HP 5500 Ei 5500 Si Switch Series Configuration Guide
Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 313
102
Task Command Remarks
Clear the spanning tree statistics. reset stp [ interface interface-list ] Available in user view
Spanning tree configuration examples
MSTP configuration example
Network requirements
As shown in Figure 28:
• A
ll devices on the network are in the same MST region. Device A and Device B work at the
distribution layer. Device C and Device D work at the access layer.
• Configure MSTP so that packets of different VLANs are forwarded along different spanning trees:...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-312.png "Page 313
102
Task Command Remarks
Clear the spanning tree statistics. reset stp [ interface interface-list ] Available in user view
Spanning tree configuration examples
MSTP configuration example
Network requirements
As shown in Figure 28:
• A
ll devices on the network are in the same MST region. Device A and Device B work at the
distribution layer. Device C and Device D work at the access layer.
• Configure MSTP so that packets of different VLANs are forwarded along different spanning trees:...")
![Page 314
103
system-view
[DeviceA] stp region-configuration
[DeviceA-mst-region] region-name example
[DeviceA-mst-region] instance 1 vlan 10
[DeviceA-mst-region] instance 3 vlan 30
[DeviceA-mst-region] instance 4 vlan 40
[DeviceA-mst-region] revision-level 0
# Activate MST region configuration.
[DeviceA-mst-region] active region-configuration
[DeviceA-mst-region] quit
# Specify the current device as the root bridge of MSTI 1.
[DeviceA] stp instance 1 root primary
# Enable the spanning tree feature...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-313.png "Page 314
103
system-view
[DeviceA] stp region-configuration
[DeviceA-mst-region] region-name example
[DeviceA-mst-region] instance 1 vlan 10
[DeviceA-mst-region] instance 3 vlan 30
[DeviceA-mst-region] instance 4 vlan 40
[DeviceA-mst-region] revision-level 0
# Activate MST region configuration.
[DeviceA-mst-region] active region-configuration
[DeviceA-mst-region] quit
# Specify the current device as the root bridge of MSTI 1.
[DeviceA] stp instance 1 root primary
# Enable the spanning tree feature...")
![Page 315
104
# Specify the current device as the root bridge of MSTI 4.
[DeviceC] stp instance 4 root primary
# Enable the spanning tree feature globally.
[DeviceC] stp enable
5. Configure Device D:
# Enter MST region view, configure the MST region name as example, map VLAN 10, VLAN 30,
and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, resp ectively, and configure the revision level of the
MST region as 0.
system-view
[DeviceD] stp region-configuration
[DeviceD-mst-region] region-name example...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-314.png "Page 315
104
# Specify the current device as the root bridge of MSTI 4.
[DeviceC] stp instance 4 root primary
# Enable the spanning tree feature globally.
[DeviceC] stp enable
5. Configure Device D:
# Enter MST region view, configure the MST region name as example, map VLAN 10, VLAN 30,
and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, resp ectively, and configure the revision level of the
MST region as 0.
system-view
[DeviceD] stp region-configuration
[DeviceD-mst-region] region-name example...")
![Page 316
105
0 GigabitEthernet1/0/1 DESI FORWARDING NONE
0 GigabitEthernet1/0/2 ROOT FORWARDING NONE
0 GigabitEthernet1/0/3 DESI FORWARDING NONE
1 GigabitEthernet1/0/1 ROOT FORWARDING NONE
1 GigabitEthernet1/0/2 ALTE DISCARDING NONE
4 GigabitEthernet1/0/3 DESI FORWARDING NONE
# Display brief spanning tree information on Device D.
[DeviceD] display stp brief
MSTID Port...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-315.png "Page 316
105
0 GigabitEthernet1/0/1 DESI FORWARDING NONE
0 GigabitEthernet1/0/2 ROOT FORWARDING NONE
0 GigabitEthernet1/0/3 DESI FORWARDING NONE
1 GigabitEthernet1/0/1 ROOT FORWARDING NONE
1 GigabitEthernet1/0/2 ALTE DISCARDING NONE
4 GigabitEthernet1/0/3 DESI FORWARDING NONE
# Display brief spanning tree information on Device D.
[DeviceD] display stp brief
MSTID Port...")
