Operation Manual - VLAN Quidway S3500-EA Series Ethernet Switches

Operation Manual - VLAN Quidway S3500-EA Series Ethernet Switches
Table of Contents
Table of Contents
Chapter 1 VLAN Configuration .................................................................................................... 1-1 1.1 Introduction to VLAN.......................................................................................................... 1-1 1.1.1 VLAN Overview ....................................................................................................... 1-1 1.1.2 VLAN Classification................................................................................................. 1-2 1.2 Configuring Basic VLAN Attributes .................................................................................... 1-2 1.3 Configuring VLAN Interface Basic Attributes..................................................................... 1-2 1.4 Configuring the Port-Based VLAN ..................................................................................... 1-3 1.4.1 Introduction to the Port-Based VLAN ...................................................................... 1-3 1.4.2 Configuring the Access-Port-Based VLAN ............................................................. 1-5 1.4.3 Configuring the Trunk-Port-Based VLAN................................................................ 1-6 1.4.4 Configuring the Hybrid-Port-Based VLAN............................................................... 1-7 1.5 Configuring the IP-Subnet-Based VLAN ........................................................................... 1-8 1.5.1 Introduction.............................................................................................................. 1-8 1.5.2 Configuring the IP-Subnet-Based VLANs ............................................................... 1-9 1.6 Displaying and Maintaining VLAN ................................................................................... 1-10 1.7 A Typical VLAN Configuration Example .......................................................................... 1-10 Chapter 2 Voice VLAN Configuration.......................................................................................... 2-1 2.1 Introduction to Voice VLAN................................................................................................ 2-1 2.1.1 Voice VLAN Mode on a Port ................................................................................... 2-1 2.1.2 Security Mode and Normal Mode of Voice VLAN ................................................... 2-4 2.2 Configuring the Voice VLAN .............................................................................................. 2-4 2.2.1 Configuration Prerequisites..................................................................................... 2-4 2.2.2 Setting Voice VLAN Mode on a Port to Automatic Mode........................................ 2-4 2.2.3 Setting Voice VLAN Mode on a Port to Manual Mode ............................................ 2-5 2.3 Displaying and Maintaining Voice VLAN ........................................................................... 2-6 2.4 Typical Voice VLAN Configuration Examples.................................................................... 2-7 2.4.1 Configuring Automatic Voice VLAN Mode .............................................................. 2-7 2.4.2 Configuring Manual Voice VLAN Mode .................................................................. 2-8 Chapter 3 GVRP Configuration .................................................................................................... 3-1 3.1 GVRP Overview................................................................................................................. 3-1 3.1.1 Introduction to GARP .............................................................................................. 3-1 3.1.2 Introduction to GVRP .............................................................................................. 3-3 3.1.3 Protocols and Standards......................................................................................... 3-4 3.2 Configuring GVRP ............................................................................................................. 3-4 3.2.1 Configuring GVRP Functions .................................................................................. 3-4 3.2.2 Configuring GARP Timers....................................................................................... 3-5 3.3 Displaying and Maintaining GVRP..................................................................................... 3-6
Huawei Technologies Proprietary i
Table of Contents
3.4 GVRP Configuration Example ........................................................................................... 3-6 3.4.1 Example 1 ............................................................................................................... 3-6 3.4.2 Example 2 ............................................................................................................... 3-8 3.4.3 Example 3 ............................................................................................................... 3-9
Huawei Technologies Proprietary ii
Chapter 1 VLAN Configuration

1.1 Introduction to VLAN
1.1.1 VLAN Overview
Virtual Local Area Network (VLAN for short) technology was developed mainly to solve the broadcast problems in LANs. It divides a LAN into multiple logical LANs with each being a broadcast domain. Hosts in the same VLAN can communicate with each other like in a LAN. However, hosts from different VLANs cannot communicate directly. In this way, broadcast packets are confined to a single VLAN, as illustrated in the following figure.
LAN Switch
VLAN A
VLAN B VLAN A
LAN Switch
VLAN A
VLAN B
VLAN B
Router
Figure 1-1 A VLAN diagram A VLAN is not restricted by physical factors, that is to say, hosts that reside in different network segments may belong to the same VLAN, a VLAN can be within the same switch, or span across multiple switches or routers. VLAN technology has the following advantages: 1) 2) Broadcast traffic is confined to each VLAN, reducing bandwidth utilization and improving network performance. LAN security is improved. Packets in different VLANs cannot communicate with each other directly. That is, users in a VLAN cannot interact directly with users in other VLANs, unless routers or Layer 3 switches are used.
Huawei Technologies Proprietary 1-1
3)
A more flexible way to establish virtual working groups. With VLAN technology, clients can be allocated to different working groups, and users from the same group do not have to be within the same physical area, making network construction and maintenance much easier and more flexible.
1.1.2 VLAN Classification

Depending on how VLANs are established, VLANs fall into the following six categories.
z z z z z z
Port-based MAC address-based Protocol-based IP-subnet-based Policy-based Other types
This chapter will focus on the port-based VLANs and IP-subnet-based VLANs.
1.2 Configuring Basic VLAN Attributes

