04-VLAN Operation 5500 PDF

Operation Manual VLAN
H3C S5500-SI Series Ethernet Switches
Table of Contents
Table of Contents
Chapter 1 VLAN Configuration .................................................................................................... 1-1
1.1 VLAN Overview.................................................................................................................. 1-1
1.1.1 Introduction to VLAN ............................................................................................... 1-1
1.1.2 VLAN Classification................................................................................................. 1-2
1.2 Basic VLAN Configuration ................................................................................................. 1-2
1.3 Basic VLAN Interface Configuration .................................................................................. 1-2
1.4 Port-Based VLAN Configuration ........................................................................................ 1-3
1.4.1 Introduction of Port-Based VLAN ............................................................................ 1-3
1.4.2 Configuring an Access Port-Based VLAN............................................................... 1-5
1.4.3 Configuring a Trunk Port-Based VLAN ................................................................... 1-6
1.4.4 Configuring a Hybrid Port-Based VLAN.................................................................. 1-7
1.5 Displaying VLAN Configuration ......................................................................................... 1-8
1.6 VLAN Configuration Example ............................................................................................ 1-9
1.6.1 Network Requirements............................................................................................ 1-9
1.6.2 Network Diagram..................................................................................................... 1-9
1.6.3 Configuration Procedure ......................................................................................... 1-9
Chapter 2 Voice VLAN Configuration.......................................................................................... 2-1
2.1 Voice VLAN Overview ....................................................................................................... 2-1
2.1.1 Automatic and Manual Voice VLAN Modes ............................................................ 2-1
2.1.2 Security and Ordinary Voice VLAN Modes ............................................................. 2-4
2.2 Voice VLAN Configuration ................................................................................................. 2-4
2.2.1 Configuration Prerequisites..................................................................................... 2-4
2.2.2 Configuring Voice VLAN in Automatic Mode .......................................................... 2-5
2.2.3 Configuring Voice VLAN in Manual Mode............................................................... 2-6
2.3 Displaying Voice VLAN...................................................................................................... 2-7
2.4 Voice VLAN Configuration Example .................................................................................. 2-7
2.4.1 Voice VLAN Configuration Example (Automatic Mode).......................................... 2-7
2.4.2 Voice VLAN Configuration Example (Manual Mode) .............................................. 2-9
Chapter 3 GVRP Configuration .................................................................................................... 3-1
3.1 Introduction to GARP......................................................................................................... 3-1
3.1.1 Introduction to GARP .............................................................................................. 3-1
3.1.2 Introduction to GVRP .............................................................................................. 3-3
3.1.3 Protocols and Standards......................................................................................... 3-4
3.2 Configuring GVRP ............................................................................................................. 3-4
3.2.1 Configuring GVRP................................................................................................... 3-4
3.2.2 Setting GARP Timer................................................................................................ 3-5
3.3 Displaying and Maintaining GARP/GVRP ......................................................................... 3-6

Table of Contents
3.4 GVRP Configuration Example ........................................................................................... 3-7

3.4.1 Example 1 ............................................................................................................... 3-7
3.4.2 Example 2 ............................................................................................................... 3-8
3.4.3 Example 3 ............................................................................................................... 3-9
ii

Chapter 1 VLAN Configuration

1.1 VLAN Overview
1.1.1 Introduction to VLAN
The virtual local area network (VLAN) technology is developed for switches to control
broadcast operations in LANs.
By creating VLANs in a physical LAN, you can divide the LAN into multiple logical LANs,
each of which has a broadcast domain of its own. Hosts in the same VLAN
communicate with each other as if they are in a LAN. However, hosts in different VLANs
cannot communicate with each other directly. In this way, a broadcast frame is confined
within one VLAN, as shown in Figure 1-1.
VLAN A
LAN Switch
VLAN B
VLAN A
LAN Switch
VLAN A
VLAN B
VLAN B
Router
Figure 1-1 A VLAN implementation

A VLAN can span across multiple switches, or even routers. This enables hosts in a
VLAN to be dispersed in a more loose way. That is, hosts in a VLAN can belong to
different physical network segments.
VLAN enjoys the following advantages.
z
Broadcasts are confined to VLANs. This decreases bandwidth utilization and

improves network performance.
Network security is improved. Packets of different VLANs are isolated during

transmission. That is, hosts in different VLANs cannot communicate with each
other directly. To enable communications between different VLANs, network
devices operating on Layer 3 (such as routers or Layer 3 switches) are needed.
1-1

z
Configuration workload is reduced. VLAN can be used to group specific hosts.

When the physical position of a host changes, no additional network configuration
is required if the host still belongs to the same VLAN.
1.1.2 VLAN Classification

Depending on how VLANs are established, VLANs fall into the following six categories:
z
Port-based VLAN
MAC-based VLAN
Protocol-based VLAN
IP sub network-based VLAN
Policy-based VLAN
Other VLAN
H3C S5500-SI Series Ethernet Switch supports the port-based VLAN. This chapter will
focus on the port-based VLAN.
1.2 Basic VLAN Configuration

Table 1-1 Basic VLAN configuration
To do
Use the command
Enter system view
system-view
Create VLANs in bulk
vlan { vlan-id1
vlan-id2 | all }
Remarks
to
Optional
Required
Create a VLAN and

enter VLAN view
vlan vlan-id
If the specified VLAN does not

exist, this command will first
create the VLAN, and then
enter VLAN view.
Optional
Specify the description

string of the VLAN
description text
By default, the description

string of a VLAN is its VLAN
ID, such as VLAN 0001.
1.3 Basic VLAN Interface Configuration

