S1720, S2700, S5700, and S6720 Series Ethernet

Switches
V200R011C10

Configuration Guide - Ethernet

Switching

Issue 13
Date 2021-10-20

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2021. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.

Notice
The purchased products, services and features are stipulated by the contract made between Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees
or representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China

Website: https://e.huawei.com

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. i

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching About This Document

About This Document

Intended Audience
This document is intended for network engineers responsible for switch
configuration and management. You should be familiar with basic Ethernet
knowledge and have extensive experience in network deployment and
management.

Symbol Conventions
The symbols that may be found in this document are defined as follows.

Symbol Description

Indicates a potentially hazardous

situation which, if not avoided, could
result in equipment damage, data loss,
performance deterioration, or
unanticipated results.
NOTICE is used to address practices
not related to personal injury.

Supplements the important

information in the main text.
NOTE is used to address information
not related to personal injury,
equipment damage, and environment
deterioration.

Command Conventions
The command conventions that may be found in this document are defined as
follows.

Convention Description

Boldface The keywords of a command line are in boldface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. ii

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching About This Document

Convention Description

Italic Command arguments are in italics.

[] Items (keywords or arguments) in brackets [ ] are

optional.

{ x | y | ... } Optional items are grouped in braces and separated

by vertical bars. One item is selected.

[ x | y | ... ] Optional items are grouped in brackets and

separated by vertical bars. One item is selected or
no item is selected.

{ x | y | ... }* Optional items are grouped in braces and separated

by vertical bars. A minimum of one item or a
maximum of all items can be selected.

[ x | y | ... ]* Optional items are grouped in brackets and

separated by vertical bars. Several items or no item
can be selected.

&<1-n> The parameter before the & sign can be repeated 1

to n times.

# A line starting with the # sign is comments.

Interface Numbering Conventions

Interface numbers used in this manual are examples. In device configuration, use
the existing interface numbers on devices.

Security Conventions
● Password setting
– To ensure device security, use ciphertext when configuring a password
and change the password periodically.
– The switch considers all passwords starting and ending with %^%#, %#
%#, %@%@ or @%@% as ciphertext and attempts to decrypt them. If
you configure a plaintext password that starts and ends with %^%#, %#
%#, %@%@ or @%@%, the switch decrypts it and records it into the
configuration file (plaintext passwords are not recorded for the sake of
security). Therefore, do not set a password starting and ending with %^
%#, %#%#, %@%@ or @%@%.
– When you configure passwords in ciphertext, different features must use
different ciphertext passwords. For example, the ciphertext password set
for the AAA feature cannot be used for other features.
● Encryption algorithms

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. iii

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching About This Document

The switch currently supports the 3DES, AES, RSA, SHA1, SHA2, and MD5.
3DES, RSA, and AES are reversible, whereas SHA1, SHA2, and MD5 are
irreversible. Using the encryption algorithms DES, 3DES, RSA (RSA-1024 or
lower), MD5 (in digital signature scenarios and password encryption), or
SHA1 (in digital signature scenarios) is a security risk. If protocols allow, use
more secure encryption algorithms, such as AES, RSA (RSA-2048 or higher),
SHA2, or HMAC-SHA2.
An irreversible encryption algorithm must be used for the administrator
password. SHA2 is recommended for this purpose.
● Personal data
Some personal data (such as MAC or IP addresses of terminals) may be
obtained or used during operation or fault location of your purchased
products, services, features, so you have an obligation to make privacy policies
and take measures according to the applicable law of the country to protect
personal data.
● Mirroring
The terms mirrored port, port mirroring, traffic mirroring, and mirroring in this
document are mentioned only to describe the product's function of
communication error or failure detection, and do not involve collection or
processing of any personal information or communication data of users.
● Reliability design declaration
Network planning and site design must comply with reliability design
principles and provide device- and solution-level protection. Device-level
protection includes planning principles of dual-network and inter-board dual-
link to avoid single point or single link of failure. Solution-level protection
refers to a fast convergence mechanism, such as FRR and VRRP. If solution-
level protection is used, ensure that the primary and backup paths do not
share links or transmission devices. Otherwise, solution-level protection may
fail to take effect.

Reference Standards and Protocols

To obtain reference standards and protocols, log in to Huawei official website,
search for "standard and protocol compliance list", and download the Huawei S-
Series Switch Standard and Protocol Compliance List.

Disclaimer
● This document is designed as a reference for you to configure your devices. Its
contents, including web pages, command line input and output, are based on
laboratory conditions. It provides instructions for general scenarios, but does
not cover all use cases of all product models. The examples given may differ
from your use case due to differences in software versions, models, and
configuration files. When configuring your device, alter the configuration
depending on your use case.
● The specifications provided in this document are tested in lab environment
(for example, a certain type of cards have been installed on the tested device

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. iv

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching About This Document

or only one protocol is run on the device). Results may differ from the listed
specifications when you attempt to obtain the maximum values with multiple
functions enabled on the device.
● In this document, public IP addresses may be used in feature introduction and
configuration examples and are for reference only unless otherwise specified.

Product Software Versions Matching NMS Versions

The product software versions matching NMS versions are as follows.

S1720, S2700, S5700, and NMS

S6720 Product Software
Version

V200R011C10 eSight V300R008C00 (not matching the

S1720)
iManager U2000 V200R017C50 (only
matching the S1720-10GW-2P-E)

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. v

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching Contents

Contents

About This Document................................................................................................................ ii

1 Ethernet Switching Features Supported in This Version................................................1
2 Ethernet Switching..................................................................................................................9
2.1 Overview of Ethernet Switching.........................................................................................................................................9
2.2 Basic Concepts of Ethernet................................................................................................................................................ 10
2.2.1 Ethernet Network Layers................................................................................................................................................ 10
2.2.2 Overview of Ethernet Cable Standards...................................................................................................................... 11
2.2.3 CSMA/CD.............................................................................................................................................................................. 14
2.2.4 Minimum Frame Length and Maximum Transmission Distance...................................................................... 15
2.2.5 Duplex Modes of Ethernet............................................................................................................................................. 15
2.2.6 Auto-Negotiation of Ethernet....................................................................................................................................... 16
2.2.7 Collision Domain and Broadcast Domain................................................................................................................. 18
2.2.8 MAC Sub-layer....................................................................................................................................................................18
2.2.9 LLC Sub-layer...................................................................................................................................................................... 23
2.3 Switching on the Ethernet................................................................................................................................................. 24
2.3.1 Layer 2 Switching.............................................................................................................................................................. 24
2.3.2 Layer 3 Switching.............................................................................................................................................................. 25
2.4 Application Scenarios for Ethernet Switching............................................................................................................. 28
2.4.1 Building an Enterprise Network................................................................................................................................... 28

3 MAC Address Table Configuration.................................................................................... 30

3.1 Overview of MAC Address Tables................................................................................................................................... 31
3.2 Understanding MAC Address Tables.............................................................................................................................. 31
3.2.1 Definition and Classification of MAC Address Entries.......................................................................................... 31
3.2.2 Elements and Functions of a MAC Address Table..................................................................................................33
3.2.3 MAC Address Entry Learning and Aging................................................................................................................... 34
3.2.4 MAC Address Learning Control.....................................................................................................................................36
3.2.5 MAC Address Flapping.....................................................................................................................................................37
3.2.6 MAC Address-Triggered ARP Entry Update.............................................................................................................. 40
3.3 Application Scenarios for MAC Address Tables.......................................................................................................... 41
3.3.1 Configuring MAC Address Flapping Prevention to Block User Attacks.......................................................... 41
3.3.2 Configuring MAC Address Flapping Detection to Quickly Detect Loops....................................................... 42

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. vi

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching Contents

3.3.3 Configuring MAC Address-Triggered ARP Entry Update to Improve VRRP Switchover Performance
............................................................................................................................................................................................................ 43
3.4 Summary of MAC Address Table Configuration Tasks.............................................................................................44
3.5 Licensing Requirements and Limitations for MAC Address Tables...................................................................... 48
3.6 Default Settings for MAC Address Tables.....................................................................................................................50
3.7 Configuring MAC Address Tables.................................................................................................................................... 51
3.7.1 Configuring a Static MAC Address Entry................................................................................................................... 51
3.7.2 Configuring a Blackhole MAC Address Entry...........................................................................................................52
3.7.3 Setting the Aging Time of Dynamic MAC Address Entries................................................................................. 53
3.7.4 Disabling MAC Address Learning.................................................................................................................................53
3.7.5 Configuring the MAC Address Limiting Function................................................................................................... 62
3.7.6 Enabling MAC Address Trap Functions...................................................................................................................... 63
3.7.7 Configuring a MAC Hash Algorithm........................................................................................................................... 65
3.7.8 Configuring the Extended MAC Entry Resource Mode.........................................................................................67
3.8 Configuring MAC Address Flapping Prevention......................................................................................................... 67
3.8.1 Configuring a MAC Address Learning Priority for an Interface.........................................................................68
3.8.2 Preventing MAC Address Flapping Between Interfaces with the Same Priority..........................................69
3.9 Configuring MAC Address Flapping Detection........................................................................................................... 70
3.10 Configuring the Switch to Discard Packets with an All-0 MAC Address......................................................... 72
3.11 Enabling MAC Address-triggered ARP Entry Update............................................................................................. 73
3.12 Enabling Port Bridge..........................................................................................................................................................74
3.13 Configuring Re-marking of Destination MAC Addresses......................................................................................75
3.14 Maintaining MAC Address Tables................................................................................................................................. 82
3.14.1 Displaying MAC Address Entries................................................................................................................................ 82
3.14.2 Deleting MAC Address Entries.................................................................................................................................... 83
3.14.3 Displaying MAC Address Flapping Information....................................................................................................83
3.15 Configuration Examples for MAC Address Tables................................................................................................... 83
3.15.1 Example for Configuring Static MAC Address Entries........................................................................................ 83
3.15.2 Example for Configuring Blackhole MAC Address Entries................................................................................ 85
3.15.3 Example for Configuring MAC Address Limiting on an Interface.................................................................. 87
3.15.4 Example for Configuring MAC Address Limiting in a VLAN............................................................................ 88
3.15.5 Example for Configuring MAC Address Flapping Prevention.......................................................................... 90
3.15.6 Example for Configuring MAC Address Flapping Detection............................................................................ 92
3.16 Troubleshooting MAC Address Tables......................................................................................................................... 94
3.16.1 MAC Address Entries Failed to Be Learned on an Interface............................................................................ 94
3.17 FAQ About MAC Address Tables................................................................................................................................... 98
3.17.1 How Do I Enable and Disable MAC Address Flapping Detection?................................................................ 98
3.17.2 How Do I Check MAC Address Flapping Information?...................................................................................... 98
3.17.3 What Should I Do When Finding a MAC Address Flapping Alarm?..............................................................98
3.17.4 How Do I Rapidly Determine a Loop?..................................................................................................................... 99
3.17.5 How Do I Configure VLAN-based Blackhole MAC Address Entries?............................................................. 99

4 Link Aggregation Configuration......................................................................................101

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. vii

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching Contents

4.1 Overview of Link Aggregation....................................................................................................................................... 102

4.2 Understanding Link Aggregation.................................................................................................................................. 102
4.2.1 Basic Concepts of Link Aggregation......................................................................................................................... 102
4.2.2 Link Aggregation in Manual Mode........................................................................................................................... 105
4.2.3 Link Aggregation in LACP Mode................................................................................................................................ 106
4.2.4 Load Balancing Modes of Link Aggregation......................................................................................................... 111
4.2.5 Link Aggregation in Stack Scenarios........................................................................................................................ 113
4.2.6 E-Trunk................................................................................................................................................................................ 115
4.3 Application Scenarios for Link Aggregation.............................................................................................................. 119
4.3.1 Switches Are Directly Connected Using Link Aggregation............................................................................... 119
4.3.2 Switches Are Connected Across a Transmission Device Using Link Aggregation..................................... 120
4.3.3 Switches Connect to Transmission Devices Using Link Aggregation............................................................ 120
4.3.4 A Switch Connects to a Server Using Link Aggregation.................................................................................... 121
4.3.5 A Switch Connects to a Stack Using Link Aggregation......................................................................................122
4.3.6 Using E-Trunk to Implement Link Aggregation Across Devices...................................................................... 123
4.4 Summary of Link Aggregation Configuration Tasks.............................................................................................. 124
4.5 Licensing Requirements and Limitations for Link Aggregation..........................................................................125
4.6 Default Settings for Link Aggregation........................................................................................................................ 130
4.7 Configuring Link Aggregation in Manual Mode...................................................................................................... 131
4.7.1 (Optional) Setting the Maximum Number of LAGs and the Maximum Number of Member
Interfaces in Each LAG............................................................................................................................................................. 131
4.7.2 Creating an LAG.............................................................................................................................................................. 132
4.7.3 Setting the Manual Load Balancing Mode............................................................................................................ 132
4.7.4 Adding Member Interfaces to an Eth-Trunk.......................................................................................................... 133
4.7.5 (Optional) Setting the Lower Threshold for the Number of Active Interfaces......................................... 134
4.7.6 (Optional) Configuring a Load Balancing Mode................................................................................................. 135
4.7.7 Verifying the Configuration of Link Aggregation in Manual Mode.............................................................. 138
4.8 Configuring Link Aggregation in LACP Mode...........................................................................................................138
4.8.1 (Optional) Setting the Maximum Number of LAGs and the Maximum Number of Member
Interfaces in Each LAG............................................................................................................................................................. 138
4.8.2 Creating an LAG.............................................................................................................................................................. 139
4.8.3 Setting the LACP Mode................................................................................................................................................. 140
4.8.4 Adding Member Interfaces to an Eth-Trunk.......................................................................................................... 140
4.8.5 (Optional) Setting the Upper and Lower Thresholds for the Number of Active Interfaces................. 142
4.8.6 (Optional) Configuring a Load Balancing Mode................................................................................................. 143
4.8.7 (Optional) Setting the LACP System Priority........................................................................................................ 146
4.8.8 (Optional) Setting the LACP Interface Priority..................................................................................................... 147
4.8.9 (Optional) Configuring LACP Preemption.............................................................................................................. 147
4.8.10 (Optional) Setting the Timeout Interval for Receiving LACPDUs................................................................ 148
4.8.11 (Optional) Configuring an Eth-Trunk Member Interface on a Switch Directly Connected to a Server
to Forward Packets.................................................................................................................................................................... 149
4.8.12 Verifying the Configuration of Link Aggregation in LACP Mode................................................................. 150

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. viii

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching Contents

4.9 Associating the Secondary Member Interface of an Eth-Trunk Interface in LACP Mode with Its Primary
Member Interface...................................................................................................................................................................... 151
4.10 Configuring Preferential Forwarding of Local Traffic in a Stack..................................................................... 152
4.11 Creating an Eth-Trunk Sub-interface......................................................................................................................... 153
4.12 Configuring an E-Trunk.................................................................................................................................................. 155
4.12.1 Setting the LACP System ID and LACP Priority of an E-Trunk...................................................................... 155
4.12.2 Creating an E-Trunk and Setting the E-Trunk Priority......................................................................................156
4.12.3 Configuring Local and Remote IP Addresses of an E-Trunk.......................................................................... 156
4.12.4 Binding an E-Trunk to a BFD Session.....................................................................................................................157
4.12.5 Adding an Eth-Trunk to an E-Trunk........................................................................................................................ 158
4.12.6 (Optional) Configuring the Working Mode of an Eth-Trunk in an E-Trunk............................................. 158
4.12.7 (Optional) Setting the Password for Encrypting Packets............................................................................... 159
4.12.8 (Optional) Setting the Timeout Interval of Hello Packets............................................................................. 160
4.12.9 (Optional) Setting the Revertive Switching Delay............................................................................................ 161
4.12.10 (Optional) Disabling Revertive Switching on an E-Trunk.............................................................................161
4.12.11 (Optional) Configuring the E-Trunk Sequence Number Check Function............................................... 162
4.12.12 Verifying the E-Trunk Configuration.................................................................................................................... 162
4.13 Maintaining Link Aggregation..................................................................................................................................... 162
4.14 Configuration Examples for Link Aggregation.......................................................................................................163
4.14.1 Example for Configuring Link Aggregation in Manual Mode....................................................................... 163
4.14.2 Example for Configuring Link Aggregation in LACP Mode............................................................................ 166
4.14.3 Example for Configuring an Inter-Chassis Eth-Trunk to Forward Traffic Preferentially Through Local
Member Interfaces (Stack).....................................................................................................................................................170
4.15 Troubleshooting Link Aggregation............................................................................................................................. 174
4.15.1 Traffic Is Unevenly Load Balanced Among Eth-Trunk Member Interfaces Because the Load
Balancing Mode Is Incorrect.................................................................................................................................................. 174
4.15.2 Eth-Trunk at Both Ends Cannot Be Up Because the Lower Threshold for the Number of Active
Interfaces Is Incorrect............................................................................................................................................................... 175
4.16 FAQ About Link Aggregation....................................................................................................................................... 175
4.16.1 Can an Eth-Trunk Be Configured with an IP Address?.....................................................................................175
4.16.2 How Do I Add Member Interfaces to an Eth-Trunk?........................................................................................175
4.16.3 How Do I Delete Member Interfaces from an Eth-Trunk?............................................................................. 176
4.16.4 What Is the Function of the Delay for LACP Preemption?.............................................................................176
4.16.5 Which Switches Are Recommended for Link Aggregation in FTTx Scenarios of MAN?...................... 176

5 VLAN Configuration........................................................................................................... 178

5.1 Overview of VLANs............................................................................................................................................................ 178
5.2 Understanding VLANs....................................................................................................................................................... 179
5.2.1 VLAN Tags......................................................................................................................................................................... 180
5.2.2 Link and Interface Types............................................................................................................................................... 181
5.2.3 Default VLAN....................................................................................................................................................................183
5.2.4 Adding and Removing VLAN Tags............................................................................................................................ 184
5.2.5 LNP....................................................................................................................................................................................... 189
5.2.6 VLAN Assignment........................................................................................................................................................... 192

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. ix

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching Contents

5.2.7 Intra-VLAN Communication........................................................................................................................................ 197

5.2.8 Inter-VLAN Communication........................................................................................................................................ 200
5.2.9 Intra-VLAN Layer 2 Isolation....................................................................................................................................... 205
5.2.10 Inter-VLAN Layer 3 Isolation.....................................................................................................................................205
5.2.11 mVLAN............................................................................................................................................................................. 206
5.2.12 Protocol Packet Transparent Transmission in a VLAN..................................................................................... 206
5.3 Application Scenarios for VLANs................................................................................................................................... 207
5.3.1 Using VLAN Assignment to Implement Layer 2 Isolation................................................................................ 207
5.3.2 Using VLANIF Interfaces to Implement Inter-VLAN Layer 3 Connectivity.................................................. 209
5.3.3 Using a Traffic Policy to Implement Inter-VLAN Access Control.................................................................... 210
5.3.4 Using a VLANIF Interface to Implement Layer 3 Connectivity Between the Switch and Router........211
5.4 Summary of VLAN Configuration Tasks..................................................................................................................... 212
5.5 Licensing Requirements and Limitations for VLANs.............................................................................................. 214
5.6 Default Settings for VLANs............................................................................................................................................. 218
5.7 Configuring VLANs............................................................................................................................................................. 219
5.7.1 Configuring Interface-based VLAN Assignment (Statically Configured Interface Type)........................219
5.7.2 Configuring Interface-based VLAN Assignment (LNP Dynamically Negotiates the Link Type)..........222
5.7.3 Configuring MAC Address-based VLAN Assignment.......................................................................................... 224
5.7.4 Configuring IP Subnet-based VLAN Assignment................................................................................................. 227
5.7.5 Configuring Protocol-based VLAN Assignment.................................................................................................... 229
5.7.6 Configuring Policy-based VLAN Assignment......................................................................................................... 231
5.7.7 Configuring Inter-VLAN Communication................................................................................................................ 233
5.7.8 Configuring a Traffic Policy to Implement Intra-VLAN Layer 2 Isolation....................................................235
5.7.9 Configuring a Traffic Policy to Implement Inter-VLAN Layer 3 Isolation.................................................... 235
5.7.10 Configuring an mVLAN.............................................................................................................................................. 236
5.7.11 Configuring Transparent Transmission of Protocol Packets in a VLAN......................................................238
5.8 Maintaining VLANs............................................................................................................................................................ 239
5.8.1 Collecting VLAN Traffic Statistics.............................................................................................................................. 239
5.8.2 Clearing VLAN Traffic Statistics................................................................................................................................. 240
5.8.3 Clearing Packet Statistics on a VLANIF Interface................................................................................................ 241
5.8.4 Clearing LNP Packet Statistics.................................................................................................................................... 241
5.8.5 Enabling GMAC Ping to Detect Layer 2 Network Connectivity...................................................................... 241
5.8.6 Enabling GMAC Trace to Locate Faults................................................................................................................... 242
5.9 Configuration Examples for VLANs.............................................................................................................................. 243
5.9.1 Example for Configuring Interface-based VLAN Assignment (Statically Configured Link Type)........243
5.9.2 Example for Configuring Interface-based VLAN Assignment (LNP Dynamically Negotiates the Link
Type).............................................................................................................................................................................................. 245
5.9.3 Example for Configuring MAC Address-based Assignment (the Switch Connects to Downstream
Terminals).....................................................................................................................................................................................249
5.9.4 Example for Configuring IP Subnet-based VLAN Assignment........................................................................ 251
5.9.5 Example for Configuring Protocol-based VLAN Assignment........................................................................... 253
5.9.6 Example for Configuring VLANIF Interfaces to Implement Inter-VLAN Communication...................... 257
5.9.7 Example for Configuring VLANIF Interfaces to Implement Intra-VLAN Communication......................259

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. x

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching Contents

5.9.8 Example for Configuring VLANIF Interfaces to Implement Communication of Hosts on Different
Network Segments in the Same VLAN.............................................................................................................................. 262
5.9.9 Example for Configuring a Traffic Policy to Implement Inter-VLAN Layer 3 Isolation...........................265
5.9.10 Example for Configuring an mVLAN to Implement Remote Management.............................................271
5.9.11 Example for Configuring Transparent Transmission of Protocol Packets in a VLAN.............................274
5.10 Troubleshooting VLANs..................................................................................................................................................276
5.10.1 A VLANIF Interface Fails to Be Created................................................................................................................ 277
5.10.2 A VLANIF Interface Goes Down...............................................................................................................................278
5.10.3 Users in a VLAN Cannot Communicate................................................................................................................ 279
5.10.4 IP Addresses of the Connected Interfaces Between Switches Cannot Be Pinged.................................. 280
5.11 FAQ About VLANs............................................................................................................................................................ 282
5.11.1 How Do I Create VLANs in a Batch?...................................................................................................................... 282
5.11.2 How Do I Add Interfaces to a VLAN in a Batch?............................................................................................... 282
5.11.3 How Do I Restore the Default VLAN Configuration of an Interface?........................................................ 283
5.11.4 How Do I Change the Link Type of an Interface?............................................................................................. 283
5.11.5 How Do I Rapidly Query the Link Types and Default VLANs of All Interfaces?..................................... 285
5.11.6 How Do I Delete a Single VLAN or VLANs in a Batch?................................................................................... 286
5.11.7 Can Multiple Network Segments Be Configured in a VLAN?....................................................................... 286
5.11.8 How Is the Inter-VLAN Communication Fault Rectified?................................................................................287
5.11.9 Do VLANs Need to Be Assigned on the Intermediate Device That Transparently Transmits Packets?
......................................................................................................................................................................................................... 289
5.11.10 Why Are MAC-VLAN Entries Invalid?.................................................................................................................. 289
5.11.11 Can the Switch Collect Statistics on Only Traffic Destined for the VLANIF Interface Enabled with
Traffic Statistics?........................................................................................................................................................................ 290

6 VLAN Aggregation Configuration................................................................................... 291

6.1 Overview of VLAN Aggregation.................................................................................................................................... 291
6.2 Understanding VLAN Aggregation............................................................................................................................... 293
6.3 Application Scenarios for VLAN Aggregation........................................................................................................... 298
6.4 Licensing Requirements and Limitations for VLAN Aggregation.......................................................................299
6.5 Default Settings for VLAN Aggregation..................................................................................................................... 302
6.6 Configuring VLAN Aggregation..................................................................................................................................... 302
6.6.1 Creating a Sub-VLAN..................................................................................................................................................... 302
6.6.2 Creating a Super-VLAN................................................................................................................................................. 303
6.6.3 Configuring a VLANIF Interface Corresponding to a Super-VLAN................................................................. 304
6.6.4 (Optional) Enabling Proxy ARP on the VLANIF Interface Corresponding to a Super-VLAN................. 305
6.6.5 Verifying the VLAN Aggregation Configuration................................................................................................... 305
6.7 Example for Configuring VLAN Aggregation............................................................................................................ 306
6.8 FAQ About VLAN Aggregation...................................................................................................................................... 309
6.8.1 How Do I Implement Communication Between Specific Sub-VLANs in a Super-VLAN......................... 309
6.8.2 How Can a Traffic Policy Be Configured in a Super-VLAN or Sub-VLAN to Make the Traffic Policy
Take Effect.................................................................................................................................................................................... 310

7 MUX VLAN Configuration................................................................................................. 311

7.1 Overview of MUX VLANs................................................................................................................................................. 311

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. xi

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching Contents

7.2 Licensing Requirements and Limitations for MUX VLANs................................................................................... 314

7.3 Default Settings for MUX VLANs.................................................................................................................................. 317
7.4 Configuring MUX VLANs..................................................................................................................................................317
7.4.1 Configuring a Principal VLAN for MUX VLANs..................................................................................................... 317
7.4.2 Configuring a Group VLAN for a Subordinate VLAN..........................................................................................318
7.4.3 Configuring a Separate VLAN for a Subordinate VLAN.................................................................................... 319
7.4.4 Enabling the MUX VLAN Function on an Interface............................................................................................ 319
7.4.5 Verifying the MUX VLAN Configuration................................................................................................................. 320
7.5 Configuration Examples for MUX VLANs................................................................................................................... 321
7.5.1 Example for Configuring MUX VLAN on the Access Device............................................................................ 321
7.5.2 Example for Configuring MUX VLAN on the Aggregation Device................................................................. 323

8 VLAN Termination Configuration................................................................................... 327

8.1 Overview of VLAN Termination..................................................................................................................................... 327
8.2 Application Scenarios for VLAN Termination........................................................................................................... 329
8.2.1 Using a Dot1q Termination Sub-interface to Implement Inter-VLAN Communication..........................329
8.2.2 Using a Dot1q Termination Sub-interface to Connect to a VPN....................................................................330
8.2.3 Using a QinQ Termination Sub-interface to Connect to a VPN..................................................................... 332
8.3 Summary of VLAN Termination Configuration Tasks............................................................................................ 334
8.4 Licensing Requirements and Limitations for VLAN Termination....................................................................... 336
8.5 Default Settings for VLAN Termination...................................................................................................................... 338
8.6 Configuring a Dot1q Termination Sub-interface to Implement Inter-VLAN Communication................. 338
8.7 Configuring a Dot1q Termination Sub-interface and Connecting It to an L2VPN...................................... 339
8.7.1 Configuring a Dot1q Termination Sub-interface..................................................................................................340
8.7.2 Configuring L2VPN......................................................................................................................................................... 340
8.7.3 Verifying the Configuration of a Dot1q Termination Sub-interface and Its Connection to an L2VPN
......................................................................................................................................................................................................... 341
8.8 Configuring a Dot1q Termination Sub-interface and Connecting It to an L3VPN...................................... 341
8.8.1 Configuring a Dot1q Termination Sub-interface..................................................................................................342
8.8.2 Configuring L3VPN......................................................................................................................................................... 343
8.8.3 Verifying the Configuration of a Dot1q Termination Sub-interface and Its Connection to an L3VPN
......................................................................................................................................................................................................... 343
8.9 Configuring a QinQ Termination Sub-interface and Connecting It to an L2VPN........................................343
8.9.1 Configuring a QinQ Sub-interface............................................................................................................................ 344
8.9.2 Configuring L2VPN......................................................................................................................................................... 350
8.9.3 Verifying the Configuration of a QinQ Termination Sub-interface and Its Connection to an L2VPN
......................................................................................................................................................................................................... 351
8.10 Configuring a QinQ Termination Sub-interface and Connecting It to an L3VPN..................................... 351
8.10.1 Configuring a QinQ Sub-interface.......................................................................................................................... 351
8.10.2 Configuring L3VPN....................................................................................................................................................... 353
8.10.3 Verifying the Configuration of QinQ Termination Sub-interface and Its Connection to an L3VPN
......................................................................................................................................................................................................... 353
8.11 Configuration Examples for VLAN Termination.................................................................................................... 353

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. xii

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching Contents

8.11.1 Example for Configuring Dot1q Termination Sub-interfaces to Implement Inter-VLAN

Communication.......................................................................................................................................................................... 353
8.11.2 Example for Configuring Dot1q Termination Sub-interfaces to Implement Inter-VLAN
Communication Across Different Networks..................................................................................................................... 356
8.11.3 Example for Connecting Dot1q Sub-interfaces to a VLL Network.............................................................. 360
8.11.4 Example for Connecting QinQ Termination Sub-interfaces to a VLL Network...................................... 369
8.11.5 Example for Connecting Dot1q Termination Sub-interfaces to a VPLS Network.................................. 380
8.11.6 Example for Connecting QinQ Termination Sub-interfaces to a VPLS Network....................................390
8.11.7 Example for Connecting Dot1q Termination Sub-interfaces to an L3VPN...............................................401
8.11.8 Example for Connecting QinQ Termination Sub-interfaces to an L3VPN................................................ 415

9 Voice VLAN Configuration................................................................................................ 431

9.1 Overview of Voice VLANs................................................................................................................................................ 431
9.2 Voice VLAN Typical Networking.................................................................................................................................... 432
9.3 Understanding Voice VLANs........................................................................................................................................... 432
9.4 Application Scenarios for Voice VLANs....................................................................................................................... 434
9.5 Licensing Requirements and Limitations for Voice VLAN.................................................................................... 435
9.6 Default Settings for Voice VLANs................................................................................................................................. 438
9.7 Configuring a MAC Address-based Voice VLAN...................................................................................................... 439
9.7.1 Enabling the Voice VLAN Function........................................................................................................................... 439
9.7.2 Configuring a Mode in Which the Priority of Voice Packets Is Increased Based on MAC Addresses
......................................................................................................................................................................................................... 440
9.7.3 Configuring an OUI for a Voice VLAN..................................................................................................................... 440
9.7.4 Configuring a Mode in Which an Interface Is Added to a Voice VLAN........................................................441
9.7.5 (Optional) Configuring the Secure or Normal Mode of a Voice VLAN....................................................... 442
9.7.6 (Optional) Configuring the 802.1p Priority and DSCP Priority for a Voice VLAN.................................... 444
9.7.7 Verifying the MAC Address-based Voice VLAN Configuration........................................................................ 445
9.8 Configuring a VLAN ID-based Voice VLAN............................................................................................................... 445
9.8.1 Enabling the Voice VLAN Function........................................................................................................................... 445
9.8.2 Configuring a Mode in Which the Priority of Voice Packets Is Increased Based on VLAN IDs............ 446
9.8.3 Configuring a Mode in Which an Interface Is Added to a Voice VLAN........................................................446
9.8.4 Configuring the Switch to Advertise Voice VLAN Information to an IP Phone......................................... 447
9.8.5 (Optional) Configuring the 802.1p Priority and DSCP Priority for a Voice VLAN.................................... 448
9.8.6 Verifying the VLAN ID-based Voice VLAN Configuration................................................................................. 448
9.9 Configuration Examples for Voice VLANs.................................................................................................................. 449
9.9.1 Example for Configuring a MAC Address-based Voice VLAN (IP Phones Send Untagged Voice
Packets)......................................................................................................................................................................................... 449
9.9.2 Example for Configuring a VLAN ID-based Voice VLAN (IP Phones Send Tagged Voice Packets).... 451

10 QinQ Configuration.......................................................................................................... 454

10.1 Overview of QinQ............................................................................................................................................................ 454
10.2 Understanding QinQ....................................................................................................................................................... 455
10.2.1 QinQ Fundamentals.................................................................................................................................................... 455
10.2.2 Basic QinQ...................................................................................................................................................................... 458
10.2.3 Selective QinQ............................................................................................................................................................... 460

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. xiii

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching Contents

10.2.4 VLAN Stacking on a VLANIF Interface.................................................................................................................. 461

10.2.5 TPID................................................................................................................................................................................... 462
10.2.6 QinQ Mapping............................................................................................................................................................... 463
10.3 Application Scenarios for QinQ................................................................................................................................... 465
10.3.1 Public User Services on a Metro Ethernet Network......................................................................................... 466
10.3.2 Enterprise Network Connection Through Private Lines.................................................................................. 467
10.4 Summary of QinQ Configuration Tasks................................................................................................................... 468
10.5 Licensing Requirements and Limitations for QinQ.............................................................................................. 469
10.6 Configuring Basic QinQ................................................................................................................................................. 474
10.7 Configuring Selective QinQ.......................................................................................................................................... 475
10.7.1 Configuring VLAN ID-based Selective QinQ....................................................................................................... 475
10.7.2 Configuring MQC-based Selective QinQ.............................................................................................................. 477
10.8 Configuring the TPID Value in an Outer VLAN Tag.............................................................................................484
10.9 Configuring QinQ Stacking on a VLANIF Interface..............................................................................................484
10.10 Configuring the Device to Add Double VLAN Tags to Untagged Packets................................................. 486
10.11 Configuring QinQ Mapping....................................................................................................................................... 488
10.11.1 Configuring 1-to-1 QinQ Mapping...................................................................................................................... 488
10.11.2 Configuring 2-to-1 QinQ Mapping...................................................................................................................... 489
10.12 Displaying VLAN Translation Resource Usage.....................................................................................................490
10.13 Configuration Examples for QinQ........................................................................................................................... 490
10.13.1 Example for Configuring Basic QinQ...................................................................................................................490
10.13.2 Example for Configuring Selective QinQ........................................................................................................... 493
10.13.3 Example for Configuring Selective QinQ and VLAN Mapping................................................................... 496
10.13.4 Example for Configuring Flow-based Selective QinQ................................................................................... 499
10.13.5 Example for Connecting a Single-Tag VLAN Mapping Sub-Interface to a VLL Network..................502
10.13.6 Example for Connecting a Double-Tag VLAN Mapping Sub-Interface to a VLL Network................512
10.13.7 Example for Connecting a VLAN Stacking Sub-interface to a VLL Network........................................ 522
10.13.8 Example for Connecting a Single-tag VLAN Mapping Sub-interface to a VPLS Network................533
10.13.9 Example for Connecting a Double-tag VLAN Mapping Sub-interface to a VPLS Network............. 543
10.13.10 Example for Connecting a VLAN Stacking Sub-interface to a VPLS Network................................... 554
10.13.11 Example for Configuring QinQ Stacking on a VLANIF Interface............................................................ 566
10.14 Troubleshooting QinQ..................................................................................................................................................569
10.14.1 QinQ Traffic Forwarding Fails Because the Outer VLAN Is Not Created................................................569
10.14.2 QinQ Traffic Forwarding Fails Because the Interface Does Not Transparently Transmit the Outer
VLAN ID........................................................................................................................................................................................ 569
10.15 FAQ About QinQ............................................................................................................................................................ 570
10.15.1 Does the Switch Support QinQ?........................................................................................................................... 570
10.15.2 What Are Causes for QinQ Traffic Forwarding Failures?............................................................................. 570
10.15.3 Can I Rapidly Delete All QinQ Configurations of an Interface?................................................................ 571
10.15.4 Can I Directly Delete Inner VLAN IDs from QinQ Configuration?............................................................ 571
10.15.5 Can the Switch Add Double VLAN Tags to Untagged Packets?................................................................ 571
10.15.6 Which Tag Does the TPID Configured by the qinq protocol Command Match?................................571

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. xiv

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching Contents

10.15.7 Which VLAN Does the Interface Enabled with VLAN Mapping or QinQ Obtain Through MAC
Address Learning?..................................................................................................................................................................... 571

11 VLAN Mapping Configuration....................................................................................... 572

11.1 Overview of VLAN Mapping........................................................................................................................................ 572
11.2 Understanding VLAN Mapping................................................................................................................................... 573
11.3 Application Scenarios for VLAN Mapping............................................................................................................... 575
11.4 Licensing Requirements and Limitations for VLAN Mapping........................................................................... 577
11.5 Configuring VLAN ID-based VLAN Mapping..........................................................................................................584
11.5.1 Configuring 1:1 VLAN Mapping...............................................................................................................................584
11.5.2 Configuring 2:1 VLAN Mapping...............................................................................................................................585
11.5.3 Configuring 2:2 VLAN Mapping...............................................................................................................................586
11.5.4 Verifying the VLAN ID-based VLAN Mapping Configuration........................................................................587
11.6 Configuring MQC-based VLAN Mapping.................................................................................................................587
11.7 Displaying VLAN Translation Resource Usage....................................................................................................... 594
11.8 Configuration Examples for VLAN Mapping.......................................................................................................... 595
11.8.1 Example for Configuring VLAN ID-based 1:1 VLAN Mapping...................................................................... 595
11.8.2 Example for Configuring VLAN ID-based N:1 VLAN Mapping..................................................................... 598
11.8.3 Example for Configuring VLAN ID-based 2 to 1 VLAN Mapping................................................................ 599
11.8.4 Example for Configuring VLAN ID-based 2:2 VLAN Mapping...................................................................... 604
11.9 Troubleshooting VLAN Mapping.................................................................................................................................608
11.9.1 Communication Failure After VLAN Mapping Configuration....................................................................... 608

12 GVRP Configuration......................................................................................................... 611

12.1 Overview of GVRP........................................................................................................................................................... 611
12.2 Understanding GVRP...................................................................................................................................................... 612
12.2.1 Basic Concepts of GVRP............................................................................................................................................. 612
12.2.2 Packet Format................................................................................................................................................................ 616
12.2.3 Working Mechanism....................................................................................................................................................617
12.3 Application Scenarios for GVRP.................................................................................................................................. 620
12.4 Licensing Requirements and Limitations for GVRP.............................................................................................. 621
12.5 Default Settings for GVRP............................................................................................................................................. 624
12.6 Configuring GVRP............................................................................................................................................................ 625
12.6.1 Enabling GVRP............................................................................................................................................................... 625
12.6.2 (Optional) Setting the Registration Mode for a GVRP Interface................................................................. 626
12.6.3 (Optional) Setting GARP Timers............................................................................................................................. 627
12.6.4 Verifying the GVRP Configuration.......................................................................................................................... 629
12.7 Clearing GVRP Statistics................................................................................................................................................ 629
12.8 Example for Configuring GVRP................................................................................................................................... 629
12.9 FAQ About GVRP.............................................................................................................................................................. 633
12.9.1 Why Is the CPU Usage High When VLANs Are Created or Deleted Through GVRP in Default
Configuration?............................................................................................................................................................................ 633

13 VCMP Configuration.........................................................................................................635
13.1 Overview of VCMP...........................................................................................................................................................635

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. xv

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching Contents

13.2 Understanding VCMP..................................................................................................................................................... 636

13.2.1 Basic Concepts of VCMP.............................................................................................................................................636
13.2.2 VCMP Implementation............................................................................................................................................... 638
13.3 Application Scenarios for VCMP................................................................................................................................. 645
13.4 Licensing Requirements and Limitations for VCMP............................................................................................. 646
13.5 Default Settings for VCMP............................................................................................................................................ 649
13.6 Configuring VCMP........................................................................................................................................................... 649
13.7 Maintaining VCMP........................................................................................................................................................... 652
13.7.1 Displaying VCMP Running Information................................................................................................................ 653
13.7.2 Clearing VCMP Running Information.................................................................................................................... 653
13.8 Example for Configuring VCMP to Implement Centralized VLAN Management...................................... 653

14 STP/RSTP Configuration.................................................................................................. 659

14.1 Overview of STP/RSTP.................................................................................................................................................... 659
14.2 Understanding STP/RSTP.............................................................................................................................................. 660
14.2.1 Background..................................................................................................................................................................... 660
14.2.2 Basic Concepts of STP/RSTP......................................................................................................................................661
14.2.3 BPDU Format................................................................................................................................................................. 668
14.2.4 STP Topology Calculation.......................................................................................................................................... 670
14.2.5 Improvements in RSTP................................................................................................................................................ 678
14.2.6 RSTP Technology Details............................................................................................................................................ 684
14.3 Application Scenarios for STP...................................................................................................................................... 686
14.4 Summary of STP/RSTP Configuration Tasks........................................................................................................... 687
14.5 Licensing Requirements and Limitations for STP/RSTP...................................................................................... 688
14.6 Default Settings for STP/RSTP..................................................................................................................................... 691
14.7 Configuring STP/RSTP.................................................................................................................................................... 691
14.7.1 Configuring the STP/RSTP Mode.............................................................................................................................691
14.7.2 (Optional) Configuring the Root Bridge and Secondary Root Bridge........................................................692
14.7.3 (Optional) Setting a Priority for a Switching Device........................................................................................693
14.7.4 (Optional) Setting a Path Cost for a Port............................................................................................................ 693
14.7.5 (Optional) Setting a Priority for a Port................................................................................................................. 694
14.7.6 Enabling STP/RSTP....................................................................................................................................................... 695
14.7.7 Verifying the STP/RSTP Configuration.................................................................................................................. 696
14.8 Setting STP Parameters That Affect STP Convergence....................................................................................... 697
14.8.1 Setting the STP Network Diameter........................................................................................................................ 697
14.8.2 Setting the STP Timeout Interval............................................................................................................................ 698
14.8.3 Setting the STP Timers............................................................................................................................................... 698
14.8.4 Setting the Maximum Number of Connections in an Eth-Trunk that Affects Spanning Tree
Calculation................................................................................................................................................................................... 699
14.8.5 Verifying the Configuration of STP Parameters that Affect STP Convergence....................................... 701
14.9 Setting RSTP Parameters that Affect RSTP Convergence...................................................................................701
14.9.1 Setting the RSTP Network Diameter..................................................................................................................... 701
14.9.2 Setting the RSTP Timeout Interval......................................................................................................................... 702

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. xvi

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching Contents

14.9.3 Setting RSTP Timers.....................................................................................................................................................702

14.9.4 Setting the Maximum Number of Connections in an Eth-Trunk that Affects Spanning Tree
Calculation................................................................................................................................................................................... 704
14.9.5 Setting the Link Type for a Port.............................................................................................................................. 705
14.9.6 Setting the Maximum Transmission Rate of an Interface.............................................................................. 705
14.9.7 Switching to the RSTP Mode.................................................................................................................................... 706
14.9.8 Configuring Edge Ports and BPDU Filter Ports...................................................................................................707
14.9.9 Verifying the Configuration of RSTP Parameters that Affect RSTP Convergence.................................. 708
14.10 Configuring RSTP Protection Functions................................................................................................................. 708
14.10.1 Configuring BPDU Protection on a Switching Device....................................................................................708
14.10.2 Configuring TC Protection on a Switching Device.......................................................................................... 709
14.10.3 Configuring Root Protection on a Port............................................................................................................... 710
14.10.4 Configuring Loop Protection on a Port...............................................................................................................710
14.10.5 Verifying the Configuration of RSTP Protection Functions.......................................................................... 711
14.11 Setting Parameters for Interoperation Between Huawei and Non-Huawei Devices............................. 711
14.12 Maintaining STP/RSTP................................................................................................................................................. 712
14.12.1 Clearing STP/RSTP Statistics................................................................................................................................... 712
14.12.2 Monitoring STP/RSTP Topology Change Statistics......................................................................................... 713
14.13 Configuration Examples for STP/RSTP................................................................................................................... 713
14.13.1 Example for Configuring Basic STP Functions..................................................................................................713
14.13.2 Example for Configuring Basic RSTP Functions............................................................................................... 717
14.14 FAQ About STP/RSTP....................................................................................................................................................722
14.14.1 How to Prevent Low Convergence for STP Edge Ports that Connect Terminals?................................ 722
14.14.2 Can Switches Using RSTP and STP Be Connected?........................................................................................ 722
14.14.3 Why Is the Recommended Value of STP Network Radius Within 7?.......................................................723
14.14.4 Why Does the STP Convergence Fail for a Switch?........................................................................................723
14.14.5 In What Condition Do I Need to Configure STP Edge Ports?..................................................................... 723
14.14.6 What Are Precautions for Configuring the Formats of Sent and Received BPDUs on an STP
Interface?...................................................................................................................................................................................... 723
14.14.7 How Do I Configure a User-Side Interface on an STP Switch?.................................................................. 724
14.14.8 How Do I Prevent Terminals' Failures to Ping the Gateway or Low Speed in Obtaining IP
Addresses When They Connect to an STP Network?.................................................................................................... 724
14.14.9 Can the Switch Work with the Non-Huawei Devices Running STP or RSTP?....................................... 724
14.14.10 What Is the Function of the Automatic Edge-port Detecting?................................................................725

15 MSTP Configuration......................................................................................................... 726

15.1 Overview of MSTP........................................................................................................................................................... 726
15.2 Understanding MSTP...................................................................................................................................................... 727
15.2.1 MSTP Background........................................................................................................................................................ 727
15.2.2 Basic Concepts of MSTP............................................................................................................................................. 729
15.2.3 MST BPDUs..................................................................................................................................................................... 735
15.2.4 MSTP Topology Calculation...................................................................................................................................... 738
15.2.5 MSTP Fast Convergence............................................................................................................................................. 740
15.2.6 MSTP Multi-Process..................................................................................................................................................... 741

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. xvii

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching Contents

15.3 Application Scenarios for MSTP.................................................................................................................................. 749

