Layer 2 Protocol Configuration Guide

.ENT-AN1115-4.3 Application Note

Layer 2 Protocol Configuration GuideReleased

January 2018

Contents

1 Revision History.................................................................................................................................1

2 Layer 2 Protocol Configuration..........................................................................................................22.1 Static Link Aggregation (LAG)..............................................................................................................................2

2.1.1 Adding Ports to an LAG Group.............................................................................................................22.1.2 Configuring LAG and LACP Forwarding Mode......................................................................................22.1.3 Link Aggregation Control Protocol (LACP)............................................................................................32.1.4 Configuring LACP Port Priority and Timeout........................................................................................52.1.5 Showing Detailed Information on LACP...............................................................................................6

2.2 MAC Address Table.............................................................................................................................................72.2.1 Setting Aging Time...............................................................................................................................82.2.2 Adding a Static MAC Address Entry.....................................................................................................82.2.3 Displaying a MAC Address Table..........................................................................................................9

2.3 VLAN...................................................................................................................................................................92.3.1 Global Configuration..........................................................................................................................102.3.2 Port-Based Configuration...................................................................................................................11

2.4 Mirroring...........................................................................................................................................................202.4.1 Configuration Options........................................................................................................................212.4.2 Local Mirroring...................................................................................................................................222.4.3 Mirroring VLAN Traffic on a Port........................................................................................................232.4.4 RMirror..............................................................................................................................................24

2.5 GVRP.................................................................................................................................................................272.5.1 Configuring a GVRP Port....................................................................................................................272.5.2 Special Note for CEServices...............................................................................................................282.5.3 Configuring GVRP Global...................................................................................................................292.5.4 Displaying the State of GVRP Using ICLI.............................................................................................302.5.5 Configuring Fixed and Forbidden VLANs............................................................................................31

2.6 MSTP.................................................................................................................................................................322.6.1 Configuring the STP Bridge Settings...................................................................................................322.6.2 Configuring and Mapping MSTI.........................................................................................................332.6.3 MSTI Priorities....................................................................................................................................342.6.4 Configuring a CIST Port......................................................................................................................352.6.5 Configuring MSTI Ports......................................................................................................................38

iiVPPD-04297 ENT-AN1115-4.3 Application Note Revision 1.1

Contents

Figures

Figure 1 • Aggregation Group Configuration........................................................................................................................2Figure 2 • Common Aggregation Configuration...................................................................................................................3Figure 3 • LACP Configuration for Ports...............................................................................................................................4Figure 4 • Configuring LACP Port Priority and Timeout........................................................................................................5Figure 5 • LACP System Status..............................................................................................................................................7Figure 6 • LACP Internal Port Status.....................................................................................................................................7Figure 7 • LACP Neighbor Port Status...................................................................................................................................7Figure 8 • LACP Statistics......................................................................................................................................................7Figure 9 • MAC Address Table Aging Configuration.............................................................................................................8Figure 10 • Static MAC Address Configuration.....................................................................................................................8Figure 11 • MAC Address Table............................................................................................................................................9Figure 12 • VLAN Quick Configuration Example...................................................................................................................9Figure 13 • Quick VLAN Setup............................................................................................................................................10Figure 14 • VLAN Allowed Access VLANs Configuration.....................................................................................................11Figure 15 • VLAN Ether type for Custom S-ports Configuration.........................................................................................11Figure 16 • VLAN Mode Configuration...............................................................................................................................12Figure 17 • VLAN PVID Configuration.................................................................................................................................13Figure 18 • VLAN Port Type Configuration.........................................................................................................................14Figure 19 • VLAN Ingress Filtering Configuration...............................................................................................................14Figure 20 • VLAN Ingress Acceptance Configuration..........................................................................................................15Figure 21 • VLAN Egress Tagging Configuration.................................................................................................................16Figure 22 • Allowed VLANs Configuration..........................................................................................................................16Figure 23 • Forbidden VLANs Configuration.......................................................................................................................17Figure 24 • VLAN Membership Status................................................................................................................................18Figure 25 • VLAN Port Status..............................................................................................................................................18Figure 26 • SVL Configuration.............................................................................................................................................20Figure 27 • Mirror and RMirror Configuration...................................................................................................................21Figure 28 • Mirror Traffic of Port 1 on Port 6.....................................................................................................................23Figure 29 • Mirror Traffic of VLAN 123 on Port 6...............................................................................................................24Figure 30 • Remote Mirroring............................................................................................................................................25Figure 31 • RMirror Source Switch.....................................................................................................................................25Figure 32 • RMirror Destination Switch..............................................................................................................................27Figure 33 • GVRP Port Configuration..................................................................................................................................28Figure 34 • L2CP Peer Forward...........................................................................................................................................29Figure 35 • GVRP Global Configuration..............................................................................................................................29Figure 36 • VLAN Configuration.........................................................................................................................................31Figure 37 • STP Bridge Configuration.................................................................................................................................33Figure 38 • MSTI Configuration..........................................................................................................................................34Figure 39 • MSTI Priorities Configuration...........................................................................................................................35Figure 40 • CIST Port Configuration....................................................................................................................................35Figure 41 • Detailed Bridge Status......................................................................................................................................37Figure 42 • MSTI Port Configuration..................................................................................................................................38Figure 43 • Select the MSTI Port........................................................................................................................................38

iiiVPPD-04297 ENT-AN1115-4.3 Application Note Revision 1.1

Figures

1 Revision History

The revision history describes the changes that were implemented in the document. The changes are listedby revision, starting with the most current publication.

Revision 1.1Revision 1.1 was published in January 2018. The following is a summary of changes in revision 1.1 of thisdocument.

• The Link Aggregation Control Protocol (LACP) section was updated by adding four more sub-sections. For more information,see Link Aggregation Control Protocol (LACP) on page 3.

• The Adding Ports to a LAG Group section was updated. For more information, see Adding Ports to an LAG Group on page 2.

• The Configuring LAG Mode section was updated. For more information, see Configuring LAG and LACP Forwarding Mode onpage 2.

• The sections such as. Configuring an LACP Key and Configuring an LACP Role were deleted. For more information, see LinkAggregation Control Protocol (LACP) on page 3.

• The Configuring an LACP Timeout section was updated. For more information, see Configuring LACP Port Priority and Timeouton page 5.

• The Configuring LACP Priority section was updated. For more information, see Showing Detailed Information on LACP on page6.

Revision 1.0Revision 1.0 was published in October 2016. It was the first publication of this document.

1VPPD-04297 ENT-AN1115-4.3 Application Note Revision 1.1

Revision History

2 Layer 2 Protocol Configuration

This application note describes how to configure Microsemi switch engines to perform Layer 2 functions,such as Link Aggregation (LAG), Link Aggregation Control Protocol (LACP), Media Access Control (MAC)Address Table, Virtual LANs (VLANs), Mirroring and RemoteMirroring (RMirror), Generic VLAN RegistrationProtocol (GVRP), and Multiple Spanning Tree Protocol (MSTP). Configuration examples are provided bothfor the Graphical User Interface (GUI) through the web and the Industrial Command-Line Interface (ICLI).

2.1 Static Link Aggregation (LAG)LAG enables the use of multiple ports in parallel to increase the link speed beyond the limits of a singleport, and to increase the redundancy for higher availability. If the system has six ports, the maximumaggregation group is three (six divided by two).

2.1.1 Adding Ports to an LAG GroupTo add ports to a LAG group, perform the following steps.

1. Click Configuration > Aggregation > Groups, and then set up Port Members in Aggregation GroupConfiguration and Static Mode as shown in the following illustration.

Figure 1 • Aggregation Group Configuration

2. Click Save.

The equivalent ICLI commands are:

# configure terminal! Add 2.5Gigabit port 1 and 2(config)# interface 2.5GigabitEthernet 1/1,2(config-if)# aggregation group ? 1-4 The aggregation group id(config-if)# aggregation group 1 ? mode The mode of the aggregation(config-if)# aggregation group 1 mode ? active Active LACP on Static aggregation passive Passive LACP <cr>(config-if)# aggregation group 1 mode on(config-if)# end

2.1.2 Configuring LAG and LACP Forwarding ModeThe aggregation (LAG or LACP) use the following global parameters to calculate the destination port for aframe. The forwarding distribution of the traffic can be affected by changing the aggregation mode. This isa global parameter and affects all aggregations. These mode parameters can be combined.


