02 vlan operation

7/28/2019 02 VLAN Operation

1/33

Operation Manual - VLANQuidway S3500-EA Series Ethernet Switches Table of Contents

Huawei Technologies Proprietary

i

Table of Contents

Chapter 1 VLAN Configuration .................................................................................................... 1-11.1 Introduction to VLAN.......................................................................................................... 1-1

1.1.1 VLAN Overview....................................................................................................... 1-11.1.2 VLAN Classification................................................................................................. 1-2

1.2 Configuring Basic VLAN Attributes.................................................................................... 1-21.3 Configuring VLAN Interface Basic Attributes..................................................................... 1-21.4 Configuring the Port-Based VLAN..................................................................................... 1-3

1.4.1 Introduction to the Port-Based VLAN...................................................................... 1-31.4.2 Configuring the Access-Port-Based VLAN ............................................................. 1-51.4.3 Configuring the Trunk-Port-Based VLAN................................................................ 1-61.4.4 Configuring the Hybrid-Port-Based VLAN............................................................... 1-7

1.5 Configuring the IP-Subnet-Based VLAN ........................................................................... 1-81.5.1 Introduction.............................................................................................................. 1-81.5.2 Configuring the IP-Subnet-Based VLANs............................................................... 1-9

1.6 Displaying and Maintaining VLAN ................................................................................... 1-101.7 A Typical VLAN Configuration Example .......................................................................... 1-10

Chapter 2 Voice VLAN Configuration.......................................................................................... 2-12.1 Introduction to Voice VLAN................................................................................................ 2-1

2.1.1 Voice VLAN Mode on a Port ................................................................................... 2-12.1.2 Security Mode and Normal Mode of Voice VLAN................................................... 2-4

2.2 Configuring the Voice VLAN.............................................................................................. 2-42.2.1 Configuration Prerequisites..................................................................................... 2-42.2.2 Setting Voice VLAN Mode on a Port to Automatic Mode........................................ 2-42.2.3 Setting Voice VLAN Mode on a Port to Manual Mode............................................ 2-5

2.3 Displaying and Maintaining Voice VLAN ........................................................................... 2-62.4 Typical Voice VLAN Configuration Examples.................................................................... 2-7

2.4.1 Configuring Automatic Voice VLAN Mode .............................................................. 2-72.4.2 Configuring Manual Voice VLAN Mode .................................................................. 2-8

Chapter 3 GVRP Configuration.................................................................................................... 3-13.1 GVRP Overview................................................................................................................. 3-1

3.1.1 Introduction to GARP.............................................................................................. 3-13.1.2 Introduction to GVRP.............................................................................................. 3-33.1.3 Protocols and Standards......................................................................................... 3-4

3.2 Configuring GVRP ............................................................................................................. 3-43.2.1 Configuring GVRP Functions.................................................................................. 3-43.2.2 Configuring GARP Timers....................................................................................... 3-5

3.3 Displaying and Maintaining GVRP.....................................................................................3-6


2/33

Operation Manual - VLANQuidway S3500-EA Series Ethernet Switches Table of Contents


ii

3.4 GVRP Configuration Example........................................................................................... 3-63.4.1 Example 1 ............................................................................................................... 3-63.4.2 Example 2 ............................................................................................................... 3-83.4.3 Example 3 ............................................................................................................... 3-9


3/33

Operation Manual - VLANQuidway S3500-EA Series Ethernet Switches Chapter 1 VLAN Configuration


1-1

Chapter 1 VLAN Configuration

1.1 Introduction to VLAN

1.1.1 VLAN Overview

Virtual Local Area Network (VLAN for short) technology was developed mainly to solve

the broadcast problems in LANs. It divides a LAN into multiple logical LANs with each

being a broadcast domain. Hosts in the same VLAN can communicate with each other

like in a LAN. However, hosts from different VLANs cannot communicate directly. In this

way, broadcast packets are confined to a single VLAN, as illustrated in the following

figure.

VLAN A

VLAN B

VLAN A

VLAN B

VLAN A

VLAN B

LAN Switch

LAN Switch

Router

Figure 1-1A VLAN diagram

A VLAN is not restricted by physical factors, that is to say, hosts that reside in different

network segments may belong to the same VLAN, a VLAN can be within the same

switch, or span across multiple switches or routers.VLAN technology has the following advantages:

1) Broadcast traffic is confined to each VLAN, reducing bandwidth utilization and

improving network performance.

2) LAN security is improved. Packets in different VLANs cannot communicate with

each other directly. That is, users in a VLAN cannot interact directly with users in

other VLANs, unless routers or Layer 3 switches are used.


4/33



1-2

3) A more flexible way to establish virtual working groups. With VLAN technology,

clients can be allocated to different working groups, and users from the same

group do not have to be within the same physical area, making network

construction and maintenance much easier and more flexible.

1.1.2 VLAN Classification

Depending on how VLANs are established, VLANs fall into the following six categories.

z Port-based

z MAC address-based

z Protocol-based

z IP-subnet-based

z Policy-based

z Other types

This chapter will focus on the port-based VLANs and IP-subnet-based VLANs.

1.2 Configuring Basic VLAN Attributes

Follow the following steps to configure basic VLAN attributes:

To do Use the command Remarks

Enter system view system-view

Create VLANs vlan { vlan-id1 [ tovlan-id2] | all }

Optional

Using this command can createmultiple VLANs.

