Scribd
Upload
94 views33 pages

Configuration For Training

ffff

Uploaded by

Quynh Nd
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
94 views33 pages

Configuration For Training

ffff

Uploaded by

Quynh Nd
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 33

Creating a VLAN

Step 1 Run the system-view command to enter the system view.


Step 2 Run the vlan vlan-id command to create a VLAN and enter the VLAN view.

Adding Access Interfaces to a VLAN


Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the interface interface-type interface-number command to enter the
interface view.
Step 3 Run the port link-type access command to set the interface type.
By default, the link type is hybrid.
Step 4 Run the quit command to return to the system view.
Step 5 Run the vlan vlan-id command to enter the VLAN view.
Step 6 Run the port interface-type { interface-number1 [ to interface-number2 ] }
&<1-10> command to add access interfaces to their default VLAN.

Configuring a Default VLAN for Interfaces

Context
Do as follows on the S-switch.
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the interface interface-type interface-number command to enter the
interface view.
Step 3 Run the port link-type access command to set the interface type.
By default, the interface type is hybrid.
Step 4 Run the port default vlan vlan-id command to set the default VLAN of interfaces.

Adding Trunk Interfaces to a VLAN

Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the interface interface-type interface-number command to enter the
interface view.
Step 3 Run the port link-type trunk command to set the interface type to trunk.
By default, the interface type is hybrid.
Step 4 Run the port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> |
all } command to add trunk interfaces to the VLAN.
Adding Hybrid Interfaces to a VLAN

Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the interface interface-type interface number command to enter the
interface view.
Step 3 Run the port link-type hybrid command to set the interface type to hybrid.
By default, the interface type is hybrid.
Step 4 Run the following commands as required.
Run the port default vlan vlan-id command to set the default VLAN of hybrid interfaces.
Run the port interface-type { interface-number1 [ to interface-number2 ] }&<1-10>
command in the VLAN view to set the default VLAN of the hybrid interface. You can use
this command to set the default VLAN for multiple hybrid interfaces.
Run the port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }
command
to add hybrid interfaces to the VLAN in tagged mode.
Run the port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }
command
to add hybrid interfaces to the VLAN in untagged mode.

Creating a VLANIF Interface

Context
Do as follows on the S-switch that needs to be configured with VLANIF interfaces.
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the interface vlanif vlan-id command to create a VLANIF interface and enter
the VLANIF interface view.

Assigning IP Addresses to VLANIF Interfaces


Context

Do as follows on the S-switch.


Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the interface vlanif vlan-id command to create a VLANIF interface and enter
the VLANIF interface view.
Step 3 Run the ip address ip-address { mask | mask-length } [ sub ] command to
assign an IP address to the VLANIF interface.

Checking the Configuration


[Huawei-5300]display interface Vlanif 1
Relating a MAC Address with a VLAN
System
Vlan vlan 2
mac-vlan mac-address 1231-3452-3434

Permitting Packets with the VLAN Tag to Pass


the Current Interface

[Huawei-5300]interface g0/0/5
[Huawei-5300-GigabitEthernet0/0/5]port link-type hybrid
[Huawei-5300-GigabitEthernet0/0/5]port hybrid untagged vlan 2

Enabling MAC Address-Based VLAN


Classification
[Huawei-5300]interface g0/0/1
[Huawei-5300-GigabitEthernet0/0/1]mac-vlan enable

Checking the Configuration


[Huawei-5300]display mac-vlan vlan 2
---------------------------------------------------------------
MAC Address VLAN Priority Type
---------------------------------------------------------------
1231-3452-3434 2 0 static

Total MAC VLAN address count: 1


Configure QinQ

Networking Requirements
Tthere are two enterprises in the network. Enterprise 1 has two office
locations and Enterprise 2 has three. Their enterprise networks are connected respectively with
S-switch-G or S-switch-F in the ISP network. Enterprise 1 uses VLAN 2 to VLAN 1500 and
Enterprise 2 uses VLAN 500 to VLAN 4094 to identify their intranets. The office locations of the
same enterprise can communicate with each other. The two enterprises, however, are isolated from
each other.

Configuration Roadmap
The configuration roadmap is as follows:
+ Create VLAN 10 and VLAN 20 on S-switch-F, and VLAN 20 on S-switch-G.
+ Set GigabitEthernet 0/0/1, GigabitEthernet 0/0/2, and GigabitEthernet 0/0/3 as QinQ
interfaces on S-switch-F.
+ Set GigabitEthernet 0/0/1 and GigabitEthernet 0/0/2 as QinQ interfaces on S-switch-G.
+ Add GigabitEthernet 0/0/4 of S-switch-F and GigabitEthernet 0/0/3 of S-switch-G to
VLAN 20 in tagged mode.
Configuration Procedure
1. Create VLANs.
# Create VLAN 10 and VLAN 20 on S-switch-F.
<Quidway> system-view
[Quidway] sysname S-switch-F
[S-switch-F] vlan batch 10 20
# Create VLAN 20 on S-switch-G.
<Quidway> system-view
[Quidway] sysname S-switch-G
[S-switch-G] vlan batch 20
2. Configure QinQ interfaces.
# Set GigabitEthernet 0/0/1, GigabitEthernet 0/0/2, and GigabitEthernet 0/0/3 as QinQ
interfaces on S-switch-F.
[S-switch-F] interface GigabitEthernet 0/0/1
[S-switch-F-GigabitEthernet0/0/1] port link-type dot1q-tunnel
[S-switch-F-GigabitEthernet0/0/1] port default vlan 10
[S-switch-F-GigabitEthernet0/0/1] quit
[S-switch-F] interface GigabitEthernet 0/0/2
[S-switch-F-GigabitEthernet0/0/2] port link-type dot1q-tunnel
[S-switch-F-GigabitEthernet0/0/2] port default vlan 10
[S-switch-F-GigabitEthernet0/0/2] quit
[S-switch-F] interface gigabitethernet 0/0/3
[S-switch-F-GigabitEthernet0/0/3] port link-type dot1q-tunnel
[S-switch-F-GigabitEthernet0/0/3] port default vlan 10
[S-switch-F-GigabitEthernet0/0/3] quit
# Set GigabitEthernet 0/0/1 and GigabitEthernet 0/0/2 as QinQ interfaces on S-switch-G.
[S-switch-G] interface GigabitEthernet 0/0/1
[S-switch-G-GigabitEthernet0/0/1] port link-type dot1q-tunnel
[S-switch-G-GigabitEthernet0/0/1] port default vlan 20
[S-switch-G-GigabitEthernet0/0/1] quit
[S-switch-G] interface GigabitEthernet 0/0/2
[S-switch-G-GigabitEthernet0/0/2] port link-type dot1q-tunnel
[S-switch-G-GigabitEthernet0/0/2] port default vlan 20
[S-switch-G-GigabitEthernet0/0/2] quit
3. Configure other interfaces.
# Add GigabitEthernet 0/0/4 to VLAN 20 on S-switch-F.
[S-switch-F] interface gigabitethernet 0/0/4
[S-switch-F-GigabitEthernet0/0/4] port trunk allow-pass vlan 20
[S-switch-F-GigabitEthernet0/0/4] quit
# Add GigabitEthernet 0/0/3 to VLAN 20 on S-switch-G.
[S-switch-F] interface gigabitethernet 0/0/3
[S-switch-G-GigabitEthernet0/0/3] port trunk allow-pass vlan 20
[S-switch-G-GigabitEthernet0/0/3] quit
4. Verify the configuration.
From a host in one office location of Enterprise 1, ping a remote host in the same VLAN
in another office location of Enterprise 1. If it can ping through the remote host, hosts in
different locations of Enterprise 1 can communicate with each other.
From a host in one office location of Enterprise 2, ping a remote host in the same VLAN
in another office location of Enterprise 2. If it can ping through the remote host, hosts in
different locations of Enterprise 2 can communicate with each other.
Configuring Selective QinQ
Networking Requirements
There are two enterprises in the network. Enterprise 1 has two office locations and Enterprise 2 has two.
Their enterprise networks are connected respectively with S-switch-A or S-switch-B in the ISP network.
Enterprise 1 uses VLAN 100 to VLAN 400 and Enterprise 2 uses VLAN 200 to VLAN 500 to identify
their intranets.
It is required that the office locations of the same enterprise communicate with each other. The
two enterprises, however, are isolated from each other. Data transmission services of Enterprise
1 use the VLAN ID of the ISP as 10; video services of Enterprise 2 use the VLAN ID of the ISP
as 20. When the services of each enterprise are transmitted across the ISP network, the 802.1p
priority in the outer VLAN tag inherits that in the inner VLAN tag.

