 10.1.1.2 ping statistics ---
ms ms ms ms ms
5-118
Issue 01 (2011-05-30)
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 40/54/60 ms
Step 6 Set up EBGP peer relationships between the PEs and the CEs to import VPN routes. # Configure CE1.
[CE1] bgp 65410 [CE1-bgp] peer 10.1.1.1 as-number 100 [CE1-bgp] import-route direct
# Configure CE2.
# Configure CE3.
# Configure CE4.
# Configure PE1.
[PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.2 as-number 65410 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] ipv4-family vpn-instance vpn2 [PE1-bgp-vpn1] peer 20.1.1.2 as-number 65411 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit
# Configure PE2.
[PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.2.1.2 as-number 65420 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit [PE2-bgp] ipv4-family vpn-instance vpn2 [PE2-bgp-vpn1] peer 20.2.1.2 as-number 65421 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit
After the configuration, running the display bgp vpnv4 vpn-instance peer command on the PE, you can view that the BGP peer relationships are set up between the PEs and the CEs and are in the Established state. Take the display on PE1 as an example:
[PE1] display bgp vpnv4 vpn-instance vpn1 peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 10.1.1.2 4 65410 6 7 0 00:02:58 Established 1
Step 7 Set up MP-IBGP peer relationships between the PEs.

# Configure PE1.
[PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit
# Configure PE2.
After the configuration, running the display bgp peer or display bgp vpnv4 all peer command on the PE, you can view that the BGP peer relationships between the PEs are set up and are in the Established state.
[PE1] display bgp peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peer V AS MsgRcvd 3.3.3.9 4 100 5 [PE1] display bgp vpnv4 all peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 3 Peer V AS MsgRcvd 3.3.3.9 4 100 5 Peer of vpn instance : vpn instance vpn1 : 10.1.1.2 4 65410 6 vpn instance vpn2 : 20.1.1.2 4 65411 3
MsgSent 5
Peers in established state : 1 OutQ Up/Down State PrefRcv 0 00:00:58 Established 0
MsgSent 5 7 4
Peers in established state : 3 OutQ Up/Down State PrefRcv 0 00:01:28 Established 2 0 00:07:59 0 00:06:39 Established Established 1 1
Step 8 Verify the configuration. Run the display qinq information command. You can view information about QinQ VLAN tag termination. In addition, the sub-interface is bound to the L3VPN. Take the display on PE1 as an example:
[PE1] display qinq information termination interface gigabitethernet 2/0/0 GigabitEthernet2/0/0.1 L3VPN binded Total QinQ Num: 1 qinq termination pe-vid 100 ce-vid 10 Total vlan-group Num: 0 control-vid 1 qinq-termination GigabitEthernet2/0/0.2 L3VPN binded Total QinQ Num: 1 qinq termination pe-vid 100 ce-vid 20 Total vlan-group Num: 0 control-vid 2 qinq-termination
Run the display dot1q information command. You can view information about dot1q VLAN tag termination. In addition, the sub-interface is bound to the L3VPN. Take the display on PE2 as an example:
[PE2] display dot1q information termination interface gigabitethernet 2/0/0 GigabitEthernet2/0/0.1
5-120
Issue 01 (2011-05-30)
L3VPN binded Total QinQ Num: 1 dot1q termination vid 10 Total vlan-group Num: 0 control-vid 1 dot1q-termination GigabitEthernet2/0/0.2 L3VPN binded Total QinQ Num: 1 dot1q termination vid 20 Total vlan-group Num: 0 control-vid 2 dot1q-termination
The hosts connected to CE1 and CE2 can ping through each other; the hosts connected to CE3 and CE4 can ping through each other. As they belong to different VPN instances, neither CE1 nor CE2 can communicate with CE3 or CE4. You can view relevant ARP entries on PEs. Take the display on PE1 as an example.
[PE1] display arp slot 1 IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC ---------------------------------------------------------------------------------10.1.1.1 00e0-fc00-0001 I GE1/0/0.1 vpn1 20.1.1.1 00e0-fc00-0001 I GE1/0/0.2 vpn2 10.1.1.2 00e0-fc00-8fe6 12 DF1 GE1/0/0.1 vpn1 100/10 20.1.1.2 00e0-fc00-8fe6 13 DF1 GE1/0/0.2 vpn2 100/20 ---------------------------------------------------------------------------------Total:4 Dynamic:2 Static:0 Interface:2
----End
Configuration Files
# sysname CE1 # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 ip address 10.1.1.2 255.255.255.0 # bgp 65410 peer 10.1.1.1 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.1.1 enable # return

# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown ip address 10.2.1.2 255.255.255.0 # bgp 65420 peer 10.2.1.1 as-number 100 # ipv4-family unicast undo synchronization import-route direct
Issue 01 (2011-05-30)
5-121
peer 10.2.1.1 enable # return

# sysname CE3 # interface GigabitEthernet1/0/0.1 vlan-type dot1q 20 ip address 20.1.1.2 255.255.255.0 # bgp 65411 peer 20.1.1.1 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 20.1.1.1 enable # return

# sysname CE4 # interface GigabitEthernet1/0/0 undo shutdown ip address 20.2.1.2 255.255.255.0 # bgp 65421 peer 20.2.1.1 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 20.2.1.1 enable # return
Configuration file of switch1

# sysname switch1 # vlan batch 100 # interface GigabitEthernet1/0/0 undo shutdown port trunk allow-pass vlan 100 # interface GigabitEthernet1/0/1 undo shutdown port vlan-stacking vlan 10 stack-vlan 100 # interface GigabitEthernet1/0/2 undo shutdown port vlan-stacking vlan 20 stack-vlan 100 # return

# sysname switch2 # vlan batch 10 20 # interface GigabitEthernet1/0/0 undo shutdown port trunk allow-pass vlan 10 20
5-122
Issue 01 (2011-05-30)
# interface GigabitEthernet1/0/1 undo shutdown port link-type access port default vlan 10 # interface GigabitEthernet1/0/2 undo shutdown port link-type access port default vlan 20 # return

# sysname PE1 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity # ip vpn-instance vpn2 route-distinguisher 100:2 vpn-target 200:2 export-extcommunity vpn-target 200:2 import-extcommunity # mpls lsr-id 1.1.1.9 mpls # mpls ldp # interface GigabitEthernet2/0/0 undo shutdown mode user-termination # interface GigabitEthernet2/0/0.1 control-vid 1 qinq-termination qinq termination pe-vid 100 ce-vid 10 ip binding vpn-instance vpn1 ip address 10.1.1.1 255.255.255.0 arp broadcast enable # interface GigabitEthernet2/0/0.2 control-vid 2 qinq-termination qinq termination pe-vid 100 ce-vid 20 ip binding vpn-instance vpn2 ip address 20.1.1.1 255.255.255.0 arp broadcast enable # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target
Issue 01 (2011-05-30)
5-123
peer 3.3.3.9 enable # ipv4-family vpn-instance vpn1 peer 10.1.1.2 as-number 65410 import-route direct # ipv4-family vpn-instance vpn2 peer 20.1.1.2 as-number 65411 import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 # return
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 # return

# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 200:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity # ip vpn-instance vpn2 route-distinguisher 200:2 vpn-target 200:2 export-extcommunity vpn-target 200:2 import-extcommunity # mpls lsr-id 3.3.3.9 mpls # mpls ldp #
5-124
Issue 01 (2011-05-30)
interface GigabitEthernet2/0/0 undo shutdown mode user-termination # interface GigabitEthernet2/0/0.1 control-vid 1 dot1q-termination dot1q termination vid 10 ip binding vpn-instance vpn1 ip address 10.2.1.1 255.255.255.0 arp broadcast enable # interface GigabitEthernet2/0/0.2 control-vid 2 dot1q-termination dot1q termination vid 20 ip binding vpn-instance vpn2 ip address 20.2.1.1 255.255.255.0 arp broadcast enable # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.2.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn1 import-route direct peer 10.2.1.2 as-number 65420 # ipv4-family vpn-instance vpn2 import-route direct peer 20.2.1.2 as-number 65421 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.1.2.0 0.0.0.255 # return
5.15.9 Example for Configuring the Dot1q Termination Subinterface to Access the VLL
PEs are connected through an L2VPN; user packets sent to the PEs carry one tag. This example describes how to communicate through an L2VPN and how to configure sub-interfaces for Dot1q VLAN tag termination and L2VPNs.
Issue 01 (2011-05-30)
5-125
As shown in Figure 5-15, GE 1/0/0 on CE1 is connected to PE1 through a switch. The switch adds a VLAN tag with the VLAN ID being 100 to the packets sent from CE1. CE2 is connected to PE2 through a sub-interface. The Dot1q termination sub-interface accesses the VLL on PE1. In this example, the Dot1q termination sub-interface accesses the VLL in Martini mode. After the preceding configurations, the user networks connected to CE1 and CE2 can communicate.
NOTE
The Dot1q termination sub-interface can be bound to a VLL. The Martini or Kompella VLL supports both the homogeneous and heterogeneous transport (transport media of the same type or of different types can communicate with each other through the VLL). The CCC or SVC VLL supports neither the homogeneous transport nor the heterogeneous transport.
Figure 5-15 Networking diagram of configuring the Dot1q termination sub-interface to access the VLL
Loopback1 1.1.1.9/32 POS1/0/0 100.1.1.1/24 GE2/0/0.1 POS1/0/0 100.1.1.2/24 P POS2/0/0 100.1.2.1/24 Loopback1 2.2.2.9/32 POS1/0/0 100.1.2.2/24 GE2/0/0.1 GE1/0/0.1 10.1.1.2/24 Switch GE1/0/1 GE1/0/0 10.1.1.1/24 CE2 VPN1 Loopback1 3.3.3.9/32
PE1
PE2
GE1/0/0
CE1 VPN1
The configuration roadmap is as follows: 1. 2. 3. 4.
5-126
Configure the interface mode on PE1 to user termination. Run IGP on the backbone network to ensure that CX devices on the backbone network can communicate with each other Enable MPLS on the backbone network and set up an LSP tunnel. Set up the remote MPLS LDP peer relationship between PEs at both ends of the PW.
5. 6.
Create a Dot1q termination sub-interfaces on PE1 and connect the Dot1q termination subinterface to an MPLS L2VC. Configure Layer 2 forwarding on the switch.
Data Preparation
To complete the configuration, you need the following data: l l l l l l Names of the interfaces connecting PEs to CEs IP addresses of interfaces L2VC IDs at both ends of the PW (must be the same) MPLS LSR IDs for PEs and the P IP address of the remote PE peer Tag value of the Dot1q termination sub-interface
Procedure
Step 1 Configure the interface mode on PE1 to user termination. # Configure PE1.
<HUAWEI> system-view [HUAWEI] sysname PE1 [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] mode user-termination [PE1-GigabitEthernet2/0/0] undo shutdown [PE1-GigabitEthernet2/0/0] quit
Step 2 Configure IGP on the MPLS backbone network. In this example, OSPF is configured. Assign an IP address to each interface on each PE and the P as shown in Figure 5-15. After OSPF is enabled, the 32-bit loopback addresses of PE1, P, and PE2 must be advertised. # Configure PE1.
# Configure the P.
<HUAWEI> system-view [HUAWEI] sysname P [P] interface LoopBack 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] interface pos 1/0/0 [P-Pos1/0/0] ip address 100.1.1.2 24 [P-Pos1/0/0] undo shutdown [P-Pos1/0/0] quit [P] interface pos 2/0/0
Issue 01 (2011-05-30)
5-127
[P-Pos2/0/0] ip address 100.1.2.1 24 [P-Pos2/0/0] undo shutdown [P-Pos2/0/0] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 100.1.2.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit
# Configure PE2.
After the preceding configuration, PE1 and PE2 have routes discovered through OSPF to Loopback 1 of each other. This indicates that PE1 and PE2 can ping through each other. Take the display on PE1 as an example.
Step 3 Enable basic MPLS capabilities and LDP on the MPLS backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit
5-128
Issue 01 (2011-05-30)
[PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] mpls ldp [PE1-Pos1/0/0] quit
# Configure the P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit
# Configure PE2.
After the preceding configurations, LDP sessions can be set up between PE1 and P, and between PE2 and P. After running the display mpls ldp session command, you can view that the status of the LDP sessions is Operational. After running the display mpls ldp lsp command, you can view whether LDP LSPs are set up. Take the display on PE1 as an example.
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:01 5/5 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM <PE1> display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------------------1 1.1.1.9/32 3/NULL 127.0.0.1 Pos1/0/0/InLoop0 2 2.2.2.9/32 NULL/3 100.1.1.2 -------/Pos1/0/0 3 3.3.3.9/32 NULL/1024 100.1.1.2 -------/Pos1/0/0 -----------------------------------------------------------------------------TOTAL: 3 Normal LSP(s) Found. TOTAL: 0 Liberal LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale
Step 4 Set up remote LDP sessions between PEs. # Configure PE1.

[PE1] mpls ldp remote-peer 1 [PE1-mpls-ldp-remote-1] remote-ip 3.3.3.9 [PE1-mpls-ldp-remote-1] quit
# Configure PE2.
After the preceding configurations, LDP sessions can be set up between PE1 and PE2. After running the display mpls ldp session command, you can view that the status of the LDP sessions is Operational. After running the display mpls ldp lsp command, you can view whether LDP LSPs are set up. Take the display on PE1 as an example.
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:15 64/64 3.3.3.9:0 Operational DU Passive 000:00:01 5/5 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM <PE1> display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------------------1 1.1.1.9/32 3/NULL 127.0.0.1 Pos1/0/0/InLoop0 2 1.1.1.9/32 3/NULL 127.0.0.1 Pos1/0/0/InLoop0 *3 1.1.1.9/32 Liberal 4 2.2.2.9/32 NULL/3 100.1.1.2 -------/Pos1/0/0 5 2.2.2.9/32 1024/3 100.1.1.2 -------/Pos1/0/0 *6 2.2.2.9/32 Liberal 7 3.3.3.9/32 NULL/1025 100.1.1.2 -------/Pos1/0/0 8 3.3.3.9/32 1025/1025 100.1.1.2 -------/Pos1/0/0 *9 3.3.3.9/32 Liberal -----------------------------------------------------------------------------TOTAL: 6 Normal LSP(s) Found. TOTAL: 3 Liberal LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale
Step 5 Configure a Dot1q termination sub-interface to an L2VPN and configure the L2VPN to provide heterogeneous transport (transport media of different types across the L2VPN can communicate with each other). # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface gigabitethernet 2/0/0.1 [PE1-GigabitEthernet2/0/0.1] control-vid 1 dot1q-termination [PE1-GigabitEthernet2/0/0.1] dot1q termination vid 100 [PE1-GigabitEthernet2/0/0.1] mpls l2vc 3.3.3.9 101 [PE1-GigabitEthernet2/0/0.1] arp broadcast enable [PE1-GigabitEthernet2/0/0.1] undo shutdown [PE1-GigabitEthernet2/0/0.1] quit
# Configure PE2.
[PE2] mpls l2vpn [PE1-l2vpn] quit [PE2] interface gigabitethernet 2/0/0.1
5-130
Issue 01 (2011-05-30)
[PE2-GigabitEthernet2/0/0.1] [PE2-GigabitEthernet2/0/0.1] [PE2-GigabitEthernet2/0/0.1] [PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 200 mpls l2vc 1.1.1.9 101 undo shutdown quit
Step 6 Configure the switch to add a VLAN tag with the VLAN ID being 100 to the packets sent to PE1. Configure the switch to add a VLAN tag with the VLAN ID being 100 to the packet received on GE 1/0/1. Specify GE 1/0/0 as a trunk interface and configure it to allow the packets from VLAN 100 to pass through.
<HUAWEI> system-view [HUAWEI] sysname switch [switch] vlan 100 [switch-vlan10] quit [switch] interface gigabitethernet [switch-GigabitEthernet1/0/1] port [switch-GigabitEthernet1/0/1] quit [switch] interface gigabitethernet [switch-GigabitEthernet1/0/0] port [switch-GigabitEthernet1/0/0] quit
1/0/1 default vlan 100 1/0/0 trunk allow-pass vlan 100
Step 7 Assign IP addresses to the interfaces on CEs. # Configure CE1.

<HUAWEI> system-view [HUAWEI] sysname CE1 [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit
# Configure CE2.
<HUAWEI> system-view [HUAWEI] sysname CE2 [CE2] interface gigabitethernet 1/0/0.1 [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 200 [CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24 [CE2-GigabitEthernet1/0/0.1] undo shutdown [CE2-GigabitEthernet1/0/0.1] quit
Step 8 Verify the configuration. Run the display dot1q information termination command, and you can view that the Dot1q termination sub-interface is bound to the L2VPN. Take the display on PE1 as an example.
<PE1> display dot1q information termination interface gigabitethernet 2/0/0.1 GigabitEthernet2/0/0.1 VLL/PWE3 binded Total QinQ Num: 1 qinq termination vid 100 Total vlan-group Num: 0 control-vid 1 dot1q-termination
Check the L2VPN connections on PEs. You can find that an L2VC connection is set up and is in the Up state. Take the display on PE1 as an example.
<PE1> display mpls l2vc interface gigabitethernet 2/0/0.1 *client interface : GigabitEthernet2/0/0.1 is up session state : up AC state : up
Issue 01 (2011-05-30)
5-131
VC state : VC ID : VC type : destination : local group ID : local VC label : local AC OAM State : local PSN State : local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: BFD for PW : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local control word : tunnel policy name : traffic behavior name : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time :
up 101 VLAN 3.3.3.9 0 remote group ID : 0 147456 remote VC label : 146432 up up forwarding up up forwarding unavailable not set active exist up 1500 remote VC MTU : 1500 Disable alert lsp-ping bfd disable remote control word : disable ---primary 1 tunnels/tokens , TNL ID : 0x2008002 0 days, 0 hours, 46 minutes, 0 seconds 0 days, 0 hours, 27 minutes, 1 seconds 0 days, 0 hours, 27 minutes, 1 seconds
Hosts in the same VLAN of CEs can ping through each other. Take the display on CE1 as an example.
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=80 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=30 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=60 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=60 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=60 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 30/58/80 ms
ms ms ms ms ms
----End
Configuration File
# sysname CE1 # interface GigabitEthernet1/0/0 ip address 10.1.1.1 255.255.255.0 # return

# sysname CE2 # interface GigabitEthernet1/0/0 vlan-type dot1q 200 ip address 10.1.1.2 255.255.255.0
5-132
Issue 01 (2011-05-30)
# return
Configuration file of switch

# sysname switch # vlan batch 100 # interface GigabitEthernet1/0/1 undo shutdown port default vlan 100 # interface GigabitEthernet1/0/0 undo shutdown port trunk allow-pass vlan 100 # return

# sysname PE1 # mpls lsr-id 1.1.1.9 mpls mpls l2vpn # mpls ldp # mpls ldp remote-peer 1 remote-ip 3.3.3.9 # interface GigabitEthernet2/0/0 undo shutdown mode user-termination # interface GigabitEthernet2/0/0.1 control-vid 1 dot1q-termination dot1q termination vid 100 mpls l2vc 3.3.3.9 101 arp broadcast enable # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 # return
Configuration file of the P

# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp
Issue 01 (2011-05-30)
5-133
undo shutdown ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 # return

# sysname PE2 # mpls lsr-id 3.3.3.9 mpls mpls l2vpn # mpls ldp # mpls ldp remote-peer 1 remote-ip 1.1.1.9 # interface GigabitEthernet2/0/0.1 vlan-type dot1q 200 mpls l2vc 1.1.1.9 101 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.2.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.1.2.0 0.0.0.255 # return
5.15.10 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Access a VLL
PEs are connected through an L2VPN; user packets sent to the PEs carry double tags. This example describes how to communicate through an L2VPN and how to configure sub-interfaces for QinQ VLAN tag termination and L2VPNs.
5-134
Issue 01 (2011-05-30)
As shown in Figure 5-16, GE 1/0/0.1 of CE1 is connected to PE1 through Switch. Configure QinQ on Switch. A packet from CE1 is then added with an outer VLAN tag with the VLAN ID as 100 to save public VLAN IDs. In this example Martini is adopted. Then the packet sent from Switch to PE1 carries double VLAN tags. CE2 accesses PE2 through a common sub-interface. It is required that the sub-interface for QinQ VLAN tag termination on PE1 be configured to access a VLL; the common sub-interface on PE2 be configured to access the VLL. The user networks connected CE1 and CE2 can thus communicate.
NOTE
At both ends of a VLL, an unsymmetric sub-interface for QinQ VLAN tag termination can communicate with other types of AC interfaces; a symmetric sub-interface for QinQ VLAN tag termination can communicate with only symmetric sub-interfaces for QinQ VLAN tag termination.
Figure 5-16 Typical networking diagram of configuring the sub-interface for QinQ VLAN tag termination to access a VLL
Loopback1 1.1.1.9/32 POS1/0/0 100.1.1.1/24 GE2/0/0.1 POS1/0/0 100.1.1.2/24 Loopback1 2.2.2.9/32 POS1/0/0 100.1.2.2/24 Loopback1 3.3.3.9/32
PE1
POS2/0/0 100.1.2.1/24
PE2
GE2/0/0.1 GE1/0/0.1 10.1.1.2/24
GE1/0/0
Switch
GE1/0/1 GE1/0/0.1 10.1.1.1/24 CE2 VPN1
CE1 VPN1
The configuration roadmap is as follows: 1. 2. 3. 4. 5.
Issue 01 (2011-05-30)
Configure the interface mode to user termination on PE1. Configure IGP run on the MPLS backbone network, implementing inter-communication between CX devices on the backbone network. Enable the basic MPLS capabilities on the MPLS backbone network and establish an LSP tunnel. Set up MPLS LDP peer relationship between PEs on two ends of a Pseudo Wire (PW). Configure the Layer 2 forwarding function and QinQ on switches.
6.
Create a MPLS L2VC connection between PEs.
Data Preparation
To complete the configuration, you need the following data: l l l l l l Name of PE interface connected to CE IP address of the interface Consistent L2VC IDs on the both ends of PW MPLS LSR-IDs on PEs and P IP address of the PE peer Tag value of the sub-interface for QinQ VLAN tag termination
Procedure
Step 2 Configure IGP on the MPLS backbone network. OSPF is used in this example. According to Figure 5-16, configure the addresses for the interfaces on PE and P. Configure OSPF to advertise the addresses of the loopback interfaces on PE1, P, and PE2. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] ip address 100.1.1.1 24 [PE1-Pos1/0/0] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure P.
<HUAWEI> system-view [HUAWEI] sysname P [P] interface LoopBack 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] interface pos 1/0/0 [P-Pos1/0/0] ip address 100.1.1.2 24 [P-Pos1/0/0] undo shutdown [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] ip address 100.1.2.1 24 [P-Pos2/0/0] undo shutdown [P-Pos2/0/0] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
5-136
Issue 01 (2011-05-30)
[P-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 100.1.2.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit
# Configure PE2.
<HUAWEI> system-view [HUAWEI] sysname PE2 [PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 100.1.2.2 24 [PE2-Pos1/0/0] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.1.2.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
# Configure P.
# Configure PE2.
After the preceding configurations, LDP sessions are set up between PE1 and P, and between P and PE1. Running the display mpls ldp session command, you can see the Status field is "Operational". Run the display mpls ldp lsp command to view the establishing status of LDPLSP. Take the display on PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:02 11/11 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM <PE1> display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------------------1 1.1.1.9/32 3/NULL 127.0.0.1 Pos1/0/0/InLoop0 2 2.2.2.9/32 NULL/3 100.1.1.2 -------/Pos1/0/0 3 3.3.3.9/32 NULL/1025 100.1.1.2 -------/Pos1/0/0 -----------------------------------------------------------------------------TOTAL: 3 Normal LSP(s) Found. TOTAL: 0 Liberal LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale
# Configure PE2.
5-138
Issue 01 (2011-05-30)
After the configuration, the sessions between PE1 and P and between PE2 and P are set up. Running the display mpls ldp session command, you can view that the Status field is "Operational". Running the display mpls ldp lsp command, you can view the establishing status of LDP LSP. For example, the following displays the session information on PE1:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:04 18/18 3.3.3.9:0 Operational DU Passive 000:00:00 2/2 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM <PE1> display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------------------1 1.1.1.9/32 3/NULL 127.0.0.1 P1/0/0/InLoop0 2 1.1.1.9/32 3/NULL 127.0.0.1 -------/InLoop0 *3 1.1.1.9/32 Liberal 4 2.2.2.9/32 NULL/3 100.1.1.2 -------/P1/0/0 5 2.2.2.9/32 1024/3 100.1.1.2 -------/P1/0/0 *6 2.2.2.9/32 Liberal 7 3.3.3.9/32 NULL/1025 100.1.1.2 -------/P1/0/0 8 3.3.3.9/32 1025/1025 100.1.1.2 -------/P1/0/0 *9 3.3.3.9/32 Liberal -----------------------------------------------------------------------------TOTAL: 6 Normal LSP(s) Found. TOTAL: 3 Liberal LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale
Step 5 Enable MPLS L2VPN and create a VC. Configure the sub-interface for QinQ VLAN tag termination. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] mpls l2vpn default martini [PE1-l2vpn] quit [PE1] interface gigabitethernet 2/0/0.1 [PE1-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination [PE1-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10 [PE1-GigabitEthernet2/0/0.1] mpls l2vc 3.3.3.9 101 [PE1-GigabitEthernet2/0/0.1] arp broadcast enable [PE1-GigabitEthernet2/0/0.1] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] mpls l2vpn default martini [PE2-l2vpn] quit [PE2] interface gigabitethernet 2/0/0.1 [PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet2/0/0.1] mpls l2vc 1.1.1.9 101 [PE2-GigabitEthernet2/0/0.1] quit
Step 6 Configure QinQ so that a packet sent from the switch to the PE1 carries double VLAN tags. Configure GE 1/0/1 on Switch to add an outer VLAN tag with the VLAN ID as 100 to a packet of VLAN 10. Specify GE 1/0/0 as a trunk interface and configure it to allow the packets of VLAN 100 to pass through.
<HUAWEI> system-view [HUAWEI] sysname switch [switch] vlan 100 [switch-vlan10] quit [switch] interface gigabitethernet [switch-GigabitEthernet1/0/1] port [switch-GigabitEthernet1/0/1] quit [switch] interface gigabitethernet [switch-GigabitEthernet1/0/0] port [switch-GigabitEthernet1/0/0] quit
1/0/1 vlan-stacking vlan 10 stack-vlan 100 1/0/0 trunk allow-pass vlan 100
Step 7 Configure IP addresses of the interfaces of the CEs. # Configure CE1.

<HUAWEI> system-view [HUAWEI] sysname CE1 [CE1] interface gigabitethernet 1/0/0.1 [CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] quit
# Configure CE2.
<HUAWEI> system-view [HUAWEI] sysname CE2 [CE2] interface gigabitethernet 1/0/0.1 [CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24 [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE2-GigabitEthernet1/0/0.1] quit
Step 8 Verify the configuration. Running the display qinq information command, you can view the QinQ terminating information. For example, the following displays the stacking information on PE1:
<PE1> display qinq information termination interface gigabitethernet 2/0/0.1 GigabitEthernet2/0/0.1 VLL/PWE3 binded qinq termination l2 symmetry Total QinQ Num: 1 qinq termination pe-vid 100 ce-vid 10 Total vlan-group Num: 0 control-vid 1 qinq-termination GigabitEthernet2/0/0.2 VLL/PWE3 binded qinq termination l2 symmetry Total QinQ Num: 1 qinq termination pe-vid 100 ce-vid 20 Total vlan-group Num: 0 control-vid 2 qinq-termination
View the L2VPN information on the PE. You can find that an L2 VA is created and is Up. Take the display on PE1 as an example:
<PE1> display mpls l2vc total LDP VC : 1 1 up 0 down *client interface : GigabitEthernet2/0/0.1 session state : up AC status : up VC state : up VC ID : 101 VC type : VLAN destination : 3.3.3.9 local VC label : 21504 remote VC label control word : disable
: 21504
5-140
Issue 01 (2011-05-30)
forwarding entry : local group ID : manual fault : active state : link state : local VC MTU : tunnel policy name : traffic behavior name: PW template name : primary or secondary : create time : up time : last change time :
existent 0 not set active up 1500 remote VC MTU : 1500 ---primary 0 days, 0 hours, 7 minutes, 53 seconds 0 days, 0 hours, 2 minutes, 29 seconds 0 days, 0 hours, 2 minutes, 29 seconds
On CEs, the attached hosts can ping through each other if they are in the same VLAN. Take the display on CE1 as an example:
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=80 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=30 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=60 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=60 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=60 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 30/58/80 ms
ms ms ms ms ms
----End
Configuration Files
# sysname CE1 # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 ip address 10.1.1.1 255.255.255.0 # return

Configuration file of switch

# sysname switch # vlan batch 100 # interface GigabitEthernet1/0/1 undo shutdown port vlan-stacking vlan 10 stack-vlan 100 # interface GigabitEthernet1/0/0 undo shutdown port trunk allow-pass vlan 100
Issue 01 (2011-05-30)
5-141
# return

# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn mpls l2vpn default martini # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface GigabitEthernet2/0/0 undo shutdown mode user-termination # interface GigabitEthernet2/0/0.1 control-vid 1 qinq-termination qinq termination pe-vid 100 ce-vid 10 mpls l2vc 3.3.3.9 101 arp broadcast enable # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 # return
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255
5-142
Issue 01 (2011-05-30)
# ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 # return

# sysname PE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn mpls l2vpn default martini # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # interface GigabitEthernet2/0/0.1 vlan-type dot1q 10 mpls l2vc 1.1.1.9 101 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.2.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.1.2.0 0.0.0.255 # return
5.15.11 Example for Configuring the Sub-interface for dot1q and QinQ VLAN Tag Termination to Access a VPLS
PEs are connected through a VPLS network; user packets sent to PEs carry one tag and double tags respectively. This example describes how to communicate through a VPLS network and how to configure sub-interfaces for dot1q VLAN tag termination, sub-interfaces for QinQ VLAN tag termination, and VPLS networks.
As shown in Figure 5-17, CE1 and CE2 are connected to PE1and PE2 through switches. CE3 is connected to PE3 through a sub-interface. A packet sent from CE1 to Switch 1 carries one VLAN tag; the packet sent from CE2 to Switch 2 carries no VLAN tag. The Switch then labels the packets from the CE with outer tags based on the inbound interface and then sends the packets to the PE. It is required to configure the sub-interface for QinQ VLAN tag termination on PE1 and the sub-interface for dot1q VLAN tag termination on PE2 to access VPLS to implement inter-communication between CEs 1 to 3. The backbone network adopts Martini VPLS and uses LDP to set up PWs.
Figure 5-17 Typical networking diagram of configuring the sub-interface for dot1q and QinQ VLAN tag termination to access VPLS
VPN1 CE3
GE1/0/0.1 10.1.1.3/24 GE2/0/0.1 POS1/0/0 100.1.1.2/30 PE3 Loopback1 3.3.3.9/32 POS1/0/1 100.1.1.1/30 Loopback1 1.1.1.9/32 PE1 POS1/0/0 100.1.3.1/30 GE2/0/0.1 GE1/0/0 Switch1 GE1/0/1 GE1/0/0.1 10.1.1.1/24 POS1/0/0 100.1.3.2/30 GE2/0/0.1 GE1/0/0 Switch2 GE1/0/1 GE1/0/0 10.1.1.2/24 PE2 POS1/0/1 100.1.2.2/30 Loopback1 2.2.2.9/32 POS1/0/1 100.1.2.1/30
CE1 VPN1 VLAN10
CE2 VPN1 VLAN10
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. 7.
5-144
Configure the interface mode to user termination on PEs. Run IGP on the backbone network and interconnect the CX devices on the backbone network. Configure the routing protocol on the backbone network to interconnect the CX devices and enable the basic MPLS capabilities. Set up the LSP tunnel between PEs. Enable MPLS L2VPN on PE. Configure the Layer 2 forwarding function on switches. Bind the AC interface to the VSI.
Data Preparation
To complete the configuration, you need the following data: l l l l l IP address of the interface Consistent L2VC IDs on the both ends of PW MPLS LSR-IDs on PEs VSI names on PE1, PE2, and PE3 Interface bound to VSI
Procedure
# Configure PE2.
Step 2 Configure IGP on the MPLS backbone network. OSPF is used in this example. According to Figure 5-17, configure the addresses for the interfaces on PE and P. Configure OSPF to advertise the addresses of the loopback interfaces on PE1, PE2, and PE3. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] ip address 100.1.3.1 30 [PE1-Pos1/0/0] quit [PE1] interface pos 1/0/1 [PE1-Pos1/0/1] ip address 100.1.1.1 30 [PE1-Pos1/0/1] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] network 100.1.3.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure PE2.
[PE2] interface LoopBack 1 [PE2-LoopBack1] ip address 2.2.2.9 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 100.1.3.2 30 [PE2-Pos1/0/0] quit [PE2] interface pos 1/0/1 [PE2-Pos1/0/1] ip address 100.1.2.2 30
Issue 01 (2011-05-30)
5-145
[PE2-Pos1/0/1] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] [PE2-ospf-1-area-0.0.0.0] [PE2-ospf-1-area-0.0.0.0] [PE2-ospf-1-area-0.0.0.0] [PE2-ospf-1] quit
network 2.2.2.9 0.0.0.0 network 100.1.3.0 0.0.0.3 network 100.1.2.0 0.0.0.3 quit
# Configure PE3.
<HUAWEI> system-view [HUAWEI] sysname PE3 [PE3] interface loopback 1 [PE3-LoopBack1] ip address 3.3.3.9 32 [PE3-LoopBack1] quit [PE3] interface pos 1/0/0 [PE3-Pos1/0/0] ip address 100.1.1.2 30 [PE3-Pos1/0/0] quit [PE3] interface pos 1/0/1 [PE3-Pos1/0/1] ip address 100.1.2.1 30 [PE3-Pos1/0/1] quit [PE3] ospf [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE3-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3 [PE3-ospf-1-area-0.0.0.0] network 100.1.2.0 0.0.0.3 [PE3-ospf-1-area-0.0.0.0] quit [PE3-ospf-1] quit
After the preceding step, PE1 and PE2 both have routes, discovered through OSPF, to the loopback1 interface of each other. PE1 and PE3 also have routes, discovered through OSPF, to the loopback1 interface of each other. Take the display on PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 12 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 100.1.3.2 Pos1/0/0 3.3.3.9/32 OSPF 10 2 D 100.1.1.2 Pos1/0/1 100.1.1.0/30 Direct 0 0 D 100.1.1.1 Pos1/0/1 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos1/0/1 100.1.2.0/30 OSPF 10 2 D 100.1.1.2 Pos1/0/1 OSPF 10 2 D 100.1.3.2 Pos1/0/0 100.1.3.0/30 Direct 0 0 D 100.1.3.1 Pos1/0/0 100.1.3.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.3.2/32 Direct 0 0 D 100.1.3.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 <PE1> ping 100.1.2.2 PING 100.1.2.2: 56 data bytes, press CTRL_C to break Reply from 100.1.2.2: bytes=56 Sequence=1 ttl=255 time=250 ms Reply from 100.1.2.2: bytes=56 Sequence=2 ttl=255 time=30 ms Reply from 100.1.2.2: bytes=56 Sequence=3 ttl=255 time=60 ms Reply from 100.1.2.2: bytes=56 Sequence=4 ttl=255 time=60 ms Reply from 100.1.2.2: bytes=56 Sequence=5 ttl=255 time=60 ms --- 100.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 30/92/250 ms
Step 3 Enable the basic MPLS capabilities and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] mpls ldp [PE1-Pos1/0/0] quit [PE1] interface pos 1/0/1 [PE1-Pos1/0/1] mpls [PE1-Pos1/0/1] mpls ldp [PE1-Pos1/0/1] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls ldp [PE2-Pos1/0/0] quit [PE2] interface pos1/0/1 [PE2-Pos1/0/1] mpls [PE2-Pos1/0/1] mpls ldp [PE2-Pos1/0/1] quit
# Configure PE3.
After the preceding configurations, LDP sessions are set up between PEs. Running the display mpls ldp session command, you can view that the Status field is "Operational". Running the display mpls ldp lsp command, you can view the establishing status of LSP through LDP. For example, the following displays the session information on PE1:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:02 10/10 3.3.3.9:0 Operational DU Passive 000:00:02 9/9 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM <PE1> display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface ------------------------------------------------------------------------------
Issue 01 (2011-05-30)
5-147
1 2 3 4 *5 6 7 *8 9 10 1.1.1.9/32 1.1.1.9/32 2.2.2.9/32 2.2.2.9/32 2.2.2.9/32 3.3.3.9/32 3.3.3.9/32 3.3.3.9/32 100.1.1.0/30 100.1.2.0/30
3/NULL 127.0.0.1 Pos1/0/0/InLoop0 3/NULL 127.0.0.1 Pos1/0/1/InLoop0 NULL/3 100.1.3.2 -------/Pos1/0/0 1025/3 100.1.3.2 Pos1/0/1/Pos1/0/0 Liberal NULL/3 100.1.1.2 -------/Pos1/0/1 1024/3 100.1.1.2 Pos1/0/0/Pos1/0/1 Liberal 3/NULL 100.1.1.1 Pos1/0/0/Pos1/0/1 NULL/3 100.1.3.2 -------/Pos1/0/0 NULL/3 100.1.1.2 -------/Pos1/0/1 12 100.1.3.0/30 3/NULL 100.1.3.1 Pos1/0/1/Pos1/0/0 -----------------------------------------------------------------------------TOTAL: 10 Normal LSP(s) Found. TOTAL: 2 Liberal LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale
NOTE
If PEs are not directly connected, run the mpls ldp remote-peer command and the remote-ip command to set up a remote LDP sessions between PEs.

[PE1] mpls l2vpn
# Configure PE2.
[PE2] mpls l2vpn
# Configure PE3.
[PE3] mpls l2vpn
Step 5 Create VSIs and specify LDP as the signaling protocol on VSIs. # Configure PE1
[PE1] vsi ldp1 static [PE1-vsi-ldp1] pwsignal ldp [PE1-vsi-ldp1-ldp] vsi-id 2 [PE1-vsi-ldp1-ldp] peer 2.2.2.9 [PE1-vsi-ldp1-ldp] peer 3.3.3.9
# Configure PE2.
# Configure PE3.
Step 6 Bind VSIs and AC interfaces. # Configure PE1.

[PE1] interface gigabitethernet 2/0/0.1 [PE1-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination [PE1-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10
5-148
Issue 01 (2011-05-30)
# Configure PE2.
[PE2] interface gigabitethernet 2/0/0.1 [PE2-GigabitEthernet2/0/0.1] control-vid 1 dot1q-termination [PE2-GigabitEthernet2/0/0.1] dot1q termination vid 10 [PE2-GigabitEthernet2/0/0.1] l2 binding vsi ldp1
# Configure PE3.
[PE3] interface gigabitethernet 2/0/0.1 [PE3-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE3-GigabitEthernet2/0/0.1] l2 binding vsi ldp1 [PE3-GigabitEthernet2/0/0.1] quit
Step 7 Configure Layer 2 forwarding. # Configure Switch 1. Create VLAN 100 on Switch 1. Configure GE 1/0/1 to add an outer VLAN tag with the VLAN ID as 100 to a packet of VLAN 10. Specify GE 1/0/0 as a trunk interface and configure it to allow the packets of VLAN 100 to pass through.
<HUAWEI> system-view [HUAWEI] sysname switch1 [switch1] vlan 100 [switch1-vlan10] quit [switch1] interface gigabitethernet [switch1-GigabitEthernet1/0/1] port [switch1-GigabitEthernet1/0/1] quit [switch1] interface gigabitethernet [switch1-GigabitEthernet1/0/0] port [switch1-GigabitEthernet1/0/0] quit
1/0/1 vlan-stacking vlan 10 stack-vlan 100 1/0/0 trunk allow-pass vlan 100
# Configure Switch 2. Create VLAN 10 on Switch 2. Specify GE 1/0/1 as an access interface and add it to VLAN 10. Specify GE 1/0/0 as a trunk interface and configure it to allow the packets of VLAN 10 to pass through.
<HUAWEI> system-view [HUAWEI] sysname switch2 [switch2] vlan 10 [switch2-vlan10] quit [switch2] interface gigabitethernet [switch2-GigabitEthernet1/0/1] port [switch2-GigabitEthernet1/0/1] port [switch2-GigabitEthernet1/0/1] quit [switch2] interface gigabitethernet [switch2-GigabitEthernet1/0/0] port [switch2-GigabitEthernet1/0/0] quit
1/0/1 link-type access default vlan 10 1/0/0 trunk allow-pass vlan 10
# Configure IP addresses of the interfaces on CEs as shown in Figure 5-17. # Configure CE1.
# Configure CE2.
<HUAWEI> system-view [HUAWEI] sysname CE2 [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] ip address 10.1.1.2 24 [CE2-GigabitEthernet1/0/0] quit
# Configure CE3.
Step 8 Verify the configuration. Run the display qinq information termination interface command. You can view QinQ configuration. Take the display on PE1 as an example.
[PE1] display qinq information termination interface gigabitethernet 2/0/0 GigabitEthernet2/0/0.1 VSI binded Total QinQ Num: 2 qinq termination pe-vid 100 ce-vid 10 Total vlan-group Num: 0 control-vid 1 qinq-termination
Run the display dot1q information termination interface command. You can view dot1q configuration. Take the display on PE2 as an example.
[PE2] display dot1q information termination interface gigabitethernet 2/0/0 GigabitEthernet2/0/0.1 VSI binded Total QinQ Num: 2 dot1q termination vid 10 Total vlan-group Num: 0 control-vid 1 dot1q-termination
After the preceding configuration, run the display vsi name ldp1 verbose command on PE1. You can view that the VSI named ldp1 sets up PWs to PE2 and PE3 and the VSI status is Up.
[PE1] display vsi name ldp1 verbose VSI ID : 22 ***VSI Name : ldp1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Diffserv Mode : uniform Service Class : -Color : -DomainId : 255 Domain Name : VSI State : up VSI ID : 2 *Peer Router ID : 3.3.3.9 VC Label : 23552 Peer Type : dynamic Session : up
5-150
Issue 01 (2011-05-30)
Tunnel ID *Peer Router ID VC Label Peer Type Session Tunnel ID Interface Name State **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID : : : : : : : : : : : : : : : : : : : : 0x6002003, 2.2.2.9 23553 dynamic up 0x6002000, GigabitEthernet6/0/0.1 up 2.2.2.9 up 23553 23552 label 0x6002000, 3.3.3.9 up 23552 23552 label 0x6002003,
Hosts attached to CE1, CE2, and CE3 can ping through each other.
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=50 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=1 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/10/50 ms <CE1> ping 10.1.1.3 PING 10.1.1.3: 56 data bytes, press CTRL_C to break Reply from 10.1.1.3: bytes=56 Sequence=1 ttl=255 time=1 ms Reply from 10.1.1.3: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 10.1.1.3: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.1.1.3: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 10.1.1.3: bytes=56 Sequence=5 ttl=255 time=1 ms --- 10.1.1.3 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms
----End
Configuration Files
# sysname PE1 # mpls lsr-id 1.1.1.9 mpls mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 2 peer 3.3.3.9 peer 2.2.2.9 # mpls ldp
Issue 01 (2011-05-30)
5-151
# interface GigabitEthernet2/0/0 undo shutdown mode user-termination # interface GigabitEthernet2/0/0.1 control-vid 1 qinq-termination qinq termination pe-vid 100 ce-vid 10 l2 binding vsi ldp1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.3.1 255.255.255.252 mpls mpls ldp # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.3 network 100.1.3.0 0.0.0.3 # return

# sysname PE2 # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 2 peer 1.1.1.9 peer 3.3.3.9 # mpls ldp # interface GigabitEthernet2/0/0 undo shutdown mode user-termination # interface GigabitEthernet2/0/0.1 control-vid 1 dot1q-termination dot1q termination vid 10 l2 binding vsi ldp1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.3.2 255.255.255.252 mpls mpls ldp # interface Pos1/0/1 link-protocol ppp
5-152
Issue 01 (2011-05-30)
undo shutdown ip address 100.1.2.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.3.0 0.0.0.3 network 100.1.2.0 0.0.0.3 # return

# sysname PE3 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 2 peer 1.1.1.9 peer 2.2.2.9 # mpls ldp # interface GigabitEthernet2/0/0.1 vlan-type dot1q 10 l2 binding vsi ldp1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.252 mpls mpls ldp # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.1.1.0 0.0.0.3 network 100.1.2.0 0.0.0.3 # return

# sysname CE1 # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 ip address 10.1.1.1 255.255.255.0 #
Issue 01 (2011-05-30)
5-153
return

# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.1.2 255.255.255.0 # return


# sysname switch1 # vlan batch 100 # interface GigabitEthernet1/0/0 undo shutdown port trunk allow-pass vlan 100 # interface GigabitEthernet1/0/1 undo shutdown port vlan-stacking vlan 10 stack-vlan 100 # return

# sysname switch2 # vlan batch 10 # interface GigabitEthernet1/0/0 undo shutdown port trunk allow-pass vlan 10 # interface GigabitEthernet1/0/1 undo shutdown port link-type access port default vlan 10 # return
5.15.12 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Access a VPLS Network
PEs are connected through a VPLS network. Each of the user packets sent to the PEs carries double tags. This example shows how to configure the users to communicate through the VPLS network and how to configure the VPLS network and sub-interfaces for QinQ VLAN tag termination.
5-154
Issue 01 (2011-05-30)
As shown in Figure 5-18, VLAN 10 and VLAN 20 are connected to PEs through switches. The packet sent from the switch to the switch carries double VLAN tags. It is required to configure the sub-interface for QinQ VLAN tag termination to access VPLS to implement interworking between CE1, CE2, and CE3, and between CE4, CE5, and CE6. The backbone network adopts Martini VPLS and uses LDP to set up PWs. Considering that the interworking is not required between CE1 (or CE2 and CE3) and CE4 (or CE5 and CE6), in this example, the sub-interface for QinQ VLAN tag termination access VPLS in symmetric mode. The switch uniformly labels the packets from CEs with outer VLAN tags (tag 100), so a user can communicate with only the user in the same VLAN. Figure 5-18 Typical networking diagram of configuring the sub-interface for QinQ VLAN tag termination to access a VPLS Network
VPN1 VLAN10 CE3 GE1/0/0 10.1.1.3/24 GE1/0/1 Switch3 GE1/0/0 POS1/0/0 100.1.1.2/30
VPN1 VLAN20 CE6 GE1/0/0 20.1.1.3/24 GE1/0/2
GE2/0/0.1 POS1/0/1 100.1.2.1/30 PE3
Loopback1 3.3.3.9/32 POS1/0/1 100.1.1.1/30 Loopback1 1.1.1.9/32 POS1/0/0 100.1.3.1/30 POS1/0/0 100.1.3.2/30 POS1/0/1 100.1.2.2/30 Loopback1 2.2.2.9/32
PE1 GE2/0/0.1 GE1/0/0 Switch1 GE1/0/1 GE1/0/0.1 10.1.1.1/24 GE1/0/2 GE1/0/0.1 20.1.1.1/24
GE2/0/0.1 PE2 GE1/0/0 Switch2 GE1/0/1 GE1/0/0.1 10.1.1.2/24 CE2 VPN1 VLAN10 GE1/0/2 GE1/0/0.1 20.1.1.2/24 CE5 VPN1 VLAN20
CE1 VPN1 VLAN10
CE4 VPN1 VLAN20
Issue 01 (2011-05-30)
5-155
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. 7. Run IGP on the backbone network and interconnect the devices on the backbone network. Configure the routing protocol on the backbone network to interconnect the devices and enable the basic MPLS capabilities. Set up the LSP tunnel between PEs. Enable MPLS L2VPN on PE. Create and then configure the VSI. Configure the sub-interface for QinQ VLAN tag termination and bind the AC interface to the VSI. Configure the Layer 2 forwarding function and QinQ function on switches.
Data Preparation
To complete the configuration, you need the following data: l l l l l IP address of the interface VSI IDs on the PEs (The IDs must be consistent) MPLS LSR-IDs on PEs VSI names on PE1, PE2, and PE3 Interface bound to VSI
Procedure
# Configure PE2.
# Configure PE3.
Step 2 Configure IGP on the MPLS backbone network. OSPF is used in this example.
According to Figure 5-18, configure IP addresses of interfaces on PEs. Configure OSPF to advertise the addresses of the loopback interfaces on PE1, PE2, and PE3. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] ip address 100.1.3.1 30 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit [PE1] interface pos 1/0/1 [PE1-Pos1/0/1] ip address 100.1.1.1 30 [PE1-Pos1/0/1] undo shutdown [PE1-Pos1/0/1] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] network 100.1.3.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure PE2.
[PE2] interface LoopBack 1 [PE2-LoopBack1] ip address 2.2.2.9 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 100.1.3.2 30 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit [PE2] interface pos 1/0/1 [PE2-Pos1/0/1] ip address 100.1.2.2 30 [PE2-Pos1/0/1] undo shutdown [PE2-Pos1/0/1] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.1.3.0 0.0.0.3 [PE2-ospf-1-area-0.0.0.0] network 100.1.2.0 0.0.0.3 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
# Configure PE3.
After the preceding step, PE1 and PE2 both have routes, discovered through OSPF, to the loopback1 interface of each other. PE1 and PE3 also have routes, discovered through OSPF, to the loopback1 interface of each other.
Take the display on PE1 as an example:

[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 12 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 100.1.3.2 Pos1/0/0 3.3.3.9/32 OSPF 10 2 D 100.1.1.2 Pos1/0/1 100.1.1.0/30 Direct 0 0 D 100.1.1.1 Pos1/0/1 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos1/0/1 100.1.2.0/30 OSPF 10 2 D 100.1.1.2 Pos1/0/1 OSPF 10 2 D 100.1.3.2 Pos1/0/0 100.1.3.0/30 Direct 0 0 D 100.1.3.1 Pos1/0/0 100.1.3.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.3.2/32 Direct 0 0 D 100.1.3.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 [PE1] ping 100.1.2.2 PING 100.1.2.2: 56 data bytes, press CTRL_C to break Reply from 100.1.2.2: bytes=56 Sequence=1 ttl=255 time=250 ms Reply from 100.1.2.2: bytes=56 Sequence=2 ttl=255 time=30 ms Reply from 100.1.2.2: bytes=56 Sequence=3 ttl=255 time=60 ms Reply from 100.1.2.2: bytes=56 Sequence=4 ttl=255 time=60 ms Reply from 100.1.2.2: bytes=56 Sequence=5 ttl=255 time=60 ms --- 100.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 30/92/250 ms
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls ldp [PE2-Pos1/0/0] quit [PE2] interface pos1/0/1 [PE2-Pos1/0/1] mpls [PE2-Pos1/0/1] mpls ldp [PE2-Pos1/0/1] quit
# Configure PE3.
After the preceding configuration, LDP sessions are set up between PEs. Running the display mpls ldp session command, you can view that the status is "Operational". For example, the following displays the session information on PE1:
NOTE
Step 4 Enable MPLS L2VPN on the PE. # Configure PE1.

[PE1] mpls l2vpn
# Configure PE2.
[PE2] mpls l2vpn
# Configure PE3.
[PE3] mpls l2vpn
# Configure PE2.
# Configure PE3.
Step 6 Configure the sub-interface for QinQ VLAN tag termination and bind VSIs and AC interfaces. # Configure PE1.
[PE1] interface gigabitethernet 2/0/0.1 [PE1-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination [PE1-GigabitEthernet2/0/0.1] qinq termination l2 symmetry [PE1-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10 [PE1-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 20 [PE1-GigabitEthernet2/0/0.1] l2 binding vsi ldp1 [PE1-GigabitEthernet2/0/0.1] undo shutdown [PE1-GigabitEthernet2/0/0.1] quit
# Configure PE2.
# Configure PE3.
NOTE
Step 7 Configure QinQ and set the packets sent from the switch to the PE to carry double tags. # Configure Switch 1.
<HUAWEI> system-view [HUAWEI] sysname Switch1 [Switch1] vlan 100 [Switch1-vlan100] quit [Switch1] interface gigabitethernet [Switch1-GigabitEthernet1/0/0] port [Switch1-GigabitEthernet1/0/0] undo [Switch1-GigabitEthernet1/0/0] quit [Switch1] interface gigabitethernet [Switch1-GigabitEthernet1/0/1] port [Switch1-GigabitEthernet1/0/1] undo [Switch1-GigabitEthernet1/0/1] quit [Switch1] interface gigabitethernet [Switch1-GigabitEthernet1/0/2] port [Switch1-GigabitEthernet1/0/2] undo [Switch1-GigabitEthernet1/0/2] quit
1/0/0 trunk allow-pass vlan 100 shutdown 1/0/1 vlan-stacking vlan 10 stack-vlan 100 shutdown 1/0/2 vlan-stacking vlan 20 stack-vlan 100 shutdown
5-160
Issue 01 (2011-05-30)
[HUAWEI] sysname Switch2 [Switch2] vlan 100 [Switch2-vlan100] quit [Switch2] interface gigabitethernet [Switch2-GigabitEthernet1/0/0] port [Switch2-GigabitEthernet1/0/0] undo [Switch2-GigabitEthernet1/0/0] quit [Switch2] interface gigabitethernet [Switch2-GigabitEthernet1/0/1] port [Switch2-GigabitEthernet1/0/1] undo [Switch2-GigabitEthernet1/0/1] quit [Switch2] interface gigabitethernet [Switch2-GigabitEthernet1/0/2] port [Switch2-GigabitEthernet1/0/2] undo [Switch2-GigabitEthernet1/0/2] quit
1/0/0 trunk allow-pass vlan 100 shutdown 1/0/1 vlan-stacking vlan 10 stack-vlan 100 shutdown 1/0/2 vlan-stacking vlan 20 stack-vlan 100 shutdown
<HUAWEI> system-view [HUAWEI] sysname Switch3 [Switch3] vlan 100 [Switch3-vlan100] quit [Switch3] interface gigabitethernet [Switch3-GigabitEthernet1/0/0] port [Switch3-GigabitEthernet1/0/0] undo [Switch3-GigabitEthernet1/0/0] quit [Switch3] interface gigabitethernet [Switch3-GigabitEthernet1/0/1] port [Switch3-GigabitEthernet1/0/1] undo [Switch3-GigabitEthernet1/0/1] quit [Switch3] interface gigabitethernet [Switch3-GigabitEthernet1/0/2] port [Switch3-GigabitEthernet1/0/2] undo [Switch3-GigabitEthernet1/0/2] quit
NOTE
1/0/0 trunk allow-pass vlan 100 shutdown 1/0/1 vlan-stacking vlan 10 stack-vlan 100 shutdonw 1/0/2 vlan-stacking outside-vlan 20 stack-vlan 100 shutdown
Configure IP addresses of the interfaces on CEs based on Figure 5-18. Set the packet sent from the CE to the switch to carry one VLAN tag. # Configure CE1.
<HUAWEI> system-view [HUAWEI] sysname CE1 [CE1] interface gigabitethernet 1/0/0.1 [CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] undo shutdown [CE1-GigabitEthernet1/0/0.1] quit
# Configure CE2.
# Configure CE3.
<HUAWEI> system-view [HUAWEI] sysname CE3 [CE3] interface gigabitethernet 1/0/0.1 [CE3-GigabitEthernet1/0/0.1] ip address 10.1.1.3 24 [CE3-GigabitEthernet1/0/0.1] vlan-type dot1q 10
Issue 01 (2011-05-30)
5-161
[CE3-GigabitEthernet1/0/0.1] undo shutdown [CE3-GigabitEthernet1/0/0.1] quit
# Configure CE4.
# Configure CE5.
# Configure CE6.
Step 8 Verify the configuration. Running the display qinq information termination interface command, you can view the QinQ information. The following displays the QinQ information on PE1:
[PE1] display qinq information termination interface gigabitethernet 2/0/0 GigabitEthernet2/0/0.1 VSI bound qinq termination l2 symmetry Total QinQ Num: 2 qinq termination pe-vid 100 ce-vid 10 qinq termination pe-vid 100 ce-vid 20 Total vlan-group Num: 0 control-vid 1 qinq-termination
After the preceding configuration, run the display vsi name ldp1 verbose command on PE1. you can find that PWs to PE2 and PE3 are set up on the VSI named ldp1. The VSI status is Up.
[PE1] display vsi name ldp1 verbose ***VSI Name : ldp1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Mode : uniform Service Class : -Color : -DomainId : 0 Domain Name : VSI State : up
5-162
Issue 01 (2011-05-30)
VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID *Peer Router ID VC Label Peer Type Session Tunnel ID Interface Name State **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID : : : : : : : : : : : : : : : : : : : : : : : : : 2 3.3.3.9 142336 dynamic up 0x80800b, 2.2.2.9 142337 dynamic up 0x608006, GigabitEthernet2/0/0.1 up 3.3.3.9 up 142336 142336 label 0x80800b, 2.2.2.9 up 142337 142336 label 0x608006,
The hosts attached to CE1, CE2, and CE3 can ping through each other.
[CE1] ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=50 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=1 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/10/50 ms [CE1] ping 10.1.1.3 PING 10.1.1.3: 56 data bytes, press CTRL_C to break Reply from 10.1.1.3: bytes=56 Sequence=1 ttl=255 time=1 ms Reply from 10.1.1.3: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 10.1.1.3: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.1.1.3: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 10.1.1.3: bytes=56 Sequence=5 ttl=255 time=1 ms --- 10.1.1.3 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms
----End
Configuration Files
# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # vsi ldp1 static
Issue 01 (2011-05-30)
5-163
pwsignal ldp vsi-id 2 peer 3.3.3.9 peer 2.2.2.9 # mpls ldp # interface GigabitEthernet2/0/0 undo shutdown mode user-termination # interface GigabitEthernet2/0/0.1 undo shutdown control-vid 1 qinq-termination qinq termination l2 symmetry qinq termination pe-vid 100 ce-vid 10 qinq termination pe-vid 100 ce-vid 20 l2 binding vsi ldp1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.3.1 255.255.255.252 mpls mpls ldp # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.3 network 100.1.3.0 0.0.0.3 # return

# sysname PE2 # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 2 peer 1.1.1.9 peer 3.3.3.9 # mpls ldp # interface GigabitEthernet2/0/0 undo shutdown mode user-termination # interface GigabitEthernet2/0/0.1 undo shutdown control-vid 1 qinq-termination qinq termination l2 symmetry qinq termination pe-vid 100 ce-vid 10
5-164
Issue 01 (2011-05-30)
qinq termination pe-vid 100 ce-vid 20 l2 binding vsi ldp1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.3.2 255.255.255.252 mpls mpls ldp # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 100.1.2.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.3.0 0.0.0.3 network 100.1.2.0 0.0.0.3 # return

# sysname PE3 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 2 peer 1.1.1.9 peer 2.2.2.9 # mpls ldp # interface GigabitEthernet2/0/0 undo shutdown mode user-termination # interface GigabitEthernet2/0/0.1 undo shutdown control-vid 1 qinq-termination qinq termination l2 symmetry qinq termination pe-vid 100 ce-vid 10 qinq termination pe-vid 100 ce-vid 20 l2 binding vsi ldp1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.252 mpls mpls ldp # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.252 mpls mpls ldp
Issue 01 (2011-05-30)
5-165
# interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.1.1.0 0.0.0.3 network 100.1.2.0 0.0.0.3 # return

# sysname Switch1 # vlan batch 100 # interface GigabitEthernet1/0/0 undo shutdown port trunk allow-pass vlan 100 # interface GigabitEthernet1/0/1 undo shutdown port vlan-stacking vlan 10 stack-vlan 100 # interface GigabitEthernet1/0/2 undo shutdown port vlan-stacking vlan 20 stack-vlan 100 # return


# sysname Switch3 # vlan batch 100 # interface GigabitEthernet1/0/0 undo shutdown port trunk allow-pass vlan 100 # interface GigabitEthernet1/0/1 undo shutdown port vlan-stacking vlan 10 stack-vlan 100 # interface GigabitEthernet1/0/2 undo shutdown port vlan-stacking vlan 20 stack-vlan 100 #
5-166
Issue 01 (2011-05-30)
return

# sysname CE1 # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.1 255.255.255.0 # return





Issue 01 (2011-05-30)
5-167
5.15.13 Example for Configuring a Sub-interface for QinQ VLAN Tag Termination to Support the Local Connection
Different CEs access the same VSI of a PE. The packets sent from the CEs to the PE carry double tags and the outer tags are same. It is required that CEs communicate with each other.
As shown in Figure 5-19, PE1 and PE2 are configured with the basic VPLS function. CE1 and CE2 access the VSI on PE1 through switches. In Figure 5-19: l l l The packets sent from CE1 and CE2 to PE1 have double tags. Switch2 labels the packets received from CE1 with the inner tag 10. Switch3 labels the packets received from CE2 with the inner tag 20. Switch1 labels the packets received from CE1 and CE2 with the same outer tag 100.
If PE1 is configured with QinQ termination sub-interface accessing the VPLS network, the packets sent by these CEs cannot be forwarded by GE 1/0/0 because packets from CE1/0/0 to PE1 have the same outer tag (otherwise, Switch1 learns the same MAC address entry from different interfaces, which leads to incorrect forwarding). Thus, CEs in the same VSI on PE1 cannot communicate. In this case, to ensure that CE1 and CE2 can communicate, you can configure the QinQ termination sub-interface to support the local switching. Figure 5-19 QinQ termination sub-interface supporting the local switching
VSI:v1 VSI:v1 MPLS/IP core PE2
PE1
GE1/0/0 VLAN trunk 100 VLAN stacking 100 VLAN trunk 10 GE2/0/0 GE2/0/0 GE1/0/0 GE3/0/0 QinQ termination VLAN stacking 100
Switch1
VLAN trunk 20 GE2/0/0
Switch2
GE1/0/0 GE1/0/0 10.1.1.1/24 GE1/0/0 GE1/0/0 10.1.1.2/24
Switch3
VLAN10 VLAN20
CE1
CE2
5-168
Issue 01 (2011-05-30)
The configuration roadmap is as follows: 1. 2. Configure the basic VPLS function on the PEs and ensure that the VSIs on the PEs are Up. On PE1, configure the QinQ termination sub-interface to support the local switching and configure the QinQ termination sub-interface to access the VPLS network. After the configuration, CEs in the same VSI can communicate. Configure the Layer 2 forwarding function on the switches. After the configuration, the packets received on the PEs from the CEs have double tags with the outer tags being the same. Disable the MAC address learning on the switches connected to the termination subinterface on the PEs.
3.
4.
Data Preparation
To complete the configuration, you need the following data: l l l l l IP addresses of the interfaces L2VC IDs on the two ends of the PW (IDs are the same) MPLS LSR ID of the PEs VSI names of the PEs Interfaces bound to the VSIs
Procedure
Step 1 Configure the mode of the interface connected to PE1 as user-termination.
Step 2 Configure IGP, MPLS, LDP, and VPLS between the PEs. The detailed configurations are not mentioned here. After the configuration, run the display vsi command on PE1 and PE2, and you can find that the VSI status is Up. Take PE1 as an example.
[PE1] display vsi Total VSI number is 1, 1 is up, 0 is down, 1 is LDP mode, 0 is BGP mode Vsi Mem PW Mac Encap Mtu Vsi Name Disc Type Learn Type Value State -------------------------------------------------------------------------v1 static ldp unqualify vlan 1500 up
Step 3 Configure the QinQ termination sub-interface to support the local switching and to access the VPLS network. On PE1, configure the QinQ termination sub-interface to support the local switching and to access the VPLS network. After the configurations, CEs in the same VSI can communicate.
[PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] control-vid 1 qinq-termination local-switch [PE1-GigabitEthernet1/0/0.1] qinq termination pe-vid 100 ce-vid 1 to 20 [PE1-GigabitEthernet1/0/0.1] l2 binding vsi v1 [PE1-GigabitEthernet1/0/0.1] undo shutdown
Issue 01 (2011-05-30)
5-169
Step 4 Configure the basic Layer 2 forwarding function. After the configuration, the packets received on PE1 from the CEs have double tags with the outer tags being the same. # On Switch1, label the VLAN packets from GE 2/0/0 and GE 3/0/0 with the outer tag 100, and permit GE 1/0/0 to send these packets to PE1.
<HUAWEI> system-view [HUAWEI] sysname Switch1 [Switch1] vlan 100 [Switch1-vlan100] quit [Switch1] interface gigabitethernet [Switch1-GigabitEthernet1/0/0] port [Switch1-GigabitEthernet1/0/0] undo [Switch1-GigabitEthernet1/0/0] quit [Switch1] interface gigabitethernet [Switch1-GigabitEthernet2/0/0] port [Switch1-GigabitEthernet2/0/0] port [Switch1-GigabitEthernet2/0/0] undo [Switch1-GigabitEthernet2/0/0] quit [Switch1] interface gigabitethernet [Switch1-GigabitEthernet3/0/0] port [Switch1-GigabitEthernet3/0/0] port [Switch1-GigabitEthernet3/0/0] undo [Switch1-GigabitEthernet3/0/0] quit
1/0/0 trunk allow-pass vlan 100 shutdown 2/0/0 link-type dot1q-tunnel default vlan 100 shutdown 3/0/0 link-type dot1q-tunnel default vlan 100 shutdown
# On Switch2, label the VLAN packets from GE 1/0/0 with the tag 10, and permit GE 2/0/0 to send these packets to Switch1.
<HUAWEI> system-view [HUAWEI] sysname Switch2 [Switch2] vlan 10 [Switch2-vlan10] quit [Switch2] interface gigabitethernet [Switch2-GigabitEthernet1/0/0] port [Switch2-GigabitEthernet1/0/0] undo [Switch2-GigabitEthernet1/0/0] quit [Switch2] interface gigabitethernet [Switch2-GigabitEthernet2/0/0] port [Switch2-GigabitEthernet2/0/0] undo [Switch2-GigabitEthernet2/0/0] quit
1/0/0 default vlan 10 shutdown 2/0/0 trunk allow-pass vlan 10 shutdown
# On Switch3, label the VLAN packets from GE 1/0/0 with the tag 20, and permit GE 2/0/0 to send these packets to Switch1.
1/0/0 default vlan 20 shutdown 2/0/0 trunk allow-pass vlan 20 shutdown
After the configurations, run the display vlan vlan-id command on the switches, and you can find the interfaces added to the VLAN are Up. The VLAN trunk interface is displayed as "Tagged port"; the default VLAN interface is displayed as "Untagged port". Take Switch1 as an example:
[Switch1] display vlan 100 VLAN ID Type Status MAC Learning ----------------------------------------------------------
5-170
Issue 01 (2011-05-30)
100 common enable ---------------Untagged Port: GigabitEthernet2/0/0 ---------------Tagged Port: GigabitEthernet1/0/0 ---------------Interface Physical GigabitEthernet1/0/0 UP GigabitEthernet2/0/0 UP GigabitEthernet3/0/0 UP enable GigabitEthernet3/0/0
Step 5 Disable the MAC address learning. Disable the MAC address learning on Switch1. Otherwise, Switch1 learns the same MAC address from different interfaces.
[Switch1] interface gigabitethernet 1/0/0 [Switch1-GigabitEthernet1/0/0] mac-address learning disable [Switch1-GigabitEthernet1/0/0] quit [Switch1] undo mac-address all
Step 6 Verify the configuration. # CE1 and CE2 can successfully ping each other. Take CE1 as an example:
[CE1] ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/2 ms
= = = = =
2 2 2 2 2
ms ms ms ms ms
# Check the MAC address entries on PE1. You can find that PE1 has learned the address of GE 1/0/0 and the values of double tags with the outer tag "PEVLAN" being the same from CE1 and CE2.
[PE1] display mac-address dynamic 1 MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp -------------------------------------------------------------------------------00e0-fc22-18e1 v1 100 20 GigabitEthernet1/0/0 dynamic 4/65546 00e0-fc7a-5747 v1 100 10 GigabitEthernet1/0/0 dynamic 4/65556 Total 2 ,2 printed
# Run the display arp interface command on the CEs, and you can find the ARP entries of the CEs are correct. Take CE1 as an example:
[CE1] display arp interface gigabitethernet 1/0/0 IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN PVC -----------------------------------------------------------------------------10.1.1.1 00e0-fc7a-5747 I GigabitEthernet1/0/0 10.1.1.2 00e0-fc22-18e1 14 D GigabitEthernet1/0/0 -----------------------------------------------------------------------------Total:2 Dynamic:1 Static:0 Interface:1
----End
Configuration Files
# sysname PE1 # mpls lsr-id 1.1.1.9 mpls mpls l2vpn # vsi v1 static pwsignal ldp vsi-id 100 peer 2.2.2.9 peer 3.3.3.9 # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface GigabitEthernet1/0/0 undo shutdown mode user-termination # interface GigabitEthernet1/0/0.1 undo shutdown control-vid 1 qinq-termination local-switch qinq termination pe-vid 100 ce-vid 1 to 20 l2 binding vsi v1 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 # return

# sysname Switch1 # vlan batch 100 # interface GigabitEthernet1/0/0 undo shutdown mac-address learning disable port trunk allow-pass vlan 100 # interface GigabitEthernet2/0/0 undo shutdown port link-type dot1q-tunnel port default vlan 100 # interface GigabitEthernet3/0/0 undo shutdown port link-type dot1q-tunnel port default vlan 100 # return
l
5-172




5.15.14 Example for Configuring the Sub-interface for dot1q VLAN Tag Termination to Support the DHCP Relay Function
The user packets received by the DHCP relay carry one tag. If the sub-interface for dot1q VLAN tag termination does not support the DHCP relay function, the DHCP relay regards the received packets as invalid and discards them. As a result, the DHCP client cannot obtain IP addresses from the DHCP server.
If a local network does not have a DHCP server, the DHCP relay function can be enabled on the CX device. In this manner, the DHCP Request packet from the client can be transmitted to the DHCP server through the DHCP relay.
To receive the user packet with one tag, the sub-interface for dot1q VLAN tag termination can be configured with the DHCP relay function. As shown in Figure 5-20, the network segment to which the DHCP client belongs is 100.1.1.0/24, while the network segment to which the DHCP server belongs is 100.1.3.0/24. The DHCP packets should be relayed through the CX device with the DHCP relay function to make the DHCP client obtain the related configuration information such as the IP address from the DHCP server. The DHCP server should be assigned with an IP address pool on the network segment 100.1.1.0, so that the DHCP server can assign appropriate IP addresses to the DHCP clients on the network segment. You need to configure the route to the network segment 100.1.1.0 on the DHCP server. The lease period of the addresses on the segment 100.1.1.0/24 is 10 days and 12 hours, and the domain name is huawei.com. The DNS address is 100.1.1.2. The NetBIOS address is 100.1.1.3. The address of the egress device is 100.1.1.1. The packets received on the DHCP relay carries one VLAN tag. Figure 5-20 Typical networking diagram of configuring the sub-interface for dot1q VLAN tag termination to support the DHCP relay function
DHCP- Relay Pos1/0/0 DHCP- Server 100.1.2.1 24 GE2/0/0.1 Pos1/0/0 100.1.1.1 24 GE1/0/0
GE1/0/1 VLAN10
Switch
DHCP Client1
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Configure the DHCP relay interface mode to user termination. Configure the DHCP relay. Configure the DHCP server. Configure the sub-interface for dot1q termination on the DHCP relay. Configure the Layer 2 forwarding function on switches.
Data Preparation
5-174
IP address of the interface implementing the DHCP relay function

l l
Address pool range of the DHCP server Terminating range of the sub-interface for dot1q VLAN tag termination
Procedure
Step 1 Configure the DHCP relay interface mode to user termination.
<HUAWEI> system-view [HUAWEI] sysname DHCP-Relay [DHCP-Relay] interface gigabitethernet 2/0/0 [DHCP-Relay-GigabitEthernet2/0/0] undo shutdown [DHCP-Relay-GigabitEthernet2/0/0] mode user-termination [DHCP-Relay-GigabitEthernet2/0/0] quit
Step 2 Configure the DHCP relay. # Configure the address of POS 1/0/0.
[DHCP-Relay] interface pos 1/0/0 [DHCP-Relay-Pos1/0/0] undo shutdown [DHCP-Relay-Pos1/0/0] ip address 100.1.2.1 24 [DHCP-Relay-Pos1/0/0] quit
# Enter the view of the interface on which DHCP relay is to be enabled and configure its IP address and mask to keep it and the DHCP client on the same network segment.
[DHCP-Relay] interface gigabitethernet 2/0/0.1 [DHCP-Relay-GigabitEthernet2/0/0.1] undo shutdown [DHCP-Relay-GigabitEthernet2/0/0.1] ip address 100.1.1.1 24 [DHCP-Relay-GigabitEthernet2/0/0.1] ip relay address 100.1.3.1 [DHCP-Relay-GigabitEthernet2/0/0.1] dhcp select relay [DHCP-Relay-GigabitEthernet2/0/0.1] quit
Step 3 Configure the DHCP server. # Configure the route from DHCP Server to DHCP Relay.
<HUAWEI> system-view [HUAWEI] sysname DHCP-Server [DHCP-Server] ip route-static 100.1.1.0 24 100.1.2.1
# Configure the IP address of POS 1/0/0.

[DHCP-Server] interface pos 1/0/0 [DHCP-Server-Pos1/0/0] undo shutdown [DHCP-Server-Pos1/0/0] ip address 100.1.3.1 24 [DHCP-Server-Pos1/0/0] quit
# Configure the features of the DHCP address pool 1, including the IP address of the gateway, range of IP addresses in the address pool, IP addresses forbidden to be automatically assigned, domain name suffix of the DNS server, IP address of the DNS server, and address lease.
[DHCP-Server] ip pool 1 server [DHCP-Server-dhcp-1] gateway 100.1.1.1 255.255.255.0 [DHCP-Server-dhcp-1] section 0 100.1.1.5 100.1.1.100 [DHCP-Server-dhcp-1] excluded-ip-address 100.1.1.1 100.1.1.3 [DHCP-Server-dhcp-1] dns-suffix huawei.com [DHCP-Server-dhcp-1] dns-server 100.1.1.2 [DHCP-Server-dhcp-1] netbios-name-server 100.1.1.3 [DHCP-Server-dhcp-1] lease 10 12 [DHCP-Server-dhcp-1] quit
Step 4 Configure the sub-interface for dot1p VLAN tag termination on the DHCP relay.
[DHCP-Relay] interface gigabitethernet 2/0/0.1 [DHCP-Relay-GigabitEthernet2/0/0.1] undo shutdown [DHCP-Relay-GigabitEthernet2/0/0.1] control-vid 1 dot1q-termination [DHCP-Relay-GigabitEthernet2/0/0.1] dot1q termination vid 10
Issue 01 (2011-05-30)
5-175
[DHCP-Relay-GigabitEthernet2/0/0.1] arp broadcast enable [DHCP-Relay-GigabitEthernet2/0/0.1] quit

NOTE
l If the dot1q sub-interface is not configured with Option 82, when accessing the DHCP relay service, the dot1q sub-interface encapsulates all the DHCP messages received from the DHCP relay with only the smallest VLAN ID configured on it and sends the messages to the client side. The other VLAN IDs are not processed. In this example, if dot1q termination vid 10 and dot1q termination vid 20 are configured on the dot1q sub-interface, the sub-interface encapsulates the received DHCP messages with only VLAN 10 and sends the messages to the client side. In this case, clients in VLAN 20 cannot obtain IP addresses. l If the dot1q sub-interface is configured with Option 82, the dot1q sub-interface encapsulates the received DHCP messages with the corresponding VLAN IDs of the clients.
Step 5 Configure the basic Layer 2 forwarding function. # Configure Switch.

<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] interface gigabitethernet 1/0/0 [Switch-GigabitEthernet1/0/0] undo shutdown [Switch-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 [Switch-GigabitEthernet1/0/0] quit [Switch] vlan 10 [Switch-vlan10] port gigabitethernet 1/0/1 [Switch-vlan10] quit
Step 6 Verify the configuration. Run the display dhcp relay address command on the DHCP relay device to view the address configuration of the DHCP relay device.
[DHCP-Relay] display dhcp relay address all ** GigabitEthernet2/0/0.1 DHCP Relay Address ** Dhcp Option Relay Agent IP Server IP * 100.1.3.1
The DHCP client can obtain an IP address allocated by the DHCP server through the DHCP relay. ----End
Configuration Files
l Configuration file of a DHCP relay
# sysname DHCP-Relay # interface GigabitEthernet2/0/0 undo shutdown mode user-termination # interface GigabitEthernet2/0/0.1 undo shutdown control-vid 1 dot1q-termination dot1q termination vid 10 ip address 100.1.1.1 255.255.255.0 ip relay address 100.1.3.1 dhcp select relay arp broadcast enable # interface Pos 1/0/0 link-protocol ppp undo shutdown
5-176
Issue 01 (2011-05-30)
ip address 100.1.2.1 255.255.255.0 # return
Configuration file of a DHCP server

# sysname DHCP-Server # interface Pos 1/0/0 link-protocol ppp undo shutdown ip address 100.1.3.1 255.255.255.0 # ip pool 1 server gateway 100.1.1.1 255.255.255.0 section 0 100.1.1.5 100.1.1.100 excluded-ip-address 100.1.1.1 100.1.1.3 dns-suffix huawei.com dns-server 100.1.1.2 netbios-name-server 100.1.1.3 lease 10 12 # ip route-static 100.1.1.0 255.255.255.0 100.1.2.1 # return

# sysname Switch # vlan batch 10 # interface GigabitEthernet1/0/0 undo shutdown port trunk allow-pass vlan 10 # interface GigabitEthernet1/0/1 undo shutdown port default vlan 10 # return
5.15.15 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support the DHCP Relay Function
The user packets received by the DHCP relay carry double tags. If the sub-interface for QinQ VLAN tag termination does not support the DHCP relay function, the DHCP relay regards the received packets as invalid and discards them. As a result, the DHCP client cannot obtain IP addresses from the DHCP server.
If a local network does not have a DHCP server, the DHCP relay function can be enabled on the CX device. In this manner, the DHCP Request packet from the client can be transmitted to the DHCP server through the DHCP relay. To receive the user packet with double tags, the sub-interface for QinQ VLAN tag termination can be configured with the DHCP relay function. As shown in Figure 5-21, the network segment to which the DHCP client belongs is 100.1.1.0/24, while the network segment to which the DHCP server belongs is 100.1.3.0/24. The DHCP packets should be relayed through the CX device with the DHCP relay function to make the DHCP client obtain the related configuration information such as the IP address from the DHCP server.
The DHCP server should be assigned an IP address pool on the network segment 100.1.1.0, so that the DHCP server can assign IP addresses to the DHCP clients on the network segment. You need to configure the route to the network segment 100.1.1.0 on the DHCP server. After the DHCP server receives a packet containing Option82 information from the DHCP relay, the DHCP server sends a response also contains Option82 information to the DHCP relay. The lease period of the addresses on the segment 100.1.1.0/24 is 10 days and 12 hours, and the domain name is huawei.com. The DNS address is 100.1.1.2. The NetBIOS address is 100.1.1.3. The address of the egress device is 100.1.1.1. The packets received on the DHCP relay carries double VLAN tags. Figure 5-21 Typical networking diagram of configuring the sub-interface for QinQ VLAN tag termination to support the DHCP relay function
DHCP- Relay POS1/0/0 100.1.2.1/24 Internet GE2/0/0.1 100.1.1.1/24 GE1/0/0 Switch1 GE1/0/1 GE1/0/1 Switch2 GE1/0/0
VLAN10
DHCP- Server POS1/0/0 100.1.3.1/24
GE1/0/2 GE1/0/1 Switch3 GE1/0/0

VLAN20
DHCP Client1
DHCP Client2
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure the DHCP relay interface mode to user termination. Configure the DHCP relay. Configure the DHCP server. Configure the sub-interface for QinQ VLAN tag termination on the DHCP relay. Configure the Layer 2 forwarding function on switches. Configure the QinQ function on Switch 1.
Data Preparation
l l l
IP address of the interface implementing the DHCP relay function Address pool range of the DHCP server Terminating range of the sub-interface for QinQ VLAN tag termination
Procedure
Step 1 Configure the mode of the DHCP relay to user termination.
<HUAWEI> system-view [HUAWEI] sysname DHCP-Relay [DHCP-Relay] interface gigabitethernet 2/0/0 [DHCP-Relay-GigabitEthernet2/0/0] undo shutdown [DHCP-Relay-GigabitEthernet2/0/0] mode user-termination [DHCP-Relay-GigabitEthernet2/0/0] quit
Step 2 Configure the DHCP relay. # Enable DHCP.

[DHCP-Relay] dhcp enable
# Configure the address for POS 1/0/0.

[DHCP-Relay] interface pos 1/0/0 [DHCP-Relay-Pos1/0/0] undo shutdown [DHCP-Relay-Pos1/0/0] ip address 100.1.2.1 24 [DHCP-Relay-Pos1/0/0] quit
# Enter the view of the interface on which DHCP relay is to be enabled and configure its IP address and mask to keep it and the DHCP client on the same network segment.
[DHCP-Relay] interface gigabitethernet 2/0/0.1 [DHCP-Relay-GigabitEthernet2/0/0.1] undo shutdown [DHCP-Relay-GigabitEthernet2/0/0.1] ip address 100.1.1.1 24 [DHCP-Relay-GigabitEthernet2/0/0.1] ip relay address 100.1.3.1 [DHCP-Relay-GigabitEthernet2/0/0.1] dhcp select relay [DHCP-Relay-GigabitEthernet2/0/0.1] quit
Step 3 Configure the DHCP server. # Configure the route from DHCP Server to DHCP Relay.
<HUAWEI> system-view [HUAWEI] sysname DHCP-Server [DHCP-Server] ip route-static 100.1.1.0 24 100.1.2.1
# Configure the client connected with POS 1/0/0 to obtain the IP address from the global address pool.
[DHCP-Server] interface pos 1/0/0 [DHCP-Server-Pos1/0/0] undo shutdown [DHCP-Server-Pos1/0/0] ip address 100.1.3.1 24 [DHCP-Server-Pos1/0/0] quit
# Configure the features of the DHCP address pool 1, including the IP address of the gateway, range of IP addresses in the address pool, IP addresses forbidden to be automatically assigned, domain name suffix of the DNS server, IP address of the DNS server, and address lease.
[DHCP-Server] ip pool 1 server [DHCP-Server-dhcp-1] gateway 100.1.1.1 255.255.255.0 [DHCP-Server-dhcp-1] section 0 100.1.1.5 100.1.1.100 [DHCP-Server-dhcp-1] excluded-ip-address 100.1.1.1 100.1.1.3 [DHCP-Server-dhcp-1] dns-suffix huawei.com [DHCP-Server-dhcp-1] dns-server 100.1.1.2 [DHCP-Server-dhcp-1] netbios-name-server 100.1.1.3 [DHCP-Server-dhcp-1] lease 10 12
Issue 01 (2011-05-30)
5-179
[DHCP-Server-dhcp-1] quit
Step 4 Configure the sub-interface for QinQ VLAN tag termination on the DHCP relay.
[DHCP-Relay] interface gigabitethernet 2/0/0.1 [DHCP-Relay-GigabitEthernet2/0/0.1] undo shutdown [DHCP-Relay-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination [DHCP-Relay-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10 [DHCP-Relay-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 20 [DHCP-Relay-GigabitEthernet2/0/0.1] dhcp option82 rebuild enable [DHCP-Relay-GigabitEthernet2/0/0.1] arp broadcast enable [DHCP-Relay-GigabitEthernet2/0/0.1] quit
NOTE
l When you run the qinq termination command on the same primary interface , the ce-vid values cannot be the same if the pe-vid values of the two different sub-interfaces are the same. l On the DHCP relay, you need to use the dhcp option82 insert enable command or the dhcp option82 rebuild enable command to enable the sub-interface for QinQ VLAN tag termination to insert the Option 82 field into the DHCP message. If the QinQ sub-interface is not configured with Option 82, when accessing the DHCP relay service, the QinQ sub-interface encapsulates all the DHCP messages received from the DHCP relay with only the smallest VLAN ID configured on it and sends the messages to the client side. The other VLAN IDs are not processed. l After the relay sends a packet containing Option 82 information to the DHCP server, the Offer or ACK message returned from the DHCP server must contain the Option 82 information.
Step 5 Configure the basic Layer 2 forwarding function. # Configure Switch 2.

<HUAWEI> system-view [HUAWEI] sysname Switch2 [Switch2] vlan 10 [Switch2-vlan10] port gigabitethernet 1/0/0 [Switch2-vlan10] quit [Switch2] interface gigabitethernet 1/0/1 [Switch2-GigabitEthernet1/0/1] undo shutdown [Switch2-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 [Switch2-GigabitEthernet1/0/1] quit
<HUAWEI> system-view [HUAWEI] sysname Switch3 [Switch3] vlan 20 [Switch3-vlan20] port gigabitethernet 1/0/0 [Switch3-vlan20] quit [Switch3] interface gigabitethernet 1/0/1 [Switch3-GigabitEthernet1/0/1] undo shutdown [Switch3-GigabitEthernet1/0/1] port trunk allow-pass vlan 20 [Switch3-GigabitEthernet1/0/1] quit
Step 6 Configure QinQ and set the packets sent from Switch 1 to the DHCP server to carry double tags. # Configure Switch 1.
<HUAWEI> system-view [HUAWEI] sysname Switch1 [Switch1] vlan 100 [Switch1-vlan100] quit [Switch1] interface gigabitethernet [Switch1-GigabitEthernet1/0/0] undo [Switch1-GigabitEthernet1/0/0] port [Switch1-GigabitEthernet1/0/0] quit [Switch1] interface gigabitethernet [Switch1-GigabitEthernet1/0/1] undo [Switch1-GigabitEthernet1/0/1] port
1/0/0 shutdown trunk allow-pass vlan 100 1/0/1 shutdown vlan-stacking vlan 10 stack-vlan 100
5-180
Issue 01 (2011-05-30)
[Switch1-GigabitEthernet1/0/1] quit [Switch1] interface gigabitethernet 1/0/2 [Switch1-GigabitEthernet1/0/2] undo shutdown [Switch1-GigabitEthernet1/0/2] port vlan-stacking vlan 20 stack-vlan 100 [Switch1-GigabitEthernet1/0/2] quit
Step 7 Verify the configuration. Run the display dhcp relay address command on the DHCP relay device to view the address configuration of the DHCP relay device.
[DHCP-Relay] display dhcp relay address all ** GigabitEthernet2/0/0.1 DHCP Relay Address ** Dhcp Option Relay Agent IP Server IP * 100.1.3.1
The DHCP client can obtain an IP address allocated by the DHCP server through the DHCP relay. ----End
Configuration Files
l Configuration file a DHCP relay
# sysname DHCP-Relay # interface GigabitEthernet2/0/0 undo shutdown mode user-termination # interface GigabitEthernet2/0/0.1 undo shutdown control-vid 1 qinq-termination qinq termination pe-vid 100 ce-vid 10 qinq termination pe-vid 100 ce-vid 20 dhcp select relay ip address 100.1.1.1 255.255.255.0 ip relay address 100.1.3.1 dhcp option82 rebuild enable arp broadcast enable # interface Pos 1/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.0 # return
Configuration file a DHCP server

# sysname DHCP-Server # interface Pos 1/0/0 link-protocol ppp undo shutdown ip address 100.1.3.1 255.255.255.0 # ip pool 1 server gateway 100.1.1.1 255.255.255.0 section 0 100.1.1.5 100.1.1.100 excluded-ip-address 100.1.1.1 100.1.1.3 dns-suffix huawei.com dns-server 100.1.1.2 netbios-name-server 100.1.1.3 lease 10 12 #
Issue 01 (2011-05-30)
5-181
ip route-static 100.1.1.0 255.255.255.0 100.1.2.1 # return



5.15.16 Example for Configuring Dynamic QinQ

A common QinQ termination sub-interface can be configured to terminate user packets with a maximum of 16,000 combinations of inner and outer tags. If the number of combinations of inner and outer tags exceeds 16,000, you can enable dynamic QinQ on a QinQ termination subinterface. In this case, the QinQ termination sub-interface can terminate user packets with a maximum of 32,000 combinations of inner and outer tags on a single board. After beingenabled with dynamic QinQ, the QinQ termination sub-interface cannot support Virtual Leased Line (VLL), Pseudo Wire Emulation Edge-to-Ede (PWE3), Virtual Private LAN Service (VPLS), static ARP, and static DHCP snooping binding table.
As shown in Figure 5-22, the DHCP client connects to the DHCP relay through two-hierarchy switches and requests valid IP addresses from the DHCP server through the DHCP relay. The DHCP server supports Option82 return. The lease period of the addresses on the segment 10.1.1.0/24 is 10 days and 12 hours, and the domain name is huawei.com. The DNS address is 10.1.1.2. The NetBIOS address is 10.1.1.3. Two-hierarchy switches attach double tags to the packets that are sent from the DHCP client to the DHCP relay. It is required to configure the sub-interface of the DHCP relay on the client side to terminate double tags in the client packet and support the DHCP relay function. Furthermore, the following features need be deployed on the DHCP relay: l Dynamic QinQ Dynamic QinQ is configured on the termination sub-interface of the DHCP relay on the client side. When users log in, resources are allocated to users. When users log out arising from exceptions after requesting IP addresses, the system senses this failure automatically, then deletes the binding in the DHCP binding table, and notifies the DHCP server to release IP addresses. l Security features The DHCP relay can defend itself against the following types of DHCP attacks: Bogus DHCP server attack Middleman attack and IP/MAC spoofing attack DoS attack by changing CHADDR Attack by sending bogus DHCP request messages for extending IP lease Attack by sending the DHCP request message
Issue 01 (2011-05-30)
5-183
Figure 5-22 Networking diagram of dynamic QinQ
DHCP Server GE1/0/0 100.1.1.2/24 DHCP Snooping enable Trusted GE2/0/0 100.1.1.1/24 DHCP Relay Untrusted GE2/0/0 Switch
1 /0/ 1 GE
GE 1 /0/
GE1/0/0.1 10.1.1.1/24
DHCP Client
DHCP Client
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. 7. Configure the interface mode on the DHCP relay as the user termination mode. Configure the basic functions of the DHCP relay. Configure the basic functions of the DHCP server. Configure the sub-interface for QinQ termination to support DHCP relay and dynamic QinQ. Configure the basic functions of DHCP snooping. Associate ARP with DHCP snooping so that the DHCP relay can dynamically sense users' log in and log out. Configure Layer 2 forwarding and QinQ for Switch.
Data Preparation
5-184
IP address of the interface to be configured with DHCP relay Address pool range of the DHCP server
l l l
Tag values of the sub-interface for QinQ termination Rate for sending the DHCP message to CPU Threshold of the alarm sent to the Network Management System (NMS)
Procedure
Step 1 Configure the user termination mode on the interface of the DHCP relay.
<HUAWEI> system-view [HUAWEI] sysname DHCP-Relay [DHCP-Relay] interface gigabitethernet 1/0/0 [DHCP-Relay-GigabitEthernet1/0/0] mode user-termination [DHCP-Relay-GigabitEthernet1/0/0] undo shutdown [DHCP-Relay-GigabitEthernet1/0/0] quit
Step 2 Configure the basic DHCP relay function. # Enable the DHCP service.
[DHCP-Relay] dhcp enable
# Assign an IP address to GE 2/0/0.

[DHCP-Relay] interface gigabitethernet 2/0/0 [DHCP-Relay-GigabitEthernet2/0/0] ip address 100.1.1.1 24 [DHCP-Relay-GigabitEthernet2/0/0] undo shutdown [DHCP-Relay-GigabitEthernet2/0/0] quit
# Configure a sub-interface that is to implement DHCP relay. Assign an IP address and subnet mask to the sub-interface so that the sub-interface and the DHCP client reside on the same segment.
[DHCP-Relay] interface gigabitethernet 1/0/0.1 [DHCP-Relay-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24 [DHCP-Relay-GigabitEthernet1/0/0.1] ip relay address 100.1.1.2 [DHCP-Relay-GigabitEthernet1/0/0.1] dhcp select relay [DHCP-Relay-GigabitEthernet1/0/0.1] undo shutdown [DHCP-Relay-GigabitEthernet1/0/0.1] quit
Step 3 Configure a DHCP server. # Enable a DHCP server.

<HUAWEI> system-view [HUAWEI] sysname DHCP-Server
# Configure the client on GE 1/0/0 to obtain IP addresses from the global address pool.
[DHCP-Server] interface gigabitethernet 1/0/0 [DHCP-Server-GigabitEthernet1/0/0] undo shutdown [DHCP-Server-GigabitEthernet1/0/0] ip address 100.1.1.2 24 [DHCP-Server-GigabitEthernet1/0/0] quit
# Configure the attributes for DHCP address pool 1, including the address pool range, the domain name, the egress gateway, the DNS address, and the address lease period.
[DHCP-Server] ip pool 1 server [DHCP-Server-dhcp-1] gateway 10.1.1.1 255.255.255.0 [DHCP-Server-dhcp-1] section 0 10.1.1.5 10.1.1.100 [DHCP-Server-dhcp-1] excluded-ip-address 10.1.1.1 10.1.1.3 [DHCP-Server-dhcp-1] dns-suffix huawei.com [DHCP-Server-dhcp-1] dns-server 10.1.1.2 [DHCP-Server-dhcp-1] netbios-name-server 10.1.1.3 [DHCP-Server-dhcp-1] lease 10 12 [DHCP-Server-dhcp-1] quit
Issue 01 (2011-05-30)
5-185
Step 4 Configure the sub-interface for QinQ termination on the DHCP relay and dynamic QinQ.
[DHCP-Relay] interface gigabitethernet 1/0/0.1 [DHCP-Relay-GigabitEthernet1/0/0.1] control-vid 1 qinq-termination dynamic [DHCP-Relay-GigabitEthernet1/0/0.1] qinq-dynamic max-access-user 3 [DHCP-Relay-GigabitEthernet1/0/0.1] qinq-dynamic user-queue 1024 bandwidth 51200 inbound [DHCP-Relay-GigabitEthernet1/0/0.1] qinq termination pe-vid 1 ce-vid 1 to 4094 [DHCP-Relay-GigabitEthernet1/0/0.1] qinq termination pe-vid 2 ce-vid 1 to 4094 [DHCP-Relay-GigabitEthernet1/0/0.1] dhcp option82 insert enable [DHCP-Relay-GigabitEthernet1/0/0.1] arp broadcast enable [DHCP-Relay-GigabitEthernet1/0/0.1] arp learning strict force-disable [DHCP-Relay-GigabitEthernet1/0/0.1] undo shutdown [DHCP-Relay-GigabitEthernet1/0/0.1] quit
NOTE
l On the DHCP relay, you need to use the dhcp option82 insert enable command or the dhcp option82 rebuild enable command to enable the sub-interface for QinQ VLAN tag termination to insert the Option 82 field into the DHCP message. If the QinQ sub-interface is not configured with Option 82, when accessing the DHCP relay service, the QinQ sub-interface encapsulates all the DHCP messages received from the DHCP relay with only the smallest VLAN ID configured on it and sends the messages to the client side. The other VLAN IDs are not processed. l The DHCP server must support the Option82 return function. Namely, the Offer or ACK message returned from the DHCP server must contain the Option82 information. l Run the arp learning strict force-disable command to unfetter the dynamic QinQ interface from global ARP rigid learning so that the dynamic QinQ interface can learn the ARP request sent by users.
Step 5 Enable DHCP snooping. 1. Enable global and interface-specific DHCP snooping.
[DHCP-Relay] dhcp snooping enable [DHCP-Relay] interface gigabitethernet 1/0/0.1 [DHCP-Relay-GigabitEthernet1/0/0.1] dhcp snooping enable [DHCP-Relay-GigabitEthernet1/0/0.1] quit [DHCP-Relay] interface gigabitethernet 2/0/0 [DHCP-Relay-GigabitEthernet2/0/0] dhcp snooping enable [DHCP-Relay-GigabitEthernet2/0/0] quit
2.
Configure a Trusted interface. # Configure the interface connecting to the DHCP server as a trusted interface and enable DHCP snooping on all the interfaces connecting to the DHCP client. (If the interface on the client side is not configured with "trusted", the default interface mode is "untrusted" after DHCP snooping is enabled on the interface.) This prevents the bogus DHCP server attack.
[DHCP-Relay] interface gigabitethernet 2/0/0 [DHCP-Relay-GigabitEthernet2/0/0] dhcp snooping trusted [DHCP-Relay-GigabitEthernet2/0/0] quit
3.
Check specific packets. # Check ARP packets and IP packets on the interface on the DHCP client side. This prevents the middleman attack and IP/MAC spoofing attack.
[DHCP-Relay] interface gigabitethernet 1/0/0.1 [DHCP-Relay-GigabitEthernet1/0/0.1] dhcp snooping check arp enable [DHCP-Relay-GigabitEthernet1/0/0.1] dhcp snooping check ip enable [DHCP-Relay-GigabitEthernet1/0/0.1] quit
# Check the DHCP request message on the interface on the DHCP client side. This prevents the attacker from sending bogus DHCP request messages for extending IP lease.
[DHCP-Relay] interface gigabitethernet 1/0/0.1 [DHCP-Relay-GigabitEthernet1/0/0.1] dhcp snooping check dhcp-request enable [DHCP-Relay-GigabitEthernet1/0/0.1] quit
5-186
Issue 01 (2011-05-30)
# Check CHADDR packets on the interface on the DHCP client side. This prevents the DoS attack that is launched by changing the CHADDR value.
[DHCP-Relay] interface gigabitethernet 1/0/0.1 [DHCP-Relay-GigabitEthernet1/0/0.1] dhcp snooping check dhcp-chaddr enable [DHCP-Relay-GigabitEthernet1/0/0.1] quit
4.
Restrict the sending rate of DHCP messages. # Check the sending rate of DHCP messages to prevent the attacker from sending DHCP request messages.
[DHCP-Relay] dhcp snooping check dhcp-rate 90 [DHCP-Relay] dhcp snooping check dhcp-rate enable
5.
Configure forwarding behaviors for the packets that do not contain DHCP snooping entries. # Configure how to process unmatched ARP and IP packets globally.
[DHCP-Relay] dhcp snooping nomatch-packet arp action discard [DHCP-Relay] dhcp snooping nomatch-packet ip action discard
# Configure how to process unmatched ARP and IP packets on the interface.

