Академический Документы
Профессиональный Документы
Культура Документы
120936-00 Rev. 2
Published June 2014
Legal Notice
Extreme Networks, Inc., on behalf of or through its wholly-owned subsidiary, Enterasys Networks,
Inc., reserves the right to make changes in specifications and other information contained in this
document and its website without prior notice. The reader should in all cases consult
representatives of Extreme Networks to determine whether any such changes have been made.
The hardware, firmware, software or any specifications described or referred to in this document
are subject to change without notice.
Trademarks
Extreme Networks and the Extreme Networks logo are trademarks or registered trademarks of
Extreme Networks, Inc. in the United States and/or other countries.
All other names (including any product names) mentioned in this document are the property of
their respective owners and may be trademarks or registered trademarks of their respective
companies/owners.
For additional information on Extreme Networks trademarks, please see:
www.extremenetworks.com/company/legal/trademarks/
Support
For product support, including documentation, visit: www.extremenetworks.com/support/
For information, contact:
Extreme Networks, Inc.
145 Rio Robles
San Jose, California 95134
USA
Table of Contents
Preface.........................................................................................................................................6
Conventions.............................................................................................................................................................................6
Related Publications............................................................................................................................................................ 7
Providing Feedback to Us................................................................................................................................................ 8
Navigating the ExtremeXOS User Guide...........................................................................................................................9
Chapter 1: VLANs......................................................................................................................10
VLANs Overview................................................................................................................................................................. 10
Configuring VLANs on the Switch..............................................................................................................................19
Displaying VLAN Information.......................................................................................................................................23
Private VLANs......................................................................................................................................................................24
VLAN Translation............................................................................................................................................................... 42
Port-Specific VLAN Tag...................................................................................................................................................51
Chapter 3: FDB......................................................................................................................... 74
FDB Contents.......................................................................................................................................................................74
How FDB Entries Get Added....................................................................................................................................... 74
How FDB Entries Age Out............................................................................................................................................. 75
FDB Entry Types.................................................................................................................................................................75
Managing the FDB............................................................................................................................................................. 77
Displaying FDB Entries and Statistics....................................................................................................................... 81
MAC-Based Security..........................................................................................................................................................81
Managing MAC Address Tracking............................................................................................................................. 85
Layer 2 Basics
Table of Contents
Layer 2 Basics
Table of Contents
Layer 2 Basics
Preface
Conventions
This section discusses the conventions used in this guide.
Text Conventions
The following tables list text conventions that are used throughout this guide.
Table 1: Notice Icons
Icon
Notice Type
Note
Caution
Warning
New
Description
This typeface indicates command syntax, or represents information as it appears on
the screen.
When you see the word enter in this guide, you must type something, and then press
the Return or Enter key. Do not press the Return or Enter key when an instruction
simply says type.
[Key] names
Key names are written with brackets, such as [Return] or [Esc]. If you must press two
or more keys simultaneously, the key names are linked with a plus sign (+). Example:
Press [Ctrl]+[Alt]+[Del]
Italics emphasize a point or denote new terms at the place where they are defined in
the text. Italics are also used when referring to publication titles.
Layer 2 Basics
Preface
Platform-Dependent Conventions
Unless otherwise noted, all information applies to all platforms supported by ExtremeXOS software,
which are the following:
When a feature or feature implementation applies to specific platforms, the specific platform is noted in
the heading for the section describing that implementation in the ExtremeXOS command
documentation. In many cases, although the command is available on all platforms, each platform uses
specific keywords. These keywords specific to each platform are shown in the Syntax Description and
discussed in the Usage Guidelines.
Terminology
When features, functionality, or operation is specific to a switch family, the family name is used.
Explanations about features and operations that are the same across all product families simply refer to
the product as the switch.
Related Publications
Documentation for Extreme Networks products is available at: www.extremenetworks.com. The
following is a list of related publications currently available:
Some ExtremeXOS software files have been licensed under certain open source licenses. Information is
available at: www.extremenetworks.com/services/osl-exos.aspx
Layer 2 Basics
Preface
Providing Feedback to Us
We are always striving to improve our documentation and help you work better, so we want to hear
from you! We welcome all feedback but especially want to know about:
Content errors or confusing or conflicting information.
Ideas for improvements to our documentation so you can find the information you need faster.
Broken links or usability issues.
If you would like to provide feedback to the Extreme Networks Information Development team about
this document, please contact us using our short online feedback form. You can also email us directly at
internalinfodev@extremenetworks.com.
Layer 2 Basics
Layer 2 Basics
1 VLANs
VLANs Overview
Configuring VLANs on the Switch
Displaying VLAN Information
Private VLANs
VLAN Translation
Port-Specific VLAN Tag
This chapter contains information about configuring VLANs, displaying VLAN information, private
VLANs, and VLAN translation. In addition, you can learn about the benefits and types of VLANs, along
with valuable information about virtual routers.
VLANs Overview
Setting up Virtual Local Area Networks (VLANs) on the switch eases many time-consuming tasks of
network administration while increasing efficiency in network operations.
Note
The software supports using IPv6 addresses, in addition to IPv4 addresses. You can configure
the VLAN with an IPv4 address, IPv6 address, or both. See IPv6 Unicast Routing for complete
information on using IPv6 addresses.
The term VLAN is used to refer to a collection of devices that communicate as if they were on the same
physical LAN.
Any set of ports (including all ports on the switch) is considered a VLAN. LAN segments are not
restricted by the hardware that physically connects them. The segments are defined by flexible user
groups that you create with the command line interface (CLI).
Note
The system switches traffic within each VLAN using the Ethernet MAC address. The system
routes traffic between two VLANs using the IP addresses.
Benefits
Implementing VLANs on your networks has the following advantages:
VLANs help to control trafficWith traditional networks, broadcast traffic that is directed to all
network devices, regardless of whether they require it, causes congestion. VLANs increase the
efficiency of your network because each VLAN can be set up to contain only those devices that
must communicate with each other.
Layer 2 Basics
10
VLANs
VLANs provide extra securityDevices within each VLAN can communicate only with member
devices in the same VLAN. If a device in VLAN Marketing must communicate with devices in VLAN
Sales, the traffic must cross a routing device.
VLANs ease the change and movement of devicesWith traditional networks, network
administrators spend much of their time dealing with moves and changes. If users move to a
different subnetwork, the addresses of each endstation must be updated manually.
Types of VLANs
This section introduces the following types of VLANs:
Port-Based VLANs
Tagged VLANs
Protocol-Based VLANs
Note
You can have netlogin dynamic VLANs and, on the Summit family of switches and
BlackDiamond 8800 series switches only, netlogin MAC-based VLANs. See Network Login for
complete information on netlogin.
Layer 2 Basics
11
VLANs
Port-Based VLANs
In a port-based VLAN, a VLAN name is given to a group of one or more ports on the switch.
At boot-up, all ports are members of the port-based VLAN default. Before you can add any port to
another port-based VLAN, you must remove it from the default VLAN, unless the new VLAN uses a
protocol other than the default protocol any. An untagged port can be a member of only one portbased VLAN.
On the Extreme Networks switch in the following figure, ports 9 through 14 are part of VLAN Marketing;
ports 25 through 29 are part of VLAN Sales; and ports 21 through 24 and 30 through 32 are in VLAN
Finance.
To create a port-based VLAN that spans two switches, you must do two things:
1
Layer 2 Basics
12
VLANs
2 Cable the two switches together using one port on each switch per VLAN.
The following figure illustrates a single VLAN that spans a BlackDiamond switch and another
Extreme Networks switch. All ports on the System 1 switch belong to VLAN Sales. Ports 1 through 29
on the system 2 switch also belong to VLAN Sales. The two switches are connected using slot 8,
port 4 on System 1 (the BlackDiamond switch), and port 29 on system 2 (the other switch).
Layer 2 Basics
13
VLANs
4 Using this configuration, you can create multiple port-based VLANs that span multiple switches, in a
daisy-chained fashion.
Tagged VLANs
Tagging is a process that inserts a marker (called a tag) into the Ethernet frame. The tag contains the
identification number of a specific VLAN, called the VLANid (valid numbers are 1 to 4094).
Note
The use of 802.1Q tagged packets may lead to the appearance of packets slightly bigger than
the current IEEE 802.3/Ethernet maximum of 1,518 bytes. This may affect packet error
counters in other devices and may also lead to connectivity problems if non-802.1Q bridges
or routers are placed in the path.
Uses of Tagged VLANs
Each VLAN may be assigned an 802.1Q VLAN tag. As ports are added to a VLAN with an 802.1Q tag
defined, you decide whether each port uses tagging for that VLAN. The default mode of the switch is to
have all ports assigned to the VLAN named default with an 802.1Q VLAN tag (VLANid) of 1 assigned.
Not all ports in the VLAN must be tagged. As traffic from a port is forwarded out of the switch, the
switch determines (in real time) if each destination port should use tagged or untagged packet formats
for that VLAN. The switch adds and strips tags, as required, by the port configuration for that VLAN.
Note
Packets arriving tagged with a VLANid that is not configured on a port are discarded.
The following figure illustrates the physical view of a network that uses tagged and untagged traffic.
Layer 2 Basics
14
VLANs
You can configure the switch using a combination of port-based and tagged VLANs. A given port can
be a member of multiple VLANs, with the stipulation that only one of its VLANs uses untagged traffic.
Layer 2 Basics
15
VLANs
In other words, a port can simultaneously be a member of one port-based VLAN and multiple tagbased VLANs.
Note
For the purposes of VLAN classification, packets arriving on a port with an 802.1Q tag
containing a VLANid of 0 are treated as untagged.
Protocol-Based VLANs
Protocol-based VLANs enable you to define a packet filter that the switch uses as the matching criteria
to determine if a particular packet belongs to a particular VLAN.
Protocol-based VLANs are most often used in situations where network segments contain hosts
running multiple protocols. For example, in the following figure, the hosts are running both the IP and
NetBIOS protocols.
The IP traffic has been divided into two IP subnets, 192.207.35.0 and 192.207.36.0. The subnets are
internally routed by the switch. The subnets are assigned different VLAN names, Finance and
Personnel, respectively. The remainder of the traffic belongs to the VLAN named MyCompany. All ports
are members of the VLAN MyCompany.
Layer 2 Basics
16
VLANs
IP (IPv4)
IPv6 (11.2 IPv6)
MPLS
IPX
NetBIOS
DECNet
IPX_8022
IPX_SNAP
AppleTalk
If necessary, you can define a customized protocol filter by specifying EtherType, Logical Link Control
(LLC), or Subnetwork Access Protocol (SNAP). Up to six protocols can be part of a protocol filter. To
define a protocol filter:
1
Note
Protocol-based VLAN for Etype from 0x0000 to 0x05ff are not classifying as per filter.
When traffic arrive with these Etypes, it is classifed to native VLAN rather protocol based
vlan.
llcLLC Service Advertising
Protocol (SAP)
snapEtherType inside an
IEEE SNAP packet
encapsulation
The values for llc are four-digit hexadecimal numbers that are created by
concatenating a two-digit LLC Destination SAP (DSAP) and a two-digit LLC
Source SAP (SSAP).
The values for snap are the same as the values for etype, described
previously. For example:
configure protocol fred add llc feff
configure protocol fred add snap 9999
Layer 2 Basics
17
VLANs
A maximum of 15 protocol filters, each containing a maximum of six protocols, can be defined. No
more than seven protocols can be active and configured for use.
Note
For more information on SNAP for Ethernet protocol types, see TR 11802-5:1997 (ISO/IEC)
[ANSI/IEEE std. 802.1H, 1997 Edition].
If a protocol filter is deleted from a VLAN, the VLAN is assigned a protocol filter of 'any'. You can
continue to configure the VLAN. However, no traffic is forwarded to the VLAN until a protocol is
assigned to it.
Precedence of Tagged Packets Over Protocol Filters
If a VLAN is configured to accept tagged packets on a particular port, incoming packets that match the
tag configuration take precedence over any protocol filters associated with the VLAN.
Default VLAN
The default switch configuration includes one default VLAN that has the following properties:
VLAN Names
VLAN names must conform to the guidelines listed in Object Names.
VLAN names can be specified using the [Tab] key for command completion. VLAN names are locally
significant. That is, VLAN names used on one switch are only meaningful to that switch. If another
switch is connected to it, the VLAN names have no significance to the other switch.
Note
We recommend that you use VLAN names consistently across your entire network.
You must use mutually exclusive names for the following:
Layer 2 Basics
18
VLANs
VLANs
VMANs
IPv6 tunnels
SVLANs
CVLANs
BVLANs
2 If needed, assign an IP address and mask (if applicable) to the VLAN as described in Managing a
VLAN IP Address on page 20.
3 If any ports in this VLAN will use a tag, assign a VLAN tag.
configure {vlan} vlan_name tag tag {remote-mirroring}
As you add each port to the VLAN, decide if the port will use an 802.1Q tag.
5 For the management VLAN on the switch, configure the default IP route for virtual router VR-Mgmt.
Note
See IPv4 Unicast Routing for information on configuring default IP routes or adding
secondary IP addresses to VLANs.
Layer 2 Basics
19
VLANs
Note
Each IP address and mask assigned to a VLAN must represent a unique IP subnet. You
cannot configure the same IP subnet on different VLANs on the same virtual router.
The software supports using IPv6 addresses, in addition to IPv4 addresses. You can
configure the VLAN with an IPv4 address, IPv6 address, or both. See IPv6 Unicast Routing
for complete information on using IPv6 addresses.
The system returns the following message if the ports you are adding are already EAPS primary or
EAPS secondary ports:
WARNING: Make sure Vlan1 is protected by EAPS, Adding EAPS ring ports to a
VLAN could cause a loop in the network. Do you really want to add these ports?
(y/n)
Layer 2 Basics
20
VLANs
Renaming a VLAN
To rename an existing VLAN, use the following command:
configure {vlan} vlan_name name name
Disabling a VLAN stops all traffic on all ports associated with the specified VLAN.
You cannot disable any VLAN that is running any Layer 2 protocol traffic.
When you attempt to disable a VLAN running Layer 2 protocol traffic (for example, the VLAN
Accounting), the system returns a message similar to the following:
VLAN accounting cannot be disabled because it is actively used by an L2
Protocol
You can disable the default VLAN; ensure that this is necessary before disabling the default VLAN.
You cannot disable the management VLAN.
You cannot bind Layer 2 protocols to a disabled VLAN.
You can add ports to and delete ports from a disabled VLAN.
Layer 2 Basics
21
VLANs
The following modular switch example creates a port-based VLAN named accounting:
create vlan accounting
configure accounting ipaddress 132.15.121.1
configure default delete port 2:1-2:3,2:6,4:1,4:2
configure accounting add port 2:1-2:3,2:6,4:1,4:2
Note
Because VLAN names are unique, you do not need to enter the keyword vlan after you have
created the unique VLAN name. You can use the VLAN name alone (unless you are also using
this name for another category such as STPD or EAPS, in which case we recommend
including the keyword vlan).
The following stand-alone switch example creates a port-based VLAN named development with an
IPv6 address:
create vlan development
configure development ipaddress 2001:0DB8::8:800:200C:417A/64
configure default delete port 1-3
configure development add port 1-3
The following modular switch example creates a protocol-based VLAN named ipsales.
Slot 5, ports 6 through 8, and slot 6, ports 1, 3, and 4-6 are assigned to the VLAN. In this example, you
can add untagged ports to a new VLAN without first deleting them from the default VLAN, because the
new VLAN uses a protocol other than the default protocol.
create vlan ipsales
configure ipsales protocol ip
configure ipsales add port 5:6-5:8,6:1,6:3-6:6
Layer 2 Basics
22
VLANs
The following modular switch example defines a protocol filter, myprotocol and applies it to the VLAN
named myvlan. This is an example only, and has no real-world application.
create protocol myprotocol
configure protocol myprotocol add etype 0xf0f0
configure protocol myprotocol add etype 0xffff
create vlan myvlan
configure myvlan protocol myprotocol
To disable the protocol-based VLAN (or any VLAN) in the above example, use the following command:
disable vlan myprotocol
Note
To display IPv6 information, you must use either the show vlan detail command or show
vlan command with the name of the specified VLAN.
To display the VLAN information for other ExtremeXOS software features, use the following
commands:
You can display additional useful information on VLANs configured with IPv6 addresses by issuing the
command:
show ipconfig ipv6 vlan vlan_name
Layer 2 Basics
23
VLANs
Private VLANs
The following sections provide detailed information on private VLANs:
PVLAN Overview on page 24
Configuring PVLANs on page 33
Displaying PVLAN Information on page 36
PVLAN Configuration Example 1 on page 37
PVLAN Configuration Example 2 on page 39
PVLAN Overview
PVLANs offer the following features:
VLAN translation
VLAN isolation
Note
PVLAN features are supported only on the platforms listed for this feature in the license
tables in the Feature License Requirements document.
Layer 2 Basics
24
VLANs
VLAN translation does not allow communication between the subscriber VLANs.
VLAN Isolation
VLAN isolation provides Layer 2 isolation between the ports in a VLAN. The following figure shows an
application of VLAN isolation.
Layer 2 Basics
25
VLANs
Layer 2 Basics
26
VLANs
Layer 2 Basics
27
VLANs
can, however, communicate with Layer 2 devices on the network side of the PVLAN through the
network VLAN. When the network VLAN egress port is configured for tag translation, isolated VLAN
ports also participate in uplink tag translation. When isolated subscriber VLAN ports are configured as
tagged, egress packets are tagged with the isolated VLAN tag. As with standard VLANs and nonisolated VLANs, isolated ports cannot communicate through Layer 2 with ports in other subscriber
VLANs.
PVLAN Support over Multiple Switches
A PVLAN can span multiple switches. The following figure shows a PVLAN that is configured to operate
on two switches.
Layer 2 Basics
28
VLANs
Layer 2 Basics
29
VLANs
Because port 22 supports multiple VLANs that are part of the PVLAN, and because these Switch 2
VLANs are not part of the PVLAN, Switch 1, port 24, must be configured as a PVLAN endpoint, which
establishes the PVLAN boundary. Switch 2, port 22, is configured as a regular tagged VLAN port.
For most applications, it would be better to extend the PVLAN to Switch 2 so that the PVLAN features
are available to the Switch 2 VLANs.
The configuration of Switch 2 behaves as follows:
The Switch 2 NonIsolated VLAN ports can communicate with the NonIsolated VLAN ports on
Switch 1, but they cannot participate in VLAN translation.
The Switch 2 Isolated VLAN ports can communicate with other Switch 2 Isolated VLAN ports.
The Switch 2 Isolated VLAN ports cannot participate in VLAN translation.
The Switch 2 Isolated VLAN ports can receive broadcast and multicast info for the Isolated VLAN.
Traffic is allowed from the Switch 1 Isolated VLAN ports to the Switch 2 Isolated VLAN ports.
MAC Address Management in a PVLAN
Each device that connects to a PVLAN must have a unique MAC address within the PVLAN. Each MAC
address learned in a PVLAN requires multiple FDB entries. For example, each MAC address learned in a
non-isolated subscriber VLAN requires two FDB entries, one for the subscriber VLAN and one for the
network VLAN. The additional FDB entries for a PVLAN are marked with the P flag in the show fdb
command display.
The following sections describe the FDB entries created for the PVLAN components and how to
estimate the impact of a PVLAN on the FDB table:
Non-Isolated Subscriber VLAN
Isolated Subscriber VLAN
Network VLAN
Calculating the Total FDB Entries for a PVLAN
Non-Isolated Subscriber VLAN
When a MAC address is learned on a non-isolated subscriber VLAN port, two entries are added to the
FDB table:
MAC address, non-isolated subscriber VLAN tag, and the port number
MAC address, network VLAN tag, port number, and a special flag for tag translation
The network VLAN entry is used when traffic comes in from the network ports destined for an nonisolated port.
Isolated Subscriber VLAN
When a new MAC address is learned on an isolated subscriber VLAN port, two entries are added to the
FDB table:
MAC address, isolated subscriber VLAN tag, port number, and a flag that indicates that the packet
should be dropped
MAC address, network VLAN tag, port number, and a special flag for tag translation
Ports in the isolated VLAN do not communicate with one another.
Layer 2 Basics
30
VLANs
If a port in the isolated VLAN sends a packet to another port in the same VLAN that already has an
entry in the FDB, that packet is dropped. You can verify the drop packet status of an FDB entry by
using the show fdb command. The D flag indicates that packets destined for the listed address are
dropped.
The network VLAN entry is used when traffic comes in from the network ports destined for an isolated
port.
Network VLAN
When a new MAC address is learned on a network VLAN port, the following entry is added to the FDB
table: MAC address, network VLAN tag, and port number.
For every subscriber VLAN belonging to this PVLAN, the following entry is added to the FDB table:
MAC address, subscriber VLAN tag, and port number
Calculating the Total FDB Entries for a PVLAN
The following formula can be used to estimate the maximum number of FDB entries for a PVLAN:
FDBtotal = [(MACnon-iso + MACiso) * 2 + (MACnetwork * (VLANnon-iso + VLANiso + 1))]
The formula components are as follows:
MACnon-iso = number of MAC addresses learned on all the non-isolated subscriber VLANs
MACiso = number of MAC addresses learned on all the isolated subscriber VLANs
MACnetwork = number of MAC addresses learned on the network VLAN
VLANnon-iso = number of non-isolated subscriber VLANs
VLANiso = number of isolated subscriber VLANs
Note
The formula above estimates the worst-case scenario for the maximum number of FDB
entries for a single PVLAN. If the switch supports additional PVLANs, apply the formula to
each PVLAN and add the totals for all PVLANs. If the switch also support standard VLANs,
there will also be FDB entries for the standard VLANs.
