Professional Documents
Culture Documents
Version: 3.01.01
ZTE CORPORATION
No. 55, Hi-tech Road South, ShenZhen, P.R.China
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
URL: http://ensupport.zte.com.cn
E-mail: support@zte.com.cn
LEGAL INFORMATION
Copyright 2013 ZTE CORPORATION.
The contents of this document are protected by copyright laws and international treaties. Any reproduction or
distribution of this document or any portion of this document, in any form by any means, without the prior written
consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by
contractual confidentiality obligations.
All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE
CORPORATION or of their respective owners.
This document is provided as is, and all express, implied, or statutory warranties, representations or conditions
are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose,
title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the
use of or reliance on the information contained herein.
ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications
covering the subject matter of this document. Except as expressly provided in any written license between ZTE
CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter
herein.
ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice.
Users may visit ZTE technical support website http://ensupport.zte.com.cn to inquire related information.
The ultimate right to interpret this product resides in ZTE CORPORATION.
Revision History
II
Figures............................................................................................................. I
Glossary ........................................................................................................ III
III
Intended Audience
This manual is intended for:
l Network planning engineer
l Debugging engineer
l Attendant
Chapter Summary
1, ARP Configuration Describes the ARP principle, and the configuration commands,
maintenance commands, and configuration examples of the ZXR10
8900E.
2, VLAN Configuration Describes the VLAN principle, and the configuration commands,
maintenance commands, configuration examples of the ZXR10 8900E.
4, PVLAN Configuration Describes the PVLAN principle, and the configuration commands,
maintenance commands, configuration examples of the ZXR10 8900E.
5, STP Configuration Describes the STP principle, and the configuration commands,
maintenance commands, configuration examples of the ZXR10 8900E.
6, LLDP Configuration Describes the LLDP principle, and the configuration commands,
maintenance commands, configuration examples of the ZXR10 8900E.
8, SVLAN Configuration Describes the SVLAN principle, and the configuration commands,
maintenance commands, configuration examples of the ZXR10 8900E.
9, ZESR Configuration Describes the ZESR principle, and the configuration commands,
maintenance commands, configuration examples of the ZXR10 8900E.
10, ZESS Configuration Describes the ZESS principle, and the configuration commands,
maintenance commands, configuration examples of the ZXR10 8900E.
11, ZESR+ Configuration Describes the ZESR+ principle, and the configuration commands,
maintenance commands, configuration examples of the ZXR10 8900E.
12, LinkGroup Describes the LinkGroup principle, and the configuration commands,
Configuration maintenance commands, configuration examples of the ZXR10 8900E.
13, L2PT Configuration Describes the L2PT principle, and the configuration commands,
maintenance commands, configuration examples of the ZXR10 8900E.
Conventions
This manual uses the following typographical conventions:
Typeface Meaning
Italics Variables in commands. It may also refer to other related manuals and documents.
Bold Menus, menu options, function names, input fields, option button names, check boxes,
drop-down lists, dialog box names, window names, parameters, and commands.
Constant Text that you type, program codes, filenames, directory names, and function names.
width
[] Optional parameters.
{} Mandatory parameters.
II
ARP Principle
First, the source device broadcasts an ARP request containing the IP address of the
destination device. All devices in the network will receive ARP request. If a device finds
that the IP address in request matches its own IP address, it will send a reply containing
its MAC address to the source device. The source device obtains the MAC address of
the destination device through this reply.
To prevent the attacks from ARP virus, or to prevent that users connect devices to the
network randomly, permanent ARP entities can be configured on the device. A permanent
ARP entity takes effect immediately once the configuration is finished. It will not be lost
even if the device is reset.
User can configure ARP common attributions, such as clearing time, aging time, automatic
binding of dynamic ARP entities, and so on. ARP protection mode can also be configured.
1-1
ARP protection is based on a port or a device. If the number of entities in the ARP table is
more than the pre-configured ARP protection threshold, the excess ARP packets will be
discarded and the corresponding alarm will be printed to notify network administrators.
When there is a router (or several routers) between the devices for communication, it is
necessary to enable ARP proxy function on the switch.
When ARP source filter function is enabled, the device will search its routing table after
receiving an ARP packet. The device inspects whether there is a route that uses the
interface (on which this ARP packet is received) as the egress for the ARP packet with this
source IP. The ARP entity will be learnt if the route is found. Otherwise, the ARP packet
will be discarded. In this way, some virus attacks can be prevented.
1-2
the count is up to the threshold in the counting cycle, the device will notify the bottom to
stop forwarding ARP packets.
The limit relief is realized by judging whether the limit times on the interfaces are up through
timer polling. If the limit time is up, the limit will be relieved. Otherwise, the limit is still on.
Parameter Description
1-3
1-4
Parameter Description
Parameter Description
Parameter Description
1-5
Parameter Description
seconds The aging time of ARP entities in the ARP cache, range: 1
2147483, unit: seconds, default: 14400 seconds.
Parameter Description
Parameter Description
<seconds> The aging time of ARP entities in the ARP cache, range: 1
2147483, unit: seconds, default: 14400 seconds.
<ip-address> IP address.
Parameter Description
1-6
1-7
Configuring DAI
To configure DAI on the ZXR10 8900E, perform the following steps:
1-8
Command Function
ZXR10#show ip arp inspection { vlan [{<1-4094>| disable | enable | Displays the DAI configuration
name <vlan-name>}]| interface [<interface-name>]| configure} information of protocol entities on
the switch.
1-9
Field Description
IP Address IP address.
The following is sample output from the show running-config arp command:
ZXR10(config)#show running-config arp
!<ARP>
arp
interface vlan100
protect limit-num 100
timeout 3000
$
$
!</ARP>
ZXR10(config)#
The following is sample output from the show ip arp inspection command:
ZXR10#show ip arp inspection configure
Source Mac Validation : Disabled
Destination Mac Validation : Disabled
IP Address Validation : Enabled
l Configuration Commands
Method 1: Configure a permanent ARP entity in ARP configuration mode. Make sure
that an IP address has already been configured on the interface.
ZXR10(config)#arp
ZXR10(config-arp)#arp vlan400 permanent 120.1.1.1 0020.1122.3344
1-10
Method 2: Enter ARP interface configuration mode and then configure a permanent
ARP entity.
ZXR10(config-arp)#interface vlan400
ZXR10(config-arp-if)#arp permanent 120.1.1.3 0020.1122.3355
l Configuration Verification
Use the show command to view the configuration result, as shown below.
ZXR10(config)#show arp permanent
The count is 1
IP Hardware Exter Inter Sub
Address Age Address Interface VlanID VlanID Interface
--------------------------------------------------------------------------
1.1.1.1 P 0020.1122.3344 vlan400 N/A N/A N/A
1-11
learn-disable
no source-filtered
$
!
As shown in Figure 1-1, the ARP request cannot reach Host D, as a route does not
forward broadcast messages generally. In the condition that there is no ARP proxy,
the communication will fail.
When ARP proxy function is enabled on the switch, the router will request for valid IP
addresses except the IP address of the receiving interface on the switch. The switch
replies with the MAC address on the ingress interface of the ARP packet, as shown
below:
1-12
Therefore, a new entity is added into the ARP table of Host A, as shown below:
ZXR10(config)#show arp
The count is 2
IP Hardware Exter Inter Sub
Address Age Address Interface VlanID VlanID Interface
--------------------------------------------------------------------------
172.16.20.200 00:00:03 0000.0c94.36ab vlan10 N/A N/A gei-0/1/0/1
l Configuration Commands
The configuration to enable ARP proxy function on the router:
ZXR10(config-arp)#interface vlan10
ZXR10(config-arp-if)#proxy
ZXR10(config-arp-if)#exit
ZXR10(config-arp)#exit
ZXR10(config)#show running-config arp
arp
interface vlan10
proxy
$
!
1-13
Configuration Commands
Method 1: Configure a permanent ARP entity in ARP configuration mode. Make sure that
an IP address has already been configured on the interface.
ZXR10(config)#arp
ZXR10(config-arp)#arp vlan400 permanent 120.1.1.1 0020.1122.3344
Method 2: Enter ARP interface configuration mode and then configure a permanent ARP
entity.
ZXR10(config-arp)#interface vlan400
ZXR10(config-arp-if)#arp permanent 120.1.1.3 0020.1122.3355
Configuration Verification
Use the show command to view the configuration result, as shown below.
ZXR10(config)#show arp permanent
The count is 1
IP Hardware Exter Inter Sub
Address Age Address Interface VlanID VlanID Interface
--------------------------------------------------------------------------
1.1.1.1 P 0020.1122.3344 vlan400 N/A N/A N/A
1-14
As shown in Figure 1-2, the ARP request cannot reach Host D, as a route does not
forward broadcast messages generally. In the condition that there is no ARP proxy, the
communication will fail.
1-15
When ARP proxy function is enabled on the switch, the router will request for valid IP
addresses except the IP address of the receiving interface on the switch. The switch
replies with the MAC address on the ingress interface of the ARP packet, as shown below:
Therefore, a new entity is added into the ARP table of Host A, as shown below:
ZXR10(config)#show arp
The count is 2
IP Hardware Exter Inter Sub
Address Age Address Interface VlanID VlanID Interface
--------------------------------------------------------------------------
172.16.20.200 00:00:03 0000.0c94.36ab vlan10 N/A N/A gei-0/1/0/1
Configuration Commands
The configuration to enable ARP proxy function on the router:
ZXR10(config-arp)#interface vlan10
ZXR10(config-arp-if)#proxy
ZXR10(config-arp-if)#exit
ZXR10(config-arp)#exit
ZXR10(config)#show running-config arp
arp
interface vlan10
proxy
1-16
$
!
Configuration Commands
The configuration is shown below:
ZXR10(config-arp)#interface vlan400
ZXR10(config-arp-if)#no source-filtered
/*Disable source filter*/
ZXR10(config-arp-if)#show running-config arp
arp
interface vlan400
no source-filtered
$
!
ZXR10(config-arp-if)#source-filtered
/*Enable source filter*/
ZXR10(config-arp-if)#show running-config arp
1-17
1-18
VLAN Principle
The VLAN functions on a switch in the following four ways:
l VLAN allocated by interface
In this case, VLANs are allocated by interfaces on Ethernet switches. To be specific,
the VLAN to which each interface belongs is clearly specified. Allocating VLANs by
interface is one of the most widely used methods. The IEEE 802.1Q provides an
international standard for allocating VLANs by interfaces on Ethernet switches.
l VLAN allocated by MAC address
In this case, VLANs are allocated by the MAC address of each host. To be specific,
the group to which each host belongs is clearly specified. That is, the VLAN to which
an interface belongs is determined by querying and recording the MAC address of the
network adaptor on the host connected to the interface. Suppose that MAC address A
is configured by a switch to belong to VLAN 10. In this case, no matter which interface
on the switch is used to connect the host with MAC address A, the interface will be
allocated to VLAN 10. For example, if interface 1 is used to connect the host, interface
1 belongs to VLAN 10; if interface 2 is used to connect the host, interface 2 belongs
to VLAN 10.
l VLAN allocated by IP subnet
2-1
In this case, VLANs are allocated by subnet. To be specific, the VLAN to which an
interface belongs is determined by the IP address of the connected host. Unlike
the VLAN allocated by MAC address, an interface can be successfully added to the
original VALN for a same IP address, even though the MAC address is changed due to
replacement of network adaptor or other reasons. For the VLAN allocated by subnet,
the VLAN of a frame is determined by the subnet to which the frame belongs. To
achieve this, the switch must check the network-layer content of a received frame.
This kind of VLAN is like a switch, dividing subnets into different broadcast domains.
l VLAN allocated by network protocol
In this case, VLANs are allocated by protocol. To be specific, a physical network is
divided into multiple logical VLANs based on protocol. When an interface receives a
frame, its VLAN is determined by the protocol type in the packet. For example, IP,
IPX, and Appletalk may have their own independent VLAN. The IP broadcast frames
are sent only to all the interfaces in the IP VLAN.
This allocation method is quite flexible, which is the same as the advantage of
the VLAN allocated by subnet. It is applicable to the L3 network or the network
environment with various protocols.