15.4 Summary of MSTP Configuration Tasks...................................................................................................................750
15.5 Licensing Requirements and Limitations for MSTP..............................................................................................752
15.6 Default Settings for MSTP............................................................................................................................................ 754
15.7 Configuring MSTP............................................................................................................................................................ 755
15.7.1 Configuring the MSTP Mode.................................................................................................................................... 755
15.7.2 Configuring and Activating an MST Region........................................................................................................ 756
15.7.3 (Optional) Configuring the Root Bridge and Secondary Root Bridge........................................................758
15.7.4 (Optional) Configuring a Priority for a Switch in an MSTI............................................................................ 759
15.7.5 (Optional) Configuring a Path Cost of a Port in an MSTI..............................................................................759
15.7.6 (Optional) Configuring a Port Priority in an MSTI........................................................................................... 760
15.7.7 Enabling MSTP...............................................................................................................................................................760
15.7.8 Verifying the Basic MSTP Configuration...............................................................................................................762
15.8 Configuring MSTP Multi-Process................................................................................................................................ 762
15.8.1 Creating an MSTP Process......................................................................................................................................... 762
15.8.2 Adding a Port to an MSTP Process......................................................................................................................... 763
15.8.3 (Optional) Configuring the Root Bridge and Secondary Root Bridge........................................................764
15.8.4 (Optional) Configuring a Priority for a Switch in an MSTI............................................................................ 765
15.8.5 (Optional) Configuring a Path Cost of a Port in an MSTI..............................................................................766
15.8.6 (Optional) Configuring a Port Priority in an MSTI........................................................................................... 767
15.8.7 Configuring TC Notification in MSTP Multi-process.........................................................................................767
15.8.8 Enabling MSTP...............................................................................................................................................................768
15.8.9 Verifying the MSTP Multi-Process Configuration.............................................................................................. 769
15.9 Configuring MSTP Parameters on an Interface..................................................................................................... 770
15.9.1 Setting the MSTP Network Diameter.................................................................................................................... 770
15.9.2 Setting the MSTP Timeout Interval........................................................................................................................ 771
15.9.3 Setting the Values of MSTP Timers........................................................................................................................ 771
15.9.4 Setting the Maximum Number of Connections in an Eth-Trunk that Affects Spanning Tree
Calculation................................................................................................................................................................................... 773
15.9.5 Setting the Link Type for a Port.............................................................................................................................. 774
15.9.6 Setting the Maximum Transmission Rate of an Interface.............................................................................. 774
15.9.7 Switching to the MSTP Mode................................................................................................................................... 775
15.9.8 Configuring a Port as an Edge Port and BPDU Filter Port............................................................................. 776
15.9.9 Setting the Maximum Number of Hops in an MST Region...........................................................................777
15.9.10 Verifying the Configuration of MSTP Parameters on an Interface........................................................... 778
15.10 Configuring MSTP Protection Functions................................................................................................................ 778
15.10.1 Configuring BPDU Protection on a Switch........................................................................................................ 778
15.10.2 Configuring TC Protection on a Switch...............................................................................................................779
15.10.3 Configuring Root Protection on an Interface................................................................................................... 780
15.10.4 Configuring Loop Protection on an Interface................................................................................................... 781
15.10.5 Configuring Shared-Link Protection on a Switch............................................................................................ 782
15.10.6 Verifying the MSTP Protection Function Configuration................................................................................782
15.11 Configuring MSTP Interoperability Between Huawei and Non-Huawei Devices.................................... 782

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. xviii

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching Contents

15.11.1 Configuring a Proposal/Agreement Mechanism............................................................................................. 782

15.11.2 Configuring the MSTP Protocol Packet Format on an Interface............................................................... 783
15.11.3 Enabling the Digest Snooping Function............................................................................................................. 784
15.11.4 Verifying the Configuration of MSTP Interoperability Between Huawei and Non-Huawei Devices
......................................................................................................................................................................................................... 785
15.12 Maintaining MSTP......................................................................................................................................................... 785
15.12.1 Clearing MSTP Statistics.......................................................................................................................................... 785
15.12.2 Monitoring the Statistics on MSTP Topology Changes................................................................................. 785
15.13 Configuration Examples for MSTP........................................................................................................................... 786
15.13.1 Example for Configuring MSTP............................................................................................................................. 786
15.13.2 Example for Configuring MSTP + VRRP Network........................................................................................... 795
15.13.3 Example for Connecting CEs to the VPLS in Dual-Homing Mode Through MSTP..............................806
15.13.4 Example for Configuring MSTP Multi-Process for Layer 2 Single-Access Rings and Layer 2 Multi-
Access Rings................................................................................................................................................................................. 823
15.14 FAQ About MSTP........................................................................................................................................................... 829
15.14.1 Can a Huawei STP Switch Work with a Non-Huawei STP Device?.......................................................... 829
15.14.2 How to Prevent Low Convergence for STP Edge Ports that Connect Terminals?................................ 829
15.14.3 How Do I Configure a User-Side Interface on an STP Switch?.................................................................. 830
15.14.4 How Do I Prevent Terminals' Failures to Ping the Gateway or Low Speed in Obtaining IP
Addresses When They Connect to an STP Network?.................................................................................................... 830

16 VBST Configuration.......................................................................................................... 831

16.1 Overview of VBST............................................................................................................................................................ 831
16.2 Understanding VBST....................................................................................................................................................... 834
16.3 Application Scenarios for VBST................................................................................................................................... 839
16.4 Summary of VBST Configuration Tasks....................................................................................................................841
16.5 Licensing Requirements and Limitations for VBST............................................................................................... 843
16.6 Default Settings for VBST..............................................................................................................................................847
16.7 Configuring VBST............................................................................................................................................................. 848
16.7.1 (Optional) Setting the Device Priority...................................................................................................................848
16.7.2 (Optional) Setting the Path Cost for a Port........................................................................................................ 849
16.7.3 (Optional) Configuring Port Priorities................................................................................................................... 850
16.7.4 (Optional) Manually Configuring the Mapping between MSTIs and VLANs.......................................... 851
16.7.5 Enabling VBST................................................................................................................................................................ 852
16.7.6 Verifying the Basic VBST Configuration................................................................................................................ 854
16.8 Setting VBST Parameters That Affect VBST Convergence................................................................................. 854
16.8.1 Setting the Network Diameter................................................................................................................................ 855
16.8.2 Setting Values of VBST Timers.................................................................................................................................855
16.8.3 Setting the VBST Timeout Interval......................................................................................................................... 857
16.8.4 Setting the Link Type for a Port.............................................................................................................................. 857
16.8.5 Setting the Maximum Transmission Rate of a Port.......................................................................................... 858
16.8.6 Manually Switching to the VBST Mode................................................................................................................ 859
16.8.7 Configuring a VBST Convergence Mode...............................................................................................................859
16.8.8 Configuring a Port as an Edge Port and BPDU Filter Port............................................................................. 860

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. xix

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching Contents

16.8.9 Verifying the Configuration of VBST Parameters That Affect VBST Convergence.................................861
16.9 Configuring Protection Functions of VBST.............................................................................................................. 862
16.9.1 Configuring BPDU Protection on the Switch.......................................................................................................862
16.9.2 Configuring TC Protection on the Switch............................................................................................................. 863
16.9.3 Configuring Root Protection on a Port................................................................................................................. 864
16.9.4 Configuring Loop Protection on a Port................................................................................................................. 864
16.9.5 Verifying the Configuration of VBST Protection Functions............................................................................ 865
16.10 Setting Parameters for Interworking Between a Huawei Datacom Device and a Non-Huawei Device
......................................................................................................................................................................................................... 866
16.11 Maintaining VBST.......................................................................................................................................................... 867
16.11.1 Displaying VBST Running Information and Statistics.................................................................................... 867
16.11.2 Clearing VBST Statistics........................................................................................................................................... 868
16.12 Example for Configuring VBST.................................................................................................................................. 868

17 SEP Configuration............................................................................................................. 878

17.1 Overview of SEP............................................................................................................................................................... 878
17.2 Understanding SEP.......................................................................................................................................................... 879
17.2.1 SEP Implementation.................................................................................................................................................... 879
17.2.2 Basic Concepts of SEP................................................................................................................................................. 882
17.2.3 SEP Implementation Mechanisms.......................................................................................................................... 886
17.3 Application Scenarios for SEP...................................................................................................................................... 900
17.3.1 Open Ring Networking............................................................................................................................................... 900
17.3.2 Closed Ring Networking.............................................................................................................................................901
17.3.3 Multi-Ring Networking............................................................................................................................................... 902
17.3.4 Hybrid SEP+MSTP Ring Networking...................................................................................................................... 903
17.3.5 Hybrid SEP+RRPP Ring Networking....................................................................................................................... 904
17.3.6 SEP Multi-Instance....................................................................................................................................................... 905
17.3.7 Association Between SEP and CFM........................................................................................................................ 906
17.4 Summary of SEP Configuration Tasks.......................................................................................................................907
17.5 Licensing Requirements and Limitations for SEP..................................................................................................909
17.6 Configuring SEP................................................................................................................................................................ 912
17.6.1 Configuring a SEP Segment...................................................................................................................................... 912
17.6.2 Configuring a Control VLAN..................................................................................................................................... 913
17.6.3 Configuring a Protected Instance............................................................................................................................914
17.6.4 Adding a Layer 2 Interface to a SEP Segment and Configuring a Role for the Interface................... 915
17.6.5 Verifying the Basic SEP Configuration................................................................................................................... 918
17.7 Specifying an Interface to Block................................................................................................................................. 918
17.7.1 Setting an Interface Blocking Mode.......................................................................................................................918
17.7.2 Configuring the Preemption Mode.........................................................................................................................920
17.7.3 Verifying the Configuration of Specifying an Interface to Block................................................................. 921
17.8 Configuring SEP Multi-Instance.................................................................................................................................. 921
17.9 Configuring the Topology Change Notification Function.................................................................................. 923
17.9.1 Reporting Topology Changes in a Lower-Layer Network - SEP Topology Change Notification....... 924

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. xx

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching Contents

17.9.2 Reporting Topology Changes in a Lower-Layer Network - Enabling the Devices in a SEP Segment
to Process SmartLink Flush Packets.................................................................................................................................... 925
17.9.3 Reporting Topology Changes in an Upper-Layer Network - Configuring Association Between SEP
and CFM........................................................................................................................................................................................ 926
17.9.4 Verifying the Configuration of the Topology Change Notification Function........................................... 927
17.10 Clearing SEP Statistics.................................................................................................................................................. 927
17.11 Configuration Examples for SEP............................................................................................................................... 927
17.11.1 Example for Configuring SEP on a Closed Ring Network............................................................................ 927
17.11.2 Example for Configuring SEP on a Multi-Ring Network.............................................................................. 934
17.11.3 Example for Configuring a Hybrid SEP+MSTP Ring Network.....................................................................946
17.11.4 Example for Configuring a Hybrid SEP+RRPP Ring Network......................................................................955
17.11.5 Example for Configuring SEP Multi-Instance................................................................................................... 967

18 RRPP Configuration.......................................................................................................... 976

18.1 Overview of RRPP............................................................................................................................................................ 976
18.2 Understanding RRPP....................................................................................................................................................... 979
18.2.1 Basic Concepts of RRPP.............................................................................................................................................. 979
18.2.2 RRPP Packets.................................................................................................................................................................. 983
18.2.3 Implementation of a Single RRPP Ring (When the Ring is Complete)......................................................986
18.2.4 Implementation of a Single RRPP Ring (When the Ring is Faulty)............................................................ 988
18.2.5 Implementation of a Single RRPP Ring (When the Fault is Rectified)...................................................... 990
18.2.6 Implementation of Multiple Rings..........................................................................................................................992
18.2.7 RRPP Multi-Instance.................................................................................................................................................. 1001
18.3 Application Scenarios for RRPP.................................................................................................................................1003
18.3.1 Application of a Single Ring................................................................................................................................... 1003
18.3.2 Application of Tangent RRPP Rings..................................................................................................................... 1004
18.3.3 Application of Intersecting RRPP Rings.............................................................................................................. 1005
18.3.4 Application of RRPP and STP................................................................................................................................. 1006
18.3.5 Application of Intersecting RRPP Rings of Multi-Instance on a MAN..................................................... 1006
18.3.6 Application of Tangent RRPP Rings of Multi-Instance on a MAN............................................................ 1008
18.3.7 Application of Multiple Instances Single-homed to an RRPP Aggregation Ring................................. 1009
18.3.8 Application of the RRPP Multi-instance Ring and Smart Link Network................................................. 1010
18.3.9 Application of RRPP Snooping............................................................................................................................... 1011
18.4 Summary of RRPP Configuration Tasks................................................................................................................. 1014
18.5 Licensing Requirements and Limitations for RRPP............................................................................................ 1015
18.6 Default Settings for RRPP........................................................................................................................................... 1018
18.7 Configuring RRPP...........................................................................................................................................................1018
18.7.1 Configuring Interfaces on an RRPP Ring............................................................................................................1019
18.7.2 Creating an RRPP Domain and the Control VLAN..........................................................................................1019
18.7.3 Creating an Instance................................................................................................................................................. 1021
18.7.4 Configuring a Protected VLAN.............................................................................................................................. 1021
18.7.5 Creating and Enabling an RRPP Ring.................................................................................................................. 1022
18.7.6 Enabling RRPP............................................................................................................................................................. 1023
18.7.7 (Optional) Creating a Ring Group........................................................................................................................1024

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. xxi

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching Contents

18.7.8 (Optional) Setting the Values of the Hello Timer and Fail Timer in an RRPP Domain.................... 1024
18.7.9 (Optional) Setting the Value of the Link-Up Timer....................................................................................... 1025
18.7.10 Verifying the RRPP Configuration...................................................................................................................... 1026
18.8 Configuring RRPP Snooping....................................................................................................................................... 1026
18.8.1 Enabling RRPP Snooping......................................................................................................................................... 1026
18.8.2 Configuring the VSI Associated with RRPP Snooping....................................................................................1027
18.8.3 Verifying the RRPP Snooping Configuration..................................................................................................... 1028
18.9 Clearing RRPP Statistics............................................................................................................................................... 1028
18.10 Configuration Examples for RRPP......................................................................................................................... 1029
18.10.1 Example for Configuring a Single RRPP Ring with a Single Instance....................................................1029
18.10.2 Example for Configuring Intersecting RRPP Rings with a Single Instance...........................................1033
18.10.3 Example for Configuring Tangent RRPP Rings.............................................................................................. 1044
18.10.4 Example for Configuring a Single RRPP Ring with Multiple Instances................................................. 1052
18.10.5 Example for Configuring Intersecting RRPP Rings with Multiple Instances........................................ 1061
18.10.6 Example for Configuring Tangent RRPP Rings with Multiple Instances............................................... 1078
18.11 Troubleshooting RRPP............................................................................................................................................... 1088
18.11.1 A Loop Occurs After the RRPP Configuration is Complete....................................................................... 1088
18.12 FAQ About RRPP.......................................................................................................................................................... 1089
18.12.1 Why Does a Broadcast Storm Occur When the Secondary Port of the Master Node Is Blocked?
....................................................................................................................................................................................................... 1089
18.12.2 Can Data Packets Be Blocked in the Control VLAN of RRPP?.................................................................. 1089

19 ERPS (G.8032) Configuration.......................................................................................1091

19.1 Overview of ERPS.......................................................................................................................................................... 1091
19.2 Understanding ERPS..................................................................................................................................................... 1093
19.2.1 Basic Concepts of ERPS............................................................................................................................................ 1093
19.2.2 RAPS PDUs....................................................................................................................................................................1100
19.2.3 ERPS Single-ring Implementation........................................................................................................................ 1102
19.2.4 ERPS Multi-ring Implementation.......................................................................................................................... 1106
19.2.5 ERPS Multi-instance.................................................................................................................................................. 1110
19.3 Application Scenarios for ERPS................................................................................................................................. 1111
19.4 Summary of ERPS Configuration Tasks..................................................................................................................1113
19.5 Licensing Requirements and Limitations for ERPS.............................................................................................1113
19.6 Default Settings for ERPS........................................................................................................................................... 1116
19.7 Configuring ERPSv1...................................................................................................................................................... 1116
19.7.1 Creating an ERPS Ring..............................................................................................................................................1116
19.7.2 Configuring the Control VLAN...............................................................................................................................1117
19.7.3 Configuring an ERP Instance and Activating the Mapping Between the ERP Instance and VLAN1118
19.7.4 Adding a Layer 2 Port to an ERPS Ring and Configuring the Port Role................................................. 1119
19.7.5 (Optional) Configuring Timers in an ERPS Ring............................................................................................. 1121
19.7.6 (Optional) Configuring the MEL Value.............................................................................................................. 1122
19.7.7 (Optional) Configuring Association Between ERPS and Ethernet CFM.................................................. 1123
19.7.8 Verifying the ERPSv1 Configuration.................................................................................................................... 1123

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. xxii

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching Contents

19.8 Configuring ERPSv2...................................................................................................................................................... 1124

19.8.1 Creating an ERPS Ring..............................................................................................................................................1124
19.8.2 Configuring the Control VLAN...............................................................................................................................1125
19.8.3 Configuring an ERP Instance and Activating the Mapping Between the ERP Instance and VLAN1126
19.8.4 Adding a Layer 2 Port to an ERPS Ring and Configuring the Port Role................................................. 1127
19.8.5 Configuring the Topology Change Notification Function............................................................................ 1129
19.8.6 (Optional) Configuring ERPS Protection Switching........................................................................................1130
19.8.7 (Optional) Configuring Timers in an ERPS Ring............................................................................................. 1131
19.8.8 (Optional) Configuring Association Between ERPS and Ethernet CFM.................................................. 1131
19.8.9 Verifying the ERPSv2 Configuration.................................................................................................................... 1132
19.9 Configuring the ERPS over VPLS Function............................................................................................................ 1133
19.10 Clearing ERPS Statistics............................................................................................................................................. 1134
19.11 Configuration Examples for ERPS.......................................................................................................................... 1135
19.11.1 Example for Configuring ERPS Multi-instance.............................................................................................. 1135
19.11.2 Example for Configuring Intersecting ERPS Rings........................................................................................1144
19.11.3 Example for Configuring ERPS over VPLS in Scenarios Where a CE Is Dual-Homed to PEs
(Through Ethernet Sub-interfaces)................................................................................................................................... 1152
19.11.4 Example for Configuring ERPS over VPLS in Scenarios Where a CE Is Dual-Homed to PEs
(Through VLANIF Interfaces).............................................................................................................................................. 1162
19.12 Troubleshooting ERPS................................................................................................................................................ 1173
19.12.1 Traffic Forwarding Fails in an ERPS Ring.........................................................................................................1173

20 LBDT Configuration........................................................................................................ 1174

20.1 Overview of LBDT.......................................................................................................................................................... 1174
20.2 Understanding LDT and LBDT................................................................................................................................... 1175
20.3 Application Scenarios for LDT and LBDT............................................................................................................... 1178
20.4 Licensing Requirements and Limitations for LDT and LBDT.......................................................................... 1180
20.5 Default Settings for LDT and LBDT......................................................................................................................... 1183
20.6 Configuring Automatic LBDT..................................................................................................................................... 1184
20.6.1 Enabling Automatic LBDT....................................................................................................................................... 1184
20.6.2 (Optional) Setting the Interval for Sending LBDT Packets.......................................................................... 1185
20.6.3 (Optional) Setting the Recovery Time of an Interface................................................................................. 1185
20.6.4 Verifying the Automatic LBDT Configuration...................................................................................................1186
20.7 Configuring Manual LBDT.......................................................................................................................................... 1186
20.7.1 Enabling Manual LBDT.............................................................................................................................................1186
20.7.2 (Optional) Setting the Interval for Sending LBDT Packets.......................................................................... 1188
20.7.3 Configuring an Action Taken After a Loop Is Detected................................................................................ 1189
20.7.4 (Optional) Setting the Recovery Time of an Interface................................................................................. 1190
20.7.5 Verifying the Manual LBDT Configuration........................................................................................................ 1191
20.8 Configuration Examples for LBDT............................................................................................................................ 1191
20.8.1 Example for Configuring LBDT to Detect Loopbacks on an Interface..................................................... 1191
20.8.2 Example for Configuring LBDT to Detect Loops on the Downstream Network.................................. 1193
20.8.3 Example for Configuring LBDT to Detect Loops on the Local Network................................................. 1195

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. xxiii

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching Contents

21 Layer 2 Protocol Transparent Transmission Configuration...................................1199

21.1 Overview of Layer 2 Protocol Transparent Transmission................................................................................. 1199
21.2 Understanding Layer 2 Protocol Transparent Transmission............................................................................1201
21.3 Application Scenarios for Layer 2 Protocol Transparent Transmission........................................................1206
21.4 Summary of Layer 2 Protocol Transparent Transmission Configuration Tasks........................................ 1207
21.5 Licensing Requirements and Limitations for Layer 2 Protocol Transparent Transmission................... 1208
21.6 Configuring Interface-based Layer 2 Protocol Transparent Transmission..................................................1212
21.6.1 (Optional) Defining Characteristic Information About a Layer 2 Protocol............................................1212
21.6.2 Configuring Layer 2 Protocol Transparent Transmission Mode..................................................................1213
21.6.3 Enabling Layer 2 Protocol Transparent Transmission on an Interface.....................................................1214
21.6.4 Verifying the Configuration of Interface-based Layer 2 Protocol Transparent Transmission.......... 1215
21.7 Configuring VLAN-based Layer 2 Protocol Transparent Transmission........................................................ 1215
21.7.1 (Optional) Defining Characteristic Information About a Layer 2 Protocol............................................1215
21.7.2 Configuring Layer 2 Protocol Transparent Transmission Mode..................................................................1216
21.7.3 Enabling VLAN-based Layer 2 Protocol Transparent Transmission on an Interface........................... 1218
21.7.4 Verifying the Layer 2 Protocol Transparent Transmission Configuration................................................1218
21.8 Configuring QinQ-based Layer 2 Protocol Transparent Transmission........................................................ 1219
21.8.1 (Optional) Defining Characteristic Information About a Layer 2 Protocol............................................1219
21.8.2 Configuring Layer 2 Protocol Transparent Transmission Mode..................................................................1220
21.8.3 Enabling QinQ-based Layer 2 Transparent Transmission on an Interface............................................. 1221
21.8.4 Verifying the Layer 2 Protocol Transparent Transmission Configuration................................................1222
21.9 Configuring VPLS-based Layer 2 Protocol Transparent Transmission......................................................... 1222
21.9.1 (Optional) Defining Characteristic Information About a Layer 2 Protocol............................................1222
21.9.2 Configuring Layer 2 Protocol Transparent Transmission Mode..................................................................1223
21.9.3 Enabling VPLS-based Layer 2 Protocol Transparent Transmission on an Interface............................ 1224
21.9.4 Verifying the Layer 2 Protocol Transparent Transmission Configuration................................................1226
21.10 Configuration Examples for Layer 2 Protocol Transparent Transmission................................................ 1226
21.10.1 Example for Configuring Interface-based Layer 2 Protocol Transparent Transmission...................1226
21.10.2 Example for Configuring VLAN-based Layer 2 Protocol Transparent Transmission......................... 1229
21.10.3 Example for Configuring QinQ-based Layer 2 Protocol Transparent Transmission..........................1234
21.10.4 Example for Configuring VPLS-based Layer 2 Protocol Transparent Transmission.......................... 1240
21.11 FAQ About Layer 2 Protocol Transparent Transmission.................................................................................1248
21.11.1 How Can I Configure BPDU Tunnel to Transparently Transmit BPDUs?.............................................. 1248
21.11.2 Can the Interfaces Not Enabled with the BPDU Function Send BPDUs?............................................. 1249
21.11.3 How to View and Change MAC Addresses of BPDUs?............................................................................... 1249
21.11.4 How Does a Switch Process BPDUs?.................................................................................................................1249

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. xxiv

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 1 Ethernet Switching Features Supported in This
Configuration Guide - Ethernet Switching Version

1 Ethernet Switching Features Supported

in This Version

The configuration modes supported by different models are as follows:

● S1720GW (without license), S1720GWR (without license) and S1720X
(without license): Web Configuration (For the web configuration, see
S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E, and S1720X-E
V200R011C10 Web System Guide.)
● S1720GW (license loaded), S1720GWR (license loaded), S1720X (license
loaded), S1720GW-E (license loaded), S1720GWR-E (license loaded) and
S1720X-E (license loaded): Web Configuration (For the web configuration, see
S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E, and S1720X-E
V200R011C10 Web System Guide) and CLI. CLI configuration supports the
following features.
● Other models: Web Configuration (For the web configuration, see S1720GFR,
S2700, S5700, and S6720 V200R011C10 Web System Guide) and CLI. CLI
configuration supports the following features.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 1 Ethernet Switching Features Supported in This
Configuration Guide - Ethernet Switching Version

Featur S1 S2 S5700 S5720 S5720 S5720 S6720 S6720 S6720

e 72 72 LI LI SI EI LI SI EI
0G 0EI S5700 S5720 S5720 S5720 S6720 S6720 S6720
FR S2 S-LI S-LI S-SI HI S-LI S-SI S-EI
S1 75 S5710 S5730
72 0EI -X-LI SI
0G
W S5730
S-EI
S1
72
0G
W
R
S1
72
0X
S1
72
0G
W-
E
S1
72
0G
W
R-E
S1
72
0X-
E

MAC Su Su Suppo Suppo Suppo Suppo Suppo Suppo Suppo

addres pp pp rted rted rted rted rted rted rted
s table ort ort
ed ed

Link Su Su Suppo Suppo Suppo Suppo Suppo Suppo Suppo

aggreg pp pp rted rted rted rted rted rted rted
ation ort ort
ed ed

VLAN Su Su Suppo Suppo Suppo Suppo Suppo Suppo Suppo

pp pp rted rted rted rted rted rted rted
ort ort
ed ed

VLAN No No Not Not Suppo Suppo Not Suppo Suppo

aggreg t t suppo suppo rted rted suppo rted rted
ation sup sup rted rted rted
por por
ted ted

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 2

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 1 Ethernet Switching Features Supported in This
Configuration Guide - Ethernet Switching Version

Featur S1 S2 S5700 S5720 S5720 S5720 S6720 S6720 S6720

e 72 72 LI LI SI EI LI SI EI
0G 0EI S5700 S5720 S5720 S5720 S6720 S6720 S6720
FR S2 S-LI S-LI S-SI HI S-LI S-SI S-EI
S1 75 S5710 S5730
72 0EI -X-LI SI
0G
W S5730
S-EI
S1
72
0G
W
R
S1
72
0X
S1
72
0G
W-
E
S1
72
0G
W
R-E
S1
72
0X-
E

MUX Su Su Suppo Suppo Suppo Suppo Suppo Suppo Suppo

VLAN pp pp rted rted rted rted rted rted rted
ort ort
ed ed

VLAN No No Not Not Not Suppo Not Not Suppo

termin t t suppo suppo suppo rted suppo suppo rted
ation sup sup rted rted rted rted rted
por por
ted ted

Voice Su Su Suppo Suppo Suppo Suppo Suppo Suppo Suppo

VLAN pp pp rted rted rted rted rted rted rted
ort ort
ed ed

QinQ Su Su Suppo Suppo Suppo Suppo Suppo Suppo Suppo

pp pp rted rted rted rted rted rted rted
ort ort
ed ed

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 3

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 1 Ethernet Switching Features Supported in This
Configuration Guide - Ethernet Switching Version

Featur S1 S2 S5700 S5720 S5720 S5720 S6720 S6720 S6720

e 72 72 LI LI SI EI LI SI EI
0G 0EI S5700 S5720 S5720 S5720 S6720 S6720 S6720
FR S2 S-LI S-LI S-SI HI S-LI S-SI S-EI
S1 75 S5710 S5730
72 0EI -X-LI SI
0G
W S5730
S-EI
S1
72
0G
W
R
S1
72
0X
S1
72
0G
W-
E
S1
72
0G
W
R-E
S1
72
0X-
E

VLAN Su Su Suppo Suppo Suppo Suppo Suppo Suppo Suppo

mappi pp pp rted rted rted rted rted rted rted
ng ort ort
ed ed

GVRP Su Su Suppo Suppo Suppo Suppo Suppo Suppo Suppo

pp pp rted rted rted rted rted rted rted
ort ort
ed ed

VCMP Su Su Suppo Suppo Suppo Suppo Suppo Suppo Suppo

pp pp rted rted rted rted rted rted rted
ort ort
ed ed

STP/ Su Su Suppo Suppo Suppo Suppo Suppo Suppo Suppo

RSTP pp pp rted rted rted rted rted rted rted
ort ort
ed ed

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 4

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 1 Ethernet Switching Features Supported in This
Configuration Guide - Ethernet Switching Version

Featur S1 S2 S5700 S5720 S5720 S5720 S6720 S6720 S6720

e 72 72 LI LI SI EI LI SI EI
0G 0EI S5700 S5720 S5720 S5720 S6720 S6720 S6720
FR S2 S-LI S-LI S-SI HI S-LI S-SI S-EI
S1 75 S5710 S5730
72 0EI -X-LI SI
0G
W S5730
S-EI
S1
72
0G
W
R
S1
72
0X
S1
72
0G
W-
E
S1
72
0G
W
R-E
S1
72
0X-
E

MSTP Su Su Suppo Suppo Suppo Suppo Suppo Suppo Suppo

pp pp rted rted rted rted rted rted rted
ort ort
ed ed

VBST Su Su Suppo Suppo Suppo Suppo Suppo Suppo Suppo

pp pp rted rted rted rted rted rted rted
ort ort
ed ed

SEP Su Su Suppo Suppo Suppo Suppo Suppo Suppo Suppo

pp pp rted rted rted rted rted rted rted
ort ort
ed ed
exc
ept
S1
72
0G
FR

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 5

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 1 Ethernet Switching Features Supported in This
Configuration Guide - Ethernet Switching Version

Featur S1 S2 S5700 S5720 S5720 S5720 S6720 S6720 S6720

e 72 72 LI LI SI EI LI SI EI
0G 0EI S5700 S5720 S5720 S5720 S6720 S6720 S6720
FR S2 S-LI S-LI S-SI HI S-LI S-SI S-EI
S1 75 S5710 S5730
72 0EI -X-LI SI
0G
W S5730
S-EI
S1
72
0G
W
R
S1
72
0X
S1
72
0G
W-
E
S1
72
0G
W
R-E
S1
72
0X-
E

ERPS Su Su Only Suppo Suppo Suppo Suppo Suppo Suppo

(G. pp pp suppo rted rted rted rted rted rted
8032) ort ort rted
ed ed by the
exc S5700
ept LI and
S1 S5710
72 -X-LI.
0G
FR

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 6

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 1 Ethernet Switching Features Supported in This
Configuration Guide - Ethernet Switching Version

Featur S1 S2 S5700 S5720 S5720 S5720 S6720 S6720 S6720

e 72 72 LI LI SI EI LI SI EI
0G 0EI S5700 S5720 S5720 S5720 S6720 S6720 S6720
FR S2 S-LI S-LI S-SI HI S-LI S-SI S-EI
S1 75 S5710 S5730
72 0EI -X-LI SI
0G
W S5730
S-EI
S1
72
0G
W
R
S1
72
0X
S1
72
0G
W-
E
S1
72
0G
W
R-E
S1
72
0X-
E

RRPP Su Su Suppo Suppo Suppo Suppo Suppo Suppo Suppo

pp pp rted rted rted rted rted rted rted
ort ort
ed ed
exc
ept
S1
72
0G
FR

LBDT Su Su Suppo Suppo Suppo Suppo Suppo Suppo Suppo

pp pp rted rted rted rted rted rted rted
ort ort
ed ed

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 7

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 1 Ethernet Switching Features Supported in This
Configuration Guide - Ethernet Switching Version

Featur S1 S2 S5700 S5720 S5720 S5720 S6720 S6720 S6720

e 72 72 LI LI SI EI LI SI EI
0G 0EI S5700 S5720 S5720 S5720 S6720 S6720 S6720
FR S2 S-LI S-LI S-SI HI S-LI S-SI S-EI
S1 75 S5710 S5730
72 0EI -X-LI SI
0G
W S5730
S-EI
S1
72
0G
W
R
S1
72
0X
S1
72
0G
W-
E
S1
72
0G
W
R-E
S1
72
0X-
E

Layer 2 Su Su Suppo Suppo Suppo Suppo Suppo Suppo Suppo

protoc pp pp rted rted rted rted rted rted rted
ol ort ort
transpa ed ed
rent
transm
ission

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 8

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 2 Ethernet Switching

2 Ethernet Switching

About This Chapter

Ethernet is a simple, cost-effective, and easy-to-implement LAN technology and

widely used.

2.1 Overview of Ethernet Switching

2.2 Basic Concepts of Ethernet
2.3 Switching on the Ethernet
2.4 Application Scenarios for Ethernet Switching

2.1 Overview of Ethernet Switching

Definition
The earliest Ethernet standard was the DEC-Intel-Xerox (DIX) standard jointly
developed by the Digital Equipment Corporation (DEC), Intel, and Xerox in 1982.
After years of development, Ethernet has become the most widely used local area
network (LAN) type, and many Ethernet standards have been put into use,
including standard Ethernet (10 Mbit/s), fast Ethernet (100 Mbit/s), gigabit
Ethernet (1000 Mbit/s), and 10G Ethernet (10 Gbit/s). IEEE 802.3 was defined
based on Ethernet and is compatible with Ethernet standards.

In the TCP/IP suite, the IP packet encapsulation format on an Ethernet network is

defined in RFC 894, and the IP packet encapsulation format on an IEEE 802.3
network is defined in RFC 1042. Currently, the format defined in RFC 894 is most
commonly used. This format is called Ethernet_II or Ethernet DIX.

NOTE

To distinguish Ethernet frames of the two types, Ethernet frames defined in RFC 894 are
called Ethernet_II frames and Ethernet frames defined in RFC 1042 IEEE 802.3 are called
frames in this document.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 9

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 2 Ethernet Switching

History
In 1972, when Robert Metcalfe (father of Ethernet) was hired by Xerox, his first
job was to connect computers in Xerox's Palo Alto Research Center (PARC) to the
Advanced Research Projects Agency Network (ARPANET), progenitor of the
Internet. In 1972 also, Robert Metcalfe designed a network to connect computers
in the PARC. That network was based on the Aloha system (a radio network
system) and connected many computers in the PARC, so Metcalfe originally
named the network Alto Aloha network. The Alto Aloha network started
operating in May 1973, and Metcalfe then gave it an official name Ethernet, which
is the prototype of Ethernet. The network operated at a rate of 2.94 Mbit/s and
used thick coaxial cable as transmission medium. In June 1976, Metcalfe and his
assistant David Boggs published a paper Ethernet Distributed Packet Switching for
Local Computer Networks. At the end of 1977, Metcalfe and his three co-workers
were gained a patent on "Multipoint data communication system with collision
detection." Since then, Ethernet was known to the public.

As Ethernet technology develops rapidly, Ethernet has become the most widely
used LAN technology and replaced most of other LAN standards, such as token
ring, fiber distributed data interface (FDDI), and attached resource computer
network (ARCNET). After rapid development of 100M Ethernet in the 20th
century, gigabit Ethernet and even 10G Ethernet are now expanding their
applications as promoted by international standardization organizations and
industry-leading enterprises.

Purpose
Ethernet is a universal communication protocol standard used for local area
networks (LANs). This standard defines the cable type and signal processing
method used for LANs.

Ethernet networks are broadcast networks established based on the Carrier Sense
Multiple Access with Collision Detection (CSMA/CD) mechanism. Collisions restrict
Ethernet performance. Early Ethernet devices such as hubs work at the physical
layer, and cannot confine collisions to a particular scope. This restricts network
performance improvement. Working at the data link layer, switches are able to
confine collisions to a particular scope. Switches help improve Ethernet
performance and have replaced hubs as mainstream Ethernet devices. However,
switches do not restrict broadcast traffic on the Ethernet. This affects Ethernet
performance. Dividing a LAN into virtual local area networks (VLANs) on switches
or using Layer 3 switches can solve this problem.

As a simple, cost-effective, and easy-to-implement LAN technology, Ethernet has

become the mainstream in the industry. Gigabit Ethernet and even 10G Ethernet
make Ethernet the most promising network technology.

2.2 Basic Concepts of Ethernet

2.2.1 Ethernet Network Layers

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 10

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 2 Ethernet Switching

Ethernet uses passive medium and transmits data in broadcast mode. It defines
protocols used on the physical layer and data link layer, interfaces between the
two layers, and interfaces between the data link layer and upper layers.

Physical Layer
The physical layer determines basic physical attributes of Ethernet, including data
coding, time scale, and electrical frequency.

The physical layer is the lowest layer in the Open Systems Interconnection (OSI)
reference model and is closest to the physical medium (communication channel)
that transmits data. Data is transmitted on the physical layer in binary bits (0 or
1). Transmission of bits depends on transmission devices and physical media, but
the physical layer does not refer to a specific physical device or a physical media.
Actually, the physical layer is located above a physical medium and provides the
data link layer with physical connections to transmit original bit streams.

Data Link Layer

The data link layer is the second layer in the OSI reference model, located
between the physical layer and network layer. The data link layer obtains service
from the physical layer and provides service for the network layer. The basic
service that the data link layer provides is to reliably transmit data from the
network layer of a source device to the network layer of an adjacent destination
device.

The physical layer and data link layer depend on each other. Therefore, different
working modes of the physical layer must be supported by corresponding data
link layer modes. This hinders Ethernet design and application.

Some organizations and vendors propose to divide the data link layer into two
sub-layers: the Media Access Control (MAC) sub-layer and the Logical Link Control
(LLC) sub-layer. Then different physical layers correspond to different MAC sub-
layers, and the LLC sub-layer becomes totally independent, as shown in Figure
2-1.

Figure 2-1 Hierarchy of Ethernet data link layer

The following sections describe concepts involved in the physical layer and data
link layer.

2.2.2 Overview of Ethernet Cable Standards

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 11

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 2 Ethernet Switching

Overview of Ethernet Cable Standards

Currently, mature Ethernet physical layer standards are:

● 10BASE-2
● 10BASE-5
● 10BASE-T
● 10BASE-F
● 100BASE-T4
● 100BASE-TX
● 100BASE-FX
● 1000BASE-SX
● 1000BASE-LX
● 1000BASE-TX
● 10GBASE-T
● 10GBASE-LR
● 10GBASE-SR

In the preceding standards, 10, 100, 1000 and 10G stand for transmission rates,
and BASE represents baseband.

● 10M Ethernet cable standards

Table 2-1 lists the 10M Ethernet cable standards defined in IEEE 802.3.

Table 2-1 10M Ethernet cable standards

Name Cable Maximum

Transmission Distance

10BASE-5 Thick coaxial cable 500 m

10BASE-2 Thin coaxial cable 200 m

10BASE-T Twisted pair cable 100 m

10BASE-F Fiber 2000 m

NOTE

Coaxial cables have a fatal defect: Devices are connected in series and therefore a
single-point failure can cause the breakdown of the entire network. As the physical
standards of coaxial cables, 10BASE-2 and 10BASE-5 have fallen into disuse.
● 100M Ethernet cable standards
100M Ethernet is also called Fast Ethernet (FE). Compared with 10M Ethernet,
100M Ethernet has a faster transmission rate at the physical layer, but they
have no difference at the data link layer.
Table 2-2 lists the 100M Ethernet cable standards.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 12

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 2 Ethernet Switching

Table 2-2 100M Ethernet cable standards

Name Cable Maximum
Transmission Distance

100Base-T4 Four pairs of Category 3 100 m

twisted pair cables

100Base-TX Two pairs of Category 5 100 m

twisted pair cables

100Base-FX Single-mode fiber or multi- 2000 m

mode fiber

Both 10Base-T and 100Base-TX apply to Category 5 twisted pair cables. They
have different transmission rates. The 10Base-T transmits data at 10 Mbit/s,
whereas the 100Base-TX transmits data at 100 Mbit/s.
The 100Base-T4 is rarely used now.
● Gigabit Ethernet cable standards
Gigabit Ethernet is developed on the basis of the Ethernet standard defined in
IEEE 802.3. Based on the Ethernet protocol, Gigabit Ethernet increases the
transmission rate to 10 times the FE transmission rate, reaching 1 Gbit/s.
Table 2-3 lists the Gigabit Ethernet cable standards.

Table 2-3 Gigabit Ethernet cable standards

Interface Name Cables Maximum
Transmission Distance

1000Base-LX Single-mode fiber or multi- 316 m

mode fiber

1000Base-SX Multi-mode fiber 316 m

1000Base-TX Category 5 twisted pair 100 m

cable

Gigabit Ethernet technology can upgrade the existing Fast Ethernet from 100
Mbit/s to 1000 Mbit/s.
The physical layer of Gigabit Ethernet uses 8B10B coding. In traditional
Ethernet technology, the data link layer delivers 8-bit data sets to its physical
layer. After processing the data sets, the physical layer sends them to the data
link layer. The data sets are still 8 bits after processing.
The situation is different on the Gigabit Ethernet of optical fibers. The
physical layer maps the 8-bit data sets transmitted from the data link layer to
10-bit data sets and then sends them out.
● 10G Ethernet cable standards

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 13

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 2 Ethernet Switching

10G Ethernet is currently defined in supplementary standard IEEE 802.3ae,

which will be combined with IEEE 802.3 later. Table 2-4 lists the 10G Ethernet
cable standards.

Table 2-4 10G Ethernet cable standards

Name Cables Maximum

Transmission Distance

10GBASE-T CAT-6A or CAT-7 100 m

10GBase-LR Single-mode optical fiber 10 km

10GBase-SR Multi-mode optical fiber Several hundred meters

● 100G Ethernet cable standards

The standard for 40G/100G Ethernet is defined in IEEE 802.3ba, which was
published in 2010. 100G Ethernet will be widely used as network technologies
develop.

2.2.3 CSMA/CD
● Definition of CSMA/CD
Ethernet was originally designed to connect computers and other digital
devices on a shared physical line. The computers and digital devices can
access the shared line only in half-duplex mode. Therefore, a mechanism of
collision detection and avoidance is required to prevent multiple devices from
contending for the line. This mechanism is called the Carrier Sense Multiple
Access with Collision Detection (CSMA/CD).
The concept of CSMA/CD is described as follows:
– Carrier sense (CS)
Before transmitting data, a station checks whether the line is idle to
reduce chances of collision.
– Multiple access (MA)
Data sent by a station can be received by multiple stations.
– Collision detection (CD)
If two stations transmit electrical signals at the same time, the voltage
amplitude doubles the normal amplitude as signals of the two stations
accumulate. The situation results in collision.
The stations stop transmission after detecting the collision, and resume
the transmission after a random delay.
● CSMA/CD working process
CSMA/CD works as follows:
a. A station continuously detects whether the shared line is idle.

▪ If the line is idle, the station sends data.

▪ If the line is in use, the station waits until the line becomes idle.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 14

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 2 Ethernet Switching

b. If two stations send data at the same time, a collision occurs on the line,
and signals on the line become unstable.
c. After detecting the instability, the station immediately stops sending
data.
d. The station sends a series of disturbing pulses. After a period of time, the
station resumes the data transmission.
The station sends disturbing pulses to inform other stations, especially
the station that sends data at the same time, that a collision occurred on
the line.
After detecting a collision, the station waits for a random period of time,
and then resumes the data transmission.

2.2.4 Minimum Frame Length and Maximum Transmission

Distance
Due to the limitation of the CSMA/CD algorithm, an Ethernet frame must be
longer than or equal to a specified length. On the Ethernet, the minimum frame
length is 64 bytes, which is determined jointly by the maximum transmission
distance and the collision detection mechanism.
The use of minimum frame length can prevent the following situation: station A
finishes sending the last bit, but the first bit does not arrive at station B, which is
far from station A. Station B considers that the line is idle and begins to send data,
leading to a collision.

Figure 2-2 Ethernet_II frame format

6bytes 6bytes 2bytes 46~1500bytes 4bytes
DMAC SMAC Type Data CRC

The upper layer protocol must ensure that the Data field of a packet contains at
least 46 bytes, so that the total length of the Data field, the 14-byte Ethernet
frame header, and the 4-byte check code at the frame tail can reach the minimum
frame length, as shown in Figure 2-2. If the Data field is less than 46 bytes, the
upper layer must pad the field to 46 bytes.

2.2.5 Duplex Modes of Ethernet

The physical layer of Ethernet can work in either half-duplex or full-duplex mode.
● Half-duplex mode
The half-duplex mode has the following features:
– Data only be sent or received at any time.
– The CSMA/CD mechanism is used.
– The maximum transmission distance is limited.
Hubs work in half-duplex mode.
● Full-duplex mode

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 15

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 2 Ethernet Switching

After Layer 2 switches replace hubs, the shared Ethernet changes to the
switched Ethernet, and the half-duplex mode is replaced by the full-duplex
mode. As a result, the transmission rate increases greatly, and the maximum
throughput doubles the transmission rate.
The full-duplex mode solves the problem of collisions and eliminates the need
for the CSMA/CD mechanism.
The full-duplex mode has the following features:
– Data can be sent and received at the same time.
– The maximum throughput doubles the transmission rate.
– This mode does not have the limitation on the transmission distance.
All network cards, Layer 2 devices (except hubs), and Layer 3 devices
produced support the full-duplex mode.
The following hardware components are required to realize the full-duplex
mode:
– Full-duplex network cards and chips
– Physical media with separate data transmission and receiving channels
– Point-to-point connection

2.2.6 Auto-Negotiation of Ethernet

● Purpose of auto-negotiation
The earlier Ethernet adopts the 10 Mbit/s half-duplex mode; therefore,
mechanisms such as CSMA/CD are required to guarantee system stability.
With development of technologies, the full-duplex mode and 100M Ethernet
emerge, which greatly improve the Ethernet performance. How to achieve the
compatibility between the earlier and new Ethernet networks becomes a new
problem.
The auto-negotiation technology is introduced to solve this problem. In auto-
negotiation, the devices on two ends of a link can choose the same operation
parameters by exchanging information. The main parameters to be
negotiated are mode (half-duplex or full-duplex), speed, and flow control.
After the negotiation succeeds, the devices on two ends operate in the
negotiated mode and rate.
The auto-negotiation of duplex mode and speed is defined in the following
standards:
– 100M Ethernet standard: IEEE 802.3u
In IEEE 802.3u, auto-negotiation is defined as an optional function.
– Gigabit Ethernet standard: IEEE 802.3z
In IEEE 802.3z, auto-negotiation is defined as a mandatory and default
function.
● Principle of auto-negotiation
Auto-negotiation is an Ethernet procedure by which two connected devices
choose common transmission parameters. It allows a network device to
transmit the supported operating mode to the peer and receives the operating
mode from the peer. In this process, the connected devices first share their
capabilities regarding these parameters and then choose the highest
performance transmission mode they both support.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 16

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 2 Ethernet Switching

When no data is transmitted over a twisted pair on an Ethernet network,

pulses of high frequency are transmitted at an interval of 16 ms to maintain
the connections at the link layer. These pulses form a Normal Link Pulse
(NLP) code stream. Some pulses of higher frequency can be inserted in the
NLP to transmit more information. These pulses form a Fast Link Pulse (FLP)
code stream, as shown in Figure 2-3. The basic mechanism of auto-
negotiation is to encapsulate the negotiation information into FLP.

