Advanced Traffic Management Guide

HP ProCurve Switch Software
Advanced Traffic Management Guide

3500 switches
3500yl switches
5400zl switches
6200yl switches
6600 switches
8200zl switches
Software version K.15.01
April 2010
HPProCurve
3500Switches
3500ylSwitches
5400zlSwitches
6200ylSwitch
6600Switches
8200zlSwitches
June 2010
K.15.01
AdvancedTrafficManagementGuide
Copyright20052010Hewlett-PackardDevelopmentCompany,
L.P.Theinformationcontainedhereinissubjecttochangewith-
outnotice.AllRightsReserved.
Thisdocumentcontainsproprietaryinformation,whichis
protectedbycopyright.Nopartofthisdocumentmaybe
photocopied,reproduced,ortranslatedintoanother
languagewithoutthepriorwrittenconsentofHewlett-
Packard.
PublicationNumber
5992-3060
June2010
ApplicableProducts
HPProCurveSwitch3500-24 (J9470A)
HPProCurveSwitch3500-48 (J9472A)
HPProCurveSwitch3500-24PoE (J9471A)
HPProCurveSwitch3500-48PoE (J9473A)
HPProCurveSwitch3500yl-24G-PWR (J8692A)
HPProCurveSwitch3500yl-48G-PWR (J8693A)
HPProCurveSwitch5406zl (J8697A)
HPProCurveSwitch6200yl-24G (J8992A)
HPProCurveSwitch8212zl (J8715A/B)
HPProCurveSwitch6600-24G (J9263A)
HPProCurveSwitch6600-24G-4XG (J9264A)
HPProCurveSwitch6600-48G (J9451A)
HPProCurve24-Port10/100/1000PoE+zlModule (J9307A)
HPProCurve20-Port10/100/1000PoE+/4-Port
MiniGBICzlModule (J9308A)
HPProCurve4-Port10GbESFP+zlModule (J9309A)
HPProCurve24-Port10/100PoE+zlModule (J9478A)
TrademarkCredits
Microsoft,Windows,andMicrosoftWindowsNTareUS
registeredtrademarksofMicrosoftCorporation.
Disclaimer
Theinformationcontainedinthisdocumentissubjectto
changewithoutnotice.
HEWLETT-PACKARDCOMPANYMAKESNOWARRANTY
OFANYKINDWITHREGARDTOTHISMATERIAL,
INCLUDING,BUTNOTLIMITEDTO,THEIMPLIED
WARRANTIESOFMERCHANTABILITYANDFITNESS
FORAPARTICULARPURPOSE.Hewlett-Packardshallnot
beliableforerrorscontainedhereinorforincidentalor
consequentialdamagesinconnectionwiththefurnishing,
performance,oruseofthismaterial.
TheonlywarrantiesforHPproductsandservicesareset
forthintheexpresswarrantystatementsaccompanying
suchproductsandservices.Nothinghereinshouldbe
construedasconstitutinganadditionalwarranty.HPshall
notbeliablefortechnicaloreditorialerrorsoromissions
containedherein.
Hewlett-Packardassumesnoresponsibilityfortheuseor
reliabilityofitssoftwareonequipmentthatisnotfurnished
byHewlett-Packard.
Warranty
SeetheCustomerSupport/Warrantybookletincludedwith
theproduct.
Acopyofthespecificwarrantytermsapplicabletoyour
Hewlett-Packardproductsandreplacementpartscanbe
obtainedfromyourHPSalesandServiceOfficeor
authorizeddealer.
Hewlett-PackardCompany
8000FoothillsBoulevard,m/s5551
Roseville,California95747-5551
www.procurve.com
Contents
ProductDocumentation
AboutYourSwitchManualSet............................. xv
PrintedPublications.......................................... xv
ElectronicPublications ....................................... xv
SoftwareFeatureIndex. ................................. xvi
1 GettingStarted
Contents...................................................... 1-1
Introduction .................................................. 1-2
Conventions .................................................. 1-2
CommandSyntaxStatements ................................. 1-2
CommandPrompts .......................................... 1-3
ScreenSimulations.......................................... 1-3
ConfigurationandOperationExamples......................... 1-3
Keys....................................................... 1-3
SourcesforMoreInformation ................................. 1-4
Getting DocumentationFromtheWeb ......................... 1-6
OnlineHelp ................................................ 1-6
MenuInterface .......................................... 1-6
CommandLineInterface.................................. 1-7
WebAgent .............................................. 1-7
NeedOnlyaQuickStart? ...................................... 1-7
IPAddressing ............................................... 1-7
ToSetUpandInstalltheSwitchinYourNetwork............... 1-8
PhysicalInstallation ... ... ................................... 1-8
iii
2 StaticVirtualLANs(VLANs)
Contents...................................................... 2-1
Overview ..................................................... 2-4
Introduction .................................................. 2-5
GeneralVLANOperation ..................................... 2-5
TypesofStaticVLANsAvailablein theSwitch ................... 2-6
Port-BasedVLANs....................................... 2-6
Protocol-BasedVLANs ................................... 2-6
DesignatedVLANs ....................................... 2-6
Terminology .................................................. 2-7
StaticVLANOperation ........................................ 2-8
VLANEnvironments ......................................... 2-9
VLANOperation ........................................... 2-10
RoutingOptionsforVLANs........... ....................... 2-11
Overlapping(Tagged)VLANs ................................ 2-12
Per-PortStaticVLANConfigurationOptions ................... 2-14
VLANOperatingRules........................................ 2-15
GeneralStepsforUsingVLANs ............................... 2-19
MultipleVLANConsiderations ................................ 2-20
SingleForwardingDatabaseOperation ........................ 2-21
ExampleofanUnsupportedConfigurationandHowToCorrectIt 2-22
Multiple ForwardingDatabaseOperation ...................... 2-23
ConfiguringVLANs ........................................... 2-24
Menu:ConfiguringPort-BasedVLANParameters ............... 2-24
ToChangeVLANSupportSettings .... .................... 2-25
AddingorEditingVLANNames ........................... 2-26
AddingorChangingaVLAN PortAssignment ............... 2-28
CLI:ConfiguringPort-BasedandProtocol-BasedVLANParameters 2-30
CustomizingtheShowVLANsOutput ...................... 2-36
CreatinganAliasforShowVLANCommands ............... 2-38
NoteonUsingPatternMatchingwiththe
Show VLANsCustomCommand......................... 2-39
ChangingtheNumberofVLANsAllowedontheSwitch .......... 2-39
WebAgent:ViewingandConfiguringVLANParameters .......... 2-45
iv
802.1QVLANTagging ........................................ 2-46
SpecialVLANTypes .......................................... 2-51
VLANSupportandtheDefaultVLAN .......................... 2-51
ThePrimaryVLAN ......................................... 2-51
TheSecureManagementVLAN ............................... 2-52
Preparation ............................................ 2-54
Configuration.......................................... 2-55
UsingDHCPtoObtainanIPAddress ...................... 2-56
Deleting the ManagementVLAN .... ...................... 2-59
OperatingNotesforManagementVLANs ................... 2-59
VoiceVLANs .............................................. 2-60
OperatingRulesforVoiceVLANs ......................... 2-60
ComponentsofVoiceVLANOperation..................... 2-61
VoiceVLANQoSPrioritizing(Optional) .................... 2-61
VoiceVLANAccessSecurity ............................. 2-62
EffectofVLANsonOtherSwitchFeatures .................... 2-62
SpanningTreeOperationwithVLANs......................... 2-62
IPInterfaces ............................................... 2-63
VLANMACAddress ........................................ 2-63
PortTrunks ............................................... 2-63
PortMonitoring ............................................ 2-63
JumboPacketSupport ...................................... 2-63
VLANRestrictions............................................ 2-64
MigratingLayer3VLANsUsingVLANMACConfiguration...... 2-65
VLAN MACAddressReconfiguration .......................... 2-65
HandlingIncomingandOutgoingVLANTraffic................. 2-66
SendingHeartbeatPacketswithaConfiguredMACAddress ..... 2-67
ConfiguringaVLANMACAddresswithHeartbeatInterval....... 2-68
OperatingNotes ........................................ 2-68
Example .............................................. 2-69
VerifyingaVLANMACAddressConfiguration .............. 2-69
v
3 GVRP
Contents...................................................... 3-1
Overview ..................................................... 3-2
Introduction .................................................. 3-3
GeneralOperation ............................................ 3-4
Per-PortOptionsforHandlingGVRPUnknownVLANs ........ 3-7
Per-PortOptionsforDynamicVLANAdvertisingandJoining .... 3-9
GVRPandVLANAccessControl............................... 3-11
AdvertisementsandDynamicJoins........................... 3-11
Port-LeaveFromaDynamicVLAN ............................ 3-11
PlanningforGVRPOperation ................................. 3-12
ConfiguringGVRPOnaSwitch................................ 3-13
Menu:ViewingandConfiguringGVRP . . ... .................... 3-13
CLI:ViewingandConfiguringGVRP .. . ....................... 3-14
Web:ViewingandConfiguringGVRP .......................... 3-18
GVRPOperatingNotes ....................................... 3-18
4 MultipleInstanceSpanning-TreeOperation
Contents...................................................... 4-1
Regions,LegacySTPandRSTPSwitches,andthe
Overview ..................................................... 4-3
802.1sMultipleSpanningTreeProtocol(MSTP) ................ 4-6
MSTPStructure ............................................. 4-7
HowMSTPOperates......................................... 4-9
MSTRegions ............................................ 4-9
CommonSpanningTree(CST). .............................. 4-11
MSTPOperationwith802.1QVLANs ...................... 4-12
Terminology ............................................... 4-13
OperatingRules ............................................ 4-15
MSTPCompatibilitywithRSTPorSTP . ... .................... 4-16
ConfiguringMSTP............................................ 4-17
Planningan MSTPApplication . .............................. 4-17
vi
MSTPConfigurationOverview ............................... 4-19
ConfiguringMSTPOperationModeandGlobalSettings.......... 4-21
ConfiguringMSTPPer-PortParameters ... .................... 4-26
ConfiguringPerPort Parameters.......................... 4-27
ConfiguringBPDUFiltering.............................. 4-30
ConfiguringBPDUProtection ............................ 4-31
PVSTProtectionandFiltering............................ 4-34
ConfiguringMSTInstanceParameters......................... 4-39
ConfiguringMSTInstancePer-PortParameters ................. 4-41
EnablingorDisablingSpanningTreeOperation................. 4-44
EnablinganEntireMSTRegionatOnceor
ExchangingOneRegionConfigurationforAnother .......... 4-44
MSTPVLANConfigurationEnhancement ...................... 4-46
PreConfiguring VLANsin anMSTInstance ................. 4-47
ConfiguringMSTPInstanceswiththeVLANRangeOption.... 4-48
OperatingNotesfortheVLANConfigurationEnhancement ... 4-50
HowtoSaveYourCurrentConfiguration................... 4-51
DisplayingMSTPStatisticsandConfiguration ................. 4-53
DisplayingGlobalMSTPStatus . .............................. 4-54
DisplayingDetailed PortInformation ...................... 4-56
DisplayingStatusforaSpecificMSTInstance............... 4-57
DisplayingtheMSTPConfiguration ....................... 4-58
TroubleshootinganMSTPConfiguration ...................... 4-62
DisplayingtheChangeHistoryofRootBridges ................. 4-62
DisplayingDebugCountersforAllMSTInstances............... 4-65
DisplayingDebugCountersforOneMSTInstance .............. 4-66
DisplayingDebugCountersforPortsinanMSTInstance......... 4-68
FieldDescriptionsinMSTPDebugCommandOutput............ 4-70
TroubleshootingMSTPOperation ............................ 4-73
LoopProtection .............................................. 4-74
ConfiguringLoopProtection ................................. 4-75
ViewingLoopProtectionStatus .............................. 4-76
vii
5 SwitchMeshing
Contents...................................................... 5-1
Introduction .................................................. 5-2
SwitchMeshingFundamentals ................................. 5-4
Terminology ................................................ 5-4
OperatingRules ............................................. 5-5
UsingaHeterogeneousSwitchMesh ........................... 5-7
BringingUpaSwitchMeshDomain ............................ 5-8
FurtherOperatingInformation................................ 5-8
ConfiguringSwitchMeshing ................................... 5-9
Preparation................................................. 5-9
Menu:ToConfigureSwitch Meshing ........................... 5-9
CLI:ToConfigureandView SwitchMeshing ................... 5-12
CLI: ConfiguringSwitchMeshing ..... .................... 5-12
ViewingSwitchMeshStatus.............................. 5-13
OperatingNotesforSwitchMeshing .......................... 5-18
FloodedTraffic ............................................ 5-18
UnicastPacketswithUnknownDestinations ................... 5-19
SpanningTreeOperationwith SwitchMeshing ................. 5-20
Filtering/Securityin Meshed Switches ......................... 5-22
IPMulticast(IGMP)inMeshed Switches ...................... 5-22
StaticVLANs .............................................. 5-22
DynamicVLANs............................................ 5-23
JumboPackets............................................. 5-23
MeshDesignOptimization ............ ....................... 5-24
OtherRequirementsandRestrictions ......................... 5-25
6 QualityofService:ManagingBandwidthMoreEffectively
Contents...................................................... 6-1
UsingQualityofServicePolicies ............................... 6-4
QoSTerminology.............................................. 6-7
QoSOperation ................................................ 6-9
Globally-ConfiguredQoS ............. ....................... 6-10
viii
Classifier-BasedQoS ....................................... 6-11
QoSPacketClassification .................................... 6-12
Globally-ConfiguredPacketClassification ..................... 6-12
Classifier-BasedMatchCriteria............................... 6-13
QoSTrafficMarking.......................................... 6-14
Globally-ConfiguredTrafficMarking .......................... 6-14
Layer2802.1pPrioritization .............................. 6-14
Layer3DSCPMarking................................... 6-16
VLANandUntaggedVLANEnvironments .................. 6-17
Classifier-BasedTrafficMarking.............................. 6-18
Globally-ConfiguredQoS ..................................... 6-19
GlobalQoSConfigurationProcedure .......................... 6-19
ViewingaGlobalQoSConfiguration .......................... 6-21
GlobalQoSRestrictions ..................................... 6-22
GlobalTCP/UDPClassifier ........... ....................... 6-24
Assigningan802.1pPriorityforaGlobalTCP/UDPClassifier . 6-25
OperatingNotesonUsingTCP/UDPPortRanges ............ 6-26
AssigningaDSCPPolicyforaGlobalTCP/UDPClassifier .... 6-27
DisplayingResource Usage forQoSPolicies ................... 6-32
GlobalIP-DeviceClassifier .................................. 6-33
AssigningaPriorityforaGlobalIP-DeviceClassifier......... 6-34
AssigningaDSCPPolicyForaGlobalIP-DeviceClassifier .... 6-36
GlobalIPType-of-ServiceClassifier ........................... 6-41
IPv4 ToS/IPv6 Traffic ClassByte .......................... 6-42
Assigningan802.1pPriorityforaGlobal
IP-PrecedenceClassifier ................................. 6-44
Assigningan802.1pPriorityforaGlobalIP-DiffservClassifier 6-45
AssigningaDSCPPolicyforaGlobalIP-DiffservClassifier ... 6-49
ComparisonofGlobalIPType-of-ServiceClassifiers ......... 6-53
GlobalLayer-3 ProtocolClassifier ............................ 6-54
AssigningaPriorityforaGlobalLayer-3ProtocolClassifier... 6-54
GlobalVLAN-ID Classifier................................... 6-56
AssigningaPriorityforaGlobalVLAN-IDClassifier ......... 6-56
AssigningaDSCPPolicyforaGlobalVLAN-IDClassifier ..... 6-58
GlobalSource-PortClassifier ......... ....................... 6-62
ix
7
AssigningaPriorityforaGlobalSource-PortClassifier....... 6-62
AssigningaDSCPPolicyforaGlobalSource-PortClassifier .. 6-64
IPMulticast(IGMP) Interaction withQoS...................... 6-69
AdvancedClassifier-BasedQoS ............................... 6-70
Classifier-BasedQoSModel........... ....................... 6-71
Classifier-BasedQoSConfigurationProcedure ................. 6-71
ConfiguringQoSActionsinaPolicy........................... 6-76
OverrideofGlobalQoSSettings ....... ....................... 6-81
ViewingaClassifier-BasedQoSConfiguration .................. 6-82
Classifier-BasedQoSRestrictions............................. 6-86
Interactionwith OtherSoftware Features ...................... 6-86
Classifier-BasedQoSConfigurationExamples .................. 6-87
QoSPolicyforLayer 4TCP/UDPTraffic ................... 6-88
QoSPolicy forSubnetTraffic ............................. 6-88
DifferentiatedServicesCodepoint(DSCP)Mapping ........... 6-89
DefaultPrioritySettingsforSelectedCodepoints ............... 6-90
DisplayingNon-DefaultCodepointSettings ................. 6-91
NotesonChangingaPrioritySetting .......................... 6-92
ErrorMessagesforDSCPPolicy Changes .................. 6-93
ExampleofChangingthePrioritySettingonaPolicy
WhenOneorMoreClassifiersAreCurrentlyUsingthePolicy . 6-94
QoSQueueConfiguration .................................... 6-97
ConfiguringtheNumberofPriorityQueues.................... 6-98
ViewingtheQoSQueueConfiguration........................ 6-100
StackManagementforthe3500,3500yl,6200yl
and6600Switches
Contents...................................................... 7-1
IntroductiontoStackManagementon
the3500,3500yl,6200yland6600Switches ..................... 7-3
ComponentsofProCurveStackManagement.................... 7-5
GeneralStackingOperation................................... 7-5
OperatingRulesforStacking .................................. 7-7
GeneralRules ........................................... 7-7
SpecificRules ........................................... 7-8
x
ConfiguringStackManagement................................ 7-9
UsingtheMenuInterfaceToViewStackStatus
UsingtheMenuInterfaceToViewandConfigurea
UsingtheCommanderToAccessMemberSwitchesfor
ConvertingaCommanderorMembertoaMember
UsingtheCLIToAccessMemberSwitchesforConfiguration
Overview ofConfiguringandBringingUp aStack ................ 7-9
GeneralStepsforCreating aStack .... .................... 7-11
andConfigureStacking ..................................... 7-13
CommanderSwitch ..................................... 7-13
UsingtheMenuToManage aCandidate Switch............. 7-15
UsingtheCommanderToManageTheStack ................... 7-17
ConfigurationChangesandMonitoringTraffic .............. 7-23
ofAnotherStack ....................................... 7-24
MonitoringStackStatus ............. ........................ 7-25
UsingtheCLIToViewStackStatusandConfigureStacking...... 7-29
UsingtheCLIToViewStackStatus ....................... 7-31
UsingtheCLIToConfigureaCommanderSwitch........... 7-33
AddingtoaStackorMovingSwitchesBetweenStacks ....... 7-35
UsingtheCLIToRemoveaMemberfrom aStack........... 7-40
ChangesandTrafficMonitoring........................... 7-42
SNMPCommunityOperationinaStack ....................... 7-43
UsingtheCLIToDisableorRe-Enable Stacking ................ 7-44
TransmissionInterval ............... ........................ 7-44
StackingOperationwithMultipleVLANsConfigured ............ 7-44
StatusMessages............................................ 7-45
8 QinQ(ProviderBridging)
Contents...................................................... 8-1
Overview ..................................................... 8-3
Introduction .................................................. 8-4
HowQinQWorks............................................ 8-5
FeaturesandBenefits ........................................ 8-5
Terminology ................................................ 8-6
OperatingRulesandGuidelines ............................... 8-7
EnablingQinQandConfiguringQinQModes................. 8-7
xi
QinQMixedVlanMode ................................... 8-8
ConfiguringVLANs ...................................... 8-8
OperatingNotesandRestrictions ............................. 8-10
ConfiguringQinQ ............................................ 8-13
GeneralConfigurationSteps................................. 8-13
EnablingQinQ............................................. 8-14
SettingupS-VLANs ......................................... 8-14
ConfiguringPer-PortS-VLANMembership ................. 8-15
ConfiguringPort-Types ..................................... 8-16
ConfigurationExample ....................................... 8-17
UpdatingQinQConfigurations ................................ 8-22
ChangingQinQModes .............. ........................ 8-22
DisablingQinQ............................................. 8-22
ChangingVLANPortMemberships(MixedVlanMode) .......... 8-22
MovingPortsbetweenC-VLANsandS-VLANs(MixedVlanMode) . 8-23
DisplayingQinQConfigandStatus ............................ 8-24
ShowCommandsforQinQ .................................. 8-24
Show CommandsforVLANs ... .............................. 8-25
DisplayingSpanning TreeStatus....... ....................... 8-27
EffectsofQinQonOtherSwitchFeatures ..................... 8-28
EventLogMessagesandSNMPSupport ....................... 8-33
SNMPSupportandMIBObjects .............................. 8-33
9 Classifier-BasedSoftwareConfiguration
Contents...................................................... 9-1
UsingClassifier-BasedServicePolicies ......................... 9-2
Introduction ................................................ 9-2
Classifier-BasedConfigurationModel .......................... 9-3
CreatingaTrafficClass ....................................... 9-4
UsingMatchCriteria ......................................... 9-5
ClassConfigurationProcedure ................................ 9-6
OptionalICMPMatchCriteria ................................ 9-14
OptionalIGMPMatchCriteria ................................ 9-17
xii
OptionalTCPandUDPMatchCriteria......................... 9-18
UsingCIDRNotationforIPv4/IPv6Addresses.................. 9-20
ResequencingMatch/IgnoreStatements ....................... 9-24
ShowingaClassConfiguration. .............................. 9-26
CreatingaServicePolicy ..................................... 9-27
ShowingPolicyInformation ................................. 9-31
ModifyingClassesinaPolicy ................................ 9-32
ResequencingClassesinaPolicy ............................. 9-33
ApplyingaServicePolicytoanInterface ...................... 9-35
AppliedPoliciesandOtherFeatures .......................... 9-36
ShowingPolicyStatusInformation ........................... 9-37
DeletinganAppliedPolicy ................................... 9-40
WheretoGoFromHere ...................................... 9-40
Index
xiii
xiv
ProductDocumentation
AboutYourSwitchManualSet
Not e ForthelatestversionofallProCurveswitchdocumentation,including
ReleaseNotescoveringrecentlyaddedfeatures,pleasevisittheHPNetwork-
ingWebsiteatwww.hp.com/Networking/support.
PrintedPublications
TheReadMeFirstincludedwithyourswitchprovidessoftwareupdate
information,productnotes,andotherinformation.Thelatestversionisalso
availableinPDFformatontheProCurveWebsite,asdescribedintheNoteat
thetopofthispage.
ElectronicPublications
ThelatestversionofeachofthepublicationslistedbelowisavailableinPDF
formatontheProCurveWebsite,asdescribedintheNoteatthetopofthis
page.
InstallationandGettingStartedGuideExplainshowtopreparefor
andperformthephysicalinstallationandconnecttheswitchtoyour
network.
ManagementandConfigurationGuideDescribeshowtoconfigure,
manage,andmonitorbasicswitchoperation.
AdvancedTrafficManagementGuideExplainshowtoconfiguretraffic
managementfeaturessuchasVLANs,MSTP,QoS,andMeshing.
MulticastandRoutingGuideExplainshowtoconfigureIGMP,PIM,IP
routing,andVRRPfeatures.
AccessSecurityGuideExplainshowtoconfigureaccesssecurityfea-
turesanduserauthenticationontheswitch.
IPv6ConfigurationGuideDescribestheIPv6protocoloperationsthat
aresupportedontheswitch.
CommandLineInterfaceReferenceGuideProvidesacomprehensive
descriptionofCLIcommands,syntax,andoperations.
EventLogMessageReferenceGuideProvidesacomprehensivedescrip-
tionofeventlogmessages.
ReleaseNotesDescribenewfeatures,fixes,andenhancementsthat
becomeavailablebetweenrevisionsofthemainproductguide.
xv
SoftwareFeatureIndex
Forthesoftwaremanualsetsupportingyour3500/3500yl/5400zl/6200yl/6600/
8200zlswitchmodel,thisfeatureindexindicateswhichmanualtoconsultfor
informationonagivensoftwarefeature.
IntelligentEdgeSoftwareFeatures.Thesefeaturesareautomatically
includedonallswitches.
PremiumLicenseSoftwareFeatures. FortheHPProCurve3500,3500yl,
5400zl,6600,and8200zlswitches,PremiumLicensefeaturescanbeacquired
bypurchasingtheoptionalPremiumLicenseandinstallingitontheIntelligent
Edgeversionoftheseswitches.(Thesefeaturesareautomaticallyincludedon
theHPProCurve6200ylswitches.)
PremiumLicenseSoftware Manual
Features
Management
and
Configuration
Advanced
Traffic
Management
Multicastand
Routing
Access
Security
Guide
IPv6
Configura-
tionGuide
OSPFv2(IPv4) X
OSPFv3(IPv6) X
PIM-DM(DenseMode) X
PIM-SM(SparseMode) X
QinQ(ProviderBridging) X
VRRP X
IntelligentEdgeSoftware Manual
Features
Management Advanced Multicastand Access IPv6
and Traffic Routing Security Configura-
Configuration Management Guide tionGuide
802.1QVLANTagging X
802.1XPort-BasedPriority X
802.1XMultipleAuthenticatedClientsPer X
Port
AccessControlLists(ACLs) X
xvi
Features
AccessControlLists(ACLs)(IPv6) X
AAAAuthentication X
AuthorizedIPManagers X
AuthorizedIPManagers(IPv6) X
AuthorizedManagerList(Web,Telnet, X
TFTP)
AutoMDIXConfiguration X
BOOTP X
ConfigFile X
ConsoleAccess X
CopyCommand X
CoreDump X
CoS(ClassofService) X
Debug X
DHCPConfiguration X
DHCPv6Relay X
DHCPOption82 X
DHCPSnooping X
DHCP/BootpOperation X
DiagnosticTools X
DiagnosticsandTroubleshooting(IPv6) X
DistributedTrunking X
DownloadingSoftware X
DynamicARPProtection X
DynamicConfigurationArbiter X
DynamicIPLockdown X
xvii
Features
EavesdropProtection X
EqualCostMulti-Path(ECMP) X
EventLog X
FactoryDefaultSettings X
FlowControl(802.3x) X
FileManagement X
FileTransfers X
FriendlyPortNames X
GuaranteedMinimumBandwidth(GMB) X
GVRP X
Identity-DrivenManagement(IDM) X
IGMP X
InterfaceAccess(Telnet,Console/Serial, X
Web)
IPAddressing X
IPv6Addressing X
IPPreserve(IPv6) X
IPRouting X
IPv6StaticRouting X
JumboPackets X
KeyManagementSystem(KMS) X
LACP X
LLDP X
LLDP-MED X
LoopProtection
MACAddressManagement X
X
xviii
Features
MACLockdown X
MACLockout X
MAC-basedAuthentication X
ManagementVLAN X
ManagementSecurity(IPv6) X
Meshing X
MLDSnooping(IPv6) X
MonitoringandAnalysis X
MulticastFiltering X
MultipleConfigurationFiles X
NetworkManagementApplications X
(SNMP)
NonstopSwitching(8200zlswitches) X
Out-of-BandManagement(OOBM) X
OpenViewDeviceManagement X
PasswordsandPasswordClearProtection X
ProCurveManager(PCM) X
Ping X
PortConfiguration X
PortMonitoring X
PortSecurity X
PortStatus X
PortTrunking(LACP) X
Port-BasedAccessControl(802.1X) X
PoweroverEthernet(PoEandPoE+) X
ProtocolFilters X
xix
Features
ProtocolVLANS X
QualityofService(QoS) X
RADIUSAuthenticationandAccounting X
RADIUS-BasedConfiguration X
Rate-Limiting X
RIP X
RMON1,2,3,9 X
Routing X
Routing-IPStatic X
RouteRedistribution X
SavePowerFeatures X
SecureCopy X
SecureCopy(IPv6) X
SecureFTP(IPv6) X
sFlow X
SFTP X
SNMPv3 X
SNMP(IPv6) X
SoftwareDownloads(SCP/SFTP,TFPT, X
Xmodem)
Source-PortFilters X
SpanningTree(STP,RSTP,MSTP) X
SSHv2(SecureShell)Encryption X
SSH(IPv6) X
SSL(SecureSocketLayer) X
Stacking(3500/3500yl/6200yl/6600 X
switchesonly)
xx
Features
Syslog X
SystemInformation X
TACACS+Authentication X
TelnetAccess X
Telnet(IPv6) X
TFTP X
TimeProtocols(TimeP,SNTP) X
TimeProtocols(IPv6) X
TrafficMirroring X
Traffic/SecurityFilters X
Troubleshooting X
Uni-DirectionalLinkDetection(UDLD) X
UDPForwarder X
USBDeviceSupport X
VirusThrottling(Connection-RateFiltering) X
VLANs X
VLANMirroring(1staticVLAN) X
VoiceVLAN X
WebAuthenticationRADIUSSupport X
Web-basedAuthentication X
WebUI X
xxi
xxii
1
GettingStarted
Contents
Introduction .................................................. 1-2
Conventions .................................................. 1-2
CommandSyntaxStatements ................................. 1-2
CommandPrompts .......................................... 1-3
ScreenSimulations.......................................... 1-3
ConfigurationandOperationExamples......................... 1-3
Keys....................................................... 1-3
SourcesforMoreInformation ................................. 1-4
Getting DocumentationFromtheWeb ......................... 1-6
OnlineHelp ................................................ 1-6
MenuInterface .......................................... 1-6
CommandLineInterface.................................. 1-7
WebAgent .............................................. 1-7
NeedOnlyaQuickStart? ...................................... 1-8
IPAddressing ............................................... 1-8
ToSetUpandInstalltheSwitchinYourNetwork............... 1-8
PhysicalInstallation ... ... ................................... 1-8
1-1
GettingStarted
Introduction
Introduction
ThisguideisintendedforusewiththefollowingProCurveswitches:
8200zlswitches
6600switches
5400zlswitches
3500,3500yland6200ylswitches
Itdescribeshowtousethecommandlineinterface(CLI),Menuinterface,and
WebAgenttoconfigure,manage,monitor,andtroubleshootswitchoperation.
Foranoverviewofproductdocumentationfortheaboveswitches,referto
ProductDocumentationonpagexiii.Todownloadtheswitchdocumenta-
tion,visittheHPNetworkingmanualswebpageatwww.hp.com/Networking/
support.
Conventions
Thisguideusesthefollowingconventionsforcommandsandscreendisplays.
CommandSyntaxStatements
Syntax:ip<default-gateway<ip-addr>>|routing>
Syntax:showinterfaces[port-list]
Verticalbars(|)separatealternative,mutuallyexclusiveelements.
Squarebrackets([])indicateoptionalelements.
Braces(<>)encloserequiredelements.
Braceswithinsquarebrackets([<>])indicatearequiredelementwithin
anoptionalchoice.
BoldfaceindicatesuseofaCLIcommand,partofaCLIcommandsyntax,
orotherdisplayedelementingeneraltext.Forexample:
UsethecopytftpcommandtodownloadthekeyfromaTFTPserver.
Italicsindicatevariablesforwhichyoumustsupplyavaluewhenexecut-
ingthecommand.Forexample,inthiscommandsyntax,youmustprovide
oneormoreportnumbers:
1-2
GettingStarted
Conventions
Syntax:aaaport-accessauthenticator<port-list>
CommandPrompts
Inthedefaultconfiguration,yourswitchdisplaysaCLIpromptsimilartothe
followingexample:
ProCurve 8212zl#
Tosimplifyrecognition,thisguideusesProCurvetorepresentcommand
promptsforallswitchmodels.Forexample:
ProCurve#
(YoucanusethehostnamecommandtochangethetextintheCLIprompt.)
ScreenSimulations
DisplayedText. Figurescontainingsimulatedscreentextandcommand
outputlooksimilartothis:
Pr oCur ve> show ver si on
I mage st amp: / sw/ code/ bui l d/ i nf o
May 1, 2010 13: 43: 13
K. 15. 01. 0031
139
Boot I mage: Pr i mar y
Figure1-1. ExampleofaSimulatedScreen
Insomecases,briefcommand-outputsequencesappearwithoutfigureiden-
tification.Forexample:
ProCurve(config)# clear public-key
ProCurve(config)# show ip client-public-key
show_client_public_key: cannot stat keyfile
ConfigurationandOperationExamples
Unlessotherwisenoted,examplesusingaparticularswitchmodelapplytoall
switchmodelscoveredbythisguide.
Keys
Simulationsofactualkeysuseabold,sans-seriftypefacewithsquarebrackets.
Forexample,theTabkeyappearsas[Tab]andtheYkeyappearsas[Y].
1-3
GettingStarted
SourcesforMoreInformation
Forinformationaboutswitchoperationandfeaturesnotcoveredinthisguide,
consulttheInstallationandGettingStartedGuide.Forinformationonwhich
manualtoconsultforagivensoftwarefeature,refertotheSoftwareFeature
Indexonpagexiv.
Not e ForthelatestversionofallHPNetworkingswitchdocumentationreferredto
below,includingReleaseNotescoveringrecentlyaddedfeatures,visittheHP
Networkingmanualswebpageatwww.hp.com/Networking/support.
SoftwareReleaseNotesReleaseNotesarepostedontheHPProCurve
Networkingwebsiteandprovideinformationonnewsoftwareupdates:
newfeaturesandhowtoconfigureandusethem
softwaremanagement,includingdownloadingsoftwaretotheswitch
softwarefixesaddressedincurrentandpreviousreleases
ProductNotesandSoftwareUpdateInformationTheprintedReadMe
Firstshippedwithyourswitchprovidessoftwareupdateinformation,
productnotes,andotherinformation.
InstallationandGettingStartedGuideUsetheInstallationandGet-
tingStartedGuidetoprepareforandperformthephysicalinstallation.
Thisguidealsostepsyouthroughconnectingtheswitchtoyournetwork
andassigningIPaddressing,aswellasdescribingtheLEDindicationsfor
correctoperationandtroubleanalysis.
ManagementandConfigurationGuideUsethisguideforinformation
ontopicssuchas:
variousinterfacesavailableontheswitch
memoryandconfigurationoperation
interfaceaccess
IPaddressing
timeprotocols
portconfiguration,trunking,trafficcontrol,andPoEoperation
Redundantmanagementandnonstopswitching
SNMP,LLDP,andothernetworkmanagementtopics
filetransfers,switchmonitoring,troubleshooting,andMACaddress
management
1-4
GettingStarted
AdvancedTrafficManagementGuideUsethisguideforinformationon
topicssuchas:
VLANs:Staticport-basedandprotocolVLANs,anddynamicGVRP
VLANs
spanning-Tree:802.1D(STP),802.1w(RSTP),and802.1s(MSTP)
meshing
Quality-of-Service(QoS)
AccessControlLists(ACLs)
Out-of-BandManagement(6600)
MulticastandRoutingGuideUsethisguideforinformationontopics
suchas:
IGMP
PIM(SM andDM)
IProuting
VRRP
AccessSecurityGuideUsethisguideforinformationontopicssuchas:
Localusernameandpasswordsecurity
Web-BasedandMAC-basedauthentication
RADIUSandTACACS+authentication
SSH(SecureShell)andSSL(SecureSocketLayer)operation
802.1Xaccesscontrol
PortsecurityoperationwithMAC-basedcontrol
AuthorizedIPManagersecurity
KeyManagementSystem(KMS)
IPv6ConfigurationGuideUsethisguideforinformationontopics
suchas:
OverviewofIPv6operationandfeaturessupportedinsoftware
releaseK.13.01orgreater
ConfiguringIPv6addressing
IPv6management,security,andtroubleshootingfeatures
IPv6routing
1-5
GettingStarted
GettingDocumentationFromtheWeb
Toobtainthelatestversionsofdocumentationandreleasenotesforyour
switch,gototheHPNetworkingmanualswebpageat
www.hp.com/Networking/support.
OnlineHelp
MenuInterface
Ifyouneedinformationonspecificparametersinthemenuinterface,referto
theonlinehelpprovidedintheinterface.Forexample:
OnlineHelp
forMenu
Figure1-2. OnlineHelpforMenuInterface
1-6
GettingStarted
NeedOnlyaQuickStart?
CommandLineInterface
IfyouneedinformationonaspecificcommandintheCLI,typethecommand
namefollowedbyhelp.Forexample:
Figure1-3. ExampleofCLIHelp
WebAgent
IfyouneedinformationonspecificfeaturesintheWebAgent,usetheonline
Help.YoucanaccesstheHelpbyclickingonthe?buttonintheupperright
cornerofanyoftheWebAgentscreens.
NeedOnlyaQuickStart?
IPAddressing
IfyoujustwanttogivetheswitchanIPaddresssothatitcancommunicate
onyournetwork,orifyouarenotusingVLANs,ProCurverecommendsthat
youusetheSwitchSetupscreentoquicklyconfigureIPaddressing.Todoso,
dooneofthefollowing:
EntersetupattheCLIManagerlevelprompt.
Procurve# setup
IntheMainMenuoftheMenuinterface,select
8.RunSetup
FormoreonusingtheSwitchSetupscreen,seetheInstallationandGetting
StartedGuideyoureceivedwiththeswitch.
1-7
1
GettingStarted
ToSetUpandInstalltheSwitchinYourNetwork
ToSetUpandInstalltheSwitchinYour
Network
PhysicalInstallation
UsetheInstallationandGettingStartedGuideforthefollowing:
Notes,cautions,andwarningsrelatedtoinstallingandusingtheswitch
anditsrelatedmodules
Instructionsforphysicallyinstallingtheswitchinyournetwork
QuicklyassigninganIPaddressandsubnetmask,setaManagerpass-
word,and(optionally)configureotherbasicfeatures.
InterpretingLEDbehavior.
ForthelatestversionoftheInstallationandGettingStartedGuideforyour
switch,refertoGettingDocumentationFromtheWebonpage1-6.
1-8
2
StaticVirtualLANs(VLANs)
Contents
Overview ..................................................... 2-4
Introduction .................................................. 2-5
GeneralVLANOperation ..................................... 2-5
TypesofStaticVLANsAvailablein theSwitch ................... 2-6
Port-BasedVLANs....................................... 2-6
Protocol-BasedVLANs ................................... 2-6
DesignatedVLANs ....................................... 2-6
Terminology .................................................. 2-7
StaticVLANOperation ........................................ 2-8
VLANEnvironments ......................................... 2-9
VLANOperation ........................................... 2-10
RoutingOptionsforVLANs........... ....................... 2-11
Overlapping(Tagged)VLANs ................................ 2-12
Per-PortStaticVLANConfigurationOptions ................... 2-14
VLANOperatingRules........................................ 2-15
GeneralStepsforUsingVLANs ............................... 2-19
MultipleVLANConsiderations ................................ 2-20
SingleForwardingDatabaseOperation ........................ 2-21
ExampleofanUnsupportedConfigurationandHowToCorrectIt 2-22
Multiple ForwardingDatabaseOperation ...................... 2-23
ConfiguringVLANs ........................................... 2-24
Menu:ConfiguringPort-BasedVLANParameters ............... 2-24
ToChangeVLANSupportSettings .... .................... 2-25
AddingorEditingVLANNames ........................... 2-26
AddingorChangingaVLAN PortAssignment ............... 2-28
CLI:ConfiguringPort-BasedandProtocol-BasedVLANParameters2-30
2-1
Contents
CustomizingtheShowVLANsOutput ...................... 2-36
CreatinganAliasforShowVLANCommands ............... 2-38
Show VLANsCustomCommand......................... 2-39
ChangingtheNumberofVLANsAllowedontheSwitch .......... 2-39
WebAgent:ViewingandConfiguringVLANParameters .......... 2-45
802.1QVLANTagging ........................................ 2-46
SpecialVLANTypes .......................................... 2-51
VLANSupportandtheDefaultVLAN .......................... 2-51
ThePrimaryVLAN ......................................... 2-51
TheSecureManagementVLAN ............................... 2-52
Preparation ............................................ 2-54
Configuration.......................................... 2-55
UsingDHCPtoObtainanIPAddress ...................... 2-56
Deleting the ManagementVLAN .... ...................... 2-59
OperatingNotesforManagementVLANs ................... 2-59
VoiceVLANs .............................................. 2-60
OperatingRulesforVoiceVLANs ......................... 2-60
ComponentsofVoiceVLANOperation..................... 2-61
VoiceVLANQoSPrioritizing(Optional) .................... 2-61
VoiceVLANAccessSecurity ............................. 2-62
EffectofVLANsonOtherSwitchFeatures .................... 2-62
SpanningTreeOperationwithVLANs......................... 2-62
IPInterfaces ............................................... 2-63
VLANMACAddress ........................................ 2-63
PortTrunks ............................................... 2-63
PortMonitoring ............................................ 2-63
JumboPacketSupport ...................................... 2-63
VLANRestrictions............................................ 2-64
MigratingLayer3VLANsUsingVLANMACConfiguration...... 2-65
VLAN MACAddressReconfiguration .......................... 2-65
HandlingIncomingandOutgoingVLANTraffic................. 2-66
SendingHeartbeatPacketswithaConfiguredMACAddress ..... 2-67
ConfiguringaVLANMACAddresswithHeartbeatInterval....... 2-68
OperatingNotes ........................................ 2-68
2-2
Contents
Example .............................................. 2-69
VerifyingaVLANMACAddressConfiguration .............. 2-69
2-3
Overview
Overview
Thischapterdescribeshowtoconfigureandusestatic,port-basedand
protocol-basedVLANsontheswitchescoveredinthisguide.
Forgeneralinformationonhowtousetheswitchsbuilt-ininterfaces,referto
thesechaptersintheManagementandConfigurationGuideforyourswitch:
Chapter3,UsingtheMenuInterface
Chapter4,UsingtheCommandLineInterface(CLI)
Chapter5,UsingtheWebAgent
Chapter6,SwitchMemoryandConfiguration
2-4
Introduction
Introduction
VLANFeatures
Feature Default Menu CLI WebAgent
viewexistingVLANs n/a page2-25 page2-31 page2-45
thru2-30
configuringstatic defaultVLANwith page2-25 page2-30 page2-45
VLANs VID=1 thru2-30
VLANsenableyoutogroupusersbylogicalfunctioninsteadofphysical
location.Thishelpstocontrolbandwidthusagewithinyournetworkby
allowingyoutogrouphigh-bandwidthusersonlow-trafficsegmentsandto
organizeusersfromdifferentLANsegmentsaccordingtotheirneedfor
commonresourcesand/ortheiruseofindividualprotocols.Youcanalso
improvetrafficcontrolattheedgeofyournetworkbyseparatingtrafficof
differentprotocoltypes.VLANscanalsoenhanceyournetworksecurityby
creatingseparatesubnetstohelpcontrolin-bandaccesstospecificnetwork
resources.
GeneralVLANOperation
AVLANiscomprisedofmultipleportsoperatingasmembersofthesame
subnet(broadcastdomain).Portsonmultipledevicescanbelongtothesame
VLAN,andtrafficmovingbetweenportsinthesameVLANisbridged(or
switched).(TrafficmovingbetweendifferentVLANsmustberouted.)A
staticVLANisan802.1Q-compliantVLANconfiguredwithoneormoreports
thatremainmembersregardlessoftrafficusage.(AdynamicVLANisan
802.1Q-compliantVLANmembershipthattheswitchtemporarilycreateson
aporttoprovidealinktoanotherportinthesameVLANonanotherdevice.)
ThischapterdescribesstaticVLANsconfiguredforport-basedorprotocol-
basedoperation.StaticVLANsareconfiguredwithaname,VLANIDnumber
(VID),andportmembers.(FordynamicVLANs,refertochapter3,GVRP.)
Bydefault,theswitchescoveredinthisguideare802.1QVLAN-enabledand
allowupto2048staticanddynamicVLANs.(ThedefaultstaticVLANsetting
is8).802.1Qcompatibilityenablesyoutoassigneachswitchporttomultiple
VLANs,ifneeded.
2-5
Introduction
TypesofStaticVLANsAvailableintheSwitch
Port-BasedVLANs
ThistypeofstaticVLANcreatesaspecificlayer-2broadcastdomaincom-
prisedofmemberportsthatbridgeIPv4trafficamongthemselves.Port-Based
VLANtrafficisroutableontheswitchescoveredinthisguide.
Protocol-BasedVLANs
ThistypeofstaticVLANcreatesalayer-3broadcastdomainfortrafficofa
particularprotocol,andiscomprisedofmemberportsthatbridgetrafficof
thespecifiedprotocoltypeamongthemselves.Someprotocoltypesare
routableontheswitchescoveredinthisguide.Refertotable2-1onpage2-8.
DesignatedVLANs
Theswitchusesthesestatic,port-basedVLANtypestoseparateswitch
managementtrafficfromothernetworktraffic.WhiletheseVLANsarenot
limitedtomanagementtrafficonly,theycanprovideimprovedsecurityand
availabilityformanagementtraffic.
TheDefaultVLAN:Thisport-basedVLANisalwayspresentintheswitch
and,inthedefaultconfiguration,includesallportsasmembers(page2-
51).
ThePrimaryVLAN:Theswitchusesthisport-basedVLANtoruncertain
featuresandmanagementfunctions,includingDHCP/Bootpresponses
forswitchmanagement.Inthedefaultconfiguration,theDefaultVLANis
alsothePrimaryVLAN.However,youcandesignateanother,port-based,
non-defaultVLAN,asthePrimaryVLAN(page2-51).
TheSecureManagementVLAN:Thisoptional,port-basedVLANestab-
lishesanisolatednetworkformanagingtheProCurveswitchesthat
supportthisfeature.AccesstothisVLANandtotheswitchsmanagement
functionsareavailableonlythroughportsconfiguredasmembers(page
2-52).
VoiceVLANs:Thisoptional,port-basedVLANtypeenablesyoutosepa-
rate,prioritize,andauthenticatevoicetrafficmovingthroughyournet-
work,andtoavoidthepossibilityofbroadcaststormsaffectingVoIP
(Voice-over-IP)operation(page2-60).
2-6
Terminology
Not e Inamultiple-VLANenvironmentthatincludessomeolderswitchmodelsthere
maybeproblemsrelatedtothesameMACaddressappearingondifferent
portsandVLANsonthesameswitch.Insuchcasesthesolutionistoimpose
somecablingandVLANrestrictions.Formoreonthistopic,refertoMultiple
VLANConsiderationsonpage2-20.
Terminology
DynamicVLAN:An802.1QVLANmembershiptemporarilycreatedonaport
linkedtoanotherdevice,wherebothdevicesarerunningGVRP.(Seealso
StaticVLAN.)Formoreinformation,refertochapter3,GVRP.
StaticVLAN:Aport-basedorprotocol-basedVLANconfiguredinswitch
memory.(SeealsoDynamicVLAN.)
TaggedPacket:ApacketthatcarriesanIEEE802.1QVLANID(VID),which
isatwo-byteextensionthatprecedesthesourceMACaddressfieldofan
ethernetframe.AVLANtagislayer2dataandistransparenttohigher
layers.
TaggedVLAN: AVLANthatcomplieswiththe802.1Qstandard,including
prioritysettings,andallowsaporttojoinmultipleVLANs.(Seealso
UntaggedVLAN.)
UntaggedPacket:ApacketthatdoesnotcarryanIEEE802.1QVLANID
(VID).
UntaggedVLAN:AVLANthatdoesnotuseorforward802.1QVLANtagging,
includingprioritysettings.Aportcanbeamemberofonlyoneuntagged
VLANofagiventype(port-basedandthevariousprotocol-basedtypes).
(SeealsoTaggedVLAN.)
VID:TheacronymforaVLANIdentificationNumber.Each802.1Q-compliant
VLANmusthaveitsownuniqueVIDnumber,andthatVLANmustbegiven
thesameVIDineverydeviceinwhichitisconfigured.
2-7
StaticVLANOperation
StaticVLANOperation
AgroupofnetworkedportsassignedtoaVLANformabroadcastdomainthat
isseparatefromotherVLANsthatmaybeconfiguredontheswitch.Onagiven
switch,packetsarebridgedbetweensourceanddestinationportsthatbelong
tothesameVLAN.Thus,allportspassingtrafficforaparticularsubnet
addressshouldbeconfiguredtothesameVLAN.Cross-domainbroadcast
trafficintheswitchiseliminatedandbandwidthissavedbynotallowing
packetstofloodoutallports.
Table2-1.ComparativeOperationofPort-BasedandProtocol-BasedVLANs
Port-BasedVLANs Protocol-BasedVLANs
IP UsuallyconfiguredwithatleastoneuniqueIP
Addressing address.Youcancreateaport-basedVLANwith-
outanIPaddress.However,thislimitstheswitch
featuresavailabletoportsonthatVLAN.(Referto
HowIPAddressingAffectsSwitchOperationin
thechapterConfiguringIPAddressinginthe
ManagementandConfigurationGuideforthe
switch.)
YoucanalsousemultipleIPaddressestocreate
multiplesubnetswithinthesameVLAN.(Formore
onthistopic,refertothechapteronConfiguring
IPAddressingintheManagementand
ConfigurationGuidefortheswitch.)
YoucanconfigureIPaddressesonallprotocol
VLANs.However,IPaddressingisusedonlyonIPv4
andIPv6protocolVLANs.
Restrictions:WhenyouconfigureanIPaddresson
aVLANinterface,thefollowingrestrictionsapply:
LoopbackinterfacessharethesameIPaddress
spacewithVLANconfigurations.Themaximum
numberofIPaddressessupportedonaswitchis
2048,whichincludesallIPaddressesconfigured
forbothVLANsandloopbackinterfaces(except
forthedefaultloopbackIPaddress127.0.0.1).
EachIPaddressthatyouconfigureonaVLAN
interfacemustbeuniqueintheswitch.This
meansthattheaddresscannotbeusedbyaVLAN
interfaceoranotherloopbackinterface.
Formoreinformation,refertothechapteron
ConfiguringIPAddressingintheManagementand
ConfigurationGuide.
2-8
StaticVLANOperation
Port-BasedVLANs Protocol-BasedVLANs
Untagged
VLAN
Membership
Aportcanbeamemberofoneuntagged,port-
basedVLAN.Allotherport-basedVLAN
assignmentsforthatportmustbetagged.
Aportcanbeanuntaggedmemberofoneprotocol
VLANofaspecificprotocoltype(suchasIPXorIPv6).
Ifthesameprotocoltypeisconfiguredinmultiple
protocolVLANs,thenaportcanbeanuntagged
memberofonlyoneofthoseprotocolVLANs.For
example,ifyouhavetwoprotocolVLANs,100and
200,andbothincludeIPX,thenaportcanbean
untaggedmemberofeitherVLAN100orVLAN200,
butnotbothVLANs.
AportsuntaggedVLANmembershipscanincludeup
tofourdifferentprotocoltypes.Thismeansthataport
canbeanuntaggedmemberofoneofthefollowing:
Foursingle-protocolVLANs
TwoprotocolVLANswhereoneVLANincludesa
singleprotocolandtheotherincludesuptothree
protocols
OneprotocolVLANwheretheVLANincludesfour
protocols
TaggedVLAN Aportcanbeataggedmemberofanyport-based Aportcanbeataggedmemberofanyprotocol-
Membership VLAN.Seeabove. basedVLAN.Seeabove.
Routing TheswitchcaninternallyrouteIP(IPv4)traffic
betweenport-basedVLANsandbetweenport-
basedandIPv4protocol-basedVLANsiftheswitch
configurationenablesIProuting.
Iftheswitchisnotconfiguredtoroutetraffic
internallybetweenport-basedVLANs,thenan
externalroutermustbeusedtomovetraffic
betweenVLANs.
IftheswitchconfigurationenablesIProuting,the
switchcaninternallyrouteIPv4trafficasfollows:
BetweenmultipleIPv4protocol-basedVLANs
BetweenIPv4protocol-basedVLANsandport-
basedVLANs.
Otherprotocol-basedVLANsrequireanexternal
routerformovingtrafficbetweenVLANs.
Note:NETbeuiandSNAarenon-routableprotocols.
Endstationsintendedtoreceivetrafficinthese
protocolsmustbeattachedtothesamephysical
network.
Commands vlan<VID>[tagged|untagged<[e]port-list>] vlan<VID>protocol<ipx|ipv4|ipv6|arp|
for appletalk|sna|netbeui>
Configuring
vlan<VID>[tagged|untagged<[e]port-list>]
StaticVLANs
VLANEnvironments
YoucanconfiguredifferentVLANtypesinanycombination.Notethatthe
defaultVLANwillalwaysbepresent.(FormoreonthedefaultVLAN,referto
VLANSupportandtheDefaultVLANonpage2-51.)
2-9
StaticVLANOperation
Table2-2.VLANEnvironments
VLANEnvironment Elements
ThedefaultVLAN(port-based; InthedefaultVLANconfiguration,allportsbelongtoVLAN
VIDof1)Only 1asuntaggedmembers.
VLAN1isaport-basedVLAN,forIPv4traffic.
MultipleVLANEnvironment InadditiontothedefaultVLAN,theconfigurationcaninclude
oneormoreotherport-basedVLANsandoneormore
protocolVLANs.(Theswitchescoveredinthisguideallow
upto2048(vidsupto4094)VLANsofalltypes.)UsingVLAN
tagging,portscanbelongtomultipleVLANsofalltypes.
Enablingroutingontheswitchenablestheswitchtoroute
IPv4trafficbetweenport-basedVLANsandbetweenport-
basedVLANsandIPv4protocolVLANs.Routingothertypes
oftrafficbetweenVLANsrequiresanexternalrouter
capableofprocessingtheappropriateprotocol(s).
VLANOperation
TheDefaultVLAN. Infigure2-1,allportsbelongtothedefaultVLAN,and
devicesconnectedtotheseportsareinthesamebroadcastdomain.Except
foranIPaddressandsubnet,noconfigurationstepsareneeded.
A8 A1
A7 A2
VLAN1
A6 A3
A5 A4
Figure2-1.ExampleofaSwitchintheDefaultVLANConfiguration
MultiplePort-BasedVLANs.Infigure2-2,routingwithintheswitchis
disabled(thedefault).Thismeansthatcommunicationbetweenanyroutable
VLANsontheswitchmustgothroughtheexternalrouter.Inthiscase,VLANs
WandXcanexchangetrafficthroughtheexternalrouter,buttrafficin
VLANsYandZisrestrictedtotherespectiveVLANs.NotethatVLAN1,
thedefaultVLAN,isalsopresent,butnotshown.(ThedefaultVLANcannot
bedeletedfromtheswitch.However,portsassignedtootherVLANscanbe
removedfromthedefaultVLAN,ifdesired.)Ifinternal(IP)routingisenabled
2-10
StaticVLANOperation
ontheswitch,thentheexternalrouterisnotneededfortraffictomove
betweenport-basedVLANs.
External
Router
SwitchwithMultiple
VLANsConfigured
andInternalRouting
Disabled
A2
A3
A4
A7
A6
A5
A1 A8
VLAN Z
VLAN Y
VLAN X VLAN W
Figure2-2.ExampleofMultipleVLANsontheSwitch
ProtocolVLANEnvironment.Figure2-2canalsobeappliedtoaprotocol
VLANenvironment.Inthiscase,VLANsWandXrepresentroutable
protocolVLANs.VLANsYandZcanbeanyprotocolVLAN.Asnotedfor
thediscussionofmultipleport-basedVLANs,VLAN1isnotshown.Enabling
internal(IP)routingontheswitchallowsIPtraffictomovebetweenVLANs
ontheswitch.However,routable,non-IPtrafficalwaysrequiresanexternal
router.
RoutingOptionsforVLANs
Table2-3.OptionsforRoutingBetweenVLANTypesintheSwitch
Port- IPX IPv4 IPv6 ARP Apple SNA
2
Netbeui
2
Based -Talk
Port-Based Yes Yes
Protocol
IPX Yes
1

IPv4 Yes Yes
IPv6 Yes
1

ARP Yes
1

AppleTalk Yes
1

2-11
StaticVLANOperation
Port- IPX IPv4 IPv6 ARP Apple SNA
2
Netbeui
2
Based -Talk
SNA
2

NETbeui
2

1
RequiresanexternalroutertoroutebetweenVLANs.
2
Notaroutableprotocoltype.Endstationsintendedtoreceivetrafficinthese
protocolsmustbeattachedtothesamephysicalnetwork.
Overlapping(Tagged)VLANs
AportcanbeamemberofmorethanoneVLANofthesametypeifthedevice
towhichtheportconnectscomplieswiththe802.1QVLANstandard.For
example,aportconnectedtoacentralserverusinganetworkinterfacecard
(NIC)thatcomplieswiththe802.1Qstandardcanbeamemberofmultiple
VLANs,allowingmembersofmultipleVLANstousetheserver.Althoughthese
VLANscannotcommunicatewitheachotherthroughtheserver,theycanall
accesstheserveroverthesameconnectionfromtheswitch.WhereVLANs
overlapinthisway,VLANtagsareusedintheindividualpacketstodistin-
guishbetweentrafficfromdifferentVLANs.AVLANtagincludestheparticu-
larVLANI.D.(VID)oftheVLANonwhichthepacketwasgenerated.
ProCurve
Switch
802.1Q-Compliant
Server
Figure2-3.ExampleofOverlappingVLANsUsingtheSameServer
Similarly,using802.1Q-compliantswitches,youcanconnectmultipleVLANs
throughasingleswitch-to-switchlink.
2-12
StaticVLANOperation
RedServer
ProCurve
Switch
BlueServer
ProCurve
Switch
Red
VLAN
Red
VLAN
Blue
VLAN
Blue
VLAN
Red
VLAN
The same link carries Red
VLAN and Blue VLAN traffic.
Figure2-4.ExampleofConnectingMultipleVLANsThroughtheSameLink
IntroducingTaggedVLANTechnologyintoNetworksRunningLegacy
(Untagged)VLANs.Youcanintroduce802.1Q-compliantdevicesintonet-
worksthathavebuiltuntaggedVLANsbasedonearlierVLANtechnology.The
fundamentalruleisthatlegacy/untaggedVLANsrequireaseparatelinkfor
eachVLAN,while802.1Q,ortaggedVLANscancombineseveralVLANsinone
link.Thismeansthatonthe802.1Q-compliantdevice,separateports(config-
uredasuntagged)mustbeusedtoconnectseparateVLANstonon-802.1Q
devices.
Red VLAN
Blue VLAN
RedServer
ProCurve
Switch
BlueServer
ProCurve
Switch
Red
VLAN
Red
VLAN
Blue
VLAN
Blue
VLAN
Red
VLAN
VLAN tagging
enables the Link to
carry Red VLAN and
Blue VLAN Traffic
Blue
VLAN
Non-802.1Q
Switch
The legacy (non-802.1Q
compliant) switch requires a
separate link for each VLAN.
Figure2-5.ExampleofTaggedandUntaggedVLANTechnologyintheSame
Network
FormoreinformationonVLANs,referto:
OverviewofUsingVLANs(page2-51)
Menu:ConfiguringVLANParameters(page2-24)
2-13
StaticVLANOperation
CLI:ConfiguringVLANParameters(page2-24)
WebAgent:ViewingandConfiguringVLANParameters(page2-45)
VLANTaggingInformation(page2-46)
EffectofVLANsonOtherSwitchFeatures(page2-62)
VLANRestrictions(page2-64)
Per-PortStaticVLANConfigurationOptions
Thefollowingfigureandtableshowtheoptionsyoucanusetoassign
individualportstoastaticVLAN.NotethatGVRP,ifconfigured,affectsthese
optionsandVLANbehaviorontheswitch.Thedisplaybelowshowstheper-
portVLANconfigurationoptions.Table2-4brieflydescribestheseoptions.
ExampleofPer-Port
VLANConfiguration ExampleofPer-Port
withGVRPDisabled VLANConfiguration
(thedefault) withGVRPEnabled
EnablingGVRPcausesNotodisplayasAuto.
Figure2-6.ComparingPer-PortVLANOptionsWithandWithoutGVRP
Table2-4.Per-PortVLANConfigurationOptions
Parameter EffectonPortParticipationinDesignatedVLAN
Tagged AllowstheporttojoinmultipleVLANs.
Untagged AllowsVLANconnectiontoadevicethatisconfiguredforanuntagged
VLANinsteadofataggedVLAN.Aportcanbeanuntaggedmemberof
onlyoneport-basedVLAN.Aportcanalsobeanuntaggedmemberofonly
oneprotocol-basedVLANforanygivenprotocoltype.Forexample,ifthe
switchisconfiguredwiththedefaultVLANplusthreeprotocol-based
VLANsthatincludeIPX,thenport1canbeanuntaggedmemberofthe
defaultVLANandoneoftheprotocol-basedVLANS.
2-14
VLANOperatingRules
Parameter EffectonPortParticipationinDesignatedVLAN
No
-or-
Auto
No:AppearswhentheswitchisnotGVRP-enabled;preventstheportfrom
joiningthatVLAN.
Auto:AppearswhenGVRPisenabledontheswitch;allowstheportto
dynamicallyjoinanyadvertisedVLANthathasthesameVID
Forbid PreventstheportfromjoiningtheVLAN,evenifGVRPisenabledonthe
switch.
VLANOperatingRules
DHCP/Bootp:IfyouareusingDHCP/Bootptoacquiretheswitchs
configuration,packettime-to-live,andTimePinformation,youmustdes-
ignatetheVLANonwhichDHCPisconfiguredforthispurposeasthe
PrimaryVLAN.(Inthefactory-defaultconfiguration,theDEFAULT_VLAN
isthePrimaryVLAN.)
Per-VLANFeatures:IGMPandsomeotherfeaturesoperateonaper
VLANbasis.Thismeansyoumustconfiguresuchfeaturesseparatelyfor
eachVLANinwhichyouwantthemtooperate.
DefaultVLAN:YoucanrenamethedefaultVLAN,butyoucannotchange
itsVID(1)ordeleteitfromtheswitch.
VLANPortAssignments:Anyportsnotspecificallyremovedfromthe
defaultVLANremainintheDEFAULT_VLAN,regardlessofotherport
assignments.Also,aportmustalwaysbeataggedoruntaggedmember
ofatleastoneport-basedVLAN.
Voice-Over-IP(VoIP):VoIPoperatesonlyoverstatic,port-basedVLANs.
MultipleVLANTypesConfiguredontheSamePort:Aportcan
simultaneouslybelongtobothport-basedandprotocol-basedVLANs.
ProtocolCapacity:Aprotocol-basedVLANcanincludeuptofour
protocoltypes.InprotocolVLANsusingtheIPv4protocol,ARPmustbe
oneoftheseprotocoltypes(tosupportnormalIPnetworkoperation).
Otherwise,IPtrafficontheVLANisdisabled.IfyouconfigureanIPv4
2-15
VLANOperatingRules
protocolVLANthatdoesnotalreadyincludetheARPVLANprotocol,the
switchdisplaysthismessage:
IndicatesaprotocolVLANconfigured
withIPv4,butnotARP.
DeletingStaticVLANs:Ontheswitchescoveredinthisguideyoucan
deleteaVLANregardlessofwhethertherearecurrentlyanyportsbelong-
ingtothatVLAN.(TheportsaremovedtothedefaultVLAN.)
AddingorDeletingVLANs:ChangingthenumberofVLANssupported
ontheswitchrequiresareboot.(FromtheCLI,youmustperformawrite
memorycommandbeforerebooting.)OtherVLANconfigurationchanges
aredynamic.
InboundTaggedPackets:Ifataggedpacketarrivesonaportthatisnot
ataggedmemberoftheVLANindicatedbythepacketsVID,theswitch
dropsthepacket.Similarly,theswitchwilldropaninbound,taggedpacket
ifthereceivingportisanuntaggedmemberoftheVLANindicatedbythe
packetsVID.
UntaggedPacketForwarding:Toenableaninboundporttoforward
anuntaggedpacket,theportmustbeanuntaggedmemberofeithera
protocolVLANmatchingthepacketsprotocoloranuntaggedmemberof
aport-basedVLAN.Thatis,whenaportreceivesanincoming,untagged
packet,itprocessesthepacketaccordingtothefollowingorderedcrite-
ria:
a. IftheporthasnountaggedVLANmemberships,theswitchdropsthe
packet.
b. IftheporthasanuntaggedVLANmembershipinaprotocolVLAN
thatmatchestheprotocoltypeoftheincomingpacket,thenthe
switchforwardsthepacketonthatVLAN.
c. Iftheportisamemberofanuntagged,port-basedVLAN,theswitch
forwardsthepackettothatVLAN.Otherwise,theswitchdropsthe
packet.
2-16
VLANOperatingRules
PortXreceives
aninbound,
untaggedPacket.
Yes
Isthe
portanuntagged
memberofany
VLANs?
No
Doesthe
packetsprotocol
matchtheprotocolof
anuntaggedVLAN
membershipon
theport?
No
Yes
Dropthe
packet.
Forwardthe
packetonthat
protocolVLAN.
Isthe
portamember
ofanuntagged,
port-based
VLAN?
Yes
Forwardthe
packetonthe
port-basedVLAN.
Dropthe
No
packet.
Figure2-7.UntaggedVLANOperation
TaggedPacketForwarding:Ifaportisataggedmemberofthesame
VLANasaninbound,taggedpacketreceivedonthatport,thentheswitch
forwardsthepackettoanoutboundportonthatVLAN.(Toenablethe
forwardingoftaggedpackets,anyVLANtowhichtheportbelongsasa
2-17
2-18
VLANOperatingRules
taggedmembermusthavethesameVIDasthatcarriedbytheinbound,
taggedpacketsgeneratedonthatVLAN.)
Ca u t i o n Rate-limitingmaybehaveunpredictablyonaVLANiftheVLANspans
multiplemodulesorport-banks.Thisalsoappliesifaportonadifferent
moduleorport-bankisaddedtoanexistingVLAN.ProCurvedoesnotrecom-
mendconfiguringrate-limitingonVLANsthatincludeportsspanningmodules
orport-banks.
Infigure2-9ports2,3,and24formoneVLAN.Theportsareinthesameport-
bank,whichincludesports1through24.Ports28,29,and32formasecond
VLAN.Theseportsarealsointhesameport-bank,whichincludesports25
through48.Rate-limitingwilloperateasexpectedfortheseVLANs.
Figure2-8.TaggedVLANOperation
SeealsoMultipleVLANConsiderationsonpage2-20.
Yes
PortXreceives
aninbound,
taggedPacket
FromVLANA.
Isport
Xatagged
memberof
VLANA?
No
Forwardthe
packettoanyport
YonVLANA
foroutbound
transmission.
Dropthe
packet.
Notethattheoutbound
portcanbeeithera
taggedoruntagged
memberoftheVLAN.
GeneralStepsforUsingVLANs
Port-bank1-24 Port-bank25-48
VLANA
VLANB
Figure2-9. ExampleofVLANsUsingPortsfromtheSamePort-BankforEachVLAN
GeneralStepsforUsingVLANs
1. PlanyourVLANstrategyandcreateamapofthelogicaltopologythatwill
resultfromconfiguringVLANs.Includeconsiderationfortheinteraction
betweenVLANsandotherfeaturessuchasSpanningTreeProtocol,port
trunking,andIGMP.(RefertoEffectofVLANsonOtherSwitchFeatures
onpage2-62.)IfyouplanonusingdynamicVLANs,includetheport
configurationplanningnecessarytosupportthisfeature.(Refertochap-
ter3,GVRP.)
Bydefault,VLANsupportisenabledforupto256VLANs.
2. ConfigureatleastoneVLANinadditiontothedefaultVLAN.
3. AssignthedesiredswitchportstothenewVLAN(s).
4. IfyouaremanagingVLANswithSNMPinanIPnetwork,theVLAN
throughwhichyouaremanagingtheswitchmusthaveanIPaddress.For
informationontheprocedureandrestrictionswhenyouconfigureanIP
addressonaVLANinterface,refertoTable2-1onpage2-8.
2-19
MultipleVLANConsiderations
Switchesuseaforwardingdatabasetomaintainawarenessofwhichexternal
devicesarelocatedonwhichVLANs.Someswitches,suchastheswitches
coveredinthisguide,haveamultipleforwardingdatabase,whichmeansthe
switchallowsmultipledatabaseentriesofthesameMACaddress,witheach
entryshowingthe(different)sourceVLANandsourceport.Otherswitch
modelshaveasingleforwardingdatabase,whichmeanstheyallowonlyone
databaseentryofauniqueMACaddress,alongwiththesourceVLANand
sourceportonwhichitisfound.AllVLANsonaswitchusethesameMAC
address.Thus,connectingamultipleforwardingdatabaseswitchtoasingle
forwardingdatabaseswitchwheremultipleVLANsexistimposessome
cablingandportVLANassignmentrestrictions.Table2-5illustratesthefunc-
tionaldifferencebetweenthetwodatabasetypes.
Table2-5.ExampleofForwardingDatabaseContent
MultipleForwardingDatabase SingleForwardingDatabase
MACAddress Destination
VLANID
Destination
Port
MACAddress Destination
VLANID
Destination
Port
0004ea-84d9f4 1 A5 0004ea-84d9f4 100 A9
0004ea-84d9f4 22 A12 0060b0-880af9 105 A10
0004ea-84d9f4 44 A20 0060b0-880a81 107 A17
0060b0-880a81 33 A20
Thisdatabaseallowsmultipledestinations Thisdatabaseallowsonlyonedestination
forthesameMACaddress.Iftheswitch foraMACaddress.Iftheswitchdetectsa
detectsanewdestinationforanexisting newdestinationforanexistingMACentry,
MACentry, itjustaddsanewinstanceofthat itreplacestheexistingMACinstancewith
MACtothetable. anewinstanceshowingthenew
destination.
Table2-6liststhedatabasestructureofcurrentProCurveswitchmodels.
2-20
Table2-6.ForwardingDatabaseStructureforManagedProCurveSwitches
MultipleForwardingDatabases* SingleForwardingDatabase*
Series8200zlswitches Switch1600M/2400M/2424M
Switch6600 Switch4000M/8000M
Series6400clswitches Series2500switches
Switch6200yl Switch2000
Switch6108 Switch800T
Series5400zlswitches
Series5300xlswitches
Series4200vlswitches
Series4100glswitches
Series3500switches
Series3500ylswitches
Series3400clswitches
Switch2810
Series2800switches
Series2600/2600-PWRswitches
Series2510switches
*Todeterminewhetherothervendorsdevicesusesingle-
forwardingormultiple-forwardingdatabasearchitectures,referto
thedocumentationprovidedforthosedevices.
SingleForwardingDatabaseOperation
WhenapacketarriveswithadestinationMACaddressthatmatchesaMAC
addressintheswitchsforwardingtable,theswitchtriestosendthepacket
totheportlistedforthatMACaddress.But,ifthedestinationportisina
differentVLANthantheVLANonwhichthepacketwasreceived,theswitch
dropsthepacket.Thisisnotaproblemforaswitchwithamultipleforwarding
database(refertotable2-6,above)becausetheswitchallowsmultiple
instancesofagivenMACaddress;oneforeachvaliddestination.However,a
switchwithasingleforwardingdatabaseallowsonlyoneinstanceofagiven
MACaddress.If(1)youconnectthetwotypesofswitchesthroughmultiple
portsortrunksbelongingtodifferentVLANs,and(2)enableroutingonthe
switchhavingthemultipleforwardingdatabase;then,ontheswitchhaving
thesingleforwardingdatabase,theportandVLANrecorditmaintainsforthe
connectedmultiple-forwarding-databaseswitchcanfrequentlychange.This
causespoorperformanceandtheappearanceofanintermittentorbroken
connection.
2-21
ExampleofanUnsupportedConfigurationandHowTo
CorrectIt
TheProblem. Infigure2-10,theMACaddresstableforSwitch8000Mwill
sometimesrecordtheswitchasaccessedonportA1(VLAN1),andothertimes
asaccessedonportB1(VLAN2):
Switch8000M
VLAN1 VLAN2
8212zlSwitch
RoutingEnabled
(SameMACaddressforall
VLANs.)
VLAN1 VLAN2
Thisswitchhasmultiple
forwardingdatabases.
Thisswitchhasasingle
forwardingdatabase.
PCA PCB
A1 B1
C1 D1
Figure2-10.ExampleofInvalidConfigurationforSingle-ForwardingtoMultiple-
ForwardingDatabaseDevicesinaMultipleVLANEnvironment
Infigure2-10,PCAsendsanIPpackettoPCB.
1. ThepacketentersVLAN1intheSwitch8000withthe8212zlswitchsMAC
addressinthedestinationfield.Becausethe8000Mhasnotyetlearned
thisMACaddress,itdoesnotfindtheaddressinitsaddresstable,and
floodsthepacketoutallports,includingtheVLAN1link(portA1)to
the8212zlswitch.The8212zlswitchthenroutesthepacketthroughthe
VLAN2linktothe8000M,whichforwardsthepacketontoPCB.
Becausethe8000Mreceivedthepacketfromthe8212zlswitchonVLAN
2(portB1),the8000Mssingleforwardingdatabaserecordsthe8212zl
switchasbeingonportB1(VLAN2).
2. PCAnowsendsasecondpackettoPCB.Thepacketagainenters
VLAN1intheSwitch8000withthe8212zlswitchsMACaddressinthe
destinationfield.However,thistimetheSwitch8000Mssingleforwarding
databaseindicatesthatthe8212zlisonportB1(VLAN2),andthe8000M
dropsthepacketinsteadofforwardingit.
3. Later,the8212zlswitchtransmitsapackettothe8000MthroughtheVLAN
1link,andthe8000Mupdatesitsaddresstabletoindicatethatthe8212zl
switchisonportA1(VLAN1)insteadofportB1(VLAN2).Thus,the
8000Msinformationonthelocationofthe8212zlswitchchangesover
2-22
time.Forthisreason,the8000Mdiscardssomepacketsdirectedthrough
itforthe8212zlswitch,resultinginpoorperformanceandtheappearance
ofanintermittentorbrokenlink.
TheSolution. Toavoidtheprecedingproblem,useonlyonecableorport
trunkbetweenthesingle-forwardingandmultiple-forwardingdatabase
devices,andconfigurethelinkwithmultiple,taggedVLANs.
Switch8000M
VLAN1 VLAN2
8212zlSwitch
(RoutingEnabled)
VLAN1
VLAN2
Thisswitchhasmultiple
forwardingdatabases.
Thisswitchhasasingle
forwardingdatabase.
PCA PCB
VLAN
1& 2
VLAN
1&2
A1
C1
Figure2-11.ExampleofaSolutionforSingle-ForwardingtoMultiple-Forwarding
DatabaseDevicesinaMultipleVLANEnvironment
Now,the8000Mforwardingdatabasealwaysliststhe8212zlMACaddresson
portA1,andthe8000MwillsendtraffictoeitherVLANonthe8212zl.
Toincreasethenetworkbandwidthoftheconnectionbetweenthedevices,
youcanuseatrunkofmultiplephysicallinksratherthanasinglephysicallink.
MultipleForwardingDatabaseOperation
Ifyouwanttoconnectoneoftheswitchescoveredbythisguidetoanother
switchthathasamultipleforwardingdatabase,youcanuseeitherorbothof
thefollowingconnectionoptions:
AseparateportorporttrunkinterfaceforeachVLAN.Thisresultsina
forwardingdatabasehavingmultipleinstancesofthesameMACaddress
withdifferentVLANIDsandportnumbers.(Seetable2-5.)Thefactthat
theswitchescoveredbythisguideusethesameMACaddressonallVLAN
interfacescausesnoproblems.
Thesameportorporttrunkinterfaceformultiple(tagged)VLANs.This
resultsinaforwardingdatabasehavingmultipleinstancesofthesame
MACaddresswithdifferentVLANIDs,butthesameportnumber.
AllowingmultipleentriesofthesameMACaddressondifferentVLANs
enablestopologiessuchasthefollowing:
2-23
ConfiguringVLANs
4108glSwitch
VLAN1 VLAN2
8212zlSwitch
VLAN1 VLAN2 Bothswitcheshave
multipleforwarding
databases.
Figure2-12.ExampleofaValidTopologyforDevicesHavingMultipleForwarding
DatabasesinaMultipleVLANEnvironment
ConfiguringVLANs
Menu:ConfiguringPort-BasedVLANParameters
TheMenuinterfaceenablesyoutoconfigureandviewport-basedVLANs.
Not e TheMenuinterfaceconfiguresanddisplaysonlyport-basedVLANs.TheCLI
configuresanddisplaysport-basedandprotocol-basedVLANs(page2-30).
Inthefactorydefaultstate,supportisenabledforupto256VLANs.(Youcan
reconfiguretheswitchtosupportupto2048(vidsupto4094)VLANs.)Also,
inthedefaultconfiguration,allportsontheswitchbelongtothedefaultVLAN
andareinthesamebroadcast/multicastdomain.(ThedefaultVLANisalso
thedefaultPrimaryVLANrefertoThePrimaryVLANonpage2-51.)In
additiontothedefaultVLAN,youcanconfigureadditionalstaticVLANsby
addingnewVLANnamesandVIDs,andthenassigningoneormoreportsto
eachVLAN.(Themaximumof2048VLANsincludesthedefaultVLAN,all
additionalstaticVLANsyouconfigure,andanydynamicVLANstheswitch
createsifyouenableGVRPpage3-1.)Notethateachportcanbeassigned
tomultipleVLANsbyusingVLANtagging.(See802.1QVLANTaggingon
page2-46.)
2-24
ConfiguringVLANs
ToChangeVLANSupportSettings
Thissectiondescribes:
ChangingthemaximumnumberofVLANstosupport
ChangingthePrimaryVLANselection(SeeChangingthePrimaryVLAN
onpage2-39.)
EnablingordisablingdynamicVLANs(Refertochapter3,GVRP.)
1. FromtheMainMenuselect:
2.SwitchConfiguration
8.VLANMenu
1.VLANSupport
Youwillthenseethefollowingscreen:
Figure2-13.TheDefaultVLANSupportScreen
2. Press[E](forEdit),thendooneormoreofthefollowing:
TochangethemaximumnumberofVLANs,typethenewnumber
(1-2048allowed;default256).
TodesignateadifferentVLANasthePrimaryVLAN,selectthePrimary
VLANfieldandusethespacebartoselectfromtheexistingoptions.
(NotethatthePrimaryVLANmustbeastatic,port-basedVLAN.)
ToenableordisabledynamicVLANs,selecttheGVRPEnabledfield
andusetheSpacebartotogglebetweenoptions.(ForGVRPinforma-
tion,refertochapter3,GVRP.)
Not e Foroptimalswitchmemoryutilization,setthenumberofVLANsatthe
numberyouwilllikelybeusingorafewmore.IfyouneedmoreVLANslater,
youcanincreasethisnumber,butaswitchrebootwillberequiredatthattime.
3. Press[Enter]andthen[S]tosavetheVLANsupportconfigurationand
returntotheVLANMenuscreen.
2-25
ConfiguringVLANs
IfyouchangedthevalueforMaximumVLANstosupport,youwillseean
asterisknexttotheVLANSupportoption(seebelow).
Anasteriskindicates
youmustrebootthe
switchtoimplement
thenewMaximum
VLANssetting.
Figure2-14. VLANMenuScreenIndicatingtheNeedToReboottheSwitch
IfyouchangedtheVLANSupportoption,youmustreboottheswitch
beforetheMaximumVLANschangecantakeeffect.Youcangoonto
configureotherVLANparametersfirst,butremembertorebootthe
switchwhenyouarefinished.
IfyoudidnotchangetheVLANSupportoption,arebootisnot
necessary.
4. Press[0]toreturntotheMainMenu.
AddingorEditingVLANNames
UsethisproceduretoaddanewVLANortoeditthenameofanexistingVLAN.
8.VLANMenu.
2.VLANNames
IfmultipleVLANsarenotyetconfiguredyouwillseeascreensimilarto
figure2-15:
2-26
ConfiguringVLANs
DefaultVLAN
andVLANID
Figure2-15. TheDefaultVLANNamesScreen
2. Press[A](forAdd).YouwillthenbepromptedforanewVLANnameand
VLANID:
802.1QVLANID:1
Name:_
3. TypeinaVID(VLANIDnumber).Thiscanbeanynumberfrom2to4094
thatisnotalreadybeingusedbyanotherVLAN.(Theswitchreserves1
forthedefaultVLAN.)
RememberthataVLANmusthavethesameVIDineveryswitchinwhich
youconfigurethatsameVLAN.(GVRPdynamicallyextendsVLANswith
correctVIDnumberingtootherswitches.Refertochapter3,GVRP.)
4. Press[v]tomovethecursortotheNamelineandtypetheVLANname(up
to12characters,withnospaces)ofanewVLANthatyouwanttoadd,
thenpress[Enter].
(AvoidthesecharactersinVLANnames:@,#,$,^,&,*,(,and ).)
5. Press[S](forSave).YouwillthenseetheVLANNamesscreenwiththe
newVLANlisted.
2-27
ConfiguringVLANs
ExampleofaNew
VLANandID
Figure2-16.ExampleofVLANNamesScreenwithaNewVLANAdded
6. Repeatsteps2through5toaddmoreVLANs.
RememberthatyoucanaddVLANsuntilyoureachthenumberspecified
intheMaximumVLANstosupportfieldontheVLANSupportscreen(see
figure2-13onpage2-25).ThisincludesanyVLANsaddeddynamicallydue
toGVRPoperation.
7. ReturntotheVLANMenutoassignportstothenewVLAN(s)asdescribed
inthenextsection,AddingorChangingaVLANPortAssignment.
AddingorChangingaVLANPortAssignment
UsethisproceduretoaddportstoaVLANortochangetheVLANassign-
ment(s)foranyport.(PortsnotspecificallyassignedtoaVLANareautomat-
icallyinthedefaultVLAN.)
8.VLANMenu
3.VLANPortAssignment
YouwillthenseeaVLANPortAssignmentscreensimilartothefollowing:
Not e TheVLANPortAssignmentscreendisplaysupto32static,port-based
VLANsinascendingorder,byVID.Iftheswitchconfigurationincludesmore
than32suchVLANs,usetheCLIshowvlans[VID|ports<port-list>]command
tolistdataonVLANshavingVIDsnumberedsequentiallyhigherthanthefirst
32.
2-28
ConfiguringVLANs
Aportcanbeassigned
toseveralVLANs,but
onlyoneofthose
assignmentscanbe
Untagged.
Default:Inthisexample,
theVLAN-22hasbeen
defined,butnoports
haveyetbeenassigned
toit.(Nomeansthe
portisnotassignedto
thatVLAN.)
UsingGVRP?Ifyouplan
onusingGVRP,any
portsyoudontwantto
joinshouldbechanged
toForbid.
Figure2-17.ExampleofthePort-BasedVLANPortAssignmentScreenintheMenu
Interface
2. TochangeaportsVLANassignment(s):
a. Press[E](forEdit).
b. UsethearrowkeystoselectaVLANassignmentyouwanttochange.
c. PresstheSpacebartomakeyourassignmentselection(No,Tagged,
Untagged,orForbid).
Not e ForGVRPOperation:IfyouenableGVRPontheswitch,No
convertstoAuto,whichallowstheVLANtodynamicallyjoinan
advertisedVLANthathasthesameVID.SeePer-PortOptionsfor
DynamicVLANAdvertisingandJoiningonpage3-9.
UntaggedVLANs:OnlyoneuntaggedVLANisallowedperport.Also,
theremustbeatleastoneVLANassignedtoeachport.Inthefactory
defaultconfiguration,allportsareassignedtothedefaultVLAN
(DEFAULT_VLAN).
Forexample,ifyouwantportsA4andA5tobelongtoboth
DEFAULT_VLANandVLAN-22,andportsA6andA7tobelongonlyto
VLAN-22,youwouldusethesettingsinfigurepage2-30.(Thisexample
assumesthedefaultGVRPsettingdisabledandthatyoudonotplan
toenableGVRPlater.)
2-29
ConfiguringVLANs
PortsA4andA5are
assignedtoboth
VLANs.
PortsA6andA7are
assignedonlyto
VLAN-22.
Allotherportsare
assignedonlytothe
DefaultVLAN.
Figure2-18.ExampleofPort-BasedVLANAssignmentsforSpecificPorts
ForinformationonVLANtags(UntaggedandTagged),referto
802.1QVLANTaggingonpage2-46.
d. IfyouarefinishedassigningportstoVLANs,press[Enter]andthen[S]
(forSave)toactivatethechangesyou'vemadeandtoreturntothe
Configurationmenu.(TheconsolethenreturnstotheVLANmenu.)
3. ReturntotheMainmenu.
CLI:ConfiguringPort-BasedandProtocol-BasedVLAN
Parameters
Inthefactorydefaultstate,allportsontheswitchbelongtothe(port-based)
defaultVLAN(DEFAULT_VLAN;VID=1)andareinthesamebroadcast/
multicastdomain.(ThedefaultVLANisalsothePrimaryVLAN.Formoreon
thistopic,refertoThePrimaryVLANonpage2-51.)Youcanconfigureup
to255additionalstaticVLANsbyaddingnewVLANnames,andthenassigning
oneormoreportstoeachVLAN.(Theswitchacceptsamaximumof2048
(vidsnumberedupto4094)VLANs,includingthedefaultVLANandany
dynamicVLANstheswitchcreatesifyouenableGVRP.Refertochapter3,
GVRP.)NotethateachportcanbeassignedtomultipleVLANsbyusing
VLANtagging.(See802.1QVLANTaggingonpage2-46.)
2-30
ConfiguringVLANs
VLANCommands Page
showvlans below
showvlans<vid> 2-35
showvlansports<port-list>
max-vlans<1-2048> 2-39
primary-vlan<vid> 2-39
[no]vlan<vid> 2-41
auto<port-list> 2-43(AvailableifGVRPenabled.)
forbid 2-43
name<vlan-name> 2-43
protocol<protocol-list> 2-41
tagged<port-list> 2-43
untagged<port-list> 2-43
voice 2-60
static-vlan<vlan-id> 2-43(AvailableifGVRPenabled.)
DisplayingtheSwitchsVLANConfiguration. Theshowvlanscommand
liststheVLANscurrentlyrunningintheswitch,withVID,VLANname,and
VLANstatus.DynamicVLANsappearonlyiftheswitchisrunningwithGVRP
enabledandoneormoreportshasdynamicallyjoinedanadvertisedVLAN.
(Inthedefaultconfiguration,GVRPisdisabled.(Refertochapter3,GVRP.)
Syntax: showvlans
MaximumVLANstosupport:ShowsthenumberofVLANsthe
switchcancurrentlysupport.(Default:256Maximum:2048)
PrimaryVLAN:RefertoThePrimaryVLANonpage2-51.
ManagementVLAN:RefertoTheSecureManagementVLANon
page2-52.
802.1QVLANID:TheVLANidentificationnumber,orVID.Refer
toTerminologyonpage2-7.
Name:ThedefaultorspecifiednameassignedtotheVLAN.For
astaticVLAN,thedefaultnameconsistsofVLAN-xwherex
matchestheVIDassignedtothatVLAN.ForadynamicVLAN,
thenameconsistsofGVRP_xwherexmatchestheapplicable
VID.
2-31
ConfiguringVLANs
Status:
Port-Based:Port-Based,staticVLAN
Protocol:Protocol-Based,staticVLAN
Dynamic:Port-Based,temporaryVLANlearnedthrough
GVRP(Refertochapter3,GVRP.)
Voice:Indicateswhethera(port-based)VLANisconfiguredas
avoiceVLAN.RefertoVoiceVLANsonpage2-60.
Jumbo:IndicateswhetheraVLANisconfiguredforJumbo
packets.Formoreonjumbos,refertothechaptertitledPort
TrafficControlsintheManagementandConfigurationGuide
foryourswitch.
Forexample:
WhenGVRPisdisabled
(thedefault),Dynamic
VLANsdonotexistonthe
switchanddonotappear
inthislisting.(Referto
chapter3,GVRP.)
Figure2-19.ExampleofShowVLANListing(GVRPEnabled)
DisplayingtheVLANMembershipofOneorMorePorts.
ThiscommandshowstowhichVLANaportbelongs.
Syntax: showvlanports<port-list> [detail]
DisplaysVLANinformationforanindividualportoragroupof
ports,eithercumulativelyoronadetailedper-portbasis.
port-list:Specifyasingleportnumber,arangeofports(for
example,a1-a16),orall.
detail:DisplaysdetailedVLANmembershipinformationonaper-
portbasis.
2-32

ConfiguringVLANs
Descriptionsofitemsdisplayedbythecommandareprovided
below.
Portname:Theuser-specifiedportname,ifonehasbeen
assigned.
VLANID:TheVLANidentificationnumber,orVID.
VID.
Status:
Protocol: Protocol-Based,staticVLAN
GVRP.
avoiceVLAN.
foryourswitch.
Mode:IndicateswhetheraVLANistaggedoruntagged.
Figure2-20isanexampleoftheoutputwhenthedetailoptionisnotused.
Pr oCur ve( conf i g) # show vl an por t s a1- a24
St at us and Count er s - VLAN I nf or mat i on - f or por t s A1- A24
VLAN I D Name | St at us Voi ce J umbo
- - - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - -
1 DEFAULT_VLAN | Por t - based No No
10 VLAN_10 | Por t - based Yes No
15 VLAN_15 | Pr ot ocol No No
Figure2-20. ExampleofShowVLANPortsCumulativeListing
2-33

ConfiguringVLANs
Figure2-21isanexampleoftheoutputwhenthedetailoptionisused.
Pr oCur ve ( conf i g) # show vl an por t s a1- a3 det ai l
St at us and Count er s - VLAN I nf or mat i on - f or por t s A1
VLAN I D Name | St at us Voi ce J umbo Mode
- - - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 DEFAULT_VLAN | Por t - based No No Unt agged
10 VLAN_10 | Por t - based Yes No Tagged
- - - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - -
20 VLAN_20 | Pr ot ocol No No Unt agged
- - - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - -
33 VLAN_33 | Por t - based No No Tagged
Figure2-21.ExampleofShowVLANPortsDetailListing
2-34
ConfiguringVLANs
DisplayingtheConfigurationforaParticularVLAN. Thiscommand
usestheVIDtoidentifyanddisplaythedataforaspecificstaticordynamic
VLAN.
Syntax: showvlans<vlan-id>
802.1QVLANID:TheVLANidentificationnumber,orVID.Refer
toTerminologyonpage2-7.
VID.
Status:
Protocol:Protocol-Based,staticVLAN
GVRP(Refertochapter3,GVRPinthisguide.)
avoiceVLAN.RefertoVoiceVLANsonpage2-60.
foryourswitch.
PortInformation:Liststheportsconfiguredasmembersofthe
VLAN.
DEFAULT: Showswhetheraportisataggedoruntaggedmember
ofthelistedVLAN.
UnknownVLAN:Showswhethertheportcanbecomeadynamic
memberofanunknownVLANforwhichitreceivesan
advertisement.GVRPmustbeenabledtoallowdynamic
joiningtooccur.Refertotable3-1onpage3-8.
Status:Showswhethertheportisparticipatinginanactive
link.
2-35
ConfiguringVLANs
Figure2-22.ExampleofShowVLANforaSpecificStaticVLAN
ShowVLANliststhis
datawhenGVRPis
enabledandatleast
oneportontheswitch
hasdynamically
joinedthedesignated
VLAN.
Figure2-23.ExampleofShowVLANforaSpecificDynamicVLAN
CustomizingtheShowVLANsOutput
Theshowvlanscustomcommandallowsyoutocustomizetheinformation
displayedwhenexecutingtheshowvlanscommand.
Syntax: showvlanscustom[port<port-list>]column-list
Selecttheinformationthatyouwanttodisplayintheorder
youwanttodisplayitfortheshowvlanscommand.Youcan
displayinformationforoneportorrangeofports.If<port-
list>isntspecified,thenallportsdisplay.
2-36
ConfiguringVLANs
Fieldsthatcanbeincludedinthecustomizeddisplayareshowninthetable
below.
Field Display Example Default
id VLANId 5 6
name VLANName Vlan55 32
status Status Port-based 10
voice Voiceenabled No 5
jumbo Jumbosenabled No 5
ipconfig Howtheipaddresswasconfigured Manual 10
Disabled
DHCP/BootP
ipaddr(IPv4) theIPaddress(es) 10.10.10.3 15forIPv4
ipaddr(IPv6) fe80::212:79ff:fe8d:8000 46forIPv6
ipmask Thesubnetmask(s) 255.255.255.6 15
/64(prefixforIPv6isinformat/XX)
proxyarp Whetherproxyarpisconfigured No 5
localproxyarp Whetherlocalproxyarpisconfigured No 9
state Upifatleastoneportisup Up 5
TheexampleinFigure2-24displaysidatitsdefaultwidth,andwillshowup
to20charactersoftheVLANname.Thecolumnsselectedfordisplayare
separatedbyspaces.
Pr oCur ve( conf i g) # show vl an cust omA1- A3 i d name: 20 i paddr st at e
St at us and Count er s - VLAN I nf or mat i on - Cust omvi ew
VLANI D VLAN name I P Addr St at e
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 DEFAULT_VLAN 15. 255. 134. 74 Up
33 Vl an33 10. 10. 10. 01 Up
44 Vl an44 15. 255. 164. 13 Up
55 Vl an55 15. 255. 178. 2 Down
15. 255. 178. 3
15. 255. 178. 4
60 Vl an60 f e80: : 212: 79f f : f e8d: 8000%vl an60 Up
Figure2-24.ExampleofshowvlancustomCommand
Ifthewidthofthecolumnrequestedissmallerthantheheadernameofthe
column,thedisplayoftheheadernameistruncated.
2-37
ConfiguringVLANs
Pr oCur ve( conf i g) # show vl an cust omi d
VLANI D
- - - - - -
1
33
44
Pr oCur ve( conf i g) # show vl an cust omi d: 2
VL
- -
1
33
44
Figure2-25.ExampleofColumnHeaders
Thetotaloutputwillwrapifitislongerthantheterminalwidth(forexample,
80characters).Itisnottruncated.
CreatinganAliasforShowVLANCommands
Youcancreateanaliasforafrequentlyusedshowvlanscustomcommandto
avoidenteringtheselectedcolumnseachtimeyouusethecommand.
Pr oCur ve( conf i g) # al i as showvl anst at us = show vl an cust omA1- A3 i d name: 20
st at us
Pr oCur ve( conf i g) # showvl anst at us
VLANI D VLAN name St at us
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 DEFAULT_VLAN Por t - based
33 Vl an33 Por t - based
Figure2-26.ExampleofthealiasCommand
2-38
ConfiguringVLANs
ShowVLANsCustomCommand
Ifyouhaveincludedapatternmatchingcommandtosearchforafieldinthe
outputoftheshowvlancustomcommandandtheshowvlanscustomcommand
producesanerror,theerrormessagemaynotbevisibleandtheoutputis
empty.Forexample,ifyouenteracommandthatproducesanerror(vlanis
misspelled)withthepatternmatchingincludeoption:
ProCurve(config)#showvlanscustom1-3namevlun|
includevlan1
theoutputmaybeempty.Itisadvisabletotrytheshowvlanscustomcommand
firsttoensurethereisoutput,andthenenterthecommandagainwiththe
patternmatchingoption.
ChangingtheNumberofVLANsAllowedontheSwitch
InthedefaultVLANconfiguration,theswitchallowsamaximumof256
VLANs.Youcanspecifyanyvaluefrom1to2048.
Syntax:max-vlans<1-2048>
SpecifiesthemaximumnumberofVLANstoallow.(IfGVRP
isenabled,thissettingincludesanydynamicVLANsonthe
switch.)Aspartofimplementinganewsetting,youmust
executeawritememorycommand(tosavethenewvaluetothe
startup-configfile)andthenreboottheswitch.
Note:IfmultipleVLANsexistontheswitch,youcannotreset
themaximumnumberofVLANstoavaluesmallerthanthe
currentnumberofVLANs.
Forexample,toreconfiguretheswitchtoallow10VLANs:
Notethatyoucan
executethese
threestepsat
anothertime.
Figure2-27.ExampleofCommandSequenceforChangingtheNumberofVLANs
ChangingthePrimaryVLAN. InthedefaultVLANconfiguration,theport-
baseddefaultVLAN(DEFAULT_VLAN)isthePrimaryVLAN.However,youcan
reassignthePrimaryVLANtoanyport-based,staticVLANontheswitch.(For
2-39
ConfiguringVLANs
moreonthePrimaryVLAN,refertoThePrimaryVLANonpage2-51.)To
identifythecurrentPrimaryVLANandlisttheavailableVLANsandtheir
respectiveVIDs,useshowvlans.
Syntax:primary-vlan<vid|ascii-name-string>
Reassigns thePrimaryVLANfunction.Re-assignmentmustbe
toanexisting,port-based,staticVLAN.(Theswitchwillnot
reassignthePrimaryVLANfunctiontoaprotocolVLAN.)Ifyou
re-assignthePrimaryVLANtoanon-defaultVLAN,youcannot
laterdeletethatVLANfromtheswitchuntilyouagainre-assign
thePrimaryVLANtoanotherport-based,staticVLAN.
Forexample,ifyouwantedtoreassignthePrimaryVLANtoVLAN22and
renametheVLANwith22-Primaryanddisplaytheresult:
RenamesVLAN22to
22-Primary.
Reassignsthe
PrimaryVLANto
VLAN22.
Figure2-28.ExampleofReassigningPrimaryVLANandChangingtheVLANName
2-40
ConfiguringVLANs
CreatingaNewStaticVLAN(Port-BasedorProtocol-Based)
ChangingtheVLANContextLevel.Thevlan<vid>commandoperatesin
theglobalconfigurationcontexttoeitherconfigureastaticVLANand/ortake
theCLItothespecifiedVLANscontext.
Syntax: vlan<vid|ascii-name-string>
[no]vlan<vid>
If<vid>doesnotexistintheswitch,thiscommandcreatesa
port-basedVLANwiththespecified<vid>.Ifthecommand
doesnotincludeoptions,theCLImovestothenewlycreated
VLANcontext.Ifyoudonotspecifyanoptionalname,the
switchassignsanameinthedefaultformat:VLANnwheren
isthe<vid>assignedtotheVLAN.IftheVLANalreadyexists
andyouentereitherthevidortheascii-name-string,theCLI
movestothespecifiedVLANscontext.
The[no]formofthecommanddeletestheVLANasfollows:
IfoneormoreportsbelongonlytotheVLANtobedeleted,
theCLInotifiesyouthattheseportswillbemovedtothe
defaultVLANandpromptsyoutocontinuethedeletion.For
memberportsthatalsobelongtoanotherVLAN,thereisno
moveprompt.
[protocol<ipx|ipv4|ipv6|arp|appletalk|sna|netbeui>]
Configuresastatic,protocolVLANofthespecifiedtype.If
multipleprotocolsareconfiguredintheVLAN,thenthe[no]
formremovesthespecifiedprotocolfromtheVLAN.Ifaproto-
colVLANisconfiguredwithonlyoneprotocoltypeandyou
usethe[no]formofthiscommandtoremovethatprotocol,the
switchchangestheprotocolVLANtoaport-basedVLANifthe
VLANdoesnothaveanuntaggedmemberport.(Ifanuntagged
memberportexistsontheprotocolVLAN,youmusteithercon-
verttheporttoataggedmemberorremovetheportfromthe
VLANbeforeremovingthelastprotocoltypefromtheVLAN.)
Note:IfyoucreateanIPv4protocolVLAN,youmustalso
assigntheARPprotocoloptiontotheVLANtoprovideIP
addressresolution.Otherwise,IPpacketsarenotdeliverable.
ACautionmessageappearsintheCLIifyouconfigureIPv4
inprotocolVLANthatdoesnotalreadyincludethearpprotocol
option.Thesamemessageappearsifyouaddordeleteanother
protocolinthesameVLAN.
2-41
ConfiguringVLANs
name<ascii-name-string>
Whenincludedinavlancommandforcreatinganewstatic
VLAN,specifiesanon-defaultVLANname.Alsousedto
changethecurrentnameofanexistingVLAN.(Avoidspaces
andthefollowingcharactersinthe<ascii-name-string>entry:
@,#,$,^,&,*,(,and ).ToincludeablankspaceinaVLAN
name,enclosethenameinsingleordoublequotes(...or...).
[voice]
DesignatesaVLANforVoIPuse.Formoreonthistopic,refer
toVoiceVLANsonpage2-60.
Forexample,tocreateanew,port-based,staticVLANwithaVIDof100:
CreatesthenewVLAN.
ShowstheVLANs
currentlyconfiguredin
theswitch.
Ifthisfieldisempty,aSecureManagementVLAN
isnotconfiguredintheswitch.RefertoThe
SecureManagementVLANonpage2-52
Figure2-29.ExampleofCreatingaNew,Port-Based,StaticVLAN
TogotoadifferentVLANcontextlevel,suchastothedefaultVLAN:
Pr oCur ve( vl an- 100) # vl an def aul t _vl an
Pr oCur ve( vl an- 1) _
DeletingaVLAN.IfportsB1-B5belongtobothVLAN2andVLAN3,and
portsB6-B10belongtoVLAN3only,thendeletingVLAN3causestheCLIto
promptyoutoapprovemovingportsB6-B10toVLAN1(thedefaultVLAN).
(PortsB1-B5arenotmovedbecausetheystillbelongtoanotherVLAN.)
Pr oCur ve( conf i g) # no vl an 3
The f ol l owi ng por t s wi l l be moved t o t he def aul t VLAN:
B6- B10
Do you want t o cont i nue? [ y/ n] y
Pr oCur ve( conf i g) #
2-42
ConfiguringVLANs
ConvertingaDynamicVLANtoaStaticVLAN.Usethisfeatureifyou
wanttoconvertadynamic,port-basedVLANmembershiptoastatic,port-
basedVLANmembership.ThisisnecessaryifyouwanttomaketheVLAN
permanentontheswitch.
Syntax:static-vlan<vlan-id>
Convertsadynamic,port-basedVLANmembershiptoastatic,
port-basedVLANmembership.(Allowsport-basedVLANs
only).Forthiscommand,<vlan-id>referstotheVIDofthe
dynamicVLANmembership.(Useshowvlantohelpidentifythe
VIDyouneedtouse.)ThiscommandrequiresthatGVRPis
runningontheswitchandaportiscurrentlyadynamic
memberoftheselectedVLAN.Afteryouconvertadynamic
VLANtostatic,youmustconfiguretheswitchsper-port
participationintheVLANinthesamewaythatyouwouldfor
anystaticVLAN.(ForGVRPanddynamicVLANoperation,
refertochapter3,GVRP.)
Forexample,supposeadynamicVLANwithaVIDof125existsontheswitch.
ThefollowingcommandconvertstheVLANtoaport-based,staticVLAN.
Pr oCur ve( conf i g) # st at i c- vl an 125
ConfiguringStaticVLANPer-PortSettings.Thevlan<vlan-id>com-
mand,usedwiththeoptionslistedbelow,changesthenameofanexisting
staticVLANandchangestheper-portVLANmembershipsettings.
Not e Youcanusetheseoptionsfromtheconfigurationlevelbybeginningthe
commandwithvlan<vid>,orfromthecontextlevelofthespecificVLANby
justtypingthecommandoption.
Syntax:[no]vlan<vid>
tagged<port-list>
Configurestheindicatedport(s)asTaggedforthespecified
VLAN.Thenoversionsetstheport(s)toeitherNoor(if
GVRPisenabled)toAuto.
untagged<port-list>
Configurestheindicatedport(s)asUntaggedforthe
specifiedVLAN.Thenoversionsetstheport(s)toeitherNo
or(ifGVRPisenabled)toAuto.
2-43
ConfiguringVLANs
forbid<port-list>
Usedinport-basedVLANstoconfigures<port-list>as
forbiddentobecomeamemberofthespecifiedVLAN,as
wellasotheractions.DoesnotoperatewithprotocolVLANs.
Thenoversionsetstheport(s)toeitherNoor(ifGVRPis
enabled)toAuto.Refertochapter3,GVRP,inthisguide.
auto<port-list>
AvailableifGVRPisenabledontheswitch.Returnstheper-
portsettingsforthespecifiedVLANtoAutooperation.Note
thatAutoisthedefaultper-portsettingforastaticVLANif
GVRPisrunningontheswitch.(Forinformationondynamic
VLANandGVRPoperation,refertochapter3,GVRP,inthis
guide.)
Forexample,supposeyouhaveaVLANnamedVLAN100withaVIDof100,
andallportsaresettoNoforthisVLAN.TochangetheVLANnameto
Blue_TeamandsetportsA1- A5toTagged,youwouldusethesecommands:
Pr oCur ve( conf i g) # vl an 100 name Bl ue_Team
Pr oCur ve( conf i g) # vl an 100 t agged a1- a5
Tomovetothevlan100contextlevelandexecutethesamecommands:
Pr oCur ve( conf i g) # vl an 100
Pr oCur ve( vl an- 100) # name Bl ue_Team
Pr oCur ve( vl an- 100) # t agged a1- a5
Similarly,tochangethetaggedportsintheaboveexamplestoNo(orAuto,if
GVRPisenabled),youcoulduseeitherofthefollowingcommands.
Attheglobalconfiglevel,use:
Pr oCur ve( conf i g) # no vl an 100 t agged a1- a5
- or-
AttheVLAN100contextlevel,use:
Pr oCur ve( vl an- 100) # no t agged a1- a5
Not e YoucannotusethesecommandswithdynamicVLANs.Attemptingtodoso
resultsinthemessageVLANalreadyexists.andnochangeoccurs.
2-44
ConfiguringVLANs
WebAgent:ViewingandConfiguringVLANParameters
IntheWebAgentyoucandothefollowing:
AddVLANs
RenameVLANs
RemoveVLANs
ConfigureVLANtaggingmodeper-port
ConfigureGVRPmode
SelectanewPrimaryVLAN
Enable/disableQinQ
SetMaxVLANS
ToconfigureotherstaticVLANportparameters,youwillneedtouseeither
theCLIorthemenuinterface(availablebyTelnetfromtheWebAgent).
1. ClickontheVLANfolder.
2. ClickonVLANMgmt.
3. Clickontheappropriatebuttonforthedesiredtask.
Forweb-basedHelponhowtousetheWebAgentscreen,clickonthe[?]button
intheupperrightcorneroftheWebAgentscreen.
2-45
802.1QVLANTagging
802.1QVLANTagging
GeneralApplications:
TheswitchrequiresVLANtaggingonagivenportifmorethanoneVLAN
ofthesametypeusestheport.WhenaportbelongstotwoormoreVLANs
ofthesametype,theyremainasseparatebroadcastdomainsandcannot
receivetrafficfromeachotherwithoutrouting.(Ifmultiple,non-routable
VLANsexistintheswitchsuchasNETbeuiprotocolVLANsthenthey
cannotreceivetrafficfromeachotherunderanycircumstances.)
TheswitchrequiresVLANtaggingonagivenportiftheportwillbe
receivinginbound,taggedVLANtrafficthatshouldbeforwarded.Evenif
theportbelongstoonlyoneVLAN,itforwardsinboundtaggedtrafficonly
ifitisataggedmemberofthatVLAN.
Iftheonlyauthorized,inboundVLANtrafficonaportarrivesuntagged,
thentheportmustbeanuntaggedmemberofthatVLAN.Thisisthecase
wheretheportisconnectedtoanon802.1Q-compliantdeviceoris
assignedtoonlyoneVLAN.
Forexample,ifport7onan802.1Q-compliantswitchisassignedtoonlythe
RedVLAN,theassignmentcanremainuntaggedbecausetheportwill
forwardtrafficonlyfortheRedVLAN.However,ifboththeRedandGreen
VLANsareassignedtoport7,thenatleastoneofthoseVLANassignments
mustbetaggedsothatRedVLANtrafficcanbedistinguishedfromGreen
VLANtraffic.Figure2-30showsthisconcept:
2-46
802.1QVLANTagging
Red
VLAN
Blue
Server
Red
Server
Switch
X
4
3
5 6
7
2 1
Blue
VLAN
Green
Server
Green
VLAN
White
Server
Switch
Y
5
4 3
1 2
White
VLAN
Red
VLAN
Green
VLAN
RedVLAN:Untagged
GreenVLAN:Tagged
Ports1-4:Untagged
Port5:RedVLANUntagged
GreenVLANTagged
Ports1-6:Untagged
Port7:RedVLANUntagged
GreenVLANTagged
Figure2-30.ExampleofTaggedandUntaggedVLANPortAssignments
InswitchX:
VLANsassignedtoportsX1-X6canallbeuntaggedbecausethereis
onlyoneVLANassignmentperport.RedVLANtrafficwillgooutonly
theRedports;GreenVLANtrafficwillgooutonlytheGreenports,
andsoon.Devicesconnectedtotheseportsdonothavetobe802.1Q-
compliant.
However,becauseboththeRedVLANandtheGreenVLANare
assignedtoportX7,atleastoneoftheVLANsmustbetaggedforthis
port.
InswitchY:
VLANsassignedtoportsY1-Y4canallbeuntaggedbecausethereis
onlyoneVLANassignmentperport.Devicesconnectedtotheseports
donothavetobe802.1Q-compliant.
BecauseboththeRedVLANandtheGreenVLANareassignedtoport
Y5,atleastoneoftheVLANsmustbetaggedforthisport.
Inbothswitches:Theportsonthelinkbetweenthetwoswitchesmustbe
configuredthesame.Asshowninfigure2-30(above),theRedVLANmust
beuntaggedonportX7andY5andtheGreenVLANmustbetaggedon
portX7andY5,orvice-versa.
2-47
802.1QVLANTagging
Not e Each802.1Q-compliantVLANmusthaveitsownuniqueVIDnumber,andthat
VLANmustbegiventhesameVIDineverydeviceinwhichitisconfigured.
Thatis,iftheRedVLANhasaVIDof10inswitchX,then10mustalsobeused
fortheRedVIDinswitchY.
VIDNumbers
Figure2-31.ExampleofVLANIDNumbersAssignedintheVLANNamesScreen
VLANtagginggivesyouseveraloptions:
SincethepurposeofVLANtaggingistoallowmultipleVLANsonthesame
port,anyportthathasonlyoneVLANassignedtoitcanbeconfiguredas
Untagged(thedefault)iftheauthorizedinboundtrafficforthatport
arrivesuntagged.
AnyportwithtwoormoreVLANsofthesametypecanhaveonesuch
VLANassignedasUntagged.AllotherVLANsofthesametypemustbe
configuredasTagged.Thatis:
Port-BasedVLANs ProtocolVLANs
Aportcanbeamemberofoneuntagged,
port-basedVLAN.Allotherport-based
VLANassignmentsforthatportmustbe
tagged.
Aportcanbeanuntaggedmemberofone
protocol-basedVLANofeachprotocol
type.Whenassigningaporttomultiple,
protocol-basedVLANssharingthesame
type,theportcanbeanuntaggedmember
ofonlyonesuchVLAN.
Aportcanbeataggedmemberofanyport-
basedVLAN.Seeabove.
Aportcanbeataggedmemberofany
protocol-basedVLAN.Seeabove.
Note:AgivenVLANmusthavethesameVIDonall802.1Q-compliantdevicesinwhich
theVLANoccurs.Also,theportsconnectingtwo802.1Qdevicesshouldhaveidentical
VLANconfigurations.
2-48
802.1QVLANTagging
Ifallendnodesonaportcomplywiththe802.1Qstandardandare
configuredtousethecorrectVID,then,youcanconfigureallVLAN
assignmentsonaportasTaggedifdoingsoeithermakesiteasierto
manageyourVLANassignments,oriftheauthorized,inboundtrafficfor
allVLANsontheportwillbetagged.
ForasummaryandflowchartsofuntaggedandtaggedVLANoperationon
inboundtraffic,refertothefollowingunderVLANOperatingRulesonpages
2-15through2-18:
InboundTaggedPackets
UntaggedPacketForwardingandfigure2-7
TaggedPacketForwardingandfigure2-8
Example. Inthefollowingnetwork,switchesXandYandserversS1,S2,and
theAppleTalkserverare802.1Q-compliant.(ServerS3couldalsobe802.1Q-
compliant,butitmakesnodifferenceforthisexample.)Thisnetworkincludes
bothprotocol-based(AppleTalk)VLANsandport-basedVLANs.
AppleTalk
Server
Switch
X
X1 X2
X3
X6 X5
Green
VLAN
System
ServerS2
Switch
Y
Y6
Y1
Apple
Talk
VLAN1
System
ServerS1
X4
Red
VLAN
Y5 Y4
Apple
Talk
VLAN2
Y3
Green
VLAN
Red
VLAN
Y2
RedVLAN:Untagged
GreenVLAN:Tagged
AT2(Protocol)VLAN:
Untagged
RedVLAN:Untagged
GreenVLAN:Tagged
AT1(Protocol)VLAN:
Untagged
Only
GreenVLAN
System
ServerS3
Figure2-32. ExampleofNetworked802.1Q-CompliantDeviceswithMultipleVLANsonSomePorts
2-49
802.1QVLANTagging
TheVLANsassignedtoportsX4-X6,Y2-Y5canallbeuntaggedbecause
thereisonlyoneVLANassignedperport.
PortX1hastwoAppleTalkVLANsassigned,whichmeansthatoneVLAN
assignedtothisportcanbeuntaggedandtheothermustbetagged.
PortsX2andY1havetwoport-basedVLANsassigned,soonecanbe
untaggedandtheothermustbetaggedonbothports.
PortsX3andY6havetwoport-basedVLANsandoneprotocol-based
VLANassigned.Thus,oneport-basedVLANassignedtothisportcanbe
untaggedandtheothermustbetagged.Also,sincethesetwoportsshare
thesamelink,theirVLANconfigurationsmustmatch.
SwitchX SwitchY
Port AT-1VLAN AT-2VLAN RedVLAN GreenVLAN Port AT-1VLAN AT-2VLAN RedVLAN GreenVLAN
X1 Untagged Tagged No* No*
X2 No* No* Untagged Tagged
X3 No* Untagged Untagged Tagged
X4 No* No* No* Untagged
X5 No* No* Untagged No*
Y1 No* No* Untagged Tagged
Y2 No* No* No* Untagged
Y3 No* Untagged No* No*
Y4 No* No* No* Untagged
Y5 No* No* Untagged No*
X6 Untagged No* No* No* Y6 No Untagged Untagged Tagged
*NomeanstheportisnotamemberofthatVLAN.Forexample,portX3isnotamemberoftheRedVLANanddoes
notcarryRedVLANtraffic.Also,ifGVRPwereenabled(port-basedonly),AutowouldappearinsteadofNo.
Not e VLANconfigurationsonportsconnectedbythesamelinkmustmatch.
BecauseportsX2andY5areoppositeendsofthesamepoint-to-pointconnec-
tion,bothportsmusthavethesameVLANconfiguration;thatis,bothports
configuretheRedVLANasUntaggedandtheGreenVLANasTagged.
2-50
SpecialVLANTypes
SpecialVLANTypes
VLANSupportandtheDefaultVLAN
Inthefactorydefaultconfiguration,VLANsupportisenabledandallportson
theswitchbelongtotheport-based,defaultVLAN(namedDEFAULT_VLAN).
Thisplacesallportsintheswitchintoonephysicalbroadcastdomain.Inthe
factory-defaultstate,thedefaultVLANisalsothePrimaryVLAN.
Youcanpartitiontheswitchintomultiplevirtualbroadcastdomainsby
configuringoneormoreadditionalVLANsandmovingportsfromthedefault
VLANtothenewVLANs.(Theswitchsupportsupto2048(vidsnumberedup
to4094)staticanddynamicVLANs.)Youcanchangethenameofthedefault
VLAN,butyoucannotchangethedefaultVLANsVID(whichisalways1).
AlthoughyoucanremoveallportsfromthedefaultVLAN(byplacingthemin
anotherport-basedVLAN),thisVLANisalwayspresent;thatis,youcannot
deleteitfromtheswitch.
FordetailsonportVLANsettings,refertoConfiguringStaticVLANPer-Port
Settingsonpage2-43
ThePrimaryVLAN
BecausecertainfeaturesandmanagementfunctionsrunononlyoneVLANin
theswitch,andbecauseDHCPandBootpcanrunper-VLAN,thereisaneed
foradedicatedVLANtomanagethesefeaturesandensurethatmultiple
instancesofDHCPorBootpondifferentVLANsdonotresultinconflicting
configurationvaluesfortheswitch.ThePrimaryVLANistheVLANtheswitch
usestorunandmanagethesefeaturesanddata.Inthefactory-defaultconfig-
uration,theswitchdesignatesthedefaultVLAN(DEFAULT_VLAN;VID=1)
asthePrimaryVLAN.However,toprovidemorecontrolinyournetwork,you
candesignateanotherstatic,port-basedVLANasprimary.Tosummarize,
designatinganon-defaultVLANasprimarymeansthat:
TheswitchreadsDHCPresponsesonthePrimaryVLANinsteadofonthe
defaultVLAN.(ThisincludessuchDHCP-resolvedparametersasthe
TimePserveraddress,DefaultTTL,andIPaddressingincludingthe
GatewayIPaddresswhentheswitchconfigurationspecifiesDHCPas
thesourceforthesevalues.)
2-51
SpecialVLANTypes
ThedefaultVLANcontinuestooperateasastandardVLAN(except,as
notedabove,youcannotdeleteitorchangeitsVID).
AnyportsnotspecificallyassignedtoanotherVLANwillremainassigned
totheDefaultVLAN,regardlessofwhetheritisthePrimaryVLAN.
CandidatesforPrimaryVLANincludeanystatic,port-basedVLANcurrently
configuredontheswitch.(Protocol-BasedVLANsanddynamicGVRP-
learnedVLANsthathavenotbeenconvertedtoastaticVLANcannotbethe
PrimaryVLAN.)TodisplaythecurrentPrimaryVLAN,usetheCLIshowvlan
command.
Not e Ifyouconfigureanon-defaultVLANasthePrimaryVLAN,youcannotdelete
thatVLANunlessyoufirstselectadifferentVLANtoserveasprimary.
Ifyoumanuallyconfigureagatewayontheswitch,itignoresanygateway
addressreceivedviaDHCPorBootp.
TochangethePrimaryVLANconfiguration,refertoChangingthePrimary
VLANonpage2-39.
TheSecureManagementVLAN
ConfiguringasecureManagementVLANcreatesanisolatednetworkfor
managingtheProCurveswitchesthatsupportthisfeature.Ifyouconfigurea
secureManagementVLAN,accesstotheVLANandtotheswitchsmanage-
mentfunctions(Menu,CLI,andWebAgent)isavailableonlythroughports
configuredasmembers.
MultipleportsontheswitchcanbelongtotheManagementVLAN.This
allowsconnectionsformultiplemanagementstationsyouwanttohave
accesstotheManagementVLAN,whileatthesametimeallowingMan-
agementVLANlinksbetweenswitchesconfiguredforthesameManage-
mentVLAN.
OnlytrafficfromtheManagementVLANcanmanagetheswitch,which
meansthatonlytheworkstationsandPCsconnectedtoportsbelonging
totheManagementVLANcanmanageandreconfiguretheswitch.
Figure2-33illustratesuseoftheManagementVLANfeaturetosupportman-
agementaccessbyagroupofmanagementworkstations.
2-52
SpecialVLANTypes
LinkswithPortsBelongingtotheManagementVLANandotherVLANs
LinksBetweenPortsonaHubandPortsbelongingtotheManagement
VLAN
LinksNotBelongingtotheManagementVLAN
LinkstoOtherDevices
HubY
SwitchA
HubX
SwitchB
Server
SwitchC
ManagementWorkstations
SwitchesA,B,and
Careconnectedby
portsbelongingtothe
managementVLAN.
HubXisconnected
toaswitchportthat
belongstothe
managementVLAN.As
aresult,thedevices
connectedtoHubXare
includedinthe
managementVLAN.
Otherdevices
connectedtothe
switchesthroughports
thatarenotinthe
managementVLANare
excludedfrom
managementtraffic.
Figure2-33.ExampleofPotentialSecurityBreaches
Infigure2-34,Workstation1hasmanagementaccesstoallthreeswitches
throughtheManagementVLAN,whilethePCsdonot.Thisisbecauseconfig-
uringaswitchtorecognizeaManagementVLANautomaticallyexcludes
attemptstosendmanagementtrafficfromanyotherVLAN.
2-53
SpecialVLANTypes
Switch
A
3
PortA1
PortA3
PortA6
PortA7
4
1
Switch
B
PortB2
PortB4
PortB5
PortB9
Switch
C
PortC2
PortC3
PortC6
PortC8
Server
Server
Server
2
LinkswithPorts
ConfiguredasMembersof
theManagementVLAN
andotherVLANs
LinksNotBelongingtothe
ManagementVLAN
System
Management
Workstation
Marketing
Shipping
SystemServer
(onthe
DEFAULT_VLAN)
Figure2-34.ExampleofManagementVLANControlinaLAN
Table2-7.VLANMembershipinFigure2-34
Switch A1 A3 A6 A7 B2 B4 B5 B9 C2 C3 C6 C8
ManagementVLAN(VID=7) Y N N Y Y Y N N Y N N N
MarketingVLAN (VID=12) N N N N N N N N N Y Y Y
ShippingDept.VLAN(VID=20) N Y Y N N N N N N N N N
DEFAULT-VLAN(VID=1) Y Y Y Y Y Y Y Y Y Y Y Y
Preparation
1. DetermineaVIDandVLANnamesuitableforyourManagementVLAN.
2. PlanyourManagementVLANtopologytouseProCurveswitchesthat
supportthisfeature.(Refertopage2-52.)Theportsbelongingtothe
ManagementVLANshouldbeonlythefollowing:
Portstowhichyouwillconnectauthorizedmanagementstations
(suchasPortA7infigure2-34.)
PortsononeswitchthatyouwillusetoextendtheManagementVLAN
toportsonotherProCurveswitches(suchasportsA1andB2orB4
andC2infigure2-34onpage2-54.).
HubsdedicatedtoconnectingmanagementstationstotheManagementVLAN
canalsobeincludedintheabovetopology.Notethatanydeviceconnected
toahubintheManagementVLANwillalsohaveManagementVLANaccess.
2-54
SpecialVLANTypes
3. ConfiguretheManagementVLANontheselectedswitchports.
4. TestthemanagementVLANfromallofthemanagementstationsautho-
rizedtousetheManagementVLAN,includinganySNMP-basednetwork
managementstations.EnsurethatyouincludetestinganyManagement
VLANlinksbetweenswitches.
Not e IfyouconfigureaManagementVLANonaswitchbyusingaTelnetconnection
throughaportthatisnotintheManagementVLAN,thenyouwilllose
managementcontactwiththeswitchifyoulogoffyourTelnetconnectionor
executewritememoryandreboottheswitch.
Configuration
Syntax:[no]management-vlan<vlan-id|vlan-name>
ConfiguresanexistingVLANasthemanagementVLAN.Theno
formdisablesthemanagementVLANandreturnstheswitchtoits
defaultmanagementoperation.Default:Disabled.Inthiscase,the
VLANreturnstostandardVLANoperation.
Forexample,supposeyouhavealreadyconfigureda VLAN namedMy_VLAN
withaVIDof100.Nowyouwanttoconfiguretheswitchtodothefollowing:
UseMy_VLANasaManagementVLAN(tagged,inthiscase)toconnect
portA1onswitchAtoamanagementstation.(Themanagementstation
includesanetworkinterfacecardwith802.1QtaggedVLANcapability.)
UseportA2toextendtheManagementVLANtoportB1(whichisalready
configuredasataggedmemberofMy_VLAN)onanadjacentProcurve
switchthatsupportstheManagementVLANfeature.
Switch
B
Switch
A
A1 B1
A2
Figure2-35.IllustrationofConfigurationExample
Pr oCur ve ( conf i g) # management - vl an 100
Pr oCur ve ( conf i g) # vl an 100 t agged a1
Pr oCur ve ( conf i g) # vl an 100 t agged a2
2-55
SpecialVLANTypes
UsingDHCPtoObtainanIPAddress
YoucanuseDHCPtoobtainanIPv4addressforyourManagementVLANor
aclientonthatVLAN.ThefollowingexamplesillustratewhenanIPaddress
willbereceivedfromtheDHCPserver.
1. IfBlue_VLANisconfiguredastheManagementVLANandtheDHCP
serverisalsoonBlue_VLAN,Blue_VLANreceivesanIPaddress.Because
DHCPRelaydoesnotforwardontooroffoftheManagementVLAN,
devicesonRed_VLANcannotgetanIPaddressfromtheDHCPserveron
Blue_VLAN(ManagementVLAN)andRed_VLANdoesnotreceiveanIP
address.Seefigure2-36.
DHCP
Server
Red_VLAN
Blue_VLANisManagementVLAN
Blue_VLANisManagementVLAN-receivesIP
address
Red_VLANdoesnotreceiveIPaddress
Figure2-36.ExampleofDHCPServeronManagementVLAN
2-56
SpecialVLANTypes
2. IfRed_VLANisconfiguredastheManagementVLANandtheDHCPserver
isonBlue_VLAN,Blue_VLANreceivesanIPaddressbutRed_VLANdoes
not.Seefigure2-37.
DHCP
Server
Red_VLANisManagementVLAN-doesnot
receiveIPaddress
Blue_VLANreceivesIPaddress
Red_VLAN
Blue_VLAN
Figure2-37.ExampleofDHCPServeronDifferentVLANfromtheManagement
VLAN
3. IfnoManagementVLANisconfigured,bothBlue_VLANandRed_VLAN
receiveIPaddresses.Seefigure2-38.
DHCP
Server
Red_VLAN
Blue_VLAN
NoManagementVLANsareconfigured.
Red_VLANandBlue_VLANreceiveIP
addresses.
Figure2-38.ExampleofnoManagementVLANsConfigured
2-57
SpecialVLANTypes
4. IfRed_VLANisconfiguredastheManagementVLANandtheclientison
Red_VLAN,buttheDHCPserverisonBlue_VLAN,theclientwillnot
receiveanIPaddress.Seefigure2-39.
Red_VLANistheManagementVLANandthe
clientisonRed_VLAN.TheDHCPserverison
Blue_VLAN.
TheclientdoesnotreceiveanIPaddress.
DHCP
Server
Client
Red_VLAN
Blue_VLAN
Figure2-39.ExampleofClientonDifferentManagementVLANfromDHCPServer
5. IfBlue_VLANisconfiguredastheManagementVLAN,theclientison
Blue_VLAN,andtheDHCPserverisonBlue_VLAN,theclientreceivesan
IPaddress.
DHCP
Server
Red_VLAN
Blue_VLAN
Blue_VLANistheManagementVLANandthe
clientisonBlue_VLAN.TheDHCPserverison
Blue_VLAN.
TheclientreceivesanIPaddress.
Client
Figure2-40.ExampleofDHCPServerandClientontheManagementVLAN
2-58
SpecialVLANTypes
DeletingtheManagementVLAN
YoucandisabletheSecureManagementfeaturewithoutdeletingtheVLAN
itself.Forexample,eitherofthefollowingcommandsdisablestheSecure
Managementfeatureintheaboveexample:
Pr oCur ve ( conf i g) # no management - vl an 100
Pr oCur ve ( conf i g) # no management - vl an my_vl an
OperatingNotesforManagementVLANs
Useonlyastatic,port-basedVLANfortheManagementVLAN.
TheManagementVLANfeatureappliestobothIPv4andIPv6traffic.
TheManagementVLANdoesnotsupportIGMPoperation.
RoutingbetweentheManagementVLANandotherVLANsisnotallowed.
Iftherearemorethan25VLANsconfiguredontheswitch,rebootthe
switchafterconfiguringthemanagementVLAN.
IfyouimplementaManagementVLANinaswitchmeshenvironment,all
meshedportsontheswitchwillbemembersoftheManagementVLAN.
OnlyoneManagement-VLANcanbeactiveintheswitch.IfoneManage-
ment-VLANVIDissavedinthestartup-configfileandyouconfigurea
differentVIDintherunning-configfile,theswitchusestherunning-config
versionuntilyoueitherusethewrite-memorycommandorrebootthe
switch.
DuringaTelnetsessiontotheswitch,ifyouconfiguretheManagement-
VLANtoaVIDthatexcludestheportthroughwhichyouareconnected
totheswitch,youwillcontinuetohaveaccessonlyuntilyouterminate
thesessionbyloggingoutorrebootingtheswitch.
DuringaWebAgentsession,ifyouconfiguretheManagement-VLANtoa
VIDthatexcludestheportthroughwhichyouareconnectedtotheswitch,
youwillcontinuetohaveaccessonlyuntilyouclosethebrowsersession
orreboottheswitch.
Not e TheManagement-VLANfeaturedoesnotcontrolmanagementaccessthrough
adirectconnectiontotheswitchsserialport.
EnablingSpanningTreewheretherearemultiplelinksusingseparate
VLANs,includingtheManagementVLAN,betweenapairofswitches,
SpanningTreewillforcetheblockingofoneormorelinks.Thismay
includethelinkcarryingtheManagementVLAN,whichwillcauselossof
managementaccesstosomedevices.Thiscanalsooccurwheremeshing
isconfiguredandtheManagementVLANisconfiguredonaseparatelink.
2-59
SpecialVLANTypes
MonitoringSharedResources:TheManagementVLANfeatureshares
internalswitchresourceswithseveralotherfeatures.Theswitchprovides
ampleresourcesforallfeatures.However,iftheinternalresources
becomefullysubscribed,theManagementVLANfeaturecannotbecon-
figureduntilthenecessaryresourcesarereleasedfromotheruses.For
informationondeterminingthecurrentresourceavailabilityandusage,
refertotheappendixtitledMonitoringResourcesintheManagement
andConfigurationGuideforyourswitch.
VLAN20(ManagementVLAN)
VLAN10
VLAN30
VLAN40
MeshDomain
Includes
Membershipin
ThreeVLANs
Switch
1
Switch
2
Switch
3
Eventhoughtheportsonthe
ManagementVLANlinkdonot
belongtoanyoftheVLANsinthe
mesh,thelinkwillbeblockedif
youenableSpanningTree.Thisis
becauseSpanningTreeoperates
per-switchandnotper-VLAN.
Figure2-41.ExampleofInadvertentlyBlockingaManagementVLANLinkby
ImplementingSpanningTree
VoiceVLANs
ConfiguringvoiceVLANsseparatesvoicetrafficfromdatatrafficandshields
yourvoicetrafficfrombroadcaststorms.Thissectiondescribeshowto
configuretheswitchforvoiceVLANoperation.
OperatingRulesforVoiceVLANs
YoumuststaticallyconfigurevoiceVLANs.GVRPanddynamicVLANsdo
notsupportvoiceVLANoperation.
ConfigureallportsinavoiceVLANastaggedmembersoftheVLAN.This
ensuresretentionoftheQoS(QualityofService)priorityincludedinvoice
VLANtrafficmovingthroughyournetwork.
IfatelephoneconnectedtoavoiceVLANincludesadataportusedfor
connectingothernetworkeddevices(suchasPCs)tothenetwork,then
youmustconfiguretheportasataggedmemberofthevoiceVLANanda
taggedoruntaggedmemberofthedataVLANyouwanttheothernet-
workeddevicetouse.
2-60
SpecialVLANTypes
ComponentsofVoiceVLANOperation
VoiceVLAN(s):ConfigureoneormorevoiceVLANsontheswitch.Some
reasonsforhavingmultiplevoiceVLANsinclude:
EmployingtelephoneswithdifferentVLANrequirements
Bettercontrolofbandwidthusage
Segregatingtelephonegroupsusedfordifferent,exclusivepurposes
WheremultiplevoiceVLANsexistontheswitch,youcanuseroutingto
communicatebetweentelephonesondifferentvoiceVLANs..
Tagged/UntaggedVLANMembership:Iftheappliancesusingavoice
VLANtransmittaggedVLANpackets,thenconfigurethememberportsas
taggedmembersoftheVLAN.Otherwise,configuretheportsasuntagged
members.
VoiceVLANQoSPrioritizing(Optional)
WithoutconfiguringtheswitchtoprioritizevoiceVLANtraffic,oneofthe
followingconditionsapplies:
IftheportsinavoiceVLANarenottaggedmembers,thentheswitch
forwardsalltrafficonthatVLANatnormalpriority.
IftheportsinavoiceVLANaretaggedmembers,thentheswitchforwards
alltrafficonthatVLANatwhateverprioritythetraffichaswhenreceived
inboundontheswitch.
UsingtheswitchsQoSVLAN-ID(VID)Priorityoption,youcanchangethe
priorityofvoiceVLANtrafficmovingthroughtheswitch.Ifallportmember-
shipsonthevoiceVLANaretagged,theprioritylevelyousetforvoiceVLAN
trafficiscarriedtothenextdevice.WithallportsonthevoiceVLANconfig-
uredastaggedmembers,youcanenforceaQoSprioritypolicy moving
throughtheswitchandthroughyournetwork.Tosetapriorityonavoice
VLAN,usethefollowingcommand:
Syntax:vlan<vid>qospriority<0-7>
Theqosprioritydefaultsettingis0(normal),with1asthe
lowestpriorityand7asthehighestpriority.
Forexample,ifyouconfiguredavoiceVLANwithaVIDof10,andwantedthe
highestpriorityforalltrafficonthisVLAN,youwouldexecutethefollowing
command:
Pr oCur ve( conf i g) # vl an 10 qos pr i or i t y 7
Pr oCur ve ( conf i g) # wr i t e memor y
2-61
EffectofVLANsonOtherSwitchFeatures
NotethatyoualsohavetheoptionofresettingtheDSCP(DiffServeCode-
point)ontaggedvoiceVLANtrafficmovingthroughtheswitch.Formoreon
thisandotherQoStopics,refertothechaptertitledQualityofService(QoS):
ManagingBandwidthMoreEffectivelyinthisguide.
VoiceVLANAccessSecurity
Youcanuseportsecurityconfiguredonanindividualportorgroupofports
inavoiceVLAN.Thatis,youcanallowordenyaccesstoaphonehavinga
particularMACaddress.RefertochaptertitledConfiguringandMonitoring
PortSecurityintheAccessSecurityGuideforyourswitch.
Not e MACauthenticationisnotrecommendedinvoiceVLANapplications.
EffectofVLANsonOtherSwitch
Features
SpanningTreeOperationwithVLANs
Dependingonthespanning-treeoptionconfiguredontheswitch,thespan-
ning-treefeaturemayoperateasasingleinstanceacrossallportsontheswitch
(regardlessofVLANassignments)ormultipleinstanceonaper-VLANbasis.
Forsingle-instanceoperation,thismeansthatifredundantphysicallinksexist
betweentheswitchandanother802.1Qdevice,allbutonelinkwillbeblocked,
regardlessofwhethertheredundantlinksareinseparateVLANs.Inthiscase
youcanuseporttrunkingtopreventSpanningTreefromunnecessarily
blockingports(andtoimproveoverallnetworkperformance).Formultiple-
instanceoperation,physicallyredundantlinksbelongingtodifferentVLANs
canremainopen.Refertochapter4,MultipleInstanceSpanning-TreeOper-
ation.
NotethatSpanningTreeoperatesdifferentlyindifferentdevices.Forexample,
inthe(obsolete,non-802.1Q)ProCurveSwitch2000andtheProCurveSwitch
800T,SpanningTreeoperatesonaper-VLANbasis,allowingredundantphys-
icallinksaslongastheyareinseparateVLANs.
2-62
EffectofVLANsonOtherSwitchFeatures
IPInterfaces
Thereisaone-to-onerelationshipbetweenaVLANandanIPnetworkinter-
face.SincetheVLANisdefinedbyagroupofports,thestate(up/down)of
thoseportsdeterminesthestateoftheIPnetworkinterfaceassociatedwith
thatVLAN.Whenaport-basedVLANoranIPv4orIPv6protocol-basedVLAN
comesupbecauseoneormoreofitsportsisup,theIPinterfaceforthatVLAN
isalsoactivated.Likewise,whenaVLANisdeactivatedbecauseallofitsports
aredown,thecorrespondingIPinterfaceisalsodeactivated.
VLANMACAddress
TheswitchescoveredbythisguidehaveoneuniqueMACaddressforallof
theirVLANinterfaces.Youcansendan802.2testpackettothisMACaddress
toverifyconnectivitytotheswitch.Likewise,youcanassignanIPaddressto
theVLANinterface,andwhenyouPingthataddress,ARPwillresolvetheIP
addresstothissingleMACaddress.Inatopologywhereaswitchhasmultiple
VLANsandmustbeconnectedtoadevicehavingasingleforwardingdatabase,
suchastheSwitch4000M,somecablingrestrictionsapply.Formoreonthis
topic,refertoMultipleVLANConsiderationsonpage2-20.
PortTrunks
WhenassigningaporttrunktoaVLAN,allportsinthetrunkareautomatically
assignedtothesameVLAN.Youcannotsplittrunkmembersacrossmultiple
VLANs.Also,aporttrunkistagged,untagged,orexcludedfromaVLANinthe
samewayasforindividual,untrunkedports.
PortMonitoring
Ifyoudesignateaportontheswitchfornetworkmonitoring,thisportwill
appearinthePortVLANAssignmentscreenandcanbeconfiguredasa
memberofanyVLAN.Forinformationonhowbroadcast,multicast,and
unicastpacketsaretaggedinsideandoutsideoftheVLANtowhichthe
monitorportisassigned,refertothesectiontitledVLAN-RelatedProblems
intheTroubleshootingappendixoftheManagementandConfiguration
Guideforyourswitch.
JumboPacketSupport
Jumbopacketsupportisenabledper-VLANandappliestoallportsbelonging
totheVLAN.Formoreinformation,refertothechaptertitledPortTraffic
ControlsintheManagementandConfigurationGuideforyourswitch.
2-63
VLANRestrictions
VLANRestrictions
AportmustbeamemberofatleastoneVLAN.Inthefactorydefault
configuration,allportsareassignedtothedefaultVLAN
(DEFAULT_VLAN;VID=1).
Aportcanbeamemberofoneuntagged,port-basedVLAN.Allotherport-
basedVLANassignmentsforthatportmustbetagged.(TheUntagged
designationenablesVLANoperationwithnon802.1Q-compliantdevices.)
Aportcanbeanuntaggedmemberofoneprotocol-basedVLANofeach
protocoltype.Whenassigningaporttomultiple,protocol-basedVLANs
sharingthesametype,theportcanbeanuntaggedmemberofonlyone
suchVLAN.
Withroutingenabledontheswitch,theswitchcanroutetrafficbetween:
Multiple,port-basedVLANs
Aport-basedVLANandanIPv4protocol-basedVLAN
Aport-basedVLANandanIPv6protocol-basedVLAN
AnIPv4protocol-basedVLANandanIPv6protocolVLAN.
Other,routable,protocol-basedVLANsmustuseanexternalrouterto
movetrafficbetweenVLANs.Withroutingdisabled,allroutingbetween
VLANsmustbethroughanexternalrouter.
PriortodeletingastaticVLAN,youmustfirstre-assignallportsinthe
VLANtoanotherVLAN.Youcanusethenovlan<vid>commandtodelete
astaticVLAN.Formoreinformation,refertoCreatingaNewStaticVLAN
(Port-BasedorProtocol-Based)ChangingtheVLANContextLevelon
page2-41.
2-64
MigratingLayer3VLANsUsingVLANMACConfiguration
MigratingLayer3VLANsUsingVLAN
MACConfiguration
ProCurveroutingswitchesprovideaneasywaytomaintainLayer3VLAN
configurationswhenyoumigratedistributionroutersinanetworkconfigura-
tionthatisnotcentrallymanaged.Byfollowingtheproceduredescribedin
thissection,youcanupgradetoProCurveroutingswitcheswithoutstopping
theoperationofattachedhoststhatuseexistingroutersastheirdefault
gatewaytoroutetrafficbetweenVLANs.YoucanachieveseamlessVLAN
migrationbyconfiguringtheMACaddressofthepreviouslyinstalledrouter
ontheVLANinterfacesofaProCurveroutingswitch.
VLANMACAddressReconfiguration
TheProCurveswitchescoveredbythisguideuseoneuniqueMACaddressfor
allVLANinterfaces.IfyouassignanIPaddresstoaVLANinterface,ARP
resolvestheIPaddresstotheMACaddressoftheroutingswitchforall
incomingpackets.
TheLayer3VLANMACConfigurationfeatureallowsyoutoreconfigurethe
MACaddressusedforVLANinterfacesusingtheCLI.Packetsaddressedto
thereconfiguredLayer3MACaddress,suchasARPandIPdatapackets,are
receivedandprocessedbytheProCurveroutingswitch.
Packetstransmittedfromtheroutingswitch(packetsoriginatingfromthe
routerandforwardedpackets)usetheoriginalProCurveMACaddressasthe
sourceMACaddressinEthernetheaders.
ARPreplypacketsusethereconfiguredMACaddressinboththe:
ARPSenderMACaddressfield.
SourceMACaddressfieldintheEthernetframeheader
WhenyoureconfiguretheMACaddressonaVLANinterface,youmayalso
specifyakeepalivetimeouttotransmitheartbeatpacketsthatadvertisethe
newMACaddress.
ByconfiguringtheMACaddressofthepreviouslyinstalledrouterastheMAC
addressofeachVLANinterfaceonaProCurveswitch,youcanswapthe
physicalportofaroutertotheProCurveswitchaftertheswitchhasbeen
properlyconfiguredinthenetwork.
2-65
HandlingIncomingandOutgoingVLANTraffic
IncomingVLANdatapacketsandARPrequestsarereceivedandprocessed
ontheroutingswitchaccordingtotheMACaddressofthepreviouslyinstalled
routerthatisconfiguredforeachVLANinterface.
OutgoingVLANtrafficusestheMACaddressoftheProCurveswitchasthe
sourceMACaddressinpacketheaders.TheMACaddressconfiguredonVLAN
interfacesisnotusedonoutboundVLANtraffic.
WhentheroutingswitchreceivesanARPrequestfortheIPaddressconfigured
onaVLANinterface,theARPreplyusesthereconfiguredMACaddressinboth
the:
ARPSenderMACaddressfield
SourceMACaddressfieldintheEthernetframeheader.
WhenproxyARPisenabledonaVLANinterface,the"gracious"ARPreply
sentforanARPrequestreceivedfromVLANdeviceslocatedoutsidethe
directlyconnectedIPsubnetsalsocontainsthereconfiguredMACaddressin
the:
ARPSenderMACaddressfield
SourceMACaddressfieldintheEthernetframeheader.
Not e TheVirtualRouterRedundancyProtocol(VRRP)isnotsupportedonVLAN
interfacesonwhichtheMACaddressforincomingtraffichasbeenreconfig-
ured
Tohostsinthenetwork,VLANtrafficcontinuestoberouted(usingthe
reconfiguredMACaddressasdestinationaddress),butoutboundVLANtraffic
appearstobesentfromanotherrouter(usingtheProCurveMACaddressas
sourceaddress)attachedtothesamesubnet.Althoughitappearsasan
asymmetricpathtonetworkhosts,theMACaddressconfigurationfeature
enablesLayer3VLANmigration.(AsuccessfulVLANmigrationisachieved
becausethehostsdonotverifythatthesourceMACaddressandthedestina-
tionMACaddressarethesamewhencommunicatingwiththeroutingswitch.)
2-66
SendingHeartbeatPacketswithaConfiguredMAC
Address
OntheVLANinterfacesofaroutingswitch,theuser-definedMACaddress
onlyappliestoinboundtraffic.Asaresult,anyconnectedswitchesneedto
learnthenewaddressthatisincludedintheEthernetframesofoutbound
VLANtraffictransmittedfromtheroutingswitch.
IfaconnectedswitchdoesnothavethenewlyconfiguredMACaddressofthe
routingswitchasadestinationinitsMACaddresstable,itfloodspacketsto
allofitsportsuntilareturnstreamallowstheswitchtolearnthecorrect
destinationaddress.Asaresult,theperformanceoftheswitchisdegradedas
ittriestosendEthernetpacketstoanunknowndestinationaddress.
Toallowconnectedswitchestolearntheuser-configuredMACaddressofa
VLANinterface,theProCurveroutingswitchcansendperiodicheartbeat-like
Ethernetpackets.TheEthernetpacketscontaintheconfiguredMACaddress
asthesourceaddressinthepacketheader.IPmulticastpacketsorEthernet
serviceframesarepreferredbecausetheydonotinterruptthenormalopera-
tionofclientdevicesconnectedonthesegment.
BecausetheagingtimeofdestinationaddressesinMACaddresstablesvaries
onnetworkdevices,youmustalsoconfigureatimeintervaltouseforsending
heartbeatpackets.
HeartbeatpacketsaresentatperiodicintervalswithaspecificProCurve
unicastMACaddressindestinationfield.ThisMACaddressisassignedto
ProCurveandisnotusedbyothernon-ProCurverouters.Becausetheheart-
beatpacketcontainsaunicastMACaddress,itdoesnotinterrupthost
operation.EvenifyouhavemultipleProCurveswitchesconnectedtothe
network,thereisnoimpactonnetworkperformancebecauseeachswitch
sendsheartbeatpacketswithitsconfiguredMACaddressasthedestination
address.
TheformatofaheartbeatpacketisanextendedEthernetOUIframewithan
extendedOUIEthertype(88B7)andanewprotocolidentifierinthe5-octet
protocolidentifierfield.
2-67
ConfiguringaVLANMACAddresswithHeartbeat
Interval
WheninstallingProCurveroutingswitchesintheplaceofexistingroutersin
anetworkconfiguration,youcanachieveLayer3VLANmigrationbyusing
theip-recv-mac-addresscommandattheVLANconfigurationlevelto:
ConfiguretheMACaddressofthepreviouslyinstalledrouteroneach
VLANinterfaceofaProCurveroutingswitch.
Optionallyconfigurethetimeintervaltouseforsendingheartbeatpackets
withtheconfiguredMACaddress.
Syntax:[no]ip-recv-mac-address<mac-address>[interval<seconds>]
ip-recv-mac-address<mac-address>
ConfiguresaVLANinterfacewiththespecifiedMAC
address.Enterthenoversionofthecommandtoremovethe
configuredMACaddressandreturntotheoriginalMAC
addressoftheProCurveswitch.
interval<seconds>
(Optional)Configuresthetimeinterval(inseconds)used
betweentransmissionsofheartbeatpacketstoallnetwork
devicesconfiguredontheVLAN.Validvaluesarefromone
to255seconds.Thedefaultis60seconds.
OperatingNotes
Theip-recv-mac-addresscommandallowsyoutoconfigureonlyoneMAC
addressforaspecifiedVLAN.Ifyoure-enterthecommandtoconfigure
anotherMACaddress,thepreviouslyconfiguredMACaddressisoverwrit-
ten.
EnterthenoformofthecommandtoremoveaconfiguredMACaddress
andrestorethedefaultMACaddressoftheProCurveswitch.
WhenyouconfigureaVLANMACaddress,youmayalsospecifyaheart-
beatinterval.Theinterval<seconds>parameterisoptional.
AfteryouconfigureaVLANMACaddress:
IProuterandMACARPrepliestootherVLANdevicescontainthe
user-definedMACaddressastheEthernetsenderhardwareaddress.
OutboundVLANtrafficcontainstheProCurveMACaddress,notthe
configuredMACaddress,asthesourceMACaddressinpackethead-
ers.
2-68

------------- ------------------------ -----------
ImmediatelyafteryouconfigureaVLANMACaddressorremovea
configuredMACaddress,agratuitousARPmessageisbroadcastonthe
connectedsegmenttoannouncethechangeoftheIP-to-MACaddress
bindingtoallconnectedIP-basedequipment.
AconfiguredVLANMACaddresssupportsproxyARPandgraciousARP.
AnewMIBvariable,ifRcvAddressTable,isintroducedtosupportVLAN
MACconfiguration.
YoucannotconfigureaVLANMACaddressusingtheWebAgentormenu
interface.YoumustusetheCLI.
VRRPisnotsupportedonaVLANinterfacewithauser-configuredMAC
address.
Example
ThefollowingexampleshowshowtoconfigureaMACaddressonVLAN101.
Pr oCur ve# conf i gur e t er mi nal
Pr oCur ve( conf i g) # vl an 101
Pr oCur ve( vl an- 101) # i p- r ecv- mac- addr ess 0060b0- e9a200
i nt er val 100
VerifyingaVLANMACAddressConfiguration
ToverifytheconfigurationofLayer3MACaddressesontheVLANinterfaces
ofaswitch,entertheshowip-recv-mac-addresscommand.
Pr oCur ve# show i p- r ecv- mac- addr ess
VLAN L3- Mac- Addr ess Tabl e
VLAN L3- Mac- Addr ess Ti meout
DEFAULT_VLAN 001635- 024467 60
VLAN2 001635- 437529 100
Figure2-42.ExampleofDisplayingaVLANMACAddress
2-69
2-70
3
GVRP
Contents
Overview ..................................................... 3-2
Introduction .................................................. 3-3
GeneralOperation ............................................ 3-4
Per-PortOptionsforHandlingGVRPUnknownVLANs ........ 3-7
Per-PortOptionsforDynamicVLANAdvertisingandJoining .... 3-9
GVRPandVLANAccessControl............................... 3-11
AdvertisementsandDynamicJoins........................... 3-11
Port-LeaveFromaDynamicVLAN ............................ 3-11
PlanningforGVRPOperation ................................. 3-12
ConfiguringGVRPOnaSwitch................................ 3-13
Menu:ViewingandConfiguringGVRP . . ... .................... 3-13
CLI:ViewingandConfiguringGVRP .. . ....................... 3-14
Web:ViewingandConfiguringGVRP .......................... 3-18
GVRPOperatingNotes ....................................... 3-18
3-1
GVRP
Overview
Overview
ThischapterdescribesGVRPandhowtoconfigureitwiththeswitchsbuilt-
ininterfaces,andassumesanunderstandingofVLANs,whicharedescribed
inchapter2,StaticVirtualLANs(VLANs).
Forgeneralinformationonhowtousetheswitchsbuilt-ininterfaces,referto
thesechaptersintheManagementandConfigurationGuideforyourswitch:
Chapter3,UsingtheMenuInterface
Chapter4,UsingtheCommandLineInterface(CLI)
Chapter5,UsingtheWebAgent
Chapter6,SwitchMemoryandConfiguration
3-2
GVRP
Introduction
Introduction
Feature Default Menu CLI Web
viewGVRPconfiguration n/a page3-13 page3-14 page3-18
liststaticanddynamicVLANs n/a page3-16 page3-18
onaGVRP-enabledswitch
enableordisableGVRP disabled page3-13 page3-15 page3-18
enableordisableGVRPon enabled page3-13 page3-15
individualports
controlhowindividualports Learn page3-13 page3-15 page3-18
handleadvertisementsfornew
VLANs
convertadynamicVLANtoa n/a page3-17
staticVLAN
configurestaticVLANs DEFAULT_VLAN page2-24 page2-30 page2-45
(VID=1)
GVRPGARPVLANRegistrationProtocolisanapplicationoftheGeneric
AttributeRegistrationProtocolGARP.GVRPisdefinedintheIEEE802.1Q
standard,andGARPisdefinedintheIEEE802.1D-1998standard.
Not e TounderstandanduseGVRPyoumusthaveaworkingknowledgeof802.1Q
VLANtagging.(Refertochapter2,StaticVirtualLANs(VLANs).)
GVRPusesGVRPBridgeProtocolDataUnits(GVRPBPDUs)toadver-
tisestaticVLANs.Inthismanual,aGVRPBPDUistermedanadvertisement.
Advertisementsaresentoutboundfromportsonaswitchtothedevices
directlyconnectedtothoseports.
WhileGVRPisenabledontheswitch,youcannotapplyanyACLstoVLANs
configuredonthesame switch.
GVRPenablestheswitchtodynamicallycreate802.1Q-compliantVLANson
linkswithotherdevicesrunningGVRP.Thisenablestheswitchtoautomati-
callycreateVLANlinksbetweenGVRP-awaredevices.(AGVRPlinkcan
includeintermediatedevicesthatarenotGVRP-aware.)Thisoperation
reducesthechancesforerrorsinVLANconfigurationbyautomaticallypro-
vidingVLANID(VID)consistencyacrossthenetwork.Thatis,youcanuse
GVRPtopropagateVLANstootherGVRP-awaredevicesinsteadofmanually
3-3
GVRP
GeneralOperation
havingtosetupVLANsacrossyournetwork.Aftertheswitchcreatesa
dynamicVLAN,youcanoptionallyusetheCLIstatic<vlan-id>commandto
convertittoastaticVLANorallowittocontinueasadynamicVLANforas
longasneeded.YoucanalsouseGVRPtodynamicallyenableportmember-
shipinstaticVLANsconfiguredonaswitch.
Not e Ontheswitchescoveredinthisguide,GVRPcanbeenabledonlyifmaxvlans
issettonomorethan256VLANs.
GeneralOperation
WhenGVRPisenabledonaswitch,theVIDforanystaticVLANsconfigured
ontheswitchisadvertised(usingBPDUsBridgeProtocolDataUnits)out
allports,regardlessofwhetheraportisuporassignedtoanyparticularVLAN.
AGVRP-awareportonanotherdevicethatreceivestheadvertisementsover
alinkcandynamicallyjointheadvertisedVLAN.
AdynamicVLAN(thatis,aVLANlearnedthroughGVRP)istaggedontheport
onwhichitwaslearned.Also,aGVRP-enabledportcanforwardanadvertise-
mentforaVLANitlearnedaboutfromotherportsonthesameswitch(internal
source),buttheforwardingportwillnotitselfjointhatVLANuntilanadver-
tisementforthatVLANisreceivedthroughalinkfromanotherdevice(exter-
nalsource)onthatspecificport
3-4
GVRP
GeneralOperation
OperatingNote:WhenaGVRP-awareportonaswitchlearnsaVIDthroughGVRPfromanotherdevice,theswitchbegins
advertisingthatVIDoutallofitsportsexcepttheportonwhichtheVIDwaslearned.
Coreswitchwithstatic
VLANs(VID=1,2,&3).Port2
isamemberofVIDs1,2,&3.
1.Port2advertisesVIDs1,2,
&3.
2.Port1receivesadvertise-
mentofVIDs1,2,&3AND
becomesamemberofVIDs
1,2,&3.
&3,butport3isNOTa
memberofVIDs1,2,&3at
thispoint.
mentofVIDs1,2,&3AND
becomesamemberofVIDs
1,2,&3.
&3,butport5isNOTa
memberofVIDs1,2,&3at
thispoint.
Port6isstaticallyconfigured
tobeamemberofVID3.
11.Port2receives
advertisementofVID3.(Port
2isalreadystatically
configuredforVID3.)
mentofVID3ANDbecomes
amemberofVID3.(Stillnot
amemberofVIDs1&2.)
10.Port1advertisesVID3.
mentofVID3ANDbecomes
amemberofVID3.(Stillnot
amemberofVIDs1&2.)
1 4
6
5
Switch1
GVRPOn
2
Switch2
GVRPOn
3
Switch3
GVRPOn
StaticVLANcon-
figuredEndDevice
(NICorswitch)
withGVRPOn
Figure3-1..ExampleofForwardingAdvertisementsandDynamicJoining
NotethatifastaticVLANisconfiguredonatleastoneportofaswitch,and
thatporthasestablishedalinkwithanotherdevice,thenallotherportsofthat
switchwillsendadvertisementsforthatVLAN.
Forexample,inthefollowingfigure,TaggedVLANportsonswitchAand
switchCadvertiseVLANs22and33toportsonotherGVRP-enabled
switchesthatcandynamicallyjointheVLANs.
3-5
GVRP
GeneralOperation
SwitchA
GVRPOn
SwitchB
(NoGVRP)
SwitchC
GVRPOn
SwitchD
GVRPOn
Tagged
VLAN22
Tagged
VLAN22
SwitchE
GVRPOn
Tagged
VLAN33
SwitchC:
Port5dynamicallyjoinsVLAN22.
Ports11and12belongtoTaggedVLAN33.
SwitchE:
Port2dynamicallyjoinsVLANs22and33.
SwitchD:
Port6dynamicallyjoinsVLAN22and33.
1 5
12
11
2
7
3
6
Figure3-2.ExampleofGVRPOperation
Not e AportcanlearnofadynamicVLANthroughdevicesthatarenotawareof
GVRP(SwitchB,above).VLANsmustbedisabledinGVRP-unawaredevices
toallowtaggedpacketstopassthrough.
AGVRP-awareportreceivingadvertisementshastheseoptions:
IfthereisnotalreadyastaticVLANwiththeadvertisedVIDonthe
receivingport,thendynamicallycreatetheVLANandbecomeamember.
IftheswitchalreadyhasastaticVLANassignmentwiththesameVIDas
intheadvertisement,andtheportisconfiguredtoAutoforthatVLAN,
thentheportwilldynamicallyjointheVLANandbeginmovingthat
VLANstraffic.(FormoredetailonAuto,seePer-PortOptionsfor
DynamicVLANAdvertisingandJoiningonpage3-9.)
IgnoretheadvertisementforthatVID.
DontparticipateinthatVLAN.
NotealsothataportbelongingtoaTaggedorUntaggedstaticVLANhasthese
configurableoptions:
3-6
GVRP
Per-PortOptionsforHandlingGVRPUnknownVLANs
SendVLANadvertisements,andalsoreceiveadvertisementsforVLANs
onotherportsanddynamicallyjointhoseVLANs.
SendVLANadvertisements,butignoreadvertisementsreceivedfrom
otherports.
AvoidGVRPparticipationbynotsendingadvertisementsanddropping
anyadvertisementsreceivedfromotherdevices.
IPAddressing.AdynamicVLANdoesnothaveanIPaddress,andmoves
trafficonthebasisofportmembershipinVLANs.However,afterGVRP
createsadynamicVLAN,youcanconvertittoastaticVLAN.Notethatitis
thennecessarytoassignportstotheVLANinthesamewaythatyouwould
forastaticVLANthatyoucreatedmanually.Inthestaticstateyoucan
configureIPaddressingontheVLANandaccessitinthesamewaythatyou
wouldanyotherstatic(manuallycreated)VLAN.
Per-PortOptionsforHandlingGVRP
UnknownVLANs
AnunknownVLANisaVLANthattheswitchlearnsofbyreceivingan
advertisementforthatVLANonaportthatisnotalreadyamemberofthat
VLAN.IftheportisconfiguredtolearnunknownVLANs,thentheVLANis
dynamicallycreatedandtheportbecomesataggedmemberoftheVLAN.For
example,supposethatinfigure3-2(page3-6),port1onswitchAiscon-
nectedtoport5onswitchC.BecauseswitchAhasVLAN22statically
configured,whileswitchCdoesnothavethisVLANstaticallyconfigured
(anddoesnotForbidVLAN22onport5),VLAN22ishandledasan
UnknownVLANonport5inswitchC.Conversely,ifVLAN22wasstatically
configuredonswitchC,butport5wasnotamember,port5wouldbecomea
memberwhenadvertisementsforVLAN22werereceivedfromswitchA.
WhenyouenableGVRPonaswitch,youhavetheper-portjoin-requestoptions
listedintable3-1:
3-7
GVRP
Per-PortOptionsforHandlingGVRPUnknownVLANs
Table3-1.OptionsforHandlingUnknownVLANAdvertisements:
UnknownVLAN
Mode
Operation
Learn EnablestheporttobecomeamemberofanyunknownVLANforwhichit
(theDefault) receivesanadvertisement.AllowstheporttoadvertiseotherVLANsthat
haveatleastoneotherportonthesameswitchasamember.
Block PreventstheportfromjoininganynewdynamicVLANsforwhichitreceives
anadvertisement.
AllowstheporttoadvertiseotherVLANsthathaveatleastoneotherport
asamember.
Disable CausestheporttoignoreanddropallGVRPadvertisementsitreceivesand
alsopreventstheportfromsendinganyGVRPadvertisements.
TheCLIshowgvrpcommandandthemenuinterfaceVLANSupportscreen
showaswitchscurrentGVRPconfiguration,includingtheUnknownVLAN
settings.
GVRPEnabled
(RequiredforUnknown
VLANoperation.)
UnknownVLANSettings
Default:Learn
Figure3-3.ExampleofGVRPUnknownVLANSettings
3-8
GVRP
Per-PortOptionsforDynamicVLANAdvertisingandJoining
Per-PortOptionsforDynamicVLAN
AdvertisingandJoining
InitiatingAdvertisements. Asdescribedintheprecedingsection,to
enabledynamicjoins,GVRPmustbeenabledandaportmustbeconfigured
toLearn(thedefault).However,tosendadvertisementsinyournetwork,one
ormorestatic(Tagged,Untagged,orAuto)VLANsmustbeconfiguredonone
ormoreswitches(withGVRPenabled),dependingonyourtopology.
EnablingaPortforDynamicJoins.Youcanconfigureaporttodynami-
callyjoinastaticVLAN.Thejoinwillthenoccurifthatportsubsequently
receivesanadvertisementforthestaticVLAN.(ThisisdonebyusingtheAuto
andLearnoptionsdescribedintable3-2,onthenextpage.
ParametersforControllingVLANPropagationBehavior. Youcancon-
figureanindividualporttoactivelyorpassivelyparticipateindynamicVLAN
propagationortoignoredynamicVLAN(GVRP)operation.Theseoptionsare
controlledbytheGVRPUnknownVLANandthestaticVLANconfiguration
parameters,asdescribedinthefollowingtable:
3-9
GVRP
Per-PortOptionsforDynamicVLANAdvertisingandJoining
Table3-2.ControllingVLANBehavioronPortswithStaticVLANs
Per-Port
Unknown
VLAN
(GVRP)
Configuration
StaticVLANOptionsPerVLANSpecifiedonEachPort
1
PortActivity:
TaggedorUntagged(PerVLAN)
2
PortActivity:
Auto
2
(PerVLAN)
PortActivity:Forbid (PerVLAN)
2
Learn
(theDefault)
Theport:
BelongstospecifiedVLAN.
AdvertisesspecifiedVLAN.
Canbecomeamemberof
dynamicVLANsforwhichit
receivesadvertisements.
AdvertisesdynamicVLANs
thathaveatleastoneother
port(onthesameswitch)asa
member.
Theport:
Willbecomeamemberof
specifiedVLANifitreceives
advertisementsforspecified
VLANfromanotherdevice.
WilladvertisespecifiedVLAN.
Canbecomeamemberof
other,dynamicVLANsfor
whichitreceives
advertisements.
WilladvertiseadynamicVLAN
thathasatleastoneotherport
(onthesameswitch)asa
member.
Theport:
1. Willnotbecomeamemberof
thespecifiedVLAN.
2. Willnotadvertisespecified
VLAN.
3. Canbecomeamemberof
otherdynamicVLANsfor
whichitreceives
advertisements.
4. WilladvertiseadynamicVLAN
thathasatleastoneotherport
onthesameswitchasa
member.
Block Theport:
BelongstothespecifiedVLAN.
AdvertisesthisVLAN.
Willnotbecomeamemberof
newdynamicVLANsforwhich
itreceivesadvertisements.
WilladvertisedynamicVLANs
portasamember.
Theport:
Willbecomeamemberof
specifiedVLANifitreceives
advertisementsforthisVLAN.
WilladvertisethisVLAN.
newdynamicVLANsforwhich
itreceivesadvertisements.
member.
Theport:
thespecifiedVLAN.
WillnotadvertisethisVLAN.
dynamicVLANsforwhichit
receivesadvertisements.
member.
Disable Theport:
Isamemberofthespecified
VLAN.
WillignoreGVRPPDUs.
Willnotjoinanyadvertised
VLANs.
WillnotadvertiseVLANs.
Theport:
thespecifiedVLAN.
WillignoreGVRPPDUs.
Willnotjoinanydynamic
VLANs.
Theport:
thisVLAN.
WillignoreGVRPPDUs.
Willnotjoinanydynamic
VLANs.
1
EachportoftheswitchmustbeaTaggedorUntaggedmemberofatleastoneVLAN.Thus,anyportconfiguredforGVRP
toLearnorBlockwillgenerateandforwardadvertisementsforstaticVLAN(s)configuredontheswitchandalsofor
dynamicVLANstheswitchlearnsonotherports.
2
Toconfiguretagging,Auto,orForbid,seeConfiguringStaticVLANPer-PortSettingsonpage2-43(fortheCLI)or
AddingorChangingaVLANPortAssignmentonpage2-28(forthemenu).
3-10
GVRP
GVRPandVLANAccessControl
Astheprecedingtableindicates,whenyouenableGVRP,aportthathasa
TaggedorUntaggedstaticVLANhastheoptionforbothgeneratingadvertise-
mentsanddynamicallyjoiningotherVLANs.
Not e Intable3-2,above,theUnknownVLANparametersareconfiguredonaper-
portbasisusingtheCLI.TheTagged,Untagged,Auto,andForbidoptionsare
configuredperstaticVLANoneveryport,usingeitherthemenuinterfaceor
theCLI.
BecausedynamicVLANsoperateasTaggedVLANs,andbecauseataggedport
ononedevicecannotcommunicatewithanuntaggedportonanotherdevice,
ProCurverecommendsthatyouuseTaggedVLANsforthestaticVLANsyou
willusetogenerateadvertisements.
GVRPandVLANAccessControl
AdvertisementsandDynamicJoins
WhenyouenableGVRPonaswitch,thedefaultGVRPparametersettings
allowalloftheswitchsportstotransmitandreceivedynamicVLANadver-
tisements(GVRPadvertisements)andtodynamicallyjoinVLANs.Thetwo
precedingsectionsdescribetheper-portfeaturesyoucanusetocontroland
limitVLANpropagation.Tosummarize,youcan:
Allowaporttoadvertiseand/orjoindynamicVLANs(Learnmodethe
default).
AllowaporttosendVLANadvertisements,butnotreceivethemfrom
otherdevices;thatis,theportcannotdynamicallyjoinaVLANbutother
devicescandynamicallyjointheVLANsitadvertises(Blockmode).
PreventaportfromparticipatinginGVRPoperation(Disablemode).
Port-LeaveFromaDynamicVLAN
AdynamicVLANcontinuestoexistonaportforaslongastheportcontinues
toreceiveadvertisementsofthatVLANfromanotherdeviceconnectedtothat
portoruntilyou:
ConverttheVLANtoastaticVLAN(SeeConvertingaDynamicVLANto
aStaticVLANonpage3-17.)
ReconfiguretheporttoBlockorDisable
3-11
GVRP
PlanningforGVRPOperation
DisableGVRP
Reboottheswitch
Thetime-to-livefordynamicVLANsis10seconds.Thatis,ifaporthasnot
receivedanadvertisementforanexistingdynamicVLANduringthelast10
seconds,theportremovesitselffromthatdynamicVLAN.
PlanningforGVRPOperation
ThesestepsoutlinetheprocedureforsettingupdynamicVLANsforaseg-
ment.
1. DeterminetheVLANtopologyyouwantforeachsegment(broadcast
domain)onyournetwork.
2. DeterminetheVLANsthatmustbestaticandtheVLANsthatcanbe
dynamicallypropagated.
3. Determinethedeviceordevicesonwhichyoumustmanuallycreatestatic
VLANsinordertopropagateVLANsthroughoutthesegment.
4. Determinesecurityboundariesandhowtheindividualportsintheseg-
mentwillhandledynamicVLANadvertisements.(Seetable3-1onpage
3-8andtable3-2onpage3-10.)
5. EnableGVRPonalldevicesyouwanttousewithdynamicVLANsand
configuretheappropriateUnknownVLANparameter(Learn,Block,or
Disable)foreachport.
6. ConfigurethestaticVLANsontheswitch(es)wheretheyareneeded,
alongwiththeper-VLANparameters(Tagged,Untagged,Auto,andForbid
seetable3-2onpage3-10)oneachport.
7. DynamicVLANswillthenappearautomatically,accordingtotheconfig-
urationoptionsyouhavechosen.
8. ConvertdynamicVLANstostaticVLANswhereyouwantdynamicVLANs
tobecomepermanent.
3-12
GVRP
ConfiguringGVRPOnaSwitch
Theproceduresinthissectiondescribehowto:
ViewtheGVRPconfigurationonaswitch
EnableanddisableGVRPonaswitch
Specifyhowindividualportswillhandleadvertisements
TovieworconfigurestaticVLANsforGVRPoperation,refertoPer-PortStatic
VLANConfigurationOptionsonpage2-14.
Menu:ViewingandConfiguringGVRP
1. FromtheMainMenu,select:
8.VLANMenu
1.VLANSupport
Figure3-4.TheVLANSupportScreen(DefaultConfiguration)
2. DothefollowingtoenableGVRPanddisplaytheUnknownVLANfields:
a. Press[E](forEdit).
b. Use[v]tomovethecursortotheGVRPEnabledfield.
c. PresstheSpacebartoselectYes.
d. Press[v]againtodisplaytheUnknownVLANfields.
3-13
GVRP
TheUnknownVLAN
fieldsenableyouto
configureeachportto:
Learn-Dynamically
joinanyadvertised
VLANandadvertise
allVLANslearned
throughotherports.
Block-Donot
dynamicallyjoinany
VLAN,butstill
advertiseallVLANs
learnedthroughother
ports.
Disable-Ignoreand
dropallincoming
advertisementsand
donottransmitany
advertisements.
Figure3-5.ExampleShowingDefaultSettingsforHandlingAdvertisements
3. Usethearrowkeystoselecttheportyouwant,andtheSpacebartoselect
UnknownVLANoptionforanyportsyouwanttochange.
4. Whenyoufinishmakingconfigurationchanges,press[Enter],then[S](for
Save)tosaveyourchangestotheStartup-Configfile.
CLI:ViewingandConfiguringGVRP
GVRPCommandsUsedinThisSection
showgvrp below
gvrp page3-15
unknown-vlans page3-15
DisplayingtheSwitchsCurrentGVRPConfiguration. Thiscommand
showswhetherGVRPisdisabled,alongwiththecurrentsettingsforthe
maximumnumberofVLANsandthecurrentPrimaryVLAN.(Formoreonthe
lasttwoparameters,seechapter2,StaticVirtualLANs(VLANs).)
Syntax: showgvrp Showsthecurrentsettings.
3-14
GVRP
Figure3-6.ExampleofShowGVRPListingwithGVRPDisabled
Thisexampleincludes
non-defaultsettingsfor
theUnknownVLANfield
forsomeports.
Figure3-7.ExampleofShowGVRPListingwithGVRPEnabled
EnablingandDisablingGVRPontheSwitch.Thiscommandenables
GVRPontheswitch.
Syntax: gvrp
ThisexampleenablesGVRP:
Pr oCur ve( conf i g) # gvr p
ThisexampledisablesGVRPoperationontheswitch:
Pr oCur ve( conf i g) # no gvr p
EnablingandDisablingGVRPOnIndividualPorts. WhenGVRPis
enabledontheswitch,usetheunknown-vlanscommandtochangethe
UnknownVLANfieldforoneormoreports.Youcanusethiscommandat
eithertheManagerlevelortheinterfacecontextlevelforthedesiredport(s).
3-15
GVRP
Syntax: interface<port-list>unknown-vlans<learn|block|disable>
ChangestheUnknownVLANfieldsettingforthespecified
port(s).
Forexample,tochangeandviewtheconfigurationforportsA1-A2toBlock:
Figure3-8.DisplayingtheStaticandDynamicVLANsActiveontheSwitch
Syntax: showvlans
TheshowvlanscommandlistsallVLANspresentintheswitch.
Forexample,inthefollowingillustration,switchBhasonestaticVLAN(the
defaultVLAN),withGVRPenabledandport1configuredtoLearnfor
UnknownVLANs.SwitchAhasGVRPenabledandhasthreestaticVLANs:
thedefaultVLAN,VLAN-222,andVLAN-333.Inthisscenario,switchBwill
dynamicallyjoinVLAN-222andVLAN-333:
3-16
GVRP
SwitchB SwitchA
Port1:Setto
LearnMode
GVRPenabled.
3StaticVLANs:
GVRPenabled.
1StaticVLANs:
DEFAULT_VLAN DEFAULT_VLAN
VLAN-222
VLAN-333
Theshowvlanscommandliststhedynamic(andstatic)VLANsinswitchB
afterithaslearnedandjoinedVLAN-222andVLAN-333.
Figure3-9.ExampleofListingShowingDynamicVLANs
ConvertingaDynamicVLANtoaStaticVLAN.Ifaportontheswitch
hasjoinedadynamicVLAN,youcanusethefollowingcommandtoconvert
thatdynamicVLANtoastaticVLAN:
DynamicVLANs
Learnedfrom
SwitchA
throughPort1
Syntax: static<dynamic-vlan-id>
ConvertstheadynamicVLANtoastaticVLAN.
Forexample,toconvertdynamicVLAN333(fromthepreviousexample)toa
staticVLAN:
Pr oCur ve( conf i g) # st at i c 333
WhenyouconvertadynamicVLANtoastaticVLAN,allportsontheswitch
areassignedtotheVLANinAutomode.
3-17
GVRP
GVRPOperatingNotes
Web:ViewingandConfiguringGVRP
Toview,enable,disable,orreconfigureGVRP:
1. ClickontheConfigurationtab.
2. Clickon[VLANConfiguration]anddothefollowing:
ToenableordisableGVRP,clickonGVRPEnabled.
TochangetheUnknownVLANfieldforanyport:
i. Clickon[GVRPSecurity]andmakethedesiredchanges.
ii. Clickon[Apply]tosaveandimplementyourchangestothe
UnknownVLANfields.
Forweb-basedHelponhowtousetheWebAgentscreen,clickonthe[?]button
providedontheWebAgentscreen.
GVRPOperatingNotes
AdynamicVLANmustbeconvertedtoastaticVLANbeforeitcanhave
anIPaddress.
Ontheswitchescoveredinthisguide,GVRPcanbeenabledonlyifmax
vlansissettonomorethan256VLANs.
ThetotalnumberofVLANsontheswitch(staticanddynamiccombined)
cannotexceedthecurrentMaximumVLANssetting.Forexample,inthe
factorydefaultstate,theswitchsupportsupto256VLANs.Anyadditional
VLANsadvertisedtotheswitchwillnotbeaddedunlessyoufirstincrease
theMaximumVLANssetting.IntheMenuinterface,clickon2.Switch
Configuration|8.VLANMenu|1.VLANSupport.Intheglobalconfiglevelofthe
CLI,usemax-vlans.
ConvertingadynamicVLANtoastaticVLANandthenexecutingthewrite
memorycommandsavestheVLANinthestartup-configfileandmakesit
apermanentpartoftheswitchsVLANconfiguration.
Withinthesamebroadcastdomain,adynamicVLANcanpassthrougha
devicethatisnotGVRP-aware.Thisisbecauseahuboraswitchthatis
notGVRP-warewillfloodtheGVRP(multicast)advertisementpackets
outallports.
GVRPassignsdynamicVLANsasTaggedVLANs.ToconfiguretheVLAN
asUntagged,youmustfirstconvertittoastaticVLAN.
3-18
GVRP
GVRPOperatingNotes
RebootingaswitchonwhichadynamicVLANexistsdeletesthatVLAN.
However,thedynamicVLANre-appearsaftertherebootifGVRPis
enabledandtheswitchagainreceivesadvertisementsforthatVLAN
throughaportconfiguredtoadddynamicVLANs.
ByreceivingadvertisementsfromotherdevicesrunningGVRP,theswitch
learnsofstaticVLANsonthoseotherdevicesanddynamically(automat-
ically)createstaggedVLANsonthelinkstotheadvertisingdevices.
Similarly,theswitchadvertisesitsstaticVLANstootherGVRP-aware
devices,aswellasthedynamicVLANstheswitchhaslearned.
AGVRP-enabledswitchdoesnotadvertiseanyGVRP-learnedVLANsout
oftheport(s)onwhichitoriginallylearnedofthoseVLANs.
WhileGVRPisenabledontheswitch,youcannotapplyanyACLsto
VLANsconfiguredonthesameswitch.
AVLANenabledforjumbotrafficcannotbeusedtocreateadynamic
VLAN.Aportbelongingtoastaticallyconfigured,jumbo-enabledVLAN
cannotjoinadynamicVLAN.
3-19
GVRP
GVRPOperatingNotes
3-20
4
MultipleInstanceSpanning-TreeOperation
Contents
Overview ..................................................... 4-3
802.1sMultipleSpanningTreeProtocol(MSTP) ................ 4-6
MSTPStructure ............................................. 4-7
HowMSTPOperates......................................... 4-9
MSTRegions ............................................ 4-9
CommonSpanningTree(CST). .............................. 4-11
MSTPOperationwith802.1QVLANs ...................... 4-12
Terminology ............................................... 4-13
OperatingRules ............................................ 4-15
MSTPCompatibilitywithRSTPorSTP . ... .................... 4-16
ConfiguringMSTP............................................ 4-17
Planningan MSTPApplication . .............................. 4-17
MSTPConfigurationOverview ............................... 4-19
ConfiguringMSTPOperationModeandGlobalSettings.......... 4-21
ConfiguringMSTPPer-PortParameters ... .................... 4-26
ConfiguringPerPort Parameters.......................... 4-27
ConfiguringBPDUFiltering.............................. 4-30
ConfiguringBPDUProtection ............................ 4-31
PVSTProtectionandFiltering............................ 4-34
ConfiguringMSTInstanceParameters......................... 4-39
ConfiguringMSTInstancePer-PortParameters ................. 4-41
EnablingorDisablingSpanningTreeOperation................. 4-44
ExchangingOneRegionConfigurationforAnother .......... 4-44
MSTPVLANConfigurationEnhancement ...................... 4-46
PreConfiguring VLANsin anMSTInstance ................. 4-47
ConfiguringMSTPInstanceswiththeVLANRangeOption.... 4-48
4-1
Contents
OperatingNotesfortheVLANConfigurationEnhancement ... 4-50
HowtoSaveYourCurrentConfiguration................... 4-51
DisplayingMSTPStatisticsandConfiguration ................. 4-53
DisplayingGlobalMSTPStatus . .............................. 4-54
DisplayingDetailed PortInformation ...................... 4-56
DisplayingStatusforaSpecificMSTInstance............... 4-57
DisplayingtheMSTPConfiguration ....................... 4-58
TroubleshootinganMSTPConfiguration ...................... 4-62
DisplayingtheChangeHistoryofRootBridges ................. 4-62
DisplayingDebugCountersforAllMSTInstances............... 4-65
DisplayingDebugCountersforOneMSTInstance .............. 4-66
DisplayingDebugCountersforPortsinanMSTInstance......... 4-68
FieldDescriptionsinMSTPDebugCommandOutput............ 4-70
TroubleshootingMSTPOperation ............................ 4-73
LoopProtection .............................................. 4-74
ConfiguringLoopProtection ................................. 4-75
ViewingLoopProtectionStatus .............................. 4-76
4-2
Overview
Overview
Theswitchescoveredinthisguide,usetheIEEE802.1sMultipleSpanning
TreeProtocol(MSTP)standard.
MSTPFeatures
802.1sSpanningTreeProtocol DefaultSetting PageRef
ViewingMSTPStatusandConfiguration n/a page4-53
ConfiguringMSTPOperationModeand Disabled page4-21
GlobalParameters and
following
ConfiguringBasicPortConnectivity
Parameters
admin-edge-port:No-disabled
auto-edge-port:Yes-enabled
bpdu-filter:No-disabled
page4-27
and
following
bpdu-protection:No-disabled
hello-time:2
path-cost:auto
point-to-pointMAC:Force-True
priority:128(multiplier:8)
root-guard:No-disabled
tcn-guard:No-disabled
loopprotection:Senddisable
ConfiguringMSTPInstanceParameters instance(MSTPI):none page4-39
priority:32768(multiplier:8)
ConfiguringMSTPInstancePer-Port path-cost:auto page4-41
Parameters priority:128(multiplier:8)
Enabling/DisablingMSTPSpanningTree Disabled page4-44
Operation
EnablinganEntireMSTRegionatOnce n/a page4-44
Withoutspanningtree,havingmorethanoneactivepathbetweenapairof
nodescausesloopsinthenetwork,whichcanresultinduplicationofmes-
sages,leadingtoabroadcaststormthatcanbringdownthenetwork.
Not e MSTPcannotprotectagainstloopswhenthereisanunmanageddeviceonthe
networkthatdropsspanningtreepackets,ormayfailtodetectloopswhere
thisisanedgeportconfiguredwithclientauthentication(802.1X,Weband
MACauthentication).Toprotectagainsttheformationofloopsinthesecases,
youcanusetheloopprotectionfeature(seeLoopProtectiononpage4-74).
4-3
Overview
Multiple-Instancespanningtreeoperation(802.1s)ensuresthatonlyone
activepathexistsbetweenanytwonodesinaspanning-treeinstance.A
spanning-treeinstancecomprisesauniquesetofVLANs,andbelongstoa
specificspanning-treeregion. Aregioncancomprisemultiplespanning-tree
instances(eachwithadifferentsetofVLANs),andallowsoneactivepath
amongregionsinanetwork.ApplyingVLANtaggingtotheportsinamultiple-
instancespanning-treenetworkenablesblockingofredundantlinksinone
instancewhileallowingforwardingoverthesamelinksfornon-redundantuse
byanotherinstance.
Forexample,supposeyouhavethreeswitchesinaregionconfiguredwith
VLANsgroupedintotwoinstances,asfollows:
VLANs Instance1 Instance2
10,11,12 Yes No
20,21,22 No Yes
4-4
Overview
ThelogicalandphysicaltopologiesresultingfromtheseVLAN/Instance
groupingsresultinblockingondifferentlinksfordifferentVLANs:
SwitchC
Instance1
VLANs:10,11,12
SwitchA
RootforInstance1
VLANs:10,11,12
SwitchB
Instance1
VLANs:10,11,12
SwitchC
Instance2
VLANs:20,21,22
SwitchA
Instance2
VLANs:20,21,22
SwitchB
RootforInstance2
VLANs:20,21,22
SwitchC
SwitchA
RootforInstance1
SwitchB
RootforInstance2
PathblockedforVLANsininstance1.
RegionA:LogicalTopology
PathblockedforVLANsininstance2. RegionA:PhysicalTopology
Figure4-1. ExampleofaMultipleSpanning-TreeApplication
4-5
802.1sMultipleSpanningTreeProtocol(MSTP)
802.1sMultipleSpanningTreeProtocol
(MSTP)
The802.1Dand802.1wspanningtreeprotocolsoperatewithoutregardtoa
networksVLANconfiguration,andmaintainonecommonspanningtree
throughoutabridgednetwork.Thus,theseprotocolsmaponeloop-free,
logicaltopologyonagivenphysicaltopology.The802.1sMultipleSpanning
Treeprotocol(MSTP)usesVLANstocreatemultiplespanningtreesina
network,whichsignificantlyimprovesnetworkresourceutilizationwhile
maintainingaloop-freeenvironment.
Whiletheper-VLANspanningtreeapproachadoptedbysomevendorsover-
comesthenetworkutilizationproblemsinherentinusingSTPorRSTP,using
aper-VLANtechnologywithmultipleVLANscanoverloadtheswitchsCPU.
MSTPontheswitchescoveredinthisguidecomplieswiththeIEEE802.1s
standard,andextendsSTPandRSTPfunctionalitytomapmultipleindepen-
dentspanningtreeinstancesontoaphysicaltopology.WithMSTP,each
spanningtreeinstancecanincludeoneormoreVLANsandappliesaseparate,
per-instanceforwardingtopology.Thus,whereaportbelongstomultiple
VLANs,itmaybedynamicallyblockedinonespanningtreeinstance,but
forwardinginanotherinstance.Thisachievesload-balancingacrossthenet-
workwhilekeepingtheswitchsCPUloadatamoderatelevel(byaggregating
multipleVLANsinasinglespanningtreeinstance).MSTPprovidesfault
tolerancethroughrapid,automaticreconfigurationifthereisafailureina
networksphysicaltopology.
WithMSTP-capableswitches,youcancreateanumberofMSTregionscon-
tainingmultiplespanningtreeinstances.Thisrequirestheconfigurationofa
numberofMSTP-capableswitches.However,itisNOTnecessarytodothis.
YoucanjustenableMSTPonanMSTP-capableswitchandaspanningtree
instanceiscreatedautomatically.Thisinstancealwaysexistsbydefaultwhen
spanningtreeisenabled,andisthespanningtreeinstancethatcommunicates
withSTPandRSTPenvironments.TheMSTPconfigurationcommandsoper-
ateexactlylikeRSTPcommandsandMSTPisbackward-compatiblewiththe
RSTP-enabledandSTP-enabledswitchesinyournetwork.
Ca u t i o n Spanningtreeinterpretsaswitchmeshasasinglelink.Becausetheswitch
automaticallygivesfasterlinksahigherpriority,thedefaultMSTPparameter
settingsareusuallyadequateforspanningtreeoperation.Also,because
incorrectMSTPsettingscanadverselyaffectnetworkperformance,you
shouldnotchangetheMSTPsettingsfromtheirdefaultvaluesunlessyouhave
astrongunderstandingofhowspanningtreeoperates.
4-6
Inameshenvironment,thedefaultMSTPtimersettings(HelloTimeand
ForwardDelay)areusuallyadequateforMSTPoperation.Becauseapacket
crossingameshmaytraverseseverallinkswithinthemesh,usingsmaller-
than-defaultsettingsfortheMSTPHelloTimeandForwardDelaytimerscan
causeunnecessarytopologychangesandend-nodeconnectivityproblems.
ForMSTPinformationbeyondwhatisprovidedinthismanual,refertothe
IEEE802.1sstandard.
MSTPStructure
MSTPmapsactive,separatepathsthroughseparatespanningtreeinstances
andbetweenMSTregions.EachMSTregioncomprisesoneormoreMSTP
switches.NotethatMSTPrecognizesanSTPorRSTPLANasadistinct
spanning-treeregion.
IST
Instance
MSTI
(Optional)
MSTI
(Optional) IST
Instance
MSTI
(Optional)
MSTI
(Optional)
MSTI
(Optional)
Switch
RunningSTP
Switch
RunningSTP
Switch
RunningSTP
Switch
RunningRSTP
Switch
RunningRSTP
Switch
RunningRSTP
CommonSpanningTree(CST)
MSTRegion
MSTRegion
CommonandInternalSpanningTree(CIST)
Figure4-2. ExampleofMSTPNetworkwithLegacySTPandRSTPDevices
Connected
4-7
CommonandInternalSpanningTree(CIST):TheCISTidentifiesthe
regionsinanetworkandadministerstheCISTrootbridgeforthenetwork,
therootbridgeforeachregion,andtherootbridgeforeachspanning-tree
instanceineachregion.
CommonSpanningTree(CST):TheCSTadministerstheconnectivity
amongtheMSTregions,STPLANs,andRSTPLANsinabridgednetwork.
MSTRegion:AnMSTregioncomprisestheVLANsconfiguredonphysically
connectedMSTPswitches.Allswitchesinagivenregionmustbeconfigured
withthesameVLANs,thesameMultipleSpanningTreeInstances(MSTIs),
andthesameMSTconfigurationidentifiers.
InternalSpanningTree(IST):TheISTadministersthetopologywithina
givenMSTregion.WhenyouconfigureaswitchforMSTPoperation,the
switchautomaticallyincludesallofthestaticVLANsconfiguredontheswitch
inasingle,activespanningtreetopology(instance)withintheIST.Thisis
termedtheISTinstance.AnyVLANsyousubsequentlyconfigureonthe
switchareaddedtothisISTinstance.Tocreateseparateforwardingpaths
withinaregion,groupspecificVLANsintodifferentMultipleSpanningTree
Instances(MSTIs).(RefertoMultipleSpanningTreeInstance(MSTI),
below.)
TypesofMultipleSpanningTreeInstances:Amultiplespanningtree
networkcomprisesseparatespanning-treeinstancesexistinginanMST
region.(Therecanbemultipleregionsinanetwork.)Eachinstancedefinesa
singleforwardingtopologyforanexclusivesetofVLANs.Bycontrast,anSTP
orRSTPnetworkhasonlyonespanningtreeinstancefortheentirenetwork,
andincludesallVLANsinthenetwork.(AnSTPorRSTPnetworkoperatesas
asingle-instancenetwork.)AregioncanincludetwotypesofSTPinstances:
InternalSpanning-TreeInstance(ISTInstance):Thisisthedefault
spanningtreeinstanceinanyMSTregion.Itprovidestherootswitchfor
theregionandcomprisesallVLANsconfiguredontheswitchesinthe
regionthatarenotspecificallyassignedtoMultipleSpanningTree
Instances(MSTIs,describedbelow).
Withinaregion,theISTinstanceprovidesaloop-freeforwardingpathfor
allVLANsassociatedwithit.VLANsthatarenotassociatedwithanMSTI
are,bydefault,associatedwiththeISTinstance.Notethattheswitch
automaticallyplacesdynamicVLANs(resultingfromGVRPoperation)in
theISTinstance.DynamicVLANscannotexistinanMSTI(described
below).
MultipleSpanningTreeInstance(MSTI):Thistypeofconfigurable
spanningtreeinstancecomprisesallstaticVLANsyouspecificallyassign
toit,andmustincludeatleastoneVLAN.TheVLAN(s)youassigntoan
4-8
MSTImustinitiallyexistintheISTinstanceofthesameMSTregion.When
youassignastaticVLANtoanMSTI,theswitchremovestheVLANfrom
theISTinstance.(Thus,youcanassignaVLANtoonlyoneMSTIinagiven
region.)AllVLANsinanMSTIoperateaspartofthesamesinglespanning
treetopology.(TheswitchdoesnotallowdynamicVLANsinanMSTI.)
Ca u t i o n WhenyouenableMSTPontheswitch,thedefaultMSTPspanningtree
configurationsettingscomplywiththevaluesrecommendedintheIEEE
802.1sMultipleSpanningTreeProtocol(MSTP)standard.Notethatinappro-
priatechangestothesesettingscanresultinseverelydegradednetwork
performance.Forthisreason,ProCurvestronglyrecommendsthatchanging
thesedefaultsettingsbereservedonlyforexperiencednetworkadministra-
torswhohaveastrongunderstandingoftheIEEE802.1D/w/sstandards
andoperation.
HowMSTPOperates
Inthefactorydefaultconfiguration,spanningtreeoperationisoff.Also,the
switchretainsitscurrentlyconfiguredspanningtreeparametersettingswhen
disabled.Thus,ifyoudisablespanningtree,thenlaterre-enableit,theparam-
etersettingswillbethesameasbeforespanningtreewasdisabled.Theswitch
alsoincludesaPendingfeaturethatenablesyoutoexchangeMSTPconfig-
urationswithasinglecommand.(RefertoEnablinganEntireMSTRegionat
OnceorExchangingOneRegionConfigurationforAnotheronpage4-44.)
Not e Theswitchautomaticallysensesportidentityandtype,andautomatically
definesspanning-treeparametersforeachtype,aswellasparametersthat
applyacrosstheswitch.Althoughtheseparameterscanbeadjusted,ProCurve
stronglyrecommendsleavingthesesettingsintheirdefaultconfigurations
unlesstheproposedchangeshavebeensuppliedbyanexperiencednetwork
administratorwhohasastrongunderstandingoftheIEEE802.1D/w/s
standardsandoperation.
MSTRegions
AllMSTPswitchesinagivenregionmustbeconfiguredwiththesameVLANs.
Also,eachMSTPswitchwithinthesameregionmusthavethesameVLAN-to-
instanceassignments.(AVLANcanbelongtoonlyoneinstancewithinany
region.)Withinaregion:
AlloftheVLANsbelongingtoagiveninstancecomposeasingle,active
spanning-treetopologyforthatinstance.
Eachinstanceoperatesindependentlyofotherregions.
4-9
Betweenregionsthereisasingle,activespanning-treetopology.
HowSeparateInstancesAffectMSTPOperation.Assigningdifferent
groupsofVLANstodifferentinstancesensuresthatthoseVLANgroupsuse
independentforwardingpaths.Forexample,infigure4-3eachinstancehasa
differentforwardingpath.
RegionX
Switch1
ISTRoot
VLANMemberships:
ISTInstance:VLANs1,2
MSTIA:4,5
MSTIB:7,9
Switch2
MSTIARoot
VLANMemberships:
MSTIA:4,5
MSTIB:7,9
Switch3
MSTIBRoot
VLANMemberships:
MSTIA:4,5
MSTIB:7,9
PaththroughISTInstance
toOtherRegions
Blocksredundant
linkforMSTIB.
Blocksredundant
linkforMSTIA.
Blocksredundant
linkforISTinstance.
Figure4-3. ActiveTopologiesBuiltbyThreeIndependentMSTInstances
Whileallowingonlyoneactivepaththroughagiveninstance,MSTPretains
anyredundantphysicalpathsintheinstancetoserveasbackups(blocked)
pathsincasetheexistingactivepathfails.Thus,ifanactivepathinaninstance
fails,MSTPautomaticallyactivates(unblocks)anavailablebackuptoserve
asthenewactivepaththroughtheinstanceforaslongastheoriginalactive
pathisdown.Notealsothatagivenportmaysimultaneouslyoperatein
differentstates(forwardingorblocking)fordifferentspanning-treeinstances
withinthesameregion.ThisdependsontheVLANmembershipstowhichthe
portisassigned.Forexample,ifaportbelongstoVLAN1intheISTinstance
ofaregionandalsobelongstoVLAN4inMSTIxinthesameregion,theport
mayapplydifferentstatestotrafficforthesetwodifferentinstances.
4-10
Withinaregion,trafficroutedbetweenVLANsinseparateinstancescantake
onlyonephysicalpath.ToensurethattrafficinallVLANswithinaregioncan
travelbetweenregions,alloftheboundaryportsforeachregionshouldbelong
toallVLANsconfiguredintheregion.Otherwise,trafficfromsomeareas
withinaregioncouldbeblockedfrommovingtootherregions.
AllMSTPswitches(aswellasSTPandRSTPswitches)inanetworkuse
BPDUs(BridgeProtocolDataUnits)toexchangeinformationfromwhichto
buildmultiple,activetopologiesintheindividualinstanceswithinaregion
andbetweenregions.Fromthisinformation:
TheMSTPswitchesineachLANsegmentdetermineadesignatedbridge
anddesignatedportortrunkforthesegment.
TheMSTPswitchesbelongingtoaparticularinstancedeterminetheroot
bridgeandrootportortrunkfortheinstance.
FortheISTinstancewithinaregion,theMSTPswitcheslinkingthat
regiontootherregions(ortoSTPorRSTPswitches)determinetheIST
rootbridgeandISTrootportortrunkfortheregion.(ForanyMultiple
Spanning-TreeinstanceMSTIinaregion,theregionalrootmaybea
differentswitchthatisnotnecessarilyconnectedtoanotherregion.)
TheMSTPswitchesblockredundantlinkswithineachLANsegment,
acrossallinstances,andbetweenregions,topreventanytrafficloops.
Asaresult,eachindividualinstance(spanningtree)withinaregiondeter-
minesitsregionalrootbridge,designatedbridges,anddesignatedportsor
trunks.
CommonSpanningTree(CST)
TheISTinstanceandanyMSTinstancesinaregionexistonlywithinthat
region.Wherealinkcrossesaboundarybetweenregions(orbetweenaregion
andalegacySTPorRSTPswitch),trafficisforwardedorblockedasdeter-
minedbytheCommonSpanningTree(CST).TheCSTensuresthatthereis
onlyoneactivepathbetweenanytworegions,orbetweenaregionanda
switchrunningSTPandRSTP.(Refertofigure4-2onpage4-7.)
4-11
MSTPOperationwith802.1QVLANs
Asindicatedintheprecedingsections,withinagivenMSTinstance,asingle
spanningtreeisconfiguredforallVLANsincludedinthatinstance.Thismeans
thatifredundantphysicallinksexistinseparateVLANswithinthesame
instance,MSTPblocksallbutoneofthoselinks.However,youcanprevent
thebandwidthlosscausedbyblockedredundantlinksfordifferentVLANsin
aninstancebyusingaporttrunk.Thefollowingexampleshowshowyoucan
useaporttrunkwith802.1Q(tagged)VLANsandMSTPwithoutunnecessarily
blockinganylinksorlosinganybandwidth.
Problem:
AnMSTinstancewithtwo
separate(non-trunked)
linksblocksaVLANlink.
Solution:
Configureonetrunked
linkforthetwoVLAN
memberships.
Nodes1and2cannot
communicatebecause
MSTPisblockingthelink.
Nodes1and2cancommunicatebecausethe
MSTinstanceseesthetrunkasasinglelinkand
802.1Q(tagged)VLANsenabletheuseofone
(trunked)linkforbothVLANs.
Figure4-4. ExampleofUsingaTrunkedLinkToSupportMultipleVLAN
ConnectivitywithintheSameMSTInstance
Not e AllswitchesinaregionshouldbeconfiguredwiththeVLANsusedinthat
region,andallportslinkingMSTPswitchestogethershouldbemembersof
allVLANsintheregion.Otherwise,thepathtotherootforagivenVLANwill
bebrokenifMSTPselectsaspanningtreethroughalinkthatdoesnotinclude
thatVLAN.
4-12
Terminology
BPDUAcronymforbridgeprotocoldataunit.BPDUsaredatamessages
thatareexchangedbetweentheswitcheswithinanextendedLANthatusea
spanningtreeprotocoltopology.BPDUpacketscontaininformationonports,
addresses,prioritiesandcostsandensurethatthedataendsupwhereitwas
intendedtogo.BPDUmessagesareexchangedacrossbridgestodetectloops
inanetworktopology.Theloopsarethenremovedbyplacingredundant
switchportsinabackup,orblocked,state.
BPDUFilteringSpanning-treeconfigurationmodethatpreventsthe
switchfromreceivingandtransmittingBPDUframesonaspecificport(see
page4-30fordetails).
BPDUProtectionSpanning-treeconfigurationmodewhichdisablesaport
whereBPDUframesarereceived(seepage4-31fordetails).
Bridge:SeeMSTPBridge.
CommonandInternalSpanningTree(CIST):ComprisesallLANs,STP,
andRSTPbridgesandMSTPregionsinanetwork.TheCISTautomatically
determinestheMSTregionsinanetworkanddefinestherootbridge(switch)
anddesignatedportforeachregion.TheCISTincludestheCommonSpanning
Tree(CST),theInternalSpanningTree(IST)withineachregion,andany
multiplespanning-treeinstances(MSTIs)inaregion.
CommonSpanningTree(CST):Referstothesingleforwardingpaththe
switchcalculatesforSTP(802.1D)andRSTP(802.1w)topologies,andfor
inter-regionalpathsinMSTP(802.1s)topologies.Notethatallthreetypesof
spanningtreecaninteroperateinthesamenetwork.Also,theMSTPswitch
interpretsadevicerunning802.1DSTPor802.1wRSTPasaseparateregion.
(Refertofigure4-2onpage4-7.)
InternalSpanningTree(IST):ComprisesallVLANswithinaregionthat
arenotassignedtoamultiplespanning-treeinstanceconfiguredwithinthe
region.AllMSTswitchesinaregionshouldbelongtotheIST.Inagivenregion
X,theISTrootswitchistheregionalrootswitchandprovidesinformation
onregionXtootherregions.
MSTP(MultipleSpanningTreeProtocol):AnetworksupportingMSTP
allowsmultiplespanningtreeinstanceswithinconfiguredregions,anda
singlespanningtreeamongregions,STPbridges,andRSTPbridges.
4-13
MSTPBPDU(MSTPBridgeProtocolDataUnit):TheseBPDUscarry
region-specificinformation,suchastheregionidentifier(regionnameand
revisionnumber).IfaswitchreceivesanMSTPBPDUwitharegionidentifier
thatdiffersfromitsown,thentheportonwhichthatBPDUwasreceivedis
ontheboundaryoftheregioninwhichtheswitchresides.
MSTPBridge:Inthismanual,anMSTPbridgeisaswitch(oranother802.1s-
compatibledevice)configuredforMSTPoperation.
MSTRegion:AnMSTregionformsamultiplespanningtreedomainandisa
componentofasinglespanning-treedomainwithinanetwork.Forswitches
internaltotheMSTregion:
AllswitcheshaveidenticalMSTconfigurationidentifiers(regionname
andrevisionnumber).
AllswitcheshaveidenticalVLANassignmentstotheregionsISTand
(optional)MSTinstances.
Oneswitchfunctionsasthedesignatedbridge(ISTroot)fortheregion.
Noswitchhasapoint-to-pointconnectiontoabridgingdevicethatcannot
processRSTPBPDUs.
RSTPRapidSpanningTreeProtocol,definedinIEEE802.1wandratified
inIEEE802.1D-2004.
Spanning-treeGenerictermtorefertothemanyspanning-treeflavors:
nowdeprecatedSTP,RSTPandVLAN-awareMSTP.
STPSpanningTreeProtocol,partoftheoriginalIEEE802.1Dspecification.
The2004editioncompletelydeprecatesSTP.BothRSTPandMSTPhave
fallbackmodestohandleSTP.
SNMPSimpleNetworkManagementProtocol,usedtoremotelymanage
networkdevices.
4-14
OperatingRules
AllswitchesinaregionmustbeconfiguredwiththesamesetofVLANs,
aswellasthesameMSTconfigurationnameandMSTconfiguration
number.
Withinaregion,aVLANcanbeallocatedtoeitherasingleMSTIortothe
regionsISTinstance.
AllswitchesinaregionmusthavethesameVID-to-MSTinstanceassign-
ment.
ThereisonerootMSTswitchperconfiguredMSTinstance.
BecauseboundaryportsprovidetheVLANconnectivitybetweenregions,
allboundaryportsonaregion'srootswitchshouldbeconfiguredas
membersofallstaticVLANsdefinedintheregion.
ThereisonerootswitchfortheCommonandInternalSpanningTree
(CIST).Atanygiventime,allswitchesinthenetworkwillusetheper-port
hello-timeparameterassignmentsconfiguredontheCISTrootswitch.
WheremultipleMSTregionsexistinanetwork,thereisonlyoneactive,
physicalcommunicationpathbetweenanytworegions,orbetweenan
MSTregionandanSTPorRSTPswitch.MSTPblocksanyotherphysical
pathsaslongasthecurrentlyactivepathremainsinservice.
Withinanetwork,anMSTregionappearsasavirtualRSTPbridgetoother
spanningtreeentities(otherMSTregions,andanyswitchesrunning
802.1Dor802.1wspanning-treeprotocols).
WithinanMSTI,thereisonephysicalcommunicationpathbetweenany
twonodes,regardlessofhowmanyVLANsbelongtotheMSTI.Withinan
ISTinstance,thereisalsoonespanningtreeacrossallVLANsbelonging
totheISTinstance.
AnMSTIcomprisesauniquesetofVLANsandformsasinglespanning-
treeinstancewithintheregiontowhichitbelongs.
AdynamicVLANlearnedbyGVRPwillalwaysbeplacedintheIST
instanceandcannotbemovedtoanyconfiguredMSTinstance.
Startinginsoftwarerelease13.x.x,dynamicallylearnedGVRPVLANscan
bemappedtoMSTIsandsupportMSTPloadbalancing.
Insoftwarerelease13.x.xandlater,youcanpreconfigurestaticand
dynamicVLANID-to-MSTImappingsbeforetheVLANiscreatedonthe
switch.Later,whenthestaticVLANIDisconfiguredoradynamicGVRP
VLANislearned,theVLANisautomaticallyassociatedwiththeprecon-
figuredMSTI.Formoreinformation,refertothespanning-treeinstance
vlancommanddescriptiononpage4-40.
CommunicationbetweenMSTregionsusesasinglespanningtree.
4-15
IfaportonaswitchconfiguredforMSTPreceivesalegacy(STP/802.1D
orRSTP/802.1w)BPDU,itautomaticallyoperatesasalegacyport.Inthis
case,theMSTPswitchinteroperateswiththeconnectedSTPorRSTP
switchasaseparateMSTregion.
WithinanMSTregion,thereisonelogicalforwardingtopologyper
instance,andeachinstancecomprisesauniquesetofVLANs.Where
multiplepathsexistbetweenapairofnodesusingVLANsbelongingto
thesameinstance,allbutoneofthosepathswillbeblockedforthat
instance.However,iftherearedifferentpathsindifferentinstances,all
suchpathsareavailablefortraffic. Separateforwardingpathsexist
throughseparatespanningtreeinstances.
Aportcanhavedifferentstates(forwardingorblocking)fordifferent
instances(whichrepresentdifferentforwardingpaths).
MSTPinterpretsaswitchmeshasasinglelink.
MSTPCompatibilitywithRSTPorSTP
IEEE802.1sMSTPincludesRSTPfunctionalityandisdesignedtobecompat-
iblewithbothIEEE802.1Dand802.1wspanning-treeprotocols.Usingthe
defaultconfigurationvalues,yourswitcheswillinteroperateeffectivelywith
RSTPandSTPdevices.MSTPautomaticallydetectswhentheswitchportsare
connectedtonon-MSTPdevicesinthespanningtreeandcommunicateswith
thosedevicesusing802.1Dor802.1wSTPBPDUpackets,asappropriate.
ToenableeffectiveinteroperationwithSTP(802.1D)configureddevices,
however,youmayneedtoadjustthedefaultconfigurationvalues.Hereare
twosuchexamples:
TherapidstatetransitionsemployedbyMSTPmayresultinanincrease
intheratesofframeduplicationandmisorderingintheswitchedLAN.To
allowtheswitchtosupportapplicationsandprotocolsthatmaybe
sensitivetoframeduplicationandmisordering,youcandisablerapid
transitionsbysettingtheForceProtocolVersionparametertoSTP-com-
patible.Thevalueofthisparameterappliestoallportsontheswitch.See
informationonforceversiononpage4-23.
OneofthebenefitsofMSTPistheimplementationofalargerrangeof
portpathcosts,whichaccommodateshighernetworkspeeds.However,
thiscancreatesomeincompatibilitybetweendevicesrunningtheolder
802.1DSTP.Youcanadjusttothisincompatibilitybyimplementingthe
globalspanning-treelegacy-pathcostcommand(seepage4-23).Seealso
theNoteonPathCostbelow.
4-16
ConfiguringMSTP
NoteonPathCost RSTPandMSTPimplementagreaterrangeofpathcoststhan802.1DSTP,and
usedifferentdefaultpathcostvaluestoaccountforhighernetworkspeeds.
Thesevaluesareshownbelow.
PortType 802.1DSTPPathCost RSTPandMSTPPathCost
10Mbps 100 2000000
100Mbps 10 200000
1Gbps 5 20000
Becausethemaximumvalueforthepathcostallowedby802.1DSTPis65535,
devicesrunningthatversionofspanningtreecannotbeconfiguredtomatch
thevaluesdefinedbyMSTP,atleastfor10Mbpsand100Mbpsports.InLANs
wherethereisamixofdevicesrunning802.1DSTP,RSTP,and/orMSTP,you
shouldreconfigurethedevicessothepathcostsmatchforportswiththesame
networkspeeds.
ConfiguringMSTP
Thissectionoutlinesthemainpre-requisitesforconfiguringMSTPinyour
network,anddescribesMSTPsettingsatthegloballevel,perindividualport,
andperMSTinstance.
PlanninganMSTPApplication
BeforeconfiguringMSTP,keepinmindthefollowingtipsandconsiderations:
EnsurethattheVLANconfigurationinyournetworksupportsallofthe
forwardingpathsnecessaryforthedesiredconnectivity.Allportscon-
nectingoneswitchtoanotherwithinaregionandoneswitchtoanother
betweenregionsshouldbeconfiguredasmembersofallVLANsconfig-
uredintheregion.
Configureallportsortrunksconnectingoneswitchtoanotherwithina
regionasmembersofallVLANsintheregion.Otherwise,someVLANs
couldbeblockedfromaccesstothespanning-treerootforaninstanceor
fortheregion.
4-17
ConfiguringMSTP
PlanindividualregionsbasedonVLANgroupings.Thatis,planonall
MSTPswitchesinagivenregionsupportingthesamesetofVLANs.Within
eachregion,determinetheVLANmembershipforeachspanning-tree
instance.(EachinstancerepresentsasingleforwardingpathforallVLANs
inthatinstance.)
Verifythatthereisonelogicalspanning-treepaththroughthefollowing:
Anyinter-regionallinks
AnyISTorMSTinstancewithinaregion
Anylegacy(802.1Dor802.1w)switchorgroupofswitches.(Where
multiplepathsexistbetweenanMSTregionandalegacyswitch,
expecttheCSTtoblockallbutonesuchpath.)
Determinetherootbridgeandrootportforeachinstance.
DeterminethedesignatedbridgeanddesignatedportforeachLANseg-
ment.
DeterminewhichVLANstoassigntoeachinstance,anduseporttrunks
with802.1QVLANtaggingwhereseparatelinksforseparateVLANswould
resultinablockedlinkpreventingcommunicationbetweennodesonthe
sameVLAN.(RefertoMSTPOperationwith802.1QVLANsonpage4-
12.)
Identifytheedgeportsconnectedtoendnodesandenabletheadmin-
edge-portsettingfortheseports.Leavetheadmin-edge-portsettingdis-
abledforportsconnectedtoanotherswitch,abridge,orahub.
No t e o n MST P UndersomecircumstancestherapidstatetransitionsemployedbyMSTPcan
Ra p i d St a t e increasetheratesofframeduplicationandmisorderingintheswitchedLAN.
Tr a n s i t i o n s ToallowMSTPswitchestosupportapplicationsandprotocolsthatmaybe
sensitivetoframeduplicationandmisordering,settingtheForceProtocol
Version(force-version)parametertostp-compatibleallowsMSTPtooperate
withrapidtransitionsdisabled.Thevalueofthisparameterappliestoallports
ontheswitch.Seetheinformationonforce-versiononpage4-23.
4-18
ConfiguringMSTP
MSTPConfigurationOverview
ThissectiondescribesthegeneralstepsforconfiguringMSTPviatheCLI,
assumingthatyouhavealreadydeterminedtheVLANsyouwantMSTPtouse
(seePlanninganMSTPApplicationonpage4-17).Adescriptionofeach
MSTPcommandsyntaxisprovidedinthefollowingsections.
1. ConfigureMSTPglobalparameters.
Thisstepinvolvesconfiguringthefollowing:
RequiredparametersforMSTregionidentity:
RegionName:spanning-treeconfig-name
RegionRevisionNumber:spanning-treeconfig-revision
OptionalMSTPparameterchangesforregionsettings:
ProCurverecommendsthatyouleavetheseparametersattheir
defaultsettingsformostnetworks.SeetheCautiononpage4-9.
ThemaximumnumberofhopsbeforetheMSTPBPDUisdis-
carded: spanning-treemax-hops(default:20)
Force-Versionoperation:spanning-treeforce-version
ForwardDelay:spanning-treeforward-delay
HelloTime(ifitistherootdevice):spanning-treehello-time
MaximumagetoallowforSTPpacketsbeforediscarding:
spanning-treemaximum-age
Devicespanning-treepriority.Specifiesthepriorityvalueused
alongwiththeswitchMACaddresstodeterminewhichdeviceis
root.Thelowerapriorityvalue,thehigherthepriority.
spanning-treepriority
2. Configureperportparameters.
ProCurverecommendsthatyouusethedefaultsettingsfortheseparam-
etersandapplychangesonaper-portbasisonlywhereanon-default
settingisclearlyindicatedbythecircumstancesofindividuallinks.Other
featuresyoumightconsiderincludeBPDUFilteringorBPDUProtec-
tiontheseprovideadditionalper-portcontroloverspanning-treeoper-
ationsandsecurityontheswitch.
4-19
ConfiguringMSTP
3. ConfigureMSTinstances.
ConfigureoneinstanceforeachVLANgroupthatyouwanttooperate
asanactivetopologywithintheregiontowhichtheswitchbelongs.
Whenyoucreatetheinstance,youmustincludeaminimumofone
VID.YoucanaddmoreVIDslaterifdesired.
spanning-treeinstance<n>vlan<vid>
TomoveaVLANfromoneinstancetoanother,firstusenospanning-
treeinstance<n>vlan<vid>tounmaptheVLANfromthecurrent
instance,thenaddtheVLANtotheotherinstance.(WhiletheVLAN
isunmappedfromanMSTI,itisassociatedwiththeregionsIST
instance.)
4. Configurethepriorityforeachinstance.
spanning-treeinstance <n>priority<n>
5. ConfigureMSTinstanceportparameters.
ProCurverecommendsthatyouapplychangesonaper-portbasisonly
whereanon-defaultsettingisclearlyindicatedbythecircumstancesof
individuallinks.Forexample,youmightwanttosetthepathcostvalue
fortheport(s)usedbyaspecificMSTinstance.
spanning-treeinstance<1..16><port-list>path-cost<auto|1..200000000>
Alternatively,leavingthissettingatthedefault(auto)allowstheswitch
tocalculatethepath-costfromthelinkspeed.
6. Enablespanning-treeoperationontheswitch.
spanning-tree
ForanexampleofacompleteMSTPnetworkconfiguration:
GototheProCurveWebsiteatwww.procurve.com/support.
ClickonConfigurationexamples.
ClickonProCurveSwitch8212zl.
Under STPExample,clickonProCurve&CiscoSpanningTreeInteroper-
ability.
4-20
ConfiguringMSTP
ConfiguringMSTPOperationModeandGlobalSettings
Thecommandsinthissectionapplyattheswitch(global)level.Fordetailsof
howtoconfigurespanningtreesettingsonindividualports,seeConfiguring
MSTPPer-PortParametersonpage4-26.
MSTPGlobalCommand Page
spanning-tree *
clear-debug-counters 4-21
config-name<ascii-string> 4-21
config-revision<revision-number> 4-22
force-version<stp-compatible|rstp-operation|mstp-operation> 4-23
forward-delay 4-23
hello-time<1..10> 4-24
legacy-mode 4-23
legacy-path-cost 4-23
max-hops<hop-count> 4-24
maximum-age 4-24
pending 4-24
priority 4-25
traperrant-bpdu 4-25
*EnablingMSTPoperationusingthespanning-treeglobalcommandisthefinalstepinthe
configurationprocess.SeeEnablingorDisablingSpanningTreeOperationonpage4-44.
Syntax: spanning-treeclear-debug-counters
Clearsspanningtreedebugcounters.
Syntax: [no]spanning-treeconfig-name<ascii-string>
ThiscommandresetstheconfigurationnameoftheMST
regioninwhichtheswitchresides.Thisnamecanincludeup
to32nonblankcharactersandiscase-sensitive.Onall
switcheswithinagivenMSTregion,theconfigurationnames
mustbeidentical.Thus,ifyouwantmorethanoneMSTP
switchinthesameMSTregion,youmustconfigurethe
identicalregionnameonallsuchswitches.Ifyouretainthe
defaultconfigurationnameonaswitch,itcannotexistinthe
sameMSTregionwithanotherswitch.
(DefaultName:Atextstringusingthehexadecimal
representationoftheswitchsMACaddress)
4-21
ConfiguringMSTP
Thenoformofthecommandoverwritesthecurrently
configurednamewiththedefaultname.
Note:Thisoptionisavailableonlywhentheswitchis
configuredforMSTPoperation.Also,thereisnodefined
limitonthenumberofregionsyoucanconfigure.
Syntax: spanning-treeconfig-revision<revision-number>
Thiscommandconfigurestherevisionnumberyoudesignate
fortheMSTregioninwhichyouwanttheswitchtoreside.
Thissettingmustbethesameforallswitchesresidinginthe
sameregion.Usethissettingtodifferentiatebetweenregion
configurationsinsituationssuchasthefollowing:
Changingconfigurationsettingswithinaregionwhereyou
wanttotracktheconfigurationversionsyouuse
Creatinganewregionfromasubsetofswitchesinacurrent
regionandwanttomaintainthesameregionname.
Usingthependingoptiontomaintaintwodifferent
configurationoptionsforthesamephysicalregion.
NotethatthissettingmustbethesameforallMSTPswitches
inthesameMSTregion.(Range:0-65535;Default:0)
Note:Thisoptionisavailableonlywhentheswitchis
configuredforMSTPoperation.
4-22
ConfiguringMSTP
Syntax: spanning-treeforce-version<stp-compatible|rstp-operation|
mstp-operation>
Setsthespanning-treecompatibilitymode.Thiscommand
forcestheswitchtoemulatebehaviorofearlierversionsof
spanningtreeprotocol,orreturntoMSTPbehavior.The
commandisusefulintestordebugapplications,andremoves
theneedtoreconfiguretheswitchfortemporarychangesin
spanning-treeoperation.
stp-compatible:Theswitchapplies802.1DSTPoperationonall
ports.
rstp-operation:Theswitchapplies802.1woperationonallports
exceptthoseportswhereitdetectsasystemusing802.1D
SpanningTree.
mstp-operation:Theswitchapplies802.1sMSTPoperationon
allportswherecompatibilitywith802.1Dor802.1wspanning
treeprotocolsisnotrequired.
Notethatevenwhenmstp-operationisselected,iftheswitch
detectsan802.1DBPDUoran802.1wBPDUonaport,it
communicateswiththedevicelinkedtothatportusingSTP
orRSTPBPDUpackets.Also,iferrorsareencounteredas
describedintheNoteonMSTPRapidStateTransitionson
page4-18,settingforce-versiontostp-compatibleforcesthe
MSTPswitchtocommunicateoutallportsusingoperations
thatarecompatiblewithIEEE802.1DSTP.
Syntax: spanning-treeforward-delay
Setstimetheswitchwaitsbetweentransitioningfrom
listeningtolearningandfromlearningtoforwardingstates.
(Range:4-30;Default:15.)
Syntax: spanning-treelegacy-mode
Setsspanning-treeprotocoltooperatein802.1Dlegacymode
(STP-compatible).
(Default:MSTP-operation.)
Thenoformofthecommandreturnstheswitchtothedefault
802.1snativemode(MSTP-operation).
Syntax: spanning-treelegacy-path-cost
Setsspanning-treetooperatewith802.1d(legacy)pathcost
values.
(Default:802.1t.)
Thenoformofthecommandreturnstheswitchtothedefault
802.1t(notlegacy)pathcostvalues.
4-23
ConfiguringMSTP
Syntax: spanning-treehello-time<1..10>
IfMSTPisrunningandtheswitchisoperatingastheCIST
rootforyournetwork,thiscommandspecifiesthetimein
secondsbetweentransmissionsofBPDUsforallportsonthe
switchconfiguredwiththeGlobaloption.(thedefault).This
parameterappliesinMSTP,RSTPandSTPmodes.During
MSTPoperation,youcanoverridethisglobalsettingonaper-
portbasiswiththiscommand:spanning-tree<port-list>hello-
time<1..10>(seepage4-27).(Default:2.)
Syntax: spanning-treemax-hops<hop-count>
ThiscommandresetsthenumberofhopsallowedforBPDUs
inanMSTregion.WhenanMSTPswitchreceivesaBPDU,it
decrementsthehop-countsettingtheBPDUcarries.Ifthehop-
countreacheszero,thereceivingswitchdropstheBPDU.Note
thattheswitchdoesnotchangethemessage-ageand
maximum-agedatacarriedintheBPDUasitmovesthrough
theMSTregionandispropagatedtootherregions.(Range:1
- 40;Default:20)
Syntax: spanning-treemaximumage
SetsthemaximumageofreceivedSTPinformationbeforeit
isdiscarded.
(Default:20.)
Syntax: spanning-treepending<apply|config-name|config-revision|instance|
reset>
ManipulatesthependingMSTPconfiguration.Thecommand
isusefulintestordebugapplications,andenablesrapid
reconfigurationoftheswitchforchangesinspanning-tree
operation.
apply:ApplypendingMSTPconfiguration(swapsactiveand
pendingconfigurations).
config-name:SetsthependingMSTregionconfiguration
name(defaultisswitch'sMACaddress).
config-revision:SetsthependingMSTregionconfiguration
revisionnumber(defaultis0).
instance:ChangependingMSTinstanceconfiguration.
reset:Copyactiveconfigurationtopending.
4-24
ConfiguringMSTP
Syntax: spanning-treepriority<priority-multiplier>
EveryswitchrunninganinstanceofMSTPhasaBridge
Identifier,whichisauniqueidentifierthathelpsdistinguish
thisswitchfromallothers.TheswitchwiththelowestBridge
Identifieriselectedastherootforthetree.
TheBridgeIdentifieriscomposedofaconfigurablePriority
component(2bytes)andthebridgesMACaddress(6bytes).
TheabilitytochangethePrioritycomponentprovides
flexibilityindeterminingwhichswitchwillbetherootforthe
tree,regardlessofitsMACaddress.
Thiscommandsetstheswitch(bridge)priorityforthe
designatedregioninwhichtheswitchresides.Theswitch
comparesthisprioritywiththeprioritiesofotherswitchesin
thesameregiontodeterminetherootswitchfortheregion.
Thelowerthepriorityvalue,thehigherthepriority.(Ifthere
isonlyoneswitchintheregion,thenthatswitchistheroot
switchfortheregion.)Therootbridgeinaregionprovidesthe
pathtoconnectedregionsforthetrafficinVLANsassignedto
theregionsISTinstance.(TrafficinVLANsassignedtoa
numberedSTPinstanceinagivenregionmovestoother
regionsthroughtherootswitchforthatinstance.)
ThepriorityrangeforanMSTPswitchis0-61440.However,
thiscommandspecifiesthepriorityasamultiplier(0-15)
of4096.Thatis,whenyouspecifyaprioritymultipliervalue
of0-15,theactualpriorityassignedtotheswitchis:
(priority-multiplier)x4096
Forexample,ifyouconfigure2asthepriority-multiplieron
agivenMSTPswitch,thentheSwitchPrioritysettingis8,192.
Note:IfmultipleswitchesinthesameMSTregionhavethe
sameprioritysetting,thentheswitchwiththelowestMAC
addressbecomestherootswitchforthatregion.
Syntax: spanning-treetraperrant-bpdu
EnablesSNMPtrapsforerrant-BPDUs.Notethatthis
commandisdesignedtobeusedinconjunctionwiththe
spanning-treebpdu-filtercommand(seepage4-30)and
bpdu-protectioncommand(seepage4-31).
Thenoformofthecommanddisablestrapsontheswitch.
(Default:Disabled.)
4-25
ConfiguringMSTP
ConfiguringMSTPPer-PortParameters
InanMSTPtopology,youconfigureper-portparametersintheglobalconfig-
urationcontext.
Inmostcases,ProCurverecommendsthatyouusethedefaultsettingsfor
theseparametersandapplychangesonaper-portbasisonlywherea
non-defaultsettingisclearlyindicatedbythecircumstancesofindividual
links.Someportparameters(suchasadmin-edge-port)affectallMSTI
instancesthatconsistofVLANsconfiguredontheport;otherportparameters
(suchaspath-cost)affectonlythespecifiedMST.
PerPortCommand Page
spanning-tree<port-list>
admin-edge-port below
auto-edge-port 4-27
bpdu-filter 4-30
bpdu-protection 4-32
hello-time<global|1..10> 4-27
mcheck 4-28
path-cost<auto|200000000> 4-40
point-to-point-mac<force-true|force-false|auto> 4-25
priority<priority-multiplier> 4-25
pvst-filter 4-36
pvst-protection 4-34
root-guard 4-29
tcn-guard 4-30
4-26
ConfiguringMSTP
ConfiguringPerPortParameters
Syntax: [no]spanning-tree<port-list>admin-edge-port
Enableadmin-edge-portonportsconnectedtoendnodes.
Duringspanningtreeestablishment,portswithadmin-
edge-portenabledtransitionimmediatelytothe
forwardingstate.Ifabridgeorswitchisdetectedonthe
segment,theportautomaticallyoperatesasnon-edge,not
enabled.(Default:No-disabled)
Ifadmin-edge-portisdisabledonaportandauto-edge-port
hasnotbeendisabled,theauto-edge-portsettingcontrols
thebehavioroftheport.
Thenospanning-tree<port-list>admin-edge-portcommand
disablesedge-portoperationonthespecifiedports.
Syntax: [no]spanning-tree<port-list>auto-edge-port
Supportstheautomaticidentificationofedgeports.The
portwilllookforBPDUsfor3seconds;iftherearenoneit
beginsforwardingpackets.Ifadmin-edge-portisenabled
foraport,thesettingforauto-edge-portisignoredwhether
settoyesorno.Ifadmin-edge-portissettoNo,andauto-
edge-porthasnotbeendisabled(settoNo),thentheauto-
edge-portsettingcontrolsthebehavioroftheport.(Default:
Yes-enabled)
Thenospanning-tree<port-list>auto-edge-portcommand
disablesauto-edge-portoperationonthespecifiedports.
Syntax: spanning-tree<port-list>hello-time<global|1-10>
WhentheswitchistheCISTroot,thisparameterspecifies
theinterval(inseconds)betweenperiodicBPDU
transmissionsbythedesignatedports.Thisintervalalso
appliestoallportsinallswitchesdownstreamfromeach
portinthe<port-list>.Asettingofglobalindicatesthatthe
portsin<port-list>ontheCISTrootareusingthevalueset
bytheglobalspanning-treehello-timevalue(page4-24).
WhenagivenswitchXisnottheCISTroot,theper-port
hello-timeforallactiveportsonswitchXispropagated
fromtheCISTroot,andisthesameasthehello-timeinuse
ontheCISTrootportinthecurrentlyactivepathfrom
switchXtotheCISTroot.(Thatis,whenswitchXis
nottheCISTroot,thentheupstreamCISTrootsporthello-
timesettingoverridesthehello-timesettingconfiguredon
switchX).
(DefaultPer-Portsetting:UseGlobal.
DefaultGlobalHello-Time:2.)
4-27
ConfiguringMSTP
Syntax: spanning-tree<port-list>mcheck
ForcesaporttosendRST/MST BPDUsfor3seconds.This
testswhetherallSTPbridgesontheattachedLANhavebeen
removedandtheportcanmigratetonativeMSTPmode
anduseRST/MSTBPDUsfortransmission.
Syntax: spanning-tree<port-list>path-cost<auto|1..200000000>
Assignsanindividualportcostthattheswitchusesto
determinewhichportsareforwardingportsinagiven
spanningtree.Inthedefaultconfiguration(auto)the
switchdeterminesaportspathcostbytheportstype:
10Mbps:2000000
100Mbps:200000
1Gbps:20000
RefertoNoteonPathCostonpage4-17forinformation
oncompatibilitywithdevicesrunning802.1DSTPforthe
pathcostvalues
(Default:Auto).
Syntax: spanning-tree<port-list>point-to-point-mac<true|false|auto>
Thisparameterinformstheswitchofthetypeofdeviceto
whichaspecificportconnects.
true(default):Indicatesapoint-to-pointlinktoadevice
suchasaswitch,bridge,orend-node.
false:Indicatesaconnectiontoahub(whichisashared
LANsegment).
auto:CausestheswitchtosetForce-Falseontheportifit
isnotrunningatfullduplex.(Connectionstohubsare
half-duplex.)
4-28
ConfiguringMSTP
Syntax: spanning-tree<port-list>priority<priority-multiplier>
MSTPusesthisparametertodeterminetheport(s)touse
forforwarding.Theportwiththelowestprioritynumber
hasthehighestpriorityforuse.Therangeis0to240,and
isconfiguredbyspecifyingamultiplierfrom0-15.When
youspecifyaprioritymultiplierof0-15,theactual
priorityassignedtotheswitchis:
Forexample,ifyouconfigure2astheprioritymultiplier
onagivenport,thentheactualPrioritysettingis32.Thus,
afteryouspecifytheportprioritymultiplier,theswitch
displaystheactualportpriority(andnotthemultiplier)
intheshowspanning-treeorshowspanning-tree<port-list>
displays.
Youcanviewtheactualmultipliersettingforportsby
executingshowrunningandlookingforanentryinthis
format:
spanning-tree<port-list>priority<priority-multiplier>
Forexample,configuringportA2withapriority
multiplierof3resultsinthislineintheshowrunning
output:
spanni ng- t r ee A2 pr i or i t y 3
Syntax: spanning-tree<port-list>root-guard
MSTPonly.Whenaportisenabledasroot-guard,itcannot
beselectedastherootportevenifitreceivessuperiorSTP
BPDUs.Theportisassignedanalternateportroleand
entersablockingstateifitreceivessuperiorSTPBPDUs.
(AsuperiorBPDUcontainsbetterinformationonthe
rootbridgeand/orpathcosttotherootbridge,whichwould
normallyreplacethecurrentrootbridgeselection.)
ThesuperiorBPDUsreceivedonaportenabledasroot-
guardareignored.AllotherBPDUsareacceptedandthe
externaldevicesmaybelongtothespanningtreeaslong
astheydonotclaimtobetheRootdevice.
UsethiscommandonMSTPswitchportsthatare
connectedtodeviceslocatedinotheradministrative
networkdomainsto:
EnsurethestabilityofthecoreMSTPnetworktopology
sothatundesiredordamaginginfluencesexternaltothe
networkdonotenter.
ProtecttheconfigurationoftheCISTrootbridgethat
servesasthecommonrootfortheentirenetwork.
Default:Disabled.
4-29
ConfiguringMSTP
Syntax: spanning-tree<port-list>tcn-guard
Whentcn-guardisenabledforaport,itcausestheportto
stoppropagatingreceivedtopologychangenotifications
andtopologychangestootherports.
(Default:No-disabled)
ConfiguringBPDUFiltering
TheSTPBPDUfilterfeatureallowscontrolofspanning-treeparticipationon
aper-portbasis.Itcanbeusedtoexcludespecificportsfrombecomingpart
ofspanningtreeoperations.AportwiththeBPDUfilterenabledwillignore
incomingBPDUpacketsandstaylockedinthespanning-treeforwarding
state.Allotherportswillmaintaintheirrole.
Herearesomesamplescenariosinwhichthisfeaturemaybeused:
TohaveSTPoperationsrunningonselectedportsoftheswitchrather
thaneveryportoftheswitchatatime.
TopreventthespreadoferrantBPDUframes.
Toeliminatetheneedforatopologychangewhenaport'slinkstatus
changes.Forexample,portsthatconnecttoserversandworkstations
canbeconfiguredtoremainoutsideofspanning-treeoperations.
Toprotectthenetworkfromdenialofserviceattacksthatuse
spoofingBPDUsbydroppingincomingBPDUframes.Forthis
scenario,BPDUprotectionoffersamoresecurealternative,imple-
mentingportshutdownandadetectionalertwhenerrantBPDU
framesarereceived(seepage4-32fordetails).
Ca u t i o n PortsconfiguredwiththeBPDUfiltermoderemainactive(learningand
forwardframes);however,spanning-treecannotreceiveortransmitBPDUs
ontheport.Theportremainsinaforwardingstate,permittingallbroadcast
traffic.Thiscancreateanetworkstormifthereareanyloops(thatis,trunks
orredundantlinks)usingtheseports.Ifyousuddenlyhaveahighload,
disconnectthelinkanddisablethebpdu-filter(usingthenocommand).
CommandSyntaxandExample. Thefollowingcommandisusedto
configureBPDUfilters.
Syntax:[no]spanning-tree<port-list|all>bpdu-filter
Enables/disablestheBPDUfilterfeatureonthespecifiedport(s).
Thebpdu-filteroptionforcesaporttoalwaysstayinthe
forwardingstateandbeexcludedfromstandardSTPoperation.
4-30

ConfiguringMSTP
Forexample,toconfigureBPDUfilteringonporta9,enter:
Pr oCur ve( conf i g) # spanni ng- t r ee a9 bpdu- f i l t er
ViewingBPDUFiltering. Thespanning-treeshow< port>configuration
commanddisplaystheBPDUsfilterstate.
Pr oCur ve( conf i g) # show spanni ng- t r ee a9 conf i g
. . .
| Pat h Pr i o Admi n Aut o
Por t Type | Cost r i t y Edge Edge Pt P Ti me Guar d Guar d Fl t
- - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
A9 100/ 1000T | Aut o 128 No Yes Tr ue Gl obal No No Yes
Admi n Hel l o Root TCN BPDU
ColumnshowingBPDUfilterstatus
Figure4-5. ExampleofBPDUFilterinShowSpanningTreeConfigurationCommand
BPDUfiltersperportaredisplayedasseparateentriesofthespanningtree
categorywithintheconfigurationfile.
Pr oCur ve( conf i g) # show conf i gur at i on
. . .
spanni ng- t r ee
spanni ng- t r ee A9 bpdu- f i l t er
spanni ng- t r ee C7 bpdu- f i l t er
spanni ng- t r ee Tr k2 pr i or i t y 4
RowsshowingportswithBPDUfiltersenabled
. . .
Figure4-6. ExampleofBPDUFiltersintheShowConfigurationCommand
ConfiguringBPDUProtection
BPDUprotectionisasecurityfeaturedesignedtoprotecttheactiveSTP
topologybypreventingspoofedBPDUpacketsfromenteringtheSTPdomain.
Inatypicalimplementation,BPDUprotectionwouldbeappliedtoedgeports
connectedtoenduserdevicesthatdonotrunSTP.IfSTPBPDUpacketsare
receivedonaprotectedport,thefeaturewilldisablethatportandalertthe
networkmanagerviaanSNMPtrapasshowninFigure4-7.
4-31
ConfiguringMSTP
Figure4-7. ExampleofBPDUProtectionEnabledattheNetworkEdge
ThefollowingcommandsallowyoutoconfigureBPDUprotection.
Management
Station
EventLog:portXisdisablebySTP
FakeSTPBPDU
EndUser
SNMPTrap
SNMPTrap
SNMPTrap
BPDUprotection
Switch
STPDomain
Syntax:[no]spanning-tree<port-list>bpdu-protection
Enables/disablestheBPDUprotectionfeatureonaport
Syntax:[no]spanning-tree<port-list>bpdu-protection-timeout<timeout>
Configuresthedurationoftimewhenprotectedportsreceiving
unauthorizedBPDUswillremaindisabled.Thedefaultvalueof
0(zero)setsaninfinitetimeout(thatis,portsthataredisabled
bybpdu-protectionarenot,bydefault,re-enabledautomatically).
(Range:0-65535seconds;Default:0)
Syntax:[no]spanning-treetraperrant-bpdu
Enables/disablesthesendingoferrantBPDUtraps.
Ca u t i o n Thiscommandshouldonlybeusedtoguardedgeportsthatarenotexpected
toparticipateinSTPoperations.OnceBPDUprotectionisenabled,itwill
disabletheportassoonasanyBPDUpacketisreceivedonthatinterface.
4-32

ConfiguringMSTP
Example. ToconfigureBPDUprotectiononports1to10withSNMPtraps
enabled,enter:
Pr oCur ve( conf i g) # spanni ng- t r ee 1- 10 bpdu pr ot ect i on
Pr oCur ve( conf i g) # spanni ng- t r ee t r ap er r ant - bpdu
Thefollowingstepswillthenbesetinprocess:
1. WhenanSTPBPDUpacketisreceivedonports1-10,STPtreatsitasan
unauthorizedtransmissionattemptandshutsdowntheportthatthe
BPDUcameinon.
2. AneventmessageisloggedandanSNMPnotificationtrapisgenerated.
3. Theportremainsdisableduntilre-enabledmanuallybyanetworkadmin-
istratorusingtheinterface<port-list>enablecommand.
Not e Tore-enablethebpdu-protectedportsautomatically,configureatimeout
periodusingthespanning-treebpdu-protection-timeoutcommand.
ViewingBPDUProtectionStatus. Theshowspanning-treebpdu-protection
commanddisplaysasummarylistingofportswithBPDUprotectionenabled.
Todisplaydetailedperportstatusinformation,enterthespecificport
number(s)asshowninFigure4-8below.
Pr oCur ve( conf i g) # show spanni ng- t r ee bpdu- pr ot ect i on a1
St at us and Count er s - STP BPDU Pr ot ect i on I nf or mat i on
Specifyingtheportdisplays
additionalstatusinformation
BPDU Pr ot ect i on Ti meout ( sec) : 0
forthedesignatedports.
Pr ot ect ed Por t s : A1
Por t Type Pr ot ect i on St at e Er r ant BPDUs
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
A1 100/ 1000T Yes Bpdu Er r or 1
Figure4-8. ExampleofShowSpanningTreeBPDUProtectionCommand
4-33
ConfiguringMSTP
BPDUprotectedportsaredisplayedasseparateentriesofthespanningtree
categorywithintheconfigurationfile.
Pr oCur ve( conf i g) # show conf i gur at i on
. . .
spanni ng- t r ee Tr k2 pr i or i t y 4
. . .
spanni ng- t r ee
spanni ng- t r ee A1 bpdu- pr ot ect i on
spanni ng- t r ee C7 bpdu- pr ot ect i on
RowsshowingportswithBPDUprotectionenabled
Figure4-9. ExampleofBPDUFiltersintheShowConfigurationCommand
PVSTProtectionandFiltering
Not e TheseoptionsareavailableforswitchesthatsupporttheMSTPprotocolonly.
TheyarenotsupportedforswitchesrunningRSTP.
PVSTProtection
IfaProCurveswitchinthecoreofanetworkreceivesPerVlanSpanningTree
(PVST)BPDUsandforwardstheunrecognizedPVSTBPDUsontoMSTP-only
switches,thoseswitchesthendisconnectthemselvesfromthenetwork.This
cancreateinstabilityinthenetworkinfrastructure.
WhenthePVSTprotectionfeatureisenabledonaportandaPVSTBPDUis
receivedonthatport,theinterfaceonwhichthePVSTBPDUarrivedisshut
down,whichisolatesthesendingswitchfromtherestofthenetwork.Anevent
messageisloggedandanSNMPnotificationtrapisgenerated.Theerrant
BPDUcounterhpSwitchStpPortErrantBpduCounterisincremented.ThePVST
protectionfeatureisenabledper-port.
4-34
ConfiguringMSTP
Figure4-10. PVSTSwitchBeingIsolatedafterSendingaPVSTBPDU
Not e ThisissimilartotheBPDUGuardfeaturewhereBPDUprotectionisapplied
toedgeportsconnectedtoenduserdevicesthatdonotrunSTP.IfSTPBPDU
packetsarereceivedonaprotectedport,thefeaturewilldisablethatportand
alertthenetworkmanagerviaanSNMPtrap.
Syntax: [no]spanning-tree<port-list>pvst-protection
EnablesordisablesthePVSTprotectionfeatureontheportor
rangeofportsspecified.Thecommandindicateswhichports
arenotexpectedtoreceiveanyPVSTBPDUs.
Default:Disabledonallports
Forexample,toenablethePVSTprotectionfeatureonports4through8,enter
thiscommand:
Pr oCur ve( conf i g) # spanni ng- t r ee 4- 8 pvst - pr ot ect i on
TodisablethePVSTprotectionfeatureonaport,forexample,port4,usethis
command:
Pr oCur ve( conf i g) # no spanni ng- t r ee 4 pvst - pr ot ect i on
4-35
ConfiguringMSTP
PVSTFilteringI
IfyouconfigureaportforPVSTfilteringinsteadofPVSTprotection,theport
remainsinoperationbuttrapsarestillgeneratedandtheBPDUcounter
hpSwitchStpPortErrantBpduCounterisincremented.
Ca u t i o n EnablingthePVSTfilterfeatureallowstheporttocontinuouslyforward
packetswithoutspanning-treeintervention,whichcouldresultinloopforma-
tion.Ifthisoccurs,disabletheportandthenreconfigureitwiththesecom-
mands:
no spanni ng- t r ee <por t - l i st > bpdu- f i l t er
no spanni ng- t r ee <por t - l i st > pvst - f i l t er
Syntax: [no]spanning-tree<port-list>pvst-filter
EnablesordisablesthePVSTfilterfeatureontheportorrange
ofportsspecified.Thecommandindicateswhichportsare
notexpectedtoreceiveanyPVSTBPDUs.
Default:Disabledonallports
Pr oCur ve( conf i g) # spanni ng- t r ee 8 pvst - f i l t er
War ni ng: The BPDU f i l t er al l ows t he por t t o go i nt o a cont i nuous
f or war di ng mode and spanni ng- t r ee wi l l not i nt er f er e, even i f
t he por t woul d cause a l oop t o f or mi n t he net wor k t opol ogy.
I f you suddenl y exper i ence hi gh t r af f i c l oad, di sabl e t he por t
and r econf i gur e t he BPDU f i l t er wi t h t he CLI command( s) :
" no spanni ng- t r ee PORT_LI ST bpdu- f i l t er "
" no spanni ng- t r ee PORT_LI ST pvst - f i l t er "
Figure4-11. ExampleofEnablingPVSTFilteringonaPort
ManuallyRe-enablingaPort
Youcanre-enableportsmanuallyorusetheautomaticre-enabletimercom-
mandasshown:
Pr oCur ve( conf i g) # spanni ng- t r ee
bpdu- pr ot ect i on- t i meout 120
4-36
ConfiguringMSTP
Syntax: [no]spanning-treebpdu-protection-timeout<timeout>
Configuresthedurationoftimeprotectedportsremain
disabled.Thedefaultvalueof0(zero)setsaninfinitetimeout
(thatis,portsthataredisabledarenot,bydefault,re-enabled
automatically).
Note:ThisisaGLOBALcommand.
(Range:0-65535seconds;Default:0)
YoucanalsosetthetimeoutintheMIBwiththisMIBobject:
hpSwitchStpBpduProtectionTimeout
ShowingPortsConfiguredwithPVSTProtectionandFiltering
ToshowwhichportsareconfiguredforPVSTprotection,enterthiscommand:
Pr oCur ve( conf i g) # show spanni ng- t r ee pvst - pr ot ect i on
Pr oCur ve( conf i g) # show spanni ng- t r ee pvst - pr ot ect i on
St at us and Count er s - PVST Por t ( s) BPDU Pr ot ect i on I nf or mat i on
BPDU Pr ot ect i on Ti meout ( sec) : 0
PVST Pr ot ect ed Por t s : 5- 6
Figure4-12. ExampleofShowSpanning-treeCommandDisplayingAllPortswithPVSTProtectionEnabled
ToshowwhichportsareconfiguredforPVSTfiltering,enterthiscommand:
Pr oCur ve( conf i g) # show spanni ng- t r ee pvst - f i l t er
Pr oCur ve( conf i g) # show spanni ng- t r ee pvst - f i l t er Pr oCur ve( conf i g) # show spanni ng- t r ee pvst - f i l t er
St at us and Count er s - PVST Por t ( s) BPDU Fi l t er I nf or mat i on St at us and Count er s - PVST Por t ( s) BPDU Fi l t er I nf or mat i on
PVST Fi l t er ed Por t s : 8 PVST Fi l t er ed Por t s : 8
Figure4-13. ExampleofShowSpanning-treeCommandDisplayingAllPortswithPVSTFilteringEnabled
4-37
ConfiguringMSTP
Theshowspanning-tree<port-list>detailcommandindicateswhichportshave
PVSTprotectionand/orPVSTFilteringenabled.
. Pr oCur ve( conf i g) # show spanni ng- t r ee 7 det ai l
.
.
.
Por t : 7
St at us : Down
BPDU Pr ot ect i on : Yes
BPDU Fi l t er i ng : No
PVST Pr ot ect i on : Yes
PVST Fi l t er i ng : No
Er r ant BPDU Count : 0
Root Guar d : No
TCN Guar d : No
.
.
.
Figure4-14. ExampleofShowSpanning-treeCommandDisplayingPVST
ProtectionEnabled(Yes)
4-38
ConfiguringMSTP
ConfiguringMSTInstanceParameters
WhenyouenableMSTPontheswitch,aspanningtreeinstanceisenabled
automatically.TheswitchsupportsuptosixteenconfigurableMSTinstances
foreachVLANgroupthatyouwanttooperateasanactivetopologywithin
theregiontowhichtheswitchbelongs.Whencreatinganinstance,youmust
includeaminimumofoneVID.YoucanaddmoreVIDslaterifdesired.
Command Page
[no]spanning-treeinstance<1..16>vlan<vid>[vid..vid] 4-27
nospanning-treeinstance<1..16>
spanning-treeinstance<1..16>priority<0..15> 4-39
Syntax: [no]spanning-treeinstance<1..16>vlan<vid[vid..vid]>
ConfiguringMSTPontheswitchautomaticallyconfiguresthe
ISTinstanceandplacesallstaticallyanddynamically
configuredVLANsontheswitchintotheISTinstance.This
commandcreatesanewMSTinstance(MSTI)andmovesthe
VLANsyouspecifyfromtheISTtotheMSTI.
YoumustmapatleastoneVLANtoanMSTIwhenyoucreate
it.YoucannotmapaVLANIDtomorethanoneinstance.You
cancreateupto16MSTIsinaregion.
ThenoformofthecommandremovesoneormoreVLANsfrom
thespecifiedMSTI.IfnoVLANsarespecified,thenoformof
thecommanddeletesthespecifiedMSTI.
WhenyouremoveaVLANfromanMSTI,theVLANreturnsto
theISTinstance,whereitcanremainorbere-assignedto
anotherMSTIconfiguredintheregion.
Note:Startinginsoftwarerelease13.x.x,youcanenterthe
spanning-treeinstancevlancommandbeforeastaticor
dynamicVLANisconfiguredontheswitchtopreconfigure
VLANID-to-MSTImappings.Noerrormessageisdisplayed.
Later,eachnewlyconfiguredVLANthathasalreadybeen
associatedwithanMSTIisautomaticallyassignedtothe
MSTI.
Thisnewdefaultbehaviordiffersfromautomatically
includingconfigured(staticanddynamic)VLANsintheIST
instanceandrequiringyoutomanuallyassignindividual
staticVLANstoanMSTI.
4-39
ConfiguringMSTP
Continued
Note:ThevalidVLANIDsthatyoucanmaptoaspecified
MSTIarefrom1to4094.TheVLANID-to-MSTImappingdoes
notrequireaVLANtobealreadyconfiguredontheswitch.The
MSTPVLANenhancementallowsyoutopreconfigureMSTP
topologiesbeforetheVLANIDsassociatedwitheachinstance
existonaswitch.
WhenyouusepreconfiguredVLANID-to-MSTItopologies,
ensurethatMSTPswitchesremaininthesameregionby
mappingallVLANIDsusedintheregiontothesameMSTIs
oneachregionalswitch.
Whenyouupgradeswitchsoftwaretorelease13.x.xandlater,
theexistingMSTPtopologyconfigurationisautomatically
saved.AllexistingVLANID-to-MSTIassignmentsare
maintainedonaswitchforuninterruptedMSTPnetwork
operation.
Syntax: spanning-treeinstance<1..16>priority<priority-multiplier>
Thiscommandsetstheswitch(bridge)priorityforthedesig-
natedinstance.Thispriorityiscomparedwiththepriorities
ofotherswitchesinthesameinstancetodeterminetheroot
switchfortheinstance.Thelowerthepriorityvalue,thehigher
thepriority.(Ifthereisonlyoneswitchintheinstance,then
thatswitchistherootswitchfortheinstance.)TheIST
regionalrootbridgeprovidesthepathtoinstancesinother
regionsthatshareoneormoreofthesameVLAN(s).
ThepriorityrangeforanMSTPswitchis0-61440.However,
thiscommandspecifiesthepriorityasamultiplier(0-15)
of4096.Thatis,whenyouspecifyaprioritymultipliervalue
of0-15,theactualpriorityassignedtotheswitchforthe
specifiedMSTinstanceis:
Forexample,ifyouconfigure5asthepriority-multiplierfor
MSTInstance1onagivenMSTPswitch,thentheSwitchPriority
settingis20,480forthatinstanceinthatswitch.
Note:IfmultipleswitchesinthesameMSTinstancehavethe
sameprioritysetting,thentheswitchwiththelowestMAC
addressbecomestherootswitchforthatinstance.
4-40
ConfiguringMSTP
ConfiguringMSTInstancePer-PortParameters
Command Page
spanning-treeinstance<1..16><port-list>path-cost
<auto|1..200000000>
4-41
spanning-treeinstance<1..16><port-list>priority<priority-multiplier> 4-42
spanning-tree<port-list>priority<priority-multiplier> 4-43
Syntax: spanning-treeinstance<1..16><port-list>path-cost<auto|1..200000000>
Thiscommandassignsanindividualportcostforthespecified
MSTinstance.(Foragivenport,thepathcostsettingcanbe
differentfordifferentMSTinstancestowhichtheportmay
belong.)Theswitchusesthepathcosttodeterminewhichports
aretheforwardingportsintheinstance;thatiswhichlinksto
usefortheactivetopologyoftheinstanceandwhichportsto
block.Thesettingsareeitherautoorinarangefrom1to
200,000,000.Withtheautosetting,theswitchcalculatesthe
pathcostfromthelinkspeed:
10Mbps2000000
100Mbps200000
1Gbps20000
(Default:Auto)
4-41
ConfiguringMSTP
Syntax: spanning-treeinstance<1..16><port-list>priority<priority-multiplier>
Thiscommandsetsthepriorityforthespecifiedport(s)inthe
specifiedMSTinstance.(Foragivenport,theprioritysetting
canbedifferentfordifferentMSTinstancestowhichtheport
maybelong.)ThepriorityrangeforaportinagivenMST
instanceis0-255.However,thiscommandspecifiesthe
priorityasamultiplier(0-15)of16.Thatis,whenyou
specifyaprioritymultiplierof0-15,theactualpriority
assignedtotheswitchis:
Forexample,ifyouconfigure2astheprioritymultiplieron
agivenportinanMSTinstance,thentheactualPrioritysetting
is32.Thus,afteryouspecifytheportprioritymultiplierin
aninstance,theswitchdisplaystheactualportpriority(and
notthemultiplier)intheshowspanning-treeinstance<1..16>
orshowspanning-tree<port-list>instance<1..16>displays.
Youcanviewtheactualmultipliersettingforportsinthe
specifiedinstancebyexecutingshowrunning andlookingfor
anentryinthisformat:
spanning-treeinstance<1..15><port-list>priority<priority-
multiplier>
Forexample,configuringportA2withaprioritymultiplier
of3in instance1,resultsinthislineintheshowrunning
output:
spanni ng- t r ee i nst ance 1 A2 pr i or i t y 3
4-42
ConfiguringMSTP
Syntax: spanning-tree<port-list>priority<priority-multiplier>
Thiscommandsetsthepriorityforthespecifiedport(s)for
theIST(thatis,Instance0)oftheregioninwhichtheswitch
resides.TheprioritycomponentoftheportsPortIdentifier
isset.ThePortIdentifierisauniqueidentifierthathelps
distinguishthisswitchsportsfromallothers.Itconsistsof
thePriorityvaluewiththeportnumberextension
PRIORITY:PORT_NUMBER.AportwithalowervalueofPort
Identifierismorelikelytobeincludedintheactivetopology.
Thispriorityiscomparedwiththeprioritiesofotherportsin
theISTtodeterminewhichportistherootportfortheIST
instance.Thelowerthepriorityvalue,thehigherthepriority.
TheISTrootport(ortrunk)inaregionprovidesthepathto
connectedregionsforthetrafficinVLANsassignedtothe
regionsISTinstance.
ThepriorityrangeforaportinagivenMSTinstanceis0-240.
However,thiscommandspecifiesthepriorityasamultiplier
(0-15)of16.Thatis,whenyouspecifyaprioritymultiplier
of 0-15,theactualpriorityassignedtotheswitchis:
Forexample,configuring5astheprioritymultiplierona
givenportintheISTinstanceforaregioncreatesanactual
Prioritysettingof80.Thus,afteryouspecifytheportpriority
multiplierfortheISTinstance,theswitchdisplaystheactual
portpriority(andnotthemultiplier)intheshowspanning-tree
instanceistorshowspanning-tree<port-list>instanceist
displays.Youcanviewtheactualmultipliersettingforports
intheISTinstancebyexecutingshowrunningandlookingfor
anentryinthisformat:
spanning-tree<port-list>priority<priority-multiplier>
Forexample,configuringportA2withaprioritymultiplier
of2intheISTinstance,resultsinthislineintheshow
runningoutput:
spanni ng- t r ee A2 pr i or i t y 2
4-43
ConfiguringMSTP
EnablingorDisablingSpanningTreeOperation
Thiscommandenablesordisablesspanningtreeoperationforanyspanning
treeprotocolenabledontheswitch.Beforeusingthiscommandtoenable
spanningtree,ensurethattheversionyouwanttouseisactiveontheswitch.
Syntax: [no]spanning-tree
EnablingspanningtreewithMSTPconfiguredimplements
MSTPforallphysicalportsontheswitch,accordingtothe
VLANgroupingsfortheISTinstanceandanyotherconfigured
instances.DisablingMSTPremovesprotectionagainst
redundantloopsthatcansignificantlysloworhaltanetwork.
Thiscommandsimplyturnsspanningtreeonoroff.Itdoes
notchangetheexistingspanningtreeconfiguration.
Not e TheconvergencetimeforimplementingMSTPchangescanbedisruptiveto
yournetwork.Tominimizesuchdisruption,considerusingthespanning-tree
pendingcommand(refertothefollowingsectiononEnablinganEntireMST
RegionatOnceorExchangingOneRegionConfigurationforAnother).
ExchangingOneRegionConfigurationforAnother
ThisoperationexchangesthecurrentlyactiveMSTPconfigurationwiththe
currentlypendingMSTPconfiguration.Itenablesyoutoimplementanew
MSTPconfigurationwithminimalnetworkdisruptionortoexchangeMSTP
configurationsfortestingortroubleshootingpurposes.
WhenyouconfigureorreconfigureMSTP,theswitchre-calculatesthecorre-
spondingnetworkpaths.Thiscanhavearippleeffectthroughoutyournet-
workasadjacentMSTPswitchesrecalculatenetworkpathstosupportthe
configurationchangesinvokedinasingleswitch.AlthoughMSTPemploys
rapidspanning-treeoperation,theconvergencetimeforimplementingMSTP
changescanbedisruptivetoyournetwork.However,byusingthespanning-
treependingfeature,youcansetupanMSTPontheswitchandtheninvoke
allinstancesofthenewconfigurationatthesametime,insteadofoneatatime.
4-44
ConfiguringMSTP
Syntax: [no]spanning-treepending<apply|config-name|config-revision|
instance|reset>
ThiscommandexchangesthecurrentlyactiveMSTP
configurationwiththecurrentpendingMSTPconfiguration.
Optionsareasfollows:
apply:ExchangesthecurrentlyactiveMSTPconfiguration
withthependingMSTPconfiguration.
config-name:SpecifiesthependingMSTregionname.Mustbe
thesameforallMSTPswitchesintheregion.
(Default:TheswitchsMACaddress.)
config-revision:SpecifiesthependingMSTregion
configurationrevisionnumber.MustbethesameforallMSTP
switchesintheregion.
(Default:0).
instance<1..16 >vlan <vid |vid-range>:Createsthepending
instanceandassignsoneormoreVLANstotheinstance.
reset:CopiestheswitchscurrentlyactiveMSTPconfiguration
tothependingconfiguration.Thisisusefulwhenyouwantto
experimentwiththecurrentMSTPconfigurationwhile
maintaininganunchangedversion.
ToCreateaPendingMSTPConfiguration. Thisprocedurecreatesa
pendingMSTPconfigurationandexchangesitwiththeactiveMSTPconfigu-
ration:
1. ConfiguretheVLANsyouwantincludedinanyinstancesinthenew
region.Whenyouexecutethependingcommand,allVLANsconfiguredon
theswitchwillbeassignedtoasinglependingISTinstanceunless
assignedtoother,pendingMSTinstances.(Thependingcommandcreates
theregionsISTinstanceautomatically.)
2. ConfigureMSTPasthespanning-treeprotocol,thenexecutewritemem
andreboot.(ThependingoptionisavailableonlywithMSTPenabled.)
3. Configurethependingregionconfig-nametoassigntotheswitch.
4. Configurethependingconfig-revisionnumberfortheregionname.
5. IfyouwantanMSTinstanceotherthantheISTinstance,configurethe
instancenumberandassigntheappropriateVLANs(VIDs)usingthe
pendinginstance<1..16 >vlan <vid|vid-range>command.
6. Repeatstep5foreachadditionalMSTinstanceyouwanttoconfigure.
4-45
ConfiguringMSTP
7. Toreviewyourpendingconfiguration,usetheshowspanning-treepending
command(seepage4-61).
8. ToexchangethecurrentlyactiveMSTPconfigurationwiththepending
MSTPconfiguration,usethespanning-treependingapplycommand.
MSTPVLANConfigurationEnhancement
Startinginsoftwarerelease13.x.x,theMSTPVLANconfigurationenhance-
mentallowsyoutopreconfigureanMSTPregionaltopologyandensurethat
thesameVLANID-to-MSTIassignmentsexistoneachMSTPswitchinthe
region.
Ca u t i o n Whenthissoftwareversionisinstalled,thepriorVLANID-to-MSTImappings
donotchange.However,thisenhancementisnotbackward-compatible.Ifyou
installasoftwareversionpriortothisversion,andyouhaveconfiguredMSTI
entriesinstancesmappedtoVLANs,theywillberemovedfromtheconfigu-
rationfilewhenbootingtothepriorversionofsoftware.Youmustdooneof
thefollowingifyouwanttoinstallorreloadapriorversionofthesoftware:
1. RemoveallMSTPmappingsfromtheconfigfileandthenreconfigurethe
instancemappingafteryouarerunningthedesiredsoftwareversion.
2. Saveyourcurrentconfigurationfilebeforeupdatingyoursoftwaretoa
newversion.Ifyoulaterreloadthisolderversionofthesoftware,you
canusedthisconfigurationfilewhenyoureloadtheolderversion.See
HowtoSaveYourCurrentConfigurationonpage4-51.
Thedefaultbehaviorofthespanning-treeinstancevlancommandchanges
sothat,beforeastaticVLANisconfiguredoradynamicVLANislearnedon
theswitch,youcanpreconfigureitsVLANID-to-MSTImapping.Later,when
theVLANiscreated,itisautomaticallyassignedtotheMSTItowhichyouhad
previouslymappedit.
BysupportingpreconfiguredVLANID-to-MSTItopologies,theVLANConfig-
urationenhancementprovidesthefollowingbenefits:
Scalability:Inanetworkdesigninwhichyouplantousealargenumber
ofVLANs,youcanpreconfigureidenticalVLANID-to-MSTImappingson
allswitchesinasingle,campus-wideMSTregion,regardlessofthe
specificVLANsthatyoulaterconfigureoneachswitch.Aftertheinitial
VLANID-to-MSTImapping,youcandecideontheexactVLANsthatyou
needoneachswitch.
4-46
ConfiguringMSTP
AllswitchesinaregionmustbeconfiguredwiththesameVLANID-to-
MSTImappingsandthesameMSTPconfigurationidentifiers(region
nameandrevisionnumber).
Flexibility:BypreconfiguringidenticalVLANID-to-MSTImappingsonall
switchesinanMSTregion,youcancombineswitchesthatsupport
differentmaximumnumbersofVLANs.
Networkstability:Youcanreducetheinterruptionsinnetworkconnec-
tivitycausedbytheregenerationofspanningtreesintheentirenetwork
eachtimeaconfigurationchangeinVLAN-to-MSTImappingisdetected
onaswitch.Thenegativeimpactonnetworkperformanceisreducedif
allnewlycreatedVLANsarepre-mappedtothecorrectMSTinstances.
Later,VLANcreationanddeletionareignoredbyMSTPandnointerrup-
tioninspanning-treetrafficoccurs.
Usability:DynamicallylearnedGVRPVLANscanbemappedtoMSTIsand
supportMSTPloadbalancing.
PreConfiguringVLANsinanMSTInstance
WhenyouconfigureanMSTPregionaltopology,youcreatemultiplespanning-
treeinstances.EachMSTinstanceprovidesafullyconnectedactivetopology
foraparticularsetofVLANs.
EachswitchinanMSTPregionisconfiguredwiththefollowingsetofcommon
parameters:
Regionname(spanning-treeconfig-name)
Regionrevisionnumber(spanning-treeconfig-revision)
IdenticalVLANID-to-MSTImapping(spanning-treeinstancevlan)
EachMSTinstancesupportsadifferentsetofVLANs.AVLANthatismapped
toanMSTinstancecannotbeamemberofanotherMSTinstance.
TheMSTPVLANconfigurationenhancementallowsyoutoensurethatthe
sameVLANID-to-MSTIassignmentsexistoneachMSTPswitchinaregion.
BeforeastaticVLANisconfiguredoradynamicVLANislearnedontheswitch,
youcanusedthespanning-treeinstancevlancommandtomapVLANstoeach
MSTinstanceintheregion.Later,whentheVLANiscreated,theswitch
automaticallyassignsittotheMSTinstancetowhichyouhadpreviously
mappedit.
4-47
ConfiguringMSTP
ISTinstanceandplacesallstaticallyanddynamically
configuredVLANsontheswitchintotheISTinstance.This
commandcreatesanewMSTinstance(MSTI)andmovesthe
VLANsyouspecifyfromtheISTtotheMSTI.
YoumustmapatleastoneVLANtoanMSTIwhenyoucreate
it.YoucannotmapaVLANIDtomorethanoneinstance.You
cancreateupto16MSTIsinaregion.
ThenoformofthecommandremovesoneormoreVLANsfrom
thespecifiedMSTI.IfnoVLANsarespecified,thenoformof
thecommanddeletesthespecifiedMSTI.
WhenyouremoveaVLANfromanMSTI,theVLANreturnsto
theISTinstance,whereitcanremainorbere-assignedto
anotherMSTIconfiguredintheregion.
Note:ThevalidVLANIDsthatyoucanmaptoaspecified
MSTIarefrom1to4094.TheVLANID-to-MSTImappingdoes
notrequireaVLANtobealreadyconfiguredontheswitch.The
MSTPVLANenhancementallowsyoutopreconfigureMSTP
topologiesbeforetheVLANIDsassociatedwitheachinstance
existonaswitch.
WhenyouusepreconfiguredVLANID-to-MSTItopologies,
ensurethatMSTPswitchesremaininthesameregionby
mappingallVLANIDsusedintheregiontothesameMSTIs
oneachregionalswitch.
ConfiguringMSTPInstanceswiththeVLANRangeOption
Fortheswitchescoveredinthisguide,ifyouusethespanning-treeinstance
commandwiththeVLANrangeoption,eveniftherangeincludesVLANsthat
arenotcurrentlypresentontheswitch,theentirerangeofVLANsisconfig-
ured.Forexample,ifVLANs1,5,and7arecurrentlypresentandyouenter
thiscommand:
Pr oCur ve( conf i g) # spanni ng- t r ee i nst ance 1 vl an 1- 10
thenalltheVLANsfrom1through10areincluded,eventhoseVLANsthatare
notpresent.
4-48
ConfiguringMSTP
OnotherProCurveswitches,onlytheVLANsthatarepresentwillbeincluded,
thatis,onlyVLANs1,5,and7wouldbeincluded.Theswitchwillmapthese
VLANstoMSTPInstance1,whichresultsinaConfigurationDigestthatisnot
thesameastheConfigurationDigestfortheswitchesrunningthisenhance-
ment.(SeeFigure4-15andFigure4-16)
Figure4-15showsanexampleofanMSTPinstanceconfiguredwiththeVLAN
rangeoption.AlltheVLANsareincludedintheinstancewhethertheyexist
ornot.Figure4-16showsanexampleofanMSTPinstanceconfiguredon
anotherProCurveswitch.OnlyVLANs1,5,and7areincludedintheinstance.
Pr oCur ve( conf i g) # show spanni ng- t r ee mst - conf i g
MST Conf i gur at i on I dent i f i er I nf or mat i on
MST Conf i gur at i on Name: MSTP1
MST Conf i gur at i on Revi si on: 1
MST Conf i gur at i on Di gest : 0x51B7EBA6BEED8702D2BA4497D4367517
I ST Mapped VLANs :
I nst ance I D Mapped VLANs
- - - - - - - - - - - - - - - - - - - - - - -
1 1- 10
Figure4-15. AnExampleofMappingVLANswiththeRangeOptionwhereallVLANsareIncluded
TheConfigurationDigestvalueshowninFigure4-16isnotthesameasin
Figure4-15,indicatingthattheseswitchesdonotoperateinthesameinstance.
TheCommonSpanningTree(CST)willstillhavethecorrectrootassociations.
Pr oCur ve( conf i g) # show spanni ng- t r ee mst - conf i g
MST Conf i gur at i on I dent i f i er I nf or mat i on
MST Conf i gur at i on Name: MSTP1
MST Conf i gur at i on Revi si on: 1
MST Conf i gur at i on Di gest : 0x89D3ADV471668D6D832F6EC4AA9CF4AA
I ST Mapped VLANs :
I nst ance I D Mapped VLANs
- - - - - - - - - - - - - - - - - - - - - - -
1, 5, 7
Figure4-16. ExampleofMappingVLANsonOtherProCurveSwitches
4-49
1
ConfiguringMSTP
OperatingNotesfortheVLANConfigurationEnhancement
InternalSpanningTree(IST)instanceandplacesallstaticallyand
dynamicallyconfiguredVLANsontheswitchintotheISTinstance.
Thespanning-treeinstancevlancommandcreatesanewMST
instanceandmovestheVLANsyouspecifyfromtheISTtotheMSTI.
YoumustmapaleastoneVLANIDtoanMSTIwhenyoucreateit.You
cannotmapaVLANIDtomorethanoneinstance.Youcancreateupto
16MSTIsinaregion.
Thenoformofthespanning-treeinstancevlancommandremovesone
ormoreVLANsfromthespecifiedMSTI.IfnoVLANsarespecified,
thenoformofthecommanddeletesthespecifiedMSTI.
WhenyouremoveaVLANfromandMSTI,theVLANreturnstotheIST
instance,whereitcanremainorbere-assignedtoanotherMSTIconfig-
uredintheregion.
Ifyouenterthespanning-treeinstancevlancommandbeforeastatic
ordynamicVLANisconfiguredontheswitchtopreconfigureVLAN
ID-to-MSTImappings,noerrormessageisdisplayed.Later,each
newlyconfiguredVLANthathasalreadybeenassociatedwithan
MSTIisautomaticallyassignedtotheMSTI.
Thisnewdefaultbehaviordiffersfromautomaticallyincludingconfigured
(staticanddynamic)VLANsintheISTinstanceandrequiringyouto
manuallyassignindividualstaticVLANstoanMSTI.
ThevalidVLANIDsthatyoucanmaptoaspecifiedMSTIarefrom1
to4094.TheVLANID-to-MSTImappingdoesnotrequireaVLANto
bealreadyconfiguredontheswitch.TheMSTPVLANenhancement
allowsyoutopreconfigureMSTPtopologiesbeforetheVLANIDs
associatedwitheachinstanceexistonaswitch.
WhenyouusepreconfiguredVLANID-to-MSTItopologies,ensure
thatMSTPswitchesremaininthesameregionbymappingallVLAN
IDsusedintheregiontothesameMSTIsoneachregionalswitch.
WhenyouupgradeswitchsoftwaretoreleaseK.13.XXandlater,the
existingMSTPtopologyconfigurationisautomaticallysaved.All
existingVLANID-to-MSTIassignmentsaremaintainedonaswitch
foruninterruptedMSTPnetworkoperation.
4-50

ConfiguringMSTP
HowtoSaveYourCurrentConfiguration
Youcansaveyourcurrentconfigurationbeforeupdatingtoanewversionof
softwarebyfollowingthesesteps:
1. Entertheshowconfigfilescommandtodisplayyourcurrentconfigura-
tionfiles,asshowninFigure4-17.
Pr oCur ve( conf i g) # show conf i g f i l es
Conf i gur at i on f i l es:
i d | act pr i sec | name
- - - +- - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - -
1 | * * * | conf i g1
2 | | conf i g2
3 | |
Figure4-17. AnExampleoftheshowconfigfilesCommandOutput
2. TosaveaconfigurationfileforsoftwareversionK.12.43,enterthis
command:
Pr oCur ve( conf i g) # copy conf i g conf i g1 conf i g
conf i gK1243. cf g
Youcanchooseanynameforthesavedconfigurationfilethatyouprefer.
3. DisplaytheconfigurationfilesasshowninFigure4-18.Youwillseeyour
newlycreatedconfigurationfilelisted.
Pr oCur ve( conf i g) # show conf i g f i l es
Conf i gur at i on f i l es:
i d | act pr i sec | name
- - - +- - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - -
1 | * * * | conf i g1
2 | | conf i g2
3 | | conf i gK1243. cf g
Figure4-18. AConfigFilefortheCurrentSoftwareVersionisCreated
4. Nowupdateyourswitchtothedesiredversion,forexample,K.12.51.
Entertheshowflashcommandtoseetheresults.Theswitchisnow
runningthesoftwareversionK.12.51.
4-51

ConfiguringMSTP
Pr oCur ve( conf i g) # show f l ash
I mage Si ze( Byt es) Dat e Ver si on Bui l d #
- - - - - - - - - - - - - - -
Pr i mar y I mage : 6771179
Secondar y I mage : 7408949
Boot RomVer si on: K. 12. 12
Def aul t Boot : Pr i mar y
- - - - - - - - - - - - - - -
04/ 17/ 08 K. 12. 51
11/ 06/ 08 K. 12. 43
- - - - - - -
304
123
Figure4-19. ShowFlashCommandafterUpgradingtheSwitchtoaNewVersionof
theSoftware(K.12.51)
5. Ifyouwanttorunthepriorsoftwareversion,K.12.43inthisexample,
enterthiscommand:
Pr oCur ve( conf i g) # boot syst emf l ash secondar y conf i g
conf i gK1243. cf g
Afterrebooting,theswitchisrunningsoftwareversionK.12.43andis
usingtheconfigurationfilethatyousavedforthissoftwareversion,
configK1243.cfg.
YoucanalsosavetheK.12.43configurationfileonaTFTPserver.Ifyouwanted
toreloadtheK.12.43versionofthesoftwareagain,reloadtheconfiguration
filebeforeyoudothereload.
4-52
DisplayingMSTPStatisticsandConfiguration
DisplayingMSTPStatisticsand
Configuration
Command Page
MSTPStatistics:
showspanning-tree[<port-list>] below
showspanning-tree[<port-list>]detail 4-56
showspanning-treeinstance<ist|1..16> 4-57
MSTPConfiguration
showspanning-tree[port-list]config 4-58
showspanning-tree[port-list]configinstance<ist|1..16> 4-59
showspanning-treemst-config 4-60
showspanning-treepending<<instance|ist>|mst-config> 4-61
SNMPMIBSupportforMSTP.MSTPisasupersetoftheSTP/802.1Dand
RSTP/802.1wprotocolsandusestheMIBobjectsdefinedforthesetwo
protocols.
4-53
DisplayingGlobalMSTPStatus
ThefollowingcommandsdisplaytheMSTPstatisticsfortheconnections
betweenMSTregionsinanetwork.
Syntax: showspanning-tree
Thiscommanddisplaystheswitchsglobalandregional
spanning-treestatus,plustheper-portspanning-tree
operationattheregionallevel.Notethatvaluesforthe
followingparametersappearonlyforportsconnectedtoactive
devices:DesignatedBridge,HelloTime,PtP,andEdge.
Syntax: showspanning-tree<port-list>
Thiscommanddisplaysthespanning-treestatusforthe
designatedport(s).Youcanlistdataforaseriesofportsand
porttrunksbyspecifyingthefirstandlastportortrunkofany
consecutiveseriesofportsandtrunks.Forexample,todisplay
dataforportA20-A24andtrk1,youwouldusethiscommand:
showspanning-treea20-a42,trk1
4-54

|
Pr oCur ve( conf i g) # show spanni ng- t r ee
Mul t i pl e Spanni ng Tr ee ( MST) I nf or mat i on
STP Enabl ed : Yes
For ce Ver si on : MSTP- oper at i on
I ST Mapped VLANs : 1, 66
Swi t ch MAC Addr ess : 0004ea- 5e2000
Swi t ch Pr i or i t y : 32768
Max Age : 20
Max Hops : 20
For war d Del ay : 15
Topol ogy Change Count : 0
Ti me Si nce Last Change : 2 hour s
CST Root MAC Addr ess : 00022d- 47367f
CST Root Pr i or i t y : 0
CST Root Pat h Cost : 4000000
CST Root Por t : A1
I ST Regi onal Root MAC Addr ess : 00883- 028300
I ST Regi onal Root Pr i or i t y : 32768
I ST Regi onal Root Pat h Cost : 200000
I ST Remai ni ng Hops : 19
Pr ot ect ed Por t s : A4
Fi l t er ed Por t s : A7- A10
| Pr i o | Desi gnat ed Hel l o
Por t Type | Cost r i t y St at e | Br i dge Ti me Pt P Edge
- - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - -
A1 100/ 1000T | Aut o 128 For war di ng | 000883- 028300 9 Yes No
A2 100/ 1000T | Aut o 128 Bl ocked | 0001e7- 948300 9 Yes No
A3 100/ 1000T | Aut o 128 For war di ng | 000883- 02a700 2 Yes No
A4 100/ 1000T | Aut o 128 Di sabl ed |
A5 100/ 1000T | Aut o 128 Di sabl ed
. . . . .
. . . . .
SwitchsSpanningTreeConfiguration
andIdentityofVLANsConfiguredinthe
SwitchfortheISTInstance
ListstheswitchsMSTProotdatafor
connectivitywithotherregionsandSTP
orRSTPdevices.
InternalSpanningTreeData(IST
Instance)fortheregioninwhichthe
SwitchOperates
ForEdge,No(admin-edge-portoperationdisabled)
indicatestheportisconfiguredforconnectingtoa
LANsegmentthatincludesabridgeorswitch.Yes
indicatestheportisconfiguredforahost(endnode)
link.Refertotheadmin-edge-portdescriptionunder
ConfiguringMSTPPer-PortParametersonpage4-
Yesmeanstheswitchisoperatingthe
portasifitisconnectedtoswitch,bridge,
orendnode(butnotahub).
Identifiestheoverallspanning-treeroot
forthenetwork.
Identifiesthespanning-treerootforthe
ISTInstancefortheregion.
IdentifiestheportswithBPDUprotection
andBPDUfilteringenabled.
Figure4-20. ExampleofCommonSpanningTreeStatus
4-55

DisplayingDetailedPortInformation
ThefollowingcommandsdisplaytheMSTPstatisticsfortheconnections
betweenMSTregionsinanetwork.
Syntax: showspanning-treedetail
Thiscommanddisplaysadditionalparametersconcerning
thecommonspanningtree(CST)ports.
Syntax: showspanning-tree<port-list>detail
Thiscommanddisplaysdetailedspanning-treestatusforthe
designatedport(s).
.
Pr oCur ve# show spanni ng- t r ee a9 det ai l
St at us and Count er s - CST Por t ( s) Det ai l ed I nf or mat i on
Por t : A9
St at us : Up
BPDU Fi l t er i ng : Yes
Er r ant BPUDUs r ecei ved : 65
MST Regi on Boundar y : Yes
Ext er nal Pat h Cost : 200000
Ext er nal Root Pat h Cost : 420021
Admi ni st r at i ve Hel l o Ti me : Use Gl obal
Oper at i onal Hel l o Ti me : 2
Admi nEdgePor t : No
Oper EdgePor t : No
Admi nPoi nt ToPoi nt MAC : For ce- Tr ue
Oper Poi nt ToPoi nt MAC : Yes
Aged BPDUs Count : 0
Loop- back BPDUs Count : 0
TC ACK Fl ag Tr ansmi t t ed : 0
TC ACK Fl ag Recei ved : 0
MST MST CFG CFG TCN TCN
BPDUs Tx BPDUs Rx BPDUs Tx BPDUs Rx BPDUs Tx BPDUs Rx
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
8 28 0 0 0 0
Givesinformationconcerningthe
CommonSpanningTree(CST)only.
Usetheshowspanning-treeinstance
commandstoviewcounters
pertainingtoparticularISTinstances.
Figure4-21. ExampleofCSTPortInformationusingShowSpanningTreeDetailCommand
Not e ThiscommandgivesinformationabouttheCSTonly.Toviewdetailsof
specificMSTInstances,usetheshowspanningtreeinstancecommands.
4-56
DisplayingStatusforaSpecificMSTInstance
ThefollowingcommandsdisplaytheMSTPstatisticsforaspecifiedMST
instance.
Syntax: showspanning-treeinstance<ist|1..16>
ThiscommanddisplaystheMSTPstatisticsforeithertheIST
instanceoranumberedMSTinstancerunningontheswitch.
Syntax: showspanning-treeinstance<ist|1..16>detail
Thiscommanddisplaysstatusonallactiveportsforaspecific
instanceofMSTP.
Syntax: showspanning-tree<port-list> instance<ist|1..16>detail
Thiscommanddisplaysdetailedstatusforthedesignated
port(s)foraspecificinstanceofMSTP.
Figure4-22. ExampleofMSTPStatisticsforaSpecificInstanceonanMSTPSwitch
4-57
DisplayingtheMSTPConfiguration
DisplayingtheGlobalMSTPConfiguration. Thiscommanddisplaysthe
switchsbasicandMSTregionspanning-treeconfiguration,includingbasic
portconnectivitysettings.
Syntax: showspanning-treeconfig
Theupperpartofthisoutputshowstheswitchsglobal
spanning-treeconfigurationthatappliestotheMSTregion.
Theportlistingshowsthespanning-treeportparameter
settingsforthespanning-treeregionoperation(configuredby
thespanning-tree<port-list>command).Forinformationon
theseparameters,refertoConfiguringMSTPPer-Port
Parametersonpage4-26.
Syntax: showspanning-tree<port-list>config
Thiscommandshowsthesamedataastheabovecommand,
butliststhespanning-treeportparametersettingsforonlythe
specifiedport(s)and/ortrunk(s).Youcanlistdataforaseries
ofportsandporttrunksbyspecifyingthefirstandlastport
ortrunkofanyconsecutiveseriesofportsandtrunks.For
example,todisplaydataforportA20-A24andtrk1,usethis
command:showspanning-treea20-a24,trk1config
GlobalHelloTime
Per-PortHelloTime
(OverridesGlobalHello-
Timeonindividualports.)
Per-PortPriority
GlobalPriority
Figure4-23. ExampleofDisplayingtheSwitchsGlobalSpanning-TreeConfiguration
4-58
DisplayingPer-InstanceMSTPConfigurations.Thesecommandsdis-
playstheper-instanceportconfigurationandcurrentstate,alongwith
instanceidentifiersandregionalrootdata.
Syntax: showspanning-treeconfiginstance<ist|1..16>
Theupperpartofthisoutputshowstheinstancedataforthe
specifiedinstance.Thelowerpartoftheoutputliststhe
spanning-treeportsettingsforthespecifiedinstance.
Syntax: showspanning-tree<port-list>configinstance<ist|1..16>
Thiscommandshowsthesamedataastheabovecommand,
butliststhespanning-treeportparametersettingsforonlythe
specifiedport(s)and/ortrunk(s).Youcanlistdataforaseries
ofportsandporttrunksbyspecifyingthefirstandlastport
ortrunkofanyconsecutiveseriesofportsandtrunks.For
example,todisplaydataforportA20-A24andtrk1,usethis
command:
showspanning-treea20-a24,trk1configinstance1
Instance-SpecificData
PortSettingsforthe
specifiedinstance.
Figure4-24. ExampleoftheConfigurationListingforaSpecificInstance
4-59
DisplayingtheRegion-LevelConfigurationinBrief.Thiscommand
outputisusefulforquicklyverifyingtheallocationofVLANsintheswitchs
MSTPconfigurationandforviewingtheconfiguredregionidentifiers.
Syntax: showspanning-treemst-config
Thiscommanddisplaystheswitchsregionalconfiguration.
Note:TheswitchcomputestheMSTPConfigurationDigest from
theVIDtoMSTIconfigurationmappingsontheswitchitself.
Asrequiredbythe802.1sstandard,allMSTPswitcheswithin
thesameregionmusthavethesameVIDtoMSTIassignments,
andanygivenVIDcanbeassignedtoeithertheISToroneof
theMSTIswithintheregion.Thus,theMSTPConfiguration
DigestmustbeidenticalforallMSTPswitchesintendedto
belongtothesameregion.WhencomparingtwoMSTP
switches,iftheirDigestidentifiersdonotmatch,thenthey
cannotbemembersofthesameregion.
RefertotheNote,above.
Figure4-25. ExampleofaRegion-LevelConfigurationDisplay
4-60
DisplayingthePendingMSTPConfiguration. Thiscommanddisplays
theMSTPconfigurationtheswitchwillimplementifyouexecutethespan-
ning-treependingapplycommand(RefertoEnablinganEntireMSTRegion
atOnceorExchangingOneRegionConfigurationforAnotheronpage4-44.)
Syntax: showspanning-treepending<instance|mst-config>
instance<1..16|ist>
Listsregion,instanceI.D.andVLANinformationforthe
specified,pendinginstance.
mst-config
Listsregion,ISTinstanceVLAN(s),numberedinstances,
andassignedVLANinformationforthependingMSTP
configuration.
Figure4-26. ExampleofDisplayingaPendingConfiguration
4-61
TroubleshootinganMSTPConfiguration
Command Page
showspanning-treeroot-history 4-62
showspanning-treedebugcounters 4-65
showspanning-treedebug-countersinstance<instance-id> 4-66
showspanning-treedebug-countersinstance<instance-id> 4-68
ports<port-list>
Thissectiondescribestheshowspanning-treecommandsthatyoucanuseto
monitor,troubleshoot,anddebugtheoperationofamultiple-instancespan-
ning-treeconfigurationinyournetwork.
Notethattheshowspanning-treecommandsdescribedinthissectionallow
youtotroubleshootMSTPactivityinyournetworkbyfocusingonincreasingly
specificlevelsofoperation.Forexample,youcandisplaydebuginformation
for:
AllMSTinstances
AllportsusedinoneMSTinstance
AspecificportorseveralportsusedinoneMSTinstance
Also,youcandisplaythechangehistoryfortheroot(bridge)switchusedas
thesingleforwardingpathfor:
AllMSTregions,STPbridges,andRSTPbridgesinanSTPnetwork
AllVLANsonMSTPswitchesinaregion
AllVLANsonMSTPswitchesinanMSTinstance
DisplayingtheChangeHistoryofRootBridges
Theshowspanning-treeroot-historycommandallowsyoutodisplaychange
historyinformation(upto10historyentries)foraspecifiedrootbridgeinany
ofthefollowingMSTPtopologies:
CommonSpanningTree(cst):Providesconnectivityinabridgednetwork
betweenMSTregions,STPLANs,andRSTPLANs.
InternalSpanningTree(ist):ProvidesconnectivitywithinanMSTregion
forVLANsassociatedwiththedefaultCommonandInternalSpanning
Tree(CIST)instanceinyournetwork(VLANsthathavenotbeenmapped
toanMSTinstance).
4-62
MSTInstance(mst):Connectsallstaticand(startingfromrelease13.x.x)
dynamicVLANsassignedtoamultiplespanning-treeinstance.
Syntax: showspanning-treeroot-history<cst|ist|mst<instance-id>>
Thiscommanddisplaysthechangehistoryfortherootbridge
inthespecifiedMSTPtopology.
Thecstparameterdisplaysthechangehistoryfortheroot
bridgeofaspanning-treenetwork,includingMSTregionsand
STPandRSTPbridges.
Theistparameterdisplaysthechangehistoryfortheroot
bridgeintheISTinstanceofanMSTregion.
Themst<instance-id>parameterdisplaysthechangehistory
fortherootbridgeinanMSTinstance,where<instance-id>
isanIDnumberfrom1to16.
Usetheshowspanning-treeroot-historycommandtoviewthenumberanddates
ofchangesintheassignmentofarootbridge.PossibleintrusionintoyourMST
networkmayoccurifanunauthorizedexternaldevicegainsaccesstoa
spanningtreebyposingastherootdeviceinatopology.TopreventanMST
portconnectedtothedevicefrombeingselectedastherootportinatopology,
usethespanning-treeroot-guardcommand.
Thefollowingexamplesshowsampleoutputoftheshowspanning-treeroot-
historycommandfordifferentMSTPtopologies.Notethatineachexample,
therootbridgeIDisdisplayedintheformat:
<priority:mac-address>
Where:
<priority>istheMSTPswitchprioritycalculatedforoneofthefollowing:
TheIST(regional)rootswitchusingthespanning-treepriority
command
AnMSTIrootswitchusingthespanning-treeinstancepriority
command
<mac-address>istheMACaddressoftheroot(bridge)switch.
4-63
Pr oCur ve( conf i g) # show spanni ng- t r ee r oot - hi st or y cst
St at us and Count er s - CST Root Changes Hi st or y
MST I nst ance I D : 0
Root Changes Count er : 2
Cur r ent Root Br i dge I D : 32768: 000883- 024500
Identifiestherootbridgeofthecommon
spanningtreeinabridgednetworkthat
connectsdifferentMSTregionsandSTP
orRSTPdevices.
Root Br i dge I D Dat e Ti me
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
32768: 000883- 024500 02/ 09/ 07 17: 40: 59
36864: 001279- 886300 02/ 09/ 07 17: 40: 22
Figure4-27. Exampleofshowspanning-treeroot-historycstCommandOutput
Pr oCur ve( conf i g) # show spanni ng- t r ee r oot - hi st or y i st
St at us and Count er s - I ST Regi onal Root Changes Hi st or y
Root Br i dge I D Dat e Ti me
Identifiestherootbridgeoftheinternal
spanningtreeinanMSTregion.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
32768: 000883- 024500 02/ 09/ 07 17: 40: 59
36864: 001279- 886300 02/ 09/ 07 17: 40: 22
Figure4-28. Exampleofshowspanning-treeroot-historyistCommandOutput
Pr oCur ve( conf i g) # show spanni ng- t r ee r oot - hi st or y mst 2
St at us and Count er s - MST I nst ance Regi onal Root Changes Hi st or y
IdentifiestherootbridgeofanMST
instanceinanMSTregion. Root Br i dge I D Dat e Ti me
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
32770: 000883- 024500 02/ 09/ 07 17: 40: 59
32770: 001279- 886300 02/ 09/ 07 17: 40: 22
Figure4-29. Exampleofshowspanning-treeroot-historymstiCommandOutput
4-64
DisplayingDebugCountersforAllMSTInstances
Theshowspanning-treedebug-counterscommandallowsyoutodisplaythe
aggregatevaluesofallMSTPdebugcountersthataremaintainedonaswitch.
Theseaggregatevaluesareasummaryoftheinformationcollectedfromall
portsandfromallspanning-treeinstancesthatforwardtrafficonswitchports.
UsethedisplayeddiagnosticinformationtogloballymonitorMSTPoperation
onaper-switchbasis.
Syntax: showspanning-treedebug-counters
ThiscommanddisplaysdebugcountersforMSTPactivityon
allportsconfiguredforVLANsusedinspanning-tree
instances.
Thefollowingexampleshowssampleoutputoftheshowspanning-treedebug-
counterscommandforallports.Foradescriptionofeachcounter,referto
Table4-1onpage4-70.
Pr oCur ve( conf i g) # show spanni ng- t r ee debug- count er s
St at us and Count er s - MSTP Br i dge Common Debug Count er s I nf or mat i on
Count er Name Aggr egat ed Val ue Col l ect ed Fr om
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
I nval i d BPDUs 0 CI ST
Er r ant BPDUs 170927 CI ST
MST Conf i g Er r or BPDUs 0 CI ST
Looped- back BPDUs 0 CI ST
St ar ved BPDUs/ MSTI MSGs 0 CI ST/ MSTI s
Exceeded Max Age BPDUs 0 CI ST
Exceeded Max Hops BPDUs/ MSTI MSGs 0 CI ST/ MSTI s
Topol ogy Changes Det ect ed 2 CI ST/ MSTI s
Topol ogy Changes Tx 6 CI ST/ MSTI s
Topol ogy Changes Rx 4 CI ST/ MSTI s
Topol ogy Change ACKs Tx 0 CI ST
Topol ogy Change ACKs Rx 0 CI ST
TCN BPDUs Tx 0 CI ST
TCN BPDUs Rx 0 CI ST
CFG BPDUs Tx 0 CI ST
CFG BPDUs Rx 0 CI ST
RST BPDUs Tx 0 CI ST
RST BPDUs Rx 0 CI ST
MST BPDUs/ MSTI MSGs Tx 10 CI ST/ MSTI s
MST BPDUs/ MSTI MSGs Rx 341802 CI ST/ MSTI s
Figure4-30. Exampleofshowspanning-treedebug-countersCommandOutput
4-65
DisplayingDebugCountersforOneMSTInstance
Theshowspanning-treedebug-countersinstancecommandallowsyoutodis-
playtheaggregatevaluesofallMSTPdebugcountersmaintainedonaswitch
foraspecifiedspanning-treeinstance.Theseaggregatevaluesareasummary
ofinformationcollectedfromallportsthathaveVLANsassignedtothe
specifiedinstance.
Usetheshowspanning-treedebug-countersinstancecommandtotroubleshoot
theglobalMSTPdiagnosticinformationdisplayedinshowspanning-tree
debug-counterscommandoutputwhenyoususpectunauthorizedMSTPactiv-
ityinaspecificMSTinstance.
Syntax: showspanning-treedebug-countersinstance<instance-id>
allportsconfiguredforVLANsinthespecifiedMSTinstance.
Thevalidvaluesforinstance<instance-id>arefrom0to16:
0specifiesthedefaultMST(CIST)instance.
1to16specifyamultiplespanning-tree(MST)instance.
Thefollowingexampleshowssampleoutputoftheshowspanning-treedebug-
countersinstancecommandwhenappliedtotheCommonandInternalSpan-
ningTree(CIST)instance(defaultMSTinstance0)inthenetwork.Fora
descriptionofeachcounter,refertoTable4-1onpage4-70.
4-66
Pr oCur ve( conf i g) # show spanni ng- t r ee debug- count er s i nst ance 0
St at us and Count er s - CI ST Common Debug Count er s I nf or mat i on
Count er Name Aggr egat ed Val ue Col l ect ed Fr om
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
I nval i d BPDUs 0 Por t s
Er r ant BPDUs 172603 Por t s
MST Conf i g Er r or BPDUs 0 Por t s
Looped- back BPDUs 0 Por t s
St ar ved BPDUs 0 Por t s
Exceeded Max Age BPDUs 0 Por t s
Exceeded Max Hops BPDUs 0 Por t s
Topol ogy Changes Det ect ed 1 Por t s
Topol ogy Changes Tx 3 Por t s
Topol ogy Changes Rx 2 Por t s
Topol ogy Change ACKs Tx 0 Por t s
Topol ogy Change ACKs Rx 0 Por t s
TCN BPDUs Tx 0 Por t s
TCN BPDUs Rx 0 Por t s
CFG BPDUs Tx 0 Por t s
CFG BPDUs Rx 0 Por t s
RST BPDUs Tx 0 Por t s
RST BPDUs Rx 0 Por t s
MST BPDUs Tx 5 Por t s
MST BPDUs Rx 172577 Por t s
Figure4-31. Exampleofshowspanning-treedebug-countersinstanceCommandOutputforAllPortsinthe
CISTInstance
4-67
DisplayingDebugCountersforPortsinanMST
Instance
Theshowspanning-treedebug-countersinstanceportscommandallowsyouto
displaytheaggregatevaluesofallMSTPdebugcountersmaintainedonone
ormoreportsusedbyaspecifiedspanning-treeinstance.Theseaggregate
valuesareasummaryofinformationcollectedfromthespecifiedportsthat
haveVLANsassignedtothespecifiedinstance.
Usetheshowspanning-treedebug-countersinstanceportscommandto
troubleshootatafinerlevelthemoregeneralMSTPdiagnosticinformation
displayedinshowspanning-treedebug-countersinstance commandoutput
whenyoususpectunauthorizedMSTPactivityononeormoreMSTportsin
anMSTinstance.
Syntax: showspanning-treedebug-countersinstance<instance-id>
ports<port-list>
thespecifiedportsconfiguredforVLANsinthespecifiedMST
instance.
Thevalidvaluesforinstance<instance-id>arefrom0to16:
0specifiesthedefaultMST(CIST)instance.
1to16specifyanMSTinstance.
Theports<port-list>parameterspecifiesoneormoreMSTports
ortrunkports.
Intheportlist,enteraseriesofportsbyseparatingthefirst
andlastportsintheserieswithadash(-);forexample,a2-a8
ortrk1-trk3.Separateindividualportsandseriesofportswith
acomma;forexample,a2-a8,a20,trk1,trk4-trk5.
Thefollowingexamplesshowssampleoutputoftheshowspanning-treedebug-
countersinstanceportscommandforboththeCIST(defaultMSTinstance0)
andanMSTinstance(instance2)onportA15.Foradescriptionofeach
counter,refertoTable4-1onpage4-70.
4-68

Pr oCur ve( conf i g) # show spanni ng- t r ee debug- count er s i nst ance 0 por t s a15
St at us and Count er s - CI ST Por t ( s) Debug Count er s I nf or mat i on
Por t : A15
Count er Name Val ue Last Updat ed
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
I nval i d BPDUs 0
Er r ant BPDUs 0
MST Conf i g Er r or BPDUs 0
Looped- back BPDUs 0
St ar ved BPDUs 0
Exceeded Max Age BPDUs 0
Exceeded Max Hops BPDUs 0
Topol ogy Changes Det ect ed 1 02/ 09/ 07 17: 40: 59
Topol ogy Changes Tx 3 02/ 09/ 07 17: 41: 03
Topol ogy Changes Rx 2 02/ 09/ 07 17: 41: 01
Topol ogy Change ACKs Tx 0
Topol ogy Change ACKs Rx 0
TCN BPDUs Tx 0
TCN BPDUs Rx 0
CFG BPDUs Tx 0
CFG BPDUs Rx 0
RST BPDUs Tx 0
RST BPDUs Rx 0
MST BPDUs Tx 5 02/ 09/ 07 17: 41: 03
MST BPDUs Rx 173540 02/ 13/ 07 18: 05: 34
Figure4-32. Exampleofshowspanning-treedebug-countersinstanceportsCommandOutputforOnePort
intheCISTInstance
4-69

Pr oCur ve( conf i g) # show spanni ng- t r ee debug- count er s i nst ance 2 por t s a15
St at us and Count er s - MSTI Por t ( s) Debug Count er s I nf or mat i on
Por t : A15
Count er Name Val ue Last Updat ed
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
St ar ved MSTI MSGs 0
Exceeded Max Hops MSTI MSGs 0
Topol ogy Changes Det ect ed 1 02/ 09/ 07 17: 40: 59
Topol ogy Changes Tx 3 02/ 09/ 07 17: 41: 03
Topol ogy Changes Rx 2 02/ 09/ 07 17: 41: 01
MSTI MSGs Tx 5 02/ 09/ 07 17: 41: 03
MSTI MSGs Rx 173489 02/ 13/ 07 18: 03: 52
Figure4-33. Exampleofshowspanning-treedebug-countersinstanceportsCommandOutputforOnePort
inanMSTInstance
FieldDescriptionsinMSTPDebugCommandOutput
Table4-1containsdescriptionsofthedebugginginformationdisplayedinthe
outputofshowspanning-treedebug-counterscommands.
Table4-1. MSTPDebugCommandOutput:FieldDescriptions
Field
InvalidBPDUs
ErrantBPDUs
Description
NumberofreceivedBPDUsthatfailedstandardMSTP(802.1Q-REV/D5.014.4)validation
checksandweredropped.ThiscounterismaintainedbytheCIST(defaultMSTinstance0)
onaper-portbasis.
NumberofreceivedBPDUsthatweredroppedonaportthatisconfiguredtonotexpect
BPDUpackets.ThiscounterismaintainedbytheCIST(defaultMSTinstance0inthe
network)onaper-portbasisandisincrementedeachtimeaBPDUpacketisreceivedon
aportconfiguredwiththeBPDUfiltertoignoreincomingBPDUpackets(spanning-tree
bpdu-filtercommand)ortheBPDUprotectionfeaturetodisabletheportwhenBPDU
packetsarereceived(spanning-treebpdu-protectioncommand).
4-70
Field
MSTConfigErrorBPDUs
Looped-backBPDUs
StarvedBPDUs
StarvedMSTIMSGs
ExceededMaxAge
BPDUs
ExceededMaxHops
BPDUs
Description
NumberofBPDUsreceivedfromaneighborbridgewithinconsistentMSTconfiguration
information.Forexample,BPDUsfromatransmittingbridgemaycontainthesameMST
configurationidentifiers(regionnameandrevisionnumber)andformatselectorasthe
receivingbridge,butthevalueoftheConfigurationDigestfield(VLANIDassignmentsto
regionalISTandMSTinstances)isdifferent.Thisdifferenceindicatesaprobable
configurationerrorinMSTregionsettingsonthecommunicatingbridges.Thereceived
BPDUisstillprocessedbyMSTP.
ThiscounterismaintainedbytheCIST(defaultMSTinstance0)onaper-portbasis.
Numberoftimesaporthasreceivedself-sentBPDUpacketsastheresultofanexternal
loopconditioninwhichtheBPDUswereloopedbacktotheoriginatingtransmissionport.
ThereceivedBPDUisstillprocessedbyMSTPandtheportchangestoablockedstate.
NumberoftimesthatnoBPDUsarereceivedwithinthescheduledinterval(threetimesthe
HelloTimevalueconfiguredwiththespanning-treehello-timecommand)froma
downstreamCIST-designatedpeerportontheCISTroot,alternate,orbackupport.Asa
result,thestarvedporttriggersaspanning-treetopologyregeneration.
NumberoftimesthatnoBPDUsarereceivedwithinthescheduledinterval(threetimesthe
HelloTimevalueconfiguredwiththespanning-treehello-timecommand)froma
downstreamMSTI-designatedpeerportontheMSTIroot,alternate,orbackupport.Asa
result,thestarvedporttriggersaspanning-treetopologyregeneration.
NumberoftimesthataBPDUpacketisreceivedfromabridgeexternaltotheMSTregion
withaMessageAgevaluegreaterthantheconfiguredvalueoftheMaxAgeparameter
(spanning-treemaximumagecommand).Thismayoccurifthereceivingbridgeislocated
toofarfromtherootbridge(beyondtheconfiguredsizeofthespanning-treedomainonthe
rootbridge)orifaBPDUpacketwithinvalidrootinformationiscontinuouslycirculating
betweenbridgesinaspanning-treedomainandneedstobeagedout.
NumberoftimesthataBPDUpacketisreceivedfromabridgeinternaltotheMSTregion
withaCISTRemainingHopsvaluelessthanorequalto1.Thismayoccurifthereceiving
bridgeislocatedtoofarfromtheCISTregionalrootbridge(beyondtheconfiguredsizeof
theMSTregionontheCISTregionalrootbridge)orifaPDUpacketwithinvalidCISTregional
rootbridgeinformationiscontinuouslycirculatingbetweenbridgesintheMSTRegionand
needstobeagedout.
ThiscounterismaintainedbytheCIST(defaultMSTinstance0intheregion)onaper-port
basis.
4-71
Field
ExceededMaxHops
MSTIMSGs
TopologyChanges
Detected
TopologyChangesTx
TopologyChangesRx
TopologyChangeACKs
Tx
TopologyChangeACKs
Rx
TCNBPDUsTx
TCNBPDUsRx
CFGBPDUsTx
CFGBPDUsRx
Description
NumberoftimesthatanMSTIMSGpacketisreceivedfromabridgeinternaltotheMST
regionwithanMSTIRemainingHopsvaluelessthanorequalto1.Thismayoccurifthe
receivingbridgeislocatedtoofarfromtheMSTIregionalrootbridge(beyondthe
configuredsizeoftheMSTregionontheMSTIregionalrootbridge)orifaBPDUpacket
withinvalidMSTIregionalrootbridgeinformationiscontinuouslycirculatingbetween
bridgesinanMSTregionandneedstobeagedout.Thiscounterismaintainedonaper-
MSTIper-portbasis.
NumberoftimesthataTopologyChangeeventisdetectedbytheCISTorMSTIportand
theporttriggersatopologychangepropagationthroughoutthenetwork.ATopology
Changeeventoccurswhenanon-edgeportentersforwardingstate.Thiscounteris
maintainedonaper-CISTper-portandonaper-MSTIper-portbasis.
NumberoftimesthatTopologyChangeinformationispropagated(sentout)throughtheport
totherestofthenetwork.
ForaCISTport,thecounteristhenumberoftimesthataCFG,RSTorMSTBPDUwiththe
TCflagsetistransmittedoutoftheport.
ForanMSTIport,thecounteristhenumberoftimesthataMSTIconfigurationmessage
withtheTCflagsetistransmittedoutoftheport.
Thiscounterismaintainedonaper-CISTper-portandonaper-MSTIper-portbases.
NumberoftimesthatTopologyChangeinformationisreceivedfromthepeerport.
ForaCISTport,thecounteristhenumberoftimesthataCFG,RSTorMSTBPDUwiththe
TCflagsetisreceived.
ForanMSTIport,thecounteristhenumberoftimesthatanMSTIconfigurationmessage
withtheTCflagsetisreceived.
Thiscounterismaintainedonaper-CISTper-portandonaper-MSTIper-portbasis.
NumberoftimesthattheTopologyChangeacknowledgementistransmittedthroughthe
port(numberofCFG,RSTorMSTBPDUstransmittedwiththeTopologyChange
Acknowledgeflagset).ThiscounterismaintainedbytheCIST(defaultMSTinstance0)on
aper-portbasis.
NumberoftimestheTopologyChangeacknowledgementisreceivedontheport(number
ofCFG,RSTorMSTBPDUsreceivedwiththeTopologyChangeAcknowledgeflagset).This
counterismaintainedbytheCIST(defaultMSTinstance0)onaper-portbasis.
NumberofTopologyChangeNotificationBPDUsthataretransmittedthroughtheport.This
counterismaintainedbytheCIST(defaultMSTinstance0)onaper-portbasis.
NumberofTopologyChangeNotificationBPDUsthatarereceivedontheport.Thiscounter
ismaintainedbytheCIST(defaultMSTinstance0)onaper-portbasis.
Numberof(802.1D)ConfigurationBPDUsthataretransmittedthroughtheport.Thiscounter
ismaintainedbytheCIST(defaultMSTinstance0)onaper-portbasis.
Numberof(802.1D)ConfigurationBPDUsthatarereceivedontheport.Thiscounter
maintainedbytheCIST(defaultMSTinstance0)onaper-portbasis.
4-72
Field
RSTBPDUsTx
RSTBPDUsRx
MSTBPDUsTx
MSTBPDUsRx
MSTIMSGsTx
MSTIMSGsRx
Description
Numberof(802.1w)RSTBPDUsthataretransmittedthroughtheport.Thiscounteris
Numberof(802.1w)RSTBPDUsthatarereceivedontheport.Thiscounterismaintained
bytheCIST(defaultMSTinstance0)onaper-portbasis.
Numberof(802.1s)MSTBPDUsthataretransmittedthroughtheport.Thiscounteris
Numberof(802.1s)MSTBPDUsthatarereceivedontheport.Thiscounterismaintained
bytheCIST(defaultMSTinstance0)onaper-portbasis.
NumberoftimesthataconfigurationmessageforaspecificMSTIwasencodedin(802.1s)
MSTBPDUsthataretransmittedthroughtheport.Thiscounterismaintainedonaper-MSTI
per-portbasis.
NumberoftimesthattheMSTIdetectedaconfigurationmessagedestinedtotheMSTIin
(802.1s)MSTBPDUsreceivedontheport.Thiscounterismaintainedonaper-MSTIper-
portbasis.
TroubleshootingMSTPOperation
Table4-2. TroubleshootingMSTPOperation
Problem
DuplicatepacketsonaVLAN,orpacketsnot
arrivingonaLANatall.
Aswitchintendedtooperateinaregiondoes
notreceivetrafficfromotherswitchesinthe
region.
PossibleCause
TheallocationofVLANstoMSTIsmaynotbeidenticalamongall
switchesinaregion.
AnMSTPswitchintendedforaparticularregionmaynothavethesame
configurationnameorregionrevisionnumberastheotherswitches
intendedforthesameregion.TheMSTPconfigurationname(spanning-
treeconfig-namecommand)andMSTPconfigurationrevisionnumber
(spanning-treeconfig-revisioncommand)mustbeidenticalonallMSTP
switchesintendedforthesameregion.
AnotherpossiblecauseisthatthesetofVLANsandVLANID-to-MSTI
mappings(spanning-treeinstancevlancommand)configuredonthe
switchmaynotmatchthesetofVLANsandVLANID-to-MSTImappings
configuredonotherswitchesintheintendedregion.
4-73
LoopProtection
LoopProtection
Incaseswherespanningtreecannotbeusedtopreventloopsattheedgeof
thenetwork,loopprotectionmayprovideasuitablealternative.Unlike
spanningtree,however,loopprotectionisnotacomprehensiveloopdetection
featureandshouldonlybeenabledonuntaggededgeports,thatis,portsthat
connecttounmanagedswitchesand/orclientsattheedgeofthenetwork.
Thecaseswhereloopprotectionmightbechosenaheadofspanningtreeto
detectandpreventloopsareasfollows:
Onportswithclientauthentication.Whenspanningtreeisenabled
onaswitchthatuse802.1X,Webauthentication,andMACauthentication,
loopsmaygoundetected.Forexample,spanningtreepacketsthatare
loopedbacktoanedgeportwillnotbeprocessedbecausetheyhavea
differentbroadcast/multicastMACaddressfromtheclient-authenticated
MACaddress.Toensurethatclient-authenticatededgeportsgetblocked
whenloopsoccur,youshouldenableloopprotectiononthoseports.
Onportsconnectedtounmanageddevices.Spanningtreecannot
detecttheformationofloopswherethereisanunmanageddeviceonthe
networkthatdoesnotprocessspanningtreepacketsandsimplydrops
them.Loopprotectionhasnosuchlimitation,andcanbeusedtoprevent
loopsonunmanagedswitches.
Figure4-34showsexampleswhereloopprotectioncanbeused.
Unmanagedswitch
(doesnotsupportSTP)
Loopprotectionenablededge
portsthatconnecttounmanaged
switchesand/orauthenticated
clients
Switch
STPDomain
Spanningtreeenabledports
Webauthenticationclients 802.1Xauthenticationclients
Figure4-34. ExamplesofLoopProtectionEnabledinPreferencetoSTP
4-74
LoopProtection
ConfiguringLoopProtection
Loopprotectionprovidesprotectionagainstloopsbytransmittingloop
protocolpacketsoutofportsonwhichloopprotectionhasbeenenabled.
Whentheswitchsendsoutaloopprotocolpacketandthenreceivesthesame
packetonaportthathasareceiver-actionofsend-disableconfigured,itshuts
downtheportfromwhichthepacketwassent.
Toenableloopprotection:
1. Entertheloop-protectcommandandspecifytheport(s)onwhichloop
protectionshouldbeenabled.Forexample:
Pr oCur ve( conf i g) # l oop- pr ot ect 1- 4
2. Specifyareceiver-actionofsend-disabletoshutdowntheportintheevent
ofaloop.Forexample:
Pr oCur ve( conf i g) #l oop- pr ot ect 1 r ecei ver - act i on send-
di sabl e
Syntax:[no]loop-protect<port-list>[receiver-action<send-disable|no-disable>]|
[transmit-interval<1-10>]|[disable-timer<0-604800>]|[traploop-detected]
Allowsyoutoconfigureper-portloopprotectionontheswitch.
[receiver-action<send-disable|no-disable>]
Setstheactiontobetakenwhenaloopisdetectedonthe
specifiedportorports.Theportthatreceivestheloopprotec-
tionpacketdetermineswhatactionistaken.Ifsend-disable
isconfigured,theportthattransmittedthepacketisdisabled.
Ifno-disableisconfigured,theportisnotdisabledwhena
loopisdetected.
Default:send-disable
[traploop-detected]
AllowsyoutoconfigureloopprotectiontrapsforSNMP
indicatingwhenaloophasbeendetectedonaport.
[disable-timer<0-604800>]
Howlong(inseconds)aportisdisabledwhenaloophasbeen
detected.Avalueofzerodisablestheautore-enablefunction.
Default:Timerisdisabled
[transmit-interval<1-10>]
Allowsyoutoconfigurethetimeinsecondsbetweenthe
transmissionofloopprotectionpackets.
Default:5seconds
4-75

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
LoopProtection
Not e s Thereceiver-actionoptioncanbeconfiguredonaper-portbasisandcan
onlybeenabledafterloopprotectionhasbeenenabledontheport.All
otherconfigurationoptions(disable-timer,traploop-detected,andtransmit
interval)areglobal.
ThetrapoptionreferstoaSNMPtrap.
Regardlessofhowthereceiver-actionandtrapoptionsareconfigured,all
detectedloopswillbeloggedintheswitchseventlog.
Thenoloop-protect<port>commandwillnotremoveareceive-action
configurationlinefromtherunningconfigurationunlessthisoptionisset
toreceive-actionsend-disable.
ViewingLoopProtectionStatus
Todisplayinformationaboutportswithloopprotectionenabled,enterthe
showloop-protectcommand.
Syntax:showloop-protect<port-list>
Displaystheloopprotectionstatus.Ifnoportsarespecified,the
informationisdisplayedonlyfortheportsthathaveloopprotec-
tionenabled.
Forexample:
Pr oCur ve( conf i g) # show l oop- pr ot ect 1- 4
St at us and Count er s - Loop Pr ot ect i on I nf or mat i on
Tr ansmi t I nt er val ( sec) : 5
Por t Di sabl e Ti mer ( sec) : 5
Loop Det ect ed Tr ap : Enabl ed
Loop Loop Loop Ti me Rx Por t
Por t Pr ot ect i on Det ect ed Count Si nce Last Loop Act i on St at us
1 Yes No 0 send- di sabl e Up
Figure4-35. ExampleofShowLoop-ProtectDisplay
4-76
5
SwitchMeshing
Contents
Introduction .................................................. 5-2
SwitchMeshingFundamentals ................................. 5-4
Terminology ................................................ 5-4
OperatingRules ............................................. 5-5
UsingaHeterogeneousSwitchMesh ........................... 5-7
BringingUpaSwitchMeshDomain ............................ 5-8
FurtherOperatingInformation................................ 5-8
ConfiguringSwitchMeshing ................................... 5-9
Preparation................................................. 5-9
Menu:ToConfigureSwitch Meshing ........................... 5-9
CLI:ToConfigureandView SwitchMeshing ................... 5-12
CLI: ConfiguringSwitchMeshing ..... .................... 5-12
ViewingSwitchMeshStatus.............................. 5-13
OperatingNotesforSwitchMeshing .......................... 5-18
FloodedTraffic ............................................ 5-18
UnicastPacketswithUnknownDestinations ................... 5-19
SpanningTreeOperationwith SwitchMeshing ................. 5-20
Filtering/Securityin Meshed Switches ......................... 5-22
IPMulticast(IGMP)inMeshed Switches ...................... 5-22
StaticVLANs .............................................. 5-22
DynamicVLANs............................................ 5-23
JumboPackets............................................. 5-23
MeshDesignOptimization ............ ....................... 5-24
OtherRequirementsandRestrictions ......................... 5-25
5-1
SwitchMeshing
Introduction
Introduction
Switchmeshingisaload-balancingtechnologythatenhancesreliabilityand
performanceintheseways:
ProvidessignificantlybetterbandwidthutilizationthaneitherSpanning
TreeProtocol(MSTP)orstandardporttrunking.
Usesredundantlinksthatremainopentocarrytraffic,removingany
singlepointoffailurefordisablingthenetwork,andallowingquick
responsestoindividuallinkfailures.Thisalsohelpstomaximizeinvest-
mentsinportsandcabling.
Unliketrunkedports,theportsinaswitchmeshcanbeofdifferenttypes
andspeeds(10and100Mbps,gigabit,and10gigabit).Forexample,a
10Base-FLportanda1GBportcanbeincludedinthesameswitchmesh.
Switch 1
(Meshed)
Switch 4
(Meshed)
Switch 3
(Meshed)
Switch 2
(Meshed)
W
W W
W
Switch Mesh Domain
The mesh-configured ports in switches 1-4 form a Switch Mesh Domain
Non-MeshedPort
MeshedPort
Node"A" Node"B"
Figure5-1.ExampleofSwitchMeshing
5-2
SwitchMeshing
Introduction
FindingtheFastestPath.Usingmultipleswitchesredundantlylinked
togethertoformameshedswitchdomain,switchmeshingdynamically
distributestrafficacrossload-balancedswitchpathsbyseekingthefastest
pathsfornewtrafficbetweennodes.Inactualoperation,theswitchmesh
periodicallydeterminesthebest(lowestlatency)paths,thenassignsthese
pathsastheneedarises.ThepathassignmentremainsuntiltherelatedMAC
addressentrytimesout.Themeshseeslatertrafficbetweenthesamenodes
asnewtraffic,andmayassignadifferentpath,dependingonconditionsatthe
time.Forexample,atonetimethebestpathfromnodeAtonodeBisthrough
switch2.However,iftrafficbetweennodeAandnodeBceaseslongenough
forthepathassignmenttoageout,thenthenexttimenodeAhastrafficfor
nodeB,theassignedpathbetweenthesenodesmaybethroughswitch3if
networkconditionshavechangedsignificantly.
Not e Themac-age-timeparameterdetermineshowlonganinactivepathassignment
remainsinmemory.RefertoSystemInformationinthechaptertitled
InterfaceAccessandSystemInformationintheManagementandConfig-
urationGuideforyourswitch.
BecauseRedundantPathsAreActive,MeshingAdjustsQuicklytoLink
Failures. Ifalinkinthemeshfails,thefastconvergencetimedesignedinto
meshingtypicallyhasanalternaterouteselectedinlessthanasecondfor
trafficthatwasdestinedforthefailedlink.
MeshingAllowsScalableResponsestoIncreasingBandwidth
Demand. AsmorebandwidthisneededinaLANbackbone,anotherswitch
andanothersetoflinkscanbeadded.Thismeansthatbandwidthisnotlimited
bythenumberoftrunkportsallowedinasingleswitch.
MeshingFeatures
Viewingameshconfiguration n/a 5-9 5-13 n/a
ConfiguringaSwitchMesh n/a 5-9 5-17 n/a
5-3
SwitchMeshing
SwitchMeshingFundamentals
Terminology
SwitchMeshDomain. Thisisagroupofmeshedswitchportsexchanging
meshingprotocolpackets.Pathsbetweentheseportscanhavemultiple
redundantlinkswithoutcreatingbroadcaststorms.
Switch 2
Switch
Non-Mesh
Switch
Non-Mesh
Switch 3 Switch 4
Hub
Hub
Hub
Switch 1
W
W
W W
W
W
Switch Mesh Domain
Edge Switches: 1, 2, & 4
Figure5-2.ExampleofaSwitchMeshDomaininaNetwork
EdgeSwitch. Thisisaswitchthathassomeportsintheswitchmeshing
domainandsomeportsoutsideofthedomain.(Seefigure5-2,above.)
5-4
SwitchMeshing
OperatingRules
(SeealsoMeshDesignOptimizationonpage5-24.)
Ameshedswitchcanhavesomeportsinthemesheddomainandother
portsoutsidethemesheddomain.Thatis,portswithinthemesheddomain
mustbeconfiguredformeshing,whileportsoutsidethemesheddomain
mustnotbeconfiguredformeshing.
Meshedlinksmustbepoint-to-pointswitchlinks.
Onanyswitch,allmeshedportsbelongtothesamemeshdomain.
Aswitchcanhaveupto24meshedports.
Ameshdomaincanincludeupto12switches.
Uptofiveinter-switch,meshedhopsareallowedinthepathconnecting
twonodesthroughaswitchmeshdomain.Apathofsixormoremeshed
hopsbetweentwonodesisunusable.However,inmostmeshtopologies,
therewouldnormallybeashorterpathavailable,andpathsoffivehops
orfewerthroughthesamemeshwillcontinuetooperate.
Hublinksbetweenmeshedswitchlinksarenotallowed.
IftheswitchhasmultiplestaticVLANsandyouconfigureaportfor
meshing,theportbecomesataggedmemberofallsuchVLANs.Ifyou
removeaportfrommeshing,itbecomesanuntaggedmemberofonlythe
defaultVLAN.
Aportconfiguredasamemberofastatictrunk(LACPorTrunk)cannot
alsobeconfiguredformeshing.
IfaportbelongstoadynamicLACPtrunkandyouimposemeshingon
theport,itautomaticallyceasestobeamemberofthedynamictrunk.
Meshingisnotsupportedonportsconfiguredwith802.1Xaccesscontrol.
Onaportconfiguredformeshing,ifyousubsequentlyremovemeshing
fromtheportsconfigurationandreboottheswitch,theportreturnstoits
defaultconfiguration.(Itdoesnotreverttoanynon-defaultconfiguration
ithadbeforebeingconfiguredformeshing).
Inagivenmeshdomain,switchesinthesameproductfamilymustrun
thesameswitchsoftwareversion.Forexample,ifyouupdatethesoftware
versiononone8212zlswitch,thenyoumustupdatethesoftwareversion
onanyother8212zlswitchinthemesh.ProCurverecommendsthatyou
alwaysusethemostrecentsoftwareversionavailablefortheswitchesin
yournetwork.
Meshingandroutingfeatures(suchasIProuting,RIP,andOSPF)arenot
supportedatthesametimeonaswitch.Toenablemeshing,youmust
disablerouting,andviceversa.Switchmeshingandroutingcannotbe
enabledatthesametime.
5-5
SwitchMeshing
Thespanning-treeconfigurationmustbethesameforallswitchesinthe
mesh(enabledordisabled).Ifspanningtreeisenabledinthemesh,itmust
bethesameversiononallswitchesinthemesh:802.1D,802.1w,or802.1s.
IfaswitchinthemeshhasGVRPenabled,thenallswitchesinthemesh
musthaveGVRPenabled.Otherwise,trafficonadynamicVLANmaynot
passthroughthemesh.
Ifaswitchinthemeshhasaparticularstaticvlanconfigured,thenall
switchesinthemeshmusthavethatstaticvlanconfigured.
IfaswitchinthemeshhasIGMPenabled,thenallswitchesinthemesh
musthaveIGMPenabled.
IfaswitchinthemeshhasLLDPenabled,thenallswitchesinthemesh
musthaveLLDPenabled.
Afteraddingorremovingaportfromthemesh,youmustsavethecurrent
configurationandreboottheswitchinorderforthechangetotakeeffect.
Multiplemesheddomainsrequireseparationbyeitheranon-meshed
switchoranon-meshedlink.Forexample:
Switch
Non-Mesh
Mesh Domain
Mesh Domain
Mesh Domain
Mesh Domain
Non-MeshPorts
Non-MeshPorts
Non-MeshLink
Figure5-3.ExampleofMultipleMeshedDomainsSeparatedbyaNon-MeshSwitchoraNon-MeshLink
IfGVRPisenabled,meshedportsinaswitchbecomemembersofany
dynamicVLANscreatedintheswitchinthesamewaythattheywouldif
meshingwasnotconfiguredintheswitch.(FormoreonGVRP,referto
chapter3,GVRP.)
5-6
SwitchMeshing
Not e Aswitchmeshdomain(figure5-1onpage5-2)cannotincludeeither
aswitchthatisnotconfiguredformeshing,orahub.
Whereagivenpairofswitchesarelinkedwithmeshedports,youmust
notalsolinkthepairtogetherthroughnon-meshedportsunlessyou
havealsoenabledSTP,RSTP,orMSTPtopreventaloopfromforming.
Switch3
Switch1
Switch2
SwitchMesh
Domain
Thistopologyformsa
broadcastloopunless
youconfigureMSTP
onthenetwork.
Figure5-4.ExampleofanUnsupportedTopology
Theswitchblockstrafficonameshedportconnectedtoanon-
meshedportonanotherswitch.
Switchmeshingdoesnotallowtrunkedlinks(LACPorTrunk)
betweenmeshedports.
Linkinganon-meshdeviceorportintothemeshcausesthemeshedswitch
port(s)connectedtothatdevicetoshutdown.
UsingaHeterogeneousSwitchMesh
YoucanusetheswitchescoveredinthisguidewiththeProCurveSeries5300xl
switchesinnormalmode.
5-7
SwitchMeshing
Figure5-5.ExampleofaSupportedHeterogeneousTopologyinNormalMode
Host
(Bothlinks
usethe
sameMAC
address.)
8212zl
Switch
Switch
5300xl
LAN
TaggedVLAN20
Creatingthemeshwith
onlyone8212zlswitch
connectedtothehost,
andusingtagged
VLANsformultiple
connectionsbetween
thehostandthemeshed
switchallowsnormal
meshingoperation.
MeshDomain
UntaggedVLAN1
8212zl
Switch
8212zl
Switch
BringingUpaSwitchMeshDomain
Whenameshedportdetectsanon-meshedportontheoppositeendofapoint-
to-pointconnection,thelinkwillbeblocked.Thus,asyoubringupswitch
meshingonvariousswitches,youmaytemporarilyexperienceblockedports
wheremeshedlinksshouldberunning.Theseconditionsshouldclearthem-
selvesafterallswitchesinthemeshhavebeenconfiguredformeshingand
theirswitchesrebooted.Toreducetheeffectofblockedportsduringbring-
up,configuremeshingandreboottheswitchesbeforeinstallingthemeshed
switchesinthenetwork.Also,sinceadding(orremoving)ameshedport
requiresaswitchreboottoimplement,youcanavoidrepeatedsystemdisrup-
tionsbywaitingtoimplementthemeshuntilyouhavefinishedconfiguring
meshingonallportsinyourintendedmeshdomain.
FurtherOperatingInformation
RefertoOperatingNotesforSwitchMeshingonpage5-18.
5-8
SwitchMeshing
ConfiguringSwitchMeshing
Preparation
Beforeconfiguringswitchmeshing:
ReviewtheOperatingRules(page5-5),andparticularlytherestrictions
andrequirementsforusingswitchmeshinginenvironmentsthatinclude
statictrunks,multiplestaticVLANs,GVRP,IGMP,andMSTP.
Toavoidunnecessarysystemdisruption,planthemeshbring-uptomini-
mizetemporaryport-blocking.(RefertoBringingUpaSwitchMesh
Domainonpage5-8.)
Toviewthecurrentswitchmeshstatusontheswitch,usetheCLIshow
meshcommand(page5-13).
Menu:ToConfigureSwitchMeshing
2.Port/TrunkSettings
2. Press[E](forEdit)toaccesstheloadbalancingparameters.
Figure5-6.ExampleoftheScreenforConfiguringPortsforMeshing
5-9
SwitchMeshing
3. IntheGroupcolumn,movethecursortotheportyouwanttoassignto
theswitchmesh.
4. Press[M]tochooseMeshfortheselectedport.
5. Usetheup-arrowordown-arrowkeytoselectthenextportyouwantto
includeinyourmeshdomain,thenpress[M]again.Forexample,ifyou
wereaddingportsA1andA2toyourmeshdomain,thescreenwould
appearsimilartofigure5-7:
PortsA1andA2configured
formeshing.
Figure5-7.ExampleofMeshGroupAssignmentsforSeveralPorts
6. Repeatstep5forallportsyouwantinthemeshdomain.
Not e s Formeshedports,leavetheTypesettingblank.(Meshedportsdonotaccept
aTypesetting.)
Allmeshedportsintheswitchautomaticallybelongtothesamemeshdomain.
(Seefigure5-2onpage5-4.)
7. Whenyoufinishassigningportstotheswitchmesh,press[Enter],then[S]
(forSave).Youwillthenseethefollowingscreen.
5-10
SwitchMeshing
Theasteriskindicates
thatyoumustreboot
theswitchtocausethe
Meshconfiguration
changetotakeeffect.
Figure5-8.AfterSavingaMeshConfigurationChange,ReboottheSwitch
8. Press[0]toreturntotheMainmenu.
9. Toactivatethemeshassignment(s)fromtheMainmenu,rebootthe
switchbypressingthefollowingkeys:
a. [6](forRebootSwitch)
b. Spacebar(toselectYes).
c. 13(tostarttherebootprocess).
(Theswitchcannotdynamicallyreconfigureportstoenableordisablemesh-
ing,soitisalwaysnecessarytoreboottheswitchafteraddingordeletinga
portintheswitchmesh.)
5-11
SwitchMeshing
CLI:ToConfigureandViewSwitchMeshing
ConfigurationandPortStatusFeatures
configuringswitchmeshing Disabled n/a n/a
viewingswitchmeshstatus n/a n/a below n/a
CLI:ConfiguringSwitchMeshing
Syntax: [no]mesh[e]<port-list>
Enablesordisablesmeshingoperationonthespecifiedports.
Allmeshedportsonaswitchbelongtothesamemeshdomain.Thus,to
configuremultiplemeshedportsonaswitch,youneedto:
1. Specifytheportsyouwanttooperateinthemeshdomain.
2. Usewritememorytosavetheconfigurationtothestartup-configfile.
3. Reboottheswitch.Forswitcheswithredundantmanagementmodules,
suchas8200zlswitches,youmustrebootbothmanagementmodules.Use
thebootsystemcommand.
Forexample,toconfiguremeshingonportsA1-A4,B3,C1,andD1-D3:
Figure5-9.ExampleofHowToConfigurePortsforMeshing
Toremoveaportfrommeshing,usethe"no"versionofmesh,followedbywrite
memoryandrebootingtheswitch.Forexample,toremoveportC1fromthe
mesh:
Figure5-10.ExampleofRemovingaPortfromtheMesh
5-12

SwitchMeshing
ViewingSwitchMeshStatus
Therearethreecommandsforviewingmeshstatusonaswitch:
showmesh
showmeshmac-address
showmeshtraceroutemac-address<MAC-addr>vlan<vid>
Syntax: showmesh
Liststheswitchportsconfiguredformeshing,alongwiththe
Stateofeachmesh-configuredconnection,thehostnameand
MACaddressoftheswitchontheoppositeendofthelink
(AdjacentSwitch),theMACaddressoftheportontheopposite
endofthelink(PeerPort),andwhetherornotanymesh
warningshavebeengenerated.Meshwarningsarewritten
totheeventlog.
Theswitchpresentsshowmeshoutputinthisformat:
Adj acent Host s
Por t St at e | Host name Addr ess Peer Por t Mesh War ni ng
- - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
See t he l og f i l e f or det ai l s of war ni ngs.
ThePortcolumnliststheportsontheswitchthathavebeenconfiguredfor
meshing.
Stateshowstheoperatingstateoftheport:
EstablishedTheportislinkedtoameshedportonanotherswitchand
meshingtrafficisflowingacrossthelink.Theshowmeshlistingincludes
theMACaddressesoftheadjacentswitchanddirectconnectionporton
theadjacentswitch.
NotEstablishedTheportmaybelinkedtoaswitchonaportthatisnot
configuredformeshingorhasgonedown.
InitialTheporthasjustcomeupasameshedportandistryingto
negotiatemeshing.
DisabledTheportisconfiguredformeshingbutisnotconnectedto
anotherdevice.
5-13
SwitchMeshing
ErrorIndicatesamultipleMAC-addresserror.Thisoccurswhenyou
havetwoormoremeshportsfromthesameswitchlinkedtogether
throughahub.
TopologyErrorTwomeshedswitchesareconnectedviaahub,andtraffic
fromother,non-mesheddevices,isflowingintothehub.Theshowmesh
listingincludestheMACaddressesoftheadjacentswitchanddirect
connectionportontheadjacentswitch.
Hostnameisthenameoftheadjacentswitch(theswitchattheotherendof
thelink).
AddressisthebaseMACaddressoftheadjacentswitch.
PeerportistheMACaddressoftheportontheadjacentswitchtowhichthe
meshlinkconnects.
MeshWarningindicateswhetherthemeshingprocesshasgeneratedawarning
forthemeshlink:
Yesoneormorewarningmessageshavebeengeneratedandwritten
totheeventlog.Usetheshowlogcommandtoseethewarning(s).
Nonowarningmessageshavebeengeneratedbythemeshingprocess
forthisport.
5-14

SwitchMeshing
Example. Forthetopologywithafour-switchmeshshowninFigure5-11,a
showmeshcommandissuedontheNorthswitchwouldproducethefollowing
output:
Nor t h# show mesh
Adj acent Host s
Por t St at e | Host name Addr ess Peer Por t Mesh War ni ng
- - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
13 Est abl i shed | East 001560- f 9e300 001560- f 9f 3f 3 No
14 Est abl i shed | Sout h 001f 28- 244a00 001f 28- 245ac3 No
15 Est abl i shed | West 001279- 884300 001279- 8853f 3 No
See t he l og f i l e f or det ai l s of war ni ngs.
Figure5-11. MeshTopologyExample
5-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SwitchMeshing
Syntax: showmeshmac-address
Listsinformationaboutdevicesconnectedtotheswitch
mesh.
Theswitchpresentsshowmeshmac-addressoutputinthisformat:
MAC Addr ess VLAN Por t Owner Swi t ch Host name
MACAddressistheMACaddressofthedeviceconnectedtotheswitchmesh.
VLANistheVLANoftheswitchmesh.
PortistheportontheoriginatingswitchthroughwhichthedevicesMAC
addresswasobtained.
OwnerSwitchisthebaseMACaddressoftheswitchtowhichthedeviceis
connected.
Hostnameisthehostnameoftheswitchtowhichthedeviceisconnected.
Notethattheinformationshownbytheshowmeshmac-addresscommandis
notstatic.Addressesageoutofaswitchsmeshingaddresstableafterapprox-
imatelyfiveminutesofinactivity,andtheswitchesinameshexchange
meshingaddressinformationatintervalsofapproximatelyfiveminutes.So
clientdevicesthatappearinthelistingmayhavedisappearedthenexttime
youviewthelisting.Ifyouwishtoseedeviceinformationforadevicethatis
nolongershownintheMACaddresslisting,asimplewaytoactivatethe
devicesentryinthemeshingaddresstableandmakeitsMACaddress
reappearinthelistingistopingthedevicesIPaddress.
Example. ForthemeshtopologyshowninFigure5-11,thisshowmeshmac-
addresscommandissuedfromtheNorthswitchgivesthefollowingdevice
information:
Nor t h# show mesh mac- addr ess
MAC Addr ess VLAN Por t Owner Swi t ch Host name
001517- 0bdc0c 1 14 001f 28- 244a00 Sout h
001517- 0bdc8d 1 13 001560- f 9e300 East
000e0c- 33b2a8 1 15 001279- 884300 West
Ther e ar e 3 addr esses i n t he meshi ng addr ess t abl e
ThislistingshowstheMACaddressesoftheclientsconnectedtotheSouth,
East,andWestswitches.
5-16

SwitchMeshing
Syntax: showmeshtraceroutemac-address<MAC-addr>vlan<vid>
Tracestheroutefromasourceswitchinameshtoadevice
connectedtothemesh.
<MAC-addr>istheMACaddressofthetargetdevice.
<vid>istheVLANnumberofthemesh(between1and4094).
Theswitchpresentsshowmeshtraceroute outputinthisformat:
Tr acer out e t o MAC Addr ess: VI D:
Hop Addr ess Host name I nbound- Por t Out bound- Por t
Tr ace r out e i s compl et ed. Tot al hops t o dest i nat i on i s
Hopisthehopcountofthetrace,beginningat0.
AddressisthebaseMACaddressoftheswitchinvolvedinthehop.
Hostnameisthehostnameoftheswitchinvolvedinthehop.
Inbound-Portisthenumberoftheportthroughwhichthetraceentersthe
switch.
Outbound-Portisthenumberoftheportthroughwhichthetraceexitsthe
switch.
Thedirectionofthetraceisfromtheoriginatingswitchtothetargetdevice.
Example. FortheexamplemeshtopologyshowinFigure5-11,thefollowing
switchmeshtraceroutecommandtracestheroutetotheclientattachedto
theSouthswitch.
Nor t h# show mesh t r acer out e mac- addr ess 001517- 0bdc0c vl an 1
Tr acer out e t o MAC Addr ess: 001517- 0bdc0c VI D: 1
Hop Addr ess Host name I nbound- Por t Out bound- Por t
0 0024a8- d60b80 Nor t h 13
1 001560- f 9e300 East A13 A14
2 001f 28- 244a00 Sout h C14 A1
Tr ace r out e i s compl et ed. Tot al hops t o dest i nat i on i s 3
Notethatinthiscasethetracetraversestwolinks(North-to-EastandEast-
to-South),ratherthangoingdirectlyfromtheNorthswitchtotheSouth
switch.Themeshchoosestheroutebasedontrafficloadsonthelinksand
otherfactors;asaresult,themeshmaychoosedifferentpathsbetweenany
twopointsatdifferenttimes.Youmaynoticethesedifferenceswhenyoutrace
routesthroughthemesh.
5-17
SwitchMeshing
OperatingNotesforSwitchMeshing
Inaswitchmeshdomaintrafficisdistributedacrosstheavailablepathswith
anefforttokeeplatencythesamefrompathtopath.Thepathselectedatany
timeforaconnectionbetweenasourcenodeandadestinationnodeisbased
ontheselatencyandthroughputcostfactors:
Outboundqueuedepth,orthecurrentoutboundloadfactorforanygiven
outboundportinapossiblepath
Portspeed,suchas10Mbpsversus100Mbps;full-duplexorhalf-duplex
Inboundqueuedepth,orhowbusyadestinationswitchisinapossible
path
Increasedpacketdrops,indicatinganoverloadedportorswitch
Pathshavingalowercostwillhavemoretrafficaddedthanthosehavinga
highercost.Alternatepathsandcostinformationisdiscoveredperiodically
andcommunicatedtotheswitchesinthemeshdomain.Thisinformationis
usedtoassigntrafficpathsbetweendevicesthatarenewlyactiveonthemesh.
Thismeansthatafteranassignedpathbetweentwodeviceshastimedout,
newtrafficbetweenthesametwodevicesmaytakeadifferentpaththan
previouslyused.
Todisplayinformationontheoperatingstatesofmeshedportsandthe
identitiesofadjacentmeshedportsandswitches,seeViewingSwitchMesh
Statusonpage5-13.
FloodedTraffic
Broadcastandmulticastpacketswillalwaysusethesamepathbetweenthe
sourceanddestinationedgeswitchesunlesslinkfailurescreatetheneedto
selectnewpaths.(Broadcastandmulticasttrafficenteringthemeshfrom
differentedgeswitchesarelikelytotakedifferentpaths.)Whenanedgeswitch
receivesabroadcastfromanon-meshport,itfloodsthebroadcastoutallits
othernon-meshports,butsendsthebroadcastoutonlythoseportsinthemesh
thatrepresentthepathfromthatedgeswitchthroughthemeshdomain.(Only
onecopyofthebroadcastpacketgetstoeachedgeswitchforbroadcastout
ofitsnonmeshedports.Thishelpstokeepthelatencyforthesepacketsto
eachswitchaslowaspossible.)
5-18
SwitchMeshing
Figure5-12.ExampleofaBroadcastPathThroughaSwitchMeshDomain
W
W W
W
Switch Mesh Domain
A
B
C
D
E
SwitchesA,B,C,&D
areEdgeSwitches
Anymeshswitchesthatarenotedgeswitcheswillfloodthebroadcastpackets
onlythroughports(paths)thatlinktoseparateedgeswitchesinthecontrolled
broadcasttree.Theedgeswitchesthatreceivethebroadcastwillfloodthe
broadcastoutallnon-meshedports.Somevariationsonbroadcast/multicast
trafficpatterns,includingthesituationwheremultipleVLANsareconfigured
andabroadcastpaththroughthemeshdomainleadsonlytoportsthatarein
thesameVLANasthedeviceoriginatingthebroadcast.
UnicastPacketswithUnknownDestinations
Ameshedswitchreceivingaunicastpacketwithanunknowndestinationdoes
notfloodthepacketontothemesh.Instead,theswitchsendsaqueryonthe
meshtolearnthelocationoftheunicastdestination.Themeshedswitches
thensend802.2testpacketsthroughtheirnon-meshedports.Aftertheunicast
destinationisfoundandlearnedbythemesh,subsequentpacketshavingthe
samedestinationaddresswillbeforwarded.ByincreasingtheMACAgeTime
youcancausetheswitchaddresstabletoretaindeviceaddresseslonger.(For
moreonMACAgeTime,refertoSystemInformationinthechaptertitled
InterfaceAccessandSystemInformationintheManagementandConfig-
urationGuideforyourswitch.)Becausetheswitchesinameshexchange
addressinformation,thiswillhelptodecreasethenumberofunicastpackets
withunknowndestinations,whichimproveslatencywithintheswitchmesh.
Also,inanIPenvironment,ProCurverecommendsthatyouconfigureIP
addressesonmeshedswitches.Thismakesthediscoverymechanismmore
robust,whichcontributestodecreasedlatency.
5-19
SwitchMeshing
SpanningTreeOperationwithSwitchMeshing
UsingMSTPwithseveralswitchesandnoswitchmeshingconfiguredcan
resultinunnecessarilyblockinglinksandreducingavailablebandwidth.For
example:
Switch
Mesh
Domain
Problem:
MSTPenabledand
creatingtraffic
bottlenecks.
Solution:
Enablingmeshingonlinksbetween
switchportsremovesMSTPblocks
onmeshedredundantlinks.
Switch
Server
Switch
Server
Switch Switch
Switch Switch
Meshed
Switch
Server
Meshed
Switch
Server
Meshed
Switch
Meshed
Switch
Switch Switch
= MSTPBlockingaRedundantLink
Figure5-13.ExampleUsingSTPWithoutandWithSwitchMeshing
Ifyouaregoingtousespanning-treeinaswitchmesh,allswitchesinthemesh
shouldbeconfiguredwiththesametypeofspanning-tree:802.1d/STP,802.1w/
RSTP,or802.1s/MSTP.Spanning-Treeinterpretsamesheddomainasasingle
link.However,onedgeswitchesinthedomain,MSTPwillmanagenon-
meshedredundantlinksfromotherdevices.Forexample:
5-20
SwitchMeshing
=Non-meshSwitchPorts
Figure5-14.ConnectingaSwitchMeshDomaintoNon-MeshedDevices
NoteontheEdge-
PortModeinMSTP
WhenusingMSTPandinterconnectingswitchescoveredinthisguideina
meshwithswitchesthatarenotinthemesh,allthenon-meshswitchports
(asindicatedinthefigureabove)shouldhavetheedge-portparameterdis-
abled.
MSTPshouldbeconfiguredonnon-meshdevicesthatuseredundantlinksto
interconnectwithotherdevicesorwithmultipleswitchmeshdomains.For
example:
Mesh Domain
STP
Block
STP
Block
Mesh Domain
Non-MeshSwitch
Non-MeshSwitch
Figure5-15.InterconnectingSwitchMeshDomainswithRedundantLinks
Intheabovecaseofmultipleswitchmesheslinkedwithredundanttrunks
thereisthepossibilitythatspanning-treewilltemporarilyblockameshlink.
Thisisbecauseitispossibleforspanning-treetointerpretthecostonan
externaltrunkedlinktobelessthanthecostonameshedlink.However,if
thisconditionoccurs,themeshedswitchthathasablockedlinkwillautomat-
5-21
SwitchMeshing
icallyincreasethecostontheexternal(non-meshed)linktothepointwhere
spanningtreewillblocktheexternallinkandunblockthemeshedlink.This
processtypicallyresolvesitselfinapproximately30seconds.
Ca u t i o n Spanningtreeinterpretsaswitchmeshasasinglelink.Becausetheswitch
automaticallygivesfasterlinksahigherpriority,thedefaultspanning-tree
parametersettingsareusuallyadequateforspanningtreeoperation.Also,
becauseincorrectspanningtreesettingscanadverselyaffectnetworkperfor-
mance,youshouldnotmakechangesunlessyouhaveastrongunderstanding
ofhowspanningtreeoperates.
Inameshenvironment,thedefaultMSTPtimersettings(HelloTimeand
ForwardDelay)areusuallyadequateforMSTPoperation.Becauseapacket
crossingameshmaytraverseseverallinkswithinthemesh,usingsmaller-
than-defaultsettingsfortheMSTPHelloTimeandForwardDelaytimerscan
causeunnecessarytopologychangesandend-nodeconnectivityproblems.
Formoreonspanning-tree,refertochapter4,MultipleInstanceSpanning-
TreeOperationinthisguide.Also,youmaywanttoexaminetheIEEE802.1d,
802.1w,or802.1sstandards,dependingonwhichversionofspanning-treeyou
areusing.Theswitchescoveredinthisguideuse802.1s.
Filtering/SecurityinMeshedSwitches
Becausepathsthroughthemeshcanvarywithnetworkconditions,configur-
ingfiltersonmeshedportscancreatetrafficproblemsthataredifficultto
predict,andisnotrecommended.However,configuringfiltersonnonmeshed
portsinanedgeswitchprovidesyouwithcontrolandpredictability.
IPMulticast(IGMP)inMeshedSwitches
Liketrunkedports,theswitchmeshdomainappearsasasingleporttoIGMP.
However,unliketrunkedports,IGMPprotocolandmulticasttrafficmaybe
sentoutoverseverallinksinthemeshinthesamemannerasbroadcast
packets.
StaticVLANs
InanetworkhavingaswitchmeshdomainandmultiplestaticVLANsconfig-
ured,allstaticVLANsmustbeconfiguredoneachmeshedswitch,evenifno
portsontheswitchareassignedtoanyVLAN.(Theswitchmeshisamember
ofallstaticVLANsconfiguredontheswitchesinthemesh.)
5-22
SwitchMeshing
WhenstaticVLANsareconfigured,themeshisseenasasingleentitybyeach
VLAN.AllportsinthemeshdomainaremembersofallVLANsandcanbe
usedtoforwardtrafficforanyVLAN.However,thenon-meshportsonedge
switchesthatallowtraffictomovebetweenthemeshandnon-mesheddevices
belongtospecificVLANsanddonotallowpacketsoriginatinginaspecific
VLANtoenternon-mesheddevicesthatdonotbelongtothatsameVLAN.(It
isnecessarytousearoutertocommunicatebetweenVLANs.)Forexample,
inthefollowingillustration,trafficfromhostAenteringtheswitchmeshcan
onlyexitthemeshattheportforhostsBandE.TrafficfromhostAforany
otherhost(suchasCorD)willbedroppedbecauseonlyhostsBandEarein
thesameVLANashostA.
Figure5-16.VLANOperationwithaSwitchMeshDomain
A
B
D
E
C
Switch Mesh Domain
Red
VLAN
Red
VLAN
Red VLAN Red VLAN Red VLAN
Blue
VLAN
Blue
VLAN
Blue VLAN Blue VLAN Blue VLAN
(Red VLAN)
(Red VLAN)
(Red VLAN)
(Blue VLAN)
(Blue VLAN)
All ports the mesh domain are members of all VLANs. inside
DynamicVLANs
IfGVRPisenabled,meshedportsinaswitchbecomemembersofanydynamic
VLANscreatedintheswitchinthesamewaythattheywouldifmeshingwas
notconfiguredintheswitch.(FormoreonGVRP,refertochapter3,GVRP.)
JumboPackets
IfyouenablejumbotrafficonanyVLAN,thenallmeshedportsontheswitch
willbeenabledtosupportjumbotraffic.(Onagivenmeshedswitch,every
meshedportbecomesamemberofeveryVLANconfiguredontheswitch.)If
aportinamesheddomaindoesnotbelongtoanyVLANsconfiguredtosupport
jumbotraffic,thentheportdropsanyjumbopacketsitreceivesfromother
5-23
SwitchMeshing
devices.Inthisregard,ifameshdomainincludesanyProCurve8212zl
switches,6200ylswitches,Series5400zlswitches,Series3500ylswitches,
Series3400clorSeries6400clswitchesthatareconfiguredtosupportjumbo
traffic,onlytheseswitchescantransmitandreceivejumbopackets.Other
switchmodelsinthemeshwilldropjumbopacketsastheyarenotsupported
bythoseswitches.Formoreinformationonjumbopackets,refertothe
chaptertitledPortTrafficControlsintheManagementandConfiguration
Guideforyourswitch.
MeshDesignOptimization
Meshperformancecanbeenhancedbyusingmeshdesignsthatareassmall
andcompactaspossiblewhilestillmeetingthenetworkdesignrequirements.
Thefollowingarelimitsonthedesignofmeshesandhavenotchanged:
1. Anyswitchinthemeshcanhaveupto24meshedports.
2. Ameshdomaincancontainupto12switches.
3. Upto5inter-switchmeshedhopsareallowedinthepathconnectingtwo
nodes.
4. Afullyinterconnectedmeshdomaincancontainupto5switches.
Meshperformancecanbeoptimizedbykeepingthenumberofswitchesand
thenumberofpossiblepathsbetweenanytwonodesassmallaspossible.As
meshcomplexitygrows,theoverheadassociatedwithdynamicallycalcu-
latingandupdatingthecostofallofthepossiblepathsbetweennodesgrows
exponentially.Costdiscoverypacketsaresentoutbyeachswitchinthemesh
every30secondsandarefloodedtoallmeshports.Returnpacketsincludea
costmetricbasedoninboundandoutboundqueuedepth,portspeed,number
ofdroppedpackets,etc.Also,asmeshcomplexitygrows,thenumberofhops
overwhichadownedlinkhastobereportedmayincrease,therebyincreasing
thereconvergencetime.
Thesimplestdesignisthetwo-tierdesignbecausethenumberofpossible
pathsbetweenanytwonodesiskeptlowandanybadlinkwouldhavetobe
communicatedonlytoit'sneighborswitch.
Otherfactorsaffectingtheperformanceofmeshnetworksincludethenumber
ofdestinationaddressesthathavetobemaintained,andtheoveralltraffic
levelsandpatterns.Howeveraconservativeapproachwhendesigningnew
meshimplementationsistousethetwo-tierdesignandlimitthemeshdomain
toeightswitcheswherepossible.
5-24
SwitchMeshing
Switch1 Switch2
Switch3 Switch4 Switch5 Switch6 Switch7 Switch8
Asshownhere,meshing
allowsmultipleredundant
linksbetweenswitchesinthe
domain,andmorethanone
linkisallowedbetweenany
twoswitchesinthedomain.
Notealsothataswitchcan
haveupto24portsconfigured
formeshing.
Figure5-17.ExampleofaTwo-TierMeshDesign
Switch
5
Switch
1
Switch
2
Switch
4
Switch
3
Asnotedabove,aswitch
canhaveupto24ports
configuredformeshing.
Figure5-18.ExampleofaFullyInterconnectedMeshwiththeMaximumSwitchCount
Otherfactorsaffectingtheperformanceofmeshnetworksincludethenumber
ofdestinationaddressesthathavetobemaintained,andtheoveralltraffic
levelsandpatterns.Howeveraconservativeapproachwhendesigningnew
meshimplementationsistousethetwo-tierdesignandlimitthemeshdomain
toeightswitcheswherepossible.
OtherRequirementsandRestrictions
MeshSupportWithintheDomain:Allswitchesinthemeshdomain,
includingedgeswitches,mustsupporttheProCurveswitchmeshing
protocol.
SwitchHopCountintheMeshDomain:Amaximumoffive(meshed)
switchhopsisallowedinthepathconnectingtwonodesinaswitchmesh
domain.Apathofsixmeshedhopsisunusable.However,thisdoesnot
interferewithother,shorterpathsinthesamedomain.
5-25
SwitchMeshing
ConnectingMeshDomains:Toconnecttwoseparateswitchmeshing
domains,youmustusenon-meshedports.(Thenon-meshedlinkcanbe
aporttrunkorasinglelink.)Refertofigure5-3onpage5-6.
MultipleLinksBetweenMeshedSwitches:Multiplemeshportscan
beconnectedbetweenthesametwoswitches,toprovidehigherband-
width.Eachportthatyouwantinthemeshdomainshouldbeconfigured
asMesh(andnotasatrunkTrk).Notethatifyouconfigureaportas
Mesh,thereisnoTypeselectionforthatport.
NetworkMonitorPort:Ifanetworkmonitorportisconfigured,broad-
castpacketsmaybeduplicatedonthisportifmorethanoneportisbeing
monitoredandswitchmeshingisenabled.
CompatibilitywithOtherSwitches:Theswitchescoveredinthisguide
operatewiththeSeries5300xlswitchesinnormalmode.
Rate-LimitingNotRecommendedonMeshedPorts:Rate-Limiting
canreducetheefficiencyofpathsthroughameshdomain.
(SeealsoOperatingRulesonpage5-5.)
Foradditionalinformationontroubleshootingmeshingproblems,referto
UsingaHeterogeneousSwitchMeshonpage5-7andMesh-RelatedProb-
lemsinappendixC,TroubleshootingoftheManagementandConfiguration
Guideforyourswitch.
5-26
6
QualityofService:ManagingBandwidthMore
Effectively
Contents
UsingQualityofServicePolicies ............................... 6-4
QoSTerminology.............................................. 6-7
QoSOperation ................................................ 6-9
Globally-ConfiguredQoS ............. ....................... 6-10
Classifier-BasedQoS ....................................... 6-11
QoSPacketClassification .................................... 6-12
Globally-ConfiguredPacketClassification ..................... 6-12
Classifier-BasedMatchCriteria............................... 6-13
QoSTrafficMarking.......................................... 6-14
Globally-ConfiguredTrafficMarking .......................... 6-14
Layer2802.1pPrioritization .............................. 6-14
Layer3DSCPMarking................................... 6-16
VLANandUntaggedVLANEnvironments .................. 6-17
Classifier-BasedTrafficMarking.............................. 6-18
Globally-ConfiguredQoS ..................................... 6-19
GlobalQoSConfigurationProcedure .......................... 6-19
ViewingaGlobalQoSConfiguration .......................... 6-21
GlobalQoSRestrictions ..................................... 6-22
GlobalTCP/UDPClassifier ........... ....................... 6-24
Assigningan802.1pPriorityforaGlobalTCP/UDPClassifier . 6-25
OperatingNotesonUsingTCP/UDPPortRanges ............ 6-26
AssigningaDSCPPolicyforaGlobalTCP/UDPClassifier .... 6-27
DisplayingResource Usage forQoSPolicies ................... 6-32
GlobalIP-DeviceClassifier .................................. 6-33
AssigningaPriorityforaGlobalIP-DeviceClassifier......... 6-34
AssigningaDSCPPolicyForaGlobalIP-DeviceClassifier .... 6-36
6-1
QualityofService:ManagingBandwidthMoreEffectively
Contents
GlobalIPType-of-ServiceClassifier ........................... 6-41
IPv4 ToS/IPv6 Traffic ClassByte .......................... 6-42
IP-PrecedenceClassifier ................................. 6-44
Assigningan802.1pPriorityforaGlobalIP-DiffservClassifier 6-45
AssigningaDSCPPolicyforaGlobalIP-DiffservClassifier ... 6-49
ComparisonofGlobalIPType-of-ServiceClassifiers ......... 6-53
GlobalLayer-3 ProtocolClassifier ............................ 6-54
AssigningaPriorityforaGlobalLayer-3ProtocolClassifier... 6-54
GlobalVLAN-ID Classifier................................... 6-56
AssigningaPriorityforaGlobalVLAN-IDClassifier ......... 6-56
AssigningaDSCPPolicyforaGlobalVLAN-IDClassifier ..... 6-58
GlobalSource-PortClassifier ......... ....................... 6-62
AssigningaPriorityforaGlobalSource-PortClassifier....... 6-62
AssigningaDSCPPolicyforaGlobalSource-PortClassifier .. 6-64
IPMulticast(IGMP) Interaction withQoS...................... 6-69
AdvancedClassifier-BasedQoS ............................... 6-70
Classifier-BasedQoSModel........... ....................... 6-71
Classifier-BasedQoSConfigurationProcedure ................. 6-71
ConfiguringQoSActionsinaPolicy........................... 6-76
OverrideofGlobalQoSSettings ....... ....................... 6-81
ViewingaClassifier-BasedQoSConfiguration .................. 6-82
Classifier-BasedQoSRestrictions............................. 6-86
Interactionwith OtherSoftware Features ...................... 6-86
Classifier-BasedQoSConfigurationExamples .................. 6-87
QoSPolicyforLayer 4TCP/UDPTraffic ................... 6-88
QoSPolicy forSubnetTraffic ............................. 6-88
DifferentiatedServicesCodepoint(DSCP)Mapping ........... 6-89
DefaultPrioritySettingsforSelectedCodepoints ............... 6-90
DisplayingNon-DefaultCodepointSettings ................. 6-91
NotesonChangingaPrioritySetting .......................... 6-92
ErrorMessagesforDSCPPolicy Changes .................. 6-93
WhenOneorMoreClassifiersAreCurrentlyUsingthePolicy . 6-94
QoSQueueConfiguration .................................... 6-97
6-2
Contents
ConfiguringtheNumberofPriorityQueues.................... 6-98
ViewingtheQoSQueueConfiguration........................ 6-100
6-3
UsingQualityofServicePolicies
AQualityofService(QoS)networkpolicyreferstothenetwork-widecontrols
youcanimplementto:
Ensureuniformandefficienttraffic-handlingthroughoutyournetwork,
whilekeepingthemostimportanttrafficmovingatanacceptablespeed,
regardlessofcurrentbandwidthusage.
Exercisecontrolovertheprioritysettingsofinboundtrafficarrivingin
andtravellingthroughyournetwork.
Addingbandwidthisoftenagoodidea,butitisnotalwaysfeasibleanddoes
notcompletelyeliminatethepotentialfornetworkcongestion.Therewill
alwaysbepointsinthenetworkwheremultipletrafficstreamsmergeorwhere
networklinkschangespeedandcapacity.Theimpactandnumberofthese
congestionpointswillincreaseovertimeasmoreapplicationsanddevices
areaddedtothenetwork.
When(notif)networkcongestionoccurs,itisimportanttomovetrafficon
thebasisofrelativeimportance.However,withoutQualityofService(QoS)
prioritization,lessimportanttrafficcanconsumenetworkbandwidthand
slowdownorhaltthedeliveryofmoreimportanttraffic.Thatis,withoutQoS,
mosttrafficreceivedbytheswitchisforwardedwiththesamepriorityithad
uponenteringtheswitch.Inmanycases,suchtrafficisnormalpriorityand
competesforbandwidthwithallothernormal-prioritytraffic,regardlessof
itsrelativeimportancetoyourorganizationsmission.
UseQoStoclassifyandprioritizenetworktraffic.QualityofServiceis
usedtoclassifyandprioritizetrafficthroughoutanetwork.QoSenablesyou
toestablishanend-to-endtraffic-prioritypolicytoimprovethecontroland
throughputofimportantdata.Youcanmanageavailablebandwidthsothat
themostimportanttrafficgoesfirst.Forexample,youcanuseQualityof
Serviceto:
Upgradeordowngradetrafficfromvariousservers.
ControlthepriorityoftrafficfromdedicatedVLANsorapplications.
Changetheprioritiesoftrafficfromvarioussegmentsofyournetworkas
yourbusinessneedschange.
Setprioritypoliciesinedgeswitchesinyournetworktoenabletraffic-
handlingrulesacrossthenetwork.
6-4
EdgeSwitch
HonorPriority
Downstream
Switch
Classifyinboundtraffic
ontheseClass-of-
HonorNewPriority
Downstream Downstream
TaggedVLANsonsome
Service(CoS)types:
Switch Switch orallinboundand
IP-device(address) outboundports.
TaggedVLANson TaggedVLANsonat
Protocol(LAN) inboundandoutbound leastsomeinbound
ports.
ports. onCoStypes.
VLAN-ID(VID).
Trafficarriveswith Trafficarriveswiththe
prioritysetbyedge
Changepriorityon Source-Port
prioritysetintheVLAN
Apply802.1ppriorityto
selectedCoStype(s).
switch tag.Carrypriority
Forwardwith802.1p
selectedoutbound
downstreamontagged
priority. Forwardwith802.1p
trafficontaggedVLANs.
VLANs.
SetPriority
priority.
ChangePriority
Figure6-1. Exampleof802.1pPriorityBasedonCoS(Class-of-Service)Typesand
UseofVLANTags
HonorPolicy Downstream
Switch
EdgeSwitch
onIP-device(address)
HonorNewPolicy
Downstream Downstream
ClassifyonToSDiffServ
andVLAN-ID(VID).
Switch Switch andOtherCoS
ApplyDSCPmarkersto
TrafficarriveswithDSCP ClassifyonToSDiffserv
selectedtraffic.
ApplynewDSCPmarkers
markerssetbyedge toselectedtraffic.
switch
SetPolicy ClassifyonToSDiffServ.
ChangePolicy
Figure6-2.ExampleApplicationofDifferentiatedServicesCodepoint(DSCP)
Policies
ApplyQoStoinboundtrafficatthenetworkedge. Attheedgeswitch,
QoSclassifiescertaintraffictypesandinsomecasesappliesaDSCPpolicy.
Atthenexthop(downstreamswitch)QoShonorsthepoliciesestablishedat
theedgeswitch.Furtherdownstream,anotherswitchmayreclassifysome
trafficbyapplyingnewpolicies,andyetotherdownstreamswitchescanbe
configuredtohonorthenewpolicies.
PreserveQoSinoutboundtrafficinaVLAN. QoSisimplementedinthe
formofrulesorpoliciesthatareconfiguredontheswitch.Althoughyoucan
useQoStoprioritizetrafficonlywhileitmovesthroughtheswitch,youderive
themaximumbenefitbyusingQoSinan802.1QVLANenvironment(with
802.1pprioritytags)orinanuntaggedVLANenvironment(withDSCPpolicies
inwhichQoSsetsprioritiesthatdownstreamdevicescansupportwithoutre-
classifyingthetraffic).
6-5
UseQoStooptimizeexistingnetworkresources.Byprioritizingtraf-
fic,QoSsupportstrafficgrowthonthenetworkwhileoptimizingtheuseof
existingresourcesanddelayingtheneedforfurtherinvestmentsinequip-
mentandservices.QoSenablesyouto:
Specifywhichtraffichashigherorlowerpriority,regardlessofcurrent
networkbandwidthortherelativeprioritysettingofthetrafficwhenitis
receivedontheswitch.
Change(upgradeordowngrade)thepriorityofoutboundtraffic.
Overrideillegalpacketprioritiessetbyupstreamdevicesorapplications
thatuse802.1QVLANtaggingwith802.1pprioritytags.
Useclassifier-basedQoStoprovideadditionalpolicyactionsandaid
migrationinnetworkswithlegacyandOEMdevices.
StartinginsoftwarereleaseK.14.01,ProCurveQoSconfigurationsupportsa
classifier-basedmodelthatprovidesaddedfunctionalitytocreateandmanage
QoSpoliciesacrossanetworkconsistingofProCurveswitchesaswellasOEM
andlegacydevices.
Theclassifier-basedconfigurationmodelisasingle,simplifiedprocedureand
commandsyntaxforcross-featureusage,whichoffers:
Finergranularitythanglobally-configuredQoSforclassifyingIPv4and
IPv6traffic
Additionalactionsformanagingselectedtraffic,suchasrate-limitingand
IPprecedencemarking
TheapplicationofQoSpoliciestoinboundtrafficflowsonspecificport
andVLANinterfaces(insteadofusingonlyglobally-configured,switch-
wideQoSsettings)
Theuseofconfiguredtrafficclassesbydifferentsoftwarefeatures,such
asQoSorportmirroring
Classifier-basedQoSisdesignedtoworkwithexistingglobally-configured,
switch-wideQoSpoliciesbyallowingyoutozoominonasubsetofportor
VLANtraffictofurthermanageit.Classifier-basedpoliciestakeprecedence
overandmayoverrideglobally-configured,switch-wideQoSsettings.
Classifier-basedQoSpoliciesprovidegreatercontrolformanagingnetwork
traffic.Usingmultiplematchcriteria,youcanfinelyselectanddefinethe
classesoftrafficthatyouwanttomanage.QoS-specificactionsdetermine
howyoucanhandletheselectedtraffic.
6-6
QoSTerminology
QoSTerminology
Term UseinThisDocument
802.1ppriority AtrafficprioritysettingcarriedbyaVLAN-taggedpacketmovingfromonedevicetoanotherthrough
portsthataretaggedmembersoftheVLANtowhichthepacketbelongs.An802.1pprioritycanbefrom
0to7.Theswitchhandlesanoutboundpacketonthebasisofits802.1ppriority,usingthepriorityto
assignthepackettotheappropriateoutboundportqueue.IfapacketleavestheswitchonaVLAN
portthatisanuntaggedmemberoftheVLAN,thepriorityisdroppedandthepacketarrivesatthenext,
downstreamdevicewithoutan802.1ppriorityassignment.
802.1Qfield Afour-bytefieldcontainedintheheaderofEthernetpacketsenteringorleavingtheswitchthrougha
portthatisataggedmemberofaVLAN.Thisfieldincludesan802.1pprioritysetting,aVLANtag,orID
number(VID),andotherdata.Apacketenteringorleavingtheswitchthroughaportthatisanuntagged
memberoftheoutboundVLANdoesnothavethisfieldinitsheaderandthusdoesnotcarryaVIDor
an802.1ppriority.Seealso802.1ppriority.
class Definesasetofdifferenttypesoftraffic(usingmatchandignorecommands)tobemanagedina
specificway(forexample,prioritizingallHighAvailabilitytraffic).
classifier Methodofmatchingorignoringcertaintrafficattributesthatallowsyoutoclassifypacketsusingmore
thanonetrafficattributeatatime.Thismethodcanbeusedbymultiplefeatures,suchasQoSand
mirroring.
classifiermodel Appliedtovarioussoftwarefeatures,thisconfigurationmodelrequiresyoutofirstclassifythetraffic
thatyouwanttomanage,andthenconfigureapolicycontainingtheactionstobeexecutedontheclass.
codepoint SeeDSCP,below.
CoS ClassofService.Prioritylevel(0-7)usedtotransmitapacketonanoutboundqueue.Foranindividual
packet,classofserviceisdeterminedbytheLayer2802.1ppriorityvalueinapacketheader.The802.1p
priorityisassociatedwithaLayer3IPprecedencebit-valueorDSCPcodepoint(seeTable6-11).
Differentiated SeeType-of-Service(ToS),below.
Services(Diff-
Serv)mode
downstream Adevicelinkeddirectlyorindirectlytoanoutboundswitchport.Theswitchsendstraffictodownstream
device devices.
DSCP DifferentiatedServicesCodepoint.(Alsoknownascodepoint.)ADSCPconsistsoftheuppersixbits
ofthe:
TypeofService(ToS)byteinanIPv4packet
TrafficClassbyteinanIPv6packet
Thereare64possibleDSCPcodepoints.InthedefaultQoSconfigurationfortheswitchescovered
inthisguide,somecodepoints(suchasAssuredForwardingandExpeditedForwarding)are
configuredbydefaultwithan802.1ppriority.Allothercodepointshaveno802.1ppriorityassigned
andarelistedasNo-override(seeTable6-11).
6-7
QoSTerminology
DSCPpolicy ADSCPcodepointthatisconfiguredwithan802.1ppriority(0to7).Default:No-override.
UsingaDSCPpolicy,youcanconfiguretheswitchtoprioritizeIPpacketsthatmatchaspecified
classifierbyassigninganewDSCPand802.1ppriority(0-7).FormoreinformationonDSCP,referto
IPv4ToS/IPv6TrafficClassByteonpage6-42.ForanexampleoftheDSCPbitsetinaToSorTraffic
Classfield,seeFigure6-13.
edgeswitch InQoS,anedgeswitchisaswitchthatreceivestrafficfromtheedgeoftheLANorfromoutsidethe
LAN,andforwardsittodeviceswithintheLAN.Typically,anedgeswitchisusedwithQoStoidentify
packetsbasedonclassifierssuchasTCP/UDPapplicationtype,IP-device(address),Layer3protocol
(LAN),VLAN-ID(VID),andsourceport(althoughitcanalsobeusedtoclassifypacketsonthebasisof
IPprecedenceandDSCPbits).Usingthispacketrecognition,theedgeswitchcanbeusedtoset802.1p
prioritiesorDSCPpoliciesthatdownstreamdeviceswillhonor.
inboundport Anyportontheswitchthroughwhichtrafficenterstheswitch.
IPoptions OptionalfieldssupportedinanIPv4packetheader.
IPprecedence Theupperthreebitsinthe:
bits
TypeofService(ToS)byteofanIPv4packet
TrafficClassbyteofanIPv6packet
IPprecedence SeeType-of-Service(ToS),below.
mode
IPv4 Version4oftheIPprotocol.
IPv6 Version6oftheIPprotocol.
outbound ApacketleavingtheswitchthroughanyLANport.
packet
outboundport Anyportontheswitchthroughwhichtrafficleavestheswitch.
outboundport Onanyport,abufferthatholdsoutboundtrafficuntilitistransmittedfromtheswitchthroughtheport.
queue Bydefault,thereareeightoutboundqueuesforeachportontheswitch.Queue8isthehighestpriority
queue;queue1isthelowestpriorityqueue.Trafficinaportshighpriorityqueueleavestheswitch
beforeanytrafficintheportsmediumorlowpriorityqueues.
QoSpolicy Definesapolicyconfiguredinoneofthefollowingways:
Classifier-based:Rate-limitingand/orprioritizing(by802.1ppriority,IPprecedence,orDSCPbit
setting)packetsinaspecifiedtrafficclass(definedbytheclasscommand).
Globally-configured:802.1ppriorityand/orDSCPcodepoint(withglobalQoScommands)
re-marking AssignsanewQoSpolicytoanoutboundpacketbychangingthe:
Class-of-Service(CoS)802.1pbitsettinginLayer2VLANheaders
DSCPbitsettingintheLayer3IPv4ToSbyte(orIPv6TrafficClassbyte).
taggedport IdentifiesaportasbelongingtoaspecificVLANandenablesVLAN-taggedpacketstocarryan802.1p
membership prioritywhensentfromtheportinoutboundtraffic.WhenaportisanuntaggedmemberofaVLAN,
outboundpacketsbelongingtotheVLANdonotcarryan802.1pprioritysetting.
6-8
QoSOperation
Type-of-Service
(ToS)
TrafficClass
byte
upstream
device
OneofthebytesinanIPv4packetheader.IPv4packetsmaybeclassifiedaccordingtotwotype-of-
servicemodes:
IP-precedencemode,usingtheupperthreebitsoftheToSbyte
DifferentiatedServices(Diff-Serv)mode,usingtheuppersixbitsoftheToSbyte.
FormoreinformationabouttheIPv4ToSfield,seeTable6-11andtheIP-precedencebitsandDSCP
definitionsinthistable.
InIPv6packets,thebytethatcorrespondstotheIPv4Type-of-Servicefield,consistingofasix-bit(high-
order)DifferentiatedServices(Diff-Serv)fieldandatwo-bit(low-order)reservedfield.Thethree-bit
(high-order)precedencefieldintheTrafficClassbytecorrespondstotheIPprecedencebitsetinIPv4
packets.SeealsoIP-precedencebitsandDSCPelsewhereinthistable.
Note:AsinIPv4,IPv6packetsmaybeclassifiedaccordingtotwotype-of-servicemodes:
IP-precedencemode,usingtheupperthreebitsoftheTrafficClassbyte
DifferentiatedServices(Diff-Serv)mode,usingtheuppersixbitsoftheTrafficClassbyte
FormoreinformationabouttheIPv6TrafficClassfield,seeTable6-11onpage6-90andtheIP-
precedencebitsandDSCPdefinitionsinthistable.
Adevicelinkeddirectlyorindirectlytoaninboundswitchport.Theswitchreceivestrafficfrom
upstreamdevices.
QoSOperation
Ontheswitchescoveredinthisguide,QoSoperationmaybeconfigured
throughacombinationofthefollowingmethods:
Globally-configured,switch-wideQoSsettings
Classifier-basedper-portandper-VLANQoSpolicies.
Classifier-basedQoSpoliciesaredesignedtoworkwithexistingglobally-
configured,switch-wideQoSsettingsbyallowingyoutozoominonasubset
ofportorVLANtraffictofurthermanageit.Youcanusemultiplematch
criteriatomorefinelyselectanddefinetheclassesoftrafficthatyouwantto
manage.QoSpolicyactionsdeterminehowyoucanhandletheselectedtraffic.
Not e WhileprovidinggreatercontrolforimplementingQoSpolicies,classifier-
basedQoSpoliciesmayoverrideglobally-configuredQoSsettings.Formore
information,seeOverrideofGlobalQoSSettingsonpage6-81.
6-9
QoSOperation
BesuretocarefullyplanyourQoSstrategiesinadvance,identifyingthe
networktrafficthatyoucangloballyconfigureandthetrafficonwhichyou
wanttoexecutecustomized,classifier-basedQoSactions.
Globally-ConfiguredQoS
Globally-ConfiguredQoSFeature Default Page
Reference
UDP/TCPPriority Disabled page6-24
IP-DevicePriority Disabled page6-33
IPType-of-ServicePriority Disabled page6-41
LANProtocolPriority Disabled page6-54
VLAN-IDPriority Disabled page6-56
Source-PortPriority Disabled page6-62
DSCPPolicyTable Various page6-89
QueueConfiguration 8Queues page6-97
Globally-configuredQoSoperationsupportsthefollowingtypesofpacket
classificationandtrafficmarkingonoutboundportandVLANtraffic.For
informationonhowtoconfigureanduseglobalQoSsettings,seeGlobally-
ConfiguredQoSonpage6-19.
Globallyconfiguredpacketclassificationcriteriainclude:
IPv4device:sourceanddestinationaddress
Layer2802.1ppriority(VLANheader)
Layer3protocol(suchasARP,IP,IPX,RIP)
Layer3IPv4TypeofService(ToS)byte:IPprecedenceorDSCPbits
Layer3IPv6TrafficClassbyte:IPprecedenceorDSCPbits
Layer4UDP/TCPapplicationport
Sourceportontheswitch
VLANID
Trafficmarkingoptionsareasfollows:
SettingtheLayer2802.1ppriorityvalueinVLAN-taggedanduntagged
packetheaders
SettingtheLayer3DifferentiatedServicesCodepoint(DSCP)bitsin
theToSbyteofIPv4packetheadersandTrafficClassbyteofIPv6
headers.
6-10
QoSOperation
Classifier-BasedQoS
Classifier-BasedQoSFeature Default Page
Reference
Classifier-BasedQoSConfiguration
Procedure
page6-71
ConfiguringQoSActionsinaPolicy page6-76
OverrideofGlobalQoSSettings page6-81
ViewingaClassifier-BasedQoS page6-82
Configuration
Classifier-BasedQoSRestrictions page6-86
Classifier-BasedQoSConfiguration page6-87
Examples
DSCPPolicyTable Various page6-89
QueueConfiguration 8Queues page6-97
StartinginreleaseK.14.01,classifier-basedQoSoperationprovidesadditional
QoSactionsonaper-portandper-VLANbasis.
Classifier-basedmatchcriteriaoninboundIPv4/IPv6trafficinclude:
IPsourceaddress(IPv4andIPv6)
IPdestinationaddress(IPv4andIPv6)
IPprotocol(suchasICMPorSNMP)
Layer3IPprecedencebits
Layer3DSCPcodepoint
Layer4UDP/TCPapplicationport
VLANID
Classifier-basedQoSpolicyactionsonmatchingIPv4/IPv6packetsareas
follows:
SettingLayer2802.1ppriorityvalue(classofservice)inVLAN-tagged
anduntaggedpacketheaders
SettingtheLayer3IPprecedencebits
SettingtheLayer3Differentiated-ServicesCodepoint(DSCP)bits
Rate-limitinginboundtrafficonportandVLANinterfaces
Forinformationonoperationwithglobally-configuredQoSsettings,see
AdvancedClassifier-BasedQoSonpage6-70.
6-11
QoSPacketClassification
TomanagenetworktrafficusingQoSfeatures,youmustfirstclassify(select)
thepacketsyouwanttomanage.Youcanuseanycombinationofthefollowing
packetclassificationmethodstoselectpacketsforQoSmanagement:
Globallyconfigured,switch-wideclassificationcriteria
Classifier-basedmatchcriteriaappliedtoinboundtrafficonspecificport
andVLANinterfaces
I Pv 6 Su p p o r t StartinginsoftwarereleaseK.14.01,globalandclassifier-basedQoSpolicies
supportIPv6packetclassificationinadditiontoIPv4.
Globally-ConfiguredPacketClassification
Not e On Us i ng ProCurverecommendsthatyouconfigureaminimumnumberofglobalQoS
Mul t i pl e classifierstoprioritizeaspecificpackettype.Increasingthenumberof
Gl o b a l Cr i t e r i a enabledglobalQoSclassifiersincreasesthecomplexityofpossibleoutcomes
andconsumesswitchresources.
Theswitchescoveredinthisguideprovidesixtypesofglobally-configured
QoSclassifiers(matchcriteria)toselectpacketsforQoStrafficmarking.
Whenmultiple,globalQoSclassifiersareconfigured,aswitchusesthehigh-
est-to-lowestsearchordershowninTable6-1toidentifythehighest-prece-
denceclassifiertoapplytoanygivenpacket.Whenamatchbetweenapacket
andaclassifierisfound,theswitchappliestheQoSpolicyconfiguredforthe
classifierandthepacketishandledaccordingly.
Table6-1. Globally-ConfiguredPacketClassification:SearchOrderand
Precedence
Search
Order
Precedence GlobalQoSClassifier
1 1(highest) UDP/TCPapplicationtype(port)
2 2 Devicepriority(destinationorsourceIPaddress)
3 3 IPtypeofservice:precedenceandDSCPbitsets(IPpacketsonly)
4 4 IPprotocol(IP,IPX,ARP,AppleTalk,SNA,andNetBeui)
5 5 VLANID
6-12
Search
Order
Precedence GlobalQoSClassifier
6 6 Incomingsource-portontheswitch
Default 7(lowest) Theincoming802.1ppriority(presentintaggedVLAN
environments)ispreservedifnoglobalQoSclassifierwitha
higherprecedencematches.
Notethatontheswitchescoveredinthisguide,iftheswitchisconfigured
withmultipleglobalclassifiersthatmatchthesamepacket,theswitchonly
appliestheQoSmarkingconfiguredfortheQoSclassifierwiththehighest
precedence.Inthiscase,theQoSconfigurationforanother,lower-precedence
classifierthatmatchesisignored.
Forexample,ifQoSassignsahighprioritytopacketsbelongingtoVLAN100
andnormalprioritytoallIPprotocolpackets,becausetheIPprotocolpriority
(4)hasprecedenceovertheVLANpriority(5),IPprotocolpacketsonVLAN
100aresettonormalpriority.
Classifier-BasedMatchCriteria
Inclassifier-basedpacketclassification,matchcriteriaprovideawayto
selectthepacketsonwhichyouwanttoexecuteQoSactions,suchasrate-
limitingor802.1pprioritization.
MatchcriteriaareconfiguredbycreatingaclassofIPv4orIPv6traffic,which
containsoneormorematchorignorestatements.Atrafficclassmaybeused
byanyclassifier-basedsoftwarefeature,suchasQoSorportmirroring.
Byusingclassifier-basedQoS,youcanconfiguremultiplematchcriteriathat
searchmultiplefieldsinpacketheaderstoselecttheexacttrafficyouwantto
rate-limitorprioritizeforaportorVLANinterface.Aclassifier-basedQoS
policyisespeciallyusefulwhenyouwanttomanagedifferenttypesoftraffic
inthesameway(forexample,toprioritizebothIPsubnetandvoicetraffic).
Forinformationonhowtousematchcriteriatoconfigureatrafficclass,refer
toClassifier-BasedSoftwareConfigurationonpage9-1.
6-13
QoSTrafficMarking
QoSTrafficMarking
AsdescribedinQoSOperationonpage6-9,whenyouapplyorreconfigure
QoSactionsforselectedpackets,QoSsupportsdifferenttypesoftraffic
markinginglobally-configuredQoSsettingsandclassifier-basedper-portor
per-VLANQoSpolicies.
Globally-ConfiguredTrafficMarking
Ifapacketmatchesoneoftheglobally-configuredpacketclassifiers,QoS
appliesoneofthefollowingtypesoftrafficmarkingtotheoutboundpacket:
Layer2802.1pprioritization:Controlstheoutboundport-queueprior-
ityfortrafficleavingtheswitch,and(iftrafficexitsthroughaVLAN-tagged
port)sendstheprioritysettingwiththeindividualpacketstodownstream
devices.
Layer3DSCPmarking:Enablestheswitchtoset,change,andhonor
prioritizationpoliciesbyusingtheDifferentiatedServices(diff-serv)bits
intheIPv4ToSbyteandIPv6TrafficClassbyteofpacketheaders.
Layer2802.1pPrioritization
Bysettinganew802.1ppriorityvalue,QoSallowsyoutocontrolthepriority
ofoutboundpacketsmovingthroughtheswitch.TheLayer2802.1ppriority
settinginapacketheaderdeterminestheoutboundportqueuetowhichthe
packetissent.
Bydefault,theswitchescoveredinthisguidehaveeightoutboundtraffic
queues(0through7).Alower-numberedqueuehasaloweroutboundpriority;
ahigher-numberedqueuehasahigheroutboundpriority.Packetsaretrans-
mittedfromtheswitchportonthebasisoftheirqueueassignmentand
whetheranyhigherqueuesareempty.(Toincreasebandwidth,youcan
reconfiguretheswitchtousefourortwooutboundqueues;seeQoSQueue
Configurationonpage6-97formoreinformation.)
Configuringanew802.1ppriorityvalueallowsyoutosettheoutboundpriority
queuetowhichapacketissent.Forexample,youcanconfigurean802.1p
priorityof0through7foranoutboundpacket.Whenthepacketissenttoa
port,theQoSprioritydeterminestheoutboundqueuetowhichthepacketis
assignedasshowninTable6-2.
6-14
QoSTrafficMarking
Table6-2. 802.1pPrioritySettingsandOutboundQueueAssignment
802.1pPrioritySetting OutboundPortQueue
1and2 Lowpriority(1,2)
0or3 Normalpriority(3,4)
4and5 Mediumpriority(5,6)
6and7 Highpriority(7,8)
Ifapacketistransmittedinanuntagged-VLANenvironment,the802.1p
prioritysettingsinTable6-2controlonlytheoutboundqueuetowhichthe
packetissentonthelocalswitch.BecausenoVLANtagisused,an802.1p
priorityvalueisnotaddedtothe802.1Qfieldinthepacketheaderforuseby
downstreamdevices.
However,ifyournetworkusesonlyoneVLANanddoesnotrequireVLAN-
taggedports,youcanpreserve802.1pprioritysettingsinoutboundtrafficby
configuringtheportsonlinksbetweendevicesonwhichyouwant802.1p
prioritiestobehonoredastaggedVLANmembers.
Ifapacketistransmittedinan802.1QVLAN-taggedenvironment,theQoS-
configured802.1psettingisalsoaddedtotheVLANpacketheaderasan802.1p
priorityforusebydownstreamdevicesandapplications(asshowninTable
6-3).
Inan802.1QVLANenvironmentwithVLAN-taggedports,ifQoSisnotconfig-
uredontheswitchbutisconfiguredonanupstreamdevice,thepriorities
carriedinthepacketsdeterminetheoutboundportqueueonwhichpackets
areforwarded.
Table6-3. Mapping802.1pPrioritiestoOutboundPortQueuesontheSwitchandDownstreamDevices
Configured
802.1pPriority
OutboundPort
Queueinthe
802.1pPriorityAddedto
TaggedVLANPackets
QueueAssignmentinDownstreamDevices
With:
Switch ExitingtheSwitch
8Queues 4Queues 2Queues
1
2
Queue1
Queue2
1(lowpriority)
2
Queue1
Queue2
Queue1
Queue1
0
3
Queue3
Queue4
0(normalpriority)
3
Queue3
Queue4
Queue2
4
5
Queue5
Queue6
4(mediumpriority)
5
Queue5
Queue6
Queue3
Queue2
6
7
Queue7
Queue8
6(highpriority)
7
Queue7
Queue8
Queue4
6-15
QoSTrafficMarking
Not e YoucanreconfiguretheQoSqueuesettingtochangethenumberofoutbound
portqueuesintheswitchfromeight(default)tofourortwoqueues.Formore
information,seeQoSQueueConfigurationonpage6-97.
Layer3DSCPMarking
BychangingorhonoringthesettingsoftheDSCPcodepointinIPpacket
headers,QoSallowsyoutocontroltheDSCPandassociated802.1ppriority
valuesinoutboundIPpacketsthataresenttodownstreamdevices.
YoucanlaterconfiguredownstreamdevicestoreadandusetheDSCPpolicy
thatQoSsets.WhenmarkingtheDSCPbitsinIPpackets,aQoSpolicyisnot
dependentonVLAN-taggedportstocarry802.1ppacketprioritiestodown-
streamdevices(asshowninTable6-4).
WhenyouconfigureaLayer3DSCPpolicy,youspecify:
BitvaluesfortheDSCPcodepoint(theuppersixbitsintheToS/Traffic
ClassbyteinIPpacketheaders),enteredineitherbinaryformat,the
decimalequivalent,oranASCIIstandard(hexadecimal)name
An802.1ppriorityvaluethatisassociatedwiththenewDSCPbitvalues
CertainDSCPcodepoints(suchasAssuredForwardingandExpedited
Forwarding)havedefault802.1pprioritiesasshowninTable6-11.
ADSCPpolicyassignsaDSCPcodepointand802.1ppriorityvaluetoIPv4and
IPv6packets.AsshowninFigure6-2,youcanclassifytrafficonanedgeswitch
anduseLayer3DSCP-marking(insteadofonly802.1ppriority)toassignand
preserveQoSpoliciesondownstreamdevices.Inthiscase,ifyoureconfigure
the802.1ppriorityassociatedwiththeDSCPcodepoint,thenew802.1p
assignmenttakeseffectstartingontheswitchonwhichitisconfiguredand
isusedinpacketssenttodownstreamdevices.
Ifyouconfigureadifferent802.1ppriorityforaDSCPcodepoint,thenew
DSCPpolicyoverridesthe802.1ppriorityvalueinpacketswhichenterthe
switchwiththespecifiedcodepoint.TheLayer2802.1pprioritysetting(0
through7)determinestheoutboundportqueuetowhichapacketissent(as
showninTable6-2).
6-16
QoSTrafficMarking
VLANandUntaggedVLANEnvironments
QoSoperatesinVLAN-taggedanduntaggedenvironments.Ifyournetwork
doesnotusemultipleVLANs,youcanstillimplementthe802.1QVLAN
capabilitytoallowpacketstocarryan802.1pprioritytothenextdownstream
device.Todoso,configuretheportsonlinkstoothernetworkdevicesas
VLAN-taggedmembers.
InataggedoruntaggedVLAN,youcanalsoensurethatIPv4/IPv6packets
carryan802.1pprioritytodownstreamdevicesbyconfiguringDSCPmarking
intheToS/TrafficClassbyte.
Table6-4summarizestheQoSoptionsfortraffic-markinginVLAN-taggedand
untaggedenvironments.
Table6-4. QoSTrafficMarkingSupportedinTaggedandUntaggedVLANs
QoSMarkingSupportedonOutboundPackets
PortMembershipinVLANs
Tagged Untagged
Assignan802.1pprioritythatdeterminestheoutbound
portqueuetowhichapacketissent
Supported Supported
Carrythe802.1pprioritytothenextdownstreamdevice Supported NotSupported
CarryaDSCPpolicy(DSCPcodepoint
1
andassociated
802.1ppriority
2
)todownstreamdevices
Supported Supported
1
DSCPmarking(DSCPcodepointandassociated802.1ppriority)arenotsupportedonnon-
IPpacketsandpacketsselectedusingthefollowingglobalQOSclassifiers:Layer3Protocol
andIP-Precedence.Also,inorderforDSCPpolicymarkingtobehonoredonadownstream
device,thedevicemustbeconfiguredtousetheDSCPpolicyinIPpacketheaders.
2
The802.1ppriorityassociatedwithaDSCPcodepoint(seeTable6-11)isusedtodetermine
thepacketsoutboundportqueue.WhenusedinaVLAN-taggedenvironment,an802.1p
priorityisalsocarriedinthe802.1Qfieldofoutboundpacketheaders.
6-17
QoSTrafficMarking
Classifier-BasedTrafficMarking
Classifier-basedper-portorper-VLANQoSpoliciessupportthefollowing
traffic-markingactions.Notethatinadditiontoglobally-configuredQoS
trafficmarking(802.1pandDSCPprioritization),classifier-basedQoSpolicies
alsosupportIPprecedenceandrate-limiting.
Layer2802.1pprioritization:Controlstheoutboundportqueueprior-
ityfortrafficleavingtheswitch,and(iftrafficexitsthroughaVLAN-tagged
port)sendstheprioritysettinginpacketheaderstodownstreamdevices.
Layer3IPprecedence-bitmarking:Enablestheswitchtoset,change,
andhonorprioritizationpoliciesbyusingtheIPprecedencebitsinthe
ToSbyteofIPv4packetheadersandTrafficClassbyteofIPv6headers.
Layer3DSCPmarking:Enablestheswitchtoset,change,andhonor
prioritizationpoliciesbyusingtheDifferentiatedServices(diffserv)bits
intheToSbyteofIPv4headersandTrafficClassbyteofIPv6headers.
Rate-limiting:EnablesaportorVLANinterfacetoallowonlythespec-
ifiedamountofbandwidthtobeusedforinboundtraffic.Whentraffic
exceedstheconfiguredlimit,itisdropped.
Forinformationonhowtoconfigureanduseclassifier-basedQoSpolicies,
seeAdvancedClassifier-BasedQoSonpage6-70.
Ov er r i de of Afteryouapplyaclassifier-basedQoSpolicyonaportorVLANinterface:
Gl o b a l Qo S
The802.1p(CoS)priorityandDSCPcodepointmarkingappliedtoclassi-
Set t i ngs
fiedpacketsoverrideany802.1pandDSCPcodepointvaluesthatare
globally-configuredusingtheQoScommands,describedinGlobally-
ConfiguredQoSonpage6-19.
Therate-limitappliedtoclassifiedpacketsoverridesanygloballyconfig-
uredrate-limitglobally-configuredwiththecommandsdescribedinthe
PortTrafficControlschapterintheManagementandConfiguration
Guide.
Formoreinformationonhowclassifier-basedtrafficmarkingoverridesglob-
ally-configuredtrafficmarking,seeOverrideofGlobalQoSSettingsonpage
6-81.
6-18
QoSFeature Default Reference
UDP/TCPPriority Disabled page6-24
IP-DevicePriority Disabled page6-33
IPType-of-ServicePriority Disabled page6-41
Layer-3ProtocolPriority Disabled page6-54
VLAN-IDPriority Disabled page6-56
Source-PortPriority Disabled page6-62
Not e FormoreinformationonhowtouseglobalQoSclassifiers,seeGlobalQoS
Restrictionsonpage6-22.
GlobalQoSConfigurationProcedure
TogloballyconfigureaQoSpolicyontheswitch,followthesesteps:
1. DeterminetheglobalQoSpolicyyouwanttoimplementontheswitchby
analyzingthetypesoftrafficflowingthroughyournetworkandidentify-
ingoneormoretraffictypestoprioritize.Theorderofprecedence,from
a(highest)toh(lowest),inwhichglobalQoSclassifiersareappliedisas
follows:
a. TCP/UDPapplications
b. DevicepriorityIPsourceordestinationaddress(Notethatdestina-
tionhasprecedenceoversource.SeeTable6-5.)
c. IPprecedencebitset(leftmostthreebitsintheToS/TrafficClassfield
ofIPpackets)
d. IPdifferentiatedservicesbitset(leftmostsixbitsintheToS/Traffic
ClassfieldofIPpackets)
e. Layer-3protocol
f. VLANID(requiresatleastonetaggedVLANonthenetwork)
g. Sourceport
h. Incoming802.1ppriority(requiresatleastonetaggedVLANonthe
network)
6-19
Default:InataggedVLANenvironment,theincoming802.1ppriorityis
usedasthedefaultQoSclassifierifnoglobalQoSclassifierwithahigher
precedencematches(seeTable).
2. SelecttheglobalQoSclassifierthatyouwanttouse.Table6-5showsthe
typesofQoSmarking(802.1ppriorityand/orDSCPcodepoint)supported
byeachglobalQoSclassifier.
Table6-5. QoSMarkingSupportedbyGlobalQoSClassifiers
GlobalQoS
Classifiers
TypeofQoSMarkingUsedto
PrioritizeOutboundTraffic
802.1pPriority
1
Only DSCPPolicy
2
:DSCPcodepointwith
802.1pPriority
UDP/TCP Supported Supported
IPDevice Supported Supported
IPPrecedence Supported
3
NotSupported
IPDiffServ Supported Supported
L3Protocol Supported NotSupported
VLANID Supported Supported
SourcePort Supported Supported
1
Whenyouconfigureonlythe802.1pprioritytomarkpacketsthatmatchaglobalQoS
classifier,theselectedtrafficisprioritizedandsenttothecorrespondingoutboundport
queueontheswitch(seeTable6-2).VLAN-taggedportsarenecessarytocarrythe802.1p
priorityinapacketheadertodownstreamdevices.
2
WhenyouconfigureaDSCPpolicytomarkpacketsthatmatchaglobalQoSclassifier,the
selectedtrafficisalsoprioritizedaccordingtotheassociated802.1ppriorityandsenttothe
correspondingoutboundportqueueontheswitch.VLAN-taggedportscarrythe802.1p
priorityinapacketheadertodownstreamdevices.Inaddition,youcanconfigure
downstreamdevicestoreadtheDSCPvalueinIPpacketsandimplementtheservicepolicy
impliedbythecodepoint.
3
WhenusingaglobalQoSIPPrecedenceclassifier,the802.1ppriorityisautomatically
assignedtomatchingpacketsbasedontheIPprecedencebitsetinthepacketheader.
3. Ifyouwant802.1pprioritysettingstobeincludedinoutboundpackets,
ensurethattaggedVLANsareconfiguredontheappropriatedownstream
links.
4. DeterminetheglobalQoSpolicyrequiredforeachQoS-capabledevicein
yournetworkandconfigurethenecessarysettings.
IfyouwantdownstreamdevicestorecognizeanduseDSCPcodepoints
inIPpacketssentfromtheswitch,enableToSDifferentiatedService
modeonthedevicesandconfiguretheappropriateDSCPpolicies.Note
thatcertainDSCPpolicieshaveadefault802.1ppriorityautomatically
assigned(seeTable6-13).
6-20
ViewingaGlobalQoSConfiguration
Todisplaytheexistingswitch-wideconfigurationsforaglobalQoSclassifier,
useoneofthefollowingshowqoscommands.
Syntax: showqos<global-classifier>
tcp-udp-port-priority
DisplaysthecurrentTCP/UDPportpriorityconfigura-
tion.Refertofigure6-7onpage6-31.
device-priority
Displaysthecurrentdevice(IPaddress)prioritycon-
figuration.Refertofigure6-9onpage6-35.
type-of-service
Displaysthecurrenttype-of-servicepriorityconfigu-
ration.Thedisplayoutputdiffersaccordingtothe
optionused:
IPPrecedence:Refertofigure6-14onpage6-44.
Diffserve:Refertofigure6-16onpage6-48.
protocol-priority
Displaysthecurrentprotocolpriorityconfiguration.
vlan-priority
DisplaysthecurrentVLANpriorityconfiguration.
Refertofigure6-23onpage6-57.
port-priority
Displaysthecurrentsource-portpriorityconfigura-
tion.Refertofigure6-28onpage6-63.
6-21
No Ov e r r i d e Bydefault,theshowqosoutputforfollowingglobalQoSclassifiersmay
displayNo-overrideforQoSmarking:IPPrecedence,IPDiffserv,Layer-3
Protocol,VLANID,andSource-port(seeFigure6-3).No-overridemeansthat
theglobalQoSpolicyusedtomarkmatchingpacketsdoesnotassignan802.1p
value.
IPpacketsreceivedthroughaVLAN-taggedportaremanagedusingthe
802.1pprioritytheycarryinthe802.1Qfieldintheirheaders.
VLAN-taggedpacketsreceivedthroughanuntaggedportarehandledby
theswitchwithnormalpriority.
Forexample,Figure6-3belowshowstheglobalQoSconfigurationsonthe
switchthatareconfiguredwiththeVLANIDclassifier.Notethatnon-default
802.1pprioritieshavebeenconfiguredforVLANIDs22and33;packets
receivedonVLAN1aremanagedwiththedefaultsettings,asdescribedinthe
twobulleteditemsabove.
Intheshowoutput,VLAN1
usesthedefaultpriority
values;VLANs22and33are
configuredtomarkpackets
withnew802.1pandDSCP
values.
Figure6-3.ExampleoftheShowQoSCommandOutput
GlobalQoSRestrictions
Table6-3showsthepackettypessupportedbydifferentglobalQoSclassifiers
andDSCPmarking.
Table6-6. RestrictionsforGlobalQoSSupport
TypeofPackets
Supported
GlobalQoSClassifiers DSCP
Overwrite
(Re-Marking)
TCP/UDP IPDevice IPType-of-
Service
Layer3
Protocol
VLANID Source
Port
Incoming
802.1p
IPpackets(IPv4
andIPv6
1
)only
Yes Yes Yes No No No No Yes
Layer-2SAP
encapsulation
Yes Yes Yes Yes Yes Yes Yes Yes
1
Globally-configuredQoSsupportsIPv6packetsstartinginreleaseK.14.01.
6-22
AllSwitches:ForexplicitQoSsupportofIPsubnets,ProCurverecom-
mendsforcingIPsubnetsontoseparateVLANsandthenconfiguring
VLAN-basedclassifiersforthoseVLANs.
ForDevicesthatDoNotSupport802.1QVLAN-TaggedPorts:
Forcommunicationbetweenthesedevicesandtheswitch,connect
thedevicetoaswitchportconfiguredasUntaggedfortheVLANin
whichyouwantthedevicestraffictomove.
PortTaggingRules:Foraportontheswitchtobeamemberofa
VLAN,theportmustbeconfiguredaseitherTaggedorUntaggedfor
thatVLAN.AportcanbeanuntaggedmemberofonlyoneVLANof
agivenprotocoltype.Otherwise,theswitchcannotdeterminewhich
VLANshouldreceiveuntaggedtraffic.FormoreonVLANs,referto
chapter2,StaticVirtualLANs(VLANs).
MaximumGlobalQoSRemarkingEntries:Theswitchescoveredin
thisguideacceptthemaximumnumberofconfiguredoutbound802.1p
priorityandDSCPentriesshowninTable6-7.
Table6-7. MaximumNumberofQoSEntries.
Switch Software
Version
MaximumQoS
Remarking
Notes
Switch8212zl
Series5400zl
EachIPDevice(IPaddress)QoS
configurationusestwoentries.
EachTCP/UDPPortQoSconfiguration
usestwoentries.
AllotherglobalQoSclassifier
configurationsuseoneentryeach.
Series5300yl
250*configured
entries
*ConfiguringIPDevice(IPaddress)andTCP/UDPglobalQoSclassifiersreducesthis
maximum.Formoreinformation,seetheNotescolumn.
IftheglobalQoSconfigurationsonaswitchexceedthemaximumnumber
ofentriesshowninTable6-7,thefollowingerrormessageisdisplayed:
Unabl e t o add t hi s QoS r ul e. Maxi mumnumber ( entry-#)
al r eady r eached.
NotSupported:Useofaninbound802.1ppacketpriorityasaclassifier
forremappingapacketsoutboundprioritytodifferent802.1ppriority.
Forexample,whereinboundpacketscarryan802.1ppriorityof1,QoS
cannotbeconfiguredusethispriorityasaclassifierforchangingthe
outboundpriorityto0.
6-23
FragmentedPackets&TCP/UDP:QoSisnotperformedonfragmented
packetsunderTCP/UDP
MonitoringSharedResources:TheQoSfeaturesharesinternalswitch
resourceswithseveralotherfeatures.Theswitchprovidesample
resourcesforallfeatures.However,iftheinternalresourcesbecomefully
subscribed,additionalQoSprovisionscannotbeconfigureduntilthe
necessaryresourcesarereleasedfromotheruses.Forinformationon
determiningthecurrentresourceavailabilityandusage,refertothe
appendixtitledMonitoringResourcesintheManagementandConfig-
urationGuideforyourswitch.
GlobalTCP/UDPClassifier
GlobalQoSClassifierPrecedence:1
WhenyouuseTCPorUDPandaLayer4Applicationportnumberasaglobal
QoSclassifier,trafficcarryingthespecifiedTCP/UDPportnumber(s)is
markedwithaspecifiedprioritylevel,withoutregardforanyotherQoS
classifiersintheswitch.Youcanconfigureupto50TCP/UDPapplicationport
numbersasQoSclassifiers.
Not e StartinginsoftwarereleaseK.14.01,globalTCP/UDPclassifiersaresupported
onIPv4,IPv6,orbothIPv4andIPv6packets.Inpreviousreleases,onlyIPv4
packetsweresupported.
OptionsforAssigningPriority.Thepacket-markingoptionsforglobal
TCP/UDPport-numberclassifiersinclude:
802.1ppriority
DSCPpolicy(AssigninganewDSCPandanassociated802.1ppriority;
inboundpacketscanbeIPv4orIPv6.)
ForagivenTCPorUDPportnumber,youcanuseonlyoneoftheabove
optionsatatime.However,fordifferentportnumbers,youcanusedifferent
options.
TCP/UDPPortNumberRanges. Therearethreeranges:
Well-KnownPorts:0-1023
RegisteredPorts:1024-49151
Dynamicand/orPrivatePorts:49152-65535
6-24
Formoreinformation,includingalistingofUDP/TCPportnumbers,gotothe
InternetAssignedNumbersAuthority(IANA)websiteat:
www.iana.org
Thenclickon:
ProtocolNumberAssignmentServices
P(UnderDirectoryofGeneralAssignedNumbersheading)
PortNumbers
Assigningan802.1pPriorityforaGlobalTCP/UDPClassifier
TomarkmatchingTCPorUDPpacketswithan802.1ppriority,enterthe
followingcommand:
Syntax: qos<udp-port|tcp-port>[ipv4|ipv6|ip-all]<port-number|rangestart
end>priority<0-7>
Marksan802.1ppriorityinoutboundpacketswiththe
specifiedTCPorUDPapplication-portnumber,where:
ipv4marksonlyIPv4packets(default).
ipv6marksonlyIPv6packets.
ip-allmarksallIPtraffic(bothIPv4andIPv6packets).
port-numberisaTCP/UDPportnumberfrom1to65535.
rangestartendspecifiesarangeofTCP/UDPports;see
OperatingNotesonUsingTCP/UDPPortRangesonpage
6-26.Ifyouspecifyarange,theminimumportnumber
mustprecedethemaximumportnumberintherange.
priority<0-7>marksthespecified802.1ppriorityin
matchingTCPorUDPpackets.
The802.1pprioritydeterminesthepacketsqueueinthe
outboundportontheswitch.Ifthepacketleavestheswitch
onataggedVLANport,itcarriesthe802.1pprioritywithit
tothenextdownstreamdevice.
Default:DisabledNo802.1ppriorityisassigned.
ThenoformofthecommanddeletesthespecifiedUDPorTCP
portnumberorrangeofportnumbersasaQoSclassifier.
Note:Ifyouhavespecifiedarangeofportnumbers,you
mustspecifytheentirerangeinthenocommand;youcannot
removepartofarange.
showqostcp-udp-port-priority
DisplaysalistingofallTCPandUDPQoSclassifierscur-
rentlyintherunning-configfile.
6-25

OperatingNotesonUsingTCP/UDPPortRanges
Youcanonlyhave6concurrentpolicieswhenusinguniqueranges.The
numberofpoliciesallowedislowerifACLsarealsousingportranges.
Youcannothaverangesthatincludeanyportnumbersthathavebeen
configuredaspartofanotherQoSapplicationportnumberpolicy.
Anerrormessageisgeneratediftherearenotenoughhardwareresources
availablewhenconfiguringapolicy.
Youmustspecifytheentirerangeofconfiguredportnumberswhenusing
thenoformofthecommand,forexample:
Pr oCur ve( conf i g) #qos udp- por t r ange 1300 1399 dscp 001110
Pr oCur ve( conf i g) # no qos r ange 1300 1399
Example. Thefollowingexampledisplaysthefollowingconfigurationfor
TCPandUDPportprioritization:
TCP/UDPPort 802.1pPriorityforTCP 802.1pPriorityforUDP
TCPPort23(Telnet)
7 7
UDPPort23(Telnet)
7 7
TCPPort80(WorldWideWebHTTP)
2 2
UDPPort80(WorldWideWebHTTP)
1 1
Pr oCur ve( conf i g) # qos t cp- por t 23 pr i or i t y 7
Pr oCur ve( conf i g) # qos t cp- por t 80 pr i or i t y 2
Pr oCur ve( conf i g) # qos udp- por t 23 pr i or i t y 7
Pr oCur ve( conf i g) # qos udp- por t 80 pr i or i t y 1
Pr oCur ve( conf i g) # qos udp- por t r ange 100 199 pr i or i t y 3
Pr oCur ve( conf i g) # show qos t cp- udp- por t - pr i or i t y
TCP/ UDP por t based pr i or i t i es
| I P Packet Appl i cat i on |
Pr ot ocol | Type Por t Appl y r ul e | DSCP Pr i or i t y
- - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - -
TCP | I PV4 23 Pr i or i t y | 7
TCP | I PV4 80 Pr i or i t y | 2
UDP | I PV4 23 Pr i or i t y | 7
UDP | I PV4 80 Pr i or i t y | 1
UDP | I PV4 100- 199 Pr i or i t y | 3
Valuesinthesetwo
columnsdefinetheQoS
classifiersusedtoselect
thepacketstoprioritize.
Indicatesthat802.1ppriority
assignmentsareinusefor
packetswith23,80or100-199
asaTCPorUDPportnumber.
Displaysthe802.1ppriority
assignmentforpackets
withtheindicatedQoS
classifiers.
Figure6-4.Configuring802.1pPriorityAssignmentsonTCP/UDPPorts
6-26
AssigningaDSCPPolicyforaGlobalTCP/UDPClassifier
ThisglobalQoSpacket-markingoptionassignsapreviouslyconfiguredor
defaultDSCPpolicy(codepointand802.1ppriority)toTCPorUDPpackets
havingthespecifiedportnumberorrangeofportnumbers.Whenassigninga
DSCPpolicy,theswitchperformsthefollowingactions:
1. SelectsanincomingIPpacketiftheTCPorUDPportnumberitcarries
matchestheportnumberspecifiedintheTCPorUDPclassifier(asshown
infigure6-4,above).
2. Overwrites(re-marks)thepacketsDSCPwiththenewDSCPconfigured
formatchingpackets.
3. Assignsthe802.1ppriorityassociatedwiththenewDSCP.(SeeDifferen-
tiatedServicesCodepoint(DSCP)Mappingonpage6-89.)
4. Forwardsthepacketthroughtheappropriateoutboundportqueue.
CreatingaDSCPPolicyBasedonTCP/UDPPortNumberClassifiers.
ThefollowingprocedurecreatesaDSCPpolicyforIPpacketscarryingthe
selectedTCPorUDPport-numberclassifier.
1. IdentifytheTCPorUDPport-numberclassifieryouwanttousefor
assigningaDSCPpolicy.
2. DeterminetheDSCPpolicyforpacketscarryingtheselectedTCPorUDP
portnumberorrangeofportnumbers.
a. DeterminetheDSCPyouwanttoassigntotheselectedpackets.(This
codepointwillbeusedtooverwrite(re-mark)theDSCPcarriedin
packetsreceivedfromupstreamdevices.)
b. Determinethe802.1ppriorityyouwanttoassigntotheDSCP.
6-27
3. Ifnecessary,usetheqosdscp-map<codepoint>priority<0-7>command
toconfiguretheDSCPpolicy(codepointandassociated802.1ppriority)
thatyouwanttousetomarkmatchingpackets.
Pr e r e q u i s i t e ADSCPcodepointmusthaveapreconfigured802.1ppriority(0-7)before
youcanusethecodepointtomarkmatchingpackets.Ifacodepointyouwant
touseshowsNo-overrideinthePrioritycolumnoftheDSCPPolicytable(show
qosdscp-mapcommand),youmustfirstconfigureapriorityforthecodepoint
beforeproceeding(qosdscp-mapprioritycommand).SeeDifferentiatedSer-
vicesCodepoint(DSCP)Mappingonpage6-89formoreinformation.
Syntax: qosdscp-map<codepoint>priority<0-7>>
(Optional)Thiscommandisrequiredonlyifan802.1p
priorityisnotalreadyassignedtothespecified<codepoint>
intheDSCPPolicytable(seeTable6-11onpage6-90).
ValidvaluesforaDSCPcodepointareasfollows:
-Abinaryvalueforthesix-bitcodepointfrom000000to
111111.
-Adecimalvaluefrom0(lowpriority)to63(highpriority)
thatcorrespondstoabinaryDSCPbitset
-AnASCIIstandardnameforabinaryDSCPbitset:
af11(001010) af42(100100)
af12(001100) af43(100110)
af13(001110) ef(101110)
af21(010010) cs1(001000)=precedence1
af22(010100) cs2(010000)=precedence2
af23(010110) cs3(011000)=precedence3
af31(011010) cs4(100000)=precedence4
af32(011100) cs5(101000)=precedence5
af33(011110) cs6(110000)=precedence6
af41(100010) cs7(111000)=precedence7
default(000000)
Type?todisplaythelistofvalidcodepointentries.
WhentheswitchappliesthespecifiedDSCPpolicytoa
packet,theprioritydeterminesthepacketsqueueinthe
outboundporttowhichitissent.Ifthepacketleavesthe
switchonataggedport,itcarriesthe802.1pprioritywith
ittothenextdownstreamdevice.ForIPpackets,theDSCP
willbereplacedbythecodepointspecifiedinthiscommand.
(Default:No-overrideformostcodepoints.SeeTable6-11.)
6-28
4. ConfiguretheswitchtoassigntheDSCPpolicytopacketswiththe
specifiedTCPorUDPportnumberorrangeofportnumbers.
Syntax: [no]qos<udp-port|tcp-port>[ipv4|ipv6|ip-all]<port-number|range
startend><dscp<codepoint>
AssignsaDSCPpolicytooutboundpacketshavingthespec-
ifiedTCPorUDPapplication-portnumberorportrange,
andoverwritestheDSCPinthesepacketswiththeassigned
<codepoint>value,where:
ipv4marksonlyIPv4packets(default).
ipv6marksonlyIPv6packets.
ip-allmarksallIPtraffic(bothIPv4andIPv6packets).
port-numberspecifiesaTCP/UDPport-numberfrom1to
65535.
rangestartendspecifiesarangeofTCP/UDPports;see
OperatingNotesonUsingTCP/UDPPortRangesonpage
6-26.Ifyouspecifyarange,theminimumportnumber
mustprecedethemaximumportnumberintherange.
dscpcodepointoverwritestheDSCPcodepointintheIPv4
ToSbyteorIPv6TrafficClassbyteofmatchingpackets
withthespecifiedvalue.
ValidvaluesfortheDSCPcodepointareasfollows:
111111.
-Adecimalvaluefrom0(lowpriority)to63(high
priority)thatcorrespondstoabinaryDSCPbitset
-AnASCIIstandardnameforabinaryDSCPbitset
TheDSCPvalueyouentermustbecurrentlyassociated
withan802.1ppriorityintheDSCPPolicytable(seeTable
6-10).The802.1ppriorityanddeterminesthepackets
queueintheoutboundporttowhichitissent.Ifthepacket
leavestheswitchonataggedport,itcarriesthe802.1p
prioritywithittothenextdownstreamdevice.
ThedefaultDSCPcodepointisNo-override.TheDSCP
codepointisnotoverwritteninmatchingpackets.
ThenoformofthecommanddeletesthespecifiedUDPorTCP
portnumberorrangeofportnumbersasaQoSclassifier.If
youconfiguredarangeofportnumbersastheQoSclassifier,
youmustentertheentirerangeinthenocommand;you
cannotremovepartofarange.
6-29
Syntax: showqostcp-udp-port-priority
DisplaysalistingofallTCPandUDPQoSclassifiers
currentlyintherunning-configfile.
Example. ThisexampleshowshowtoassignthefollowingDSCPpoliciesto
packetsthatmatchthespecifiedTCPandUDPportapplications:
PortApplications DSCPPolicies
DSCP Priority
23-UDP 000111 7
80-TCP 000101 5
914-TCP 000010 1
1001-UDP 000010 1
1. DetermineiftheDSCPcodepointsthatyouwanttousetomarkmatching
packetsalreadyhavean802.1ppriorityassigned,whichcouldindicate
usebyexistingapplications(showqosdscp-mapcommand).
NotethataDSCPcodepointmustalsohaveapriorityconfiguredbefore
youcanuseittomarkmatchingpackets.
TheDSCPcodepoints
havenotyetbeen
assignedan802.1p
prioritylevel.
Figure6-5.DisplayingtheCurrentDSCP-MapConfiguration
6-30

2. ConfiguretheDSCPpoliciesforthecodepointsyouwanttouse.
NewDSCPpolicies
havebeenconfigured
Figure6-6.AssigningPrioritiestotheSelectedDSCPs
3. AssigntheDSCPpoliciestotheselectedTCP/UDPportapplicationsand
displaytheresult.
Pr oCur ve( conf i g) # qos udp- por t 23 dscp 000111
Pr oCur ve( conf i g) # qos t cp- por t 80 dscp 000101
Pr oCur ve( conf i g) # qos t cp- por t 914 dscp 000010
Pr oCur ve( conf i g) # qos udp- por t r ange 1001 2000 dscp 000010
TCP/ UDP por t based pr i or i t i es
| I P Packet Appl i cat i on |
Pr ot ocol | Type Por t Appl y r ul e | DSCP Pr i or i t y
| 3
| 3 1
- - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - -
UDP | I PV4 23 DSCP | 8 7
TCP | I PV4 80 DSCP | 6 5
TCP | I PV4 914 DSCP 1
UDP | I PV4 1001- 2000 DSCP
GlobalTCP/UDPport- DSCPPolicy:DSCPcodepoint(3)and802.1ppriority(1)
numberclassifiers mapping(Note:DSCP3isthedecimalequivalentofbinary
000010.)
Figure6-7.ConfiguringaDSCPPolicyforGlobalTCP/UDPPortClassifiers
TheswitchappliestheDSCPpoliciesinFigure6-7toIPpacketswiththe
specifiedTCP/UDPportapplicationsthatarereceivedintheswitch.The
switchmanagesthepacketsasfollows:
OverwritestheoriginalDSCPsintheselectedpacketswiththenew
DSCPsspecifiedintheabovepolicies.
Assignsthe802.1pprioritiesintheabovepoliciestotheselectedpackets.
6-31

DisplayingResourceUsageforQoSPolicies
WhenyouconfigureglobalQoSclassifiersusingTCP/UDPandaLayer4
Applicationportnumberorportrange,theswitchautomaticallyassignstwo
QoSresourcesforeachpolicyonefortraffictotheTCP/UDPdestination
portandonefortraffictotheTCP/UDPsourceport.
Theshowqosresourcescommanddisplaysthenumberofhardwareresources
currentlyinusebyQoSpoliciesaswellasothersoftwarefeatures.
Pr oCur ve# show qos r esour ces
Resour ce usage i n Pol i cy Enf or cement Engi ne
1 |
0 | 1 |
|
0 |
0 |
Inclduesthehardwareresourcesused
bycurrentlyappliedQoSpolicies.
| Rul es | Rul es Used
Por t s | Avai l abl e | ACL | QoS | I DM | VT | Mi r r or | Ot her |
- - - - - - +- - - - - - - - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - - +- - - - - - - |
1- 24 | 3014 | 15 | 11 | 0 | 1 | 0 | 3 |
25- 48 | 3005 | 15 | 10 | 10 | 0 | 3 |
A | 3017 | 15 | 8 | 0 | 3 |
| Met er s | Met er s Used
Por t s | Avai l abl e | ACL | QoS | I DM VT | Mi r r or | Ot her |
- - - - - - +- - - - - - - - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - - +- - - - - - - |
1- 24 | 250 | | 5 | | | 0 |
25- 48 | 251 | | 4 | | | 0 |
A | 253 | | 2 | 0 | | | 0 |
| Appl i cat i on |
| Por t Ranges | Appl i cat i on Por t Ranges Used
- - - - - - +- - - - - - - - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - - +- - - - - - - |
1- 24 | 3014 | 2 | 0 | 0 | | 0 | 0 |
25- 48 | 3005 | 2 | 0 | 0 | | 0 | 0 |
A | 3017 | 2 | 0 | 0 | | 0 | 0 |
0 of 8 Pol i cy Engi ne management r esour ces used.
Key:
ACL = Access Cont r ol Li st s
QoS = Devi ce & Appl i cat i on Por t Pr i or i t y, QoS Pol i ci es, I CMP r at e l i mi t s
I DM = I dent i t y Dr i ven Management
VT = Vi r us Thr ot t l i ng bl ocks
Mi r r or = Mi r r or Pol i ci es, Remot e I nt el l i gent Mi r r or endpoi nt s
Ot her = Management VLAN, DHCP Snoopi ng, ARP Pr ot ect i on, J umbo I P- MTU.
Resour ce usage i ncl udes r esour ces act ual l y i n use, or r eser ved f or f ut ur e
use by t he l i st ed f eat ur e. I nt er nal dedi cat ed- pur pose r esour ces, such as
por t bandwi dt h l i mi t s or VLAN QoS pr i or i t y, ar e not i ncl uded.
Figure6-8. DisplayingtheHardwareResourcesUsedbyCurrentlyConfiguredQoSPolicies
6-32
Not e ACLsandQoSpoliciessharethesameapplicationportranges.IfanewQoS
policyspecifiesaportrangethatisalreadyconfiguredforoneormoreACLs,
theQoScolumnincreasesby1,buttheApplicationPortRangesAvailable
columnremainsunchanged.Likewise,ifanACLisconfiguredforaportrange
onwhichaQoSpolicyisalreadyapplied,theACLcolumnincreasesby1,while
theAvailablecolumnremainsunchanged.
Similarly,whenyouremoveaportrange,theApplicationPortRangesAvail-
ablecolumnonlyincreasesiftheportrangeisnotconfiguredforanexisting
ACLorQoSpolicyontheswitch.
GlobalIP-DeviceClassifier
TheglobalIP-deviceclassifierenablesyoutoconfigureupto300IPaddresses
toselectIPpacketsaccordingtosourceordestinationaddress.
I Pv 6 Su p p o r t StartinginsoftwarereleaseK.14.01,IPdeviceclassifiersaresupportedon
IPv4,IPv6,andIPv4/IPv6subnets.Inpreviousreleases,onlyIPv4packetsare
supported.
Whenaglobally-configuredIP-deviceaddresshasthehighestprecedencein
theswitchfortrafficaddressedtoorfromthedevice,trafficreceivedonthe
switchwiththeconfiguredIPaddressismarkedwiththespecifiedpriority
level.YoucanconfiguredifferentIP-deviceclassifierswithdifferentpriority
levels.
Qo S I P- De v i c e TheconfigurationofaQoSIP-devicepriorityontheManagementVLANIP
Re s t r i c t i o n address(ifconfigured)isnotsupported.IfnoManagementVLANisconfig-
ured,theconfigurationofaQoSIP-devicepriorityonthedefaultVLANIP
addressisnotsupported.
OptionsforAssigningPriority.Thepacket-markingoptionsforglobalIP-
deviceclassifiersinclude:
802.1ppriority
DSCPpolicy:AssigninganewDSCPand802.1ppriority
ForinformationonglobalQoSoperationwhenotherglobalclassifiersapply
tothesametraffic,seetoGlobally-ConfiguredPacketClassificationonpage
6-12.
6-33
ForagivenIPaddressorsubnetmask,youcanassignonlyoneoftheabove
optionsatatime.However,fordifferentIPaddresses,youcanusedifferent
options.
AssigningaPriorityforaGlobalIP-DeviceClassifier
ThisglobalQoSpacket-markingoptionassignsan802.1pprioritytoallIP
packetsthathavethespecifiedIPaddressaseitherasourceordestination.If
boththesourceanddestinationaddressesmatch,thepriorityconfiguredfor
theIPdestinationaddresshasprecedence.
IPv4Syntax: qosdevice-priority<ipv4-address|[ipv4]ipv4-address/mask-length>
priority<0-7>
IPv6Syntax: qosdevice-priority<ipv6-address|ipv6ipv6-address/prefix-length>>
priority<0-7>
Marksan802.1ppriorityinoutboundpacketswiththe
specifiedIPaddressorsubnetmaskinthesourceordesti-
nationfieldinapacketheader,where:
ipv4-addressoripv6-addressisanIPv4orIPv6addressused
tomatchthesourceordestinationaddressinpacket
headers.
Note:AnIPv6local-linkaddress(suchas
fe80::110:252%vlan20)thatisautomaticallygeneratedon
aVLANinterfaceisnotsupportedasanipv6-addressvalue.
[ipv4]ipv4-address/mask-lengthisthesubnetidentifiedby
theIPv4maskforthespecifiedaddressthatisusedto
matchtheIPv4inthesourceordestinationfieldofpacket
headers.
ipv6ipv6-address/prefix-lengthisthesubnetidentifiedbythe
IPv6prefix-lengthforthespecifiedaddressthatisusedto
matchtheIPv6addressinthesourceordestinationfield
ofpacketheaders.
EntertheIPv4maskorIPv6prefixlengthwithanaddress
inCIDRformatbyusingthenumberofsignificantbits
(forexample,2001:db8::1:262:a03:e102:127/64or
10.28.31.1/24).
priority<0-7>marksthespecified802.1ppriorityin
matchingIPpackets.
The802.1pprioritydeterminesthepacketsqueueinthe
outboundportontheswitch.Ifthepacketleavestheswitch
onataggedVLANport,itcarriesthe802.1pprioritywithit
tothenextdownstreamdevice.
6-34

ThenoformofthecommanddeletesthespecifiedIPaddress
orsubnetmaskasaQoSclassifier,andresetsthepriority
fortheVLANtoNo-override.
showqosdevice-priority
DisplaysalistingofallIPdevice-priorityQoSconfigura-
tionscurrentlyintherunning-configfile.
Example. Thisexampleshowshowtoconfigureanddisplaythe802.1p
priorityusedtomarkpacketsthatmatcheachglobalIP-deviceclassifier:
IPAddress/MaskorPrefixLength 802.1pPriority
10.28.31.1 7
10.28.31.130 5
10.28.31.100/24 1
2001:db8:2:1:212:79ff:fe88:a100 3
2001:db8:3:3::/64 1
Pr oCur ve( conf i g) # qos devi ce- pr i or i t y 10. 28. 31. 1 pr i or i t y 7
Pr oCur ve( conf i g) # qos devi ce- pr i or i t y 10. 28. 31. 130 pr i or i t y 5
Pr oCur ve( conf i g) # qos devi ce- pr i or i t y i pv4 10. 28. 32. 100/ 24 pr i or i t y 1
Pr oCur ve( conf i g) # qos devi ce- pr i or i t y 2001: db8: 2: 1: 212: 79f f : f e88: a100 pr i or i t y 3
Pr oCur ve( conf i g) # qos devi ce- pr i or i t y i pv6 2001: db8: 3: 3: : / 64 pr i or i t y 1
Pr oCur ve( conf i g) # show qos devi ce- pr i or i t y
Devi ce pr i or i t i es
Devi ce Addr ess Appl y r ul e | DSCP Pr i or i t y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - -
10. 28. 31. 1 Pr i or i t y | 7
10. 28. 31. 130 Pr i or i t y | 5
10. 28. 32. 100/ 24 Pr i or i t y | 1
2001: db8: 2: 1: 212: 79f f : f e88: a100 Pr i or i t y | 3
2001: db8: 3: 3: : / 64 Pr i or i t y | 1
Figure6-9.UsingaGlobalIP-DeviceClassifiertoMarkMatchingPackets
6-35
AssigningaDSCPPolicyForaGlobalIP-DeviceClassifier
ThisglobalQoSpacket-markingoptionassignsapreviouslyconfiguredDSCP
policy(codepointand802.1ppriority)tooutboundIPpacketshavingthe
specifiedIPaddressorsubnetmaskinthesourceordestinationfieldoftheir
packetheader.Theswitch:
1. SelectsanincomingIPv4orIPv6packetonthebasisofthesourceor
destinationIPaddressorsubnetmaskitcarries.
2. OverwritestheDSCPinmatchingpacketswiththegloballyconfigured
DSCPcodepoint,andassignsthe802.1ppriorityassociatedwiththenew
DSCP.(SeeDifferentiatedServicesCodepoint(DSCP)Mappingonpage
6-89.)
FormoreonDSCP,refertoQoSTerminologyonpage6-7.
CreatingaPolicyBasedonIPAddress.ThisprocedurecreatesaDSCP
policyforIPpacketscarryingtheselectedIPaddress(sourceordestination).
1. IdentifytheIPv4orIPv6addresstouseasaclassifierforassigningaDSCP
policy.
2. DeterminetheDSCPpolicyforpacketscarryingtheselectedIPaddress:
codepointwillbeusedtooverwritetheDSCPcarriedinpackets
receivedfromupstreamdevices.)
6-36
Syntax: qosdscp-map<codepoint>priority<0-7>>
(Optional)Thiscommandisrequiredonlyifan802.1p
priorityisnotalreadyassignedtothespecified<codepoint>
intheDSCPPolicytable(seeTable6-11onpage6-90).
Whentheswitchappliesthispolicytoapacket,thepriority
determinesthepacketsqueueintheoutboundporttowhich
itissent.Ifthepacketleavestheswitchonataggedport,it
carriesthe802.1pprioritywithittothenextdownstream
device.ForIPpackets,theDSCPwillbereplacedbythe
codepointspecifiedinthiscommand.(Default:No-override
formostcodepoints.SeeTable6-11.)
specifiedIPaddressorsubnetmask.
IPv4Syntax: qosdevice-priority<ipv4-address|[ipv4]ipv4-address/mask-length>
dscp<codepoint>
IPv6Syntax: qosdevice-priority<ipv6-address|ipv6ipv6-address/prefix-length>>
dscp<codepoint>
AssignsaDSCPpolicyinpacketswiththespecifiedIP
addressorsubnetmaskinthesourceordestinationfieldin
apacketheader,where:
ipv4-addressoripv6-addressisanIPv4orIPv6addressused
tomatchthesourceordestinationaddressinpacket
headers.
Note:AnIPv6local-linkaddress(suchas
fe80::110:252%vlan20)thatisautomaticallygeneratedon
aVLANinterfaceisnotsupportedasanipv6-addressvalue.
[ipv4]ipv4-address/mask-lengthisthesubnetidentifiedby
theIPv4maskforthespecifiedaddressthatisusedto
matchtheIPv4inthesourceordestinationfieldofpacket
headers.
ipv6ipv6-address/prefix-lengthisthesubnetidentifiedbythe
IPv6prefix-lengthforthespecifiedaddressthatisusedto
matchtheIPv6addressinthesourceordestinationfield
ofpacketheaders.
EntertheIPv4maskorIPv6prefixlengthwithanaddress
inCIDRformatbyusingthenumberofsignificantbits
(forexample,2001:db8:2:1:262:a03:e102:127/64or
10.28.31.1/24).
6-37
dscpcodepointoverwritestheDSCPcodepointintheIPv4
ToSbyteorIPv6TrafficClassbyteofmatchingpackets
withthespecifiedvalue.
ValidvaluesfortheDSCPcodepointareasfollows:
111111.
-Adecimalvaluefrom0(lowpriority)to63(high
priority)thatcorrespondstoabinaryDSCPbitset
TheDSCPvalueyouentermustbecurrentlyassociated
withan802.1ppriorityintheDSCPPolicytable(seeTable
6-10).The802.1ppriorityanddeterminesthepackets
queueintheoutboundporttowhichitissent.Ifthepacket
leavestheswitchonataggedport,itcarriesthe802.1p
prioritywithittothenextdownstreamdevice.
ThedefaultDSCPcodepointisNo-override.TheDSCP
codepointisnotoverwritteninmatchingpackets.
ThenoformofthecommanddeletesthespecifiedIPaddress
orsubnetmaskasaQoSclassifier.Ifyouconfiguredasubnet
maskasmatchcriteria,youmustentertheentireIPaddress
andmask-lengthinthenocommand.
DisplaysalistingofallIPaddressesandsubnetmasksused
asQoSclassifierscurrentlyintherunning-configfile.
Example. ThisexampleshowshowtoassignthefollowingDSCPpoliciesto
thepacketsthatmatchthespecifiedglobalIP-deviceclassifiers:
IPAddress
DSCPPolicy
DSCP
Codepoint
802.1p
Priority
10.28.31.1 000111 7
10.28.31.130 000101 5
10.28.31.100/24 000010 1
2001:db8:2:1:212:79ff:fe88:a100 000101 3
2001:db8:3:3::/64 000010 1
usebyexistingapplications(showqosdscp-mapcommand).Thisisnota
6-38
problemiftheconfiguredprioritiesareacceptableforallapplicationsthat
usethesameDSCP(seeNotesonChangingaPrioritySettingonpage
6-92).
NotethataDSCPcodepointmusthaveanassociatedprioritybeforeyou
canuseittomarkmatchingpackets.
TheDSCPsforthis
examplehavenotyet
beenassignedan
802.1pprioritylevel.
Figure6-10. DisplaytheCurrentDSCP-MapConfiguration
2. ConfiguretheprioritiesfortheDSCPsyouwanttousetomarkpackets.
DSCPpolicieswithan
802.1ppriority
Figure6-11.Assigning802.1pPrioritiestotheSelectedDSCPs
6-39

3. AssigntheDSCPpoliciestothespecifiedIP-deviceaddressesanddisplay
theresult.
Pr oCur ve( conf i g) # qos devi ce- pr i or i t y 10. 28. 31. 1 dscp 000111
Pr oCur ve( conf i g) # qos devi ce- pr i or i t y 10. 28. 31. 130 dscp 000101
Pr oCur ve( conf i g) # qos devi ce- pr i or i t y i pv4 10. 28. 32. 100/ 24 dscp 000010
Pr oCur ve( conf i g) # qos devi ce- pr i or i t y 2001: db8: 2: 1: 212: 79f f : f e88: a100 dscp 0001
Pr oCur ve( conf i g) # qos devi ce- pr i or i t y i pv6 2001: db8: 3: 3/ 64 dscp 000010
Pr oCur ve( conf i g) # show qos devi ce- pr i or i t y
Devi ce pr i or i t i es
Devi ce Addr ess Appl y r ul e | DSCP Pr i or i t y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - -
10. 28. 31. 1 Pr i or i t y | 000111 7
10. 28. 31. 130 Pr i or i t y | 000101 5
10. 28. 32. 100/ 24 Pr i or i t y | 000010 1
2001: db8: 2: 1: 212: 79f f : f e88: a100 Pr i or i t y | 000101 3
2001: db8: 3: 3/ 64 Pr i or i t y | 000010 1
Figure6-12.TheCompletedDevice-Priority/CodepointConfiguration
TheswitchappliestheDSCPpoliciesinFigure6-11toIPpacketswiththe
specifiedIPaddressesandsubnetmasks(sourceordestination)receivedin
theswitch.Theswitchmanagesthepacketsasfollows:
OverwritestheoriginalDSCPsintheselectedpacketswiththenew
DSCPsspecifiedintheabovepolicies.
Assignsthe802.1pprioritiesintheabovepoliciestotheappropriate
packets.
6-40
GlobalIPType-of-ServiceClassifier
TheglobalIPType-of-ServiceclassifierenablesyoutoclassifyandmarkIP
packetsaccordingtothefollowingmodes:
IP-PrecedenceMode:AllIPpacketsgeneratedbyupstreamdevicesand
applicationsincludeaprecedencebitsetintheToS/TrafficClassbyte.In
IP-precedencemode,theswitchusestheprecedencebitstocomputeand
assignthecorresponding802.1ppriority.
IPDifferentiatedServices(Diffserv)Mode:TheDiffservmodeuses
thecodepointssetinIPpacketsbyupstreamdevicesandapplicationsto
assignan802.1pprioritytopackets.YoucanuseDiffservmodetomark
packetsinthefollowingways:
AssignanewDSCPpolicy:Apolicyincludesbothacodepoint
andacorresponding802.1ppriority.Thisoptionselectsanincoming
IPpacketonthebasisofitscodepointandassignsanewcodepoint
andcorresponding802.1ppriority.(Usetheqosdscp-mapcommand
tospecifyapriorityforanycodepointpage6-89.)
Assignan802.1ppriority:ThisoptionreadstheDSCPofan
incomingIPpacketand,withoutchangingthiscodepoint,assignsthe
802.1pprioritytothepacket,asconfiguredintheDSCPPolicyTable
(page6-89).Thismeansthatapriorityvalueof0-7mustbeconfigured
foraDSCPbeforetheswitchcanperformaQoSmatchonthepackets
DSCPbits.
vicesCodepoint(DSCP)Mappingonpage6-89formoreinformation.Note
thatsome802.1pprioritiesareassignedbydefaulttowell-knownDSCP
codepoints,suchastheAssuredForwardingandExpeditedForwarding
codepoints(seeTable6-11).
UnlessIP-PrecedencemodeandDiffservmodearebothdisabled(thedefault
setting),enablingoneautomaticallydisablestheother.Formoreinformation
onType-of-Serviceoperation,refertoIPv4ToS/IPv6TrafficClassByteon
page6-42.
6-41
IPv4ToS/IPv6TrafficClassByte
IPv4packetheaderscontainaTypeofService(ToS)byte;IPv6packetheaders
containaTrafficClassbyte.InanIPv6packet,theTrafficClassbyteisused
inthesamewayastheToSbyteinanIPv4packet.AToS/TrafficClassbyte
includesaDSCPcodepointandprecedencebits:
DifferentiatedServicesCodepoint(DSCP):Consistsoftheuppersix
bitsoftheToS/TrafficClassbyte.Thereare64possiblecodepoints.
Intheswitchescoveredinthisguide,thedefaultQoSconfiguration
includessomecodepoints,suchasAssuredForwardingandExpedited
Forwarding,thatarepreconfiguredwithan802.1pprioritysetting.All
othercodepointsarenotconfiguredwithan802.1ppriorityanddisplay
No-overrideasshowninthedefaultDSCPPolicytable(Table6-11).
Usetheqosdscpmapcommandtoconfiguretheswitchtoassigndifferent
802.1pprioritiestoIPpacketswithdifferentcodepoints.Also,youcan
configuretheswitchtoassignanewcodepointwithitsassociatedpriority
level(0-7)tomatchingpacketsasfollows:
a. ConfigureaDSCPcodepointwiththedesiredpriorityinanedge
switch.
b. Configurethelocalswitchtomarkspecifiedinboundtrafficwiththe
DSCP(andthuscreateapolicyforthattraffictype).
c. ConfiguretheinternalswitchesinyourLANtohonorthepolicy.
Forexample,youcouldconfigureanedgeswitchtoassignacodepoint
of000001toallpacketsreceivedfromaspecificVLAN,andthenhandle
alltrafficwiththatcodepointathighpriority.
Foracodepointlistingandthecommandsfordisplayingandchangingthe
DSCPPolicytable,refertoDifferentiatedServicesCodepoint(DSCP)
Mappingonpage6-89.
PrecedenceBits:AsubsetoftheDSCPcodepoint,consistingofthe
upperthreebitsoftheToS/TrafficClassbyte.WhenaglobalIP-Prece-
denceclassifierisconfigured,theswitchusestheprecedencebitsetto
determinethepriorityforselectedpacketsasshowninTable6-8.(The
switchdoesnotchangethesettingoftheprecedencebits.)
6-42
Table6-8. IPPrecedence-to-802.1pPriorityMapping
ToS/TrafficClassByte:
IPPrecedenceBits
Corresponding
802.1pPriority
ServicePriorityLevel
000 1 Lowest
001 2 Low
002 0 Normal
003 3
004 4
005 5
006 6
007 7 Highest
Not e UsingaglobalIP-PrecedenceclassifiertoprioritizeIPpacketsrelieson
prioritiessetinupstreamdevicesandapplications.
Figure6-13showsthedifferencebetweenthediffservbitsandprecedence
bitsinanIPv4ToSbyteandanIPv6TrafficClassbyte.Notethat:
PrecedencebitsareasubsetoftheDifferentiatedServicesbits.
Therightmosttwobitsarereserved.
IPv4Fields: DestinationMAC
Address
SourceMAC
Address
802.1QField Typeand
Version
Type-of-Service
Byte
SampleIPv4
Packet:
FFFFFFFFFFFF 080009000016 0800 45
E0
...
IPv6Fields: DestinationMAC
Address
SourceMAC
Address
...
TrafficClass
Byte
SampleIPv6
Packet:
FFFFFFFFFFFF 2001:db8:260:0212::
01b4
... E0
...
Figure6-13.IPv4ToS/IPv6TrafficClassBytewithDSCPCodepointandPrecedenceBits
DifferentiatedServicesCodepoint
Rsvd.
Precedence
Bits
DelayThroughput
ReliabilityBits
1 1 1 0 0 0 0 0
E 0
6-43
IP-PrecedenceClassifier
Ifadeviceorapplicationupstreamoftheswitchsetstheprecedencebitsin
theToS/TrafficClassbyteofIPv4/IPv6packets,youcanusethisglobalpacket-
markingoptiontoprioritizepacketsforoutboundportqueues.Iftheoutbound
packetsareinataggedVLAN,thispriorityiscarriedasan802.1pvaluetothe
adjacentdownstreamdevices.
Syntax:qostype-of-serviceip-precedence
Causestheswitchtoautomaticallyassignan802.1pprior-
itytoallIPpackets(IPv4andIPv6)bycomputingapackets
802.1ppriorityfromtheprecedencebitsthepacketcarries.
Thisprioritydeterminesthepacketsqueueintheoutbound
porttowhichitissent.Ifthepacketleavestheswitchona
taggedport,itcarriesthe802.1pprioritywithittothenext
downstreamdevice.(ToSIPPrecedenceDefault:Disabled)
noqostype-of-service
DisablesallToSclassifieroperation,includingprioritiza-
tionusingtheprecedencebits.
showqostype-of-service
WhentheIP-precedencemodeisenabled(orifneitherType-
of-Serviceoptionisconfigured),displaystheToSconfigu-
rationstatus.IftheDiff-servmodeisenabled,codepoint
dataisdisplayedasdescribedinAssigningaDSCPPolicy
foraGlobalIP-DiffservClassifieronpage6-49.
UsingtheIP-precedenceclassifier,prioritizationofoutboundpacketsrelies
ontheIP-PrecedencebitsettingthatIPpacketscarrywiththemfrom
upstreamdevicesandapplications.Toconfigureandverifythisoption:
DefaultConfiguration CurrentConfiguration
Figure6-14.ExampleofEnablingToSIP-PrecedencePrioritization
TochangefromIP-precedencetoIP-Diffservmode,followtheprocedurein
Assigningan802.1pPriorityforaGlobalIP-DiffservClassifieronpage6-45,
whichautomaticallydisablesIP-Precedence.TodisableIP-Precedencewith-
outenablingtheIP-Diffservoption,enterthenoqostype-of-servicecommand.
6-44
Assigningan802.1pPriorityforaGlobalIP-DiffservClassifier
OneofthebestusesforthisglobalQoSpacket-markingoptionisonaninterior
switchwhereyouwanttohonor(continue)apolicysetonanedgeswitch.
TheIP-diffservclassifierenablesyoutoselectincomingpacketshavinga
specificDSCPandforwardthesepacketswiththedesired802.1ppriority.For
example,ifanedgeswitchAmarksallpacketsreceivedonportA5witha
particularDSCP,youcanconfigureadownstream(interior)switchBto
handlesuchpacketswiththedesiredpriority(regardlessofwhether802.1Q-
taggedVLANsareinuse).
LAN
A5
Edge
Switch
A
LAN
Interior
Switch
B
Work-
Group
Work-
Group
MarkedTrafficfromportA5onEdgeSwitchA
OtherTraffic
Figure6-15.InteriorSwitchBHonorsthePolicyEstablishedinEdgeSwitchA
Todoso,assignthedesired802.1pprioritytothesamecodepointthatthe
upstreamoredgeswitchassignstotheselectedpackets.Whenthedown-
streamswitchreceivesanIPpacketcarryingoneofthesecodepoints,it
assignstheconfiguredprioritytothepacketandsendsitouttheappropriate
outboundportqueue.(Thepacketretainsthecodepointitreceivedfromthe
upstreamoredgeswitch).Youcanusethisoptionconcurrentlywiththe
diffservDSCPPolicyoption(describedlaterinthissection),aslongasthe
DSCPsspecifiedinthetwooptionsdonotmatch.
6-45
ConfigurationNotes DifferentapplicationsmayusethesameDSCPintheirIPpackets.Also,the
sameapplicationmayusemultipleDSCPsiftheapplicationoriginateson
differentclients,servers,orotherdevices.Usinganedgeswitchenablesyou
toselectthedesiredpacketsandmarkthemwithpredictableDSCPsthatcan
beusedbydownstreamswitchestohonorpoliciessetintheedgeswitch.
Whenenabled,theswitchappliesdirect802.1pprioritizationtoallpackets
havingcodepointsthatmeettheseprerequisites:
Thecodepointisconfiguredwithan802.1ppriorityintheDSCPtable.
(CodepointsconfiguredwithNo-overridearenotused.)
ThecodepointisnotconfiguredforanewDSCPpolicyassignment.
Thus,theswitchdoesnotallowthesameincomingcodepoint(DSCP)tobe
usedsimultaneouslyfordirectlyassigningan802.1ppriorityandalsoassign-
ingaDSCPpolicy.Foragivenincomingcodepoint,ifyouconfigureoneoption
andthentheother,thesecondoverwritesthefirst.
TouseaglobalIP-Diffservclassifiertomarkmatchingpacketswithan802.1p
priority,followthesesteps:
1. IdentifyaDSCPusedtosetapolicyinpacketsreceivedfromanupstream
oredgeswitch.
2. Determinethe802.1ppriority(0-7)youwanttoapplytopacketscarrying
theidentifiedDSCP.(Youcaneithermaintainthepriorityassignedinthe
upstreamoredgeswitch,orassignanewpriority.)
4. EnableIP-Diffservmodebyenteringtheqostype-of-servicediff-services
command.
6-46
.
Syntax:qostype-of-servicediff-services<codepoint>
Causestheswitchtoreadthe<codepoint>(DSCP)ofan
incomingIPpacketand,whenamatchoccurs,assignthe
associated802.1ppriorityintheDSCPPolicytable(see
Table6-11).
noqostype-of-service
DisablesallToSclassifieroperation.
noqosdscp-map<codepoint>
Disablesdirect802.1ppriorityassignmenttopacketscarry-
ingthe<codepoint>byreconfiguringthecodepointpriority
assignmentintheDSCPtabletoNo-override.Notethatifthis
codepointisinuseasaDSCPpolicyforanotherdiffserv
codepoint,youmustdisableorredirecttheotherdiffserv
codepointsDSCPpolicybeforeyoucandisableorchangethe
codepoint.Forexample,inFigure6-16youcannotchange
thepriorityforthe000000codepointuntilyouredirectthe
DSCPpolicyfor000001fromusing000000asapolicy.(See
NotesonChangingaPrioritySettingonpage6-92and
DifferentiatedServicesCodepoint(DSCP)Mappingon
page6-89.)
DisplaysthecurrentType-of-Serviceconfiguration.InIP-
diffservmodeitalsoshowsthecurrentdirect802.1passign-
mentsandthecurrentDSCPassignmentscoveredlaterin
thissection.
Forexample,anedgeswitchAinanuntaggedVLANassignsaDSCPof
000110onIPpacketsitreceivesonportA6,andhandlesthepacketswithhigh
priority(7).WhenthesepacketsreachinteriorswitchByouwanttheswitch
tohandlethemwiththesamehighpriority.Toenablethisoperationyouwould
6-47
configurean802.1ppriorityof7forpacketsreceivedwithaDSCPof000110,
andthenenablediff-services:
Executingthiscommand
displaysthecurrentType-of-
Serviceconfigurationandshows
thattheDSCP000110isnot
currentlyinuse.
The000110codepointisunused,
andthusavailablefordirectly
assigningan802.1ppriority
withoutchangingthepackets
DSCP.
Note:Allcodepointswithouta
DSCPPolicyentryare
availablefordirect802.1ppriority
assignment.
Figure6-16.DisplayingtheCodepointsAvailablefor802.1pPriorityAssignments
Noticethatcodepoints000000and001001arenamedasDSCP
policiesbyothercodepoints(000001and000110respectively).This
meanstheyarenotavailableforchangingtoadifferent802.1ppriority.
OutboundIPpackets
withaDSCPof000110
willhaveapriorityof7.
Figure6-17. Type-of-ServiceConfigurationthatEnablesBoth802.1pPriorityand
DSCPPolicyAssignment
6-48
AssigningaDSCPPolicyforaGlobalIP-DiffservClassifier
Theprecedingsectiondescribeshowtoforwardan802.1pprioritylevelset
byanedge(orupstream)switch.Thissectiondescribeshowtouseaglobal
IP-DiffservclassifiertomarkmatchingpacketswithanewDSCPpolicy.A
DSCPpolicyconsistsofaDSCPcodepointandanassociated802.1ppriority.
YoucanuseaglobalIP-DiffservclassifiertomarkaDSCPpolicyatthesame
timewithaglobalIP-Diffservclassifierthatmarksan802.1ppriorityif
differentDSCPcodepointsareconfiguredwitheachclassifier.
TouseaglobalIP-Diffservclassifiertomarkmatchingpacketswithanew
DSCPpolicy,followthesesteps:
1. IdentifytheDSCPusedtosetapolicyinpacketsreceivedfroman
upstreamoredgeswitch.
2. Createanewpolicybyusingtheqosdscp-map<codepoint>priority<0- 7>
commandtoconfigurean802.1ppriorityforthecodepointyouwilluse
tooverwritetheDSCPthatthepacketcarriesfromupstream.(Formore
information,seeDifferentiatedServicesCodepoint(DSCP)Mappingon
page6-89.)
3. Usetheqostype-of-servicediff-services<incoming-DSCP>dscp<outgoing-
DSCP>commandtochangethepolicyonpacketscomingfromtheedge
orupstreamswitchwiththespecifiedincomingDSCP.
Figure6-15onpage6-45illustratesthisscenario.
6-49
Syntax:qostype-of-servicediff-services
EnablesToSdiff-services.
Syntax:qostype-of-servicediff-services<current-codepoint>dscp
<new-codepoint>
ConfigurestheswitchtoselectanincomingIPpacketcarry-
ingthe<current-codepoint>andthenusethe<new-codepoint>
toassignanew,previouslyconfiguredDSCPpolicytothe
packet.Thepolicyoverwritesthe<current-codepoint>withthe
<new-codepoint>andassignsthe802.1ppriorityspecified
bythepolicy.
111111.
-AnASCIIstandard(hexadecimal)nameforabinaryDSCP
bitset
Toreconfigurethe802.1pprioritycurrentlyassignedtoa
DSCPcodepoint,usetheqosdscp-mapcommandasdescribed
inDifferentiatedServicesCodepoint(DSCP)Mappingon
page6-89.
Syntax:noqostype-of-service
DisablesallToSclassifieroperation.CurrentToSDSCP
policiesandprioritiesremainintheconfigurationandwill
becomeavailableifyoure-enableToSdiff-services.
Syntax:noqostype-of-service[diff-services<codepoint>]
DeletestheDSCPpolicyassignedtothe
<codepoint>andreturnsthe<codepoint>tothe802.1p
prioritysettingithadbeforetheDSCPpolicywasassigned.
(Thiswillbeeitheravaluefrom0-7orNo-override.)
Syntax:showqostype-of-service
Displaysalistingofcodepointswithanycorresponding
DSCPpolicyre-assignmentsforoutboundpackets.Alsodis-
playsthe802.1ppriorityforeachcodepointthatdoesnot
haveaDSCPpolicyassignedtoit.
6-50
Example. ThefollowingexampleshowshowtoconfigurenewDSCPpoli-
ciesonmatchingpacketswiththespecifiedDSCPcodepoints.
Received Policy 802.1p PolicyName
DSCP DSCP Priority (Optional)
001100 000010 6 Level6
001101 000101 4 Level4
problemaslongastheconfiguredprioritiesareacceptableforallappli-
cationsusingthesameDSCP(seeNotesonChangingaPrioritySetting
onpage6-92).
Also,notethataDSCPcodepointmusthaveapreconfigured802.1p
priority(0-7)beforeyoucanusethecodepointtomarkmatchingpackets.
IfacodepointyouwanttouseshowsNo-overrideinthePrioritycolumn
oftheDSCPPolicytable(showqosdscp-mapcommand),youmustfirst
configureapriorityforthecodepointbeforeproceeding(qosdscp-map
prioritycommand).SeeDifferentiatedServicesCodepoint(DSCP)Map-
pingonpage6-89formoreinformation.
TheDSCPsforthis
examplehavenotyet
beenassignedan
Figure6-18.DisplayingtheCurrentDSCP-MapConfiguration
6-51
2. Configurethedesiredpolicies(codepointandassociated802.1ppriority)
intheDSCPtable:
Figure6-19.ConfiguringDSCPPoliciesintheDSCPTable
3. Assignthenewpoliciestomarkmatchingpacketswiththespecified
codepoints.
ThespecifiedDSCPpolicies
overwritetheoriginalDSCPsin
matchingpackets,andusethe
802.1pprioritiesconfiguredin
theDSCPpoliciesinstep2.
Figure6-20.AssigningDSCPPoliciestoOutboundPacketsBasedontheDSCP
CodepointfromUpstreamDevices
6-52
ComparisonofGlobalIPType-of-ServiceClassifiers
Table6-9showsthedifferenceinhowglobalIP-PrecedenceandIP-Diffserv
classifiersareimplementedintheswitch.
Table6-9. IPType-of-ServiceClassifiers
OutboundPort IPType-of-ServiceClassifiers
IP-PrecedenceMode IPDifferentiatedServicesMode
IPPacketSentOut
anUntaggedPort
inaVLAN
BasedontheIPPrecedencebitsetin
apacketsToS/TrafficClassfield,the
packetissenttooneofeight
outboundportqueuesintheswitch:
1-2=lowpriority(queue1,2)
0-3=normalpriority(queue3,4)
BasedontheDSCPcodepointthattheswitchhasbeenconfig-
uredtodetect,oneofthefollowingactionsistaken:
Thecodepointisre-markedaccordingtotheconfigured
DSCPpolicyandthe802.1pprioritycurrentlyconfiguredfor
thecodepointintheDSCPPolicytable(Table6-8).
Thecodepointisnotchanged,butthe802.1ppriorityis
markedwiththecurrentlyconfiguredvalueforthe
codepointintheDSCPPolicytable.
4-5=mediumpriority(queue5,6)
Basedonthenew802.1pprioritymarking,thepacketleaves
theswitchthroughoneofthefollowingqueues:
6-7=highpriority(queue7,8)
1-2=lowpriority(queue1,2)
0-3=normalpriority(queue3,4)
4-5=mediumpriority(queue5,6)
6-7=highpriority(queue7,8)
IfNo-override(thedefault)isconfiguredforthe802.1ppriority
associatedwithacodepoint,thepriorityinthepacketheader
isnotre-markedbytheglobalIP-Diffservclassifierand,by
default,issenttothenormalpriorityoutboundportqueue.
IPPacketSentOut
aTaggedPortina
VLAN
BasedontheIPPrecedencebitsetin
apacketsToS/TrafficClassfield:
Thepacketissenttooneofeight
outboundportqueuesinthe
switchasdescribedabove.
BasedontheDSCPcodepointthattheswitchhasbeenconfig-
uredtodetect,oneofthefollowingactionsistaken:
Thecodepointisre-markedaccordingtotheconfigured
DSCPpolicyandthe802.1pprioritycurrentlyconfiguredfor
thecodepointintheDSCPPolicyTable(Table6-8).
TheIPPrecedencevalue(0-7)is
usedtosetthecorresponding
802.1ppriorityintheVLANtag
carriedbythepackettothenext
downstreamdevice(seeTable6-
8).
Thecodepointisnotchanged,butthe802.1ppriorityis
markedwiththecurrentlyconfiguredvalueforthe
codepointintheDSCPPolicyTable(Table6-8).
Basedonthenew802.1pprioritymarking,thepacketleaves
theswitchthroughoneoftheoutboundportqueuesdescribed
above.
Inaddition,thepriorityvalue(0-7)isusedtosetthe802.1p
priorityintheVLANtagcarriedbythepackettothenext
downstreamdevice.IfthepriorityisconfiguredasNo-over-
rideintheDSCPPolicytable,theVLANtagcarriesa0
(normalpriority)802.1psettingifnotprioritizedbyotherglobal
QoSclassifiers.
6-53
GlobalLayer-3ProtocolClassifier
WhenaglobalLayer-3Protocolclassifierisconfiguredasthehighest-prece-
denceclassifierandtheswitchreceivestrafficcarryingthespecifiedprotocol,
matchingpacketsareassignedthepriorityconfiguredfortheclassifier.(For
informationonQoSoperationwhenotherglobalQoSclassifiersmatchthe
sametraffic,seeGlobally-ConfiguredPacketClassificationonpage6-12.)
AssigningaPriorityforaGlobalLayer-3ProtocolClassifier
ThisglobalQoSpacket-markingoptionassignsan802.1pprioritytooutbound
packetshavingthespecifiedLayer-3protocol.
Syntax: qosprotocol
<ip|ipx|arp|appletalk|sna|netbeui>priority<0-7>
Configuresan802.1ppriorityforoutboundpackets
havingthespecifiedprotocol.Thisprioritydetermines
thepacketsqueueintheoutboundporttowhichitis
sent.Ifthepacketleavestheswitchonataggedport,it
carriesthe802.1pprioritywithittothenextdown-
streamdevice.YoucanconfigureoneQoSclassifierfor
eachprotocoltype.(Default:No-override)
noqosprotocol
<ip|ipx|arp|appletalk|sna|netbeui>
DisablesuseofthespecifiedprotocolasaQoSclassifier
andresetstheprotocolprioritytoNo-override.
showqosprotocol
ListstheQoSprotocolclassifierswiththeirpriority
settings.
Example. Inthisexample,youconfigurethefollowingglobalLayer-3proto-
colclassifiers:
1. ConfigureQoSprotocolclassifierswithIPat0(normal),ARPat5
(medium),andAppleTalkat7(high)anddisplaytheQoSprotocolconfig-
uration.
2. DisabletheQoSIPprotocolclassifier,downgradetheARPpriorityto4,
andagaindisplaytheQoSprotocolconfiguration.
Figure6-21showstheconfigurationcommands.
6-54
Pr oCur ve( conf i g) # qos pr ot ocol i p pr i or i t y 0
Pr oCur ve( conf i g) # qos pr ot ocol appl et al k pr i or i t y 7
Pr oCur ve( conf i g) # qos pr ot ocol ar p pr i or i t y 5
Pr oCur ve( conf i g) # show qos pr ot ocol
Pr ot ocol pr i or i t i es
Pr ot ocol Pr i or i t y
- - - - - - - - - - - - - - - -
I P 0
I PX No- over r i de
ARP 5
Appl eTal k 7
SNA No- over r i de
Net BEUI No- over r i de
Pr oCur ve( conf i g) # no qos pr ot ocol i p
Pr oCur ve( conf i g) # qos pr ot ocol ar p pr i or i t y 4
ConfiguresIP,Appletalk,and
ARPasQoSclassifiers.
Pr oCur ve( conf i g) # show qos pr ot ocol
Pr ot ocol pr i or i t i es
Pr ot ocol Pr i or i t y
- - - - - - - - - - - - - - - -
I P No- over r i de
I PX No- over r i de
ARP 4
Appl eTal k 7
SNA No- over r i de
Net BEUI No- over r i de
RemovesIPasQoSclassifier.
ChangesthepriorityoftheARP
QoSclassifier.
Displaystheresultsofthese
changes.
Figure6-21.Adding,Displaying,Removing,andChangingQoSProtocolClassifiers
6-55
GlobalVLAN-IDClassifier
TheglobalVLAN-ID(VID)classifierallowsyoutouseupto4094VLANIDsto
matchpackets.WhenaparticularVLAN-IDclassifierhasthehighestprece-
denceintheswitch,trafficreceivedintheVLANismarkedwiththeconfigured
prioritylevel.YoucanconfiguredifferentglobalVLAN-IDclassifierstomark
packetswithdifferentprioritylevels.
OptionsforAssigningPriority.TheglobalQoSpacket-markingoptions
forpacketsthatcarryaspecifiedVLAN-IDinclude:
802.1ppriority
DSCPpolicy(AssigninganewDSCPandanassociated802.1ppriority;
inboundpacketsmustbeIPv4.)
ForinformationonQoSoperationwhenotherglobalQoSclassifiersmatch
thesametraffic,seetoGlobally-ConfiguredPacketClassificationonpage
6-12.
Co n f i g u r a t i o n AglobalVLAN-IDclassifiermarksprioritylevelsonlyinpacketsreceivedon
Not e s staticVLANs.PacketsreceivedinadynamicVLANcreatedbyGVRPoperation
arenotmarkedbyaglobalVLAN-IDclassifier.
TheVLANIDusedasaglobalQoSclassifiermustcurrentlyexistontheswitch.
IfyouremoveaVLANfromtheswitch,allglobalQoSconfigurationsthatuse
theVLANIDforpacketmarkingarealsoremoved.
AssigningaPriorityforaGlobalVLAN-IDClassifier
ThisglobalQoSpacket-markingoptionassignsaprioritytoalloutbound
packetshavingthespecifiedVLAN-ID(VID).Youcanconfigurethisoptionby
eitherspecifyingtheVLAN-IDaheadoftheqoscommandormovingtothe
VLANcontextfortheVLANyouwanttoconfigureforpriority.
Syntax: vlan<vid>qospriority<0-7>
Configuresan802.1ppriorityforoutboundpacketsbelong-
ingtothespecifiedVLAN.Thisprioritydeterminesthe
packetsqueueintheoutboundporttowhichitissent.Ifthe
packetleavestheswitchonataggedport,itcarriesthe802.1p
prioritywithittothenextdownstreamdevice.Youcan
configureoneQoSclassifierforeachVLAN-ID.(Default:No-
override)
6-56
Syntax:novlan<vid>qos
RemovesthespecifiedVLAN-IDasaQoSclassifierandresets
thepriorityforthatVLANtoNo-override.
Syntax:showqosvlan-priority
DisplaysalistingoftheQoSVLAN-IDclassifierscurrently
intherunning-configfile,withtheirprioritydata.
Example. Inthisexample,802.1pprioritiesareassignedtopacketsreceived
inVLANs1,20,30,and40.
MarkVLAN40packets
withpriority7.
MarkVLAN1packets
withpriority2.
MarkVLAN20and30
packetswithpriority5.
Figure6-22.DisplayingtheVLANsAvailableforQoSPrioritization
EnterthefollowingcommandstomarkVLANpacketsthatmatchthespecified
VLANIDswithan802.1ppriority:
Figure6-23.ConfiguringandDisplayingQoSPrioritiesforVLANIDs
6-57
IfyoulaterdecidedtoremoveVLAN20fromQoSprioritization,youwould
enterthefollowingcommand:
Inthisinstance,No-override
indicatesthatVLAN20isnot
prioritizedbyQoS.
Figure6-24.ReturningaQoS-PrioritizedVLANtoNo-overrideStatus
AssigningaDSCPPolicyforaGlobalVLAN-IDClassifier
policy(codepointand802.1ppriority)tooutboundIPpacketshavingthe
specifiedVLAN-ID(VID).Theswitch:
1. SelectsanincomingIPpacketonthebasisoftheVLAN-IDitcarries.
2. OverwritesthepacketsDSCPwiththeDSCPconfiguredformatching
packets.
CreatingaPolicyBasedonVLAN-IDClassifier.
1. DeterminetheVLAN-IDclassifiertowhichyouwanttoassignaDSCP
policy.
2. DeterminetheDSCPpolicyforpacketscarryingtheselectedVLAN-ID:
receivedfromupstreamdevices.)
6-58
specifiedVLAN-ID.
Syntax: qosdscp-map<codepoint>priority<0-7>
Thiscommandisoptionalifapriorityhasalreadybeen
assignedtothe<codepoint>.ThecommandcreatesaDSCP
policybyassigningan802.1pprioritytoaspecificDSCP.
Whentheswitchappliesthisprioritytoapacket,thepriority
device.ForIPpackets,theDSCPcodepointinthepacket
headerisreplacedbythecodepointspecifiedinthiscom-
mand.(Default:Formostcodepoints,No-override.SeeFigure
6-11onpage6-90.)
Syntax: vlan<vid>qosdscp<codepoint>
AssignsaDSCPpolicytoIPpacketscarryingthespecified
VLANID,andoverwritestheDSCPinthesepacketswiththe
assigned<codepoint>value.
111111.
TheDSCPpolicyincludesan802.1ppriorityanddetermines
thepacketsqueueintheoutboundporttowhichitissent.If
thepacketleavestheswitchonataggedport,itcarriesthe
802.1pprioritywithittothenextdownstreamdevice.
(Default:No-override)
6-59
Syntax:novlan<vid>qos
RemovesaglobalQoSclassifierforthespecifiedVLAN.
Syntax:showqosdevice-priority
DisplaysalistingofallQoSVLAN-IDclassifierscurrently
intherunning-configfile.
Example. Thisexample,assignsthefollowingDSCPpolicies(codepointand
associated802.1ppriority)topacketswiththespecifiedVLANIDs:
VLAN-ID DSCP Priority
40 000111 7
30 000101 5
20 000010 1
1 000010 1
cationsusingthesameDSCP(seeNotesonChangingaPrioritySetting
onpage6-92.
NotethataDSCPcodepointmustalsohaveapriorityconfiguredbefore
youcanuseittomarkmatchingpackets.
TheDSCPsforthis
examplehavenotyet
beenassignedan
Figure6-25.DisplayingtheCurrentDSCP-PriorityMappingintheDSCPPolicy
Table
6-60
802.1ppriorities
areconfigured
inthisstep.
2. ConfiguretheprioritiesfortheDSCPsyouwanttouse.
802.1ppriorities
areconfigured
inthisstep.
Figure6-26.AssignPrioritiestotheSelectedDSCPs
3. AssigntheDSCPpoliciestotheselectedVLANIDsanddisplaytheresult.
Figure6-27.TheCompletedVID-DSCPPriorityConfiguration
TheswitchwillnowapplytheDSCPpoliciesinfigure6-27topacketsreceived
ontheswitchwiththespecifiedVLAN-IDs.Thismeanstheswitchwill:
OverwritetheoriginalDSCPsintheselectedpacketswiththenewDSCPs
specifiedintheabovepolicies.
Assignthe802.1pprioritiesintheabovepoliciestotheappropriate
packets.
6-61
GlobalSource-PortClassifier
TheglobalQoSsource-portclassifierallowsyoutouseapacketssource-port
ontheswitchtomarkpackets.Whenaglobalsource-portclassifierhasthe
highestprecedenceintheswitchfortrafficenteringthroughaport,traffic
receivedontheportismarkedwiththeconfiguredprioritylevel.Different
source-portclassifierscanhavedifferentprioritylevels.
OptionsforAssigningPriorityontheSwitch.TheglobalQoSpacket-
markingoptionsformatchingpacketsfromaspecifiedsource-portinclude:
802.1ppriority
DSCPpolicy:AssigninganewDSCPandanassociated802.1ppriority
ForinformationonQoSoperationwhenotherglobalQoSclassifiersmatch
thesametraffic,seetoGlobally-ConfiguredPacketClassificationonpage
6-12.
OptionsforAssigningPriorityFromaRADIUSServer.Youcanusea
RADIUSservertoassignaQoSsource-portpriorityduringan802.1Xport-
accessauthenticationsession.RefertotheRADIUSchapterintheAccess
SecurityGuideforyourswitch.
AssigningaPriorityforaGlobalSource-PortClassifier
ThisglobalQoSpacket-markingoptionassignsaprioritytoalloutbound
packetshavingthespecifiedsource-port.Youcanconfigurethisoptionby
eitherspecifyingthesource-portaheadoftheqoscommandormovingtothe
portcontextfortheportyouwanttoconfigureforpriority.(Ifyouare
configuringmultiplesource-portswiththesamepriority,youmayfinditeasier
tousetheinterface<port-list>commandtogototheportcontextinsteadof
individuallyconfiguringthepriorityforeachport.)
Syntax: interface<port-list>qospriority<0-7>
Configuresan802.1ppriorityforpacketsenteringthe
switchthroughthespecified(source)ports.Thispriority
determinesthepacketqueueintheoutboundport(s)towhich
trafficissent.Ifapacketleavestheswitchonataggedport,
itcarriesthe802.1pprioritywithittothenextdownstream
device.YoucanconfigureoneQoSclassifierforeachsource-
portorgroupofsource-ports.(Default:No-override)
6-62
Syntax:nointerface<port-list>qos
Disablesuseofthespecifiedsource-port(s)forQoSclassi-
fier(s)andresetsthepriorityforthespecifiedsource-port(s)
toNo-override.
Syntax:showqosport-priority
ListstheQoSport-priorityclassifierswiththeirpriority
data.
Example. Thisexampleshowshowtoprioritizeinboundtrafficonthe
followingsource-ports:
Source-Port Priority
A1-A3 2
A4 3
B1,B4 5
C1-C3 6
Enterthefollowingcommandstoprioritizepacketsreceivedfromthespeci-
fiedsourceports:
:
Figure6-28.ConfiguringandDisplayingSource-PortQoSPriorities
6-63
Ifyoulaterdecidedtoremovesource-portA1fromQoSprioritization,you
wouldenterthefollowingcommand:
Inthisinstance,No-overrideindicates
thatportA1isnotprioritizedbyQoS.
Figure6-29.ReturningaQoS-PrioritizedVLANtoNo-overrideStatus
AssigningaDSCPPolicyforaGlobalSource-PortClassifier
policy(codepointand802.1ppriority)tooutboundIPpacketsreceivedfrom
thespecifiedsource-ports.Theswitch:
1. SelectsanincomingIPpacketonthebasisofitssource-port.
2. OverwritesthepacketsDSCPwiththeDSCPconfiguredformatching
packets.
FormoreonDSCP,refertoQoSTerminologyonpage6-7.
CreatingaPolicyBasedonSource-PortClassifiers.
Co n f i g u r a t i o n YoucanconfigureonlyoneDSCPpersource-porttomarkmatchingpackets.
Not e s
ConfiguringanewDSCPforasource-portautomaticallyoverwrites(replaces)
anypreviousDSCPor802.1ppriorityconfigurationforthatsource-port
classifier.
1. Identifythesource-portclassifiertowhichyouwanttoassignaDSCP
policy.
2. DeterminetheDSCPpolicyforpacketshavingtheselectedsource-port:
receivedthroughthesource-portfromupstreamdevices.)
6-64
Syntax: qosdscp-map<codepoint>priority<0-7>
Thiscommandisoptionalifapriorityhasalreadybeen
assignedtothe<codepoint>.ThecommandcreatesaDSCP
policybyassigningan802.1pprioritytoaspecificDSCP.
Whentheswitchappliesthisprioritytoapacket,thepriority
device.ForIPpackets,theDSCPcodepointinthepacket
headerisreplacedbythecodepointspecifiedinthiscom-
mand.(Default:Formostcodepoints,No-override.SeeFigure
6-11onpage6-90.)
4. ConfiguretheswitchtoassigntheDSCPpolicytopacketsfromthe
specifiedsource-port.
Syntax: interface<port-list>qosdscp<codepoint>
AssignsaDSCPpolicytoIPpacketsfromthespecified
source-port(s),andoverwritestheDSCPinthesepackets
withtheassigned<codepoint>value.
111111.
6-65
Syntax: interface<port-list>qosdscp<codepoint>
TheDSCPpolicyincludesan802.1ppriorityanddetermines
thepacketsqueueintheoutboundporttowhichitissent.If
thepacketleavestheswitchonataggedport,itcarriesthe
802.1pprioritywithittothenextdownstreamdevice.
(Default:No-override)
Syntax:nointerface[e]<port-list>qos
RemovesaQoSclassifierforthespecifiedsource-port(s).
Syntax:showqossource-port
Displaysalistingofallsource-portQoSclassifierscurrently
intherunning-configfile.
Example. Inthisexample,youassignthefollowingDSCPpolicies(code-
pointandassociated802.1ppriority)tomatchingpacketswiththespecified
source-ports:
Source-Port DSCP Priority
A2 000111 7
B1-B3 000101 5
B4,C2 000010 1
cationsusingthesameDSCP.
Also,notethataDSCPmusthavean802.1ppriorityconfiguredbeforeyou
canuseittomarkmatchingpackets.Ifnecessary,usetheqosdscp-map
<codepoint>priority<0-7>commandtoconfiguretheDSCPpolicy
(codepointandassociated802.1ppriority)thatyouwanttousetomark
matchingpackets.
6-66
TheDSCPsforthis
examplehavenotyet
beenassignedan
Figure6-30.DisplayingtheCurrentDSCP-PriorityMappingintheDSCPPolicy
Table
2. ConfiguretheprioritiesfortheDSCPsthatyouwanttousetomark
matchingpackets.
802.1ppriorities
configuredfor
DSCPcodepoints
Figure6-31.AssigningPrioritiestotheSpecifiedDSCPCodepoints
6-67
3. AssigntheDSCPpoliciestotheselectedsource-portsanddisplaythe
result.
Figure6-32.GlobalSource-PortClassifierwithDSCP-PriorityMarking
RadiusOverrideField.DuringaclientsessionauthenticatedbyaRADIUS
server,theservercanimposeaportprioritythatappliesonlytothatclient
session.RefertotheRADIUSchapterintheAccessSecurityGuideforyour
switch.
6-68
IPMulticast(IGMP)InteractionwithQoS
IGMPhigh-priority-forwardcausestheswitchtoservicethesubscribedIP
multicastgrouptrafficathighpriority,evenifQoSontheswitchhasrelegated
thetraffictoalowerpriority.ThisdoesnotaffectanyQoSprioritysettings,
sotheQoSpriorityishonoredbydownstreamdevices.However,QoSdoes
takeprecedenceoverIGMPnormal-prioritytraffic.
TheswitchsabilitytoprioritizeIGMPtrafficforeitheranormalorhigh
priorityoutboundqueueoverridesanyQoScriteria,anddoesnotaffectany
802.1pprioritysettingstheswitchmayassign.Foragivenpacket,ifbothIGMP
highpriorityandQoSareconfigured,theQoSclassificationoccursandthe
switchmarksthepacketfordownstreamdevices,butthepacketisserviced
bythehigh-priorityqueuewhenleavingtheswitch.
IGMPHigh
Priority
QoSConfiguration
AffectsPacket
SwitchPortOutput
Queue
Outbound802.1pSetting
(RequiresTaggedVLAN)
NotEnabled Yes DeterminedbyQoS DeterminedbyQoS
Enabled Seeabovepara- High AsdeterminedbyQoSifQoSis
graph. active.
6-69
AdvancedClassifier-BasedQoS
StartinginsoftwarereleaseK.14.01,inadditiontothepacketclassification
andprioritizationmethodsdescribedinGlobally-ConfiguredQoSonpage
6-19,QoSconfigurationalsosupportsadvancedclassifier-basedfunctions.
Advancedclassifier-basedQoSintroduces:
Afinergranularitythanglobally-configuredQoSforclassifyingIPv4and
IPv6traffic
Additionalactionsformanagingselectedtraffic,suchasrate-limitingand
IPprecedencemarking
TheapplicationofQoSpoliciestoinboundtrafficflowsonspecificport
andVLANinterfaces(insteadofusingonlyglobally-configured,switch-
wideQoSsettings)
Theabilitytore-usetrafficclassesindifferentsoftware-featureconfigu-
rations,suchasQoSandportmirroring
Classifier-basedQoSisdesignedtoworkwithexistingglobally-configured,
switch-wideQoSpoliciesbyallowingyoutozoominonasubsetofportor
VLANtraffictofurthermanageit.Classifier-basedpoliciestakeprecedence
over,andmayoverride,globally-configuredQoSsettingsthatapplytoall
trafficontheswitch.
Classifier-basedQoSpoliciesprovidegreatercontrolformanagingnetwork
traffic.Usingmultiplematchcriteria,youcanfinelyselectanddefinethe
classesoftrafficthatyouwanttomanage.QoS-specificpolicyactionsdeter-
minehowyoucanhandletheselectedtraffic.
Formoreinformation,refertotheClassifier-BasedSoftwareConfiguration
chapterintheAdvancedTrafficManagementGuide.
6-70
Classifier-BasedQoSModel
Classifier-basedQoSconfigurationconsistsofthefollowinggeneralsteps:
1. Classifythetrafficthatyouwanttomanagebyconfiguringaclass.
2. ConfigureaQoSpolicyinwhichyouspecifytheQoSactionstoexecute
oneachclassoftraffic.
3. AssigntheQoSpolicytoaportorVLAN(inboundonly)interface.
Not e Classifier-basedQoSoperationsupportsallglobally-configuredpacketclassi-
ficationcriteria(exceptforSource-portandLayer-3protocol)andtraffic
markingfunctions,andprovidesadditionalQoSactionsonaper-portandper-
VLANbasis.
Classifier-basedmatchcriteriaoninboundIPv4/IPv6trafficinclude:
IPprotocol(suchasICMPorSNMP)
Layer3DSCPcodepoint
Layer4TCP/UDPapplicationport(includingTCPflags)
VLANID
Classifier-basedQoSpolicyactionsonmatchingIPv4/IPv6packetsareas
follows:
SettingtheLayer2802.1ppriorityvalue(classofservice)inVLAN-
taggedanduntaggedpacketheaders
SettingtheLayer3IPprecedencebits
SettingtheLayer3DifferentiatedServicesCodepoint(DSCP)bits
Rate-limitinginboundtrafficonportandVLANinterfaces
Classifier-BasedQoSConfigurationProcedure
Tousetheclassifier-basedmodeltoconfigureaQoSpolicyandapplyittoa
selectedclassoftrafficonaportorVLANinterface,followthesesteps:
1. Evaluatethetypesoftrafficinyournetworkandidentifythetraffictypes
thatyouwanttoprioritizeorrate-limit.
6-71
2. CreateanIPv4orIPv6trafficclassusingtheclasscommandtoselectthe
packetsyouwanttomanage.
Context: Globalconfiguration
Syntax: [no]class<ipv4|ipv6><classname>
Definesthenameofatrafficclassandspecifieswhethera
policyistobeappliedtoIPv4orIPv6packets,where
<classname>isatextstring(64charactersmaximum).
Afteryouentertheclasscommand,youentertheclass
configurationcontexttospecifymatchcriteria.Atraffic
classcontainsaseriesofmatchandignorecommands,which
specifythecriteriausedtoclassifypackets.
Atrafficclassconsistsofmatchcriteria,whichconsistofmatchandignore
commands.
matchcommandsdefinethevaluesthatheaderfieldsmustcontainfor
apackettobelongtotheclassandbemanagedbypolicyactions.
ignorecommandsdefinethevalueswhich,ifcontainedinheader
fields,excludeapacketfromthepolicyactionsconfiguredforthe
class.
Not e Besuretoentermatch/ignorestatementsinthepreciseorderinwhich
youwanttheircriteriatobeusedtocheckpackets.
Thefollowingmatchcriteriaaresupportedinmatch/ignorestatements
forinboundIPv4/IPv6traffic:
Layer2802.1QVLANID
Layer3IPprotocol
Layer3DSCPcodepoint
Layer4TCP/UDPapplicationport
VLANID
Enteroneormorematchorignorecommandsfromtheclassconfiguration
contexttofiltertrafficanddeterminethepacketsonwhichpolicyactions
willbeperformed.
6-72
Context: Classconfiguration
Syntax: [no][seq-number]<match|ignore><ip-protocol>
<source-address> <destination-address>[dscpcodepoint]
[precedenceprecedence-value][tostos-value][vlanvlan-id]
Fordetailedinformationabouthowtoentermatchandignorecommands
toconfigureatrafficclass,refertotheCreatingaTrafficClasssection
intheClassifier-BasedSoftwareConfigurationchapter.
3. CreateaQoSpolicytoperformQoSactionsonselectedpacketsby
enteringthepolicyqoscommandfromtheglobalconfigurationcontext.
Syntax: [no]policyqos<policy-name>
DefinesthenameofaQoSpolicyandentersthepolicy
configurationcontext.
Atrafficpolicyconsistsofoneormoreclasses,andoneormoreQoS
actionsconfiguredforeachclassoftraffic.Theconfiguredactionsare
executedonpacketsthatmatchamatchstatementinaclass.Nopolicy
actionisperformedonpacketsthatmatchanignorestatement.
Not e BesuretoentereachclassanditsassociatedQoSactionsintheprecise
orderinwhichyouwantpacketstobecheckedandprocessedbyQoS
actions.
ToconfiguretheQoSactionsthatyouwanttoexecuteonpacketsthat
matchthecriteriainaspecifiedclass,enteroneormoreclassaction
commandsfromthepolicyconfigurationcontext:
Context: Policyconfiguration
Syntax: [no][seq-number]class<ipv4|ipv6><classname>
action<qos-action>[action<qos-action>...]
DefinestheQoSactionstobeappliedonapre-configured
IPv4orIPv6trafficclasswhenapacketmatchesthematch
criteriainthetrafficclass.Youcanentermultipleaction
statementsforthesametrafficclass.
6-73
[no][seq-number]class<ipv4|ipv6><classname>
[seq-number]The(optional)seq-numberparameter
sequentiallyorderstheQoSactionsthatyouenterina
policyconfiguration.Actionsareexecutedon
matchingpacketsinnumericalorder.Default:QoS
actionstatementsarenumberedinincrementsof10,
startingat10.
class<ipv4|ipv6><classname>Definesthe
preconfiguredtrafficclassonwhichtheQoSactionsin
thepolicyareexecuted,andspecifieswhethertheQoS
policyisappliedtoIPv4orIPv6trafficintheclass.The
classnameisatextstring(64charactersmaximum).
Note:Youcanconfiguremultipleclassactionstatements
fordifferenttrafficclassesinthesamepolicy.Theexecu-
tionofQoSactionsisperformedintheorderinwhichthe
actionsarenumericallylistedinthepolicy.
TheactionkeywordconfigurestheQoSactionspecifiedby
theqos-actionparameter.Theactionisexecutedonany
packetthatmatchesthematchcriteriaintheclass.The
actionisnotexecutedonpacketsthatmatchignore
criteria.
Thecompletenoformoftheclassactioncommandorthe
no<seq-number>commandremovesaQoSactionfromthe
policyconfiguration.
ThefollowingQoScommandsaresupportedbytheqos-
actionparameter:
rate-limit<kbpskbps>
priority<priority-value>
ip-precedence<precedence-value>
dscp<dscp-value
ForinformationonthecompletesyntaxofeachQoS
command,seeConfiguringQoSActionsinaPolicyon
page6-76.
Tomanagepacketsthatdonotmatchthematchorignorecriteriainany
classinthepolicy,andthereforehavenoQoSactionsperformedonthem,
youcanenteranoptionaldefaultclass.Thedefaultclassisplacedatthe
endofapolicyconfigurationandspecifiestheQoSactionstoperformon
packetsthatareneithermatchednorignored.
6-74
4. (Optional)Toconfigureadefaultclassinapolicy,enterthedefault-class
commandattheendofapolicyconfigurationandspecifyoneormore
QoSactionstobeexecutedonpacketsthatarenotmatchedandnot
ignored.
Syntax: [no]default-classaction<qos-action>[action<qos-action>...]
ConfiguresadefaultclassthatallowsoneormoreQoS
actionstobeexecutedonpacketsthatarenotmatchedor
ignoredbyanyoftheclassconfigurationsinaQoSpolicy.
Thedefault-classsupportsthesameQoScommandsasthe
class<ipv4|ipv6>actioncommand:rate-limit,priority,ip-
precedence,anddscp.
Forgeneralinformationabouthowtoconfigureandmanageaservice
policy,refertotheCreatingaServicePolicysectionintheClassifier-
BasedSoftwareConfigurationchapter.
5. ApplytheQoSpolicytoinboundtrafficonaport(interfaceservice-policy
incommand)orVLAN(vlanservice-policyincommand)interface.
ThefollowingrestrictionsapplytoaQoSservicepolicy:
OnlyoneQoSpolicyissupportedonaportorVLANinterface.
IfyouapplyaQoSpolicytoaportorVLANinterfaceonwhichaQoS
policyisalreadyconfigured,thenewpolicyreplacestheexistingone.
AQoSpolicyissupportedonlyoninboundtraffic.
BecauseonlyoneQoSpolicyissupportedonaportorVLANinterface,ensure
thatthepolicyyouwanttoapplycontainsalltherequiredclassesandactions
foryourconfiguration.
ToapplyaQoSpolicyonaportorVLANinterface,enteroneofthefollowing
commandsfromtheglobalconfigurationcontext.
Syntax: interface<port-list>service-policy<policy-name>in
Configuresthespecifiedport(s)withaQoSpolicythatis
appliedtoinboundtrafficoneachinterface.Separate
individualportnumbersinaserieswithacomma;for
example,a1,b4,d3.Enterarangeofportsbyusingadash;
forexample,a1-a5.TheQoSpolicynameyouentermustbe
thesameasthepolicynameyouconfiguredwiththepolicy
qoscommandinStep2.
6-75
Syntax: vlan<vlan-id>service-policy<policy-name>in
ConfiguresaQoSpolicyonthespecifiedVLANthatis
appliedtoinboundtrafficontheVLANinterface.
ValidVLANIDnumbersrangefrom1to4094.
TheQoSpolicynameyouentermustbethesameasthepolicy
nameyouconfiguredwiththepolicycommandinStep2.
FormoreinformationabouthowtoapplyaQoSpolicytoaninterface,
refertotheApplyingaServicePolicytoanInterfacesectioninthe
Classifier-BasedSoftwareConfigurationchapter.
6. DeterminetheadditionalQoSconfigurationsthatyouneedtoapplyto
eachQoS-capabledeviceinyournetworkandconfiguretheappropriate
policy.
(Optional)Ifyouwant802.1p(CoS)prioritysettingstobeincludedin
outboundpackets,configuretaggedVLANsontheappropriatedown-
streamlinks.
ConfiguringQoSActionsinaPolicy
InQoSpolicy-configurationmode,youdefinetheactionstobeappliedtoa
pre-configuredIPv4orIPv6trafficclasswhenapacketmatchesthematch
criteriaintheclass.(Actionsarenotexecutedonpacketsthatmatchignore
criteria.)Youcanentermultipleactionstatementsinatrafficclass,including
thedefaultclass.
ThefollowingactionsaresupportedinaQoSpolicyconfiguration:
rate-limitcommand:Configurestherate-limitformatchingpackets.
ip-precedencecommand:Configures(marks)theIPprecedencebitsinthe
ToSbyteofIPv4packetheadersandTrafficClassbyteofIPv6headers.
dscpcommand:ConfigurestheDSCPbitsintheIPv4ToSbyteandIPv6
TrafficClassbyteofpacketheaders.
prioritycommand:Configuresthe802.1pclassofservice(CoS)priorityin
Layer2frameheaders.
ForinformationonthedifferencebetweentheDSCPbitsandprecedencebits
intheToSbyteofanIPv4headerandtheTrafficClassbyteofanIPv6header,
seeFigure6-13.
6-76
InaQoSpolicyconfiguration,theqos-actionparameter
canbeanyofthefollowingcommands:
rate-limit<kbpskbps>:Configuresthemaximum
transmissionrateformatchingpacketsinaspecified
trafficclass.Allpacketsthatexceedtheconfiguredlimit
aredropped.
Theratelimitisspecifiedinkilobitspersecond,where
<kbps>isavaluefrom0to10000000.
Rate-LimitingUsageNotes:
Rate-limitvaluesbelow13kbpsmayresultin
unpredictablerate-limitingbehavior.
Configuringaratelimitof0(zero)kilobitsonaport
blocksalltrafficontheport.Ifblockingalltrafficis
thedesiredbehavior,ProCurverecommendsthatyou
configureadenyACLinsteadconfiguringarate-
limitof0.
Arate-limitthatyouapplywithaclassifier-based
policyoverridesanyglobally-configuredper-port
rate-limitontheselectedpackets.
Formoreinformationonper-portrate-limiting,refer
tothePortTrafficControlschapterinthe
ManagementandConfigurationGuide.
Rate-LimitingRestrictions:
Arate-limitiscalculatedonaper-moduleorperport-
bankbasis.IftrunkedportsorVLANswitha
configuredrate-limitspanmultiplemodulesorport-
banks,theconfiguredrate-limitisnotguaranteed.
AQoSpolicythatusestheclassactionrate-limit
commandisnotsupportedonaportinterfaceon
whichICMPrate-limitinghasalreadybeenglobally
configured.ToapplytheQoSpolicy,youmustfirst
disabletheICMPrate-limitingconfiguration.
IncaseswhereyouwanttomaintainanICMPrate-
limitingconfiguration,configureaclassinwhich
youspecifythenecessarymatchstatementsforICMP
traffic,andaQoSpolicyinwhichyouconfigurethe
rate-limitactionfortheclass.
6-77
Continued
Forinformationonglobally-configuredICMP,refer
totheConfiguringICMPsectioninthe
ConfiguringIPParametersforRoutingSwitches
chapterintheMulticastandRoutingGuide.
priority<priority-value>: Configuresthe802.1pclassof
service(CoS)bitsinLayer2framesofmatching
packetsinaspecifiedtrafficclass.ValidCoSvalues
rangefrom0to7.
The802.1pCoSvaluecontrolstheoutboundport-queue
priorityfortrafficleavingtheswitch.Inan802.1Q
VLANnetwork,downstreamdevicesmayhonoror
changethe802.1ppriorityinincomingpackets.For
moreinformation,seeLayer2802.1pPrioritization
onpage6-14.
Table6-3showshowtheLayer2802.1ppriorityvalue
determinestowhichoutboundportqueueapacketis
sentbothontheswitchandonadownstreamdevice.
The802.1pCoSnumericvalue(from0to7)
correspondstothehexadecimalequivalentofthethree
binary0and1bitsettingsintheLayer2header.
ForexampleiftheCoSbitvaluesare1 1 1,thenumeric
valueis7(1+2+4).Similarly,iftheCoSbitsare0 1 1,
thenumericvalueis3(1+2+0).
Note:Ifyouwantthe802.1pCoSprioritysettings
includedinoutboundpacketstobehonoredon
downstreamdevices,configuretaggedVLANsonthe
appropriateinboundandoutboundports.
ip-precedence<precedence-value>: ConfigurestheIP
precedencevalueintheIPv4ToSbyteorIPv6Traffic
Classbyteofmatchingpacketsinaspecifiedtraffic
class.ValidIPprecedencevaluesareeitheranumeric
valuefrom0(lowpriority)to7(highpriority)orits
correspondingname:
0 routine
1 priority
2 immediate
3 flash
4 flash-override
5 critical
6 internet(forinternetworkcontrol)
7 network(fornetworkcontrol)
6-78
DSCP- 8 0 2 . 1 p
Mappi ng
Continued
Table6-2showshowtheLayer2802.1ppriorityvalue
determinestowhichoutboundportqueueapacketissent.
Table6-8showsthe802.1ppriorityvalue(0to7)associated,
bydefault,witheachIPPrecedencethree-bitsettingand
automaticallyassignedbytheswitchtotheLayer2header
ofmatchingpackets.
dscp<dscp-value>: ConfigurestheDSCPcodepointinthe
IPv4ToSbyteorIPv6TrafficClassbyteofmatchingpackets
inaspecifiedtrafficclass.
ValidvaluesfortheDSCPcodepointareanyofthefollowing:
Abinaryeight-bitset(suchas100110)
Adecimalvaluefrom0(lowpriority)to63(highpriority)
TheASCIIstandardnameforabinaryDSCPbitset:
af11(001010) af42(100100)
af12(001100) af43(100110)
af13(001110) ef(101110)
af21(010010) cs1(001000)=precedence1
af22(010100) cs2(010000)=precedence2
af23(010110) cs3(011000)=precedence3
af31(011010) cs4(100000)=precedence4
af32(011100) cs5(101000)=precedence5
af33(011110) cs6(110000)=precedence6
af41(100010) cs7(111000)=precedence7
default(000000)
Prerequisite:TheDSCPvalueyouentermustalreadybe
configuredwithan802.1ppriorityintheDSCPPolicytable
(Table6-11)beforeyoucanuseittomarkmatchingpackets.
The802.1pprioritycurrentlyassociatedwitheachDSCPcodepointisstored
intheDSCPPolicytable(displayedwiththeshowqosdscp-mapcommandand
showninTable6-11).NotethatcertainDSCPcodepointshave802.1ppriorities
assignedbydefault.The802.1pprioritymappedtoaDSCPcodepointis
automaticallyappliedinmatchingpacketswhosecodepointisresetwiththe
classactiondscpcommandinaQoSpolicy.
6-79
Toreconfigurethe802.1ppriorityvaluecurrentlyassignedtoaDSCPcode-
point,youcanentereitherofthefollowingcommands:
qosdscp-map<codepoint>priority<0-7>(globalconfigurationcontext)
class<ipv4|ipv6><classname>actiondscp<codepoint>priority<0-7>
(policyconfigurationcontext)
IfyoudonotenterapriorityvaluewiththeclassactiondscpcommandinaQoS
policy,oneofthefollowingoccurs:
TheswitchreferstotheDSCPPolicytabletoassignthe802.1pvaluethat
iscurrentlyconfiguredforthespecifiedDSCPcodepointtoremark
matchingpackets.
IfthespecifiedDSCPcodepointisnotassociatedwithan802.1ppriority
intheDSCPPolicytable,anerrormessageisdisplayedandtheclassaction
dscp<codepoint>commandisnotexecuted.Youarepromptedtore-enter
thecommandwithan802.1ppriority:classactiondscp<codepoint>
priority<0-7>.
Toensurethatthedesired802.1ppriorityisassignedtomatchingpackets,you
mayneedtofirstre-maptheprioritytothenewcodepointbeforeyouconfig-
urethepolicy,byusingtheqosdscp-map<codepoint>priority<0-7>command.
Notethatafteryoureconfigurethe802.1ppriorityforaDSCPcodepoint,the
switchimmediatelyappliesthenew802.1ppriorityvaluetopacketstransmit-
tedwiththeassociatedcodepointasaresultof:
Globally-configuredQoScommands
classactiondscpcommandsinotherQoSpolicies
Example. Inthefollowingexample,aclassifier-basedQoSpolicy(dscp-
remap)thatassignsanewDSCPcodepoint(af43)andassociated802.1p
priority(5)tomatchingpacketswithaspecifiedDSCPcodepoint(af11)is
appliedtotheinboundtrafficonaVLAN.
Pr oCur ve( conf i g) # qos dscp- map af 43 pr i or i t y 5
Pr oCur ve( conf i g) # cl ass i pv4 dscp5
Pr oCur ve( conf i g- cl ass) # mat ch i p any any dscp af 11
Pr oCur ve( conf i g- cl ass) # exi t
Pr oCur ve( conf i g) # pol i cy qos dscp- r emap
Pr oCur ve( conf i g- pol i cy) # cl ass i pv4 dscp5 act i on dscp af 43
Pr oCur ve( conf i g- pol i cy) # exi t
Pr oCur ve# vl an 3 ser vi ce- pol i cy dscp- r emap i n
Notethatintheprecedingexample,thedesired802.1ppriorityismappedto
thespecifiedDSCPcodepointbyusingtheqosdscp-map<codepoint>priority
<0-7>commandbeforetheQoSpolicyisconfigured.
6-80
OverrideofGlobalQoSSettings
AfteryouapplyaQoSpolicytoaninterface,theclassifier-basedsettings
configuredbyQoSactionsinthepolicyoverrideany802.1pCoSorDSCP
codepointvaluesthatwereglobally-configuredontheswitchtomarkpackets
usingtheQoScommandsdescribedinGlobally-ConfiguredQoSonpage
6-19.
Ifyouuseaclassifier-basedQoSconfigurationalongwithglobally-configured
QoScommands,theorderofprecedenceinwhich802.1ppriority,IPprece-
dence,andDSCPsettingsmarkselectedpacketsisasfollows,fromhighest
(1)tolowest(9):
Table6-10. OrderofPrecedenceforClassifier-BasedQoSoverGlobalQoS
Precedence
Order
QoSFeature Reference
1 Classifier-basedport-specificpolicy Page6-71
2 Classifier-basedVLAN-specificpolicy Page6-71
3 Globally-configuredTCP/UDPpriority Page6-24
4 Globally-configuredIP-devicepriority Page6-33
5 Globally-configuredIPType-of-Servicepriority Page6-41
6 Globally-configuredLayer3-Protocolpriority Page6-54
7 Globally-configuredVLAN-IDpriority Page6-56
8 Globally-configuredSource-Portpriority Page6-62
9 802.1pCoSinLayer2VLANheader
1
Page6-12
1
InataggedVLANenvironment,theincoming802.1ppriorityisusedasthedefaultQoS
classifiertodeterminehowapacketishandledifnoglobalorclassifier-basedQoSmatch
criterionwithahigherprecedencematches.
6-81
ViewingaClassifier-BasedQoSConfiguration
Usethefollowingshowcommandstodisplayinformationaboutaclassifier-
basedQoSconfigurationandstatisticsorresourceusageonQoSpolicies.
Syntax: showclassipv4<classname>
showclassipv6<classname>
showclassconfig
ipv4<classname>liststhestatementsthatmakeuptheIPv4
classidentifiedbyclassname.
configdisplaysallclasses,bothIPv4andIPv6,andliststhe
statementsthatmakeupeachclass.
Additionalvariantsoftheshowclass commandprovide
informationonclassesthataremembersofpoliciesthathave
beenappliedtoportsorVLANs.RefertoShowingaClass
Configurationonpage9-26formoreinformation.
Pr oCur ve# show cl ass i pv4 gnut el l a
St at ement s f or Cl ass i pv4 " gnut el l a"
10 mat ch t cp 0. 0. 0. 0 255. 255. 255. 255 r ange 6346 6347 0. 0. 0. 0 255. 255. 255. 255
20 mat ch t cp 0. 0. 0. 0 255. 255. 255. 255 0. 0. 0. 0 255. 255. 255. 255 r ange 6346 6347
30 mat ch udp 0. 0. 0. 0 255. 255. 255. 255 r ange 6346 6347 0. 0. 0. 0 255. 255. 255. 255
40 mat ch udp 0. 0. 0. 0 255. 255. 255. 255 0. 0. 0. 0 255. 255. 255. 255 r ange 6346 6347
Pr oCur ve# show cl ass i pv4 kazaa
St at ement s f or Cl ass i pv4 " kazaa"
10 mat ch t cp 0. 0. 0. 0 255. 255. 255. 255 eq 1214 0. 0. 0. 0 255. 255. 255. 255
20 mat ch t cp 0. 0. 0. 0 255. 255. 255. 255 0. 0. 0. 0 255. 255. 255. 255 eq 1214
30 mat ch udp 0. 0. 0. 0 255. 255. 255. 255 eq 1214 0. 0. 0. 0 255. 255. 255. 255
40 mat ch udp 0. 0. 0. 0 255. 255. 255. 255 0. 0. 0. 0 255. 255. 255. 255 eq 1214
Pr oCur ve# show cl ass i pv4 ht t p
St at ement s f or Cl ass i pv4 " ht t p"
10 mat ch t cp 0. 0. 0. 0 255. 255. 255. 255 0. 0. 0. 0 255. 255. 255. 255 eq 80
20 mat ch t cp 0. 0. 0. 0 255. 255. 255. 255 0. 0. 0. 0 255. 255. 255. 255 eq 443
50 mat ch t cp 0. 0. 0. 0 255. 255. 255. 255 0. 0. 0. 0 255. 255. 255. 255 eq 8080
Figure6-33. ExampleofshowclassOutputforaQoSPolicy
6-82
Syntax: showpolicypolicy-name
showpolicyconfig
policy-nameliststhestatementsthatmakeupthespecified
policy.
configdisplaysthenamesofallpoliciesdefinedfortheswitch
andliststhestatementsthatmakeupeachpolicy.
Additionalvariantsoftheshowpolicy commandprovide
informationonpoliciesthathavebeenappliedtoportsor
VLANs.RefertoShowingPolicyInformationonpage9-31
formoreinformation.
Pr oCur ve# show pol i cy suspect - t r af f i c
St at ement s f or Pol i cy " suspect - t r af f i c"
10 cl ass i pv4 " ht t p" act i on r at e- l i mi t kbps 2000 act i on pr i or i t y 3
20 cl ass i pv4 " kazaa" act i on r at e- l i mi t kbps 1000 act i on pr i or i t y 2
30 cl ass i pv4 " gnut el l a" act i on r at e- l i mi t kbps 1000 act i on pr i or i t y 2
Figure6-34.ExampleofshowpolicyOutputforaQoSPolicy
Syntax: <show|clear>statisticspolicy<policy-name>port<port-num>
<show|clear>statisticspolicy<policy-name>vlan<vid>in
showdisplaysthestatisticsforaspecifiedpolicyappliedto
aspecifiedportorVLAN.
clearclearsstatisticsforthespecifiedpolicyandportor
VLAN.
policy-nameisthenameofthepolicy
port-numisthenumberoftheportonwhichthepolicyis
applied(singleportonly,notarange)
vidisthenumberornameofthevlanonwhichthepolicyis
applied.VLANIDnumbersrangefro1to4094
inindicatesthatstatisticsareshownforinboundtraffic
only.
6-83

Pr oCur ve# show st at i st i cs pol i cy suspect - t r af f i c vl an 300 i n
Hi t Count s f or Pol i cy suspect - t r af f i c
10 cl ass i pv4 " ht t p" act i on r at e- l i mi t kbps 2000 act i on pr i or i t y 3 [ Met er 975000
ki l o bi t s]
( 150) 10 mat ch t cp 0. 0. 0. 0 255. 255. 255. 255 0. 0. 0. 0 255. 255. 255. 255 eq 80
( 0) 20 mat ch t cp 0. 0. 0. 0 255. 255. 255. 255 0. 0. 0. 0 255. 255. 255. 255 eq 443
( 200) 30 mat ch t cp 0. 0. 0. 0 255. 255. 255. 255 0. 0. 0. 0 255. 255. 255. 255 eq 8000
( 0) 40 mat ch t cp 0. 0. 0. 0 255. 255. 255. 255 0. 0. 0. 0 255. 255. 255. 255 eq 8001
( 300) 50 mat ch t cp 0. 0. 0. 0 255. 255. 255. 255 0. 0. 0. 0 255. 255. 255. 255 eq 8080
20 cl ass i pv4 " kazaa" act i on r at e- l i mi t kbps 1000 act i on pr i or i t y 2 [ Met er 0 ki l o
Numberofpackets(inparentheses)thathavematchedthecriteriainthematch/ignorestatement
ineachclassintheQoSpolicyandhavebeenprocessedbytheactionconfiguredfortheclass
bi t s]
( 0) 10 mat ch t cp 0. 0. 0. 0 255. 255. 255. 255 eq 1214 0. 0. 0. 0 255. 255. 255. 255
( 0) 20 mat ch t cp 0. 0. 0. 0 255. 255. 255. 255 0. 0. 0. 0 255. 255. 255. 255 eq 1214
( 0) 30 mat ch udp 0. 0. 0. 0 255. 255. 255. 255 eq 1214 0. 0. 0. 0 255. 255. 255. 255
( 0) 40 mat ch udp 0. 0. 0. 0 255. 255. 255. 255 0. 0. 0. 0 255. 255. 255. 255 eq 1214
30 cl ass i pv4 " gnut el l a" act i on r at e- l i mi t kbps 1000 act i on pr i or i t y 2 [ Met er 0
ki l o bi t s]
( 0) 10 mat ch t cp 0. 0. 0. 0 255. 255. 255. 255 r ange 6346 6347 0. 0. 0. 0 255. 255. 255. 255
( 0) 20 mat ch t cp 0. 0. 0. 0 255. 255. 255. 255 0. 0. 0. 0 255. 255. 255. 255 r ange 6346 6347
( 0) 30 mat ch udp 0. 0. 0. 0 255. 255. 255. 255 r ange 6346 6347 0. 0. 0. 0 255. 255. 255. 255
( 0) 40 mat ch udp 0. 0. 0. 0 255. 255. 255. 255 0. 0. 0. 0 255. 255. 255. 255 r ange 6346 6347
Figure6-35. ExampleofshowstatisticspolicyOutputforaQoSPolicy
Syntax: showpolicyresources
Displaysthenumberofhardwareresources(rules,meters,
andapplicationportranges)usedbyclassifier-basedQoS
policiesthatarecurrentlyappliedtointerfacesontheswitch
aswellasmirroringpoliciesandothersoftwarefeatures.
Note:Theinformationdisplayedisthesameastheoutput
oftheshowqosresources(seeFigure6-8)andshowaccess-
listresourcescommands.
Foradetailedexplanationoftheinformationdisplayedwith
theshow<qos|access-list|policy>resourcescommand,refer
totheMonitoringResourcesappendixoftheManagement
andConfigurationGuide.
6-84

Pr oCur ve# show pol i cy r esour ces
|
0 |
10 |
8 |
I DM
5 |
4 |
2 |
Includesthehardwareresourcesusedby
classifier-basedQoSpoliciesthatarecurrently
appliedtoinerfacesontheswitch.
Por t s | Avai l abl e | ACL | QoS | I DM VT | Mi r r or | Ot her |
- - - - - - +- - - - - - - - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - - +- - - - - - - |
1- 24 | 3014 | 15 | 11 | 1 | 0 | 3 |
25- 48 | 3005 | 15 | 10 | 1 | 0 | 3 |
A | 3017 | 15 | 0 | 1 | 0 | 3 |
Por t s | Avai l abl e | ACL | QoS | | VT | Mi r r or | Ot her |
- - - - - - +- - - - - - - - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - - +- - - - - - - |
1- 24 | 250 | | 0 | | | 0 |
25- 48 | 251 | | 0 | | | 0 |
A | 253 | | 0 | | | 0 |
| Appl i cat i on |
- - - - - - +- - - - - - - - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - - +- - - - - - - |
1- 24 | 3014 | 2 | 0 | 0 | | 0 | 0 |
25- 48 | 3005 | 2 | 0 | 0 | | 0 | 0 |
A | 3017 | 2 | 0 | 0 | | 0 | 0 |
Key:
Figure6-36.ExampleofshowpolicyresourcesOutputforallCurrentlyConfiguredQoSPolicies
6-85
Classifier-BasedQoSRestrictions
ThefollowingrestrictionsapplytoQoSpoliciesconfiguredwiththeclassifier-
basedmodel:
Youcannotapplyaclassifier-basedQoSpolicyonaportorVLANinterface
onwhichaclassifier-basedQoSpolicyisalreadyconfigured.Youcan,
however,applyaclassifier-basedpolicyofadifferenttype,suchasport
mirroring.
AQoSpolicythatusestherate-limitcommandisnotsupportedonaport
interfaceonwhichICMPrate-limitinghasalreadybeengloballyconfig-
ured.ToapplytheQoSpolicy,youmustfirstdisabletheICMPrate-limiting
configuration.Formoreinformation,refertotheConfiguringICMP
sectionintheConfiguringIPParametersforRoutingSwitcheschapter
intheMulticastandRoutingGuide.
IncaseswhereyouwanttomaintainanICMPrate-limitingconfiguration,
configureaQoSpolicyinwhichyouaddthenecessarymatchstatements
fortheICMPtrafficinaclassconfiguration,andthenconfigurearate-limit
actionfortheclassinthepolicyconfiguration.
InaQoSpolicythatusestheclassactionrate-limitcommand,therate-limit
iscalculatedonaper-moduleorperport-bankbasis.Iftrunkedportsor
VLANswithaconfiguredrate-limitspanmultiplemodulesorport-banks,
theconfiguredrate-limitisnotguaranteed.
InaQoSpolicythatusestheclassactiondscpcommand,theDSCPvalue
youentermustbealreadyconfiguredwithan802.1ppriorityintheDSCP
Policytable(seeTable6-11).
InteractionwithOtherSoftwareFeatures
AfteryouapplyaQoSpolicytoaninterface,youmayreceiveanerrormessage
iftherearenotsufficienthardwareresourcestosupportthepolicy.Inthis
case,usetheshowresourcescommandtoverifytheamountofresourcesthat
arecurrentlyinuseandtheresourcesavailableontheswitch.QoSpolicies
sharethesamehardwareresourceswithothersoftwarefeatures,suchas
mirroringpolicies,ACLs,virusthrottling,themanagementVLAN,andsoon.
Usethedisplayedinformationtodecideifyouneedtore-prioritizecurrent
resourceusagebyreconfiguringordisablingsoftwarefeaturestofreethe
resourcesreservedforlessimportantfeatures.
Formoreinformation,refertoDisplayingResourceUsageforQoSPolicies
onpage6-32andtheMonitoringResourceschapterintheManagementand
ConfigurationGuide.
6-86
Classifier-BasedQoSConfigurationExamples
QoSPolicyforVoiceoverIPandDataTraffic
Inthisexample,anadministratorwouldliketoconfigurethefollowingLayer2
802.1pCoSandLayer3DSCPvaluestoprioritizehowVoIPtrafficfrom
differentphonesishandledcomparedtodatatraffic:
Softphonetraffic:DSCP46;802.1pCoSpriority6
Avayaphonetraffic:DSCP34;802.1pCoSpriority3
Miscellaneousphonetraffic:DSCP26;802.1pCoSpriority3
Datatraffic:DSCP000000;802.1pCoSpriority0
ThefollowingQoSconfigurationcreatesandassignsaQoSpolicytoVLAN1
thatprioritizesVoIPanddatatrafficinthisway:
Pr oCur ve# cl ass i pv4 Dat aTr af f i c
Pr oCur ve( conf i g- cl ass) # mat ch i p any any dscp 0
Pr oCur ve# cl ass i pv4 sof t phoneTr af f i c
Pr oCur ve( conf i g- cl ass) # mat ch i p 10. 255. 100. 12/ 24 any i p- dscp 26
Pr oCur ve# pol i cy qos pr i or i t i zeVoI P
Pr oCur ve( conf i g- pol i cy) # cl ass i pv4 Dat aTr af f i c act i on pr i or i t y 0
Pr oCur ve( conf i g- pol i cy) # cl ass i pv4 sof t phoneTr af f i c act i on pr i or i t y 6
Pr oCur ve( conf i g- pol i cy) # cl ass i pv4 Di gi PhoneTr af f i c act i on pr i or i t y 3
Pr oCur ve# vl an 2 ser vi ce- pol i cy pr i or i t i zeVoI P i n
Pr oCur ve( conf i g- cl ass) #mat ch t cp 0. 0. 0. 0 255. 255. 255. 255 0. 0. 0. 0 255. 255. 255. 255
i p- dscp 46
Pr oCur ve# cl ass i pv4 Di gi PhoneTr af f i c
Pr oCur ve( conf i g- cl ass) # mat ch i p 12. 255. 100. 10/ 24 any i p- dscp 34
Thesematchstatementsselecttrafficthatsatisfiesmultiple
criteria;forexample,aTCPportrangeandaDSCPvalueora
sourceIPaddressandaDSCPvalue.
Figure6-37.ExampleofaQoSPolicyforVoiceoverIPandDataTraffic
6-87
QoSPolicyforLayer4TCP/UDPTraffic
Thefollowingexampleshowshowtoconfigurearate-limitingpolicyforTCP/
UDPapplicationstreamsandapplythepolicyonallinboundswitchports.
Pr oCur ve# cl ass i pv4 ht t p
Pr oCur ve( conf i g- cl ass) # mat ch t cp any any eq 80
Pr oCur ve# cl ass i pv4 kazaa
Pr oCur ve( conf i g- cl ass) # mat ch t cp any eq 1214 any
Pr oCur ve# cl ass i pv4 gnut el l a
Pr oCur ve( conf i g- cl ass) # mat ch t cp any r ange 6346 6347 any
Pr oCur ve( conf i g- cl ass) # mat ch t cp any any r ange 6346 6347
Pr oCur ve( conf i g- cl ass) # mat ch udp any r ange 6346 6347 any
Pr oCur ve( conf i g- cl ass) # mat ch udp any any r ange 6346 6347
Pr oCur ve# pol i cy qos Pr i or i t i zeSuspect Tr af f i c
Pr oCur ve( conf i g- pol i cy) # cl ass i pv4 ht t p act i on r at e- l i mi t kbps 7000
Pr oCur ve( conf i g- pol i cy) # cl ass i pv4 kazaa act i on r at e- l i mi t kbps 3500
Pr oCur ve( conf i g- pol i cy) # cl ass i pv4 gnut el l a act i on r at e- l i mi t kbps 3500
Pr oCur ve# i nt er f ace al l ser vi ce- pol i cy Pr i or i t i zeSuspect Tr af f i c i n
Figure6-38.ExampleofaQoSPolicyforTCP/UDPApplicationsonInboundPortInterfaces
QoSPolicyforSubnetTraffic
ThenextexampleshowshowtoconfigureaQoSpolicythatprioritizes
inboundtrafficsenttoandreceivedfromaspecifiedsubnet(15.29.16.0/10)
andTCPportrangeonVLAN5.
Pr oCur ve# cl ass i pv4 admi nTr af f i c
Pr oCur ve( conf i g- cl ass) # mat ch i p 15. 29. 16. 1/ 10 any
Pr oCur ve( conf i g- cl ass) # mat ch i p any 15. 29. 16. 1/ 10
Pr oCur ve# vl an 5 ser vi ce- pol i cy pr i or i t i zeAdmi nTr af f i c i n
Pr oCur ve( conf i g- cl ass) # mat ch t cp : : / 0 : : / 0 r ange 100 200 i p- dscp 46
Pr oCur ve# pol i cy pr i or i t i zeAdmi nTr af f i c
Pr oCur ve( conf i g- pol i cy) # cl ass i pv4 admi nTr af f i c act i on pr i or i t y 7
MatchstatementwithIPv6source
anddestinationaddresses.
Figure6-39.ExampleofaQoSPolicyforIPv4andIPv6SubnetTrafficonaVLANInterface
6-88
DifferentiatedServicesCodepoint(DSCP)Mapping
(DSCP)Mapping
TheDSCPPolicyTableassociatesan802.1pprioritywithaDSCPcodepoint
inanIPv4/IPv6packet.UsingDSCPcodepointsinyournetworkallowsyou
tosetaLANpolicythatoperatesindependentlyof802.1QVLAN-tagging.
Inthedefaultstate,mostofthe64codepointsdonotassignan802.1ppriority,
asindicatedbyNo-overrideinTable6-11onpage6-90.However,somecode-
points,suchasAssuredForwardingandExpeditedForwarding,haveadefault
802.1pprioritysetting.
UsethefollowingcommandstodisplaytheDSCPPolicytable,configurethe
codepoint-priorityassignments,andassignoptionalnamestothecodepoints.
Syntax: showqosdscp-map
DisplaystheDSCPPolicytable.
qosdscp-map<codepoint>priority<0-7>[name<ascii-string>]
Configuresan802.1ppriorityforthespecifiedcodepoint
andanoptional(DSCPpolicy)name.
noqosdscp-map<codepoint>
Removesthecurrentlyconfigured802.1pprioritythatis
associatedwiththespecified<codepoint>anddisplaysthe
No-overridesetting.Thecodepointpolicyname,ifconfig-
ured,isalsoremoved.
noqosdscp-map<codepoint>name
Deletesonlythepolicyname,ifconfigured,forthespecified
<codepoint>.
6-89
Table6-11. TheDefaultDSCPPolicyTable
DSCPPolicy 802.1pPriority DSCPPolicy 802.1pPriority DSCPPolicy 802.1pPriority
000000
000001
000010
000011
000100
000101
000110
000111
001000
001001
001010
001011
001100
001101
001110
001111
010000
010001
010010
010011
010100
010101
No-override
No-override
No-override
No-override
No-override
No-override
No-override
No-override
No-override
No-override
1*
No-override
1*
No-override
2*
No-override
No-override
No-override
0*
No-override
0*
No-override
010110
010111
011000
011001
011010
011011
011100
011101
011110
011111
100000
100001
100010
100011
100100
100101
100110
100111
101000
101001
101010
3*
No-override
No-override
No-override
4*
No-override
4*
No-override
5*
No-override
No-override
No-override
6*
No-override
6*
No-override
7*
No-override
No-override
No-override
No-override
101011
101100
101101
101110
101111
110000
110001
110010
110011
110100
110101
110110
110111
111000
111001
111010
111011
111100
111101
111110
111111
No-override
No-override
No-override
7**
No-override
No-override
No-override
No-override
No-override
No-override
No-override
No-override
No-override
No-override
No-override
No-override
No-override
No-override
No-override
No-override
No-override
*AssuredForwardingcodepoints;configuredbydefaultontheswitchescoveredinthisguide.
**ExpeditedForwardingcodepointconfiguredbydefault.
DefaultPrioritySettingsforSelectedCodepoints
Inafewcases,suchas001010and001100,adefaultDSCPpolicy(impliedby
theDSCPstandardsforAssured-ForwardingandExpedited-Forwarding)is
used.Youcanchangetheprioritiesforthedefaultpoliciesbyusingtheqos
dscp-map<codepoint>priority<0-7>command.
ThecurrentlyconfiguredDSCPpolicies(codepointandassociated802.1p
priority)arenotenableduntilyouconfigureaglobalorclassifier-basedQoS
policytomarkmatchingpacketsorconfigureaglobalIP-Diffservclassifier.
6-90
DisplayingNon-DefaultCodepointSettings
Table6-11displaystheswitchsdefaultcodepoint-priorityassignments.Ifyou
changethepriorityofanycodepointtoanon-defaultvalueandthenenterthe
writememorycommand,theswitchwilllistthenon-defaultsettingintheshow
configdisplay.
Example. thedefaultconfigurationhasthefollowingDSCP-prioritysettings:
Codepoint Default
Priority
001100 1
001101 No-override
001110 2
Ifyoureconfigurethesethreecodepointstoapriorityof3andthenenterthe
writememorycommand,theswitchdisplaysthechangesintheshowconfig
listing:
Configuresthreecodepointswith
non-defaultpriorities.
Theshowconfigcommandlists
thenon-defaultcodepointsettings.
Figure6-40.DisplayingNon-DefaultPrioritySettingsintheDSCPTable
EffectofNo-override. IfyouconfigureaglobalIP-Diffservclassifierand
No-overrideisdisplayedforthe802.1ppriorityassociatedwithacodepoint,
DSCPmarkingcannotbeperformedonmatchingoutboundpackets.How-
ever,QoSdoesnotaffectthepacket-queuing802.1ppriorityorVLANtagging
carriedinthepacket.
6-91
Inthiscase,thepacketsarehandledasfollows(aslongasnootherQoS
classifiermarksanew802.1ppriorityonthematchingpackets):
802.1QStatus
Outbound802.1p
Priority
Receivedandforwardedonatagged-portmemberofaVLAN Unchanged
Receivedonanuntagged-portmemberofaVLAN;forwardedona 0(zero)normal
tagged-portmemberofaVLAN
Forwardedonanuntagged-portmemberofaVLAN None
NotesonChangingaPrioritySetting
IfyoutrytomodifythepriorityassociatedwithaDSCPcodepointinaDSCP
policyusingtheqosdscp-mapprioritycommand,andiftheDSCPpolicyis
currentlyusedbyoneormoreglobalQoSorclassifier-basedQoSpolicies,the
followingerrormessageisdisplayed:
Cannot modi f y DSCP Pol i cy < codepoi nt > - i n use by
ot her qos r ul es.
Inthiscase,youcanenterthefollowingQoSshowcommandstoidentifyin
whichglobalandclassifier-basedQoSconfigurationstheDSCPpolicyis
currentlyused:
showpolicy<qos-policy>
showqostcp-udp-port-priority
showqosprotocol
showqosvlan
showqosport-priority
AfterdeterminingtheQoSconfigurationsinwhichtheDSCP-prioritymapping
isused,youcaneitherdeleteaQoSconfigurationandresettheDSCP-priority
mappingtoNo-override,orchangeeitherthe802.1ppriorityorthecodepoint
usedintheQoSconfiguration.
Example. Ifcodepoint000001iscurrentlymappedtopriority6,andseveral
globalQoSpoliciesusethiscodepointtoassignaprioritytotheirrespective
typesofmatchingtraffic,youcanchangethepriorityassociatedwiththe
codepointasfollows:
1. Identifytheglobalandclassifier-basedQoSpoliciesthatusethecode-
point.
6-92
2. Dooneofthefollowing:
a. ReconfigureeachQoSpolicybyre-enteringadifferentDSCPcode-
pointoradifferent802.1ppriorityassociatedwiththecodepoint.
b. Enterthenoqos<classifier>ornopolicy<qos-policy>commandto
removethecurrentDSCPpolicywithcodepoint000001andresetthe
prioritytoNo-override.
3. Usetheqosdscp-map000001priority<0-7>commandtoremapDSCP
000001tothedesiredpriority.
a. Reconfigurecodepoint000001intheQoSpoliciesinwhichyouwant
tousethenewDSCP-prioritymappingtomarkmatchingpackets.
b. LeaveaQoSpolicyinwhichyouuseDSCP000001tomarkmatching
packetswiththeassociatedNo-overrideprioritymapping.
ErrorMessagesforDSCPPolicyChanges
RefertotheerrormessagesinTable6-12totroubleshootanerrorcondition
thatresultsfromreconfiguringaDSCPpolicy.
Table6-12. ErrorMessagesGeneratedbyDSCPPolicyChanges
ErrorMessage Description
DSCPPolicy<decimal-codepoint>not
configured
CannotmodifyDSCPPolicy<codepoint>
-inusebyotherqosrules.
Youhavetriedtoconfigureacodepointinaglobal
orclassifier-basedQoSpolicyforwhichthereis
noassociatedpriority(No-override).Usetheqos
dscp-mapcommandtoconfigureapriorityforthe
codepoint,thenre-enterthecodepointintheQoS
configuration.
Youhavetriedtoconfigureacodepointinaglobal
orclassifier-basedQoSpolicythatisalreadyin
usebyotherQoSpolicies.Beforeremappingthe
codepointtoanewpriority,youmustfirst
reconfiguretheotherQoSpoliciessothattheydo
notusethecurrentcodepoint-prioritymapping.
YoucanhavemultipleQoSpoliciesthatusethe
samecodepointtomarkpacketsaslongasitis
acceptableforallsuchpoliciestousethesame
802.1ppriority.
6-93
WhenOneorMoreClassifiersAreCurrentlyUsingthePolicy
Inthisexample,thecodepoint000001isinusebyoneormoreglobalQoS
policies.Ifyoutrytomodifytheprioritycurrentlyassociatedwiththecode-
point,anerrormessagesimilartothefollowingisdisplayed:
Figure6-41.ErrorMessageforChangingthePriorityonaDSCPPolicy
Inthiscase,youwouldusestepssimilartothefollowingtochangethepriority.
1. Identifytheglobalandclassifier-basedQoSpoliciesthatusethecodepoint
whoseDSCP-prioritymappingyouwanttochange.
6-94
Threeclassifiersuse
thecodepointthatis
tobechanged.
Twoclassifiersdonot
usethecodepointthat
istobechanged.
Figure6-42.IdentifyingtheQoSPoliciesthatUseaCodepoint
6-95
2. ChangeeachQoSconfigurationbyassigningadifferentDSCPpolicyora
different802.1ppriority,orbyremovingthecurrentlyconfiguredDSCP
policyandrestorethedefaultNo-overridesetting;forexample:
a. DeletethecurrentDSCPpolicyusedtomarkmatchingpacketsfora
globalIP-devicepolicy(noqosdevice-prioritycommand)andresetthe
defaultprioritymappingtoNo-override.
b. CreateanewDSCPpolicytousewhenyoureconfigureQoSpolicies
tousethenewcodepoint-prioritymapping.
c. ConfigureaglobalQoSsource-portpolicytomarkmatchingpackets
withthenewDSCPpolicy.
d. AssigntheglobalQoSpolicythatmatchesudp-port1260packetstoa
different802.1ppriority.
3. Reconfigurethedesiredpriorityforthe000001codepoint.
Pr oCur ve( conf i g) # qos dscp- map 000001 pr i or i t y 4
4. ReconfigureQoSpolicieswiththeoriginalcodepoint(000001)tomark
packetswiththenewDSCP-prioritymapping,orleaveQoSpoliciesas
currentlyconfiguredfromStep2.
6-96
QoSQueueConfiguration
QoSqueueconfigurationallowsyoutoreducethenumberofoutboundqueues
thatallswitchportsusetobufferpacketsfor802.1puserpriorities.Bydefault
theswitchescoveredinthisguideuseeightqueues.
YoucanchangethedefaultQoSqueueconfigurationtofour-queuemodeor
two-queuemodetoincreasetheavailablebandwidthperqueue.
Usethefollowingcommandstochangethenumberofqueuesperportand
displaythecurrentpriorityqueueconfigurationontheswitch.
Syntax: qosqueue-config<2-queues|4-queues|8-queues>
Configuresthenumberofoutboundpriorityqueuesforall
portsontheswitchusingoneofthefollowingoptions:
2-queues,4-queues,or8-queues.
(Default:8-queues)
Caution:Thiscommandwillexecuteawritememory
followedbyanimmediatereboot,replacingtheStartupcon-
figurationwiththecontentofthecurrentRunningconfigu-
ration.
Thenewconfigurationwill:
1.Removeanypreviouslyconfiguredbandwidth-min
outputsettings
2.Setthenewnumberofoutboundportqueues
Ifyouselectanythingbutyesforthisoperation,the
operationisabortedandamessagestatingOperation
abortedappears.
showqosqueueconfig
DisplaysthecurrentQoSqueueconfiguration.
MappingofOutboundPortQueues.Themappingof802.1pprioritiesto
outboundportqueuesisshowninTable6-13.
6-97
Table6-13. Mappingof802.1pPrioritiestoOutboundPortQueues
802.1p
Priority
8Queues
(default)
4Queues 2Queues
1(lowest) 1
1
1
2 2
0(normal) 3
2
3 4
4 5
3
2
5 6
6 7
4
7(highest) 8
ImpactofQoSQueueConfigurationonGuaranteedMinimumBand-
width(GMB).Changingthenumberofqueuesremovesanybandwidth-min
outputsettingsinthestartupconfiguration,andautomaticallyre-allocatesthe
GMBperqueueasshowninTable6-14.
Table6-14. DefaultGMBPercentageAllocationsperQoSQueueConfiguration
802.1p
Priority
8Queues(default) 4Queues 2Queues
Queue GMB Queue GMB Queue GMB
1(lowest) 1 2%
1 8%
1 20%
2 2 3%
0(normal) 3 30%
2 17%
3 4 10%
4 5 10%
3 30%
2 80%
5 6 10%
6 7 15%
4 45%
7(highest) 8 20%
Not e FormoreinformationonconfiguringGMB,refertothechaptertitledPort
TrafficControlsintheManagementandConfigurationGuide.
ConfiguringtheNumberofPriorityQueues
Tochangethenumberofoutboundpriorityqueuesforallportsontheswitch,
usetheqosqueue-configcommand.
6-98
Ca u t i o n Theqosqueue-configcommandexecutesawritememoryfollowedbyan
immediatereboot,replacingtheStartupconfigurationwiththecontentsof
thecurrentRunningconfiguration.Inadditiontosettingthenumberof
outboundportqueues,thenewconfigurationwillremoveanypreviously
configuredbandwidth-minoutputsettings.
Example. Tochangethenumberofoutboundpriorityqueuesforallportson
theswitchfromeightqueues(thedefault)tofour:
1. Configurethenumberofoutboundpriorityqueuesbyusingtheqosqueue-
configcommand.
Pr oCur ve( conf i g) # qos queue- conf i g 4- queues
Acautionmessageisdisplayed(seetheCautionnoteabove)concluding
withthefollowingprompt.
Do you wi sh t o pr oceed? [ Pr oceed/ Cancel ]
2. TypeProceedtocontinue.
Asecondconfirmationpromptappears:
Pl ease conf i r mr eset . [ Yes/ Cancel ]
3. TypeYestoinitiateawritememoryfollowedbyanimmediatereboot.(If
youenterCancelateitherofthetwoprompts,thecommandisaborted
andthecurrentqueueconfigurationismaintainedontheswitch).
Thechangeswillbecommittedtothestartupconfigurationandtheswitch
willrebootautomaticallywiththenewpriorityqueuechangesineffect.
SeeTable6-14onpage6-98foralistingofthedefaultGMBpercentages
thatareallocatedperqueue.
6-99
ViewingtheQoSQueueConfiguration
Todisplaythecurrentpriorityqueueconfigurationandmemoryallocations
perqueue,entertheshowqosqueue-configcommand.
Pr oCur ve#: show qos queue- conf i g
802. 1p
Queue Pr i or i t y Memor y %
- - - - - - - - - - - - - - - - - - - - -
1 12 10
2 0, 3 70
3 45 10
4 67 10
Figure6-43.DisplayingQoSQueueConfiguration
6-100
7
StackManagementforthe3500,3500yl,6200yl
and6600Switches
Contents
the3500,3500yl,6200yland6600Switches ..................... 7-3
ComponentsofProCurveStackManagement.................... 7-5
GeneralStackingOperation................................... 7-5
OperatingRulesforStacking .................................. 7-7
GeneralRules ........................................... 7-7
SpecificRules ........................................... 7-8
ConfiguringStackManagement................................ 7-9
Overview ofConfiguringandBringingUp aStack ................ 7-9
GeneralStepsforCreating aStack .... .................... 7-11
andConfigureStacking ..................................... 7-13
CommanderSwitch ..................................... 7-13
UsingtheMenuToManage aCandidate Switch............. 7-15
UsingtheCommanderToManageTheStack ................... 7-17
ConfigurationChangesandMonitoringTraffic .............. 7-23
ofAnotherStack ....................................... 7-24
MonitoringStackStatus ............. ........................ 7-25
UsingtheCLIToViewStackStatusandConfigureStacking...... 7-29
UsingtheCLIToViewStackStatus ....................... 7-31
UsingtheCLIToConfigureaCommanderSwitch........... 7-33
AddingtoaStackorMovingSwitchesBetweenStacks ....... 7-35
UsingtheCLIToRemoveaMemberfrom aStack........... 7-40
7-1
StackManagementforthe3500,3500yl,6200yland6600Switches
Contents
ChangesandTrafficMonitoring........................... 7-42
SNMPCommunityOperationinaStack ....................... 7-43
UsingtheCLIToDisableorRe-Enable Stacking ................ 7-44
TransmissionInterval ............... ........................ 7-44
StackingOperationwithMultipleVLANsConfigured ............ 7-44
StatusMessages............................................ 7-45
7-2
IntroductiontoStackManagementonthe3500,3500yl,6200yland6600Switches
the3500,3500yl,6200yland6600
Switches
Thisfeatureisavailableonthe3500,3500yl,6200yland6600switches,
butnotonthe5400zland8200zlswitches.
ProCurveStackManagement(stacking)enablesyoutouseasingleIPaddress
andstandardnetworkcablingtomanageagroupofupto16totalswitchesin
thesameIPsubnet(broadcastdomain).Usingstacking,youcan:
ReducethenumberofIPaddressesneededinyournetwork.
Simplifymanagementofsmallworkgroupsorwiringclosetswhile
scalingyournetworktohandleincreasedbandwidthdemand.
Eliminateanyspecializedcablesforstackingconnectivityand
removethedistancebarriersthattypicallylimityourtopologyoptions
whenusingotherstackingtechnologies.
AddswitchestoyournetworkwithouthavingtofirstperformIP
addressingtasks.
Not e s Stackingandmeshingcannotbothbeenabledatthesametime.
Inthedefaultconfiguration,stackinginthecandidatestateisenabled.
Foradditionalrulesandrestrictions,seeOperatingRulesforStacking
onpage7-7.
7-3
SummaryofStackingFeatures
Feature Default Menu CLI WebAgent
viewstackstatus
viewstatusofasingleswitch n/a
viewcandidatestatus n/a
viewstatusofcommanderandits n/a
stack
viewstatusofallstacking-enabled n/a
switchesintheipsubnet
configurestacking
enable/disablecandidateAuto-Join enabled/Yes
pushacandidateintoastack n/a
configureaswitchtobeacommander n/a
pushamemberintoanotherstack n/a
removeamemberfromastack n/a
pullacandidateintoastack n/a
pullamemberfromanotherstack n/a
convertacommanderormembertoa n/a
memberofanotherstack
accessmemberswitchesfor n/a
configurationandtrafficmonitoring
disablestacking enabled
transmissioninterval 60seconds
page7-26 page7-31 Referto
thru Online
page7-28 Help
page7-31
page7-32
page7-32
page7-15 page7-37
page7-15 page7-37
page7-13 page7-33
page7-24 page7-39
page7-21 page7-40
or
page7-41
page7-17 page7-36
page7-19 page7-38
page7-24 page7-39
page7-23 page7-42
page7-15 page7-44
page7-13 page7-44
7-4
ComponentsofProCurveStackManagement
Table7-1.StackingDefinitions
Stack ConsistsofaCommanderswitchandanyMemberswitchesbelongingtothatCommandersstack.
Commander Aswitchthathasbeenmanuallyconfiguredasthecontrollingdeviceforastack.Whenthisoccurs,the
switchsstackingconfigurationappearsasCommander.
Candidate Aswitchthatisreadytojoin(becomeaMemberof)astackthrougheitherautomaticormanualmethods.
AswitchconfiguredasaCandidateisnotinastack.
Member AswitchthathasjoinedastackandisaccessiblefromthestackCommander.
Figure7-1.IllustrationofaSwitchMovingfromCandidatetoMember
Commander:SwitchA
Member:SwitchC Candidate:SwitchB
Before:Stacknamed
"Engineering"consists
ofCommanderand
Switch"C".Switch"B"is
aCandidateeligibleto
jointhestack.
Commander:SwitchA
Member:SwitchC Member:SwitchB
After:Switch"B"joinsthestack,thuschangingfroma
CandidatetoaMemberofthestack.
Stack
StackName:
Engineering
StackName:
Engineering
GeneralStackingOperation
AfteryouconfigureoneswitchtooperateastheCommanderofastack,
additionalswitchescanjointhestackbyeitherautomaticormanualmethods.
AfteraswitchbecomesaMember,youcanworkthroughtheCommander
switchtofurtherconfiguretheMemberswitchasnecessaryforallofthe
additionalsoftwarefeaturesavailableintheswitch.
TheCommanderswitchservesasthein-bandentrypointforaccesstothe
Memberswitches.Forexample,theCommandersIPaddressbecomesthe
pathtoallstackMembersandtheCommandersManagerpasswordcontrols
accesstoallstackMembers.
7-5
MemberSwitch1
IPAddress:NoneAssigned
ManagerPassword:leader
CandidateSwitch
ManagerPassword:francois
Non-MemberSwitch
IPAddress:10.28.227.105
ManagerPassword:donald
MemberSwitch2
WiringCloset"B"
WiringCloset"A"
CommanderSwitch0
IPAddress:10.28.227.100
UsetheCommandersconsoleor
WebAgenttoaccesstheuser
interfaceonanyMemberswitchin
thesamestack.
NetworkBackbone
Figure7-2.ExampleofStackingwithOneCommanderControllingAccesstoWiringClosetSwitches
InterfaceOptions. Youcanconfigurestackingthroughtheswitchsmenu
interface,CLI,ortheWebAgentForinformationonhowtousetheWebAgent
toconfigurestacking,seetheonlineHelpbyclickingonthe?inthe
WebAgentscreen.
7-6
OperatingRulesforStacking
GeneralRules
Stackingisanoptionalfeature(enabledinthedefaultconfiguration)
andcaneasilybedisabled.Stackinghasnoeffectonthenormal
operationoftheswitchinyournetwork.
AstackrequiresoneCommanderswitch.(OnlyoneCommander
allowedperstack.)
AllswitchesinaparticularstackmustbeinthesameIPsubnet
(broadcastdomain).Astackcannotcrossarouter.
Astackacceptsupto16switches(numbered0-15),includingthe
Commander(alwaysnumbered0).
Thestackingfeaturesupportsupto100switchesinthesameIP
subnet(broadcastdomain),however,aswitchcanbelongtoonlyone
stack.Intheeventthatthe100switchlimitisexceeded,itmaytake
multipleattemptstoaddormoveamembertoanygivenstack.Once
amemberisaddedtoastack,itisnotforgottenbytheCommander.
Thestackstatus(all)commandwilldisplayupto100devices.Devices
thatarenotmembersofagivenstackmayperiodicallydropoutof
thelist.
IfmultipleVLANsareconfigured,stackingusesonlytheprimary
VLANonanyswitch.Inthefactory-defaultconfiguration,the
DEFAULT_VLANistheprimaryVLAN.(SeeStackingOperationwith
MultipleVLANsConfiguredonpage7-44andThePrimaryVLAN
onpage2-51.)
Stackingallowsintermediatedevicesthatdonotsupportstacking.
Thisenablesyoutoincludeswitchesthataredistantfromthe
Commander.
CommanderSwitch SwitchwithStacking
DisabledorNotAvailable
MemberSwitch
CandidateSwitch
Figure7-3.ExampleofaNon-StackingDeviceUsedinaStackingEnvironment
7-7
SpecificRules
Table7-2.SpecificRulesforCommander,Candidate,andMemberSwitch
IPAddressingand
StackName
NumberAllowed
PerStack
Passwords SNMPCommunities
Commander IPAddr:Requiresan Onlyone
assignedIPaddress Commander
andmaskforaccess switchisallowed
viathenetwork. perstack.
StackName:Required
TheCommandersManager
andOperatorpasswordsare
assignedtoanyswitch
becomingaMemberofthe
stack.
Ifyouchangethe
Commanderspasswords,the
Commanderpropagatesthe
newpasswordstoallstack
Members.
StandardSNMPcommunity
operation.TheCommander
alsooperatesasanSNMP
proxytoMembersforall
SNMPcommunitiesconfig-
uredintheCommander.
Candidate IPAddr:Optional. n/a Passwordsoptional.Ifthe UsesstandardSNMP
ConfiguringanIP Candidatebecomesastack communityoperationifthe
addressallowsaccess Member,itassumesthe CandidatehasitsownIP
viaTelnetorWebAgent CommandersManagerand addressing.
whiletheswitchisnot Operatorpasswords.
astackmember.Inthe
factorydefaultconfigu-
rationtheswitchauto-
maticallyacquiresan
IPaddressifyour
networkincludesDHCP
service.
StackName:N/A
Ifacandidatehasapassword,
itcannotbeautomatically
addedtoastack.Inthiscase,
ifyouwanttheCandidateina
stack,youmustmanuallyadd
ittothestack.
Member IPAddr:Optional. Upto15Members Whentheswitchjoinsthe BelongstothesameSNMP
ConfiguringanIP perstack. stack,itautomatically communitiesasthe
addressallowsaccess assumestheCommanders Commander(whichserves
viaTelnetorWebAgent ManagerandOperatorpass- asanSNMPproxytothe
withoutgoingthrough wordsanddiscardsanypass- Memberforcommunitiesto
theCommanderswitch. wordsitmayhavehadwhilea whichtheCommander
Thisisuseful,for Candidate. belongs).Tojoinother
example,ifthestack communitiesthatexclude
Commanderfailsand
youneedtoconverta
Memberswitchto
operateasareplace-
mentCommander.
StackName:N/A
Note:IfaMemberleavesa
stackforanyreason,itretains
thepasswordsassignedtothe
stackCommanderatthetime
ofdeparturefromthestack.
theCommander,the
Membermusthaveitsown
IPaddress.Lossofstack
membershipmeanslossof
membershipinanycommu-
nitythatisconfiguredonly
intheCommander.See
SNMPCommunityOpera-
tioninaStackonpage
7-43.
7-8
ConfiguringStackManagement
Not e Inthedefaultstackconfiguration,theCandidateAutoJoinparameteris
enabled,buttheCommanderAutoGrabparameterisdisabled.Thisprevents
Candidatesfromautomaticallyjoiningastackprematurelyorjoiningthe
wrongstack(ifmorethanonestackCommanderisconfiguredinasubnetor
broadcastdomain).Ifyouplantoinstallmorethanonestackinasubnet,HP
recommendsthatyouleaveAutoGrabdisabledonallCommanderswitches
andmanuallyaddMemberstotheirstacks.Similarly,ifyouplantoinstalla
stackinasubnet(broadcastdomain)wherestacking-capableswitchesare
notintendedforstackmembership,youshouldsettheStackStateparameter
(intheStackConfigurationscreen)toDisabledonthoseparticularswitches.
OverviewofConfiguringandBringingUpaStack
Thisprocessassumesthat:
Allswitchesyouwanttoincludeinastackareconnectedtothesame
subnet(broadcastdomain).
IfVLANsareenabledontheswitchesyouwanttoincludeinthestack,
thentheportslinkingthestackedswitchesmustbeontheprimary
VLANineachswitch(which,inthedefaultconfiguration,isthe
defaultVLAN).IftheprimaryVLANistagged,theneachswitchinthe
stackmustusethesameVLANID(VID)fortheprimaryVLAN.(Refer
toThePrimaryVLANonpage2-51,andStackingOperationwith
MultipleVLANsConfiguredonpage7-44.)
IfyouareincludingaProCurveSwitch8000M,4000M,2424M,
2400M,or1600Minastack,youmustfirstupdateallsuchdevices
tosoftwareversionC.08.03orlater.(Youcangetacopyofthelatest
softwareversionfromtheProCurveNetworkingwebsiteand/orcopy
itfromoneswitchtoanother.Fordownloadinginstructions,see
appendixA,FileTransfers,intheManagementandConfiguration
Guideforyourswitch.)
7-9
OptionsforConfiguringaCommanderandCandidates.Dependingon
howCommanderandCandidateswitchesareconfigured,Candidatescanjoin
astackeitherautomaticallyorbyaCommandermanuallyadding(pulling)
themintothestack.Inthedefaultconfiguration,aCandidatejoinsonlywhen
manuallypulledbyaCommander.YoucanreconfigureaCommanderto
automaticallypullinCandidatesthatareinthedefaultstackingconfigura-
tion.YoucanalsoreconfigureaCandidateswitchtoeitherpushitselfinto
aparticularCommandersstack,converttheCandidatetoaCommander(for
astackthatdoesnotalreadyhaveaCommander),ortooperateasastand-
aloneswitchwithoutstacking.Thefollowingtableshowsyourcontrol
optionsforaddingMemberstoastack.
Table7-3.StackingConfigurationGuide
JoinMethod
1
Commander
(IPAddressingRequired)
Candidate
(IPAddressingOptional)
AutoGrab AutoJoin Passwords
AutomaticallyaddCandidatetoStack
(Causesthefirst15eligible,discovered
switchesinthesubnettoautomaticallyjoin
astack.)
Yes Yes(default) No(default)
*
ManuallyaddCandidatetoStack
(Preventautomaticjoiningofswitchesyou
dontwantinthestack)
No(default) Yes(default) Optional
*
Yes No Optional
*
Yes Yes(default)orNo Configured
PreventaswitchfrombeingaCandidate N/A Disabled Optional
*
TheCommandersManagerandOperatorpasswordspropagatetothecandidatewhenitjoinsthestack.
Theeasiestwaytoautomaticallycreateastackisto:
1. ConfigureaswitchasaCommander.
2. ConfigureIPaddressingandastacknameontheCommander.
3. SettheCommandersAutoGrabparametertoYes.
4. ConnectCandidateswitches(intheirfactorydefaultconfiguration)to
thenetwork.
Thisapproachautomaticallycreatesastackofupto16switches(including
theCommander).Howeverthisreplacesmanualcontrolwithanautomatic
processthatmaybringswitchesintothestackthatyoudidnotintendto
include.WiththeCommandersAutoGrabparametersettoYes,anyswitch
conformingtoallfourofthefollowingfactorsautomaticallybecomesastack
Member:
7-10
Defaultstackingconfiguration(StackStatesettoCandidate,andAuto
JoinsettoYes)
Samesubnet(broadcastdomain)anddefaultVLANasthe
Commander(IfVLANsareusedinthestackenvironment,see
StackingOperationwithaTaggedVLANonpage7-44.)
NoManagerpassword
14orfewerstackmembersatthemoment
GeneralStepsforCreatingaStack
Thissectiondescribesthegeneralstackcreationprocess.Forthedetailed
configurationprocesses,seepages7-13through7-36forthemenuinterface
andpages7-29through7-41fortheCLI.
1. Determinethenamingconventionsforthestack.Youwillneedastack
name.Also,tohelpdistinguishoneswitchfromanotherinthestack,you
canconfigureauniquesystemnameforeachswitch.Otherwise,the
systemnameforaswitchappearingintheStackingStatusscreenappears
asthestacknameplusanautomaticallyassignedswitchnumber.For
example:
Stacknamed"Online"
withnopreviously
configuredsystem
namesassignedto
individualswitches.
Forstatus
descriptions,seethe
tableonpage7-45.
Stackwithunique
systemnamefor each
switch.
Figure7-4.UsingtheSystemNametoHelpIdentifyIndividualSwitches
7-11
2. ConfiguretheCommanderswitch.Doingthisfirsthelpstoestablish
consistencyinyourstackconfiguration,whichcanhelppreventstartup
problems.
AstackrequiresoneCommanderswitch.Ifyouplantoimplement
morethanonestackinasubnet(broadcastdomain),theeasiest
waytoavoidunintentionallyaddingaCandidatetothewrong
stackistomanuallycontrolthejoiningprocessbyleavingthe
CommandersAutoGrabparametersettoNo(thedefault).
TheCommanderassignsitsManagerandOperatorpasswordsto
anyCandidateswitchthatjoinsthestack.
TheCommandersSNMPcommunitynamesapplytomembers.
3. ForautomaticallyormanuallypullingCandidateswitchesintoastack,
youcanleavesuchswitchesintheirdefaultstackingconfiguration.Ifyou
needtoaccessCandidateswitchesthroughyournetworkbeforethey
jointhestack,assignIPaddressestothesedevices.Otherwise,IP
addressingisoptionalforCandidatesandMembers.(Notethatoncea
Candidatebecomesamember,youcanaccessitthroughtheCommander
toassignIPaddressingormakeotherconfigurationchanges.)
4. MakearecordofanyManagerpasswordsassignedtotheswitches
(intendedforyourstack)thatarenotcurrentlymembers.(Youwilluse
thesepasswordstoenabletheprotectedswitchestojointhestack.)
5. IfyouareusingVLANsinthestackingenvironment,youmustusethe
defaultVLANforstackinglinks.Formoreinformation,seeStacking
OperationwithaTaggedVLANonpage7-44.
6. Ensurethatallswitchesintendedforthestackareconnectedtothesame
subnet(broadcastdomain).AssoonasyouconnecttheCommander,it
willbegindiscoveringtheavailableCandidatesinthesubnet.
IfyouconfiguredtheCommandertoautomaticallyaddMembers
(AutoGrab=Yes),thefirstfifteendiscoveredCandidatesmeeting
bothofthefollowingcriteriawillautomaticallyjointhestack:
AutoJoin parametersettoYes(thedefault)
Managerpasswordnotconfigured
IfyouconfiguredtheCommandertomanuallyaddMembers
(AutoGrabsettoNothedefault),youcanbegintheprocessof
selectingandaddingthedesiredCandidates.
7. Ensurethatallswitchesintendedforthestackhavejoined.
8. IfyouneedtodospecificconfigurationormonitoringtasksonaMember,
usetheconsoleinterfaceontheCommandertoaccesstheMember.
7-12
andConfigureStacking
CommanderSwitch
1. ConfigureanIPaddressandsubnetmaskontheCommanderswitch.
(RefertotheManagementandConfigurationGuideforyourswitch.)
2. DisplaytheStackingMenubyselectingStackingintheMainMenu.
Figure7-5.TheDefaultStackingMenu
3. DisplaytheStackConfigurationmenubypressing[3]toselectStack
Configuration.
Figure7-6.TheDefaultStackConfigurationScreen
7-13
4. MovethecursortotheStackStatefieldbypressing[E](forEdit).Then
usetheSpacebartoselecttheCommanderoption.
5. PressthedownarrowkeytodisplaytheCommanderconfigurationfields
intheStackConfigurationscreen.
Figure7-7.TheDefaultCommanderConfigurationintheStackConfiguration
Screen
6. Enterauniquestackname(upto15characters;nospaces)andpressthe
downarrowkey.
7. EnsurethattheCommanderhasthedesiredAutoGrabsetting,thenpress
thedownarrowkey:
No(thedefault)preventsautomaticjoiningofCandidatesthat
havetheirAutoJoinsettoYes.
YesenablestheCommandertoautomaticallytakeaCandidate
intothestackasaMemberiftheCandidatehasAutoJoinsetto
Yes(thedefaultCandidatesetting)anddoesnothaveapreviously
configuredpassword.
8. Acceptorchangethetransmissioninterval(default:60seconds),then
press[Enter]toreturnthecursortotheActionsline.
9. Press[S](forSave)tosaveyourconfigurationchangesandreturntothe
Stackingmenu.
YourCommanderswitchshouldnowbereadytoautomaticallyormanually
acquireMemberswitchesfromthelistofdiscoveredCandidates,depending
onyourconfigurationchoices.
7-14
UsingtheMenuToManageaCandidateSwitch
Usingthemenuinterface,youcanperformtheseactionsonaCandidate
switch:
Add(push)theCandidateintoanexistingstack
ModifytheCandidatesstackingconfiguration(AutoJoinandTransmission
Interval)
ConverttheCandidatetoaCommander
DisablestackingontheCandidatesothatitoperatesasastandalone
switch
Initsdefaultstackingconfiguration,aCandidateswitchcaneitherautomati-
callyjoinastackorbemanuallyadded(pulled)intoastackbyaCommander,
dependingontheCommandersAutoGrabsetting. Thefollowingtableliststhe
Candidatesconfigurationoptions:
Table7-4.CandidateConfigurationOptionsintheMenuInterface
Parameter DefaultSetting OtherSettings
StackState Candidate Commander,Member,orDisabled
AutoJoin Yes No
Transmission 60Seconds Range:1to300seconds
Interval
UsingtheMenuToPushaSwitchIntoaStack,ModifytheSwitchs
Configuration,orDisableStackingontheSwitch. UseTelnetorthe
WebAgenttoaccesstheCandidateifithasanIPaddress.Otherwise,usea
directconnectionfromaterminaldevicetotheswitchsconsoleport.(For
informationonhowtousetheWebAgent,seetheonlineHelpbyclickingon
the?intheWebAgentscreen.)
1. DisplaytheStackingMenubyselectingStackingintheconsoleMain
Menu.
2. DisplaytheStackConfigurationmenubypressing[3]toselectStack
Configuration.
7-15
Figure7-8.TheDefaultStackConfigurationScreen
3. MovethecursortotheStackStatefieldbypressing[E](forEdit).
TodisablestackingontheCandidate,usetheSpacebartoselect
theDisabledoption,thengotostep5.
Note:UsingthemenuinterfacetodisablestackingonaCandidate
removestheCandidatefromallstackingmenus.
ToinserttheCandidateintoaspecificCommandersstack:
i. UsethespacebartoselectMember.
ii. Press[Tab]oncetodisplaytheCommanderMACAddressparam-
eter,thenentertheMACaddressofthedesiredCommander.
TochangeAutoJoinorTransmissionInterval,use[Tab]toselectthe
desiredparameter,and:
TochangeAutoJoin,usetheSpacebar.
TochangeTransmissionInterval,typeinthenewvalueinthe
rangeof1to300seconds.
Note:Allswitchesinthestackmustbesettothesametransmis-
sionintervaltohelpensureproperstackingoperation.HPrecom-
mendsthatyouleavethisparametersettothedefault60seconds.
Thengotostep5.
7-16
5. press[Enter]toreturnthecursortotheActionsline.
6. Press[S](forSave)tosaveyourconfigurationchangesandreturntothe
Stackingmenu.
UsingtheCommanderToManageTheStack
TheCommandernormallyoperatesasyourstackmanagerandpointofentry
intootherswitchesinthestack.Thistypicallyincludes:
Addingnewstackmembers
Movingmembersbetweenstacks
Removingmembersfromastack
Accessingstackmembersforindividualconfigurationchangesandtraffic
monitoring
TheCommanderalsoimposesitspasswordsonallstackmembersandpro-
videsSNMPcommunitymembershiptothestack.(SeeSNMPCommunity
OperationinaStackonpage7-43.)
UsingtheCommandersMenuToManuallyAddaCandidatetoa
Stack. Inthedefaultconfiguration,youmustmanuallyaddstackMembers
fromtheCandidatepool.ReasonsforaswitchremainingaCandidateinstead
ofbecomingaMemberincludeanyofthefollowing:
AutoGrabintheCommanderissettoNo(thedefault).
AutoJoinintheCandidateissettoNo.
Note:WhenaswitchleavesastackandreturnstoCandidatestatus,its
AutoJoinparameterresetstoNosothatitwillnotimmediatelyrejoina
stackfromwhichithasjustdeparted.
AManagerpasswordissetintheCandidate.
Thestackisfull.
Unlessthestackisalreadyfull,youcanusetheStackManagementscreento
manuallyconvertaCandidatetoaMember.IftheCandidatehasaManager
password,youwillneedtouseittomaketheCandidateaMemberofthestack.
1. ToaddaMember,startattheMainMenuandselect:
9.Stacking...
4.StackManagement
YouwillthenseetheStackManagementscreen:
7-17
Forstatusdescriptions,seethetableonpage7-45.
Figure7-9.ExampleoftheStackManagementScreen
2. Press[A](forAdd)toaddaCandidate.Youwillthenseethisscreenlisting
theavailableCandidates:
TheCommanderautomaticallyselectsan
availableswitchnumber(SN).Youhavethe
optionofassigninganyotheravailablenumber.
CandidateList
Figure7-10.ExampleofCandidateListinStackManagementScreen
3. Eitheracceptthedisplayedswitchnumberorenteranotheravailable
number.(Therangeis0-15,with0reservedfortheCommander.)
4. UsethedownarrowkeytomovethecursortotheMACAddressfield,
thentypetheMACaddressofthedesiredCandidatefromtheCandidate
listinthelowerpartofthescreen.
7-18
IfthedesiredCandidatehasaManagerpassword,pressthe
downarrowkeytomovethecursortotheCandidatePassword
field,thentypethepassword.
IfthedesiredCandidatedoesnothaveapassword,gotostep6.
6. Press[Enter]toreturntotheActionsline,thenpress[S](forSave)to
completetheAddprocessfortheselectedCandidate.Youwillthensee
ascreensimilartotheoneinfigure7-11,below,withthenewlyadded
Memberlisted.
Note:IfthemessageUnabletoaddstackmember:InvalidPasswordappears
intheconsolemenusHelpline,thenyoueitheromittedtheCandidates
ManagerpasswordorincorrectlyenteredtheManagerpassword.
NewMemberaddedinstep6.
Figure7-11.ExampleofStackManagementScreenAfterNewMemberAdded
UsingtheCommandersMenuToMoveaMemberFromOneStackto
Another. Wheretwoormorestacksexistinthesamesubnet(broadcast
domain),youcaneasilymoveaMemberofonestacktoanotherstackifthe
destinationstackisnotfull.(IfyouareusingVLANsinyourstackenviron-
ment,seeStackingOperationwithaTaggedVLANonpage7-44.)This
procedureisnearlyidenticaltomanuallyaddingaCandidatetoastack(page
7-17).(IfthestackfromwhichyouwanttomovetheMemberhasaManager
password,youwillneedtoknowthepasswordtomakethemove.)
1. TomoveaMemberfromonestacktoanother,gototheMainMenuof
theCommanderinthedestinationstackanddisplaytheStackingMenu
byselecting
9.Stacking...
2. TolearnorverifytheMACaddressoftheMemberyouwanttomove,
displayalistingofallCommanders,Members,andCandidatesinthe
subnetbyselecting:
7-19
2.StackingStatus(All)
YouwillthenseetheStackingStatus(All)screen:
ThiscolumnliststheMAC
Addressesforswitches
discovered(inthelocal
subnet)thatareconfigured
forStacking.
UsingtheMACaddressesforthese
Members,youcanmovethembetween
stacksinthesamesubnet.
Figure7-12.ExampleofHowtheStackingStatus(All)ScreenHelpsYouFind
MemberMACAddresses
3. IntheStackingStatus(All)screen,findtheMemberswitchthatyouwant
tomoveandnoteitsMACaddress,thenpress[B](forBack)toreturnto
theStackingMenu.
4. DisplaytheCommandersStackManagementscreenbyselecting
4.StackManagement
(Foranexampleofthisscreen,seefigure7-9onpage7-18.)
5. Press[A](forAdd)toaddtheMember.Youwillthenseeascreenlisting
anyavailablecandidates.(Seefigure7-10onpage7-18.)Notethatyou
willnotseetheswitchyouwanttoaddbecauseitisaMemberofanother
stackandnotaCandidate.)
6. Eitheracceptthedisplayedswitchnumberorenteranotheravailable
number.(Therangeis0-15,with0reservedfortheCommander.)
7. UsethedownarrowkeytomovethecursortotheMACAddressfield,
thentypetheMACaddressofthedesiredMemberyouwanttomovefrom
anotherstack.
7-20
IfthestackcontainingtheMemberyouaremovinghasaManager
password,pressthedownarrowkeytoselecttheCandidate
Passwordfield,thentypethepassword.
IfthestackcontainingtheMemberyouwanttomovedoesnot
haveapassword,gotostep9.
9. Press[Enter]toreturntotheActionsline,thenpress[S](forSave)to
completetheAddprocessfortheselectedMember.Youwillthenseea
screensimilartotheoneinfigure7-9onpage7-18,withthenewlyadded
Memberlisted.
Not e : IfthemessageUnabletoaddstackmember:InvalidPasswordappearsinthe
consolemenusHelpline,thenyoueitheromittedtheManagerpasswordfor
thestackcontainingtheMemberorincorrectlyenteredtheManagerpass-
word.
YoucanpushaMemberfromonestacktoanotherbygoingtotheMembers
interfaceandenteringtheMACaddressofthedestinationstackCommander
intheMembersCommanderMACAddressfield.Usingthismethodmovesthe
MembertoanotherstackwithoutaneedforknowingtheManagerpassword
inthatstack,butalsoblocksaccesstotheMemberfromtheoriginal
Commander.
UsingtheCommandersMenuToRemoveaStackMember. These
rulesaffectremovalsfromastack:
WhenaCandidatebecomesaMember,itsAutoJoinparameteris
automaticallysettoNo.Thispreventstheswitchfromautomatically
rejoiningastackassoonasyouremoveitfromthestack.
WhenyouusetheCommandertoremoveaswitchfromastack,the
switchrejoinstheCandidatepoolforyourIPsubnet(broadcast
domain),withAutoJoinsettoNo.
WhenyouremoveaMemberfromastack,itfreesthepreviously
assignedswitchnumber(SN),whichthenbecomesavailablefor
assignmenttoanotherswitchthatyoumaysubsequentlyaddtothe
stack.Thedefaultswitchnumberusedforanaddisthelowest
unassignednumberintheMemberrange(1-15;0isreservedforthe
Commander).
7-21
ToremoveaMemberfromastack,usetheStackManagementscreen.
9.Stacking...
4.StackManagement
YouwillthenseetheStackManagementscreen:
Forstatusdescriptions,
seethetableonpage
7-45.
StackMemberList
Figure7-13.ExampleofStackManagementScreenwithStackMembersListed
2. UsethedownarrowkeytoselecttheMemberyouwanttoremovefrom
thestack.
Figure7-14.ExampleofSelectingaMemberforRemovalfromtheStack
3. Type[D](forDelete)toremovetheselectedMemberfromthestack.You
willthenseethefollowingprompt:
Figure7-15.ThePromptforCompletingtheDeletionofaMemberfromtheStack
7-22
4. TocontinuedeletingtheselectedMember,presstheSpacebaronceto
selectYesfortheprompt,thenpress[Enter]tocompletethedeletion.The
StackManagementscreenupdatestoshowthenewstackMemberlist.
ConfigurationChangesandMonitoringTraffic
AfteraCandidatebecomesastackMember,youcanusethatstacks
CommandertoaccesstheMembersconsoleinterfaceforthesameconfigu-
rationandmonitoringthatyouwoulddothroughaTelnetordirect-connect
access.
9.Stacking...
5.StackAccess
YouwillthenseetheStackAccessscreen:
Figure7-16.ExampleoftheStackAccessScreen
UsethedownarrowkeytoselectthestackMemberyouwanttoaccess,then
press[X](foreXecute)todisplaytheconsoleinterfacefortheselectedMember.
Forexample,ifyouselectedswitchnumber1(systemname:CoralSea)infigure
7-16andthenpressed[X],youwouldseetheMainMenufortheswitchnamed
CoralSea.
7-23
MainMenuforstack
MembernamedCoralSea
(SN=1fromfigure7-16)
Figure7-17.TheeXecuteCommandDisplaystheConsoleMainMenuforthe
SelectedStackMember
2. Youcannowmakeconfigurationchangesand/orviewstatusdataforthe
selectedMemberinthesamewaythatyouwouldifyouweredirectly
connectedortelnettedintotheswitch.
3. WhenyouarefinishedaccessingtheselectedMember,dothefollowing
toreturntotheCommandersStackAccessscreen:
a. ReturntotheMembersMainMenu.
b. Press[0](forLogout),then[Y](forYes).
c. Press[Return].
YoushouldnowseetheCommandersStackAccessscreen.(Foran
example,seefigure7-16onpage7-23.)
ofAnotherStack
Whenmovingacommander,thefollowingprocedurereturnsthestackmem-
berstoCandidatestatus(withAuto-JoinsettoNo)andconvertsthestack
CommandertoaMemberofanotherstack.Whenmovingamember,the
proceduresimplypullsaMemberoutofonestackandpushesitintoanother.
1. FromtheMainMenuoftheswitchyouwanttomove,select
9.Stacking
2. TodeterminetheMACaddressofthedestinationCommander,select
7-24
3. Press[B](forBack)toreturntotheStackingMenu.
4. TodisplayStackConfigurationmenufortheswitchyouaremoving,select
3.StackConfiguration
5. Press[E](forEdit)toselecttheStackStateparameter.
6. UsetheSpacebartoselectMember,thenpress[v]tomovetotheCom-
manderMACAddressfield.
7. EntertheMACaddressofthedestinationCommanderandpress[Enter].
8. Press[S](forSave).
MonitoringStackStatus
Usingthestackingoptionsinthemenuinterfaceforanyswitchinastack,you
canviewstackingdataforthatswitchorforallstacksinthesubnet(broadcast
domain).(IfyouareusingVLANsinyourstackenvironment,seeStacking
OperationwithaTaggedVLANonpage7-44.)Thiscanhelpyouinsuchways
asdeterminingthestackingconfigurationforindividualswitches,identifying
stackMembersandCandidates,anddeterminingthestatusofindividual
switchesinastack.Seetable7-5onpage7-25.
Table7-5.StackStatusEnvironments
ScreenName Commander Member Candidate
StackStatus(ThisSwitch) Commandersstacking
configuration
DataonstackMembers:
SwitchNumber
MACAddress
SystemName
DeviceType
Status
StackStatus(All) Listsdevicesbystackname
orCandidatestatus(ifdevice
isnotastackMember).
Includes:
StackName
MACAddress
SystemName
Status
Membersstackingconfiguration Candidatesstacking
MemberStatus
configuration
DataidentifyingMembers
Commander:
CommanderStatus
CommanderIPAddress
CommanderMACAddress
SameasforCommander. Sameasfor
Commander.
7-25
UsingAnyStackedSwitchToViewtheStatusforAllSwitcheswith
StackingEnabled.Thisproceduredisplaysthegeneralstatusofallswitches
intheIPsubnet(broadcastdomain)thathavestackingenabled.
1. GototheconsoleMainMenuforanyswitchconfiguredforstackingand
select:
9.Stacking...
YouwillthenseeaStackingStatusscreensimilartothefollowing:
Figure7-18.ExampleofStackingStatusforAllDetectedSwitchesConfiguredfor
Stacking
ViewingCommanderStatus.ThisproceduredisplaystheCommanderand
stackconfiguration,plusinformationidentifyingeachstackmember.
TodisplaythestatusforaCommander,gototheconsoleMainMenuforthe
switchandselect:
9.Stacking...
1.StackingStatus(ThisSwitch)
7-26
YouwillthenseetheCommandersStackingStatusscreen:
Figure7-19.ExampleoftheCommandersStackingStatusScreen
ViewingMemberStatus.ThisproceduredisplaystheMembersstacking
informationplustheCommandersstatus,IPaddress,andMACaddress.
TodisplaythestatusforaMember:
1. GototheconsoleMainMenuoftheCommanderswitchandselect
9.Stacking...
5.StackAccess
2. UsethedownarrowkeytoselecttheMemberswitchwhosestatusyou
wanttoview,thenpress[X](foreXecute).YouwillthenseetheMainMenu
fortheselectedMemberswitch.
3. IntheMembersMainMenuscreen,select
9.Stacking...
YouwillthenseetheMembersStackingStatusscreen:
7-27
Figure7-20.ExampleofaMembersStackingStatusScreen
ViewingCandidateStatus.ThisproceduredisplaystheCandidates
stackingconfiguration.
TodisplaythestatusforaCandidate:
1. UseTelnet(iftheCandidatehasavalidIPaddressforyournetwork)or
adirectserialportconnectiontoaccessthemenuinterfaceMainMenu
fortheCandidateswitchandselect
9.Stacking...
YouwillthenseetheCandidatesStackingStatusscreen:
Figure7-21.ExampleofaCandidatesStackingScreen
7-28
UsingtheCLIToViewStackStatusandConfigure
Stacking
TheCLIenablesyoutodoallofthestackingtasksavailablethroughthemenu
interface.)
Table7-6.CLICommandsforConfiguringStackingonaSwitch
CLICommand Operation
showstack
[candidates|view|all]
Commander:ShowsCommandersstackingconfigurationandliststhestack
membersandtheirindividualstatus.
Member:ListsMembersstackingconfigurationandstatus,andthestatusandthe
IPaddressandsubnetmaskofthestackCommander.
Options:
candidates:(Commanderonly)ListsstackCandidates.
view:(Commanderonly)ListscurrentstackMembersandtheirindividual
status.
all:ListsallstackCommanders,MembersandCandidates,withtheirindividual
status.
[no]stack AnyStacking-CapableSwitch:Enablesordisablesstackingontheswitch.
Default:StackingEnabled
[no]stackcommander<stackname> CandidateorCommander:ConvertsaCandidatetoaCommanderorchangesthe
stacknameofanexistingcommander.
NoformeliminatesnamedstackandreturnsCommanderandstackMembers
toCandidatestatuswithAutoJoinsettoNo.
Noformpreventstheswitchfrombeingdiscoveredasastacking-capable
switch.
Default:SwitchConfiguredasaCandidate
[no]stackauto-grab Commander:CausesCommandertoautomaticallyaddtoitsstackanydiscovered
CandidateinthesubnetthatdoesnothaveaManagerpasswordandhasAuto-
JoinsettoYes.
Default:Disabled
Note:IftheCommandersstackalreadyhas15members,theCandidatecannot
joinuntilanexistingmemberleavesthestack.
7-29
CLICommand Operation
[no]stackmember
<switch-num>
mac-address<mac-addr>
[password<password-str>]
Commander:AddsaCandidatetostackmembership.Noformremovesa
Memberfromstackmembership.ToeasilydeterminetheMACaddressofa
Candidate,usetheshowstackcandidatescommand.TodeterminetheMAC
addressofaMemberyouwanttoremove,usetheshowstackviewcommand.The
password(password-str)isrequiredonlywhenaddingaCandidatethathasa
Managerpassword.
telnet<1..15>
UsedIn:CommanderOnly
Commander:UsestheSN(switchnumberassignedbythestackCommander)
toaccesstheconsoleinterface(menuinterfaceorCLI)ofastackmember.Toview
thelistofSNassignmentsforastack,executetheshowstackcommandinthe
CommandersCLI.
[no]stackjoin<mac-addr> Candidate:CausestheCandidatetojointhestackwhoseCommanderhasthe
indicatedMACaddress.NoformisusedinaMembertoremoveitfromthestack
oftheCommanderhavingthespecifiedaddress.
Member:PushesthemembertoanotherstackwhoseCommanderhasthe
indicatedMACaddress.
[no]stackauto-join Candidate:EnablesCandidatetoautomaticallyjointhestackofanyCommander
intheIPsubnetthathasAutoGrabenabled,ordisablesAuto-Joininthecandidate.
Default:AutoJoinenabled.
Note:IftheCandidatehasaManagerpasswordoriftheavailablestack(s)already
havethemaximumof15Members,theautomaticjoinwillnotoccur.
stacktransmission-interval AllStackMembers:specifiestheintervalinsecondsfortransmittingstacking
discoverypackets.
Default:60seconds
7-30
UsingtheCLIToViewStackStatus
Youcanlistthestackstatusforanindividualswitchandforotherswitches
thathavebeendiscoveredinthesamesubnet.
Syntax: showstack[candidates|view|all]
ViewingtheStatusofanIndividualSwitch.Thefollowingexample
illustrateshowtousetheCLIina todisplaythestackstatusforthatswitch.
Inthiscase,theswitchisinthedefaultstackingconfiguration.
Syntax: showstack
Figure7-22.ExampleofUsingtheShowStackCommandToListtheStackingConfigurationforan
IndividualSwitch
ViewingtheStatusofCandidatestheCommanderHasDetected.
ThisexampleillustrateshowtoliststackcandidatestheCommanderhas
discoveredintheipsubnet(broadcastdomain).
Syntax: showstackcandidates
Figure7-23.ExampleofUsingtheShowStackCandidatesCommandToList
Candidates
7-31
ViewingtheStatusofallStack-EnabledSwitchesDiscoveredintheIP
Subnet.Thenextexamplelistsallthestack-configuredswitchesdiscovered
intheIPsubnet.Becausetheswitchonwhichtheshowstackallcommand
wasexecutedisacandidate,itisincludedintheOtherscategory.
Syntax: showstackall
Figure7-24.ResultofUsingtheShowStackAllCommandToListDiscoveredSwitchesintheIPSubnet
ViewingtheStatusoftheCommanderandCurrentMembersofthe
CommandersStack. Thenextexamplelistsallswitchesinthestackofthe
selectedswitch.
Syntax: showstackview
Figure7-25.ExampleoftheShowStackViewCommandToListtheStackAssignedtothe
SelectedCommander
7-32
UsingtheCLIToConfigureaCommanderSwitch
Youcanconfigureanystacking-enabledswitchtobeaCommanderaslongas
theintendedstacknamedoesnotalreadyexistonthebroadcastdomain.
(WhenyouconfigureaCommander,youautomaticallycreateacorresponding
stack.)
Beforeyoubeginconfiguringstackingparameters:
1. ConfigureIPaddressingontheswitchintendedforstackcommanderand,
ifnotalreadyconfigured,ontheprimaryVLAN.(Formoreonconfiguring
IPaddressing,refertotheManagementandConfigurationGuidefor
yourswitch.)
Not e TheprimaryVLANmusthaveanIPaddressinorderforstackingtooperate
properly.FormoreontheprimaryVLAN,seeThePrimaryVLANonpage
2-51.
2. ConfigureaManagerpasswordontheswitchintendedforcommander.
(TheCommandersManagerpasswordcontrolsaccesstostackMem-
bers.)Formoreonpasswords,seethelocalmanagerandoperatorpass-
wordinformationintheAccessSecurityGuideforyourswitch.
ConfiguretheStackCommander. Assigningastacknametoaswitch
makesitaCommanderandautomaticallycreatesastack.
Syntax: stackcommander<name-str>
ThisexamplecreatesaCommanderswitchwithastacknameofBig_Waters.
(Notethatifstackingwaspreviouslydisabledontheswitch,thiscommand
alsoenablesstacking.)
Pr oCur ve( conf i g) # st ack commander Bi g_Wat er s
Asthefollowingshowstackdisplayshows,theCommanderswitchisnowready
toaddmemberstothestack.
7-33
Thestackcommandercommand
configurestheCommanderandnames
thestack.
TheCommanderappearsinthestackasSwitch
Number(SN)0.
Figure7-26.ExampleoftheCommandersShowStackScreenwithOnlytheCommander
Discovered
UsingaMembersCLItoConverttheMembertotheCommanderofa
NewStack. ThisprocedurerequiresthatyoufirstremovetheMemberfrom
itscurrentstack,thencreatethenewstack.IfyoudonotknowtheMAC
addressfortheCommanderofthecurrentstack,useshowstacktolistit.
Syntax: nostack
stackcommander<stackname>
Suppose,forexample,thataProCurveswitchnamedBeringSeaisaMember
ofastacknamedBig_Waters.TousetheswitchsCLItoconvertitfroma
stackMembertotheCommanderofanewstacknamedLakes,youwould
usethefollowingcommands:
7-34
Figure7-27.ExampleofUsingaMembersCLIToConverttheMembertotheCommanderofaNewStack
RemovestheMember
fromtheBig_Waters
stack.
Convertstheformer
MembertotheCom-
manderofthenew
Lakesstack.
Theoutputfromthiscommandtellsyouthe
MACaddressofthecurrentstackCommander.
AddingtoaStackorMovingSwitchesBetweenStacks
YoucanaddswitchestoastackbyaddingdiscoveredCandidatesorbymoving
switchesfromotherstacksthatmayexistinthesamesubnet.(Youcannot
addaCandidatethattheCommanderhasnotdiscovered.)
Initsdefaultconfiguration,theCommandersAuto-Grabparameteris setto
Notogiveyoumanualcontroloverwhichswitchesjointhestackandwhen
theyjoin.ThispreventstheCommanderfromautomaticallytryingtoadd
everyCandidateitfindsthathasAutoJoinsettoYes(thedefaultforthe
Candidate).
(IfyouwantanyeligibleCandidatetoautomaticallyjointhestackwhenthe
Commanderdiscoversit,configureAutoGrabintheCommandertoYes.When
youdoso,anyCandidatediscoveredwithAutoJoinsettoYes(thedefault)and
noManagerpasswordwilljointhestack,uptothelimitof15Members.)
7-35
UsingtheCommandersCLIToManuallyAddaCandidatetothe
Stack. Tomanuallyaddacandidate,youwilluse:
Aswitchnumber(SN)toassigntothenewmember.MemberSNsrange
from1to15.ToseewhichSNsarealreadyassignedtoMembers,useshow
stackview.YoucanuseanySNnotincludedinthelisting.(SNsare
viewableonlyonaCommanderswitch.)
TheMACaddressofthediscoveredCandidateyouareaddingtothestack.
Toseethisdata,usetheshowstackcandidateslisting.
Forexample:
Note:Whenmanuallyaddingaswitch,youmustassignanSN.
However,iftheCommanderautomaticallyaddsanewMember,
itassignsanSNfromtheavailablepoolofunusedSNs.
Inthisstack,theonlySNsinuseare0and1,
soyoucanuseanySNnumberfrom2through
15fornewMembers.(TheSNof0isalways
reservedforthestackCommander.)
Figure7-28.ExampleofHowToDetermineAvailableSwitchNumbers(SNs)
TodisplayalldiscoveredCandidateswiththeirMACaddresses,executeshow
stackcandidatesfromtheCommandersCLI.Forexample,tolistthediscov-
eredcandidatesfortheaboveCommander:
MACaddresses
ofdiscovered
Candidates.
Figure7-29.ExampleofHowToDetermineMACAddressesofDiscoveredCandidates
Knowingtheavailableswitchnumbers(SNs)andCandidateMACaddresses,
youcanproceedtomanuallyassignaCandidatetobeaMemberofthestack:
Syntax: stackmember<switch-number>mac-address<mac-addr>
7-36
Forexample,iftheswitchintheabovelistingdidnothaveaManager
passwordandyouwantedtomakeitastackMemberwithanSNof2,you
wouldexecutethefollowingcommand:
Pr oCur ve( conf i g) # st ack member 2 mac- addr ess 0060b0-
df l a00
TheshowstackviewcommandthenliststheMemberaddedbytheabove
command:
SN(SwitchNumber)2isthe
newMemberaddedbythe
stackmembercommand.
ThenewmemberdidnothaveaSystemName
configuredpriortojoiningthestack,andsoreceivesa
SystemNamecomposedofthestackname(assignedin
theCommander)withitsSNnumberasasuffix.
Figure7-30.ExampleShowingtheStackAfterAddingaNewMember
UsingAutoJoinonaCandidate.Inthedefaultconfiguration,aCandi-
datesAutoJoinparameterissettoYes,meaningthatitwillautomatically
joinastackifthestacksCommanderdetectstheCandidateandtheCom-
mandersAutoGrabparameterissettoYes.YoucandisableAutoJoinona
Candidateifyouwanttopreventautomaticjoininginthiscase.Thereisalso
theinstancewhereaCandidatesAutoJoinisdisabled,forexample,whena
CommanderleavesastackanditsmembersautomaticallyreturntoCandidate
status,orifyoumanuallyremoveaMemberfromastack.Inthiscase,you
maywanttoresetAutoJointoYes.
Status: [no]stackauto-join
Pr oCur ve( conf i g) # no st ack aut o- j oi n
DisablesAutoJoinonaCandidate.
Pr oCur ve( conf i g) # st ack aut o- j oi n
EnablesAutoJoinonaCandidate.
UsingaCandidateCLIToManuallyPushtheCandidateIntoa
Stack.Usethismethodifanyofthefollowingapply:
7-37
TheCandidatesAutoJoinissettoYes(andyoudonotwanttoenable
AutoGrabontheCommander)ortheCandidatesAutoJoinissettoNo.
EitheryouknowtheMACaddressoftheCommanderforthestackinto
whichyouwanttoinserttheCandidate,ortheCandidatehasavalidIP
addressandisoperatinginyournetwork.
Syntax: stackjoin<mac-addr>
where:<mac-addr>istheMACaddressoftheCommanderin
thedestinationstack.
UseTelnet(iftheCandidatehasanIPaddressvalidforyournetwork)ora
directserialportconnectiontoaccesstheCLIfortheCandidateswitch.For
example,supposethataCandidatenamedNorthSeawithAutoJoinoffand
avalidIPaddressof10.28.227.104isrunningonanetwork.YoucouldTelnet
totheCandidate,useshowstackalltodeterminetheCommandersMAC
address,andthenpushtheCandidateintothedesiredstack.
Figure7-31.ExampleofPushingaCandidateIntoaStack
ToverifythattheCandidatesuccessfullyjoinedthestack,executeshowstack
allagaintoviewthestackingstatus.
UsingtheDestinationCommanderCLIToPullaMemberfrom
AnotherStack. ThismethodusestheCommanderinthedestinationstack
topulltheMemberfromthesourcestack.
1. TelnettotheCandidatenamedNorthSea.
2. UseshowstackalltodisplaytheCommanders
MACaddress.
3. SettheCandidateCLItoConfigmode.
4. Executestackjoinwiththe
CommandersMACaddresstopush
theCandidateintothestack.
MACAddressfor
StackCommander
7-38
Syntax: stackmember<switch-number>
mac-address<mac-addr>
InthedestinationCommander,useshowstackalltofindtheMACaddressof
theMemberyouwanttopullintothedestinationstack.Forexample,suppose
youcreatedanewCommanderwithastacknameofCold_Watersandyou
wantedtomoveaswitchnamedBeringSeaintothenewstack:
MovethisswitchintotheColdWatersstack.
Figure7-32.ExampleofStackListingwithTwoStacksintheSubnet
Youwouldthenexecutethefollowingcommandtopullthedesiredswitch
intothenewstack:
Pr oCur ve( conf i g) # st ack member 1 mac- addr ess 0060b0-
df 1a00
Where1isanunusedswitchnumber(SN).
SinceapasswordisnotsetontheCandidate,apasswordisnotneededinthis
example.
Youcouldthenuseshowstackallagaintoverifythatthemovetookplace.
UsingaMemberCLIToPushtheMemberintoAnotherStack.You
canusetheMembersCLItopushastackMemberintoadestinationstack
ifyouknowtheMACaddressofthedestinationCommander.
Syntax: stackjoin<mac-addr>
where: <mac-addr>istheMACaddressoftheCommanderforthe
destinationstack.
ConvertingaCommandertoaMemberofAnotherStack.Removing
theCommanderfromastackeliminatesthestackandreturnsitsMembersto
theCandidatepoolwithAutoJoindisabled.
7-39
Syntax: nostackname<stackname>
stackjoin<mac-address>
IfyoudontknowtheMACaddressofthedestinationCommander,youcan
useshowstackalltoidentifyit.
Forexample,supposeyouhaveaswitchoperatingastheCommanderfora
temporarystacknamedTest.Whenitistimetoeliminatethetemporary
Teststackandconverttheswitchintoamemberofanexistingstacknamed
Big_Waters,youwouldexecutethefollowingcommandsintheswitchsCLI:
Figure7-33.ExampleofCommandSequenceforConvertingaCommandertoaMember
EliminatestheTeststackandconverts
theCommandertoaCandidate.
HelpsyoutoidentifytheMACaddressofthe
CommanderfortheBig_Watersstack.
AddstheformerTestCommandertothe
Big_Watersstack.
UsingtheCLIToRemoveaMemberfromaStack
YoucanremoveaMemberfromastackusingtheCLIofeithertheCommander
ortheMember.
Not e WhenyouremoveaMemberfromastack,theMembersAutoJoinparameter
issettoNo.
UsingtheCommanderCLIToRemoveaStackMember. Thisoption
requirestheswitchnumber(SN)andtheMACaddressoftheswitchto
remove.(BecausetheCommanderpropagatesitsManagerpasswordtoall
stackmembers,knowingtheManagerpasswordisnecessaryonlyforgaining
accesstotheCommander.)
Syntax: [no]stackmember<switch-num>mac-address<mac-addr>
7-40
UseshowstackviewtolistthestackMembers.Forexample,supposethatyou
wantedtousetheCommandertoremovetheNorthSeaMemberfromthe
followingstack:
RemovethisMember
fromthestack.
Figure7-34.ExampleofaCommanderandThreeSwitchesinaStack
YouwouldthenexecutethiscommandtoremovetheNorthSeaswitchfrom
thestack:
Pr oCur ve( conf i g) # no st ack member 3 mac- addr ess 0030c1-
7f c700
where:
3istheNorthSeaMembersswitchnumber(SN)
0030c1-7fc700istheNorthSeaMembersMACaddress
UsingtheMembersCLIToRemovetheMemberfromaStack.
Syntax: nostackjoin<mac-addr>
Tousethismethod,youneedtheCommandersMACaddress,whichis
availableusingtheshowstackcommandintheMembersCLI.Forexample:
MACAddressofthe
Commanderforthe
StacktoWhichthe
NorthSeaSwitch
Belongs
CLIforNorthSea
StackMember
Figure7-35.ExampleofHowToIdentifytheCommandersMACAddressfromaMemberSwitch
7-41
YouwouldthenexecutethiscommandintheNorthSeaswitchsCLIto
removetheswitchfromthestack:
Nor t h Sea( conf i g) # no st ack j oi n 0030c1- 7f ec40
ChangesandTrafficMonitoring
AfteraCandidatebecomesaMember,youcanusethetelnetcommandfrom
theCommandertoaccesstheMembersCLIorconsoleinterfaceforthesame
configurationandmonitoringthatyouwoulddothroughaTelnetordirect-
connectaccessfromaterminal.
Syntax: telnet<switch-number>
where:unsignedintegeristheswitchnumber(SN)assignedbytheCom-
mandertoeachmember(range:1- 15).
TofindtheswitchnumberfortheMemberyouwanttoaccess,executethe
showstackviewcommandintheCommandersCLI.Forexample,supposethat
youwantedtoconfigureaporttrunkontheswitchnamedNorthSeainthe
stacknamedBig_Waters.DodosoyouwouldgototheCLIforthe
Big_WatersCommanderandexecuteshowstackviewtofindtheswitch
numberfortheNorthSeaswitch:
Theswitchnumber
(SN)fortheNorth
Seaswitchis3.
Figure7-36.ExampleofaStackShowingSwitchNumber(SN)Assignments
ToaccesstheNorthSeaconsole,youwouldthenexecutethefollowingtelnet
command:
Pr oCur ve( conf i g) # t el net 3
YouwouldthenseetheCLIpromptfortheNorthSeaswitch,allowingyou
toconfigureormonitortheswitchasifyouweredirectlyconnectedtothe
console.
7-42
SNMPCommunityOperationinaStack
CommunityMembership
Inthedefaultstackingconfiguration,whenaCandidatejoinsastack,it
automaticallybecomesaMemberofanySNMPcommunitytowhichthe
Commanderbelongs,eventhoughanycommunitynamesconfiguredinthe
CommanderarenotpropagatedtotheMembersSNMPCommunitieslisting.
However,ifaMemberhasitsown(optional)IPaddressing,itcanbelongto
SNMPcommunitiestowhichotherswitchesinthestack,includingthe
Commander,donotbelong.Forexample:
CommanderSwitch
IPAddr:10.31.29.100
CommunityNames:
blue
red
TheCommanderandallMembersofthestack
belongtotheblueandredcommunities.Onlyswitch
3belongstothegraycommunity.Switches1,2,and
3belongtothepubliccommunity
IfMemberSwitch1ceasestobeastackMember,it
stillbelongstothepublicSNMPcommunitybecause
ithasIPaddressingofitsown.But,withthelossof
stackMembership,Switch1losesmembershipin
theblueandredcommunitiesbecausetheyarenot
specificallyconfiguredintheswitch.
losesmembershipinallSNMPcommunities.
losesmembershipintheblueandredcommunities,
butbecauseithasitsownIPaddressingretains
membershipinthepublicandgraycommunities.
MemberSwitch1
IPAddr:10.31.29.18
CommunityNames:
public(thedefault)
MemberSwitch3
IPAddr:10.31.29.15
CommunityNames:
public(thedefault)
gray
MemberSwitch2
IPAddr:None
CommunityNames:
none
Figure7-37.ExampleofSNMPCommunityOperationwithStacking
SNMPManagementStationAccesstoMembersViatheCommander.
TouseamanagementstationforSNMPGetorSetaccessthroughthe
CommandersIPaddresstoaMember,youmustappend@sw<switchnumber>
tothecommunityname.Forexample,infigure7-37,youwouldusethe
followingcommandinyourmanagementstationtoaccessSwitch1sMIB
usingthebluecommunity:
snmpget <MIBvariable> 10. 31. 29. 100 bl ue@sw1
Notethatbecausethegraycommunityisonlyonswitch3,youcouldnotuse
theCommanderIPaddressforgraycommunityaccessfromthemanagement
station.Instead,youwouldaccessswitch3directlyusingtheswitchsownIP
address.Forexample:
snmpget <MIBvariable> 10. 31. 29. 15 gr ay
7-43
Notethatintheaboveexample(figure7-37)youcannotusethepublic
communitythroughtheCommandertoaccessanyoftheMemberswitches.
Forexample,youcanusethepubliccommunitytoaccesstheMIBinswitches
1and3byusingtheiruniqueIPaddresses.However,youmustusetheredor
bluecommunitytoaccesstheMIBforswitch2.
snmpget <MIBvariable> 10. 31. 29. 100 bl ue@sw2
UsingtheCLIToDisableorRe-EnableStacking
Inthedefaultconfiguration,stackingisenabledontheswitch.Youcanuse
theCLItodisablestackingontheswitchatanytime.Disablingstackinghas
thefollowingeffects:
DisablingaCommander: Eliminatesthestack,returnsthestackMem-
berstoCandidateswithAutoJoindisabled,andchangestheCommander
toastand-alone(nonstacking)switch.Youmustre-enablestackingonthe
switchbeforeitcanbecomeaCandidate,Member,orCommander.
DisablingaMember:RemovestheMemberfromthestackandchanges
ittoastand-alone(nonstacking)switch.Youmustre-enablestackingon
theswitchbeforeitcanbecomeaCandidate,Member,orCommander.
DisablingaCandidate:ChangestheCandidatetoastand-alone(non-
stacking)switch.
Syntax: nostack (Disablesstackingontheswitch.)
stack (Enablesstackingontheswitch.)
TransmissionInterval
Allswitchesinthestackmustbesettothesametransmissionintervaltohelp
ensureproperstackingoperation.HPrecommendsthatyouleavethisparam-
etersettothedefault60seconds.
Syntax: stacktransmission-interval<seconds>
StackingOperationwithMultipleVLANsConfigured
StackingusestheprimaryVLANinaswitch.Inthefactory-defaultconfigura-
tion,theDEFAULT_VLANistheprimaryVLAN.However,youcandesignate
anyVLANconfiguredintheswitchastheprimaryVLAN.(SeeThePrimary
VLANonpage2-51.)
Whenusingstackinginamultiple-VLANenvironment,thefollowingcriteria
applies:
7-44
StackingusesonlytheprimaryVLANoneachswitchinastack.
TheprimaryVLANcanbetaggedoruntaggedasneededinthe
stackingpathfromswitchtoswitch.
ThesameVLANID(VID)mustbeassignedtotheprimaryVLANin
eachstackedswitch.
StatusMessages
Stackingscreensandlistingsdisplaythesestatusmessages:
Message Condition ActionorRemedy
CandidateAuto- IndicatesaswitchconfiguredwithStackState Nonerequired
join settoCandidate,AutoJoinsettoYes(the
default),andnoManagerpassword.
Candidate Candidatecannotautomaticallyjointhestack Manuallyaddthecandidatetothestack.
becauseoneorbothofthefollowingconditions
apply:
CandidatehasAutoJoinsettoNo.
CandidatehasaManagerpassword.
Commander MemberhaslostconnectivitytoitsCommander. CheckconnectivitybetweentheCommanderand
Down theMember.
CommanderUp TheMemberhasstackingconnectivitywiththe Nonerequired.
Commander.
Mismatch ThismaybeatemporaryconditionwhileaCandi- Initially,waitforanupdate.Ifconditionpersists,
dateistryingtojoinastack.IftheCandidatedoes reconfiguretheCommanderortheMember.
notjoin,thenstackconfigurationisinconsistent.
MemberDown AMemberhasbecomedetachedfromthestack. ChecktheconnectivitybetweentheCommander
Apossiblecauseisaninterruptiontothelink andtheMember.
betweentheMemberandtheCommander.
MemberUp TheCommanderhasstackingconnectivitytothe Nonerequired.
Member.
Rejected TheCandidatehasfailedtobeaddedtothestack. Thecandidatemayhaveapassword.Inthiscase,
manuallyaddthecandidate.Otherwise,thestack
mayalreadybefull.Astackcanholdupto15
Members(plustheCommander).
7-45
7-46
8
QinQ(ProviderBridging)
Contents
Contents
Overview ..................................................... 8-3
Introduction .................................................. 8-4
HowQinQWorks............................................ 8-5
FeaturesandBenefits ........................................ 8-5
Terminology ................................................ 8-6
OperatingRulesandGuidelines ............................... 8-7
EnablingQinQandConfiguringQinQModes................. 8-7
QinQMixedVlanMode ................................... 8-8
ConfiguringVLANs ...................................... 8-8
OperatingNotesandRestrictions ............................. 8-10
ConfiguringQinQ ............................................ 8-13
GeneralConfigurationSteps................................. 8-13
EnablingQinQ............................................. 8-14
SettingupS-VLANs ......................................... 8-14
ConfiguringPer-PortS-VLANMembership ................. 8-15
ConfiguringPort-Types ..................................... 8-16
ConfigurationExample ....................................... 8-17
UpdatingQinQConfigurations ................................ 8-22
ChangingQinQModes .............. ........................ 8-22
DisablingQinQ............................................. 8-22
ChangingVLANPortMemberships(MixedVlanMode) .......... 8-22
MovingPortsbetweenC-VLANsandS-VLANs(MixedVlanMode) . 8-23
DisplayingQinQConfigandStatus ............................ 8-24
ShowCommandsforQinQ .................................. 8-24
8-1
Contents
Show CommandsforVLANs ... .............................. 8-25
DisplayingSpanning TreeStatus....... ....................... 8-27
EffectsofQinQonOtherSwitchFeatures ..................... 8-28
EventLogMessagesandSNMPSupport ....................... 8-33
SNMPSupportandMIBObjects .............................. 8-33
8-2
Overview
L i c e n s e
Re q u i r e me n t s
Overview
ThischapterdescribeshowtoenableQinQoperationsontheswitchandhow
toconfigureproviderbridgeS-VLANsandportassignments.
Forinformationonhowtoconfigureandusestatic,port-basedandproto-
col-basedVLANs,refertochapter2,StaticVirtualLANs(VLANs).
ForinformationonhowtoconfiguredynamicVLANsontheswitch,referto
chapter3,GVRP.
Inthe3500yl,5400zl,6600and8200zlswitches,QinQisincludedwiththe
PremiumLicense.Inthe6200ylswitches,thisfeatureisincludedwiththebase
featureset.
8-3
Introduction
Introduction
TheIEEE802.1adspecification,commonlyknownasQinQorproviderbridg-
ing,extendstheIEEE802.1QstandardbyprovidingforasecondtierofVLANs
inabridgednetwork.ThegeneralpurposeofQinQistoallowframesfrom
multiplecustomerstobeforwarded(ortunneled)throughanothertopology
(providernetwork)usingserviceVLANsorS-VLANs.Theproviderbridge,
whichmaycomprisemultipledevicesintheserviceproviderdomain,looks
likeasimplebridgeporttothecustomerstrafficandmaintainsthecustomers
VLANs.
Figure8-1showsasampleQinQtopologyandusemodel.CustomerAhas
LANsspreadacrossmultiplesitelocationsandmaywanttolinkthemtogether
inasinglelogicalLAN.Todothis,thecustomercouldhaveacablelaidout
fortheentiredistanceinterconnectingthethreesites.Amorecost-effective
andscalablealternative,however,wouldbetotunnelframesthroughthe
providersnetworktointerconnectallthesitessubscribingtotheservice.This
solutioncanbedeliveredusingQinQ.
ServiceProviderNetwork
CustomerA
Site1
CustomerA
Site2
CustomerB
Site1
CustomerA
Site3
CustomerB
Site2
(Interconnectsgeographically
disparateLANsofeachcustomer)
Figure8-1.QinQNetworkDiagram
Not e Theso-calledServiceProviderandCustomersmaybelongtothesame
businessentity,asinthecasewhereasingleenterpriseusesQinQtohelp
segregatelocalnetworksandincreasethescalabilityoftheirbackboneinfra-
structure.
8-4
Introduction
HowQinQWorks
UnderQinQ,theprovidernetworkoperatesonadifferentVLANspace,
independentoftheVLANsthatareusedinthecustomernetworkasshownin
Figure8-2.
Provider
Edge
C-VLAN
Bridge
C-VLAN
Bridge
VLAN1
VLAN2
VLAN1
VLAN1
VLAN2
VLAN1
ServiceVLAN100
Bridge
Provider
Edge
Bridge
ServiceVLAN101
ServiceVLAN102
CustomerA CustomerA
CustomerB CustomerB
Provider
Core
Bridge
Figure8-2.ExampleofVLANsinaQinQConfiguration
CustomerVLANs(referredtoasC-VLANsbytheIEEE802.1adspecification)
arenotusedtomakeanyforwardingdecisionsinsidetheprovidernetwork
wherecustomerframesgetassignedtoserviceVLANs(S-VLANs).Insidethe
providercloud,framesareforwardedbasedontheS-VLANtagonly,whilethe
C-VLANtagremainsshieldedduringdatatransmission.TheS-VLANtagis
removedwhentheframeexitstheprovidernetwork,restoringtheoriginal
customerframe.
FeaturesandBenefits
IncreasestheVLANspaceinaprovidernetworkorenterprisebackbone.
ReducesthenumberofVLANsthataproviderneedstosupportwithinthe
providernetworkforthesamenumberofcustomers.
EnablescustomerstoplantheirownVLANIDs,withoutrunninginto
conflictswithserviceproviderVLANIDs.
ProvidesasimpleLayer2VPNsolutionforsmall-sizedMANs(Metropol-
itanAreaNetworks)orintranets.
ProvidesforcustomertrafficisolationatLayer2withinaServiceProvider
network.
8-5
Introduction
Terminology
C-VLANs.CustomernetworkVLANsthatcanexistacrossmultiplelocations.
Theseareassignedandmanagedbyeachcustomerandarelocaltothe
customerspace.
C-VLANbridge. Acustomer-owneddeviceoperatingregular802.1QVLANs.
Customer.Theconsumerofnetworkservicesdeliveredbyaserviceprovider.
Customer-networkport.Customer-facingportonaprovideredgedevice.
TheequivalentofCNportsoftheIEEE802.1adstandard.
CustomerVLAN.SeeC-VLAN.
IEEE802.1ad.Specificationthatallowsaserviceprovidertoassignaunique
VLANidentifier(calledtheServiceVLANIDorS-VID)tocustomersusing
multipleVLANs,therebyextendingthetotalnumberofVLANsthatcan
besupportedwithintheprovidernetwork.
Mixedvlanmodedevice.DevicethatsupportsbothC-VLANsandS-VLANs.
AdeviceconfiguredinqinqmixedvlanmodecandoregularCVLANswitch-
ing/routing(standardbridgebehavior)andcanalsoserveasaprovider
edgedevicetunnelingframesintoandoutoftheprovidernetwork.
Port-basedinterface.Untaggedcustomer-networkportsortrunksona
QinQenableddevice.SeealsoS-taggedinterface.
Provider-networkport.PortonanS-VLANbridgethatconnectstothe
providernetwork.ThisequatestoPNportsoftheIEEE802.1adstandard.
QinQ.AfeaturethatenablesserviceproviderstouseasingleVLAN-IDto
supportmultiplecustomerVLANsbyencapsulatingthe802.1QVLANtag
withinanother802.1Qframe.SeealsoIEEE802.1ad.
ServiceProvider.Theproviderofthenetworkthatprovidesoneormore
serviceinstancestoacustomer.
S-taggedinterface.Taggedcustomer-networkportsortrunksonaQinQ
enableddevice.Seealsoport-basedinterface.
ServiceVLAN.SeeS-VLAN.
S-VLAN.ServiceVLANsthatareusedtotunnelcustomerframesthroughthe
providernetworktocustomersites.Thesearemanagedbytheservice
providerwhocanassigneachcustomerauniqueS-VLANID.
8-6
Introduction
S-VLANbridge.Provider-owneddeviceconfiguredinqinqsvlanmodethat
usesS-VLANsonlytoforwardframesintheprovidernetwork.Thisbridge
canbefurthersub-classifiedas:
Provideredgebridge.Ansvlanbridgethathascustomernetwork
portsconfiguredonthedevice.
Providercorebridge.Adeviceinthecoreoftheprovidernetwork
thatdoesnotinterfacewithanycustomerbridges.Allportsonthe
deviceareprovidernetworkports,andtheS-VLANbridgeonly
receivesandforwardsS-taggedframes.
TunnelVLAN.SeeS-VLAN.
OperatingRulesandGuidelines
ThissectionprovidesanoverviewofQinQoperationsandrestrictionsonthe
switch.FordetailsofCLIcommandsandconfigurationprocedures,referto
ConfiguringQinQonpage8-13.
EnablingQinQandConfiguringQinQModes
Bydefault,QinQisdisabled.WhenQinQisenabledviatheCLI,anoperating
modeisgloballyconfiguredontheswitch.TwoQinQmodesaresupported:
qinqmixedvlan:C-VLANsandS-VLANsarebothsupported,withregular
switching/routingbasedonC-VLANtagsintheC-VLANdomain,while
S-VLANsareusedforQinQtunnelingthroughtheprovidernetwork.
qinqsvlan:C-VLANsareNOTsupportedonthedevice.Allconfigured
VLANsontheswitchmustbeS-VLANs.
Table8-1showshowthevariousQinQmodesandoperationsimpactVLAN
configurationoptionsontheswitch.
Table8-1.RelationshipofQinQOperatingModestoVLANEnvironments
QinQOperation CLICommand VLANOptions
QinQdisabled
NoQinQsupport noqinq OnlyregularVLANcommandsareavailable.IfQinQ
(Default)
isdisabled,S-VLANcommandsarenotavailable.
QinQenabled
QinQmixedvlan qinqmixedvlan BothS-VLANandregularVLANcommands(knownas
mode C-VLANsinamixedvlanenvironment)areavailable.
QinQsvlanmode qinqsvlan NoregularVLANcommandsareavailable.AllVLANs
configuredontheswitchareS-VLANsonly.
8-7
Introduction
QinQMixedVlanMode
TheQinQmixedvlanmodeconfigurationsupportsbothC-VLANandS-VLAN
operationsonthesamedevice.ThisallowstheuseofS-VLANmemberports
forQinQtunneling,whileregularportscanstilldoswitchingorroutingwithin
theC-VLANspace.Totunnelcustomerframesthroughtheprovidernetwork,
youcanexternallyconnectaregularporttoacustomer-networkport,elimi-
natingtheneedforaseparateS-VLANbridgedevicetoperformsuchopera-
tions.WhenconfiguringVLANsonamixedvlanmodedevice,aseparatesvlan
<vid>commandisusedtodistinguishtheS-VLANtypefromregularVLANs.
ThemainadvantageforQinQmixedvlanmodeisthatusersdonothaveto
dedicatetheentireswitchasaQinQaccessswitch.Forahighdensitychassis
switchsuchasthe5400zlor8200zlseries,customerscanuseregularportsfor
normalLANswitching,whileS-VLANmemberportscanbeconfiguredto
accesstheQinQprovidernetwork(seeFigure8-3).Therearesomeadditional
restrictionsinmixed-VLANmode(seeOperatingNotesandRestrictionson
page8-10fordetails).
Customer-network
ports
Provider-network
ports
QinQProvider
Regularports
Normal
VLAN
switching
S-VLAN
encap-
sulation
and
switching
Network
Figure8-3. ProCurveSwitchinMixed-VLANmode
ConfiguringVLANs
AVLANcreatedonaQinQmixedvlanmodedevicecanbeeitheraregular
VLAN(C-VLAN)oratunnelVLAN(S-VLAN).C-VLANshavenomapping/
relationwhatsoevertotheS-VLANsonthedevice.
VLANscreatedonaQinQsvlanmodedevicecanbeS-VLANsonly.
S-VLANsprovideQinQtunnelingofcustomerframesandbehavelikea
port-based/s-taggedinterface(seeSettingupS-VLANsonpage8-14for
configurationdetails).
8-8
100
100
Introduction
QinQandDuplicateVIDs.DuplicateVIDsforc-taggedands-tagged
VLANs(forexample,C-VID=100;S-VID=100)areallowedincertaincasesand
disallowedinothers.Customer-networkportsareessentiallyS-VLANports:
theysimplyreadtheC-tagsinthecustomerframetoinsertthemintothe
appropriateuntaggedS-VLANforthatport.Oncethisdouble-taggingoccurs,
framesareforwardedbasedontheS-VLANtagonly,whiletheC-VLANtag
remainsshieldedduringdatatransmission.SeeFigure8-4forexamplesof
allowedconfigurations.
PN PN
PN(Ports) CN PN
SvlanMode
CN(Ports)
100
Example1:Duplicate
c-tagsareallowed.
100
6U
5U(Untagged)
5T,6T
5
6
(Tagged)
MixedMode
CN PN
100
100 100
101
100U
5U 5T
5
Regular(Ports)
101U
Example4:Duplicatec-tagsin
regularandCNportsareallowed.
100
100
100
100
101U
100U
100T,
100
101
101T
Example2:Duplicatec-tags
ands-tagsareallowed.
100
Example3:Remapping
s-tagsisNOTallowed.
7
100 5
100 8
6T
100 6
5T
7T,8T
PN PN
100U
100U
Regular
101U
100T
100 100
200
100
101
Example6:Duplicates-tags
andVIDsinregularportsis
NOTallowed.
CN PN
100
100U
100
200U
Regular
201U
100T
100
200
201
Example5:Duplicatec-tags
ands-tagsareallowed.
Figure8-4.QinQandDuplicateVIDs:ExamplesofAllowedConfigurations
8-9
Introduction
Not e
AssigningPortstoVLANs. Inmixedvlanmode,aportcanbeamember
ofaC-VLANorofanS-VLANbutnotboth.Fordetails,onassigningmember-
shiptoprovider-basedVLANs,seeConfiguringPer-PortS-VLANMember-
shiponpage8-15.
ConfiguringPort-Types. TheIEEE802.1adstandardrequiresthatevery
svlanmemberportbeconfiguredaseitheraprovider-networkorasacus-
tomer-networkport.Inatypicaldeploymentscenario,customer-network
portswillbeconfiguredasuntaggedmembersofS-VLANswhileprovider-
networkportswillbeconfiguredastaggedmembersofS-VLANs.Notethe
followingconfigurationrulesandguidelines:
AllportsofadevicethatisQinQenabled(insvlanmodeormixedvlan
mode)areprovider-networkportsbydefaultifthereareanyportsthat
connecttoacustomerdevice,theymustbemanuallyconfiguredas
customer-networkports.
Configuringaport-typeisonlyapplicableifthedeviceisQinQenabled
andtheportisamemberofansvlan.InQinQmixedmode,portsthatare
membersofC-VLANscannotbeconfiguredtoanyport-type.
Formoreinformation,seeConfiguringPort-Typesonpage8-16.
IfadevicerunninginQinQsvlanmodehasoneormorecustomer-network
ports,itisconsideredtobeaprovideredgeandnotaprovidercorebridge.
Thismayimpactcertainoperations,suchasmeshing,UDLD,andstacking.
Thisisbecauseattheedgeoftheprovidernetworksuchproprietaryprotocol
arefilteredoutatcustomernetworkports.Thispreventstheintermixof
stacking/meshing/udldprotocolsinthecustomerandproviderdomains(since
theyusethesamedst-macaddressineitherdomain).
OperatingNotesandRestrictions
Changingbridgemodesrequiresareboot.Whenchangingtheoper-
atingmode(to/from:QinQsvlanmode,QinQmixedvlanmode,orQinQ
disabled),youwillpromptedtorestartthesystembeforethechangescan
takeeffect.Uponreboot,allconfigurationinformationfortheprior
QinQmodewillbelost.Anyconfigurationscreatedwillbeerased,and
thedevicewillbootupwithadefaultconfigurationforthenewQinQ
mode.
ProvideredgedevicesatLayer2only.QinQdoesnotprovideLayer3
capabilitiesofcompletenetworkisolationbetweencustomers.Inamixed
VLANconfiguration,thereisnoswitching/routingbetweenC-VLANsand
S-VLANs.S-VLANsareessentiallyLayer2VLANsthatswitchpackets
basedonS-VIDs.
8-10
Introduction
IPsupport.RegularVLANssupportIPandcanberoutingenabled.
S-VLANsofmixedvlanmodedevicescannotbeipenabled.S-VLANsof
svlanmodedevicescanbeipenabled,thoughroutingrelatedfeatures
(suchasiprouting)arenotsupported.
Double-taggingcausesframesizeincreases.Sincethereisbotha
providerVLANtagandcustomerVLANtagineachQinQframe,thesize
ofeachdouble-taggedframeincreasesby4bytes.Toaccommodatethe
framesizeincrease,ProCurverecommendsthatyouconfigureallport-
basedS-VLANstoacceptjumboframes.SeethesectiononJumbo
FramesintheManagementandConfigurationGuidefordetails.
S-VLANconfigurationrestrictions:
S-VLANcommandsarenotavailablewhenQinQisdisabledonthe
switch.
VLANconfigurationrestrictionsinmixedvlanmode:
BothC-VLANsandS-VLANscanbeconfiguredontheswitch.Ina
mixedmodedevice,thedefaultVLANisalwaysaC-VLAN.
VLANtypescannotbeupdateddynamically.AVLANcanonlybe
classifiedasanS-VLANoraC-VLANatthetimeitscreated.Once
created,theVLANcannotbemovedbetweenbeingaC-VLANandan
S-VLAN.IfaVIDthatwasinitiallycreatedasaregularVLANneedsto
beusedforanS-VLAN,theVIDmustbedeletedandrecreatedasan
S-VLAN.
IfaVLANbeingconfiguredasanS-VLANalreadyexistsasaGVRP
C-VLANorastaticC-VLANontheswitch,theS-VLANcreationis
blocked.Similarly,aC-VLANcreationisblockedifthesameVID
existsasastaticS-VLANonthedevice.
S-VLANsinamixedvlandevicecannotbeconfiguredasa
voice-VLAN,primary-VLAN,ormanagement-VLAN.
S-VLANscannotbeconfiguredwithip-layerfunctionality,exceptfor
ip-acls.
VLANconfigurationrestrictionsinsvlanmode:
OnlyS-VLANsaresupportedthekeywordonallvlan-relatedcom-
mandsyntaxchangesfromvlantosvlan.
Routingrelatedfeaturessuchasip-routing,RIP,OSPF,PIM,andVRRP
areNOTsupportedinsvlanmode.
Port-basedrestrictions:
InQinQmixedvlanmode,aportmustbeexplicitlyGVRP-disabled
beforeitcanbeassignedtotheS-VLANspace(seepage8-15for
details).
8-11
Introduction
InQinQmixedvlanmode,onlyportsthataremembersofS-VLANs
canbeconfiguredascustomernetworkorprovidernetworkports;
portsthataremembersofC-VLANscannotbeconfiguredtoany
port-type.
QinQmixedvlanmodedevicescannotbeconnectedinanS-VLAN
meshtopology.ThisisbecauseSTPcannotberunintheS-VLAN
space,andsoameshtopology(orthepresenceofanyredundant
links)wouldresultinloops.
AportcanonlyeitherbeamemberofS-VLANsorC-VLANs,butnot
acombinationofboth.
AportcannotbeconfiguredasaCustomer-Edgeasspecifiedin
Section12.13.3oftheIEEE802.1adspecification.Inthecurrent
softwarerelease,suchC-taggedinterfacesarenotsupportedonly
port-based/S-taggedinterfacesaresupported.
MovingportsbetweenC-VLANsandS-VLANsmaycauseconflicts.
Forexample,ifaporthasanymirroring/monitoringsessionssetup,
theywillnotbeallowedtochangeVLANdomainsuntilthesesessions
areunconfigured.RefertoChangingVLANPortMemberships
(MixedVlanMode)onpage8-22foradditionaldetails.
InteroperatingwithOtherVendorDevices.WhenenablingQinQ,you
canconfigureauniquetpidvalue,suchas0x8100,toallowthedeviceto
interoperatewithdevicesthatrequirethisvaluefortheinnerandouter
VLAN-tag.Iftheprovidertag-typeisconfiguredas0x8100,then:
customer-networkportscannotbeconfiguredastagged-SVLAN
members;and
tagged-SVLANmemberscannotbeconfiguredascustomer-network
ports.
ConfiguringQinQwithOtherNetworkProtocols.Thenetworksfor
boththecustomerandprovidercanbecomplex.Forinformationonhow
QinQmayimpactothernetworkprotocols(suchasspanningtree,LLDP,
andGVRP),refertoEffectsofQinQonOtherSwitchFeaturesonpage
8-28.
8-12
ConfiguringQinQ
ConfiguringQinQ
QinQmustbeconfiguredonallthedevicesandportsparticipatinginthe
providerbridge.Typically,customerfacingportsareconfiguredasuntagged
membersofS-VLANsandproviderfacingportsareconfiguredastagged
membersofS-VLANs.PertheIEEE802.1adspecification,thereisnocondition
bindingporttypes(customerorprovider)tountaggedortaggedS-VLAN
memberships.Therefore,whenconfiguringQinQtunnellingontheswitch,
youwouldfirstconfigureper-portS-VLANmembership(taggedoruntagged),
andthenconfiguretheporttypeascustomer-networkorprovider-network
dependingonthedevicetowhichtheswitchportisconnected.
Not e Acustomer-networkportcanreceiveS-VLANtaggedframesifthecustomer
andprovideragreeupontheS-VIDassociationforthatcustomerandthe
customerdeviceiscapableofsendingS-VLANtaggedframes.
GeneralConfigurationSteps
ToconfigureQinQ,youwouldtakethefollowingstepsonallparticipating
providerswitches(seethefollowingsectionsfordetailsandrefertopage8-17
foraconfigurationexample):
1. EnableQinQonthedevice,selectingtheappropriateqinqmode(svlanor
mixedvlanmode).
2. Savetheconfigurationandreboottheswitch.
3. ConfigureS-VLANsandassignperportVLANmembership.
4. Configureport-typesforalloftheswitchportsthatcarryQinQtraffic
acrossthenetwork.
5. (Optional)Verifytheconfiguration(seeDisplayingQinQConfigand
Statusonpage8-24).
Ca u t i o n Arebootisrequiredtoenable/disableQinQoperationsontheswitch.When
movingbetweenqinqmodes(qinqmixedvlantoqinqsvlanorviceversa),the
switchbootsupwithadefaultconfigurationforthenewqinqmodeandthe
configurationparametersofthecurrentmodewillbeerasedout.Referto
UpdatingQinQConfigurationsonpage8-22fordetails.
8-13
ConfiguringQinQ
Not e
EnablingQinQ
Bydefault,QinQisdisabledontheswitch.ToenableQinQ,theswitchmust
beputintoeitherQinQmixedvlanmodeorQinQsvlanmodebyissuingone
ofthefollowingcommandsfromconfigurationmodeontheCLI.
Syntax:qinqmixedvlan<tag-type[tpid]>
Fromconfigmode,globallyenablesQinQmixedmode,anenviron-
mentthatsupportsbothS-VLANandC-VLANtrafficonthesame
device.Thiscommandrequiresareboottotakeeffect.
Default:Disabled.
Syntax:qinqsvlan<tag-type[tpid]>
Fromconfigmode,globallyenablesQinQsvlanmode,anS-VLAN
onlyenvironmentthatsupportssupportsport-basedors-tagged
interfacesofthestandard.Requiresareboottotakeeffect.
Default:Disabled.
SettingupS-VLANs
S-VLANscanbecreatedviatheCLIusingthesvlan<vid>command.
Syntax:svlan<vid|ascii-name-string>
[no]svlan<vid>
If<vid>doesnotexistintheswitch,thiscommandcreatesaport-
basedS-VLANwiththespecified<vid>.Ifthecommanddoesnot
includeoptions,theCLImovestothenewlycreatedS-VLAN
context.Ifyoudonotspecifyanoptionalname,theswitchassigns
anameinthedefaultformat:svlannwherenisthe<vid>assigned
totheS-VLAN.IftheS-VLANalreadyexistsandyouentereither
thevidortheascii-name-string,theCLImovestothespecified
S-VLANscontext.
The[no]formofthecommanddeletestheS-VLANasfollows:
IfoneormoreportsbelongonlytotheS-VLANtobedeleted,the
CLInotifiesyouthattheseportswillbemovedtothedefault
VLANandpromptsyoutocontinuethedeletion.Formember
portsthatalsobelongtoanotherS-VLAN,thereisnomove
prompt.
WhenQinQisdisabled,allVLANsmustbeC-VLANs.WhenQinQisenabled
insvlanmode,allVLANsmustbeS-VLANs.WhenQinQisenabledinmixed
vlanmode,VLANscanbeconfiguredaseitherC-VLANsorS-VLANs.Formore
onS-VLANconfigurationconstraints,refertotherestrictionsonpage8-10.
8-14
ConfiguringQinQ
ConfiguringPer-PortS-VLANMembership
Thesvlan<vid>commandsupportstaggedanduntaggedoptionstoconfigure
per-portS-VLANmemberships.Youcanusetheseoptionsfromtheconfigura-
tionlevelbybeginningthecommandwithsvlan<vid>,orfromthecontext
levelofthespecificVLANbyjusttypingthecommandoption.
Syntax:svlan<vid>
tagged<port-list>
Configurestheindicatedport(s)asTaggedforthespecified
S-VLAN.Thenoversionsetstheport(s)toeitherNoor(if
GVRPisenabled)toAuto.
untagged<port-list>
Configurestheindicatedport(s)asUntaggedforthe
specifiedS-VLAN.Thenoversionsetstheport(s)toeither
Noor(ifGVRPisenabled)toAuto.
forbid<port-list>
QinQsvlanmodeonly.Usedinport-basedS-VLANsto
configure<port-list>asforbiddentobecomeamemberof
thespecifiedVLAN,aswellasotheractions.Thenoversion
setstheport(s)toeitherNoor(ifGVRPisenabled)toAuto.
Refertochapter3,GVRP,inthisguide.
auto<port-list>
QinQsvlanmodeonly.AvailableifGVRPisenabledonthe
switch.Returnstheper-portsettingsforthespecified
S-VLANtoAutooperation.NotethatAutoisthedefaultper-
portsettingforastaticVLANifGVRPisrunningonthe
switch.Refertochapter3,GVRP,inthisguide.
Note:Sinceprovider-gvrpisnotsupportedinaQinQmixedvlanmode
environment,theforbidandautoconfigurationsareonlyavailablein
QinQsvlanmode.FormoreinformationondynamicVLANandGVRP
operation,refertochapter3,GVRPinthisguide.
InQinQmixedvlanmode.Aninterface(portortrunk)mustbeexplicitly
GVRP-disabledbeforeitcanbeassignedtotheS-VLANspace.Whenyoufirst
attempttoconfigureaportastaggedforanS-VLAN,theCLIwillissuea
messagedisallowingtheconfiguration.Forexample:
<conf i g #> svl an 200 t agged a1, a2
GVRP enabl ed por t s cannot be member s of svl ans. Di sabl e
t he i nt er f ace l evel gvr p conf i gur at i on.
Todisablegvrpattheinterface,youwouldissuethefollowingcommand:
<conf i g #> i nt er f ace a1, a2 unknown- vl ans di sabl e
8-15
ConfiguringQinQ
Nowwhenyouconfiguretheport,theCLIwillissueawarningprompt:
Por t s a1, a2 wi l l l ose t hei r cvl an member shi ps i f any.
Do you want t o cont i nue? [ y/ n] y
Press[Y]tocontinueandautomaticallyconfigurebothportsasport-type
provider-network(thedefaultforallS-VLANmemberports).
ConfiguringPort-Types
WhenQinQisenabledontheswitchallS-VLANmemberportsmustbe
categorizedaseitherport-typecustomer-networkorprovider-network(see
Figure8-5).
Customerfacingports
mustbeconfiguredas
customer-networkports
Customer
Provider
EdgeSwitch Provider
CoreSwitch
Device
Portsinsidetheprovidernetworkthatparticipate
intheproviderbridge(includinguplinkports)
mustbeconfiguredasprovider-networkports
(thedefaultforallQinQenableddevices)
Figure8-5.ExampleofCustomerorProviderPortsintheProviderNetwork
AllportsofaQinQenableddevicedefaulttoprovider-network.Anyports
participatingintheproviderbridgethatareusedtoconnecttocustomer
equipment,mustbemanuallyconfiguredasport-typecustomer-network.In
amixedmodedevice,portsthataremembersofC-VLANsandthatdonot
participateintheprovider-bridgecannotbeconfiguredtoanyport-type.
Thefollowingcommandallowsyoutoconfiguretheappropriateport-type.
Syntax:[no]interface<port-list|Trkx>qinqport-type<customer-network|provider-
network>
Configuresthespecifiedports/trunksasacustomernetworkport
orprovidernetworkport.
Default:port-typeprovider(forQinQsvlanmode)
8-16
ConfigurationExample
Figure8-6showsaconfigurationexamplethatusesfourProCurveswitches
toestablishaQinQtunnelthroughtheprovidernetwork.
110
120
Customer
VLANs
A1
A2
110
120
A1
A1
A1
A2
A2
A2
A3 A3
A3
A3
A4
A4
Provider
Edge1
Provider
Edge2
Provider
Core1
Provider
Core2
CustomerB
Site1
CustomerB
Site2
CustomerA
Site1
CustomerA
Site2
100
200
Customer-networkports(A1andA2)acceptall
taggedanduntaggedframesandputthemintoa
singleS-VLANpercustomer.
100(110);
S-VLANs
200(120);
100(110);
200(120);
100(110);
200(120);
100(110);
200(120);
Figure8-6.QinQConfigurationExample
Thedesignparametersforthisexampleareasfollows:
Theprovideredgebridgeandtheprovidercorebridgeareconfiguredin
svlanmode.
EachcustomerisassociatedwithasingleS-VLANconnectingtwosepa-
ratesites:customerAsVLANs(C-VLANs 1-10)areassociatedwith
S-VLAN100;andcustomerBsVLANs(C-VLANs1-20)areassociatedwith
S-VLAN200.
Not e s TheVLANsofcustomersAandBcanoverlap:thiswillnotresultin
intermixingofcustomerframesintheprovidercloudbecausethe
S-VLANsassociatedwitheachcustomeraredifferent.
CoredevicesarenotmandatorytoestablishaQinQtunnel.Forexample,
twoedge-bridgescanbeconnecteddirectlytocreateaproviderbridge
network.
8-17
TherelationshipbetweenS-VLANsandC-VIDsistypicallyonetomany.
AnalternativeconfigurationmightassociateasinglecustomersC-VIDs
withmorethanoneS-VLAN.Suchaconfigurationwouldmostlikelybe
usedtotunneldistinctC-VIDsthroughvariousS-VLANs,butseldombe
usedtosendthesameC-VIDthroughmultipleS-VLANs.
ConfigureProviderEdge1Switch.Figure8-7showstheconfiguration
detailsforEdge1switch.
Customer-network
ports:Untagged
Provider-network
ports:Tagged
110 100
100(110);
200(120)
A1
A2
A3
A4
200
120
Provider
Edge1
Switch
Customer-networkportsacceptalltaggedand
untaggedframesandputthemintoasingleS-VLAN
100(110);
200(120)
Figure8-7.ConfigurationExample:EdgeSwitch1
Attheendoftheconfiguration,thefollowingsettingswillapply:
AllcustomerAsitetrafficreceivedonportA1willbeassociatedwith
S-VLAN100.ThisisindependentoftheC-VLANtaginformationthatthe
customerframesmaycarry.
AllcustomerBSite1trafficwillbeassociatedwithS-VLAN200andbe
switchedouttothecore(uplinksA3,A4)withtheS-VLANtag-idof200.
Theframesizewillincreaseby4sinceportsA3andA4aretagged
membersofS-VLAN100and200.
Toconfiguretheswitch,youwoulddothefollowingsteps:
1. EnableQinQ.
Edge l ( conf i g) # qi nq svl an t ag- t ype 88a8
2. Reboottheboxwiththeconfigurationsavedtotransferintosvlanbridge
mode.
Not e ArebootisrequiredfortheQinQenablecommandtotakeeffect.
8-18
3. ConfigureS-VLANsandportsconnectedtothecustomernetwork.
Edge1 ( conf i g) # svl an100
Edge1( svl an- 100) # unt agged A1
Edge1( svl an- 100) # exi t
Edge1( conf i g) # i nt A1 qi nq por t - t ype cust omer - net wor k
Edge1( conf i g) # svl an 200
Not e Inthisexample,customerAisassignedS-VLAN100andcustomerBis
assignedS-VLAN200.However,thesamecustomercanbeassociatedwith
morethatoneSVLAN.Also,interfacesA1andA2areconfiguredas
customernetworkportsbecausetheyarelinkedtocustomerbridges.
4. Configuretheproviderportsleadingtothecoreoftheprovidernetwork.
Edge1( conf i g) # svl an 100 t agged A3, A4
Edge1( conf i g) # i nt er f ace A3, A4 qi nq por t - t ype
pr ovi der - net wor k
Not e AsrecommendedbyIEEE802.1adspecification,uplinkportsshould
generallybeconfiguredastaggedportsforS-VLANsthatareusedtocarry
customertraffic.However,thisisnotamandatoryrequirementon
ProCurveswitchesS-VLANsthatareusedforinternalprovidernetwork
use(notcarryingcustomertrafficbutformanagementoftheprovider
networkdevices)canhaveuntaggedportmemberships.
ConfigureProviderEdge2Switch.Theconfigurationdetailsforthe
Edge2switchmirrorstheconfigurationfortheEdge1switch.Allcustomer
trafficreceivedonportA1fromcustomerAssite2willbeassociatedwith
S-VLAN100.Similarly,allcustomerBssite2trafficwillbeassociatedwith
S-VLAN200.
Toconfiguretheswitch,youwoulddothefollowingsteps:
1. EnableQinQ.
Edge 2( conf i g) # qi nq svl an t ag- t ype 88a8
8-19
mode.
3. ConfigureS-VLANsandcustomerportsconnectedtothecustomernet-
work.
4. Configuretheproviderportsleadingtothecoreoftheprovidernetwork.
Edge1( conf i g) # i nt er f ace A3, A4 qi nq por t - t ype
ConfigureProviderCore1Switch.Figure8-8showstheconfiguration
detailsfortheCore1switch..
100(110);
A2
A3
Provider
Core1
Switch
A1
100(110);
200(120)
200(120)
IfportsA3onboththeprovidercoreswitchesarelinked
(asinthisexample),thentheprovidernetworkcanoperate
spanningtreeindependentofthecustomerspanningtree.
Theswitchwillblockanyredundantprovidernetworkports
andpreventsloopsintoasingleS-VLAN.
Figure8-8.ConfigurationExample:CoreSwitch1
ToconfiguretheCore1switch,youwouldtakethefollowingsteps:
1. EnableQinQ.
Cor e l ( conf i g) # qi nq svl an t ag- t ype 88a8
8-20
mode.
3. ConfigureS-VLANsandportassignments.
Cor e 1( conf i g) # svl an 100
Cor e 1( svl an- 100) # t agged A1, A2
Cor e 1( svl an- 100) # exi t
Cor e 1( conf i g) # i nt er f ace A1, A2 qi nq por t - t ype
Not e TheS-VLANconfigurationforthecoredevicesisbasedonwhatVLANs
theedgedevices(Edge1and2)cansend.Perthe802.1adspecification,
allportscarryingcustomertrafficwillbetaggedontheVLANthattheport
carriescustomerframeson.
ConfigureProviderCore2Switch.ToconfiguretheCore2switch,you
wouldtakethefollowingsteps:
1. EnableQinQ.
Cor e 2( conf i g) # qi nq svl an t ag- t ype 88a8
mode.
3. ConfigureS-VLANsandportassignments.
Cor e 2( conf i g) # i nt er f ace A1, A2 qi nq por t - t ype
VerifytheConfiguration. Oncetheedgeandcoreswitchconfigurations
arecompleted,QinQoperationscanbegin.Toverifyoperations,itshouldbe
possibletoassignIP-addressestocustomerAorBdevicesinsite1andsite2
andpingthem.Ifeverythinghasbeenconfiguredcorrectly,trafficwillflow
throughtheprovidernetworkcloudandreachtheothersiteseamlessly.To
verifytheconfiguration,seealsoDisplayingQinQConfigandStatusonpage
8-24.
8-21
UpdatingQinQConfigurations
ThissectionconsiderstheimpactsofupdatingQinQmodesandconfiguration
settingsontheswitch.
ChangingQinQModes
ChangingQinQmodes(and/ordisablingQinQoperations)willresultinthe
currentconfigurationbeingerased.SeethefollowingCautionfordetails.
Ca u t i o n Configuringtheswitchtooperateinadifferentbridgemoderequiresareboot
totakeeffect.Uponreboot,allconfigurationinformationfortheprior
QinQmodewillbelost.AnyconfigurationscreatedundertheexistingQinQ
modewillbeerased,andthedevicewillbootupwithadefaultconfiguration
forthenewQinQmode.
ForinformationontheeffectofthedifferentQinQmodesonswitchprotocols
andoperations,refertoTable8-2onpage8-28.
DisablingQinQ
TodisableQinQonceithasbeenenabled,youwouldissuethefollowing
commandsfromconfigurationmodeontheCLI.
Syntax:noqinq
ThisisthedefaultmodewhenQinQisdisabledontheswitch.
Movingintothisconfigurationfromanotherqinqconfiguration
requiresareboottotakeeffect.Uponreboot,allconfiguration
informationforthepriorQinQmodewillbelost.
Defaultsetting.StandardVLANoperationsapply.
ChangingVLANPortMemberships(MixedVlanMode)
Onmixedvlanmodedevices,certainper-portfeaturesarenotsupportedon
S-VLANsthataresupportedonC-VLANs.Portsthatarecurrentlymembersof
aregularVLANcanonlymovetoanS-VLANifthereisnoconflictingconfig-
uration.
8-22
Not e Toavoidamisconfiguration,itisrecommendedthatyouuseadefaultinter-
faceconfigurationwhenmovingportsbetweenC-VLANsandS-VLANs.
WhenconfiguringS-VLANportmembershipsusingthesvlancommand,the
CLIissuesawarningandpromptifanyoftheportslistedalreadybelongtoa
regularVLAN.Forexample:
Por t s a1, a2 wi l l l ose t hei r cvl an member shi ps i f any.
Do you want t o cont i nue: y/ n?
Thewarningpromptisdisplayedonlywhenthereisatleastoneportinthe
portlistthatneedstobemovedoutfromtheC-VLANspacetotheS-VLAN
domain.Similarly,ifportsbeingaddedtotheC-VLANarealreadymembersof
anS-VLAN,theCLIissuesawarningthattheportsmembershipwithits
existingVLANswillberemovedandwillpromptforaconfirmationbefore
continuing.
IfallportsarejustbeingaddedorremovedfromwithinthesameVLANtype
domain,nopromptwillappear.Forexample,movingportsfromS-VLAN200
toS-VLAN300,willnotresultinanywarningastheportsarealreadypartof
theS-VLANdomain.
MovingPortsbetweenC-VLANsandS-VLANs(Mixed
VlanMode)
Aport(ortrunk)thatisamemberofC-VLANscannotbemovedintothe
S-VLANspacewithconflictingconfigurationsfortheS-VLANmode.Thelist
ofconflictingprotocols/featuresislistedbelow.Ifaporthasanyofthese
enabled,thefeaturemustbedisabledbeforetheportcanbemovedintothe
S-VLANspace.
AninterfacehastobeGVRP-disabledtomoveitfromtheC-VLANtothe
S-VLANspace.ThisisbecauseS-VLANsofmixedvlanmodedonot
supportprovider-GVRP,andalsobecauseaGVRP-enabledconfiguration
(whentheportisaC-VLANmember)isinthecontextofcustomer-GVRP
whichmustbedisabledbeforetheportcanoperateintheS-VLANspace.
Interfaceshouldnothaveanymirroringormonitoringsessionswhen
movingbetweenC-VLANsandS-VLANs.Allmirror/monitorsessionsthat
involvetheportmustbeunconfigured.
Aninterfacethathasauth-vidorunauth-vidconfigurationcannotmove
intotheS-VLANspace.Theyhavetobeunset.
InterfacescannothaveLACPenabled(activeorpassivemodes)when
movingintotheS-VLANspace.Theyhavebedisabled.
8-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - -
DisplayingQinQConfigandStatus
Thefollowingsectionoutlineschangesandadditionstoexistingshowcom-
mandoutputstodisplayQinQconfigurationandstatus.
ShowCommandsforQinQ
TheshowqinqcommanddisplaysQinQconfigurationinformation.
Syntax:showqinq
ShowsQinQglobalandportconfigurationsontheswitch.
Mode:ShowstheQinQconfigurationmodethatisoperating
ontheswitch.
cvlanbridge:QinQisdisabled,normalVLANsapply.
mixedvlanbridgemode:BothS-VLANsandregularC-
VLANsareavailableinamixedvlanmodeenvironment.
svlanmode:NoregularVLANcommandsareavailable.All
VLANsconfiguredontheswitchareS-VLANsonly.
Tag-id:DisplayedonlyifQinQisenabledontheswitch.
PortType:DisplayedonlyifQinQisenabledontheswitch.On
amixedmodedevice,porttypeisonlyshownforsvlanports.
Forexample:
Pr oCur ve ( conf i g) # show qi nq
Qi nQ Gl obal Conf i gur at i on:
Br i dge- mode : svl an br i dge
Qi nQ I nt er f ace Conf i gur at i on:
i nt er f ace por t - t ype
A1 pr ovi der - net wor k
A2 pr ovi der - net wor k
Tr k1 cust omer - net wor k
Figure8-9.ExampleofshowqinqOutput(QinQsvlanmode)
8-24