VLAN Translation
VLAN translation is used in metropolitan area networks. The VLAN IDs of switches used
for edge access can be the same. VLAN translation can modify the same VLAN IDs to
different VLAN IDs, and then forwards packets through the uplink interface on the ZXR10
8900E. In this way, user isolation on L2 switches can be achieved.
The ZXR10 8900E supports ingress VLAN translation and egress VLAN translation.
2-2
2-3
Parameter Description
Parameter Description
<vlan_id> Indicates the VLAN ID. The value of this parameter ranges
from 1 to 4094.
Parameter Description
<vlan_list> Indicates the VLAN list that supports batch configuration. The
value of this parameter ranges from 1 to 4094.
Parameter Description
<vlan_list> Indicates the VLAN list that supports batch configuration. The
value of this parameter ranges from 1 to 4094.
2-4
Parameter Description
Parameter Description
Parameter Description
Parameter Description
Parameter Description
2-5
Parameter Description
Parameter Description
Parameter Description
2-6
2-7
Parameter Description
Command Function
2-8
3 vlan0003 gei-0/1/0/1
gei-0/1/0/3
4 vlan0004 gei-0/1/0/1
5 vlan0005 gei-0/1/0/2 gei-0/1/0/1
6 vlan0006 gei-0/1/0/1
The following is sample output from the show running-config switchvlan command:
ZXR10(config-swvlan)#show running-config switchvlan
! <VLAN>
switchvlan-configuration
vlan 1
$
vlan 2
$
vlan 3
$
vlan 4
$
vlan 5
$
vlan 6
$
interface gei-0/1/0/1
switchport mode trunk
switchport trunk vlan 1-6
$
interface gei-0/1/0/2
switchport access vlan 5
$
interface gei-0/1/0/3
switchport mode hybrid
switchport hybrid vlan 3 tag
$
! </VLAN>
The following is sample output from the show vlan translation command:
ZXR10(config-swvlan)#show vlan translation 1
SESS TRANSPORT INMAP OUTMAP INVLAN PRI OUTVLAN PRI ADV
-----------------------------------------------------------------
1 [I]fei-0/1/0/1 10 100 0
The following is sample output from the show vlan translate statistics session command:
ZXR10(config-swvlan)#show vlan translate statistics session 1
vlan translate session 1 statistics:
120s input rate : 0Bps 0Pps
120s output rate : 0Bps 0Pps
2-9
Configuration Commands
The configuration of switch A:
ZXR10(config)#switchvlan-configuration
ZXR10(config-swvlan)#vlan 10
ZXR10(config-swvlan-sub)#switchport pvid gei-0/3/0/1-2
ZXR10(config-swvlan-sub)#exit
ZXR10(config-swvlan)#vlan 20
ZXR10(config-swvlan-sub)#switchport pvid gei-0/3/0/4-5
ZXR10(config-swvlan-sub)#exit
ZXR10(config-swvlan)#interface gei-0/3/0/24
ZXR10(config-swvlan-if-gei-0/3/0/24)#switchport mode trunk
ZXR10(config-swvlan-if-gei-0/3/0/24)#switchport trunk vlan 10
ZXR10(config-swvlan-if-gei-0/3/0/24)#switchport trunk vlan 20
2-10
ZXR10(config-swvlan-sub)#exit
ZXR10(config-swvlan)#vlan 20
ZXR10(config-swvlan-sub)#switchport pvid gei-0/3/0/4-5
ZXR10(config-swvlan-sub)#exit
ZXR10(config-swvlan)#interface gei-0/3/0/24
ZXR10(config-swvlan-if-gei-0/3/0/24)#switchport mode trunk
ZXR10(config-swvlan-if-gei-0/3/0/24)#switchport trunk vlan 10
ZXR10(config-swvlan-if-gei-0/3/0/24)#switchport trunk vlan 20
Configuration Thought
1. For packets with single tag 100 received on the ingress gei-0/1/0/1, after VLAN
translation, the tag is changed to 200.
2. For packets with dual tags (the inner tag is 100 and the outer tag is 200) received on
the ingress gei-0/1/0/1, after VLAN translation, the inner tag is changed to 101 and the
outer tag is changed to 201.
3. For packets with single tag 100 forwarded on the egress gei-0/1/0/3, after VLAN
translation, the tag is changed to 200.
4. For packets with dual tags (the inner tag is 100 and the outer tag is 200) forwarded on
the egress gei-0/1/0/3, after VLAN translation, the inner tag is changed to 101 and the
outer tag is changed to 201.
Configuration Commands
1. The configuration for single-tag translation on the ingress:
ZXR10(config)#switchvlan-configuration
ZXR10(config-swvlan)#vlan translate session-no 1 in
ZXR10(config-swvlan)#sate session-no 1 ingress-port gei-0/1/0/1
ZXR10(config-swvlan-trans-session-1)#ingress-invlan 100
ZXR10(config-swvlan-trans-session-1)#exgress-invlan 200
ZXR10(config-swvlan-trans-session-1)#exgress-outvlan untag
2-11
ZXR10(config-swvlan-trans-session-1)#
Configuration verification:
ZXR10(config-swvlan-trans-session-1)#show vlan translation
SESS TRANSPORT INMAP OUTMAP INVLAN PRI OUTVLAN PRI ADV
----------------------------------------------------------------------------
1 [I]gei-0/1/0/1 100 200 untag 0
ZXR10(config-swvlan-trans-session-1)#
2. The configuration for dual-tag translation on the ingress:
ZXR10(config)#switchvlan-configuration
ZXR10(config-swvlan)#vlan translate session-no 2 in
ZXR10(config-swvlan)#sate session-no 2 ingress-port gei-0/1/0/1
ZXR10(config-swvlan-trans-session-1)#ingress-invlan 100
ZXR10(config-swvlan-trans-session-1)#ingress-outvlan 200
ZXR10(config-swvlan-trans-session-1)#exgress-invlan 101
ZXR10(config-swvlan-trans-session-1)#exgress-outvlan 201
ZXR10(config-swvlan-trans-session-1)#
Configuration verification:
ZXR10(config-swvlan-trans-session-1)#show vlan translation
SESS TRANSPORT INMAP OUTMAP INVLAN PRI OUTVLAN PRI ADV
----------------------------------------------------------------------------
1 [I]gei-0/1/0/1 100 200 101 201 0
ZXR10(config-swvlan-trans-session-1)#
3. The configuration for single-tag translation on the egress:
ZXR10(config)#switchvlan-configuration
ZXR10(config-swvlan)#vlan translate session-no 2 exgress-port gei-0/1/0/3
ZXR10(config-swvlan-trans-session-1)#ingress-invlan 100
ZXR10(config-swvlan-trans-session-1)#exgress-invlan 200
ZXR10(config-swvlan-trans-session-1)#exgress-outvlan untag
ZXR10(config-swvlan-trans-session-1)#
Configuration verification:
ZXR10(config-swvlan-trans-session-1)#show vlan translation
SESS TRANSPORT INMAP OUTMAP INVLAN PRI OUTVLAN PRI ADV
----------------------------------------------------------------------------
1 [E]gei-0/1/0/3 100 200 untag 0
ZXR10(config-swvlan-trans-session-1)#
4. The configuration for dual-tag translation on the egress:
ZXR10(config)#switchvlan-configuration
ZXR10 (config-swvlan)#vlan translate session-no 2 exgress-port gei-0/1/0/3
ZXR10(config-swvlan-trans-session-1)#ingress-invlan 100
ZXR10(config-swvlan-trans-session-1)#ingress-outvlan 200
ZXR10(config-swvlan-trans-session-1)#exgress-invlan 101
ZXR10(config-swvlan-trans-session-1)#exgress-outvlan 201
ZXR10(config-swvlan-trans-session-1)#
2-12
Configuration verification:
ZXR10(config-swvlan-trans-session-1)#show vlan translation
SESS TRANSPORT INMAP OUTMAP INVLAN PRI OUTVLAN PRI ADV
----------------------------------------------------------------------------
1 [E]gei-0/1/0/3 100 200 101 201 0
ZXR10(config-swvlan-trans-session-1)#
2-13
2-14
SuperVLAN Principle
SuperVLAN is advanced by Internet Society RFC 3069. After VLAN is introduced, different
VLANs cannot communicate with each other through L2 forwarding. The communication
is realized through L3 routing. Thus, it is necessary to configure different IP address
segments between VLANs. To save IP addresses, SuperVLAN is used.
The principle of common VLAN is shown in Figure 3-1.
3-1
On the device, the ports connecting A, B,C and D belong to different VLANs. Therefore,
the different IP address segments are configured on A, B, C and D. The communications
are realized through L3 route forwarding.
As shown in Figure 3-2, after SuperVLAN is used, VLAN 1 and VLAN 2 are bound to
SuperVLAN1, while VLAN 3 and VLAN 4 are bound to SuperVLAN2.
The network segment x.x.x.0/24 is configured on A and B, and x.x.y.0/24 network segment
is configured on C and D. SuperVLAN 1 acts as the ARP proxy between A and B, and
SuperVLAN2 acts as the ARP proxy between C and D. Therefore, the communications
between A and B, and between C and D can be realized through L2 forwarding. However,
the communication between the hosts in different network segments (such as A and C)
still needs to be realized through L3 forwarding.
In addition, each VLAN member of SuperVLAN is allocated an IP address segment.
To ensure the security, the packets will be discarded if the IP addresses of the packets
received by the SuperVLAN do not match the allocated IP address segment.
3-2
Parameter Description
3-3
Parameter Description
Parameter Description
Parameter Description
Parameter Description
enable Enables the function that SubVLAN broadcasts ARP for free.
disable Disables the function that SubVLAN broadcasts ARP for free.
On the ZXR10 8900E, use the following commands to bind SubVLANs to a specified
SuperVLAN in batches.
To bind SubVLAN to a specified SuperVLAN on ZXR10 8900E, perform the following steps:
Parameter Description
3-4
Parameter Description
Command Function
SuperVLAN No: 10
ARP-Broadcast : Disable
Gratuitous-ARP-Broadcast : Enable
Inter-SubVLAN-Routing-IPv4: Enable
Inter-SubVLAN-Routing-IPv6: Enable
IP-POOL-Filter : Enable
ND-Broadcast : Disable
----------------------------------------
SubIntf : subvlan10
Field Description
ARP-Broadcast: Disable The function that SuperVLAN broadcasts ARP to all its
subVLANs is disabled.
Gratuitous-ARP-Broadcast: Enable The function that SuperVLAN broadcasts ARP to all its
subVLANs for free is enabled.
IP-POOL-Filter: Enable The function that SuperVLAN filter the source IP address
is enabled.
3-5
Field Description
Field Description
From 1.1.1.1 To 1.1.1.255 The filter range of SuperVLAN IP pool is from 1.1.1.1 to
1.1.1.255.
3-6
Configuration Thought
1. Create a SuperVLAN interface.
2. Configure an IP address.
3. Input SuperVLAN interface name, and then enter SuperVLAN aggregation interface
configuration mode.
4. Disable ip-pool-filter.
5. Enable arp-broadcast.
6. Input the created SubVLAN interface, and then enter SUPERVLAN_SUBVLAN
configuration mode.
7. Bind this interface to SuperVLAN.
8. Configure IP-POOL on the SubVLAN.
Configuration Commands
The configuration of ZXR10:
ZXR10(config)#interface supervlan11
ZXR10(config-if)#ip address 192.11.1.1 255.255.255.0
ZXR10(config-if)#exit
ZXR10(config)#supervlan
ZXR10(config-supervlan)#interface supervlan11
ZXR10(config-supervlan-superif)#ip-pool-filter disable
ZXR10(config-supervlan-superif)#arp-broadcast enable
ZXR10(config-supervlan-superif)#exit
ZXR10(config-supervlan)#subvlan 2
ZXR10(config-supervlan-subvlan)#supervlan 11
ZXR10(config-supervlan-subvlan)#vlanpool 192.11.1.1 192.11.1.10
ZXR10(config-supervlan-subvlan)#exit
3-7
Configuration Verification
Use the show command to check the configuration result, as shown below.