Configuration Roadmap
The configuration roadmap is as follows:
Create VLAN 10 and VLAN 20 on S-switch-A and S-switch-B.
Configure selective QinQ on GigabitEthernet 0/0/1 and GigabitEthernet 0/0/3 of S-switch-
A, GigabitEthernet 0/0/1 and GigabitEthernet 0/0/2 of S-switch-B to enable the interfaces
to add the outer VLAN tags to frames from a specified VLAN.
Add GigabitEthernet 0/0/1 of S-switch-A and GigabitEthernet 0/0/2 of S-switch-B to
VLAN 10 in tagged mode; add GigabitEthernet 0/0/3 of S-switch-A and GigabitEthernet
0/0/1 of S-switch-B to VLAN 20 in tagged mode.
Add GigabitEthernet 0/0/2 of S-switch-A and GigabitEthernet 0/0/3 of S-switch-B to
VLAN 10 and VLAN 20 in tagged mode.
Configure VLAN stacking based on the 802.1p priority to transmit different services.

Configuration Procedure
1. Create VLANs.
# Create VLAN 10, and VLAN 20 on S-switch-A.
<S-switch-A> system-view
[S-switch-A] vlan batch 10 20
# Create VLAN 10 and VLAN 20 on S-switch-B.
<S-switch-B> system-view
[S-switch-B] vlan batch 10 20
2. Configure selective QinQ on interfaces to enable the inbound interfaces to add the outer
tags to frames from a specified VLAN. The priority of the inner VLAN is inherited.
# Configure GigabitGigabitEthernet 0/0/1 of S-switch-A.
[S-switch-A] interface GigabitGigabitEthernet 0/0/1
[S-switch-A-GigabitEthernet0/0/1] qinq vlan-translation enable
[S-switch-A-GigabitEthernet0/0/1] trust 8021p
[S-switch-A-GigabitEthernet0/0/1] port vlan-stacking vlan 100 to 400 push vlan
10 priority-inherit
[S-switch-A-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[S-switch-A-GigabitEthernet0/0/1] quit
# Configure GigabitEthernet 0/0/3 of S-switch-A.
[S-switch-A] interface gigabitethernet 0/0/3
[S-switch-A-GigabitEthernet0/0/3] qinq vlan-translation enable
[S-switch-A-GigabitEthernet0/0/3] trust 8021p
[S-switch-A-GigabitEthernet0/0/3] port vlan-stacking vlan 200 to 500 push vlan
20 priority-inherit
[S-switch-A-GigabitEthernet0/0/3] port hybrid untagged vlan 20
[S-switch-A-GigabitEthernet0/0/3] quit
# Configure GigabitEthernet 0/0/1 of S-switch-B.
[S-switch-B] interface GigabitEthernet 0/0/1
[S-switch-B-GigabitEthernet0/0/1] qinq vlan-translation enable
[S-switch-B-GigabitEthernet0/0/1] trust 8021p
[S-switch-B-GigabitEthernet0/0/1] port vlan-stacking vlan 200 to 500 push vlan
20 priority-inherit
[S-switch-B-GigabitEthernet0/0/1] port hybrid untagged vlan 20
[S-switch-B-GigabitEthernet0/0/1] quit
# Configure GigabitEthernet 0/0/2 of S-switch-B.
[S-switch-B] interface GigabitEthernet 0/0/2
[S-switch-B-GigabitEthernet0/0/2] qinq vlan-translation enable
[S-switch-B-GigabitEthernet0/0/2] trust 8021p
[S-switch-B-GigabitEthernet0/0/2] port vlan-stacking vlan 100 to 400 push vlan
10 priority-inherit
[S-switch-B-GigabitEthernet0/0/2] port hybrid untagged vlan 10
[S-switch-B-GigabitEthernet0/0/2] quit
3. Configure other interfaces.
# Add GigabitEthernet 0/0/2 to VLAN 10 and VLAN 20 on S-switch-A.
[S-switch-A] interface GigabitEthernet 0/0/2
[S-switch-A-GigabitEthernet0/0/2] trust 8021p
[S-switch-A-GigabitEthernet0/0/2] port trunk allow-pass vlan 10 20
[S-switch-A-GigabitEthernet0/0/2] quit
# Add GigabitEthernet 0/0/3 to VLAN 10 and VLAN 20 on S-switch-B.
[S-switch-B] interface gigabitethernet 0/0/3
[S-switch-B-GigabitEthernet0/0/3] trust 8021p
[S-switch-B-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 20
[S-switch-B-GigabitEthernet0/0/3] quit
4. Verify the configuration.
From a host in one office location of Enterprise 1, ping a remote host in the same VLAN
in another office location of Enterprise 1. If it can ping through the remote host, hosts in
different locations of Enterprise 1 can communicate with each other.
From a host in one office location of Enterprise 2, ping a remote host in the same VLAN
in another office location of Enterprise 2. If it can ping through the remote host, hosts in
different locations of Enterprise 2 can communicate with each other.
From a host in any office location of Enterprise 1, ping a host of Enterprise 2. If it fails to
ping through the host of Enterprise 2, this means that the two enterprises are isolated from
each other.

VLAN MAPING

This section describes how to configure VLAN mapping.


1. Creating an S-VLAN and a C-VLAN
2. Configuring the Type of an Interface Type as Hybrid
3. Adding Interfaces to an S-VLAN
4. Adding Interfaces to a C-VLAN
5. Enabling Selective QinQ on an Interface
6. (Optional) Configuring an Interface to Trust the 802.1p Priorities Carried in Packets
7. Configuring VLAN Mapping
8. Checking the Configuration

1. Creating an S-VLAN and a C-VLAN

Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the vlan batch { vlan-id1 [ to vlan-id2 ] }&<1-10> command to
create S-VLANs in batches.
Step 3 Run the vlan batch { vlan-id1 [ to vlan-id2 ] }&<1-10> command to
create C-VLANs in batches.