VLAN interface is a virtual interface in Layer 3 mode, and mainly used in realizing the
Layer 3 connectivity between different VLANs.
1-2

Table 1-2 Configure a VLAN interface

To do
Use the command
Enter system view
system-view
Remarks
Required
Create a VLAN interface

and enter VLAN interface
view
interface vlan-interface
vlan-interface-id
Configure IP address of
VLAN interface
ip address ip-address
{ mask | mask-length }
[ sub ]
If the specified VLAN

interface does not exist,
this command will create
it first and then enter
VLAN interface view.
Optional
By default, no IP address
is configured for a VLAN
interface
Optional
Specify the description

string for the current
VLAN interface
description text
By default, the description

string of a VLAN interface
is the name of the VLAN
interface,
such
as
Vlan-interface1
interface.
Optional
Enable
Interface
the
VLAN
undo shutdown
By default, if all the ports

under the VLAN interface
are down, the VLAN
interface is down; if one or
more ports under the
VLAN interface are up,
the VLAN interface is up.
Note:
Before creating a VLAN interface, the corresponding VLAN must exist. Otherwise, you
cannot create the VLAN interface successfully.
1.4 Port-Based VLAN Configuration

1.4.1 Introduction of Port-Based VLAN
Port-based VLAN is the simplest and most effective VLAN division method. It defines
its VLAN members according to the ports of a switch. After a specified port is added into
a specified VLAN, the port can forward the packets of the specified VLAN.
1-3

I. Link Type of an Ethernet Port

Depending on how a port processes VLAN tags when it forwards packets, the link type
of the port can be one of the following three types:
z
Access. An access port belongs to only one VLAN; it strips VLAN tags when
sending the packets of the VLAN. An access port is generally used to connect a
user device.
Trunk. A trunk port can belong to more than one VLAN and receives/sends the
packets of multiple VLANs; it is generally used to connect a switch.
Hybrid. A hybrid port can also belong to more than one VLAN and receives/sends
the packets of multiple VLANs; it is used to connect a switch or a user device.
The difference between the hybrid port and the trunk port is that:
z
A hybrid port allows the packets from multiple VLANs to be sent without tags.
A trunk port only allows the packets from the default VLAN to be sent without tags.
II. Default VLAN

You can configure a VLAN for a port. In additional, you can also configure a default
VLAN for the port. By default, the default VLAN of all the ports is VLAN 1. But you can
configure it as needed.
z
The default VLAN of an access port is the VLAN the access port belongs to and
cannot be configured.
Both of the trunk port and hybrid port allow multiple VLANs to pass through. You
can configure the default VLAN for them.
After you delete the default VLAN of a port through the undo vlan command, for
an access port, its default VLAN restore to VLAN 1; for a trunk or a hybrid port, its
default VLAN configuration remain unchanged, that is, a trunk port or hybrid port
can use the presently nonexistent VLAN as the default VLAN.
Note:
For ports of a voice VLAN in automatic mode, you cannot configure the voice VLAN as
the default VLAN of the ports. If you do so, the system will prompt that you cannot
perform the configuration. For information about the voice VLAN, refer to Chapter 2
Voice VLAN Configuration.
The way by which a port processes incoming and outgoing packets depends on the link
type and default VLAN configured on it. Refer to the following table for details:
1-4

Table 1-3 Incoming and outgoing packets

Incoming packet
Port type
If no tag is
carried in the
packet
Outgoing packet
If a tag is carried in
the packet
z
Access
port
z
Receive the packet

when the VLAN ID
(recorded in the
tag) is the same
with the default
VLAN ID.
Drop the packet
when the VLAN ID
is different with the
default VLAN ID.
Remove the tag and send

the packet directly for the
VLAN ID is just the default
VLAN ID.
z
z
Trunk port
Encapsulate
the
default
VLAN tag to the
packet
z
Hybrid
port
Receive the packet

when the VLAN ID
(recorded in the
tag) is the same
with the default
VLAN ID.
Receive the packet
when the VLAN ID
default VLAN ID
but is allowed on
the port.
Drop the packet
when the VLAN ID
default ID and is
not allowed on the
port.
When the VLAN ID is

the same with the
default
VLAN
ID,
remove the tag of the
packet first and then
send the packet.
When the VLAN ID is
different
with
the
default VLAN ID but is
allowed on the port,
keep the original tag
and send the packet.
When the VLAN ID is

allowed on the port, send
the packet. You can
configure whether or not
to carry tags in the
outgoing packets of a
VLAN (including default
VLAN) through the port
hybrid vlan command.
1.4.2 Configuring an Access Port-Based VLAN

You can configure an access port-based VLAN in two ways: configure it in VLAN view,
or configure it in Ethernet port view/port group view.
1-5

Table 1-4 Configure an access port-based VLAN (in VLAN view)

To do
Enter system view
Use the command

system-view
Remarks
Required
Enter VLAN view
Add an Ethernet port to a

specified VLAN
vlan vlan-id
If the specified VLAN

does not exist, this
command will create the
VLAN first and then enter
VLAN view of the VLAN.
Required
port interface-list
By default, the system

adds all ports to VLAN 1.
Table 1-5 Configure an access port-based VLAN (in Ethernet port view or port group
view)
To do
Enter system view
Enter
Ethernet
port view
or
port
group
view
Use the command

system-view
Enter
Ethernet
port view
interface
interface-type
interface-number
Enter port
group view
port-group
{
manual
port-group-name
|
aggregation agg-id }
Remarks
Use either command

