MANUAL 8600-4.1

Part No. 314725-E Rev 00May 2006

4655 Great America ParkwaySanta Clara, CA 95054

Configuring VLANs, Spanning Tree, and Link AggregationEthernet Routing Switch 8600 Software Release 4.1

2

Copyright © 2006 Nortel Networks. All Rights Reserved.

The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full responsibility for their applications of any products specified in this document. The information in this document is proprietary to Nortel Networks.

Trademarks

Nortel, the Nortel logo, and the Globemark are trademarks of Nortel Networks.

Adobe and Acrobat Reader are trademarks of Adobe Systems, Incorporated.

Microsoft, Windows, and Windows NT are trademarks of Microsoft Corporation.

The asterisk after a name denotes a trademarked item.

Restricted rights legend

Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.

Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.

Statement of conditions

In the interest of improving internal design, operational function, and/or reliability, Nortel reserves the right to make changes to the products described in this document without notice.

Nortel does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.

Portions of the code in this software product may be Copyright © 1988, Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms of such portions are permitted, provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that such portions of the software were developed by the University of California, Berkeley. The name of the University may not be used to endorse or promote products derived from such portions of the software without specific prior written permission.

SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED “AS IS” AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

In addition, the program and information contained herein are licensed only pursuant to a license agreement that contains restrictions on use and disclosure (that may incorporate by reference certain limitations and notices imposed by third parties).

Nortel software license agreement

This Software License Agreement (“License Agreement”) is between you, the end-user (“Customer”) and Nortel Corporation and its subsidiaries and affiliates (“Nortel”). PLEASE READ THE FOLLOWING CAREFULLY. YOU MUST ACCEPT THESE LICENSE TERMS IN ORDER TO DOWNLOAD AND/OR USE THE SOFTWARE. USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OF THIS LICENSE

314725-E Rev 00

3

AGREEMENT. If you do not accept these terms and conditions, return the Software, unused and in the original shipping container, within 30 days of purchase to obtain a credit for the full purchase price.

“Software” is owned or licensed by Nortel, its parent or one of its subsidiaries or affiliates, and is copyrighted and licensed, not sold. Software consists of machine-readable instructions, its components, data, audio-visual content (such as images, text, recordings or pictures) and related licensed materials including all whole or partial copies. Nortel grants you a license to use the Software only in the country where you acquired the Software. You obtain no rights other than those granted to you under this License Agreement. You are responsible for the selection of the Software and for the installation of, use of, and results obtained from the Software.

1.Licensed Use of Software. Nortel grants Customer a nonexclusive license to use a copy of the Software on only one machine at any one time or to the extent of the activation or authorized usage level, whichever is applicable. To the extent Software is furnished for use with designated hardware or Customer furnished equipment (“CFE”), Customer is granted a nonexclusive license to use Software only on such hardware or CFE, as applicable. Software contains trade secrets and Customer agrees to treat Software as confidential information using the same care and discretion Customer uses with its own similar information that it does not wish to disclose, publish or disseminate. Customer will ensure that anyone who uses the Software does so only in compliance with the terms of this Agreement. Customer shall not a) use, copy, modify, transfer or distribute the Software except as expressly authorized; b) reverse assemble, reverse compile, reverse engineer or otherwise translate the Software; c) create derivative works or modifications unless expressly authorized; or d) sublicense, rent or lease the Software. Licensors of intellectual property to Nortel are beneficiaries of this provision. Upon termination or breach of the license by Customer or in the event designated hardware or CFE is no longer in use, Customer will promptly return the Software to Nortel or certify its destruction. Nortel may audit by remote polling or other reasonable means to determine Customer’s Software activation or usage levels. If suppliers of third party software included in Software require Nortel to include additional or different terms, Customer agrees to abide by such terms provided by Nortel with respect to such third party software.

2.Warranty. Except as may be otherwise expressly agreed to in writing between Nortel and Customer, Software is provided “AS IS” without any warranties (conditions) of any kind. Nortel DISCLAIMS ALL WARRANTIES (CONDITIONS) FOR THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT. Nortel is not obligated to provide support of any kind for the Software. Some jurisdictions do not allow exclusion of implied warranties, and, in such event, the above exclusions may not apply.

3.Limitation of Remedies. IN NO EVENT SHALL Nortel OR ITS AGENTS OR SUPPLIERS BE LIABLE FOR ANY OF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTY CLAIM; b) LOSS OF, OR DAMAGE TO, CUSTOMER’S RECORDS, FILES OR DATA; OR c) DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS), WHETHER IN CONTRACT, TORT OR OTHERWISE (INCLUDING NEGLIGENCE) ARISING OUT OF YOUR USE OF THE SOFTWARE, EVEN IF Nortel, ITS AGENTS OR SUPPLIERS HAVE BEEN ADVISED OF THEIR POSSIBILITY. The forgoing limitations of remedies also apply to any developer and/or supplier of the Software. Such developer and/or supplier is an intended beneficiary of this Section. Some jurisdictions do not allow these limitations or exclusions and, in such event, they may not apply.

4.Generala. If Customer is the United States Government, the following paragraph shall apply: All Nortel Software

available under this License Agreement is commercial computer software and commercial computer software documentation and, in the event Software is licensed for or on behalf of the United States Government, the respective rights to the software and software documentation are governed by Nortel standard commercial license in accordance with U.S. Federal Regulations at 48 C.F.R. Sections 12.212 (for non-DoD entities) and 48 C.F.R. 227.7202 (for DoD entities).

b. Customer may terminate the license at any time. Nortel may terminate the license if Customer fails to comply with the terms and conditions of this license. In either event, upon termination, Customer must either return the Software to Nortel or certify its destruction.

Configuring VLANs, Spanning Tree, and Link Aggregation

4

c. Customer is responsible for payment of any taxes, including personal property taxes, resulting from Customer’s use of the Software. Customer agrees to comply with all applicable laws including all applicable export and import laws and regulations.

d. Neither party may bring an action, regardless of form, more than two years after the cause of the action arose.

e. The terms and conditions of this License Agreement form the complete and exclusive agreement between Customer and Nortel.

f. This License Agreement is governed by the laws of the country in which Customer acquires the Software. If the Software is acquired in the United States, then this License Agreement is governed by the laws of the state of New York.

314725-E Rev 00

5

Contents

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Text conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Hard-copy technical manuals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

How to get help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Finding the latest updates on the Nortel web site . . . . . . . . . . . . . . . . . . . . . . . . . 35

Getting help from the Nortel web site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Getting help over the phone from a Nortel Solutions Center . . . . . . . . . . . . . . . . . 36

Getting help from a specialist by using an Express Routing Code . . . . . . . . . . . . 36

Getting help through a Nortel distributor or reseller . . . . . . . . . . . . . . . . . . . . . . . . 36

Chapter 1Layer 2 operational concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Port-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Policy-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Port membership types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Protocol-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

User-defined protocol-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

MAC address-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

IP subnet-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Multihoming support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

VLAN tagging and port types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

802.1Q tagged ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Treatment of tagged and untagged frames . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Untagging Default VLAN on a Tagged Port feature . . . . . . . . . . . . . . . . . . . . . 50


6 Contents

VLAN virtual router interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

IP routing and VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

IPX routing and VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

VLAN implementation on the Ethernet Routing Switch 8600 . . . . . . . . . . . . . . . . 53

Default VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Unassigned VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Brouter ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

VLAN rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

VLAN features supported on the Ethernet Routing Switch 8600 modules . . . . . . 55

MultiLink trunking and VLAN scalability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

VLAN scaling formulas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Maximum VLAN support comparison with Enhanced Operation mode . . . . . 57

Module behavior comparison with Enhanced Operation mode . . . . . . . . . . . . 58

Interoperability between operation mode and module type . . . . . . . . . . . . . . 58

Stacked VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

sVLAN specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

sVLAN rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

sVLAN levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

sVLAN UNI and NNI ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Flooding for Microsoft NLB clustering systems in unicast mode . . . . . . . . . . . . . . 63

VLAN MAC filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Prevention of IP spoofing within a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

VLAN Loop Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Spanning tree protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Spanning tree groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Spanning Tree Protocol controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Spanning Tree FastStart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Understanding STGs and VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Spanning Tree Protocol topology change detection . . . . . . . . . . . . . . . . . . . . 70

Per-VLAN spanning tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Rapid Spanning Tree Protocol and Multiple Spanning Tree Protocol . . . . . . . . . . 73

Interoperability with legacy STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Link aggregation (MLT, SMLT, LACP, VLACP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

MultiLink Trunking (MLT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

314725-E Rev 00

Contents 7

MLT traffic distribution algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

MultiLink Trunking rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Multicast flow distribution over MLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Multicast distribution algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Multicast traffic redistribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

MLT examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

IEEE 802.3ad-based link aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

LACP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Link aggregation operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Principles of link aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

LACP and MLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

LACP and SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

LACP and routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

LACP priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

LACP keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

LACP timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

LACP modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

LACP and spanning tree interaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Link aggregation rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Virtual LACP (VLACP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

VLACP timers and sub-100 ms core convergence . . . . . . . . . . . . . . . . . . . . 104

Split MultiLink Trunking (SMLT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Advantages of SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

How does SMLT work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Traffic flow in an SMLT environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

SMLT-on-Single-CPU feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Single Port SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Split multilink trunk topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Using MLT-based SMLT with Single Port SMLT . . . . . . . . . . . . . . . . . . . . . . 125

Interaction between SMLT and LACP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

SMLT network design considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

SMLT and SLPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

SMLT and IP routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128


8 Contents

Simple Loop Prevention Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Chapter 2Configuring VLANs using Device Manager . . . . . . . . . . . . . . . . . . . . . . . . 135

Displaying defined VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Configuring port-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Creating a port-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Configuring an IP address for a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Configuring a network address and encapsulation for a VLAN . . . . . . . . . . . . . . 144

Configuring policy-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Creating a source IP subnet-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

Creating a protocol-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

Configuring user-defined protocol-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . 150

Creating a source MAC address-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . 152

Enabling source MAC address-based VLANs on the system . . . . . . . . . . . . 152

Configuring a source MAC address-based VLAN . . . . . . . . . . . . . . . . . . . . . 154

Creating a source MAC address-based VLAN using batch files . . . . . . . . . . 157

Managing a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Changing VLAN port membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Configuring advanced VLAN features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

Configuring VLAN forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

Configuring a VLAN to accept tagged or untagged frames . . . . . . . . . . . . . . . . . 165

Configuring Untagging Default VLAN on a Tagged Port . . . . . . . . . . . . . . . . . . . 169

Configuring MAC address auto-learning on a VLAN . . . . . . . . . . . . . . . . . . . . . . 170

Modifying auto-learned MAC addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

Configuring VLAN Loop Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Configuring directed broadcast on a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Managing VLAN bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

Configuring the forwarding database timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

Viewing the forwarding database for a specific VLAN . . . . . . . . . . . . . . . . . . . . . 179

Clearing learned MAC addresses from the forwarding database . . . . . . . . . . . . 180

Clearing learned MAC addresses by VLAN . . . . . . . . . . . . . . . . . . . . . . . . . 180

Clearing learned MAC addresses for all VLANs by port . . . . . . . . . . . . . . . . 181

Configuring static forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

MAC-layer bridge packet filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

314725-E Rev 00

Contents 9

Configuring a MAC-layer bridge filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

Configuring the Global MAC filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Configuring Enhanced Operation mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Chapter 3Configuring sVLAN using Device Manager . . . . . . . . . . . . . . . . . . . . . . . . 195

Stacked VLAN configuration overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

Creating an sVLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

Setting the sVLAN Ethertype and switch level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

Setting the sVLAN port type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

Creating an sVLAN STG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Chapter 4Configuring spanning tree using Device Manager . . . . . . . . . . . . . . . . . . 211

Choosing the spanning tree mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Configuring Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

Creating a STG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

Editing an STG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Adding ports to an STG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

Viewing the STG status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

Viewing STG ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

Enabling STP on a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

Deleting an STG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

Configuring STG topology change detection . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

Configuring Multiple Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

Configuring MSTP globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

Configuring CIST ports for MSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

Viewing statistics for the CIST ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

Configuring MSTI bridges for MSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

Configuring MSTI ports for MSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Viewing MSTI port statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

Configuring Rapid Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

Configuring RSTP globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

Configuring RSTP ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Viewing RSTP status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245


10 Contents

Viewing statistics for RSTP Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

Chapter 5Configuring link aggregation using Device Manager . . . . . . . . . . . . . . . . 249

Configuring link aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Configuring LACP globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

Configuring VLACP globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

Adding a MultiLink/LACP trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Adding ports to a multilink trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

Viewing multilink trunk interface statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

Viewing multilink trunk Ethernet error statistics . . . . . . . . . . . . . . . . . . . . . . . . . . 261

Managing LACP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

Configuring a port for LACP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

Configuring a port for Virtual LACP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

Viewing LACP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273

Configuring Split Multilink Trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276

Adding a MLT-based SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276

Viewing MLT-based SMLTs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

Adding ports to an MLT-based SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

Configuring an IST multilink trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

Editing an IST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282

Viewing IST statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283

Configuring a single port split multilink trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

Viewing Single Port SMLTs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

Deleting a Single Port SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

Configuring Simple Loop Prevention Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290

Configuring SLPP globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290

Configuring the SLPP by VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291

Configuring the SLPP by port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

Chapter 6Configuring multiple DSAP and SSAP using Device Manager . . . . . . . . 297

Design aspects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

Configuring multiple DSAPs and SSAPs per VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . 300

314725-E Rev 00

Contents 11

Chapter 7Configuring and managing VLANs using the CLI. . . . . . . . . . . . . . . . . . . 303

Roadmap of VLAN commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

Configuring and managing a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308

Creating a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308

Performing general VLAN operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

Configuring VLAN parameters in the forwarding database . . . . . . . . . . . . . . . . . 316

Configuring or modifying VLAN entries in the forwarding database . . . . . . . 316

Configuring VLAN filter members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317

Setting or modifying parameters of VLAN not allowed filter member . . . . . . 318

Configuring VLAN static member parameters . . . . . . . . . . . . . . . . . . . . . . . . 320

Limiting MAC learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

Adding or removing VLAN ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323

Adding or removing VLAN source MAC addresses . . . . . . . . . . . . . . . . . . . . . . . 324

Configuring NLB unicast support on an IP interface . . . . . . . . . . . . . . . . . . . . . . 325

Configuring Untagging Default VLAN on a Tagged Port . . . . . . . . . . . . . . . . . . . 325

Configuring Enhanced Operation mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326

Configuring VLAN Loop Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

Configuring spoof detection for a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332

Using the VLAN show commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333

Displaying general VLAN information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333

Displaying forwarding database information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347

Displaying forwarding database filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348

Displaying database status, MAC address, and QoS levels . . . . . . . . . . . . . . . . 349

Displaying additional parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350

Displaying ARP configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351

Displaying VLAN information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352

Displaying brouter port information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353

Displaying IGMP switch operation information . . . . . . . . . . . . . . . . . . . . . . . . . . 354

Displaying VLAN routing (IP) configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355

Displaying port member status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356

Displaying source MAC addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357

Using the show ports commands for VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358

Displaying port tagging information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359

Displaying all port VLAN information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360


12 Contents

Using the VLAN IP commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

Assigning an IP address to a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

Chapter 8Configuring sVLANs using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365

Roadmap of sVLAN commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366

Overview of sVLAN CLI configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367

Creating an sVLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368

Setting the Ethertype and switch level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370

Showing Ethertype and switch level information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

Setting the sVLAN port type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373

Creating an sVLAN STG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376

Adding UNI or NNI ports to the STG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378

Chapter 9Configuring STGs using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379

Roadmap of spanning tree commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380

Configuring the spanning tree protocol mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384

Configuring Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385

Configuring spanning tree group parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . 385

Configuring STG port parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

Configuring topology change detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389

Querying the change detection setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390

Using the show STG commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392

Displaying all STG information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393

Displaying STG configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397

Displaying STG status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398

Displaying basic STG information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398

Displaying additional STG information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399

Displaying STG statistics counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401

Configuring Rapid Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403

Configuring Rapid Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403

Showing RSTP config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404

Showing RSTP stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405

Showing RSTP status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406

314725-E Rev 00

Contents 13

Showing ports info RSTP config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407

Showing ports info RSTP stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408

Showing ports info RSTP status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409

Showing ports info RSTP config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410

Showing ports info RSTP role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411

Configuring Ethernet RSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412

Configuring Multiple Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413

Configuring Multiple Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . 414

Configuring MSTP region . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414

Configuring MSTP CIST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415

Configuring MSTP MSTI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416

Showing MSTP configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417

Showing MSTP instance information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418

Showing MSTP stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419

Showing MSTP status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420

Showing MSTP port information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421

Configuring Ethernet MSTP CIST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424

Configuring Ethernet MSTP MSTI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425

Chapter 10Configuring link aggregation using the CLI . . . . . . . . . . . . . . . . . . . . . . . 427

Roadmap of link aggregation commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428

Configuring link aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433

Link aggregation commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433

Adding ports to a link aggregation group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435

Removing ports from a link aggregation group . . . . . . . . . . . . . . . . . . . . . . . . . . 437

Global LACP commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438

Aggregator configuration commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440

Port configuration commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441

LACP show commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443

Displaying global LACP configuration information . . . . . . . . . . . . . . . . . . . . 443

Displaying LACP configuration information . . . . . . . . . . . . . . . . . . . . . . . . . . 444

Displaying LACP statistics information per port . . . . . . . . . . . . . . . . . . . . . . 446

Displaying LACP configuration information per aggregator . . . . . . . . . . . . . 448

Configuring VLACP on a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451


14 Contents

Displaying the VLACP port configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 452

Globally enabling or disabling VLACP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454

Creating a split multilink trunk from an existing multilink trunk . . . . . . . . . . . . . . 455

Creating an interswitch trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456

Creating an interswitch trunk from an existing multilink trunk . . . . . . . . . . . . 457

Enabling and disabling an interswitch trunk . . . . . . . . . . . . . . . . . . . . . . . . . 458

Configuring CP-Limit for an IST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459

Deleting an interswitch trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460

Creating a single port split multilink trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460

Configuration example: single port split multilink trunk . . . . . . . . . . . . . . . . . 461

Configuring SMLT-on-Single-CPU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462

Using the MLT and SMLT show commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

Displaying all multilink trunk information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

Displaying information about collision errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467

Displaying information about Ethernet errors . . . . . . . . . . . . . . . . . . . . . . . . . . . 467

Displaying multilink trunk status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468

Displaying interswitch trunk status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469

Displaying split multilink trunk status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470

Displaying all ports configured for single port split multilink trunk . . . . . . . . . . . . 471

Displaying a port configured for Single Port SMLT . . . . . . . . . . . . . . . . . . . . . . . 471

Displaying MLT statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472

Troubleshooting SMLT problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

Troubleshooting IST problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

Troubleshooting problems with a single user . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476

Global MAC filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477

Configuring Simple Loop Prevention Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478

Configuring SLPP on a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480

Showing SLPP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481

Showing SLPP port information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482

Chapter 11Configuring multiple DSAP and SSAP using the CLI . . . . . . . . . . . . . . . . 483

Design aspects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484

Configuring multiple DSAP and SSAP with the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . 487

314725-E Rev 00

Contents 15

Chapter 12Device Manager configuration examples . . . . . . . . . . . . . . . . . . . . . . . . . 491

LACP point to point LAG configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491

SMLT and LACP configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495

Single Port SMLT and LACP configuration example . . . . . . . . . . . . . . . . . . . . . . . . . 500

Chapter 13CLI configuration examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503

MultiLink Trunking configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504

Single Port SMLT with SLPP configuration example . . . . . . . . . . . . . . . . . . . . . . . . . 505

SMLT triangle with loop detection configuration example . . . . . . . . . . . . . . . . . . . . . 508

Square SMLT configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514

Full mesh SMLT configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518

SMLT and VRRP configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522

SMLT and multicast configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525

Triangle SMLT and LACP configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526

Single Port SMLT and LACP configuration example . . . . . . . . . . . . . . . . . . . . . . . . . 528

SLPP, VRRP BackupMaster, and SMLT configuration example . . . . . . . . . . . . . . . . . 532

Ping Snoop configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 540

LACP point to point LAG configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541

Enabling VLACP on Ethernet links configuration example . . . . . . . . . . . . . . . . . . . . . 543

Per-VLAN Spanning Tree Plus (PVST+) configuration examples . . . . . . . . . . . . . . . 544

Configuring PVST+ on an Ethernet Routing Switch 8600 . . . . . . . . . . . . . . . . . . 544

Configuration example—basic PVST+ setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545

Configuration example—load balancing with the Ethernet Routing Switch 8600 as a distribution switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547

Configuration files for S1 and S2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550

Configuration example—load balancing with the Cisco System switch as a distribution switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552

Cisco Systems default spanning tree settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 553

Setting the PVST+ bridge ID priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553

Rapid Spanning Tree Protocol configuration example . . . . . . . . . . . . . . . . . . . . . . . . 554

Multiple Spanning Tree Protocol configuration example . . . . . . . . . . . . . . . . . . . . . . 559

Appendix A


16 Contents

Tap and OctaPID assignment (Release 3.x feature set) . . . . . . . . . . . . . . 567

Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577

314725-E Rev 00

17

Figures

Figure 1 Port-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Figure 2 Dynamic protocol-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Figure 3 PPPoE and IP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Figure 4 Incorrect use of an IP subnet-based VLAN . . . . . . . . . . . . . . . . . . . . . . . 47

Figure 5 VLAN tag insertion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Figure 6 Network with IP phone and PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Figure 7 Formulas used for VLAN scaling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Figure 8 sVLAN model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Figure 9 One layer sVLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Figure 10 Two layer sVLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Figure 11 Multiple spanning tree groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Figure 12 802.1d spanning tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Figure 13 Multiple instances of spanning tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Figure 14 Negotiation process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Figure 15 Config sys set hash-calc output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Figure 16 Switch-to-switch multilink trunk configuration . . . . . . . . . . . . . . . . . . . . . . 88

Figure 17 Switch-to-server multilink trunk configuration . . . . . . . . . . . . . . . . . . . . . . 89

Figure 18 Client/server multilink trunk configuration . . . . . . . . . . . . . . . . . . . . . . . . . 90

Figure 19 Link aggregation sublayer (according to IEEE 802.3ad) . . . . . . . . . . . . . . 93

Figure 20 Problem description (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Figure 21 Problem description (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Figure 22 Sub-100 ms convergence between SuperMezz modules . . . . . . . . . . . . 106

Figure 23 Resilient networks with Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . 109

Figure 24 Resilient networks with SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

Figure 25 Ethernet Routing Switch 8600 as SMLT aggregation switches . . . . . . . 111

Figure 26 Output of the command show vlan info fdb-e 10 . . . . . . . . . . . . . . . . . . 117

Figure 27 Network topology for traffic flow example . . . . . . . . . . . . . . . . . . . . . . . . 118

Figure 28 Single Port SMLT topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Figure 29 SMLT triangle topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122


18 Figures

Figure 30 SMLT square topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Figure 31 SMLT full mesh topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Figure 32 Changing a split trunk from MLT-based SMLT to Single Port SMLT . . . 125

Figure 33 SLPP frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

Figure 34 VLAN—Basic tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Figure 35 VLAN, Insert Basic box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Figure 36 VlanPortMembers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Figure 37 IP, VLAN box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Figure 38 IP, VLAN, Insert IP Address box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

Figure 39 IPX, VLAN—Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

Figure 40 IPX, VLAN—Insert Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145


Figure 42 VLAN, Insert Basic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Figure 43 Chassis, System Flags tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Figure 44 VLAN, Insert Basic—bySrcMac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155


Figure 46 PortMembers box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

Figure 47 VLAN—Advanced tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

Figure 48 VLAN—Forwarding tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

Figure 49 VLAN, Forwarding—Filter tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

Figure 50 Port—Interface tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

Figure 51 Port—VLAN tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

Figure 52 VLAN—UntagDefaultVlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

Figure 53 VLanMacLearning—Manual Edit tab . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

Figure 54 VLanMacLearning, Insert Manual Edit box . . . . . . . . . . . . . . . . . . . . . . . 171

Figure 55 BridgeManualEditPorts box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Figure 56 VLanMacLearning—Auto Learn tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

Figure 57 Port—VLAN loop detect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

Figure 58 Loop Detected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Figure 59 IP, VLAN—Direct Broadcast tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

Figure 60 Bridge, VLAN—FDB Aging tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

Figure 61 Bridge, VLAN—Forwarding tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

Figure 62 VLAN—Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

Figure 63 Port—Interface, FlushMacFDB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

Figure 64 Bridge, VLAN—Static tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

314725-E Rev 00

Figures 19

Figure 65 Bridge, VLAN—Insert Static box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

Figure 66 BridgeStaticPort . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

Figure 67 Bridge, VLAN—Filter tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

Figure 68 Bridge, VLAN—Insert Filter box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Figure 69 BridgeFilterPort . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Figure 70 BridgeFilterSrcDiscard box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

Figure 71 BridgeFilterDestDiscard box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

Figure 72 GlobalMacFiltering tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

Figure 73 GlobalMacFiltering, Insert Mac Filter box . . . . . . . . . . . . . . . . . . . . . . . . 190

Figure 74 Chassis—System Flags tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

Figure 75 Chassis—System SaveRuntimeConfig . . . . . . . . . . . . . . . . . . . . . . . . . 193

Figure 76 VLAN—Basic tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

Figure 77 Insert Basic—for sVLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198


Figure 79 SVLAN—Ether Type tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

Figure 80 Svlan box—Level tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

Figure 81 Port box—Interface tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

Figure 82 Port—VLAN tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

Figure 83 sVLAN configuration warning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

Figure 84 STG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Figure 85 STG, Insert Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

Figure 86 Spanning Tree—Globals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

Figure 87 STG—Configuration tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

Figure 88 STG, Insert Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Figure 89 StgPortMembers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

Figure 90 StgPortMembers box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

Figure 91 STG—Status tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

Figure 92 STG—Ports tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

Figure 93 MSTP—Globals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

Figure 94 MSTP—CIST Port tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

Figure 95 CIST Port Stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

Figure 96 MSTP—MSTI Bridges tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

Figure 97 MSTP—MSTI Port tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Figure 98 MSTI Port.BridgeInstance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

Figure 99 RSTP—Globals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241


20 Figures

Figure 100 RSTP—RSTP Ports tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

Figure 101 RSTP Status tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

Figure 102 RSTP Port—RSTP Stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

Figure 103 MLT_LACP—LACP Global tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Figure 104 VLACP Global . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Figure 105 MLT_LACP—MultiLink/LACP Trunks . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

Figure 106 MLT_LACP, Insert MultiLink/LACP Trunks box . . . . . . . . . . . . . . . . . . . . 255

Figure 107 MltPortMembers box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

Figure 108 Statistics, MLT—Interface tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

Figure 109 Statistics, MLT—Ethernet Errors tab . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

Figure 110 MLT_LACP—LACP tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

Figure 111 Port—LACP tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

Figure 112 Port—VLACP tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

Figure 113 Graph Port—Interface tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274

Figure 114 Graph Port—LACP tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274

Figure 115 SMLT—SMLT Info tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

Figure 116 IST MLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

Figure 117 IST MLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282

Figure 118 Ist/SMLT Stats tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284

Figure 119 Port—SMLT tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

Figure 120 Port, Insert SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

Figure 121 SMLT—Single Port SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

Figure 122 Deleting a Single Port SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

Figure 123 SLPP—Global . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290

Figure 124 Slpp—VLANS tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291

Figure 125 Slpp, Insert VLANS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

Figure 126 Slpp—Insert VlanId . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

Figure 127 Slpp—Ports tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

Figure 128 VLAN—Advanced tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301

Figure 129 VLAN—DSAP/SSAP VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301

Figure 130 DSAP/SSAP, VLAN, Insert DSAP/SSAP . . . . . . . . . . . . . . . . . . . . . . . . 301

Figure 131 Config vlan create info command output . . . . . . . . . . . . . . . . . . . . . . . . 313

Figure 132 Config vlan info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314

Figure 133 Config vlan ports info command output . . . . . . . . . . . . . . . . . . . . . . . . . 324

Figure 134 Configuration example for supporting 1980 VLANs command output . . 327

314725-E Rev 00

Figures 21

Figure 135 Config and show sys link-flap-detect command output . . . . . . . . . . . . . 329

Figure 136 Sample configuration using the loop-detect commands. . . . . . . . . . . . . 331

Figure 137 Show vlan info all command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334

Figure 138 Show vlan info fdb-entry command output . . . . . . . . . . . . . . . . . . . . . . . 347

Figure 139 Show vlan info fdb-filter command output . . . . . . . . . . . . . . . . . . . . . . . . 348

Figure 140 Show vlan info fdb-static command output . . . . . . . . . . . . . . . . . . . . . . . 349

Figure 141 Show vlan info advance command output . . . . . . . . . . . . . . . . . . . . . . . 351

Figure 142 Show vlan info arp command output . . . . . . . . . . . . . . . . . . . . . . . . . . . 352

Figure 143 Show vlan info basic command output . . . . . . . . . . . . . . . . . . . . . . . . . 353

Figure 144 Show vlan info brouter-port command output . . . . . . . . . . . . . . . . . . . . . 354

Figure 145 Show vlan info igmp command output . . . . . . . . . . . . . . . . . . . . . . . . . . 355

Figure 146 Show vlan info ip command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356

Figure 147 Show vlan info ports command output . . . . . . . . . . . . . . . . . . . . . . . . . . 357

Figure 148 Show vlan info srcmac command output . . . . . . . . . . . . . . . . . . . . . . . . 358

Figure 149 Show ports info vlan command output . . . . . . . . . . . . . . . . . . . . . . . . . . 359

Figure 150 Show ports info port all command output . . . . . . . . . . . . . . . . . . . . . . . . 361

Figure 151 Config vlan ip info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363

Figure 152 Config vlan info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369

Figure 153 Sample command output for creating an sVLAN . . . . . . . . . . . . . . . . . . 370

Figure 154 Config svlan info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

Figure 155 Show svlan info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372

Figure 156 sVLAN-porttype warning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373

Figure 157 Config ethernet <ports> info command output . . . . . . . . . . . . . . . . . . . . 375

Figure 158 Config stg info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378

Figure 159 Spanning tree mode commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384

Figure 160 Config stg info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

Figure 161 Config ethernet <slot/port> stg <sid> info command output . . . . . . . . . . 389

Figure 162 Show ports info stg main command output . . . . . . . . . . . . . . . . . . . . . . . 391

Figure 163 Show stg show-all sample output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394

Figure 164 Show stg info config command output . . . . . . . . . . . . . . . . . . . . . . . . . . 397

Figure 165 Show stg info status command output . . . . . . . . . . . . . . . . . . . . . . . . . . 398

Figure 166 Show ports info stg main command output . . . . . . . . . . . . . . . . . . . . . . . 399

Figure 167 Show ports info stg extended command output . . . . . . . . . . . . . . . . . . . 400

Figure 168 Show ports stats stg command (partial output) . . . . . . . . . . . . . . . . . . . 402

Figure 169 Show rstp config command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405


22 Figures

Figure 170 Show rstp stats command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406

Figure 171 Show rstp status command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407

Figure 172 Show ports info rstp config command output . . . . . . . . . . . . . . . . . . . . . 408

Figure 173 Show ports info rstp stats command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409

Figure 174 Show ports info rstp status command . . . . . . . . . . . . . . . . . . . . . . . . . . . 410

Figure 175 Show ports info rstp config command . . . . . . . . . . . . . . . . . . . . . . . . . . . 411

Figure 176 Show ports info rstp role command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412

Figure 177 Config mstp info command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414

Figure 178 Config mstp region command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415

Figure 179 Config mstp cist command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416

Figure 180 Config mstp msti command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417

Figure 181 Show mstp config. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418

Figure 182 Show mstp instance command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419

Figure 183 Show mstp stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420

Figure 184 Show mstp status command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421

Figure 185 Show ports info mstp cistinfo command output . . . . . . . . . . . . . . . . . . . 423

Figure 186 Config mlt info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435

Figure 187 Show lacp info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444

Figure 188 Show ports info lacp all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446

Figure 189 Show ports stats lacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447

Figure 190 Show mlt lacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449

Figure 191 Show mlt lacp info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450

Figure 192 Show ports info vlacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453

Figure 193 Show ports info vlacp all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454

Figure 194 Config mlt ist create ip vlan-id command output . . . . . . . . . . . . . . . . . . . 458

Figure 195 Config mlt ist enable/disable command output . . . . . . . . . . . . . . . . . . . . 459

Figure 196 Configuration example: Single Port SMLT . . . . . . . . . . . . . . . . . . . . . . . 462

Figure 197 Show mlt show-all sample output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464

Figure 198 Show mlt show-all sample output (continued) . . . . . . . . . . . . . . . . . . . . 465

Figure 199 Show mlt show-all sample output (continued) . . . . . . . . . . . . . . . . . . . . 466

Figure 200 Show mlt error collision command output . . . . . . . . . . . . . . . . . . . . . . . . 467

Figure 201 Show mlt error main command output . . . . . . . . . . . . . . . . . . . . . . . . . . 468

Figure 202 Show mlt info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469

Figure 203 Show mlt ist info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469

Figure 204 Show smlt info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470

314725-E Rev 00

Figures 23

Figure 205 Show ports info smlt command output . . . . . . . . . . . . . . . . . . . . . . . . . . 471

Figure 206 Show ports info config command output . . . . . . . . . . . . . . . . . . . . . . . . . 472

Figure 207 Show mlt stats command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

Figure 208 Show mlt ist stat command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

Figure 209 Show mlt ist info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475

Figure 210 Show mlt smlt info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475

Figure 211 Show vlan info fdb-entry command output . . . . . . . . . . . . . . . . . . . . . . . 476

Figure 212 Config fdb fdb-filter info command output . . . . . . . . . . . . . . . . . . . . . . . . 477

Figure 213 Show fdb fdb-filter command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478

Figure 214 Config slpp slpp info command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480

Figure 215 Config ethernet command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481

Figure 216 Show slpp info command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481

Figure 217 Show ports info slpp command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482

Figure 218 Config vlan create byprotocol commands . . . . . . . . . . . . . . . . . . . . . . . . 489

Figure 219 Point to point LAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492

Figure 220 MLT LCAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492

Figure 221 Insert Multilink/LACP Trunks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493

Figure 222 MLT_LACP tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494

Figure 223 Port LACP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495

Figure 224 SMLT and LACP configuration example . . . . . . . . . . . . . . . . . . . . . . . . . 496

Figure 225 Insert Multilink/LACP Trunks box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498

Figure 226 MLT LACP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499

Figure 227 MLT_LACP—LACP tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499

Figure 228 Network topology for Single Port SMLT example . . . . . . . . . . . . . . . . . . 500

Figure 229 Port box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501

Figure 230 Insert SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502

Figure 231 LACP enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502

Figure 232 MLT within a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504

Figure 233 Single Port SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506

Figure 234 SMLT triangle configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . 508

Figure 235 Show mlt info output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511

Figure 236 Show mlt commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512

Figure 237 Show mlt commands, part 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513

Figure 238 Loop detection commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514

Figure 239 Square SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515


24 Figures

Figure 240 Full mesh SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519

Figure 241 Network topology for SMLT and VRRP . . . . . . . . . . . . . . . . . . . . . . . . . . 523

Figure 242 SMLT and IEEE 802.3ad configuration example . . . . . . . . . . . . . . . . . . 526

Figure 243 Network topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530

Figure 244 SLPP example network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533

Figure 245 Show slpp results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 534

Figure 246 Show ports info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 534

Figure 247 Show ports info interface port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535

Figure 248 Show log file tail for ERS8600B after port disabled . . . . . . . . . . . . . . . . 535

Figure 249 Enabling SMLT and show log file tail after port enabled . . . . . . . . . . . . . 536

Figure 250 Commands to configure the 8600A MLT, VLAN, ports . . . . . . . . . . . . . . 537

Figure 251 Commands to configure the 8600B MLT, VLAN, ports . . . . . . . . . . . . . . 538

Figure 252 Commands used to configure the ERS 3510 VLAN . . . . . . . . . . . . . . . . 539

Figure 253 LACP configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541

Figure 254 Enabling VLACP on Ethernet links configuration example . . . . . . . . . . . 543

Figure 255 Basic setup configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546

Figure 256 Load balancing configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . 548

Figure 257 RSTP topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555

Figure 258 Multiple spanning tree topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560

314725-E Rev 00

25

Tables

Table 1 Port membership types for policy-based VLANs . . . . . . . . . . . . . . . . . . . 41

Table 2 Supported policy-based VLAN types . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Table 3 PIDs that cannot be used for user-defined protocol-based VLANs . . . . . 45

Table 4 VLAN, STG, and MLT support in the Ethernet Routing Switch 8600 . . . . 55

Table 5 Maximum numbers of port/protocol-based VLANs . . . . . . . . . . . . . . . . . . 57

Table 6 Module behavior with and without Enhanced Operation mode . . . . . . . 58

Table 7 Operation mode and module type interoperability . . . . . . . . . . . . . . . . . . 58

Table 8 Differences in port roles for STP and RSTP . . . . . . . . . . . . . . . . . . . . . . . 74

Table 9 Recommended path cost values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Table 10 Ethernet Routing Switch 8600 LACP and VLACP timer comparison . . . 105

Table 11 VLAN—Basic tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Table 12 VLAN, Insert Basic fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

Table 13 IP, VLAN field descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

Table 14 VLAN—Advanced tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

Table 15 VLAN—Forwarding tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

Table 16 Port—VLAN field descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

Table 17 VLAN MAC Learning—Insert Manual Edit tab fields . . . . . . . . . . . . . . . 172

Table 18 VLAN Auto Learn tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Table 19 LoopDetected dialog box parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Table 20 IP, VLAN Direct Broadcast tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

Table 21 Bridge VLAN—FDB Aging tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

Table 22 Bridge, VLAN—Forwarding tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

Table 23 Bridge VLAN static fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

Table 24 Bridge VLAN Filter fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Table 25 GlobalMacFiltering tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

Table 26 SVLAN—Ether Type tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

Table 27 SVLAN—Level tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

Table 28 Port—VLAN fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

Table 29 STG configuration fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216


26 Tables

Table 30 STG Status fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

Table 31 STG Ports tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

Table 32 MSTP—Globals fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

Table 33 CIST Port fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

Table 34 CIST Port Stats fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

Table 35 MSTI Bridges fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Table 36 MSTP—MSTI Port fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Table 37 MSTI Port Stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

Table 38 RSTP—Globals fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Table 39 RSTP—RSTP Ports tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

Table 40 RSTP—RSTP Status fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

Table 41 RSTP Port—RSTP Stats fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

Table 42 MLT_LACP—LACP Global tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Table 43 MultiLink/LACP Trunks tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

Table 44 Statistics, MLT—Interface tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

Table 45 Statistics, MLT—Ethernet Errors tab fields . . . . . . . . . . . . . . . . . . . . . . . 263

Table 46 MLT_LACP—LACP tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

Table 47 Port—LACP tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

Table 48 Port—VLACP tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

Table 49 Graph Port—LACP tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

Table 50 SMLT Info tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

Table 51 Ist multilink trunk fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282

Table 52 MLT_LACP—Ist/SMLT Stats tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . 284

Table 53 Port SMLT tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

Table 54 SMLT—Single Port SMLT tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

Table 55 SLPP—Global tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291

Table 56 SLPP, Insert VLANS fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

Table 57 Slpp—Ports tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

Table 58 DSAP/SSAP values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

Table 59 Show vlan info all parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334

Table 60 Show ports info vlan parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359

Table 61 Show svlan info ether-type parameters . . . . . . . . . . . . . . . . . . . . . . . . . 372

Table 62 Show ports info stg main parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . 391

Table 63 Show stg show-all parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394

Table 64 Show ports info stg extended parameters . . . . . . . . . . . . . . . . . . . . . . . 400

314725-E Rev 00

Tables 27

Table 65 Show ports stats stg extended parameters . . . . . . . . . . . . . . . . . . . . . . 402

Table 66 Show ports stats lacp field descriptions . . . . . . . . . . . . . . . . . . . . . . . . . 447

Table 67 Show ports info slpp field descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . 482

Table 68 Reserved values for configuring SNA or user-defined VLANs . . . . . . . . 485

Table 69 Available module types and OctapPID ID assignments . . . . . . . . . . . . . 568

Table 70 8608GBE/8608GBM/8608GTE/8608GTM/8608SXE modules . . . . . . . . 569

Table 71 8616SXE module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569

Table 72 8624FXE module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 570

Table 73 8632TXE and 8632TZM modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 570

Table 74 8648TXE and 8648TXM modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 570

Table 75 8672ATME and 8672ATMM modules . . . . . . . . . . . . . . . . . . . . . . . . . . . 571

Table 76 8681XLR module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571

Table 77 8681XLW module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 572

Table 78 8683POSM module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 572


28 Tables

314725-E Rev 00

29

Preface

This guide describes how to configure VLANs, spanning tree, and link aggregation on the Ethernet Routing Switch 8600.

Before you begin

This guide is intended for network administrators with the following background:

• Basic knowledge of networks, Ethernet bridging, and IP routing

• Familiarity with networking concepts and terminology

• Experience with graphical user interfaces (GUI)

• Basic knowledge of network topologies

Before using this guide, you must complete the following procedures. For a new switch:

• Install the switch (see the Installation Guide that came with your switch).

• Connect the switch to the network (see Getting Started with the Management Software for more information).

Make sure that you are running the latest version of the Ethernet Routing Switch 8600 and Device Manager software. For information about upgrading the Ethernet Routing Switch 8600 and Device Manager, see the upgrading guide for your version of the Ethernet Routing Switch.


30 Preface

Text conventions

This guide uses the following text conventions:

angle brackets (< >) Indicate that you choose the text to enter based on the description inside the brackets. Do not type the brackets when entering the command.Example: If the command syntax isping <ip_address>, you enterping 192.32.10.12

bold Courier text Indicates command names and options and text that you need to enter.Example: Use the dinfo command. Example: Enter show ip {alerts|routes}.

braces ({}) Indicate required elements in syntax descriptions where there is more than one option. You must choose only one of the options. Do not type the braces when entering the command.Example: If the command syntax isshow ip {alerts|routes}, you must enter eithershow ip alerts or show ip routes, but not both.

brackets ([ ]) Indicate optional elements in syntax descriptions. Do not type the brackets when entering the command.Example: If the command syntax isshow ip interfaces [-alerts], you can entereither show ip interfaces or show ip interfaces -alerts.

ellipsis points (. . . ) Indicate that you repeat the last element of the command as needed.Example: If the command syntax isethernet/2/1 [<parameter> <value>]... ,you enter ethernet/2/1 and as manyparameter-value pairs as needed.

314725-E Rev 00

Preface 31

Acronyms

This guide uses the following acronyms:

italic text Indicates new terms, book titles, and variables in command syntax descriptions. Where a variable is two or more words, the words are connected by an underscore.Example: If the command syntax isshow at <valid_route>, valid_route is onevariable and you substitute one value for it.

plain Courier text

Indicates command syntax and system output, for example, prompts and system messages.Example: Set Trap Monitor Filters

separator ( > ) Shows menu paths. Example: Protocols > IP identifies the IP command on the Protocols menu.

vertical line ( | ) Separates choices for command keywords and arguments. Enter only one of the choices. Do not type the vertical line when entering the command.Example: If the command syntax isshow ip {alerts|routes}, you enter eithershow ip alerts or show ip routes, but notboth.

ARP Address Resolution Protocol

ATM Asynchronous Transfer Mode

BGP Border Gateway Protocol

BPDU bridge protocol data unit

CIST Common and Internal Spanning Tree

CLI command line interface

CPU Central Processing Unit

DF designated forwarding

DMLT Distributed MultiLink Trunking


32 Preface

DSAP Destination Service Access Point

ES Extranet Switch

FCS Frame Check Sequence

FDB forwarding database

GbE Gigabit Ethernet

ICMP Internet Control Message Protocol

I/O input/output

IEEE Institute of Electrical and Electronics Engineers

IGMP Internet Group Management Protocol

IGP interior gateway protocol

IP Internet Protocol

IPX Internetwork Packet Exchange

ISP Internet Service Provider

IST Internal Spanning Tree

IST InterSwitch Trunking

LACP Link Aggregation Control Protocol

LACPDU Link Aggregation Control Protocol data unit

LAG link aggregation group

LLC Logical Link Control

MAC Media Access Control

MIB management information base

MLT MultiLink Trunking

MSTI Multiple Spanning Tree Instance

MSTP Multiple Spanning Tree Protocol

NIC network interface card

NLB Network Load Balancer

NNI network-to-network interface

OSI Open Systems Interconnect

OSPF Open Shortest Path First

314725-E Rev 00

Preface 33

PCAP Packet Capture Tool

PID protocol identifier

PDU protocol data unit

POS Packet over SONET

PPP Point-to-Point Protocol

PPPoE Point-to-Point Protocol over Ethernet

PVST Per-VLAN Spanning Tree

QoS Quality of Service

RARP Reverse Address Resolution Protocol

RIP Routing Information Protocol

RF root forwarding

RSMLT Routed Split MultiLink Trunking

RSTP Rapid Spanning Tree Protocol

SLPP Simple Loop Prevention Protocol

SMLT Split MultiLink Trunking

SNA Systems Network Architecture

SNAP Sub-Network Access Protocol

SNMP Simple Network Management Protocol

SSAP Source Service Access Point

SST single spanning tree

STG spanning tree group

STP Spanning Tree Protocol

sVLAN stacked virtual local area network

TCN topology change notification

UNI user-to-network interface

VLACP Virtual Link Aggregation Control Protocol

VLAN virtual local area network

VRRP Virtual Router Redundancy Protocol

XOR exclusive OR


34 Preface

Hard-copy technical manuals

You can print selected technical manuals and release notes free, directly from the Internet. Go to the www.nortel.com/documentation URL. Find the product for which you need documentation. Then locate the specific category and model or version for your hardware or software product. Use Adobe* Reader* to open the manuals and release notes, search for the sections you need, and print them on most standard printers. Go to Adobe Systems at the www.adobe.com URL to download a free copy of the Adobe Reader.

Note: The list of related publications for this manual can be found in the release notes that came with your software.

314725-E Rev 00

http://www.nortel.com/documentation

http://www.adobe.com

35

How to get help

This section explains how to get help for Nortel products and services.

Finding the latest updates on the Nortel web site

The content of this documentation was current at the time the product was released. To check for updates to the latest documentation and software for Ethernet Routing Switch, click one of the following links:

Getting help from the Nortel web site

The best way to get technical support for Nortel products is from the Nortel Technical Support web site:

www.nortel.com/support

This site provides quick access to software, documentation, bulletins, and tools to address issues with Nortel products. From this site, you can:

Link to Takes you directly to the

Latest software Nortel page for Ethernet Routing Switch software located at:

www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=SOFTWARE&resetFilter=1&tranProduct=9015

Latest documentation Nortel page for Ethernet Routing Switch documentation located at:

www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=DOCUMENTATION&resetFilter=1&tranProduct=9015


http://www.nortel.com/support

http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=SOFTWARE&resetFilter=1&tranProduct=9015

http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=SOFTWARE&resetFilter=1&tranProduct=9015

http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=DOCUMENTATION&resetFilter=1&tranProduct=9015

http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=DOCUMENTATION&resetFilter=1&tranProduct=9015

36 How to get help

• download software, documentation, and product bulletins

• search the Technical Support web site and the Nortel Knowledge Base for answers to technical issues

• sign up for automatic notification of new software and documentation for Nortel equipment

• open and manage technical support cases

Getting help over the phone from a Nortel Solutions Center

If you do not find the information you require on the Nortel Technical Support web site, and you have a Nortel support contract, you can also get help over the phone from a Nortel Solutions Center.

In North America, call 1-800-4NORTEL (1-800-466-7835).

Outside North America, go to the following web site to obtain the phone number for your region:

www.nortel.com/callus

Getting help from a specialist by using an Express Routing Code

To access some Nortel Technical Solutions Centers, you can use an Express Routing Code (ERC) to quickly route your call to a specialist in your Nortel product or service. To locate the ERC for your product or service, go to:

www.nortel.com/erc

Getting help through a Nortel distributor or reseller

If you purchased a service contract for your Nortel product from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller.

314725-E Rev 00

http://www.nortel.com/callus

http://www.nortel.com/erc

37

Chapter 1Layer 2 operational concepts

This chapter describes Layer 2 operational concepts and features supported on your Ethernet Routing Switch.

This chapter covers the following topics:

VLANs

Using a virtual LAN (VLAN), you can divide your LAN into smaller groups without interfering with the physical network. VLAN practical applications include the following:

• You can create VLANs, or workgroups, for common interest groups.

• You can create VLANs, or workgroups, for specific types of network traffic.

• You can add, move, or delete members from these workgroups without making any physical changes to the network.

Note: See Chapter 12, “Device Manager configuration examples,” on page 491, and Chapter 13, “CLI configuration examples,” on page 503 for configuration examples, including command line interface (CLI) commands, for concepts described in this chapter.

Topic Page

VLANs 37

Spanning tree protocols 66

Link aggregation (MLT, SMLT, LACP, VLACP) 78

Simple Loop Prevention Protocol 130


38 Chapter 1 Layer 2 operational concepts

By dividing the network into separate VLANs, you can create separate broadcast domains. This arrangement conserves bandwidth, especially in networks supporting broadcast and multicast applications that flood the network with traffic. A VLAN workgroup can include members from a number of dispersed physical segments on the network, improving traffic flow between them.

The Ethernet Routing Switch 8600 Software Release 4.1 performs the Layer 2 switching functions necessary to transmit information within VLANs, as well as the Layer 3 routing functions necessary for VLANs to communicate with one another. A VLAN can be defined for a single switch or it can span multiple switches. A port can be a member of multiple VLANs.

For information about configuring VLANs, see Chapter 2, “Configuring VLANs using Device Manager,” on page 135 and Chapter 7, “Configuring and managing VLANs using the CLI,” on page 303.

This section includes the following topics:

• “Port-based VLANs”

• “Policy-based VLANs” on page 40

• “Multihoming support” on page 47

• “VLAN tagging and port types” on page 48

• “VLAN virtual router interfaces” on page 52

• “IP routing and VLANs” on page 52

• “IPX routing and VLANs” on page 52

• “VLAN implementation on the Ethernet Routing Switch 8600” on page 53

• “VLAN rules” on page 54

• “VLAN features supported on the Ethernet Routing Switch 8600 modules” on page 55

• “MultiLink trunking and VLAN scalability” on page 56

• “Stacked VLANs” on page 59

• “Flooding for Microsoft NLB clustering systems in unicast mode” on page 63

• “VLAN MAC filtering” on page 64

• “Prevention of IP spoofing within a VLAN” on page 64

• “VLAN Loop Detection” on page 65

314725-E Rev 00

Chapter 1 Layer 2 operational concepts 39

Port-based VLANs

A port-based VLAN is a VLAN in which the ports are explicitly configured to be in the VLAN. When creating a port-based VLAN on a switch, you assign a VLAN identification number (VLAN ID) and specify the ports that belong to the VLAN. The VLAN ID is used to coordinate VLANs across multiple switches.

The example in Figure 1 shows two port-based VLANs: one for the marketing department, and one for the sales department. Ports are assigned to each port-based VLAN. A change in the sales area can move the sales representative at port 3/1 (the first port in the input/output (I/O) module in chassis slot 3) to the marketing department without moving cables. With a port-based VLAN, you only need to indicate in Device Manager or the CLI that port 3/1 in the sales VLAN now is a member of the marketing VLAN.

Figure 1 Port-based VLAN



Policy-based VLANs

A policy-based VLAN consists of ports that are dynamically added to the VLAN on the basis of the traffic coming into the port.


• “Port membership types”

• “Protocol-based VLANs” on page 41

• “User-defined protocol-based VLANs” on page 44

• “MAC address-based VLANs” on page 45

• “IP subnet-based VLANs” on page 46

Port membership types

In a policy-based VLAN, a port can be designated as always a member or never a member of the VLAN describing the port membership types.

In addition, you can designate a port as a potential member of the VLAN on the Ethernet Routing Switch 8600. When a port is designated as a potential member of the VLAN, and the incoming traffic matches the policy, the port is dynamically added to the VLAN. Potential member ports that join the VLAN are removed, timed out from the VLAN when the timeout (aging time) period of that VLAN expires.

Port membership in a VLAN is determined by the traffic coming into the port. Nortel recommends that you designate at least some ports as always a member of the VLAN. If a server or router connects to a port, then designate that port as always a member of a VLAN. If a server connects to a port that is only a potential member and the server sends very little traffic, a client fails to reach the server if the server port has timed out of the VLAN.

Note: A port can belong to one port-based VLAN and many policy-based VLANs.

314725-E Rev 00


Table 1 describes port membership types for policy-based VLANs.

.

Table 2 lists supported policy-based VLANs.

Protocol-based VLANs

Protocol-based VLANs are an effective way to segment your network into broadcast domains according to the network protocols in use. Traffic generated by any network protocol—IPX, Appletalk, Point-to-Point Protocol over Ethernet (PPPoE)—can be automatically confined to its own VLAN.

Table 1 Port membership types for policy-based VLANs

Membership type Description

Static

(always a member)

Static members are always active members of the VLAN after they are configured as belonging to that VLAN. This membership type is used in policy-based and port-based VLANs.

• In policy-based VLANs, the tagged ports are usually configured as static members.

• In port-based VLANs, all ports are always static members.

Not allowed to join(never a member)

Ports of this type are not allowed to join the VLAN.

Table 2 Supported policy-based VLAN types

VLAN type Ethernet Routing Switch 8600

Protocol-based supported

User-defined protocol-based supported

MAC address-based supported

IP subnet-based supported

Stacked VLANs supported (not on R modules)



All ports within a protocol-based VLAN must be in the same port-based VLAN. However, the same port within a port-based VLAN can belong to multiple protocol-based VLANs. Port tagging is not required for a port to be a member of multiple protocol-based VLANs.

The Ethernet Routing Switch 8600 supports the following protocol-based VLANs:

• IP version 4 (ip)

• Novell IPX on Ethernet 802.3 frames (ipx802dot3)

• Novell IPX on IEEE 802.2 frames (ipx802dot2)

• Novell IPX on Ethernet SNAP frames (ipxSnap)

• Novell IPX on Ethernet Type 2 frames (ipxEthernet2)

• AppleTalk on Ethernet Type 2 and Ethernet SNAP frames (AppleTalk)

• DEC LAT Protocol (decLat)

• Other DEC protocols (decOther)

• IBM SNA on IEEE 802.2 frames (sna802dot2)

• IBM SNA on Ethernet Type 2 frames (snaEthernet2)

• NetBIOS Protocol (netBIOS)

• Xerox XNS (xns)

• Banyan VINES (vines)

• IP version 6 (ipv6)

• Reverse Address Resolution Protocol (RARP)

• Point-to-Point Protocol over Ethernet (PPPoE)

• User-defined protocols

IPX protocol-based VLAN example

You can create a VLAN for the IPX protocol and place ports carrying substantial IPX traffic into this new VLAN. In Figure 2 on page 43, the network manager has placed ports 7/1, 3/1, and 3/2 in an IPX VLAN. These ports still belong to their respective marketing and sales VLANs, but they are also new members of the IPX VLAN. This arrangement localizes traffic and ensures that only three ports are flooded with IPX broadcast packets.

314725-E Rev 00


Figure 2 Dynamic protocol-based VLAN

Example: PPPoE protocol-based VLAN

With PPPoE, you can connect multiple computers on Ethernet to a remote site through a device, such as a modem, so that multiple users can share a common line connection to the Internet. PPPoE combines the Point-to-Point Protocol (PPP), commonly used in dial-up connections, with the Ethernet protocol, which supports multiple users in a local area network (LAN) by encapsulating the PPP frame within an Ethernet frame.

PPPoE occurs in two stages—a discovery stage and a PPP session stage. The Ether_Type field in the Ethernet frame identifies the stage:

• The discovery stage uses 0x8863 Ether_Type

• The session stage uses 0x8864 Ether_Type

In Figure 3 on page 44, VLAN 2 is a protocol-based VLAN that transports PPPoE traffic to the Internet Service Provider (ISP) network. The traffic to the ISP is bridged.

IP traffic can also be routed to the LAN using port-based VLANs, IP protocol-based VLANs, or IP subnet-based VLANs.



Figure 3 PPPoE and IP configuration

User-defined protocol-based VLANs

You can create user-defined protocol-based VLANs to support networks with non-standard protocols. For user-defined protocol-based VLANs, you can specify the Protocol Identifier (PID) for the VLAN. Frames that match the specified PID for the following are assigned to that user-defined VLAN:

• The ethertype for Ethernet type 2 frames

• The PID in Ethernet Sub-Network Access Protocol (SNAP) frames

• The Destination Service Access Point (DSAP) or Source Service Access Point (SSAP) value in Ethernet 802.2 frames

314725-E Rev 00


Table 3 lists reserved, predefined policy-based PIDs that cannot be used as user-defined PIDs.

MAC address-based VLANs

As with all policy-based VLANs, using source media access control (MAC) address VLANs allows Ethernet Routing Switch 8600 modules to associate frames with a VLAN based on the frame content. With source MAC-based VLANs, a frame is associated with a VLAN if the source MAC address is one of the MAC addresses explicitly associated with the VLAN. To create a source MAC-based VLAN, you add the MAC address to a list of MAC addresses that constitutes the VLAN. However, because it is necessary to explicitly associate MAC addresses with a source MAC-based VLAN, the administrative overhead can be quite high.

Table 3 PIDs that cannot be used for user-defined protocol-based VLANs

PID (hex) Description

04xx, xx04 sna802.2

F0xx, xxF0 netBIOS

0000-05DC Overlaps with 802.3 frame length

0600, 0807 xns

0BAD VINES

4242 IEEE 802.1d BPDUs

6000-6003, 6005-6009 decOther

6004 decLat

0800, 0806 ip

8035 RARP

809B, 80F3 AppleTalk

8100 Reserved by IEEE 802.1Q for tagged frames

8137, 8138 ipxEthernet2 and ipxSnap

80D5 snaEthernet2

86DD ipv6

8808 IEEE 802.3x pause frames

9000 Used by diagnostic loopback frames

8863, 8864 PPPoE



Use source MAC-based VLANs when you want to enforce a MAC level security scheme to differentiate groups of users. For example, in a university environment, the students are part of a student VLAN with certain services and access privileges, and the faculty are part of a source MAC-based VLAN with faculty services and access privileges. Therefore, a student and a faculty member can plug into the same port, but have access to a different range of services. To provide the correct services throughout the campus, the source MAC-based VLAN must be defined on Ethernet Routing Switch 8600 devices throughout the campus, which entails administrative overhead.

IP subnet-based VLANs

Ethernet Routing Switch 8600 modules support policy-based VLANs based on IP subnets. You can assign access ports to multiple subnet-based VLANs. A frame’s membership in a subnet-based VLAN is based on the IP source address associated with a mask. Subnet-based VLANs are optionally routable. Using source IP subnet-based VLANs, multiple workstations on a single port can belong to different subnets, similar to multinetting.

Figure 4 on page 47 shows two examples of the incorrect use of IP subnet-based VLANs that result in traffic loss. In the IP unicast routing example, the host on 172.100.10.2 sends traffic to switch 2 (172.100.10.1) destined for the router in switch 1 (192.168.1.1). Switch 2 attempts to route the IP traffic, but that traffic does not arrive at the router in switch 1. Switch 1 will not assign this frame to IP

When a source MAC VLAN is created, not all of the port members of the spanning tree group (STG) are automatically made potential members of the VLAN by default.

The source MAC VLAN must have static port members on either the access or trunk switch for source MAC VLANS to explicitly associate the MAC address with the source MAC VLAN. If the static port members are not set, then any source MAC address gains access to the network.

Note: You cannot use IP subnet-based VLANs on segments that act as a transit network.

314725-E Rev 00


subnet-based VLAN 2 because the IP address of the traffic source does not match the IP subnet assigned to VLAN 2. If the access link in VLAN 2 which connects switches 1 and 2 is a tagged link, the traffic is associated with the VLAN tag, not the IP address, and is forwarded correctly to switch 1.

In the IP multicast routing example, the multicast stream is on an access link that is part of IP subnet-based VLAN 2. If the source IP address in the multicast data packets received on the access port is not within the subnet of VLAN 2 (a likely scenario), the multicast stream will not reach the multicast router (MR).

Figure 4 Incorrect use of an IP subnet-based VLAN

Multihoming support

Using the multihoming feature, the Ethernet Routing Switch 8600 can support clients or servers that have multiple IPs addresses associated with a single MAC address. Multihomed hosts can be connected to port-based, policy-based, and IP subnet-based VLANs.

The IP addresses associated with a single MAC address on a host must be in the same IP subnet. Multihomed hosts with up to 16 IP addresses per MAC address are supported on the Ethernet Routing Switch 8600.



VLAN tagging and port types

The Ethernet Routing Switch 8600 supports the IEEE 802.1Q specification for tagging frames and coordinating VLANs across multiple switches.

Figure 5 shows how an additional four octet (tag) header is inserted in a frame after the source address and before the frame type. The tag contains the VLAN ID associated with the frame.

Figure 5 VLAN tag insertion

802.1Q tagged ports

Tagging a frame adds four octets to a frame, making it bigger than the traditional maximum frame size. These frames are sometimes referred to as baby giant frames. If a device does not support IEEE 802.1Q tagging, it can have problems interpreting tagged frames and receiving baby giant frames.

314725-E Rev 00


On the Ethernet Routing Switch 8600, whether or not tagged frames are sent or received depends on what you configure at the port level. Tagging is set as true or false for the port and is applied to all VLANs on that port.

A port with tagging enabled sends frames explicitly tagged with a VLAN ID. Tagged ports are typically used to multiplex traffic belonging to multiple VLANs to other IEEE 802.1Q-compliant devices.

If you disable tagging on a port, it does not send tagged frames. A non-tagged port connects an Ethernet Routing Switch to devices that do not support IEEE 802.1Q tagging. If a tagged frame is forwarded to a port with tagging set to false, the Ethernet Routing Switch removes the tag from the frame before sending it to the port.

Treatment of tagged and untagged frames

An Ethernet Routing Switch 8600 associates a frame with a VLAN based on the data content of the frame and the configuration of the destination port. The treatment of the frame depends on whether it is tagged or untagged.

If a tagged frame is received on a tagged port with a VLAN ID specified in the tag, the Ethernet Routing Switch 8600 directs it to that VLAN if the VLAN is present. For tagged frames received on an untagged port, you can configure that port to either discard the frame or accept it. The discarding of tagged frames on an untagged port is not applicable for the port-based VLAN. If you choose not to discard tagged frames, the Ethernet Routing Switch 8600 sends the frame to the VLAN identified in the frame tag.

For untagged frames, VLAN membership is implied from the content of the frame itself. For untagged frames received on a tagged port, you can configure the port to either discard or accept the frame. If you configure a tagged port to accept untagged frames, the port must be assigned to a port-based VLAN in spanning tree group 1 (STG1).

Note: When you enable tagging on an untagged port, the previous port configuration of VLANs, STGs, and multilink trunking (MLT) is lost. In addition, the port resets and runs Spanning Tree Protocol. This process breaks connectivity while the protocol proceeds through the normal blocking and learning stages before the port enters the forwarding state.



The frame is forwarded based on the VLAN on which the frame is received, and on the forwarding options available for that VLAN. The Ethernet Routing Switch 8600 tries to associate untagged frames with a VLAN in the following order:

• Does the frame belong to a source MAC-based VLAN? (Ethernet Routing Switch 8600 modules only)

• Does the frame belong to an IP subnet-based VLAN? (Ethernet Routing Switch 8600 modules only)

• Does the frame belong to a protocol-based VLAN?

• What is the port-based VLAN of the receiving port?

If the frame meets none of the criteria listed, it is discarded.

Untagging Default VLAN on a Tagged Port feature

This feature provides the ability to connect both an IP phone and a PC to a single port of an Ethernet Routing Switch 8600. Most IP phones ship with an embedded three port switch, and traffic coming from the phone is generally tagged (VLAN ID configured statically or remotely). However, the traffic originating from a PC is usually untagged traffic and must be separated from the IP phone traffic. This separation ensures that broadcast traffic from the PC does not impact voice quality.

In the case of the Ethernet Routing Switch, when an IP phone is attached to an untagged port and configured into an IP subnet-based VLAN, it can fail to register with a remote Internet Telephony Gateway (or equivalent device) dependent on the netmask of the destination IP address (Call Server subnet).

314725-E Rev 00


Figure 6 Network with IP phone and PC

In Figure 6, IP phones and PCs coexist on the same port due to the use of an embedded IP Phone Layer 2 switch. In this scenario, the port is configured to be untagged and is a member of two IP subnet-based VLANs. In this network configuration, under certain conditions, packets from the IP phone are not routed and therefore are unable to reach their designated Call Server to register.

The Untagging Default VLAN on a Tagged Port feature separates untagged packets originating from a PC from the tagged packets originating from the IP phone.

You can configure the switch to send untagged packets for the default VLAN on a tagged port. After you configure this option, all the packets sent on a tagged port for the default VLAN are untagged packets.

When a port belongs to multiple VLANs, and the port is removed from the current default VLAN, the lowest VLAN by index (among the VLANs of which the port is a member) is made the default VLAN. In this case, packets for new default VLAN are sent untagged.

To configure this feature using the CLI, see “Configuring VLAN Loop Detection” on page 327. To configure this feature using Device Manager, see “Configuring Untagging Default VLAN on a Tagged Port” on page 169.

Switch 8600Ethernet Routing



VLAN virtual router interfaces

Virtual router interfaces correspond to routing on a virtual port that is associated with a VLAN. This type of routing is the routing of IP traffic to and from a VLAN. Because a given port can belong to multiple VLANs (some of which are configured for routing on the switch and some of which are not), there is no longer a one-to-one correspondence between the physical port and the router interface. For VLAN routing, the router interface for the VLAN is called a virtual router interface because the IP address is assigned to an interface on the routing entity in the switch. This initial interface has a one-to-one correspondence with a VLAN on any given switch.

IP routing and VLANs

Ethernet Routing Switch 8600 modules support IP routing on the following types of VLANs only:

• Port-based VLANs

• Source IP subnet-based VLANs

• IP protocol-based VLANs

• Source MAC-based VLANs

IP routing is not supported on VLANs based on other protocols, including user-defined protocol-based VLANs.

IPX routing and VLANs

The Ethernet Routing Switch does not support IPX routing on R modules. IPX routing is supported on non-R modules. All modules support IPX protocol-based VLANs and port-based VLANs.

The IPX network number is associated with a VLAN, and the VLAN can comprise one or more ports with one of four supported frame formats: Ethernet II, 802.3-SNAP, 802.2-RAW, and 802.3-LLC.

314725-E Rev 00


You can configure up to four IPX protocol-based VLANs on one port as long as each of these VLANs uses a different IPX encapsulation. With port-based VLANs, you can associate the same VID with any or all of the four IPX encapsulation formats.

You can configure IPX protocol-based VLANs and port-based VLANs on the same port, but traffic routes to the protocol-based VLAN and not to the port-based VLAN (protocol-based VLANs have precedence over port-based VLANs).

VLAN implementation on the Ethernet Routing Switch 8600

This section describes how to implement VLANs on the Ethernet Routing Switch 8600 and describes default VLANs, unassigned VLANs, and brouter ports. It also summarizes the defaults and rules regarding VLAN creation on the Ethernet Routing Switch 8600.


• “Default VLAN”

• “Unassigned VLAN”

• “Brouter ports” on page 54

Default VLAN

Ethernet Routing Switch 8600 devices are factory configured so that all ports are in a port-based VLAN called the default VLAN. Because all ports are in the default VLAN, the switch behaves like a Layer 2 switch. The VLAN ID of this default VLAN is always 1, and it is always a port-based VLAN. The default VLAN cannot be deleted.

Unassigned VLAN

Internally, an Ethernet Routing Switch 8600 supports a placeholder for ports that is called an unassigned port-based VLAN. This concept is used for ports that are removed from all port-based VLANs. Ports can belong to policy-based VLANs as well as to the unassigned VLAN. If a frame does not meet any policy criteria and there is no underlying port-based VLAN, the port belongs to the unassigned



VLAN and the frame is dropped. Only ports in the unassigned VLAN have no spanning tree group association, so these ports do not participate in Spanning Tree Protocol negotiation; that is, no Bridge Protocol Data Units (BPDU) are sent out of ports in the unassigned VLAN.

Because it is an internal construct, the unassigned VLAN cannot be deleted. If a user-defined spanning tree group is deleted, the ports are moved to the unassigned VLAN and can later be assigned to another spanning tree group. Moving the ports to the unassigned VLAN avoids creating unwanted loops and duplicate connections. If routing is disabled in these ports, the port is completely isolated and no Layer 2 or Layer 3 functionality is provided.

The concept of the unassigned VLAN is useful for security purposes or when using a port for monitoring a mirrored port.

Brouter ports

A brouter port is actually a one-port VLAN. The difference between a brouter port and a standard IP protocol-based VLAN configured to do routing is that the routing interface of the brouter port is not subject to the spanning tree state of the port.

VLAN rules

The following are VLAN rules for the Ethernet Routing Switch 8600.

• In addition to the default VLAN, the Ethernet Routing Switch 8600 can support up to 1980 VLANs (1972 if R modules are present in the chassis). VLAN IDs value range is from 1 to 4093.

• If you enable tagging on a port that is in a VLAN, the spanning tree group configuration for that port is lost. To preserve VLAN assignment of ports, enable tagging on the ports before you assign the ports to VLANs.

• A tagged port can belong to multiple VLANs and multiple spanning tree groups. When a tagged port belongs to multiple spanning tree groups, the BPDUs are tagged for all spanning tree groups except for spanning tree group 1. Under the default configuration, the default spanning tree group is number 1.

• An untagged port can belong to only one port-based VLAN. A port in a port-based VLAN can belong to other policy-based VLANs.