Layer 2 Protocol Configuration

Note:

Any change in the aggregation mode, stops all forwarding, until the key is fully setup. Thedefault method is the source MAC address, IP address, and TCP/UDP port number.

The destination MAC address is not used in the default case. To set up LAG mode, perform the followingsteps.

1. Click Configuration > Aggregation > Common, and then set up Hash Code Contributors in AggregationMode Configuration as shown in the following illustration.

2. Click Save.

Figure 2 • Common Aggregation Configuration


# configure terminal! Change aggregation mode to dmac, ip, port , and smac.(config)# aggregation mode ? dmac Destination MAC affects the distribution ip IP address affects the distribution port IP port affects the distribution smac Source MAC affects the distribution (config)# aggregation mode ? aggregation mode { [ smac ] [ dmac ] [ ip ] [ port ] }(config)# aggregation mode dmac ip port smac! The current aggregation mode can be viewed using the following command.(config)# do show aggregation modeAggregation Mode:SMAC : EnabledDMAC : EnabledIP : EnabledPort : Enabled(config)# end

2.1.3 Link Aggregation Control Protocol (LACP)LACP is an IEEE 802.3ad-standard protocol that allows the bundling of several physical ports together toform a single logical port dynamically. Multiple LACP Groups can be defined. If the system has six ports, themaximum number of aggregation groups are three (six divided by two).

2.1.3.1 LACP Group and Mode

To create an aggregation, a group mode must be chosen on the interfaces that are participating in thegroup. This can be LACP active, LACP passive, or statically created aggregation “On”. No looping occurseven though the parallel link have linkup and have not formed an aggregation. Spanning tree is not neededfor this, but can be enabled to avoid loops between groups. LACP active initiates sending LACP frames toits link partner. LACP passive does not initiate the LACP frames to partner, but answer if requested. “On”is a statically created aggregation without LACP.

2.1.3.2 Bundle Max

Each LACP group will default form aggregation for all of its members (if a suitable link partner exists). Thenumber of members can be restricted by setting a max bundle to a number less than the number of groupmembers. When bundle max members have formed an aggregation then the remaining ports become



standby, and they do not forward any frames. If an active member goes down, then a standby membertakes over. The priority assignment controls which member goes active/standby.

2.1.3.3 Revertive/Non-Revertive

The LACP group can be configured to be revertive (default) or non-revertive. When a higher priority portin active/standby configuration comes back, it becomes active again and the current active port (if it haslower priority) becomes standby, unless the group is configured to be non-revertive. In non-revertivemode,nothing changes if a port comes back. That means, the traffic is not disturbed. It is important to notice, thateach time a link changes, the traffic is halted, until the new aggregation (key) is fully setup.

2.1.3.4 1:1 Active/Standby_LACP

To achieve 1:1 active/standby configuration, create group with two ports and configure bundle max to one.The higher priority port is actively forwarding traffic, while the other is standby mode and not forwardingany frames other than BPDUs. The standby port LACP is in no sync state. If the active port goes down, thestandby port takes over.When the port comes back up, it takes over the frame forwarding (unless configurednot to - non-revertive).

2.1.3.5 Creating an LACP Group

When LACP is enabled on a port, it forms an aggregation when two or more ports are connected to thesame partner. The default value is disabled.

LACP can run in two differentmodes of operation; active or passive. LACP activemode initiates transmissionof LACP frames to partner. LACP passive does not initiate the LACP frames to partner, but answer if requested.

To create LACP mode, perform the following steps.

1. Click Configuration > Aggregation > Groups, and then set up LACP (Atcive) in Group ConfigurationMode as shown in the following illustration.

2. Click Save.

Figure 3 • LACP Configuration for Ports




(config)# interface 2.5GigabitEthernet 1/1,2(config-if)# aggregation group 1 mode ? active Active LACP on Static aggregation passive Passive LACP <cr>(config-if)# aggregation group 1 mode active! (optional) Disable Aggregation on Group 1(config-if)# no aggregation group 1 mode(config-if)# end # show aggregationAggr Name Type Speed Configured AggregatedID Ports Ports---- ----- ------------ ---------- ---------------- ----------------- 1 LLAG1 LACP_ACTIVE 1G 2.5Gigabit 1/1-2 2.5Gigabit 1/1-2 2 LLAG2 STATIC Undefined Gigabit 1/1-2 none# configure terminal(config)# interface llag 1(config-llag)# lacp ? failover max-bundle(config-llag)# lacp ?lacp failover { revertive | non-revertive }lacp max-bundle <v_uint>(config-llag)# lacp max-bundle 2(config-llag)# lacp failover revertive(config-llag)# end

2.1.4 Configuring LACP Port Priority and TimeoutPriority controls the precedence towin LACP activemember selection of the port. If the LACP partner needsto form a larger group than is supported by this device, then this parameter controls whether the ports areactive or backup. The lower the number, the greater the priority. The default value is 32768.

Timeout controls the period between BPDU transmissions. Fast transmits LACP packets each second whileSlow waits for 30 seconds before sending an LACP packet. The default value is Fast.

To set up the LACP timeout, perform the following steps.

1. ClickConfiguration >Aggregation > LACP, and then set up Timeout in LACP Port Configuration as shownin the following figure.

Figure 4 • Configuring LACP Port Priority and Timeout

2. Click Save.




# configure terminal(config)# interface 2.5GigabitEthernet 1/1,2(config-if)# lacp ? port-priority LACP priority of the port timeout The period between BPDU transmissions <cr>(config-if)# port-security ? maximum Maximum number of MAC addresses that can be learned on this set of interfaces. maximum-violation Maximum number of violating MAC addresses (used when violation is restrict) violation The action taken if limit is exceeded. <cr>(config-if)# lacp port-priority ? <1-65535> Priority value, lower means higher priority(config-if)# lacp port-priority 32768(config-if)# lacp timeout ? fast Transmit BPDU each second (fast timeout) slow Transmit BPDU each 30th second (slow timeout)(config-if)# lacp timeout ?lacp timeout { fast | slow }(config-if)# lacp timeout fast(config-if)# end# show lacp internalPort State Key Priority---------- -------- ---- --------2.5G 1/1 Active 1 327682.5G 1/2 Active 1 32768#

2.1.5 Showing Detailed Information on LACPThe following section shows the status of the active LACP group created in previous chapter.

To set up LACP priority, perform the following steps.



1. ClickMonitor >Aggregation > LACP, and then select the desired status as shown in the following figures.

Figure 5 • LACP System Status

Figure 6 • LACP Internal Port Status

Figure 7 • LACP Neighbor Port Status

Figure 8 • LACP Statistics

The equivalent ICLI commands are:# show lacp ?

internal Internal LACP configurationneighbor Neighbor LACP statusstatistics Internal LACP statisticssystem-id LACP system id

# show lacp system-idSystem ID: 1000 - 00:01:c1:01:00:b0# show lacp internalPort State Key Priority---------- -------- ---- --------2.5G 1/1 Active 1 327682.5G 1/2 Active 1 32768# show lacp internal detailsPort State Key Priority Activit Timeout Aggrege Synchro Collect Distrib Default Expired---------- -------- ---- -------- ------- ------- ------- ------- ------- ------- ------- -------2.5G 1/1 Active 1 32768 Active Fast Yes Yes Yes Yes No No2.5G 1/2 Active 1 32768 Active Fast Yes Yes Yes Yes No No# show lacp neighborAggr ID Partner System ID Partner Prio Partner Key Last Changed------- ----------------- ------------ ----------- ------------1 00:01:c1:00:f7:70 32768 1 00:17:57

Port State Aggr ID Partner Key Partner Port Partner Port Prio---------- -------- ------- ------------ ------------ -----------------2.5G 1/1 Active 1 1 5 327682.5G 1/2 Active 1 1 6 32768# show lacp neighbor detailsAggr ID Partner System ID Partner Prio Partner Key Last Changed------- ----------------- ------------ ----------- ------------1 00:01:c1:00:f7:70 32768 1 00:18:05