Configured in Ethernet
port view, the following
settings are effective on
the current port only;
configured in port group
view,
the
following
all ports in the port group
Optional
Configure a port as an
access port
port link-type access
Add the current access

port to a specified VLAN
port access vlan vlan-id
By default, a port is an
access port.
Required
By default, all access
ports belong to VLAN 1.
Note:
You must add an access port to an existing VLAN.
1.4.3 Configuring a Trunk Port-Based VLAN

A trunk port allows multiple VLANs to pass, and you can configure it in Ethernet port
view/port group view.
1-6

Table 1-6 Configure a trunk port-based VLAN

To do
Enter system view
Enter
Ethernet
port view
or
port
group view
Use the command
Remarks
system-view
Enter
Ethernet
port view
interface
interface-type
interface-number
Enter port
group view
port-group
{
manual
port-group-name
|
Use either command

Configured in Ethernet
port view, the following
the current port only;
configured in port group
view,
the
following
all ports in the port group
Required
Configure a port as a
trunk port
port link-type trunk
Add the current trunk

port to specified VLANs
port trunk permit vlan

{ vlan-id-list | all }
By default, the link type

of a port is access.
Required
By default, all trunk ports
only allow the packets of
VLAN 1 to pass.
Optional
Set the default VLAN for

the trunk port
port trunk
vlan-id
pvid
vlan
By default, the default

VLAN of the trunk port is
VLAN 1
Note:
z
A trunk port and a hybrid port cannot switch to each other directly but must be
configured as an access port first. For example, a trunk port cannot be configured to
be a hybrid port directly; you must specify the trunk port as an access port first, and
then specify the access port as a hybrid port.
The default VLAN ID of the trunk port on the local switch must be the same as that of
the trunk port on the peer switch. Otherwise, the packets of the default VLAN cannot
be transmitted correctly from the local end to the peer end.
1.4.4 Configuring a Hybrid Port-Based VLAN

A hybrid port allows multiple VLANs to pass, and you can configure it in Ethernet port
view/port group view.
1-7

Table 1-7 Configure a hybrid port-based VLAN

To do
Enter system view
Enter
Ethernet
port view
or
port
group
view
Use the command
Remarks
system-view
Enter
Ethernet
port view
interface
interface-type
interface-number
Enter port
group
view
port-group
{
manual
port-group-name
|
Use either command

Configured in Ethernet port
view, the following settings
are effective on the current
port only; configured in port
group view, the following
settings are effective on all
ports in the port group
Required
Configure a port as a
Hybrid port
port link-type hybrid
Add the current hybrid

port
to
specified
VLANs
port hybrid vlan vlan-id-list

{ tagged | untagged }
Set the default VLAN

for the hybrid port.
port hybrid
vlan-id
By default, the link type of a

port is access.
Required
By default, all hybrid ports
only allow VLAN 1 packets
to pass.
Optional
pvid
vlan
By default, the default

VLAN of the hybrid port is
VLAN 1
Note:
z
A trunk port and a hybrid port cannot switch to each other directly but must be
configured as an access port first. For example, a trunk port cannot be configured to
be a hybrid port directly. You must specify the trunk port as an access port first, and
then specify the access port to a hybrid port.
The VLANs configured to be permitted to pass through a hybrid port must exist.
1.5 Displaying VLAN Configuration

After the above configuration, you can execute the display command in any view to
view the running of the VLAN configuration, and to verify the effect of the configuration.
1-8

Table 1-8 Display the information about specified VLANs

To do
Use the command
Display the information

about specified VLANs
display vlan [ vlan-id1 [ to

vlan-id2 ] | all | static | dynamic |
reserved ]
Display the information

about specified VLAN
interface
Remarks
Available in any
view
display interface vlan-interface

[ vlan-interface-id ]
1.6 VLAN Configuration Example

1.6.1 Network Requirements
z
Switch A connects with Switch B through the trunk port GigabitEthernet1/0/1.
The default VLAN ID of the port is 100.
The port permits the packets from VLAN 2, VLAN 6 through 50, and VLAN 100 to
pass.
1.6.2 Network Diagram

GigabitEthernet1/0/1
Switch A
Switch B
Figure 1-2 Network diagram for port-based VLAN configuration
1.6.3 Configuration Procedure

1)
Configure Switch A
# Create VLAN 2, VLAN 6 through VLAN 50 and VLAN 100.

<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] quit
[Sysname] vlan 100
[Sysname] vlan 6 to 50
Please wait... Done.
# Enter Ethernet port view of GigabitEthernet1/0/1.