ZXR10#show supervlan
The total SuperVLAN number:1
SuperVLAN No: 11
ARP-Broadcast : Enable
Gratuitous-ARP-Broadcast : Enable
Inter-SubVLAN-Routing-IPv4: Enable
Inter-SubVLAN-Routing-IPv6: Enable
IP-POOL-Filter : Disable
ND-Broadcast : Disable
----------------------------------------
SubIntf : subvlan2
ZXR10#show running-config supervlan
! </SuperVLAN>
supervlan
interface supervlan11
arp-broadcast enable
inter-subvlan-routing enable
ip-pool-filter disable
$
subvlan 2
supervlan 11
vlanpool 192.11.1.1 192.11.1.10
$
! </SuperVLAN>
ZXR10(config)#show supervlan-pool
Addr-Begin Addr-End Supervlan-Name SubIntf-Name
192.11.1.1 192.11.1.10 supervlan11 subvlan2
3-8
PVLAN Principle
The switch requires that all interfaces are isolated from each other according to network
application. That is, each interface will be allocated with a VLAN. Meanwhile, the number
of VLANs for the upper-layer device is limited and thus the VLANs from the switch cannot
be transparently transmitted. In this case, the working mode of the uplink interface on the
switch must be configured to access. PVLAN achieves port-based isolation in a VLAN. It
is easy to isolation users at layer 2, and it is unnecessary to allocate a VLAN ID for each
user. PVLAN is one of the features provided by the ZTE Ethernet switch. In the process
of cell access, the PVLAN allocates users into different VLANs to isolate the L2 packets
of these users.
The PVLAN uses the L2 VLAN structure and VLAN interfaces are classified into the
following types:
l Isolate port
l Promiscuous port
l Community port
4-1
An isolate port can communicate only with promiscuous ports, and isolate ports cannot
communicate with each other directly. A community port can communicate with other
community ports or promiscuous ports. Community ports cannot communicate with isolate
ports. Promiscuous ports can communicate with other ports for layer-2 communications.
In PVLAN applications, the ports connected to users are set to isolate ports, and the
ports connected to uplink switches are set to promiscuous ports. The users in the same
VLAN are isolated and users can communicate only with their own default gateway, which
ensures network security.
One ore more PVLANs exist on an Ethernet switch. Each PVLAN contains multiple isolate
interfaces and uplink promiscuous interfaces. For the upper-layer router, only several
PVLANs exist on the lower-layer switch and the upper-layer router does not concern the
VLAN to which each interface in the PVLAN belongs. This simplifies configuration and
saves VLAN resources. To be specific, all the isolate interfaces in one PVLAN belong to
a same subnet, which saves the number of subnets and IP addresses.
The PVLAN provides flexible configuration mode. To isolate L2 packets sent from users,
you can configure an isolate interface for each user and make each VLAN contain only the
connected interface of the user and the uplink interface. To restore communication based
on L2 packets between users, the ports connected to users can be divided into community
ports.
4-2
Command Function
ZXR10(config)#switchvlan-configuration
ZXR10(config-swvlan)#vlan 2
ZXR10(config-swvlan-sub)#switchport pvid gei-0/1/0/1-3
ZXR10(config-swvlan-sub)#exit
ZXR10(config-swvlan)#private-map session-id 1
ZXR10(config-swvlan-pvlan-session)#isolate gei-0/1/0/1-2
ZXR10(config-swvlan-pvlan-session)#promis gei-0/1/0/3
4-3
4-4
5-1
broadcast storm.Figure 5-1 shows an example of packet cycling and multiplication caused
by a loop.
Suppose that site A does not send any packet. Thus, there is no address record of site A
in the address lists on switch 1 and switch 2. When site A sends a packet, both of the two
switches receive this packet, record the address on LANA, and then wait in the queue for
forwarding the packet to LANB. According to the rule of LAN, one of the two switches will
successfully forward the packet to LAN2. If such a switch is switch 1, switch 2 will receive
this packet again because switch 1 is transparent to switch 2, which is like sending the
packet from LANB rather than site A. In this case, switch 2 records the address of site A
on LANB and waits in the queue for forwarding the new packet to LANA. On the contrary,
if switch 2 successfully forwards the original packet to LANB at the beginning, switch 1 will
receive this packet again. When detecting that the packet from site A has been forwarded
to LANB, switch 1 will wait in the queue for forwarding the new packet to LANA. In this way,
the packet will continuously cycled in the loop. What is worse, if the packet is a broadcast
packet and there are other hosts connected to switch 1 and switch 2, the packet will be
multiplied each time when it is forwarded successfully, which finally results in broadcast
storm in the network.
To solve this problem, the IEEE develops a new protocol called 802.1D defining that a
bridge has the abilities of STP leaning and calculation. In addition, it has the abilities to
locate the fault of packet cycling and disconnect redundancy links.
Therefore, a transparent bridge must provide the following three working characteristics:
learning, forwarding, and eliminating of packet cycling.
Instruction to STP
The basic principle of the STP protocol is very simple. The loop dose not exist on the
trees growing in the nature. If the network can grow like a tree, the loop will not exist in
the network. Based on such a thought, the STP protocol defines the concepts including
Root Bridge, Root Port, Designated Port, and Path Cost. Its purpose is to cut redundancy
loops by constructing a natural tree and to implement link backup and the best path. In
addition, the STP protocol supports link backup in the network. When the network topology
5-2
changes, the STP protocol can automatically sense the changes, re-calculate the spanning
tree to generate a new one, and meanwhile confirm that no loop forward path exists.
As shown in Figure 5-2, the interface between S3 and S2 does not involve in data
forwarding. Therefore, the forward path for the information sent from the PC of user A in
the network is shown in the above figure. The specific content of the protocol will not be
described in this section. For details, see the IEEE 802.1D.
STP Principle
The STP protocol solves the loop problem for a transparent bridge. However, with the
development of applications and network technologies, its disadvantages are exposed
gradually. The main disadvantage of STP is the convergence speed. To improve this
disadvantage, the IEEE developed a 802.1W protocol standard as a supplement to the
802.1D. The IEEE 802.1W standard defines a new protocol, that is, Rapid Spanning Tree
Protocol (RSTP). There are three major modifications in the RSTP based on the STP.
Therefore, the convergence speed is faster than that of the STP.
l The RSTP defines two roles for the root port and the designated port, namely Alternate
Port (AP) and Backup Port (BP). These two ports will be used during fast switching.
When a root port or a designated port is unavailable, the AP or BP will be in data
forwarding state without any delay.
l By using the P/A mechanism, for a point-to-point link that connects only two switch
ports, the designated port can be in data forwarding state without any delay after
handshaking with the downlink bridge just once.
l A port that is directly connected to a terminal rather than a bridge is called an edge
port. Such a port can be in data forwarding state without any delay. However, manual
configuration is required because a bridge cannot sense whether a port is directly
connected to a terminal.
Both RSTP and STP belong to Single Spanning Tree (SST). That is to say, there is only
one spanning tree in the whole switch network. Therefore, a longer convergence time is
5-3
consumed in the case of a large-scale network. When the configuration of 802.1Q leads
to the asymmetric structure of VLAN in network bearer, SST affects the connectivity of
some VLANs in the network. Meanwhile, when a link is blocked in the case of SST, it does
not bear any traffic, which causes huge waste of bandwidth and cannot implement load
sharing.
The above disadvantages cannot be overcame by SST. Therefore, the multi-instance STP
protocol supporting VLAN emerges, that is, the Multiple Spanning Tree Protocol (MSTP)
defined in IEEE 802.1S.
MSTP introduces a concept of domain. A large network can be divided into multiple
domains based on configuration. Each domain applies a multi-instance spanning tree,
which improves the expansibility and stability of a spanning tree. When the spanning tree
in a domain changes, the changed information will be transmitted in the spanning tree of
the domain, which does not affect other domains. In this case, the whole network does
not re-calculate the topology of spanning trees. Meanwhile, the MSTP has the ability
to recognize VLANs. Multiple VLANs can be bound to one instance and these VLANs
use different forwarding paths, which decreases the occupancy of various resources and
implements load sharing. The principle of the CST, IST, or MSTI is similar to that of the
RSTP.
5-4
5-5
Parameter Description
sstp Indicates the compatible STP mode (for single spanning tree).
Parameter Description
5-6
Parameter Description
vlans <vlan-range> Indicates the VLAN range. The value of this parameter
ranges from 1 to 4094.
Parameter Description
5-7
Parameter Description
Parameter Description
Parameter Description
<instance range> Indicates the instance range. The value of this parameter
ranges from 0 to 64.
Parameter Description
Parameter Description
5-8
Parameter Description
Parameter Description
Parameter Description
Command Function
Output descriptions:
5-9
MST00
Spantree enabled protocol MSTP
Root ID: Priority 4096; Address 0000.0100.0006
Hello-Time 2 sec; Max-Age 6 sec
Forward-Delay 15 sec;
Interface Prio.Nbr
Name Port ID Cost State Role Type Bound
------------------------------------------------------------------------
gei-0/1/0/1 128.1 200000 Forward Designated p2p MSTP
gei-0/1/0/2 128.2 200000 Forward Designated p2p MSTP
gei-0/1/0/3 128.3 200000 Forward Designated p2p MSTP
gei-0/1/0/5 128.4 200000 Forward Designated Edge MSTP
Output descriptions:
Output descriptions:
5-10
Output descriptions:
5-11
designated_ext_cost 0
designated_int_cost 0
designated_bridge 00-00-01-00-00-06
designated_port 0x8001
---------------------------------------------------------
Port based information & statistics
---------------------------------------------------------
all BPDU xmitted 5086
all BPDU received 12
MST BPDU xmitted 5086
MST BPDU received 12
RST BPDU xmitted 0
RST BPDU received 0
config BPDU xmitted 0
config BPDU received 0
TCN BPDU xmitted 0
TCN BPDU received 0
discard BPDU 0
----------------------------------------------------------
Bridge based information
----------------------------------------------------------
spantree type ieee
multicast mac address 01-80-c2-00-00-00
bridge priority 4096
bridge mac address 00-00-01-00-00-06
bridge hello time 2 sec
bridge forward delay 5 sec
bridge max age 6 sec
bridge max hops 20
Output descriptions:
Port based information & statistics Indicates the statistics based on interface.