Layer 3 Communications
For PVLANs, the default switch configuration controls Layer 3 communications exactly as
communications are controlled in Layer 2.
For example, Layer 3 communications is enabled between ports in a non-isolated subscriber VLAN, and
disabled between ports in an isolated subscriber VLAN. Ports in a non-isolated subscriber VLAN cannot
communicate with ports in other non-isolated subscriber VLANs.
You can enable Layer 3 communications between all ports in a PVLAN. For more information, see
Managing Layer 3 Communications in a PVLAN on page 35.
PVLAN Limitations
The Private VLAN feature has the following limitations:
Layer 2 Basics
31
VLANs
An additional limitation applies to BlackDiamond 8000 series modules and Summit family switches,
whether or not they are included in a SummitStack. If two or more member VLANs have overlapping
ports (where the same ports are assigned to both VLANs), each additional VLAN member with
overlapping ports must have a dedicated loopback port. To state it another way, one of the VLAN
members with overlapping ports does not require a dedicated loopback port, and the rest of the VLAN
members do require a single, dedicated loopback port within each member VLAN.
Note
There is a limit to the number of unique source MAC addresses on the network VLAN of a
PVLAN that the switch can manage. It is advised not to exceed the value shown in the item
FDB (maximum L2 entries) in the Supported Limits table of the ExtremeXOS Installation
and Release Notes.
Layer 2 Basics
32
VLANs
Configuring PVLANs
The following section describes how to configure a private VLAN.
Creating PVLANs
To create a VLAN, you need to do the following:
1 Create the PVLAN.
2 Add one VLAN to the PVLAN as a network VLAN.
3 Add VLANs to the PVLAN as subscriber VLANs.
To add a network VLAN to the PVLAN, create and configure a tagged VLAN, and then use the
following command to add that network VLAN:
configure private-vlan name add network vlan_name
To add a subscriber VLAN to the PVLAN, create and configure a tagged VLAN, and then use the
following command to add that subscriber VLAN:
configure private-vlan name add subscriber vlan_name {non-isolated} {loopbackport port}
By default, this command adds an isolated subscriber VLAN. To create a non-isolated subscriber
VLAN, you must include the non-isolated option.
Configuring Network VLAN Ports for VLAN Translation
When subscriber VLAN traffic exits a network VLAN port, it can be untagged, tagged (with the
subscriber VLAN tag), or translated (to the network VLAN tag).
Note
All traffic that exits a subscriber VLAN port uses the subscriber VLAN tag, unless the port is
configured as untagged. There is no need to configure VLAN translation (from network to
subscriber VLAN tag) on subscriber VLAN ports.
1
To configure network VLAN ports for VLAN translation, use the following command and specify the
network VLAN and port numbers:
configure {vlan} vlan_name add ports port_list private-vlan translated
2 If you want to later reconfigure a port that is configured for VLAN translation so that it does not
translate tags, use the following command and specify either the tagged or the untagged option:
configure {vlan} vlan_name add ports [port_list | all] {tagged | untagged}
{{stpd} stpd_name} {dot1d | emistp | pvst-plus}}
Layer 2 Basics
33
VLANs
These tasks can be completed in any order, but they must both be completed before a port can
participate in a PVLAN. When configuration is complete, all egress traffic from the port is translated to
the VLAN tag for that non-isolated VLAN (unless the port is configured as untagged).
Note
To configure VLAN translation for network VLAN ports, see Configuring Network VLAN Ports
for VLAN Translation on page 33.
To add a non-isolated subscriber VLAN to the PVLAN, use the following command:
configure private-vlan name add subscriber vlan_name non-isolated
To add ports to a non-isolated VLAN (before or after it is added to the PVLAN), use the following
command:
configure {vlan} vlan_name add ports [port_list | all] {tagged | untagged}
{{stpd} stpd_name} {dot1d | emistp | pvst-plus}}
If you specify the tagged option, egress traffic uses the non-isolated VLAN tag, regardless of the
network translation configuration on any network port with which these ports communicate. Egress
traffic from a non-isolated VLAN port never carries the network VLAN tag.
Configuring Isolated Subscriber VLAN Ports
When a port is successfully added to an isolated VLAN, the port is isolated from other ports in the same
VLAN, and all egress traffic from the port is translated to the VLAN tag for that VLAN (unless the port
is configured as untagged).
Note
To configure VLAN translation for network VLAN ports, see Configuring Network VLAN Ports
for VLAN Translation on page 33.
The process for configuring ports for VLAN isolation requires two tasks:
Add a VLAN to the PVLAN as an isolated subscriber VLAN.
Assign ports to the isolated subscriber VLAN.
These tasks can be completed in any order, but they must both be completed before a port can
participate in an isolated VLAN.
To add an isolated subscriber VLAN to the PVLAN, use the following command:
configure private-vlan name add subscriber vlan_name
To add ports to an isolated VLAN (before or after it is added to the PVLAN), use the following
command:
configure {vlan} vlan_name add ports [port_list | all] {tagged | untagged}
{{stpd} stpd_name} {dot1d | emistp | pvst-plus}}
If you specify the tagged option, egress traffic uses the isolated VLAN tag, regardless of the network
translation configuration on any network port with which these ports communicate. Egress traffic from
an isolated VLAN port never carries the network VLAN tag.
Layer 2 Basics
34
VLANs
To configure the port on the switch that is outside of the PVLAN, use the following command:
configure {vlan} vlan_name add ports port_list tagged
Specify the IP address or subnet specified for the network VLAN in the PVLAN. Use the always option
to ensure that the switch will reply to ARP requests, regardless of the VLAN from which it originated.
Delete PVLANs
To delete an existing PVLAN, use the command:
delete private-vlan name
Layer 2 Basics
35
VLANs
Layer 2 Basics
36
VLANs
Layer 2 Basics
37
VLANs
Isolated subscriber VLAN named ClientConnections, which provides internet access for visiting
clients and isolation from other visiting clients, the Research VLAN devices, and the remote file
servers.
Non-isolated subscriber VLAN named Research, which provides internet access and enables
communications between Research VLAN devices and the remote file servers.
The first configuration step is to create and configure the VLANs on the local switch:
create vlan Main
configure vlan Main add port 1:*
configure vlan Main tag 100
create vlan ClientConnections
configure vlan ClientConnections add port 2:*
configure vlan ClientConnections tag 200
create vlan Research
configure vlan Research add port 3:*
configure vlan Research tag 300
3 The next step is to create the PVLAN on the local switch and configure each of the component
VLANs for the proper role:
create private-vlan MedPrivate
configure private-vlan "MedPrivate" add network "Main"
configure private-vlan "MedPrivate" add subscriber "ClientConnections"
configure private-vlan "MedPrivate" add subscriber "Research" non-isolated
4 The final step is to configure VLAN translation on the local switch so that Research VLAN
workstations can connect to the file servers on the remote switch:
configure Main add ports 1:1 private-vlan translated
5 To view the completed configuration, enter the show private-vlan command as follows:
show private-vlan
------------------------------------------------------------------------------------Name
VID Protocol Addr
Flags
Proto
Ports Virtual
Active router
/Total
------------------------------------------------------------------------------------MedPrivate
VR-Default
Network VLAN:
-main
100 ------------------------------------ANY
2 /48
VR-Default
Non-Isolated Subscriber VLAN:
Layer 2 Basics
38
VLANs
-Research
300 ------------------------------------VR-Default
Isolated Subscriber VLAN:
-ClientConnections 200 --------------------------------VR-Default
ANY
2 /96
ANY
2 /52
Layer 2 Basics
39
VLANs
There is one on the first floor in a closet, one on the first floor in the conference room, and one on the
second floor.
The PVLAN in the following figure contains the following PVLAN components:
A VLAN called Main that contains the web proxy server.
A VLAN called ConfRoom that contains the ports for the conference room connections.
A VLAN called ClientConnections that contains client PC connections for the guest rooms.
The goals for the motel network are as follows:
Provide internet access for the ConfRoom and ClientConnections VLANs through the web proxy
server.
Prevent communications between the ConfRoom and ClientConnections VLANs.
Enable communications between clients on the ClientConnections VLAN only within the conference
room.
Enable communications between devices on the ConfRoom VLAN.
Prevent communications between the PCs in the ClientConnections VLAN that are not in the
conference room.
Notice the following in the above figure:
The Summit switches in the first floor closet and on the second floor contain the Main VLAN with a
tag of 100. This VLAN is connected via a tagged port between the first and second floor switches.
The Summit in the conference room does not contain the Main VLAN and cannot be a PVLAN
member.
All of the switches have the ClientConnections VLAN, and it uses VLAN tag 200.
All of the switches have the ConfRoom VLAN, and it uses VLAN tag 300.
The Conference Room Summit connects to the rest of the network through a tagged connection to
the Summit in the first floor closet.
Because
the Summit in the first floor closet is a PVLAN member and uses the same port to support
two subscriber VLANs, a loopback port is required in all subscriber VLANs, except the first
configured subscriber VLAN (this applies to all BlackDiamond 8800 series switches and Summit
family switches).
Note
The following examples contain comments that follow the CLI comment character (#). All
text that follows this character is ignored by the switch and can be omitted from the
switch configuration.
The following commands configure the Summit in the first floor closet:
# Create and configure the VLANs.
create vlan Main
configure vlan Main add port 1
configure vlan Main tag 100
configure vlan Main add port 2 tagged
create vlan ClientConnections
configure vlan ClientConnections tag 200
configure vlan ClientConnections add port 5-19
configure vlan ClientConnections add port 20 tagged
create vlan ConfRoom
Layer 2 Basics
40
VLANs
Layer 2 Basics
41
VLANs
named Motel.
network Main
subscriber ClientConnections # isolated
subscriber ConfRoom non-isolated
VLAN Translation
The VLAN translation feature described in this section provides the same VLAN translation functionality
that is provided for PVLANs. This is described in VLAN Translation in a PVLAN on page 24.
The difference is that this feature is configured with different commands that are compatible with
ExtremeWare.
Note
The VLAN translation feature described in this section is provided for those who are already
familiar with the ExtremeWare VLAN translation commands. If you have not used this feature
in ExtremeWare and do not use any scripts that use the ExtremeWare commands, we
suggest that you use the Private VLAN feature described in Private VLANs on page 24, as it
provides the same functionality with additional features.
The VLAN translation feature is supported only on the platforms listed for this feature in the
license tables in Feature License Requirements
The following figure shows how VLAN translation is configured in the switch.
Layer 2 Basics
42
VLANs
Layer 2 Basics
43
VLANs
In addition, the member VLAN traffic is replicated to every active port in the translation VLAN and the
VLAN tag is translated appropriately. Broadcast traffic generated on the translation VLAN is replicated
to every other active port in this VLAN as usual. The caveat in this scenario is that this traffic is also
replicated to every active port in every member VLAN, with VLAN tag translation. In effect, the
broadcast traffic from the translation VLAN leaks onto all member VLANs.
Multicast Behavior
IGMP snooping can be enabled on member and translation VLANs so that multicast traffic can be
monitored within the network.
IGMP snooping software examines all IGMP control traffic that enters the switch. IGMP control traffic
received on a VLAN translation port is forwarded by the CPU to all other ports in the translation group.
Software VLAN translation is performed on the packets which cross the translation boundary between
member and translation VLANs. The snooping software detects ports joining and leaving multicast
streams. When a VLAN translation port joins a multicast group, an FDB entry is installed only on
receiving a data miss for that group. The FDB entry is added for the requested multicast address and
contains a multicast PTAG. When a VLAN translation port leaves a multicast group, the port is removed
from the multicast list. The last VLAN translation port to leave a multicast group causes the multicast
FDB entry to be removed.
Layer 2 Basics
44
VLANs
IGMP snooping is performed across the entire VLAN translation domain, spanning all the member
VLANs. For VLANs that are not part of a VLAN translation domain, IGMP snooping operates as
normal.
VLAN translation and VPLS are not supported on the same VLAN.
Member VLANs in a VLAN translation domain cannot exchange multicast data with VLANs outside
the VLAN translation domain. However, the translation VLAN can exchange multicast data with
VLANs outside the VLAN translation domain and with translation VLANs in other VLAN translation
domains.
Interfaces
Use the following information for selecting and configuring VLAN translation interfaces:
A single physical port can be added to multiple member VLANs, using different VLAN tags.
Member VLANs and translation VLANs can include both tagged and untagged ports.
To delete a member VLAN from a translation VLAN, use the following command:
configure {vlan} vlan_name vlan-translation delete member-vlan
[member_vlan_name | all]
To view the translation VLAN participation status of a VLAN, use the following command:
show vlan {virtual-router vr-name}
Layer 2 Basics
45
VLANs
Layer 2 Basics
101
ports 1:1 tagged
102
ports 1:1 tagged
103
ports 1:2 tagged
104
ports 1:2 tagged
46
VLANs
The following configuration commands create the translation VLAN and enable VLAN translation:
create vlan v1000
configure v1000 tag 1000
configure v1000 add ports 2:1 tagged
configure v1000 vlan-translation add
configure v1000 vlan-translation add
configure v1000 vlan-translation add
configure v1000 vlan-translation add
member-vlan
member-vlan
member-vlan
member-vlan
v101
v102
v103
v104
The following configuration commands create the translation VLAN and enable VLAN translation on
BlackDiamond X8, BlackDiamond 8000 series modules, and Summit X440, X460, X480, X670, and
X770 series switches:
create vlan v1000
configure v1000 tag 1000
configure v1000 add ports 2:1 tagged
configure v1000 vlan-translation add
configure v1000 vlan-translation add
configure v1000 vlan-translation add
configure v1000 vlan-translation add
member-vlan
member-vlan
member-vlan
member-vlan
v101
v102 loopback-port 1:23
v103
v104 loopback-port 1:24
Layer 2 Basics
47
VLANs
101
ports 1:1 tagged
ports 1:3 tagged
ports 1:4 tagged
102
ports 1:1 tagged
ports 1:3 tagged
ports 1:4 tagged
103
ports 1:2 tagged
ports 1:3 tagged
ports 1:4 tagged
104
ports 1:2 tagged
ports 1:3 tagged
ports 1:4 tagged
The configuration for SW2 and SW3 is identical for this example.
The following configuration commands create the member VLANs on SW2:
create vlan v101
configure v101 tag
configure v101 add
create vlan v102
configure v102 tag
configure v102 add
create vlan v103
configure v103 tag
configure v103 add
create vlan v104
configure v104 tag
configure v104 add
101
ports 1:3 tagged
102
ports 1:3 tagged
103
ports 1:3 tagged
104
ports 1:3 tagged
This set of configuration commands creates the translation VLANs and enables VLAN translation on
SW2:
create vlan v1000
configure v1000 tag 1000
configure v1000 add ports 2:1 tagged
configure v1000 vlan-translation add
configure v1000 vlan-translation add
configure v1000 vlan-translation add
configure v1000 vlan-translation add
Layer 2 Basics
member-vlan
member-vlan
member-vlan
member-vlan
v101
v102
v103
v104
48
VLANs
The final set of configuration commands creates the ESRP control VLAN and enables ESRP protection
on the translation VLAN for SW2:
create vlan evlan
configure evlan add ports 2:2
enable esrp evlan
configure evlan add domain-member v1000
The following configuration commands create the translation VLAN and enable VLAN translation
onVLANs that have overlapping ports:
configure v1000 vlan-translation add member-vlan v102 loopback-port 1:22
configure v1000 vlan-translation add member-vlan v103 loopback-port 1:23
configure v1000 vlan-translation add member-vlan v104 loopback-port 1:24
Layer 2 Basics
49
VLANs
The following configuration commands create the member VLANs and enable STP on SW1:
create vlan v101
configure v101 tag
configure v101 add
configure v101 add
configure v101 add
create vlan v102
configure v102 tag
configure v102 add
configure v102 add
configure v102 add
create vlan v103
configure v103 tag
configure v103 add
configure v103 add
create vlan v104
configure v104 tag
configure v104 add
configure v104 add
create stpd stp1
configure stp1 tag
configure stp1 add
configure stp1 add
configure stp1 add
configure stp1 add
enable stpd stp1
101
ports 1:1 tagged
ports 1:3 tagged
ports 1:4 tagged
102
ports 1:2 tagged
ports 1:3 tagged
ports 1:4 tagged
103
ports 1:3 tagged
ports 1:4 tagged
104
ports 1:3 tagged
ports 1:4 tagged
101
vlan
vlan
vlan
vlan
v101
v102
v103
v104
These configuration commands create the member VLANs and enable STP on SW2:
create vlan v103
configure v103 tag
configure v103 add
configure v103 add
configure v103 add
create vlan v104
configure v104 tag
configure v104 add
configure v104 add
configure v104 add
create vlan v101
configure v101 tag
configure v101 add
configure v101 add
create vlan v102
configure v102 tag
configure v102 add
configure v102 add
create stpd stp1
configure stp1 tag
configure stp1 add
configure stp1 add
configure stp1 add
configure stp1 add
enable stpd stp1
Layer 2 Basics
103
ports 1:1 tagged
ports 1:3 tagged
ports 1:4 tagged
104
ports 1:2 tagged
ports 1:3 tagged
ports 1:4 tagged
101
ports 1:3 tagged
ports 1:4 tagged
102
ports 1:3 tagged
ports 1:4 tagged
101
vlan
vlan
vlan
vlan
v101
v102
v103
v104
50
VLANs
This set of configuration commands creates the member VLANs and enables STP on SW3:
create vlan v101
configure v101 tag
configure v101 add
configure v101 add
create vlan v102
configure v102 tag
configure v102 add
configure v102 add
create vlan v103
configure v103 tag
configure v103 add
configure v103 add
create vlan v104
configure v104 tag
configure v104 add
configure v104 add
create stpd stp1
configure stp1 tag
configure stp1 add
configure stp1 add
configure stp1 add
configure stp1 add
enable stpd stp1
101
ports 1:3 tagged
ports 1:4 tagged
102
ports 1:3 tagged
ports 1:4 tagged
103
ports 1:3 tagged
ports 1:4 tagged
104
ports 1:3 tagged
ports 1:4 tagged
101
vlan
vlan
vlan
vlan
v101
v102
v103
v104
The final set of configuration commands creates the translation VLAN and enables VLAN translation on
SW3:
create vlan v1000
configure v1000 tag 1000
configure v1000 add ports 2:1 tagged
configure v1000 vlan-translation add
configure v1000 vlan-translation add
configure v1000 vlan-translation add
configure v1000 vlan-translation add
member-vlan
member-vlan
member-vlan
member-vlan
v101
v102
v103
v104
The following configuration commands create the translation VLAN and enable VLAN translation on
VLANs that have overlapping ports:
configure v1000 vlan-translation add member-vlan v102 loopback-port 1:22
configure v1000 vlan-translation add member-vlan v103 loopback-port 1:23
configure v1000 vlan-translation add member-vlan v104 loopback-port 1:24
Layer 2 Basics
51
VLANs
Ability to associate a tag to a VLAN port. This tag is used as a filter to accept frames with matching
VID. It is also used as the tag of the outgoing frames.
Ability to add multiple VLAN ports on the same physical port as long as those VLAN ports are
associated with different tags.
Allows the existing untagged and tagged VLAN ports to be part of the VLAN.
Ability to learn MAC address on port, tag and VLAN instead of only on the port.As a consequence of
the previous point, ability to add static MAC address to port, tag and VLAN.
Ability to specify limit-learning and MAC lockdown on a port, tag and VLAN, instead of only on the
port.
Rate limiting and counting of frames with matching VIDs is supported with the existing ACL.
The Port-specific VLAN tag allows tagged VLAN ports to be configured with tag values. When the tag
is not configured, it is implicit that the tag of the tagged port is the tag of the VLAN. We call the tag of
the port the "port tag", and the tag of the VLAN the "base tag". The port tag is used to determine the
eligibility of the frames allowed to be part of the VLAN. Once the frame is admitted to the VLAN port,
the base tag is used. From a functional standpoint, the frame tag is rewritten to the base tag.
The base tag then is translated to the port tag for the outgoing frame.
Note
The port tag is equal to the base tag when the port tag is not specified, so the current VLAN
behavior is preserved.
Untagged VLAN ports also have port tag, which is always the same as the base tag. Outgoing frames
are untagged. The untagged VLAN port always has an implicit port tag thats's always equal to the base
tag. There can be only one untagged VLAN port on a physical port. It receives untagged frames, and
tagged frames, and transmits only untagged frames.
A tagged VLAN port can have a port tag configured, or not. When not configured, the port tag is equal
to the base tag. There can be more than one tagged VLAN port on a physical port. It receives tagged
frames with tag equals to the port tag, and transmits tagged frames with port tag.
When the VLAN is assigned to L2VPN, the base tag is the tag that is carried by the pseudo-wire when
the dot1q include is enabled. It can be viewed that VPLS PW port tag is equal to the base tag. To assign
a VLAN with a port-specific tag to an L2VPN, use the existing configure vpls vpls_name add
service vlan vlan_name command.
Since every tagged VLAN port has different VIDs, forwarding between them on the same physical port
(hairpin switching) is possible. From the external traffic point of view, the frame tags are rewritten from
the receive port tag to the transmit port tag. Since each port tag is a different VLAN port, a frame that
has to be broadcasted to multiple VLAN ports is sent out multiple times with different tags when the
VLAN ports are on the same physical port. Each port + port tag is an individual VLAN port.
MAC addresses are learned on the VLAN port. This means that the port in the FDB entry is the port +
port tag. A unicast frame destined to a MAC address that is in the FDB is sent out of the associated
VLAN port. As mentioned earlier, there is only one MAC addressed learned on the VLAN. If the MAC
address is learned on a different port or a different tag, it is a MAC move. It is transmitted out of the
physical port only on the associated VLAN port tagged with the port tag when the VLAN port is
tagged.