314725-E Rev 00


• An untagged port can belong to only one policy-based VLAN for a given protocol. For example, a port can belong to only one policy-based VLAN when the policy is the IPX802.2 protocol.

• For every VLAN with MultiLink Trunking that you create, you reduce the number of available VLANs by eight.

• When Enhanced Operation mode is disabled, a VLAN cannot span multiple spanning tree groups; that is, the ports in the VLAN must all be within one spanning tree group.

• The VLAN membership of a frame is determined by the following order of precedence, if applicable:

• IEEE 802.1Q tagged VLAN ID

• source MAC-based VLAN

• IP subnet-based VLAN

• protocol-based VLAN

• port-based VLAN

• The IP subnet-based VLAN must not be assigned to a transit network (for example, a network routed to a bridged subnet).

VLAN features supported on the Ethernet Routing Switch 8600 modules

Table 4 summarizes the features supported on the Ethernet Routing Switch 8600 modules.

Note: When Enhanced Operation mode is enabled, VLAN scalability is not affected.

Note: Table 4 is subject to change. Refer to the release notes that came with your switch to obtain the latest scalability information.

Table 4 VLAN, STG, and MLT support in the Ethernet Routing Switch 8600

Feature

Number of VLANs 1980 (1972 if R modules are in the chassis)

Port-based VLANs Supported



MultiLink trunking and VLAN scalability

For release 3.2 and earlier, the maximum number of VLANs depends on whether the VLANs reside on a multilink trunk. With Enhanced Operation mode, you can now increase the maximum number of VLANs when you use MultiLink Trunking (MLT) to 1980 (1972 if R modules are present in the chassis) and to 989 when you use SMLT. Enhanced Operation mode requires Ethernet Routing Switch 8600 E, M, or R modules.

Policy-based VLANs

• Protocol-based

• Source MAC-based• Source IP subnet-based

Supported

SupportedSupported

IEEE 802.1Q tagging Supported

IP routing and VLANs Supported

IPX routing and VLANs Supported on non-R modules

Special VLANs

• Default VLAN• Unassigned VLAN

• Brouter ports

SupportedSupported

Supported

Stacked VLAN Not supported on R modules

Number of spanning tree groups 64

Spanning Tree FastStart Supported

Aggregation groups• 802.3ad aggregation groups

• multilink trunk groups

32 (128 with R module in R mode)

Number of links (ports) per MLT group

8

Caution: When Enhanced Operation mode is enabled, only Ethernet Routing Switch 8600 E, M, or R modules are initialized (other modules are placed offline). To avoid losing modules and network connectivity, replace non-E, M, or R modules or move the network connections to an E, M, or R module before enabling Enhanced Operation mode.

Table 4 VLAN, STG, and MLT support in the Ethernet Routing Switch 8600

Feature

314725-E Rev 00


For instructions for configuring Enhanced Operation mode, see:

• “Configuring Enhanced Operation mode” on page 191 (Device Manager)

• “Configuring Enhanced Operation mode” on page 326 (CLI)

VLAN scaling formulas

Figure 7 shows the formulas used for VLAN scaling.

Figure 7 Formulas used for VLAN scaling

Maximum VLAN support comparison with Enhanced Operation mode

Table 5 shows the maximum number of VLANs available with and without Enhanced Operation mode.

Table 5 Maximum numbers of port/protocol-based VLANs

VLAN typeMaximum VLAN support withenhanced mode enabled

Maximum VLAN support withenhanced mode disabled

MLT 1980 240

IST/SMLT 989 120

(2 * no. of VLANs on regular ports) + (16 * no. of VLANs of SMLT/MLT ports) = 1980

(no. of VLANs on regular ports) + (8 * no. of VLANs on MLT ports) = 1980

VLAN scaling formula used with SMLT/IST without Enhanced mode:

VLAN scaling formula used without SMLT/IST without Enhanced mode:

(no. of VLANs on regular ports or MLT ports) + (2 * no. of VLANs on SMLT ports) = 1980

VLAN scaling formula used with Enhanced mode:



Module behavior comparison with Enhanced Operation mode

Table 6 compares the behavior of Ethernet Routing Switch 8600 modules with and without Enhanced Operation mode:

Interoperability between operation mode and module type

R mode supports the operation of R module-specific features. The modules (pre-E, E, M, and R) that are enabled depend on the operation mode (default, M, or R) and the system configuration. Table 7 shows this interoperability information.

Table 6 Module behavior with and without Enhanced Operation mode

Module typeEnhanced Operation mode setting

Behavior

E, M, or R module

Enable (true) The module is initialized and comes online. It can be configured with up to 1980 VLANs with MLT.

E, M, or R module

Disable (false) The module is initialized and comes online. It can be configured with up to 240 VLANs with MLT.

Legacy module Enable (true) The module is not initialized and remains offline. The following error message is displayed and a trap is sent:

[12/18/01 15:17:25] Card taken off-line: Slot=1 Type= -- [12/18/01 15:17:25] ERROR Code=0x3006b Task=rcStart chCardIn: can't initialize a non ETICKET card in enhanced operation mode

Legacy module Disable (false) The module is initialized and remains online. It can be configured with up to 240 VLANs with MLT.

Table 7 Operation mode and module type interoperability

Module types

Chassis configuration

Operation mode R M E Pre-E

Same type module chassis

Default — — — enabled

M — — enabled —

R enabled — — —

314725-E Rev 00


Stacked VLANs

A stacked VLAN (sVLAN) transparently tunnels packets through the sVLAN domain by adding an additional 4-byte header to each packet.

Figure 8 shows a basic sVLAN model that uses two Ethernet Routing Switch 8600s to interconnect two 802.1Q domains.

Figure 8 sVLAN model

Routing cannot be enabled on an sVLAN port. sVLAN user-to-network interface (UNI) ports are VLAN unaware and classify any traffic into the sVLAN that is configured on the port. sVLAN network-to-network interface (NNI) ports connect sVLAN switches together and support multiple sVLANs per port.

Mixed type module chassis

Default enabled enabled enabled enabled

M enabled enabled disabled disabled

R enabled disabled disabled disabled

Note: R modules do not support the sVLAN feature.

Note: You can enable sVLANs on all ports. If the port belongs to a multilink trunk, perform all sVLAN configurations at the multilink trunk level.

Table 7 Operation mode and module type interoperability

Module types

802.1Q Domain B

802.1Q Domain A

sVLAN Core

Ethernet Routing

Switch 8600

Ethernet Routing

Switch 8600



sVLAN specifications

sVLANs provide the following features:

• VLAN transparency for IEEE 802.1Q tagged or untagged traffic through service provider core network

• A solution to VLAN scalability issues—you can summarize customer VLANs into core sVLANs

• Uses a layered architecture to improve scalability

sVLAN rules

The following are sVLAN configuration rules.

• IP filters are not supported on an sVLAN.

• To apply Quality of Service (QoS) to an sVLAN, use the per-VLAN QoS option.

• Because regular VLANs are not supported on an sVLAN NNI port, sVLAN switches cannot be managed in-band. Nortel recommends an out-of-band or parallel network for managing the devices.

• When you create an sVLAN spanning tree group, ensure that the tagged BPDU address of the spanning tree group is different than the standardized BDPU MAC address.

• The sVLAN is created with UNI and NNI ports.

• An sVLAN cannot span multiple spanning tree groups; that is, the ports in the sVLAN must all be within one spanning tree group. Spanning tree group IDs can range in value from 1 to 64.

• sVLANs cannot have routing enabled.

• sVLAN UNI and NNI ports are applicable on a per OctaPID basis. All ports on an OctaPID can either be normal ports or sVLAN NNI/UNI ports. For more information, see Appendix A, “Tap and OctaPID assignment (Release 3.x feature set)” on page 567.

sVLAN levels

You can stack sVLANs in a hierarchy to achieve greater VLAN scalability. An sVLAN level defines the hierarchy for the operating switch. When you configure the switch, you must specify only one level at a time.

314725-E Rev 00


You must configure the UNI ports on both ends of the tunnel at the same level. Because sVLAN switching is MAC address-based, the usual issues of VLAN switching apply.

• If you build sVLAN networks with multiple levels, the network MAC addresses you specify must all be unique.

• Independent VLAN learning is only applicable within the outer level of sVLAN and does not take inner tags into account.

Figure 9 shows a one layer sVLAN.

Figure 9 One layer sVLAN

Figure 10 on page 62 shows a two layer sVLAN.

Note: Spanning Tree Protocol (STP) is not supported in multilevel sVLAN networks. It is supported for single level sVLAN networks only.

Payload VLAN Ethernetheader



802.1Q Domain

sVLAN core

Ethernet Routing

Switch 8600

802.1Q Domain

UNI port

Level 1

NNI port

Level 1

UNI port

Level 1

sVLAN

Ethernet Routing

Switch 8600



Figure 10 Two layer sVLAN

sVLAN UNI and NNI ports

The ports in the switch can be configured as an sVLAN user-to-network interface (UNI), an sVLAN network-to-network interface (NNI), or a normal interface.

You must configure the ports to which you want to provide VLAN transparency as UNI ports. UNI ports can only belong to one sVLAN. When you configure a UNI port in the CLI, the tagged-frames-discard parameter is automatically enabled.

NNI ports interconnect the switches in the core network, drop untagged frames on ingress, and insert the sVLAN tag at the egress. NNI ports can belong to multiple sVLANs. An NNI port sends sVLAN tagged frames. When you configure an NNI port in the CLI, the untagged-frames-discard parameter is automatically enabled.

• If a spanning tree group (STG) contains both UNI and NNI ports, change the standardized MAC addresses used for BPDUs to a non-standardized BPDU MAC address to avoid interference with regular customer BPDUs.

• The UNI and NNI ports are kept in sVLAN type STG.

Note: You must change the switch level to 1 or above before you configure sVLAN, UNI, or NNI ports.

Payload VLAN Ethernetheader Payload VLAN Ethernet

header

Level 1 sVLAN Packet Level 1 sVLAN Packet




Level 2 sVLAN Packet Level D Packet Level D Packet

802.1Q Domain

802.1Q Domain

sVLAN Level 1

sVLAN Level 1

UNI Port

(Level 1)

NNI Port

(Level 1)

UNI Port

(Level 2)

NNI Ports

(Level 2)

UNI Port

(Level 2)

NNI Port

(Level 1)

UNI Port

(Level 1)

8600860086008600

sVLAN sVLAN

sVLAN sVLAN

sVLAN Level 2

314725-E Rev 00


• All the ports in the multilink trunk should have the same port type (normal/UNI/NNI).

• Large frame support is automatically enabled on UNI or NNI ports.

When you change the sVLAN port type from normal to UNI or NNI, all the affected ports are removed from the configured STGs and VLANs. Similarly, when you change the sVLAN port type from UNI or NNI to normal, all the affected ports are removed from the configured STGs and VLANs and added to the default STG and default VLAN.

Flooding for Microsoft NLB clustering systems in unicast mode

You can use Microsoft Network Load Balancer (NLB) to share workload among multiple clustering servers. All servers in the cluster share a common virtual MAC address, which is 02-bf-x-x-x-x in unicast mode. All traffic destined to this MAC address is sent to all the servers in the cluster. The virtual MAC address is specified in the source MAC address field of an Address Resolution Protocol (ARP) request, and ARP responses from the Ethernet Routing Switch 8600 are sent to the virtual MAC address (rather than to the hardware MAC address).

The Ethernet Routing Switch 8600 Software Release 4.1 includes a configurable option for NLB cluster support. The NLB cluster is identified by MAC addresses starting with 02-bf. When you enable the NLB option, the Ethernet Routing Switch 8600 floods routed traffic destined to this MAC address to the VLAN. ARP reply packets sent by the switch are flooded throughout the VLAN to allow all servers to learn the ARP entry corresponding to the switch. The ARP reply packet sent by the switch contains the virtual MAC address in the destination field (rather than the hardware MAC address of the NLB node).

Note: The affected ports are all the ports in the OctaPID. See Appendix A, “Tap and OctaPID assignment (Release 3.x feature set)” on page 567.

Note: An NNI port belonging to a default VLAN or a default STG is not saved across reboots. To avoid this problem, do not configure an NNI port under the default VLAN or STG.



For information about enabling or disabling NLB unicast support, see “Configuring NLB unicast support on an IP interface” on page 325.

VLAN MAC filtering

To perform MAC-layer bridging, the switch must know the destination MAC-layer address of each device on each attached network so it can forward packets to the appropriate destination. MAC-layer addresses are stored in the bridging table, and you can filter packet traffic based on the destination MAC-layer address information.

For MAC address filtering, the Ethernet Routing Switch 8600 supports Bridge MIB filtering (RFC 1493). The number of MAC filters is limited to 100. You can create a filter entry in much the same way as you create a static MAC entry, by entering a MAC address and the port on which it resides. In the MAC filter record, you can also specify ports to discard source or destination packets for the MAC address on a port.

Global MAC filtering eliminates the need for configuring multiple per-VLAN filter records for the same MAC. It provides the ability to discard a list of MAC addresses, globally, on the switch. By using a global list you do not have to configure a MAC per VLAN.

For information about configuring bridge MAC filtering with Device Manager, see “Configuring a MAC-layer bridge filter” on page 186. For information about configuring global MAC filtering with Device Manager, see “Configuring the Global MAC filter” on page 189.

Prevention of IP spoofing within a VLAN

You can prevent VLAN logical IP spoofing by blocking the external use of the switch IP address. A configurable option is provided, on a per-port basis, which detects a duplicate IP address (that is, an address that is the same as the switch VLAN IP address) and blocks all packets with a source or destination address equal to that address.

314725-E Rev 00


If an ARP packet is received that has the same source IP address as the logical VLAN IP address, all traffic coming to any port of the switch in that VLAN (with this MAC address as source/destination address) is silently discarded by the hardware. After detecting a duplicate IP address, the switch sends a gratuitous ARP packet to inform devices on the VLAN about the correct MAC address for that IP address. You can specify a time on a configurable global timer after which the MAC discard record is deleted and the switch resumes accepting packets from that MAC address.

For information about configuring this option using the CLI, see “Configuring spoof detection for a VLAN” on page 332.

VLAN Loop Detection

On a per-port basis, the Loop Detection feature detects MAC addresses that are looping from one port to other ports. After a loop is detected, the port on which the MAC addresses were learned is disabled. Additionally, if a MAC address is found to loop, the MAC address is disabled for that VLAN.

The Loop Detection feature is used at the edge of a network to prevent loops. It detects whether the same MAC address appears on different ports. This feature can disable a VLAN or a port. The Loop Detection feature can also disable a group of ports if it detects the same MAC address on two different ports five times in a configurable amount of time.

Note: If you use Split MultiLink Trunking (SMLT), configure this option on both SMLT aggregation switches to avoid connectivity issues.

Warning: Enabling the IP spoofing feature requires you to reboot the switch.

Note: The Loop Detection feature must only be enabled on SMLT ports, and never used on IST ports or core SMLT square or full mesh ports.



The Loop Detection feature is configured per-switch. If a loop detection event takes place, peer switches are not notified.

You can also use Simple Loop Prevention Protocol to detect VLAN loops (see “Simple Loop Prevention Protocol” on page 130).

The Loop Detection feature has the following traits:

• If a source MAC address is found to loop, and the specified loop detect action is mac-discard, the MAC address is disabled. Any incoming packets with this source or destination MAC address will be discarded for that VLAN.

• Ports, VLANs, and MAC addresses that have been disabled by the Loop Detection feature are reenabled for automatic recovery.

• The link flap feature sets ports to operational down rather than admin down.

• Loop detection cannot be enabled on interswitch trunk ports.

For information about configuring Loop Detection with Device Manager, see “Configuring VLAN Loop Detection” on page 173. For information about configuring Loop Detection with the CLI, see “Configuring VLAN Loop Detection” on page 327. For a CLI loop detection configuration example, see “SMLT triangle with loop detection configuration example” on page 508.

Spanning tree protocols

The Ethernet Routing Switch 8600 can use one of three spanning tree protocols. These include the Spanning Tree Protocol, the Rapid Spanning Tree Protocol, and the Multiple Spanning Tree Protocol.

For information about configuring spanning tree, see Chapter 4, “Configuring spanning tree using Device Manager,” on page 211 and Chapter 9, “Configuring STGs using the CLI,” on page 379.


• “Spanning Tree Protocol” on page 67

• “Rapid Spanning Tree Protocol and Multiple Spanning Tree Protocol” on page 73

314725-E Rev 00


Spanning Tree Protocol

The operation of the Spanning Tree Protocol (STP) is defined in the IEEE 802.1d standard. The STP detects and eliminates logical loops in a bridged or switched network. When multiple paths exist, the spanning tree algorithm configures the network so that a bridge or switch uses only the most efficient path. If that path fails, the protocol automatically reconfigures the network and makes another path active, which sustains network operations. You can control path redundancy for VLANs by implementing the STP.

A network can include multiple instances of STP. The collection of ports in one spanning tree instance is called a spanning tree group (STG). Ethernet Routing Switch 8600 modules support STP and up to 64 spanning tree groups.


• “Spanning tree groups”

• “Spanning Tree FastStart” on page 69

• “Understanding STGs and VLANs” on page 69

• “Spanning Tree Protocol topology change detection” on page 70

• “Per-VLAN spanning tree” on page 71

Spanning tree groups

Each STG consists of a collection of ports that belong to the same instance of the STP protocol. These STP instances are completely independent from each other. For example, they send their own BPDUs, and they have their own timers.

For Ethernet Routing Switch 8600s, multiple STGs are possible within the same switch; that is, the routing switch can participate in the negotiation for multiple spanning trees.

Figure 11 on page 68 shows multiple spanning tree groups.



Figure 11 Multiple spanning tree groups

Spanning Tree Protocol controls

The ports associated with a VLAN must be contained within a single spanning tree group. If you do not allow a VLAN to span multiple STGs, you avoid problems with spanning tree blocking ports (which causes a loss of connectivity within the VLAN).

Each untagged port can belong to only one STG, while tagged ports can belong to more than one STG. When a tagged port belongs to more than one STG, the spanning tree BPDUs are tagged to distinguish the BPDUs of one STG from those of another STG. BPDUs from STG 1 are not tagged. The tagged BPDUs are transmitted using a multicast MAC address as tagged frames with a VLAN ID, and you specify the multicast MAC address and the VLAN ID. Because tagged BPDUs are not part of the IEEE 802.1d standard, not all devices can interpret tagged BPDUs.

You can enable or disable the Spanning Tree Protocol at the port or at the spanning tree group level. If you disable the protocol at the group level, received BPDUs are handled like a MAC-level multicast and flooded out of the other ports of the STG. Note that an STG can contain one or more VLANs. Remember that MAC broadcasts are flooded out on all ports of a VLAN; a BPDU is a MAC-level message, but the BPDU is flooded out of all ports on the STG, which can encompass many VLANs.

When STP is globally enabled on the STG, BPDU handling depends on the STP setting of the port:

314725-E Rev 00


• When STP is enabled on the port, received BPDUs are processed in accordance with STP.

• When STP is disabled on the port, the port stays in a forwarding state, received BPDUs are dropped and not processed, and no BPDU is generated.

An alternative to disabling the Spanning Tree Protocol is to enable Spanning Tree FastStart.

Spanning Tree FastStart

Spanning Tree FastStart is an enhanced port mode supported by the Ethernet Routing Switch 8600. If you enable Spanning Tree FastStart on a port with no other bridges, Spanning Tree FastStart brings the port up more quickly following switch initialization or a spanning tree change. The port goes through the usual blocking and learning states before the forwarding state, but the hold times for these states is determined by the bridge hello timer (2 seconds by default) instead of the bridge forward delay timer (15 seconds by default). If the port receives a BPDU, it reverts to regular behavior.

FastStart is intended for access ports in which only one device is connected to the switch (as in workstations with no other spanning tree devices). It may not be desirable to wait the usual 30 to 35 seconds for spanning tree initialization and bridge learning.

Understanding STGs and VLANs

For the purposes of Spanning Tree Protocol negotiation, the ports on an Ethernet Routing Switch 8600 can be divided into groups of ports where each group of ports performs its own spanning tree negotiation with neighboring devices. In an Ethernet Routing Switch 8600, these groups of ports are called spanning tree groups (STG). The Ethernet Routing Switch 8600 supports up to 64 STGs.

Note: Use Spanning Tree FastStart with caution. This procedure is contrary to that specified in the IEEE 802.1d standard for Spanning Tree Protocol (STP), in which a port enters the blocking state following the initialization of the bridging device or from the disabled state when the port is enabled through configuration.



The ports in a VLAN are always a subset of the ports in an STG. AVLAN can include all the ports in a given STG, and there can be multiple VLANs in an STG, but a VLAN cannot have more ports than exist in the STG. Because VLANs are always subsets of STGs, the recommended practice is to plan STGs and then create VLANs.

In the Ethernet Routing Switch 8600 default configuration, a single STG encompasses all the ports in the switch. For most applications, this configuration is sufficient. The default STG is assigned ID 1 (STG1).

If a VLAN spans multiple switches, it must be within the same STG across all switches; that is, the ID of the STG in which it is defined must be the same across all devices.

Spanning Tree Protocol topology change detection

Change detection enables the detection of topology changes and sends a topology change notification (TCN) to the root on a per-port basis. Change detection is enabled by default. When change detection is enabled and a topology change occurs, a trap is sent with the following information so that you can identify the device:

• the MAC address of the STG sending the TCN

• the port number

• the STG ID

You can disable change detection on ports on which a single end station is connected, and where powering that end station on and off will trigger the TCN. Change detection is referenced in IEEE 802.1d.

Topology change detection configuration rules

When you work with change detection settings:

• You can configure change detection only on access ports. This also applies to link aggregation ports.

• If you disable change detection and then change the port from access to tagging-enabled, the switch automatically sets change detection to enabled for the port. This also applies to link aggregation ports.

314725-E Rev 00


• In a link aggregation group with access ports, modifications to change detection for a member port are automatically applied to the remaining member ports.

To configure change detection using Device Manager, see “Configuring STG topology change detection” on page 225.

To configure change detection using the CLI, see “Configuring topology change detection” on page 389.

Per-VLAN spanning tree

The Ethernet Routing Switch supports standards-based IEEE 802.1d STP in addition to supporting proprietary mechanisms for multiple instances of spanning tree.

Unfortunately, the IEEE 802.1d spanning tree provides only one instance of the STP that can lead to incomplete connectivity for certain VLANs, depending on the network topology.

For example, Figure 12 shows a network in which one or more VLANs span only some switches. In this example, the STP can block a VLAN path if that VLAN does not span across all switches.

Figure 12 802.1d spanning tree

You can avoid this issue by configuring multiple spanning tree instances, as shown in Figure 13 on page 72.



The Ethernet Routing Switch 8600 uses a tagged BPDU address that is associated with a VLAN tag ID. The VLAN tag ID is applied to one or more VLANs, and is used among switches to prevent loops. The same tagged BPDU address must be configured on all switches in the network.

The Cisco Systems proprietary implementation of multiple spanning tree (pre-IEEE 802.1s) is called PVST/PVST+ (Per VLAN Spanning Tree), which uses a spanning tree instance per VLAN.

Figure 13 Multiple instances of spanning tree

With software release 3.7 or greater, you can configure your Ethernet Routing Switch using either of two methods: Ethernet Routing Switch 8600 tagged BPDU or PVST+.

Similar to the Ethernet Routing Switch 8600 implementation of multiple STP instances, PVST+ uses the standard IEEE 802.1d STP for VLAN 1; all other VLANs use PVST+ BPDUs.

You can use IEEE 802.1Q VLAN tagging to tunnel the multicast PVST+ BPDUs within a IEEE 802.1Q region. The standard BPDUs for VLAN 1 are all addressed to the well-known STP multicast address 01-80-C2-00-00-00, while PVST+ BPDUs in other VLANs are addressed to the multicast address of 01-00-0C-CC-CC-CD.

You can use PVST+ to load balance the VLANs by changing the VLAN bridge priority.

For PVST+ configuration examples with included CLI commands, refer to “Per-VLAN Spanning Tree Plus (PVST+) configuration examples” on page 544.

314725-E Rev 00


Rapid Spanning Tree Protocol and Multiple Spanning Tree Protocol

The Rapid Spanning Tree Protocol (RSTP or IEEE 802.1w) reduces the recovery time after a network breakdown. It also maintains backward compatibility with IEEE 802.1d (the spanning tree implementation prior to RSTP). In certain configurations, the recovery time of RSTP can be reduced to less than 1 second. RSTP also reduces the amount of flooding in the network by enhancing the way Topology Change Notification (TCN) packets are generated.

With Multiple Spanning Tree Protocol (MSTP or IEEE 802.1s), you can configure multiple instances of RSTP on the same switch. Each RSTP instance can include one or more VLANs. The operation of the MSTP is similar to the current Nortel proprietary MSTP.

Using RSTP and MSTP in addition to the current proprietary STP implementation, the Ethernet Routing Switch 8600 can achieve the following:

• reduced convergence time after a topology change (from 30 seconds to less than 1 or 2 seconds);

• unnecessary flushing of the MAC database and the flooding of traffic to the network eliminated;

• backward compatibility with legacy 802.1d switches;

• support for 64 instances of spanning tree in MSTP mode.

For RSTP and MSTP configuration examples, see “Rapid Spanning Tree Protocol configuration example” on page 554 and “Multiple Spanning Tree Protocol configuration example” on page 559.

Interoperability with legacy STP

RSTP provides a new parameter called ForceVersion to provide backward compatibility with legacy STP. A user can configure a port in either STP-compatible mode or RSTP mode.

• An STP-compatible port transmits and receives only STP BPDUs. Any RSTP BPDU that the port receives in this mode is discarded.



• An RSTP-compatible port transmits and receives only RSTP BPDUs. If an RSTP port receives a STP BPDU, it becomes an STP port. User intervention is required to change this port back to RSTP mode. This process is called Port Protocol Migration.

Differences in port roles

RSTP is an enhanced version of STP. These two protocols have almost the same set of parameters.

Table 8 lists the differences in port roles for STP and RSTP. STP supports two port roles while RSTP supports four port roles.

Table 8 Differences in port roles for STP and RSTP

Port Role STP RSTP Description

Root Yes Yes This port receives a better BPDU than its own and has the best path to reach the Root. The root port is in Forwarding state. The root port and designated ports can be in the Discarding state before they go to root forwarding.

Designated Yes Yes This port has the best BPDU on the segment. The designated port is in the Forwarding state.

Alternate No Yes This port receives a better BPDU than its own BPDU, and there is a Root port within the same switch. The alternate port is in the Discarding state.

Backup No Yes This port receives a better BPDU than its own BPDU, and this BPDU is from another port within the same switch. The backup port is in the Discarding state.

314725-E Rev 00


Port roles—root forwarding role

MSTP and RSTP root forwarding roles are as follows:

• The port that receives the best path BPDU on a switch is the root port, and is referred to as a Root Forwarding (RF) port. This is the port that is the closest to the root bridge in terms of path cost.

• The spanning tree algorithm elects a single root bridge in a bridged network per spanning tree instance.

• The root bridge is the only bridge in a network that does not have root ports; all ports on a root bridge are Designated Forwarding (DF).

• There can only be one path towards a root bridge on a given segment, otherwise there will be loops.

Port roles—designated forwarding role

MSTP and RSTP designated forwarding roles are as follows:

• All bridges connected on a given segment monitor each other’s BPDUs. The bridge that sends the best BPDU is, by mutual agreement, the root bridge for the segment.

• The corresponding port on the bridge is referred to as a Designated Forwarding Port.

Port roles—alternate blocking role

MSTP and RSTP alternate blocking roles are as follows:

• A blocked port is defined as a port not designated by a root port.

• An Alternate Blocked port is a port that is blocked because it received better path cost BPDUs from another bridge.

Edge port

RSTP uses a new parameter called the edge port. When a port connects to a non-switch device, such as a PC or a workstation, it must be configured as an edge port. An active edge port enters forwarding state without delay. An edge port becomes a non-edge port if it receives a BPDU.



Path cost values

RSTP and MSTP recommend new path cost values that support a wide range of link speeds. Table 9 lists the recommended path cost values.

Negotiation process

The following section describes the negotiation process between switches that takes place before PCs can exchange data (see Figure 14 on page 77).

Table 9 Recommended path cost values

Link Speed Recommended Value

Less than or equal to 100 Kb/s

1 Mb/s

10 Mb/s100 Mb/s

200 000 000

20 000 000

2 000 000200 000

1 Gb/s

10 Gb/s100 Gb/s

20 000

2 000200

1 Tb/s

10 Tb/s

20

2

314725-E Rev 00


Figure 14 Negotiation process

After power-up, all ports assume the role of designated ports. All ports are in the discarding state except edge ports. Edge ports go directly into forwarding state without delay.

Switch A port 1 and switch B port 1 exchange BPDUs. Switch A knows that it is the root and that switch A port 1 is the designated port. Switch B learns that switch A has higher priority. Switch B port 1 becomes the root port. Both switch A port 1 and switch B port 1 are still in discarding state.

Switch A starts the negotiation process by sending a BPDU with the proposal bit set.

Switch B receives the proposal BPDU and sets its non-edge ports to discarding state. This operation occurs during the synchronization process.

Switch B sends a BPDU to switch A with the agreement bit set.



Switch A sets port 1 to forwarding state and switch B sets port 1 to forwarding state. PC 1 and PC 2 can now communicate. The negotiation process now moves on to switch B port 3 and its partner port. PC 3 cannot exchange data with either PC 1 or PC 2 until the negotiation process between switch B and switch C finishes.

The RSTP convergence time depends on how quickly the switch can exchange BPDUs during the negotiation process, and on the number of switches in the network.

Link aggregation (MLT, SMLT, LACP, VLACP)

Link aggregation allows you to bundle a set of ports into a port group, which is represented as one logical interface to upper layer protocols.

Your Ethernet Routing Switch 8600 supports multiple types of link aggregation:

• MultiLink Trunking (MLT) is a statically configured link bundling method.

• IEEE 802.3ad-based link aggregation, through the Link Aggregation Control Protocol (LACP), supports a dynamic link aggregation function, which can add links dynamically, as they become available, to a trunk group.

• Both MLT and IEEE 802.3ad-based link aggregation are defined as point-to-point functions, although Split MultiLink Trunking (SMLT) allows you to connect a multilink trunk point to two SMLT endpoints. SMLT can connect two SMLT end points to two other SMLT endpoints as well.

• SMLT allows not only module redundancy, but also allows system redundancy while allowing bandwidth aggregation at the same time. In addition, SMLT functionality was extended to include LACP for dynamic link aggregation.

314725-E Rev 00


• VLACP provides an end to end failure detection mechanism, which notifies the Ethernet Routing Switch 8600 of unidirectional or bidirectional link failures.


• “MultiLink Trunking (MLT)” on page 79

• “IEEE 802.3ad-based link aggregation” on page 91

• “Virtual LACP (VLACP)” on page 101

• “Split MultiLink Trunking (SMLT)” on page 106

MultiLink Trunking (MLT)

MultiLink Trunking is a point-to-point connection that aggregates multiple ports so that they logically act like a single port, but with the aggregated bandwidth. Grouping multiple ports into a logical link provides higher aggregate throughput on a switch-to-switch or switch-to-server application.

MultiLink Trunking provides media and module redundancy. Module redundancy is provided in the form of Distributed MLT (DMLT), which you can use to aggregate similar ports from different modules.

Note: For information about configuring link aggregation, see Chapter 5, “Configuring link aggregation using Device Manager,” on page 249 and Chapter 10, “Configuring link aggregation using the CLI,” on page 427.Note: See Chapter 12, “Device Manager configuration examples,” on page 491 and Chapter 13, “CLI configuration examples,” on page 503 for configuration examples, including CLI commands, for concepts described in this section.

Note: MLT links must be statically configured to be trunk group members.




• “MLT traffic distribution algorithm”

• “MultiLink Trunking rules” on page 82

• “Multicast flow distribution over MLT” on page 83

• “Multicast distribution algorithm” on page 84

• “Multicast traffic redistribution” on page 86

• “MLT examples” on page 87

MLT traffic distribution algorithm

A multilink trunk can be used to aggregate bandwidth between two switches. The Ethernet Routing Switch 8600 uses one of two algorithms to determine which active port in the multilink trunk is used for each packet. The MLT algorithms provide load sharing while ensuring that each packet in a flow does not arrive out of sequence.

Traffic distribution algorithm for legacy modules

For non-R modules (that is, legacy, E, or M modules), the distribution algorithm for any bridged packet (except IP distribution) is based on:

(DestIP[5:0] XOR SrcIP[5:0]) MOD (number of active links)

Bridged and routed IP or routed Internetwork Packet Exchange (IPX) distribution is based on:

(DestMAC[5:0] XOR SrcMAC[5:0]) MOD (number of active links)

Traffic distribution algorithm for R modules

Release 4.1 uses an enhanced traffic distribution algorithm for R modules. This ensures proper traffic distribution in all customer networks. The entire MAC or IP source and destination fields, and a hardware-assisted hash mechanism, are used to obtain better load distribution.

Note: The algorithms are the same traffic distribution algorithms used for the IEEE 802.3ad-based link aggregation.

314725-E Rev 00


The existing distribution algorithm for IP traffic (bridged or routed) using R modules is:

Result = (DestIP[5:0] XOR SrcIP[5:0])

Other types of traffic use:

Result = (DestMAC[5:0] XOR SrcMAC[5:0])

The result is used as an index to a table that is populated with active MLT ports repeated over 63 entries.

The distribution algorithm enhancement for any IPv4 traffic (bridged or routed) is to form a 64 bit hash key using the 32 bit DestIp and 32 bit SrcIp fields.

The distribution algorithm enhancement for any IPv6 traffic (bridged or routed) is:

64 bit key = (SrcIP[63:0] XOR srcIpIp[127:64])

64 bit key = ((64 bit key) XOR DestIp[63:0])

64 bit key = ((64 bit key) XOR DestIp[127:64])

The distribution algorithm enhancement for other types of traffic is to form a 64 bit hash key using the lower 32 bits of the DestMAC field and the lower 32 bits of the SrcMAC field:

Result = hash(64 bit key, hashFcn)

where hash is an RSP instruction and hashFcn is chosen to produce a 6 bit result. The hash function is 0x000c00003f000000, which contains a 25 bit seed, a 24 bit hash polynomial coefficient, and a 5 bit polynomial width.

The result is used as an index to a table that is populated with active multilink trunk ports repeated over 63 entries.

To view the MLT port calculated by the new distribution algorithm for R modules, use the following command:

config sys set hash-calc getmltindex traffic-type <value> dest-val <value> src-val <value> mltID <value>



where

• traffic-type <value> is one of non-ip, ipv4, or ipv6

• dest-val <value> is the destination address in the range of 1 to 1536

• src-val <value> is the source address in the range of 1 to 1536

• mltID <value> is the MLT ID.

The source and destination addresses cannot have the same value. Figure 15 shows sample output for the config sys set hash-calc command.

Figure 15 Config sys set hash-calc output

MultiLink Trunking rules

All Ethernet Routing Switch 8600 multilink trunks operate under the following set of rules:

• MLT is supported on 10BaseT, 100BaseTX, 100BaseFX, Gigabit Ethernet, and 10 Gigabit Ethernet module ports.

• All ports in an multilink trunk must be of the same media type (copper or fiber) and have the same speed and duplex settings.

• All ports in a multilink trunk must be in the same STG, unless the port is tagged; tagging allows ports to belong to multiple STGs.

• MLT is compatible with the Spanning Tree Protocol.

• IEEE 802.1Q tagging is supported on a multilink trunk.

ERS-8610:5# config sys set hash-calc getmltindex traffic-type ipv4 dest-val 1 src-val 1 mltID 1

Dest-addr and Src-addr cannot be same!

ERS-8610:5# config sys set hash-calc getmltindex traffic-type ipv4 dest-val 1 src-val 2 mltID 1

mltHashIndex: 0x37mltId: 1, mltPortIndex 55 mltPort cpp

ERS-8610:5#

314725-E Rev 00


Ethernet Routing Switch 8600 multilink trunks have the following general features and requirements:

• Up to 128 MLT groups (using R modules and R mode) are supported with as many as 8 same-type ports belonging to a single multilink trunk.

• The ports in a multilink trunk can span modules, providing module redundancy.

• All ports in a multilink trunk must be in the same STG, unless the port is tagged; tagging allows ports to belong to multiple STGs.

• Apply filters individually to each port in a multilink trunk.

Multicast flow distribution over MLT

MultiLink Trunking (MLT) provides a mechanism for distributing multicast streams over a multilink trunk. The mechanism is based on source-subnet and group addresses, and you can use it to choose the address and the bytes in the address for the distribution algorithm.

As a result, you can distribute the load on different ports of the multilink trunk and achieve an even distribution of the streams. In applications such as TV distribution, multicast traffic distribution is particularly important, because bandwidth requirements can be substantial when a large number of TV streams are employed.

Note: This algorithm is the same multicast flow distribution algorithm used for IEEE 802.3ad-based link aggregation.

Note: The Multicast Distribution over MLT feature is supported only on Ethernet Routing Switch 8600 E, M, and R modules. As a result, all the modules that have ports in a multilink trunk must be Ethernet Routing Switch 8600 E, M, or R modules to enable multicast flow distribution over MLT.



Multicast distribution algorithm

To determine the port for a particular source, group (S, G) pair, use the number of active MLT ports to MOD the number generated by the XOR (exclusive OR operation) for each byte of the masked group address, with the masked source address.

By default, the group mask and source mask is 255.255.255.255. A byte with a value of 255 in the mask means that the corresponding byte in the group or source address is taken into account when the algorithm is applied.

For example, given:

group address G[0].G[1].G[2].G[3]

group mask GM[0].GM[1].GM[2].GM[3]

source subnet address S[0].S[1].S[2].S[3]

source mask SM[0].SM[1].SM[2].SM[3]

The port is calculated using:

( ( ( (( G[0] AND GM[0] ) XOR ( S[0] AND SM[0] ) ) XOR ( (G[1] AND GM[0] ) XOR ( S[1] AND SM[1] )) ) XOR ( (G[2] AND GM[2] ) XOR ( S[2] AND SM[2] )) ) XOR ( ( G[3] AND GM[3] ) XOR ( S[3] AND SM[3] )) ) MOD (active ports of the MLT)

Algorithm example

The algorithm used for traffic distribution causes the distribution to be sequential if the streams are similar to those in this example.

For this example, assume that the MLT ports are 1/1 to 1/4, that the mask configuration is 0.0.0.0 for the source mask and 0.0.0.255 for the group mask, and that source A.B.C.D sends to groups:

X.Y.Z.1

X.Y.Z.2

X.Y.Z.3 to X.Y.Z.10

314725-E Rev 00


The algorithm chooses link 1/1 for group X.Y.Z.1, and then X.Y.Z.2 goes on port 1/2, X.Y.Z.3 goes on port 1/3, X.Y.Z.4 goes on port 1/4, X.Y.Z.5 goes on port 1/1, and so on.

Configuration example

In this configuration example, only the first byte of the group mask, and the first two bytes of the source subnet mask are considered when distributing the streams.

config sys mcast-mlt-distribution grp-mask 255.0.0.0config sys mcast-mlt-distribution src-mask 255.255.0.0config sys mcast-mlt-distribution enableconfig sys mcast-mlt-distribution redistribution enable

For a detailed description of commands used to configure multicast flow distribution over MLT, see the publication, Configuring IP Routing Multicast Protocols.

Note: When you configure flow distribution over MLT, Nortel recommends that you choose source and group masks that result in the most even traffic distribution over the multilink trunk links. For example, if you find that group addresses change incrementally, while there are few sources sending to different groups, use a source mask of 0.0.0.0 and a group mask of 255.255.255.255. In most cases, this provides a sequential distribution of traffic on the multilink trunk links.



Multicast traffic redistribution

The overall goal of traffic redistribution is to achieve a distribution of the streams on the multilink trunk links in the event of an MLT configuration change. Traffic distribution is based on the IP multicast MLT distribution algorithm (see “Multicast distribution algorithm” on page 84), and the algorithm behavior is the same for R and non-R modules.

By default, redistribution is disabled. When you add or remove a link from the multilink trunk, the active streams continue flowing on their original links if redistribution is disabled. If redistribution is enabled, however, the active streams are redistributed according to the distribution algorithm on the links of the multilink trunk.

To minimize the effect of redistribution of multicast traffic on the multilink trunks, the implementation does not move the streams to the appropriate links all at once. Instead, it redistributes a few streams at every time tick of the system. To that end, when an MLT port becomes inactive and redistribution is disabled, only the affected streams are redistributed on the remaining active ports.

If redistribution is enabled, all the streams are redistributed on the MLT ports based on the assignment provided by the distribution algorithm. For more information, see “Multicast distribution algorithm” on page 84.

When a new port becomes active in a multilink trunk and redistribution is disabled, existing streams remain on their original links. If you need to redistribute the streams dynamically to split the load on all the links of the multilink trunk, you can enable redistribution. This results in a few streams being redistributed every system time tick.

For a detailed description of the commands used to configure multicast flow distribution over MLT, see Configuring IP Routing Multicast Protocols.

Note: Traffic redistribution can cause minor traffic interruptions.

314725-E Rev 00


MLT examples

This section provides three MLT examples and includes the following topics:

• “Switch-to-switch MLT example”, next

• “Switch-to-server MLT example” on page 89

• “Client/server MLT example” on page 89



Switch-to-switch MLT example

Figure 16 shows two multilink trunks (T1 and T2) connecting switch S1 to switches S2 and S3.

Figure 16 Switch-to-switch multilink trunk configuration

Each of the trunks shown in Figure 16 can be configured with multiple switch ports to increase bandwidth and redundancy. When traffic between switch-to-switch connections approaches single port bandwidth limitations, you can create a multilink trunk to supply the additional bandwidth required to improve performance.

9050EB

T1

T2

S1

S2 S3

Ethernet Routing Switch 8600

Legend

314725-E Rev 00


Switch-to-server MLT example

Figure 17 shows a typical switch-to-server trunk configuration. In this example, file server FS1 utilizes dual MAC addresses, using one MAC address for each network interface card (NIC). No multilink trunk is configured on FS1. FS2 is a single MAC server (with a four port NIC) and is configured as multilink trunk configuration T1.

As shown in this example, one port on FS1 is blocked, thus is unused, whereas FS2 benefits from having aggregated bandwidth on multilink trunk T1.

Figure 17 Switch-to-server multilink trunk configuration

Client/server MLT example

Figure 18 on page 90 shows an example of how multilink trunks can be used in a client/server configuration. In this example, both servers are connected directly to switch S1. FS2 is connected through a multilink trunk configuration (T1). The switch-to-switch connections are through multilink trunk T2, T3, and T4. Clients accessing data from the servers (FS1 and FS2) are provided with maximized

9051EB

00:80:2d:01:f0:0000:80:2d:01:f0:01

FS2

T1

FS1


Legend

S1

MAC addresses



bandwidth through T1, T2, T3, and T4. On the Ethernet Routing Switch 8600, trunk members (the ports that comprise each multilink trunk) do not have to be consecutive switch ports; they can be selected across different modules for module redundancy.

Figure 18 Client/server multilink trunk configuration

With spanning tree enabled, ports that belong to the same MultiLink Trunk operate as follows:

• All ports in the multilink trunk must belong to the same spanning tree group if spanning tree is enabled.

• Identical bridge protocol data units (BPDU) are sent from each port.

9052EB

T2 T3 T4

FS2

T1

FS1

S1

S2 S4S3


Legend

314725-E Rev 00


• The multilink trunk port ID is the ID of the lowest numbered port.

• If identical BPDUs are received on all ports, the multilink trunk mode is forwarding.

• If no BPDU is received on a port or if BPDU tagging and port tagging do not match, the individual port is taken offline.

• Path cost is inversely proportional to the active multilink trunk bandwidth.

IEEE 802.3ad-based link aggregation

IEEE 802.3ad-based (IEEE 802.3 2002 clause 43) link aggregation allows you to aggregate one or more links together to form a link aggregation group (LAG), such that a MAC client can treat the LAG as if it were a single link.

Although IEEE 802.3ad-based link aggregation and MLT provide similar services, MLT is statically defined, whereas IEEE 802.3ad-based link aggregation is dynamic and provides more functionality through the Link Aggregation Control Protocol (LACP). LACP dynamically detects whether links can be aggregated into a link aggregation group and does so when links become available.

IEEE 802.3ad was designed for point-to-point link aggregation only. However, the Ethernet Routing Switch 8600 provides extensions to support IEEE 802.3ad in SMLT configurations, thereby allowing any IEEE 802.3ad-capable device to be connected to an SMLT aggregation pair.


• “Overview” on page 93

• “LACP” on page 94

• “Link aggregation operations” on page 94

• “Principles of link aggregation” on page 95

• “LACP and MLT” on page 97

• “LACP and SMLT” on page 98

• “LACP and routing” on page 98

Note: You can disable the Nortel Spanning Tree Protocol (ntstg <enable|disable>) if you do not want to receive BPDUs on all ports.



• “LACP priority” on page 98

• “LACP keys” on page 99

• “LACP timers” on page 99

• “LACP modes” on page 100

• “LACP and spanning tree interaction” on page 100

314725-E Rev 00


Overview

The IEEE 802.3ad standard comprises of service interfaces, the Link Aggregation Control Protocol, the Marker Protocol, link aggregation selection logic, parser/multiplexer, frame distribution, and frame collection functions.

Figure 19 shows the major functions of IEEE 802.3ad defined as multiple link aggregation.

Figure 19 Link aggregation sublayer (according to IEEE 802.3ad)



LACP

The main purpose of LACP is to manage switch ports and their port memberships to form link aggregation groups (LAG). LACP can dynamically add or remove LAG ports, depending on their availability and states.

Aside from automatic link aggregation, a side benefit of LACP is its ability to detect link layer failure within a service provider network. LACP packets are exchanged end to end, thus if a link in the middle fails, but the local ports do not register the failure, LACP times out and disables the port for traffic. VLACP—Virtual LACP—can be used to speed up the link layer failure detection process if necessary.

The interfaces between the LACP module and the other modules is shown in Figure 19 on page 93.

Link aggregation operations

As shown in Figure 19 on page 93, the link aggregation sublayer comprises the following functions:

• Frame distribution:

This block takes frames submitted by the MAC client and submits them for transmission on the appropriate port, based on a frame distribution algorithm employed by the Frame Distributor.

Frame distribution also includes an optional Marker Generator/Receiver used for the Marker Protocol. For the Ethernet Routing Switch 8600, only the Marker Receiver function is implemented. Refer to “MultiLink Trunking (MLT)” on page 79 for details about the frame distribution function.

• Frame collection:

This block passes frames received from the various ports to the MAC client. Frame collection also includes a Marker Responder, used for the Marker Protocol.

• Aggregator Parser/Multiplexers:

— During transmission operations, these blocks pass frame transmission requests from the Distributor, Marker Generator, and Marker Responder to the appropriate port.

314725-E Rev 00


— During receive operations, these blocks distinguish among Marker Request, Marker Response, and MAC Client PDUs, and pass each to the appropriate entity (Marker Responder, Marker Receiver, and Collector, respectively).

• Aggregator:

The combination of frame distribution and collection, along with Aggregator Parser/Multiplexers, is referred to as the Aggregator.

• Aggregation Control:

This block configures and controls link aggregation. It incorporates LACP, which can be used for automatic communication of aggregation capabilities between systems. and automatic configuration of link aggregation.

• Control Parser/Multiplexers:

— During transmission operations, these blocks pass frame transmission requests from the Aggregator and Control entities to the appropriate port.

— During receive operations, these blocks distinguish Link Aggregation Control PDUs (LACPDU) from other frames, passing the LACPDUs to the appropriate sublayer entity, and all other frames to the aggregator.

Principles of link aggregation

Link aggregation allows you to group switch ports together to form a link group to another switch or server, thus increasing aggregate throughput of the interconnection between the devices while providing link redundancy.

Link aggregation employs the following principles and concepts:

• A MAC client communicates with a set of ports through an aggregator, which presents a standard IEEE 802.3 service interface to the MAC client. The Aggregator binds to one or more ports within a system.

• The aggregator distributes frame transmissions from the MAC client to the various ports, and collects received frames from the ports and passes them to the MAC client transparently.

• A system can contain multiple aggregators serving multiple MAC clients. A given port binds to (at most) a single aggregator at any time. A MAC client is served by a single aggregator at a time.



• The binding of ports to aggregators within a system is managed by the Link Aggregation Control function for that system. The control function determines which links can be aggregated, aggregates them, binds the ports within the system to an appropriate aggregator, and monitors conditions to determine when a change in aggregation is needed. Such determination and binding can be under manual control through direct manipulation of the state variables of link aggregation (for example, keys) by a network manager. In addition, automatic determination, configuration, binding, and monitoring can occur through the use of a LACP.

• The LACP uses peer exchanges across the links to determine, on an ongoing basis, the aggregation capability of the various links, and continuously provides the maximum level of aggregation capability achievable between a given pair of systems.

• Frame ordering is maintained for certain sequences of frame exchanges between MAC Clients. The distributor ensures that all frames of a given conversation are passed to a single port. For any given port, the collector is required to pass frames to the MAC client in the order that they are received from that port. The collector is otherwise free to select frames received from the aggregated ports in any order. Because there are no means for frames to be mis-ordered on a single link, this guarantees that frame ordering is maintained for any conversation.

• Conversations can be moved among ports within an aggregation, both for load balancing and for maintaining availability in the event of link failures.

• The standard does not impose any particular distribution algorithm on the distributor. Use an algorithm that is appropriate for the supported MAC client.

For frame distribution function details, see “MultiLink Trunking (MLT)” on page 79.

• Each port is assigned a unique, globally administered MAC address.

The MAC address is used as the source address for frame exchanges that are initiated by entities within the link aggregation sublayer itself (for example, LACP and Marker Protocol exchanges).

• Each aggregator is assigned a unique, globally administered MAC address, which is used as the MAC address of the aggregation from the perspective of the MAC Client, both as a source address for transmitted frames and as the destination address for received frames.

The MAC address of the aggregator can be one of the MAC addresses of a port in the associated LAG.

314725-E Rev 00


LACP and MLT

When you configure standards-based link aggregation, you must enable the aggregatable field. After you enable the aggregatable field, the LACP aggregator is one-to-one mapped to the specified multilink trunk.

For example, when you configure a link aggregation group (LAG), use the following steps:

1 Assign a numeric key to the ports you want to include in the LAG.

2 Configure the LAG to be aggregatable.

3 Enable LACP on the port.

4 Create a multilink trunk and assign the same key to that multilink trunk.

The multilink trunk/LAG only aggregates those ports whose key matches its own.

The newly created multilink trunk/LAG adopts the VLAN membership of its member ports when the first port is attached to the aggregator associated with this LAG. When a port is detached from an aggregator, the port is deleted from the associated LAG port member list. When the last port member is deleted from the LAG, the LAG is deleted from all VLANs and STGs.

After the multilink trunk is configured as aggregatable, you cannot add or delete ports or VLANs manually.

To enable tagging on ports belonging to LAG, first disable LACP on the port, and then enable tagging on the port and enable LACP.



LACP and SMLT

The following are some guidelines to follow when using LACP and SMLT:

• If you use LACP in an SMLT square configuration, the LACP ports must have the same keys for that SMLT LAG; otherwise, the aggregation can fail if a switch failure occurs.

• If an SMLT aggregation switch has LACP enabled on some of its multilink trunks, do not change LACP system priority after LACP is enabled on ports. If some ports do not enter the desired multilink trunk after a dynamic configuration change, use the CLI command (assume MLT 10): conf mlt 10 lacp clear-link-aggrgate

• Nortel recommends that LACP not be enabled on interswitch trunks to avoid unnecessary processing and to maintain simplicity. If a failure detection mechanism is required when there is an optical network between the SMLT core switches, use VLACP.

LACP is supported on single port split multilink trunks and split multilink trunks.

LACP and routing

If Open Shortest Path First (OSPF) routing is enabled on the port, do not set the LACP periodic transmission timer to less than 1 second.

LACP priority

LACP priority is configured at the system level and at the port level.

• Port priority—determines which ports are aggregated into LAG if more than eight ports are configured for the LAG, as in a standby-port configuration.

Note: The Ethernet Routing Switch 8600 Software Release 4.1 does not support the use of Simple Loop Prevention Protocol (SLPP) in an LACP-SMLT environment.

314725-E Rev 00


• System priority—generates the switch ID when communicating with other switches. For SMLT applications, this is used to determine a master/slave relationship between the SMLT switches. Nortel recommends that this value remain at its default value. If it must be changed, Nortel recommends that you disable LACP first, and then reenable it after the value is changed.

LACP keys

LACP keys are used to determine which ports are eligible to be aggregated into a LAG. The LACP keys are defined under the ports when the multilink trunk is configured. The ports whose keys match the multilink trunk’s key can be aggregated into that multilink trunk.

• Keys need not match between two LACP peers.

• Keys must match on SMLT core switches when using LACP with SMLT.

LACP timers

You can customize failover times by changing the LACP timer attributes (fast periodic time; slow periodic time; aggregate wait time). These values are set by default to match the IEEE 802.3ad values. If they are changed, these values must match on the ports participating in aggregation between two devices.

Any changes to these values at the global level are reflected on all ports. However, these values can be changed on a per-port level. When you change a LACP timer globally, this value is set on all ports. The global timer value overwrites the local port value irrespective of the LACP state. You must reconfigure any port values that differ from the global values.

The user can use either the fast or slow timer, and this is set on the port level. By default, the Ethernet Routing Switch 8600 uses the long timer. LACP uses the following timers, which have the parameters indicated:

• fast periodic timer—200 to 20 000 ms; default 1000 ms

• slow periodic timer—10 000 to 30 000 ms; default 30 000 ms

• aggregation wait timer—200 to 2000; default 2000



Timer changes must be made to all ports participating in link aggregation, as well as to the ports on the partnering node.

When you enable LACP on a port, the timer values used are those set at the port level. Toggling of the LACP status is required when timer values change. Existing ports are not impacted by this change unless you toggle the LACP status on the port.

LACP modes

LACP uses two mode types, active and passive.

• Active mode—ports initiate the aggregation process. Active mode ports aggregate with other active mode ports or passive mode ports.

• Passive mode—ports participate in LACP but do not initiate the aggregation process. Passive mode ports must be partnered with active mode ports for aggregation to occur.

LACP and spanning tree interaction

LACP module operation is only affected by the physical link state or its LACP peer status. When a link is enabled or disabled, the LACP module is notified. The STP forwarding state does not affect the operation of LACP module. LACPDUs can be sent even if the port is in the STP blocking state.

Unlike legacy multilink trunks, configuration changes (such as speed and duplex mode) to a LAG member port are not applied to all the member ports in the multilink trunk. Instead, the changed port is removed from the LAG and the corresponding aggregator, and the user is alerted when the configuration is created.

Note: Configuration changes to the LACP timers are not reflected immediately. LACP timers are not reset until the next time LACP is restarted globally or on a port. This action ensures consistency with peer switches.

314725-E Rev 00


In contrast to MLT, IEEE 802.3ad-based link aggregation does not expect BPDUs to be replicated over all ports in the trunk group. Therefore, you must enter the ntstg disable command to disable the parameter on the spanning tree group for LACP-based link aggregation. See “Configuring Spanning Tree Protocol” on page 385 for more information about this command.

Be aware that this parameter is applicable to all trunk groups that are members of the spanning tree group. This is necessary when internetworking with devices that only send BPDUs out of one port of the LAG.

Link aggregation rules

Ethernet Routing Switch 8600 link aggregation groups operate under the following rules:

• All ports in a LAG must operate in full-duplex mode.

• All ports in a LAG must operate at the same data rate.

• All ports in a LAG must be in the same VLAN.

• Link aggregation is compatible with the Spanning Tree Protocol (STP).

• Link aggregation groups must be in the same STP groups.

• Ports in a link aggregation group can exist on different modules.

• A maximum of 32 link aggregation groups (128 for R modules in R mode) are supported.

• A maximum of eight active links are supported per LAG.

• A maximum of eight standby links are supported per LAG.

• With the 4.1 release, you can configure up to eight ports (mixture of active and standby ports) in an 802.3ad group.

Virtual LACP (VLACP)

Virtual LACP is an LACP extension that is used for end to end failure detection.VLACP uses the Hello mechanism of LACP to periodically send Hello packets to ensure there is end to end reachability. When Hello packets are not received, VLACP transitions to a failure state, which indicates a service provider failure, and the port is disabled. An advantage of VLACP is that VLACP timers can be reduced to 200 milliseconds, which allows approximately one second failure detection and switchover time.



For the Ethernet Routing Switch 8600 Software Release 4.1, the VLACP fast periodic timer is reduced to 10 ms, which allows sub-100 ms failover time. To attain sub-100 ms core convergence, each switch must use the Enterprise enhanced CPU daughter card 8692SF (also called SuperMezz). This feature is only supported between core Ethernet Routing Switches. For more information about this feature, see “VLACP timers and sub-100 ms core convergence” on page 104.

VLACP only works for port-to-port communications where there is a guarantee for a logical port-to-port match through the service provider. It does not work for port-to-multiport communications where there is no guarantee for a point-to-point match through the service provider. VLACP can be configured on a port in addition to LACP. LACP can be used for link aggregation, and VLACP can be used for end to end failure detection.

Ethernet cannot detect end to end failures. Ethernet was extended to detect remote link failures through functions such as remote fault indication or far-end fault indication mechanisms, but a major limitation of these functions is that they terminate at the next Ethernet hop; failures cannot be determined on an end to end basis.

For example, as shown in Figure 20 on page 103, when enterprise networks connect their aggregated Ethernet trunk groups through a service provider network connection (for example, through a VPN), far-end failures cannot be signaled with Ethernet-based functions that operate end to end through the service provider cloud. In this example, the multilink trunk (between enterprise switches S1 and S2) extends through the service provider (SP) network.

314725-E Rev 00


Figure 20 Problem description (1 of 2)

As shown in Figure 21, if the L2 link on S1 (S1/L2) fails, the link-down failure is not propagated over the SP network to S2. Thus S2 continues to send traffic over the failed S2/L2 link.

Figure 21 Problem description (2 of 2)

Note that LACP, as defined by IEEE, is a protocol that exists between two bridge endpoints; therefore the LACP PDUs are terminated at the next SP interface.



Using VLACP, far-end failures can be detected, which allows MLT to properly failover when end to end connectivity is not guaranteed for certain links in an aggregation group. VLACP prevents the failure scenario shown in Figure 21 on page 103.

When used in conjunction with SMLT, VLACP allows you to switch traffic around entire network devices before Layer 3 protocols detect a network failure, thus minimizing network outages.

The Ethernet Routing Switch 8600 Software Release 4.1 uses the following VLACP timers, which have the parameters indicated:

• fast periodic timer—10 to 20 000 ms; default 200 ms

• slow periodic timer—10 000 to 30 000 ms; default 30 000 ms

VLACP timers and sub-100 ms core convergence

Ethernet Routing Switch 8600 Software Release 4.1 can attain sub-100 millisecond (ms) failover time. The VLACP fast periodic timer is reduced to a minimum value of 10 ms to enable sub-100 ms convergence. Sub-100 ms convergence guarantees ultra fast convergence for critical business and multimedia applications.

To attain sub-100 ms core convergence, each switch must use the Enterprise enhanced CPU daughter card 8692SF (also called SuperMezz). This feature is only supported between core Ethernet Routing Switch 8600s. For more information about SuperMezz, see the document Installing Ethernet Routing Switch 8600 Modules.

314725-E Rev 00


Figure 22 on page 106 depicts four core Ethernet Routing Switch 8600s equipped with SuperMezz modules exchanging fast periodic timer messages to acheive sub-100 ms convergence. Table 10 compares the timer ranges (in milliseconds) used in VLACP and LACP for Release 3.7 and 4.1.

Table 10 Ethernet Routing Switch 8600 LACP and VLACP timer comparison

Release 3.7Release 4.1 without SuperMezz

Release 4.1 with SuperMezz

LACP

Fast periodic timer range (ms) 200 to 20 000Default 1000

200 to 20 000Default 1000

200 to 20 000Default 1000

Slow periodic timer range (ms) 10 000 to 30 000

Default 30 000

10 000 to 30 000

Default 30 000

10 000 to 30 000

Default 30 000

Aggregation wait timer range (ms) 200 to 2000

Default 2000

200 to 2000

Default 2000

200 to 2000

Default 2000

VLACP

Fast periodic timer range (ms) 200 to 20 000

Default 1000

200 to 20 000

Default 1000

10 to 20 000 (NEW)

Default 2000

Slow periodic timer range (ms) 10 000 to 30 000Default 30 000

10 000 to 30 000Default 30 000

10 000 to 30 000Default 30 000



Figure 22 Sub-100 ms convergence between SuperMezz modules

Split MultiLink Trunking (SMLT)

This section describes the Split MultiLink Trunking (SMLT) feature and includes the following topics. For help with common terms and acronyms used with SMLT, refer to the “Glossary” on page 573.

• “Overview”

• “Advantages of SMLT” on page 107

• “How does SMLT work?” on page 111

• “SMLT-on-Single-CPU feature” on page 118

• “Single Port SMLT” on page 119

Note: Routed SMLT, or RSMLT, is a Layer 3 protocol whereas SMLT is a Layer 2 protocol. SMLT is described in this document, and RSMLT is described in the document Configuring IP Routing Operations.

314725-E Rev 00


• “Using MLT-based SMLT with Single Port SMLT” on page 125

• “SMLT network design considerations” on page 127

Overview

Link aggregation technologies are popular for improving link bandwidth efficiency and preventing link failures. IEEE 802.3ad is the standardized link aggregation protocol, although various vendors have developed their own proprietary implementations. IEEE 802.3ad is defined for point-to-point applications, however; it was not designed to recover around a nodal failure.

Split MultiLink Trunking (SMLT) is an extension to IEEE 802.3ad that improves Layer 2 and Layer 3 resiliency by providing nodal protection, in addition to link failure protection, and flexible bandwidth scaling. SMLT achieves this by allowing edge switches using IEEE 802.3ad to dual-home to two SMLT aggregation switches. SMLT is transparent to attached devices supporting IEEE 802.3ad.

Because SMLT inherently avoids loops due to its superior enhanced link aggregation protocol, SMLT networks do not need to use the IEEE 802.1d Spanning Tree Protocol to enable loop-free triangle topologies. This is accomplished by implementing a method that allows two aggregation switches to appear as a single device to edge switches, which are dual-homed to the aggregation switches. The aggregation switches are interconnected using an interswitch trunk, which allows them to exchange addressing and state information (permitting rapid fault detection and forwarding path modification). Although SMLT is primarily designed for Layer 2, it also provides benefits for Layer 3 networks as well.

Advantages of SMLT

SMLT improves the reliability of Layer 2 networks that operate between user access switches and the network center aggregation switch by providing:

• Load sharing among all links

Note: Layer 2 edge switches must support some form of link aggregation (such as MLT) to allow communications with an SMLT aggregation switch.



• Fast failover in case of link failures

• Elimination of single point of failure

• Fast recovery, in case of nodal failure

• Transparent and interoperable solutions

• Removes STP convergence issues

These advantages are described in more detail in the sections that follow.

Single point of failure elimination

SMLT helps eliminate all single points of failure and creates multiple paths from all user access switches to the core of the network. In case of failure, SMLT recovers as quickly as possible so that no capacity is unused. SMLT provides a transparent and interoperable solution that requires no modification on the part of the majority of existing user access devices.

SMLT compared to Spanning Tree Protocol

Networks that are designed to have user access switches dual-homed to two aggregation switches, and have VLANs spanning two or more user access switches, experience the following design constraints:

• Spanning tree must be used to detect loops

• No load sharing exists over redundant links

• Network convergence is slow in case of failure

Note: R modules support SMLT over 10 Gigabit Ethernet. This is available only on the 8683XLR/XZR modules.

314725-E Rev 00


Figure 23 shows a typical aggregator switch configuration that is dependent upon STP for loop detection.

Figure 23 Resilient networks with Spanning Tree Protocol

As shown in Figure 24 on page 110, with the introduction of SMLT, all dual-homed Layer 2 frame-switched network devices are no longer dependent upon Spanning Tree Protocol for loop detection, because a properly designed SMLT network inherently does not have any logical loops.

Similarly, Layer 3 networks can benefit from SMLT as well.



Figure 24 Resilient networks with SMLT

SMLT solves the spanning tree problem by combining two aggregation switches into one logical MLT entity, thus making it transparent to any type of edge switch. In the process, it provides quick convergence, while load sharing across all available trunks.

314725-E Rev 00


How does SMLT work?

Figure 25 illustrates an SMLT configuration with a pair of Ethernet Routing Switch 8600 devices (E and F) as aggregation switches. Also included are four separate user access switches (A, B, C, and D). Refer to the following sections for a description of the components shown in this SMLT example.

• “Interswitch trunking”

• “CP Limit and SMLT interswitch trunking” on page 112

• “Other SMLT aggregation switch connections” on page 114

Figure 25 Ethernet Routing Switch 8600 as SMLT aggregation switches

Interswitch trunking

SMLT aggregation switches must be connected through an interswitch trunk. For example, user access switches B and C are connected to the aggregation switches via multilink trunks split between the two aggregation switches. As shown in Figure 25, the implementation of SMLT only requires two SMLT-capable aggregation switches. These switches must be connected through an interswitch trunk.



Aggregation switches use the interswitch trunk to:

• Confirm that they are alive and exchange MAC address forwarding tables.

• Send traffic between single switches attached to the aggregation switches.

• Serve as a backup if one SMLT link fails.

Because the interswitch trunk is required for SMLT, for proper operation Nortel recommends that you use multiple links on the interswitch trunk to ensure reliability and high availability. Nortel recommends using Gigabit Ethernet links for interswitch trunk connectivity to provide enough bandwidth for potential cross traffic.

CP Limit and SMLT interswitch trunking

Control packet rate limit (CP Limit) is a feature that controls the amount of multicast and broadcast traffic that can be sent to the CPU from a physical port. It protects the CPU from being flooded by traffic from a single, unstable port. The CP-Limit default settings are:

• default state = enabled

• default multicast packets-per-second (pps) value = 15 000

• default broadcast pps value = 10 000

Note that for SMLT ports, CP Limit is enabled by default. Packets that are destined for the control plane (that is, packets that have a QoS level of 7 such as BPDU, OSPF hello) trigger this feature. When the threshold is reached, CP Limit disables the port from which the offending traffic is received.

Note: Asynchronous Transfer Mode (ATM) and Packet over SONET (PoS) links are not supported for use as interswitch trunk links.

Note: When you configure SMLT links, Nortel recommends setting the multicast packets-per-second value to 6000 pps.

314725-E Rev 00


You can enable CP Limit for all ports so that the Ethernet Routing Switch 8600 can disable any port that receives excess control traffic. SMLT is an exception because of the importance of the interswitch trunk. Nortel recommends that you disable the CP Limit feature on all interswitch trunk ports so that these ports are not disabled, which can compromise the stability of SMLT.

Do not confuse CP Limit with port rate limiting. Port rate limiting and CP Limit serve different purposes. Port level rate limiting, if enabled, limits all packets with broadcast and multicast addresses to control the amount of user traffic. CP Limit is a protection mechanism for the control plane that only counts packets that are destined for the control plane, or packets that are processed by the CPU with a QoS=7.

The CPU can count packets which are not counted by the CP Limit feature. Such packet types can include auto-topology or NetBIOS. The QoS level ensures that control plane traffic (with QoS=7) is processed first in the case of congestion in the CPU buffer.

If the actual packets-per-second rate sent from a port exceeds the defined rate, then the port is administratively shut down to protect the CPU from continued bombardment. Disabling interswitch trunk ports in this way can impair network traffic flow, as this is a critical port for SMLT configurations.

Disabling CP Limit on interswitch trunk multilink trunk ports forces another, less-critical port to be disabled if the defined CP Limits are exceeded. In doing so, you preserve network stability if a protection condition (CP Limit) arises. Note that, although it is likely that one of the multilink trunk ports (risers) will be disabled in such a condition, traffic continues to flow uninterrupted through the remaining SMLT ports.

Note: Nortel recommends that an interswitch multilink trunk contain at least two physical ports. Nortel also recommends that you disable CP-Limit on all physical ports that are members of an interswitch trunk multilink trunk.

Note: CP Limit can only be configured through the CLI.



The command syntax to enable or disable CP Limit is:

config ethernet <slot/port> cp-limit <enable|disable>

The Ethernet Routing Switch 8600 also supports the Extended CP Limit feature. For more information about Extended CP Limit, see Configuring Network Management.

Other SMLT aggregation switch connections

The example shown in Figure 25 on page 111 includes end stations which connect to each of the switches. In this example, a, b1, b2, c1, c2, and d are clients and printers, while e and f are servers or routers.

User access switches B and C can use any method to determine which link of their multilink trunk connections to use to forward a packet, as long as the same link is used for a given source/destination address (SA/DA) pair. This is true regardless of whether the DA is known by B or C. SMLT aggregation switches always send traffic directly to a user access switch, and only use the interswitch trunk for traffic that they cannot forward in another, more direct way.

The examples that follow explain the process in more detail.


• “Example 1: Traffic flow from a to b1 or b2”

• “Example 2: Traffic flow from b1/b2 to c1/c2” on page 115

• “Example 3: Traffic flow from a to d” on page 115

• “Example 4: Traffic flow from f to c1/c2” on page 115

Example 1: Traffic flow from a to b1 or b2

Assuming a and b1/b2 are communicating through Layer 2, traffic flows from A to switch E and is forwarded over its direct link to B. Traffic coming from b1 or b2 to a is sent by B on one of its multilink trunk ports.

B can send traffic from b1 to a on the link to switch E, and traffic from b2 to a on the link to F. In the case of traffic from b1, switch E forwards the traffic directly to switch A, while traffic from b2, which arrived at F, is forwarded across the interswitch trunk to E and then on to A.

314725-E Rev 00


Example 2: Traffic flow from b1/b2 to c1/c2

Traffic from b1/b2 to c1/c2 is always sent by switch B through its multilink trunk to the core. No matter which switch (E or F) it arrives at, it will be sent directly to C through the local link.