Enter VLAN view vlanvlan-id

Required

The VLAN must be created firstbefore entering its view; otherwise,using the command creates a VLANand enters its view

Specify adescriptivecharacter string forthe VLAN

description text

Optional

VLAN ID used by default, forexample, VLAN 0001

1.3 Configuring VLAN Interface Basic Attributes

A VLAN interface is a virtual Layer 3 interface for Layer 3 communications between

different VLANs.


5/33



1-3

Follow the following steps to configure VLAN interface basic attributes:



Create VLAN interfaceand enter its view

interface Vlan-interfacevlan-interface-id

Required

The VLAN interface mustbe created first beforeentering its view

Configure an IP addressfor the VLAN interface

ip address ip-address{ mask | mask-length }[ sub ]

Optional

Not configured by default

Specify the descriptivecharacter string for the

VLAN interface

description text

Optional

VLAN interface nameused by default, for

example, Vlan-interface1Interface

Bring up the VLANinterface

undo shutdown

Optional

By default, the VLANinterface is down if allports in the VLAN aredown, as long as one portin the VLAN is up, theVLAN interface is up

Note:Before creating a VLAN interface, ensure that the corresponding VLAN already exists.

Otherwise, the specified VLAN interface will not be created.

1.4 Configuring the Port-Based VLAN

1.4.1 Introduction to the Port-Based VLAN

This is the simplest and yet the most effective way of classifying VLANs. It groups

VLAN members by port. After added to a VLAN, a port can forward the packets of the

VLAN.

I. Port link type

Based on the tag handling mode, a ports link type can be one of the following three:

z Access port: An access port belongs to only one VLAN and strips off the VLAN

tags when sending packets of this VLAN, normally used to connect computers;

z Trunk port: A trunk port can belong to multiple VLANs and receive and send

packets for multiple VLANs, normally used to connect devices;


6/33



1-4

z Hybrid port: A hybrid port can belong to multiple VLANs and receive and send

packets for multiple VLANs, used to connect either computers or devices.

The differences between Hybrid and Trunk port:

z A Hybrid port allows packets of multiple VLANs to be sent without the Tag label;

z A Trunk port only allows packets from the default VLAN to be sent without the Tag

label.

II. Default VLAN

You can configure the default VLAN for a port. By default, VLAN 1 is the default VLAN

for all ports. However, this can be changed as needed.

z An Access port only belongs to one VLAN. Therefore, its default VLAN is the

VLAN it resides in and cannot be configured.

z You can configure the default VLAN for the Trunk port or the Hybrid port as theycan both belong to multiple VLANs.

z After deletion of the default VLAN using the undo vlan command, the default

VLAN for an Access port will revert to VLAN 1, whereas that for the Trunk or

Hybrid port remains.

Note:For the voice VLAN in automatic mode, the default VLAN of the corresponding port

cannot be configured as voice VLAN. Otherwise, the system prompts error information.

For information about voice VLAN, refer to Chapter 2 VLAN Configuration.

Configured with the default VLAN, a port handles packets in the following ways:


7/33



1-5

Inbound packets handlingPort type

No tag available Tag available

Outbound packetshandling

Access Port

z Receive the

packet if its VLANID is the same asthe default VLANID

z Discard thepacket if its VLANID is different fromthe default VLANID

Strip the Tag and sendthe packet as the VLANID is the same with thedefault VLAN ID

Trunk port

z Strip the Tag andsend the packet if theVLAN ID is the same

as the default VLANID

z Keep the tag andsend the packet if theVLAN ID is not thesame as the defaultVLAN ID but allowedto pass through theport

Hybrid port

Tag the packetwith the defaultVLAN ID

z Receive thepacket if theVLAN ID is thesame as thedefault VLAN ID

z Receive thepacket if theVLAN ID is not thesame as thedefault VLAN IDbut is allowed topass through theport

z Discard thepacket if the

VLAN ID isneither the sameas the defaultVLAN ID norallowed to passthrough the port

Send the packets if theVLAN ID is allowed topass through the port.Use the port hybridvlan command toconfigure whether theport tags packets whensending packets in thisVLAN (including defaultVLAN).

1.4.2 Configuring the Access-Port-Based VLAN

There are two ways to add an Access port to a specified VLAN: one way is to configure

under the VLAN view, the other way is to configure under the Ethernet port view/port

group view.

Follow the following steps to configure the Access-port-based VLAN in VLAN view:


8/33



1-6




Required

For a nonexistent VLAN,this command will createa VLAN and enter its view

Add an Access port to thecurrent VLAN

port interface-list

Required

By default, system willadd all ports to VLAN 1

Follow the following steps to configure the Access-port-based VLAN in Ethernet port

view/port group view:



EnterEthernet portview

interface interface-typeinterface-number

EnterEthernet portview or portgroup view Enter port

group view

port-group { manualport-group-name |aggregation agg-id}

Use either command

Under Ethernet portview, the subsequentconfigurations onlyapply to the currentport; under port groupview, the subsequentconfigurations apply to

all ports in the portgroup

Configure the port link type asAccess

port link-typeaccess

Optional

The link type of a port isAccess by default

Add the current Access portto a specified VLAN

port access vlanvlan-id

Optional

By default, all Accessports belong to VLAN 1

Note:Ensure that you create a VLAN first before trying to add an Access port to the VLAN.

1.4.3 Configuring the Trunk-Port-Based VLAN

A Trunk port may belong to multiple VLANs, and you can only perform this configuration

in Ethernet port view or port group view.