Layer 2 Basics
52
VLANs
When there are multiple tagged VLAN ports on the transmit port, only one frame with the right tag is
transmitted. It is transmitted untagged on an untagged VLAN port. Accordingly, the static MAC
address is configured on a VLAN port. This means that the port tag is specified when the tag is not
equal to the base tag. The command to flush FDB does not need to change. But, a VLAN port-specific
flush needs to be implemented to handle the case when a VLAN port is deleted. This flush is internal
and not available through the CLI.
Per VLAN port (port + tag) rate limiting and accounting is achieve by the existing ACL. Use match
condition vlan-id to match the port VID. You can use action count and byte-count for
accounting. And you can use show access-list counter to view the counters. Action meter can
be used for rate limiting. To create a meter, use the create meter command, and configure the
committed rate and maximum burst size.
vlan
vlan
vlan
vpls
exchange
exchange
exchange
vsi1 add
tag 100
add ports 1 tagged 10
add ports 1 tagged 11
service vlan exchange
Similarly, the following is an example for VPWS. There can only be a single VLAN port in the VLAN for
assignment to VPWS to be successful:
create vlan exchange tag 100
config vlan exchange add ports 1 tagged 10
config l2vpn vpws pw1 add service vlan exchange
Layer 2 Basics
53
VLANs
entry tag_2 {
if {
vlan-id 5;
} then {
byte-count tag_2_num_bytes;
meter tag_2_meter;
}
}
Content of acl_egress.pol
entry tag_1_egr {
if {
vlan-id 4;
} then {
packet-count tag_1_egr_num_frames;
meter tag_1_egr_meter;
}
}
entry tag_2_egr {
if {
vlan-id 5;
} then {
byte-count tag_2_egr_num_bytes;
meter tag_2_egr_meter;
}
}
delete fdbentry: All or specific MAC address, or specific MAC address on a VLAN.
enable/disable flooding ports: Only on physical port (applies to all VLAN ports).
enable/disable learning: Only on physical port (applies to all VLAN ports on the same
physical port), or on a VLAN (applies to all VLAN ports of the VLAN).
show fdb stats: Only on physical port or VLAN, not on a VLAN port.
To specify the port tag when you need to put multiple vlans into a broadcast domain, use the
configure {vlan} vlan_name addports [port_list | all] {tagged{tag} | untagged}
{{stpd} stpd_name} {dot1d | emistp | pvst-plus}} command.
To specify a port tag to delete a VLAN port that has a different tag from the VLAN tag, use the
configure {vlan} vlan_name deleteports [all | port_list {tagged tag}] command.
To display output of a vlan that has a port-specific tag, use the show vlan command.
To display port info that has port-specific tag statistics, use the show port info detail
command.
Layer 2 Basics
54
VLANs
To adds a permanent, static entry to the FDB, use the create fdbentry mac_addr vlan
vlan_name [ports port_list {tagged tag} | blackhole] command.
To show output where the port tag is displayed, use the show fdb command.
Layer 2 Basics
55
2 VMAN (PBN)
VMAN Overview
PBBNs
VMAN Configuration Options and Features
Configuration
Displaying Information
Configuration Examples
The virtual metropolitan area network (VMAN) feature allows you to scale a Layer 2 network and avoid
some of the management and bandwidth overhead required by Layer 3 networks.
Note
If a failover from MSM A to MSM B occurs, VMAN operation is not interrupted. The system has
hitless failovernetwork traffic is not interrupted during a failover.
VMAN Overview
The VMAN feature is defined by the IEEE 802.1ad standard, which is an amendment to the IEEE 802.1Q
VLAN standard.
A VMAN is a virtual Metropolitan Area Network (MAN) that operates over a physical MAN or Provider
Bridged Network (PBN). This feature allows a service provider to create VMAN instances within a MAN
or PBN to support individual customers. Each VMAN supports tagged and untagged VLAN traffic for a
customer, and this traffic is kept private from other customers that use VMANs on the same PBN.
The PBN uses Provider Bridges (PBs) to create a Layer 2 network that supports VMAN traffic. The
VMAN technology is sometimes referred to as VLAN stacking or Q-in-Q.
Note
VMAN is an Extreme Networks term that became familiar to Extreme Networks customers
before the 802.1ad standard was complete. The VMAN term is used in the ExtremeXOS
software and also in this book to support customers who are familiar with this term. The PBN
term is also used in this guide to establish the relationship between this industry standard
technology and the Extreme Networks VMAN feature.
The following figure shows a VMAN, which spans the switches in a PBN.
Layer 2 Basics
56
VMAN (PBN)
Layer 2 Basics
57
VMAN (PBN)
Layer 2 Basics
58
VMAN (PBN)
Layer 2 Basics
59
VMAN (PBN)
service providers must communicate the enabled CVIDs to their customers. The customers must use
those CVIDs to access the VMAN.
Note
The CEP term is defined in the IEEE 802.1ad standard and is also called a C-tagged service
interface. The CEP operation is similar to a MEF 13 UNI Type 1.1.
CVID Translation
To support CVLANs that are identified by different CVIDs on different CEPs, some switches support a
feature called CVID translation, which translates the CVID received at the VMAN ingress to a different
CVID for egress from the VMAN (see the following figure).
Layer 2 Basics
60
VMAN (PBN)
PBBNs
A Provider Backbone Bridge Network (PBBN) enables VMAN (PBN, 802.1ad frames) and customer
VLAN (802.1Q frames) transport over a backbone network such as the internet.
Note
This feature is supported only on the platforms listed for this feature in the license and
feature pack tables in Feature License Requirements.
One application of a PBBN allows an Internet Service Provider (ISP) to create a backbone network over
the internet to support Layer 2 traffic from service providers (SPs). Each service provider buys a PBN
(VMAN) from the ISP and sells VLAN access to customers. The ISP configures the PBBN, each SP
configures their PBN, and each customer configures their VLAN. The PBBN, PBNs, and VLANs are all
isolated. All parties (ISP, SP, and customer) can establish their networks and services with minimal
support from the other parties, and all parties can make most configuration changes independently of
the others.
PBBNs are defined by the IEEE 802.1ah Backbone Bridge standard, which is an amendment to the IEEE
802.1Q VLAN standard. The PBBN technology is sometimes referred to as MAC-in-MAC.
The following figure shows a PBBN, which spans a set of ISP switches that serve as Provider Backbone
Bridges (PBBs).
Layer 2 Basics
61
VMAN (PBN)
PBBN
VMAN
VMAN
VLAN
traffic
VLAN
traffic
Network
ports
(BVLAN)
VLAN
traffic
VMAN
access
ports
VMAN
network
ports
Access
ports
(SVLAN or
CVLAN)
Access
ports
VMAN
(SVLAN or
network
CVLAN)
ports
VLAN
traffic
VMAN
access
ports
vman_0002
Layer 2 Basics
62
VMAN (PBN)
When a backbone VLAN (BVLAN) is configured on a port, the port serves as a network port in the
PBBN core. A BVLAN port forwards PBBN traffic (802.1ah frames) between the BEBs and BCBs in
the PBBN.
When you configure a PBBN, you create and configure SVLANs and CVLANs on the PBBN access
ports, and you configure a BVLAN on each network port. Later in the configuration process, you bind
each SVLAN and CVLAN to a BVLAN to establish the connection between the PBBN access ports and
network ports that establish the BVLAN. The process for binding an SVLAN or CVLAN to a BVLAN
differs between platforms.
You can use any physical topology on the BVLAN. Although you can assign IP addresses to backbone
interfaces to test connectivity, do not enable IP forwarding. The BVLAN must be tagged, and only
tagged ports can be added to the BVLAN.
Note
After you configure a port as part of a BVLAN or SVLAN, you cannot apply any other ACLs to
that port.
To switch a frame through the PBBN, the switch encapsulates VLAN and VMAN frames in 802.1ah
frames as shown in the following figure.
Layer 2 Basics
63
VMAN (PBN)
B-tag
The BVLAN tag (B-tag) identifies a specific BVLAN and includes three priority bits for QoS.
I-tag
The I-tag identifies the service provider in the scope of PBBNs (the BVLAN is the tunnel inside of which
the system uses the I-tag to identify the service provider using the I-tag to S-tag mapping and
replacement).
The additional information in the I-tag allows the PBBN to support many more VMANs than the 4094
supported by the S-tag alone. SVLANs with duplicate S-tags are supported in a PBBN when they are
received on different access ports, as this results in a different I-tag for each VMAN.
Note
For more information on the ethertype, see Secondary Ethertype Support on page 65.
ACL Support
The ExtremeXOS software includes VMAN (PBN) Access Control List (ACL) support for controlling
VMAN frames.
VMAN ACLs define a set of match conditions and modifiers that can be applied to VMAN frames. These
conditions allow specific traffic flows to be identified, and the modifiers allow a translation to be
performed on the frames.
Layer 2 Basics
64
VMAN (PBN)
The secondary ethertype support feature applies only to VMANs. The ethertype value for VLAN frames
is standard and cannot be changed.
If your VMAN transits a third-party device (in other words, a device other than an Extreme Networks
device), you must configure the ethertype value on the Extreme Networks device port to match the
ethertype value on the third-party device to which it connects.
The secondary ethertype support feature allows you to define two ethertype values for VMAN frames
and select either of the two values for each port.
For example, you can configure ports that connect to other Extreme Networks devices to use the
default primary ethertype value, and you can configure ports that connect to other equipment to use
the secondary ethertype value, which you can configure to match the requirements of that equipment.
When you create a VMAN, each VMAN port is automatically assigned the primary ethertype value.
After you define a secondary ethertype value, you can configure a port to use the secondary ethertype
value. If two switch ports in the same VMAN use different ethertype values, the switch substitutes the
correct value at each port. For example, for VMAN edge switches and transit switches, the switch
translates an ingress ethertype value to the network port ethertype value before forwarding. For egress
traffic at VMAN edge switches, no translation is required because the switch removes the S-tag before
switching packets to the egress port.
For BlackDiamond 8800 series switches, BlackDiamond X8, SummitStack, and the Summit family of
switches, you can set the primary and secondary ethertypes to any value, provided that the two values
are different.
Layer 2 Basics
65
VMAN (PBN)
QoS Support
The VMAN (PBN) feature interoperates with many of the QoS and HQoS features supported in the
ExtremeXOS software.
One of those features is egress queue selection, which is described in the next section. For more
information on other QoS and HQoS features that work with VMANs, see QoS.
Layer 2 Basics
66
VMAN (PBN)
Configuration
Layer 2 Basics
67
VMAN (PBN)
Guidelines for BlackDiamond X8 and 8000 Series Modules and Summit Family Switches
The following are VMAN configuration guidelines for BlackDiamond X8 and 8000 series modules,
SummitStack, and Summit family switches:
You can enable or disable jumbo frames before configuring VMANs. You can enable or disable
jumbo frames on individual ports. See Configuring Ports on a Switch for more information on
configuring jumbo frames.
Spanning
Tree Protocol (STP) operation on CVLAN components in a PEB as described in IEEE
Multiple VMAN roles can be combined on one port with certain VLAN types as shown in the
following table.
Table 3: Port Support for Combined VMAN Roles and VLANs
Platform
Combined
CNP, CEP, and
Tagged
VLAN 1 , 2
Combined
PNP, CNP, and
CEPa, b, 3
X4
Xd
Xe
Note
If you already configured VLANs and VMANs on the same module or stand-alone switch
using ExtremeXOS 11.4, you cannot change the VMAN ethertype from 0X8100 without first
removing either the VLAN or VMAN configuration.
Procedure for Configuring VMANs
This section describes the procedure for configuring VMANs. Before configuring VMANs, review
Guidelines for Configuring VMANs on page 67. To configure a VMAN, complete the following procedure
at each switch that needs to support the VMAN:
1
2
3
4
1
2
3
Subsets of this group are also supported. That is, any two of these items are supported.
When a CNP is combined with a CEP or tagged VLAN, any CVIDs not explicitly configured for a CEP or tagged
VLAN are associated with the CNP.
A PNP (tagged VMAN) and a CNP (untagged VMAN) or CEP cannot be combined on a port for which the selected
VMAN ethertype is 0x8100.
If the secondary VMAN ethertype is selected for the port, it must be set to 0x8100.
Subsets of this group are also supported. That is, any two of these items are supported.
When a CNP is combined with a CEP or tagged VLAN, any CVIDs not explicitly configured for a CEP or tagged
VLAN are associated with the CNP.
A PNP (tagged VMAN) and a CNP (untagged VMAN) or CEP cannot be combined on a port for which the selected
VMAN ethertype is 0x8100.
Layer 2 Basics
68
VMAN (PBN)
If you are configuring a BlackDiamond 8800 series switch, a SummitStack, or a Summit family
switch, enable jumbo frames on the switch.
Note
Because the BlackDiamond 8800 series switches, SummitStack, and the Summit family of
switches enable jumbo frames switch-wide, you must enable jumbo frames before
configuring VMANs on these systems.
4 To configure PNP ports on a PEB or PB, use the following command with the tagged option:
configure vman vman_name add ports [ all | port_list ] {untagged { port-cvid
port_cvid} | tagged}
5 To configure CNP ports on a PEB, use the following command with the untagged option:
configure vman vman_name add ports [ all | port_list ] {untagged { port-cvid
port_cvid} | tagged}
Note
You must configure CNP ports as untagged, so that the S-tag is stripped from the frame
on egress. If the port-cvid is configured, any untagged packet received on the port will
be double tagged with the configured port CVID and the SVID associated with the VMAN.
Packets received with a single CVID on the same port will still have the SVID added as
usual. As double tagged packets are received from tagged VMAN ports and forwarded to
untagged VMAN ports,the SVID associated with the VMAN is stripped. Additionally, the
CVID associated with the configured port CVID is also stripped in the same operation.
6 To configure CEP ports on a PEB, do the following:
a Use the following command to establish a physical port as a CEP and configure CVID mapping
and translation:
configure vman vman_name add ports port_list cep cvid cvid_range {translate
cvid | cvid_range}}
b Use the following commands to add or delete CVIDs for a CEP and manage CVID mapping and
translation:
configure vman vman_name ports port_list add cvid {cvid | cvid_range}
{translate cvid | cvid_range }
configure vman vman_name ports port_list delete cvid {cvid | cvid_range }
c Use the following commands to manage CVID egress filtering for a CEP:
enable vman cep egress filtering ports {port_list | all}
disable vman cep egress filtering ports {port_list | all}
7 Configure additional VMAN options as described in Configuring VMAN Options on page 70.
8 To configure a VLAN to use a VMAN, configure the VLAN on the switch port at the other end of the
line leading to the VMAN access port.
Layer 2 Basics
69
VMAN (PBN)
Configure the primary and secondary (if needed) VMAN ethertype values for the switch using the
following command:
configure vman ethertype hex_value [primary | secondary]
Return to the default selection of using the 802.1p value in the S-tag using:
disable dot1p examination inner-tag ports [all | port_list]
Note
See QoS for information on configuring and displaying the current 802.1p and DiffServ
configuration for the S-tag 802.1p value. To enable dot1p examination for inner-tag, dot1p
examination for outer-tag must be disabled using the command disable dot1p
examination ports [all | port_list]
Displaying Information
Layer 2 Basics
70
VMAN (PBN)
Note
The display for the show vman command is different depending on the platform and
configuration you are using. See the ExtremeXOS Command Reference Guide for complete
information on this command.
You can also display VMAN information, as well as all the VLANs, by issuing the show ports
information detail command. And you can display the VMAN ethernet type and secondary
etherType port_list by using the show vman etherType command
Configuration Examples
Layer 2 Basics
71
VMAN (PBN)
The following example configuration demonstrates configuring IP multicast routing between VMANs
and VLANs (when VMAN traffic is not double-tagged) on the BlackDiamond 8800 series switch and
the Summit family of switches.
Using this configuration you can use a common uplink to carry both VLAN and VMAN traffic and to
provide multicast services from a VMAN through a separate VLAN (notice that port 1:1 is in both a
VLAN and a VMAN):
enable jumbo-frame ports all
configure vman ethertype 0x8100
create vlan mc_vlan
configure vlan mc_vlan tag 77
create vman vman1
configure vman vman1 tag 88
configure vlan vman1 ipaddress 10.0.0.1/24
configure vlan mc_vlan ipaddress 11.0.0.1/24
enable ipforwarding vman1
enable ipforwarding mc_vlan
enable ipmcforwarding vman1
enable ipmcforwarding mc_vlan
configure vlan mc_vlan add port 1:1 tag
configure vman vman1 add port 1:1 tag
configure vman vman1 add port 2:1, 2:2, 2:3
Note
IGMP reports can be received untagged on ports 2:1, 2:2, and 2:3. Tagged IP multicast data is
received on mc_vlan port 1:1 and is routed using IP multicasting to vman1 ports that subscribe
to the IGMP group.
IGMP snooping (Layer 2 IP multicasting forwarding) does not work on the VMAN ports
because there is no double-tagged IP multicast cache lookup capability from port 1:1.
Layer 2 Basics
vman
vman
vman
vman
vman
vman
vman
vman
vman
vman
vman
vman
vman
cust1
cust2
cust3
cust1 tag 1000
cust2 tag 1001
cust3 tag 1002
cust1 add port 22 tag
cust2 add port 22 tag
cust3 add port 23 tag
cust1 add port 1 cep cvid 100 - 109
cust2 add port 1 cep cvid 110 - 119
cust3 add port 1 cep cvid 120 - 129
cep egress filtering ports 1
72
VMAN (PBN)
Port 1 serves as the CEP, and egress filtering is enabled on the port. Ports 22 and 23 serve as CNPs,
providing the connection between the CEP port and the rest of each VMAN.
Layer 2 Basics
73
3 FDB
FDB Contents
How FDB Entries Get Added
How FDB Entries Age Out
FDB Entry Types
Managing the FDB
Displaying FDB Entries and Statistics
MAC-Based Security
Managing MAC Address Tracking
The FDB chapter is intended to help you learn about forwarding databases, adding and displaying
entries and entry types, managing the FDB, and MAC-based security. This chapter also provides
information about MAC Address tracking.
The switch maintains a forwarding database (FDB) of all MAC addresses received on all of its ports. It
uses the information in this database to decide whether a frame should be forwarded or filtered.
Note
See the ExtremeXOS Command Reference Guide for details of the commands related to the
FDB.
FDB Contents
Each Forwarding Database (FDB) entry consists of:
Frames destined for MAC addresses that are not in the FDB are flooded to all members of the VLAN.
Source MAC entries are learned from ingress packets on all platforms. This is Layer 2 learning.
On BlackDiamond 8800 series switches, MAC entries can be learned at the hardware level.
Virtual MAC addresses embedded in the payload of IP ARP packets can be learned when this
feature is enabled.
Static entries can be entered using the command line interface (CLI).
Layer 2 Basics
74
FDB
The ability to learn MAC addresses can be enabled or disabled on a port-by-port basis. You can also
limit the number of addresses that can be learned, or you can lock down the current entries and
prevent additional MAC address learning.
BlackDiamond 8000 series modules and Summit switches support different FDB table sizes.
On a BlackDiamond 8800 switch with a variety of modules or on a SummitStack with different Summit
switch models, the FDB tables on some modules or switches can be filled before the tables on other
modules or switches. In this situation, when a lower-capacity FDB table cannot accept FDB entries, a
message appears that is similar to the following:
HAL.FDB.Warning> MSM-A: FDB for vlanID1 mac 00:00:03:05:15:04 was not added to
slot 3 - table full.
Note
For information on increasing the FDB table size on BlackDiamond 8900 xl-series modules
and Summit X480 switches, see Increasing the FDB Table Size on page 77. For information
on FDB tables sizes, see the ExtremeXOS Release Notes.
Layer 2 Basics
75
FDB
Dynamic Entries
A dynamic entry is learned by the switch by examining packets to determine the source MAC address,
VLAN, and port information.
The switch then creates or updates an FDB entry for that MAC address. Initially, all entries in the
database are dynamic, except for certain entries created by the switch at boot-up.
Entries in the database are removed (aged-out) if, after a period of time (aging time), the device has
not transmitted. This prevents the database from becoming full with obsolete entries by ensuring that
when a device is removed from the network, its entry is deleted from the database.
The aging time is configurable, and the aging process operates on the supported platforms as follows:
On all platforms, you can configure the aging time to 0, which prevents the automatic removal of all
dynamic entries.
On BlackDiamond X8 series switches, BlackDiamond 8000 a-, c-, e- and xm-series modules,
E4G-200 and E4G-400 cell site routers, and Summit X440, X460, X670, and X770 series switches,
the aging process takes place in software and the aging time is configurable.
On BlackDiamond 8900 xl-series and Summit X480 switches, the aging process takes place in
hardware and the aging time is based on (but does not match) the configured software aging time.
For more information about setting the aging time, see Configuring the FDB Aging Time on page 79.
Note
If the FDB entry aging time is set to 0, all dynamically learned entries in the database are
considered static, non-aging entries. This means that the entries do not age, but they are still
deleted if the switch is reset.
Dynamic entries are flushed and relearned (updated) when any of the following take place:
A VLAN is deleted.
A VLAN identifier (VLANid) is changed.
A port mode is changed (tagged/untagged).
A port is deleted from a VLAN.
A port is disabled.
A port enters blocking state.
A port goes down (link down).
A non-permanent dynamic entry is initially created when the switch identifies a new source MAC
address that does not yet have an entry in the FDB. The entry can then be updated as the switch
continues to encounter the address in the packets it examines. These entries are identified by the d
flag in the show fdb command output.
Static Entries
A static entry does not age and does not get updated through the learning process.