Port State Aggr ID Partner Key Partner Port Partner Port Prio Activit Timeout Aggrege Synchro Collect Distrib Default Expired---------- -------- ------- ------------ ------------ ----------------- ------- ------- ------- ------- ------- ------- ------- -------2.5G 1/1 Active 1 1 5 32768 Active Fast Yes Yes Yes Yes No No2.5G 1/2 Active 1 1 6 32768 Active Fast Yes Yes Yes Yes No No# show lacp statisticsPort Rx Frames Tx Frames Rx Unknown Rx Illegal---------- ---------- ---------- ---------- ----------2.5G 1/1 325731 328616 0 02.5G 1/2 331947 334834 0 0# show lacp statistics detailsPort Activit Timeout Aggrege Synchro Collect Distrib Default ExpiredRx Frames Tx Frames Rx Unknown Rx Illegal---------- ------- ------- ------- ------- ------- ------- ------- ----------------- ---------- ---------- ----------2.5G 1/1 325738 328622 0 02.5G 1/2 331954 334840 0 0#

2.2 MAC Address TableSwitching is based upon the Destination MAC (DMAC) address contained in the frame. The device buildsup a table thatmapsMAC addresses to device port(s) in order to determinewhich port(s) the frames shouldgo to. This table contains both static and dynamic entries. The static entries are configured by the network



administrator if the administrator wants to configure fixedmapping between the DMAC address and deviceport(s).

The frames also contain a Source MAC (SMAC) address, which shows the MAC address of the equipmentsending the frame. The SMAC address is used by the device to automatically update the MAC table withthese dynamic MAC addresses. Dynamic entries are removed from the MAC table if no frame with thecorresponding SMAC address has been seen after a configurable age time.

2.2.1 Setting Aging TimeBy default, dynamic entries are removed from theMAC table after 300 seconds. This removal is called aging.

To set the aging time, perform the following steps.

1. Click Configuration >MAC Table, and then set up Aging Time as shown in the following illustration.

2. Click Save.

Figure 9 • MAC Address Table Aging Configuration


# configure terminal! Change the aging time to 600 seconds.(config)# mac address-table aging-time ? <0,10-1000000> Aging time in seconds, 0 disables aging(config)# mac address-table aging-time 600

2.2.2 Adding a Static MAC Address EntryTo add a static MAC address entry, perform the following steps.

1. Click Configuration >MAC Table, and then under Static MAC Table Configuration, click Add New StaticEntry.

2. Set up VLAN ID,MAC Address, and Port Members as shown in the following illustration.

Figure 10 • Static MAC Address Configuration

3. Click Save.


# configure terminal! Add the static MAC address 00:00:00:00:00:01 in VLAN 2 on port 1.(config)# mac address-table static 00:00:00:00:00:01 vlan 2 interface Gi 1/1



2.2.3 Displaying a MAC Address TableThe current MAC address table can be viewed with the show mac address-table show macaddress-table command as follows:

# show mac address-table

To display a MAC address table, perform the following step.• Click Configuration >MAC Table.

Figure 11 • MAC Address Table

2.3 VLANThe following illustration depicts VLAN configuration.

Figure 12 • VLAN Quick Configuration Example

Because VLAN 1 is created by default, only VLAN 2 and VLAN 3 need to be configured as follows:

# configure terminal(config)# vlan 2(config-vlan)# exit(config)# vlan 3(config-vlan)# end#



Set the access port. Assume that ports 1 through 3 are connected to the PC. The Port VLAN ID (PVID) ofeach port is different.

# configure terminal(config)# interface GigabitEthernet 1/1(config-if)# switchport mode access(config-if)# switchport access vlan 1(config)# exit(config)# interface GigabitEthernet 1/2(config-if)# switchport mode access(config-if)# switchport access vlan 2(config)# exit(config)# interface GigabitEthernet 1/3(config-if)# switchport mode access(config-if)# switchport access vlan 3(config-if)# end#

Set the trunk port. Assume that Port 4 is connected to the other switch. Set the allowed VLAN to accept1–3.

# configure terminal(config)# interface GigabitEthernet 1/4(config-if)# switchport mode trunk(config-if)# switchport trunk allowed vlan 1-3

Configure the port such that frames are always transmitted with a tag on Port 4.

(config-if)# switchport trunk vlan tag native

To do the same quick VLAN configuration through web GUI, perform the following steps.

1. Click Configuration > VLANs > Configuration, and then set upMode, Port VLAN, Egress Tagging, andAllowed VLANs as shown in the following illustration.

Figure 13 • Quick VLAN Setup

2. Click Save.

2.3.1 Global ConfigurationThe following sections discusses various examples of global configurations.

2.3.1.1 Managing Entry of VLAN Using WebGUI

In the web GUI for VLANmanagement as shown in the following illustration, the Allowed Access VLAN fieldonly affects ports configured as access ports. The ports in other modes are members of all VLANs specifiedin the Allowed VLANs field under Port VLAN Configuration. Only VLAN 1 is enabled by default.

To create more allowed access VLANs, perform the following steps.



1. Click Configuration >VLANs > Configuration, and set upAllowedAccess VLANs as shown in the followingillustration.

Figure 14 • VLAN Allowed Access VLANs Configuration

2. Click Save.


# configure terminal (config)# vlan 1,10-13,200,300

Individual elements are separated by commas, and ranges are specified with a dash separating the lowerand upper bound. Spaces are allowed in between the delimiters. The above example creates VLANs, suchas 1, 10, 11, 12, 13, 200, and 300.

2.3.1.2 Setting Up Ethertype for Custom S-ports

Example: Set up Ethertype for custom S-ports.

This field specifies the Ethertype/Tag Protocol Identifier (TPID), which is specified in the hexadecimal oftagged frames. The setting applies to all ports whose Port Type is set to S-Custom-Port. It takes effect onthe egress side.

To set up Ethertype for custom S-ports, perform the following steps.

1. Click Configuration > VLANs > Configuration, and then set up Ethertype for Custom S-ports as shownin the following illustration.

Figure 15 • VLAN Ether type for Custom S-ports Configuration

2. Click Save.


# configure terminal(config)# vlan ethertype s-custom-port ? <0x0600-0xffff> Ethertype (Range: 0x0600-0xffff)(config)# vlan ethertype s-custom-port 0x8100

2.3.2 Port-Based ConfigurationThe following sections discusses various port-based configuration examples.

2.3.2.1 Setting Up Port Modes

Port mode determines the fundamental behavior of the port in question. A port can be in one of threemodes, with Access being the default.



• Access—these ports are normally used to connect to end stations. Dynamic features such as VoiceVLAN may add the port to more VLANs, which is transparent to user. Access ports have the followingcharacteristics.◦ They each are a member of exactly one VLAN (the Port LAN or Access VLAN) with a default value

of 1◦ They accept untagged frames and C-tagged frames◦ They discard all frames that are not classified to the Access VLAN◦ They transmit the frames untagged upon egress

• Trunk—these ports can carry traffic on multiple VLANs simultaneously, and are normally used toconnect to other switches. Trunk ports have the following characteristics.◦ They each are a member of all existing VLANs by default (limited by the use of Allowed VLANs)◦ All frames except those classified to the Port VLAN or Native VLAN get tagged on egress by default

(frames classified to the Port VLAN do not get C-tagged on egress)◦ Egress tagging can be changed to tag all frames, in which case only tagged frames are accepted

on ingress

• Hybrid—these ports resemble trunk ports in many ways while including additional port configurationfeatures. In addition to the characteristics described for trunk ports, hybrid ports have the followingabilities.◦ Hybrid ports can be configured to be VLAN tag unaware, C-tag aware, S-tag aware, or S- custom-tag

aware◦ Ingress filtering can be controlled◦ Ingress acceptance of frames and configuration of egress tagging can be configured independently

To set up port modes, perform the following steps.

1. Click Configuration > VLANs > Configuration, and in theMode list select the mode for Ports 1, 2, and3 respectively as shown in the following illustration.

Figure 16 • VLAN Mode Configuration

2. Click Save.


# configure terminal(config)# interface GigabitEthernet 1/1(config-if)# switchport mode access(config-if)# interface GigabitEthernet 1/2(config-if)# switchport mode trunk(config-if)# interface GigabitEthernet 1/3(config-if)# switchport mode hybrid

2.3.2.2 Setting Up a Port VLAN

Port VLAN determines the PVID of a port. Allowed VLANs are in the range of 1 through 4095, with thedefault being 1. On ingress, frames get classified to the Port VLAN if the port type is configured as VLAN



Unaware, the frame is untagged, or VLAN awareness is enabled on the port, but the frame is priority tagged(VLAN ID = 0). On egress, frames classified to the Port VLAN do not get tagged if Egress Tagging is set toUntag Port VLAN.