Figure 2-3 Pulse insertion

Similar to an Ethernet network that uses twisted pair cables, an Ethernet

network that uses optical modules and optical fibers also implements auto-
negotiation by sending code streams. These code streams are called
Configuration (C) code streams. Different from electrical interfaces, optical
interfaces do not negotiate traffic transmission rates and they work in duplex
mode. Optical interfaces only negotiate flow control parameters.
If auto-negotiation succeeds, the Ethernet card activates the link. Then, data
can be transmitted on the link. If auto-negotiation fails, the link is
unavailable.
If one end does not support auto-negotiation, the other end that supports
auto-negotiation adopts the default operating mode, which is generally 10
Mbit/s half-duplex.
Auto-negotiation is implemented based on the chip design at the physical
layer. As defined in IEEE 802.3, auto-negotiation is implemented in any of the
following cases:
– A faulty link recovers.
– A device is power recycled.
– Either of two connected devices resets.
– A renegotiation request packet is received.
In other cases, two connected devices do not always send auto-negotiation
code streams. Auto-negotiation does not use special packets or bring
additional protocol costs.
● Auto-negotiation rules for interfaces
Two connected interfaces can communicate with each other only when they
are working in the same working mode.
– If both interfaces work in the same non-auto-negotiation mode, the
interfaces can communicate.
– If both interfaces work in auto-negotiation mode, the interfaces can
communicate through negotiation. The negotiated working mode
depends on the interface with lower capability (specifically, if one

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 17

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 2 Ethernet Switching

interface works in full-duplex mode and the other interface works in half-
duplex mode, the negotiated working mode is half-duplex). The auto-
negotiation function also allows the interfaces to negotiate about the
flow control function.
– If a local interface works in auto-negotiation mode and the remote
interface works in a non-auto-negotiation mode, the negotiated working
mode of the local interface depends on the working mode of the remote
interface.

2.2.7 Collision Domain and Broadcast Domain

Collision Domain
On a legacy Ethernet network using thick coaxial cables as a transmission
medium, multiple nodes on a shared medium share the bandwidth on the link and
compete for the right to use the link. A network collision occurs when more than
one node attempts to send a packet on this link at the same time. The Carrier
Sense Multiple Access with Collision Detection (CSMA/CD) mechanism is used to
solve the problem of collisions. Once a collision occurs on a link, the CSMA/CD
mechanism prevents data transmission on this link within a specified time.
Collisions are inevitable on an Ethernet network, and the probability that collision
occurs increases when more nodes are deployed on a shared medium. All nodes
on a shared medium constitute a collision domain. All the nodes in a collision
domain compete for bandwidth. Packets sent from a node, including unicast,
multicast, and broadcast packets, can reach all the other nodes in the collision
domain.

Broadcast Domain
Packets are broadcast in a collision domain, which results in a low bandwidth
efficiency and degrades packet processing performance of network devices.
Therefore, broadcasting of packets must be restricted. For example, the ARP
protocol sends broadcast packets to obtain MAC addresses mapping specified IP
addresses. The all 1s MAC address FFFF-FFFF-FFFF is the broadcast MAC address.
All nodes must process data frames with this MAC address as the destination MAC
address. A broadcast domain is a group of nodes, among which broadcast packet
from one node can reach all the other nodes. A network bridge forwards unicast
packets according to its MAC address table and forwards broadcast packets to all
its ports. Therefore, nodes connected to all ports of a bridge belong to a broadcast
domain, but each port belongs to a different collision domain.

2.2.8 MAC Sub-layer

Functions of the MAC Sub-layer

The MAC sub-layer has the following functions:

● Provides access to physical links.

The MAC sub-layer is associated with the physical layer. That is, different MAC
sub-layers provide access to different physical layers.
Ethernet has two types of MAC sub-layers:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 18

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 2 Ethernet Switching

– Half-duplex MAC: provides access to the physical layer in half-duplex

mode.
– Full-duplex MAC: provides access to the physical layer in full-duplex
mode.
The two types of MAC sub-layers are integrated in a network interface card.
After the network interface card is initialized, auto-negotiation is performed
to choose an operation mode, and then a MAC sub-layer is chosen according
to the operation mode.
● Identifies stations at the data link layer.
The MAC sub-layer reserves a unique MAC address for each station.
The MAC sub-layer uses a MAC address to uniquely identify a station.
MAC addresses are managed by Institute of Electrical and Electronics
Engineers (IEEE) and allocated in blocks. An organization, generally a device
manufacturer, obtains a unique address block from IEEE. The address block is
called an Organizationally Unique Identifier (OUI). Using the OUI, the
organization can allocate MAC addresses to 16777216 devices.
A MAC address has 48 bits, which are generally expressed in 12-digit
hexadecimal notation. For example, the 48-bit MAC address
000000001110000011111100001110011000000000110100 is represented by
00e0:fc39:8034.
The first 6 digits in hexadecimal notation stand for the OUI, and the last 6
digits are allocated by the vendor. For example, in 00e0:fc39:8034, 00e0:fc is
the OUI allocated by IEEE to Huawei, and 39:8034 is the address number
allocated by Huawei.
The second bit of a MAC address indicates whether the address is globally
unique or locally unique. Ethernet uses globally unique MAC addresses.
MAC addresses are divided into the following types:
– Physical MAC address
A physical MAC address is burned into hardware (such as a network
interface card) and uniquely identifies a terminal on the Ethernet.
– Broadcast MAC address
A broadcast MAC address indicates all the terminals on a network.
The 48 bits of a broadcast MAC address are all 1s, such as ffff.ffff.ffff.
– Multicast MAC address
A multicast MAC address indicates a group of terminals on a network.
The eighth bit of a multicast MAC address is 1, such as
000000011011101100111010101110101011111010101000.
● Transmits data over the data link layer. After receiving data from the LLC sub-
layer, the MAC sub-layer adds the MAC address and control information to
the data, and then transmits the data to the physical link. In the process, the
MAC sub-layer provides other functions such as the check function.
Data is transmitted at the data link layer as follows:
a. The upper layer delivers data to the MAC sub-layer.
b. The MAC sub-layer stores the data in the buffer.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 19

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 2 Ethernet Switching

c. The MAC sub-layer adds the destination MAC address and source MAC
address to the data, calculates the length of the data frame, and forms
an Ethernet frame.
d. The Ethernet frame is sent to the peer according to the destination MAC
address.
e. The peer compares the destination MAC address with entries in the MAC
address table.

▪ If a matching entry is found, the frame is accepted.

▪ If no matching entry is found, the frame is discarded.

The preceding describes frame transmission in unicast mode. After an upper-
layer application is added to a multicast group, the data link layer generates a
multicast MAC address according to the application, and then adds the
multicast MAC address to the MAC address table. The MAC sub-layer receives
frames with the multicast MAC address and transmits the frames to the upper
layer.

Ethernet Frame Structure

● Format of an Ethernet_II frame

Figure 2-4 Format of an Ethernet_II frame

6bytes 6bytes 2bytes 46~1500bytes 4bytes
DMAC SMAC Type Data CRC

Table 2-5 describes the fields in an Ethernet_II frame.

Table 2-5 Fields in an Ethernet_II frame

Field Description

DMAC It indicates the destination MAC address. DMAC specifies

the receiver of the frame.

SMAC It indicates the source MAC address. SMAC specifies the

station that sends the frame.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 20

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 2 Ethernet Switching

Field Description

Type The 2-byte Type field identifies the upper layer protocol of
the Data field. The receiver can know the meaning of the
Data field according to the Type field.
Ethernet allows multiple protocols to coexist on a LAN. The
hexadecimal values in the Type field of an Ethernet_II frame
stand for different protocols.
● Frames with the Type field value 0800 are IP frames.
● Frames with the Type field value 0806 are Address
Resolution Protocol (ARP) frames.
● Frames with the Type field value 8035 are Reverse
Address Resolution Protocol (RARP) frames.
● Frames with the Type field value 8137 are Internetwork
Packet Exchange (IPx) and Sequenced Packet Exchange
(SPx) frames.

Data The minimum length of the Data field is 46 bytes, which

ensures that the frame is at least 64 bytes in length. The
46-byte Data field is required even if only 1-byte
information needs to be transmitted.
If the payload of the Data field is less than 46 bytes, the
Data field must be padded to 46 bytes.
The maximum length of the Data field is 1500 bytes.

CRC The Cyclic Redundancy Check (CRC) field provides an error

detection mechanism.
Each sending device calculates a CRC code containing the
DMAC, SMAC, Type, and Data fields. Then the CRC code is
filled into the 4-byte CRC field.

The fields of a Ethernet_II frame are described as follows:

– DMAC
It indicates the destination MAC address. DMAC specifies the receiver of
the frame.
– SMAC
It indicates the source MAC address. SMAC specifies the station that
sends the frame.
– Type
The 2-byte Type field identifies the upper layer protocol of the Data field.
The receiver can know the meaning of the Data field according to the
Type field.
Ethernet allows multiple protocols to coexist on a LAN. The hexadecimal
values in the Type field of an Ethernet_II frame stand for different
protocols.

▪ Frames with the Type field value 0800 are IP frames.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 21

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 2 Ethernet Switching

▪ Frames with the Type field value 0806 are Address Resolution
Protocol (ARP) frames.

▪ Frames with the Type field value 8035 are Reverse Address
Resolution Protocol (RARP) frames.

▪ Frames with the Type field value 8137 are Internetwork Packet
Exchange (IPx) and Sequenced Packet Exchange (SPx) frames.
– Data
The minimum length of the Data field is 46 bytes, which ensures that the
frame is at least 64 bytes in length. The 46-byte Data field is required
even if only 1-byte information needs to be transmitted.
If the payload of the Data field is less than 46 bytes, the Data field must
be padded to 46 bytes.
The maximum length of the Data field is 1500 bytes.
– CRC
The Cyclic Redundancy Check (CRC) field provides an error detection
mechanism.
Each sending device calculates a CRC code containing the DMAC, SMAC,
Type, and Data fields. Then the CRC code is filled into the 4-byte CRC
field.
● Format of an IEEE 802.3 frame

Figure 2-5 Format of an IEEE 802.3 frame

6byte 6byte 2byte 38~1492byte 4byte

DMAC SMAC Length LLC SNAP Data CRC

DSAP SSAP Control org code Type

1byte 1byte 1byte 3byte 2byte

As shown in Figure 2-5, the format of an IEEE 802.3 frame is similar to that
of an Ethernet_II frame except that the Type field is changed to the Length
field in an IEEE 802.3 frame, and the LLC field and the Sub-Network Access
Protocol (SNAP) field occupy 8 bytes of the Data field.

Table 2-6 Format of an IEEE 802.3 frame

Field Description

Length The Length field specifies the number of bytes in the Data
field.

LLC The LLC field consists of three sub-fields: Destination Service

Access Point (DSAP), Source Service Access Point (SSAP),
and Control.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 22

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 2 Ethernet Switching

Field Description

SNAP The SNAP field consists of the Org Code field and the Type
field. Three bytes in the Org Code field are all 0s. The Type
field functions the same as the Type field in Ethernet_II
frames.

NOTE

For description about other fields, see the description of Ethernet_II frames.
Based on the values of DSAP and SSAP, IEEE 802.3 frames can be divided into
the following types:
– If DSAP and SSAP are both 0xff, the IEEE 802.3 frame changes to a
Netware-Ethernet frame that carries NetWare data.
– If DSAP and SSAP are both 0xaa, the IEEE 802.3 frame changes to an
Ethernet_SNAP frame.
Ethernet_SNAP frames can be encapsulated with data of multiple
protocols. The SNAP can be considered as an extension of the Ethernet
protocol. SNAP allows vendors to define their own Ethernet transmission
protocols.
The Ethernet_SNAP standard is defined by IEEE 802.1 to guarantee
interoperability between IEEE 802.3 LANs and Ethernet networks.
– Other values of DSAP and SSAP indicate IEEE 802.3 frames.

2.2.9 LLC Sub-layer

The MAC sub-layer supports two types of frame: IEEE 802.3 frames and Ethernet_II
frames. In an Ethernet_II frame, the Type field identifies the upper layer protocol.
Therefore, only the MAC sub-layer is required on a device, and the LLC sub-layer
does not need to be realized.
In an IEEE 802.3 frame, the LLC sub-layer defines useful features in addition to
traditional services of the data link layer. All these features are provided by the
sub-fields of DSAP, SSAP, and Control.
The following lists three types of point-to-point services:
● Connectionless service
Currently, the Ethernet implements this service.
● Connection-oriented service
A connection is set up before data is transmitted. The reliability of data is
guaranteed during the transmission.
● Connectionless data transmission with acknowledgement
A connection is not required before data transmission. The acknowledgement
mechanism is used to improve the reliability.
The following is an example that describes the applications of SSAP and DSAP.
Assume that terminals A and B use connection-oriented services. Data is
transmitted in the following process:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 23

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 2 Ethernet Switching

1. A sends a frame to B to require the establishment of a connection with B.

2. If B has enough resources, it returns an acknowledgement message that
contains a Service Access Point (SAP). The SAP identifies the connection
required by A.
3. After receiving the acknowledgement message, A knows that B has set up a
local connection with A. After creating the SAP, A sends a message containing
the SAP to B. The connection is set up.
4. The LLC sub-layer of A encapsulates the data into a frame. The DSAP field is
filled in with the SAP sent by B; the SSAP field is filled in with the SAP created
by A. Then the LLC sub-layer sends the frame to the MAC sub-layer of A.
5. The MAC sub-layer of A adds the MAC address and the Length field into the
frame, and then sends the frame to the data link layer.
6. After the frame is received at the MAC sub-layer of B, the frame is
transmitted to the LLC sub-layer. The LLC sub-layer figures out the connection
to which the frame belongs according to the DSAP field.
7. After checking and acknowledging the frame based on the connection type,
the LLC sub-layer of B transmits the frame to the upper layer.
8. After the frame reaches its destination, A instructs B to release the connection
by sending a frame. At this time, the communications end.

2.3 Switching on the Ethernet

2.3.1 Layer 2 Switching

A Layer 2 device works at the second layer of the OSI model and forwards data
packets based on media access control (MAC) addresses. Ports on a Layer 2 device
send and receive data independently and belong to different collision domains.
Collision domains are isolated at the physical layer so that collisions will not occur
between hosts (or networks) connected through this Layer 2 device due to uneven
traffic rates on these hosts (or networks).
A Layer 2 device parses and learns source MAC addresses of Ethernet frames and
maintains a mapping table of MAC addresses and ports. This table is called a MAC
address table. When receiving an Ethernet frame, the device searches for the
destination MAC address of the frame in the MAC table to determine through
which port to forward this frame.
1. When the Layer 2 device receives an Ethernet frame, it records the source
MAC address and the inbound port of the frame in the MAC address table to
guide Layer 2 forwarding. If the same MAC address entry exists in the MAC
address table, the device resets the aging time of the entry. An aging
mechanism is used to maintain entries in the MAC address table. Entries that
are not updated within the aging time are deleted from the MAC address
table.
2. The device determines whether the destination MAC address is a broadcast
address.
a. If the destination MAC address is a broadcast address, the device
forwards the frame to all its ports except the port from which the frame
is received.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 24

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 2 Ethernet Switching

b. If the destination MAC address is not a broadcast address, the device

looks up the MAC address table based on the destination MAC address of
the Ethernet frame. If a matching entry is found in the MAC address
table, the device forwards the frame to the port specified in the entry. If
no matching entry is found, the device forwards the frame to all its ports
except the port from which the frame is received.
According to the preceding forwarding process, a Layer 2 device maintains a MAC
address table and forwards Ethernet frames based on destination MAC addresses.
This forwarding mechanism fully uses network bandwidth and improves network
performance. Figure 2-6 shows an example of Layer 2 switching

Figure 2-6 Layer 2 switching example

MAC Address Port
MAC A Port1

MAC Address Port PC B

ata
MAC A Port1 pe D
A C A Ty
C M
MAC C Port3
MAC
PC A MAC A MAC C Type Data

Port 1 Port 2
MAC
A M
AC C
Port 3 Type
Data
MA
MAC C MAC A Type Data CC
MA
CA
Typ
e
Da
ta PC C

Although Layer 2 devices can isolate collision domains, they cannot isolate
broadcast domains. As described in the Layer 2 forwarding process, broadcast
packets and packets that do not match nay entry in the MAC address table are
forwarded to all ports (except the port from which the frame is received). Packet
broadcasting consumes much bandwidth on network links and brings security
issues. Routers can isolate broadcast domains, but high costs and low forwarding
performance of routers limit the application of routers in Layer 2 forwarding. The
virtual local area network (VLAN) technology is introduced to solve this problem
in Layer 2 switching.

2.3.2 Layer 3 Switching

Background of Layer 3 Switches
In early stage of network deployment, most local area networks (LANs) were
established using Layer 2 switches, and routers completed communication
between LANs. At that time, intra-LAN traffic accounted for most of network
traffic and little traffic was transmitted between LANs. A few routers were enough
to handle traffic transmission between LANs.
As data communication networks expand and more services emerge on the
networks, increasing traffic needs to be transmitted between networks. Routers
cannot adapt to this development trend because of their high costs, low

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 25

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 2 Ethernet Switching

forwarding performance, and small port quantities. New devices capable of high-
speed Layer 3 forwarding are required. Layer 3 switches are such devices.
Switches cannot replace routers in all scenarios because routers provide rich
interface types, good service class control, and powerful routing capabilities that
Layer 3 switches cannot provide.

Layer 3 Forwarding Mechanism

Layer 3 switches divide a Layer 2 network into multiple VLANs. They implement
Layer 2 switching within the VLANs and Layer 3 IP connectivity between VLANs.
Two hosts on different networks communicate with each other through the
following process:
1. Before the source host starts communicating with the destination host, it
compares its own IP address with the IP address of the destination host. If IP
addresses of the two hosts have the same network ID (calculated by an AND
operation between the IP addresses and masks), the hosts are located on the
same network segment. In this case, the source host sends an Address
Resolution Protocol (ARP) request to the destination host. After receiving an
ARP reply from the destination host, the source host obtains the MAC address
of the destination host and sends packets to this destination MAC address.
2. If the source and destination hosts are located on different network segments,
the source host sends an ARP request to obtain the MAC address mapping the
gateway IP address. After receiving an ARP reply from the gateway, the source
host sends packets to the MAC address of the gateway. In these packets, the
source IP address is the IP address of the source host, and destination IP
address is still the IP address of the destination host.
The following is the detailed Layer 3 switching process.
As shown in Figure 2-7, the source and destination hosts connect to the same
Layer 3 switch but belong to different VLANs (network segments). Both the two
hosts are located on the directly connected network segments of the Layer 3
switch, so the routes to the IP addresses of the hosts are direct routes.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 26

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 2 Ethernet Switching

Figure 2-7 Layer 3 forwarding

2.The L3 Switch 6.The L3 Switch

3.PC A receives the receives the ARP records MAC
ARP Reply packet, Request packet,records Address entry, ARP
records the ARP the MAC Address entry 5.PC B receives
entry, and Layer 3
entry, and and ARP entry,and the ARP Request
forwarding entry,
encapsulates the sends an ARP Reply packet, records
and sends an ICMP
ICMP request packet. the ARP entry, 7.After receives
Request packet of
packet. and sends ARP the ICMP Reques
PC A.
Reply packet. packet of PC A,
PC B sends an
IF_3 IF_1 IF_2 IF_4 ICMP Reply
ICMP Req ICMP Req packet to PC A.
ARP Reply ARP Reply
ARP Req ARP Req
PC A L3 Switch PC B
MAC A 1.PC A finds that the MAC Switch MAC B
4.The L3 Swittch failds to
IP:10.1.1.2 destination IP address VLAN 2 VLAN 3 IP:10.2.1.2
match the packet with the
GW:10.1.1.1 is not on the same 10.1.1.1 10.2.1.1 Layer 3 forwarding entry GW:10.2.1.1
network segment as
and sends an ARP Request
itself and needs to
packet to all interfaces in
forward packets at
VLAN 3 correspongding to
Layer 3.PC A sends an
the destinatino network
ARP Request packet.
segment.

MAC Table ARP Table

MAC
MAC Address
Address VLAN
VLAN ID
ID Port
Port IP
IP Address
Address MAC
MAC Address
Address VLAN
VLAN ID
ID Port
Port
MAC
MAC A
A 2
2 IF_1
IF_1 10.1.1.2
10.1.1.2 MAC
MAC A
A 2
2 IF_1
IF_1

MAC
MAC Address
Address VLAN
VLAN ID
ID Port
Port IP
IP Address
Address MAC
MAC Address
Address VLAN
VLAN ID
ID Port
Port
MAC
MAC A
A 2
2 IF_1
IF_1 10.1.1.2
10.1.1.2 MAC
MAC A
A 2
2 IF_1
IF_1
MAC
MAC B
B 3
3 IF_2
IF_2 10.2.1.2
10.2.1.2 MAC
MAC B
B 3
3 IF_2
IF_2

Figure 2-7 shows the MAC addresses, IP addresses, and gateway addresses of the
hosts, MAC address of the Layer 3 switch, and IP addresses of Layer 3 interfaces
configured in VLANs on the Layer 3 switch. The process of a ping from PC A to PC
B is as follows (the Layer 3 switch has not created any MAC address entry):
1. PC A finds that the destination IP address 10.2.1.2 (PC B) is on a different
network segment than its own IP address. Therefore, PC A sends an ARP
request to request for the MAC address mapping the gateway address
10.1.1.1.
2. L3 Switch receives the ARP request from PC A and finds that 10.1.1.1 is the IP
address of its own Layer 3 interface. L3 switch then sends an ARP reply to PC
A. The ARP reply carries the MAC address of its Layer 3 interface (MAC
Switch). In addition, L3 switch adds the mapping between the IP address and
MAC address of PC A (10.1.1.2 and MAC A) to its ARP table. The IP address
and MAC address of PC A are carried in the ARP request sent from PC A.
3. After PC A receives the ARP reply from the gateway (L3 Switch), it sends an
ICMP request packet. In the ICMP request packet, the destination MAC
address (DMAC) is MAC Switch; the source MAC address (SMAC) is MAC A;
the source IP address (SIP) is 10.1.1.2; the destination IP address (DIP) is
10.2.1.2.
4. When L3 Switch receives the ICMP request packet, it updates the matching
MAC address entry according to the source MAC address and VLAN ID of the
packet. Then L3 Switch looks up the MAC address table according to the
destination MAC address and VLAN ID of the packet and finds the entry with
the MAC address of its Layer 3 interface, the packet needs to be forwarded at
Layer 3. Then L3 Switch looks up Layer 3 forwarding entries of the switching
chip to guide Layer 3 forwarding.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 27

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 2 Ethernet Switching

5. The switching chip loops up Layer 3 forwarding entries according to the

destination IP address of the packet. The entry lookup fails because no entry
has been created. The switching chip then sends the packet to the CPU for
software processing.
6. The CPU looks up the software routing table according to the destination IP
address of the packet and finds a directly connected network segment,
network segment of PC B. Then the CPU looks up its ARP table, and the
lookup still fails. Therefore, L3 Switch sends an ARP request to all ports in
VLAN 3 (network segment of PC B), to request the MAC address mapping IP
address 10.2.1.2.
7. After PC B receives the ARP request from L3 Switch, it checks the ARP request
and finds that 10.2.1.2 is its own IP address. PC B then sends an ARP reply
carrying its MAC address (MAC B). Meanwhile, PC B records the mapping
between the IP address and MAC address of L3 Switch (10.2.1.1 and MAC
Switch) in its ARP table.
8. When L3 Switch receives the ARP reply from PC B, it records the mapping
between the IP address and MAC address of PC B (10.2.1.2 and MAC B) in its
ARP table. L3 Switch changes the destination MAC address in the ICMP
request packet sent from PC A to MAC B and changes the source MAC
address to its own MAC address (MAC Switch), and then sends the ICMP
request to PC B. The Layer 3 forwarding entry containing the IP address and
MAC address of PC B, outbound VLAN ID, and outbound port is also added to
the Layer 3 forwarding of the switching chip. Subsequent packets sent from
PC A to PC B are directly forwarded according to this hardware entry.
9. When PC B receives the ICMP request packet from L3 Switch, it sends an ICMP
reply packet to PC A. The forwarding process for the ICMP reply packet is
similar to that for the ICMP request packet except that the ICMP reply packet
is directly forwarded to PC A by the switching chip according to the hardware
entry. The reason is that L3 Switch has obtained the mapping between the IP
address and MAC address of PC A and added matching Layer 3 forwarding
entry to the L3 forwarding table of the switching chip.
10. Subsequent packets exchanged between PC A and PC B are forwarded
following the same process: MAC address table lookup, Layer 3 forwarding
table lookup, and hardware forwarding by the switching chip.
In a summary, a Layer 3 switch provides high-speed Layer 3 switching through one
routing process (forwarding the first packet to the CPU and creating a hardware
Layer 3 forwarding entry) and multiple switching processes (hardware forwarding
of subsequent packets).

2.4 Application Scenarios for Ethernet Switching

2.4.1 Building an Enterprise Network

As shown in Figure 2-8, an enterprise needs to build a network to provide access
to various terminals, including IP phones, PCs, network printers, and servers.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 28

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 2 Ethernet Switching

Figure 2-8 Using Ethernet technology to build an enterprise network

Network

Aggregation/Core Layer

Access Layer ……

Terminal ……

Ethernet technology can connect various terminals to a network to allow

employees to surf on the Internet, make IP calls, access shared resources on
servers, and print files using remote printers over the network. The IT
administrators of the enterprise can manage the network in a centralized manner.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 29

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

3 MAC Address Table Configuration

About This Chapter

This chapter describes how to configure the Medium Access Control (MAC)
address table. Each station or server has a unique MAC address. When a device
exchanges data with connected stations or servers, the device records their MAC
addresses, access interfaces, and VLAN IDs for unicast forwarding.
3.1 Overview of MAC Address Tables
3.2 Understanding MAC Address Tables
3.3 Application Scenarios for MAC Address Tables
3.4 Summary of MAC Address Table Configuration Tasks
3.5 Licensing Requirements and Limitations for MAC Address Tables
3.6 Default Settings for MAC Address Tables
3.7 Configuring MAC Address Tables
3.8 Configuring MAC Address Flapping Prevention
3.9 Configuring MAC Address Flapping Detection
3.10 Configuring the Switch to Discard Packets with an All-0 MAC Address
3.11 Enabling MAC Address-triggered ARP Entry Update
3.12 Enabling Port Bridge
3.13 Configuring Re-marking of Destination MAC Addresses
3.14 Maintaining MAC Address Tables
3.15 Configuration Examples for MAC Address Tables
3.16 Troubleshooting MAC Address Tables
3.17 FAQ About MAC Address Tables

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 30

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

3.1 Overview of MAC Address Tables

A MAC address defines the location of a network device. A MAC address consists
of 48 bits and is displayed as a 12-digit hexadecimal number. Bits 0 to 23 are
assigned by the IETF and other institutions to identify vendors, and bits 24 to 47
are the unique ID assigned by vendors to identify their network adapters.
MAC addresses fall into the following types:
● Physical MAC address: uniquely identifies a terminal on an Ethernet network
and is the globally unique hardware address.
● Broadcast MAC address: indicates all terminals on a LAN. The broadcast
address is all 1s (FF-FF-FF-FF-FF-FF).
● Multicast MAC address: indicates a group of terminals on a LAN. All the MAC
addresses with the eighth bit as 1 are multicast MAC addresses (for example,
01-00-00-00-00-00), excluding the broadcast MAC address. The multicast
MAC address starting from 01-80-c2 is the BPDU MAC address, and is often
used as the destination MAC address of protocol packets.

3.2 Understanding MAC Address Tables

3.2.1 Definition and Classification of MAC Address Entries

Definition of a MAC Address Table
A MAC address table records other devices' MAC addresses learned by the switch,
interfaces on which MAC addresses are learned, and VLANs that the interfaces
belong to. Before forwarding a packet, the switch looks up the destination MAC
address of the packet in the MAC address table. If a MAC address entry matches
the destination MAC address, the switch forwards the packet from the
corresponding outbound interface in the MAC address entry. If no MAC address
entry matches the destination MAC address, the switch broadcasts the packet to
all interfaces in the corresponding VLAN, except the inbound interface receiving
the packet.

Classification of MAC Address Entries

MAC address entries are classified into dynamic, static, and blackhole entries. In
addition, there are MAC address entries that are related to service types, for
example, secure MAC, MUX MAC, authen MAC, and guest MAC. They are
maintained by service modules and are converted from dynamic MAC address
entries.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 31

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Table 3-1 Characteristics and functions of different MAC address entries

MAC Address Entry Characteristics Function
Type

Dynamic MAC address ● Dynamic MAC address ● You can check

entry entries are obtained by whether data is
learning source MAC forwarded between
addresses of packets two connected
on an interface, and devices by checking
can be aged. dynamic MAC
● Dynamic MAC address address entries.
entries are lost after a ● You can obtain the
system restart. number of
communicating users
connected to an
interface by checking
the number of
specified dynamic
MAC address entries.

Static MAC address entry ● Static MAC address When static MAC
entries are manually address entries are
configured. Static MAC configured, authorized
address entries never users can use network
age. resources and other
● The static MAC users are prevented
address entries saved from using the bound
in the system are not MAC addresses to
lost after a system initiate attacks.
restart.
● After an interface is
statically bound to a
MAC address, other
interfaces discard
packets from this
source MAC address.
● Each static MAC
address entry can have
only one outbound
interface.
● Statically binding an
interface to a MAC
address does not affect
the learning of
dynamic MAC address
entries on the
interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 32

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

MAC Address Entry Characteristics Function

Type

Blackhole MAC address ● Blackhole MAC Blackhole MAC address

entry address entries are entries can filter out
manually configured. unauthorized users.
Blackhole MAC
address entries never
age.
● The blackhole MAC
address entries saved
in the system are not
lost after a system
restart.
● After blackhole MAC
address entries are
configured, the device
discards packets from
or destined for the
blackhole MAC
addresses.

3.2.2 Elements and Functions of a MAC Address Table

Elements
Each entry in a MAC address table is identified by a MAC address and a VLAN ID
or VSI. When a destination host joins multiple VLANs or VSIs, the host's MAC
address corresponds to multiple VLAN IDs or VSIs in the MAC address table. Table
3-2 lists four MAC address entries, which specify the outbound interfaces for
packets with specified destination MAC addresses and VLAN IDs or VSI names. For
example, the first MAC address entry is used to forward the packets with
destination MAC address 0011-0022-0034 and VLAN 10 through outbound
interface GE3/0/1.

Table 3-2 MAC address entries

MAC Address VLAN ID/VSI Name Outbound Interface

0011-0022-0034 10 GE0/0/1

0011-0022-0034 20 GE0/0/2

0011-0022-0035 30 Eth-Trunk20

0011-0022-0035 huawei GE0/0/3

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 33

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Functions
A MAC address table is used for unicast forwarding of packets. In Figure 3-1,
when packets sent from PC1 to PC3 reach the switch, the switch searches its MAC
address table for the destination MAC address MAC3 and VLAN 10 in the packets
to obtain outbound interface Port3. The switch then forwards packets to PC3 from
Port3.

Figure 3-1 Forwarding based on the MAC address table

MAC Address VLANID Port

MAC1 10 Port1
MAC2 10 Port2
PC2
MAC3 10 Port3

PC1 Switch Port2

Port1

Port3 PC3
MAC3 MAC1 VLAN10 Type Data MAC
3
MAC
1
VLAN
10
Type
Data

3.2.3 MAC Address Entry Learning and Aging

MAC Address Entry Learning

Generally, MAC address entries are learned from source MAC addresses of data
frame.

Figure 3-2 MAC address entry learning

PortA

HostA Data frame SwitchA

As shown in Figure 3-2, HostA sends a data frame to SwitchA. When receiving the
data frame, SwitchA obtains the source MAC address (HostA's MAC address) and
VLAN ID of the frame.

● If the MAC address entry does not exist in the MAC address table, SwitchA
adds an entry with the new MAC address, PortA, and VLAN ID to the MAC
address table.
● If the MAC address entry exists in the MAC address table, SwitchA resets the
aging timer of the MAC address entry and updates the entry.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 34

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

NOTE

● If PortA is a member interface of Eth-TrunkA, the outbound interface in the MAC

address entry is Eth-TrunkA.
● All interfaces of a switch belong to VLAN 1 by default. If the default VLAN is not
changed, the VLAN ID of all MAC address entries is VLAN 1.
● The switch does not learn the BPDU MAC address similar to 0180-c200-xxxx.

MAC address entry learning and update are triggered on a device only when the
device receives data frames.

MAC Address Entry Aging

A device needs to update its MAC address table continuously to adapt to changing
network topologies. Dynamic MAC address entries are not always valid. Each entry
has a life cycle (aging time) and will be deleted when the aging time expires. If an
entry is updated within the aging time, the aging timer of the entry is reset.

Figure 3-3 MAC address entry aging

t1: The entry with MAC
t2-t3: No packet matching
address 00e0-fc00-0001 and
this MAC address is
VLAN ID 1 is learned, and
received, so hit flag is 0.
the hit flag is set to 1.

0 1T 2T 3T 4T

t1 t2 t3 Time

t2: The hit flag of the entry t3: The entry with MAC
with MAC address 00e0-fc00- address 00e0-fc00-0001
0001 and VLAN ID 1 is set to and VLAN ID 1 is deleted
0, but the entry is not deleted. because its hit flag is 0.

As shown in Figure 3-3, the aging time of MAC address entries is set to T. At t1,
packets with source MAC address 00e0-fc00-0001 and VLAN ID 1 arrive at an
interface, which has joined VLAN 1. If no entry with MAC address 0e0-fc00-0001
and VLAN 1 exists in the MAC address table, the MAC address is learned as a
dynamic MAC address entry in the MAC address table, and the hit flag of the
entry is set to 1.

The device checks all dynamic MAC address entries at an interval of T.

1. At t2, if the device finds that the hit flag of the matching dynamic MAC
address entry with MAC address 00e0-fc00-0001 and VLAN 1 is 1, the device
sets the hit flag to 0 but does not delete the MAC address entry.
2. If no packet with source MAC address 00e0-fc00-0001 and VLAN 1 enters the
device between t2 and t3, the hit flag of the matching MAC address entry is
always 0.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 35

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

3. At t3, the device finds that the hit flag of the matching MAC address entry is
0. The device considers that the aging time of the MAC address entry has
expired and deletes the MAC address entry.

The minimum holdtime of a dynamic MAC address entry ranges from T to 2T on

the device.

You can set the aging time of MAC address entries to control the life cycle of
dynamic MAC address entries in a MAC address table.

NOTE

When the interface frequently alternates between Up and Down, MAC address entries may
be not aged within two aging period. At this time, you are advised to check the link quality
or run the port link-flap protection enable command to configure link flapping
protection.

3.2.4 MAC Address Learning Control

When hackers send a large number of packets with different source MAC
addresses to a device, useless MAC addresses will consume MAC address entry
resources of the device. As a result, the device cannot learn source MAC addresses
of valid packets. The device broadcasts the packets that do not match MAC
address entries, wasting bandwidth resources.

The device provides the following MAC address learning control methods to
address the preceding issue:

● Disabling MAC address learning on a VLAN or an interface

● Limiting the number of learned MAC address entries on a VLAN or an
interface

Table 3-3 MAC address learning control

MAC Address Principle Application Scenario

Learning
Control Method

Disabling MAC After MAC address learning ● In most cases, attack

address learning is disabled on a VLAN or an packets sent by a hacker
on a VLAN or an interface, the device does not enter the device through
interface learn new dynamic MAC the same interface.
address entries on the VLAN Therefore, you can use
or interface. The dynamic either of the two methods
MAC address entries learned to prevent attack packets
before are aged out when from using up MAC
the aging time expires. They address entry resources on
can also be manually deleted the device.
through commands. ● The method of limiting
the number of learned
MAC address entries on a
VLAN or an interface can
also be used to limit the
number of access users.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 36

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

MAC Address Principle Application Scenario

Learning
Control Method

Limiting the The device can only learn a

number of specified number of MAC
learned MAC address entries on a VLAN or
address entries an interface.
on a VLAN or an When the number of learned
interface MAC address entries reaches
the limit, the device reports
an alarm to notify the
network administrator.
Then, the device cannot learn
new MAC address entries on
the VLAN or interface and
discards the packets with
source MAC addresses out of
the MAC address table.

3.2.5 MAC Address Flapping

What Is MAC Address Flapping

MAC address flapping occurs when a MAC address is learned by two interfaces in
the same VLAN and the MAC address entry learned later overrides the earlier one.
Figure 3-4 shows how MAC address flapping occurs. In the MAC address entry
with MAC address 0011-0022-0034 and VLAN 2, the outbound interface is
changed from GE0/0/1 to GE0/0/2. MAC address flapping can cause an increase in
the CPU usage on the device.
MAC address flapping does not occur frequently on a network unless a network
loop occurs. If MAC address flapping frequently occurs on your network, you can
quickly locate the fault and eliminate the loops according to alarms and MAC
address flapping records.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 37

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Figure 3-4 MAC address flapping

GE0/0/2

GE0/0/1
Broadcast to
two interfaces
in the VLAN MAC Address VLAN ID Port
First
First interface
interface that
0011-0022-0034 2 GE0/0/1 learns
learns this
this MAC
that
MAC address.
address.
Interface
Interface that
that learns
learns this
0011-0022-0034 2 GE0/0/2 MAC
MAC address
address later
later
this

MAC: 0011-0022-0034

How to Detect MAC Address Flapping

MAC address flapping detection determines whether MAC address flapping occurs
by checking whether outbound interfaces in MAC address entries change
frequently.
After MAC address flapping detection is enabled, the device can report an alarm
when MAC address flapping occurs. The alarm contains the flapping MAC address,
VLAN ID, and outbound interfaces between which the MAC address flaps. A loop
may exist between the outbound interfaces. The network administrator can locate
the cause of the loop based on the alarm. Alternatively, the device can perform
the action specified in the configuration of MAC address flapping detection to
remove the loop automatically. The action can be quit-vlan (remove the interface
from the VLAN) or error-down (shut down the interface).

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 38

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Figure 3-5 Networking of MAC address flapping detection

Network

Port1 SwitchA
MAC:11-22-33
Port2 Access interface
MAC:11-22-33
User
SwitchB

SwitchC Broadcast SwitchD

storm

Incorrect connection Data flow

As shown in Figure 3-5, a network cable is incorrectly connected between SwitchC

to SwitchD, causing a loop between SwitchB, SwitchC, and SwitchD. When Port1 of
SwitchA receives a broadcast packet, SwitchA forwards the packet to SwitchB. The
packet is then sent to Port2 of SwitchA. After MAC address flapping detection is
configured on SwitchA, SwitchA can detect that the source MAC address of the
packet flaps from Port1 to Port2. If the MAC address flaps between Port1 and
Port2 frequently, SwitchA reports an alarm about MAC address flapping to alert
the network administrator.

NOTE

MAC address flapping detection allows a device to detect changes in traffic transmission
paths based on learned MAC addresses, but the device cannot obtain the entire network
topology. It is recommended that this function be used on the interface connected to a user
network where loops may occur.

How to Prevent MAC Address Flapping

MAC address flapping occurs on a network when the network has a loop or
undergoes an attack.
During network planning, you can use the following methods to prevent MAC
address flapping:
● Increase the MAC address learning priority of an interface: When the same
MAC address is learned on interfaces of different priorities, the MAC address
entry on the interface with the highest priority overrides the MAC address
entries on the other interfaces.
● Prevent MAC address entries from being overridden on interfaces with the
same priority: If the interface connected to a bogus network device has the
same priority as the interface connected to an authorized device, the MAC
address entry of the bogus device learned later does not override the original
correct MAC address entry. If the authorized device is powered off, the MAC

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 39

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

address entry of the bogus device is learned. After the authorized device is
powered on again, its MAC address cannot be learned.
As shown in Figure 3-6, Port1 of the switch is connected to a server. To prevent
unauthorized users from connecting to the switch using the server's MAC address,
you can set a high MAC address learning priority for Port1.

Figure 3-6 Networking of MAC address flapping prevention

MAC:11-22-33
MAC:11-22-33
Server
Unauthorized
user
Port1

Switch

Authorized Authorized Authorized

user 1 user 2 user 3

3.2.6 MAC Address-Triggered ARP Entry Update

NOTE

Only the S5720EI, S5720SI, S5720S-SI, S5730SI, S5730S-EI, S6720SI, S6720S-SI, S5720HI,
S6720EI, and S6720S-EI support this function.

On an Ethernet network, a host sends and receives Ethernet data frames based on
MAC addresses. The Address Resolution Protocol (ARP) maps IP addresses to MAC
addresses. When two devices on different network segments communicate with
each other, they need to map IP addresses to MAC addresses and outbound
interfaces according to ARP entries.
Generally, the outbound interfaces in the matching MAC address entries and ARP
entries are consistent. As shown in Figure 3-7, the outbound interface in both the
MAC address entry and ARP entry is GE0/0/1 at T1. The interface is then changed.
At T2, after a packet is received from the peer device, the outbound interface in
the MAC address entry is immediately changed to GE0/0/2. However, the
outbound interface in the ARP entry is still GE0/0/1. At T3, the aging time of the
ARP entry expires, and the outbound interface in the ARP entry is changed to
GE0/0/2 through ARP aging probe. Between T2 and T3, the outbound interface in
the ARP entry is unavailable, interrupting communication between devices on
different network segments.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 40

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Figure 3-7 MAC address-triggered ARP entry update is not enabled

MAC address entry ARP entry

T1 MAC Address VLAN ID Port IP Address MAC Address VLAN ID Port

11-22-34 2 GE0/0/1 10.2.2.2 11-22-34 2 GE0/0/1
Before port switching
Port switching
& ARP aging probe
MAC Address VLAN ID Port IP Address MAC Address VLAN ID Port
T2 10.2.2.2 2
11-22-34 2 GE0/0/2 11-22-34 GE0/0/1

After port switching &

ARP aging probe
MAC Address VLAN ID Port IP Address MAC Address VLAN ID Port
T3 11-22-34 2 GE0/0/2 10.2.2.2 11-22-34 2 GE0/0/2

MAC address-triggered ARP entry update enables a device to update the

outbound interface in an ARP entry immediately after the outbound interface in
the corresponding MAC address entry changes. As shown in Figure 3-8, MAC
address-triggered ARP entry update is enabled. At T2, after the outbound interface
in the MAC address entry is changed to GE0/0/2, the outbound interface in the
ARP entry is immediately changed to GE0/0/2. This function prevents
communication interruption between T2 and T3 due to the incorrect outbound
interface in the ARP entry.

Figure 3-8 MAC address-triggered ARP entry update is enabled

MAC address entry ARP entry

T1 MAC Address VLAN ID Port IP Address MAC Address VLAN ID Port

11-22-34 2 GE0/0/1 10.2.2.2 11-22-34 2 GE0/0/1
Before port switching
Port switching
& ARP aging probe
MAC Address VLAN ID Port IP Address MAC Address VLAN ID Port
T2 10.2.2.2 2 GE0/0/2
11-22-34 2 GE0/0/2 11-22-34

After port switching &

ARP aging probe
MAC Address VLAN ID Port IP Address MAC Address VLAN ID Port
T3 11-22-34 2 GE0/0/2 10.2.2.2 11-22-34 2 GE0/0/2

NOTE

The MAC address-triggered ARP entry update function is often used in networking where
devices in a Virtual Router Redundancy Protocol (VRRP) group connect to servers (see 3.3.3
Configuring MAC Address-Triggered ARP Entry Update to Improve VRRP Switchover
Performance), or Layer 3 traffic switching scenarios where STP and Smart Link are used.

3.3 Application Scenarios for MAC Address Tables

3.3.1 Configuring MAC Address Flapping Prevention to Block

User Attacks
When you deploy a Layer 2 network, you can configure MAC address flapping
prevention to block attacks from unauthorized users. As shown in Figure 3-9,
employees of an enterprise need to access the server connected to Port1 of the
switch. If an unauthorized user sends packets using the server's MAC address as

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 41

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

the source MAC address, the server's MAC address is learned on another interface
of the switch. Then packets sent by employees to the server are sent to the
unauthorized user. As a result, employees cannot access the server, and important
data may be intercepted by the unauthorized user. To prevent unauthorized users
from using the server's MAC address to attack the switch, set a higher MAC
address learning priority for the interface connected to the server than the
interfaces connected to unauthorized users. In this case, MAC address flapping will
not occur when unauthorized users attack the switch.

Figure 3-9 Networking of MAC address flapping prevention

MAC:11-22-33
MAC:11-22-33
Server
Unauthorized
user
Port1

Switch

Authorized Authorized Authorized

user 1 user 2 user 3

3.3.2 Configuring MAC Address Flapping Detection to Quickly

Detect Loops
When a loop occurs, MAC address flapping must have occurred on the failure
point. You can use the MAC address flapping function to locate loops on a
network. When one of the following situations occurs, enable MAC address
flapping detection to check whether a loop occurs:
● A MAC address entry alternatively appears and disappears.
● Ping operations alternatively succeed and fail.
● A high CPU usage alarm is generated.
Compared to other loop detection technologies, MAC address flapping detection is
easy to configure. Table 3-4 compares loop detection technologies.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 42

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Table 3-4 Comparison of loop detection technologies

Feature Advantage Disadvantage

MAC address ● Checks all interfaces and The device only reports alarms
flapping VLANs on a device. after detecting a loop but
detection ● Requires only one cannot eliminate the loop.
command and is
enabled by default.

Loopback ● Detects loops based on This function is not enabled by

detection interfaces and VLANs. default and needs to be
● The device can eliminate configured through
a loop after detecting commands.
the loop.

3.3.3 Configuring MAC Address-Triggered ARP Entry Update to

Improve VRRP Switchover Performance
When a VRRP group connects to servers, MAC address-triggered ARP entry update
can be configured to speed up VRRP active/standby switchovers. This function
reduces the service interruption time upon a link or device failure. The Virtual
Router Redundancy Protocol (VRRP) groups multiple routing devices into a virtual
router. The virtual router functions as the virtual gateway for users, and its virtual
IP address is used as the default gateway address to implement communication
with an external network. When a gateway device fails, VRRP selects another
gateway device to transmit service traffic, ensuring reliable communication.
As shown in Figure 3-10, HostA is dual-homed to SwitchA and SwitchB through
the switch. A VRRP group is configured on SwitchA and SwitchB to implement link
redundancy. If the link between SwitchA and the switch fails, MAC address entries
and ARP entries on the switch are updated to ensure that traffic is switched to the
link between the switch and SwitchB.

Figure 3-10 VRRP networking

SwitchA SwitchB
(VRRP Master) (VRRP Backup)

Port1 Port1

Port1 Port2
Before Switch After
switchover switchover

HostA

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 43

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

A VRRP group may connect to a server but not a switch, as shown in Figure 3-11.
Generally, a server selects only one of network interfaces to send packets. When
the server detects a network failure or traffic transmission failure, it sends packets
through another network interface.
● SwitchA functions as the master device, and the server uses Port2 to send
packets. SwitchA learns the ARP entry and MAC address entry matching the
server on Port2, and SwitchB learns the server MAC address on Port1.
● When the server detects that Port2 is faulty, the server sends packets through
Port1. SwitchA then learns the server MAC address on Port1. If the server does
not send an ARP Request packet to SwitchA, SwitchA still maintains the ARP
entry on Port2. In this case, packets sent from SwitchA to the server are still
forwarded through Port2 until the ARP entry is aged out.
To solve the problem, configure MAC address-triggered ARP entry update on the
switches. This function enables a switch to update the corresponding ARP entry
when the outbound interface in a MAC address entry changes.