Create VLAN 100, VLAN 101, and VLAN 102 on S-switch-A.


<Quidway> system-view
[Quidway] sysname S-switch-A
[S-switch-A] vlan batch 100 to 102
2. Configuring the Type of an Interface Type as
Hybrid
Context
Do as follows on the S-switch that needs to be configured with VLAN mapping.
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the interface interface-type interface-number command to enter the view
of the interface
at the customer side.
Step 3 Run the port link-type hybrid command to configure the type of the interface as
Hybrid.
By default, the type of the interface is hybrid.

3. Adding Interfaces to an S-VLAN


Context
Do as follows on the S-switch that needs to be configured with VLAN mapping.
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the interface interface-type interface-number command to enter the view
of the interface at the customer side.
Step 3 Run the port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> |
all } command to
add the interface at the customer side to the S-VLAN.
Step 4 Run the quit command to exit from the view of the interface at the customer side.
Step 5 Run the interface interface-type interface-number command to enter the view
of the interface at the network side.

[S-switch-A] interface GigabitEthernet 0/0/3


[S-switch-A-GigabitEthernet0/0/3] port link-type hybrid
[S-switch-A-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 to
102
[S-switch-A-GigabitEthernet0/0/3] quit

4. Adding Interfaces to a C-VLAN


Context
Do as follows on the S-switch that needs to be configured with VLAN mapping.
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the interface interface-type interface-number command to enter the view
of the interface at the customer side.
Step 3 Run the port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> |
all } command to add the interface at the customer side to the C-VLAN.

[S-switch-A] interface gigabitethernet 0/0/3


[S-switch-A-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 to
12
[S-switch-A-GigabitEthernet0/0/3] quit
5. Enabling Selective QinQ on an Interface
Context
Do as follows on the S-switch that needs to be configured with VLAN mapping.
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the interface interface-type interface-number command to enter the view
of the interface
at the customer side.
Step 3 Run the qinq vlan-translation enable command to enable selective QinQ on the
interface.
By default, selective QinQ is disabled on the interface.

[S-switch-A] interface GigabitEthernet 0/0/3


[S-switch-A-GigabitEthernet0/0/3] qinq vlan-translation enable

7. Configuring VLAN Mapping


Context
Do as follows on the S-switch that needs to be configured with VLAN mapping.
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the interface interface-type interface-number command to enter the view
of the interface
at the customer side.
Step 3 Run the port vlan-mapping external-vlan vlan-id1 [ to vlan-id2 ] map-
external-vlan vlanid3
{ priority-inherit | remark-8021p priority } command to configure VLAN mapping and
set up the mapping between C-VLANs and S-VLANs.
l vlan-id1 specifies the start C-VLAN ID to be replaced.
l vlan-id2 specifies the end C-VLAN ID to be replaced.
l vlan-id3 specifies the S-VLAN ID.

[S-switch-A-GigabitEthernet0/0/3] port vlan-mapping external-vlan


10 mapexternal-vlan 100 priority-inherit

8. Checking the Configuration


display current-configuration interface interface-type interface-number

[S-switch-A] display current-configuration interface


GigabitEthernet 0/0/3
Networking Requirements
The home users are connected to the S-switch through home gateways.
The home users, therefore, can access the network of the provider. The home users require one or
more types of voice telephony, Internet, BTV, and VoD services. The services need to be isolated
through VLANs. To save VLAN resources, services of the same type are transmitted in the same
VLAN in the networks of providers.

Configuration Roadmap
The configuration roadmap is as follows:
1. Create S-VLANs on S-switch-A and S-swtich-B and configure interfaces at the provider
side and the customer side to permit packets from the S-VLANs to pass through.
2. Create C-VLANs on S-switch-A and S-swtich-B.
3. Configure VLAN mapping on the interfaces through which S-switch-A and S-swtich-B are
connected to customers.

Configuration Procedure
The following presents only the configurations on the S-switch. For the configurations on other
devices, refer to corresponding manuals.
1. Create S-VLANs.
# Create VLAN 100, VLAN 101, and VLAN 102 on S-switch-A.
<Quidway> system-view
[Quidway] sysname S-switch-A
[S-switch-A] vlan batch 100 to 102
# Create VLAN 100 and VLAN 101 on S-switch-B.
<Quidway> system-view
[Quidway] sysname S-switch-B
[S-switch-B] vlan batch 100 101
2. Configure interfaces at the provider side to permit packets from the VLANs to pass through.
# Configure GE 0/0/1 and GE 0/0/2 on S-switch-A to permit packets from VLAN 100,
VLAN 101, and VLAN 102 to pass through.
[S-switch-A] interface gigabitethernet 0/0/1
[S-switch-A-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 to 102
[S-switch-A-GigabitEthernet0/0/1] quit
[S-switch-A] interface gigabitethernet 0/0/2
[S-switch-A-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 to 102
[S-switch-A-GigabitEthernet0/0/2] quit
# Configure GE 0/0/1 and GE 0/0/2 on S-switch-B to permit packets from VLAN 100 to
VLAN 101 to pass through.
The configurations on S-switch-B are similar to that of S-switch-A, and are not mentioned
here.
3. Configure the type of the interface at the customer side to hybrid and configure the interface
to permit packets from the S-VLAN to pass through.
# Configure the type of GigabitEthernet 0/0/3 on S-switch-A as hybrid and configure the
interface to permit packets from VLAN 100, VLAN 101, and VLAN 102 to pass through.
[S-switch-A] interface GigabitEthernet 0/0/3
[S-switch-A-GigabitEthernet0/0/3] port link-type hybrid
[S-switch-A-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 to 102
[S-switch-A-GigabitEthernet0/0/3] quit
# Configure GigabitEthernet 0/0/3 on S-switch-B to permit packets from VLAN 100 to
VLAN 101 to pass through.
The configurations on S-switch-B are similar to that of S-switch-A, and are not mentioned
here.
4. Create C-VLANs, and configure the interface at the customer side to permit packets from
the C-VLAN to pass through.
# Create VLAN 10, VLAN 11, and VLAN 12 on S-switch-A.
[S-switch-A] vlan batch 10 to 12
# Configure GigabitEthernet 0/0/3 on S-switch-A to permit packets from VLAN 10 to
VLAN 12 to pass through.
[S-switch-A] interface gigabitethernet 0/0/3
[S-switch-A-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 to 12
[S-switch-A-GigabitEthernet0/0/3] quit
# Create VLAN 13, VLAN 14, and VLAN 15 on S-switch-B.
[S-switch-B] vlan batch 13 to 15
# Configure GigabitEthernet 0/0/3 on S-switch-B to permit packets from VLAN 13 to
VLAN 15 to pass through.
[S-switch-B] interface gigabitethernet 0/0/3
[S-switch-B-GigabitEthernet0/0/3] port trunk allow-pass vlan 13 to 15
[S-switch-B-GigabitEthernet0/0/3] quit
5. Configure VLAN mapping on the interface at the customer side.
# Enabling selective QinQ on the interface at the customer side on S-switch-A.
[S-switch-A] interface GigabitEthernet 0/0/3
[S-switch-A-GigabitEthernet0/0/3] qinq vlan-translation enable
# Configure the interface at the customer side of S-switch-A to trust the 802.1p priorities
carried in packets.
[S-switch-A-GigabitEthernet0/0/3] trust 8021p
# Configure VLAN mapping on the interface at the customer side of S-switch-A.
[S-switch-A-GigabitEthernet0/0/3] port vlan-mapping external-vlan 10
mapexternal-
vlan 100 priority-inherit
[S-switch-A-GigabitEthernet0/0/3] port vlan-mapping external-vlan 11
mapexternal-
vlan 101 priority-inherit
[S-switch-A-GigabitEthernet0/0/3] port vlan-mapping external-vlan 12
mapexternal-
vlan 102 priority-inherit
# Enabling selective QinQ on the interfaces at the customer side of S-switch-B.
[S-switch-B] interface GigabitEthernet 0/0/3
[S-switch-B-GigabitEthernet0/0/3] qinq vlan-translation enable
# Configure the interface at the customer side of S-switch-B to trust the 802.1p priorities
carried in packets.
[S-switch-B-GigabitEthernet0/0/3] trust 8021p
# Configure VLAN mapping on the interface at the customer side of S-switch-B.
[S-switch-B-GigabitEthernet0/0/3] port vlan-mapping external-vlan 13 to 14
mapexternal-
vlan 100 priority-inherit
[S-switch-B-GigabitEthernet0/0/3] port vlan-mapping external-vlan 15
mapexternal-
vlan 101 priority-inherit
6. Verify the configuration.
# Run the display current-configuration interface command in the system view to check
the VLAN mapping configuration. Take the display on S-switch-A as an example.
[S-switch-A] display current-configuration interface GigabitEthernet 0/0/3