[DHCP-Relay] interface gigabitethernet 1/0/0.1 [DHCP-Relay-GigabitEthernet1/0/0.1] dhcp snooping nomatch-packet arp action discard [DHCP-Relay-GigabitEthernet1/0/0.1] dhcp snooping nomatch-packet ip action discard [DHCP-Relay-GigabitEthernet1/0/0.1] quit
6.
Send alarms to the NMS. # Send alarms to the NMS.

[DHCP-Relay] interface gigabitethernet 1/0/0.1 [DHCP-Relay-GigabitEthernet1/0/0.1] dhcp snooping alarm [DHCP-Relay-GigabitEthernet1/0/0.1] dhcp snooping alarm [DHCP-Relay-GigabitEthernet1/0/0.1] dhcp snooping alarm [DHCP-Relay-GigabitEthernet1/0/0.1] dhcp snooping alarm [DHCP-Relay-GigabitEthernet1/0/0.1] quit [DHCP-Relay] dhcp snooping check dhcp-rate alarm enable dhcp-reply enable arp enable dhcp-chaddr enable dhcp-request enable
# Set the threshold for the alarm message.

[DHCP-Relay] interface gigabitethernet 1/0/0.1 [DHCP-Relay-GigabitEthernet1/0/0.1] dhcp snooping alarm dhcp-reply threshold 10 [DHCP-Relay-GigabitEthernet1/0/0.1] dhcp snooping alarm arp threshold 10 [DHCP-Relay-GigabitEthernet1/0/0.1] dhcp snooping alarm dhcp-chaddr threshold 10 [DHCP-Relay-GigabitEthernet1/0/0.1] dhcp snooping alarm dhcp-request threshold 10 [DHCP-Relay-GigabitEthernet1/0/0.1] quit [DHCP-Relay] dhcp snooping check dhcp-rate alarm threshold 40
Step 6 Associate ARP with DHCP snooping. # The system sends the ARP packet to probe the IP address that expires within the aging time in the DHCP snooping entry and does not exist in the ARP entry. If no user is detected within the specified detection times, the system deletes the binding relationship in the DHCP binding table and notifies the DHCP server to release the IP address.
[DHCP-Relay] arp dhcp-snooping-detect enable
Step 7 Configure QinQ so that the packets sent from Switch to the DHCP relay carry double tags. # Configure Switch.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan batch 1 to 2 [Switch] interface gigabitethernet 2/0/0 [Switch-GigabitEthernet2/0/0] port trunk allow-pass vlan 1 to 2 [Switch-GigabitEthernet2/0/0] undo shutdown
Issue 01 (2011-05-30)
5-187
[Switch-GigabitEthernet2/0/0] quit [Switch] interface gigabitethernet [Switch-GigabitEthernet1/0/1] port [Switch-GigabitEthernet1/0/1] undo [Switch-GigabitEthernet1/0/1] quit [Switch] interface gigabitethernet [Switch-GigabitEthernet1/0/2] port [Switch-GigabitEthernet1/0/2] undo [Switch-GigabitEthernet1/0/2] quit
1/0/1 vlan-stacking vlan 1 to 4094 push vlan 1 inbound shutdown 1/0/2 vlan-stacking vlan 1 to 4094 push vlan 2 inbound shutdown
Step 8 Verify the configuration. The DHCP client can request valid IP addresses. Running the display this command on the termination sub-interface configured with dynamic QinQ, you can find that the control-vid dynamic command is configured on the sub-interface.
[DCHP-Relay-GigabitEthernet1/0/0.1] display this # interface GigabitEthernet1/0/0.1 control-vid 1 qinq-termination dynamic qinq termination pe-vid 2 ce-vid 1 to 4094 ip address 10.1.1.1 255.255.255.0 ip relay address 100.1.1.2 dhcp select relay dhcp snooping enable dhcp snooping check arp enable dhcp snooping alarm arp enable dhcp snooping alarm arp threshold 10 dhcp snooping nomatch-packet arp action discard dhcp snooping check ip enable dhcp snooping nomatch-packet ip action discard dhcp snooping alarm dhcp-reply enable dhcp snooping alarm dhcp-reply threshold 10 dhcp snooping check dhcp-chaddr enable dhcp snooping alarm dhcp-chaddr enable dhcp snooping alarm dhcp-chaddr threshold 10 dhcp snooping check dhcp-request enable dhcp snooping alarm dhcp-request enable dhcp snooping alarm dhcp-request threshold 10 dhcp option82 insert enable #
Running the display dhcp snooping global command on the DHCP relay, you can find that DHCP snooping is enabled in the global view and interface view. In addition, you can view the statistics of the alarm message sent to the NMS.
[DHCP-Relay] display dhcp snooping global dhcp snooping enable dhcp snooping nomatch-packet ip action discard dhcp snooping nomatch-packet arp action discard dhcp snooping check dhcp-rate enable dhcp snooping check dhcp-rate alarm enable dhcp snooping check dhcp-rate 90 dhcp snooping check dhcp-rate alarm threshold 40 [DHCP-Relay] display dhcp snooping interface gigabitethernet 1/0/0.1 dhcp snooping enable dhcp snooping check arp enable dhcp snooping alarm arp enable dhcp snooping alarm arp threshold 10 dhcp snooping nomatch-packet arp action discard dhcp snooping check ip enable dhcp snooping nomatch-packet ip action discard dhcp snooping alarm dhcp-reply enable dhcp snooping alarm dhcp-reply threshold 10 dhcp snooping check dhcp-chaddr enable dhcp snooping alarm dhcp-chaddr enable dhcp snooping alarm dhcp-chaddr threshold 10 dhcp snooping check dhcp-request enable dhcp snooping alarm dhcp-request enable
5-188
Issue 01 (2011-05-30)
dhcp snooping alarm dhcp-request threshold 10 arp total 0 ip total 0 dhcp-request total 0 chaddr&src mac total 0 dhcp-reply total 0 [DHCP-Relay] display dhcp snooping interface gigabitethernet 2/0/0 dhcp snooping enable dhcp snooping trusted arp total 0 ip total 0 dhcp-request total 0 chaddr&src mac total 0 dhcp-reply total 0 [DHCP-Relay] display dhcp option82 interface gigabitethernet 1/0/0.1 dhcp option82 insert enable interface GigabitEthernet1/0/0.1
----End
Configuration Files
l Configuration file of a DHCP relay
# sysname DHCP-Relay # dhcp snooping enable dhcp snooping nomatch-packet ip action discard dhcp snooping nomatch-packet arp action discard dhcp snooping check dhcp-rate enable dhcp snooping check dhcp-rate alarm enable dhcp snooping check dhcp-rate 90 dhcp snooping check dhcp-rate alarm threshold 40 # interface GigabitEthernet1/0/0 undo shutdown mode user-termination # interface GigabitEthernet1/0/0.1 undo shutdown control-vid 1 qinq-termination dynamic qinq-dynamic max-access-user 3 qinq-dynamic user-queue 1024 bandwidth 51200 inbound qinq termination pe-vid 1 ce-vid 1 to 4094 qinq termination pe-vid 2 ce-vid 1 to 4094 ip address 10.1.1.1 255.255.255.0 ip relay address 100.1.1.2 dhcp select relay arp learning strict force-disable dhcp snooping enable dhcp snooping check arp enable dhcp snooping alarm arp enable dhcp snooping alarm arp threshold 10 dhcp snooping nomatch-packet arp action discard dhcp snooping check ip enable dhcp snooping nomatch-packet ip action discard dhcp snooping alarm dhcp-reply enable dhcp snooping alarm dhcp-reply threshold 10 dhcp snooping check dhcp-chaddr enable dhcp snooping alarm dhcp-chaddr enable dhcp snooping alarm dhcp-chaddr threshold 10 dhcp snooping check dhcp-request enable dhcp snooping alarm dhcp-request enable dhcp snooping alarm dhcp-request threshold 10 dhcp option82 insert enable # interface GigabitEthernet2/0/0 undo shutdown dhcp snooping enable
Issue 01 (2011-05-30)
5-189
dhcp snooping trusted # arp dhcp-snooping-detect enable # return
Configuration file of a DHCP server

# sysname DHCP-Server # interface GigabitEthernet 1/0/0 undo shutdown ip address 100.1.1.2 255.255.255.0 # ip pool 1 server gateway 10.1.1.1 255.255.255.0 section 0 10.1.1.5 10.1.1.100 excluded-ip-address 10.1.1.1 10.1.1.3 dns-suffix huawei.com dns-server 10.1.1.2 netbios-name-server 10.1.1.3 lease 10 12 # return

# sysname Switch # vlan batch 1 to 2 # interface GigabitEthernet1/0/1 undo shutdown port vlan-stacking vlan 1 to 4094 push vlan 1 inbound # interface GigabitEthernet1/0/2 undo shutdown port vlan-stacking vlan 1 to 4094 push vlan 2 inbound # interface GigabitEthernet2/0/0 undo shutdown port trunk allow-pass vlan 1 to 2 # return
5.15.17 Example for Configuring the Sub-interface for VLAN Stacking to Access a VLL
VLL is a point-to-point L2VPN. Because the VLANIF interface does not support VLL, you have to use the main interface to access VPN. Such a configuration is not flexible because the same physical interface cannot be accessed by multiple users. To make one physical interface accessed by multiple users, you can use the VLAN-based QinQ function at different subinterfaces as mentioned previously. In this case, CE-VLANs on both sides must be symmetrical.
As shown in Figure 5-23, the sub-interfaces GE1/0/0.1 of CEs are connected to PEs through switches. The packet sent from the CE to the switch carries no tag. The switch then labels the packets from the CE with different outer tags according to the inbound interface. The packets sent from the switch to the PE carries one VLAN tag. It is required to configure the sub-interface for VLAN stacking on the PE to access an L2VPN to implement inter-communication between CE1 and CE2, and between CE3 and CE4.
Figure 5-23 Typical networking diagram of configuring the sub-interface for VLAN stacking to access a VLL
Loopback1 1.1.1.9/32 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32
PE1
POS1/0/0 100.1.1.1/24 POS1/0/0 GE2/0/0.1 100.1.1.2/24 GE1/0/0
POS1/0/0 100.1.2.2/24 POS2/0/0 100.1.2.1/24 GE2/0/0.1
PE2
GE1/0/0
Switch1
GE1/0/1 GE1/0/2 GE1/0/0 GE1/0/0 20.1.1.1/24 10.1.1.1/24
Switch2
GE1/0/1 GE1/0/0 10.1.1.2/24 GE1/0/2 GE1/0/0 20.1.1.2/24
CE1 VPN1 VLAN10
CE3 VPN1 VLAN20
CE2 VPN1 VLAN10
CE4 VPN1 VLAN20
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure the interface mode on PE1 and PE2 as the user termination mode. Run IGP on the backbone network to interconnect the devices. Enable basic MPLS capabilities to set up an LSP in the backbone network. Set up MPLS LDP remote peer relationship between the PEs at both ends of the PW. Configure the sub-interface for QinQ VLAN stacking on the client side to access an L2VPN on the PE. Configure Layer 2 forwarding on Switch.
Data Preparation
To complete the configuration, you need the following data: l l l l Names of the interfaces through which the PEs and the CEs are connected L2VC IDs that must be identical at both ends of the PW MPLS LSR IDs on the PEs and Ps IP addresses of the remote peers of the PEs
Procedure
# Configure PE2.
Step 2 Configure IGP on the MPLS backbone network. OSPF is configured in this example. Configure the IP addresses of the interfaces on the PEs and Ps, as shown in Figure 5-23. When you configure OSPF, advertise the IP addresses of the loopback interfaces on PE1, P, and PE2. # Configure PE1.
# Configure P.
<HUAWEI> system-view [HUAWEI] sysname P [P] interface LoopBack 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] interface pos 1/0/0 [P-Pos1/0/0] ip address 100.1.1.2 24 [P-Pos1/0/0] undo shutdown [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] ip address 100.1.2.1 24 [P-Pos2/0/0] undo shutdown [P-Pos2/0/0] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 100.1.2.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit
# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 100.1.2.2 24 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit
5-192
Issue 01 (2011-05-30)
[PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.1.2.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
After this step, PE1 and PE2 can discover the routes of Loopback1 through OSPF and ping through each other. Take the display on PE1 as an example:
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 100.1.1.2 Pos1/0/0 3.3.3.9/32 OSPF 10 3 D 100.1.1.2 Pos1/0/0 100.1.1.0/24 Direct 0 0 D 100.1.1.1 Pos1/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos1/0/0 100.1.2.0/24 OSPF 10 2 D 100.1.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 [PE1] ping 100.1.2.2 PING 100.1.2.2: 56 data bytes, press CTRL_C to break Reply from 100.1.2.2: bytes=56 Sequence=1 ttl=254 time=200 ms Reply from 100.1.2.2: bytes=56 Sequence=2 ttl=254 time=60 ms Reply from 100.1.2.2: bytes=56 Sequence=3 ttl=254 time=90 ms Reply from 100.1.2.2: bytes=56 Sequence=4 ttl=254 time=90 ms Reply from 100.1.2.2: bytes=56 Sequence=5 ttl=254 time=90 ms --- 100.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 60/106/200 ms
# Configure P.
Issue 01 (2011-05-30)
5-193
# Configure PE2.
After the preceding configurations, LDP sessions are set up between PE1 and P, and between PE1 and PE2. Running the display mpls ldp session command, you can view that the Status field is "Operational". Running the display mpls ldp lsp command, you can view the establishment status of the LDP LSP. Take the display on PE1 as an example:
[PE1] display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:01 5/5 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM [PE1] display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------------------1 1.1.1.9/32 3/NULL 127.0.0.1 Pos1/0/0/InLoop0 2 2.2.2.9/32 NULL/3 100.1.1.2 -------/Pos1/0/0 3 3.3.3.9/32 NULL/1024 100.1.1.2 -------/Pos1/0/0 4 100.1.2.0/24 NULL/3 100.1.1.2 -------/Pos1/0/0 -----------------------------------------------------------------------------TOTAL: 4 Normal LSP(s) Found. TOTAL: 0 Liberal LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale
Step 4 Set up remote LDP sessions between the PEs. # Configure PE1.
# Configure PE2.
After the configuration, LDP sessions can be set up between PE1 and P and between PE2 and P. Running the display mpls ldp session command, you can view that the Status is "Operational". Running the display mpls ldp lsp command, you can view the setup of the LDP LSP. Take PE1 as an example.
[PE1] display mpls ldp session LDP Session(s) in Public Network ------------------------------------------------------------------------------
5-194
Issue 01 (2011-05-30)
Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:15 64/64 3.3.3.9:0 Operational DU Passive 000:00:01 5/5 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM [PE1] display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------------------1 1.1.1.9/32 3/NULL 127.0.0.1 Pos1/0/0/InLoop0 2 2.2.2.9/32 NULL/3 100.1.1.2 -------/Pos1/0/0 3 3.3.3.9/32 NULL/1025 100.1.1.2 -------/Pos1/0/0 4 100.1.1.0/24 3/NULL 100.1.1.1 -------/Pos1/0/0 5 100.1.2.0/24 NULL/3 100.1.1.2 -------/Pos1/0/0 *6 100.1.2.0/24 Liberal -----------------------------------------------------------------------------TOTAL: 5 Normal LSP(s) Found. TOTAL: 1 Liberal LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale
Step 5 Enable MPLS L2VPN on the PEs and set up VCs, and configure the Sub-interface for VLAN Stacking. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface gigabitethernet 2/0/0.1 [PE1-GigabitEthernet2/0/0.1] qinq stacking vid 10 [PE1-GigabitEthernet2/0/0.1] qinq stacking vid 20 [PE1-GigabitEthernet2/0/0.1] mpls l2vc 3.3.3.9 101 [PE1-GigabitEthernet2/0/0.1] undo shutdown [PE1-GigabitEthernet2/0/0.1] quit
# Configure PE2.
[PE2] mpls l2vpn [PE1-l2vpn] quit [PE2] interface gigabitethernet 2/0/0.1 [PE2-GigabitEthernet2/0/0.1] qinq stacking vid 10 [PE2-GigabitEthernet2/0/0.1] qinq stacking vid 20 [PE2-GigabitEthernet2/0/0.1] mpls l2vc 1.1.1.9 101 [PE2-GigabitEthernet2/0/0.1] undo shutdown [PE2-GigabitEthernet2/0/0.1] quit
NOTE
Here, when configuring the sub-interface for QinQ VLAN stacking, you need to specify the value of only the inner VLAN tag. The value of the outer tag is not required. The outer VLA tag is appended automatically by the system.
Step 6 Configure the basic Layer 2 forwarding function and set the packet sent from the switch to the PE to carry one VLAN tag. # Configure Switch 1.
<HUAWEI> system-view [HUAWEI] sysname Switch1 [Switch1] vlan 10 [Switch1-vlan10] port gigabitethernet 1/0/1 [Switch1-vlan10] quit [Switch1] vlan 20 [Switch1-vlan20] port gigabitethernet 1/0/2 [Switch1-vlan20] quit [Switch1] interface gigabitethernet 1/0/0
Issue 01 (2011-05-30)
5-195
[Switch1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 20 [Switch1-GigabitEthernet1/0/0] undo shutdown [Switch1-GigabitEthernet1/0/0] quit
<HUAWEI> system-view [HUAWEI] sysname Switch2 [Switch2] vlan 10 [Switch2-vlan10] port gigabitethernet 1/0/1 [Switch2-vlan10] quit [Switch2] vlan 20 [Switch2-vlan20] port gigabitethernet 1/0/2 [Switch2-vlan20] quit [Switch2] interface gigabitethernet 1/0/0 [Switch2-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 20 [Switch2-GigabitEthernet1/0/0] undo shutdown [Switch2-GigabitEthernet1/0/0] quit
Configure IP addresses of the interfaces on CEs based on Figure 5-23. Set the packet sent from the CE to the switch to carry no VLAN tag. # Configure CE1.
# Configure CE2.
# Configure CE3.
# Configure CE4.
Step 7 Verify the configuration. On the PEs, you can view that an L2 VC is set up and is in the Up state. Take the display on PE1 as an example:
[PE1] display mpls l2vc Total ldp vc : 2 2 up 0 down *Client Interface : GigabitEthernet2/0/0.2 Session State : up AC Status : up
5-196
Issue 01 (2011-05-30)
VC State : VC ID : VC Type : Destination : Local VC Label : Remote VC Label : Control Word : Local VC MTU : Remote VC MTU : Tunnel Policy Name : Traffic Behavior Name: PW Template Name : Create time : UP time : Last change time : *Client Interface : Session State : AC Status : VC State : VC ID : VC Type : Destination : Local VC Label : Remote VC Label : Control Word : Local VC MTU : Remote VC MTU : Tunnel Policy Name : Traffic Behavior Name: PW Template Name : Create time : UP time : Last change time : up 102 vlan 3.3.3.9 21505 21505 Disable 1500 1500 ---0 days, 0 hours, 16 minutes, 0 days, 0 hours, 11 minutes, 0 days, 0 hours, 11 minutes, GigabitEthernet2/0/0.1 up up up 101 vlan 3.3.3.9 21504 21504 Disable 1500 1500 ---0 days, 0 hours, 12 minutes, 0 days, 0 hours, 12 minutes, 0 days, 0 hours, 12 minutes,
41 seconds 52 seconds 52 seconds
23 seconds 23 seconds 23 seconds
The hosts attached to CEs can ping through each other if they are in the same VLAN. Take the display on CE1 as an example:
[CE1] ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=80 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=30 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=60 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=60 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=60 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 30/58/80 ms
ms ms ms ms ms
----End
Configuration Files
# sysname PE1 # mpls lsr-id 1.1.1.9 mpls mpls l2vpn # mpls l2vpn default martini # mpls ldp # mpls ldp remote-peer 1
Issue 01 (2011-05-30)
5-197
remote-ip 3.3.3.9 # interface GigabitEthernet2/0/0 undo shutdown mode user-termination # interface GigabitEthernet2/0/0.1 undo shutdown qinq stacking vid 10 qinq stacking vid 20 mpls l2vc 3.3.3.9 101 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 # return
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 # return

# sysname PE2 # mpls lsr-id 3.3.3.9 mpls #
5-198
Issue 01 (2011-05-30)
mpls l2vpn mpls l2vpn default martini # mpls ldp # mpls ldp remote-peer 1 remote-ip 1.1.1.9 # interface GigabitEthernet2/0/0 undo shutdown mode user-termination # interface GigabitEthernet2/0/0.1 undo shutdown qinq stacking vid 10 qinq stacking vid 20 mpls l2vc 1.1.1.9 101 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.2.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.1.2.0 0.0.0.255 # return

# sysname Switch1 # vlan batch 10 20 # interface GigabitEthernet1/0/0 undo shutdown port trunk allow-pass vlan 10 20 # interface GigabitEthernet1/0/1 undo shutdown port default vlan 10 # interface GigabitEthernet1/0/2 undo shutdown port default vlan 20 # return

# sysname Switch2 # vlan batch 10 20 # interface GigabitEthernet1/0/0 undo shutdown port trunk allow-pass vlan 10 20 # interface GigabitEthernet1/0/1 undo shutdown port default vlan 10 # interface GigabitEthernet1/0/2
Issue 01 (2011-05-30)
5-199
undo shutdown port default vlan 20 # return




5.15.18 Example for Configuring the Sub-interface for QinQ VLAN Stacking to Access a VPLS Network
This example shows how to configure a Layer 3 sub-interface for QinQ stacking to access a VPLS network. The sub-interface adds an outer VLAN tag of the ISP network to the user packet. The sub-interface is bound to a VSI and accesses the VPLS network.
As shown in Figure 5-24, CEs are connected to PEs through switches. The packet sent from the switch to the switch carries no VLAN tags. The switch then labels the packets from the CE with different outer tags according to the inbound interface and send the packets to the PE. It is required to configure the sub-interface for QinQ VLAN stacking to access VPLS to implement interworking between CE1, CE2, and CE3, and between CE4, CE5, and CE6. The backbone network adopts Martini VPLS and uses LDP to set up PWs.
5-200
Issue 01 (2011-05-30)
Figure 5-24 Typical networking diagram of configuring the sub-interface for VLAN stacking to access VPLS
VPN1 VLAN10 CE3

GE1/0/0 10.1.1.3/24 GE1/0/1
VPN1 VLAN20 CE6

GE1/0/0 20.1.1.3/24 GE1/0/2
Switch3
GE1/0/0 GE2/0/0.1 POS1/0/0 100.1.1.2/30 POS1/0/1 100.1.2.1/30
PE3
POS1/0/1 100.1.1.1/30 Loopback1 1.1.1.9/32
POS1/0/0 100.1.3.1/30 GE2/0/0.1
POS1/0/0 100.1.3.2/30
POS1/0/1 100.1.2.2/30 Loopback1 2.2.2.9/32
PE1
GE1/0/0
GE2/0/0.1
PE2
GE1/0/0
Switch1
GE1/0/1 GE1/0/0 10.1.1.1/24 GE1/0/2 GE1/0/0 20.1.1.1/24
Switch2
GE1/0/1 GE1/0/0 10.1.1.2/24 GE1/0/2 GE1/0/0 20.1.1.2/24
CE1 VPN1 VLAN10
CE4 VPN1 VLAN20
CE2 VPN1 VLAN10
CE5 VPN1 VLAN20
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Run the IGP protocol to connect the devices on the backbone network. Configure the basic MPLS capabilities on the backbone network. Set up the LSP tunnel between PEs. Enable MPLS L2VPN on PEs. Create and then configure the VSI. Configure the sub-interface for QinQ VLAN stacking on PEs and bind VSIs and AC interfaces.
Issue 01 (2011-05-30)
7.
Configure the Layer 2 forwarding function on switches.
Data Preparation
To complete the configuration, you need the following data: l l l l l IP address of the interface Consistent L2VC IDs on the both ends of PW MPLS LSR-IDs on PEs VSI names on PE1, PE2, and PE3 Interface bound to VSI
Procedure
# Configure PE2.
# Configure PE3.
Step 2 Configure IGP on the MPLS backbone network. OSPF is used in this example. According to Figure 5-24, configure the addresses for the interfaces on PE. Configure OSPF to advertise the addresses of the loopback interfaces on PE1, PE2, and PE3. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] ip address 100.1.3.1 30 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit [PE1] interface pos 1/0/1 [PE1-Pos1/0/1] ip address 100.1.1.1 30 [PE1-Pos1/0/1] undo shutdown [PE1-Pos1/0/1] quit [PE1] ospf [PE1-ospf-1] area 0
5-202
Issue 01 (2011-05-30)
[PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1] quit network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.3 network 100.1.3.0 0.0.0.3 quit
# Configure PE2.
[PE2] interface LoopBack 1 [PE2-LoopBack1] ip address 2.2.2.9 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 100.1.3.2 30 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit [PE2] interface pos 1/0/1 [PE2-Pos1/0/1] ip address 100.1.2.2 30 [PE2-Pos1/0/1] undo shutdown [PE2-Pos1/0/1] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.1.3.0 0.0.0.3 [PE2-ospf-1-area-0.0.0.0] network 100.1.2.0 0.0.0.3 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
# Configure PE3.
After the preceding step, PE1 and PE2 both have routes, discovered through OSPF, to the loopback1 interface of each other. PE1 and PE3 also have routes, discovered through OSPF, to the loopback1 interface of each other. Take the display on PE1 as an example:
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 12 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 100.1.3.2 Pos1/0/0 3.3.3.9/32 OSPF 10 2 D 100.1.1.2 Pos1/0/1 100.1.1.0/30 Direct 0 0 D 100.1.1.1 Pos1/0/1 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos1/0/1 100.1.2.0/30 OSPF 10 2 D 100.1.1.2 Pos1/0/1 OSPF 10 2 D 100.1.3.2 Pos1/0/0 100.1.3.0/30 Direct 0 0 D 100.1.3.1 Pos1/0/0
Issue 01 (2011-05-30)
5-203
100.1.3.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.3.2/32 Direct 0 0 D 100.1.3.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 [PE1] ping 100.1.2.2 PING 100.1.2.2: 56 data bytes, press CTRL_C to break Reply from 100.1.2.2: bytes=56 Sequence=1 ttl=255 time=250 ms Reply from 100.1.2.2: bytes=56 Sequence=2 ttl=255 time=30 ms Reply from 100.1.2.2: bytes=56 Sequence=3 ttl=255 time=60 ms Reply from 100.1.2.2: bytes=56 Sequence=4 ttl=255 time=60 ms Reply from 100.1.2.2: bytes=56 Sequence=5 ttl=255 time=60 ms --- 100.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 30/92/250 ms
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls ldp [PE2] interface pos1/0/1 [PE2-Pos1/0/1] mpls [PE2-Pos1/0/1] mpls ldp [PE2-Pos1/0/1] quit
# Configure PE3.
After the configuration, the sessions between PE1, PE2 and PE3 are set up. Running the display mpls ldp session command, you can view that the Status field is "Operational". For example, the following displays the session information on PE1.
NOTE
Step 4 Enable MPLS L2VPN on the PE. # Configure PE1.

[PE1] mpls l2vpn
# Configure PE2.
[PE2] mpls l2vpn
# Configure PE3.
[PE3] mpls l2vpn
# Configure PE2.
# Configure PE3.
Step 6 Configure the sub-interface for QinQ VLAN stacking, and bind VSIs and AC interfaces. # Configure PE1
[PE1] interface gigabitethernet 2/0/0.1 [PE1-GigabitEthernet2/0/0.1] qinq stacking vid 10 [PE1-GigabitEthernet2/0/0.1] qinq stacking vid 20 [PE1-GigabitEthernet2/0/0.1] l2 binding vsi ldp1 [PE1-GigabitEthernet2/0/0.1] undo shutdown [PE1-GigabitEthernet2/0/0.1] quit
# Configure PE2.
# ConfigurePE3
NOTE
Here, when configuring the sub-interface for QinQ VLAN stacking, you need to specify the value of only the inner VLAN tag. The value of the outer tag is not required. The outer VLA tag is appended automatically by the system.
Step 7 Configure the Layer 2 forwarding function and set the packet sent from the switch to the PE to carry one VLAN tag. # Configure Switch 1.
5-206
Issue 01 (2011-05-30)
Configure IP addresses of the interfaces on CEs based on Figure 5-24. Set the packet sent from the CE to the switch to carry no VLAN tag. # Configure CE1.
# Configure CE2.
# Configure CE3.
# Configure CE4.
# Configure CE5.
# Configure CE6.
Step 8 Verify the configuration. Running the display qinq information stacking interface command, you can view the stacking information. The following displays the stacking information on PE1:
[PE1] display qinq information stacking interface gigabitethernet 2/0/0 GigabitEthernet2/0/0.1 VSI bound Total QinQ Num: 2 qinq Stacking vid 10
Issue 01 (2011-05-30)
5-207
qinq Stacking vid 20 Total vlan-group Num: 0
After the preceding configuration, run the display vsi ldp1 verbose command on PE1. You can find that PWs to PE2 and PE3 are set up on the VSI named ldp1. The VSI status is Up.
[PE1] display vsi bgp1 verbose ***VSI Name : ldp1 VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 VSI State : up VSI ID : 2 *Peer Router ID : 3.3.3.9 VC Label : 23552 Peer Type : dynamic Session : up Tunnel ID : 0x6002003, *Peer Router ID : 2.2.2.9 VC Label : 23553 Peer Type : dynamic Session : up Tunnel ID : 0x6002000, Interface Name : GigabitEthernet2/0/0.1 State : up **PW Information: *Peer Ip Address : 2.2.2.9 PW State : up Local VC Label : 23553 Remote VC Label : 23552 PW Type : label Tunnel ID : 0x6002000, *Peer Ip Address : 3.3.3.9 PW State : up Local VC Label : 23552 Remote VC Label : 23552 PW Type : label Tunnel ID : 0x6002003,
The hosts attached to CE1, CE2, and CE3 can ping through each other.
[CE1] ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=50 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=1 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/10/50 ms [CE1] ping 10.1.1.3 PING 10.1.1.3: 56 data bytes, press CTRL_C to break Reply from 10.1.1.3: bytes=56 Sequence=1 ttl=255 time=1 ms Reply from 10.1.1.3: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 10.1.1.3: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.1.1.3: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 10.1.1.3: bytes=56 Sequence=5 ttl=255 time=1 ms --- 10.1.1.3 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms
----End
Configuration Files
# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 2 peer 3.3.3.9 peer 2.2.2.9 # mpls ldp # interface GigabitEthernet2/0/0 undo shutdown mode user-termination # interface GigabitEthernet2/0/0.1 undo shutdown qinq stacking vid 10 qinq stacking vid 20 l2 binding vsi ldp1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.3.1 255.255.255.252 mpls mpls ldp # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.3 network 100.1.3.0 0.0.0.3 # return

# sysname PE2 # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 2 peer 1.1.1.9 peer 3.3.3.9 #
Issue 01 (2011-05-30)
5-209
mpls ldp # interface GigabitEthernet2/0/0 undo shutdown mode user-termination # interface GigabitEthernet2/0/0.1 undo shutdown qinq stacking vid 10 qinq stacking vid 20 l2 binding vsi ldp1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.3.2 255.255.255.252 mpls mpls ldp # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 100.1.2.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.3.0 0.0.0.3 network 100.1.2.0 0.0.0.3 # return

# sysname PE3 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 2 peer 1.1.1.9 peer 2.2.2.9 # mpls ldp # interface GigabitEthernet2/0/0 undo shutdown mode user-termination # interface GigabitEthernet2/0/0.1 undo shutdown qinq stacking vid 10 qinq stacking vid 20 l2 binding vsi ldp1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.252 mpls mpls ldp
5-210
Issue 01 (2011-05-30)
# interface Pos1/0/1 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.1.1.0 0.0.0.3 network 100.1.2.0 0.0.0.3 # return

# sysname Switch1 # vlan batch 10 20 # interface GigabitEthernet1/0/0 undo shutdown port trunk allow-pass vlan 10 20 # interface GigabitEthernet1/0/1 undo shutdown port default vlan 10 # interface GigabitEthernet1/0/2 udno shutdown port default vlan 20 # return

# sysname Switch2 # vlan batch 10 20 # interface GigabitEthernet1/0/0 undo shutdown port trunk allow-pass vlan 10 20 # interface GigabitEthernet1/0/1 undo shutdown port default vlan 10 # interface GigabitEthernet1/0/2 und shutdown port default vlan 20 # return

# sysname Switch3 # vlan batch 10 20 # interface GigabitEthernet1/0/0 undo shutdown port trunk allow-pass vlan 10 20 # interface GigabitEthernet1/0/1
Issue 01 (2011-05-30)
5-211
undo shutdown port default vlan 10 # interface GigabitEthernet1/0/2 undo shutdown port default vlan 20 # return






5-212
Issue 01 (2011-05-30)
5.15.19 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support URPF
To protect the CX600 against attacks based on source address spoofing, you need to enable URPF on the corresponding interface. This example describes how to configure sub-interfaces for QinQ VLAN tag termination to support URPF.
As shown in Figure 5-25, Switch A and Switch B access the ISP network through CX-A and CX-B. URPF is configured on the sub-interface for QinQ VLAN tag termination GE 2/0/0.1 of CX-A and CX-B to perform strict URPF for the packets with the outer VLAN tag as 100 and the inner VLAN tag as 10 to 20. Figure 5-25 Typical networking diagram of configuring the sub-interface for QinQ VLAN tag termination to support URPF
CX-A
POS1/0/0 100.1.1.1/24 POS1/0/0 100.1.1.2/24
CX-B
GE2/0/0.1 10.1.1.1/24 GE1/0/0
GE2/0/0.1 10.2.1.1/24 GE1/0/0
SwitchA
VLAN100 VLAN10 VLAN20 VLAN10
SwitchB
VLAN100 VLAN20
The configuration roadmap is as follows: 1. 2. Configure GE 2/0/0.1 of CX-A and CX-B as the sub-interface for QinQ VLAN tag termination. Enable URPF on GE 2/0/0.1.
Data Preparation
To complete the configuration, you need the following data: l l IP addresses of the interfaces QinQ VLAN tags to be terminated on the sub-interface for QinQ VLAN tag termination
Procedure
Step 1 Configure IGP. OSPF is used in this example. # Configure CX-A.
<HUAWEI> system-view [HUAWEI] sysname A [CX-A] interface pos 1/0/0 [CX-A-Pos1/0/0] ip address [CX-A-Pos1/0/0] quit [CX-A] ospf [CX-A-ospf-1] area 0 [CX-A-ospf-1-area-0.0.0.0] [CX-A-ospf-1-area-0.0.0.0] [CX-A-ospf-1-area-0.0.0.0] [CX-A-ospf-1] quit
100.1.1.1 24
network 100.1.1.0 0.0.0.255 network 10.1.1.0 0.0.0.255 quit
# Configure CX-B.
<HUAWEI> system-view [HUAWEI] sysname B [CX-B] interface pos 1/0/0 [CX-B-Pos1/0/0] ip address [CX-B-Pos1/0/0] quit [CX-B] ospf [CX-B-ospf-1] area 0 [CX-B-ospf-1-area-0.0.0.0] [CX-B-ospf-1-area-0.0.0.0] [CX-B-ospf-1-area-0.0.0.0] [CX-B-ospf-1] quit
100.1.1.2 24
network 100.1.1.0 0.0.0.255 network 10.2.1.0 0.0.0.255 quit
Step 2 Configure the sub-interface for QinQ VLAN tag termination and enable URPF. # Configure CX-A.
[CX-A] interface gigabitethernet 2/0/0 [CX-A-GigabitEthernet2/0/0] mode user-termination [CX-A-GigabitEthernet2/0/0] quit [CX-A] interface gigabitethernet 2/0/0.1 [CX-A-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination [CX-A-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10 to 20 [CX-A-GigabitEthernet2/0/0.1] ip address 10.1.1.1 24 [CX-A-GigabitEthernet2/0/0.1] arp broadcast enable [CX-A-GigabitEthernet2/0/0.1] ip urpf loose
# Configure CX-B.
[CX-B] interface gigabitethernet 2/0/0 [CX-B-GigabitEthernet2/0/0] mode user-termination [CX-B-GigabitEthernet2/0/0] quit [CX-B] interface gigabitethernet 2/0/0.1 [CX-B-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination [CX-B-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10 to 20 [CX-B-GigabitEthernet2/0/0.1] ip address 10.2.1.1 24 [CX-B-GigabitEthernet2/0/0.1] arp broadcast enable [CX-B-GigabitEthernet2/0/0.1] ip urpf loose
Step 3 Verify the configuration. Running the display qinq information termination interface command on CX-, you can view information about QinQ termination. Configuring the URPF check on the interace can effectively avoid the attack of the packets whith the pseudo IP addresses. ----End
Configuration Files
# sysname CX-A # interface GigabitEthernet2/0/0
5-214
Issue 01 (2011-05-30)
mode user-termination # interface GigabitEthernet2/0/0.1 control-vid 1 qinq-termination qinq termination pe-vid 100 ce-vid 10 to 20 ip address 10.1.1.1 255.255.255.0 arp broadcast enable ip urpf loose # interface Pos1/0/0 link-protocol ppp ip address 100.1.1.1 255.255.255.0 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 100.1.1.0 0.0.0.255 # return

# sysname CX-B # interface GigabitEthernet2/0/0 mode user-termination # interface GigabitEthernet2/0/0.1 control-vid 1 qinq-termination qinq termination pe-vid 100 ce-vid 10 to 20 ip address 10.2.1.1 255.255.255.0 arp broadcast enable ip urpf loose # interface Pos1/0/0 link-protocol ppp ip address 100.1.1.2 255.255.255.0 # ospf 1 area 0.0.0.0 network 10.2.1.0 0.0.0.255 network 100.1.1.0 0.0.0.255 # return
5.15.20 Example for Configuring the dot1q Termination Subinterface in a VSI to Support IGMP Snooping
You can configure a sub-interface for QinQ termination to support IGMP on only Layer 3 interfaces rather than Layer 2 interfaces.
In the networking shown in Figure 5-26, CE1 labels each multicast protocol packet received from hosts with one tag, and then sends the packets to PE1. After the sub-interface for dot1q VLAN tag termination is configured on PE1, PE1 accesses the VPLS network . After terminating the PW, PE2 joins the related multicast VLAN and accesses the multicast source. PE2 functions as a Superstratum PE (SPE) device, and PE1 functions an Underlayer PE (UPE) device. When HVPLS is deployed, multicast packets are broadcast in a VSI if PE1 and PE2 do not support IGMP snooping. This wastes network resources. After IGMP snooping is configured, multicast packets are sent to only access devices of multicast receivers.
In a stable network, the PW on PE1 is configured as a static router port in the VSI. In this manner, receivers can steadily receive the multicast data. To reduce the number of IGMP Query packets from the upstream CX device, you should configure PE2 as a querier. This saves bandwidths. Figure 5-26 Networking diagram of configuring the sub-interface for dot1q VLAN tag termination in a VSI to support IGMP snooping
Loopback1 1.1.1.1/32 PE1

Dot1q Termination IP 20
Loopback2 2.2.2.2/32 P
Loopback3 3.3.3.3/32 PE2 GE1/0/1
IGMP Source
GE1/0/1 GE1/0/1 GE1/0/0 GE1/0/0 GE1/0/0 MPLS Network GE1/0/1
CE1 GE1/0/0 PC
Device PE1 Interface GE1/0/0 GE1/0/1 Loopback1 P GE1/0/0 GE1/0/1 Loopback2 PE2 GE1/0/0 GE1/0/1 Loopback3 3.3.3.3/32 192.168.12.1/24 1.1.1.1/32 192.168.12.2/24 192.168.23.1/24 2.2.2.2/32 192.168.23.2/24 IP Address
5-216
Configure the termination mode on PE1 to the user termination mode. Configure basic VPLS functions. Enable global IGMP snooping and IGMP snooping for a VSI. Bind a VSI to an AC interface on PE1 and PE2 respectively.
5. 6.
Configure a PW on PE1, P, and PE2, and PE1, P, and PE2 accesses the VPLS network in asymmetrical mode. Configure static router ports and configure PE2 as a querier.
Data Preparation
To complete the configuration, you need the following data: l l l l ID of the multicast VLAN ID of the VLAN on CE1 ID of the VSI MPLS LSR ID of PE1, P, and PE2
Procedure
Step 1 Configure the mode of the QinQ interface on PE1 as user termination.
Step 2 Configure dot1q termination on PE1.

[PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] control-vid 1 dot1q-termination [PE1-GigabitEthernet1/0/0.1] dot1q termination vid 20 [PE1-GigabitEthernet1/0/0.1] quit
Step 3 Configure IGP on the MPLS backbone network. In this example, OSPF is adopted to advertise routes. When configuring OSPF, advertise the 32-bit loopback interface addresses of PE1, P, and PE2. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] ip address 192.168.12.1 24 [PE1-GigabitEthernet1/0/1] undo shutdown [PE1-GigabitEthernet1/0/1] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 196.168.12.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure P.
<HUAWEI> system-view [HUAWEI] sysname P [P] interface loopback 2 [P-LoopBack2] ip address 2.2.2.2 32 [P-LoopBack2] quit [P] interface gigabitethernet 1/0/0 [P-GigabitEthernet1/0/0] ip address 192.168.12.2 24 [P-GigabitEthernet1/0/0] undo shutdown [P-GigabitEthernet1/0/0] quit [P] interface gigabitethernet 1/0/1 [P-GigabitEthernet1/0/1] ip address 192.168.23.1 24
Issue 01 (2011-05-30)
5-217
[P-GigabitEthernet1/0/1] undo shutdown [P-GigabitEthernet1/0/1] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 192.168.12.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 192.168.23.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit
# Configure PE2.
<HUAWEI> system-view [HUAWEI] sysname PE2 [PE2] interface loopback 3 [PE2-LoopBack3] ip address 3.3.3.3 32 [PE2-LoopBack3] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] ip address 196.168.23.2 24 [PE2-GigabitEthernet1/0/0] undo shutdown [PE2-GigabitEthernet1/0/0] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 192.168.23.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
Step 4 Configure basic MPLS functions and LDP. # Configure PE1.

[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] mpls [PE1-GigabitEthernet1/0/1] mpls ldp [PE1-GigabitEthernet1/0/1]quit
# Configure PE2.
# Configure P.
[P] mpls lsr-id 2.2.2.2 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface gigabitethernet [P-GigabitEthernet1/0/0] mpls [P-GigabitEthernet1/0/0] mpls [P-GigabitEthernet1/0/0] quit [P] interface gigabitethernet [P-GigabitEthernet1/0/1] mpls [P-GigabitEthernet1/0/1] mpls [P-GigabitEthernet1/0/1] quit
1/0/0 ldp 1/0/1 ldp
5-218
Issue 01 (2011-05-30)
Step 5 Enable MPLS L2VPN and configure a VSI. # Configure PE1.

[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] vsi v123 static [PE1-vsi-v123] pwsignal ldp [PE1-vsi-v123-ldp] vsi-id 123 [PE1-vsi-v123-ldp] peer 3.3.3.3 [PE1-vsi-v123-ldp] quit [PE1-vsi-v123] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] vsi v123 static [PE2-vsi-v123] pwsignal ldp [PE2-vsi-v123-ldp] vsi-id 123 [PE2-vsi-v123-ldp] peer 1.1.1.1 upe [PE2-vsi-v123-ldp] quit [PE2-vsi-v123] quit
Step 6 Configure remote MPLS LDP sessions for PE1 and PE2. # Configure PE1.
[PE1] mpls ldp remote-peer PE2 [PE1-mpls-ldp-remote-PE2] remote-ip 3.3.3.3 [PE1-mpls-ldp-remote-PE2] quit
# Configure PE2.
Step 7 Bind the VSI and the interface on a PE. # Configure PE1.
[PE1] vlan 1 [PE1-vlan1] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] l2 binding vsi v123 [PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1 [PE2-GigabitEthernet1/0/1.1] vlan-type dot1q 20 [PE1-GigabitEthernet1/0/1.1] l2 binding vsi v123 [PE2-GigabitEthernet1/0/1.1] quit
Step 8 Enable IGMP snooping on PE1 and PE2 in the VSI. # Configure PE1. The configurations of PE2 is similar to the configuration of PE1 and are not mentioned here.
[PE1] vsi v123 [PE1-vsi-v123] igmp-snooping enable
Step 9 Configure the PW on PE1 as a static router port , and configure the querier on PE2. The default values are used for the querier. # Configure PE1.
[PE1] vsi v123
Issue 01 (2011-05-30)
5-219
[PE1-vsi-v123] igmp-snooping static-router-port remote-peer 3.3.3.3
# Configure PE2.
[PE2] igmp-snooping send-query enable [PE2] vsi v123 [PE2-vsi-v123] igmp-snooping querier enable [PE2-vsi-v123] quit
Step 10 Verify the configuration. Run the display dot1q information termination interface command on PE1, and you can view information about the configured sub-interface for dot1q VLAN tag termination. Take the display on PE1 as an example.
<PE1> display dot1q information termination interface gigabitethernet 1/0/0.1 GigabitEthernet1/0/0.1 vsi bound Total QinQ Num: 1 dot1q termination vid 20 Total vlan-group Num: 0 control-vid 1 dot1q-termination
Run the display mpls ldp session command, and you view that MPLS LDP sessions on PE1, P, and PE2 are in the Operational state. Take the display of PE1 as an example.
<PE1>display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:50 202/202 3.3.3.3:0 Operational DU Passive 000:00:25 102/102 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
Run the display igmp-snooping querier vsi command on PE1, and you can check whether the configuration of the querier succeeds. If the Enable state is displayed as shown in the following output, it indicates that the querier is enabled for VSI v123.
<PE1> display igmp-snooping querier vsi v123 VSI Querier-state ----------------------------------------------v123 Enable -----------------------------------------------
Run the display igmp-snooping router-port vsi command on PE1, and you can check whether the configuration of the static router port succeeds. If STATIC is displayed as shown in the following output, it indicates that PW (1.1.1.1/123) is configured as a static router port.
<PE1> display igmp-snooping router-port vsi v123 Port Name UpTime Expires Flags --------------------------------------------------------------------VSI v123, 1 router-port(s) PW(1.1.1.1/123) 00:06:59 -STATIC
----End
Configuration Files
l
5-220

# sysname PE1 # igmp-snooping send-query enable # vlan 20 igmp-snooping enable # mpls lsr-id 1.1.1.1 mpls # mpls l2vpn # vsi v123 static pwsignal ldp vsi-id 123 peer 3.3.3.3 igmp-snooping enable igmp-snooping static-router-port remote-peer 3.3.3.3 # mpls ldp # mpls ldp remote-peer pe2 remote-ip 3.3.3.3 undo remote-ip pwe3 # interface Gigabitethernet1/0/0 mode user-termination # interface Gigabitethernet1/0/0.1 control-vid 10 dot1qtermination dot1q termination vid 20 igmp enable l2 binding vsi v123 # interface Gigabitethernet1/0/1 ip address 192.168.12.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 192.168.12.0 0.0.0.255 # return
# sysname P # mpls lsr-id 2.2.2.2 mpls # mpls ldp # interface Gigabitethernet1/0/0 ip address 192.168.12.2 255.255.255.0 mpls mpls ldp # interface Gigabitethernet1/0/1 ip address 192.168.23.1 255.255.255.0 mpls
Issue 01 (2011-05-30)
5-221
mpls ldp # interface LoopBack2 ip address 2.2.2.2 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 192.168.12.0 0.0.0.255 network 192.168.23.0 0.0.0.255 # return

# sysname PE2 # vlan batch 10 # igmp-snooping send-query enable # mpls lsr-id 3.3.3.3 mpls # mpls l2vpn # vsi v123 static pwsignal ldp vsi-id 123 peer 1.1.1.1 igmp-snooping enable igmp-snooping querier enable # mpls ldp # mpls ldp remote-peer pe1 remote-ip 1.1.1.1 undo remote-ip pwe3 # interface Gigabitethernet1/0/0 ip address 192.168.23.2 255.255.255.0 mpls mpls ldp # interface Gigabitethernet1/0/1 undo shutdown # interface Gigabitethernet1/0/1.1 vlan-type dot1q 20 l2 binding vsi v123 igmp-snooping static-router-port vsi v123 # interface LoopBack3 ip address 3.3.3.3 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 192.168.23.0 0.0.0.255 # return

# sysname CE1 # vlan batch 20 # interface Gigabitethernet1/0/0 portswitch
5-222
Issue 01 (2011-05-30)
port default vlan 20 # interface Gigabitethernet1/0/1 portswitch port trunk allow-pass vlan 20 # return
5.15.21 Example for Configuring the QinQ Termination Subinterface in a VSI to Support IGMP Snooping
You can configure a sub-interface for QinQ termination to support IGMP snooping on only Layer 2 interfaces rather than Layer 3 interfaces.
In the network shown in Figure 5-27, Multicast protocol packets are labeled with an outer tag and an inner tag on CE1 and CE2 respectively, and then sent to PE1. After receiving the packets, PE1 terminates two tags, and then accesses the VPLS network in an asymmetrical manner. PE2 terminates the PW, joins the related multicast VLAN, and accesses the multicast source. PE2 functions as a Superstratum PE (SPE) device, and PE1 functions an Underlayer PE (UPE) device. When the Hierarchical Virtual Private LAN Service (HVPLS) is deployed, multicast packets are broadcast in a VSI if PE1 and PE2 do not support IGMP snooping. This wastes network resources. After IGMP snooping is configured, multicast packets are sent to only access devices of multicast receivers. In the network with a stable topology, the PW on PE1 is configured as a static router interface in the VSI. Therefore, receivers can steadily receive multicast data. To reduce the number of IGMP Query packets from the upstream CX device, you should configure PE2 as a querier. This saves bandwidths.
Issue 01 (2011-05-30)
5-223
Figure 5-27 Networking diagram of configuring the sub-interface for QinQ VLAN tag termination to support IGMP snooping in a VPLS network
Loopback1 1.1.1.1/32 PE1
Loopback2 2.2.2.2/32 P
Loopback3 3.3.3.3/32 PE2 GE1/0/1
IGMP Source
Q-in-Q Termination IP 20 100
GE1/0/1 GE1/0/1 GE1/0/0 GE1/0/0 GE1/0/0 MPLS Network GE1/0/1
CE1 VLAN100
IP 100
GE1/0/0 GE1/0/1
CE2 GE1/0/0 PC
Device PE1 Interface GE 1/0/0 GE 1/0/1 Loopback 1 P GE 1/0/0 GE 1/0/1 Loopback 2 PE2 GE 1/0/0 GE 1/0/1 Loopback 3 IP Address 192.168.12.1/24 1.1.1.1/32 192.168.12.2/24 192.168.23.1/24 2.2.2.2/32 192.168.23.2/24 3.3.3.3/32
5-224
Configure the termination mode on PE1 to the user termination mode. Configure basic VPLS functions. Enable global IGMP snooping and IGMP snooping for a VSI. Bind a VSI to an AC interface on PE1 and PE2 respectively.
5. 6.
Configure a PW on PE1, P, and PE2, and PE1, P, and PE2 accesses the VPLS network in asymmetrical mode. Configure static router ports and configure PE2 as a querier.
Data Preparation
To complete the configuration, you need the following data: l l l l Inner VLAN ID Outer VLAN ID ID of the VSI MPLS LSR IDs of PE1, P, and PE2
Procedure
Step 1 Configure the mode of the QinQ interface on PE1 to the user termination mode.
Step 2 Configure QinQ termination on PE1.

[PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] control-vid 10 qinq-termination [PE1-GigabitEthernet1/0/0.1] qinq termination l2 asymmetry [PE1-GigabitEthernet1/0/0.1] qinq termination pe-vid 20 ce-vid 100 [PE1-GigabitEthernet1/0/0.1] quit
Step 3 Configure IGP on the MPLS backbone network. In this example, OSPF is adopted to advertise routes. When configuring OSPF, advertise the 32-bit loopback interface addresses of PE1 and PE2. # Configure PE1.
# Configure P.
<HUAWEI> system-view [HUAWEI] sysname P [P] interface loopback 2 [P-LoopBack2] ip address 2.2.2.2 32 [P-LoopBack2] quit [P] interface gigabitethernet 1/0/0 [P-GigabitEthernet1/0/0] ip address 192.168.12.2 24 [P-GigabitEthernet1/0/0] undo shutdown [P-GigabitEthernet1/0/0] quit [P] interface gigabitethernet 1/0/1
Issue 01 (2011-05-30)
5-225
[P-GigabitEthernet1/0/1] ip address 192.168.23.1 24 [P-GigabitEthernet1/0/1] undo shutdown [P-GigabitEthernet1/0/1] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 192.168.12.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 192.168.23.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit
# Configure PE2.
<HUAWEI> system-view [HUAWEI] sysname PE2 [PE2] interface loopback 3 [PE2-LoopBack3] ip address 3.3.3.3 32 [PE2-LoopBack3]quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] ip address 196.168.23.2 24 [PE2-GigabitEthernet1/0/0] undo shutdown [PE2-GigabitEthernet1/0/0] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 192.168.23.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
Step 4 Configure basic MPLS functions and LDP. # Configure PE1.

# Configure PE2.
# Configure P.
[P] mpls lsr-id 2.2.2.2 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface gigabitethernet [P-GigabitEthernet1/0/0] mpls [P-GigabitEthernet1/0/0] mpls [P-GigabitEthernet1/0/0] quit [P] interface gigabitethernet [P-GigabitEthernet1/0/1] mpls [P-GigabitEthernet1/0/1] mpls
1/0/0 ldp 1/0/1 ldp
5-226
Issue 01 (2011-05-30)
[P-GigabitEthernet1/0/1] quit
Step 5 Enable MPLS L2VPN and configure a VSI. # Configure PE1.

[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] vsi v123 static [PE1-vsi-v123] pwsignal ldp [PE1-vsi-v123-ldp] vsi-id 123 [PE1-vsi-v123-ldp] peer 3.3.3.3 [PE1-vsi-v123-ldp] quit [PE1-vsi-v123] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] vsi v123 static [PE2-vsi-v123] pwsignal ldp [PE2-vsi-v123-ldp] vsi-id 123 [PE2-vsi-v123-ldp] peer 1.1.1.1 upe [PE2-vsi-v123-ldp] quit [PE2-vsi-v123] quit
Step 6 Configure remote MPLS LDP sessions for PE1 and PE2. # Configure PE1.
# Configure PE2.
Step 7 Bind the interface to the VSI on a PE. # Configure PE1. The configurations of GE 1/0/1 on PE2 are similar to the configuration of PE1, and are not mentioned here.
[PE1] vlan 10 [PE1-vlan10] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] l2 binding vsi v123 [PE1-GigabitEthernet1/0/0.1] quit
Step 8 Enable global IGMP snooping on the PE1 and PE2 and IGMP snooping in the VSI. # Configure PE1. The configurations of PE2 is similar to the configuration of PE1 and are not mentioned here.
[PE1] igmp-snooping enable [PE1] vsi v123 [PE1-vsi-v123] igmp-snooping enable
Step 9 Configure the PW on PE1 as a static router port, and configure the querier on PE2. The default values are used for the querier and thus no special configuration is required. # Configure PE1.
[PE1] vsi v123 [PE1-vsi-v123] igmp-snooping static-router-port remote-peer 3.3.3.3
# Configure PE2.
[PE2] igmp-snooping send-query enable [PE2] vsi v123 [PE2-vsi-v123] igmp-snooping querier enable [PE2-vsi-v123] quit
Step 10 Verify the configuration. Run the display qinq information termination interface command on PE1, and you can view information about the configured QinQ sub-interface.
<PE1> display qinq information termination interface gigabitethernet 1/0/0 GigabitEthernet1/0/0.1 VSI bound qinq termination l2 asymmetry Total QinQ Num: 1 qinq termination pe-vid 20 ce-vid 100 Total vlan-group Num: 0 control-vid 10 qinq-termination
Run the display mpls ldp session command, and you can view that the MPLS LDP sessions between PE1, P, and PE2 are in the Operational state. Take the display on PE1 as an example.
<PE1>display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:50 202/202 3.3.3.3:0 Operational DU Passive 000:00:25 102/102 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
Run the display igmp-snooping querier vsi command on PE1, and you can check whether the configuration of the querier succeeds. If the Enable state is displayed in the following output, it indicates that the querier is enabled for VSI v123.
<PE1> display igmp-snooping querier vsi v123 VSI Querier-state ----------------------------------------------v123 Enable
Run the display igmp-snooping router-port vsi command on PE1, and you can check whether the configuration of the static router port succeeds. If STATIC is displayed as shown in the following output, it indicates that PW (1.1.1.1/123) is configured as a static router port.
<PE1> display igmp-snooping router-port vsi v123 Port Name UpTime Expires Flags --------------------------------------------------------------------VSI v123, 1 router-port(s) PW(1.1.1.1/123) 00:06:59 -STATIC
Run the display igmp-snooping port-info [ vlan vlan-id [ group-address group-address ] | vsi vsi-name [ group-address group-address ] ] [ slot slot-id ] [ verbose ] on PE1, and you can view information about multicast VLAN tags and multicast groups on a specified QinQ interface.
<UPE> display igmp-snooping port-info ----------------------------------------------------------------------(Source, Group) Port Flag ----------------------------------------------------------------------VSI v123, 1 Entry(s) (1.1.1.1, 234.1.1.1) GE1/0/0.2(PE:20/CE:100) -D1 port(s) ----------------------------------------------------------------------<UPE> display igmp-snooping port-info slot 1
5-228
Issue 01 (2011-05-30)
----------------------------------------------------------------------(Source, Group) Port Flag ----------------------------------------------------------------------VSI v123, 1 Entry(s) (1.1.1.1, 234.1.1.1) P-GE1/1/0.2(PE:20/CE:100) -D1 port(s) include -----------------------------------------------------------------------
----End
Configuration Files
# sysname PE1 # igmp-snooping enable # igmp-snooping send-query enable # vlan 10 igmp-snooping enable # mpls lsr-id 1.1.1.1 mpls # mpls l2vpn # vsi v123 static pwsignal ldp vsi-id 123 peer 3.3.3.3 igmp-snooping enable igmp-snooping static-router-port remote-peer 3.3.3.3 # mpls ldp # mpls ldp remote-peer pe2 remote-ip 3.3.3.3 undo remote-ip pwe3 # interface Gigabitethernet1/0/0 mode user-termination # interface Gigabitethernet1/0/0.1 control-vid 10 qinq-termination qinq termination l2 asymmetry qinq termination pe-vid 20 ce-vid 100 l2 binding vsi v123 # interface Gigabitethernet1/0/1 ip address 192.168.12.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 192.168.12.0 0.0.0.255 # return
Issue 01 (2011-05-30)
5-229
# sysname P # mpls lsr-id 2.2.2.2 mpls # mpls ldp # interface Gigabitethernet1/0/0 ip address 192.168.12.2 255.255.255.0 mpls mpls ldp # interface Gigabitethernet1/0/1 ip address 192.168.23.1 255.255.255.0 mpls mpls ldp # interface LoopBack2 ip address 2.2.2.2 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 192.168.12.0 0.0.0.255 network 192.168.23.0 0.0.0.255 # return

# sysname PE2 # vlan batch 10 # igmp-snooping enable igmp-snooping send-query enable # mpls lsr-id 3.3.3.3 mpls # mpls l2vpn # vsi v123 static pwsignal ldp vsi-id 123 peer 1.1.1.1 igmp-snooping enable igmp-snooping querier enable # mpls ldp # mpls ldp remote-peer pe1 remote-ip 1.1.1.1 undo remote-ip pwe3 # interface Gigabitethernet1/0/0 ip address 192.168.23.2 255.255.255.0 mpls mpls ldp # interface Gigabitethernet1/0/1 undo shutdown portswitch port link-type access port default vlan 10 igmp-snooping static-router-port vlan 10 #
5-230
Issue 01 (2011-05-30)
interface Gigabitethernet1/0/1.1 vlan-type dot1q 10 l2 binding vsi v123 igmp-snooping static-router-port remote-peer 1.1.1.1 # interface LoopBack3 ip address 3.3.3.3 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 192.168.23.0 0.0.0.255 # return

# sysname CE1 # vlan batch 20 # interface Gigabitethernet1/0/0 portswitch port vlan-stacking vlan 100 stack-vlan 20 # interface Gigabitethernet1/0/1 portswitch port trunk allow-pass vlan 20 # return

# sysname CE2 # vlan batch 100 # interface Gigabitethernet1/0/0 portswitch port default vlan 100 # interface Gigabitethernet1/0/1 portswitch port trunk allow-pass vlan 100 # return
5.15.22 Example for Configuring the dot1q Termination Subinterface to Support IGMP and Access an L3VPN
IGMP is used by IP hosts and adjacent multicast static CX devices to establish multicast group memberships. Therefore, IGMP is applied where hosts and CX devices are connected. In addition, IGMP can be used where hosts and CX devices are of different versions. This example shows how to configure a sub-interface for Dot1q termination on a PE to support IGMP and to access a L3VPN. Thus, the hosts connected to the PE can join the related multicast groups to receive multicast traffic.
As shown in Figure 5-28, multicast protocol packets sent by CE1 to PE1 carry one tag. The subinterface for dot1q VLAN tag termination is configured on PE1, and PE1 can access the L3VPN.. Therefore, hosts connected to CE1 can join related multicast groups normally, and then receive multicast data.
Figure 5-28 Networking diagram of configuring the dot1q termination sub-interface to support IGMP and access an L3VPN
L3VPN Loopback1 Loopback1 Loopback1 1.1.1.9/32 2.2.2.9/32 3.3.3.9/32 Source GE1/0/1 GE1/0/1 P PE1 PE2 192.168.23.2/24 192.168.12.1/24 GE1/0/0 GE1/0/1 GE1/0/0.1 192.168.12.2/24 192.168.23.1/24 GE1/0/0.1 10.2.1.1/24 Dot1q Termination 10.1.1.1/24
GE1/0/0 CE1
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. 7. Configure the interface mode on PE1 and PE2 to the user termination mode. Enable global IGMP . Run an IGP to ensure the connectivity between devices on the backbone network. Configure basic MPLS functions on the backbone network. Configure a VPN instance and the sub-interface for dot1q VLAN tag termination on PE1 and bind the sub-interface for dot1q VLAN tag termination to the VPN instance. Enable IGMP on the dot1q termination sub-interfaces of PE1. Set up MP-IBGP peer relationships between the PEs.
Data Preparation
To complete the configuration, you need the following data: l l l l l l Name of the interface connecting the PE to the CE IP address of the interface IGMP version Names of the VPN instances on PE1 and PE2 RDs and VPN targets of the VPN instances Tag values of the sub-interface for QinQ VLAN tag termination
Procedure
Step 1 Configure the interface mode to the user termination mode. # Configure PE1.
# Configure PE2.
Step 2 Configure an IGP over the MPLS backbone network. OSPF is used as the IGP protocol in this example. Assign an IP address to each interface on the PEs and P as shown in Figure 5-28. When configuring OSPF, advertise the 32-bit loopback interface addresses of PE1, P, and PE2. # Configure PE1.
# Configure P.
<HUAWEI> system-view [HUAWEI] sysname P [P] interface LoopBack 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] interface gigabitethernet 1/0/0 [P-GigabitEthernet1/0/0] ip address 192.168.12.2 24 [P-GigabitEthernet1/0/0] undo shutdown [P-GigabitEthernet1/0/0] quit [P] interface gigabitethernet 1/0/1 [P-GigabitEthernet1/0/1] ip address 192.168.23.1 24 [P-GigabitEthernet1/0/1] undo shutdown [P-GigabitEthernet1/0/1] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 192.168.12.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 192.168.23.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit
# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] interface gigabitethernet 1/0/1 [PE2-GigabitEthernet1/0/1] ip address 192.168.23.1 24 [PE2-GigabitEthernet1/0/1] undo shutdown
Issue 01 (2011-05-30)
5-233
[PE2-GigabitEthernet1/0/1] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 192.168.23.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
After the preceding configurations, PE1 and PE2 have routes discovered through OSPF to Loopback 1 of each other. PE1 and PE2 can ping through each other. Step 3 Enable basic MPLS functions and LDP over the MPLS backbone network. # Configure PE1.
# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface gigabitethernet1/0/0 [P-GigabitEthernet1/0/0] mpls [P-GigabitEthernet1/0/0] mpls ldp [P-GigabitEthernet1/0/0] quit [P] interface gigabitethernet1/0/1 [P-GigabitEthernet1/0/1] mpls [P-GigabitEthernet1/0/1] mpls ldp [P-GigabitEthernet1/0/1] quit
# Configure PE2.
After the preceding configurations, LDP sessions should be set up between PE1 and P, and between PE2 and P. Running the display mpls ldp session command, you can view that Status is Operational. Run the display mpls ldp command, and you can view whether LDP sessions are set up. Take the display on PE1 as an example.
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Active 000:00:05 22/22
5-234
Issue 01 (2011-05-30)
-----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM <PE1> display mpls ldp LDP Global Information -----------------------------------------------------------------------------Protocol Version : V1 Neighbor Liveness : 600 Sec Graceful Restart : Off FT Reconnect Timer : 300 Sec MTU Signaling : On Recovery Timer : 300 Sec LDP Instance Information -----------------------------------------------------------------------------Instance ID : 0 VPN-Instance : Instance Status : Active LSR ID : 1.1.1.9 Hop Count Limit : 32 Path Vector Limit : 32 Loop Detection : Off DU Re-advertise Timer : 10 Sec DU Re-advertise Flag : On DU Explicit Request : Off Request Retry Flag : On Label Distribution Mode : Ordered Label Retention Mode : Liberal ------------------------------------------------------------------------------
Step 4 Configure VPN instances on the PEs. Bind VPN instances and sub-interfaces for dot1q VLAN tag termination. # Configure PE1.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] multicast routing-enable [PE1-vpn-instance-vpn1] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] control-vid 10 dot1q-termination [PE1-GigabitEthernet1/0/0.1] dot1q termination vid 100 [PE1-GigabitEthernet1/0/0.1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24 [PE1-GigabitEthernet1/0/0.1] arp broadcast enable [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2.
[PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 100:1 both [PE2-vpn-instance-vpn1] multicast routing-enable [PE2-vpn-instance-vpn1] quit [PE2] interface gigabitethernet 1/0/0.1 [PE2-GigabitEthernet1/0/0.1] control-vid 10 dot1q-termination [PE2-GigabitEthernet1/0/0.1] dot1q termination vid 100 [PE2-GigabitEthernet1/0/0.1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet1/0/0.1] ip address 10.2.1.1 24 [PE2-GigabitEthernet1/0/0.1] arp broadcast enable [PE2-GigabitEthernet1/0/0.1] undo shutdown [PE2-GigabitEthernet1/0/0.1] quit
NOTE
Values of VLAN IDs for dot1q termination on different sub-interfaces cannot overlap.
After the configuration, run the display ip vpn-instance verbose command on the PEs to view the configurations of VPN instances. Take the display on PE1 as an example.
<PE1> display ip vpn-instance verbose Total VPN-Instances configured : 1
Issue 01 (2011-05-30)
5-235
VPN-Instance Name and ID : vpn1, 1 Create date : 2008/08/29 10:50:18 Up time : 0 days, 00 hours, 16 minutes and 52 seconds Route Distinguisher : 100:1 Export VPN Targets : 100:1 Import VPN Targets : 100:1 Label policy : label per route The diffserv-mode Information is : uniform The ttl-mode Information is : pipe Interfaces : Gigabitethernet1/0/0.1
Step 5 Set up MP-IBGP peer relationships between the PEs. # Configure PE1.
# Configure PE2.
After the configuration, run the display bgp peer or display bgp vpnv4 all peer command on a PE, and you can view that the BGP peer relationship between PEs is in the Established state.
[PE1] display bgp peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peer V AS MsgRcvd MsgSent 6
Peers in established state : 1 OutQ Up/Down State PrefRcv 0
3.3.3.9 4 100 2 [PE1] display bgp vpnv4 all peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peer 3.3.3.9 V 4 AS 100 MsgRcvd 4
0 00:01:03 Established
Peers in established state : 1 MsgSent 8 OutQ Up/Down State PrefRcv 0
0 00:03:06 Established
Step 6 Enable global IGMP and configure the IGMP version. # Configure PE1, enable IGMP and PIM-SM on PE1, and configure the IGMP version to IGMPv2. The configurations of PE2 and P are the same as that of PE1, and are not mentioned here.
[PE1] multicast routing-enable [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] pim sm [PE1-GigabitEthernet1/0/0] igmp enable [PE1-GigabitEthernet1/0/0] igmp version 2 [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] pim sm [PE1-GigabitEthernet1/0/0.1] igmp enable [PE1-GigabitEthernet1/0/0.1] igmp version 2
5-236
Issue 01 (2011-05-30)
Step 7 Configure the Layer 2 forwarding function. # Configure CE1.

<HUAWEI> system-view [HUAWEI] sysname CE1 [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit
Step 8 Verify the configuration. Run the display dot1q information termination command, and you can view information about the configured sub-interface for dot1q VLAN tag termination. You can also find that the subinterfaces are bound to the L3VPN. Take the display on PE1 as an example.
<PE1> display dot1q information termination interface gigabitethernet 1/0/0.1 GigabitEthernet1/0/0.1 L3VPN bound Total QinQ Num: 1 dot1q termination vid 100 Total vlan-group Num: 0 control-vid 10 dot1q-termination
Run the display igmp [ vpn-instance vpn-instance-name | all-instance ] group [ groupaddress | interface interface-type interface-number ] [ verbose ] command, and you can view information about members of a group.
[PE1]display igmp group Interface group report information of VPN-Instance: public net GigabitEthernet1/0/1.1(1.1.1.9): Total 1 IGMP Group reported Group Address Last Reporter Uptime Expires 227.0.0.1 192.168.12.1 00:00:05 00:02:05
----End
Configuration Files
# sysname PE1 # multicast routingenable # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 100:1 exportextcommunity vpn-target 100:1 importextcommunity # mpls lsr-id 1.1.1.9 mpls
Issue 01 (2011-05-30)
5-237
# mpls ldp # interface Gigabitethernet1/0/0 mode usertermination ip address 191.162.1.1 255.255.255.0 pim sm igmp enable # interface Gigabitethernet1/0/0.1 control-vid 10 dot1qtermination dot1q termination vid 100 ip binding vpn-instance vpn1 ip address 10.1.1.1 255.255.255.0 igmp enable arp broadcast enable # interface Gigabitethernet1/0/1 ip address 192.168.12.1 255.255.255.0 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpntarget peer 3.3.3.9 enable # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 192.168.12.0 0.0.0.255
5-238
Issue 01 (2011-05-30)
# return
# sysname P # multicast routingenable # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Gigabitethernet1/0/0 ip address 192.168.12.2 255.255.255.0 pim sm igmp enable mpls mpls ldp # interface Gigabitethernet1/0/1 ip address 192.168.23.1 255.255.255.0 pim sm igmp enable mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 192.168.12.0 0.0.0.255 network 192.168.23.0 0.0.0.255 # return

# sysname PE2 # multicast routingenable #
Issue 01 (2011-05-30)
5-239
ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 100:1 exportextcommunity vpn-target 100:1 importextcommunity # mpls lsr-id 3.3.3.9
mpls # mpls ldp # interface Gigabitethernet1/0/0 mode user-termination pim sm igmp enable # interface Gigabitethernet1/0/0.1 control-vid 10 dot1qtermination dot1q termination vid 100 ip binding vpn-instance vpn1 ip address 10.2.1.1 255.255.255.0 igmp enable arp broadcast enable # interface Gigabitethernet1/0/1 ip address 192.168.23.2 255.255.255.0 pim sm igmp enable mpls mpls ldp # interface LoopBack3 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack3 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family
5-240
Issue 01 (2011-05-30)
vpnv4 policy vpntarget peer 1.1.1.9 enable # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 192.168.23.0 0.0.0.255 # return

# sysname CE1 # vlan batch 100 # interface gigabitethernet1/0/0 undo shutdown port trunk allow-pass vlan 100 # return
5.15.23 Example for Configuring the QinQ Termination Subinterface to Support IGMP and Access an L3VPN
By sending IGMP Query messages to hosts and receiving IGMP Join messages and IGMP Leave messages from hosts, a multicast CX device can identify the receivers (multicast group members) on the connected network segment. This example shows how to configure a sub-interface for QinQ termination to support IGMP on a PE and to access a L3VPN. Thus, the hosts connected to the PE can communicate with the upper-layer multicast source.
As shown in Figure 5-29, CE1 sends the data packets of users to PE1 through CE2. CE2 labels the user packets received from CE1 with tag 100. Thus, the multicast protocol packets of users sent by CE2 to PE1 carry two tags. Configure the sub-interface for QinQ VLAN tag termination to support IGMP on PE1. PE1 can then access the L3VPN. Therefore, the hosts connected to PE1 can interwork with the upper-layer multicast source.
Issue 01 (2011-05-30)
5-241
Figure 5-29 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support IGMP and Access an L3VPN
L3VPN Loopback1 Loopback1 Loopback1 3.3.3.9/32 2.2.2.9/32 1.1.1.9/32 Source GE1/0/1 PE2 GE1/0/1 P PE1 192.168.23.2/24 192.168.12.1/24 GE1/0/0 GE1/0/1 GE1/0/0.1 192.168.12.2/24 192.168.23.1/24 10.2.1.1/24 GE1/0/0.1 Q-in-Q 10.1.1.1/24 Termination GE1/0/0 CE2 GE1/0/1 GE1/0/0 CE1
VLAN 100
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure the interface mode on PE1 and PE2 to the user termination mode. Run an IGP to ensure the connectivity of devices on the backbone network. Configure basic MPLS functions on the backbone network. Configure a VPN instance and the sub-interface for QinQ VLAN tag termination on a PE and bind the VPN instance to the sub-interface for QinQ VLAN tag termination on the PE. Configure EBGP on the CE and the PE to exchange VPN routing information. Set up MP-IBGP peer relationships between the PEs.
Data Preparation
To complete the configuration, you need the following data: l l l l l l Name of the interface connecting the PE to the CE IP address of the interface. IGMP version Names of the VPN instances on PE1 and PE2 RDs and VPN targets of the VPN instances Tag values of the sub-interface for QinQ termination
5-242
Issue 01 (2011-05-30)
Procedure
Step 1 Configure the interface mode to the user termination mode. # Configure PE1.
# Configure PE2.
Step 2 Configure an IGP over the MPLS backbone network, and configure basic MPLS functions and LDP. For details, see Example for Configuring the dot1q Termination Sub-interface to Support IGMP and Access an L3VPN. Step 3 Configure VPN instances on the PEs. Bind the VPN instances and the sub-interfaces for QinQ VLAN tag termination. # Configure PE1.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] multicast routing-enable [PE1-vpn-instance-vpn1] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] control-vid 20 qinq-termination [PE1-GigabitEthernet1/0/0.1] qinq termination pe-vid 10 ce-vid 100 [PE1-GigabitEthernet1/0/0.1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24 [PE1-GigabitEthernet1/0/0.1] arp broadcast enable [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2.
[PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 100:1 both [PE2-vpn-instance-vpn1] multicast routing-enable [PE2-vpn-instance-vpn1] quit [PE2] interface gigabitethernet 1/0/0.1 [PE2-GigabitEthernet1/0/0.1] control-vid 1 qinq-termination [PE2-GigabitEthernet1/0/0.1] qinq termination pe-vid 10 ce-vid 100 [PE2-GigabitEthernet1/0/0.1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet1/0/0.1] ip address 10.2.1.1 24 [PE2-GigabitEthernet1/0/0.1] arp broadcast enable [PE2-GigabitEthernet1/0/0.1] undo shutdown [PE2-GigabitEthernet1/0/0.1] quit
NOTE
When you run the qinq termination command, specify two different values of ce-vid on the two subinterfaces if the values of pe-vid on the two sub-interfaces are the same.
Step 4 Set up MP-IBGP peer relationships between PEs. # Configure PE1.

# Configure PE2.
Step 5 Set up the EBGP peer relationships between the PEs and the CEs to import VPN routes. # Configure CE1.
<HUAWEI> system-view [HUAWEI] sysname CE1 [CE1] bgp 65410 [CE1-bgp] peer 10.1.1.1 as-number 100 [CE1-bgp] import-route direct
# Configure PE1.
[PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.2 as-number 65410 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit
# Configure PE2.
[PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.2.1.2 as-number 65420 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit
After the configuration, run the display bgp peer or display bgp vpnv4 all peer command on a PE, and you can view that the BGP peer relationship between PEs is in the Established state. Step 6 Enable global IGMP and configure the IGMP version. # Configure PE1, enable IGMP and PIM-SM on PE1, and configure the IGMP version to IGMPv2. The configurations of PE2 and P are the same as that of PE1, and are not mentioned here.
[PE1] multicast routing-enable [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] pim sm [PE1-GigabitEthernet1/0/0] igmp enable [PE1-GigabitEthernet1/0/0] igmp version 2 [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] pim sm [PE1-GigabitEthernet1/0/0.1] igmp enable [PE1-GigabitEthernet1/0/0.1] igmp version 2 [PE1-GigabitEthernet1/0/0.1] quit
Step 7 Configure the QinQ function. The packets sent by the CEs to the PEs then carry double tags. # Configure CE1.
[CE1] vlan 100 [CE1-vlan100] quit
5-244
Issue 01 (2011-05-30)
[CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 100 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit
# Configure CE2.
<HUAWEI> system-view [HUAWEI] sysname CE2 [CE2] vlan 10 [CE2-vlan10] quit [CE2] interface gigabitethernet [CE2-GigabitEthernet1/0/1] port [CE2-GigabitEthernet1/0/1] undo [CE2-GigabitEthernet1/0/1] quit [CE2] interface gigabitethernet [CE2-GigabitEthernet1/0/1] port [CE2-GigabitEthernet1/0/1] undo [CE2-GigabitEthernet1/0/1] quit
1/0/1 vlan-stacking vlan 100 stack-vlan 10 shutdown 1/0/0 trunk allow-pass vlan 10 shutdown
Step 8 Verify the configuration. Run the display qinq information termination command, and you can view information about QinQ termination and that the sub-interface is bound to the L3VPN. Take the display on PE1 as an example.
<PE1> display qinq information termination interface gigabitethernet 1/0/0 GigabitEthernet1/0/0.1 VSI bound qinq termination l2 asymmetry Total QinQ Num: 1 qinq termination pe-vid 10 ce-vid 100 Total vlan-group Num: 0 control-vid 20 qinq-termination
Run the display igmp [ vpn-instance vpn-instance-name | all-instance ] group [ groupaddress | interface interface-type interface-number ] [ verbose ] command, and you can view information about members of a group.
<PE1> display igmp group Interface group report information of VPN-Instance: public net GigabitEthernet1/0/1.1(1.1.1.9): Total 1 IGMP Group reported Group Address Last Reporter Uptime Expires 226.0.0.1 192.168.0.1 00:00:03 00:02:07
----End
Configuration Files
# sysname CE1 # vlan batch 100 # interface GigabitEthernet1/0/0 undo shutdown port trunk allow-pass vlan 100 # bgp 65410 peer 10.1.1.1 as-number 100 # ipv4-family unicast undo synchronization import-route direct
Issue 01 (2011-05-30)
5-245
peer 10.1.1.1 enable # return

# sysname CE2 # vlan batch 10 # interface GigabitEthernet1/0/1 undo shutdown port vlan-stacking vlan 100 stack-vlan 10 # interface GigabitEthernet1/0/0 undo shutdown port trunk allow-pass vlan 10 # return

# sysname PE1 # multicast routingenable # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 100:1 exportextcommunity vpn-target 100:1 importextcommunity # mpls lsr-id 1.1.1.9 mpls # mpls ldp # interface Gigabitethernet1/0/0 mode usertermination ip address 191.162.1.1 255.255.255.0 pim sm igmp enable mpls mpls ldp # interface Gigabitethernet1/0/0.1 control-vid 20 qinqtermination qinq termination pe-vid 10 ce-vid 100 ip binding vpn-instance vpn1 ip address 10.1.1.1 255.255.255.0
5-246
Issue 01 (2011-05-30)
arp broadcast enable # interface Gigabitethernet1/0/1 ip address 192.168.12.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpntarget peer 3.3.3.9 enable # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 192.168.12.0 0.0.0.255 # return
# sysname P # multicast routingenable # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Gigabitethernet1/0/0 ip address 192.168.12.2 255.255.255.0 mpls mpls
Issue 01 (2011-05-30)
5-247
ldp # interface Gigabitethernet1/0/1 ip address 192.168.23.1 255.255.255.0 pim sm igmp enable mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 192.168.12.0 0.0.0.255 network 192.168.23.0 0.0.0.255 # return

# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 100:1 exportextcommunity vpn-target 100:1 importextcommunity # mpls lsr-id 3.3.3.9 mpls # mpls ldp # interface Gigabitethernet1/0/0 mode user-termination pim sm igmp enable # interface Gigabitethernet1/0/0.1 control-vid 20 qinqtermination qinq termination pe-vid 10 ce-vid 100 ip binding vpn-instance vpn1 ip address 10.2.1.1 255.255.255.0
5-248
Issue 01 (2011-05-30)
arp broadcast enable # interface Gigabitethernet1/0/1 ip address 192.168.23.2 255.255.255.0 pim sm igmp enable mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack3 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpntarget peer 1.1.1.9 enable # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 192.168.23.0 0.0.0.255 # return
5.15.24 Example for Configuring the QinQ Termination Subinterface to Support Single-AS MD VPN
By configuring sub-interfaces for QinQ VLAN tag termination on a PE, access users can join multicast groups and receive multicast data.
NOTE
The example for configuring the QinQ termination sub-interface to support single-AS MD VPN cannot be configured on the X1 and X2 models of the CX600.
Issue 01 (2011-05-30)
5-249
In the single-AS MPLS/BGP VPN shown in Figure 5-30, the MD solution is used to deploy multicast services. On PE-B and PE-C, configure sub-interfaces for QinQ termination to access VPNs. Ensure that the users of CE-Bc can join the required multicast groups to receive multicast traffic. Figure 5-30 Networking diagram of configuring single-AS MD VPN
Source
VPN BLUE
GE1
Loopback1 GE2 Loopback1
CE-Bb
Public PE-B GE1

GE2
GE2.1
PE-C
GE3 GE1 GE3.1 GE2 Loopback2
Loopback1
CE-Bc
GE1
VPN BLUE PC
NOTE
In Table 5-7, GE1 stands for GE 1/0/0, GE2 stands for GE 2/0/0, GE3 stands for GE 3/0/0, GE2.1 stands for GE 2/0/0.1 and GE3.1 stands for GE 3/0/0.1. The IP address of each interface is shown in the following table. The devices support two processing modes of the multicast VPN service: distributed mode and integrated mode. In distributed mode, you must run the multicast-vpn slot command to specify the slot that supports multicast VPN in all cases except that both the upstream and downstream interfaces of the LPUF-20/21 or LPUF-40 forwarding multicast VPN traffic are physical interfaces. In integrated mode, you must run the set board-type slot and multicast-vpn slot commands to set the service mode of the SPUC to be Tunnel mode and enable multicast VPN on an SPUC separately. The following configuration example use the distributed mode to configure the multicast VPN service.
Table 5-7 Configuration information about interfaces Device P IP Address of Interface GE2: 192.168.7.2/24 GE3: 192.168.8.2/24 Loopback1: 2.2.2.2/32 PE-B GE1: 192.168.7.1/24 GE2.1: 10.110.3.1/24 Remarks Functioning as C-RP of the public network Public network instance VPN-BLUE instance
5-250
Issue 01 (2011-05-30)
Device
IP Address of Interface Loopback1: 1.1.1.2/32
Remarks Public network instance Loopback 1 interfaces of PE-A, PE-B, and PE-C set up IBGP peer relationships.
PE-C
GE1: 192.168.8.1/24 GE3.1: 10.110.6.1/24 Loopback1: 1.1.1.3/32
Public network instance VPN-BLUE instance Public network instance Loopback 1 interfaces of PE-A, PE-B, and PE-C set up IBGP peer relationships.
Loopback2: 33.33.33.33/32
VPN-BLUE instance Acts as C-RP of VPN-BLUE
Source PC
10.110.8.2/24 10.110.11.2/32
Multicast source in the VPN-BLUE Multicast receiver in the VPN-BLUE
Table 5-8 Networking requirements of Single-AS MD VPN solution Item Multicast source/ receiver VPN instance which the interfaces on PEs belong to Routing protocol and MPLS Multicast function PIM function Networking Requirements Multicast source of VPN BLUE is Source. The receiver is PC. In VPN BLUE, Share-Group address is 239.2.2.2 and Switch-Group address pool ranges from 225.4.4.1 to 225.4.4.16. On PE-B, GE2.1 belongs to VPN-BLUE instance, and GE1 and Loopback1 belong to the public network instance. On PE-C, GE3.1 and Loopback2 belong to VPN-BLUE instance, and GE1 and Loopback1 belong to the public network instance.
Configure OSPF on the public network. Establish a BGP peer connection and transmit all VPN routes between Loopback1 interfaces on PE-B and PE-C. Enable MPLS forwarding on the public network. Enable multicast on P. Enable multicast on the public network instance on PEB and PE-C. Enable multicast on VPN-BLUE instance on PE-B and PE-C. Enable PIM-SM on all the VPN interfaces in VPN-BLUE instance. Enable PIM-SM on all the interfaces of P and CEs, as well as public network instance interfaces of PEs. Configure Loopback1 of P as the C-BSR and C-RP of public network (serving all multicast groups). Configure Loopback2 of PE-C as the C-BSR and C-RP of VPN-BLUE (serving all multicast groups). The packets sent from CE to the PE contain the inner tag 10 and the outer tag 100.
QinQ function
Issue 01 (2011-05-30)
5-251
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. 7. 8. Configure QinQ on each CE. Configure the sub-interfaces of PE-B and PE-C with the user termination mode. Configure the MPLS/BGP VPN to ensure that the VPN works normally and unicast routes are reachable. Configure sub-interfaces for QinQ termination on the PE-B and PE-C, and bind the subinterfaces to the VPN instance. Enable multicast VPN services of integrated mode. Enable multicast and PIM in the entire network. Enable multicast of public network on PEs and Ps, and enable multicast of the VPN instances on PEs and CEs. Configure the same Share-group address, the same MTI, and the same switch-group-pool for the same VPN instance on each PE. Configure the MTI address of each PE as the IBGP peer interface address in the public network, and enable PIM on the MTI.
Data Preparation
See Table 5-8.
Procedure
Step 1 Configure the QinQ function. # Configure CE-Bb.
<HUAWEI> system-view [HUAWEI] sysname CE-Bb [CE-Bb] vlan 100 [CE-Bb-vlan100] quit [CE-Bb] interface gigabitethernet [CE-Bb-GigabitEthernet2/0/0] port [CE-Bb-GigabitEthernet2/0/0] undo [CE-Bb-GigabitEthernet2/0/0] quit [CE-Bb] interface gigabitethernet [CE-Bb-GigabitEthernet1/0/0] port [CE-Bb-GigabitEthernet1/0/0] undo [CE-Bb-GigabitEthernet1/0/0] quit
2/0/0 trunk allow-pass vlan 100 shutdown 1/0/0 vlan-stacking outside-vlan 10 stack-vlan 100 shutdown
# Configure CE-Bc.
<HUAWEI> system-view [HUAWEI] sysname CE-Bc [CE-Bc] vlan 100 [CE-Bc-vlan100] quit [CE-Bc] interface gigabitethernet [CE-Bc-GigabitEthernet2/0/0] port [CE-Bc-GigabitEthernet2/0/0] undo [CE-Bc-GigabitEthernet2/0/0] quit [CE-Bc] interface gigabitethernet [CE-Bc-GigabitEthernet1/0/0] port [CE-Bc-GigabitEthernet1/0/0] undo [CE-Bc-GigabitEthernet1/0/0] quit
Step 2 Configure the interface with the user termination mode. # Configure PE-B.
<HUAWEI> system-view [HUAWEI] sysname PE-B [PE-B] interface gigabitethernet 2/0/0 [PE-B-GigabitEthernet2/0/0] mode user-termination [PE-B-GigabitEthernet2/0/0] undo shutdown [PE-B-GigabitEthernet2/0/0] quit
# Configure PE-C
<HUAWEI> system-view [HUAWEI] sysname PE-C [PE-C] interface gigabitethernet 3/0/0 [PE-C-GigabitEthernet3/0/0] mode user-termination [PE-C-GigabitEthernet3/0/0] undo shutdown [PE-C-GigabitEthernet3/0/0] quit
Step 3 Configure PE-B. # Configure an ID for PE-B, enable multicast in the public network, configure MPLS LSR-ID, and enable LDP.
[PE-B] router id 1.1.1.2 [PE-B] multicast routing-enable [PE-B] mpls lsr-id 1.1.1.2 [PE-B] mpls [PE-B-mpls] quit [PE-B] mpls ldp [PE-B-mpls-ldp] quit
# Set the service mode of the SPUC to be Tunnel mode.Enable multicast VPN services on the SPUC of the PE. Suppose that the SPUC is in slot 4, the configuration is as follows:
[PE-B] <PE-B> <PE-B> [PE-B] quit set board-type slot 4 tunnel system-view multicast-vpn slot 4
# Create VPN BLUE instance and enter the VPN instance view. Configure VPN IPv4 prefix and create the egress and ingress routes for the instance. Enable IP multicast and configure ShareGroup. Specify an MTI bound to the VPN instance and the range of the switch-address-pool.
[PE-B] ip vpn-instance BLUE [PE-B-vpn-instance-BLUE] route-distinguisher 200:1 [PE-B-vpn-instance-BLUE] vpn-target 200:1 export-extcommunity [PE-B-vpn-instance-BLUE] vpn-target 200:1 import-extcommunity [PE-B-vpn-instance-BLUE] multicast routing-enable [PE-B-vpn-instance-BLUE] multicast-domain share-group 239.2.2.2 binding mtunnel 1 [PE-B-vpn-instance-BLUE] multicast-domain switch-group-pool 225.4.4.1 28
# Enable LDP and PIM-SM on the interface GE 1/0/0 in the public network.
[PE-B] interface gigabitethernet 1/0/0 [PE-B-GigabitEthernet1/0/0] ip address 192.168.7.1 24 [PE-B-GigabitEthernet1/0/0] pim sm [PE-B-GigabitEthernet1/0/0] mpls [PE-B-GigabitEthernet1/0/0] mpls ldp
# Bind the interface GE 2/0/0.1 to VPN BLUE instance, and enable PIM-SM.
[PE-B] interface gigabitethernet 2/0/0.1 [PE-B-GigabitEthernet2/0/0.1] ip binding vpn-instance BLUE [PE-B-GigabitEthernet2/0/0.1] ip address 10.110.3.1 24 [PE-B-GigabitEthernet2/0/0.1] pim sm [PE-B-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination [PE-B-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10
# Assign an IP address for the interface Loopback1, and enable PIM-SM.

[PE-B] interface loopback 1
Issue 01 (2011-05-30)
5-253
[PE-B-LoopBack1] ip address 1.1.1.2 32 [PE-B-LoopBack1] pim sm [PE-B-LoopBack1] quit
# Assign an IP address for MTI1. The address of MTI1 is the same as that of the interface Loopback1. Enable PIM-SM on the interface.
[PE-B] interface MTunnel 1 [PE-B-MTunnel1] ip address 1.1.1.2 32 [PE-B-MTunnel1] pim sm
# Configure BGP, OSPF, and RIP.

[PE-B] bgp 100 [PE-B-bgp] group VPN-G internal [PE-B-bgp] peer VPN-G connect-interface LoopBack1 [PE-B-bgp] peer 1.1.1.3 group VPN-G [PE-B-bgp] ipv4-family vpn-instance BLUE [PE-B-bgp-BLUE] import-route rip 3 [PE-B-bgp-BLUE] import-route direct [PE-B-bgp-BLUE] quit [PE-B-bgp] ipv4-family vpnv4 [PE-B-bgp-af-vpnv4] peer VPN-G enable [PE-B-bgp-af-vpnv4] peer 1.1.1.3 group VPN-G [PE-B-bgp-af-vpnv4] quit [PE-B-bgp] quit [PE-B] ospf 1 [PE-B-ospf-1] area 0.0.0.0 [PE-B-ospf-1-area-0.0.0.0] network 1.1.1.2 0.0.0.0 [PE-B-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.255.255 [PE-B-ospf-1-area-0.0.0.0] quit [PE-B-ospf-1] quit [PE-B] rip 3 vpn-instance BLUE [PE-B-rip-3] network 10.0.0.0 [PE-B-rip-3] import-route bgp cost 3
Step 4 Configure PE-C. # Configure an ID for PE-C, enable IP multicast of the public network, configure MPLS LSRID, and enable LDP.
[PE-C] router id 1.1.1.3 [PE-C] multicast routing-enable [PE-C] mpls lsr-id 1.1.1.3 [PE-C] mpls [PE-C-mpls] quit [PE-C] mpls ldp [PE-C-mpls-ldp] quit
# Set the service mode of the SPUC to be Tunnel mode.Enable multicast VPN services on the SPUC of the PE. Suppose that the SPUC is in slot 4, the configuration is as follows:
[PE-C] <PE-C> <PE-C> [PE-C] quit set board-type slot 4 tunnel system-view multicast-vpn slot 4
# Create VPN RED instance and enter the VPN instance view. Configure VPN IPv4 prefix and create egress and ingress routes for the instance. Enable IP multicast and configure Share-Group. Specify an MTI bound to the VPN instance and the range of the switch-addres-pool.
[PE-C] ip vpn-instance RED [PE-C-vpn-instance-RED] route-distinguisher 100:1 [PE-C-vpn-instance-RED] vpn-target 100:1 export-extcommunity [PE-C-vpn-instance-RED] vpn-target 100:1 import-extcommunity [PE-C-vpn-instance-RED] multicast routing-enable [PE-C-vpn-instance-RED] multicast-domain share-group 239.1.1.1 binding mtunnel 0 [PE-C-vpn-instance-RED] multicast-domain switch-group-pool 225.2.2.1 28
5-254
Issue 01 (2011-05-30)
# Create VPN BLUE instance and enter the VPN instance view. Configure the VPN IPv4 prefix and create egress and ingress routes for the instance. Enable IP multicast and configure ShareGroup. Specify an MTI bound to the VPN instance and the range of the switch-address-pool.
[PE-C] ip vpn-instance BLUE [PE-C-vpn-instance-BLUE] route-distinguisher 200:1 [PE-C-vpn-instance-BLUE] vpn-target 200:1 export-extcommunity [PE-C-vpn-instance-BLUE] vpn-target 200:1 import-extcommunity [PE-C-vpn-instance-BLUE] multicast routing-enable [PE-C-vpn-instance-BLUE] multicast-domain share-group 239.2.2.2 binding mtunnel 1 [PE-C-vpn-instance-BLUE] multicast-domain switch-group-pool 225.4.4.1 28
# Enable LDP and PIM-SM on the interface GE 1/0/0 in the public network.
[PE-C] interface gigabitethernet 1/0/0 [PE-C-GigabitEthernet1/0/0] ip address 192.168.8.1 24 [PE-C-GigabitEthernet1/0/0] pim sm [PE-C-GigabitEthernet1/0/0] mpls [PE-C-GigabitEthernet1/0/0] mpls ldp
# Bind the interface GigabitEthernet3/0/0.1 to VPN BLUE instance, and enable PIM-SM.
[PE-C] interface gigabitethernet 3/0/0.1 [PE-C-GigabitEthernet3/0/0.1] ip binding vpn-instance BLUE [PE-C-GigabitEthernet3/0/0.1] ip address 10.110.6.1 24 [PE-C-GigabitEthernet3/0/0.1] pim sm [PE-C-GigabitEthernet3/0/0.1] control-vid 1 qinq-termination [PE-C-GigabitEthernet3/0/0.1] qinq termination pe-vid 100 ce-vid 10
# Assign an IP address for the interface Loopback1, and enable PIM-SM.

[PE-C] interface [PE-C-LoopBack1] [PE-C-LoopBack1] [PE-C-LoopBack1] loopback 1 ip address 1.1.1.3 32 pim sm quit
# Assign the an IP address for MTI1. The address of MTI1 is the same as that of the interface Loopback1. Enable PIM-SM on the interface.
[PE-C]interface MTunnel 1 [PE-C-MTunnel1] ip address 1.1.1.3 32 [PE-C-MTunnel1] pim sm
# Bind the interface Loopback2 to VPN BLUE instance, and enable PIM-SM.
[PE-C] interface [PE-C-LoopBack2] [PE-C-LoopBack2] [PE-C-LoopBack2] loopback 2 ip binding vpn-instance BLUE pim sm quit
# Configure the interface Loopback2 as the C-BSR and the C-RP of VPN-BLUE.
[PE-C] pim vpn-instance BLUE [PE-C-pim-blue] c-bsr Loopback2 [PE-C-pim-blue] c-rp Loopback2 [PE-C-pim-blue] quit
# Enable BGP, OSPF, and RIP.