Figure 3-11 VRRP group connects to a server

SwitchA(VRRP Master) SwitchB(VRRP Backup)

Port2 Port2
Port1 Port1

Port1 Port2

Server

3.4 Summary of MAC Address Table Configuration

Tasks

Table 3-5 MAC address table configuration tasks

Scenario Description Task

MAC addresses and Configure static MAC address 3.7.1 Configuring a

interfaces need to entries to bind MAC addresses and Static MAC Address
be bound statically. interfaces, improving security of Entry
authorized users.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 44

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Scenario Description Task

Attack packets Configure blackhole MAC address 3.7.2 Configuring a

from unauthorized entries to filter out packets from Blackhole MAC
users need to be unauthorized users, thereby Address Entry
filtered out. protecting the system against
attacks.

Aging of dynamic Set the aging time according to 3.7.3 Setting the
MAC address your needs. Set the aging time to Aging Time of
entries needs to be a large value or 0 (not to age Dynamic MAC
flexibly controlled. dynamic MAC address entries) on Address Entries
a stable network; set a short
aging time in other situations.

MAC address Attacks initiated by unauthorized 3.7.4 Disabling MAC

learning needs to users may exhaust MAC address Address Learning
be controlled. entries. To prevent this problem, 3.7.5 Configuring
disable MAC address learning or the MAC Address
limit the number of learned MAC Limiting Function
address entries.

The MAC address You can configure various trap 3.7.6 Enabling MAC
table needs to be functions about MAC addresses to Address Trap
monitored. monitor the usage of MAC Functions
address entries.
● Configure an alarm threshold
for MAC address usage. When
the MAC address usage
exceeds the upper threshold,
the switch generates an alarm.
When the MAC address usage
falls below the lower threshold,
the switch reports a clear
alarm.
● Enable the trap function for
MAC address learning or aging.
When a MAC address entry is
learned or aged out, the switch
sends an alarm.
● Enable the trap function for
MAC address hash conflicts. If
the device cannot learn MAC
address entries while its MAC
address table is not full, the
switch reports an alarm about
a MAC address hash conflict.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 45

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Scenario Description Task

The outbound Configure the MAC address- 3.11 Enabling MAC

interfaces in ARP triggered ARP entry update Address-triggered
entries need to be function. When the outbound ARP Entry Update
updated quickly. interface in a MAC address entry
changes, the device updates the
outbound interface in the
corresponding ARP entry before
ARP probing. This function
shortens service interruption time.

MAC address MAC address flapping occurs on a 3.8 Configuring

flapping needs to network when the network has a MAC Address
be prevented. loop or undergoes an attack. You Flapping Prevention
can use the following methods to
prevent MAC address flapping:
● Configure the MAC address
learning priorities for
interfaces. When the same
MAC address is learned by two
interfaces of different priorities,
the MAC address entries
learned by the interface with a
higher priority override the
MAC address entries learned by
the other interface.
● Prevent MAC address entries
from being overridden on
interfaces with the same
priority.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 46

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Scenario Description Task

MAC address MAC address flapping occurs 3.9 Configuring

flapping needs to when a MAC address is learned by MAC Address
be detected. two interfaces in the same VLAN Flapping Detection
and the MAC address entry
learned later overrides the earlier
one.
MAC address flapping detection
enables a switch to check whether
any MAC address flaps between
interfaces and determine whether
a loop occurs. When MAC address
flapping occurs, the switch sends
an alarm to the NMS. The
network maintenance personnel
can locate the loop based on the
alarm information and historical
records for MAC address flapping.
This greatly improves network
maintainability. If the network
connected to the switch does not
support loop prevention protocols,
configure the switch to shut down
the interfaces where MAC address
flapping occurs to reduce the
impact of MAC address flapping
on the network.

The switch needs A faulty host or device may send 3.10 Configuring the
to discard packets packets with an all-0 source or Switch to Discard
with an all-0 destination MAC address to a Packets with an
source or switch. Configure the switch to All-0 MAC Address
destination MAC discard such packets and send an
address. alarm to the NMS so that the
network administrator can locate
the faulty host or device based on
the alarm information.

An interface needs By default, an interface does not 3.12 Enabling Port

to forward packets forward packets whose source and Bridge
of which the source destination MAC addresses are
and destination both learned by this interface.
MAC addresses are When the interface receives such a
both learned on packet, it discards the packet as
the interface. an invalid packet. After the port
bridge function is enabled on the
interface, the interface forwards
such packets. This function applies
to a switch that connects to
devices incapable of Layer 2
forwarding or functions as an
access device in a data center.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 47

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

3.5 Licensing Requirements and Limitations for MAC

Address Tables

Involved Network Elements

Other network elements are not required.

Licensing Requirements
MAC address configuration commands are available only after the S1720GW,
S1720GWR, and S1720X have the license (WEB management to full management
Electronic RTU License) loaded and activated and the switches are restarted. MAC
address configuration commands on other models are not under license control.

For details about how to apply for a license, see S Series Switch License Use
Guide.

Version Requirements

Table 3-6 Products and versions supporting MAC

Product Product Software Version

Model

S1700 S1720GFR V200R006C10, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S1720GW, V200R010C00, V200R011C00, V200R011C10

S1720GWR

S1720GW- V200R010C00, V200R011C00, V200R011C10

E,
S1720GWR
-E

S1720X, V200R011C00, V200R011C10

S1720X-E

Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.

S2700 S2700SI V100R005C01, V100R006(C00&C01&C03&C05)

S2700EI V100R005C01, V100R006(C00&C01&C03&C05)

S2710SI V100R006(C03&C05)

S2720EI V200R006C10, V200R009C00, V200R010C00,

V200R011C10

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 48

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Product Product Software Version

Model

S2750EI V200R003C00, V200R005C00SPC300, V200R006C00,

V200R007C00, V200R008C00, V200R009C00,
V200R010C00, V200R011C00, V200R011C10

S3700 S3700SI V100R005C01, V100R006(C00&C01&C03&C05)

S3700EI V100R005C01, V100R006(C00&C01&C03&C05)

S3700HI V100R006C01, V200R001C00

S5700 S5700LI V200R001C00, V200R002C00,

V200R003(C00&C02&C10), V200R005C00SPC300,
V200R006C00, V200R007C00, V200R008C00,
V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5700S-LI V200R001C00, V200R002C00, V200R003C00,

V200R005C00SPC300, V200R006C00, V200R007C00,
V200R008C00, V200R009C00, V200R010C00,
V200R011C00, V200R011C10

S5710-C-LI V200R001C00

S5710-X-LI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S5700EI V100R005C01, V100R006(C00&C01),

V200R001(C00&C01), V200R002C00, V200R003C00,
V200R005(C00&C01&C02&C03)

S5700SI V100R005C01, V100R006C00, V200R001C00,

V200R002C00, V200R003C00, V200R005C00

S5710EI V200R001C00, V200R002C00, V200R003C00,

V200R005(C00&C02)

S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10

S5720LI, V200R010C00, V200R011C00, V200R011C10

S5720S-LI

S5720SI, V200R008C00, V200R009C00, V200R010C00,

S5720S-SI V200R011C00, V200R011C10

S5700HI V100R006C01, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00SPC500&C01&C02)

S5710HI V200R003C00, V200R005(C00&C02&C03)

S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5730SI V200R011C10

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 49

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Product Product Software Version

Model

S5730S-EI V200R011C10

S6700 S6700EI V100R006C00, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00&C01&C02)

S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, V200R011C00, V200R011C10

S6720S-LI

S6720SI, V200R011C00, V200R011C10

S6720S-SI

NOTE
To know details about software mappings, see Hardware Query Tool.

Feature Limitations
● Dynamic MAC address entries can be learned on an interface only after the
interface is added to an existing VLAN.
● Among existing MAC address entries, only MAC addresses of the dynamic
type can be overwritten as MAC addresses of other types.
● Each static MAC address entry can have only one outbound interface.
● When the aging time of dynamic MAC address entries is set to 0, dynamic
MAC address entries do not age. To age MAC address entries, delete the aging
time configuration.
● When MAC address learning is disabled in a VLAN and an interface in the
VLAN on the S5700EI, S5710EI, S5700HI, S5710HI, and S5720EI and the
discard action is configured for the interface, the interface does not discard
packets from this VLAN. For example, MAC address learning is disabled in
VLAN 2 but enabled in VLAN 3; Port1 in VLAN 2 and VLAN 3 has MAC
address learning disabled and the discard action is defined. In this situation,
Port1 discards packets from VLAN 3 but forwards packets from VLAN 2.
● When the interface frequently alternates between Up and Down, MAC
address entries may be not aged within two aging period. At this time, you
are advised to check the link quality or run the port link-flap protection
enable command to configure link flapping protection.

3.6 Default Settings for MAC Address Tables

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 50

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Table 3-7 Default setting for a MAC address table

Parameter Default Setting

Aging time of dynamic MAC address 300s

entries

MAC address learning Enabled

MAC address learning priority of an 0

interface

Preventing MAC address entries from Disabled

being overridden on interfaces with
the same priority

MAC address flapping detection Enabled

Aging time of flapping MAC address 300s

entries

MAC address-triggered ARP entry Disabled

update

Trap function for the MAC address Enabled

usage

Trap function for MAC address Disabled

learning or aging

Trap function for MAC address hash Disabled

conflicts

Discarding packets with an all-0 MAC Disabled

address

Trap function for packets with an all-0 Disabled

MAC address

Port bridge Disabled

3.7 Configuring MAC Address Tables

3.7.1 Configuring a Static MAC Address Entry

Context
A device cannot distinguish packets from authorized and unauthorized users when
it learns source MAC addresses of packets to maintain the MAC address table. This
causes network risks. If an unauthorized user uses the MAC address of an
authorized user as the source MAC address of attack packets and connects to
another interface of the device, the device learns an incorrect MAC address entry.
As a result, packets destined for the authorized user are forwarded to the

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 51

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

unauthorized user. For security purposes, you can create static MAC address
entries to bind MAC addresses of authorized users to specified interfaces. This
prevents unauthorized users from intercepting data of authorized users.

Static MAC address entries have the following characteristics:

● A static MAC address entry will not be aged out. After being saved, a static
MAC address entry will not be lost after a system restart, and can only be
deleted manually.
● The VLAN bound to a static MAC address entry must have been created and
assigned to the interface bound to the entry.
● The MAC address in a static MAC address entry must be a unicast MAC
address, and cannot be a multicast or broadcast MAC address.
● A static MAC address entry takes precedence over a dynamic MAC address
entry. The system discards packets with flapping static MAC addresses.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run mac-address static mac-address interface-type interface-number vlan vlan-id

A static MAC address entry is created.

----End

Verifying the Configuration

Run the display mac-address static command to check configured static MAC
address entries.

3.7.2 Configuring a Blackhole MAC Address Entry

Context
To protect a device or network against MAC address attacks from hackers,
configure MAC addresses of untrusted users as blackhole MAC addresses. The
device then directly discards the received packets of which the source or
destination MAC addresses match the blackhole MAC address entries.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run mac-address blackhole mac-address [ vlan vlan-id ]

A blackhole MAC address entry is configured.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 52

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Verifying the Configuration

Run the display mac-address blackhole command to check configured blackhole
MAC address entries.

3.7.3 Setting the Aging Time of Dynamic MAC Address Entries

Context
Because the network topology changes frequently, the switch will learn more and
more MAC addresses. Therefore, the aging time needs to be set properly for
dynamic MAC address entries so that the switch can delete unneeded MAC
address entries to prevent a sharp increase of MAC address entries. A shorter
aging time makes the switch more sensitive to network changes and is applicable
to networks where network topology changes frequently. A longer aging time
makes the switch more insensitive to network changes and is only applicable to
stable networks.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run mac-address aging-time aging-time
The aging time is set for dynamic MAC address entries.
The aging time is 0 or an integer that ranges from 10 to 1000000, in seconds. The
default value is 300. The value 0 indicates that dynamic MAC address entries will
not be aged out.

NOTE

When the aging time is 0, MAC address entries can be fixed. To clear the fixed MAC address
entries, set the aging time to a non-0 value. The system then deletes fixed MAC address
entries after twice the aging time.

----End

Verifying the Configuration

Run the display mac-address aging-time command to view the aging time of
dynamic MAC address entries.

3.7.4 Disabling MAC Address Learning

Context
The MAC address learning function is enabled by default on the switch. When
receiving a data frame, the switch records the source MAC address of the data
frame and the interface that receives the data frame in a MAC address entry.
When receiving data frames destined for this MAC address, the switch forwards
the data frames through the outbound interface according to the MAC address

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 53

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

entry. The MAC address learning function reduces broadcast packets on a network.
After MAC address learning is disabled on an interface, the switch does not learn
source MAC addresses of data frames received by the interface, but the dynamic
MAC address entries learned on the interface are not immediately deleted. These
dynamic MAC address entries are deleted after the aging time expires or can be
manually deleted using commands.

Procedure
● Disable MAC address learning on an interface.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run mac-address learning disable [ action { discard | forward } ]
MAC address learning is disabled on the interface.
By default, MAC address learning is enabled on an interface.
By default, the switch takes the forward action after MAC address
learning is disabled. That is, the switch forwards packets according to the
MAC address table. When the action is set to discard, the switch looks up
the source MAC address of the packet in the MAC address table. If the
source MAC address is found in the MAC address table, the switch
forwards the packet according to the matching MAC address entry. If the
source MAC address is not found, the switch discards the packet.
● Disable MAC address learning in a VLAN.
a. Run system-view
The system view is displayed.
b. Run vlan vlan-id
The VLAN view is displayed.
c. Run mac-address learning disable
MAC address learning is disabled in the VLAN.
By default, MAC address learning is enabled in a VLAN.
NOTE

When MAC address learning is disabled in a VLAN and an interface in the VLAN on
the S5720EI, and the discard action is configured for the interface, the interface does
not discard packets from this VLAN. For example, MAC address learning is disabled in
VLAN 2 but enabled in VLAN 3; Port1 in VLAN 2 and VLAN has MAC address learning
disabled and performs the discard action. In this situation, Port1 discards packets from
VLAN 3 but forwards packets from VLAN 2.
● Disable MAC address learning for a specified flow.
a. Configure a traffic classifier.
i. Run system-view
The system view is displayed.
ii. Run traffic classifier classifier-name [ operator { and | or } ]
A traffic classifier is created and the traffic classifier view is displayed,
or an existing traffic classifier view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 54

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

and is the logical operator between the rules in the traffic classifier,
which means that:
○ If the traffic classifier contains ACL rules, packets match the
traffic classifier only when they match one ACL rule and all the
non-ACL rules.
○ If the traffic classifier does not contain any ACL rules, packets
match the traffic classifier only when they match all the rules in
the classifier.
The logical operator or means that packets match the traffic
classifier if they match one of the rules in the classifier.
By default, the relationship between rules in a traffic classifier is OR.
iii. Configure matching rules according to the following table.
NOTE

Only the S5720EI, S6720EI, and S6720S-EI support traffic classifiers with
advanced ACLs containing the ttl-expired field.
When a traffic classifier contains if-match ipv6 acl { acl-number | acl-
name }, the S5720HI does not support remark 8021p [ 8021p-value |
inner-8021p ], remark cvlan-id cvlan-id, remark vlan-id vlan-id, or mac-
address learning disable.

Matchin Command Remarks

g Rule

Outer if-match vlan-id start-vlan- Only the S1720X,

VLAN ID id [ to end-vlan-id ] [ cvlan- S1720X-E, S5720EI,
or inner id cvlan-id ] S5720HI, S5730SI,
and S5730S-EI, S6720LI,
outer S6720S-LI, S6720SI,
VLAN S6720S-SI, S6720EI, and
IDs of S6720S-EI support the
QinQ cvlan-id cvlan-id
packets parameter.

Inner if-match cvlan-id start- -

and vlan-id [ to end-vlan-id ]
outer [ vlan-id vlan-id ] (S1720X,
VLAN S1720X-E, S5720EI, S5720HI,
IDs in S5730SI, S5730S-EI, S6720LI,
QinQ S6720S-LI, S6720SI, S6720S-
packets SI, S6720EI, S6720S-EI)

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 55

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Matchin Command Remarks

g Rule

802.1p if-match 8021p 8021p- If you enter multiple

priority value &<1-8> 802.1p priority values in
in VLAN one command, a packet
packets matches the traffic
classifier if it matches
any of the priorities,
regardless of whether
the relationship
between rules in the
traffic classifier is AND
or OR.

Inner if-match cvlan-8021p -

802.1p 8021p-value &<1-8>
priority (S5720EI, S5720HI, S6720EI,
in QinQ S6720S-EI)
packets

Drop if-match discard (S5720EI, A traffic classifier

packet S5720HI, S6720EI, S6720S- containing this
EI) matching rule can only
be bound to traffic
behaviors containing
traffic statistics
collection and flow
mirroring actions.

Double if-match double-tag -

tags in (S5720EI, S5720HI, S6720EI,
QinQ S6720S-EI)
packets

Destinati if-match destination-mac -

on MAC mac-address [ mac-address-
address mask ]
Source if-match source-mac mac- -
MAC address [ mac-address-
address mask ]
Protocol if-match l2-protocol { arp | -
type ip | mpls | rarp | protocol-
field in value }
the
Ethernet
frame
header

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 56

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Matchin Command Remarks

g Rule

All if-match any After the if-match any

packets command is run, only
the matching rule
configured using this
command takes effect,
and the other matching
rules in the same traffic
classifier will become
ineffective.

DSCP if-match dscp dscp-value ● If you enter multiple

priority &<1-8> DSCP values in one
in IP command, a packet
packets matches the traffic
classifier if it matches
any of the DSCP
values, regardless of
whether the
relationship between
rules in the traffic
classifier is AND or
OR.
● If the relationship
between rules in a
traffic classifier is
AND, the if-match
dscp and if-match
ip-precedence
commands cannot be
used in the traffic
classifier
simultaneously.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 57

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Matchin Command Remarks

g Rule

IP if-match ip-precedence ip- ● The if-match dscp

preceden precedence-value &<1-8> and if-match ip-
ce in IP precedence
packets commands cannot be
configured in a traffic
classifier in which the
relationship between
rules is AND.
● If you enter multiple
IP precedence values
in one command, a
packet matches the
traffic classifier if it
matches any of the
IP precedence values,
regardless of whether
the relationship
between rules in the
traffic classifier is
AND or OR.

Layer 3 if-match protocol { ip | -

protocol ipv6 }
type

SYN Flag if-match tcp syn-flag { syn- -

in the flag-value | ack | fin | psh |
TCP rst | syn | urg }
packet

Inbound if-match inbound-interface A traffic policy

interface interface-type interface- containing this
number matching rule cannot be
applied to the outbound
direction or in the
interface view.

Outboun if-match outbound- A traffic policy

d interface interface-type containing this
interface interface-number (S5720EI, matching rule cannot be
S5720HI, S6720EI, S6720S- applied to the inbound
EI) direction on the
S5720HI.
The traffic policy
containing this
matching rule cannot be
applied in the interface
view.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 58

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Matchin Command Remarks

g Rule

ACL rule if-match acl { acl-number | ● When an ACL is used

acl-name } to define a traffic
classification rule, it
is recommended that
the ACL be
configured first.
● If an ACL in a traffic
classifier defines
multiple rules, a
packet matches the
ACL as long as it
matches one of rules,
regardless of whether
the relationship
between rules in the
traffic classifier is
AND or OR.

ACL6 if-match ipv6 acl { acl- Before specifying an

rule number | acl-name } ACL6 in a matching
rule, configure the
ACL6.

Flow ID if-match flow-id flow-id The traffic classifier

(S5720EI, S6720EI, S6720S- containing if-match
EI) flow-id and the traffic
behavior containing
remark flow-id must be
bound to different
traffic policies.
The traffic policy
containing if-match
flow-id can only be
applied to an interface,
a VLAN, or the system
in the inbound direction.

iv. Run quit

Exit from the traffic classifier view.
b. Configure a traffic behavior.
i. Run the traffic behavior behavior-name command to create a traffic
behavior and enter the traffic behavior view.
ii. Run the mac-address learning disable command in the traffic
behavior view to disable MAC address learning.
NOTE

This command is only supported by the S5720HI, S5720EI, S6720EI, and

S6720S-EI.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 59

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

iii. Run the quit command to exit from the traffic behavior view.
iv. Run the quit command to exit from the system view.
c. Configure a traffic policy.
i. Run traffic policy policy-name [ match-order { auto | config } ]
A traffic policy is created and the traffic policy view is displayed, or
the view of an existing traffic policy is displayed. If you do not specify
a matching order for traffic classifiers in the traffic policy, the default
matching order config is used.
After a traffic policy is applied, you cannot use the traffic policy
command to modify the matching order of traffic classifiers in the
traffic policy. To modify the matching order, delete the traffic policy,
create a traffic policy, and specify the matching order.
When creating a traffic policy, you can specify the matching order of
its matching rules. The matching order can be either automatic order
or configuration order:
○ Automatic order: Traffic classifiers are matched based on the
priorities of their types. Traffic classifiers based on the following
information are in descending order of priority: Layer 2 and IPv4
Layer 3 information, advanced ACL6 information, basic ACL6
information, Layer 2 information, IPv4 Layer 3 information, and
user-defined ACL information. If data traffic matches multiple
traffic classifiers, and the traffic behaviors conflict with each
other, the traffic behavior corresponding to the highest priority
rule takes effect.
○ Configuration order: Traffic classifiers are matched based on the
sequence in which traffic classifiers were bound to traffic
behaviors.
NOTE

If more than 128 ACL rules defining CAR are configured, a traffic policy
must be applied to an interface, a VLAN, and the system in sequence in the
outbound direction. In the preceding situation, if you need to update ACL
rules, delete the traffic policy from the interface, VLAN, and system and
reconfigure it in sequence.
ii. Run classifier classifier-name behavior behavior-name
A traffic behavior is bound to a traffic classifier in the traffic policy.
iii. Run quit
Exit from the traffic policy view.
iv. Run quit
Exit from the system view.
d. Apply the traffic policy.

▪ Applying a traffic policy to an interface

1) Run system-view
The system view is displayed.
2) Run interface interface-type interface-number
The interface view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 60

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

3) Run traffic-policy policy-name { inbound | outbound }

A traffic policy is applied to the interface.
A traffic policy can be applied to only one direction on an
interface, but a traffic policy can be applied to different
directions on different interfaces. After a traffic policy is applied
to an interface, the system performs traffic policing for all the
incoming or outgoing packets that match traffic classification
rules on the interface.

▪ Applying a traffic policy to a VLAN

1) Run system-view
The system view is displayed.
2) Run vlan vlan-id
The VLAN view is displayed.
3) Run traffic-policy policy-name { inbound | outbound }
A traffic policy is applied to the VLAN.
Only one traffic policy can be applied to a VLAN in the inbound
or outbound direction.
After a traffic policy is applied, the system performs traffic
policing for the packets that belong to a VLAN and match traffic
classification rules in the inbound or outbound direction.

▪ Applying a traffic policy to the system

1) Run system-view
The system view is displayed.
2) Run traffic-policy policy-name global { inbound | outbound }
[ slot slot-id ]
A traffic policy is applied to the system.
Only one traffic policy can be applied to the system or slot in
one direction. A traffic policy cannot be applied to the same
direction in the system and slot simultaneously.
○ In a stack, a traffic policy that is applied to the system takes
effect on all the interfaces and VLANs of all the member
switches in the stack. The system then performs traffic
policing for all the incoming and outgoing packets that
match traffic classification rules on all the member switches.
A traffic policy that is applied to a specified slot takes effect
on all the interfaces and VLANs of the member switch with
the specified stack ID. The system then performs traffic
policing for all the incoming and outgoing packets that
match traffic classification rules on this member switch.
○ On a standalone switch, a traffic policy that is applied to the
system takes effect on all the interfaces and VLANs of the
local switch. The system then performs traffic policing for all
the incoming and outgoing packets that match traffic
classification rules on the local switch. Traffic policies
applied to the slot and system have the same functions.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 61

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Verifying the Configuration

● Run the display traffic classifier user-defined [ classifier-name ] command
to check the traffic classifier configuration on the device.
● Run the display traffic behavior user-defined [ behavior-name ] command
to check the traffic behavior configuration on the device.
● Run the display traffic policy user-defined [ policy-name [ classifier
classifier-name ] ] command to check the user-defined traffic policy
configuration.
● Run the display traffic-applied [ interface [ interface-type interface-
number ] | vlan [ vlan-id ] ] { inbound | outbound } [ verbose ] command to
check traffic actions and ACL rules associated with the system, a VLAN, or an
interface.
● Run the display traffic policy { interface [ interface-type interface-number ]
| vlan [ vlan-id ] | global } [ inbound | outbound ] command to check the
traffic policy configuration on the device.
● Run the display traffic-policy applied-record [ policy-name ] command to
check the record of the specified traffic policy.

3.7.5 Configuring the MAC Address Limiting Function

Context
An insecure network is vulnerable to MAC address attacks. When hackers send a
large number of forged packets with different source MAC addresses to the switch,
the MAC address table of the switch will be filled with useless MAC address
entries. As a result, the switch cannot learn source MAC addresses of valid packets.

You can limit the number of MAC address entries learned on the switch. When the
number of learned MAC address entries reaches the limit, the switch does not
learn new MAC address entries. You can also configure an action to take when the
number of MAC address entries reaches the limit. This prevents MAC address
attacks and improves network security.

Procedure
● Limit the number of MAC address entries learned on an interface.
a. Run system-view

The system view is displayed.

b. Run interface interface-type interface-number

The interface view is displayed.

c. Run mac-limit maximum max-num

The maximum number of MAC address entries that can be learned on

the interface is set.

By default, the number of MAC address entries learned on an interface is

not limited.
d. Run mac-limit action { discard | forward }

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 62

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

The action to take when the number of learned MAC address entries
reaches the limit is configured.

By default, the switch discards packets with new MAC addresses when
the number of learned MAC address entries reaches the limit.
e. Run mac-limit alarm { disable | enable }

The switch is configured to or not to generate an alarm when the

number of learned MAC address entries reaches the limit.

By default, the switch generates an alarm when the number of learned

MAC address entries reaches the limit.
● Limit the number of MAC address entries learned in a VLAN.
a. Run system-view

The system view is displayed.

b. Run vlan vlan-id

The VLAN view is displayed.

c. Run mac-limit maximum max-num

The maximum number of MAC address entries learned in the VLAN is set.

By default, the number of MAC address entries learned in a VLAN is not

limited.
d. Run mac-limit alarm { disable | enable }

The switch is configured to or not to generate an alarm when the

number of learned MAC address entries reaches the limit.

By default, the switch generates an alarm when the number of learned

MAC address entries reaches the limit.

----End

Verifying the Configuration

Run the display mac-limit command to check limiting on MAC address learning.

3.7.6 Enabling MAC Address Trap Functions

Context
The switch enabled with trap functions sends an alarm when the MAC address
usage exceeds the threshold, a MAC address changes, or a MAC address hash
conflict occurs. The alarms enable you to know the running status of the MAC
address table in real time. MAC address entry resources are key resources for the
switch. Monitoring the use of the MAC address table ensures normal system
operations. The switch provides three trap functions for MAC address entries.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 63

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Table 3-8 Three trap functions for MAC address entries

Trap Function Description

MAC address An alarm is generated when the MAC address usage is

usage out of the higher than 80%, and a clear alarm is generated when the
specified range MAC address usage is lower than 70%.
A clear alarm can be generated only if a threshold-
exceeding alarm has been generated.
A threshold-exceeding alarm indicates that the MAC address
usage is too high. You are advised to redistribute traffic or
expand the network.

MAC address An alarm is generated when a MAC address entry is learned

learning or aging or aged.

MAC address To improve the MAC address forwarding performance, the

hash conflict MAC address table of the switch is saved using a hash chain.
When multiple MAC addresses map the same key value in
accordance with the hash algorithm, some MAC addresses
may not be learned. That is, a MAC address hash conflict
occurs.
In this situation, the MAC address entries cannot be learned
even though the MAC address table is not full.
A MAC address hash conflict does not affect traffic
forwarding. The switch broadcasts traffic destined for the
conflicting MAC addresses, occupying bandwidth and system
resources. You can replace the device or network adapter of
a terminal to prevent MAC address hash conflicts.

Procedure
● Enable the trap function for MAC address usage out of the specified range.
a. Run system-view
The system view is displayed.
b. Run mac-address threshold-alarm upper-limit upper-limit-value lower-
limit lower-limit-value
The upper and lower alarm thresholds for the MAC address usage are set.
By default, the upper and lower alarm thresholds for the MAC address usage
are 80% and 70% respectively. An alarm is generated when the MAC address
usage is higher than 80%, and a clear alarm is generated when the MAC
address usage is lower than 70%.
● Enable the trap function for MAC address learning or aging.
a. Run system-view
The system view is displayed.
b. (Optional) Run mac-address trap notification interval interval-time
The interval at which the switch checks MAC address learning or aging is
set.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 64

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

By default, the switch checks MAC address learning or aging at intervals

of 10s.
c. Run interface interface-type interface-number
The interface view is displayed.
d. Run mac-address trap notification { aging | learn | all }
The trap function for MAC address learning and aging is enabled on the
interface.
By default, the trap function for MAC address learning or aging is
disabled.
● Enable the trap function for MAC address hash conflicts.
a. Run system-view
The system view is displayed.
b. Run mac-address trap hash-conflict enable
The trap function for MAC address hash conflicts is enabled.
By default, the trap function for MAC address hash conflicts is enabled.
c. (Optional) Run mac-address trap hash-conflict history history-number
The number of MAC address hash conflict alarms reported at an interval
is set.
By default, 10 MAC address hash conflict alarms are reported at an
interval.
d. (Optional) Run mac-address trap hash-conflict interval interval-time
The interval at which MAC address hash conflict alarms are reported is
set.
By default, MAC address hash conflict alarms are reported at intervals of
60s.

Verifying the Configuration

Run the display current-configuration command to check MAC address trap
functions on the switch.

3.7.7 Configuring a MAC Hash Algorithm

Context
A device usually uses a hash algorithm to learn MAC address entries to improve
MAC address forwarding performance. When multiple MAC addresses map the
same key value, a MAC address hash conflict may occur. When a MAC address
hash conflict occurs, the device may fail to learn many MAC addresses and can
only broadcast traffic destined for these MAC addresses. The heavy broadcast
traffic increases the load on the device. In this case, use an appropriate hash
algorithm to mitigate the hash conflict.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 65

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

NOTE

● The device uses the hash bucket to store MAC addresses. The device that uses the hash
bucket performs hash calculation for VLAN IDs and MAC addresses in MAC address
entries to be stored and obtains hash bucket indexes. The MAC addresses with the same
hash bucket index are stored in the same hash bucket. If a hash bucket with the
maximum storage space cannot accommodate learned MAC addresses of the hash
bucket, a hash conflict occurs and MAC addresses cannot be stored. The maximum
number of MAC addresses learned by the device through the hash bucket may be not
reached.
● The S5720HI does not support this configuration.
● MAC addresses are distributed on a network randomly, so the best hash algorithm
cannot be determined. Generally, the default hash algorithm is the best one, so do not
change the hash algorithm unless you have special requirements.
● An appropriate hash algorithm can reduce hash conflicts, but cannot prevent them.
● After the hash algorithm is changed, restart the device to make the configuration take
effect.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Configure a hash algorithm.
● Run the mac-address hash-mode { xor | crc } slot slot-id command on the
S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E,
S1720X-E, S2750EI, S2720EI, S5720LI, S5720S-LI, S6720LI, S6720S-LI, S5700LI,
S5700S-LI, S5710-X-LI, S5730SI, S5730S-EI, S6720SI, S6720S-SI, S5720SI, and
S5720S-SI.
● Run the mac-address hash-mode { crc16-lower | crc16-upper | crc32-lower
| crc32-upper | lsb } slot slot-id command on other models except the
S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E,
S1720X-E, S2750EI, S2720EI, S5720LI, S5720S-LI, S6720LI, S6720S-LI, S5700LI,
S5700S-LI, S5710-X-LI, S5730SI, S5730S-EI, S6720SI, S6720S-SI, S5720SI, and
S5720S-SI.
By default, the hash algorithm is crc on the S1720GFR, S1720GW, S1720GWR,
S1720X, S1720GW-E, S1720GWR-E, S1720X-E, S2750EI, S2720EI, S5720LI, S5720S-
LI, S6720LI, S6720S-LI, S5700LI, S5700S-LI, S5710-X-LI, S5730SI, S5730S-EI,
S6720SI, S6720S-SI, S5720SI, and S5720S-SI and crc32-lower on other models.
Step 3 Run mac-address hash-bucket-mode { size4 | size8 | size12 | size16 }
The hash bucket size is configured for the MAC address table.
This function is supported only by the S1720GFR, S1720GW, S1720GWR, S1720X,
S1720GW-E, S1720GWR-E, S1720X-E, S2750EI, S5700LI, S5700S-LI, S5720LI,
S5720S-LI, S5720SI, and S5720S-SI.
By default, the hash bucket size of a MAC address table is 4.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 66

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

NOTE

● A larger hash bucket size will lower device forwarding performance.

● After you change the hash bucket size to a smaller value, you need to restart the device.

----End

Verifying the Configuration

Run the display mac-address hash-mode command to check the running and
configured hash algorithms.

3.7.8 Configuring the Extended MAC Entry Resource Mode

Context
You can set the MAC entry resource mode to big-mac to increase the MAC
address table size. When the switch transmits heavy traffic, MAC address entries
increase accordingly. If the current MAC address table size cannot meet service
requirements, service running efficiency is reduced. The switch provides the
extended entry space register. You can configure an extended MAC entry resource
mode to increase the MAC address table size.

NOTE

Only the S5720EI, S6720EI and S6720S-EI support this function.

Procedure
Step 1 (Optional) Run display resource-mode configuration
The extended entry resource mode is displayed.
Step 2 Run system-view
The system view is displayed.
Step 3 Run assign resource-mode enhanced-mac slot slot-id
The extended MAC entry resource mode is configured.

NOTE

After the extended MAC entry resource mode is configured, you must restart the switch to make
the configuration take effect.

----End

Verifying the Configuration

Run the display resource-mode configuration command to check the configured
and current extended entry resource modes.

3.8 Configuring MAC Address Flapping Prevention

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 67

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

3.8.1 Configuring a MAC Address Learning Priority for an

Interface

Context
To prevent MAC address flapping, set different MAC address learning priorities for
interfaces. When two interfaces learn the same MAC address entries, the MAC
address entries learned by the interface with a higher priority override the MAC
address entries learned by the other interface.

Procedure
Perform the following operations on the S5720HI, S5720EI, S6720EI, and S6720S-
EI.

1. Run system-view
The system view is displayed.
2. Run interface interface-type interface-number
The interface view is displayed.
3. Run mac-learning priority priority-id
The MAC address learning priority of the interface is set.
By default, the MAC address learning priority of an interface is 0. A larger
priority value indicates a higher MAC address learning priority.
4. Run mac-learning priority flapping-defend action discard
The switch is configured to discard packets when the switch is configured to
prohibit MAC address flapping.
By default, the action is forward when the switch is configured to prohibit
MAC address flapping.

Perform the following operations on the S1720GFR, S1720GW, S1720GWR,

S1720X, S1720GW-E, S1720GWR-E, S1720X-E, S2720EI, S5700LI, S5700S-LI,
S5720LI, S5720S-LI, S6720LI, S6720S-LI, S5710-X-LI, S2750EI, S5730SI, S5730S-EI,
S6720SI, S6720S-SI, S5720S-SI, and S5720SI.

1. Run system-view
The system view is displayed.
2. Run mac-spoofing-defend enable
Global MAC spoofing defense is enabled.
By default, global MAC spoofing defense is disabled.
3. Run interface interface-type interface-number
The interface view is displayed.
4. Run mac-spoofing-defend enable
MAC spoofing defense is enabled on the interface so that the interface
becomes a trusted interface.
By default, MAC spoofing defense is disabled on an interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 68

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Verifying the Configuration

Run the display current-configuration command to check the MAC address
learning priorities of interfaces.

3.8.2 Preventing MAC Address Flapping Between Interfaces

with the Same Priority

Context
Preventing MAC address flapping between interfaces with the same priority can
improve network security.

After the switch is configured to prevent MAC address flapping between interfaces
with the same priority, the following problem may occur: If the network device
(such as a server) connected to an interface of switch is powered off and the same
MAC address is learned on another interface, the switch cannot learn the correct
MAC address on the original interface after the network device is powered on.

NOTE

Only the S5720HI, S5720EI, S6720EI, and S6720S-EI support this configuration.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run undo mac-learning priority priority-id allow-flapping

The device is configured to prevent MAC address flapping between interfaces with
the same priority.

By default, the device allows MAC address flapping between interfaces with the
same priority.

Step 3 Run mac-learning priority flapping-defend action discard

The switch discards packets when it is configured to prohibit MAC address

flapping.

By default, the action is forward when the switch is configured to prohibit MAC
address flapping.

----End

Verifying the Configuration

Run the display current-configuration command to check whether MAC address
flapping is allowed between interfaces with the same priority.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 69

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

3.9 Configuring MAC Address Flapping Detection

Context
MAC address flapping detection enables the device to check all MAC addresses to
detect MAC address flapping.

NOTE

● Configuring an action to take for MAC address flapping on an uplink interface may
cause interruption of important uplink traffic, and such configuration is not
recommended.
● The device enabled with MAC address flapping detection can detect loops on a single
point, but cannot obtain the entire network topology. If the network connected to the
device supports loop prevention protocols, use the loop prevention protocols instead of
MAC address flapping detection to eliminate loops.
● If only a few VLANs on the user network encounter loops, it is recommended that you
set the loop prevention action to quit-vlan.
● If a large number of VLANs on the user network encounter loops, it is recommended
that you set the loop prevention action to error-down. This action improves system
performance. Additionally, the remote device can detect the error-down event so that it
can quickly switch traffic to a backup link (if any).

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run mac-address flapping detection

MAC address flapping detection is enabled.

By default, MAC address flapping detection is enabled. The device detects MAC
address flapping in all VLANs.

Step 3 (Optional) Run mac-address flapping detection exclude vlan { vlan-id1 [ to

vlan-id2 ] } &<1-10>

One or more VLANs are excluded from MAC address flapping detection.

By default, the system performs MAC address flapping detection in all VLANs. In
special scenarios, for example, when a switch is connected to a server with two
network adapters in active-active mode, the server's MAC address may be learned
on two interfaces of the switch. Such a MAC address flapping event does not need
to be handled. You can exclude the VLAN where the server resides from MAC
address flapping detection.

Step 4 (Optional) Run mac-address flapping detection vlan { { vlan-id1 [ to vlan-id2 ] }

&<1-10> | all } security-level { high | middle | low }

The security level of MAC address flapping detection is configured in one or more
specified VLANs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 70

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

By default, the security level of MAC address flapping detection is middle. That is,
the system considers that MAC address flapping occurs when a MAC address flaps
10 times.
Step 5 (Optional) Run mac-address flapping aging-time aging-time
The aging time of flapping MAC addresses is set.
By default, the aging time of flapping MAC addresses is 300 seconds. If the aging
time of dynamic MAC addresses is long, a MAC address flapping event may be
detected after a long time. To ensure that the system detects MAC address
flapping quickly, shorten the aging time of flapping MAC addresses.
Step 6 (Optional) Configure an action to take after MAC address flapping is detected on
an interface and the priority of the action.
1. Run interface interface-type interface-number
The interface view is displayed.
2. Run mac-address flapping action { quit-vlan | error-down }
An action is specified for the interface if MAC address flapping occurs on the
interface.
By default, no action is configured. If an interface is connected to a user
network that does not support loop prevention protocols, MAC address
flapping may occur when there is a loop on the user network. Use this
command to configure an action on the interface. When MAC address
flapping is detected on the interface, the device takes the configured action. If
the action is set to error-down, the device shuts down the interface. If the
action is set to quit-vlan, the device removes the interface from the VLAN
where MAC address flapping occurs. Only one interface can be shut down
during one aging time of flapping MAC addresses.

NOTE

– Do not use the quit-vlan action together with dynamic VLAN functions such as
GVRP.
– When a MAC address flaps between an interface configured with the error-down
action and an interface configured with the quit-vlan action, the former interface
is shut down and the latter interface is removed from the VLAN. If a loop may be
generated between some interfaces, configure the same action for all the
interfaces.
3. Run mac-address flapping action priority priority
The priority of the action against MAC address flapping is set.

----End

Verifying the Configuration

Run the display mac-address flapping command to check information about
MAC address flapping detection in a VLAN.

Action to Take After MAC Address Flapping Occurs

The device that has MAC address flapping detection configured reports alarms
when it detects MAC address flapping. If the same alarm is reported multiple

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 71

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

times, a loop may exist on the network. To remove the loop, run the shutdown
command to shut down the interface specified in the MAC address flapping alarm.
Alternatively, configure an action against MAC address flapping on the interface to
remove the loop.

When configuring an action against MAC address flapping on an interface to

remove a loop, pay attention to the following points:

● When the action is set to error-down, the interface cannot be automatically

restored after it is shut down. You can only restore the interface by running
the shutdown and undo shutdown commands or the restart command in
the interface view.
To enable the interface to go Up automatically, you must run the error-down
auto-recovery cause mac-address-flapping command in the system view
before the interface enters the error-down state. This command enables an
interface in error-down state to go Up and sets a recovery delay. The interface
goes Up automatically after the delay.
● If the action is set to quit-vlan, the interface can be automatically restored
after a delay after it is removed from the VLAN. The default recovery delay is
10 minutes. The recovery delay time can be set using the mac-address
flapping quit-vlan recover-time time-value command in the system view.

3.10 Configuring the Switch to Discard Packets with an

All-0 MAC Address

Context
You can configure the switch to discard packets with an all-0 source or destination
MAC address.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run drop illegal-mac enable

The switch is enabled to discard packets with an all-0 MAC address.

By default, the switch does not discard packets with an all-0 MAC address.

Step 3 (Optional) Run drop illegal-mac alarm

The switch is configured to send an alarm to the NMS when receiving packets
with an all-0 MAC address.

By default, the switch does not send an alarm when receiving packets with an
all-0 MAC address.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 72

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

NOTE

The drop illegal-mac alarm command allows the switch to generate one alarm. You must
reconfigure the drop illegal-mac alarm command if more than one alarm is required.

----End

Verifying the Configuration

Run the display current-configuration command to check whether the switch is
enabled to discard packets with an all-0 MAC address.

3.11 Enabling MAC Address-triggered ARP Entry

Update

Context
Each network device uses an IP address to communicate with other devices. On an
Ethernet network, a host, switching device, or routing device sends and receives
Ethernet data frames based on MAC addresses. The ARP protocol maps IP
addresses to MAC addresses. When two devices on different network segments
communicate with each other, they need to map IP addresses to MAC addresses
and outbound interfaces according to ARP entries.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run mac-address update arp
The MAC address-triggered ARP entry update function is enabled.
By default, the MAC address-triggered ARP entry update function is disabled.

NOTE

● Only the S5720EI, S5720SI, S5720S-SI, S5730SI, S5730S-EI, S6720SI, S6720S-SI, S5720HI,
S6720EI, and S6720S-EI support this command.
● This command takes effect only for dynamic ARP entries. Static ARP entries are not
updated when the corresponding MAC address entries change.
● The MAC address-triggered ARP entry update function does not take effect after ARP
entry fixing is enabled using the arp anti-attack entry-check enable command.
● After the MAC address-triggered ARP entry update function is enabled, the switch
updates an ARP entry only when the outbound interface in the corresponding MAC
address entry changes.

----End

Verifying the Configuration

Run the display current-configuration command to check whether the MAC
address-triggered ARP entry update function is enabled.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 73

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

3.12 Enabling Port Bridge

Context
By default, an interface does not forward packets whose source and destination
MAC addresses are both learned by this interface. When the interface receives
such a packet, it discards the packet as an invalid packet.

After the port bridge function is enabled on the interface, the interface forwards
such a packet if the destination MAC address of the packet is in the MAC address
table.

The port bridge function is used in the following scenarios:

● The switch connects to devices that do not support Layer 2 forwarding. When
users connected to the devices need to communicate, the devices send
packets of the users to the switch for packet forwarding. Because source and
destination MAC addresses of the packets are learned on the same interface,
the port bridge function needs to be enabled on the interface so that the
interface can forward such packets.
● The switch is used as an access device in a data center and is connected to
servers. Each server is configured with multiple virtual machines. The virtual
machines need to transmit data to each other. If servers perform data
switching for virtual machines, the data switching speed and server
performance are reduced. To improve the data transmission rate and server
performance, enable the port bridge function on the interfaces connected to
the servers so that the switch forwards data packets between the virtual
machines.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The interface view is displayed.

Step 3 Run port bridge enable

The port bridge function is enabled on the interface.

By default, the port bridge function is disabled on an interface.

----End

Verifying the Configuration

Run the display current-configuration command to check whether the port
bridge function is enabled.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 74

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

3.13 Configuring Re-marking of Destination MAC

Addresses

Context
The re-marking function enables the switch to set the specified fields of packets
matching traffic classification rules. After the re-marking action is configured, the
switch still processes outgoing packets based on the original priority but the
downstream device processes the packets based on the re-marked priority. You can
configure action that re-marks the destination MAC address of packets in a traffic
behavior so that the downstream device can identify packets and provide
differentiated services.

NOTE

Only the S5720EI, S6720EI, and S6720S-EI support this configuration.

Procedure
1. Configure a traffic classifier.
a. Run system-view
The system view is displayed.
b. Run traffic classifier classifier-name [ operator { and | or } ]
A traffic classifier is created and the traffic classifier view is displayed, or
an existing traffic classifier view is displayed.
and is the logical operator between the rules in the traffic classifier,
which means that:

▪ If the traffic classifier contains ACL rules, packets match the traffic
classifier only when they match one ACL rule and all the non-ACL
rules.