9/33



1-7

Follow the following steps to configure the Trunk-port-based VLAN:



EnterEthernetport view

interface interface-typeinterface-numberEnter

Ethernetport viewor portgroup view

Enter portgroup view


Use either command

Under Ethernet port view,the subsequentconfigurations only apply tothe current port; under portgroup view, the subsequentconfigurations apply to allports in the port group

Configure the port linktype as Trunk

port link-typetrunk

Required


Allow a specified VLANto pass through thecurrent Trunk port

port trunk permit vlan{ vlan-id-list| all }

Required

By default, all Trunk portsbelong to VLAN 1 only

Configure the defaultVLAN for the Trunk port

port trunk pvid vlanvlan-id

Optional

VLAN 1 is the default bydefault

Note:z To convert a Trunk port into a Hybrid port (or vice versa), you need to use the

Access port as a medium. For example, the Trunk port has to be configured as an

Access port first and then a Hybrid port.

z Ensure that a VLAN already exists before configuring it to pass through a certain

Trunk port.

z The default VLAN ID on the Trunk ports of the local and peer devices must be the

same. Otherwise, packets of the default VLAN cannot be transmitted properly from

the local end to the peer end.

1.4.4 Configuring the Hybrid-Port-Based VLAN

A Hybrid port may belong to multiple VLANs, and this configuration can only be

performed in Ethernet port view or port group view.


10/33



1-8

Follow the following steps to configure the Hybrid-port-based VLAN:



EnterEthernetport view

interface interface-typeinterface-numberEnter

Ethernetport viewor portgroupview

Enter portgroup view


Use either command;

Under Ethernet port view,the subsequentconfigurations only applyto the current port; underport group view, thesubsequentconfigurations apply to allports in the port group

Configure the port link

type as Hybridport link-typehybrid

Required


Allow a specified VLANto pass through thecurrent Hybrid port

port hybrid vlanvlan-id-list { tagged |untagged }

Required

By default, all Hybridports belong to VLAN 1

Configure the defaultVLAN of the Hybrid port

port hybrid pvid vlanvlan-id

Optional

VLAN 1 is the default bydefault

Note:z To configure a Trunk port into a Hybrid port (or vice versa), you need to use the

Access port as a medium. For example, the Trunk port has to be configured as an

Access port first and then a Hybrid port.

z Ensure that a VLAN already exists before configuring it to pass through a certain

Hybrid port.

1.5 Configuring the IP-Subnet-Based VLAN

1.5.1 Introduction

In this approach, VLANs are categorized based on the source IP address and the

subnet mask of packet. After receiving an untagged packet from a port, the device finds

its association with the current VLAN based on the source address contained in the

packet, it will then forward the packet in the corresponding VLAN. This allows packets

from a certain network segment or with certain IP addresses to be forwarded in a

VLAN.


11/33



1-9

1.5.2 Configuring the IP-Subnet-Based VLANs

Note:This feature is only applicable to a Hybrid port.

Follow the following steps to configure the IP-subnet-based VLAN:




Required

For a nonexistent VLAN,this command will createa VLAN and enter view

Configure the associationbetween an IP subnet with thecurrent VLAN

ip-subnet-vlan[ ip-subnet-index ] ipip-address [ mask]

Required

The configured IPnetwork segment or IPaddress cannot be amulticast networksegment or a multicastaddress

Exit the VLAN view quit Required

EnterEthernet portview

interfaceinterface-typeinterface-number

EnterEthernet portview or portgroup view Enter port

group view


Use either command;

Under Ethernet port view,the subsequentconfigurations only applyto the current port; underport group view, thesubsequentconfigurations apply to allports in the port group

Configure port link type as

Hybrid

port link-typehybrid

Required

The link type of all ports is

Access by default

Allow an IP-subnet-basedVLAN to pass through thecurrent Hybrid port

port hybrid vlanvlan-id-list { tagged |untagged }

Required

By default, all portsbelong to VLAN 1

Configure the associationbetween the Hybrid port andthe IP-subnet-based VLAN

port hybridip-subnet-vlan vlanvlan-id

Required

By default, no Hybrid portis associated with theIP-subnet-based VLAN.


12/33



1-10

1.6 Displaying and Maintaining VLAN

To do... Use the command Remarks

Display VLAN informationdisplay vlan [ vlan-id1 [ tovlan-id2 ] | all | static |dynamic | reserved ]

Display VLAN interface informationdisplay interfaceVlan-interface[ vlan-interface-id]

Display the IP-subnet-based VLANinformation and IP subnet indexes ofspecified VLANs

display ip-subnet-vlan vlan{ vlan-id[ to vlan-id] | all }

Display the IP-subnet-based VLAN

information and IP subnet index ofspecified ports

display ip-subnet-vlaninterface { interface-type

interface-number [ to{ interface-typeinterface-number} ] | all }

Available inuser view

1.7 A Typical VLAN Configuration Example

I. Network requirements

z Device A connects to Device B through the Trunk port Ethernet 1/0/1;

z

The default VLAN ID of the port is 100;z This port allows packets from VLAN 2, VLAN 6 to VLAN 50, and VLAN 100 to pass

through.