5-12
l Configuration Thought
1. Configure the STP mode to MSTP and enable the STP function.
2. Configure the bridge priority of DUT1 to 32768 and that of DUT2 to 40960.
l Configuration Commands
The configuration of DUT1:
DUT1(config)#spantree
DUT1(config-stp)#enable
DUT1(config-stp)#mode mstp
DUT1(config-stp)#mst priority 32768 instance 0
MST00
Spantree enabled protocol MSTP
Root ID: Priority 32768; Address 0000.0100.0006
Hello-Time 2 sec; Max-Age 6 sec
Forward-Delay 5 sec;
5-13
Interface Prio.Nbr
Name Port ID Cost State Role Type Bound
---------------------------------------------------------------------------
gei-0/1/0/1 128.1 200000 Forward Designated p2p MSTP
gei-0/1/0/2 128.2 200000 Forward Designated p2p MSTP
Use the show spantree instance 0 command to view the configuration result of DUT2:
DUT2(config)#show spantree instance 0
MST00
Spantree enabled protocol MSTP
Root ID: Priority 32768; Address 0000.0100.0006
Hello-Time 2 sec; Max-Age 6 sec
Forward-Delay 5 sec;
Interface Prio.Nbr
Name Port ID Cost State Role Type Bound
---------------------------------------------------------------------------
gei-0/1/0/1 128.1 200000 Forward Root p2p MSTP
gei-0/1/0/2 128.2 200000 Discard Alternate p2p MSTP
l Configuration Thought
1. Configure the STP mode to RSTP.
2. Enable the STP function.
l Configuration Commands
The configuration of DUT1:
5-14
DUT1(config)#spantree
DUT1(config-stp)#enable
DUT1(config-stp)#mode rstp
MST00
Spantree enabled protocol RSTP
Root ID: Priority 32768; Address 0000.0100.0006
Hello-Time 2 sec; Max-Age 6 sec
Forward-Delay 5 sec;
Interface Prio.Nbr
Name Port ID Cost State Role Type Bound
---------------------------------------------------------------------------
gei-0/1/0/1 128.1 200000 Forward Designated p2p RSTP
gei-0/1/0/2 128.2 200000 Forward Designated p2p RSTP
Use the show spantree instance 0 command to view the configuration result of DUT2:
DUT2(config-stp)#show spantree instance 0
MST00
Spantree enabled protocol MSTP
Root ID: Priority 32768; Address 0000.0100.0006
Hello-Time 2 sec; Max-Age 6 sec
Forward-Delay 5 sec;
5-15
Interface Prio.Nbr
Name Port ID Cost State Role Type Bound
---------------------------------------------------------------------------
gei-0/1/0/1 128.1 200000 Forward Root p2p RSTP
gei-0/1/0/2 128.2 200000 Discard Alternate p2p RSTP
l Configuration Thought
1. Configure the STP mode to SSTP.
2. Enable the STP function.
l Configuration Commands
The configuration of DUT1:
DUT1(config)#spantree
DUT1(config-stp)#enable
DUT1(config-stp)#mode sstp
MST00
Spantree enabled protocol SSTP
Root ID: Priority 32768; Address 0000.0100.0006
Hello-Time 2 sec; Max-Age 6 sec
Forward-Delay 5 sec;
5-16
Interface Prio.Nbr
Name Port ID Cost State Role Type Bound
---------------------------------------------------------------------------
gei-0/1/0/1 128.1 200000 Forward Designated p2p SSTP
gei-0/1/0/2 128.2 200000 Forward Designated p2p SSTP
Use the show spantree instance 0 command to view the configuration result of DUT2:
DUT2(config-stp)#show spantree instance 0
MST00
Spantree enabled protocol SSTP
Root ID: Priority 32768; Address 0000.0100.0006
Hello-Time 2 sec; Max-Age 6 sec
Forward-Delay 5 sec;
Interface Prio.Nbr
Name Port ID Cost State Role Type Bound
---------------------------------------------------------------------------
gei-0/1/0/1 128.1 200000 Forward Root p2p SSTP
gei-0/1/0/2 128.2 200000 Discard Alternate p2p SSTP
5-17
5-18
LLDP Principle
LLDP is defined in 802.1ab. As shown in Figure 6-1, LLDP works at the data link layer.
It is a neighbor discovery protocol that defines a standard for Ethernet devices (such as
switches, routers and wireless LAN access points). Through LLDP, an Ethernet device
can advertise its existence to other nodes on the network and save discovery information
of neighbor devices. The device sends the state information to other devices. The
information is stored on each port of all devices. If necessary, the device can send update
information to the neighbor devices that are connected directly, and the neighbor devices
store the information in standard SNMP MIBs.
6-1
Network management systems can query the L2 connection information in the MIB. LLDP
does not configure or control network elements or traffic. It just reports the position of L2.
Another function defined in 802.1ab is that network management software can use the
information provided by LLDP to find conflicts at L2 network. At present, IEEE uses the
physical topologies, interfaces and entity MISs existing in IETF.
6-2
information in the CACHE of SNMP MIB defined by IEEE. The information is invalid during
a period. The value of TTL to define the period is contained in the received packets.
LLDP makes network management systems be able to discover and simulate physical
network topologies correctly. LLDP devices send and receive advertisements, so the
devices save the information of the discovered neighbor devices. The advertisement data,
such as the management address, device type and port number of a neighbor device, is
helpful to know the type and interconnected interfaces of the neighbor device. An LLDP
device advertises its information to direct-connected neighbor devices periodically. It also
receives, refreshes and saves the advertisements from neighbor devices. The device
scans the CACHE every second. If no new packet is received during the hole-time period,
the information is aged.
l Chassis ID is the first mandatory TLV in an LLDPDU. It is the unique ID of a device that
supports to send LLDPDUs. It is recommended to use the chassis MAC address as
the chassis ID for a switch, and use the loopback address or an interface IP address
as the chassis ID for a router.
l Port ID is the second mandatory TLV in an LLDPPDU. It is the unique ID of port that
sends LLDPDUs. For a switch, it is recommended to use the port name as the port
ID, such as fei4/1.
l TTL is the third mandatory TLV in an LLDPPDU. It is the living time (in the unit of
second) of an LLDPPDU received by the peer. When a peer receives an LLDPPDU
of which the TTL is 0, the device deletes all related information.
l End of LLDPDU is the last mandatory TLV in an LLDPPDU. It defines the end of an
LLDPPDU.
6-3
6-4
Parameter Description
Parameter Description
Parameter Description
Parameter Description
Parameter Description
6-5
Command Function
The following is sample output from the show lldp config command:
ZXR10#show lldp config
-------------------------------
LLDP enable: enabledRxTx
LLDP helloTime: 30s
LLDP holdTime: 4
LLDP msgFastTx: 1s
LLDP txCreditMax: 5
LLDP txFastInit: 4
LLDP deadTime: 120s
LLDP maxNeighbor: 128
LLDP curNeighbor: 0
----------------------------
Field Description
The following is sample output from the show lldp entry command:
ZXR10#show lldp entry
6-6
--------------------------------------------------------
Local Port: fei-0/1/0/1 | Interface Name
Chassis ID: 00aa0144a904 | MAC Address
Peer Port: fei-0/1/0/1 | Interface Name
TTL: 105 | Time to live
Port Description: Port name fei-0/1/0/1, PortPhyStatus is up,
PortPhotoElectricityMode is electric, Pvid 1
System Name: ZXR10
System Description: M6000v2.00.20(2.2.0), ZXR10, ZXR10 M6000-16
Software, NULL
System Capability: Bridge, Router
Management Address: IPv4 - 0.0.0.0, ifIndex - 0, OID - Null
Link Aggregation: Not Enabled
--------------------------------------------------------
Local Port: fei-0/1/0/2 | Interface Name
Chassis ID: 00aa0144a904 | MAC Address
Peer Port: fei-0/1/0/2 | Interface Name
TTL: 109 | Time to live
Port Description: Port name fei-0/1/0/2, PortPhyStatus is up,
PortPhotoElectricityMode is electric, Pvid 1
System Name: ZXR10
System Description: M6000v2.00.20(2.2.0), ZXR10, ZXR10 M6000-16
Software, NULL
System Capability: Bridge, Router
Management Address: IPv4 - 0.0.0.0, ifIndex - 0, OID - Null
Link Aggregation: Not Enabled
Field Description
The following is sample output from the show lldp neighbor command:
6-7
Field Description
Holdtime hold-time.
Capability Capability.
Platform Platform.
The following is sample output from the show lldp statistic command:
ZXR10(config)#show lldp statistic
LLDP counters :
Total packets output: 132, input: 60
Total packets error: 0, discarded: 0
Total tlvs discarded: 0, unrecognized: 0
Total neighbors added: 2, deleted: 0,
Total neighbors aged: 0, droped: 0
Field Description
6-8
l Configuration Thought
1. Enter LLDP configuration mode.
2. Enter an interface.
3. Enable LLDP.
l Configuration Commands
Enter an interface in LLDP configuration mode and then configure LLDP, as shown
below.
R1(config)#lldp
R1(config-lldp)#interface gei-0/1/0/1
R1(config-lldp-if-gei-0/1/0/1)#lldp enable
l Configuration Verification
Use the show lldp neighbor command to check the configuration result, as shown
below.
R1(config-if)#show lldp neighbor
Capability Codes:
N - Other, r - Repeater, B - Bridge, W - WLAN Access Point,
R - Router, T - Telephone, D - DOCSIS Cable Device,
S - Station Only
Local-Port Chassis-ID Holdtime Capability Platform Peer-Port
----------------------------------------------------------------------
gei-0/1/0/1 000101040507 92 B S Software gei-0/1/0/1
l Configuration Thought
1. Enter LLDP configuration mode.
2. Configure LLDP attributes.
l Configuration Commands
The configuration of R1:
6-9
R1(config)#lldp
R1(config-lldp)#maxneighbor 3
/*Configure the maximum number of system neighbors*/
R1(config-lldp)#hellotime 30000
/*Configure the intervals to send LLDP neighbor discovery packets*/
R1(config-lldp)#holdtime 8
/*Configure LLDP neighbor hold-time*/
R1(config-lldp)#lldp enable
/*Enable LLDP*/
R1(config-lldp)#lldp-rx enable
/*Enable LLDP receiving*/
R1(config-lldp)#lldp-tx enable
/*Enable LLDP sending*/
R1(config-lldp)#clearneighbor
/*Clear LLDP neighbor relationship that has been established*/
R1(config-lldp)#clearstatistic
/*Clear LLDP statistical information*/
l Configuration Verification
Use the show running-config lldp command to check the configuration result, as shown
below.
ZXR10(config-lldp)#show running-config lldp
! <LLDP>
lldp
hellotime 30000
holdtime 8
maxneighbor 3
! </LLDP>
Configuration Thought
1. Enter LLDP configuration mode.
2. Enter an interface.
3. Enable LLDP.
6-10
Configuration Commands
Enter an interface in LLDP configuration mode and then configure LLDP, as shown below.
S1(config)#lldp
S1(config-lldp)#interface gei-0/1/0/1
S1(config-lldp-if-gei-0/1/0/1)#lldp enable
Configuration Verification
Use the show lldp neighbor command to check the configuration result, as shown below.
S1(config-if)#show lldp neighbor
Capability Codes:
N - Other, r - Repeater, B - Bridge, W - WLAN Access Point,
R - Router, T - Telephone, D - DOCSIS Cable Device,
S - Station Only
Local-Port Chassis-ID Holdtime Capability Platform Peer-Port
----------------------------------------------------------------------
gei-0/1/0/1 000101040507 92 B S Software gei-0/1/0/1
Configuration Thought
1. Enter LLDP configuration mode.
2. Configure LLDP attributes.
Configuration Commands
The configuration of S1:
S1(config)#lldp
S1(config-lldp)#maxneighbor 3
/*Configure the maximum number of system neighbors*/
S1(config-lldp)#hellotime 30000
/*Configure the intervals to send LLDP neighbor discovery packets*/
S1(config-lldp)#holdtime 8
/*Configure LLDP neighbor hold-time*/
6-11
S1(config-lldp)#lldp enable
/*Enable LLDP*/
S1(config-lldp)#lldp-rx enable
/*Enable LLDP receiving*/
S1(config-lldp)#lldp-tx enable
/*Enable LLDP sending*/
S1(config-lldp)#clearneighbor
/*Clear LLDP neighbor relationship that has been established*/
S1(config-lldp)#clearstatistic
/*Clear LLDP statistical information*/
Configuration Verification
Use the show running-config lldp command to check the configuration result, as shown
below.
ZXR10(config-lldp)#show running-config lldp
! <LLDP>
lldp
hellotime 30000
holdtime 8
maxneighbor 3
! </LLDP>
6-12
SmartGroup Principle
The link aggregation of SmartGroup is to aggregate several ports into an aggregation
group, thus to share out/in load among the member ports. This also improves the reliability
of the connections. Outwardly, the aggregation group seems as a port. Load sharing of link
aggregation supports load-sharing aggregation and non-load-sharing aggregation.Figure
7-1 shows a SmartGroup link aggregation.
7-1
7-2
7-3
7-4
Parameter Description
Parameter Description
Parameter Description
Parameter Description
7-5
Parameter Description
Parameter Description
Parameter Description
<mode> Load sharing mode of LACP. The supported modes are dstip,
dst-mac, src-dst-ip, src-dst-mac, src-ip, src-mac, src-port,
dst-port, src-dst_port and enhance, and the default mode
is src_dst_mac.
Parameter Description
Parameter Description
on Static trunk. In this mode, the interface does not run LACP,
and it is necessary to set the mode to on on both ends.
Parameter Description
7-6
Parameter Description
Parameter Description
Parameter Description
Parameter Description
non-revertive No switchover.