▪ If the traffic classifier does not contain any ACL rules, packets match
the traffic classifier only when they match all the rules in the
classifier.
The logical operator or means that packets match the traffic classifier if
they match one of the rules in the classifier.
By default, the relationship between rules in a traffic classifier is OR.
c. Configure matching rules according to the following table.
NOTE

Only the S5720EI, S6720EI, and S6720S-EI support traffic classifiers with
advanced ACLs containing the ttl-expired field.
When a traffic classifier contains if-match ipv6 acl { acl-number | acl-name },
the S5720HI does not support remark 8021p [ 8021p-value | inner-8021p ],
remark cvlan-id cvlan-id, remark vlan-id vlan-id, or mac-address learning
disable.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 75

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Matchin Command Remarks

g Rule

Outer if-match vlan-id start-vlan-id Only the S1720X, S1720X-

VLAN ID [ to end-vlan-id ] [ cvlan-id E, S5720EI, S5720HI,
or inner cvlan-id ] S5730SI, S5730S-EI,
and outer S6720LI, S6720S-LI,
VLAN IDs S6720SI, S6720S-SI,
of QinQ S6720EI, and S6720S-EI
packets support the cvlan-id
cvlan-id parameter.
Inner and if-match cvlan-id start-vlan-id -
outer [ to end-vlan-id ] [ vlan-id
VLAN IDs vlan-id ] (S1720X, S1720X-E,
in QinQ S5720EI, S5720HI, S5730SI,
packets S5730S-EI, S6720LI, S6720S-LI,
S6720SI, S6720S-SI, S6720EI,
S6720S-EI)

802.1p if-match 8021p 8021p-value If you enter multiple

priority in &<1-8> 802.1p priority values in
VLAN one command, a packet
packets matches the traffic
classifier if it matches any
of the priorities,
regardless of whether the
relationship between
rules in the traffic
classifier is AND or OR.

Inner if-match cvlan-8021p 8021p- -

802.1p value &<1-8> (S5720EI,
priority in S5720HI, S6720EI, S6720S-EI)
QinQ
packets

Drop if-match discard (S5720EI, A traffic classifier

packet S5720HI, S6720EI, S6720S-EI) containing this matching
rule can only be bound to
traffic behaviors
containing traffic statistics
collection and flow
mirroring actions.

Double if-match double-tag -

tags in (S5720EI, S5720HI, S6720EI,
QinQ S6720S-EI)
packets

Destinati if-match destination-mac -

on MAC mac-address [ mac-address-
address mask ]

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 76

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Matchin Command Remarks

g Rule

Source if-match source-mac mac- -

MAC address [ mac-address-mask ]
address

Protocol if-match l2-protocol { arp | ip -

type field | mpls | rarp | protocol-value }
in the
Ethernet
frame
header

All if-match any After the if-match any

packets command is run, only the
matching rule configured
using this command takes
effect, and the other
matching rules in the
same traffic classifier will
become ineffective.

DSCP if-match dscp dscp-value ● If you enter multiple

priority in &<1-8> DSCP values in one
IP command, a packet
packets matches the traffic
classifier if it matches
any of the DSCP
values, regardless of
whether the
relationship between
rules in the traffic
classifier is AND or OR.
● If the relationship
between rules in a
traffic classifier is AND,
the if-match dscp and
if-match ip-
precedence
commands cannot be
used in the traffic
classifier
simultaneously.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 77

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Matchin Command Remarks

g Rule

IP if-match ip-precedence ip- ● The if-match dscp and

preceden precedence-value &<1-8> if-match ip-
ce in IP precedence
packets commands cannot be
configured in a traffic
classifier in which the
relationship between
rules is AND.
● If you enter multiple IP
precedence values in
one command, a
packet matches the
traffic classifier if it
matches any of the IP
precedence values,
regardless of whether
the relationship
between rules in the
traffic classifier is AND
or OR.

Layer 3 if-match protocol { ip | ipv6 } -

protocol
type

SYN Flag if-match tcp syn-flag { syn- -

in the flag-value | ack | fin | psh | rst
TCP | syn | urg }
packet

Inbound if-match inbound-interface A traffic policy containing

interface interface-type interface- this matching rule cannot
number be applied to the
outbound direction or in
the interface view.

Outboun if-match outbound-interface A traffic policy containing

d interface-type interface- this matching rule cannot
interface number (S5720EI, S5720HI, be applied to the inbound
S6720EI, S6720S-EI) direction on the S5720HI.
The traffic policy
containing this matching
rule cannot be applied in
the interface view.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 78

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Matchin Command Remarks

g Rule

ACL rule if-match acl { acl-number | ● When an ACL is used

acl-name } to define a traffic
classification rule, it is
recommended that the
ACL be configured first.
● If an ACL in a traffic
classifier defines
multiple rules, a packet
matches the ACL as
long as it matches one
of rules, regardless of
whether the
relationship between
rules in the traffic
classifier is AND or OR.

ACL6 rule if-match ipv6 acl { acl- Before specifying an ACL6

number | acl-name } in a matching rule,
configure the ACL6.

Flow ID if-match flow-id flow-id The traffic classifier

(S5720EI, S6720EI, S6720S-EI) containing if-match
flow-id and the traffic
behavior containing
remark flow-id must be
bound to different traffic
policies.
The traffic policy
containing if-match
flow-id can only be
applied to an interface, a
VLAN, or the system in
the inbound direction.

d. Run quit
Exit from the traffic classifier view.
2. Configure a traffic behavior.
a. Run the traffic behavior behavior-name command to create a traffic
behavior and enter the traffic behavior view.
b. Run the remark destination-mac mac-address command to configure
the action that re-marks destination MAC addresses of packets. The
destination MAC address to be re-marked must be a unicast MAC
address.
c. Run the quit command to exit from the traffic behavior view.
d. Run the quit command to exit from the system view.
3. Configure a traffic policy.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 79

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

a. Run traffic policy policy-name [ match-order { auto | config } ]

A traffic policy is created and the traffic policy view is displayed, or the
view of an existing traffic policy is displayed. If you do not specify a
matching order for traffic classifiers in the traffic policy, the default
matching order config is used.
After a traffic policy is applied, you cannot use the traffic policy
command to modify the matching order of traffic classifiers in the traffic
policy. To modify the matching order, delete the traffic policy, create a
traffic policy, and specify the matching order.
When creating a traffic policy, you can specify the matching order of its
matching rules. The matching order can be either automatic order or
configuration order:

▪ Automatic order: Traffic classifiers are matched based on the

priorities of their types. Traffic classifiers based on the following
information are in descending order of priority: Layer 2 and IPv4
Layer 3 information, advanced ACL6 information, basic ACL6
information, Layer 2 information, IPv4 Layer 3 information, and user-
defined ACL information. If data traffic matches multiple traffic
classifiers, and the traffic behaviors conflict with each other, the
traffic behavior corresponding to the highest priority rule takes
effect.

▪ Configuration order: Traffic classifiers are matched based on the

sequence in which traffic classifiers were bound to traffic behaviors.
NOTE

If more than 128 ACL rules defining CAR are configured, a traffic policy must be
applied to an interface, a VLAN, and the system in sequence in the outbound
direction. In the preceding situation, if you need to update ACL rules, delete the
traffic policy from the interface, VLAN, and system and reconfigure it in
sequence.
b. Run classifier classifier-name behavior behavior-name
A traffic behavior is bound to a traffic classifier in the traffic policy.
c. Run quit
Exit from the traffic policy view.
d. Run quit
Exit from the system view.
4. Apply the traffic policy.
– Applying a traffic policy to an interface
i. Run system-view
The system view is displayed.
ii. Run interface interface-type interface-number
The interface view is displayed.
iii. Run traffic-policy policy-name { inbound }
A traffic policy is applied to the interface.
– Applying a traffic policy to a VLAN

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 80

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

i. Run system-view
The system view is displayed.
ii. Run vlan vlan-id
The VLAN view is displayed.
iii. Run traffic-policy policy-name { inbound }
A traffic policy is applied to the VLAN.
– Applying a traffic policy to the system
i. Run system-view
The system view is displayed.
ii. Run traffic-policy policy-name global { inbound | outbound } [ slot
slot-id ]
A traffic policy is applied to the system.
Only one traffic policy can be applied to the system or slot in one
direction. A traffic policy cannot be applied to the same direction in
the system and slot simultaneously.
○ In a stack, a traffic policy that is applied to the system takes
effect on all the interfaces and VLANs of all the member
switches in the stack. The system then performs traffic policing
for all the incoming and outgoing packets that match traffic
classification rules on all the member switches. A traffic policy
that is applied to a specified slot takes effect on all the
interfaces and VLANs of the member switch with the specified
stack ID. The system then performs traffic policing for all the
incoming and outgoing packets that match traffic classification
rules on this member switch.
○ On a standalone switch, a traffic policy that is applied to the
system takes effect on all the interfaces and VLANs of the local
switch. The system then performs traffic policing for all the
incoming and outgoing packets that match traffic classification
rules on the local switch. Traffic policies applied to the slot and
system have the same functions.

Verifying the Configuration

● Run the display traffic classifier user-defined [ classifier-name ] command
to check the traffic classifier configuration on the device.
● Run the display traffic behavior user-defined [ behavior-name ] command
to check the traffic behavior configuration on the device.
● Run the display traffic policy user-defined [ policy-name [ classifier
classifier-name ] ] command to check the user-defined traffic policy
configuration.
● Run the display traffic-applied [ interface [ interface-type interface-
number ] | vlan [ vlan-id ] ] { inbound } [ verbose ] command to check
traffic actions and ACL rules associated with the system, a VLAN, or an
interface.
● Run the display traffic policy { interface [ interface-type interface-number ]
| vlan [ vlan-id ] | global } [ inbound ] command to check the traffic policy
configuration on the device.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 81

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

● Run the display traffic-policy applied-record [ policy-name ] command to

check the record of the specified traffic policy.

3.14 Maintaining MAC Address Tables

3.14.1 Displaying MAC Address Entries

Table 3-9 Commands used to display MAC address entries
Action Command

Display all MAC address entries. display mac-address

Display static MAC address entries. display mac-address static

Display static MAC address entries in a display mac-address static vlan vlan-
specified VLAN. id
Display MAC address entries learned in display mac-address dynamic vlan
a VLAN. vlan-id
Display MAC address entries learned display mac-address dynamic
on an interface. interface-type interface-number
Display a specified MAC address. display mac-address mac-address

Display the aging time of dynamic display mac-address aging-time

MAC address entries.

Display statistics on MAC address ● Display the total statistics: display

entries. mac-address total-number
● Display the statistics of various
types of MAC address entries:
display mac-address summary

Display the system MAC address. display bridge mac-address

Display the MAC address of an display interface interface-type

interface. interface-number
Hardware address indicates the MAC
address of the interface.

Display the MAC address of a VLANIF display interface vlanif vlan-id

interface. Hardware address indicates the MAC
address of the VLANIF interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 82

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

3.14.2 Deleting MAC Address Entries

Table 3-10 Commands used to delete MAC address entries

Action Command

Delete all MAC address entries. undo mac-address

Delete MAC address entries in a VLAN. undo mac-address vlan vlan-id

Delete MAC address entries on an undo mac-address interface-type

interface. interface-number
Delete all the dynamic MAC address undo mac-address dynamic
entries

Delete all the static MAC address undo mac-address static

entries

3.14.3 Displaying MAC Address Flapping Information

Table 3-11 Commands used to display MAC address flapping records

Action Command

Display alarms about MAC address Run the display trapbuffer command
flapping. to check whether the following alarms
exist:
● OID 1.3.6.1.4.1.2011.5.25.160.3.7

Display detailed MAC address flapping display mac-address flapping record

records.

3.15 Configuration Examples for MAC Address Tables

3.15.1 Example for Configuring Static MAC Address Entries

Networking Requirements
As shown in Figure 3-12, the user PC with MAC address 0002-0002-0002 connects
to the GE0/0/1 of the Switch, and the server with MAC address 0004-0004-0004
connects to GE0/0/2 of the Switch. The user PC and server communicate in VLAN
2.

● To prevent unauthorized users from using the user PC's MAC address to
initiate attacks, configure a static MAC address entry for the user PC on the
Switch.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 83

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

● To prevent unauthorized users from using the server's MAC address to

intercept information about important users, configure a static MAC address
entry for the server on the Switch.
NOTE

This example applies to scenarios with a small number of users. When there are many
users, use dynamic MAC address entries. For details, see Example for Configuring Port
Security in "Port Security Configuration" in the S1720, S2700, S5700, and S6720
V200R011C10 Configuration Guide - Security.

Figure 3-12 Networking for configuring static MAC address entries

Network

Switch

GE0/0/1 GE0/0/2

VLAN 2

PC:2-2-2 Server:4-4-4

Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLAN 2 and add the interfaces connected to the PC and server to the
VLAN to implement Layer 2 forwarding.
2. Configure static MAC address entries to prevent attacks from unauthorized
users.

Procedure
Step 1 Create static MAC address entries.
# Create VLAN 2 and add GigabitEthernet0/0/1 and GigabitEthernet0/0/2 to VLAN
2.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan 2
[Switch-vlan2] quit
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type access
[Switch-GigabitEthernet0/0/1] port default vlan 2
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type access

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 84

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

[Switch-GigabitEthernet0/0/2] port default vlan 2

[Switch-GigabitEthernet0/0/2] quit

# Configure static MAC address entries.

[Switch] mac-address static 2-2-2 GigabitEthernet 0/0/1 vlan 2
[Switch] mac-address static 4-4-4 GigabitEthernet 0/0/2 vlan 2

Step 2 Verify the configuration.

# Run the display mac-address static vlan 2 command in any view to check
whether the static MAC address entries are successfully added to the MAC address
table.
[Switch] display mac-address static vlan 2
-------------------------------------------------------------------------------
MAC Address VLAN/VSI/BD Learned-From Type
-------------------------------------------------------------------------------
0002-0002-0002 2/-/- GE0/0/1 static
0004-0004-0004 2/-/- GE0/0/2 static

-------------------------------------------------------------------------------
Total items displayed = 2

----End

Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 2
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 2
#
mac-address static 0002-0002-0002 GigabitEthernet0/0/1 vlan 2
mac-address static 0004-0004-0004 GigabitEthernet0/0/2 vlan 2
#
return

3.15.2 Example for Configuring Blackhole MAC Address

Entries

Networking Requirements
In Figure 3-13, the Switch receives packets from an unauthorized PC that has the
MAC address of 0005-0005-0005 and belongs to VLAN 3. This MAC address entry
can be configured as a blackhole MAC address entry so that the Switch filters out
packets from the unauthorized PC.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 85

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Figure 3-13 Networking for configuring a blackhole MAC address entry

Unauthorized
MAC Address VLAN ID
5-5-5 3 user

Switch

Authorized Authorized Authorized

user 1 user 2 user 3

Configuration Roadmap
The configuration roadmap is as follows:

1. Create a VLAN to implement Layer 2 forwarding.

2. Configure a blackhole MAC address entry to filter out packets from the
unauthorized PC.

Procedure
Step 1 Configure a blackhole MAC address entry.

# Create VLAN 3.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan 3
[Switch-vlan3] quit

# Configure a blackhole MAC address entry.

[Switch] mac-address blackhole 0005-0005-0005 vlan 3

Step 2 Verify the configuration.

# Run the display mac-address blackhole command in any view to check

whether the blackhole MAC address entry is successfully added to the MAC
address table.
[Switch] display mac-address blackhole
-------------------------------------------------------------------------------
MAC Address VLAN/VSI/BD Learned-From Type
-------------------------------------------------------------------------------
0005-0005-0005 3/-/- - blackhole

-------------------------------------------------------------------------------
Total items displayed = 1

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 86

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 3
#
mac-address blackhole 0005-0005-0005 vlan 3
#
return

3.15.3 Example for Configuring MAC Address Limiting on an

Interface

Networking Requirements
In Figure 3-14, user network 1 and user network 2 connect to the Switch through
the LSW, and the LSW connects to the Switch through GE0/0/1. User network 1
and user network 2 belong to VLAN 10 and VLAN 20 respectively. On the Switch,
MAC address limiting can be configured on GE0/0/1 to control the number of
access users.

Figure 3-14 Networking for configuring MAC address limiting on an interface

Network

Switch

GE0/0/1

LSW

User User
network 1 network 2

VLAN 10 VLAN 20

Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs and add the downlink interface to the VLANs to implement
Layer 2 forwarding.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 87

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

2. Configure MAC address limiting on the interface to control the number of

access users.

Procedure
Step 1 Configure MAC address limiting.

# Create VLAN 10 and VLAN 20, and add the GigabitEthernet0/0/1 to VLAN 10
and VLAN 20.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 10 20
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid tagged vlan 10 20

# Configure a MAC address limiting rule on GigabitEthernet0/0/1: A maximum of

100 MAC address entries can be learned on the interface. When the number of
learned MAC address entries reaches the limit, the Switch forwards the packets
with new source MAC address entries and generates an alarm.
[Switch-GigabitEthernet0/0/1] mac-limit maximum 100 alarm enable
[Switch-GigabitEthernet0/0/1] return

Step 2 Verify the configuration.

# Run the display mac-limit command in any view to check whether the MAC
address limiting rule is successfully configured.
<Switch> display mac-limit
MAC limit is enabled
Total MAC limit rule count : 1

PORT VLAN/VSI SLOT Maximum Rate(ms) Action Alarm

----------------------------------------------------------------------------
GE0/0/1 - - 100 - discard enable

----End

Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 10 20
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 10 20
mac-limit maximum 100
#
return

3.15.4 Example for Configuring MAC Address Limiting in a

VLAN

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 88

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Networking Requirements
In Figure 3-15, user network 1 is connected to GE0/0/1 of the Switch through
LSW1, and user network 2 is connected to GE0/0/2 of the Switch through LSW2.
GE0/0/1 and GE0/0/2 belong to VLAN 2. To control the number of access users,
configure MAC address limiting in VLAN 2.

Figure 3-15 Networking of MAC address limiting

Network

Switch
GE0/0/1 GE0/0/2

LSW1 LSW2

User User
network 1 VLAN 2 network 2

Configuration Roadmap
The configuration roadmap is as follows:

1. Create a VLAN and add interfaces to the VLAN to implement Layer 2

forwarding.
2. Configure MAC address limiting in the VLAN to prevent MAC address attacks
and control access users.

Procedure
Step 1 Configure MAC address limiting.

# Add GigabitEthernet0/0/1 and GigabitEthernet0/0/2 to VLAN 2.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan 2
[Switch-vlan2] quit
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 2
[Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 2
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type hybrid
[Switch-GigabitEthernet0/0/2] port hybrid pvid vlan 2
[Switch-GigabitEthernet0/0/2] port hybrid untagged vlan 2
[Switch-GigabitEthernet0/0/2] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 89

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

# Configure the following MAC address limiting rule in VLAN 2: A maximum of

100 MAC addresses can be learned. When the number of learned MAC address
entries reaches the limit, the Switch directly discards the packets with new source
MAC address entries and generates an alarm.
[Switch] vlan 2
[Switch-vlan2] mac-limit maximum 100 alarm enable
[Switch-vlan2] return

Step 2 Verify the configuration.

# Run the display mac-limit command in any view to check whether the MAC
address limiting rule is successfully configured.
<Switch> display mac-limit
MAC limit is enabled
Total MAC limit rule count : 1

PORT VLAN/VSI SLOT Maximum Rate(ms) Action Alarm

----------------------------------------------------------------------------
- 2 - 100 - forward enable

----End

Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 2
#
vlan 2
mac-limit maximum 100
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 2
port hybrid untagged vlan 2
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 2
port hybrid untagged vlan 2
#
return

3.15.5 Example for Configuring MAC Address Flapping

Prevention

Networking Requirements
In Figure 3-16, employees of an enterprise need to access the server connected to
a switch interface. If an unauthorized user uses the server's MAC address as the
source MAC address to send packets to another interface, the server's MAC
address is learned on the interface. Then packets sent from employees to the
server are forwarded to the unauthorized user. As a result, employees cannot
access the server, and important data may be intercepted by the unauthorized
user.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 90

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

MAC address flapping prevention can be configured to protect the server against
attacks from unauthorized users.

Figure 3-16 Networking of MAC address flapping prevention

Server
MAC:11-22-33

GE0/0/1 VLAN 10

Switch

GE0/0/2 PC4
MAC:11-22-33

LSW

PC1 PC2 PC3

VLAN10

Configuration Roadmap
The configuration roadmap is as follows:

1. Create a VLAN and add interfaces to the VLAN to implement Layer 2

forwarding.
2. Configure MAC address flapping prevention on the server-side interface.

Procedure
Step 1 Create a VLAN and add interfaces to the VLAN.

# Add GigabitEthernet0/0/1 and GigabitEthernet0/0/2 to VLAN 10.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan 10
[Switch-vlan10] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type trunk
[Switch-GigabitEthernet0/0/2] port trunk allow-pass vlan 10
[Switch-GigabitEthernet0/0/2] quit
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 10

Step 2 # Set the MAC address learning priority of GigabitEthernet0/0/1 to 2.

[Switch-GigabitEthernet0/0/1] mac-learning priority 2
[Switch-GigabitEthernet0/0/1] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 91

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Step 3 Verify the configuration.

# Run the display current-configuration command in any view to check whether
the MAC address learning priority is set correctly.
[Switch] display current-configuration interface gigabitethernet 0/0/1
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 10
port hybrid untagged vlan 10
mac-learning priority 2
#
return

----End

Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 10
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 10
port hybrid untagged vlan 10
mac-learning priority 2
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
return

3.15.6 Example for Configuring MAC Address Flapping

Detection

Networking Requirements
In Figure 3-17, a loop occurs on a user network because two LSWs are incorrectly
connected using a network cable. The loop causes MAC address flapping in the
MAC address table of the Switch.
To detect loops in a timely manner, configure MAC address flapping detection on
the Switch. This function enables the Switch to detect loops by checking whether a
MAC address flaps between interfaces. To remove loops on the network, configure
an action against MAC address flapping on the interfaces.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 92

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Figure 3-17 Networking of MAC address flapping detection

Network

Switch

GE0/0/1 GE0/0/2

LSW1 LSW2

Incorrect connection

Configuration Roadmap
The configuration roadmap is as follows:

1. Enable MAC address flapping detection.

2. Set the aging time of flapping MAC addresses.
3. Configure an action against MAC address flapping on the interfaces to
remove loops.

Procedure
Step 1 Enable MAC address flapping detection.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] mac-address flapping detection

Step 2 Set the aging time of flapping MAC addresses.

[Switch] mac-address flapping aging-time 500

Step 3 Configure the action against MAC address flapping to shutdown on the GE0/0/1
and GE0/0/2.
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] mac-address flapping action error-down
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] mac-address flapping action error-down
[Switch-GigabitEthernet0/0/2] quit

Step 4 Enable error-down interfaces to go Up automatically and set the automatic

recovery delay.
[Switch] error-down auto-recovery cause mac-address-flapping interval 500

Step 5 Verify the configuration.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 93

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

When the MAC address learned on the GE moves to GE0/0/2, GE0/0/2 is shut
down automatically. You can run the display mac-address flapping record
command to view MAC address flapping records.
[Switch] display mac-address flapping record
S : start time
E : end time
(Q) : quit vlan
(D) : error down
-------------------------------------------------------------------------------
Move-Time VLAN MAC-Address Original-Port Move-Ports MoveNum
-------------------------------------------------------------------------------
S:2012-04-01 17:22:36 1 0000-0000-0007 GE0/0/1 GE0/0/2(D) 83
E:2012-04-01 17:22:44

-------------------------------------------------------------------------------
Total items on slot 0: 1

----End

Configuration Files
Switch configuration file
#
sysname Switch
#
error-down auto-recovery cause mac-address-flapping interval 500
#
mac-address flapping aging-time 500
#
interface GigabitEthernet0/0/1
mac-address flapping action error-down
#
interface GigabitEthernet0/0/2
mac-address flapping action error-down
#
return

3.16 Troubleshooting MAC Address Tables

3.16.1 MAC Address Entries Failed to Be Learned on an

Interface

Fault Symptom
MAC address entries cannot be learned on an interface, causing Layer 2
forwarding failures.

Procedure
Step 1 Check the configuration on the device.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 94

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Check Item Check Method Follow-up Operation

Whether the Run the display vlan Run the vlan vlan-id command in
VLAN that the vlan-id command in any the system view to create the
interface view. If the system VLAN.
belongs to has displays the message
been created "Error: The VLAN does
not exist", the VLAN is
not created.

Whether the Run the display vlan Run one of the following
interface vlan-id command in any commands in the interface view
transparently view to check whether to add the interface to the VLAN.
transmits the interface name ● Run the port trunk allow-pass
packets from exists. If not, the vlan command if the interface
the VLAN interface does not is a trunk interface.
transparently transmit
packets from the VLAN. ● Run the port hybrid tagged
vlan or port hybrid untagged
vlan command if the interface
is a hybrid interface.
● Run the port default vlan
command if the interface is an
access interface.

Whether a Run the display mac- If a blackhole MAC address entry

blackhole MAC address blackhole is displayed, run the undo mac-
address entry is command in any view to address blackhole command to
configured check whether a delete it.
blackhole MAC address
entry is configured.

Whether MAC Run the display this | Run the undo mac-address
address learning include learning learning disable command in the
is disabled on command in the interface view or VLAN view to
the interface or interface view and VLAN enable MAC address learning.
in the VLAN view to check whether
the mac-address
learning disable
configuration exists. If
so, MAC address
learning is disabled on
the interface or in the
VLAN.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 95

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

Check Item Check Method Follow-up Operation

Whether MAC Run the display this | ● Run the mac-limit command
address limiting include mac-limit in the interface view or VLAN
is configured on command in the view to increase the maximum
the interface interface view and VLAN number of learned MAC
and in the VLAN view to check whether address entries.
there is the MAC address ● Run the undo mac-limit
limiting configuration. If command in the interface view
so, the maximum or VLAN view to cancel MAC
number of learned MAC address limiting.
address entries is set.

Whether port Run the display this | ● Run the undo port-security
security is include port-security enable command in the
configured on command in the interface view to disable port
the interface interface view to check security.
whether there is the port ● Run the port-security max-
security configuration. If mac-num command in the
so, port security is interface view to increase the
configured on the maximum number of secure
interface. dynamic MAC address entries
on the interface.

If the fault persists, go to step 2.

Step 2 Check whether a loop causes MAC address entry flapping.

1. Generally, MAC address flapping is caused by loops. Run the mac-address
flapping detection command in the system view to configure MAC address
flapping detection.
2. The system checks all MAC addresses in the VLAN to detect MAC address
flapping. Run the display mac-address flapping record command to check
MAC address flapping records to determine whether a loop occurs.
3. If MAC address flapping occurs, use the following methods to remove MAC
address flapping:
– Eliminate the loop.
– Run the mac-learning priority command in the interface view to
configure the MAC address learning priority for the interface so that a
MAC address is learned by the correct interface.

If no loop occurs, go to step 3.

Step 3 Check whether the number of learned MAC address entries has reached the
maximum value. If so, the device cannot learn new MAC address entries.
● If the number of MAC address entries on the interface is less than or equal to
the number of hosts connected to the interface, the device is connected to
more hosts than it supports. Adjust the network deployment.
● If the interface has learned more MAC address entries than the hosts
connected to the interface, the interface may be undergoing a MAC address

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 96

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

attack from the attached network. Locate the attack source in accordance
with the following table.

Scenario Solution

The interface connects to another Run the display mac-address

network device. command on the connected device
to view MAC address entries. Locate
the interface connected to the
malicious user host based on the
displayed MAC address entries. If the
interface that you find is connected
to another device, repeat this step
until you find the malicious host.

The interface connects to a host. – Disconnect the host after

obtaining permission from the
administrator. When the attack
stops, connect the host to the
network again.
– Run the port-security enable
command on the interface to
enable port security or the mac-
limit command to set the
maximum number of MAC
address entries to 1.

The interface connects to a hub. – Configure port mirroring and use

a tool to analyze packets received
by the interface. Analyze the
packet types to locate the
attacking host. Disconnect the
host after obtaining permission
from the administrator. When the
attack stops, connect the host to
the hub again.
– Disconnect hosts connected to
the hub one by one after
obtaining permission from the
administrator. If the fault is
rectified after a host is
disconnected, the host is the
attacker. After the host stops the
attack, connect it to the hub
again.

If the number of MAC addresses that have learned by the device does not reach
the maximum number of addresses allowed on the device but MAC addresses still
cannot be learned, go to step 4.

Step 4 Check whether a MAC address hash conflict alarm is generated on the device.
L2IFPPI/4/MACHASHCONFLICTALARM: OID [oid] A hash conflict occurs in MAC addresses.
(IfIndex=[INTEGER], MacAddr=[OPAQUE], VLAN=[GAUGE], VsiName=[OCTET1], InterfaceName=[OCTET2]).

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 97

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

For details about how to handle this alarm, see

L2IFPPI_1.3.6.1.4.1.2011.5.25.315.3.6 hwMacTrapHashConflictAlarm.

----End

3.17 FAQ About MAC Address Tables

3.17.1 How Do I Enable and Disable MAC Address Flapping

Detection?

Version Enable MAC Address Disable MAC Address

Flapping Detection Flapping Detection

Versions earlier Run the loop-detect eth- Run the undo loop-detect
than V200R001 loop alarm-only in the eth-loop alarm-only in the
support only MAC VLAN view. VLAN view.
address flapping
detection in a
VLAN.

V200R001 and Run the mac-address Run the undo mac-address

later versions flapping detection in the flapping detection in the
support global system view. system view.
MAC address
flapping detection
in all VLANs. By
default, global
MAC address
flapping detection
is enabled.

3.17.2 How Do I Check MAC Address Flapping Information?

Version Command

Versions earlier display trapbuffer

than V200R001

V200R001 and display trapbuffer or display mac-address flapping

later versions record

3.17.3 What Should I Do When Finding a MAC Address

Flapping Alarm?
If the alarm is reported only once, ignore it.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 98

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

If the alarm is reported multiple times, find the first and second interfaces where
the MAC address is learned. Shut down the second interface to locate the loop.
Then adjust the networking to remove the loop.

3.17.4 How Do I Rapidly Determine a Loop?

Check whether MAC address flapping occurs to rapidly determine a loop on a
network. Generally, a loop occurs if a MAC address flapping alarm is generated
consecutively.

Enable MAC address flapping detection according to the following table.

Version Enable MAC Address Disable MAC Address

Flapping Detection Flapping Detection

Versions earlier Run the loop-detect eth- Run the undo loop-detect
than V200R001 loop alarm-only in the eth-loop alarm-only in the
support only MAC VLAN view. VLAN view.
address flapping
detection in a
VLAN.

V200R001 and Run the mac-address Run the undo mac-address

later versions flapping detection in the flapping detection in the
support global system view. system view.
MAC address
flapping detection
in all VLANs. By
default, global
MAC address
flapping detection
is enabled.

Check whether MAC address flapping occurs according to the following table.

Version Command

Versions earlier display trapbuffer

than V200R001

V200R001 and display trapbuffer or display mac-address flapping

later versions record

3.17.5 How Do I Configure VLAN-based Blackhole MAC

Address Entries?
To configure VLAN-based blackhole MAC address entries, perform the following
operations:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 99

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 3 MAC Address Table Configuration

# Add a blackhole MAC address entry to the MAC address table. For example, in
the blackhole MAC address entry, the MAC address is 0004-0004-0004 and the
VLAN ID is VLAN 10.
<HUAWEI> system-view
[HUAWEI] vlan 10
[HUAWEI-vlan10] quit
[HUAWEI] mac-address blackhole 0004-0004-0004 vlan 10

For the S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E,

S1720X-E, S2750EI, S2720EI, S5720LI, S5720S-LI, S6720LI, S6720S-LI, S5700LI,
S5700S-LI, S5710-X-LI, S5720SI, S5720S-SI, S5730SI, S5730S-EI, S6720SI, or
S6720S-SI switch, if both traffic policy-based redirection action and VLAN-based
blackhole MAC address are configured, the switch will not discard the packet if its
source or destination MAC address is a blackhole MAC address and the packet
matches the redirection policy. In this scenario, you are advised to configure a
global blackhole MAC address or configure an ACL-based simplified traffic policy
to discard a specific packet.
# Add the global blackhole MAC address 0004-0004-0004 to the MAC address
table.
<HUAWEI> system-view
[HUAWEI] mac-address blackhole 0004-0004-0004

# Configure an ACL-based simplified traffic policy to discard the packet with MAC
address 0004-0004-0004 and VLAN 10.
<HUAWEI> system-view
[HUAWEI] vlan 10
[HUAWEI-vlan10] quit
[HUAWEI] acl number 4000
[HUAWEI-acl-L2-4000] rule 5 deny source-mac 0004-0004-0004 vlan-id 10
[HUAWEI-acl-L2-4000] rule 10 deny destination-mac 0004-0004-0004 vlan-id 10
[HUAWEI-acl-L2-4000] quit
[HUAWEI] traffic-filter inbound acl 4000

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 100

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

4 Link Aggregation Configuration

About This Chapter

This chapter describes how to configure link aggregation. Link aggregation

bundles multiple Ethernet links into a logical link to increase bandwidth, improve
reliability, and load balance traffic.

4.1 Overview of Link Aggregation

4.2 Understanding Link Aggregation
4.3 Application Scenarios for Link Aggregation
4.4 Summary of Link Aggregation Configuration Tasks
4.5 Licensing Requirements and Limitations for Link Aggregation
4.6 Default Settings for Link Aggregation
4.7 Configuring Link Aggregation in Manual Mode
4.8 Configuring Link Aggregation in LACP Mode
4.9 Associating the Secondary Member Interface of an Eth-Trunk Interface in LACP
Mode with Its Primary Member Interface
4.10 Configuring Preferential Forwarding of Local Traffic in a Stack
4.11 Creating an Eth-Trunk Sub-interface
4.12 Configuring an E-Trunk
4.13 Maintaining Link Aggregation
4.14 Configuration Examples for Link Aggregation
4.15 Troubleshooting Link Aggregation
4.16 FAQ About Link Aggregation

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 101

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

4.1 Overview of Link Aggregation

Definition
Ethernet link aggregation, also called Eth-Trunk, bundles multiple physical links to
form a logical link to increase link bandwidth. The bundled links back up each
other, increasing reliability.

Purpose
As the network scale expands increasingly, users propose increasingly high
requirements on Ethernet backbone network bandwidth and reliability. Originally,
to increase the bandwidth, users use high-speed devices to replace old devices.
This solution, however, is costly and inflexible.
Link aggregation helps increase bandwidth by bundling a group of physical
interfaces into a single logical interface, without having to upgrade hardware. In
addition, link aggregation provides link backup mechanisms, greatly improving
link reliability.
Link aggregation has the following advantages:
● Increased bandwidth
The bandwidth of the link aggregation interface is the sum of bandwidth of
member interfaces.
● Higher reliability
When an active link fails, traffic on this active link is switched to another
active link, improving reliability of the link aggregation interface.
● Load balancing
In a link aggregation group (LAG), traffic is load balanced among active links
of member interfaces.

4.2 Understanding Link Aggregation

4.2.1 Basic Concepts of Link Aggregation

As shown in Figure 4-1, DeviceA and DeviceB are connected through three
Ethernet physical links. The three Ethernet physical links are bundled into an Eth-
Trunk link, and the bandwidth of the Eth-Trunk link is the sum of bandwidth of
the three Ethernet physical links. The three Ethernet physical links back up each
other, improving reliability.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 102

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Figure 4-1 Eth-Trunk networking

The link is Down,so packets are discarded.

Eth-Trunk not
configured

Bundle links to increase bandwidth. Link backup improves reliability.

Eth-Trunk
configured

Link aggregation concepts are described as follows:

● LAG and LAG interface
A link aggregation group (LAG) is a logical link bundled by multiple Ethernet
links.
Each LAG corresponds to a logical interface, that is, link aggregation interface
or Eth-Trunk. The Eth-Trunk can be used as a common Ethernet interface. The
only difference between the Eth-Trunk and common Ethernet interface is that
the Eth-Trunk needs to select one or more member interfaces to forward
traffic.
● Member interface and member link
The interfaces that constitute an Eth-Trunk are member interfaces. The link
corresponding to a member interface is a member link.
● Active and inactive interfaces and links
There are two types of interfaces in an LAG: active interface that forwards
data and inactive interface that does not forward data.
The link connected to an active interface is the active link, whereas the link
connected to an inactive interface is the inactive link.
● Upper threshold for the number of active interfaces
When the number of active interfaces reaches this threshold, the bandwidth
of an Eth-Trunk will not increase even if more member links go Up. This
guarantees higher network reliability. When the number of active member
interfaces reaches the upper threshold, additional active member interfaces
are set to Down.
For example, 8 trouble-free member links are bundled into an Eth-Trunk link
and each link provides a bandwidth of 1 Gbit/s. The Eth-Trunk link only needs
to provide a maximum bandwidth of 5 Gbit/s. You can set the maximum
number of Up member links to 5 or larger. Then any unselected Up links
automatically enter the backup state, improving reliability.
NOTE

The upper threshold for the number of active interfaces is inapplicable to the manual
load balancing mode.
● Lower threshold for the number of active interfaces
When the number of active interfaces falls below this threshold, an Eth-Trunk
goes Down. This guarantees the Eth-Trunk a minimum available bandwidth.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 103

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

For example, if the Eth-Trunk is required to provide a minimum bandwidth of

2 Gbit/s and each member link's bandwidth is 1 Gbit/s, the minimum number
of Up member links must be set to 2 or larger.
● Link aggregation mode
There are two link aggregation modes: manual and LACP. Table 4-1 compares
the two modes.

Table 4-1 Comparisons between link aggregation modes

Item Manual Mode LACP Mode

Definition You must manually An Eth-Trunk is created

create an Eth-Trunk based on LACP. LACP
and add member provides a standard
interfaces to the Eth- negotiation mechanism
Trunk. In this mode, for a switching device
LACP is not required. so that the switching
device can
automatically form and
start the aggregated
link according to its
configuration. After the
aggregated link is
formed, LACP is
responsible for
maintaining the link
status. When the link
aggregation condition
is changed, LACP
adjusts or removes the
aggregated link.

Whether LACP is No Yes

required

Data forwarding Generally, all links are Generally, some links

active links. All active are active links. All
links participate in data active links participate
forwarding. If one in data forwarding. If
active link fails, traffic an active link fails, the
is load balanced among system selects a link
the remaining active among inactive links as
links. the active link. That is,
the number of links
participating in data
forwarding remains
unchanged.

Whether inter-device No Yes

link aggregation is
supported

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 104

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Item Manual Mode LACP Mode

Fault detection This mode can only This mode can detect
detect member link member link
disconnections, but disconnections and
cannot detect other other faults such as link
faults such as link layer layer faults and
faults and incorrect link incorrect link
connections. connections.

NOTE

For more information, see 4.2.2 Link Aggregation in Manual Mode and 4.2.3 Link
Aggregation in LACP Mode.
● Link aggregation modes supported by the device
– Intra-device: Member interfaces of an Eth-Trunk are located on the same
device.
– Inter-stack-device: Member interfaces of an Eth-Trunk are located on
member devices of a stack. For details, see 4.2.5 Link Aggregation in
Stack Scenarios.
– Inter-device: The inter-device link aggregation refers to E-Trunk. E-Trunk
allows links between multiple devices to be aggregated based on LACP.
For details, see 4.2.6 E-Trunk.

4.2.2 Link Aggregation in Manual Mode

Link aggregation can work in manual or static LACP mode depending on whether
LACP is used.
In manual mode, you must manually create an Eth-Trunk and add member
interfaces to the Eth-Trunk. In this mode, LACP is not required. The manual mode
applies to the scenario where a high link bandwidth between two directly
connected devices is required but the remote device does not support the LACP
protocol. This mode can increase bandwidth, enhance reliability, and implement
load balancing.
As shown in Figure 4-2, an Eth-Trunk is created between DeviceA and DeviceB. In
manual mode, three active links participate in data forwarding and load balance
traffic. When one link becomes faulty, the remaining two links load balance traffic.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 105

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Figure 4-2 Link aggregation in manual mode

DeviceA DeviceB
A%
B%
Eth-Trunk
C%
A%+B%+C%=100%
One link is faulty

DeviceA DeviceB
D%
E%
Eth-Trunk

D%+E%=100%

4.2.3 Link Aggregation in LACP Mode

Background
An Eth-Trunk in manual mode can increase the bandwidth. However, the manual
mode can only detect member link disconnections, but cannot detect other faults
such as link layer faults and incorrect link connections.

The Link Aggregation Control Protocol (LACP) can improve fault tolerance of the
Eth-Trunk, provide backup, and ensure high reliability of member links.

LACP uses a standard negotiation mechanism for a switching device so that the
switching device can create and start the aggregated link based on its
configuration. After the aggregated link is created, LACP maintains the link status.
If an aggregated link's status changes, LACP adjusts or removes the link.

For example, in Figure 4-3, four interfaces on DeviceA are bundled into an Eth-
Trunk and the Eth-Trunk is connected to the corresponding interfaces on DeviceB.
Because an interface on DeviceA is incorrectly connected to an interface on
DeviceC, DeviceA may incorrectly send data destined for DeviceB to DeviceC.
However, the Eth-Trunk in manual mode cannot detect this fault in a timely
manner.

If LACP is enabled on DeviceA and DeviceB, the Eth-Trunk correctly selects active
links to forward data after negotiation. Data sent by DeviceA can reach DeviceB.

Figure 4-3 Incorrect Eth-Trunk connection

DeviceA DeviceB

Eth-Trunk

DeviceC

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 106

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Concepts
● LACP system priority
LACP system priorities are set on devices at both ends of an Eth-Trunk. In
LACP mode, active member interfaces selected by both devices must be
consistent; otherwise, an LAG cannot be established. To keep active member
interfaces consistent at both ends, set a higher priority for one end so that the
other end selects active member interfaces based on the selection of the end
with a higher priority. The smaller the LACP system priority value, the higher
the LACP system priority.
● LACP interface priority
Interface LACP priorities are set to prioritize interfaces of an Eth-Trunk.
Interfaces with higher priorities are selected as active interfaces. The smaller
the LACP interface priority value, the higher the LACP interface priority.
● M:N backup of member interfaces
In LACP mode, LACP is used to negotiate parameters to determine active links
in an LAG. This mode is also called the M:N mode, where M refers to the
number of active links and N refers to the number of backup links. This mode
guarantees high reliability and allows traffic to be load balanced among M
active links.
As shown in Figure 4-4, M+N links with the same attributes (in the same
LAG) are set up between two devices. When data is transmitted over the
aggregated link, traffic is load balanced among M active links and no data is
transmitted over N backup links. Therefore, the actual bandwidth of the
aggregated link is the sum of the M links' bandwidth, and the maximum
bandwidth of the aggregated link is the sum of the M+N links' bandwidth.
If one of M links fails, LACP selects a link from N backup links to replace the
faulty link. The actual bandwidth of the aggregated link is still the sum of M
links' bandwidth, but the maximum bandwidth of the aggregated link is the
sum of the (M+N-1) links' bandwidth.

Figure 4-4 Networking of M:N backup

DeviceA DeviceB

Eth-Trunk

Eth-Trunk 1 Eth-Trunk 1

Active link
Backup link

M:N backup is mainly applied in situations where the bandwidth of M links

must be assured and a fault tolerance mechanism is in place. If an active link
fails, the system selects the backup link with the highest priority as the active
link.
If no available backup link is found and the number of active links is smaller
than the lower threshold for the number of active interfaces, the system shuts
down the LAG.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 107

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Implementation of Link Aggregation in LACP Mode

LACP, as specified in IEEE 802.3ad, implements dynamic link aggregation and de-
aggregation, allowing both ends to exchange Link Aggregation Control Protocol
Data Units (LACPDUs).
After member interfaces are added to an Eth-Trunk in LACP mode, each end sends
LACPDUs to inform its remote end of its system priority, MAC address, member
interface priorities, interface numbers, and keys. The remote end then compares
this information with that saved on itself, and selects which interfaces to be
aggregated. The two ends perform LACP negotiation to select active interfaces
and links.
Figure 4-5 shows the format of an LACPDU.

Figure 4-5 Fields in an LACPDU

Destination Address
Source Address
Length/Type
Subtype=LACP
Version Number
TLV_type=Actor Information
Actor_Information_Length=20
Actor_System_Priority
Actor_System
Actor_Key
Actor_Port_Priority
Actor_Port
Actor_State
Reserved
TLV_type=Partner Information
Partner_Information_Length=20
Partner_System_Priority
Partner_System
Partner_Key
Partner_Port_Priority
Partner_Port
Partner_State
Reserved
TLV_type=Collector Information
Collector_Information_Length=16
CollectorMaxDelay
Reserved
TLV_type=Terminator
Terminator_Length=0
Reserved
FCS

The meaning of each field is explained as follows:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 108

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Item Description

Actor_Port/Partner_Port Interface of the Actor or Partner.

Actor_State/Partner_State Status of the Actor or Partner.

Actor_System_Priority/ System priority of the Actor or Partner.

Partner_System_Priority

Actor_System/Partner_System System ID of the Actor or Partner.

Actor_Key/Partner_Key Operational key of the Actor or

Partner.

Actor_Port_Priority/ Interface priority of the Actor or

Partner_Port_Priority Partner.

● An Eth-Trunk in LACP mode is set up as follows:

a. Devices at both ends send LACPDUs to each other.
As shown in Figure 4-6, you need to create an Eth-Trunk in LACP mode
on DeviceA and DeviceB and add member interfaces to the Eth-Trunk.
Then the member interfaces are enabled with LACP, and devices at both
ends can send LACPDUs to each other.

Figure 4-6 LACPDUs sent in LACP mode

DeviceA LACPDU DeviceB

LACPDU

b. Devices at both ends determine the Actor and active links.

As shown in Figure 4-7, devices at both ends receive LACPDUs from each
other. For example, when DeviceB receives LACPDUs from DeviceA,
DeviceB checks and records information about DeviceA and compares
system priorities. If the system priority of DeviceA is higher than that of
DeviceB, DeviceA acts as the Actor. If DeviceA and DeviceB have the same
system priority, the device with a smaller MAC address functions as the
Actor.
After the Actor is selected, devices at both ends select active interfaces
based on the interface priority of the Actor. If priorities of interfaces on
the Actor are the same, interfaces with smaller interface numbers are
selected as active interfaces. An Eth-Trunk is established when devices at
both ends select consistent interfaces. Active links load balance data.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 109

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Figure 4-7 Selecting the Actor in LACP mode

LACP port priority LACP port priority
DeviceA
1 3 DeviceB
2 2
3 1
The device with higher The device with lower
system priority system priority
Compare system priority
and determine the Actor
LACP port priority LACP port priority
DeviceA 1 3 DeviceB
2 2
3 1
Actor
The Actor determines
active links
LACP port priority LACP port priority
DeviceA DeviceB
1 3
2 2
3 1
Actor
● LACP preemption
When LACP preemption is enabled, interfaces with higher priorities in an LAG
function as active interfaces.
As shown in Figure 4-8, Port 1, Port 2, and Port 3 are member interfaces of
an Eth-Trunk; DeviceA acts as the Actor; the upper threshold for the number
of active interfaces is 2; LACP priorities of Port 1, Port 2, and Port 3 are 10, 20,
and 30 respectively. When LACP negotiation is complete, Port 1 and Port 2 are
selected as active interfaces because their LACP priorities are higher, and Port
3 is used as the backup interface.