A static entry is considered permanent because it is retained in the database if the switch is reset or a
power off/on cycle occurs. A static entry is maintained exactly as it was created. Conditions that cause
Layer 2 Basics
76
FDB
dynamic entries to be updated, such as VLAN or port configuration changes, do not affect static
entries.
To create a permanent static FDB entry, see Adding a Permanent Unicast Static Entry on page 78.
If a duplicate MAC address is learned on a port other than the port where the static entry is defined, all
traffic from that MAC address is dropped. By default, the switch does not report duplicate addresses.
However, you can configure the switch to report these duplicate addresses as described in Managing
Reports of Duplicate MAC Addresses for Static Entries on page 80.
A locked static entry is an entry that was originally learned dynamically, but has been made static
(locked) using the MAC address lock-down feature. It is identified by the s, p, and l flags in show
fdb command output and can be deleted using the delete fdbentry command. See MAC Address
Lockdown for more information about this feature.
Note
Static FDB entries created on EAPS- or STP-enabled ports forward traffic irrespective of the
port state. Consequently, you should avoid such a configuration.
Blackhole Entries
A blackhole entry configures the switch to discard packets with a specified MAC destination address.
Blackhole entries are useful as a security measure or in special circumstances where a specific source or
destination address must be discarded. Blackhole entries can be created through the CLI, or they can
be created by the switch when a ports learning limit has been exceeded.
Blackhole entries are treated like permanent entries in the event of a switch reset or power off/on
cycle. Blackhole entries are never aged out of the database.
Layer 2 Basics
77
FDB
Summit X770 switches provides a Unified Forwarding Table that allows for flexible allocation of entries
to L2 or L3. You can configure this table with the configure forwarding internal-tables [l2and-l3 | more [l2 | l3-and-ipmc]] command.
Once the multiport static FDB entry is created, any ingress traffic with a destination MAC address
matching the FDB entry is multicasted to each port in the specified list. On Summit family switches and
BlackDiamond 8000 series modules, if the FDB entry is the next hop for an IP adjacency, unicast
routing sends the packet to the first port in the list.
Note
When a multiport list is assigned to a unicast MAC address, load sharing is not supported on
the ports in the multiport list.
Summit family switches, BlackDiamond X8 series switches, and BlackDiamond 8000 series modules do
not support this multiport feature natively using the FDB table. Instead, for each FDB entry of this type,
a series of system ACLs have been installed which match the specified MAC address and VLAN ID, and
override the egress port forwarding list with the supplied list of ports. Multiple ACLs per FDB are
required to handle Layer 2 echo kill by installing a unique ACL per individual port in the list to send
matching traffic to all other ports in the list.
User-configured ACLs take precedence over these FDB-generated ACL rules, and the total number of
rules is determined by the platform.
The hardware ACL limitations for each platform are described in ACLs.
Layer 2 Basics
78
FDB
To configure the aging time for dynamic FDB entries, use the following command:.
configure fdb agingtime seconds
If the aging time is set to 0, all aging entries in the database are defined as static, nonaging entries.
This means the entries will not age out, but non-permanent static entries can be deleted if the
switch is reset.
To display the aging time, use the following command:.
show fdb
Note
On BlackDiamond 8900 xl-series and Summit X480 switches, FDB entries are aged in
hardware, the aging time is always displayed as 000, and the h flag is set for entries that
are hardware aged.
Layer 2 Basics
79
FDB
To enable or disable EMS and SNMP reporting of duplicate addresses for static entries, use the
commands:
enable fdb static-mac-move
disable fdb static-mac-move
To control the number of EMS and SNMP reports per second issued, use the commands:
configure fdb static-mac-move packets count
Layer 2 Basics
80
FDB
Because the mirrored traffic is an exact copy of the real traffic, a transit switch can learn the MAC
addresses and make incorrect forwarding decisions.
Note
The MAC-based VLAN netlogin parameter applies only for Summit family switches and
BlackDiamond 8800 series switches. See Network Login for more information.
With no options, this command displays all FDB entries. (The age parameter does not show on the
display for the backup MSM/MM on modular switches; it does show on the display for the primary
MSM/MM.)
MAC-Based Security
MAC-based security allows you to control the way the FDB is learned and populated. By managing
entries in the FDB, you can block and control packet flows on a per-address basis.
MAC-based security allows you to limit the number of dynamically-learned MAC addresses allowed per
virtual port. You can also lock the FDB entries for a virtual port, so that the current entries will not
change, and no additional addresses can be learned on the port.
You can also prioritize or stop packet flows based on the source MAC address of the ingress VLAN or
the destination MAC address of the egress VLAN.
Note
For detailed information about MAC-based security, see Security.
Layer 2 Basics
81
FDB
Note
The drop-packets and forward-packets options are available only on the
BlackDiamond 8800 series switches, SummitStack, and the Summit family switches. If
neither option is specified, the drop-packets behavior is selected.
Layer 2 Basics
82
FDB
device in the network. Limiting flooded egress packets to selected interfaces is also known as upstream
forwarding.
Note
Disabling egress flooding can affect many protocols, such as IP and ARP.
The following figure illustrates a case where you want to disable Layer 2 egress flooding on specified
ports to enhance security and network performance.
Egress flooding can be disabled on ports that are in a load-sharing group. In a load-sharing group,
the ports in the group take on the egress flooding state of the master port; each member port of the
load-sharing group has the same state as the master port.
FDB learning takes place on ingress ports and is independent of egress flooding; either can be
enabled or disabled independently.
Disabling unicast (or all) egress flooding to a port also prevents the flooding of packets with
unknown MAC addresses to that port.
Layer 2 Basics
83
FDB
Disabling broadcast (or all) egress flooding to a port also prevents the flooding of broadcast
packets to that port.
For BlackDiamond X-8 and 8800 series switches, SummitStack, and Summit family switches, the
following guidelines apply:
You can enable or disable egress flooding for unicast, multicast, or broadcast MAC addresses, as
well as for all packets on one or more ports.
Disabling multicasting egress flooding does not affect those packets within an IGMP membership
group at all; those packets are still forwarded out.
If IGMP snooping is disabled, multicast packets with static FDB entries are forwarded according
to the FDB entry.
There is no software indication or notification when packets are discarded because they match
blackhole entries.
Layer 2 Basics
84
FDB
Layer 2 Basics
85
FDB
To display the MAC address tracking feature configuration, including the list of tracked MAC
addresses, use the command:
show fdb mac-tracking configuration
To display the counters for MAC address add, move, and delete events, use the command:
show fdb mac-tracking statistics {mac_addr} {no-refresh}
Use the 0 key while displaying the counters with the show fdb mac-tracking statistics
{mac_addr} command.
Layer 2 Basics
86
Layer 2 Basics
87
Layer 2 Basics
88
show fdb
show l2pt profile
show l2pt
show ports protocol filter
show private-vlan <name>
show private-vlan
show protocol
show vlan
show vlan description
show vlan l2pt
show vman
show vman eaps
show vman ethertype
show vman l2pt
unconfigure vlan description
unconfigure vlan ipaddress
unconfigure vman ethertype
Description
Clears the event counters for the FDB MAC-tracking feature.
Syntax Description
mac_addr
all
Default
N/A.
Usage Guidelines
The clear counters command also clears the counters for all tracked MAC addresses.
Layer 2 Basics
89
Example
The following example clears the counters for all entries in the MAC address tracking table:
Switch.1 #
History
This command was first available in ExtremeXOS 12.3.
Platform Availability
This command is available on all platforms.
Description
Clears protocol filtering counters.
Syntax Description
port_list
all
Default
Disabled.
Usage Guidelines
Use this command to clear protocol filtering counters.
Example
The following example clears all protocol filtering counters:
clear counters ports protocol filter
Layer 2 Basics
90
History
This command was first available in ExtremeXOS 15.5.
Platform Availability
This command is available on all platforms.
clear fdb
clear fdb {mac_addr | ports port_list | vlan vlan_name | blackhole}
Description
Clears dynamic FDB entries that match the filter.
Syntax Description
mac_addr
port_list
vlan_name
blackhole
Default
All dynamic FDB entries are cleared by default.
Usage Guidelines
This command clears FDB entries based on the specified criteria. When no options are specified, the
command clears all dynamic FDB entries.
Example
The following example clears any FDB entries associated with ports 4:3-4:5 on a modular switch:
clear fdb ports 4:3-4:5
The following example clears any FDB entries associated with VLAN corporate:
clear fdb vlan corporate
History
This command was first available in ExtremeXOS 10.1.
Layer 2 Basics
91
Platform Availability
This command is available on all platforms.
Description
Clears L2PT VLAN counters.
Syntax Description
vlan
vman
vlan_name
ports port_list
Default
Disabled.
Usage Guidelines
Use this command to clear L2PT VLAN counters.
Example
The following example clears all L2PT counters:
clear l2pt counters
History
This command was first available in ExtremeXOS 15.5.
Platform Availability
This command is available on all platforms.
Layer 2 Basics
92
Description
Clears L2PT VMAN counters.
Syntax Description
vlan
vman
vlan_name
ports port_list
Default
Disabled.
Usage Guidelines
Use this command to clear L2PT VMAN counters.
Example
The following example clears all L2PT counters:
clear l2pt counters
History
This command was first available in ExtremeXOS 15.5.
Platform Availability
This command is available on all platforms.
Layer 2 Basics
93
Description
Clears L2PT counters.
Syntax Description
vpls
vpls_name
peer ipaddress
Optionally clears counters only on a specific peer of the VPLS. The variable
specifies an IPv4 address.
vpws vpws_name
Default
Disabled.
Usage Guidelines
Use this command to clear L2PT counters.
Example
The following example clears L2PT counters on peer 1.1.1.1 of VPLS vpls1:
clear l2pt counters vpls vpls1 peer 1.1.1.1
History
This command was first available in ExtremeXOS 15.5.
Platform Availability
This command is available on all platforms.
Description
Creates an L2PT profile.
Layer 2 Basics
94
Syntax Description
l2pt
profile
profile_name
Default
Disabled.
Usage Guidelines
Use this command to create an L2PT profile.
Example
The following example create a new L2PT profile named "my_l2pt_prof":
create l2pt profile my_l2pt_prof
History
This command was first available in ExtremeXOS 15.5.
Platform Availability
This command is available on all platforms.
Description
Configures the FDB aging time for dynamic entries.
Syntax Description
agingtime
If agingtime is set to 0, all aging entries in the database are defined as static,
nonaging entries.
seconds
Specifies the FDB aging time, in seconds. A value of 0 indicates that the entry
should never be aged out. All other platforms support the value 0 (no aging)
and a range of 15 to 1,000,000 seconds.
Layer 2 Basics
95
Default
N/A.
Usage Guidelines
If the aging time is set to 0 (zero), all dynamic entries in the database become static, nonaging entries.
This means that they do not age out, but non-permanent static entries can be deleted if the switch is
reset.
For all platforms except BlackDiamond 8900 xl-series modules and Summit X480 switches, the
software flushes the FDB table once the aging timeout parameter is reached, even if the switch is
running traffic and populating addresses in the FDB table.
For BlackDiamond 8900 xl-series modules and Summit X480 switches, the hardware flushes the FDB
table at periods based on the configured software aging time. The actual hardware aging time does not
exactly match the software aging time and can be as high as twice the configured software aging time.
Example
The following example sets the FDB aging time to 3,000 seconds:
configure fdb agingtime 3000
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
Description
Enables or disables MAC address tracking for all MAC addresses on the specified ports.
Syntax Description
add
delete
port_list
all
Layer 2 Basics
96
Default
No ports are enabled for MAC address tracking.
Usage Guidelines
MAC address tracking events on enabled ports generate EMS messages and can optionally generate
SNMP traps.
Note
When a MAC address is configured in the tracking table, but detected on a MAC tracking
enabled port, the per MAC address statistical counters are not updated.
Example
The following example enables MAC address tracking for all MAC addresses on port 2:1:
configure fdb mac-tracking add ports 2:1
History
This command was first available in ExtremeXOS 12.4.
Platform Availability
This command is available on all platforms.
Description
Configures the number of EMS and SNMP reports that can be generated each second for MAC
addresses that are duplicates of statically configured MAC addresses.
Syntax Description
count
Specifies the number of duplicate MAC address events that are reported each
second. The range is 1 to 25.
Default
2.
Layer 2 Basics
97
Usage Guidelines
None.
Example
The following example configures the switch to report up to five duplicate MAC address events per
second:
configure fdb static-mac-move packets 5
History
This command was first available in ExtremeXOS 12.7.
Platform Availability
This command is available only on the Summit family switches.
Description
Configures the destination address MAC that L2PT encapsulated packets use.
Syntax Description
encapsulation
dest-mac
mac_addr
Default
Usage Guidelines
NA
Example
The following example sets the L2PT destination address MAC to 01:00:00:01:01:02:
configure l2pt encapsulation dest-mac 01:00:00:01:01:02
Layer 2 Basics
98
History
This command was first available in ExtremeXOS 15.5.
Platform Availability
This command is available on all platforms.
Description
Adds an entry to an L2PT profile.
Syntax Description
profile profile_name
action
Specifies the action to perform on PDUs of the protocol (the default value is
tunnel).
tunnel
cos cos
Specifies to override the class of service for tunneled PDUs, and specifies the
class of service value to use for tunneling PDUs.
encapsulate
none
Default
Disabled.
Usage Guidelines
Use this command to add an entry to an L2PT profile.
Example
The following example adds an entry to my_l2pt_prof to tunnel protocols in "mylistt" at cos 2:
configure l2pt profile my_l2pt_prof add protocol filter mylist action tunnel
cos 2
Layer 2 Basics
99
History
This command was first available in ExtremeXOS 15.5.
Platform Availability
This command is available on all platforms.
Description
Deletes an entry to an L2PT profile.
Syntax Description
profile profile_name
Default
Disabled.
Usage Guidelines
Use this command to delete an entry to an L2PT profile.
Example
The following example deletes the entry for "mylist" from my_l2pt_prof:
configure l2pt profile my_l2pt_prof delete protocol filter mylist
Layer 2 Basics
100
The following example deletes the entry entry for "mylist" from my_l2pt_prof that is in use by a service:
configure l2pt profile my_l2pt_prof delete protocol filter mylist
History
This command was first available in ExtremeXOS 15.5.
Platform Availability
This command is available on all platforms.
Description
Assigns the primary or secondary ethertype value to the specified ports.
Syntax Description
port_list
primary
secondary
Default
N/A.
Usage Guidelines
None.
Example
The following example configures port 2:1 to use the secondary ethertype:
configure port 2:1 ethertype secondary
History
This command was first available in ExtremeXOS 12.0.
Layer 2 Basics
101
Platform Availability
This command is available on all platforms.
Description
Configures L2PT profiles on service interfaces.
Syntax Description
vlan
vman
vlan_name
ports port_list
profile
none
profile_name
Default
Disabled.
Usage Guidelines
Use this command to configure L2PT profiles on service interfaces.
Example
The following example binds my_l2pt_prof with ports 2 and 5 of VMAN cust1:
configure vman cust1 ports 2,5 l2pt profile my_l2pt_prof
The following example binds my_l2pt_prof with ports 2 and 5 of VMAN cust1. Port 5 is not a part of
VMAN cust1:
configure vman cust1 ports 2,5 l2pt profile my_l2pt_prof
Error: Port 5 is not part of the service.
History
This command was first available in ExtremeXOS 15.5.
Layer 2 Basics
102
Platform Availability
This command is available on all platforms.
Description
Configures protocol filtering on a port.
Syntax Description
port_list
all
protocol filter
none
filter_name
Default
Disabled.
Usage Guidelines
Use this command to configure protocol filtering on a port.
Example
The following example unbinds the L2PT profile from peer 1.1.1.1 of VPLS cust2:
configure l2vpn vpls cust2 peer 1.1.1.1 l2pt profile none
History
This command was first available in ExtremeXOS 15.5.
Layer 2 Basics
103
Platform Availability
This command is available on all platforms.
Description
Adds the specified VLAN as the network VLAN on the specified PVLAN.
Syntax Description
name
vlan_name
Default
N/A.
Usage Guidelines
The VLAN must be created and configured with a tag before it is added to the PVLAN.
Example
The following example adds VLAN "sharednet" as the network VLAN for the PVLAN named
"companyx":
configure private-vlan companyx add network sharednet
History
This command was first available in ExtremeXOS 12.1.
Platform Availability
This command is available on all platforms that support the Private VLAN feature. The features and the
platforms that support them are listed in the Feature License Requirements document.
Layer 2 Basics
104
Description
Adds the specified VLAN as a subscriber VLAN on the specified PVLAN.
Syntax Description
name
vlan_name
non-isolated
port
Default
If the non-isolated option is omitted, this command adds the specified VLAN as an isolated
subscriber VLAN.
Usage Guidelines
The VLAN must be created and configured with a tag before it is added to the PVLAN. If the nonisolated option is omitted, the VLAN is added as an isolated subscriber VLAN. If the non-isolated option
is included, the VLAN is added as an non-isolated subscriber VLAN.
The loopback-port port option is available only on BlackDiamond 8000 series modules and Summit
family switches, whether or not included in a SummitStack. If two or more subscriber VLANs have
overlapping ports (where the same ports are assigned to both VLANs), each of the subscriber VLANs
with overlapping ports must have a dedicated loopback port.
Example
The following example adds VLAN "restricted" as a subscriber VLAN for the PVLAN named
"companyx":
configure private-vlan companyx add subscriber restricted isolated
History
This command was first available in ExtremeXOS 12.1.
Platform Availability
This command is available on all platforms that support the Private VLAN feature. For features and the
platforms that support them, see the Feature License Requirements document.
Layer 2 Basics
105
Description
Deletes the specified VLAN from the specified PVLAN.
Syntax Description
name
Specifies the name of the PVLAN from which the VLAN is deleted.
network
subscriber
vlan_name
Default
N/A.
Usage Guidelines
This command deletes a VLAN from a PVLAN, but it does not delete the VLAN from the systemit just
breaks the link between the VLAN and the PVLAN. You can use this command to delete both network
and subscriber VLANs.
Example
The following example deletes network VLAN "sharednet "from the PVLAN named "companyx":
configure private-vlan companyx delete network sharednet
History
This command was first available in ExtremeXOS 12.1.
Platform Availability
This command is available on all platforms that support the Private VLAN feature. For features and the
platforms that support them, see the Feature License Requirements document.
Description
Configures a user-defined protocol filter.
Layer 2 Basics
106
Syntax Description
filter
filter_name
add
delete
etype
llc
snap
hex
Default
N/A.
Usage Guidelines
Supported protocol types include:
etypeIEEE Ethertype.
llcLLC Service Advertising Protocol.
snapEthertype inside an IEEE SNAP packet encapsulation.
A maximum of 15 protocol filters, each containing a maximum of six protocols, can be defined.
The protocol filter must already exist before you can use this command. Use the create protocol
command to create the protocol filter.
No more than seven protocols can be active and configured for use.
Note
Protocol-based VLAN for Etype from 0x0000 to 0x05ff are not classifying as per filter. When
traffic arrive with these Etypes, it is classifed to native VLAN rather protocol-based VLAN.
Example
The following example adds MPLS to "my_filter":
configure protocol my_filter add etype 0x8847
configure protocol filter my_filter add etype 0x8847
Layer 2 Basics
107
History
This command was first available in ExtremeXOS 10.1.
The filter keyword and options were added in ExtremeXOS 15.5.
Platform Availability
This command is available on all platforms.
Description
Deletes the specified protocol type from a protocol filter.
Syntax Description
name
hex
Default
N/A.
Usage Guidelines
Supported protocol types include:
etypeIEEE Ethertype.
llcLLC Service Advertising Protocol.
snapEthertype inside an IEEE SNAP packet encapsulation.
Layer 2 Basics
108
Example
The following example deletes protocol type LLC SAP with a value of FEFF from protocol "fred":
configure protocol fred delete llc feff
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
Description
Configures the destination address as well as an arbitrary field of the protocol.
Syntax Description
filter_name
add
delete
dest-mac
mac_address
etype
llc
Specifies the LLC DSAP and SSAP used by PDUs of the protocol.
snap
hex
field
offset
Specifies the offset of the field from the start of the PDU.
Layer 2 Basics
109
value value
mask mask
Specifies the mask for the field in hexadecimal (for example, FF:FF:0F.
Maximum 16 bytes).
Default
N/A.
Usage Guidelines
Supported protocol types include:
etypeIEEE Ethertype.
llcLLC Service Advertising Protocol.
snapEthertype inside an IEEE SNAP packet encapsulation.
A maximum of 15 protocol filters, each containing a maximum of six protocols, can be defined.
The protocol filter must already exist before you can use this command. Use the create protocol
command to create the protocol filter.
No more than seven protocols can be active and configured for use.
Note
Protocol-based VLAN for Etype from 0x0000 to 0x05ff are not classifying as per filter. When
traffic arrive with these Etypes, it is classifed to native VLAN rather protocol-based VLAN.
Example
The following example LACP to the protocol list "mylist":
configure protocol mylist add dest-mac 01:80:C2:00:00:02 etype 0x8809 field
offset 14 value
01 mask FF
The following example removes EFM OAM from the protocol list "mylist":
configure protocol filter mylist delete dest-mac 01:80:C2:00:00:02 etype
0x8809 field offset
14 value 03 mask FF
Layer 2 Basics
110
History
This command was first available in ExtremeXOS 15.5.
Platform Availability
This command is available on all platforms.
Description
Adds the specified ports to the specified network VLAN and enables tag translation for all subscriber
VLAN tags to the network VLAN tag.
Syntax Description
vlan_name
port_list
Default
N/A.
Usage Guidelines
This command is allowed only when the specified VLAN is configured as a network VLAN on a PVLAN.
Example
The following example adds port 2:1 to VLAN sharednet and enables VLAN translation on that port:
configure sharednet add ports 2:1 private-vlan translated
History
This command was first available in ExtremeXOS 12.1.