Parameter Description
Parameter Description
Command Function
7-7
Parameter descriptions:
Parameter Description
The following is sample output from the show lacp 1 internal command (the aggregation
state of member ports in smatgroup1 is displayed):
Field Description
7-8
l Configuration Thought
1. Create smartgroup1 on S1, and create smartgroup1 on S2. Enter interface
configuration mode.
2. Configure the switch attribute of smartgroup1 on S1 and S2 in interface
configuration mode, and exit to global configuration mode.
3. Enter LACP configuration mode from global configuration mode, and then enter
the smartgroup interfaces.
4. Set the aggregation mode of smartgroup1 to LACP on S1 and S2. Configure load
sharing policy and the minimum number of members.
5. Enter LACP configuration mode from global configuration mode, and then enter
the physical interfaces.
6. Add the physical interfaces on S1 and S2 to the smartgroup1.
7. Configure LACP negotiation mode and time-out period on the member interfaces
of smartgroup1 on S1 and S2.
l Configuration Commands
The configuration of S1:
S1(config)#interface smartgroup1
S1(config-if)#switch attribute enable
S1(config-if)#exit
S1(config)#lacp
S1(config-lacp)#interface smartgroup1
S1(config-lacp-sg-if)#lacp mode 802.3ad
S1(config-lacp-sg-if)#lacp load-balance dst-mac
S1(config-lacp-sg-if)#lacp minimum-member 1
S1(config-lacp-sg-if)#exit
S1(config-lacp)#interface gei-0/2/0/5
S1(config-lacp-member-if)#smartgroup 1 mode active
S1(config-lacp-member-if)#lacp timeout short
S1(config-lacp-member-if)#exit
7-9
S1(config-lacp)#interface gei-0/2/0/9
S1(config-lacp-member-if)#smartgroup 1 mode active
S1(config-lacp-member-if)#lacp timeout short
S1(config-lacp-member-if)#exit
7-10
7-11
l Configuration Thought
1. Create smartgroup1 on S1, and create smartgroup1 on S2. Enter interface
configuration mode.
2. Configure the switch attribute of smartgroup1 on S1 and S2 in interface
configuration mode, and exit to global configuration mode.
3. Enter LACP configuration mode from global configuration mode, and then enter
the smartgroup interfaces.
4. Configure the same negotiation mode on on the smartgroup1 interfaces on S1
and S2.
5. Enter LACP configuration mode from global configuration mode, and then enter
the physical interfaces.
6. Add the physical interfaces on S1 and S2 to the smartgroup1.
l Configuration Commands
S2(config)#interface smartgroup1
S2(config-if)#switch attribute enable
S2(config-if)#exit
S2(config)#lacp
S2(config-lacp)#interface smartgroup1
S2(config-lacp-sg-if)#lacp mode on
7-12
S2(config-lacp-sg-if)#exit
S2(config-lacp)#interface gei-0/3/0/5
S2(config-lacp-member-if)#smartgroup 1 mode on
S2(config-lacp-member-if)#exit
S2(config-lacp)#interface gei-0/3/0/9
S2(config-lacp-member-if)#smartgroup 1 mode on
S2(config-lacp-member-if)#end
l Configuration Verification
Check the configuration on S1 and check whether the configuration takes effect.
S1#show lacp 1 internal
Smartgroup:1
Flags: *-Port is Active member Port
S-Port is requested in Slow LACPDUs F-Port is requested in Fast LACPDUs
A-Port is in Active mode P-Port is in Passive mode
Actor Agg LACPDUs Port Oper Port RX Mux
Port[Flags] State Interval Priority Key State Machine Machine
----------------------------------------------------------------------------
gei-0/2/0/9 ACTIVE 30 32768 0x11 0x3d N/A N/A
gei-0/2/0/5 ACTIVE 30 32768 0x11 0x3d N/A N/A
7-13
Configuration Thought
1. Create smartgroup1 on S1, and create smartgroup1 on S2. Enter interface
configuration mode.
2. Configure the switch attribute of smartgroup1 on S1 and S2 in interface configuration
mode, and exit to global configuration mode.
3. Enter LACP configuration mode from global configuration mode, and then enter the
smartgroup interfaces.
4. Set the aggregation mode of smartgroup1 to LACP on S1 and S2. Configure load
sharing policy and the minimum number of members.
5. Enter LACP configuration mode from global configuration mode, and then enter the
physical interfaces.
6. Add the physical interfaces on S1 and S2 to the smartgroup1.
7. Configure LACP negotiation mode and time-out period on the member interfaces of
smartgroup1 on S1 and S2.
The configuration of S1:
S1(config)#interface smartgroup1
S1(config-if)#switch attribute enable
S1(config-if)#exit
S1(config)#lacp
S1(config-lacp)#interface smartgroup1
S1(config-lacp-sg-if)#lacp mode 802.3ad
S1(config-lacp-sg-if)#lacp load-balance dst-mac
S1(config-lacp-sg-if)#lacp minimum-member 1
S1(config-lacp-sg-if)#exit
S1(config-lacp)#interface gei-0/2/0/5
S1(config-lacp-member-if)#smartgroup 1 mode active
S1(config-lacp-member-if)#lacp timeout short
S1(config-lacp-member-if)#exit
S1(config-lacp)#interface gei-0/2/0/9
S1(config-lacp-member-if)#smartgroup 1 mode active
S1(config-lacp-member-if)#lacp timeout short
S1(config-lacp-member-if)#exit
7-14
S2(config)#lacp
S2(config-lacp)#interface smartgroup1
S2(config-lacp-sg-if)#lacp mode 802.3ad
S2(config-lacp-sg-if)#lacp load-balance dst-mac
S2(config-lacp-sg-if)#lacp minimum-member 1
S2(config-lacp-sg-if)#exit
S2(config-lacp)#interface gei-0/3/0/5
S2(config-lacp-member-if)#smartgroup 1 mode active
S2(config-lacp-member-if)#lacp timeout short
S2(config-lacp-member-if)#exit
S2(config-lacp)#interface gei-0/3/0/9
S2(config-lacp-member-if)#smartgroup 1 mode active
S2(config-lacp-member-if)#lacp timeout short
S2(config-lacp-member-if)#end
Configuration Verification
Check the configuration on S1 and check whether the configuration takes effect.
S1(config)#show lacp 1 internal
Smartgroup:1
Flags: * - Port is Active member Port
S - Port is requested in Slow LACPDUs F - Port is requested
in Fast LACPDUs
A - Port is in Active mode P - Port is in Passive
mode
Actor Agg LACPDUs Port Oper Port RX Mux
Port[Flags] State Interval Priority Key State Machine Machin
e
--------------------------------------------------------------------------------
gei-0/2/0/5 [FA*] ACTIVE 1 32768 0x111 0x3f CURRENT COLL
/*Port aggregation, Active means success; Inactive means failure*/
gei-0/2/0/9 [FA*] ACTIVE 1 32768 0x111 0x3f CURRENT COLL
7-15
lacp minimum-member 1
/*The minimum number of members aggregated successfully. When the
number of links aggregated successfully is not less than this
value, smartgroup is up.*/
interface gei-0/2/0/9
smartgroup 1 mode active
/*In 802.3ad mode, only when at least one end of the link is in
active mode will the aggregation succeeds.*/
lacp timeout short
interface gei-0/2/0/5
smartgroup 1 mode active
lacp timeout short
! </LACP>
7-16
Configuration Thought
1. Create smartgroup1 on S1, and create smartgroup1 on S2. Enter interface
configuration mode.
2. Configure the switch attribute of smartgroup1 on S1 and S2 in interface configuration
mode, and exit to global configuration mode.
3. Enter LACP configuration mode from global configuration mode, and then enter the
smartgroup interfaces.
4. Configure the same negotiation mode on on the smartgroup1 interfaces on S1 and
S2.
5. Enter LACP configuration mode from global configuration mode, and then enter the
physical interfaces.
6. Add the physical interfaces on S1 and S2 to the smartgroup1.
Configuration Commands
The configuration of S1:
S1(config)#interface smartgroup1
S1(config-if)#switch attribute enable
S1(config-if)#exit
S1(config)#lacp
S1(config-lacp)#interface smartgroup1
S1(config-lacp-sg-if)#lacp mode on
S1(config-lacp-sg-if)#exit
S1(config-lacp)#interface gei-0/2/0/5
S1(config-lacp-member-if)#smartgroup 1 mode on
S1(config-lacp-member-if)#exit
S1(config-lacp)#interface gei-0/2/0/9
S1(config-lacp-member-if)#smartgroup 1 mode on
S1(config-lacp-member-if)#exit
S2(config)#interface smartgroup1
S2(config-if)#switch attribute enable
S2(config-if)#exit
S2(config)#lacp
S2(config-lacp)#interface smartgroup1
S2(config-lacp-sg-if)#lacp mode on
S2(config-lacp-sg-if)#exit
7-17
S2(config-lacp)#interface gei-0/3/0/5
S2(config-lacp-member-if)#smartgroup 1 mode on
S2(config-lacp-member-if)#exit
S2(config-lacp)#interface gei-0/3/0/9
S2(config-lacp-member-if)#smartgroup 1 mode on
S2(config-lacp-member-if)#end
Configuration Verification
Check the configuration on S1 and check whether the configuration takes effect.
S1#show lacp 1 internal
Smartgroup:1
Flags: *-Port is Active member Port
S-Port is requested in Slow LACPDUs F-Port is requested in Fast LACPDUs
A-Port is in Active mode P-Port is in Passive mode
Actor Agg LACPDUs Port Oper Port RX Mux
Port[Flags] State Interval Priority Key State Machine Machine
----------------------------------------------------------------------------
gei-0/2/0/9 ACTIVE 30 32768 0x11 0x3d N/A N/A
gei-0/2/0/5 ACTIVE 30 32768 0x11 0x3d N/A N/A
7-18
SVLAN Principle
Currently, SVLAN is mainly implemented by VFP and IFP, based on which two types
of CLI configuration are provided. It is recommended that you use the SVLAN in VFP
mode because it can fully implement unicast forwarding in uplink and downlink directions.
Furthermore, with ACL rules, it can perform data filtering by packet type or IP address to
implement stream splitting in a better way. This section details the SVLAN in VFP mode.
SVLAN supports five service types. Users can flexibly choose a combination of these
8-1
service types according to their own network. This ensures that SVLAN applies proper
service types for different networking environments.
The following sections detail all the service types.
l Service Type 1 (in1-out2)
As shown in Figure 8-1, an outer OVLAN can be added according to the designated
inner VLAN.
In uplink direction:
The switch splits data streams received on the customer port according to the
carried inner VLANs. To be specific, the switch adds outer OVLANs for data
streams according to the carried inner VLANs and then forwards the data streams
based on the L2 forwarding principle and the outer VLANs.
In downlink direction:
When receiving data streams with double tags on the uplink port, the switch
forwards them based on the L2 forwarding principle and the outer VLANs. The
switch then removes the outer tags when the data streams reach the customer
port.
8-2
Note:
There is anther configuration type, namely IFP SVLAN. The switch learns the PVID
by using the function of MAC address learning and then redirects to the uplink port.
Therefore, in the downlink direction, data streams are broadcast in OVLANs as
unknown unicast to the customer port.
In uplink direction:
The switch splits data streams received on the customer port according to the
carried inner VLANs. To be specific, the switch adds outer OVLANs for data
streams according to the carried inner VLANs and configures the 802.1Q property
of OVLAN.
In downlink direction:
When receiving data streams with double tags on the uplink port, the switch
forwards them based on the L2 forwarding principle and the outer VLANs. The
switch then removes the outer tags when the data streams reach the customer
port.
8-3
Note:
There is anther configuration type, namely IFP SVLAN. The switch learns the PVID
by using the function of MAC address learning and then redirects to the uplink port.
Therefore, in the downlink direction, data streams are broadcast in OVLANs as
unknown unicast to the customer port.
In uplink direction:
The switch splits data streams received on the customer port according to the
carried inner VLANs. To be specific, the switch adds outer OVLANs for data
streams according to the carried inner VLANs and configures the 802.1Q property
of OVLAN as mapping of inner VLAN.