[Sysname] interface GigabitEthernet 1/0/1
1-9

# Configure GigabitEthernet1/0/1 as a trunk port, and configure its default VLAN ID as

VLAN 100.
[Sysname-GigabitEthernet1/0/1] port link-type trunk
[Sysname-GigabitEthernet1/0/1] port trunk pvid vlan 100
# Configure GigabitEthernet1/0/1 to permit the packets from VLAN 2, VLAN 6 through

50, and VLAN 100 to pass.
[Sysname-GigabitEthernet1/0/1] port trunk permit vlan 2 6 to 50 100
Please wait... Done.
2)
Configuration on Switch B is the same as that on Switch A.
1-10

Chapter 2 Voice VLAN Configuration

2.1 Voice VLAN Overview
Voice VLANs are VLANs configured specially for voice data stream. By adding the
ports with voice devices attached to voice VLANs, you can perform quality of service
(QoS)-related configuration for voice data, ensuring the transmission priority of voice
data stream and voice quality.
S5500-SI series Ethernet switches determine whether a received packet is a voice
packet by checking its source MAC address. If the source MAC addresses of packets
comply with the organizationally unique identifier (OUI) addresses configured by the
system, the packets are determined as voice packets and transmitted in voice VLAN.
You can configure an OUI address for voice packets or specify to use the default OUI
address.
The following table shows the five default OUI addresses of a switch.
Table 2-1 Default OUI addresses preset by the switch
Number
OUI Address
Vendor
0001-e300-0000
Siemens phone
0003-6b00-0000
Cisco phone
00d0-1e00-0000
Pingtel phone
00e0-7500-0000
Polycom phone
00e0-bb00-0000
3com phone
Note:
z
An organizationally unique identifier (OUI) address is a globally unique identifier

assigned to a vendor by Institute of Electrical and Electronics Engineers (IEEE). You
can determine which vendor a device belongs to according to the OUI address
which forms the first 24 bits of a MAC address.
You can add or delete the default OUI address manually.
2.1.1 Automatic and Manual Voice VLAN Modes

According to how a port is added to the voice VLAN, the port can work in one of the two
voice VLAN modes: automatic and manual.
2-1

z
In automatic mode, the system identifies the source MAC address contained in the
untagged packet sent when the IP phone is powered on and matches it against the
OUI addresses. If a match is found, the system will automatically add the port into
the Voice VLAN and send ACL rules to ensure the packet precedence. An aging
time can be configured on the device. The system will remove a port from the
voice VLAN if no voice packets are received from it within the aging time. The
adding and deleting of ports are automatically realized by the system.
In manual mode, the administrator adds the IP phone access port directly to the
voice VLAN. The system then identifies the source MAC address contained in the
packets on the port, matches it against the OUI addresses, and decides whether
to forward the packets in the voice VLAN. When the administrator adds a port to
the voice VLAN, the device automatically applies ACL rules to the port to configure
packet priority. In this mode, the adding or deleting of ports is realized by the
administrators.
In any of the two modes, the port forwards tagged packets in the same manner: forward
the tagged packets based on the VLAN IDs contained in them.
The above two working modes are configured in Ethernet port view. The voice VLAN
working modes of different ports are independent and different ports can be configured
to work in different modes.
The following table lists the co-relation between voice VLAN modes, voice traffic types
of IP phones, and port types.
Table 2-2 Port modes and voice stream types
Port voice VLAN
mode
Voice
stream type
Port type
Access
Supported or not
Not supported
Supported
Trunk
Tagged voice
stream
Make sure the default

VLAN of the port exists
and is not a voice VLAN.
And the port permits the
packets of the default
VLAN.
Supported
Automatic mode
Hybrid

and is in the list of the
tagged VLANs whose
packets are permitted by
the port.
Access
Untagged
voice stream
Trunk
Hybrid
2-2
Not supported.

Port voice VLAN

mode
Voice
stream type
Port type
Access
Supported or not
Not supported
Supported
Trunk
Tagged voice
stream

and is not a voice VLAN.
And the port permits the
packets of the default
VLAN.
Supported
Hybrid

and is in the list of the
tagged VLANs whose
packets are permitted by
the port.
Supported
Manual mode
Access

VLAN of the port is a
voice VLAN.
Supported
Trunk
Untagged
voice stream

voice VLAN and the port
permits the packets of the
VLAN.
Supported
Hybrid
2-3

voice VLAN and is in the
list of untagged VLANs
whose
packets
are
permitted by the port.

Caution:
z
If the voice stream transmitted by your IP phone is with VLAN tag and the port which
the IP phone is attached to is enabled with 802.1x authentication and 802.1x guest
VLAN, assign different VLAN IDs for the voice VLAN, the default VLAN of the port,
and the 802.1x guest VLAN to ensure the two functions to operate properly.
If the voice stream transmitted by the IP phone is without VLAN tag, the default
VLAN of the port which the IP phone is attached to can only be configured as a voice
VLAN for the voice VLAN function to take effect. In this case, 802.1x authentication
is unavailable.
Note:
z
The default VLAN of all ports is VLAN 1. You can use the corresponding command
to specify a default VLAN for a port, and allow certain VLAN to pass through the port.
Relate command 1.4 Port-Based VLAN
Use the display interface command to display the VLANs allowed to pass through
a port and the default VLAN of the port.
2.1.2 Security and Ordinary Voice VLAN Modes

According to the packet filtering scheme of a port with voice VLAN function enabled, the
port works in one of the two voice VLAN modes: security and ordinary.
z
In security mode, the port with the voice VLAN function enabled allows only the
voice packets with source MAC address being recognizable OUI address. Other
packets are discarded (including some authentication packets, like 802.1x
authentication packets).
In ordinary mode, the port with voice VLAN function enabled allows both voice
packets and other types of packets to pass. Voice packets comply with the filtering
rule of the voice VLAN and other types of packets comply with the filtering rule of
the ordinary VLAN.
You are recommended not to transmit voice data and other service data in the voice
VLAN simultaneously. If you need to do so, make sure the voice VLAN mode is
ordinary.
2.2 Voice VLAN Configuration