II. Network diagram

Ethernet1/0/1

Ethernet1/0/1

Device A Device B

Ethernet1/0/1

Ethernet1/0/1

Device A Device B

Figure 1-2 Network diagram for configuring VLANs allowed on ports

III. Configuration procedure

1) Configure Device A

# Create VLAN 2, VLAN 6 to VLAN 50, and VLAN 100.

system-view

[Sysname] vlan 2

[Sysname-vlan2] quit

[Sysname] vlan 100


13/33



1-11


[Sysname] vlan 6 to 50

Please wait... Done.

# Enter the Ethernet port view of Ethernet 1/0/1.

[Sysname] interface Ethernet 1/0/1

# Configure Ethernet 1/0/1 as a Trunk port and configure its default VLAN ID as 100.

[Sysname-Ethernet1/0/1] port link-type trunk

[Sysname-Ethernet1/0/1] port trunk pvid vlan 100

# Configure packets from VLAN 2, VLAN 6 to VLAN 50, and VLAN 100 to pass through

Ethernet 1/0.

[Sysname-Ethernet1/0/1] port trunk permit vlan 2 6 to 50 100

Please wait... Done.

2) Configure Device B following similar steps as that of Device A.


14/33

Operation Manual - VLANQuidway S3500-EA Series Ethernet Switches Chapter 2 Voice VLAN Configuration


2-1

Chapter 2 Voice VLAN Configuration

2.1 Introduction to Voice VLAN

Voice VLANs are configured specially for voice traffic. By adding the ports that connect

voice devices to voice VLANs, you can configure quality of service (QoS for short)

attributes for the voice traffic, increasing transmission priority and ensuring voice quality.

A device determines whether a received packet is a voice packet by checking its source

MAC address. Packets containing source MAC addresses that comply with the voice

device Organizationally Unique Identifier (OUI for short) addresses are regarded as

voice traffic, and are forwarded in the voice VLANs.

You can configure the OUI addresses in advance or use the default OUI addresses,

which are listed as follows:

Number OUI address Vendors

1 0001-e300-0000 Siemens phone

2 0003-6b00-0000 Cisco phone

3 00d0-1e00-0000 Pingtel phone

4 00e0-7500-0000 Polycom phone

5 00e0-bb00-0000 3com phone

Note:z As the first 24 bits of a MAC address (in binary format), an OUI address is a globally

unique identifier assigned to a vendor by IEEE.

z You can delete or add the default OUI address.

2.1.1 Voice VLAN Mode on a Port

There are two voice VLAN modes on a port: automatic and manual.

z In automatic voice VLAN mode, the system identifies the source MAC address

contained in the untagged packet sent when the IP phone is powered on and

matches it against the OUI addresses. If a match is found, the system will

automatically add the port into the Voice VLAN and apply ACL rules to ensure the

packet precedence. An aging time can be configured for the voice VLAN. The

system will remove a port from the voice VLAN if no voice packet is received from


15/33



2-2

it after the aging time. The adding and deleting of ports are automatically realized

by the system.

z In manual voice VLAN mode, administrators add the IP phone access port to the

voice VLAN. It then identifies the source MAC address contained in the packet,matches it against the OUI addresses, and decides whether to forward the packet

in the voice VLAN. The administrators apply ACL rules while adding or deleting a

port from the voice VLAN. In this mode, the adding or deleting of ports is realized

by the administrators.

z Both modes forward tagged packets based on the VLAN IDs contained in the

packets.

The above two modes are configured in Ethernet port view. Different voice VLAN

modes can be configured on different ports, independent of one another.

The following table lists the co-relation between the voice VLAN mode, the voice traffictype of an IP phone, and the type of an Ethernet port.

Mode Voice traffic type Port link type

Access: not supported

Trunk: supported provided that the defaultVLAN of the access port exists and is not avoice VLAN and that the access port belongs tothe voice VLANTagged voice traffic

Hybrid: supported provided that the defaultVLAN of the access port exists and is in the list

of tagged VLANs whose packets can passthrough the access port

Automaticmode

Untagged voice traffic Access, Trunk, Hybrid: not supported


16/33



2-3

Mode Voice traffic type Port link type

Access: not supported

Trunk: supported provided that the default

VLAN of the access port exists and is not avoice VLAN and that the access port belongs tothe default VLANTagged voice traffic

Hybrid: supported provided that the defaultVLAN of the access port exists and is from thelist of tagged VLANs whose packets can passthrough the access port

Access: supported provided that the defaultVLAN of the access port is a voice VLAN

Trunk: supported provided that the defaultVLAN of the access port is a voice VLAN andthat the access port allows packets from thevoice VLAN to pass through

Manualmode

Untagged voicetraffic

Hybrid port: supported provided that the defaultVLAN of the access port is a voice VLAN andthat the voice VLAN is in the list of untaggedVLANs whose packets are allowed to passthrough the access port

Caution:

z If the voice traffic sent by an IP phone is tagged and that the access port has 802.1

x authentication and guest VLAN enabled, assign different VLAN IDs for the voice

VLAN, the default VLAN of the access port, and the 802.1x guest VLAN.

z If the voice traffic sent by an IP phone is untagged, to realize the voice VLAN feature,

the default VLAN of the access port can only be configured as the voice VLAN. Note

that at this time 802.1 x authentication function cannot be realized.

Note:z The default VLANs for all ports are VLAN 1. Using commands, users can either

configure the default VLAN of a port, or configure to allow a certain VLAN to pass

through the port. For more information, refer to 1.4 Configuring the Port-Based

VLAN.

z Use the display interface command in the Port Correlation Configuration module to

display the default VLAN and the VLANs that are allowed to go through a certain

port.