Follow the following steps to configure basic VLAN attributes: To do Enter system view Create VLANs Use the command system-view vlan { vlan-id1 [ to vlan-id2 ] | all } Optional Using this command can create multiple VLANs. Required Enter VLAN view vlan vlan-id The VLAN must be created first before entering its view; otherwise, using the command creates a VLAN and enters its view Optional description text VLAN ID used by default, for example, VLAN 0001 Remarks
Specify a descriptive character string for the VLAN
1.3 Configuring VLAN Interface Basic Attributes

A VLAN interface is a virtual Layer 3 interface for Layer 3 communications between different VLANs.
Follow the following steps to configure VLAN interface basic attributes: To do Enter system view Create VLAN interface and enter its view Use the command system-view interface Vlan-interface vlan-interface-id ip address ip-address { mask | mask-length } [ sub ] Required The VLAN interface must be created first before entering its view Optional Not configured by default Optional Specify the descriptive character string for the VLAN interface description text VLAN interface name used by default, for example, Vlan-interface1 Interface Optional Bring up interface the VLAN By default, the VLAN interface is down if all ports in the VLAN are down, as long as one port in the VLAN is up, the VLAN interface is up Remarks
Configure an IP address for the VLAN interface
undo shutdown
Note: Before creating a VLAN interface, ensure that the corresponding VLAN already exists. Otherwise, the specified VLAN interface will not be created.
1.4 Configuring the Port-Based VLAN

1.4.1 Introduction to the Port-Based VLAN
This is the simplest and yet the most effective way of classifying VLANs. It groups VLAN members by port. After added to a VLAN, a port can forward the packets of the VLAN.
I. Port link type

Based on the tag handling mode, a ports link type can be one of the following three:
z
Access port: An access port belongs to only one VLAN and strips off the VLAN tags when sending packets of this VLAN, normally used to connect computers; Trunk port: A trunk port can belong to multiple VLANs and receive and send packets for multiple VLANs, normally used to connect devices;

z
Hybrid port: A hybrid port can belong to multiple VLANs and receive and send packets for multiple VLANs, used to connect either computers or devices.
The differences between Hybrid and Trunk port:

z z
A Hybrid port allows packets of multiple VLANs to be sent without the Tag label; A Trunk port only allows packets from the default VLAN to be sent without the Tag label.
II. Default VLAN

You can configure the default VLAN for a port. By default, VLAN 1 is the default VLAN for all ports. However, this can be changed as needed.
z
An Access port only belongs to one VLAN. Therefore, its default VLAN is the VLAN it resides in and cannot be configured. You can configure the default VLAN for the Trunk port or the Hybrid port as they can both belong to multiple VLANs. After deletion of the default VLAN using the undo vlan command, the default VLAN for an Access port will revert to VLAN 1, whereas that for the Trunk or Hybrid port remains.
Note: For the voice VLAN in automatic mode, the default VLAN of the corresponding port cannot be configured as voice VLAN. Otherwise, the system prompts error information. For information about voice VLAN, refer to Chapter 2 VLAN Configuration.
Configured with the default VLAN, a port handles packets in the following ways:
Inbound packets handling Port type No tag available

z
Tag available Receive the packet if its VLAN ID is the same as the default VLAN ID Discard the packet if its VLAN ID is different from the default VLAN ID Receive the packet if the VLAN ID is the same as the default VLAN ID Receive the packet if the VLAN ID is not the same as the default VLAN ID but is allowed to pass through the port Discard the packet if the VLAN ID is neither the same as the default VLAN ID nor allowed to pass through the port
Outbound packets handling
Access Port
Strip the Tag and send the packet as the VLAN ID is the same with the default VLAN ID
z z
Trunk port
Tag the packet with the default VLAN ID
Strip the Tag and send the packet if the VLAN ID is the same as the default VLAN ID Keep the tag and send the packet if the VLAN ID is not the same as the default VLAN ID but allowed to pass through the port
Hybrid port
Send the packets if the VLAN ID is allowed to pass through the port. Use the port hybrid vlan command to configure whether the port tags packets when sending packets in this VLAN (including default VLAN).
1.4.2 Configuring the Access-Port-Based VLAN

There are two ways to add an Access port to a specified VLAN: one way is to configure under the VLAN view, the other way is to configure under the Ethernet port view/port group view. Follow the following steps to configure the Access-port-based VLAN in VLAN view:
To do Enter system view
Use the command system-view
Remarks
Required Enter VLAN view vlan vlan-id For a nonexistent VLAN, this command will create a VLAN and enter its view Required port interface-list By default, system will add all ports to VLAN 1
Add an Access port to the current VLAN
Follow the following steps to configure the Access-port-based VLAN in Ethernet port view/port group view: To do Enter system view Enter Ethernet port view Enter Ethernet port view or port group view Use the command system-view interface interface-type interface-number Use either command Under Ethernet port view, the subsequent configurations only apply to the current port; under port group view, the subsequent configurations apply to all ports in the port group Optional port link-type access The link type of a port is Access by default Optional By default, all Access ports belong to VLAN 1 Remarks
Enter port group view
port-group { manual port-group-name | aggregation agg-id }
Configure the port link type as Access
Add the current Access port to a specified VLAN
port access vlan-id
vlan
Note: Ensure that you create a VLAN first before trying to add an Access port to the VLAN.
1.4.3 Configuring the Trunk-Port-Based VLAN