Port VLAN is called an Access VLAN for ports in access mode and Native VLAN for ports in trunk or hybridmode.

To set up port VLAN, perform the following steps.

1. Click Configuration > VLANs > Configuration, and set up Port VLAN for Ports 1, 2, and 3 respectively asshown in the following illustration.

Figure 17 • VLAN PVID Configuration

2. Click Save.


# configure terminal(config)# interface GigabitEthernet 1/1(config-if)# switchport access vlan 2(config-if)# interface GigabitEthernet 1/2(config-if)# switchport trunk native vlan 2(config-if)# interface GigabitEthernet 1/3(config-if)# switchport hybrid native vlan 2

2.3.2.3 Setting Up Port Type

Ports in hybridmode allow for changing the port type, that is, whether a frame's VLAN tag is used to classifythe frame on ingress to a particular VLAN, and if so, which TPID it reacts on. Likewise, on egress, the porttype determines the TPID of the tag, if a tag is required.• Unaware—on ingress, all frames (whether carrying a VLAN tag or not) are classified to the Port VLAN.

Ppossible tags are not removed on egress.• C-Port—on ingress, frames with a VLAN tag with TPID = 0x8100 are classified to the VLAN ID

embedded in the tag. If a frame is untagged or priority tagged, the frame gets classified to the PortVLAN. If frames must be tagged on egress, then they are tagged with a C-tag.

• S-Port—on ingress, frames with a VLAN tag with TPID = 0x8100 or 0x88A8 are classified to theVLAN ID embedded in the tag. If a frame is untagged or priority tagged, the frame gets classified tothe Port VLAN. If frames must be tagged on egress, they will be tagged with an S-tag.

• S-Custom-Port—on ingress, frameswith a VLAN tagwith aTPID = 0x8100 or equal to the Ethertypeconfigured for Custom-S-ports are classified to the VLAN ID embedded in the tag. If a frame is untaggedor priority tagged, the frame is classified to the Port VLAN. If frames must be tagged on egress, theywill be tagged with the custom S-tag.

To set up port type, perform the following steps.



1. Click Configuration > VLANs > Configuration, and set upMode, Port VLAN, and Port Type for Ports 1,2, and 3 respectively as shown in the following illustration.

Figure 18 • VLAN Port Type Configuration

2. Click Save.


# configure terminal(config)# interface GigabitEthernet 1/1(config-if)# switchport mode hybrid(config-if)# switchport hybrid native vlan 2(config-if)# switchport hybrid port-type unaware(config-if)# exit(config)# interface GigabitEthernet 1/2(config-if)# switchport mode hybrid(config-if)# switchport hybrid native vlan 2(config-if)# switchport hybrid port-type s-port(config-if)# exit(config)# interface GigabitEthernet 1/3(config-if)# switchport mode hybrid(config-if)# switchport hybrid native vlan 2(config-if)# switchport hybrid port-type s-custom-port(config-if)# end#

2.3.2.4 Setting Up Ingress Filtering

Hybrid ports facilitate in changing ingress filtering. Access and trunk ports always have ingress filteringenabled. If ingress filtering is enabled on a port, then the frames classified to a specific VLANwill be discarded,if that port is not a member of that VLAN. If ingress filtering is disabled on a port, then the frames classifiedto a specific VLAN will be accepted and forwarded to the switch engine, if that port is not a member of thatVLAN. However, the port will never transmit frames classified to VLANs that it is not a member of.

To set up ingress filtering, perform the following steps.

1. Click Configuration > VLANs > Configuration, and then set up Ingress Filtering for Ports 1, 2, and 3respectively as shown in the following illustration.

Figure 19 • VLAN Ingress Filtering Configuration

2. Click Save.




# configure terminal(config)# interface GigabitEthernet 1/2(config-if)# switchport hybrid ingress-filtering(config-if)# end#

2.3.2.5 Setting Up Ingress Acceptance

Hybrid ports allow for changing the type of frames that are accepted on ingress.• Tagged and Untagged: both tagged and untagged frames are accepted.• Tagged Only: tagged frames are only accepted on ingress. Untagged frames are discarded.• Untagged Only: untagged frames are only accepted on ingress. Tagged frames are discarded. T

To set up ingress acceptance, perform the following steps.

1. Click Configuration > VLANs > Configuration, and then set up Ingress Acceptance for Ports 1, 2,and 3 respectively as shown in the following illustration.

Figure 20 • VLAN Ingress Acceptance Configuration

2. Click Save.


# configure terminal(config)# interface GigabitEthernet 1/1(config-if)# switchport hybrid acceptable-frame-type all(config-if)# exit(config)# interface GigabitEthernet 1/2(config-if)# switchport hybrid acceptable-frame-type tagged(config-if)# exit(config)# interface GigabitEthernet 1/3(config-if)# switchport hybrid acceptable-frame-type untagged(config-if)# end#

2.3.2.6 Setting Up Egress Tagging

Ports in Trunk and Hybrid mode may control the tagging of frames on egress.• Untag Port VLAN: frames classified to the Port VLAN are transmitted untagged. Other frames are

transmitted with the relevant tag. It is the default egress tagging configuration for either trunk orhybrid ports.

• Tagged All: all frames, whether classified to the Port VLAN or not, are transmitted with a tag.• Untagged All: all frames, whether classified to the Port VLAN or not, are transmitted without a tag.

This option is only available for ports in Hybrid mode.

To set up egress tagging, perform the following steps.



1. Click Configuration > VLANs > Configuration, and then set up Egress Tagging for Ports 1, 2, and 3respectively as shown in the following illustration.

Figure 21 • VLAN Egress Tagging Configuration

2. Click Save.


# configure terminal(config)# interface GigabitEthernet 1/1(config-if)# switchport hybrid egress-tag none(config-if)# exit(config)# interface GigabitEthernet 1/2(config-if)# switchport hybrid egress-tag all(config-if)# end#

2.3.2.7 Setting Up Allowed VLANs

Ports in Trunk and Hybrid mode may control which VLANs they are allowed to becomemembers of. Accessports can only be members of the Access VLAN.

By default, a port may become a member of all possible VLANs, and its Allowed VLANs are therefore setbetween 1 and 4095. The field may be left empty, which means that the port will not be member of any ofthe existing VLANs.

To set up Allowed VLANs, perform the following steps.

1. Click Configuration > VLANs > Configuration, and then set upMode, Port VLAN, Port Type, IngressAcceptance, Egress Tagging, and Allowed VLAN for Ports 1, 2, and 3 respectively as shown in thefollowing illustration.

Figure 22 • Allowed VLANs Configuration

2. Click Save.




# configure terminal(config)# interface GigabitEthernet 1/1(config-if)# switchport mode access(config-if)# switchport access vlan 2(config-if)# exit(config)# interface GigabitEthernet 1/2(config-if)# switchport mode trunk(config-if)# switchport trunk native vlan 2(config-if)# switchport trunk allowed vlan 2-400(config-if)# exit(config)# interface GigabitEthernet 1/3(config-if)# switchport mode hybrid(config-if)# switchport hybrid native vlan 2(config-if)# switchport hybrid port-type s-custom-port(config-if)# switchport hybrid acceptable-frame-type untagged(config-if)# switchport hybrid egress-tag all(config-if)# switchport hybrid allowed vlan 400-800,4095(config-if)# end#

2.3.2.8 Setting Up Forbidden VLANs

A port may be configured to never be a member of one or more VLANs. This is particularly useful whendynamic VLAN protocols, such as MVRP and GVRP, must be prevented from dynamically adding ports toVLANs.

It is recommended to mark such VLANs as forbidden on the port in question. By default, the field is leftblank, which means that the port may become a member of all possible VLANs.

To set up forbidden VLANs, perform the following steps.

1. Click Configuration > VLANs > Configuration, and then set up Forbidden VLANs for Ports 1, 2, and 3respectively, as shown in the following illustration.