[PE-C] bgp 100 [PE-C-bgp] group VPN-G internal [PE-C-bgp] peer VPN-G connect-interface LoopBack1 [PE-C-bgp] peer 1.1.1.2 group VPN-G [PE-C-bgp] ipv4-family vpn-instance BLUE [PE-C-bgp-BLUE] import-route rip 3 [PE-C-bgp-BLUE] import-route direct [PE-C-bgp-BLUE] quit [PE-C-bgp] ipv4-family vpnv4 [PE-C-bgp-af-vpnv4] peer VPN-G enable
Issue 01 (2011-05-30)
5-255
[PE-C-bgp-af-vpnv4] peer 1.1.1.2 group VPN-G [PE-C-bgp-af-vpnv4] quit [PE-C-bgp] quit [PE-C] ospf 1 [PE-C-ospf-1] area 0.0.0.0 [PE-C-ospf-1-area-0.0.0.0] network 1.1.1.3 0.0.0.0 [PE-C-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.255.255 [PE-C-ospf-1-area-0.0.0.0] quit [PE-C-ospf-1] quit [PE-C] rip 3 vpn-instance BLUE [PE-C-rip] network 10.0.0.0 [PE-C-rip] import-route bgp cost 3
Step 5 Configure P. # Enable multicast in the public network, configure MPLS LSR ID, and enable LDP.
[P] multicast routing-enable [P] mpls lsr-id 2.2.2.2 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit
# Enable LDP and PIM-SM on GE 2/0/0 in the public network.

[P] interface gigabitethernet 2/0/0 [P-GigabitEthernet2/0/0] ip address 192.168.7.2 24 [P-GigabitEthernet2/0/0] pim sm [P-GigabitEthernet2/0/0] mpls [P-GigabitEthernet2/0/0] mpls ldp
# Enable LDP and PIM-SM on GE 3/0/0 in the public network.

[P] interface gigabitethernet 3/0/0 [P-GigabitEthernet3/0/0] ip address 192.168.8.2 24 [P-GigabitEthernet3/0/0] pim sm [P-GigabitEthernet3/0/0] mpls [P-GigabitEthernet3/0/0] mpls ldp
# Assign an IP address for the interface Loopback1 and enable PIM-SM.

[P] interface [P-LoopBack1] [P-LoopBack1] [P-LoopBack1] loopback 1 ip address 2.2.2.2 32 pim sm quit
# Configure the interface Loopback1 as the C-BSR and C-RP of the public network instance.
[P] pim [P-pim] c-bsr Loopback1 [P-pim] c-rp Loopback1
# Configure OSPF.
[P] ospf 1 [P-ospf-1] area 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.255.255 [P-ospf-1-area-0.0.0.0] quit
Step 6 Verify the configuration. After the preceding configurations are complete, PC can receive multicast information from Source. ----End
Configuration Files
l Configuration file of PE-B
# sysname PE-B # router id 1.1.1.2 # multicast routing-enable # multicast-vpn slot 4 # mpls lsr-id 1.1.1.2 mpls # mpls ldp # ip vpn-instance BLUE route-distinguisher 200:1 vpn-target 200:1 export-extcommunity vpn-target 200:1 import-extcommunity multicast routing-enable multicast-domain share-group 239.2.2.2 binding MTunnel 1 multicast-domain switch-group-pool 225.4.4.0 255.255.255.240 # interface GigabitEthernet1/0/0 undo shutdown ip address 192.168.7.1 255.255.255.0 pim sm mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown mode user-termination # interface GigabitEthernet2/0/0.1 control-vid 1 qinq-termination qinq termination pe-vid 100 ce-vid 10 ip binding vpn-instance BLUE ip address 10.110.3.1 255.255.255.0 pim sm # interface LoopBack1 ip address 1.1.1.2 255.255.255.255 pim sm # interface MTunnel1 ip binding vpn-instance BLUE ip address 1.1.1.2 255.255.255.255 pim sm # bgp 100 group VPN-G internal peer VPN-G connect-interface LoopBack1 peer 1.1.1.3 as-number 100 peer 1.1.1.3 group VPN-G # ipv4-family unicast undo synchronization peer VPN-G enable peer 1.1.1.3 enable peer 1.1.1.3 group VPN-G # ipv4-family vpnv4 policy vpn-target peer VPN-G enable peer 1.1.1.3 enable peer 1.1.1.3 group VPN-G
Issue 01 (2011-05-30)
5-257
# ipv4-family vpn-instance BLUE import-route rip 3 import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.2 0.0.0.0 network 192.168.0.0 0.0.255.255 # rip 3 vpn-instance blue network 10.0.0.0 import-route bgp cost 3 # return
Configuration file of PE-C

# sysname PE-C # router id 1.1.1.3 # multicast routing-enable # multicast-vpn slot 4 # mpls lsr-id 1.1.1.3 mpls # mpls ldp # ip vpn-instance BLUE route-distinguisher 200:1 vpn-target 200:1 export-extcommunity vpn-target 200:1 import-extcommunity multicast routing-enable multicast-domain share-group 239.2.2.2 binding MTunnel 1 multicast-domain switch-group-pool 225.4.4.0 255.255.255.240 # interface GigabitEthernet1/0/0 undo shutdown ip address 192.168.8.1 255.255.255.0 pim sm mpls mpls ldp # interface GigabitEthernet3/0/0 undo shutdown mode user-termination # interface GigabitEthernet3/0/0.1 control-vid 1 qinq-termination qinq termination pe-vid 100 ce-vid 10 ip binding vpn-instance BLUE ip address 10.110.6.1 255.255.255.0 pim sm # interface LoopBack1 ip address 1.1.1.3 255.255.255.255 pim sm # interface LoopBack2 ip binding vpn-instance BLUE ip address 33.33.33.33 255.255.255.255 pim sm # pim vpn-instance BLUE c-bsr LoopBack2 c-rp LoopBack2 #
5-258
Issue 01 (2011-05-30)
interface MTunnel1 ip binding vpn-instance BLUE ip address 1.1.1.3 255.255.255.255 pim sm # bgp 100 group VPN-G internal peer VPN-G connect-interface LoopBack1 peer 1.1.1.2 as-number 100 peer 1.1.1.2 group VPN-G # ipv4-family unicast undo synchronization peer VPN-G enable peer 1.1.1.2 enable peer 1.1.1.2 group VPN-G # ipv4-family vpnv4 policy vpn-target peer VPN-G enable peer 1.1.1.2 enable peer 1.1.1.2 group VPN-G # ipv4-family vpn-instance BLUE import-route rip 3 import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.3 0.0.0.0 network 192.168.0.0 0.0.255.255 # rip 3 vpn-instance BLUE network 10.0.0.0 import-route bgp cost 3 # return
# sysname P # multicast routing-enable # mpls lsr-id 2.2.2.2 mpls # mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip address 192.168.7.2 255.255.255.0 pim sm mpls mpls ldp # interface GigabitEthernet3/0/0 undo shutdown ip address 192.168.8.2 255.255.255.0 pim sm mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 pim sm # pim c-bsr Loopback1 c-rp Loopback1
Issue 01 (2011-05-30)
5-259
# ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 192.168.0.0 0.0.255.255 # return
Configuration file of CE-Bb

# sysname CE-Bb # multicast routing-enable # interface GigabitEthernet1/0/0 undo shutdown portswitch port vlan-stacking outside-vlan 10 stack-vlan 100 # interface GigabitEthernet2/0/0 undo shutdown portswtich port trunk allow-pass vlan 100 # return
Configuration file of CE-Bc

# sysname CE-Bc # multicast routing-enable # interface GigabitEthernet1/0/0 undo shutdown portswitch port vlan-stacking outside-vlan 10 stack-vlan 100 # interface GigabitEthernet2/0/0 undo shutdown portswitch port trunk allow-pass vlan 100 # return
5.15.25 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support MPLS TE
Sub-interfaces for QinQ VLAN tag termination support MPLS TE only when the CX600 runs IS-IS. Each sub-interface can be configured with only one pair of tags.
As shown in Figure 5-31, CE1 is connected to the PEs through Switch 1. QinQ is configured on Switch 1 so that the outer VLAN tag with the VLAN ID as 100 is added to a user packet from CE1. The public VLAN IDs are thus saved. Then, a user packet sent from Switch 1 to PE1 carries double VLAN tags. CE2 is connected to the PEs through Switch 2. QinQ is configured on Switch 2 so that the outer VLAN tag with the VLAN ID as 100 is added to a user packet from CE2. Then, a user packet sent from Switch 2 to PE2 carries double VLAN tags. It is required that VLAN swap be configured on GE 1/0/0 of PE1 to implement the swap of inner and outer VLAN tags, and GE 1/0/0.1 for QinQ VLAN tag termination be configured to support MPLS TE. It is also required that VLAN swap be configured on GE 1/0/0 of PE2 to implement
the swap of inner and outer VLAN tags, and GE 1/0/0.1 for QinQ VLAN tag termination be configured to support MPLS TE. Then, the user networks connected to CE1 and CE2 can communicate. A TE tunnel is set up between PE1 and PE2 by using RSVP-TE.
NOTE
In the scenario where sub-interfaces for QinQ VLAN tag termination are configured to support MPLS TE, IS-IS must be adopted as the routing protocol. When configuring sub-interfaces for QinQ VLAN tag termination to support MPLS TE, note that the subinterfaces transmit packets with a specified inner VLAN tag and a specified outer VLAN tag.
Figure 5-31 Networking for configuring the sub-interface for QinQ VLAN tag termination to support MPLS TE
Loopback1 1.1.1.9/32 PE1 GE1/0/0.1 100.1.1.1/24 GE2/0/0 Loopback1 2.2.2.9/32 GE1/0/0.1 100.1.1.2/24 GE2/0/0 PE2
GE1/0/0 Switch1 GE1/0/1 CE1
GE1/0/0 Switch2 GE1/0/1
CE2 VLAN 10
VLAN 10
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure the mode of QinQ interfaces on PE1 and PE2 as user termination. Run IS-IS on the backbone network. Configure basic MPLS functions on the backbone network. Configure VLAN swap on PE1 and PE2 to implement the swap of inner and outer VLAN tags. Configure the basic Layer 2 forwarding function on Switch 1 and Switch 2. Set up an MPLS TE tunnel between PE1 and PE2.
Data Preparation
l l l
Names of the interfaces connecting the PEs to the CEs IP addresses of the sub-interfaces on the PEs VLAN IDs of the sub-interfaces for QinQ VLAN tag termination
Procedure
Step 1 Configure the mode of QinQ interfaces on PE1 and PE2 as user termination. # Configure PE1.
# Configure PE2.
Step 2 Configure VLAN swap on PE1 and PE2, and the VLANs whose frames can pass through PE1 and PE2. # Configure PE1.
[PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] vlan-swap enable [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] portswitch [PE1-GigabitEthernet2/0/0] port trunk allow-pass vlan 100 [PE1-GigabitEthernet2/0/0] undo shutdown [PE1-GigabitEthernet2/0/0] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] vlan-swap enable [PE2-GigabitEthernet1/0/0] quit [PE2] interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] portswitch [PE2-GigabitEthernet2/0/0] port trunk allow-pass vlan 100 [PE2-GigabitEthernet2/0/0] undo shutdown [PE2-GigabitEthernet2/0/0] quit
Step 3 Configure the sub-interfaces for QinQ VLAN tag termination on PE1 and PE2. # Configure PE1.
[PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] control-vid 1 qinq-termination [PE1-GigabitEthernet1/0/0.1] qinq termination pe-vid 10 ce-vid 100 [PE1-GigabitEthernet1/0/0.1] arp broadcast enable [PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/0.1 [PE2-GigabitEthernet1/0/0.1] control-vid 1 qinq-termination [PE2-GigabitEthernet1/0/0.1] qinq termination pe-vid 10 ce-vid 100
5-262
Issue 01 (2011-05-30)
[PE2-GigabitEthernet1/0/0.1] arp broadcast enable [PE2-GigabitEthernet1/0/0.1] quit
Step 4 Configure IGP over the MPLS backbone network. IS-IS is used as the IGP protocol in this example. # Configure PE1.
[PE1] isis 100 [PE1-isis-100] network-entity 00.0005.0000.0000.0001.00 [PE1-isis-100] is-level level-2 [PE1-isis-100] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] ip address 100.1.1.1 24 [PE1-GigabitEthernet1/0/0.1] isis enable 100 [PE1-GigabitEthernet1/0/0.1] quit [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] isis enable 100 [PE1-LoopBack1] quit
# Configure PE2.
[PE2] isis 100 [PE2-isis-100] network-entity 00.0005.0000.0000.0002.00 [PE2-isis-100] is-level level-2 [PE2-isis-100] quit [PE2] interface gigabitethernet 1/0/0.1 [PE2-GigabitEthernet1/0/0.1] ip address 100.1.1.2 24 [PE2-GigabitEthernet1/0/0.1] isis enable 100 [PE2-GigabitEthernet1/0/0.1] quit [PE2] interface loopback 1 [PE2-LoopBack1] ip address 2.2.2.9 32 [PE2-LoopBack1] isis enable 100 [PE2-LoopBack1] quit
Step 5 Enable basic MPLS functions, MPLS TE, and RSVP-TE on PE1 and PE2 on the MPLS backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] mpls te [PE1-mpls] mpls rsvp-te [PE1-mpls] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] mpls [PE1-GigabitEthernet1/0/0.1] mpls te [PE1-GigabitEthernet1/0/0.1] mpls rsvp-te [PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.9 [PE2] mpls [PE2-mpls] mpls te [PE2-mpls] mpls rsvp-te [PE2-mpls] quit [PE2] interface gigabitethernet 1/0/0.1 [PE2-GigabitEthernet1/0/0.1] mpls [PE2-GigabitEthernet1/0/0.1] mpls te [PE2-GigabitEthernet1/0/0.1] mpls rsvp-te [PE2-GigabitEthernet1/0/0.1] quit
Step 6 Configure IS-IS TE. # Configure PE1.

[PE1] isis 100 [PE1-isis-100] cost-style wide [PE1-isis-100] traffic-eng level-2 [PE1-isis-100] quit
# Configure PE2.
[PE2] isis 100 [PE2-isis-100] cost-style wide [PE2-isis-100] traffic-eng level-2 [PE2-isis-100] quit
Step 7 Configure MPLS TE tunnel interfaces. # On the ingress of the tunnel, create a tunnel interface and set the IP address, tunnel protocol, destination IP address, tunnel ID, and dynamic signaling protocol for the tunnel interface. Then, run the mpls te commit command to commit the configuration. Advertise the routes of the tunnel interface, ensuring that traffic is transmitted through the TE tunnel. # Configure PE1.
[PE1] interface tunnel 1/0/0 [PE1-Tunnel1/0/0] ip address unnumbered interface loopback 1 [PE1-Tunnel1/0/0] tunnel-protocol mpls te [PE1-Tunnel1/0/0] destination 2.2.2.9 [PE1-Tunnel1/0/0] mpls te tunnel-id 10 [PE1-Tunnel1/0/0] mpls te singal-protocol rsvp-te [PE1-Tunnel1/0/0] mpls te igp shortcut isis [PE1-Tunnel1/0/0] mpls te igp metric absolute 1 [PE1-Tunnel1/0/0] mpls te commit [PE1-Tunnel1/0/0] isis enable 100 [PE1-Tunnel1/0/0] quit
After the configuration, run the display interface tunnel command on PE1. You can view that the tunnel is Up.
[PE1] display interface tunnel Tunnel1/0/0 current state : UP Line protocol current state : UP Last line protocol up time : 2009-06-04 14:58:51 Description: Tunnel1/0/0 Interface Route Port,The Maximum Transmit Unit is 1500 Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 2.2.2.9 Tunnel up/down statistics 1 Tunnel protocol/transport MPLS/MPLS, ILM is available, primary tunnel id is 0x1008001, secondary tunnel id is 0x0 300 seconds output rate 0 bits/sec, 0 packets/sec 0 seconds output rate 0 bits/sec, 0 packets/sec 0 packets output, 0 bytes 0 output error
Run the display mpls te tunnel-interface command on PE1. You can view details about the tunnel.
[PE1-Tunnel1/0/0] display mpls te tunnel-interface Tunnel Name : Tunnel1/0/0 Tunnel State Desc : CR-LSP is Up Tunnel Attributes : Session ID : 10 Ingress LSR ID : 1.1.1.9 Egress LSR ID: Admin State : UP Oper State : Signaling Protocol : RSVP Tie-Breaking Policy : None Metric Type : Car Policy : Disabled Bfd Cap : BypassBW Flag : Not Supported BypassBW Type : Bypass BW :
2.2.2.9 UP None None -
5-264
Issue 01 (2011-05-30)
Retry Limit : 5 Reopt : Disabled Auto BW : Disabled Current Collected BW: Min BW : Tunnel Group : Primary Interfaces Protected: Excluded IP Address : Is On Radix-Tree : Yes Primary Tunnel : Backup Tunnel : Group Status : Up IPTN InLabel : BackUp Type : None Secondary HopLimit : BestEffort HopLimit : Secondary Explicit Path Name: Secondary Affinity Prop/Mask: 0x0/0x0 BestEffort Affinity Prop/Mask: 0x0/0x0 Primary LSP ID : 1.1.1.9:1 Setup Priority : 7 Affinity Prop/Mask : 0x0/0x0 CT0 Bandwidth(Kbit/sec) : 0 CT2 Bandwidth(Kbit/sec) : 0 CT4 Bandwidth(Kbit/sec) : 0 CT6 Bandwidth(Kbit/sec) : 0 Actual Bandwidth(kbps): Explicit Path Name : Record Route : Disabled Route Pinning : Disabled FRR Flag : Disabled IdleTime Remain : Retry Int Reopt Freq : :
2 sec -
Auto BW Freq : Max BW :
Referred LSP Count: Pri Tunn Sum : Oam Status BestEffort : : Up
Disabled
CT1 CT3 CT5 CT7
Hold Priority: 7 Resv Style : SE Bandwidth(Kbit/sec) : Bandwidth(Kbit/sec) : Bandwidth(Kbit/sec) : Bandwidth(Kbit/sec) : Hop Limit : Record Label :
0 0 0 0
Disabled
Step 8 Configure the Layer 2 forwarding function. # Configure Switch 1. Create VLAN 100 on Switch 1 and configure GE 1/0/1 on Switch 1 to add the outer VLAN tag with the VLAN ID as 100 to a packet from VLAN 10. Specify GE 1/0/0 as a trunk interface and configure it to allow the packets from VLAN 100 to pass through.
# Configure Switch 2. Create VLAN 100 on Switch 2 and configure GE 1/0/1 on Switch 2 to add the outer VLAN tag with the VLAN ID as 100 to a packet from VLAN 10. Specify GE 1/0/0 as a trunk interface and configure it to allow the packets from VLAN 100 to pass through.
<HUAWEI> system-view [HUAWEI] sysname Switch2 [Switch2] vlan 100 [Switch2-vlan100] quit [Switch2] interface gigabitethernet 1/0/0 [Switch2-GigabitEthernet1/0/0] port trunk allow-pass vlan 100 [Switch2-GigabitEthernet1/0/0] undo shutdown
Issue 01 (2011-05-30)
5-265
[Switch2-GigabitEthernet1/0/0] quit [Switch2] interface gigabitethernet 1/0/1 [Switch2-GigabitEthernet1/0/1] port vlan-stacking outside-vlan 10 stack-vlan 100 [Switch2-GigabitEthernet1/0/1] undo shutdown [Switch2-GigabitEthernet1/0/1] quit
Step 9 Verify the configuration. After the configuration, CE1 and CE2 can communicate. You can view the ARP entries on the PEs. Take the command output on PE1 as an example.
[PE1] display arp all IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC -----------------------------------------------------------------------------100.1.1.1 00e0-fc7f-7258 I GE1/0/0.1 100.1.1.2 00e0-fcc8-1b31 9 DF1 GE1/0/0.1 10/100
----End
Configuration Files
l Configuration file of Switch 1
# sysname Switch1 vlan batch 100 # interface GigabitEthernet1/0/0 port trunk allow-pass vlan 10 # interface GigabitEthernet1/0/1 port vlan-stacking outside-vlan 10 stack-vlan 100 # return

# sysname Switch2 vlan batch 100 # interface GigabitEthernet1/0/0 port trunk allow-pass vlan 10 # interface GigabitEthernet1/0/1 port vlan-stacking outside-vlan 10 stack-vlan 100 # return

# sysname PE1 # mpls lsr-id 1.1.1.9 mpls mpls te mpls rsvp-te # isis 100 is-level level-2 cost-style wide network-entity 00.0005.0000.0000.0001.00 traffic-eng level-2 # interface GigabitEthernet1/0/0 undo shutdown portswitch
5-266
Issue 01 (2011-05-30)
mode user-termination vlan-swap enable # interface GigabitEthernet2/0/0 undo shutdown portswitch port trunk allow-pass vlan 100 # interface GigabitEthernet1/0/0.1 control-vid 1 qinq-termination qinq termination pe-vid 10 ce-vid 100 ip address 100.1.1.1 24 isis enable 100 mpls mpls te mpls rsvp-te arp broadcast enable # interface loopback 1 ip address 1.1.1.9 255.255.255.255 isis enable 100 # interface tunnel 1/0/0 ip address unnumbered interface loopback 1 tunnel-protocol mpls te destination 2.2.2.9 mpls te tunnel-id 10 mpls te singal-protocol rsvp-te mpls te igp shortcut isis mpls te igp metric absolute 1 mpls te commit isis enable 100 # return

# sysname PE2 # mpls lsr-id 2.2.2.9 mpls mpls te mpls rsvp-te # isis 100 is-level level-2 cost-style wide network-entity 00.0005.0000.0000.0002.00 traffic-eng level-2 # interface GigabitEthernet1/0/0 undo shutdown portswitch mode user-termination vlan-swap enable # interface GigabitEthernet2/0/0 undo shutdown portswitch port trunk allow-pass vlan 100 # interface GigabitEthernet1/0/0.1 control-vid 1 qinq-termination qinq termination pe-vid 10 ce-vid 100 ip address 100.1.1.2 24 isis enable 100 mpls mpls te mpls rsvp-te arp broadcast enable
Issue 01 (2011-05-30)
5-267
# interface loopback 1 ip address 2.2.2.9 255.255.255.255 isis enable 100 # return
5.15.26 Example for Configuring the User-Side QinQ

When the CX600 is connected to users through two switches, the switch adjacent to users adds an inner tag to each user packet (or remove the inner tag from each user packet) and the switch adjacent to the CX600 adds an outer tag to each user packet (or remove the outer tag from each user packet). Users access the switch through BAS interfaces.
NOTE
User-Side QinQ cannot be configured on the X1 and X2 models of the CX600.
Figure 5-32 shows the networking. l l l The CX device is connected to two switches, namely, Switch A and Switch B. Switch A, which is close to the user, is tagged with VLAN. Switch B, which is close to the CX device, is tagged with QinQ VLAN.
Figure 5-32 Networking of configuring user-side QinQ VLAN

User1
VlAN 100 VLAN 200 GE1/0/8.1 192.168.10.1/24 QinQ 400
Switch A User2
Switch B
CX600
The configuration roadmap is as follows: 1. 2. Create a QinQ VLAN on the sub-interface. Configure the BAS interface.
Data Preparation
To complete the configuration, you need the following data: l l VLAN ID and QinQ VLAN ID Authentication mode on the sub-interface
Procedure
Step 1 Create a QinQ VLAN on the sub-interface.
<HUAWEI> system-view [HUAWEI] interface gigabitethernet 1/0/8.1 [HUAWEI-GigabitEthernet1/0/8.1] user-vlan 100 qinq 400 [HUAWEI-GigabitEthernet1/0/8.1] user-vlan 200 qinq 400 [HUAWEI-GigabitEthernet1/0/8.1] quit [HUAWEI] interface gigabitethernet 1/0/8 [HUAWEI-GigabitEthernet1/0/8] undo shutdown
Step 2 Configure the BAS interface. # Configure the BAS interface and set the access type on the interface to layer-2 access.
[HUAWEI-GigabitEthernet1/0/8.1] bas [HUAWEI-GigabitEthernet1/0/8.1] access-type layer2-subscriber
# Set the authentication mode on the interface to PPP authentication.

[HUAWEI-GigabitEthernet1/0/8.1] authentication-method ppp [HUAWEI-GigabitEthernet1/0/8.1] quit
# Bind the sub-interface to a virtual template.

[HUAWEI-GigabitEthernet1/0/8.1] pppoe-server bind virtual-template 1
----End
Configuration Files
Configuration file of the CX device
# sysname HUAWEI # interface GigabitEthernet1/0/8 undo shutdown # interface GigabitEthernet1/0/8.1 pppoe-server bind Virtual-Template 1 user-vlan 100 qinq 400 user-vlan 200 qinq 400 bas access-type layer2-subscriber authentication-method ppp # return
5.15.27 Example for Configuring VLAN+802.1p for L2VPN Access (on a Sub-interface for Dot1q VLAN Tag Termination)
In this networking, PE1 receives tagged packets with different 802.1p priorities; a sub-interface for Dot1q VLAN tag termination and VLAN+802.1p are configured on the interface at the AC side of PE1; the sub-interface for Dot1q VLAN tag termination is bound to different VPN instances. Packets are transmitted through different VSIs based on the 802.1p priorities of the packets. The following takes the scenario where a CSG accesses IP services as an example.
As shown in Figure 5-33, CE1 sends untagged packets to the CSG; the CSG sends packets tagged with different VLAN IDs and different 802.1p priorities to PE1. It is required that the sub-interfaces for Dot1q VLAN tag termination be configured on PEs to access the VPLS and differentiated service transmission be implemented. In such a scenario, you can deploy VLAN +802.1p on the sub-interface at the AC side of PE1 so that PE1 can differentiate services based on 802.1p priorities and hence different services can be transmitted through different PWs.
Figure 5-33 Networking diagram of VLAN+802.1p for L2VPN access (on a sub-interface for Dot1q VLAN tag termination)
VLAN 10
Loopback1 2.2.2.9/32 CE1 GE1/0/1 192.1.1.1/24 PE2 GE1/0/1.1 GE1/0/2 10.1.1.1/30 Database
GE1/0/2 CSG
GE1/0/1.1 GE1/0/1.2 GE1/0/1 PE1 GE1/0/3 Loopback1 GE1/0/1 192.1.1.4/24 1.1.1.9/32

80
80
GE1/0/2 10.1.1.2/30 GE1/0/3 20.1.1.2/30 GE1/0/2 20.1.1.1/30 GE1/0/1.1
2.1 2 p=
2.1
p= 3
Internet
CE2 VLAN 20 VLAN
PE3 Loopback1 3.3.3.9/32 PW VLAN
NOTE
L2VPN includes the VLL, PWE3, and VPLS. You can configure any one of them as required. The following takes the VPLS application as an example.
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. 7. Configure the interface mode on PEs to user termination. Run an IGP to ensure intercommunication between CX devices on the backbone network. Configure basic MPLS functions, and set up LSPs between PEs. Enable MPLS L2VPN on PEs. Set up VSIs and then configure them. Configure sub-interfaces for Dot1q VLAN tag termination on PEs, and bind the AC interfaces to VSIs. Configure the Layer 2 forwarding function on the CEs and CSG.
Data Preparation
l l l l l
IP addresses of interfaces VSI IDs on PEs (VSI IDs must be consistent) MPLS LSR IDs on PEs Names of the VSIs on PEs Names of interfaces bound to the VSIs
Procedure
Step 1 Configure basic VPLS functions. # Set up a VPLS connection between PE1 and PE2, and between PE1 and PE3, with LDP being the signaling protocol; configure the VSI names to be LDP1 and LDP2. The detailed configurations are not mentioned here. You can refer to the chapter "VPLS Configuration" in the HUAWEI CX600 Metro Services Platform Configuration Guide - VPN or the configuration files in this configuration example. Step 2 Configure the interface mode on PEs to user termination. # Configure PE1.
<PE1> system-view [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] mode user-termination [PE1-GigabitEthernet1/0/1] undo shutdown [PE1-GigabitEthernet1/0/1] quit
# Configure PE2.
# Configure PE3.
Step 3 Configure VLAN+802.1p. # Configure PE1.

[PE1] interface gigabitethernet 1/0/1.1 [PE1-GigabitEthernet1/0/1.1] control-vid 1 dot1q-termination [PE1-GigabitEthernet1/0/1.1] dot1q termination vid 10 8021p 3 [PE1-GigabitEthernet1/0/1.1] dot1q termination vid 20 8021p 3 [PE1-GigabitEthernet1/0/1.1] quit [PE1] interface gigabitethernet 1/0/1.2 [PE1-GigabitEthernet1/0/1.2] control-vid 2 dot1q-termination [PE1-GigabitEthernet1/0/1.2] dot1q termination vid 20 8021p 2 [PE1-GigabitEthernet1/0/1.2] dot1q termination vid 10 8021p 2 [PE1-GigabitEthernet1/0/1.2] quit
NOTE
On different sub-interfaces of the same main interface, if 802.1p priorities are different, the VIDs to be terminated can overlap.
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1 [PE2-GigabitEthernet1/0/1.1] control-vid 1 dot1q-termination [PE2-GigabitEthernet1/0/1.1] dot1q termination vid 10 [PE2-GigabitEthernet1/0/1.1] dot1q termination vid 20 [PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1 [PE3-GigabitEthernet1/0/1.1] control-vid 2 dot1q-termination [PE3-GigabitEthernet1/0/1.1] dot1q termination vid 10 [PE3-GigabitEthernet1/0/1.1] dot1q termination vid 20 [PE3-GigabitEthernet1/0/1.1] quit
Step 4 Configure the sub-interfaces for Dot1q VLAN tag termination on PEs, and bind AC interfaces to VSIs. # Configure PE1.
# Configure PE2.
# Configure PE3.
Step 5 Configure basic functions of the CSG. The detailed configurations are not mentioned here. It is required that the CSG support the following: l Configures the 802.1p priorities of packets through commands. l Differentiates service types (voice, data, or signal) based on timeslots in TDM or PVCs in ATM in the case that the CSG accesses non-IP services. Step 6 Configure the Layer 2 forwarding function on CEs. The detailed configurations are not mentioned here. You can refer to the configuration files in this configuration example. Step 7 Verify the configuration. Run the display dot1q information termination interface command, and you can view information about sub-interfaces for Dot1q VLAN tag termination. Take the command output on PE1 as an example.
[PE1] display dot1q information termination interface gigabitethernet 1/0/1 GigabitEthernet1/0/1.1 VSI bound Total QinQ Num: 2
5-272
Issue 01 (2011-05-30)
dot1q termination vid 10 dot1q termination vid 20 Total vlan-group Num: 0 control-vid 1 dot1q-termination GigabitEthernet1/0/1.2 VSI bound Total QinQ Num: 2 dot1q termination vid 10 dot1q termination vid 20 Total vlan-group Num: 0 control-vid 2 dot1q-termination
After the preceding configurations, run the display vsi name ldp1 verbose command on PE1, and you can view that a PW to PE2 is set up for a VSI named ldp1 and the VSI is in the Up state.
[PE1] display vsi name ldp1 verbose ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Diffserv Mode Service Class Color DomainId Domain Name Ignore AcState Create Time VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID Broadcast Tunnel ID CKey NKey StpEnable PwIndex Interface Name State Last Up Time Total Up Time **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID Broadcast Tunnel ID Ckey Nkey Main PW Token Slave PW Token Tnl Type OutInterface Stp Enable : : : : : : : : : : : : : : 2.2.2.9 up 30720 30720 label 0x810004 0x810004 0x2 0x1 0x810004 0x0 LSP GigabitEthernet1/0/2 0 : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : ldp1 no disable 0 ldp static unqualify vlan 1500 uniform --255 disable 0 days, 0 hours, 15 minutes, 35 seconds up 1 2.2.2.9 30720 dynamic up 0x810004 0x810004 2 1 0 0 GigabitEthernet1/0/1.1 up 2009/09/02 08:46:56 0 days, 0 hours, 3 minutes, 12 seconds
Issue 01 (2011-05-30)
5-273
Mac Flapping PW Last Up Time PW Total Up Time
: 0 : 2009/09/02 08:47:35 : 0 days, 0 hours, 2 minutes, 33 seconds
[PE1] display interface gigabitethernet1/0/1 vlan 10 Sub-Interface VlanPolicy ----------------------------------------------------------GE1/0/1.1 8021p 3 GE1/0/1.2 8021p 2 ----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2 [PE1] display interface GigabitEthernet1/0/1 vlan 20 Sub-Interface VlanPolicy ----------------------------------------------------------GE1/0/1.1 8021p 3 GE1/0/1.2 8021p 2 ----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 20 Sub-Interface num: 2
----End
Configuration Files
# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 1 peer 2.2.2.9 # vsi ldp2 static pwsignal ldp vsi-id 2 peer 3.3.3.9 # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.1 control-vid 1 dot1q-termination dot1q termination vid 10 8021p 3 dot1q termination vid 20 8021p 3 l2 binding vsi ldp1 # interface GigabitEthernet1/0/1.2 control-vid 2 dot1q-termination dot1q termination vid 10 8021p 2 dot1q termination vid 20 8021p 2 l2 binding vsi ldp2 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.2 255.255.255.252
5-274
Issue 01 (2011-05-30)
mpls mpls ldp # interface GigabitEthernet1/0/3 undo shutdown ip address 20.1.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.3 network 20.1.1.0 0.0.0.3 # return

# sysname PE2 # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 1 peer 1.1.1.9 # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.1 control-vid 1 dot1q-termination dot1q termination vid 10 dot1q termination vid 20 l2 binding vsi ldp1 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.3 # return

# sysname PE3 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn
Issue 01 (2011-05-30)
5-275
# vsi ldp2 static pwsignal ldp vsi-id 2 peer 1.1.1.9 # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.1 control-vid 2 dot1q-termination dot1q termination vid 10 dot1q termination vid 20 l2 binding vsi ldp2 # interface GigabitEthernet1/0/2 undo shutdown ip address 20.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 20.1.1.0 0.0.0.3 # return


5.15.28 Example for Configuring VLAN+EthType for L2VPN Access (on a Sub-interface for Dot1q VLAN Tag Termination)
In this networking, PE1 receives tagged packets with different EthTypes; a sub-interface for Dot1q VLAN tag termination and VLAN+EthType are configured on the interface at the AC side of PE1; the sub-interface for Dot1q VLAN tag termination is bound to different VSIs. Packets are transmitted through different VSIs based on the EthTypes of the packets.
As shown in Figure 5-34, CEs send untagged packets to Switch 1; Switch 1 sends packets tagged with different VLAN IDs and different EthTypes to PE1. It is required that the sub-interfaces
for Dot1q VLAN tag termination be configured on PEs to access the VPLS and differentiated service transmission be implemented. In such a scenario, you can deploy VLAN+EthType on the sub-interface at the AC side of PE1 so that PE1 can differentiate services based on EthType fields and hence different services can be transmitted through different PWs. Figure 5-34 Networking diagram of VLAN+EthType for L2VPN access (on a sub-interface for Dot1q VLAN tag termination)
Loopback1 2.2.2.9/32 PE2 CE1 GE1/0/1 192.1.1.1/24 GE1/0/2 GE1/0/1.1 GE1/0/1.2 GE1/0/1 PE1 GE1/0/3 Loopback1 1.1.1.9/32 GE1/0/1 192.1.1.4/24 CE2 GE1/0/1.1 GE1/0/2 10.1.1.1/30 Video/BTV VOD Platform
Switch1
PP Po E
E IPo
NOTE

Issue 01 (2011-05-30)
VLAN 10 VLAN 20
GE1/0/2 10.1.1.2/30 GE1/0/3 20.1.1.2/30 GE1/0/2 20.1.1.1/30 GE1/0/1.1 PE3 Loopback1 3.3.3.9/32
Internet
VLAN
PW
VLAN
Configure the interface mode on PEs to user termination. Run an IGP to ensure intercommunication between CX devices on the backbone network. Configure basic MPLS functions, and set up LSPs between PEs. Enable MPLS L2VPN on PEs. Set up VSIs and then configure them. Configure sub-interfaces for Dot1q VLAN tag termination on PEs and bind AC interfaces to VSIs. Configure the Layer 2 forwarding function on CEs.
Data Preparation
To complete the configuration, you need the following data: l l l l l IP addresses of interfaces VSI IDs on PEs (VSI IDs must be consistent) MPLS LSR IDs on PEs Names of the VSIs on PEs Names of interfaces bound to the VSIs
Procedure
# Configure PE2.
# Configure PE3.
Step 3 Configure VLAN+EthType. # Configure PE1.

[PE1] interface gigabitethernet 1/0/1.1 [PE1-GigabitEthernet1/0/1.1] control-vid 1 dot1q-termination [PE1-GigabitEthernet1/0/1.1] dot1q terminatio vid 10 eth-type pppoe [PE1-GigabitEthernet1/0/1.1] dot1q terminatio vid 20 eth-type pppoe [PE1-GigabitEthernet1/0/1.1] quit [PE1] interface gigabitethernet 1/0/1.2 [PE1-GigabitEthernet1/0/1.2] control-vid 2 dot1q-termination [PE1-GigabitEthernet1/0/1.2] dot1q terminatio vid 10 default [PE1-GigabitEthernet1/0/1.2] dot1q terminatio vid 20 default [PE1-GigabitEthernet1/0/1.2] quit
5-278
Issue 01 (2011-05-30)
NOTE
On different sub-interfaces of the same main interface, if the types of encapsulated Ethernet protocols are different, the VIDs to be terminated can overlap.
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1 [PE2-GigabitEthernet1/0/1.1] control-vid 1 dot1q-termination [PE2-GigabitEthernet1/0/1.1] dot1q terminatio vid 10 [PE2-GigabitEthernet1/0/1.1] dot1q terminatio vid 20 [PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
<PE3> system-view [PE3] interface gigabitethernet 1/0/1.1 [PE3-GigabitEthernet1/0/1.1] control-vid 2 dot1q-termination [PE3-GigabitEthernet1/0/1.1] dot1q terminatio vid 10 [PE3-GigabitEthernet1/0/1.1] dot1q terminatio vid 20 [PE3-GigabitEthernet1/0/1.1] quit
Step 4 Configure the sub-interfaces for Dot1q VLAN tag termination on PEs and bind AC interfaces to VSIs. # Configure PE1.
# Configure PE2.
# Configure PE3.
Step 5 Configure the Layer 2 forwarding function on Switch 1. # Configure Switch 1. The detailed configurations are not mentioned here. For detailed configuration of the switch, refer to the related configuration guide.
NOTE
Switch 1 sends packets tagged with different VLAN IDs and EthTypes to PE1.
Step 6 Configure the Layer 2 forwarding function on CEs. The detailed configurations are not mentioned here. You can refer to the configuration files in this configuration example. Step 7 Verify the configuration.
Run the display dot1q information termination interface command, and you can view information about sub-interfaces for Dot1q VLAN tag termination. Take the command output on PE1 as an example.
[PE1] display dot1q information termination interface gigabitethernet 1/0/1 GigabitEthernet1/0/1.1 VSI bound Total QinQ Num: 2 dot1q termination vid 10 dot1q termination vid 20 Total vlan-group Num: 0 control-vid 1 dot1q-termination GigabitEthernet1/0/1.2 VSI bound Total QinQ Num: 2 dot1q termination vid 10 dot1q termination vid 20 Total vlan-group Num: 0 control-vid 2 dot1q-termination
After the preceding configurations, run the display vsi name ldp1 verbose command on PE1, and you can view that a PW to PE2 is set up for a VSI named ldp1 and the VSI is in the Up state.
[PE1] display vsi name ldp1 verbose ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Diffserv Mode Service Class Color DomainId Domain Name Ignore AcState Create Time VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID Broadcast Tunnel ID CKey NKey StpEnable PwIndex Interface Name State Last Up Time Total Up Time **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type : : : : : 2.2.2.9 up 30720 30720 label : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : ldp1 no disable 0 ldp static unqualify vlan 1500 uniform --255 disable 0 days, 0 hours, 15 minutes, 35 seconds up 1 2.2.2.9 30720 dynamic up 0x810004 0x810004 2 1 0 0 GigabitEthernet1/0/1.1 up 2009/09/02 08:46:56 0 days, 0 hours, 3 minutes, 12 seconds
5-280
Issue 01 (2011-05-30)
Tunnel ID Broadcast Tunnel ID Ckey Nkey Main PW Token Slave PW Token Tnl Type OutInterface Stp Enable Mac Flapping PW Last Up Time PW Total Up Time : : : : : : : : : : : :
0x810004 0x810004 0x2 0x1 0x810004 0x0 LSP GigabitEthernet1/0/2 0 0 2009/09/02 08:47:35 0 days, 0 hours, 2 minutes, 33 seconds
[PE1] display interface gigabitethernet1/0/1 vlan 10 Sub-Interface VlanPolicy ----------------------------------------------------------GE1/0/1.1 eth-type PPPOE GE1/0/1.2 default ----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2 [PE1] display interface GigabitEthernet1/0/1 vlan 20 Sub-Interface VlanPolicy ----------------------------------------------------------GE1/0/1.1 default GE1/0/1.2 eth-type PPPOE ----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 20 Sub-Interface num: 2
----End
Configuration Files
# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 1 peer 2.2.2.9 # vsi ldp2 static pwsignal ldp vsi-id 2 peer 3.3.3.9 # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.1 control-vid 1 dot1q-termination dot1q termination vid 10 eth-type pppoe dot1q termination vid 20 eth-type pppoe l2 binding vsi ldp1 #
Issue 01 (2011-05-30)
5-281
interface GigabitEthernet1/0/1.2 control-vid 2 dot1q-termination dot1q termination vid 10 default dot1q termination vid 20 default l2 binding vsi ldp2 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.2 255.255.255.252 mpls mpls ldp # interface GigabitEthernet1/0/3 undo shutdown ip address 20.1.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.3 network 20.1.1.0 0.0.0.3 # return

# sysname PE2 # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 1 peer 1.1.1.9 # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.1 control-vid 1 dot1q-termination dot1q termination vid 10 dot1q termination vid 20 l2 binding vsi ldp1 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.3
5-282
Issue 01 (2011-05-30)
# return



Issue 01 (2011-05-30)
5-283
5.15.29 Example for Configuring VLAN+DSCP for L2VPN Access (on a Sub-interface for Dot1q VLAN Tag Termination)
In this networking, PE1 receives tagged packets with different DSCP values; a sub-interface for Dot1q VLAN tag termination and VLAN+DSCP are configured on the interface at the AC side of PE1; the sub-interface for Dot1q VLAN tag termination is bound to different VSIs. Packets are transmitted through different VSIs based on the DSCP values of the packets. The following takes the scenario where a CSG accesses IP services as an example.
As shown in Figure 5-35, CE1 sends untagged packets to the CSG; the CSG sends packets tagged with different VLAN IDs and different DSCP values to PE1. It is required that subinterfaces for Dot1q VLAN tag termination be configured on PEs to access the L2VPN and differentiated service transmission be implemented. In such a scenario, you can deploy VLAN +DSCP on the sub-interfaces at the AC side of PEs so that PEs can differentiate services based on DSCP values and hence different services can be transmitted through different PWs.
NOTE
Figure 5-35 Networking diagram of VLAN+DSCP for L2VPN access (on a sub-interface for Dot1q VLAN tag termination)
VLAN 10
Loopback1 2.2.2.9/32 CE1 PE2 GE1/0/1.1 GE1/0/2 10.1.1.1/30 Database
GE1/0/2 CSG
GE1/0/1.1 GE1/0/1.2 GE1/0/1 PE1 GE1/0/3 Loopback1 GE1/0/1 192.1.1.4/24 1.1.1.9/32
DS CP
CP DS =2
GE1/0/1 192.1.1.1/24
=3
GE1/0/2 10.1.1.2/30 GE1/0/3 20.1.1.2/30 GE1/0/2 20.1.1.1/30 GE1/0/1.1
Internet
CE2 VLAN 20 VLAN
5-284
Issue 01 (2011-05-30)
NOTE
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. 7. Configure the interface mode on PEs to user termination. Run an IGP to ensure intercommunication between CX devices on the backbone network. Configure basic MPLS functions, and set up LSPs between PEs. Enable MPLS L2VPN on PEs. Set up VSIs and then configure them. Configure sub-interfaces for Dot1q VLAN tag termination on PEs and bind AC interfaces to VSIs. Configure the basic Layer 2 forwarding function on the CSG.
Data Preparation
To complete the configuration, you need the following data: l l l l l IP addresses of interfaces VSI IDs on PEs (VSI IDs must be consistent) MPLS LSR IDs on PEs Names of the VSIs on PEs Names of interfaces bound to the VSIs
Procedure
# Configure PE2.
<PE2> system-view [PE2] interface gigabitethernet 1/0/1 [PE2-GigabitEthernet1/0/1] mode user-termination [PE2-GigabitEthernet1/0/1] undo shutdown
Issue 01 (2011-05-30)
5-285
[PE2-GigabitEthernet1/0/1] quit
# Configure PE3.
Step 3 Configuring VLAN+DSCP. # Configure PE1.

[PE1] interface gigabitethernet 1/0/1.1 [PE1-GigabitEthernet1/0/1.1] control-vid 1 dot1q-termination [PE1-GigabitEthernet1/0/1.1] dot1q terminatio vid 10 dscp 3 [PE1-GigabitEthernet1/0/1.1] dot1q terminatio vid 20 dscp 3 [PE1-GigabitEthernet1/0/1.1] quit [PE1] interface gigabitethernet 1/0/1.2 [PE1-GigabitEthernet1/0/1.2] control-vid 2 dot1q-termination [PE1-GigabitEthernet1/0/1.2] dot1q terminatio vid 10 dscp 2 [PE1-GigabitEthernet1/0/1.2] dot1q terminatio vid 20 dscp 2 [PE1-GigabitEthernet1/0/1.2] quit
NOTE
On different sub-interfaces of the same main interface, if DSCP values are different, the VIDs to be terminated can overlap.
# Configure PE2.
# Configure PE3.
Step 4 Configure the sub-interfaces for Dot1q VLAN tag termination on PEs and bind AC interfaces to VSIs. # Configure PE1.
# Configure PE2.
# Configure PE3.
[PE3] interface gigabitethernet 1/0/0.1
5-286
Issue 01 (2011-05-30)
Step 5 Configure basic functions of the CSG. The detailed configurations are not mentioned here. It is required that the CSG support the following: l Configures the DSCP values of packets through commands. l Differentiates service types (voice, data, or signal) based on timeslots in TDM or PVCs in ATM in the case that the CSG accesses non-IP services. Step 6 Configure the Layer 2 forwarding function on CEs. The detailed configurations are not mentioned here. You can refer to the configuration files in this configuration example. Step 7 Verify the configuration. Run the display dot1q information termination interface command, and you can view information about sub-interfaces for Dot1q VLAN tag termination. Take the command output on PE1 as an example.
[PE1] display dot1q information termination interface gigabitethernet 1/0/1 GigabitEthernet1/0/1.1 VSI bound Total QinQ Num: 2 dot1q termination vid 10 dot1q termination vid 20 Total vlan-group Num: 0 control-vid 1 dot1q-termination GigabitEthernet1/0/1.2 VSI bound Total QinQ Num: 2 dot1q termination vid 10 dot1q termination vid 20 Total vlan-group Num: 0 control-vid 2 dot1q-termination
After the preceding configurations, run the display vsi name ldp1 verbose command on PE1, and you can view that a PW to PE2 is set up for a VSI named ldp1, and the VSI is in the Up state.
[PE1] display vsi name ldp1 verbose ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Diffserv Mode Service Class Color DomainId Domain Name Ignore AcState Create Time VSI State VSI ID : : : : : : : : : : : : : : : : : ldp1 no disable 0 ldp static unqualify vlan 1500 uniform --255 disable 0 days, 0 hours, 15 minutes, 35 seconds up
: 1
Issue 01 (2011-05-30)
5-287
*Peer Router ID VC Label Peer Type Session Tunnel ID Broadcast Tunnel ID CKey NKey StpEnable PwIndex Interface Name State Last Up Time Total Up Time **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID Broadcast Tunnel ID Ckey Nkey Main PW Token Slave PW Token Tnl Type OutInterface Stp Enable Mac Flapping PW Last Up Time PW Total Up Time : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 2.2.2.9 30720 dynamic up 0x810004 0x810004 2 1 0 0
Run the display interface vlan command, and you can view all the sub-interfaces with the specified VLAN ID on a main interface. Take the command output on PE1 as an example.
[PE1] display interface gigabitethernet1/0/1 vlan 10 Sub-Interface VlanPolicy ----------------------------------------------------------GE1/0/1.1 dscp 3 GE1/0/1.2 dscp 2 ----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2 [PE1] display interface GigabitEthernet1/0/1 vlan 20 Sub-Interface VlanPolicy ----------------------------------------------------------GE1/0/1.1 dscp 3 GE1/0/1.2 dscp 2 ----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 20 Sub-Interface num: 2
----End
Configuration Files
# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn
5-288
Issue 01 (2011-05-30)
# vsi ldp1 static pwsignal ldp vsi-id 1 peer 2.2.2.9 # vsi ldp2 static pwsignal ldp vsi-id 2 peer 3.3.3.9 # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.1 control-vid 1 dot1q-termination dot1q termination vid 10 dscp 3 dot1q termination vid 20 dscp 3 l2 binding vsi ldp1 # interface GigabitEthernet1/0/1.2 control-vid 2 dot1q-termination dot1q termination vid 10 8021p 2 dot1q termination vid 20 8021p 2 l2 binding vsi ldp2 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.2 255.255.255.252 mpls mpls ldp # interface GigabitEthernet1/0/3 undo shutdown ip address 20.1.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.3 network 20.1.1.0 0.0.0.3 # return

# sysname PE2 # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 1 peer 1.1.1.9 # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown
Issue 01 (2011-05-30)
5-289
mode user-termination # interface GigabitEthernet1/0/1.1 control-vid 1 dot1q-termination dot1q termination vid 10 dot1q termination vid 20 l2 binding vsi ldp1 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.3 # return


# sysname CE1 #
5-290
Issue 01 (2011-05-30)
interface GigabitEthernet1/0/1 undo shutdown ip address 192.1.1.1 255.255.255.0 # return

5.15.30 Example for Configuring QinQ Stacking Sub-interface +802.1p for L2VPN Access
In this networking, PE1 receives tagged packets with different 802.1p priorities; QinQ stacking +802.1p is configured on the sub-interface at the AC side of PE1 so that an outer VLAN tag of the ISP network is added to packets on the sub-interface; the sub-interface is bound to different VSIs for L2VPN access. Packets are transmitted through different VSIs based on the 802.1p priorities of the packets. The following takes the scenario where a CSG accesses IP services as an example.
As shown in Figure 5-36, the CSG sends packets tagged with different VLAN IDs and different 802.1p priorities to PE1. It is required that QinQ stacking sub-interfaces be configured on PEs to access the L2VPN and differentiated service transmission be implemented. In such a scenario, you can deploy QinQ stacking+802.1p on the sub-interfaces at the AC side of PEs so that PEs can differentiate services based on the 802.1p priorities and hence different services can be transmitted through different PWs.
Issue 01 (2011-05-30)
5-291
Figure 5-36 Networking diagram of QinQ stacking sub-interface+802.1p-based L2VPN access
VLAN 10
GE1/0/2 CSG
GE1/0/1.1 GE1/0/1 GE1/0/1.2 QinQ PE1 Stacking GE1/0/3 GE1/0/1 192.1.1.4/24 Loopback1 1.1.1.9/32
80
80
GE1/0/2 10.1.1.2/30 GE1/0/3 20.1.1.2/30 GE1/0/2 20.1.1.1/30 GE1/0/1.1
2.1 2 p=
2.1
p= 3
Internet
CE2 VLAN 20 VLAN
NOTE
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. 7. Configure the interface mode on PEs to user termination. Run an IGP to ensure intercommunication between CX devices on the backbone network. Configure basic MPLS functions, and set up LSPs between PEs. Enable MPLS L2VPN on PEs. Set up VSIs and then configure them. Configure QinQ stacking sub-interfaces on PEs and bind AC interfaces to VSIs. Configure the basic Layer 2 forwarding function on the CSG.
Data Preparation
5-292
IP addresses of interfaces
l l l l
VSI IDs on PEs (VSI IDs must be consistent) MPLS LSR IDs on PEs Names of the VSIs on PEs Names of interfaces bound to the VSIs
Procedure
# Configure PE2.
# Configure PE3.
Step 3 Configure QinQ stacking+802.1p, and bind AC interfaces to VSIs. # Configure PE1.
<PE1> system-view [PE1] interface gigabitethernet 1/0/1.1 [PE1-GigabitEthernet1/0/1.1] qinq stacking vid 10 [PE1-GigabitEthernet1/0/1.1] qinq stacking vid 20 [PE1-GigabitEthernet1/0/1.1] l2 binding vsi ldp1 [PE1-GigabitEthernet1/0/1.1] quit [PE1] interface gigabitethernet 1/0/1.2 [PE1-GigabitEthernet1/0/1.2] qinq stacking vid 10 [PE1-GigabitEthernet1/0/1.2] qinq stacking vid 20 [PE1-GigabitEthernet1/0/1.2] l2 binding vsi ldp2 [PE1-GigabitEthernet1/0/1.2] quit
8021p 3 8021p 3
8021p 2 8021p 2
# Configure PE2.
<PE2> system-view [PE2] interface gigabitethernet 1/0/1.1 [PE2-GigabitEthernet1/0/1.1] qinq stacking vid 10 [PE2-GigabitEthernet1/0/1.1] qinq stacking vid 20 [PE2-GigabitEthernet1/0/1.1] l2 binding vsi ldp1
Issue 01 (2011-05-30)
5-293
# Configure PE3.
<PE3> system-view [PE3] interface gigabitethernet 1/0/1.1 [PE3-GigabitEthernet1/0/1.1] qinq stacking vid 10 [PE3-GigabitEthernet1/0/1.1] qinq stacking vid 20 [PE3-GigabitEthernet1/0/1.1] l2 binding vsi ldp2 [PE3-GigabitEthernet1/0/1.1] quit
NOTE
Packets sent from the CSG to PE1 carry VLAN tags with different 802.1p priorities.
Step 5 Configure the Layer 2 forwarding function on CEs. The detailed configurations are not mentioned here. You can refer to the configuration files in this configuration example. Step 6 Verify the configuration. Run the display qinq information stacking interface command, and you can view configurations of QinQ stacking sub-interfaces. Take the command output on PE1 as an example.
<PE1> display qinq information stacking interface gigabitethernet 1/0/1 GigabitEthernet1/0/1.1 Total QinQ Num: 2 qinq stacking vid 10 qinq stacking vid 20 Total vlan-group Num: 0 GigabitEthernet1/0/1.2 Total QinQ Num: 2 qinq stacking vid 10 qinq stacking vid 20 Total vlan-group Num: 0
<PE1> display vsi name ldp1 verbose ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Diffserv Mode Service Class Color DomainId : : : : : : : : : : : : : ldp1 no disable 0 ldp static unqualify vlan 1500 uniform --255
5-294
Issue 01 (2011-05-30)
Domain Name Ignore AcState Create Time VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID Broadcast Tunnel ID CKey NKey StpEnable PwIndex Interface Name State Last Up Time Total Up Time **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID Broadcast Tunnel ID Ckey Nkey Main PW Token Slave PW Token Tnl Type OutInterface Stp Enable Mac Flapping PW Last Up Time PW Total Up Time : : : : : : : : : : : : : : : : :
: : disable : 0 days, 0 hours, 6 minutes, 31 seconds : up : : : : : : : : : : : : : : : 1 2.2.2.9 30720 dynamic up 0x810004 0x810004 2 1 0 0 GigabitEthernet1/0/1.1 up 2009/09/02 12:22:04 0 days, 0 hours, 1 minutes, 1 seconds
Run the display interface vlan command, and you can view the matching policy with the specified VLAN ID on a specified interface. Take the command output on PE1 as an example.
<PE1> display interface gigabitethernet1/0/1 vlan 10 Interface VlanPolicy ----------------------------------------------------------GE1/0/1.1 8021p 3 GE1/0/1.2 8021p 2 ----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
1 ----End
Configuration Files
# sysname PE1 # mpls lsr-id 1.1.1.9 mpls #
Issue 01 (2011-05-30)
5-295
mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 1 peer 2.2.2.9 # vsi ldp2 static pwsignal ldp vsi-id 2 peer 3.3.3.9 # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.1 qinq stacking vid 10 8021p 3 qinq stacking vid 20 8021p 3 l2 binding vsi ldp1 # interface GigabitEthernet1/0/1.2 qinq stacking vid 10 8021p 2 qinq stacking vid 20 8021p 2 l2 binding vsi ldp2 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.2 255.255.255.252 mpls mpls ldp # interface GigabitEthernet1/0/3 undo shutdown ip address 20.1.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.3 network 20.1.1.0 0.0.0.3 network 1.1.1.9 0.0.0.3 # return

# sysname PE2 # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 1 peer 1.1.1.9 # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown mode user-termination
5-296
Issue 01 (2011-05-30)
# interface GigabitEthernet1/0/1.1 qinq stacking vid 10 qinq stacking vid 20 l2 binding vsi ldp1 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.3 # return

# sysname PE3 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # vsi ldp2 static pwsignal ldp vsi-id 2 peer 1.1.1.9 # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.1 qinq stacking vid 10 qinq stacking vid 20 l2 binding vsi ldp2 # interface GigabitEthernet1/0/2 undo shutdown ip address 20.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 20.1.1.0 0.0.0.3 # return

# sysname CE1 # interface GigabitEthernet1/0/1 undo shutdown ip address 192.1.1.1 255.255.255.0
Issue 01 (2011-05-30)
5-297
# return

5.15.31 Example for Configuring Stacking Sub-interface+EthType for L2VPN Access

In this networking, PE1 receives tagged packets with different EthTypes; QinQ stacking +EthType is configured on the sub-interface at the AC side of PE1 so that an outer VLAN tag of the ISP network is added to packets on the sub-interface; the sub-interface is bound to different VSIs for L2VPN access. Packets are transmitted through different VSIs based on the EthTypes of the packets.
As shown in Figure 5-37, Switch 1 sends packets tagged with different VLAN IDs and different EthTypes to PE1. It is required that QinQ stacking sub-interfaces be configured on PEs to access the L2VPN and differentiated service transmission be implemented. In such a scenario, you can deploy QinQ stacking+EthType on the sub-interfaces at the AC side of PEs so that PEs can differentiate services based on the EthTypes and hence different services can be transmitted through different PWs.
5-298
Issue 01 (2011-05-30)
Figure 5-37 Networking diagram of QinQ stacking sub-interface+EthType-based L2VPN access
VLAN 10
GE1/0/2 Switch1
PP Po E
E IPo
GE1/0/2 10.1.1.2/30 GE1/0/3 20.1.1.2/30 GE1/0/2 20.1.1.1/30 GE1/0/1.1 PE3 Loopback1 3.3.3.9/32
Internet
CE2 VLAN 20 VLAN
PW
VLAN
NOTE
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. 7. Configure the interface mode on PEs to user termination. Run an IGP to ensure intercommunication between CX devices on the backbone network. Configure basic MPLS functions, and set up LSPs between PEs. Enable MPLS L2VPN on PEs. Set up VSIs and then configure them. Configure sub-interfaces for Dot1q VLAN tag termination on PEs and bind AC interfaces to VSIs. Configure the basic Layer 2 forwarding function on Switch 1.
Data Preparation
l l l l l
Procedure
# Configure PE2.
# Configure PE3.
Step 3 Configure QinQ stacking+EthType, and bind VSIs to AC interfaces. # Configure PE1.
eth-type pppoe eth-type pppoe
default default
# Configure PE2.
<PE2> system-view [PE2] interface gigabitethernet 1/0/1.1 [PE2-GigabitEthernet1/0/1.1] qinq stacking vid 10 [PE2-GigabitEthernet1/0/1.1] qinq stacking vid 20
5-300
Issue 01 (2011-05-30)
[PE2-GigabitEthernet1/0/1.1] l2 binding vsi ldp1 [PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
Step 4 Configure the Layer 2 forwarding function on Switch 1. # Configure Switch 1. The detailed configurations are not mentioned here. For detailed configuration of the switch, refer to the related configuration guide of the switch.
NOTE
Switch 1 sends packets tagged with different VLAN IDs and EthTypes to PE1.
Step 5 Configure the Layer 2 forwarding function on CEs. The detailed configurations are not mentioned here. You can refer to the configuration files in this configuration example. Step 6 Verify the configuration. Run the display qinq information stacking interface command, and you can view configurations of QinQ stacking sub-interfaces. Take the command output on PE1 as an example.
<PE1> display vsi name ldp1 verbose ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Diffserv Mode Service Class Color DomainId Domain Name Ignore AcState : : : : : : : : : : : : : : : ldp1 no disable 0 ldp static unqualify vlan 1500 uniform --255 disable
Issue 01 (2011-05-30)
5-301
Create Time VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID Broadcast Tunnel ID CKey NKey StpEnable PwIndex Interface Name State Last Up Time Total Up Time **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID Broadcast Tunnel ID Ckey Nkey Main PW Token Slave PW Token Tnl Type OutInterface Stp Enable Mac Flapping PW Last Up Time PW Total Up Time : : : : : : : : : : : : : : : : :
: 0 days, 0 hours, 6 minutes, 31 seconds : up : : : : : : : : : : : : : : : 1 2.2.2.9 30720 dynamic up 0x810004 0x810004 2 1 0 0 GigabitEthernet1/0/1.1 up 2009/09/02 12:22:04 0 days, 0 hours, 1 minutes, 1 seconds
Run the display interface vlan command, and you can view all the sub-interfaces with a specified VLAN ID on the main interface. Take the command output on PE1 as an example.
<PE1> display interface gigabitethernet1/0/1 vlan 10 Interface VlanPolicy ----------------------------------------------------------GE1/0/1.1 eth-type PPPOE GE1/0/1.2 default ----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
----End
Configuration Files
5-302
Issue 01 (2011-05-30)
pwsignal ldp vsi-id 1 peer 2.2.2.9 # vsi ldp2 static pwsignal ldp vsi-id 2 peer 3.3.3.9 # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.1 qinq stacking vid 10 eth-type PPPOE qinq stacking vid 20 eth-type PPPOE l2 binding vsi ldp1 # interface GigabitEthernet1/0/1.2 qinq stacking vid 10 default qinq stacking vid 20 default l2 binding vsi ldp2 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.2 255.255.255.252 mpls mpls ldp # interface GigabitEthernet1/0/3 undo shutdown ip address 20.1.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.3 network 20.1.1.0 0.0.0.3 network 1.1.1.9 0.0.0.3 # return

# sysname PE2 # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 1 peer 1.1.1.9 # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.1 qinq stacking vid 10
Issue 01 (2011-05-30)
5-303
qinq stacking vid 20 l2 binding vsi ldp1 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.3 # return


5-304
Issue 01 (2011-05-30)

5.15.32 Example for Configuring Stacking Sub-interface+DSCP for L2VPN Access

In this networking, PE1 receives tagged packets with different DSCP values; QinQ stacking +DSCP is configured on the sub-interface at the AC side of PE1 so that an outer VLAN tag of the ISP network is added to packets on the sub-interface; the sub-interface is bound to different VSIs for L2VPN access. Packets are transmitted through different VSIs based on the DSCP values of the packets. The following takes the scenario where a CSG accesses IP services as an example.
As shown in Figure 5-38, the CSG sends packets tagged with different VLAN IDs and different DSCP values to PE1. It is required that QinQ stacking sub-interfaces be configured on PEs to access the L2VPN and differentiated service transmission be implemented. In such a scenario, you can deploy QinQ stacking+DSCP on the sub-interfaces at the AC side of PEs so that PEs can differentiate services based on the DSCP values and hence different services can be transmitted through different PWs.
NOTE
The DSCP is carried in each IP packet. For correct deployment of the Stacking Sub-interface+DSCP policy, you need to ensure that the CSG accesses only IP services. If the CSG accesses non-IP services, you have to configure GRE tunnels on the CSG so that encapsulated packets can be transmitted over an IPv4 network.
Issue 01 (2011-05-30)
5-305
Figure 5-38 Networking diagram of QinQ stacking sub-interface+DSCP-based L2VPN access
VLAN 10
GE1/0/2 CSG
ds cp =3
=2 cp ds
GE1/0/2 10.1.1.2/30 GE1/0/3 20.1.1.2/30 GE1/0/2 20.1.1.1/30 GE1/0/1.1
Internet
CE2 VLAN 20 VLAN
NOTE
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. 7. Configure the interface mode on PEs to user termination. Run an IGP to ensure intercommunication between CX devices on the backbone network. Configure basic MPLS functions, and set up LSPs between PEs. Enable MPLS L2VPN on PEs. Set up VSIs and then configure them. Configure sub-interfaces for Dot1q VLAN tag termination on PEs and bind AC interfaces to VSIs. Configure the basic Layer 2 forwarding function on Switch 1.
Data Preparation
l l l l l
Procedure
# Configure PE2.
# Configure PE3.
Step 3 Configure QinQ stacking+DSCP, and bind VSIs to AC interfaces. # Configure PE1.
dscp 3 dscp 3
dscp 2 dscp 2
# Configure PE2.
<PE2> system-view [PE2] interface gigabitethernet 1/0/1.1 [PE2-GigabitEthernet1/0/1.1] qinq stacking vid 10 [PE2-GigabitEthernet1/0/1.1] qinq stacking vid 20
Issue 01 (2011-05-30)
5-307
[PE2-GigabitEthernet1/0/1.1] l2 binding vsi ldp1 [PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
Step 4 Configure basic functions of the CSG. The detailed configurations are not mentioned here. It is required that the CSG support the following: l Configures the DSCP values of packets through commands. l Differentiates service types (voice, data, or signal) based on timeslots in TDM or PVCs in ATM in the case that the CSG accesses non-IP services. Step 5 Configure the Layer 2 forwarding function on CEs. The detailed configurations are not mentioned here. You can refer to the configuration files in this configuration example. Step 6 Verify the configuration. Run the display qinq information stacking interface command, and you can view configurations of QinQ stacking sub-interfaces. Take the command output on PE1 as an example.
<PE1> display vsi name ldp1 verbose ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Diffserv Mode Service Class Color DomainId Domain Name Ignore AcState : : : : : : : : : : : : : : : ldp1 no disable 0 ldp static unqualify vlan 1500 uniform --255 disable
5-308
Issue 01 (2011-05-30)
Create Time VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID Broadcast Tunnel ID CKey NKey StpEnable PwIndex Interface Name State Last Up Time Total Up Time **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID Broadcast Tunnel ID Ckey Nkey Main PW Token Slave PW Token Tnl Type OutInterface Stp Enable Mac Flapping PW Last Up Time PW Total Up Time : : : : : : : : : : : : : : : : :
: 0 days, 0 hours, 6 minutes, 31 seconds : up : : : : : : : : : : : : : : : 1 2.2.2.9 30720 dynamic up 0x810004 0x810004 2 1 0 0 GigabitEthernet1/0/1.1 up 2009/09/02 12:22:04 0 days, 0 hours, 1 minutes, 1 seconds
Run the display interface vlan command, and you can view the matching policy with the specified VLAN ID on a specified interface. Take the command output on PE1 as an example.
<PE1> display interface gigabitethernet1/0/1 vlan 10 Interface VlanPolicy ----------------------------------------------------------GE1/0/1.1 dscp 3 GE1/0/1.2 dscp 2 ----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
----End
Configuration Files
Issue 01 (2011-05-30)
5-309
pwsignal ldp vsi-id 1 peer 2.2.2.9 # vsi ldp2 static pwsignal ldp vsi-id 2 peer 3.3.3.9 # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.1 qinq stacking vid 10 dscp 3 qinq stacking vid 20 dscp 3 l2 binding vsi ldp1 # interface GigabitEthernet1/0/1.2 qinq stacking vid 10 dscp 2 qinq stacking vid 20 dscp 2 l2 binding vsi ldp2 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.2 255.255.255.252 mpls mpls ldp # interface GigabitEthernet1/0/3 undo shutdown ip address 20.1.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.3 network 20.1.1.0 0.0.0.3 network 1.1.1.9 0.0.0.3 # return

# sysname PE2 # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 1 peer 1.1.1.9 # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.1 qinq stacking vid 10
5-310
Issue 01 (2011-05-30)
qinq stacking vid 20 l2 binding vsi ldp1 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.3 # return


Issue 01 (2011-05-30)
5-311

5.15.33 Example for Configuring VLAN+802.1p for L3VPN Access (on a Sub-interface for Dot1q VLAN Tag Termination)
In this networking, a sub-interface for Dot1q VLAN tag termination and VLAN+802.1p are configured on the interface at the AC side of a PE; the sub-interface for Dot1q VLAN tag termination is bound to different VPN instances. Packets are transmitted through different VPN instances based on the 802.1p priorities of the packets. The following takes the scenario where a CSG accesses IP services as an example.
As shown in Figure 5-39, CSG sends packets tagged with different VLAN IDs and different 802.1p priorities to PE1. It is required that sub-interfaces for Dot1q VLAN tag termination be configured on PEs to access the L3VPN and differentiated service transmission be implemented. In such a scenario, you can deploy VLAN+802.1p on the sub-interfaces at the AC side of PEs so that PEs can differentiate services based on the 802.1p priorities and hence different services can be transmitted through different VPN instances.
5-312
Issue 01 (2011-05-30)
Figure 5-39 Networking diagram of VLAN+802.1p-based L3VPN access
AS65410 VLAN 10
Loopback1 2.2.2.9/32 CE1 PE2 GE1/0/1.1 GE1/0/1.2 GE1/0/1 GE1/0/2 CE3 Database AS65420
GE1/0/2 CSG GE1/0/1 GE1/0/1.1 GE1/0/3 GE1/0/1.2
PE1
80
GE1/0/2 Loopback1 1.1.1.9/32 GE1/0/3
80
GE1/0/1
2.1
2.1 2 p=
GE1/0/1
p= 3
GE1/0/2 GE1/0/1 GE1/0/1.1 GE1/0/1.2 CE4
CE2 VLAN 20 AS65411
Internet AS65421
PE3 Loopback1 3.3.3.9/32 L3VPN AS100
Device CE1 PE1
Interface and IP Address GE1/0/1: 100.1.1.2/24 GE1/0/1: -GE1/0/1.1: 100.1.1.1/30 GE1/0/1.2: 200.1.1.1/30 GE1/0/2: 10.1.1.2/30 GE1/0/3: 20.1.1.2/30 Loopback1: 1.1.1.9/32
Device CE2 PE2
Interface and IP Address GE1/0/1: 200.1.1.2/24 GE1/0/1: -GE1/0/1.1: 100.2.1.1/30 GE1/0/2: 10.1.1.1/30 Loopback1: 2.2.2.9/32
PE3
GE1/0/1: -GE1/0/1.1: 200.2.1.1/30 GE1/0/2: 20.1.1.1/30 Loopback1: 3.3.3.9/32
CE3 CE4
GE1/0/1: 100.2.1.1/24 GE1/0/1: 200.2.1.1/24
Issue 01 (2011-05-30)
Run an IGP to ensure intercommunication between CX devices on the backbone network.

2. 3. 4. 5. 6. 7.
Configure basic MPLS functions and MPLS LDP, and set up MPLS LSPs on the backbone network. Set up LSPs between PEs. Create VPN instances on PEs and bind AC interfaces to the VPN instances. Configure the basic Layer 2 forwarding function on CSG. Configure EBGP on CEs and PEs to exchange VPN routing information. Set up MP-IBGP peer relationships between PEs.
Data Preparation
To complete the configuration, you need the following data: l l l l IP addresses of interfaces Names of the VPN instances on PEs RDs and VPN targets of the VPN instances Interfaces bound to the VPN instances
Procedure
Step 1 Configure the IP addresses of interfaces on CEs and PEs as described in Figure 5-39. The detailed configurations are not mentioned here. You can see the configuration files in this configuration example. Step 2 Configure an IGP on the MPLS backbone network. In this example, OSPF is adopted as an IGP. The detailed configurations are not mentioned here. You can see the configuration files in this configuration example. After the preceding configurations, PE1 and PE2, and PE1 and PE3 have routes discovered through OSPF to Loopback 1 of each other. PE1 and PE2, and PE1 and PE3 can ping through each other.
<PE1> display ip routing-table Routing Tables: Public Destinations : 9 Destination/Mask Proto Pre 0 10 10 0 0 0 0 0 0
Routes : 9 Cost 0 1 1 0 0 0 0 0 0 Flags NextHop D D D D D D D D D 127.0.0.1 10.1.1.1 20.1.1.1 10.1.1.2 127.0.0.1 20.1.1.2 127.0.0.1 127.0.0.1 127.0.0.1 InLoopBack0 InLoopBack0 InLoopBack0 InLoopBack0 Interface InLoopBack0
<PE1> ping 2.2.2.9 PING 2.2.2.9: 56 data bytes, press CTRL_C to break Reply from 2.2.2.9: bytes=56 Sequence=1 ttl=255 Reply from 2.2.2.9: bytes=56 Sequence=2 ttl=255 Reply from 2.2.2.9: bytes=56 Sequence=3 ttl=255 Reply from 2.2.2.9: bytes=56 Sequence=4 ttl=255 Reply from 2.2.2.9: bytes=56 Sequence=5 ttl=255
5-314
Issue 01 (2011-05-30)
--- 2.2.2.9 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 90/96/120 ms
Step 3 Enable basic MPLS functions and LDP on the MPLS backbone network. The detailed configurations are not mentioned here. You can refer to the configuration files in this configuration example. After the preceding configurations, MPLS LSPs are successfully created, and LDP sessions are set up between PE1 and PE2 and between PE1 and PE3. Run the display mpls ldp session command, and you can view that the Status field is displayed as Operational.
<PE1> display mpls ldp session LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. -----------------------------------------------------------------------------PeerID Status LAM SsnRole SsnAge KASent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 0000:00:00 3/3 3.3.3.9:0 Operational DU Passive 0000:00:00 2/2 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found.
Step 4 Configure VPN instances. # Configure PE1.

# Configure PE2.
# Configure PE3.
Step 5 Configure the interface mode on PE1 to user termination. # Configure PE1.
# Configure PE2.
# Configure PE3.
Step 6 Configure VLAN+802.1p, and bind sub-interfaces for Dot1q VLAN tag termination to the VPN instances. # Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1 [PE1-GigabitEthernet1/0/1.1] control-vid 1 dot1q-termination [PE1-GigabitEthernet1/0/1.1] dot1q terminatio vid 10 8021p 3 [PE1-GigabitEthernet1/0/1.1] dot1q terminatio vid 20 8021p 3 [PE1-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet1/0/1.1] ip address 100.1.1.1 24 [PE1-GigabitEthernet1/0/1.1] arp broadcast enable [PE1-GigabitEthernet1/0/1.1] quit [PE1] interface gigabitethernet 1/0/1.2 [PE1-GigabitEthernet1/0/1.2] control-vid 2 dot1q-termination [PE1-GigabitEthernet1/0/1.2] dot1q terminatio vid 20 8021p 2 [PE1-GigabitEthernet1/0/1.2] dot1q terminatio vid 10 8021p 2 [PE1-GigabitEthernet1/0/1.2] ip binding vpn-instance vpn2 [PE1-GigabitEthernet1/0/1.2] ip address 200.1.1.1 24 [PE1-GigabitEthernet1/0/1.2] arp broadcast enable [PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1 [PE2-GigabitEthernet1/0/1.1] control-vid 1 dot1q-termination [PE2-GigabitEthernet1/0/1.1] dot1q terminatio vid 10 [PE2-GigabitEthernet1/0/1.1] dot1q terminatio vid 20 [PE2-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet1/0/1.1] ip address 100.2.1.1 24 [PE2-GigabitEthernet1/0/1.1] arp broadcast enable [PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE1] display ip vpn-instance verbose Total VPN-Instances configured : 2 VPN-Instance Name and ID : vpn1, 1 Create date : 2009/09/02 10:35:42 Up time : 0 days, 00 hours, 08 minutes and 23 seconds Route Distinguisher : 100:1 Export VPN Targets : 100:1
5-316
Issue 01 (2011-05-30)
Import VPN Targets : 100:1 Label Policy : label per route The diffserv-mode Information is : uniform The ttl-mode Information is : pipe Log Interval : 5 Interfaces : GigabitEthernet1/0/1.1 VPN-Instance Name and ID : vpn2, 2 Create date : 2009/09/02 10:36:03 Up time : 0 days, 00 hours, 08 minutes and 02 seconds Route Distinguisher : 100:2 Export VPN Targets : 100:2 Import VPN Targets : 100:2 Label Policy : label per route The diffserv-mode Information is : uniform The ttl-mode Information is : pipe Log Interval : 5 Interfaces : GigabitEthernet1/0/1.2
NOTE
Step 8 Set up EBGP peer relationships between the PEs and CEs to import VPN routes. The detailed configurations are not mentioned here. You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the HUAWEI CX600 Metro Services Platform Configuration Guide - VPN or the configuration files in this configuration example. Step 9 Set up MP-IBGP peer relationships between the PEs. The detailed configurations are not mentioned here. You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the HUAWEI CX600 Metro Services Platform Configuration Guide - VPN or the configuration files in this configuration example. Step 10 Verify the configuration. After the preceding configurations, run the display bgp peer command on the PEs, and you can view that BGP peer relationships between PEs have been established and are in the Established state. Take the command output on PE1 as an example.
Run the display ip routing-table vpn-instance command on PEs, and you can view the routes to remote CEs.

Run the display dot1q information termination command, and you can view information about the configured sub-interfaces for Dot1q VLAN tag termination. You can also view that the subinterfaces are bound to the L3VPN. Take the command output on PE1 as an example.
[PE1] display dot1q information termination interface gigabitethernet 1/0/1 GigabitEthernet1/0/1.1 L3VPN bound Total QinQ Num: 2 dot1q termination vid 10 dot1q termination vid 20 Total vlan-group Num: 0 control-vid 1 dot1q-termination GigabitEthernet1/0/1.2 L3VPN bound Total QinQ Num: 2 dot1q termination vid 10 dot1q termination vid 20 Total vlan-group Num: 0 control-vid 2 dot1q-termination
----End
Configuration Files
l
5-318

# sysname PE1 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity ip vpn-instance vpn2 route-distinguisher 100:2 vpn-target 100:2 export-extcommunity vpn-target 100:2 import-extcommunity # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.1 control-vid 1 dot1q-termination dot1q termination vid 10 8021p 3 dot1q termination vid 20 8021p 3 ip binding vpn-instance vpn1 ip address 100.1.1.1 255.255.255.0 arp broadcast enable # interface GigabitEthernet1/0/1.2 control-vid 2 dot1q-termination dot1q termination vid 10 8021p 2 dot1q termination vid 20 8021p 2 ip binding vpn-instance vpn2 ip address 200.1.1.1 255.255.255.0 arp broadcast enable # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.2 255.255.255.252 mpls mpls ldp # interface GigabitEthernet1/0/3 undo shutdown ip address 20.1.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable peer 3.3.3.9 enable
Issue 01 (2011-05-30)
5-319
# ipv4-family vpn-instance vpn1 import-route direct peer 10.1.1.1 as-number 100 # ipv4-family vpn-instance vpn2 import-route direct peer 20.1.1.1 as-number 65421 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.3 network 20.1.1.0 0.0.0.3 # return

# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.1 control-vid 1 dot1q-termination dot1q termination vid 10 dot1q termination vid 20 ip binding vpn-instance vpn1 ip address 100.2.1.1 255.255.255.0 arp broadcast enable # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn1 import-route direct peer 10.1.1.2 as-number 100 #
5-320
Issue 01 (2011-05-30)
ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.3 # return

# sysname PE3 # ip vpn-instance vpn2 route-distinguisher 100:2 vpn-target 100:2 export-extcommunity vpn-target 100:2 import-extcommunity # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.1 control-vid 2 dot1q-termination dot1q termination vid 10 dot1q termination vid 20 ip binding vpn-instance vpn2 ip address 200.2.1.1 255.255.255.0 arp broadcast enable # interface GigabitEthernet1/0/2 undo shutdown ip address 20.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn2 import-route direct peer 20.1.1.2 as-number 100 # ospf 1 area 0.0.0.0 network 20.1.1.0 0.0.0.3 network 3.3.3.9 0.0.0.0 # return

# sysname CE1
Issue 01 (2011-05-30)
5-321
# interface GigabitEthernet1/0/1.1 undo shutdown ip address 100.1.1.2 255.255.255.0 bgp 65410 peer 100.1.1.1 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 100.1.1.1 enable # return



5-322
Issue 01 (2011-05-30)
5.15.34 Example for Configuring VLAN+DSCP for L3VPN Access (on a Sub-interface for Dot1q VLAN Tag Termination)
In this networking, PE1 receives tagged packets with different DSCP values; a sub-interface for Dot1q VLAN tag termination and VLAN+DSCP are configured on the interface at the AC side of PE1; the sub-interface for Dot1q VLAN tag termination is bound to different VPN instances. Packets are transmitted through different VPN instances based on the DSCP values of the packets. The following takes the scenario where a CSG accesses IP services as an example.
As shown in Figure 5-40, the CSG sends packets tagged with different VLAN IDs and different DSCP values to PE1. It is required that sub-interfaces for Dot1q VLAN tag termination be configured on PEs to access the L3VPN and differentiated service transmission be implemented. In such a scenario, you can deploy VLAN+DSCP on the sub-interfaces at the AC side of PEs so that PEs can differentiate services based on the DSCP values and hence different services can be transmitted through different VPN instances.
NOTE
Issue 01 (2011-05-30)
5-323
Figure 5-40 Networking diagram of VLAN+DSCP-based L3VPN access
AS65410 VLAN 10
Loopback1 2.2.2.9/32 CE1 PE2 GE1/0/1.1 GE1/0/1.2 GE1/0/1 GE1/0/2 CE3 Database AS65420
GE1/0/2 CSG
GE1/0/1.1 PE1 GE1/0/1GE1/0/1.2 GE1/0/3 GE1/0/1
DS CP
GE1/0/2 Loopback1 1.1.1.9/32 GE1/0/3
CP DS
GE1/0/1
CE2 VLAN 20 AS65411
GE1/0/2 GE1/0/1 GE1/0/1.1 PE3 GE1/0/1.2 CE4 Loopback1 3.3.3.9/32 L3VPN AS100
=2
=3
Internet AS65421
Device CE1 PE1
Interface and IP Address GE1/0/1: 100.1.1.2/24 GE1/0/1: -GE1/0/1.1: 100.1.1.1/30 GE1/0/1.2: 200.1.1.1/30 GE1/0/2: 10.1.1.2/30 GE1/0/3: 20.1.1.2/30 Loopback1: 1.1.1.9/32
Device CE2 PE2
Interface and IP Address GE1/0/1: 200.1.1.2/24 GE1/0/1: -GE1/0/1.1: 100.2.1.1/30 GE1/0/2: 10.1.1.1/30 Loopback1: 2.2.2.9/32
PE3
GE1/0/1: -GE1/0/1.1: 200.2.1.1/30 GE1/0/2: 20.1.1.1/30 Loopback1: 3.3.3.9/32
CE3 CE4
GE1/0/1: 100.2.1.1/24 GE1/0/1: 200.2.1.1/24
5-324
Run an IGP to ensure intercommunication between CX devices on the backbone network.

2. 3. 4. 5. 6. 7.
Configure basic MPLS functions and MPLS LDP, and set up MPLS LSPs on the backbone network. Set up LSPs between PEs. Create VPN instances on PEs and bind AC interfaces to the VPN instances. Configure the basic Layer 2 forwarding function on CSG. Configure EBGP on CEs and PEs to exchange VPN routing information. Set up MP-IBGP peer relationships between PEs.
Data Preparation
To complete the configuration, you need the following data: l l l l IP addresses of interfaces Names of the VPN instances on PEs RDs and VPN targets of the VPN instances Interfaces bound to the VPN instances
Procedure
Step 1 Configure the IP addresses of interfaces on CEs and PEs as described in Figure 5-40. The detailed configurations are not mentioned here. You can see the configuration files in this configuration example. Step 2 Configure an IGP on the MPLS backbone network. In this example, OSPF is adopted as an IGP. The detailed configurations are not mentioned here. You can see the configuration files in this configuration example. After the preceding configurations, PE1 and PE2, and PE1 and PE3 have routes discovered through OSPF to Loopback 1 of each other. PE1 and PE2, and PE1 and PE3 can ping through each other.
<PE1> display ip routing-table Routing Tables: Public Destinations : 9 Destination/Mask Proto Pre 0 10 10 0 0 0 0 0 0
Routes : 9 Cost 0 1 1 0 0 0 0 0 0 Flags NextHop D D D D D D D D D 127.0.0.1 10.1.1.1 20.1.1.1 10.1.1.2 127.0.0.1 20.1.1.2 127.0.0.1 127.0.0.1 127.0.0.1 InLoopBack0 InLoopBack0 InLoopBack0 InLoopBack0 Interface InLoopBack0
<PE1> ping 2.2.2.9 PING 2.2.2.9: 56 data bytes, press CTRL_C to break Reply from 2.2.2.9: bytes=56 Sequence=1 ttl=255 Reply from 2.2.2.9: bytes=56 Sequence=2 ttl=255 Reply from 2.2.2.9: bytes=56 Sequence=3 ttl=255 Reply from 2.2.2.9: bytes=56 Sequence=4 ttl=255 Reply from 2.2.2.9: bytes=56 Sequence=5 ttl=255
Issue 01 (2011-05-30)
5-325
Step 3 Enable basic MPLS functions and LDP on the MPLS backbone network. The detailed configurations are not mentioned here. You can see the configuration files in this configuration example. After the preceding configurations, MPLS LSPs are successfully created, and LDP sessions are set up between PE1 and PE2 and between PE1 and PE3. Run the display mpls ldp session command, and you can view that the Status field is displayed as Operational.
<PE1> display mpls ldp session LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. -----------------------------------------------------------------------------PeerID Status LAM SsnRole SsnAge KASent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 0000:00:00 3/3 3.3.3.9:0 Operational DU Passive 0000:00:00 2/2 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found.
Step 4 Configure VPN instances. # Configure PE1.

# Configure PE2.
# Configure PE3.
Step 5 Configure the interface mode on PEs to user termination. # Configure PE1.
# Configure PE2.
# Configure PE3.
Step 6 Configure VLAN+DSCP, and bind sub-interfaces for Dot1q VLAN tag termination to the VPN instances. # Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1 [PE1-GigabitEthernet1/0/1.1] control-vid 1 dot1q-termination [PE1-GigabitEthernet1/0/1.1] dot1q terminatio vid 10 dscp 3 [PE1-GigabitEthernet1/0/1.1] dot1q terminatio vid 20 dscp 3 [PE1-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet1/0/1.1] ip address 100.1.1.1 24 [PE1-GigabitEthernet1/0/1.1] arp broadcast enable [PE1-GigabitEthernet1/0/1.1] quit [PE1] interface gigabitethernet 1/0/1.2 [PE1-GigabitEthernet1/0/1.2] control-vid 2 dot1q-termination [PE1-GigabitEthernet1/0/1.2] dot1q terminatio vid 20 dscp 2 [PE1-GigabitEthernet1/0/1.2] dot1q terminatio vid 10 dscp 2 [PE1-GigabitEthernet1/0/1.2] ip binding vpn-instance vpn2 [PE1-GigabitEthernet1/0/1.2] ip address 200.1.1.1 24 [PE1-GigabitEthernet1/0/1.2] arp broadcast enable [PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1 [PE2-GigabitEthernet1/0/1.1] control-vid 1 dot1q-termination [PE2-GigabitEthernet1/0/1.1] dot1q terminatio vid 10 [PE2-GigabitEthernet1/0/1.1] dot1q terminatio vid 20 [PE2-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet1/0/1.1] ip address 100.2.1.1 24 [PE2-GigabitEthernet1/0/1.1] arp broadcast enable [PE2-GigabitEthernet1/0/1.1] arp broadcast enable [PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE1] display ip vpn-instance verbose Total VPN-Instances configured : 2 VPN-Instance Name and ID : vpn1, 1 Create date : 2009/09/02 10:35:42 Up time : 0 days, 00 hours, 08 minutes and 23 seconds Route Distinguisher : 100:1
Issue 01 (2011-05-30)
5-327
Export VPN Targets : 100:1 Import VPN Targets : 100:1 Label Policy : label per route The diffserv-mode Information is : uniform The ttl-mode Information is : pipe Log Interval : 5 Interfaces : GigabitEthernet1/0/1.1 VPN-Instance Name and ID : vpn2, 2 Create date : 2009/09/02 10:36:03 Up time : 0 days, 00 hours, 08 minutes and 02 seconds Route Distinguisher : 100:2 Export VPN Targets : 100:2 Import VPN Targets : 100:2 Label Policy : label per route The diffserv-mode Information is : uniform The ttl-mode Information is : pipe Log Interval : 5 Interfaces : GigabitEthernet1/0/1.2
Step 7 Configure basic functions of the CSG. The detailed configurations are not mentioned here. It is required that the CSG support the following: l Configures the DSCP values of packets through commands. l Differentiates service types (voice, data, or signal) based on timeslots in TDM or PVCs in ATM in the case the CSG accesses non-IP services. Step 8 Set up the EBGP peer relationships between the PEs and CEs to import VPN routes. The detailed configurations are not mentioned here. You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the HUAWEI CX600 Metro Services Platform Configuration Guide - VPN or the configuration files in this configuration example. Step 9 Set up MP-IBGP peer relationships between the PEs. The detailed configurations are not mentioned here. You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the HUAWEI CX600 Metro Services Platform Configuration Guide - VPN or the configuration files in this configuration example. Step 10 Verify the configuration. After the preceding configurations, run the display bgp peer command on the PEs, and you can view that BGP peer relationships between PEs have been established and are in the Established state. Take the command output on PE1 as an example.
Run the display dot1q information termination command, and you can view information about the sub-interfaces for Dot1q VLAN tag termination. You can also find that the sub-interfaces are bound to the L3VPN. Take the command output on PE1 as an example.
[PE1] display dot1q information termination interface gigabitethernet 1/0/1 GigabitEthernet1/0/1.1 L3VPN bound Total QinQ Num: 2 dot1q termination vid 10 dot1q termination vid 20 Total vlan-group Num: 0 control-vid 1 dot1q-termination GigabitEthernet1/0/1.2 L3VPN bound Total QinQ Num: 2 dot1q termination vid 10 dot1q termination vid 20 Total vlan-group Num: 0 control-vid 2 dot1q-termination
[PE1] display interface gigabitethernet1/0/1 vlan 10 Interface VlanPolicy ----------------------------------------------------------GE1/0/1.2 dscp 2 GE1/0/1.1 dscp 3 ----------------------------------------------------------Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
----End
Configuration Files
# sysname PE1
Issue 01 (2011-05-30)
5-329
# ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity ip vpn-instance vpn2 route-distinguisher 100:2 vpn-target 100:2 export-extcommunity vpn-target 100:2 import-extcommunity # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.1 control-vid 1 dot1q-termination dot1q termination vid 10 dscp 3 dot1q termination vid 20 dscp 3 ip binding vpn-instance vpn1 ip address 100.1.1.1 255.255.255.0 arp broadcast enable # interface GigabitEthernet1/0/1.2 control-vid 2 dot1q-termination dot1q termination vid 10 dscp 2 dot1q termination vid 20 dscp 2 ip binding vpn-instance vpn2 ip address 200.1.1.1 255.255.255.0 arp broadcast enable # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.2 255.255.255.252 mpls mpls ldp # interface GigabitEthernet1/0/3 undo shutdown ip address 20.1.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable peer 3.3.3.9 enable # ipv4-family vpn-instance vpn1
5-330
Issue 01 (2011-05-30)
import-route direct peer 10.1.1.1 as-number 100 # ipv4-family vpn-instance vpn2 import-route direct peer 20.1.1.1 as-number 65421 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.3 network 20.1.1.0 0.0.0.3 # return

# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.1 control-vid 1 dot1q-termination dot1q termination vid 10 dot1q termination vid 20 ip binding vpn-instance vpn1 ip address 100.2.1.1 255.255.255.0 arp broadcast enable # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn1 import-route direct peer 10.1.1.2 as-number 100 # ospf 1 area 0.0.0.0
Issue 01 (2011-05-30)
5-331
network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.3 # return

# sysname PE3 # ip vpn-instance vpn2 route-distinguisher 100:2 vpn-target 100:2 export-extcommunity vpn-target 100:2 import-extcommunity # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # mpls ldp # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.1 control-vid 2 dot1q-termination dot1q termination vid 10 dot1q termination vid 20 ip binding vpn-instance vpn2 ip address 200.2.1.1 255.255.255.0 arp broadcast enable # interface GigabitEthernet1/0/2 undo shutdown ip address 20.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn2 import-route direct peer 20.1.1.2 as-number 100 # ospf 1 area 0.0.0.0 network 20.1.1.0 0.0.0.3 network 3.3.3.9 0.0.0.0 # return

# sysname CE1 # interface GigabitEthernet1/0/1.1
5-332
Issue 01 (2011-05-30)
undo shutdown ip address 100.1.1.2 255.255.255.0 bgp 65410 peer 100.1.1.1 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 100.1.1.1 enable # return



Issue 01 (2011-05-30)
5-333
6 STP/RSTP Configuration
6
About This Chapter
STP/RSTP Configuration
The Spanning Tree Protocol (STP) trims a ring network into a loop-free tree network. It prevents replication and circular propagation of packets, provides multiple redundant paths for Virtual LAN (VLAN) data traffic, and enables load balancing. The Rapid Spanning Tree Protocol (RSTP) develops rapid convergence and introduces the edge port and its protection function based on STP. 6.1 STP/RSTP Overview STP is a management protocol on the data link layer. It is used to block redundant links on the Layer 2 network and trim a network into a loop-free tree. RSTP is a refinement of STP and introduces rapid convergence of the network topology. 6.2 Configuring Basic STP/RSTP Functions STP/RSTP is used to block redundant links on the Layer 2 network and trim a network into a loop-free tree topology. 6.3 Configuring STP/RSTP Parameters on an Interface A feedback mechanism is provided to confirm topology convergence. Thus, rapid convergence is implemented for RSTP. 6.4 Configuring RSTP Protection Functions RSTP protection functions are as follows, and you can configure one or more functions as required. 6.5 Configuring STP/RSTP Interoperability Between Huawei Devices and Non-Huawei Devices To supports STP/RSTP interoperability between Huawei devices and non-Huawei devices, proper parameters are required on Huawei devices running STP/RSTP to ensure nonstop communication. 6.6 Maintaining STP/RSTP STP/RSTP maintenance includes resetting STP/RSTP statistics. 6.7 Configuration Examples This section shows typical usage scenarios of STP/RSTP by describing networking requirements, configuration roadmap, and data preparation, and provides related configuration files.
Issue 01 (2011-05-30)
6-1
6.1 STP/RSTP Overview

STP is a management protocol on the data link layer. It is used to block redundant links on the Layer 2 network and trim a network into a loop-free tree. RSTP is a refinement of STP and introduces rapid convergence of the network topology. 6.1.1 STP/RSTP Overview STP/RSTP is used to block redundant links on the Layer 2 network and trim a network into a loop-free tree topology. 6.1.2 STP/RSTP Features Supported by the CX600 Before configuring STP/RSTP, familiarize yourself with the concepts of basic STP/RSTP functions, topology convergence, STP/RSTP protection, and STP/RSTP interoperability between Huawei devices and non-Huawei devices. This will help you complete the configuration task quickly and accurately.
6.1.1 STP/RSTP Overview

STP/RSTP is used to block redundant links on the Layer 2 network and trim a network into a loop-free tree topology.
Introduction
On a complex network, loops are inevitable. With the requirement for network redundancy backup, network designers tend to deploy multiple physical links between two devices, one of which is the master and the others are the backup. Loops are likely or bound to occur in such a situation. Loops will cause broadcast storms, thereby exhausting network resources and paralyzing the network. Loops also cause flapping of MAC address tables and thus damages MAC address entries. The devices running STP discover loops on the network by exchanging information with each other and trim the ring topology into a loop-free tree topology by blocking a certain interface. In this manner, replication and circular propagation of packets are prevented on the network. In addition, it is prevented that the processing performance of devices is degraded when continuously processing repeated packets. STP, however, converges the network topology slowly. In 2001, the IEEE published document 802.1w to introduce an evolution of the Spanning Tree Protocol: Rapid Spanning Tree Protocol (RSTP). RSTP is developed based on STP but outperforms STP.
Concepts
l Root bridge A tree topology must have a root. Therefore, the root bridge is introduced by STP/RSTP. There is only one root bridge on the entire STP/RSTP-capable network. The root bridge is the logical center but is unnecessarily the physical center of the entire network. The root bridge may be served by another switching device along with the network topology change. l ID There are Bridge IDs (BIDs) and port IDs (PIDs).
BID IEEE 802.1D defines that a BID is composed of a 2-bit bridge priority and a bridge MAC address. That is, BID (8 bits) = Bridge priority (2 bits) + Bridge MAC address (6 bits). On the STP-capable network, the device with the smallest BID is selected as the root bridge. The bridge priority that is allowed to be configured on a Huawei device ranges from 0 to 61440. By default, the bridge priority is 32768. PID A 16-bit PID is composed of a 4-bit port priority and a 12-bit port number. The PID is used when the designated port needs to be selected. That is, when the root path costs and the sender BIDs of two ports are the same, the port with a smaller PID is selected as the designated port. As shown in Figure 6-1, the root path costs and sender BIDs of port A and port B on S2 are the same. Port A has a smaller PID, and is thus selected as the designated port on the local segment. The port priority that can be configured on a Huawei device ranges from 0 to 240, with the step 16. That is, the port priority can be 0, 16, or 32. By default, the port priority is 128. l Path cost A path cost is port-specific, which is used by STP/RSTP as a reference to select a link. STP/RSTP calculates the path cost to select the robust link and blocks redundant links to trim the network into a loop-free tree topology. On an STP/RSTP-capable network, the accumulative cost of the path from a certain port to the root bridge is the sum of the costs of the segment paths into which the path is separated by the ports on the transit bridges. l Port roles STP-capable port Root port The root port is the port that is nearest to the root bridge. The root port is determined based on the path cost. Among all the ports where STP is enabled on the network bridge, the port with the smallest root path cost is the root port. There is only one root port on an STP-capable device, but there is no root port on the root bridge. Designated Port The designated port on a switching device forwards bridge protocol data units (BPDUs) to the downstream switching device. All ports on the root bridge are designated ports. A designated port is selected on each network segment. The device where the designated port resides is called the designated bridge on the network segment. RSTP-capable port Compared with STP, RSTP has two additional types of ports, namely, the alternate port and backup port. More port roles are defined to simplify the knowledge and deployment of STP.
Issue 01 (2011-05-30)
6-3
Figure 6-1 Diagram of port roles

CX Root bridge
S2 A
S3 A a
CX Root bridge
S2 A B b
S3 A a
Root port Designated port Alternate port Backup port
As shown in Figure 6-1, RSTP defines four port roles: root port, designated port, alternate port, and backup port. The functions of the root port and designated port are the same as those defined in STP. The description of the alternate port and backup port is as follows: From the perspective of configuration BPDU transmission: The alternate port is blocked after learning the configuration BPDUs sent by other bridges. The backup port is blocked after learning the configuration BPDUs sent by itself. From the perspective of user traffic: The alternate port backs up the root port and provides an alternate path from the designated bridge to the root bridge.
6-4
Issue 01 (2011-05-30)
The backup port backs up the designated port and provides an alternate path from the root node to the leaf node. After all ports are assigned roles, topology convergence is completed. l Port status STP port state Table 6-1 shows the port status of an STP-capable port. Table 6-1 STP port state Port state Forward ing Learnin g Purpose The port in the Forwarding state forwards not only user traffic but also BPDUs. When a port is in the Learning state, a device creates a MAC address table based on the received user traffic but does not forward user traffic. When a port is in the Listening state, the root bridge, root port, and designated port are to be selected. The port in the Blocking state receives and forwards only BPDUs but does not forward user traffic. The port in the Disabled state forwards neither BPDUs nor user traffic. Description Only the root port and designated port can enter the Forwarding state. This is a transition state, which is designed to prevent temporary loops.
Listenin g Blockin g Disabled
This is a transition state.
This is the final state of a blocked port. The port is Down.
RSTP port state Table 6-2 shows the port status of an RSTP-capable port. Table 6-2 RSTP port state Port state Forwarding Learning Description A port in the Forwarding state can send and receive BPDUs as well as forward user traffic. This is a transition state. A port in the Learning state learns MAC addresses from user traffic to construct a MAC address table. In the Learning state, the port can send and receive BPDUs, but cannot forward user traffic. Discarding A port in the Discarding state can only receive BPDUs.
Issue 01 (2011-05-30)
6-5
CAUTION
A Huawei datacom device is in MSTP mode by default. After a device experiences the transition from the MSTP mode to the STP mode, an STP-capable port supports the same port states as those supported by an MSTP-capable port, including the Forwarding, Learning, and Discarding states. For details, see Table 6-2. l Three timers Hello Timer Sets the interval at which BPDUs are sent. Forward Delay Timer Sets the time spent in the Listening and Learning states. Max Age Sets the maximum lifetime of a BPDU on the network. When the Max Age time expires, the connection to the root bridge fails.
Comparison between STP, RSTP, and MSTP

Table 6-3 shows the comparison between STP, RSTP, and MSTP. Table 6-3 Comparison between STP, RSTP, and MSTP Spanning Tree Protocol STP Characteristics Applicable Environment Irrespective of different users or services, all VLANs share one spanning tree. Precautions
A loop-free tree is generated. Thus, broadcast storms are prevented and redundancy is implemented. l A loop-free tree is generated. Thus, broadcast storms are prevented and redundancy is implemented. l A feedback mechanism is provided to confirm topology convergence. Thus, rapid convergence is implemented.
NOTE l If the current switching device supports STP and RSTP, RSTP is recommended. l If the current switching device supports STP or RSTP, and MSTP, MSTP is recommended. See MSTP Configuration.
RSTP
6-6
Issue 01 (2011-05-30)
Spanning Tree Protocol MSTP
Characteristics
Applicable Environment User or service-specific load balancing is required. Traffic for different VLANs is forwarded through different spanning trees, which are independent of each other.
Precautions
l In an MSTP region, a loop-free tree is generated. Thus, broadcast storms are prevented and redundancy is implemented. l A feedback mechanism is provided to confirm topology convergence. Thus, rapid convergence is implemented. l MSTP implements load balancing among VLANs. Traffic in different VLANs is transmitted along different paths.
6.1.2 STP/RSTP Features Supported by the CX600

Before configuring STP/RSTP, familiarize yourself with the concepts of basic STP/RSTP functions, topology convergence, STP/RSTP protection, and STP/RSTP interoperability between Huawei devices and non-Huawei devices. This will help you complete the configuration task quickly and accurately. STP/RSTP is used to block redundant links on the Layer 2 network and trim a network into a loop-free tree topology. The basic configuration roadmap of STP/RSTP is as follows: 1. Select a switching device (functioning as a root bridge) from switching devices for each spanning tree. You can configure the priorities of the switching devices to preferentially select a root bridge. In each spanning tree, calculate the shortest paths from the other switching devices to the root bridge, and select a root port for each non-root switching device. You can configure the cost of the path from a switching device to the root bridge to preferentially select a root port. In each spanning tree, select a designated port for each connection according to the bridge ID, the cost of path and port IDs. If the devices have the same bridge ID and the cost of path, You can configure the port priorities to preferentially select a designated port.
2.
3.
STP/RSTP also supports the following features to meet requirements of special applications and extended functions: l l
Issue 01 (2011-05-30)
A feedback mechanism is provided to confirm topology convergence. Thus, rapid convergence is implemented. RSTP provides the following protection functions, as listed in Table 6-4.
Supports STP/RSTP interoperability between Huawei devices and non-Huawei devices. Proper parameters are required on Huawei devices running STP/RSTP to ensure nonstop communication. Table 6-4 RSTP Protection Function Protection Function BPDU protection Scenario An edge port changes to be a non-edge port after receiving a BPDU, which triggers spanning tree recalculation. If an attacker keeps sending bogus BPDUs to a switching device, network flapping occurs. Generally, after receiving TC BPDUs (packets for advertising network topology changes), a switching device needs to delete MAC entries and ARP entries. Frequent deletion operations will exhaust CPU resources. Configuration Impact After BPDU protection is enabled on the switching device, the switching device shuts down the edge port if the edge port receives an RST BPDU, and notifies the NMS of the shutdown event. The attributes of the edge port are not changed.
TC protection
TC protection is used to suppress TCBPDUs. The number of times that TCBPDUs are processed by a switching device within a given time period is configurable. If the number of TC-BPDUs that the switching device receives within a given time exceeds the specified threshold, the switching device handles TC-BPDUs only for the specified number of times. Excess TC-BPDUs are processed by the switching device as a whole for once after the timer (that is, the specified time period) expires. This protects the switching device from frequently deleting MAC entries and ARP entries, thus avoiding over-burdened. If a designated port is enabled with the root protection function, the role of the port cannot be changed. Once a designated port that is enabled with root protection receives RST BPDUs with a higher priority, the port enters the Discarding state and does not forward packets. If the port does not receive any RST BPDUs with a higher priority before a period (generally two Forward Delay periods) expires, the port automatically enters the Forwarding state.
Root protection
Due to incorrect configurations or malicious attacks on the network, a root bridge may receive BPDUs with a higher priority. Consequently, the legitimate root bridge is no longer able to serve as the root bridge, and the network topology is illegitimately changed, triggering spanning tree recalculation. This may transfer traffic from highspeed links to low-speed links, causing traffic congestion.
6-8
Issue 01 (2011-05-30)
Protection Function Loop protection
Scenario A root port or an alternate port will age if link congestion or a one-way link failure occurs. After the root port ages, a switching device may reselect a root port incorrectly and after the alternate port ages, the port enters the Forwarding state. Loops may occur in such a situation.
Configuration Impact After loop protection is configured, if the root port or alternate port does not receive RST BPDUs from the upstream switching device for a long time, the switching device notifies the NMS that the port enters the Discarding state. The blocked port remains in the Blocked state and no longer forwards packets. This prevents loops on the network. The root port restores the Forwarding state after receiving new BPDUs.
6.2 Configuring Basic STP/RSTP Functions

STP/RSTP is used to block redundant links on the Layer 2 network and trim a network into a loop-free tree topology. STP/RSTP is commonly configured on a switching device to trim a ring network to a loop-free network. STP/RSTP configurations on the switching device involve STP/RSTP working mode configuration. If you need to interfere in the spanning tree calculation, the following methods are available: l Setting a priority for a switching device: The lower the numerical value, the higher the priority of the switching device and the more likely the switching device becomes a root bridge; the higher the numerical value, the lower the priority of the switching device and the less likely that the switching device becomes a root bridge. Setting a path cost for a port: With the same calculation method, the lower the numerical value, the smaller the cost of the path from the port to the root bridge and the more likely the port becomes a root port; the higher the numerical value, the larger the cost of the path from the port to the root bridge and the less likely that the port becomes a root port. Setting a priority for a port: The lower the numerical value, the more likely the port becomes a designated port; the higher the numerical value, the less likely that the port becomes a designated port.
6.2.1 Establishing the Configuration Task Before configuring basic STP/RSTP functions, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This will help you complete the configuration task quickly and accurately. 6.2.2 Configuring the STP/RSTP Mode Before configuring basic STP/RSTP functions, you need to configure the working mode of a switching device to STP/RSTP. RSTP is compatible with STP. 6.2.3 (Optional) Configuring Switching Device Priorities The lower the numerical value is, the higher priority a switching device has and the more likely the switching device will be selected as a root bridge. 6.2.4 (Optional) Setting the Path Cost for a Port
The STP/RSTP path cost determines root port selection. The port from which to the root port costs the least is selected as the root port. 6.2.5 (Optional) Configuring Port Priorities The lower the numerical value, the more likely the port on a switching device becomes a designated port; the higher the numerical value, the more likely the port is to be blocked. 6.2.6 Enabling STP/RSTP After STP/RSTP is enabled, spanning trees are calculated. 6.2.7 Checking the Configuration After basic STP/RSTP functions are configured, you can view the information such as the port role and port status to check whether the spanning tree calculation is correctly performed.