A Trunk port may belong to multiple VLANs, and you can only perform this configuration in Ethernet port view or port group view.
Follow the following steps to configure the Trunk-port-based VLAN: To do Enter system view Enter Ethernet port view Use the command system-view interface interface-type interface-number Use either command Under Ethernet port view, the subsequent configurations only apply to the current port; under port group view, the subsequent configurations apply to all ports in the port group Required port link-type trunk The link type of a port is Access by default Required By default, all Trunk ports belong to VLAN 1 only Optional VLAN 1 is the default by default Remarks
Enter Ethernet port view or port group view
Configure the port link type as Trunk Allow a specified VLAN to pass through the current Trunk port Configure the default VLAN for the Trunk port
port trunk permit vlan { vlan-id-list | all }
port trunk pvid vlan vlan-id
Note:
z
To convert a Trunk port into a Hybrid port (or vice versa), you need to use the Access port as a medium. For example, the Trunk port has to be configured as an Access port first and then a Hybrid port.
Ensure that a VLAN already exists before configuring it to pass through a certain Trunk port. The default VLAN ID on the Trunk ports of the local and peer devices must be the same. Otherwise, packets of the default VLAN cannot be transmitted properly from the local end to the peer end.
1.4.4 Configuring the Hybrid-Port-Based VLAN

A Hybrid port may belong to multiple VLANs, and this configuration can only be performed in Ethernet port view or port group view.
Follow the following steps to configure the Hybrid-port-based VLAN: To do Enter system view Enter Ethernet port view Use the command system-view interface interface-type interface-number Use either command; Under Ethernet port view, the subsequent configurations only apply to the current port; under port group view, the subsequent configurations apply to all ports in the port group Required port link-type hybrid The link type of a port is Access by default Required By default, all Hybrid ports belong to VLAN 1 Optional VLAN 1 is the default by default Remarks
Configure the port link type as Hybrid Allow a specified VLAN to pass through the current Hybrid port Configure the default VLAN of the Hybrid port
port hybrid vlan vlan-id-list { tagged | untagged } port hybrid vlan-id pvid vlan
Note:
z
To configure a Trunk port into a Hybrid port (or vice versa), you need to use the Access port as a medium. For example, the Trunk port has to be configured as an Access port first and then a Hybrid port.
Ensure that a VLAN already exists before configuring it to pass through a certain Hybrid port.
1.5 Configuring the IP-Subnet-Based VLAN

1.5.1 Introduction
In this approach, VLANs are categorized based on the source IP address and the subnet mask of packet. After receiving an untagged packet from a port, the device finds its association with the current VLAN based on the source address contained in the packet, it will then forward the packet in the corresponding VLAN. This allows packets from a certain network segment or with certain IP addresses to be forwarded in a VLAN.
1.5.2 Configuring the IP-Subnet-Based VLANs
Note: This feature is only applicable to a Hybrid port.
Follow the following steps to configure the IP-subnet-based VLAN: To do Enter system view Use the command system-view Required Enter VLAN view vlan vlan-id For a nonexistent VLAN, this command will create a VLAN and enter view Required Configure the association between an IP subnet with the current VLAN ip-subnet-vlan [ ip-subnet-index ] ip ip-address [ mask ] The configured IP network segment or IP address cannot be a multicast network segment or a multicast address Required Use either command; Under Ethernet port view, the subsequent configurations only apply to the current port; under port group view, the subsequent configurations apply to all ports in the port group Required port link-type hybrid The link type of all ports is Access by default Required By default, all belong to VLAN 1 Required By default, no Hybrid port is associated with the IP-subnet-based VLAN. ports Remarks
Exit the VLAN view Enter Ethernet port view
quit interface interface-type interface-number
Configure port link type as Hybrid Allow an IP-subnet-based VLAN to pass through the current Hybrid port Configure the association between the Hybrid port and the IP-subnet-based VLAN
port hybrid vlan vlan-id-list { tagged | untagged } port hybrid ip-subnet-vlan vlan vlan-id
1.6 Displaying and Maintaining VLAN

To do... Display VLAN information Use the command display vlan [ vlan-id1 [ to vlan-id2 ] | all | static | dynamic | reserved ] display interface Vlan-interface [ vlan-interface-id ] display ip-subnet-vlan vlan { vlan-id [ to vlan-id ] | all } display ip-subnet-vlan interface { interface-type interface-number [ to { interface-type interface-number } ] | all } Available in user view Remarks
Display VLAN interface information Display the IP-subnet-based VLAN information and IP subnet indexes of specified VLANs Display the IP-subnet-based VLAN information and IP subnet index of specified ports
1.7 A Typical VLAN Configuration Example

I. Network requirements
z z z
Device A connects to Device B through the Trunk port Ethernet 1/0/1; The default VLAN ID of the port is 100; This port allows packets from VLAN 2, VLAN 6 to VLAN 50, and VLAN 100 to pass through.
II. Network diagram

Ethernet1/0/1 Ethernet1/0/1 Device A Device B
Figure 1-2 Network diagram for configuring VLANs allowed on ports
III. Configuration procedure

1) Configure Device A
# Create VLAN 2, VLAN 6 to VLAN 50, and VLAN 100.