2.2.1 Configuration Prerequisites
z
Create the corresponding VLAN before configuring voice VLAN.

2-4

z
VLAN 1 is the default VLAN and do not need to be created. But VLAN 1 does not
support the voice VLAN function.
2.2.2 Configuring Voice VLAN in Automatic Mode

Table 2-3 Configure voice VLAN in automatic mode
To do
Enter system view
Use the command
Remarks
system-view
Optional
Set the aging time for the
voice VLAN
voice vlan aging minutes
The default aging time is

1,440 minutes, and only
effective for the port in
automatic mode.
Optional
Enable the voice VLAN

security mode
voice
vlan
enable
Set an OUI address that

can be identified by the
voice VLAN
voice vlan mac-address

oui
mask
oui-mask
[ description text ]
Optional

function globally
voice vlan vlan-id enable
Required
Enter port view
interface interface-type
interface-number
Set the voice VLAN

operation
mode
to
automatic mode
security
By default, the voice

VLAN security mode is
enabled.
A voice VLAN has five

default OUI addresses.
Optional
voice vlan mode auto
The default voice VLAN

operation
mode
is
automatic mode.
Required

function for the port
voice vlan enable
By default, the voice

VLAN function is not
enabled for a port.
Note:
For ports working in automatic mode, you cannot configure the default VLAN as the
voice VLAN. Otherwise, the system prompts you cannot perform the configuration.
2-5

2.2.3 Configuring Voice VLAN in Manual Mode

Table 2-4 Configure voice VLAN in manual mode
To do
Use the command
Enter system view
system-view

security mode
voice vlan
enable
Set an OUI address to be

one that can be identified
by the voice VLAN
voice
vlan
mac-address
oui
mask
oui-mask
[ description text ]

function globally
voice vlan
enable
Enter port view
interface
interface-type
interface-number
Set voice VLAN operation

mode to manual mode
undo voice vlan mode

auto
Remarks
security
vlan-id
Optional
By default, the voice VLAN
security mode is enabled.
Optional
By default, after the voice
VLAN is enabled, it has five
OUI addresses.
Required
Required
The default voice VLAN
operation mode is automatic
mode.
Required
By default, all ports belong
to VLAN 1.
Add the manual mode

port to the voice VLAN
Refer to section 1.4

Port-Based VLAN
When you add a hybrid port

to the voice VLAN, you need
to configure the hybrid port
to keep or strip the VLAN tag
of the voice stream. Refer to
Table 2-2 Port modes and
voice stream types.
Optional
By default, the default VLAN
of all ports is VLAN 1.
Specify the voice VLAN

as the default VLAN of the
port
Refer to section 1.4

Port-Based VLAN
Whether you need to

configure the voice VLAN as
the default VLAN of a port,
refer to Table 2-2 Port
modes and voice stream
types.
Required

function for the port
voice vlan enable
2-6
By default, the voice VLAN

function is disabled on a
port.

Note:
Note the following when configuring voice VLAN in manual and automatic modes.
z
You can enable the voice VLAN function for only one static VLAN on a switch. And a
dynamic VLAN cannot be configured as a voice VLAN.
You cannot enable the voice VLAN function for a port if it has been enabled with the
link aggregation control protocol (LACP).
2.3 Displaying Voice VLAN

After the above configurations, you can execute the display command in any view to
view the running status and verify the configuration effect.
Table 2-5 Display a voice VLAN
To do...
Use the command...
Display the voice VLAN state
display voice vlan state
Display the OUI addresses

currently supported by system
display voice vlan oui
Remarks
Available in any view
2.4 Voice VLAN Configuration Example

2.4.1 Voice VLAN Configuration Example (Automatic Mode)
I. Network requirements
z
Create VLAN 2 and configure it as a voice VLAN with an aging time of 100
minutes.
Configure GigabitEthernet1/0/1 port as a trunk port, with VLAN 6 as the default

port.
The device allows voice packets from GigabitEthernet 1/0/1 with an OUI address
of 0011-2200-0000 and a mask of ffff-ff00-0000 to be forwarded through the voice
VLAN.
2-7

II. Network diagram
VLAN 2
WAN
GigabitEthernet
1/0/1
Tel.1 010-1001
OUI:0011-2200-0000
Mask:ffff-ff00-0000
Figure 2-1 Network diagram for configuration of voice VLAN in automatic mode
III. Configuration procedure

# Create VLAN 2, VLAN 6.
[Sysname] vlan 2
[Sysname] vlan 6
# Set aging time for the voice VLAN

[Sysname] voice vlan aging 100
# Set 0011-2200-0000 to be one that can be identified by the voice VLAN

[Sysname]
voice
vlan
mac-address
0011-2200-0000
mask
ffff-ff00-0000
description test
# Enable the global voice VLAN function.

[Sysname] voice vlan 2 enable
# Set the voice VLAN operation mode of GigabitEthernet1/0/1 to automatic mode.

[Sysname-GigabitEthernet1/0/1] voice vlan mode auto
# Specify port GigabitEthternet1/0/1 as a Trunk port.

# Set the default VLAN of the port to VLAN 6, and the port permits VLAN 6 to pass.
[Sysname-GigabitEthernet1/0/1] port trunk permit vlan 6
[Sysname-GigabitEthernet1/0/1] port trunk pvid vlan 6
# Enable the voice VLAN function for the port.