In downlink direction:
When receiving data streams with double tags on the uplink port, the switch
forwards them based on the L2 forwarding principle and the outer VLANs. The
8-4
switch then removes the outer tags when the data streams reach the customer
port.
Note:
There is anther configuration type, namely IFP SVLAN. The switch learns the PVID
by using the function of MAC address learning and then redirects to the uplink port.
Therefore, in the downlink direction, data streams are broadcast in OVLANs as
unknown unicast to the customer port.
In uplink direction:
The switch splits data streams received on the customer port according to the
carried inner VLANs. To be specific, the switch transparently transmits the data
streams with inner VLANs without any data processing.
In downlink direction:
When data streams with tags reach the uplink port, the switch forwards them
based on the L2 forwarding principle.
8-5
Note:
VFP:
t Just support a single port transparent transmission configuration type.
t For in-vlan any configuration type, It transparently transmits all the inner
VLANs.
IFP:
t There are two configuration types, namely configuration based on a single
session (transparent transmission for only a single inner VLAN) and
configuration based on all sessions except single-tag to double-tag sessions
(default-vlan-forwarding: transparent transmission for all inner VLANs).
t If default-vlan-forwarding is required, this function must be configured at last.
After configuration, the configuration of IFP SVLAN does not take effect.
t The switch learns the PVID by using the function of MAC address learning
and then redirects to the uplink port. Therefore, in the downlink direction,
data streams are broadcast in inner VLANs as unknown unicast to the
customer port.
8-6
Figure 8-5 Service Type 6 (utag-out1, supported only by SVLAN in IFP mode)
In uplink direction:
The switch splits data streams without any tag received on the customer port
according to their configurations. To be specific, the switch adds outer OVLANs
for the data streams and then forwards them based on the L2 forwarding principle.
In downlink direction:
When data streams with tags reach the uplink port, the switch forwards them
based on the L2 forwarding principle and then removes their tags on the customer
port.
Packets with single tag is sent to the switch. The switch adds outer tags in accordance
with policies.
The switch modifies inner VIDs and adds outer VIDs according to the properties and
VIDs carried in the single-tag packets.
The switch deletes outer VIDs according to the properties and inner and outer VIDs
carried in the received packets.
For the received double-tag packets, the switch deletes their outer tags and modifies
their inner tags according to the policy.
8-7
For the received double-tag packets, the switch modifies their outer tags according to
the policy.
The switch modifies inner VIDs according to the properties and inner and outer VIDs
carried in the received packets.
The switch modifies inner and outer VIDs according to the properties and inner and
outer VIDs carried in the received packets.
For the received double-tag packets, the switch removes the inner and outer tags in
accordance with policies.
For the received untagged packets, the switch adds inner and outer tags in
accordance with policies.
For the advanced VFP function, the customer port need not run the switchport qinq
customer command for configuration. customer refers to the updated OVLAN. In this
case, the switch forwards packets to the uplink port according to the updated OVLAN
and the MAC learns the updated OVLAN.
Note:
There is another configuration type, namely IFP SVLAN. The switch matches inner
and outer tags for the double-tag packets and then removes their outer tags. The
customer port need not run the switchport qinq customer command for configuration.
customer refers to the OVLAN before update. In this case, the switch forwards packets
to the uplink port according to the updated OVLAN and the MAC learns the OVLAN
before replacement.
8-8
Network Characteristics
1. A customer interface requires both the QinQ service and the transparent
transmission service.
2. The SmartGroup function is not enabled on the uplink interface and a BRAS
and a router exist in the uplink direction. In this case, a large number of
packets from PPPoE users are added with QinQ tags and then transmitted
to the BRAS for authentication. The packets from other private line users are
transparently transmitted to the router.
3. A network management VLAN is used to manage the T64G and its mounted
devices.
Functions Implemented by SVLAN
1. The packets with a same OVLAN can be transmitted to different networks.
In addition, the packets are forwarded to the BRAS and router respectively
based on L2 unicast.
2. The packets with the network management VLAN can be transmitted over a
same network to a device, for example, BRAS. This facilitates the NMS to
implement centralized management.
3. Different OVLANs can be added for a same inner VLAN of different interfaces.
4. OVLANs can be added for different inner VLANs on a same interface.
5. OVLANs can be added for a same inner VLAN but different IP segments on
a same interface.
Key Configuration Points
1. In addition to the sessions of in-vlan any type, the VFP SVLAN implements
unicast-based forwarding in all cases including single tag to double tags and
transparent transmission in pinpoint and global modes.
8-9
2. Compared with the transparent transmission VLAN, the IFP SVLAN usually
configures help-vlan to a VLAN that is not used, for example, 4094. In this
case, the help-vlan parameter of the uplink interface must be configured to
untag.
l Typical Network Scheme with SVLAN (Case 2)
Figure 8-7 shows the network topology.
Network Characteristics
1. A customer interface requires both the QinQ service and the transparent
transmission service.
2. The SmartGroup function is enabled on the uplink interface and a BRAS
and a router exist in the uplink direction. In this case, a large number of
packets from PPPoE users are added with QinQ tags and then transmitted
to the BRAS for authentication. The packets from other private line users are
transparently transmitted to the router. In addition, the uplink interfaces of
the BRAS and T64G are connected by using the SmartGroup function.
3. A network management VLAN is used to manage the T64G and its mounted
devices.
8-10
2. The packets with the network management VLAN can be transmitted over a
same network to a device, for example, BRAS. This facilitates the NMS to
implement centralized management.
3. Different OVLANs can be added for a same inner VLAN of different interfaces.
4. OVLANs can be added for different inner VLANs on a same interface.
5. OVLANs can be added for a same inner VLAN but different IP segments on
a same interface.
6. The load sharing of data can be implemented. That is, the link data can be
backed up and the bandwidth can be greatly expanded.
Key Configuration Points
1. In addition to the sessions of in-vlan any type, the VFP SVLAN implements
unicast-based forwarding in all cases including single tag to double tags and
transparent transmission in pinpoint and global modes.
2. Compared with the transparent transmission VLAN, the IFP SVLAN usually
configures help-vlan to a VLAN that is not used, for example, 4094. In this
case, the help-vlan parameter of the uplink interface must be configured to
untag.
3. During configuration, enter vlan session and configure uplink as
smartgroupID.
ZXR10(config)#ipv4-access-list ipv4acl
3 Configures a VFP rule.
ZXR10(config-ipv4-acl)#rule <rule-id> per <ip-address>
4 ZXR10(config-svlan)#vfp<interface-name>
Configures descriptions of a
session<session-id> 1 type <ipv4|link|ipv4-mixed|ipv6 |link
VFP session.
> description <str>
To configure the traffic statistics function for the SVLAN VFP on the ZXR10 8900E, perform
the following steps:
8-11
3 ZXR10#clear vfp statistics <interface name> session Clears session statistics for
<session-id> type <ipv4 | link | ipv4-mixed | ipv6 | link > the VFP.
To configure the enhanced VFP of an SVLAN on the ZXR10 8900E, perform the following
steps:
ZXR10(config)#ipv4-access-list ipv4acl
3 Configures a VFP rule.
ZXR10(config-ipv4-acl)#rule <rule-id> per <ip-address>
4 ZXR10(config-svlan)#vfp-extra <interface-name>
Configures descriptions of an
session<session-id> 1 type <ipv4|link|ipv4-mixed|ipv6 |link
enhanced VFP session.
> description <str>
To configure the traffic statistics function for the enhanced SVLAN VFP on the ZXR10
8900E, perform the following steps:
3 ZXR10#clear vfp statistics <interface name> session Clears session statistics for
<session-id> type <ipv4 | link | ipv4-mixed | ipv6 | link > the enhanced VFP.
To configure the SVLAN IFP on the ZXR10 8900E, perform the following steps:
8-12
Note:
Except the function of untag to single tag, the other SVLAN functions of the VFP and IFP
are the same. It is recommended that you use the SVLAN of VFP and meanwhile do not
configure two SVLANs with the same function provided by VFP and IFP.
SVLAN consists of IFP and VFP. VFP consists of common VFP and enhanced VFP. For
enhanced VFP, the downlink port cannot be set to a customer port. To enable the SVLAN,
VLAN translation and ACL function on the same port, it is necessary to set the SVLAN
function of the port to enhanced VFP.
When the same function can be accomplished by common VFP and enhanced VFP, it is
recommended that users use enhanced VFP. It is not recommended that users configure
common VFP and enhanced VFP on the same port.
Command Function
ZXR10#show vfp-config <interface name> type <acl type> Displays the VFP configuration
information on an interface.
8-13
Field Description
vfp gei-1/3/0/1 session 1 invlan 10 in type ipv4 name ipv4acl rule 1 ovlan 100
The following is sample output from the show vfp statistics gei-0/1/0/1 session 1 type ipv4
command:
8-14
Field Description
120s input rate Number of bytes per 120 seconds, and number of packets
per 120 seconds.
The following is sample output from the show running-config pm-svlan command:
ZXR10(config-svlan)#show running-config pm-svlan
!<SVLAN>
svlan-configuration
vfp gei-0/3/0/1 session 1 invlan 10 in type ipv4 name ipv4acl rule 1 ovlan 100
vlan-qinq session-no 1 customer-port gei-0/7/0/2 uplink-port gei-0/7/0/4 in-vlan 200 ovlan 400
$
!</SVLAN>
The following is sample output from the show vlan-qinq brief command:
ZXR10(config-svlan)#show vlan-qinq brief
Count:1
Free Count:3999
Sess Customer Uplink Redirect Hvlan Ovlan Invlan
1 gei-1/3/0/2 gei-1/3/0/4 400 200
Field Description
Redirect Redirection.
Invlan Inner VLAN ID, such as 1100, 200, or 300. The value untag
means packets without tags.
8-15
If the traditional method of SVLAN configuration is used, the command output is shown
below:
SVLAN configuration on the ZXR10 8900E:
ZXR10(config-svlan)#vlan-qinq session-no 1 customer-port gei-0/1/0/1 uplink-port
gei-0/1/0/2 in-vlan 10 ovlan 997
ZXR10(config-svlan)#vlan-qinq session-no 2 customer-port gei-0/1/0/1 uplink-port
gei-0/1/0/2 in-vlan 11 ovlan 998
ZXR10(config-svlan)#vlan-qinq session-no 3 customer-port gei-0/1/0/1 uplink-port
gei-0/1/0/2 in-vlan 999 untag helper-vlan 4094
8-16
ZXR10(config)#switchvlan-configuration
ZXR10(config-swvlan)#interface gei-0/1/0/1
ZXR10(config-swvlan-intf)#switchport qinq customer
ZXR10(config-swvlan-intf)#switchport mode hybrid
ZXR10(config-swvlan-intf)#switchport hybrid vlan 999 tag
ZXR10(config-swvlan-intf)#switchport hybrid vlan 997-998 untag
ZXR10(config)#interface gei-0/1/0/2
ZXR10(config-if)#no shutdown
ZXR10(config)#switchvlan-configuration
ZXR10(config-swvlan)#interface gei-0/1/0/2
ZXR10(config-swvlan-intf)#switchport mode hybrid
ZXR10(config-swvlan-intf)#switchport hybrid vlan 997-998 tag
ZXR10(config-swvlan-intf)#switchport hybrid vlan 999 tag
ZXR10(config-swvlan-intf)#switchport hybrid vlan 4094 untag
ZXR10(config-swvlan-intf)#switchport qinq uplink
8-17
8-18
9-1
ZESR Principle
In the case of a complete ZESR loop (the state of all links is up), the state of the ZESR
protocol is COMPLETE. If a fault occurs in the loop, the state of the ZESR protocol is
FAILED. Therefore, the link state of a loop determines the state of the ZESR protocol.
When the link state changes, the ZESR protocol performs link switching.
Fault detection mechanism of ZESR link: Its key mechanism is link-down. The Hello
timeout mechanism is not the default detection mechanism but it can be used after
configuration. As shown in Figure 9-2, when the interface between S3 and S4 is down,
S3 and S4 send link-down frames every 1s to the primary node S1 after detecting the
fault. After receiving the link-down frame, the S1 knows that a fault occurs on the link.