<Sysname> system-view [Sysname] vlan 2 [Sysname-vlan2] quit [Sysname] vlan 100

[Sysname-vlan100] quit [Sysname] vlan 6 to 50 Please wait... Done.
# Enter the Ethernet port view of Ethernet 1/0/1.

[Sysname] interface Ethernet 1/0/1
# Configure Ethernet 1/0/1 as a Trunk port and configure its default VLAN ID as 100.
[Sysname-Ethernet1/0/1] port link-type trunk [Sysname-Ethernet1/0/1] port trunk pvid vlan 100
# Configure packets from VLAN 2, VLAN 6 to VLAN 50, and VLAN 100 to pass through Ethernet 1/0.
[Sysname-Ethernet1/0/1] port trunk permit vlan 2 6 to 50 100 Please wait... Done.
2)
Configure Device B following similar steps as that of Device A.
Chapter 2 Voice VLAN Configuration

2.1 Introduction to Voice VLAN
Voice VLANs are configured specially for voice traffic. By adding the ports that connect voice devices to voice VLANs, you can configure quality of service (QoS for short) attributes for the voice traffic, increasing transmission priority and ensuring voice quality. A device determines whether a received packet is a voice packet by checking its source MAC address. Packets containing source MAC addresses that comply with the voice device Organizationally Unique Identifier (OUI for short) addresses are regarded as voice traffic, and are forwarded in the voice VLANs. You can configure the OUI addresses in advance or use the default OUI addresses, which are listed as follows: Number 1 2 3 4 5 OUI address 0001-e300-0000 0003-6b00-0000 00d0-1e00-0000 00e0-7500-0000 00e0-bb00-0000 Vendors Siemens phone Cisco phone Pingtel phone Polycom phone 3com phone
Note:
z
As the first 24 bits of a MAC address (in binary format), an OUI address is a globally unique identifier assigned to a vendor by IEEE. You can delete or add the default OUI address.
2.1.1 Voice VLAN Mode on a Port

There are two voice VLAN modes on a port: automatic and manual.
z
In automatic voice VLAN mode, the system identifies the source MAC address contained in the untagged packet sent when the IP phone is powered on and matches it against the OUI addresses. If a match is found, the system will automatically add the port into the Voice VLAN and apply ACL rules to ensure the packet precedence. An aging time can be configured for the voice VLAN. The system will remove a port from the voice VLAN if no voice packet is received from
it after the aging time. The adding and deleting of ports are automatically realized by the system.
z
In manual voice VLAN mode, administrators add the IP phone access port to the voice VLAN. It then identifies the source MAC address contained in the packet, matches it against the OUI addresses, and decides whether to forward the packet in the voice VLAN. The administrators apply ACL rules while adding or deleting a port from the voice VLAN. In this mode, the adding or deleting of ports is realized by the administrators.
Both modes forward tagged packets based on the VLAN IDs contained in the packets.
The above two modes are configured in Ethernet port view. Different voice VLAN modes can be configured on different ports, independent of one another. The following table lists the co-relation between the voice VLAN mode, the voice traffic type of an IP phone, and the type of an Ethernet port. Mode Voice traffic type Port link type Access: not supported Trunk: supported provided that the default VLAN of the access port exists and is not a voice VLAN and that the access port belongs to the voice VLAN Hybrid: supported provided that the default VLAN of the access port exists and is in the list of tagged VLANs whose packets can pass through the access port Untagged voice traffic Access, Trunk, Hybrid: not supported
Automatic mode
Tagged voice traffic
Mode
Voice traffic type
Port link type Access: not supported Trunk: supported provided that the default VLAN of the access port exists and is not a voice VLAN and that the access port belongs to the default VLAN Hybrid: supported provided that the default VLAN of the access port exists and is from the list of tagged VLANs whose packets can pass through the access port
Tagged voice traffic
Manual mode
Access: supported provided that the default VLAN of the access port is a voice VLAN Trunk: supported provided that the default VLAN of the access port is a voice VLAN and that the access port allows packets from the voice VLAN to pass through Hybrid port: supported provided that the default VLAN of the access port is a voice VLAN and that the voice VLAN is in the list of untagged VLANs whose packets are allowed to pass through the access port
Untagged traffic
voice
Caution:
z
If the voice traffic sent by an IP phone is tagged and that the access port has 802.1 x authentication and guest VLAN enabled, assign different VLAN IDs for the voice VLAN, the default VLAN of the access port, and the 802.1x guest VLAN.
If the voice traffic sent by an IP phone is untagged, to realize the voice VLAN feature, the default VLAN of the access port can only be configured as the voice VLAN. Note that at this time 802.1 x authentication function cannot be realized.
Note:
z
The default VLANs for all ports are VLAN 1. Using commands, users can either configure the default VLAN of a port, or configure to allow a certain VLAN to pass through the port. For more information, refer to 1.4 Configuring the Port-Based VLAN.
Use the display interface command in the Port Correlation Configuration module to display the default VLAN and the VLANs that are allowed to go through a certain port.
2.1.2 Security Mode and Normal Mode of Voice VLAN