BPDU Tunneling

1. Enabling STP and Enabling the BPDU


Function on CEs
Context
Do as follows on the CEs.
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the stp enable command to enable STP.
Step 3 Run the interface interface-type interface-number command to enter the CE
interface at the
network side view.
Step 4 Run the bpdu enable command to enable the CE interface at the network side to
process BPDUs.

<Quidway> system-view
[Quidway] sysname CE-A
[CE-A] stp enable
[CE-A] interface gigabitethernet 0/0/1
[CE-A-GigabitEthernet0/0/1] bpdu enable
----------------------------------------------------------------------------------------------------------

2. Configuring the Provider Mode for UPEs


Context
Do as follows on the UPEs.
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the bpdu-tunnel stp bridge role provider command to configure the
provider mode.
NOTE
The destination MAC address of BPDUs is fixed and does not vary with devices.
When a UPE runs in provider mode, it transmits only STP BPDUs with MAC address 01-80-c2-00-00-08.
When a UPE runs in customer mode, it transmits only STP BPDUs with MAC address 01-80-c2-00-00-00.
By default, S-switch is in customer mode.

<Quidway> system-view
[Quidway] sysname UPE-B
[UPE-A] bpdu-tunnel stp bridge role provider

3. Enabling UPEs to Process BPDUs

Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the interface interface-type interface-number command to enter the
interface view.
Step 3 Run the bpdu enable command to enable the UPE interface at the CE side to process
BPDUs.

<UPE-B> system-view
[UPE-B] interface GigabitEthernet 0/0/1
[UPE-B-GigabitEthernet0/0/1] bpdu enable

4. Checking the Configuration


[UPE-B] Display bpdu-tunnel global config
Voice VLANs

1. Configuring Voice VLANs of the Automatic Mode

Networking Requirements
Voice over IP (VoIP) services access GE 0/0/1 on the S-switch. It is required that this interface should
be added to or deleted from the voice VLAN automatically and voice flows should be transmitted
through the voice VLAN.

Configuration Procedure
1. Create VLAN 2 and VLAN 6.
<S-switch> system-view
[S-switch] vlan batch 2 6
2. Set the OUI to 0011-2200-0000; set the mask to ffff-ff00-0000; set the description to
huawei.
[S-switch] voice-vlan mac-address 0011-2200-0000 mask ffff-ff00-0000
description huawei
3. Enable the security mode in the voice VLAN.
[S-switch] voice-vlan security enable
4. Set the aging time of the voice VLAN to 100 minutes.
[S-switch] voice-vlan aging-time 100
5. Enable voice VLAN 2 globally.
[S-switch] voice-vlan 2 enable
6. Set the type of GE 0/0/1 to hybrid.
[S-switch] interface gigabitethernet 0/0/1
[S-switch-GigabitEthernet0/0/1] port link-type hybrid
7. Set the default VLAN of GE 0/0/1 to VLAN 6.
[S-switch-GigabitEthernet0/0/1] port default vlan 6
8. Enable the voice VLAN function on GE 0/0/1.
[S-switch-GigabitEthernet0/0/1] voice-vlan enable
9. Configure the voice VLAN to work in automatic mode.
[S-switch-GigabitEthernet0/0/1] voice-vlan mode auto
10. Verify the configuration.
Run the display voice-vlan oui command. You can view whether the identifiable OUIs of
the voice VLAN are correctly configured.
<Quidway> display voice-vlan oui
---------------------------------------------------
OuiAddress Mask Description
---------------------------------------------------
0001-e300-0000 ffff-ff00-0000 Simens phone
0003-6b00-0000 ffff-ff00-0000 Cisco phone
0004-0d00-0000 ffff-ff00-0000 Avaya phone
0060-b900-0000 ffff-ff00-0000 Philips/NEC phone
00d0-1e00-0000 ffff-ff00-0000 Pingtel phone
00e0-7500-0000 ffff-ff00-0000 Polycom phone
00e0-bb00-0000 ffff-ff00-0000 3come phone
0011-2200-0000 ffff-ff00-0000 huawei
Run the display voice-vlan status command. You can view whether the working mode,
security mode, and aging time of the voice VLAN are correctly configured.
<Quidway> display voice-vlan statusVoice VLAN Configurations:
-----------------------------------------
Voice VLAN status : Enable
Voice VLAN ID : 2
Voice VLAN security mode : Security
Voice VLAN aging time : 100
-----------------------------------------
Port Information:
-----------------------------------------
Port Mode
-----------------------------------------
GigabitEthernet0/0/1 Auto

2. Configuring Voice VLANs of the Manual Mode

Networking Requirements
VoIP services access GE 0/0/1 on the S-switch. It is required that this
interface should be added to or deleted from the voice VLAN manually and voice flows should
be transmitted through the voice VLAN.