Figure 23 • Forbidden VLANs Configuration

2. Click Save.


# configure terminal(config)# interface GigabitEthernet 1/1(config-if)# switchport forbidden vlan add 1(config-if)# exit(config)# interface GigabitEthernet 1/2(config-if)# switchport forbidden vlan add 1,4095(config-if)# end#



2.3.2.9 Displaying VLAN Status

Various internal software modules may use VLAN services to configure VLAN memberships, such as NAS,GVRP, MVR, Voice VLAN, MEP, EVC, or so on.

The drop-down list on the right of the following illustration allows to select between showing VLANmemberships as configured by an administrator (Admin) or as configured by one of these internal softwaremodules. The Combined entry will show a combination of the administrator and internal software moduleconfiguration to reflect what is actually configured in hardware.

Note:

The following output may vary depend on the latest VLAN settings.

To display the VLAN and then the port status, perform the following steps.

1. To check the VLAN member status that is applied in hardware currently, clickMonitor > VLANs >Membership. The status will be displayed as shown in the following illustration.

Figure 24 • VLAN Membership Status

2. To check the VLAN port status, clickMonitor > VLANs > Ports. The status will be displayed as shown inthe following illustration.

Figure 25 • VLAN Port Status




# show vlan ? all Show all VLANs (if left out only access VLANs are shown) brief VLAN summary information id VLAN status by VLAN id ip-subnet Show VCL IP Subnet entries. mac Show VLAN MAC entries. name VLAN status by VLAN name protocol Protocol-based VLAN status status Show the VLANs configured for each interface. <cr># show vlan briefVLAN Name Interfaces---- -------------------------------- ----------1 default Gi 1/4-9 2.5G 1/1-210 VLAN0010 Gi 1/211 VLAN0011 Gi 1/212 VLAN0012 Gi 1/213 VLAN0013 Gi 1/2200 VLAN0200 Gi 1/2300 VLAN0300 Gi 1/2

show vlan status interface GigabitEthernet 1/1-3GigabitEthernet 1/1:--------------------VLAN User PortType PVID Frame Type Ing Filter Tx Tag UVID Conflicts---------- -------- ---- ---------- ---------- ------Combined C-Port 2 All Enabled None 2 NoAdmin C-Port 2 All Enabled None 2NAS NoGVRP NoMVR NoVoice VLAN NoMSTP NoERPS NoMEP NoEVC NoVCL NoRMirror No

GigabitEthernet 1/2:--------------------VLAN User PortType PVID Frame Type Ing Filter Tx Tag UVID Conflicts--------- -------- ---- ---------- ---------- ----------------- ---- ---------Combined C-Port 2 All Enabled All except-native 2 NoAdmin C-Port 2 All Enabled All except-native 2NAS NoGVRP NoMVR NoVoice VLAN NoMSTP NoERPS NoMEP NoEVC NoVCL NoRMirror No

GigabitEthernet 1/3:--------------------VLAN User PortType PVID Frame Type Ing Filter Tx Tag UVID Conflicts--------- ------------- ---- ---------- ---------- ------ ---- ---------Combined S-Custom-Port 2 Untagged Disabled All 2 NoAdmin S-Custom-Port 2 Untagged Disabled All 2NAS NoGVRP NoMVR NoVoice VLAN NoMSTP NoERPS NoMEP NoEVC NoVCL NoRMirror No



2.3.2.10 Configuring Shared VLAN Learning

Shared VLAN Learning (SVL) allows frames, initially classified to a particular VLAN (based on Port VLAN IDor VLAN tag information), be bridged on a shared VLAN. In SVL, two or more VLANs are grouped to sharecommon source address information in the MAC table. The common entry in the MAC table is identifiedby a Filter ID (FID). SVL is useful for configuration ofmore complex, asymmetrical cross-VLAN traffic patterns,like E-TREE (Rooted-Multipoint) and Multi-netted Server.

The alternative VLAN learning mode is Independent VLAN Learning (IVL). In IVL every VLAN uses its ownlogical source address table. The default VLAN learning mode is IVL, and not all switches support SVL.

In SVL, one or more VLANs map to a FID. By default, there is a one-to-one mapping from VLAN to FID, inwhich case, the switch acts as an IVL bridge, but with SVL, multiple VLANsmay share the sameMAC addresstable entries.

The FID keyword is the ID that VLANs are learned on in the MAC table when SVL is in effect. No two rowsin the table can have the same FID, and the FID must be a number between 1 and 63.

The list of VLANs is mapped into FIDs. The syntax is as follows: individual VLANs are separated by commas.Ranges are specified with a dash separating the lower and upper bound.

The following example will map VLANs 1, 10, 11, 12, 13, 200, and 300. Spaces are allowed in between thedelimiters. The range of valid VLANs is 1 to 4095.

The same VLAN can only be a member of one FID. A message will be displayed if one VLAN is grouped intotwo or more FIDs.

All VLANs must map to a particular FID, and by default VLAN x maps to FID x. This implies that if FID x isdefined, then VLAN x is implicitly a member of FID x unless it is specified for another FID. If FID x doesn'texist, a confirmation message will be displayed, asking whether to continue adding VLAN x implicitly to FIDx.

To configure shared VLAN learning, perform the following steps.

1. Click Configuration > VLANs > SVL, and then click ADD FID button to set up FID and VLANs as shown inthe following illustration.

Figure 26 • SVL Configuration

2. Click Save.


(config)# svl ? fid Filter ID keyword(config)# svl fid ? <1-4095> Filter ID(config)# svl fid 1 ? vlan VLAN keyword(config)# svl fid 1 vlan 1,10,20(config)# end#

2.4 MirroringMirroring is a feature for analyzing or debugging network traffic. The administrator can use it to collectnetwork data for a specific purpose. The selected traffic can bemirrored or copied to a specified destinationwhere a network analyzer is attached.



The following illustration shows the available configurable options for mirroring on Microsemi switches.

Figure 27 • Mirror and RMirror Configuration

2.4.1 Configuration OptionsAs shown in the previous illustration, the following configurable options are available.

2.4.1.1 Session (ID)

There are five sessions available for setting up mirroring.

2.4.1.2 Mode

Enable or disable the mirroring function for a specific session.

2.4.1.3 Type

Mirroring configurations can be of following types.• Mirror: configure the switch to local mirror mode. The source port(s) and destination port are located

on the same switch.• RMirror Source: configure the switch as a source device for RMirror.• RMirror Destination: configure the switch as a destination device for RMirror.

2.4.1.4 VLAN ID

The VLAN ID points out where the monitor packet will copy to. It is recommended to keep the VLAN IDseparate from the VLAN of normal data traffic. This option is not available when the type is selected as(local) Mirror.

2.4.1.5 Reflector Port

The reflector port is a RMirror internal user interface that redirects traffic to the RMirror VLAN. The reflectorport will stop working as a normal port if it is configured as a reflector port. This option is available onlywhen the type is selected as RMirror source.

Note:

The reflector port only supports pure copper ports.



2.4.1.6 Source VLAN(s) Configuration

Provides a list of VLANs that VLAN-based mirroring takes effect.

2.4.1.7 Port Configuration

Following sections describe various port configuration details.

2.4.1.7.1 Source

This option is not available when the Type is selected as RMirror destination.• Disabled: neither frames transmitted nor frames received are mirrored.• Both: both frames received and frames transmitted are mirrored.• Rx only: frames received on this port are mirrored. Transmitted frames are not mirrored.• Tx only: frames transmitted on this port are mirrored. Transmitted frames are not mirrored.

2.4.1.7.2 Destination

This option is not available when the type is selected as RMirror Source. The destination port is a switchedport that receives a copy of traffic from the mirroring.

Note:

On (local) Mirror mode, the device only supports one destination port.

2.4.2 Local MirroringFor debugging network problems or monitoring network traffic, the switch system can be configured tomirror frames from multiple ports to a mirror port. The source port(s) and destination port are located onthis switch.

Example: Mirror the traffic of Port 1 on Port 6

2.4.2.1 Mirroring Traffic of One Port on Another Port

To set up mirroring the traffic of Port 1 on Port 6, perform the following steps.

1. Click Configuration >Mirroring, and select Session ID 1. TheMirror & RMirror Configuration pageopens



2. UnderGlobal Settings, set upMode, Type, under Port Configuration, set up Source, andDestinationforPorts 1 and 6 respectively, as shown in the following illustration.