Ports that have the voice VLAN feature enabled can be divided into two modes based on their filtering mechanisms applied to inbound packets.
z
Security mode: only voice packets with source OUI MAC addresses can pass through the port (with the voice VLAN feature enabled), other non-voice packets will be discarded, including authentication packets, such as 802.1x authentication packet.
Normal mode: both voice packets and non-voice packets are allowed to pass through a port (with the voice VLAN feature enabled), the former will abide by the voice VLAN filtering mechanism whereas the latter normal VLAN filtering mechanism.
It is recommended that you do not mix voice packets with other types of data in a voice VLAN. If necessary, please ensure that the security mode is disabled.
2.2 Configuring the Voice VLAN

2.2.1 Configuration Prerequisites
z z
Create the corresponding VLAN before configuring the voice VLAN; As a default VLAN, VLAN 1 does not need to be created. However, it cannot be enabled with the voice VLAN feature.
2.2.2 Setting Voice VLAN Mode on a Port to Automatic Mode

Follow the following steps to set the voice VLAN mode on a port to automatic: To do... Enter system view Configure the aging time of the voice VLAN Use the command... system-view voice vlan minutes aging Optional Only applicable to ports in automatic mode and defaults to 1,440 minutes Optional Enabled by default Optional By default, each voice VLAN has 5 default OUI addresses Required Remarks
Enable the security mode of the voice VLAN
voice vlan enable
security
Configure the OUI address for the voice VLAN Enable the global voice VLAN feature
voice vlan mac-address oui mask oui-mask [ description text ] voice enable vlan vlan-id
To do...
Use the command... interface { interface-type interface-number | interface-name } voice vlan mode auto
Remarks
Enter Ethernet port view
Set the voice VLAN mode on the port to automatic Enable the voice VLAN feature on the port
Optional Enabled by default Required Disabled by default
voice vlan enable
Note: For a port whose voice VLAN mode is set to automatic, you cannot configure the default VLAN of the port as the voice VLAN. Otherwise, the system will prompt error information.
2.2.3 Setting Voice VLAN Mode on a Port to Manual Mode

Follow the following steps to set the voice VLAN mode on a port to manual mode: To do... Enter system view Enable the security mode of voice VLAN Use the command... system-view voice vlan security enable Optional Enabled by default Optional By default, a voice VLAN has 5 default OUI addresses Required Remarks
Configure the OUI address of voice VLAN Enable the global voice VLAN feature Enter Ethernet port view Set the voice VLAN mode on the port to manual Return to system view
voice vlan mac-address oui mask oui-mask [ description text ] voice vlan vlan-id enable interface { interface-type interface-number | interface-name } undo voice vlan mode auto quit
Required Disabled by default
To do... Access port Add a manual mode port to the voice VLAN Trunk port
Use the command... Refer to 1.4.2 Configuring the Access-Port-Based VLAN Refer to 1.4.3 Configuring the Trunk-Port-Based VLAN Refer to 1.4.4 Configuring the Hybrid-Port-Based VLAN Refer to 1.4.3 Configuring the Trunk-Port-Based VLAN
Remarks One of the three options is required. If you add an Access port to the voice VLAN, the voice VLAN automatically becomes the default VLAN of the port. Optional When the incoming voice stream is untagged, this configuration is required; when the incoming voice stream is tagged, this configuration is prohibited. Required Disabled by default
Hybrid port
Trunk port Configure the voice VLAN as the default VLAN of a port
Hybrid port
Refer to 1.4.4 Configuring the Hybrid-Port-Based VLAN
Enable the voice VLAN feature on the port
voice vlan enable
Note: When configuring voice VLAN (under automatic mode and manual mode), note that:
z
Only one static VLAN of a device can have the voice VLAN feature enabled at a time. A dynamic VLAN cannot be configured as a voice VLAN. A port that has the Link Aggregation Control Protocol (LACP for short) enabled cannot have the voice VLAN feature enabled at the same time. You are not recommended to configure both voice VLAN and Q-in-Q (including basic Q-in-Q and selective Q-in-Q) on a device. Otherwise, the voice VLAN cannot work properly.
2.3 Displaying and Maintaining Voice VLAN

To do... Display the voice VLAN state Display the OUI addresses currently supported by system Use the command... display voice vlan state display voice vlan oui Available in any view Remarks
2.4 Typical Voice VLAN Configuration Examples

2.4.1 Configuring Automatic Voice VLAN Mode
I. Network requirement
z
Create VLAN 2 and configure it as a voice VLAN with an aging time of 100 minutes. Configure Ethernet 1/0/1 as a Trunk port. Its default VLAN is VLAN 6. The device allows voice packets from Ethernet 1/0/1 with an OUI address of 0011-2200-0000, a mask of ffff-ff00-0000, and a descriptive string of test to be forwarded through the voice VLAN.
z z
II. Network diagram
VLAN 2
Ethernet1/0/1
WAN
Tel.1 010 -1001 OUI:0011 -2200-0000 Mask:ffff-ff00-0000
Figure 2-1 Network diagram for automatic voice VLAN mode configuration

# Create VLAN 2 and VLAN 6.
<Sysname> system-view [Sysname] vlan 2 [Sysname-vlan2] quit [Sysname] vlan 6 [Sysname-vlan6] quit
# Configure the voice VLAN aging time.