Example 3: Traffic flow from a to d

Traffic from a to d (and d to a) is forwarded across the interswitch trunk because it is the shortest path. This is treated as a standard link; SMLT and interswitch trunk parameters are not considered.

Example 4: Traffic flow from f to c1/c2

Traffic from f to c1/c2 is sent out directly from F. Return traffic from c1/c2 allows you to have one active VRRP Master per IP subnet. It is passed across the interswitch trunk if switch C sends it to E.

Traffic flow in an SMLT environment

Traffic flow in an SMLT environment follows these rules:

• If a packet is received from an interswitch trunk port, it is not forwarded to any active SMLT groups. This is key in preventing network loops.

• When a packet is received, a look-up is performed on the forwarding database. If an entry exists, and if the entry was learned locally from the split multilink trunk or through the interswitch trunk as a remote split multilink trunk, it is forwarded out the local port (the packet should not be sent to the interswitch trunk for forwarding unless there is no local connection). Unknown and Broadcast packets are flooded out all ports that are members of this VLAN.

• For loadsharing purposes in an SMLT scenario, the Ethernet Routing Switch 8600 obeys the MLT traffic distribution algorithm. See “MLT traffic distribution algorithm” on page 80 for more details about the algorithms.



Traffic flow example

In an SMLT environment, the two aggregation switches share the same forwarding database by exchanging forwarding entries using the IST. In Figure 26 on page 117, the forwarding databases are shown for a pair of IST nodes (B and C). Note that the entry for 00:E0:7B:B3:04:00 is shown on node C as being learned on MLT-1, but because SMLT REMOTE is true, this entry was actually learned from node B. On B, that same entry is shown as being directly learned through MLT-1 because SMLT REMOTE is false. Figure 27 on page 118 shows the network topology.

When a packet arrives at node C destined for 00:E0:7B:B3:04:00, if the SMLT REMOTE status is true, then the switch tries to send the packet out MLT-1 first, rather than through the interswitch trunk. Traffic rarely traverses the interswitch trunk unless there is a failure. If this same packet arrives at B, then it will be forwarded to MLT-1 on the local ports.

314725-E Rev 00


Figure 26 Output of the command show vlan info fdb-e 10

Response from B:

ERS-8610:5# show vlan info fdb-e 10=========================================================================

Vlan Fdb=========================================================================VLAN MAC QOS SMLT ID STATUS ADDRESS INTERFACE MONITOR LEVEL REMOTE-------------------------------------------------------------------------10 self 00:00:5e:00:01:01 - false 1 false10 learned 00:80:2d:ba:d6:01 MLT-5 false 1 true10 self 00:80:2d:be:22:01 - false 1 false10 learned 00:e0:7b:b3:04:00 MLT-1 false 1 false10 learned 00:e0:7b:b3:04:10 MLT-1 false 1 true

Response from C:

=========================================================================Vlan Fdb

=========================================================================VLAN MAC QOS SMLTID STATUS ADDRESS INTERFACE MONITOR LEVEL REMOTE-------------------------------------------------------------------------10 self 00:00:5e:00:01:01 - false 1 false10 self 00:80:2d:ba:d6:01 - false 1 false10 learned 00:80:2d:be:22:01 MLT-5 false 1 true10 learned 00:e0:7b:b3:04:00 MLT-1 false 1 true10 learned 00:e0:7b:b3:04:10 MLT-1 false 1 false



Figure 27 Network topology for traffic flow example

SMLT-on-Single-CPU feature

Beginning with Ethernet Routing Switch 8600 Software Release 3.5 and continuing through the latest hardware revisions, an enhancement was added to improve SMLT failover behaviors for single CPU/SF configurations.

Prior to this release, Nortel required that two switch fabric modules be installed in a chassis running SMLT. This was a requirement because SMLT clients did not reroute traffic around SMLT aggregation switches with a single failed CPU. Thus, packet loss can occur in this rare failure case.

The SMLT-on-Single-CPU feature establishes a polling mechanism between the CPU and the interface modules. Because single CPU/SF configurations do not benefit from standard CPU/SF redundancy, in the rare event that a CPU failure occurs on the aggregation switch, this enhancement forces the interface modules offline and allows network redundancy configurations to activate more quickly.

You can configure this feature using the CLI. For instructions, see “Configuring SMLT-on-Single-CPU” on page 462.

314725-E Rev 00


This feature is applicable to all I/O modules capable of supporting the new Single CPU/Switch Fabric reliability enhancement. By default, the SMLT-on-Single-CPU feature is disabled.

The SMLT-on-Single-CPU feature can also be implemented on dual SSF/CPU chassis, and is independent of SMLT design. In dual SSF/CPU systems, Nortel recommends that you consider enabling this feature. Its use provides for faster High-Availability-like failover for dual SSF/CPU systems in terms of proper link status. This feature is fully supported on R modules; R modules always operate in this mode independent of configuration settings. R modules have been designed for faster failover without software control.

Note that not all versions of classic (legacy) modules can support this feature. If non-supported modules are in a chassis which has this feature enabled, those modules will not be initialized and an error message will be logged to the log file. For information on module version support consult your Nortel representative. For example, the 8608SX/8608SXE modules are one example of non-supported module types.

Single Port SMLT

Single Port SMLT lets you configure a split multilink trunk using a single port. The Single Port SMLT behaves like an MLT-based SMLT, and can coexist with SMLTs in the same system. Single Port SMLT lets you scale the number of split multilink trunks on a switch to the maximum number of available ports.

Split multilink trunk links can exist in the following combinations on the SMLT-aggregation switch pair:

• MLT-based SMLT + MLT-based SMLT

• MLT-based SMLT + single link SMLT

• single link SMLT + single link SMLT

Rules for configuring Single Port SMLT include:

• The dual-homed device that connects to the aggregation switches must support MLT.



• Single Port SMLT is supported on Ethernet, PoS, and ATM ports.

• Each Single Port SMLT is assigned an SMLT ID from 1 to 512.

• Single Port SMLT ports can be designated as Access or Trunk (that is, IEEE 802.1Q tagged or not); changing the type does not affect their behavior.

• You cannot change a single port split multilink trunk to an MLT-based SMLT by adding more ports. You must delete the single port split multilink trunk, and then reconfigure the port as SMLT/MLT.

• You cannot change an MLT-based split multilink trunk into a single port split multilink trunk by deleting all ports but one. You must first remove the SMLT/MLT, then reconfigure the port as Single Port SMLT.

• A port cannot be configured as a MLT-based split multilink trunk and as a single port split multilink trunk at the same time.

• Two or more aggregation switches can have single port split multilink trunks with the same IDs. You can have as many single port split multilink trunks as there are available ports on the switch.

• LACP is supported on single port split multilink trunks.

Split multilink trunk topologies

There are four generic topologies in which SMLT can be deployed. The user can choose either a Single Port SMLT configuration, a triangle configuration, a square configuration, or a full mesh configuration, depending on the resiliency and redundancy required.

Note: Single Port SMLT is not supported on the 8681 module 10 Gigabit Ethernet ports with Software Release 3.5.

314725-E Rev 00


Single Port SMLT topology

Sometimes you need to exceed the Ethernet Routing Switch 8600 multilink trunk Group ID limit for server farm applications. In this case, you can use Single Port SMLT (see Figure 28). This topology allows scaling up to the maximum number of ports on a switch. Any Layer 2 switch capable of link aggregation can be used as the client in this case.

Figure 28 Single Port SMLT topology



SMLT triangle topology

The most often used configuration, the triangle configuration, connects multiple access switches to a pair of Ethernet Routing Switch 8600 devices. In many cases, dual-NIC servers capable of link aggregation are connected directly to the Ethernet Routing Switch 8600 devices in a similar fashion. Figure 29 depicts Extranet Switches (ES) as the SMLT Clients. In real-world applications, any Layer 2 device capable of link aggregation can become the SMLT client.

Figure 29 SMLT triangle topology

314725-E Rev 00


SMLT square topology

Often used in an enterprise core, the square SMLT configuration provides network resiliency. Figure 30 shows this topology.

Figure 30 SMLT square topology



SMLT full mesh topology

For maximum reliability and resiliency, all SMLT nodes can be fully meshed. This may not be an economical solution for many cases, but if traffic loss cannot be tolerated, this design can route traffic around any failure. Figure 31 shows the full mesh topology.

Figure 31 SMLT full mesh topology

314725-E Rev 00


Using MLT-based SMLT with Single Port SMLT

You can configure a split multilink trunk with a single port split multilink trunk on one side and an MLT-based split multilink trunk on the other. Both must have the same SMLT ID. In addition to general use, Figure 32 shows how this configuration can be used for upgrading an MLT-based split multilink trunk to a single port split multilink trunk without taking down the split trunk.

Figure 32 Changing a split trunk from MLT-based SMLT to Single Port SMLT

To configure Single Port SMLT using Device Manager, see “Configuring a single port split multilink trunk” on page 286.

Switch A

Switches A and B are configured withMLT-based SMLT.

1

Switch B

MLT-basedSMLT ID 10

MLT-basedSMLT ID 10

IST

Switch A

Delete MLT-based SMLT 10 on switch B. Alltraffic switches over SMLT 10 on switch A.

2

Switch B

MLT-basedSMLT ID 10

IST

Switch A

Configure single port SMLT ID 10 on switch B.Traffic switches over both sides of split trunk.

3

Switch B

MLT-basedSMLT ID 10

Single portSMLT ID 10


IST

Switch A

Configure single port SMLT 10 on switch A. Trafficswitches over both sides of split trunk.

5

Switch B



IST

Switch A

Delete MLT-based SMLT 10 on switch A. Alltraffic switches over single port SMLT 10 onswitch B.

4

Switch B

IST

11099EA



To configure Single Port SMLT using the CLI, see “Creating a single port split multilink trunk” on page 460.

Interaction between SMLT and LACP

The Ethernet Routing Switch 8600 fully supports the IEEE 802.3ad Link Aggregation Control Protocol (LACP); this is supported not only on multilink trunks, but also on a pair of SMLT switches.

With this protocol, the Ethernet Routing Switch 8600 provides a standardized external link aggregation interface to third-party vendor IEEE 802.3ad implementations. This protocol extension provides dynamic link aggregation mechanisms. Advantages of this protocol extension include:

• MLT peers and SMLT client devices can be network switches, and can also be any type of server/workstation that supports link bundling through IEEE 802.3ad.

• Single-link and multilink trunk solutions support dual-homed connectivity for more than 350 attached devices, so that you can build dual-homed server farm solutions.

• Nortel tightly coupled the IEEE link aggregation standard with the SMLT solution to provide seamless configuration integration, while also detecting failure scenarios during network setup or operations.

Supported scenarios

SMLT/IEEE link aggregation interaction supports all known SMLT scenarios in which an IEEE 802.3ad SMLT pair can be connected to SMLT clients, or in which two IEEE 802.3ad SMLT pairs can be connected to each other in a square or full mesh topology.

Non-supported scenarios

Some factors leading to failure are:

• Wrong ports connected

314725-E Rev 00


• Mismatched SMLT IDs assigned to SMLT client: SMLT switches can detect if SMLT IDs are not consistent. The SMLT aggregation switch, which has the lower IP address, does not allow the SMLT port to become a member of the aggregation, thus avoiding misconfigurations.

• SMLT client switch does not have automatic aggregation enabled (LACP disabled): SMLT aggregation switches can detect that aggregation is not enabled on the SMLT client, thus no automatic link aggregation is established until the configuration is resolved.

• Single CPU failures: In the case of a CPU failure in a system with only one switch fabric, the LACP on the other switch (or switches) detects the remote failure and triggers all links connected to the failed system to be removed from the link aggregation group. This process allows failure recovery for the network along a different network path.

SMLT network design considerations

If you use LACP in a square SMLT topology, LACP must have the same keys for that SMLT LAG; otherwise, the aggregation can fail if a switch failure occurs.

Use the following procedure when designing and configuring a SMLT network (for more information, see Network Design Guidelines).

1 Define a separate VLAN for the IST protocol:

config mlt 1 ist create ip <value> vlan-id <value>

2 Disable CP-Limit on the IST ports:

config ethernet <slot|port> cp-limit disable

3 Keep CP-Limit enabled on the split multilink trunk ports and change multicast-limit value to 6000:

config ethernet <slot|port> cp-limit enable multicast-limit 6000

4 Disable loop detect on split multilink trunk ports:

config ethernet <slot|port> loop-detect disable

Note: Only dual-homed devices will benefit from this enhancement.



5 Enable tagging on split multilink trunk links:

config ethernet <slot/port> perform-tagging enable

6 Enable dropping of untagged frames on split multilink trunk links:

config ethernet <slot/port> untagged-frames-discard enable

SMLT and SLPP

Do not enable Simple Loop Prevention Protocol (SLPP) on all the ports of a square, partial, or full mesh split multilink trunk core. SLPP can be enabled on other non-SMLT ports of the core. For more information about SLPP, see “Simple Loop Prevention Protocol” on page 130.

SMLT and IP routing

This section describes SMLT and IP routing interactions and includes the following topics:

• “SMLT and Virtual Router Redundancy Protocol”

• “VRRP BackupMaster” on page 129

• “Routed SMLT (RSMLT)” on page 130

SMLT and Virtual Router Redundancy Protocol

Using VRRP, you can have one active primary router per IP subnet, with all other network VRRP interfaces operating in backup mode.

VRRP, when used with SMLT, becomes less efficient. Users that access switches aggregated into two Split-MLT switches send their shared traffic load (based on source and destination MAC or IP addresses) on all uplinks towards the SMLT aggregation switches.

VRRP, however, has only one active routing interface enabled. All other interfaces are in backup (standby) mode. In this case, all traffic is forwarded over the IST link towards the primary VRRP switch. Potentially, all traffic that arrives at the VRRP backup interface is forwarded, so there is not enough bandwidth on the IST link to carry all the aggregated riser traffic. However, an enhancement to VRRP overcomes this issue by ensuring that the IST trunk is not used in such a case for primary data forwarding.

314725-E Rev 00


VRRP BackupMaster

If enabled, the VRRP BackupMaster acts as an IP router for packets destined for the logical VRRP IP address. Thus, all traffic is directly routed to the subnetwork it is destined for, and not Layer 2 switched to the VRRP master. This eliminates a potential limitation in the available interswitch trunk bandwidth.

When using SMLT with routing on SMLT aggregation switches, Nortel recommends that you use VRRP for default gateway redundancy. In a VRRP environment, usually one switch is active and the other is backup. For SMLT, an active-active concept can be used by enabling VRRP BackupMaster. The VRRP BackupMaster router will route traffic that is received on the SMLT VLAN, thus avoiding traffic flow across the interswitch trunk. This provides true load sharing abilities.

The BackupMaster feature provides an additional benefit. Under normal VRRP operation, a hello packet is sent every second. When three hellos are not received, all switches automatically revert to master mode. This results in a 3 second outage. When you are using VRRP in an SMLT environment, and a link goes down, traffic is automatically forwarded to the remaining ports configured for SMLT VRRP BackupMaster. Because both switches are processing traffic, the node immediately recognizes the VRRP state change, so there is faster failure recovery (less than 1 second).

The following sections describe a few guidelines to follow when using VRRP BackupMaster with SMLT:

• The VRRP virtual IP address and the VLAN IP address cannot be the same.

• Configure the hold-down timer for VRRP to a value that is approximately 150 percent of the IGP (Interior Gateway Protocol, such as RIP or OSPF) convergence time to allow the IGP enough time to reconverge following a failure. That is, if OSPF takes 40 seconds to reconverge, set the holddown timer to 60 seconds.

Note: To avoid potential frame duplication problems, the VRRP BackupMaster feature for SMLT can only be used on interfaces that are defined for SMLT. It cannot be used in conjunction with hubs to avoid frame duplication. Also, it cannot be used on brouter or VLAN interfaces.



• Stagger the hold-down timers with ARP requests. This means that the Ethernet Routing Switch 8600 will not have to run ARP at the same time, causing excess CPU load. For example, if one node has the hold-down timer set for 60 seconds, you can set the other to 65 seconds.

• Enable hold-down times on both VRRP sides (Master and BackupMaster).

Routed SMLT (RSMLT)

SMLT subsecond failover benefits are only supported in Layer 2 networks. When routing is involved, depending on the specific routing protocol, this convergence time can cause network interruptions ranging from seconds to minutes.

The Nortel RSMLT feature extends the subsecond failover benefit to core topologies by providing an active-active router concept to core SMLT networks.

Supported scenarios are split multilink trunk triangle, square, and full mesh topologies, with routing enabled on the core VLANs.

Routing protocols can be any of the following protocol types: IP Unicast Static Routes, RIP1, RIP2, OSPF, BGP and IPX RIP.

In the case of core router failures, RSMLT provides packet forwarding, thus eliminating dropped packets during the routing protocol convergence.

For detailed information about RSMLT, see Configuring IP Routing Operations.

Simple Loop Prevention Protocol

Simple Loop Prevention Protocol (SLPP) is used at the edge of a network to prevent loops in a SMLT network if Spanning Tree is not used. SLPP is focused on SMLT networks; however, it also works with other configurations. Logical loops can occur in SMLT networks because of the following:

• misconfigurations (for example, when SMLT client devices are erroneously directly connected together)

• MLT is not operating correctly (for example, when a switch is connected to the network using the default configuration without any MLT settings)

314725-E Rev 00


• problems with the edge switch (for example, when MLT or some other form of link aggregation is not working)

You can detect loops with SLPP. You can also use the Ethernet Routing Switch 8600 Loop Detection feature (see “Configuring VLAN Loop Detection” on page 173).

Loop detection is achieved by detecting if a SLPP test packet—called a SLPP-packet data unit (SLPP-PDU)— is received on a peering split multilink trunk switch port or on the same switch from which it originated. If the packet is received by the originating switch, or by a peer aggregation switch on the same VLAN, the port is disabled.

When you configure and enable SLPP, the switch control processor (CP) sends a SLPP-PDU to the VLAN. If there is a loop on the VLAN, the SLPP-PDU eventually returns to the originating port and is received by the CP. The CP disables that port, and a message appears on the console to describe the reason. After a port is disabled, it remains disabled, and manual intervention is required to reenable the port. The port auto-enable feature can be used to reenable the port after a predefined interval.

Figure 33 on page 131 shows the fields of an SLPP-PDU. The destination address (DA) is the switch MAC address with the multicast bit set; the source address (SA) is the switch MAC address; the protocol ID (PID) default is 0x8104 and is user configurable; and the payload contains three fields: (1) SLPP protocol version (one byte), (2) reserved (one byte), (3) VLAN ID (two bytes).

Figure 33 SLPP frame

There are several factors to keep in mind when you use SLPP:

• SLPP-BPUs are forwarded on a per VLAN basis.

• SLPP-PDU reception and processing only operates on a port if SLPP-Rx is enabled on that port.

• SLPP-PDUs are automatically forwarded on all ports of the VLANs that are configured for SLPP.



• The SLPP-PDU destination MAC address is the switch MAC address (with the multicast bit set) while the source MAC address is the switch MAC address.

• The SLPP-PDU is sent out as a multicast packet and is constrained to the VLAN on which it is sent.

• The SLPP-PDU payload contains the VLAN ID; a separate SLPP-PDU is sent for each VLAN.

• The SLPP-PDU packet transmission interval default is 500 milliseconds and is configurable from 500 to 5000 milliseconds.

• When a SLPP-PDU is received on a port that is a member of a multilink trunk, all port members in that multilink trunk are disabled if SLPP-Rx is enabled on all port members. If all port members do not have SLPP-Rx enabled, only those that have SLPP-Rx enabled are disabled.

• The SLPP-PDU can be received by the originating CP or the peer SMLT CP. All other switches treat the SLPP-PDU as a normal multicast packet, ignore it, and forward it to the VLAN.

• SLPP-PDU transmission and reception only operates on ports for which STP is in forwarding state (if STP is enabled on one switch in the path).

• You must enable SLPP packet receive on a per-port basis to detect a loop:

— SLPP packet reception should only be enabled on SMLT access ports. It should never be enabled on SMLT IST ports, nor should it be enabled on any SMLT square or full mesh core ports.

— By default, the SLPP packet receive threshold is set to 1 second. It is configurable from 1 to 20 seconds.

— Vary the SLPP packet receive threshold between the two core SMLT switches so that if a loop is detected, the access ports on both switches does not go down, which avoids SMLT client isolation.

SLPP does not have any hardware requirements or dependencies.

Note: SLPP is port-based, so a port will be disabled if it receives SLPP-BDUs on one or more VLANs on a tagged port. For example, if the SLPP packet receive threshold is set to five, a port is shut down if it receives five SLPP-BDUs from one or more VLANs on a tagged port.

Note: SLPP does not support jumbo frames on the Ethernet Routing Switch 8600 v4.1

314725-E Rev 00


SLPP does not replace the functionality of Spanning Tree Protocol, but is a supplement to help detect and prevent loops in the SMLT environment. Nortel recommends that you use this feature in a SMLT environment only.

For information about configuring SLPP with the CLI, see “Configuring Simple Loop Prevention Protocol” on page 478. For information about configuring SLPP with Device Manager, see “Configuring Simple Loop Prevention Protocol” on page 290.

Note: The Ethernet Routing Switch 8600 Software Release 4.1 does not support the use of SLPP in an LACP-SMLT environment.



314725-E Rev 00

135

Chapter 2Configuring VLANs using Device Manager

This chapter describes how to configure VLANs on an Ethernet Routing Switch 8600 with Device Manager.

This chapter includes the following topics:

For conceptual information about VLANs, see“VLANs” on page 37.

Displaying defined VLANs

To display all defined VLANs, their configurations, and their current status:

➨ From the Device Manager menu bar, choose VLAN > VLANs.

The VLAN box appears with the Basic tab displayed, which shows all defined VLANs (Figure 34).

Topic Page

Displaying defined VLANs 135

Configuring port-based VLANs 138

Configuring policy-based VLANs 145

Managing a VLAN 158

Managing VLAN bridging 177

Configuring Enhanced Operation mode 189


136 Chapter 2 Configuring VLANs using Device Manager

Figure 34 VLAN—Basic tab

Table 11 describes the VLAN—Basic tab fields.

Table 11 VLAN—Basic tab fields

Field Description

Id VLAN ID for the VLAN.

Name Name of the VLAN.

IfIndex The logical interface index assigned to the VLAN.

Color Identifier A proprietary color scheme to associate a color with the VLAN. Color does not affect how frames are forwarded.

Type Type of VLAN:

• byPort

• byIpSubnet• byProtocolId

• bySrcMac

• bySvlan

314725-E Rev 00

Chapter 2 Configuring VLANs using Device Manager 137

StgId The ID of the spanning tree group to which the VLAN belongs.

PortMembers The slot/port of each possible VLAN member.

ActiveMembers The slot/port of each active VLAN member, including all static members and potential members meeting the policy.

StaticMembers Slot/port of each static (always) member of a protocol-based VLAN.

NotAllowToJoin The slot/ports that are never allowed to become a member of the protocol-based VLAN.

OspfPassiveMembers The slot/ports of each OSPF passive member.

ProtocolId Specify the network protocol for protocol-based VLANs. This value is taken from the Assigned Numbers RFC.

• ip (IP version 4) • ipx802dot3 (Novell IPX on Ethernet 802.3 frames)

• ipx802dot2 (Novell IPX on IEEE 802.2 frames)

• ipxSnap (Novell IPX on Ethernet SNAP frames)• ipxEthernet2 (Novell IPX on Ethernet Type 2 frames)

• appleTalk (AppleTalk on Ethernet Type 2 and Ethernet SNAP frames)

• decLat (DEC LAT protocol)

• decOther (Other DEC protocols)

• sna802dot2 (IBM SNA on IEEE 802.2 frames)• snaEthernet2 (IBM SNA on Ethernet Type 2 frames)

• netBIOS (NetBIOS protocol)

• xns (Xerox XNS)• vines (Banyan VINES)

• ipv6 (IP version 6)

• usrDefined (user-defined protocol)• RARP (Reverse Address Resolution Protocol)

• PPPoE (Point-to-Point Protocol over Ethernet)

Note: if the VLAN type is port-based, None is displayed in the Basic tab ProtocolId field.

SubnetAddr The source IP subnet address (IP subnet-based VLANs only).

SubnetMask The source IP subnet mask (IP subnet-based VLANs only).

Table 11 VLAN—Basic tab fields (continued)

Field Description



Configuring port-based VLANs

A port-based VLAN is a VLAN in which the ports are explicitly configured to be in the VLAN. For more information about port-based VLANs, see “Port-based VLANs” on page 39.

This section describes how you can create and configure port-based VLANs using the following procedures.

• “Creating a port-based VLAN”

• “Configuring an IP address for a VLAN” on page 142

• “Configuring a network address and encapsulation for a VLAN” on page 144

When creating a VLAN, keep in mind the rules described in “VLAN rules” on page 54.

Creating a port-based VLAN

To create a port-based VLAN:

1 From the Device Manager menu bar, choose VLAN > VLANs.

The VLAN box appears with the Basic tab displayed, which shows all defined VLANs (Figure 34 on page 136).

2 In the Basic tab, click Insert.

The VLAN, Insert Basic box appears (Figure 35 on page 139).

314725-E Rev 00


Figure 35 VLAN, Insert Basic box

3 In the Id box, enter an unused VLAN ID, or use the ID provided.

— (Optional) In Name, type the VLAN name, or use the name provided.



— (Optional) In Color Identifier, click the down arrow and choose a color from the list, or use the color provided.

4 In the StgId box, type or select the spanning tree group ID of the VLAN.

5 In the Type box, select byPort.

6 In the PortMembers box, click the ellipsis (...).

The VlanPortMembers box appears (Figure 36).

Figure 36 VlanPortMembers

7 Click the ports that are always members. The ports that are selected are recessed, while the non selected ports are not recessed. Port numbers that are dimmed cannot be selected as VLAN port members. (For example, you cannot select ports that do not have the same spanning tree group ID as that of the new VLAN.)

8 Click OK.

The Port Membership box closes and the port members appear in the Insert Basic box.

9 In the VLAN, Insert Basic box, click Insert.

The Insert box closes and the new VLAN is displayed in the Basic tab.

10 In the Basic tab, click Close.

The VLAN is configured and the VLAN box closes.

314725-E Rev 00


Table 12 describes the VLAN, Insert Basic fields.

.

Table 12 VLAN, Insert Basic fields

Field Description

Id A value that uniquely identifies the virtual LAN associated with this entry. This value corresponds to the lower 12 bits in the IEEE 802.1Q VLAN tag.

Name An assigned name for this VLAN.

Color Identifier An assigned color code for this VLAN. The value of this object is used by the VLAN Manager GUI tool.

Stg Id Indicates the Spanning Tree Group (STG) used by this VLAN to determine the state of its ports. If this VLAN is not associated with an STG, set StgId to zero. This field is shown only if the switch is in STG mode.

MstpInstance Indicates the MSTP instance for the VLAN. This field is shown only if the switch is in MSTP mode.

Type The type of VLAN, distinguished according to the policy used to define its port membership.

PortMembers The set of ports that are members (static or dynamic) of this VLAN.

StaticMembers The set of ports that are static members of this VLAN. A static member of a VLAN is always active and is never aged out.

NotAllowtoJoin The set of ports that are not allowed to become members of this VLAN.

OspfPassiveMembers The set of ports in the VLAN that are designated as OSPF passive

SubnetAddr The IP subnet address of this VLAN. This value is meaningful only if Type is equal to byIpSubnet. For other VLAN types it must have the value 0.0.0.0.

SubnetMask The IP subnet mask of this VLAN. This value is meaningful only if Type is equal to byIpSubnet. For other VLAN types it must have the value 0.0.0.0.

ProtocolId The protocol identifier of this VLAN. This value is meaningful only if Type is equal to byProtocolId. For other VLAN types it must have the value none.

UserDefinedPid When ProtocolId is set to usrDefined in a protocol-based VLAN, this field represents the 16 bit user defined protocol identifier.



Configuring an IP address for a VLAN

To configure an IP address for a VLAN:


The VLAN box appears with the Basic tab displayed (Figure 34 on page 136).

2 In the Basic tab, select the VLAN for which you are configuring an IP address.

The VLAN is highlighted.

3 Click IP.

The IP, VLAN box for the selected VLAN appears with the IP Address tab displayed (Figure 37).

Figure 37 IP, VLAN box

4 Click Insert.

Encap This is the encapsulation type for user defined protocol-based VLANs. This is not meaningful for other types of VLANs. The default value is null.

AgingTime The timeout period (in seconds) used for aging out FDB entries of this VLAN.

QosLevel Used to specify the QoS level which packets, carried in this VLAN, should be processed with.

FirewallVlanType The firewall VLAN type for port-based VLANs.

FirewallClusterId Firewall cluster ID.

Table 12 VLAN, Insert Basic fields

Field Description

314725-E Rev 00


The Insert IP Address box appears (Figure 38).

Figure 38 IP, VLAN, Insert IP Address box

5 Enter an IP address and net mask for routing purposes.

6 Click Insert.

The Insert IP box closes and the IP Address and Net Mask appear in the IP, VLAN box.

7 In the IP, VLAN box and the VLAN box, click Close.

The IP subnet-based VLAN is configured.

Table 13 describes the IP, VLAN fields.

Table 13 IP, VLAN field descriptions

Field Description

Interface Identifies the interface to which this entry is applicable.

Ip Address The IP address to which addressing information pertains.

NetMask The subnet mask associated with the IP address of this entry. The value of the mask is an IP address with all the network bits set to 1 and all the hosts bits set to 0.

BcastAddrFormat The IP broadcast address format used on this interface.

ReasmMaxSize The size of the largest IP packets which this entity can reassemble from incoming IP fragmented packets received on this interface.

VlanId Identifies the virtual LAN associated with this entry. This value corresponds to the lower 12 bits in the IEEE 802.1Q VLAN tag.

BrouterPort Indicates whether this entry corresponds to a brouter port (as opposed to a routable VLAN). This value cannot be changed after the row is created.



Configuring a network address and encapsulation for a VLAN

To configure an IPX network address and select an encapsulation method:



2 In the Basic tab, select the VLAN for which you are configuring a network address and encapsulation.


3 Click IPX.

The IPX, VLAN box for the selected VLAN appears with the Addresses tab displayed (Figure 39).

Figure 39 IPX, VLAN—Addresses

4 Click Insert.

The IPX, VLAN, Insert Addresses box appears (Figure 40 on page 145).

314725-E Rev 00


Figure 40 IPX, VLAN—Insert Addresses

5 In the NetAddr box, enter a network address for routing.

6 In the Encap box, select an encapsulation method (Ethernet II, SNAP, LLC, or RAW).

7 Click Insert.

The IPX, VLAN, Insert Addresses box closes and the network address and encapsulation method appear in the IPX, VLAN box.

8 In both the IP, VLAN box and the VLAN box, click Close.

The network address and encapsulation method are configured for the VLAN.

Configuring policy-based VLANs

A policy-based VLAN consists of ports that are dynamically added to the VLAN on the basis of the traffic coming into the port. Policy-based VLAN types include:

• Protocol-based

• User-defined protocol-based

• MAC address-based

• IP subnet-based

• sVLAN-based

For information about creating sVLAN-based VLANs, see “Creating an sVLAN” on page 196.

This section describes how you can create and configure policy-based VLANs using the following procedures.



• “Creating a source IP subnet-based VLAN” on page 146

• “Creating a protocol-based VLAN” on page 147

• “Configuring user-defined protocol-based VLANs” on page 150

• “Creating a source MAC address-based VLAN” on page 152

Creating a source IP subnet-based VLAN

To create a source IP subnet-based VLAN:


The VLAN box appears with the Basic tab displayed (see Figure 34 on page 136).


The VLAN, Insert Basic box appears (see Figure 35 on page 139).

3 In the Type box, select byIpSubnet.

4 In the Id box, type the VLAN ID.

5 (Optional) In the Name box, type the VLAN name.

If no name is entered, a default name is created.

6 (Optional) In the Color Identifier box, select the color or use the color provided.

This color is used by VLAN Manager to visually distinguish the VLANs in a network.

7 In the StgId box, select the spanning tree group ID of the VLAN.

8 Specify port membership by clicking the ellipsis (...) for one of the following:

• PortMembers (use this for VLAN by IpSubnet, Protocolid, or SrcMac)

• StaticMembers• NotAllowedToJoin

The VlanPortMembers box appears (Figure 41 on page 147).

314725-E Rev 00



9 Click each port to choose the desired color:

• Yellow—Potential members

• Green—Always members, static

• Red—Never members, not allowed to join

10 Click OK.

The Port Membership box closes, and the port members appears in the VLAN, Insert Basic box.

11 In the SubnetAddr box, enter an IP address for the VLAN.

12 In the SubnetMask box, enter an IP subnet mask for the VLAN.

13 In the AgingTime box, enter the timeout period in seconds for aging out the dynamic VLAN member ports, or use the 600 second default.

14 (Optional) In the QosLevel box, select a Quality of Service level (0 to 6).

15 Click Insert.

The VLAN, Insert Basic box closes, and the source IP subnet-based VLAN appears in the Basic tab.

Creating a protocol-based VLAN

To create a protocol-based VLAN:


Note: In a source IP subnet-based VLAN, a potential member becomes an active member of the VLAN when a frame is received from the specified source IP address.






3 In the Type box, select byProtocolId.

4 In the Id box, type the unique VLAN ID, or use the ID provided.

5 (Optional) In the Name box, type the VLAN name, or use the name provided.

6 (Optional) In the Color Identifier box, select the color, or use the color provided.


7 In the StgID box, select the spanning tree group ID of the VLAN.

8 To specify the VLAN port membership, click the ellipsis (...) for one of the following fields.

• Port Members


The VlanPortMembers box appears (see Figure 45 on page 156).

9 In the VlanPortMembers box, click each port button to choose the desired membership color.

• Yellow: Potential members—dynamic (potential members are treated as always members).

• Green: Always members—static

• Red: Never members—not allowed to join

314725-E Rev 00


When you have two VLANs with potential members and you want to move ports from one VLAN to the other, you must first change their port membership to Never. Then you can assign the ports to the other VLAN.

10 Click OK.

The VlanPortMembers box closes and the port members are added to the Insert Basic box.

11 In the ProtocolId box, select a protocol ID.

To configure a non-standard protocol, see “Configuring user-defined protocol-based VLANs” on page 150.

12 In the AgingTime box, specify the timeout period, in seconds, for aging out the dynamic member ports of the VLAN, or use the default of 600 seconds.

13 In the QosLevel box, select a level.

14 Click Insert.

The VLAN, Insert Basic box closes, and the protocol-based VLAN is added to the Basic tab of the VLAN box.

15 Click Close.


Note: When a protocol-based VLAN is created, all ports in the underlying STG are automatically added as potential members if they are not already members of an existing protocol-based VLAN of the same type.

Note: In a protocol-based VLAN for an Ethernet Routing Switch 8600 module, a potential member becomes an active member of the VLAN when a frame of the specified protocol is received.



Configuring user-defined protocol-based VLANs

You can create user-defined protocol-based VLANs in support of networks with non-standard protocols.

To create a user-defined protocol-based VLAN:



2 On the Basic tab, click Insert.


3 In the Type box, select byProtocolId.

4 To specify the VLAN port membership, click the ellipsis (...) for one of the following fields.

• Port Members


The VlanPortMembers box appears (see Figure 45 on page 156).

5 In the VlanPortMembers box, click each port button to achieve the desired membership color.

• Yellow: Potential members—dynamic.

• Green: Always members—static

• Red: Never members—not allowed to join

6 In the ProtocolId box, select usrDefined.

The UserDefinedPID field becomes editable and the Encap field becomes active (Figure 42 on page 151).

Note: In a user-defined protocol-based VLAN on an Ethernet Routing Switch 8600 module, a potential member becomes an active member when a frame from the specified protocol is received.

314725-E Rev 00


Figure 42 VLAN, Insert Basic

7 In the UserDefinedPID box, enter the protocol ID for the protocol in the format 0x (protocol type in hexadecimal).

In the Ethernet Routing Switch 8600 modules, the 16-bit PID assigned to a protocol-based VLAN specifies either an Ethertype, a DSAP/SSAP, or a SNAP PID, depending on whether the frame encapsulation is Ethernet 2, 802.2, or LLC-SNAP, respectively.

The following PIDs are not valid:

• PID0x0000 through 0x05dc: overlaps with the 802.3 frame length

• PIDs of predefined protocols (for example, IP, IPX, AppleTalk)

• PID 0x8100: reserved by 802.1Q to identify tagged frames



• PID0x9000: used by the diagnostic loopback frames

• PID0x8808: used by 802.3x pause frames

• PID0x4242: overlaps with the BPDU DSAP/SSAP

8 In the AgingTime box, specify the timeout period, in seconds, for aging out the dynamic member ports of the VLAN, or use the default of 600 seconds.

9 In the QosLevel box, select a level.

10 Click Insert.

The VLAN, Insert Basic box closes, and the protocol-based VLAN is added to the Basic tab of the VLAN box.

11 Click Close.

The non-standard protocol-based VLAN is configured.

Creating a source MAC address-based VLAN

Before creating a source MAC-based VLAN, you must first enable source MAC address-based VLANs in the system.


• “Enabling source MAC address-based VLANs on the system” on page 152

• “Configuring a source MAC address-based VLAN” on page 154

• “Creating a source MAC address-based VLAN using batch files” on page 157

Enabling source MAC address-based VLANs on the system

To enable source MAC address-based VLANs on the system:

1 From the Device Manager menu bar, choose Edit > Chassis.

The Chassis box appears with the System tab displayed.

2 Click the System Flags tab.

The System Flags tab appears (see Figure 43 on page 153).

314725-E Rev 00


Figure 43 Chassis, System Flags tab

3 Clear the GlobalFilterEnable check box.

• Global filters are disabled when the GlobalFilterEnable check box is cleared.



• Global filters are enabled when the GlobalFilterEnable check box is selected.

4 Click Apply.

5 Select the VlanBySrcMacEnable check box.

• Source MAC-based VLANs are enabled when the GlobalFilterEnable check box is selected.

6 Click Apply.

The Chassis box closes and source MAC address-based VLANs are enabled on the system.

Configuring a source MAC address-based VLAN

Before configuring a source MAC address-based VLAN, you must first enable source MAC address-based VLANs on the system (see “Enabling source MAC address-based VLANs on the system” on page 152).

To configure a source MAC-address-based VLAN:



2 Click Insert.


3 In the Type box, select bySrcMac.

The fields needed to set up source MAC-based VLANs become editable (see Figure 44 on page 155).

314725-E Rev 00


Figure 44 VLAN, Insert Basic—bySrcMac

4 In the Id box, enter a unique VLAN ID.



5 (Optional) In the Name box, type the VLAN name, or use the one provided.

6 (Optional) In the Color Identifier box, select a color, or use the one provided.


7 In the StgId box, click the down arrow, and select a spanning tree group ID for the VLAN.

8 To specify the VLAN port membership, click the ellipsis (...) for one of the following fields:

• Port Members


The VlanPortMembers box appears (see Figure 45).


9 Click each port to choose the desired color.

• Yellow—Potential members, dynamic.

• Green—Always members, static

• Red—Never members, not allowed to join

10 Click Ok.

The VlanPortMembers box closes, and the selected port members appear in the VLAN, Insert Basic box.

314725-E Rev 00


11 In the Aging Time box, specify the timeout period in seconds for aging out the dynamic member ports of the VLAN, or use the default of 600 seconds.

12 (Optional) In the QosLevel box, select a Quality of Service level, or use the default, level 1.

13 Click Insert.

The VLAN, Insert Basic box closes, and the VLAN appears on the Basic tab.

14 On the VLAN Basic tab, select the newly created VLAN.


15 Click Mac.

The MAC, VLAN box appears.

16 Click Insert.

The Insert MAC VLAN box appears.

17 In the MacAddr box, specify a source MAC address for the VLAN.

18 Click Insert.

The Insert MAC VLAN box closes and the MAC address appears in the MAC, VLAN box.

19 Click Close.

The MAC, VLAN and VLAN boxes close, and the Source MAC address-based VLAN is configured.

Creating a source MAC address-based VLAN using batch files

Before configuring a source MAC address-based VLAN, you must first enable source MAC address-based VLANs on the system (see “Enabling source MAC address-based VLANs on the system” on page 152).

Note: In a source MAC-based VLAN, a potential member becomes an active member of the VLAN when a frame with the specified source MAC address is received.



To create a source MAC address-based VLAN using batch files:



2 In the VLAN Basic tab, select a source MAC address-based VLAN.


3 Click Mac.

The MAC, VLAN box appears.

4 Click File.

The Edit MAC VLAN box appears.

5 Do one of the following:

• To add a MAC address from a file, select Add From File and use the selection box to browse for the file location.

• To save a MAC address to a file, select it, select Save to File, and use the selection box to browse for a save location.

• To delete a MAC address, select it, and select Delete Members on Device.

6 Click Close.

The Edit MAC box closes.

7 Click Close in the MAC VLAN, and VLAN boxes.

The source MAC address-based VLAN is configured.

Managing a VLAN

After you have configured a VLAN, you may wish to enable features to improve VLAN performance. This section describes how to configure advanced VLAN operations, such as forwarding, MAC address auto-learning, and Loop Detection.


314725-E Rev 00


• “Changing VLAN port membership”

• “Configuring advanced VLAN features” on page 160

• “Configuring VLAN forwarding” on page 163

• “Configuring a VLAN to accept tagged or untagged frames” on page 165

• “Configuring Untagging Default VLAN on a Tagged Port” on page 169

• “Configuring MAC address auto-learning on a VLAN” on page 170

• “Modifying auto-learned MAC addresses” on page 172

• “Configuring VLAN Loop Detection” on page 173

• “Configuring directed broadcast on a VLAN” on page 175

Changing VLAN port membership

To change VLAN port membership:

1 On the Device Manager menu bar, choose VLAN > VLANs.

The VLAN box appears with the Basic tag displayed (see Figure 34 on page 136).

2 Double-click the PortMember number for the VLAN whose ports you want to change.

The PortMembers box appears (Figure 46 on page 160).

Note: After you create a VLAN, you cannot change the VLAN type. You must first delete the VLAN, and then create a new VLAN of a different type.



Figure 46 PortMembers box

3 Click the port members you wish to add or remove.

4 Click Ok.

The Port Member box closes and the changes appear in the Basic tab.

5 Click Apply.

The VLAN’s port membership is changed and the VLAN box closes.

Configuring advanced VLAN features

The Advanced tab contains information which can be useful in troubleshooting—VlanOperationAction can be especially useful.



2 Click the Advanced tab.

The Advanced tab appears (Figure 47 on page 161).

3 Configure the parameters as required.

314725-E Rev 00


Figure 47 VLAN—Advanced tab

Table 14 describes the VLAN—Advanced tab fields.

Table 14 VLAN—Advanced tab fields

Field Description

Id The VLAN ID.

Name The name of the VLAN.

IfIndex The logical interface index assigned to the VLAN.

Type Type of VLAN: • byPort

• byIpSubnet

• byProtocolId

• bySrcMac • bySvlan

• byIds



ProtocolId Specify the network protocol for protocol-based VLANs. This value is taken from the Assigned Numbers RFC.

• ip (IP version 4) • ipx802dot3 (Novell IPX on Ethernet 802.3 frames)

• ipx802dot2 (Novell IPX on IEEE 802.2 frames)

• ipxSnap (Novell IPX on Ethernet SNAP frames)• ipxEthernet2 (Novell IPX on Ethernet Type 2 frames)

• appleTalk (AppleTalk on Ethernet Type 2 and Ethernet SNAP frames)

• decLat (DEC LAT protocol)

• decOther (Other DEC protocols)

• sna802dot2 (IBM SNA on IEEE 802.2 frames)• snaEthernet2 (IBM SNA on Ethernet Type 2 frames)

• netBIOS (NetBIOS protocol)

• xns (Xerox XNS)• vines (Banyan VINES)

• ipv6 (IP version 6)

• usrDefined (user-defined protocol)• RARP (Reverse Address Resolution protocol)

• PPPoE (Point-to-point protocol over Ethernet)

Note: if the VLAN type is port-based, None is displayed in the Basic tab ProtocolId field.

Encap Specifies the encapsulation method. Values are:

• Ethernet II• SNAP

• LLC

• RAW

AgingTime The timeout period in seconds for aging out the dynamic member ports of policy-based VLANs.

MacAddress The MAC address assigned to the virtual router interface for this VLAN. This field is relevant only when the VLAN is configured for routing. This MAC address is used as the Source MAC in routed frames, ARP replies, or RIP and OSPF frames.

Table 14 VLAN—Advanced tab fields (continued)

Field Description

314725-E Rev 00


Configuring VLAN forwarding

The VLAN Forwarding tab configures filtering for the VLAN.



2 Click the Forwarding tab.

The Forwarding tab appears (Figure 48 on page 164).

Vlan Operation Action

One of the following VLAN-related actions:

• flushMacFdb—flush MAC forwarding table for VLAN

• flushArp—flush ARP table for VLAN• flushIp—flush IP route table for VLAN

• flushDynMemb—flush dynamic VLAN port members

• all—flush all tables for VLAN• flushSnoopMem—flush dynamically learned multicast group

membership

• triggerRipUpdate—set automatic triggered updates for RIP• flushSnoopMRtr—flush learned multicast router ports

Result Result code for action.

UserDefinedPid Specifies the 16-bit user-defined network protocol identifier when the ProtocolID field is set to usrDefined for a protocol-based VLAN type.

UserPriority User-assigned priority level.

QosLevel User-assigned Quality of Service level.

FirewallVlanType The firewall VLAN type for port-based VLANs.

FirewallClusterId Firewall cluster ID.

Table 14 VLAN—Advanced tab fields (continued)

Field Description



Figure 48 VLAN—Forwarding tab

Table 15 describes the fields in the Forwarding tab, as well as those displayed by clicking the Filter button.

3 Click Filter.

The VLAN, Forwarding—Filter tab appears (Figure 49 on page 165).

Table 15 VLAN—Forwarding tab

Field Description

Address An address for which the filter has forwarding or filtering information.

VlanId The ID of the VLAN.

Port The port number.

Monitor Select true or false to copy packets with a MAC address in the source or destination field. Used with port mirroring.

QoSLevel User-assigned Quality of Service level.

SmltRemote Specifies whether you want to use split multilink trunking.

Status Values include:

• self—one of the bridge addresses

• learned—a learned entry that is being used• mgmt—a static entry

314725-E Rev 00


Figure 49 VLAN, Forwarding—Filter tab

4 Configure the filter.

5 Click Filter.

Configuring a VLAN to accept tagged or untagged frames

Perform the following steps to configure a VLAN to accept tagged or untagged frames from a port:

1 In the Device Manager main window, select the port.

The port is highlighted.

2 From the Device Manager menu bar, choose Edit > Port > General.

The Port box appears with the Interface tab displayed (see Figure 50 on page 166).



Figure 50 Port—Interface tab

3 Click the VLAN tab.

The VLAN tab appears (Figure 51 on page 167).

314725-E Rev 00


Figure 51 Port—VLAN tab

4 To configure tagging on the port, select the PerformTagging check box. This setting is applied to all VLANs associated with the port.

If the check box is selected, tagging is enabled. All frames sent from this port are tagged. You can either discard the tagged frames (go to step 5) or forward them to a VLAN (go to step 6).

• If the check box is cleared, tagging is disabled. The port does not send tagged frames. The switch removes the tag before sending the frame out of the port. You can either discard the untagged frames (go to step 5) or forward them to a VLAN (go to step 6).


• To discard tagged frames on a port for which tagging is disabled, select DiscardTaggedFrames.

Note: When you enable tagging on an untagged port, the previous configuration of VLANs, STGs, and MLTs is lost for that port. In addition, the port resets and runs Spanning Tree Protocol, thus breaking connectivity while the protocol goes through the usual blocking and learning states before the forwarding state.



• To discard untagged frames on a port for which tagging is enabled, select DiscardUntaggedFrames.

6 To designate a default VLAN to associate with discarded frames, enter a VLAN ID in the Default VLAN ID box (or use the default VLAN 1).

7 Click Apply > Close.

Tagging is configured for the port.

Table 16 describes the Port—VLAN tab fields.

Note: To optimize performance, on untagged ports in configurations in which you do not expect to see tagged frames, set DiscardTaggedFrames to true. However, on untagged ports for interconnecting switches, set DiscardTaggedFrames to false.

Table 16 Port—VLAN field descriptions

Field Description

SvlanPortType Sets the stacked VLAN (sVLAN) port type:

normal (default) uni (User-to-Network Interface) You must configure ports to which you want to provide VLAN transparency as UNI ports. UNI ports can only belong to one sVLAN. When you designate a port as a UNI port, the DiscardTaggedFrames parameter is automatically configured (Edit > Port > General > VLAN). This prevents traffic from leaking to other VLANs.

nni (Network-to-Network Interface) NNI ports interconnect the switches in the core network, drop untagged frames on ingress, and insert the sVLAN tag at the egress. When you configure an NNI port, the DiscardUnTaggedFrames parameter is automatically configured (Edit > Port > General > VLAN). Before configuring a port as uni or nni, you must change the switch level to 1 or above (VLAN > SVLAN > Level).

PerformTagging Enable or disable the port on the current VLAN to perform tagging

VlanNames Identifies which VLANs this port is assigned. Each VLAN ID is stored as a two octet value. The first octet in the pair holds bits 15 to 8 of the VLAN ID, the second octet holds bits 7 to 0 of the VLAN ID.

DiscardTaggedFrames Determines how to process tagged frames received on this access port. When the flag is set, these frames are discarded by the forwarding process. When the flag is reset, these frames are processed normally.

314725-E Rev 00


Configuring Untagging Default VLAN on a Tagged Port

The Untagging Default VLAN on a Tagged Port feature separates untagged packets originating from a PC from the tagged packets originating from an IP phone.

For more information about this feature, see “Untagging Default VLAN on a Tagged Port feature” on page 50.

To enable this feature with Device Manager:

1 In Device Manager, select a port.

2 Right-click and choose Edit > Port > General.

The Port box appears.

3 Click the VLAN tab (Figure 52 on page 170).

4 Select UntagDefaultVlan.

5 Click Apply.

DiscardUntaggedFrames Determines how to process untagged frames received on this tagged port. When the flag is set, these frames are discarded by the forwarding process. When the flag is reset, these frames are assigned to the VLAN specified by the DefaultVlanId.

UntagDefaultVLAN Enables or disables egress tagging on the default VLAN of the port.

DefaultVlanId The VLAN ID assigned to untagged frames received on this trunk port.This field is meaningless when the port is not a trunk port.

LoopDetect Enables loop detection.

ArpDetect Enables or disables the ARP loop detection feature on this port. If a loop is detected, the port is disabled. For more information about this feature, see Configuring IP Routing Operations.

LoopDetectAction This value is used to specify the action which needs to be taken once a MAC loop is detected on a specific port. They include portDown, vlanBlock, and macDiscard.

Table 16 Port—VLAN field descriptions (continued)

Field Description



Figure 52 VLAN—UntagDefaultVlan

Configuring MAC address auto-learning on a VLAN

You can use MAC address auto-learning to define VLAN ports that you want to automatically learn MAC addresses.

To configure MAC address learning for a VLAN:

1 From the Device Manager menu bar, choose VLAN > MAC Learning.

The VLanMacLearning box appears with the Manual Edit tab displayed (Figure 53).

Figure 53 VLanMacLearning—Manual Edit tab

2 Click Insert.

314725-E Rev 00


The VLAN MAC Learning, Insert Manual Edit box appears (Figure 54).

Figure 54 VLanMacLearning, Insert Manual Edit box

3 In the Address box, enter the source MAC address.

4 In the Ports box, click the ellipsis (...).

The BridgeManualEditPorts box appears and shows the available ports (Figure 55).

Figure 55 BridgeManualEditPorts box

5 Click the ports you want to configure to use VLAN MAC learning, and then click Ok.

The BridgeManualEditPorts box closes and the port numbers are added to the Insert Manual Edit box.

6 Click Insert.

The Insert Manual Edit box closes and the MAC address and ports are added to the VLAN MAC Learning Manual Edit box.

7 Click Close.

VLAN MAC learning is configured and the box closes.



Table 17 describes the Insert Manual Edit tab fields.

Modifying auto-learned MAC addresses

Use the Auto Learn tab to change a MAC address that was automatically learned to one that can be manually edited.

To modify a MAC address that was automatically learned:

1 On the Device Manager menu bar, choose VLAN > MAC Learning.

The VlanMacLearning box appears with the Manual Edit tab displayed (see Figure 53 on page 170).

2 Click the Auto Learn tab.

The Auto Learn tab appears and shows automatically learned MAC addresses (Figure 56).

Figure 56 VLanMacLearning—Auto Learn tab

3 Double-click in the Auto Learn Action field on the address you want to change, and select ConvertToManualEdit from the list.

4 Click Apply.

The Auto Learn Action is changed.

Table 17 VLAN MAC Learning—Insert Manual Edit tab fields

Field Description

Address The source MAC address of an entry.

Ports The allowed ports on which the MAC address of this entry are learned.

314725-E Rev 00


Table 18 describes the VLAN Auto Learn tab fields.

Configuring VLAN Loop Detection



For information about the Loop Detection feature, see “VLAN Loop Detection” on page 65.

To configure Loop Detection using Device Manager, do the following:

1 In Device Manager, select a port and right-click.

A menu appears.

2 Select Edit General, and then click the VLAN tab.

Table 18 VLAN Auto Learn tab fields

Field Description

Address The source MAC address of the auto-learned entries.

Port The port where the MAC address was learned.

Auto Learn Action This field is for converting an auto-learned MAC address entry to a manual edit MAC address entry. The variable provides a mechanism for you to move a MAC address entry from the auto-learned table to the Manual Edit table.

Settings:• None

• convertToManualEdit




The VLAN tab appears (Figure 57). Table 16 on page 168 describes the fields in the VLAN tab.

Figure 57 Port—VLAN loop detect

3 Select the LoopDetect check box.

4 In the LoopDetectAction box, select the action to be taken if a loop is detected.

5 Click Apply.

6 To view loop detection information, click Loop Detect.

The Loop Detected tab appears (Figure 58 on page 175), showing loop detection information.

Note: Nortel recommends that you select portDown as opposed to a VLAN shutdown (vlanBlock). If vlanBlock is selected, the VLAN is shut down, not the port. The access switch continues to forward traffic to the port. If portDown is selected, then the access switch recovers by detecting the failed link.

314725-E Rev 00


Figure 58 Loop Detected

Table 19 describes the LoopDetected fields.

Configuring directed broadcast on a VLAN

You can enable or disable directed broadcast traffic forwarding for an IP interface on the Direct Broadcast tab.

To configure directed broadcast for a VLAN:



2 Select a VLAN.


3 Click IP.

Table 19 LoopDetected dialog box parameters

Field Description

PortIndex Port number.

VlanId The assigned ID of the VLAN.

Value Specifies that a loop has been detected (yes), or that no loop has been detected (no).



The IP, VLAN box appears with the IP Address tab displayed (Figure 37 on page 142).

4 Click the Direct Broadcast tab.

The Direct Broadcast tab appears (Figure 59).

Figure 59 IP, VLAN—Direct Broadcast tab

5 Select DirectBroadcastEnable.

• If selected, IP-directed broadcasts are enabled.

• If cleared, IP-directed broadcasts are suppressed.

6 Click Apply, and then click Close.

Directed broadcast is configured for the VLAN.

Note: Multiple VLANs or IPs in the same subnet but in different switches must be configured simultaneously.

314725-E Rev 00


Table 20 describes the Direct Broadcast tab.

Managing VLAN bridging

Bridging occurs at Layer 2 of the Open Systems Interconnect (OSI) model, in which only the MAC address in the packet header is considered when forwarding. With the Ethernet Routing Switch 8600, all bridging is done within the context of a VLAN, in which each VLAN has its own bridging configuration and forwarding table.


• “Configuring the forwarding database timeout” on page 178

• “Viewing the forwarding database for a specific VLAN” on page 179

• “Clearing learned MAC addresses from the forwarding database” on page 180

• “Configuring static forwarding” on page 183

• “MAC-layer bridge packet filtering” on page 185

• “Configuring a MAC-layer bridge filter” on page 186

• “Configuring the Global MAC filter” on page 189

Table 20 IP, VLAN Direct Broadcast tab

Field Description

DirectBroadcastEnable If enabled, an Isolated Routing Port (IRP) can forward directed broadcast traffic. A directed broadcast is a frame sent to the subnet broadcast address on a remote IP subnet. By disabling or suppressing directed broadcast on an interface, all frames sent to the subnet broadcast address for a local router interface are dropped. Disabling this function protects a host from possible denial of service (DOS) attacks.Note: This feature is enabled by default. With the feature enabled, the CPU does not receive a copy of the directed broadcast. As a result, the switch does not respond to a subnet broadcast ping sent from a remote subnet.



Configuring the forwarding database timeout

To configure the forwarding database (FDB) timeout:



2 Select a VLAN, and then click Bridge.

The Bridge, VLAN box appears with the FDB Aging tab displayed (Figure 60).

Figure 60 Bridge, VLAN—FDB Aging tab

3 In the FdbAging box, enter an interval, in seconds, for aging out dynamically learned forwarding information, or keep the default (300 seconds).

4 Click Apply and then click Close.

Your changes are applied and the Bridge, VLAN box closes.

Table 21 describes the Bridge VLAN—FDB Aging tab fields.

Table 21 Bridge VLAN—FDB Aging tab fields

Field Description

FdbAging The timeout period (in seconds) used for aging out FDB entries of this VLAN.

314725-E Rev 00


Viewing the forwarding database for a specific VLAN

The Forwarding tab shows the forwarding database for the VLAN and contains unicast information about bridge forwarding or filtering. This information is used by transparent bridging to determine how to forward a received frame.

To view all entries in the forwarding database, for a specific VLAN:



2 Select a VLAN and click Bridge.

The Bridge, VLAN box appears with the FDB Aging tab displayed (see Figure 60 on page 178).

3 Click the Forwarding tab.

The Bridge, VLAN—Forwarding tab appears (Figure 61).

Figure 61 Bridge, VLAN—Forwarding tab

Table 22 describes the Bridge, VLAN—Forwarding tab fields.

Table 22 Bridge, VLAN—Forwarding tab fields

Field Description

Address A unicast MAC address for which the bridge has forwarding or filtering information.




Clearing learned MAC addresses from the forwarding database

For troubleshooting, you need to manually flush the bridge forwarding database of learned MAC addresses.

You can perform this procedure for all MAC addresses as described in the following sections:

• “Clearing learned MAC addresses by VLAN”

• “Clearing learned MAC addresses for all VLANs by port” on page 181

Clearing learned MAC addresses by VLAN

To clear the forwarding database of learned MAC addresses for a VLAN:



2 In the VLAN box, click the Advanced tab.

The Advanced tab appears (Figure 62 on page 181).

Port Either a value of zero (0) or the port number of the port on which a frame having the specified MAC address was seen. A value of 0 indicates a self-assigned MAC address.

Monitor Select true or false to copy packets with a MAC address in the source or destination field. Used with port mirroring.

QosLevel Quality of Service level.

SmltRemote Specifies whether you want to use SMLT.

Status Values include:

• self—one of the bridge addresses• learned—a learned entry that is being used

• mgmt—a static entry

Table 22 Bridge, VLAN—Forwarding tab fields (continued)

Field Description

314725-E Rev 00


Figure 62 VLAN—Advanced

3 Double-click in the VLAN Operation Action field, and choose FlushMacFdb from the list.

4 Click Apply.

The VLAN is set for flushing the bridge forwarding database.

Clearing learned MAC addresses for all VLANs by port

To clear learned MAC addresses from the forwarding database for all VLANs by port:

1 From the Device Manager main window, select a port.


2 From the menu bar, choose Edit > Port > General.

The Port box appears with the Interface tab displayed (see Figure 63 on page 182).



Figure 63 Port—Interface, FlushMacFDB

3 In the Action box, select FlushMacFdb.

4 Click Apply.

All learned MAC addresses are cleared from the forwarding database (FDB) for VLANs associated with this port.

5 Click Close.

314725-E Rev 00


Configuring static forwarding

The Static tab contains static forwarding information configured by local or network bridge management. The information is used to specify the set of ports that are allowed to forward frames.

Entries are valid for unicast and for group/broadcast addresses.

To configure forwarding information:



2 In the VLAN box, select a VLAN and then click Bridge.

The Bridge, VLAN box appears (see Figure 60 on page 178).

3 Click the Static tab.

The Static tab is displayed (Figure 64).

Figure 64 Bridge, VLAN—Static tab

4 In the Static tab, click Insert.

The Bridge, VLAN Insert Static box appears (Figure 65 on page 184).



Figure 65 Bridge, VLAN—Insert Static box

5 In the MacAddress box, enter a forwarding destination MAC address.

6 In the Port box, click the ellipsis (...).

The BridgeStaticPort box appears (Figure 66).

Figure 66 BridgeStaticPort

7 Select the port on which the frame is received.

8 Click Ok.

The Bridge Static Port box closes and the selected port appears in the Insert Static box.

9 To copy packets with a MAC address in the source or destination field, select Monitor.

10 In the QoS box, select a Quality of Service level, or keep the default, level 1. Note that Level 7 is reserved for network control traffic.

314725-E Rev 00


11 Click Insert.

The Insert Static box closes and the static information appears in the Bridge, VLAN Static tab.

12 Click Close.

The static forwarding information is configured, and the Bridge VLAN box closes.

Table 23 describes the bridge, VLAN static fields.

MAC-layer bridge packet filtering

To perform MAC-layer bridging, the switch must know the destination MAC-layer address of each device on each attached network so it can forward packets to the appropriate destination. MAC-layer addresses are stored in the bridging table, and you can filter packet traffic based on the destination MAC-layer address information.

Table 23 Bridge VLAN static fields

Field Description

MacAddress The destination MAC address in a frame to which the forwarding information for this entry applies. This object can take the value of a unicast address.

Port The port number of the port on which the frame is received.

Monitor Setting to copy packets with a MAC address in the source or destination field. Used with port mirroring. In Static tab, display = true or false.

QosLevel Quality of Service level.

Status Specifies the status of this entry. Select one of the following values:• permanent—in use and remains so after the next bridge reset. This

is the default value.

• deleteOnReset—in use and remains so until the next bridge reset.• deleteOnTimeout—currently in use and remains so until it is aged.

• other—in use but the conditions under which it remains so are different from other values.



For MAC address filtering, the Ethernet Routing Switch 8600 supports Bridge Management Information Base (MIB) filtering (RFC 1493). The number of MAC filters is limited to 100. You can create a filter entry in much the same way as you create a static MAC entry, by entering a MAC address and the port on which it resides. In the MAC filter record, you can also specify ports to discard source or destination packets for the MAC address on a port.


Configuring a MAC-layer bridge filter

To configure a MAC layer bridge filter:



2 In the VLAN box, select a VLAN and click Bridge.

The Bridge, VLAN box appears (see Figure 60 on page 178).

3 Click the Filter tab.

The Filter tab appears (Figure 67).

Figure 67 Bridge, VLAN—Filter tab

4 Click Insert.

The Bridge, VLAN Insert Filter box appears (Figure 68 on page 187).

314725-E Rev 00


Figure 68 Bridge, VLAN—Insert Filter box

5 In the MacAddress box, enter the MAC address used to match the destination address of incoming packets.

6 In the Port box, click the ellipsis (...).

The BridgeFilterPort box appears (Figure 69).

Figure 69 BridgeFilterPort

7 Click the port on which this MAC address is found, and then click OK.

The BridgeFilterPort box closes and the port is added to the Port box on the Bridge, VLAN, Insert Filter box.

8 In the SrcDiscard box, click the ellipsis (...).

The BridgeFilterSrcDiscard box appears (Figure 70 on page 188).



Figure 70 BridgeFilterSrcDiscard box

9 Click the ports from which you do not want packet traffic received by this MAC address, and then click Ok.

The box closes and the ports are added to the SrcDiscard field in the Bridge, VLAN, Insert Filter box.

10 In the DestDiscard box, click the ellipsis (...).

The BridgeFilterDestDiscard box appears (Figure 71).

Figure 71 BridgeFilterDestDiscard box

11 Click the ports to which you do not want packet traffic sent from this MAC address, and then click Ok.

The box closes and the ports are added to the DestDiscard box in the Bridge, VLAN, Insert Filter box.

12 Enable Pcap if required.

13 Click Insert.

The Insert Filter box closes and the filter appears in the Filter tab.

314725-E Rev 00


14 In the Bridge VLAN box and the VLAN box, click Close.

The MAC layer bridge filter is configured.

Table 24 describes the Bridge VLAN Filter fields.

Configuring the Global MAC filter


To configure the Global MAC filter:

1 From the Device Manager window, select VLAN > Global Mac Filtering. The GlobalMacFiltering tab appears (Figure 72 on page 190).

Table 24 Bridge VLAN Filter fields

Field Description

MacAddress The MAC address of this entry. This address is used to match the destination address of incoming packets.

Port Port on which this MAC address is found.


SrcDiscard Specify a set of ports. Traffic arriving on any of the specified ports is not forwarded to this MAC address.

DestDiscard Specify a set of ports. Traffic arriving on any of the specified ports from this MAC address is discarded.

Status Specifies the status of the VLAN. Values include:

• self—one of the bridge addresses• learned—a learned entry that is being used

• mgmt—a static entry

Pcap Enable or disable the Packet Capture Tool (PCAP) for the MAC address (FDB filter). For more information about PCAP, see Using the Packet Capture Tool.



Figure 72 GlobalMacFiltering tab

Table 25 describes the fields on the GlobalMacFiltering tab.

2 Click Insert.

The GlobalMacFiltering, Insert Mac Filter box appears (Figure 73).

Figure 73 GlobalMacFiltering, Insert Mac Filter box

3 In the GlobalMacFilterAddress box, enter the address, and then click Insert.

The address you entered appears in the GlobalMacFiltering tab.

Table 25 GlobalMacFiltering tab fields

Field Description

GlobalMacFilterAddress A MAC address which the switch discards globally.

314725-E Rev 00


Configuring Enhanced Operation mode

With Enhanced Operation mode, you can now increase the maximum number of VLANs when you use MultiLink Trunking to 1980 (1972 if R modules are present in the chassis) and to 989 when you use SMLT. Enhanced Operation mode requires Ethernet Routing Switch 8600 E, M, or R modules.

For more information about Enhanced Operation mode, see “MultiLink trunking and VLAN scalability” on page 56.

To enable Enhanced Operation mode:

1 From the Device Manager menu bar, choose Edit > Chassis.

The Chassis box appears with the System tab displayed (Figure 43 on page 153).

2 Click the System Flags tab.

The System Flags tab appears (Figure 74 on page 192).

Caution: When Enhanced Operation mode is enabled, only Ethernet Routing Switch 8600 E, M, or R modules are initialized (other modules are placed offline). To avoid losing modules and network connectivity, replace non-E, M, or R modules or move the network connections to an E, M, or R module before enabling Enhanced Operation mode.



Figure 74 Chassis—System Flags tab

3 Select the NewEnhancedOperMode check box.

4 Click Apply.

The system notifies you that the setting takes effect after save and reboot.

5 Click the System tab.

The System tab appears (Figure 75 on page 193).

314725-E Rev 00


Figure 75 Chassis—System SaveRuntimeConfig

6 In the ActionGroup1 box, select saveRuntimeConfig.

7 Click Apply > Close.

Enhanced Operation mode is configured.



314725-E Rev 00

195

Chapter 3Configuring sVLAN using Device Manager

This chapter describes using Device Manager to configure stacked VLAN (sVLAN) on an Ethernet Routing Switch 8600. For conceptual infortmation about sVLANs, see Chapter 1, “Layer 2 operational concepts,” on page 59.


Stacked VLAN configuration overview

The stacked VLAN (sVLAN) protocol transparently transports packets through an sVLAN domain by adding an additional four byte header to each packet. For more information, see “Stacked VLANs” on page 59.


Topic Page

Stacked VLAN configuration overview 195

Creating an sVLAN 196

Setting the sVLAN Ethertype and switch level 200

Setting the sVLAN port type 202

Creating an sVLAN STG 207


196 Chapter 3 Configuring sVLAN using Device Manager

Follow these steps to configure an sVLAN using Device Manager:

1 Change the Ethertype and set the switch level to 1 or above.

For more information, see “Setting the sVLAN Ethertype and switch level” on page 200.

2 Configure user-to-network interface (UNI) and network-to-network interface (NNI) ports.

For more information, see “Setting the sVLAN port type” on page 202.

3 Create a spanning tree group (STG) of type sVLAN.

For more information, see “Creating an sVLAN STG” on page 207.

4 Create a VLAN of type sVLAN within the STG created in Step 3 and add ports to it.

For more information, see “Creating an sVLAN” on page 196.

Creating an sVLAN

To create an sVLAN:


The VLAN—Basic box appears (Figure 76 on page 197).

Note: You must follow these steps in sequence to configure an sVLAN.

314725-E Rev 00

Chapter 3 Configuring sVLAN using Device Manager 197

Figure 76 VLAN—Basic tab

2 Click Insert.

The VLAN, Insert Basic box appears (Figure 77 on page 198).



Figure 77 Insert Basic—for sVLANs

314725-E Rev 00


3 In the Id box, enter an unused VLAN ID or use the ID provided. The default VLAN is VLAN ID 1.

4 (Optional) In the Name box, type the VLAN name, or use the name provided.

5 (Optional) In the Color Identifier box, click the down arrow and choose a color from the list, or use the color provided.

Device Manager suggests a color, but you can change it. This color is used by VLAN Manager to display the different VLANs in a network.

6 In the StgId box, type or select the spanning tree group ID for the VLAN.

7 In the Type box, select bySvlan.


The VlanPortMembers box appears (Figure 78).


9 Click the ports you want to include in the new sVLAN.

10 Click Ok.

The Port Membership box closes and the port members appear in the Insert Basic box.

11 (Optional) In the QoS box, select a Quality of Service level.