Figure 28 • Mirror Traffic of Port 1 on Port 6

3. Click Save.


# configure terminal! Enable mirror session 1.(config)# monitor session 1! Mirror the traffic (both RX & TX) of port 1.(config)# monitor session 1 source interface GigabitEthernet 1/1 both! Configure the mirror destination port.(config)# monitor session 1 destination interface GigabitEthernet 1/6! Verify the monitor setting.(config)# do show monitor session 1

Session 1---------Mode : EnabledType : MirrorSource VLAN(s) : Both : Gi 1/1Destination Ports : Gi 1/6(config)# end#

2.4.3 Mirroring VLAN Traffic on a PortExample: Mirror the traffic of VLAN 123 on Port 6.

The device also supports VLAN-basedmirroring. However, localmirroring based on port or VLANaremutuallyexclusive; you can only have either ports or VLANs as sources, but not both.

To set up mirroring the traffic of VLAN 123 on Port 6, perform the following steps.

1. Click Configuration >Mirroring, and select Session ID 1. TheMirror & RMirror Configuration pageopens.



2. Under Global Settings, set upMode and Type, under Source VLAN(s) Configuration, set up VLAN ID,and under Port Configuration, set the Destination to Port 6 as shown in the following illustration.

Figure 29 • Mirror Traffic of VLAN 123 on Port 6

3. Click Save.


# configure terminal! Enable mirror session 1.(config)# monitor session 1! Mirror the traffic on VLAN 123.(config)# no monitor session 1 source interface *(config)# monitor session 1 source vlan 123! Configure the mirror destination port.(config)# monitor session 1 destination interface GigabitEthernet 1/6(config)# end#

2.4.4 RMirrorExample: Remote mirroring (RMirror).

RMirror is an extended function of Mirroring. It can extend the destination port in other switches in orderto allow the administrator to analyze their network traffic.

Note:

Only one mirror source is allowed to exist on a device. For example, when a local mirroroccupies the mirror source (ports or VLANs), the RMirror source cannot be activated.

As shown in the following illustration, Switch 1 acts as a source device, Switch 2 acts as an intermediatedevice, and Switch 3 acts as a destination device. It is required to use Microsemi switches as source anddestination devices. On the source device, users need to set up RMirror and VLAN to include a port thatforwards mirrored frames, and disables STP on the reflector port. On the destination device, users need to



set up RMirror. Meanwhile, RMirror devices (on the path where mirrored traffic traverses) must disablesource MAC address learning in the Filtering Database (FDB) for RMirror VLAN.

Figure 30 • Remote Mirroring

2.4.4.1 Setting Up Source Device

Configure Switch 1 as the source device with the following conditions.• Source port: Port 1• Mirror mode: both frames received and frames transmitted are mirrored• VLAN for mirrored traffic: 200• Reflector port: Port 2, disable STP on this port• Disable source MAC address learning for RMirror VLAN 200• Set up RMirror VLAN membership: Port 4

To set up the source device, perform the following steps.

1. Click Configuration >Mirroring, and then select Session ID 1.

2. In theMirror & RMirror Configuration page, under Global Settings, set upMode, Type, VLAN ID, andReflectorPort as shown in the following illustration.

Figure 31 • RMirror Source Switch

3. Set up Sourcefor Port 1 as shown in the previous illustration.

4. Click Save.




# configure terminal(config)# monitor session 1 (config)# vlan 200(config-vlan)# exit(config)# no mac address-table learning vlan 200(config)# monitor session 1 destination remote vlan 200 reflector-port GigabitEthernet 1/2% Any device connected to a port set as a reflector port loses connectivity until the Remote Mirroring is disabled.(config)# monitor session 1 source interface GigabitEthernet 1/1 both(config)# interface GigabitEthernet 1/2(config-if)# no spanning-tree(config-if)# interface GigabitEthernet 1/4(config-if)# switchport mode trunk(config-if)# switchport trunk allowed vlan 1,200(config-if)# end#

2.4.4.2 Setting Up an Intermediate Device

Configure Switch 2 as the intermediate device, which can be either a Microsemi or non-Microsemi switchwith the following parameters.• VLAN for mirrored traffic: 200• Disable source MAC address learning for RMirror VLAN: 200

It is assumed that a Microsemi switch is used as an intermediate device in this case. The corresponding ICLIcommands are shown below.

# configure terminal(config)# vlan 200(config-vlan)# exit(config)# no mac address-table learning vlan 200(config)# interface GigabitEthernet 1/3,4(config-if)# switchport mode trunk(config-if)# switchport trunk native vlan 200(config-if)# switchport trunk allowed vlan 1,200(config-if)# end#

2.4.4.3 Setting Up a Destination Device

Configure Switch 3 as the destination device with the following conditions.• Set up RMirror VLAN membership: Port 4• Destination port: Port 1• VLAN for mirrored traffic: 200• Disable source MAC address learning for RMirror VLAN 200

To set up the destination device, perform the following steps.

1. Click Configuration >Mirroring, and select Session ID 1.



2. In theMirror & RMirror Configuration page, under Global Settings, set upMode, Type, and VLANIDas shown in the following illustration.

Figure 32 • RMirror Destination Switch

3. Set Destinationto Port 1 as shown in the previous illustration.


# configure terminal(config)# monitor session 1(config)# vlan 200(config-vlan)# exit(config)# no mac address-table learning vlan 200(config)# monitor session 1 source remote vlan 200(config)# monitor session 1 destination interface GigabitEthernet 1/1(config-if)# interface GigabitEthernet 1/4(config-if)# switchport mode trunk(config-if)# switchport trunk allowed vlan 1,200(config-if)# end#

2.5 GVRPGVRP is specified in IEEE 802.1Q-2005, clause 11 and IEEE 802.1D.2004, clause 12.

2.5.1 Configuring a GVRP PortTo enable GVRP on a port basis, perform the following steps.



1. Click Configuration > GVRP > Port config, from theMode list, select GVRP enabled as shown in thefollowing illustration.

Figure 33 • GVRP Port Configuration

2. Click Save.


# configure terminal(config)# interface GigabitEthernet 1/1(config-if)# gvrp(config-if)# end#

2.5.2 Special Note for CEServicesIn general, this is enough for GVRP to work. However, the CEService SDK allows the user to configurewhether a Layer 2 Control Protocol (L2CP) is forwarded or sent to the CPU (peered). The default is forwarded.

2.5.2.1 Peering GARP Frames

When using CEServices, the systemmust be told howGARP frames should be peered. To peer GARP frames,perform the following steps.

1. Click Configuration > Ethernet Services > L2CP, and then in the upper right corner, select the port tobe configured.



Note:

TheGARPmulticast address is 01-80-c2-00-00-21, and it is the 17th entry in theDMAClist in the following illustration, counting from zero.

Figure 34 • L2CP Peer Forward

2. In L2CP Port Configuration, set up L2CPModefor theGARP address as shown in the previous illustration.

3. Click Save.


# configure terminal(config)# interface GigabitEthernet 1/1(config-if)# evc l2cp peer 17(config-if)# end#

In this case, 17 is the ID for GARP.

2.5.3 Configuring GVRP GlobalA small number of parameters can be configured for GVRP on webGUI. To configure parameters for GVRP,perform the following steps.

1. Click Configuration > GVRP > Global config, and select the Enable GVRP check box as shown in thefollowing illustration.

Figure 35 • GVRP Global Configuration

2. Set up Join-time, Leave-time, and LeaveAll-time as shown in the previous illustration.



Note:

Join-time, Leave-time, and LeaveAll-time are protocol parameters in units ofcenti-seconds, (1/100th of a second). These parameters are in accordance with GARP(IEEE 802.1D-2004, clause 12) standards.

3. Click Save.


(config)# [no] gvrp(config)# [no] gvrp time join-time 19(config)# [no] gvrp time leave-time 61(config)# [no] gvrp time leave-all-time 1234

Where theno formdisables GVRP or puts all the protocol parameters into their default value. The commandscan also be put into a single line.

(config)# gvrp time join-time 19 leave-time 61 leave-all-time 1234

The last parameter is the number of VLANs that GVRP can administer. This puts an upper limit to the numberresources that can be used.