Before configuring basic STP/RSTP functions, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This will help you complete the configuration task quickly and accurately.
On a complex network, loops are inevitable. With the requirement for network redundancy backup, network designers tend to deploy multiple physical links between two devices, one of which is the master and the others are the backup. Loops are likely or bound to occur in such a situation. Loops will cause broadcast storms, thereby exhausting network resources and paralyzing the network. Loops also cause flapping of MAC address tables and thus damages MAC address entries. STP/RSTP can be deployed on a network to eliminate loops. If a loop is detected, STP/RSTP blocks one port to eliminate the loop. As shown in Figure 6-2, CX-A, CX-B, Switch C, and Switch D form a ring network, and STP/ RSTP is enabled on the ring network to eliminate loops.
6-10
Issue 01 (2011-05-30)
Figure 6-2 Diagram of a ring network
Network
Root Bridge CX-A CX-B
SwitchC
SwitchD
PC1
PC2 Blocked port
NOTE
If the current switching device supports STP and RSTP, RSTP is recommended.
Before configuring basic STP/RSTP functions, complete the following task: l Connecting interfaces and setting physical parameters for the interfaces to ensure that the physical status of the interfaces is Up
Data Preparation
To configure basic STP/RSTP functions, you need the following data. No. 1 2 3 Data (Optional) Priority of a switching device (Optional) Priority of a port (Optional) Path cost of a port
Issue 01 (2011-05-30)
6-11
6.2.2 Configuring the STP/RSTP Mode

Before configuring basic STP/RSTP functions, you need to configure the working mode of a switching device to STP/RSTP. RSTP is compatible with STP.
Procedure
Step 1 Run:
system-view

stp mode { stp | rstp }
The working mode of the switching device is configured as STP/RSTP. By default, the working mode of a switching device is configured as MSTP. MSTP is compatible with STP and RSTP. On a ring network running only STP, the working mode of a switching device is configured as STP; on a ring network running RSTP, the working mode of a switching device is configured as RSTP. In other cases, the working mode of a switching device is configured as MSTP by default. ----End
6.2.3 (Optional) Configuring Switching Device Priorities

The lower the numerical value is, the higher priority a switching device has and the more likely the switching device will be selected as a root bridge.
Context
On an STP/RSTP-capable network, there is only one root bridge and it is the logic center of the entire spanning tree. In root bridge selection, the switching device with high performance and network hierarchy is generally selected as a root bridge; however, the priority of such a device may be not that high. Thus setting a high priority for the switching device is necessary so that the device can function as a root bridge. Other devices with low performance and network hierarchy are not fit to be a root bridge. Therefore, set low priorities for these devices.
Procedure
Step 1 Run:
system-view

stp priority priority
The priority of a switching device is configured. The default priority value of a switching device is 32768.
NOTE
l To configure a switching device as a primary root bridge, you can run the stp root primary command directly. The priority value of this switching device is 0. l To configure a switching device as a secondary root bridge, run the stp root secondary command. The priority value of this switching device is 4096. A switching device cannot act as a primary root bridge and a secondary root bridge at the same time. l If you want to change the priority of a switching device after you run the stp root primary command or the stp root secondary command to configure the switching device as a primary root bridge or a secondary root bridge, disable the root bridge function or secondary root bridge function, and then run the stp priority priority command to re-set a priority.
----End
6.2.4 (Optional) Setting the Path Cost for a Port

The STP/RSTP path cost determines root port selection. The port from which to the root port costs the least is selected as the root port.
Context
A path cost is port-specific, which is used by STP/RSTP as a reference to select a link. The range of the path cost value is determined by the calculation method. After the calculation method is determined, you are recommended to set a relatively small path cost value for the port at a high link rate. Use the Huawei proprietory calculation method as an example. Different link rates correspond to default path cost values of ports. For details, see Table 6-5. Table 6-5 Mappings between link rates and path cost values Link Rate 10 Mbit/s 100 Mbit/s 1 Gbit/s 10 Gbit/s Over 10 Gbit/s Recommended value 2000 200 20 2 1 Recommended Value Range 200-20000 20-2000 2-200 2-20 1-2 Value Range 1-200000 1-200000 1-200000 1-200000 1-200000
On a network where loops occur, you are recommended to set a relatively large path cost for the port at a low link rate. STP/RSTP puts the port with the large path cost in the Blocking state and blocks the link where this port resides.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-05-30)
6-13

stp pathcost-standard { dot1d-1998 | dot1t | legacy }
A path cost calculation method is configured. By default, the IEEE 802.1t standard method is used to calculate the default path cost. All switching devices on a network must use the same calculation method for path costs. Step 3 Run:
The Ethernet interface view is displayed. Step 4 (Optional) Run:

portswitch
The interface is switched to a Layer 2 interface.

NOTE
If the interface itself is a Layer 2 interface, this step can be skipped. Run the display this command in the interface view. If "portswitch" is displayed in the command output, the interface is a Layer 2 interface.
Step 5 Run:
stp cost cost
A path cost is set for the port. l When the Huawei proprietory calculation method is used, cost ranges from 1 to 200000. l When the IEEE 802.1d standard method is used, cost ranges from 1 to 65535. l When the IEEE 802.1t standard method is used, cost ranges from 1 to 200000000. ----End
6.2.5 (Optional) Configuring Port Priorities

The lower the numerical value, the more likely the port on a switching device becomes a designated port; the higher the numerical value, the more likely the port is to be blocked.
Context
Whether a port on a switching device will be selected as a designated port is determined by its priority. For details, see 6.1.1 STP/RSTP Overview. If you expect to block a port on a switching device to eliminate loops, set the port priority value to be larger than the default value when the devices have the same bridge ID and the cost of path. This port will be blocked in designated port selection.
Procedure
Step 1 Run:
system-view


portswitch

NOTE
Step 4 Run:
stp port priority priority
The port priority is configured. The default priority value of a port on a switching device is 128. ----End
6.2.6 Enabling STP/RSTP

After STP/RSTP is enabled, spanning trees are calculated.
Context
After STP/RSTP is enabled on a ring network, STP/RSTP immediately calculates spanning trees on the network. Configurations on the switching device, such as the switching device priority and port priority, will affect spanning tree calculation. Any change of the configurations may cause network flapping. Therefore, to ensure rapid and stable spanning tree calculation, perform basic configurations on the switching device and its ports and enable STP/RSTP.
Procedure
Step 1 Run:
system-view

stp enable
STP/RSTP is enabled on the switching device. By default, the STP/RSTP function is enabled on a CX600. ----End

After basic STP/RSTP functions are configured, you can view the information such as the port role and port status to check whether the spanning tree calculation is correctly performed.
Prerequisite
All configurations of basic STP/RSTP functions are complete.
Procedure
l Run the display stp [ interface interface-typeinterface-number ] [ brief ] command to view spanning-tree status and statistics.
----End
Example
Run the display stp command, and you can view the spanning-tree working mode, root bridge, priority of the root bridge, convergence mode, path cost calculation method, and path cost of a root port. For example:
<HUAWEI> display stp -------[CIST Global Info][Mode RSTP]------CIST Bridge :32768.00e0-4e1f-b200 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :0 .00e0-e70a-4d00 / 20 CIST RegRoot/IRPC :32768.00e0-4e1f-b200 / 0 CIST RootPortId :128.1 BPDU-Protection :disabled TC or TCN received :0 TC count per hello :0 STP Converge Mode :Normal Time since last TC :0 days 0h:26m:16s ----[Port1(GigabitEthernet1/0/1)][FORWARDING]---Port Protocol :enabled Port Role :Root Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=20 Desg. Bridge/Port :0.00e0-e70a-4d00 / 128.5 Port Edged :Config=default / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :147 packets/hello-time Protection Type :None Port Stp Mode :RSTP Port Protocol Type :Config=auto / Active=dot1s BPDU Encapsulation :Config=stp / Active=stp PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 TC or TCN send :1 TC or TCN received :0 BPDU Sent :4 TCN: 0, Config: 0, RST: 4, MST: 0 BPDU Received :22 TCN: 0, Config: 0, RST: 22, MST: 0 ----[Port2(GigabitEthernet1/0/3)][DISCARDING]---Port Protocol :enabled Port Role :Alternate Port Port Priority :160 Port Cost(Legacy) :Config=auto / Active=20 Desg. Bridge/Port :4096.00e0-6606-be00 / 128.1 Port Edged :Config=default / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :147 packets/hello-time Protection Type :None Port Stp Mode :RSTP Port Protocol Type :Config=auto / Active=dot1s BPDU Encapsulation :Config=stp / Active=stp PortTimes :Hello 2s MaxAge 14s FwDly 10s RemHop 0 TC or TCN send :1 TC or TCN received :0 BPDU Sent :2 TCN: 0, Config: 0, RST: 2, MST: 0 BPDU Received :22 TCN: 0, Config: 0, RST: 22, MST: 0
6-16
Issue 01 (2011-05-30)
6.3 Configuring STP/RSTP Parameters on an Interface

A feedback mechanism is provided to confirm topology convergence. Thus, rapid convergence is implemented for RSTP. STP does not implement rapid convergence; however, STP parameters, such as the network diameter, hello time, Max Age time, and Forward Delay time, may affect network convergence. RSTP is a refinement of STP and implements rapid convergence. In addition to the preceding parameters, such parameters as the type of the link where the port resides, rapid transition mechanism, and maximum number of sent BPDUs port parameters also affect STP/RSTP topology convergence. For the parameters of devices running STP/RSTP, see Table 6-6. Table 6-6 Parameters affecting the STP/RSTP topology convergence Paramete r System parameter Parameter Description network diameter, timer value (Hello Time, Forward Delay period, Max Age time), and timeout period for waiting for BPDUs from the upstream (3 x hello time x time factor) Commands l stp bridge-diameter diameter l stp timer hello hello-time l stp timer forward-delay forward-delay l stp timer max-age maxage l stp timer-factor factor Description It is recommended that you set the network diameter to determine the timer value. The switching device automatically calculates the Forward Delay period, Hello time, and Max Age time based on the network diameter. Then, you can run the stp timer-factor factor command to set the timeout period for waiting for BPDUs from the upstream (3 x hello time x time factor).
Issue 01 (2011-05-30)
6-17
Paramete r Port parameter
Parameter Description Link type of a port
Commands l stp point-to-point { auto | force-false | force-true }
Description A P2P link helps implement the rapid convergence. l If the port works in fullduplex mode, the link where the port resides is a P2P link. l If the port works in half-duplex mode, you can forcibly switch the link where the port resides to a P2P link. l In other cases, you can enable the port to automatically determine whether to connect to the P2P link.
Port transition to the RSTP mode
l stp mcheck
On a switching device running RSTP, if an interface is connected to a device running STP, the interface automatically transitions to the STP mode. Enabling MCheck on the interface is required When the interface fail to automatically transition to the RSTP mode.
Maximum number of BPDUs sent by the interface within each Hello time
l stp transmit-limit packetnumber
If the maximum number of BPDUs sent by the interface within each Hello time is set properly, the rate at which BPDUs are sent can be restricted, which prevents RSTP from consuming too many bandwidths when network flapping occurs.
6-18
Issue 01 (2011-05-30)
Paramete r
Parameter Description Edge ports
Commands l stp edged-port enable
Description The ports connecting to terminals do not participate in STP/RSTP calculation. If a port is configured as an edge port, the port does not participate in STP/RSTP calculation. After BPDU protection is configured on a switching device, an edge port is shut down when receiving BPDUs. The port can be configured to automatically go Up after a specific delay.
6.3.1 Establishing the Configuration Task Before configuring parameters affecting STP/RSTP rapid convergence, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This will help you complete the configuration task quickly and accurately. 6.3.2 Setting System Parameters STP/RSTP parameters that may affect network convergence include the network diameter, hello time, and timeout period for waiting for BPDUs from the upstream (3 x hello time x time factor). Therefore, STP/RSTP parameters need to be set properly to help implement rapid network convergence. 6.3.3 Setting Port Parameters Port parameters that may affect RSTP topology convergence include the link type and maximum number of sent BPDUs. Proper port parameters help RSTP to implement rapid topology convergence. 6.3.4 Checking the Configuration You can verify that the configurations take effect after configuring STP/RSTP parameters that affect the topology convergence.

Before configuring parameters affecting STP/RSTP rapid convergence, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This will help you complete the configuration task quickly and accurately.
On some specific networks, RSTP parameters will affect the speed of network convergence. Configuring proper RSTP parameters is required.
Issue 01 (2011-05-30)
6-19
NOTE
The default configurations of the parameters described in this section help implement RSTP rapid convergence. Therefore, the configuration process and all involved procedures described in this section are optional. You can perform some of the configurations as required.
Pre-configuration Tasks Before configuring STP/RSTP parameters, complete the following task: l Configuring basic STP/RSTP functions
Data Preparation
To configure STP/RSTP parameters, you need the following data. No. 1 2 3 4 5 6 7 8 9 10 Data Network diameter Hello time, forwarding delay time, maximum aging time, and timeout period for waiting for BPDUs from the upstream (3 x hello time x time factor) Link type of a port Whether a port is enabled with rapid transition mechanism Whether a port needs to transition to the RSTP mode Maximum number of sent BPDUs Whether a port needs to be configured as an edge port Whether auto recovery needs to be configured for an edge port being shut down Whether a port needs to clear statistics of the spanning tree Whether an edge port needs to be configured as a BPDU filter
6.3.2 Setting System Parameters

STP/RSTP parameters that may affect network convergence include the network diameter, hello time, and timeout period for waiting for BPDUs from the upstream (3 x hello time x time factor). Therefore, STP/RSTP parameters need to be set properly to help implement rapid network convergence.
Procedure
Step 1 Run:
system-view

stp bridge-diameter diameter
The network diameter is configured. By default, the network diameter is 7.

l RSTP uses a single spanning tree instance on the entire network, which cannot prevent the performance from deteriorating when the network scale grows. Therefore, the network diameter cannot be larger than 7. l It is recommended that you run the stp bridge-diameter diameter command to set the network diameter. Then, the switching device calculates the optimal Forward Delay period, Hello time, and Max Age period based on the set network diameter. Step 3 Run:
stp timer-factor factor
The timeout period for waiting for BPDUs from the upstream of a switching device is set. By default, the timeout period of a switching device is 9 times as long as the Hello time. Step 4 (Optional) To set the Forward Delay period, Hello time, and Max Age period, perform the following operations: l Run the stp timer forward-delay forward-delay command to set the Forward Delay period for a switching device. The default Forward Delay period of a switching device is 1500, in centiseconds. l Run the stp timer hello hello-time command to set the Hello time for a switching device. The default Hello time of a switching device is 200, in centiseconds. l Run the stp timer max-age max-age command to set the Max Age period for a switching device. The default Max Age period of a switching device is 2000, in centiseconds.
NOTE
The values of the Hello time, Forward Delay period, and Max Age period must comply with the following formulas. Otherwise, networking flapping occurs. l 2 (Forward Delay - 1.0 second) >= Max Age l Max Age >= 2 (Hello Time + 1.0 second)
----End
6.3.3 Setting Port Parameters

Port parameters that may affect RSTP topology convergence include the link type and maximum number of sent BPDUs. Proper port parameters help RSTP to implement rapid topology convergence.
Procedure
Step 1 Run:
system-view


portswitch

NOTE

stp point-to-point { auto | force-false | force-true }
The link type is configured for a port. By default, a port automatically determines whether to connect to a P2P link. The P2P link supports rapid network convergence. l If the Ethernet port works in full-duplex mode, the port is connected to a P2P link. In this case, force-true can be configured to implement rapid network convergence. l If the Ethernet port works in half-duplex mode, you can configure stp point-to-point forcetrue to forcibly set the link type to P2P to implement rapid network convergence. Step 5 Run:
stp mcheck
MCheck is enabled. On a switching device running RSTP, if a port is connected to a device running STP, the port automatically transitions to the STP interoperable mode. Enabling MCheck on the port is required because the port may fail to automatically transition to the RSTP mode in the following situations: l The switching device running STP is shut down or moved. l The switching device running STP transitions to the RSTP mode.
NOTE
If you run the stp mcheck command in the system view, the MCheck operation is performed on all the interfaces.
Step 6 Run:
stp transmit-limit packet-number
The maximum number of BPDUs sent by a port within each Hello time is set. By default, the maximum number of BPDUs that a port sends within each Hello time is 147. Step 7 (Optional) Run:
stp edged-port enable
The port is configured as an edge port. If a device port is connected to a terminal, you can run this command to configure the port as an edge port. By default, the port is a non-edge port. Step 8 Run:
quit
Return to the system view. ----End

Follow-up Procedure
When the topology of a spanning tree changes, the forwarding paths to associated VLANs are changed. Then, ARP entries corresponding to those VLANs on the switching device need to be updated. STP/RSTP processes ARP entries in either fast or normal mode. l l In fast mode, ARP entries to be updated are directly deleted. In normal mode, ARP entries to be updated are rapidly aged. The remaining lifetime of ARP entries to be updated is set to 0. The switching device rapidly processes these aged entries. If the number of ARP aging probe attempts is not set to 0, ARP implements aging probe for these ARP entries. In either fast or normal mode, MAC entries are directly deleted. You can run the stp converge { fast | normal } command in the system view to configure the STP/RSTP convergence mode. By default, the STP/RSTP convergence is configured as normal.
NOTE
The normal mode is recommended. If the fast mode is adopted, ARP entries will be frequently deleted, causing the CPU usage on the MPU or LPU to reach 100%. As a result, network flapping frequently occurs.

You can verify that the configurations take effect after configuring STP/RSTP parameters that affect the topology convergence.
Prerequisite
The parameters that affect the topology convergence have been configured.
Procedure
l Run the display stp [ interface interface-type interface-number ] [ brief ] command to view spanning-tree status and statistics.
----End
Example
Run the display stp command to view the Hello time, Max Age period, Forward Delay period, maximum number of sent BPDUs within each Hello time, and the status whether a port is connected to a P2P link. For example:
<HUAWEI> display stp interface gigabitethernet 1/0/1 ----[Port1(GigabitEthernet1/0/1)][FORWARDING]---Port Protocol :enabled Port Role :Root Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=20 Desg. Bridge/Port :0.00e0-e70a-4d00 / 128.5 Port Edged :Config=default / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :6 packets/hello-time Protection Type :None Port Stp Mode :RSTP Port Protocol Type :Config=auto / Active=dot1s BPDU Encapsulation :Config=stp / Active=stp PortTimes :Hello 2s MaxAge 14s FwDly 10s RemHop 0
Issue 01 (2011-05-30)
6-23
TC or TCN send :1 TC or TCN received :0 BPDU Sent :4 TCN: 0, Config: 0, RST: 4, MST: 0 BPDU Received :22 TCN: 0, Config: 0, RST: 22, MST: 0
6.4 Configuring RSTP Protection Functions

RSTP protection functions are as follows, and you can configure one or more functions as required. 6.4.1 Establishing the Configuration Task Before configuring RSTP protection functions, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This will help you complete the configuration task quickly and accurately. 6.4.2 Configuring BPDU Protection on a Switching Device After BPDU protection is enabled on a switching device, the switching device shuts down an edge port if the edge port receives a BPDU, and notifies the NMS of the shutdown event. 6.4.3 Configuring TC Protection on a Switching Device After TC protection is enabled, you can set the number of times for a switching device to process TC BPDUs within a given time. TC protection avoids frequent deletion of MAC address entries and ARP entries, thereby protecting switching devices. 6.4.4 Configuring Root Protection on a Port The root protection function on a switching device protects a root bridge by preserving the role of a designated port. 6.4.5 Configuring Loop Protection on a Port The loop protection function suppresses the loops caused by link congestion. 6.4.6 Checking the Configuration After RSTP protection functions are configured, you can verify that the configurations take effect.

Before configuring RSTP protection functions, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This will help you complete the configuration task quickly and accurately.
RSTP provides the following protection functions, as listed in Table 6-7.
6-24
Issue 01 (2011-05-30)
Table 6-7 RSTP Protection Function Protection Function BPDU protection Scenario An edge port changes to be a non-edge port after receiving a BPDU, which triggers spanning tree recalculation. If an attacker keeps sending bogus BPDUs to a switching device, network flapping occurs. Generally, after receiving TC BPDUs (packets for advertising network topology changes), a switching device needs to delete MAC entries and ARP entries. Frequent deletion operations will exhaust CPU resources. Configuration Impact After BPDU protection is enabled on the switching device, the switching device shuts down the edge port if the edge port receives an RST BPDU, and notifies the NMS of the shutdown event. The attributes of the edge port are not changed.
TC protection
TC protection is used to suppress TC-BPDUs. The number of times that TC-BPDUs are processed by a switching device within a given time period is configurable. If the number of TC-BPDUs that the switching device receives within a given time exceeds the specified threshold, the switching device handles TC-BPDUs only for the specified number of times. Excess TC-BPDUs are processed by the switching device as a whole for once after the timer (that is, the specified time period) expires. This protects the switching device from frequently deleting MAC entries and ARP entries, thus avoiding over-burdened. If a designated port is enabled with the root protection function, the role of the port cannot be changed. Once a designated port that is enabled with root protection receives RST BPDUs with a higher priority, the port enters the Discarding state and does not forward packets. If the port does not receive any RST BPDUs with a higher priority before a period (generally two Forward Delay periods) expires, the port automatically enters the Forwarding state.
Root protection
Due to incorrect configurations or malicious attacks on the network, a root bridge may receive BPDUs with a higher priority. Consequently, the legitimate root bridge is no longer able to serve as the root bridge, and the network topology is illegitimately changed, triggering spanning tree recalculation. This may transfer traffic from high-speed links to low-speed links, causing traffic congestion.
Issue 01 (2011-05-30)
6-25
Protection Function Loop protection
Scenario A root port or an alternate port will age if link congestion or a one-way link failure occurs. After the root port ages, a switching device may re-select a root port incorrectly and after the alternate port ages, the port enters the Forwarding state. Loops may occur in such a situation.
Configuration Impact After loop protection is configured, if the root port or alternate port does not receive RST BPDUs from the upstream switching device for a long time, the switching device notifies the NMS that the port enters the Discarding state. The blocked port remains in the Blocked state and no longer forwards packets. This prevents loops on the network. The root port restores the Forwarding state after receiving new BPDUs.
Before configuring basic RSTP functions, complete the following task: l Configuring basic RSTP functions
NOTE
Configuring an edge port on the switching device before configuring BPDU protection.
Data Preparation
To configure basic RSTP functions, you need the following data. No. 1 2 Data Number of the port on which root protection is to be enabled Number of the port on which loop protection is to be enabled
6.4.2 Configuring BPDU Protection on a Switching Device

After BPDU protection is enabled on a switching device, the switching device shuts down an edge port if the edge port receives a BPDU, and notifies the NMS of the shutdown event.
Context
Edge ports are directly connected to user terminals and normally, the edge ports will not receive BPDUs. Some attackers may send pseudo BPDUs to attach the switching device. If the edge ports receive the BPDUs, the switching device automatically configures the edge ports as nonedge ports and triggers new spanning tree calculation. Network flapping then occurs. BPDU protection can be used to protect switching devices against malicious attacks.
NOTE
Do as follows on a switching device having an edge port:
6-26
Issue 01 (2011-05-30)
Procedure
Step 1 Run:
system-view

stp bpdu-protection
BPDU protection is enabled on the switching device. By default, BPDU protection is not enabled on the switching device. ----End
6.4.3 Configuring TC Protection on a Switching Device

After TC protection is enabled, you can set the number of times for a switching device to process TC BPDUs within a given time. TC protection avoids frequent deletion of MAC address entries and ARP entries, thereby protecting switching devices.
Context
An attacker may send pseudo TC BPDUs to attack switching devices. Switching devices receive a large number of TC BPDUs in a short time and delete entries frequently, which burdens system processing and degrades network stability. TC protection is used to suppress TC BPDUs. The number of times that TC BPDUs are processed by a switching device within a given time period is configurable. If the number of TC BPDUs that the switching device receives within a given time exceeds the specified threshold, the switching device handles TC BPDUs only for the specified number of times. Excess TC-BPDUs are processed by the switching device as a whole for once after the specified time period expires. This protects the switching device from frequently deleting MAC entries and ARP entries, thus avoiding overburden.
Procedure
Step 1 Run:
system-view

stp tc-protection
TC protection is enabled for a switching device. By default, TC protection is not enabled on the switching device. Step 3 Run:
stp tc-protection threshold threshold
The threshold of the number of times the switching device handles the received TC BPDUs and updates forwarding entries within a given time is set.
NOTE
The value of the given time is consistent with the RSTP Hello time set by using the stp timer hello hellotime command.
----End
6.4.4 Configuring Root Protection on a Port

The root protection function on a switching device protects a root bridge by preserving the role of a designated port.
Context
Due to incorrect configurations or malicious attacks on the network, a root bridge may receive BPDUs with a higher priority. Consequently, the legitimate root bridge is no longer able to serve as the root bridge, and the network topology is incorrectly changed, triggering spanning tree recalculation. This also may cause the traffic that should be transmitted over high-speed links to be transmitted over low-speed links, leading to network congestion. The root protection function on a switching device is used to protect the root bridge by preserving the role of the designated port.
NOTE
Root protection is configured on a designated port. Root protection takes effect only on a designated port.
Do as follows on the root bridge.
Procedure
Step 1 Run:
system-view


portswitch

NOTE
Step 4 Run:
stp root-protection
Root protection is configured on the switching device. By default, root protection is disabled. ----End
6.4.5 Configuring Loop Protection on a Port

The loop protection function suppresses the loops caused by link congestion.
Context
On a network running RSTP, a switching device maintains the root port status and status of blocked ports by receiving BPDUs from an upstream switching device. If the switching device cannot receive BPDUs from the upstream because of link congestion or unidirectional-link failure, the switching device re-selects a root port. The original root port becomes a designated port and the original blocked ports change to the Forwarding state. This may cause network loops. To address such a problem, configure loop protection. After loop protection is configured, if the root port or alternate port does not receive BPDUs from the upstream switching device, the root port is blocked and the switching device notifies the NMS that the port enters the Discarding state. The blocked port remains in the Blocked state and no longer forwards packets. This prevents loops on the network. The root port restores the Forwarding state after receiving new BPDUs.
NOTE
An alternate port is a backup port of a root port. If a switching device has an alternate port, you need to configure loop protection on both the root port and the alternate port.
Do as follows on a root port and an alternate port on a switching device.
Procedure
Step 1 Run:
system-view


portswitch

NOTE
Step 4 Run:
stp loop-protection
Loop protection for the root port or the alternate port is configured on the switching device. By default, loop protection is disabled. ----End

After RSTP protection functions are configured, you can verify that the configurations take effect.
Prerequisite
All configurations of RSTP protection functions are complete.
Procedure
l Run the display stp [ interface interface-type interface-number ] [ brief ] command to view the status of a spanning tree, including the status of protection functions on a switching device
----End
Example
Run the display stp command to view the working mode of a spanning tree, the status of BPDU protection on a switching device, and the status of root protection on a specified port. For example:
<HUAWEI> display stp -------[CIST Global Info][Mode RSTP]------CIST Bridge :32768.00e0-4e1f-b200 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :0 .00e0-e70a-4d00 / 20 CIST RegRoot/IRPC :32768.00e0-4e1f-b200 / 0 CIST RootPortId :128.1 BPDU-Protection :enabled TC or TCN received :0 TC count per hello :0 STP Converge Mode :Normal Time since last TC :0 days 0h:26m:16s ----[Port1(GigabitEthernet1/0/1)][FORWARDING]---Port Protocol :enabled Port Role :Designated Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=20 Desg. Bridge/Port :0.00e0-e70a-4d00 / 128.5 Port Edged :Config=default / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :147 packets/hello-time Protection Type :Root Port Stp Mode :RSTP Port Protocol Type :Config=auto / Active=dot1s BPDU Encapsulation :Config=stp / Active=stp PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 TC or TCN send :1 TC or TCN received :0 BPDU Sent :4 TCN: 0, Config: 0, RST: 4, MST: 0 BPDU Received :22 TCN: 0, Config: 0, RST: 22, MST: 0 ----[Port2(GigabitEthernet1/0/3)][FORWARDING]---Port Protocol :enabled Port Role :Designated Port Port Priority :160 Port Cost(Legacy) :Config=auto / Active=20 Desg. Bridge/Port :4096.00e0-6606-be00 / 128.1 Port Edged :Config=default / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :147 packets/hello-time
6-30
Issue 01 (2011-05-30)
Protection Type :Root Port Stp Mode :RSTP Port Protocol Type :Config=auto / Active=dot1s BPDU Encapsulation :Config=stp / Active=stp PortTimes :Hello 2s MaxAge 14s FwDly 10s RemHop 0 TC or TCN send :1 TC or TCN received :0 BPDU Sent :2 TCN: 0, Config: 0, RST: 2, MST: 0 BPDU Received :22 TCN: 0, Config: 0, RST: 22, MST: 0
6.5 Configuring STP/RSTP Interoperability Between Huawei Devices and Non-Huawei Devices
To supports STP/RSTP interoperability between Huawei devices and non-Huawei devices, proper parameters are required on Huawei devices running STP/RSTP to ensure nonstop communication. 6.5.1 Establishing the Configuration Task Before configuring STP/RSTP interoperability between Huawei devices and non-Huawei devices, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This will help you complete the configuration task quickly and accurately. 6.5.2 Configuring the BPDU Format on a Switching Device To make a Huawei device interoperate with a non-Huawei device, set the BPDU format to Per VLAN Spanning Tree (PVST). 6.5.3 Configuring the Proposal/Agreement Mechanism To enable Huawei Datacom devices to communicate with non-Huawei devices, a proper rapid transition mechanism needs to be configured on Huawei devices based on the Proposal/ Agreement mechanism on non-Huawei devices. 6.5.4 Checking the Configuration After MSTP parameters are configured for the interoperability between Huawei devices and non-Huawei devices, you can verify that the configurations take effect.

Before configuring STP/RSTP interoperability between Huawei devices and non-Huawei devices, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This will help you complete the configuration task quickly and accurately.
On a network running STP/RSTP, inconsistent protocol packet formats and BPDU keys may lead to a communication failure. Configuring proper STP/RSTP parameters on Huawei devices ensures interoperability between Huawei devices and non-Huawei devices.
Before configuring STP/RSTP interoperability between Huawei devices and non-Huawei devices, complete the following task:
Configuring basic STP/RSTP functions
Data Preparation
To configure STP/RSTP interoperability between Huawei devices and non-Huawei devices, you need the following data. No. 1 Data BPDU format
6.5.2 Configuring the BPDU Format on a Switching Device

To make a Huawei device interoperate with a non-Huawei device, set the BPDU format to Per VLAN Spanning Tree (PVST).
Prerequisite
Basic VPLS functions have been configured before you can configure the BPDU format in the PW template view.
Procedure
Step 1 Run:
system-view
The system view is displayed. Step 2 Enter the view to configure the BPDU format: l Perform the following steps to enter the PW template view: 1. 2. 3. 4. Run the vsi vsi-name [ auto | static ] command to create a VSI or enter the VSI view. Run the pwsignal { bgp | ldp } command to configure a signaling mode for the VSI. Run the vsi-id vsi-id command to set the VSI ID. Run the peer peer-address [ negotiation-vc-id vc-id ] pw pw-name command to enter the VSI-LDP-PW view.
l Run the interface interface-type interface-number command to enter the Ethernet interface view. interface-type specifies the interface type. The interface types can be Ethernet, EthTrunk, virtual Ethernet, and GigabitEthernet. Step 3 Run:
stp bpdu-encapsulation { pvst | stp }
The BPDU format is configured on the switching device. By default, the BPDU format is STP. To make a Huawei device interoperate with a non-Huawei device, the PVST BPDU format needs to be used. ----End
6.5.3 Configuring the Proposal/Agreement Mechanism

To enable Huawei Datacom devices to communicate with non-Huawei devices, a proper rapid transition mechanism needs to be configured on Huawei devices based on the Proposal/ Agreement mechanism on non-Huawei devices.
Context
The rapid transition mechanism is also called the Proposal/Agreement mechanism. Switching devices currently support the following modes: l Enhanced mode: The current interface counts a root port when it counts the synchronization flag bit. An upstream device sends a Proposal message to a downstream device, requesting rapid status transition. After receiving the message, the downstream device sets the port connected to the upstream device to a root port and blocks all non-edge ports. The upstream device then sends an Agreement message to the downstream device. After the downstream device receives the message, the root port transitions to the Forwarding state. The downstream device responds the Proposal message with an Agreement message. After receiving the message, the upstream device sets the port connected to the downstream device as a designated port. The designated port then transitions to the Forwarding state. l Common mode: The current interface ignores the root port when it counts the synchronization flag bit. An upstream device sends a Proposal message to a downstream device, requesting rapid status transition. After receiving the message, the downstream device sets the port connected to the upstream device to a root port and blocks all non-edge ports. The root port then transitions to the Forwarding state. The downstream device responds the Proposal message with an Agreement message. After receiving the message, the upstream device sets the port connected to the downstream device as a designated port. The designated port then transitions to the Forwarding state. When Huawei datacom devices are interworking with non-Huawei devices, select either mode depending on the Proposal/Agreement mechanisms on non-Huawei devices.
Procedure
Step 1 Run:
system-view


stp no-agreement-check
The common rapid transition mechanism is configured.

By default, the interface uses the enhanced rapid transition mechanism. ----End

After MSTP parameters are configured for the interoperability between Huawei devices and non-Huawei devices, you can verify that the configurations take effect.
Prerequisite
Parameters have been configured to ensure MSTP interoperability between Huawei devices and non-Huawei devices.
Procedure
l Run the display stp [ interface interface-type interface-number ] [ brief ] command to view spanning-tree status.
----End
Example
Run the display stp command to view the working mode of the spanning tree and the BPDU format. For example:
<HUAWEI> display stp interface gigabitethernet 1/0/1 ----[Port1(GigabitEthernet1/0/1)][FORWARDING]---Port Protocol :enabled Port Role :Root Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=20 Desg. Bridge/Port :0.00e0-e70a-4d00 / 128.5 Port Edged :Config=default / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :147 packets/hello-time Protection Type :None Port Stp Mode :RSTP Port Protocol Type :Config=auto / Active=dot1s BPDU Encapsulation:Config=stp / Active=stp PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 TC or TCN send :1 TC or TCN received :0 BPDU Sent :4 TCN: 0, Config: 0, RST: 4, MST: 0 BPDU Received :22 TCN: 0, Config: 0, RST: 22, MST: 0
6.6 Maintaining STP/RSTP

STP/RSTP maintenance includes resetting STP/RSTP statistics. 6.6.1 Clearing STP/RSTP Statistics You can run the reset commands to reset STP/RSTP statistics to 0.
6.6.1 Clearing STP/RSTP Statistics

You can run the reset commands to reset STP/RSTP statistics to 0.
Context
CAUTION
STP/RSTP statistics cannot be restored after you clear them. Therefore, exercise caution when using the reset commands. After you confirm that STP/RSTP statistics need to be cleared, run the following command in the user view.
Procedure
Step 1 Run the reset stp [ interface interface-type interface-number ] statistics command to clear spanning-tree statistics. ----End

This section shows typical usage scenarios of STP/RSTP by describing networking requirements, configuration roadmap, and data preparation, and provides related configuration files. 6.7.1 Example for Configuring Basic STP Functions This example shows how to configure basic STP functions. 6.7.2 Example for Configuring Basic RSTP Functions This example shows how to configure basic RSTP functions.
6.7.1 Example for Configuring Basic STP Functions

This example shows how to configure basic STP functions.
On a complex network, loops are inevitable. With the requirement for network redundancy backup, network designers tend to deploy multiple physical links between two devices, one of which is the master and the others are the backup. Loops are likely or bound to occur in such a situation. Loops will cause broadcast storms, thereby exhausting network resources and paralyzing the network. Loops also cause flapping of MAC address tables and thus damages MAC address entries. STP can be deployed on a network to eliminate loops by blocking some ports. On the network shown in Figure 6-3, after CX-A, SwitchB, SwitchC, and CX-D running STP discover loops on the network by exchanging information with each other, they trim the ring topology into a loop-free tree topology by blocking a certain port. In this manner, replication and circular propagation of packets are prevented on the network and the switching devices are released from processing duplicated packets, thereby improving their processing performance.
Figure 6-3 Networking diagram of configuring basic STP functions
Network
GE1/0/3 CX-D
GE1/0/3 Root GE1/0/1 GE1/0/1 Bridge GE1/0/2 STP CX-A
GE1/0/2
GE1/0/3 SwitchC GE1/0/2 GE1/0/1 GE1/0/1
GE1/0/3 SwitchB GE1/0/2
PC1
PC2 Blocked port
The configuration roadmap is as follows: 1. Configure basic STP functions, including: (1) Configure the STP mode for the ring network. (2) Configure primary and secondary root bridges. (3) Set path costs for ports to block certain ports. (4) Enable STP to eliminate loops, including: l Enable STP globally. l Enable STP on all the interfaces except the interfaces connected to terminals.
NOTE
STP is not required on the interfaces connected to terminals because these interfaces do not need to participate in STP calculation. By default, STP is enabled on a Layer 2 interface but not enabled on a Layer 3 interface.
Data Preparation
To complete the configuration, you need the following data.
l l l
GE interface number, as shown in Figure 6-3 Primary root bridge CX-A and secondary root bridge CX-D Path cost of a port to be blocked (20000 is used in this example)
Procedure
Step 1 Configure basic STP functions. 1. Configure the STP mode for the devices on the ring network. # Configure the STP mode on CX-A.
<HUAWEI> system-view [HUAWEI] sysname CX-A [CX-A] stp mode stp
# Configure the STP mode on SwitchB.

<HUAWEI> system-view [HUAWEI] sysname SwitchB [SwitchB] stp mode stp
# Configure the STP mode on SwitchC.

<HUAWEI> system-view [HUAWEI] sysname SwitchC [SwitchC] stp mode stp
# Configure the STP mode on CX-D.

<HUAWEI> system-view [HUAWEI] sysname CX-D [CX-D] stp mode stp
2.
Configure primary and secondary root bridges. # Configure CX-A as a primary root bridge.
[CX-A] stp root primary
# Configure CX-D as a secondary root bridge.

[CX-D] stp root secondary
3.
Set path costs for ports in each spanning tree to block certain ports.
NOTE
l The values of path costs depend on path cost calculation methods. Use the Huawei proprietary calculation method as an example to set the path costs of the ports to be blocked to 20000. l All switching devices on a network must use the same path cost calculation method.
# On CX-A, configure the path cost calculation method as the Huawei proprietary method.
[CX-A] stp pathcost-standard legacy
# On CX-B, configure the path cost calculation method as the Huawei proprietary method.
[CX-B] stp pathcost-standard legacy
# On SwitchC, configure the path cost calculation method as the Huawei proprietary method and set the path cost of GE 1/0/1 to 20000.
[SwitchC] stp pathcost-standard legacy [SwitchC] interface gigabitethernet 1/0/1 [SwitchC-GigabitEthernet1/0/1] stp cost 20000 [SwitchC-GigabitEthernet1/0/1] quit
# On SwitchD, configure the path cost calculation method as the Huawei proprietary method.
[SwitchD] stp pathcost-standard legacy
4.
Issue 01 (2011-05-30)
Enable STP to eliminate loops.

l Disable STP on interfaces connected to PCs. # Disable STP on GE 1/0/2 on SwitchB.

[SwitchB] interface gigabitethernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] stp disable [SwitchB-GigabitEthernet1/0/2] quit
# Disable STP on GE 1/0/2 on SwitchC.

[SwitchC] interface gigabitethernet 1/0/2 [SwitchC-GigabitEthernet1/0/2] stp disable [SwitchC-GigabitEthernet1/0/2] quit
l Enable STP globally. # Enable STP globally on CX-A.

[CX-A] stp enable
# Enable STP globally on SwitchB.

[SwitchB] stp enable
# Enable STP globally on SwitchC.

[SwitchC] stp enable
# Enable STP globally on CX-D.

[CX-D] stp enable
l Enable STP on all the interfaces except the interfaces connected to terminals. # Enable STP on GE 1/0/1 and GE 1/0/2 on CX-A.
[CX-A] interface gigabitethernet 1/0/1 [CX-A-GigabitEthernet1/0/1] undo shutdown [CX-A-GigabitEthernet1/0/1] portswitch [CX-A-GigabitEthernet1/0/1] stp enable [CX-A-GigabitEthernet1/0/1] quit [CX-A] interface gigabitethernet 1/0/2 [CX-A-GigabitEthernet1/0/2] undo shutdown [CX-A-GigabitEthernet1/0/2] portswitch [CX-A-GigabitEthernet1/0/2] stp enable [CX-A-GigabitEthernet1/0/2] quit
# Enable STP on GE 1/0/1 and GE 1/0/3 on SwitchB.

[SwitchB] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] stp enable [SwitchB-GigabitEthernet1/0/1] quit [SwitchB] interface gigabitethernet 1/0/3 [SwitchB-GigabitEthernet1/0/3] stp enable [SwitchB-GigabitEthernet1/0/3] quit
# Enable STP on GE 1/0/1 and GE 1/0/3 on SwitchC.

[SwitchC] interface gigabitethernet 1/0/1 [SwitchC-GigabitEthernet1/0/1] stp enable [SwitchC-GigabitEthernet1/0/1] quit [SwitchC] interface gigabitethernet 1/0/3 [SwitchC-GigabitEthernet1/0/3] stp enable [SwitchC-GigabitEthernet1/0/3] quit
# Enable STP on GE 1/0/1 and GE 1/0/2 on CX-D.

[CX-D] interface gigabitethernet 1/0/1 [CX-D-GigabitEthernet1/0/1] undo shutdown [CX-D-GigabitEthernet1/0/1] portswitch [CX-D-GigabitEthernet1/0/1] stp enable [CX-D-GigabitEthernet1/0/1] quit [CX-D] interface gigabitethernet 1/0/2 [CX-D-GigabitEthernet1/0/2] undo shutdown [CX-D-GigabitEthernet1/0/2] portswitch [CX-D-GigabitEthernet1/0/2] stp enable [CX-D-GigabitEthernet1/0/2] quit
6-38
Issue 01 (2011-05-30)
Step 2 Verify the configuration. After the previous configurations, run the following commands to verify the configuration when the network is stable: # Run the display stp brief command on CX-A to view the interface status and protection type. The displayed information is as follows:
[CX-A] display stp brief MSTID Port 0 GigabitEthernet1/0/1 0 GigabitEthernet1/0/2 Role DESI DESI STP State FORWARDING FORWARDING Protection NONE NONE
After CX-A is configured as a root bridge, GE 1/0/2 and GE 1/0/1 connected to SwitchB and CX-D respectively are elected as designated ports in spanning tree calculation. # Run the display stp interface gigabitethernet 1/0/1 brief command on SwitchB to view status of GE 1/0/1. The displayed information is as follows:
[SwitchB] display stp interface gigabitethernet 1/0/1 brief MSTID Port Role STP State Protection 0 GigabitEthernet1/0/1 DESI FORWARDING NONE
GE 1/0/1 is elected as a designated port in spanning tree calculation and is in the Forwarding state. # Run the display stp interface gigabitethernet 1/0/3 brief command on SwitchC to view status of GE 1/0/3. The displayed information is as follows:
[SwitchC] display stp interface gigabitethernet 1/0/3 brief MSTID Port Role STP State Protection 0 GigabitEthernet1/0/3 ROOT FORWARDING NONE
GE 1/0/3 is elected as a designated port in spanning tree calculation and is in the Forwarding state. # Run the display stp command on CX-D to view the interface status and protection type. The displayed information is as follows:
[CX-D] display stp -------[CIST Global Info][Mode STP]------CIST Bridge :4096 .00e0-2c09-9200 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :0 .00e0-0543-6a00 / 20000 CIST RegRoot/IRPC :4096 .00e0-2c09-9200 / 0 CIST RootPortId :128.1 BPDU-Protection :disabled CIST Root Type :SECONDARY root TC or TCN received :4 TC count per hello :0 STP Converge Mode :Normal Share region-configuration :enabled Time since last TC :0 days 0h:5m:44s ----[Port1(GigabitEthernet1/0/1)][FORWARDING]---Port Protocol :enabled Port Role :Root Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=20000 Desg. Bridge/Port :0.00e0-0543-6a00 / 128.1 Port Edged :Config=default / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :147 packets/hello-time Protection Type :None Port Stp Mode :STP Port Protocol Type :Config=auto / Active=dot1s BPDU Encapsulation :Config=stp / Active=stp PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0
Issue 01 (2011-05-30)
6-39
TC or TCN send :4 TC or TCN received :2 BPDU Sent :5 TCN: 0, Config: 0, RST: 5, MST: 0 BPDU Received :177 TCN: 0, Config: 0, RST: 177, MST: 0 ----[Port2(GigabitEthernet1/0/2)][FORWARDING]---Port Protocol :enabled Port Role :Designated Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=20000 Desg. Bridge/Port :4096.00e0-2c09-9200 / 128.2 Port Edged :Config=default / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :147 packets/hello-time Protection Type :None Port Stp Mode :STP Port Protocol Type :Config=auto / Active=dot1s BPDU Encapsulation :Config=stp / Active=stp PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 20 TC or TCN send :2 TC or TCN received :2 BPDU Sent :165 TCN: 0, Config: 0, RST: 165, MST: 0 BPDU Received :2 TCN: 0, Config: 0, RST: 2, MST: 0
----End
Configuration Files
# sysname CX-A # stp mode stp stp instance 0 root primary stp pathcost-standard legacy stp enable # interface GigabitEthernet1/0/1 portswitch undo shutdown # interface GigabitEthernet1/0/2 portswitch undo shutdown # return
Configuration file of SwitchB

# sysname SwitchB # stp mode stp stp pathcost-standard legacy stp enable #
6-40
Issue 01 (2011-05-30)
interface GigabitEthernet1/0/1 # interface GigabitEthernet1/0/2 stp disable # interface GigabitEthernet1/0/3 # return
Configuration file of SwitchC

# sysname SwitchC # stp mode stp stp pathcost-standard legacy stp enable # interface GigabitEthernet1/0/1 stp instance 0 cost 20000 # interface GigabitEthernet1/0/2 stp disable # interface GigabitEthernet1/0/3 # return #
Configuration file of CX-D

# sysname CX-D # stp mode stp stp instance 0 root secondary stp pathcost-standard legacy stp enable # interface GigabitEthernet1/0/1 undo shutdown portswitch # interface GigabitEthernet1/0/2 undo shutdown portswitch # return
6.7.2 Example for Configuring Basic RSTP Functions

This example shows how to configure basic RSTP functions.
On a complex network, loops are inevitable. With the requirement for network redundancy backup, network designers tend to deploy multiple physical links between two devices, one of which is the master and the others are the backup. Loops are likely or bound to occur in such a situation. Loops will cause broadcast storms, thereby exhausting network resources and paralyzing the network. Loops also cause flapping of MAC address tables and thus damages MAC address entries. RSTP can be deployed on a network to eliminate loops by blocking some ports, and it is developed to implement the rapid convergence based on STP but outperforms STP. On the network shown in Figure 6-4, after CX-A, SwitchB, SwitchC, and CX-D running RSTP discover loops on the network by exchanging information with each other, they trim the ring topology into a loop-free tree topology by blocking a certain port. In this manner, replication and circular propagation of packets are prevented on the network and the switching devices are released from processing duplicated packets, thereby improving their processing performance. Figure 6-4 Networking diagram of configuring basic RSTP functions
Network
GE1/0/3
GE1/0/3 Root GE1/0/1 GE1/0/1 Bridge GE1/0/2 RSTP CX-A
CX-D
GE1/0/2
GE1/0/3 SwitchC GE1/0/2 GE1/0/1 GE1/0/1
GE1/0/3 SwitchB GE1/0/2
PC1
PC2 Blocked port
1.
Configure basic RSTP functions, including: (1) Configure the RSTP mode for the ring network. (2) Configure primary and secondary root bridges. (3) Set path costs for ports in each MSTI to block certain ports. (4) Enable RSTP to eliminate loops, including: l Enable RSTP globally. l Enable RSTP on all the interfaces except the interfaces connected to terminals.
NOTE
RSTP is not required on the interfaces connected to terminals because these interfaces do not need to participate in RSTP calculation. By default, RSTP is enabled on a Layer 2 interface but not enabled on a Layer 3 interface.
2.
Configure RSTP protection functions, for example, root protection on a designated port of a root bridge in each MSTI.
Data Preparation
To complete the configuration, you need the following data. l l l GE interface number, as shown in Figure 6-4 Primary root bridge CX-A and secondary root bridge CX-D Path cost of a port to be blocked (20000 is used in this example)
Procedure
Step 1 Configure basic RSTP functions. 1. Configure the RSTP mode for the devices on the ring network. # Configure the RSTP mode on CX-A.
<HUAWEI> system-view [HUAWEI] sysname CX-A [CX-A] stp mode rstp
# Configure the RSTP mode on SwitchB.

<HUAWEI> system-view [HUAWEI] sysname SwitchB [SwitchB] stp mode rstp
# Configure the RSTP mode on SwitchC.

<HUAWEI> system-view [HUAWEI] sysname SwitchC [SwitchC] stp mode rstp
# Configure the RSTP mode on CX-D.

<HUAWEI> system-view [HUAWEI] sysname CX-D [CX-D] stp mode rstp
2.
Configure primary and secondary root bridges. # Configure CX-A as a primary root bridge.
[CX-A] stp root primary
# Configure CX-D as a secondary root bridge.

[CX-D] stp root secondary
3.
Issue 01 (2011-05-30)
Set path costs for ports in each spanning tree to block certain ports.
NOTE
l The values of path costs depend on path cost calculation methods. Use the Huawei proprietary calculation method as an example to set the path costs of the ports to be blocked to 20000. l All switching devices on a network must use the same path cost calculation method.
# On SwitchC, configure the path cost calculation method as the Huawei proprietary method and set the path cost of GE 1/0/1 to 20000.
[SwitchC] stp pathcost-standard legacy [SwitchC] interface gigabitethernet 1/0/1 [SwitchC-GigabitEthernet1/0/1] stp cost 20000 [SwitchC-GigabitEthernet1/0/1] quit
# On SwitchD, configure the path cost calculation method as the Huawei proprietary method.
[SwitchD] stp pathcost-standard legacy
4.
Enable RSTP to eliminate loops. l Disable RSTP on interfaces connected to PCs. # Disable RSTP on GE 1/0/2 on SwitchB.
[SwitchB] interface gigabitethernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] stp disable [SwitchB-GigabitEthernet1/0/2] quit
# Disable RSTP on GE 1/0/2 on SwitchC.

l Enable RSTP globally. # Enable RSTP globally on CX-A.

[CX-A] stp enable
# Enable RSTP globally on SwitchB.

[SwitchB] stp enable
# Enable RSTP globally on SwitchC.

# Enable RSTP globally on SwitchD.

[CX-D] stp enable
l Enable RSTP on all the interfaces except the interfaces connected to terminals. # Enable RSTP on GE 1/0/1 and GE 1/0/2 on CX-A.
[CX-A] interface gigabitethernet 1/0/1 [CX-A-GigabitEthernet1/0/1] undo shutdown [CX-A-GigabitEthernet1/0/1] portswitch [CX-A-GigabitEthernet1/0/1] stp enable [CX-A-GigabitEthernet1/0/1] quit [CX-A] interface gigabitethernet 1/0/2 [CX-A-GigabitEthernet1/0/2] undo shutdown [CX-A-GigabitEthernet1/0/2] portswitch [CX-A-GigabitEthernet1/0/2] stp enable [CX-A-GigabitEthernet1/0/2] quit
# Enable RSTP on GE 1/0/1 and GE 1/0/3 on SwitchB.

[SwitchB] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] stp enable
6-44
Issue 01 (2011-05-30)
[SwitchB-GigabitEthernet1/0/1] quit [SwitchB] interface gigabitethernet 1/0/3 [SwitchB-GigabitEthernet1/0/3] stp enable [SwitchB-GigabitEthernet1/0/3] quit
# Enable RSTP on GE 1/0/1 and GE 1/0/3 on SwitchC.

[SwitchC] interface gigabitethernet 1/0/1 [SwitchC-GigabitEthernet1/0/1] stp enable [SwitchC-GigabitEthernet1/0/1] quit [SwitchC] interface gigabitethernet 1/0/3 [SwitchC-GigabitEthernet1/0/3] stp enable [SwitchC-GigabitEthernet1/0/3] quit
# Enable RSTP on GE 1/0/1 and GE 1/0/2 on CX-D.

[CX-D] interface gigabitethernet 1/0/1 [CX-D-GigabitEthernet1/0/1] undo shutdown [CX-D-GigabitEthernet1/0/1] portswitch [CX-D-GigabitEthernet1/0/1] stp enable [CX-D-GigabitEthernet1/0/1] quit [CX-D] interface gigabitethernet 1/0/2 [CX-D-GigabitEthernet1/0/2] undo shutdown [CX-D-GigabitEthernet1/0/2] portswitch [CX-D-GigabitEthernet1/0/2] stp enable [CX-D-GigabitEthernet1/0/2] quit
Step 2 Configure RSTP protection functions, for example, root protection on a designated port of a root bridge in each MSTI. # Enable root protection on GE 1/0/1 on CX-A.
[CX-A] interface gigabitethernet 1/0/1 [CX-A-GigabitEthernet1/0/1] stp root-protection [CX-A-GigabitEthernet1/0/1] quit
# Enable root protection on GE 1/0/2 on CX-A.

Step 3 Verify the configuration. After the previous configurations, run the following commands to verify the configuration when the network is stable: # Run the display stp brief command on CX-A to view the interface status and protection type. The displayed information is as follows:
[CX-A] display stp brief MSTID Port 0 GigabitEthernet1/0/1 0 GigabitEthernet1/0/2 Role DESI DESI STP State FORWARDING FORWARDING Protection ROOT ROOT
After CX-A is configured as a root bridge, GE 1/0/2 and GE 1/0/1 connected to SwitchB and CX-D respectively are elected as designated ports in spanning tree calculation. The root protection function is enabled on the designated ports. # Run the display stp interface gigabitethernet 1/0/1 brief command on SwitchB to view status of GE 1/0/1. The displayed information is as follows:
[SwitchB] display stp interface gigabitethernet 1/0/1 brief MSTID Port Role STP State Protection 0 GigabitEthernet1/0/1 DESI FORWARDING NONE
GE 1/0/1 is elected as a designated port in spanning tree calculation and is in the Forwarding state.
# Run the display stp interface gigabitethernet 1/0/3 brief command on SwitchC to view status of GE 1/0/3. The displayed information is as follows:
[SwitchC] display stp interface gigabitethernet 1/0/3 brief MSTID Port Role STP State Protection 0 GigabitEthernet1/0/3 ROOT FORWARDING NONE
GE 1/0/3 is elected as a designated port in spanning tree calculation and is in the Forwarding state. # Run the display stp command on CX-D to view the interface status and protection type. The displayed information is as follows:
[CX-D] display stp -------[CIST Global Info][Mode RSTP]------CIST Bridge :4096 .00e0-2c09-9200 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :0 .00e0-0543-6a00 / 20000 CIST RegRoot/IRPC :4096 .00e0-2c09-9200 / 0 CIST RootPortId :128.1 BPDU-Protection :disabled CIST Root Type :SECONDARY root TC or TCN received :4 TC count per hello :0 STP Converge Mode :Normal Share region-configuration :enabled Time since last TC :0 days 0h:5m:44s ----[Port1(GigabitEthernet1/0/1)][FORWARDING]---Port Protocol :enabled Port Role :Root Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=20000 Desg. Bridge/Port :0.00e0-0543-6a00 / 128.1 Port Edged :Config=default / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :147 packets/hello-time Protection Type :None Port Stp Mode :RSTP Port Protocol Type :Config=auto / Active=dot1s BPDU Encapsulation :Config=stp / Active=stp PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 TC or TCN send :4 TC or TCN received :2 BPDU Sent :5 TCN: 0, Config: 0, RST: 5, MST: 0 BPDU Received :177 TCN: 0, Config: 0, RST: 177, MST: 0 ----[Port2(GigabitEthernet1/0/2)][FORWARDING]---Port Protocol :enabled Port Role :Designated Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=20000 Desg. Bridge/Port :4096.00e0-2c09-9200 / 128.2 Port Edged :Config=default / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :147 packets/hello-time Protection Type :None Port Stp Mode :RSTP Port Protocol Type :Config=auto / Active=dot1s BPDU Encapsulation :Config=stp / Active=stp PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 20 TC or TCN send :2 TC or TCN received :2 BPDU Sent :165 TCN: 0, Config: 0, RST: 165, MST: 0 BPDU Received :2 TCN: 0, Config: 0, RST: 2, MST: 0
----End
Configuration Files
# sysname CX-A # stp mode rstp stp instance 0 root primary stp pathcost-standard legacy stp enable # interface GigabitEthernet1/0/1 portswitch undo shutdown stp rootprotection # interface GigabitEthernet1/0/2 portswitch undo shutdown stp rootprotection # return
Configuration file of SwitchB

# sysname SwitchB # stp mode rstp stp pathcost-standard legacy stp enable # interface GigabitEthernet1/0/1 # interface GigabitEthernet1/0/2 stp disable # interface GigabitEthernet1/0/3 # return

# sysname SwitchC # stp mode rstp stp pathcost-standard legacy stp enable # interface GigabitEthernet1/0/1
Issue 01 (2011-05-30)
6-47
stp instance 0 cost 20000 # interface GigabitEthernet1/0/2 stp disable # interface GigabitEthernet1/0/3 # return #

# sysname CX-D # stp mode rstp stp instance 0 root secondary stp pathcost-standard legacy stp enable # interface GigabitEthernet1/0/1 undo shutdown portswitch # interface GigabitEthernet1/0/2 undo shutdown portswitch # return
6-48
Issue 01 (2011-05-30)
7 MSTP Configuration
7
About This Chapter
MSTP Configuration
The Multiple Spanning Tree Protocol (MSTP) trims a ring network into a loop-free tree network. It prevents replication and circular propagation of packets, provides multiple redundant paths for Virtual LAN (VLAN) data traffic, and enables load balancing. 7.1 MSTP Overview MSTP enables multiple VLANs to be grouped into a spanning-tree instance, forming a VLAN mapping table. Each instance has a spanning-tree topology independent of other spanning-tree instances. This architecture provides multiple forwarding paths for data traffic and enables load balancing. 7.2 Configuring Basic MSTP Functions MSTP based on the basic STP/RSTP function divides a switching network into multiple regions, each of which has multiple spanning trees that are independent of each other. MSTP isolates user traffic and service traffic, and load-balances VLAN traffic. 7.3 Configuring MSTP Multi-process After an MSTP device binds its ports to different processes, the MSTP device performs the MSTP calculation based on processes, and only relevant ports in each process take part in MSTP calculation. 7.4 Configuring MSTP Parameters on an Interface MSTP implements RSTP rapid convergence. To achieve rapid convergence, you need to configure proper MSTP parameters. 7.5 Configuring MSTP Protection Functions MSTP protection functions are as follows, and you can configure one or more functions as required. 7.6 Configuring MSTP Interoperability Between Huawei Devices and Non-Huawei Devices To enable Huawei devices to interwork with non-Huawei devices, configure proper parameters and functions, including the BPDU format, MSTP protocol packet format, and digest snooping function, on the Huawei devices running MSTP. 7.7 Maintaining MSTP MSTP maintenance includes resetting MSTP statistics. 7.8 Configuration Examples
This section shows typical usage scenarios of MSTP by describing networking requirements, configuration roadmap, and data preparation, and provides related configuration files.
7-2
Issue 01 (2011-05-30)
7.1 MSTP Overview

MSTP enables multiple VLANs to be grouped into a spanning-tree instance, forming a VLAN mapping table. Each instance has a spanning-tree topology independent of other spanning-tree instances. This architecture provides multiple forwarding paths for data traffic and enables load balancing. 7.1.1 MSTP Introduction The Multiple Spanning Tree Protocol (MSTP) incorporates the functions of the Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP), and outperforms them. It enables rapid convergence and provides load balancing across redundant paths. 7.1.2 MSTP Features Supported by the CX600 Before configuring MSTP, familiarize yourself with the concepts of basic MSTP functions, topology convergence, MSTP protection, MSTP multi-process, and MSTP interoperability between Huawei devices and non-Huawei devices. This will help you complete the configuration task quickly and accurately.
7.1.1 MSTP Introduction

The Multiple Spanning Tree Protocol (MSTP) incorporates the functions of the Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP), and outperforms them. It enables rapid convergence and provides load balancing across redundant paths.
Background
STP and RSTP are used in a LAN to prevent loops. The devices running STP/RSTP discover loops on the network by exchanging information with each other and trim the ring topology into a loop-free tree topology by blocking a certain interface. Replication and circular propagation of packets are thus prevented on the network and the processing performance of devices is improved by avoiding repeated packets on the network. STP and RSTP both have a defect: All VLANs on a LAN use one spanning tree, and thus interVLAN load balancing cannot be performed. Once a link is blocked, the link will no longer transmit traffic, wasting bandwidth and causing a failure in forwarding certain VLAN packets. To fix the defect of STP and RSTP, the IEEE released the 802.1s standard in 2002, defining MSTP. MSTP compatible with STP and RSTP implements rapid convergence and provides multiple paths to load balance VLAN traffic. Table 7-1 shows the comparison between STP, RSTP, and MSTP.
Issue 01 (2011-05-30)
7-3
Table 7-1 Comparison between STP, RSTP, and MSTP Spannin g Tree Protocol s STP Characteristics Application Scenarios Precautions
A loop-free tree is generated. Thus, broadcast storms are prevented and redundancy is implemented. l A loop-free tree is generated. Thus, broadcast storms are prevented and redundancy is implemented. l A feedback mechanism is provided to confirm topology convergence. Thus, rapid convergence is implemented.
Irrespective of different users or services, all VLANs share one spanning tree.
NOTE l If the current switching device supports only STP, STP is recommended. For details, see STP/ RSTP Configuration. l If the current switching device supports both STP and RSTP, RSTP is recommended. For details, see STP/ RSTP Configuration. l If the current switching device supports STP or RSTP, and MSTP, MSTP is recommended.
RSTP
MSTP
l A loop-free tree or some loop-free trees are generated. Thus, broadcast storms are prevented and redundancy is implemented. l A feedback mechanism is provided to confirm topology convergence. Thus, rapid convergence is implemented. l MSTP implements load balancing among VLANs. Traffic in different VLANs is transmitted along different paths.
User or service-specific load balancing is required. Traffic for different VLANs is forwarded through different spanning trees, which are independent of each other.
Introduction
On a complex network, loops are inevitable. With the requirement for network redundancy backup, network designers tend to deploy multiple physical links between two devices, one of
which is the master and the others are the backup. Loops are likely or bound to occur in such a situation. Loops will cause broadcast storms, thereby exhausting network resources and paralyzing the network. Loops also cause flapping of MAC address tables and thus damages MAC address entries. MSTP, compatible with STP and RSTP, isolates service traffic and user traffic by using multiple instances and provides multiple paths to load balance VLAN traffic. If MSTP is deployed in the LAN shown in Figure 7-1, MSTIs are generated, as shown in Figure 7-1. Figure 7-1 Multiple spanning trees in an MST region
VLAN3 Host C (VLAN3) CX-B
SwitchA
SwitchD VLAN2 Host A (VLAN2) CX-E VLAN2
VLAN3
VLAN2
Host B (VLAN2) VLAN2
VLAN2 VLAN3
VLAN3 SwitchF
VLAN3
Host D (VLAN3)
SwitchC MSTI1 (root switch: SwitchD) MSTI2 (root switch: SwitchF)
VLAN2 VLAN3
MSTI1 MSTI2
l l
MSTI 1 uses Switch D as the root switching device to forward packets of VLAN 2. MSTI 2 uses Switch F as the root switching device to forward packets of VLAN 3.
Devices within the same VLAN can communicate with each other and packets of different VLANs are load-balanced along different paths.
Basic MSTP Concepts

l MST region An MST region contains multiple switching devices and network segments between them. The switching devices have the following characteristics: MSTP-enabled Same region name Same VLAN-to-instance mapping Same MSTP revision number
A LAN can comprise several MST regions that are directly or indirectly connected. Multiple switching devices can be grouped into an MST region by using MSTP configuration commands. As shown in Figure 7-2, the MST region D0 contains the switching devices S1, S2, S3, and S4, and has three MSTIs. Figure 7-2 MST region
D0
AP1 Master Bridge S1 MSTI2 root switch:S2 MSTI1 root switch:S3
S2
S3
MSTI0 (IST) root switch:S1
S4
VLAN1 MSTI1 VLAN2,VLAN3 MSTI2 other VLANs MSTI0
VLAN mapping table The VLAN mapping table is an attribute of the MST region. It describes mappings between VLANs and MSTIs. Figure 7-2 shows the mappings in the VLAN mapping table of the MST region D0: VLAN 1 is mapped to MSTI 1. VLAN 2 and VLAN 3 are mapped to MSTI 2. Other VLANs are mapped to MSTI 0.
Regional root Regional roots are classified into Internal Spanning Tree (IST) and MSTI regional roots. In the region B0, C0, and D0 on the network shown in Figure 7-4, the switching devices closest to the Common and Internal Spanning Tree (CIST) root are IST regional roots. An MST region can contain multiple spanning trees, each called an MSTI. An MSTI regional root is the root of the MSTI. On the network shown in Figure 7-3, each MSTI has its own regional root.
7-6
Issue 01 (2011-05-30)
Figure 7-3 MSTI
MST Region
VLAN 10&20&30
VLA N10 &20
VLAN 20&30 VLAN 10&30

VLAN 30
VLAN 20
VLAN 10&30
VLAN 10
Root
Root MSTI corresponding to VLAN 10 MSTI corresponding to VLAN 20 MSTI Root corresponding to VLAN 30
MSTI links MSTI links blocked by the protocol
MSTIs are independent of each other. An MSTI can correspond to one or more VLANs, but a VLAN can be mapped to only one MSTI. l CIST root
Issue 01 (2011-05-30)
7-7
Figure 7-4 MSTP network
A0 CIST Root
D0
Region Root
B0
Region Root
C0
Region Root
IST CST
On the network shown in Figure 7-4, the CIST root is the root bridge of a CIST. The CIST root is a device in A0. l CST A Common Spanning Tree (CST) connects all the MST regions on a switching network. Each MST region can be considered a node. A CST is calculated by using STP or RSTP based on all the nodes. As shown in Figure 7-4, the MST regions are connected to form a CST. l IST An IST resides within an MST region. An IST is a special MSTI with the MSTI ID of 0, called MSTI 0. An IST is a segment of the CIST in an MST region. As shown in Figure 7-4, the switching devices in an MST region are connected to form an IST. l CIST A CIST, calculated by using STP or RSTP, connects all the switching devices on a switching network. As shown in Figure 7-4, the ISTs and the CST form a complete spanning tree, that is, CIST.
SST A Single Spanning Tree (SST) is formed in either of the following situations: A switching device running STP or RSTP belongs to only one spanning tree. An MST region has only one switching device. As shown in Figure 7-4, the switching device in B0 is an SST.
Port roles Compared with RSTP, MSTP has two additional port types. MSTP ports can be root ports, designated ports, alternate ports, backup ports, edge ports, master ports, and regional edge ports. The functions of root ports, designated ports, alternate ports, backup ports, and edge ports have been defined in RSTP. Table 7-2 lists all port roles in MSTP.
NOTE
Except edge ports, all ports participate in MSTP calculation. A port can play different roles in different MSTIs.
Table 7-2 Port roles Port Roles Root port Description A root port is the non-root bridge port closest to the root bridge. Root bridges do not have root ports. Root ports are responsible for sending data to root bridges. As shown in Figure 7-5, S1 is the root; CP1 is the root port on S3; BP1 is the root port on S2; DP1 is the root port on S4. Designat ed port The designated port on a switching device forwards bridge protocol data units (BPDUs) to the downstream switching device. As shown in Figure 7-5, AP2 and AP3 are designated ports on S1; BP2 is a designated port on S2; CP2 is a designated port on S3. Alternate port l From the perspective of sending BPDUs, an alternate port is blocked after a BPDU sent by another switching devices is received. l From the perspective of user traffic, an alternate port provides an alternate path to the root bridge. This path is different than using the root port. As shown in Figure 7-5, BP2 and AP4 are alternate ports. Backup port l From the perspective of sending BPDUs, a backup port is blocked after a BPDU sent by itself is received. l From the perspective of user traffic, a backup port provides a backup/ redundant path to a segment where a designated port already connects. As shown in Figure 7-5, CP3 is a backup port.
Issue 01 (2011-05-30)
7-9
Port Roles Master port
Description A master port is on the shortest path connecting MST regions to the CIST root. BPDUs of an MST region are sent to the CIST root through the master port. Master ports are special regional edge ports, functioning as root ports on ISTs or CISTs and master ports in instances. As shown in Figure 7-5, S1, S2, S3, and S4 form an MST region. AP1 on S1, being the nearest port in the region to the CIST root, is the master port.
Regional edge port
A regional edge port is located at the edge of an MST region and connects to another MST region or an SST. During MSTP calculation, the roles of a regional edge port in the MSTI and the CIST instance are the same. If the regional edge port is the master port in the CIST instance, it is the master port in all the MSTIs in the region. As shown in Figure 7-5, AP1, DP2, and DP3 in an MST region are directly connected to other regions, and therefore they are all regional edge ports of the MST region. As shown in Figure 7-5, AP1 is a regional edge port and also a master port in the CIST. Therefore, AP1 is the master port in every MSTI in the MST region.
Edge port
An edge port is located at the edge of an MST region and does not connect to any switching device. Generally, edge ports are directly connected to terminals. As shown in Figure 7-5, BP3 is an edge port.
Figure 7-5 Port roles
S1
Root bridge
AP2
AP3
CP1 S3 CP2 CP3
BP1 S2 BP2
Root port Designated port Alternate port Backup port
7-10
Issue 01 (2011-05-30)
Port status Table 7-3 lists the MSTP port status, which is the same as the RSTP port status. Table 7-3 Port status Port Status Forwardi ng Learning Description A port in the Forwarding state can send and receive BPDUs as well as forward user traffic. This is a transition state. A port in the Learning state learns MAC addresses from user traffic to construct a MAC address table. In the Learning state, the port can send and receive BPDUs, but cannot forward user traffic. Discardi ng A port in the Discarding state can only receive BPDUs.
There is no necessary link between the port status and the port role. Table 7-4 lists the relationships between port roles and port status. Table 7-4 Relationships between port roles and port status Port Status Forwardi ng Learning Discardi ng Root Port/ Master Port Yes Yes Yes Designate d Port Yes Yes Yes Regional Edge Port Yes Yes Yes Alternate Port No No Yes Backup Port No No Yes
Yes: The port supports this status. No: The port does not support this status.
7.1.2 MSTP Features Supported by the CX600

Before configuring MSTP, familiarize yourself with the concepts of basic MSTP functions, topology convergence, MSTP protection, MSTP multi-process, and MSTP interoperability between Huawei devices and non-Huawei devices. This will help you complete the configuration task quickly and accurately. MSTP is used to block redundant links on the Layer 2 network and trim a network into a loopfree tree. In MSTP, multiple MSTIs can be created and VLANs are mapped into different instances to load-balance VLAN traffic. The basic configuration roadmap of MSTP is as follows:
1. 2. 3. 4.
In a ring network, divide regions and create different instances for regions. Select a switching device functioning as a root bridge from switching devices for each instance. In each instance, calculate the shortest paths from the other switching devices to the root bridge, and select a root port for each non-root switching device. In each instance, select a designated port for each connection according to port IDs.
According to current networking, master ports and backup ports may be involved. For details, see 7.1.1 MSTP Introduction. MSTP also supports the following features to meet requirements of special applications and extended functions: l l l Supports the Proposal/Agreement mechanism to implement rapid convergence. Supports protection functions as listed in Table 7-5. Supports MSTP multi-process in the scenario where MSTP and STP/RSTP are used together. MSTP multi-process implements independent spanning tree calculation for every access rings. Supports MSTP interoperability between Huawei devices and non-Huawei devices. Proper parameters are required on Huawei devices running MSTP to ensure nonstop communication. Supports Enhanced STP (E-STP). A PW, which is considered as an interface, participates in MSTP calculation for updating the network topology to eliminate loops. E-STP prevents loops and duplicate traffic on an inter-AS VPLS network or in the scenario where a CE is dual-homed to two PEs. With MSTP multi-instance and multi-process features, load balancing of VLAN traffic can be implemented. For details, see 7.8 Configuration Examples.
Table 7-5 MSTP protection MSTP Protection BPDU protection Scenario An edge port changes to be a non-edge port after receiving a BPDU, which triggers spanning tree recalculation. If an attacker keeps sending bogus BPDUs to a switching device, network flapping occurs. Configuration Impact After BPDU protection is enabled on the switching device, the switching device shuts down the edge port if the edge port receives an RST BPDU, and notifies the NMS of the shutdown event. The attributes of the edge port are not changed.
7-12
Issue 01 (2011-05-30)
MSTP Protection TC protection
Scenario Generally, after receiving TC BPDUs (packets for advertising network topology changes), a switching device needs to delete MAC entries and ARP entries. Frequent deletion operations will exhaust CPU resources.
Configuration Impact TC protection is used to suppress TC-BPDUs. The number of times that TC-BPDUs are processed by a switching device within a given time period is configurable. If the number of TC-BPDUs that the switching device receives within the given time exceeds the specified threshold, the switching device handles TC-BPDUs only for the specified number of times. Excessive TC-BPDUs are processed by the switching device as a whole for once after the timeout period expires. This protects the switching device from frequently deleting MAC entries and ARP entries, thus avoiding over-burden. To address this issue, the root protection function can be configured to protect the root bridge by preserving the role of the designated port. With this function, when the designated port receives RST BPDUs with a higher priority, the port enters the Discarding state and does not forward the BPDUs. If the port does not receive any RST BPDUs with a higher priority for a certain period (double the Forward Delay), the port transitions to the Forwarding state.
Root protection
Due to incorrect configurations or malicious attacks on the network, a root bridge may receive BPDUs with a higher priority. Consequently, the legitimate root bridge is no longer able to serve as the root bridge, and the network topology is illegitimately changed, triggering spanning tree recalculation. This may transfer traffic from high-speed links to low-speed links, causing traffic congestion. A root port or an alternate port will age if link congestion or a one-way link failure occurs. After the root port ages, a switching device may re-select a root port incorrectly and after the alternate port ages, the port enters the Forwarding state. Loops may occur in such a situation. In the scenario where a switching device is dualhomed to a network, when the share link of multiple processes fails, loops may occur.
Loop protection
The loop protection function can be used to prevent such network loops. If the root port or alternate port cannot receive RST BPDUs from the upstream switching device, the root port is blocked and the switching device notifies the NMS that the port enters the Discarding state. The blocked port remains in the Blocked state and no longer forwards packets. This prevents loops on the network. The root port restores the Forwarding state after new RST BPDUs are received. Share-link protection can address such a problem. This function forcibly changes the working mode of the local switching device to RSTP. Share-link protection needs to be used together with root protection to avoid network loops.
Share-link protection
Issue 01 (2011-05-30)
7-13
MSTP Multi-process
l Background As shown in Figure 7-6, CX-A, CX-B, and CX-C are connected through Layer 2 links, and are all enabled with MSTP. The CEs on the rings support only STP/RSTP. Multiple access rings exist and these rings access the MST region by using different interfaces on CX-A and CX-B. Figure 7-6 Networking diagram of MSTP multi-process
CX-C
VPLS PE1 CE CX-A CX-B PE2 CE
CE Instance1:VLAN1~100 Process 1 CE CE
CE Instance3:VLAN1~100 Process 3
Instance2:VLAN101~200 Process 2
On the network shown in Figure 7-6, multiple Layer 2 rings, Ring 1, Ring 2, and Ring 3 exists. STP must be enabled on these rings to prevent loops. CX-A and CX-B are connected to multiple access rings and these rings are isolated from each other and do not need intercommunication. STP then will not calculate out one spanning tree for all these access rings. Instead, STP on each access ring calculates the trees independently. MSTP supports multiple spanning tree instances (MSTIs) only when all devices support MSTP and the devices are configured with the same MST region. In the networking, the CEs connected to switching devices, however, support only STP/RSTP. According to MSTP, switching devices consider that they are in different regions with CEs after receiving STP/RSTP messages sent from the CEs. Therefore, only one spanning tree is calculated for the ring formed by switching devices and CEs and the access rings are not independent of each other. In this case, MSTP multi-process can be used. Multiple MSTP processes can be configured on CX-A and CX-B. Each MSTP process has the same function and supports MSTIs. Each MSTP process corresponds to one access ring.
After MSTP multi-process is enabled, each MSTP process can manage some interfaces on a device. That is, Layer 2 interfaces on the device are divided and managed by multiple MSTP processes. Each MSTP process runs the standard MSTP.
NOTE
CEs that support MSTP can also be configured with MSTP multi-process. After a device properly starts, there is a default MSTP process with the ID 0. MSTP configurations in the system view and interface view both belong to this process.
Share link As shown in Figure 7-6, the link between CX-A and CX-B is a Layer 2 link running MSTP. The share link between CX-A and CX-B is different from the links connecting switching devices to CEs. The ports on the share link need to participate in the calculation for multiple access rings and MSTP processes. This allows CX-A and CX-B to identify from which MST BPDUs are sent. In addition, a port on the share link participates in the calculation for multiple MSTP processes, and obtains different status. As a result, the port cannot determine its status. To prevent this situation, it is defined that a port on a share link always adopts its status in MSTP process 0 when participating in the calculation for multiple MSTP processes.
E-STP
E-STP abstracts a PW(Pseudo Wire) as an interface, participates in MSTP calculation for updating the network topology to eliminate loops. E-STP prevents loops and duplicate traffic on an inter-AS VPLS network or in the scenario where a CE is dual-homed to two PEs. In addition, MSTP multi-instance and multi-process features are used to implement load balancing. The basic principles of E-STP are as follows: l l Based on MSTP, E-STP solves the problems that broadcast and unknown unicast packets are looped and duplicate traffic is transmitted on a ring network. By using the MSTP multi-instance feature, E-STP associates VLANs with MSTIs to divide a network into multiple ASs, each of which has multiple spanning trees that are independent of each other. This helps implement load balancing and link redundancy on a VPLS network. By using the MSTP multi-process feature, E-STP associates management PWs (mPWs) with processes. Processes are independent of each other and the mPWs are independent of each other. The processes associated with different mPWs are calculated separately to realize load balancing and PW redundancy. After a PW is created, you can configure mPWs and service PWs by running relevant commands in the PW view. STP is enabled on the PW of the mVSI to allow the mPW to participate in MSTP calculation for updating the network topology. The PW of an mVSI controls multiple service PWs. After an mPW is blocked, the corresponding service PWs are blocked. In this manner, service traffic can be blocked as required. l When the network topology changes, the MAC address entries learned by the local device need to be updated. TC-BPDUs of MSTP are sent to trigger the updating of local MAC address entries. At the same time, the sending of TC-BPDUs triggers the PW to send the MAC Withdraw packet to instruct the remote device on the VPLS network to update the learned MAC address entries. If the AC-side network contains multiple switching devices, these devices can be grouped into the same MST region and deployed with MSTIs; alternatively, they can be grouped into different MSTP processes and perform MSTP calculation independently.
Issue 01 (2011-05-30)
For detailed description, see the chapter "MSTP" in HUAWEI CX600 Metro Services Platform Feature Description - LAN Access and MAN Access.
7.2 Configuring Basic MSTP Functions

MSTP based on the basic STP/RSTP function divides a switching network into multiple regions, each of which has multiple spanning trees that are independent of each other. MSTP isolates user traffic and service traffic, and load-balances VLAN traffic. MSTP is commonly configured on a switching device to trim a ring network to a loop-free network. MSTP configurations on the switching device involve MSTP working mode configuration and MST region configuration and activation. If you need to interfere in the spanning tree calculation, the following methods are available: l Setting a priority for a switching device in an MSTI: The lower the numerical value, the higher the priority of the switching device and the more likely the switching device becomes a root bridge; the higher the numerical value, the lower the priority of the switching device and the less likely that the switching device becomes a root bridge. Setting a path cost for a port in an MSTI: With the same calculation method, the lower the numerical value, the smaller the cost of the path from the port to the root bridge and the more likely the port becomes a root port; the higher the numerical value, the larger the cost of the path from the port to the root bridge and the less likely that the port becomes a root port. Setting a priority for a port in an MSTI: The lower the numerical value, the more likely the port becomes a designated port; the higher the numerical value, the less likely that the port becomes a designated port.
7.2.1 Establishing the Configuration Task Before configuring basic MSTP functions, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This will help you complete the configuration task quickly and accurately. 7.2.2 Configuring the MSTP Mode Before configuring basic MSTP functions, you need to configure the working mode of a switching device to MSTP. MSTP is compatible with STP and RSTP. 7.2.3 Configuring and Activating an MST Region MSTP divides a switching network into multiple MST regions. After an MST region name, VLAN-to-instance mappings, and an MSTP revision number are configured, activating the MST region is necessary. After this step is done, MST region configuration is complete. 7.2.4 (Optional) Setting a Priority for a Switching Device in an MSTI The lower the numerical value is, the higher priority a switching device has and the more likely the switching device will be selected as a root bridge. 7.2.5 (Optional) Setting a Path Cost of a Port in an MSTI The MSTP path cost determines root port selection in an MSTI. The port with the lowest path cost to the root bridge is selected as a root port. 7.2.6 (Optional) Setting a Port Priority in an MSTI The lower the numerical value, the more likely the port on a switching device becomes a designated port; the higher the numerical value, the more likely the port is to be blocked. 7.2.7 Enabling MSTP After basic MSTP functions are configured on a switching device, enabling the MSTP function is required so that MSTP can work properly.
7.2.8 Checking the Configuration After basic MSTP functions are configured, verify that the configurations take effect.

Before configuring basic MSTP functions, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This will help you complete the configuration task quickly and accurately.
On a complex network, loops are inevitable. With the requirement for network redundancy backup, network designers tend to deploy multiple physical links between two devices, one of which is the master and the others are the backup. Loops are likely or bound to occur in such a situation. Loops will cause broadcast storms, thereby exhausting network resources and paralyzing the network. Loops also cause flapping of MAC address tables and thus damages MAC address entries. MSTP can be deployed on a network to eliminate loops. If a loop is detected, MSTP blocks one or more ports to eliminate the loop. In addition, MSTIs can be configured to load-balance VLAN traffic. As shown in Figure 7-7, CX-A, CX-B, Swtich C, and Switch D all support MSTP. It is required to create MSTI 1 and MSTI 2, configure a root bridge for each MSTI, and set the ports to be blocked to load-balance traffic of VLANs 1 to 10 and VLANs 11 to 20 among different paths.
Issue 01 (2011-05-30)
7-17
Figure 7-7 Networking diagram of configuring basic MSTP functions
Network
MST Region CX-A CX-B
SwitchC
SwitchD
PC1
PC2 VLAN1~10 VLAN11~20 MSTI1 MSTI2
MSTI1:
Root Bridge:CX-A Blocked port MSTI2:
Root Bridge:CX-B Blocked port
NOTE
If the current device supports MSTP, configuring MSTP is recommended.
Before configuring basic MSTP functions, complete the following task:
Connecting interfaces and setting physical parameters for the interfaces to ensure that the physical status of the interfaces is Up
Data Preparation
To configure basic MSTP functions, you need the following data. No. 1 2 3 4 5 6 Data MSTP working mode MST region name, VLAN-to-instance mapping, and MSTP revision number (Optional) ID of an MSTI (Optional) Priority of a switching device in an MSTI (Optional) Priority of a port in an MSTI (Optional) Path cost of a port in an MSTI
7.2.2 Configuring the MSTP Mode

Before configuring basic MSTP functions, you need to configure the working mode of a switching device to MSTP. MSTP is compatible with STP and RSTP.
Procedure
Step 1 Run:
system-view

stp mode mstp
The working mode of the switching device is configured as MSTP. By default, the working mode is MSTP. STP and MSTP cannot recognize packets of each other but MSTP and RSTP can. If a switching device is configured to work in MSTP mode and is connected to some switching devices running STP, the switching device automatically transits the working mode of the interfaces connected to the switching devices running STP to STP and other interfaces still run MSTP. This enables devices running different spanning tree protocols to interwork with each other. ----End
7.2.3 Configuring and Activating an MST Region

MSTP divides a switching network into multiple MST regions. After an MST region name, VLAN-to-instance mappings, and an MSTP revision number are configured, activating the MST region is necessary. After this step is done, MST region configuration is complete.
Context
An MST region contains multiple switching devices and network segments between them. These switching devices are directly connected and have the same region name, same VLAN-toinstance mapping, same configuration revision number after MSTP is enabled. One switching network can have multiple MST regions and multiple switching devices can be grouped into one MST region by using MSTP configuration commands.
CAUTION
Two switching devices belong to the same MST region when they have the same: l l l Name of the MST region Mapping between VLANs and MSTIs Revision level of the MST region
Do as follows on a switching device that needs to join an MST region:
Procedure
Step 1 Run:
system-view

stp region-configuration
The MST region view is displayed. Step 3 Run:

region-name name
The name of an MST region is configured. By default, the MST region name is the MAC address of the management network interface on the MPU of the switching device. Step 4 Perform either of the following steps to configure VLAN-to-instance mappings. l Run the instance instance-id vlan { vlan-id [ to vlan-id ] }&<1-10> command to configure VLAN-to-instance mappings. l Run the vlan-mapping modulo modulo command to enable VLAN-to-instance mapping assignment based on a default algorithm. By default, all VLANs in an MST region are mapped to MSTI 0.
NOTE
l The instance instance-id vlan { vlan-id [ to vlan-id ] }&<1-10> command is recommended because VLAN-to-instance mapping assignments cannot meet actual mapping requirements. l In the command, vlan-mapping modulo indicates that the formula (VLAN ID-1)%modulo+1 is used. In the formula, (VLAN ID-1)%modulo means the remainder of (VLAN ID-1) divided by the value of modulo. This formula is used to map a VLAN to the corresponding MSTI. The calculation result of the formula is ID of the mapping MSTI.
7-20
Issue 01 (2011-05-30)

revision-level level
The MSTP revision number is set. By default, the MSTP revision number is 0. If the revision number of the MST region is not 0, this step is necessary.
NOTE
The change of related MST region configurations (especially change of the VLAN mapping table) causes the recalculation of spanning trees and the route flapping in a network. Therefore, after an MST region name, VLAN-to-instance mappings, and an MSTP revision number is configured, activating the MST region is necessary. You can run the check region-configuration command in the MST region view to check whether region configurations are correct. After confirming that region configurations are correct, run the active region-configuration command to activate MST region configurations.
Step 6 Run:
active region-configuration
MST region configurations are activated so that the configured region name, VLAN-to-instance mappings, and revision number can take effect. If this step is not done, the preceding configurations cannot take effect. If you have changed MST region configurations on the switching device after MSTP starts, run the active region-configuration command to activate the MST region so that the changed configurations can take effect. ----End
7.2.4 (Optional) Setting a Priority for a Switching Device in an MSTI

The lower the numerical value is, the higher priority a switching device has and the more likely the switching device will be selected as a root bridge.
Context
In an MSTI, there is only one root bridge and it is the logic center of the MSTI. In root bridge selection, the switching device with high performance and network hierarchy is generally selected as a root bridge; however, the priority of such a device may be not that high. Thus setting a high priority for the switching device is necessary so that the device can function as a root bridge. Other devices with low performance and network hierarchy are not fit to be a root bridge. Therefore, set low priorities for these devices.
Procedure
Step 1 Run:
system-view

stp [ instance instance-id ] priority priority
A priority is set for the switching device in an MSTI.