[Sysname] voice vlan aging 100
# Configure the OUI address 0011-2200-0000 as the legal address of the voice VLAN.
[Sysname] voice vlan mac-address 0011-2200-0000 mask ffff-ff00-0000
description test
# Enable the global voice VLAN feature.

[Sysname] voice vlan 2 enable
# Set the voice VLAN mode on Ethernet 1/0/1 to automatic. (Optional, by default, the voice VLAN mode on a port is automatic.)
[Sysname] interface Ethernet 1/0/1 [Sysname-Ethernet1/0/1] voice vlan mode auto
# Configure Ethernet 1/0/1 as a Trunk port.

[Sysname] interface Ethernet 1/0/1 [Sysname-Ethernet1/0/1] port link-type trunk
# Configure the default VLAN of the port to be VLAN 6 and allow packets from VLAN 6 to pass through the port.
[Sysname-Ethernet1/0/1] port trunk permit vlan 6 [Sysname-Ethernet1/0/1] port trunk pvid vlan 6
# Enable the voice VLAN feature of the port.

[Sysname-Ethernet1/0/1] voice vlan enable
2.4.2 Configuring Manual Voice VLAN Mode

I. Network requirement
z z
Create VLAN 2 and configure it as a voice VLAN. IP phone type is untagged with the Hybrid port Ethernet 1/0/1 being the access port. Ethernet 1/0/1 works in manual mode. It only allows voice packets with an OUI address of 0011-2200-0000, a mask of ffff-ff00-0000, and a descriptive string of test to be forwarded.
II. Network diagram
VLAN 2
Ethernet1/0/1
WAN
Tel.1 010-1001 OUI:0011-2200-0000 Mask:ffff-ff00-0000
Figure 2-2 Network diagram for manual voice VLAN mode configuration

# Configure the voice VLAN to work in security mode and only allows legal voice packets to pass through the voice VLAN enabled port. (Optional, enabled by default)
<Sysname> system-view [Sysname] voice vlan security enable
# Configure the OUI address 0011-2200-0000 as the legal voice VLAN address.
[Sysname] voice vlan mac-address 0011-2200-0000 mask ffff-ff00-0000
description test
# Create VLAN 2. Enable voice VLAN feature for it.

[Sysname] vlan 2 [Sysname-vlan2] quit [Sysname] voice vlan 2 enable
# Configure Ethernet 1/0/1 to work in manual mode.

[Sysname] interface Ethernet 1/0/1 [Sysname-Ethernet1/0/1] undo voice vlan mode auto
# Configure Ethernet 1/0/1 as a Hybrid port.

[Sysname-Ethernet1/0/1] port link-type hybrid
# Configure VLAN 2 as the default VLAN of the port and allow packets from VLAN 2 to pass through the port.
[Sysname-Ethernet1/0/1] port hybrid pvid vlan 2 [Sysname-Ethernet1/0/1] port hybrid vlan 2 untagged
# Enable the voice VLAN feature of Ethernet 1/0/1.

[Sysname-Ethernet1/0/1] voice vlan enable
IV. Verification
# Display information about the OUI addresses, OUI address masks, and descriptive strings.
[Sysname-Ethernet1/0/1] return <Sysname> display voice vlan oui Oui Address 0001-e300-0000 0003-6b00-0000 0011-2200-0000 00d0-1e00-0000 00e0-7500-0000 00e0-bb00-0000 Mask ffff-ff00-0000 ffff-ff00-0000 ffff-ff00-0000 ffff-ff00-0000 ffff-ff00-0000 ffff-ff00-0000 Description Siemens phone Cisco phone test Pingtel phone Polycom phone 3com phone
# Display the current voice VLAN state.

<Sysname> display voice vlan state

Voice VLAN status: ENABLE Voice VLAN ID: 2 Voice VLAN configuration mode: MANUAL Voice VLAN security mode: Security Voice VLAN aging time: 100 minutes Voice VLAN enabled port and its mode: PORT MODE
-------------------------------Ethernet1/0/1 MANUAL
Chapter 3 GVRP Configuration

3.1 GVRP Overview
3.1.1 Introduction to GARP
The generic attribute registration protocol (GARP), provides a mechanism that allows participants in a GARP application to distribute, propagate, and register with other participants in a bridged LAN the attributes specific to the GARP application, such as the VLAN or multicast address attribute. GARP-compliant application entities are called GARP applications. One example is GVRP. When a GARP application entity is present on a port on your device, this port is regarded a GARP application entity.
I. GARP messages and timers