Max VLANs is set to 20 when GVRP is enabled globally.

If a different value is needed (for example, 100), enable GVRP using the following command.

(config)# gvrp max-vlans 100

Note:

GVRP must be disabled in advance for the max-vlans number to be changed.

2.5.4 Displaying the State of GVRP Using ICLITo display the state of the GVRP protocol, execute the following command.

# _debug_privilege_platform debug allow

# _debug_privilege_

Note:

The use of debug commands may negatively impact system behavior. Do not enableunless instructed to. Use platform debug deny to disable debug commands.

Note:

debug command syntax, semantics, and behavior are subject to change without notice.

# debug gvrp protocol-state interface GigabitEthernet 1/* vlan 1-10 |<-------- State of: ------->||<--- Timer [cs]: -->|Sw Port VLan Applicant Registrar LeaveAll txPDU leave leaveall GIP-Context 1 9 1 VO Fixed Passiv - - 137 - 1 9 2 VO MT Passiv - - 136 - 1 9 3 VO MT Passiv - - 136 - 1 9 4 VO MT Passiv - - 135 -... 1 9 10 VO MT Passiv - - 132 -#



In this example, it was predicted that the state for all gigabit ports in Switch 1 and all VLANs in range 1– 10will be seen. The output shows that only Port 9 was GVRP-enabled, and that VLAN ID 1 is Fixed.

Only ports that are GVRP-enabled are displayed.

All terms such as Applicant, Registrar, and GIP-Context can be found in the GARP standard.

A dash in the timer field means that the specific timer is not running. A dash in the GIP-Context field meansthat the particular entry is not in a GIP-Context. This will be the case if the port is down, or if it is not inforwarding mode due to spanning tree.

GIP-Context 0 is Base Spanning Tree Context (IEEE 802.1D-2004, 12.2.4). If MSTP is used, then GIP- Context1 is MSTI-1, GIP-Contex 2 is MSTI-2, and so on until GIP-Context 7.

2.5.5 Configuring Fixed and Forbidden VLANsTo configure Fixed and Forbidden VLANs, perform the following steps.

1. Click Configuration > VLANs, and set the parameters as shown in the following illustration.

Figure 36 • VLAN Configuration

2. Click Save.

Note:

For Port 1, VLAN 1 and 2 are set to Allowed, and VLAN 5 to Forbidden. Port 2 has differentsettings.



In GVRP, Allowed VLANs are set to Fixed. With this configuration, and with Port 1, 2, and 3 GVRP- enabled,the state of GVRP is as follows.

# debug gvrp protocol-state interface GigabitEthernet 1/* vlan 1-30 |<-------- State of: ------->||<--- Timer [cs]: -->|Sw Port VLan Applicant Registrar LeaveAll txPDU leave leaveall GIP-Context 1 1 1 VO Fixed Passive - - 895 - 1 1 2 VO Fixed Passive - - 894 - 1 1 3 VO MT Passive - - 894 - 1 1 4 VO MT Passive - - 893 - 1 1 5 VO Forbidden Passive - - 893 - 1 1 6 VO Forbidden Passive - - 892 - 1 1 7 VO Forbidden Passive - - 891 - 1 1 8 VO MT Passive - - 891 -. . . . . . . . . . 1 1 30 VO MT Passive - - 877 - 1 2 1 QA MT Passive - - 140 0 1 2 2 VO MT Passive - - 139 0. . . . . . . . . . 1 2 19 VO MT Passive - - 129 0 1 2 20 VO Fixed Passive - - 128 0 1 2 21 VO MT Passive - - 128 0 1 2 22 VO MT Passive - - 127 0 1 2 23 VO Fixed Passive - - 126 0 1 2 24 VO MT Passive - - 126 0 1 2 25 VO Forbidden Passive - - 125 0 1 2 26 VO MT Passive - - 124 0. . . . . . . . . . 1 2 30 VO MT Passive - - 122 0 1 3 1 VO Fixed Passive - - 743 0 1 3 2 VO MT Passive - - 743 0. . . . . . . . . . 1 3 30 VO MT Passive - - 726 0

In the Registrar state, the Fixed and Forbidden states match what has been set in the VLAN configuration.

In this context, we have configured six VLAN IDs: 1, 2, 5, 20, 23, and 25. This takes six GVRP resources. Bydefault, we have 20 GVRP resources. If the Allowed VLANs are set to 1–4095, which is the default

when setting the mode to Hybrid, and that port is GVRP-enabled, then it requires 4096 GVRP resources. Inthat case, the GVRP should be initiated with the following command.

(config)# gvrp max-vlans 4096

2.6 MSTPThe following sections describe various MSTP configuration examples.

2.6.1 Configuring the STP Bridge SettingsTo configure the STP Bridge setting, perform the following steps.



1. Click Configuration > Spanning Tree > Bridge Settings, and set the parameters as shown in the followingillustration.

Figure 37 • STP Bridge Configuration

2. Click Save.

The equivalent ICLI commands for the basic settings are:

Set protocol version:(config)# spanning-tree mode [mstp|rstp|stp]Set bridge priority:(config)# spanning-tree mst <instance> priority <prio>Where <instance> is 0–7 (CIST=0, MSTI1=1...)<prio> is 0–61440 seconds with granularity of 4096 secondsSet hello time:(config)# spanning-tree mst hello-time <hellotime>Where <hellotime> is 1–10, which implies the BPDU Hello timer value.Set forward delay:(config)# spanning-tree mst forward-time <fwdtime>Where <fwdtime> is 4–30 seconds.Set max age:(config)# spanning-tree mst max-age <maxage> [ forward-time <fwdtime> ]Where<maxage> is 6–40 seconds<maxage> must be less than or equal to (<fwdtime> - 1) * 2Set max hop:(config)# spanning-tree mst max-hops <maxhops>Where <maxhops> is 6–40 hops.Set transmit hold count:(config)# spanning-tree transmit hold-count <holdcount>Where <holdcount> is 1–10, which implies maximum number of transmitted BPDUs per second.The equivalent ICLI commands for advanced settings are:Enable edge port BPDU filtering with the following command.:(config)# [no] spanning-tree edge bpdu-filterEnable the edge port BPDU guard with the following command.:(config)# [no] spanning-tree edge bpdu-guardSet port error recovery and port error recovery timout with the following command.:(config)# [no] spanning-tree recovery interval <30-86400>

2.6.2 Configuring and Mapping MSTIBy default, all VLAN IDs are mapped to the Common and Internal Spanning Tree (CIST). If the protocolversion is set to MSTP, then a VLAN ID can be mapped to one out of eight spanning trees, of which CIST isone. The seven others are called MSTI1 THROUGH MSTI7. An MSTI configuration also has a name andrevision. All mapped values must be identical on the switches in the network. Otherwise, the configurationwill not take effect.

To configure and map MSTI, perform the following steps.



1. Click Configuration > Spanning Tree >MSTIMapping, and set the parameters as shown in the followingillustration.

Figure 38 • MSTI Configuration

2. Click Save.


(config)# spanning-tree mst name <ConfigurationName> revision <RevisionNumber>(config)# spanning-tree mst <instance> vlan <vlan_list>

Where• <ConfigurationName> is a string with maximum length of 32 characters• <RevisionNumber> is an integer in the range of 1 to 65535• <instance>is 0–7• <vlan_list>provides a range of VLANs to be added to MSTI <instance>

The following are examples of commands with appropriate values.

(config)# spanning-tree mst name 00-01-c1-00-c4-d0 revision 0(config)# spanning-tree mst 1 vlan 10-15(config)# spanning-tree mst 2 vlan 16,18

2.6.3 MSTI PrioritiesEach MSTI and CIST can be given a priority. A low priority number indicates higher priority.

A Bridge Identifier comprises of CIST, MSTI1 through MSTI7, and the bridge priority number. This isconcatenated with the MAC address of the device. Each bridge identifier is therefore unique.

A low bridge identifier indicates a higher priority. A high priority means that the device tends to be the rootof the spanning tree. If two devices have the same bridge priority, then a device can be made the rooteither by setting the priority of MSTI1 higher, or by setting the priority of MSTI2 lower.

To configure MSTI priorities, perform the following steps.