The default priority value of the switching device is 32768. If the instance is not designated, a priority is set for the switching device in MSTI0.
NOTE
l To configure a switching device as a primary root bridge, you can run the stp [ instance instance-id ] root primary command directly. The priority value of this switching device is 0. l To configure a switching device as a secondary root bridge, run the stp [ instance instance-id ] root secondary command. The priority value of this switching device is 4096. In an MSTI, a switching device cannot act as a primary root bridge and a secondary root bridge at the same time. l If you want to change the priority of a switching device after you run the stp root primary command or the stp [ instance instance-id ] root secondary command to configure the switching device as a primary root bridge or a secondary root bridge, disable the root bridge function or secondary root bridge function and then run the stp [ instance instance-id ] priority priority command to re-set a priority.
----End
7.2.5 (Optional) Setting a Path Cost of a Port in an MSTI

The MSTP path cost determines root port selection in an MSTI. The port with the lowest path cost to the root bridge is selected as a root port.
Context
A path cost is port-specific, which is used by MSTP as a reference to select a link. Path costs of a port are an important basis for calculating spanning trees. If you set different path costs for a port in different MSTIs, you can make VLAN traffic be transmitted along different physical links and thus carry out VLAN load balancing. Use the Huawei private calculation method as an example. The following table maps link rates and default path cost values of ports. Table 7-6 Mapping between link rates and path cost values Link Rate 10 Mbit/s 100 Mbit/s 1 Gbit/s 10 Gbit/s Higher than 10 Gbit/ s Recommended Path Cost 2000 200 20 2 1 Recommended Path Cost Range 200 to 20000 20 to 2000 2 to 200 2 to 20 1 to 2 Path Cost Range 1 to 200000 1 to 200000 1 to 200000 1 to 200000 1 to 200000
On a network where loops occur, you are recommended to set a relatively large path cost for the port at a low link rate. MSTP puts the port with the large path cost in the Blocking state and blocks the link where this port resides.
Procedure
Step 1 Run:
system-view

stp pathcost-standard { dot1d-1998 | dot1t | legacy }
A path cost calculation method is configured. By default, the IEEE 802.1t standard method is used to calculate the default path cost. All switching devices on a network must use the same path cost calculation method. Step 3 Run:

portswitch

NOTE
Step 5 Run:
stp instance instance-id cost cost
A path cost is set for the port in the current MSTI. l When the Huawei proprietory calculation method is used, cost ranges from 1 to 200000. l When the IEEE 802.1d standard method is used, cost ranges from 1 to 65535. l When the IEEE 802.1t standard method is used, cost ranges from 1 to 200000000. ----End
7.2.6 (Optional) Setting a Port Priority in an MSTI

The lower the numerical value, the more likely the port on a switching device becomes a designated port; the higher the numerical value, the more likely the port is to be blocked.
Context
In spanning tree calculation, priorities of ports on switching devices in MSTIs determine designated port selection. If you expect to block a port on a switching device in an MSTI to eliminate loops, set the port priority value to be larger than the default value. This port will be blocked in designated port selection.
Procedure
Step 1 Run:
system-view


portswitch

NOTE
Step 4 Run:
stp instance instance-id port priority priority
A port priority is set in an MSTI. By default, the port priority is 128. The value range of the priority is from 0 to 240, with the step 16. That is, the port priority can be 0, 16, or 32. ----End
7.2.7 Enabling MSTP

After basic MSTP functions are configured on a switching device, enabling the MSTP function is required so that MSTP can work properly.
Context
After MSTP is enabled on a ring network, MSTP immediately calculates spanning trees on the network. Configurations on the switching device, such as, the switching device priority and port priority, will affect spanning tree calculation. Any change of the configurations may cause network flapping. Therefore, to ensure rapid and stable spanning tree calculation, perform basic configurations on the switching device and its ports and enable MSTP.
Procedure
Step 1 Run:
system-view

stp enable
MSTP is enabled on the switching device.

By default, the MSTP function is enabled on a CX600. ----End

After basic MSTP functions are configured, verify that the configurations take effect.
Prerequisite
All configurations of basic MSTP functions are complete.
Procedure
l l l Run the display stp [ instance instance-id ][ interface { interface-type interfacenumber } ] [ brief ] command to view spanning-tree status and statistics. Run the display stp region-configuration command to view configurations of activated MST regions. Run the display stp region-configuration [ digest ] command to view the digest configurations of activated MST regions.
----End
Example
Run the display stp command, and you can view the spanning-tree working mode, priorities of switching devices, path cost calculation method, and path cost of a root port. For example:
<HUAWEI> display stp instance 0 interface gigabitethernet 1/0/1 -------[CIST Global Info][ Mode MSTP ]------CIST Bridge :32768.00e0-fc0e-a421 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.00e0-fc0e-a421 / 0 CIST RegRoot/IRPC :32768.00e0-fc0e-a421 / 0 CIST RootPortId :0.0 BPDU-Protection :disabled TC or TCN received :8 STP Converge Mode :Normal Time since last TC :0 days 23h:9m:30s ----[Port3(GigabitEthernet1/0/1)] [ FORWARDING ]---Port Protocol :enabled Port Role :CIST Designated Port Port Priority :128 Port Cost(Dot1T) :Config=100 / Active=100 Desg. Bridge/Port :32768.00e0-fc0e-a421 / 128.1229 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None Port Stp Mode :MSTP Port Protocol Type :Config=auto / Active= dot1s BPDU Encapsulation :Config=stp / Active=stp PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :0 TCN: 0, Config: 0, RST: 0, MST: 0 BPDU Received :0 TCN: 0, Config: 0, RST: 0, MST: 0
Run the display stp region-configuration command, and you can view configurations of an activated MST region, including the region name, VLAN-to-instance mapping, and revision number. For example:
<HUAWEI> display stp region-configuration Oper Configuration: Format selector :0 Region name :huawei revision number :0 Instance Vlans Mapped 0 21 to 4094 1 1 to 10 2 11 to 20
Run the display stp region-configuration digest command, and you can view the digest configurations of an activated MST region, including the region name, revision number and digest. For example:
<HUAWEI> display stp region-configuration digest Oper Configuration: Format selector :0 Region name :huawei Revision level :0 Digest :0x5F762D9A46311EFFB7A488A3267FCA9F
7.3 Configuring MSTP Multi-process

After an MSTP device binds its ports to different processes, the MSTP device performs the MSTP calculation based on processes, and only relevant ports in each process take part in MSTP calculation. 7.3.1 Establishing the Configuration Task Before configuring MSTP multi-process, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This will help you complete the configuration task quickly and accurately. 7.3.2 Creating an MSTP Process A process ID uniquely identifies an MSTP multi-process. After an MSTP device binds its ports to different processes, the MSTP device performs the MSTP calculation based on processes, and only relevant ports in each process take part in MSTP calculation. 7.3.3 Adding an Interface to an MSTP Process - Access Links The links connecting MSTP devices and access rings are called access links. After being added to MSTP processes, interfaces on the access links can participate in MSTP calculation. 7.3.4 Adding an Interface to an MSTP Process - Share Link The link shared by multiple access rings are called a share link. The interfaces on the share link need to participate in MSTP calculation in multiple access rings in different MSTP processes. After being added to MSTP processes, interfaces on the access links can participate in MSTP calculation. 7.3.5 Configuring Priorities and Root Protection in MSTP Multi-process You can configure priorities and root protection in MSTP multi-process to protect links over access rings. 7.3.6 Configuring TC Notification in MSTP Multi-process After the TC notification function is configured for MSTP multi-process, the current MSTP process can notify the MSTIs in other specified MSTP processes to refresh MAC address entries and ARP entries after receiving a TC-BPDU. Nonstop services are ensured. 7.3.7 Checking the Configuration After MSTP multi-process is configured, check whether the configurations take effect.

Before configuring MSTP multi-process, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This will help you complete the configuration task quickly and accurately.
On the networking with both Layer 2 single-access rings and multi-access rings deployed, switching devices bear both Layer 2 and Layer 3 services. To enable different rings to bear different services, deploy MSTP multi-process. Spanning trees of different processes are calculated independently and do not affect each other. As shown in Figure 7-8, CX-s A, B, and C are connected through Layer 2 links, and are all enabled with MSTP. The CEs on the on rings support only STP/RSTP. Multiple access rings exist and these rings access the MSTP region through different interfaces on CX-s A and B. Figure 7-8 Networking diagram of MSTP multi-process
CX-C
VPLS PE1 CE CX-A CX-B PE2 CE
CE Instance1:VLAN1~100 Process 1 CE CE
CE Instance3:VLAN1~100 Process 3
Instance2:VLAN101~200 Process 2
Before configuring MSTP multi-process, complete the following task: l Configuring basic MSTP functions
Data Preparation
To configure MSTP multi-process, you need the following data.
No. 1 2
Data IDs of MSTP processes Priority of a switching device in an MSTI
7.3.2 Creating an MSTP Process

A process ID uniquely identifies an MSTP multi-process. After an MSTP device binds its ports to different processes, the MSTP device performs the MSTP calculation based on processes, and only relevant ports in each process take part in MSTP calculation.
Context
Do as follows on the devices connected to access rings:
Procedure
Step 1 Run:
system-view

stp process process-id
An MSTP process is created and the MSTP process view is displayed. Step 3 Run:
stp mode mstp
A working mode is configured for the MSTP process. The default mode is MSTP.
NOTE
l After a device starts, there is a default MSTP process with the ID 0. MSTP configurations in the system view and interface view belong to this process. The default working mode of this process is MSTP. l To add an interface to an MSTP process with the ID of non-zero, run the stp process command and then the stp binding process command.
----End
7.3.3 Adding an Interface to an MSTP Process - Access Links

The links connecting MSTP devices and access rings are called access links. After being added to MSTP processes, interfaces on the access links can participate in MSTP calculation.
Context
Procedure
Step 1 Run:
system-view

The Ethernet interface view is displayed. The interface specified in this command must be a Layer 2 interface that connects a device and an accessing ring. Step 3 Run:
stp binding process process-id
The current interface is added to the MSTP process.

NOTE
If the interface added to the MSTP process has sub-interfaces configured with features other than MSTP such as VPLS, run the stp vpls-subinterface enable command on the main interface. The main interface can then notify its sub-interfaces to update MAC entries and ARP entries after receiving a TC-BPDU. This prevents services from being interrupted. In addition, root protection needs to be configured on the main interface.
----End
7.3.4 Adding an Interface to an MSTP Process - Share Link

The link shared by multiple access rings are called a share link. The interfaces on the share link need to participate in MSTP calculation in multiple access rings in different MSTP processes. After being added to MSTP processes, interfaces on the access links can participate in MSTP calculation.
Context
Procedure
Step 1 Run:
system-view

The Ethernet interface view is displayed. The interface specified in this command must be an interface on the share link between the devices configured with MSTP multi-process but not the interfaces that connect an access ring and a device. Step 3 Run:
stp binding process process-id [ to process-id ] link-share
Issue 01 (2011-05-30)
7-29
The interface is added to multiple MSTP processes to complete MSTP calculation.

NOTE
For a process with share links, you must run the stp enable command globally. For an interface that is added to the process in link-share mode, you must run the stp enable command in the interface view.
----End
7.3.5 Configuring Priorities and Root Protection in MSTP Multiprocess

You can configure priorities and root protection in MSTP multi-process to protect links over access rings.
Context
To prevent loops over the access ring after the share links fails, configure priorities and root protection in MSTP multi-process. Root protection is configured on the access interface of a device with second highest priority. l l For detailed configuration of priorities in MSTP multi-process, see 7.2.4 (Optional) Setting a Priority for a Switching Device in an MSTI. For detailed configuration of root protection in MSTP multi-process, see 7.5.4 Configuring Root Protection on an Interface.
NOTE
The MSTP priority of a downstream device must be lower than that of a UPE.
7.3.6 Configuring TC Notification in MSTP Multi-process

After the TC notification function is configured for MSTP multi-process, the current MSTP process can notify the MSTIs in other specified MSTP processes to refresh MAC address entries and ARP entries after receiving a TC-BPDU. Nonstop services are ensured.
Context
Procedure
Step 1 Run:
system-view

The view of the created MSTP process is displayed. Step 3 Run:

stp tc-notify process 0
TC notification is enabled in the MSTP process.

After the stp tc-notify process 0 command is run, the current MSTP process notifies the MSTIs in MSTP process 0 to update MAC entries and ARP entries after receiving a TC-BPDU. This prevents services from being interrupted. ----End

After MSTP multi-process is configured, check whether the configurations take effect.
Prerequisite
All configurations of MSTP multi-process are complete.
Procedure
Step 1 Run the display stp [ process process-id ] [ instance instance-id ] [ interface interface-type interface-number | vsi vsi-name pw pw-name | slot slot-id ] [ brief ] command to view spanningtree status and statistics. ----End
Example
Run the display stp command, and you can view the working mode of the spanning tree and port priority configured in an MSTP process. For example:
<HUAWEI> display stp process 2 interface GigabitEthernet 1/0/2 ----[CIST][Port2(GigabitEthernet1/0/2)][FORWARDING]---Port Protocol :enabled Port Role :Root Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=1 Desg. Bridge/Port :32768.00e0-0c1f-4100 / 128.1 Port Edged :Config=default / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :147 packets/hello-time Protection Type :Root Port Stp Mode :MSTP Port Protocol Type :Config=auto / Active=dot1s BPDU Encapsulation :Config=stp / Active=stp PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 20 TC or TCN send :1 TC or TCN received :2 BPDU Sent :2 TCN: 0, Config: 0, RST: 0, MST: 2 BPDU Received :76 TCN: 0, Config: 0, RST: 0, MST: 76
7.4 Configuring MSTP Parameters on an Interface

MSTP implements RSTP rapid convergence. To achieve rapid convergence, you need to configure proper MSTP parameters. 7.4.1 Establishing the Configuration Task Before configuring basic MSTP parameters, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This will help you complete the configuration task quickly and accurately.
7.4.2 Configuring System Parameters MSTP parameters that may affect network convergence include the network diameter, hello time, and timeout period for waiting for BPDUs from the upstream (3 x hello time x time factor). Configure proper MSTP parameters to implement rapid network convergence. 7.4.3 Configuring Port Parameters Port parameters that may affect MSTP topology convergence include the link type and maximum number of sent BPDUs. Configure proper port parameters to implement rapid topology convergence. 7.4.4 Checking the Configuration After MSTP parameters are configured, check whether the configurations take effect.

Before configuring basic MSTP parameters, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This will help you complete the configuration task quickly and accurately.
In some specific networks, MSTP parameters will affect the speed of network convergence. Configuring proper MSTP parameters is required.
NOTE
The default parameters also can be used to complete MSTP rapid convergence. Therefore, the configuration procedures and steps in this command task are all optional.
Before configuring MSTP parameters, complete the following task: l Configuring basic MSTP functions
Data Preparation
To configure MSTP parameters, you need the following data. No. 1 2 3 4 5 6 7 8
7-32
Data Network diameter Hello time, forwarding delay time, maximum aging time, and timeout period for waiting for BPDUs from the upstream (3 x hello time x time factor) Maximum hop count in an MST region Link type of a port Whether to Rapid transition mechanism Whether to transition to the RSTP mode Maximum number of sent BPDUs Whether a port needs to be configured as an edge port
No. 9 10 11
Data Whether auto recovery needs to be configured for an edge port being shut down Whether a port needs to clear statistics of the spanning tree Whether an edge port needs to be configured as a BPDU filter
7.4.2 Configuring System Parameters

MSTP parameters that may affect network convergence include the network diameter, hello time, and timeout period for waiting for BPDUs from the upstream (3 x hello time x time factor). Configure proper MSTP parameters to implement rapid network convergence.
Procedure
Step 1 Run:
system-view

The MSTP process view is displayed.

NOTE
This step is needed only when you perform configurations in an MSTP process with a non-zero ID. If you perform configurations in the MSTP process 0, skip is step.
Step 3 Run:
stp bridge-diameter diameter
The network diameter is configured. By default, the network diameter is 7. l RSTP uses a single spanning tree instance on the entire network, which cannot prevent the performance from deteriorating when the network scale grows. Therefore, the network diameter cannot be larger than 7. l It is recommended that you run the stp bridge-diameter diameter command to set the network diameter. Then, the switching device calculates the optimal Forward Delay period, Hello time, and Max Age period based on the set network diameter. Step 4 Run:
stp timer-factor factor
The timeout period for waiting for BPDUs from the upstream of a switching device is set. By default, the timeout period of a switching device is 9 times as long as the Hello time. Step 5 (Optional) To set the Forward Delay period, Hello time, and Max Age period, perform the following operations: l Run the stp timer forward-delay forward-delay command to set the Forward Delay period for a switching device.
The default Forward Delay period of a switching device is 1500, in centiseconds. l Run the stp timer hello hello-time command to set the Hello time for a switching device. The default Hello time of a switching device is 200, in centiseconds. l Run the stp timer max-age max-age command to set the Max Age period for a switching device. The default Max Age period of a switching device is 2000, in centiseconds.
NOTE
The values of the Hello time, Forward Delay period, and Max Age period must comply with the following formulas. Otherwise, networking flapping occurs. l 2 (Forward Delay - 1.0 second) >= Max Age l Max Age >= 2 (Hello Time + 1.0 second)
Step 6 Run:
stp max-hops hop
The maximum hop count is set for the MST region. By default, the maximum hop count of the MST region is 20. Step 7 Run:
stp mcheck
MCheck is enabled. On a switching device running MSTP, if an interface is connected to a device running STP, the interface automatically transitions to the STP mode. Enabling MCheck on the interface is required because the interface may fail to automatically transition to the MSTP mode in the following situations: l The switching device running STP is shut down or moved. l The switching device running STP transitions to the MSTP mode.
NOTE
If you run the stp mcheck command in the system view, the MCheck operation is performed on all the interfaces.
----End
7.4.3 Configuring Port Parameters

Port parameters that may affect MSTP topology convergence include the link type and maximum number of sent BPDUs. Configure proper port parameters to implement rapid topology convergence.
Procedure
Step 1 Run:
system-view

7-34
Issue 01 (2011-05-30)

portswitch

NOTE

stp point-to-point { auto | force-false | force-true }
The link type is configured for a port. By default, a port automatically determines whether to connect to a P2P link. The P2P link supports rapid network convergence. l If the Ethernet port works in full-duplex mode, the port is connected to a P2P link. In this case, force-true can be configured to implement rapid network convergence. l If the Ethernet port works in half-duplex mode, you can configure stp point-to-point forcetrue to forcibly set the link type to P2P to implement rapid network convergence. Step 5 Run:
stp mcheck
MCheck is enabled. On a switching device running MSTP, if an interface is connected to a device running STP, the interface automatically transitions to the STP mode. Enabling MCheck on the interface is required because the interface may fail to automatically transition to the MSTP mode in the following situations: l The switching device running STP is shut down or moved. l The switching device running STP transitions to the MSTP mode. Step 6 Run:
stp transmit-limit packet-number
The maximum number of BPDUs sent by a port within each Hello time is set. By default, the maximum number of BPDUs that a port sends within each Hello time is 147. Step 7 (Optional) Run:
stp edged-port enable
The port is configured as an edge port. If a device port is connected to a terminal, you can run this command to configure the port as an edge port. By default, the port is a non-edge port. Step 8 Run:
quit
Return to the system view. ----End

Follow-up Procedure
When the topology of a spanning tree changes, the forwarding paths to associated VLANs are changed. Then, ARP entries corresponding to those VLANs on the switching device need to be updated. MSTP processes ARP entries in either fast or normal mode. l l In fast mode, ARP entries to be updated are directly deleted. In normal mode, ARP entries to be updated are rapidly aged. The remaining lifetime of ARP entries to be updated is set to 0. The switching device rapidly processes these aged entries. If the number of ARP aging probe attempts is not set to 0, ARP implements aging probe for these ARP entries. In either fast or normal mode, MAC entries are directly deleted. You can run the stp converge { fast | normal } command in the system view to configure the MSTP convergence mode. By default, the MSTP convergence is configured as normal.
NOTE
The normal mode is recommended. If the fast mode is adopted, ARP entries will be frequently deleted, causing the CPU usage on the MPU or LPU to reach 100%. As a result, network flapping frequently occurs.

After MSTP parameters are configured, check whether the configurations take effect.
Prerequisite
The configurations of MSTP parameters are complete.
Procedure
l Run the display stp [ instance instance-id ] [ interface { interface-type interfacenumber } ] [ brief ] command to view spanning-tree status and statistics.
----End
Example
Run the display stp command, and you can view values of MSTP parameters, including the hello time, forwarding delay time, maximum aging time, maximum hop count, and maximum number of BPDUs allowed to be sent within each hello time on a port. You can also view whether the link connected to the port is a P2P link. For example:
<HUAWEI> display stp instance 0 interface gigabitethernet 1/0/1 -------[CIST Global Info][ Mode MSTP ]------CIST Bridge :32768.00e0-fc0e-a421 Bridge Times :Hello 2s MaxAge 14s FwDly 10s MaxHop 20 CIST Root/ERPC :32768.00e0-fc0e-a421 / 0 CIST RegRoot/IRPC :32768.00e0-fc0e-a421 / 0 CIST RootPortId :0.0 BPDU-Protection :disabled TC or TCN received :8 STP Converge Mode :Normal Time since last TC :0 days 23h:9m:30s ----[Port3(GigabitEthernet1/0/1)] [ FORWARDING ]---Port Protocol :enabled Port Role :CIST Designated Port
7-36
Issue 01 (2011-05-30)
Port Priority :128 Port Cost(Dot1T ) :Config=100 / Active=100 Desg. Bridge/Port :32768.00e0-fc0e-a421 / 128.1229 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None Port Stp Mode :MSTP Port Protocol Type :Config=auto / Active= dot1s BPDU Encapsulation :Config=stp / Active=stp PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :0 TCN: 0, Config: 0, RST: 0, MST: 0 BPDU Received :0 TCN: 0, Config: 0, RST: 0, MST: 0
7.5 Configuring MSTP Protection Functions

MSTP protection functions are as follows, and you can configure one or more functions as required. 7.5.1 Establishing the Configuration Task Before configuring MSTP protection functions, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This will help you complete the configuration task quickly and accurately. 7.5.2 Configuring BPDU Protection on a Switching Device After BPDU protection is enabled on a switching device, the switching device shuts down an edge port if the edge port receives a BPDU, and notifies the NMS of the shutdown event. 7.5.3 Configuring TC Protection on a Switching Device After TC protection is enabled, you can set the number of times for an MSTP process to process TC-BPDUs within a given time. TC protection avoids frequent deletion of MAC address entries and ARP entries, thereby protecting switching devices. 7.5.4 Configuring Root Protection on an Interface The root protection function on a switching device protects a root bridge by preserving the role of a designated port. 7.5.5 Configuring Loop Protection on an Interface The loop protection function suppresses the loops caused by link congestion. 7.5.6 Configuring Share-Link Protection on a Switching Device The share-link protection function on a switching device helps automatically transition to the RSTP working mode. It can also be used together with root protection to avoid network loops. 7.5.7 Checking the Configuration After MSTP protection functions are configured, check whether the configurations take effect.

Before configuring MSTP protection functions, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This will help you complete the configuration task quickly and accurately.
MSTP provides the following protection functions, as listed in Table 7-7.
Table 7-7 MSTP protection MSTP Protection BPDU protection Scenario An edge port changes to be a non-edge port after receiving a BPDU, which triggers spanning tree recalculation. If an attacker keeps sending bogus BPDUs to a switching device, network flapping occurs. Generally, after receiving TC BPDUs (packets for advertising network topology changes), a switching device needs to delete MAC entries and ARP entries. Frequent deletion operations will exhaust CPU resources. Configuration Impact After BPDU protection is enabled on the switching device, the switching device shuts down the edge port if the edge port receives an RST BPDU, and notifies the NMS of the shutdown event. The attributes of the edge port are not changed.
TC protection
TC protection is used to suppress TC-BPDUs. The number of times that TC-BPDUs are processed by a switching device within a given time period is configurable. If the number of TC-BPDUs that the switching device receives within the given time exceeds the specified threshold, the switching device handles TC-BPDUs only for the specified number of times. Excessive TC-BPDUs are processed by the switching device as a whole for once after the timeout period expires. This protects the switching device from frequently deleting MAC entries and ARP entries, thus avoiding over-burden. To address this issue, the root protection function can be configured to protect the root bridge by preserving the role of the designated port. With this function, when the designated port receives RST BPDUs with a higher priority, the port enters the Discarding state and does not forward the BPDUs. If the port does not receive any RST BPDUs with a higher priority for a certain period (double the Forward Delay), the port transitions to the Forwarding state.
Root protection
Due to incorrect configurations or malicious attacks on the network, a root bridge may receive BPDUs with a higher priority. Consequently, the legitimate root bridge is no longer able to serve as the root bridge, and the network topology is illegitimately changed, triggering spanning tree recalculation. This may transfer traffic from high-speed links to low-speed links, causing traffic congestion.
7-38
Issue 01 (2011-05-30)
MSTP Protection Loop protection
Scenario A root port or an alternate port will age if link congestion or a one-way link failure occurs. After the root port ages, a switching device may re-select a root port incorrectly and after the alternate port ages, the port enters the Forwarding state. Loops may occur in such a situation. In the scenario where a switching device is dualhomed to a network, when the share link of multiple processes fails, loops may occur.
Configuration Impact The loop protection function can be used to prevent such network loops. If the root port or alternate port cannot receive RST BPDUs from the upstream switching device, the root port is blocked and the switching device notifies the NMS that the port enters the Discarding state. The blocked port remains in the Blocked state and no longer forwards packets. This prevents loops on the network. The root port restores the Forwarding state after new RST BPDUs are received. Share-link protection can address such a problem. This function forcibly changes the working mode of the local switching device to RSTP. Share-link protection needs to be used together with root protection to avoid network loops.
Share-link protection
NOTE
l After a device normally starts, there is a default MSTP process with the ID 0. MSTP configurations in the system view and interface view both belong to this process. l For more information about MSTP multi-process configuration, see 7.3 Configuring MSTP Multiprocess.
Before configuring MSTP protection functions on a switching device, complete the following task: l Configuring basic MSTP functions
NOTE
Configuring an edge port on the switching device before configuring BPDU protection.
Data Preparation
To configure MSTP protection functions on a switching device, you need the following data. No. 1 2 Data Number of the port on which root protection is to be enabled Number of the port on which loop protection is to be enabled
Issue 01 (2011-05-30)
7-39
7.5.2 Configuring BPDU Protection on a Switching Device

After BPDU protection is enabled on a switching device, the switching device shuts down an edge port if the edge port receives a BPDU, and notifies the NMS of the shutdown event.
Context
Edge ports are directly connected to user terminals and normally, the edge ports will not receive BPDUs. Some attackers may send pseudo BPDUs to attach the switching device. If the edge ports receive the BPDUs, the switching device automatically sets the edge ports as non-edge ports and triggers new spanning tree calculation. Network flapping then occurs. BPDU protection can be used to protect switching devices against network attacks.
NOTE
Do as follows on a switching device having an edge port:
Procedure
Step 1 Run:
system-view


NOTE
Step 3 Run:
stp bpdu-protection
BPDU protection is enabled on the switching device. By default, BPDU protection is not enabled on the switching device. ----End
7.5.3 Configuring TC Protection on a Switching Device

After TC protection is enabled, you can set the number of times for an MSTP process to process TC-BPDUs within a given time. TC protection avoids frequent deletion of MAC address entries and ARP entries, thereby protecting switching devices.
Context
An attacker may send pseudo TC-BPDUs to attack switching devices. Switching devices receive a large number of TC BPDUs in a short time and delete entries frequently, which burdens system processing and degrades network stability. TC protection is used to suppress TC-BPDUs. The number of times that TC-BPDUs are processed by a switching device within a given time period is configurable. If the number of TC-BPDUs that the switching device receives within a given time exceeds the specified
threshold, the switching device handles TC-BPDUs only for the specified number of times. Excessive TC-BPDUs are processed by the switching device as a whole for once after the timer (that is, the specified time period) expires. This protects the switching device from frequently deleting MAC entries and ARP entries, thus avoiding over-burdened.
Procedure
Step 1 Run:
system-view


NOTE
Step 3 Run:
stp tc-protection
TC protection is enabled for the MSTP process. By default, TC protection is not enabled on the switching device. Step 4 Run:
stp tc-protection threshold threshold
The threshold of the number of times the MSTP process handles the received TC-BPDUs and updates forwarding entries within a given time is set.
NOTE
The value of the given time is consistent with the MSTP Hello time set by using the stp timer hello hellotime command.
----End
7.5.4 Configuring Root Protection on an Interface

The root protection function on a switching device protects a root bridge by preserving the role of a designated port.
Context
Due to incorrect configurations or malicious attacks on the network, a root bridge may receive BPDUs with a higher priority. Consequently, the legitimate root bridge is no longer able to serve as the root bridge, and the network topology is illegitimately changed, triggering spanning tree recalculation. This also may cause the traffic that should be transmitted over high-speed links to be transmitted over low-speed links, leading to network congestion. The root protection function on a switching device is used to protect the root bridge by preserving the role of the designated port.
NOTE
Root protection is configured on a designated port. It takes effect only when being configured on the port that functions as a designated port on all MSTIs. If root protection is configured on other types of ports, it does not take effect.
Do as follows on a root bridge in an MST region:
Procedure
Step 1 Run:
system-view


portswitch

NOTE

The port is bound to an MSTP process.

NOTE
This step is performed only when the interface needs to be bound to an MSTP process with a non-zero ID. If the interface belongs to process 0, skip this step.
Step 5 Run:
stp root-protection
Root protection is configured on the switching device. By default, root protection is disabled. ----End
7.5.5 Configuring Loop Protection on an Interface

The loop protection function suppresses the loops caused by link congestion.
Context
On a network running MSTP, a switching device maintains the root port status and status of blocked ports by receiving BPDUs from an upstream switching device. If the switching device cannot receive BPDUs from the upstream because of link congestion or unidirectional-link failure, the switching device re-selects a root port. The original root port becomes a designated port and the original blocked ports change to the Forwarding state. This may cause network loops. To address such a problem, configure loop protection.
After loop protection is configured, if the root port or alternate port does not receive BPDUs from the upstream switching device, the root port is blocked and the switching device notifies the NMS that the port enters the Discarding state. The blocked port remains in the Blocked state and no longer forwards packets. This prevents loops on the network. The root port restores the Forwarding state after receiving new BPDUs.
NOTE
An alternate port is a backup port of a root port. If a switching device has an alternate port, you need to configure loop protection on both the root port and the alternate port.
Do as follows on a root port and an alternate port on a switching device in an MST region:
Procedure
Step 1 Run:
system-view


portswitch

NOTE

The port is bound to an MSTP process.

NOTE
This step is performed only when the interface needs to be bound to an MSTP process with a non-zero ID. If the interface belongs to process 0, skip this step.
Step 5 Run:
stp loop-protection
Loop protection for the root port is configured on the switching device. By default, loop protection is disabled. ----End
7.5.6 Configuring Share-Link Protection on a Switching Device

The share-link protection function on a switching device helps automatically transition to the RSTP working mode. It can also be used together with root protection to avoid network loops.
Context
Share-link protection is used in the scenario where a switching device is dual homed to a network.
When a share link fails, share-link protection forcibly changes the working mode of a local switching device to RSTP. This function can also be used together with root protection to avoid network loops.
Procedure
Step 1 Run:
system-view

The MSTP process view is displayed. Step 3 Run:

stp link-share-protection
Share-link protection is enabled. ----End

After MSTP protection functions are configured, check whether the configurations take effect.
Prerequisite
All configurations of MSTP protection functions are complete.
Procedure
----End
Example
Run the display stp command, and you can view the BPDU protection status and configured protection type on a switching device. For example:
<HUAWEI> display stp instance 0 interface gigabitethernet 1/0/0 -------[CIST Global Info][Mode MSTP]------CIST Bridge :32768.00e0-fc0e-a421 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.00e0-fc0e-a421 / 0 CIST RegRoot/IRPC :32768.00e0-fc0e-a421 / 0 CIST RootPortId :0.0 BPDU-Protection :enabled TC or TCN received :8 STP Converge Mode :Fast Time since last TC :0 days 23h:9m:30s ----[Port3(GigabitEthernet1/0/0)][FORWARDING]---Port Protocol :enabled Port Role :CIST Designated Port Port Priority :128 Port Cost(Dot1T ) :Config=100 / Active=100 Desg. Bridge/Port :32768.00e0-fc0e-a421 / 128.1229
7-44
Issue 01 (2011-05-30)
Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :Root Port Stp Mode :MSTP Port Protocol Type :Config=auto / Active= dot1s BPDU Encapsulation :Config=stp / Active=stp PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :43 TCN: 0, Config: 0, RST: 0, MST: 43 BPDU Received :3 TCN: 0, Config: 0, RST: 0, MST: 3
7.6 Configuring MSTP Interoperability Between Huawei Devices and Non-Huawei Devices
To enable Huawei devices to interwork with non-Huawei devices, configure proper parameters and functions, including the BPDU format, MSTP protocol packet format, and digest snooping function, on the Huawei devices running MSTP. 7.6.1 Establishing the Configuration Task Before configuring MSTP interoperability between Huawei devices and non-Huawei devices, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately. 7.6.2 Configuring the BPDU Format on a Switching Device To make a Huawei device interoperate with a non-Huawei device, set the BPDU format to Per VLAN Spanning Tree (PVST). 7.6.3 Configuring a Proposal/Agreement Mechanism To enable Huawei Datacom devices to communicate with non-Huawei devices, configure a proper rapid transition mechanism on Huawei devices according to the Proposal/Agreement mechanism on non-Huawei devices. 7.6.4 Configuring the MSTP Protocol Packet Format on an Interface MSTP protocol packets can be transmitted in auto, dot1s, or legacy mode. The default mode is auto. 7.6.5 Binding VLANs for an Interface to an MSTP Process Non-Huawei devices do not recognize MSTP processes on Huawei datacom devices, which causes a communication failure between them. To address this problem, bind VLANs for an interface to MSTP processes. This allows Huawei devices to interoperate with non-Huawei devices. 7.6.6 Enabling the Digest Snooping Function When a Huawei device is connected to a non-Huawei device, if the region names, revision numbers, and VLAN-to-instance mappings configured on the two devices are consistent but the BPDU keys are different, the two devices cannot communicate. To address this problem, enable the digest snooping function on the Huawei device. 7.6.7 Checking the Configuration After MSTP parameters are configured for the interoperability between Huawei devices and non-Huawei devices, check whether the configurations take effect.
Issue 01 (2011-05-30)
7-45

Before configuring MSTP interoperability between Huawei devices and non-Huawei devices, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately.
On an MSTP network, inconsistent protocol packet formats and BPDU keys may lead to a communication failure. Configuring proper MSTP parameters on Huawei devices ensures interoperability between Huawei devices and non-Huawei devices.
Before configuring MSTP interoperability between Huawei devices and non-Huawei devices, complete the following task: l Configuring basic MSTP functions
Data Preparation
To configure MSTP interoperability between Huawei devices and non-Huawei devices, you need the following data. No. 1 2 Data BPDU format MSTP protocol packet format
7.6.2 Configuring the BPDU Format on a Switching Device

To make a Huawei device interoperate with a non-Huawei device, set the BPDU format to Per VLAN Spanning Tree (PVST).
Prerequisite
Basic VPLS functions have been configured before you can configure the BPDU format in the PW template view.
Procedure
Step 1 Run:
system-view
The system view is displayed. Step 2 Enter the view to configure the BPDU format: l Perform the following steps to enter the PW template view: 1.
7-46
Run the vsi vsi-name [ auto | static ] command to create a VSI or enter the VSI view.
2. 3. 4.
Run the pwsignal { bgp | ldp } command to configure a signaling mode for the VSI. Run the vsi-id vsi-id command to set the VSI ID. Run the peer peer-address [ negotiation-vc-id vc-id ] pw pw-name command to enter the VSI-LDP-PW view.
l Run the interface interface-type interface-number command to enter the Ethernet interface view. interface-type specifies the interface type. The interface types can be Ethernet, EthTrunk, virtual Ethernet, and GigabitEthernet. Step 3 Run:
stp bpdu-encapsulation { pvst | stp }
The BPDU format is configured on the switching device. By default, the BPDU format is STP. To make a Huawei device interoperate with a non-Huawei device, the PVST BPDU format needs to be used. ----End
7.6.3 Configuring a Proposal/Agreement Mechanism

To enable Huawei Datacom devices to communicate with non-Huawei devices, configure a proper rapid transition mechanism on Huawei devices according to the Proposal/Agreement mechanism on non-Huawei devices.
Context
The rapid transition mechanism is also called the Proposal/Agreement mechanism. Switching devices currently support the following modes: l Enhanced mode: The current interface counts a root port when it computes the synchronization flag bit. An upstream device sends a Proposal message to a downstream device, requesting rapid status transition. After receiving the message, the downstream device sets the port connected to the upstream device as a root port and blocks all non-edge ports. The upstream device then sends an Agreement message to the downstream device. After the downstream device receives the message, the root port transitions to the Forwarding state. The downstream device then responds to the Proposal message with an Agreement message. After receiving the message, the upstream device sets the port connected to the downstream device as a designated port, and the designated port transitions to the Forwarding state. l Common mode: The current interface ignores the root port when it computes the synchronization flag bit. An upstream device sends a Proposal message to a downstream device, requesting rapid status transition. After receiving the message, the downstream device sets the port connected to the upstream device as a root port and blocks all non-edge ports. The root port then transitions to the Forwarding state. The downstream device responds to the Proposal message with an Agreement message. After receiving the message, the upstream device sets the port connected to the
downstream device as a designated port. The designated port then transitions to the Forwarding state. When Huawei Datacom devices are interworking with non-Huawei devices, select either mode depending on the Proposal/Agreement mechanism on non-Huawei devices.
Procedure
Step 1 Run:
system-view


The interface is bound to an MSTP process.

NOTE
This step binds an interface to an MSTP process with a non-zero ID. If the interface belongs to process 0, skip this step.
Step 4 Run:
stp no-agreement-check
The common rapid transition mechanism is configured. By default, the interface uses the enhanced rapid transition mechanism. ----End
7.6.4 Configuring the MSTP Protocol Packet Format on an Interface

MSTP protocol packets can be transmitted in auto, dot1s, or legacy mode. The default mode is auto.
Context
MSTP protocol packets have two formats: dot1s (IEEE 802.1s standard packets) and legacy (proprietary protocol packets). The auto mode is introduced to allow an interface to automatically use the format of MSTP protocol packets sent from the remote interface. In this manner, the two interfaces use the same MSTP protocol packet format. Do as follows on a switching device in an MST region:
Procedure
Step 1 Run:
system-view

Step 2 Run:

portswitch

NOTE


NOTE
Step 5 Run:
stp compliance { auto | dot1s | legacy }
The MSTP protocol packet format is configured on the interface. The auto mode is used by default.
NOTE
If the format of MSTP packets is set to dot1s on one end and legacy on the other end, the negotiation fails.
----End
7.6.5 Binding VLANs for an Interface to an MSTP Process

Non-Huawei devices do not recognize MSTP processes on Huawei datacom devices, which causes a communication failure between them. To address this problem, bind VLANs for an interface to MSTP processes. This allows Huawei devices to interoperate with non-Huawei devices.
Context
If a Huawei device needs to interoperate with a non-Huawei device, the two devices cannot properly communicate because the non-Huawei device cannot recognize the MSTP process on the Huawei device. To address this problem, bind VLANs for interfaces to MSTP processes. The non-Huawei device distinguishes MSTP processes based on associated VLAN IDs and communicates with the Huawei device. Do as follows on the device where VLANs for an interface need to be bound to MSTP processes:
Procedure
Step 1 Run:
system-view
Issue 01 (2011-05-30)
7-49


stp binding process process-id serve-vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> [ bpdu-vlan vlan-id ]
VLANs for the interface are bound to an MSTP process. After VLANs for an interface are bound to an MSTP process, the interface determines the ID carried in an MSTP packet to be sent based on whether BPDU-VLAN is set: l If BPDU-VLAN is set, the MSTP packet carries the BPDU-VLAN ID but not the MSTP process ID. l If BPDU-VLAN is not set, the MSTP packet carries the MSTP process ID but not the BPDUVLAN ID.
NOTE
BPDU-VLAN must be a configured VLAN.
Before running the stp binding process serve-vlan command, ensure that the interface has joined specified VLANs; otherwise, the command cannot take effect. ----End
7.6.6 Enabling the Digest Snooping Function

When a Huawei device is connected to a non-Huawei device, if the region names, revision numbers, and VLAN-to-instance mappings configured on the two devices are consistent but the BPDU keys are different, the two devices cannot communicate. To address this problem, enable the digest snooping function on the Huawei device.
Context
Do as follows on a switching device in an MST region:
Procedure
Step 1 Run:
system-view



NOTE
Step 4 Run:
stp config-digest-snoop
The digest snooping function is enabled. ----End

After MSTP parameters are configured for the interoperability between Huawei devices and non-Huawei devices, check whether the configurations take effect.
Prerequisite
All the configurations for the interoperability between Huawei devices and non-Huawei devices are complete.
Procedure
----End
Example
Run the display stp command, and you can view the spanning-tree working mode, BPDU format and MSTP protocol packet format configured on the switching device, and configuration of the digest snooping function. For example:
<HUAWEI> display stp instance 0 interface gigabitethernet 1/0/1 -------[CIST Global Info][ Mode MSTP ]------CIST Bridge :32768.00e0-fc0e-a421 Bridge Times :Hello 2s MaxAge 14s FwDly 10s MaxHop 20 CIST Root/ERPC :32768.00e0-fc0e-a421 / 0 CIST RegRoot/IRPC :32768.00e0-fc0e-a421 / 0 CIST RootPortId :0.0 BPDU-Protection :disabled TC or TCN received :8 STP Converge Mode :Normal Time since last TC :0 days 23h:9m:30s ----[Port3(GigabitEthernet1/0/1)] [ FORWARDING ]---Port Protocol :enabled Port Role :CIST Designated Port Port Priority :128 Port Cost(Dot1T ) :Config=100 / Active=100 Desg. Bridge/Port :32768.00e0-fc0e-a421 / 128.1229 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None Config-digest-snoop:snooped=false Port Stp Mode :MSTP Port Protocol Type :Config=auto / Active= dot1s BPDU Encapsulation :Config=stp / Active=stp PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :0 TCN: 0, Config: 0, RST: 0, MST: 0
Issue 01 (2011-05-30)
7-51
BPDU Received :0 TCN: 0, Config: 0, RST: 0, MST: 0
7.7 Maintaining MSTP

MSTP maintenance includes resetting MSTP statistics. 7.7.1 Clearing MSTP Statistics You can run the reset commands to reset MSTP statistics to 0.
7.7.1 Clearing MSTP Statistics

You can run the reset commands to reset MSTP statistics to 0.
Context
CAUTION
MSTP statistics cannot be restored after you clear them. Therefore, exercise caution when using the reset commands. After you confirm that MSTP statistics need to be cleared, run the following command in the user view.
Procedure
Step 1 Run the reset stp [ interface interface-type interface-number ] statistics command to clear spanning-tree statistics. ----End

This section shows typical usage scenarios of MSTP by describing networking requirements, configuration roadmap, and data preparation, and provides related configuration files. 7.8.1 Example for Configuring Basic MSTP Functions This example shows how to configure basic MSTP functions. 7.8.2 Example for Configuring MSTP Multi-process After MSTP multi-process is enabled, each MSTP process can manage some interfaces. Layer 2 interfaces are divided and managed by multiple MSTP processes. Each MSTP process runs the standard MSTP. With the MSTP multi-process mechanism, spanning trees of different processes are calculated independently and do not affect each other. 7.8.3 Example for Configuring MSTP Multi-process for Layer 2 Single-Access Rings and Layer 2 Multi-Access Rings MSTP multi-process enables different Layer 2 access rings to carry different services. 7.8.4 Example for Configuring E-STP - Inter-AS Option A (Martini Mode)
When configuring STP over PW in inter-AS Martini VPLS OptionA, you need to configure service VSIs in ASs, and create Layer 3 sub-interfaces between ASs to access the VSIs. In addition, in the same AS, you need to configure the management VSI (mVSI) on two ASBRs and enable STP on the mPW; between ASs, you need to enable STP on the inter-AS Layer 3 sub-interfaces. 7.8.5 Example for Configuring E-STP - Inter-AS PW Interconnection (Martini Mode) When configuring STP over PW based on inter-AS PW interconnection in Martini mode, you need to configure service VSIs and the mVSI on inter-AS and intra-AS NPEs, and enable STP on the mPW. 7.8.6 Example for Configuring E-STP for CE Dual-Homing When configuring STP over PW in the scenario where a CE is dual homed to PEs, you need to enable STP on the physical links between CE1 and PE1 and between CE1 and PE2, and the mPW between PE1 and PE2.
7.8.1 Example for Configuring Basic MSTP Functions

This example shows how to configure basic MSTP functions.
On a complex network, loops are inevitable. With the requirement for network redundancy backup, network designers tend to deploy multiple physical links between two devices, one of which is the master and the others are the backup. Loops are likely or bound to occur in such a situation. Loops will cause broadcast storms, thereby exhausting network resources and paralyzing the network. Loops also cause flapping of MAC address tables and thus damages MAC address entries. MSTP can be deployed to eliminate loops. MSTP blocks redundant links on a Layer 2 network and trims the network into a loop-free tree. As shown in Figure 7-9, to load balance traffic of VLANs 1 to 10 and traffic of VLANs 11 to 20, multiple MSTIs are created. MSTP defines a VLAN mapping table in which VLANs are associated with spanning tree instances. In addition, MSTP divides a switching network into multiple regions, each of which has multiple independent spanning tree instances. As shown in Figure 7-9, CX-A, CX-B, SwitchC, and SwitchD all run MSTP.
Issue 01 (2011-05-30)
7-53
Figure 7-9 Networking diagram of configuring basic MSTP functions
Network
RG1 CX-A GE1/0/1 GE1/0/3 SwitchC GE1/0/1 GE1/0/2 GE1/0/2 GE1/0/2 GE1/0/2 CX-B GE1/0/1 GE1/0/3 SwitchD GE1/0/1
PC1
PC2 VLAN1~10 VLAN11~20 MSTI1 MSTI2
MSTI1:
Root Bridge:CX-A Blocked port MSTI2:
Root Bridge:CX-B Blocked port
7-54
Configure basic MSTP functions:

(1) Configure an MST region and create multiple MSTIs to implement load balancing. (2) In the MST region, configure a primary root bridge and secondary root bridge for each MSTI. (3) Set path costs for ports to be blocked in each MSTI. (4) Enable MSTP to eliminate loops, including: l Enable MSTP globally. l Enable MSTP on all the interfaces except the interfaces connected to terminals.
NOTE
MSTP is not required on the interfaces connected to terminals because these interfaces do not need to participate in MSTP calculation. By default, MSTP is enabled on a Layer 2 interface but not enabled on a Layer 3 interface.
2. 3.
Configure MSTP protection functions, for example, configure root protection on a designated port of a root bridge in each MSTI. Configure the Layer 2 forwarding function on devices.
Data Preparation
To complete the configuration, you need the following data: l l l l l l l Region name RG1 MSTIs, MSTI 1 and MSTI 2 GE interface numbers Primary and secondary root bridges of MSTI 1 (CX-A and CX-B respectively) and primary and secondary root bridges of MSTI 2 (CX-B and CX-A respectively) Path costs of the ports to be blocked (20000) VLAN IDs (1 to 20) VLAN to which PC1 belongs (VLAN 10) and VLAN to which PC2 belongs (VLAN 20)
Procedure
Step 1 Configure basic MSTP functions. 1. Add CX-A, CX-B, SwitchC, and SwitchD to MST region RG1, and create two MSTIs, MSTI 1 and MSTI 2. # Add CX-A to RG1.
<HUAWEI> system-view [HUAWEI] sysname CX-A [CX-A] stp region-configuration [CX-A-mst-region] region-name RG1 [CX-A-mst-region] instance 1 vlan 1 to 10 [CX-A-mst-region] instance 2 vlan 11 to 20 [CX-A-mst-region] active region-configuration [CX-A-mst-region] quit
# Add CX-B to RG1.

<HUAWEI> system-view [HUAWEI] sysname CX-B [CX-B] stp region-configuration [CX-B-mst-region] region-name RG1 [CX-B-mst-region] instance 1 vlan 1 to 10 [CX-B-mst-region] instance 2 vlan 11 to 20 [CX-B-mst-region] active region-configuration [CX-B-mst-region] quit
Issue 01 (2011-05-30)
7-55
# Add SwitchC to RG1.

<HUAWEI> system-view [HUAWEI] sysname SwitchC [SwitchC] stp region-configuration [SwitchC-mst-region] region-name RG1 [SwitchC-mst-region] instance 1 vlan 1 to 10 [SwitchC-mst-region] instance 2 vlan 11 to 20 [SwitchC-mst-region] active region-configuration [SwitchC-mst-region] quit
# Add SwitchD to RG1.

<HUAWEI> system-view [HUAWEI] sysname SwitchD [SwitchD] stp region-configuration [SwitchD-mst-region] region-name RG1 [SwitchD-mst-region] instance 1 vlan 1 to 10 [SwitchD-mst-region] instance 2 vlan 11 to 20 [SwitchD-mst-region] active region-configuration [SwitchD-mst-region] quit
2.
In RG1, configure primary and secondary root bridges for MSTI 1 and MSTI 2. l Configure primary and secondary root bridges for MSTI 1. # Configure CX-A as a primary root bridge of MSTI 1.
[CX-A] stp instance 1 root primary
# Configure CX-B as a secondary root bridge of MSTI 1.

[CX-B] stp instance 1 root secondary
l Configure primary and secondary root bridges for MSTI 2. # Configure CX-B as a primary root bridge of MSTI 2.
[CX-B] stp instance 2 root primary
# Configure CX-A as a secondary root bridge of MSTI 2.

[CX-A] stp instance 2 root secondary
3.
Set the path costs of the ports to be blocked in MSTI 1 and MSTI 2 to be larger than the default value.
NOTE
l Different calculation methods define different path costs. Use the Huawei proprietary calculation method as an example to set the path costs of the ports to be blocked in MSTI 1 and MSTI 2 to 20000. l All switching devices on a network must use the same calculation for path costs.
# On SwitchC, configure the path cost calculation method as the Huawei proprietary method and set the path cost of GE 1/0/2 in MSTI 2 to 20000.
[SwitchC] stp pathcost-standard legacy [SwitchC] interface gigabitethernet 1/0/2 [SwitchC-GigabitEthernet1/0/2] stp instance 2 cost 20000 [SwitchC-GigabitEthernet1/0/2] quit
# On SwitchD, configure the path cost calculation method as the Huawei proprietary method and set the path cost of GE 1/0/2 in MSTI 1 to 20000.
[SwitchD] stp pathcost-standard legacy [SwitchD] interface gigabitethernet 1/0/2 [SwitchD-GigabitEthernet1/0/2] stp instance 1 cost 20000 [SwitchD-GigabitEthernet1/0/2] quit
7-56
Issue 01 (2011-05-30)
4.
Enable MSTP to eliminate loops. l Disable MSTP on interfaces connected to PCs. # Disable MSTP on GE 1/0/1 of SwitchC.
# Disable MSTP on GE 1/0/1 of SwitchD.

[SwitchD] interface gigabitethernet 1/0/1 [SwitchD-GigabitEthernet1/0/1] stp disable [SwitchD-GigabitEthernet1/0/1] quit
l Enable MSTP globally. # Enable MSTP on CX-A.

[CX-A] stp enable
# Enable MSTP on CX-B.

[CX-B] stp enable
# Enable MSTP on SwitchC.

# Enable MSTP on SwitchD.

[SwitchD] stp enable
l Enable MSTP on all the interfaces except the interfaces connected to terminals. # Enable MSTP on GE 1/0/1 of CX-A.
[CX-A] interface gigabitethernet 1/0/1 [CX-A-GigabitEthernet1/0/1] undo shutdown [CX-A-GigabitEthernet1/0/1] portswitch [CX-A-GigabitEthernet1/0/1] stp enable [CX-A-GigabitEthernet1/0/1] quit
# Enable MSTP on GE 1/0/2 of CX-A.

[CX-A] interface gigabitethernet 1/0/2 [CX-A-GigabitEthernet1/0/2] undo shutdown [CX-A-GigabitEthernet1/0/2] portswitch [CX-A-GigabitEthernet1/0/2] stp enable [CX-A-GigabitEthernet1/0/2] quit
# Enable MSTP on GE 1/0/1 of CX-B.

[CX-B] interface gigabitethernet 1/0/1 [CX-B-GigabitEthernet1/0/1] undo shutdown [CX-B-GigabitEthernet1/0/1] portswitch [CX-B-GigabitEthernet1/0/1] stp enable [CX-B-GigabitEthernet1/0/1] quit
# Enable MSTP on GE 1/0/2 of CX-B.

[CX-B] interface gigabitethernet 1/0/2 [CX-B-GigabitEthernet1/0/2] undo shutdown [CX-B-GigabitEthernet1/0/2] portswitch [CX-B-GigabitEthernet1/0/2] stp enable [CX-B-GigabitEthernet1/0/2] quit
# Enable MSTP on GE 1/0/2 of SwitchC.

[SwitchC] interface gigabitethernet 1/0/2 [SwitchC-GigabitEthernet1/0/2] stp enable [SwitchC-GigabitEthernet1/0/2] quit
# Enable MSTP on GE 1/0/3 of SwitchC.

[SwitchC] interface gigabitethernet 1/0/3 [SwitchC-GigabitEthernet1/0/3] stp enable [SwitchC-GigabitEthernet1/0/3] quit
# Enable MSTP on GE 1/0/2 of SwitchD.

[SwitchD] interface gigabitethernet 1/0/2 [SwitchD-GigabitEthernet1/0/2] stp enable [SwitchD-GigabitEthernet1/0/2] quit
# Enable MSTP on GE 1/0/3 of SwitchD.

[SwitchD] interface gigabitethernet 1/0/3 [SwitchD-GigabitEthernet1/0/3] stp enable [SwitchD-GigabitEthernet1/0/3] quit
Step 2 Configure MSTP protection functions, for example, configure root protection on a designated port of a root bridge in each MSTI. # Enable root protection on GE 1/0/1 of CX-A.
# Enable root protection on GE 1/0/1 of CX-B.

[CX-B] interface gigabitethernet 1/0/1 [CX-B-GigabitEthernet1/0/1] stp root-protection [CX-B-GigabitEthernet1/0/1] quit
Step 3 Configure the Layer 2 forwarding function on devices in the ring. l Create VLANs 1 to 20 on CX-A, CX-B, SwitchC, and SwitchD. # Create VLANs 1 to 20 on CX-A.
[CX-A] vlan batch 1 to 20
# Create VLANs 1 to 20 on CX-B.

[CX-B] vlan batch 1 to 20
# Create VLANs 1 to 20 on SwitchC.

[SwitchC] vlan batch 1 to 20
# Create VLANs 1 to 20 on SwitchD.

[SwitchD] vlan batch 1 to 20
l Add interfaces on the switching devices in the ring to VLANs. # Add GE 1/0/1 on CX-A to VLANs.
[CX-A] interface gigabitethernet 1/0/1 [CX-A-GigabitEthernet1/0/1] port trunk allow-pass vlan 1 to 20 [CX-A-GigabitEthernet1/0/1] quit
# Add GE 1/0/2 on CX-A to VLANs.

[CX-A] interface gigabitethernet 1/0/2 [CX-A-GigabitEthernet1/0/2] port trunk allow-pass vlan 1 to 20 [CX-A-GigabitEthernet1/0/2] quit
# Add GE 1/0/1 on CX-B to VLANs.

[CX-B] interface gigabitethernet 1/0/1 [CX-B-GigabitEthernet1/0/1] port trunk allow-pass vlan 1 to 20 [CX-B-GigabitEthernet1/0/1] quit
# Add GE 1/0/2 on CX-B to VLANs.

[CX-B] interface gigabitethernet 1/0/2 [CX-B-GigabitEthernet1/0/2] port trunk allow-pass vlan 1 to 20 [CX-B-GigabitEthernet1/0/2] quit
# Add GE 1/0/2 on SwitchC to VLANs.

[SwitchC] interface gigabitethernet 1/0/2 [SwitchC-GigabitEthernet1/0/2] port trunk allow-pass vlan 1 to 20 [SwitchC-GigabitEthernet1/0/2] quit
# Add GE 1/0/3 on SwitchC to VLANs.

[SwitchC] interface gigabitethernet 1/0/3
7-58
Issue 01 (2011-05-30)
[SwitchC-GigabitEthernet1/0/3] port trunk allow-pass vlan 1 to 20 [SwitchC-GigabitEthernet1/0/3] quit
# Add GE 1/0/2 on SwitchD to VLANs.

[SwitchD] interface gigabitEthernet 1/0/2 [SwitchD-GigabitEthernet1/0/2] port trunk allow-pass vlan 1 to 20 [SwitchD-GigabitEthernet1/0/2] quit
# Add GE 1/0/3 on SwitchD to VLANs.

[SwitchD] interface gigabitethernet 1/0/3 [SwitchD-GigabitEthernet1/0/3] port trunk allow-pass vlan 1 to 20 [SwitchD-GigabitEthernet1/0/3] quit
Step 4 Verify the configuration. After completing the previous configurations, run the following commands to verify the configurations. # Run the display stp brief command on CX-A to view the interface status and protection type. The displayed information is as follows:
<CX-A> display stp brief MSTID Port 0 GigabitEthernet1/0/1 0 GigabitEthernet1/0/2 1 GigabitEthernet1/0/1 1 GigabitEthernet1/0/2 2 GigabitEthernet1/0/1 2 GigabitEthernet1/0/2 Role STP State DESI FORWARDING DESI FORWARDING DESI FORWARDING DESI FORWARDING DESI FORWARDING ROOT FORWARDING Protection NONE NONE NONE NONE NONE NONE
In MSTI 1, CX-A is a root bridge and thus GE 1/0/2 and GE 1/0/1 on CX-A are designated ports. In MSTI 2, GE 1/0/1 on Switch A is a designated port and GE 1/0/2 is a root port. # Run the display stp brief command on CX-B. The displayed information is as follows:
[CX-B] display stp brief MSTID Port 0 GigabitEthernet1/0/1 0 GigabitEthernet1/0/2 1 GigabitEthernet1/0/1 1 GigabitEthernet1/0/2 2 GigabitEthernet1/0/1 2 GigabitEthernet1/0/2 Role STP State DESI FORWARDING ROOT FORWARDING DESI FORWARDING ROOT FORWARDING DESI FORWARDING DESI FORWARDING Protection NONE NONE NONE NONE NONE NONE
In MSTI 2, CX-B is a root bridge and thus GE 1/0/1 and GE 1/0/2 on CX-B are designated ports. In MSTI 1, GE 1/0/1 of CX-B is a designated port and GE 1/0/2 is a root port. # Run the display stp interface brief command on SwitchC. The displayed information is as follows:
[SwitchC] display stp interface gigabitethernet 1/0/3 brief MSTID Port Role STP State Protection 0 GigabitEthernet1/0/3 ROOT FORWARDING NONE 1 GigabitEthernet1/0/3 ROOT FORWARDING NONE 2 GigabitEthernet1/0/3 ROOT FORWARDING NONE [SwitchC] display stp interface gigabitethernet 1/0/2 brief MSTID Port Role STP State Protection 0 GigabitEthernet1/0/2 DESI FORWARDING NONE 1 GigabitEthernet1/0/2 DESI FORWARDING NONE 2 GigabitEthernet1/0/2 ALTE DISCARDING NONE
# Run the display stp interface brief command on SwitchD. The displayed information is as follows:
[SwitchD] display stp interface gigabitethernet 1/0/3 brief MSTID Port Role STP State Protection
Issue 01 (2011-05-30)
7-59
0 GigabitEthernet1/0/3 ALTE DISCARDING NONE 1 GigabitEthernet1/0/3 ROOT FORWARDING NONE 2 GigabitEthernet1/0/3 ROOT FORWARDING NONE [SwitchD] display stp interface gigabitethernet 1/0/2 brief MSTID Port Role STP State Protection 0 GigabitEthernet1/0/2 ROOT FORWARDING NONE 1 GigabitEthernet1/0/2 ALTE DISCARDING NONE 2 GigabitEthernet1/0/2 DESI FORWARDING NONE
GE 1/0/3 on SwitchD is a root port in both MSTI 1 and MSTI 2. GE 1/0/2 on SwitchD is blocked in MSTI 1 but is calculated to be a designated port in MSTI 2. ----End
Configuration Files
stp root-protection # sysname CX-A # vlan batch 1 to 20 # stp instance 1 root primary stp instance 2 root secondary stp pathcost-standard legacy stp enable # stp regionconfiguration region-name RG1 instance 1 vlan 1 to 10 instance 2 vlan 11 to 20 active regionconfiguration # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 1 to 20 stp rootprotection # interface GigabitEthernet1/0/2 undo shutdown portswitch port trunk allow-pass vlan 1 to 20 # return

# sysname CX-B # vlan batch 1 to 20 # stp instance 1 root
7-60
Issue 01 (2011-05-30)
secondary stp instance 2 root primary stp pathcost-standard legacy stp enable # stp regionconfiguration region-name RG1 instance 1 vlan 1 to 10 instance 2 vlan 11 to 20 active regionconfiguration # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 1 to 20 stp rootprotection # interface GigabitEthernet1/0/2 undo shutdown portswitch port trunk allow-pass vlan 1 to 20 # return

# sysname SwitchC # vlan batch 1 to 20 # stp pathcost-standard legacy stp enable # undo http server enable # stp regionconfiguration region-name RG1 instance 1 vlan 1 to 10 instance 2 vlan 11 to 20 active regionconfiguration # interface GigabitEthernet1/0/1 stp disable # interface GigabitEthernet1/0/2
Issue 01 (2011-05-30)
7-61
port trunk allow-pass vlan 1 to 20 stp instance 2 cost 20000 # interface GigabitEthernet1/0/3 port trunk allow-pass vlan 1 to 20 # return
Configuration file of SwitchD

# sysname SwitchD # vlan batch 1 to 20 # stp pathcost-standard legacy stp enable # undo http server enable # stp regionconfiguration region-name RG1 instance 1 vlan 1 to 10 instance 2 vlan 11 to 20 # interface GigabitEthernet1/0/1 stp disable # interface GigabitEthernet1/0/2 port trunk allow-pass vlan 1 to 20 stp instance 1 cost 20000 # interface GigabitEthernet1/0/3 port trunk allow-pass vlan 1 to 20 # return
7.8.2 Example for Configuring MSTP Multi-process

After MSTP multi-process is enabled, each MSTP process can manage some interfaces. Layer 2 interfaces are divided and managed by multiple MSTP processes. Each MSTP process runs the standard MSTP. With the MSTP multi-process mechanism, spanning trees of different processes are calculated independently and do not affect each other.
7-62
Issue 01 (2011-05-30)
UPEs construct a ring at the aggregation layer. These UPEs are enabled with MSTP and belong to the same MST region. Load balancing between different VLANs is carried out by creating multiple MSTIs. UPEs are respectively connected to two DSLAM rings at the access layer. The two rings need to be independent of each other and use different spanning trees. This ensures that topology change of one ring does not affect the other. As shown in Figure 7-10, UPE1, UPE2, UPE3, and UPE4 construct a ring at the aggregation layer. The UPEs are enabled with MSTP and belong to the same MST region named RG1. In RG1, UPE4 is a CIST root and also a regional root of MSTI 1. UPE3 is a regional root in MSTI 2. Load balancing between traffic from different VLANs is carried out in the entire MST region. UPE1 and UPE2 are connected to two DSLAM rings at the access layer. The two rings need to be independent of each other. In addition, to protect devices, UPE1 and UPE2 need to suppress TC-BPDUs.
NOTE
In the ring of MSTP multi-process, blocking the interface directly connected to the root protection-enabled designated port is not recommended.
Figure 7-10 Networking for MSTP multi-process
MPLS/IP Core
MSTP GE 2/0/1 UPE 1 GE 1/0/1 GE 1/0/3 GE 1/0/2 GE 1/0/3 GE 1/0/2 STP / RSPT DSLAM DSLAM GE 2/0/1 UPE 2 GE1/0/1
DSLAM
DSLAM
Issue 01 (2011-05-30)
Access
Aggregation
UPE 4 GE 2/0/1
GE 1/0/1
GE 1/0/1
UPE 3 GE2/0/1
Core
7-63
The configuration roadmap is as follows: 1. Configure basic MSTP functions, including: (1) Add UPEs to an MST region and create multiple MSTIs to implement load balancing. (2) Configure a regional root. 2. Configure MSTP multi-process, including: (1) Create multiple MSTP processes and add interfaces to relevant processes. (2) Configure a shared link. 3. Configure MSTP protection functions, including: l Configure priorities of MSTP processes and enable root protection. l Configure TC notification and protection. 4. Configure the Layer 2 forwarding function on devices.
Data Preparation
To complete the configuration, you need the following data: l l l Name of the MST region (RG1) and names of MSTIs (MSTI 1 and MSTI 2) VLAN IDs on UPEs (1 to 20) IDs of MSTP processes
Procedure
Step 1 Configure basic MSTP functions. 1. Add UPEs 1 to 4 to MST region RG1. # Configure UPE1.
<HUAWEI> system-view [HUAWEI] sysname UPE1 [UPE1] stp region-configuration [UPE1-mst-region] region-name RG1 [UPE1-mst-region] instance 1 vlan 1 to 10 [UPE1-mst-region] instance 2 vlan 11 to 20 [UPE1-mst-region] active region-configuration [UPE1-mst-region] quit
# Configure UPE2.
# Configure UPE3.
<HUAWEI> system-view [HUAWEI] sysname UPE3 [UPE3] stp region-configuration [UPE3-mst-region] region-name RG1
7-64
Issue 01 (2011-05-30)
[UPE3-mst-region] [UPE3-mst-region] [UPE3-mst-region] [UPE3-mst-region] instance 1 vlan 1 to 10 instance 2 vlan 11 to 20 active region-configuration quit
# Configure UPE4.
2.
Configure a CIST root and a regional root in each MSTI. # Set the priority of UPE4 to 0 in MSTI0 and MSTI 1 to ensure that UPE4 functions as a CIST root and also a regional root of MSTI 1 in RG1.
[UPE4] stp instance 0 priority 0 [UPE4] stp instance 1 priority 0
# Set the priority of UPE3 to 0 in MSTI 2 to ensure that UPE3 functions as a regional root of MSTI 2 in RG1.
[UPE3] stp instance 2 priority 0
3.
Enable MSTP. # Configure UPE1.

[UPE1] stp enable
# Configure UPE2.
[UPE2] stp enable
# Configure UPE3.
[UPE3] stp enable
# Configure UPE4.
[UPE4] stp enable
Step 2 Configure MSTP multi-process. 1. Create multiple MSTP processes and add interfaces to relevant processes. # Configure UPE1.
[UPE1] stp process 1 [UPE1-stp-process-1] [UPE1-stp-process-1] [UPE1] stp process 2 [UPE1-stp-process-2] [UPE1-stp-process-2] stp enable quit stp enable quit
# Configure UPE2.
[UPE2] stp process 1 [UPE2-stp-process-1] [UPE2-stp-process-1] [UPE2] stp process 2 [UPE2-stp-process-2] [UPE2-stp-process-2] stp enable quit stp enable quit
# Add GE 1/0/1 and GE 1/0/2 on UPE1 to VLANs.

[UPE1] interface gigabitethernet 1/0/1 [UPE1-GigabitEthernet1/0/1] undo shutdown [UPE1-GigabitEthernet1/0/1] portswitch [UPE1-GigabitEthernet1/0/1] stp binding process 1 [UPE1-GigabitEthernet1/0/1] quit [UPE1] interface gigabitethernet 1/0/2 [UPE1-GigabitEthernet1/0/2] undo shutdown
Issue 01 (2011-05-30)
7-65
[UPE1-GigabitEthernet1/0/2] portswitch [UPE1-GigabitEthernet1/0/2] stp binding process 2 [UPE1-GigabitEthernet1/0/2] quit
# Add GE 1/0/1 and GE 1/0/2 on UPE2 to VLANs.

[UPE2] interface gigabitethernet 1/0/1 [UPE2-GigabitEthernet1/0/1] undo shutdown [UPE2-GigabitEthernet1/0/1] portswitch [UPE2-GigabitEthernet1/0/1] stp binding process 2 [UPE2-GigabitEthernet1/0/1] quit [UPE2] interface gigabitethernet 1/0/2 [UPE2-GigabitEthernet1/0/2] undo shutdown [UPE2-GigabitEthernet1/0/2] portswitch [UPE2-GigabitEthernet1/0/2] stp binding process 1 [UPE2-GigabitEthernet1/0/2] quit
2.
Configure a shared link. # Configure UPE1.

[UPE1] interface gigabitethernet 1/0/3 [UPE1-GigabitEthernet1/0/1] stp binding process 1 to 2 link-share [UPE1-GigabitEthernet1/0/1] quit
# Configure UPE2.
[UPE2] interface gigabitethernet 1/0/3 [UPE2-GigabitEthernet1/0/1] stp binding process 1 to 2 link-share [UPE2-GigabitEthernet1/0/1] quit
Step 3 Configure MSTP protection functions. l Configure priorities of MSTP processes and enable root protection. # Configure UPE1.
[UPE1] stp process 1 [UPE1-stp-process-1] stp instance 0 root primary [UPE1-stp-process-1] quit [UPE1] stp process 2 [UPE1-stp-process-2] stp instance 0 root secondary [UPE1-stp-process-2] quit [UPE1] interface gigabitethernet 1/0/2 [UPE1-GigabitEthernet1/0/2] stp root-protection [UPE1-GigabitEthernet1/0/2] quit
# Configure UPE2.
[UPE2] stp process 1 [UPE2-stp-process-1] stp instance 0 root secondary [UPE2-stp-process-1] quit [UPE2] stp process 2 [UPE2-stp-process-2] stp instance 0 root primary [UPE2-stp-process-2] quit [UPE2] interface gigabitethernet 1/0/2 [UPE2-GigabitEthernet1/0/2] stp root-protection [UPE2-GigabitEthernet1/0/2] quit
NOTE
l Alternatively, you can run the stp [ instance instance-id ] priority priority command to configure priorities for MSTP processes. Ensure that the MSTP process on UPE1 has the highest priority and the MSTP process on UPE2 has the second highest priority. l Root protection must be configured on a designated port of the MSTP process with the second highest priority.
l Configure TC notification and suppression of TC-BPDUs for MSTP multi-process. # Configure UPE1.
[UPE1] stp tc-protection [UPE1] stp process 1 [UPE1-stp-process-1] stp tc-notify process 0 [UPE1-stp-process-1] stp tc-protection
7-66
Issue 01 (2011-05-30)
[UPE1-stp-process-1] [UPE1] stp process 2 [UPE1-stp-process-2] [UPE1-stp-process-2] [UPE1-stp-process-2] quit stp tc-notify process 0 stp tc-protection quit
# Configure UPE2.
[UPE2] stp tc-protection [UPE2] stp process 1 [UPE2-stp-process-1] stp tc-notify process 0 [UPE2-stp-process-1] stp tc-protection [UPE2-stp-process-1] quit [UPE2] stp process 2 [UPE2-stp-process-2] stp tc-notify process 0 [UPE2-stp-process-2] stp tc-protection [UPE2-stp-process-2] quit
Step 4 Create VLANs on UPEs and add UPE interfaces to VLANs. # Create VLANs 1 to 20 on UPE1 and add GE 2/0/1 and GE 1/0/3 to the VLANs.
[UPE1] vlan batch 1 to 20 [UPE1] interface gigabitethernet 2/0/1 [UPE1-GigabitEthernet2/0/1] undo shutdown [UPE1-GigabitEthernet2/0/1] portswitch [UPE1-GigabitEthernet2/0/1] port trunk allow-pass [UPE1-GigabitEthernet2/0/1] quit [UPE1] interface gigabitethernet 1/0/3 [UPE1-GigabitEthernet1/0/3] undo shutdown [UPE1-GigabitEthernet1/0/3] portswitch [UPE1-GigabitEthernet1/0/3] port trunk allow-pass [UPE1-GigabitEthernet1/0/3] quit [UPE1] interface gigabitethernet 1/0/1 [UPE1-GigabitEthernet1/0/1] undo shutdown [UPE1-GigabitEthernet1/0/1] portswitch [UPE1-GigabitEthernet1/0/1] port trunk allow-pass [UPE1-GigabitEthernet1/0/1] quit [UPE1] interface gigabitethernet 1/0/2 [UPE1-GigabitEthernet1/0/2] undo shutdown [UPE1-GigabitEthernet1/0/2] portswitch [UPE1-GigabitEthernet1/0/2] port trunk allow-pass [UPE1-GigabitEthernet1/0/2] quit
vlan 1 to 20
vlan 1 to 20
vlan 1 to 10
vlan 11 to 20
# Create VLANs 1 to 20 on UPE2 and add GE 2/0/1 and GE 1/0/3 to the VLANs.
[UPE2] vlan batch 1 to 20 [UPE2] interface gigabitethernet 2/0/1 [UPE2-GigabitEthernet2/0/1] undo shutdown [UPE2-GigabitEthernet2/0/1] portswitch [UPE2-GigabitEthernet2/0/1] port trunk allow-pass [UPE2-GigabitEthernet2/0/1] quit [UPE2] interface gigabitethernet 1/0/3 [UPE2-GigabitEthernet1/0/3] undo shutdown [UPE2-GigabitEthernet1/0/3] portswitch [UPE2-GigabitEthernet1/0/3] port trunk allow-pass [UPE2-GigabitEthernet1/0/3] quit [UPE2] interface gigabitethernet 1/0/1 [UPE2-GigabitEthernet1/0/1] undo shutdown [UPE2-GigabitEthernet1/0/1] portswitch [UPE2-GigabitEthernet1/0/1] port trunk allow-pass [UPE2-GigabitEthernet1/0/1] quit [UPE2] interface gigabitethernet 1/0/2 [UPE2-GigabitEthernet1/0/2] undo shutdown [UPE2-GigabitEthernet1/0/2] portswitch [UPE2-GigabitEthernet1/0/2] port trunk allow-pass [UPE2-GigabitEthernet1/0/2] quit
vlan 1 to 20
vlan 1 to 20
vlan 11 to 20
vlan 1 to 10
[UPE3] vlan batch 1 to 20 [UPE3] interface gigabitethernet 1/0/1
Issue 01 (2011-05-30)
7-67
[UPE3-GigabitEthernet1/0/1] undo shutdown [UPE3-GigabitEthernet1/0/1] portswitch [UPE3-GigabitEthernet1/0/1] port trunk allow-pass vlan 1 to 20 [UPE3-GigabitEthernet1/0/1] quit [UPE3] interface gigabitethernet 2/0/1 [UPE3-GigabitEthernet2/0/1] undo shutdown [UPE3-GigabitEthernet2/0/1] portswitch [UPE3-GigabitEthernet2/0/1] port trunk allow-pass vlan 1 to 20 [UPE3-GigabitEthernet2/0/1] quit
[UPE4] vlan batch 1 to 20 [UPE4] interface gigabitethernet 1/0/1 [UPE4-GigabitEthernet1/0/1] undo shutdown [UPE4-GigabitEthernet1/0/1] portswitch [UPE4-GigabitEthernet1/0/1] port trunk allow-pass vlan 1 to 20 [UPE4-GigabitEthernet1/0/1] quit [UPE4] interface gigabitethernet 2/0/1 [UPE4-GigabitEthernet2/0/1] undo shutdown [UPE4-GigabitEthernet2/0/1] portswitch [UPE4-GigabitEthernet2/0/1] port trunk allow-pass vlan 1 to 20 [UPE4-GigabitEthernet2/0/1] quit
Step 5 Verify the configuration. l Run the display stp interface brief command on UPE1, and you can view the following information: # GE 2/0/1 is a root port in the CIST and MSTI 1 and a designated port in MSTI 2.
[UPE1] display stp interface gigabitethernet 2/0/1 brief MSTID Port Role STP State 0 GigabitEthernet2/0/1 ROOT FORWARDING 1 GigabitEthernet2/0/1 ROOT FORWARDING 2 GigabitEthernet2/0/1 DESI FORWARDING Protection NONE NONE NONE
# GE 1/0/3 is a designated port in the CIST and MSTI 1 and a root port in MSTI 2.
[UPE1] display stp interface gigabitethernet 1/0/3 brief MSTID Port Role STP State 0 GigabitEthernet1/0/3 DESI FORWARDING 1 GigabitEthernet1/0/3 DESI FORWARDING 2 GigabitEthernet1/0/3 ROOT FORWARDING Protection NONE NONE NONE
# GE 1/0/1 is a designated port in the CIST of MSTP process 1.

[UPE1] display stp process 1 interface gigabitethernet 1/0/1 brief MSTID Port Role STP State Protection 0 GigabitEthernet1/0/1 DESI FORWARDING NONE

[UPE1] display stp process 2 interface gigabitethernet 1/0/2 brief MSTID Port Role STP State Protection 0 GigabitEthernet1/0/2 DESI FORWARDING ROOT
l Run the display stp interface brief command on UPE2, and you can view the following information: # GE 2/0/1 is a designated port in the CIST and MSTI 1 and a root port in MSTI 2.
# GE 1/0/3 is a root port in the CIST and MSTI 1 and a designated port in MSTI 2.
[UPE2] display stp interface gigabitethernet 1/0/3 brief MSTID Port Role STP State 0 GigabitEthernet1/0/3 ROOT DISCARDING 1 GigabitEthernet1/0/3 ROOT DISCARDING 2 GigabitEthernet1/0/3 DESI FORWARDING Protection NONE NONE NONE
7-68
Issue 01 (2011-05-30)

[UPE2] display stp process 2 interface gigabitethernet 1/0/1 brief MSTID Port Role STP State Protection 0 GigabitEthernet1/0/1 DESI FORWARDING NONE

[UPE2] display stp process 1 interface gigabitethernet 1/0/2 brief MSTID Port Role STP State Protection 0 GigabitEthernet1/0/2 DESI FORWARDING ROOT
l Run the display stp interface brief command on UPE3, and you can view the following information: # GE 1/0/1 is a designated port in the CIST and both MSTI 1 and MSTI 2.
[UPE3] display stp interface gigabitethernet 1/0/1 brief MSTID Port Role STP State 0 GigabitEthernet1/0/1 DESI FORWARDING 1 GigabitEthernet1/0/1 DESI FORWARDING 2 GigabitEthernet1/0/1 DESI FORWARDING Protection NONE NONE NONE
# GE 2/0/1 is a root port in the CIST and MSTI 1 and a designated port in MSTI 2.
[UPE3] display stp interface gigabitethernet 2/0/1 brief MSTID Port Role STP State 0 GigabitEthernet2/0/1 ROOT FORWARDING 1 GigabitEthernet2/0/1 ROOT FORWARDING 2 GigabitEthernet2/0/1 DESI FORWARDING Protection NONE NONE NONE
l Run the display stp interface brief command on UPE4, and you can view the following information: # GE 1/0/1 is a designated port in the CIST and both MSTI 1 and MSTI 2.
[UPE4] display stp interface gigabitethernet 1/0/1 brief MSTID Port Role STP State 0 GigabitEthernet1/0/1 DESI FORWARDING 1 GigabitEthernet1/0/1 DESI FORWARDING 2 GigabitEthernet1/0/1 DESI FORWARDING Protection NONE NONE NONE
# GE 2/0/1 is a designated port in the CIST and MSTI 1 and a root port in MSTI 2.
----End
Configuration Files
Only the configuration files of the UPEs are listed. l Configuration file of UPE1
# sysname UPE1 # vlan batch 1 to 20 # stp tc-protection stp enable # stp region-configuration region-name RG1 instance 1 vlan 1 to 10 instance 2 vlan 11 to 20 active region-configuration # stp process 1
Issue 01 (2011-05-30)
7-69
stp instance 0 root primary stp tc-notify process 0 stp tc-protection stp enable stp converge normal stp process 2 stp instance 0 root secondary stp tc-notify process 0 stp tc-protection stp enable stp converge normal # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 1 to 10 stp binding process 1 # interface GigabiEthernet1/0/2 undo shutdown portswitch port trunk allow-pass vlan 11 to 20 stp binding process 2 stp root-protection # interface GigabitEthernet1/0/3 undo shutdown portswitch port trunk allow-pass vlan 1 to 20 stp binding process 1 to 2 link-share # interface GigabitEthernet2/0/1 undo shutdown portswitch port trunk allow-pass vlan 1 to 20 # return

# sysname UPE2 # vlan batch 1 to 20 # stp tc-protection stp enable # stp region-configuration region-name RG1 instance 1 vlan 1 to 10 instance 2 vlan 11 to 20 active region-configuration # stp process 1 stp instance 0 root secondary stp tc-notify process 0 stp tc-protection stp enable stp converge normal stp process 2 stp instance 0 root primary stp tc-notify process 0 stp tc-protection stp enable stp converge normal # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 11 to 20
7-70
Issue 01 (2011-05-30)
stp binding process 2 # interface GigabitEthernet1/0/2 undo shutdown portswitch port trunk allow-pass vlan 1 to 10 stp binding process 1 stp root-protection # interface GigabitEthernet1/0/3 undo shutdown portswitch port trunk allow-pass vlan 1 to 20 stp binding process 1 to 2 link-share # interface GigabitEthernet2/0/1 undo shutdown portswitch port trunk allow-pass vlan 1 to 20 # return

# sysname UPE3 # vlan batch 1 to 20 # stp instance 2 priority 0 stp enable # stp region-configuration region-name RG1 instance 1 vlan 1 to 10 instance 2 vlan 11 to 20 active region-configuration # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 1 to 20 # interface GigabitEthernet2/0/1 undo shutdown portswitch port trunk allow-pass vlan 1 to 20 # return

# sysname UPE4 # vlan batch 1 to 20 # stp instance 0 priority 0 stp instance 1 priority 0 stp enable # stp region-configuration region-name RG1 instance 1 vlan 1 to 10 instance 2 vlan 11 to 20 active region-configuration # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 1 to 20 #
Issue 01 (2011-05-30)
7-71
interface GigabitEthernet2/0/1 undo shutdown portswitch port trunk allow-pass vlan 1 to 20 # return
7.8.3 Example for Configuring MSTP Multi-process for Layer 2 Single-Access Rings and Layer 2 Multi-Access Rings
MSTP multi-process enables different Layer 2 access rings to carry different services.
On the networking with both Layer 2 single-access rings and multi-access rings deployed, switching devices carry both Layer 2 and Layer 3 services. To enable different rings to carry different services, deploy MSTP multi-process. Spanning trees of different processes are calculated independently and do not affect each other. As shown in Figure 7-11, both Layer 2 single-access rings and dual-access rings are deployed, and CX devices carry both Layer 2 and Layer 3 services. In this networking, two CX devices connected to dual-access rings are also connected to a single-access ring each. Ring 1 uses CX- A as an MSTP root bridge. Ring 2 uses CX- B as an MSTP root bridge. Ring 3 uses CXA as an MSTP root bridge. CX-s A, B, and C construct a VPLS network. Sub-interfaces are configured on the ring access interfaces on CX- A and CX- B and are bound to VSIs for access to the rings.
NOTE
In the ring of MSTP multi-process, blocking the interface directly connected to the root protection-enabled designated port is not recommended.
For detailed configurations of VPLS, see the HUAWEI CX600 Metro Services Platform Configuration Guide - VPN.
7-72
Issue 01 (2011-05-30)
Figure 7-11 Networking for MSTP multi-process for Layer 2 single-access rings and Layer 2 multi-access rings
CX-C
G1/1/0
G1/1/0
CE
PE1
G1/0/10 G1/0/11
CX-A
G1/0/0 G1/0/7
CX-B
G1/0/0 G1/0/7
PE2 CE
G1/0/10 G1/0/11
Ring 1 CE
Ring 2
Ring 3
Instance 1: VLAN1-100 Process 1 CE CE Instance 2: VLAN101-200 Process 2
CE Instance 3: VLAN1-100 Process 3
The configuration roadmap is as follows: 1. Configure basic MSTP functions, create multiple MSTP processes, add devices to MST regions, and create MSTIs.
NOTE
l Each ring can belong to only one region. l Each CE can join only one ring.
2. 3.
Add interfaces to MSTP processes and configure a share link. Configure MSTP protection functions, including: l Configure priorities of MSTP processes and enable root protection. l Configure share-link protection.
4.
Configure the Layer 2 forwarding function on devices.
Data Preparation
Issue 01 (2011-05-30)
Names of MST region (RG1, RG2, and RG3) and names of MSTIs (MSTI 1, MSTI 2, and MSTI 3) VLAN IDs (1 to 200) IDs of MSTP processes
Procedure
Step 1 Configure basic MSTP functions, create multiple MSTP processes, add devices to MST regions, and create MSTIs. # Configure MSTP processes 1 and 2 on CX- A.
<HUAWEI> system-view [HUAWEI] sysname CX-A [CX-A] stp process 1 [CX-A-stp-process-1] stp region-configuration [CX-A-stp-process-1-region] region-name RG1 [CX-A-stp-process-1-region] instance 1 vlan 1 to 100 [CX-A-stp-process-1-region] active region-configuration [CX-A-stp-process-1-region] quit [CX-A-stp-process-1] quit [CX-A] stp process 2 [CX-A-stp-process-2] stp region-configuration [CX-A-stp-process-2-region] region-name RG2 [CX-A-stp-process-2-region] instance 2 vlan 101 to 200 [CX-A-stp-process-2-region] active region-configuration [CX-A-stp-process-2-region] quit
# Configure MSTP processes 2 and 3 on CX- B.

<HUAWEI> system-view [HUAWEI] sysname CX-B [CX-B] stp process 2 [CX-B-stp-process-2] stp region-configuration [CX-B-stp-process-2-region] region-name RG2 [CX-B-stp-process-2-region] instance 2 vlan 101 to 200 [CX-B-stp-process-2-region] active region-configuration [CX-B-stp-process-2-region] quit [CX-B-stp-process-2] quit [CX-B] stp process 3 [CX-B-stp-process-3] stp region-configuration [CX-B-stp-process-3-region] region-name RG3 [CX-B-stp-process-3-region] instance 3 vlan 1 to 100 [CX-B-stp-process-3-region] active region-configuration [CX-B-stp-process-3-region] quit
# Enable MSTP on CX- A.

[CX-A] stp enable
# Enable MSTP on CX- B.

[CX-B] stp enable
Step 2 Add interfaces to MSTP processes and configure a share link. 1. Add interfaces to MSTP processes. # Configure CX- A.
[CX-A] interface gigabitethernet 1/0/10 [CX-A-GigabitEthernet1/0/10] undo shutdown [CX-A-GigabitEthernet1/0/10] portswitch [CX-A-GigabitEthernet1/0/10] stp binding process 1 [CX-A-GigabitEthernet1/0/10] quit [CX-A] interface gigabitethernet 1/0/11 [CX-A-GigabitEthernet1/0/11] undo shutdown [CX-A-GigabitEthernet1/0/11] portswitch [CX-A-GigabitEthernet1/0/11] stp binding process 1 [CX-A-GigabitEthernet1/0/11] quit [CX-A] interface gigabitethernet 1/0/7 [CX-A-GigabitEthernet1/0/7] undo shutdown [CX-A-GigabitEthernet1/0/7] portswitch [CX-A-GigabitEthernet1/0/7] stp binding process 2 [CX-A-GigabitEthernet1/0/7] quit
7-74
Issue 01 (2011-05-30)
# Configure CX- B.
[CX-B] interface gigabitethernet 1/0/10 [CX-B-GigabitEthernet1/0/10] undo shutdown [CX-B-GigabitEthernet1/0/10] portswitch [CX-B-GigabitEthernet1/0/10] stp binding process 3 [CX-B-GigabitEthernet1/0/10] quit [CX-B] interface gigabitethernet 1/0/11 [CX-B-GigabitEthernet1/0/11] undo shutdown [CX-B-GigabitEthernet1/0/11] portswitch [CX-B-GigabitEthernet1/0/11] stp binding process 3 [CX-B-GigabitEthernet1/0/11] quit [CX-B] interface gigabitethernet 1/0/7 [CX-B-GigabitEthernet1/0/7] undo shutdown [CX-B-GigabitEthernet1/0/7] portswitch [CX-B-GigabitEthernet1/0/7] stp binding process 2 [CX-B-GigabitEthernet1/0/7] quit
NOTE
If the interface added to the MSTP process has sub-interfaces configured with features other than MSTP such as VPLS, run the stp vpls-subinterface enable command on the interface. The interface then notifies its sub-interfaces to update MAC entries and ARP entries after receiving a TC-BPDU. This ensures non-stop service transmission. In addition, root protection needs to be configured on the interface.
2.
Configure a share link. # Configure CX- A.

[CX-A] interface gigabitethernet1/0/0 [CX-A-GigabitEthernet1/0/0] undo shutdown [CX-A-GigabitEthernet1/0/0] portswitch [CX-A-GigabitEthernet1/0/0] stp binding process 2 link-share [CX-A-GigabitEthernet1/0/0] quit
# Configure CX- B.
[CX-B] interface gigabitethernet1/0/0 [CX-B-GigabitEthernet1/0/0] undo shutdown [CX-B-GigabitEthernet1/0/0] portswitch [CX-B-GigabitEthernet1/0/0] stp binding process 2 link-share [CX-B-GigabitEthernet1/0/0] quit
3.
Enable the MSTP function for MSTP multi-process. # Configure CX- A.

[CX-A] stp process 1 [CX-A-stp-process-1] [CX-A-stp-process-1] [CX-A] stp process 2 [CX-A-stp-process-2] [CX-A-stp-process-2] stp enable quit stp enable quit
# Configure CX- B.
[CX-B] stp process 3 [CX-B-stp-process-3] [CX-B-stp-process-3] [CX-B] stp process 2 [CX-B-stp-process-2] [CX-B-stp-process-2] stp enable quit stp enable quit
Step 3 Configure MSTP protection functions. l Configure priorities of MSTP processes and enable root protection. # Configure CX- A.
[CX-A] stp process 1 [CX-A-stp-process-1] [CX-A-stp-process-1] [CX-A-stp-process-1] [CX-A] stp process 2 [CX-A-stp-process-2] stp instance 0 root primary stp instance 1 root primary quit stp instance 0 root primary
Issue 01 (2011-05-30)
7-75
[CX-A-stp-process-2] stp instance 2 root primary [CX-A-stp-process-2] quit [CX-A] interface gigabitethernet 1/0/7 [CX-A-GigabitEthernet1/0/7] stp root-protection [CX-A-GigabitEthernet1/0/7] quit
# Configure CX- B.
[CX-B] stp process 3 [CX-B-stp-process-3] stp instance 0 root primary [CX-B-stp-process-3] stp instance 3 root primary [CX-B-stp-process-3] quit [CX-B] stp process 2 [CX-B-stp-process-2] stp instance 0 root secondary [CX-B-stp-process-2] stp instance 2 root secondary [CX-B-stp-process-2] quit [CX-B] interface gigabitethernet 1/0/7 [CX-B-GigabitEthernet1/0/7] stp root-protection [CX-B-GigabitEthernet1/0/7] quit
NOTE
l In each ring, the priority of the MSTP process on the downstream CE must be lower than the priority of the MSTP process on the CX device. l For CX- A and CX- B on the dual-access ring, you are recommended to configure them as the primary root bridges of different MSTIs. l A Layer 3 VPN can be bound to a primary root bridge but cannot be bound to a secondary root bridge.
l Configure share-link protection. # Configure CX- A.