[Sysname-GigabitEthernet1/0/1] voice vlan enable
2-8

2.4.2 Voice VLAN Configuration Example (Manual Mode)

z
Create VLAN 2 and configure it as a voice VLAN.
The voice stream transmitted by the IP phone is untagged, and the port which the
IP phone is attached to is a Hybrid port GigabitEthernet1/0/1.
GigbitEthernet1/0/1 works in manual mode, and only permits the voice packets
with the following features to pass: OUI address is 0011-2200-0000; network
mask is ffff-ff00-0000 and description string is test.
II. Network diagram
VLAN 2
WAN
GigabitEthernet
1/0/1
Tel.1 010-1001
OUI:0011-2200-0000
Mask:ffff-ff00-0000
Figure 2-2 Voice VLAN Configuration Example

# Set the voice VALN to work in security mode to permit the legal voice packets to pass
(optional, defaults to security mode).
[Sysname] voice vlan security enable
# Set 0011-2200-0000 to be one that can be identified by the voice VLAN

[Sysname]
voice
vlan
mac-address
0011-2200-0000
mask
description test
# Create VLAN 2, and enable the voice VLAN function for it.
[Sysname] vlan 2
[Sysname] voice vlan 2 enable
# Set GigabitEthernet1/0/1 to work in the manual mode.

[Sysname-GigabitEthernet1/0/1] undo voice vlan mode auto
# Configure GigabitEthernet1/0/1 as a Hybrid port.
2-9
ffff-ff00-0000

[Sysname-GigabitEthernet1/0/1] port link-type hybrid
# Configure VLAN 2 as the default VLAN of port GigabitEthernet1/0/1, and allow

packets of VLAN 2 to pass through the port.
[Sysname-GigabitEthernet1/0/1] port hybrid pvid vlan 2
[Sysname-GigabitEthernet1/0/1] port hybrid vlan 2 untagged
# Enable the voice VLAN function for the port GigabitEthernet1/0/1.

[Sysname-GigabitEthernet1/0/1] voice vlan enable
IV. Displaying and verification

# display the currently supported OUI addresses and the related information.
[Sysname-GigabitEthernet1/0/1] display voice vlan oui
Oui Address
Mask
Description
0001-e300-0000
ffff-ff00-0000
Siemens phone
0003-6b00-0000
ffff-ff00-0000
Cisco phone
0011-2200-0000
ffff-ff00-0000
test
00d0-1e00-0000
ffff-ff00-0000
Pingtel phone
00e0-7500-0000
ffff-ff00-0000
Polycom phone
00e0-bb00-0000
ffff-ff00-0000
3com phone
# Display current voice VLAN state.

[Sysname-GigabitEthernet1/0/1] display voice vlan state
Voice VLAN status: ENABLE
Voice VLAN ID: 2
Voice VLAN security mode: Security
Voice VLAN aging time: 100 minutes
Voice VLAN enabled port and its mode:
PORT
MODE
-------------------------------GigabitEthernet1/0/1
MANUAL
2-10

Chapter 3 GVRP Configuration

3.1 Introduction to GARP
3.1.1 Introduction to GARP
The generic attribute registration protocol (GARP), provides a mechanism that allows
participants in a GARP application to distribute, propagate, and register with other
participants in a bridged LAN the attributes specific to the GARP application, such as
the VLAN or multicast address attribute.
GARP-compliant application entities are called GARP applications. One example is
GVRP. When a GARP application entity is present on a port on your device, this port is
regarded a GARP application entity.
I. GARP messages and timers

1)
GARP messages
Generally, GARP participants exchange information with each other through the
following three types of messages: Join, Leave, and LeaveAll.
z
Join to announce the willingness to register attributes with other participants.
Leave to announce the willingness to deregister with other participants. Together

with Join messages, Leave messages guarantee attribute reregistration and
deregistration.
LeaveAll to deregister all attributes. A LeaveAll message is sent upon expiration of

a LeaveAll timer which starts upon the startup of a GARP application entity.
Through message exchange, all attribute information that needs registration

propagates to all GARP participants throughout a bridged LAN.
2)
GARP timers
GARP sets interval for sending GARP messages by using these four timers:
z
Hold timer When a GARP application entity receives the first registration
request, it starts a hold timer and collects succeeding requests. When the timer
expires, the entity sends all these requests in one Join message. This can thus
help you save bandwidth.
Join timer A GARP application entity can send a Join message twice to ensure
the message can be transmitted to other entities. The sending interval is set on the
join timer.
Leave timer Starts upon receipt of a Leave message. When this timer expires,
the GARP application entity removes attribute information as requested.
3-1

z
Leaveall timer Starts when a GARP application entity starts. When this timer
expires, the entity sends a LeaveAll message so that other entities can re-register
its attribute information. Then, a leaveall timer starts again.
Note:
z
The settings of GARP timers apply to all GARP applications, such as GVRP, running
on a LAN.
Unlike other three timers which are set on a port basis, the leaveall timer is set in
system view and takes effect globally.
A GARP application entity may send LeaveAll messages at the interval set by its
LeaveAll timer or the leaveall timer of another GARP application entity on the
network, whichever is smaller.
II. Operating mechanism of GARP

The GARP mechanism allows the configuration of a GARP participant to propagate
throughout a LAN quickly. In GARP, a GARP participant registers or deregisters its
attributes with other participants by making or withdrawing declarations of attributes
and at the same time, based on received declarations or withdrawals handles attributes
of other participants.
GARP application entities send protocol data units (PDU) with a particular multicast
MAC address as destination. Based on this address, a device can identify to which
GVRP application, GVRP for example, should a GARP PDU be delivered.
III. GARP message format

The following figure illustrates the GARP message format.
Figure 3-1 GARP message format
3-2

The following table describes the GARP message fields.