Platform Availability
This command is available on all platforms that support the Private VLAN feature. For features and the
platforms that support them, see the Feature License Requirements document.
Layer 2 Basics
111
Description
Adds one or more ports in a VLAN.
Syntax Description
vlan_name
port_list
all
tagged tag
untagged
stpd_name
Default
Untagged.
Usage Guidelines
The VLAN must already exist before you can add (or delete) ports: use the create vlan command to
create the VLAN.
If the VLAN uses 802.1Q tagging, you can specify tagged or untagged port(s). If the VLAN is untagged,
the ports cannot be tagged.
Untagged ports can only be a member of a single VLAN. By default, they are members of the default
VLAN (named Default). In order to add untagged ports to a different VLAN, you must first remove
them from the default VLAN. You do not need to do this to add them to another VLAN as tagged ports.
If you attempt to add an untagged port to a VLAN prior to removing it from the default VLAN, you see
the following error message:
Error: Protocol conflict when adding untagged port 1:2. Either add this port as
tagged or assign another protocol to this VLAN.
Note
This message is not displayed if keyword all is used as port_list.
The ports that you add to a VLAN and the VLAN itself cannot be explicitly assigned to different virtual
routers (VRs). When multiple VRs are defined, consider the following guidelines while adding ports to a
VLAN:
Layer 2 Basics
112
A VLAN can belong (either through explicit or implicit assignment) to only one VR.
If a VLAN is not explicitly assigned to a VR, then the ports added to the VLAN must be explicitly
assigned to a single VR.
If a VLAN is explicitly assigned to a VR, then the ports added to the VLAN must be explicitly
assigned to the same VR or to no VR.
If a port is added to VLANs that are explicitly assigned to different VRs, the port must be explicitly
assigned to no VR.
Note
User-created VRs are supported only on the platforms listed for this feature in in the
Feature License Requirements document. On switches that do not support user-created
VRs, all VLANs are created in VR-Default and cannot be moved.
Refer to STP Commands for more information on configuring Spanning Tree Domains.
Note
If you use the same name across categories (for example, STPD and EAPS names), we
recommend that you specify the identifying keyword as well as the actual name. If you do not
use the keyword, the system may return an error message.
Beginning with ExtremeXOS 11.4, the system returns the following message if the ports you are adding
are already EAPS primary or EAPS secondary ports:
WARNING: Make sure Vlan1 is protected by EAPS. Adding EAPS ring ports to a VLAN
could cause a loop in the network. Do you really want to add these ports? (y/n)
Example
The following example assigns tagged ports 1:1, 1:2, 1:3, and 1:6 to a VLAN named "accounting":
configure vlan accounting add ports 1:1, 1:2, 1:3, 1:6 tagged
History
This command was first available in ExtremeXOS 10.1.
The tagged keyword was added in ExtremeXOS 15.4.
Platform Availability
This command is available on all platforms.
Description
Deletes one or more ports in a VLAN.
Layer 2 Basics
113
Syntax Description
vlan_name
all
port_list
tagged tag
Specifies the port-specific VLAN tag. When there are multiple ports specified
using port_list, the same tag is used for all of them.
Default
When unspecified, the port tag is equal to the VLAN tag.
Usage Guidelines
Specify port tag to delete a VLAN port that has a different tag from the VLAN tag.
Example
The following example removes ports 1:1, 1:2, 4:3, and 5:6 on a modular switch from a VLAN named
accounting:
configure accounting delete port 1:1, 1:2, 4:3, 5:6
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
Layer 2 Basics
114
Description
Configures a description for the specified VLAN.
Syntax Description
vlan_name
vlan-description
none
Default
By default, the VLAN has no description.
Usage Guidelines
The VLAN description must be in quotes if the string contains any space characters. If a VLAN
description is configured for a VLAN that already has a description, the new description replaces the
old description.
Example
The following example assigns the description "Campus A" to VLAN vlan1:
configure vlan vlan1 description Campus A
History
This command was first available in ExtremeXOS 12.4.4.
Platform Availability
This command is available on all platforms.
Description
Assigns an IPv4 address and an optional subnet mask or an IPv6 address to the VLAN. Beginning with
ExtremeXOS 11.2, you can specify IPv6 addresses. You can assign either an IPv4 address, and IPv6
Layer 2 Basics
115
address, or both to the VLAN. Beginning with ExtremeXOS 11.3, you can use this command to assign an
IP address to a specified VMAN and enable multicasting on that VMAN.
Note
You can also use this command to assign an IP address to a VMAN on all platforms that
support the VMAN feature. For information on which software licenses and platforms support
the VMAN feature, see the Feature License Requirements document.
Syntax Description
vlan_name
ipaddress
ipNetmask
ipv6-link-local
eui64
Specifies IPv6 and automatically generates the interface ID in the EUI-64 format using
the interfaces MAC address. Once you enter this parameter, you must add the
following variables: ipv6_address_mask. Use this option when you want to enter
the 64-bit prefix and use a EUI-64 address for the rest of the IPv6 address.
ipv6_address_mask Specify the IPv6 address in the following format: x:x:x:x:x:x:x:x/prefix length, where
each x is the hexadecimal value of one of the 8 16-bit pieces of the 128-bit wide
address.
Default
N/A.
Usage Guidelines
The VLAN must already exist before you can assign an IP address; use the create vlan command to
create the VLAN (also the VMAN must already exist).
Note
If you plan to use the VLAN as a control VLAN for an EAPS domain, do NOT configure the
VLAN with an IP address. See IP Unicast Commands for information on adding secondary IP
addresses to VLANs.
Beginning with ExtremeXOS 11.2, you can specify IPv6 addresses. See IPv6 Unicast Routing for
information on IPv6 addresses.
Beginning with ExtremeXOS 11.3, you can assign an IP address (including IPv6 addresses) to a VMAN.
Beginning with version 11.4, you can enable multicasting on that VMAN.
To enable multicasting on the specified VMAN once you assigned an IP address, take the following
steps:
Layer 2 Basics
116
Example
The following examples are equivalent; both assign an IPv4 address of 10.12.123.1 to a VLAN named
"accounting":
configure vlan accounting ipaddress 10.12.123.1/24
configure vlan accounting ipaddress 10.12.123.1 255.255.255.0
The following example assigns a link local IPv6 address to a VLAN named management:
configure vlan accounting ipaddress ipv6-link-local
History
This command was first available in ExtremeXOS 10.1.
The IPv6 parameters were added in ExtremeXOS 11.2.
Platform Availability
This command is available on all platforms.
Description
Renames a previously configured VLAN.
Syntax Description
vlan_name
name
Default
N/A.
Usage Guidelines
You cannot change the name of the default VLAN Default.
Layer 2 Basics
117
For information on VLAN name requirements and a list of reserved keywords, see Object Names.
Note
If you use the same name across categories (for example, STPD and EAPS names), we
recommend that you specify the identifying keyword as well as the actual name. If you do not
use the keyword, the system may return an error message.
Example
The following example renames VLAN vlan1 to engineering:
configure vlan vlan1 name engineering
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
Description
Configures a VLAN to use a specific protocol filter.
Syntax Description
vlan_name
protocol
filter
protocol_name
Default
Protocol any.
Layer 2 Basics
118
Usage Guidelines
If the keyword any is specified, all packets that cannot be classified into another protocol-based VLAN
are assigned to this VLAN as the default for its member ports.
Use the configure protocol command to define your own protocol filter.
Example
The following example configures the protocol filter "my_filter" to vlan v1:
configure vlan v1 protocol "my_filter"
configure vlan v1 protocol filter "my_filter"
History
This command was first available in ExtremeXOS 10.1.
The IPv6 parameter was added in ExtremeXOS 11.2.
The filter keyword was added in ExtremeXOS 15.5.
Platform Availability
This command is available on all platforms.
Description
Assigns a unique 802.1Q tag to the VLAN.
Syntax Description
vlan_name
tag
Specifies a value to use as an 802.1Q tag. The valid range is from 2 to 4095.
remote-mirroring
Layer 2 Basics
119
Default
The default VLAN uses an 802.1Q tag (and an internal VLANid) of 1.
Usage Guidelines
If any of the ports in the VLAN use an 802.1Q tag, a tag must be assigned to the VLAN. The valid range
is from 2 to 4094 (tag 1 is assigned to the default VLAN, and tag 4095 is assigned to the management
VLAN).
The 802.1Q tag is also used as the internal VLANid by the switch.
You can specify a value that is currently used as an internal VLANid on another VLAN; it becomes the
VLANid for the VLAN you specify, and a new VLANid is automatically assigned to the other untagged
VLAN.
Example
The following command assigns a tag (and internal VLANid) of 120 to a VLAN named accounting:
configure accounting tag 120
History
This command was first available in ExtremeXOS 10.1.
The remote-mirroring option was added in ExtremeXOS 12.1.
Platform Availability
This command is available on all platforms.
Description
Adds the specified port as a loopback port for the specified member VLAN.
Syntax Description
vlan_name
Specifies the name of the member VLAN to which you want to add the
loopback port.
port
Layer 2 Basics
120
Default
N/A.
Usage Guidelines
The loopback-port port option is available only on BlackDiamond 8000 series modules and Summit
family switches, whether or not they are included in a SummitStack. If two or more member VLANs
have overlapping ports (where the same ports are assigned to both VLANs), each of the member
VLANs with overlapping ports must have a dedicated loopback port.
The loopback port can be added to the member VLAN when the member VLAN is created, or you can
use this command to add the loopback port at a later time.
Example
The following example adds port 2:1 as a loopback port for the member VLAN leafvlan:
configure leafvlan vlan-translation add loopback-port 2:1
History
This command was first available in ExtremeXOS 12.1.
Platform Availability
This command is available on all platforms that support the VLAN Translation feature. For features and
the platforms that support them, see the Feature License Requirements document.
Description
Adds a member VLAN to a translation VLAN.
Syntax Description
vlan_name
Specifies the name of the translation VLAN to which you want to add the
member VLAN.
member_vlan_name
port
Layer 2 Basics
121
Default
N/A.
Usage Guidelines
This command configures VLAN tag translation between the two VLANs specified. The member VLAN
is added to the list maintained by translation VLAN. A translation VLAN can have multiple member
VLANs added to it.
The loopback-port port option is available only on BlackDiamond 8000 series modules and Summit
family switches, whether or not they are included in a SummitStack. If two or more member VLANs
have overlapping ports (where the same ports are assigned to both VLANs), each of the member
VLANs with overlapping ports must have a dedicated loopback port.
Example
The following example adds member VLAN leafvlan to the translation VLAN branchvlan:
configure branchvlan vlan-translation add member-vlan leafvlan
History
This command was first available in ExtremeXOS 12.1.
Platform Availability
This command is available on all platforms that support the VLAN Translation feature. For features and
the platforms that support them, see the Feature License Requirements document.
Description
Deletes the loopback port from the specified member VLAN.
Syntax Description
vlan_name
Specifies the name of the member VLAN from which you want to delete the
loopback port.
Default
N/A.
Layer 2 Basics
122
Usage Guidelines
This command disables and deletes the loopback port from the specified member VLAN. This
command does not delete the member VLAN.
Example
The following example deletes the loopback port from the member VLAN leafvlan:
configure leafvlan vlan-translation delete loopback-port
History
This command was first available in ExtremeXOS 12.1.
Platform Availability
This command is available on all platforms that support the VLAN Translation feature. For features and
the platforms that support them, see the Feature License Requirements document.
Description
Deletes one or all member VLANs from a translation VLAN.
Syntax Description
vlan_name
Specifies the name of the translation VLAN from which you want to delete
the member VLAN.
member_vlan_name
all
Default
N/A.
Usage Guidelines
This command removes the link between the translation VLAN and the specified member VLANs, but it
does not remove the VLANs from the switch.
Layer 2 Basics
123
Example
The following example deletes member VLAN leafvlan from the translation VLAN branchvlan:
configure branchvlan vlan-translation delete member-vlan leafvlan
History
This command was first available in ExtremeXOS 12.1.
Platform Availability
This command is available on all platforms that support the VLAN Translation feature. For features and
the platforms that support them, see the Feature License Requirements document.
Description
Adds one or more switch ports to the specified VMAN as Customer Edge Ports (CEPs), and configures
the CVIDs on those ports to map to the VMAN.
Syntax Description
vman_name
port_list
cvid_first
Specifies a CVLAN ID (CVID) or the first in a range of CVIDs that the CEP will
accept and map to the specified VMAN. Valid values are 1-4095.
cvid_last
Specifies the last in a range of CVIDs that the CEP will accept and map to the
VMAN. Valid values are 1-4095.
translate
Enables translation of the specified CEP CVID range to the specified VMAN
CVID range.
cvid_first_xlate
Specifies a VMAN CVID or the first in a range of VMAN CVIDs to which the
CEP CVIDs will map. Valid values are 1-4095.
cvid_last_xlate
Specifies the last in a range of VMAN CVIDs to which the CEP CVIDs will map.
Valid values are 1-4095. The number of VMAN CVIDs in this range must equal
the number of CEP CVIDs specified in this command.
Default
N/A.
Layer 2 Basics
124
Usage Guidelines
If you specify only one CVID or a range of CVIDs without translation, the specified CVIDs are mapped to
the specified VMAN and appear unchanged in the VMAN.
If you specify CVID translation, the CEP CVIDs map to different VMAN CVIDs. The number of CEP
CVIDs specified must equal the number of VMAN CVIDs specified. The first CEP CVID in the specified
range maps to the first CVID in the range specified for the VMAN. The difference between cvid_first
and cvid_first_xlate establishes an offset N that maps CEP CVIDs to VMAN CVIDs. (Offset N =
cvid_first_xlate - cvid_first.) The translated VMAN CVID that corresponds to a CEP CVID can be
determined as follows:
VMAN CVID = CEP CVID + N
Note
CVID translation can reduce the number of CVIDs that can be mapped to VMANs.
After you enable and configure a CEP with this command, you can use the following command to map
additional CVIDs on the port to the VMAN:
configure vman vman_name ports port_list add cvid cvid_first {- cvid_last}
{translate cvid_first_xlate {- cvid_last_xlate}}
When this command specifies multiple ports, each port gets an independent CVID map; the ports do
not share a common map. Changes to the CVID map affect only the ports specified in the configuration
command. For example, consider the following commands:
configure vman vman1 add port 1-2 cep cvid 10 configure vman vman1 port 1 add
cvid 11
After these commands are entered, port 1 maps CVIDs 10 and 11 to VMAN vman1, and port 2 maps only
CVID 10 to vman1.
You can add the same port as a CEP to multiple VMANs. A port can also support multiple VMANs in
different roles as shown in Table 4: Port Support for Combined VMAN Roles and VLANs on page 128.
To view the CEP CVID configuration for a port, use the show vman command.
Example
The following example configures port 1 as a CEP for VMAN vman1 and specifies that CEP CVID 5 maps
to CVID 5 on the VMAN:
configure vman vman1 add port 1 cep cvid 5
The following example configures port 1 as a CEP for VMAN vman1 and enables the port to translate
CEP CVIDs 10-19 to VMAN CVIDs 20-29:
configure vman vman1 add port 1 cep cvid 10 - 19 translate 20 - 29
Layer 2 Basics
125
History
This command was first available in ExtremeXOS 12.6.
Platform Availability
This command is available on BlackDiamond X8, BlackDiamond 8800 series switches and Summit
family switches
The CVID translation feature is available only on BlackDiamond X8, BlackDiamond 8900 c-, xl-, and xmseries modules and Summit X440, X460, X480, X670 and X770 series switches.
Description
Adds one or more ports to a VMAN.
Syntax Description
vman-name
all
port_list
untagged
tagged
port_cvid
Default
If you do not specify a parameter, the default value is untagged, which creates a CNP.
Usage Guidelines
This command adds ports as either CNPs or PNPs. To add a port to a VMAN as a CEP, use the following
command:
configure vman vman_name add ports port_list cep cvid cvid_first {- cvid_last}
{translate cvid_first_xlate {- cvid_last_xlate}}
The VMAN must already exist before you can add (or delete) ports. VMAN ports can belong to loadsharing groups.
Layer 2 Basics
126
When a port is configured serve as a CNP for one VMAN and A PNP for another VMAN, it inspects the
VMAN ethertype in received packets. Packets with a matching ethertype are treated as tagged and
switched across the associated PNP VMAN. Packets with a non-matching ethertype are treated as
untagged and forwarded into the associated CNP VMAN.
When a port is configured only as a CNP (an untagged VMAN member), whether the VMAN ethertype
is 0x8100 or otherwise, all received packets ingress the associated VMAN regardless of the packet's
tagging.
Note
If you use the same name across categories (for example, STPD and EAPS names), we
recommend that you specify the identifying keyword as well as the actual name. If you do not
use the keyword, the system may return an error message.
The following guidelines apply to all platforms:
5
6
7
You must enable or disable jumbo frames before configuring VMANs. You can enable or disable
jumbo frames on individual ports or modules, or on the entire switch. See Configuring Ports on a
Switch for more information on configuring jumbo frames.
Each port can serve in only one VMAN role per VMAN. When multiple roles are configured on a port,
each role must be configured for a different VMAN.
Multiple VMAN roles can be combined on one port with certain VLAN types as shown in the
following table.
Subsets of this group are also supported. That is, any two of these items are supported.
When a CNP is combined with a CEP or tagged VLAN, any CVIDs not explicitly configured for a CEP or tagged
VLAN are associated with the CNP.
A PNP (tagged VMAN) and a CNP (untagged VMAN) or CEP cannot be combined on a port for which the selected
VMAN ethertype is 0x8100.
Layer 2 Basics
127
Combined
CNP, CEP, and
Tagged
VLAN 5 , 6
Combined
PNP, CNP, and
CEPa, b, 7
X8
Xd
Xe
Note
If you already configured VLANs and VMANs on the same module or stand-alone switch
using ExtremeXOS 11.4, you cannot change the VMAN ethertype from 0X8100 without first
removing either the VLAN or VMAN configuration.
Example
The following example assigns ports 1:1, 1:2, 1:3, and 1:6 to a VMAN named accounting:
configure vman accounting add ports 1:1, 1:2, 1:3, 1:6 tag 100
History
This command was first available in ExtremeXOS 11.0.
The svid keyword was added in ExtremeXOS 12.2.
8
5
6
7
5
6
7
5
6
7
5
6
7
If the secondary VMAN ethertype is selected for the port, it must be set to 0x8100.
Subsets of this group are also supported. That is, any two of these items are supported.
When a CNP is combined with a CEP or tagged VLAN, any CVIDs not explicitly configured for a CEP or tagged
VLAN are associated with the CNP.
A PNP (tagged VMAN) and a CNP (untagged VMAN) or CEP cannot be combined on a port for which the selected
VMAN ethertype is 0x8100.
Subsets of this group are also supported. That is, any two of these items are supported.
When a CNP is combined with a CEP or tagged VLAN, any CVIDs not explicitly configured for a CEP or tagged
VLAN are associated with the CNP.
A PNP (tagged VMAN) and a CNP (untagged VMAN) or CEP cannot be combined on a port for which the selected
VMAN ethertype is 0x8100.
Subsets of this group are also supported. That is, any two of these items are supported.
When a CNP is combined with a CEP or tagged VLAN, any CVIDs not explicitly configured for a CEP or tagged
VLAN are associated with the CNP.
A PNP (tagged VMAN) and a CNP (untagged VMAN) or CEP cannot be combined on a port for which the selected
VMAN ethertype is 0x8100.
Subsets of this group are also supported. That is, any two of these items are supported.
When a CNP is combined with a CEP or tagged VLAN, any CVIDs not explicitly configured for a CEP or tagged
VLAN are associated with the CNP.
A PNP (tagged VMAN) and a CNP (untagged VMAN) or CEP cannot be combined on a port for which the selected
VMAN ethertype is 0x8100.
Layer 2 Basics
128
Platform Availability
This command is available on all platforms.
Description
Deletes one or more ports from a VMAN.
Syntax Description
vman_name
all
port_list
Default
N/A.
Usage Guidelines
The VMAN must already exist before you can delete ports.
Example
The following example deletes ports 1:1, 1:2, 1:3, and 1:6 on a modular switch for a VMAN named
accounting:
configure vman accounting delete ports 1:1, 1:2, 1:3, 1:6
History
This command was first available in ExtremeXOS 11.0.
Platform Availability
This command is available on all platforms.
Layer 2 Basics
129
Description
Changes the default ethertype for the VMAN header.
Syntax Description
value
primary
secondary
Default
Ethertype value of 0x88a8 and type primary.
Usage Guidelines
The software supports two VMAN ethertype values: a primary value and a secondary value. By default,
the primary ethertype applies to all VMANs. To use the secondary ethertype, define the ethertype with
this command, and then assign the secondary ethertype to ports with the following command:
configure port port_list ethertype {primary | secondary}
If your VMAN transits a third-party device (other than an Extreme Networks device), you must
configure the ethertype for the VMAN tag as the ethertype that the third-party device uses. If you
configure both primary and secondary ethertypes, you can connect to devices that use either of the
two values assigned.
The system supports all VMAN ethertypes, including the standard ethertype of 0x8100.
Example
The following command changes the VMAN ethertype value to 8100:
configure vman ethertype 0x8100
History
This command was first available in ExtremeXOS 11.0.
Support for a secondary ethertype was added in ExtremeXOS 12.1.
Platform Availability
This command is available on all platforms.
Layer 2 Basics
130
Description
Adds one or more CVIDs to a CEP.