[CX-A] stp process 2 [CX-A-stp-process-2] stp link-share-protection [CX-A-stp-process-2] quit
# Configure CX- B.
[CX-B] stp process 2 [CX-B-stp-process-2] stp link-share-protection [CX-B-stp-process-2] quit
Step 4 Create VLANs and add interfaces to the VLANs. # Create VLANs 1 to 200 on CX- A. Add GE 1/0/10 and GE 1/0/11 to VLANs 1 to 100, and add GE 1/0/0 and GE 1/0/7 to VLANs 101 to 200.
[CX-A] vlan batch 1 to 200 [CX-A] interface gigabitethernet 1/0/10 [CX-A-GigabitEthernet1/0/10] port trunk allow-pass vlan 1 to 100 [CX-A-GigabitEthernet1/0/10] quit [CX-A] interface gigabitethernet 1/0/11 [CX-A-GigabitEthernet1/0/11] port trunk allow-pass vlan 1 to 100 [CX-A-GigabitEthernet1/0/11] quit [CX-A] interface gigabitethernet 1/0/7 [CX-A-GigabitEthernet1/0/7] port trunk allow-pass vlan 101 to 200 [CX-A-GigabitEthernet1/0/7] quit [CX-A] interface gigabitethernet 1/0/0 [CX-A-GigabitEthernet1/0/0] port trunk allow-pass vlan 101 to 200 [CX-A-GigabitEthernet1/0/0] quit
# Create VLANs 1 to 200 on CX- B. Add GE 1/0/10 and GE 1/0/11 to VLANs 1 to 100, and add GE 1/0/0 and GE 1/0/7 to VLANs 101 to 200.
[CX-B] vlan batch 1 to 200 [CX-B] interface gigabitethernet 1/0/10 [CX-B-GigabitEthernet1/0/10] port trunk allow-pass vlan 1 to 100 [CX-B-GigabitEthernet1/0/10] quit [CX-B] interface gigabitethernet 1/0/11 [CX-B-GigabitEthernet1/0/11] port trunk allow-pass vlan 1 to 100
7-76
Issue 01 (2011-05-30)
[CX-B-GigabitEthernet1/0/11] quit [CX-B] interface gigabitethernet 1/0/7 [CX-B-GigabitEthernet1/0/7] port trunk allow-pass vlan 101 to 200 [CX-B-GigabitEthernet1/0/7] quit [CX-B] interface gigabitethernet 1/0/0 [CX-B-GigabitEthernet1/0/0] port trunk allow-pass vlan 101 to 200 [CX-B-GigabitEthernet1/0/0] quit
Step 5 Verify the configuration. l Run the display stp interface brief command on CX- A, and you can view the following information: # GE 1/0/10 is a designated port in the CIST of MSTP process 1.
[CX-A] display stp process 1 interface giabitethernet 1/0/10 brief MSTID Port Role STP State Protection 1 GigabitEthernet1/0/10 DESI FORWARDING NONE

[CX-A] display stp process 2 interface giabitethernet 1/0/7 brief MSTID Port Role STP State Protection 2 GigabitEthernet1/0/7 DESI FORWARDING ROOT
l Run the display stp interface brief command on CX- B, and you can view the following information: # GE 1/0/10 is a designated port in the CIST of MSTP process 3.
[CX-B] display stp process 3 interface giabitethernet 1/0/10 brief MSTID Port Role STP State Protection 3 GigabitEthernet1/0/10 DESI FORWARDING NONE

[CX-B] display stp process 2 interface giabitethernet 1/0/7 brief MSTID Port Role STP State Protection 2 GigabitEthernet1/0/7 DESI FORWARDING ROOT
----End
Configuration Files
Only the MSTP-related configuration files are listed. l Configuration file of CX- A
# sysname CX-A # vlan batch 1 to 200 # stp enable stp converge normal # stp process 1 stp instance 0 root primary stp instance 1 root primary stp enable stp converge normal stp region-configuration region-name RG1 instance 1 vlan 1 to 100 active region-configuration stp process 2 stp instance 0 root primary stp instance 2 root primary stp link-share-protection stp enable stp converge normal stp region-configuration
Issue 01 (2011-05-30)
7-77
region-name RG2 instance 2 vlan 101 to 200 active region-configuration
# interface GigabitEthernet1/0/10 undo shutdown portswitch port trunk allow-pass vlan 1 to 100 stp binding process 1 # interface GigabiEthernet1/0/11 undo shutdown portswitch port trunk allow-pass vlan 1 to 100 stp binding process 1 # interface GigabitEthernet1/0/7 undo shutdown portswitch port trunk allow-pass vlan 101 to 200 stp binding process 2 stp root-protection # interface GigabitEthernet1/0/0 undo shutdown portswitch port trunk allow-pass vlan 101 to 200 stp binding process 2 link-share # return

# sysname CX-B # vlan batch 1 to 200 # stp enable stp converge normal # stp process 2 stp instance 0 root secondary stp instance 2 root secondary stp link-share-protection stp enable stp converge normal stp region-configuration region-name RG2 instance 2 vlan 101 to 200 active region-configuration stp process 3 stp instance 0 root primary stp instance 3 root primary stp enable stp converge normal stp region-configuration region-name RG3 instance 3 vlan 1 to 100 active region-configuration # interface GigabitEthernet1/0/10 undo shutdown portswitch port trunk allow-pass vlan 1 to 100 stp binding process 3 # interface GigabiEthernet1/0/11 undo shutdown portswitch port trunk allow-pass vlan 1 to 100
7-78
Issue 01 (2011-05-30)
stp binding process 3 # interface GigabitEthernet1/0/7 undo shutdown portswitch port trunk allow-pass vlan 101 to 200 stp binding process 2 stp root-protection # interface GigabitEthernet1/0/0 undo shutdown portswitch port trunk allow-pass vlan 101 to 200 stp binding process 2 link-share # return
7.8.4 Example for Configuring E-STP - Inter-AS Option A (Martini Mode)

When configuring STP over PW in inter-AS Martini VPLS OptionA, you need to configure service VSIs in ASs, and create Layer 3 sub-interfaces between ASs to access the VSIs. In addition, in the same AS, you need to configure the management VSI (mVSI) on two ASBRs and enable STP on the mPW; between ASs, you need to enable STP on the inter-AS Layer 3 sub-interfaces.
Figure 7-12 shows the networking of inter-AS Option A in Martini mode. This type of networking has the following features: l l Each PE is dual-homed to ASBRs, and links are backed up between ASs. A VPLS network in Martini mode is configured between each PE and each ASBR, and the ASBR regards the inter-AS peer ASBR as its own CE.
This type of networking has the following problems: l l Each PE receives two copies of traffic sent by the peer PE. A loop may exist among ASBR1, ASBR2, ASBR3, and ASBR4.
You can adopt the following solutions to address the preceding problems: You can configure a mPW between intra-AS ASBRs and enable Spanning Tree Protocol (STP) on the mPW and the inter-AS Layer 3 main interfaces. Then, you can set STP priorities and cost values to configure ASBR3 as the root bridge, ASBR4 as the backup root bridge, and the interAS interface on ASBR2 to be blocked. In addition, the block of the inter-AS interface causes the block of the VPLS services that are bound to Layer 3 sub-interfaces. In this case, the traffic from CE1 passes along the path PE1-ASBR1-ASBR3-PE2 to reach CE2. This prevents the traffic from being doubled or forming a loop.
Issue 01 (2011-05-30)
7-79
Figure 7-12 Networking diagram of configuring E-STP - inter-AS Option A (Martini mode) VPLS Backbone1 ASBR3 VPLS Backbone 2 GE1/0/0 2 PO S3 GE1/0/0.1 GE1/0/0.1 0 /0/ /0/ /0 2 0 2 P 1 GE2/0/0 GE2/0/0 OS S /0 3 O STP PE2 1 S P /0/ PE1 PO 0 loop PW PW tunnel tunnel PO 0 S3 /0/ PO GE2/0/0 3 GE2/0/0 /0 / 0 2 2 S S2 /0 2/0 PO /0/ GE1/0/0 GE1/0/0 S 5 5 0 PO GE1/0/0.1 GE1/0/0.1 GE3/0/0.1 ASBR2 GE3/0/0.l ASBR4
2 GE1/0/0
ASBR1
GE1/0/0
GE1/0/0
CE1
Device PE1
STP cost
Blocked point
Device PE2
CE2
Interface and IP Address POS1/0/0: 100.1.1.1/24 POS2/0/0: 100.1.2.1/24 Loopback1: 1.1.1.1/32
Interface and IP Address POS1/0/0: 100.5.1.2/24 POS2/0/0: 100.5.2.2/24 Loopback1: 6.6.6.6/32
ASBR1
GE1/0/0: -GE2/0/0: 100.8.1.1/24 POS3/0/0: 100.1.1.2/24 Loopback1: 2.2.2.2/32
ASBR2
ASBR3
ASBR4
CE1
GE1/0/0: 10.1.1.1/24
CE2
GE1/0/0: 10.1.1.2/24
The configuration roadmap is as follows: 1. 2. Run an IGP protocol on the backbone network to realize device connectivity within the same AS. Configure the basic MPLS capability on the MPLS network, including the following tasks: l Set up dynamic LSPs between the PE and two ASBRs in the same AS. l Set up a dynamic LSP between the two ASBRs in the same AS. Set up the remote LDP session if the indirect connection(s) are established between the PE and ASBRs or between ASBRs. 3. Establish VPLS connections between the PE and ASBRs in the same AS, including the following tasks:
7-80
l Create service VSIs on the PE and two ASBRs in the same AS. These service VSIs are used to exchange service packets. l Create the mVSI on the two ASBRs in the same AS. The mVSI is used to send STP packets through the mPW. 4. Configure STP, including the following tasks: l Enable STP on the mPW of the ASBRs. l Enable STP on the inter-AS physical link. Configure relevant STP priorities to ensure that ASBR3 functions as the root bridge, and ASBR4 as the backup root bridge.
Data Preparation
To complete the configuration, you need the following data: l l l l Data for configuring OSPF IP addresses of remote peers MPLS LSR IDs of PEs and ASBRs VSI IDs
Procedure
Step 1 Assign IP addresses to the interfaces on the backbone network. The configuration details are not mentioned here. Step 2 Configure an IGP protocol on the backbone network. In the configuration example, OSPF is configured. The configuration details are not mentioned here. Step 3 Enable MPLS and configure LDP LSPs. Configure the basic MPLS capability on the MPLS backbone network, and establish dynamic LDP LSPs between the PE and ASBRs in the same AS. Take ASBR1 as an example:
<ASBR1> display mpls ldp session LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. -----------------------------------------------------------------------------PeerID Status LAM SsnRole SsnAge KASent/Rcv -----------------------------------------------------------------------------1.1.1.1:0 Operational DU Active 000:16:33 3968/3966 3.3.3.3:0 Operational DU Passive 000:16:24 3935/3936 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found.
Step 4 Enable MPLS L2VPN on the PE and the ASBRs. # Configure PE1.
[PE1] mpls l2vpn
# Configure ASBR1.
[ASBR1] mpls l2vpn
# Configure ASBR2.
[ASBR2] mpls l2vpn
Issue 01 (2011-05-30)
7-81
The configurations of PE2, ASBR3, and ASBR4 are the same and not mentioned here. Step 5 Configuring VPLS. 1. Configure the mVSI on the four NPEs, and establish the peer relationships between ASBR1 and ASBR2, and between ASBR3 and ASBR4. # Configure ASBR1.
[ASBR1] vsi m1 static [ASBR1-vsi-m1] pwsignal ldp [ASBR1-vsi-m1-ldp] vsi-id 100 [ASBR1-vsi-m1-ldp] peer 3.3.3.3 [ASBR1-vsi-m1-ldp] quit [ASBR1-vsi-m1] admin-vsi [ASBR1-vsi-m1] quit
# Configure ASBR2.
# Configure ASBR3.
# Configure ASBR4.
2.
On PEs and ASBRs, configure service VSIs and bind the service VSIs to relevant interfaces. # Configure PE1.
[PE1] vsi s1 static [PE1-vsi-s1] pwsignal ldp [PE1-vsi-s1-ldp] vsi-id 10 [PE1-vsi-s1-ldp] peer 2.2.2.2 [PE1-vsi-s1-ldp] peer 3.3.3.3 [PE1-vsi-s1-ldp] quit [PE1-vsi-s1] quit [PE1] interface gigabitethernet 3/0/0 [PE1-GigabitEthernet3/0/0] undo shutdown [PE1-GigabitEthernet3/0/0] quit [PE1] interface gigabitethernet 3/0/0.1 [PE1-GigabitEthernet3/0/0.1] shutdown [PE1-GigabitEthernet3/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet3/0/0.1] l2 binding vsi s1 [PE1-GigabitEthernet3/0/0.1] undo shutdown [PE1-GigabitEthernet3/0/0.1] quit
# Configure ASBR1.
[ASBR1] vsi s1 static [ASBR1-vsi-s1] pwsignal ldp [ASBR1-vsi-s1-ldp] vsi-id 10 [ASBR1-vsi-s1-ldp] peer 1.1.1.1 [ASBR1-vsi-s1-ldp] quit [ASBR1-vsi-s1] quit
7-82
Issue 01 (2011-05-30)
[ASBR1] interface gigabitethernet 1/0/0 [ASBR1-GigabitEthernet1/0/0] undo shutdown [ASBR1-GigabitEthernet1/0/0] quit [ASBR1] interface gigabitethernet 1/0/0.1 [ASBR1-GigabitEthernet1/0/0.1] shutdown [ASBR1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [ASBR1-GigabitEthernet1/0/0.1] l2 binding vsi s1 [ASBR1-GigabitEthernet1/0/0.1] undo shutdown [ASBR1-GigabitEthernet1/0/0.1] quit
# Configure ASBR2.
[ASBR2] vsi s1 static [ASBR2-vsi-s1] pwsignal ldp [ASBR2-vsi-s1-ldp] vsi-id 10 [ASBR2-vsi-s1-ldp] peer 1.1.1.1 [ASBR2-vsi-s1-ldp] quit [ASBR2-vsi-s1] quit [ASBR2] interface gigabitethernet 1/0/0 [ASBR2-GigabitEthernet1/0/0] undo shutdown [ASBR2-GigabitEthernet1/0/0] quit [ASBR2] interface gigabitethernet 1/0/0.1 [ASBR2-GigabitEthernet1/0/0.1] shutdown [ASBR2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [ASBR2-GigabitEthernet1/0/0.1] l2 binding vsi s1 [ASBR2-GigabitEthernet1/0/0.1] undo shutdown [ASBR2-GigabitEthernet1/0/0.1] quit
# Configure PE2.
[PE2] vsi s1 static [PE2-vsi-s1] pwsignal ldp [PE2-vsi-s1-ldp] vsi-id 10 [PE2-vsi-s1-ldp] peer 4.4.4.4 [PE2-vsi-s1-ldp] peer 5.5.5.5 [PE2-vsi-s1-ldp] quit [PE2-vsi-s1] quit [PE2] interface gigabitethernet 3/0/0 [PE2-GigabitEthernet3/0/0] undo shutdown [PE2-GigabitEthernet3/0/0] quit [PE2] interface gigabitethernet 3/0/0.1 [PE2-GigabitEthernet3/0/0.1] shutdown [PE2-GigabitEthernet3/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet3/0/0.1] l2 binding vsi s1 [PE2-GigabitEthernet3/0/0.1] undo shutdown [PE2-GigabitEthernet3/0/0.1] quit
# Configure ASBR3.
[ASBR3] vsi s1 static [ASBR3-vsi-s1] pwsignal ldp [ASBR3-vsi-s1-ldp] vsi-id 10 [ASBR3-vsi-s1-ldp] peer 6.6.6.6 [ASBR3-vsi-s1-ldp] quit [ASBR3-vsi-s1] quit [ASBR3] interface gigabitethernet 1/0/0 [ASBR3-GigabitEthernet1/0/0] undo shutdown [ASBR3-GigabitEthernet1/0/0] quit [ASBR3] interface gigabitethernet 1/0/0.1 [ASBR3-GigabitEthernet1/0/0.1] shutdown [ASBR3-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [ASBR3-GigabitEthernet1/0/0.1] l2 binding vsi s1 [ASBR3-GigabitEthernet1/0/0.1] undo shutdown [ASBR3-GigabitEthernet1/0/0.1] quit
# Configure ASBR4.
[ASBR4] vsi s1 static [ASBR4-vsi-s1] pwsignal ldp [ASBR4-vsi-s1-ldp] vsi-id 10 [ASBR4-vsi-s1-ldp] peer 6.6.6.6 [ASBR4-vsi-s1-ldp] quit [ASBR4-vsi-s1] quit
Issue 01 (2011-05-30)
7-83
[ASBR4] interface gigabitethernet 1/0/0 [ASBR4-GigabitEthernet1/0/0] undo shutdown [ASBR4-GigabitEthernet1/0/0] quit [ASBR4] interface gigabitethernet 1/0/0.1 [ASBR4-GigabitEthernet1/0/0.1] shutdown [ASBR4-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [ASBR4-GigabitEthernet1/0/0.1] l2 binding vsi s1 [ASBR4-GigabitEthernet1/0/0.1] undo shutdown [ASBR2-GigabitEthernet1/0/0.1] quit
Step 6 Enable STP. Enable STP on the four PEs. # Configure the Multiple Spanning Tree (MST) region of ASBR1, and then activate the MST region configuration. Because the four ASBRs have the same MST region configurations, take ASBR1 as an example.
[ASBR1] stp enable [ASBR1] stp region-configuration [ASBR1-mst-region] region-name RG1 [ASBR1-mst-region] active region-configuration [ASBR1-mst-region] quit
# Configure the STP priority of ASBR3 as 0 in MSTI0 to ensure that ASBR3 functions as the root bridge.
[ASBR3] stp instance 0 priority 0
# Configure the STP priority of ASBR4 as 4096 in MSTI0 to ensure that ASBR4 functions as the backup root bridge.
[ASBR4] stp instance 0 priority 4096
Configure the STP priorities of ASBR1 and ASBR2 as the default STP priority, namely, 32768. Step 7 Configure E-STP, including the following tasks: On the ASBRs: l Create the mPW and enter the mPW view, and then enable STP. l Enable STP on the inter-AS physical link.
NOTE
When binding the service VSI to the management VSI, configure STP in the management VSI rather than in the service VSI. In this manner, the status of the service VSI is associated with the status of the management VSI.
# Configure ASBR1.
[ASBR1] vsi m1 static [ASBR1-vsi-m1] pwsignal ldp [ASBR1-vsi-m1-ldp] peer 3.3.3.3 pw pw1 [ASBR1-vsi-m1-ldp-pw-pw1] stp enable [ASBR1-vsi-m1-ldp-pw-pw1] stp cost 2 [ASBR1-vsi-m1-ldp-pw-pw1] quit [ASBR1-vsi-m1-ldp] quit [ASBR1-vsi] quit [ASBR1] interface gigabitethernet 1/0/0 [ASBR1-GigabitEthernet1/0/0] stp enable [ASBR1-GigabitEthernet1/0/0] stp instance 0 cost 2
# Configure ASBR2.
[ASBR2] vsi m1 static [ASBR2-vsi-m1] pwsignal ldp
7-84
Issue 01 (2011-05-30)
[ASBR2-vsi-m1-ldp] peer 2.2.2.2 pw pw1 [ASBR2-vsi-m1-ldp-pw-pw1] stp enable [ASBR2-vsi-m1-ldp-pw-pw1] stp cost 2 [ASBR2-vsi-m1-ldp-pw-pw1] quit [ASBR2-vsi-m1-ldp] quit [ASBR2-vsi] quit [ASBR2] interface gigabitethernet 1/0/0 [ASBR2-GigabitEthernet1/0/0] stp enable [ASBR2-GigabitEthernet1/0/0] stp instance 0 cost 5
# Configure ASBR3.
# Configure ASBR4.
Step 8 Configure CEs. # Configure CE1.

[CE1] interface gigabitethernet 1/0/0.1 [CE1-GigabitEthernet1/0/0.1] shutdown [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] undo shutdown [CE1-GigabitEthernet1/0/0.1] quit
# Configure CE2.
Step 9 Verify the configuration. l Run the display stp brief command on the four ASBRs. You can view STP information, and find that only GE 1/0/0 on ASBR2 is in the discarding state. That is, only GE 1/0/0 is blocked.
<ASBR1> MSTID 0 0 <ASBR2> display stp brief Port GigabitEthernet1/0/0 m1-pw1 display stp brief Role ROOT DESI STP State FORWARDING FORWARDING Protection NONE NONE
Issue 01 (2011-05-30)
7-85
MSTID 0 0 <ASBR3> MSTID 0 0 <ASBR4> MSTID 0 0 Port GigabitEthernet1/0/0 m1-pw1 display stp brief Port m1-pw1 GigabitEthernet1/0/0 display stp brief Port m1-pw1 GigabitEthernet1/0/0
Role ALTE ROOT Role DEST DESI Role ROOT DESI STP State DISCARDING FORWARDING STP State FORWARDING FORWARDING STP State FORWARDING FORWARDING Protection NONE NONE Protection NONE NONE Protection NONE NONE
l Run the display vsi name s1 verbose command on ASBR1. You can find that a PW connecting PE1 is established in the VSI named s1 that is in the Up state.
<ASBR1> display vsi name s1 verbose ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Diffserv Mode Service Class Color DomainId Domain Name Ignore AcState Multicast Fast Swicth Create Time VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID Broadcast Tunnel ID CKey NKey StpEnable PwIndex Interface Name State Last Up Time Total Up Time **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID Broadcast Tunnel ID Ckey Nkey Main PW Token Slave PW Token Tnl Type OutInterface Stp Enable Mac Flapping : : : : : : : : : : : : : : : 1.1.1.1 up 19457 19456 label 0x2000 0x801008 0x6 0x5 0x801008 0x0 LSP GigabitEthernet1/0/0 0 0 : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : s1 no disable 0 ldp static unqualify vlan 1500 uniform --255 disable disable 0 days, 0 hours, 26 minutes, 24 seconds up 10 1.1.1.1 19457 dynamic up 0x2000 0x801008 6 5 0 0 GigabitEthernet1/0/0.1 up 2009/02/25 11:15:37 0 days, 0 hours, 24 minutes, 21 seconds
7-86
Issue 01 (2011-05-30)
PW Last Up Time : 2009/02/25 11:15:38 PW Total Up Time : 0 days, 0 hours, 24 minutes, 21 seconds <ASBR2> display vsi name s1 verbose ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Diffserv Mode Service Class Color DomainId Domain Name Ignore AcState Multicast Fast Swicth Create Time VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID Broadcast Tunnel ID CKey NKey StpEnable PwIndex Interface Name State Last Up Time Total Up Time **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID Broadcast Tunnel ID Ckey Nkey Main PW Token Slave PW Token Tnl Type OutInterface Stp Enable Mac Flapping PW Last Up Time PW Total Up Time : : : : : : : : : : : : : : : : : 1.1.1.1 up 19457 19457 label 0x2004 0x801008 0x6 0x5 0x801008 0x0 LSP GigabitEthernet1/0/0 0 0 2009/02/25 11:17:20 0 days, 0 hours, 22 minutes, 50 seconds : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : s1 no disable 0 ldp static unqualify vlan 1500 uniform --255 disable disable 0 days, 0 hours, 23 minutes, 28 seconds up 10 1.1.1.1 19457 dynamic up 0x2004 0x801008 6 5 0 0 Ethernet1/0/0.1 up 2009/02/25 11:17:20 0 days, 0 hours, 22 minutes, 49 seconds
l In addition, CE1 and CE2 can ping each other successfully. Take the display on CE1 as an example.
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=172 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=156 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=156 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=156 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=156 ms ms ms ms ms
Issue 01 (2011-05-30)
7-87
----End
Configuration Files
# sysname PE1 # mpls lsr-id 1.1.1.1 mpls # mpls l2vpn # vsi s1 static pwsignal ldp vsi-id 10 peer 2.2.2.2 peer 3.3.3.3 # mpls ldp # interface POSl/0/0 undo shutdown ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface POS2/0/0 undo shutdown ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet3/0/0 undo shutdown # interface GigabitEthernet3/0/0.1 vlan-type dot1q 10 undo shutdown l2 binding vsi s1 # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # ospf 1 area 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 network 1.1.1.1 0.0.0.0 # return

# sysname PE2 # mpls lsr-id 6.6.6.6 mpls # mpls l2vpn # vsi s1 static
7-88
Issue 01 (2011-05-30)
pwsignal ldp vsi-id 10 peer 4.4.4.4 peer 5.5.5.5 # mpls ldp # interface POSl/0/0 undo shutdown ip address 100.5.1.2 255.255.255.0 mpls mpls ldp # interface POS2/0/0 undo shutdown ip address 100.5.2.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet3/0/0 undo shutdown # interface GigabitEthernet3/0/0.1 vlan-type dot1q 10 undo shutdown l2 binding vsi s1 # interface LoopBack1 ip address 6.6.6.6 255.255.255.255 # ospf 1 area 0.0.0.0 network 100.5.1.0 0.0.0.255 network 100.5.2.0 0.0.0.255 network 6.6.6.6 0.0.0.0 # return
Configuration file of ASBR1

# sysname ASBR1 # stp enable # stp region-configuration region-name RG1 active region-configuration # mpls lsr-id 2.2.2.2 mpls # mpls l2vpn # vsi s1 static pwsignal ldp vsi-id 10 peer 1.1.1.1 # vsi m1 static pwsignal ldp vsi-id 100 peer 3.3.3.3 peer 3.3.3.3 pw pw1 stp enable stp cost 2 admin-vsi # mpls ldp # interface GigabitEthernet1/0/0
Issue 01 (2011-05-30)
7-89
undo shutdown stp enable stp instance 0 cost 2 # interface GigabitEthernet1/0/0.1 vlan-type dot1q 100 undo shutdown l2 binding vsi s1 # interface GigabitEthernet2/0/0 undo shutdown ip address 100.8.1.1 255.255.255.0 mpls mpls ldp # interface POS3/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # ospf 1 area 0.0.0.0 network 100.8.1.0 0.0.0.255 network 2.2.2.2 0.0.0.0 network 100.1.1.0 0.0.0.255 # return

# sysname ASBR2 # stp enable # stp region-configuration region-name RG1 active region-configuration # mpls lsr-id 3.3.3.3 mpls # mpls l2vpn # vsi s1 static pwsignal ldp vsi-id 10 peer 1.1.1.1 # vsi m1 static pwsignal ldp vsi-id 100 peer 2.2.2.2 peer 2.2.2.2 pw pw1 stp enable stp cost 2 admin-vsi # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown stp enable stp instance 0 cost 5 # interface GigabitEthernet1/0/0.1
7-90
Issue 01 (2011-05-30)
vlan-type dot1q 10 undo shutdown l2 binding vsi s1 # interface GigabitEthernet2/0/0 undo shutdown ip address 100.8.1.2 255.255.255.0 mpls mpls ldp # interface POS3/0/0 link-protocol ppp undo shutdown ip address 100.1.2.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.3 255.255.252.0 # ospf 1 area 0.0.0.0 network 100.8.1.0 0.0.0.255 network 3.3.3.3 0.0.0.0 network 100.1.2.0 0.0.0.255 # return

# sysname ASBR3 # stp instance 0 priority 0 stp enable # stp region-configuration region-name RG1 active region-configuration # mpls lsr-id 4.4.4.4 mpls # mpls l2vpn # vsi s1 static pwsignal ldp vsi-id 10 peer 6.6.6.6 # vsi m1 static pwsignal ldp vsi-id 100 peer 5.5.5.5 peer 5.5.5.5 pw pw1 stp enable stp cost 2 admin-vsi # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown stp enable stp instance 0 cost 2 # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 undo shutdown l2 binding vsi s1 #
Issue 01 (2011-05-30)
7-91
interface GigabitEthernet2/0/0 undo shutdown ip address 100.9.1.1 255.255.255.0 mpls mpls ldp # interface POS3/0/0 link-protocol ppp undo shutdown ip address 100.5.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 # ospf 1 area 0.0.0.0 network 100.9.1.0 0.0.0.255 network 100.5.1.0 0.0.0.255 network 4.4.4.4 0.0.0.0 # return

# sysname ASBR4 # stp instance 0 priority 4096 stp enable # stp region-configuration region-name RG1 active region-configuration # mpls lsr-id 5.5.5.5 mpls # mpls l2vpn # vsi s1 static pwsignal ldp vsi-id 10 peer 6.6.6.6 # vsi m1 static pwsignal ldp vsi-id 100 peer 4.4.4.4 peer 4.4.4.4 pw pw1 stp enable stp cost 2 admin-vsi # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown stp enable stp instance 0 cost 5 # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 undo shutdown l2 binding vsi s1 # interface GigabitEthernet2/0/0 undo shutdown ip address 100.9.1.2 255.255.255.0 mpls
7-92
Issue 01 (2011-05-30)
mpls ldp # interface POS3/0/0 link-protocol ppp undo shutdown ip address 100.5.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 5.5.5.5 255.255.255.255 # ospf 1 area 0.0.0.0 network 100.9.1.0 0.0.0.255 network 100.5.2.0 0.0.0.255 network 5.5.5.5 0.0.0.0 # return

# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.1 255.255.255.0 # return

7.8.5 Example for Configuring E-STP - Inter-AS PW Interconnection (Martini Mode)

When configuring STP over PW based on inter-AS PW interconnection in Martini mode, you need to configure service VSIs and the mVSI on inter-AS and intra-AS NPEs, and enable STP on the mPW.
Figure 7-13 shows the networking of inter-AS PW interconnection in Martini mode. This type of networking has the following features: l l Each UPE is dual-homed to NPEs, and links are backed up between ASs. The two ASs are connected through a Hierarchical VPLS (HVPLS) network. UPE1, NPE1, and NPE3 form a basic H-VPLS network, and UPE1 is an UPE peer of NPE1.
Issue 01 (2011-05-30)
The service PWs between NPE1 and NPE3 and between NPE2 and NPE4 are Spoke PWs, which do not comply with the principle of split horizon.
This type of networking has the following problem: l Each UPE receives two copies of traffic sent by the peer UPE.
You can adopt the following solutions to address the preceding problems: You can configure a mPW between inter-AS NPEs and intra-AS NPEs, and enable STP on the mPW. Then, you can set STP priorities and cost values to configure NPE3 as the root bridge, NPE4 as the backup root bridge, and the inter-AS mPW on NPE2 to be blocked. In addition, the block of the management VSI causes the block of the service VSIs. In this case, the traffic from CE1 passes along the path UPE1-NPE1-NPE3-UPE2 to reach CE2. This prevents the traffic from being doubled or forming a loop. Figure 7-13 Networking diagram of configuring E-STP - inter-AS PW interconnection (Martini mode) VPLS Backbone1 VPLS Backbone 2 GE1/0/0 NPE1 GE1/0/0 Service PW 2 2 NPE3 PO 0 S3 /0/ Management 3 /0 2 2 S P PW OS /0 PO GE2/0/0 GE2/0/0 1/0 /0 UPE2 0 / /0 Management Management 1 PW PW OS
GE2/0/0 GE2/0/0 2 2 Management PW 5 5 Service PW
UPE1
P
PO
S2 P /0/ OS 0 3/ 0
GE3/0/0.1
/0
NPE2 GE1/0/0
2 5
GE1/0/0
GE1/0/0
0 /0/ 3 /0 S 2/0 PO S PO GE3/0/0.l NPE4
GE1/0/0 STP cost

Device UPE2
CE1
Device UPE1
Blocked point
CE2
Interface and IP Address POS1/0/0: 100.1.1.1/24 POS2/0/0: 100.1.2.1/24 GE3/0/0.1: -Loopback1: 1.1.1.1/32
Interface and IP Address POS1/0/0: 100.5.1.2/24 POS2/0/0: 100.5.2.2/24 GE3/0/0.1: -Loopback1: 6.6.6.6/32
NPE1
POS2/0/0: 100.3.1.1/24 POS3/0/0: 100.1.1.2/24 Loopback1: 2.2.2.2/32
NPE2
POS2/0/0: 100.3.1.2/24 POS3/0/0: 100.1.2.2/24 Loopback1: 3.3.3.3/32
NPE3
POS2/0/0: 100.4.1.1/24 POS3/0/0: 100.5.1.1/24 Loopback1: 4.4.4.4/32
NPE4
POS2/0/0: 100.4.1.2/24 POS3/0/0: 100.5.2.1/24 Loopback1: 5.5.5.5/32
CE1
GE1/0/0: --
CE2
GE1/0/0: --
7-94
Issue 01 (2011-05-30)
The configuration roadmap is as follows: 1. 2. Run an IGP protocol on the backbone network to realize device connectivity within the same AS. Enable the basic MPLS capability on the backbone network, including the following tasks: l Set up dynamic LSPs between the UPE and two NPEs in the same AS. l Set up a dynamic LSP between the two NPEs in the same AS. Establish remote LDP sessions for the indirect connection(s) between the UPE and NPEs or between NPEs. 3. Establish the VPLS connections between the UPE and NPEs in the same AS, including the following tasks: l Create service VSIs on the UPE and two NPEs that are in the same AS. These service VSIs are used to exchange service packets. l Create the mVSI on the NPEs that are in the same AS. The mVSI is used to send STP packets through the mPW. l Configure the mVSI and service VSIs on the NPEs, with the mPW transmitting STP packets, and service PWs transparently transmitting service packets. Meanwhile, associate the status of service VSIs with the status of the mVSI. 4. Configure STP on the intra-AS mPW and inter-AS mPW. By configuring STP priorities and costs, ensure that NPE3 functions as the root bridge, NPE4 as the backup root bridge, and the PW between NPE2 and NPE4 as being blocked.
Data Preparation
To complete the configuration, you need the following data: l l l l l Data for configuring OSPF IP addresses of remote peers MPLS LSR IDs of UPEs and NPEs VSI IDs STP priorities and costs
Procedure
Step 1 Assign IP addresses to the interfaces on the MPLS backbone network. The configuration details are not mentioned here. Step 2 Configure an IGP protocol on the MPLS backbone network. Configure an IGP protocol on the MPLS backbone network to realize the interconnection between UPEs and NPEs. In the configuration example, OSPF is configured. The configuration details are not mentioned here. Step 3 Enable MPLS and configure LDP LSPs. Configure the basic MPLS capability on the MPLS network, and establish dynamic LDP LSPs between the UPE and NPEs in the same AS. After this step, LSPs are established between the UPE and NPEs in the same AS.
Step 4 Enable MPLS L2VPN on the UPE and NPEs. # Configure UPE1.
[UPE1] mpls l2vpn
# Configure NPE1.
[NPE1] mpls l2vpn
# Configure NPE2.
[NPE2] mpls l2vpn
The configurations of UPE2, UPE3, and NPE4 are similar and not mentioned here. Step 5 Configuring VPLS. 1. Configure the mVSI on the four NPEs, including the configurations of the mPW between the intra-AS NPEs and mPW between the inter-AS NPEs. # Configure NPE1.
[NPE1] vsi m1 static [NPE1-vsi-m1] pwsignal ldp [NPE1-vsi-m1-ldp] vsi-id 10 [NPE1-vsi-m1-ldp] peer 3.3.3.3 [NPE1-vsi-m1-ldp] peer 4.4.4.4 [NPE1-vsi-m1-ldp] quit [NPE1-vsi-m1] admin-vsi [NPE1-vsi-m1] quit
# Configure NPE2.
# Configure NPE3.
# Configure NPE4.
2.
On UPEs, configure service VSIs and bind the service VSIs to relevant interfaces. On NPEs, configure the Hierarchical VPLS (HVPLS) networking with the intra-AS UPEs, establish ordinary peer relationships with the inter-AS NPEs, and bind service VSIs to the mVSI. # Configure UPE1.
[UPE1] vsi s1 static [UPE1-vsi-s1] pwsignal ldp [UPE1-vsi-s1-ldp] vsi-id 100
7-96
Issue 01 (2011-05-30)
[UPE1-vsi-s1-ldp] peer 2.2.2.2 [UPE1-vsi-s1-ldp] peer 3.3.3.3 [UPE1-vsi-s1-ldp] quit [UPE1-vsi-s1] quit [UPE1] interface gigabitethernet 3/0/0.1 [UPE1-GigabitEthernet3/0/0.1] shutdown [UPE1-GigabitEthernet3/0/0.1] vlan-type dot1q 10 [UPE1-GigabitEthernet3/0/0.1] l2 binding vsi s1 [UPE1-GigabitEthernet3/0/0.1] undo shutdown [UPE1-GigabitEthernet3/0/0.1] quit
# Configure NPE1.
[NPE1] vsi s1 static [NPE1-vsi-s1] pwsignal ldp [NPE1-vsi-s1-ldp] vsi-id 100 [NPE1-vsi-s1-ldp] peer 1.1.1.1 upe [NPE1-vsi-s1-ldp] peer 4.4.4.4 [NPE1-vsi-s1-ldp] quit [NPE1-vsi-s1] track admin-vsi m1 [NPE1-vsi-s1] quit
# Configure NPE2.
# Configure UPE2.
[UPE2] vsi s1 static [UPE2-vsi-s1] pwsignal ldp [UPE2-vsi-s1-ldp] vsi-id 100 [UPE2-vsi-s1-ldp] peer 4.4.4.4 [UPE2-vsi-s1-ldp] peer 5.5.5.5 [UPE2-vsi-s1-ldp] quit [UPE2-vsi-s1] quit [UPE2] interface gigabitethernet 3/0/0.1 [UPE2-GigabitEthernet3/0/0.1] shutdown [UPE2-GigabitEthernet3/0/0.1] vlan-type dot1q 10 [UPE2-GigabitEthernet3/0/0.1] l2 binding vsi s1 [UPE2-GigabitEthernet3/0/0.1] undo shutdown [UPE2-GigabitEthernet3/0/0.1] quit
# Configure NPE3.
# Configure NPE4.
Step 6 Enable STP. Enable STP on the four NPEs.

# Configure the MST region of NPE1, and then activate the region configurations. Because the four NPEs have the same region configurations, take NPE1 as an example.
[NPE1] stp enable [NPE1] stp region-configuration [NPE1-mst-region] region-name RG1 [NPE1-mst-region] active region-configuration [NPE1-mst-region] quit
# Configure the priority of NPE3 as 0 in MSTI0 to ensure that NPE3 functions as the root bridge.
[NPE3] stp instance 0 priority 0
# Configure the priority of NPE4 as 4096 in MSTI0 to ensure that NPE4 functions as the backup root bridge.
[NPE4] stp instance 0 priority 4096
Configure the STP priorities of NPE1 and NPE2 as the default STP priority, namely, 32768. Step 7 Configure E-STP. Enable STP on the intra-AS mPW and inter-AS mPW, and configure STP costs.
NOTE
# Configure NPE1.
[NPE1] vsi m1 static [NPE1-vsi-m1] pwsignal ldp [NPE1-vsi-m1-ldp] peer 3.3.3.3 pw pw1 [NPE1-vsi-m1-ldp-pw-pw1] stp enable [NPE1-vsi-m1-ldp-pw-pw1] stp cost 2 [NPE1-vsi-m1-ldp-pw-pw1] quit [NPE1-vsi-m1-ldp] peer 4.4.4.4 pw pw2 [NPE1-vsi-m1-ldp-pw-pw2] stp enable [NPE1-vsi-m1-ldp-pw-pw2] stp cost 2 [NPE1-vsi-m1-ldp-pw-pw2] quit
# Configure NPE2.
[NPE2] vsi m1 static [NPE2-vsi-m1] pwsignal ldp [NPE2-vsi-m1-ldp] peer 2.2.2.2 pw pw1 [NPE2-vsi-m1-ldp-pw-pw1] stp enable [NPE2-vsi-m1-ldp-pw-pw1] stp cost 2 [NPE2-vsi-m1-ldp-pw-pw1] quit [NPE2-vsi-m1-ldp] peer 5.5.5.5 pw pw2 [NPE2-vsi-m1-ldp-pw-pw2] stp enable [NPE2-vsi-m1-ldp-pw-pw2] stp cost 5 [NPE2-vsi-m1-ldp] quit [NPE2-vsi] quit
# Configure NPE3.
[NPE3] vsi m1 static [NPE3-vsi-m1] pwsignal ldp [NPE3-vsi-m1-ldp] peer 5.5.5.5 pw pw1 [NPE3-vsi-m1-ldp-pw-pw1] stp enable [NPE3-vsi-m1-ldp-pw-pw1] stp cost 2 [NPE3-vsi-m1-ldp-pw-pw1] quit [NPE3-vsi-m1-ldp] peer 2.2.2.2 pw pw2 [NPE3-vsi-m1-ldp-pw-pw2] stp enable [NPE3-vsi-m1-ldp-pw-pw2] stp cost 2 [NPE3-vsi-m1-ldp-pw-pw2] quit [NPE3-vsi] quit
7-98
Issue 01 (2011-05-30)
# Configure NPE4.
[NPE4] vsi m1 static [NPE4-vsi-m1] pwsignal ldp [NPE4-vsi-m1-ldp] peer 4.4.4.4 pw pw1 [NPE4-vsi-m1-ldp-pw-pw1] stp enable [NPE4-vsi-m1-ldp-pw-pw1] stp cost 2 [NPE4-vsi-m1-ldp-pw-pw1] quit [NPE4-vsi-m1-ldp] peer 3.3.3.3 pw pw2 [NPE4-vsi-m1-ldp-pw-pw2] stp enable [NPE4-vsi-m1-ldp-pw-pw2] stp cost 5 [NPE4-vsi-m1-ldp-pw-pw2] quit [NPE4-vsi-m1-ldp] quit [NPE4-vsi] quit
Step 8 Configure CEs. # Configure CE1.

# Configure CE2.
Step 9 Verify the configuration. l Check STP information.

[NPE1] display stp brief MSTID Port 0 m1-pw1 0 m1-pw2 [NPE2] display stp brief MSTID Port 0 m1-pw1 0 m1-pw2 Role DESI ROOT STP State FORWARDING FORWARDING Protection NONE NONE Protection NONE NONE
Role STP State ROOT FORWARDING ALTE DISCARDING
As shown in the command output, The PW named pw2 between NPE2 and NPE4 is blocked and in the discarding state. l Run the display vsi name s1 verbose command on NPE1 and NPE2. The command output on NPE1 shows that the service VSI s1 has two PWs respectively connecting UPE1 and UPE3, and both the service VSI s1 and the PWs are in the Up state. The command output on NPE2 shows that the service VSI s1 have two PWs respectively connecting UPE1 and UPE4, and the service VSI s1 and the PW connecting with UPE1 are in the Up state, but the PW connecting NPE4 is in the backup state. For details, see the following table. Device NPE1 Status of the service VSI UP Status of the service PW l The status of the PW between NPE1 and UPE1 is Up. l The status of the PW between NPE1 and NPE3 is Up.
Device NPE2
Status of the service VSI UP
Status of the service PW l The status of the PW between NPE2 and UPE1 is Up. l The status of the PW between NPE2 and NPE4 is backup.
<NPE1> display vsi name s1 verbose ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Diffserv Mode Service Class Color DomainId Domain Name Ignore AcState Multicast Fast Swicth Create Time VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID Broadcast Tunnel ID CKey NKey StpEnable PwIndex *Peer Router ID VC Label Peer Type Session Tunnel ID Broadcast Tunnel ID CKey NKey StpEnable PwIndex **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID Broadcast Tunnel ID Ckey Nkey Main PW Token Slave PW Token : : : : : : : : : : : 1.1.1.1 up 19459 19456 MEHVPLS 0x2000 0x801008 0x6 0x5 0x801008 0x0 : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : s1 no disable 0 ldp static unqualify vlan 1500 uniform --255 disable disable 0 days, 14 hours, 26 minutes, 19 seconds up 10 1.1.1.1 19459 dynamic up 0x2000 0x801008 6 5 0 0 4.4.4.4 19460 dynamic up 0x201d 0x801008 6 5 0 0
7-100
Issue 01 (2011-05-30)
Tnl Type OutInterface Stp Enable Mac Flapping PW Last Up Time PW Total Up Time *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID Broadcast Tunnel ID Ckey Nkey Main PW Token Slave PW Token Tnl Type OutInterface Stp Enable Mac Flapping PW Last Up Time PW Total Up Time <NPE2> display vsi name s1 ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Diffserv Mode Service Class Color DomainId Domain Name Ignore AcState Multicast Fast Swicth Create Time VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID Broadcast Tunnel ID CKey NKey StpEnable PwIndex *Peer Router ID VC Label Peer Type Session Tunnel ID Broadcast Tunnel ID CKey NKey StpEnable PwIndex **PW Information: *Peer Ip Address : 1.1.1.1
: LSP : POS3/0/0 : 0 : 0 : 2009/02/25 07:46:06 : 0 days, 13 hours, 42 minutes, 56 seconds : 4.4.4.4 : up : 19460 : 19456 : label : 0x201d : 0x801008 : 0x6 : 0x5 : 0x801008 : 0x0 : LSP : GigabitEthernet1/0/0 : 1 : 0 : 2009/02/25 07:46:06 : 0 days, 13 hours, 42 minutes, 56 seconds verbose : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : s1 no disable 0 ldp static unqualify vlan 1500 uniform --255 disable disable 0 days, 14 hours, 29 minutes, 51 seconds up 10 1.1.1.1 19458 dynamic up 0x2004 0x801008 6 5 0 0 5.5.5.5 19459 dynamic up 0x2016 0x801008 6 5 0 0
Issue 01 (2011-05-30)
7-101
PW State Local VC Label Remote VC Label PW Type Tunnel ID Broadcast Tunnel ID Ckey Nkey Main PW Token Slave PW Token Tnl Type OutInterface Stp Enable Mac Flapping PW Last Up Time PW Total Up Time *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID Broadcast Tunnel ID Ckey Nkey Main PW Token Slave PW Token Tnl Type OutInterface Stp Enable Mac Flapping PW Last Up Time PW Total Up Time : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : :
up 19458 19457 MEHVPLS 0x2004 0x801008 0x6 0x5 0x801008 0x0 LSP POS3/0/0 0 0 2009/02/24 20:33:18 0 days, 13 hours, 43 minutes, 11 seconds 5.5.5.5 backup 19459 19456 label 0x2016 0x801008 0x6 0x5 0x801008 0x0 LSP GigabitEthernet1/0/0 1 0 2009/02/24 20:33:18 0 days, 13 hours, 43 minutes, 11 seconds
As shown in the command output, the service PW between NPE1 and NPE4 is blocked. l CE1 and CE2 can ping each other successfully. Take the display on CE1 as an example.
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=172 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=156 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=156 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=156 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=156 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 156/159/172 ms ms ms ms ms ms
----End
Configuration Files
l Configuration file of UPE1
# sysname UPE1 # mpls lsr-id 1.1.1.1 mpls # mpls l2vpn # vsi s1 static pwsignal ldp vsi-id 10 peer 2.2.2.2
7-102
Issue 01 (2011-05-30)
peer 3.3.3.3 # mpls ldp # interface POS1/0/0 link-protocol ppp ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface POS2/0/0 link-protocol ppp ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet3/0/0 undo shutdown # interface GigabitEthernet3/0/0.1 vlan-type dot1q 100 undo shutdown l2 binding vsi s1 # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # ospf 1 area 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 network 1.1.1.1 0.0.0.0 # return

# sysname UPE2 # mpls lsr-id 6.6.6.6 mpls # mpls l2vpn # vsi s1 static pwsignal ldp vsi-id 10 peer 4.4.4.4 peer 5.5.5.5 # mpls ldp # interface POS1/0/0 link-protocol ppp ip address 100.5.1.2 255.255.255.0 mpls mpls ldp # interface POS2/0/0 link-protocol ppp ip address 100.5.2.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet3/0/0 undo shutdown # interface GigabitEthernet3/0/0.1 vlan-type dot1q 100 undo shutdown
Issue 01 (2011-05-30)
7-103
l2 binding vsi s1 # interface LoopBack1 ip address 6.6.6.6 255.255.255.255 # ospf 1 area 0.0.0.0 network 100.5.1.0 0.0.0.255 network 100.5.2.0 0.0.0.255 network 6.6.6.6 0.0.0.0 # return
Configuration file of NPE1

# sysname NPE1 # stp enable # stp region-configuration region-name RG1 active region-configuration # mpls lsr-id 2.2.2.2 mpls # mpls l2vpn # vsi s1 static pwsignal ldp vsi-id 10 peer 1.1.1.1 upe peer 4.4.4.4 track admin-vsi m1 # vsi m1 static pwsignal ldp vsi-id 100 peer 3.3.3.3 peer 3.3.3.3 pw pw1 stp enable stp cost 2 peer 4.4.4.4 peer 4.4.4.4 pw pw2 stp enable stp cost 2 admin-vsi # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 100.6.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip address 100.8.1.1 255.255.255.0 mpls mpls ldp # interface POS3/0/0 link-protocol ppp ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255
7-104
Issue 01 (2011-05-30)
# ospf 1 area 0.0.0.0 network 100.8.1.0 0.0.0.255 network 2.2.2.2 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.6.1.0 0.0.0.255 # return

# sysname NPE2 # stp enable # stp region-configuration region-name RG1 active region-configuration # mpls lsr-id 3.3.3.3 mpls # mpls l2vpn # vsi s1 static pwsignal ldp vsi-id 10 peer 1.1.1.1 upe peer 5.5.5.5 track admin-vsi m1 # vsi m1 static pwsignal ldp vsi-id 100 peer 2.2.2.2 peer 2.2.2.2 pw p1 stp enable stp cost 2 peer 5.5.5.5 peer 5.5.5.5 pw p2 stp enable stp cost 5 admin-vsi # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 100.7.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip address 100.8.1.1 255.255.255.0 mpls mpls ldp # interface POS3/0/0 link-protocol ppp ip address 100.1.2.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.3 255.255.252.0 # ospf 1 area 0.0.0.0
Issue 01 (2011-05-30)
7-105
network network network network # return 100.8.1.0 0.0.0.255 3.3.3.3 0.0.0.0 100.1.2.0 0.0.0.255 100.7.1.0 0.0.0.255

# sysname NPE3 # stp instance 0 priority 0 stp enable # stp region-configuration region-name RG1 active region-configuration # mpls lsr-id 4.4.4.4 mpls # mpls l2vpn # vsi s1 static pwsignal ldp vsi-id 10 peer 6.6.6.6 upe peer 2.2.2.2 track admin-vsi m1 # vsi m1 static pwsignal ldp vsi-id 100 peer 2.2.2.2 peer 2.2.2.2 pw pw2 stp enable stp cost 2 peer 5.5.5.5 peer 5.5.5.5 pw pw1 stp enable stp cost 2 admin-vsi # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 100.6.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip address 100.9.1.1 255.255.255.0 mpls mpls ldp # interface POS3/0/0 link-protocol ppp ip address 100.5.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 # ospf 1 area 0.0.0.0 network 100.9.1.0 0.0.0.255 network 4.4.4.4 0.0.0.0
7-106
Issue 01 (2011-05-30)
network 100.6.1.0 0.0.0.255 network 100.5.1.0 0.0.0.255 # return

# sysname NPE4 # stp instance 0 priority 4096 stp enable # stp region-configuration region-name RG1 active region-configuration # mpls lsr-id 5.5.5.5 mpls # mpls l2vpn # vsi s1 static pwsignal ldp vsi-id 10 peer 6.6.6.6 upe peer 3.3.3.3 track admin-vsi m1 # vsi m1 static pwsignal ldp vsi-id 100 peer 3.3.3.3 peer 3.3.3.3 pw pw2 stp enable stp cost 5 peer 4.4.4.4 peer 4.4.4.4 pw pw1 stp enable stp cost 2 admin-vsi # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 100.7.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip address 100.9.1.2 255.255.255.0 mpls mpls ldp # interface POS3/0/0 link-protocol ppp ip address 100.5.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 5.5.5.5 255.255.255.255 # ospf 1 area 0.0.0.0 network 100.9.1.0 0.0.0.255 network 5.5.5.5 0.0.0.0 network 100.7.1.0 0.0.0.255 network 100.5.2.0 0.0.0.255
Issue 01 (2011-05-30)
7-107
# return


7.8.6 Example for Configuring E-STP for CE Dual-Homing

When configuring STP over PW in the scenario where a CE is dual homed to PEs, you need to enable STP on the physical links between CE1 and PE1 and between CE1 and PE2, and the mPW between PE1 and PE2.
Figure 7-14 shows the VPLS networking where a CE is dual-homed to PEs. This type of networking has the following problem: l PE3 receives two copies of traffic sent by the peer CE1.
You can adopt the following solution to address the preceding problems: You can configure a mPW between PE1 and PE2, and enable STP on the physical links between CE1 and PE1, and between CE1 and PE2, and on the mPW between PE1 and PE2. Then, you can set STP priorities and cost values to configure PE1 as the root bridge, PE2 as the backup root bridge, and GE 2/0/0 of CE1 to be blocked. In this case, the traffic from the DSLAM passes along the path CE1-PE1-PE3 to reach CE2. This prevents the traffic from being doubled or forming a loop.
7-108
Issue 01 (2011-05-30)
Figure 7-14 Networking diagram of configuring E-STP for CE dual-homing
PE1 GE1/0/0 CE1 GE1/0/0

2 5 2 2
VPLS POS2/0/0 POS1/0/0 PE3 GE3/0/0
GE3/0/0 GE1/0/0 10.1.1.1/24
STP loop
5 2
GE2/0/0
GE1/0/0
POS2/0/0 GE1/0/0 10.1.1.2/24 POS2/0/0 PE2 CE2
PW Management PW W P ce rvi e S
Serv i ce
DSLAM
2
Device PE1
STP cost
Blocked point
Interface and IP Address GE1/0/0: -POS2/0/0: 100.1.1.1/24 Loopback1: 1.1.1.1/32
PE2
GE1/0/0: -POS2/0/0: 100.2.1.1/24 Loopback1: 2.2.2.2/32
PE3
POS1/0/0: 100.1.1.2/24 POS2/0/0: 100.2.1.2/24 GE3/0/0: -Loopback1: 3.3.3.3/32
The configuration roadmap is as follows: 1. 2. 3. Run an IGP protocol on the backbone network to implement device connectivity within the VPLS backbone network. Configure the basic MPLS capability and establish LDP LSPs on the VPLS backbone network. Establish the VPLS connections between PEs, including the following tasks: l Create service VSIs that are used to exchange service packets. l Create the mVSI that is used to deliver STP packets through the mPW. 4. Configure STP, including the following tasks: l Enable STP on the mPW between the PEs. l Enable STP on the physical links between CEs and between the CE and PE. Configure relevant STP priorities to ensure that PE1 functions as the root bridge, and PE2 as the backup root bridge.
Data Preparation
To complete the configuration, you need the following data: l l l l l l IP addresses of the interfaces. Data for running IS-IS MPLS LSR ID of the MPLS peer MPLS LSR IDs of the UPE and PE3 VSI name and VSI ID STP region name and priority
Procedure
Step 1 Assign IP addresses to the interfaces and configure an IGP protocol on the VPLS backbone network. This implements the interconnection between PEs. In the configuration example, OSPF is configured, and the configuration details are not mentioned here. Step 2 Enable MPLS and configure LDP LSPs. 1. Enable the basic MPLS capability on the MPLS network, and establish dynamic LDP LSPs between PEs # Configure PE1.
# Configure PE2.
# Configure PE3.
2.
# Configure the remote peer relationship between PE1 and PE2 to facilitate the creation of the mPW. # Configure PE1.
7-110
Issue 01 (2011-05-30)
[PE1] mpls ldp remote-peer 2.2.2.2 [PE1-mpls-ldp-remote-PE2] remote-ip 2.2.2.2 [PE1-mpls-ldp-remote-PE2] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.1 [PE2-mpls-ldp-remote-PE1] remote-ip 1.1.1.1 [PE2-mpls-ldp-remote-PE1] quit
Take PE3 as an example:

<PE3> display mpls ldp session LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. -----------------------------------------------------------------------------PeerID Status LAM SsnRole SsnAge KASent/Rcv -----------------------------------------------------------------------------1.1.1.1:0 Operational DU Active 000:00:08 34/34 2.2.2.2:0 Operational DU Active 000:00:08 34/34 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found.

[PE1] mpls l2vpn
# Configure PE2.
[PE2] mpls l2vpn
# Configure PE3.
[PE3] mpls l2vpn
Step 4 Configuring VPLS. 1. Configure the mVSI. # Configure PE1.

[PE1] vsi m1 static [PE1-vsi-m1] pwsignal ldp [PE1-vsi-m1-ldp] vsi-id 100 [PE1-vsi-m1-ldp] peer 2.2.2.2 [PE1-vsi-m1-ldp] quit [PE1-vsi-m1] admin-vsi [PE1-vsi-m1] quit
# Configure PE2.
[PE2] vsi m1 static [PE2-vsi-m1] pwsignal ldp [PE2-vsi-m1-ldp] vsi-id 100 [PE2-vsi-m1-ldp] peer 1.1.1.1 [PE2-vsi-m1-ldp] quit [PE2-vsi-m1] admin-vsi [PE2-vsi-m1] quit
2.
Configure service VSIs. # Configure PE1.

[PE1] vsi s1 static [PE1-vsi-s1] pwsignal ldp [PE1-vsi-s1-ldp] vsi-id 10 [PE1-vsi-s1-ldp] peer 3.3.3.3 [PE1-vsi-s1-ldp] quit
Issue 01 (2011-05-30)
7-111
[PE1-vsi-s1] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] shutdown [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/0.1] l2 binding vsi s1 [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2.
[PE2] vsi s1 static [PE2-vsi-s1] pwsignal ldp [PE2-vsi-s1-ldp] vsi-id 10 [PE2-vsi-s1-ldp] peer 3.3.3.3 [PE2-vsi-s1-ldp] quit [PE2-vsi-s1] quit [PE2] interface gigabitethernet 1/0/0.1 [PE2-GigabitEthernet1/0/0.1] shutdown [PE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet1/0/0.1] l2 binding vsi s1 [PE2-GigabitEthernet1/0/0.1] undo shutdown [PE2-GigabitEthernet1/0/0.1] quit
# Configure PE3.
[PE3] vsi s1 static [PE3-vsi-s1] pwsignal ldp [PE3-vsi-s1-ldp] vsi-id 10 [PE3-vsi-s1-ldp] peer 1.1.1.1 [PE3-vsi-s1-ldp] peer 2.2.2.2 [PE3-vsi-s1-ldp] quit [PE3-vsi-s1] quit [PE3] interface gigabitethernet 3/0/0.1 [PE3-GigabitEthernet3/0/0.1] shutdown [PE3-GigabitEthernet3/0/0.1] vlan-type dot1q 10 [PE3-GigabitEthernet3/0/0.1] l2 binding vsi s1 [PE3-GigabitEthernet3/0/0.1] undo shutdown [PE3-GigabitEthernet3/0/0.1] quit
Step 5 Configure STP. Configure STP on PE1, PE2, and CE1. 1. # Configure the MST region of PE1, and then activate the region configuration. # Configure PE1.
[PE1] stp enable [PE1] stp region-configuration [PE1-mst-region] region-name RG1 [PE1-mst-region] active region-configuration [PE1-mst-region] quit
# Configure PE2.
[PE2] stp enable [PE2] stp region-configuration [PE2-mst-region] region-name RG1 [PE2-mst-region] active region-configuration [PE2-mst-region] quit
# Configure CE1.
<HUAWEI> system-view [HUAWEI] sysname CE1 [CE1] stp enable [CE1] stp region-configuration [CE1-mst-region] region-name RG1 [CE1-mst-region] active region-configuration [CE1-mst-region] quit
2.
Configure STP priorities of the PEs and CEs, and ensure that PE1 functions as the root bridge, and PE2 as the backup root bridge. # Configure the STP priority of PE1 as 0 in MSTI0 to ensure that PE1 functions as the root bridge.
7-112
Issue 01 (2011-05-30)
[PE1] stp instance 0 priority 0
# Configure the STP priority of PE2 as 4096 in MSTI0 to ensure that PE2 functions as the backup root bridge.
[PE2] stp instance 0 priority 4096
Configure the STP priority of CE1 as the default STP priority, namely, 32768. Step 6 Configure E-STP. l Enable STP on the mPW between PE1 and PE2. l Enable STP on the physical interfaces between PE1 and CE1, and between PE2 and CE1.
NOTE
# Configure PE1.
[PE1] vsi m1 static [PE1-vsi-m1] pwsignal ldp [PE1-vsi-m1-ldp] peer 2.2.2.2 pw pw1 [PE1-vsi-m1-ldp-pw-pw1] stp enable [PE1-vsi-m1-ldp-pw-pw1] stp cost 2 [PE1-vsi-m1-ldp-pw-pw1] quit [PE1-vsi-m1-ldp] quit [PE1-vsi] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] stp enable [PE1-GigabitEthernet1/0/0] stp vpls-subinterface enable [PE1-GigabitEthernet1/0/0] stp instance 0 cost 2
# Configure PE2.
[PE2] vsi m1 static [PE2-vsi-m1] pwsignal ldp [PE2-vsi-m1-ldp] peer 1.1.1.1 pw pw1 [PE2-vsi-m1-ldp-pw-pw1] stp enable [PE2-vsi-m1-ldp-pw-pw1] stp cost 2 [PE2-vsi-m1-ldp-pw-pw1] quit [PE2-vsi-m1-ldp] quit [PE2-vsi] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] stp enable [PE1-GigabitEthernet1/0/0] stp vpls-subinterface enable [PE2-GigabitEthernet1/0/0] stp instance 0 cost 5
# Configure CE1.
[CE1] portswitch batch gigabitethernet 1/0/0 2/0/0 3/0/0 [CE1] vlan 10 [CE1-vlan10] port gigabitethernet 1/0/0 to 2/0/0 to 3/0/0 [CE1-vlan10] quit [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] stp enable [CE1-GigabitEthernet1/0/0] stp instance 0 cost 2 [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 2/0/0 [CE1-GigabitEthernet2/0/0] stp enable [CE1-GigabitEthernet2/0/0] stp instance 0 cost 5
Step 7 Configure the DSLAM device and CE2. # Configure the DSLAM device.
[DSLAM] interface gigabitethernet 1/0/0.1 [DSLAM-GigabitEthernet1/0/0.1] shutdown
Issue 01 (2011-05-30)
7-113
[DSLAM-GigabitEthernet1/0/0.1] [DSLAM-GigabitEthernet1/0/0.1] [DSLAM-GigabitEthernet1/0/0.1] [DSLAM-GigabitEthernet1/0/0.1]
vlan-type dot1q 10 ip address 10.1.1.2 24 undo shutdown quit
# Configure CE2.
Step 8 Verify the configuration. Run the display vsi name s1 verbose command on PE3. You can find that PE3 establishes PWs respectively with PE1 (1.1.1.1) and PE2 (2.2.2.2),
<PE3> display vsi name s1 verbose ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Diffserv Mode Service Class Color DomainId Domain Name Ignore AcState Multicast Fast Swicth Create Time VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID Broadcast Tunnel ID CKey NKey StpEnable PwIndex *Peer Router ID VC Label Peer Type Session Tunnel ID Broadcast Tunnel ID CKey NKey StpEnable PwIndex Interface Name State Last Up Time Total Up Time **PW Information: *Peer Ip Address : 1.1.1.1 : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : s1 no disable 0 ldp static unqualify vlan 1500 uniform --255 disable disable 0 days, 14 hours, 26 minutes, 19 seconds up 10 1.1.1.1 19459 dynamic up 0x2000 0x801008 6 5 0 0 2.2.2.2 19460 dynamic up 0x201d 0x801008 6 5 0 0 GigabitEthernet3/0/0.1 up 2009/02/25 11:15:37 0 days, 0 hours, 24 minutes, 21 seconds
7-114
Issue 01 (2011-05-30)
PW State Local VC Label Remote VC Label PW Type Tunnel ID Broadcast Tunnel ID Ckey Nkey Main PW Token Slave PW Token Tnl Type OutInterface Stp Enable Mac Flapping PW Last Up Time PW Total Up Time *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID Broadcast Tunnel ID Ckey Nkey Main PW Token Slave PW Token Tnl Type OutInterface Stp Enable Mac Flapping PW Last Up Time PW Total Up Time : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : up 19459 19456 label 0x2000 0x801008 0x6 0x5 0x801008 0x0 LSP POS1/0/0 0 0 2009/02/25 0 days, 13 2.2.2.2 up 19460 19456 label 0x2001 0x801008 0x6 0x5 0x801008 0x0 LSP POS2/0/0 0 0 2009/02/25 0 days, 13
07:46:06 hours, 42 minutes, 56 seconds
07:46:06 hours, 42 minutes, 56 seconds
the link connecting CE1 to the backup root bridge PE2 is blocked,
<CE1> display stp brief MSTID Port 0 GigabitEthernet1/0/0 0 GigabitEthernet2/0/0 Role ROOT ALTE STP State FORWARDING DISCARDING Protection NONE NONE
and the DSLAM device and CE2 can ping each other successfully. Take the display on the DSLAM device as an example:
<DSLAM> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=172 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=156 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=156 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=156 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=156 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 156/159/172 ms
ms ms ms ms ms
----End
Configuration Files
# sysname PE1 # stp instance 0 priority 0 stp enable
Issue 01 (2011-05-30)
7-115
# stp region-configuration region-name RG1 active region-configuration # mpls lsr-id 1.1.1.1 mpls # mpls l2vpn # vsi s1 static pwsignal ldp vsi-id 10 peer 3.3.3.3 # vsi m1 static pwsignal ldp vsi-id 100 peer 2.2.2.2 peer 2.2.2.2 pw pw1 stp enable stp cost 2 admin-vsi # mpls ldp # # mpls ldp remote-peer 2.2.2.2 remote-ip 2.2.2.2 undo remote-ip pwe3 # interface GigabitEthernet1/0/0 undo shutdown stp enable stp vpls-subinterface enable stp instance 0 cost 2 # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 undo shutdown l2 binding vsi s1 # interface POS2/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # ospf 1 area 0.0.0.0 network 100.1.1.0 0.0.0.255 network 1.1.1.1 0.0.0.0 # return

# sysname PE2 # stp instance 0 priority 4096 stp enable # stp region-configuration region-name RG1 active region-configuration #
7-116
Issue 01 (2011-05-30)
mpls lsr-id 2.2.2.2 mpls # mpls l2vpn # vsi s1 static pwsignal ldp vsi-id 10 peer 3.3.3.3 # vsi m1 static pwsignal ldp vsi-id 100 peer 1.1.1.1 peer 1.1.1.1 pw pw1 stp enable stp cost 2 admin-vsi # mpls ldp # mpls ldp remote-peer 1.1.1.1 remote-ip 1.1.1.1 undo remote-ip pwe3 # interface GigabitEthernet1/0/0 undo shutdown stp enable stp vpls-subinterface enable stp instance 0 cost 5 # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 undo shutdown l2 binding vsi s1 # interface POS2/0/0 link-protocol ppp undo shutdown ip address 100.2.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # ospf 1 area 0.0.0.0 network 100.2.1.0 0.0.0.255 network 2.2.2.2 0.0.0.0 # return

# sysname PE3 # mpls lsr-id 3.3.3.3 mpls # mpls l2vpn # vsi s1 static pwsignal ldp vsi-id 10 peer 1.1.1.1 peer 2.2.2.2 # mpls ldp #
Issue 01 (2011-05-30)
7-117
interface POS1/0/0 undo shutdown link-protocol ppp ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface POS2/0/0 undo shutdown link-protocol ppp ip address 100.2.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet3/0/0 undo shutdown # interface GigabitEthernet3/0/0.1 vlan-type dot1q 10 undo shutdown l2 binding vsi s1 # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # ospf 1 area 0.0.0.0 network 100.1.1.0 0.0.0.255 network 3.3.3.3 0.0.0.0 network 100.2.1.0 0.0.0.255 # return
Configuration file of the DSLAM device

# sysname DSLAM # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.1 255.255.255.0 # return

# sysname CE1 # vlan batch 10 # stp enable # stp region-configuration region-name RG1 active region-configuration # interface GigabitEthernet1/0/0 undo shutdown portswitch port default vlan 10 stp instance 0 cost 2 # interface GigabitEthernet2/0/0 undo shutdown portswitch port default vlan 10 stp instance 0 cost 5
7-118
Issue 01 (2011-05-30)
# interface GigabitEthernet3/0/0 undo shutdown portswitch port default vlan 10 # return

Issue 01 (2011-05-30)
7-119
8 BPDU Tunnel Configuration
8
About This Chapter
BPDU Tunnel Configuration
Bridge Protocol Data Units (BPDU) are usually used to transmit Spanning Tree Protocol (STP) and Multiple Spanning Tree Algorithm and Protocol (MSTP) information. The path along which BPDUs are transparently transmitted on the ISP network is known as a Layer 2 protocol tunnel or a BPDU tunnel. 8.1 BPDU Tunnel Overview BPDUs are Layer 2 protocol data units, encapsulated in IEEE802.3 frame format, and sent in multicast mode. 8.2 Configuring Interface-based BPDU Tunnels This section describes how to configure the BPDUs from different user networks to be transparently transmitted on the ISP network when each interface on the user side of a PE is connected to only one user network. 8.3 Configuring VLAN-based BPDU Tunnels If the interface on the user side of a PE connects to multiple CEs, the BPDUs sent from the CEs need to carry tags to differentiate user networks. To enable the BPDUs sent from user networks to be transparently transmitted on the ISP network, you can configure VLAN-based BPDU tunnels. 8.4 Configuring QinQ-based BPDU Tunnels If the interface on the user side of a PE connects to multiple CEs, the BPDUs sent from the CEs need to carry tags to differentiate user networks. To enable the BPDUs from user networks to be transparently transmitted on the ISP network, and to save the VLAN ID resources of the ISP, you can configure QinQ-based BPDU tunnels. 8.5 Configuration Examples This section describes the typical application scenarios of various types of BPDU tunnels, including networking requirements, configuration roadmap, and data preparation, and provides related configuration files.
Issue 01 (2011-05-30)
8-1
8.1 BPDU Tunnel Overview

BPDUs are Layer 2 protocol data units, encapsulated in IEEE802.3 frame format, and sent in multicast mode. 8.1.1 Introduction to BPDU The BPDU tunnel is a path along which BPDUs are transparently transmitted on the ISP network. 8.1.2 BPDU Tunnel Features Supported by the CX600 When each interface on the user side of a PE is connected to only one CE, and the BPDUs sent from the user network do not carry tags, you can configure an interface-based BPDU tunnel to enable the BPDUs to be transparently transmitted on the ISP network.
8.1.1 Introduction to BPDU

The BPDU tunnel is a path along which BPDUs are transparently transmitted on the ISP network.
Brief Introduction to the BPDU Tunnel

The Bridge Protocol Data Unit (BPDU) packet is a type of Layer 2 protocol packets. As shown in Figure 8-1, BPDU packets adopt the encapsulation format defined in IEEE802.3 and are transmitted in the form of multicast. BPDU packets are usually used to transmit the Spanning Tree Protocol (STP) and Multiple Spanning Tree Algorithm and Protocol (MSTP) information. The path of BPDU packets used for transparent transmission in the operator network is known as a Layer 2 protocol tunnel or a BPDU tunnel. Figure 8-1 Basic format of BPDU encapsulation
0 7 15 Destination address (0180-C200-0000) Source address Length 23 31
BPDU data
Table 8-1 Description of basic formats of fields in BPDU packets Field Destination address
8-2
Length 48 bit
Meaning Destination MAC address. For general users, all destination MAC addresses are 0180-C200-0000.
Issue 01 (2011-05-30)
Field Source address Length
Length 48 bit 16 bit
Meaning Source MAC address. Length of BPDU data.
Background of the BPDU Tunnel

The following takes Figure 8-2 as an example to explain the introduction of BPDU tunnels. Both user network1 and user network2 run MSTP. BPDUs of user network1 are required to traverse the ISP network to reach user network2, thus, the STP function can be realized at the same time. After PE1 of the ISP network receives the BPDUs from user network1, PE1 cannot identify the BPDUs are sent from a user network or an ISP network because the destination MAC addresses of the BPDUs are constantly 0180-C200-0000. Thus, PE1 delivers all the BPDUs to the CPU for further processing and the spanning tree is calculated. Thus, devices in user network 1 implement spanning tree computation together with PE1 instead of devices in user network 2. This cannot ensure that BPDU packets in user network 1 can reach user network 2. Figure 8-2 Transparent transmission of BPDUs in an ISP network
PE1
ISP network
PE2
CE1 User network1
CE2 User network2
To ensure the BPDUs of user network1 can reach user network2, BPDUs must be transmitted in the ISP network in transparent mode. To realize transparent transmission of BPDUs in the ISP network, the following conditions must be satisfied: l l l A branch network of a user network can receive the BPDUs destined for all branch networks of the user network. The BPDUs of a user network cannot be processed by the CPU of the ISP network. BPDUs of different user networks must be isolated, so the BPDUs are freed from interference.
A BPDU tunnel refers to the path in a Packet Switched Network (PSN) through which BPDUs are transparently transmitted.
Through configuration of BPDU tunnels in the ISP network, branch networks of different user networks can transparently transmit BPDUs among them through BPDU tunnels.
8.1.2 BPDU Tunnel Features Supported by the CX600

When each interface on the user side of a PE is connected to only one CE, and the BPDUs sent from the user network do not carry tags, you can configure an interface-based BPDU tunnel to enable the BPDUs to be transparently transmitted on the ISP network. The CX600 supports the following BPDU tunnels according to implementation methods: l l l Interface-based BPDU tunnel VLAN-based BPDU tunnel QinQ-based BPDU tunnel
The description of implementation methods is as follows:
Interface-based BPDU Tunnel

Figure 8-3 Interface-based BPDU tunnels of different user networks
Port based VLAN 200 LAN-B MSTP PE1 ISP Network BPDU Tunnel 200 BPDU Tunnel 300 PE2 Port based VLAN 200 LAN-B MSTP
Port based VLAN 300 LAN-A MSTP PE3
Port based VLAN 300 LAN-A MSTP Port based VLAN 200 LAN-B MSTP
As shown in Figure 8-3, each interface of the PE connects only one user network. The BPDUs sent from a user network does not carry a tag. The PE must identify which user LAN the BPDUs are from. Then the PE forwards the packets to the user network that connects the specified interface. The BPDUs of LAN-A must be forwarded to another user network of LAN-A rather than user network of LAN-B. In addition, BPDUs should not be processed by the ISP network device.
To establish an interface-based BPDU tunnel, one way is to configure devices with different roles as follows: 1. Configure the type of ISP devices to provider. Thus, the destination MAC addresses of the BPDUs sent by the ISP network are changed to 01-80-C2-00-00-08 instead of the original 01-80-C2-00-00-00. Configure the type of user network devices to customer. Thus, the destination MAC addresses of the BPDUs sent by user networks are still 01-80-C2-00-00-00. Add the interfaces that connect the same user network into a VLAN. After receiving the BPDUs from the user networks, the PEs label the BPDUs with corresponding tags based on the PVIDs of the interfaces. The destination MAC addresses of the BPDUs sent by the user networks are 01-80C2-00-00-00 instead of 01-80-C2-00-00-08. Thus, the PEs (provider) do not consider the BPDUs sent from user networks as BPDUs. The PEs choose corresponding BPDU tunnels to forward the BPDUs based on PVIDs instead of delivering the BPDUs to the CPU.
2. 3.
4.
In this way, the BPDUs can go across ISP's Layer 2 switching network. As shown in Figure 8-3, the PE is configured with the interface-based BPDU tunnel. PE adds a tag to the BPDUs from user networks according to the PVID of an interface. In this way, users can be identified according to different public VLANs and packets are transmitted through different BPDU tunnels. Traffic of LAN-A users travels through the BPDU tunnel of VLAN 300. Traffic of LAN-B users go through the BPDU tunnel of VLAN 200. Another way is to configure devices with the same role, that is, configure all ISP devices and user devices as customer. In this way, the difference is that the well-known destination MAC address of the user BPDU is replaced by a dedicated multicast MAC address on the ISP device and the ISP interface connected to the user device must be enabled with the BPDU tunnel function.
VLAN-based BPDU Tunnel
Issue 01 (2011-05-30)
8-5
Figure 8-4 VLAN-based BPDU tunnel

CE-VLAN 100 LAN-B MSTP PE 1 ISP Network PE 2 CE-VLAN 100 LAN-B MSTP
BPDU Tunnel
CE-VLAN 200 PE 3 LAN-A MSTP LAN-B MSTP CE-VLAN 200
CE-VLAN 100 LAN-A MSTP
For most cases, the PE serves as a convergence node. The convergence interface on PE1 connects both LAN-A and LAN-B, as shown in Figure 8-4. To identify the two different LANs, the BPDUs sent by the CE must carry VLAN tags. In Figure 8-4, the VLAN ID of LAN-A is 200 and the VLAN ID of LAN-B is 100. Currently, the packets sent by RSTP/MSTP are not encapsulated with a tag. When the control plane receives the BPDUs carrying a tag, these packets are considered as error packets and discarded. The PE must support BPDUs carrying a tag and is configured with the VLAN-based BPDU tunnel. In this way, BPDUs can go across Layer 2 networks through different BPDU tunnels and reach user networks. To establish a VLAN-based BPDU tunnel, one way is to configure devices with different roles as follows: 1. Configure the type of ISP devices to provider. Thus, the destination MAC addresses of the BPDUs sent by the ISP network are changed to 01-80-C2-00-00-08 instead of the original 01-80-C2-00-00-00. Configure the type of user network devices to customer. Thus, the destination MAC addresses of the BPDUs sent by user networks are still 01-80-C2-00-00-00. Configure the BPDUs from CEs to PEs to carry the specified VLAN IDs. Configure the PE interfaces that connect with CEs to permit BPDUs with specified VLAN ID. The destination MAC addresses of the BPDUs sent by the user networks are 01-80C2-00-00-00 instead of 01-80-C2-00-00-08. Thus, the PEs (provider) do not consider the BPDUs sent from user networks as BPDUs. The PEs choose corresponding BPDU tunnels to forward the BPDUs based on VLAN IDs instead of delivering the BPDUs to the CPU.
2. 3. 4.
In this way, the BPDUs can go through ISP's Layer 2 switching network.
As shown in Figure 8-4, LAN-A sends BPDUs carrying the VLAN ID of 200. PE1 allows BPDUs carrying tag 200 to go across the ISP network and through the BPDU tunnel specified with VLAN ID of 200. Recognizing that the tag is 200, PE2 forwards the BPDUs to LAN-A that connects PE2, realizing the STP function. LAN-B sends BPDUs carrying the VLAN ID of 100. PE1 allows BPDUs carrying tag 100 to go across the ISP network and through the BPDU tunnel specified with VLAN ID of 100. Recognizing that the tag is 100, PE2 forwards the BPDUs to LAN-B that connects PE2, realizing the STP function. Another way is to configure devices with the same role, that is, configure all ISP devices and user devices as customer. In this way, the difference is that the well-known destination MAC address of the user BPDU is replaced by a dedicated multicast MAC address on the ISP device and the ISP interface connected to the user device must be enabled with the BPDU tunnel function.
QinQ-based BPDU Tunnel

l QinQ overview The QinQ protocol is a Layer 2 tunnel protocol based on the IEEE 802.1Q technology.The QinQ technology expands the VLAN space by adding an IEEE 802.1Q tag to a packet already carrying an 802.1Q tag. As a result, private VLANs can transparently transmit packets over the public network. This function is the same as the Layer 2 VPN. Packets that are forwarded over the backbone network carry two 802.1Q tags, one for the public network and the other for the private network. This is called 802.1Q-in-802.1Q, or QinQ for short. As shown in Figure 8-5, following the Source Address (SA), a tag is appended to QinQ packets; while 802.1Q packets do not contain this tag. This tag is known as the outer tag or public network tag used for carrying the VLAN ID of the public network. The inner tag is usually known as the private tag used for carrying the VLAN ID of the private network.
NOTE
The QinQ function configured on a Layer 2 interfaces is called VLAN stacking.
Figure 8-5 IEEE 802.1Q encapsulation and QinQ encapsulation

802.1Q Encapsulation DA 6 Bytes SA 6 Bytes ETYPE TAG 2 Bytes 2 Bytes LEN/ETYPE 2 Bytes DATA 46 Byte~1500 Bytes FCS 4 Bytes
QinQ Encapsulation DA 6 Bytes SA 6 Bytes ETYPE TAG 2 Bytes 2 Bytes ETYPE TAG 2 Bytes 2 Bytes LEN/ETYPE 2 Bytes DATA FCS 46 Byte~1500 Bytes 4 Bytes
0x8100
Priority
CFI
VLAN ID
l
Issue 01 (2011-05-30)
QinQ-based BPDU tunnel

Figure 8-6 QinQ-based BPDU tunnel
LAN-B MSTP
PE-VLAN20:CE-VLAN 100~CE-VLAN 199
LAN-B MSTP
PE 1 CE-VLAN 100 CE-VLAN 200
ISP Network
PE 2 CE-VLAN 100 CE-VLAN 200
BPDU Tunnel BPDU Tunnel
PE-VLAN30:CE-VLAN 200~CE-VLAN 299 LAN-A MSTP LAN-A MSTP
In the case of many user networks are available, if BPDUs are still transmitted transparently in the preceding VLAN-based mode, many ISP VLAN IDs are needed. This may result in insufficient VLAN ID resources. To solve this problem, BPDUs can be forwarded in QinQ mode on the ISP network. As shown in Figure 8-6, configure the VLAN-based BPDU tunnel on the convergent interface of the PE and assign different outer VLAN tags according to CE-VLAN. 1. 2. 3. Add the CE interface on the PE side to the VLAN and configure that the BPDUs sent from the interface to the PE carry the tag information about the interface. Enable the BPDU tunnel and QinQ functions at the incoming interface (on PE or UPE) of the Layer 2 switch network. The convergent incoming interface of the PE assigns outer VLAN tags, that is, the VLAN IDs for the public network (or public VLAN IDs), according to user's VLAN IDs. The ISP device chooses a BPDU tunnel according to different outer VLAN tags and forwards user's BPDUs over the public network. Enable the BPDU tunnel and QinQ functions at the exit of the tunnel. At the convergent outgoing interface, the PE removes the outer VLAN tag and decides to which user network the packets are forwarded according to the user's inner VLAN ID.
4. 5. 6.
As shown in Figure 8-6, after receiving the BPDUs with the tags ranging from 100 to 199, the PEs label the BPDUs with the outer tag 20, and then forward the BPDUs in the ISP network; after receiving the BPDUs with the tags ranging from 200 to 299, the PEs label the BPDUs with the outer tag 30, and then forward the BPDUs in the ISP network. In this way, the BPDUs of different user networks can be transparently transmitted in the ISP network; moreover, less VLAN IDs are occupied.
8.2 Configuring Interface-based BPDU Tunnels

This section describes how to configure the BPDUs from different user networks to be transparently transmitted on the ISP network when each interface on the user side of a PE is connected to only one user network. 8.2.1 Establishing the Configuration Task Interfaces that BPDUs pass through must be Layer 2 interfaces. 8.2.2 Enabling STP function on the PEs and the CEs When the BPDUs sent form user network 1 to PE1 on the ISP network, PE1 cannot identify where the BPDUs are from, and sends the BPDUs to the CPU for processing and performs STP calculation. 8.2.3 Adding the Interfaces of the PE Connected with the CE to a Specified VLAN Each interface on a PE connects to one user network. The user networks belong to different LANs. In this case, the BPDUs sent from the user networks to the PE do not carry tags. The PE, however, needs to identify which LAN the BPDUs come from. Therefore, you need to configure specified VLANs. 8.2.4 Configuring Interface-based BPDU Tunnel According to the roles of a PE and a CE, you can configure interface-based BPDU tunnels between devices with the same role or different roles. After the interface-based BPDUs are successfully configured, the PE adds a tag based on the interface PVID to the received BPDU. Then, the PE selects a BPDU tunnel according to the tag to transmit the BPDU. Different users are thus isolated. 8.2.5 Configuring PE Interfaces Connecting PSNs to Permit Packets with Specified Tags Different users can communicate only when interfaces on PEs connecting to PSNs are configured to allow packets with specified tags to pass through. 8.2.6 Checking the Configuration After interface-based BPDU tunnels are successfully configured, you can view the roles of the interfaces on CEs and whether STP is enabled on the interfaces.

Interfaces that BPDUs pass through must be Layer 2 interfaces.
An interface of the PE connected with the CE can connect only one user network. The BPDUs sent from the user network have no VLAN tags. To enable the BPDUs of the user network in different interfaces to transparently transmit the ISP network, you can configure interface-based BPDU tunnel. In this way, the BPDUs pass through the Layer 2 network through different BPDU tunnels, and thus the STP function is implemented.
Before configuring interface-based tunnel of BPDUs, complete the following tasks:
l l
Interfaces that the BPDUs pass through must be correctly connected. Interfaces that the BPDUs pass through must be Layer 2 interfaces.
Data Preparation
To configure interface-based transparent transmission of BPDUs in a user network, you need the following data. No. 1 2 3 Data Interface type and interface number of the PE interfaces that connect the user network PVID values of the PE interfaces connecting with each CE VLAN range of the packets that are permitted on the PE interfaces that connect PSN
8.2.2 Enabling STP function on the PEs and the CEs

When the BPDUs sent form user network 1 to PE1 on the ISP network, PE1 cannot identify where the BPDUs are from, and sends the BPDUs to the CPU for processing and performs STP calculation.
Context
Do as follows on the PEs and CEs.
Procedure
Step 1 Run:
system-view

stp enable
The STP function is enabled. ----End
8.2.3 Adding the Interfaces of the PE Connected with the CE to a Specified VLAN
Each interface on a PE connects to one user network. The user networks belong to different LANs. In this case, the BPDUs sent from the user networks to the PE do not carry tags. The PE, however, needs to identify which LAN the BPDUs come from. Therefore, you need to configure specified VLANs.
Context
Procedure
Step 1 Run:
system-view

vlan vlan-id
A VLAN is created and the VLAN view is displayed. The VLAN ID ranges from 1 to 4094. If the VLAN specified in the command exists, the VLAN view is displayed. Step 3 Run:
The specified Layer 2 interfaces are added to the VLAN.

NOTE
You can also use the port default vlan command to add the PE interfaces connected with the CE to the VLAN in untagged mode.
----End
8.2.4 Configuring Interface-based BPDU Tunnel

According to the roles of a PE and a CE, you can configure interface-based BPDU tunnels between devices with the same role or different roles. After the interface-based BPDUs are successfully configured, the PE adds a tag based on the interface PVID to the received BPDU. Then, the PE selects a BPDU tunnel according to the tag to transmit the BPDU. Different users are thus isolated.
Context
According to the roles of the PEs and CEs, choose to configure Devices of Different Roles or Devices of the Same Role. Devices of different roles: indicate that CEs are bridges functioning as service customers, and PEs and Ps are bridges functioning as service providers. Device of the same role: indicate that CEs and PEs may play the same role as service customers.
Procedure
l Devices of Different Roles The devices can play different roles; that is, CEs are bridges with the role as customer, and the PE and P are bridges with the role as provider. Do as follows on the PE and P. 1. Run:
system-view
The system view is displayed. 2.

Issue 01 (2011-05-30)
Run:
bpdu-tunnel stp bridge role provider
The role of the PE is configured as provider. 3. Run:

The view of the PE interface on CE side is displayed. 4. (Optional)Run:

stp disable
The PE interface on CE side does not take part in the spanning tree calculation (STP). The STP function is disabled.
NOTE
After the devices are configured with different roles, PEs can transparently transmit the BPDUs from CEs without the BPDU tunnel function.
Devices of the Same Role CEs and PEs may play the same role as customer. Do as follows on the PEs: 1. Run:
system-view

bpdu-tunnel stp group-mac group-mac
The MAC address of the BPDU is replaced with a multicast address. The global well-known MAC address can be replaced only by the multicast MAC address except the reserved MAC addresses ranging from 0180-C200-0000 to 0180C200-002F. By default, the multicast destination MAC address of a BPDU is 0100-0ccd-cdd0. 3. Run:
The view of the PE interface on user side is displayed. 4. Run:

bpdu-tunnel enable
The function of transparent transmission of user-network BPDUs is enabled on the PE interface. 5. Run:
stp disable
The PE interface on CE side does not take part in the STP. The STP function is disabled.
NOTE
If the devices play the same role, PEs cannot transparently transmit the BPDUs from CEs without the BPDU tunnel function. In this scenario, no special configuration is required for the P.
----End
8.2.5 Configuring PE Interfaces Connecting PSNs to Permit Packets with Specified Tags
Different users can communicate only when interfaces on PEs connecting to PSNs are configured to allow packets with specified tags to pass through.
Context
Do as follows on the PEs.
Procedure
Step 1 Run:
system-view

The view of the PE interface that connects the PSN is displayed. Step 3 Run:
The PE interface that connects PSNs is configured to permit the packets with specified tags. ----End

After interface-based BPDU tunnels are successfully configured, you can view the roles of the interfaces on CEs and whether STP is enabled on the interfaces.
Prerequisite
The configurations of interface-based BPDU tunnels function are complete.
Procedure
Step 1 Run the display stp [ brief ] command to check the information on the spanning tree. ----End
Example
Run the display stp [ brief ] command on the CEs, and you can view that STP is enabled on the interface and the roles of the CE interfaces are correct: "Designated" or "Root". For example:
<CE1> display stp -------[CIST Global CIST Bridge Bridge Times CIST Root/ERPC CIST RegRoot/IRPC CIST RootPortId BPDU-Protection Info] [Mode MSTP] ------:32768.00e0-fc9f-3257 :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 :32768.00e0-fc9a-4315 / 199999 :32768.00e0-fc9f-3257 / 0 :128.82 :disabled
Issue 01 (2011-05-30)
8-13
TC or TCN received :6 STP Converge Mode :Fast Time since last TC received :0 days 2h:24m:36s ----[Port1(GigabitEthernet1/0/0)] [FORWARDING] ---Port Protocol :enabled Port Role :CIST Root Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=199999 Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :6 TCN: 0, Config: 0, RST: 0, MST: 6 BPDU Received :4351 TCN: 0, Config: 0, RST: 0, MST: 4351 <CE2> display stp -------[CIST Global Info] [Mode MSTP] ------CIST Bridge :32768.00e0-fc9a-4315 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.00e0-fc9a-4315 / 0 CIST RegRoot/IRPC :32768.00e0-fc9a-4315 / 0 CIST RootPortId :0.0 BPDU-Protection :disabled TC or TCN received :3 STP Converge Mode :Fast Time since last TC received :0 days 2h:26m:42s ----[Port1(GigabitEthernet1/0/0)] [FORWARDING] ---Port Protocol :enabled Port Role :CIST Designated Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=199999 Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :4534 TCN: 0, Config: 0, RST: 0, MST: 4534 BPDU Received :6 TCN: 0, Config: 0, RST: 0, MST: 6
8.3 Configuring VLAN-based BPDU Tunnels

If the interface on the user side of a PE connects to multiple CEs, the BPDUs sent from the CEs need to carry tags to differentiate user networks. To enable the BPDUs sent from user networks to be transparently transmitted on the ISP network, you can configure VLAN-based BPDU tunnels. 8.3.1 Establishing the Configuration Task Interfaces that BPDUs pass through must be Layer 2 interfaces. 8.3.2 Enabling the STP Function on CEs and PEs BPDUs from different user networks are transmitted through different BPDU tunnels in an ISP network and then reach the destination network. The STP calculation is thus performed. 8.3.3 Configuring BPDUs from CEs to PEs to Carry Specified Tags When multiple user networks are connected to the same interface on a PE, the BPDUs that are sent from the CEs to the PE need to carry specified VLAN IDs to differentiate the user networks that the BPDUs come from.
8.3.4 Configuring VLAN-based BPDU Tunnel According to the roles of a PE and a CE, you can configure interface-based BPDU tunnels between devices with the same role or different roles. After the interface-based BPDU tunnels are successfully configured, the BPDUs are not sent to the CPU for processing. Instead, the BPDUs cross the Layer 2 network along the BPDU tunnels, destined for user networks. 8.3.5 Configuring PE Interfaces Connecting PSN to Permit Packets with Specified Tags Different users can communicate only when interfaces on PEs connecting to PSNs are configured to allow packets with specified tags to pass through. 8.3.6 Checking the Configuration After the interface-based BPDU tunnels are successfully configured, you can view the configuration of the BPDU tunnels on the interfaces, spanning tree information, and the roles of the interfaces on CEs.

When an interface of the PE is connected with multiple user VLANs, the BPDUs sent from the CE must carry VLAN tags to distinguish different users. To realize the transparent transmission of user-network BPDUs in an ISP network, you need to configure VLAN-based BPDU tunnels. After the configuration, BPDUs of different user networks are transmitted through different BPDU tunnels in an ISP network and then reach the destination network. The STP function is realized at the same time.
Before configuring VLAN-based tunnel of BPDUs, complete the following tasks: l l Interfaces that the BPDUs pass through must be correctly connected. Interfaces that the BPDUs pass through must be Layer 2 interfaces.
Data Preparation
To configure VLAN-based transparent transmission of BPDUs, you need the following data. No. 1 2 3 Data Name of the interfaces of the CE on which the STP function is enabled Tag values of the BPDUs sent from the CE to the PE VLAN range of the packets that are permitted on the PE
8.3.2 Enabling the STP Function on CEs and PEs

BPDUs from different user networks are transmitted through different BPDU tunnels in an ISP network and then reach the destination network. The STP calculation is thus performed.
Context
Do as follows on the PEs and CEs.
Procedure
Step 1 Run:
system-view

stp enable
8.3.3 Configuring BPDUs from CEs to PEs to Carry Specified Tags

When multiple user networks are connected to the same interface on a PE, the BPDUs that are sent from the CEs to the PE need to carry specified VLAN IDs to differentiate the user networks that the BPDUs come from.
Context
Do as follows on the CE.
Procedure
Step 1 Run:
system-view

vlan vlan-id
A VLAN is created and the VLAN view is displayed. The VLAN ID ranges from 1 to 4094. To create more than one VLAN, repeat this step. Step 3 Run:
quit
Return to the system view. Step 4 Run:

The view of the CE interface that connects the PEs is displayed. Step 5 Run:
The CE allows BPDUs of the specified VLANs to pass through.

Step 6 Run:
stp bpdu vlan vlan-id
The VLAN tag value of the BPDUs sent from the CE to the PE is configured. The VLAN ID specified in the command must exist on the local CE.
NOTE
Ensure that the BPDU packets received by this interface also carry the specified tags.
----End
8.3.4 Configuring VLAN-based BPDU Tunnel

According to the roles of a PE and a CE, you can configure interface-based BPDU tunnels between devices with the same role or different roles. After the interface-based BPDU tunnels are successfully configured, the BPDUs are not sent to the CPU for processing. Instead, the BPDUs cross the Layer 2 network along the BPDU tunnels, destined for user networks.
Context
Procedure
l Devices of Different Roles Do as follows on the PE and P: 1. Run:
system-view


The view of the PE interface that connects CEs is displayed. 4. (Optional) Run:
port link-type { hybrid | trunk }
The port type is configured. By default, the port type is hybrid. 5. Run:
Issue 01 (2011-05-30)
8-17
VLAN range of the packets that are permitted on the PE is configured. 6. (Optional) Run:
stp disable
NOTE
After the devices are configured with different roles, PEs can transparently transmit the BPDUs from CEs without the BPDU tunnel function.
Devices of the Same Role Do as follows on the PEs: 1. Run:

system-view

The MAC address of the BPDU is replaced. The global well-known MAC address can be replaced only by the multicast MAC address except the reserved MAC addresses ranging from 0180-C200-0000 to 0180C200-002F. By default, the multicast destination MAC address of a BPDU is 0100-0ccd-cdd0. 3. Run:
The view of the PE interface that connects CEs is displayed. 4. Run:

bpdu-tunnel stp vlan vlan-id1 [ to vlan-id2 ]
The function of transparent transmission of BPDUs with specified tags is enabled on the PE interface. 5. Run:
VLAN range of the packets that are permitted on the PE is configured. 6. Run:
stp disable
NOTE
If the devices play the same role, PEs cannot transparently transmit the BPDUs from CEs without the BPDU tunnel function. In this scenario, no special configuration is required for the P.
----End
8.3.5 Configuring PE Interfaces Connecting PSN to Permit Packets with Specified Tags
Context
Procedure
Step 1 Run:
system-view

The interface view is displayed. The interface is a PE interface connected to PSN. Step 3 Run:
The PE interface that connects PSNs is configured to permit the packets with specified tags. ----End

After the interface-based BPDU tunnels are successfully configured, you can view the configuration of the BPDU tunnels on the interfaces, spanning tree information, and the roles of the interfaces on CEs.
Prerequisite
The configurations of VLAN-based BPDU tunnels function are complete.
Procedure
l l l Run the display bpdu-tunnel interface config command to check the BPDU Tunnel configuration in the interface view. Run the display bpdu-tunnel global config command to check the global configuration of BPDU Tunnel. Run the display stp [ brief ] command to check information on the spanning tree.
NOTE
l The display bpdu-tunnel interface config command can be displayed in the system view only. l The display bpdu-tunnel global config command can be displayed in the interface view only.
----End
Example
Run the display bpdu-tunnel global config command on PE. The role of the device on the network and the multicast MAC addresses of the BPDUs generated by STP are displayed. For example:
<HUAWEI> system-view [HUAWEI] display bpdu-tunnel global config BridgeRole customer GroupMac 0100-0ccd-cdd0
Run the display bpdu-tunnel interface config command on the CE. The BPDUs sent out from the CE are with a specific tag value. The interfaces of the PEs allow the BPDUs with specified tag values to pass through. For example:
<HUAWEI> system-view [HUAWEI] interface gigabitethernet 1/0/0 [HUAWEI-GigabitEthernet1/0/0] display bpdu-tunnel interface config BpduDot1qStatus disable BpduOneQStatus disable BpduTwoQStatus enable EtherType 8100 Dot1qVlan TwoQList 10
Run the display stp command on the CEs, and you can view that STP is enabled on the interface and the roles of the CE interfaces are correct: "Designated" or "Root". For example:
<CE1> display stp -------[CIST Global Info] [Mode MSTP] ------CIST Bridge :32768.00e0-fc9f-3257 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.00e0-fc9a-4315 / 199999 CIST RegRoot/IRPC :32768.00e0-fc9f-3257 / 0 CIST RootPortId :128.82 BPDU-Protection :disabled TC or TCN received :6 STP Converge Mode :Fast Time since last TC received :0 days 2h:24m:36s ----[Port1(GigabitEthernet1/0/0)] [FORWARDING] ---Port Protocol :enabled Port Role :CIST Root Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=199999 Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :6 TCN: 0, Config: 0, RST: 0, MST: 6 BPDU Received :4351 TCN: 0, Config: 0, RST: 0, MST: 4351 <CE2> display stp -------[CIST Global Info] [Mode MSTP] ------CIST Bridge :32768.00e0-fc9a-4315 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.00e0-fc9a-4315 / 0 CIST RegRoot/IRPC :32768.00e0-fc9a-4315 / 0 CIST RootPortId :0.0 BPDU-Protection :disabled TC or TCN received :3 STP Converge Mode :Fast Time since last TC received :0 days 2h:26m:42s ----[Port1(GigabitEthernet1/0/0)] [FORWARDING] ---Port Protocol :enabled Port Role :CIST Designated Port Port Priority :128
8-20
Issue 01 (2011-05-30)
Port Cost(Dot1T ) :Config=auto / Active=199999 Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :4534 TCN: 0, Config: 0, RST: 0, MST: 4534 BPDU Received :6 TCN: 0, Config: 0, RST: 0, MST: 6
8.4 Configuring QinQ-based BPDU Tunnels

If the interface on the user side of a PE connects to multiple CEs, the BPDUs sent from the CEs need to carry tags to differentiate user networks. To enable the BPDUs from user networks to be transparently transmitted on the ISP network, and to save the VLAN ID resources of the ISP, you can configure QinQ-based BPDU tunnels. 8.4.1 Establishing the Configuration Task Interfaces that BPDUs pass through must be Layer 2 interfaces. 8.4.2 Enabling the STP Function on CEs and PEs BPDUs from different user networks are transmitted through different BPDU tunnels in an ISP network and then reach the destination network. The STP calculation is thus performed. 8.4.3 Configuring the BPDUs from CEs to PEs to Carry the Specified Tags When multiple user networks are connected to the same interface on a PE, the BPDUs that are sent from the CEs to the PE need to carry specified VLAN IDs to differentiate the user networks that the BPDUs come from. 8.4.4 Configuring QinQ-based BPDU Tunnel According to the roles of a PE and a CE, you can configure QinQ-based BPDU tunnels between devices with the same role or different roles. After the QinQ-based BPDU tunnels are successfully configured, the BPDUs are not sent to the CPU for processing. Instead, the BPDUs cross the Layer 2 network along the BPDU tunnels, destined for user networks. At the same time, the VLAN ID resources of the ISP are saved. 8.4.5 Configuring PE Interfaces Connecting PSNs to Permit the Packets with Specified Tags Different users can communicate only when interfaces on PEs connecting to PSNs are configured to allow packets with specified tags to pass through. 8.4.6 Checking the Configuration After the QinQ-based BPDU tunnels are successfully configured, you can view the configuration of the BPDU tunnels on the interfaces, spanning tree information, and the roles of the interfaces on CEs.