Figure 4-8 LACP preemption

DeviceA LACP port priority DeviceB
Port 1 10 Port 1
Port 2 20 Eth-Trunk Port 2
Port 3 30 Port 3
Actor

Active link
Backup link

LACP preemption is used in the following situations:

– Port 1 becomes faulty, and then recovers. When Port 1 fails, Port 3
replaces Port 1 to transmit services. After Port 1 recovers, if LACP
preemption is not enabled on the Eth-Trunk, Port 1 still retains in backup
state. If LACP preemption is enabled on the Eth-Trunk, Port 1 and Port 3
become the active interface and backup interface respectively.
– If LACP preemption is enabled and Port 3 needs to replace Port 1 or Port
2 to become the active interface, set the highest LACP priority value for

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 110

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Port 3. When LACP preemption is not enabled, the system does not re-
select the active interface even if the priority of a backup interface is
higher than that of the active interface.
● LACP preemption delay
After LACP preemption occurs, a backup link waits for a given period of time
and then switches to the active status. This period is called LACP preemption
delay. The LACP preemption delay is used to prevent unstable data
transmission over an Eth-Trunk link caused by frequent status changes of
member links.
As shown in Figure 4-8, Port 1 becomes inactive due to a link fault. Then the
link of Port 1 recovers. If LACP preemption is enabled and the LACP
preemption delay is set, Port 1 switches to be active after the LACP
preemption delay.
● Switchover between active and inactive links
In LACP mode, a link switchover in an LAG is triggered if a device at one end
detects one of the following events:
– An active link goes Down.
– Ethernet OAM detects a link fault.
– LACP detects a link fault.
– An active interface becomes unavailable.
– When LACP preemption is enabled, a backup interface's priority is
changed to be higher than that of the current active interface.
When any of the preceding events occurs, perform the following operations:
a. Shut down the faulty link.
b. Select the backup link with the highest priority among N backup links to
replace the faulty active link.
c. The highest priority backup link becomes the active link and begins
forwarding data.

4.2.4 Load Balancing Modes of Link Aggregation

Background
A data flow is a group of data packets with one or more identical attributes. The
attributes include the source MAC address, destination MAC address, source IP
address, destination IP address, source TCP/UDP port number, and destination
TCP/UDP port number.
Load balancing falls into packet- and flow-based load balancing.
● Packet-based load balancing
There are multiple physical links between both devices of the Eth-Trunk, so
the first and second data frames of the same data flow may be transmitted
over two physical links. In this case, the second data frame may arrive at the
remote device earlier than the first data frame. As a result, packet mis-
sequencing occurs.
● Flow-based load balancing
The system uses the hash algorithm to calculate the address in a data frame
and generates a HASH-KEY value. Then the system searches for the outbound

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 111

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

interface in the Eth-Trunk forwarding table based on the generated HASH-KEY

value. Each MAC or IP address corresponds to a HASH-KEY value, so the
system uses different outbound interfaces to forward data. This mode ensures
that frames of the same data flow are forwarded on the same physical link
and implements load balancing of flows. Flow-based load balancing ensures
the sequence of data transmission, but cannot ensure the bandwidth
utilization.
NOTE

The switch supports only flow-based load balancing.

Forwarding Principle
As shown in Figure 4-9, the Eth-Trunk is located between the MAC address layer
and the LLC sub-layer, that is, data link layer.

Figure 4-9 Eth-Trunk in the Ethernet protocol stack

LLC
Data link Eth-Trunk
layer
MAC

Physical layer PHY

The Eth-Trunk module maintains a forwarding table that consists of the following
entries:
● HASH-KEY value
The HASH-KEY value is calculated through the hash algorithm based on the
MAC address or IP address in a packet.
● Interface number
Eth-Trunk forwarding entries are relevant to the number of member interfaces
in an Eth-Trunk. Different HASH-KEY values map different outbound
interfaces.
For example, an Eth-Trunk supports a maximum of eight member interfaces.
If physical interfaces 1, 2, 3, and 4 are bundled into an Eth-Trunk, the Eth-
Trunk forwarding table contains four entries, as shown in Figure 4-10. In the
Eth-Trunk forwarding table, the HASH-KEY values are 0, 1, 2, 3, 4, 5, 6, and 7,
and the corresponding interface numbers are 1, 2, 3, 4, 1, 2, 3, and 4.

Figure 4-10 Example of an Eth-Trunk forwarding table

HASH-KEY 0 1 2 3 4 5 6 7
PORT 1 2 3 4 1 2 3 4

The Eth-Trunk module forwards a packet according to the Eth-Trunk forwarding

table:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 112

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

1. The Eth-Trunk module receives a packet from the MAC sub-layer, and then
extracts its source/destination MAC address or IP address.
2. The Eth-Trunk module calculates the HASH-KEY value using the hash
algorithm.
3. Based on the HASH-KEY value, the Eth-Trunk module searches the Eth-Trunk
forwarding table for the interface number, and then sends the packet from
the corresponding interface.

Load Balancing Mode

To prevent data packet mis-sequencing, an Eth-Trunk uses flow-based load
balancing. Data forwarding varies depending on the load balancing mode.

You can use the following load balancing modes according to the actual
networking:

● Based on source MAC addresses of packets

● Based on destination MAC addresses of packets
● Based on source IP addresses of packets
● Based on destination IP addresses of packets
● Based on the Exclusive-Or result of source and destination MAC addresses of
packets
● Based on the Exclusive-Or result of source and destination IP addresses of
packets
● Enhanced load balancing: based on VLAN IDs and source physical interface
numbers for Layer 2, IPv4, IPv6, and MPLS packets

When configuring a load balancing mode, pay attention to the following points:

● The load balancing mode is only valid for the outbound interface of traffic. If
traffic of the inbound interface is uneven, change the load balancing mode of
the uplink outbound interface.
● Data flows should be load balanced among all active links as much as
possible. If data flows are transmitted over one link, traffic congestion may
occur and service running is affected.
For example, when data packets have only one destination MAC address and
IP address, use load balancing based on the source MAC address and IP
address of packets. If load balancing based on the destination MAC address
and IP address is used, traffic is transmitted over one link, causing congestion.

For details about how to determine whether Eth-Trunk load balancing is uneven
and how to adjust Eth-Trunk configurations in this scenario, visit Huawei technical
support website to search for How Do I Adjust Eth-Trunk Configurations When
Eth-Trunk Load Balancing Is Uneven.

4.2.5 Link Aggregation in Stack Scenarios

Concepts
● Stack device

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 113

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

A stack device is a logical device formed by connecting multiple devices

through stack cables. In Figure 4-11, DeviceB and DeviceC are connected to
form a logical device.
● Inter-chassis Eth-Trunk
Physical interfaces in a stack are added to an Eth-Trunk. When a device in the
stack fails or a device physical interface added to the Eth-Trunk fails, traffic
can be transmitted between devices through stack cables. The inter-chassis
Eth-Trunk ensures reliable transmission and implements device backup.
● Preferential forwarding of local traffic
In b of Figure 4-11, traffic from DeviceB or DeviceC is only forwarded through
local member interfaces when the network runs properly. In a of Figure 4-11,
traffic is forwarded across devices through stack cables.

Figure 4-11 Inter-chassis Eth-Trunk

DeviceA DeviceA

Eth-Trunk Eth-Trunk

Stack Stack

DeviceB DeviceC DeviceB DeviceC

a. The Eth-Trunk is not enabled to b. The Eth-Trunk is enabled to

preferentially forward local preferentially forward local
interface traffic. interface traffic.
Data flow 1
Data flow 2
Stack cable

Inter-Chassis Eth-Trunk Supporting Preferential Forwarding of Local Traffic

In a stack, an Eth-Trunk is configured to be the outbound interface of traffic to
ensure reliable transmission. Member interfaces of the Eth-Trunk are located on

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 114

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

different devices. When the stack device forwards traffic, the Eth-Trunk may select
an inter-chassis member interface based on the hash algorithm. This forwarding
mode occupies bandwidth resources between devices and reduces traffic
forwarding efficiency.
As shown in Figure 4-11, DeviceB and DeviceC constitute a stack, and the stack
connects to DeviceA through an Eth-Trunk. After the Eth-Trunk in the stack is
configured to preferentially forward local traffic, the following functions are
implemented:
● Forwarding received traffic by the local device
When DeviceB has member interfaces of the Eth-Trunk and the member
interfaces function properly, the Eth-Trunk forwarding table of DeviceB
contains only local member interfaces. In this manner, the hash algorithm
selects a local member interface, and traffic is only forwarded through
DeviceB.
● Forwarding received traffic by another device
When DeviceB does not have any member interface of the Eth-Trunk or all
member interfaces are faulty, the Eth-Trunk forwarding table of DeviceB
contains all available member interfaces. In this manner, the hash algorithm
selects a member interface on DeviceC, and traffic is forwarded through
DeviceC.
NOTE

● This function is only valid for known unicast packets, and is invalid for unknown unicast
packets, broadcast packets, and multicast packets.
● Before configuring an Eth-Trunk to preferentially forward local traffic, ensure that
member interfaces of the local Eth-Trunk have sufficient bandwidth to forward local
traffic; otherwise, traffic may be discarded.

4.2.6 E-Trunk
Enhanced Trunk (E-Trunk), an extension based on the Link Aggregation Control
Protocol (LACP), controls and implements link aggregation among multiple
devices. E-Trunk implements device-level link reliability, instead of card-level link
reliability implemented by LACP.
E-Trunk is mainly applied to a scenario where a CE is dual-homed to a network. In
this scenario, E-Trunk can be used to protect PEs and links between the CE and
PEs. Without E-Trunk, a CE can be connected to only one PE by using an Eth-Trunk
link. If the Eth-Trunk or PE fails, the CE cannot communicate with the PE. By using
E-Trunk, the CE can be dual-homed to PEs, establishing device-level protection.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 115

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Figure 4-12 E-Trunk networking

PE1
Eth-Trunk10

Eth-Trunk20

E-Trunk1

CE

Eth-Trunk10
PE2

NOTE

Only the S1720X, S1720X-E, S5720SI, S5720S-SI, S5720EI, S5720HI, S5730SI, S5730S-EI,
S6720LI, S6720S-LI, S6720SI, S6720S-SI, S6720EI, and S6720S-EI support the E-Trunk.

Basic Concepts
● LACP system priority
In LACP, the LACP system priority is used to differentiate priorities of devices
at both ends of an Eth-Trunk link. A smaller value indicates a higher LACP
system priority.
● System ID
In LACP, the system ID is used to determine the priorities of the two devices at
both ends of an Eth-Trunk link if their LACP priorities are the same. The
smaller the system ID, the higher the priority. By default, the system ID is the
MAC address of an Eth-Trunk.
To enable a CE to consider the PEs as a single device, you must configure the
same system LACP priority and system ID for the PEs at both ends of an E-
Trunk link.
● E-Trunk priority
The E-Trunk priority determines the master/backup status of two devices in an
LAG. As shown in Figure 4-12, PE1 has a higher E-Trunk priority than PE2,
and therefore PE1 is the master device and PE2 is the backup device. The
smaller the E-Trunk priority value, the higher the E-Trunk priority.
● E-Trunk ID
An E-Trunk ID is an integer that identifies an E-Trunk.
● Working mode
The working mode depends on the working mode of the Eth-Trunk added to
the E-Trunk. The Eth-Trunk works in one of the following modes:
– Automatic
– Forcible master
– Forcible backup

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 116

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

● Timeout interval
Normally, the master and backup devices in an E-Trunk periodically send Hello
messages to each other. If the backup device does not receive any Hello
message within the timeout interval, it becomes the master device.

E-Trunk Working Principle

The E-Trunk working process is described as follows:

● Master/Backup status negotiation

As shown in Figure 4-12, the CE is directly connected to PE1 and PE2, and E-
Trunk runs between PE1 and PE2.
– PE
The same Eth-Trunk and E-Trunk are created on PE1 and PE2. In addition,
the Eth-Trunks are added to the E-Trunk.
– CE
An Eth-Trunk in LACP mode is configured on the CE. The CE is connected
to PE1 and PE2 through the Eth-Trunk.
The E-Trunk is invisible to the CE.
a. Determine the E-Trunk master/backup status.
PE1 and PE2 negotiate the E-Trunk master/backup status by exchanging
E-Trunk packets. Normally, after the negotiation, one PE functions as the
master and the other as the backup.
The master/backup status of a PE depends on the E-Trunk priority and E-
Trunk ID carried in E-Trunk packets. The smaller the E-Trunk priority
value, the higher the E-Trunk priority. The PE with the higher E-Trunk
priority functions as the master. If the E-Trunk priorities of the PEs are the
same, the PE with the smaller E-Trunk system ID functions as the master
device.
b. Determine the master/backup status of a member Eth-Trunk in the E-
Trunk.
The master/backup status of a member Eth-Trunk in the E-Trunk is
determined by its E-Trunk status and the remote Eth-Trunk status.
As shown in Figure 4-12, PE1 and PE2 are at both ends of the E-Trunk
link. PE1 is considered as the local end and PE2 as the remote end.
Figure 4-12 describes the status of each member Eth-Trunk in the E-
Trunk.

Table 4-2 Master/Backup status of an E-Trunk and its member Eth-Trunks

Local E-Trunk Working Mode Remote Eth- Local Eth-

Status of the Local Trunk Status Trunk Status
Eth-Trunk

- Forcible master - Master

- Forcible backup - Backup

Master Automatic Down Master

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 117

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Local E-Trunk Working Mode Remote Eth- Local Eth-

Status of the Local Trunk Status Trunk Status
Eth-Trunk

Backup Automatic Down Master

Backup Automatic Up Backup

In normal situations:

▪ If PE1 functions as the master, Eth-Trunk 10 on PE1 functions as the

master and its link status is Up.

▪ If PE2 functions as the backup, Eth-Trunk 10 on PE2 functions as the

backup and its link status is Down.
If the link between the CE and PE1 fails, the following situations occur:
i. PE1 sends an E-Trunk packet containing information about faulty
Eth-Trunk 10 of PE1 to PE2.
ii. After receiving the E-Trunk packet, PE2 finds that Eth-Trunk 10 on the
remote device is faulty. Eth-Trunk 10 on PE2 becomes the master.
Through LACP negotiation, Eth-Trunk 10 on PE2 becomes Up.
The Eth-Trunk status on PE2 becomes Up, and traffic of the CE is
forwarded through PE2. In this way, traffic destined for the CE is
protected.
If PE1 is faulty, PE2 will not receive any E-Trunk packet from PE1 before
the timeout. PE2 will function as the master and Eth-Trunk 10 on PE2 will
function as the master. Through LACP negotiation, the status of Eth-Trunk
10 on PE2 becomes Up. The traffic of the CE is forwarded through PE2.
● Sending and receiving of E-Trunk packets
E-Trunk packets carrying the source IP address and port number configured
on the local end are sent through UDP. E-Trunk packets are sent in the
following situations:
– The sending timer times out.
– The configurations change. For example, the E-Trunk priority, packet
sending interval, timeout interval multiplier, and source/destination IP
address of the E-Trunk changes, and member Eth-Trunks are added or
deleted.
– A member Eth-Trunk fails or recovers.
E-Trunk packets at the local end needs to carry the timeout interval so that
the remote device can obtain the timeout interval in Eth-Trunk packets from
the local end as its timeout interval.
● Switchback mechanism
If the physical status of the Eth-Trunk on the local device in master state goes
Down or the local device fails, the remote device becomes the master and the
physical status of the member Eth-Trunk becomes Up.
When the local device recovers and needs to function as the master, the local
Eth-Trunk enters the LACP negotiation state. After LACP informs that the

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 118

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

negotiation capability is Up, the local device starts the switchback delay timer.
After the switchback delay timer expires, the local Eth-Trunk becomes the
master. After LACP negotiation, the Eth-Trunk becomes Up.

E-Trunk Constraints
As shown in Figure 4-12, to improve reliability of CE and PE links and ensure that
traffic is switched between these links, comply with the following rules:
● The configurations at both ends of the E-Trunk link must be consistent. The
Eth-Trunk links directly connecting PEs to the CE must be configured with the
same working rate and duplex mode so that both Eth-Trunks have the same
key and join the same E-Trunk. After the Eth-Trunks are added to the E-Trunk,
both PEs must contain the LACP system priorities and IDs. The interfaces
connecting the CE to PE1 and PE2 must be added to the same Eth-Trunk. The
Eth-Trunk on the CE can have a different ID from that of the PEs. For
example, the CE is configured with Eth-Trunk 1, and both PEs are configured
with Eth-Trunk 10.
● The IP address of the local PE must be the same as the local address of the
remote PE and the IP address of the remote PE must be the same as the
remote address of the local PE to ensure Layer 3 connectivity. Here, it is
recommended that the addresses of the PEs are configured as loopback
interface addresses.
● The two PEs must be configured with the same security key if necessary.

4.3 Application Scenarios for Link Aggregation

4.3.1 Switches Are Directly Connected Using Link Aggregation

As shown in Figure 4-13, traffic of services with different priorities is sent to the
core network through the UPE and PE-AGG. To ensure the bandwidth and
reliability of the link between the UPE and PE-AGG, an LAG, Eth-Trunk 1, is
established.

Figure 4-13 Link aggregation networking

Core
Network

PE-AGG
Eth-Trunk 1
UPE

…… ……
VoIP DATA
IPTV

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 119

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

You can determine the working mode for the Eth-Trunk according to the following
situations:
● If devices at both ends of the Eth-Trunk support LACP, the LACP mode is
recommended.
● If the device at either end of the Eth-Trunk does not support LACP, you must
use the manual mode.
QoS can be implemented on an Eth-Trunk as a common interface. At both ends
(UPE and PE-AGG) of Eth-Trunk 1, traffic shaping, congestion management, and
congestion avoidance can be performed for outgoing traffic, ensuring that packets
of high priorities are sent in a timely manner.

4.3.2 Switches Are Connected Across a Transmission Device

Using Link Aggregation
As shown in Figure 4-14, a transmission device needs to be deployed between
two switches that are far away from each other. In addition, link aggregation is
configured between the two switches to enhance link bandwidth and reliability.
● The switches at both ends must use link aggregation in LACP mode.
● The transmission device between switches must be configured to
transparently transmit LACPDUs.

Figure 4-14 Switches are connected across a transmission device using link
aggregation

Transmission
device

4.3.3 Switches Connect to Transmission Devices Using Link

Aggregation
As shown in Figure 4-15, one core site and multiple access sites are deployed. The
sites are far away from each other, so transmission devices need to be deployed
between devices to ensure communication. At each site, link aggregation is
deployed between the switch and the transmission device to improve the
reliability.
● The link aggregation mode on the transmission device must be the same as
that of the switch. Configure the transmission device according to its
operation guide.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 120

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Figure 4-15 Networking where switches are connected to transmission devices

using link aggregation

Core site

Transmission
device

Transmission Transmission
device device

Access site 1 Access site 3

Transmission
device

Access site 2

4.3.4 A Switch Connects to a Server Using Link Aggregation

As shown in Figure 4-16, to improve the server bandwidth and reliability, two or
more network adapters of the server are aggregated to form a network adapter
group to implement load balancing or redundancy.
In addition to the configuration notes in 4.5 Licensing Requirements and
Limitations for Link Aggregation, pay attention to the following points:
● Network adapters of the server must use the same type.
● The link aggregation modes on the server and access device must be
consistent.
Intel network adapter is used as an example. A server often uses static or IEEE
802.3ad dynamic link aggregation. When the server uses static link
aggregation, the access device must use the manual mode. When the server
uses IEEE 802.3ad dynamic link aggregation, the access device must use the
LACP mode.
● When a server needs to obtain the configuration file from the remote file
server through a switch and link aggregation needs to be used, run the lacp
force-forward command on the link aggregation interface of the switch.
NOTE

Different types of network adapters use different link aggregation configuration. See the
network adapter operation guide.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 121

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Figure 4-16 Networking where a switch connects to a server

Network

Eth-Trunk 1

4.3.5 A Switch Connects to a Stack Using Link Aggregation

As shown in Figure 4-17, the switch connects to a stack using link aggregation,
and the Eth-Trunk is enabled to preferentially forward local traffic. Preferentially
forwarding local traffic ensures reliable transmission, reduces the bandwidth
burden between stack devices, and improves the forwarding efficiency.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 122

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Figure 4-17 Preferentially forwarding local traffic

Network

CSS

VLAN 2 VLAN 3

VLAN 2 data flow

VLAN 3 data flow

4.3.6 Using E-Trunk to Implement Link Aggregation Across

Devices
NOTE

Only the S1720X, S1720X-E, S5720SI, S5720S-SI, S5720EI, S5720HI, S5730SI, S5730S-EI,
S6720LI, S6720S-LI, S6720SI, S6720S-SI, S6720EI, and S6720S-EI support the E-Trunk.

As shown in Figure 4-18, the Enhanced Trunk (E-Trunk) protects the links between
CE1 and two PEs (PE1 and PE2) on the network. CE1 is connected to PE1 and PE2
using two Eth-Trunks in LACP mode. The two Eth-Trunks form an E-Trunk to
implement backup and enhance the network reliability.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 123

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Figure 4-18 E-Trunk networking

Loopback1

PE1
Eth-Trunk10

Eth-Trunk20

E-Trunk1 Internet
CE1

Eth-Trunk10
PE2

Loopback1

4.4 Summary of Link Aggregation Configuration Tasks

Table 4-3 describes the link aggregation configuration tasks.

Table 4-3 Link aggregation configuration tasks

Scenario Task

Switches Are Directly Connected Using Perform either of the two operations:
Link Aggregation ● 4.7 Configuring Link Aggregation
in Manual Mode
● 4.8 Configuring Link Aggregation
in LACP Mode

Switches Are Connected Across a 4.8 Configuring Link Aggregation in

Transmission Device Using Link LACP Mode
Aggregation

A Switch Connects to a Server Using Perform either of the two operations:

Link Aggregation ● 4.7 Configuring Link Aggregation
in Manual Mode
● 4.8 Configuring Link Aggregation
in LACP Mode

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 124

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Scenario Task

Using E-Trunk to Implement Link 1. 4.8 Configuring Link Aggregation

Aggregation Across Devices in LACP Mode
NOTE 2. 4.12 Configuring an E-Trunk
Only the S1720X, S1720X-E, S5720SI,
S5720S-SI, S5720EI, S5720HI, S5730SI,
S5730S-EI, S6720LI, S6720S-LI, S6720SI,
S6720S-SI, S6720EI, and S6720S-EI support
the E-Trunk.

4.5 Licensing Requirements and Limitations for Link

Aggregation

Involved Network Elements

Other network elements are not required.

Licensing Requirements
Configuration commands of Ethernet link aggregation are available only after the
S1720GW, S1720GWR, and S1720X have the license (WEB management to full
management Electronic RTU License) loaded and activated and the switches are
restarted.Configuration commands of Ethernet link aggregation on other models
are not under license control.

For details about how to apply for a license, see S Series Switch License Use
Guide.

Version Requirements

Table 4-4 Products and versions supporting link aggregation

Product Product Software Version

Model

S1700 S1720GFR V200R006C10, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S1720GW, V200R010C00, V200R011C00, V200R011C10

S1720GWR

S1720GW- V200R010C00, V200R011C00, V200R011C10

E,
S1720GWR
-E

S1720X, V200R011C00, V200R011C10

S1720X-E

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 125

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Product Product Software Version

Model

Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.

S2700 S2700SI V100R005C01, V100R006(C00&C01&C03&C05)

S2700EI V100R005C01, V100R006(C00&C01&C03&C05)

S2710SI V100R006(C03&C05)

S2720EI V200R006C10, V200R009C00, V200R010C00,

V200R011C10

S2750EI V200R003C00, V200R005C00SPC300, V200R006C00,

V200R007C00, V200R008C00, V200R009C00,
V200R010C00, V200R011C00, V200R011C10

S3700 S3700SI V100R005C01, V100R006(C00&C01&C03&C05)

S3700EI V100R005C01, V100R006(C00&C01&C03&C05)

S3700HI V100R006C01, V200R001C00

S5700 S5700LI V200R001C00, V200R002C00,

V200R003(C00&C02&C10), V200R005C00SPC300,
V200R006C00, V200R007C00, V200R008C00,
V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5700S-LI V200R001C00, V200R002C00, V200R003C00,

V200R005C00SPC300, V200R006C00, V200R007C00,
V200R008C00, V200R009C00, V200R010C00,
V200R011C00, V200R011C10

S5710-C-LI V200R001C00

S5710-X-LI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S5700EI V100R005C01, V100R006(C00&C01),

V200R001(C00&C01), V200R002C00, V200R003C00,
V200R005(C00&C01&C02&C03)

S5700SI V100R005C01, V100R006C00, V200R001C00,

V200R002C00, V200R003C00, V200R005C00

S5710EI V200R001C00, V200R002C00, V200R003C00,

V200R005(C00&C02)

S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10

S5720LI, V200R010C00, V200R011C00, V200R011C10

S5720S-LI

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 126

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Product Product Software Version

Model

S5720SI, V200R008C00, V200R009C00, V200R010C00,

S5720S-SI V200R011C00, V200R011C10

S5700HI V100R006C01, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00SPC500&C01&C02)

S5710HI V200R003C00, V200R005(C00&C02&C03)

S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5730SI V200R011C10

S5730S-EI V200R011C10

S6700 S6700EI V100R006C00, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00&C01&C02)

S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, V200R011C00, V200R011C10

S6720S-LI

S6720SI, V200R011C00, V200R011C10

S6720S-SI

NOTE
To know details about software mappings, see Hardware Query Tool.

Feature Limitations
Configuration Guidelines Before an Eth-Trunk Is Configured
● An Eth-Trunk contains a maximum of 32 member interfaces on the S5720HI,
16 member interfaces on the S1720X, S1720X-E, S5730SI, S5730S-EI, S6720LI,
S6720S-LI, S6720SI, and S6720S-SI, and 8 member interfaces on other models.
● Starting from V200R009, for the S6720EI and S6720S-EI, you can run the
assign trunk { trunk-group group-number | trunk-member member-
number }* command to configure the maximum number of Eth-Trunks and
maximum number of member interfaces in each Eth-Trunk. For details, see
the description of the assign trunk command in "Ethernet Switching
Configuration Commands" in the Command Reference of the corresponding
version. After the configuration, you can run the display trunk configuration
command to check the default specifications of the maximum number of Eth-
Trunks that are supported and maximum number of member interfaces in
each Eth-Trunk, current specifications, and configured specifications.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 127

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

● Some commands (such as port link-type access) and static MAC address
entries cannot be configured on member interfaces of an Eth-Trunk.
Otherwise, errors will be reported.
● An Eth-Trunk cannot be added to another Eth-Trunk.
● Member interfaces of an Eth-Trunk must use the same Ethernet type. For
example, GE electrical and optical interfaces can join the same Eth-Trunk.
● In earlier versions of V200R011C10, interfaces with different rates cannot join
the same Eth-Trunk. In V200R011C10 and later versions, interfaces with
different rates can join the same Eth-Trunk by running mixed-rate link
enable.
● When an Eth-Trunk performs load balancing calculation, the interface rate
cannot be used as the calculation weight. When interfaces with different rates
are added to the same Eth-Trunk, traffic is evenly load balanced on all the
links. Therefore, the bandwidth of member interfaces is calculated by the
minimum rate of the member interfaces in the Eth-Trunk. For example, when
a GE interface and a 10GE interface are added to the same Eth-Trunk, the rate
of the GE interface is used in calculation and the bandwidth of the Eth-Trunk
is 2G.
● Both devices of the Eth-Trunk must use the same number of physical
interfaces, interface rate, duplex mode, and flow control mode.
● If an interface of the local device is added to an Eth-Trunk, an interface of the
remote device directly connected to the interface of the local device must also
be added to the Eth-Trunk so that the two ends can communicate.
● Devices on both ends of an Eth-Trunk must use the same link aggregation
mode.
● When the number of active interfaces falls below the lower threshold, the
Eth-Trunk goes Down. This ensures that the Eth-Trunk has a minimum
available bandwidth.
● In FTTx scenarios of MANs, PPPoE is often used for Internet access. If switches
use link aggregation, when traffic is aggregated, ensure that PPPoE packets
are load balanced. In such scenarios, the S5700EI, S5710EI, S5720EI, S5700HI,
S5710HI, S5720HI, S5730SI, S5730S-EI, S6700EI, S6720EI, S6720S-EI, S6720SI,
S6720S-SI, S6720LI, S6720S-LI are recommended.
In the following scenarios, there are other configuration guidelines in addition to
the preceding ones.

Table 4-5 Configuration guidelines in different scenarios

Usage Scenario Precaution

Switches Are Connected Across a ● The switches at both ends must use
Transmission Device Using Link link aggregation in LACP mode.
Aggregation ● The transmission device between
switches must be configured to
transparently transmit LACPDUs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 128

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Usage Scenario Precaution

Switches Connect to Transmission The link aggregation mode on the

Devices Using Link Aggregation transmission device must be the same
as that of the switch. Configure the
transmission device according to its
operation guide.

A Switch Connects to a Server Using ● Network adapters of the server

Link Aggregation must use the same type.
● The link aggregation modes on the
server and access device must be
consistent.
Intel network adapter is used as an
example. A server often uses static
or IEEE 802.3ad dynamic link
aggregation. When the server uses
static link aggregation, the access
device must use the manual mode.
When the server uses IEEE 802.3ad
dynamic link aggregation, the
access device must use the LACP
mode.
● When a server needs to obtain the
configuration file from the remote
file server through a switch and link
aggregation needs to be used, run
the lacp force-forward command
on the Eth-Trunk of the switch.

Configuration Guidelines After an Eth-Trunk Is Configured

● An Ethernet interface can be added to only one Eth-Trunk. To add an Ethernet
interface to another Eth-Trunk, delete it from the original one first.
● After an interface is added to an Eth-Trunk, only the Eth-Trunk learns MAC
address entries or ARP entries, but the member interface does not.
● Before deleting an Eth-Trunk, delete member interfaces from the Eth-Trunk.
Specifications

Link aggregation modes:

● Manual
● LACP

Link aggregation modes supported by the device:

● Intra-device: Member interfaces of an Eth-Trunk are located on the same

device.
● Inter-stack-device: Member interfaces of an Eth-Trunk are located on member
devices of a stack.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 129

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

● Inter-device: Inter-device link aggregation refers to E-Trunk. E-Trunk allows

links between multiple devices to be aggregated based on LACP.

Load balancing modes supported by the device:

To prevent data packet mis-sequencing, an Eth-Trunk uses flow-based load

balancing.

You can use the following load balancing modes based on actual networking:

● Based on source MAC addresses of packets

● Based on destination MAC addresses of packets
● Based on source IP addresses of packets
● Based on destination IP addresses of packets
● Based on the Exclusive-Or result of source and destination MAC addresses of
packets
● Based on the Exclusive-Or result of source and destination IP addresses of
packets
● Enhanced load balancing: based on VLAN IDs and source physical interface
numbers for Layer 2, IPv4, IPv6, and MPLS packets

4.6 Default Settings for Link Aggregation

Table 4-6 Default setting for link aggregation

Parameter Value

Link aggregation mode Manual mode

Upper threshold for the number of 32 on the S5720HI and 8 on other

active member links models
On the S6720EI, and S6720S-EI, you
can run the assign trunk command to
set the value, and run the display
trunk configuration command to
check the configuration.

Lower threshold for the number of 1

active member links

LACP system priority 32768

LACP interface priority 32768

LACP preemption Disabled

LACP preemption delay 30s

Timeout interval at which LACPDUs 90s

are received

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 130

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

4.7 Configuring Link Aggregation in Manual Mode

4.7.1 (Optional) Setting the Maximum Number of LAGs and

the Maximum Number of Member Interfaces in Each LAG

Context
Generally, a switch supports a fixed maximum number of LAGs and a fixed
maximum number of member interfaces in each LAG. On the S6720EI and
S6720S-EI, you can run the assign trunk command to set the maximum number
of LAGs and the maximum number of member interfaces in each LAG,
implementing flexible networking and meeting various service requirements.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run assign trunk { trunk-group group-number | trunk-member member-

number }*

The maximum number of LAGs and the maximum number of member interfaces
in each LAG are set.

By default, the device supports a maximum of 128 LAGs and 8 member interfaces
in each LAG. member-number can be 8, 16, 32, or 64, and member-number
multiplied by group-number cannot exceed 2048.

● When more than 128 Eth-Trunks or 16 member interfaces are configured

using the assign trunk { trunk-group group-number | trunk-member
member-number } * command, the enhanced mode is used for load balance
known unicast packets by default. If the enhanced mode is not used,
problems such as packet loss and uneven load balancing may occur. The
switch load balances non-known unicast packets based on source and
destination MAC addresses by default.
● If you use the assign trunk command to modify Eth-Trunk specifications, the
existing Eth-Trunk configuration will become invalid or be lost. Exercise
caution when you run the assign trunk command.
– When the configured Eth-Trunk specifications are reduced and the Eth-
Trunks that exceed the specifications are configured, the configuration of
excess Eth-Trunks is invalid.
– When the configured value of group-number is larger than 128 or the
configured value of member-number is larger than 16, the switch can
only use the enhanced mode to load balance known unicast packets. The
common mode is invalid for the known unicast packets.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 131

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

● After the Eth-Trunk specifications are modified, save the configuration and
restart the switch to make the modification take effect.

----End

4.7.2 Creating an LAG

Context
Each LAG corresponds to a logical interface, that is, Eth-Trunk. Before configuring
link aggregation, create an Eth-Trunk.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface eth-trunk trunk-id
An Eth-Trunk is created and the Eth-Trunk interface view is displayed.
The value of trunk-id is as follows.
● S1720GFR, S2750EI, S5700LI, S5700S-LI, and S5710-X-LI: 0-63
● S1720GW, S1720GWR, S1720GW-E, S1720GWR-E, S2720EI, S5720SI, S5720LI,
S5720S-LI, and S5720S-SI: 0-119
● S5720EI, S5720HI, S6720EI, and S6720S-EI: 0-127
● S1720X, S1720X-E, S5730SI, S5730S-EI, S6720SI, S6720S-SI, S6720LI, S6720S-
LI: 0-249
On the S6720EI, and S6720S-EI, you can run the assign trunk command to set the
value, and run the display trunk configuration command to check the
configuration.
If the specified Eth-Trunk already exists, this command directly displays the Eth-
Trunk interface view.

----End

4.7.3 Setting the Manual Load Balancing Mode

Context
Link aggregation can work in manual load balancing mode and LACP mode.
In manual load balancing mode, you must manually create an Eth-Trunk and add
member interfaces to the Eth-Trunk. All active links forward data and evenly load
balance traffic. The manual load balancing mode is used when the peer device
does not support LACP.
If an Eth-Trunk interface has member interfaces, you can switch the Eth-Trunk
interface's working mode between manual mode and LACP mode. However, if the
Eth-Trunk interface is added to an E-Trunk, you cannot change its working mode.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 132

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

To delete existing member interfaces, run the undo eth-trunk command in the
interface view or the undo trunkport interface-type interface-number command
in the Eth-Trunk interface view.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
Step 3 Run mode manual load-balance
A working mode of the Eth-Trunk is configured.
By default, an Eth-Trunk works in manual load balancing mode.
Before configuring an Eth-Trunk, ensure that both ends use the same working
mode. If the local end works in manual load balancing mode, the remote end
must use the manual load balancing mode.

----End

4.7.4 Adding Member Interfaces to an Eth-Trunk

Context
Before adding member interfaces to an Eth-Trunk, you need to learn about the
configuration notes. See 4.5 Licensing Requirements and Limitations for Link
Aggregation.
You can add member interfaces to an Eth-Trunk in the Eth-Trunk interface view or
member interface view.

Procedure
● Add member interfaces to an Eth-Trunk in the Eth-Trunk interface view.
a. Run system-view
The system view is displayed.
b. Run interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
c. (Optional) Run mixed-rate link enable
Interfaces with different rates are allowed to be added to the same Eth-
Trunk.
By default, interfaces with different rates are not allowed to be added to
the same Eth-Trunk.
d. Run trunkport interface-type { interface-number1 [ to interface-
number2 ] } &<1-8> [ mode { active | passive } ]
A member interface is added to the Eth-Trunk.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 133

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

NOTE

When you add member interfaces to an Eth-Trunk in a batch, if one interface

fails to be added to the Eth-Trunk, subsequent interfaces in the batch cannot be
added to the Eth-Trunk.
● Add member interfaces to an Eth-Trunk in the member interface view.
a. Run system-view

The system view is displayed.

b. (Optional) Interfaces with different rates are allowed to be added to the
same Eth-Trunk.
i. Run the interface eth-trunk trunk-id command to enter the Eth-
Trunk interface view.
ii. Run the mixed-rate link enable command to allow the device to
add interfaces with different rates to the same Eth-Trunk.
By default, interfaces with different rates are not allowed to be
added to the same Eth-Trunk.
iii. Run the quit command to return to the system view.
c. Run interface interface-type interface-number

The member interface view is displayed.

d. Run eth-trunk trunk-id [ mode { active | passive } ]

The member interface is added to an Eth-Trunk.

When adding an interface to an Eth-Trunk, pay attention to the following

points:

– An Ethernet interface can be added to only one Eth-Trunk. To add an

Ethernet interface to another Eth-Trunk, delete it from the original one
first.
– After interfaces are added to an Eth-Trunk, the Eth-Trunk learns MAC
addresses and ARP entries but member interfaces do not.
– Before deleting an Eth-Trunk, delete member interfaces from the Eth-
Trunk.

----End

4.7.5 (Optional) Setting the Lower Threshold for the Number

of Active Interfaces

Context
The lower threshold for the number of active interfaces affects the status and
bandwidth of an Eth-Trunk. To ensure that the Eth-Trunk functions properly and is
less affected by member link status changes, set the lower threshold for the
number of active interfaces.

When the number of active interfaces falls below the lower threshold, the Eth-
Trunk goes Down. This ensures that the Eth-Trunk has a minimum available
bandwidth.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 134

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

The upper threshold for the number of active interfaces is inapplicable to the
manual load balancing mode.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
Step 3 Run least active-linknumber link-number
The lower threshold for the number of active interfaces is set.
By default, the lower threshold for the number of active interfaces is 1.
The lower threshold for the number of active interfaces on the local switch can be
different from that on the remote switch.

----End

4.7.6 (Optional) Configuring a Load Balancing Mode

Context
An Eth-Trunk uses flow-based load balancing. Flow-based load balancing ensures
that frames of the same data flow are forwarded on the same physical link.
Different data flows are forwarded on different physical links to implement load
balancing.
You can configure a common load balancing mode in which IP addresses or MAC
addresses of packets are used to load balance packets; you can also configure an
enhanced load balancing mode for Layer 2 packets, IP packets, and MPLS packets.
Load balancing is valid only for outgoing traffic; therefore, the load balancing
modes for the interfaces at both ends of the link can be different and do not
affect each other.
Only the S1720X, S1720X-E, S6720LI, S6720S-LI, S6720SI, S6720S-SI, S5730SI,
S5730S-EI, S5720HI, S5720EI, S6720EI, and S6720S-EI support the enhanced load
balancing mode.
On the S6720EI and S6720S-EI, when more than 16 member interfaces are
configured using the assign trunk { trunk-group group-number | trunk-member
member-number } * command, only the enhanced mode can be used for load
balancing. If the enhanced mode is not used, problems such as packet loss and
uneven load balancing may occur.
If an incorrect load balancing mode is configured, traffic will be unevenly load
balanced among Eth-Trunk member interfaces. The following restrictions apply
when configuring a load balancing mode:
● In practical services, you need to configure a proper load balancing mode
based on traffic characteristics. When a parameter of traffic changes

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 135

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

frequently, you can set the load balancing mode based on this parameter to
ensure that the traffic load is balanced evenly. For example, if IP addresses in
packets change frequently, use the load balancing mode based on dst-ip, src-
ip, or src-dst-ip so that traffic can be properly load balanced among physical
links. If MAC addresses in packets change frequently and IP addresses are
fixed, use the load balancing mode based on dst-mac, src-mac, or src-dst-
mac so that traffic can be properly load balanced among physical links.
● If the majority of service traffic are MPLS packets, you need to set the
enhanced load balancing mode. You can run the mpls field command in the
load balancing profile view to configure the load balancing mode of MPLS
packets.
● On a network where an Eth-Trunk and a stack is configured, if the local-
preference enable command is run to configure an Eth-Trunk interface to
preferentially forward local traffic, traffic arriving at the local device is
preferentially forwarded through Eth-Trunk member interfaces of the local
device. If there is no Eth-Trunk member interface on the local device, traffic is
forwarded through Eth-Trunk member interfaces on another device. This
forwarding mode effectively saves bandwidth resources of member devices in
the stack and improves traffic forwarding efficiency.

Procedure
● Configure a common load balancing mode.
a. Run system-view

The system view is displayed.

b. Run interface eth-trunk trunk-id

The Eth-Trunk interface view is displayed.

c. Run load-balance { dst-ip | dst-mac | src-ip | src-mac | src-dst-ip | src-
dst-mac }

A load balancing mode of the Eth-Trunk is set.

The default load balancing mode is src-dst-ip.

Other load balancing modes are as follows:

▪ dst-ip: based on destination IP addresses

▪ dst-mac: based on destination MAC addresses

▪ src-ip: based on source IP addresses

▪ src-mac: based on source MAC addresses

▪ src-dst-ip: based on the Exclusive-Or result of source and destination

IP addresses

▪ src-dst-mac: based on the Exclusive-Or result of source and

destination MAC addresses

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 136

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

NOTE

The S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E,

S1720X-E, S2750EI, S2720EI, S5700LI, S5700S-LI, S5720LI, S5720S-LI, S6720LI,
S6720S-LI, S5710-X-LI, S5730SI, S5730S-EI, S6720SI, S6720S-SI, S5720SI, and
S5720S-SI use the src-dst-ip in the HASH algorithm for load balancing regardless
of whether you configure this parameter.
On S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E,
S1720X-E, S2750EI, S2720EI, S5700LI, S5700S-LI, S5720LI, S5720S-LI, S6720LI,
S6720S-LI, S5710-X-LI, S5730SI, S5730S-EI, S6720SI, S6720S-SI, S5720SI, and
S5720S-SI, when the load balancing mode of an Eth-Trunk is modified, the
modification takes effect on all Eth-Trunks. The load balancing mode will be set
to the default mode when a new Eth-Trunk is created.
● Configure an enhanced load balancing mode.
a. Run system-view
The system view is displayed.
b. Run load-balance-profile profile-name
A load balancing profile is created and its view is displayed. Only one
load balancing profile can be created.
c. Run the following commands as required. You can configure load
balancing modes for Layer 2 packets, IPv4 packets, IPv6 packets, and
MPLS packets respectively.

▪ Run l2 field [ dmac | l2-protocol | smac | sport | vlan ] *

A load balancing mode of Layer 2 packets is set.

By default, load balancing of Layer 2 packets is based on the source
MAC address (smac) and destination MAC address (dmac).

▪ Run ipv4 field [ dip | l4-dport | l4-sport | protocol | sip | sport |

vlan ] *
A load balancing mode of IPv4 packets is set.
By default, load balancing of IPv4 packets is based on the source IP
address (sip) and destination IP address (dip).

▪ Run ipv6 field [ dip | l4-dport | l4-sport | protocol | sip | sport |

vlan ] *
A load balancing mode of IPv6 packets is set.
By default, load balancing of IPv6 packets is based on the source IP
address (sip) and destination IP address (dip).

▪ Run mpls field [ 2nd-label | dip | dmac | sip | smac | sport | top-
label | vlan ] *
A load balancing mode of MPLS packets is set.
By default, load balancing of MPLS packets is based on the two outer
labels (top-label and 2nd-label) of each packet.
d. Run quit
Return to the system view.
e. Run interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 137

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

f. Run load-balance enhanced profile profile-name

The load balancing profile is applied.
NOTE
The preceding load balancing modes apply only to known unicast traffic. To configure
a load balancing mode for unknown unicast traffic, run the unknown-unicast load-
balance { dmac | smac | smacxordmac | enhanced } command in the system view.
Only S5720EI, S5720HI, S6720EI, and S6720S-EI support load balancing for unknown
unicast traffic.

----End

4.7.7 Verifying the Configuration of Link Aggregation in

Manual Mode

Procedure
● Run the display eth-trunk [ trunk-id [ interface interface-type interface-
number | verbose ] ] command to check the Eth-Trunk configuration.
● Run the display trunkmembership eth-trunk trunk-id command to check
information about Eth-Trunk member interfaces.
● Run the display eth-trunk [ trunk-id ] load-balance command to check the
load balancing mode of the Eth-Trunk.
● Run the display load-balance-profile [ profile-name ] command to check
the load balancing profile of the Eth-Trunk.
----End

4.8 Configuring Link Aggregation in LACP Mode

4.8.1 (Optional) Setting the Maximum Number of LAGs and

the Maximum Number of Member Interfaces in Each LAG

Context
Generally, a switch supports a fixed maximum number of LAGs and a fixed
maximum number of member interfaces in each LAG. On the S6720EI and
S6720S-EI, you can run the assign trunk command to set the maximum number
of LAGs and the maximum number of member interfaces in each LAG,
implementing flexible networking and meeting various service requirements.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run assign trunk { trunk-group group-number | trunk-member member-
number }*

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 138

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

The maximum number of LAGs and the maximum number of member interfaces
in each LAG are set.
By default, the device supports a maximum of 128 LAGs and 8 member interfaces
in each LAG. member-number can be 8, 16, 32, or 64, and member-number
multiplied by group-number cannot exceed 2048.
● When more than 128 Eth-Trunks or 16 member interfaces are configured
using the assign trunk { trunk-group group-number | trunk-member
member-number } * command, the enhanced mode is used for load balance
known unicast packets by default. If the enhanced mode is not used,
problems such as packet loss and uneven load balancing may occur. The
switch load balances non-known unicast packets based on source and
destination MAC addresses by default.
● If you use the assign trunk command to modify Eth-Trunk specifications, the
existing Eth-Trunk configuration will become invalid or be lost. Exercise
caution when you run the assign trunk command.
– When the configured Eth-Trunk specifications are reduced and the Eth-
Trunks that exceed the specifications are configured, the configuration of
excess Eth-Trunks is invalid.
– When the configured value of group-number is larger than 128 or the
configured value of member-number is larger than 16, the switch can
only use the enhanced mode to load balance known unicast packets. The
common mode is invalid for the known unicast packets.
● After the Eth-Trunk specifications are modified, save the configuration and
restart the switch to make the modification take effect.
----End

4.8.2 Creating an LAG

Context
Each LAG corresponds to a logical interface, that is, Eth-Trunk. Before configuring
link aggregation, create an Eth-Trunk.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface eth-trunk trunk-id
An Eth-Trunk is created and the Eth-Trunk interface view is displayed.
The value of trunk-id is as follows.
● S1720GFR, S2750EI, S5700LI, S5700S-LI, and S5710-X-LI: 0-63
● S1720GW, S1720GWR, S1720GW-E, S1720GWR-E, S2720EI, S5720SI, S5720LI,
S5720S-LI, and S5720S-SI: 0-119
● S5720EI, S5720HI, S6720EI, and S6720S-EI: 0-127
● S1720X, S1720X-E, S5730SI, S5730S-EI, S6720SI, S6720S-SI, S6720LI, S6720S-
LI: 0-249

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 139

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

On the S6720EI, and S6720S-EI, you can run the assign trunk command to set the
value, and run the display trunk configuration command to check the
configuration.
If the specified Eth-Trunk already exists, this command directly displays the Eth-
Trunk interface view.