12 On the VLAN, Insert Basic box, click Insert.

The Insert box closes and the VLAN appears in the Basic tab.

13 In the VLAN, Basic tab, click Close.




Setting the sVLAN Ethertype and switch level

To configure the sVLAN Ethertype and switch level for the switch:

1 From the Device Manager menu bar choose VLAN > SVLAN.

The Svlan—Ether Type tab (Figure 79) appears, displaying the Ether types used for sVLAN tagging.

Figure 79 SVLAN—Ether Type tab


• Use the default Ether Type-Switch Level mapping and continue to Step 3.

• To modify an Ethertype, double-click an EtherType box, enter a new value, and click Apply.

The Ethertype is changed.

Table 26 on page 202 describes the sVLAN Ether Type tab.

3 Click the Level tab.

Note: sVLAN is not supported on the Ethernet Routing Switch 8600 R module v4.1.

314725-E Rev 00


The Level tab appears (Figure 80).

Figure 80 Svlan box—Level tab

4 In the ActiveLevel box, enter an active switch level.

5 Click Apply.

The Ethertype and active switch level are configured.

Note: Change the switch level default of 0 to a value of 1 through 7 before configuring UNI or NNI ports.



Table 27 describes the sVLAN Level tab.

Setting the sVLAN port type

To set the sVLAN port type:

Table 26 SVLAN—Ether Type tab

Field Description

Id Index ID for this row in the table of switch levels.

Level The switch level associated with this entry.

EtherType Specifies the Ethertype used for sVLAN tagging.

The following are the default Ethertypes and switch levels:• Level 0 — 0x8100 (Ethertype defined by IEEE for

802.1Q tagged frames)

• Level 1 — 0x8020• Level 2 — 0x8030

• Level 3 — 0x8040

• Level 4 — 0x8050• Level 5 — 0x8060

• Level 6 — 0x8070

• Level 7 — 0x8080

Table 27 SVLAN—Level tab

Field Description

Active Level Specifies the active level for the switch. The default is level 0.

Note: You must configure the switch level to 1 or above before configuring UNI or NNI ports.

Note: You must change the switch level to 1 or above before you configure UNI or NNI ports. See “Setting the sVLAN Ethertype and switch level” on page 200.”

314725-E Rev 00


1 From the Device Manager view, select the port.


The Port—Interface tab appears (Figure 81).

Figure 81 Port box—Interface tab

3 Click the VLAN tab.

The VLAN tab appears (Figure 82 on page 204).



Figure 82 Port—VLAN tab

4 In the sVLANPortType box, select one of the following:

• uni—user-to-network interface

You must configure ports for which you want to provide VLAN transparency as UNI ports. UNI ports can only belong to one sVLAN. When you designate a port as a UNI port, the DiscardTaggedFrames parameter is automatically enabled. This prevents traffic from leaking to other VLANs.

• nni—network-to-network interface

314725-E Rev 00


NNI ports interconnect the switches in the core network, drop untagged frames on ingress, and insert the sVLAN tag at the egress. When you configure an NNI port, the DiscardUnTaggedFrames parameter is automatically enabled.

5 Click Apply.

The system warns you that by changing the port type, all ports in the OctaPID can be removed from all VLANs and STGs (Figure 83). This message shows the port range for the OctaPID. If you changed a port from Normal to UNI/NNI, the other seven ports in the OctaPID are changed automatically.

Figure 83 sVLAN configuration warning

6 To continue applying the configuration, click Yes.

The sVLAN port type is configured.

7 Click Close.

The Port box closes.

Note: All ports within the same OctaPID have the same designation that is, all eight ports are either Normal, or all eight ports are UNI/NNI. When you change a port from normal to UNI/NNI, the other seven ports are changed automatically, and in reverse. For more details, see “Tap and OctaPID assignment (Release 3.x feature set)” on page 567”.



Table 28 describes the Port—VLAN tab.

.

Table 28 Port—VLAN fields

Field Description

SvlanPortType Sets the stacked VLAN (SVLAN) port type:

normal (default)

uni (User-to-Network Interface) You must configure ports to which you want to provide VLAN transparency as UNI ports. UNI ports can only belong to one SVLAN. When you designate a port as a UNI port, the DiscardTaggedFrames parameter is automatically configured (Edit > Port > General > VLAN). This prevents traffic from leaking to other VLANs.

nni (Network-to-Network Interface) NNI ports interconnect the switches in the core network, drop untagged frames on ingress, and insert the SVLAN tag at the egress. When you configure an NNI port, the DiscardUnTaggedFrames parameter is automatically configured (Edit > Port > General > VLAN).

Before configuring a port as uni or nni, you must change the switch level to 1 or above (VLAN > SVLAN > Level).

PerformTagging Enable or disable the port on the current VLAN to perform tagging

VlanNames Identifies which VLANs this port is assigned. Each VLAN ID is stored as a two octet value. The first octet in the pair holds bits 15 to 8 of the VLAN ID, the second octet holds bits 7 to 0 of the VLAN ID.

DiscardTaggedFrames Determines how to process tagged frames received on this access port. When the flag is set, these frames are discarded by the forwarding process. When the flag is reset, these frames are processed normally.

DiscardUntaggedFrames Determines how to process untagged frames received on this tagged port. When the flag is set, these frames are discarded by the forwarding process. When the flag is reset, these frames are assigned to the VLAN specified by the DefaultVlanId.

UntagDefaultVLAN Enables or disables egress tagging on the default VLAN of the port.

DefaultVlanId The VLAN ID assigned to untagged frames received on this trunk port.

This field is meaningless when the port is not a trunk port.

LoopDetect Enables loop detection.

ArpDetect Enables or disables the ARP loop detection feature on this port. If a loop is detected, the port is disabled. For more information about this feature, see Configuring IP Routing Operations.

LoopDetectAction This value is used to specify the action which needs to be taken once a MAC loop is detected on a specific port. They include portDown, vlanBlock, and macDiscard.

314725-E Rev 00


Creating an sVLAN STG

To create an sVLAN spanning tree group:

1 From the Device Manager menu bar, choose VLAN > Spanning Tree > STG.

The STG box appears (Figure 84).

Figure 84 STG

2 Click Insert.

The STG, Insert Configuration box appears (Figure 85 on page 208).



Figure 85 STG, Insert Configuration

3 In the Id box, enter an STG ID, or use the displayed ID.

4 In the Type box, select svlan.

5 In the TaggedBpduAddress box, enter a MAC address to be assigned to the destination MAC address field in tagged BPDUs.


The StgPortMembers box appears, displaying available ports.

7 Click the ports you want to include in the sVLAN STG, and then click Ok.

The StgPortMembers box closes, and the ports appear in the STG, Insert Configuration box.

8 Click Insert.

Note: The MAC address you enter must be different from the standardized BPDU MAC address.

314725-E Rev 00


The STG appears in the Configuration tab.

9 On the Configuration tab, click Close.

The STG is configured and the STG box closes.



314725-E Rev 00

211

Chapter 4Configuring spanning tree using Device Manager

This chapter discusses using Device Manager to create, manage, and monitor spanning tree groups (STG), and discusses using Device Manager to configure Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP).


Choosing the spanning tree mode

You can choose to use STP, MSTP, or RSTP with the Ethernet Routing Switch 8600. To configure the mode:

1 From the Device Manager menu bar, choose VLAN > Spanning Tree > Globals.

The Spanning Tree Globals box appears (Figure 86 on page 212).

Topic Page

Choosing the spanning tree mode 211

Configuring Spanning Tree Protocol 212

Configuring Multiple Spanning Tree Protocol 226

Configuring Rapid Spanning Tree Protocol 240


212 Chapter 4 Configuring spanning tree using Device Manager

Figure 86 Spanning Tree—Globals

2 Select the required spanning tree mode.

3 Click Apply.

Configuring Spanning Tree Protocol

This section discusses using Device Manager to create, manage, and monitor spanning tree groups. For more information about STP, see “Spanning Tree Protocol” on page 67.


• “Creating a STG” on page 213

• “Editing an STG” on page 217

• “Adding ports to an STG” on page 218

• “Viewing the STG status” on page 219

• “Viewing STG ports” on page 221

• “Enabling STP on a port” on page 224

• “Deleting an STG” on page 224

Warning: After you change the mode, you must reboot the switch for changes to take effect. You can reboot the switch using the command line interface (CLI) by first saving the boot file with the command save bootconfig, and then entering the command boot <filename>, where filename is the saved boot config file. You can also reboot the switch using Device Manager. Go to Edit > Chassis. In the ActionGroup1 box, select saveBootConfig. Click Apply. Next, in ActionGroup4, select softReset. Click Apply.

314725-E Rev 00

Chapter 4 Configuring spanning tree using Device Manager 213

• “Configuring STG topology change detection” on page 225

Creating a STG

A network can include multiple instances of STP. The collection of ports in one spanning tree instance is called a spanning tree group (STG). The Ethernet Routing Switch 8600 supports STP and up to 64 spanning tree groups.

To create a STG:


The STG—Configuration tab appears (Figure 87).

Figure 87 STG—Configuration tab

2 On the Configuration tab, click Insert.

The STG, Insert Configuration box appears (see Figure 88 on page 214).

Table 29 on page 216 describes the STG—Configuration tab parameters.

Note: This information applies to Ethernet Routing Switch 8600 modules only. Spanning Tree Protocol must be disabled on split multilink trunking (SMLT) or interswitch trunk ports, because spanning tree is not a supported configuration on these ports.



Figure 88 STG, Insert Configuration

3 Use the fields in the STG, Insert Configuration box to configure the STG.

4 In the PortMembers box, click the ellipses (...).

The StgPortMembers box (Figure 89 on page 215) appears.

Note: In the STG table, the STG ID and TaggedBpduVlanId must be unique. If you change the STG ID without updating TaggedBpduVlandId, the insertion can fail because of a duplicate TaggedBpduVlanId.

314725-E Rev 00


Figure 89 StgPortMembers

5 Click the ports you want to add to the STG, and then click Ok.

The StgPortMembers box closes, and the ports are added to the Port Members field in the Insert Configuration box.

6 Click Insert.

The Insert Configuration box closes, and the STG appears in the Configuration tab.

7 Click Close.

The STG is configured.

Note: Spanning Tree Protocol must be disabled on SMLT or interswitch trunk ports.



Table 29 describes the STG—Configuration fields.

Table 29 STG configuration fields

Field Description

Id The ID number for the STG.Note: The STG ID and TaggedBpduVlanId must be unique in the STG table. If you change the STG ID without updating TaggedBpduVlanId, the insertion can fail because of a duplicate TaggedBpduVlanId.

Type Specifies the type of STG.

• normal = normal STG • svlan = stacked VLAN STG

Priority Sets the STP bridge priority, in decimal.

BridgeMaxAge The value in hundredths of a second that all bridges use for MaxAge when this bridge is acting as the root.

Note: The 802.1d-1990 standard specifies that the BridgeMaxAge range is related to the value of dot1dStpBridgeHelloTime. The default is 2000 (20 seconds).

BridgeHelloTime The value in hundredths of a second that all bridges use for HelloTime when this bridge is acting as the root. The granularity of this timer is specified by the IEEE 802.1d-1990 standard to be in increments of 1/100 of a second. The default is 200 (2 seconds).

BridgeForwardDelay The value in hundredths of a second that all bridges use for forward delay when this bridge is acting as the root. The default is 1500 (15 seconds).

EnableSTP Enables or disables the spanning tree algorithm for the STG.

StpTrapEnable Enables SNMP traps to be sent to trace receiver every time an STP topology occurs.

TaggedBpduAddress Represents a MAC address; specifically for tagged BPDUs.

314725-E Rev 00


Editing an STG

To edit an STG:


The STG—Configuration box appears (Figure 87 on page 213).

TaggedBpduVlanId Represents the VLAN tag associated with the STG. This ID is used to tag BPDUs through a non-IEEE tagging bridge to another Ethernet Routing Switch 8600. Note: By default, the TaggedBpduVlanId is an address calculated based on the STG ID by Device Manager. Accepting the default value calculated by Device Manager makes it much simpler to coordinate STGs across multiple switches. If you enter a custom value for this field, you must manually coordinate it across all switches.Note: The STG ID and TaggedBpduVlanId must be unique in the STG table. If you change the STG ID without updating TaggedBpduVlanId, the insertion can fail because of a duplicate TaggedBpduVlanId.

Port Members The ports you want to become members of the new STG.

You cannot select a port if it is:• configured as Single Port SMLT, MLT-based SMLT, or IST

• configured as members of any other STG

NtStgEnable Indicates whether this STG is operating in Nortel mode or in Cisco mode:

• true—Nortel mode

• false—Cisco mode

Note: Untagged ports can only belong to one STG.

Note: The information about editing an STG applies to Ethernet Routing Switch 8600 modules only.

Table 29 STG configuration fields (continued)

Field Description



2 Double-click the field for the STG you want to edit.

The field becomes editable.

3 Enter a new value or select a new setting from the menu.

4 Click Apply.

The changes are applied to the STG.

Adding ports to an STG

To add ports to a spanning tree group:


The STG—Configuration tab appears (Figure 87 on page 213).

2 Double-click the Port Members field for the STG.

The StgPortMembers box (Figure 90) appears, indicating the port members assigned to this STG.

Figure 90 StgPortMembers box

3 Click the ports you want to add to the STG, and click OK.

The StgPortMembers box closes, and the ports are added to the Port Members field in the Configuration tab.

Note: Spanning Tree Protocol must be disabled on SMLT or IST ports.

314725-E Rev 00


4 Click Apply.

The ports are added to the STG.

Viewing the STG status

You can use the STG Status tab to view the status of the spanning tree for each STG that is associated with the network.

To view STG status:



2 Click the Status tab.

The Status tab appears (Figure 91 on page 220), displaying the STG status.



Figure 91 STG—Status tab

Table 30 describes the STG Status fields.

Table 30 STG Status fields

Field Description

BridgeAddress The MAC address used by this bridge when it must be referred to in a unique fashion.

NumPorts The number of ports controlled by this bridging entity.

ProtocolSpecification An indication of what version of the Spanning Tree Protocol is being run. The IEEE 802.1d implementations return ieee8021d.

TimeSinceTopologyChange The time in hundredths of a second since the last time a topology change was detected by the bridge entity or STG.

TopChanges A topology change trap is sent by a bridge when any of its configured ports transitions from the Learning state to the Forwarding state, or from the Forwarding state to the Blocking state. The trap is not sent if a new root trap is sent for the same transition. Implementation of this trap is optional.

DesignatedRoot The bridge identifier of the root of the spanning tree as determined by the Spanning Tree Protocol as executed by this node. This value is used as the Root Identifier parameter in all Configuration Bridge PDUs originated by this node.

314725-E Rev 00


Viewing STG ports

Use the Ports tab to view the status of ports for each STG that is associated with the network.

To view STG ports:



2 Click the Ports tab.

The Ports tab appears(Figure 92). For parameter descriptions, see “STG Ports tab fields” on page 222.

RootCost The cost of the path to the root as seen from this bridge.

RootPort The port number of the port that offers the lowest cost path from this bridge to the root bridge.

MaxAge The maximum age of Spanning Tree Protocol information learned from the network on any port before it is discarded, in units of hundredths of a second. This is the actual value that this bridge is currently using.

HelloTime The amount of time in hundredths of a second between transmission of config BPDUs by this node on any port when it is the root of the spanning tree. The default value is 200 (2 seconds).

HoldTime The time interval in hundredths of a second during which no more than two configuration bridge PDUs shall be transmitted by this node. The default value is 100 (1 second).

ForwardDelay The time interval in hundredths of a second that controls how fast a port changes its spanning state when moving toward the Forwarding state. The value determines how long the port stays in each of the Listening and Learning states, which precede the Forwarding state. This value is also used when a topology change is detected and is under way, to age all dynamic entries in the Forwarding Database. Note that this value is the one this bridge is currently using, in contrast to StgBridgeForwardDelay, which is the value that this bridge and all others would use if this bridge becomes the root. The default value is 1500 (15 seconds).

Table 30 STG Status fields (continued)

Field Description



Figure 92 STG—Ports tab

Table 31 describes the STG—Ports tab fields.

Table 31 STG Ports tab fields

Field Description

Port The port number of the port for which this entry contains Spanning Tree Protocol management information.

StgId The STG identifier assigned to this port.

Priority The value of the priority field which is contained in the first octet of the Port ID. The other octet of the Port ID is given by the value of rcStgPort.Note: Although port priority values can range from 0 to 255, on the Ethernet Routing Switch 8600, only the following values are used: 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, 240.

314725-E Rev 00


State The current state of the port as defined by the application of the Spanning Tree Protocol:

disabledblocking

listening

learningforwarding

broken

This state controls what action a port takes on reception of the frame. If the bridge has detected a port that is malfunctioning, it places that port into the broken state. For ports that are disabled, this object has a value of disable.

EnableStp The STP state of the port.

Enabled—BPDUs are processed in accordance with STP.

Disabled—The port stays in a forwarding state, received BPDUs are dropped and not processed, and no BPDU is generated.

FastStart When this flag is set, the port is moved straight to the forwarding state upon being enabled.true (enables FastStart for the port)

false (default, disables FastStart for the port)

Note: This setting is contrary to that specified in the IEEE 802.1d standard for Spanning Tree Protocol (STP), in which a port enters the blocking state following the initialization of the bridging device or from the disabled state when the port is enabled through configuration.

PathCost The contribution of this port to the path cost of paths toward the spanning tree root that includes this port. The 802.1d-1990 protocol recommends that the default value of this parameter be inversely proportion to the speed of the attached LAN.

DesignatedRoot The unique bridge identifier of the bridge recorded as the root in the configuration BPDUs transmitted by the designated bridge for the segment to which the port is attached.

DesignatedCost The path cost of the designated port of the segment connected to this port. This value is compared to the Root Path Cost field in received bridge PDUs.

DesignatedBridge The bridge identifier of the bridge that this port considers to be the designated bridge for this port’s segment.

DesignatedPort The port identifier of the port on the designated bridge for this port segment.

Table 31 STG Ports tab fields (continued)

Field Description



Enabling STP on a port

To enable STP for a port:




The Ports tab appears (Figure 92 on page 222).

3 Click in the EnableStp field for the port you want to enable.

A menu appears.

4 From the menu, choose true.

The EnableStp setting changes.

5 Click Apply.

STP is enabled for the port.

Deleting an STG

To delete an STG:


ForwardTransitions The number of times this port has transitioned from the learning state to the forwarding state.

ChangeDetection The change detection setting (true or false) for this port. Can only be configured on access ports. If you enable change detection on an MLT with access ports, the setting is automatically applied to all ports in the MLT.

Note: The deleting an STG procedure applies to Ethernet Routing Switch 8600 modules only.

Table 31 STG Ports tab fields (continued)

Field Description

314725-E Rev 00


The STG box appears (Figure 87 on page 213).

2 Click the STG that you want to delete.

3 Click Delete.

Configuring STG topology change detection

To configure topology change detection on a port:




The Ports tab appears (Figure 92 on page 222).

3 Double-click the ChangeDetection field for a port.

The menu of change detection settings appears.

4 From the menu, choose one of the following:

• To enable change detection on the port, choose true.

• To disable change detection on the port, choose false.

5 Click Apply.

Change detection is configured for the port.

For more information about change detection, see “Spanning Tree Protocol topology change detection” on page 70.

Note: All VLANs must be deleted from an STG before you can remove the STG.



Configuring Multiple Spanning Tree Protocol

Multiple Spanning Tree Protocol (MSTP) allows you to configure multiple instances of RSTP on the same switch. For more information about MSTP, see “Rapid Spanning Tree Protocol and Multiple Spanning Tree Protocol” on page 73.

To configure MSTP, you must first enable it.

For more information about enabling MSTP, see “Choosing the spanning tree mode” on page 211.

This section contains the following topics:

• “Configuring MSTP globally”

• “Configuring CIST ports for MSTP” on page 230

• “Viewing statistics for the CIST ports” on page 233

• “Configuring MSTI bridges for MSTP” on page 235

• “Configuring MSTI ports for MSTP” on page 236

• “Viewing MSTI port statistics” on page 238

Configuring MSTP globally

To configure MSTP globally:

1 From the Device Manager menu bar, choose VLAN > Spanning Tree > MSTP.

The MSTP—Globals tab appears (Figure 93 on page 227).

314725-E Rev 00


Figure 93 MSTP—Globals

2 Edit desired fields to configure MSTP.

3 Click Apply.



Table 32 describes the MSTP—Globals tab fields.

Table 32 MSTP—Globals fields

Field Description

PathCostDefaultType The version of the spanning tree default path costs to be used by this bridge. A value of 8021d1998 denotes the use of the 16 bit default path costs from IEEE 802.1d-1998. A value of stp8021t2001 denotes the use of the 32 bit default path costs from IEEE 802.1t.

TxHoldCount The value used by the port transmit state machine to limit the maximum transmission rate.

MaxHopCount Indicates the maximum hop count. The granularity of this timer is specified to be 1 second. An agent can return a bad value error if you attempt to set a value which is not a whole number of seconds.

NoOfInstancesSupported

Indicates the maximum number of spanning tree instances supported.

MstpUpCount The number of times the MSTP module was enabled. A trap is generated on the occurrence of this event.

MstpDownCount The number of times the MSTP module was disabled. A trap is generated on the occurrence of this event.

ForceProtocolVersion The version of Spanning Tree Protocol the bridge currently runs. stpCompatible indicates that the Spanning Tree Protocol as specified in IEEE 802.1d is in use; rstp indicates that the Rapid Spanning Tree Protocol as specified in IEEE 802.1w is in use; and mstp indicates that the Multiple Spanning Tree Protocol as specified in IEEE 802.1s is in use.

BrgAddress The MAC address used by this bridge when it must be referred to in a unique fashion. Nortel recommends that this be the numerically smallest MAC address of all ports that belong to this bridge. When concatenated with MstCistBridgePriority or MstBridgePriority, a unique bridge identifier is formed which is used in the Spanning Tree Protocol.

Root The bridge identifier of the root of the common spanning tree as determined by the Spanning Tree Protocol by this node. This value is used as the CIST root identifier parameter in all configuration bridge PDUs originated by this node.

RegionalRoot The bridge identifier of the root of the multiple spanning tree region as determined by the Spanning Tree Protocol as executed by this node. This value is used as the CIST regional root identifier parameter in all configuration bridge PDUs originated by this node.

314725-E Rev 00


RootCost The cost of the path to the CIST root from this bridge.

RegionalRootCost The cost of the path to the CIST regional root from this bridge.

RootPort The port number of the port which offers the lowest path cost from this bridge to the CIST root bridge.

BridgePriority The value of the writable portion of the bridge identifier comprising of the first two octets. The values you enter for bridge priority must be in steps of 4096.

BridgeMaxAge The value that all bridges use for MaxAge when this bridge acts as the root. The granularity of this timer is specified to be 1 second. An agent can return a bad value error if you attempt to set a value which is not a whole number of seconds. The default is 2000.

BridgeForwardDelay The value that all bridges use for forward delay when this bridge acts as the root. Note that 802.1d specifies that the range for this parameter is related to the value of BridgeMaxAge. The granularity of this timer is specified to be 1 second. An agent can return a bad value error if you attempt to set a value which is not a whole number of seconds. The default is 1500.

HoldTime This time value determines the interval length during which no more than two configuration bridge PDUs can be transmitted by this node, in units of hundredths of a second.

MaxAge The maximum age of Spanning Tree Protocol information learned from the network on any port before it is discarded, in units of hundredths of a second. This is the value that this bridge currently uses.

ForwardDelay This time value, measured in units of hundredths of a second, controls how fast a port changes its spanning state when moving towards the forwarding state. The value determines how long the port stays in a particular state before moving to the next state.

TimeSinceTopology

Change

The time (in hundredths of a second) since the TcWhile Timer for any port in this bridge was non-zero for Common Spanning Tree.

TopChanges The number of times that there was at least one non-zero TcWhile Timer on this bridge for Common Spanning Tree.

NewRootBridgeCount The number of times this bridge has detected a root bridge change for Common Spanning Tree. A trap is generated on the occurrence of this event.

RegionName The name for the region configuration. By default the region name is equal to the bridge MAC Address.

RegionVersion Version of the MST region.

Table 32 MSTP—Globals fields (continued)

Field Description



Configuring CIST ports for MSTP

To configure Common and Internal Spanning Tree (CIST) ports for MSTP:

1 In Device Manager, go to VLAN > Spanning Tree > MSTP.

The MSTP box appears.

2 In the MSTP box, click the CIST Port tab.

The MSTP—CIST Port tab appears (Figure 94 on page 231).

ConfigIdSel The configuration identifier format selector used by the bridge. This has a fixed value of 0 to indicate RegionName, RegionVersions are specified as in the standard.

ConfigDigest The configured MD5 digest value for this region, which must be 16 octets long.

RegionConfigChangeCount

The number of times a region configuration identifier change was detected. A trap is generated on the occurrence of this event.

Table 32 MSTP—Globals fields (continued)

Field Description

314725-E Rev 00


Figure 94 MSTP—CIST Port tab

3 Use the fields in the CIST Port box to configure the MSTP.

4 Click Apply.



The MSTP—CIST Port tab contains per-port information that is common to all bridge and spanning tree instances. Table 33 describes the CIST Port fields.

Table 33 CIST Port fields

Field Description

Port The port number of the port for which this entry contains spanning tree information

PathCost The contribution of this port to the path cost of paths towards the CIST root which includes this port.

Priority The four most significant bits of the port identifier of the spanning tree instance can be modified by setting the CistPortPriority value. The values that are set for port priority must be in steps of 16.

Note: Although port priority values can range from 0 to 255, on the Ethernet Routing Switch 8600, only the following values are used: 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, 240.

DesignatedRoot The unique bridge identifier of the bridge recorded as the CIST root in the configuration BPDUs transmitted.

DesignatedCost The path cost of the designated port of the segment which connects to this port.

DesignatedBridge The unique bridge identifier of the bridge which this port considers to be the designated bridge for the port’s segment.


RegionalRoot The unique bridge identifier of the bridge recorded as the CIST regional root identifier in the configuration BPDUs transmitted.

RegionalPathCost The contribution of this port to the path cost of paths towards the CIST regional root which include this port.

ProtocolMigration Indicates the protocol migration state of this port. When operating in RSTP or MSTP mode, writing true to this object forces this port to transmit MSTP BPDUs without instance information. Any other operation on this object has no effect and it returns false when read.

AdminEdgeStatus The administrative value of the Edge Port parameter. A value of true indicates that this port is an edge-port, and a value of false indicates that this port is a non-edge-port.

OperEdgeStatus The operational value of the Edge Port parameter. The object is initialized to the value of AdminEdgeStatus and is set false on reception of a BPDU.

314725-E Rev 00


Viewing statistics for the CIST ports

You can view statistics for the CIST ports. To view statistics:



2 In the MSTP box, click the CIST Port tab.

The MSTP—CIST Port tab appears.

AdminP2P The administrative point-to-point status of the LAN segment attached to this port. A value of forceTrue indicates that this port is treated as if it connects to a point-to-point link. A value of forceFalse indicates that this port is treated as having a shared media connection. A value of auto indicates that this port is considered to have a point-to-point link if it is an aggregator and all of its members are aggregatable, or if the MAC entity is configured for full duplex operation, either through auto-negotiation or by management means.

OperP2P The operational point-to-point status of the LAN segment attached to this port. It indicates whether a port is considered to have a point-to-point connection or not. The value is determined by management or by auto-detection as described in the AdminP2P object.

HelloTime The amount of time between the transmission of configuration bridge PDUs by this node on this port in units of hundredths of a second.

OperVersion This indicates whether the port is operationally in the MSTP mode, the RSTP mode, or the STP-compatible mode, that is, whether the port transmits MST BPDUs, RST BPDUs or Config/TCN BPDUs.

EffectivePortState The effective operational state of the port for CIST. This is true only when the port is operationally UP at the interface and protocol levels for CIST. This is set to false for all other conditions.

State Current state of the port as defined by the common spanning tree protocol. It can be disabled, discarding, learning, or forwarding.

ForcePortState Current state of the port, which can be changed to either Disabled or Enabled for the base spanning tree instance.

SelectedPortRole Selected port role of the port for this spanning tree instance.

CurrentPortRole Current port role of the port for this spanning tree instance.

Table 33 CIST Port fields (continued)

Field Description



3 Click on a port, and then click Graph.

The CIST Port Stats window appears (Figure 95).

Figure 95 CIST Port Stats

Table 34 describes the statistics given in Figure 95.

Table 34 CIST Port Stats fields

Field Description

ForwardTransitions Number of times this port has transitioned to the forwarding state.

RxMstBpduCount Number of MSTP BPDUs received on this port.

RxRstBpduCount Number of RSTP BPDUs received on this port.

RxConfigBpduCount Number of configuration BPDUs received on this port.

RxTcnBpduCount Number of TCN BPDUs received on this port.

TxMstBpduCount Number of MSTP BPDUs transmitted from this port.

TxRstBpduCount Number of RSTP BPDUs transmitted from this port.

TxConfigBpduCount Number of configuration BPDUs transmitted from this port.

TxTcnBpduCount Number of TCN BPDUs transmitted from this port.

314725-E Rev 00


Configuring MSTI bridges for MSTP

To configure Multiple Spanning Tree Instance (MSTI) bridges:



2 In the MSTP box, click the MSTI Bridges tab.

The MSTP—MSTI Bridges tab appears (Figure 96). (MSTI bridge instances are generated by the switch after you create a VLAN in MSTP mode).

Figure 96 MSTP—MSTI Bridges tab

3 Use the fields in the MSTI Bridges box to configure the MSTP.

4 Click Apply.

InvalidMstBpduRxCount Number of Invalid MSTP BPDUs received on this port.

InvalidRstBpduRxCount Number of Invalid RSTP BPDUs received on this port.

InvalidConfigBpduRxCount Number of invalid configuration BPDUs received on this port.

InvalidTcnBpduRxCount Number of invalid TCN BPDUs received on this port.The number of times this port has migrated from one STP protocol version to another. The relevant protocols are STP-Compatible and RSTP/MSTP. A trap is generated on the occurrence of this event.

ProtocolMigrationCount The number of times this port has migrated from one STP protocol version to another. The relevant protocols are STP-Compatible and RSTP. A trap is generated on the occurrence of this event.

Table 34 CIST Port Stats fields

Field Description



Table 35 describes the fields given in Figure 96.

Configuring MSTI ports for MSTP

To configure MSTI ports, do the following:



2 In the MSTP box, click the MSTI Port tab.

The MSTI Port tab appears (Figure 97 on page 237). (Port members selected on the VLAN > Basic tab appear in the MSTI Port tab).

Table 35 MSTI Bridges fields

Field Description

Instance Spanning tree instance to which this information belongs

Regional Root MSTI regional root identifier value for the instance. This value is used as the MSTI regional root identifier parameter in all configuration bridge PDUs originated by this node.

Priority The writable portion of the MSTI bridge identifier comprising of the first two octets. The values that are set for bridge priority must be in steps of 4096.

Root Cost The cost of the path to the MSTI regional root as seen by this bridge.

Root Port The port number of the port which offers the lowest path cost from this bridge to the MSTI region root bridge.

TimeSinceTopology Change

The time (in hundredths of a second) since the TcWhile Timer for any port in this bridge was non-zero for this spanning tree instance.

TopChanges The number of times that there was at least one non-zero TcWhile Timer on this bridge for this spanning tree instance.

NewRootCount The number of times this bridge has detected a root bridge change for this spanning tree instance. A trap is generated on the occurrence of this event.

InstanceUpcount The number of times a new spanning tree instance was created. A trap is generated on the occurrence of this event.

InstanceDownCount The number of times a spanning tree instance was deleted. A trap is generated on the occurrence of this event.

314725-E Rev 00


Figure 97 MSTP—MSTI Port tab

3 Use the fields in the MSTI Port box to configure the MSTP.

4 Click Apply.

Table 36 describes the MSTP—MSTI Port fields.

Table 36 MSTP—MSTI Port fields

Field Description

Port The port number of the port for which this entry contains spanning tree information.

BridgeInstance Spanning tree instance to which the information belongs.

PathCost The contribution of this port to the path cost of paths towards the MSTI root which includes this port.

Priority The four most significant bits of the port identifier for a given spanning tree instance can be modified independently for each spanning tree instance supported by the bridge. The values set for port priority must be in steps of 16.

DesignatedRoot The unique bridge identifier of the bridge recorded as the MSTI regional root in the configuration BPDUs transmitted.

DesignatedBridge The unique bridge identifier of the bridge which this port considers to be the designated bridge for the port segment.


State Current state of the port as defined by the MSTP. A port which is in forwarding state in one instance can be in discarding (blocking) state in another instance.

ForcePortState Current state of the port which can be changed to either disabled or enabled for the specific spanning tree instance.

DesignatedCost The path cost of the designated port of the segment connected to this port.



Viewing MSTI port statistics

You can view statistics for the MSTI Ports. To view statistics:



2 In the MSTP box, click the MSTI Port tab.

The MSTP—MSTI Port tab appears (Figure 97 on page 237).

3 Click on a port, and then click Graph.

The MSTI Port Stats window appears (Figure 98 on page 239).

CurrentPortRole Current port role of the port for this spanning tree instance.

EffectivePortState The effective operational state of the port for specific instance. This is true when the port is operationally up at the interface and protocol levels for the specific instance. This is set to false at all other times.

Table 36 MSTP—MSTI Port fields (continued)

Field Description

314725-E Rev 00


Figure 98 MSTI Port.BridgeInstance

Table 37 describes the MSTI Port Stats parameters.

Table 37 MSTI Port Stats

Field Description

ForwardTransitions Number of times this port has transitioned to the forwarding state for this specific instance.

ReceivedBPDUs Number of BPDUs received by this port for this spanning tree instance.

TransmittedBPDUs Number of BPDUs transmitted on this port for this spanning tree instance.

InvalidBPDUsRcvd Number of invalid BPDUs received on this port for this spanning tree instance.



Configuring Rapid Spanning Tree Protocol

Rapid Spanning Tree Protocol (RSTP) reduces the recovery time after a network breakdown. For more information about RSTP, see “Rapid Spanning Tree Protocol and Multiple Spanning Tree Protocol” on page 73.

To configure RSTP, you must first enable it.

For more information about enabling RSTP, see “Choosing the spanning tree mode” on page 211.

This section contains the following topics:

• “Configuring RSTP globally”

• “Configuring RSTP ports” on page 243

• “Viewing RSTP status” on page 245

• “Viewing statistics for RSTP Status” on page 246

Configuring RSTP globally

To configure RSTP globally:

1 From the Device Manager menu bar, choose VLAN > Spanning Tree > RSTP.

The RSTP—Globals tab appears (Figure 99 on page 241).

314725-E Rev 00


Figure 99 RSTP—Globals

2 Edit the desired fields.

3 Click Apply.



Table 38 describes the RSTP—Globals tab fields.

Table 38 RSTP—Globals fields

Field Description

PathCostDefault The version of the spanning tree default path costs that are used by this bridge. A value of 8021d1998 indicates the use of the 16 bit default path costs from IEEE Std. 802.1d-1998. A value of stp8021t2001 indicates the use of the 32 bit default path costs from IEEE Std. 802.1t.

TxHoldCount The value used by the port transmit state machine to limit the maximum transmission rate.

Version The version of Spanning Tree Protocol the bridge currently runs. The value stpCompatible indicates that the Spanning Tree Protocol as specified in IEEE 802.1d is in use; rstp indicates that the Rapid Spanning Tree Protocol as specified in IEEE 802.1w is in use.

EnableStp Indicates whether the spanning tree protocol is active in this STG.

Priority The value of the priority field.

BridgeMaxAge The value that all bridges use for MaxAge when this bridge acts as the root.

BridgeHelloTime The value that all bridges use for HelloTime when this bridge acts as the root.

BridgeForwardDelay The value that all bridges use for forward delay when this bridge acts as the root.


RootCost The cost of the path to the root from this bridge.

RootPort The port number of the port which offers the lowest cost path from this bridge to the root bridge.

MaxAge The maximum age of Spanning Tree Protocol information learned from the network on any port before it is discarded, in units of hundredths of a second.

HelloTime The amount of time between the transmission of configuration bridge PDUs by this node on any port when it is the root of the spanning tree (or trying to become the root), in units of hundredths of a second.

314725-E Rev 00


Configuring RSTP ports

To configure ports for RSTP, do the following:


The RSTP—Globals tab appears.

2 In the RSTP box, click the RSTP Ports tab.

The RSTP Ports tab appears (Figure 100 on page 244).

ForwardDelay This time value, measured in units of hundredths of a second, controls how fast a port changes its spanning state when moving towards the forwarding state. The value determines how long the port stays in each of the listening and learning states, which precede the forwarding state. This value is also used when a topology change is detected, and is underway, to age all dynamic entries in the forwarding database.

RstpUpCount The number of times the RSTP module was enabled. A trap is generated on the occurrence of this event.

RstpDownCount The number of times the RSTP module was disabled. A trap is generated on the occurrence of this event.

NewRootIdCount The number of times this bridge detected a root identifier change. A trap is generated on the occurrence of this event.

TimeSinceTopology

Change

The time (in hundredths of a second) since the TcWhile Timer for any port in this bridge was non-zero for Common Spanning Tree.

TopChanges The number of times that there was at least one non-zero TcWhile Timer on this bridge for Common Spanning Tree.

Table 38 RSTP—Globals fields (continued)

Field Description



Figure 100 RSTP—RSTP Ports tab

3 Use the fields in the RSTP Ports box to configure the RSTP ports.

4 Click Apply.

Table 39 describes the fields for RSTP—RSTP Ports.

Table 39 RSTP—RSTP Ports tab fields

Field Description

Port A unique value, greater than zero, indicating the port number.

Priority The value of the priority field.

PathCost The contribution of this port to the path cost of paths towards the root which includes this port.

ProtocolMigration When operating in RSTP mode, writing true to this object forces this port to transmit RSTP BPDUs. Any other operation on this object has no effect and it returns false when read.

AdminEdgePort The administrative value of the Edge Port parameter. A value of true indicates that this port is an edge-port and a value of false indicates that this port is a non-edge-port.

OperEdgePort The operational value of the Edge Port parameter. The object is initialized to the value of AdminEdgePort and is set false on reception of a BPDU.

314725-E Rev 00


Viewing RSTP status

To view RSTP status:


The RSTP—Globals tab appears.

2 Click the RSTP Status tab.

The RSTP Status box appears (Figure 101 on page 246).

AdminPointToPoint The administrative point-to-point status of the LAN segment attached to this port. A value of forceTrue indicates that this port is treated as if it is connected to a point-to-point link. A value of forceFalse indicates that this port is treated as having a shared media connection. A value of auto indicates that this port is considered to have a point-to-point link if it is an aggregator and all of its members are aggregatable, or if the MAC entity is configured for full duplex operation, either through auto-negotiation or by management means.

OperPointToPoint The operational point-to-point status of the LAN segment attached to this port. It indicates whether a port is considered to have a point-to-point connection or not. The value is determined by management or by auto-detection, as described in the AdminPointToPoint object.

EnableStp Indicates whether Spanning Tree Protocol is active in this STG.


DesignatedCost The path cost of the designated port of the segment connected to this port. This value is compared to the Root Path Cost field in received bridge PDUs.

DesignatedBridge The unique bridge identifier of the bridge which this port considers to be the Designated Bridge for the port segment.

DesignatedPort The port identifier of the port on the designated bridge for this port's segment.

ForwardTransitions Number of times this port has transitioned to the forwarding state for this specific instance.

Table 39 RSTP—RSTP Ports tab fields (continued)

Field Description



Figure 101 RSTP Status tab

Table 40 describes the RSTP—RSTP Status tab fields.

Viewing statistics for RSTP Status

You can view statistics for RSTP Status. To view statistics:

1 From the Device Manager menu bar, choose VLAN > Spanning Tree > RSTP > RSTP Status.

2 In the RSTP Status tab, select a port, and then click Graph.

The RSTP Port—RSTP Stats window appears (Figure 102 on page 247).

Table 40 RSTP—RSTP Status fields

Field Description

Port A unique value, greater than zero, indicating the port number.

State The current state of the port as defined by application of the Spanning Tree Protocol. This state controls what action a port takes on reception of a frame.

Role This indicates the current port role assumed by this port.

OperVersion This indicates whether the port is operationally in the RSTP or STP-compatible mode, that is, whether the port transmits RSTP BPDUs or Config/TCN BPDUs.

EffectivePortState The effective operational state of the port. This object is set to true when the port is operationally up in the Interface Manager, and Force Port State for this port and the specified port state is enabled. Otherwise, this object is set to false.

314725-E Rev 00


Figure 102 RSTP Port—RSTP Stats

Table 41 describes the statistics shown in Figure 102.

Table 41 RSTP Port—RSTP Stats fields

Field Description

RxRstBpduCount The number of RSTP BPDUs that were received on this port.

RxConfigBpduCount The number of configuration BPDUs that were received on this port.

RxTcnBpduCount The number of TCN BPDUs that were received on this port.

TxRstBpduCount The number of RSTP BPDUs that were transmitted by this port.

TxConfigBpduCount The number of Config BPDUs that were transmitted by this port.

TxTcnBpduCount The number of TCN BPDUs that were transmitted by this port.

InvalidRstBpduRxCount The number of invalid RSTP BPDUs that were received on this port. A trap is generated on the occurrence of this event.

InvalidConfigBpduRx

Count

The number of invalid configuration BPDUs that were received on this port. A trap is generated on the occurrence of this event.



InvalidTcnBpduRxCount The number of invalid TCN BPDUs that were received on this port. A trap is generated on the occurrence of this event.

ProtocolMigrationCount The number of times this port has migrated from one STP protocol version to another. The relevant protocols are STP-Compatible and RSTP. A trap is generated on the occurrence of this event.

Table 41 RSTP Port—RSTP Stats fields (continued)

Field Description

314725-E Rev 00

249

Chapter 5Configuring link aggregation using Device Manager

This chapter describes how to configure link aggregation in your network. For conceptual information about link aggregation, see “Link aggregation (MLT, SMLT, LACP, VLACP)” on page 78.


Configuring link aggregation

This section describes how to configure and manage link aggregation, including LACP, VLACP, and multilink trunking. This section includes the following topics:

• “Configuring LACP globally” on page 250

• “Configuring VLACP globally” on page 252

• “Adding a MultiLink/LACP trunk” on page 253

• “Adding ports to a multilink trunk” on page 258

• “Viewing multilink trunk interface statistics” on page 259

• “Viewing multilink trunk Ethernet error statistics” on page 261

• “Managing LACP information” on page 265

• “Configuring a port for LACP” on page 267

• “Configuring a port for Virtual LACP” on page 271

Topic Page

Configuring link aggregation 249

Configuring Split Multilink Trunking 276

Configuring Simple Loop Prevention Protocol 290


250 Chapter 5 Configuring link aggregation using Device Manager

• “Viewing LACP statistics” on page 273

Configuring LACP globally

The main purpose of LACP is to manage switch ports and their port memberships to form link aggregation groups (LAG). LACP can dynamically add or remove LAG ports, depending on their availability and states.

To configure Link Aggregation Control Protocol (LACP) globally:

1 From the Device Manager menu bar, choose VLAN > MLT/LACP.

The MLT_LACP—LACP Global tab appears (Figure 103 on page 251).

Note: Standby mode for aggregation groups of larger than eight ports is not supported in the current release.

Note: LACP does not support jumbo frames on the Ethernet Routing Switch 8600 v4.1

314725-E Rev 00

Chapter 5 Configuring link aggregation using Device Manager 251

Figure 103 MLT_LACP—LACP Global tab

2 To enable LACP globally, select Enable.

3 Edit the remaining boxes as desired, or retain the default values.

Table 42 defines the MLT_LACP—LACP Global tab fields.

4 Click Apply.

Note: Configuration changes to the LACP timers are not reflected immediately. LACP timers are not reset until the next time LACP is restarted globally or on a port. This ensures consistency with peer switches.

Table 42 MLT_LACP—LACP Global tab fields

Field Description

Enable Globally enable or disable LACP.

SystemPriority Sets the system priority to all the LACP enabled aggregators and ports.



Configuring VLACP globally

Virtual LACP is an LACP extension that is used for end to end failure detection.VLACP uses the Hello mechanism of LACP to periodically send Hello packets to ensure there is end to end reachability. When Hello packets are not received, VLACP transitions to a failure state, which indicates a service provider failure, and the port is disabled.

To configure Virtual LACP (VLACP) globally:


The MLT_LACP box appears (Figure 103 on page 251).

2 Click the VLACP Global tab.

FastPeriodicTime Specifies the number of milliseconds between periodic transmissions using short timeouts. Sets this value to all LACP enabled ports.

FastPeriodicTimeOper The operating value of the fast periodic timer on the port.

SlowPeriodicTime Specifies the number of milliseconds between periodic transmissions using long timeouts. Sets this value to all LACP enabled ports.

SlowPeriodicTimeOper The operating value of the slow periodic timer on the port.

AggrWaitTimeOper The operating value of the aggregate wait timer on the port.

AggrWaitTime Specifies the number of milliseconds to delay aggregation to allow multiple links to aggregate simultaneously.

TimeoutScale Sets the value used to calculate timeout time from the periodic time. Sets this value to all LACP enabled ports. The range is 2 to 10.

TimeoutScaleOper The operating value of the timeout scale on the port.

SmltSysId LACP system ID for split multilink trunks.

Note: VLACP does not support jumbo frames on the Ethernet Routing Switch 8600 v4.1

Table 42 MLT_LACP—LACP Global tab fields (continued)

Field Description

314725-E Rev 00


The MLT_LACP—VLACP Global tab appears (Figure 104).

Figure 104 VLACP Global

3 Select VlacpEnable. If selected, VLACP is enabled globally.

4 Click Apply.

Adding a MultiLink/LACP trunk

To add a MultiLink/LACP trunk:


The MLT_LACP, LACP Global tab appears (Figure 103 on page 251).

2 Click the MultiLink/LACP Trunks tab.

The MultiLink/LACP Trunks tab appears (Figure 105 on page 254), displaying multilink trunk information.



Figure 105 MLT_LACP—MultiLink/LACP Trunks

3 In the MultiLink/LACP Trunks box, click Insert.

The MLT_LACP, Insert Multilink/LACP Trunks box (Figure 106 on page 255) appears.

314725-E Rev 00


Figure 106 MLT_LACP, Insert MultiLink/LACP Trunks box

4 In the Id text box, type the ID number for the multilink trunk.

5 In the SvlanPortType text box, select normal, uni, or nni.

6 In the PortType section, select access or trunk.

7 In the Name text box, type a name for the multilink trunk, or accept the default name.

8 Select member ports and VLANs for this MLT/LACP trunk:

a In the PortMembers box, click the ellipsis (...), select the desired ports in the MltPortMembers box that appears, and then click Ok.

b In the VlanIds box, click the ellipsis (...), select the desired VLANs in the VlanIds box that appears, and then click Ok.

9 In the MltType section, select normalMLT, istMLT, or splitMLT.

For information about configuring SMLT, see “Adding a MLT-based SMLT” on page 276.

• If splitMLT is chosen, in the SmltID box, enter the SMLT ID number.



10 In the Multicast Distribution box, select enable or disable.

11 Select or clear NtStgEnable.

12 In the Aggregatable box, select enable or disable.

13 Click Insert.

The MLT is added to the MultiLink/LACP Trunks tab in the MLT_LACP box.

Table 43 defines the MultiLink/LACP Trunks tab fields.

Note: Multicast distribution over MLT is supported only on Ethernet Routing Switch 8600 E, M, and R modules. For detailed information about configuring multicast distribution over MLT, see Configuring IP Multicast Routing Protocols.

Table 43 MultiLink/LACP Trunks tab fields

Field Description

Id A value that uniquely identifies the multilink trunk.

SvlanPortType Sets multilink trunk port type:

• normal (default)

• uni (user-to-network interface)You must configure ports to which you want to provide VLAN transparency as UNI ports. UNI ports can only belong to one SVLAN. When you designate a port as a UNI port, the DiscardTaggedFrames parameter is automatically configured (Edit > Port > General > VLAN). This prevents traffic from leaking to other VLANs.

• nni (network-to-network interface)

NNI ports interconnect the switches in the core network, drop untagged frames on ingress, and insert the SVLAN tag at the egress. When you configure an NNI port, the DiscardUnTaggedFrames parameter is automatically configured (Edit > Port > General > VLAN).

PortType Sets access or trunk port. Note: When the aggregatable field is set to enable, this field becomes read-only.

Name The name given to the multilink trunk.

314725-E Rev 00


PortMembers The ports assigned to the multilink trunk.

MLT is supported on 10Base-T, 100Base-TX, 100Base-FX, and Gigabit Ethernet ports. All ports in an multilink trunk must be of the same media type (copper or fiber) and have the same settings for speed and duplex. All untagged ports must belong to the same spanning tree group.

For Ethernet Routing Switch 8600 modules, up to eight same-type ports can belong to a single multilink trunk.Note: When the aggregatable field is set to enable, this field becomes read-only.

VlanIds The VLANs to which the ports belong. Note: When the aggregatable field is set to enable, this field becomes read-only.

MltType Editable field for specifying the type of multilink trunk:• normalMLT

• istMLT

• splitMLT

RunningType Split MLT running type.

SmltId The split multilink trunk ID assigned to both ends of the split trunk.Note: The corresponding split multilink trunks between aggregation switches must have the same SMLT ID.

IfIndex Interface index.

Multicast Distribution The multicast distribution state on MLT ports:

• enabled

• disabled (default) Multicast distribution must also be configured on the chassis (Edit > Chassis > Mcast MLT Distribution). For more information, see Configuring IP Routing Multicast Protocols.

Note: Multicast distribution over MLT is supported only on Ethernet Routing Switch 8600 E, M, and R modules.

ClearLinkAggregate Clear link aggregate is equivalent to disabling and re-enabling aggregatable on the MLT.

NtStgEnable Specifies if this multilink trunk is operating in Nortel Mode or in Cisco Mode.

• true—Nortel mode

• false—Cisco mode

Table 43 MultiLink/LACP Trunks tab fields (continued)

Field Description



Adding ports to a multilink trunk

To add ports to an existing multilink trunk:


The MLT_LACP, LACP Global tab appears.


The MultiLink/LACP Trunks tab appears (Figure 105 on page 254).

3 Click Insert.

The MLT_LACP, Insert MultiLink/LACP Trunks box (Figure 106 on page 255) appears.

4 Double-click in the PortMembers box for the multilink trunk to which you are adding ports.

The MltPortMembers box (Figure 107 on page 259) appears, showing the ports currently assigned for the selected multilink trunk. Available ports are editable.

DesignatedPort Indicates the designated port for the MLT.

Aggregatable Specifies if link aggregation is enabled or disabled.

AggOperState Link aggregation state on a MLT.

AggTimeofLastOperChange The time value since the interface entered its current operational state.

Table 43 MultiLink/LACP Trunks tab fields (continued)

Field Description

314725-E Rev 00


Figure 107 MltPortMembers box

5 In the MltPortMembers box, click the port numbers to be added, or click All to add all ports to the multilink trunk.

• For Ethernet Routing Switch 8600 modules, up to eight ports can belong to a single multilink trunk.

6 Click Ok.

The MltPortMembers box closes. The port numbers are added to the selected multilink trunk on the MultiLink/LACP Trunks tab in the MLT_LACP box.

7 Click Apply.

The ports are added to the multilink trunk.

Viewing multilink trunk interface statistics

To view multilink trunk interface statistics:


The MLT_LACP—LACP Global tab appears (Figure 103 on page 251).



3 Select a multilink trunk.

4 Click Graph.



The Statistics, MLT—Interface tab appears (Figure 108), displaying interface statistics for the selected multilink trunk.

Figure 108 Statistics, MLT—Interface tab

Table 44 defines the fields on the Interface tab.

Table 44 Statistics, MLT—Interface tab fields

Field Description

InOctets The total number of octets received on the multilink trunk interface, including framing characters.

OutOctets The total number of octets transmitted out of the multilink trunk interface, including framing characters.

InUcastPkts The number of packets delivered by this multilink trunk to higher level protocols that were not addressed to a multicast or broadcast address at this sublayer.

OutUcastPkts The number of packets that higher level protocols requested be transmitted that were not addressed to a multicast address at this multilink trunk. This total number includes those packets discarded or unsent.

InMulticastPkt The number of packets delivered to this multilink trunk that were addressed to a multicast address at this sublayer. For a MAC layer protocol, this number includes both Group and Functional addresses.

314725-E Rev 00


Viewing multilink trunk Ethernet error statistics

To view multilink trunk Ethernet error statistics:





3 Select a multilink trunk, and then click Graph.

The Statistics, MLT box appears (Figure 108 on page 260).

4 Click the Ethernet Errors tab.

The Ethernet Errors tab (Figure 109 on page 262) appears, displaying statistics.

OutMulticast The total number of packets that higher-level protocols requested be transmitted, and that were addressed to a multicast address at this multilink trunk, including those that were discarded or not sent. For a MAC layer protocol, this number includes both Group and Functional addresses.

InBroadcastPkt The number of packets delivered to this multilink trunk that were addressed to a broadcast address at this sublayer.

OutBroadcast The total number of packets that higher-level protocols requested be transmitted, and that were addressed to a broadcast address at this multilink trunk, including those that were discarded or not sent.

Table 44 Statistics, MLT—Interface tab fields (continued)

Field Description



Figure 109 Statistics, MLT—Ethernet Errors tab

Table 45 on page 263 lists and defines the fields on the Ethernet Errors tab.

314725-E Rev 00


Table 45 Statistics, MLT—Ethernet Errors tab fields

Field Description

AlignmentErrors A count of frames received on a particular multilink trunk that are not an integral number of octets in length and do not pass the FCS check. The count represented by an instance of this object increments when the alignmentError status is returned by the MAC service to the LLC (or other MAC user). Received frames for which multiple error conditions occur are, according to the conventions of IEEE 802.3 Layer Management, counted exclusively according to the error status presented to the LLC.

FCSErrors A count of frames received on a multilink trunk that are an integral number of octets in length but do not pass the Frame Check Sequence (FCS) check. The count represented by an instance of this object increments when the FrameCheckError status is returned by the MAC service to the LLC (or other MAC user). Received frames for which multiple error conditions occur are, according to the conventions of IEEE 802.3 Layer Management, counted exclusively according to the error status presented to the LLC.

IMacTransmitError A count of frames for which transmission on a particular multilink trunk fails due to an internal MAC sublayer transmit error. A frame is only counted by an instance of this object if it is not counted by the corresponding instance of either the LateCollisions object, the ExcessiveCollisions object, or the CarrierSenseErrors object.

IMacReceiveError A count of frames for which reception on a particular multilink trunk fails due to an internal MAC sublayer receive error. A frame is only counted by an instance of this object if it is not counted by the corresponding instance of either the FrameTooLongs object, the AlignmentErrors object, or the FCSErrors object.

The precise meaning of the count represented by an instance of this object is implementation specific. In particular, an instance of this object can represent a count of receive errors on a particular interface that are not otherwise counted.

CarrierSenseError The number of times that the carrier sense condition was lost or never asserted when attempting to transmit a frame on a particular multilink trunk. The count represented by an instance of this object increments at most once per transmission attempt, even if the carrier sense condition fluctuates during a transmission attempt.



FrameTooLong A count of frames received on a particular multilink trunk that exceeds the maximum permitted frame size. The count represented by an instance of this object increments when the frameTooLong status is returned by the MAC service to the LLC (or other MAC user). Received frames for which multiple error conditions occur are, according to the conventions of IEEE 802.3 Layer Management, counted exclusively according to the error status presented to the LLC.

SQETestError A count of times that the SQE test error message is generated by the PLS sublayer for a particular multilink trunk. The SQE test error message is defined in section 7.2.2.2.4 of ANSI/IEEE 802.3-1985.

DeferredTransmiss A count of frames for which the first transmission attempt on a particular multilink trunk is delayed because the medium is busy. The count represented by an instance of this object does not include frames involved in collisions.

SingleCollFrames A count of successfully transmitted frames on a particular multilink trunk for which transmission is inhibited by exactly one collision. A frame that is counted by an instance of this object is also counted by the corresponding instance of either the ifOutUcastPkts object, the ifOutMulticastPkts object, or the ifOutBroadcastPkts object, and is not counted by the corresponding instance of the MultipleCollisionFrames object.

MultipleCollFrames A count of successfully transmitted frames on a particular multilink trunk for which transmission is inhibited by more than one collision. A frame that is counted by an instance of this object is also counted by the corresponding instance of either the ifOutUcastPkts object, the ifOutMulticastPkts object, or the ifOutBroadcastPkts object, and is not counted by the corresponding instance of the SingleCollisionFrames object.

LateCollisions The number of times that a collision is detected on a particular multilink trunk later than 512 bit-times into the transmission of a packet; 512 corresponds to 51.2 microseconds on a 10 Mb/s system. A (late) collision included in a count represented by an instance of this object is also considered as a (generic) collision for purposes of other collision-related statistics.

ExcessiveCollis A count of frames for which transmission on a particular multilink trunk fails due to excessive collisions.

Table 45 Statistics, MLT—Ethernet Errors tab fields (continued)

Field Description

314725-E Rev 00


Managing LACP information

To manage LACP information:


The MLT_LACP, LACP Global tab appears (Figure 103 on page 251).

2 Click the LACP tab.

The LACP tab appears (Figure 110), displaying multilink trunk information.

Figure 110 MLT_LACP—LACP tab

Table 46 defines the LACP tab fields.

3 Click on the fields to edit them. Some fields cannot be edited, as noted in Table 46.

4 Click Apply.

Note: Standby mode for aggregation groups of larger than eight ports is not supported in the current release.

Table 46 MLT_LACP—LACP tab fields

Field Description

Index The unique identifier allocated to this aggregator by the local system. This attribute identifies an aggregator instance among the subordinate managed objects of the containing object. This value is read-only.

MACAddress The six octet read-only value carrying the individual MAC address assigned to the aggregator.



ActorSystemPriority The two octet read-write value indicating the priority value associated with the actor's system ID.

ActorSystemID The six octet read-write MAC address value used as a unique identifier for the system that contains this aggregator.

Note: From the perspective of the link aggregation mechanisms, only a single combination of actor system ID and system priority are considered, and no distinction is made between the values of these parameters for an aggregator and the ports that are associated with it; that is, the protocol is described in terms of the operation of aggregation within a single system. However, the managed objects provided for the aggregator and the port both allow management of these parameters. The result of this is to permit a single piece of equipment to be configured by management to contain more than one system from the point of view of the operation of link aggregation. This can be of particular use in the configuration of equipment that has limited aggregation capability.

AggregateOrIndividual A read-only value indicating whether the aggregator represents an aggregate (true) or an individual link (false)

ActorAdminKey The current administrative value of the key for the aggregator. The administrative key value can differ from the operational key value. This is a 16 bit read-write value. The meaning of particular key values is of local significance.

ActorOperKey The current operational value of the key for the aggregator. The administrative key value can differ from the operational key value. This is a 16 bit read-only value. The meaning of particular key values is of local significance.

PartnerSystemID The six octet read-only MAC address value consisting of the unique identifier for the current protocol partner of this aggregator. A value of zero indicates that there is no known partner. If the aggregation is manually configured, this system ID value is a value assigned by the local system.

PartnerSystemPriority The two octet read-only value that indicates the priority value associated with the partner system ID. If the aggregation is manually configured, this system priority value is a value assigned by the local System.

PartnerOperKey The current operational value of the key for the aggregator current protocol partner. This is a 16 bit read-only value. If the aggregation is manually configured, this key value is a value assigned by the local system.

Table 46 MLT_LACP—LACP tab fields (continued)

Field Description

314725-E Rev 00


Configuring a port for LACP

To configure a port for LACP:

1 Select a port.


The Port—Interface tab appears.


The Port—LACP tab appears (Figure 111), displaying multilink trunk information.

Figure 111 Port—LACP tab

Table 47 on page 268 defines the Port—LACP tab fields.

4 Select AdminEnable.

5 Edit the remaining boxes as desired.



6 Click Apply.

Table 47 Port—LACP tab fields

Field Description

AdminEnable Sets the enabled status for LACP for the port.

OperEnable Indicates the operational status of LACP for the port.

FastPeriodicTime Specifies the number of milliseconds between periodic transmissions using short timeouts. Set this value to all LACP enabled ports.

FastPeriodicTimeOper The operating value of the fast periodic timer on the port.

SlowPeriodicTime Specifies the number of milliseconds between periodic transmissions using long timeouts. Set this value to all LACP enabled ports.

SlowPeriodicTimeOper The operating value of the slow periodic timer on the port.

AggrWaitTime Specifies the number of milliseconds to delay aggregation to allow multiple links to aggregate simultaneously.

AggrWaitTimeOper The operating value of the aggregate wait timer on the port.

TimeoutScale Sets the value used to calculate timeout time from the periodic time. Set this value to all LACP enabled ports.

TimeoutScaleOper The operating value of the timeout scale on the port.

ActorSystemPriority The two octet read-write value indicating the priority value associated with the actor system ID.

ActorSystemID The six octet read-write MAC address value used as a unique identifier for the system that contains this aggregator. Note: From the perspective of the link aggregation mechanisms, only a single combination of actor system ID and system priority are considered, and no distinction is made between the values of these parameters for an aggregator and the ports that are associated with it; that is, the protocol is described in terms of the operation of aggregation within a single system. However, the managed objects provided for the aggregator and the port both allow management of these parameters. The result of this is to permit a single piece of equipment to be configured by management to contain more than one system from the point of view of the operation of link aggregation. This can be of particular use in the configuration of equipment that has limited aggregation capability.

314725-E Rev 00


ActorAdminKey The current administrative value of the key for the aggregator. The administrative key value can differ from the operational key value. This is a 16-bit read-write value. The meaning of particular key values is of local significance.

ActorOperKey The current operational value of the key for the aggregator. The administrative key value can differ from the operational key value. This is a 16-bit read-only value. The meaning of particular key values is of local significance.

SelectedAggID The identifier value of the aggregator that this aggregation port has currently selected. Zero indicates that the aggregation port has not selected an aggregator, either because it is in the process of detaching from an aggregator or because there is no suitable aggregator available for it to select. This value is read-only.

AttachedAggID The identifier value of the aggregator to which this aggregation port is currently attached. Zero indicates that the aggregation port is not currently attached to an aggregator. This value is read-only.

ActorPort The port number locally assigned to the aggregation port. The port number is communicated in LACPDUs as the Actor_Port. This value is read-only.

ActorPortPriority The priority value assigned to this aggregation port. This 16-bit value is read-write.

ActorAdminState A string of eight bits, corresponding to the administrative values as transmitted by the actor in LACPDUs. The values are:• the first bit corresponds to bit 0 of Actor_State

(LACP_Activity)

• the second bit corresponds to bit 1 (LACP_Timeout)• the third bit corresponds to bit 2 (Aggregation)

• the fourth bit corresponds to bit 3 (Synchronization)

• the fifth bit corresponds to bit 4 (Collecting)• the sixth bit corresponds to bit 5 (Distributing)

• the seventh bit corresponds to bit 6 (Defaulted)

• the eighth bit corresponds to bit 7 (Expired)These values allow administrative control over the values of LACP_Activity, LACP_Timeout and aggregation. This attribute value is read-write.

ActorOperState A string of eight bits, corresponding to the current operational values of Actor_State as transmitted by the actor in LACPDUs. This attribute value is read-only.

Table 47 Port—LACP tab fields (continued)

Field Description



PartnerAdminSystemPriority The current administrative value of the port number for the protocol Partner. This is a 16 bit read-write value. The assigned value is used, along with the value of PartnerAdminSystemPriority, PartnerAdminSystemID, PartnerAdminKey, and PartnerAdminPortPriority, to achieve manually configured aggregation.

PartnerOperSystemPriority A two octet read-only value indicating the operational value of priority associated with the partner system ID. The value of this attribute can contain the manually configured value carried in PartnerAdminSystemPriority if there is no protocol partner.

PartnerAdminSystemID A six octet read-write MAC address value representing the administrative value of the aggregation port protocol partner's system ID. The assigned value is used, along with the value of PartnerAdminSystemPriority, PartnerAdminKey, PartnerAdminPort, and PartnerAdminPortPriority, to achieve manually configured aggregation.

PartnerOperSystemID A six octet read-only MAC address value representing the current value of the aggregation port's protocol partner system ID. A value of zero indicates that there is no known protocol partner. The value of this attribute can contain the manually configured value carried in PartnerAdminSystemID if there is no protocol partner.

PartnerAdminKey The current administrative value of the key for the protocol partner. This is a 16 bit read-write value. The assigned value is used, along with the value of PartnerAdminSystemPriority, PartnerAdminSystemID, PartnerAdminPort, and PartnerAdminPortPriority, to achieve manually configured aggregation.

PartnerOperKey The current operational value of the key for the aggregator current protocol partner. This is a 16-bit read-only value. If the aggregation is manually configured, this key value is a value assigned by the local system.

PartnerAdminPort The current administrative value of the port number for the protocol partner. This is a 16 bit read-write value. The assigned value is used, along with the value of PartnerAdminSystemPriority, PartnerAdminSystemID, PartnerAdminKey, and PartnerAdminPortPriority, to achieve manually configured aggregation.


Field Description

314725-E Rev 00


Configuring a port for Virtual LACP

VLACP is an extension to LACP which you can use to detect end-to-end failure. To configure a port for VLACP:

1 Select a port.


The Port—Interface tab appears.

3 Click the VLACP tab.

The Port—VLACP tab appears (Figure 112 on page 272).

PartnerOperPort The operational port number assigned to this aggregation port by the aggregation port's protocol partner. The value of this attribute can contain the manually configured value carried in AggPortPartnerAdminPort if there is no protocol partner. This 16 bit value is read-only.

PartnerAdminPortPriority The current administrative value of the port priority for the protocol Partner. This is a 16 bit read-write value. The assigned value is used, along with the value of PartnerAdminSystemPriority, PartnerAdminSystemID, PartnerAdminKey, and PartnerAdminPort, to achieve manually configured aggregation.

PartnerOperPortPriority The priority value assigned to this aggregation port by the partner. The value of this attribute can contain the manually configured value carried in PartnerAdminPortPriority if there is no protocol Partner. This 16 bit value is read-only.

PartnerAdminState A string of 8 bits, corresponding to the current administrative value of Actor_State for the protocol partner. This attribute value is read-write. The assigned value is used to achieve manually configured aggregation.

PartnerOperState A string of eight bits, corresponding to the current values of Actor_State in the most recently received LACPDU transmitted by the protocol Partner. In the absence of an active protocol partner, this value can reflect the manually configured value PartnerAdminState. This attribute value is read-only.


Field Description



Figure 112 Port—VLACP tab

Table 48 defines the Port—VLACP tab fields.

4 Select AdminEnable.

5 Edit the remaining fields as desired.

6 Click Apply.

Table 48 Port—VLACP tab fields

Field Description

AdminEnable Sets the enabled status for VLACP for the port.

OperEnable Indicates the operational status of VLACP for the port.

FastPeriodicTimer Specifies the number of milliseconds between periodic transmissions using short timeouts. Sets this value to all VLACP enabled ports.

SlowPeriodicTimer Specifies the number of milliseconds between periodic transmissions using long timeouts. Set this value to all VLACP enabled ports.

Timeout The timeout control value. It is long or short timeout.

314725-E Rev 00


Viewing LACP statistics

To view LACP statistics for a particular port:

1 Select a port.

2 From the Device Manager menu bar, choose Graph > Port.

The Graph Port—Interface tab appears (Figure 113 on page 274).

TimeoutScale Sets the value used to calculate timeout time from the periodic time. Sets this value to all VLACP enabled ports. Timeout = PeriodicTime * TimeoutScale. The range is from 2 to 10.

EtherType The VLACP protocol identification. The ID is in hexadecimal.

EtherMacAddress The multicast MAC address exclusively used for VLACPDUs.

PortState Specifies the VLACP port state.

Table 48 Port—VLACP tab fields (continued)

Field Description



Figure 113 Graph Port—Interface tab


The LACP tab appears (Figure 114), displaying LACP statistics.

Figure 114 Graph Port—LACP tab

4 You can change the Poll Interval if desired.

314725-E Rev 00


Table 49 defines the Graph Port—LACP tab fields.

Table 49 Graph Port—LACP tab fields

Field Description

LACPDUsRx The number of valid link aggregation control protocol data units (LACPDU) received on this aggregation port.

MarkerPDUsRx The number of valid marker PDUs received on this aggregation port.

MarkerResponsePDUsRx The number of valid marker response PDUs received on this aggregation port.

UnknownRx The number of frames received that either:

• carry Slow Protocols Ethernet type values, but contain an unknown PDU.

• are addressed to the Slow Protocols group MAC Address, but do not carry the Slow Protocols Ethernet Type.

IllegalRx The number of frames received that carry the Slow Protocols Ethernet Type value (43B.4), but contain a badly formed PDU or an illegal value of Protocol Subtype (43B.4).

LACPDUsTx The number of LACPDUs transmitted on this aggregation port.

MarkerPDUsTx The number of marker PDUs transmitted on this aggregation port.

MarkerResponsePDUsTx The number of marker response PDUs transmitted on this aggregation port.



Configuring Split Multilink Trunking

This section describes how to use Device Manager to configure Split MultiLink Trunking (SMLT) and includes the following topics:

• “Adding a MLT-based SMLT”

• “Viewing MLT-based SMLTs” on page 278

• “Adding ports to an MLT-based SMLT” on page 279

• “Configuring an IST multilink trunk” on page 280

• “Viewing IST statistics” on page 283

• “Configuring a single port split multilink trunk” on page 286

• “Viewing Single Port SMLTs” on page 288

• “Deleting a Single Port SMLT” on page 289

Adding a MLT-based SMLT

If you are configuring SMLT, you do not need to create a multilink trunk before creating an SMLT. You can create an SMLT by selecting the multilink trunk type as split multilink trunk and then specifying an SMLT ID.

To add an MLT-based split multilink trunk:





3 Click Insert.

The MultiLink/LACP, Insert MultiLink/LACP Trunks box (Figure 106 on page 255) appears.