When an interface of the PE is connected with multiple user VLANs, the BPDUs sent from the CE must carry VLAN tags to distinguish different users. At the same time, to save the VLAN ID of the public network, the PE adds another tag to the BPDUs received from the CE. The ISP network assigns different BPDU tunnels for the users
according to the outer VLAN tag of the BPDUs. In this way, the BPDUs from different VLANs traverse the ISP network to the peer VLAN through different BPDU tunnels.
Before configuring tunnel of BPDUs based on QinQ, complete the following tasks: l l Interfaces that the BPDUs pass through must be correctly connected. Interfaces that the BPDUs pass through must be Layer 2 interfaces.
Data Preparation
To configure tunnel of BPDUs based on QinQ, you need the following data. No. 1 2 3 4 Data Name of the interfaces on which the STP function is enabled The VLAN tag value of the BPDUs sent from the CE to the PEs VLAN IDs that the interface of the PE allows The outer VLAN tag value that the PE adds to the BPDUs sent from the CE
8.4.2 Enabling the STP Function on CEs and PEs

BPDUs from different user networks are transmitted through different BPDU tunnels in an ISP network and then reach the destination network. The STP calculation is thus performed.
Procedure
Step 1 Run:
system-view

stp enable
8.4.3 Configuring the BPDUs from CEs to PEs to Carry the Specified Tags
When multiple user networks are connected to the same interface on a PE, the BPDUs that are sent from the CEs to the PE need to carry specified VLAN IDs to differentiate the user networks that the BPDUs come from.
Context
Do as follows on the CE.
Procedure
Step 1 Run:
system-view

vlan vlan-id
A VLAN is created and the VLAN view is displayed. The VLAN ID ranges from 1 to 4094. To create more than one VLAN, repeat this step. Step 3 Run:
quit
Return to the system view. Step 4 Run:

The view of the CE interface that connects the PEs is displayed. Step 5 Run:
The VLAN ID that the CE allows is configured. Step 6 Run:

stp bpdu vlan vlan-id
The ID values of the BPDUs sent to the PE are configured. The VLAN ID specified in the command must exist on the local CE.
NOTE
Ensure that the BPDU packets received by this interface also carry the specified tags.
----End
8.4.4 Configuring QinQ-based BPDU Tunnel

According to the roles of a PE and a CE, you can configure QinQ-based BPDU tunnels between devices with the same role or different roles. After the QinQ-based BPDU tunnels are successfully configured, the BPDUs are not sent to the CPU for processing. Instead, the BPDUs cross the Layer 2 network along the BPDU tunnels, destined for user networks. At the same time, the VLAN ID resources of the ISP are saved.
Context
Procedure
l Devices of Different Roles Do as follows on the PE and P. 1. Run:
system-view


The view of the PE interface that connects CEs is displayed. 4. (Optional) Run:
port link-type { hybrid | trunk }
The port type is configured. By default, the port type is hybrid. 5. Run:
port vlan-stacking outside-vlan vlan-id1 [ to vlan-id2 ] stack-vlan vlanid3
The BPDUs received on the PE are labeled with outer tags. 6. (Optional) Run:
stp disable
The PE interface on the CE side does not take part in the STP. The STP function is disabled. l Devices of the Same Role Do as follows on the PEs. 1. Run:
system-view

The MAC address of the BPDU is replaced. The global well-known MAC address can be replaced only by the multicast MAC address except the reserved MAC addresses ranging from 0180-C200-0000 to 0180C200-002F. By default, the multicast destination MAC address of a BPDU is 0100-0ccd-cdd0. 3. Run:
The view of the PE interface that connects CEs is displayed.

4.
Run:
port vlan-stacking outside-vlan vlan-id1 [ to vlan-id2 ] stack-vlan vlanid3
The BPDUs received on the PE are labeled with outer tags. 5. Run:
bpdu-tunnel stp vlan vlan-id1 [ to vlan-id2 ]
The function of transparent transmission of BPDUs with specified tags is enabled on the PE interface. The VLAN tag range must contain the inner tag of the BPDU in Step 4, namely, outside-vlan. 6. Run:
stp disable
The PE interface on the CE side does not take part in the STP. The STP function is disabled.
NOTE
In this scenario, no special configuration is required for the P.
----End
8.4.5 Configuring PE Interfaces Connecting PSNs to Permit the Packets with Specified Tags
Context
Do as follows on the PEs:
Procedure
Step 1 Run:
system-view

The view of the PE interface that connects the PSN is displayed. Step 3 Run:
The PE interface that connects PSNs is configured to permit the packets with specified tags. The configured tag value must be the same as the outer tag of the BPDU labeled by the PE. ----End

After the QinQ-based BPDU tunnels are successfully configured, you can view the configuration of the BPDU tunnels on the interfaces, spanning tree information, and the roles of the interfaces on CEs.
Prerequisite
The configurations of QinQ-based BPDU tunnels.
Procedure
l l l l Run the display bpdu-tunnel interface config command to check the BPDU Tunnel configuration in the interface view. Run the display bpdu-tunnel global config command to check the global configuration of BPDU Tunnel. Run the display stp [ brief ] command to check the information on the spanning tree. Run the display vlan [ vlan-id [ verbose ] ] command to check the VLAN information.
NOTE
l The display bpdu-tunnel global config command can be displayed in the system view only. l The display bpdu-tunnel interface config command can be displayed in the interface view only.
----End
Example
Run the display bpdu-tunnel global config command on PE. The role of the device on the network and the multicast MAC addresses of the BPDUs generated by STP are displayed. For example:
<HUAWEI> system-view [HUAWEI] display bpdu-tunnel global config BridgeRole customer GroupMac 0100-0ccd-cdd0
Run the display bpdu-tunnel interface config command on the CE. The BPDUs sent out from the CE are with a specific tag value. The interfaces of the PEs allow the BPDUs with specified tag values to pass through. For example:
<HUAWEI> system-view [HUAWEI] interface gigabitethernet 1/0/0 [HUAWEI-GigabitEthernet1/0/0] display bpdu-tunnel interface config BpduDot1qStatus disable BpduOneQStatus disable BpduTwoQStatus enable EtherType 8100 Dot1qVlan TwoQList 10
Run the display stp [ brief ] command on the CEs, and you can view that STP is enabled on the interface and the roles of the CE interfaces are correct: "Designated" or "Root". For example:
<CE1> display stp -------[CIST Global CIST Bridge Bridge Times CIST Root/ERPC CIST RegRoot/IRPC CIST RootPortId Info] [Mode MSTP] ------:32768.00e0-fc9f-3257 :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 :32768.00e0-fc9a-4315 / 199999 :32768.00e0-fc9f-3257 / 0 :128.82
8-26
Issue 01 (2011-05-30)
BPDU-Protection :disabled TC or TCN received :6 STP Converge Mode :Fast Time since last TC received :0 days 2h:24m:36s ----[Port1(GigabitEthernet1/0/0)] [FORWARDING] ---Port Protocol :enabled Port Role :CIST Root Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=199999 Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :6 TCN: 0, Config: 0, RST: 0, MST: 6 BPDU Received :4351 TCN: 0, Config: 0, RST: 0, MST: 4351 <CE2> display stp -------[CIST Global Info] [Mode MSTP] ------CIST Bridge :32768.00e0-fc9a-4315 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.00e0-fc9a-4315 / 0 CIST RegRoot/IRPC :32768.00e0-fc9a-4315 / 0 CIST RootPortId :0.0 BPDU-Protection :disabled TC or TCN received :3 STP Converge Mode :Fast Time since last TC received :0 days 2h:26m:42s ----[Port1(GigabitEthernet1/0/0)] [FORWARDING] ---Port Protocol :enabled Port Role :CIST Designated Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=199999 Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :4534 TCN: 0, Config: 0, RST: 0, MST: 4534 BPDU Received :6 TCN: 0, Config: 0, RST: 0, MST: 6
Running the display vlan command, you can find whether VLAN is enabled with broadcast, and whether VLAN and address learning are enabled. For example:
<HUAWEI> display vlan 2 verbose VLAN ID : 2 VLAN Type : Common Description : VLAN 0002 Status : Enable Broadcast : Enable MAC learning : Enable Statistics : Disable ---------------Untagged Port: Eth-Trunk1
Eth-Trunk2

This section describes the typical application scenarios of various types of BPDU tunnels, including networking requirements, configuration roadmap, and data preparation, and provides related configuration files.

NOTE
8.5.1 Example for Configuring Interface-based BPDU Tunnel (Devices of Different Roles) This example shows how to configure interface-based BPDU tunnels when CEs are configured as Customer and PEs are configured as Provider. 8.5.2 Example for Configuring Interface-based BPDU Tunnel (Devices of the Same Role) This example shows how to configure interface-based BPDU tunnels when CEs and PEs are configured as Customer. 8.5.3 Example for Configuring VLAN-based Tunnel of BPDUs In this example, PEs usually serve as convergence devices. The convergence interfaces on a PE may receive packets from different users. To differentiate these users, each CE adds different VLAN IDs to the packets of different users to implement VLAN-based BPDU tunnels. 8.5.4 Example for Configuring Tunnel of BPDUs Based on QinQ In this example, PEs usually serve as convergence devices. PEs may be connected to a large number of user networks. To save the VLAN ID resources of the ISP and to differentiate users, each CE adds different VLAN IDs to the packets of different users, and each PE adds different outer VLAN IDs based on the inner VLAN IDs. QinQ-based BPDU tunnel is thus implemented.
8.5.1 Example for Configuring Interface-based BPDU Tunnel (Devices of Different Roles)
This example shows how to configure interface-based BPDU tunnels when CEs are configured as Customer and PEs are configured as Provider.
As shown in Figure 8-7, the CEs are connected through the PEs. The BPDUs of the CEs are required to traverse the ISP network between the PEs. For each interface of a PE, only one CE accesses the PE. The BPDUs sent from CEs to PEs, therefore, do not require tags. In this situation, interface-based BPDU tunnels can be configured to meet the networking requirements. In this example, the CEs and the PEs are configured with different roles, and the PEs can transparently transmit the BPDUs from the CEs. l l The role of CEs is configured as customer. The default MAC address of the BPDUs of the CEs is 0180-C200-0000. The role of PEs is configured as provider. The default MAC address of the BPDUs of the CEs is 0180-C200-0008.
8-28
Issue 01 (2011-05-30)
Figure 8-7 Networking diagram of interface-based BPDU tunnels (devices of different roles)
VLAN100 CE1 GE 1/0/1 GE 1/0/3 GE 1/0/1 CE3 GE 1/0/2 GE 1/0/1 PE1 ISP network
VLAN100 CE2 PE2 GE1/0/1 GE 1/0/3 GE 1/0/1 CE4
GE 1/0/2 GE 1/0/1
VLAN200
VLAN200
The configuration roadmap is as follows: 1. 2. 3. Enable the STP function on the CEs and the PEs. Add the PE interfaces that connect CEs into the specified VLAN. (Optional) Disable the STP function of the PE interfaces that connect CEs. Then the PE interfaces that connect CEs do not participate in the calculation of the spanning tree. Configure PEs as the bridge devices in Provider mode to transparently transmit BPDU packets. Configure the PE interfaces that connect PSNs permit the VLAN100 and VLAN200 packets.
4.
Data Preparation
To complete the configuration, you need the following data: l l ID of the VLAN to which the PE interfaces that connect CEs belong VLAN range of the packets that are permitted on the PE interfaces that connect PSN
Procedure
Step 1 Switch the PE interfaces and CE interfaces to Layer 2 interfaces.
NOTE
If the interface is a Layer 2 interface, this step is unnecessary.
# Configure CE1.
<HUAWEI> system-view [HUAWEI] sysname CE1
Issue 01 (2011-05-30)
8-29
[CE1] interface gigabitethernet 1/0/1 [CE1-GigabitEthernet1/0/1] portswitch [CE1-GigabitEthernet1/0/1] undo shutdown [CE1-GigabitEthernet1/0/1] quit
# Configure CE2.
<HUAWEI> system-view [HUAWEI] sysname CE2 [CE2] interface gigabitethernet 1/0/1 [CE2-GigabitEthernet1/0/1] portswitch [CE2-GigabitEthernet1/0/1] undo shutdown [CE2-GigabitEthernet1/0/1] quit
# Configure CE3.
# Configure CE4.
# Configure PE1.
<HUAWEI> system-view [HUAWEI] sysname PE1 [PE1] interface gigabitethernet 1/0/3 [PE1-GigabitEthernet1/0/3] portswitch [PE1-GigabitEthernet1/0/3] undo shutdown [PE1-GigabitEthernet1/0/3] quit [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] portswitch [PE1-GigabitEthernet1/0/1] undo shutdown [PE1-GigabitEthernet1/0/1] quit [PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] portswitch [PE1-GigabitEthernet1/0/2] undo shutdown [PE1-GigabitEthernet1/0/2] quit
# Configure PE2.
Step 2 Enable the STP function on the CEs and the PEs. # Configure CE1.
[CE1] stp enable
# Configure CE2.
[CE2] stp enable
# Configure CE3.
[CE3] stp enable
# Configure CE4.
[CE4] stp enable
# Configure PE1.
[PE1] stp enable
# Configure PE2.
[PE2] stp enable
Step 3 Configure the role of the PEs as a provider. # Configure PE1.

[PE1] bpdu-tunnel stp bridge role provider
# Configure PE2.
Step 4 Add GE 1/0/3 of PE1 and PE2 into VLAN100. Add GE 1/0/1 of PE1 and PE2 into VLAN200. Disable the STP function of the PE interfaces that connect CEs. # Configure PE1.
[PE1] vlan 100 [PE1-vlan100] port gigabitethernet 1/0/3 [PE1-vlan100] quit [PE1] vlan 200 [PE1-vlan200] port gigabitethernet 1/0/1 [PE1-vlan200] quit [PE1] interface gigabitethernet 1/0/3 [PE1-GigabitEthernet1/0/3] stp disable [PE1-GigabitEthernet1/0/3] quit [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] stp disable [PE1-GigabitEthernet1/0/1] quit
# Configure PE2.
[PE2] vlan 100 [PE2-vlan100] port gigabitethernet 1/0/3 [PE2-vlan100] quit [PE2] vlan 200 [PE2-vlan200] port gigabitethernet 1/0/1 [PE2-vlan200] quit [PE2] interface gigabitethernet 1/0/3 [PE2-GigabitEthernet1/0/3] stp disable [PE2-GigabitEthernet1/0/3] quit [PE2] interface gigabitethernet 1/0/1 [PE2-GigabitEthernet1/0/1] stp disable [PE2-GigabitEthernet1/0/1] quit
Step 5 Configure the PE interface that connects PSNs, namely, GE 1/0/2 to permit the VLAN100 and VLAN200 packets. # Configure PE1.
[PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 200 [PE1-GigabitEthernet1/0/2] quit
# Configure PE2.
Step 6 Check the configuration. After the configuration, running the display stp command on CE1 and CE2, you can check the MSTP root. CE1 and CE2 calculate the spanning tree. GE 1/0/1 on CE1 is the root port; GE 1/0/1 on CE2 is the designated port.
[CE1] display stp -------[CIST Global Info] [Mode MSTP] ------CIST Bridge :32768.00e0-fc9f-3257 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.00e0-fc9a-4315 / 199999 CIST RegRoot/IRPC :32768.00e0-fc9f-3257 / 0 CIST RootPortId :128.82 BPDU-Protection :disabled TC or TCN received :6 STP Converge Mode :Fast Time since last TC received :0 days 2h:24m:36s ----[Port1(GigabitEthernet1/0/1)] [FORWARDING] ---Port Protocol :enabled Port Role :CIST Root Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=199999 Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :6 TCN: 0, Config: 0, RST: 0, MST: 6 BPDU Received :4351 TCN: 0, Config: 0, RST: 0, MST: 4351 [CE2] display stp -------[CIST Global Info] [Mode MSTP] ------CIST Bridge :32768.00e0-fc9a-4315 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.00e0-fc9a-4315 / 0 CIST RegRoot/IRPC :32768.00e0-fc9a-4315 / 0 CIST RootPortId :0.0 BPDU-Protection :disabled TC or TCN received :3 STP Converge Mode :Fast Time since last TC received :0 days 2h:26m:42s ----[Port1(GigabitEthernet1/0/1)] [FORWARDING] ---Port Protocol :enabled Port Role :CIST Designated Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=199999 Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :4534 TCN: 0, Config: 0, RST: 0, MST: 4534 BPDU Received :6 TCN: 0, Config: 0, RST: 0, MST: 6
8-32
Issue 01 (2011-05-30)
Running the display stp command on CE3 and CE4, you can check the MSTP root. CE3 and CE4 calculate the spanning tree. GE 1/0/1 on CE3 is the root port; GE 1/0/1 on CE4 is the designated port.
[CE3] display stp -------[CIST Global Info][Mode MSTP]------CIST Bridge :32768.000b-0967-58a0 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.000b-0952-f13e / 199999 CIST RegRoot/IRPC :32768.000b-0967-58a0 / 0 CIST RootPortId :128.82 BPDU-Protection :disabled TC or TCN received :0 STP Converge Mode :Fast Time since last TC received :0 days 10h:54m:37s ----[Port1(GigabitEthernet1/0/1)][FORWARDING]---Port Protocol :enabled Port Role :CIST Root Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=199999 Desg. Bridge/Port :32768.000b-0952-f13e / 128.82 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :114 TCN: 0, Config: 0, RST: 0, MST: 114 BPDU Received :885 TCN: 0, Config: 0, RST: 0, MST: 885 [CE4] display stp -------[CIST Global Info][Mode MSTP]------CIST Bridge :32768.000b-0952-f13e Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.000b-0952-f13e / 0 CIST RegRoot/IRPC :32768.000b-0952-f13e / 0 CIST RootPortId :0.0 BPDU-Protection :disabled TC or TCN received :4 STP Converge Mode :Fast Time since last TC received :0 days 8h:59m:18s ----[Port1(GigabitEthernet1/0/1)][FORWARDING]---Port Protocol :enabled Port Role :CIST Designated Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=199999 Desg. Bridge/Port :32768.000b-0952-f13e / 128.82 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :1834 TCN: 0, Config: 0, RST: 0, MST: 1834 BPDU Received :1 TCN: 0, Config: 0, RST: 0, MST: 1
----End
Configuration Files
# sysname CE1 # stp enable # interface GigabitEthernet1/0/1
Issue 01 (2011-05-30)
8-33

undo shutdown portswitch # return

# sysname CE2 # stp enable # interface GigabitEthernet1/0/1 undo shutdown portswitch # return



# sysname PE1 # vlan batch 100 200 # bpdu-tunnel stp bridge role provider # stp enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port default vlan 200 stp disalbe # interface GigabitEthernet1/0/2 undo shutdown portswitch port trunk allow-pass vlan 100 200 # interface GigabitEthernet1/0/3 undo shutdown portswitch port default vlan 100 stp disalbe # return
8-34
Issue 01 (2011-05-30)

# sysname PE2 # vlan batch 100 200 # bpdu-tunnel stp bridge role provider # stp enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port default vlan 200 stp disalbe # interface GigabitEthernet1/0/2 undo shutdown portswitch port trunk allow-pass vlan 100 200 # interface GigabitEthernet1/0/3 undo shutdown portswitch port default vlan 100 stp disalbe # return
8.5.2 Example for Configuring Interface-based BPDU Tunnel (Devices of the Same Role)
This example shows how to configure interface-based BPDU tunnels when CEs and PEs are configured as Customer.
As shown in Figure 8-8, the CEs are connected through the PEs. The BPDUs of the CEs are required to traverse the ISP network between the PEs. For each interface of a PE, only one CE accesses the PE. The BPDUs sent from CEs to PEs, therefore, do not require tags. In this situation, interface-based BPDU tunnels can be configured to meet the networking requirements. The roles of the CEs and the PEs are configured as customer. The default MAC address of the BPDUs is 0180-C200-0000. The PEs cannot transparently transmit the BPDUs received from the CEs. Thus, to meet the networking requirements, the PE devices must be enabled with the BPDU tunnel function.
Issue 01 (2011-05-30)
8-35
Figure 8-8 Networking diagram of interface-based BPDU tunnels (device of the same role)
VLAN100 CE1 GE1/0/1 PE1 GE1/0/3 GE1/0/1 GE1/0/1 CE3 VLAN200 GE1/0/2 ISP network PE2
VLAN100 CE2 GE1/0/1 GE1/0/3 GE1/0/1 GE1/0/2 GE1/0/1 CE4
VLAN200
The configuration roadmap is as follows: 1. 2. 3. Enable the STP function on the CEs and the PEs. Add the PE interfaces that connect CEs into the specified VLAN. Disable the STP function of the PE interfaces that connect CEs. Then the PE interfaces that connect CEs do not participate in the calculation of the spanning tree. Enable the BPDU tunnel function on PEs. Configure the PE interfaces that connect PSNs permit the VLAN100 and VLAN200 packets.
4.
Data Preparation
To complete the configuration, you need the following data: l l ID of the VLAN to which the PE interfaces that connect CEs belong VLAN range of the packets that are permitted on the PE interfaces that connect PSN
Procedure
Step 1 Switch the PE interfaces and CE interfaces to Layer 2 interfaces.
NOTE
If the interface is a Layer 2 interface, this step is unnecessary.
# Configure CE1.
8-36
Issue 01 (2011-05-30)
[HUAWEI] sysname CE1 [CE1] interface gigabitethernet 1/0/1 [CE1-GigabitEthernet1/0/1] portswitch [CE1-GigabitEthernet1/0/1] undo shutdown [CE1-GigabitEthernet1/0/1] quit
# Configure CE2.
# Configure CE3.
# Configure CE4.
# Configure PE1.
# Configure PE2.

[CE1] stp enable
# Configure CE2.
[CE2] stp enable
# Configure CE3.
[CE3] stp enable
# Configure CE4.
[CE4] stp enable
# Configure PE1.
[PE1] stp enable
# Configure PE2.
[PE2] stp enable
Step 3 Configure the PEs to replace the MAC addresses of the BPDUs received from the CEs. # Configure PE1.
[PE1] bpdu-tunnel stp group-mac 0100-5e00-0011
# Configure PE2.
Step 4 Add GE 1/0/3 of PE1 and PE2 into VLAN100. Add GE 1/0/1 of PE1 and PE2 into VLAN200. Disable the STP function of the PE interfaces that connect CEs. # Configure PE1.
[PE1] vlan 100 [PE1-vlan100] port gigabitethernet 1/0/3 [PE1-vlan100] quit [PE1] vlan 200 [PE1-vlan200] port gigabitethernet 1/0/1 [PE1-vlan200] quit [PE1] interface gigabitethernet 1/0/3 [PE1-GigabitEthernet1/0/3] bpdu-tunnel enable [PE1-GigabitEthernet1/0/3] stp disable [PE1-GigabitEthernet1/0/3] quit [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] bpdu-tunnel enable [PE1-GigabitEthernet1/0/1] stp disable [PE1-GigabitEthernet1/0/1] quit
# Configure PE2.
[PE2] vlan 100 [PE2-vlan100] port gigabitethernet 1/0/3 [PE2-vlan100] quit [PE2] vlan 200 [PE2-vlan200] port gigabitethernet 1/0/1 [PE2-vlan200] quit [PE2] interface gigabitethernet 1/0/3 [PE2-GigabitEthernet1/0/3] bpdu-tunnel enable [PE2-GigabitEthernet1/0/3] stp disable [PE2-GigabitEthernet1/0/3] quit [PE2] interface gigabitethernet 1/0/1 [PE2-GigabitEthernet1/0/1] bpdu-tunnel enable [PE2-GigabitEthernet1/0/1] stp disable [PE2-GigabitEthernet1/0/1] quit
8-38
Issue 01 (2011-05-30)
Step 5 Configure the PE interface that connects PSNs, namely, GE 1/0/2 to permit the VLAN100 and VLAN200 packets. # Configure PE1.
# Configure PE2.
Step 6 Check the configuration. After the configuration, running the display stp command on CE1 and CE2, you can check the MSTP root. CE1 and CE2 calculate the spanning tree. The GE1/0/1 on CE1 is the root port; the GE1/0/1 on CE2 is the designated port.
[CE1] display stp -------[CIST Global Info] [Mode MSTP] ------CIST Bridge :32768.00e0-fc9f-3257 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.00e0-fc9a-4315 / 199999 CIST RegRoot/IRPC :32768.00e0-fc9f-3257 / 0 CIST RootPortId :128.82 BPDU-Protection :disabled TC or TCN received :6 STP Converge Mode :Fast Time since last TC received :0 days 2h:24m:36s ----[Port1(GigabitEthernet1/0/1)] [FORWARDING] ---Port Protocol :enabled Port Role :CIST Root Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=199999 Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :6 TCN: 0, Config: 0, RST: 0, MST: 6 BPDU Received :4351 TCN: 0, Config: 0, RST: 0, MST: 4351 [CE2] display stp -------[CIST Global Info] [Mode MSTP] ------CIST Bridge :32768.00e0-fc9a-4315 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.00e0-fc9a-4315 / 0 CIST RegRoot/IRPC :32768.00e0-fc9a-4315 / 0 CIST RootPortId :0.0 BPDU-Protection :disabled TC or TCN received :3 STP Converge Mode :Fast Time since last TC received :0 days 2h:26m:42s ----[Port1(GigabitEthernet1/0/1)] [FORWARDING] ---Port Protocol :enabled Port Role :CIST Designated Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=199999 Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0
Issue 01 (2011-05-30)
8-39

BPDU Sent
:4534 TCN: 0, Config: 0, RST: 0, MST: 4534 BPDU Received :6 TCN: 0, Config: 0, RST: 0, MST: 6
Running the display stp command on CE3 and CE4, you can check the MSTP root. CE3 and CE4 calculate the spanning tree. The GE1/0/1 on CE3 is the root port; the GE1/0/1 on CE4 is the designated port.
[CE3] display stp -------[CIST Global Info][Mode MSTP]------CIST Bridge :32768.000b-0967-58a0 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.000b-0952-f13e / 199999 CIST RegRoot/IRPC :32768.000b-0967-58a0 / 0 CIST RootPortId :128.82 BPDU-Protection :disabled TC or TCN received :0 STP Converge Mode :Fast Time since last TC received :0 days 10h:54m:37s ----[Port1(GigabitEthernet1/0/1)][FORWARDING]---Port Protocol :enabled Port Role :CIST Root Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=199999 Desg. Bridge/Port :32768.000b-0952-f13e / 128.82 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :114 TCN: 0, Config: 0, RST: 0, MST: 114 BPDU Received :885 TCN: 0, Config: 0, RST: 0, MST: 885 [CE4] display stp -------[CIST Global Info][Mode MSTP]------CIST Bridge :32768.000b-0952-f13e Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.000b-0952-f13e / 0 CIST RegRoot/IRPC :32768.000b-0952-f13e / 0 CIST RootPortId :0.0 BPDU-Protection :disabled TC or TCN received :4 STP Converge Mode :Fast Time since last TC received :0 days 8h:59m:18s ----[Port1(GigabitEthernet1/0/1)][FORWARDING]---Port Protocol :enabled Port Role :CIST Designated Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=199999 Desg. Bridge/Port :32768.000b-0952-f13e / 128.82 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :1834 TCN: 0, Config: 0, RST: 0, MST: 1834 BPDU Received :1 TCN: 0, Config: 0, RST: 0, MST: 1
----End
Configuration Files
#
8-40
Issue 01 (2011-05-30)
sysname CE1 # stp enable # interface GigabitEthernet1/0/1 undo shutdown portswitch # return




# sysname PE1 # vlan batch 100 200 # bpdu-tunnel stp group-mac 0100-5e00-0011 # stp enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port default vlan 200 bpdu-tunnel enable stp disalbe # interface GigabitEthernet1/0/2 undo shutdown portswitch port trunk allow-pass vlan 100 200 # interface GigabitEthernet1/0/3
Issue 01 (2011-05-30)
8-41

undo shutdown portswitch port default vlan 100 bpdu-tunnel enable stp disalbe # return

# sysname PE2 # vlan batch 100 200 # bpdu-tunnel stp group-mac 0100-5e00-0011 # stp enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port default vlan 200 bpdu-tunnel enable stp disalbe # interface GigabitEthernet1/0/2 undo shutdown portswitch port trunk allow-pass vlan 100 200 # interface GigabitEthernet1/0/3 undo shutdown portswitch port default vlan 100 bpdu-tunnel enable stp disalbe # return
8.5.3 Example for Configuring VLAN-based Tunnel of BPDUs

In this example, PEs usually serve as convergence devices. The convergence interfaces on a PE may receive packets from different users. To differentiate these users, each CE adds different VLAN IDs to the packets of different users to implement VLAN-based BPDU tunnels.
As shown in Figure 8-9, the CEs are connected to the PEs. The BPDUs of the CEs are required to traverse the ISP network between the PEs. The BPDUs sent from CEs to PEs must carry tags because the PE interfaces are convergence interfaces. In this networking mode, configuring VLAN-based BPDU tunnels can achieve the following results: l l All devices in VLAN100 can participate in the STP calculation. All devices in VLAN200 can participate in the STP calculation.
The roles of the CEs and the PEs are configured as customer. The default MAC address of the BPDUs is 0180-C200-0000. The PEs cannot transparently transmit the BPDUs received from the CEs. Thus, to meet the networking requirements, the PE devices must be enabled with the BPDU tunnel function.
8-42
Issue 01 (2011-05-30)
Figure 8-9 Typical networking diagram of configuring VLAN-based transparent transmission of BPDUs
PE1 GE1/0/3 GE1/0/2 GE1/0/2 GE1/0/1 CE3 VLAN 200
P GE1/0/3 GE1/0/1 GE1/0/1 GE1/0/1 CE2 VLAN 100
PE2
GE1/0/1 GE1/0/1 CE1 VLAN 100
GE1/0/2 GE1/0/1 CE4 VLAN 200
The configuration roadmap is as follows: 1. 2. 3. Enable the STP function on the CEs and the PEs. Configure the BPDUs from CEs to PEs to carry tags. Disable the STP function of the PE interfaces that connect CEs. Then the PE interfaces that connect CEs do not participate in the calculation of the spanning tree. Enable the BPDU tunnel function on PEs. Configure the PE interfaces that connect PSNs permit the VLAN100 and VLAN200 packets. Configure the common Layer 2 forwarding function on the P. Permit the packets between PEs can be transmitted in the ISP network.
4. 5.
Data Preparation
To complete the configuration, you need the following data: l l Tag values of the BPDUs sent from the CEs to the PEs IDs of the VLANs to which the PE interfaces and the CE interfaces belong
Procedure
Step 1 Switch the PE interfaces and CE interfaces to Layer 2 interfaces. Using the portswitch command, you can switch all PE interfaces and CE interfaces in Figure 8-9 to Layer 2 interfaces.
NOTE
This step is not required for devices with Layer 2 interfaces.
Step 2 Enable the STP function on the CEs and PEs. # Configure CE1

[CE1] stp enable
# Configure CE2
[CE2] stp enable
# Configure CE3
[CE3] stp enable
# Configure CE4
[CE4] stp enable
# Configure PE1
[PE1] stp enable
# Configure PE2
[PE2] stp enable
Step 3 Label the BPDUs sent from CE1 and CE2 to the PEs with tag 100. Label the BPDUs sent from CE3 and CE4 to the PEs with tag 200. # Configure CE1.
[CE1] vlan 100 [CE1-vlan100] quit [CE1] interface gigabitethernet 1/0/1 [CE1-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 [CE1-GigabitEthernet1/0/1] stp bpdu vlan 100
# Configure CE2.
# Configure CE3.
# Configure CE4.
Step 4 Configure the PEs to replace the MAC addresses of the BPDUs received from the CEs. # Configure PE1.
# Configure PE2.
Step 5 Configure the PE interfaces to transparently transmit BPDUs received from the CEs to the P. # Configure PE1.
[PE1] vlan 100 [PE1-vlan100] quit [PE1] vlan 200 [PE1-vlan200] quit [PE1] interface gigabitethernet 1/0/3 [PE1-GigabitEthernet1/0/3] port trunk allow-pass vlan 100 200 [PE1-GigabitEthernet1/0/3] quit [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 [PE1-GigabitEthernet1/0/1] bpdu-tunnel stp vlan 100 [PE1-GigabitEthernet1/0/1] stp disable [PE1-GigabitEthernet1/0/1] quit [PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port trunk allow-pass vlan 200 [PE1-GigabitEthernet1/0/2] bpdu-tunnel stp vlan 200 [PE1-GigabitEthernet1/0/2] stp disable [PE1-GigabitEthernet1/0/2] quit
# Configure PE2.
[PE2] vlan 100 [PE2-vlan100] quit [PE2] vlan 200 [PE2-vlan200] quit [PE2] interface gigabitethernet 1/0/3 [PE2-GigabitEthernet1/0/3] port trunk allow-pass vlan 100 200 [PE2-GigabitEthernet1/0/3] quit [PE2] interface gigabitethernet 1/0/1 [PE2-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 [PE2-GigabitEthernet1/0/1] bpdu-tunnel stp vlan 100 [PE2-GigabitEthernet1/0/1] stp disable [PE2-GigabitEthernet1/0/1] quit [PE2] interface gigabitethernet 1/0/2 [PE2-GigabitEthernet1/0/2] port trunk allow-pass vlan 200 [PE2-GigabitEthernet1/0/2] bpdu-tunnel stp vlan 200 [PE2-GigabitEthernet1/0/2] stp disable [PE2-GigabitEthernet1/0/2] quit
Step 6 Configure the common Layer 2 forwarding function on the P. Configure the P to permit VLAN100 packets and VLAN200 packets from the PEs.
[P] vlan 100 [P-vlan100] quit [P] vlan 200 [P-vlan200] quit [P] interface gigabitethernet [P-GigabitEthernet1/0/2] port [P-GigabitEthernet1/0/2] quit [P] interface gigabitethernet [P-GigabitEthernet1/0/1] port [P-GigabitEthernet1/0/1] quit
1/0/2 trunk allow-pass vlan 100 200 1/0/1 trunk allow-pass vlan 100 200
[CE1] display stp -------[CIST Global Info][Mode MSTP]------CIST Bridge :32768.000b-09f0-1b91 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.000b-09d4-b66c / 199999 CIST RegRoot/IRPC :32768.000b-09f0-1b91 / 0 CIST RootPortId :128.82 BPDU-Protection :disabled TC or TCN received :2 STP Converge Mode :Fast Time since last TC received :0 days 3h:53m:43s
Issue 01 (2011-05-30)
8-45
----[Port17(GigabitEthernt1/0/1)][FORWARDING]---Port Protocol :enabled Port Role :CIST Root Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=199999 Desg. Bridge/Port :32768.000b-09d4-b66c / 128.82 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :237 TCN: 0, Config: 0, RST: 0, MST: 237 BPDU Received :9607 TCN: 0, Config: 0, RST: 0, MST: 9607 [CE2] display stp -------[CIST Global Info][Mode MSTP]------CIST Bridge :32768.000b-09d4-b66c Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.000b-09d4-b66c / 0 CIST RegRoot/IRPC :32768.000b-09d4-b66c / 0 CIST RootPortId :0.0 BPDU-Protection :disabled TC or TCN received :1 STP Converge Mode :Fast Time since last TC received :0 days 5h:29m:6s ----[Port17(GigabitEthernt1/0/1)][FORWARDING]---Port Protocol :enabled Port Role :CIST Designated Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=199999 Desg. Bridge/Port :32768.000b-09d4-b66c / 128.82 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :7095 TCN: 0, Config: 0, RST: 0, MST: 7095 BPDU Received :2 TCN: 0, Config: 0, RST: 0, MST: 2
[CE3] display stp -------[CIST Global Info][Mode MSTP]------CIST Bridge :32768.00e0-fc9f-3257 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.00e0-fc9a-4315 / 199999 CIST RegRoot/IRPC :32768.00e0-fc9f-3257 / 0 CIST RootPortId :128.82 BPDU-Protection :disabled TC or TCN received :4 STP Converge Mode :Fast Time since last TC received :0 days 3h:57m:0s ----[Port17(GigabitEthernt1/0/1)][FORWARDING]---Port Protocol :enabled Port Role :CIST Root Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=199999 Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :238
8-46
Issue 01 (2011-05-30)
TCN: 0, Config: 0, RST: 0, MST: 238 BPDU Received :9745 TCN: 0, Config: 0, RST: 0, MST: 9745 [CE4] display stp -------[CIST Global Info][Mode MSTP]------CIST Bridge :32768.00e0-fc9a-4315 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.00e0-fc9a-4315 / 0 CIST RegRoot/IRPC :32768.00e0-fc9a-4315 / 0 CIST RootPortId :0.0 BPDU-Protection :disabled TC or TCN received :2 STP Converge Mode :Fast Time since last TC received :0 days 5h:33m:17s ----[Port17(GigabitEthernt1/0/1)][FORWARDING]---Port Protocol :enabled Port Role :CIST Designated Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=199999 Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :7171 TCN: 0, Config: 0, RST: 0, MST: 7171 BPDU Received :2 TCN: 0, Config: 0, RST: 0, MST: 2
----End
Configuration Files
# sysname CE1 # vlan batch 100 # stp enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 100 stp bpdu vlan 100 # return


#
Issue 01 (2011-05-30)
8-47

sysname CE3 # vlan batch 200 # stp enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 200 stp bpdu vlan 200 # return

# sysname CE4 # vlan batch 200 # stp enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 200 stp bpdu vlan 200 # Return

# sysname PE1 # vlan batch 100 200 # bpdu-tunnel stp group-mac 0100-5e00-0011 # stp enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 100 bpdu-tunnel stp vlan 100 stp disalbe # interface GigabitEthernet1/0/2 undo shutdown portswitch port trunk allow-pass vlan 200 bpdu-tunnel stp vlan 200 stp disalbe # interface GigabitEthernet1/0/3 undo shutdown portswitch port trunk allow-pass vlan 100 200 # return
Configuration file of the P

# sysname P # vlan batch 100 200 # interface GigabitEthernet1/0/1 undo shutdown portswitch
8-48
Issue 01 (2011-05-30)
port trunk allow-pass vlan 100 200 # interface GigabitEthernet1/0/2 undo shutdown portswitch port trunk allow-pass vlan 100 200 # return

# sysname PE2 # vlan batch 100 200 # bpdu-tunnel stp group-mac 0100-5e00-0011 # stp enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 100 bpdu-tunnel stp vlan 100 stp disalbe # interface GigabitEthernet1/0/2 undo shutdown portswitch port trunk allow-pass vlan 200 bpdu-tunnel stp vlan 200 stp disalbe # interface GigabitEthernet1/0/3 undo shutdown portswitch port trunk allow-pass vlan 100 200 # return
8.5.4 Example for Configuring Tunnel of BPDUs Based on QinQ

In this example, PEs usually serve as convergence devices. PEs may be connected to a large number of user networks. To save the VLAN ID resources of the ISP and to differentiate users, each CE adds different VLAN IDs to the packets of different users, and each PE adds different outer VLAN IDs based on the inner VLAN IDs. QinQ-based BPDU tunnel is thus implemented.
As shown in Figure 8-10, the CEs are connected through the PEs. The BPDUs sent from CE1 and CE2 to the PEs carry tag 100. The BPDUs sent from CE3 and CE4 to the PEs carry tag 200. In this networking mode, configuring the BPDU tunnel function on the PEs can achieve the following results: l l All devices in VLAN100 can participate in the STP calculation. All devices in VLAN200 can participate in the STP calculation.
In addition, to save public VLAN IDs, VLAN stacking can be configured on the PEs. After the configuration, the BPDUs with tag 100 and tag 200 sent from the CEs to the PEs are labeled with outer tag 10 and then transmitted in the ISP network. The BPDUs transmitted in the ISP network, thus, carry double tags. In this example, the CEs and PEs are configured with different roles:
l l
The role of CEs is configured as customer. The default MAC address of the BPDUs of the CEs is 0180-C200-0000. The role of PEs is configured as provider. The default MAC address of the BPDUs of the CEs is 0180-C200-0008.
Figure 8-10 Networking diagram of QinQ-based BPDU tunnels
VLAN100 CE1 GE1/0/1 GE1/0/1 GE1/0/1 CE3 VLAN200 PE1 GE1/0/3 GE1/0/2 ISP network GE1/0/3 GE1/0/2 PE2
VLAN100 CE2 GE1/0/1 GE1/0/1
GE1/0/1 CE4 VLAN200
The configuration roadmap is as follows: 1. 2. 3. Enable the STP function on the CEs and the PEs. Configure the BPDUs from CEs to PEs to carry tags. Disable the STP function of the PE interfaces that connect CEs. Then the PE interfaces that connect CEs do not participate in the calculation of the spanning tree. Enable the BPDU tunnel function on PEs. Configure the VLAN stacking function on the Layer 2 interfaces of the PEs. Label the BPDUs with different tag values sent from the CEs with outer tag 10 and before the BPDUs are transmitted in the ISP network.
4.
Data Preparation
8-50
Inner tag values of the BPDUs sent from the CEs to the PEs Outer tag of the BPDUs added by the PEs IDs of the VLANs to which the PE interfaces and the CE interfaces belong
Procedure
Step 1 Switch the PE interfaces and CE interfaces to Layer 2 interfaces. Using the portswitch command, you can switch all PE interfaces and CE interfaces in Figure 8-10 to Layer 2 interfaces.
NOTE
This step is not required for devices with Layer 2 interfaces.
[CE1] stp enable
# Configure CE2.
[CE2] stp enable
# Configure CE3.
[CE3] stp enable
# Configure CE4.
[CE4] stp enable
# Configure PE1.
[PE1] stp enable
# Configure PE2.
[PE2] stp enable
Step 3 Label the BPDUs sent from CE1 and CE2 to the PEs with tag 100. Label the BPDUs sent from CE3 and CE4 to the PEs with tag 200. # Configure CE1.
[CE1] vlan 100 [CE1-vlan100] quit [CE1] interface gigabitethernet 1/0/1 [CE1-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 [CE1-GigabitEthernet1/0/1] stp bpdu vlan 100 [CE1-GigabitEthernet1/0/1] quit
# Configure CE2.
# Configure CE3.
# Configure CE4.
Step 4 Configure the role of the PEs as provider. # Configure PE1.

# Configure PE2.
Step 5 Configure the QinQ function of the PEs. Label the VLAN100 packets and VLAN200 packets from the CEs with tag 10 before the packets are transmitted in the PSN network. # Configure PE1.
[PE1] vlan 10 [PE1-Vlan10] quit [PE1] interface gigabitethernet 1/0/3 [PE1-GigabitEthernet1/0/3] port trunk allow-pass vlan 10 [PE1-GigabitEthernet1/0/3] quit [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] port vlan-stacking outside-vlan 100 stack-vlan 10 [PE1-GigabitEthernet1/0/1] stp disable [PE1-GigabitEthernet1/0/1] quit [PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port vlan-stacking outside-vlan 200 stack-vlan 10 [PE1-GigabitEthernet1/0/2] stp disable [PE1-GigabitEthernet1/0/2] quit
# Configure PE2.
[PE2] vlan 10 [PE2-Vlan10] quit [PE2] interface gigabitethernet 1/0/3 [PE2-GigabitEthernet1/0/3] port trunk allow-pass vlan 10 [PE2-GigabitEthernet1/0/3] quit [PE2] interface gigabitethernet 1/0/1 [PE2-GigabitEthernet1/0/1] port vlan-stacking outside-vlan 100 stack-vlan 10 [PE2-GigabitEthernet1/0/1] stp disable [PE2-GigabitEthernet1/0/1] quit [PE2] interface gigabitethernet 1/0/2 [PE2-GigabitEthernet1/0/2] port vlan-stacking outside-vlan 200 stack-vlan 10 [PE2-GigabitEthernet1/0/2] stp disable [PE2-GigabitEthernet1/0/2] quit
[CE1] display stp -------[CIST Global Info][Mode MSTP]------CIST Bridge :32768.000b-09f0-1b91 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.000b-09d4-b66c / 199999 CIST RegRoot/IRPC :32768.000b-09f0-1b91 / 0 CIST RootPortId :128.82 BPDU-Protection :disabled TC or TCN received :2 STP Converge Mode :Fast Time since last TC received :0 days 3h:53m:43s
8-52
Issue 01 (2011-05-30)
----[Port17(GigabitEthernet1/0/1)][FORWARDING]---Port Protocol :enabled Port Role :CIST Root Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=199999 Desg. Bridge/Port :32768.000b-09d4-b66c / 128.82 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :237 TCN: 0, Config: 0, RST: 0, MST: 237 BPDU Received :9607 TCN: 0, Config: 0, RST: 0, MST: 9607 [CE2] display stp -------[CIST Global Info][Mode MSTP]------CIST Bridge :32768.000b-09d4-b66c Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.000b-09d4-b66c / 0 CIST RegRoot/IRPC :32768.000b-09d4-b66c / 0 CIST RootPortId :0.0 BPDU-Protection :disabled TC or TCN received :1 STP Converge Mode :Fast Time since last TC received :0 days 5h:29m:6s ----[Port17(GigabitEthernet1/0/1)][FORWARDING]---Port Protocol :enabled Port Role :CIST Designated Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=199999 Desg. Bridge/Port :32768.000b-09d4-b66c / 128.82 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :7095 TCN: 0, Config: 0, RST: 0, MST: 7095 BPDU Received :2 TCN: 0, Config: 0, RST: 0, MST: 2
[CE3] display stp -------[CIST Global Info][Mode MSTP]------CIST Bridge :32768.00e0-fc9f-3257 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.00e0-fc9a-4315 / 199999 CIST RegRoot/IRPC :32768.00e0-fc9f-3257 / 0 CIST RootPortId :128.82 BPDU-Protection :disabled TC or TCN received :4 STP Converge Mode :Fast Time since last TC received :0 days 3h:57m:0s ----[Port17(GigabitEthernet1/0/1)][FORWARDING]---Port Protocol :enabled Port Role :CIST Root Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=199999 Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :238
Issue 01 (2011-05-30)
8-53
TCN: 0, Config: 0, RST: 0, MST: 238 BPDU Received :9745 TCN: 0, Config: 0, RST: 0, MST: 9745 [CE4] display stp -------[CIST Global Info][Mode MSTP]------CIST Bridge :32768.00e0-fc9a-4315 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.00e0-fc9a-4315 / 0 CIST RegRoot/IRPC :32768.00e0-fc9a-4315 / 0 CIST RootPortId :0.0 BPDU-Protection :disabled TC or TCN received :2 STP Converge Mode :Fast Time since last TC received :0 days 5h:33m:17s ----[Port17(GigabitEthernet1/0/1)][FORWARDING]---Port Protocol :enabled Port Role :CIST Designated Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=199999 Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82 Port Edged :Config=disabled / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :3 packets/hello-time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0 BPDU Sent :7171 TCN: 0, Config: 0, RST: 0, MST: 7171 BPDU Received :2 TCN: 0, Config: 0, RST: 0, MST: 2
Running the display vlan command on the PEs, you can view information about QinQ. Take PE1 as an example.
[PE1] display vlan 10 verbose VLAN ID : 10 VLAN Type : Common Description : VLAN 0010 Status : Enable Broadcast : Enable MAC learning : Enable Statistics : Disable ---------------Tagged Port: GigabitEthernet1/0/3 ---------------QinQ-stack Port: GigabitEthernet1/0/1
GigabitEthernet1/0/2
----End
Configuration Files
l
8-54




# sysname PE1 # bpdu-tunnel stp bridge role provider # stp enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port vlan-stacking outside-vlan 100 stack-vlan 10 stp disalbe # interface GigabitEthernet1/0/2 undo shutdown portswitch port vlan-stacking outside-vlan 200 stack-vlan 10 stp disalbe # interface GigabitEthernet1/0/3 undo shutdown portswitch
Issue 01 (2011-05-30)
8-55

port trunk allow-pass vlan 10 # return

# sysname PE2 # bpdu-tunnel stp bridge role provider # stp enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port vlan-stacking outside-vlan 100 stack-vlan 10 stp disalbe # interface GigabitEthernet1/0/2 undo shutdown portswitch port vlan-stacking outside-vlan 200 stack-vlan 10 stp disalbe # interface GigabitEthernet1/0/3 undo shutdown portswitch port trunk allow-pass vlan 10 # return
8-56
Issue 01 (2011-05-30)
9 RRPP Configuration
9
About This Chapter
RRPP Configuration
The Rapid Ring Protection Protocol (RRPP) features fast convergence, because the convergence time is irrelevant to the number of the nodes on the ring. 9.1 RRPP Introduction To shorten the convergence time and reduce the impact of the network size on convergence speed, Huawei has developed RRPP, which is a link layer protocol applied to an Ethernet ring. 9.2 Configuring RRPP Functions Through RRPP, devices on an Ethernet ring are configured to be the nodes with different roles on RRPP rings. The nodes on an RRPP ring detect the ring status and transmit topology changes by sending and receiving RRPP protocol packets. The master node on an RRPP ring blocks or opens secondary ports according to the ring status. In this manner, if a fault occurs on a node or a link on the RRPP ring, traffic can be fast switched to the backup link and data loops can be prevented. 9.3 Configuring the Monitoring Interface A monitoring interface is used in the networking scheme where master and backup NPEs connected to RRPP rings support fast switching of Layer 2 services. When the status of the monitoring interface or the status of the BFD session changes, the node where the monitoring interface resides clears the dynamic MAC entries, and meanwhile sends a COMMON-FLUSHFDB packet to notify other nodes on the RRPP ring to clear their dynamic MAC entries. 9.4 Configuring RRPP Snooping RRPP Snooping is a technology through which changes on an RRPP ring can be notified to a VPLS network. When RRPP Snooping is configured on sub-interfaces or VLANIF interfaces, the VPLS network can transparently transmit RRPP protocol packets, detect the changes on the RRPP rings, and upgrade the forwarding entries to ensure that traffic is switched in time to a congestion-free path. 9.5 Maintaining RRPP Commands of clearing statistics helps to locate the RRPP faults on a device. 9.6 Configuration Examples
Issue 01 (2011-05-30)
9-1
This section describes the typical application scenario of RRPP, including networking requirements, configuration roadmap, and data preparation, and provides related configuration files.
9-2
Issue 01 (2011-05-30)
9.1 RRPP Introduction

To shorten the convergence time and reduce the impact of the network size on convergence speed, Huawei has developed RRPP, which is a link layer protocol applied to an Ethernet ring. 9.1.1 Overview of RRPP RRPP is a link layer protocol applied to an Ethernet ring. RRPP features fast convergence and can prevent broadcast storms caused by data loops. 9.1.2 RRPP Features Supported by the CX600 This part describes basic principles and application scenarios of RRPP in terms of RRPP basic functions, Hello and Fail timers, monitoring interface and RRPP Snooping.
9.1.1 Overview of RRPP

RRPP is a link layer protocol applied to an Ethernet ring. RRPP features fast convergence and can prevent broadcast storms caused by data loops. For most MANs and LANs, the ring network is adopted to provide high reliability. A fault of any single node on the ring, however, affects the service. In general, the technology of the ring network is the Resilient Packet Ring (RPR) or Ethernet ring. A special hardware is required to adopt RPR, which increases the costs. Therefore, increasing number of MANs and LANs are moving towards adopting the Ethernet ring as it is technologically advanced and the costs involved are comparatively less.
NOTE
RPR interfaces cannot be configured on the X1 and X2 models of the CX600.
The RSTP/MSTP and Rapid Ring Protection Protocol (RRPP) are generally adopted to address the Layer 2 network loop. RSTP/MSTP is highly adaptable; however, the convergence time is measured in seconds. Compared with other Ethernet ring technologies, RRPP has the following features: l l l l Convergence time is less than 50 milliseconds (ms). Convergence time is not related to the number of nodes on a ring network. Thus, RRPP can be applied to a large-scale network. RRPP can prevent broadcast storm caused by loops when an Ethernet ring network is complete. On an Ethernet ring network, when a link is disconnected, a backup link immediately resumes the normal communication between nodes.
9.1.2 RRPP Features Supported by the CX600

This part describes basic principles and application scenarios of RRPP in terms of RRPP basic functions, Hello and Fail timers, monitoring interface and RRPP Snooping.
Basic Functions of RRPP

This section describes several RRPP concepts as shown in Figure 9-1.
Figure 9-1 Application of crossed RRPP rings in the MAN
RRPP Domain Master Node
Edge Node
CX-B Transit Node CX-A RRPP Major-Ring
SwitchA RRPP Sub-Ring 1
Master Node
Assistant Node RRPP Sub-Ring 2
CX-C Transit Node
Master Node
SwitchB
RRPP domain An RRPP domain is identified uniquely with the domain ID, which is an integer. The RRPP domain comprises a group of switches that are connected and configured with the same domain ID and control VLAN. One RRPP domain consists of elements such as the RRPP major ring and sub-ring, control VLAN, master node, transit node, common port and edge port, and primary port and secondary port.
RRPP ring One RRPP ring corresponds only to one Ethernet ring topology. An RRPP ring is a part of the RRPP domain. An RRPP domain can consist of one RRPP ring or multiple crossed RRPP rings.
RRPP major ring and sub-ring If an RRPP domain consists of multiple crossed RRPP rings, you can set one ring to be the major ring and other rings to be sub-rings by specifying their levels. In one RRPP domain, there is only one RRPP major ring. The protocol packets of the sub-ring are transmitted as data packets in the major ring. The packets of the major ring are transmitted only in the major ring.
Control VLAN of RRPP The control VLAN is a concept related to the data VLAN. In the RRPP domain, the control VLAN is only used to transmit RRPP protocol packets. The control VLAN contains only RRPP interfaces. One RRPP domain is configured with two control VLANs, that is, the major control VLAN and sub-control VLAN. During configuration, you must specify only the major control VLAN, and set the VLAN whose ID is equal to the major control VLAN ID plus 1 to the sub-control VLAN.
9-4
Issue 01 (2011-05-30)
The data VLAN is used to transmit data packets as against the control VLAN. The data VLAN can contain both the RRPP port and non-RRPP port. l Master node On the Ethernet ring, each switch is called a node. On each RRPP ring, there must be only one master node. l Transit node On an RRPP major ring, all nodes are transit nodes except the master node. The transit node monitors the status of its directly connected RRPP links. When the link status is changed, the transit node informs the master node. The master node decides how to process the change. l Edge node and assistant edge node A switch is an edge node or an assistant edge node on the sub-ring, and it is a transit node on the major ring. On an RRPP sub-ring, either of the two nodes crossing with the major ring can be specified as the edge node. On one sub-ring, there must be only one edge node. On an RRPP sub-ring, if one of the two nodes crossed with the major ring is specified as the edge node, the other node is the assistant edge node. l Primary port and secondary port On both the master node and transit node, one of the two ports to the Ethernet ring is the primary port, and the other is the secondary port. The role of a port is decided by the user configuration. l Common port and Edge port On an edge node or an assistant edge node, the port shared by the sub-ring and major ring is called the common port. The port only on the sub-ring is called the edge port.
Hello Timer and Fail Timer

When RRPP detects the link status of the Ethernet ring, the master node sends the Hello packet according to the Hello timer. The master node then assesses whether the secondary port receives the Hello packet according to the Fail timer. l l The value of the Hello timer specifies the period taken by the master node to send the Hello packet from the primary port. The value of the Fail timer specifies the maximum period delayed by the Hello packet to reach the secondary port from the primary port.
Monitoring Interface
As shown in Figure 9-2, Metro Ethernet RRPP networking solution can realize the switchover of Network Provider Edge (NPE).
Issue 01 (2011-05-30)
9-5
Figure 9-2 Networking diagram of Metro Ethernet RRPP solution

UPE Master: VLAN1-100 Backup: VLAN101-200 NPE A PE-AGG A UPE RRPP ring VLAN:101-200 Core network BFD for VRRP RRPP ring VLAN:1-100 UPE BFD
LANSwitch
PE-AGG B
BFD NPE B Master: VLAN101-200 Backup: VLAN1-100
DSLAM
UPE Track interface
DSLAM: Digital Subscriber Line Access Multiplexer UPE: Underlayer Provider Edge BFD: Bidirectional Forwarding Detection
PE-AGG: PE-Aggregation NPE: Network Provider Edge VRRP: Virtual Router Redundancy Protocol
After monitoring interfaces are configured on PE-AGG nodes, RRPP rings can monitor the status of the connections between PE-AGG nodes and NPEs. When the status of monitoring interfaces or the status of bidirectional forwarding detection (BFD) on interfaces changes, each node on RRPP rings updates its dynamic MAC address table. This ensures the continuity of the traffic between master/backup NPEs and PE-AGG nodes.
RRPP Snooping
As shown in Figure 9-3, UPE A, UPE B, and NPE D comprise an RRPP ring. UPE A is the master node, UPE B is the transit node, and VLAN 100 is the control VLAN. The RRPP ring accesses the Virtual Private LAN Service (VPLS) network through subinterfaces GE 1/0/0.100 and GE 2/0/0.100 on NPE D. Sub-interfaces allow only the control VLAN packets of the RRPP ring to pass through. In this manner, NPE D can transparently transmit RRPP control packets through the sub-interfaces on both sides to ensure the structure integrity of the RRPP ring. The RRPP protocol, however, is not run in NPE D. NPE D transmits data packets of VLANs 10 to 20 on the RRPP ring through sub-interfaces GE 1/0/0.10 to GE 1/0/0.20, sub-interfaces GE 2/0/0.10 to GE 2/0/0.20, or the VLANIF interface. Data packets in the RRPP ring are transparently transmitted to the upper layer network through the VPLS network. For the details of access principles and transmission principles, refer to the HUAWEI CX600 Metro Services Platform Configuration Guide - VPN. NPEs are connected through pseudo wires (PWs).
9-6
Issue 01 (2011-05-30)
Figure 9-3 Networking diagram of RRPP and VPLS

NPE B
NPE A
VPLS
NPE C
GE1/0/0.100 NPE D GE RRPP ring Control VLAN:100 User VLAN:10~20
GE2/0/0.100
P UPE A S
UPE B
data packet hello packet
P : primary port S : secondary port
The VPLS network cannot sense the change of the RRPP ring status because NPE nodes cannot respond to the RRPP control packets. When the RRPP ring topology changes, each node in the VPLS network forwards downstream data according to the MAC address table generated before the RRPP ring topology changes. As a result, the downstream traffic cannot be forwarded. After the RRPP snooping is enabled on the sub-interfaces GE 1/0/0.100 and GE 2/0/0.100 of NPE D, NPE D can respond to the RRPP control packets. Then, NPE D can synchronize the change of the RRPP ring status and refresh the MAC address table of the virtual switching instance (VSI). This ensures that downstream traffic is normally forwarded.
9.2 Configuring RRPP Functions

Through RRPP, devices on an Ethernet ring are configured to be the nodes with different roles on RRPP rings. The nodes on an RRPP ring detect the ring status and transmit topology changes by sending and receiving RRPP protocol packets. The master node on an RRPP ring blocks or opens secondary ports according to the ring status. In this manner, if a fault occurs on a node or a link on the RRPP ring, traffic can be fast switched to the backup link and data loops can be prevented. 9.2.1 Establishing the Configuration Task If you have already enabled RRPP on a port, you cannot enable STP on it. That is, the two protocols cannot coexist on a port. 9.2.2 Creating the RRPP Domain A group of connected switches that have the same domain ID and the same control VLANs constitute an RRPP domain. An RRPP domain mainly consists of RRPP rings, control VLANs, and master nodes.
9.2.3 Creating the Control VLAN Each RRPP ring has two control VLANs. The major control VLAN transmits mainly the protocol packets of the major ring; the sub-control VLAN transmits mainly the protocol packets of the sub-rings. 9.2.4 (Optional) Setting the Values of RRPP Domain Timers Two timers, that is, the Hello timer and the Fail timer are used when master nodes are sending and receiving RRPP protocol packets. The Hello timer is used when primary ports are sending Hello packets. The Fail timer is used when secondary ports are receiving the Hello packets sent by the local node. 9.2.5 Configuring the Ports on a RRPP Ring The ports on an RRPP ring are called RRPP ports. RRPP ports have to allow the packets from both control VLANs and data VLANs to pass through, so you can configure the type of the RRPP ports as trunk or hybrid. 9.2.6 Creating the RRPP Ring An RRPP ring physically corresponds to an Ethernet ring. An RRPP domain consists of one or multiple crossed RRPP rings. In an RRPP domain, only one RRPP ring is the major ring and the others are sub-rings. Whether a ring is a major ring or a sub-ring depends on the level specified for that ring. 9.2.7 Enabling the RRPP Ring The protocol packets of sub-rings are transmitted on the major ring as data packets; the protocol packets of the major ring are transmitted on only the major ring. An RRPP ring can take effect only when it is enabled. 9.2.8 Enabling RRPP To activate an RRPP ring, you must enable RRPP and the RRPP ring. 9.2.9 Checking the Configuration After the basic RRPP functions are successfully configured, you can view the mode of the nodes on the RRPP ring, RRPP protocol status, control VLAN, link recovery delay, and timer value.

If you have already enabled RRPP on a port, you cannot enable STP on it. That is, the two protocols cannot coexist on a port.
RRPP is used for the networking of the single-ring or multiple crossed rings. When configuring RRPP, you must configure all nodes on the RRPP ring.
NOTE
The RRPP or the STP can not coexist on a port. RRPP contains no auto election mechanism. Therefore, to ensure the detection and protection of the ring network through RRPP, you must correctly configure each node on the ring.
Pre-Configuration Tasks
Before configuring RRPP functions, complete the following tasks: l l
9-8
Establishing the ring topology Configuring the link attributes of the interface
Data Preparation
To configure RRPP functions, you need the following data. No. 1 2 3 4 5 Data ID of the RRPP domain ID of the control VLAN in the RRPP domain IDs of all RRPP rings in the RRPP domain Values of the Hello timer and Fail timer in the RRPP domain Port name of the RRPP ring
9.2.2 Creating the RRPP Domain

A group of connected switches that have the same domain ID and the same control VLANs constitute an RRPP domain. An RRPP domain mainly consists of RRPP rings, control VLANs, and master nodes.
Context
Do as follows on all switches in the RRPP domain:
Procedure
Step 1 Run:
system-view

rrpp domain domain-id
The RRPP domain is created. When creating the RRPP domain, you must specify the domain ID. If the domain exists, the domain view is directly displayed.
NOTE
The maximum number of RRPP rings that can be configured on a device is determined by the relevant license. To purchase the License, you can contact the Huawei technical support personnel.
----End
9.2.3 Creating the Control VLAN

Each RRPP ring has two control VLANs. The major control VLAN transmits mainly the protocol packets of the major ring; the sub-control VLAN transmits mainly the protocol packets of the sub-rings.
Context
Procedure
Step 1 Run:
system-view

The domain view is displayed. Step 3 Run:

control-vlan vlan-id
The control VLAN is created. The control VLAN specified by vlan-id and the sub-control VLAN specified by vlan-id+1 must be uncreated and not used in port trunk, mapping, or stacking mode. After configuring the control VLAN, you cannot directly modify it. You can only delete the control VLAN by deleting the domain, and then reconfigure the control VLAN. The sub-control VLAN is also deleted when you delete the domain. ----End
9.2.4 (Optional) Setting the Values of RRPP Domain Timers

Two timers, that is, the Hello timer and the Fail timer are used when master nodes are sending and receiving RRPP protocol packets. The Hello timer is used when primary ports are sending Hello packets. The Fail timer is used when secondary ports are receiving the Hello packets sent by the local node.
Context
Do as follows on the master node in the RRPP domain:
Procedure
Step 1 Run:
system-view


timer hello-timer hello-value fail-timer fail-value
The values of RRPP domain timers are set. The value of the Fail timer is equal to or more than three times the value of the Hello timer.
The value of the Edge-hello timer defaults to half the value of the Hello timer of the master node on the major ring. Set consistent Hello timers and Fail timers on all the nodes in the same RRPP ring domain; otherwise, the edge ports of the edge nodes might be unstable. ----End
9.2.5 Configuring the Ports on a RRPP Ring

The ports on an RRPP ring are called RRPP ports. RRPP ports have to allow the packets from both control VLANs and data VLANs to pass through, so you can configure the type of the RRPP ports as trunk or hybrid.
Context
WARNING
If the board where the ports reside is pulled out, all RRPP configurations on the port are lost and cannot recover automatically. To restore the RRPP configurations on the ports, run all the commands about RRPP again. Do as follows at the port that needs to be added into RRPP ring.
Procedure
Step 1 Run:
system-view
The system view displayed. Step 2 Run:

The interface view is displayed. The Layer 2 ports supported by RRPP are Ethernet, GigabitEthernet, and Eth-Trunk on Layer 2. Interfaces enabled with MSTP and Eth-Trunk member interfaces cannot be configured as RRPP ports. Step 3 Run:
portswitch
The port is switched to a switched port. Step 4 (Optional) Run:

port link-type trunk
The port is configured as a trunk port. By default, the port is a hybrid port.
The RRPP port should be set to a trunk or hybrid port because it allows packets from both the control VLAN and the data VLAN to pass through. Step 5 Run:
The RRPP port is configured to allow the data VLAN frames to pass through.
NOTE
l The control VLAN is specified by the control-vlan command in the RRPP domain view and automatically becomes the VLAN that is allowed on all RRPP interfaces. Thus, you only need to specify the data VLAN in this step. l When RRPP ports are to be added to a VLAN, if VLANIF interfaces in this VLAN are enabled with RRPP snooping, the RRPP ports cannot be added to the VLAN.
Step 6 Run:
stp disable
STP is disabled at the port. By default, STP is enabled on all ports of the device. Before creating an RRPP ring, you need to disable STP at all ports to be added to the RRPP ring. ----End
9.2.6 Creating the RRPP Ring

An RRPP ring physically corresponds to an Ethernet ring. An RRPP domain consists of one or multiple crossed RRPP rings. In an RRPP domain, only one RRPP ring is the major ring and the others are sub-rings. Whether a ring is a major ring or a sub-ring depends on the level specified for that ring.
Context
NOTE
By default, STP is enabled on all interfaces of the device. Before creating the RRPP ring, therefore, you need to use the stp disable command to disable the STP function on the interfaces to be added to the RRPP ring.
Procedure
Step 1 Run:
system-view


ring ring-id node-mode { master | transit } primary-port interface-type interfacenumber secondary-port interface-type interface-number level level-value
The RRPP ring is created.

RRPP can be used on the ports such as Ethernet, GigabitEthernet, Eth-Trunk. The level 0 refers to the major ring, while level 1 refers to the sub-ring. In one domain, there must be only one major ring. The sub-ring can be created only after creating the major ring.
NOTE
When a major ring and a sub-ring are intersectant, it is recommended that you configure the major ring before configuring the sub-ring. If you configure the sub-ring first, the broadcast storm of the protocol packets may easily occur. The protocol packets of the major ring are then discarded by a transit node. It causes the secondary port to fail to receive the protocol packets and thus fail to be blocked. As a result, the state of the RRPP ring is incorrect.
Step 4 Run:
ring ring-id node-mode { edge | assistant-edge } common-port interface-type interface-number edge-port interface-type interface-number
The edge node and assistant edge node on the RRPP sub-ring are configured. The common port of the edge node and assistant edge node must be on the major ring. The system automatically sets the level of the ring where the edge node and assistant edge node reside to 1.
NOTE
The maximum number of RRPP rings that can be created on a device or in a domain is determined by the relevant license. To purchase the license, you can contact the Huawei technical support personnel.
----End
9.2.7 Enabling the RRPP Ring

The protocol packets of sub-rings are transmitted on the major ring as data packets; the protocol packets of the major ring are transmitted on only the major ring. An RRPP ring can take effect only when it is enabled.
Context
NOTE
l The RRPP ring can be activated only when both the RRPP ring and RRPP protocol are enabled. l RRPP and RRPP snooping cannot be configured on the same interface.
Procedure
Step 1 Run:
system-view


ring ring-id enable
Issue 01 (2011-05-30)
9-13
The RRPP ring is enabled. ----End
9.2.8 Enabling RRPP

To activate an RRPP ring, you must enable RRPP and the RRPP ring.
Context
NOTE
The RRPP ring can be activated only when both the RRPP ring and RRPP protocol are enabled.
Procedure
Step 1 Run:
system-view

rrpp enable
The RRPP protocol is enabled. ----End

After the basic RRPP functions are successfully configured, you can view the mode of the nodes on the RRPP ring, RRPP protocol status, control VLAN, link recovery delay, and timer value.
Prerequisite
The configurations of RRPP function are complete.
Procedure
l l l Run the display rrpp brief command to check the brief information about the RRPP domain. Run the display rrpp verbose domain domain-id [ ring ring-id ] command to check the detailed information about the RRPP domain. Run the display rrpp statistics domain domain-id [ ring ring-id ] command to check the packet statistics of the RRPP domain.
----End
Example
Run the display rrpp brief command. You can view information such as the node mode, RRPP status, protected VLAN, control VLAN, Linkup Delay timer and values of Hello timer and Fail timer. For example:
<HUAWEI> display rrpp brief
9-14
Issue 01 (2011-05-30)
Abbreviations for Switch Node Mode : M - Master , T - Transit , E - Edge , A - Assistant-Edge RRPP Protocol Status: Enable RRPP Linkup Delay Timer: 0 sec(default is 0 sec) Number of RRPP Domains: 2
Domain Index : 1 Control VLAN : major 400 sub 401 Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec) Ring Ring Node Primary/Common Secondary/Edge Is ID Level Mode Port Port Enabled --------------------------------------------------------------------------1 0 M GigabitEthernet1/0/6 GigabitEthernet1/0/1 Yes Domain Index : 2 Control VLAN : major 200 sub 201 Protected VLAN : Reference Instance 0 to 2, 4 Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec) Ring Ring Node Primary/Common Secondary/Edge Is ID Level Mode Port Port Enabled --------------------------------------------------------------------------1 0 M GigabitEthernet1/0/3 GigabitEthernet1/0/4 No 2 1 E GigabitEthernet1/0/3 GigabitEthernet1/0/5 No
Run the display rrpp verbose command. You can view the detailed information such as the control VLAN, timers, node mode, and port status. For example:
<HUAWEI> display rrpp verbose domain 2 ring 2 Domain Index : 2 Control VLAN : major 200 sub 201 Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec) RRPP Ring : 2 Ring Level : 1 Node Mode : Edge Ring State : Unknown Is Enabled : Disable Is Active : No Common port : GigabitEthernet1/0/3 Port status: UNKNOWN Edge port : GigabitEthernet1/0/5 Port status: UNKNOWN
Run the display rrpp statistics command. You can view the sending and receiving statistics of all types of packets. For example:
<HUAWEI> display rrpp statistics domain 1 ring 1 RRPP Ring : 1 Ring Level : 0 Node Mode : Master Is Active : Yes Primary port : GigabitEthernet1/0/0 Packet LINK COMMON COMPLETE EDGE MAJOR Packet Direct HEALTH DOWN FDB FDB HELLO FAULT Total ------------------------------------------------------------------------------Send 5386 0 0 0 0 0 0 Rcv 0 0 0 0 0 0 0 Secondary port: GigabitEthernet1/0/1 Packet LINK COMMON COMPLETE EDGE MAJOR Packet Direct HEALTH DOWN FDB FDB HELLO FAULT Total ------------------------------------------------------------------------------Send 0 0 0 0 0 0 0 Rcv 0 0 0 0 0 0 0
9.3 Configuring the Monitoring Interface

A monitoring interface is used in the networking scheme where master and backup NPEs connected to RRPP rings support fast switching of Layer 2 services. When the status of the monitoring interface or the status of the BFD session changes, the node where the monitoring
interface resides clears the dynamic MAC entries, and meanwhile sends a COMMON-FLUSHFDB packet to notify other nodes on the RRPP ring to clear their dynamic MAC entries. 9.3.1 Establishing the Configuration Task The port that is configured as a monitoring interface supports hot swapping. Each time it is pulled out or inserted, dynamic MAC entries start to be cleared on the RRPP ring. When the port that is configured as a monitoring interface is pulled out and a different port is inserted, the original configuration of the monitoring interface is cleared. 9.3.2 Configuring the Monitoring Interface A monitoring interface can be configured on any node of an RRPP major ring or a sub-ring, but it cannot be a port on an RRPP ring. Different RRPP rings can share one monitoring interface. 9.3.3 Checking the Configuration After a monitoring interface is successfully configured, you can view information about the monitoring interface in a specified RRPP domain.

The port that is configured as a monitoring interface supports hot swapping. Each time it is pulled out or inserted, dynamic MAC entries start to be cleared on the RRPP ring. When the port that is configured as a monitoring interface is pulled out and a different port is inserted, the original configuration of the monitoring interface is cleared.
The monitoring interface is used for the networking of NPEs connecting to RRPP switchover. Figure 9-4 Networking diagram of the applicable environment of monitoring interfaces
UPE
PE-AGG A UPE RRPP ring
NPE A
UPE RRPP ring
PE-AGG B
NPE B
UPE UPE
Track interface
Before configuring an RRPP monitoring interface, complete the following task: l
9-16
Completing RRPP ring configuration with normal RRPP performance

Data Preparation
To configure an RRPP monitoring interface, you need the following data. No. 1 2 3 Data RRPP domain ID RRPP ring ID Number of the monitoring interface
9.3.2 Configuring the Monitoring Interface

A monitoring interface can be configured on any node of an RRPP major ring or a sub-ring, but it cannot be a port on an RRPP ring. Different RRPP rings can share one monitoring interface.
Context
Do as follows on the nodes connecting to NPE on the RRPP ring:
Procedure
Step 1 Run:
system-view


ring ring-id track interface interface-type interface-number
Set the monitoring interface. The monitoring interface cannot be a port on the RRPP ring. The interface types are available as Ethernet interface, GigabitEthernet interface, Eth-Trunk interface, Ethernet sub-interface, GigabitEthernet sub-interface, Eth-Trunk sub-interface, and VLANIF interface. When configuring Eth-Trunk as the monitoring interface, note that: l If an Eth-Trunk interface is a monitoring interface, its member interface cannot be configured as a monitoring interface. l If a member interface of Eth-Trunk interface is configured as a monitoring interface, the EthTrunk interface cannot be configured as a monitoring interface. Repeat the process when you need to configure more than one monitoring interfaces. On an RRPP ring, a maximum of 8 monitoring interfaces can be configured. Different RRPP rings can share one monitoring interface.
NOTE
The maximum number of track interfaces that can be configured on a device is determined by the relevant license. To purchase the License, you can contact the Huawei technical support personnel.
----End

After a monitoring interface is successfully configured, you can view information about the monitoring interface in a specified RRPP domain.
Prerequisite
The configurations of the monitoring interface function are complete.
Procedure
Step 1 Run the display rrpp verbose domain domain-id [ ring ring-id ] command to check information about the monitoring interface on the RRPP. ----End
Example
Run the display rrpp verbose command. You can view information about the monitoring interface on the designated RRPP domain. For example: # View the details of the main node on the RRPP of domain 1 and ring 1.
<HUAWEI> display rrpp verbose domain 1 ring 1 Domain Index : 1 Control VLAN : major 400 sub 401 Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec) RRPP Ring : 1 Ring Level : 0 Node Mode : Master Ring State : Complete Is Enabled : Enable Is Active : Yes Primary port : GigabitEthernet1/0/0 Port status: UP Secondary port: GigabitEthernet1/0/1 Port status: BLOCKED Track interface: GigabitEthernet1/0/3 GigabitEthernet1/0/4
9.4 Configuring RRPP Snooping

RRPP Snooping is a technology through which changes on an RRPP ring can be notified to a VPLS network. When RRPP Snooping is configured on sub-interfaces or VLANIF interfaces, the VPLS network can transparently transmit RRPP protocol packets, detect the changes on the RRPP rings, and upgrade the forwarding entries to ensure that traffic is switched in time to a congestion-free path. 9.4.1 Establishing the Configuration Task Before configuring RRPP Snooping, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This will help you complete the configuration task quickly and accurately. 9.4.2 Enabling RRPP Snooping
After being enabled with RRPP Snooping, an interface can detect the RRPP ring status through RRPP control packets. In addition, when the RRPP ring status changes, the interface notifies the bound VSI to update the MAC address table. 9.4.3 (Optional) Configuring the VSI Associated with the RRPP Snooping This part describes how to associate the sub-interface or VLANIF interface enabled with RRPP Snooping with other VSIs related to the device. Thus, the interface can inform the associated VSIs of the change in the RRPP ring status so that the VSIs can upgrade their MAC address tables accordingly. 9.4.4 Checking the Configuration After the basic RRPP Snooping functions are successfully configured, you can view the interface enabled with RRPP Snooping and the names of the VSIs that are associated with RRPP Snooping.

Before configuring RRPP Snooping, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This will help you complete the configuration task quickly and accurately.
UPEs constructing an RRPP ring access the VPLS network where UPEs reside, you need to configure the RRPP snooping on the NPE at the border of the RRPP ring and the VPLS network. In this manner, the VPLS network between NPEs can sense the change of the RRPP ring topology, and NPEs can timely update the MAC address table of the VSI. This ensures the continuity of VPLS. As shown in Figure 9-3, VPLS is run between NPEs, and RRPP is run among NPE D, UPE A, and UPE B. Figure 9-5 Networking diagram of RRPP and VPLS
NPE B
NPE A
VPLS
NPE C
GE1/0/0.100 NPE D GE RRPP ring Control VLAN:100 User VLAN:10~20
GE2/0/0.100
P UPE A S
UPE B
data packet hello packet
P : primary port S : secondary port
Issue 01 (2011-05-30)
9-19
Before configuring the RRPP snooping, complete the following tasks: l l l Configuring a VPLS network. Configuring an RRPP ring. Ensuring that the sub-interface or VLANIF interface enabled with the RRPP snooping allows the control VLAN packets sent by the master node of RRPP to pass through.
Data Preparation
To configure the RRPP snooping, you need the following data. No. 1 2 3 Data Name of the interface enabled with the RRPP snooping Control VLAN ID of RRPP (Optical) Name of the VSI associated with the RRPP snooping
9.4.2 Enabling RRPP Snooping

After being enabled with RRPP Snooping, an interface can detect the RRPP ring status through RRPP control packets. In addition, when the RRPP ring status changes, the interface notifies the bound VSI to update the MAC address table.
Context
NOTE
RRPP and RRPP snooping cannot be configured on the same interface.
Do as follows on the NPEs at the border of the RRPP ring and the VPLS network:
Procedure
Step 1 Run the system-view command to enter the system view. Step 2 Choose one of the following commands to enter the view of the interface to be enabled with RRPP snooping. l Run the interface { ethernet | gigabitethernet | eth-trunk } interface-number.subinterfacenumber command to enter the sub-interface view. The sub-interface must be configured with the associated with VLAN of RRPP by using the vlan-type dot1q command. l Run the interface vlanif vlan-id command to enter the specified VLANIF interface view. The number of the VLANIF interface must be consistent with to the control VLAN ID of RRPP.For example, if the control VLAN ID of RRPP is 100, the VLANIF interface here must be VLANIF 100.
Step 3 Run the rrpp snooping enable command to enable RRPP snooping. This command can be run only after the sub-interface or VLANIF interface is bound to the VSI. If the sub-interface or VLANIF interface is removed from the VSI, RRPP snooping is automatically disabled on the interface. After being enabled with RRPP snooping, the sub-interface or VLANIF interface is automatically associated with the bound VSI. A maximum of 32 interfaces of one device can be configured with RRPP snooping.
NOTE
The maximum number of interfaces that can be enabled with RRPP snooping is determined by the relevant license. To purchase the License, you can contact the Huawei technical support personnel.
----End
9.4.3 (Optional) Configuring the VSI Associated with the RRPP Snooping
This part describes how to associate the sub-interface or VLANIF interface enabled with RRPP Snooping with other VSIs related to the device. Thus, the interface can inform the associated VSIs of the change in the RRPP ring status so that the VSIs can upgrade their MAC address tables accordingly.
Context
Do as follows on the NPE nodes at the border of an RRPP ring and a VPLS network:
Procedure
Step 1 Run the system-view command to enter the system view. Step 2 Run either of the following commands to enter the view of the RRPP snooping-enabled interface: l Run the interface { ethernet | gigabitethernet | eth-trunk } interface-number.subinterfacenumber command to enter the sub-interface view. The sub-interface in this step must be configured with the control VLAN of RRPP by using the vlan-type dot1q command. l Run the interface vlanif interface-number command to enter the specified VLANIF interface view. The VLANIF interface in this step must correspond to the control VLAN of RRPP.For example, if the control VLAN ID of RRPP is 100, the VLANIF interface here must be VLANIF 100. ----End

After the basic RRPP Snooping functions are successfully configured, you can view the interface enabled with RRPP Snooping and the names of the VSIs that are associated with RRPP Snooping.
Prerequisite
The configurations of RRPP snooping function are complete.
Procedure
l l Run the display rrpp snooping enable { all | interface interface-type interface-number } command to check the interface enabled with the RRPP snooping. Run the display rrpp snooping vsi { all | interface interface-type interface-number } command to check the VSI associated with the RRPP snooping.
----End
Example
Run the display rrpp snooping enable command. If the interface enabled with the RRPP snooping is displayed, it means that the configuration succeeds.For example:
<HUAWEI> display rrpp snooping enable all Port VsiName Vlan -----------------------------------------------------------GigabitEthernet1/0/1.1 name1 100 GigabitEthernet1/0/1.2 name2 200
Run the display rrpp snooping vsi command. If the name of the VSI associated with the RRPP snooping is displayed, it means that the configuration succeeds.For example:
<HUAWEI> display rrpp snooping vsi all Port VsiName ----------------------------------------------GigabitEthernet1/0/1.1 name1 GigabitEthernet1/0/1.1 name2 GigabitEthernet1/0/1.1 name3
9.5 Maintaining RRPP

Commands of clearing statistics helps to locate the RRPP faults on a device. 9.5.1 Clearing RRPP Running Information You can run the reset command to reset the RRPP statistics before recollecting RRPP statistics.
9.5.1 Clearing RRPP Running Information

You can run the reset command to reset the RRPP statistics before recollecting RRPP statistics.
Context
CAUTION
RRPP statistics cannot be restored once cleared. Therefore, confirm the action before you use the command. To clear the RRPP statistics, run the following reset command in the user view:
Procedure
Step 1 Run the reset rrpp statistics domain domain-id [ ring ring-id ] command to clear the statistics of RRPP. ----End

This section describes the typical application scenario of RRPP, including networking requirements, configuration roadmap, and data preparation, and provides related configuration files.
NOTE
9.6.1 Example for Configuring a Single RRPP Ring This part takes an example of the networking of a single RRPP ring to describe how to configure, use, and apply basic RRPP functions. 9.6.2 Example for Configuring a Crossed RRPP Ring A metro Ethernet adopts an architecture of two-level rings. One is the convergence layer and is configured with an RRPP major ring; the other is the access layer and is configured with an RRPP sub-ring. In this networking, the major ring and sub-ring have two intersection points (two nodes), and there is no other node between the two nodes. The two intersection nodes can be configured only as transit nodes. On a sub-ring, if one of the two transit nodes is configured as an edge node, the other node must be configured as an assistant edge node. 9.6.3 Example for Configuring a Tangent RRPP Ring In this networking, two tangent rings must belong to different RRPP domains. The tangency point is configured in two domains. The master node on a ring can be the tangency point. For multiple tangent RRPP rings, the failure of a ring does not affect other domains. The convergence of RRPP rings in a domain is the same as the convergence of a single RRPP ring. 9.6.4 Example for Configuring a Crossed RRPP Ring to Connect Dual NPE In this networking, Layer 2 services can be fast switched between the master and backup NPEs. When the status of the monitoring interface or the status of the BFD session changes, each node on RRPP rings updates its dynamic MAC address table. This ensures that the traffic between master/backup NPEs and PE-AGG nodes is not interrupted. 9.6.5 Example for Configuring the RRPP Snooping In this networking, RRPP snooping is configured on sub-interfaces or VLANIF interfaces. The VPLS network can thus transparently transmit RRPP protocol packets, detect the change in the RRPP ring status, and upgrade the forwarding entries to ensure that traffic is switched to a congestion-free path.
9.6.1 Example for Configuring a Single RRPP Ring

This part takes an example of the networking of a single RRPP ring to describe how to configure, use, and apply basic RRPP functions.
Issue 01 (2011-05-30)
9-23
As shown in Figure 9-6, CX-A, CX-B, and CX-C support the RRPP function. CX-A, CX-B, and CX-C construct ring 1 in domain 1. Figure 9-6 Networking diagram of configuring a single RRPP ring
CX-B GE2/0/2 GE2/0/1
GE2/0/1
Ring 1
GE2/0/2 GE2/0/1 CX-A GE2/0/2 CX-C
The configuration roadmap is as follows: 1. 2. CX-A, CX-B, and CX-C construct ring 1 in domain 1. Configure CX-A as the master node in ring 1, and CX-B and CX-C as transit nodes in ring 1.
Data Preparation
To complete the configuration, you need the following data: l l Number of the RRPP interface Control VLAN ID of ring 1
Procedure
Step 1 CX-A, CX-B, and CX-C construct ring 1 in domain 1. l Create an RRPP domain and its control VLAN. # Configure the domain of CX-A, the master node of ring 1, to be 1, and the ID of the major control VLAN to be 20.
<HUAWEI> system-view [HUAWEI] sysname CX-A [CX-A] rrpp domain 1 [CX-A-rrpp-domain-region1] control-vlan 20 [CX-A-rrpp-domain-region1] quit
# Configure the domain of CX-B, a transit node of ring 1, to be 1, and the ID of the major control VLAN to be 20.
<HUAWEI> system-view [HUAWEI] sysname CX-B [CX-B] rrpp domain 1 [CX-B-rrpp-domain-region1] control-vlan 20 [CX-B-rrpp-domain-region1] quit
9-24
Issue 01 (2011-05-30)
# Configure the domain of CX-C, a transit node of ring 1, to be 1, and the ID of the major control VLAN to be 20.
<HUAWEI> system-view [HUAWEI] sysname CX-C [CX-C] rrpp domain 1 [CX-C-rrpp-domain-region1] control-vlan 20 [CX-C-rrpp-domain-region1] quit
l Disable the STP function on the interfaces to be added to the RRPP ring. # Disable the STP function on the interfaces to be added to the RRPP ring on CX-A.
[CX-A] interface gigabitethernet 2/0/1 [CX-A-GigabitEthernet2/0/1] undo shutdown [CX-A-GigabitEthernet2/0/1] portswitch [CX-A-GigabitEthernet2/0/1] stp disable [CX-A-GigabitEthernet2/0/1] quit [CX-A] interface gigabitethernet 2/0/2 [CX-A-GigabitEthernet2/0/2] undo shutdown [CX-A-GigabitEthernet2/0/2] portswitch [CX-A-GigabitEthernet2/0/2] stp disable [CX-A-GigabitEthernet2/0/2] quit
# Disable the STP function on the interfaces to be added to the RRPP ring on CX-B.
[CX-B] interface gigabitethernet 2/0/1 [CX-B-GigabitEthernet2/0/1] undo shutdown [CX-B-GigabitEthernet2/0/1] portswitch [CX-B-GigabitEthernet2/0/1] stp disable [CX-B-GigabitEthernet2/0/1] quit [CX-B] interface gigabitethernet 2/0/2 [CX-B-GigabitEthernet2/0/2] undo shutdown [CX-B-GigabitEthernet2/0/2] portswitch [CX-B-GigabitEthernet2/0/2] stp disable [CX-B-GigabitEthernet2/0/2] quit
# Disable the STP function on the interfaces to be added to the RRPP ring on CX-C.
[CX-C] interface gigabitethernet 2/0/1 [CX-C-GigabitEthernet2/0/1] undo shutdown [CX-C-GigabitEthernet2/0/1] portswitch [CX-C-GigabitEthernet2/0/1] stp disable [CX-C-GigabitEthernet2/0/1] quit [CX-C] interface gigabitethernet 2/0/2 [CX-C-GigabitEthernet2/0/2] undo shutdown [CX-C-GigabitEthernet2/0/2] portswitch [CX-C-GigabitEthernet2/0/2] stp disable [CX-C-GigabitEthernet2/0/2] quit
Step 2 Configure CX-A as the master node in ring 1, and CX-B and CX-C as transit nodes in ring 1. l Create an RRPP ring. # Configure CX-A as the master node of RRPP ring 1 and specify primary and secondary interfaces.
[CX-A] rrpp domain 1 [CX-A-rrpp-domain-region1] ring 1 node-mode master primary-port gigabitethernet 2/0/1 secondary-port gigabitethernet 2/0/2 level 0 [CX-A-rrpp-domain-region1] ring 1 enable [CX-A-rrpp-domain-region1] quit
# Configure CX-B as a transit node of RRPP major ring 1 and specify primary and secondary interfaces.
[CX-B] rrpp domain 1 [CX-B-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 2/0/1 secondary-port gigabitethernet 2/0/2 level 0 [CX-B-rrpp-domain-region1] ring 1 enable [CX-B-rrpp-domain-region1] quit
# Configure CX-C as a transit node of RRPP ring 1 and specify primary and secondary interfaces.
[CX-C] rrpp domain 1 [CX-C-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 2/0/1 secondary-port gigabitethernet 2/0/2 level 0 [CX-C-rrpp-domain-region1] ring 1 enable [CX-C-rrpp-domain-region1] quit
l Enable RRPP. After configuring an RRPP ring, you need to enable RRPP on each node on the ring. In this manner, the RRPP ring can be activated. The configuration procedure is as follows: # Enable RRPP on CX-A.
[CX-A] rrpp enable Warning: The global RRPP state will be changed. Continue? [Y/N]Y Info: RRPP is enabled.
# Enable RRPP on CX-B.

[CX-B] rrpp enable Warning: The global RRPP state will be changed. Continue? [Y/N]Y Info: RRPP is enabled.
# Enable RRPP on CX-C.