17/33



2-4

2.1.2 Security Mode and Normal Mode of Voice VLAN

Ports that have the voice VLAN feature enabled can be divided into two modes based

on their filtering mechanisms applied to inbound packets.

z Security mode: only voice packets with source OUI MAC addresses can pass

through the port (with the voice VLAN feature enabled), other non-voice packets

will be discarded, including authentication packets, such as 802.1x authentication

packet.

z Normal mode: both voice packets and non-voice packets are allowed to pass

through a port (with the voice VLAN feature enabled), the former will abide by the

voice VLAN filtering mechanism whereas the latter normal VLAN filtering

mechanism.

It is recommended that you do not mix voice packets with other types of data in a voice

VLAN. If necessary, please ensure that the security mode is disabled.

2.2 Configuring the Voice VLAN

2.2.1 Configuration Prerequisites

z Create the corresponding VLAN before configuring the voice VLAN;

z As a default VLAN, VLAN 1 does not need to be created. However, it cannot be

enabled with the voice VLAN feature.

2.2.2 Setting Voice VLAN Mode on a Port to Automatic Mode

Follow the following steps to set the voice VLAN mode on a port to automatic:

To do... Use the command... Remarks


Configure the aging time ofthe voice VLAN

voice vlan agingminutes

Optional

Only applicable to portsin automatic mode anddefaults to 1,440 minutes

Enable the security mode ofthe voice VLAN

voice vlan securityenable

Optional

Enabled by default

Configure the OUI addressfor the voice VLAN

voice vlanmac-address oui maskoui-mask [ descriptiontext]

Optional

By default, each voiceVLAN has 5 default OUIaddresses

Enable the global voiceVLAN feature

voice vlan vlan-idenable

Required


18/33



2-5


Enter Ethernet port view

interface{ interface-typeinterface-number |interface-name }

Set the voice VLAN modeon the port to automatic

voice vlan mode autoOptional

Enabled by default

Enable the voice VLANfeature on the port

voice vlan enableRequired

Disabled by default

Note:

For a port whose voice VLAN mode is set to automatic, you cannot configure thedefault VLAN of the port as the voice VLAN. Otherwise, the system will prompt error

information.

2.2.3 Setting Voice VLAN Mode on a Port to Manual Mode

Follow the following steps to set the voice VLAN mode on a port to manual mode:



Enable the security mode ofvoice VLAN

voice vlan security enableOptional

Enabled by default

Configure the OUI addressof voice VLAN

voice vlan mac-address ouimask oui-mask[ descriptiontext]

Optional

By default, a voiceVLAN has 5 defaultOUI addresses

Enable the global voiceVLAN feature

voice vlanvlan-idenable Required

Enter Ethernet port viewinterface { interface-typeinterface-number |interface-name }

Set the voice VLAN modeon the port to manual

undo voice vlan mode autoRequired

Disabled by default

Return to system view quit


19/33



2-6


Accessport

Refer to 1.4.2 Configuringthe Access-Port-BasedVLAN

Trunk portRefer to 1.4.3 Configuringthe Trunk-Port-Based VLAN

Add a manualmode port tothe voiceVLAN

Hybrid portRefer to 1.4.4 Configuringthe Hybrid-Port-Based VLAN

One of the threeoptions is required.

If you add anAccess port to thevoice VLAN, thevoice VLANautomaticallybecomes the defaultVLAN of the port.

Trunk portRefer to 1.4.3 Configuringthe Trunk-Port-Based VLAN

Configure thevoice VLANas the default

VLAN of aport Hybrid port Refer to 1.4.4 Configuringthe Hybrid-Port-Based VLAN

Optional

When the incomingvoice stream isuntagged, thisconfiguration is

required; when theincoming voicestream is tagged,this configuration isprohibited.

Enable the voice VLANfeature on the port

voice vlan enableRequired

Disabled by default

Note:When configuring voice VLAN (under automatic mode and manual mode), note that:z Only one static VLAN of a device can have the voice VLAN feature enabled at a time.

A dynamic VLAN cannot be configured as a voice VLAN.

z A port that has the Link Aggregation Control Protocol (LACP for short) enabled

cannot have the voice VLAN feature enabled at the same time.

z You are not recommended to configure both voice VLAN and Q-in-Q (including

basic Q-in-Q and selective Q-in-Q) on a device. Otherwise, the voice VLAN cannot

work properly.

2.3 Displaying and Maintaining Voice VLAN


Display the voice VLAN state display voice vlan state

Display the OUI addressescurrently supported by system

display voice vlan oui

Available in anyview


20/33



2-7

2.4 Typical Voice VLAN Configuration Examples

2.4.1 Configuring Automatic Voice VLAN Mode

I. Network requirement

z Create VLAN 2 and configure it as a voice VLAN with an aging time of 100

minutes.

z Configure Ethernet 1/0/1 as a Trunk port. Its default VLAN is VLAN 6.

z The device allows voice packets from Ethernet 1/0/1 with an OUI address of

0011-2200-0000, a mask of ffff-ff00-0000, and a descriptive string of test to be

forwarded through the voice VLAN.