In the case of ZESR switching, the system performs operations on the interfaces and
instances protected by the domain. The instances described here are the same as those
of the STP. The ZESR uses the control VLAN as the unique ID of a domain and meanwhile
as the tag of a frame. To make full use of link bandwidth, multiple ZESR domains can be
configured on a same ring.
l ZESR Single-Ring Principle
9-2
9-3
timeout time (8s), it considers that the link recovers. In this case, the primary
node blocks the slave interface (if the fault occurs on the link connected to the
master interface on the primary node, the master interface must be enabled),
clears the bridge table of the slave interface, and sends an up-flush frame to the
transport node, notifying that the link recovers on the ring. After receiving the
up-flush frame, the transport node unblocks the interface and clears the bridge
table. When the loop changes fromFigure 9-4 to Figure 9-3, the link between S3
and S4 recovers. In this case, S3 and S4 stop sending link-down frames. If the
primary node S1 does not receive the link-down frame within the timeout time,
it considers that the link recovers. To be specific, S1 blocks the slave interface,
clears the bridge table, and sends an up-flush frame from both the master and
slave interfaces. After receiving the up-flush frame, S2, S3, and S4 unblock the
interface and clear their own bridge table.
l ZESR Multi-Ring Principle
Figure 9-5 shows the ZESR multi-ring network topology.
S1, S2, S3, and S4 form a master ring. S1 acts as the primary node, and S3, S4, S5
and S6 act as a slave ring with the level and segment of 1. S5 acts as the primary
node, S3 and S4 acts as edge assistant nodes. In addition, S3, S4, S6, and S7 form
a slave ring with the level of 2 and the segment of 1. S3 acts as an edge assistant
node, S4 acts as an edge control node. For a slave ring configured with an edge
control node, the functions of this node are similar to those of the primary node. The
state of the slave ring is determined by the edge control node after calculation. During
configuration for a domain on the slave ring, either of the primary node or the edge
control node is deployed. When the state of a slave ring is COMPLETE, the interface
of the edge control node is blocked.
9-4
Fault troubleshooting and recovery for a master ring: In the ZESR multi-ring network
topology, the fault troubleshooting and recovery for the master ring with the level
and segment of 0 are the same as those in the ZESR single-ring network topology
(described in the section "ZESR Single-Ring Principle"). The fault troubleshooting
and recovery do not affect the state of the slave ring.
Fault troubleshooting and recovery for a slave ring: When detecting a link fault, the
node on the slave ring blocks the interface connected with the faulty link and then
sends a link-down frame to the primary node (or the edge control node) and the edge
assistance node at intervals. After receiving the link-down frame, the primary node
(or the edge control node) enables the slave interface (or the access interface on the
edge control node) and meanwhile sends a down-flush frame (in the case of the edge
control node, it sends a down-flush frame to the two interfaces at the primary level).
After receiving the down-flush frame, the transport node and the edge assistance node
on the slave ring clear their own bridge table. If the state of the edge assistance node
is COMPLETE, the access interface is also used to send a down-flush frame to the two
interfaces at the primary level. When the transport node at the upper layer receives
the down-flush frame from the ring at a lower layer, it clears the bridge table on the
ring interface. In some cases, protocol frames are not processed no matter it is a
single-ring network or a multi-ring network.
When the state of the master node or the edge control node is FAILED, it takes
no actions while receiving the link-down frame from the same layer.
When the state of the transport node or the edge assistance node is FAILED, it
takes no actions while receiving the down-flush frame from the same layer.
When the state of the transport node or the edge assistance node is COMPLETE,
it takes no actions while receiving the up-flush frame from the current layer.
Fault troubleshoot and recovery for a slave ring: When detecting that a link recovers,
the node on the slave ring stops sending link-down frames. If the primary node (or
the edge control node) does not receive the link-down frame within the timeout time,
it considers that the link recovers. In this case, the primary node blocks the slave
interface (or, the edge control node blocks the access interface), clears the bridge
table on the slave interface (or access interface on the edge control node), and then
sends an up-flush frame to both the master and slave interfaces (access interface
and the two interfaces at the upper layer in the case of the edge control node). After
receiving the up-flush frame, the transport node or the edge assistance node on the
slave ring unblocks the interface and clears the bridge table of the ring interface. After
receiving the up-flush frame, the transport node at the upper layer clears the bridge
table.
Both the ZESR and the STP implement data forwarding and blocking by configuring
the status of an STP instance on the interface. Therefore, the ZESR and the STP
are mutually exclusive based on interface + instance. That is, an interface instance
managed by ZESR will not be calculated by the STP. However, its STP state will be
9-5
calculated by the ZESR. The protection instance used by the ZESR is configured
based on the STP protocol. Therefore, when the ZESR protocol is used, a protection
instance can take effect only after the STP is enabled globally. Except the interface
instances managed by the ZESR, the STP state of other interface instances is
managed by the STP protocol, which avoids a loop.
9-6
9-7
For the above ZESR commands, the parameter names are the same. Therefore, these
parameters will not be described repeatedly in the following tables. The ZESR uses control
VLAN as the unique ID of a domain.
A description of the parameters in Step 2 is as follows:
Parameter Description
snooping vpls {enable | disable} Enables or disables associating ZESR with VPLS.
Parameter Description
role {master | transit} Configures the role of a ZESR node, that is, primary node
or transport node.
level <1-2> seg <1-4> Configures the level and segment of the ZESR slave ring.
Parameter Description
preforward <9-600>[preup <0-500> Configures the preforward and preup time of a ZESR node.
The preup time is optional and can be configured only on the
primary node or the edge control node.
Parameter Description
zesr-switchtimes all Clears the statistics on switching times of all ZESR domains.
9-8
Parameter Description
ctrl-vlan <1-4094> all Clears the statistics on switching times of all the levels and
segments for a specified ZESR domain.
ctrl-vlan <1-4094> major Clears the statistics on switching times of the master ring
for a specified ZESR domain.
ctrl-vlan <1-4094> level<1-2> seg Clears the statistics on switching times of a specified level
<1-4> and segment of the slave ring for a specified ZESR domain.
Note:
The control VLAN of ZESR is special. It can be used only by the ZESR. In addition to
the control VLAN trunked on a ring interface, other interfaces cannot use this VLAN. A
ZESR ring interface cannot work in the QinQ mode. In addition, to improve switching
performance, the detection mode of a ZESR interface must be configured to fast and the
function of broadcast and unicast suppression must be configured for all the ring interfaces
and traffic interfaces.
ZESR can be associated with VPLS for only boundary nodes at the access layer.
Command Function
Parameter descriptions:
Parameter Description
9-9
The following is sample output from the show zesr brief command:
ZXR10(config)#show zesr brief
ctrl-vlan: 100 protectinstance: 1
level seg role port port level-state switch-times
major transit smartgroup1(P) gei-0/4/0/6(S) down 1
restarttime: 120(s)
port detect: fast
protocol mac: normal
Field Description
level, seg Level and segment of a domain. For a main ring, the level is
output as major and the segment is not output.
The following is sample output from the show zesr ctrl-vlan <1-4094> command:
9-10
Field Description
Field Description
If VLAN 4001 is used as the control VLAN of a ZESR domain and instance 1 is used as
the protection instance, the ZESR interface must trunk the control VLAN and the VLAN
contained in the protection instance. The detailed configuration is shown below.
ZXR10(config)#switchvlan-configuration
ZXR10(config-swvlan)#interface gei-0/1/0/1
ZXR10(config-swvlan-intf)#switchport mode trunk
9-11
Configuration Thought
1. Enter the ZESR config mode and configure the control VLAN and protection instance
of the ZESR domain.
2. Configure the level, segment, role, and interface of the ZESR node.
3. If there are other functional requirements, configure the ZESR properties further.
Configuration Commands
The configuration of S1:
ZXR10(config)#zesr
ZXR10(config-zesr)#zesr ctrl-vlan 4001 protect-instance 1
ZXR10(config-zesr)#zesr ctrl-vlan 4001 major-level role master gei-0/1/0/1 gei-0/1/0/2
9-12
The configuration of S3 and S4 is similar to that of S2 and therefore will not be described
again.
Configuration Verification
The configuration result on S1:
ZXR10(config)#show zesr ctrl-vlan 4001
ctrl-vlan: 4001 protectinstance: 1
level: major
state: up
role: master
port: gei-0/1/0/1(P) portstate: forward
port: gei-0/1/0/2(S) portstate: block
hello: 1(s) fail: 3(s)
preforward: 20(s) preup: 2(s)
switch-times: 1
9-13
Configuration Thought
1. Enter the ZESR config mode and configure the control VLAN and protection instance
of the ZESR domain.
2. Configure the level, segment, role, and interface of the ZESR node.
3. If there are other functional requirements, configure the ZESR properties further.
Configuration Commands
The configuration of S3:
ZXR10(config)#zesr
ZXR10(config-zesr)#zesr ctrl-vlan 4001 protect-instance 1
/*master ring configuration*/
ZXR10(config-zesr)#zesr ctrl-vlan 4001 major-level role
transit gei-0/1/0/1 gei-0/1/0/2
/*slave ring configuration*/
ZXR10(config-zesr)#zesr ctrl-vlan 4001 level 1 seg 1 role
edge-assistant gei-0/1/0/3
9-14
edge-control gei-0/1/0/3
Configuration Verification
The configuration result on S4:
ZXR10(config)#show zesr ctrl-vlan 4001
ctrl-vlan: 4001 protectinstance: 1
level: major
state: up
role: transit
port: gei-0/1/0/1(P) portstate: forward
port: gei-0/1/0/2(S) portstate: forward
preforward: 20(s)
switch-times: 1
level: 1 seg: 1
state: up
role: edge-control
port: gei-0/4/0/3 portstate: block
hello: 1(s) fail: 3(s)
preforward: 20(s) preup: 2(s)
switch-times: 1
level: 1 seg: 1
state: up
role: edge-assistant
port: gei-0/4/0/3 portstate: forward
preforward: 20(s)
9-15
switch-times: 1
9-16
ZESS Principle
The ZESS uses a backup link to transmit data when the active link is faulty, which protects
network connectivity. In addition, the ZESS uses a protection instance to protect the data
transmitted over network. The instance used by the ZESS is the same as that used by the
STP.
10-1
When both of the active and standby links work normally, the ZESS blocks the standby link
and forwards data by using the active link. When the active link is faulty, the ZESS blocks
the active link and forwards data by using the standby link, and meanwhile clears the bridge
table of the active link. When the active link recovers, the ZESS perform operations bases
on the configured mode (revertive or non-revertive). In the revertive mode, the ZESS
blocks the standby link, enables the active link, and meanwhile clears the bridge table of
the standby link. In the non-revertive mode, the ZESS does not perform active/standby
switching.
Both the ZESS and the STP implement data forwarding and blocking by configuring
the status of an STP instance on the interface. Therefore, the ZESS and the STP are
mutually exclusive based on interface + instance. That is, an interface instance managed
by ZESS will not be calculated by the STP. However, its STP state will be calculated by
the ZESS. The protection instance used by the ZESS is configured based on the STP
protocol. Therefore, when the ZESS protocol is used, a protection instance can take
effect only after the STP is enabled globally. Except the interface instances managed by
the ZESS, the STP state of other interface instances is managed by the STP protocol,
which avoids a loop.
ZXR10(config-zess)#zess domain <1-16> preup <1-900> This configures the preup time
of ZESS. The default value is
2s
10-2
For the above ZESS commands, the parameter names are the same. Therefore, these
parameters will not be described repeatedly in the following tables. The ZESS uses domain
ID as the unique ID of a domain.
The command parameters in step 2 are described as follows.
Parameter Description
protect-instance <0-64> Configures the protection instance of a domain, which is the same
as the STP instance in terms of parameter value.
Parameter Description
mode <revertive | non-revertive> Configures the revertive mode of a ZESS domain. The available
options are revertive and non-revertive. The default value is
revertive.
preup <1-900> Configures the preup time of a ZESS domain. The value of this
parameter ranges from 1s to 900s. The default value is 2s.