Syntax Description
vman_name
port_list
cvid_first
Specifies a Customer VLAN ID (CVID) or the first in a range of CVIDs that the
CEP will accept and map to the specified VMAN. Valid values are 1-4095.
cvid_last
Specifies the last in a range of CVIDs that the CEP will accept and map to the
VMAN. Valid values are 1-4095.
translate
Enables translation of the specified CEP CVID range to the specified VMAN
CVID range.
cvid_first_xlate
Specifies a VMAN CVID or the first in a range of VMAN CVIDs to which the
CEP CVIDs will map. Valid values are 1-4095.
cvid_last_xlate
Specifies the last in a range of VMAN CVIDs to which the CEP CVIDs will map.
Valid values are 1-4095. The number of VMAN CVIDs in this range must equal
the number of CEP CVIDs specified in this command.
Default
N/A.
Usage Guidelines
Before you can add CVIDs to CEPs, you must configure the target physical ports as CEPs using the
following command:
configure vman vman_name add portsport_list cep cvidcvid_first {- cvid_last}
{translatecvid_first_xlate {-cvid_last_xlate}}
If you specify only one CVID or a range of CVIDs without translation, the specified CVIDs are mapped to
the specified VMAN and appear unchanged in the VMAN.
If you specify CVID translation, the CEP CVIDs map to different VMAN CVIDs. The number of CEP
CVIDs specified must equal the number of VMAN CVIDs specified. The first CEP CVID in the specified
range maps to the first CVID in the range specified for the VMAN. The difference between cvid_first
and cvid_first_xlate establishes an offset N that maps CEP CVIDs to VMAN CVIDs. (Offset N =
cvid_first_xlate - cvid_first.) The translated VMAN CVID that corresponds to a CEP CVID can be
determined as follows:
Layer 2 Basics
131
After these commands are entered, port 1 maps CVIDs 10 and 11 to VMAN vman1, and port 2 maps only
CVID 10 to vman1.
To view the CEP CVID configuration for a port, use the show vman command.
Example
The following example adds CVIDs 20-29 to port 1 and VMAN vman1 and enables translation to CVIDs
30-39:
configure vman vman1 port 1 add cvid 20 - 29 translate 30 - 99
History
This command was first available in ExtremeXOS 12.6.
Platform Availability
This command is available on BlackDiamond X8 series switches, BlackDiamond 8800 series switches
and Summit family switches.
The CVID translation feature is available only on BlackDiamond X8 series switches, BlackDiamond 8900
c-, xl-, and xm-series modules and Summit X440, X460, X480, X670 and X770 series switches.
Description
Deletes one or more CVIDs from a CEP.
Syntax Description
vman_name
port_list
Layer 2 Basics
132
cvid_first
Specifies a CVID or the first in a range of CVIDs that are to be deleted. Valid
values are 1-4095.
cvid_last
Specifies the last in a range of CVIDs that are to be deleted. Valid values are
1-4095.
Default
N/A.
Usage Guidelines
Each CEP has its own CVID map, and this command deletes CVIDs only from the ports specified with
this command.
If all the CVIDs are deleted from a CEP, the CEP is deleted from the VMAN.
To view the CEP CVID configuration for a port, use the show vman command.
Example
The following command deletes CVID 15 on port 1 from VMAN vman1:
configure vman vman1 port 1 delete cvid 15
History
This command was first available in ExtremeXOS 12.6.
Platform Availability
This command is available on BlackDiamond X8 series switches, BlackDiamond 8800 series switches
and Summit family switches.
Description
Configures a VMAN to use a specific protocol filter.
Syntax Description
vman_name
protocol
Layer 2 Basics
133
filter
filter_name
Default
Usage Guidelines
Protocol Filters on BlackDiamond 8800 Series Switches, SummitStack,
and the Summit Family Switches Only
These devices do not forward packets with a protocol-based VLAN set to AppleTalk. To ensure that
AppleTalk packets are forwarded on the device, create a protocol-based VLAN set to any and define
other protocol-based VLANs for other traffic, such as IP traffic. The AppleTalk packets pass on the
any VLAN, and the other protocols pass traffic on their specific protocol-based VLANs.
Example
The following example configures the protocol filter my_filter to vlan v1:
configure vlan v1 protocol my_filter
configure vlan v1 protocol filter my_filter
History
This command was first available in ExtremeXOS 10.1.
The filter keyword was added in ExtremeXOS 15.5.
Platform Availability
This command is available on all platforms.
Description
Assigns a tag to a VMAN.
Syntax Description
vman_name
tag
Specifies a value to use as the VMAN tag. The valid range is from 2 to 4094.
Layer 2 Basics
134
Default
N/A.
Usage Guidelines
Every VMAN requires a unique tag.
You can specify a value that is currently used as an internal VLAN ID on another VLAN; it becomes the
VLAN ID for the VLAN you specify, and a new VLAN ID is automatically assigned to the other untagged
VLAN.
Example
The following example assigns a tag of 120 to a VMAN named "accounting":
configure vman accounting tag 120
History
This command was first available in ExtremeXOS 11.0.
Platform Availability
This command is available on all platforms.
Description
Configures L2PT profiles on service interfaces.
Syntax Description
l2vpn
vplsvpls_name
Specifies Virtual Private LAN Service over MPLS, and the alphanumeric string
identifying the VPLS VPN.
peer ipaddress
l2pt profile
Specifies Layer 2 protocol tunneling and the L2PT profile for the PW.
none
profile_name
Layer 2 Basics
135
Default
Disabled.
Usage Guidelines
Use this command to configure L2PT profiles on service interfaces.
Example
The following example unbind the L2PT profile from peer 1.1.1.1 of VPLS cust2:
configure l2vpn vpls cust2 peer 1.1.1.1 l2pt profile none
The following example binds my_l2pt_prof with peer 1.1.1.1 of VPLS cust1. my_l2pt_prof specifies
tunneling actions:
configure l2vpn vpls cust1 peer 1.1.1.1 l2pt profile my_l2pt_prof
Error: Tunnel action may be applied only to ports.
History
This command was first available in ExtremeXOS 15.5.
Platform Availability
This command is available on all platforms.
Description
Adds a MAC address to the MAC address tracking table.
Syntax Description
mac_addr
Default
The MAC address tracking table is empty.
Usage Guidelines
None.
Layer 2 Basics
136
Example
The following command adds a MAC address to the MAC address tracking table:
create fdb mac-tracking entry 00:E0:2B:12:34:56
History
This command was first available in ExtremeXOS 12.3.
Platform Availability
This command is available on all platforms.
Description
Creates a permanent static FDB entry.
Syntax Description
mac_addr
vlan_name
port_list
Specifies one or more ports or slots and ports associated with the MAC
address.
tagged tag
Specifies the port-specific VLAN tag. When there are multiple ports specified
in port_list, the same tag is used for all of them.
blackhole
Enables the blackhole option. Any packets with either a source MAC address
or a destination MAC address matching the FDB entry are dropped.
Default
N/A.
Usage Guidelines
Permanent entries are retained in the database if the switch is reset or a power off/on cycle occurs. A
permanent static entry can either be a unicast or multicast MAC address. After they have been created,
permanent static entries stay the same as when they were created. If the same MAC address and VLAN
is encountered on another virtual port that is not included in the permanent MAC entry, it is handled as
a blackhole entry. The static entry is not updated when any of the following take place:
Layer 2 Basics
137
A permanent static FDB entry is deleted when any of the following take place:
A VLAN is deleted.
A port mode is changed (tagged/untagged).
A port is deleted from a VLAN.
Permanent static entries are designated by spm in the flags field of the show fdb output. You can use
the show fdb command to display permanent FDB entries.
If the static entry is for a PVLAN VLAN that requires more than one underlying entry, the system
automatically adds the required entries. For example, if the static entry is for a PVLAN network VLAN,
the system automatically adds all required extra entries for the subscriber VLANs.
You can create FDB entries to multicast MAC addresses and list one or more ports. If more than one
port number is associated with a permanent MAC entry, packets are multicast to the multiple
destinations.
IGMP snooping rules take precedence over static multicast MAC addresses in the IP multicast range
(01:00:5e:xx:xx:xx) unless IGMP snooping is disabled.
Note
When a multiport list is assigned to a unicast MAC address, load sharing is not supported on
the ports in the multiport list.
Example
The following command adds a permanent, static entry to the FDB for MAC address 00 E0 2B 12 34 56,
in VLAN marketing on slot 2, port 4 on a modular switch:
create fdbentry 00:E0:2B:12:34:56 vlan marketing port 2:4
The following example creates a multiport unicast FDB entry, in VLAN black, on slot 1, ports 1, 2, and 4,
on the BlackDiamond 8800 family of switches:
create fdbentry 01:00:00:00:00:01 vlan black port 1:1, 1:2, 1:4
The following example adds a permanent, static entry to the FDB for MAC address 00:01:02:03:04:05,
in VLAN marketing, on a VLAN port that has tag 100 on port 3 on a switch:
create fdbentry 00:01:02:03:04:05 vlan msk ports 3 tag 100
History
This command was first available in ExtremeXOS 10.1.
Layer 2 Basics
138
The ability to create a multicast FDB with multiple entry ports was added in ExtremeXOS 11.3.
The blackhole option was first available for all platforms in ExtremeXOS 12.1.
The ability to create a unicast FDB with multiple entry ports was available for the BlackDiamond 8000
c-, and e-series modules in ExtremeXOS 12.1. This feature is supported on all later platforms when
introduced.
The tag keyword and example was added in ExtremeXOS 15.4.
Platform Availability
This command is available on all platforms.
Description
Creates an L2PT profile.
Syntax Description
l2pt
profile
profile_name
Default
Disabled.
Usage Guidelines
Use this command to create an L2PT profile.
Example
The following example create a new L2PT profile named "my_l2pt_prof":
create l2pt profile my_l2pt_prof
History
This command was first available in ExtremeXOS 15.5.
Layer 2 Basics
139
Platform Availability
This command is available on all platforms.
create private-vlan
create private-vlan name {vr vr_name}
Description
Creates a PVLAN framework with the specified name.
Syntax Description
name
vr_name
Default
N/A.
Usage Guidelines
The PVLAN is a framework that links network and subscriber VLANs; it is not an actual VLAN.
A private VLAN name must begin with an alphabetical character and may contain alphanumeric
characters and underscores ( _ ), but it cannot contain spaces. The maximum allowed length for a
name is 32 characters. For private VLAN naming guidelines and a list of reserved names, see Object
Names.
If no VR is specified, the PVLAN is created in the default VR context.
Example
The following example creates a PVLAN named "companyx":
create private-vlan companyx
History
This command was first available in ExtremeXOS 12.1.
Platform Availability
This command is available on all platforms that support the Private VLAN feature. For features and the
platforms that support them, see the Feature License Requirements document.
Layer 2 Basics
140
create protocol
create protocol {filter} filter_name
Description
Creates a user-defined protocol filter.
Syntax Description
filter
filter_name
Specifies a protocol filter name. The protocol filter name can have a maximum
of 31 characters.
Default
N/A.
Usage Guidelines
Protocol-based VLANs enable you to define packet filters that the switch can use as the matching
criteria to determine if a particular packet belongs to a particular VLAN.
After you create the protocol, you must configure it using the configure protocol command. To assign it
to a VLAN, use the configure {vlan} vlan_name protocol {filter}filter_name command.
Example
The following command creates a protocol named "my_filter", and a protocol filter named
"my_other_filter":
create protocol my_filter
create protocol filter my_other_filter
History
This command was first available in ExtremeXOS 10.1.
The filter keyword was added in ExtremeXOS 15.5.
Platform Availability
This command is available on all platforms.
Layer 2 Basics
141
create vlan
create vlan vlan_name {tag tag } {description vlan-description } {vr name }
Description
Creates a named VLAN.
Syntax Description
vlan_name
tag
Specifies a value to use as an 802.1Q tag. The valid range is from 2 to 4095.
vlandescription
name
Specifies a VR or virtual routing and forwarding (VRF) instance in which to create the
VLAN.
Note
User-created VRs are supported only on the platforms listed for this feature in
the Feature License Requirements document.. On switches that do not support
user-created VRs, all VLANs are created in VR-Default and cannot be moved.
Default
A VLAN named Default exists on all new or initialized Extreme switches:
It initially contains all ports on a new or initialized switch, except for the management port(s), if
there are any.
It has an 802.1Q tag of 1.
The default VLAN is untagged on all ports.
It uses protocol filter any.
A VLAN named Mgmt exists on switches that have management modules or management ports:
It initially contains the management port(s) the switch.
It is assigned the next available internal VLANid as an 802.1Q tag.
If you do not specify the VR, the VLAN is created in the current VR.
If the VLAN description contains one or more space characters, you must enclose the complete name in
double quotation marks.
Usage Guidelines
A newly-created VLAN has no member ports, is untagged, and uses protocol filter any until you
configure it otherwise. Use the various configure vlan commands to configure the VLAN to your needs.
Internal VLANids are assigned automatically using the next available VLANid starting from the high end
(4094) of the range.
Layer 2 Basics
142
The VLAN name can include up to 32 characters. VLAN names must begin with an alphabetical letter,
and only alphanumeric, underscore ( _ ), and hyphen (-) characters are allowed in the remainder of the
name. VLAN names cannot match reserved keywords. For more information on VLAN name
requirements and a list of reserved keywords, see Object Names.
Note
If you use the same name across categories (for example, STPD and EAPS names), we
recommend that you specify the identifying keyword as well as the actual name. If you do not
use the keyword, the system may return an error message.
VLAN names are locally significant. That is, VLAN names used on one switch are only meaningful to
that switch. If another switch is connected to it, the VLAN names have no significance to the other
switch.
You must use mutually exclusive names for:
VLANs
VMANs
Ipv6 tunnels
BVLANs
SVLANs
CVLANs
Note
The VLAN description is stored in the ifAlias MIB object.
If you do not specify a VR when you create a VLAN, the system creates that VLAN in the default VR
(VR-Default). The management VLAN is always in the management VR (VR-Mgmt).
Once you create VRs, ExtremeXOS allows you to designate one of these as the domain in which all your
subsequent configuration commands, including VLAN commands, are applied. If you create VRs,
ensure that you are creating the VLANs in the desired virtual-router domain.
Note
User-created VRs are supported only on the platforms listed for this feature in the Feature
License Requirements document.. On switches that do not support user-created VRs, all
VLANs are created in VR-Default and cannot be moved.
Example
The following example creates a VLAN named accounting on the current VR:
create vlan accounting description "Accounting Dept"
History
This command was first available in ExtremeXOS 10.1.
The vr option was added in ExtremeXOS 11.0.
Layer 2 Basics
143
Platform Availability
This command is available on all platforms.
create vman
create vman vman-name {learning-domain} {vr vr_name}
Description
Creates a VMAN.
Syntax Description
vman-name
learning-domain
vr
vr_name
Default
N/A.
Usage Guidelines
For information on VMAN name requirements and a list of reserved keywords, see Object Names. You
must use mutually exclusive names for:
VLANs
VMANs
IPv6 tunnels
The keyword learning-domain enables you to create a VMAN that serves as a learning domain for interVMAN forwarding.
If you do not specify the virtual router, the VMAN is created in the current virtual router. After you
create the VMAN, you must configure the VMAN tag and add the ports that you want.
Layer 2 Basics
144
Example
The following example creates a VMAN named "fred":
create vman fred
History
This command was first available in ExtremeXOS 11.0.
Platform Availability
This command is available on all platforms.
Description
Deletes a MAC address from the MAC address tracking table.
Syntax Description
mac_addr
all
Specifies that all MAC addresses are to be deleted from the MAC address
tracking table.
Default
The MAC address tracking table is empty.
Usage Guidelines
None.
Example
The following example deletes a MAC address from the MAC address tracking table:
delete fdb mac-tracking entry 00:E0:2B:12:34:56
History
This command was first available in ExtremeXOS 12.3.
Layer 2 Basics
145
Platform Availability
This command is available on all platforms.
delete fdbentry
delete fdbentry [all | mac_address [vlan vlan_name ]
Description
Deletes one or all permanent FDB entries.
Syntax Description
all
mac_address
vlan_name
Default
N/A.
Usage Guidelines
None.
Example
The following example deletes a permanent entry from the FDB:
delete fdbentry 00:E0:2B:12:34:56 vlan marketing
The following example deletes all permanent entries from the FDB:
delete fdbentry all
History
This command was first available in ExtremeXOS 11.0.
Platform Availability
This command is available on all platforms.
Layer 2 Basics
146
Description
Deletes an L2PT profile.
Syntax Description
l2pt
profile
profile_name
Default
Disabled.
Usage Guidelines
Use this command to delete an L2PT profile.
Example
The following example deletes my_l2pt_prof that is currently in use by a service:
delete l2pt profile my_l2pt_prof
The following example deletes my_l2pt_prof that is not associated with any service:
delete l2pt profile my_l2pt_prof
History
This command was first available in ExtremeXOS 15.5.
Platform Availability
This command is available on all platforms.
delete private-vlan
delete private-vlan name
Description
Deletes the PVLAN framework with the specified name.
Layer 2 Basics
147
Syntax Description
name
Default
N/A.
Usage Guidelines
The PVLAN is a framework that links network and subscriber VLANs; it is not an actual VLAN.
This command deletes the PVLAN framework, but it does not delete the associated VLANs. If the ports
in the network VLAN were set to translate, they are changed to tagged.
Example
The following example deletes the PVLAN named "companyx":
delete private-vlan companyx
History
This command was first available in ExtremeXOS 12.1.
Platform Availability
This command is available on all platforms that support the Private VLAN feature. For features and the
platforms that support them, see the Feature License Requirements document.
delete protocol
delete protocol {filter}filter_name
Description
Deletes a user-defined protocol.
Syntax Description
filter
filter_name
Layer 2 Basics
148
Default
N/A.
Usage Guidelines
If you delete a protocol that is in use by a VLAN, the protocol associated with than VLAN becomes
none.
Example
The following command deletes a protocol named "my_filter" and a protocol filter named
"my_other_filter":
delete protocol my_filter
delete protocol filter my_other_filter
History
This command was first available in ExtremeXOS 10.1.
The filter keyword was added in ExtremeXOS 15.5.
Platform Availability
This command is available on all platforms.
delete vlan
delete vlan vlan_name
Description
Deletes a VLAN.
Syntax Description
vlan_name
Default
N/A.
Layer 2 Basics
149
Usage Guidelines
If you delete a VLAN that has untagged port members and you want those ports to be returned to the
default VLAN, you must add them back explicitly using the configure svlan delete ports
command.
Note
The default VLAN cannot be deleted. Before deleting an ISC VLAN, you must delete the
MLAG peer.
Example
The following command deletes the VLAN accounting:
delete accounting
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
delete vman
delete vman vman-name
Description
Deletes a previously created VMAN.
Syntax Description
vman-name
Default
N/A.
Usage Guidelines
None.
Layer 2 Basics
150
Example
The following command deletes the VMAN accounting:
delete vman accounting
History
This command was first available in ExtremeXOS 11.0.
Platform Availability
This command is available on all platforms.
Description
Used with VMANs, and instructs the switch to examine the 802.1p value of the outer tag, or added
VMAN header, to determine the correct egress queue on the egress port.
Syntax Description
all
port_list
Default
Disabled.
Usage Guidelines
Use this command to instruct the system to refer to the 802.1p value contained in the outer tag, or
VMAN encapsulation tag, when assigning the packet to an egress queue at the egress port of the
VMAN.
Note
See QoS Commands for information on configuring and displaying the current 802.1p and
DiffServ configuration for the inner, or original header, 802.1p value.
Layer 2 Basics
151
Example
The following example uses the 802.1p value on the outer tag, or VMAN encapsulation, to put the
packet in the egress queue on the VMAN egress port:
disable dot1p examination inner-tag port 3:2
History
This command was first available in ExtremeXOS 11.2.
Platform Availability
This command is available only on the BlackDiamond X8, BlackDiamond 8800 series switches,
SummitStack, and Summit family switches.
Description
Disables EMS and SNMP reporting of discovered MAC addresses that are duplicates of statically
configured MAC addresses.
Syntax Description
This command has no arguments or variables.
Default
Disabled.
Usage Guidelines
None.
Example
The following example disables this feature:
disable fdb static-mac-move
History
This command was first available in ExtremeXOS 12.7.
Layer 2 Basics
152
Platform Availability
This command is available on Summit family switches.
Description
Disables Layer 2 egress flooding on one or more ports.
Syntax Description
all_cast
broadcast
multicast
unicast
port_list
all
Default
Enabled for all packet types.
Usage Guidelines
Note
If an application requests specific packets on a specific port, those packets are not affected
by the disable flooding ports command.
You might want to disable egress flooding to do the following:
enhance security
enhance privacy
improve network performance
This is particularly useful when you are working on an edge device in the network. The practice of
limiting flooded egress packets to selected interfaces is also known as upstream forwarding.
Note
If you disable egress flooding with static MAC addresses, this can affect many protocols, such
as IP and ARP.
Layer 2 Basics
153
Example
The following example disables unicast flooding on ports 10-12 on a Summit series switch:
disable flooding unicast port 10-27
History
This command was first available in ExtremeXOS 11.2.
Platform Availability
This command is available on BlackDiamond X8 and 8800 series switches, SummitStack, and Summit
family switches.
Description
Disables MAC address learning from the payload of IP ARP packets.
Layer 2 Basics
154
Syntax Description
vr_name
Default
Disabled.
Usage Guidelines
To view the configuration for this feature, use the following command: show iparp
Example
The following example disables MAC address learning from the payload of IP ARP packets:
disable learning iparp sender-mac
History
This command was first available in ExtremeXOS 12.4.
Platform Availability
This command is available on all Summit family switches, SummitStack, and BlackDiamond 8800 series
switches.
Description
Disables MAC address learning on one or more ports for security purposes.
Syntax Description
port
port_list
all
drop-packets
forward-packets
Layer 2 Basics
155
Default
Enabled.