314725-E Rev 00


4 In the Id box, the next available MLT ID is displayed. You can use this ID or type an available MLT ID number.

5 In the SvlanPortType box, select normal.

6 In the PortType box, select Access or Trunk.

7 In the Name box, type a name to identify the MLT-based split multilink trunk port.


The MltPortMembers box appears, displaying the available ports.

9 Click the ports you want to include in the MLT-based split multilink trunk.

• For Ethernet Routing Switch 8600 modules, up to eight same-type ports can belong to a multilink trunk.

10 Click Ok.

The MltPortMembers box closes and the ports are added to the PortMembers box on the Insert MultiLink Trunks tab.

11 In the VlanIds box, click the ellipsis (...).

The VlanIds box appears, displaying the available VLANs.

12 Select the VLAN IDs for the MLT-based split multilink trunk port, and then click Ok.

The VlanIds box closes and the VLANs are added to the VlanIds box in the MLT, Insert Trunks box.

13 In the MltType box, select splitMLT.

The SmltId box becomes editable.

14 In the SmltId box, type an unused SMLT ID.

To view the SMLT IDs currently in use on the switch, see “Viewing Single Port SMLTs” on page 288.

Note: The corresponding split multilink trunks between aggregation switches must have matching SMLT IDs. The same ID number must be used on both switches.



15 Click Insert.

The Insert MultiLink/LACP Trunks box closes, and the new MLT-based split multilink trunk appears in the MultiLink/LACP Trunks tab.

16 On the MultiLink/LACP Trunks tab, click Close.

The MLT-based split multilink trunk is added.

Viewing MLT-based SMLTs

To view the MLT-based split multilink trunks configured on your switch:

1 From the menu bar, choose VLAN > SMLT.

The SMLT box appears (Figure 121 on page 288).

2 Click the SMLT Info tab.

The SMLT Info tab appears with all the configured MLT-based split multilink trunks displayed (Figure 115 on page 279).

314725-E Rev 00


Figure 115 SMLT—SMLT Info tab

Table 50 describes the fields on the SMLT Info tab.

Adding ports to an MLT-based SMLT

To add ports to an existing MLT-based split multilink trunk:


The LACP Global tab appears (Figure 103 on page 251).

Table 50 SMLT Info tab fields

Field Description

Id Read-only field displaying the MLT ID for this split multilink trunk.

SmltId The MLT-based split multilink trunk ID number.

MltType Editable field for specifying the type of multilink trunk:

• normalMLT

• istMLT• splitMLT

RunningType Read-only field displaying the MLT operational type:

• normalMLT• istMLT

• splitMLT





3 Double-click the PortMembers box for the MLT-based split multilink trunk to which you are adding ports.

The MltPortMembers box (Figure 107 on page 259) appears for the specified SMLT ID. Available ports are editable.

4 Select the port numbers to be added, or click All to select all ports.

• For Ethernet Routing Switch 8600 modules, up to eight same-type ports can belong to a single multilink trunk.

5 Click Ok.

The MltPortMembers box closes and the ports are added to the Port Members box on the MultiLink Trunks tab.

6 On the MultiLink/LACP Trunks tab, click Apply.

The ports are added to the MLT-based split multilink trunk.

Configuring an IST multilink trunk

To configure an IST multilink trunk:





3 Click Insert.

The MLT_LACP, Insert Multilink/LACP Trunks box (Figure 106 on page 255) appears.

4 In the PortMembers box for the IST multilink trunk, click the ellipsis (...).

The MltPortMembers box appears, displaying the available ports.

5 Click the ports you want to include in the IST multilink trunk.

314725-E Rev 00


6 Click Ok.

The MltPortMembers box closes and the ports are added to the PortMembers box for the IST multilink trunk in the Insert MultiLink Trunks tab.

7 In the MltType box, select istMLT.

8 In the PortType box, select trunk.

9 Configure the remaining boxes as required.

10 Click Insert.

The IST MLT box appears (Figure 116).

Figure 116 IST MLT

11 Enter the peer IP address and the VLAN ID.

12 Select enable, then click Apply.

The IST is added to the MLT_LACP box.

13 Disable CP-Limit on the port using the CLI command:

config ethernet <slot/port> cp-limit disable

The IST multilink trunk is configured. For more information, see ““CP Limit and SMLT interswitch trunking” on page 112 and “Configuring CP-Limit for an IST” on page 459.



Table 51 describes the IST multilink trunk fields.

Editing an IST

To edit an existing IST, use the following procedure.

1 In Device Manager, go to VLAN > MLT/LACP > MultiLink/LACP Trunks.

2 In the MLT_LACP box, select the IST.

3 Click IstMlt.

The IST MLT box (Figure 117) appears. For field definitions, see Table 51 on page 282.

Figure 117 IST MLT

4 In the PeerIp box, enter the peer IP address.

5 In the VlanId box, enter a VLAN ID.

Table 51 Ist multilink trunk fields

Field Description

PeerIp IST multilink trunk peer IP address.

VlanId An IST VLAN ID number.

SessionEnable Enable/disable IST functionality.

314725-E Rev 00


6 In the SessionEnable box, select either enable or disable.

7 Click Apply.

The IST MLT box closes and the changes are applied.

Viewing IST statistics

To view IST statistics on an interface:



2 Click the Ist/SMLT Stats tab.

The Ist/SMLT Stats tab appears (Figure 118 on page 284).



Figure 118 Ist/SMLT Stats tab

Table 52 describes the Ist/SMLT statistics.

Table 52 MLT_LACP—Ist/SMLT Stats tab fields

Field Description

SmltIstDownCnt The number of IST down messages.

SmltHelloTxMsgCnt The number of hello messages transmitted.

SmltHelloRxMsgCnt The number of hello messages received.

SmltLearnMacAddrTxMsgCnt The number of learn MAC address messages transmitted.

SmltLearnMacAddrRxMsgCnt The number of learn MAC address messages received.

314725-E Rev 00


SmltMacAddrAgeOutTxMsgCnt The number of MAC address aging out messages transmitted.

SmltMacAddrAgeOutRxMsgCnt The number of MAC address aging out messages received.

SmltMacAddrAgeExpTxMsgCnt The number of MAC address age expired messages transmitted.

SmltMacAddrAgeExpRxMsgCnt The number of MAC address age expired messages received.

SmltStgInfoTxMsgCnt The number of SMLT STG info messages transmitted.

SmltStgInfoRxMsgCnt The number of SMLT STG info messages received.

SmltDelMacAddrTxMsgCnt The number of deleted MAC address messages transmitted.

SmltDelMacAddrRxMsgCnt The number of deleted MAC address messages received.

SmltSmltDownTxMsgCnt The number of SMLT down messages transmitted.

SmltSmltDownRxMsgCnt The number of SMLT down messages received.

SmltSmltUpTxMsgCnt The number of SMLT up messages transmitted.

SmltSmltUpRxMsgCnt The number of SMLT up messages received.

SmltSendMacTblTxMsgCnt The number of send MAC table messages transmitted.

SmltSendMacTblRxMsgCnt The number of send MAC table messages received.

SmltIgmpTxMsgCnt The number of IGMP messages transmitted.

SmltIgmpRxMsgCnt The number of IGMP messages received.

SmltPortDownTxMsgCnt The number of port down messages transmitted.

SmltPortDownRxMsgCnt The number of port down messages received.

SmltReqMacTblTxMsgCnt The number of request MAC table messages transmitted.

SmltReqMacTblRx MsgCnt The number of request MAC table messages received.

SmltRxUnknownMsgTypeCnt The number of unknown SMLT messages received.

Table 52 MLT_LACP—Ist/SMLT Stats tab fields (continued)

Field Description



Configuring a single port split multilink trunk

Ports that are already configured as MLT or MLT-based split multilink trunks cannot be configured as a single port split multilink trunk. You must first remove the split trunk and then reconfigure the ports as a single port split multilink trunk.

LACP is supported on single port split multilink trunks.

To configure a single port split multilink trunk:

1 From the Device Manager main window, select the port.




3 Click the SMLT tab.

The Port—SMLT tab (Figure 119) appears.

Figure 119 Port—SMLT tab

4 Click Insert.

The Insert SMLT box appears (Figure 120 on page 287).

Note: The SMLT tab indicates if this port is already configured as MLT or MLT-based SMLT. If so, you cannot configure Single Port SMLT.

314725-E Rev 00


Figure 120 Port, Insert SMLT

5 In the SmltId box, enter an unused SMLT ID number.

To view the SMLT IDs that are already in use on your switch, see “Viewing Single Port SMLTs” on page 288.

6 Click Insert.

A warning message appears, informing you that the spanning tree protocol has been disabled while configuring the port with SMLT.

7 Click Ok.

The Insert SMLT box closes and the ID is entered.

Table 53 Port SMLT tab fields

Field Description

Port The slot/port number for the port.

MltId Read-only field, displaying one of the following:

• A value of 1 to 32 (or 128 for R modules in R mode) indicates that the port is part of an multilink trunk, and Single Port SMLT cannot be configured on this port.

• A value of 0 indicates that no multilink trunk is assigned, and the port can be configured for Single Port SMLT.

SmltId The split multilink trunk ID.

• A read-only field indicates the port Single Port SMLT ID assignment.

• A blank field indicates the port is not configured for Single Port SMLT. Find an unused SMLT ID by viewing the currently used IDs. See “Viewing Single Port SMLTs” on page 288.



Viewing Single Port SMLTs

To view the single port split multilink trunks configured on your switch:

➨ From the menu bar, choose VLAN > SMLT.

The SMLT box appears, and shows the single port split multilink trunks currently configured on your switch (Figure 121).

Figure 121 SMLT—Single Port SMLT

Table 54 describes the fields on the Single Port SMLT tab.

Table 54 SMLT—Single Port SMLT tab fields

Field Description

Port Read-only field that shows the port interface index number.

SmltId The ID number of the single port split multilink trunk.

RunningType Read-only field that shows the port operational type:• normalMLT

• istMLT

• splitMLT

314725-E Rev 00


Deleting a Single Port SMLT

To delete a single port split multilink trunk:

1 From the Device Manager main window, select the port.




3 Click the SMLT tab.

The Port—SMLT tab (Figure 122) appears, displaying the Single Port SMLT ID.

Figure 122 Deleting a Single Port SMLT

4 Select the single port split multilink trunk.

The single port split multilink trunk is highlighted.

5 Click Delete, and then click Close.

The single port split multilink trunk is deleted.



Configuring Simple Loop Prevention Protocol

Simple Loop Prevention Protocol (SLPP) is used at the edge of a network to prevent loops in a SMLT network if Spanning Tree is not used.

This section describes how to configure Simple Loop Prevention Protocol (SLPP), and includes the following topics:

• “Configuring SLPP globally”

• “Configuring the SLPP by VLAN” on page 291

• “Configuring the SLPP by port” on page 293

Configuring SLPP globally

To configure Simple Loop Prevention Protocol (SLPP) globally:

1 From the Device Manager menu bar, select VLAN > SLPP.

The Slpp box appears with the Global tag open (Figure 123).

Figure 123 SLPP—Global

Table 55 on page 291 describes the fields on the SLPP Global tab fields.


314725-E Rev 00


2 Select GlobalEnable.

3 In the TransmissionInterval box, enter a value for the time interval for loop detection.

4 In the EtherType box, enter the SLPP protocol value as a hexadecimal number.

5 Click Apply.

Configuring the SLPP by VLAN


The Slpp box appears with the Global tag open (Figure 123 on page 290).

2 Click the VLANS tab.

The VLANS tab appears (Figure 124).

Figure 124 Slpp—VLANS tab

3 Click Insert.

The Slpp, Insert VLANS box appears (Figure 125 on page 292).

Table 55 SLPP—Global tab fields

Field Description

GlobalEnable Globally enables or disables SLPP.

TransmissionInterval Sets the interval (in seconds) for which loop detection occurs. The range is 500 to 5000 s, and the default is 500 s.

Ether Type Specifies the SLPP protocol identification. This value is expressed in hexadecimal.



Figure 125 Slpp, Insert VLANS

Table 56 on page 293 describes the Slpp, Insert VLANS tab fields.

4 Click the VlanID ellipsis (...).

The VlanId box appears (Figure 126).

Figure 126 Slpp—Insert VlanId

5 Select the desired VLAN ID.

6 Click Ok.

7 Select SlppEnable.

8 Click Insert.

314725-E Rev 00


The ID and status of the selected VLAN appears in the Slpp—VLANS box (Figure 124 on page 291).

Configuring the SLPP by port

To configure SLPP by port:


The Slpp box appears with the Global tag open (Figure 123 on page 290).


The Slpp—Ports tab appears displaying all available ports (Figure 127 on page 294).

Table 56 SLPP, Insert VLANS fields

Field Description

VlanId Specifies the VLAN.

SlppEnable Enables SLPP on the selected VLAN. The SLPP packet transmission and reception process is active only when the SLPP operation is enabled. When the SLPP operation is disabled, no SLPP packet is sent, and any received SLPP packet is discarded.



Figure 127 Slpp—Ports tab

3 Click the SlppEnable box for the desired port and select true to enable SLPP.

4 Click Apply.

The ID and status of selected VLAN appears in the Slpp—VLANS dialog box (Figure 124 on page 291).

Table 57 describes the Slpp, Ports tab fields.

Table 57 Slpp—Ports tab fields

Field Description

IfIndex Specifies the interface index number for a port.

PktRxThreshold Specifies the threshold for packet reception from 1 to 20. After a port reaches the packet threshold, it is disabled.

SlppEnable Enables SLPP on the selected IfIndex.

IncomingVlanId VLAN ID of the classified packet on a port disabled by SLPP.

SrcNodeType Specifies the source node type of the received SLPP packet.

314725-E Rev 00




314725-E Rev 00

297

Chapter 6Configuring multiple DSAP and SSAP using Device Manager

With the Ethernet Routing Switch 8600, you can configure multiple DSAPs or SSAPs for SNA or user-defined VLAN types. The base implementation of the SNA VLAN allows SNA 802.2 traffic to be classified into a SNA VLAN based on a 0x04 destination SAP or 0x04 source SAP. Some applications require changing these classifications to DSAP or SSAP.

You can support any user-defined VLANs with multiple SSAPs and DSAPs. For example, you can add 31 additional protocol IDs or DSAP/SSAP values, for a total of 32, when you create a SNA 802.2 VLAN or a user-defined VLAN, or when you reconfigure a SNA 802.2 VLAN or a user-defined VLAN.

This chapter describes how to configure multiple DSAPs and SSAPs per VLAN and includes the following topics:

Note: Hardware record usage increases considerably when you configure multiple DSAPs or SSAPs for SNA or user-defined VLAN types. For more information, see “Design aspects” on page 298.

Topic Page

Design aspects 298

Configuring multiple DSAPs and SSAPs per VLAN 300


298 Chapter 6 Configuring multiple DSAP and SSAP using Device Manager

Design aspects

You can configure multiple DSAPs or SSAPs for SNA or user-defined VLAN types using the CLI or Device Manager. Regardless of your configuration tool, you must first create the SNA or user-defined VLAN, and then add the DSAPs or SSAPs for this VLAN.

For user-defined VLANs, DSAP/SSAP additions can only be applied to VLANs created without any specific encapsulation type or to VLANs with an encapsulation type of LLC. The addition of DSAP/SSAP is not allowed on user-defined VLANs created with an encapsulation type of Ethernet-ii or SNAP.

For each SNA802.2 VLAN, including 31 additional DSAP/SSAP values, 256 records are created, including:

• 8 IEEE VLAN records

• 31 * 8 = 248 protocol ID records.

In this case the default 0x04 records is always created on the switch.

For each user-defined VLAN created with no encapsulation specified, a total of 280 records are created, including:


• 3 * 8 = 24 protocol ID records for the base protocol ID (specified during VLAN creation). One record of each type—LLC, Ethernet-ii and SNAP—is created in this case.

• 31 * 8 = 248 protocol ID records for the additional DSAP/SSAP added

For each user-defined VLAN created with encapsulation set to LLC, 264 hardware records are created, including:


• 1 * 8 = 8 protocol ID records for the base protocol ID (specified during VLAN creation). Only the LLC record is created in this case.


314725-E Rev 00

Chapter 6 Configuring multiple DSAP and SSAP using Device Manager 299

Nortel does not recommend using more than 10 of the user-defined VLANs, including 32 DSAP/SSAP values, due to the extensive hardware record usage which can affect overall system scalability.

You can check for hardware record availability by executing the CLI command show/sys/record-reservation.

There is only one SNA VLAN allowed on an individual port. DSAP/SSAP values can be configured provided they are not the same as the reserved values listed (see Table 58).

An exception is 0x0800, which can be configured with the encapsulation set to Logical Link Control (LLC).

Table 58 DSAP/SSAP values

Protocol name Etype DSAP SSAP OUI PID

IP_ii 0x0800

ARP_ii 0x0806

RARP_ii 0x8035

IPX(old)_iiIPX_ii

0x81370x8138

IPX(old)_SNAP

IPX_SNAP

0x000000

0x000000

0x813

70x813

8

IPX_802.3 0xE0 0xE0

IPX_802.3 0xFF 0xFF

APPLE_ii

APPLE_SNAP

0x809B

0X80F3 0x08000

7

0x809B

0x80F

3

DEC_LAT 0x6004



Configuring multiple DSAPs and SSAPs per VLAN

This procedure assumes you have already created a user-defined or an sna802.2 VLAN. See “Configuring policy-based VLANs” on page 145 for information about adding a policy-based VLAN.

To configure multiple DSAPs and SSAPS per VLAN:

1 Go to VLAN > VLANs.

The VLAN—Basic tab appears.

2 Click the Advanced tab.

The VLAN—Advanced tab appears (see Figure 128 on page 301).

DEC_ELSE 0x6000

-

0x60030x6005

- 0x6009

DEC_BPDU 0x8038

SNA_ii 0x80D5

SNA_LLC 0x04

XX

XX

0x04

NetBIOS 0xF0XX

XX0xF0

XNS

XNS_comp

0x0600

0x0807

Table 58 DSAP/SSAP values (continued)


314725-E Rev 00

Chapter 6 Configuring multiple DSAP and SSAP using Device Manager 301

Figure 128 VLAN—Advanced tab

3 Select the VLAN to which you wish to add a DSAP, and click DSAP/SSAP.

The VLAN—DSAP/SSAP VLAN box appears (Figure 129).

Figure 129 VLAN—DSAP/SSAP VLAN

4 Click Insert.

The DSAP/SSAP, VLAN, Insert DSAP/SSAP box appears (Figure 130).

Figure 130 DSAP/SSAP, VLAN, Insert DSAP/SSAP

5 Enter a DSAP/SSAP value in hexadecimal form, and then click Insert.



6 Repeat steps 5 to 6 for as many DSAP/SSAPs as you require.

314725-E Rev 00

303

Chapter 7Configuring and managing VLANs using the CLI

This chapter describes how to configure and manage VLANs using the command line interface (CLI), and includes the following topics:

For conceptual information about VLANs, see “VLANs” on page 37.

Roadmap of VLAN commands

The following roadmap lists the VLAN commands and their parameters. Use this list as a quick reference or click on any entry for more information.

Topic Page

Roadmap of VLAN commands 303

Configuring and managing a VLAN 308

Using the VLAN show commands 333

Using the show ports commands for VLANs 358

Using the VLAN IP commands 362

Command Parameter

config vlan <vid> create info

byIDS <sid> [name <value>] [color <value>]

byipsubnet <sid> <ipaddr/mask> [ name <value>] [color <value>]


304 Chapter 7 Configuring and managing VLANs using the CLI

byipsubnet-mstprstp <instance-id> <ipaddr|mask> [name <value>] [color <value>]

byport <sid> [name <value>] [color <value>]

byport-mstprstp <instance-id> [name <value>] [color <value>] [naap-vlan] [firewall-vlan] [firewall-peering-vlan]

byprotocol <sid> <ip|ipx802dot3|ipx802dot2|ipxSnap|ipxEthernet2|appleTalk|declat|decOther|sna802dot2|snaEthernet2|netBios|xns|vines|ipV6|usrDefined|rarp|PPPoE> [<pid>] [name <value>] [color <value>] [encap <value>]

byprotocol-mstprstp <instance-id> <ip|ipx802dot3|ipx802dot2|ipxSnap|ipxEthernet2|appleTalk|decLat|decOther|sna802dot2|snaEthernet2|netBios|xns|vines|ipV6|usrDefined|rarp|PPPoE> [<pid>] [name <value>] [color <value>] [encap <value>]

bysrcmac <sid> [name <value>] [color <value>]

bysrcmac-mstprstp <instance-id> [name <value>] [color <value>]

bysvlan <sid> [name <value>] [color <value>]

bysvlan-mstprstp <instance-id> [name <value>] [color <value>]

forIDS <sid> [name <value>] [color <value>]

forIDS-mstprstp <instance-id> [name <value>] [color <value>]

config vlan <vid> info

action <action choice>

add-mlt <integer>

Command Parameter

314725-E Rev 00

Chapter 7 Configuring and managing VLANs using the CLI 305

addDsapSsap <DSAP/SSAP values>

removeDsapSsap <DSAP/SSAP values>

agetime <integer>

delete

qos-level <integer>

name <vname>

config vlan <vid> fdb-entry info

aging-time <seconds>

flush

monitor <mac> status <value> <true|false>

qos-level <mac> status <value> <0..7>

sync

config vlan <vid> fdb-filter info

add <mac> port <value> [qos <value>]

pcap <mac> <enable|disable>

remove <mac>

config vlan <vid> fdb-filter notallowfrom

info

add <mac> port <value> [<srcOnly|dstOnly|Both>]

remove <mac> port <value> [<srcOnly|dstOnly|Both>]

config vlan <vid> fdb-static info


remove <mac>

Command Parameter



config vlan <vid> ports info

add <ports> [member <value>]

remove <ports> [member <value>]

ospf-passive <true|false> <ports>

config vlan <vid> srcmac info

add <macaddr>

remove <macaddr>

config vlan <vid> ip info

create <ipaddr|mask> [mac_offset <value>]

delete <ipaddr>

Rvs-Path-Chk <enable|disable> [mode <value>]

config vlan <vid> ip nlb-unicast-mode

info

<enable|disable>

config sys set flag enhanced-operational-mode true

false

config ethernet <port> loop-detect <enable|disable>

action <port-down|vlan-block|mac-discard>

arp-detect <enable|disable>

config ether <ports> auto-recover-port <enable|disable>

config ethernet <port number> action clearLoopDetectAlarm

Command Parameter

314725-E Rev 00


config ethernet <port number> info

config mac-flap-time-limit <10..5000 milliseconds>

show ports info loop-detected port <port number>

show sys link-flap-detect general-info


show vlan info all [<vid>] [port <value>] [by <value>]

show vlan info advance [<vid>] [port <value>]

show vlan info arp [<vid>] [port <value>]

show vlan info basic [<vid>] [port <value>]

show vlan info brouter-port [port <value>]

show vlan info fdb-entry [<vid>] [mac <value>] [port <value>]

show vlan info fdb-filter [<vid>] [mac <value>] [port <value>]

show vlan info fdb-static [<vid>] [mac <value>] [port <value>]

show vlan info igmp [<vid>] [port <value>]

show vlan info ip [<vid>] [port <value>]

show vlan info ports [<vid>] [port <value>]

show vlan info srcmac [<vid>] [port <value>]

Command Parameter



Configuring and managing a VLAN

To create VLANs, add or remove ports in the VLAN, set priority, change a VLAN name, or perform other operations, use the VLAN configuration commands. You can also configure reverse path checking, loop detection, Enhanced Operation mode, and other features using the CLI. In all VLAN commands in this section, vid is the VLAN ID.

This section includes the following procedures:

• “Creating a VLAN”

• “Performing general VLAN operations” on page 313

• “Configuring VLAN parameters in the forwarding database” on page 316

• “Limiting MAC learning” on page 321

• “Adding or removing VLAN ports” on page 323

• “Adding or removing VLAN source MAC addresses” on page 324

• “Configuring NLB unicast support on an IP interface” on page 325

• “Configuring Untagging Default VLAN on a Tagged Port” on page 325

• “Configuring Enhanced Operation mode” on page 326

• “Configuring VLAN Loop Detection” on page 327

• “Configuring spoof detection for a VLAN” on page 332

Creating a VLAN

To create a VLAN, use the following command:

config vlan <vid> create

show ports info all [vlan <value>] [port <value>] [by <value>]

show ports info vlans [vlan <value>] [port <value>]

Command Parameter

314725-E Rev 00


You can specify the type of VLAN and assign an IP address to the VLAN using this command. The required parameter vid is the VLAN ID. VLAN 1 is the default VLAN.

This command includes the following parameters:


followed by:

info Shows information about the type of the specified VLAN.

byIDS <sid> [name <value>] [color <value>]

Creates a VLAN for IDS.

<sid> is spanning tree ID 1 to 64.name <value> is the name of the vlan from 0 to 64 characters.

color <value> is the color of the VLAN (0 to 32). The color attribute is used by Optivity software to display the VLAN.

byipsubnet <sid> <ipaddr/mask> [ name <value>] [color <value>]

Creates an IP subnet-based VLAN.• sid is a spanning tree group ID.

• ipaddr/mask is the IP address and mask {a.b.c.d/x | a.b.c.d/x.x.x.x | default}.

• name <value> is the name of the VLAN from 0 to 20 characters.

• color <value> is the color of the VLAN (0 to 32). The color attribute is used by Optivity software to display the VLAN.

This command is available only for the Ethernet Routing Switch 8600.

byipsubnet-mstprstp <instance-id> <ipaddr|mask> [name <value>] [color <value>]

Creates a VLAN by IP subnet.

• <instance-id> is the instance ID from 0 to 63.

• <ipaddr/mask> is the subnet address or mask {a.b.c.d/x | a.b.c.d/x.x.x.x | default}.

• name <value> is the name of the VLAN.

• color <value> is the color of the VLAN from 0 to 32. The color attribute is used by Optivity software to display the VLAN.



byport <sid> [name <value>] [color <value>]

Creates a port-based VLAN.

• <sid> is the spanning tree group ID from 1 to 64 characters.


• color <value> is the color of the VLAN from 0 to 32. The color attribute is used by Optivity software to display the VLAN.

byport-mstprstp <instance-id> [name <value>] [color <value>] [naap-vlan] [firewall-vlan] [firewall-peering-vlan]

Creates a VLAN by port.


• name <value> is the name of the VLAN.

• color <value> is the color of the VLAN from 0 to 32.

• naap-vlan marks the VLAN as a NAAP VLAN.

• firewall-vlan marks the VLAN as a firewall VLAN.

• firewall-peering-vlan marks the VLAN as a firewall peering VLAN.

byprotocol <sid> <ip|ipx802dot3|ipx802dot2|ipxSnap|ipxEthernet2|appleTalk|declat|decOther|sna802dot2|snaEthernet2|netBios|xns|vines|ipV6|usrDefined|rarp|PPPoE>[<pid>] [name <value>] [color <value>] [encap <value>]

Creates a protocol-based VLAN.

• <sid> is spanning tree ID.

• ip|ipx802dot3|ipx802dot2|ipxSnap|ipxEthernet2|appleTalk|decLat|decOther|sna802dot2|snaEthernet2|netBios|xns|vines|ipV6|usrDefined|rarp|PPPoE specifies the protocol.

• pid is a user-defined protocol ID number in hexadecimal.



• encap <value> is the frame encapsulation method.


followed by:

314725-E Rev 00



Creates a VLAN by protocol.

• <instance-id> is the instance ID.• <ip|ipx802dot3|ipx802dot2|ipxSnap|ip

xEthernet2|appleTalk|decLat|decOther|sna802dot2|snaEthernet2|netBios|xns|vines|ipV6|usrDefined|rarp|PPPoE> is the protocol ID.

• <pid> is the user-defined PID number.• name <value> is the name of the VLAN

from 0 to 64 characters.


• encap <value> is the frame encapsulation with the values ethernet-ii, llc, or snap.

bysrcmac <sid> [name <value>] [color <value>]

Creates a VLAN by source MAC address.

• <sid> is the spanning tree ID from 1 to 64.• name <value> is the name of the VLAN

from 0 to 20 characters.



bysrcmac-mstprstp <instance-id> [name <value>] [color <value>]

Creates a VLAN by source MAC address





Creates an sVLAN.

• <sid> is the spanning tree ID from 1 to 64.

• name <value> is the name of the sVLAN from 0 to 20 characters.



followed by:



Figure 131 on page 313 shows sample output for the config vlan create info command.


Creates an sVLAN.


• name <value> is the name of the sVLAN.

• color <value> is the color of the sVLAN from 0 to 32. The color attribute is used by Optivity software to display the VLAN.

forIDS <sid> [name <value>] [color <value>]

Creates a VLAN for IDS.• <sid> is the spanning tree ID from 1 to 64.



forIDS-mstprstp <instance-id> [name <value>] [color <value>]

Creates a VLAN for IDS





followed by:

314725-E Rev 00


Figure 131 Config vlan create info command output

Performing general VLAN operations

To perform general VLAN operations, such a setting a Quality of Service (QoS) level for the VLAN or adding or changing the name of a VLAN, use the following command:

config vlan <vid>

In all VLAN commands, vid is the VLAN ID.

This command includes the following options:

config vlan <vid>

followed by:

info Shows characteristics of the specified VLAN (Figure 132 on page 314).

action <action choice> Flushes a table or triggers an RIP update.

• <action choice> is {none| flushMacFdb|flushArp|flushIp| flushDynMemb|all|flushSnoopMemb| triggerRipUpdate|flushSenders| flushSnoopMRtr}. To flush all tables, use all.

add-mlt <integer> Adds an MLT to a VLAN.

• <integer> is the MLT ID.

addDsapSsap <DSAP/SSAP values>

Adds DSAP/SSAP to SNA/USR defined VLANs.

• DSAP/SSAP values for SNA and user defined VLANs (0x0..0xffff).

ERS-8606:5# config vlan 1 create info

Sub-Context: clear config dump monitor show test trace wsm asfm samCurrent Context:

byport : sid - 1 name - Default color - 0 (white)



Figure 132 shows sample output for the config vlan info command.

Figure 132 Config vlan info command output

removeDsapSsap <DSAP/SSAP values>

Removes DSAP/SSAP to SNA/USR defined VLANs.

• DSAP/SSAP values for SNA and user-defined VLANs (0x0..0xffff).

agetime <integer> Sets the VLAN aging time in seconds.

delete Deletes a VLAN.

qos-level <integer> Sets a Quality of Service level for a VLAN. • <integer> is the QoS level.

Note: QoS level 7 is reserved for network control traffic.

name <vname> Changes the name of a VLAN.

• <vname> is a string of length 0 to 20 characters.

config vlan <vid>

followed by:

ERS-8606:5# config vlan 1 info


action : N/A add-mlt : addDsapSsap : removeDsapSsap : N/A agetime : N/A delete : N/A qoslevel : 1 name : Default Security-vlan-type : none Cluster : 0

ERS-8606:5#

314725-E Rev 00



The following configuration example uses the config vlan commands to:

• Add a DSAP to SNA/USR VLANs

• Delete a VLAN

After configuring the parameters, use the info command to show a summary of the results.

ERS-8606:5/config/vlan/10# addDsapSsap 0x0808 ERS-8606:5/config/vlan/10# infoSub-Context: create fdb-entry fdb-filter fdb-static ip ipx ports srcmac static-mcastmacCurrent Context:

action : N/A add-mlt : addDsapSsap : 0x000c,0x0808 removeDsapSsap : N/A agetime : 600 delete : N/A qoslevel : 1 name : VLAN-1000

ERS-8606:5/config/vlan/10# removeDsapSsap 0x0808ERS-8606:5/config/vlan/10# infoSub-Context: create fdb-entry fdb-filter fdb-static ip ipx ports srcmac static-mcastmacCurrent Context:action : N/A add-mlt : addDsapSsap : 0x000c removeDsapSsap : N/A agetime : 600 delete : N/A qoslevel : 1 name : VLAN-1000



Configuring VLAN parameters in the forwarding database


• “Configuring or modifying VLAN entries in the forwarding database” on page 316

• “Configuring VLAN filter members” on page 317

• “Setting or modifying parameters of VLAN not allowed filter member” on page 318

• “Configuring VLAN static member parameters” on page 320

Configuring or modifying VLAN entries in the forwarding database

To configure or modify VLAN entries in the forwarding database, enter the following command:

config vlan <vid> fdb-entry



followed by:

info Shows current level parameter settings and next level directories.

aging-time <seconds> Sets the forwarding database aging timer.• <seconds> indicates the timeout period in

seconds.

flush Flushes forwarding database.

monitor <mac> status <value> <true|false>

Sets forwarding database monitor parameters.

• <mac> indicates the MAC address.• status <value> allows you to view the

current status of the forwarding database according to one of the following choices: {other|invalid|learned|self|mgmt}.

• <true|false> enables or disables the monitor.

314725-E Rev 00


Configuring VLAN filter members

To configure VLAN filter members, enter the following command:

config vlan <vid> fdb-filter

The config vlan <vid> fdb-filter command includes the following options:

qos-level <mac> status <value> <0..7>

Sets a QoS level for a VLAN.• <mac> indicates the MAC address.

• status <value> is the forwarding database status according to one of the following choices: {other|invalid|learned|self|mgmt}.

• <0..7> sets the QoS level.


sync Synchronizes the switch forwarding database with the forwarding database of the other aggregation switch.

config vlan <vid> fdb-filter

followed by:



Adds a filter member to a VLAN bridge.

• <mac> indicates the MAC address.

• port <value> indicates the port (slot/port) number.

• qos <value> is the QoS level.


pcap <mac> <enable|disable>

Enables or disables the Packet Capture Tool (PCAP).

• <mac> indicates the MAC address.For more information about PCAP, see Using the Packet Capture Tool.

remove <mac> Removes a filter member from a VLAN bridge.



followed by:




The following configuration example uses the config vlan fdb-filter commands to:

• Add a filter member to the VLAN bridge

• Remove a filter member from a VLAN bridge


ERS-8606:5/config/vlan/10/fdb-filter# add 2:2:2:2:2:2 port 1/1ERS-8606:5/config/vlan/10/fdb-filter# infoSub-Context: notallowfromCurrent Context:

add : mac - 02:02:02:02:02:02port - 1/1Pcap - Disableremove : N/A

ERS-8606:5/config/vlan/10/fdb-filter# remove 2:2:2:2:2:2ERS-8606:5/config/vlan/10/fdb-filter# infoSub-Context: notallowfromCurrent Context:

add : remove : N/A

Setting or modifying parameters of VLAN not allowed filter member

To set or modify VLAN not allowed filter member parameters, enter the following command:


314725-E Rev 00




The following configuration example uses the config vlan fdb-filter notallowfrom commands to:

• Add a not allowed filter member to a VLAN bridge

• Remove a not allowed filter member to a VLAN bridge


followed by:


add <mac> port <value> [<srcOnly|dstOnly|Both>]

Adds a not allowed filter member to a VLAN bridge.


• <value> indicates the port (slot/port) number.• <srcOnly}dstOnly|Both> is optional to set

a mask.

remove <mac> port <value> [<srcOnly|dstOnly|Both>]

Removes a not allowed filter member from a VLAN bridge.


• <value> indicates the port (slot/port) number.• <srcOnly}dstOnly|Both> is optional to set

a mask.




ERS-8606:5/config/vlan/10/fdb-filter# notallowfromERS-8606:5/config/vlan/10/fdb-filter/notallowfrom# add 2:2:2:2:2:2 port 1/2 BothERS-8606:5/config/vlan/1000/fdb-filter/notallowfrom# infoSub-Context:Current Context:

add : mac - 02:02:02:02:02:02Dest Discard set - 1/2Src Discard set - 1/2remove : N/A

ERS-8606:5/config/vlan/10/fdb-filter/notallowfrom# remove 2:2:2:2:2:2 port 1/2 srcOnlyERS-8606:5/config/vlan/10/fdb-filter/notallowfrom# infoSub-Context:Current Context:

add : mac - 02:02:02:02:02:02Dest Discard set - 1/2Src Discard set - remove : N/A

Configuring VLAN static member parameters

To configure VLAN static member parameters, enter the following command:

config vlan <vid> fdb-static

314725-E Rev 00



Limiting MAC learning

This feature allows you to limit the number of forwarding database entries learned on a particular port to a user-specified value. After the number of learned forwarding database entries reaches the maximum limit, packets with unknown source MAC addresses are dropped by the hardware. If the count drops below a configured minimum value due to forwarding database aging, learning is reenabled on the port. Users can configure various actions—logging, sending traps, and disabling the port—when the number of forwarding database entries reaches the configured maximum limit.

The following CLI commands are implemented for this feature:

config ethernet <ports> limit-fdb-learning fdbprotect <enable|disable>

This command enables or disables the feature on the specified ports. The default value is disable.

config ethernet <ports> limit-fdb-learning max-mac-count <value>

config vlan <vid> fdb-static

followed by:



Adds a static member to a VLAN bridge.• <mac> indicates the MAC address.

• port <value> indicates the port (slot/port) number.

• qos <value> is the QoS level.


remove <mac> Removes a static member from a VLAN bridge.




This command sets the maximum limit of forwarding database entries (fdb-entries) that can be learned on the specified ports. The default value is 1024.

config ethernet <ports> limit-fdb-learning min-mac-count <value>

This command sets the minimum limit of fdb-entries at which fdb-learning will be reenabled on the specified ports. The default value is 512.

config ethernet <ports> limit-fdb-learning info

This command shows the configuration information related to the feature.

config ethernet <ports> limit-fdb-learning violation-log-trap <enable|disable>

This command enables or disables logging to syslog file and trap generation when a maximum limit is reached. The default value is disable.

config ethernet <ports> limit-fdb-learning violation-down-port <enable|disable>

This command enables or disables the action taken on the ports in the event of a violation. The default value is disable.

There is no Device Manager support for this feature in this release.

Note: To change max-mac-count or min-mac-count when the feature is already enabled, flush the fdb-entries on the particular port using the command config ether <ports> action flushMacFdb.

314725-E Rev 00


Adding or removing VLAN ports

To add or remove ports in the VLAN, enter the following command:

config vlan <vid> ports


Figure 133 on page 324 shows sample output for the config vlan ports info command.

config vlan <vid> ports

followed by:

info Shows member status of the ports in the VLAN (Figure 133 on page 324).

add <ports> [member <value>]

Adds one or more ports to an existing VLAN.• <ports> is the port list.

• member <value> is the port member type. It can be portmember (always a member), static (sometimes a member), or notallowed (never a member).

remove <ports> [member <value>]

Removes ports from a VLAN but does not delete the VLAN.

• <ports> is the port list.

• member <value> is the port member type. It can be portmember (always a member), static (sometimes a member), or notallowed (never a member).

ospf-passive <true|false> <ports>

Enables or disables the OSPF passive port.

• <true|false> enables or disables the OSPF port.

• <ports> is the port list.



Figure 133 Config vlan ports info command output

Adding or removing VLAN source MAC addresses

To add or remove VLAN source MAC addresses, enter the following command:

config vlan <vid> srcmac


config vlan <vid> srcmacfollowed by:


add <macaddr> Adds a source MAC address to a VLAN.

• <macaddr> is the MAC address to be added.

remove <macaddr> Removes a source MAC address from a VLAN.

• <macaddr> is the MAC address to be removed.

ERS-8606:5# config vlan 1 ports info


add : portmember - 2/1-2/8,4/1-4/30 activemember - 2/1-2/8,4/1-4/30 staticmember - notallowtojoin - remove : N/A ospf-passive-port -

ERS-8606:5#

314725-E Rev 00


Configuring NLB unicast support on an IP interface

You can use Microsoft Network Load Balancer (NLB) to share workload among multiple clustering servers. To enable or disable Network Load Balancer (NLB) unicast support, use the following command:

config vlan <vid> ip nlb-unicast-mode


The default value is disable. For more information about NLB unicast support, see “Flooding for Microsoft NLB clustering systems in unicast mode” on page 63.

Configuring Untagging Default VLAN on a Tagged Port

The Untagging Default VLAN on a Tagged Port feature separates untagged packets originating from a PC from the tagged packets originating from a IP phone.

The following command enables the Untagging Default VLAN on a Tagged Port feature:

config ethernet <ports> untag-port-default-vlan <enable|disable>

where <ports> is the port of list of ports in slot/port format.

config vlan <vid> ip nlb-unicast-modefollowed by:


<enable|disable> Enables or disables unicast mode.



Configuring Enhanced Operation mode

Enhanced Operation mode enables the Ethernet Routing Switch 8600 to support more VLANs. With MLT, you can create a maximum of 1 980 VLANs (1 972 with R modules in the chassis). With SMLT, the limit is 989 VLANs. For more information about enhanced operation concepts, see “MultiLink trunking and VLAN scalability” on page 56.

To configure enhanced operation for 1 980 VLANs on the Ethernet Routing Switch 8600, use the following command:

config sys set flag enhanced-operational-mode

The config sys set flag enhanced-operational-mode command includes the following options:

Configuration example: configuring support for 1 980 VLANs

This configuration example uses the preceding commands to configure support for up to 1980 VLANs. Figure 134 on page 327 shows sample output for these configuration commands.

Note: You must save the configuration and reset the switch before the change takes effect.

config sys set flag enhanced-operational-mode

followed by:

true Enables Enhanced Operation mode to support 1 980 VLANs for the system.

false Disables Enhanced Operation mode for the system.

314725-E Rev 00


Figure 134 Configuration example for supporting 1980 VLANs command output

Configuring VLAN Loop Detection



For information about the Loop Detection feature, see “VLAN Loop Detection” on page 65. See “SMLT triangle with loop detection configuration example” on page 508 for a CLI loop detection configuration example.


ERS-8610:5# config sys set flag enhanced-operational-mode true

WARNING:The change made will take effect only afterthe configuration is saved and the full chassis is rebooted.ERS-8610:5# config sys set flag info


m-mode: (false) -> false enhanced-operational-mode: (false) -> true vlan-optimization-mode: (false) -> false global-filter-ordering: (false) -> false r-mode: (false) -> false multicast-check-packet: (true) -> true

ERS-8610:5# config sys set flag r-mode ?enable disable RSP memory (256K) mode - effect after rebootRequired parameters:<true|false> = Enable/Disable RSP memory mode {false|true}Command syntax:r-mode <true|false>ERS-8610:5#



To enable or disable loop detection, enter the CLI command:

config ethernet <port> loop-detect <enable|disable>

The config ethernet <port> loop-detect command includes the following options:

The MAC flap time limit is configured by using the mac-flap-time-limit command. Note that this interval should be staggered between a pair of SMLT switches. By default, the mac-flap-time-limit is set to 500 milliseconds.

config mac-flap-time-limit <10..5000 milliseconds>

To view the current flap time settings, enter the following command:

config info

To view link-flap-detection information, enter the following command:

show sys link-flap-detect general-info

Figure 135 on page 329 shows sample output for these commands.

config ethernet <port> loop-detect <enable|disable>followed by:

action <port-down|vlan-block|mac-discard>

Specifies the loop detect action to be taken.

• port-down shuts down the port upon detecting a flapping MAC address (an address that is enabled and disabled repeatedly).

• vlan-block shuts down the VLAN upon detecting a flapping MAC address

• mac-discard

arp-detect <enable|disable>

The ARP-Detect feature is used for IP configured interfaces for ARP packets. This feature should be enabled (in addition to loop detection) on routed interfaces.

314725-E Rev 00


Figure 135 Config and show sys link-flap-detect command output

To display the results of loop detection in any VLAN, enter the CLI command:


To verify whether the loop detection feature is enabled or disabled on the port, enter the CLI command:

config ethernet <port number> info

The CLI command to enable or disable auto-recovery on individual ports is as follows:

config ether <ports> auto-recover-port <enable|disable>

The default value is disable.

The CLI command to set the recovery timer on a port is as follows:

config auto-recover-delay <seconds>

ERS-8610:6# config ethernet 1/15 loop-detect enable action port-downERS-8610:6# config mac-flap-time-limit 1600ERS-8610:6# config info


setdate : N/A mac-flap-time-limit : 1600 auto-recover-delay : 15

ERS-8610:6# show sys link-flap-detect general-info

Auto Port Down : enable Send Trap : enable Interval : 60 Frequency : 10

ERS-8610:6#



The range is 5 to 3600 seconds, and the default value is 30 seconds.

To clear loop detection alarms, enter the CLI command:

config ethernet <port number> action clearLoopDetectAlarm

Figure 136 on page 331 shows sample CLI output using the loop detect commands.

314725-E Rev 00


Figure 136 Sample configuration using the loop-detect commands.

ERS-8610:6# show ports info loop-detected port 1/15========================================================================= Port Loop-Detect=========================================================================PORT VLAN MAC LOOP DETECT SMLT REMOTE ACTION------------------------------------------------------------------------1/15 3510 00:00:5e:00:01:01 PORT-DOWN false4/16 3510 00:00:5e:00:01:01 PORT-DOWN false

ERS-8610:6# config ether 1/15 auto-recover-port enableERS-8610:6# config auto-recover-delay 15ERS-8610:6# config ethernet 1/15 action clearLoopDetectAlarmERS-8610:6# config ethernet 1/15 info

Sub-Context: clear config dump monitor show test trace wsm asfm samCurrent Context:Port 1/15 : lock : false block-traffic : false name : auto-negotiate : true enable-diffserv : false access-diffserv : false qos-level : 1 routing : enable unknown-mac-discard : disable high-secure : false default-vlan-id : 1 untag-port-default-vlan : disable tagged-frames-discard : disable perform-tagging : disable svlan-porttype : normal untagged-frames-discard : disable loop-detect : enable action port-down arp-detect disable state : up linktrap : enable alias : multicast-bandwidth-limit : disabled broadcast-bandwidth-limit : disabled tx-flow-control : disabled sffd : disabled cp-limit : enabled multicast-limit 10000 broadcast-limit 10000 shape : disabled 802.1p-override : disable slpp-rx : disabled auto-recover-port : enable ext-cp-limit : None threshold-util-rate 50ERS-8610:6#



Loop detection warning messages

The following log message and trap is generated when MAC address discarding is set due to loop-detect:

MAC has been disabled due to MAC <xx:xx:xx:xx:xx:xx> flapping more than <n> times in <t> milliseconds from <port-number> to <port-number>.

The following log message and trap is generated when a port, which has been disabled due to CP-Limit or link-flap, is auto-recovered:

port <port-num> re-enabled by auto recovery

The following log message and trap is generated when a port which has been disabled due to the loop detection feature is auto-recovered:

Loop detect action <action> cleared on port <port-num> by auto recovery

Configuring spoof detection for a VLAN

A port can be configured to prevent IP spoofing by using the following CLI commands. For more information about this feature, see “Prevention of IP spoofing within a VLAN” on page 64.

To enable or disable spoof detection, enter the following command:

config ethernet <ports> spoof-detect <enable|disable>

To enable or disable auto-recovery on a port use the command:

config ethernet <ports> auto-recover-port <enable|disable>

Note: If you are using SMLT, be sure to configure spoof detection on both SMLT aggregation switches to avoid connectivity issues.

314725-E Rev 00


Using the VLAN show commands

To obtain configuration information about all VLANs on the switch or specified VLANs, use the show vlan commands.


• “Displaying general VLAN information”

• “Displaying forwarding database information” on page 347

• “Displaying forwarding database filters” on page 348

• “Displaying database status, MAC address, and QoS levels” on page 349

• “Displaying additional parameters” on page 350

• “Displaying ARP configurations” on page 351

• “Displaying VLAN information” on page 352

• “Displaying brouter port information” on page 353

• “Displaying IGMP switch operation information” on page 354

• “Displaying VLAN routing (IP) configuration” on page 355

• “Displaying port member status” on page 356

• “Displaying source MAC addresses” on page 357

Displaying general VLAN information

To display all general information about the VLANs on the switch or a specified VLAN, enter the following command:

show vlan info all [<vid>] [port <value>] [by <value>]

where:

<vid> is the VLAN ID from 1 to 4092,port <value> is the port or range of ports,by <value> is the group ID.

Warning: Enabling the spoof detection feature requires you to reboot the switch.



Figure 137 on page 334 shows sample output of this command.

Figure 137 Show vlan info all command output

Table 59 shows the field descriptions for this command.

Table 59 Show vlan info all parameters

Field Description

Vlan Basic

VLAN ID Indicates the VLAN ID.

ERS-8606:5/show/vlan/info# all

============================================================================= Vlan Basic=============================================================================VLAN STGID NAME TYPE ID PROTOCOLID SUBNETADDR SUBNETMASK-----------------------------------------------------------------------------1 Default byPort 1 none N/A N/A

13 VLAN-13 byPort 1 none N/A N/A

============================================================================= Vlan Port=============================================================================VLAN PORT ACTIVE STATIC NOT_ALLOWID MEMBER MEMBER MEMBER MEMBER-----------------------------------------------------------------------------1 1/1,1/5-1/8,2/1- 1/1,1/5-1/8,2/1-

2/8,4/1-4/16,4/18- 2/8,4/1-4/16,4/18-

4/30 4/30

13 4/17 4/17

============================================================================= Vlan ATM VPort=============================================================================VLAN ID PORT NUM PVC LIST-------------------------------------------------------------------------------More-- (q = quit)

314725-E Rev 00


NAME Indicates the administrator assigned name to the VLAN.

TYPE Indicates the type of VLAN, distinguished according to the policy used to define its port membership. Options include:byPort—VLAN by Port

byIpSubnet—VLAN by IP subnet

byProtocolId—VLAN by protocol IDbySrcMac—VLAN by source MAC address

byDstMcast—VLAN by destination multicast

bySvlan—VLAN by stacked VLAN byIds—VLAN by IDS VLAN

STG ID Indicates the Spanning Tree Group (STG) used by this VLAN to determine the state of its ports. If this VLAN is not associated with any STG, it is zero.

PROTOCOLID Indicates the protocol identifier of this VLAN. For other VLAN types it has the value of none. Options include:none

ip

ipx802dot3ipx802dot2

ipxSnap

ipxEthernet2appleTalk

decLat

decOthersna802dot2

snaEthernet2

netBiosxns

vines

ipV6usrDefined

rarp

pPPoE

SUBNETADDR Indicates the IP subnet address of this VLAN. For other VLAN types it has the value of 0.0.0.0.

SUBNETMASK Indicates the IP subnet mask of this VLAN. For other VLAN types it has the value of 0.0.0.0.

Table 59 Show vlan info all parameters (continued)

Field Description



Vlan Port


PORT MEMBER Indicates the set of ports that are members (static or dynamic) of this VLAN.

ACTIVE MEMBER Indicates the The set of ports that are currently active in this VLAN. Active ports include all static ports and any dynamic ports where the VLAN policy was met.

STATIC MEMBER Indicates the The set of ports that are static members of this VLAN. A static member of a VLAN is always active and is never aged out.

NOT_ALLOW MEMBER

Indicates the The set of ports that are not allowed to become members of this VLAN.

Vlan ATM Port


PORT NUM Indicates the port number.

PVC LIST Indicates the PVC list.

Ospf Passive Port Members

VLAN Indicates the VLAN ID.

PORT NUM Indicates the VLAN port number for the passive OSPF interface.

Vlan Advance


NAME Indicates the name assigned to the VLAN.

IF INDEX Indicates the interface index.

QOS LVL Indicates the QoS level packets carried in this VLAN for processing.

AGING TIME Indicates the timeout period (in seconds) used for aging out dynamic members of this VLAN. This field is only relevant for policy-based VLANs.

MAC ADDRESS Indicates the MAC address assigned to the virtual router interface of this VLAN. This field is meaningful only if VlanRoutingEnable is equal to true.


Field Description

314725-E Rev 00


ACTION Inidciates VLAN related actions. Options include:

none—none of the following

flushMacFdb—flush MAC forwarding tableflushArp—flush ARP table

flushIp—flush IP route table

flushDynMemb(—flush dynamic membersall—flush all tables

flushSnoopMemb—flush IGMP snoop members

triggerRipUpdate—manually trigger RIP updateflushSnoopMRtr—flush snoop multicast router

RESULT Indicates the result from the last VLAN action. Options include:

noneinProgress

success

fail

USER DEFINEPED ENCAP

Indicates the encapsulation type for user defined protocol-based VLANs. This is not meaningful for other types of VLANs.

Vlan Arp


DOPROXY Indicates if ARP proxy responses are enabled or disabled on the specified interface.

DORESP Indicates if the sending of ARP responses is enabled or disabled on the specified interface.

NLB-UNIAST-MODE Indicates the mode for NLB-unicast.

Vlan Fdb


STATUS Indicates the status of FDB forwarding on the VLAN.


INTERFACE Indicates the interface.

MONITOR Indicates whether monitoring is performed on this unicast MAC address. If monitoring is enabled, any packet received with a matching destination MAC address is forwarded to the port configured to receive monitor traffic.


Field Description




SMLT REMOTE Indicates the MAC address for remote learnt, either local or remote.

Vlan Filter


STATUS Indicates the status of the VLAN filter.


PORT Indicates the port number.


PCAP Indicates the status of PCAP on the filter.

DEST_DISCARD SET

Indicates a set of ports. Traffic arriving on any of the specified ports from this MAC address.

SRC_DISCARD SET Indicates a set of ports. Traffic arriving on any of the specified ports is not forwarded to this MAC address.

Vlan Static


STATUS Indicates the status of the static VLAN.


PORT Indicates the port number.

MONITOR Indicates whether monitoring is performed on this unicast MAC address. If monitoring is enabled, any packet received with a matching destination MAC address is forwarded to the port configured to receive monitor traffic.


IDS Vlan Info


MAC LEARNING Indicates the type of MAC learning.

DISABLED PORTS Indicates the disabled port numbers.


Field Description

314725-E Rev 00


Vlan Ip


IP ADDRESS Indicates the IP subnet address of this VLAN. This value is meaningful only if the VLAN type is set to IP subnet. For other VLAN types, it has the value of 0.0.0.0.

NET MASK Indicates the IP subnet mask of this VLAN. This value is meaningful only if the VLAN type is set to IP subnet. For other VLAN types it has the value of 0.0.0.0.

BCASTADDR FORMAT

Indicates the IP broadcast address format used on this interface.

REASM MAXSIZE Indicates the size of the largest IP datagram that this entity can reassemble from incoming IP fragmented datagrams received on this interface.

ADVERTISE WHEN_DOWN

Indicates whether the VLAN state change is notified to Layer 3 or not, provided the VLAN is configured as a routable interface. A VLAN is considered to be up if at least one member of the port-based VLAN has link up, or at least one port member of the policy-based has an entry in the MGID or at least one static member of the policy-based VLAN has link up. Otherwise, a VLAN is considered to be down. If the value is true then the interface state change does not notify to Layer 3. (that is, it always stays up). If the value is false then the VLAN state change is notified to Layer 3 so that IP related status reflects the routable interface state.

DIRECTED BROADCAST

Indicates the status of directed broadcast.

RPC Indicates the status of RPC.

RPC MODE Indicates the RPC mode type.

Vlan Dhcp

VLAN ID Indicates the VLAN ID number

IF INDEX Indicates the interface index number. Numbers 1 to 256 are ports; numbers above 257 are VLANs.

ENABLE Indicates if DHCP is enabled on the port.

MAX HOP Indicates the maximum number of hops a DHCP packet can take from the source device to the destination device (that is, DHCP client to DHCP server)


Field Description



MIN SEC Indicates the minimum number of seconds to wait between receiving a DHCP packet and actually forwarding the DHCP packet to the destination device. A value of zero indicates forwarding should be done immediately without any delay.

MODE Indicates what type of DHCP packets this interface should support. A value of none results in all incoming DHCP and BOOTP packets to be dropped. Options include none, bootp, dhcp, and both.

ALWAYS BCAST Indicates if DHCP reply packets are broadcast to the DHCP client on this interface.

Vlan Ospf

VLAN ID Indicates the VLAN

ENABLE Indicates the status of OSPF configured on the port.

HELLO INTERVAL Indicates the length of time, in seconds (1 to FFFF) between the Hello packets that the router sends on the interface.

RTRDEAD INTERVAL Indicates the number of seconds (1 to FFFF) that router Hello packets have not been seen before neighbors declare the router down.

DESIGRTR PRIORITY

Indicates the priority of this interface. Used in multiaccess networks. This field is used in the designated router election algorithm. The value 0 indicates the router is not eligible to become the designated router on this particular network. In the event of a tie in this value, routers use their router id as a tie breaker. The default is 1.

METRIC Indicates the metric for this type of service (TOS) on this interface. The value of the TOS metric is (10^9 / interface speed). The default is 1.FFFF—There is no route for this TOS.

POS/IPCP links—defaults to 0.

0—The interface speed is used as the metric value when the state of the interface is up.

AUTHTYPE Indicates the type of authentication required for the interface.

none—No authentication required.simple password—All OSPF updates received by the interface must contain the authentication key specified in the interface AuthKey field.MD5 authentication—All OSPF updates received by the interface must contain the MD5 key.


Field Description

314725-E Rev 00


AUTHKEY Indicates the key (up to 8 characters) required when simple password authentication is specified in the interface AuthType field.

INTF Indicates the interface type.

AREA ID Indicates the area where the host is found. By default, the area that is submitting the OSPF interface is in 0.0.0.0.

Vlan Rip

PORT NUM Indicates the ports on the VLAN.

ENABLE Indicates the status of RIP on the port.s for a VLAN

DEFAULT SUPPLY Indicates if the default route must be advertised out this interface.

Note: The default route is advertised only if it exists in the routing table.

DEFAULT LISTEN Indicates if the default route must be learned on this interface when advertised by another router connected to the interface.

TRIGGERED UPDATE

Indicates the status of the RIP triggered update on the interface.

AUTOAGG ENABLE Indicates the status of auto aggregation on the interface.

SUPPLY Indicates the status of advertising RIP routes through the interface.

LISTEN Indicates the status of RIP reception on the interface.

POISON Indicates the status of poison reverse on the interface. If disabled, split horizon is invoked, meaning that IP routes learned from an immediate neighbor are not advertised back to the neighbor from which the routes were learned.If enabled, the RIP update sent to a neighbor from which a route is learned is poisoned with a metric of 16. In this manner, the route entry is not passed along to the neighbor, because historically 16 is infinity in terms of hops on a network. The default is disable.

Vlan Vrrp


VRRP ID Indicates the number which, along with an interface index (ifIndex), serves to uniquely identify a virtual router on a given VRRP router. A set of one or more associated addresses is assigned to a VRID.

IP ADDR Indicates the assigned IP addresses that a virtual router is responsible for backing up.


Field Description



VIRTUAL MAC ADDR Indicates the virtual MAC address of the virtual router. This is derived as follows: 00-00-5E-00-01-<VRID> where the first three octets consist of the Internet Assigned Numbers Authority’s (IANA) Organizationally Unique Identifier (OUI), the next two octets indicate the address block of the VRRP protocol, and the remaining octets consist of the VRID.

Vlan Vrrp Extended

VID Indicates the VLAN ID.

STATE Indicates the current state of the virtual router. Options include:initialize—waiting for a startup event

backup—monitoring the state/availability of the master router

master—forwarding IP addresses associated with this virtual router.

CONTROL Indicates the virtual router function. Setting the value to enabled transitions the state of the router from initialize to backup. Setting the value to disabled, transitions the router from master or backup to initialize.

PRIORITY Indicates the priority for the virtual router (for example, master election) with respect to other virtual routers that are backing up a one or more associated IP addresses. Higher values imply higher priority. A priority of 0, although not possible to set, indicates that this router has ceased to participate in VRRP and a backup virtual router should transition to become a new master.A priority of 255 is used for the router that owns the associated IP addresses.

MASTER IPDDR Indicates the master router real (primary) IP address. This is the IP address listed as the source in VRRP advertisement last received by this virtual router.

ADVERTISE INTERVAL

Indicates the time interval, in seconds, between sending advertisement messages. Only the master router sends VRRP advertisements.

CRITICAL IPADDR Indicates the IP address of the interface that causes a shutdown event.

HOLDDOWN_TIME Indicates the amount of time (in seconds) to wait before preempting the current VRRP master.

ACTION Indicates the trigger for an action on this VRRP interface. Options include none and preemptHoldDownTimer.


Field Description

314725-E Rev 00


CRITICAL IP ENABLE

Indicates the if an user-defined critical IP address is enabled. No indicates the use the default IP address (0.0.0.0). there is no effect if an user-defined IP address does not exist.

BACKUP MASTER Indicates the state of designating a backup master router.

BACKUP MASTER STATE

Indicates the state of the backup master router.

FAST ADV INTERVAL Indicates the faster advertisement interval, in milliseconds, between sending advertisement messages. When the faster advertisement interval enable is checked, the faster advertisement interval is being used instead of the regular advertisement interval

FAST ADV ENABLE Indicates if the faster advertisement interval status.

Vlan Ip Igmp


QUERY INTVL Indicates the interval (in seconds) between IGMP Host-Query packets transmitted on this interface.

QUERY MAX RESP Indicates the interval (in seconds) for the maximum query response time advertised in IGMPv2 queries on this interface. Smaller values allow a router to prune groups faster.

ROBUST Indicates the tuning for the expected packet loss on a subnet. If a subnet is expected to be lossy, the Robustness variable can be increased. IGMP is robust to (Robustness - 1) packet losses.

VERSION Indicates the version of IGMP that is running on this interface. This object configures a router capable of running either value. For IGMP to function correctly, all routers on a LAN must be configured to run the same version of IGMP on that LAN.

LAST MEMB QUERY Indicates the max response in a group specific query.

PROXY SNOOP ENABLE

Indicates the status of IGMP proxy snoop on the VLAN.

SNOOP ENABLE Indicates the status of IGMP snooping on the VLAN.

SSM SNOOP ENABLE

Indicates the status of SSM IGMP snooping on the VLAN.

FAST LEAVE ENABLE

Indicates the status of fast leave.

FAST LEAVE PORTS Indicates the ports that have fast leave enabled.

Vlan Ip Dvmrp

IF Indicates the ifIndex value of the interface for which DVMRP is enabled.


Field Description



ADDR Indicates the IP address this system uses as a source address on this interface.

METRIC Indicates the distance metric for this interface used to calculate distance vectors.

OPERSTAT Indicates the current operational state of this DVMRP interface.

DEFAULT LISTEN Indicates whether the switch can learn DVMRP default routes over this interface.

DEFAULT SUPPLY Indicates the whether the switch should supply DVMRP default routes over this interface.

DEFAULT METRIC Indicates the cost of the DVMRP default route that this interface generates and supplies when it is configured to supply default route.

ADVERTISE SELF Indicates whether the switch can advertise this local network.

IN-POLICY Indicates the DVMRP accept policy name configured on this interface.

OUT-POLICY Indicates the DVMRP announce policy name configured on this interface.

INTF TYPE Indicates the type of this DVMRP interface, whether it uses a tunnel, source routing, a physical interface for which there is a a querier, or a physical interface for which there is not a querier (subnet).

Vlan Ip Icmp Route Discovery


ADV_ADDRESS Indicates the advertisement address to which the route discovery advertisements transmitted on this interface.

ADV_FLAG Indicates the flag to indicate whether or not the address is to be advertised on this interface.

LIFETIME Indicates the value to be placed in the lifetime field of router Advertisements sent from the interface.

MAX_INT Indicates the maximum time allowed between sending router Advertisements from this interface.

MIN_INT Indicates the minimum time allowed between sending router Advertisements from this interface.

PREF_LEVEL Indicates the preferability of the router address as a default router

Vlan Ipx

VLAN-ID Indicates the VLAN ID.


Field Description

314725-E Rev 00


VLAN-TYPE Indicates the type of VLAN, distinguished according to the policy used to define its port membership. Options include:

byPort—VLAN by Port byIpSubnet—VLAN by IP subnet

byProtocolId—VLAN by protocol ID

bySrcMac—VLAN by source MAC addressbyDstMcast—VLAN by destination multicast

bySvlan—VLAN by stacked VLAN

byIds—VLAN by IDS VLAN

IPXNET Indicates the IPX network address.

ENCAPSULATION Indicates the IPX encapsulation format. It is only relevant if the VLAN is port-based.

ROUTING Indicates the IPX routing protocol. Options include none or RIP.

Manual Edit Mac

MAC ADDRESS Indicates the MAC address that is learned on the port.

PORTS Indicates the allowed ports that can learn this MAC address.

Autolearn Mac

MAC ADDRESS Indicates the MAC address that is automatically learned on the port.

PORT Indicates the allowed ports that can automatically learn this MAC address.

Vlan Ip Pim

VLAN-ID Identifies the VLAN.

PIM-ENABLE The state of PIM on the VLAN.

MODE The configured mode of this VLAN. The valid modes are SSM and Sparse.

HELLOINT Indicates how long to wait (in seconds) before the PIM switch sends out the next hello message to neighboring switches. The default hello interval is 30 seconds.

JPINT Indicates how long to wait (in seconds) before the PIM switch sends out the next join/prune message to its upstream neighbors. The default join/prune interval is 60 seconds.

CBSR PREF The preference for this local interface to become a candidate BSR. The Candidate BSR with the highest BSR-priority and address is referred to as the preferred BSR. The default is -1, which indicates that the current interface is not a candidate BSR.


Field Description



INTF TYPE Indicates whether the PIM interface is active or passive.

Vlan Ip Pgm

VLAN-ID Identifies the VLAN.

ENABLE Shows whether PGM is enabled or disabled on this interface.

STATE Indicates the current state (up or down) of PGM.

NAK_RE_XMIT INTERVAL

Specifies how long to wait for an NCF (in milliseconds) before retransmitting the NAK (negative acknowledgement). The default is 1 000 milliseconds.

MAX_NAK_RE XMIT_COUNT

Specifies the maximum number of NAK retransmission packets allowed per second.

NAK_RDATA INTERVAL

Specifies how long to wait for RDATA (in milliseconds) after receiving an NCF.

NAK_ELIMINATE INTERVAL

Specifies the length of time (in milliseconds) during where a network element (NE) eliminates duplicate NAKs. When this interval expires, the NE suspends NAK elimination until the first duplicate arrives. After this NAK is forwarded, the NE again eliminates duplicate NAKs for the specified interval. This parameter must be less than the NAK_RDATA INTERVAL.

Vlan Mcastmac


MAC ADDRESS Indicates the MAC address.

PORT LIST Indicates the list of ports.

MLT GROUPS Indicates the MLT groups.

Vlan Firewall

ID Indicates the VLAN ID.

NAME Indicates the VLAN name assigned by the user.

FIREWALL TYPE Indicates the firewall VLAN type for port-based VLANs. Options include:

none(naap

enforceable

peering

CLUSTER ID Indicates the firewall cluster ID.


Field Description

314725-E Rev 00


Displaying forwarding database information

To display forwarding database information for the specified VLAN, enter the following command:

show vlan info fdb-entry [<vid>] [mac <value>] [port <value>]

where:<vid> is the VLAN ID from 1 to 4 092.port <port-list> is the port or range of ports in slot/port format.mac <value> is the MAC address.

The <vid>, port, and mac are optional parameters.

Figure 138 shows sample output for the show vlan info fdb-entry command.

Figure 138 Show vlan info fdb-entry command output

See the appropriate section in Table 59 on page 334 for an explanation of each heading in the previous figure.

ERS-8606:5# show vlan info fdb-entry 1

============================================================================= Vlan Fdb=============================================================================VLAN MAC QOS SMLT ID STATUS ADDRESS INTERFACE MONITOR LEVEL REMOTE-----------------------------------------------------------------------------1 learned 00:00:50:0d:6b:82 Port-2/7 false 1 false

1 out of 1 entries in all fdb(s) displayed.

ERS-8606:5#



Displaying forwarding database filters

To display the forwarding database filters for the specified VLAN, enter the following command:

show vlan info fdb-filter [<vid>] [mac <value>] [port <value>]



The display includes the VLAN ID, the status, the VLAN MAC address, and the ports from which the VLAN is not allowed to receive frames.

Figure 139 shows sample output for the show vlan info fdb-filter command.

Figure 139 Show vlan info fdb-filter command output


ERS-8610:5# show vlan info fdb-filter 1===================================================================== Vlan Filter=====================================================================VLAN MAC QOS DEST_DISCARDSRC_DISCARDID STATUS ADDRESS PORT LEVEL PCAP SET SET---------------------------------------------------------------------1 permanent 00:13:83:89:22:03 8/7 1 Enable

ERS-8610:5#

314725-E Rev 00


Displaying database status, MAC address, and QoS levels

To display the static forwarding database status, the VLAN MAC address, and the QoS level for the specified VLAN, enter the following command:

show vlan info fdb-static [<vid>] [mac <value>] [port <value>]



Figure 140 shows sample output for the show vlan info fdb-static command.

Figure 140 Show vlan info fdb-static command output


ERS-8606:5:# show vlan info fdb-static 1

============================================================================ Vlan Static============================================================================VLAN MAC QOS ID STATUS ADDRESS PORT MONITOR LEVEL ----------------------------------------------------------------------------1 learned 08:12:20:38:4e:76 1/1 1/2 7

ERS-8606:5



Displaying additional parameters

To display additional parameters for the specified VLAN or all VLANs, enter the following command:

show vlan info advance [<vid>] [port <value>]

where:vid is the VLAN ID from 1 to 4 092,port <value> is the port or range of ports.

Entering a vid or port <value> is optional. When you enter a vid or port <value>, the command shows information for the specified VLAN or port. Without the vid or port <value>, the command shows information for all the configured VLANs.

All zeros in the MAC ADDRESS column indicate that there is no IP address associated with that VLAN.

Figure 141 on page 351 shows sample output for the show vlan info advance command.