100 Step Command Remarks 2. Enter interface view or port group view. • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: interface interface-type interface-number • Enter port group view: port-group manual port-group-name Use either command. 3. Enable the loop guard function for the ports. stp loop-protection Disabled by default. NOTE: • Do not enable loop guard on a port that connects user terminals. Otherwise, the port will stay in the discarding state in all MSTIs because it cannot receive BPDUs. • You cannot configure edge port settings and loop guard, or configure root guard and loop guard on a port at the same time. Enabling TC-BPDU guard When a switch receives topology change (TC) BP DUs (the BPDUs that notify devices of topology changes), the switch flushes its forwarding address en tries. If someone forges TC-BPDUs to attack the switch, the switch will receive a large number of TC-BPDUs within a short time and be busy with forwarding address entry flushing. This affects network stability. With the TC-BPDU guard function, you can set the maximum number of immediate forwarding address entry flushes that the device can perform every a specified period of time (10 seconds). For TC-BPDUs received in excess of the limit, the device performs a forwarding address entry flush when the time period expires. This prevents frequent flus hing of forwarding address entries. To e n ab l e TC - B PD U g u ard : Step Command Remarks 1. Enter system view. system-view N/A 2. Enable the TC-BPDU guard function. stp tc-protection enable Optional. Enabled by default. 3. Configure the maximum number of forwarding address entry flushes that the device can perform every 10 seconds. stp tc-protection threshold number Optional. 6 by default. NOTE: HP does not recommend you disable this feature. Enabling BPDU drop In a spanning tree network, after receiving BPDUs, the device performs STP calculation according to the received BPDUs and forwards received BPDUs to other devices in the network. This allows malicious a t t a c ke r s t o a t t a c k t h e n e t w o r k by f o r g i n g B P D U s . B y c o n t i n u o u s l y s e n d i n g f o rg e d B P D U s , t h e y c a n m a ke
101
all the devices in the network perform STP calculations all the time. As a result, problems such as CPU
overload and BPDU protocol status errors occur.
To avoid this problem, you can enable BPDU drop on ports. A BPDU drop-enabled port does not receive
any BPDUs and is invulnerable to forged BPDU attacks.
To enable BPDU drop on an Ethernet interface:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter Layer 2 Ethernet
interface view. interface
interface-type
interface-number N/A
3. Enable BPDU drop on the
current interface. bpdu-drop any
Disabled by default.
NOTE:
Because a port with BPDU drop enabled also drops the received 802.1X packets, do not enable BPDU
drop and 802.1X on a port at the same ti me. For more information about 802.1X, see
Security
Configuration Guide
.
Displaying and maintaining the spanning tree
Task Command Remarks
Display information about ports blocked
by spanning tree protection functions. display stp abnormal-port
[ | { begin |
exclude | include } regular-expression ] Available in any view
Display BPDU statistics on ports. display stp bpdu-statistics
[ interface
interface-type interface-number [ instance
instance-id ] ] [ | { begin | exclude |
include } regular-expression ] Available in any view
Display information about ports shut
down by spanning tree protection
functions. display stp down-port
[ | { begin |
exclude | include } regular-expression ] Available in any view
Display the historical information of port
role calculation for the specified MSTI or
all MSTIs. display stp
[ instance instance-id | vlan
vlan-id ] history [ slot slot-number ] [ |
{ begin | exclude | include }
regular-expression ] Available in any view
Display the statistics of TC/TCN BPDUs
sent and received by all ports in the
specified MSTI or all MSTIs. display stp
[ instance instance-id | vlan
vlan-id ] tc [ slot slot-number ] [ | { begin |
exclude | include } regular-expression ] Available in any view
Display the spanning tree status and
statistics. display stp
[ instance instance-id | vlan
vlan-id ] [ interface interface-list | slot
slot-number ] [ brief ] [ | { begin | exclude