Configuration Procedure
1. # Create VLAN 2.
<S-switch> system-view
[S-switch] vlan 2
[S-switch-vlan2] quit
2. Enable the security mode in the voice VLAN.
[S-switch] voice-vlan security enable
3. Set the OUI to 0011-2200-0000; set the mask to ffff-ff00-0000; set the description to
huawei.
[S-switch] voice-vlan mac-address 0011-2200-0000 mask ffff-ff00-0000
description huawei
4. Enable voice VLAN 2 globally.
[S-switch] voice-vlan 2 enable
5. Configure the voice VLAN to work in manual mode.
[S-switch-GigabitEthernet0/0/1] undo voice-vlan mode auto
6. Set the type of GE 0/0/1 to hybrid.
[S-switch] interface gigabitethernet 0/0/1
[S-switch-GigabitEthernet0/0/1] port link-type hybrid
7. Set the voice VLAN as the default VLAN of GE 0/0/1.
[S-switch-GigabitEthernet0/0/1] port default vlan 2
8. Enable the voice VLAN function on GE 0/0/1.
[S-switch-GigabitEthernet0/0/1] voice-vlan enable
9. Verify the configuration.
Run the display voice-vlan oui command. You can view whether the other identifiable
OUIs of the voice VLAN are correctly configured.
<Quidway> display voice-vlan oui
---------------------------------------------------
OuiAddress Mask Description
---------------------------------------------------
0001-e300-0000 ffff-ff00-0000 Simens phone
0003-6b00-0000 ffff-ff00-0000 Cisco phone
0004-0d00-0000 ffff-ff00-0000 Avaya phone
0060-b900-0000 ffff-ff00-0000 Philips/NEC phone
00d0-1e00-0000 ffff-ff00-0000 Pingtel phone
00e0-7500-0000 ffff-ff00-0000 Polycom phone
00e0-bb00-0000 ffff-ff00-0000 3come phone
0011-2200-0000 ffff-ff00-0000 huawei
Run the display voice-vlan status command. You can view whether the working mode,
security mode, and aging time of the voice VLAN are correctly configured.
<Quidway> display voice-vlan status
Voice VLAN Configurations:
-----------------------------------------
Voice VLAN status : Enable
Voice VLAN ID : 2
Voice VLAN security mode : Security
Voice VLAN aging time : 1440
-----------------------------------------
Port Information:
-----------------------------------------
Port Mode
-----------------------------------------
GigabitEthernet0/0/1 Manual
IGMP Snooping Configuration

1. Enabling IGMP Snooping on the S-switch

Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
igmp-snooping enable
IGMP snooping is enabled on the S-switch.
By default, IGMP snooping is disabled on the S-switch.

2. Enabling IGMP Snooping in a VLAN

Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
vlan vlan-id
The VLAN view is displayed.
Step 3 Run:
igmp-snooping enable
IGMP snooping is enabled in a VLAN.
By default, IGMP snooping in a VLAN is disabled even if IGMP snooping is enabled on the Sswitch.

3. Configuring a Multicast Policy in a VLAN

Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl acl-number
A ACL is created and the ACL view is displayed.
The value of acl-number ranges from 2000 to 3999.
Step 3 Add ACL rules.
l Run the rule [ rule-id ] { deny | permit } [ fragment | source { source-address
sourcewildcard
| any } | time-range time-name | logging ] * command to create a basic ACL rule.

4.Configuring a Multicast Policy

Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
vlan vlan-id
The VLAN view is displayed.
Step 3 Run:
igmp-snooping group-policy acl-number [ version ]
A VLAN multicast policy is configured.
or Run the following command in the interface view:
igmp-snooping group-policy acl-number vlan vlan-id [ version ]
A interface multicast policy is configured.
By default, no multicast policy is available. That is, hosts in a VLAN can join any
multicast group.

5. Enabling the S-switch to Discard Unknown


Multicast Packets
on the Multicast Source Interface

Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
vlan vlan-id
The VLAN view is displayed.
Step 3 Run:
multicast drop-unknown
The S-switch is enabled to discard unknown multicast packets from a VLAN.

6.Checking the Configuration

Check the configuration of IGMP snooping in a VLAN.

display igmp-snooping [ vlan vlan-id ] configuration

Check information about the outbound interface of a multicast group.

display igmp-snooping port-info [ vlan vlan-id [ group group-address [


source-address sourceaddress] ] ] [ verbose ]
Networking Requirements
Host 3, Host 4, and Host 5 are all in VLAN 3. All these three hosts are allowed to receive data only
from the multicast groups 225.0.0.1 to 225.0.0.10.
Configuration Roadmap
The configuration roadmap is as follows:
l Create VLAN 3 on the S-switch A and add Gigabitethernet 0/0/5 and Gigabitethernet 0/0/6
to VLAN 3.
l Enable IGMP snooping on the S-switch A.
l Configure multicast policies of VLAN 3 on the S-switch A.
l Enable IGMP snooping of VLAN 3 on the S-switch A.
l Enable the S-switch A to discard unknown multicast packets on a router interface.

Configuration Procedure
1. Configure a VLAN.
# Create VLAN 3 on the S-switch A.
[S-switch A] vlan 3
# Add Gigabitethernet 0/0/5 and Gigabitethernet 0/0/6 to VLAN 3.
[S-switch A-vlan3] port Gigabitethernet 0/0/5 to 0/0/6
[S-switch A-vlan3] quit
2. Enable IGMP snooping on the switch A.
[S-switch A] igmp-snooping enable
3. Configure multicast policies of VLAN 3.
# Create an ACL.
[S-switch A] acl 2000
[S-switch A-acl-basic-2000] rule permit source 225.0.0.0 0.0.0.7
[S-switch A-acl-basic-2000] rule permit source 225.0.0.8 0
[S-switch A-acl-basic-2000] rule permit source 225.0.0.9 0
[S-switch A-acl-basic-2000] rule permit source 225.0.0.10 0
[S-switch A-acl-basic-2000] quit
# Configure multicast policies.
[S-switch A] vlan 3
[S-switch A-vlan3] igmp-snooping group-policy 2000
4. Enable IGMP snooping of VLAN 3.
[S-switch A-vlan3] igmp-snooping enable
5. Enable the S-switch A to discard unknown multicast packets on a router interface.
[S-switch A-vlan3] multicast drop-unknown
6. Verify the configuration.
# Verify that Host 3, Host 4, and Host 5 can join the multicast groups with the group
addresses from 225.0.0.1 to 225.0.0.10.
Send IGMP Report messages from Host 3, Host 4, or Host 5 to the multicast group
225.0.0.2. Then, run the display igmp-snooping port-info command on the S-switch to
view information about the outbound interface of the multicast group.
[Quidway-vlan3] display igmp-snooping port-info
Group GrpExist PortTotal HostNum PortList Flag
IGMP Snooping Group Port Information on Vlan 3 (Total 1 Groups)
225.0.0.2 00:05:06 1 1 Gigabitethernet0/0/5 Dyn
The preceding output shows that Gigabitethernet 0/0/5 joins the multicast group 225.0.0.2.
# Verify that Host 3, Host 4, and Host 5 can join only the multicast groups that are in the
range of 225.0.0.1 to 225.0.0.10.
Send IGMP Report messages from Host 3, Host 4, or Host 5 to the multicast group
225.0.0.15. Then, run the display igmp-snooping port-info command on the S-switch to
view information about the outbound interface of the multicast group.
[Quidway-vlan3] display igmp-snooping port-info
Group GrpExist PortTotal HostNum PortList Flag
IGMP Snooping Group Port Information on Vlan 3 (Total 1 Groups)
225.0.0.2 00:05:06 1 1 Gigabitethernet0/0/5 Dyn
The preceding output does not contain information about the outbound interface of the
multicast group at 225.0.0.15. This indicates that no interface joins the multicast group.
That is, Gigabitethernet 0/0/5 does not join the multicast group at 225.0.0.15.