1) GARP messages
GARP participants, which can be end stations or bridges, exchange attributes primarily by sending the following three types of messages:
z z
Join to announce the willingness to register attributes with other participants. Leave to announce the willingness to deregister with other participants. Together with Join messages, Leave messages guarantee attribute reregistration and deregistration.
LeaveAll to deregister all attributes. A LeaveAll message is sent upon expiration of a LeaveAll timer which starts upon the startup of a GARP application entity.
Through message exchange, all attribute information that needs registration propagates to all GARP participants throughout a bridged LAN. 2) GARP timers
GARP sets interval for sending GARP messages by using these four timers:
z
Hold timer When a GARP application entity receives the first registration request, it starts a hold timer and collects succeeding requests. When the timer expires, the entity sends all these requests in one Join message. This can thus help you save bandwidth.
Join timer Each GARP application entity sends a Join message twice for reliability sake and uses a join timer to set the sending interval. Leave timer Starts upon receipt of a Leave message. When this timer expires, the GARP application entity removes attribute information as requested.

z
Leaveall timer Starts when a GARP application entity starts. When this timer expires, the entity sends a LeaveAll message so that other entities can re-register its attribute information. Then, a leaveall timer starts again.
Note:
z
The settings of GARP timers apply to all GARP applications, such as GVRP, running on a LAN. Unlike other three timers which are set on a port basis, the leaveall timer is set in system view and takes effect globally. A GARP application entity may send LeaveAll messages at the interval set by its LeaveAll timer or the leaveall timer of another GARP application entity on the network, whichever is smaller.
II. Operating mechanism of GARP

The GARP mechanism allows the configuration of a GARP participant to propagate throughout a LAN quickly. In GARP, a GARP participant registers or deregisters its attributes with other participants by making or withdrawing declarations of attributes and at the same time, based on received declarations or withdrawals handles attributes of other participants. GARP application entities send protocol data units (PDU) with a particular multicast MAC address as destination. Based on this address, a device can identify to which GVRP application, GVRP for example, should a GARP PDU be delivered.
III. GARP message format

The following figure illustrates the GARP message format.
Figure 3-1 GARP message format
The following table describes the GARP message fields. Table 3-1 Description on the GARP message fields: Field Protocol ID Message Description Protocol identifier for GARP One or multiple messages, each containing an attribute type and an attribute list Defined by application the concerned GARP 1 0x01 for GVRP, indicating the VLAN ID attribute Value
Attribute Type Attribute List
Consists of one or multiple attributes Consists of an Attribute Length, an Attribute Event, and an Attribute Value. If the Attribute Event is LeaveAll, Attribute Value is omitted Number of octets occupied by an attribute, inclusive of the attribute length field
Attribute
Attribute Length
2 to 255 in bytes 0: LeaveAll 1: JoinEmpty 2: JoinIn 3: LeaveEmpty 4: LeaveIn 5: Empty
Attribute Event
Event described by the attribute
Attribute Value End Mark
Attribute value Indicates the end of PDU
VLAN GVRP
ID
for
3.1.2 Introduction to GVRP

GVRP enables a device to propagate local VLAN registration information to other participant devices and dynamically update the VLAN registration information from other devices to its local database. It thus ensures that all GVRP participants on a bridged LAN maintain the same VLAN registration information. The VLAN registration information propagated by GVRP includes both manually configured local static entries and dynamic entries from other devices. GVRP provides the following three registration types on a port:
z
Normal Enables a port to dynamically register and deregister VLANs, and to propagate both dynamic and static VLAN information. Fixed Disables the port to dynamically register VLANs or propagate dynamic VLAN information, but allows the port to propagate static VLAN information. A
trunk port with fixed registration type thus allows only manually configured VLANs to pass through even though it is configured to carry all VLANs.
z
Forbidden Disables the port to dynamically register VLANs, and to propagate VLAN information except for VLAN 1. A trunk port with forbidden registration type thus allows only VLAN 1 to pass through even though it is configured to carry all VLANs.
3.1.3 Protocols and Standards

IEEE 802.1Q specifies GVRP.
3.2 Configuring GVRP

GVRP configuration covers GVRP functions and GARP timers.
Note: You can configure GVRP on a trunk port only.
3.2.1 Configuring GVRP Functions

Follow these steps to configure GVRP functions on a trunk port: To do Enter system view Enable global GVRP Enter Ethernet interface view Enter port-group view Use the command system-view gvrp Required Disabled by default. Required interface interface-type interface-number Perform either commands. of the Remarks
Enter Ethernet interface view or port-group view
port-group { manual port-group-name | aggregation agg-id } gvrp gvrp registration { fixed | forbidden | normal }
Depending on the view you accessed, the subsequent configuration takes effect on a port or all ports in a port-group. Required Disabled by default. Optional The default is normal.
Enable GVRP on the port Configure the GVRP registration mode on the port
Note: The BPDU tunneling function is incompatible with the GVRP function. Before enabling GVRP on a BPDU tunnelingenabled Ethernet port, disable BPDU tunneling.
3.2.2 Configuring GARP Timers