Parameter Description
port-detect {normal | fast} Configures the detection mode of a ZESS interface. The available
options are normal and fast. The default value is normal.
10-3
Caution!
To improve the switching performance of ZESS, the detection mode of a ZESS interface
must be configured to fast. In addition, the properties of broadcast and unicast
suppression must be configured for the ZESS interface and the peer interface of the link.
In addition, the STP function must be disabled for the peer interface of the ZESS link.
Otherwise, data forwarding will be affected during switching.
Command Function
Parameter Description
10-4
Configuration Thought
1. Enter the ZESS config mode and configure the ID and protection instance of the ZESR
domain.
2. Configure the interface and other parameters of a ZESR node.
3. If there are other functional requirements, configure the ZESS properties further.
Configuration Commands
The configuration of S1:
ZXR10(config)#zess
ZXR10(config-zess)#zess domain 1 protect-instance 1
ZXR10(config-zess)#zess domain 1 member primary gei-0/1/0/1 secondary gei-0/1/0/2
ZXR10(config-zess)#zess port-detect fast
/*If necessary, configure the ZESS properties, such as
the revertive mode and preup time.*/
ZXR10(config-zess)#zess domain 1 mode non-revertive
10-5
Configuration Verification
The configuration result on S1:
ZXR10(config)#show zess domain 1
domain ID: 1 protectinstance: 1
state: up mode: non-revertive
port : gei-0/1/0/1(P) portstate: forward
port : gei-0/1/0/2(S) portstate: block
preup: 300(s) changeTimes : 0
port-detect mode: fast
10-6
As shown in Figure 11-1, two switches (S1 and S4) in the ring network are connected to
the SR and BRAS in the uplink direction, which implements protection for the upstream
links of the SR and BRAS. Suppose that the link from S1 to the SR is broken. In this case,
the traffic on this link will be automatically transmitted to the SR through S4. By using the
protection function with dual nodes and dual upstream links, the system can implement
switching within 50 ms when an upstream link is faulty.
11-1
ZESR+ Principle
When the dual-node and dual-uplink ZESR+ protocol is working, two roles are available:
primary node ZESS-MASTER and transport node ZESS-TRANSIT. The nodes use the
Hello packet and interface detection function to detect link status. When the link works
properly, the primary node blocks the slave interface and enables the master interface.
At this time, the transport node enables both of the master and slave interfaces. When
detecting a link fault, the transport node blocks the interface connected with the faulty link,
clears the bridge table, and sends a link-down frame to the primary node notifying the
fault information. After receiving the link-down frame, the primary node enables the slave
interface, clears the bridge table, and sends a down-flush frame. When detecting a link
fault, the primary node actively performs link switching. The format of frames used by the
ZESR+ and the specific meanings are the same as those of the ZESR. The ZESR+ is
quite similar to the ZESR master ring in terms of function. Therefore, the ZESR+ can work
together with the ZESR.
Figure 11-2 shows a typical network topology of the ZESR+ with dual nodes and dual
upstream links. S2 is a ZESS-MASTER node and S3 is a ZESS-TRANSIT node.
The ZESR+ protects upstream links and transport node S3 sends protocol packets to S2
through the master interface. Therefore, when the ZESR+ is working, you must configure
the master interface on the link where the two nodes are directly connected. Otherwise,
an error occurs in the protocol.
11-2
Both the ZESR+ and the STP implement data forwarding and blocking by configuring the
status of an STP instance on the interface. Therefore, the ZESR+ and the STP are mutually
exclusive based on interface + instance. That is, an interface instance managed by ZESR+
will not be calculated by the STP. However, its STP state will be calculated by the ZESR+.
The protection instance used by the ZESR+ is configured based on the STP protocol.
Therefore, when the ZESR+ protocol is used, a protection instance can take effect only
after the STP is enabled globally. Except the interface instances managed by the ZESR+,
the STP state of other interface instances is managed by the STP protocol, which avoids
a loop.
11-3
The parameters of ZESR+ commands are almost the same as those of ZESR commands
in terms of parameter meaning. In a command, the role of a node is uniquely used to
distinguish whether a domain belongs to ZESR+ or ZESR.
The command parameters in step 3 are described as follows.
Parameter Description
role {zess-master | zess-transit} Configures the role of a ZESR+ domain node. ZESS-MASTER
refers to the primary node and ZESS-TRANSIT refers to a
transport node.
Command Function
Parameter Description
11-4
restarttime: 120(s)
port detect: fast
protocol mac: normal
An example of the show zesr ctrl-vlan <1-4094> command output is shown below.
ZXR10(config)#show zesr ctrl-vlan 100
ctrl-vlan: 100 protectinstance: 1
level: major
state: down
role: zess(T)
port: smartgroup1(P) portstate: block
port: gei-0/4/0/6(S) portstate: block
preforward: 20(s)
switch-times: 1
Caution!
During ZESR+ node configuration, because of special application scenarios of ZESR+,
you must configure the master interface to the link that directly connects the two nodes.
Other configuration requirements are similar to those of ZESR.
11-5
Configuration Thought
1. Enter the ZESR config mode and configure the control VLAN and protection instance
of the ZESR domain.
2. Configure the level, segment, role, and interface of the ZESR/ZESR+ node.
3. If there are other functional requirements, configure the ZESR properties further.
These properties of ZESR are applicable to the ZESR+.
Configuration Commands
The configuration of S2:
ZXR10(config)#zesr
ZXR10(config-zesr)#zesr ctrl-vlan 4001 protect-instance 1
ZXR10(config-zesr)#zesr ctrl-vlan 4001 major-level role zess-master gei-0/1/0/1 gei-0/1/0/2
ZXR10(config-zesr)#zesr ctrl-vlan 4001 level 1 seg 1 role edge-assistant gei-0/1/0/3
ZXR10(config)#zesr
ZXR10(config-zesr)#zesr ctrl-vlan 4001 protect-instance 1
ZXR10(config-zesr)#zesr ctrl-vlan 4001 major-level role zess-transit gei-0/1/0/1 gei-0/1/0/2
ZXR10(config-zesr)#zesr ctrl-vlan 4001 level 1 seg 1 role edge-assistant gei-0/1/0/3
11-6
Configuration Verification
The configuration result on S2:
ZXR10(config)#show zesr ctrl-vlan 4001
ctrl-vlan: 4001 protectinstance: 1
level: major
state: up
role: zess(M)
port: gei-0/1/0/1(P) portstate: forward
port: gei-0/1/0/2(S) portstate: block
hello: 1(s) fail: 3(s)
preforward: 20(s) preup: 2(s)
switch-times: 1
level: 1 seg: 1
state: up
role: edge-assistant
port: gei-0/1/0/3 portstate: forward
preforward: 20(s)
switch-times: 1
level: 1 seg: 1
state: up
role: edge-assistant
port: gei-0/1/0/3 portstate: forward
preforward: 20(s)
switch-times: 1
11-7
11-8
12-1
Parameter Description
Parameter Description
uplink <port> Configures the uplink interface. port refers to a physical interface
or a SmartGroup interface.
The command for clearing configuration in step 4 is the same as the above commands in
terms of description.
Command Function
Parameter Description
12-2
Configuration Thought
1. Enter the LinkGroup config mode.
2. Configure the uplink interface and downlink interface of a LinkGroup.
Configuration Commands
ZXR10(config)#linkage
ZXR10(config-linkage)#group 1 downlink gei-0/3/0/1
ZXR10(config-linkage)#group 1 downlink gei-0/3/0/2
ZXR10(config-linkage)#group 1 uplink gei-0/2/0/1
ZXR10(config-linkage)#group 1 uplink gei-0/2/0/2
Configuration Verification
ZXR10(config)#show linkage-group 1
Group 1
Uplink Interfaces:
Interface: gei-0/2/0/1 Status: up
Interface: gei-0/2/0/2 Status: up
Downlink Interfaces:
Interface: gei-0/3/0/1 Status: up
Interface: gei-0/3/0/2 Status: up
It indicates that the uplink interface and downlink interface are configured successfully.
12-3
12-4
L2PT Principle
As shown in Figure 13-1, the destination MAC address of the BPDU packets sent from
fei-0/1/0/1 on customer switch A is substituted by the MAC address configured by the users
on edge switch B. After that, the packets are broadcast in the VLAN of the receiving port.
The packets pass across the service provider network, and arrive at edge switch C. On
edge switch C, the original destination MAC addresses of the BPDU packets are restored,
and then the packets are sent to fei-0/1/0/4 of customer switch D from fei-0/1/0/3. It looks
like that customer switch A and customer switch D are connected directly. In this way,
BPDU packets of layer-2 management protocols are transmitted transparently on layer-2
switching networks.
13-1
Parameter Description
13-2
Parameter Description
Parameter Description
Command Function
The following is sample output from the show l2pt information command:
ZXR10(config-l2pt)#show l2pt information
All substituted ports: 1
Default protect pps: 100
Protocol Default destination MAC Substituted destination
stp 0180.c200.0000 0123.4567.8989
lldp 0180.c200.000e 0123.4567.8979
Field Description
All substituted ports Number of ports where the destination MAC address
substitution function is enabled.
Protocol Type of the protocol for which the destination MAC address
substitution function is enabled.
The following is sample output from the show l2pt information <interface-name> command:
ZXR10(config-l2pt-if)#show l2pt information fei-0/1/0/1
Interface: fei-0/1/0/1
Destination MAC rewrite: Enable
Protect packages per second: 50
Substituted protocol: stp
13-3
Field Description
Destination MAC rewrite Whether the destination MAC address substitution function
is enabled on the interface.
Protect packages per second Rate threshold of protocol packets on the interface.
Substituted Type of the protocol for which the destination MAC address
substitution function is enabled on the interface.
Configuration Flow
1. Enable STP on switch A and switch D.
2. Enable the destination MAC address substitution for STP BPDU packets on switch B
and switch C. Enable the substitution on the interfaces.
Configuration Commands
Configuration for switch A:
A(config)#spantree
A(config-stp)#enable
A(config-stp)#mode mstp
A(config-stp)#mst priority 32768 instance 0
A(config-stp-if-fei-0/1/0/1)#enable
13-4
D(config-stp)#enable
D(config-stp)#mode mstp
D(config-stp)#mst priority 40960 instance 0
D(config-stp-if-fei-0/1/0/4)#enable
Configuration Verification
Verify the result of configuration for switch A through the show spantree instance 0 command
as follows:
DUT1(config-if)#show spantree instance 0
MST00
Spantree enabled protocol MSTP
Root ID: Priority 32768; Address 0000.0100.0006
Hello-Time 2 sec; Max-Age 6 sec
Forward-Delay 5 sec;
Interface Prio.Nbr
Name Port ID Cost State Role Type Bound
--------------------------------------------------------------------------
fei-0/1/0/1 128.1 200000 Forward Designated p2p MSTP
Verify the result of configuration for switch D through the show spantree instance 0 command
as follows:
DUT2(config)#show spantree instance 0
MST00
Spantree enabled protocol MSTP
Root ID: Priority 32768; Address 0000.0100.0006
Hello-Time 2 sec; Max-Age 6 sec
Forward-Delay 5 sec;
13-5
Interface Prio.Nbr
Name Port ID Cost State Role Type Bound
--------------------------------------------------------------------------
fei-0/1/0/4 128.1 200000 Forward Root p2p MSTP
13-6
II
MAC
- Media Access Control
MAN
- Metropolitan Area Network
MEN
- Metro Ethernet Network
MPLS
- Multiprotocol Label Switching
MSTP
- Multiple Spanning Tree Protocol
PVLAN
- Private Virtual Local Area Network
STP
- Spanning Tree Protocol
SVLAN
- Selective Virtual Local Area Network
TCI
- Tag Control Information
III
TCP/IP
- Transmission Control Protocol/Internet Protocol
TLV
- Type/Length/Value
TPID
- Tag Protocol Identifier
VLAN
- Virtual Local Area Network
VPLS
- Virtual Private LAN Service
VPN
- Virtual Private Network
ZESR
- ZTE Ethernet Switch Ring
ZESS
- ZTE Ethernet Smart Switch
IV