II. Network diagram

Tel.1 010-1001

OUI:0011-2200-0000

Mask:ffff-ff00-0000

WANVLAN 2

Tel.1 010-1001

OUI:0011-2200-0000

Mask:ffff-ff00-0000

WANVLAN 2

Ethernet1/0/1

Tel.1 010-1001

OUI:0011-2200-0000

Mask:ffff-ff00-0000

WANVLAN 2

Tel.1 010-1001

OUI:0011-2200-0000

Mask:ffff-ff00-0000

WANVLAN 2

Ethernet1/0/1

Figure 2-1 Network diagram for automatic voice VLAN mode configuration


# Create VLAN 2 and VLAN 6.

system-view

[Sysname] vlan 2


[Sysname] vlan 6


# Configure the voice VLAN aging time.

[Sysname] voice vlan aging 100

# Configure the OUI address 0011-2200-0000 as the legal address of the voice VLAN.

[Sysname] voice vlan mac-address 0011-2200-0000 mask ffff-ff00-0000

description test

# Enable the global voice VLAN feature.

[Sysname] voice vlan 2 enable


21/33



2-8

# Set the voice VLAN mode on Ethernet 1/0/1 to automatic. (Optional, by default, the

voice VLAN mode on a port is automatic.)


[Sysname-Ethernet1/0/1] voice vlan mode auto

# Configure Ethernet 1/0/1 as a Trunk port.



# Configure the default VLAN of the port to be VLAN 6 and allow packets from VLAN 6

to pass through the port.

[Sysname-Ethernet1/0/1] port trunk permit vlan 6

[Sysname-Ethernet1/0/1] port trunk pvid vlan 6

# Enable the voice VLAN feature of the port.[Sysname-Ethernet1/0/1] voice vlan enable

2.4.2 Configuring Manual Voice VLAN Mode

I. Network requirement

z Create VLAN 2 and configure it as a voice VLAN.

z IP phone type is untagged with the Hybrid port Ethernet 1/0/1 being the access

port.

z Ethernet 1/0/1 works in manual mode. It only allows voice packets with an OUI

address of 0011-2200-0000, a mask of ffff-ff00-0000, and a descriptive string of

test to be forwarded.

II. Network diagram

Tel.1 010-1001

OUI:0011-2200-0000

Mask:ffff-ff00-0000

WANVLAN 2

Tel.1 010-1001

OUI:0011-2200-0000

Mask:ffff-ff00-0000

WANVLAN 2

Ethernet1/0/1

Tel.1 010-1001

OUI:0011-2200-0000

Mask:ffff-ff00-0000

WANVLAN 2

Tel.1 010-1001

OUI:0011-2200-0000

Mask:ffff-ff00-0000

WANVLAN 2

Ethernet1/0/1

Figure 2-2 Network diagram for manual voice VLAN mode configuration


22/33



2-9


# Configure the voice VLAN to work in security mode and only allows legal voice

packets to pass through the voice VLAN enabled port. (Optional, enabled by default)

system-view

[Sysname] voice vlan security enable

# Configure the OUI address 0011-2200-0000 as the legal voice VLAN address.

[Sysname] voice vlan mac-address 0011-2200-0000 mask ffff-ff00-0000

description test

# Create VLAN 2. Enable voice VLAN feature for it.

[Sysname] vlan 2


[Sysname] voice vlan 2 enable

# Configure Ethernet 1/0/1 to work in manual mode.


[Sysname-Ethernet1/0/1] undo voice vlan mode auto

# Configure Ethernet 1/0/1 as a Hybrid port.

[Sysname-Ethernet1/0/1] port link-type hybrid

# Configure VLAN 2 as the default VLAN of the port and allow packets from VLAN 2 to

pass through the port.

[Sysname-Ethernet1/0/1] port hybrid pvid vlan 2

[Sysname-Ethernet1/0/1] port hybrid vlan 2 untagged

# Enable the voice VLAN feature of Ethernet 1/0/1.

[Sysname-Ethernet1/0/1] voice vlan enable

IV. Verification

# Display information about the OUI addresses, OUI address masks, and descriptive

strings.

[Sysname-Ethernet1/0/1] return

display voice vlan oui

Oui Address Mask Description

0001-e300-0000 ffff-ff00-0000 Siemens phone

0003-6b00-0000 ffff-ff00-0000 Cisco phone

0011-2200-0000 ffff-ff00-0000 test

00d0-1e00-0000 ffff-ff00-0000 Pingtel phone

00e0-7500-0000 ffff-ff00-0000 Polycom phone

00e0-bb00-0000 ffff-ff00-0000 3com phone

# Display the current voice VLAN state.

display voice vlan state


23/33



2-10

Voice VLAN status: ENABLE

Voice VLAN ID: 2

Voice VLAN configuration mode: MANUAL

Voice VLAN security mode: Security

Voice VLAN aging time: 100 minutes

Voice VLAN enabled port and its mode:

PORT MODE

--------------------------------

Ethernet1/0/1 MANUAL


24/33

Operation Manual - VLANQuidway S3500-EA Series Ethernet Switches Chapter 3 GVRP Configuration


3-1

Chapter 3 GVRP Configuration

3.1 GVRP Overview

3.1.1 Introduction to GARP

The generic attribute registration protocol (GARP), provides a mechanism that allows

participants in a GARP application to distribute, propagate, and register with other

participants in a bridged LAN the attributes specific to the GARP application, such as

the VLAN or multicast address attribute.

GARP-compliant application entities are called GARP applications. One example is

GVRP. When a GARP application entity is present on a port on your device, this port is

regarded a GARP application entity.