Table 3-1 Description on the GARP message fields
Field
Description
Value
Protocol ID
Protocol identifier for GARP
Message
One or multiple messages, each

containing an attribute type and an
attribute list
Attribute Type
Defined by the concerned GARP

application
0x01
for
GVRP,
indicating the VLAN ID
attribute
Attribute List
Consists of one or multiple attributes
Attribute
Consists of an Attribute Length, an

Attribute Event, and an Attribute
Value. If the Attribute Event is
LeaveAll, Attribute Value is omitted
Attribute Length
Number of octets occupied by an

attribute, inclusive of the attribute
length field
2 to 255 in bytes
0: LeaveAll
1: JoinEmpty
Attribute Event
Event described by the attribute
2: JoinIn
3: LeaveEmpty
4: LeaveIn
5: Empty
Attribute Value
Attribute value
VLAN ID for GVRP
End Mark
Indicates the end of PDU of GARP
3.1.2 Introduction to GVRP

GVRP enables a device to propagate local VLAN registration information to other
participant devices and dynamically update the VLAN registration information from
other devices to its local database. It thus ensures that all GVRP participants on a
bridged LAN maintain the same VLAN registration information. The VLAN registration
information propagated by GVRP includes both manually configured local static entries
and dynamic entries from other devices.
GVRP provides the following three registration types on a port:
z
Normal Enables a port to dynamically register and deregister VLANs, and to

propagate both dynamic and static VLAN information.
3-3

z
Fixed Disables the port to dynamically register/deregister VLANs or propagate

dynamic VLAN information, but allows the port to propagate static VLAN
information. A trunk port with fixed registration type thus allows only manually
configured VLANs to pass through even though it is configured to carry all VLANs.
Forbidden Disables the port to dynamically register/deregister VLANs, and to

propagate VLAN information except for VLAN 1. A trunk port with forbidden
registration type thus allows only VLAN 1 to pass through even though it is
configured to carry all VLANs.
3.1.3 Protocols and Standards

IEEE 802.1Q specifies GVRP.
3.2 Configuring GVRP

When configuring GVRP, you need to configure timers, enable GVRP, and configure
GVRP registration mode.
Note:
GVRP can be configured only on a trunk port.
3.2.1 Configuring GVRP

Table 3-2 Configure GVRP on a trunk port
To do
Use the command
Enter system view
system-view
Enable GVRP globally
gvrp
Enter Ethernet
port view
Enter Ethernet
port view or
port-group view
Enter
port-group view
Enable GVRP on the port
interface
interface-type
interface-number
port-group { manual
port-group-name
|
gvrp
3-4
Remarks
Required
Disabled by default
Perform either of the
commands.
Depending on the
view you accessed,
the
subsequent
configuration takes
effect on a port or all
ports
in
a
port-group.
Required
Disabled by default

To do
Configure GVRP
mode on the port
Use the command

registration
gvrp
registration
{ fixed | forbidden |
normal }
Remarks
Optional
The
default
normal
is
Note:
BPDU TUNNEL is not compatible with GVRP. The two cannot be applied
simultaneously on a port. If you want to enable GVRP on a port, you need to disable
BPDU TUNNEL first.
3.2.2 Setting GARP Timer

Table 3-3 Set GARP timer
To do
Use the command
Enter system view
Remarks
system-view
Optional
garp timer
timer-value
Set GARP LeaveAll timer
Enter Ethernet
port view
Enter Ethernet
port view or
port-group view
Enter
port-group view
leaveall
interface
interface-type
interface-number
port-group { manual
port-group-name
|
By
default,
the
LeaveAll timer is set
to
1,000
centiseconds.
Perform either of the
commands.
Depending on the
view you accessed,
the
subsequent
configuration takes
effect on a port or all
ports
in
a
port-group.
Optional
Set GARP Hold timer, Join timer
and Leave timer
garp timer { hold | join

| leave } timer-value
By default, the Hold,

Join, and Leave
timers are set to 10,
20,
and
60
centiseconds
respectively.
When configuring GARP timers, note that their values are dependent on each other
and must be a multiplier of five centiseconds. If the value range for a timer is not desired,
you may change it by tuning the value of another timer as shown in the following table:
3-5

Table 3-4 Dependencies of GARP timers

Timer
Lower limit
Upper limit
Not greater than half of the
join timer setting
Hold
Join
Leave
10 centiseconds
You can change this value

by changing the value of the
join timer.
Not less than two times the hold

timer setting
Less than half of the leave

timer setting
You can change this value by

changing the value of the hold
timer.

leave timer.
Greater than two times the join

timer setting
Less than the leaveall timer

setting

changing the value of the join
timer.

leaveall timer.
Greater than the leave timer

setting
Leaveall

changing the value of the leave
timer
32,765 centiseconds
3.3 Displaying and Maintaining GARP/GVRP

Table 3-5 Display and Maintain GARP/GVRP
To do
Use the command
Display statistics about

GARP
display garp statistics

[ interface interface-list ]
Display GARP timers for

all or specified ports
display
garp
timer
Display statistics about

GVRP
display gvrp statistics

Display the global GVRP

state
display gvrp status
Clear the GARP statistics
reset garp statistics

Remarks
Available in any view
3-6
Available in user view

3.4 GVRP Configuration Example

3.4.1 Example 1
Configure GVRP on devices and specify the port registration mode as normal to realize
dynamic VLAN information registration and update among devices.
II. Network diagram

GigabitEthernet
1/0/1
GigabitEthernet
1/0/2
Switch A
Switch B
Figure 3-2 Network diagram for GVRP configuration

1)
Configure Switch A
# Enable GVRP globally.