[CX-C] rrpp enable Warning: The global RRPP state will be changed. Continue? [Y/N]Y Info: RRPP is enabled.
Step 3 Verify the configuration. After the configuration, perform the following procedures to verify the previous configuration. Take the display on CX-A as an example: l On CX-A, run the display rrpp brief command. The following results are displayed.
[CX-A] display rrpp brief Abbreviations for Switch Node Mode : M - Master , T - Transit , E - Edge , A - Assistant-Edge RRPP Protocol Status: Enable Number of RRPP Domains: 1 Domain Index : 1 Control VLAN : major 20 sub 21 Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec) Ring Ring Node Primary Secondary/Edge Is ID Level Mode Port Port Enabled --------------------------------------------------------------------------1 0 M GigabitEthernet2/0/1 GigabitEthernet2/0/2 Yes
You can view that RRPP is enabled on CX-A. In domain 1, VLAN 20 is the major control VLAN, VLAN 21 is the sub-control VLAN, and CX-A is the master node in major ring 1 with the primary interface and secondary interface respectively as GigabitEthernet 2/0/1 and GigabitEthernet 2/0/2. l On CX-A, run the display rrpp verbose domain command. The following results are displayed. # View detailed information about CX-A in domain 1.
[CX-A] display rrpp verbose domain 1 Domain Index : 1 Control VLAN : major 20 sub 21 Hello Timer : 1 sec(default is 1 sec) RRPP Ring Ring Level Node Mode Ring State Is Enabled Primary port : : : : : : 1 0 Master Complete Enable GigabitEthernet2/0/1
Fail Timer : 3 sec(default is 3 sec)
Is Active : Yes Port status: UP
9-26
Issue 01 (2011-05-30)
Secondary port: GigabitEthernet2/0/2
Port status: BLOCKED
----End
Configuration Files
# sysname CX-A # vlan batch 20 to 21 # rrpp enable # rrpp domain 1 control-vlan 20 ring 1 node-mode master primary-port GigabitEthernet 2/0/1 secondary-port GigabitEthernet 2/0/2 level 0 ring 1 enable # interface GigabitEthernet2/0/1 undo shutdown portswitch port trunk allow-pass vlan 20 to 21 stp disable # interface GigabitEthernet2/0/2 undo shutdown portswitch port trunk allow-pass vlan 20 to 21 stp disable # return

# sysname CX-B # vlan batch 20 to 21 # rrpp enable # rrpp domain 1 control-vlan 20 ring 1 node-mode transit primary-port GigabitEthernet 2/0/1 secondary-port GigabitEthernet 2/0/2 level 0 ring 1 enable # interface GigabitEthernet2/0/1 undo shutdown portswitch port trunk allow-pass vlan 20 to 21 stp disable # interface GigabitEthernet2/0/2 undo shutdown portswitch port trunk allow-pass vlan 20 to 21 stp disable # return

# sysname CX-C # vlan batch 20 to 21 #
Issue 01 (2011-05-30)
9-27
rrpp enable # rrpp domain 1 control-vlan 20 ring 1 node-mode transit primary-port GigabitEthernet 2/0/1 secondary-port GigabitEthernet 2/0/2 level 0 ring 1 enable # interface GigabitEthernet2/0/1 undo shutdown portswitch port trunk allow-pass vlan 20 to 21 stp disable # interface GigabitEthernet2/0/2 undo shutdown portswitch port trunk allow-pass vlan 20 to 21 stp disable # return
9.6.2 Example for Configuring a Crossed RRPP Ring

A metro Ethernet adopts an architecture of two-level rings. One is the convergence layer and is configured with an RRPP major ring; the other is the access layer and is configured with an RRPP sub-ring. In this networking, the major ring and sub-ring have two intersection points (two nodes), and there is no other node between the two nodes. The two intersection nodes can be configured only as transit nodes. On a sub-ring, if one of the two transit nodes is configured as an edge node, the other node must be configured as an assistant edge node.
As shown in Figure 9-7, CX-A, CX-B, CX-C, and CX-D support the RRPP function. Configure CX-A, CX-B, and CX-D to be major Ring 1 in Domain 1. CX-A, CX-C, and CX-D to be SubRing 2 in Domain 1 are configured. Control VLAN ID is 10.This RRPP ring sends user data of VLAN 1 to VLAN 9. Figure 9-7 Networking diagram of a crossed RRPP ring
CX-C GE1/0/2 sub-ring GE1/0/1 GE1/0/1 GE1/0/3 CX-A GE1/0/2 GE1/0/2 GE1/0/3 CX-B major ring GE1/0/1 CX-D
GE2/0/1
GE2/0/2
9-28
Issue 01 (2011-05-30)
1. The configuration roadmap is as follows:Configure CX-A, CX-B, and CX-D as the major Ring 1 in domain 1.Major control VLAN ID is 10.The VLAN IDs whose service traffic is allowed to pass through the major ring and sub-ring are VLAN 1 to VLAN 9. Configure CX-A, CX-B, and CX-D as the Sub-ring 2 in domain 1. Configure CX-B as the master node on the major ring and CX-A and CX-D as transit nodes on the major ring. Configure CX-C as the master node on the sub-ring. Configure CX-A as the edge node on the sub-ring and CX-D as the assistant edge node on the sub-ring.
2. 3. 4.
Data Preparation
To configure this, you need the following data: l l Number of the interfaces to be added to RRPP rings Control VLAN ID and data VLAN ID
Procedure
Step 1 Configure CX-B as the master node of the major ring. # Create data VLAN 1 to VLAN 9 on CX-B.
<HUAWEI> system-view [HUAWEI] sysname CX-B [CX-B] vlan batch 1 to 9
# Configure Domain 1 on CX-B and set VLAN 10 to be the major control VLAN.
[CX-B] rrpp enable [CX-B] rrpp domain 1 [CX-B-rrpp-domain-region1] control-vlan 10 [CX-B-rrpp-domain-region1] quit
# Disable STP on the interfaces to be added to the RRPP ring, and set the RRPP port as trunk port.
[CX-B] interface gigabitethernet2/0/1 [CX-B-GigabitEthernet2/0/1] undo shutdown [CX-B-GigabitEthernet2/0/1] portswitch [CX-B-GigabitEthernet2/0/1] port link-type trunk [CX-B-GigabitEthernet2/0/1] port trunk allow-pass vlan 1 to 9 [CX-B-GigabitEthernet2/0/1] stp disable [CX-B-GigabitEthernet2/0/1] quit [CX-B] interface gigabitethernet2/0/2 [CX-B-GigabitEthernet2/0/2] undo shutdown [CX-B-GigabitEthernet2/0/2] portswitch [CX-B-GigabitEthernet2/0/2] port link-type trunk [CX-B-GigabitEthernet2/0/2] port trunk allow-pass vlan 1 to 9 [CX-B-GigabitEthernet2/0/2] stp disable [CX-B-GigabitEthernet2/0/2] quit
# Configure the primary port and secondary port of the master node on the RRPP major ring.
[CX-B] rrpp domain 1 [CX-B-rrpp-domain-region1] ring 1 node-mode master primary-port gigabitethernet 2/0/1 secondary-port gigabitethernet 2/0/2 level 0 [CX-B-rrpp-domain-region1] ring 1 enable [CX-B-rrpp-domain-region1] quit
Issue 01 (2011-05-30)
9-29
Step 2 Configure CX-C to be the master node of the sub-ring.. # Create data VLAN 1 to VLAN 9 on CX-C
<HUAWEI> system-view [HUAWEI] sysname CX-C [CX-C] vlan batch 1 to 9
# Configure Domain 1 on CX-C and set VLAN 10 to be the major control VLAN.
[CX-C] rrpp enable [CX-C] rrpp domain 1 [CX-C-rrpp-domain-region1] control-vlan 10 [CX-C-rrpp-domain-region1] quit
# Disable STP on the port to be added to the RRPP ring, and set the RRPP port as a trunk port.
[CX-C] interface gigabitethernet1/0/1 [CX-C-GigabitEthernet1/0/1] undo shutdown [CX-C-GigabitEthernet1/0/1] portswitch [CX-C-GigabitEthernet1/0/1] port link-type trunk [CX-C-GigabitEthernet1/0/1] port trunk allow-pass vlan 1 to 9 [CX-C-GigabitEthernet1/0/1] stp disable [CX-C-GigabitEthernet1/0/1] quit [CX-C] interface gigabitethernet1/0/2 [CX-C-GigabitEthernet1/0/2] undo shutdown [CX-C-GigabitEthernet1/0/2] portswitch [CX-C-GigabitEthernet1/0/2] port link-type trunk [CX-C-GigabitEthernet1/0/2] port trunk allow-pass vlan 1 to 9 [CX-C-GigabitEthernet1/0/2] stp disable [CX-C-GigabitEthernet1/0/2] quit
# Configure the primary port and secondary port of the master node on the RRPP sub-ring.
[CX-C] rrpp domain 1 [CX-C-rrpp-domain-region1] ring 2 node-mode master primary-port gigabitethernet 1/0/1 secondary-port gigabitethernet 1/0/2 level 1 [CX-C-rrpp-domain-region1] ring 2 enable [CX-C-rrpp-domain-region1] quit
Step 3 Configure CX-A to be the transit node in the major ring and the edge node on the sub-ring respectively. # Create data VLAN 1 to VLAN 9 on CX-A.
<HUAWEI> system-view [HUAWEI] sysname CX-A [CX-A] vlan batch 1 to 9
# Configure Domain 1 on CX-A and set VLAN 10 to be the major control VLAN.
[CX-A] rrpp enable [CX-A] rrpp domain 1 [CX-A-rrpp-domain-region1] control-vlan 10 [CX-A-rrpp-domain-region1] quit
# Disable STP on the ports that will be added to RRPP ring, and set RRPP port as a trunk port.
[CX-A] interface gigabitethernet1/0/1 [CX-A-GigabitEthernet1/0/1] undo shutdown [CX-A-GigabitEthernet1/0/1] portswitch [CX-A-GigabitEthernet1/0/1] port link-type trunk [CX-A-GigabitEthernet1/0/1] port trunk allow-pass vlan 1 to 9 [CX-A-GigabitEthernet1/0/1] stp disable [CX-A-GigabitEthernet1/0/1] quit [CX-A] interface gigabitethernet1/0/2 [CX-A-GigabitEthernet1/0/2] undo shutdown [CX-A-GigabitEthernet1/0/2] portswitch [CX-A-GigabitEthernet1/0/2] port link-type trunk
9-30
Issue 01 (2011-05-30)
[CX-A-GigabitEthernet1/0/2] port trunk allow-pass vlan 1 to 9 [CX-A-GigabitEthernet1/0/2] stp disable [CX-A-GigabitEthernet1/0/2] quit [CX-A] interface gigabitethernet1/0/3 [CX-A-GigabitEthernet1/0/3] undo shutdown [CX-A-GigabitEthernet1/0/3] portswitch [CX-A-GigabitEthernet1/0/3] port link-type trunk [CX-A-GigabitEthernet1/0/3] port trunk allow-pass vlan 1 to 9 [CX-A-GigabitEthernet1/0/3] stp disable [CX-A-GigabitEthernet1/0/3] quit
# Configure the primary port and secondary port of the transit node on the RRPP major ring.
[CX-A] rrpp domain 1 [CX-A-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 1/0/2 secondary-port gigabitethernet 1/0/1 level 0 [CX-A-rrpp-domain-region1] ring 1 enable [CX-A-rrpp-domain-region1] quit
# Configure the common port and edge port of the edge node on the RRPP sub-ring.
[CX-A] rrpp domain 1 [CX-A-rrpp-domain-region1] ring 2 node-mode edge common-port gigabitethernet 1/0/2 edge-port gigabitethernet 1/0/3 [CX-A-rrpp-domain-region1] ring 2 enable [CX-A-rrpp-domain-region1] quit
Step 4 Configure CX-D to be the transit node on the major ring and the assistant edge node on the subring respectively. # Create data VLAN 1 to VLAN 9 on CX-D.
<HUAWEI> system-view [HUAWEI] sysname CX-D [CX-D] vlan batch 1 to 9
# Configure Domain 1 on CX-D and set VLAN 10 to be the major control VLAN.
[CX-D] rrpp enable [CX-D] rrpp domain 1 [CX-D-rrpp-domain-region1] control-vlan 10 [CX-D-rrpp-domain-region1] quit
# Disable STP on the port to be added to RRPP ring, and set the RRPP port as trunk port.
[CX-D] interface gigabitethernet1/0/1 [CX-D-GigabitEthernet1/0/1] undo shutdown [CX-D-GigabitEthernet1/0/1] portswitch [CX-D-GigabitEthernet1/0/1] port link-type trunk [CX-D-GigabitEthernet1/0/1] port trunk allow-pass vlan 1 to 9 [CX-D-GigabitEthernet1/0/1] stp disable [CX-D-GigabitEthernet1/0/1] quit [CX-D] interface gigabitethernet1/0/2 [CX-D-GigabitEthernet1/0/2] portswitch [CX-D-GigabitEthernet1/0/2] undo shutdown [CX-D-GigabitEthernet1/0/2] port link-type trunk [CX-D-GigabitEthernet1/0/2] port trunk allow-pass vlan 1 to 9 [CX-D-GigabitEthernet1/0/2] stp disable [CX-D-GigabitEthernet1/0/2] quit [CX-D] interface gigabitethernet1/0/3 [CX-D-GigabitEthernet1/0/3] undo shutdown [CX-D-GigabitEthernet1/0/3] portswitch [CX-D-GigabitEthernet1/0/3] port link-type trunk [CX-D-GigabitEthernet1/0/3] port trunk allow-pass vlan 1 to 9 [CX-D-GigabitEthernet1/0/3] stp disable [CX-D-GigabitEthernet1/0/3] quit
# Configure the primary port and secondary port of the transit node on the RRPP major ring.
[CX-D] rrpp domain 1
Issue 01 (2011-05-30)
9-31
[CX-D-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 1/0/2 secondary-port gigabitethernet 1/0/1 level 0 [CX-D-rrpp-domain-region1] ring 1 enable [CX-D-rrpp-domain-region1] quit
# Configure the common port and edge port of the assistant edge node on the RRPP sub-ring.
[CX-D] rrpp domain 1 [CX-D-rrpp-domain-region1] ring 2 node-mode assistant-edge common-port gigabitethernet 1/0/2 edge-port gigabitethernet 1/0/3 [CX-D-rrpp-domain-region1] ring 2 enable [CX-D-rrpp-domain-region1] quit
Step 5 Check the configuration You can run the following commands to verify the previous configurations: l On CX-B, run the display rrpp brief command. The configurations are displayed as follows:
[CX-B] display rrpp brief Abbreviations for Switch Node Mode : M - Master , T - Transit , E - Edge , A - Assistant-Edge RRPP Protocol Status: Enable Number of RRPP Domains: 1 Domain Index : 1 Control VLAN : major 10 sub 11 Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec) Ring Ring Node Primary Secondary/Edge Is ID Level Mode Port Port Enabled -----------------------------------------------------------------------------1 0 M GigabitEthernet2/0/1 GigabitEthernet2/0/2 Yes
You can view that RRPP on CX-B is enabled. The major control VLAN ID is 10, and the sub control VLAN ID is 11. CX-B is the master node on the major ring with the primary port and the secondary port as GE 2/0/1 and GE 2/0/2 respectively. l On CX-B, run the display rrpp verbose domain command. The configuration is displayed as follows:
[CX-B] display rrpp verbose domain 1 Domain Index : 1 Control VLAN : major 10 sub 11 Hello Timer : 1 sec(default is 1 sec) RRPP Ring : Ring Level : Node Mode : Ring State : Is Enabled : Primary port : Secondary port: 1 0 Master Complete Enable Is Active : Yes GigabitEthernet2/0/1 GigabitEthernet2/0/2
Port status: UP Port status: BLOCKED
You can view that the ring is in the Complete state and the secondary port of the master node is blocked. l On CX-C, run the display rrpp brief command. The configuration is displayed as follows:
[CX-C] display rrpp brief Abbreviations for Switch Node Mode : M - Master , T - Transit , E - Edge , A - Assistant-Edge RRPP Protocol Status: Enable Number of RRPP Domains: 1 Domain Index : 1 Control VLAN : major 10 sub 11 Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec) Ring Ring Node Primary Secondary/Edge Is ID Level Mode Port Port Enabled ------------------------------------------------------------------------2 1 M GigabitEthernet1/0/1 GigabitEthernet1/0/2 Yes
9-32
Issue 01 (2011-05-30)
Here, RRPP on CX-C is enabled. The major control VLAN ID is 10, and the sub control VLAN ID is 11. CX-C is the master node on the sub-ring, with the primary port and the secondary port as GE 1/0/1 and GE 1/0/2 respectively. l On CX-C, run the display rrpp verbose domain command. The configuration is displayed as follows:
[CX-C] display rrpp verbose domain 1 Domain Index : 1 Control VLAN : major 10 sub 11 Hello Timer : 1 sec(default is 1 sec) RRPP Ring : Ring Level : Node Mode : Ring State : Is Enabled : Primary port : Secondary port: 2 1 Master Complete Enable Is Active : Yes GigabitEthernet1/0/1 GigabitEthernet1/0/2
Port status: UP Port status: BLOCKED
You can view that the sub-ring is in the Complete state and the secondary port of the master node on the sub-ring is blocked. l On CX-A, run the display rrpp brief command. The configuration is displayed as follows:
[CX-A] display rrpp brief Abbreviations for Switch Node Mode : M - Master , T - Transit , E - Edge , A - Assistant-Edge RRPP Protocol Status: Enable Number of RRPP Domains: 1 Domain Index : 1 Control VLAN : major 10 sub 11 Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec) Ring Ring Node Primary Secondary/Edge Is ID Level Mode Port Port Enabled ------------------------------------------------------------------------1 0 T GigabitEthernet1/0/2 GigabitEthernet1/0/1 Yes 2 1 E GigabitEthernet1/0/2 GigabitEthernet1/0/3 Yes
RRPP is enabled on CX-A. The major control VLAN ID is 10 and the sub control VLAN ID is 11. CX-A is the transit node on the major Ring 1, with the primary port and secondary port as GE 1/0/2 and GE 1/0/1 respectively.At the same time, CX-A is the edge node on the sub-ring 2, the common port is GE 1/0/2, and the edge port is GE 1/0/3. l On CX-A, run the display rrpp verbose domain command. The configuration is displayed as follows:
[CX-A] display rrpp verbose domain 1 Domain Index : 1 Control VLAN : major 10 sub 11 Hello Timer : 1 sec(default is 1 sec) RRPP Ring : Ring Level : Node Mode : Ring State : Is Enabled : Primary port : Secondary port: RRPP Ring : Ring Level : Node Mode : Ring State : Is Enabled : Common port : Edge port : 1 0 Transit Linkup Enable Is Active : Yes GigabitEthernet1/0/2 GigabitEthernet1/0/1 2 1 Edge Linkup Disable Is Active : No GigabitEthernet1/0/2 GigabitEthernet1/0/3
Port status: UP Port status: UP
l On CX-D, run the display rrpp brief command. The configuration is displayed as follows:
[CX-D] display rrpp brief Abbreviations for Switch Node Mode :
Issue 01 (2011-05-30)
9-33
M - Master , T - Transit , E - Edge , A - Assistant-Edge RRPP Protocol Status: Enable Number of RRPP Domains: 1 Domain Index : 1 Control VLAN : major 10 sub 11 Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec) Ring Ring Node Primary Secondary/Edge Is ID Level Mode Port Port Enabled ------------------------------------------------------------------------1 0 T GigabitEthernet1/0/2 GigabitEthernet1/0/1 Yes 2 1 A GigabitEthernet1/0/2 GigabitEthernet1/0/3 Yes
RRPP is enabled on CX-D. VLAN 10 is the major control VLAN and VLAN 11 is the sub control VLAN. CX-D is the transit node on the major ring 1, with the primary interface and secondary interface as GE 1/0/2 and GE 1/0/1 respectively. CX-D is the assistant edge node on the sub-ring 2, with the common interface and edge interface as GE 1/0/2 and GE 1/0/3 respectively. l On CX-D, run the display rrpp verbose domain command. The configuration is displayed as follows:
[CX-D] display rrpp verbose domain 1 Domain Index : 1 Control VLAN : major 10 sub 11 Hello Timer : 1 sec(default is 1 sec) RRPP Ring : Ring Level : Node Mode : Ring State : Is Enabled : Primary port : Secondary port: RRPP Ring : Ring Level : Node Mode : Ring State : Is Enabled : Common port : Edge port : 1 0 Transit Linkup Enable Is Active : Yes GigabitEthernet1/0/2 GigabitEthernet1/0/1 2 1 Assistant-edge Linkup Disable Is Active : No GigabitEthernet1/0/2 GigabitEthernet1/0/3
----End
Configuration Files
# sysname CX-A # vlan batch 1 to 11 # rrpp enable # rrpp domain 1 control-vlan 10 ring 1 node-mode transit primary-port gigabitethernet 1/0/2 secondary-port gigabitethernet 1/0/1 level 0 ring 1 enable ring 2 node-mode edge common-port gigabitethernet 1/0/2 edge-port gigabitethernet 1/0/3 ring 2 enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 1 to 11 stp disable
9-34
Issue 01 (2011-05-30)
# interface GigabitEthernet1/0/2 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 1 to 11 stp disable # interface GigabitEthernet1/0/3 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 1 to 9 11 stp disable # return

# sysname CX-B # vlan batch 1 to 11 # rrpp enable # rrpp domain 1 control-vlan 10 ring 1 node-mode master primary-port gigabitethernet 2/0/1 secondary-port gigabitethernet 2/0/2 level 0 ring 1 enable # interface GigabitEthernet2/0/1 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 1 to 11 stp disable # interface GigabitEthernet2/0/2 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 1 to 11 stp disable # return

# sysname CX-C # vlan batch 1 to 11 # rrpp enable # rrpp domain 1 control-vlan 10 ring 2 node-mode master primary-port GigabitEthernet1/0/1 secondary-port GigabitEthernet1/0/2 level 1 ring 2 enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 1 to 9 11 stp disable # interface GigabitEthernet1/0/2 undo shutdown
Issue 01 (2011-05-30)
9-35
portswitch port link-type trunk port trunk allow-pass vlan 1 to 9 11 stp disable # return
Configuration file on CX-D

# sysname CX-D vlan batch 1 to 11 # rrpp enable # rrpp domain 1 control-vlan 10 ring 1 node-mode transit primary-port GigabitEthernet1/0/2 secondary-port GigabitEthernet1/0/1 level 0 ring 1 enable ring 2 node-mode assistant-edge common-port GigabitEthernet1/0/2 edge-port GigabitEthernet1/0/3 ring 2 enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 1 to 11 stp disable # interface GigabitEthernet1/0/2 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 1 to 11 stp disable # interface GigabitEthernet1/0/3 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 1 to 9 11 stp disable # return
9.6.3 Example for Configuring a Tangent RRPP Ring

In this networking, two tangent rings must belong to different RRPP domains. The tangency point is configured in two domains. The master node on a ring can be the tangency point. For multiple tangent RRPP rings, the failure of a ring does not affect other domains. The convergence of RRPP rings in a domain is the same as the convergence of a single RRPP ring.
As shown in Figure 9-8, CX-A, CX-B, CX-C, CX-D, and CX-E support the RRPP function. CX-A, CX-B, and CX-C construct ring 2 in domain 2. CX-C, CX-E, and CX-D construct ring 1 in domain 1. CX-C is the tangent point of the two rings.
9-36
Issue 01 (2011-05-30)
Figure 9-8 Networking diagram of configuring a tangent RRPP ring

Domain 2 Domain 1
CX-B
GE2/0/2 GE2/0/1
GE1/0/1 GE1/0/2
CX-E
GE2/0/1
GE1/0/2 CX-C
Ring 2
GE2/0/2 CX-A GE2/0/1 GE2/0/2
Ring 1
GE1/0/1 GE1/0/2 CX-D
GE1/0/1
The configuration roadmap is as follows: 1. 2. CX-C, CX-E, and CX-D construct ring 1 in domain 1.CX-A, CX-B, and CX-C construct ring 2 in domain 2. Configure CX-E as the master node in ring 1, and CX-C and CX-D as transit nodes in ring 1.Configure CX-A as the master node in ring 2, and CX-B and CX-C as transit nodes in ring 2.
Data Preparation
To complete the configuration, you need the following data: l l Number of the RRPP interface Respective control VLAN IDs of ring 1 and ring 2
Procedure
Step 1 CX-C, CX-E, and CX-D construct ring 1 in domain 1.CX-A, CX-B, and CX-C construct ring 2 in domain 2. l Create an RRPP domain and its control VLAN. # Configure the domain of CX-E, the master node of ring 1, to be 1, and the ID of the major control VLAN to be 10.
<HUAWEI> system-view [HUAWEI] sysname CX-E [CX-E] rrpp domain 1 [CX-E-rrpp-domain-region1] control-vlan 10 [CX-E-rrpp-domain-region1] quit
<HUAWEI> system-view [HUAWEI] sysname CX-C [CX-C] rrpp domain 1
Issue 01 (2011-05-30)
9-37
[CX-C-rrpp-domain-region1] control-vlan 10 [CX-C-rrpp-domain-region1] quit
# Configure the domain of CX-D, a transit node of ring 1, to be 1, and the ID of the major control VLAN to be 10.
<HUAWEI> system-view [HUAWEI] sysname CX-D [CX-D] rrpp domain 1 [CX-D-rrpp-domain-region1] control-vlan 10 [CX-D-rrpp-domain-region1] quit
# Configure the domain of CX-A, the master node of ring 2, to be 2, and the ID of the major control VLAN to be 20.
<HUAWEI> system-view [HUAWEI] sysname CX-A [CX-A] rrpp domain 2 [CX-A-rrpp-domain-region2] control-vlan 20 [CX-A-rrpp-domain-region2] quit
# Configure the domain of CX-B, a transit node of ring 2, to be 2, and the ID of the major control VLAN to be 20.
<HUAWEI> system-view [HUAWEI] sysname CX-B [CX-B] rrpp domain 2 [CX-B-rrpp-domain-region2] control-vlan 20 [CX-B-rrpp-domain-region2] quit
<HUAWEI> system-view [HUAWEI] sysname CX-C [CX-C] rrpp domain 2 [CX-C-rrpp-domain-region2] control-vlan 20 [CX-C-rrpp-domain-region2] quit
l Set the value of RRPP domain timers

NOTE
You can configure two timers for tangent points because two tangent rings reside in different domains.
# Configure a timer for the master node CX-E on ring 1.

[CX-E] rrpp domain 1 [CX-E-rrpp-domain-region1] timer hello-timer 2 fail-timer 7 [CX-E-rrpp-domain-region1] quit
# Configure a timer for the transit node CX-C on ring 1.

[CX-C] rrpp domain 1 [CX-C-rrpp-domain-region1] timer hello-timer 2 fail-timer 7 [CX-C-rrpp-domain-region1] quit
# Configure a timer for the transit node CX-D on ring 1.

[CX-D] rrpp domain 1 [CX-D-rrpp-domain-region1] timer hello-timer 2 fail-timer 7 [CX-D-rrpp-domain-region1] quit
# Configure a timer for the master node CX-A on ring 2.

[CX-A] rrpp domain 2 [CX-A-rrpp-domain-region2] timer hello-timer 3 fail-timer 10 [CX-A-rrpp-domain-region2] quit
# Configure a timer for the transit node CX-Bon ring 2.

[CX-B] rrpp domain 2 [CX-B-rrpp-domain-region2] timer hello-timer 3 fail-timer 10 [CX-B-rrpp-domain-region2] quit
# Configure a timer for the transit node CX-C on ring 2.

[CX-C] rrpp domain 2
9-38
Issue 01 (2011-05-30)
[CX-C-rrpp-domain-region2] timer hello-timer 3 fail-timer 10 [CX-C-rrpp-domain-region2] quit
l Disable the STP function on the interfaces to be added to the RRPP ring. # Disable the STP function on the interfaces to be added to the RRPP ring on CX-A.
[CX-A] interface gigabitethernet 2/0/1 [CX-A-GigabitEthernet2/0/1] undo shutdown [CX-A-GigabitEthernet2/0/1] portswitch [CX-A-GigabitEthernet2/0/1] stp disable [CX-A-GigabitEthernet2/0/1] quit [CX-A] interface gigabitethernet 2/0/2 [CX-A-GigabitEthernet2/0/2] undo shutdown [CX-A-GigabitEthernet2/0/2] portswitch [CX-A-GigabitEthernet2/0/2] stp disable [CX-A-GigabitEthernet2/0/2] quit
# Disable the STP function on the interfaces to be added to the RRPP ring on CX-B.
[CX-B] interface gigabitethernet 2/0/1 [CX-B-GigabitEthernet2/0/1] undo shutdown [CX-B-GigabitEthernet2/0/1] portswitch [CX-B-GigabitEthernet2/0/1] stp disable [CX-B-GigabitEthernet2/0/1] quit [CX-B] interface gigabitethernet 2/0/2 [CX-B-GigabitEthernet2/0/2] undo shutdown [CX-B-GigabitEthernet2/0/2] portswitch [CX-B-GigabitEthernet2/0/2] stp disable [CX-B-GigabitEthernet2/0/2] quit
# Disable the STP function on the interfaces to be added to the RRPP ring on CX-C.
[CX-C] interface gigabitethernet 2/0/1 [CX-C-GigabitEthernet2/0/1] undo shutdown [CX-C-GigabitEthernet2/0/1] portswitch [CX-C-GigabitEthernet2/0/1] stp disable [CX-C-GigabitEthernet2/0/1] quit [CX-C] interface gigabitethernet 2/0/2 [CX-C-GigabitEthernet2/0/2] undo shutdown [CX-C-GigabitEthernet2/0/2] portswitch [CX-C-GigabitEthernet2/0/2] stp disable [CX-C-GigabitEthernet2/0/2] quit [CX-C] interface gigabitethernet 1/0/1 [CX-C-GigabitEthernet1/0/1] undo shutdown [CX-C-GigabitEthernet1/0/1] portswitch [CX-C-GigabitEthernet1/0/1] stp disable [CX-C-GigabitEthernet1/0/1] quit [CX-C] interface gigabitethernet 1/0/2 [CX-C-GigabitEthernet1/0/2] undo shutdown [CX-C-GigabitEthernet1/0/2] portswitch [CX-C-GigabitEthernet1/0/2] stp disable [CX-C-GigabitEthernet1/0/2] quit
# Disable the STP function on the interfaces to be added to the RRPP ring on CX-E.
[CX-E] interface gigabitethernet 1/0/1 [CX-E-GigabitEthernet1/0/1] undo shutdown [CX-E-GigabitEthernet1/0/1] portswitch [CX-E-GigabitEthernet1/0/1] stp disable [CX-E-GigabitEthernet1/0/1] quit [CX-E] interface gigabitethernet 1/0/2 [CX-E-GigabitEthernet1/0/2] undo shutdown [CX-E-GigabitEthernet1/0/2] portswitch [CX-E-GigabitEthernet1/0/2] stp disable [CX-E-GigabitEthernet1/0/2] quit
# Disable the STP function on the interfaces to be added to the RRPP ring on CX-D.
[CX-D] interface gigabitethernet 1/0/1 [CX-D-GigabitEthernet1/0/1] undo shutdown [CX-D-GigabitEthernet1/0/1] portswitch [CX-D-GigabitEthernet1/0/1] stp disable [CX-D-GigabitEthernet1/0/1] quit [CX-D] interface gigabitethernet 1/0/2
Issue 01 (2011-05-30)
9-39
[CX-D-GigabitEthernet1/0/2] [CX-D-GigabitEthernet1/0/2] [CX-D-GigabitEthernet1/0/2] [CX-D-GigabitEthernet1/0/2]
undo shutdown portswitch stp disable quit
Step 2 Configure CX-E as the master node in ring 1, and CX-C and CX-D as transit nodes in ring 1.Configure CX-A as the master node in ring 2, and CX-B and CX-C as transit nodes in ring 2. l Create an RRPP ring. Configure nodes on ring 1. The configuration procedure is as follows: # Configure CX-E as the master node of RRPP ring 1 and specify primary and secondary interfaces.
[CX-E] rrpp domain 1 [CX-E-rrpp-domain-region1] ring 1 node-mode master primary-port gigabitethernet 1/0/1 secondary-port gigabitethernet 1/0/2 level 0 [CX-E-rrpp-domain-region1] ring 1 enable [CX-E-rrpp-domain-region1] quit
# Configure CX-D as a transit node of RRPP ring 1 and specify primary and secondary interfaces.
[CX-D] rrpp domain 1 [CX-D-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 1/0/1 secondary-port gigabitethernet 1/0/2 level 0 [CX-D-rrpp-domain-region1] ring 1 enable [CX-D-rrpp-domain-region1] quit
Configure nodes on ring 2. The configuration procedure is as follows: # Configure CX-A as the master node of RRPP ring 2 and specify primary and secondary interfaces.
[CX-A] rrpp domain 2 [CX-A-rrpp-domain-region2] ring 2 node-mode master primary-port gigabitethernet 2/0/1 secondary-port gigabitethernet 2/0/2 level 0 [CX-A-rrpp-domain-region2] ring 2 enable [CX-A-rrpp-domain-region2] quit
# Configure CX-B as a transit node of RRPP ring 2 and specify primary and secondary interfaces.
[CX-B] rrpp domain 2 [CX-B-rrpp-domain-region2] ring 2 node-mode transit primary-port gigabitethernet 2/0/1 secondary-port gigabitethernet 2/0/2 level 0 [CX-B-rrpp-domain-region2] ring 2 enable [CX-B-rrpp-domain-region2] quit
l Enable RRPP. After configuring an RRPP ring, you need to enable RRPP on each node on the ring. In this manner, the RRPP ring can be activated. The configuration procedure is as follows: # Enable RRPP on CX-A.
[CX-A] rrpp enable
# Enable RRPP on CX-B.

[CX-B] rrpp enable
# Enable RRPP on CX-C.

[CX-C] rrpp enable
# Enable RRPP on CX-E.

[CX-E] rrpp enable
# Enable RRPP on CX-D.

[CX-D] rrpp enable
Step 3 Verify the configuration. After the configuration, perform the following procedures to verify the previous configuration. Take the display on CX-C as an example: l On CX-C, run the display rrpp brief command. The following results are displayed.
[CX-C] display rrpp brief Abbreviations for Switch Node Mode : M - Master , T - Transit , E - Edge , A - Assistant-Edge RRPP Protocol Status: Enable Number of RRPP Domains: 2 Domain Index : 1 Control VLAN : major 10 sub 11 Hello Timer : 2 sec(default is 1 sec) Fail Timer : 7 sec(default is 3 sec) Ring Ring Node Primary Secondary/Edge Is ID Level Mode Port Port Enabled --------------------------------------------------------------------------1 0 T GigabitEthernet1/0/1 GigabitEthernet1/0/2 Yes Domain Index : 2 Control VLAN : major 20 sub 21 Hello Timer : 3 sec(default is 1 sec) Fail Timer : 10 sec(default is 3 sec) Ring Ring Node Primary Secondary/Edge Is ID Level Mode Port Port Enabled --------------------------------------------------------------------------2 0 T GigabitEthernet2/0/1 GigabitEthernet2/0/2 Yes
You can view that RRPP is enabled on CX-C. In domain 1, VLAN 10 is the major control VLAN, VLAN 11 is the sub-control VLAN, and CX-C is the transit node in major ring 1 with the primary interface and secondary interface respectively as GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2. VLAN 20 is the major control VLAN of CX-C in domain 2, VLAN 21 is the sub-control VLAN, and CX-C is the transit node in major ring 2 with the primary interface and secondary interface respectively as GigabitEthernet 2/0/1 and GigabitEthernet 2/0/2. l On CX-C, run the display rrpp verbose domain command. The following results are displayed. # View detailed information about CX-C in domain 1.
[CX-C] display rrpp verbose domain 1 Domain Index : 1 Control VLAN : major 10 sub 11 Hello Timer : 2 sec(default is 1 sec) Fail Timer : 7 sec(default is 3 sec) RRPP Ring : 1 Ring Level : 0 Node Mode : Transit Ring State : Linkup Is Enabled : Enable Is Active : Yes Primary port : GigabitEthernet1/0/1 Port status: UP Secondary port: GigabitEthernet1/0/2 Port status: UP
# View detailed information about CX-C in domain 2.

[CX-C] display rrpp verbose domain 2
Issue 01 (2011-05-30)
9-41
Domain Index : Control VLAN : Hello Timer : RRPP Ring : Ring Level : Node Mode : Ring State : Is Enabled : Primary port : Secondary port:
2 major 20 sub 21 3 sec(default is 1 sec) Fail Timer : 10 sec(default is 3 sec) 2 0 Transit Linkup Enable Is Active : Yes GigabitEthernet2/0/1 Port status: UP GigabitEthernet2/0/2 Port status: UP
----End
Configuration Files
# sysname CX-A # rrpp enable # rrpp domain 2 control-vlan 20 timer hello-timer 3 fail-timer 10 ring 2 node-mode master primary-port GigabitEthernet 2/0/1 secondary-port GigabitEthernet 2/0/2 level 0 ring 2 enable # interface GigabitEthernet2/0/1 undo shutdown portswitch port trunk allow-pass vlan 10 to 11 stp disable # interface GigabitEthernet2/0/2 undo shutdown portswitch port trunk allow-pass vlan 10 to 11 stp disable #

# sysname CX-B # rrpp enable # rrpp domain 2 control-vlan 20 timer hello-timer 3 fail-timer 10 ring 2 node-mode transit primary-port GigabitEthernet 2/0/1 secondary-port GigabitEthernet 2/0/2 level 0 ring 2 enable # interface GigabitEthernet2/0/1 undo shutdown portswitch port trunk allow-pass vlan 20 to 21 stp disable # interface GigabitEthernet2/0/2 undo shutdown portswitch port trunk allow-pass vlan 20 to 21 stp disable # return #
9-42
Issue 01 (2011-05-30)

# sysname CX-C # rrpp enable # rrpp domain 1 control-vlan 10 timer hello-timer 2 fail-timer 7 ring 1 node-mode transit primary-port GigabitEthernet 1/0/1 secondary-port GigabitEthernet 1/0/2 level 0 ring 1 enable # rrpp domain 2 control-vlan 20 timer hello-timer 3 fail-timer 10 ring 2 node-mode transit primary-port GigabitEthernet 2/0/1 secondary-port GigabitEthernet 2/0/2 level 0 ring 2 enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 10 to 11 stp disable # interface GigabitEthernet1/0/2 undo shutdown portswitch port trunk allow-pass vlan 10 to 11 stp disable # interface GigabitEthernet2/0/1 undo shutdown portswitch port trunk allow-pass vlan 20 to 21 stp disable # interface GigabitEthernet2/0/2 undo shutdown portswitch port trunk allow-pass vlan 20 to 21 stp disable # return

# sysname CX-D # rrpp enable # rrpp domain 1 timer hello-timer 2 fail-timer 7 control-vlan 10 ring 1 node-mode transit primary-port GigabitEthernet 1/0/1 secondary-port GigabitEthernet 1/0/2 level 0 ring 1 enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 10 to 11 stp disable # interface GigabitEthernet1/0/2 undo shutdown portswitch port trunk allow-pass vlan 10 to 11
Issue 01 (2011-05-30)
9-43
stp disable # return
Configuration file of CX-E

# sysname CX-E # rrpp enable # rrpp domain 1 control-vlan 10 timer hello-timer 2 fail-timer 7 ring 1 node-mode master primary-port GigabitEthernet 1/0/1 secondary-port GigabitEthernet 1/0/2 level 0 ring 1 enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 10 to 11 stp disable # interface GigabitEthernet1/0/2 undo shutdown portswitch port trunk allow-pass vlan 10 to 11 stp disable # return
9.6.4 Example for Configuring a Crossed RRPP Ring to Connect Dual NPE
In this networking, Layer 2 services can be fast switched between the master and backup NPEs. When the status of the monitoring interface or the status of the BFD session changes, each node on RRPP rings updates its dynamic MAC address table. This ensures that the traffic between master/backup NPEs and PE-AGG nodes is not interrupted.
As shown in Figure 9-9: l NPE A and NPE B balance the load of services of VLAN 1 to VLAN 200 through VRRP load balancing. The NPE A works as the master device to process the services of VLAN 1 to VLAN 100, and the backup device for the traffic on VLAN 101 to VLAN 200. The NPE B works as the master device to process the services of VLAN 101 to VLAN 200, and the backup device for the traffic on VLAN 1 to VLAN 100. l l l BFD session is created between NPE A and NPE B for VRRP fast switchover. BFD session is created between NPE and PE-AGG for detecting the connectivity. The PEAGG is associated with (sub-) interface to notify and apply the detection results. Configure a monitoring interface on the PE-AGG to support the MAC address table update on all the nodes of RRPP ring with NPE switchover.
9-44
Issue 01 (2011-05-30)
Figure 9-9 Networking diagram of configuring the monitoring interface

GE2/0/0 UPE B GE1/0/0 GE1/0/0 UPE A GE2/0/0 PE-AGG A GE2/0/0 Major ring VLAN:101-200 GE3/0/0 GE2/0/0 Sub ring GE3/0/0 VLAN:1-100 GE1/0/0 UPE D GE2/0/0 Track interface Common port Major ring port Sub ring port GE1/0/0 UPE C
BFD
GE1/0/1
Master: VLAN1-100 Backup: VLAN101-200 NPE A
GE1/0/0
GE1/0/0 GE1/0/0 GE1/0/1
VRRP
GE1/0/0
BFD
PE-AGG B GE2/0/0
BFD
NPE B Master: VLAN101-200 Backup: VLAN1-100
The configuration roadmap is as follows: 1. Configure the RRPP ring. (1) Configure the UPE A, UPE B, PE-AGG A, and PE-AGG B as the major ring 1 of Domain 1. (2) Configure the UPE C, UPE D, PE-AGG A, and PE-AGG B as the sub-ring 2 of Domain 1. (3) Configure UPE A as the master node of the major ring. Configure the UPE B, PEAGG A, and PE-AGG B as the transit node of the major ring. GE 1/0/0 on nodes of the major ring is the primary port and GE 2/0/0 is the secondary port. (4) Configure UPE C as the master node of the sub-ring and UPE D as the transit node of the sub-ring. PE-AGG A is the edge node of the sub-ring and PE-AGG B is the assistant edge node of the sub-ring. GE 1/0/0 on nodes of the sub-ring is the primary port and GE 2/0/0 is the secondary port. 2. Configure BFD. (1) Create the one-hop BFD session between NPE A and NPE B. The BFD detects the interface where the VRRR locates and notifies the result to VRRP, assistant in VRRP switchover. (2) Create the one-hop BFD session between NPE A and PE-AGG A. Apply default multicast IP address as the peer IP address. Configure the status of BFD to be associated with the status of the interface for fast notifying the detection. (3) Create the one-hop BFD session between NPE B and PE-AGG B. Apply default multicast IP address as the peer IP address. Configure the status of BFD to be associated with the status of the interface for fast notifying the detection.
3. 4.
Establish VRRP backup group 201 between NPE A and NPE B to monitor the status of the BFD sessions. Configure GE 1/0/1 on PE-AGG A and GE 1/0/1 on PE-AGG B as the monitoring interface.
Data Preparation
Before configuring, you need the following data: l l l l Number of the interface to be added to the RRPP ring Control VLAN IDs and data VLAN IDs Number of the monitoring interface Default multicast IP address for BFD session Different BFD sessions apply different default multicast IP address Here, the default multicast IP address of NPE A and PE-AGG A is 224.0.0.108. The default multicast IP address of NPE B and PE-AGG B is 224.0.0.109. l l l l Parameter of Detection Time of BDF session VRRP ID Respective IP addresses of the NPE devices that back up each other Backup ID according to which you can find the profile users belong to
CAUTION
Multiple BFDs provides failure checking for the RRPP ring switching between two NPEs. When failure occurs, BFDs can detect in a specific order. For example, when failure occurs between NPE and PE-AGG, the BFDs between the two must detect the failure first and the BFDs between NPEs must detect the failure later. Otherwise, the NPE may locate the failure at another NPE. So, the cycle of BFD session between NPEs must be longer than that between NPE and PEAGG. You can adjust the minimal sending interval or detection time coefficient.
Procedure
Step 1 Configure UPE A as the master node on the major ring. # Create data VLAN 101 to VLAN 200 on UPE A.
<HUAWEI> system-view [HUAWEI] sysname UPE A [UPE A] vlan batch 101 to 200
# Configure Domain 1 on UPE A and set VLAN 201 to be the major control VLAN.
[UPE [UPE [UPE [UPE A] rrpp enable A] rrpp domain 1 A-rrpp-domain-region1] control-vlan 201 A-rrpp-domain-region1] quit
# Disable that STP on the interface of RRPP ring, and configure the VLAN of whose frames that the RRPP port allows to pass through.
[UPE A] interface gigabitethernet1/0/0
9-46
Issue 01 (2011-05-30)
[UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE
A-GigabitEthernet1/0/0] undo shutdown A-GigabitEthernet1/0/0] port link-type trunk A-GigabitEthernet1/0/0] port trunk allow-pass vlan 101 to 200 A-GigabitEthernet1/0/0] stp disable A-GigabitEthernet1/0/0] quit A] interface gigabitethernet2/0/0 A-GigabitEthernet2/0/0] undo shutdown A-GigabitEthernet2/0/0] port link-type trunk A-GigabitEthernet2/0/0] port trunk allow-pass vlan 101 to 200 A-GigabitEthernet2/0/0] stp disable A-GigabitEthernet2/0/0] quit
# Configure GE 1/0/0 as the primary port, GE 2/0/0 as the secondary port. Level 0 indicates the major ring.
[UPE A] rrpp domain 1 [UPE A-rrpp-domain-region1] ring 1 node-mode master primary-port gigabitethernet 1/0/0 secondary-port gigabitethernet 2/0/0 level 0 [UPE A-rrpp-domain-region1] ring 1 enable [UPE A-rrpp-domain-region1] quit
Step 2 Configure UPE B as the transit node on the major ring. # Create data VLAN 101 to VLAN 200 on UPE B.
<HUAWEI> system-view [HUAWEI] sysname UPE B [UPE B] vlan batch 101 to 200
# Configure Domain 1 on UPE B and set VLAN 201 to be the major control VLAN.
[UPE [UPE [UPE [UPE B] rrpp enable B] rrpp domain 1 B-rrpp-domain-region1] control-vlan 201 B-rrpp-domain-region1] quit
[UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE B] interface gigabitethernet1/0/0 B-GigabitEthernet1/0/0] undo shutdown B-GigabitEthernet1/0/0] port link-type trunk B-GigabitEthernet1/0/0] port trunk allow-pass vlan 101 to 200 B-GigabitEthernet1/0/0] stp disable B-GigabitEthernet1/0/0] quit B] interface gigabitethernet2/0/0 B-GigabitEthernet2/0/0] undo shutdown B-GigabitEthernet2/0/0] port link-type trunk B-GigabitEthernet2/0/0] port trunk allow-pass vlan 101 to 200 B-GigabitEthernet2/0/0] stp disable B-GigabitEthernet2/0/0] quit
# Configure GE 1/0/0 as the primary port, and GE 2/0/0 as the secondary port. Level 0 indicates the major ring.
[UPE B] rrpp domain 1 [UPE B-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 1/0/0 secondary-port gigabitethernet 2/0/0 level 0 [UPE B-rrpp-domain-region1] ring 1 enable [UPE B-rrpp-domain-region1] quit
Step 3 Configure UPE C as the master node on the sub-ring. # Create data VLAN 1 to VLAN 100 on UPE C.
<HUAWEI> system-view [HUAWEI] sysname UPE C [UPE C] vlan batch 1 to 100
Issue 01 (2011-05-30)
9-47
# Configure Domain 1 on UPE C and set VLAN 201 to be the major control VLAN.
[UPE [UPE [UPE [UPE C] rrpp enable C] rrpp domain 1 C-rrpp-domain-region1] control-vlan 201 C-rrpp-domain-region1] quit
[UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE C] interface gigabitethernet1/0/0 C-GigabitEthernet1/0/0] undo shutdown C-GigabitEthernet1/0/0] port link-type trunk C-GigabitEthernet1/0/0] port trunk allow-pass vlan 1 to 100 C-GigabitEthernet1/0/0] stp disable C-GigabitEthernet1/0/0] quit C] interface gigabitethernet2/0/0 C-GigabitEthernet2/0/0] undo shutdown C-GigabitEthernet2/0/0] port link-type trunk C-GigabitEthernet2/0/0] port trunk allow-pass vlan 1 to 100 C-GigabitEthernet2/0/0] stp disable C-GigabitEthernet2/0/0] quit
# Configure GE 1/0/0 as the primary port, GE 2/0/0 as the secondary port. Level 1 indicates the sub-ring.
[UPE C] rrpp domain 1 [UPE C-rrpp-domain-region1] ring 2 node-mode master primary-port gigabitethernet 1/0/0 secondary-port gigabitethernet 2/0/0 level 1 [UPE C-rrpp-domain-region1] ring 2 enable [UPE C-rrpp-domain-region1] quit
Step 4 Configure UPE D as the transit node on the sub-ring. # Create data VLAN 1 to VLAN 100 on UPE D.
<HUAWEI> system-view [HUAWEI] sysname UPE D [UPE D] vlan batch 1 to 100
# Configure Domain 1 on UPE D and set VLAN 201 to be the major control VLAN.
[UPE [UPE [UPE [UPE D] rrpp enable D] rrpp domain 1 D-rrpp-domain-region1] control-vlan 201 D-rrpp-domain-region1] quit
# Disable that STP on the interface of RRPP ring, and configure the VLAN of whose frames that the RRPP port allows to pass though.
[UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE D] interface gigabitethernet1/0/0 D-GigabitEthernet1/0/0] undo shutdown D-GigabitEthernet1/0/0] port link-type trunk D-GigabitEthernet1/0/0] port trunk allow-pass vlan 1 to 100 D-GigabitEthernet1/0/0] stp disable D-GigabitEthernet1/0/0] quit D] interface gigabitethernet2/0/0 D-GigabitEthernet2/0/0] undo shutdown D-GigabitEthernet2/0/0] port link-type trunk D-GigabitEthernet2/0/0] port trunk allow-pass vlan 1 to 100 D-GigabitEthernet2/0/0] stp disable D-GigabitEthernet2/0/0] quit
# Configure GE 1/0/0 as the primary port, GE 2/0/0 as the secondary port. Level 1 indicates the sub-ring.
[UPE D] rrpp domain 1 [UPE D-rrpp-domain-region1] ring 2 node-mode transit primary-port gigabitethernet 1/0/0 secondary-port gigabitethernet 2/0/0 level 1
9-48
Issue 01 (2011-05-30)
[UPE D-rrpp-domain-region1] ring 2 enable [UPE D-rrpp-domain-region1] quit
Step 5 Configure PE-AGG A as the main transit node on the major ring and the edge node on the subring. # Create data VLAN 1 to VLAN 200 on PE-AGG A.
<HUAWEI> system-view [HUAWEI] sysname PE-AGG A [PE-AGG A] vlan batch 1 to 200
# Configure Domain 1 on PE-AGG A and set VLAN 201 to be the major control VLAN.
[PE-AGG [PE-AGG [PE-AGG [PE-AGG A] rrpp enable A] rrpp domain 1 A-rrpp-domain-region1] control-vlan 201 A-rrpp-domain-region1] quit
[PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG A] interface gigabitethernet1/0/0 A-GigabitEthernet1/0/0] undo shutdown A-GigabitEthernet1/0/0] portswitch A-GigabitEthernet1/0/0] port link-type trunk A-GigabitEthernet1/0/0] port trunk allow-pass vlan 1 to 200 A-GigabitEthernet1/0/0] stp disable A-GigabitEthernet1/0/0] quit A] interface gigabitethernet2/0/0 A-GigabitEthernet2/0/0] undo shutdown A-GigabitEthernet2/0/0] portswitch A-GigabitEthernet2/0/0] port link-type trunk A-GigabitEthernet2/0/0] port trunk allow-pass vlan 101 to 200 A-GigabitEthernet2/0/0] stp disable A-GigabitEthernet2/0/0] quit A] interface gigabitethernet3/0/0 A-GigabitEthernet3/0/0] undo shutdown A-GigabitEthernet3/0/0] portswitch A-GigabitEthernet3/0/0] port link-type trunk A-GigabitEthernet3/0/0] port trunk allow-pass vlan 1 to 100 A-GigabitEthernet3/0/0] stp disable A-GigabitEthernet3/0/0] quit
# Configure GE 1/0/0 as the primary port, GE 2/0/0 as the secondary port on the major ring. Level 0 indicates the major ring.
[PE-AGG A] rrpp domain 1 [PE-AGG A-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 1/0/0 secondary-port gigabitethernet 2/0/0 level 0 [PE-AGG A-rrpp-domain-region1] ring 1 enable [PE-AGG A-rrpp-domain-region1] quit
# Configure the edge node GE 1/0/0 on RRPP sub-ring as common port and GE 3/0/0 as edge port.
[PE-AGG A] rrpp domain 1 [PE-AGG A-rrpp-domain-region1] ring 2 node-mode edge common-port gigabitethernet 1/0/0 edge-port gigabitethernet 3/0/0 [PE-AGG A-rrpp-domain-region1] ring 2 enable [PE-AGG A-rrpp-domain-region1] quit
Step 6 Configure PE-AGG B as the main transit node on the major ring and the assistant edge node on the sub-ring. # Create data VLAN 1 to VLAN 200 on PE-AGG B.
Issue 01 (2011-05-30)
9-49
[HUAWEI] sysname PE-AGG B [PE-AGG B] vlan batch 1 to 200
# Configure Domain 1 on PE-AGG B and set VLAN 201 to be the major control VLAN.
[PE-AGG [PE-AGG [PE-AGG [PE-AGG B] rrpp enable B] rrpp domain 1 B-rrpp-domain-region1] control-vlan 201 B-rrpp-domain-region1] quit
[PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG B] interface gigabitethernet1/0/0 B-GigabitEthernet1/0/0] undo shutdown B-GigabitEthernet1/0/0] portswitch B-GigabitEthernet1/0/0] port link-type trunk B-GigabitEthernet1/0/0] port trunk allow-pass vlan 1 to 200 B-GigabitEthernet1/0/0] stp disable B-GigabitEthernet1/0/0] quit B] interface gigabitethernet2/0/0 B-GigabitEthernet2/0/0] undo shutdown B-GigabitEthernet2/0/0] portswitch B-GigabitEthernet2/0/0] port link-type trunk B-GigabitEthernet2/0/0] port trunk allow-pass vlan 101 to 200 B-GigabitEthernet2/0/0] stp disable B-GigabitEthernet2/0/0] quit B] interface gigabitethernet3/0/0 B-GigabitEthernet3/0/0] undo shutdown B-GigabitEthernet3/0/0] portswitch B-GigabitEthernet3/0/0] port link-type trunk B-GigabitEthernet3/0/0] port trunk allow-pass vlan 1 to 100 B-GigabitEthernet3/0/0] stp disable B-GigabitEthernet3/0/0] quit
# Configure GE 1/0/0 as the primary transit port, GE 2/0/0 as the secondary port on the RRPP major ring. Level 0 indicates the major ring.
[PE-AGG B] rrpp domain 1 [PE-AGG B-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 1/0/0 secondary-port gigabitethernet 2/0/0 level 0 [PE-AGG B-rrpp-domain-region1] ring 1 enable [PE-AGG B-rrpp-domain-region1] quit
# Configure the assistant edge node GE 1/0/0 on RRPP sub-ring as common port and GE 3/0/0 as edge port.
[PE-AGG B] rrpp domain 1 [PE-AGG B-rrpp-domain-region1] ring 2 node-mode assistant-edge common-port gigabitethernet 1/0/0 edge-port gigabitethernet 3/0/0 [PE-AGG B-rrpp-domain-region1] ring 2 enable [PE-AGG B-rrpp-domain-region1] quit
Step 7 Configure VRRP. # Configure the interface bound with VRRP on NPE A, that is, GigabitEthernet1/0/0.
[NPE [NPE [NPE [NPE [NPE [NPE A] interface gigabitethernet1/0/0.1 A-GigabitEthernet1/0/0.1] vlan-type dot1q 200 A-GigabitEthernet1/0/0.1] ip address 10.1.1.1 255.255.255.0 A-GigabitEthernet1/0/0.1] vrrp vrid 201 virtual-ip 10.1.1.10 A-GigabitEthernet1/0/0.1] vrrp vrid 201 priority 200 A-GigabitEthernet1/0/0.1] quit
# Configure the interface bound with VRRP on NPE B, that is, GigabitEthernet1/0/0.
[NPE B] interface gigabitethernet1/0/0.1 [NPE B-GigabitEthernet1/0/0.1] vlan-type dot1q 200 [NPE B-GigabitEthernet1/0/0.1] ip address 10.1.1.2 255.255.255.0
9-50
Issue 01 (2011-05-30)
[NPE B-GigabitEthernet1/0/0.1] vrrp vrid 201 virtual-ip 10.1.1.10 [NPE B-GigabitEthernet1/0/0.1] vrrp vrid 201 priority 200 [NPE B-GigabitEthernet1/0/0.1] quit
# Verify the configuration.

[NPE A] display vrrp GigabitEthernet1/0/0.1 | Virtual Router 201 state : Master Virtual IP : 10.1.1.10 Master IP : 10.1.1.1 PriorityRun : 200 PriorityConfig : 200 MasterPriority : 200 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-01c9 Check TTL : YES Config type : normal-vrrp Track BFD : 888 Priority increased : 30 BFD-Session State : UP [NPE B] display vrrp GigabitEthernet1/0/0.1 | Virtual Router 201 state : Backup Virtual IP : 10.1.1.10 Master IP : 10.1.1.2 PriorityRun : 200 PriorityConfig : 200 MasterPriority : 200 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-01c9 Check TTL : YES Config type : normal-vrrp Track BFD : 333 Priority increased : 30 BFD-Session State : UP
Step 8 Configure BFD sessions # Configure a BFD session bfd1 (device-bfd) between NPE A and NPE B. 10.1.1.1 is the IP address of NPE A and 10.1.1.2 is the IP address of NPE B. Increase the detection period by adjusting the detection time multiplier that is set to 5 (by default, it is set to 3).
[NPE [NPE [NPE [NPE [NPE [NPE [NPE [NPE [NPE [NPE [NPE [NPE [NPE [NPE [NPE [NPE A] bfd A-bfd] quit A] bfd bfd1 bind peer-ip 10.1.1.2 A-bfd-session-bfd1] discriminator local 888 A-bfd-session-bfd1] discriminator remote 333 A-bfd-session-bfd1] detect-multiplier 5 A-bfd-session-bfd1] commit A-bfd-session-bfd1] quit B] bfd B-bfd] quit B] bfd bfd1 bind peer-ip 10.1.1.1 B-bfd-session-bfd1] discriminator local 333 B-bfd-session-bfd1] discriminator remote 888 B-bfd-session-bfd1] detect-multiplier 5 B-bfd-session-bfd1] commit B-bfd-session-bfd1] quit
# Configure a BFD session bfd2 (link-bfd) between NPE A and PE-AGG A. The default multicast IP address is used as the peer IP address. The detection time multiplier adopts the default value 3 to ensure that BFD session bfd2 can detect faults faster than BFD session bfd1 between NPE A and NPE B.
[NPE A] interface gigabitethernet1/0/0
Issue 01 (2011-05-30)
9-51
[NPE A-GigabitEthernet1/0/0] undo shutdown [NPE A-GigabitEthernet1/0/0] portswitch [NPE A-GigabitEthernet1/0/0] quit [NPE A] bfd [NPE A-bfd] default-ip-address 224.0.0.108 [NPE A-bfd] quit [NPE A] bfd bfd2 bind peer-ip default-ip interface gigabitethernet1/0/0 [NPE A-bfd-session-bfd2] discriminator local 111 [NPE A-bfd-session-bfd2] discriminator remote 222 [NPE A-bfd-session-bfd2] commit [NPE A-bfd-session-bfd2] quit [PE-AGG A] bfd [PE-AGG A-bfd] default-ip-address 224.0.0.108 [PE-AGG A-bfd] quit [PE-AGG A] bfd bfd2 bind peer-ip default-ip interface gigabitethernet1/0/1 [PE-AGG A-bfd-session-bfd2] discriminator local 222 [PE-AGG A-bfd-session-bfd2] discriminator remote 111 [PE-AGG A-bfd-session-bfd2] commit
# After the status of the BFD session becomes Up, associate the status of the BFD session with the interface status.
[PE-AGG A-bfd-session-bfd2] process-interface-status [PE-AGG A-bfd-session-bfd2] commit [PE-AGG A-bfd-session-bfd2] quit
# Configure VRRP on NPE A to be bound with bfd1 and bfd2.

[NPE [NPE [NPE [NPE A] interface gigabitethernet1/0/0.1 A-GigabitEthernet1/0/0.1] vrrp vrid 201 track bfd-session 888 peer A-GigabitEthernet1/0/0.1] vrrp vrid 201 track bfd-session 111 link A-GigabitEthernet1/0/0.1] quit
# Configure a BFD session bfd2 (link-bfd) between NPE B and PE-AGG B. The default multicast IP address is used as the peer IP address. The detection time multiplier adopts the default value 3 to ensure that BFD session bfd2 can detect faults faster than BFD session bfd1 between NPE A and NPE B.
[NPE B] interface gigabitethernet1/0/0 [NPE B-GigabitEthernet1/0/0] undo shutdown [NPE B-GigabitEthernet1/0/0] portswitch [NPE B-GigabitEthernet1/0/0] quit [NPE B] bfd [NPE B-bfd] default-ip-address 224.0.0.109 [NPE B-bfd] quit [NPE B] bfd bfd2 bind peer-ip default-ip interface gigabitethernet1/0/0 [NPE B-bfd-session-bfd2] discriminator local 555 [NPE B-bfd-session-bfd2] discriminator remote 666 [NPE B-bfd-session-bfd2] commit [NPE B-bfd-session-bfd2] quit [PE-AGG B] bfd [PE-AGG B-bfd] default-ip-address 224.0.0.109 [PE-AGG B-bfd] quit [PE-AGG B] bfd bfd2 bind peer-ip default-ip interface gigabitethernet1/0/1 [PE-AGG B-bfd-session-bfd2] discriminator local 666 [PE-AGG B-bfd-session-bfd2] discriminator remote 555 [PE-AGG B-bfd-session-bfd2] commit
# After the status of the BFD session becomes Up, associate the status of the BFD session with the interface status.
[PE-AGG B-bfd-session-bfd2] process-interface-status [PE-AGG B-bfd-session-bfd2] commit [PE-AGG B-bfd-session-bfd2] quit
# Configure VRRP on NPE B to be bound with bfd1 and bfd2.

[NPE B] interface gigabitethernet1/0/0.1 [NPE B-GigabitEthernet1/0/0.1] vrrp vrid 201 track bfd-session 333 peer
9-52
Issue 01 (2011-05-30)
[NPE B-GigabitEthernet1/0/0.1] vrrp vrid 201 track bfd-session 555 link [NPE B-GigabitEthernet1/0/0.1] quit
# Check the configuration.

[NPE A] display bfd session all Total Static Session Number : 2, Dynamic Session Number: 0 -------------------------------------------------------------------------------Local Remote Peer IP Address Interface Name State Type -------------------------------------------------------------------------------888 333 10.1.1.2 -Up Static 111 222 224.0.0.108 GigabitEthernet1/0/1 Up Static [PE-AGG A] display bfd session all verbose Total Static Session Number : 1, Dynamic Session Number: 0 -------------------------------------------------------------------------------Session MIndex : 263 (One Hop) State : Up Name : bfd2 -------------------------------------------------------------------------------Local Discriminator : 222 Remote Discriminator : 111 Session Detect Mode : -BFD Bind Type : Interface(GigabitEthernet1/0/1) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.108 Bind Interface : GigabitEthernet1/0/1 FSM Board Id : 1 TOS-EXP : 6 Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000 Actual Tx Interval (ms): 1000 Actual Rx Interval (ms): 1000 Local Detect Multi : 3 Detect Interval (ms) : 3000 WTR Interval (ms) : -Process PST : Disable Proc interface status : Enable Last Local Diagnostic : No Diagnostic Bind Application : IFNET Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : ---------------------------------------------------------------------------------
Step 9 Configure GE 1/0/1 on PE-AGG A as the monitoring interface. Ring ID 1 indicates the major ring and ID 2 is for the sub-ring.
[PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG A] interface gigabitethernet1/0/1 A-GigabitEthernet1/0/1] undo shutdown A-GigabitEthernet1/0/1] portswitch A-GigabitEthernet1/0/1] port link-type trunk A-GigabitEthernet1/0/1] port trunk allow-pass vlan 1 to 200 A-GigabitEthernet1/0/1] quit A] rrpp domain 1 A-rrpp-domain-region1] ring 1 track interface gigabitethernet1/0/1 A-rrpp-domain-region1] ring 2 track interface gigabitethernet1/0/1 A-rrpp-domain-region1] quit
Step 10 Configure GE 1/0/1 on PE-AGG B as the monitoring interface. Ring ID 1 indicates the major ring and ID 2 is for the sub-ring.
[PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG [PE-AGG B] interface gigabitethernet1/0/1 B-GigabitEthernet1/0/1] undo shutdown B-GigabitEthernet1/0/1] portswitch B-GigabitEthernet1/0/1] port link-type trunk B-GigabitEthernet1/0/1] port trunk allow-pass vlan 1 to 200 B-GigabitEthernet1/0/1] quit B] rrpp domain 1 B-rrpp-domain-region1] ring 1 track interface gigabitethernet1/0/1 B-rrpp-domain-region1] ring 2 track interface gigabitethernet1/0/1 B-rrpp-domain-region1] quit
Step 11 Verify the configuration. You can run the following commands to verify the previous configuration. l On PE-AGG A, run the display rrpp brief command. The configurations are displayed as follows:
[PE-AGG A] display rrpp brief Abbreviations for Switch Node Mode : M - Master , T - Transit , E - Edge , A - Assistant-Edge RRPP Protocol Status: Enable RRPP Linkup Delay Timer: 0 sec(default is 0 sec) Number of RRPP Domains: 1 Domain Index : 1 Control VLAN : major 201 sub 202 Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec) Ring Ring Node Primary/Common Secondary/Edge Is ID Level Mode Port Port Enabled -------------------------------------------------------------------------------1 0 T GigabitEthernet1/0/0 GigabitEthernet2/0/0 Yes 2 1 E GigabitEthernet1/0/0 GigabitEthernet3/0/0 Yes
You can view that RRPP is enabled on PE-AGG A. The major control VLAN ID is 201 and the sub control VLAN ID is 202. PE-AGG A is the transit node on the major ring 1, with the primary interface and secondary interface respectively as GigabitEthernet 1/0/0 and GigabitEthernet 2/0/0 respectively. In addition, PE-AGG A is the edge node on sub-ring 2, the common port is GigabitEthernet 1/0/0, and the edge port is GigabitEthernet3/0/0. l On PE-AGG A, run the display rrpp verbose domain command. The configurations are displayed as follows:
[PE-AGG A] display rrpp verbose domain 1 Domain Index : 1 Control VLAN : major 201 sub 202 Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec) RRPP Ring : 1 Ring Level : 0 Node Mode : Transit Ring State : Linkup Is Enabled : Enable Is Active : Yes Primary port : GigabitEthernet1/0/0 Secondary port: GigabitEthernet2/0/0 Track interface: GigabitEthernet1/0/1 RRPP Ring : 2 Ring Level : 1 Node Mode : Edge Ring State : Linkup Is Enabled : Disable Is Active : No Common port : GigabitEthernet1/0/0 Edge port : GigabitEthernet3/0/0 Track interface: GigabitEthernet1/0/1
You can view that the GE 1/0/1 on PE-AGG A serves as the monitoring interface for the major ring and the sub-ring at the same time. l On PE-AGG B, run the display rrpp brief command. The configurations are displayed as follows:
[PE-AGG B] display rrpp brief Abbreviations for Switch Node Mode : M - Master , T - Transit , E - Edge , A - Assistant-Edge RRPP Protocol Status: Enable RRPP Linkup Delay Timer: 2 sec(default is 0 sec) Number of RRPP Domains: 1 Domain Index : 1 Control VLAN : major 201 sub 202 Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec) Ring Ring Node Primary Secondary/Edge Is
9-54
Issue 01 (2011-05-30)
ID Enabled Level Mode Port Port
-------------------------------------------------------------------------------1 0 T GigabitEthernet1/0/0 GigabitEthernet2/0/0 Yes 2 1 A GigabitEthernet1/0/0 GigabitEthernet3/0/0 Yes
You can view that RRPP is enabled on PE-AGG B. The major control VLAN ID is 201 and the sub control VLAN ID is 202. PE-AGG B is the transit node on the major ring 1, with the primary interface and secondary interface respectively as GigabitEthernet 1/0/0 and GigabitEthernet 2/0/0 respectively.In addition, PE-AGG B is the assistant edge node on subring 2, the common port is GigabitEthernet 1/0/0, and the edge port is GigabitEthernet 3/0/0. l On PE-AGG B, run the display rrpp verbose domain command. The configurations are displayed as follows:
[PE-AGG B] display rrpp verbose domain 1 Domain Index : 1 Control VLAN : major 201 sub 202 Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec) RRPP Ring : 1 Ring Level : 0 Node Mode : Transit Ring State : Linkup Is Enabled : Enable Is Active : Yes Primary port : GigabitEthernet1/0/0 Secondary port: GigabitEthernet2/0/0 Track interface: GigabitEthernet1/0/1 RRPP Ring : 2 Ring Level : 1 Node Mode : Assistant-edge Ring State : Linkup Is Enabled : Enable Is Active : Yes Common port : GigabitEthernet1/0/0 Edge port : GigabitEthernet3/0/0 Track interface: GigabitEthernet1/0/1
You can view that the GE 1/0/1 on PE-AGG B serves as the monitoring interface for the major ring and the sub-ring at the same time. ----End
Configuration Files
l Configuration file of NPE A
# sysname NPE A # bfd default-ip-address 224.0.0.108 # interface GigabitEthernet1/0/0 portswitch undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 200 ip address 10.1.1.1 255.255.255.0 vrrp vrid 201 virtual-ip 10.1.1.10 vrrp vrid 201 priority 200 vrrp vrid 201 track bfd-session 888 peer vrrp vrid 201 track bfd-session 111 link # bfd bfd1 bind peer-ip 10.1.1.2
Issue 01 (2011-05-30)
9-55
discriminator local 888 discriminator remote 333 detect-multiplier 5 commit # bfd bfd2 bind peer-ip default-ip interface GigabitEthernet1/0/0 discriminator local 111 discriminator remote 222 commit # return
Configuration file of NPE B

# sysname NPE B # bfd default-ip-address 224.0.0.109 # interface GigabitEthernet1/0/0 portswitch undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 200 ip address 10.1.1.2 255.255.255.0 vrrp vrid 201 virtual-ip 10.1.1.10 vrrp vrid 201 priority 200 vrrp vrid 201 track bfd-session 333 peer vrrp vrid 201 track bfd-session 555 link # bfd bfd1 bind peer-ip 10.1.1.1 discriminator local 333 discriminator remote 888 detect-multiplier 5 commit # bfd bfd2 bind peer-ip default-ip interface GigabitEthernet1/0/0 discriminator local 555 discriminator remote 666 commit # return
Configuration file of PE-AGG A

# sysname PE-AGG A # vlan batch 1 to 202 # rrpp enable # rrpp domain 1 control-vlan 201 ring 1 node-mode transit primary-port GigabitEthernet1/0/0 secondary-port GigabitEthernet2/0/0 level 0 ring 1 enable ring 1 track interface Gigabitethernet1/0/1 ring 2 node-mode edge common-port GigabitEthernet1/0/0 edge-port GigabitEthernet3/0/0 ring 2 enable ring 2 track interface Gigabitethernet1/0/1 # bfd default-ip-address 224.0.0.108 # interface GigabitEthernet1/0/0 undo shutdown portswitch port link-type trunk
9-56
Issue 01 (2011-05-30)
port trunk allow-pass vlan 1 to 202 stp disable # interface GigabitEthernet1/0/1 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 1 to 200 # interface GigabitEthernet2/0/0 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 101 to 202 stp disable # interface GigabitEthernet3/0/0 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 1 to 100 202 stp disable # bfd bfd2 bind peer-ip default-ip interface GigabitEthernet1/0/1 discriminator local 222 discriminator remote 111 process-interface-status commit # return
Configuration file of PE-AGG B

# sysname PE-AGG B vlan batch 1 to 202 # rrpp enable # rrpp domain 1 control-vlan 201 ring 1 node-mode transit primary-port GigabitEthernet1/0/0 secondary-port GigabitEthernet2/0/0 level 0 ring 1 enable ring 1 track interface Gigabitethernet1/0/1 ring 2 node-mode assistant-edge common-port GigabitEthernet1/0/0 edge-port GigabitEthernet3/0/0 ring 2 enable ring 2 track interface Gigabitethernet1/0/1 # bfd default-ip-address 224.0.0.109 # interface GigabitEthernet1/0/0 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 1 to 202 stp disable # interface GigabitEthernet1/0/1 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 1 to 200 # interface GigabitEthernet2/0/0 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 101 to 202
Issue 01 (2011-05-30)
9-57
stp disable # interface GigabitEthernet3/0/0 undo shutdown portswitch port link-type trunk port trunk allow-pass vlan 1 to 100 202 stp disable # bfd bfd2 bind peer-ip default-ip interface GigabitEthernet1/0/1 discriminator local 666 discriminator remote 555 process-interface-status commit # return
Configuration file of UPE A

# sysname UPE A # vlan batch 101 to 202 # rrpp enable # rrpp domain 1 control-vlan 201 ring 1 node-mode master primary-port GigabitEthernet1/0/0 secondary-port GigabitEthernet2/0/0 level 0 ring 1 enable # interface GigabitEthernet1/0/0 undo shutdown port link-type trunk port trunk allow-pass vlan 101 to 202 stp disable # interface GigabitEthernet2/0/0 undo shutdown port link-type trunk port trunk allow-pass vlan 101 to 202 stp disable # return
Configuration file of UPE B

# sysname UPE B # vlan batch 101 to 202 # rrpp enable # rrpp domain 1 control-vlan 201 ring 1 node-mode transit primary-port gigabitethernet 1/0/0 secondary-port gigabitethernet 2/0/0 level 0 ring 1 enable # interface GigabitEthernet1/0/0 undo shutdown port link-type trunk port trunk allow-pass vlan 101 to 202 stp disable # interface GigabitEthernet2/0/0 undo shutdown port link-type trunk port trunk allow-pass vlan 101 to 202 stp disable
9-58
Issue 01 (2011-05-30)
# return
Configuration file of UPE C

# sysname UPE C # vlan batch 1 to 100 201 to 202 # rrpp enable # rrpp domain 1 control-vlan 201 ring 2 node-mode master primary-port GigabitEthernet1/0/0 secondary-port GigabitEthernet2/0/0 level 1 ring 2 enable # interface GigabitEthernet1/0/0 undo shutdown port link-type trunk port trunk allow-pass vlan 1 to 100 202 stp disable # interface GigabitEthernet2/0/0 undo shutdown port link-type trunk port trunk allow-pass vlan 1 to 100 202 stp disable # return
Configuration file of UPE D

# sysname UPE D # vlan batch 1 to 100 201 to 202 # rrpp enable # rrpp domain 1 control-vlan 201 ring 2 node-mode transit primary-port gigabitethernet 1/0/0 secondary-port gigabitethernet 2/0/0 level 1 ring 2 enable # interface GigabitEthernet1/0/0 undo shutdown port link-type trunk port trunk allow-pass vlan 1 to 100 202 stp disable # interface GigabitEthernet2/0/0 undo shutdown port link-type trunk port trunk allow-pass vlan 1 to 100 202 stp disable # return
9.6.5 Example for Configuring the RRPP Snooping

In this networking, RRPP snooping is configured on sub-interfaces or VLANIF interfaces. The VPLS network can thus transparently transmit RRPP protocol packets, detect the change in the RRPP ring status, and upgrade the forwarding entries to ensure that traffic is switched to a congestion-free path.
Issue 01 (2011-05-30)
9-59
As shown in Figure 9-10, UPE A, UPE B, NPE D, and NPE E comprise an RRPP ring. This RRPP ring transmits data of VLANs 1 to 10 and the control VLAN is VLAN 20. NPE D and NPE E transmit data packets of VLANs 1 to 10 through their respective sub-interfaces GE 2/0/0.1 to GE 2/0/0.10. In addition, sub-interfaces GE 2/0/0.1 to GE 2/0/0.10 are bound to VSIs 1 to 10 respectively. UPE A is the master node, UPE B is a transit node, the RRPP ring accesses the VPLS network through GE 2/0/0.20 of UPE D, and GE 2/0/0.20 of NPE E. NPE D is connected to NPE E through a PW. Enable the RRPP snooping on respective sub-interfaces GE 2/0/0.20 of NPE D and NPE E and associate the sub-interfaces with other VSIs on the local device. In this manner, when a fault occurs on the RRPP ring, NPEs in the VPLS network can synchronously clear the MAC address table of the VSIs on the local node. Figure 9-10 Networking diagram of configuring the RRPP snooping
NPEC
PW
PW
VPLS
NPED GE2/0/0.1 binding VSI1 GE2/0/0.2 binding VSI2 GE2/0/0.10 binding VSI10 GE2/0/0.20 binding VSI1 GE2/0/0 UPE A VLAN 1-10 PW NPEE
GE RRPP ring
Control VLAN: 20
GE2/0/0.1 binding VSI1 GE2/0/0.2 binding VSI2 GE2/0/0.10 binding VSI10 GE2/0/0.20 binding VSI1 GE2/0/0 UPEB VLAN 1-10 GE1/0/0
GE1/0/0
9-60
Configure a VPLS Create an RRPP domain and its control VLAN. Disable the STP function on the interfaces to be added to the RRPP ring. Create an RRPP ring. Enable RRPP. Configure the RRPP snooping. Configure the VSI associated with the RRPP snooping.
Data Preparation
To complete the configuration, you need the following data: l l l l Number of the sub-interfaces to be enabled with the RRPP snooping on NPE D and NPE E Names of the VSIs associated with the sub-interfaces enabled with the RRPP snooping Control VLAN ID and data VLAN ID of the RRPP ring Names of the VSIs to be associated with the sub-interfaces enabled with the RRPP snooping on NPE D and NPE E
Procedure
Step 1 Configure a VPLS
NOTE
This example describes only the configuration of the sub-interfaces through which NPE D and NPE E are connected to the RRPP ring. For the configuration of the sub-interfaces between NPEs in a VPLS network, refer to the HUAWEI CX600 Metro Services Platform Configuration Guide - VPN.
l Configure NPE D. # Create VLANs 1 to 10 and VALN 20 on NPE D.

<HUAWEI> system-view [HUAWEI] sysname NPE D [NPE D] vlan batch 1 to 10 20
# Configure GE 2/0/0.1 of NPE D to allow the packets of VLAN 1 to pass through and bind GE 2/0/0.1 to VSI 1.
[NPE [NPE [NPE [NPE [NPE D] interface gigabitethernet2/0/0.1 D-GigabitEthernet2/0/0.1] vlan-type dot1q 1 D-GigabitEthernet2/0/0.1] l2 binding vsi VSI1 D-GigabitEthernet2/0/0.1] undo shutdown D-GigabitEthernet2/0/0.1] quit
# Configure GE 2/0/0.2 of NPE D to allow the packets of VLAN 2 to pass through and bind GE 2/0/0.2 to VSI 2.
The configuration of sub-interfaces GE 2/0/0.3 to GE 2/0/0.10 is the same as that of subinterfaces GE 2/0/0.1 to GE 2/0/0.2. Detailed configurations are thus not mentioned here. # Configure GE 2/0/0.20 of NPE D to allow the packets of VLAN 20 (the control VLAN of RRPP) to pass through and bind GE 2/0/0.20 to VSI 20.
l Configure NPE E. # Create VLANs 1 to 10 and VALN 20 on NPE E.

<HUAWEI> system-view [HUAWEI] sysname NPE E [NPE E] vlan batch 1 to 10 20
# Configure GE 2/0/0.1 of NPE E to allow the packets of VLAN 1 to pass through and bind GE 2/0/0.1 to VSI 1.
[NPE [NPE [NPE [NPE [NPE
E] interface gigabitethernet2/0/0.1 E-GigabitEthernet2/0/0.1] vlan-type dot1q 1 E-GigabitEthernet2/0/0.1] l2 binding vsi VSI1 E-GigabitEthernet2/0/0.1] undo shutdown E-GigabitEthernet2/0/0.1] quit
# Configure GE 2/0/0.2 of NPE E to allow the packets of VLAN 2 to pass through and bind GE 2/0/0.2 to VSI 2.
[NPE [NPE [NPE [NPE [NPE E] interface gigabitethernet2/0/0.2 E-GigabitEthernet2/0/0.2] vlan-type dot1q 2 E-GigabitEthernet2/0/0.2] l2 binding vsi VSI2 E-GigabitEthernet2/0/0.2] undo shutdown E-GigabitEthernet2/0/0.2] quit
The configurations of sub-interfaces GE 2/0/0.3 to GE 2/0/0.10 are the same as those of subinterfaces GE 2/0/0.1 to GE 2/0/0.2. Detailed configurations are thus not mentioned here. # Configure GE 2/0/0.20 of NPE E to allow the packets of VLAN 20 (the control VLAN of RRPP) to pass through and bind GE 2/0/0.20 to VSI 20.
[NPE [NPE [NPE [NPE [NPE E] interface gigabitethernet2/0/0.20 E-GigabitEthernet2/0/0.20] vlan-type dot1q 20 E-GigabitEthernet2/0/0.20] l2 binding vsi VSI20 E-GigabitEthernet2/0/0.20] undo shutdown E-GigabitEthernet2/0/0.20] quit
Step 2 Create an RRPP domain and its control VLAN. # Create data VLANs 1 to 10 on UPE A.
<HUAWEI> system-view [HUAWEI] sysname UPE A [UPE A] vlan batch 1 to 10
# Configure the domain of UPE A, the master node of ring 1, to be 1, and the ID of the control VLAN to be 20.
[UPE A] rrpp domain 1 [UPE A-rrpp-domain-region1] control-vlan 20 [UPE A-rrpp-domain-region1] quit
# Create data VLANs 1 to 10 on UPE B.

[UPE B] vlan batch 1 to 10
# Configure the domain of UPE B, a transit node of ring 1, to be 1, and the ID of the control VLAN to be 20.
[UPE B] rrpp domain 1 [UPE B-rrpp-domain-region1] control-vlan 20 [UPE B-rrpp-domain-region1] quit
Step 3 Disable the STP function on the interfaces to be added to the RRPP ring. # Disable the STP function on the interfaces to be added to the RRPP ring on UPE A.
[UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE A] interface gigabitethernet 1/0/0 A-GigabitEthernet1/0/0] undo shutdown A-GigabitEthernet1/0/0] port link-type trunk A-GigabitEthernet1/0/0] port trunk allow-pass vlan 1 to 10 A-GigabitEthernet1/0/0] stp disable A-GigabitEthernet1/0/0] quit A] interface gigabitethernet 2/0/0 A-GigabitEthernet2/0/0] undo shutdown A-GigabitEthernet2/0/0] port link-type trunk A-GigabitEthernet2/0/0] port trunk allow-pass vlan 1 to 10 A-GigabitEthernet2/0/0] stp disable A-GigabitEthernet2/0/0] quit
# Disable the STP function on the interfaces to be added to the RRPP ring on UPE B.
[UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE [UPE B] interface gigabitethernet 1/0/0 B-GigabitEthernet1/0/0] undo shutdown B-GigabitEthernet1/0/0] port link-type trunk B-GigabitEthernet1/0/0] port trunk allow-pass vlan 1 to 10 B-GigabitEthernet1/0/0] stp disable B-GigabitEthernet1/0/0] quit B] interface gigabitethernet 2/0/0 B-GigabitEthernet2/0/0] portswitch B-GigabitEthernet2/0/0] port link-type trunk B-GigabitEthernet2/0/0] port trunk allow-pass vlan 1 to 10 B-GigabitEthernet2/0/0] stp disable B-GigabitEthernet2/0/0] quit
Step 4 Create an RRPP ring. # Configure UPE A as the master node of RRPP ring 1 and specify primary and secondary interfaces.
[UPE A] rrpp domain 1 [UPE A-rrpp-domain-region1] ring 1 node-mode master primary-port gigabitethernet 1/0/0 secondary-port gigabitethernet 2/0/0 level 0 [UPE A-rrpp-domain-region1] ring 1 enable [UPE A-rrpp-domain-region1] quit
# Configure UPE B as a transit node of RRPP ring 1 and specify primary and secondary interfaces.
[UPE B] rrpp domain 1 [UPE B-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 1/0/0 secondary-port gigabitethernet 2/0/0 level 0 [UPE B-rrpp-domain-region1] ring 1 enable [UPE B-rrpp-domain-region1] quit
Step 5 Enable RRPP. # Enable RRPP on UPE A.

[UPE A] rrpp enable
# Enable RRPP on UPE B.

[UPE B] rrpp enable
Step 6 Configure the RRPP snooping. # Enable the RRPP snooping on GE 2/0/0.20 of NPE D.
[NPE D] interface gigabitethernet 2/0/0.20 [NPE D-GigabitEthernet2/0/0.20] rrpp snooping enable
# Enable the RRPP snooping on GE 2/0/0.20 of NPE E.

[NPE E] interface gigabitethernet 2/0/0.20 [NPE E-GigabitEthernet2/0/0.20] rrpp snooping enable
Step 7 Configure the VSI associated with the RRPP snooping. # Configure VSI 2, VSI 5, and VSI 9, which are associated with GE 2/0/0.20 of NPE D.
[NPE [NPE [NPE [NPE D-GigabitEthernet2/0/0.20] D-GigabitEthernet2/0/0.20] D-GigabitEthernet2/0/0.20] D-GigabitEthernet2/0/0.20] rrpp snooping vsi VSI2 rrpp snooping vsi VSI5 rrpp snooping vsi VSI9 quit
# Configure VSI 2, VSI 5, and VSI 9, which are associated with GE 2/0/0.20 of NPE E.
[NPE E-GigabitEthernet2/0/0.20] rrpp snooping vsi VSI2 [NPE E-GigabitEthernet2/0/0.20] rrpp snooping vsi VSI5 [NPE E-GigabitEthernet2/0/0.20] rrpp snooping vsi VSI9
Issue 01 (2011-05-30)
9-63
[NPE E-GigabitEthernet2/0/0.20] quit
Step 8 Verify the configuration. After the configuration, perform the following procedures to verify the previous configuration. Take the display on UPE A for example: l On UPE A, run the display rrpp brief command. The following results are displayed:
[UPE A] display rrpp brief Abbreviations for Switch Node Mode : M - Master , T - Transit , E - Edge , A - Assistant-Edge RRPP Protocol Status: Enable RRPP Linkup Delay Timer: 0 sec(default is 0 sec) Number of RRPP Domains: 1 Domain Index : 1 Control VLAN : major 20 sub 21 Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec) Ring Ring Node Primary Secondary/Edge Is ID Level Mode Port Port Enabled --------------------------------------------------------------------------1 0 M GigabitEthernet1/0/0 GigabitEthernet2/0/0 Yes
You can view that RRPP is enabled on UPE A. In domain 1, VLAN 20 is the major control VLAN, VLAN 21 is the sub-control VLAN, and UPE A is the master node in major ring 1 with the primary interface and secondary interface respectively as GE 1/0/0 and GE 2/0/0. l On UPE A, run the display rrpp verbose domain command. The following results are displayed. # View detailed information about UPE A in domain 1.
[UPE A] display Domain Index : Control VLAN : Hello Timer : RRPP Ring : Ring Level : Node Mode : Ring State : Is Enabled : Primary port : Secondary port: rrpp verbose domain 1 1 major 20 sub 21 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec) 1 0 Master Complete Enable Is Active : Yes GigabitEthernet1/0/0 Port status: UP GigabitEthernet2/0/0 Port status: BLOCKED
# View information about the RRPP snooping enabled on GE 2/0/0.20 of NPE D.

[NPE D] display rrpp snooping enable interface gigabitethernet 2/0/0.20 Port VsiName Vlan -------------------------------------------------------GigabitEthernet2/0/0.20 VSI20 20
You can view that VSI 1 is associated with GE 2/0/0.20 and VLAN 20 is associated with GE 2/0/0.20. # View information about other VSIs associated with GE 2/0/0.20 on NPE D.
[NPE D] display rrpp snooping vsi interface gigabitethernet2/0/0.20 Port VsiName -------------------------------------------GigabitEthernet2/0/0.20 VSI2 GigabitEthernet2/0/0.20 VSI5 GigabitEthernet2/0/0.20 VSI9 GigabitEthernet2/0/0.20 VSI20
You can view that GE 2/0/0.20 is associated with four VSIs, namely, VSI 2, VSI 5, VSI 9, and VSI 20. ----End
9-64
Issue 01 (2011-05-30)
Configuration Files
l Configuration file of UPE A
# sysname UPE A # vlan batch 1 to 10 20 21 # rrpp enable # rrpp domain 1 control-vlan 20 ring 1 node-mode master primary-port GigabitEthernet 1/0/0 secondary-port GigabitEthernet 2/0/0 level 0 ring 1 enable # interface Gigabitethernet1/0/0 undo shutdown port link-type trunk port trunk allow-pass vlan 1 to 10 stp disable # interface Gigabitethernet2/0/0 undo shutdown port link-type trunk port trunk allow-pass vlan 1 to 10 stp disable # rrpp enable #
Configuration file of UPE B

# sysname UPE B # vlan batch 1 to 10 20 21 # rrpp enable # rrpp domain 1 control-vlan 20 ring 1 node-mode transit primary-port GigabitEthernet 1/0/0 secondary-port GigabitEthernet 2/0/0 level 0 ring 1 enable # interface Gigabitethernet1/0/0 undo shutdown port link-type trunk port trunk allow-pass vlan 1 to 10 stp disable # interface Gigabitethernet2/0/0 undo shutdown port link-type trunk port trunk allow-pass vlan 1 to 10 stp disable # rrpp enable # return #
Configuration file of UPE D

# sysname NPE D # vlan batch 1 to 10 20 # interface Gigabitethernet2/0/0.1
Issue 01 (2011-05-30)
9-65
undo shutdown vlan-type dot1q 1 l2 binding vsi VSI1 # interface Gigabitethernet2/0/0.2 undo shutdown vlan-type dot1q 2 l2 binding vsi VSI2 # interface Gigabitethernet2/0/0.3 undo shutdown vlan-type dot1q 3 l2 binding vsi VSI3 # interface Gigabitethernet2/0/0.4 undo shutdown vlan-type dot1q 4 l2 binding vsi VSI4 # interface Gigabitethernet2/0/0.5 undo shutdown vlan-type dot1q 5 l2 binding vsi VSI5 # interface Gigabitethernet2/0/0.6 undo shutdown vlan-type dot1q 6 l2 binding vsi VSI6 # interface Gigabitethernet2/0/0.7 undo shutdown vlan-type dot1q 7 l2 binding vsi VSI7 # interface Gigabitethernet2/0/0.8 undo shutdown vlan-type dot1q 8 l2 binding vsi VSI8 # interface Gigabitethernet2/0/0.9 undo shutdown vlan-type dot1q 9 l2 binding vsi VSI9 # interface Gigabitethernet2/0/0.10 undo shutdown vlan-type dot1q 10 l2 binding vsi VSI10 # interface Gigabitethernet2/0/0.20 undo shutdown vlan-type dot1q 20 l2 binding vsi VSI20 rrpp snooping enable rrpp snooping vsi VSI2 rrpp snooping vsi VSI5 rrpp snooping vsi VSI9 # return
Configuration file of UPE E

# sysname NPE E # vlan batch 1 to 10 20 # interface Gigabitethernet2/0/0.1 undo shutdown vlan-type dot1q 1 l2 binding vsi VSI1
9-66
Issue 01 (2011-05-30)
# interface Gigabitethernet2/0/0.2 undo shutdown vlan-type dot1q 2 l2 binding vsi VSI2 # interface Gigabitethernet2/0/0.3 undo shutdown vlan-type dot1q 3 l2 binding vsi VSI3 # interface Gigabitethernet2/0/0.4 undo shutdown vlan-type dot1q 4 l2 binding vsi VSI4 # interface Gigabitethernet2/0/0.5 undo shutdown vlan-type dot1q 5 l2 binding vsi VSI5 # interface Gigabitethernet2/0/0.6 undo shutdown vlan-type dot1q 6 l2 binding vsi VSI6 # interface Gigabitethernet2/0/0.7 undo shutdown vlan-type dot1q 7 l2 binding vsi VSI7 # interface Gigabitethernet2/0/0.8 undo shutdown vlan-type dot1q 8 l2 binding vsi VSI8 # interface Gigabitethernet2/0/0.9 undo shutdown vlan-type dot1q 9 l2 binding vsi VSI9 # interface Gigabitethernet2/0/0.10 undo shutdown vlan-type dot1q 10 l2 binding vsi VSI10 # interface Gigabitethernet2/0/0.20 undo shutdown vlan-type dot1q 20 l2 binding vsi VSI20 rrpp snooping enable rrpp snooping vsi VSI2 rrpp snooping vsi VSI5 rrpp snooping vsi VSI9 # return
Issue 01 (2011-05-30)
9-67
A Glossary
A
This appendix collates frequently used glossaries in this document. 10 Base-T 100 Base-T 1000 BaseT A Active Interface Active Link ARP Automatic negotiation
Glossary
Twisted cable with the transmission speed as 10 Mbit/s and the transmission distance as 100 m. It is described in the IEEE 802.3i. Twisted cable with the transmission speed as 100 Mbit/s and the transmission distance as 100 m. It is described in the IEEE 802.3u. Twisted cable with the transmission speed as 1000 Mbit/s and the transmission distance as 100 m. It is described in the IEEE 802.3ab.
In link aggregation, the interfaces that are responsible for forwarding data in the active state are called active interfaces. In link aggregation group, the links connected to active interfaces are active links. A collection of features that provides a level of functionality available to a user. A function through which the two ends of a physical link choose a operation mode including duplex mode, operation rate. After the negotiation, the two ends work in the negotiated mode until the system reboot.
B backbone VLAN Backup links The backbone VLAN ID refers to the VLAN ID of the provider's backbone network. To improve the reliability of the link, link aggregation introduces the mechanism of backup links. These backup links often act as inactive links. Only when the current active interface fails, the backup interface changes from inactive to active.
Issue 01 (2011-05-30)
A-1
A Glossary
C CE A CE device is a device that is directly connected with the service provider. In a VPN based on MPLS, a CE device can be a CX device, switch, or even a host. On an edge node or an assistant edge node, a port shared by the sub-ring and major ring is called the common port. A port only on the sub-ring is called the edge port. A control VLAN in the RRPP domain is a VLAN only used to transmit RRPP protocol packets. Cyclic redundancy check.
Common port and edge port Control VLAN CRC
D Data VLAN A VLAN that transmits only data packets.
E Edge node and assistant edge node Ethernet On an RRPP sub-ring, if one of the two nodes crossed with the major ring is specified as the edge node, the other node is the assistant edge node. A baseband LAN specification created by Xerox and developed by Xerox, Intel, and Digital Equipment Corporation (DEC). This specification is similar to IEEE802.3. An encapsulation format of the Ethernet frame. Ethernet_II that contains a 16-bit protocol type field is the standard ARPA Ethernet Version 2.0 encapsulation. A encapsulation format of the Ethernet frame. The frame format complies with RFC 1042 and enables the transmission of the Ethernet frame on the IEEE 802.2 media.
Ethernet_II
Ethernet_SNAP
F FDB FE Forwarding database. Fast Ethernet. A extension and enhancement on the traditional Ethernet standard. In FE, the transmission speed increases to 100 Mbit/s. FE complies with the IEEE 802.3u. A operation mode of the Ethernet port. In full-duplex mode, a port can send and receive data simultaneously without interference.
Full-duplex
G GE Gigabit Ethernet. GE adopts the IEEE 802.3z. GE is compatible with 10 Mbit/s and 100 Mbit/s Ethernet.
A-2
Issue 01 (2011-05-30)
A Glossary
H Half-duplex In half-duplex mode, a port can only send or receive data at a time.
I IETF Inactive Interface Inactive Link ISO ISP Internet Engineering Task Force. A organization that is devoted to develop and design the TCP/IP suite and Internet. In link aggregation, the interfaces that do to forward data in the inactive status are called inactive interfaces. In link aggregation group, the links connected to inactive interfaces are inactive links. International Standard Organization. Internet Service Provider.
L Link Aggregation Control Protocol Link aggregation refers to a method of bundling a group of physical interfaces together as a logical interface to increase the bandwidth and reliability. For related protocols and standards, refer to IEEE 802.3ad.
Link Aggregation Group The logical link that is created by bundling several physical links together is called link aggregation group or trunk. LACP Preemption In static LACP mode, when a link of active links fails, the system chooses the link of the highest priority from slave links to replace the faulty one. After a period, the replaced faulty link recovers, and the priority of this link is higher than the link that replaces the faulty one. In this case, the recovered link switches to the active state, and the slave link returns to its original state. This is called LACP Preemption. The LACP preemption delay refers to the period for triggering the preemption. The LACP preemption delay is set to prevent instable data transmission of the Eth-Trunk due to frequent change of the status of some links. Local Area Network. A network that comprises PCs and stations located within several square kilometers. LAN features the high speed and low error rate. Ethernet, FDDI, and token ring are three major implementations. A multi-home switching device that works on the data link layer.
LACP Preemption Delay
LAN
LAN switch
Issue 01 (2011-05-30)
A-3
A Glossary
MAC
Media Access Control. In the OSI model, the data link layer, which is divided into the MAC and the Link Access Control (LAC), MAC is nearer to the physical layer. Metropolitan Area Network. A network covers more than ten square kilometers or a city. The manual load balancing mode is the most basic mode of link aggregation. In manual load balancing mode, you must manually create the Eth-Trunk, add member interfaces to the Eth-Trunk, and specify active interfaces. The Link Aggregation Control Protocol Data Units (LACPDUs) are not involved. All the member interfaces forward data and perform load balancing. Maximum Transmission Unit. The maximum unit of a packet that an interface can process. It is measured in bytes.
MAN Manual Load Balancing Mode
MTU
P P A backbone device that is located in the service provider network. A P device is not directly connected with the CE devices. The P devices only need the basic MPLS forwarding capability and do not maintain information about a VPN. A Provider Edge (PE) device is a device that is located in the backbone network in the MPLS VPN structure. A PE device is responsible for VPN user management, establishment of LSPs between the PE devices and exchanges of routing information between sites of the same VPN.A PE device performs the mapping and forwarding of the packets from the private network to the public-network tunnels and that in the reverse order. PE can be further divided into UPE, SPE and NPE. It refers to the function to discard the packets from unknown VLAN domain or broadcast packets. Packet Discarding is used to prevent the situation where unknown packets or broadcast packet utilize the bandwidth originally belonging to the links, improving the reliability of service transmission. A diagnostic tool that uses the ICMP Echo message to test whether a certain device in an IP network is reachable. The port isolation isolates the unidirectional or bidirectional Layer 2 communication between interfaces. On both the master node and transit node, one of the two ports that access the Ethernet ring is the primary port, and the other is the secondary port. The role of a port is decided by user configuration. A technology that bears Layer 2 services. PWE3 emulates services such as ATM, FR, Ethernet, low-speed TDM circuit, and SONET/ SDH.
PE
Packet Discarding
PING port isolation Primary port and secondary port PWE3
A-4
Issue 01 (2011-05-30)
A Glossary
Q QinQ A technology that expands the VLAN space by adding an IEEE 802.1Q tag to a packet already carrying an 802.1Q tag. As a result, private VLANs can transparently transmit packets over the public network. This function is the same as the Layer 2 VPN. Packets that are forwarded over the backbone network carry two 802.1Q tags, one for the public network and the other for the private network. This is called 802.1Q-in-802.1Q, or QinQ for short. Quality of Service. A measurement used to evaluate the service capability for forwarding packets in the IP network. The evaluated elements include the delay, delay jitter, packet loss ratio.
QoS
R RRPP domain An RRPP domain comprises of a group of switches that are connected and configured with the same domain ID and control VLAN. An RRPP ring is a ring that physically corresponds to one Ethernet ring topology.
RRPP ring
S SPE The SPE devices are core devices that are located within a VPLS full-meshed network. The UPE devices that are connected with the SPE devices are similar to the CE devices. The PWs set up between the UPE devices and the SPE devices serve as the ACs of the SPE devices. The SPE devices must learn the MAC addresses of all the sites on UPE side and those of the UPE interfaces that are connected with the SPE.SPE is sometimes called NPE. The split-horizon function is used to prohibit traffic interchange between PBB-TE tunnels on one device. Static LACP mode refers to a link aggregation method of selecting active and inactive interfaces by negotiating aggregation parameters through LACPDUs. In static LACP mode, LACP determines active and inactive links of the link aggregation group. It is also called M:N mode, that is, M active links and N backup links. The M:N mode provides higher reliability and load balancing can be implemented among M links.
split-horizon function static LACP mode
T Transit Node Transit nodes are all the nodes except the master node on an RRPP major ring.
Issue 01 (2011-05-30)
A-5
A Glossary
UPE
A PE device that is directly connected with the CE devices. UPE supports routing and MPLS encapsulation. If a UPE is connected with multiple CEs and possesses the basic bridge function, frame forwarding is performed only on the UPE. This decreases the burden of the SPE.
V VLAN Virtual Local Area Network. A technology logically divides a LAN according to different functions or departments without considering their physical locations. Each VLAN is a broadcast domain. VLAN mapping is used to implement VLAN convergence by mapping one or more downstream VLANs to an upstream VLAN. The downstream VLAN is the VLAN that the interface at the user side belongs to and is used to identify a user or a class of users. The downstream VLAN is also called the Customer-VLAN (CVLAN). The upstream VLAN is specified by the Internet Service Provider (ISP) at the network side and is used to identify a type of service. The upstream VLAN is also called the Service-VLAN (SVLAN). The VLAN stacking technology adds a layer of VLAN tag to the incoming packet. The VLAN stacking technology implements transparent transmission of C-VLANs in the ISP network to realize the application of Layer 2 Virtual Private Network (VPN). A service that is used to connect more than one Ethernet LAN segment through the PSN and make them operate in an environment similar to a LAN. A technology that bears Layer 2 services. VPWS emulates services such as ATM, FR, Ethernet, low-speed TDM circuit, and SONET/ SDH in a PSN. An instance through which the physical access links of VPLS can be mapped to the virtual links. Each VSI provides independent VPLS service. VSI has Ethernet bridge function and can terminate PW.
VLAN Mapping
VLAN Stacking
VPLS
VPWS
VSI
W WAN Wide Area Network. A network that comprises PCs and stations in a large area such as a state or a county.
A-6
Issue 01 (2011-05-30)
B Acronyms and Abbreviations
B
A ARP B BPDU
Acronyms and Abbreviations
This appendix collates frequently used acronyms and abbreviations in this document.
Address Resolution Protocol
Bridge Protocol Data Unit
C CE CIST COS CRC CSMA/CD CST Customer Edge Common and Internal Spanning Tree Class of Service Cyclic Redundancy Check Carrier Sense Multiple Access/Collision Detect Common Spanning Tree
F FE FIFO FS FSC Fast Ethernet First in First out Forced Switch Frame Check Sequence
G GE Gigabit Ethernet
Issue 01 (2011-05-30)
B-1
H HEC Head Error Check
I ISP IST Internet Service Provider Internal Spanning Tree
L LACP LACPDU LAG LAN Link Aggregation Control Protocol Link Aggregation Control Protocol Data Unit Link Aggregation Group Local Area Network
M MAC MP2MP MS MST BPDU MSTI MSTP MTU Medium Access Control Multipoint-to-Multipoint Manual Switch Multiple Spanning Tree Bridge Protocol Data Unit Multiple Spanning Tree Instance Multiple Spanning Tree Protocol Maximum Transmission Unit
N NMS Network Management System
O OSI Open Systems Interconnection
P P2P PE Point-to-Point Provider Edge
B-2
Issue 01 (2011-05-30)
PLL PSN
Partial Link Lost Packet Switched Network
Q QinQ QoS 802.1Q-in-802.1Q Quality of Service
R RRPP RSTP Rapid Ring Protection Protocol Rapid Spanning Tree Protocol
S SONET STP Synchronous Optical Network Spanning Tree Protocol
T TC TOS TP TPID TLL TTL Topology Checksum Type of Service Topology Protection Tag Protocol Identifier Total Link Lost Time to Live
U URPF Unicast Reverse Path Forwarding
V VLAN VPLS VSI Virtual Local Area Network Virtual Private LAN Service Virtual Switch Instance
Issue 01 (2011-05-30)
B-3
WTR
Wait to Restore
B-4
Issue 01 (2011-05-30)

Configuration Guide - LAN Access and MAN Access (V600R003C00 - 01)

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Configuration Guide - LAN Access and MAN Access (V600R003C00 - 01)

Diunggah oleh

Hak Cipta:

Format Tersedia

HUAWEI CX600 Metro Services Platform V600R003C00

Configuration Guide - LAN Access and MAN Access

HUAWEI TECHNOLOGIES CO., LTD.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

About This Document

About This Document

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

About This Document

Changes in Issue 01 (2011-05-30)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2 Ethernet Interface Configuration............................................................................................2-1

3 Eth-Trunk Interface Configuration........................................................................................3-1

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8 BPDU Tunnel Configuration...................................................................................................8-1

A Glossary.....................................................................................................................................A-1 B Acronyms and Abbreviations.................................................................................................B-1

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1 MAC Address Table Configuration

MAC Address Table Configuration

About This Chapter

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1 MAC Address Table Configuration

1.1 MAC Address Table Introduction

1.1.1 MAC Address Table Overview

1.1.2 MAC Addresses Learning Limit Supported by the CX600

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1 MAC Address Table Configuration

1.2.1 Establishing the Configuration Task

1 MAC Address Table Configuration

1.2.2 Configuring MAC Address Entries

The system view is displayed. Step 2 Run:

1 MAC Address Table Configuration

The blackhole MAC address entry is configured. ----End

1.2.3 Configuring MAC Address Entries Based on the Layer 2 VE Interface

Do as follows on the CX device where the VLAN is created:

The system view is displayed. Step 2 Run:

1 MAC Address Table Configuration

1.2.4 Checking the Configuration

1 MAC Address Table Configuration

1.3.1 Establishing the Configuration Task

1 MAC Address Table Configuration

1.3.2 Configuring MAC Address Entries

1 MAC Address Table Configuration

The system view is displayed. Step 2 Run:

The blackhole MAC address entry is configured. ----End

1.3.3 Configuring MAC Address Entries Based on the VLANIF Interface

1 MAC Address Table Configuration

The system view is displayed. Step 2 Run:

The blackhole MAC address entry is configured. ----End

1.3.4 Checking the Configuration

1 MAC Address Table Configuration

1.4 Configuring the Aging Time of a MAC Address Table

1 MAC Address Table Configuration

1.4.1 Establishing the Configuration Task

1.4.2 Setting the Aging Time of a MAC Address Table

1 MAC Address Table Configuration

The system view is displayed. Step 2 Run: