04-VLAN Operation 5500

Operation Manual VLAN H3C S5500-SI Series Ethernet Switches
Table of Contents
Table of Contents
Chapter 1 VLAN Configuration .................................................................................................... 1-1 1.1 VLAN Overview.................................................................................................................. 1-1 1.1.1 Introduction to VLAN ............................................................................................... 1-1 1.1.2 VLAN Classification................................................................................................. 1-2 1.2 Basic VLAN Configuration ................................................................................................. 1-2 1.3 Basic VLAN Interface Configuration .................................................................................. 1-2 1.4 Port-Based VLAN Configuration ........................................................................................ 1-3 1.4.1 Introduction of Port-Based VLAN ............................................................................ 1-3 1.4.2 Configuring an Access Port-Based VLAN............................................................... 1-5 1.4.3 Configuring a Trunk Port-Based VLAN ................................................................... 1-6 1.4.4 Configuring a Hybrid Port-Based VLAN.................................................................. 1-7 1.5 Displaying VLAN Configuration ......................................................................................... 1-8 1.6 VLAN Configuration Example ............................................................................................ 1-9 1.6.1 Network Requirements............................................................................................ 1-9 1.6.2 Network Diagram..................................................................................................... 1-9 1.6.3 Configuration Procedure ......................................................................................... 1-9 Chapter 2 Voice VLAN Configuration.......................................................................................... 2-1 2.1 Voice VLAN Overview ....................................................................................................... 2-1 2.1.1 Automatic and Manual Voice VLAN Modes ............................................................ 2-1 2.1.2 Security and Ordinary Voice VLAN Modes ............................................................. 2-4 2.2 Voice VLAN Configuration ................................................................................................. 2-4 2.2.1 Configuration Prerequisites..................................................................................... 2-4 2.2.2 Configuring Voice VLAN in Automatic Mode .......................................................... 2-5 2.2.3 Configuring Voice VLAN in Manual Mode............................................................... 2-6 2.3 Displaying Voice VLAN...................................................................................................... 2-7 2.4 Voice VLAN Configuration Example .................................................................................. 2-7 2.4.1 Voice VLAN Configuration Example (Automatic Mode).......................................... 2-7 2.4.2 Voice VLAN Configuration Example (Manual Mode) .............................................. 2-9 Chapter 3 GVRP Configuration .................................................................................................... 3-1 3.1 Introduction to GARP......................................................................................................... 3-1 3.1.1 Introduction to GARP .............................................................................................. 3-1 3.1.2 Introduction to GVRP .............................................................................................. 3-3 3.1.3 Protocols and Standards......................................................................................... 3-4 3.2 Configuring GVRP ............................................................................................................. 3-4 3.2.1 Configuring GVRP................................................................................................... 3-4 3.2.2 Setting GARP Timer................................................................................................ 3-5 3.3 Displaying and Maintaining GARP/GVRP ......................................................................... 3-6
Table of Contents
3.4 GVRP Configuration Example ........................................................................................... 3-7 3.4.1 Example 1 ............................................................................................................... 3-7 3.4.2 Example 2 ............................................................................................................... 3-8 3.4.3 Example 3 ............................................................................................................... 3-9
ii
Chapter 1 VLAN Configuration

1.1 VLAN Overview
1.1.1 Introduction to VLAN
The virtual local area network (VLAN) technology is developed for switches to control broadcast operations in LANs. By creating VLANs in a physical LAN, you can divide the LAN into multiple logical LANs, each of which has a broadcast domain of its own. Hosts in the same VLAN communicate with each other as if they are in a LAN. However, hosts in different VLANs cannot communicate with each other directly. In this way, a broadcast frame is confined within one VLAN, as shown in Figure 1-1.
LAN Switch
VLAN A
VLAN B VLAN A
LAN Switch
VLAN A
VLAN B
VLAN B
Router
Figure 1-1 A VLAN implementation A VLAN can span across multiple switches, or even routers. This enables hosts in a VLAN to be dispersed in a more loose way. That is, hosts in a VLAN can belong to different physical network segments. VLAN enjoys the following advantages.
z
Broadcasts are confined to VLANs. This decreases bandwidth utilization and improves network performance. Network security is improved. Packets of different VLANs are isolated during transmission. That is, hosts in different VLANs cannot communicate with each other directly. To enable communications between different VLANs, network devices operating on Layer 3 (such as routers or Layer 3 switches) are needed.
1-1

z
Configuration workload is reduced. VLAN can be used to group specific hosts. When the physical position of a host changes, no additional network configuration is required if the host still belongs to the same VLAN.
1.1.2 VLAN Classification

Depending on how VLANs are established, VLANs fall into the following six categories:
z z z z z z
Port-based VLAN MAC-based VLAN Protocol-based VLAN IP sub network-based VLAN Policy-based VLAN Other VLAN
H3C S5500-SI Series Ethernet Switch supports the port-based VLAN. This chapter will focus on the port-based VLAN.
1.2 Basic VLAN Configuration

Table 1-1 Basic VLAN configuration To do Enter system view Create VLANs in bulk Use the command system-view vlan { vlan-id1 vlan-id2 | all } to Optional Required Create a VLAN and enter VLAN view vlan vlan-id If the specified VLAN does not exist, this command will first create the VLAN, and then enter VLAN view. Optional Specify the description string of the VLAN description text By default, the description string of a VLAN is its VLAN ID, such as VLAN 0001. Remarks
1.3 Basic VLAN Interface Configuration

VLAN interface is a virtual interface in Layer 3 mode, and mainly used in realizing the Layer 3 connectivity between different VLANs.
1-2
Table 1-2 Configure a VLAN interface To do Enter system view Use the command system-view Required Create a VLAN interface and enter VLAN interface view interface vlan-interface vlan-interface-id If the specified VLAN interface does not exist, this command will create it first and then enter VLAN interface view. Optional By default, no IP address is configured for a VLAN interface Optional Specify the description string for the current VLAN interface By default, the description string of a VLAN interface is the name of the VLAN interface, such as Vlan-interface1 interface. Optional By default, if all the ports under the VLAN interface are down, the VLAN interface is down; if one or more ports under the VLAN interface are up, the VLAN interface is up. Remarks
Configure IP address of VLAN interface
ip address ip-address { mask | mask-length } [ sub ]
description text
Enable Interface
the
VLAN
undo shutdown
Note: Before creating a VLAN interface, the corresponding VLAN must exist. Otherwise, you cannot create the VLAN interface successfully.
1.4 Port-Based VLAN Configuration

1.4.1 Introduction of Port-Based VLAN
Port-based VLAN is the simplest and most effective VLAN division method. It defines its VLAN members according to the ports of a switch. After a specified port is added into a specified VLAN, the port can forward the packets of the specified VLAN.
1-3
I. Link Type of an Ethernet Port

Depending on how a port processes VLAN tags when it forwards packets, the link type of the port can be one of the following three types:
z
Access. An access port belongs to only one VLAN; it strips VLAN tags when sending the packets of the VLAN. An access port is generally used to connect a user device.
Trunk. A trunk port can belong to more than one VLAN and receives/sends the packets of multiple VLANs; it is generally used to connect a switch. Hybrid. A hybrid port can also belong to more than one VLAN and receives/sends the packets of multiple VLANs; it is used to connect a switch or a user device.
The difference between the hybrid port and the trunk port is that:
z z
A hybrid port allows the packets from multiple VLANs to be sent without tags. A trunk port only allows the packets from the default VLAN to be sent without tags.
II. Default VLAN

You can configure a VLAN for a port. In additional, you can also configure a default VLAN for the port. By default, the default VLAN of all the ports is VLAN 1. But you can configure it as needed.
z
The default VLAN of an access port is the VLAN the access port belongs to and cannot be configured. Both of the trunk port and hybrid port allow multiple VLANs to pass through. You can configure the default VLAN for them. After you delete the default VLAN of a port through the undo vlan command, for an access port, its default VLAN restore to VLAN 1; for a trunk or a hybrid port, its default VLAN configuration remain unchanged, that is, a trunk port or hybrid port can use the presently nonexistent VLAN as the default VLAN.
Note: For ports of a voice VLAN in automatic mode, you cannot configure the voice VLAN as the default VLAN of the ports. If you do so, the system will prompt that you cannot perform the configuration. For information about the voice VLAN, refer to Chapter 2 Voice VLAN Configuration.
The way by which a port processes incoming and outgoing packets depends on the link type and default VLAN configured on it. Refer to the following table for details:
1-4
Table 1-3 Incoming and outgoing packets Incoming packet Port type If no tag is carried in the packet If a tag is carried in the packet
z
Outgoing packet
Access port
z
Receive the packet when the VLAN ID (recorded in the tag) is the same with the default VLAN ID. Drop the packet when the VLAN ID is different with the default VLAN ID.
Remove the tag and send the packet directly for the VLAN ID is just the default VLAN ID.
z z
Trunk port
Encapsulate the default VLAN tag to the packet

z
Hybrid port
Receive the packet when the VLAN ID (recorded in the tag) is the same with the default VLAN ID. Receive the packet when the VLAN ID is different with the default VLAN ID but is allowed on the port. Drop the packet when the VLAN ID is different with the default ID and is not allowed on the port.
When the VLAN ID is the same with the default VLAN ID, remove the tag of the packet first and then send the packet. When the VLAN ID is different with the default VLAN ID but is allowed on the port, keep the original tag and send the packet.
When the VLAN ID is allowed on the port, send the packet. You can configure whether or not to carry tags in the outgoing packets of a VLAN (including default VLAN) through the port hybrid vlan command.
1.4.2 Configuring an Access Port-Based VLAN

You can configure an access port-based VLAN in two ways: configure it in VLAN view, or configure it in Ethernet port view/port group view.
1-5
Table 1-4 Configure an access port-based VLAN (in VLAN view) To do Enter system view Use the command system-view Required Enter VLAN view vlan vlan-id If the specified VLAN does not exist, this command will create the VLAN first and then enter VLAN view of the VLAN. Required port interface-list By default, the system adds all ports to VLAN 1. Remarks
Add an Ethernet port to a specified VLAN
Table 1-5 Configure an access port-based VLAN (in Ethernet port view or port group view) To do Enter system view Enter Ethernet port view Use the command system-view interface interface-type interface-number Use either command Configured in Ethernet port view, the following settings are effective on the current port only; configured in port group view, the following settings are effective on all ports in the port group Optional port link-type access By default, a port is an access port. Required port access vlan vlan-id By default, all access ports belong to VLAN 1. Remarks
Enter Ethernet port view or port group view
Enter port group view
port-group { manual port-group-name | aggregation agg-id }
Configure a port as an access port
Add the current access port to a specified VLAN
Note: You must add an access port to an existing VLAN.
1.4.3 Configuring a Trunk Port-Based VLAN

A trunk port allows multiple VLANs to pass, and you can configure it in Ethernet port view/port group view.
1-6
Table 1-6 Configure a trunk port-based VLAN To do Enter system view Enter Ethernet port view Use the command system-view interface interface-type interface-number Use either command Configured in Ethernet port view, the following settings are effective on the current port only; configured in port group view, the following settings are effective on all ports in the port group Required port link-type trunk By default, the link type of a port is access. Required Add the current trunk port to specified VLANs port trunk permit vlan { vlan-id-list | all } By default, all trunk ports only allow the packets of VLAN 1 to pass. Optional Set the default VLAN for the trunk port port trunk vlan-id pvid vlan By default, the default VLAN of the trunk port is VLAN 1 Remarks
Enter Ethernet port view or port group view
Enter port group view
Configure a port as a trunk port
Note:
z
A trunk port and a hybrid port cannot switch to each other directly but must be configured as an access port first. For example, a trunk port cannot be configured to be a hybrid port directly; you must specify the trunk port as an access port first, and then specify the access port as a hybrid port.
The default VLAN ID of the trunk port on the local switch must be the same as that of the trunk port on the peer switch. Otherwise, the packets of the default VLAN cannot be transmitted correctly from the local end to the peer end.
1.4.4 Configuring a Hybrid Port-Based VLAN

A hybrid port allows multiple VLANs to pass, and you can configure it in Ethernet port view/port group view.
1-7
Table 1-7 Configure a hybrid port-based VLAN To do Enter system view Enter Ethernet port view or port group view Enter Ethernet port view Enter port group view Use the command system-view interface interface-type interface-number Use either command Configured in Ethernet port view, the following settings are effective on the current port only; configured in port group view, the following settings are effective on all ports in the port group Required port link-type hybrid By default, the link type of a port is access. Required port hybrid vlan vlan-id-list { tagged | untagged } By default, all hybrid ports only allow VLAN 1 packets to pass. Optional Set the default VLAN for the hybrid port. port hybrid vlan-id pvid vlan By default, the default VLAN of the hybrid port is VLAN 1 Remarks
Configure a port as a Hybrid port
Add the current hybrid port to specified VLANs
Note:
z
A trunk port and a hybrid port cannot switch to each other directly but must be configured as an access port first. For example, a trunk port cannot be configured to be a hybrid port directly. You must specify the trunk port as an access port first, and then specify the access port to a hybrid port.
The VLANs configured to be permitted to pass through a hybrid port must exist.
1.5 Displaying VLAN Configuration

After the above configuration, you can execute the display command in any view to view the running of the VLAN configuration, and to verify the effect of the configuration.
1-8
Table 1-8 Display the information about specified VLANs To do Display the information about specified VLANs Display the information about specified VLAN interface Use the command display vlan [ vlan-id1 [ to vlan-id2 ] | all | static | dynamic | reserved ] display interface vlan-interface [ vlan-interface-id ] Remarks
Available in any view
1.6 VLAN Configuration Example

1.6.1 Network Requirements
z z z
Switch A connects with Switch B through the trunk port GigabitEthernet1/0/1. The default VLAN ID of the port is 100. The port permits the packets from VLAN 2, VLAN 6 through 50, and VLAN 100 to pass.
1.6.2 Network Diagram

GigabitEthernet1/0/1
Switch A
Switch B
Figure 1-2 Network diagram for port-based VLAN configuration
1.6.3 Configuration Procedure

1) Configure Switch A
# Create VLAN 2, VLAN 6 through VLAN 50 and VLAN 100.

<Sysname> system-view [Sysname] vlan 2 [Sysname-vlan2] quit [Sysname] vlan 100 [Sysname-vlan100] quit [Sysname] vlan 6 to 50 Please wait... Done.
# Enter Ethernet port view of GigabitEthernet1/0/1.

[Sysname] interface GigabitEthernet 1/0/1
1-9
# Configure GigabitEthernet1/0/1 as a trunk port, and configure its default VLAN ID as VLAN 100.
[Sysname-GigabitEthernet1/0/1] port link-type trunk [Sysname-GigabitEthernet1/0/1] port trunk pvid vlan 100
# Configure GigabitEthernet1/0/1 to permit the packets from VLAN 2, VLAN 6 through 50, and VLAN 100 to pass.
[Sysname-GigabitEthernet1/0/1] port trunk permit vlan 2 6 to 50 100 Please wait... Done.
2)
Configuration on Switch B is the same as that on Switch A.
1-10
Chapter 2 Voice VLAN Configuration

2.1 Voice VLAN Overview
Voice VLANs are VLANs configured specially for voice data stream. By adding the ports with voice devices attached to voice VLANs, you can perform quality of service (QoS)-related configuration for voice data, ensuring the transmission priority of voice data stream and voice quality. S5500-SI series Ethernet switches determine whether a received packet is a voice packet by checking its source MAC address. If the source MAC addresses of packets comply with the organizationally unique identifier (OUI) addresses configured by the system, the packets are determined as voice packets and transmitted in voice VLAN. You can configure an OUI address for voice packets or specify to use the default OUI address. The following table shows the five default OUI addresses of a switch. Table 2-1 Default OUI addresses preset by the switch Number 1 2 3 4 5 OUI Address 0001-e300-0000 0003-6b00-0000 00d0-1e00-0000 00e0-7500-0000 00e0-bb00-0000 Vendor Siemens phone Cisco phone Pingtel phone Polycom phone 3com phone
Note:
z
An organizationally unique identifier (OUI) address is a globally unique identifier assigned to a vendor by Institute of Electrical and Electronics Engineers (IEEE). You can determine which vendor a device belongs to according to the OUI address which forms the first 24 bits of a MAC address.
You can add or delete the default OUI address manually.
2.1.1 Automatic and Manual Voice VLAN Modes

According to how a port is added to the voice VLAN, the port can work in one of the two voice VLAN modes: automatic and manual.
2-1

z
In automatic mode, the system identifies the source MAC address contained in the untagged packet sent when the IP phone is powered on and matches it against the OUI addresses. If a match is found, the system will automatically add the port into the Voice VLAN and send ACL rules to ensure the packet precedence. An aging time can be configured on the device. The system will remove a port from the voice VLAN if no voice packets are received from it within the aging time. The adding and deleting of ports are automatically realized by the system.
In manual mode, the administrator adds the IP phone access port directly to the voice VLAN. The system then identifies the source MAC address contained in the packets on the port, matches it against the OUI addresses, and decides whether to forward the packets in the voice VLAN. When the administrator adds a port to the voice VLAN, the device automatically applies ACL rules to the port to configure packet priority. In this mode, the adding or deleting of ports is realized by the administrators.
In any of the two modes, the port forwards tagged packets in the same manner: forward the tagged packets based on the VLAN IDs contained in them. The above two working modes are configured in Ethernet port view. The voice VLAN working modes of different ports are independent and different ports can be configured to work in different modes. The following table lists the co-relation between voice VLAN modes, voice traffic types of IP phones, and port types. Table 2-2 Port modes and voice stream types Port voice VLAN mode Voice stream type Port type Access Supported or not Not supported Supported Make sure the default VLAN of the port exists and is not a voice VLAN. And the port permits the packets of the default VLAN. Supported Automatic mode Hybrid Make sure the default VLAN of the port exists and is in the list of the tagged VLANs whose packets are permitted by the port.
Trunk Tagged voice stream
Access Untagged voice stream Trunk Hybrid Not supported.
2-2
Port voice VLAN mode
Voice stream type
Port type Access
Supported or not Not supported Supported Make sure the default VLAN of the port exists and is not a voice VLAN. And the port permits the packets of the default VLAN. Supported Make sure the default VLAN of the port exists and is in the list of the tagged VLANs whose packets are permitted by the port. Supported
Trunk Tagged voice stream
Hybrid
Manual mode Access
Make sure the default VLAN of the port is a voice VLAN. Supported
Trunk Untagged voice stream
Make sure the default VLAN of the port is a voice VLAN and the port permits the packets of the VLAN. Supported Make sure the default VLAN of the port is a voice VLAN and is in the list of untagged VLANs whose packets are permitted by the port.
Hybrid
2-3
Caution:
z
If the voice stream transmitted by your IP phone is with VLAN tag and the port which the IP phone is attached to is enabled with 802.1x authentication and 802.1x guest VLAN, assign different VLAN IDs for the voice VLAN, the default VLAN of the port, and the 802.1x guest VLAN to ensure the two functions to operate properly.
If the voice stream transmitted by the IP phone is without VLAN tag, the default VLAN of the port which the IP phone is attached to can only be configured as a voice VLAN for the voice VLAN function to take effect. In this case, 802.1x authentication is unavailable.
Note:
z
The default VLAN of all ports is VLAN 1. You can use the corresponding command to specify a default VLAN for a port, and allow certain VLAN to pass through the port. Relate command 1.4 Port-Based VLAN
Use the display interface command to display the VLANs allowed to pass through a port and the default VLAN of the port.
2.1.2 Security and Ordinary Voice VLAN Modes

According to the packet filtering scheme of a port with voice VLAN function enabled, the port works in one of the two voice VLAN modes: security and ordinary.
z
In security mode, the port with the voice VLAN function enabled allows only the voice packets with source MAC address being recognizable OUI address. Other packets are discarded (including some authentication packets, like 802.1x authentication packets).
In ordinary mode, the port with voice VLAN function enabled allows both voice packets and other types of packets to pass. Voice packets comply with the filtering rule of the voice VLAN and other types of packets comply with the filtering rule of the ordinary VLAN.
You are recommended not to transmit voice data and other service data in the voice VLAN simultaneously. If you need to do so, make sure the voice VLAN mode is ordinary.
2.2 Voice VLAN Configuration

2.2.1 Configuration Prerequisites
z
Create the corresponding VLAN before configuring voice VLAN.

2-4

z
VLAN 1 is the default VLAN and do not need to be created. But VLAN 1 does not support the voice VLAN function.
2.2.2 Configuring Voice VLAN in Automatic Mode

Table 2-3 Configure voice VLAN in automatic mode To do Enter system view Use the command system-view Optional Set the aging time for the voice VLAN voice vlan aging minutes The default aging time is 1,440 minutes, and only effective for the port in automatic mode. Optional Enable the voice VLAN security mode voice vlan enable security By default, the voice VLAN security mode is enabled. Optional A voice VLAN has five default OUI addresses. Required Optional voice vlan mode auto The default voice VLAN operation mode is automatic mode. Required Enable the voice VLAN function for the port voice vlan enable By default, the voice VLAN function is not enabled for a port. Remarks
Set an OUI address that can be identified by the voice VLAN Enable the voice VLAN function globally Enter port view Set the voice VLAN operation mode to automatic mode
voice vlan mac-address oui mask oui-mask [ description text ] voice vlan vlan-id enable interface interface-type interface-number
Note: For ports working in automatic mode, you cannot configure the default VLAN as the voice VLAN. Otherwise, the system prompts you cannot perform the configuration.
2-5
2.2.3 Configuring Voice VLAN in Manual Mode

Table 2-4 Configure voice VLAN in manual mode To do Enter system view Enable the voice VLAN security mode Use the command system-view voice vlan enable security Optional By default, the voice VLAN security mode is enabled. Optional By default, after the voice VLAN is enabled, it has five OUI addresses. Required Remarks
Set an OUI address to be one that can be identified by the voice VLAN Enable the voice VLAN function globally Enter port view
voice vlan mac-address oui mask oui-mask [ description text ] voice vlan enable vlan-id
interface interface-type interface-number undo voice vlan mode auto
Required
Set voice VLAN operation mode to manual mode
The default voice VLAN operation mode is automatic mode. Required By default, all ports belong to VLAN 1.
Add the manual mode port to the voice VLAN
Refer to section 1.4 Port-Based VLAN
When you add a hybrid port to the voice VLAN, you need to configure the hybrid port to keep or strip the VLAN tag of the voice stream. Refer to Table 2-2 Port modes and voice stream types. Optional By default, the default VLAN of all ports is VLAN 1.
Specify the voice VLAN as the default VLAN of the port
Refer to section 1.4 Port-Based VLAN
Whether you need to configure the voice VLAN as the default VLAN of a port, refer to Table 2-2 Port modes and voice stream types. Required
Enable the voice VLAN function for the port
voice vlan enable
By default, the voice VLAN function is disabled on a port.
2-6
Note: Note the following when configuring voice VLAN in manual and automatic modes.
z
You can enable the voice VLAN function for only one static VLAN on a switch. And a dynamic VLAN cannot be configured as a voice VLAN. You cannot enable the voice VLAN function for a port if it has been enabled with the link aggregation control protocol (LACP).
2.3 Displaying Voice VLAN

After the above configurations, you can execute the display command in any view to view the running status and verify the configuration effect. Table 2-5 Display a voice VLAN To do... Display the voice VLAN state Display the OUI addresses currently supported by system Use the command... display voice vlan state Available in any view display voice vlan oui Remarks
2.4 Voice VLAN Configuration Example

2.4.1 Voice VLAN Configuration Example (Automatic Mode)
I. Network requirements
z
Create VLAN 2 and configure it as a voice VLAN with an aging time of 100 minutes. Configure GigabitEthernet1/0/1 port as a trunk port, with VLAN 6 as the default port. The device allows voice packets from GigabitEthernet 1/0/1 with an OUI address of 0011-2200-0000 and a mask of ffff-ff00-0000 to be forwarded through the voice VLAN.
2-7
II. Network diagram
VLAN 2
GigabitEthernet 1/0/1
WAN
Tel.1 010-1001 OUI:0011-2200-0000 Mask:ffff-ff00-0000
Figure 2-1 Network diagram for configuration of voice VLAN in automatic mode
III. Configuration procedure

# Create VLAN 2, VLAN 6.
<Sysname> system-view [Sysname] vlan 2 [Sysname-vlan2] quit [Sysname] vlan 6 [Sysname-vlan6] quit
# Set aging time for the voice VLAN

[Sysname] voice vlan aging 100
# Set 0011-2200-0000 to be one that can be identified by the voice VLAN

[Sysname] voice vlan mac-address 0011-2200-0000 mask ffff-ff00-0000
description test
# Enable the global voice VLAN function.

[Sysname] voice vlan 2 enable
# Set the voice VLAN operation mode of GigabitEthernet1/0/1 to automatic mode.

[Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] voice vlan mode auto
# Specify port GigabitEthternet1/0/1 as a Trunk port.

[Sysname-GigabitEthernet1/0/1] port link-type trunk
# Set the default VLAN of the port to VLAN 6, and the port permits VLAN 6 to pass.
[Sysname-GigabitEthernet1/0/1] port trunk permit vlan 6 [Sysname-GigabitEthernet1/0/1] port trunk pvid vlan 6
# Enable the voice VLAN function for the port.

[Sysname-GigabitEthernet1/0/1] voice vlan enable
2-8
2.4.2 Voice VLAN Configuration Example (Manual Mode)

z z
Create VLAN 2 and configure it as a voice VLAN. The voice stream transmitted by the IP phone is untagged, and the port which the IP phone is attached to is a Hybrid port GigabitEthernet1/0/1. GigbitEthernet1/0/1 works in manual mode, and only permits the voice packets with the following features to pass: OUI address is 0011-2200-0000; network mask is ffff-ff00-0000 and description string is test.
II. Network diagram
VLAN 2
GigabitEthernet 1/0/1
WAN
Tel.1 010-1001 OUI:0011-2200-0000 Mask:ffff-ff00-0000

Figure 2-2 Voice VLAN Configuration Example

# Set the voice VALN to work in security mode to permit the legal voice packets to pass (optional, defaults to security mode).
<Sysname> system-view [Sysname] voice vlan security enable
# Set 0011-2200-0000 to be one that can be identified by the voice VLAN

[Sysname] voice vlan mac-address 0011-2200-0000 mask ffff-ff00-0000
description test
# Create VLAN 2, and enable the voice VLAN function for it.
[Sysname] vlan 2 [Sysname-vlan2] quit [Sysname] voice vlan 2 enable
# Set GigabitEthernet1/0/1 to work in the manual mode.

[Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] undo voice vlan mode auto
# Configure GigabitEthernet1/0/1 as a Hybrid port.
2-9
[Sysname-GigabitEthernet1/0/1] port link-type hybrid
# Configure VLAN 2 as the default VLAN of port GigabitEthernet1/0/1, and allow packets of VLAN 2 to pass through the port.
[Sysname-GigabitEthernet1/0/1] port hybrid pvid vlan 2 [Sysname-GigabitEthernet1/0/1] port hybrid vlan 2 untagged
# Enable the voice VLAN function for the port GigabitEthernet1/0/1.

[Sysname-GigabitEthernet1/0/1] voice vlan enable
IV. Displaying and verification

# display the currently supported OUI addresses and the related information.
[Sysname-GigabitEthernet1/0/1] display voice vlan oui Oui Address 0001-e300-0000 0003-6b00-0000 0011-2200-0000 00d0-1e00-0000 00e0-7500-0000 00e0-bb00-0000 Mask ffff-ff00-0000 ffff-ff00-0000 ffff-ff00-0000 ffff-ff00-0000 ffff-ff00-0000 ffff-ff00-0000 Description Siemens phone Cisco phone test Pingtel phone Polycom phone 3com phone
# Display current voice VLAN state.

[Sysname-GigabitEthernet1/0/1] display voice vlan state Voice VLAN status: ENABLE Voice VLAN ID: 2 Voice VLAN security mode: Security Voice VLAN aging time: 100 minutes Voice VLAN enabled port and its mode: PORT MODE
-------------------------------GigabitEthernet1/0/1 MANUAL
2-10
Chapter 3 GVRP Configuration

3.1 Introduction to GARP
3.1.1 Introduction to GARP
The generic attribute registration protocol (GARP), provides a mechanism that allows participants in a GARP application to distribute, propagate, and register with other participants in a bridged LAN the attributes specific to the GARP application, such as the VLAN or multicast address attribute. GARP-compliant application entities are called GARP applications. One example is GVRP. When a GARP application entity is present on a port on your device, this port is regarded a GARP application entity.
I. GARP messages and timers

1) GARP messages
Generally, GARP participants exchange information with each other through the following three types of messages: Join, Leave, and LeaveAll.
z z
Join to announce the willingness to register attributes with other participants. Leave to announce the willingness to deregister with other participants. Together with Join messages, Leave messages guarantee attribute reregistration and deregistration.
LeaveAll to deregister all attributes. A LeaveAll message is sent upon expiration of a LeaveAll timer which starts upon the startup of a GARP application entity.
Through message exchange, all attribute information that needs registration propagates to all GARP participants throughout a bridged LAN. 2) GARP timers
GARP sets interval for sending GARP messages by using these four timers:
z
Hold timer When a GARP application entity receives the first registration request, it starts a hold timer and collects succeeding requests. When the timer expires, the entity sends all these requests in one Join message. This can thus help you save bandwidth.
Join timer A GARP application entity can send a Join message twice to ensure the message can be transmitted to other entities. The sending interval is set on the join timer.
Leave timer Starts upon receipt of a Leave message. When this timer expires, the GARP application entity removes attribute information as requested.
3-1

z
Leaveall timer Starts when a GARP application entity starts. When this timer expires, the entity sends a LeaveAll message so that other entities can re-register its attribute information. Then, a leaveall timer starts again.
Note:
z
The settings of GARP timers apply to all GARP applications, such as GVRP, running on a LAN. Unlike other three timers which are set on a port basis, the leaveall timer is set in system view and takes effect globally. A GARP application entity may send LeaveAll messages at the interval set by its LeaveAll timer or the leaveall timer of another GARP application entity on the network, whichever is smaller.
II. Operating mechanism of GARP

The GARP mechanism allows the configuration of a GARP participant to propagate throughout a LAN quickly. In GARP, a GARP participant registers or deregisters its attributes with other participants by making or withdrawing declarations of attributes and at the same time, based on received declarations or withdrawals handles attributes of other participants. GARP application entities send protocol data units (PDU) with a particular multicast MAC address as destination. Based on this address, a device can identify to which GVRP application, GVRP for example, should a GARP PDU be delivered.
III. GARP message format

The following figure illustrates the GARP message format.
Figure 3-1 GARP message format
3-2
The following table describes the GARP message fields. Table 3-1 Description on the GARP message fields Field Protocol ID Message Description Protocol identifier for GARP One or multiple messages, each containing an attribute type and an attribute list Defined by the concerned GARP application Consists of one or multiple attributes Consists of an Attribute Length, an Attribute Event, and an Attribute Value. If the Attribute Event is LeaveAll, Attribute Value is omitted Number of octets occupied by an attribute, inclusive of the attribute length field 1 0x01 for GVRP, indicating the VLAN ID attribute Value
Attribute Type Attribute List
Attribute
Attribute Length
2 to 255 in bytes 0: LeaveAll 1: JoinEmpty 2: JoinIn 3: LeaveEmpty 4: LeaveIn 5: Empty
Attribute Event
Event described by the attribute
Attribute Value End Mark
Attribute value Indicates the end of PDU of GARP
VLAN ID for GVRP
3.1.2 Introduction to GVRP

GVRP enables a device to propagate local VLAN registration information to other participant devices and dynamically update the VLAN registration information from other devices to its local database. It thus ensures that all GVRP participants on a bridged LAN maintain the same VLAN registration information. The VLAN registration information propagated by GVRP includes both manually configured local static entries and dynamic entries from other devices. GVRP provides the following three registration types on a port:
z
Normal Enables a port to dynamically register and deregister VLANs, and to propagate both dynamic and static VLAN information.
3-3

z
Fixed Disables the port to dynamically register/deregister VLANs or propagate dynamic VLAN information, but allows the port to propagate static VLAN information. A trunk port with fixed registration type thus allows only manually configured VLANs to pass through even though it is configured to carry all VLANs.
Forbidden Disables the port to dynamically register/deregister VLANs, and to propagate VLAN information except for VLAN 1. A trunk port with forbidden registration type thus allows only VLAN 1 to pass through even though it is configured to carry all VLANs.
3.1.3 Protocols and Standards

IEEE 802.1Q specifies GVRP.
3.2 Configuring GVRP

When configuring GVRP, you need to configure timers, enable GVRP, and configure GVRP registration mode.
Note: GVRP can be configured only on a trunk port.
3.2.1 Configuring GVRP

Table 3-2 Configure GVRP on a trunk port To do Enter system view Enable GVRP globally Enter Ethernet port view Enter Ethernet port view or port-group view Use the command system-view gvrp interface interface-type interface-number Required Disabled by default Perform either of the commands. Depending on the view you accessed, the subsequent configuration takes effect on a port or all ports in a port-group. Required Disabled by default Remarks
Enter port-group view
Enable GVRP on the port
gvrp
3-4
To do Configure GVRP mode on the port registration
Use the command gvrp registration { fixed | forbidden | normal }
Remarks Optional The default normal is
Note: BPDU TUNNEL is not compatible with GVRP. The two cannot be applied simultaneously on a port. If you want to enable GVRP on a port, you need to disable BPDU TUNNEL first.
3.2.2 Setting GARP Timer

Table 3-3 Set GARP timer To do Enter system view Use the command system-view Optional Set GARP LeaveAll timer garp timer timer-value leaveall By default, the LeaveAll timer is set to 1,000 centiseconds. Perform either of the commands. Depending on the view you accessed, the subsequent configuration takes effect on a port or all ports in a port-group. Remarks
Enter Ethernet port view Enter Ethernet port view or port-group view
interface interface-type interface-number
Enter port-group view
Optional Set GARP Hold timer, Join timer and Leave timer garp timer { hold | join | leave } timer-value By default, the Hold, Join, and Leave timers are set to 10, 20, and 60 centiseconds respectively.
When configuring GARP timers, note that their values are dependent on each other and must be a multiplier of five centiseconds. If the value range for a timer is not desired, you may change it by tuning the value of another timer as shown in the following table:
3-5
Table 3-4 Dependencies of GARP timers Timer Lower limit Upper limit Not greater than half of the join timer setting Hold 10 centiseconds You can change this value by changing the value of the join timer. Less than half of the leave timer setting You can change this value by changing the value of the leave timer. Less than the leaveall timer setting You can change this value by changing the value of the leaveall timer.
Not less than two times the hold timer setting Join You can change this value by changing the value of the hold timer. Greater than two times the join timer setting Leave You can change this value by changing the value of the join timer. Greater than the leave timer setting Leaveall You can change this value by changing the value of the leave timer
32,765 centiseconds
3.3 Displaying and Maintaining GARP/GVRP

Table 3-5 Display and Maintain GARP/GVRP To do Display statistics about GARP Display GARP timers for all or specified ports Display statistics about GVRP Display the global GVRP state Clear the GARP statistics Use the command display garp statistics [ interface interface-list ] display garp timer [ interface interface-list ] Available in any view display gvrp statistics [ interface interface-list ] display gvrp status reset garp statistics [ interface interface-list ] Available in user view Remarks
3-6
3.4 GVRP Configuration Example

3.4.1 Example 1
Configure GVRP on devices and specify the port registration mode as normal to realize dynamic VLAN information registration and update among devices.
II. Network diagram

GigabitEthernet 1/0/1 GigabitEthernet 1/0/2
Switch A
Switch B
Figure 3-2 Network diagram for GVRP configuration

# Enable GVRP globally.

<Sysname> system-view [Sysname] gvrp
# Configure port GigabitEthernet1/0/1 as trunk, allowing all VLANs to pass.

[Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port link-type trunk [Sysname-GigabitEthernet1/0/1] port trunk permit vlan all
# Enable GVRP on GigabitEthernet1/0/1.

[Sysname-GigabitEthernet1/0/1] gvrp
# Display static VLAN2.

[Sysname-GigabitEthernet1/0/1] quit [Sysname] vlan 2 [Sysname-vlan2]
2)
Configure Switch B

# Configure port GigabitEthernet 1/0/2 as trunk, allowing all VLANs to pass.

3-7
# Enable GVRP on GigabitEthernet 1/0/2.

# Configure static VLAN3.

3)
Display configuration results
# Display dynamic VLAN on Switch A.

[Sysname-vlan2] display vlan dynamic Now, the following dynamic VLAN exist(s): 3
# Display dynamic VLAN on Switch B

3.4.2 Example 2
Enable GVRP on devices and configure the port registration mode as fixed to realize dynamic registration and update of some VLAN information between devices.
II. Network diagram

Switch A
Switch B



# Enable GVRP on GigabitEthernet1/0/1

3-8

# Configure the GVRP registration mode as fixed.

[Sysname-GigabitEthernet1/0/1] gvrp registration fixed
# Create static VLAN 2.

2)
Configure Switch B


# Enable GVRP on GigabitEthernet1/0/2


3)
Display the configuration
# Display the dynamic VLAN information on Switch A

[Sysname-vlan2] display vlan dynamic No dynamic vlans exist!
# Display the dynamic VLAN information on Switch B.

3.4.3 Example 3
Enable GVRP on devices and configure the port registration mode as forbidden to forbid dynamic registration and update of VLAN information between devices.
3-9
II. Network diagram

Switch A
Switch B


<Sysname > system-view [Sysname] gvrp
# Configure GigabitEthernet1/0/1 as a trunk port, allowing all VLANs to pass.

# Enable GVRP on the trunk port.

# Configure the GVRP registration mode as forbidden.

[Sysname-GigabitEthernet1/0/1] gvrp registration forbidden

2)
Configure Switch B

<Sysname > system-view [Sysname] gvrp
# Configure GigabitEthernet1/0/2 as a trunk port, allowing all VLANs to pass.

# Enable GVRP on the trunk port.


[Sysname-GigabitEthernet1/0/2] quit
3-10

[Sysname] vlan 3 [Sysname-vlan3]
3)
Display the configuration
# Display dynamic VLAN information on Switch A

# Display dynamic VLAN information on Switch B.

3-11

04-VLAN Operation 5500

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

04-VLAN Operation 5500

Caricato da

Copyright:

Formati disponibili

Operation Manual VLAN H3C S5500-SI Series Ethernet Switches

Operation Manual VLAN H3C S5500-SI Series Ethernet Switches

Operation Manual VLAN H3C S5500-SI Series Ethernet Switches

Chapter 1 VLAN Configuration

Chapter 1 VLAN Configuration

Operation Manual VLAN H3C S5500-SI Series Ethernet Switches

Chapter 1 VLAN Configuration

1.1.2 VLAN Classification

1.2 Basic VLAN Configuration

1.3 Basic VLAN Interface Configuration

Operation Manual VLAN H3C S5500-SI Series Ethernet Switches

Chapter 1 VLAN Configuration

Configure IP address of VLAN interface

ip address ip-address { mask | mask-length } [ sub ]

1.4 Port-Based VLAN Configuration

Operation Manual VLAN H3C S5500-SI Series Ethernet Switches

Chapter 1 VLAN Configuration

I. Link Type of an Ethernet Port

II. Default VLAN

Operation Manual VLAN H3C S5500-SI Series Ethernet Switches

Chapter 1 VLAN Configuration

Encapsulate the default VLAN tag to the packet

1.4.2 Configuring an Access Port-Based VLAN

Operation Manual VLAN H3C S5500-SI Series Ethernet Switches

Chapter 1 VLAN Configuration

Add an Ethernet port to a specified VLAN

Enter Ethernet port view or port group view

Enter port group view

port-group { manual port-group-name | aggregation agg-id }

Configure a port as an access port

Add the current access port to a specified VLAN

Note: You must add an access port to an existing VLAN.

1.4.3 Configuring a Trunk Port-Based VLAN

Operation Manual VLAN H3C S5500-SI Series Ethernet Switches

Chapter 1 VLAN Configuration

Enter Ethernet port view or port group view

Enter port group view

port-group { manual port-group-name | aggregation agg-id }

Configure a port as a trunk port

1.4.4 Configuring a Hybrid Port-Based VLAN

Operation Manual VLAN H3C S5500-SI Series Ethernet Switches

Chapter 1 VLAN Configuration

port-group { manual port-group-name | aggregation agg-id }

Configure a port as a Hybrid port

Add the current hybrid port to specified VLANs

1.5 Displaying VLAN Configuration

Operation Manual VLAN H3C S5500-SI Series Ethernet Switches

Chapter 1 VLAN Configuration

Available in any view

1.6 VLAN Configuration Example

1.6.2 Network Diagram

Figure 1-2 Network diagram for port-based VLAN configuration

1.6.3 Configuration Procedure

# Create VLAN 2, VLAN 6 through VLAN 50 and VLAN 100.

# Enter Ethernet port view of GigabitEthernet1/0/1.

Operation Manual VLAN H3C S5500-SI Series Ethernet Switches

Chapter 1 VLAN Configuration

Configuration on Switch B is the same as that on Switch A.

Operation Manual VLAN H3C S5500-SI Series Ethernet Switches

Chapter 2 Voice VLAN Configuration

Chapter 2 Voice VLAN Configuration

You can add or delete the default OUI address manually.

2.1.1 Automatic and Manual Voice VLAN Modes