Configuring 802.1X

Procedure
Step 1 Create a VLANIF interface and assign an IP address to it on the S-switch.
<Quidway> system-view
[Quidway] vlan 10
[Quidway-vlan10] port gigabitethernet 0/0/1
[Quidway-vlan10] quit
[Quidway-vlan10] interface vlanif 10
[Quidway-Vlanif10] ip address 10.10.1.1 255.255.255.0
[Quidway-Vlanif10] quit
[Quidway] vlan 100
[Quidway-vlan100] port gigabitethernet 0/0/2
[Quidway-vlan100] port gigabitethernet 0/0/3
[Quidway-vlan100] interface vlanif 100
[Quidway-Vlanif100] ip address 192.168.0.1 255.255.255.0
[Quidway-Vlanif100] quit
Step 2 Create a local access user, and configure the user name and password for the user.
<Quidway> system-view
[Quidway] aaa
[Quidway-aaa] local-user localuser@test password simple localpass
[Quidway-aaa] local-user localuser@test service-type ppp
Step 3 Configure the domain for local authentication.
[Quidway-aaa] authentication-scheme test
[Quidway-aaa-authen-test] authentication-mode local
[Quidway-aaa-authen-test] quit
[Quidway-aaa] authorization-scheme test
[Quidway-aaa-author-test] authorization-mode none
[Quidway-aaa-author-test] quit
[Quidway-aaa] domain test
[Quidway-aaa-domain-test] authentication-scheme test
[Quidway-aaa-domain-test] authorization-scheme test
[Quidway-aaa-domain-test] quit
Step 4 Configure the domain for RADIUS authentication.
<Quidway> system-view
[Quidway] radius-server template account
[Quidway-radius-account] radius-server authentication 192.168.0.10 1000
[Quidway-radius-account] radius-server accounting 192.168.0.10 1001
[Quidway-radius-account] radius-server shared-key 3300
Step 5 Create a RADIUS scheme.
[Quidway-aaa] authentication-scheme server
[Quidway-aaa-authen-server] authentication-mode radius
[Quidway-aaa-authen-server] quit
[Quidway-aaa] accounting-scheme account
[Quidway-aaa-accounting-account] accounting-mode radius
[Quidway-aaa-accounting-account] quit
[Quidway-aaa] domain remote
[Quidway-aaa-domain-remote] authentication-scheme server
[Quidway-aaa-domain-remote] accounting-scheme account
[Quidway-aaa-domain-remote] radius-server account
Step 6 Enable 802.1X authentication on GigabitEthernet 0/0/1.
[Quidway] interface gigabitethernet 0/0/1
[QuidwayGigabitEthernet0/0/1] dot1x max-user 1
[QuidwayGigabitEthernet0/0/1] dot1x
[QuidwayGigabitEthernet0/0/1] quit
Step 7 Enable 802.1X authentication globally.
[Quidway] dot1x
Step 8 Check the configuration.
[Quidway] display dot1x interface gigabitethernet 0/0/1
GigabitEthernet0/0/1 current state : UP
802.1x protocol is Enabled
The port is an authenticator
Port control type is Auto
Authentication method is MAC-based
Reauthentication is disabled
Max online user is 1
Current online user is 1
Guest VLAN is disabled
Dynamic VLAN: 4000 Alias: VLAN 4000
Authentication Success: 2 Failure: 0
EAPOL Packets: TX : 45 RX : 26
Sent EAPOL Request/Identity Packets : 21
EAPOL Request/Challenge Packets : 2
Multicast Trigger Packets : 0
DHCP Trigger Packets : 0
EAPOL Success Packets : 21
EAPOL Failure Packets : 1
Received EAPOL Start Packets : 2
EAPOL LogOff Packets : 1
EAPOL Response/Identity Packets : 21
EAPOL Response/Challenge Packets: 2
Index MAC/VLAN UserOnlineTime UserName
12 0001-0001-0002/4000 2008-01-01 08:20:35 localuser@test
Controlled User(s) amount to 1

Configuring MAC Address Authentication

Step 1 Add a local access user to an S-switch, and configure the username and password for the
user.
<Quidway> system-view
[Quidway] aaa
[Quidway-aaa] local-user huawei@default password simple huawei
[Quidway-aaa] local-user huawei@default service-type ppp
[Quidway-aaa] authorization-scheme default
[Quidway-aaa-author-default] authorization-mode none
[Quidway-aaa-author-default] quit
[Quidway-aaa] quit
Step 2 Configure MAC address authentication on GigabitEthernet 0/0/1 and configure default
VLAN.
[Quidway] vlan batch 10
[Quidway-aaa] interface gigabitethernet 0/0/1
[QuidwayGigabitEthernet0/0/1] port default vlan 10
[QuidwayGigabitEthernet0/0/1] mac-authen
[QuidwayGigabitEthernet0/0/1] quit
Step 3 Adopt a fixed username for MAC address authentication.
[Quidway] mac-authen username fixed
[Quidway] mac-authen username huawei@default
[Quidway] mac-authen password huawei
Step 4 Enable global MAC address authentication.
[Quidway] mac-authen
[Quidway] quit

Configuring MFF

Networking Requirements
All user hosts obtain IP addresses dynamically through the DHCP server. It is required that all user
hosts should be interconnected through the AR.

Configuration Procedure
1. Configure DHCP snooping.
# Configure DHCP snooping globally on S-switch-A.
[S-switch-A] dhcp snooping enable
# Configure DHCP snooping in a VLAN on S-switch-A.
[S-switch-A] vlan 2
[S-switch-A-Vlan2] dhcp snooping enable
# Configure GigabitEthernet 0/0/4 as the trusted interface on S-switch-A.
[S-switch-A-vlan2] dhcp snooping trusted interface gigabitethernet0/0/4
[S-switch-A-vlan2] quit
# Configure DHCP snooping globally on S-switch-B.
[S-switch-B] dhcp snooping enable
# Configure DHCP snooping in a VLAN on S-switch-B.
[S-switch-B] vlan 2
[S-switch-B-vlan2] dhcp snooping enable
# Configure GigabitEthernet 0/0/1 as the trusted interface on S-switch-B.
[S-switch-B-vlan2] dhcp snooping trusted interface gigabitethernet0/0/1
[S-switch-B-vlan2] quit
2. Enable MFF globally.
# Enable MFF globally on S-switch-A.
[S-switch-A] mac-forced-forwarding enable
# Enable MFF globally on S-switch-B.
[S-switch-B] mac-forced-forwarding enable
3. Configure MFF network interfaces.
# Configure GigabitEthernet 0/0/4 as the MFF network interface on S-switch-A.
[S-switch-A] interface gigabitethernet0/0/4
[S-switch-A-GigabitEthernet0/0/4] mac-forced-forwarding network-port

Smart Link Configuration

1. Creating a Smart Link Group and Enabling Smart


Link

Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
smart-link group group-id
A Smart Link group is created and the view of the Smart Link group is displayed.
The S-switch supports a maximum of 16 Smart Link groups.
Step 3 Run:
smart-link enable
Functions of the Smart Link group is enabled.