----End

4.8.3 Setting the LACP Mode

Context
Link aggregation can work in manual mode or LACP mode depending on whether
LACP is used.
In LACP mode, you must manually create an Eth-Trunk and add interfaces to the
Eth-Trunk. However, LACP determines active interfaces through negotiation.
If an Eth-Trunk interface has member interfaces, you can switch the Eth-Trunk
interface's working mode between manual mode and LACP mode. However, if the
Eth-Trunk interface is added to an E-Trunk, you cannot change its working mode.
To delete existing member interfaces, run the undo eth-trunk command in the
interface view or the undo trunkport interface-type interface-number command
in the Eth-Trunk interface view.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
Step 3 Run mode lacp
A working mode of the Eth-Trunk is configured.
By default, an Eth-Trunk works in manual mode.
Before configuring an Eth-Trunk, ensure that both ends use the same working
mode. If the local end works in LACP mode, the remote end must use the LACP
mode.

----End

4.8.4 Adding Member Interfaces to an Eth-Trunk

Context
Before adding member interfaces to an Eth-Trunk, you need to learn about the
configuration notes. See 4.5 Licensing Requirements and Limitations for Link
Aggregation.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 140

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

You can add member interfaces to an Eth-Trunk in the Eth-Trunk interface view or
member interface view.

Procedure
● Add member interfaces to an Eth-Trunk in the Eth-Trunk interface view.
a. Run system-view

The system view is displayed.

b. Run interface eth-trunk trunk-id

The Eth-Trunk interface view is displayed.

c. (Optional) Run mixed-rate link enable

Interfaces with different rates are allowed to be added to the same Eth-
Trunk.

By default, interfaces with different rates are not allowed to be added to

the same Eth-Trunk.
d. Run trunkport interface-type { interface-number1 [ to interface-
number2 ] } &<1-8> [ mode { active | passive } ]

A member interface is added to the Eth-Trunk.

NOTE

When you add member interfaces to an Eth-Trunk in a batch, if one interface

fails to be added to the Eth-Trunk, subsequent interfaces in the batch cannot be
added to the Eth-Trunk.
● Add member interfaces to an Eth-Trunk in the member interface view.
a. Run system-view

The system view is displayed.

b. (Optional) Interfaces with different rates are allowed to be added to the
same Eth-Trunk.
i. Run the interface eth-trunk trunk-id command to enter the Eth-
Trunk interface view.
ii. Run the mixed-rate link enable command to allow the device to
add interfaces with different rates to the same Eth-Trunk.
By default, interfaces with different rates are not allowed to be
added to the same Eth-Trunk.
iii. Run the quit command to return to the system view.
c. Run interface interface-type interface-number

The member interface view is displayed.

d. Run eth-trunk trunk-id [ mode { active | passive } ]

The member interface is added to an Eth-Trunk.

When adding an interface to an Eth-Trunk, pay attention to the following

points:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 141

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

– An Ethernet interface can be added to only one Eth-Trunk. To add an

Ethernet interface to another Eth-Trunk, delete it from the original one
first.
– After interfaces are added to an Eth-Trunk, the Eth-Trunk learns MAC
addresses and ARP entries but member interfaces do not.
– Before deleting an Eth-Trunk, delete member interfaces from the Eth-
Trunk.

----End

4.8.5 (Optional) Setting the Upper and Lower Thresholds for

the Number of Active Interfaces

Context
The number of Up member links affects the status and bandwidth of an Eth-
Trunk. To ensure that the Eth-Trunk functions properly and is less affected by
member link status changes, set the following thresholds.

● Lower threshold for the number of active interfaces: When the number of
active interfaces falls below this threshold, the Eth-Trunk goes Down. This
guarantees the Eth-Trunk a minimum available bandwidth.
● Upper threshold for the number of active interfaces: It is used for improving
network reliability with assured bandwidth. When the number of active
interfaces reaches this threshold, you can add new member interfaces to the
Eth-Trunk, but excess member interfaces enter the Down state.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface eth-trunk trunk-id

The Eth-Trunk interface view is displayed.

Step 3 Run least active-linknumber link-number

The lower threshold for the number of active interfaces is set.

By default, the lower threshold for the number of active interfaces is 1.

The lower threshold for the number of active interfaces on the local device can be
different from that on the remote device. If the two values are different, the larger
one is used.

Step 4 Run max active-linknumber link-number

The upper threshold for the number of active interfaces is set.

By default, the upper threshold for the number of active interfaces in an Eth-Trunk
is 32 on the S5720HI, 16 on the S1720X, S1720X-E, S5730SI, S5730S-EI, S6720LI,
S6720S-LI, S6720SI, and S6720S-SI, and 8 on other models.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 142

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

On the S6720EI, and S6720S-EI, you can run the assign trunk command to set the
value, and run the display trunk configuration command to check the
configuration.

The upper thresholds configured by the max active-linknumber command on

both ends must be the same; otherwise, the Eth-Trunk status flaps if an active
interface fails.

The upper threshold for the number of active interfaces must be greater than or
equal to the lower threshold for the number of active interfaces.

Step 5 (Optional) Run load-distribution active-linknumber-change link-number1 to

link-number2
The number of interfaces in an Eth-Trunk where load balancing calculation is
performed is configured.

By default, the number of interfaces in an Eth-Trunk where load balancing

calculation is performed is the number of active interfaces of the device.

If the number of active interfaces is smaller than 8 and traffic on an Eth-Trunk is

unevenly load balanced, you can run the load-distribution active-linknumber-
change command to increase the number of interfaces in the Eth-Trunk where
load balancing calculation is performed so that traffic can be better load balanced
among active links.Only the S1720GFR, S1720GW, S1720GWR, S1720GW-E,
S1720GWR-E, S2720EI, S2750EI, S5700LI, S5700S-LI, S5710-X-LI, S5720LI, S5720S-
LI, S5720SI, and S5720S-SI support this command.

NOTE

● The load-distribution active-linknumber-change link-number1 to link-number2

command with different values of link-number1 can be configured repeatedly. When the
number of active interfaces is the same as the value of link-number1, the configuration
takes effect. If the load-distribution active-linknumber-change link-number1 to link-
number2 command with the same value of link-number1 is configured, only the latest
configuration takes effect.
● When an inter-device Eth-Trunk is configured in a iStack and the local-preference
enable command is used to configure an Eth-Trunk to preferentially forward local
traffic, the number of interfaces in the Eth-Trunk where load balancing calculation is
performed is the number of active interfaces.

----End

4.8.6 (Optional) Configuring a Load Balancing Mode

Context
An Eth-Trunk uses flow-based load balancing. Flow-based load balancing ensures
that frames of the same data flow are forwarded on the same physical link.
Different data flows are forwarded on different physical links to implement load
balancing.

You can configure a common load balancing mode in which IP addresses or MAC
addresses of packets are used to load balance packets; you can also configure an
enhanced load balancing mode for Layer 2 packets, IP packets, and MPLS packets.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 143

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Load balancing is valid only for outgoing traffic; therefore, the load balancing
modes for the interfaces at both ends of the link can be different and do not
affect each other.
Only the S1720X, S1720X-E, S6720LI, S6720S-LI, S6720SI, S6720S-SI, S5730SI,
S5730S-EI, S5720HI, S5720EI, S6720EI, and S6720S-EI support the enhanced load
balancing mode.
On the S6720EI and S6720S-EI, when more than 16 member interfaces are
configured using the assign trunk { trunk-group group-number | trunk-member
member-number } * command, only the enhanced mode can be used for load
balancing. If the enhanced mode is not used, problems such as packet loss and
uneven load balancing may occur.
If an incorrect load balancing mode is configured, traffic will be unevenly load
balanced among Eth-Trunk member interfaces. The following restrictions apply
when configuring a load balancing mode:
● In practical services, you need to configure a proper load balancing mode
based on traffic characteristics. When a parameter of traffic changes
frequently, you can set the load balancing mode based on this parameter to
ensure that the traffic load is balanced evenly. For example, if IP addresses in
packets change frequently, use the load balancing mode based on dst-ip, src-
ip, or src-dst-ip so that traffic can be properly load balanced among physical
links. If MAC addresses in packets change frequently and IP addresses are
fixed, use the load balancing mode based on dst-mac, src-mac, or src-dst-
mac so that traffic can be properly load balanced among physical links.
● If the majority of service traffic are MPLS packets, you need to set the
enhanced load balancing mode. You can run the mpls field command in the
load balancing profile view to configure the load balancing mode of MPLS
packets.
● On a network where an Eth-Trunk and a stack is configured, if the local-
preference enable command is run to configure an Eth-Trunk interface to
preferentially forward local traffic, traffic arriving at the local device is
preferentially forwarded through Eth-Trunk member interfaces of the local
device. If there is no Eth-Trunk member interface on the local device, traffic is
forwarded through Eth-Trunk member interfaces on another device. This
forwarding mode effectively saves bandwidth resources of member devices in
the stack and improves traffic forwarding efficiency.

Procedure
● Configure a common load balancing mode.
a. Run system-view
The system view is displayed.
b. Run interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
c. Run load-balance { dst-ip | dst-mac | src-ip | src-mac | src-dst-ip | src-
dst-mac }
A load balancing mode of the Eth-Trunk is set.
The default load balancing mode is src-dst-ip.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 144

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Other load balancing modes are as follows:

▪ dst-ip: based on destination IP addresses

▪ dst-mac: based on destination MAC addresses

▪ src-ip: based on source IP addresses

▪ src-mac: based on source MAC addresses

▪ src-dst-ip: based on the Exclusive-Or result of source and destination

IP addresses

▪ src-dst-mac: based on the Exclusive-Or result of source and

destination MAC addresses
NOTE

The S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E,

S1720X-E, S2750EI, S2720EI, S5700LI, S5700S-LI, S5720LI, S5720S-LI, S6720LI,
S6720S-LI, S5710-X-LI, S5730SI, S5730S-EI, S6720SI, S6720S-SI, S5720SI, and
S5720S-SI use the src-dst-ip in the HASH algorithm for load balancing regardless
of whether you configure this parameter.
On S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E,
S1720X-E, S2750EI, S2720EI, S5700LI, S5700S-LI, S5720LI, S5720S-LI, S6720LI,
S6720S-LI, S5710-X-LI, S5730SI, S5730S-EI, S6720SI, S6720S-SI, S5720SI, and
S5720S-SI, when the load balancing mode of an Eth-Trunk is modified, the
modification takes effect on all Eth-Trunks. The load balancing mode will be set
to the default mode when a new Eth-Trunk is created.
● Configure an enhanced load balancing mode.
a. Run system-view
The system view is displayed.
b. Run load-balance-profile profile-name
A load balancing profile is created and its view is displayed. Only one
load balancing profile can be created.
c. Run the following commands as required. You can configure load
balancing modes for Layer 2 packets, IPv4 packets, IPv6 packets, and
MPLS packets respectively.

▪ Run l2 field [ dmac | l2-protocol | smac | sport | vlan ] *

A load balancing mode of Layer 2 packets is set.

By default, load balancing of Layer 2 packets is based on the source
MAC address (smac) and destination MAC address (dmac).

▪ Run ipv4 field [ dip | l4-dport | l4-sport | protocol | sip | sport |

vlan ] *
A load balancing mode of IPv4 packets is set.
By default, load balancing of IPv4 packets is based on the source IP
address (sip) and destination IP address (dip).

▪ Run ipv6 field [ dip | l4-dport | l4-sport | protocol | sip | sport |

vlan ] *
A load balancing mode of IPv6 packets is set.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 145

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

By default, load balancing of IPv6 packets is based on the source IP

address (sip) and destination IP address (dip).

▪ Run mpls field [ 2nd-label | dip | dmac | sip | smac | sport | top-
label | vlan ] *
A load balancing mode of MPLS packets is set.
By default, load balancing of MPLS packets is based on the two outer
labels (top-label and 2nd-label) of each packet.
d. Run quit
Return to the system view.
e. Run interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
f. Run load-balance enhanced profile profile-name
The load balancing profile is applied.
NOTE
The preceding load balancing modes apply only to known unicast traffic. To configure
a load balancing mode for unknown unicast traffic, run the unknown-unicast load-
balance { dmac | smac | smacxordmac | enhanced } command in the system view.
Only S5720EI, S5720HI, S6720EI, and S6720S-EI support load balancing for unknown
unicast traffic.

----End

4.8.7 (Optional) Setting the LACP System Priority

Context
LACP system priority differentiates priorities of devices at both ends. In LACP
mode, active interfaces selected by devices at both ends must be consistent;
otherwise, the LAG cannot be set up. To keep active interfaces consistent at both
ends, you can set the priority of one device to be higher than that of the other
device so that the other device can select active interfaces according to those
selected by the device with a higher priority.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run lacp priority priority
The LACP system priority is set.
A smaller LACP priority value indicates a higher priority. By default, the LACP
system priority is 32768.
The end with a smaller priority value functions as the Actor. If the two ends have
the same priority, the end with a smaller MAC address functions as the Actor.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 146

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

4.8.8 (Optional) Setting the LACP Interface Priority

Context
In LACP mode, LACP interface priorities are set to prioritize interfaces of the same
device. Interfaces with higher priorities are selected as active interfaces.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The member interface view is displayed.

Step 3 Run lacp priority priority

The LACP priority of the member interface is configured.

By default, the LACP interface priority is 32768. A smaller priority value indicates a
higher LACP priority.

By default, the system selects active interfaces based on interface priorities.

However, low-speed member interfaces with high priorities may be selected as
active interfaces. To select high-speed member interfaces as active interfaces, run
the lacp selected { priority | speed } command to configure the system to select
active interfaces based on the interface rate.

NOTE
If the max active-linknumber link-number command is run in the Eth-Trunk interface view,
you need to run the lacp preempt enable command to enable LACP preemption on the
current Eth-Trunk interface. Otherwise, interfaces with high LACP priorities may fail to be
selected as active interfaces.

----End

4.8.9 (Optional) Configuring LACP Preemption

Context
The LACP preemption function ensures that the interface with the highest LACP
priority always functions as an active interface. For example, the interface with the
highest priority becomes inactive due to a failure. If LACP preemption is enabled,
the interface becomes active again after it recovers; if LACP preemption is
disabled, the interface cannot become active interface after it recovers.

The LACP preemption delay is the period during which an inactive interface
switches to active. The LACP preemption delay prevents unstable data
transmission on an Eth-Trunk link due to frequent status changes of some links.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 147

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface eth-trunk trunk-id

The Eth-Trunk interface view is displayed.

Step 3 Run lacp preempt enable

LACP preemption is enabled.

By default, LACP preemption is disabled. To ensure normal running of an Eth-

Trunk, enable or disable LACP preemption at both ends of the Eth-Trunk.

Step 4 Run lacp preempt delay delay-time

The LACP preemption delay is set.

By default, the LACP preemption delay is 30 seconds. If both devices of an Eth-

Trunk use different preemption delays, a longer preemption delay is used.

----End

4.8.10 (Optional) Setting the Timeout Interval for Receiving

LACPDUs

Context
If the Eth-Trunk on the local device cannot detect a self-loop or fault that occurred
on a member interface in the LAG on the remote device, data on the local device
is still load balanced among original active interfaces. As a result, data traffic on
the faulty link is discarded.

After the timeout interval at which LACPDUs are received is set, if a local member
interface does not receive any LACPDUs within the configured timeout interval,
the local member interface becomes Down immediately and no longer forwards
data.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface eth-trunk trunk-id

The Eth-Trunk interface view is displayed.

Step 3 Run lacp timeout { fast [ user-defined user-defined ] | slow }

The timeout interval at which LACPDUs are received is set.

By default, the timeout interval at which an Eth-Trunk receives LACPDUs is 90

seconds.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 148

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

● After you run the lacp timeout command, the local end notifies the remote
end of the timeout interval by sending LACPDUs. When fast is specified, the
interval for sending LACPDUs is 1 second. When slow is specified, the interval
for sending LACPDUs is 30 seconds.
● The timeout interval for receiving LACPDUs is three times the interval for
sending LACPDUs. When fast is specified, the timeout interval for receiving
LACPDUs is 3 seconds. When slow is specified, the timeout interval for
receiving LACPDUs is 90 seconds.
● You can use different modes of the timeout interval at the two ends.
However, to facilitate maintenance, you are advised to use the same mode at
both ends.
● Each member interface in an Eth-Trunk processes a maximum of 20 LACPDUs
every second; a switch processes a maximum of 100 LACPDUs every second.
Extra LACPDUs are discarded.

----End

4.8.11 (Optional) Configuring an Eth-Trunk Member Interface

on a Switch Directly Connected to a Server to Forward
Packets

Context

Figure 4-19 A switch directly connects to a server

Server Switch Gateway File server

Interface1

Interface2

In Figure 4-19, two interfaces of two network adapters on a server are directly
connected to a switch. The switch is configured with an Eth-Trunk in LACP mode.
The process on the server is as follows:
1. The server configures an IP address for Interface1 based the default
configuration during startup, and sends a request to the remote file server
through Interface1 and downloads the configuration file from the remote file
server.
2. After the configuration file is downloaded successfully, the server aggregates
two interfaces according to the configuration file. The server uses the two
interfaces as Eth-Trunk member interfaces to perform LACP negotiation with
the switch.
Before the server obtains the configuration file, Interface1 is an independent
physical interface and is not configured with LACP. As a result, LACP negotiation
on the switch interface fails. The switch does not forward traffic on the Eth-Trunk,
and the server cannot download the configuration file through Interface1. In this
case, the server cannot communicate with the switch.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 149

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

To address this issue, run the lacp force-forward command on the Eth-Trunk of
the switch. The Eth-Trunk member interface in Up state can still forward data
packets even though the remote device is not enabled with LACP.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface eth-trunk trunk-id

The Eth-Trunk interface view is displayed.

Step 3 Run lacp force-forward

The Eth-Trunk member interface in Up state is configured to forward data packets

when the remote interface does not join the Eth-Trunk.

By default, an Eth-Trunk member interface in Up state cannot forward data

packets when the remote interface does not join the Eth-Trunk.

NOTE

● With this command configured, an Eth-Trunk interface does not support Layer 3 forwarding
and cannot be used to forward packets sent to the CPU. Only member interfaces in the
ForceFwd state can forward Layer 2 traffic through hardware forwarding. The ForceFwd state
is automatically set when LACP negotiation fails, and cannot be changed manually. You can
use the display eth-trunk command to check the value of the Status field.
● This command applies to only the scenario where an Eth-Trunk joins a VLAN as an access,
hybrid, trunk, and dot1q-tunnel interfaces.
● When a spanning tree protocol (for example, STP, RSTP, or MSTP) is used, the member
interface in ForceFwd state cannot be blocked. That is, the member interface in ForceFwd
state can continue to forward data packets. When other loop prevention protocols such as
ERPS and RRPP are used, the member interface in ForceFwd state can be blocked. The
blocked member interface in ForceFwd state cannot forward data packets.
● This command cannot be used with E-Trunk. That is, this command cannot be used on the
Eth-Trunk that joins an E-Trunk.
● This command cannot be used with max active-linknumber or least active-linknumber.

----End

4.8.12 Verifying the Configuration of Link Aggregation in

LACP Mode

Procedure
● Run the display eth-trunk [ trunk-id [ interface interface-type interface-
number | verbose ] ] command to check the Eth-Trunk configuration.
● Run the display trunkmembership eth-trunk trunk-id command to check
information about Eth-Trunk member interfaces.
● Run the display eth-trunk [ trunk-id ] load-balance command to check the
load balancing mode of the Eth-Trunk.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 150

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

● Run the display load-balance-profile [ profile-name ] command to check

the load balancing profile of the Eth-Trunk.

----End

4.9 Associating the Secondary Member Interface of an

Eth-Trunk Interface in LACP Mode with Its Primary
Member Interface

Prerequisites
NOTE

Only the S5720HI supports this configuration.

● Link aggregation in LACP mode has been configured, and the maximum
number of active links at both ends is 1 and two member interfaces have
been added to the Eth-Trunk at both ends. For details, see 4.8 Configuring
Link Aggregation in LACP Mode.
● Basic Y.1731 configurations have been completed, including the Maintenance
Association (MA), Maintenance Domain (MD), Maintenance Association End
Point (MEP), and test instance. For details, see Y.1731 Configuration in S1720,
S2700, S5700, and S6720 V200R011C10 Configuration Guide - Reliability. In
this scenario, note the following points:
– The map vlan vlan-id command cannot be used to bind an MA to a
VLAN.
– Only the outward-facing MEP can be created.

Context
As shown in Figure 4-20, when no service is bound to the MA, an Eth-Trunk
interface in LACP mode is configured on two devices. interface1 where the MEP
resides is the interface of the Eth-Trunk interface's primary link. Configure
thresholds for the delay and frame loss ratio on interface1. If Y.1731 detects that
the primary link has poor quality, interface1 is triggered to go ETHOAM down. To
ensure that services are not interrupted, associate the secondary member interface
of the Eth-Trunk interface in LACP mode with its primary member interface. The
secondary link then preempts the primary state, implementing an automatic
primary/secondary link switchover.

When the primary link's quality recovers, you can manually enable forcible
switching if no preemption is configured or preemption is enabled but the delay is
not reached.

Figure 4-20 Eth-Trunk interface in LACP mode

Interface1 Interface1
Public
network
Interface2 Interface2
Device1 Device2

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 151

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The primary member interface view of an Eth-Trunk interface's Actor is displayed.
Step 3 Run the following commands to configure an interface based on site
requirements.
1. Run delay-measure two-way { delay-threshold | variation-threshold } test-
id test-id trigger if-down
The interface is triggered to go ETHOAM down when the delay or delay
variation based on a test instance ID exceeds a specified threshold.
2. Run loss-measure single-ended-synthetic { local-ratio-threshold | remote-
ratio-threshold } test-id test-id trigger if-down
The interface is triggered to go ETHOAM down when the near- or far-end
frame loss ratio based on a test instance ID exceeds a specified threshold.
Step 4 Run quit
Return to the system view.
Step 5 Run interface interface-type interface-number
The secondary member interface view of an Eth-Trunk interface's Actor is
displayed.
Step 6 Run lacp track interface interface-type interface-number priority-reduced value
The secondary member interface is associated with the primary member interface,
and the priority of the secondary member interface is dynamically changed.
When the primary link's quality recovers, run the lacp force-switch command in
the Eth-Trunk interface view to enable forcible switching if no preemption is
configured or preemption is enabled but the delay is not reached.

----End

4.10 Configuring Preferential Forwarding of Local

Traffic in a Stack

Context
You can configure an Eth-Trunk to preferentially forward local traffic (or not) in
the following scenarios:
● If active interfaces in the local Eth-Trunk have sufficient bandwidth to forward
traffic on the local device, configure the Eth-Trunk to preferentially forward
local traffic, which improves traffic forwarding efficiency and increases
bandwidth use efficiency between stack devices.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 152

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

● If active interfaces in the local Eth-Trunk do not have sufficient bandwidth to

forward traffic on the local device, configure the Eth-Trunk not to
preferentially forward local interface traffic. Some traffic on the local device is
forwarded through member interfaces of an Eth-Trunk on another device. This
prevents packet loss.
NOTE

The S1720GFR, S5700S-28P-LI-AC, and S5700S-52P-LI-AC do not support this configuration.

Pre-configuration Tasks
Before configuring an Eth-Trunk to preferentially forward local traffic, complete
the following tasks:

● Create an Eth-Trunk and add physical interfaces to the Eth-Trunk.

● Establish a stack
.
● Ensure that member interfaces of the local Eth-Trunk have sufficient
bandwidth to forward local traffic.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface eth-trunk trunk-id

The view of the Eth-Trunk that needs to be configured to preferentially forward

local traffic is displayed.

Step 3 Run local-preference enable

The Eth-Trunk is configured to preferentially forward local traffic.

By default, an Eth-Trunk forwards traffic preferentially through local member

interfaces.

NOTE
This function is only valid for known unicast packets, and is invalid for unknown unicast
packets, broadcast packets, and multicast packets.

----End

4.11 Creating an Eth-Trunk Sub-interface

Context
If Layer 2 switching devices belong to different VLANs, and hosts in the VLANs
need to communicate with each other, you need to create sub-interfaces on the
Eth-Trunk connecting a Layer 3 device to a Layer 2 switching device, bind a VLAN
to each sub-interface, and configure an IP address for each sub-interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 153

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

After the configuration is complete, hosts in the VLANs can use these sub-
interfaces to communicate with each other. Eth-Trunk sub-interfaces can be
configured to terminate Dot1q and QinQ VLAN tags.
After Layer 2 Eth-Trunk sub-interfaces are configured, the Eth-Trunk provides Layer
2 functions and the sub-interfaces provide Layer 3 functions.

NOTE

Only the S5720EI, S5720HI, S6720EI, and S6720S-EI support the Eth-Trunk sub-interface.

Figure 4-21 Typical application scenario of Layer 2 Eth-Trunk sub-interfaces

VPLS/MPLS/IP
PE1 PE2

Eth-Trunk
Sub-interface
Eth-Trunk

CE1 CE2

S1 S2 S3 S4

VLAN VLAN

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface eth-trunk trunk-id
An Eth-Trunk is created and the Eth-Trunk interface view is displayed.
Step 3 Run quit
The system view is displayed.
Step 4 Run interface eth-trunk trunk-id.subnumber
An Eth-Trunk sub-interface is created.
subnumber specifies the number of a sub-interface. The value ranges from 1 to
4096.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 154

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

NOTE

● Only the S6720EI, S6720S-EI, S5720HI, and S5720EI support Ethernet sub-interfaces.
● Only hybrid and trunk interfaces on the preceding switches support Ethernet sub-
interface configuration.
● After you run the undo portswitch command to switch Layer 2 interfaces on the
preceding series of switches into Layer 3 interfaces, you can configure Ethernet sub-
interfaces on the interfaces.
● After an interface is added to an Eth-Trunk, sub-interfaces cannot be configured on the
interface.
● VLAN termination sub-interfaces cannot be created on a VCMP client.

Step 5 Run ip address ip-address { mask | mask-length } [ sub ]

An IP address is configured for the sub-interface.
When configuring multiple IP addresses for an Eth-Trunk sub-interface, use the
sub keyword to indicate the IP addresses configured after the first one.

----End

4.12 Configuring an E-Trunk

NOTE

Only the S1720X, S1720X-E, S5720SI, S5720S-SI, S5720EI, S5720HI, S5730SI, S5730S-EI,
S6720LI, S6720S-LI, S6720SI, S6720S-SI, S6720EI, and S6720S-EI support the E-Trunk.

4.12.1 Setting the LACP System ID and LACP Priority of an E-

Trunk
Context
In an E-Trunk, the two PEs must be configured with the same LACP system ID and
priority so that the CE considers the two PEs as one device.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run lacp e-trunk system-id mac-address
The LACP system ID is set for the E-Trunk.
By default, the MAC address of an Ethernet interface is used as the LACP system
ID.
The master and backup devices in an E-Trunk must use the same LACP system ID.
Step 3 Run lacp e-trunk priority priority
The LACP priority of an E-Trunk member is set.
By default, the LACP priority of an E-Trunk member is 32768.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 155

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

The master and backup devices in an E-Trunk must use the same LACP priority.

----End

4.12.2 Creating an E-Trunk and Setting the E-Trunk Priority

Context
The E-Trunk priority determines whether an E-Trunk member device is the master
or backup device.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run e-trunk e-trunk-id
An E-Trunk is created and the E-Trunk view is displayed or the view of an existing
E-Trunk view is directly displayed.
The member devices in an E-Trunk must be configured with the same E-Trunk ID.
A maximum of 16 E-Trunks can be created on a device.
Step 3 Run priority priority
The E-Trunk priority is set.
The E-Trunk priority is used for master/backup negotiation between two devices.
The device with a higher priority is the master. A smaller priority value indicates a
higher E-Trunk priority.
If the two devices have the same priority, the device with a smaller system ID is
the master.
By default, the E-Trunk priority of a member device is 100.

----End

4.12.3 Configuring Local and Remote IP Addresses of an E-

Trunk
Context
E-Trunk packets are sent with the source IP address and protocol port number
configured on the local device. When you change the local or remote IP address
on a device, you must change the corresponding address on the remote device.
Otherwise, protocol packets are discarded.

Procedure
Step 1 Run system-view
The system view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 156

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Step 2 Run e-trunk e-trunk-id

The E-Trunk view is displayed.

Step 3 Run peer-address peer-ip-address source-address source-ip-address

The local and remote IP addresses of the E-Trunk are configured.

The remote IP address of the local device must be the same as the local IP address
of the remote device. For example, when an E-Trunk is created between device A
and device B and the local and remote IP addresses on device A are 10.1.1.1 and
10.2.2.2 respectively, the local and remote IP addresses on device B must be
10.2.2.2 and 10.1.1.1 respectively.

----End

4.12.4 Binding an E-Trunk to a BFD Session

Context
When the local device of an E-Trunk cannot rapidly detect whether the remote
device is faulty by sending E-Trunk packets, it can use the Bidirectional Fast
Detection (BFD) protocol to quickly detect faults on the remote device. You need
to specify the remote IP address on the local device and create a BFD session to
check the reachability of the route to the remote device. The E-Trunk then can
detect faults reported by the BFD session and the device can handle the faults
quickly.

NOTE

Only the S5720SI, S5720S-SI, S5730SI, S5730S-EI, S6720SI, S6720S-SI, S5720EI, S5720HI,
S6720EI, and S6720S-EI support this function.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run e-trunk e-trunk-id

The E-Trunk view is displayed.

Step 3 Run e-trunk track bfd-session session-name bfd-session-name

The E-Trunk is bound to a BFD session.

BFD sessions are used to fast detect faults of link between the two E-Trunk
member devices.

When a BFD session is bound with E-Trunk, the system does not allow the bound
BFD session to be deleted by default. To delete the bound BFD session, run the
bfd session nonexistent-config-check disable command to disable the device
from checking whether the bound BFD session is deleted.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 157

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

4.12.5 Adding an Eth-Trunk to an E-Trunk

Context
After you configure an E-Trunk, add Eth-Trunks to the E-Trunk. Then the E-Trunk
implements backup of LAGs between the two member devices to enhance
network reliability.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
Only Eth-Trunks in LACP mode can be added to an E-Trunk.
Step 3 Run e-trunk e-trunk-id [ remote-eth-trunk eth-trunk-id ]
The Eth-Trunk is added to an E-Trunk.
An Eth-Trunk can be added to only one E-Trunk.
On two E-Trunk member devices, the IDs of the Eth-Trunks added to the E-Trunk
can be different. When adding Eth-Trunks with different IDs in LACP mode on PEs
to an E-Trunk, you must specify remote-eth-trunk so that the E-Trunk can work
normally.

----End

4.12.6 (Optional) Configuring the Working Mode of an Eth-

Trunk in an E-Trunk
Context
You can configure the working mode for only the Eth-Trunks that have been
added to an E-Trunk. The working mode of an Eth-Trunk can be automatic, forced
master, or forced backup.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
Only Eth-Trunks in LACP mode can be added to an E-Trunk.
Step 3 Run e-trunk mode { auto | force-master | force-backup }
A working mode of the Eth-Trunk in the E-Trunk is configured.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 158

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

By default, an Eth-Trunk in an E-Trunk works in automatic mode.

The e-trunk mode command is valid only for the Eth-Trunk in an E-Trunk. When
the Eth-Trunk is deleted from the E-Trunk, the configuration is deleted
automatically.

When an Eth-Trunk works in automatic mode, its master/backup status depends

on the E-Trunk status of the local device and fault information of the remote Eth-
Trunk.
● If the local E-Trunk is the master, the local Eth-Trunk works in master state.
● If the local E-Trunk is the backup and the remote member Eth-Trunk fails, the
local Eth-Trunk works in master state. When the local Eth-Trunk receives a
notification that the remote Eth-Trunk has recovered, the local Eth-Trunk
becomes the backup.

NOTE

During E-Trunk running, changing the hello packet sending interval or timeout interval will
cause the E-Trunk to alternate between the master and the backup. Before changing the hello
packet sending interval or timeout interval, you are advised to configure member Eth-Trunks to
work in forcible master/backup state. After the new configuration takes effect, restore the
working mode to automatic.

----End

4.12.7 (Optional) Setting the Password for Encrypting Packets

Context
You can set a password for encrypting E-Trunk packets transmitted over an E-Trunk
link to enhance system security. The two member devices of an E-Trunk must use
the same password.

You can set a password in plain text or cipher text.

● The plain text password is displayed in plain text in the configuration file.
● The cipher text password is displayed as unidentifiable characters.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run e-trunk e-trunk-id

The E-Trunk view is displayed.

Step 3 Run security-key { simple simple-key | cipher cipher-key }

The password for encrypting packets is configured.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 159

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

NOTICE

If simple is specified, the password is saved in plain text in the configuration file.
In this case, lower-level users can obtain the password by querying the
configuration file, which poses a security risk. You are advised to specify cipher so
that the password is saved in cipher text.
To ensure device security, change the password periodically.

----End

4.12.8 (Optional) Setting the Timeout Interval of Hello

Packets
Context
If the backup device in an E-Trunk does not receive any hello packet from the
master device within the timeout interval, the back device becomes the master.
The timeout interval is specified in the hello packets sent by the remote device but
not the timeout interval configured on the local device.

NOTE

During E-Trunk running, changing the hello packet sending interval or timeout interval will
cause the E-Trunk to alternate between the master and the backup. Before changing the hello
packet sending interval or timeout interval, you are advised to configure member Eth-Trunks to
work in forcible master/backup state. After the new configuration takes effect, restore the
working mode to automatic.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run e-trunk e-trunk-id

The E-Trunk view is displayed.

Step 3 Run timer hello hello-times

The interval for sending hello packets is set.

By default, the value of hello-times is 10. The unit is 100 ms, so the default
interval is 1s.

Step 4 Run timer hold-on-failure multiplier multiplier

The time multiplier for detecting hello packets is set.

The remote device checks the timeout interval in the received hello packet to
check whether the local device times out. If the remote device is the backup and
does not receive hello packets from the local device within the timeout interval,
the remote device becomes the master.

The timeout interval is calculated using the following formula:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 160

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Timeout interval = Interval for sending hello packets x Time multiplier

The default time multiplier is 20. It is recommended that you set the time
multiplier to 3 or more.

----End

4.12.9 (Optional) Setting the Revertive Switching Delay

Context
In a scenario where an E-Trunk works with other services, a member Eth-Trunk
may be restored earlier than other services after the faulty master device recovers.
If traffic is immediately switched back to the master device, service traffic will be
interrupted.

Setting the revertive switching delay prevents this problem. After the revertive
switching delay is set, the local Eth-Trunk becomes Up only after the delay timer
expires. Then the local device becomes the master again.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run e-trunk e-trunk-id

The E-Trunk view is displayed.

Step 3 Run timer revert delay delay-value

The revertive switching delay is set.

By default, the revertive switching delay is 120 seconds.

----End

4.12.10 (Optional) Disabling Revertive Switching on an E-

Trunk

Context
On devices of an E-Trunk, disable revertive switching on the E-Trunk when the
faulty master device recovers to prevent loss of traffic that is switched back.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run e-trunk e-trunk-id

The E-Trunk view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 161

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Step 3 Run revert disable

Revertive switching is disabled on the E-Trunk.
By default, revertive switching is enabled on an E-Trunk.

----End

4.12.11 (Optional) Configuring the E-Trunk Sequence Number

Check Function
Context
If the master device in an E-Trunk fails, to prevent an attacker from obtaining the
E-Trunk packet sent by the master device and attacking the backup device, enable
the E-Trunk sequence number check function.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run e-trunk e-trunk-id
The E-Trunk view is displayed.
Step 3 Run sequence enable
The E-Trunk sequence number check function is enabled on the E-Trunk.
By default, the E-Trunk sequence number check function is disabled.
The sequence enable command must be run on both the master and backup
devices in an E-Trunk. Otherwise, the E-Trunk sequence number check function
fails, causing dual master devices in the E-Trunk.

----End

4.12.12 Verifying the E-Trunk Configuration

Procedure
● Run the display e-trunk e-trunk-id command to check E-Trunk information.
----End

4.13 Maintaining Link Aggregation

Maintenance Item Operation(s)

Displaying the Eth- Run the display eth-trunk [ trunk-id [ interface

Trunk configuration interface-type interface-number | verbose ] ]
command to check the Eth-Trunk configuration.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 162

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Maintenance Item Operation(s)

Displaying the Eth- Run the display interface eth-trunk [ trunk-id ]

Trunk status command.

Displaying Run the display trunkmembership eth-trunk trunk-id

information about command.
Eth-Trunk member
interfaces

Displaying statistics Run the display lacp statistics eth-trunk [ trunk-id

on received and sent [ interface interface-type interface-number ] ]
LACPDUs in LACP command.
mode

Clearing LACPDU Run the reset lacp statistics eth-trunk [ trunk-id

statistics [ interface interface-type interface-number ] ]
NOTICE command in the user view.
The cleared LACPDU
statistics cannot be
restored.

4.14 Configuration Examples for Link Aggregation

4.14.1 Example for Configuring Link Aggregation in Manual

Mode

Networking Requirements
In Figure 4-22, SwitchA and SwitchB connect to devices in VLAN 10 and VLAN 20
through Ethernet links, and heavy traffic is transmitted between SwitchA and
SwitchB.
SwitchA and SwitchB can provide higher link bandwidth to implement inter-VLAN
communication. Data transmission and link reliability needs to be ensured.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 163

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Figure 4-22 Networking of link aggregation in manual mode

VLAN10 VLAN10

GE0/0/4 GE0/0/1 GE0/0/4

GE0/0/1
SwitchA GE0/0/2 Eth-Trunk GE0/0/2 SwitchB
GE0/0/3 GE0/0/3
GE0/0/5 Eth-Trunk 1 Eth-Trunk 1 GE0/0/5

VLAN20 VLAN20

Configuration Roadmap
The configuration roadmap is as follows:

1. Create an Eth-Trunk and add member interfaces to the Eth-Trunk to increase

link bandwidth.
2. Create VLANs and add interfaces to the VLANs.
3. Configure a load balancing mode to ensure that traffic is load balanced
among Eth-Trunk member interfaces.

Procedure
Step 1 Create an Eth-Trunk on SwitchA and SwitchB, and add member interfaces to the
Eth-Trunk.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] interface eth-trunk 1
[SwitchA-Eth-Trunk1] trunkport gigabitethernet 0/0/1 to 0/0/3
[SwitchA-Eth-Trunk1] quit
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] interface eth-trunk 1
[SwitchB-Eth-Trunk1] trunkport gigabitethernet 0/0/1 to 0/0/3
[SwitchB-Eth-Trunk1] quit

Step 2 Create VLANs and add interfaces to the VLANs.

# Create VLAN 10 and VLAN 20, and add interfaces to VLAN 10 and VLAN 20. The
configuration of SwitchB is similar to the configuration of SwitchA, and is not
mentioned here.
[SwitchA] vlan batch 10 20
[SwitchA] interface gigabitethernet 0/0/4
[SwitchA-GigabitEthernet0/0/4] port link-type trunk
[SwitchA-GigabitEthernet0/0/4] port trunk allow-pass vlan 10
[SwitchA-GigabitEthernet0/0/4] quit
[SwitchA] interface gigabitethernet 0/0/5
[SwitchA-GigabitEthernet0/0/5] port link-type trunk
[SwitchA-GigabitEthernet0/0/5] port trunk allow-pass vlan 20
[SwitchA-GigabitEthernet0/0/5] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 164

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

# Configure Eth-Trunk 1 to allow packets from VLAN 10 and VLAN 20 to pass

through. The configuration of SwitchB is similar to the configuration of SwitchA,
and is not mentioned here.
[SwitchA] interface eth-trunk 1
[SwitchA-Eth-Trunk1] port link-type trunk
[SwitchA-Eth-Trunk1] port trunk allow-pass vlan 10 20
[SwitchA-Eth-Trunk1] quit

Step 3 Configure a load balancing mode for Eth-Trunk 1. The configuration of SwitchB is
similar to the configuration of SwitchA, and is not mentioned here.
[SwitchA] interface eth-trunk 1
[SwitchA-Eth-Trunk1] load-balance src-dst-mac
[SwitchA-Eth-Trunk1] quit

Step 4 Verify the configuration.

Run the display eth-trunk 1 command in any view to check whether the Eth-
Trunk is created and whether member interfaces are added.
[SwitchA] display eth-trunk 1
Eth-Trunk1's state information is:
WorkingMode: NORMAL Hash arithmetic: According to SA-XOR-DA
Least Active-linknumber: 1 Max Bandwidth-affected-linknumber: 8
Operate status: up Number Of Up Port In Trunk: 3
--------------------------------------------------------------------------------
PortName Status Weight
GigabitEthernet0/0/1 Up 1
GigabitEthernet0/0/2 Up 1
GigabitEthernet0/0/3 Up 1

The preceding command output shows that Eth-Trunk 1 has three member
interfaces: GigabitEthernet0/0/1, GigabitEthernet0/0/2, and GigabitEthernet0/0/3.
The member interfaces are all in Up state. The Operate status of Eth-Trunk 1 is
Up.

----End

Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 10 20
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10 20
load-balance src-dst-mac
#
interface GigabitEthernet0/0/1
eth-trunk 1
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/5

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 165

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

port link-type trunk

port trunk allow-pass vlan 20
#
return

● SwitchB configuration file

#
sysname SwitchB
#
vlan batch 10 20
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10 20
load-balance src-dst-mac
#
interface GigabitEthernet0/0/1
eth-trunk 1
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 20
#
return

4.14.2 Example for Configuring Link Aggregation in LACP

Mode

Networking Requirements
In Figure 4-23, SwitchA and SwitchB connect to devices in VLAN 10 and VLAN 20
through Ethernet links, and heavy traffic is transmitted between SwitchA and
SwitchB. The link between SwitchA and SwitchB is required to provide high
bandwidth to implement inter-VLAN communication. Link aggregation in LACP
mode is configured on SwitchA and SwitchB to improve the bandwidth and
reliability. The following requirements must be met:
● Two active links implement load balancing.
● One link functions as the backup link. When a fault occurs on an active link,
the backup link replaces the faulty link to maintain reliable data transmission.
● Devices in the same VLAN can communicate.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 166

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Figure 4-23 Networking diagram for configuring link aggregation in LACP mode

VLAN 10 VLAN 10

GE0/0/4 GE0/0/1 GE0/0/1 GE0/0/4

SwitchA GE0/0/2 Eth-Trunk GE0/0/2 SwitchB
GE0/0/3 GE0/0/3
GE0/0/5 Eth-Trunk 1 Eth-Trunk 1 GE0/0/5

VLAN 20 VLAN 20

Active link
Backup link

Configuration Roadmap
The configuration roadmap is as follows:
1. Create an Eth-Trunk and configure the Eth-Trunk to work in LACP mode to
implement link aggregation.
2. Add member interfaces to the Eth-Trunk.
3. Set the LACP system priority and determine the Actor so that the Partner
selects active interfaces based on the Actor interface priority.
4. Set the upper threshold for the number of active interfaces to improve
reliability.
5. Set LACP interface priorities and determine active interfaces so that interfaces
with higher priorities are selected as active interfaces.
6. Create VLANs and add interfaces to the VLANs.

Procedure
Step 1 Create Eth-Trunk 1 on SwitchA and configure Eth-Trunk 1 to work in LACP mode.
The configuration of SwitchB is similar to the configuration of SwitchA, and is not
mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] interface eth-trunk 1
[SwitchA-Eth-Trunk1] mode lacp
[SwitchA-Eth-Trunk1] quit

Step 2 Add member interfaces to Eth-Trunk 1 on SwitchA. The configuration of SwitchB is

similar to the configuration of SwitchA, and is not mentioned here.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] eth-trunk 1
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] eth-trunk 1
[SwitchA-GigabitEthernet0/0/2] quit
[SwitchA] interface gigabitethernet 0/0/3

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 167

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

[SwitchA-GigabitEthernet0/0/3] eth-trunk 1
[SwitchA-GigabitEthernet0/0/3] quit

Step 3 Set the system priority on SwitchA to 100 so that SwitchA becomes the Actor.
[SwitchA] lacp priority 100

Step 4 On SwitchA, set the upper threshold for the number of active interfaces to 2.
[SwitchA] interface eth-trunk 1
[SwitchA-Eth-Trunk1] max active-linknumber 2
[SwitchA-Eth-Trunk1] quit

Step 5 Set the LACP interface priority and determine active links on SwitchA.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] lacp priority 100
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] lacp priority 100
[SwitchA-GigabitEthernet0/0/2] quit

Step 6 Create VLANs and add interfaces to the VLANs.

# Create VLAN 10 and VLAN 20 and add interfaces to VLAN 10 and VLAN 20. The
configuration of SwitchB is similar to the configuration of SwitchA, and is not
mentioned here.
[SwitchA] vlan batch 10 20
[SwitchA] interface gigabitethernet 0/0/4
[SwitchA-GigabitEthernet0/0/4] port link-type trunk
[SwitchA-GigabitEthernet0/0/4] port trunk allow-pass vlan 10
[SwitchA-GigabitEthernet0/0/4] quit
[SwitchA] interface gigabitethernet 0/0/5
[SwitchA-GigabitEthernet0/0/5] port link-type trunk
[SwitchA-GigabitEthernet0/0/5] port trunk allow-pass vlan 20
[SwitchA-GigabitEthernet0/0/5] quit

# Configure Eth-Trunk 1 to allow packets from VLAN 10 and VLAN 20 to pass

through. The configuration of SwitchB is similar to the configuration of SwitchA,
and is not mentioned here.
[SwitchA] interface eth-trunk 1
[SwitchA-Eth-Trunk1] port link-type trunk
[SwitchA-Eth-Trunk1] port trunk allow-pass vlan 10 20
[SwitchA-Eth-Trunk1] quit

Step 7 Verify the configuration.