| include } regular-expression ] Available in any view
Display the MST region configuration
information that has taken effect. display stp region-configuration
[ |
{ begin | exclude | include }
regular-expression ] Available in any view
Display the root bridge information of all
MSTIs. display stp root [ |
{ begin | exclude |
include } regular-expression ] Available in any view
102 Task Command Remarks Clear the spanning tree statistics. reset stp [ interface interface-list ] Available in user view Spanning tree configuration examples MSTP configuration example Network requirements As shown in Figure 28: • A ll devices on the network are in the same MST region. Device A and Device B work at the distribution layer. Device C and Device D work at the access layer. • Configure MSTP so that packets of different VLANs are forwarded along different spanning trees: Packets of VLAN 10 are forwarded along MSTI 1, those of VLAN 30 are forwarded along MSTI 3, those of VLAN 40 are forwarded along MSTI 4, and those of VLAN 20 are forwarded along MSTI 0. • VLAN 10 and VLAN 30 are terminated on the distribution layer devices, and VLAN 40 is terminated on the access layer devices. The root bridges of MSTI 1 and MSTI 3 are Device A and Device B, respectively, and the root bridge of MSTI 4 is Device C. Figure 28 Network diagram Configuration procedure 1. Configure VLANs and VLAN member ports (Details not shown.). Create VLAN 10, VLAN 20, and VLAN 30 on Devi ce A and Device B, respectively, VLAN 10, VLAN 20, and VLAN 40 on Device C, and VLAN 20, VLAN 30, and VLAN 40 on Device D. Configure the ports on these devices as trun k ports and assign them to related VLANs. 2. Configure Device A: # Enter MST region view; configure the MST region name as example; map VLAN 10, VLAN 30, a n d V L A N 4 0 t o M S T I 1 , M S T I 3 , a n d M S T I 4 , r e s p e c t i v e l y ; c o n f i g u r e t h e r e v i s i o n l e v e l o f t h e M S T region as 0. Permit: all VLANs P er m it : V L A Ns 2 0 a n d 3 0 P e rm i t : V LA Ns 1 0 a n d 2 0 Permit: VLANs 20 and 40 Permit: VLANs 20 and 30 Permit: VLANs 10 and 20 Device A Device B Device C Device D GE1/0/3 G E1/ 0 /2 GE1/0/3 G E 1/ 0 / 2 GE1/0/3 GE1/0/3G E1 /0 / 2 G E1/ 0 /2 MST region
103 system-view [DeviceA] stp region-configuration [DeviceA-mst-region] region-name example [DeviceA-mst-region] instance 1 vlan 10 [DeviceA-mst-region] instance 3 vlan 30 [DeviceA-mst-region] instance 4 vlan 40 [DeviceA-mst-region] revision-level 0 # Activate MST region configuration. [DeviceA-mst-region] active region-configuration [DeviceA-mst-region] quit # Specify the current device as the root bridge of MSTI 1. [DeviceA] stp instance 1 root primary # Enable the spanning tree feature globally. [DeviceA] stp enable 3. Configure Device B: # Enter MST region view, configure the MST region name as example, map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, resp ectively, and configure the revision level of the MST region as 0. system-view [DeviceB] stp region-configuration [DeviceB-mst-region] region-name example [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] instance 4 vlan 40 [DeviceB-mst-region] revision-level 0 # Activate MST region configuration. [DeviceB-mst-region] active region-configuration [DeviceB-mst-region] quit # Specify the current device as the root bridge of MSTI 3. [DeviceB] stp instance 3 root primary # Enable the spanning tree feature globally. [DeviceB] stp enable 4. Configure Device C: # Enter MST region view, configure the MST region name as example, map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, resp ectively, and configure the revision level of the MST region as 0. system-view [DeviceC] stp region-configuration [DeviceC-mst-region] region-name example [DeviceC-mst-region] instance 1 vlan 10 [DeviceC-mst-region] instance 3 vlan 30 [DeviceC-mst-region] instance 4 vlan 40 [DeviceC-mst-region] revision-level 0 # Activate MST region configuration. [DeviceC-mst-region] active region-configuration [DeviceC-mst-region] quit