1. Click Configuration > Spanning Tree >MSTI Priorities, and set the parameters as shown in the followingillustration.

Figure 39 • MSTI Priorities Configuration

2. Click Save.


(config)# spanning-tree mst <instance> priority <prio>

Where• <instance> is 0–7 (CIST=0, MSTI1=1...)• <prio> is 0–61440 seconds with granularity of 4096 seconds

2.6.4 Configuring a CIST PortTo configure STP on a CIST port, perform the following steps.

1. Click Configuration > Spanning Tree > CIST Ports, and then set the parameters as shown in the followingillustration.

Figure 40 • CIST Port Configuration

2. Click Save.

All parameters, except Path Cost and Priority, are specific for the port and not for CIST. These two parameterscan be set for each MSTI, but the other parameters cannot because they apply to the port. If, for example,spanning tree is disabled (as it is for Port 3), then these two parameters are applied to the CIST and all theMSTIs.



Usually the user sets up the CIST port in the interface configuration mode. However, it is also possible toset up CIST ports in the STP aggregation mode as shown below.

(config)# spanning-tree aggregation (config-stp-aggr)#

The following commands assume that the user is in the interface configuration mode.

2.6.4.1 STP Enabled

A port can be individually enabled or disabled for taking part in the spanning tree protocol with the followingcommand.

(config-if)# [no] spanning-tree

2.6.4.2 Path Cost and Priority

The path cost and priority are set by the following commands:

(config-if)# spanning-tree mst 0 cost <Cost>(config-if)# spanning-tree mst 0 port-priority <Priority>

Where• <Cost> is either a number in the range 1 to 200000000, or it may be auto. If set to auto, the path

cost will be set to a value appropriate for the physical link speed using IEEE 802.1D-recommendedvalues.

• <Priority> is a number in the range 0 to 240 and a multiple of 16. If it is not a multiple of 16, thenit will be set to 0.

Path cost is used by STP when selecting ports. Low cost ports has been chosen instead of high cost ports.If two ports have the same cost, then priority is used as a tie breaker.

2.6.4.3 Admin Edge and Auto Edge

These two features are activated by the following ICLI commands.

(config-if)# [no] spanning-tree edge(config-if)# [no] spanning-tree auto-edge

The first command changes the field Admin Edge in the web interface, and the second changes the AutoEdge field. These two values control whether a port is declared to be an edge port or not. An edge port isa port that is not connected to a bridge.

If auto edge is enabled, then the port determines whether it is an edge port by registering if BPDUs arebeing received on that port. When Auto Edge is enabled, the system automatically changes the EDGE stateof a port; otherwise, Admin Edge manually determines whether the port should start as an edge port ornot.

To see the decision, perform the following step.



• ClickMonitor > Spanning Tree > Bridge Status, and click CIST. The Edge field displays the decision.

Figure 41 • Detailed Bridge Status

2.6.4.4 Restricted Role and Restricted TCN

These two features are activated by the following ICLI commands.

(config-if)# [no] spanning-tree restricted-role (config-if)# [no] spanning-tree restricted-tcn

If the restricted role is enabled, it ensures that the port is not selected as the root port for the CIST or anyMSTI, even if it has the best spanning tree priority vector. Such a port will be selected as an alternate portafter the root port has been selected. If set, it can cause lack of spanning tree connectivity. It can be set bya network administrator to prevent bridges external to a core region of the network from influencing theactive topology of the spanning tree, as those bridges are not under the full control of the administrator.This feature is also known as Root Guard.

If restricted TCN is enabled, it causes the port not to propagate received topology change notifications andtopology changes to other ports. If set, it can cause temporary loss of connectivity after any modificationto the active topology of a spanning tree as a result of persistently incorrect learned station locationinformation. It is set by a network administrator to prevent an external device (bridge outside the coreregion of the network) to cause address flushing in the core region. The address flushing happens becauseeither those bridges are not under the full control of the administrator, or the physical link state of theattached LANs transits frequently.

2.6.4.5 BPDU Guard

This feature is activated by the following ICLI command.

(config-if)# [no] spanning-tree bpdu-guard

If enabled, it causes the port to disable itself upon receiving valid BPDUs. Contrary to the similar bridgesetting, the port edge configuration (Unresolved xrefUnresolved xref placeholder.) does not affect thissetting.

2.6.4.6 Point-to-Point

This feature is activated by the following ICLI command.

(config-if)# [no] spanning-tree link-type {auto|point-to-point|shared}

Where the no form is equivalent to setting it to auto. If the link is set to:



• point-to-point: in the web interface it appears as Forced True.• shared: in the web interface it appears as Forced False.• auto: in the web interface it appears as Auto.

2.6.5 Configuring MSTI PortsTo configure which MSTI configuration to change, perform the following steps.

1. Click Configuration > Spanning Tree >MSTI Ports.

2. From the Select MSTI list, select the desired MSTI, and click Get.

Figure 42 • MSTI Port Configuration

3. Set up MSTI port parameters as shown in the following illustration, and click Save.

Figure 43 • Select the MSTI Port

The ICLI commands for setting the path cost and priority are the same as for CIST, except that the MSTI isa number from 1 to 7 instead of 0, as MSTI0 is assigned to CIST.


(config-if)# spanning-tree mst <MSTI> cost <Cost>(config-if)# spanning-tree mst <MSTI> port-priority <Priority>

Here <MSTI> is the number of the MSTI, from 1 to 7. The other parameters are the same as in the CISTcase.

<Cost> is a number in the range 1 to 200000000, or it may be auto. If set to auto, then the path cost willbe set to an appropriate value for the physical link speed by using IEEE 802.1D-recommended values.

<Priority> is a number in the range of 0 to 240 and a multiple of 16. If the number is not a multipleof 16, then it will be set to 0.

The path cost is used by STP when selecting ports. Low cost is chosen in favor of high cost. If two ports havethe same cost, then priority is used as a tie breaker.



Microsemi makes no warranty, representation, or guarantee regarding the information containedherein or the suitability of its products and services for any particular purpose, nor doesMicrosemiassume any liability whatsoever arising out of the application or use of any product or circuit. Theproducts sold hereunder and any other products sold by Microsemi have been subject to limitedtesting and should not be used in conjunctionwithmission-critical equipment or applications. Anyperformance specifications are believed to be reliable but are not verified, and Buyermust conductand complete all performance and other testing of the products, alone and together with, orinstalled in, any end-products. Buyer shall not rely on any data and performance specifications orparameters provided by Microsemi. It is the Buyer's responsibility to independently determinesuitability of any products and to test and verify the same. The information provided byMicrosemihereunder is provided "as is, where is" and with all faults, and the entire risk associated with suchinformation is entirely with the Buyer. Microsemi does not grant, explicitly or implicitly, to anyparty any patent rights, licenses, or any other IP rights, whether with regard to such informationitself or anything described by such information. Information provided in this document isproprietary toMicrosemi, andMicrosemi reserves the right tomake any changes to the informationin this document or to any products and services at any time without notice.

Microsemi HeadquartersOne Enterprise, Aliso Viejo,CA 92656 USA

Within the USA: +1 (800) 713-4113Outside the USA: +1 (949) 380-6100Sales: +1 (949) 380-6136Fax: +1 (949) 215-4996Email: [email protected]

© 2019 Microsemi. All rights reserved.Microsemi and the Microsemi logo aretrademarks of Microsemi Corporation. Allother trademarks and service marks are theproperty of their respective owners.

Microsemi, awholly owned subsidiary ofMicrochip Technology Inc. (Nasdaq:MCHP),offers a comprehensive portfolio of semiconductor and system solutions foraerospace&defense, communications, data center and industrialmarkets. Productsinclude high-performance and radiation-hardened analog mixed-signal integratedcircuits, FPGAs, SoCs and ASICs; power management products; timing andsynchronization devices and precise time solutions, setting the world's standardfor time; voice processing devices; RF solutions; discrete components; enterprisestorage and communication solutions; security technologies and scalable anti-tamperproducts; Ethernet solutions; Power-over-Ethernet ICs and midspans; as well ascustom design capabilities and services. Microsemi is headquartered in Aliso Viejo,California, and has approximately 4,800 employees globally. Learn more atwww.microsemi.com.

VPPD-04297


Legal

Layer 2 Protocol Configuration Guide

Documents

Transcript of Layer 2 Protocol Configuration Guide