I. GARP messages and timers

1) GARP messages

GARP participants, which can be end stations or bridges, exchange attributes primarily

by sending the following three types of messages:

z Join to announce the willingness to register attributes with other participants.

z Leave to announce the willingness to deregister with other participants. Together

with Join messages, Leave messages guarantee attribute reregistration and

deregistration.

z LeaveAll to deregister all attributes. A LeaveAll message is sent upon expiration of

a LeaveAll timer which starts upon the startup of a GARP application entity.

Through message exchange, all attribute information that needs registration

propagates to all GARP participants throughout a bridged LAN.

2) GARP timers

GARP sets interval for sending GARP messages by using these four timers:

z Hold timer When a GARP application entity receives the first registrationrequest, it starts a hold timer and collects succeeding requests. When the timer

expires, the entity sends all these requests in one Join message. This can thus

help you save bandwidth.

z Join timer Each GARP application entity sends a Join message twice for

reliability sake and uses a join timer to set the sending interval.

z Leave timer Starts upon receipt of a Leave message. When this timer expires,

the GARP application entity removes attribute information as requested.


25/33



3-2

z Leaveall timer Starts when a GARP application entity starts. When this timer

expires, the entity sends a LeaveAll message so that other entities can re-register

its attribute information. Then, a leaveall timer starts again.

Note:z The settings of GARP timers apply to all GARP applications, such as GVRP,

running on a LAN.

z Unlike other three timers which are set on a port basis, the leaveall timer is set in

system view and takes effect globally.

z A GARP application entity may send LeaveAll messages at the interval set by its

LeaveAll timer or the leaveall timer of another GARP application entity on the

network, whichever is smaller.

II. Operating mechanism of GARP

The GARP mechanism allows the configuration of a GARP participant to propagate

throughout a LAN quickly. In GARP, a GARP participant registers or deregisters its

attributes with other participants by making or withdrawing declarations of attributes

and at the same time, based on received declarations or withdrawals handles attributes

of other participants.

GARP application entities send protocol data units (PDU) with a particular multicast

MAC address as destination. Based on this address, a device can identify to which

GVRP application, GVRP for example, should a GARP PDU be delivered.

III. GARP message format

The following figure illustrates the GARP message format.

Figure 3-1 GARP message format


26/33



3-3

The following table describes the GARP message fields.

Table 3-1 Description on the GARP message fields:

Field Description Value

Protocol ID Protocol identifier for GARP 1Message

One or multiple messages, eachcontaining an attribute type and anattribute list

Attribute TypeDefined by the concerned GARPapplication

0x01 for GVRP,indicating theVLAN ID attribute

Attribute List Consists of one or multiple attributes

Attribute

Consists of an Attribute Length, an

Attribute Event, and an Attribute Value. Ifthe Attribute Event is LeaveAll, AttributeValue is omitted

Attribute LengthNumber of octets occupied by an attribute,inclusive of the attribute length field

2 to 255 in bytes

Attribute Event Event described by the attribute

0: LeaveAll

1: JoinEmpty

2: JoinIn

3: LeaveEmpty

4: LeaveIn

5: EmptyAttribute Value Attribute value

VLAN ID forGVRP

End Mark Indicates the end of PDU

3.1.2 Introduction to GVRP

GVRP enables a device to propagate local VLAN registration information to other

participant devices and dynamically update the VLAN registration information from

other devices to its local database. It thus ensures that all GVRP participants on a

bridged LAN maintain the same VLAN registration information. The VLAN registration

information propagated by GVRP includes both manually configured local static entries

and dynamic entries from other devices.

GVRP provides the following three registration types on a port:

z Normal Enables a port to dynamically register and deregister VLANs, and to

propagate both dynamic and static VLAN information.

z Fixed Disables the port to dynamically register VLANs or propagate dynamic

VLAN information, but allows the port to propagate static VLAN information. A


27/33



3-4

trunk port with fixed registration type thus allows only manually configured VLANs

to pass through even though it is configured to carry all VLANs.

z Forbidden Disables the port to dynamically register VLANs, and to propagate

VLAN information except for VLAN 1. A trunk port with forbidden registration typethus allows only VLAN 1 to pass through even though it is configured to carry all

VLANs.

3.1.3 Protocols and Standards

IEEE 802.1Q specifies GVRP.

3.2 Configuring GVRP

GVRP configuration covers GVRP functions and GARP timers.

Note:You can configure GVRP on a trunk port only.

3.2.1 Configuring GVRP Functions

Follow these steps to configure GVRP functions on a trunk port:

To do Use the command RemarksEnter system view system-view Enable global GVRP gvrp

Required

Disabled by default.

EnterEthernetinterfaceview

interface interface-typeinterface-numberEnterEthernet

interfaceview or

port-groupview Enterport-group

viewport-group { manualport-group-name |aggregationagg-id}

Required

Perform either of thecommands.

Depending on the view youaccessed, the subsequentconfiguration takes effecton a port or all ports in aport-group.

Enable GVRP on theport

gvrpRequired

Disabled by default.Configure the GVRPregistration mode on theport

gvrp registration { fixed |forbidden | normal }

Optional

The default is normal.


28/33



3-5

Note:The BPDU tunneling function is incompatible with the GVRP function. Before enabling

GVRP on a BPDU tunnelingenabled Ethernet port, disable BPDU tunneling.

3.2.2 Configuring GARP Timers

Follow these steps to configure GARP timers:

To do Use the command RemarksEnter system view system-view

Configure the GARPleaveall timer garp timer leavealltimer-valueOptional

The default is 1000centiseconds.