Usage Guidelines
Use this command in a secure environment where access is granted via permanent forwarding
database (FDB) entries per port.
Example
The following example disables MAC address learning on port 4:3:
disable learning ports 4:3
History
This command was first available in ExtremeXOS 10.1.
The drop packets and forward packets options were added in ExtremeXOS 12.1.
Platform Availability
This command is available on all Summit family switches, SummitStack, and BlackDiamond X8 and
8800 series switches.
Description
Disallows a VLAN to be placed in the UP state without an external active port. This allows (disallows)
the VLANs routing interface to become active.
Syntax Description
vlan_name
Default
N/A.
Usage Guidelines
Use this command to specify a stable interface as a source interface for routing protocols. This
decreases the possibility of route flapping, which can disrupt connectivity.
Layer 2 Basics
156
Example
The following example disallows the VLAN accounting to be placed in the UP state without an external
active port:
disable loopback-mode vlan accounting
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
Description
Disables SNMP trap generation when MAC-tracking events occur for a tracked MAC address.
Syntax Description
This command has no arguments or variables.
Default
Disabled.
Usage Guidelines
None.
Example
The following example disables SNMP traps for MAC-tracking events:
disable snmp traps fdb mac-tracking
History
This command was first available in ExtremeXOS 12.3.
Layer 2 Basics
157
Platform Availability
This command is available on all platforms.
disable vlan
disable vlan vlan_name
Description
Use this command to disable the specified VLAN.
Syntax Description
vlan_name
Default
Enabled.
Usage Guidelines
This command allows you to administratively disable specified VLANs. The following guidelines apply
to working with disabling VLANs:
Disabling a VLAN stops all traffic on all ports associated with the specified VLAN.
You cannot disable a VLAN that is running Layer 2 protocol control traffic for protocols such as
EAPS, STP, or ESRP.
When you attempt to disable a VLAN running Layer 2 protocol control traffic, the system returns a
message similar to the following:
VLAN accounting cannot be disabled because it is actively used by an L2
Protocol
You can disable the default VLAN; ensure that this is necessary prior to disabling the default VLAN.
You cannot disable the management VLAN.
You cannot bind Layer 2 protocols to a disabled VLAN.
You can add ports to or delete ports from a disabled VLAN.
Example
The following example disables the VLAN named "accounting":
disable vlan accounting
History
This command was first available in ExtremeXOS 11.4.
Layer 2 Basics
158
The ability to add ports to a disabled VLAN was added in ExtremeXOS 12.5.
Platform Availability
This command is available on all platforms.
Description
Disables the egress filtering of CVIDs that are not configured in the CVID map for a CEP.
Syntax Description
port_list
all
Default
Egress CVID filtering is disabled.
Usage Guidelines
To view the configuration setting for the egress CVID filtering feature, use the show ports
information command.
Note
When CVID egress filtering is enabled, it reduces the maximum number of CVIDs supported
on a port. The control of CVID egress filtering applies to fast-path forwarding. When frames
are forwarded through software, CVID egress filtering is always enabled.
Example
The following example disables egress CVID filtering on port 1:
disable vman cep egress filtering port 1
History
This command was first available in ExtremeXOS 12.6.
Layer 2 Basics
159
Platform Availability
This command is available on the BlackDiamond X8, BlackDiamond 8900 c-, xl-, and xm-series
modules. This command is also available on Summit X440, X460, X480, X670 and X770 series
switches.
Description
Used with VMANs, and instructs the switch to examine the 802.1p value of the inner tag, or header of
the original packet, to determine the correct egress queue on the egress port.
Syntax Description
all
port_list
Default
Disabled.
Usage Guidelines
Use this command to instruct the system to refer to the 802.1p value contained in the inner, or original,
tag when assigning the packet to an egress queue at the egress port of the VMAN.
Note
See QoS Commands for information on configuring and displaying the current 802.1p and
DiffServ configuration for the inner, or original header, 802.1p value.
Example
The following example puts the packets in the egress queue of the VMAN egress port according to the
802.1p value on the inner tag:
enable dot1p examination inner-tag port 3:2
History
This command was first available in ExtremeXOS 11.2.
Layer 2 Basics
160
Platform Availability
This command is available only on the BlackDiamond X8, BlackDiamond 8800 series switches,
SummitStack, and the Summit family of switches.
Description
Enables EMS and SNMP reporting of discovered MAC addresses that are duplicates of statically
configured MAC addresses.
Syntax Description
This command has no arguments or variables.
Default
Disabled.
Usage Guidelines
This command enables reporting only. All packets that arrive from a duplicate MAC address on another
port (other than the statically configured port) are dropped.
The switch reports the source MAC address, port, and VLAN for each duplicate MAC address.
Example
The following command enables this feature:
enable fdb static-mac-move
History
This command was first available in ExtremeXOS 12.7.
Platform Availability
This command is available on Summit family switches.
Layer 2 Basics
161
Description
Enables egress flooding on one or more ports. With the BlackDiamond X8, BlackDiamond 8800 series
switches, SummitStack, and the Summit family of switches, you can further identify the type of packets
to flood on the specified ports.
Syntax Description
all_cast
broadcast
multicast
unicast
port_list
all
Default
Enabled for all packet types.
Usage Guidelines
Use this command to re-enable egress flooding that you previously disabled using the disable
flooding ports command.
The following guidelines apply to enabling and disabling egress flooding:
Disabling multicasting egress flooding does not affect those packets within an IGMP membership
group at all; those packets are still forwarded out. If IGMP snooping is disabled, multicast packets
are not flooded.
Egress flooding can be disabled on ports that are in a load-sharing group. If that is the situation, the
ports in the group take on the egress flooding state of the master port; each member port of the
load-sharing group has the same state as the master port.
FDB learning is independent of egress flooding. FDB learning and egress flooding can be enabled or
disabled independently.
Disabling unicast or all egress flooding to a port also stops packets with unknown MAC addresses to
be flooded to that port.
Disabling broadcast or all egress flooding to a port also stops broadcast packets to be flooded to
that port.
Layer 2 Basics
162
Example
The following command enables unicast flooding on ports 13-17 on a Summit series switch:
enable flooding unicast port 13-17
History
This command was first available in ExtremeXOS 11.2.
Platform Availability
This command is available on BlackDiamond X8 and BlackDiamond 8800 series switches, SummitStack,
and Summit family switches.
Description
Enables MAC address learning from the payload of IP ARP packets.
Syntax Description
request
reply
both-request-and-reply
vr_name
Default
Disabled.
Usage Guidelines
To view the configuration for this feature, use the following command: show iparp
Layer 2 Basics
163
Example
The following command enables MAC address learning from the payload of reply IP ARP packets:
enable learning iparp reply sender-mac
History
This command was first available in ExtremeXOS 12.4.
Platform Availability
This command is available on all Summit family switches, SummitStack, and BlackDiamond X8 and
BlackDiamond 8800 series switches.
Description
Enables MAC address learning on one or more ports.
Syntax Description
drop-packets
Forwards EDP packets, and drops all unicast, multicast, and broadcast
packets from a source address not in the FDB. No further processing occurs
for dropped packets.
all
port_list
Default
Enabled.
Usage Guidelines
Use this command to enable MAC address learning on one or more ports.
Example
The following example enables MAC address learning on slot 1, ports 7 and 8 on a modular switch:
enable learning ports 1:7-8
Layer 2 Basics
164
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all Summit family switches, SummitStack, and BlackDiamond X8 and
BlackDiamond 8800 series switches.
Description
Allows a VLAN to be placed in the UP state without an external active port. This allows (disallows) the
VLANs routing interface to become active.
Syntax Description
vlan_name
Default
N/A.
Usage Guidelines
Use this command to specify a stable interface as a source interface for routing protocols. This
decreases the possibility of route flapping, which can disrupt connectivity.
Example
The following example allows the VLAN "accounting" to be placed in the UP state without an external
active port:
enable loopback-mode vlan accounting
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
Layer 2 Basics
165
Description
Enables SNMP trap generation when MAC-tracking events occur for a tracked MAC address.
Syntax Description
This command has no arguments or variables.
Default
Disabled.
Usage Guidelines
None.
Example
The following example enables SNMP traps for MAC-tracking events:
enable snmp traps fdb mac-tracking
History
This command was first available in ExtremeXOS 12.3.
Platform Availability
This command is available on all platforms.
enable vlan
enable vlan vlan_name
Description
Use this command to re-enable a VLAN that you previously disabled.
Syntax Description
vlan_name
Layer 2 Basics
166
Default
Enabled.
Usage Guidelines
This command allows you to administratively enable specified VLANs that you previously disabled.
Example
The following example enables the VLAN named "accounting":
enable vlan accounting
History
This command was first available in ExtremeXOS 11.4.
Platform Availability
This command is available on all platforms.
Description
Enables the egress filtering of frames based on their CVIDs on ports configured as CEPs.
Syntax Description
port_list
all
Default
Egress CVID filtering is disabled.
Usage Guidelines
For a given VMAN and a port configured as a CEP for that VMAN, only frames with CVIDs that have
been mapped from the CEP to the VMAN are forwarded from the VMAN and out the CEP.
Layer 2 Basics
167
To view the configuration setting for the egress CVID filtering feature, use the show ports
information command.
Note
CVID egress filtering is available only on switches that support this feature, and when this
feature is enabled, it reduces the maximum number of CVIDs supported on a port. The
control of CVID egress filtering applies to fast-path forwarding. When frames are forwarded
through software, CVID egress filtering is always enabled.
Example
The following command enables egress CVID filtering on port 1:
enable vman cep egress filtering port 1
History
This command was first available in ExtremeXOS 12.6.
Platform Availability
This command is available on the BlackDiamond X8 series switches and the BlackDiamond 8900 c-, xl-,
and xm-series modules. This command is also available on Summit X440, X460, X480, X670 and X770
series switches.
Description
Displays configuration information for the MAC address tracking feature.
Syntax Description
This command has no arguments or variables.
Default
The MAC address tracking table is empty.
Usage Guidelines
None.
Layer 2 Basics
168
Example
The following exmaple displays the contents of the MAC address tracking table:
# show fdb mac-tracking configuration
MAC-Tracking enabled ports: 1-3,10,20
SNMP trap notification
: Enabled
MAC address tracking table (4 entries):
00:30:48:72:ee:88
00:21:9b:0e:ca:32
00:12:48:82:9c:56
00:30:48:84:d4:16
History
This command was first available in ExtremeXOS 12.3.
Platform Availability
This command is available on all platforms.
Description
Displays statistics for the MAC addresses that are being tracked.
Syntax Description
mac_addr
Specifies a MAC address, using colon-separated bytes, for which FDB entries
should be displayed.
no-refresh
Default
N/A.
Usage Guidelines
Use the keys listed below the display to clear the statistics counters or page up or down through the
table entries.
Layer 2 Basics
169
Example
The following example displays statistics for the entries in the MAC address tracking table:
# show fdb mac-tracking statistics
MAC Tracking Statistics
Fri Mar 20 15:25:01 2009
Add
Move
Delete
MAC Address
events
events
events
=====================================================
00:00:00:00:00:01
0
0
0
00:00:00:00:00:02
0
0
0
00:00:00:00:00:03
0
0
0
00:00:00:00:00:04
0
0
0
00:00:00:00:00:05
0
0
0
00:00:00:00:00:06
0
0
0
00:00:00:00:00:07
0
0
0
00:00:00:00:00:08
0
0
0
00:00:00:00:00:09
0
0
0
00:00:00:00:00:10
0
0
0
00:00:00:00:00:11
0
0
0
00:00:00:00:00:12
0
0
0
00:00:00:00:00:13
0
0
0
00:00:00:00:00:14
0
0
0
00:00:00:00:00:15
0
0
0
00:00:00:00:00:16
0
0
0
00:00:00:00:00:17
0
0
0
00:00:00:00:00:18
0
0
0
=====================================================
0->Clear Counters U->page up D->page down ESC->exit
History
This command was first available in ExtremeXOS 12.3.
Platform Availability
This command is available on all platforms.
Description
Displays the configuration for the feature that reports the discovery of MAC addresses that are
duplicates of statically configured MAC addresses.
Syntax Description
This command has no arguments or variables.
Layer 2 Basics
170
Default
N/A.
Usage Guidelines
None.
Example
The following example shows the command display:
# show fdb static-mac-movement configuration
Static MAC Movement Notification: Enabled
MAC learning Packets Count
: 5
History
This command was first available in ExtremeXOS 12.7.
Platform Availability
This command is available on Summit family switches.
Description
Displays FDB entry statistics for the specified ports or VLANs in either a dynamic or a static report.
Syntax Description
all
port_list
vlan_name
no-refresh
Default
Summary FDB statistics for the switch.
Layer 2 Basics
171
Usage Guidelines
The dynamic display remains visible and continues to update until you press [Esc].
The show fdb stats command output displays the following information:
Port
When you chose to display statistics for ports, this column displays port
numbers.
Link State
When you chose to display statistics for ports, this column displays the link
states, which are described at the bottom of the display.
VLAN
When you chose to display statistics for VLANs, this column displays VLAN
names.
MAC Addresses
This column displays the total number of MAC addresses for each port or
VLAN.
Dynamic
This column displays the total number of MAC addresses that were learned
dynamically for each port or VLAN.
Static
This column displays the total number of MAC addresses that are configured
on this switch for each port or VLAN.
Dropped
This column displays the total number of dynamic MAC addresses that were
discovered, but not stored in the FDB. Discovered MAC addresses might be
dropped because a configured learning limit is reached, the FDB is in
lockdown, or a port forwarding state is in transition. Some conditions that
lead to dropped MAC addresses can produce log messages or SNMP traps.
Example
The following command example displays summary FDB statistics for the switch:
torino1.1 # show fdb stats
Total: 4 Static: 3 Perm: 3 Dyn: 1 Dropped: 0
FDB Aging time: 300
FDB VPLS Aging time: 300
torino1.2 #
The following command example displays FDB statistics for ports 1 to 16 on slot 1:
# show fdb stats ports 1:1-1:16
FDB Stats
Mon Mar 15 15:30:49 2010
Port
Link
MAC
State
Addresses
Dynamic
Static
Dropped
=======================================================================
1:1
A
2394
2389
5
2
1:2
A
37
37
0
0
1:3
A
122
121
1
452
1:4
R
0
0
0
0
1:5
R
0
0
0
0
1:6
A
43
43
0
0
1:7
A
118
118
0
0
1:8
R
0
0
0
0
1:9
R
0
0
0
0
1:10
A
8
8
0
0
1:11
A
2998
2990
8
1
1:12
A
486
486
0
0
Layer 2 Basics
172
1:13
R
0
0
0
0
1:14
A
42
42
0
0
1:15
A
795
795
0
0
1:16
A
23
23
0
2
=======================================================================
Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback
U->page up D->page down ESC->exit
The following command example displays FDB statistics for all VLANs:
# show fdb stats vlan all
FDB Stats
Mon Mar 15 15:30:49 2010
VLAN
MAC Addresses
Dynamic
Static
Dropped
=============================================================================
SV_PPPOE
2394
2389
5
2
NV_PPPOE
122
121
1
452
=============================================================================
U->page up D->page down ESC->exit
History
The dynamic display for this command was first available in ExtremeXOS 12.4.2.
Platform Availability
This command is available on all platforms.
show fdb
show fdb {blackhole {netlogin [all | mac-based-vlans]} | netlogin [all | macbased-vlans] | permanent {netlogin [all | mac-based-vlans]} | mac_addr {netlogin
[all | mac-based-vlans]} | ports port_list {netlogin [all | mac-based-vlans]} |
vlan vlan_name {netlogin [all | mac-based-vlans]} | {{vpls} {vpls_name}}}
Description
Displays FDB entries.
Syntax Description
blackhole
Displays the blackhole entries. (All packets addressed to these entries are
dropped.)
slot
num_entries
netlogin all
Layer 2 Basics
173
Displays all permanent entries, including the ingress and egress QoS profiles.
mac_addr
Specifies a MAC address, using colon-separated bytes, for which FDB entries
should be displayed.
port_list
Displays the entries for one or more ports or ports and slots.
vlan_name
vpls_name
Default
All.
Usage Guidelines
The pulling of MAC addresses for display purposes is given a lower priority to the actual data path
learning. Eventually all the MAC addresses are learned in a quiescent system.
The show fdb command output displays the following information:
Mac
Vlan
Age
The age of the entry, in seconds (does not appear if the keyword permanent
is specified). The age parameter does not display for the backup MSM/MM on
modular switches.On BlackDiamond 8900 xl-series and Summit X480
switches, the Age is always 000 and the h flag is set for entries that are
hardware aged.
Layer 2 Basics
174
Flags
Port List
Example
The following example shows how the FDB entries appear for all options except the hardware option:
# show fdb
Mac
Vlan
Age Flags
Port / Virtual Port List
----------------------------------------------------------------------------00:0c:29:4b:34:cf
v101(0101) 0041 d m
D 1:2
00:0c:29:4b:34:cf
v100(0100) 0041 d m
P 1:2
00:0c:29:d2:2d:48
v102(0102) 0045 d m
1:3
00:0c:29:d2:2d:48
v100(0100) 0045 d m
P 1:3
00:0c:29:f1:f2:f5
v100(0100) 0045 d m
1:1
00:0c:29:f1:f2:f5
v102(0102) 0045 d m
P 1:1
00:0c:29:f1:f2:f5
v101(0101) 0045 d m
P 1:1
Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP,
x - IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress
Blackhole,
b - Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN
translation,
D - drop packet, h - Hardware Aging, o - IEEE 802.1ah Backbone MAC.
Total: 3 Static: 0 Perm: 0 Dyn: 3 Dropped: 0 Locked: 0 Locked with
Timeout: 0
FDB Aging time: 300
FDB VPLS Aging time: 300
The following example output shows where the port tag is displayed in parentheses:
# show fdb
Mac
Layer 2 Basics
Vlan
Age
Flags
175
----------------------------------------------------------------------------00:00:00:00:04:0a
test(0200) 0057 d m
3(0010)
00:00:00:00:04:0b
test(0200) 0300 d m
3(0011)
00:01:02:03:04:05
test(0200) 0000 spm
3(0010)
Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP,
x - IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B Egress
Blackhole,
b - Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T VLAN
translation,
D - drop packet, h - Hardware Aging, o - IEEE 802.1ah Backbone MAC.
Total: 3 Static: 0 Perm: 0 Dyn: 3 Dropped: 0 Locked: 0 Locked
with Timeout: 0
FDB Aging time: 300
FDB VPLS Aging time: 300
History
This command was first available in ExtremeXOS 10.1.
The stats and netlogin parameters were first available in ExtremeXOS 11.3.
The blackhole output under the b and B flags was first available for all platforms in ExtremeXOS 12.1.
The o flag was first available in ExtremeXOS 12.4.
Platform Availability
This command is available on all platforms.
Description
Displays the contents of an L2PT profile.
Syntax Description
profile
profile_name
Default
Disabled.
Layer 2 Basics
176
Usage Guidelines
Use this command to display the contents of an L2PT profile.
Example
The following is an example of the command's output:
# show l2pt profile
Profile Name
----------------------------my_l2pt_access_prof
1
my_l2pt_network_prof
encap
Action
-----tunnel
CoS
---
my_other_list
mylist
tunnel
my_other_list
encap
my_none_list
# show l2pt profile my_l2pt_access_prof
Profile Name
Protocol Filter Name
----------------------------- -------------------------------my_l2pt_access_prof
my_list
1
my_other_list
none
Action
-----tunnel
CoS
---
tunnel
History
This command was first available in ExtremeXOS 15.5.
Platform Availability
This command is available on all platforms.
show l2pt
show l2pt
Description
Displays the global parameters for L2PT.
Syntax Description
l2pt
Default
Disabled.
Layer 2 Basics
177
Usage Guidelines
Use this command to display the global parameters for L2PT.
Example
The following is an example of the command's output:
# show l2pt
Encapsulation Destination MAC Address: 01:00:00:01:01:02
History
This command was first available in ExtremeXOS 15.5.
Platform Availability
This command is available on all platforms.
Description
Displays the protocol filtering configuration and status.
Syntax Description
port_list
all
detail
Default
Displays all protocol filters.
Usage Guidelines
Use this command to display the protocol filtering configuration and status.
Example
The following example displays the filtering configuration and status for ports 1-4:
# show ports 1-4 protocol filter
Port Protocol
Destination
Layer 2 Basics
Protocol Id
Field
Field Field
Packets
178
#
Filter Name Address
---- ----------- ----------------1
my_list
01:80:C2:00:00:02
2300
01:80:C2:00:00:00
01:80:C2:00:00:00
2 lacp
01:80:C2:00:00:02
3 (none)
4 (none)
16
14
5000
01:02> FF:FF> 5000
01
FF
3200
> indicates that the value was truncated to the column size in the output.Use
the
detail option to see the complete value.
The following example displays output for the show ports protocol filter detail
command:
show ports 1-4 protocol filter detail
Port 1
Protocol Filter Name: my_list
Destination Address : 01:80:C2:00:00:02
Protocol Id Type
: etype
Protocol Id Value
: 0x8902
Field Offset
: 14
Field Value
: 03:04
Field Mask
: FF:FF
Packets Filtered
: 2300
Destination Address : 01:80:C2:00:00:00
Protocol Id Type
: snap
Protocol Id Value
: 0x4041
Field Offset
: 16
Field Value
: 01:02:03:04
Field Mask
: FF:FF:FF:FF
Packets Filtered
: 5000
Destination Address : 01:80:C2:00:00:00
Protocol Id Type
: snap
Protocol Id Value
: 0x4041
Field Offset
:
Field Value
:
Field Mask
:
Packets Filtered
: 5000
Port 2
Protocol Filter Name:
Destination Address :
Protocol Id Type
:
Protocol Id Value
:
Field Offset
:
Field Value
:
Field Mask
:
Packets Filtered
:
lacp
01:80:C2:00:00:02
etype
0x8902
14
01
FF
3200
Port 3
Protocol Filter Name: (none)
Port 4
Layer 2 Basics
179
History
This command was first available in ExtremeXOS 15.5.