104 # Specify the current device as the root bridge of MSTI 4. [DeviceC] stp instance 4 root primary # Enable the spanning tree feature globally. [DeviceC] stp enable 5. Configure Device D: # Enter MST region view, configure the MST region name as example, map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, resp ectively, and configure the revision level of the MST region as 0. system-view [DeviceD] stp region-configuration [DeviceD-mst-region] region-name example [DeviceD-mst-region] instance 1 vlan 10 [DeviceD-mst-region] instance 3 vlan 30 [DeviceD-mst-region] instance 4 vlan 40 [DeviceD-mst-region] revision-level 0 # Activate MST region configuration. [DeviceD-mst-region] active region-configuration [DeviceD-mst-region] quit # Enable the spanning tree feature globally. [DeviceD] stp enable 6. Verify the configurations: You can use the display stp brief command to display brief spanning tree information on each device after the ne twork is stable. # Display brief spanning tree information on Device A. [DeviceA] display stp brief MSTID Port Role STP State Protection \ 0 GigabitEthernet1/0/1 ALTE DISCARDING NONE 0 GigabitEthernet1/0/2 DESI FORWARDING NONE 0 GigabitEthernet1/0/3 ROOT FORWARDING NONE 1 GigabitEthernet1/0/1 DESI FORWARDING NONE 1 GigabitEthernet1/0/3 DESI FORWARDING NONE 3 GigabitEthernet1/0/2 DESI FORWARDING NONE 3 GigabitEthernet1/0/3 ROOT FORWARDING NONE # Display brief spanning tree information on Device B. [DeviceB] display stp brief MSTID Port Role STP State Protection \ 0 GigabitEthernet1/0/1 DESI FORWARDING NONE 0 GigabitEthernet1/0/2 DESI FORWARDING NONE 0 GigabitEthernet1/0/3 DESI FORWARDING NONE 1 GigabitEthernet1/0/2 DESI FORWARDING NONE 1 GigabitEthernet1/0/3 ROOT FORWARDING NONE 3 GigabitEthernet1/0/1 DESI FORWARDING NONE 3 GigabitEthernet1/0/3 DESI FORWARDING NONE # Display brief spanning tree information on Device C. [DeviceC] display stp brief MSTID Port Role STP State Protection \
105 0 GigabitEthernet1/0/1 DESI FORWARDING NONE 0 GigabitEthernet1/0/2 ROOT FORWARDING NONE 0 GigabitEthernet1/0/3 DESI FORWARDING NONE 1 GigabitEthernet1/0/1 ROOT FORWARDING NONE 1 GigabitEthernet1/0/2 ALTE DISCARDING NONE 4 GigabitEthernet1/0/3 DESI FORWARDING NONE # Display brief spanning tree information on Device D. [DeviceD] display stp brief MSTID Port Role STP State Protection \ 0 GigabitEthernet1/0/1 ROOT FORWARDING NONE 0 GigabitEthernet1/0/2 ALTE DISCARDING NONE 0 GigabitEthernet1/0/3 ALTE DISCARDING NONE 3 GigabitEthernet1/0/1 ROOT FORWARDING NONE 3 GigabitEthernet1/0/2 ALTE DISCARDING NONE 4 GigabitEthernet1/0/3 ROOT FORWARDING NONE Based on the output, you can draw the MSTI mapped to each VLAN, as shown in Figure 29. Figure 29 MSTIs mapped to different VLANs PVST configuration example Network requirements As shown in Figure 30: • D evice A and Device B work at the distribution layer. Device C and Device D work at the access layer. • Configure PVST so that packets of different VLANs are forwarded along different spanning trees.
106 • VLAN 10, VLAN 20, and VLAN 30 are terminated on the distribution layer devices, and VLAN 40 is terminated on the access layer devices. The root bridge of VL AN 10 and VL AN 20 is Device A, that of VLAN 30 is Device B, and that of VLAN 40 is Device C. Figure 30 Network diagram Configuration procedure 1. Configure VLANs and VLAN member ports. (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on Devi ce A and Device B, respectively, VLAN 10, VLAN 20, and VLAN 40 on Device C, and VLAN 20, VLAN 30, and VLAN 40 on Device D. Configure the ports on these devices as trunk ports and assign them to related VLANs. 2. Configure Device A: # Set the spanning tr ee mode to PVST. system-view [DeviceA] stp mode pvst # Specify the device as the root bridge of VLAN 10 and VLAN 20. [DeviceA] stp vlan 10 20 root primary # Enable the spanning tree feature globally and for VLANs 10, 20, and 30. [DeviceA] stp enable [DeviceA] stp vlan 10 20 30 enable 3. Configure Device B: # Set the spanning tr ee mode to PVST. system-view [DeviceB] stp mode pvst # Specify the device as the root bridge of VLAN 30. [DeviceB] stp vlan 30 root primary # Enable the spanning tree feature globally and for VLANs 10, 20, and 30. [DeviceB] stp enable [DeviceB] stp vlan 10 20 30 enable 4. Configure Device C: # Set the spanning tr ee mode to PVST. system-view [DeviceC] stp mode pvst