- - - - - - - - - - - - - - - - - - - - - - - - -
ShowCommandsforVLANs
Thefollowingshowcommandsareasubsetofthoselistedinthechapteron
StaticVirtualLANs(VLANs)highlightingthechangesmadetoshowthe
additionalQinQVLANtypes(C-VLANsandS-VLANs).Forafulllistingofall
commandparameters,refertothechapteronStaticVirtualLANs(VLANs).
DisplayingtheSwitchsVLANConfiguration. Theshowvlanscommand
liststheVLANscurrentlyrunningintheswitch,includingtheVID,VLANname,
andVLANstatus.OnceQinQisenabledinmixedvlanmode,anadditional
fieldshowingtheVLANtypeisaddedtothedisplayoutput.
Syntax: showvlans
(ChangestoparameterswhenQinQisenabled:)
VLANID:Fieldnamechangesfrom802.1QVLANIDtoVLAN
IDonly.
Type:InaQinQmixedmodeenvironment,theVLANtypecan
beeitheraregularcustomerVLANCVLAN,oritcanbea
tunnelVLANintheprovidernetworkSVLAN.
Forexample:
Pr oCur ve ( conf i g) # show vl ans
St at us and Count er s - VLAN I nf or mat i on
WhenQinQisdisabled
Maxi mumVLANs t o suppor t : 256
(thedefault),S-VLANsdo
Pr i mar y VLAN : DEFAULT_VLAN
notexistontheswitch
andtheVLANTypefield
Management VLAN : VLAN- 100
doesnotappear.
VLAN I D Name Type
1 DEFAULT_VLAN CVLAN
10 Vl an- 10 SVLAN
| St at us Voi ce J umbo
+ - - - - - - - - - - - - - - - - - - -
| Por t - based No No
| Por t - based No No
100 Vl an- 100 CVLAN | Por t - based No No
101 Vl an- 101 SVLAN | Por t - based No No
Figure8-10.ExampleofshowvlanOutput(QinQMixedVLANMode)
8-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DisplayingtheConfigurationforaParticularVLAN. Thiscommand
usestheVIDtoidentifyanddisplaythedataforaspecificVLAN.OnceQinQ
isenabledinmixedvlanmode,anadditionalfieldshowingtheVLANTypeis
addedtothedisplayoutput.
IDonly.
Type:InaQinQenabledenvironment,theVLANtypecanbe
eitheraregularcustomerVLANCVLAN,oritcanbeatunnel
VLANintheprovidernetworkSVLAN.
Forexample:
Pr oCur ve Swi t ch ( conf i g) # show vl an 10
St at us and Count er s - VLAN I nf or mat i on - Por t s - VLAN 10
VLAN I D : 10
Name : Vl an- 10
Type : SVLAN
St at us : Por t - based
Voi ce : No
J umbo : No
WhenQinQisenabled,
theVLANTypefieldis
displayed.
Por t I nf or mat i on Mode Unknown VLAN St at us
1 Unt agged Di sabl e Down
Figure8-11.ExampleofShowVLANforaSpecificVLAN(QinQEnabled)
8-26
- - - - - - - - - - -
DisplayingtheVLANMembershipofOneorMorePorts.Thiscom-
mandshowstowhichVLANaportbelongs.OnceQinQisenabled,anaddi-
tionalfieldshowingtheVLANTypeisaddedtothedisplayoutput.
IDonly.
Type:InaQinQenabledenvironment,theVLANtypecanbe
eitheraregularcustomerVLANCVLAN,oritcanbeatunnel
VLANintheprovidernetworkSVLAN.
Forexample:
WhenQinQisenabled,the
VLANTypeisdisplayed.
Type | St at us
- - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - -
| Por t - based
Pr oCur ve Swi t ch ( conf i g) # show vl ans por t s 1 det ai l
St at us and Count er s - VLAN I nf or mat i on - f or por t s 1
VLAN I D Name Voi ce J umbo Mode
10 Vl an- 10 SVLAN No No Unt agged
Figure8-12.ExampleofShowVLANPortsOutput(QinQEnabled)
DisplayingSpanningTreeStatus
InQinQmixedmode,onlyportsthataremembersofC-VLANswillbe
displayedinshowspanningtreeoutput.Thisisduetothefactthatportsthat
aremembersofS-VLANsdonotparticipateinC-VLANspanningtreeandwill
alwaysbeinforwardingstate(treatedasedgeports).
8-27
EffectsofQinQonOtherSwitchFeatures
EffectsofQinQonOtherSwitch
Features
PertheIEEEstandards,protocolssuchasSTPandGVRPareassigned
separateaddressesforcustomernetworksandprovidernetworks,ensuring
thatQinQhasnoimpactontheiroperations.BridgeProtocolDataUnits
(BPDUs)thatneedtobetunneledthroughtheprovidernetworkaretreated
asnormalmulticastframesattheproviderbridgeandforwardedout.
However,otherprotocolsusecommonaddressesforbothcustomerand
providernetworks,andsoarenotsupportedwhenQinQisenabledonthe
switch.Similarly,proprietaryfeaturessuchasmeshing,discovery,UDLD,and
loop-protectdonotprovidetunnelingsupport.Insuchcases,whereprovider
networkscouldrunaninstanceofthesameprotocolasacustomercouldrun
localtotheirsite,theseframesaredroppedatthecustomer-networkportsof
theproviderbridge.
Not e TheIEEEstandardsgrouparedevisingnewaddressingschemesthatmay
supportadditionalQinQtunnelingoperations.Checkthelatestproduct
releasenotesforimplementationupdatesastheyapplytoProCurveswitches.
WhenQinQisnotenabled(thedefaultsetting),therearenoimpactstothe
switchsnormaloperations.Table8-2showstheimpactsofQinQonthe
operationofswitchprotocolsandfeaturesbasedontheQinQmodethatis
configured:QinQmixedvlanmode(C-VLANsandS-VLANsareallowed)or
QinQsvlanmode(S-VLANsonly).
Table8-2.ImpactsofQinQConfigurationsonOtherSwitchFeatures
SwitchFeature ImpactsofQinQConfigurationsandAllowedOperations
ACLs InQinQmixedvlanorsvlanmodes:
Ondouble-taggedframes,theVIDapplicablewhenapplyingACLswill
betheS-VLANtagandnottheC-VLANtag.
aaa InQinQmixedvlanmode:
auth-vid/unauth-vidconfigurationisnotsupportedonsvlanports;the
auth-vid/unauth-vidcannotbeanS-VLANid.
IfaportthatisamemberofC-VLANsisconfiguredwithauth-vidor
unauth-vidanditneedstobeaddedtotheS-VLANdomain,theauth/
unauthconfigurationmustfirstbeundone.
arp-protect InQinQmixedvlanmode:
arp-protectisNOTsupportedonSVLANs,noronS-VLANports.
8-28
CDP InQinQmixedvlanorsvlanmodes:
CDPframesareconsumedatcustomernetworkports,ifCDPisenabled
onthedeviceport,andthecustomerdeviceshowsupasaCDP
neighboronthecustomer-networkport.Ifnot,theframesaredropped.
DHCP InQinQmixedvlanorsvlanmodes:
dhcprelayonlyappliestoC-VLANs.
dhcpsnoopingisNOTsupportedonS-VLANs.
directed- InQinQsvlanmode:
broadcast
directed-broadcastisNOTsupportedonprovidercoredevices.
GVRP InQinQmixedvlanmode:
S-VLANportscannotbeGVRPenabled.
RegularVLANswillparticipateinC-VLANGVRPifenabledtodoso.
S-VLANswilltunnelallC-VLANGVRPframesthrough.
AnexplicitGVRPdisableonaportisaprerequisitetomovingtheport
toanS-VLANdomain.
Port-basedinterfacesdonothavesupportforprovider-GVRP
protocols.ProviderGVRPframesreceivedatS-VLANinterfaceswillbe
dropped.
IfaVLANbeingconfiguredasanS-VLANisalreadyaGVRPVLANon
theswitch,thisS-VLANcreationwouldbeblocked.
InQinQsvlanmode:
GVRPissupportedonS-VLANportsiftheqinqmodeissvlan.
igmp-proxy InQinQmixedvlanmode:
igmp-proxycannotbeconfiguredonS-VLANs.
InQinQsvlanmode:
igmp-proxyisNOTsupported.
IP SeeLayer3Protocols(IP,IP+,DHCP,ARP,IGMPLayer3,Layer3ACLs)
onpage8-30.
IPv6 InQinQmixedvlanmode:
IPv6featuresareNOTsupportedonS-VLANs.
ip-recv-mac InQinQmixedvlanmode:
ip-recv-maccannotbeconfiguredonS-VLANs.
InQinQsvlanmode:
ip-recv-macisNOTsupported.
Jumbo InQinQmixedvlanorsvlanmodes:
Nochangeinoperations.Itisrecommendedtojumbo-enableall
SVLANsusedforcustomerdatatunnelingtosupporttheadditionofthe
extraS-tagineachframe.
8-29
LACP/ InQinQmixedvlanmode:
PortTrunks
Dynamic-LACPisnotsupportedonS-VLANports:LACPmanualtrunks
alonearesupported.ThenewtrunkwillbeamemberofC-VLANs(port
typesarenotapplicable).
Iftwoportsareaddedtoatrunk,theresultanttrunkwillbeamember
ofthedefault-vlan(vid-1)whichisalwaysaC-VLAN.Thetrunkcan
subsequentlybemanuallyassignedtoanS-VLAN.
Port-typeandVLANconfigurationsarenotmapped.Iftheport-typeis
updatedthroughCLIorSNMPandtheportissubsequentlymovedfrom
theC-VLANspacetotheS-VLANspacethenbackagain,thelast
configuredport-typeisretainedthrougheachmove.
InQinQsvlanmode:
Onsvlanbridges,bothmanualanddynamicLACPtrunksaresupported.
Itisnotrecommendedtoconfiguredynamictrunkson'customer'ports
becausetheycannotbecomedynamicmembersofSVLANs(thereis
noprovider-gvrpforadynamictrunktobecomeamemberofS-VLANs.)
Anewlyformedtrunkwillbydefaultbeoftype'provider-network'.
WhenthetrunkismanuallyassignedtoanS-VLANforthefirsttime
afterbeingcreated,theport-typeis'provider-network'.
Layer3 InQinQmixedvlanmode:
Protocols(IP,
ThereisnoIPlayerfunctionalityonS-VLANs.
IP+,DHCP,ARP,
NochangeinIPlayerfunctionalityonregularC-VLANs.
IGMPLayer3,
Layer3ACLs)
S-VLANscannotbeconfiguredasRIP,OSPF,PIM,orVRRPinterfaces.
InQinQsvlanmode:
S-VLANscanbeipenabled.
IProutingisNOTsupported.
LLDP InQinQmixedvlanorsvlanmodes:
LLDPissupportedonthedevice(inbothqinqmodes).However,there
isnoprovisionfortunnelingcustomerLLDPBPDUsthroughthe
provider-network.
LLDPBPDUsreceivedfromacustomer'snetworkwillbeconsumedat
thecustomer-networkportsofaproviderdeviceandthecustomer
devicewillbedisplayedasanLLDPneighbor.Similarlytheprovider
networkdevicewillshowupasaneighboronthecustomer'snetwork
ifthecustomer-networkportssendoutLLDPadvertisements.
load-sharing InQinQsvlanmode:
Equalcostmulti-path(ECMP)isNOTsupportedonprovidercore
devices.
management InQinQmixedvlanmode:
VLAN
ThemanagementVLANcannotbeanS-VLAN.
Meshing InQinQmixedvlanmode:
MeshingisNOTsupportedonthedevice.
InQinQsvlanmode:
Onanallprovider-networkportsofansvlan-bridge,meshingis
supported.
Meshingcannotbeenabledoncustomer-networkports.
8-30
Mirroring/ InQinQmixedvlanmode:
Monitoring
RemotemirroringisnotsupportedonS-VLANs.
CannotmonitoraVLANwithmirrorportsintheotherVLANdomain.
Thatis,anS-VLANoranS-VLANportcannotbemonitoredusinga
C-VLANportasitsmirror,andvice-versa.
WhenaportismovedfromtheS-VLANspacetotheC-VLANspace(or
viceversa),allmirror/monitorsessionsontheportmustbe
unconfiguredbeforethemovewillbeallowed.
multicast- InQinQsvlanmode:
routing
MulticastroutingisNOTsupportedonprovidercoredevices.
QoS InQinQmixedvlanorsvlanmodes:
ItisnotrecommendedtoenableDSCPonS-VLANsusedfortunneling
asthecustomerip-pktwillbemodifiedintheS-VLANspace.
Routing InQinQsvlanmode:
RoutingisNOTsupportedonprovidercoredevices.
source-binding InQinQmixedvlanorsvlanmodes:
source-bindingcannotbeconfiguredonS-VLANs.
source-route InQinQsvlanmode:
source-routeisNOTsupportedonprovidercoredevices.
SpanningTree InQinQmixedvlanmode:
Customer(C-VLAN)spanningtreeissupported.AllC-VLANportswill
receive/transmitcustomerSTPBPDUsandparticipateinregularVLAN
spanningtreeasusual.
WhencustomerSTPBPDUsarereceivedatS-VLANportsonthe
switch,theywillbefloodedoutoftheotherportsontheS-VLAN.All
suchframeswillbetunneledthroughtheS-VLANtunnelunscathed.
Provider(S-VLAN)spanningtreeisNOTsupportedontheswitch.
IfS-VLANSTPframesarereceivedonanyS-VLANenabledports,they
willbereforwardedoutoftheotherportsontheS-VLAN.
STPconfigurationonS-VLANportsisnotsupported.
IfaportthatisamemberofC-VLANsismovedintobeingamemberof
S-VLANs,theportwould,bydefault,tunnelcustomerSTPBPDUs.
IfaC-VLANporthasbeenconfiguredwithanynon-defaultSTP
parameters(suchasadmin-edge,auto-edge,andbpdu-protect)andisthen
movedintoanS-VLAN,theportwillbeputintoaforwardingstate
regardlessoftheSTPconfigurationsdonewhentheportwasamember
oftheC-VLAN.
MSTPinstancescannotincludeS-VLANs.
InQinQsvlanmode:
Provider(S-VLAN)spanningtreeissupportedbothprovider-network
portsandcustomer-networkportswillreceive/transmitproviderSTP
BPDUs.
Customer(VLAN)spanningtreetunnelingissupportedonS-VLAN
interfacescustomer-networkorprovider-networkportswilltunnel
customerSTPBPDUsthroughtheappropriateS-VLAN.
8-31
Stacking InQinQmixedvlanmode:
StackingisonlysupportedonC-VLANs.Thedevicedoesnotadvertise
itself(usingthestackdiscoveryprotocol)intheS-VLANspace.
InQinQsvlanmode:
Stackingdiscoveryprotocolframeswillnotbesentoutof
customer-networkports;similarly,anystackingdiscoveryprotocol
framesreceivedoncustomer-networkportswillbedropped.
UDLD InQinQmixedvlanorsvlanmodes:
UDLDframesreceivedonudld-disabledcustomernetworkportswill
bedropped.However,ifthecustomer-networkportisudld-enabled,it
canpeerwithacustomerdevice.
UDLDframesreceivedonudld-disabledprovidernetworkportswillbe
reforwardedoutofotherudld-disabledprovidernetworkportsonthe
sameVLAN.
UDLDreforwardingintheC-VLANspace(QinQdisabledormixedvlan
mode)willremainunaltered.
udp-bcast- InQinQsvlanmode:
forward
udp-bcast-forwardisNOTsupportedonprovidercoredevices.
unknown-vlans InQinQmixedvlanmode:
GVRP(learnanddisabledmodes)notsupportedonS-VLANports.
AC-VLANportthathasGVRPenabledwillneedtodisableitbeforeit
canbeaddedtoS-VLANs.
VoiceVLANs InQinQmixedvlanmode:
S-VLANscannotbeconfiguredasvoice-VLANs.
VRRP InQinQmixedvlanorsvlanmodes:
VRRPisNOTsupportedonS-VLANs.
8-32
EventLogMessagesandSNMPSupport
Table8-3showstheeventlogmessagesthatmaybegeneratedwhenQinQis
enabledontheswitch.
Table8-3.QinQEventLogMessages
Message Meaning
syst em: Reboot i ng f or qi nq SystemrebootoccasionedbyachangeinQinQ
mode change
configurationmode.
Qi nQ: qi nq mode - mi xedvl an Thedeviceisconfiguredtooperateinqinq
mixedvlanmode.
Qi nQ: qi nq mode - svl an Thedeviceisconfiguredtooperateinqinqsvlan
mode.
SNMPSupportandMIBObjects
TheswitchSNMPagentcanmakeuseofcertainvariablesthatareincluded
inaHewlett-PackardproprietaryMIB(ManagementInformationBase)file.
Table8-4onpage8-34showstheMIBobjectsthatcanbeusedtoconfigure
theQ-in-Q(providerbridge)mode,theproviderbridgeport-type,andtheQinQ
outertagethertype.
TheMIBobjectslistedinthefollowingtablemaybesubjecttochange.The
walkmib<OBJECT-STR>CLIcommandcanbeusedtoverifytheavailabilityof
thelistedMIBobjectsonthedevice.
TodownloadthelatestversionoftheMIBfile:
1. GototheProCurveNetworkingWebsiteat:www.procurve.com
2. Clickonsoftwareupdates,thenMIBs.
8-33
Table8-4.MIBObjectsforQinQ
MIBObject NotesandDescriptions
StandardMIBs
dot1qVlanStaticTable VLANS(S-VLANsorC-VLANS)arecreatedusingthe
standardMIBssuchasthedot1qVlanStaticTabledefinedby
rfc2674_qMIB.TodifferentiatetheVLANasanS-VLANora
C-VLAN,thedot1qVlanStaticTableisaugmentedbyanHP
proprietaryMIB(hpicfVlanClassifierTable)thatletstheuser
specifytheVLANtype.
dot1qVlanStaticEntry AportcanbeamemberofC-VLANsorS-VLANsbutnotboth.
WhenchangingportmembershipsusingtheSNMP
dot1qVlanStaticEntrymibobject,variablebindingtoadda
porttothesvlanandvariablebindingstoremovetheport
fromallexistingcvlans(thatitisamemberof)needtobe
sentinthesamePDU(muchlikehowthe'vlan<vlan-id>
untagged<port>'CLIcommandworkstoday).Thesameis
applicablewhenmovingaportfromtheS-VLANspacetothe
C-VLANspace.
HPProprietaryMIBs
hpicfProviderBridge ThisMIBmoduleistheHP'version'ofthestandardProvider
BridgeMIBandtheproprietaryextensionstoit.
hpicfProviderBridgeType Configuresadevicetoanyoneofthefollowingbridgemode
options:
regularvlanBridge(providerbridgefeaturedisabled
mode,allVLANsareC-VLANs);
s-vlanbridge(providerbridgemodewithonlyS-VLANs);
provideredgebridge(providerbridgemodewith
C-VLANsandS-VLANsandmappingsbetweenthem);
vlanSvlanBridge(providerbridgemodewithindependent
C-VLANsandS-VLANsonthesamedevice).
hpicfProviderBridgeEtherType Definesthe2-byteethertypeforprovider-taggedframes.It
isapplicabletothefollowingbridgetypes:s-vlanbridge,
provideredgebridge,orvlanSvlanBridge.Thedefaultvalue
is0x88a8.Changingfromonetag-typetoanotherwithagiven
hpicfProviderBridgeTypeconfigurationwillrebootthe
deviceandthenewtag-typewilltakeeffectsubsequently.
hpicfProviderBridgeVlanType Augmentsthedot1qVlanStaticTable(seeStandardMIBs
Table above).UsedtoconfigureaVLANasanS-VLANorasa
C-VLANinvlanSvlanBridgemode.Theabsenceofthis
variablebindingwouldclassifythenewVLANasaC-VLAN.
8-34
MIBObject NotesandDescriptions
hpicfProviderBridgePortTable Usedtoconfigureeachportasaproviderorcustomer.
ThisMIBobjectisonlyrelevantwhenthedeviceisQinQ
enabled.Onanonproviderdevice(QinQdisabled),anySET
operationonthisMIBobjectisdisallowedandanSNMP-
GETwouldnotreturnanyentry.
hpicfProviderBridgePortEntry Usedtospecifythedesignatedtypeofanexternally
accessibleportonaProviderBridge.Theseincludethe
followingoptions:
customer-edgeport(reservedforfutureuse);
customer-networkport:anS-VLANcomponentportona
providerbridgeorwithinaprovideredgebridgethat
receivesandtransmitsframeforasinglecustomer.
provider-networkport:anS-VLANcomponentportona
providerbridgethatcantransmitandreceiveframesfor
multiplecustomers.
8-35
8-36
9
Classifier-BasedSoftwareConfiguration
Contents
UsingClassifier-BasedServicePolicies ......................... 9-2
Introduction ................................................ 9-2
Classifier-BasedConfigurationModel .......................... 9-3
CreatingaTrafficClass ....................................... 9-4
UsingMatchCriteria ......................................... 9-5
ClassConfigurationProcedure ................................ 9-6
OptionalICMPMatchCriteria ................................ 9-14
OptionalIGMPMatchCriteria ................................ 9-17
OptionalTCPandUDPMatchCriteria......................... 9-18
UsingCIDRNotationforIPv4/IPv6Addresses.................. 9-20
ResequencingMatch/IgnoreStatements ....................... 9-24
ShowingaClassConfiguration. .............................. 9-26
CreatingaServicePolicy ..................................... 9-27
ShowingPolicyInformation ................................. 9-31
ModifyingClassesinaPolicy ................................ 9-32
ResequencingClassesinaPolicy ............................. 9-33
ApplyingaServicePolicytoanInterface ...................... 9-35
AppliedPoliciesandOtherFeatures .......................... 9-36
ShowingPolicyStatusInformation ........................... 9-37
DeletinganAppliedPolicy ................................... 9-40
WheretoGoFromHere ...................................... 9-40
9-1
UsingClassifier-BasedServicePolicies
Introduction
Classifier-basedservicepoliciesaredesignedtoworkwithexistingglobally-
configured,switch-wideandport-wideconfigurationsbyallowingyouto
zoominonasubsetofportorVLANtraffictofurthermanageit.Thesepolicies
takeprecedenceover,andmayoverride,globally-configuredsettings.
Classifier-basedservicepoliciesprovidegreatercontrolformanagingnet-
worktraffic.Usingmultiplematchcriteria,youcanfinelyselectanddefine
theclassesoftrafficthatyouwanttomanage.Policyactionsdeterminehow
youcanhandletheselectedtraffic.
StartinginsoftwarereleaseK.14.01,theClassifierfeatureintroduces:
Afinergranularitythanglobally-configuredfeaturesforclassifyingnet-
worktraffic(IPv4orIPv6)intoclassesthatcanbeusedincross-feature
softwareconfigurations
Additionalpolicyactionstomanageselectedtraffic,suchasrate-limiting
andIPprecedencemarking
Theconfigurationofservicepoliciesforclassifiedtrafficwiththefollow-
ingsoftwarefeatures:
QualityofService(QoS)
Trafficmirroring
Theapplicationofservicepoliciestospecificinboundtrafficflowson
individualportandVLANinterfaces(ratherthanonlyonswitch-wideor
port-widetraffic).
9-2
Classifier-BasedConfigurationModel
Classifier-BasedConfigurationTask Page
Reference
CreatingaTrafficClass page9-4
CreatingaServicePolicy page9-27
ApplyingaaServicePolicytoanInterface page9-35
Classifier-basedsoftwareconfigurationconsistsofthefollowinggeneral
steps:
1. Determinetheinboundtrafficyouwanttomanageandhowyouwantto
manageit;forexample,rate-limit,prioritize,mirror,andsoon.
2. Classifythetrafficthatyouwanttomanagebyconfiguringaclass,using
matchandignorecommands.Atrafficclassisconfiguredseparatelyfrom
servicepoliciesandcanbeusedinvariouspolicies.
3. Configureaservicepolicyforoneormoretrafficclasses,includingan
optional,defaultclass.Apolicyconsistsofconfigurationcommands
executedonspecifiedtrafficclassesforoneofthefollowingsoftware
features:
QualityofService(policyqoscommand)
Portmirroring(policymirrorcommand)
4. AssignthepolicytoaninboundportorVLANinterfaceusingtheinterface
service-policyinorvlanservice-policyincommand.
9-3
CreatingaTrafficClass
Figure9-1showsanoverviewofclassifier-basedsoftwareconfiguration.
1.Determinethetraffic
youwanttomanage
2.Configureatraffic
class(IPv4orIPv6)
ignoreCommands
matchCommands
rate-limitCommand
3.Configureapolicy
foroneormore
classes
QoS(policyqos)
Mirroring(policymirror)
priorityCommand
ip-precedenceCommand
dscpCommand
destinationCommand
Defaultclass(atendof
policyconfiguration)
default-classaction
Command
4.Applyaservice
policytoaninterface
VLANs
Ports
Figure9-1.Classifier-BasedConfigurationModel
Intheclassifier-basedconfigurationmodel,youusematchcriteriatocreatea
classofIPv4orIPv6trafficandselectthepacketsyouwanttomanage.Ina
classconfiguration,matchcriteriaconsistofmatchandignorecommands.
Thesecommandsdeterminethepacketsthatbelongtoaclass.(Match/ignore
criteriaaremodelledonthepermit/denycriteriausedinACLs.)
Thetrafficclassesyouconfigurecanbeusedlaterintheservicepoliciesyou
createfordifferentsoftwarefeatures,suchasQoSandportmirroring.The
matchcriteriausedinmatch/ignorestatementsarethesameacrosssoftware
features.
9-4
UsingMatchCriteria
Toidentifythepacketsthatbelongtoatrafficclassforfurtherprocessingby
policyactions,usematchandignorecommandsinaclassconfiguration:
matchcommandsdefinethevaluesthatheaderfieldsmustcontainfora
packettobelongtotheclassandbemanagedbypolicyactions.
ignorecommandsdefinethevalueswhich,ifcontainedinheaderfields,
excludeapacketfromthepolicyactionsconfiguredfortheclass.An
ignoredpacketistransmittedwithouthavingapolicyactionperformed
onit.
Match/ignorestatementscomparethevaluesinpacketfieldswithspecified
criteriainthesequentialorderinwhichthestatementsareenteredintheclass,
untilamatchisfound.Besuretoentermatch/ignorestatementsintheprecise
orderinwhichyouwanttheircriteriatobeusedtocheckpackets.
Assoonasafieldinapacketheadermatchesthecriteriainamatch
statement,thesequentialcomparisonofmatchcriteriaintheclassstops,
andthepolicyactionsconfiguredfortheclassareexecutedonthepacket
(seeCreatingaServicePolicyonpage9-27).
Ifapacketmatchesthecriteriainanignorestatement,thesequential
comparisonofmatchcriteriaintheclassstops,andnopolicyactionis
performedonthepacket.
Ifapacketdoesnotmatchthecriteriainanymatch/ignorestatementinaclass
configuration,oneofthefollowingactionsistaken:
Thepacketistransmittedwithoutapolicyactionperformedonit.
Ifadefaultclassisconfiguredinthepolicy,theactionsspecifiedinthe
default-classcommandareperformedonpacketsthatdonotmatchthe
criteriainprecedingclassesinthepolicy(seeStep3inCreatingaService
Policyonpage9-27).
Thefollowingmatchcriteriaaresupportedinmatch/ignorestatementsfor
inboundIPv4/IPv6traffic:
Layer2802.1QVLANID
Layer3IPprotocol
Layer3DSCPbits
Layer4TCP/UDPapplicationport(includingTCPflags)
VLANID
9-5
ClassConfigurationProcedure
Toconfigureatrafficclasstobeusedinoneormorepolicies,followthese
steps:
1. Entertheclasscommandfromtheglobalconfigurationcontext.
Syntax: [no]class<ipv4|ipv6><classname>
Definesatrafficclassandspecifieswhetherapolicyistobe
appliedtoIPv4orIPv6packets,where<classname>isa
textstring(64charactersmaximum).
Afteryouentertheclasscommand,youentertheclass
configurationcontexttospecifymatchcriteria.Atraffic
classcontainsaseriesofmatchandignorecommands,which
specifythecriteriausedtoclassifypackets.
9-6
2. Enteroneormorematchorignorecommandsfromtheclassconfiguration
contexttofiltertrafficanddeterminethepacketsonwhichpolicyactions
willbeperformed.
Syntax: [no][seq-number]<match|ignore><ip-protocol>
<source-address> <destination-address>[ip-dscpcodepoint]
[seq-number]
The(optional)seq-numberparametersequentially
ordersthematch/ignorestatementsthatyouenterin
atrafficclassconfiguration.Packetsarecheckedby
thestatementsinnumericalorder.
Default:Match/ignorestatementsarenumberedin
incrementsof10,startingat10.Tore-numberthe
match/ignorestatementsinaclassconfiguration,use
theresequencecommand(seeResequencingMatch/
IgnoreStatementsonpage9-24).
<match|ignore>
Definestheclassifiercriteriausedtodetermine
whichpacketsbelongtothetrafficclass.
Ifapacketmatchesamatchcriterion,itbecomesa
memberofthetrafficclassandisforwardedaccord-
ingtotheactionsconfiguredwiththepolicycom-
mand.Ifapacketmatchesanignorecriterion,no
policyactionisperformedonthepacket.Youcan
enteroneormorematch/ignorestatementsinatraffic
class.
Toremoveamatch/ignorestatementfromaclass
configuration,entertheno<seq-number>commandor
thecompleteformofanomatch...ornoignore...
command.
<ip-protocol>
SpecifiesanIPprotocoltobematchedinpacketfields
ofIPv4orIPv6traffic,whereip-protocolisoneofthe
valuesdescribedbelow.
9-7
Whenenteringamatch/ignorecommandinanIPv4
orIPv6class,type?todisplayalistofvalidip-protocol
entries.
InanIPv4class,youcanenteranyofthefollowing
IPv4protocolmatchcriteria:
ah esp gre icmp* igmp*
ip ip-in-ip ipv6-in-ip ospf pim
sctp snmp tcp* udp* vrrp
*ForIPv4ICMP,IGMP,TCP,andUDPpackets,you
canenteradditionalmatchcriteria;see:
OptionalICMPMatchCriteriaonpage9-14
OptionalIGMPMatchCriteriaonpage9-17
OptionalTCPandUDPMatchCriteriaonpage9-18
TospecifyanIPv4protocolasmatchcriteria,youcan
alsoenteritsprotocolnumber.Validvaluesarefrom
0to255.
Forexample,8meansExteriorGatewayProtocol;121
meansSimpleMessageProtocol.ForalistofIPv4
protocolnumbersandcorrespondingprotocolnames,
refertotheIANAProtocolNumberAssignmentSer-
vicesatwww.iana.com.
InanIPv6class,youcanenteranyofthefollowing
IPv6protocolmatchcriteria:
ah esp icmp* ipv6
sctp tcp* udp*
*ForIPv6ICMP,TCP,andUDPpackets,youcanenter
additionalmatchcriteria;see:
OptionalICMPMatchCriteriaonpage9-14
OptionalTCPandUDPMatchCriteriaonpage9-18
<source-address> <destination-address>
DefinethesourceIPaddress(SA)anddestinationIP
address(DA)thatapacketmustcontaintomatcha
match/ignorestatementinanIPv4orIPv6traffic
class.Notethatboththesourceanddestination
addressparametersarerequiredentriesinamatch/
ignorestatement.
Validvaluesfor<source-address>and<destination-
address>areasfollows:
anyMatchesIPv4orIPv6packetsfrom,or
destinedto,anySAorDA.
9-8
host<SA|DA>Matchesonlypacketsfroma
specifiedIPv4orIPv6hostaddress.Usethismatch
criterionwhenyouwanttomatchIPpacketsfrom
onlyoneSA/DA.
SAv4mask|DAv4maskMatchespacketsreceived
from,ordestinedto,asubnetoragroupofIP4
addressesdefinedbytheIPv4mask.EnteranIPv4
maskindotted-decimalformatforanIPv4address
(forexample,10.28.31.10.0.0.255).
SeeUsingCIDRNotationforIPv4/IPv6Addresses
onpage9-20forinformationonhowIPv4maskbit
setsdefineamatch.
NotethatanIPv6addressandmaskarenot
supportedas<SAv6mask>and<DAv6mask>
matchcriteria.)
SAv4/mask-length|DAv4/mask-lengthMatches
packetsreceivedfrom,ordestinedto,anIPv4
subnetoragroupofIPv4addressesdefinedbythe
masklength.EnterthemasklengthforanIPv4SA
orDAmaskinCIDRformatbyusingthenumber
ofsignificantbits.(forexample,10.28.31.3/24).
AnIPv4mask-lengthisappliedtoanSAorDAin
amatch/ignorestatementtodefinewhichbitsina
packetsSA/DAmustexactlymatchthespecified
SA/DAandwhichbitsneednotmatch.
Forexample,10.28.31.3/24meansthattheleftmost
24bitsinanIPv4sourceordestinationaddressin
apacketheadermustmatchthesamebitsetinthe
specifiedIPv4address(inthiscase,10.28.3.3).
Formoreinformation,seeUsingCIDRNotation
forIPv4/IPv6Addressesonpage9-20.
AnIPv4mask-lengthisappliedfromrighttoleft,
startingfromtherightmostbits.
Example:10.10.10.1/24and10.10.10.1 0.0.0.255
bothmatchIPv4addressesintherange10.10.10.(1
to255).
Note:Specifyingagroupofnon-contiguousIP
sourceaddressesmayrequiremorethanone
match/ignorestatement.
9-9
SAv6/prefix-length|DAv6/prefix-lengthMatches
packetsreceivedfrom,ordestinedto,anIPv6
subnetoragroupofIPv6addressesdefinedbythe
prefixlength.EntertheprefixlengthforanIPv6
SA/DAinCIDRformatbyusingthenumberof
significantbits;forexample:
2001:db8:2620:212::01b4/64.
AnIPv6prefix-lengthisappliedtoanSA/DAina
match/ignorestatementtodefinewhichbitsina
packetsSA/DAmustexactlymatchthespecified
SA/DAandwhichbitsneednotmatch.
Forexample,2001:db8:2620:212::01b4/64means
thattheleftmost64bitsina128-bitIPv6sourceor
destinationaddressinapacketheadermustmatch
thesamebitsetinthespecifiedIPv6address(in
thiscase,2001:db8:2620:212::01b4).
Formoreinformation,seeUsingCIDRNotation
forIPv4/IPv6Addressesonpage9-20.
AnIPv6prefix-lengthisappliedfromlefttoright,
startingfromtheleftmostbits.
Example:2001:db8::0001:2620:a03:e102:127/64
and2001:db8::1:244:17ff:feb6:d37d/64bothmatch
IPv6addresseswithanetworkprefixof
2001:db8:0000:0001.
[ip-dscpcodepoint]
(Optional)Matchesthesix-bitDSCPcodepointin
IPv4orIPv6packetstofurtherdefinematchcriteria.
Validvaluesforcodepointareoneofthefollowing:
-NumericequivalentofabinaryDSCPbitsetfrom0
(lowpriority)to63(highpriority)
-ASCIIstandardnameforabinaryDSCPbitset:
af11(001010) af42(100100)
af12(001100) af43(100110)
af13(001110) ef(101110)
af21(010010) cs1(001000)=precedence1
af22(010100) cs2(010000)=precedence2
af23(010110) cs3(011000)=precedence3
af31(011010) cs4(100000)=precedence4
af32(011100) cs5(101000)=precedence5
af33(011110) cs6(110000)=precedence6
af41(100010) cs7(111000)=precedence7
default(000000)
9-10
Todisplayalistofvalidcodepointentrieswhenyou
enterip-dscpinamatch/ignorestatement,type?.
TheDSCPcodepointsaretheleftmostsixbitsofthe
ToS/TrafficClassbyte(seeFigure9-2).
[precedenceprecedence-value]
(Optional)Matchesthethree-bitIPprecedencevalue
inIPv4orIPv6packetstofurtherdefinematchcrite-
ria.Validvaluesforprecedence-valueareeitherthe
numericvalue(0to7)orcorrespondingnameofan
IPprecedencebitset:
0 routine
1 priority
2 immediate
3 flash
4 flash-override
5 critical
6 internet(forinternetworkcontrol)
7 network(fornetworkcontrol)
Todisplayalistofvalidprecedence-valueentries
whenyouenterprecedenceinamatch/ignorestate-
ment,type?.
Notes:Whenusedasamatchcriteria,theIPprece-
dencevalueisappliedinadditiontoallothercriteria
configuredinthematch/ignorestatement.Youcan
enteramatch/ignorestatementeitherwithorwithout
aprecedence-value.
TheIPprecedencebitsaretheleftmostthreebitsofthe
ToS/TrafficClassbyte(seeFigure9-2).Thenumeric
value(0to7)oftheIPprecedencebitscorrespondsto
thehexadecimalequivalentofthethreebinary0
and/or1bitsintheIPprecedencefield.Forexample
iftheIPprecedence-bitbinaryvaluesare1 1 1,the
numericvalueis7(1+2+4).Similarly,iftheIP
precedencebitsare0 1 0,thenumericvalueis2
(0+2+0).
[tostos-value]
(Optional)MatchestheDelayThroughputReliability
(DTR)bitsetintheIPv4Type-of-ServiceorIPv6
TrafficClassbytetofurtherdefinematchcriteria.
9-11
Validvaluesarethenumericvalueorcorresponding
nameoftheDTRbitset.Someusefulvaluesareas
follows:
0 normal
2 max-reliability
4 max-throughput
8 minimize-delay
Default:0ornormal.
Todisplayalistofvalidtos-valueentrieswhenyou
entertosinamatch/ignorestatement,type?.
Notes:Whenusedasamatchcriteria,theToS/Traffic
Classbyteentryisappliedinadditiontoallother
criteriaconfiguredinthematch/ignorestatement.
Youcanenteramatch/ignorestatementeitherwith
orwithoutatos-value.
Figure9-2showstheDTRbitsetinaToS/TrafficClass
byteinanIPv4/IPv6packetheaderandthedifference
betweentheDSCP,DTR,andprecedencebits.
[vlanvlan-id]
(Optional)MatchestheVLANIDnumberinthe
Layer2headerof802.1QVLANpacketstofurther
definematchcriteria.ValidVLANIDsarefrom1to
4094.
Figure9-2usesasampleToS/TrafficClassfieldof10101000
toshowthedifferencesbetweentheIPprecedence(101),
DSCP(101010),andToS/TrafficClass(10101000)bits.Note
thattherightmosttwobitsarereservedas00.
Type-of-ServiceByte(inIPv4Header)
TrafficClassByte(inIPv6Header)
Precedence DelayThroughput
Reserved
Bits ReliabilityBits
1 0 1 0 1 0 0 0
Figure9-2.ExampleofaToS/TrafficClassField
9-12
3. Entertheexitcommandtoexittheclassconfigurationcontext.
Todisplayaclassconfiguration,entertheshowclass<ipv4|ipv6>
<classname>command(seeFigure9-7).
Toeditaclassconfiguration,re-entertheclassconfigurationcontext
(classcommand)andenternewmatch/ignorestatementsasfollows:
Ifyoudonotenterasequencenumber,anewstatementisinsertedat
theendoftheclassconfiguration.
Toremoveamatch/ignorestatementfromaclassconfiguration,enter
theno<sequence-number>commandorthecompleteformoftheno
match...ornoignore...command.
Toresequencetheorderinwhichmatch/ignorestatementsarelisted,
entertheresequencecommand(seeResequencingMatch/Ignore
Statementsonpage9-24).
Toreplaceanexistingmatch/ignorestatement,entertheno
<sequence-number>commandtodeletetheentryandre-entera
complete<sequence-number>match... or<sequence-number>ignore
...command.
Whenyouexitclassconfigurationcontext,thechangesareautomatically
savedandappliedtoexistingpolicyconfigurationsontheswitchthatuse
theclassifthepolicieshavenotbeenappliedtoaninterface.Ifapolicy
hasalreadybeenappliedtoaninterface,theeditingchangesarenot
acceptedandanerrormessageisdisplayed.
Example. Figure9-3showsanexampleoftwoclassconfigurations:
AdminTrafficselectstheadministrativetrafficsentto,andreceived
from,theIPv4addressofanadministratorsPC.
httpselectsHTTPtrafficsenttoTCPports80,443,and8080,and
excludesHTTPtrafficsentto,andreceivedfrom,TCPport1214.
Pr oCur ve( conf i g) # cl ass i pv4 Admi nTr af f i c
Pr oCur ve( cl ass- conf i g) # mat ch i p 15. 29. 16. 1/ 10 any
Pr oCur ve( cl ass- conf i g) # mat ch i p any 15. 29. 16. 1/ 10
Pr oCur ve( cl ass- conf i g) # exi t
Pr oCur ve( conf i g) # cl ass i pv4 ht t p
Pr oCur ve( cl ass- conf i g) # mat ch t cp any any eq 80
Pr oCur ve( cl ass- conf i g) # i gnor e t cp any eq 1214 any
Pr oCur ve( cl ass- conf i g) # i gnor e t cp any any eq 1214
Figure9-3.ExampleofaClassConfiguration
9-13
OptionalICMPMatchCriteria
TomorepreciselydefinetheICMPpacketsthatyouwanttomatchinanIPv4
orIPv6trafficclass,usetheoptionalparametersettingsdescribedinthis
section.Forexample,insteadofmatchingorignoringallICMPtraffic,youcan
configureaclassthatmatchesonlyaspecificICMPpackettypebyentering
itsnumericvalue.
Syntax: [no][seq-number]<match|ignore>icmp
<source-address> <destination-address>
[icmp-type-number|icmpv4-type-name|icmpv6-type-name]
[ip-dscpcodepoint][precedenceprecedence-value]
[tostos-value][vlanvlan-id]
IfyouentericmpastheIPprotocoltypeinamatch/ignore
statement,youcanoptionallyspecifyanICMPpackettype
tomorepreciselydefinematchcriteriaforatrafficclass.
EntertheoptionalICMPmatchcriteriaimmediatelyafter
thedestinationaddress(DA)valueinthecommandsyn-
tax;forexample:
Pr oCur ve( conf i g- cl ass) # mat ch i cmp any any host -
unknown
Pr oCur ve( conf i g- cl ass) # mat ch i cmp any any 3 7
[icmp-type-number]
ConfiguresanICMPpackettypeasmatchcriteriaina
classconfigurationbyenteringitsnumericidentifier.
Validvaluesarefrom0to255.
ForinformationonICMPpacket-typenamesandnumeric
identifiers,gototheInternetAssignedNumbersAuthority
(IANA)websiteatwww.iana.com,clickonProtocolNum-
berAssignmentServices,andthengototheselections
underInternetControlMessageProtocol(ICMP)Param-
eters.
9-14
[icmpv4-type-name]
YoucanalsoenteranyofthefollowingICMPv4packet-type
namestoconfiguremoreprecisematchcriteriaforICMP
packetsinanIPv4classconfiguration.
Todisplayalistofvalidicmpv4-type-nameentrieswhenyou
entericmpastheIPprotocoltypeinamatch/ignorestate-
ment,type?.Someofthevalidvaluesareasfollows:
administratively-prohibited
alternate-address
conversion-error
dod-host-prohibited
dod-net-prohibited
echo
echo-reply
general-parameter-problem
host-isolated
host-precedence-unreachable
host-redirect
host-tos-redirect
host-tos-unreachable
host-unknown
host-unreachable
information-reply
information-request
mask-reply
mask-request
mobile-redirect
net-redirect
net-tos-redirect
net-tos-unreachable
net-unreachable
network-unknown
no-room-for-option
option-missing
packet-too-big
parameter-problem
port-unreachable
precedence-unreachable
protocol-unreachable
reassembly-timeout
redirect
router-advertisement
router-solicitation
source-quench
source-route-failed
time-exceeded
timestamp-reply
timestamp-request
traceroute
ttl-exceeded
unreachable
9-15
[icmpv6-type-name]
YoucanalsoenteranyofthefollowingICMPv6packet-type
namestoconfiguremoreprecisematchcriteriaforICMP
packetsinanIPv6classconfiguration.
Todisplayalistofvalidicmpv6-type-nameentrieswhenyou
entericmpastheIPprotocoltypeinamatch/ignorestate-
ment,type?.Someofthevalidvaluesareasfollows:
cert-path-advertise mobile-advertise
cert-path-solicit mobile-solicit
destination-unreachable nd-na
echo-reply nd-ns
echo-request node-info
home-agent-reply node-query
home-agent-request packet-too-big
inv-nd-na parameter-problem
inv-nd-ns redirect
mcast-router-advertise router-advertisement
mcast-router-solicit router-renum
mcast-router-terminate router-solicitation
mld-done time-exceeded
mld-query ver2-mld-report
mld-report
9-16
OptionalIGMPMatchCriteria
TomorepreciselydefinetheIGMPpacketsthatyouwanttomatchinanIPv4
trafficclass,usetheoptionalparametersettingsdescribedinthissection.For
example,insteadofmatchingallIGMPtraffic,youcanconfigureaclassthat
matchesonlyaspecificIGMPpackettype.
Syntax: [no][seq-number]<match|ignore>igmp
<source-address> <destination-address>[igmp-type]
[ip-dscpcodepoint][precedenceprecedence-value]
[tostos-value][vlanvlan-id]
IfyouenterigmpastheIPprotocoltypeinamatch/ignore
statement,youcanoptionallyspecifyanIGMPpackettype
tomorepreciselydefinematchcriteriaforatrafficclass.
EntertheoptionalIGMPmatchcriteriaimmediatelyafter
thedestinationIPaddress(DA)valueinthecommand
syntax;forexample:
Pr oCur ve( conf i g- cl ass) # mat ch i gmp any any host -
quer y
[igmp-type]
ConfiguresanIGMPpackettypeasmatchcriteriainaclass
configuration.SomeofthevalidvaluesforIGMPpacket-type
namesareasfollows:
dvmrp mtrace-request trace
host-query mtrace-reply v2-host-leave
host-report pim v2-host-report
v3-host-report
Todisplayalistofvalidigmp-typeentrieswhenyouenterigmp
astheIPprotocoltypeinamatch/ignorestatement,type?.
9-17
OptionalTCPandUDPMatchCriteria
Inaclassconfiguration,youcanentermatch/ignorestatementsthatmore
preciselydefinetheTCPorUDPtrafficthatyouwanttomatchinanIPv4or
IPv6trafficclass.Forexample,youcanenteraportnumberasamatch
criterionthatspecifiesoneormoreTCPsourceports,destinationports,or
both.
Syntax: [no][seq-number]<match|ignore><tcp|udp>
<source-address>[operator<tcp-src-port|udp-src-port>]
<destination-address>[operator<tcp-dest-port[established]
[tcp-flag[tcp-flag...]]|udp-dest-port>][ip-dscpcodepoint]
IfyouuseTCPorUDPastheIPprotocoltypeinamatch/ignore
statement,youcanoptionallyconfigureTCPorUDPsource
and/ordestinationportnumbersorrangesofnumberstomore
preciselydefinematchcriteriaforatrafficclass.Enterthe
optionalTCP/UDPmatchcriteriaimmediatelyafterthesource
and/ordestinationaddressinthecommandsyntax;forexam-
ple:
Pr oCur ve( conf i g- cl ass) # mat ch t cp host 10. 20. 10. 17
eq 23 host 10. 20. 10. 155 established
Pr oCur ve( conf i g- cl ass) # mat ch t cp host 10. 10. 10. 100
host 10. 20. 10. 17 eq telnet
Pr oCur ve( conf i g- cl ass) #i gnor e udp 10. 30. 10. 1/ 24 host
10. 20. 10. 17 range 161 162
[operator<tcp-src-port|udp-src-port>]
TospecifyaTCPorUDPsourceportnumberasamatch
criteria,enteracomparisonoperatorfromthefollowinglist
withaTDP/UDPportnumberorwell-knownportnameimme-
diatelyafterthesource-addressvalueinthecommand.
ComparisonOperators:
eq<tcp/udp-port-number>EqualTomatchesapacketwith
thesameTCPorUDPsourceportnumberas<tcp/udp-port-
number>.
gt<tcp/udp-port-number>GreaterThanmatchesany
packetwithaTCPorUDPsourceportnumbergreaterthan
<tcp/udp-port-number>.
lt<tcp/udp-port-number>LessThanmatchesanypacket
withaTCPorUDPsourceportnumberlessthan<tcp/udp-
port-number>.
9-18
neq<tcp/udp-port-number>NotEqualmatchesanypacket
withaTCPorUDPsourceportnumberthatisnotequalto
<tcp/udp-port-number>.
range<start-port-number><end-port-number>Matchesany
packetwithaTCPorUDPsourceportnumberintherange
<start-port-number>to<end-port-number>.
TCP/UDPWell-KnownSource-PortNamesandNumbers
EnteracomparisonoperatorwiththesourceTCPorUDP
portnumberusedbytheapplicationsyouwanttomatch.Valid
portnumbersarefrom0to255.
Youcanalsoenterwell-knownTCPorUDPportnamesasan
alternativetothecorrespondingportnumber;forexample:
TCP:bgp,dns,ftp,http,imap4,ldap,nntp,pop2,pop3,smtp,ssl,
telnet
UDP:bootpc,bootps,dns,ntp,radius,radius-old,rip,snmp,snmp-
trap,tftp
TodisplayalistofvalidTCP/UDPsourceports,type? afteryou
enteranoperator.
[operator<tcp-dest-port[established][tcp-flag[tcp-flag...]]|udp-dest-
port>]
TospecifyaTCPorUDPdestinationportnumberasamatch
criteria,enteracomparisonoperatorwithaTDP/UDPport
numberorwell-knownportnameimmediatelyafterthedesti-
nation-addressvalueinthecommand.
Note:Theoptionalestablishedand<tcp-flag>valuesapplyonly
toTCPdestination-portcriteria.
TCP/UDPWell-KnownDestination-PortNamesandNum-
bersThesameoperators,portnumbersandwell-known
namesaresupportedforTCP/UDPdestination-portmatch
criteriaasforTCP/UDPsource-portcriteria.Todisplayalist
ofvalidTCP/UDPdestinationports,type? afteryouenteran
operator.
[established]
(Optional)AppliesonlytoTCPdestination-portmatchcriteria
andmatchesonlyontheTCPAcknowledge(ACK)orReset
(RST)flags.
Theestablishedkeywordignoresthesynchronizingpacketasso-
ciatedwiththeestablishmentofaTCPconnectioninone
directiononaportorVLAN,andmatchesallotherIPtrafficin
theoppositedirection.
9-19
Forexample,aTelnetconnectionrequiresTCPtraffictomove
bothwaysbetweenahostandthetargetdevice.Ifyouconfigure
amatchstatementforinboundTelnettraffic,policyactionsare
normallyappliedtoTelnettrafficinbothdirectionsbecause
responsestooutboundrequestsarealsomatched.However,if
youentertheestablishedoption,inboundTelnettrafficarriving
inresponsetooutboundTelnetrequestsismatched,but
inboundTelnettraffictryingtoestablishaconnectionisnot
matched.
[tcp-flag[tcp-flag...]]
(Optional)AppliesonlytoTCPbitsettingsinpacketsdestined
toaTCPdestinationportconfiguredasmatchcriteria(with
theoperator<tcp-dest-port>parameter)andcanbeoneormore
ofthefollowingvalues:
ackAcknowledgematchesTCPpacketswiththeACKflag.
finFinishmatchesTCPpacketswiththeFINflag.
rstResetmatchesTCPpacketswiththeRSTbitset.
synSynchronizedmatchesTCPpacketswiththeSYN
flag.
UsingCIDRNotationforIPv4/IPv6Addresses
YoucanuseCIDR(ClasslessInter-DomainRouting)notationtoenteranIPv4
mask-lengthoranIPv6prefix-lengthwithasourceanddestinationaddress
thatareusedasmatchcriteriainamatch/ignorestatement.Theswitch
interpretstheIPaddresswithCIDRnotationtocomputetherangeofcorre-
spondingIPsourceordestinationaddressesinpacketheadersthatare
consideredtobeamatchforthetrafficclass.
Whentheswitchusesamatch/ignorestatementtocompareanIPaddressand
correspondingmask/prefixlengthtotheIPsource/destinationaddresscarried
inapacket,theIPv4mask-bitsettingsandIPv6prefix-bitsettingsselect
packetsindifferentways.
AnIPv4masklengthcreatesamaskinwhich:
Amask-bitsettingsetto0(off)requiresthecorrespondingbitina
packetsIPv4source/destinationaddresstobethesamebinaryvalue
asthemask-bitinthematchingIPv4source/destinationaddress.
Amask-bitsettingsetto1(on)isusedasawildcardandallowsthe
correspondingbitinapacketsIPv4source/destinationaddresstobe
eitherbinaryvalue(0or1).
9-20
Table9-1. HowCIDRNotationisUsedwithIPv4SA/DAMatchCriteria
IPv4Source/Destination
AddressUsedwithCIDR
NotationinaMatch/Ignore
Statement
ResultingMask RangeofIPv4AddressesSelected
bytheMatchCriteria
10.38.240.125/15 0.1.255.255 Theleftmost15bitsmustmatch;
theremainingbitsarewildcards.
18.38.240.125/32 0.0.0.0 Allbitsmustmatch.
AnIPv6prefix-lengthcreatesamaskinwhich:
Amask-bitsettingsetto1(on)requiresthecorrespondingbitina
packetsIPv6source/destinationaddresstobethesamebinaryvalue
asthemask-bitinthematchingIPv6source/destinationaddress.
Amask-bitsettingsetto0(off)isusedasawildcardandallowsthe
correspondingbitinapacketsIPv6source/destinationaddresstobe
eitherbinaryvalue(0or1).
Table9-2. HowCIDRNotationisUsedwithIPv6SA/DAMatchCriteria
IPv6Source/Destination
AddressUsedwithCIDR
NotationinaMatch/Ignore
Statement
ResultingMask RangeofIPv6AddressesSelected
bytheMatchCriteria
2001:db8:0:7::5/64 FFFF:FFFF:FFFF:FFFF:: Theleftmost64bitsmustmatch;
2001:db8:0:7::5/72 FFFF:FFFF:FFFF:FFFF:FF00:: Theleftmost72bitsmustmatch;
2001:db8::244:17ff:feb6:d37d FFFF:FFFF:FFFF:FFFF:FFFF: Thefirst126bitsmstmatch;theC
/126 FFFF:FFFF:FFFC valueinthemaskallowsfour
possiblecombinations(D37C,
D37D,D37E,andD37F)inthelast
blockofamatchingIPv6address.
2001:db8:0:7:af:e2:c1:5/128 FFFF:FFFF:FFFF:FFFF:FFFF: Allbitsmustmatch.
FFFF:FFFF:FFFF
9-21
Not e AlthoughIPv4andIPv6masksareappliedinoppositedirections:
AnIPv4mask-lengthisappliedfromrighttoleft,startingfromtheright-
mostbits.
AnIPv6prefix-lengthisappliedfromlefttoright,startingfromthe
leftmostbits.
ThebehaviorofIPv4andIPv6masksasmatchcriteriaandwildcardsisthe
same.
ExampleofHowIPv4MaskBitSettingsDefineaMatch.Forthis
example,thefollowingconfigurationexists:
AmatchstatementinaclassconfigurationusesanIPv4source-address/
mask-lengthof10.38.31.125/21.Themask-lengthof21resultsinanIPv4
maskof0.0.7.255.Inthesecondoctetofthemask,7meansthatthe
rightmostthreebitsareon,or1(seetheMaskforSArowinTable
9-3).
Thesecondoctetofthecorrespondingsourceaddressis31,whichmeans
thattherightmostfivebitsareon,or1(seetheSAinMatchStatement
rowinTable9-3).
Inthisexample,amatchoccurswhenthesecondoctetoftheSAinapacket
beingclassifiedhasavalueintherangeof24(binary00011000)to31
(binary00001111),asshowninthelastrowinTable9-3.
Table9-3. ExampleofHowtheIPv4MaskDefinesaMatch
0 0 0 1
0 0 0 0
0 0 0 1
LocationofOctet BitPositionintheOctet
128 64 32 16 8 4 2 1
SA inmatchstatement 1 1 1 1
MaskforSA 0 1 1 1
Bitsinthecorrespondingoctetofa 1 0/1 0/1 0/1
packetsSAthatmustexactlymatch
Theshadedareaindicatesthebitsinthepacketthatmustexactlymatchthebitsinthesource
IPv4addressinthematch/ignorestatement.
Ifamaskbitis1(wildcardvalue),thecorrespondingbitsinasource/destinationaddress
inanIPv4packetheadercanbeanyvalue.
Ifamaskbitis0,thecorrespondingbitsinasource/destinationaddressmustbethe
samevalueasintheIPv4addressinthematch/ignorestatement.
Note:ThisexamplecoversonlyoneoctetinanIPv4addressusedasamatchcriterion.The
maskinamatch/ignorestatementmayapplyapacketfiltertoallfouroctetsofasource/
destinationaddressinIPv4packetheaders.
9-22
ExampleofHowIPv6MaskBitSettingsDefineaMatch.Figure9-4
showsanexampleinwhichanIPv6prefix-lengthof126isusedtoselectfour
IPv6addressesinamatchstatement.ThespecifiedsourceIPv6addressis:
2001:DB8:0000:0000:244:17FF:FEB6:D37D.TheIPv6prefix-length(/126)resultsin
theIPv6mask:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFC.
1st
Block
2nd
Block
3rd
Block
4th
Block
5th
Block
6th
Block
7th
Block
8th
Block
Manager- orOperator-LevelAccess
IPv6maskfor FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFC TheFvalueinthefirst126bitsofthe
/126prefix maskspecifiesthatonlytheexact
IPv6address 2001 DB8 0000 0000 244 17FF FEB6 D37D
valueofeachcorrespondingbitinan
IPv6addressisallowed.However,the
binaryequivalent(1100)oftheC
valueinthemaskallowsfourpossible
combinations(D37C,D37D,D37E,and
D37F)inthelastblockofamatching
IPv6address.
Figure9-4. Example:MaskforMatchingFourIPv6Devices
Figure9-5showstheonandoffsettingsinthelastblockoftheresulting
IPv6maskthatdeterminethematchingIPv6addresses.Inthismask,allbits
exceptthelasttwoaresetto1(on)andmustbethesameinanIPv6address.
ThebinaryequivalentofhexadecimalCis1100,whichallowsthelasttwobits
todiffer.
Lastblockinmask:FFFC
LastblockinIPv6address:D37D
BitNumbers Bit Bit Bit Bit Bit Bit Bit Bit Bit Bit Bit Bit Bit Bit Bit Bit
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
F F F C
FFFC:Bitsettingsin
lastblockofmask
D37D:Bitsettingsin
lastblockofIPv6 1 1 0 1 0 0 1 1 0 1 1 1 1 1 0 1
address
Mask-bitsettings: =1(On)= CorrespondingbitinIPv6addressmustbethesamebinaryvalue.
=0(Off)= CorrespondingbitinIPv6addresscanbeeitherbinaryvalue(0or1).
Figure9-5.Example:HowaMaskDeterminesFourAuthorizedIPv6ManagerAddresses
9-23
Figure9-6showshowthebinaryequivalent(1100)oftheCvalueinthelast
blockoftheresultingIPv6masksupportsfourpossiblecombinations(D37C,
D37D,D37E,andD37F)inthelastblockofamatchingIPv6address.There-
fore,theIPv6maskthatresultsfroma/126prefix-lengthmatchesinbound
trafficfromfourIPv6-baseddevices.
1st
Block
2nd
Block
3rd
Block
4th
Block
5th
Block
6th
Block
7th
Block
8th
Block
IPv6mask FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFC
IPv6addressenteredwithamatch 2001 DB8 0000 0000 244 17FF FEB6 D37D
command
OthermatchingIPv6addresses 2001 DB8 0000 0000 244 17FF FEB6 D37C
2001 DB8 0000 0000 244 17FF FEB6 D37E
2001 DB8 0000 0000 244 17FF FEB6 D37F
Figure9-6.Example:HowHexadecimalCinanIPv6MaskMatchesFourIPv6Addresses
CIDRNotation.FormoredetailedinformationonhowtouseCIDRnota-
tiontospecifymasksinmatchcriteria,refertotheHowanACEUsesaMask
ToScreenPacketsforMatchessectionintheAccessControlLists(ACLs)
chapterintheAccessSecurityGuide.
ResequencingMatch/IgnoreStatements
Intheclassconfigurationcontext(seeCreatingaTrafficClassonpage9-4),
youcanusetheresequencecommandtoreconfigurethenumberatwhichthe
firstmatch/ignorestatementintheclassstarts,andresettheintervalusedto
numberothermatch/ignorestatements.
Resequencingmatch/ignorestatementsisusefulwhenyouwanttoinserta
newmatch/ignorestatementbetweentwonumberedentries(seeFigure9-7).
Syntax: resequence<seq-number><interval>
Resetsthesequencenumbersforallmatch/ignorestatements
intheclass.
<seq-number>:Specifiesthesequencenumberofthefirst
match/ignorestatementintheclass.Default:10.
<interval>:Specifiestheintervalbetweensequencenumbersof
match/ignorestatementsintheclasstoallowadditional
match/ignorestatementstobeinserted.Default:10.
Toviewthecurrentsequencenumberinginaclass,entertheshowclass
<ipv4|ipv6><classname>command.
9-24
Thefollowingexampleshowshowtoresequenceaclassconfigurationsothat
youcaninsertnewmatch/ignorestatementsbetweensequentiallynumbered
statements.Inthisexample,theresequencedclasscontainstwoadditional
match/ignorestatementsandrenumbersthecriteriawithanintervalof10.
Pr oCur ve( conf i g) # show cl ass i pv4 My- devi ces
Cl ass My- devi ces"
1 mat ch 10. 10. 10. 25 0. 0. 0. 0
2 i gnor e 10. 10. 10. 1 0. 0. 0. 255
3 i gnor e 10. 20. 10. 1 0. 0. 0. 255
4 mat ch 0. 0. 0. 0 255. 255. 255. 255
exi t
Theintervalbetweenmatch/
ignorestatementsis1.
. . .
Pr oCur ve( conf i g) # cl ass i pv4 My- devi ces
Pr oCur ve( conf i g- cl ass) # r esequence My- devi ces 10 10
Pr oCur ve( conf i g- cl ass) # 15 mat ch 10. 10. 10. 2 0. 0. 0. 255
Pr oCur ve( conf i g- cl ass) # 25 mat ch 10. 20. 10. 1 0. 0. 0. 255
Pr oCur ve( conf i g) # show cl ass i pv4 My- devi ces
Cl ass My- devi ces"
10 mat ch 10. 10. 10. 25 0. 0. 0. 0
15 mat ch 10. 10. 10. 2 0. 0. 0. 255
20 i gnor e 10. 10. 10. 1 0. 0. 0. 255
25 i gnor e 10. 20. 10. 1 0. 0. 0. 255
30 i gnor e 10. 20. 10. 2 0. 0. 0. 255
40 mat ch 0. 0. 0. 0 255. 255. 255. 255
exi t
Theintervalbetweenmatch/
ignorestatementsis10and
twonewmatch/ignore
statementshavebeenadded.
Figure9-7.ExampleofResequencingaClassConfiguration
9-25
ShowingaClassConfiguration
Theshowclasscommandsdisplaythenamesofspecifiedclassesalongwith
thestatementsthatmakeupthoseclasses,ortheydisplaytheclassesthatare
partofpoliciesthathavebeenappliedtospecifiedportsorVLANs.
Syntax: showclass<config|ipv4<classname>|ipv6<classname>|
vlan<vid>|ports<port-list|all>>
configdisplaysallclasses,bothIPv4andIPv6,andliststhe
statementsthatmakeupeachclass.
vlan<vid>liststhenamesandtypes(IPv4orIPv6)ofthe
classescontainedinallpoliciesthathavebeenappliedtothe
VLANspecifiedbyvid
ports<port-list>liststhenamesandtypes(IPv4orIPv6)of
theclassescontainedinallpoliciesthathavebeenappliedto
theportsspecifiedbyport-list.
ports<all>liststhenamesandtypes(IPv4orIPv6)ofthe
classescontainedinallpoliciesthathavebeenappliedtoall
portsontheswitch.
Examples.
Theipv4optiondisplaysallthestatementsofaspecifiedclass:
Pr oCur ve# show cl ass i pv4 Cl ass1
St at ement s f or Cl ass i pv4 " Cl ass1"
10 mat ch i p 10. 1. 1. 13 0. 0. 0. 255 0. 0. 0. 0 255. 255. 255. 255
20 mat ch i p 10. 1. 1. 17 0. 0. 0. 255 0. 0. 0. 0 255. 255. 255. 255
30 mat ch i p 10. 1. 1. 23 0. 0. 0. 255 0. 0. 0. 0 255. 255. 255. 255
9-26

CreatingaServicePolicy
Thevlanoptiondisplaysallclassesthatarepartofpoliciesappliedtothe
specifiedVLAN.InthisexampleClass2isdisplayedtwicebecauseitisa
componentofaQoSpolicyandamirrorpolicy,bothofwhichareappliedto
VLAN1.
Pr oCur ve# show cl ass vl an 1
Cl asses f or VLAN1
Name : Cl ass2
Type : I PV4
Name : Cl ass2
Type : I PV4
Theportsoptiondisplaysallclasses(bothIPv4andIPv6classes)thatare
appliedtothespecifiedports:
Pr oCur ve# show cl ass por t s a5- a7
Cl asses f or por t 5
Name : Cl ass1
Type : I PV4
Name : Cl ass3
Type : I PV6
Name : Cl ass2
Type : I PV4
Intheclassifier-basedconfigurationmodel,theservicepolicyyoucreatefor
oneormoretrafficclassesisalwaysrelativetoasoftwarefeature,suchas
QoSorportmirroring.Thesoftwarefeaturemustsupportclassandpolicy
configuration.Eachfeaturesupportsdifferentactionsformanagingselected
packets.
9-27
Forexample,QoSpoliciessupportQoS-specificactions,suchasrate-limiting,
802.1p-priority,IP-precedence,andDSCP-codepointassignment.Portmirror-
ingpoliciessupportmirror-destinationassignmentformatchingpackets.
1. Tocreateaservicepolicythatperformsfeature-specificactionson
selectedpackets,enterthepolicy<feature-name>commandfromthe
globalconfigurationcontext.
Syntax: [no]policy<feature-name><policy-name>
Definesthenameofaservicepolicyandentersthepolicy
configurationcontext,where:
<feature-name>isakeywordthatidentifiesaProCurve
softwarefeaturethatsupportsclassifier-based
configuration(forexample,qosormirror).
<policy-name>isatextstring(64charactersmaximum).
Usethenoformofthecommandtodeleteapolicythatisnot
appliedtoanyportorVLAN.Ifthepolicyisappliedtoany
port(s)orVLAN(s),firstremovethepolicyfromtheport(s)
orVLAN(s).RefertoDeletinganAppliedPolicyonpage
9-40fordetails.
Atrafficpolicyconsistsofoneormoreactionsthatareconfiguredforeach
classoftraffic.Theconfiguredactionsareexecutedonpacketsthatmatcha
matchstatementinaclass.Nopolicyactionisperformedonpacketsthat
matchanignorestatement.Youcanconfiguremultipleclassesinapolicy.
2. Toconfiguretheactionsthatyouwanttoexecuteonpacketsthatmatch
thematchcriteriainaspecifiedclass,enteroneormoreclassaction
commandsfromthepolicyconfigurationcontext.
action<action-name>[action<action-name>...]
Definestheaction(s)tobeappliedonapre-configured
IPv4orIPv6trafficclasswhenapacketmatchesthematch
criteriaintheclass.
Youcanentermultipleclass-actionstatementsforthe
sameclass.Notethattheactionssupportedforaclass
commanddifferaccordingtothefeature-specificpolicy
(forexample,QoSormirroring)configuredwiththe
policycommandinStep1.
9-28
[no][seq-number]class<ipv4|ipv6><classname>
[seq-number]The(optional)seq-numberparameter
sequentiallyorderstheclass-actionstatementsina
policyconfiguration.Actionsareexecutedon
matchingpacketsinnumericalorder.Default:Class-
actionstatementsarenumberedinincrementsof10,
startingat10.
class<ipv4|ipv6><classname>Definesthe
preconfiguredclassonwhichtheactionsinaclass-
actionstatementareexecuted,andspecifieswhether
theclassconsistsofIPv4orIPv6traffic.Theclassname
isatextstring(64charactersmaximum).
Note:Youcanconfiguremultipleclass-actionstatements
toincludedifferentclassesinapolicy.Theexecutionof
actionsisperformedintheorderinwhichtheclass-
actionsarenumericallylisted.
action<action-name>[action<action-name>...]
Theactionkeywordconfigurestheactionspecifiedbythe
action-nameparameter.Theactionisexecutedonany
packetthatmatchesthematchcriteriaintheclass.The
actionisnotexecutedonpacketsthatmatchignore
criteria.Youcanconfiguremorethanoneactionfora
class.
Thecompletenoformoftheclassactioncommandorthe
no<seq-number>commandremovesanactionfromthe
policyconfiguration.
Besuretoenteraclassanditsassociatedactionsinthepreciseorderinwhich
youwantpacketstobecheckedandhandledbyclassactioncommands.
3. (Optional)Toconfigureadefaultclass,enterthedefault-classcommand
andspecifyoneormoreactionstobeexecutedonpacketsthatarenot
matchedandnotignored.
Syntax: [no]default-classaction<action-name>[action<action-name>...]
Configuresadefaultclasstobeusedtoexecuteoneormore
actionsonpacketsthatarenotmatchednorignoredinany
oftheclassconfigurationsinapolicy.
Thedefault-classactioncommandsupportsonlythefeature-
specificcommandssupportedintheclassactioncommand.
9-29
Thedefaultclassmanagespacketsthatdonotmatchthematchorignore
criteriainallclassesinapolicy,andotherwisewouldhavenoactionsper-
formedonthem.
Thedefaultclassdiffersfromotherclassesbecauseitcontainsnomatch/
ignorestatementsandusesimplicitmatchipv4anyanyandmatchipv6anyany
statementstomanageallunmatchedpackets.Ifyoudonotconfigureadefault
class,unmatchedandun-ignoredpacketsaretransmittedwithoutanaction
performedonthem.
4. Entertheexitcommandtoexitthepolicyconfigurationcontext.
Todisplayapolicyconfiguration,entertheshowpolicy
<policy-name>command(seeFigure9-9).RefertoShowingPolicy
Informationonpage9-31formoreinformation.
Toeditapolicyconfiguration,re-enterthepolicycontext(policycom-
mand)andmodifyclass-actionstatementsasdescribedinModifying
ClassesinaPolicyonpage9-32.
Toresequencetheorderinwhichclass-actionstatementsarelisted,enter
theresequencecommand(seeResequencingClassesinaPolicyonpage
9-33).
Example.InthefollowingQoSpolicyconfiguration,matchingHTTPpackets
arerate-limitedto10000kbpsandassignedan802.1p(CoS)priorityof3in
theirLayer2VLANheaders.Allunmatchedpacketsaremanagedbythe
defaultclass,whichassignsaslightlyhigher802.1ppriority(4)andanew
DSCPcodepoint(5).
Pr oCur ve( conf i g) # cl ass i pv4 ht t p
Pr oCur ve( conf i g) # pol i cy qos Rat eLi mi t Pr i or i t i zeSuspect Tr af f i c
Pr oCur ve( pol i cy- conf i g) # cl ass i pv4 ht t p act i on r at e- l i mi t kbps 10000
Pr oCur ve( pol i cy- conf i g) # cl ass i pv4 ht t p act i on pr i or i t y 3
Pr oCur ve( pol i cy- conf i g) # def aul t - cl ass act i on pr i or i t y 4 dscp 5
Pr oCur ve( pol i cy- conf i g) # exi t
Figure9-8.ExampleofaPolicyConfiguration
9-30
AsshowninFigure9-8,apolicyconfigurationrequiresafeature-specificpolicy
commandtoidentifythesoftwarefeatureusedtomanageoneormoretraffic
classes:
ToconfigureaQoSpolicy,usethepolicyqoscommandasdescribedinthe
QualityofServicechapterintheAdvancedTrafficManagementGuide.
Toconfigureamirroringpolicy,usethepolicymirrorcommandas
describedintheMonitoringandAnalyzingSwitchOperationappendix
intheManagementandConfigurationGuide.
ShowingPolicyInformation
Theshowpolicy commandsdisplay:
theclassifierpoliciesdefinedfortheswitchandthestatementsthatmake
upthosepolicies
thepoliciesthathavebeenappliedtoVLANsandportsontheswitch
thehardwareresourcesusedbytheappliedclassifierpolicies
Syntax: showpolicy<config|policy-name|vlan<vid>|ports<port-list|all>|
resources>
configdisplaysthenamesofallpoliciesdefinedfortheswitch
andliststhestatementsthatmakeupeachpolicy.
policy-nameliststhestatementsthatmakeupthespecified
policy.
vlan<vid>liststhenameandtype(suchasQoSormirror)
ofeachpolicyappliedtothespecifiedVLAN.
ports<port-list>liststhenameandtype(suchasQoSor
mirror)foreachpolicyappliedtothespecifiedportorports.
portsallliststhenameandtype(suchasQoSormirror)for
eachpolicyappliedtoeachportontheswitch
resourcesdisplaysthehardwareresourcesusedbyclassifier
policiesappliedtotheswitch.RefertoCheckingResource
Usageonpage9-38formoredetailsonpolicyresource
usage.
9-31

Examples.
Thepolicy-nameoptiondisplaysthestatementsofthespecifiedpolicy.
Pr oCur ve# show pol i cy Li mi t Cl ass1
St at ement s f or Pol i cy " Li mi t Cl ass1"
10 cl ass i pv4 "Cl ass1" act i on r at e- l i mi t kbps 1000
Thevlan<vid>optionliststhepoliciesthatareappliedtothespecifiedVLAN.
Pr oCur ve# show pol i cy vl an 1
Pol i ci es f or VLAN 1
Name : Mi r r or 3
Type : MI RROR
Theports<port-list>optionliststhepoliciesthatareappliedtothespecified
ports.Noteinthisexamplethattwopoliciesofdifferenttypesareappliedto
porta5:aQoSpolicyandamirrorpolicy.
Pr oCur ve# show pol i cy por t s a3- a5
Pol i ci es f or por t 3
Name : Mi r r or 1
Type : MI RROR
Name : Li mi t Cl ass1
Type : QOS
Name : Mi r r or 4
Type : MI RROR
ModifyingClassesinaPolicy
Youcanmodifytheclassesandclass-actionstatementsinapolicyconfigura-
tionwithoutremovingthemfromthepolicy:
Tomodifythematch/ignorestatementsinaclass,entertheclass-config-
urationcontextwiththeclass<ipv4|ipv6><classname>command,and
makethenecessarychangesbyadding,removing,replacing,orrese-
quencingexistingstatements.(Todisplayaclassconfiguration,enterthe
showclass<ipv4|ipv6><classname>commandasshowninFigure9-7.)
Whenyouexitclassconfigurationcontext,thechangesareautomatically
savedandappliedtoexistingpolicyconfigurationsontheswitchthatuse
theclass.
9-32
Ifapolicyisalreadyappliedtoaninterface(portorVLAN),anymodifi-
cationstothatpolicyortoclassescontainedinthatpolicyareautomati-
callyappliedtotheinterfacewhenyouexittheconfigurationcontext.
Tomodifytheclass-actionstatementsinapolicy,enterthepolicy-config-
urationcontextwiththepolicy<feature-name><policy-name>command.
(Todisplayapolicyconfiguration,entertheshowpolicy<classname>
commandasshowninFigure9-9.)Thendooneofthefollowing:
Youcanenteranewclass-actionstatement.Ifyoudonotentera
sequencenumber,thenewclass-actionstatementisinsertedatthe
endofthepolicyconfiguration.
Toremoveaclass-actionstatementfromapolicyconfiguration,enter
theno<sequence-number>commandorthecompleteformoftheno
class...actioncommand.
Toresequencetheorderinwhichclass-actionstatementsarelisted,
entertheresequencecommand(seeResequencingClassesinaPol-
icyonpage9-33).
Toreplaceanexistingclass-actionstatement,enterthereplacement
class-actionstatementbeginningwiththesequencenumberofthe
statement(andcontinuingwiththecompleteclass-actionstatement).
Alternatively,youcanentertheno<sequence-number>commandto
deletetheentry,andre-enteracompleteclass<ipv4|ipv6>
<classname>action<action-name>ordefault-classaction<action-
name>command.
Whenyouexitthepolicy-configurationcontext,thechangesareautomat-
icallysavedandappliedtothepolicyconfiguration.Ifthepolicyisalready
appliedtoaninterface(portorVLAN),thechangesareaautomatically
appliedtotheinterface.
ResequencingClassesinaPolicy
Inpolicyconfigurationmode,youcanusetheresequencecommandtorecon-
figurethenumberatwhichthefirstclass-actionstatementstarts,andreset
theintervalusedtonumberotherclass-actions.
9-33
Resequencingclassesisusefulwhenyouwanttoinsertanewclass(withits
associatedactions)betweentwonumberedentries.
Syntax: resequence<seq-number><interval>
Resetsthesequencenumbersforallclassesinthepolicy.
<seq-number>:Specifiesthesequencenumberofthefirstclass
inthepolicy.Default:10.
<interval>:Specifiestheintervalbetweensequencenumbersof
classesinthepolicytoallowadditionalmatch/ignore
statementstobeinserted.Default:10.
Not e Whenyouresequenceclassesinapolicy,thedefaultclassalwaysremainsas
thelastclass.
Toviewthecurrentclassnumberinginapolicy,entertheshowpolicy<policy-
name>command.
Thefollowingexampleshowshowtoresequenceapolicyconfigurationafter
displayingitscontents.Theresequencedpolicyallowsyoutoaddanewclass-
actionstatementbetweenentries100and200.
Pr oCur ve( conf i g) # show pol i cy My- devi ces
Pol i cy My- devi ces"
10 Cl ass My- devi ces" pr i or i t y 7
Theintervalbetweenclass-
actionstatementsis1.
11 Cl ass ht t p r at e- l i mi t 1000
. . .
Pr oCur ve( conf i g) # pol i cy My- devi ces
Pr oCur ve( pol i cy- conf i g) # r esequence My- devi ces 100 100
Pr oCur ve( pol i cy- conf i g) # 150 cl ass i pv4 voi ce pr i or i t y 3
Pr oCur ve( pol i cy- conf i g) # exi t
Pr oCur ve( conf i g) # show pol i cy My- devi ces
Pol i cy My- devi ces"
100 Cl ass My- devi ces" pr i or i t y 7
Theintervalbetweenclass-
actionstatementsis100,and
150 Cl ass voi ce pr i or i t y 3
anewstatementhasbeen
200 Cl ass ht t p r at e- l i mi t 1000 added.
. . .
Figure9-9.ExampleofResequencingaPolicyConfiguration
9-34
ApplyingaServicePolicytoanInterface
Toapplythefeature-specificservicepoliciesyoucreatetoaninboundportor
VLANinterface,usetheinterfaceservice-policyinorvlanservice-policyin
command.
Thefollowingservice-policyrestrictionsapplytoallsoftwarefeatures:
Aservicepolicyissupportedonlyoninboundtraffic.
Onlyonefeature-specificpolicy(forexample,QoSormirroring)issup-
portedonaportorVLANinterface.Multiplepoliciescanco-existona
portaslongastheyarefordifferentfeatures.Forexample,youcanapply
aQoSpolicyandamirroringpolicytothesameportsimultaneously,but
youcannotsimultaneouslyapplytwoQoSpoliciestothesameport.
IfyouapplyapolicytoaportorVLANinterfaceonwhichapolicyofthe
sametype(forexample,QoS)isalreadyconfigured,thenewpolicy
replacestheexistingone.
BecauseonlyonepolicyofeachtypeissupportedonaportorVLANinterface,
ensurethatthepolicyyouwanttoapplycontainsalltherequiredclassesand
actionsforyourconfiguration.
Not e IfICMPrate-limitingisalreadyconfiguredonaport,aservicepolicycannot
beappliedtotheportuntilyoudisabletheICMPrate-limitingconfiguration.
Ifyouwanttoapplyaservicepolicytotheport,youcanmaintainICMPrate-
limitingbyconfiguringaQoSpolicyinwhichyouaddthenecessarymatch
statementsforICMPpacketstoaclassconfigurationandconfigurearate-limit
actionfortheclassinthepolicyconfiguration.
Forinformationonglobally-configuredICMP,refertotheConfiguringICMP
sectionintheConfiguringIPParametersforRoutingSwitcheschapterin
theMulticastandRoutingGuide.
9-35
ToapplyaservicepolicyonaportorVLANinterface,enteroneofthe
followingcommandsfromtheglobalconfigurationcontext.
Syntax: interface<port-list>service-policy<policy-name>in
Configuresthespecifiedportswithapolicythatisapplied
toinboundtrafficoneachinterface.
Separateindividualportnumbersinaserieswithacomma;
forexample,a1,b4,d3.Enterarangeofportsbyusingadash;
forexample,a1-a5.
Thepolicynameyouentermustbethesameasthepolicy
nameyouconfiguredwiththepolicycommand(see
CreatingaServicePolicyonpage9-27).
Syntax: vlan<vlan-id>service-policy<policy-name>in
ConfiguresapolicyonthespecifiedVLANthatisappliedto
inboundtrafficontheVLANinterface.
ValidVLANIDnumbersrangefrom1to4094.
Thepolicynameyouentermustbethesameasthepolicy
nameyouconfiguredwiththepolicycommand(see
CreatingaServicePolicyonpage9-27).
ThefollowingexampleshowshowtoapplyaQoSpolicytoaportrangeand
aVLANinterface:
Pr oCur ve# i nt er f ace a4- a5 ser vi ce- pol i cy Rat eLi mi t Pr i or i t i zeSuspect Tr af f i c i n
Pr oCur ve# vl an 10 ser vi ce- pol i cy Rat eLi mi t Pr i or i t i zeSuspect Tr af f i c i n
Figure9-10.ExampleofHowtoConfigureanInterfacewithaServicePolicy
AppliedPoliciesandOtherFeatures
InteractionofPoliciesandTrunks.Policiesandtrunkscannotbeapplied
tothesameport(s)simultaneously:
Attemptingtoaddapolicytoaportthatisamemberofatrunkwillresult
inanerror.
Attemptingtoaddaportthathasanappliedpolicytoatrunkwillresult
inanerror.
Whenyouaddaporttoatrunkthathasapolicyalreadyappliedtoit,that
policyisappliedtothenewlyaddedportaswell.
9-36
InteractionofPoliciesandHotSwapping. PoliciesappliedtoVLANsare
maintainedonthoseVLANsaftermodulesarehotswapped.Policiesapplied
toportsaremaintainedasfollows:
HotswapmoduleintoemptyslotIftherunningconfiguration
containspoliciesforportsthatmatchtheportsonthemodule,those
policiesareappliedtotheportsonthemodule.
HotswapmoduleoutTheswitchmaintainstheportpoliciesinthe
runningconfiguration.
Hotswapinsamemodule,norebootThepoliciesarere-appliedto
theportsfromtherunningconfiguration.
Hotswapinsamemodule,withrebootThepoliciesareappliedto
theportsfromthestartupconfiguration.
HotswapindifferentmoduleIftherunningconfigurationcontains
policiesforportsthatmatchtheportsonthemodule,thosepoliciesare
appliedtotheportsonthemodule.
ShowingPolicyStatusInformation
ShowingAppliedPolicies.Theshowpolicyvlan<vid>andshowpolicyports
<port-num|all>commandslistthepoliciesthathavebeenappliedtothe
VLANsandportsontheswitch.RefertoShowingPolicyInformationonpage
9-31.
9-37
ShowingandClearingStatistics. Theshowstatisticscommanddis-
playsthehitcountersforappliedpoliciesonagivenportorvlan.Theclear
statistics commandclearsthosestatisticsforthespecifiedport.
Syntax: <show|clear>statisticspolicy<policy-name>
<port<port-num>|vlan<vid>in>
showdisplaysthehitcountersforpoliciesappliedtothe
specifiedportorVLAN.
clearclearsthehitcountersforpoliciesappliedtothe
specifiedportorVLAN.
policy-nameisanappliedclassifierpolicy.
port-numisthenumberofasingleporttowhichthespecified
policyisapplied.(Arangeofportsisnotpermittedhere.)
vidisthenumberornameofaVLANtowhichthespecified
policyisapplied.
CheckingResourceUsage. Afteryouapplyaservicepolicytoaninterface,
usetheshowpolicyresourcescommandtoverifytheamountofadditional
resourcesusedandtheamountofresourcesthatarestillavailableonthe
switch.Classifier-basedservicepolicies(suchasQoSormirroring)sharethe
samehardwareresourceswithothersoftwarefeatures,suchasACLs,virus
throttling,managementVLAN,globallyconfiguredQoSpolicies,MAC-based
mirroringpolicies,andsoon.
Usethedisplayedinformationtodecideifyouneedtore-prioritizecurrent
resourceusagebyreconfiguringordisablingsoftwarefeaturestofreethe
resourcesreservedforlessimportantfeatures.Foradetailedexplanationof
theinformationdisplayedwiththeshowpolicyresourcescommand,referto
theMonitoringResourcesappendixintheManagementandConfiguration
Guide.
9-38

InFigure9-11,theshowpolicyresourcescommandoutputdisplaysthenumber
ofhardwareresources(rules,meters,andapplicationportranges)usedby
classifier-basedQoSandmirroringpoliciesthatarecurrentlyappliedto
interfacesontheswitch,aswellasothersoftwarefeatures.
Pr oCur ve# show pol i cy r esour ces
Por t s | Avai l abl e | ACL
1- 24 | 3014 | 15 |
25- 48 | 3005 | 15 |
A | 3017 | 15 |
Por t s | Avai l abl e | ACL
1- 24 | 250 | |
25- 48 | 251 | |
A | 253 | |
| Appl i cat i on |
1- 24 | 3014 | 2 | 0 | 0 | | 0 | 0 |
25- 48 | 3005 | 2 | 0 | 0 | | 0 | 0 |
A | 3017 | 2 | 0 | 0 | | 0 | 0 |
Key:
| QoS | I DM | VT | Mi r r or | Ot her |
- - - - - - +- - - - - - - - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - - +- - - - - - - |
11 | 0 | 1 | 0 | 3 |
10 | 10 | 1 | 0 | 3 |
8 | 0 | 1 | 0 | 3 |
| QoS | I DM | VT | Mi r r or | Ot her |
- - - - - - +- - - - - - - - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - - +- - - - - - - |
5 | 0 | | | 0 |
4 | 0 | | | 0 |
2 | 0 | | | 0 |
- - - - - - +- - - - - - - - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - - +- - - - - - - |
Includeshardwareresourcesusedbyclassifier-
basedQoSandmirroringpoliciesthatare
currentlyappliedtointerfacesontheswitch.
Figure9-11. DisplayingPolicyResources
9-39
WheretoGoFromHere
DeletinganAppliedPolicy
Todeleteapolicythathasbeenappliedtooneormoreportsand/orVLANs,
firstremovethepolicyfromtheportsorVLANstowhichitisapplied:
nointerface<port-num>service-policy<policy-name>in
or
novlan<vid>service-policy<policy-name>in
Thendeletethepolicy:
nopolicy<qos|mirror><policy-name>
WheretoGoFromHere
Classifier-basedservicepoliciesaredesignedtoworkwithyourexisting
globally-configuredsoftwaresettings.Whileexistingsoftwarefeaturesallow
youtogloballymanageallnetworktrafficonaswitchorport,classifier-based
servicepoliciesallowyoutozoominonsubsetsofnetworktraffictofurther
manageitonaper-portorper-VLANbasis.
Youcanusethematchcriteriadescribedinthischapteracrosssoftware
featurestoconfigureclassesoftrafficforuseinfeature-specificservice
policies.
AfteryoudecideontheIPv4andIPv6networktrafficyouwanttomanage,
refertothefollowingchaptersformoreinformationabouthowtoconfigure
anduseclassifier-basedquality-of-serviceandmirroringpolicies:
QualityofService(QoS)chapterintheAdvancedConfigurationGuide
TrafficMirroringsectionintheMonitoringandAnalyzingSwitch
OperationappendixintheManagementandConfigurationGuide
9-40
Index
Numerics
802.1adQinQ8-4,8-6
802.1ppriority
definition6-7
determiningoutboundportqueue6-76
inDSCPpolicy6-8
mappedtoDSCPcodepoint6-79,6-89
packetmarking
classifier-basedQoS6-18,6-71,6-78
global QoS6-14, 6-25, 6-34, 6-44, 6-54,
6-56,6-62
802.1QVLANtagging3-3
802.1wasaregion4-16
802.1X
mesh,notsupported5-5
802.1Xaccesscontrol
nomesh5-5
A
advertisement
GVRP
definition3-3
alias
withshowVLANcommands2-37
B
bandwidth
effectofQoS6-1
bandwidthloss,spanningtree4-12
blockedlinkfromSTPoperation4-12
blockedport
fromSTPoperation4-10
Bootp
gatewayignored2-52
BPDU3-3
BPDUportprotection
Seespanning-tree,802.1s.
bridgeprotocoldataunit3-3
broadcast
domain2-5
broadcaststorm4-3,5-4
broadcasttraffic5-18
C
ClassofService
defined6-7
Classifier
benefits6-6,6-70,9-2
classconfiguration
commands9-6
defined9-4
displaying9-13,9-24
editing9-13
matchcriteria6-11,6-13,6-71,6-72
QoS6-7
resequencing9-13,9-24
default-classconfiguration6-75,9-5,9-29
defined6-7,9-2
DSCPcodepoint,matchcriteria9-10
ICMPmatchcriteria9-14
IGMPmatchcriteria9-17
IPprecedencebits,matchcriteria9-11
IPv4subnetmask,matchcriteria9-20
IPv6matchcriteria9-8
IPv6prefix,matchcriteria9-20
mirroringconfiguration9-3,9-40
overrideofglobalQoSconfiguration6-18,
6-70,6-81
packetmarking
802.1ppriority6-18,6-71,6-78
DSCPcodepoint6-18,6-71,6-79
precedencebits6-18,6-71,6-78
rate-limit6-18,6-77
rate-limiting6-71
policyconfiguration
applyingtoaninterface6-75,9-35
commands9-36
creating9-28
defined9-27
displaying9-30,9-34
editing9-30,9-32
example9-30
markingpackets6-8,6-11,6-71,6-73,9-28
QoS6-8,9-31
resequencing9-30,9-33
restrictions9-35
Index1
QoSconfiguration6-6,6-70,6-71,9-3,9-31,
9-40
examples6-87
resourcesused6-86
viewing6-82
resourceusage,displaying6-84,9-38
restrictions
ICMPrate-limiting9-35
QoSconfiguration6-75,6-86
QoSrate-limiting6-77
TCP/UDPmatchcriteria9-18
three-stepconfigurationmodel6-7,9-3
TypeofServiceDTRbits,matchcriteria9-11
VLANmatchcriteria9-12
codepoint
SeeDSCPcodepoint.
commandsyntaxconventions1-2
configuration4-10
factorydefault2-24,2-30,4-9
spanningtreeprotocol4-10
console
switchmeshing,configuring5-9
CoS
SeeClassofService.
D
dedicatedmanagementVLAN2-51
defaultclass,classifier6-75,9-5,9-29
defaultsettings
GVRPunknownVLAN,learn3-8
GVRP,disabled3-3
ip-recv-mac-addressinterval,60seconds2-68
loopprotection,disabled4-75
loopbackIPaddress,127.0.0.12-8
MACaddress,restoring2-68
managementVLAN,disabled2-55
MSTP4-3
defaultsettingsrecommended4-6,4-9
MSTinstance,04-70
Seealsospanningtree.4-3
QinQ,disabled8-7
spanningtree4-3
config-name4-22
config-revision,04-22
forward-delay,154-23
hello-time,24-24
max-hops,204-19,4-24
maximumage,204-24
pathcostvalues4-17
perportparameters4-264-30
pvst-filter,disabled4-36
pvst-protection,disabled4-35
spanningtreeoperation,off4-9
stacking7-4,7-10
autojoin,enabled7-15
stackstate,candidate7-15
transmissioninterval,60seconds7-15
stacking,enabled7-29
staticVLANs,82-5
VLANname2-31,2-41
vlanqospriority,02-61
VLANsupport,256VLANs2-19
defaultVLAN2-10,2-15,2-30,2-51
DelayThroughputReliabilitybits
inIPv4/IPv6headers9-12
matchcriteria,classifier
DHCP
gatewayignored2-52
DifferentiatedServices(DiffServ)
SeeDSCPcodepoint.
documentation
featurematrix-xvi
latestversions-xv
releasenotes-xv
domains,connecting5-26
downstreamdevice(QoS)
definition6-7
effectof802.1pprioritysettings6-15
DSCPcodepoint
associatedwith802.1ppriority6-8
defined6-7,6-42
inToSbyte6-9,6-43
inTrafficClassbyte6-9,6-43
mappedto802.1ppriority6-89
matchcriteria,classifier6-72,9-10
matchcriteria,globalQoS6-41,6-45
packetmarking
globalQoS6-16,6-27,6-49,6-58,6-64
policy,defined6-8
Seealso802.1ppriority.
DSCPPolicytable6-79,6-90
DTR
2Index
SeeDelayThroughputReliabilitybits.
E
eventlog
EventLogMessageReferenceGuide-xv
F
forbidoption
SeeGVRP.
forwardingdatabase
SeeVLAN.
G
GARP
SeeGVRP.
gateway
manualconfigpriority2-52
GVRP4-8
ACLs,restriction3-19
advertisement3-19
advertisement,defined3-3
advertisement,responsesto3-6
advertisements,generating3-11
autooption3-10
benefit3-3
block3-8
CLI,configuring3-14
configurableportoptions3-6
configuringlearn,block,disable3-8
convertdynamictostatic3-7
convertingtostaticVLAN3-4
disable3-8
dynamicVLANandreboots3-19
dynamicVLANsalwaystagged3-4
forbidoption3-10
GARP3-3
generaloperation3-4
IPaddressing3-7
jumboframes3-19
learn3-8
learn,block,disable3-10
menu,configuring3-13
meshedports5-23
meshingrequirement5-6
non-GVRPaware3-18
non-GVRPdevice3-18
operatingnotes3-18
portcontroloptions3-11
port-leavefromdynamic3-11
provider-gvrp(QinQ)8-15
reboot,switch3-12
recommendedtagging3-11
standard3-3
tagged,dynamicVLAN3-4
unknownVLAN3-11
unknownVLAN,options3-7
VLANbehavior2-14
VLAN,dynamicadds2-28
VLAN,maximum3-18
withQinQ8-29
withQoS6-56
H
heartbeatpacketsinVLANMAC
configuration2-67
Help
forCLI1-7
formenuinterface1-6
forwebbrowserinterface1-7
I
IANA,protocolnumbers9-8,9-14
ICMP
matchcriteria,classifier9-14
IEEE802.1adspecification8-4,8-6
IGMP
inswitchmeshdomain5-22
meshrequirement5-6
inboundport(QoS)
definition6-8
IP
gateway2-52
IPaddress
matchcriteria,globalQoS6-33
quickstart1-7
IPprecedencebits
defined6-8,6-42
Index3
inToSbyte6-9,6-43
inTrafficClassbyte6-43
matchcriteria
classifier6-72,9-11
globalQoS6-41
IPv4
DSCPcodepoint,defined6-7
maskusedinmatchcriteria,classifier9-20,
9-22
IPv6
classconfiguration,classifier9-6
DSCPcodepoint,defined6-7
IPprecedencebitsinTrafficClassbyte6-9
managementVLANisforv6traffic2-59
matchcriteria
classifier6-6,6-11,6-13,6-70,6-72
classifier-basedQoS6-34
globalQoS6-22,6-33
overview9-5
prefixmask9-10,9-20,9-23
TrafficClasscomparedtoIPv4ToSfield9-12
J
jumboframes
GVRP3-19
QinQ8-11
switchmesh5-23
L
LACP
effectsonQinQ8-23
mesh,effect5-5
latency
reducingwithswitchmeshing5-19
Layer-3protocol
legacyVLAN2-13
linkfailures
quickresponseto5-2
links,redundant,inmesh5-26
loopprotection
configuring4-74
send-disable4-74
show4-76
transmit-interval4-75
trap4-75
usedforunmanageddevices4-3
loop,network4-10
M
MACaddress
duplicate2-20
perswitch2-20
perVLAN2-20
sameforallVLANs2-63
singleforwardingdatabase2-20
managementVLAN,secure
SeesecuremanagementVLAN
markingpackets6-8
802.1ppriority6-14,6-18
DSCPcodepoint6-16,6-18
globalQoS6-14
precedencebits6-18
rate-limit6-18
matchcriteria
classifier-based,defined9-5
globalQoS6-12
ICMP9-14
IGMP9-17
IPaddress6-33,9-8
IPprecedencebits6-41,9-11
Layer-3protocol6-54
sourceport6-62
TCP/UDP6-24,9-18
ToSbits9-11
TypeofService6-41
VLANID6-56,9-12
maximumVLANs,GVRP3-18
mesh
802.1Xnotsupported5-5
benefits5-2
blockedports5-8
broadcaststorm5-4
broadcasttraffic5-18
broadcasttree5-19
configuringfromtheconsole5-9
connectingdomains5-26
connectingmultipledomains5-6
domain5-3
4Index
domain,defined5-4
dynamicvlan5-23
edgeswitch5-4,5-18
filtering5-22
GVRP5-23
GVRPrequirement5-6
hopcount5-5
hubnotallowed5-5,5-7
IGMPrequirement5-6
increaseSTPcost5-21
jumboframes5-23
LACPdynamictrunk,effect5-5
linkblocked5-21
linktonon-meshswitch5-20
links,multiple5-26
load-balancingtechnology5-2
managementVLAN2-59
multicasttraffic5-18
multiplemeshdomains5-21
multipleVLANs5-19
noTypeselection5-26
operatingdetails5-18
operatingnotes5-18
operatingrules5-5
portlimitper-switch5-5
porttrunk5-26
porttypes5-2
QinQ8-12,8-30
redundantlinks5-4,5-21,5-26
redundantpaths5-3
removingaport,effect5-5
RSTP5-6
RSTPcaution5-22
spanningtree4-16
spanning-treerequirement5-6
staticVLANs5-22
status,viewing5-13
STP5-6
STPcaution5-22
switchhopcount5-25
switchlimitper-domain5-5
trunkedlinksnotallowed5-5,5-7
Typesetting5-10
unicast5-19
utilization5-18
VLAN5-22
VLAN,dynamic5-6
VLAN,static5-6
whenIProutingisnotsupported5-5
withIGMP5-22
withnetworkmonitorport5-26
message
VLANalreadyexists2-44
mirroring
classifier-basedconfiguration9-40
MSTI,configuration4-39
MSTP
instancemapping4-47
meshing5-20
preconfigurebenefits4-46
preconfiguretopology4-46
preconfigurevlansininstance4-47
savingcurrentconfiguration4-51
vlanrangeoption4-48
multicasttraffic5-18
multipleforwardingdatabase2-20
N
non-routableVLAN2-59
O
operatingnotes
switchmeshing5-18
outboundport(QoS)
definition6-8
outboundportqueue(QoS)
changingthenumberofqueues6-98
definition6-8
determinedby802.1ppriority6-5,6-53
determinedbyDSCPpolicy6-5,6-53
P
pathcosts
802.1DSTPversusRSTPandMSTP4-17
configuring802.1DSTPpathcostvalues4-23
port
blockedbySTPoperation4-10
blockedinmesh5-8
loop4-10
manuallyre-enabling4-36
monitoring2-63
Index5
redundantpath4-10
porttrunk
meshedswitch5-26
VLAN2-63
port-type(QinQ)
customer-edgeport8-12
customer-networkport8-6
provider-networkport8-6
precedencebits(QoS)
definition6-8
packetmarking
PremiumLicense
overview,listoffeatures-xvi
QinQ8-3
primaryVLAN
SeeVLAN,primary.
priority
802.1ppriority,defined6-7
associatedwithDSCP6-7
configuringnumberofqueues6-97
downstreamdevice,defined6-7
inboundport6-8
outboundport6-8
packetmarking
globalQoS6-14
queuesperport6-97
upstreamdevice6-9
priority(QoS)
changingqueuesperport6-97
IPaddress,sourceanddestinationmatch6-34
matchcriteriaforprioritizingpackets6-12
VID,effectofeliminating6-56
ProCurve
switchdocumentation-xv
PVST
disabling4-35
enabling4-35
enablingfiltering4-36
filtering4-34
manuallyre-enablingport4-36
protection4-34
showconfiguredports4-37
Q
QinQ
configurationexample8-178-21
configuring8-138-23
assigningportstoVLANs8-10
auth-vid/unauth-vid8-28
changingbridgemodes8-10,8-22
creatingS-VLANs8-14
portS-VLANmembership8-15
porttrunks8-30
ports8-13,8-23
port-types8-10,8-16
qinqmodes8-7
updatingVLANtypes8-11
VLANmode 8-14
VLANs8-8
c-taggedinterfacesnotsupported8-12
C-VLAN8-5,8-6
definition8-6
deletingS-VLANs8-14
disabling8-7,8-22
disablinggvrpatinterface8-15
duplicateVIDs8-9
enabling8-7,8-14
erasingconfigurationswhenchanging
modes8-22
eventlogmessages8-33
featuresandbenefits8-5
framesizeincreases8-11
GVRP8-15,8-23,8-29
disablingattheinterface8-15
impactsonotherfeatures8-288-32
aaa 8-28
ACLs8-28
arp-protect8-28
CDP8-29
DHCP8-29
directed-broadcast8-29
GVRP8-29
igmp-proxy8-29
IPv68-29
jumboframes8-29
LACP8-23,8-30
load-sharing8-30
meshing8-10,8-12,8-30
mirroring/monitoring8-23,8-31
multicast-routing8-31
QoS8-31
routing 8-31
spanningtree8-31
6Index
stacking8-10,8-32
UDLD8-10,8-32
VoiceVLANs8-32
VRRP8-32
interoperatingwithnon-ProCurve
devices8-12
IPsupport8-11
jumboframes8-11
LLDPnotsupported8-30
managementVLAN8-11,8-30
meshing8-12,8-30
MIBobjects8-33
mixedvlanmode8-6,8-7,8-8,8-10,8-14
port
assigningtovlans8-15
assignmenttoVLANs8-10
configuration8-13
configuringporttrunks8-30
configuringport-types8-16
configuring S-VLAN membership8-15,
8-23
configuringuplinkports8-19
customer-edgeport8-12
customer-networkport8-10,8-16
customer-networkport-type8-6
movingfromC-VLANstoS-VLANs8-23
port-typedefaults8-10
provider-networkport8-10,8-16
provider-networkport-type8-6
port-types8-13
primaryVLAN8-11
providercorebridge8-7,8-10,8-17
provideredgebridge8-7,8-10,8-17
purpose8-4
restrictions8-10
serviceprovider8-4,8-6
showcommands8-24
SNMPsupport8-33
softwarelicenserequirements8-3
spanningtreeforprovidernetwork8-20
S-VLAN8-5,8-6,8-14
S-VLANbridge8-7
svlanmode8-7,8-14
S-VLANsandC-VIDs8-18
tag-type,tpidvalue8-12
usemodel8-4
usedinasingleenterprise8-4
VIDconfigurationoptions8-9,8-11
VLANconfigurations8-7,8-8
voice-VLANsnotsupported8-11
QualityofService
802.1ppriority
honoredindownstreamdevices6-15
mappedtooutboundportqueues6-15
packetmarking6-7
basicoperation6-9
changingthenumberofoutbound
queues6-98
classifier-basedconfiguration6-6,6-70,6-71,
9-40
classifier-basedoverrideofglobal
configuration6-18,6-81
configuringnumberofpriorityqueues6-97
definitionofterms6-7
DSCPPolicytable6-90
featuredescription6-4
fromupstreamdevice6-9
globalconfiguration6-19
GVRPnotsupported6-56
inVLAN-anduntagged-VLAN
environments6-17
inboundtrafficonnetworkedge6-5
markingpackets6-8,6-14
matchcriteria
IPaddress6-33,6-72
IPprecedencebits6-41,6-72
Layer-3protocol6-54,6-72
sourceport6-62
TCP/UDP6-24,6-72
VLANID6-56,6-72
maximumremarkingentries6-23
No-overrideinDSCPPolicytable6-91
No-overrideinshowqosoutput6-22
ondownstreamdevice6-7
onedgeswitches6-8
outboundVLANtraffic6-5
overview6-1
packetclassification
classifier-based6-7,6-13
global6-12
globalconfiguration6-20
overview6-12
Seealsomatchcriteria.6-12
packetmarking
Index7
802.1ppriority6-14,6-18
classifier-basedQoS6-18,6-71
globalQoS6-14,6-20
IPprecedence6-18
rate-limit6-18
QinQconfigurationimpacts8-31
QoSpolicy
classifier-based6-8,6-11,6-73
globally-configured6-8,6-10
queueconfiguration6-97
restrictions
classifier-basedQoS6-75,6-86
globalQoS6-22
showresourcescommand6-32,6-86
viewingconfiguration6-21,6-82
quickstart1-7
R
rate-limiting
restrictions6-77
redundantlinks5-4,5-21
non-meshed5-20
redundantpath4-10
region4-10
resequencing
classconfiguration,classifier9-24
policyconfiguration,classifier9-33
revisionnumber4-14
root-history4-62
routing
non-routableVLAN2-59
RSTP
meshingrequirement5-6
S
securemanagementVLAN2-52
setupscreen1-7
showpolicyresourcescommand6-84,9-38
showresourcescommand6-32,6-86
showvlancustom2-36
singlepointoffailure,removing5-2
spanningtree
802.1s
Seespanningtree,802.1s.
blockedlink4-12
blockedport4-10
broadcaststorm4-3
config-name4-47
config-revision4-47
enablingMSTP4-44
instancevlan4-46,4-47
MSTP
Seespanning-tree,802.1s
root-history4-62
VLANeffecton2-62
spanning-tree,802.1s4-4,4-6
802.1Dand802.1wconnections4-16
802.1Dasaregion4-13,4-16
802.1QVLANs4-12
802.1sstandard-compliant4-6
802.1wasaregion4-13
activepath4-10
activepaths4-15
bandwidthloss4-12
benefit4-6
blockedtraffic4-11
boundaryport,region4-14,4-15
boundaryport,VLANmembership4-11
BPDU4-11,4-19,4-23,4-24,4-28
BPDUrequirement4-14
BPDU,function4-14
bridge4-14
bridge,designatedforregion4-14
caution4-6,4-9
CIST4-8,4-13,4-15
CISTper-porthellotime4-15
CISTroot4-27
CISTroot,displaychangehistory4-62
commonandinternalspanningtree
SeeCIST.
commonspanningtree
SeeCST.
compatibility4-16
compatibilitymode4-23
configurationidentifier4-14
configurationsteps4-19
configuration,BPDUportprotection4-30
configuration,exchanging4-44
configuration,MSTinstance4-39
8Index
configuration,MSTIper-port4-41
configuration,port4-26
CST4-8,4-11,4-13
CSTandlegacydevices4-11
CST,viewstatus4-55,4-56
debug,displaycounters4-65,4-66,4-68
defaultconfiguration4-9
designatedbridge4-11,4-14
designatedport4-11
disablingMSTP4-44
displaystatisticsandconfiguration4-53
dynamicVLANs,disallowed4-9
edgeport4-27
enablingaregion4-44
enablingMSTP4-44
exampleofmultipletopologies4-10
faulttolerance4-6
forceprotocolversion4-16
forward-delay4-23
forwardingpaths4-16
forwardingstate4-27
frameduplicationandmisordering4-16
generaloperation4-4,4-6
GVRP4-8,4-15
hello-time,CISTroot,propagated4-15,4-24
hello-time,override4-15
hello-time,propagated4-15
hop-countdecremented4-24
instance4-4,4-15,4-20
instance,displaydebugcounters4-65,4-66,
4-68
instance,forwardingtopology4-16
instance,IST4-8
instance,type4-8
internalspanningtree
SeeIST.
interoperatingwith802.1Dand802.1w4-13
IST4-8
ISTinstance4-8,4-39,4-48
ISTroot4-8,4-10,4-14
ISTroot,displaychangehistory4-62
IST,defined4-13
IST,dynamicVLAN4-15
IST,rootswitch4-13
IST,switchmembership4-13
IST,VLANmembership4-8
legacydevicesandtheCST4-11
legacySTPandRSTP4-11
meshenvironment4-6,4-16
MIB4-53
MSTregion
Seeregion.
MSTI4-8,4-15
MSTIroot4-10
MSTIroot,displaychangehistory4-62
MSTI,viewstatus4-57
MSTP4-9
MSTPoperation4-9
MSTP,viewglobalconfiguration4-58
multiplespanningtreeinstance
SeeMSTI
overridehello-time4-15
pathcost,effecton802.1D4-16
pendingconfiguration4-61
pendingoption4-9,4-22,4-44
per-VLANSTP4-6
planning4-17
portconnectivity4-26
portstates4-10,4-16
priorityresolution4-40
priority,device4-19,4-25
priority,ISTport4-43
priority,MSTIport4-42
QinQconfigurationimpacts8-31
rapidstatetransitions4-16
redundantlinks4-11
region4-4,4-7,4-8,4-9
regionname4-14,4-21
regionrootswitch4-8
region,configurationname4-73
region,ConfigurationRevisionnumber4-73
region,defined4-14
region,enabling4-44
region,rootbridge4-13
region,RSTPbridge4-15
region,switchconfiguration4-15
region,switchexcluded4-73
region,viewconfiguration4-60
region,VLANassignments4-14
regionalboundaryport4-14
regionalrootbridgeper-instance4-11
regionalrootswitch4-13
regionalrootswitch,configuration4-15
regions,communicationbetween4-15
rootbridge4-8
rootbridgeper-instance4-11
Index9
rootbridgeper-region4-13
rootportper-instance4-11
rootswitch,instance4-40
rootswitch,ISTinstance4-8,4-13
rootswitch,MSTinstance4-15
rootswitch,regional4-13
root,CIST4-24
root,IST4-14
root,MSTI4-10
routedtrafficinaregion4-11
RSTPasaregion4-7
RSTPBPDUrequirement4-14
RSTPbridge4-15
rulesforoperation4-15
separateforwardingpaths4-8
showcommands4-53,4-62
SNMPMIB4-53
STPasaregion4-7
switchexcludedfromregion4-73
topologybetweenregions4-10
troubleshooting4-62
trunk,root,per-instance4-11
trunkedlink4-58
trunkedlinkexample4-12
typesofMSTinstances4-8
VLANassignments,region4-14,4-15
VLANmembership,region4-12
VLAN,changeinstance4-20
VLAN,configurationerror4-73
VLAN,connectivitybetweenregions4-15
VLAN,duplicateormissingpackets4-73
VLAN,dynamic4-8
VLAN,instanceassigned4-10,4-15,4-39,4-48
withlegacySTPandRSTP4-7
stacking
benefits7-3
minimumsoftwareversion,otherProCurve
switches7-9
primary7-45
QinQsupport8-32
Seealsovirtualstacking.
staticVLAN,convertto3-4
STP
costchangebymeshswitch5-21
subnetaddress2-8
switchmeshing
Seemesh.
T
TCP/UDP
operators9-18,9-19
packetclassification,globalQoS6-24
well-knownportnames9-19
ToS
comparedtoIPv6TrafficClassbyte9-12
SeeTypeofService.
TrafficClassbyte
comparedtoIPv4ToSbyte6-43
defined6-9
inIPv6header9-12
trunk
spanning-treeexample4-12
TypeofService
defined6-9
DTRbitsasmatchcriteria,classifier9-11
inIPv4header9-12
IPv4ToScomparedtoIPv6TrafficClass
byte9-12
ToSbytecomparedtoIPv6TrafficClass
byte6-43
Type,meshedport5-10
U
unicast
inswitchmesh5-19
upstreamdevice(QoS)
definition6-9
V
VID
SeeVLAN.
virtualstacking
transmissionintervalrange7-16
VLAN
802.1QVLANinmesh5-22
alreadyexists,message2-44
broadcastdomain2-5
CLI,commands2-31
CLI,configuringparameters2-30
convertdynamictostatic2-43,3-4
customdisplayfields2-37
10Index
customerVLAN
SeeC-VLAN
customizingoutput2-36
C-VLAN(QinQ)8-5,8-6
dedicatedmanagement2-51
defaultVLANVID2-51
defaultVLAN,namechange2-51
DEFAULT_VLAN2-51
deleting2-16,2-41,2-64
deleting,withmemberports2-16,2-41,2-42
DHCP,primaryVLAN2-51
double-tagging8-11
duplicateMACaddress2-20
dynamic2-5,2-19,2-24,2-30,2-43,4-15
effectonspanningtree2-62
gateway,IP2-52
GVRP,auto2-15
heartbeatpackets,configuring2-67
IPinterfacerelationship2-63
layer-2broadcastdomain2-6
layer-3broadcastdomain2-6
limit2-24,2-30
MACaddressassignment2-63
MACaddressreconfiguration2-65
MACaddress,verifying2-69
maximum,GVRP3-18
menu,configuringparameters2-24
menu,maximumcapacity2-28
menu,missingVLAN2-28
meshdomainand5-22
migratinglayer-3VLANs2-65
mixedvlanmode(QinQ)8-6
multipleforwardingdatabase2-20,2-23
multipleinswitchmesh5-19
multipleVLANsonport2-48
non-routable2-59
numberallowed,includingdynamic2-28
perportconfigurationoptions2-14
portassignment2-28
portconfiguration2-50
portmonitoring2-63
portrestriction2-64
porttrunk2-63
port-based2-6
primary2-40,2-51,7-9,7-33,7-45
primary,CLIcommand2-31,2-39
primary,selectinmenu2-25
primary,webconfigure2-45
primary,withDHCP2-15
protocol2-6,2-7,2-11,2-15,2-17,2-63
ARPrequirement2-15,2-41
capacityperVLAN2-15
CLIonly 2-24
commands2-31
comparedtoport-based2-8
example2-49
forbidoptionnotallowed2-44
IPaddressing2-8
IPv4routing2-9
IPv4,ARPrequirement2-15,2-41
IPv62-8
limit2-14
limitontypesper-port2-9
non-routable2-9,2-12,2-46
operation2-17
portmembershiplimit2-9
primaryVLANnotallowed2-40,2-52
router,external2-10,2-12,2-64
routing2-6,2-10,2-64
status2-32,2-33,2-35
tagged2-14,2-48
taggedmember2-9
tagging2-10
trafficseparation2-5
types2-11,2-41
untaggedmember2-9
untaggedpacketforwarding2-16
untagged,limit2-14
untagged,multiple2-48
untagged,restriction2-64
QinQconfigurationoptions8-7,8-8
restrictions2-64
routingbetweenVLANs2-5
routing,protocolVLANs2-6
securemanagement2-52
security,network2-5
serviceVLAN
SeeS-VLAN
showvlanportsdetail2-32
static2-5,2-7,2-24,2-30,2-52
static,inswitchmesh5-6
subnet2-5
Index11
S-VLAN(QinQ)8-5,8-6
svlanmode(QinQ)8-7
switchcapacity2-5
switchmesh5-6
tagging2-46,2-48
tunnelVLAN
SeeS-VLAN
unknownVLAN3-11
untagged2-13,2-29
untagged,operation2-17
VID2-5,2-48
VID,defaultVLAN2-52
voice2-6,2-32,2-33,2-35,2-62
voice,configuration2-42
voice,configuring2-31
voice,VLANtype2-15
webbrowserconfiguration2-45
SeealsoGVRP.
VLANs
static,802.1sspanningtree4-8
voiceVLAN
SeeVLAN.
VoIP
operatingrules2-15
SeealsoVLAN,voice.
VPNsolutionforMANs
QinQ8-5
W
warranty-ii
webbrowserinterface
configuringVLANs2-45
writememory
convertingdynamictostaticVLAN3-18
12Index
ProCurve 5400zl Switches
Installation and Getting Startd Guide
Technology for better business outcomes
To learn more, visit www.hp.com/go/procurve/
Copyright 2010 Hewlett-Packard Development Company, L.P. The information
contained herein is subject to change without notice. The only warranties for HP products
and services are set forth in the express warranty statements accompanying such products
and services. Nothing herein should be construed as constituting an additional warranty.
HP will not be liable for technical or editorial errors or omissions contained herein.
5992-3060, June 2010

Advanced Traffic Management Guide

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Advanced Traffic Management Guide

Diunggah oleh

Hak Cipta:

Format Tersedia

HP ProCurve Switch Software

Advanced Traffic Management Guide

Anda mungkin juga menyukai