[Sysname] gvrp
# Configure port GigabitEthernet1/0/1 as trunk, allowing all VLANs to pass.

[Sysname-GigabitEthernet1/0/1] port trunk permit vlan all
# Enable GVRP on GigabitEthernet1/0/1.

[Sysname-GigabitEthernet1/0/1] gvrp
# Display static VLAN2.

[Sysname-GigabitEthernet1/0/1] quit
[Sysname] vlan 2
[Sysname-vlan2]
2)
Configure Switch B

[Sysname] gvrp
# Configure port GigabitEthernet 1/0/2 as trunk, allowing all VLANs to pass.

3-7

# Enable GVRP on GigabitEthernet 1/0/2.

# Configure static VLAN3.

[Sysname] vlan 3
[Sysname-vlan3]
3)
Display configuration results
# Display dynamic VLAN on Switch A.

[Sysname-vlan2] display vlan dynamic
Now, the following dynamic VLAN exist(s):
3
# Display dynamic VLAN on Switch B

2
3.4.2 Example 2
Enable GVRP on devices and configure the port registration mode as fixed to realize
dynamic registration and update of some VLAN information between devices.
II. Network diagram

GigabitEthernet
1/0/1
GigabitEthernet
1/0/2
Switch A
Switch B

1)
Configure Switch A

[Sysname] gvrp

# Enable GVRP on GigabitEthernet1/0/1

3-8

# Configure the GVRP registration mode as fixed.

[Sysname-GigabitEthernet1/0/1] gvrp registration fixed
# Create static VLAN 2.

[Sysname] vlan 2
[Sysname-vlan2]
2)
Configure Switch B

[Sysname] gvrp

# Enable GVRP on GigabitEthernet1/0/2


[Sysname] vlan 3
[Sysname-vlan3]
3)
Display the configuration
# Display the dynamic VLAN information on Switch A

No dynamic vlans exist!
# Display the dynamic VLAN information on Switch B.

2
3.4.3 Example 3
Enable GVRP on devices and configure the port registration mode as forbidden to
forbid dynamic registration and update of VLAN information between devices.
3-9

II. Network diagram

GigabitEthernet
1/0/1
GigabitEthernet
1/0/2
Switch A
Switch B

1)
Configure Switch A

<Sysname > system-view
[Sysname] gvrp
# Configure GigabitEthernet1/0/1 as a trunk port, allowing all VLANs to pass.

# Enable GVRP on the trunk port.

# Configure the GVRP registration mode as forbidden.

[Sysname-GigabitEthernet1/0/1] gvrp registration forbidden

[Sysname] vlan 2
[Sysname-vlan2]
2)
Configure Switch B

<Sysname > system-view
[Sysname] gvrp
# Configure GigabitEthernet1/0/2 as a trunk port, allowing all VLANs to pass.

# Enable GVRP on the trunk port.


3-10

[Sysname] vlan 3
[Sysname-vlan3]
3)
Display the configuration
# Display dynamic VLAN information on Switch A

# Display dynamic VLAN information on Switch B.

3-11

04-VLAN Operation 5500 PDF

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

04-VLAN Operation 5500 PDF

Загружено:

Авторское право:

Доступные форматы

Operation Manual VLAN

H3C S5500-SI Series Ethernet Switches

Operation Manual VLAN

3.4 GVRP Configuration Example ........................................................................................... 3-7

Operation Manual VLAN

Chapter 1 VLAN Configuration

Chapter 1 VLAN Configuration

Figure 1-1 A VLAN implementation

Broadcasts are confined to VLANs. This decreases bandwidth utilization and

Network security is improved. Packets of different VLANs are isolated during

Operation Manual VLAN

Chapter 1 VLAN Configuration

Configuration workload is reduced. VLAN can be used to group specific hosts.

1.1.2 VLAN Classification

IP sub network-based VLAN

1.2 Basic VLAN Configuration

Use the command

Enter system view

Create VLANs in bulk

Create a VLAN and

If the specified VLAN does not

Specify the description

By default, the description

1.3 Basic VLAN Interface Configuration

Operation Manual VLAN

Chapter 1 VLAN Configuration

Table 1-2 Configure a VLAN interface

Use the command

Enter system view

Create a VLAN interface

If the specified VLAN

Specify the description

By default, the description

By default, if all the ports

1.4 Port-Based VLAN Configuration

Operation Manual VLAN

Chapter 1 VLAN Configuration

I. Link Type of an Ethernet Port

II. Default VLAN

Operation Manual VLAN

Chapter 1 VLAN Configuration

Table 1-3 Incoming and outgoing packets

Receive the packet

Remove the tag and send

Receive the packet

When the VLAN ID is

When the VLAN ID is

1.4.2 Configuring an Access Port-Based VLAN

Operation Manual VLAN

Chapter 1 VLAN Configuration

Table 1-4 Configure an access port-based VLAN (in VLAN view)

Use the command

Enter VLAN view

Add an Ethernet port to a

If the specified VLAN

By default, the system

Use the command

Use either command

port link-type access

Add the current access

port access vlan vlan-id

1.4.3 Configuring a Trunk Port-Based VLAN