107 # Specify the current device as the root bridge of VLAN 40. [DeviceC] stp vlan 40 root primary # Enable the spanning tree feature globally and for VLANs 10, 20, and 40. [DeviceC] stp enable [DeviceC] stp vlan 10 20 40 enable 5. Configure Device D: # Set the spanning tr ee mode to PVST. system-view [DeviceD] stp mode pvst # Enable the spanning tree feature globally and for VLANs 20, 30, and 40. [DeviceD] stp enable [DeviceD] stp vlan 20 30 40 enable 6. Verify the configurations: You can use the display stp brief command to display brief spanning tree information on each device after the ne twork is stable. # Display brief spanning tree information on Device A. [DeviceA] display stp brief VLAN Port Role STP State Protection 10 GigabitEthernet1/0/1 DESI DISCARDING NONE 10 GigabitEthernet1/0/3 DESI FORWARDING NONE 20 GigabitEthernet1/0/1 DESI FORWARDING NONE 20 GigabitEthernet1/0/2 DESI FORWARDING NONE 20 GigabitEthernet1/0/3 DESI FORWARDING NONE 30 GigabitEthernet1/0/2 DESI FORWARDING NONE 30 GigabitEthernet1/0/3 ROOT FORWARDING NONE # Display brief spanning tree information on Device B. [DeviceB] display stp brief VLAN Port Role STP State Protection 10 GigabitEthernet1/0/2 DESI FORWARDING NONE 10 GigabitEthernet1/0/3 ROOT FORWARDING NONE 20 GigabitEthernet1/0/1 DESI FORWARDING NONE 20 GigabitEthernet1/0/2 DESI FORWARDING NONE 20 GigabitEthernet1/0/3 ROOT FORWARDING NONE 30 GigabitEthernet1/0/1 DESI FORWARDING NONE 30 GigabitEthernet1/0/3 DESI FORWARDING NONE # Display brief spanning tree information on Device C. [DeviceC] display stp brief VLAN Port Role STP State Protection 10 GigabitEthernet1/0/1 ROOT FORWARDING NONE 10 GigabitEthernet1/0/2 ALTE FORWARDING NONE 20 GigabitEthernet1/0/1 ROOT FORWARDING NONE 20 GigabitEthernet1/0/2 ALTE FORWARDING NONE 20 GigabitEthernet1/0/3 DESI DISCARDING NONE 40 GigabitEthernet1/0/3 DESI FORWARDING NONE # Display brief spanning tree information on Device D. [DeviceD] display stp brief
108 VLAN Port Role STP State Protection 20 GigabitEthernet1/0/1 ALTE FORWARDING NONE 20 GigabitEthernet1/0/2 ROOT DISCARDING NONE 20 GigabitEthernet1/0/3 ALTE DISCARDING NONE 30 GigabitEthernet1/0/1 ROOT FORWARDING NONE 30 GigabitEthernet1/0/2 ALTE DISCARDING NONE 40 GigabitEthernet1/0/3 ROOT FORWARDING NONE Based on the output, you can draw the spanning tree mapped to each VLAN, as shown in Figure 31. Figure 31 Spanning trees mapped to different VLANs
109 Configuring BPDU tunneling Overview As a Layer 2 tunneling technology, BPDU tunneling enables Layer 2 protocol packets from geographically dispersed customer networks to be transparently transmitted over specific tunnels across a service provider network. Background Dedicated lines are used in a service provider network to build user-specific Layer 2 networks. As a result, a user network consists of parts lo cated at different sides of the service provider network. As shown in Figure 32 , the de vices for User A are CE 1 and CE 2, both of which belong to VLAN 100. User A’s network is divided into network 1 and network 2, which are connected by the service provider network. When a Layer 2 protocol (for example, STP) runs on both network 1 and network 2, the Layer 2 protocol packets must be transmitted over the service provider network to implement Layer 2 protocol calculation (for example, spanning tree calculation). When receiving a Layer 2 protocol packet, the PEs cannot determine whether the packet is from the user network or the service provider network, and must deliver the packet to the CPU for processing. In this case, the Layer 2 protocol calculation in User A’s network is mixed with that in the service provider network, and the user network cannot implement independent Layer 2 protocol calculation. Figure 32 BPDU tunneling application scenario BPDU tunneling addresses this problem. With BPDU tunneling, Layer 2 protocol packets from customer networks can be transparently transmitted over the service provider network in the following workflow: 1. After receiving a Layer 2 protocol packet from CE 1, PE 1 encapsulates the packet, replaces its destination MAC address with a specific multicas t MAC address, and forwards the packet to the service provider network. 2. The encapsulated Layer 2 protocol packet (called bridge protocol data unit, BPDU) is forwarded to PE 2 at the other end of the service provider network, which de-encapsulates the packet, restores the original destination MAC address of the pac ket, and then sends the packet to CE 2. HP devices support BPDU tunneling for the following protocols: • Cisco Discovery Protocol (CDP) • Device Link Detection Protocol (DLDP)