314725-E Rev 00


Figure 141 Show vlan info advance command output


Displaying ARP configurations

To display the Address Resolution Protocol (ARP) configuration for all VLANs or the specified VLAN, enter the following command:

show vlan info arp [<vid>] [port <value>]

ERS-8610:5# show vlan info advance

============================================================================= Vlan Advance=============================================================================VLAN IF QOS AGING MAC USERID NAME INDEX LVL TIME ADDRESS ACTION RESULT DEFINEPID ENCAP------------------------------------------------------------------------------1 Default 2049 1 0 00:00:00:00:00:00 none none 0x0000

2 VLAN-2 2051 1 0 00:12:83:89:22:01 none none 0x0000

3 VLAN-3 2052 1 0 00:00:00:00:00:00 none none 0x0000

100 100 2054 1 0 00:00:00:00:00:00 none none 0x0000

3999 VLAN-3999 2053 1 0 00:00:00:00:00:00 none none 0x0000

VLANID DSAP/SSAP------------------------------------------------------------------------------1231003999

ERS-8610:5#





Figure 142 shows sample output for the show vlan info arp command.

Figure 142 Show vlan info arp command output


Displaying VLAN information

To display the basic configuration for all VLANs or a specified VLAN, enter the following command:

show vlan info basic [<vid>] [port <value>]



ERS-8610:5# show vlan info arp 1

============================================================== Vlan Arp==============================================================VLAN ID DOPROXY DORESP NLB-UNIAST-MODE--------------------------------------------------------------1 false true false

314725-E Rev 00


Figure 143 shows sample output for the show vlan info basic command.

Figure 143 Show vlan info basic command output


Displaying brouter port information

To display the brouter port VLAN information for all VLANs on the switch or for the specified VLAN, enter the following command:

show vlan info brouter-port [port <value>]

where:port <value> is the portlist {slot/port[-slot/port][,...]}. Entering a value is optional. When you enter a value, the command shows information for the specified port. Without the value, the command shows information for all the configured VLANs.


Figure 144 on page 354 shows sample output for the show vlan info brouter-port command.

ERS-8606:5# show vlan info basic

============================================================================== Vlan Basic==============================================================================VLAN STGID NAME TYPE ID PROTOCOLID SUBNETADDR SUBNETMASK ------------------------------------------------------------------------------1 Default byPort 1 none N/A N/A 4093 VLAN-4093 byPort 64 none N/A N/A



Figure 144 Show vlan info brouter-port command output

Displaying IGMP switch operation information

To display information about IGMP operation in the switch, enter the following command:

show vlan info igmp [<vid>] [port <value>]



ERS-8606:5# show vlan info brouter-port port 1/1

Vlan Id Port ======= ====

2090 1/1

ERS-8606:5#

314725-E Rev 00


Figure 145 shows sample output for the show vlan info igmp command.

Figure 145 Show vlan info igmp command output


Displaying VLAN routing (IP) configuration

To display the routing (IP) configuration for all VLANs on the switch or for the specified VLAN, enter the following command:

show vlan info ip [<vid>] [port <value>]



ERS-8606:5# show vlan info igmp 1

============================================================================= Vlan Ip Igmp=============================================================================VLAN QUERY QUERY ROBUST VERSION LAST PROXY SNOOP SSM FAST FASTID INTVL MAX MEMB SNOOP ENABLE SNOOP LEAVE LEAVE RESP QUERY ENABLE ENABLE ENABLE PORTS-----------------------------------------------------------------------------1 125 100 2 2 10 false false false false

ERS-8606:5#



Figure 146 shows sample output for the show vlan info ip command.

Figure 146 Show vlan info ip command output


Displaying port member status

To display the port member status for all VLANs on the switch or for the specified VLAN, enter the following command:

show vlan info ports [<vid>] [port <value>]



A port can be an active member, a static member, or a not-allowed member.

ERS-8606:5# show vlan info ip

============================================================================= Vlan Ip=============================================================================VLAN IP NET BCASTADDR REASM ADVERTISE DIRECTED ID ADDRESS MASK FORMAT MAXSIZE WHEN_DOWN BROADCAST -----------------------------------------------------------------------------1 192.32.253.1 255.255.255.0 ones 1500 disable enable

ERS-8606:5#

314725-E Rev 00


Figure 147 shows sample output for the show vlan info ports command.

Figure 147 Show vlan info ports command output


Displaying source MAC addresses

To display the source MAC address for any source MAC-based VLANs on the switch, or for the specified VLAN, if it is source MAC-based, enter the following command:

show vlan info srcmac [<vid>] [port <value>]

ERS-8606:5# show vlan info ports

============================================================================= Vlan Port=============================================================================VLAN PORT ACTIVE STATIC NOT_ALLOW ID MEMBER MEMBER MEMBER MEMBER -----------------------------------------------------------------------------1 2/1-2/8,4/1-4/30 2/1-2/8,4/1-4/30

============================================================================= Vlan ATM VPort=============================================================================VLAN ID PORT NUM PVC LIST -----------------------------------------------------------------------------

============================================================================= Ospf Passive Port Members=============================================================================VLAN PORT NUM -----------------------------------------------------------------------------1

ERS-8606:5#





Figure 148 shows sample output for the show vlan info srcmac command.

Figure 148 Show vlan info srcmac command output


Using the show ports commands for VLANs

To obtain configuration port information about all VLANs on the switch or specified VLANs, use the show ports commands.


• “Displaying port tagging information” on page 359

• “Displaying all port VLAN information” on page 360

ERS-8606:5# show vlan info srcmac

============================================================================ Vlan Srcmac============================================================================VLAN_ID MAC_ADDRESS 1 00:13:83:89:22:032 00:00:00:00:00:00

ERS-8606:5#

314725-E Rev 00


Displaying port tagging information

To display VLAN port tagging information, enter the following command:

show ports info vlans [vlan <value>] [port <value>]

where:

vlan <value> is the VLAN ID from 1 to 4092,port <value> is the port or range of ports.

Entering a vlan <value> or port <value> is optional. When you enter a vlan <value> or port <value>, the command shows information for the specified VLAN or port. Without the vlan <value> or port <value>, the command shows information for all the configured VLANs.

Figure 149 shows sample output for this command.

Figure 149 Show ports info vlan command output

Table 60 shows the field descriptions for this command.

Table 60 Show ports info vlan parameters

Field Description

PORT NUM Indicates the port and slot number.

TAGGING Indicates the state of ingress and egress tagging on the port.

ERS-8603:3/show/ports/info# vlans

=============================================================== Port Vlans===============================================================PORT DISCARD DISCARD DEFAULT VLAN PORT UNTAGNUM TAGGING TAGFRAM UNTAGFRAM VLANID IDS TYPE DEFVLAN---------------------------------------------------------------1/1 disable false false 1 1 normal disable1/2 disable false false 1 1 normal disable1/3 disable false false 1 1 normal disable



Displaying all port VLAN information

To display all port VLAN information, enter the following command:

show ports info all [vlan <value>] [port <value>] [by <value>]

where:

vlan <value> is the VLAN ID from 1 to 4092port <value> is the port or range of portsby <value> is the group ID.

Entering a vlan <value>, port <value> or by <value> is optional. When you enter a vlan <value>, port <value> or by <value>, the command shows information for the specified VLAN, port, or group ID. Without optional parameters, the command shows information for all the configured VLANs.

DISCARD TAGFRAM Indicates the state of how to process tagged frames received on this access port. When the flag is set, these frames are discarded by the forwarding process. When the flag is reset, these frames are processed normally. This only applies when the port is a trunk port.

DISCARD UNTAGFRAM Indicates the state of how to process untagged frames received on this trunk port. When the flag is set, these frames are discarded by the forwarding process. When the flag is reset, these frames are assigned to the default VLAN ID specified by Default VlanId. This only applies when the port is a trunk port.

DEFAULT VLANID Indicates the VLAN ID assigned to untagged frames received on this trunk port. This only applies when the port is a trunk port.

VLAN IDS Indicates the VLANs assigned to this port.

PORT TYPE Indicates the type of port: normal, UNI, or NNI.

UNTAG DEFVLAN Indicates the status of egress tagging on the default VLAN port.

Table 60 Show ports info vlan parameters (continued)

Field Description

314725-E Rev 00



Figure 150 Show ports info port all command output

ERS-8610:5# show ports info all port 1/1

============================================================================= Port Interface=============================================================================PORT LINK PORT PHYSICAL STATUSNUM INDEX DESCRIPTION TRAP LOCK MTU ADDRESS ADMIN OPERATE-----------------------------------------------------------------------------1/1 64 1000BaseTX true false 1950 00:12:83:89:20:00 up down

============================================================================= Port Name=============================================================================PORT OPERATE OPERATE OPERATENUM NAME DESCRIPTION STATUS DUPLX SPEED VLAN-----------------------------------------------------------------------------1/1 1000BaseTX down half 0 Access

============================================================================= Port Config=============================================================================

PORT AUTO SFFD ADMIN OPERATE DIFF-SERV QOS BLOCK MLT VENDOR DUAL SMLT ADMIN OPERATE AUTO

NUM TYPE NEG. DUPLX SPD DUPLX SPD EN TYPE LVL TFR ID NAME CONN ID ROUTING ROUTING RECOVER-----------------------------------------------------------------------------1/1 1000BaseTX true false half 10 0 fals core 1 false 0 N/A 0 Enable Disable Disable

============================================================================= Port State=============================================================================PORT NUM ADMINSTATUS PORTSTATE REASON DATE-----------------------------------------------------------------------------1/1 up down -- 03/13/06 22:31:41

============================================================================= Port Arp=============================================================================



Table 59 on page 334 shows the field descriptions for this command.

Using the VLAN IP commands

The VLAN IP commands described in this section are general routing commands for the VLAN. Other VLAN commands are included in the sections of this manual that describe commands used with a specific protocol or feature.

Assigning an IP address to a VLAN

To assign an IP address to a VLAN, use the following command:

config vlan <vid> ip

where:vid is the VLAN ID from 1 to 4 092. Entering a vid is optional. When you enter a vid, the command shows information for the specified VLAN. Without the vid, the command shows information for all the configured VLANs.



followed by:


create <ipaddr|mask> [mac_offset <value>]

Assigns an IP address and subnet mask to the VLAN.

• <ipaddr|mask> is the IP address and mask {a.b.c.d}.

• mac_offset <value> is a user-assigned MAC address. This MAC address is in place of the default MAC address.

314725-E Rev 00


Figure 151 shows sample output for the config vlan ip info command.

Figure 151 Config vlan ip info command output

delete <ipaddr> Deletes the specified VLAN address.

Rvs-Path-Chk <enable|disable> [mode <value>]

Enables or disables reverse path checking.

• <enable|disable> enables or disables reverse path checking.

• mode <value> is the mode for reverse path checking—exist-only or strict.

See Configuring and Managing Security for more information about Reverse Path Checking.


followed by:

ERS-8603:3/config/vlan/1/ip# infoSub-Context: arp-response dhcp-relay directed-broadcast dvmrp igmp ospf pim pgm proxy rip route-discovery rsmlt vrrp

Current Context: create : 10.1.1.1/255.255.255.0 mac_offset 1

delete : N/A



314725-E Rev 00

365

Chapter 8Configuring sVLANs using the CLI

The stacked VLAN (sVLAN) protocol transparently transports packets through an sVLAN domain by adding an additional 4-byte header to each packet.

This section describes how to configure sVLANs using the command line interface (CLI) and includes the following topics:

For conceptual information about sVLANs, see “Stacked VLANs” on page 59.

Topic Page

Roadmap of sVLAN commands 366

Overview of sVLAN CLI configuration 367

Creating an sVLAN 368

Setting the Ethertype and switch level 370

Showing Ethertype and switch level information 371

Setting the sVLAN port type 373

Creating an sVLAN STG 376



366 Chapter 8 Configuring sVLANs using the CLI

Roadmap of sVLAN commands

The following roadmap lists the VLAN commands and their parameters. Use this list as a quick reference or click on any entry for more information.

Command Parameter

config svlan info

ether-type level <value> <ethertype>

level <level>

show svlan info ether-type

show svlan info active-level

config ethernet <ports> info

svlan-porttype <normal|uni|nni>

config stg <sid> info

add ports <value>

create [<ports>] [vlan <value>] [mac <value>] [type <value>] [ntstg <value>]

delete

forward-delay <timeval>

group-stp <enable|disable>

hello-interval <timeval>

max-age <timeval>

priority <number>

remove ports <value>

trap-stp <enable|disable>

config stg <sid> add ports <ports>

314725-E Rev 00

Chapter 8 Configuring sVLANs using the CLI 367

Overview of sVLAN CLI configuration

Follow these steps to create an sVLAN using the CLI:

1 Set the sVLAN switch level to 1 or higher.

For more information, see “Setting the Ethertype and switch level” on page 370.

2 Configure user-to-network interface (UNI) and network-to-network-interface (NNI) ports.

For more information, see “Setting the sVLAN port type” on page 373.

3 Create a spanning tree group (STG) of type sVLAN and set the tagged BPDU address as different from the standardized BPDU address.

For more information, see “Creating an sVLAN STG” on page 376.

4 Add UNI or NNI ports to the STG.

For more information, see “Adding UNI or NNI ports to the STG” on page 378.

5 Create a VLAN of type sVLAN within the STG created in Step 3 and add ports to it.

For more information, see “Creating an sVLAN” on page 368.

config vlan <vid> create bysvlan <sid> [name <value>] [color <value>]


Note: You must follow these steps in sequence to configure an sVLAN.

Command Parameter



Creating an sVLAN

To create a VLAN of type sVLAN, use the following command:


This command allows you to specify the type of VLAN. The required parameter vid is the VLAN ID. VLAN 1 is the default VLAN.


Figure 152 on page 369 shows sample output for the config vlan info command.


followed by:


Creates an sVLAN.

• <sid> is spanning tree ID.





Creates an sVLAN.


• name <value> is the name of the sVLAN.

• color <value> is the color of the sVLAN from 0 to 32. The color attribute is used by Optivity software to display the VLAN.

314725-E Rev 00


Figure 152 Config vlan info command output

Figure 153 on page 370 uses all the commands required to create an sVLAN.

Note: You must enter the commands in sequence.

ERS-8606:5/config/vlan/2# create bysvlan 2 name SVLAN2 color 11 ERS-8606:5/config/vlan/2# info

Sub-Context: clear config dump monitor show test trace wsm asfm samCurrent Context: action : N/A add-mlt : addDsapSsap : removeDsapSsap : N/A agetime : N/A delete : N/A qoslevel : 1 name : SVLAN2 Security-vlan-type : none Cluster : 0



Figure 153 Sample command output for creating an sVLAN

Setting the Ethertype and switch level

To set the Ethertype and switch level, use the following command:

config svlan

For sVLAN configurations, you must set the switch level to 1 or higher.

The config svlan command includes the following parameters:

config svlan

followed by:

info Shows current configuration information for an sVLAN (Figure 154).

ether-type level <value> <ethertype>

Sets an sVLAN tag for a switch level.

• <value> is an integer value in the range of 1 to 7.

• <ethertype> is a hex value in the range of 0x5dd to 0xffff.

level <level> Specifies the switch level associated with this sVLAN.

• <level> is an integer value in the range of 0 to 7. Level 0 (normal port) 802.1Q frames are classified into port-based VLANs.

Level 1 to 7: any frame type is transparently switched and an additional Ethertype 4 bytes is added.

The default level is 0.

ERS-8606:5# config svlan level 3ERS-8606:5# config ethernet 2/1 svlan-porttype uniwarning: Ports 2/1 may be removed from all the Vlans and Stgs. Do you want to continue? (y/n) ? yERS-8606:5# config stg 9 create mac 01:90:c2:00:00:00 type stgsvlanERS-8606:5# config vlan 1476 create bysvlan 9 name SVLAN2 color 11ERS-8606:5# config stg 9 add ports 2/3ERS-8606:5#

314725-E Rev 00


Figure 154 shows the config svlan info command output.

Figure 154 Config svlan info command output

Showing Ethertype and switch level information

To display sVLAN Ethertype and level information, use the following commands:

show svlan info ether-typeshow svlan info active-level

ERS-8606:5# config svlan info


LEVEL ETHER-TYPE 0 0x8100 1 0x8020 2 0x8030 3 0x8040 4 0x8050 5 0x8060 6 0x8070 7 0x8080

Active-Level = 0 ERS-8606:5



Figure 155 shows sample output for the show svlan info ether-type and active-level commands.

Figure 155 Show svlan info command output

Table 61 describes the fields for this command.

Table 61 Show svlan info ether-type parameters

Field Description

LEVEL Indicates the value that identifies the switch level associated with this entry.

ETHER-TYPE Indicates the ether type value used for sVLAN tagging.

ERS-8610:5# show svlan info ether-type

=========================================================================== Stacked Vlan Ether Type===========================================================================LEVEL ETHER-TYPE---------------------------------------------------------------------------0 0x81001 0x80202 0x80303 0x80404 0x80505 0x80606 0x80707 0x8080

ERS-8610:5# show svlan info active-levelActive-Level = 0ERS-8610:5#

314725-E Rev 00


Setting the sVLAN port type

You must set the sVLAN port type to sVLAN UNI or sVLAN NNI.

To set the sVLAN port type, use the following command:

config ethernet <ports> svlan-porttype <normal|uni|nni>

The warning shown in Figure 156 appears.

Figure 156 sVLAN-porttype warning

When you configure a UNI port in the CLI, the tagged-frames-discard parameter is automatically enabled. Similarly, when you configure an NNI port in the CLI, the untagged-frames-discard parameter is automatically enabled.

The

config ethernet <ports>

Note: Because each OctaPID can support up to eight ports, you must designate all ports within an OctaPID as either normal or sVLAN (that is, the ports can be all Normal or a combination of UNI/NNI within the Octapid, which can be up to eight ports). See Appendix A, “Tap and OctaPID assignment (Release 3.x feature set) and “Configuring sVLANs using the CLI” on page 365.

ERS-8606:5# config svlan level 1ERS-8606:5# config ethernet 10/12 svlan-porttype uniwarning: Ports 10/9-10/16 may be removed from all the Vlans and Stgs. Do you want to continue? (y/n) ? yERS-8606:5#



command includes the following parameters:

Figure 157 shows sample output for the config ethernet <ports> info command.

config ethernet <ports>

followed by:

info Shows the current port settings (Figure 157).

svlan-porttype <normal|uni|nni>

Sets the port type for the sVLAN to normal, user-to-network interface (UNI), or network-to-network interface (NNI). The default is normal.

314725-E Rev 00


Figure 157 Config ethernet <ports> info command output

ERS-8606:5/config/ethernet/4/1# info

Sub-Context: eapol fw-isd ip ipv6 ipx lacp limit-fdb-learning mroute-limit multimedia pcap remote-mirroring smlt stg unknown-mac-discard vlacpCurrent Context:

Port 4/1 : lock : false block-traffic : false name : auto-negotiate : true enable-diffserv : false access-diffserv : false qos-level : 1 routing : enable unknown-mac-discard : disable high-secure : false default-vlan-id : 1 untag-port-default-vlan : disable

tagged-frames-discard : disable perform-tagging : disable svlan-porttype : normal

untagged-frames-discard : disable loop-detect : disable action port-down

arp-detect disable state : up linktrap : enable

multicast-bandwidth-limit : disabled broadcast-bandwidth-limit : disabled

tx-flow-control : disabled sffd : disabled cp-limit : enabled multicast-limit 10000

broadcast-limit 10000 shape : disabled 802.1p-override : disable auto-recover-port : disable ext-cp-limit : None threshold-util-rate 50

ERS-8606:5#



Creating an sVLAN STG

To set a tagged bridge protocol data unit (BPDU) address different from the standardized BPDU address and create an sVLAN STG, use the following command:

config stg <sid>

The config stg <sid> command configures parameters for a specified spanning tree group, where <sid> is the spanning tree group ID.

The config stg <sid> command includes the following parameters:

config stg <sid>

followed by:

info Shows current configuration information.

add ports <value> Adds ports for the STG.

• <value> is the port list.


Creates a new STG.

• <ports> specifies one or more ports.

• vlan <value> is the tagged BPDU VLAN ID. If a VLAN spans multiple switches, it must be within the same STG across all switches.

• mac <value> is the tagged BPDU MAC address.

• type <value> sets the STG to normal or sVLAN. Choices are stgsvlan or stgnormal.

• ntstg <value> enables or disables NTSTG. Choices are enable or disable.

delete Deletes an STG.

forward-delay <timeval> Bridges forward delay time for the STG.

• <timeval> is the number in hundredths of a second.

group-stp <enable|disable> Enables or disables STP for a specific STG.

hello-interval <timeval> Bridge hello time for the STG.


314725-E Rev 00


Figure 158 on page 378 shows sample output for the config stg info command.

max-age <timeval> Bridges maximum age time for the STG.


priority <number> Bridges priority for the STG.

• <number> is the priority number.

remove ports <value> Removes ports for the STG.

• <value> is the port list.

trap-stp <enable|disable> Enables or disables STP traps for a specific STG.

config stg <sid>

followed by:



Figure 158 Config stg info command output

Adding UNI or NNI ports to the STG

To add UNI or NNI ports to the STG, use the following command:

config stg <sid> add ports <ports>

The config stg <sid> command configures parameters for a specified spanning tree group, where <sid> is the spanning tree group ID.

The config stg <sid> command includes the following options:

config stg <sid>

followed by:

add ports <ports> Adds ports to a STG.

• <ports> specifies one or more ports.

ERS-8606:5# config stg 1 info


add ports : 2/1-2/8,4/1-4/30 create : 1 delete : N/A forward-delay : 1500 group-stp : true hello-interval : 200 max-age : 2000 priority : 32768 remove ports : N/A trap-stp : true type : normal nt-stg : enable

ERS-8606:5#

314725-E Rev 00

379

Chapter 9Configuring STGs using the CLI

You can set up spanning tree groups (STG) by using the spanning tree group commands. You can set parameters for a group and for ports in that group. You can also enable or disable the Spanning Tree Protocol in an STG.

The Ethernet Routing Switch 8600 modules support up to 64 STGs in a switch.

This section includes information about configuring STG and its parameters by using the appropriate commands and includes the following topics:

For conceptual information about spanning tree protocols, see “Spanning tree protocols” on page 66.

Topic Page

Roadmap of spanning tree commands 380

Configuring the spanning tree protocol mode 384

Configuring Spanning Tree Protocol 385

Configuring Rapid Spanning Tree Protocol 403

Configuring Multiple Spanning Tree Protocol 413


380 Chapter 9 Configuring STGs using the CLI

Roadmap of spanning tree commands

The following roadmap lists all spanning tree commands and their parameters. Use this list as a quick reference or click on any entry for more information:

Command Parameter

config bootconfig flags spanning-tree-mode <rstp|mstp|default>

config rstp info

force version <stp-compatible|rstp>

forward-delay <number>


hello-time <number>

max-age <number>

pathcost-type <16-bit|32-bit>

priority <number>

tx-holdcount <number>

show rstp config

show rstp stats

show rstp status

show ports info rstp config [vlan <value>] [port <value>]


show ports info rstp stats [vlan <value>] [port <value>]

show ports info rstp role port <portlist>

314725-E Rev 00

Chapter 9 Configuring STGs using the CLI 381

config eth <portlist> rstp info

edge-port <true|false>

p2p <forcetrue|forcefalse|auto>

pathcost <value>

priority <value>

protocol-migration <true|false>

stp <enable|disable>

config mstp info


hop count <number>

tx-holdcount <number>

config mstp region info

name <string>

revision <number>

config-id-sel <number>

config mstp cist info

force-version <stp-compatible|rstp|mstp>

forward-delay <number>

max-age <number>

priority <number>

config mstp msti <instid> info

priority

show mstp config

show mstp instance <instid>

show mstp stats

show mstp status

Command Parameter



show ports info mstp cistinfo [vlan <value>] [port <value>]

mstiinfo [vlan <value>] [port <value>]

ciststat [vlan <value>] [port <value>]

mstistat [vlan <value>] [port <value>]

cistrole [vlan <value>] [port <value>]

mstirole [vlan <value>] [port <value>]

config eth <portlist> mstp cist info

edge-port <true|false>

forceportstate <enable|disable>

hello-time <value>

p2p <forcetrue|forcefalse|


priority <value>

pathcost <number>

config eth <portlist> mstp msti <instid>

info

priority <value>

pathcost <value>

forceport state <enable|disable>

config stg <sid> info

add ports <ports>


Command Parameter

314725-E Rev 00


delete

forward-delay <timeval>


hello-interval <timeval>

max-age <timeval>

priority <number>

remove ports <value>


config ethernet <ports> stg <sid> info

change-detection <enable|disable>

faststart <enable|disable>

pathcost <intval>

priority <intval>

stp <enable|disable>

faststart <enable|disable>

show stg show-all

show stg info config <sid>

show stg info status <sid>

show ports info stg main [vlan <value>] [port <value>]

show ports info stg extended [vlan <value>] [port <value>]

show ports stats stg <ports>

Command Parameter



Configuring the spanning tree protocol mode

There are three spanning tree protocol modes on the Ethernet Routing Switch 8600: Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP), and Legacy (Spanning Tree Protocol). To set the spanning tree mode of the switch, use the following command:

config bootconfig flags spanning-tree-mode <rstp|mstp|default>

where:rstp|mstp|default are the Spanning Tree modes RSTP, MSTP, and Legacy. The default is Legacy.

Figure 159 shows sample command line output for changing the spanning tree mode to RSTP.

Figure 159 Spanning tree mode commands

The config bootconfig flags spanning-tree-mode command is in the CLI Global configuration mode.

Note: To change the spanning tree mode, you must use the commands save bootconfig to save the boot configuration and boot to reboot the switch. You must start a new session on the switch.

ERS-8606:5# config bootconfig flags spanning-tree-mode rstpWarning: Please save boot configuration and reboot the switch for this to take effect.ERS-8606:5# save bootSave bootconfig to file /flash/boot.cfg successful.ERS-8606:5# bootAre you sure you want to re-boot the switch (y/n) ? y

314725-E Rev 00


Configuring Spanning Tree Protocol

The operation of the Spanning Tree Protocol (STP) is defined in the IEEE 802.1d standard. The STP detects and eliminates logical loops in a bridged or switched network. When multiple paths exist, the spanning tree algorithm configures the network so that a bridge or switch uses only the most efficient path. If that path fails, the protocol automatically reconfigures the network and makes another path active, which sustains network operations.

Spanning Tree Protocol is the default spanning tree protocol used by the Ethernet Routing Switch 8600. This section includes the following topics:

• “Configuring spanning tree group parameters”

• “Configuring STG port parameters” on page 387

• “Configuring topology change detection” on page 389

• “Using the show STG commands” on page 392

Configuring spanning tree group parameters

To configure parameters for a specified spanning tree group, enter the following command:

config stg <sid>

where:sid is the spanning tree group ID.


config stg <sid>

followed by:

info Shows characteristics of the spanning tree group.

add ports <ports> Adds port to a spanning tree group.

• <ports> specifies one or more slot/port numbers.

Ports can not be added to the STG if they are:

• configured as Single Port SMLT

• configured as members of another STG




Creates a new spanning tree group.

• <ports> specifies one or more slot/port numbers.

Note: Ports cannot be added to the STG if configured as Single Port SMLT, or as a member of another STG.

• vlan <value> is the VLAN ID. If a VLAN spans multiple switches, it must be within the same STG across all switches.

• mac <value> is the MAC address.

• type <value> is the type of STG. Choices are stgnormal or stgsvlan.

• ntstg <value> enables or disables STP. Choices are enable or disable.

delete Deletes the specified spanning tree group.

forward-delay <timeval> Sets the bridge forward delay time in hundredths of a second. The default is 1500 (15 seconds).


Enables or disables the Spanning Tree Protocol on the specified spanning tree group.

hello-interval <timeval> Sets the bridge hello time in hundredths of a second. The default is 200 (2 seconds).

max-age <timeval> Sets the bridge maximum age time in hundredths of a second. The default is 2000 (20 seconds).

priority <number> Sets the bridge priority number.

• <number> is between 0 and 65535.

remove ports <value> Removes ports from a spanning tree group.• <value> is the specified port.


Enables or disables the Spanning Tree Protocol trap for the specified spanning tree group.

Note: Disabling the Spanning Tree Protocol can reduce CPU overhead slightly. However, unless you are using the switch in a simple network with little possibility of looping, Nortel recommends that you leave the Spanning Tree Protocol enabled.

config stg <sid>

followed by:

314725-E Rev 00


Figure 160 shows sample output for the config stg info command.

Figure 160 Config stg info command output

Configuring STG port parameters

Ports must have tagging enabled to belong to multiple spanning tree groups.

To configure spanning tree group port parameters, enter the following command:

config ethernet <ports> stg <sid>

Note: Nortel recommends that you enable FastStart as an alternative to disabling Spanning Tree Protocol on an individual port. The Spanning Tree Protocol is currently not supported on SMLT/IST ports, and must be disabled.

ERS-8606:5# config stg 1 info


add ports : 2/1-2/8,4/1-4/30 create : 1 delete : N/A forward-delay : 1500 group-stp : true hello-interval : 200 max-age : 2000 priority : 32768 remove ports : N/A trap-stp : true type : normal nt-stg : enable

ERS-8606:5#



where:<ports> is the slot/port you want to add to the STG.<sid> is the spanning tree group ID.


To display the current settings for the spanning tree group, use the following command:


config ethernet <ports> stg <sid>

followed by:

info Shows current settings for the port spanning tree group.

faststart <enable|disable> Enables or disables the FastStart feature. When FastStart is enabled, the port goes through the normal listening and learning states before forwarding, but the hold time for these states is the bridge hello timer (2 seconds by default) instead of the bridge forward delay timer (15 seconds by default).

change-detection <enable|disable>

Enables or disables topology change detection for the specified spanning tree. The default is enable.

pathcost <intval> Sets the contribution of this port to the path cost.

• <intval> is the cost (1 to 65535).

priority <intval> Sets the priority of this port.• <intval> is the priority (0 to 255).

Note: Although port priority values can range from 0 to 255, only the following values are used: 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, 240

stp <enable|disable> Enables or disables the Spanning Tree Protocol.

Note: Spanning Tree Protocol must be disabled on SMLT or IST ports.

314725-E Rev 00




Figure 161 Config ethernet <slot/port> stg <sid> info command output

Configuring topology change detection

Change detection is enabled by default. With change detection enabled, when a topology change occurs, a trap is sent containing the MAC address of the STG sending the topology change notification (TCN), the port number, and the STG ID. You can use this information to identify the device. For more information about change detection, see “Spanning Tree Protocol topology change detection” on page 70.

To configure topology change detection, use the following command:

config ethernet <ports> stg <sid> change-detection <enable|disable>

ERS-8606:5# config ethernet 4/1 stg 1 info


Port 4/1 : change-detection : enable faststart : disable pathcost : 100 priority : 128 stp : enable

ERS-8606:5#




If you enable change detection on an MLT with access ports, the setting is automatically applied to all ports in the MLT.

Querying the change detection setting

To query the change detection setting, use the following command:



Figure 161 on page 389 shows sample output for this command.

The show ports info stg main command (Figure 162 on page 391) also shows the change detection setting.

314725-E Rev 00


Figure 162 Show ports info stg main command output

Table 62 explains the field parameters for this command.

Table 62 Show ports info stg main parameters

Field Description

SID Indicates the STG identifier this port is assigned to.

PORT_NUM Indicates the port number and slot.

PRIO Indicates the value of the priority field that is contained in the first (in network byte order) octet of the (two octet long) port ID.

ERS-8606:5# show ports info stg main

========================================================================== Port Stg========================================================================== ENABLE FORWARD CHANGESID PORT_NUM PRIO STATE STP FASTSTART PATHCOST TRANSITION DETECTION--------------------------------------------------------------------------1 2/1 128 forwarding false false 1 0 false1 2/2 128 forwarding false false 1 0 false1 2/3 128 forwarding false false 1 0 false1 2/4 128 forwarding false false 1 0 false1 2/5 128 forwarding false false 1 0 false1 2/6 128 forwarding false false 1 0 false1 2/7 128 forwarding false false 1 0 false1 2/8 128 forwarding false false 1 0 false1 4/1 128 disabled true false 100 0 true1 4/2 128 disabled true false 100 0 true1 4/3 128 disabled true false 100 0 true1 4/4 128 disabled true false 100 0 true1 4/5 128 disabled true false 100 0 true1 4/6 128 disabled true false 100 0 true1 4/7 128 disabled true false 100 0 true1 4/8 128 disabled true false 100 0 true

ERS-8606:5#



Using the show STG commands

To display the status of spanning tree on the switch or on a port, use the show stg commands.

This section includes information on show commands:

• “Displaying all STG information” on page 393• “Displaying STG configurations” on page 397• “Displaying STG status” on page 398• “Displaying basic STG information” on page 398• “Displaying additional STG information” on page 399• “Displaying STG statistics counters” on page 401

STATE Indicates the port current state as defined by the application of the Spanning Tree Protocol. This state controls what action a port takes on reception of a frame. If the bridge has detected a port that is malfunctioning it places that port into the broken state. Options include:

• disabled• blocking

• listening

• learning• forwarding

• broken

ENABLE STP Indicates that the Spanning Tree Protocol is active in this STG.

FASTSTART Indicates that the port is moved straight to the forwarding state upon being enabled.

PATHCOST Indicates the contribution of this port to the path cost of paths towards the spanning tree root which includes this port. 802.1d-1990 recommends that the default value of this parameter be inversely proportional to the speed of the attached LAN.

FORWARD TRANSITION Indicates the number of times this port has transitioned from the learning state to the forwarding state.

CHANGE DETECTION Indicates if topology change notifications are sent for the port.

Table 62 Show ports info stg main parameters (continued)

Field Description

314725-E Rev 00


Displaying all STG information

To display all spanning tree group information, enter the following command:

show stg show-all

The command uses the syntax:

show stg show-all file <value>

where:<value> is the filename to which the output will be redirected.




Figure 163 Show stg show-all sample output

Table 63 explains the field headings for this command output.

Table 63 Show stg show-all parameters

Field Description

Stg Config

STG ID Indicates the STG identifier.

SJ-ERS-8610:6/show/stg# show-all

# show stg info config

================================================================== Stg Config==================================================================STG BRIDGE BRIDGE FORWARD ENABLE STPTRAPID PRIORITY MAX_AGE HELLO_TIME DELAY STP TRAP NT-STG------------------------------------------------------------------1 32768 2000 200 1500 true true enable

STG TAGGBPDU TAGGBPDU STG PORTID ADDRESS VLAN_ID TYPE MEMBER------------------------------------------------------------------1 01:80:c2:00:00:00 0 normal 1/1-1/48,7/1-7/3,8/1-8/8

Total number of STGs : 1

# show stg info status

================================================================== Stg Status==================================================================STG BRIDGE NUM PROTOCOL TOPID ADDRESS PORTS SPECIFICATION CHANGES------------------------------------------------------------------1 00:12:83:89:20:01 59 ieee8021d 0

STG DESIGNATED ROOT ROOT MAX HELLO HOLD FORWARDID ROOT COST PORT AGE TIME TIME DELAY------------------------------------------------------------------1 80:00:00:12:83:89:20:01 0 cpp 2000 200 100 1500


314725-E Rev 00


PRIORITY Indicates the value of the priority field that is contained in the first (in network byte order) octet of the two octet long port ID.

BRIDGE MAX_AGE Indicates the value that all bridges use for the bridge maximum age when this bridge acts as the root.

BRIDGE HELLO_TIME Indicates the value that all bridges use for the bridge hello timer when this bridge acts as the root.

FORWARD DELAY Indicates the value that all bridges use for forward delay when this bridge acts as the root. This time value, measured in units of hundredths of a second, controls how fast a port changes its spanning state when moving towards the forwarding state. The value determines how long the port stays in each of the listening and learning states, which precede the forwarding state. This value is also used, when a topology change is detected and is underway, to age all dynamic entries in the forwarding database.

ENABLE STP Indicates that the Spanning Tree Protocol is active in this STG.

STPTRAP TRAP Indicates the traps relating to the Spanning Tree Protocol which are sent for this STG.

NT-STG Indicates the whether this STG is operating in Nortel mode or in Cisco mode.• enable—Nortel mode

• disable—Cisco mode

Stg Status


BRIDGE ADDRESS Indicates the MAC address used by this bridge when it must be referred to in a unique fashion. Nortel recommends that this be the numerically smallest MAC address of all the ports that belong to this bridge.

NUM PORTS Indicates the number of ports controlled by this bridging entity.

PROTOCOL SPECIFICATION

Indicates the version of the Spanning Tree Protocol that is used. The value decLb100 indicates the DEC LAN bridge 100 Spanning Tree protocol. IEEE 802.1d implementations will return ieee8021d.

TOP CHANGES Indicates the total number of topology changes detected by this bridge since the management entity was last reset or initialized.

Table 63 Show stg show-all parameters (continued)

Field Description



DESIGNATED ROOT Indicates the bridge identifier of the root of the spanning tree as determined by the Spanning Tree Protocol as executed by this node. This value is used as the root identifier parameter in all configuration Bridge PDUs originated by this node.

ROOT COST Indicates the cost of the path to the root as seen from this bridge.

ROOT PORT Indicates the port number of the port that offers the lowest cost path from this bridge to the root bridge.

MAX AGE Indicates the maximum age of Spanning Tree Protocol information learned from the network on any port before it is discarded, in units of hundredths of a second. This is the actual value that this bridge is currently using.

HELLO TIME Indicates the amount of time between the transmission of configuration bridge PDUs by this node on any port when it is the root of the spanning tree or trying to become so, in units of hundredths of a second. This is the actual value that this bridge is currently using.

HOLD TIME Indicates the interval length during which no more than two configuration bridge PDUs are transmitted by this node, in units of hundredths of a second.

FORWARD DELAY Indicates the how fast (in hundredths of a second) a port changes its spanning state when moving towards the Forwarding state. The value determines how long the port stays in each of the listening and learning states, which precede the forwarding state. This value is also used, when a topology change is detected and is underway, to age all dynamic entries in the forwarding database. Note: This value is the one that this bridge is currently using, in contrast to the bridge forward delay which is the value that this bridge and all others would start using if this bridge were to become the root.

Table 63 Show stg show-all parameters (continued)

Field Description

314725-E Rev 00


Displaying STG configurations

To display the spanning tree group configuration for the switch or for the specified spanning tree group, enter the following command:


The command syntax is:


where:<sid> is the spanning tree group ID.

Figure 164 shows sample output for the show stg info config command.

Figure 164 Show stg info config command output

See Table 63 on page 394 for descriptions of the parameters for this command.

ERS-8606:5# show stg info config

============================================================================== Stg Config==============================================================================STG BRIDGE BRIDGE FORWARD ENABLE STPTRAPID PRIORITY MAX_AGE HELLO_TIME DELAY STP TRAP NT-STG ------------------------------------------------------------------------------1 32768 2000 200 1500 true true enable

STG TAGGBPDU TAGGBPDU STG PORTID ADDRESS VLAN_ID TYPE MEMBER------------------------------------------------------------------------------1 01:80:c2:00:00:00 0 normal 2/1-2/8,4/1-4/30


ERS-8606#



Displaying STG status

To display the spanning tree group status for the specified spanning tree group or all STGs, enter the following command:

show stg info status <sid>

where:<sid> is the spanning tree group ID.

Figure 165 shows sample output for the show stg info status command.

Figure 165 Show stg info status command output


Displaying basic STG information

To display basic spanning tree group information about one or more specified ports or about all ports, enter the following command:

show ports info stg main [vlan <value>] [port <value>]

ERS-8606:5# show stg info status

============================================================================= Stg Status=============================================================================STG BRIDGE NUM PROTOCOL TOP ID ADDRESS PORTS SPECIFICATION CHANGES -----------------------------------------------------------------------------1 00:80:2d:c0:90:01 38 ieee8021d 75

STG DESIGNATED ROOT ROOT MAX HELLO HOLD FORWARD ID ROOT COST PORT AGE TIME TIME DELAY -----------------------------------------------------------------------------1 80:00:00:80:2d:c0:90:01 0 cpp 2000 200 100 1500

Total number of STGs : 1ERS-8606:5#

314725-E Rev 00


where:vlan <value> is the VLAN ID from 1 to 4 092,port <value> is the port or range of ports.


(For more information about the show ports info stg extended command, see “Displaying basic STG information” on page 398.)

Figure 166 shows sample output for the show ports info stg main command.

Figure 166 Show ports info stg main command output


Displaying additional STG information

To display additional spanning tree group information about the specified port or about all ports, enter the following command:

show ports info stg extended [vlan <value>] [port <value>]

ERS-8606:5# show ports info stg main 4/1

============================================================================== Port Stg============================================================================== ENABLE FORWARD CHANGESID PORT_NUM PRIO STATE STP FASTSTART PATHCOST TRANSITION DETECTION------------------------------------------------------------------------------1 4/1 128 disabled true false 100 0 true

ERS-8606:5#



where:vlan <value> is the VLAN ID from 1 to 4 092,port <value> is the port or range of ports.


This information is less often used in switch monitoring than the information obtained with the show ports info stg main command (page 398).

Figure 167 shows sample output for the show ports info stg extended command.

Figure 167 Show ports info stg extended command output

Table 64 explains the parameters for this command.

Table 64 Show ports info stg extended parameters

Field Description



ERS-8606:5# show ports info stg extended

============================================================================= Port Stg Extended=============================================================================

----------------------DESIGNATED----------------SID PORT_NUM ROOT COST BRIDGE PORT -----------------------------------------------------------------------------1 2/1 80:00:00:80:2d:c0:90:01 0 80:00:00:80:2d:c0:90:01 80:801 2/2 80:00:00:80:2d:c0:90:01 0 80:00:00:80:2d:c0:90:01 80:811 2/3 80:00:00:80:2d:c0:90:01 0 80:00:00:80:2d:c0:90:01 80:82

314725-E Rev 00


Displaying STG statistics counters

To display statistics counters for spanning tree groups on all ports or the specified port, enter the following command:

show ports stats stg <ports>

where:<ports> is the port or list of ports.

Figure 168 on page 402 shows sample output for the show ports stats stg command.

DESIGNATED ROOT Indicates the bridge identifier of the root of the spanning tree as determined by the Spanning Tree Protocol as executed by this node. This value is used as the root identifier parameter in all configuration bridge PDUs originated by this node.

DESIGNATED ROOT COST

Indicates the cost of the path to the root as seen from this bridge.

DESIGNATED BRIDGE ADDRESS

Indicates the MAC address used by this bridge when it must be referred to in a unique fashion. Nortel recommends that this be the numerically smallest MAC address of all the ports that belong to this bridge.

DESIGNATED ROOT PORT

Indicates the port number of the port that offers the lowest cost path from this bridge to the root bridge.

Table 64 Show ports info stg extended parameters (continued)

Field Description



Figure 168 Show ports stats stg command (partial output)

Table 65 explains the parameters for this command.

Table 65 Show ports stats stg extended parameters

Field Description


IN_CONFIG BPDU Indicates the number of configuration BPUs received by this port.

IN_TCN BPDU Indicates the number of topology change notification BPUs received by this port.

IN_BAD BPDU Indicates the number of bad BPUs received by this port.

OUT_CONFIG BPDU Indicates the number of Config BPUs transmitted by this port.

OUT_TCN BPDU Indicates the number of topology change notification BPUs transmitted by this port.

ERS-8606:5# show ports stats stg

============================================================================== Port Stats Stg==============================================================================PORT IN_CONFIG IN_TCN IN_BAD OUT_CONFIG OUT_TCN NUM BPDU BPDU BPDU BPDU BPDU ------------------------------------------------------------------------------2/1 0 0 0 0 0 2/2 0 0 0 0 0 2/3 0 0 0 0 0

314725-E Rev 00



Rapid Spanning Tree Protocol (RSTP) reduces the recovery time after a network breakdown. For more information about MSTP, see “Rapid Spanning Tree Protocol and Multiple Spanning Tree Protocol” on page 73.

This section describes the following topics:

• “Configuring Rapid Spanning Tree Protocol”

• “Showing RSTP config” on page 404

• “Showing RSTP stats” on page 405

• “Showing RSTP status” on page 406

• “Showing ports info RSTP config” on page 407

• “Showing ports info RSTP stats” on page 408

• “Showing ports info RSTP config” on page 410

• “Showing ports info RSTP role” on page 411

• “Configuring Ethernet RSTP” on page 412


To set the Rapid Spanning Tree Protocol (RSTP) parameters for the bridge, use the following command:

config rstp

The config rstp command is in the CLI Global configuration mode.

Note: If you use the force version command to change the STP version to MSTP or RSTP, you must reconfigure the Root Path Cost parameter. It does not return to the default value when the version is changed; instead, its value is changed to 65535.




Showing RSTP config

To display the Rapid Spanning Tree Protocol (RSTP) configuration details, use the following command:

show rstp config

The show rstp config command is in the CLI Global configuration mode.

Figure 169 on page 405 shows sample output for the show rstp config command.

config rstp

followed by:


force version <stp-compatible|rstp>

Sets the RSTP bridge version; default is rstp.

forward-delay <number> Sets the RSTP forward delay for the bridge from 400 to 3000 hundredths of a second.


Enables or disables RSTP for a specific STG.

hello-time <number> Sets the RSTP hello time delay for the bridge from 100 to 1000 hundredths of a second.

max-age <number> Sets the RSTP maximum age time for the bridge from 600 to 4000 hundredths of a second.


Sets the RSTP default pathcost version; default is 32 bits.

priority <number> Sets the RSTP bridge priority from 0 to 61440 in steps of 4096.

tx-holdcount <number> Sets the RSTP Transmit Hold Count from 1 to 10; default is 3.

314725-E Rev 00


Figure 169 Show rstp config command

Showing RSTP stats

To show RSTP statistics, use the following command:

show rstp stats

The show rstp stats command is in the CLI Global configuration mode.

Figure 170 on page 406 shows sample output for the show rstp stats command.

ERS-8606:5# show rstp config

============================================================ RSTP Configuration============================================================Rstp Module Status : EnabledPrority : 32768 (0x8000)Stp Version : rstp ModeBridge Max Age : 20 secondsBridge Hello Time : 2 secondsBridge Forward Delay Time : 15 secondsTx Hold Count : 3PathCost Default Type : 32-bit

ERS-8606:5#



Figure 170 Show rstp stats command

Showing RSTP status

To display the Rapid Spanning Tree Protocol (RSTP) related status information for the selected bridge, use the following command:

show rstp status

This command is in the CLI Global configuration mode.

Figure 171 on page 407 shows sample output for the show rstp status command.

ERS-8606:5# show rstp stats

============================================================ RSTP Statistics============================================================Rstp UP Count : 1Rstp Down Count : 0Count of Root Bridge Changes : 0Stp Time since Topology change: 487 seconds Total No. of topology changes : 2ERS-8606:5#

314725-E Rev 00


Figure 171 Show rstp status command

Showing ports info RSTP config

To display the Rapid Spanning Tree Protocol (RSTP) related port level configuration details, use the following command:


where:vlan <value> is the VLAN ID, andport <value> is a port or list of ports.

This command is in the CLI Global configuration mode.

Figure 172 on page 408 shows sample output for the show ports info rstp config command.

ERS-8606:5# show rstp status

============================================================ RSTP Status Information============================================================Designated Root : 80:00:00:80:2d:c0:90:01Stp Root Cost : 0Stp Root Port : cppStp Max Age : 20 seconds Stp Hello Time : 2 seconds Stp Forward Delay Time : 15 seconds ERS-8606:5#



Figure 172 Show ports info rstp config command output

Showing ports info RSTP stats

To display the Rapid Spanning Tree Protocol (RSTP) related port level statistics use the following command:

show ports info rstp stats [vlan <value>] [port <value>]


The show ports info rstp stats command is in the CLI Global configuration mode.

Figure 173 on page 409 shows sample output for the show ports info rstp stats command.

ERS-8606:5# show ports info rstp config

============================================================ RSTP Port Configurations============================================================Port Number : 2/1Port Priority : 128 (0x80) Port PathCost : 20000Port Protocol Migration : FalsePort Admin Edge Status : FalsePort Oper Edge Status : FalsePort Admin P2P Status : AutoPort Oper P2P Status : FalsePort Oper Protocol Version : Rstp

314725-E Rev 00


Figure 173 Show ports info rstp stats command

Showing ports info RSTP status

To display the Rapid Spanning Tree Protocol (RSTP) related status information for a selected port use the following command:

show ports info rstp status [vlan <value>] [port <value>]


The show ports info rstp status command is in the CLI Global configuration mode.

Figure 175 on page 411 shows sample output for the show ports info rstp status command.

ERS-8606:5# show ports info rstp stats

============================================================= RSTP Port Statistics=============================================================Port Number : 2/1Number of Fwd Transitions : 1Rx RST BPDUs Count : 0Rx Config BPDU Count : 0Rx TCN BPDU Count : 0Tx RST BPDUs Count : 737Tx Config BPDU Count : 0Tx TCN BPDU Count : 0Invalid RST BPDUs Rx Count : 0Invalid Config BPDU Rx Count : 0Invalid TCN BPDU Rx Count : 0Protocol Migration Count : 0



Figure 174 Show ports info rstp status command

Showing ports info RSTP config

To display the Rapid Spanning Tree Protocol (RSTP) related configuration information for the selected port use the following command:



The show ports info rstp config command is in the CLI Global configuration mode.

Figure 175 on page 411 shows sample output for the show ports info rstp config command.

ERS-8606:5# show ports info rstp status

============================================================== RSTP Port Status (Port Priority Vector)==============================================================Port Number : 2/1Port Designated Root : 80:00:00:80:2d:c0:90:01Port Designated Cost : 0Port Designated Bridge : 80:00:00:80:2d:c0:90:01Port Designated Port : 80:80

314725-E Rev 00


Figure 175 Show ports info rstp config command

Showing ports info RSTP role

To display the RSTP role, use the following command:

show ports info rstp role port <portlist>

where:<portlist> is the port list.

The show ports info rstp role command is in the CLI Interface configuration mode.

Figure 176 on page 412 shows the output for the show ports info rstp command.

ERS-8610:5# show ports info rstp config

============================================================== RSTP Port Configurations==============================================================Port Number : 1/1Port Priority : 128 (0x80)Port PathCost : 200000000Port Protocol Migration : FalsePort Admin Edge Status : FalsePort Oper Edge Status : FalsePort Admin P2P Status : AutoPort Oper P2P Status : FalsePort Oper Protocol Version : RstpERS-8610:5#



Figure 176 Show ports info rstp role command

Configuring Ethernet RSTP

To set RSTP parameters for the port, use the following command:

config eth <portlist> rstp

The config eth rstp info command is in the CLI Global configuration mode.



followed by:


edge-port <true|false> Sets the RSTP edge port parameter for the port.

p2p <forcetrue|forcefalse|auto>

Sets the Ethernet RSTP point-to-point parameter for the port.

ERS-8606:5# show ports info rstp role

============================================================= RSTP Port Roles and States=============================================================

Port-Index Port-Role Port-State PortSTPStatus PortOperStatus-------------------------------------------------------------2/1 Designated Forwarding Disabled Enabled 2/2 Designated Forwarding Disabled Enabled 2/3 Designated Forwarding Disabled Enabled 2/4 Designated Forwarding Disabled Enabled 2/5 Designated Forwarding Disabled Enabled 2/6 Designated Forwarding Disabled Enabled 2/7 Designated Forwarding Disabled Enabled 2/8 Designated Forwarding Disabled Enabled 4/1 Disabled Discarding Enabled Disabled

314725-E Rev 00



Multiple Spanning Tree Protocol (MSTP) allows you to configure multiple instances of RSTP on the same switch. For more information about MSTP, see “Rapid Spanning Tree Protocol and Multiple Spanning Tree Protocol” on page 73.

This section describes the following topics:

• “Configuring Multiple Spanning Tree Protocol” on page 414

• “Configuring MSTP region” on page 414

• “Configuring MSTP CIST” on page 415

• “Configuring MSTP MSTI” on page 416

• “Showing MSTP configurations” on page 417

• “Showing MSTP instance information” on page 418

• “Showing MSTP stats” on page 419

• “Showing MSTP status” on page 420

• “Showing MSTP port information” on page 421

pathcost <value> Sets the RSTP path cost parameter for the port from 1 to 20 000 000.

priority <value> Sets the Ethernet RSTP priority parameter for the port. The priority ranges from 0 to 240 in steps of 16 (0, 16, 32....240).


Sets the Ethernet RSTP protocol-migration parameter for the port.

stp <enable|disable> Enables or disables STP on the port.


followed by:




To set the Multiple Spanning Tree Protocol (MSTP) configuration version, use the following command.

config mstp

The config mstp command is in the CLI Global configuration mode.


Figure 177 shows sample output for the config mstp info command.

Figure 177 Config mstp info command

Configuring MSTP region

To configure the MSTP region, use the following command:

config mstp region

config mstp

followed by:



Sets the MSTP default path cost version; default is 32 bits.

hop count <number> Sets the MSTP hop count. The range is

400 to 4000 hundredths of a second; default is 2000.

tx-holdcount <number> Sets the MSTP Transmit Hold Count. The range is

1 to 10; the default is 3.

ERS-8606:5# config mstp info hop-count : 2000 pathcost-type : 32-bit tx-holdcount : 3

ERS-8606:5#

314725-E Rev 00


The config mstp region command is in the CLI Global configuration mode.


Figure 178 shows sample output for the config mstp region commands.

Figure 178 Config mstp region command

Configuring MSTP CIST

To configure the MSTP Common and Internal Spanning Tree (CIST) parameters, use the following command:

config mstp cist

config mstp region

followed by:


name <string> Sets the MSTP configuration name.• <string> is from 1 to 32 characters.

revision <number> Sets the MSTP region revision number

• <number> is between 0 and 65 535.

config-id-sel <number> Sets the MSTP region configuration ID number.

• <number> is between 0 and 255.

ERS-8610:6# config mstp region name mstp-region-1ERS-8610:6# config mstp region config-id-sel 250ERS-8610:6# config mstp region revision 12ERS-8610:6# config mstp region info config-id-sel : 250 region-name : mstp-region-1 revision : 12

ERS-8610:6#




Figure 179 shows sample output of these commands.

Figure 179 Config mstp cist command

Configuring MSTP MSTI

To set the Multiple Spanning Tree Instance (MSTI) configuration version, use the following command:

config mstp msti <instid>

where <instid> is the instance ID.

The config mstp msti command is in the CLI Instance configuration mode.

config mstp cist

followed by:


force-version <stp-compatible|rstp|mstp>

Sets the CIST version.

forward-delay <number> Sets the CIST forward delay from 400 to 3000 hundredths of a second; default is 1500.

max-age <number> Sets the CIST maximum age time from 600 to 4000 hundredths of a second for the bridge; the default is 2000. The step size is in hundreds.

priority <number> Sets the CIST bridge priority from 0 to 61 440 in steps of 4096; the default is 32 768.

ERS-8610:5# config mstp cist max-age 650ERS-8610:5# config mstp cist priority 4096ERS-8610:5# config mstp cist info force-version : mstp forward-delay : 1500 max-age : 600 priority : 4096 (0x1000)

ERS-8610:5#

314725-E Rev 00


This command uses the following options:

Figure 180 shows configuration information for this command.

Figure 180 Config mstp msti command

Showing MSTP configurations

To display the Multiple Spanning Tree Protocol (MSTP) related bridge-level VLAN and region information, use the following command:

show mstp config

The show mstp config command is in the CLI Global configuration mode.


config mstp msti <instid>

followed by:


priority Sets the MSTP bridge priority. Allowed values are 4096, 8192, 12 288, 16 384, 20 480, 24 576, 28 672, 32 768, 36 864, 40 960, 45 056, 49 152, 53 248, 57 344, 61 440.

ERS-8606:5# config mstp msti ?

Sub-Context:Current Context:

info priority <number>

ERS-8606:5#



Figure 181 Show mstp config.

Showing MSTP instance information

To show the MSTP instance-specific bridge and VLAN information, use the following command:

show mstp instance <instid>

where: <instid> is the instance ID.


RS-8606:5# show mstp config

============================================================== MSTP Configurations==============================================================Mstp Module Status : EnabledNumber of Msti Supported : 64Cist Bridge priority : 32768 (0x8000)Stp Version : Mstp ModeCist Bridge Max Age : 20 secondsCist Bridge Forward Delay : 15 secondsTx Hold Count : 3PathCost Default Type : 32-bitMax Hop Count : 2000Msti Config Id Selector : 0Msti Region Name : 00:80:2d:c0:90:01Msti Region Version : 0Msti Config Digest : ac:36:17:7f:50:28:3c:d4:b8:38:21:d8:ab:26:de:62

ERS-8606:5#

314725-E Rev 00


Figure 182 Show mstp instance command

Showing MSTP stats

To display the MSTP related bridge-level statistics, use the following command:

show mstp stats

The show mstp stats command is in the CLI Global configuration mode.


ERS-8606:5# show mstp inst 5

============================================================== MSTP Instance Status==============================================================Instance Id : 5Msti Bridge Regional Root : 80:00:00:03:4b:4f:d0:01Msti Bridge Priority : 32768 (0x8000)Msti Root Cost : 0Msti Root Port : cppMsti Instance Vlan Mapped : 5Msti Instance Vlan Mapped2k : Msti Instance Vlan Mapped3k : Msti Instance Vlan Mapped4k :

ERS-8606:5#



Figure 183 Show mstp stats

Showing MSTP status

To display the MSTP related status information known by the selected bridge, use the following command:

show mstp status

The show mstp status command is in the CLI Global configuration mode.


ERS-8606:5# show mstp stats

============================================================= MSTP Bridge Statistics=============================================================Mstp UP Count : 1Mstp Down Count : 0Region Config Change Count : 3Time since topology change : 0 seconds Topology change count : 0New Root Bridge Count : 1

ERS-8606:5#

314725-E Rev 00


Figure 184 Show mstp status command

Showing MSTP port information

To display the MSTP, CIST port, and MSTI port information maintained by every port of the Common Spanning Tree, use the following command:

show ports info mstp

RS-8606:5# show mstp status

=============================================================== MSTP Status===============================================================---------------------------------------------------------------Bridge Address : 00:80:2d:c0:90:01Cist Root : 80:00:00:80:2d:c0:90:01Cist Regional Root : 80:00:00:80:2d:c0:90:01Cist Root Port : cppCist Root Cost : 0Cist Regional Root Cost : 0Cist Instance Vlan Mapped : 1-1024Cist Instance Vlan Mapped2k : 1025-2048Cist Instance Vlan Mapped3k : 2049-3072Cist Instance Vlan Mapped4k : 3073-4094Cist Max Age : 20 secondsCist Forward Delay : 15 seconds

ERS-8606:5#





show ports info mstp

followed by:

cistinfo [vlan <value>] [port <value>]

Shows port CIST configuration.

• vlan <value> specifies the VLAN IDs.• port <value> specifies the portlist.

mstiinfo [vlan <value>] [port <value>]

Shows port MSTI configuration.


ciststat [vlan <value>] [port <value>]

Shows statistics for CIST port.


mstistat [vlan <value>] [port <value>]

Shows port MSTI stats.


cistrole [vlan <value>] [port <value>]

Shows port CIST port role.


mstirole [vlan <value>] [port <value>]

Shows port MSTI port role.


Note: External and internal path costs are displayed incorrectly in the show ports info CLI output for the CIST and MST.

314725-E Rev 00


Figure 185 Show ports info mstp cistinfo command output

ERS-8606:5/show/ports/info/mstp# cistinfo

==============================================================MSTP Cist Port Information(Port Priority Vector)==============================================================Port Number : 2/1Cist Port Priority : 128 (0x80)Cist Port Designated Root : 80:00:00:80:2d:c0:90:01Cist Port Designated Cost : 0Cist Port Designated Bridge : 80:00:00:80:2d:c0:90:01Cist Port Designated Port : 80:80Cist Port Regional Root : 80:00:00:80:2d:c0:90:01Cist Port Regional PathCost : 0Cist Port Protocol Migration : FalseCist Port Admin Edge Status : FalseCist Port Oper Edge Status : FalseCist Port Admin P2P Status : AutoCist Port Oper P2P Status : TrueCist Port Hello Time : 2Cist Port Oper Proto-Version : MstpPort Number : 2/2Cist Port Priority : 128 (0x80)Cist Port Designated Root : 80:00:00:80:2d:c0:90:01Cist Port Designated Cost : 0Cist Port Designated Bridge : 80:00:00:80:2d:c0:90:01Cist Port Designated Port : 80:81Cist Port Regional Root : 80:00:00:80:2d:c0:90:01Cist Port Regional PathCost : 0Cist Port Protocol Migration : FalseCist Port Admin Edge Status : FalseCist Port Oper Edge Status : FalseCist Port Admin P2P Status : AutoCist Port Oper P2P Status : TrueCist Port Hello Time : 2Cist Port Oper Proto-Version : Mstp



Configuring Ethernet MSTP CIST

To configure the Ethernet MSTP CIST parameters for a port, use the following command:

config eth <portlist> mstp cist

where:<portlist> is the port list.

The config eth mstp cist command is in the CLI Global configuration mode.


config eth <portlist> mstp cist

followed by:


edge-port <true|false> Sets the MSTP edge port parameter for the port.

forceportstate <enable|disable>

Set forceportstate for a port.

hello-time <value> Sets the hello time for a port from 100 to 1000 hundredths of a second.

p2p <forcetrue|forcefalse|

auto>

Sets the Ethernet MSTP CIST point-to-point parameter for the port.


Sets the Ethernet MSTP CIST protocol-migration parameter for the port.

priority <value> Sets the Ethernet MSTP CIST priority parameter for the port. The priority must be set in steps of 16 within the range of 0 to 240.

pathcost <number> Sets the MSTP path cost parameter for the port.

314725-E Rev 00


Configuring Ethernet MSTP MSTI

To configure the Ethernet MSTP MSTI parameters on a port, use the following command:


where:<portlist> is the port list, and <instid> is the instance ID.

The config eth mstp msti command is in the CLI Global configuration mode.



followed by:


priority <value> Sets the Ethernet MSTP MSTI priority parameter for the port.

pathcost <value> Sets the MSTP MSTI path cost parameter for the port.

forceport state <enable|disable>

Sets the MSTP MSTI force port state parameter for the port.



314725-E Rev 00

427

Chapter 10Configuring link aggregation using the CLI


This section describes the link aggregation commands.


Note: For conceptual information about link aggregation, see “Link aggregation (MLT, SMLT, LACP, VLACP)” on page 78.

Topic Page

Roadmap of link aggregation commands 428

Configuring link aggregation 433

Using the MLT and SMLT show commands 463

Troubleshooting SMLT problems 473

Global MAC filtering 477

Configuring Simple Loop Prevention Protocol 478


428 Chapter 10 Configuring link aggregation using the CLI

Roadmap of link aggregation commands

The following roadmap lists the commands used for configuring link aggregation.

Command Parameter

config mlt <mid> info

create

cp-limit <enable|disable> [multicast-limit <value>] [broadcast-limit <value>]

delete

mcast-distribution <enable|disable>

name <string>

perform-tagging <enable|disable>

svlan-porttype <uni|nni|normal>

ntstg <enable|disable>

config mlt <mid> add info

ports <ports>

vlan <vid>

config mlt <mid> remove info

ports <ports>

vlan <vid>

config lacp info

enable

disable

aggr-wait-time <milliseconds>

system-priority <integer>

smlt-sys-id <BaseMac>

fast-periodic-time <milliseconds>

slow-periodic-time <milliseconds>

timeout-scale <integer>

314725-E Rev 00

Chapter 10 Configuring link aggregation using the CLI 429

config mlt <mlt id> lacp info

enable

disable

clear-link-aggrgate

key <integer>


config <port-type> <slot|port> lacpinfo

enable

disable



key <integer>

aggregation <true|false>

mode <active|passive>

partner-key <int>

partner-port <int>

partner-port-priority <int>

partner-state <hex>

partner-system-id <mac>

partner-system-priority <int>

port-priority <integer>



port-priority <integer>



timeout <long|short>

Command Parameter




show lacp info

show ports info lacp all [vlan <value>] [port <value>]

actor-admin [vlan <value>] [port <value>]

actor-oper [vlan <value>] [port <value>]

partner-admin [vlan <value>] [port <value>]

partner-oper [vlan <value>] [port <value>]

extension [vlan <value>] [port <value>]

show ports stats lacp [port <value>]

show mlt lacp info <ifindex>

config <port-type> <slot|port> vlacp info

enable

disable



timeout <long|short>


ethertype <integer>

macaddress <mac>

show ports info vlacp [vlan <value>] [port <value>]

Command Parameter

314725-E Rev 00


config vlacp info

enable

disable

config mlt <mid> smlt info

create smlt-id <value>

delete

config mlt <mid> ist info

create ip <value> vlan-id <value>

delete

disable

enable

config ethernet <slot/port> cp-limit

<enable|disable>

multicast-limit <value>

broadcast-limit <value>

config ethernet <port> smlt <smltid>

info

create

delete

config sys set smlt-on-single-cp <enable|disable> [timer <value>]

show mlt show-all [file <value>]

show mlt error collision [<mid>]

show mlt error main [<mid>]

show mlt info [<mid>]

show mlt ist info

Command Parameter



show mlt stats [<mid>]

show ports info smlt [vlan <value>] [port <value>]

show ports info config [vlan <value>] [port <value>]

show smlt info [<mid>]

config fdb fdb-filter info

add <mac>

remove <mac>

config slpp info

etherType <pid>

remove <vid>

add <vid>

operation <enable|disable>

tx-interval <integer>

config ethernet <portlist> slpp info

packet-rx-threshold <integer>

packet-rx <enable|disable>

show slpp info

Command Parameter

314725-E Rev 00


Configuring link aggregation


This section includes configuration commands for the following topics:

• “Link aggregation commands”

• “Adding ports to a link aggregation group” on page 435

• “Removing ports from a link aggregation group” on page 437

• “Global LACP commands” on page 438

• “Aggregator configuration commands” on page 440

• “Port configuration commands” on page 441

• “LACP show commands” on page 443

• “Configuring VLACP on a port” on page 451

• “Globally enabling or disabling VLACP” on page 454

• “Creating a split multilink trunk from an existing multilink trunk” on page 455

• “Creating an interswitch trunk” on page 456

• “Creating a single port split multilink trunk” on page 460

• “Configuring SMLT-on-Single-CPU” on page 462

Link aggregation commands

To set up multilink trunks on the switch, enter the following command:

config mlt <mid>

where:<mid> is the multilink trunk ID.



The required parameter mid specifies the link aggregation ID.


Figure 186 on page 435 shows sample output for the config mlt info command.

config mlt <mid>

followed by:

info Shows current settings for the specified link aggregation group.

create Creates a link aggregation group.

cp-limit <enable|disable> [multicast-limit <value>] [broadcast-limit <value>]

Sets the control packet rate limit.

• <enable|disable> = Enables or disables control packet rate limit. To reenable the ports, issue the command config ethernet slot/port state disable, and then enable.

• multicast-limit <value> is the multicast control frame rate.

• broadcast-limit <value> is the broadcast frame rate.

delete Deletes a link aggregation group.

mcast-distribution <enable|disable>

Enables or disables multicast distribution per link aggregation group. Multicast distribution is disabled by default. For detailed information about commands used to configure multicast distribution over link aggregation, see Configuring IP Routing Multicast Protocols.

name <string> Names a link aggregation group.

• <string> is the name, from 0 to 20 characters.

perform-tagging <enable|disable>

Enables or disables tagging on a link aggregation port.

svlan-porttype <uni|nni|normal>

Sets the port type to normal, uni, or nni.

ntstg <enable|disable> Enables or disables NTSTG.

314725-E Rev 00


Figure 186 Config mlt info command output

Adding ports to a link aggregation group

To add ports to a link aggregation group, and add an existing VLAN to a link aggregation configuration, enter the following command:

config mlt <mid> add


ERS-8606:5/config# mlt 3 info

Sub-Context: atm atmcard bootconfig cli cluster diag r-module ethernet fdb filter ip ipv6 ipx lacp log mlt naap ntp pos poscard qos radius rmon slot snmp-server snmp-v3 stg svlan sys vlacp vlan web-serverCurrent Context:

create : 3 delete : N/A mcast-distribution : disable name : MLT-3 nt-stg : enable perform-tagging : disable svlan-porttype : normal portmember : cp-limit : port status MC-limit BC-limit

ERS-8606:5/config#





The following configuration example uses the config mlt commands to:

• Add ports to link aggregation group

• Add an existing VLAN to the link aggregation group


ERS-8600:5#/config/mlt/1# add port 1/1-1/7,1/9ERS-8600:5#/config/mlt/1# add vlan 1-8,10ERS-8600:5#/config/mlt/1# infoSub-Context:Current Context:ports : 1/1-1/7,1/9vlan : 1-8,10

config mlt <mid> add

followed by:

info Shows ports and VLANs added to the link aggregation group.

ports <ports> Adds ports to the link aggregation group.

• <ports> is the port number or a list of ports you want to add to the link aggregation group.

Note: If the port you are configuring already has an SMLT ID on it, you cannot add it to the link aggregation group.

vlan <vid> Adds an existing VLAN to the link aggregation group.

• <vid> is the VLAN ID or a list of VLAN IDs you want to add to the link aggregation group. The range is 1 to 4093.

314725-E Rev 00


Removing ports from a link aggregation group

To remove ports from a multilink trunk and remove a VLAN from a multilink trunk configuration, enter the following command:

config mlt <mid> remove



The following configuration example uses the config mlt <mid> remove command to:

• remove ports from a link aggregation group

• remove an existing VLAN from a link aggregation group

config mlt <mid> remove

followed by:

info Shows the ports and VLANs removed from the multilink trunk.

ports <ports> Removes ports from the multilink trunk.• <ports> is the port number or a list of

ports you want to remove from the multilink trunk.

vlan <vid> Removes a VLAN from the multilink trunk.

• <vid> is the VLAN ID or a list of VLAN IDs you want to remove from the link aggregation group. The range is 1 to 4093 VLANs.



After configuration, use the info command to view the results:

ERS-8600:5#/config/mlt/1# infoSub-Context:Current Context:ports: 1/1-1/7,1/9vlan: 1-8,10ERS-8600:5#/config/mlt/1/add# removeERS-8600:5#/config/mlt/1/remove# ports 1/1-1/7,1/9ERR-8600:5#/config/mlt/1/remove# vlan 1-8,10ERS-8600:5#/config/mlt/1/remove# infoSub-Context:Current Context:ports : vlan :

Global LACP commands

LACP can be enabled or disabled globally. When the LACP system priority is set globally, it applies to all LACP-enabled aggregators and ports. When LACP is enabled on an aggregator or a port, it will use the global system priority value.