2. Configuring the Master and Slave Interfaces of


the Smart Link Group
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
smart-link group group-id
The view of the Smart Link group is displayed.
Step 3 Repeatedly run:
port interface-type interface-number { master | slave }
Two interfaces are added to the Smart Link group and the interfaces are specified as the
master and slave interfaces.
A Smart Link group consists of a master interface and a slave interface. By default, there
is no interface in a Smart Link group.

3. Checking the Configuration

Check information about the status of the Smart Link group.

display smart-link group { all | group-id }

Configuring Load Balancing on a Smart Link


Instance

Networking requirements are as follows:


On S-switch-C, packets with VLAN IDs as 1 to 100 pass through S-switch-B and S-switch-
D and are dual-homed to S-switch-A. Load balancing is implemented and packets with
VLAN IDs as 1 to 100 are dual-homed to S-switch-A through different links.
On S-switch-C, the flexible backup of dual uplinks is implemented. The mapping between
a Smart Link instance and VLAN 1 to VLAN 100 is configured. Then, the Smart Link
instance locks inactive interfaces in the Smart Link group and load balancing on the Smart
Link instance is implemented.
Smart Link group 1 sends and receives Flush packets in VLAN 10.

Configuration Procedure
1. Create the same control VLAN on S-switch-A, S-switch-B, S-switch-C, and S-switch-D,
and then add uplink interfaces to the VLAN.
The configuration details are not mentioned here. For details of the configuration, refer to
the chapter "VLAN Configuration" in the Quidway S5300EI Series Ethernet Switches
Configuration Guide Ethernet.
2. Disable STP on interfaces and configure interfaces to permit packets with VLAN IDs as 1
to 100 to pass through.
# Configure S-switch-C.
<S-switch-C> system-view
[S-switch-C] vlan batch 1 to 100
[S-switch-C] interface gigabitethernet 0/0/1
[S-switch-C-GigabitEthernet0/0/1] stp disable
[S-switch-C-GigabitEthernet0/0/1] port trunk allow-pass vlan 1 to 100
[S-switch-C-GigabitEthernet0/0/1] interface gigabitethernet 0/0/2
[S-switch-C-GigabitEthernet0/0/2] stp disable
[S-switch-C-GigabitEthernet0/0/2] port trunk allow-pass vlan 1 to 100
[S-switch-C-GigabitEthernet0/0/2] quit
# Configure S-switch-B.
<S-switch-B> system-view
[S-switch-B] vlan batch 1 to 100
[S-switch-B] interface gigabitethernet 0/0/1
[S-switch-B-GigabitEthernet0/0/1] port trunk allow-pass vlan 1 to 100
[S-switch-B-GigabitEthernet0/0/1] interface gigabitethernet 0/0/2
[S-switch-B-GigabitEthernet0/0/2] port trunk allow-pass vlan 1 to 100
[S-switch-B-GigabitEthernet0/0/2] quit
# Configure S-switch-A and S-switch-D. The configurations on S-switch-A and S-switch-
D are the same as the configuration on S-switch-B.
3. Set the mapping between Smart Link instance 1 and VLAN 1 to VLAN 100.

[S-switch-C] smart-link instance 1 vlan 1 to 100


4. Create a Smart Link group.
[S-switch-C] smart-link group 1
5. Configure load balancing on a Smart Link instance.
[S-switch-C-smlk-group1] load-balance instance 1 slave
6. Enable the functions of the Smart Link group.
[S-switch-C-smlk-group1] smart-link enable
7. Add uplink interfaces to a Smart Link group as the master interface and the slave interface.
[S-switch-C-smlk-group1] port gigabitethernet 0/0/1 master
[S-switch-C-smlk-group1] port gigabitethernet 0/0/2 slave

Enable the sending of Flush packets.


[S-switch-C-smlk-group1] flush send control-vlan 10 password simple 123
9. Enable the receiving of Flush packets.
# Configure S-switch-B.
<S-switch-B> system-view
[S-switch-B] interface gigabitethernet 0/0/1
[S-switch-B-GigabitEthernet0/0/1] smart-link flush receive control-vlan 10
password simple 123
[S-switch-B-GigabitEthernet0/0/1] interface gigabitethernet 0/0/2
[S-switch-B-GigabitEthernet0/0/2] smart-link flush receive control-vlan 10
password simple 123
# Configure S-switch-A and S-switch-D. The configurations on S-switch-A and S-switch-
D are the same as the configuration on S-switch-B.
10. Verify the configuration.
# Run the display smart-link group command to view information about the Smart Link
group on S-switch-C. If the following information is displayed, the configuration succeeds.
l The functions of the Smart Link group are enabled.
l The control VLAN ID is 10.
l GigabitEthernet 0/0/1 serves as the master interface, and GigabitEthernet 0/0/2 serves
as the slave interface.
<S-switch-A> display smart-link group 1
Smart link group 1 information:
Smart link group was enabled
Device ID: 00e0-fc00-0100 Control-vlan ID: 10
Member Role State Flush Count Last-Flush-Time
----------------------------------------------------------------------------
GigabitEthernet0/0/1 MASTER ACTVIE 0 2009/02/21
16:37:20
GigabitEthernet0/0/2 SLAVE INACTIVE 0 2009/02/21 14:45:56

Configuring VRRP in Master/Backup Mode

The requirements are as follows:


S-switch-A and S-switch-B form a VRRP backup group that serves as the default gateway
for Host B.
Normally, S-switch-A serves as the gateway. When S-switch-A fails, S-switch-B serves as
the gateway.
S-switch-A continues to function as the master S-switch- within 20 seconds after it recovers.