Platform Availability
This command is available on all platforms.
Description
Displays information about the specified PVLAN.
Syntax Description
name
Default
N/A.
Usage Guidelines
If the PVLAN is incomplete because it does not have a network or any subscriber VLAN configured,
[INCOMPLETE] appears next to the PVLAN name.
Example
The following example output displays information for the companyx PVLAN:
* (debug) BD-8808.1 # show private-vlan "Engineering"
------------------------------------------------------------------------------------Name
VID Protocol Addr
Flags
Proto Ports
Virtual
Active router
/Total
------------------------------------------------------------------------------------Engineering
Network VLAN:
-Engr1
10
-------------------------------------ANY
4 /5
VRDefault
Non-Isolated Subscriber VLAN:
-ni1
400 -------------------------------------ANY
1 /1
VRDefault
-ni2
401 ------------------------------------ANY
1 /1
VRDefault
Layer 2 Basics
180
History
This command was first available in ExtremeXOS 12.1.
Platform Availability
This command is available on all platforms that support the Private VLAN feature. For features and the
platforms that support them, see the Feature License Requirements document.
show private-vlan
show private-vlan
Description
Displays information about all the PVLANs on the switch.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
If the PVLAN is incomplete because it does not have a network or any subscriber VLAN configured,
[INCOMPLETE] appears next to the PVLAN name.
Example
The following example output displays all the PVLANs on the switch:
* (debug) BD-8808.1 # show private-vlan
------------------------------------------------------------------------------
Layer 2 Basics
181
-------Name
VID Protocol Addr
Flags
Proto Ports
Virtual
Active router
/Total
------------------------------------------------------------------------------------Engineering
Network VLAN:
-Engr1
10
-------------------------------------ANY
4 /5
VRDefault
Non-Isolated Subscriber VLAN:
-ni1
400 -------------------------------------ANY
1 /1
VRDefault
-ni2
401 ------------------------------------ANY
1 /1
VRDefault
Isolated Subscriber VLAN:
-i1
500 ------------------------------------ANY
1 /1
VRDefault
Ops
Network VLAN:
-Ops
20
------------------------------------ANY
2 /2
VRDefault
Non-Isolated Subscriber VLAN:
-OpsNi1
901 ------------------------------------ANY
1 /1
VRDefault
-OpsNi2
902 ------------------------------------ANY
1 /1
VRDefault
-OpsNi3
903 ------------------------------------ANY
1 /1
VRDefault
-OpsNi4
904 ------------------------------------ANY
1 /1
VRDefault
Isolated Subscriber VLAN:
-OpsI0
600 ------------------------------------ANY
1 /1
VRDefault
-OpsI1
601 ------------------------------------ANY
1 /1
VRDefault
-OpsI2
602 ------------------------------------ANY
1 /1
VRDefault
-OpsI3
603 ------------------------------------ANY
1 /1
VRDefault
-OpsI4
604 ------------------------------------ANY
1 /1
VRDefault
Sales [INCOMPLETE]
Network VLAN:
-NONE
Non-Isolated Subscriber VLAN:
-SalesNi1
701 ------------------------------------ANY
1 /1
VRDefault
-SalesNi2
702 ------------------------------------ANY
1 /1
VRDefault
Isolated Subscriber VLAN:
-SalesI0
800 ------------------------------------ANY
1 /1
VRDefault
------------------------------------------------------------------------------------Flags : (C) EAPS Control vlan, (d) NetLogin Dynamically created VLAN,
(D) VLAN Admin Disabled, (E) ESRP Enabled, (f) IP Forwarding Enabled,
Layer 2 Basics
182
(i) ISIS Enabled, (I) IP Forwarding lpm-routing Enabled, (L) Loopback Enabled,
(l) MPLS Enabled, (m) IPmc Forwarding Enabled, (n) IP Multinetting Enabled,
(N) Network LogIn vlan, (o) OSPF Enabled, (p) PIM Enabled,
(P) EAPS protected vlan, (r) RIP Enabled,
(T) Member of STP Domain, (V) VPLS Enabled, (v) VRRP Enabled
Total number of PVLAN(s) : 3
History
This command was first available in ExtremeXOS 12.1.
Platform Availability
This command is available on all platforms that support the Private VLAN feature. For features and the
platforms that support them, see the Feature License Requirements document.
show protocol
show protocol {filter} {filter_ name} {detail}
Description
Displays protocol filter definitions and the complete protocol configuration.
Syntax Description
filter
name
detail
Default
Displays all protocol filters.
Usage Guidelines
Displays the defined protocol filter(s) with the types and values of its component protocols.
Example
The following is an example of the command's output:
# show protocol
Protocol Filter Name
Field
Mask
--------------------
Layer 2 Basics
Protocol
Id
Destination
Field
Field
Type
Value
Address
Offset
Value
--------
------
-----------
-------
------
183
------IP
0x0800
ANY
ipx
IPv6
lacp
FF
mpls
appletalk
0x809b
etype
etype
ANY
etype
etype
etype
0x0806
0xffff
0x8137
0x86dd
0x8809
etype
snap
0x8847
snap
0x80f3
01:80:C2:00:00:02>
14
01
> indicates that the value was truncated to the column size in the output.
Use the detail option to see the complete value.
lacp
etype
0x8809
01:80:C2:00:00:02
14
01
FF
History
This command was first available in ExtremeXOS 10.1.
The filter and detail keywords were added in ExtremeXOS 15.5.
Layer 2 Basics
184
Platform Availability
This command is available on all platforms.
show vlan
show vlan {virtual-router vr-name}
show {vlan} vlan_name {ipv4 | ipv6}
show vlan [tag tag | detail] {ipv4 | ipv6}
show vlan ports
Description
Displays information about one or all VLANs.
Syntax Description
Specifies a VR name for which to display summary information for all VLANs.
If no VR name is specified, the software displays summary information for all
VLANs in the current VR context.
vr-name
Note
User-created VRs are supported only on the platforms listed for
this feature in the Feature License Requirements document. On
switches that do not support user-created VRs, all VLANs are
created in VR-Default and cannot be moved.
vlan_name
tag
Specifies the 802.1Q tag of a VLAN for which to display detailed VLAN
information.
detail
ipv4
Specifies IPv4.
ipv6
Specifies IPv6.
ports
Default
Summary information for all VLANs on the device.
Usage Guidelines
Note
To display IPv6 information, you must issue either the show vlan detail command or
show vlan command with the name of the specified VLAN.
Layer 2 Basics
185
Unlike many other VLAN-related commands, the keyword vlan is required in all forms of this
command except when requesting information for a specific VLAN.
Use the command show vlan to display summary information for all VLANs. It shows various
configuration options as a series of flags (see the example below). VLAN names, descriptions, and
protocol names may be abbreviated in this display.
Use the command show vlan detail to display detailed information for all VLANs. This displays
the same information as for an individual VLAN, but shows every VLAN, one-by-one. After each VLAN
display you can elect to continue or quit.
Protocol none indicates that this VLAN was configured with a user-defined protocol that has
subsequently been deleted.
Note
The BlackDiamond 8800 series switches, SummitStack, and the Summit family of switches
display the Mgmt VLAN in VR-Mgmt.
When an IPv6 address is configured for the VLAN, the system may display one of the following two
address types in parentheses after the IPv6 address:
Tentative
Duplicate
Note
See the appropriate ExtremeXOS User Guide volume for information on IPv6 address types.
You can display additional useful information on VLANs configured with IPv6 addresses by issuing the
show ipconfig ipv6 vlan vlan_name command.
When a displayed VLAN is part of a PVLAN, the display includes the PVLAN name and type (which is
network, non-isolated subscriber, or isolated subscriber).
When the displayed VLAN is configured for VLAN translation, the display provides translation VLAN
information. If the displayed VLAN is a translation VLAN, a list of translation VLAN members appears. If
the displayed VLAN is a member VLAN, the display indicates the translation VLAN to which the
member VLAN belongs.
Example
The following is example output of the show vlan command on a switch where PTP and CES are
configured (for example, an E4G-200 or E4G-400):
E4G-400.15 # sh vlan
------------------------------------------------------------------------------------Name
VID Protocol Addr
Flags
Proto Ports
Virtual
Active router
/Total
-------------------------------------------------------------------------------------
Layer 2 Basics
186
Default
1
--------------------------------T------- ANY
1 /34
VR-Default
Mgmt
4095 ---------------------------------------- ANY
1 /1
VR-Mgmt
v1
40
1.1.1.51
/24 -fL---------------ek ANY
1 /10
VR-Default
v2
20
1.1.2.52
/24 -f----------------e- ANY
0 /1
VR-Default
------------------------------------------------------------------------------------Flags : (B) BFD Enabled, (c) 802.1ad customer VLAN, (C) EAPS Control VLAN,
(d) NetLogin Dynamically created VLAN, (D) VLAN Admin Disabled,
(e) CES Configured, (E) ESRP Enabled, (f) IP Forwarding Enabled,
(F) Learning Disabled, (i) ISIS Enabled, (I) Inter-Switch Connection VLAN for
MLAG,
(k) PTP Configured, (l) MPLS Enabled, (L) Loopback Enabled,
(m) IPmc Forwarding Enabled, (M) Translation Member VLAN or Subscriber VLAN,
(n) IP Multinetting Enabled, (N) Network Login VLAN, (o) OSPF Enabled,
(O) Flooding Disabled, (p) PIM Enabled, (P) EAPS protected VLAN,
(r) RIP Enabled, (R) Sub-VLAN IP Range Configured,
(s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN,
(T) Member of STP Domain, (v) VRRP Enabled, (V) VPLS Enabled, (W) VPWS Enabled
Total number of VLAN(s) : 4
Layer 2 Basics
187
(T) Member of STP Domain, (v) VRRP Enabled, (V) VPLS Enabled, (W)
VPWS Enabled
(Z) Openflow Enabled
Total number of VLAN(s) : 3
Layer 2 Basics
7,
188
Layer 2 Basics
189
Flags:
(b)
(a)
(u)
(t)
(s)
(x)
(G)
(H)
6,
7,
8,
9,
10,
11,
12
(*) Active, (!) Disabled, (g) Load Sharing port
The following example is the show output of a vlan that has port-specific tag. The tag is displayed in
parentheses.
VLAN Interface with name vl1 created by user
Admin State:
Enabled
Tagging:
802.1Q Tag 100
Description:
None
Virtual router:
VR-Default
IPv4 Forwarding:
Disabled
IPv4 MC Forwarding: Disabled
IPv6 Forwarding:
Disabled
IPv6 MC Forwarding: Disabled
IPv6:
None
STPD:
None
Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
OpenFlow:
Disabled
QosProfile:
None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile:
None configured
Ports:
8.
(Number of active ports=2)
Untag:
5
Tag:
1,
10,
11
Port-specific Tag:
1(0010),
1(0011),
*3(0101),
*4(0102)
Flags:
port
(b) Port blocked on the vlan, (m) Mac-Based
port
Layer 2 Basics
190
History
This command was first available in ExtremeXOS 10.1.
The IPv6 information was added in ExtremeXOS 11.2.
The netlogin information was added in ExtremeXOS 11.3.
The VR and administratively enabled/disabled information was added in ExtremeXOS 11.4.
The tag option was added in ExtremeXOS 12.4.4.
The OpenFlow status feature was added in ExtremeXOS 15.3.
Platform Availability
This command is available on all platforms.
Information on MAC-based ports is available only on the Summit family of switches, SummitStack, and
the BlackDiamond 8800 series switch.
Description
Displays a list of VLANs and VLAN descriptions.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Layer 2 Basics
191
Usage Guidelines
None.
Example
The following example displays the descriptions for all VLANs:
# show vlan description
---------------------------------------------------------------------------Name
VID Description
---------------------------------------------------------------------------ctrl1
11
Control Vlan
ctrl2
102 Control Vlan 2
Default
1
v1
60
vlan 1
vplsVlan
3296 L2 VPN to home office
---------------------------------------------------------------------------Total number of VLAN(s) : 5
History
This command was first available in ExtremeXOS 12.4.4.
Platform Availability
This command is available on all platforms.
Description
Displays the L2PT configuration and status of a service.
Syntax Description
vlan
vman
vlan_name
ports port_list
detail
Default
Disabled.
Layer 2 Basics
192
Usage Guidelines
Use this command to display the L2PT configuration and status of a service.
Example
The following is an example of the show vman ports l2pt command:
# show vman cust2 ports 1:2,1:7 l2pt
Interface
--------------1:2
1:7
The following example illustrates the show vman l2pt ports detail command:
show vman cust2 ports 1:2,1:7 l2pt detail
Port 1:2
L2PT Profile Name
: my_l2pt_profile
Protocol Filter Name
: filter1
Destination Address: 01:80:C2:00:00:02
Protocol Id Type
: etype
Protocol Id Value : 0x8902
Field Offset
: 14
Field Value
: 03
Field Mask
: FF
Action
: Tunnel
CoS
: Default
Packets Transmitted: 2300
Packets Received
: 2300
Protocol Filter Name
: filter2
Destination Address: 01:80:C2:00:00:00
Protocol Id Type
: snap
Protocol Id Value : 0x4041
Field Offset
:
Field Value
:
Field Mask
:
Action
: Tunnel
CoS
: 7
Packets Transmitted: 500
Packets Received
: 500
Port 1:7
L2PT Profile Name
: (none)
History
This command was first available in ExtremeXOS 15.5.
Platform Availability
This command is available on all platforms.
Layer 2 Basics
193
show vman
show vman show {vman} vman_name {ipv4 | ipv6}
show vman [tag tag | detail] {ipv4 | ipv6}
Description
Displays information about one or all VMANs.
Note
The information displayed for this command depends on the platform and configuration you
are using.
Syntax Description
vman_name
tag
detail
ipv4
Specifies IPv4.
ipv6
Specifies IPv6.
Default
Summary information for all VMANs on the switch.
Usage Guidelines
The information displayed with this command depends on the platform and configuration you are
using.
Example
The following example displays a list of all the VMANs on the switch:
* BD-12804.17 # show vman
------------------------------------------------------------------------------------Name
VID Protocol Addr
Flags
Proto Ports
Virtual
Active router
/Total
------------------------------------------------------------------------------------le1
4091 ------------------ ----------------a
ANY
2 /2
VRDefault
le2
4090 ------------------ ----------------a
ANY
0 /0
VRDefault
Layer 2 Basics
194
vm1
4089 ------------------ ----------------ANY
0 /0
VRDefault
------------------------------------------------------------------------------------Flags : (a) Learning Domain (C) EAPS Control vlan, (E) ESRP Enabled,
(f) IP Forwarding Enabled, (i) ISIS Enabled, (I) IP Forwarding lpm-routing
Enabled,
(L) Loopback Enabled, (m) IPmc Forwarding Enabled,
(n) IP Multinetting Enabled, (N) Network LogIn vlan,
(o) OSPF Enabled, (p) PIM Enabled,
(P) EAPS protected vlan, (r) RIP Enabled, (T) Member of STP Domain,
(v) VRRP Enabled, (B) 802.1ah Backbone VMAN, (S) 802.1ah Service VMAN
Total number of vman(s) : 3
The Port CVID output was added in the display of show vman vlan_name | detail in ExtremeXOS
15.3.2:
VMAN Interface with name vm1 created by user
Admin State: Enabled
Tagging:
1000
Description: None
Virtual router: VR-Default
IPv4 Forwarding: Disabled
IPv6 Forwarding: Disabled
IPv6:
None
Layer 2 Basics
802.1Q Tag
195
STPD:
None
Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile:
None configured
Ports:
3.
(Number of active ports=3)
Untag:
*21: Port CVID 5,
*24: Port CVID 7,
Tag:
*22
Flags:
(*) Active, (!) Disabled, (g) Load Sharing port
(b) Port blocked on the vlan, (m) Mac-Based port
(a) Egress traffic allowed for NetLogin
(u) Egress traffic unallowed for NetLogin
(t) Translate VLAN tag for Private-VLAN
(s) Private-VLAN System Port, (L) Loopback port
(x) VMAN Tag Translated port
(G) Multi-switch LAG Group port
The show vman detail command shows all the information shown in the show vman vlan_name
command, but displays information for all configured VMANs.
History
This command was first available in ExtremeXOS 11.0.
Information on IEE 802.1ah was added in ExtremeXOS 11.4.
The tag option was added in ExtremeXOS 12.4.4.
Port CVID output was added in ExtremeXOS 15.3.2.
Platform Availability
This command is available on all platforms.
CEP information is displayed only on BlackDiamond X8, BlackDiamond 8800 series switches and
Summit family switches.
Description
Displays the EAPS domains to which the VMAN belongs.
Layer 2 Basics
196
Syntax Description
vman_name
Default
N/A.
Usage Guidelines
None.
Example
The following example displays a list of EAPS domains for the campus1 VMAN:
show vman campus1 eaps
History
This command was first available in ExtremeXOS 11.0.
Information on IEE 802.1ah was added in ExtremeXOS 11.4.
Platform Availability
This command is available on all platforms.
Description
Displays the ethertype information and secondary ethertype port_ list for VLANs, VMANs and PBBNs
Syntax Description
This command has no arguments or variables.
Default
N/A.
Layer 2 Basics
197
Usage Guidelines
None.
Example
The following example shows the command output on switches that support only VMANs:
vMan ethertype: 0x88a8
The following example shows the command output on switches that support PBBNs:
# show vman ethertype
vman ethertype : 0x88a8
bvlan ethertype: 0x88b5
The following example shows the command output when a secondary ethertype is configured with
ports information:
# show vman ethertype
Vman Primary ethertype
Vman Secondary ethertype
BVlan ethertype
Secondary ethertype ports
:
:
:
:
0x9100
0x8100
0x88b5
6:2g 6:3
The letter g in the port list indicates that the port is a LAG/Trunk port, the details of which can be seen
using the show port sharing command.
History
This command was first available in ExtremeXOS 11.0.
Information on IEE 802.1ah was added in ExtremeXOS 11.4.
Platform Availability
This command is available on all platforms.
Description
Displays the L2PT configuration and status of a service.
Layer 2 Basics
198
Syntax Description
vlan
vman
vlan_name
ports port_list
detail
Default
Disabled.
Usage Guidelines
Use this command to display the L2PT configuration and status of a service.
Example
The following is an example of the show vman ports l2pt command:
# show vman cust2 ports 1:2,1:7 l2pt
Interface
--------------1:2
1:7
The following example illustrates the show vman l2pt ports detail command:
# show vman cust2 ports 1:2,1:7 l2pt detail
Port 1:2
L2PT Profile Name
: my_l2pt_profile
Protocol Filter Name
: filter1
Destination Address: 01:80:C2:00:00:02
Protocol Id Type
: etype
Protocol Id Value : 0x8902
Field Offset
: 14
Field Value
: 03
Field Mask
: FF
Action
: Tunnel
CoS
: Default
Packets Transmitted: 2300
Packets Received
: 2300
Protocol Filter Name
: filter2
Destination Address: 01:80:C2:00:00:00
Protocol Id Type
: snap
Protocol Id Value : 0x4041
Field Offset
:
Field Value
:
Field Mask
:
Action
: Tunnel
CoS
: 7
Layer 2 Basics
199
: (none)
History
This command was first available in ExtremeXOS 15.5.
Platform Availability
This command is available on all platforms.
Description
Removes the description for the specified VLAN.
Syntax Description
vlan_name
Default
N/A.
Usage Guidelines
None.
Example
The following example removes the description from VLAN vlan1:
unconfigure vlan vlan1 description
History
This command was first available in ExtremeXOS 12.4.4.
Platform Availability
This command is available on all platforms.
Layer 2 Basics
200
Description
Removes the IP address of the VLAN or a VMAN. With no parameters, the command removes the
primary IPv4 address on the specified VLAN. Using the IPv6 parameters, you can remove specified IPv6
addresses from the specified VLAN.
Syntax Description
vlan_name
ipv6_address_mask
Default
Removes the primary IPv4 address from the specified VLAN or VMAN.
Usage Guidelines
Note
With IPv6, you cannot remove the last link local IPv6 address until all global IPv6 addresses
are removed. For MLAG configurations, you cannot remove an IP address from a VLAN until
after you delete the MLAG peer.
Example
The following command removes the primary IPv4 address from the VLAN "accounting":
unconfigure vlan accounting ipaddress
The following command removes an IPv6 addresses from the VLAN "finance":
unconfigure vlan finance ipaddress 3ffe::1
History
This command was first available in ExtremeXOS 10.1.
The IPv6 parameters were added in ExtremeXOS 11.2.
Platform Availability
This command is available on all platforms.
Layer 2 Basics
201
Description
Restores the default primary VMAN ethertype value of 0x88A8 or deletes the secondary ethertype
value.
Syntax Description
secondary
Default
If the secondary option is not specified, it restores the default primary VMAN ethertype value of
0x88a8.
Usage Guidelines
When you enter this command without the secondary option, the primary VMAN ethertype returns to
the default value of 0x88A8. If you specify the secondary option, the secondary VMAN ethertype value
is deleted (no value is assigned).
Note
Before unconfiguring the secondary VMAN ethertype, any secondary VMAN port must be
changed to the primary VMAN ethertype; otherwise the command fails.
Example
The following example restores the primary VMAN ethertype to the default value:
unconfigure vman ethertype
History
This command was first available in ExtremeXOS 11.0.
Platform Availability
This command is available on all platforms.
Layer 2 Basics
202