LACP can be described in terms of link aggregation operations within a single system. You can configure a single piece of equipment such that it contains more than one system (from the point of view of the link aggregation operation).

The basic command syntax is:

config lacp

Caution: Changes to LACP made at the global level override and reset all port level settings.

Note: Standby mode for LACP aggregation groups of larger than eight ports is not supported in the current release.

Note: LACP does not support jumbo frames on the Ethernet Routing Switch 8600 v4.1

314725-E Rev 00



config lacp

followed by:


enable Enables LACP globally.

disable Disables LACP globally.


Sets the aggregator wait time in milliseconds.


Sets LACP system priority globally.

• <integer> is the system priority value within the range of 0 to 65535.

smlt-sys-id <BaseMac> Sets the LACP SMLT system ID globally.

• <BaseMac> is the MAC address in the format {0x00:0x00:0x00:0x00:0x00:0x00}.


Sets the fast periodic time globally.

• <milliseconds> is the fast periodic time value.


Sets the slow periodic time globally.

• <milliseconds> is the slow periodic time value.


Sets a timeout scale globally.

• <integer> is the timeout scale value from 2 to 10.

Note: Configuration changes to LACP timers are not reflected immediately. LACP timers are not reset until the next time LACP is restarted globally or on a port. This ensures consistency with peer switches.



Aggregator configuration commands

When LACP is enabled globally on a multilink trunk, that multilink trunk is associated with an aggregator and used for link aggregation. When LACP is disabled on a multilink trunk, this multilink trunk functions as a legacy multilink trunk. Using the command clear-link-aggrgate is equivalent to disabling and reenabling LACP on the multilink trunk.

You can attach ports to an aggregator only if their system priorities are the same; otherwise, they are considered to be operating in two different switches. You can attach ports to an aggregator only if their keys are the same.

The basic command syntax is:

config mlt <mlt id> lacp

where:<mlt id> is the multilink trunk ID.


config mlt <mlt id> lacp

followed by:


enable Enables LACP for a specific multilink trunk.

disable Disables LACP for a specific multilink trunk.

clear-link-aggrgate Clears link aggregation information for a specific multilink trunk.

key <integer> Sets LACP aggregator key for a specific multilink trunk.• <integer> is the LACP actor admin key.


Sets LACP system priority for a specific multilink trunk.• <integer> is the system priority within the

range 0 to 65 535.

314725-E Rev 00


Port configuration commands

You can enable or disable LACP on selected ports. A port can operate in active or passive mode. You can configure LACP to use long timeout or short timeout. A port can be configured to be an individual link or an aggregateable link. All the timers are configurable, however, when you change a timer, ensure that you restart LACP either globally, or on the port, for the changes to be consistent across the link. The basic command syntax is:

config <port-type> <slot|port> lacp

where:<port-type> is Ethernet (eth) or Packet over SONET (pos); and<slot|port> is the slot and port number.


Caution: Changes made at the global level override and reset all port level settings.

config <port-type> <slot/port> lacp

followed by:


enable Enables LACP for a specific port type.

disable Disables LACP for a specific port type.


Sets the aggregation wait time (in milliseconds) for a specific port type.


Sets the fast periodic time (in milliseconds) for a specific port type.

key <integer> Sets LACP aggregation key for a specific port type. You can use a default key only for individual ports

aggregation <true|false>

Sets individual port or aggregatable for a specific port type.

• true sets port as aggregatable.

• false sets port as individual.

mode <active|passive> Sets the mode as active or passive for a specific port type.



partner-key <int> Sets the port partner administration key value.• <int> is the LACP partner administrative key;

an integer value in the range of 0 and 65 535.

partner-port <int> Sets the port partner administration port value.• <int> is the LACP partner’s administrative

port; an integer value in the range of 0 and 65 535.

partner-port-priority <int>

Sets the port partner administration port priority value.

• <int> is the LACP partner administrative port priority; an integer value in the range of 0 and 65 535.

partner-state <hex> Sets the port partner administration state.• <hex> is the LACP partner administrative state

bitmap (Exp, Def, Dis, Col, Syn, Agg, Time, Act).

Example:• Activity = true

• Aggregating = true

• val = 00000101 (0x05) {0x0..0xff}

partner-system-id <mac> Sets the port partner administration system ID.

• <mac> is the LACP partner administrative system ID MAC address in the format: 0x00:0x00:0x00:0x00:0x00:0x00.

partner-system-priority <int>

Sets the port partner administration system priority value.• <int> is the LACP partner administrative

system priority; an integer value in the range of 0 and 65 535.

port-priority <integer> Sets the LACP port priority to specific port type. The default value is 32 768.

• <integer> is the port priority value; an integer value in the range of 0 and 65 535.


Sets the slow periodic time (in milliseconds) for a specific port type.


Sets system priority for a specific port-type.• <integer> is the system priority value within

the range of 0 to 65 535.


followed by:

314725-E Rev 00


LACP show commands

This section describes show commands you can use to display LACP information.

Displaying global LACP configuration information

To display global LACP configuration information, enter the following command:

show lacp info

Figure 187 on page 444 shows the output for the show lacp info command.

timeout <long|short> Sets the timeout value to either long or short for a specific port type.

timeout-scale <integer> Sets a timeout scale for a specific port type. The default value is 3, and the range is 2 to 10.


followed by:



Figure 187 Show lacp info

Displaying LACP configuration information

To display LACP configuration information, enter the following command:

show ports info lacp

The show ports info lacp command also includes the following options:


followed by:

actor-admin [vlan <value>] [port <value>]

Shows port LACP actor administrative information.

• vlan <value> is the VLAN ID.

• port <value> is the port or port list.

actor-oper [vlan <value>] [port <value>]

Shows port LACP actor operational information.



all [vlan <value>] [port <value>]

Shows all port LACP information.



ERS-8610:5# show lacp info=================================================================== Lacp Global Information=================================================================== SystemId: 00:12:83:89:20:00 SmltSystemId: 00:00:00:00:00:00 Lacp: enable system-priority: 32768 timeout-admin: 3 fast-periodic-time-admin: 1000 slow-periodic-time-admin: 30000 aggr-wait-time-admin: 2000 timeout-oper: 3 fast-periodic-time-oper: 1000 slow-periodic-time-oper: 30000 aggr-wait-time-oper: 2000

ERS-8610:5#

314725-E Rev 00


Figure 188 on page 446 shows some of the output for this command. When the all parameter is used, LACP information is given for each field described in the show ports info lacp table.

partner-admin [vlan <value>] [port <value>]

Shows port LACP partner administrative information.



partner-oper [vlan <value>] [port <value>]

Shows port LACP partner operational information.

• vlan <value> is the VLAN ID.• port <value> is the port or port list.

extension [vlan <value>] [port <value>]

Shows port LACP timer information.

• vlan <value> is the VLAN ID.• port <value> is the port or port list.


followed by:



Figure 188 Show ports info lacp all

Displaying LACP statistics information per port

To display LACP statistics information per port, enter the following command:

show ports stats lacp [port <value>]

where:port <value> is the port list.

Figure 189 on page 447 shows the output for the show ports stats lacp command, and Table 66 on page 447 describes the information given in the CLI output.

ERS-8610:5# show ports info lacp all

========================================================================= Actor Admin=========================================================================INDEX SYS SYS KEY PORT PORT STATE PRIO ID PRIO-------------------------------------------------------------------------1/1 32768 00:12:83:89:20:00 1088 0x40 32768 act long indi1/2 32768 00:12:83:89:20:00 1089 0x41 32768 act long indi1/3 32768 00:12:83:89:20:00 1090 0x42 32768 act long indi1/4 32768 00:12:83:89:20:00 1091 0x43 32768 act long indi1/5 32768 00:12:83:89:20:00 1092 0x44 32768 act long indi1/6 32768 00:12:83:89:20:00 1093 0x45 32768 act long indi1/7 32768 00:12:83:89:20:00 1094 0x46 32768 act long indi1/8 32768 00:12:83:89:20:00 1095 0x47 32768 act long indi1/9 32768 00:12:83:89:20:00 1096 0x48 32768 act long indi1/10 32768 00:12:83:89:20:00 1097 0x49 32768 act long indi1/11 32768 00:12:83:89:20:00 1098 0x4a 32768 act long indi1/12 32768 00:12:83:89:20:00 1099 0x4b 32768 act long indi1/13 32768 00:12:83:89:20:00 1100 0x4c 32768 act long indi1/14 32768 00:12:83:89:20:00 1101 0x4d 32768 act long indi1/15 32768 00:12:83:89:20:00 1102 0x4e 32768 act long indi1/16 32768 00:12:83:89:20:00 1103 0x4f 32768 act long indi

--More-- (q = quit)

314725-E Rev 00


Figure 189 Show ports stats lacp

Table 66 Show ports stats lacp field descriptions

Field Description

PORT NUM Specifies the port number.

TX LACPDU The number of LACPDUs transmitted on this aggregation port.

RX LACPDU The number of valid link aggregation control protocol data units (LACPDU) received on this aggregation port.

TX MARKER PDU The number of marker PDUs transmitted on this aggregation port.

RX MARKER PDU The number of valid marker PDUs received on this aggregation port.

TX MARKERRESPPDU The number of marker response PDUs transmitted on this aggregation port.

RX MARKERRESPPDU The number of valid marker response PDUs received on this aggregation port.

RX UNKNOWN The number of frames received that either:• carry Slow Protocols Ethernet type values, but contain

an unknown PDU.

• are addressed to the Slow Protocols group MAC Address, but do not carry the Slow Protocols Ethernet Type.

RX ILLEGAL The number of frames received that carry the Slow Protocols Ethernet Type value (43B.4), but contain a badly formed PDU or an illegal value of Protocol Subtype (43B.4).

ERS-8610:5# show ports stats lacp========================================================================= Port Stats Lacp=========================================================================PORT TX RX TX RX TX RX RX RXNUM LACPDU LACPDU MARKERPDU MARKERPDU MARKERRESPPDU MARKERRESPPDU UNKNOWN ILLEGAL------------------------------------------------------------------------ERS-8610:5#



Displaying LACP configuration information per aggregator

To display LACP configuration information per aggregator, enter the following command:

show mlt lacp info <ifindex>

where:<ifindex> is the interface index from 64 to 4351.

Figure 190 on page 449 shows the output for the show mlt lacp command.

314725-E Rev 00


Figure 190 Show mlt lacp

You can also use the following command:

show mlt lacp info

Figure 191 on page 450 shows the output for the show mlt lacp info command.

ERS-8606:6# show mlt lacp info 64

========================================================================= LACP Aggrgator Information========================================================================= MAC COLLECTOR AGGR PORTMLTID IFINDEX ADDR MAXDELAY ORINDI MEMBERS-------------------------------------------------------------------------0 64 00:00:00:00:00:00 32768 indi

------------------------------------------------------------------------- OPER OPERLASTMLTID IFINDEX STATE CHANGE-------------------------------------------------------------------------

------------------------------------------------------------------------- ACTOR ACTOR ACTOR ACTORMLTID IFINDEX SYSPRIO SYSID ADMINKEY OPERKEY-------------------------------------------------------------------------0 64 32768 00:80:2d:c1:34:00 1 1

------------------------------------------------------------------------- PARTNER PARTNER PARTNERMLTID IFINDEX SYSPRIO SYSID OPERKEY-------------------------------------------------------------------------0 64 0 00:00:00:00:00:00 0

ERS-8606:6#



Figure 191 Show mlt lacp info

ERS-8606:6# show mlt lacp info

======================================================================== LACP Aggrgator Information======================================================================== MAC COLLECTOR AGGR PORTMLTID IFINDEX ADDR MAXDELAY ORINDI MEMBERS------------------------------------------------------------------------1 4096 00:00:00:00:00:00 32768 aggr0 64 00:00:00:00:00:00 32768 indi0 65 00:00:00:00:00:00 32768 indi0 66 00:00:00:00:00:00 32768 indi0 67 00:00:00:00:00:00 32768 indi0 73 00:00:00:00:00:00 32768 indi

------------------------------------------------------------------------ OPER OPERLASTMLTID IFINDEX STATE CHANGE------------------------------------------------------------------------1 4096 down 0 day(s), 00:00:00

------------------------------------------------------------------------ ACTOR ACTOR ACTOR ACTORMLTID IFINDEX SYSPRIO SYSID ADMINKEY OPERKEY------------------------------------------------------------------------1 4096 32768 00:80:2d:c1:34:00 1 10 64 32768 00:80:2d:c1:34:00 1 10 65 32768 00:80:2d:c1:34:00 1 10 66 32768 00:80:2d:c1:34:00 1 10 67 32768 00:80:2d:c1:34:00 1 10 73 32768 00:80:2d:c1:34:00 1 1

------------------------------------------------------------------------ PARTNER PARTNER PARTNERMLTID IFINDEX SYSPRIO SYSID OPERKEY------------------------------------------------------------------------1 4096 0 00:00:00:00:00:00 00 64 0 00:00:00:00:00:00 00 65 0 00:00:00:00:00:00 00 66 0 00:00:00:00:00:00 00 67 0 00:00:00:00:00:00 00 73 0 00:00:00:00:00:00 0

ERS-8606:6#

314725-E Rev 00


Configuring VLACP on a port

Virtual LACP is an LACP extension that is used for end to end failure detection.VLACP uses the Hello mechanism of LACP to periodically send Hello packets to ensure there is end to end reachability. When Hello packets are not received, VLACP transitions to a failure state, which indicates a service provider failure, and the port is disabled.

Use the following command to configure VLACP on a port:

config <port-type> <slot|port> vlacp

where:<port-type> is Ethernet or Packet over SONET (PoS); and<slot|port> is the slot and port number.


Caution: Changes made at the global level override and reset all port level settings.

Note: VLACP does not support jumbo frames on the Ethernet Routing Switch 8600 v4.1


followed by:


enable Enables VLACP for a specific port type.

disable Disables VLACP for a specific port type.


Sets the fast periodic time (in milliseconds) for a specific port type.


Sets the slow periodic time (in milliseconds) for a specific port type.



Displaying the VLACP port configuration

Enter the following command to display the port VLACP configuration:

show ports info vlacp [vlan <value>] [port <value>]

where:vlan <value> specifies the VLAN ID, andport <value> specifies the port or port list.

Figure 192 on page 453 shows the output for the show ports info vlacp command.

timeout <long|short> Sets the port to use the long or short timeout:• long sets the port to use the timeout-scale value

multiplied by the slow-periodic-time.

• short sets the port to use the timeout-scale value multiplied by the fast-periodic-time.

For example, if you set the timeout-scale value to 3, and the fast-periodic-time to 400 ms, the timer will expire within 1000 to 1200 ms.


Sets a timeout scale for a specific port-type (where timeout-scale = periodic-time * timeout-scale). The default value is 3.

• <integer> is the timeout scale, an integer value in the range 2 to 10.

ethertype <integer> Sets the VLACP protocol identification for this port.

• <integer> is the ethertype value, an integer value in the range of 1 and 65 535.

macaddress <mac> Sets the multicast MAC address used for the VLACPDU.

• <mac> is the MAC address in the following format: 0x00:0x00:0x00:0x00:0x00:0x00


followed by:

314725-E Rev 00


Figure 192 Show ports info vlacp

You can also use the following command:

show ports info vlacp

to show information for all ports. Figure 193 on page 454 shows the output for the show ports info vlacp command.

ERS-8606:6# show ports info vlacp port 1/1

========================================================================= VLACP Information=========================================================================INDEX ADMIN OPER PORT FAST SLOW TIMEOUT TIMEOUT ETHER MAC

ENABLED ENABLED STATE TIME TIME TIME SCALE TYPE ADDR

-------------------------------------------------------------------------1/1 false false DOWN 200 30000 long 3 8103 01:80:c2:00:11:00

ERS-8606:6#



Figure 193 Show ports info vlacp all

Globally enabling or disabling VLACP

To globally enable or disable VLACP on the chassis, use the following command:

config vlacp


Caution: Changes you make at the global level override and reset all port level settings.

config vlacp

followed by:


ERS-8610:5# show ports info vlacp

============================================================================= VLACP Information=============================================================================INDEX ADMIN OPER PORT FAST SLOW TIMEOUT TIMEOUT ETHER MAC

ENABLED ENABLED STATE TIME TIME TIME SCALE TYPE ADDR

-----------------------------------------------------------------------------1/1 false false DOWN 200 30000 long 3 8103 01:80:c2:00:11:001/2 false false DOWN 200 30000 long 3 8103 01:80:c2:00:11:001/3 false false DOWN 200 30000 long 3 8103 01:80:c2:00:11:001/4 false false DOWN 200 30000 long 3 8103 01:80:c2:00:11:001/5 false false DOWN 200 30000 long 3 8103 01:80:c2:00:11:00

314725-E Rev 00


Creating a split multilink trunk from an existing multilink trunk

To create a split multilink trunk from an existing multilink trunk, enter the following command:

config mlt <mid> smlt

where:<mid> is the MLT ID.

enable Enables VLACP globally.

disable Disables VLACP globally.


Note: Before you can create a split multilink trunk, you must first create a multilink trunk (see “Link aggregation commands” on page 433).

config vlacp

followed by:




Creating an interswitch trunk

To create an interswitch trunk from an existing multilink trunk, enter the following command:

config mlt <mid> ist


config mlt <mid> smlt

followed by:

info Shows ports and VLANs added to the multilink trunk.

create smlt-id <value> Creates a split multilink trunk from an existing multilink trunk.• <value> is an integer value with a range of

1 to 32 (1 to 256 for R modules in R mode). The value must match the peer switch SMLT-ID.

Note: If the SMLT ID already exists on a single port split multilink trunk, you cannot assign it to an MLT-based split multilink trunk.

delete Deletes an existing split multilink trunk.

314725-E Rev 00



Creating an interswitch trunk from an existing multilink trunk

To create an interswitch trunk from an existing multilink trunk, enter the following command:

config mlt <mlt-id> ist create ip <value> vlan-id <value>

where:<mlt-id> is the MLT ID;ip <value> is the IP address of the peer switch; andvlan-id <value> is the VLAN ID.

An interswitch trunk is enabled when you first create it.

The peer IP address is the IP address of the InterSwitch Trunking (IST) VLAN on the peer aggregation switch. A VLAN created on the redundant aggregation switch must also be created on the second aggregation switch. The interswitch trunk treats the two switches as a single switch. To allow the two switches to communicate, you must assign an IP address to both VLANs.

config mlt <mid> ist

followed by:


create ip <value> vlan-id <value>

Creates an interswitch trunk from an existing multilink trunk (see “Creating an interswitch trunk from an existing multilink trunk” on page 457).

• ip <value> is a peer IP address

• vlan-id <value> is an integer value.Note: The peer IP address is the IP address of the IST VLAN on the other aggregation switch.

delete Deletes an existing IST.Note: You must disable an IST before you can delete it.

disable Disables an existing IST.

enable Enables an existing IST.



For example:

Figure 194 shows sample output for the config mlt ist create ip vlan-id command, followed by the info command.

Figure 194 Config mlt ist create ip vlan-id command output

Enabling and disabling an interswitch trunk

To enable and disable the interswitch trunk, enter the following command:

config mlt <mlt-id> ist <enable|disable>

where:<mlt-id> is the MLT ID.

Figure 195 on page 459 shows sample output for the config mlt ist enable and config mlt ist disable commands. It includes the system warning that appears when you disable the IST.

switch A switch B

VLAN 20 VLAN 20

10.1.1.1. /24

<--------IST-------->

10.1.1.2 /24 *

* Same subnet, same VLAN.

ERS-8606:5/config/mlt/1/ist# create ip 10.1.1.1 vlan-id 1ERS-8606:5/config/mlt/1/ist# info

Sub-Context: Current Context:

Enable: falsevlan-id: 1

ip: 10.1.1.1

314725-E Rev 00


Figure 195 Config mlt ist enable/disable command output

Configuring CP-Limit for an IST

The CP-Limit feature is disabled by default on all IST ports. It can be enabled on the port under any of the following conditions:

• if the port is removed from the interswitch trunk

• if the interswitch trunk is deleted

• if the interswitch trunk is converted to a normal multilink trunk

Nortel recommends that you disable CP-Limit on IST links. For more information, see “About CP-Limit and SMLT IST” on page 64.

To configure CP-Limit for the interswitch trunk, enter the following command:

config ethernet <slot/port> cp-limit

where:<slot/port> specifies the slot or port.


config ethernet <slot/port> cp-limit followed by:

<enable|disable> Enables or disables control packet rate limit (CP-Limit). The default setting is enabled.

If you want to reenable CP-Limit on a port, you must first disable the port and then reenable it (config ethernet <slot/port> state <disable|enable>).

ERS-8606:5/config/mlt/1/ist# enableERS-8606:5/config/mlt/1/ist# disable WARNING : Disabling IST may cause a loop in the network!

Do you really want to DISABLE IST? (yes/no?)



For information about viewing current CP-Limit status for an IST multilink trunk, see Figure 186 on page 435.

Deleting an interswitch trunk

To delete the interswitch trunk, enter the following command:

config mlt <mlt-id> ist delete

where:<mlt-id> is the MLT ID.

You must disable the interswitch trunk before deleting it (see “Enabling and disabling an interswitch trunk” on page 458).

Creating a single port split multilink trunk

To create a single port split multilink trunk, enter the following command:

config ethernet <port> smlt <smltid>

where:<port> is the port number, and<smltid> is the MLT ID.


multicast-limit <value> Sets the multicast control frame packet per second rate (1000 to 100 000).

broadcast-limit <value> Sets the broadcast frame packet per second rate (1000 to 100 000).

config ethernet <port> smlt <smltid>followed by:

info Shows the port SMLT information.

config ethernet <slot/port> cp-limit followed by:

314725-E Rev 00


You cannot use SMLT on brouter ports. LACP is supported on single port split multilink trunks. For more information about single port split multilink trunking, see “Single Port SMLT” on page 119.

Configuration example: single port split multilink trunk

The configuration example shown in Figure 196 on page 462 uses the commands described previously to create a single port split multilink trunk on port 4/5. The switch automatically disables spanning tree protocol on the port after it is configured for SMLT.


create Creates a single port split multilink trunk.

delete Deletes a single port split multilink trunk.

config ethernet <port> smlt <smltid>followed by:



Figure 196 Configuration example: Single Port SMLT

Configuring SMLT-on-Single-CPU

To support SMLT on an aggregation switch with a single CPU, enter the following command:

config sys set smlt-on-single-cp <enable|disable> [timer <value>]

where:enable enables the SMLT-on-Single-CPU feature;disable disables the SMLT-on-Single-CPU feature;timer <value> sets the SMLT-on-Single-CPU feature timeout value.

The timeout value determines when the Input/Output (I/O) modules port link status goes down after the single CPU becomes non-operational. The parameter is a numerical value in the range 1 to 3. If not set, the default value (3) is used. A timer value of 1 relates to approximately 3 seconds of detection time and a timer value of 3 relates to approximately 9 seconds of detection time.

ERS-8606:5# config ethernet 4/5 smlt 1ERS-8606:5/config/ethernet/4/5/smlt/1# create

INFO : The spanning tree protocol has been disabled on this port while configuring the port with SMLT

ERS-8606:5/config/ethernet/4/5/smlt/1# info

Sub-Context:Current Context:

Port 4/5 : create : 1 delete : N/A Oper Status : normal

ERS-8606:5

314725-E Rev 00


Using the MLT and SMLT show commands

To display information and statistics about MLT operation in the switch, use the show mlt commands.

This section includes information on show commands:

• “Displaying all multilink trunk information”

• “Displaying information about collision errors” on page 467

• “Displaying information about Ethernet errors” on page 467

• “Displaying multilink trunk status” on page 468

• “Displaying interswitch trunk status” on page 469

• “Displaying split multilink trunk status” on page 470

• “Displaying all ports configured for single port split multilink trunk” on page 471

• “Displaying a port configured for Single Port SMLT” on page 471

• “Displaying MLT statistics” on page 472

Displaying all multilink trunk information

The show mlt show-all command shows all multilink trunk information.

The command uses the syntax:

show mlt show-all [file <value>]

where <value> is the filename to which the output will be directed.

Figure 197 on page 464, Figure 198 on page 465, and Figure 199 on page 466 show sample output for this command.



Figure 197 Show mlt show-all sample output

ERS-8606:5# show mlt show-all

# show mlt error collision ================================================================================ Mlt Collision Error================================================================================MLT -----------------COLLISIONS------------ID SINGLE MULTIPLE LATE EXCESSIVE--------------------------------------------------------------------------------3 0 0 0 0

# show mlt error main ================================================================================ Mlt Ethernet Error================================================================================MLT ALIGN FCS IMAC IMAC CARRIER FRAMES SQETEST DEFER ID ERROR ERROR TRNSMIT RECEIVE SENSE TOOLONG ERROR TRNSMSS--------------------------------------------------------------------------------3 0 0 0 0 0 0 0 0

show mlt info ================================================================================Mlt Info================================================================================PORT SVLAN MLT MLT PORT VLANMLTID IFINDEX NAME TYPE TYPE ADMIN CURRENT MEMBERS IDS--------------------------------------------------------------------------------3 4098 MLT-3 access normal norm norm

MULTICAST DESIGNATED LACP LACPMLTID IFINDEX DISTRIBUTION NT-STG PORTS ADMIN OPER--------------------------------------------------------------------------------

3 4098 disable enable null disable down

ERS-8610:6# show mlt ist info

========================================================================== Mlt IST Info==========================================================================MLT IP VLAN ENABLE ISTID ADDRESS ID IST STATUS--------------------------------------------------------------------------2 131.202.7.2 4095 false down

ERS-8610:6## show mlt ist stat

314725-E Rev 00


Figure 198 Show mlt show-all sample output (continued)

#show mlt ist stat

================================================================================

Mlt IST Message Statistics

================================================================================PROTOCOL MESSAGE COUNT --------------------------------------------------------------------------------

Ist Down : 0 Hello Sent : 0 Hello Recv : 0 Learn MAC Address Sent : 0 Learn MAC Address Recv : 0 MAC Address AgeOut Sent : 0 MAC Address AgeOut Recv : 0 MAC Address Expired Sent : 0 MAC Address Expired Sent : 0 Delete Mac Address Sent : 0 Delete Mac Address Recv : 0 Smlt Down Sent : 0 Smlt Down Recv : 0 Smlt Up Sent : 0 Smlt Up Recv : 0 Send MAC Address Sent : 0 Send MAC Address Recv : 0 IGMP Sent : 0 IGMP Recv : 0 Port Down Sent : 0 Port Down Recv : 0 Request MAC Table Sent : 0 Request MAC Table Recv : 0 Unknown Msg Type Recv : 0



Figure 199 Show mlt show-all sample output (continued)

# show mlt smlt info

============================================================================ Mlt SMLT Info============================================================================MLT SMLT ADMIN CURRENTID ID TYPE TYPE----------------------------------------------------------------------------2 27 smlt norm

# show mlt stats

============================================================================ Mlt Interface============================================================================ID IN-OCTETS OUT-OCTETS IN-UNICST OUT-UNICST----------------------------------------------------------------------------

1 0 0 0 02 0 0 0 03 0 0 0 0

ID IN-MULTICST OUT-MULTICST IN-BROADCST OUT-BROADCST MT----------------------------------------------------------------------------1 0 0 0 0 E2 0 0 0 0 E3 0 0 0 0 E

NOTE 1: MT - MLT Type, P - POS, E - Ethernet, A - ATMNOTE 2: Broadcast & Multicast values are not applicable for MLT POS ports.NOTE 3: ATM link out-bound statistics are available in aggregate form only as show in OUT UNICST/OUT MULTICST/OUT BROADCST8610:5#

314725-E Rev 00


Displaying information about collision errors

To display information about collision errors in the specified multilink trunk, or for all multilink trunks, enter the following command:

show mlt error collision [<mid>]


Figure 200 shows sample output for the show mlt error collision command.

Figure 200 Show mlt error collision command output

Displaying information about Ethernet errors

To display information about the types of Ethernet errors sent and received by the specified multilink trunk or all multilink trunks, enter the following command:

show mlt error main [<mid>]


Figure 201 on page 468 shows sample output for the show mlt error main command. The IMAC columns refer to internal MAC address errors.

ERS-8606:5# show mlt error collision

=============================================================== Mlt Collision Error===============================================================MLT -----------------COLLISIONS------------ID SINGLE MULTIPLE LATE EXCESSIVE---------------------------------------------------------------3 0 0 0 0

ERS-8606:5#



Figure 201 Show mlt error main command output

Displaying multilink trunk status

To display the status of MultiLink Trunking for the switch or for the specified multilink trunk ID, enter the following command:

show mlt info [<mid>]


Figure 202 on page 469 shows sample output for the show mlt info command.

ERS-8606:5# show mlt error main ============================================================================= Mlt Ethernet Error=============================================================================MLT ALIGN FCS IMAC IMAC CARRIER FRAMES SQETEST DEFER ID ERROR ERROR TRNSMIT RECEIVE SENSE TOOLONG ERROR TRNSMSS-----------------------------------------------------------------------------31 0 0 0 0 0 0 0 0 32 0 0 0 0 0 0 0 0

314725-E Rev 00


Figure 202 Show mlt info command output

Displaying interswitch trunk status

To display the status of interswitch trunking for the switch or for the specified multilink trunk ID, enter the following command:

show mlt ist info

Figure 203 shows sample output for the show mlt ist info command.

Figure 203 Show mlt ist info command output

ERS-8606:5# show mlt info

================================================================================ Mlt Info================================================================================ PORT SVLAN MLT MLT PORT VLANMLTID IFINDEX NAME TYPE TYPE ADMIN CURRENT MEMBERS IDS--------------------------------------------------------------------------------3 4098 MLT-3 access normal norm norm

MULTICAST DESIGNATED LACP LACPMLTID IFINDEX DISTRIBUTION NT-STG PORTS ADMIN OPER--------------------------------------------------------------------------------3 4098 disable enable null disable down

ERS-8606:5#


========================================================================= Mlt IST Info=========================================================================MLT IP VLAN ENABLE ISTID ADDRESS ID IST STATUS-------------------------------------------------------------------------2 131.202.7.2 4095 false down

ERS-8610:6#



Displaying split multilink trunk status

To display split multilink trunk status for the switch or for a specific SMLT ID, enter the following command:

show smlt info [<mid>]


The switch shows both MLT-based split multilink trunk information and single port split multilink trunk information.

Figure 204 shows output from a sample show smlt info command.

Figure 204 Show smlt info command output

ERS-8606:5# show smlt info 1

=========================================================================== Mlt SMLT Info===========================================================================MLT SMLT ADMIN CURRENT ID ID TYPE TYPE ---------------------------------------------------------------------------

=========================================================================== Port SMLT Info===========================================================================PORT SMLT ADMIN CURRENT NUM ID TYPE TYPE ---------------------------------------------------------------------------4/5 1 smlt normal

ERS-8606:5#

314725-E Rev 00


Displaying all ports configured for single port split multilink trunk

To view all ports currently configured for single port split multilink trunk, enter the following command:

show ports info smlt [vlan <value>] [port <value>]


The VLAN ID and the port are optional parameters.

Figure 205 shows the output from a sample show ports info smlt command.

Figure 205 Show ports info smlt command output

Displaying a port configured for Single Port SMLT

To view a port configured for Single Port SMLT, enter the following command:

show ports info config [vlan <value>] [port <value>]


ERS-8606:5# show ports info smlt

============================================================================= SMLT Info=============================================================================PORT SMLT ADMIN CURRENT NUM ID TYPE TYPE -----------------------------------------------------------------------------4/5 1 smlt normal

ERS-8606:5#



Figure 206 shows output from a sample show ports info config command.

Figure 206 Show ports info config command output

Displaying MLT statistics

To display MultiLink Trunking statistics for the switch or for the specified multilink trunk ID, enter the following command:

show mlt stats [<mid>]


Figure 207 on page 473 shows sample output for the show mlt stats command.

ERS-8606:5# show ports info config 4/1

============================================================================ Port Config============================================================================PORT AUTO SFFD ADMIN OPERATE DIFF-SERV QOS MLT VENDOR DUAL SMLT ADMIN OPERATENUM TYPE NEG. DUPLX SPD DUPLX SPD EN TYPE LVL ID NAME CONN ID ROUTING ROUTING-----------------------------------------------------------------------------4/1 100BaseTX true false half 10 0 fals core 1 0 0 Enable Disable

314725-E Rev 00


Figure 207 Show mlt stats command output

Troubleshooting SMLT problems

This section provides procedures for troubleshooting IST problems and single-user problems.

The following topics are included:

• “Troubleshooting IST problems” on page 474

• “Troubleshooting problems with a single user” on page 476

ERS-8606:5# show mlt stats

================================================================================ Mlt Interface================================================================================ID IN-OCTETS OUT-OCTETS IN-UNICST OUT-UNICST --------------------------------------------------------------------------------3 4411520 1782784 0 0

ID IN-MULTICST OUT-MULTICST IN-BROADCST OUT-BROADCST MT--------------------------------------------------------------------------------3 68930 27856 0 0 E

NOTE 1: MT - MLT Type, P - POS, E - Ethernet, A - ATMNOTE 2: Broadcast & Multicast values are not applicable for MLT POS ports.NOTE 3: ATM link out-bound statistics are available in aggregate form only as show in OUT UNICST/OUT MULTICST/OUT BROADCST

ERS-8606:5#



Troubleshooting IST problems

To troubleshoot SMLT IST problems:

1 Enter the show mlt ist stat command to display the IST message count. (Figure 208).

Figure 208 Show mlt ist stat command output

2 Enter the show mlt info command to display all the multilink trunks in the switch, their admin-type, running type, ports, and VLANs (Figure 202 on page 469).

ERS-8606:5# show mlt ist stat==============================================================Mlt IST Message Statistics==============================================================PROTOCOL MESSAGE COUNT --------------------------------------------------------------

Ist Down : 0 Hello Sent : 5 Hello Recv : 3 Learn MAC Address Sent : 0 Learn MAC Address Recv : 0 MAC Address AgeOut Sent : 0 MAC Address AgeOut Recv : 0 MAC Address Expired Sent : 0 MAC Address Expired Sent : 0 Delete Mac Address Sent : 0 Delete Mac Address Recv : 0 Smlt Down Sent : 6 Smlt Down Recv : 0 Smlt Up Sent : 0 Smlt Up Recv : 0 Send MAC Address Sent : 0 Send MAC Address Recv : 0 IGMP Sent : 0 IGMP Recv : 0 Port Down Sent : 0 Port Down Recv : 0 Request MAC Table Sent : 0 Request MAC Table Recv : 0 Unknown Msg Type Recv : 0

ERS-8606:5#

314725-E Rev 00


3 Check to ensure that IST is operational by using the show mlt ist info command (Figure 209).

Figure 209 Show mlt ist info command output

4 If IST is not operational, check to ensure that:

a The correct VLAN ID exists on either side of the interswitch trunk

b The IST configuration contains the correct local and peer IP addresses

5 If IST is operational, check that the SMLT port is operating by using the show mlt smlt info command (Figure 210).

a If the SMLT status is SMLT, the status is correct.

Figure 210 Show mlt smlt info command output

b If the SMLT status is NORMAL, the link is running in a normal (single) mode and not SMLT mode. The reasons for this can be as follows:

— the remote split multilink trunk link is not operational


=============================================================== Mlt IST Info===============================================================MLT IP VLAN ENABLE ISTID ADDRESS ID IST STATUS---------------------------------------------------------------2 131.202.7.2 4095 false down

ERS-8610:6#

ERS-8610:6# show mlt smlt info

=============================================================== Mlt SMLT Info===============================================================MLT SMLT ADMIN CURRENTID ID TYPE TYPE---------------------------------------------------------------3 12 smlt norm

ERS-8610:6#



— the ID is not configured on the other switch. To determine this, check to see whether the SMLT IDs match

— the IST is not operational

Troubleshooting problems with a single user

To determine if only a single user is affected, check the VLAN FDB tables on both IST switches using the show vlan info fdb-entry <vlan-id> command. Both FDB tables should be synchronized.

The command shows whether:

• The MAC address is learned on the local SMLT port (that is, SMLT REMOTE flag is false). See Figure 211 on page 476.

or

• The MAC address is learned through IST from a remote SMLT port (that is, the SMLT REMOTE flag is true).

The FDB table entry for the client connected to the user access switch must specify the learned split multilink trunk port as INTERFACE in both IST switches.

Figure 211 Show vlan info fdb-entry command output

ERS-8606:5# show vlan info fdb-entry 1

=============================================================== Vlan Fdb===============================================================VLAN MAC QOS SMLT ID STATUS ADDRESS INTERFACE MONITOR LEVEL REMOTE---------------------------------------------------------------1 learned 00:00:50:0d:6b:82 Port-2/7 false 1 false

1 out of 1 entries in all fdb(s) displayed.

ERS-8606:5#

314725-E Rev 00


Global MAC filtering

You can globally configure MAC filtering to disallow bridging or routing of any packets transmitted or received from specified MAC addresses on any VLAN.

To globally filter MAC addresses, use the following command:

config fdb fdb-filter


Figure 212 on page 477 show an example of the config fdb fdb-filter info command output.

Figure 212 Config fdb fdb-filter info command output

Figure 213 on page 478 shows an example of the show fdb fdb-filter command output:

config fdb fdb-filterfollowed by:

info Show current level parameter settings and next level directories.

add <mac> Adds a global FDB filter.

• <mac> is the MAC address to filter.

Enter the MAC address in the following format {0x00:0x00:0x00:0x00:0x00:0x00}.

remove <mac> Removes a global FDB filter.

• <mac> is the MAC address to filter.Enter the MAC address in the following format {0x00:0x00:0x00:0x00:0x00:0x00}.

ERS-8606:5/config/fdb/fdb-filter# info

add :

mac - 00:11:22:23:43:21

remove : N/A



Figure 213 Show fdb fdb-filter command output

Configuring Simple Loop Prevention Protocol

Logical loops can occur in SMLT networks because of misconfigurations, switch problems, or because MLT is not operating correctly. You can detect loops with Simple Loop Prevention Protocol (SLPP). For more information about SLPP, see “Simple Loop Prevention Protocol” on page 130.

The following topics are included:

• “Configuring SLPP on a port” on page 480

• “Showing SLPP information” on page 481

• “Showing SLPP port information” on page 482

To configure Simple Loop Prevention Protocol, use the following command:

config slpp


ERS-8606:5# show fdb fdb-filter =============================================== Global Fdb Filter =============================================== MAC ADDRESS -----------------------------------------------

00:11:11:11:11:11

00:e0:16:70:93:0f

00:e0:7b:bf:cc:00

314725-E Rev 00


This command has the following options:

Figure 214 on page 480 shows how to display the SLPP transmission list and operation state.

config slpp

followed by:

add <vid> Adds a VLAN to a SLPP transmission list.• <vid> is the ID of the VLAN.

etherType <pid> Specifies the SLPP PDU Ether type.

• <pid> is the SLPP protocol ID in hexadecimal format.

remove <vid> Removes a VLAN from a SLPP transmission list.

• <vid> is the ID of the VLAN.


operation <enable|disable> Enables or disables the SLPP operation.Note: The SLPP packets transmit and receive process is active only when the SLPP operation is enabled. When the SLPP operation is disabled, no SLPP packet is sent out, and any received SLPP packet is discarded.

tx-interval <integer> Sets the SLPP packet transmit interval.• <integer> is the SLPP packet transmit

interval.

The range is 500 to 5000 s, and the default is 500 s.



Figure 214 Config slpp slpp info command

Configuring SLPP on a port

To configure SLPP on a port, use the following command:

config ethernet <portlist> slpp

where:portlist is the slot/port.


The packet reception threshold specifies how many SLPP packets are received by the port before it is administratively disabled. Figure 215 on page 481 shows how to display the SLPP state on a port:

config ethernet <portlist> slpp

followed by:

packet-rx <enable|disable> Enables or disables SLPP packet reception on the listed ports

packet-rx-threshold <integer>

Specifies the SLPP reception threshold on the ports. The threshold is an integer.


ERS-8606:5# config slpp info


add : 1 etherType (hex) : 0x8104 operation : disabled tx-interval : 500

ERS-8606:5#

314725-E Rev 00


Figure 215 Config ethernet command

Showing SLPP information

To show SLPP information, use the following command:

show slpp info

Figure 216 shows SLPP information.

Figure 216 Show slpp info command

For an SLPP configuration example, see “Single Port SMLT with SLPP configuration example” on page 505.

ERS-8606:5# config ethernet 4/1-4/2 slpp info


Port 4/1 : packet-rx : disable packet-rx-threshold : 1

Port 4/2 : packet-rx : disable packet-rx-threshold : 1

ERS-8606:5#

ERS-8606:5# show slpp info


etherType (hex) : 0x8104 operation : enabled tx-interval : 500 vlan : 1,2,5

ERS-8606:5#



Showing SLPP port information

To show SLPP port information, use the following command:

show ports info slpp [port <value>]

where port <value> is the port list.

Figure 217 shows SLPP information, and Table 67 describes the fields.

Figure 217 Show ports info slpp command

Table 67 Show ports info slpp field descriptions

Field Description

PORT NUM Specifies the port number.

PKT-RX Specifies if SLPP is enabled or disabled.

PKT-RX THRESHOLD Specifies the threshold for packet reception as a range of 1 to 20. After the port reaches the packet threshold, it shuts down.

INCOMING VLAN ID VLAN ID of the classified packet on a port disabled by SLPP.

SLPP PDU ORIGINATOR Specifies the originator of the SLPP PDU.

ERS-8603:3# show ports info slpp

============================================================= Port Interface=============================================================

PORT PKT-RX PKT-RX INCOMING SLPP PDUNUM THRESHOLD VLAN ID ORIGINATOR-------------------------------------------------------------1/1 enabled 151/4 enabled 11/5 enabled 11/20 enabled 1

ERS-8603:3#

314725-E Rev 00

483

Chapter 11Configuring multiple DSAP and SSAP using the CLI

Release 3.5 introduced a feature used for the configuration of multiple DSAPs or SSAPs for SNA or user-defined VLAN types.

The base implementation of the SNA VLAN allows SNA 802.2 traffic to be classified into a SNA VLAN based on a 0x04 destination SAP or 0x04 source SAP. Some applications require changing these classifications to DSAP and to SSAP. The newly introduced feature allows this configuration and extends to support any user-defined VLANs with multiple SSAPs and DSAPs.

Using this feature, you can add 31 additional protocol IDs or DSAP/SSAP values (for a total of 32) when you create or reconfigure a SNA 802.2 VLAN or a user-defined VLAN.

This section includes the following sections:

Note: Hardware record usage increases considerably using this feature (see “Design aspects” on page 484).

Topic Page

Design aspects 484

Configuring multiple DSAP and SSAP with the CLI 487


484 Chapter 11 Configuring multiple DSAP and SSAP using the CLI

Design aspects

You can configure this feature using the CLI or Device Manager. You must first create the SNA or user-defined VLAN, then add the DSAPs or SSAPs for this VLAN.

For user-defined VLANs, DSAP/SSAP, additions can only be applied to VLANs created without any specific encapsulation type, or to VLANs with an encapsulation type of LLC. The addition of DSAP/SSAP is not allowed on user-defined VLANs created with an encapsulation type of Ethernet-ii or SNAP.

For each SNA 802.2 VLAN (which includes the 31 additional DSAP/SSAP values), 256 records are created, including:


• 31 * 8 = 248 protocol ID records

In this case, the default 0x04 record is always created on the switch.

For each user-defined VLAN created with no encapsulation specified, a total of 280 records are created, including:


• 3 * 8 = 24 protocol ID records for the base protocol ID (specified during VLAN creation). One record of each type—LLC, Ethernet-ii and SNAP—is created in this case.


For each user-defined VLAN created with encapsulation set to LLC, 264 hardware records are created, including:


• 1 * 8 = 8 protocol ID records for the base protocol ID (specified during VLAN creation). Only the LLC record is created in this case.


Nortel does not recommend using more than 10 of the user-defined VLANs, including 32 DSAP/SSAP values, due to the extensive hardware record usage which can affect overall system scalability.

314725-E Rev 00

Chapter 11 Configuring multiple DSAP and SSAP using the CLI 485

You can check for hardware record availability by executing the CLI command show/sys/record-reservation.

There is only one SNA VLAN allowed on an individual port. DSAP/SSAPs values can be configured, provided they are not the same as the reserved values listed in Table 68. An exception is 0x0800, which can be configured with encapsulation set to LLC.

Table 68 Reserved values for configuring SNA or user-defined VLANs


IP_ii 0x0800

ARP_ii 0x0806

RARP_ii 0x8035

IPX(old)_iiIPX_ii

0x81370x8138

IPX(old)_SNAP

IPX_SNAP

0x000000

0x000000

0x813

70x813

8

IPX_802.3 0xE0 0xE0

IPX_802.3 0xFF 0xFF

APPLE_ii

APPLE_SNAP

0x809B

0X80F3 0x08000

7

0x809B

0x80F

3

DEC_LAT 0x6004

DEC_ELSE 0x6000

-0x6003

0x6005

-

0x6009

DEC_BPDU 0x8038

SNA_ii 0x80D5



SNA_LLC 0x04

XX

XX

0x04

NetBIOS 0xF0XX

XX0xF0

XNS

XNS_comp

0x0600

0x0807

Table 68 Reserved values for configuring SNA or user-defined VLANs


314725-E Rev 00


Configuring multiple DSAP and SSAP with the CLI

The CLI command syntax you can use to create a protocol-based VLAN is shown in the following table.


followed by:

byprotocol <sid> <ip|ipx802dot3|ipx802dot2|ipxSnap|ipxEthernet2|appleTalk|declat|decOther|sna802dot2|snaEthernet2|netBios|xns|vines|ipV6|usrDefined|rarp|PPPoE>[<pid>] [name <value>] [color <value>] [encap <value>]

Creates a protocol-based VLAN.• <sid> is the spanning tree ID.

• <ip|ipx802dot3|ipx802dot2|ipxSnap|ipxEthernet2|appleTalk|decLat|decOther|sna802dot2|snaEthernet2|netBios|xns|vines|ipV6|usrDefined|rarp|PPPoE> specifies the protocol.

• <pid> is a user-defined protocol ID number in hexadecimal.



• encap <value> is the frame encapsulation method.


Creates a VLAN by protocol.

• <instance-id> is the instance ID.

• <ip|ipx802dot3|ipx802dot2|ipxSnap|ipxEthernet2|appleTalk|decLat|decOther|sna802dot2|snaEthernet2|netBios|xns|vines|ipV6|usrDefined|rarp|PPPoE> is the protocol ID.

• <pid> is the user-defined PID number in hexadecimal.



• encap <value> is the frame encapsulation with the values ethernet-ii, llc, or snap.



You can add or remove DSAP or SSAP to or from the VLAN if byprotocol is sna802dot2 or usrDefined. Use the commands addDsapSsap and removeDsapSsap. For more information about these commands, see “Performing general VLAN operations” on page 313.

addDsapSsap <value> specifies the DSAP/SSAP values (values are in hexadecimal)

removeDsapSsap <value> specifies the DSAP/SSAP values} (values are in hexadecimal)

32 entries are allowed for sna802dot2 or usrDefined VLANs.

Example

ERS-8610:5/config/vlan/2# addDsapSsap 000fff

This adds DsapSsap 000fff to the SNA VLAN 2. This example assumes that VLAN 2 has already been created.

Figure 218 on page 489 shows the CLI commands which create VLAN 17, and add DDAP/SSAP 000fff to the VLAN.

314725-E Rev 00


Figure 218 Config vlan create byprotocol commands

ERS-8610:5# config vlan 17 create byprotocol 1 sna802dot2 name kevvlan color 3ERS-8610:5# config vlan 17 addDsapSsap 000fffERS-8610:5# show vlan info all 17

=========================================================================== Vlan Basic===========================================================================VLAN STGID NAME TYPE ID PROTOCOLID SUBNETADDR SUBNETMASK

---------------------------------------------------------------------------17 kevvlan byProtocolId 1 sna802dot2 N/A N/A

=========================================================================== Vlan Port===========================================================================VLAN PORT ACTIVE STATIC NOT_ALLOWID MEMBER MEMBER MEMBER MEMBER---------------------------------------------------------------------------17

=========================================================================== Vlan ATM VPort===========================================================================VLAN ID PORT NUM PVC LIST



314725-E Rev 00

491

Chapter 12Device Manager configuration examples

This chapter provides examples of common link aggregation configuration tasks using Device Manager.

• For conceptual information about VLANs and link aggregation, see Chapter 1, “Layer 2 operational concepts,” on page 37.

• For Device Manager link aggregation configuration information, see Chapter 5, “Configuring link aggregation using Device Manager,” on page 249.


LACP point to point LAG configuration example

Use this procedure to configure a link aggregation group (LAG) between two Ethernet Routing Switch 8600 devices with 4 link members. VLANs 10 and 20 are tagged across the LAG. Assume the following parameters: LACP key = 1, MLT ID = 1.VLAN 10 and 20 have already been created; ports 1/1 to 1/4 are tagging-enabled and are members of VLAN 10 and 20; and both switches are mirror images of each other. Figure 219 on page 492 shows the network topology.

Topic Page

LACP point to point LAG configuration example 491

SMLT and LACP configuration example 495

Single Port SMLT and LACP configuration example 500


492 Chapter 12 Device Manager configuration examples

Figure 219 Point to point LAG

1 In Device Manager, go to VLAN > MLT/LCAP.

The MLT_LACP box appears (Figure 220).

Figure 220 MLT LCAP

2 On the LACP Global tab, ensure that Enable is selected.

Accept the default values for the other parameters.

314725-E Rev 00

Chapter 12 Device Manager configuration examples 493

3 Click Apply.

4 Click the Multilink/LACP Trunks tab.

The Multilink/LACP Trunks box appears.

5 Click Insert.

The MLT_LACP, Insert Multilink/LACP Trunks box appears (Figure 221).

Figure 221 Insert Multilink/LACP Trunks

6 Configure parameters as shown in Figure 221.

7 Click Insert.

8 Go to VLAN > MLT/LACP > LACP.




Figure 222 MLT_LACP tab

9 Change the ActorAdminKey for the multilink trunk; this key must match the key on ports 1/1 to 1/4. Set ActorAdminKey to 1.

10 On each of ports 1/1 to 1/4, three fields must be changed in the order given:

a Click on the LAG port, and right-click.

b Select Edit General > LACP (see Figure 223 on page 495).

c Set ActorAdminKey equal to 1 and then click Apply.

d Set ActorAdminState to aggregation and then click Apply.

e Select AdminEnable and then click Apply.

314725-E Rev 00


Figure 223 Port LACP configuration

SMLT and LACP configuration example

The Ethernet Routing Switch 8600 fully supports the IEEE 802.3ad Link Aggregation Control Protocol. LACP is supported on MLT and DMLT links and extends to a pair of SMLT switches.

With this extension, the Ethernet Routing Switch 8600 provides a standardized external link aggregation interface to third party vendor IEEE 802.3ad implementations. With previous software versions, interoperability was provided through a static configuration; now a dynamic link aggregation mechanism is provided.



In this example, ERS 8600C is used as the SMLT client; any switch that supports LACP can be used as an LACP-enabled SMLT client.

Figure 224 shows the network topology.

Figure 224 SMLT and LACP configuration example

Assume the following:

• The interswitch trunk has already been created.

• User VLAN 100 has already been created on all three switches with the port membership as described in Figure 224 on page 496.

• ERS 8600 C is already configured as described in “LACP point to point LAG configuration example” on page 491, but instead uses ports 1/10 to 1/13. The LACP key on this switch does not need to match that of the SMLT core switches.

Note: Do not use 802.3ad on the interswitch trunk. The LACP keys on the SMLT core switches must match (ERS 8600 A, ERS 8600 B).

314725-E Rev 00


• The LACP key on both ERS 8600 A and ERS 8600 B must match.

The following configuration can be performed on both SMLT core switches.

1 Using Device Manager, go to VLAN > MLT/LACP.


2 On the LACP Global tab, ensure that Enable is selected.

Accept the default values for the other parameters.

3 Click Apply.

4 Click the Multilink/LACP Trunks tab.

The Multilink/LACP Trunks box appears.

5 Click Insert.

The MLT_LACP, Insert Multilink/LACP Trunks box appears (Figure 225 on page 498).



Figure 225 Insert Multilink/LACP Trunks box

6 Configure the parameters as shown in Figure 225.

7 Click Insert.

Figure 226 on page 499 shows how the port information appears after this step. (To view this information, go to VLAN > MLT/LACP > Multilink/LACP Trunks.)

314725-E Rev 00


Figure 226 MLT LACP information

8 Go to VLAN > MLT/LACP > LACP.

The MLT_LACP box appears.

9 Change the ActorAdminKey to 1; this is the same key number that will be applied to ports 1/10 and 1/11 (Figure 227).

Figure 227 MLT_LACP—LACP tab

10 On each LAG port, three fields must be changed in the order given:

a Click on the LAG port, and right-click.

b Select Edit General > LACP.

c Set ActorAdminKey equal to 1 and then click Apply.

d Set ActorAdminState to aggregation and then click Apply.

e Select AdminEnable and then click Apply.



Single Port SMLT and LACP configuration example

Single Port SMLT lets you configure a split multilink trunk using a single port. The Single Port SMLT behaves like an MLT-based SMLT and can coexist with SMLTs in the same system; however, an SMLT ID can belong to either an MLT-SMLT or a Single Port SMLT per chassis.With Single Port SMLT, you can scale the number of split multilink trunks on a switch to a maximum number of available ports.

This example highlights the steps used to configure Single Port SMLT using LACP to create the LAG. Any LACP-enabled device can be used as the LACP client. Figure 228 shows the network topology.

Figure 228 Network topology for Single Port SMLT example

Assume the following:

• The interswitch trunk has already been created as shown in Figure 228.

• User VLAN 10 has already been created on all three switches with the port membership described in Figure 228.

314725-E Rev 00


• The ERS8600C is configured using the same steps as described in “LACP point to point LAG configuration example” on page 491, but instead uses ports 1/1 to 1/2. The LACP key does not need to match that of the SMLT core switches.

• The LACP keys on both ERS8600A and ERS8600B must match.

The following configuration must be performed on both SMLT core switches:

1 In Device Manager, select the port to be configured and right-click.

2 Select Edit General > SMLT.

The Port box appears (Figure 229).

Figure 229 Port box

3 Click Insert.

The Insert SMLT box appears (Figure 230 on page 502).



Figure 230 Insert SMLT

4 Insert a new SMLT group ID. The ID must match on all ports on both SMLT core switches.

5 Click Insert.

6 Click the LACP tab and enable LACP by selecting the AdminEnable check box (Figure 231).

Figure 231 LACP enable

7 Click Apply.

314725-E Rev 00

503

Chapter 13CLI configuration examples

This chapter provides examples of common link aggregation configuration tasks, including the command line interface (CLI) commands you use to create the configuration.

• For conceptual information about VLANs and link aggregation, see Chapter 1, “Layer 2 operational concepts,” on page 37.

• For information about the commands used in these examples, see:

— Chapter 7, “Configuring and managing VLANs using the CLI,” on page 303

— Chapter 9, “Configuring STGs using the CLI,” on page 379

— Chapter 10, “Configuring link aggregation using the CLI,” on page 427


Topic Page

MultiLink Trunking configuration example 504

Single Port SMLT with SLPP configuration example 505

SMLT triangle with loop detection configuration example 508

Square SMLT configuration example 514

Full mesh SMLT configuration example 518

SMLT and VRRP configuration example 522

SMLT and multicast configuration example 525

Triangle SMLT and LACP configuration example 526

Single Port SMLT and LACP configuration example 528

SLPP, VRRP BackupMaster, and SMLT configuration example 532

Ping Snoop configuration example 540

LACP point to point LAG configuration example 541


504 Chapter 13 CLI configuration examples

MultiLink Trunking configuration example

This configuration example shows how to create a multilink trunk and a VLAN (VLAN 100) between two Ethernet Routing Switch 8600 devices. The network is used to carry user traffic (Figure 232).

Figure 232 MLT within a VLAN

The following sections provide step-by-step procedures that show how to configure switch S1 and S2 for this example.

Configuring S1

1 Create VLAN 100:

ERS-8606:5# config vlan 100 create byport 1

2 Create multilink trunk10:

ERS-8606:5# config mlt 10 createERS-8606:5# config mlt 10 add ports 1/1,1/2,2/1,2/2ERS-8606:5# config mlt 10 add vlan 100

Enabling VLACP on Ethernet links configuration example 543

Per-VLAN Spanning Tree Plus (PVST+) configuration examples 544

Rapid Spanning Tree Protocol configuration example 554

Multiple Spanning Tree Protocol configuration example 559

Topic (continued) Page

314725-E Rev 00

Chapter 13 CLI configuration examples 505

Configuring S2

1 Create VLAN 100:

ERS-8606:5# config vlan 100 create byport 1

2 Create multilink trunk 10:

ERS-8606:5# config mlt 10 createERS-8606:5# config mlt 10 add ports 1/1,1/2,2/1,2/2ERS-8606:5# config mlt 10 add vlan 100

Single Port SMLT with SLPP configuration example

The single port Split MultiLink Trunking (SMLT) design is similar to the triangle SMLT design. The only difference is that only a single port from each InterSwitch Trunking (IST) switch goes to the access server. Figure 233 shows the network topology.



Figure 233 Single Port SMLT

Configuring ERS8600B

1 Configure VLANs:

ERS8600-B:5# config vlan 1900 create byport 1ERS8600-B:5# config vlan 10 create byport 1

2 Enable SLPP and add VLAN 10:

ERS8600-B:5# config slpp add 10ERS8600-B:5# config slpp operation enable

3 Configure MLT 5 used for the IST link and add the IST VLAN:

ERS8600-B:5# config mlt 5 createERS8600-B:5# config mlt 5 add ports 2/1,3/1ERS8600-B:5# config vlan 1900 add-mlt 5

4 Configure the IP address and interswitch trunk. The IP address points to the partner interswitch trunk node:

ERS8600-B:5# config vlan 1900 ip create 1.1.1.1/30ERS8600-B:5# config mlt 5 ist create ip 1.1.1.2 vlan-id 1900

314725-E Rev 00


5 Configure Single Port SMLT:

ERS8600-B:5# config ether 1/1 smlt 1 create

6 Enable SLPP packet reception on port 1/1:

ERS8600-B:5# config ethernet 1/1 slpp packet-rx enable

Configuring ERS8600C

1 Configure VLANs:

ERS8600-C:5# config vlan 1900 create byport 1 ERS8600-C:5# config vlan 10 create byport 1

2 Enable SLPP:

ERS8600-C:5# config slpp add 10ERS8600-C:5# config slpp operation enable

3 Configure MLT. VLAN 10 must be spanned across the interswitch trunk (MLT-5):

ERS-8606:5# config mlt 5 createERS-8606:5# config mlt 5 add ports 2/1,3/1ERS-8606:5# config mlt 5 add vlan 1900

4 Configure IP address and IST. The IP address points to the partner IST node:

ERS-8606:5# config vlan 1900 ip create 1.1.1.2/30ERS-8606:5# config mlt 5 ist create ip 1.1.1.1 vlan-id 1900

5 Configure Single Port SMLT:

ERS-8606:5# config ether 1/1 smlt 1 create

6 Enable SLPP packet reception on port 1/1, and set the threshold to 1:

ERS8600-C:5# config ethernet 1/1 slpp packet-rx enableERS8610-C:5# config ethernet 1/1 slpp packet-rx-threshold 1

To view the status of all SMLT ports, and show SLPP configuration information, use the following commands:

ERS8610-B:5# show port info smlt port 1/1ERS8610-B:5# show slpp infoERS8610-B:5# show ports info slpp port 1/1ERS8600-B:5# show log file tail



If port 1/1 is disabled on either ERS8600B or ERS8600C because either switch received its own SLPP-PDU, a message is logged and a trap will be used.

SMLT triangle with loop detection configuration example

This configuration example shows how to create an SMLT triangle using three Ethernet Routing Switch 8600 devices and a VLAN (VLAN 10), which is used to carry user traffic (Figure 234). The following configuration example is based on a three node network where ERS8600A is the SMLT client. Although only one port is used to connect to the SMLT client from each SMLT aggregation switch in this example, up to 8 total links can be used to carry traffic between the two.

Figure 234 SMLT triangle configuration example

The following sections provide step-by-step procedures that show how to configure switches ERS8600A, ERS8600B, and ERS8600C for this example. The procedure configures:

314725-E Rev 00


• VLAN 1900 for the IST VLAN using MLT ID = 5

• VLAN 10 to the SMLT VLAN using MLT ID = 1

• SLPP packet receive threshold on ERS8600B (default) and ERS8600C (5)


1 Configure VLANs:

ERS-8606-B:5# config vlan 1900 create byport 1ERS-8606-B:5# config vlan 10 create byport 1

2 Configure MLT 5 used for the IST link and add the IST VLAN. Disable the CP-Limit for ports 2/1 and 3/1:

ERS-8606-B:5# config mlt 5 createERS-8606-B:5# config mlt 5 add ports 2/1,3/1ERS-8606-B:5# config ether 2/1,3/1 cp-limit disableERS-8606-B:5# config vlan 1900 add-mlt 5

3 Configure the IST IP address and create the interswitch trunk using MLT 5. The IP address is the IP address of the remote partner IST node.

ERS-8606-B:5# config vlan 1900 ip create 1.1.1.1/30ERS-8606-B:5# config mlt 5 ist create ip 1.1.1.2 vlan-id 1900

4 Configure the SMLT link:

ERS-8606-B:5# config mlt 1 createERS-8606-B:5# config mlt 1 perform-tagging enableERS-8606-B:5# config mlt 1 add ports 1/1ERS-8606-B:5# config mlt 1 smlt create smlt-id 1

5 Add VLAN 10 to the interswitch trunk and SMLT VLANs:

ERS-8606-B:5# config vlan 10 add-mlt 1ERS-8606-B:5# config vlan 10 add-mlt 5

6 Enable loop detection on port 1/1. By default, the action will be set to portdown. This can be verified by using the show config module port or config ethernet 1/1 info command. The loop detect timers should be staggered between the ERS8600B and ERS8600C: change the default mac-flap-time-limit from the default setting of 500 ms to 700 ms.

ERS-8606-B:5# config ethernet 1/1 loop-detect enableERS-8606-B:5# config mac-flap-time-limit 700




1 Configure VLANs:

ERS-8606-C:5# config vlan 1900 create byport 1ERS-8606-C:5# config vlan 10 create byport 1

2 Configure MLT 5 used for the IST link and add the IST VLAN. Disable CP-Limit for ports 2/1 and 3/1.

ERS-8606-C:5# config mlt 5 createERS-8606-C:5# config mlt 5 add ports 2/1,3/1ERS-8606-C:5# config ether 2/1,3/1 cp-limit disableERS-8606-C:5# config vlan 1900 add-mlt 5

3 Configure the IST IP address and create the interswitch trunk using MLT 5. The IP address used is the IP address of the remote partner IST node.

ERS-8606-C:5# config vlan 1900 ip create 1.1.1.2/30ERS-8606-C:5# config mlt 5 create ip 1.1.1.1 vlan-id 1900

4 Configure the SMLT link:

ERS-8606-C:5# config mlt 1 createERS-8606-C:5# config mlt 1 perform-tagging enableERS-8606-C:5# config mlt 1 add ports 1/1ERS-8606-C:5# config mlt 1 smlt create smlt-id 1

5 Add VLAN 10 to the IST and SMLT VLANs:

ERS-8606-C:5# config vlan 10 add-mlt 1ERS-8606-C:5# config vlan 10 add-mlt 5

6 Enable loop detection on port 1/1:

ERS-8606-C:5# config ethernet 1/1 loop-detect enable

Configuring ERS8600A

1 Configure VLAN 10:

ERS-8606-A:5# config vlan 10 create byport 1ERS-8606-A:5# config vlan 10 ports add 2/1-2/5

2 Configure the MLT link:

ERS-8606-A:5# config mlt 1 createERS-8606-A:5# config mlt 1 perform-tagging enableERS-8606-A:5# config mlt 1 add ports 1/1,1/2ERS-8606-A:5# config vlan 10 add-mlt 1

314725-E Rev 00


3 Enable Spanning Tree fast start on ports 2/1 to 2/5:

ERS-8606-A:5# config ethernet 2/1-2/5 stg 1 faststart enable

Verifying network operations

Figure 235 to Figure 238 on page 514 show commands you can use to verify that the network is operating correctly.

Figure 235 Show mlt info output

The MLT CURRENT status for MLT-5 is ist. If this status is norm then the IST is not active; there may be a misconfiguration or the links are not active. The current MLT mode is smlt. If there is a misconfiguration or a link down in the network, the value of MLT CURRENT would be norm.

ERS8600-C:5# show mlt info============================================================================= Mlt Info============================================================================= PORT SVLAN MLT MLT PORT VLANMLTID IFINDEX NAME TYPE TYPE ADMIN CURRENT MEMBERS IDS1 4096 MLT-1 trunk normal smlt smlt 1/1 10 5 4100 MLT-5 trunk normal ist ist 2/1-2/2 1900 10

============================================================================= Mlt Info============================================================================= PORT SVLAN MLT MLT PORT VLANMLTID IFINDEX NAME TYPE TYPE ADMIN CURRENT MEMBERS IDS-----------------------------------------------------------------------------1 4096 MLT-1 trunk normal smlt smlt 1/1 105 4100 MLT-5 trunk normal ist ist 2/1-2/2 10 1900

MULTICAST DESIGNATED LACP LACPMLTID IFINDEX DISTRIBUTION NT-STG PORTS ADMIN OPER-----------------------------------------------------------------------------1 4096 disable enable 1/1 disable down5 4100 disable enable 2/1-2/2 disable down



Figure 236 Show mlt commands

ERS8600-C:5# show mlt ist info======================================================= Mlt IST Info=======================================================MLT IP VLAN ENABLE ISTID ADDRESS ID IST STATUS-------------------------------------------------------5 1.1.1.1 1900 true up

ERS8600-C:5# show mlt ist stat========================================================= Mlt IST Message Statistics=========================================================PROTOCOL MESSAGE COUNT---------------------------------------------------------Ist Down : 0Hello Sent : 63480Hello Recv : 63447Learn MAC Address Sent : 10Learn MAC Address Recv : 63837MAC Address AgeOut Sent : 6324MAC Address AgeOut Recv : 3MAC Address Expired Sent : 0MAC Address Expired Sent : 0Delete Mac Address Sent : 0Delete Mac Address Recv : 0Smlt Down Sent : 0Smlt Down Recv : 0Smlt Up Sent : 2Smlt Up Recv : 2Send MAC Address Sent : 131Send MAC Address Recv : 132IGMP Sent : 0IGMP Recv : 0Port Down Sent : 0Port Down Recv : 1Request MAC Table Sent : 0Request MAC Table Recv : 1Unknown Msg Type Recv : 0

314725-E Rev 00


Figure 237 Show mlt commands, part 2

ERS8600-C:5# show mlt ist info======================================================= Mlt IST Info=======================================================MLT IP VLAN ENABLE ISTID ADDRESS ID IST STATUS-------------------------------------------------------5 1.1.1.1 1900 true up

ERS8600-C:5# show mlt ist stat========================================================= Mlt IST Message Statistics=========================================================PROTOCOL MESSAGE COUNT---------------------------------------------------------Ist Down : 0Hello Sent : 63480Hello Recv : 63447Learn MAC Address Sent : 10Learn MAC Address Recv : 63837MAC Address AgeOut Sent : 6324MAC Address AgeOut Recv : 3MAC Address Expired Sent : 0MAC Address Expired Sent : 0Delete Mac Address Sent : 0Delete Mac Address Recv : 0Smlt Down Sent : 0Smlt Down Recv : 0Smlt Up Sent : 2Smlt Up Recv : 2Send MAC Address Sent : 131Send MAC Address Recv : 132IGMP Sent : 0IGMP Recv : 0Port Down Sent : 0Port Down Recv : 1Request MAC Table Sent : 0Request MAC Table Recv : 1Unknown Msg Type Recv : 0

ERS8600-B:5# show mlt smlt info============================================ Mlt SMLT Info============================================MLT SMLT ADMIN CURRENTID ID TYPE TYPE--------------------------------------------1 1 smlt smlt



Loop Detection

Suppose a loop is formed between ERS8600A, ERS8600B, and ERS8600C. The commands shown in Figure 238 on page 514 show commands you can use to display the MAC address that is looping.

Figure 238 Loop detection commands

Square SMLT configuration example

The main rule for a square configuration (see Figure 239 on page 515) is that the IST pairs, ERS8600A and D, and B and C, each must have matching SMLT IDs. However, these IDs can differ between the two IST pairs. The initial configuration creates the IST links between A and B, and C and D. Note that the IST IP addresses differ; Nortel recommends that you use a different subnet for the IST IP addresses between the pairs.

ERS8600-C:5# show ports info loop-detected vlan 10============================================================================= Port Loop-Detect =============================================================================PORT VLAN MAC LOOP DETECT SMLT REMOTE ACTION -----------------------------------------------------------------------------1/1 10 00:00:02:00:00:01 PORT-DOWN false

ERS8600-C:5# show log file tail

CPU5 [02/17/06 15:16:28] SNMP INFO Smlt Link Down Trap(SmltId=10)CPU5 [02/17/06 15:16:28] MLT INFO SMLT 1 DOWN CPU5 [02/17/06 15:16:28] SNMP INFO Port 1/1 is a trunk portCPU5 [02/17/06 15:16:28] SNMP INFO Link Down(1/1) due to loop detectCPU5 [02/17/06 15:16:28] SNMP INFO Loop detected on port 1/1.Port is disabled

314725-E Rev 00


Figure 239 Square SMLT




1 Disable CP-Limit on IST ports:

ERS-8606:5# config ether 2/1,3/1 cp-limit disable

2 Configure VLANs:

ERS-8606:5# config vlan 1900 create byport 1 ERS-8606:5# config vlan 10 create byport 1


ERS-8606:5# config mlt 5 createERS-8606:5# config mlt 5 add ports 2/1,3/1ERS-8606:5# config mlt 5 add vlan 1900ERS-8606:5# config mlt 5 add vlan 10

4 Configure the IP address and IST. The IP address points to the partner IST node:


5 Configure SMLT. The SMLT ID must be identical for each IST pair:

ERS-8606:5# config mlt 1 createERS-8606:5# config mlt 1 smlt create smlt-id 1ERS-8606:5# config mlt 1 add vlan 10ERS-8606:5# config mlt 1 add ports 1/1




2 Configure VLANs:




314725-E Rev 00









2 Configure VLANs:








Configuring ERS8600D





2 Configure VLANs:








Use the show mlt info and the show smlt info commands to verify the status of the multilink trunks.