Follow these steps to configure GARP timers: To do Enter system view Configure the GARP leaveall timer Enter Ethernet interface view Enter port-group view Use the command system-view garp timer leaveall timer-value Optional The default centiseconds. Required Perform either commands. of the is 1000 Remarks
Enter Ethernet interface view or port-group view
interface interface-type interface-number port-group { manual port-group-name | aggregation agg-id }
Depending on the view you accessed, the subsequent configuration takes effect on a port or all ports in a port-group. Optional
Configure the hold timer, join timer, and leave timer
garp timer { hold | join | leave } timer-value
The default is 10 centiseconds for the hold timer, 20 centiseconds for the join timer, and 60 centiseconds for the leave timer.
When configuring GARP timers, note that their values are dependent on one another and must be a multiplier of five centiseconds. If the value range for a timer is not desired, you may change it by tuning the value of another related timer as shown in the following table: Table 3-2 Dependencies of GARP timers Timer Hold Join Leave Lower limit 10 centiseconds Not less than two times the hold timer setting Greater than two times the join timer setting Upper limit Not greater than half of the join timer setting Less than half of the leave timer setting Less than the leaveall timer setting
Timer LeaveAll
Lower limit Greater than the leave timer setting
Upper limit 32765 centiseconds
3.3 Displaying and Maintaining GVRP

To do Display statistics about GARP Display GARP timers for all or specified ports Display statistics about GVRP Display the global GVRP state Clear the GARP statistics Use the command display garp statistics [ interface interface-list ] display garp timer [ interface interface-list ] display gvrp statistics [ interface interface-list ] display gvrp status reset garp statistics [ interface interface-list ] Available in user view Remarks
Available in any view
3.4 GVRP Configuration Example

3.4.1 Example 1
Configure GVRP for dynamic VLAN information registration and update among devices.
II. Network diagram
Ethernet 1/0/1
Ethernet 1/0/2
Switch A
Switch B
Figure 3-2 Network diagram for GVRP configuration

z
Configure Switch A
# Enable GVRP globally.

<Sysname> system-view [Sysname] gvrp
# Configure port Ethernet 1/0/1 as trunk, allowing all VLANs to pass.

[Sysname] interface Ethernet 1/0/1 [Sysname-Ethernet1/0/1] port link-type trunk [Sysname-Ethernet1/0/1] port trunk permit vlan all
# Enable GVRP on Ethernet 1/0/1.

[Sysname-Ethernet1/0/1] gvrp
# Create VLAN 2.
[Sysname-Ethernet1/0/1] quit [Sysname] vlan 2 [Sysname-vlan2]
z
Configure Switch B

# Configure port Ethernet 1/0/2 as trunk, allowing all VLANs to pass.

# Enable GVRP on Ethernet 1/0/2.

# Create VLAN 3.
z
Verify the configuration.
# Display the dynamic VLAN information on Switch A

[Sysname-vlan2] display vlan dynamic Now, the following dynamic VLAN exist(s): 3
# Display the dynamic VLAN information on Switch B

3.4.2 Example 2
Enable GVRP on devices and configure the port registration mode as fixed to realize dynamic registration and update of some VLAN information between devices.
II. Network diagram
Ethernet 1/0/1
Ethernet 1/0/2
Switch A
Switch B

1) Configure Switch A

# Configure port Ethernet1/0/1 as trunk, allowing all VLANs to pass.

# Enable GVRP on Ethernet1/0/1

# Configure the GVRP registration mode as fixed.

[Sysname-Ethernet1/0/1] gvrp registration fixed
# Create static VLAN 2.

2)
Configure Switch B

# Configure port Ethernet1/0/2 as trunk, allowing all VLANs to pass.

[Sysname] interface Ethernet 1/0/2 [Sysname-Ethernet1/0/2] port link-type trunk
[Sysname-Ethernet1/0/2] port trunk permit vlan all
# Enable GVRP on Ethernet1/0/2


3)
Verify the configuration
# Display the dynamic VLAN information on Switch A

[Sysname-vlan2] display vlan dynamic No dynamic vlans exist!
# Display the dynamic VLAN information on Switch B.

3.4.3 Example 3
Enable GVRP on devices and configure the port registration mode as forbidden to forbid dynamic registration and update of VLAN information between devices.
II. Network diagram
Ethernet 1/0/1
Ethernet 1/0/2
Switch A
Switch B

1) Configure Switch A

<Sysname > system-view [Sysname] gvrp
# Configure Ethernet1/0/1 as a trunk port, allowing all VLANs to pass.

# Enable GVRP on the trunk port.

# Configure the GVRP registration mode as forbidden.

[Sysname-Ethernet1/0/1] gvrp registration forbidden

2)
Configure Switch B

<Sysname > system-view [Sysname] gvrp
# Configure Ethernet1/0/2 as a trunk port, allowing all VLANs to pass.

# Enable GVRP on the trunk port.


3)
Verify the configuration
# Display dynamic VLAN information on Switch A

# Display dynamic VLAN information on Switch B.


Operation Manual - VLAN Quidway S3500-EA Series Ethernet Switches

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Operation Manual - VLAN Quidway S3500-EA Series Ethernet Switches

Diunggah oleh

Hak Cipta:

Format Tersedia

Operation Manual - VLAN Quidway S3500-EA Series Ethernet Switches

Huawei Technologies Proprietary i