Configuration Procedure
1. Configure network interconnection between devices.
# Set the virtual IP address of the default gateway of Host A to 10.1.1.111 and that of the
default gateway of Host B to 20.1.1.1.
# Set the virtual IP address of the default gateway of Host A to 10.1.1.111 and that of the
default gateway of Host B to 20.1.1.1.
# Configure S-switch-A, S-switch-B, and S-switch-C to use OSPF for interconnection.
2. Configure VRRP.
# On S-switch-A, assign the IP address to the interface, create backup group 1 and set the
priority of S-switch-A in this group to 120 (as the master).
<S-switch-A> system-view
[S-switch-A] vlan 10
[S-switch-A-vlan10] port GigabitEthernet 0/0/1
[S-switch-A-vlan10] interface vlanif10
[S-switch-A-vlanif10] ip address 10.1.1.1 24
[S-switch-A-vlanif10] vrrp vrid 1 virtual-ip 10.1.1.111
[S-switch-A-vlanif10] vrrp vrid 1 priority 120
[S-switch-A-vlanif10] vrrp vrid 1 preempt-mode timer delay 20
[S-switch-A-vlanif10] quit
# On S-switch-B, assign the IP address to the interface, create backup group 1 and set the
priority of S-switch-B in this group to the default value (as the backup).
<S-switch-B> system-view
[S-switch-B] vlan 10
[S-switch-vlan10] port GigabitEthernet 0/0/1
[S-switch-B-vlan10] interface vlanif10
[S-switch-B-vlanif10] ip address 10.1.1.2 24
[S-switch-B-vlanif10] vrrp vrid 1 virtual-ip 10.1.1.111
[S-switch-B-vlanif10] quit
3. Verify the configuration.
l Check that the VRRP backup group can serve as a gateway.
After the previous configuration, Host A can ping through Host B.
Running the display vrrp command on S-switch-A, you can view that the status of Sswitch-
A is Master. Running the display vrrp command on S-switch-B, you can view
that the S-switch-B is Backup.
<S-switch-A> display vrrp
Vlanif10 | Virtual Router 1
state : Master
Virtual IP : 10.1.1.111
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 20
Timer : 1
Auth Type : NONE
Check TTL : YES
<S-switch-B> display vrrp
Vlanif10 | Virtual Router 1
state : Backup
Virtual IP : 10.1.1.111
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0
Timer : 1
Auth Type : NONE
Check TTL : YES
Quidway S5300EI Series Ethernet Switches
Configuration Guide - Availability 4 VRRP Configuration
Issue 03 (2009-05-11) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
4-19
Running the display ip routing-table command on S-switch-A and S-switch-B, you
can view a direct route with the destination address being the virtual IP address on Sswitch-
A, and an OSPF route to the same destination on S-switch-B.
The displays on S-switch-A and S-switch-B are as follows.
<S-switch-A> display ip routing-table
Route Flags: R - relied, D - download to fib
---------------------------------------------------------------------------
---
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10
10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
10.1.1.111/32 Direct 0 0 D 127.0.0.1 InLoopBack0
20.1.1.0/24 OSPF 10 2 D 192.168.1.2 Vlanif20
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/24 Direct 0 0 D 192.168.1.1 Vlanif20
192.168.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.2/32 Direct 0 0 D 192.168.1.2 Vlanif20
192.168.2.0/24 OSPF 10 2 D 10.1.1.2 Vlanif10
<S-switch-B> display ip routing-table
Route Flags: R - relied, D - download to fib
---------------------------------------------------------------------------
---
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif10
10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0
10.1.1.111/32 OSPF 10 2 D 10.1.1.1 Vlanif10
20.1.1.0/24 OSPF 10 2 D 192.168.2.2 Vlanif20
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/24 OSPF 10 2 D 10.1.1.1 Vlanif10
192.168.2.0/24 Direct 0 0 D 192.168.2.1 Vlanif20
192.168.2.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.2.2/32 Direct 0 0 D 192.168.2.2 Vlanif20
l Check whether Route B can become the master when S-switch-A fails.
To simulate the selection of the master when S-switch-A fails, run the shutdown
command on GE 0/0/1 on S-switch-A.
Running the display vrrp command on S-switch-B, you can view that S-switch-B is
Master. The command output is as follows:
<S-switch-B> display vrrp
Vlanif10 | Virtual Router 1
state : Master
Virtual IP : 10.1.1.111
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 100
Preempt : YES Delay Time : 0
Timer : 1
Auth Type : NONE
Check TTL : YES
l Check that S-switch-A can perform preemption after recovering.
Run the undo shutdown command on GE 0/0/1. On S-switch-A, run the display
vrrp command to view VRRP status 20 seconds after GE 0/0/1 becomes Up. You can
view that S-switch-A restores to be the master.
Configuring VRRP in Load Balancing Mode

The requirements are as follows:


S-switch-A serves as the master of group 1 and the backup of group 2.
l S-switch-B serves as the master of backup group 2 and the backup of group 1.
l Host A in the internal network takes backup group 1 as its gateway and Host C takes backup group 2
as its gateway to share the traffic and backup each other.

Configuration Procedure
1. Configure the network interconnection between devices.
# Set the virtual IP address of the default gateway of Host A to 10.1.1.111 in backup group
1, that of the default gateway of Host B to 20.1.1.1, and that of the default gateway of Host
C to 10.1.1.112 in backup group 2.
# Configure S-switch-A, S-switch-B, and S-switch-C to use OSPF for interconnection.
2. Configure VRRP.
# On S-switch-A, assign an IP address to the interface, create backup group 1, and set the
priority of S-switch-A in this group to 120 (as the master). Create backup group 2 and set
the priority of S-switch-A in this group to the default value 100 (as the backup).
<S-switch-A> system-view
[S-switch-A] vlan 10
[S-switch-A-vlan10] port GigabitEthernet 0/0/1
[S-switch-A-vlan10] interface vlanif10
[S-switch-A-vlanif10] ip address 10.1.1.1 24
[S-switch-A-vlanif10] vrrp vrid 1 virtual-ip 10.1.1.111
[S-switch-A-vlanif10] vrrp vrid 1 priority 120
[S-switch-A-vlanif10] vrrp vrid 2 virtual-ip 10.1.1.112
[S-switch-A-vlanif10] quit
# On S-switch-B, assign an IP address to the interface, create backup group 1 and set the
priority of S-switch-B in this group to the default value 100 (as the backup). Create backup
group 2, and set the priority of S-switch-B in this group to 120 (as the master).
<S-switch-B> system-view
[S-switch-B] vlan 10
[S-switch-B-vlan10] port GigabitEthernet 0/0/1
[S-switch-B-vlan10] interface vlanif10
[S-switch-B-vlanif10] ip address 10.1.1.2 24
[S-switch-B-vlanif10] vrrp vrid 1 virtual-ip 10.1.1.111
[S-switch-B-vlanif10] vrrp vrid 2 virtual-ip 10.1.1.112
[S-switch-B-vlanif10] vrrp vrid 2 priority 120
[S-switch-B-vlanif10] quit
3. Verify the configuration.
After the previous configuration, Host A and Host C in the network can ping through Host
B.
Tracert Host B from Host A and Host C. Packets from Host A to Host B pass through Sswitch-
A and S-switch-C. Packets from Host C to Host B pass through S-switch-A and Sswitch-
C. That is, load balancing is enabled on S-switch-A and S-switch-B to share the
internal traffic.
<HostA> tracert 20.1.1.100
traceroute to 20.1.1.100(20.1.1.100) 30 hops max,40 bytes packet
1 10.1.1.1 120 ms 50 ms 60 ms
2 192.168.1.2 100 ms 60 ms 60 ms
Quidway S5300EI Series Ethernet Switches
Configuration Guide - Availability 4 VRRP Configuration
Issue 03 (2009-05-11) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
4-23
3 20.1.1.100 130 ms 90 ms 90 ms
<HostC> tracert 20.1.1.100
traceroute to 20.1.1.100(20.1.1.100) 30 hops max,40 bytes packet
1 10.1.1.2 30 ms 60 ms 40 ms
2 192.168.2.2 90 ms 60 ms 60 ms
3 20.1.1.100 70 ms 60 ms 90 ms
Running the display vrrp command on S-switch-A, you can view that S-switch-A serves
as the master in backup group 1 and the backup in backup group 2.
<S-switch-A> display vrrp
vlanif10 | Virtual Router 1
state : Master
Virtual IP : 10.1.1.111
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 0
Timer : 1
Auth Type : NONE
Check TTL : YES
vlanif10 | Virtual Router 2
state : Backup
Virtual IP : 10.1.1.112
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0
Timer : 1
Auth Type : NONE

You might also like