EnterEthernetinterfaceview

interfaceinterface-typeinterface-number

EnterEthernetinterfaceview orport-groupview Enterport-group

viewport-group { manualport-group-name |aggregationagg-id}

Required

Perform either of thecommands.

Depending on the view youaccessed, the subsequentconfiguration takes effect on aport or all ports in a port-group.

Configure the holdtimer, join timer, andleave timer

garp timer { hold |join | leave }timer-value

Optional

The default is 10 centisecondsfor the hold timer, 20centiseconds for the join timer,and 60 centiseconds for theleave timer.

When configuring GARP timers, note that their values are dependent on one another

and must be a multiplier of five centiseconds. If the value range for a timer is not desired,

you may change it by tuning the value of another related timer as shown in the following

table:

Table 3-2 Dependencies of GARP timers

Timer Lower limit Upper limitHold 10 centiseconds Not greater than half of

the join timer setting

Join Not less than two times the holdtimer setting

Less than half of the leavetimer setting

Leave Greater than two times the join timersetting

Less than the leavealltimer setting


29/33



3-6

Timer Lower limit Upper limitLeaveAll Greater than the leave timer setting 32765 centiseconds

3.3 Displaying and Maintaining GVRP


Display statistics aboutGARP

display garp statistics[ interface interface-list]

Display GARP timers forall or specified ports display garp timer [ interfaceinterface-list]Display statistics about

GVRP

display gvrp statistics

[interfaceinterface-list]

Display the global GVRPstate

display gvrp status

Available in anyview

Clear the GARP statisticsreset garp statistics [ interfaceinterface-list]

Available in userview

3.4 GVRP Configuration Example

3.4.1 Example 1


Configure GVRP for dynamic VLAN information registration and update among

devices.

II. Network diagram

Switch A Switch BSwitch A Switch B

Ethernet 1/0/1

Switch B

Ethernet 1/0/2

Switch BSwitch A Switch BSwitch A Switch B

Ethernet 1/0/1

Switch B

Ethernet 1/0/2

Switch B

Figure 3-2 Network diagram for GVRP configuration


z Configure Switch A

# Enable GVRP globally.

system-view

[Sysname] gvrp


30/33



3-7

# Configure port Ethernet 1/0/1 as trunk, allowing all VLANs to pass.



[Sysname-Ethernet1/0/1] port trunk permit vlan all

# Enable GVRP on Ethernet 1/0/1.

[Sysname-Ethernet1/0/1] gvrp

# Create VLAN 2.

[Sysname-Ethernet1/0/1] quit

[Sysname] vlan 2

[Sysname-vlan2]

z Configure Switch B

# Enable GVRP globally. system-view

[Sysname] gvrp

# Configure port Ethernet 1/0/2 as trunk, allowing all VLANs to pass.




# Enable GVRP on Ethernet 1/0/2.


# Create VLAN 3.


[Sysname] vlan 3

[Sysname-vlan3]

z Verify the configuration.

# Display the dynamic VLAN information on Switch A

[Sysname-vlan2] display vlan dynamic

Now, the following dynamic VLAN exist(s):

3

# Display the dynamic VLAN information on Switch B



2


31/33



3-8

3.4.2 Example 2


Enable GVRP on devices and configure the port registration mode as fixed to realizedynamic registration and update of some VLAN information between devices.

II. Network diagram


Ethernet 1/0/1

Switch B

Ethernet 1/0/2


Ethernet 1/0/1

Switch B

Ethernet 1/0/2

Switch B



1) Configure Switch A


system-view

[Sysname] gvrp

# Configure port Ethernet1/0/1 as trunk, allowing all VLANs to pass.




# Enable GVRP on Ethernet1/0/1


# Configure the GVRP registration mode as fixed.

[Sysname-Ethernet1/0/1] gvrp registration fixed

# Create static VLAN 2.


[Sysname] vlan 2

[Sysname-vlan2]

2) Configure Switch B


system-view

[Sysname] gvrp

# Configure port Ethernet1/0/2 as trunk, allowing all VLANs to pass.




32/33



3-9


# Enable GVRP on Ethernet1/0/2




[Sysname] vlan 3

[Sysname-vlan3]

3) Verify the configuration

# Display the dynamic VLAN information on Switch A


No dynamic vlans exist!

# Display the dynamic VLAN information on Switch B.



2

3.4.3 Example 3


Enable GVRP on devices and configure the port registration mode as forbidden to

forbid dynamic registration and update of VLAN information between devices.

II. Network diagram


Ethernet 1/0/1

Switch B

Ethernet 1/0/2


Ethernet 1/0/1

Switch B

Ethernet 1/0/2

Switch B



1) Configure Switch A


system-view

[Sysname] gvrp

# Configure Ethernet1/0/1 as a trunk port, allowing all VLANs to pass.





33/33


# Enable GVRP on the trunk port.


# Configure the GVRP registration mode as forbidden.

[Sysname-Ethernet1/0/1] gvrp registration forbidden



[Sysname] vlan 2

[Sysname-vlan2]

2) Configure Switch B


system-view

[Sysname] gvrp

# Configure Ethernet1/0/2 as a trunk port, allowing all VLANs to pass.




# Enable GVRP on the trunk port.




[Sysname] vlan 3

[Sysname-vlan3]

3) Verify the configuration

# Display dynamic VLAN information on Switch A



# Display dynamic VLAN information on Switch B.



02 vlan operation

Documents