Full mesh SMLT configuration example

The full mesh SMLT design is similar to the square SMLT, except more links are added to fully mesh the four nodes (see Figure 240 on page 519). As with the square configuration, it is imperative that all links within the SMLT group contain the same SMLT ID, however, this ID need not be the same between each IST pair.

314725-E Rev 00


Figure 240 Full mesh SMLT






2 Configure VLANs:







ERS-8606:5# config mlt 1 createERS-8606:5# config mlt 1 smlt create smlt-id 1ERS-8606:5# config mlt 1 add vlan 10ERS-8606:5# config mlt 1 add ports 1/1,1/17




2 Configure VLANs:




314725-E Rev 00









2 Configure VLANs:




4 Configure the IP address and IST. The IP address points to the partner interswitch trunk node:




Configuring ERS8600D





2 Configure VLANs:


3 Configure MLT. VLAN 10 must be spanned across the IST (MLT-5):




5 Configure SMLT. The SMLT ID must be identical for each interswitch trunk pair:


Use the show mlt info and the show smlt info commands to verify the status of the multilink trunks.

SMLT and VRRP configuration example

In cases in which the Ethernet Routing Switch is providing the next-hop gateway, and is in Virtual Router Redundancy Protocol (VRRP) mode, the Ethernet Routing Switch can provide additional VRRP benefits. In this example (see Figure 241 on page 523), ERS8600A is acting solely as a Layer 2 switch, with a single VLAN 10 configured. The server in this example has a next-hop gateway configured for the VRRP IP.

314725-E Rev 00


Figure 241 Network topology for SMLT and VRRP




2 Configure VLANs:




4 Configure IP address and IST. The IP address points to the partner IST node.




5 Configure SMLT. The SMLT ID must be identical on both nodes:


6 VRRP configuration. These commands add the VRRP virtual IP address of 10.10.10.1 to VLAN 10 with BackupMaster enabled so that both ERS8600B and ERS8600C can respond to ARP.

ERS-8606:5# config vlan 10 ip create 10.10.10.2/24ERS-8606:5# config vlan 10 ip vrrp 1 address 10.10.10.1ERS-8606:5# config vlan 10 ip vrrp 1 backup-master enableERS-8606:5# config vlan 10 ip vrrp 1 holddown-timer 60ERS-8606:5# config vlan 10 ip vrrp 1 enable




2 Configure VLANs:




4 Configure IP address and IST. The IP address points to the partner IST node.


5 Configure SMLT. The SMLT ID must be identical on both nodes:


314725-E Rev 00


6 VRRP configuration. These commands add the VRRP virtual IP address of 10.10.10.1 to VLAN 10 with BackupMaster enabled so that both ERS8600B and ERS8600C can respond to ARP.

ERS-8606:5# config vlan 10 ip create 10.10.10.3/24ERS-8606:5# config vlan 10 ip vrrp 1 address 10.10.10.1ERS-8606:5# config vlan 10 ip vrrp 1 backup-master enableERS-8606:5# config vlan 10 ip vrrp 1 holddown-timer 65ERS-8606:5# config vlan 10 ip vrrp 1 enable


1 Configure MLT on A:

ERS-8606:5# config vlan 10 create byport 1ERS-8606:5# config mlt 1 createERS-8606:5# config mlt 1 add ports 1/1,1/17ERS-8606:5# config mlt 1 add vlan 10

The status of VRRP can be seen using the command show ip vrrp info.

SMLT and multicast configuration example

Use the following steps to configure multicast distribution over a MLT group:

1 Configure multicast distribution globally:

ERS-8606:5# config sys mcast-mlt-distribution enable

2 Configure multicast distribution on each MLT group:

ERS-8606:5# config mlt 1 mcast-distribution enable

The default settings allow all sources and groups to be distributed over MLT (when enabled). Distribution can be controlled by controlling the source/group masks:

ERS-8606:5# config sys mcast-mlt-distribution grp-mask 0.0.0.255ERS-8606:5# config sys mcast-mlt-distribution src-mask 0.0.255.255



Triangle SMLT and LACP configuration example

This configuration example shows how to build and configure a triangle SMLT network using LACP to enable the dynamic set up of SMLT links (Figure 242).

Figure 242 SMLT and IEEE 802.3ad configuration example

The following sections provide step-by-step procedures that show how to configure switch S1, S2, and S3 for this example.

Configuring S1

1 Create IST VLAN 1900:

ERS-8606:5# config vlan 1900 create byport 1ERS-8606:5# config mlt 5 create ERS-8606:5# config mlt 5 add ports 1/1,2/1ERS-8606:5# config mlt 5 perform-tagging enableERS-8606:5# config mlt 5 add vlan 1900ERS-8606:5# config vlan 1900 ip create 1.1.1.1/30ERS-8606:5# config mlt 5 ist create ip 1.1.1.2 vlan-id 1900

314725-E Rev 00


2 Create the SMLT VLAN and add ports:

ERS-8606:5# config vlan 100 create byport 1ERS-8606:5# config vlan 100 ports add 3/1,3/2ERS-8606:5# config vlan 100 add-mlt 5

3 Configure LACP on ports:

ERS-8606:5# config ether 3/1,3/2 lacp key 10ERS-8606:5# config ether 3/1,3/2 lacp aggregation trueERS-8606:5# config ether 3/1,3/2 lacp enable

4 Create SMLT and configure LACP. Ensure keys match port and keys are same for both SMLT aggregation switches:

ERS-8606:5# config mlt 10 createERS-8606:5# config mlt 10 smlt create smlt-id 10ERS-8606:5# config mlt 10 perform-tagging enableERS-8606:5# config mlt 10 lacp key 10ERS-8606:5# config mlt 10 lacp enableERS-8606:5# config ether 3/1,3/2 discard-untagged-frames enable

Configuring S2

1 Create IST VLAN 1900:

ERS-8606:5# config vlan 1900 create byport 1ERS-8606:5# config mlt 5 create ERS-8606:5# config mlt 5 add ports 1/1,2/1ERS-8606:5# config mlt 5 perform-tagging enableERS-8606:5# config mlt 5 add vlan 1900ERS-8606:5# config vlan 1900 ip create 1.1.1.2/30ERS-8606:5# config mlt 5 ist create ip 1.1.1.1 vlan-id 1900

2 Create the SMLT VLAN and add ports:

ERS-8606:5# config vlan 100 create byport 1ERS-8606:5# config vlan 100 ports add 3/1,3/2ERS-8606:5# config vlan 100 add-mlt 5


ERS-8606:5# config ether 3/1,3/2 lacp key 10ERS-8606:5# config ether 3/1,3/2 lacp aggregation trueERS-8606:5# config ether 3/1,3/2 lacp enable



4 Create SMLT and configure LACP. Ensure keys match: port and keys must be the same for both SMLT aggregation switches:

ERS-8606:5# config mlt 10 createERS-8606:5# config mlt 10 smlt create smlt-id 10ERS-8606:5# config mlt 10 perform-tagging enableERS-8606:5# config mlt 10 lacp key 10ERS-8606:5# config mlt 10 lacp enableERS-8606:5# config ether 3/1,3/2 discard-untagged-frames enable

Configuring S3

1 Create VLAN 100 and add ports:

ERS-8606:5# config vlan 100 create byport 1ERS-8606:5# config vlan 100 ports add 3/1-3/4


ERS-8606:5# config ether 3/1-3/4 lacp key 20ERS-8606:5# config ether 3/1-3/4 lacp aggregation trueERS-8606:5# config ether 3/1-3/4 lacp enable

3 Create MLT 10 and configure LACP. Ensure keys match: port and keys must be the same for both SMLT aggregation switches:

ERS-8606:5# config mlt 10 createERS-8606:5# config mlt 10 perform-tagging enableERS-8606:5# config mlt 10 lacp key 10ERS-8606:5# config mlt 10 lacp enableERS-8606:5# config ether 3/1-3/4 discard-untagged-frames enable

Single Port SMLT and LACP configuration example

Single Port SMLT lets you configure a split multilink trunk using a single port. The single port split multilink trunk behaves just like an MLT-based SMLT and can coexist with SMLTs in the same system; however, an SMLT ID can belong to either an MLT-SMLT or a single port split multilink trunk per chassis. With Single Port SMLT, you can scale the number of split multilink trunks on a switch to a maximum number of available ports.

314725-E Rev 00


When SMLT is enabled on a port, its key becomes default and aggregation becomes true. The selection logic selects the default aggregator for the SMLT port. When SMLT is disabled on a port, aggregation becomes false. This example highlights the steps in configuring Single Port SMLT using LACP to create the LAG. Although an Ethernet Routing Switch 8600 is used for the SMLT client, any LACP enabled device can be used.

Figure 243 on page 530 shows the network topology for this configuration example.



Figure 243 Network topology


1 To create the interswitch trunk, enter the following commands:

ERS-8606:5# conf vlan 1900 create byport 1ERS-8606:5# conf mlt 5 createERS-8606:5# conf mlt 5 add ports 1/1,2/1ERS-8606:5# conf mlt 5 perform-tagging enableERS-8606:5# conf mlt 5 add vlan 1900ERS-8606:5# conf vlan 1900 ip create 1.1.1.1/30ERS-8606:5# conf mlt 5 ist create ip 1.1.1.2 vlan-id 1900

2 To create the user VLAN, enter the following commands:

ERS-8606:5# conf vlan 10 create byport 1ERS-8606:5# conf vlan 10 ports add 1/10

3 To create the single port split multilink trunk, enter the following command:

ERS-8606:5# conf ether 1/10 smlt 1 create

314725-E Rev 00


4 To enable LACP on each port, enter the following command. No key is required. The default key is used:

ERS-8606:5# conf ether 1/10 lacp enable


1 To create the interswitch trunk, enter the following commands:

ERS-8606:5# conf vlan 1900 create byport 1ERS-8606:5# conf mlt 5 createERS-8606:5# conf mlt 5 add ports 1/1,2/1ERS-8606:5# conf mlt 5 perform-tagging enableERS-8606:5# conf mlt 5 add vlan 1900ERS-8606:5# conf vlan 1900 ip create 1.1.1.2/30ERS-8606:5# conf mlt 5 ist create ip 1.1.1.1 vlan-id 1900

2 To create the user VLAN, enter the following commands:

ERS-8606:5# conf vlan 10 create byport 1ERS-8606:5# conf vlan 10 ports add 1/10

3 To create the single port split multilink trunk, enter the following command:

ERS-8606:5# conf ether 1/10 smlt 1 create


ERS-8606:5# conf ether 1/10 lacp enable


1 To create the multilink trunk, enter the following commands:

ERS-8606:5# conf mlt 10 createERS-8606:5# conf mlt 10 lacp key 10ERS-8606:5# conf mlt 10 lacp enable

2 To create the user VLAN and add ports, enter the following commands:

ERS-8606:5# conf vlan 10 create byport 1ERS-8606:5# conf vlan 10 ports add 1/1-1/2

3 To configure LACP on the ports, enter the following commands:

ERS-8606:5# conf ether 1/1-1/2 lacp key 10ERS-8606:5# conf ether 1/1-1/2 lacp aggregation true




ERS-8606:5# conf ether 1/1-1/2 lacp enable

SLPP, VRRP BackupMaster, and SMLT configuration example

In this configuration example, a SMLT with ID 2 is configured on ERS8600A and ERS8600B with a VRRPBackupMaster, as illustrated in Figure 244 on page 533. Simple Loop Prevention Protocol (SLPP) is used to detect loops in the network.

The edge switch, ERS3510, is configured for IP routing with a trunk VLAN 260 (which has an IP address of 10.1.4.5/20). Port members 21 to 24 on ERS3510 are added to an access MLT. Under normal operations, traffic can flow over any trunk ports from 21 to 24 on the ERS3510.

314725-E Rev 00


Figure 244 SLPP example network

Because the trunk VLAN is not tagged, if the ERS3510 switch is replaced with a factory default switch or if the MLT configuration is not enabled or defective, this causes a loop in the SMLT core. To detect this loop, configure SLPP on ERS8600B to shut down all SMLT ports. This occurs if ERS8600B receives SLPP-PDUs on port 7/15 or 7/16.

The following procedure configures SLPP on the network shown in Figure 244. To configure the ERS8600A, ERS8600B, and the ERS3510, see Figure 250 on page 537 to Figure 252 on page 539 at the end of this section.

To configure SLPP on the ERS8600B, do the following:

1 Enable SLPP and add VLAN 260. To do this, enter the following commands:

ERS8600-B:6# config slpp add 260ERS8600-B:6# config slpp operation enable

2 Enable SLPP on port 7/15 and 7/16:

ERS8600-B:6# config ethernet 7/15,7/16 slpp packet-rx enable



3 View the SLPP configuration on ERS8600B to ensure SLPP is configured correctly. To view the SLPP configuration, enter the following command:

a ERS8600-B:6# show slpp

Figure 245 Show slpp results

b ERS8600-B:6# show ports info slpp port 7/15,7/16

Figure 246 Show ports info

4 If MLT is broken on the ERS3510 switch, the following commands can be used to check which ports belonging to SMLT 2 are down. If something is broken on the ERS3510 switch, SLPP disables all SMLT ports. Use the following command:

ERS-8600-B:6# show port info interface port 7/15,7/16

ERS-8600-B:6# show slpp


etherType (hex) : 0x8104 operation : enabled tx-interval : 500 vlan : 260

ERS-8600-B:6#

ERS-8600-B:6# show ports info slpp port 7/15,7/16

================================================Port Interface

================================================PORT PKT-RX PKT-RXNUM THRESHOLD------------------------------------------------7/15 enabled 17/16 enabled 1

314725-E Rev 00


Figure 247 Show ports info interface port

If logging to the local interface is enabled, you should see messages indicating that SLPP caused the SMLT 2 port to go down. Use the following command:

ERS8600-B:6# show log file tail

Figure 248 Show log file tail for ERS8600B after port disabled

5 If the MLT problem is corrected on the ERS3510 switch, you must re-enable all SMLT ports on ERS8600A and ERS8600B. Use the commands shown in Figure 249 on page 536.

ERS-8600-B:6# show ports info interface port 7/15,7/16==========================================================================

Port Interface==========================================================================PORT LINK PORT PHYSICAL STATUSNUM INDEX DESCRIPTION TRAP LOCK MTU ADDRESS ADMIN OPERATE--------------------------------------------------------------------------7/15 462 GbicSx true false 1950 00:e0:7b:bc:21:14 down down7/16 463 GbicSx true false 1950 00:e0:7b:bc:21:15 down down

ERS-8600-B:6#

ERS8600-B:6# show log file tailCPU5 [01/25/06 12:54:42] SNMP INFO Smlt Link Down Trap(SmltId=2)CPU5 [01/25/06 12:54:42] SNMP INFO Slpp port down(SlppRxPort = 463, SlppRxVlan =260, SlppIncomingVlanId = 260, SlppSrcMacAddress = 00:e0:7b:bc:20:00)CPU5 [01/25/06 12:54:42] MLT INFO SMLT 2 DOWNCPU5 [01/25/06 12:54:42] SNMP INFO Port 7/16 is an access portCPU5 [01/25/06 12:54:42] SNMP INFO Link Down(7/16)CPU5 [01/25/06 12:54:42] SNMP INFO Port 7/15 is an access portCPU5 [01/25/06 12:54:42] SNMP INFO Link Down(7/15)CPU5 [01/25/06 12:54:42] SW WARNING slppRx: SLERS packet received Rx-Vlan 260, Rx-Port 7/16, PDU-Vlan 260, SRC-Mac 00:e0:7b:bc:20:00



Figure 249 Enabling SMLT and show log file tail after port enabled

The following figures contain the CLI commands used to configure the network of Figure 244 on page 533.

ERS8600-B:6# config ethernet 7/15,7/16 state enableERS8600-A:6# config ethernet 4/15,4/16 state enableERS8600-B:6# show log file tail

CPU5 [01/25/06 12:59:50] SNMP INFO Smlt Link Up Trap(SmltId=2)CPU5 [01/25/06 12:59:50] MLT INFO SMLT 2 UPCPU5 [01/25/06 12:59:16] SNMP INFO Link Up(7/16)CPU5 [01/25/06 12:59:15] SNMP INFO Link Up(7/15)

314725-E Rev 00


Figure 250 Commands to configure the 8600A MLT, VLAN, ports

## MLT CONFIGURATION#mlt 2 createmlt 2 add ports 4/15-4/16mlt 2 smlt create smlt-id 2mlt 5 createmlt 5 add ports 2/1,3/1mlt 5 perform-tagging enablemlt 5 ist create ip 2.1.1.2 vlan-id 1900mlt 5 ist enable

# VLAN CONFIGURATION

vlan 260 create byport 1 color 2vlan 260 add-mlt 2vlan 260 add-mlt 5vlan 260 ports add 2/1,3/1,4/15-4/16 member portmembervlan 260 ip create 10.1.4.2/255.255.255.240 mac_offset 6vlan 260 ip ospf interface-type passivevlan 260 ip ospf enablevlan 260 ip vrrp 5 address 10.1.4.1vlan 260 ip vrrp 5 backup-master enablevlan 260 ip vrrp 5 fast-adv-enable enablevlan 260 ip vrrp 5 enablevlan 1900 create byport 1vlan 1900 add-mlt 5vlan 1900 ports add 2/1,3/1 member portmembervlan 1900 ip create 2.1.1.1/255.255.255.252 mac_offset 4

# PORT CONFIGURATION - PHASE II

ethernet 2/1 default-vlan-id 1900ethernet 2/1 stg 1 stp disableethernet 3/1 default-vlan-id 1900ethernet 3/1 stg 1 stp disableethernet 4/15 stg 1 stp disableethernet 4/16 stg 1 stp disable

# OSPF CONFIGURATION#ip ospf admin-state enableip ospf enable



Figure 251 Commands to configure the 8600B MLT, VLAN, ports

# MLT CONFIGURATION#mlt 2 createmlt 2 add ports 7/15-7/16mlt 2 smlt create smlt-id 2mlt 5 createmlt 5 add ports 2/1,3/1mlt 5 perform-tagging enablemlt 5 ist create ip 2.1.1.2 vlan-id 1900mlt 5 ist enable## VLAN CONFIGURATION

vlan 260 create byport 1 color 2vlan 260 add-mlt 2vlan 260 add-mlt 5vlan 260 ports add 2/1,3/1,7/15-7/16 member portmembervlan 260 ip create 10.1.4.2/255.255.255.240 mac_offset 6vlan 260 ip ospf interface-type passivevlan 260 ip ospf enablevlan 260 ip vrrp 5 address 10.1.4.1vlan 260 ip vrrp 5 backup-master enablevlan 260 ip vrrp 5 fast-adv-enable enablevlan 260 ip vrrp 5 enablevlan 1900 create byport 1vlan 1900 add-mlt 5vlan 1900 ports add 2/1,3/1 member portmembervlan 1900 ip create 2.1.1.1/255.255.255.252 mac_offset 4

# PORT CONFIGURATION - PHASE II

ethernet 2/1 default-vlan-id 1900ethernet 2/1 stg 1 stp disableethernet 3/1 default-vlan-id 1900ethernet 3/1 stg 1 stp disableethernet 7/15 stg 1 stp disableethernet 7/16 stg 1 stp disable

# OSPF CONFIGURATION

ip ospf admin-state enableip ospf enable

314725-E Rev 00


Figure 252 Commands used to configure the ERS 3510 VLAN

! *** VLAN ***!auto-pvidvlan name 1 "VLAN #1"vlan create 99 name "Voice_VLAN" type portvlan create 200 name "Data_VLAN" type portvlan create 260 name "Trunk" type portvlan ports 1-4 tagging unTagAll filter-untagged-frame disable filter-unregistered-frames disable priority 0vlan ports 5-11 tagging unTagPvidOnly filter-untagged-frame disable filter-unregistered-frames disable priority 0vlan ports 12-24 tagging unTagAll filter-untagged-frame disable filter-unregistered-frames disable priority 0vlan members 1 NONEvlan members 99 1,5-11vlan members 200 5-11vlan members 260 21-24vlan ports 1 pvid 99vlan ports 2-4 pvid 1vlan ports 5-11 pvid 200vlan ports 12-20 pvid 1vlan ports 21-24 pvid 260vlan igmp unknown-mcast-no-flood disablevlan mgmt 1!! *** STP ***!spanning-tree stp 1 priority 8000spanning-tree stp 1 hello-time 2spanning-tree stp 1 max-age 20spanning-tree stp 1 forward-time 15spanning-tree stp 1 tagged-bpdu disable tagged-bpdu-vid 4001spanning-tree stp 1 multicast-address 01:80:c2:00:00:00interface FastEthernet ALLspanning-tree port 1-24 learning disableexitspanning-tree stp 1 add-vlan 1spanning-tree stp 1 add-vlan 99spanning-tree stp 1 add-vlan 200spanning-tree stp 1 add-vlan 260interface FastEthernet ALLexit



Ping Snoop configuration example

You can use the Ping Snoop feature to troubleshoot MultiLink Trunk (MLT) and Split MultiLink Trunk (SMLT) networks. This feature displays the route that IP traffic takes over an MLT or SMLT path. Ping Snoop enables a filter that copies Internet Control Message Protocol (ICMP) messages to the CPU. The CPU then monitors the ICMP stream. The console displays the port that is used for each IP traffic flow from source to destination station. There is no mechanism to prevent line rate ICMP traffic from going to the CPU as a result of enabling Ping Snoop.

For more information about configuring Ping Snoop, including instructions for Device Manager and CLI for both legacy and R modules, see Using Diagnostic Tools.

Configuring Ping Snoop

1 Create the Ping Snoop filter. Create a filter to capture ICMP packets from the 30.30.30.0 network to another device in the same network. (You can also configure a filter for single addresses by using a 32 bit mask 30.30.30.10/32 or 30.30.30.3/32.):

ERS-8606:5# config diag ping-snoop create src-ip 30.30.30.0/24 dst-ip 30.30.30.0/24

2 Add ports to filter:

ERS-8606:5# config diag ping-snoop add-port 1/47

3 Enable Ping Snoop:

ERS-8606:5# config diag ping-snoop enable true

Note: If you have an R module installed in the Ethernet Routing Switch 8600 and wish to configure Ping Snoop, you must use an ACL filter option. For more information about the ACL filter, see Configuring QoS and Filtering for Ethernet Routing Switch 8600 R Modules.

314725-E Rev 00


This is a sample output:

ICMP Request received on port 1/47 with Src=30.30.30.10 Dst=30.30.30.3 ICMP Request received on port 1/47 with Src=30.30.30.10 Dst=30.30.30.3ICMP Request received on port 1/47 with Src=30.30.30.10 Dst=30.30.30.3 ICMP Request received on port 1/47 with Src=30.30.30.10 Dst=30.30.30.3

By adding all the MLT/SMLT ports to this filter on a per-switch basis, the user can determine the exact path that traffic takes.

LACP point to point LAG configuration example

This configuration example shows how to configure and enable a point-to-point link aggregation group (LAG) using LACP (Figure 253).

Figure 253 LACP configuration example

The following sections provide step-by-step procedures that show how to configure switch S1 and S2 for the example shown in Figure 253.

Note: You must configure all aggregatable ports in MLT 10 to use the same key used for MLT 10.



Configuring S1

1 Create VLAN 100 and add ports to the VLAN:

ERS-8606:5# config vlan 100 create byport 1ERS-8606:5# config vlan 100 ports add 1/1-1/2,2/1-2/2

2 Configure LACP on S1 switch ports:

ERS-8606:5# config ether 1/1-1/2,2/1-2/2 lacp key 10ERS-8606:5# config ether 1/1-1/2,2/1-2/2 lacp aggregation trueERS-8606:5# config ether 1/1-1/2,2/1-2/2 lacp enable

3 Create MLT 10 and configure LACP. Ensure the LACP key is the same as that configured in step 2:

ERS-8606:5# config mlt 10 createERS-8606:5# config mlt 10 lacp key 10ERS-8606:5# config mlt 10 lacp enable

Configuring S2

1 Create VLAN 100 and add ports to the VLAN:

ERS-8606:5# config vlan 100 create byport 1ERS-8606:5# config vlan 100 ports add 1/1-1/2,2/1-2/2

2 Configure LACP on S2 switch ports:

ERS-8606:5# config ether 1/1-1/2,2/1-2/2 lacp key 10ERS-8606:5# config ether 1/1-1/2,2/1-2/2 lacp aggregation trueERS-8606:5# config ether 1/1-1/2,2/1-2/2 lacp enable

3 Create MLT 10 and configure LACP. Ensure the LACP key is the same as that configured in step 2:

ERS-8606:5# config mlt 10 createERS-8606:5# config mlt 10 lacp key 10ERS-8606:5# config mlt 10 lacp enable

314725-E Rev 00


Enabling VLACP on Ethernet links configuration example

This configuration example shows how to enable VLACP on Ethernet links to ensure that link failures are propagated through the service provider optical network (Figure 254).

Figure 254 Enabling VLACP on Ethernet links configuration example

The following sections provide step-by-step procedures that show how to configure switch S1, and S2 for this example.

Configuring S1

1 Configure MLT 10 and add VLAN 100:

ERS-8606:5# config vlan 100 create byport 1ERS-8606:5# config mlt 10 createERS-8606:5# config mlt 10 add ports 3/1,3/2ERS-8606:5# config mlt 10 add vlan 100

2 Enable VLACP on both Ethernet ports:

ERS-8606:5# config ethernet 3/1-3/2 vlacp enable

Configuring S2

1 Configure MLT 10 and add VLAN 100:

ERS-8606:5# config vlan 100 create byport 1ERS-8606:5# config mlt 10 createERS-8606:5# config mlt 10 add ports 3/1,3/2



ERS-8606:5# config mlt 10 add vlan 100

2 Enable VLACP on both Ethernet ports:

ERS-8606:5# config ethernet 3/1-3/2 vlacp enable

Per-VLAN Spanning Tree Plus (PVST+) configuration examples

PVST+ is an extension of the Cisco System PVST with support for IEEE 802.1Q standard, and is the default spanning tree protocol used on Cisco System switches. PVST+ uses a separate spanning tree instance for each configured VLAN and supports the IEEE 802.1Q STP across IEEE 802.1Q regions.

When you configure PVST+, it uses, by default, IEEE 802.1Q single STP BPDUs on VLAN 1 and PVST+ BPDUs for other VLANs. This allows a PVST+ switch to connect to a switch using IEEE 802.1Q spanning tree as a tunnel for PVST+. PVST+ BPDUs are tunneled across the 802.1Q VLAN region as multicast data.

The single STP is addressed to the well-known STP MAC address 01-80-C2-00-00-00. The PVST+ BPDUs for other VLANs are addressed to multicast address 01-00-0C-CC-CC-CD.

PVST+ can be used to load balance the VLANs by changing the VLAN bridge priority.

For conceptual information about PVST+, refer to “Per-VLAN spanning tree” on page 71.


• “Configuring PVST+ on an Ethernet Routing Switch 8600”

• “Configuration example—basic PVST+ setup” on page 545

Configuring PVST+ on an Ethernet Routing Switch 8600

You can configure a PVST+ instance under the Ethernet Routing Switch 8600 spanning tree group (STG) level for each VLAN that connects to a Cisco System switch running PVST+.

314725-E Rev 00


Use the following commands to configure PVST+ on the Ethernet Routing Switch 8600:

ERS-8606:5# config stg <1-64> create <ports> vlan <1-4094> ntstg disable

The ntstg parameter is enabled by default, which provides the default group STP operation. When you set the ntstg parameter to disable, PVST+ is enabled for this particular VLAN.

To view spanning tree forwarding state, enter the following command:

ERS-8606:5# show ports info stg main <port number>

To view the spanning tree configuration, enter the following command:

ERS-8606:5# show stg info config

To view the spanning tree status, enter the following command:

ERS-8606:5# show stg info status

Configuration example—basic PVST+ setup

Figure 255 on page 546 shows a basic configuration example in which a single Ethernet Routing Switch 8600 is using PVST+ to connect to two Cisco Systems switches.

The following sections provide step-by-step procedures that show how to configure PVST+ on Ethernet Routing Switch 8600 S1 for this example.



Figure 255 Basic setup configuration example

Configuring Ethernet Routing Switch 8600 S1

1 Configure ports 1/20 and 1/30 with VLAN tagging:

ERS-8606:5# config ethernet 1/20,1/30 perform-tagging enable

2 Configure a PVST+ STG instance for each VLAN:

ERS-8606:5# config stg 20 create 1/5,1/20,1/30 vlan 100 ntstg disableERS-8606:5# config stg 21 create 1/6,1/20,1/30 vlan 101 ntstg disableERS-8606:5# config stg 22 create 1/7,1/20,1/30 vlan 102 ntstg disable

3 Create VLAN 100:

ERS-8606:5# config vlan 100 create byport 20ERS-8606:5# config vlan 100 ports add 1/5,1/20,1/30

4 Create VLAN 101:


5 Create VLAN 102:


314725-E Rev 00


Configuring Cisco C2950 switches S2 and S3

By default, PVST+ is enabled on the switches. The only configuration requirement is for you to add the VLANs (through the VLAN database), and then add the ports to each VLAN:

version 12.1!interface FastEthernet0/17 switchport access vlan 100 switchport mode access no ip address!interface FastEthernet0/18 switchport access vlan 101 switchport mode access no ip address!interface FastEthernet0/19 switchport access vlan 102 switchport mode access no ip address!interface FastEthernet0/20 switchport trunk allowed vlan 100-102 switchport mode trunk no ip address!interface FastEthernet0/21 switchport trunk allowed vlan 100-102 switchport mode trunk no ip address!

Configuration example—load balancing with the Ethernet Routing Switch 8600 as a distribution switch

This configuration example shows how to perform load balancing with the Ethernet Routing Switch 8600 (S1 and S2) acting as a distribution switch, and the Cisco C2950 switch (S3) acting as an access switch (Figure 256 on page 548).



Figure 256 Load balancing configuration example

This configuration example shows how to complete the following tasks:

• Configure the Cisco C2950 switch as an access switch.

• Configure the Ethernet Routing Switch 8600 (S1 and S2) as distribution switches.

• Forward all even number VLANs from C2950-A (S3) to Ethernet Routing Switch 8600 S1. Forwarding is accomplished by configuring the STG bridge priority. By default, all STG groups have a bridge priority of 32768. To increase the STG priority, you can lower the STG priority to a lower value for all even number VLANs (for this example, use 4096).

• Forward all odd number VLANs from C2950-A (S3) to Ethernet Routing Switch 8600 S2.

To increase the STG priority, you can lower the STG priority to a lower value for all odd number VLANs (for this example, use 4096).

For the configuration files used for Ethernet Routing Switch 8600s S1 and S2 in this configuration example, see “Configuration files for S1 and S2” on page 550.

The following sections provide step-by-step procedures that show how to perform load balancing with the Ethernet Routing Switch 8600 (S1 and S2) as distribution switches, and the Cisco C2950 switch (S3) as an access switch for this example.

314725-E Rev 00







3 Configure bridge priority for each even number VLAN STG group:

ERS-8606:5# config stg 20 priority 4096ERS-8606:5# config stg 22 priority 4096

4 Create VLAN 100:


5 Create VLAN 101:


6 Create VLAN 102:









3 Configure bridge priority for each odd number VLAN STG group:

ERS-8606:5# config stg 21 priority 4096

4 Create VLAN 100:


5 Create VLAN 101:

ERS-8606:5# config vlan 101 create byport 21ERS-8606:5# config vlan 101 ports add 1/6,1/20, 2/1

6 Create VLAN 102:

ERS-8606:5# config vlan 102 create byport 22ERS-8606:5# config vlan 102 ports add 1/7,1/20, 2/1

Configuration files for S1 and S2

The following sections provide the configuration files used for Ethernet Routing Switch 8600 S1 and S2 in the configuration example shown Figure 256 on page 548.

S1 configuration file

## PORT CONFIGURATION - PHASE I#ethernet 1/20 perform-tagging enableethernet 2/1 perform-tagging enable## STG CONFIGURATION#stg 20 create vlan 100 mac 01:00:0c:cc:cc:cd ntstg disable stg 20 add ports 1/5,1/20,2/1stg 20 priority 4096stg 21 create vlan 101 mac 01:00:0c:cc:cc:cd ntstg disable stg 21 add ports 1/6,1/20,2/1stg 22 create vlan 102 mac 01:00:0c:cc:cc:cd ntstg disable stg 22 add ports 1/7,1/20,2/1stg 22 priority 4096## VLAN CONFIGURATION#vlan 100 create byport 20

314725-E Rev 00


vlan 100 ports remove 1/1-1/4,1/6-1/19,1/21-1/48,2/2-2/8,3/1-3/8 member portmembervlan 100 ports add 1/5,1/20,2/1 member portmembervlan 101 create byport 21vlan 101 ports remove 1/1-1/5,1/7-1/19,1/21-1/48,2/2-2/8,3/1-3/8 member portmembervlan 101 ports add 1/6,1/20,2/1 member portmembervlan 102 create byport 22vlan 102 ports remove 1/1-1/6,1/8-1/19,1/21-1/48,2/2-2/8,3/1-3/8 member portmembervlan 102 ports add 1/7,1/20,2/1 member portmember

S2 configuration file

## PORT CONFIGURATION - PHASE Iethernet 1/20 perform-tagging enableethernet 2/1 perform-tagging enable## STG CONFIGURATION#stg 20 create vlan 100 mac 01:00:0c:cc:cc:cd ntstg disable stg 20 add ports 1/5,1/20,2/1stg 21 create vlan 101 mac 01:00:0c:cc:cc:cd ntstg disable stg 21 add ports 1/6,1/20,2/1stg 21 priority 4096stg 22 create vlan 102 mac 01:00:0c:cc:cc:cd ntstg disable stg 22 add ports 1/7,1/20,2/1## VLAN CONFIGURATION#vlan 100 create byport 20vlan 100 ports remove 1/1-1/4,1/6-1/19,1/21-1/48,2/2-2/8,3/1-3/8 member portmembervlan 100 ports add 1/5,1/20,2/1 member portmembervlan 101 create byport 21vlan 101 ports remove 1/1-1/5,1/7-1/19,1/21-1/48,2/2-2/8,3/1-3/8 member portmembervlan 101 ports add 1/6,1/20,2/1 member portmembervlan 102 create byport 22vlan 102 ports remove 1/1-1/6,1/8-1/19,1/21-1/48,2/2-2/8,3/1-3/8 member portmembervlan 102 ports add 1/7,1/20,2/1 member portmember



Configuration example—load balancing with the Cisco System switch as a distribution switch

This configuration example shows how to perform load balancing with the Cisco C2950 switches (S2 and S3) as distribution switches, and the Ethernet Routing Switch 8600 (S1) as an access switch (see Figure 255 on page 546).

This configuration example shows how to complete the following tasks:

• Configure the Ethernet Routing Switch 8600 (S1) as an access switch.

• Configure Cisco C2950 switches (S2 and S3) as distribution switches.

• Forward all even number VLANs from Ethernet Routing Switch 8600 (S1) to Cisco C2950 switch S2.

• Forward all odd number VLANs from Ethernet Routing Switch 8600 (S1) to Cisco C2950 switch S3.

To load balance traffic in this manner, you can configure the Cisco C2950 switch S2 as the root for all even number VLANs and the Cisco C2950 switch S3 as the root for all odd number VLANs.

To do this, enter the following commands:

1 Configure C2950 S2 as the root from all even number VLANs:

Cat2950-A(config)# spanning-tree vlan 100 root primaryCat2950-A(config)# spanning-tree vlan 102 root primary

2 Configure C2950 S3 as the root for all odd number VLANs:

Cat2950-B(config)# spanning-tree vlan 101 root primary

(The Cisco System root command changes the bridge priority to 24576.)

314725-E Rev 00


Cisco Systems default spanning tree settings

The section shows the default PVST+ settings used with Cisco Systems switches.

Setting the PVST+ bridge ID priority

• The bridge ID priority is the priority of a VLAN when the switch is inPVST+ mode.

• When the switch is in PVST+ mode without MAC address reduction enabled, you can enter a bridge priority value between 0 and 65535. The bridge priority value you enter also becomes the VLAN bridge ID priority for that VLAN.

• When the switch is in PVST+ mode with MAC address reduction enabled, you can enter one of 16 bridge priority values: 0, 4096, 8192, 12 288, 16 384, 20 480, 24 576, 28 672, 32 768, 36 864, 40 960, 45 056, 49 152, 53 248, 57 344, or 61 440.

• The bridge priority is combined with the system ID extension (that is, the ID of the VLAN) to create the bridge ID priority for the VLAN.

Feature Default Value

VLAN 1 All ports assigned to VLAN 1

Enable state PVST+ enabled for all VLANs

Bridge priority 32768

Port priority 32

Port cost • Gigabit Ethernet: 4 • Fast Ethernet: 19

• Ethernet: 100

Port VLAN priority Same as port priority, but configurable on a per-VLAN basis in PVST+.

Port VLAN cost Same as port cost, but configurable on a per-VLAN basis in PVST+.

Bridge Priority 0, 4096, 8192, 12 288, 16 384, 20480, 28 672, 32 768, 36 864, 40960, 45 056, 49 152, 53 248, 57 344, or 61 440.



Rapid Spanning Tree Protocol configuration example

In this configuration example, you can accomplish the following:

• Configure the bridge priority as shown in Figure 257 on page 555. This configuration results in traffic flow as shown with the dashed lines because B1 becomes the RSTP root bridge. If B1 fails, then B2 becomes the root bridge based on priority settings.

• Set the bridge port priory on B1 such that the Gigabit Ethernet (GbE) interface 2/1 is used.

314725-E Rev 00


Figure 257 RSTP topology



Configuring ERS8600 B1

To configure switch B1:

1 Set the switch to use RSTP mode. This requires you to save the configuration and boot the switch. Enter the following commands:

ERS8600-B1:6# config bootconfig flags spanning-tree-mode rstpERS8600-B1:6# save bootconfigERS8600-B1:6# boot -y

2 Add VLAN 3. Enter the following commands:

ERS8600-B1:6# config vlan 3 create byport-mstprstp 0ERS8600-B1:6# config vlan 3 ports add 2/1,2/2,2/4,2/5,1/15

3 Change the RSTP bridge priority. Enter the following command:

ERS8600-B1:6# config rstp priority 4096

4 Configure port 1/15 as an RSTP edge port:

ERS8600-B1:6# config ethernet 1/15 rstp edge-port true

5 Configure port 2/1 with a RSTP port priority of 16 so that it is used as the RSTP root path:

ERS8600-B1:6# config ethernet 2/1 rstp priority 16


1 Set the switch to use RSTP mode. This requires you to save the configuration and boot the switch. Enter the following commands:

ERS8600-B2:6# config bootconfig flags spanning-tree-mode rstpERS8600-B2:6# save bootconfigERS8600-B2:6# boot -y

2 Add VLAN 3. Enter the following commands:


3 Change the RSTP bridge priority. Enter the following command:

ERS8600-B2:6# config rstp priority 8192

4 Configure port 3/15 as an RSTP edge port:

ERS8600-B2:6## config ethernet 3/15 rstp edge-port true

314725-E Rev 00



1 Set the switch to use RSTP mode. Enter the following command:

ERS1624G-B3:4# config stp version rstp

2 Change the RSTP bridge priority:

ERS1624G-B3:4# config stp priority 12288

3 Add VLAN 3:

ERS1624G-B3:4# create vlan 3 vid 3 type portERS1624G-B3:4# config vlan 3 add untagged 1,3,5,7,10

4 Configure ports 1 and 3 for 1 Gbps full duplex to be compatible with the ES GbE interfaces:

ERS1624G-B3:4# config ports 1,3 speed 1000_full


1 Set the switch to use RSTP mode. Enter the following command:

ERS1612G-B4:4# config stp version rstp

2 Change RSTP bridge priority:

ERS1612G-B4:4# config stp priority 16384

3 Add VLAN 3

ERS1612G-B4:4# create vlan 3 vid 3 type portERS1612G-B4:4# config vlan 3 add untagged 1,3,5,7,10



Configuring ES 470 B5

By default, with BOSS 3.5, Auto-PVID is enabled. Auto-PVID will automatically assign the VLAN PVID to all port members.

Note: If you disable Auto-PVID, you will have to assign the PVID to each VLAN port member by using the command vlan ports <port list> pvid <1-4094>



1 Change spanning tree operating mode to RSTP and reboot the switch:

ES470_48(config)# spanning-tree op-mode rstpES470_48(config)# bootReboot the unit(s) (y/n) ? y

2 Add VLAN 3:

ES470_48(config)# vlan create 3 type port ES470_48(config)# vlan members add 3 15,47,48

3 Remove VLAN port members from the default VLAN:

ES470_48(config)# vlan members remove 1 15,47,48


ES470_48(config)# spanning-tree rstp priority 5000

5 Configure port 15 as a RSTP edge port:

ES470_48(config)# interface fastEthernet 15ES470_48(config-if)# spanning-tree rstp edge-port true

Configuring ES470 B6

1 Change spanning tree operating mode to RSTP and reboot the switch:

ES470_48(config)# spanning-tree op-mode rstpES470_48(config)# bootReboot the unit(s) (y/n) ? y

Note: When you use RSTP, if you remove a port from the default VLAN prior to configuring VLAN 3, the STP participation is disabled for that port. In this case, you must enable STP participation for each removed port. This can be avoided if you remove ports from the default VLAN (VLAN 1) after VLAN 3 is created.

If you first remove the port(s) from VLAN 1, RSTP can be enabled again by using the following commands: interface fastEthernet <port> spanning-tree rstp learning enable and spanning-tree rstp learning enable

Note: The bridge priority value is in hexadecimal. 20480 in decimal equals 5000 in hexadecimal.

314725-E Rev 00


2 Add VLAN 3:





ES470_48(config)# spanning-tree rstp priority 6000

5 Configure port 15 as a RSTP edge port:

ES470_48(config)# interface fastEthernet 15ES470_48(config-if)# spanning-tree rstp edge-port true

Multiple Spanning Tree Protocol configuration example

The following section gives an example using MSTP. The topology is given in Figure 258 on page 560. This network has the following parameters:



Figure 258 Multiple spanning tree topology

• Switches B1 and B2 are in multiple spanning tree region 2.

• B1 is configured so that it becomes the CIST root; it has the lowest CIST priority of 4096.

• B2 is configured so that it becomes the CIST backup; it has the next highest CIST priority of 8192.

• There are two MSTI instances; MSTI 1 for VLAN 3 and MSTI 2 for VLAN 4.

• B1 GbE interface 2/2 is configured with a MSTI 2 priority of 16, while B2 GbE interface 4/1 is configured with a MSTI 1 priority of 16. This results in VLAN load balancing.

• Switches B3, B4, B5, and B6 are in multiple spanning tree region 1.

314725-E Rev 00


• B3 is configured so that it becomes the CIST regional root; it has a CIST priority of 12288. B4 becomes the backup CIST regional root; it has a priority of 16384.

• There are two MSTI instances; MSTI 1 for VLAN 3, and MSTI 2 for VLAN 4.

• B4 is configured so that it is the MSTI root for VLAN 3 and the backup MSTI root for VLAN 4. Configure the MSTI priority for MSTI 1 to 4096, and the MSTI priority for MSTI 2 to 8192.

• B3 is configured so that it is the MSTI root for VLAN 4 and the backup MSTI root for VLAN 3. Configure the MSTI priority for MSTI 1 to 8192, and the MSTI priority for MSTI 2 to 4096.


1 Set the switch to use MSTP mode. This requires you to save the configuration and boot the switch. Enter the following commands:

ERS8600-B1:6# config bootconfig flags spanning-tree-mode mstpERS8600-B1:6# save bootconfigERS8600-B1:6# boot -y

2 Configure the MSTP region:

ERS8600-B1:6# config mstp region config-id-sel 2ERS8600-B1:6# config mstp region name region2ERS8600-B1:6# config mstp region revision 1

3 Configure GbE ports 2/1, 2/2, 2/4, and 2/4 as tagged ports:

ERS8600-B1:6# config ethernet 2/1,2/2,2/4,2/5 perform-tagging enable

4 Add VLAN 3:


5 Add VLAN 4:


6 Change the MSTP CIST bridge priority:

ERS8600-B1:6# config mstp cist priority 4096



7 Configure the MSTP 2 priority:

ERS8600-B1:6# config ethernet 2/2 mstp msti 2 priority 16

8 Configure ports 1/15 and 1/16 as a MSTP edge ports:

ERS8600-B1:6# config ethernet 1/15,1/16 mstp cist edge-port true


1 Set the switch to use MSTP mode. This requires you to save the configuration and boot the switch. Enter the following commands:

ERS8600-B2:6# config bootconfig flags spanning-tree-mode mstpERS8600-B2:6# save bootconfigERS8600-B2:6# boot -y

2 Configure MSTP region:

ERS8600-B2:6# config mstp region config-id-sel 2ERS8600-B2:6# config mstp region name region2ERS8600-B2:6# config mstp region revision 1

3 Configure GbE ports 4/1, 4/2, 4/4, and 4/5 as tagged ports:

ERS8600-B2:6# config ethernet 4/1,4/2,4/4,4/5 perform-tagging enable

4 Add VLAN 3:


5 Add VLAN 4:


6 Change the MSTP CIST bridge priority:

ERS8600-B2:6# config mstp cist priority 8192

7 Configure the MSTP 1 priority:

ERS8600-B2:6# config ethernet 4/1 mstp msti 1 priority 16

8 Configure ports as MSTP edge ports:

ERS8600-B2:6# config ethernet 3/15,3/16 mstp cist edge-port true

314725-E Rev 00



1 Enable the MSTP mode:

ERS1624G-B3:4# config stp version mstp

2 Change MSTP bridge priority:

ERS1624G-B3:4# config stp instance_id 0 priority 12288

3 Add VLAN 3:

ERS1624G-B3:4# create vlan 3 vid 3 type portERS1624G-B3:4# config vlan 3 add untagged 10ERS1624G-B3:4# config vlan 3 add tagged 1,3,5,7

4 Add VLAN 4:




6 Configure the MSTP region and revision:

ERS1624G-B3:4# config stp region name region1ERS1624G-B3:4# config stp region mstconfigidsel 1ERS1624G-B3:4# config stp region revision 1

7 Add MSTI 1, change the MSTI priority, and add VLAN 3:

ERS1624G-B3:4# create stp instance_id 1ERS1624G-B3:4# config stp instance_id 2 priority 8192ERS1624G-B3:4# config stp_vlan instance_id 1 add 3




1 Enable MSTP mode:

ERS1624G-B4:4# config stp version mstp

2 Change MSTP bridge priority:

ERS1624G-B4:4# config stp instance_id 0 priority 12288



3 Add VLAN 3:


4 Add VLAN 4:




6 Configure the MSTP region and version:

ERS1624G-B4:4# config stp region name region1ERS1624G-B4:4# config stp region mstconfigidsel 1ERS1624G-B4:4# config stp region revision 1






1 Change spanning tree operation mode to MSTP and reboot the switch:

ES470_48(config)# spanning-tree op-mode mstpES470_48(config)# bootReboot the unit(s) (y/n) ? y

2 Add tagging:

ES470_48(config)# vlan ports 47,48 tagging tagall

3 Add VLAN 3 and members:


314725-E Rev 00


4 Remove VLAN port member from the default VLAN:


5 Add VLAN 4 and port members:



ES470_48(config)# vlan members remove 1 16


ES470_48(config)# spanning-tree mstp region config-id-sel 1 region-name region1 region-version 1

8 Add MSTP MSTI 1 and add VLAN 3:

ES470_48(config)# spanning-tree mstp msti 1ES470_48(config)# spanning-tree mstp msti 1 add-vlan 3



10 Configure ports 6 and 7 as MSTP edge ports:

ES470_48(config)# interface fastEthernet 15,16ES470_48(config-if)# spanning-tree mstp edge-port true


1 Change spanning tree operation mode to MSTP and reboot the switch:

ES470_48(config)# spanning-tree op-mode mstpES470_48(config)# bootReboot the unit(s) (y/n) ? y

2 Add tagging:

ES470_48(config)# vlan ports 47,48 tagging tagall

Note: If an error message appears stating that you cannot modify settings and nontagged ports cannot span multiple STPGs, then ensure that all appropriate ports have tagging enabled. In this example, this applies to ports 47 and 48.










ES470_48(config)# vlan members remove 1 16


ES470_48(config)# spanning-tree mstp region config-id-sel 1 region-name region1 region-version 1





10 Configure ports 6 and 7 as MSTP edge ports:

ES470_48(config)# interface fastEthernet 15,16ES470_48(config-if)# spanning-tree mstp edge-port true

314725-E Rev 00

567

Appendix ATap and OctaPID assignment (Release 3.x feature set)

The switch fabric in the Ethernet Routing Switch 8600 module has nine switching taps, one for each of the eight I/O slots (1 to 4 and 7 to 10), and one for the CPU slots (5 and 6). Taps 0 to 7 map to the eight I/O slots and can support up to eight OctaPIDs. Each OctaPID can support up to eight ports.

In the Ethernet Routing Switch 8600, a physical port number is 10 bits long and has the following format:

9 6 5 3 2 0 +-----+----+----+ | | | | +-----+----+----+

bits 9–6: Tap number (0–15)

bits 5–3: OctaPID number (0–7)

bits 2–0: MAC port number (0–7)

The tap number bits and the OctaPID number bits combined (bits 9–3) are usually referred to as the OctaPID ID.


568 Appendix A Tap and OctaPID assignment (Release 3.x feature set)

Table 69 lists the module types that are currently available, along with the associated OctaPID ID assignments for each module.

Table 69 Available module types and OctapPID ID assignments

Module type Port typeOctaPID ID assignment

8608GBE and 8608GBM Modules 1000BASE-SX Table 70 next

1000BASE-LX

1000BASE-ZX

1000BASE-XD

8608GTE and 8608GTM Modules 1000BASE-T Table 70 next

8608SXE Module 1000BASE-SX Table 70 next

8616SXE Module 1000BASE-SX Table 71 on page 569

8624FXE Module 100BASE-FX Table 72 on page 570

8632TXE and 8632TXM Modules 10BASE-T/100BASE-TX Table 73 on page 570

1000BASE-SX

1000BASE-LX

1000BASE-ZX

1000BASE-XD

8648TXE and 8648TXM Modules 10/100 Mb/s Table 74 on page 570

8672ATME and 8672ATMM Modules

OC-3c MDA Table 75 on page 571

OC-12c MDA

DS3

8681XLR Module 10GBASE-LR Table 76 on page 571

8681XLW Module 10GBASE-LW Table 77 on page 572

8683POSM Module OC-3c MDA Table 78 on page 572

OC-12c MDA

314725-E Rev 00

Appendix A Tap and OctaPID assignment (Release 3.x feature set) 569

Table 70 describes the OctaPID ID and port assignments for the 8608GBE, 8608GBM, 8608GTE, 8608GTM, and 8608SXE modules.

Table 71 describes the OctaPID ID and port assignments for the 8616SXE Module.

Table 70 8608GBE/8608GBM/8608GTE/8608GTM/8608SXE modules

OctaPID ID assignment Port assignment

OctaPID ID: 0 Port 1








Table 71 8616SXE module


OctaPID ID: 0 Ports 1 and 2










Table 72 describes the OctaPID ID and port assignments for the 8624FXE Module.

Table 73 describes the OctaPID ID and port assignments for the 8632TXE and 8632TXM modules.

Table 74 describes the OctaPID ID and port assignments for the 8648TXE and 8648TXM Modules.

Table 72 8624FXE module


OctaPID ID: 0 Ports 1 through 8



Table 73 8632TXE and 8632TZM modules





– –

– –


OctaPID ID: 6 Port 33 (GBIC port)

OctaPID ID: 7 Port 34 (GBIC port)

Table 74 8648TXE and 8648TXM modules





– –

– –

314725-E Rev 00

Appendix A Tap and OctaPID assignment (Release 3.x feature set) 571

Table 75 describes the OctaPID ID and port assignments for the 8672ATME and 8672ATMM Modules.

Table 76 describes the OctaPID ID and port assignments for the 8681XLR Module.




Table 75 8672ATME and 8672ATMM modules


OctaPID ID: 0 • Ports 1 through 4 (with OC-3c MDA)• Port 1 (with OC-12c MDA)

• Ports 1 through 2 (with DS-3 MDA)

OctaPID ID: 1 • Ports 5 through 8 (with OC-3c MDA)• Port 5 (with OC-12c MDA)

• Ports 5 through 6 (with DS-3 MDA)

OctaPID ID: 2 Not used

Table 76 8681XLR module



OctaPID ID: 1

OctaPID ID: 2

OctaPID ID: 3

OctaPID ID: 4

OctaPID ID: 5

OctaPID ID: 6

OctaPID ID: 7

Table 74 8648TXE and 8648TXM modules (continued)




Table 77 describes the OctaPID ID and port assignments for the 8681XLW Module.

Table 78 describes the OctaPID ID and port assignments for the 8683POSM Module.

Table 77 8681XLW module



OctaPID ID: 1

OctaPID ID: 2

OctaPID ID: 3

OctaPID ID: 4

OctaPID ID: 5

OctaPID ID: 6

OctaPID ID: 7

Table 78 8683POSM module


OctaPID ID: 0 • Ports 1 and 2 (with OC-3c MDA)

• Port 1 (with OC-12c MDA)

OctaPID ID: 1 • Ports 3 and 4 (with OC-3c MDA)• Port 3 (with OC-12c MDA)

OctaPID ID: 2 • Ports 5 and 6 (with OC-3c MDA)

• Port 5 (with OC-12c MDA)

314725-E Rev 00

573

Glossary

aggregation switch

A switch that aggregates multiple user access switches and provides core connections.

boundary port

A bridge port that attaches a multiple spanning tree bridge to a LAN that is not in the same region.

Common and Internal Spanning Tree (CIST)

The single spanning tree calculated by STP and RSTP together with the logical continuation of that connectivity through MST bridges and regions, calculated by MSTP to ensure that all LANs in the bridged LAN are simply and fully connected.

Common Spanning Tree (CST)

The single spanning tree calculated by STP, RSTP, and MSTP to connect multiple spanning tree regions.

Internal spanning tree (IST)

An internal spanning tree that operates in a given multiple spanning tree region. Within a multiple spanning tree region, multiple spanning instances can be configured. Instance 0 within a region is known as the Internal Spanning Tree (IST).

Interswitch trunk

A parallel point to point link that connects two aggregation switches together. The two aggregation switches use this channel to share information so that they can operate as a single logical switch. There can be only one interswitch trunk per SMLT aggregation switch.


574 Glossary

Interswitch Trunking (IST)

A method of link aggregation that allows two aggregation switches to connect. The two aggregation switches use this channel to share information so that they can operate as a single logical switch. There can be only one interswitch trunk per SMLT aggregation switch.

MultiLink Trunking (MLT)

MultiLink trunking is a method of link aggregation that allows multiple Ethernet trunks to be aggregated together to provide a single logical trunk. A multilink trunk provides the combined bandwidth of the multiple links, as well as the physical layer protection against the failure of any single link.

Multiple Spanning Tree Instance (MSTI)

One of a number of spanning trees calculated by MSTP within a multiple spanning tree region. The instance provides a fully connected active topology for frames classified as belonging to a VLAN that is mapped to the MSTI by the MST configuration table used by the multiple spanning tree bridges of the MST region.

MST bridge

A bridge capable of supporting the CST, and one or more MSTIs, and of selectively mapping frames classified in any given VLAN to the CST or a given MSTI.

MST region

A set of LANs and MST bridges, physically connected via ports on those MST bridges, where each LAN CIST designated bridge is an MST bridge. Each port is either the designated port on one of the LANs, or else a non-designated port of an MST bridge that is connected to one of the LANs. The port MCID matches the MCID of the designated bridge of that LAN.

peer IP address

The IP address of the neighbor IST switch VLAN that is chosen for configuring the interswitch trunk. Note that the peer IP address is the IP address of the IST VLAN on the other aggregation switch. You need only configure one VLAN with an IP address for the IST protocol to work. All other VLANs on the interswitch trunk do not require an IP address if you choose not to have VLAN routing enabled.

314725-E Rev 00

Glossary 575

Single Port SMLT

A multilink trunk where one or both ends are split between two aggregation switches; however only one port can be configured on each aggregation switch per SMLT ID.

Single Spanning Tree (SST) bridge

A bridge capable of supporting only a single spanning tree: the CST. The SST may be supported by the Spanning Tree Protocol (STP) defined in IEEE 802.1d-1998, or by the Rapid Spanning Tree Protocol (RSTP), defined in IEEE 802.1w-2001.

SMLT aggregation switches

The two switches that share an IST link.

Typically, one or more switches that connect to multiple wiring closet switches, edge switches or CPE devices, usually within a single building.

SMLT client

A switch located at the edge of the network, such as in a wiring closet or CPE. An SMLT client switch must be able to perform link aggregation (such as with MLT or some other compatible method) but does not require any SMLT intelligence.

SMLT ID

The identification number used to specify the corresponding pair of SMLT links. This number is identified between the two aggregation switches and must be paired on each aggregation switch.

SMLT set

Two SMLT aggregation switches and their directly connected SMLT clients.

SMLT square

A pair of SMLT aggregation switches connected as SMLT clients to another pair of SMLT aggregation switches.

SMLT triangle

A configuration where an SMLT client and the two aggregation switches form a triangle.


576 Glossary

Spanning tree

A simply and fully connected active topology formed from the arbitrary physical topology of connected bridged LAN components by relaying frames through selected bridge ports. The STP parameters and states are used and exchanged to facilitate the calculation of that active topology and to control the bridge relay function.

Spanning tree group

A collection of ports in one spanning tree instance.

Split multilink trunk

A multilink trunk where one or both ends are split between two aggregation switches, thus forming what is typically referred to as an SMLT triangle or SMLT square.

user access switch

A switch located at the edge of the network. End stations typically connect directly to a user access switch.

314725-E Rev 00

577

Index

Aacronyms 31

ActiveMembers field 137

AgingTime field 157, 162

algorithm, MLT traffic distribution 80

AlignmentErrors field 263

auto-recovery 329

Bbaby giant frames 48

BackupMaster 129

BridgeAddress field 220

BridgeForwardDelay field 216

BridgeHelloTime field 216

BridgeMaxAge field 216

bridgingMAC-layer 64, 185viewing filters 186VLAN 177

brouter port, description 54

CCarrierSenseErrors field 263

change detectionabout 70configure (CLI) 389configure (DM) 225rules 70

collision errors, MLT 467

Color field 136

config ethernet commandscp-limit 459info 375stg 387

config mlt commandsconfig mlt add 435config mlt ist 456config mlt remove 437config mlt smlt 455options 433

config stg commandsconfig stg 376create mac 378info 378options 385sid 378

config vlan commandsinfo 369ip 362options 313

configurationadvanced VLAN features 160direct broadcast on a VLAN 175Enhanced Operation mode 326MultiLink Trunks 253protocol-based VLAN 147single port SMLT 461source IP subnet-based VLAN 146source MAC-address based VLAN 154source MAC-based VLAN 158spanning tree group 213

configuring SMLTconfig mlt ist commands

delete 460enable/disable 458


578 Index

config mlt ist, create ip vlan-id 457

configuring SMLT using DM 276adding an SMLT 276adding ports to an SMLT 279configuring an IST MLT 281viewing IST statistics 283

control packet rate limit 112, 459

CP-Limit 112, 459

DDeferredTransmissions field 264

DesignatedBridge field 223

DesignatedCost field 223

DesignatedPort field 223

DesignatedRoot field 220, 223

directed broadcast 175

Displaying defined VLANs 135

EEnableStp field 216, 223

Enhanced Operation mode 55, 56, 58, 191, 326about 56configure (CLI) 326configure (DM) 191

Ethernet errors 467

ExcessiveCollisions field 264

FFastStart field 223

FastStart, enabling 388

FCSErrors field 263

FdbAging 178

flap time limit 328

ForwardDelay field 221

forwarding database, flushing 180

ForwardTransitions field 224

FrameTooLongs field 264

GGlobal MAC filtering 64, 189

HHelloTime field 221

HoldTime field 221

IId field 256

IEEE, 802.1Q tagging 48

IfIndex field 161

InBroadcastPkt field 261

InMulticastPkts field 260

InOctets field 260

InternalMacReceiveErrors field 263

InternalMacTransmitErrors field 263

Inter-switch trunk (IST)about 112configure (CLI) 456configure (DM) 281

InUcastPkts field 260

IP commands, configure 326

IP routingIP protocol-based VLAN 52multicast 47source IP subnet-based VLAN 52source MAC-based VLAN 52unicast 46

IP spoofing 64

IP subnet-based VLAN, creating 309

IPX routing802.2-RAW 52802.3-SNAP 52port-based VLANs 53protocol-based VLANs 53

314725-E Rev 00

Index 579

ISTabout 112about CP-Limit and 112aggregation switch processes 112configure (CLI) 456configure (DM) 281connectivity recommendations 112disabling CP-Limit for 459single point of failure 112

Ist MLT dialog box 282

Ist/SMLT Stats tab field descriptions 284

Ist/SMLT tab 284

ISTs 111

LLACP 94, 250

configure using Device Manager 250configuring a port using device manager 267,

271viewing information in Device Manager 265viewing statisticst using device manager 273

LACP and MLT 97

LACP and Routing 98

LACP and SMLT 98

LACP and spanning tree interaction 100

LACP Keys 99

LACP Priority 98

LACPDU Timers 99

LateCollisions field 264

LCAP modes 100

limiting MAC learning 321

loop detection 65, 173, 327

MMAC address auto-learning 170

MAC filters 64, 186

MAC level security 46

MacAddress field 162, 179, 185, 189

MACAddress, auto-learned 172

MAC-layer bridging 64, 185

MaxAge field 221

MLTBPDUs 90client/server configuration 89description 83distributing multicast flow over 83distribution algorithm 84E-module support 83IEEE 802.1Q tagging 82media type 82port aggregation 79rules 82show all (CLI) 463span modules 83STP 82supported media 82switch-to-server configuration 89traffic distribution algorithm 80

MltType field 257, 279

Monitor field 180, 185

MSTI Bridges, configuring 235

MSTP 73, 211

MSTP CIST port, viewing statistics 233

MSTP CIST Ports, configuring 230

MSTP MSTI Bridges, configuring 235

MSTP MSTI port statistics, viewing 238

MSTP MSTI Ports, configuring 236

MSTP, configuring globally 226

multicastE-module support for MLT 83flow distribution over MLT 83flow distribution over MLT traffic redistribution

86MLT distribution algorithm 84

Multicast Distribution field, MultiLink Trunks 257

MultiLink Trunk dialog box 259

MultiLink Trunking. See MLT


580 Index

multinetting 46

Multiple Spanning Tree Protocol, configuration example 559

MultipleCollisionFrames field 264

NName field 136, 256

Network Load Balancer unicast support 325

NewEnhancedOperMode field 192

NNI ports 62add to STG (CLI) 378configure (CLI) 373configure (DM) 202

nontagged ports 49

NotAllowToJoin field 137

NumPorts field 220

OOctaPID

ID description 567on UNI and NNI ports 60, 205, 373port mirroring assignment 568Tap and OctaPID assignment 567

OutBroadcast field 261

OutMulticast field 261

OutOctets field 260

OutUcastPkts field 260

PPathCost field 223

PIDDSAP value 44Ethernet SNAP 44Ethernet type 2 44invalid for user-defined protocol VLAN 45, 151

port commandsconfig ethernet info 375

Port field 185, 189, 222

Port Members field 217

port mirroringOctaPID ID and port assignments 568

port-based VLANabout 39, 138create (CLI) 310create (DM) 138

PortMembers field 137, 257

PortType field 256

PPPoE protocol-based VLAN, about 43

Priority field 216, 222

Protocol Identifier. See PID

protocol-based VLANabout 41create (CLI) 310, 487create (DM) 147

ProtocolId field 137

ProtocolSpecification field 220

publicationshard copy 34

QQoS (quality of service) level, setting 314

QosLevel field 163

RRapid Spanning Tree Protocol, configuration

example 554

rate limit, control packet 112, 459

Result field 163

RIP update, triggering 313

RootCost field 221

RootPort field 221

RSMLT 106, 130, 276, 455

RSTP 73, 211

RSTP convergence time 78

RSTP Edge port 75

314725-E Rev 00

Index 581

RSTP ForceVersion 73

RSTP Ports, configuring 243

RSTP Status statistics 246

RSTP Status, configuring 245

RSTP, configuring globally 240

Ssample command output

config mlt ist create ip vlan-id 458config mlt ist enable/disable 459

show mlt commandserror collision 467error main 467info 468, 469show-all 463stats 472

show ports commandsinfo

stg extended 399stg main 398

stats, stg 401

show stg commandsinfo config 397info status 398show-all 393

show vlan info commandsadvance 350all 333arp 351basic 352brouter-port 353fdb-entry 347, 476fdb-filter 348fdb-static 349ip 355ports 356srcmac 357

Simple Loop Protection Protocolconfigure by port using Device Manger 293configure by VLAN using Device Manger 291configure globally using Device Manger 290

configure using Device Manger 290

single port SMLTabout 119create (CLI) 460delete (DM) 289view all ports (CLI) 471view one port (CLI) 471

SingleCollisionFrames field 264

SMLTadvantages 107

reroutes failures quickly 108transparent and interoperable solution 108

configuration example 111end station configuration example 114IST 112, 573, 574peer IP address 574recommendations for IST connectivity 112single point of failure elimination 108single port

about 119create (CLI) 460delete (DM) 289view all ports (CLI) 471view one port (CLI) 471

STP convergence resolution 108traffic flow examples 114troubleshooting

IST problems 474single user problems 476

VRRP enhancement 128

SMLT and VRRP 128

SMLT Full-Mesh 124

SMLT Square 123

SMLT square 98

SMLT Triangle 122

SMLT, Single port 121

SmltId field 257

SMLT-on-Single-CPU 118

source IP-subnet-based VLAN 146

source MAC-address based VLAN 158


582 Index

source MAC-based VLAN 154

source MAC-based VLAN, creating 311

spanning treebridge forward delay 216bridge hello time 216bridge priority 216enable/disable STP fields 216enabling SNMP traps 216port group membership 217

spanning tree group. See STG commands

spanning tree groupschanging 217creating 213deleting 217editing 217limitations 70viewing status 219with VLANs 70

Spanning Tree Protocolconfiguring topology change detection 389querying the change detection setting 390

Spanning Tree Protocol. See STP

Split MultiLink Trunking 107

SQETestErrors field 264

stacked VLANsabout 59configure Ethertype and switch level (CLI) 370configure Ethertype and switch level (DM) 200configure port type (CLI) 373configure port type (DM) 202configure STG (CLI) 376configure STG (DM) 207create (CLI) 368create (DM) 196levels 60rules 60specifications 60UNI and NNI ports 62

State field 223

StaticMembers field 137

statistics

MLT (CLI) 472MLT (DM) 259, 261

Status field 180, 185

STG commandsconfigure 378configure ports 387show 401show-all 393

StgId field 137, 222

STGs. See spanning tree groups

STP 67blocking state 68bridge forward delay timer 69bridge hello timer 69bridge protocol data units (BPDUs) 68disabling 68enabling 68IEEE 802.1D standard 67, 385multiple spanning tree groups 67spanning tree algorithm 67, 385Spanning Tree FastStart 69spanning tree groups 67, 213tagged BPDUs 68topology change detection

about 70configure (CLI) 389configure (DM) 225rules 70

StpTrapEnable field 216

SubnetAddr field 137

SubnetMask field 137

sVLANabout 59configure Ethertype and switch level (CLI) 370configure Ethertype and switch level (DM) 200configure port type (CLI) 373configure port type (DM) 202configure STG (CLI) 376configure STG (DM) 207create (CLI) 368create (DM) 196levels 60

314725-E Rev 00

Index 583

rules 60specifications 60UNI and NNI ports 62

SvlanPortType field, MLT 256

Ttable, flushing 313

tagged port 49

TaggedBpduAddress field 216

TaggedBpduVlanID field 217

tagging, on MLT ports 434

Tap and OctaPID assignment 567

technical publications 34

TimeSinceTopologyChange field 220

TopChanges field 220

topology change detectionabout 70configure (CLI) 389configure (DM) 225rules 70

traffic distribution algorithm, MLT 80

transit network 55

UUNI ports 62

add to STG (CLI) 378configure (CLI) 373configure (DM) 202

Untagging Default VLAN on a Tagged Port 169, 325

user-defined protocol-based VLANabout 44create (CLI) 310, 487

UserDefinedPid field 163

UserPriority field 163

Vviewing static forwarding information 183

VLACP 101, 252

VLANcoordinated across multiple switches 48default 53enabling tagging 54ID 48, 54IP routing 52IPX protocol 42IPX routing 52multiplex traffic 49overview 37policy-based 40port-based 39, 138potential member 40protocol-based 41rules 54, 56source IP subnet-based 46source MAC-based 45spanning multiple switches 38tagged port 54tagging 48timing out 40untagged port 54

VLAN commandsconfigure 308configure IP 362show 333, 358show IP 355

VLAN Operation Action field 163

VlanId field 136

VlanIds field 257

VLANsbridging 177configuring advanced VLAN features 160direct broadcast 175displaying 135in spanning tree groups 70managing 158protocol-based 147source IP-subnet-based 146


584 Index

source MAC-address based 154, 158

VRRP backup master 129

314725-E Rev 00

Documents

MANUAL 8600-4.1