# Check information about the Eth-Trunk of the Switches and check whether
negotiation is successful on the link.
[SwitchA] display eth-trunk 1
Eth-Trunk1's state information is:
Local:
LAG ID: 1 WorkingMode: LACP
Preempt Delay: Disabled Hash arithmetic: According to SIP-XOR-DIP
System Priority: 100 System ID: 00e0-fca8-0417
Least Active-linknumber: 1 Max Active-linknumber: 2
Operate status: up Number Of Up Port In Trunk: 2
--------------------------------------------------------------------------------
ActorPortName Status PortType PortPri PortNo PortKey PortState Weight
GigabitEthernet0/0/1 Selected 1GE 100 6145 2865 11111100 1
GigabitEthernet0/0/2 Selected 1GE 100 6146 2865 11111100 1
GigabitEthernet0/0/3 Unselect 1GE 32768 6147 2865 11100000 1

Partner:
--------------------------------------------------------------------------------
ActorPortName SysPri SystemID PortPri PortNo PortKey PortState
GigabitEthernet0/0/1 32768 00e0-fca6-7f85 32768 6145 2609 11111100

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 168

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

GigabitEthernet0/0/2 32768 00e0-fca6-7f85 32768 6146 2609 11111100

GigabitEthernet0/0/3 32768 00e0-fca6-7f85 32768 6147 2609 11110000
[SwitchB] display eth-trunk 1
Eth-Trunk1's state information is:
Local:
LAG ID: 1 WorkingMode: LACP
Preempt Delay: Disabled Hash arithmetic: According to SIP-XOR-DIP
System Priority: 32768 System ID: 00e0-fca6-7f85
Least Active-linknumber: 1 Max Active-linknumber: 8
Operate status: up Number Of Up Port In Trunk: 2
--------------------------------------------------------------------------------
ActorPortName Status PortType PortPri PortNo PortKey PortState Weight
GigabitEthernet0/0/1 Selected 1GE 32768 6145 2609 11111100 1
GigabitEthernet0/0/2 Selected 1GE 32768 6146 2609 11111100 1
GigabitEthernet0/0/3 Unselect 1GE 32768 6147 2609 11100000 1

Partner:
--------------------------------------------------------------------------------
ActorPortName SysPri SystemID PortPri PortNo PortKey PortState
GigabitEthernet0/0/1 100 00e0-fca8-0417 100 6145 2865 11111100
GigabitEthernet0/0/2 100 00e0-fca8-0417 100 6146 2865 11111100
GigabitEthernet0/0/3 100 00e0-fca8-0417 32768 6147 2865 11110000

The preceding information shows that the LACP system priority of SwitchA is 100,
which is higher than the LACP system priority of SwitchB. Member interfaces
GigabitEthernet0/0/1 and GigabitEthernet0/0/2 become the active interfaces and
are in Selected state. Interface GigabitEthernet0/0/3 is in Unselect state. Two links
are active and work in load balancing mode, and one link is the backup link.

----End

Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 10 20
#
lacp priority 100
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10 20
mode lacp
max active-linknumber 2
#
interface GigabitEthernet0/0/1
eth-trunk 1
lacp priority 100
#
interface GigabitEthernet0/0/2
eth-trunk 1
lacp priority 100
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 20
#
return

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 169

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

● SwitchB configuration file

#
sysname SwitchB
#
vlan batch 10 20
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10 20
mode lacp
#
interface GigabitEthernet0/0/1
eth-trunk 1
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 20
#
return

4.14.3 Example for Configuring an Inter-Chassis Eth-Trunk to

Forward Traffic Preferentially Through Local Member
Interfaces (Stack)
Networking Requirements
NOTE

The S1720GFR, S5700S-28P-LI-AC, and S5700S-52P-LI-AC do not support this configuration.

On the network shown in Figure 4-24, Switch3 and Switch4 are connected
through Stack cables to increase the total capacity. The two switches are
considered as one logical switch. To improve reliability, physical interfaces on the
two switches are added to an Eth-Trunk. When the network runs properly, traffic
from VLAN 2 is forwarded through GE1/0/1 and GE1/0/2, and traffic from VLAN 3
is forwarded through GE1/0/1 and GE1/0/2. This increases bandwidth use
efficiency between devices and reduces traffic forwarding efficiency.
To improve traffic forwarding efficiency, traffic from VLAN 2 should be forwarded
through GE1/0/1 and traffic from VLAN 3 should be forwarded through GE1/0/2.
To achieve this goal, configure the Eth-Trunk to preferentially forward local traffic.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 170

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Figure 4-24 Preferentially forwarding traffic through the local member interface

Network

PE
GE1/0/1 GE1/0/2

Eth-Trunk 10

GE1/0/4 GE2/0/4 Stack

Switch3 GE1/0/3 GE2/0/3 Switch4

GE0/0/2 GE0/0/2
Switch1
Switch2
GE0/0/1 GE0/0/1

Stack cable
VLAN 2 data flow
VLAN 3 data flow

Configuration Roadmap
The configuration roadmap is as follows:
1. Create an Eth-Trunk.
2. Add member interfaces to the Eth-Trunk.
3. Configure the Eth-Trunk to preferentially forward local traffic.
4. Configure the Layer 2 forwarding function.

Procedure
Step 1 Create an Eth-Trunk and configure the Eth-Trunk to allow packets all VLANs to
pass through.
# Configure the stack.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 171

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

<HUAWEI> system-view
[HUAWEI] sysname Stack
[Stack] interface eth-trunk 10
[Stack-Eth-Trunk10] port link-type trunk
[Stack-Eth-Trunk10] port trunk allow-pass vlan all
[Stack-Eth-Trunk10] quit

# Configure the PE.

<HUAWEI> system-view
[HUAWEI] sysname PE
[PE] interface eth-trunk 10
[PE-Eth-Trunk10] port link-type trunk
[PE-Eth-Trunk10] port trunk allow-pass vlan all
[PE-Eth-Trunk10] quit

Step 2 Add member interfaces to the Eth-Trunk.

# Configure the stack.
[Stack] interface gigabitethernet 1/0/4
[Stack-GigabitEthernet1/0/4] eth-trunk 10
[Stack-GigabitEthernet1/0/4] quit
[Stack] interface gigabitethernet 2/0/4
[Stack-GigabitEthernet2/0/4] eth-trunk 10
[Stack-GigabitEthernet2/0/4] quit

# Configure the PE.

[PE] interface gigabitethernet 1/0/1
[PE-GigabitEthernet1/0/1] eth-trunk 10
[PE-GigabitEthernet1/0/1] quit
[PE] interface gigabitethernet 1/0/2
[PE-GigabitEthernet1/0/2] eth-trunk 10
[PE-GigabitEthernet1/0/2] quit

Step 3 In the stack view, configure the Eth-Trunk to preferentially forward local traffic.
[Stack] interface eth-trunk 10
[Stack-Eth-Trunk10] local-preference enable
[Stack-Eth-Trunk10] quit

Step 4 Configure the Layer 2 forwarding function.

# Configure the stack.
[Stack] vlan batch 2 3
[Stack] interface gigabitethernet 1/0/3
[Stack-GigabitEthernet1/0/3] port link-type trunk
[Stack-GigabitEthernet1/0/3] port trunk allow-pass vlan 2
[Stack-GigabitEthernet1/0/3] quit
[Stack] interface gigabitethernet 2/0/3
[Stack-GigabitEthernet2/0/3] port link-type trunk
[Stack-GigabitEthernet2/0/3] port trunk allow-pass vlan 3
[Stack-GigabitEthernet2/0/3] quit

# Configure Switch1.
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan 2
[Switch1-vlan2] quit
[Switch1] interface gigabitethernet 0/0/1
[Switch1-GigabitEthernet0/0/1] port link-type trunk
[Switch1-GigabitEthernet0/0/1] port trunk allow-pass vlan 2
[Switch1-GigabitEthernet0/0/1] quit
[Switch1] interface gigabitethernet 0/0/2
[Switch1-GigabitEthernet0/0/2] port link-type trunk
[Switch1-GigabitEthernet0/0/2] port trunk allow-pass vlan 2
[Switch1-GigabitEthernet0/0/2] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 172

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

# Configure Switch2.
<HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2] vlan 3
[Switch2-vlan3] quit
[Switch2] interface gigabitethernet 0/0/1
[Switch2-GigabitEthernet0/0/1] port link-type trunk
[Switch2-GigabitEthernet0/0/1] port trunk allow-pass vlan 3
[Switch2-GigabitEthernet0/0/1] quit
[Switch2] interface gigabitethernet 0/0/2
[Switch2-GigabitEthernet0/0/2] port link-type trunk
[Switch2-GigabitEthernet0/0/2] port trunk allow-pass vlan 3
[Switch2-GigabitEthernet0/0/2] quit

Step 5 Verify the configuration.

Run the display trunkmembership eth-trunk command in any view to check
information about Eth-Trunk member interfaces.
The display on the stack is used as an example.
<Stack> display trunkmembership eth-trunk 10
Trunk ID: 10
Used status: VALID
TYPE: ethernet
Working Mode : Normal
Number Of Ports in Trunk = 2
Number Of Up Ports in Trunk = 2
Operate status: up

Interface GigabitEthernet1/0/4, valid, operate up, weight=1

Interface GigabitEthernet2/0/4, valid, operate up, weight=1

----End

Configuration Files
● Stack configuration file
#
sysname Stack
#
vlan batch 2 3
#
interface Eth-Trunk10
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet1/0/3
port link-type trunk
port trunk allow-pass vlan 2
#
interface GigabitEthernet2/0/3
port link-type trunk
port trunk allow-pass vlan 3
#
interface GigabitEthernet1/0/4
eth-trunk 10
#
interface GigabitEthernet2/0/4
eth-trunk 10
#
return
● PE configuration file
#
sysname PE
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 173

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

interface Eth-Trunk10
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet1/0/1
eth-trunk 10
#
interface GigabitEthernet1/0/2
eth-trunk 10
#
return

● Switch1 configuration file

#
sysname Switch1
#
vlan batch 2
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2
#
return

● Switch2 configuration file

#
sysname Switch2
#
vlan batch 3
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 3
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 3
#
return

4.15 Troubleshooting Link Aggregation

4.15.1 Traffic Is Unevenly Load Balanced Among Eth-Trunk

Member Interfaces Because the Load Balancing Mode Is
Incorrect

Fault Description
Traffic is unevenly load balanced among Eth-Trunk member interfaces due to the
incorrect load balancing mode.

Procedure
1. Run the display eth-trunk command to check whether the load balancing
mode of the Eth-Trunk meets networking requirements. For example, source

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 174

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

or destination IP address-based load balancing is not recommended in Layer 2

networking.
2. Run the load-balance command to set an appropriate load balancing mode.

4.15.2 Eth-Trunk at Both Ends Cannot Be Up Because the

Lower Threshold for the Number of Active Interfaces Is
Incorrect
Fault Description
The Eth-Trunk is Down because the lower threshold for the number of active
interfaces is incorrect.

Procedure
1. Run the display eth-trunk trunk-id command to check whether the lower
threshold for the number of active interfaces of an Eth-Trunk is set.
If the number of Eth-Trunk member interfaces in Up state is lower than the
lower threshold, the Eth-Trunk becomes Down.
2. Run the least active-linknumber link-number command to configure the
lower threshold for the number of active interfaces of an Eth-Trunk to be
smaller than the number of Eth-Trunk member interfaces in Up state.
The local and remote devices can use different lower thresholds for the
number of active interfaces. If the lower thresholds are different, a larger
value is used.

4.16 FAQ About Link Aggregation

4.16.1 Can an Eth-Trunk Be Configured with an IP Address?

By default, an Eth-Trunk is a Layer 2 interface and cannot be configured with an IP
address. If an Eth-Trunk is switched to a Layer 3 interface, it can be configured
with an IP address.

4.16.2 How Do I Add Member Interfaces to an Eth-Trunk?

Before adding a new member interface, ensure that the type of the new member
interface is the same as that of other member interfaces and there is no
configuration on the new member interface.

1. Run the shutdown command in the interface view to configure the new
member interface in Down state.
If the new member interface that joins the Eth-Trunk is not configured to be
Down, a temporary loop may occur. As a result, services are affected.
2. Run either of the following commands to add the new member interface to
the Eth-Trunk.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 175

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

– Run the eth-trunk trunk-id command in the interface view.

– Run the trunkport interface-type { interface-number1 [ to interface-
number2 ] } &<1-8> command in the Eth-Trunk interface view.
3. After member interfaces at both ends join the Eth-Trunk, run the undo
shutdown command in the interface view to enable the new member
interfaces.

4.16.3 How Do I Delete Member Interfaces from an Eth-Trunk?

1. Run the shutdown command in the interface view to configure the member
interface to be deleted in Down state.
2. Run either of the following commands to delete the member interface from
the Eth-Trunk.
– Run the undo eth-trunk command in the interface view.
– Run the undo trunkport interface-type { interface-number1 [ to
interface-number2 ] } &<1-8> command in the Eth-Trunk interface view.
3. Run the undo shutdown command in the interface view to configure the
member interface to be deleted in Up state.

4.16.4 What Is the Function of the Delay for LACP

Preemption?
When an Eth-Trunk interface in LACP mode goes Up and Down frequently due to
unstable physical links, LACP goes Up and Down accordingly. As a result, services
transmitted on the Eth-Trunk link are affected. After the LACP preemption delay is
set, LACP negotiation is not performed during the delay period. The possibility of
LACP flapping is reduced, and services will not be affected.
You can run the lacp preempt enable command to enable the LACP preemption
function on the current Eth-Trunk interface and run the lacp preempt delay
delay-time command to configure the preemption delay.

4.16.5 Which Switches Are Recommended for Link

Aggregation in FTTx Scenarios of MAN?
In Figure 4-25, users in the FTTx scenario of the MAN often use PPPoE for
Internet access. If switches use link aggregation, when traffic is aggregated, ensure
that PPPoE packets are load balanced. In such scenarios, the S5700EI, S5710EI,
S5720EI, S5700HI, S5710HI, S5720HI, S5730SI, S5730S-EI, S6700EI, S6720EI,
S6720S-EI, S6720SI, S6720S-SI, S6720LI, S6720S-LI are recommended.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 176

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 4 Link Aggregation Configuration

Figure 4-25 FTTx scenario of the MAN

Internet

BRAS
Eth-TrunK

Switch

OLT OLT OLT

ONU ONU ONU

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 177

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

5 VLAN Configuration

About This Chapter

This chapter describes how to configure VLANs. VLANs provide broadcast domain
isolation, security hardening, flexible networking, and high extensibility.

5.1 Overview of VLANs

5.2 Understanding VLANs
5.3 Application Scenarios for VLANs
5.4 Summary of VLAN Configuration Tasks
5.5 Licensing Requirements and Limitations for VLANs
5.6 Default Settings for VLANs
5.7 Configuring VLANs
5.8 Maintaining VLANs
5.9 Configuration Examples for VLANs
5.10 Troubleshooting VLANs
5.11 FAQ About VLANs

5.1 Overview of VLANs

Definition
Virtual Local Area Network (VLAN) technology divides a physical LAN into
multiple broadcast domains, each of which is called a VLAN.

Purpose
Ethernet technology implements data communication over shared media based on
Carrier Sense Multiple Access/Collision Detection (CSMA/CD). When an Ethernet

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 178

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

network has a large number of hosts, collision becomes a serious problem and can
lead to broadcast storms. As a result, network performance deteriorates, or can
even result in a complete breakdown. Using switches to connect LANs can
mitigate collisions, but cannot isolate broadcast packets or improve network
quality.

VLAN technology divides a physical LAN into multiple VLANs to isolate broadcast
domains. Hosts within a VLAN can communicate with each other but cannot
communicate directly with hosts in other VLANs. Consequently, broadcast packets
are confined to within a single VLAN.

Figure 5-1 VLAN networking

VLAN 2

Router SwitchA SwitchB

VLAN 3

Figure 5-1 shows a typical VLAN networking environment. Two switches are
deployed in different locations (for example, on different floors of a building).
Each switch is connected to two PCs belonging to different VLANs, which likely
belong to different entities or companies.

Benefits
VLAN technology offers the following benefits:
● Limits broadcast domains. Broadcast domains are limited to conserve
bandwidth and improve network efficiency.
● Enhances LAN security. Packets from different VLANs are transmitted
separately. Hosts in a VLAN cannot communicate directly with hosts in
another VLAN.
● Improves network robustness. A fault in a VLAN does not affect hosts in other
VLANs.
● Allows flexible definition of virtual groups. With VLAN technology, hosts in
different geographical locations can be grouped together, thereby simplifying
network construction and maintenance.

5.2 Understanding VLANs

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 179

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

5.2.1 VLAN Tags

Definition and Function

A switch identifies packets from different VLANs according to the information
contained in VLAN tags. IEEE 802.1Q adds a 4-byte VLAN tag between the Source
address and Length/Type fields of an Ethernet frame, as shown in Figure 5-2.

Figure 5-2 IEEE 802.1Q tagged frame format

Traditional Ethernet data frame
6 bytes 6 bytes 2 bytes 46-1500 bytes 4 bytes
Destination Source Data FCS
Length/Type
address address

VLAN data frame

6 bytes 6 bytes 4 bytes 2 bytes 46-1500 bytes 4 bytes
Destination Source VLAN Length/ Data FCS
address address Tag Type

TPID PRI CFI VID

2 bytes 3 bits 1 bit 12 bits

A VLAN tag contains four fields. Table 5-1 describes the fields.

Table 5-1 Fields in a VLAN tag

Field Leng Description Value
th

TPID 2 Tag Protocol Identifier The value 0x8100 indicates an

bytes (TPID), indicating the frame 802.1Q-tagged frame. An 802.1Q-
type. incapable device discards the
802.1Q frames.
IEEE 802.1Q protocol defines the
value of the field as 0x8100.
However, manufacturers can
define their own TPID values and
users can then modify the value
to realize interconnection of
devices from different
manufacturers.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 180

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Field Leng Description Value

th

PRI 3 bits Priority (PRI), indicating the The value ranges from 0 to 7. A
frame priority. larger value indicates a higher
priority. If congestion occurs, the
switch sends packets with higher
priorities first.

CFI 1 bit Canonical Format Indicator The value 0 indicates that the
(CFI), indicating whether a MAC address is encapsulated in
MAC address is canonical format, and the value 1
encapsulated in canonical indicates that the MAC address is
format over different encapsulated in non-canonical
transmission media. CFI is format. The CFI field has a fixed
used to ensure compatibility value of 0 on Ethernet networks.
between Ethernet and
token ring networks.

VID 12 VLAN ID (VID), indicating VLAN IDs range from 0 to 4095.

bits the VLAN to which a frame The values 0 and 4095 are
belongs. reserved, and therefore valid
VLAN IDs range from 1 to 4094.

The switch identifies the VLAN that a frame belongs to according to the
information contained in the VID field. Broadcast frames are forwarded only in the
local VLAN. That is, a broadcast domain is confined to within a single VLAN.

VLAN Tags in Received and Sent Frames

In a VLAN, Ethernet frames are classified into the following types:
● Tagged frame: frame with a 4-byte VLAN tag
● Untagged frame: frame without a 4-byte VLAN tag
Common devices process tagged and untagged frames as follows:
● User hosts, servers, hubs, and simplified Layer 2 switches can only receive and
send untagged frames.
● Switches, routers, and ACs can receive and send both tagged and untagged
frames.
● Voice terminals and APs can receive and send tagged and untagged frames
simultaneously.
All frames processed in a switch carry VLAN tags to improve frame processing
efficiency.

5.2.2 Link and Interface Types

All frames processed in a switch carry VLAN tags. On a network, some devices
connected to a switch can only receive and send untagged frames. To enable
communication between the switch and these devices, the switch interfaces must

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 181

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

be able to identify the untagged frames and add or remove VLAN tags from the
frames. Hosts in the same VLAN may be connected to different switches, and
more than one VLAN may span multiple switches. To enable communication
between hosts, interfaces between switches must be able to identify and send
VLAN frames.
To accommodate different connections and networking, Huawei defines four
interface types (access, trunk, hybrid, and QinQ) and two link types (access and
trunk). Figure 5-3 shows access, trunk, and hybrid interfaces. 10 QinQ
Configuration shows the QinQ interface.

Figure 5-3 Link and interface types

2
3
Switch Switch
4

Trunk

2
4

Switch Switch
Hub Hub

VLAN 2 VLAN 3 VLAN 4 VLAN 2 VLAN 3 VLAN 4

Access link
Trunk link Untagged frame
Access interface 2 Tagged frame, VID=2
Trunk interface 3 Tagged frame, VID=3
4 Tagged frame, VID=4
Hybrid interface

Link Types
As shown in Figure 5-3, Ethernet links fall into the following types, depending on
the number of allowed VLANs:
● Access link
An access link can transmit data frames of only one VLAN. It connects a
switch to a user terminal, such as a host, server, and simplified Layer 2 switch.
Generally, user terminals do not need to know the VLANs to which they
belong and cannot identify tagged frames; therefore, only untagged frames
are transmitted along an access link.
● Trunk link
A trunk link can transmit data frames from multiple VLANs. It connects a
switch to another switch or a router. Frames on a trunk link must be tagged

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 182

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

so that other network devices can correctly identify VLAN information in the
frames.

Interface Types
As shown in Figure 5-3, Ethernet interfaces are classified into the following types
depending on the objects connected to them and the way they process frames:
● Access interface
An access interface often connects to a user terminal such as a user host or
server that cannot identify VLAN tags, or is used when VLANs do not need to
be differentiated. In most cases, access interfaces can only receive and send
untagged frames, and can add only a unique VLAN tag to untagged frames.
However, if the VID and PVID are the same in tagged frames, access
interfaces can receive and process the tagged frames.
● Trunk interface
A trunk interface often connects to a switch, router, AP, or voice terminal that
can receive and send tagged and untagged frames simultaneously. It allows
tagged frames from multiple VLANs and untagged frames from only one
VLAN.
● Hybrid interface
A hybrid interface can connect to not only a user terminal (such as a user
host or server) or network device (such as a hub or simplified Layer 2 switch)
that cannot identify tags, but also a switch, router, voice terminal, or AP that
can receive and send tagged and untagged frames. It allows tagged frames
from multiple VLANs. Frames sent out from a hybrid interface are tagged or
untagged according to the VLAN configuration.
Hybrid and trunk interfaces can be interchanged in some scenarios, but hybrid
interfaces must be used in specified scenarios, for example, selective QinQ
scenario. Before packets from multiple VLANs provided by a service provider
enter a user network, the outer VLAN tags must be removed. The trunk
interface cannot be used here because the trunk interface allows only
untagged packets from the default VLAN of the interface to pass through. For
details about selective QinQ, see 10.7 Configuring Selective QinQ in "QinQ
Configuration".
● QinQ interface
An 802.1Q-in-802.1Q (QinQ) interface often connects a private network to a
public network. It can add an additional 802.1Q tag to a tagged frame. QinQ
supports up to 4094 x 4094 VLANs, thereby extending VLANs over the
network. The outer tag is often called the public tag and identifies the VLAN
ID of the public network, whereas the inner tag is often called the private tag
and identifies the VLAN ID of the private network.
For details about the QinQ interface and QinQ frame format, see 10.2.1 QinQ
Fundamentals.

5.2.3 Default VLAN

The default VLAN ID of an interface is called the port default VLAN ID (PVID).
Frames processed in a switch all carry VLAN tags. When the switch receives an
untagged frame, it adds a VLAN tag to the frame according to the default VLAN

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 183

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

of the interface that receives the frame. The PVID is used in the following
scenarios:
● When an interface receives an untagged frame, the interface adds a tag with
the PVID to the frame and sends the frame to the switch for processing. When
an interface receives a tagged frame, the switch does not add a tag with the
PVID to the frame.
● When an interface sends a frame in which the VLAN ID is the same as the
PVID, the switch removes the tag from the frame before sending it out from
the interface.
Each interface has a default VLAN. By default, the default VLAN ID of all
interfaces is VLAN 1. You can change the default VLAN ID as required:
● The default VLAN of an access interface is the VLAN allowed by the access
interface. To change the default VLAN of an access interface, change the
allowed VLAN.
● Trunk and hybrid interfaces allow multiple VLANs but have only one default
VLAN. Changing the allowed VLANs will not change the default VLAN.

5.2.4 Adding and Removing VLAN Tags

Ethernet data frames are tagged or untagged based on the interface type and
default VLAN. The following describes how access, trunk, and hybrid interfaces
process data frames.

NOTE

A QinQ interface adds an additional tag to a tagged frame. For details, see 10 QinQ
Configuration.

Access Interface
Figure 5-4 and Figure 5-5 shows how an access interface adds and removes VLAN
tags.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 184

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Figure 5-4 Access interface adding VLAN tags

Receive a
frame

No
Carry tag?

Yes

No
Same
Discard
VID and PVID?

Yes
Accept it and
add PVID Accept the frame

Further processing

Figure 5-5 Access interface removing VLAN tags

Prepare for
sending a frame

Remove tag

Send the frame

Trunk Interface
Figure 5-6 and Figure 5-7 shows how a trunk interface adds and removes VLAN
tags.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 185

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Figure 5-6 Trunk interface adding VLAN tags

Receive a
frame

No
Carry tag?

Yes

No
Add the PVID Is VID allowed? Discard

Yes

Accept the frame

Further processing

Figure 5-7 Trunk interface removing VLAN tags

Prepare for
sending a frame

No
Same as PVID?

Yes

Remove tag

Retain tag Send the frame

Hybrid Interface
Figure 5-8 and Figure 5-9 shows how a hybrid interface adds and removes VLAN
tags.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 186

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Figure 5-8 Hybrid interface adding VLAN tags

Receive a
frame

No
Carry tag?

Yes

No
Add the PVID Is VID allowed? Discard

Yes

Accept the frame

Further processing

Figure 5-9 Hybrid interface removing VLAN tags

Prepare for
sending a frame

No Does device
add tag to it?

Yes

Retain tag

Remove tag Send the frame

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 187

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Frame Processing on Different Interfaces

Table 5-2 Frame processing based on the port type

Port Untagged Frame Tagged Frame Frame
Type Processing Processing Transmission

Access Accepts an untagged ● Accepts the tagged After the PVID tag
port frame and adds a tag frame if the frame's is stripped, the
with the default VLAN VLAN ID matches frame is
ID to the frame. the default VLAN transmitted.
ID.
● Discards the tagged
frame if the frame's
VLAN ID differs
from the default
VLAN ID.

Trunk ● Adds a tag with the ● Accepts a tagged ● If the frame's

port default VLAN ID to frame if the VLAN VLAN ID
the untagged frame ID carried in the matches the
and then transmits frame is permitted default VLAN ID
it if the default by the port. and the VLAN
VLAN ID is ● Discards a tagged ID is permitted
permitted by the frame if the VLAN by the port, the
port. ID carried in the device removes
● Adds a tag with the frame is denied by the tag and
default VLAN ID to the port. transmits the
the untagged frame frame.
and then discards it ● If the frame's
if the default VLAN VLAN ID differs
ID is denied by the from the
port. default VLAN
ID, but the
VLAN ID is still
permitted by
the port, the
device will
directly transmit
the frame.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 188

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Port Untagged Frame Tagged Frame Frame

Type Processing Processing Transmission

Hybrid ● Adds a tag with the ● Accepts a tagged If the frame's

port default VLAN ID to frame if the VLAN VLAN ID is
an untagged frame ID carried in the permitted by the
and accepts the frame is permitted port, the frame is
frame if the port by the port. transmitted. The
permits the default ● Discards a tagged port can be
VLAN ID. frame if the VLAN configured
● Adds a tag with the ID carried in the whether to
default VLAN ID to frame is denied by transmit frames
an untagged frame the port. with tags.
and discards the
frame if the port
denies the default
VLAN ID.

Interfaces process received frames as follows:

● Access, trunk, and hybrid interfaces add VLAN tags to received untagged
frames. Trunk and hybrid interfaces determine whether to accept untagged
frames depending on whether VLANs specified by the VLAN IDs in the frames
are allowed, whereas an access interface accepts the untagged frames
unconditionally.
● Access, trunk, and hybrid interfaces determine whether to accept tagged
frames depending on whether VLANs specified by the VLAN IDs in the frames
are allowed (the VLAN ID allowed by an access interface is the default VLAN
ID).
● Interfaces send frames as follows:
– An access interface directly removes VLAN tags from frames before
sending the frames.
– A trunk interface removes VLAN tags from frames only when their VLAN
IDs are the same as the PVID on the interface.
– A hybrid interface determines whether to remove VLAN tags from frames
based on the interface configuration.
Frames sent by an access interface are all untagged. On a trunk interface,
only frames of one VLAN are sent without tags, and frames of other VLANs
are sent with tags. On a hybrid interface, you can specify the VLANs of which
frames are sent with or without tags.

5.2.5 LNP
Definition
Link-type Negotiation Protocol (LNP) dynamically negotiates the link type of an
Ethernet interface. The negotiated link type can be access or trunk.
● When the link type on an Ethernet interface is negotiated as access, the
interface joins VLAN 1 by default.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 189

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

● When the link type on an Ethernet interface is negotiated as trunk, the

interface joins VLAN 1 to VLAN 4094 by default.

Background
The switch supports the following link types on an Ethernet interface: access,
hybrid, trunk, and QinQ. The four link types are applicable to different network
positions and are manually specified. If the network topology changes, link types
of Ethernet interfaces also need to be reconfigured and the configuration is
complex. To simplify the configuration, LNP supports auto-negotiation of the link
types on Ethernet interfaces and allows Ethernet interfaces to join VLANs after the
auto-negotiation.

Implementation
When Layer 2 devices on the network shown in Figure 5-10 are successfully
connected, the physical status of interfaces becomes Up. After LNP negotiation is
complete, user-side interfaces on Switch4, Switch5, Switch6, and Switch7 join
VLAN 1 as access interfaces, and interfaces between switches become trunk
interfaces and allow all VLANs.

Figure 5-10 Typical LNP networking

Switch1

Switch2 Switch3

Trunk

Switch4 Switch5 Switch6 Switch7

Access

User User User User

terminal terminal terminal terminal

● LNP negotiation conditions

After LNP is enabled, LNP negotiation is triggered in the following situations:
– The local device receives LNP packets from the remote device.
– The local configuration or interface status changes.
In addition to access, hybrid, trunk, and Dot1q tunnel, LNP provides the
following link types:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 190

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

– negotiation-desirable: The local device actively sends LNP packets.

– negotiation-auto: The local device does not actively send LNP packets.
NOTE

An interface that is negotiated as a trunk interface allows all VLANs by default;

therefore, a loop prevention protocol needs to be deployed to prevent loops.
If a loop prevention protocol (for example, STP, RSTP, MSTP, or VBST) is deployed on a
Layer 2 network, LNP negotiation can succeed on a blocked interface regardless of the
link type.
● LNP negotiation
The link type of a Layer 2 Ethernet interface determines the negotiation
result. Table 5-3 describes LNP negotiation results on a Layer 2 interface in
Up state.
NOTE

● If the two ends of an Eth-Trunk link have different numbers of member interfaces,
the LNP negotiation may fail.
● If the link type of the Layer 2 Ethernet interface is set to access, hybrid, trunk, or
Dot1q tunnel, LNP negotiation does not take effect on the interface.
● The link type of an interface will be set to access when the negotiation fails.

Table 5-3 LNP negotiation

Local LNP Remote Link Type or Negotiated Status of
Negotiation LNP Negotiation Local Link Remote Link
Mode Mode Type Type

negotiation- Access (LNP Access Access

desirable/ negotiation enabled)
negotiation-auto
Hybrid (LNP Trunk Hybrid
negotiation enabled)

Dot1q tunnel (LNP Access Dot1q tunnel

negotiation enabled)

Trunk (LNP Trunk Trunk

negotiation enabled)

LNP negotiation not Access Uncertain

supported or disabled

negotiation- negotiation- Trunk Trunk

desirable desirable

negotiation- negotiation-auto Trunk Trunk

desirable

negotiation-auto negotiation-auto Access Access

LNP negotiation depends on communication between both ends. When the

communication is delayed, the link type may be incorrectly negotiated. After
three rounds of communication are complete, the link type in stable

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 191

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

negotiation state. Otherwise, the link type of the interface keeps in

negotiation state. Before the link type enters the stable negotiation state, the
interface in blocking state does not forward packets. This prevents forwarding
errors.
The VLAN Central Management Protocol (VCMP) domain name affects LNP
negotiation. The link type can be negotiated as trunk only when domain
names at both ends are consistent; otherwise, the link type is negotiated as
access interface.

5.2.6 VLAN Assignment

VLAN Assignment Modes
VLANs can be assigned based on interfaces, MAC addresses, policies, IP subnets,
and protocols. Table 5-4 compares different VLAN assignment modes.

Table 5-4 Comparisons among VLAN assignment modes

VLAN Implementation Advantage,
Assignment Disadvantage and
Mode Usage Scenario

Interface-based VLANs are assigned based on Advantage:

VLAN interfaces. It is simple to define
assignment A network administrator VLAN members.
preconfigures a PVID for each Disadvantage:
interface on a switch. When an
untagged frame arrives at an The network
interface, the switch adds the PVID administrator needs to
of the interface to the frame. The reconfigure VLANs
frame is then transmitted in the when VLAN members
VLAN specified by the PVID. change.
Usage Scenario:
Applies to networks of
any scale and with
devices at fixed
locations.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 192

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

VLAN Implementation Advantage,

Assignment Disadvantage and
Mode Usage Scenario

MAC address- VLANs are assigned based on Advantage:

based source MAC addresses of frames. When physical locations
assignment A network administrator of users change, the
preconfigures mappings between network administrator
MAC addresses and VLAN IDs. does not need to
When receiving an untagged reconfigure VLANs for
frame, the switch adds the VLAN the users. This improves
tag mapping the MAC address of security and access
the frame to the frame. Then the flexibility on a network.
frame is transmitted in the Disadvantage:
specified VLAN.
The network
administrator must
predefine VLANs for all
members on a network.
Usage Scenario:
Applies to small-scale
networks where user
terminals often change
physical locations but
their NICs seldom
change, for example,
mobile computers.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 193

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

VLAN Implementation Advantage,

Assignment Disadvantage and
Mode Usage Scenario

IP subnet-based VLANs are assigned based on Advantage:

VLAN source IP addresses and subnet ● When physical
assignment masks. locations of users
A network administrator change, the network
preconfigures mappings between administrator does
IP addresses and VLAN IDs. When not need to
receiving an untagged frame, the reconfigure VLANs
switch adds the VLAN tag mapping for the users.
the IP address of the frame to the ● This mode reduces
frame. Then the frame is communication
transmitted in the specified VLAN. traffic and allows a
broadcast domain to
span multiple
switches.
Disadvantage:
Users are distributed
regularly and multiple
users are on the same
network segment.
Usage Scenario:
Applies to scenarios
where there are high
requirements for
mobility and simplified
management and low
requirements for
security. For example,
this mode can be used
if a PC with multiple IP
addresses needs to
access servers on
different network
segments or a PC needs
to join a new VLAN
automatically after the
PC's IP address changes.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 194

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

VLAN Implementation Advantage,

Assignment Disadvantage and
Mode Usage Scenario

Protocol-based VLANs are assigned based on Advantage:

VLAN protocol (suite) types and This mode binds service
assignment encapsulation formats of frames. types to VLANs,
A network administrator facilitating
preconfigures mappings between management and
protocol types and VLAN IDs. maintenance.
When receiving an untagged Disadvantage:
frame, the switch adds the VLAN
tag mapping the protocol type of ● The network
the frame to the frame. The frame administrator must
is then transmitted in the specified preconfigure
VLAN. mappings between
all protocol types
and VLAN IDs.
● The switch needs to
analyze protocol
address formats and
convert the formats,
which consumes
excessive resources.
Therefore, this mode
slows down switch
response time.
Usage Scenario:
Applies to networks
using multiple
protocols.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 195

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

VLAN Implementation Advantage,

Assignment Disadvantage and
Mode Usage Scenario

Policy-based VLANs are assigned based on Advantage:

VLAN policies such as combinations of ● This mode provides
assignment interfaces, MAC addresses, and IP high security. MAC
(MAC addresses. addresses or IP
addresses, IP A network administrator addresses of users
addresses, and preconfigures policies. When that have been
interfaces) receiving an untagged frame that bound to VLANs
matches a configured policy, the cannot be changed.
switch adds a specified VLAN tag ● The network
to the frame. The frame is then administrator can
transmitted in the specified VLAN. flexibly select which
policies to use
according to the
management mode
and requirements.
Disadvantage:
Each policy needs to be
manually configured.
Usage Scenario:
Applies to complex
networks.

Priorities of VLAN Assignment Modes

If incoming untagged frames match multiple VLAN assignment modes, the VLAN
assignment modes are selected in descending order of priority: policy-based VLAN
assignment > MAC address-based or IP subnet-based VLAN assignment >
protocol-based VLAN assignment > interface-based VLAN assignment.
● If frames match both MAC address-based and IP subnet-based VLAN
assignment modes, MAC address-based VLAN assignment is used by default.
You can change priorities of the two VLAN assignment modes to select a
preferred VLAN assignment mode for packets.
● Interface-based VLAN assignment has the lowest priority but is commonly
used.
Figure 5-11 illustrates the matching sequence of VLAN assignment modes.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 196

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Figure 5-11 Matching sequence of VLAN assignment modes

Receive frame from
Discard frame
remote device
No

Yes Does interface Yes

Carry tag? Forward/Label
Allow tagged frame? operation

No

Yes Allocate VLAN ID to

Policy-based VLAN frame and forward it
assignment? at Layer 2

No

MAC address-based VLAN Subnet-based VLAN assignment

assignment preferred preferred
MAC address or
subnet-based VLAN
assignment preferred?

Yes MAC address-based Subnet-based VLAN Yes

VLAN assignment enabled? assignment enabled?

No No
Yes
Is
Subnet-based VLAN MAC-VLAN Yes
assignment enabled?
enabled?
No No

Yes Protocol-based
VLAN enabled?

No

No
Is default VLAN Discard frame
ID set?

Yes

Allocate VLAN ID to
frame and forward it at
Layer 2

5.2.7 Intra-VLAN Communication

Packets transmitted between users in a VLAN go through three phases:
● Packet transmission from the source user host
Before sending a frame, the source host compares its IP address with the
destination IP address. If the two IP addresses are on the same network
segment, the source host obtains the MAC address of the destination host
and fills the destination field MAC address of the frame with the obtained
MAC address. If the two IP addresses are on different network segments, the

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 197

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

frame needs to be forwarded by the gateway. The source host obtains the
gateway's MAC address, and uses it as the destination MAC address to send
the frame to the gateway.
● Ethernet switching in a switch
The switch determines whether to forward a received frame at Layer 2 or
Layer 3 based on the information in the destination MAC address, VLAN ID,
and Layer 3 forwarding bit.
– If the destination MAC address and VLAN ID of the frame match a MAC
address entry of the switch and the Layer 3 forwarding bit is set, the
switch searches for a Layer 3 forwarding entry based on the destination
IP address. If no entry is found, the switch sends the frame to the CPU.
The CPU then searches for a route to forward the frame at Layer 3.
– If the destination MAC address and VLAN ID of the frame match a MAC
address entry but the Layer 3 forwarding bit is not set, the switch directly
forwards the frame from the outbound interface specified in the
matching MAC address entry.
– If the destination MAC address and VLAN ID of the frame do not match
any MAC address entry, the switch broadcasts the frame to all the
interfaces allowing the VLAN specified in the VID to obtain the MAC
address of the destination host.
For details about Layer 2 and Layer 3 switching, see 2.3.1 Layer 2 Switching
and 2.3.2 Layer 3 Switching.
● Adding and removing VLAN tags during the exchange between devices (for
example, between a switch and a user host, another switch, or another
network device)
Frames processed in a switch all carry VLAN tags. The switch needs to add or
remove VLAN tags according to the interface setting to communicate with
other network devices. For details on how VLAN tags are added and removed
on different interfaces, see 5.2.4 Adding and Removing VLAN Tags.
After VLANs are assigned, broadcast packets are forwarded at Layer 2 in the same
VLAN. That is, users in the same VLAN can directly communicate at Layer 2. There
are two intra-VLAN communication scenarios depending on whether hosts in the
same VLAN connect to the same or multiple switches.

Intra-VLAN Communication Through the Same Switch

As shown in Figure 5-12, Host_1 and Host_2 connect to the same switch, belong
to VLAN 2, and are located on the same network segment. The interfaces
connected to Host_1 and Host_2 are access interfaces.

Figure 5-12 Intra-VLAN communication through the same switch

Switch
IF_1 IF_2
access access
Host_1 VLAN 2 VLAN 2 Host_2
MAC: 1-1-1 MAC: 2-2-2
IP: 10.1.1.2 IP: 10.1.1.3
Subnet Mask: 255.255.255.0 Subnet Mask: 255.255.255.0

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 198

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

When Host_1 sends a packet to Host_2, the packet is transmitted as follows

(assuming that no forwarding entry exists on the switch):

1. Host_1 determines that the destination IP address is on the same network

segment as its IP address, and therefore broadcasts an ARP Request packet to
obtain the MAC address of Host_2. The ARP Request packet carries the all-F
destination MAC address and destination IP address of 10.1.1.3 (Host_2's IP
address).
2. When the packet reaches IF_1 on the Switch, the Switch detects that the ARP
Request packet is untagged and adds VLAN 2 (PVID of IF_1) to the packet.
The Switch then adds the binding of the source MAC address, VLAN ID, and
interface (1-1-1, 2, IF_1) to its MAC address table.
3. The Switch does not find a MAC address entry matching the destination MAC
address and VLAN ID of the ARP Request packet, so it broadcasts the ARP
Request packet to all interfaces that allow VLAN 2 (IF_2 in this example).
4. Before sending the ARP Request packet, IF_2 on the Switch removes the tag
with VLAN 2 from the packet.
5. Host_2 receives the ARP Request packet and records the mapping between
the MAC address and IP address of Host_1 in the ARP table. Then Host_2
compares the destination IP address with its own IP address. If they are the
same, Host_2 sends an ARP Reply packet. The ARP Reply packet carries
Host_2's MAC address of 2-2-2 and Host_1's IP address of 10.1.1.2 as the
destination IP address.
6. After receiving the ARP Reply packet, IF_2 on the Switch tags the packet with
VLAN 2.
7. The Switch adds the mapping between the source MAC address, VLAN ID, and
interface (2-2-2, 2, IF_2) to its MAC address table, and then searches for an
entry in its MAC address table based on the destination MAC address and
VLAN ID (1-1-1, 2). The entry is found because the mapping has been
recorded before (see step 5). The Switch forwards the ARP Reply packet to
IF_1.
8. Before forwarding the ARP Reply packet to IF_1, the Switch removes the tag
with VLAN 2 from the packet.
9. Host_1 receives the ARP Reply packet and records the mapping between the
MAC address and IP address of Host_2 in the ARP table.

Host_1 and Host_2 have learned the MAC address of each other, so they directly
fill the destination MAC address fields of packets with the learned MAC addresses
of the packets in subsequent communication.

In the preceding networking, if hosts in the same VLAN are on different network
segments, they encapsulate the gateway's MAC address into packets. If the Switch
is a Layer 2 switch, hosts cannot communicate. If the Switch is a Layer 3 switch,
hosts can communicate through VLANIF interfaces (with primary and secondary IP
addresses configured). The principles are similar to those in Inter-VLAN
Communication Through the Same Switch, and are not mentioned here.

Intra-VLAN Communication Through Multiple Switches

As shown in Figure 5-13, Host_1 and Host_2 connect to different switches, belong
to VLAN 2, and are located on the same network segment. The switches are

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 199

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

connected using a trunk link over which frames can be identified and sent across
switches.

Figure 5-13 Intra-VLAN communication through multiple switches

Switch_1 trunk trunk Switch_2
VLAN 2 VLAN 2

IF_1 IF_2 IF_2 IF_1

access access
VLAN 2 VLAN 2

Host_1 Host_2
MAC: 1-1-1 MAC: 2-2-2
IP: 10.1.1.2 IP: 10.1.1.3
Subnet Mask: 255.255.255.0 Subnet Mask: 255.255.255.0

When Host_1 sends a packet to Host_2, the packet is transmitted as follows

(assuming that no forwarding entry exists on Switch_1 and Switch_2):
1. The first two steps are similar to steps 1 and 2 in Intra-VLAN
Communication Through the Same Switch. After the two steps are
complete, Host_1 broadcasts the ARP Request packet to IF_2 on Switch_1.
2. IF_2 on Switch_1 transparently transmits the ARP Request packet to IF_2 on
Switch_2 without removing the tag of the packet, because the VLAN ID of the
packet is different from the PVID of IF_2 on Switch_1.
3. After receiving the ARP Request packet, IF_2 on Switch_2 determines that
VLAN 2 is an allowed VLAN and accepts the packet.
4. Following the four steps similar to steps 3 to 6 in Intra-VLAN
Communication Through the Same Switch, Switch_2 forwards the ARP
Reply packet of Host_2 to IF_2. IF_2 on Switch_2 transparently transmits the
ARP Reply packet to IF_2 on Switch_1, because IF_2 is a trunk interface and its
PVID is different from the VLAN ID of the packet.
5. After receiving the ARP Reply packet, IF_2 on Switch_1 determines that VLAN
2 is an allowed VLAN and accepts the packet. Subsequent steps are similar to
steps 7 to 9 in Intra-VLAN Communication Through the Same Switch.
In addition to transmitting frames from multiple VLANs, a trunk link can
transparently transmit frames without adding or removing the tags of the packets.
In the preceding networking, if hosts in the same VLAN are on different network
segments and Switch_1 or Switch_2 is a Layer 2 switch, hosts cannot
communicate. If Switch_1 or Switch_2 is a Layer 3 switch, hosts can communicate
through VLANIF interfaces. The principles are similar to those in Inter-VLAN
Communication Through the Same Switch, and are not mentioned here.

5.2.8 Inter-VLAN Communication

After VLANs are assigned, broadcast packets are only forwarded in the same
VLAN. That is, hosts in different VLANs cannot communicate at Layer 2. Therefore,

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 200

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

VLAN technology isolates broadcast domains. In real-world applications, hosts in

different VLANs often need to communicate, so inter-VLAN communication needs
to be implemented to resolve this.

Similar to intra-VLAN communication described in 5.2.7 Intra-VLAN

Communication, inter-VLAN communication goes through three phases: packet
transmission from the source host, Ethernet switching in a switch, and adding and
removing VLAN tags during the exchange between devices. According to the
Ethernet switching principle, broadcast packets are only forwarded in the same
VLAN and hosts in different VLANs cannot directly communicate at Layer 2. Layer
3 routing or VLAN translation technology is required to implement inter-VLAN
communication.

Inter-VLAN Communication Technologies

Huawei provides a variety of technologies to implement inter-VLAN
communication. The following two technologies are commonly used:
● VLANIF interface
A VLANIF interface is a Layer 3 logical interface that can be used to
implement inter-VLAN Layer 3 connectivity.
It is simple to configure a VLANIF interface, so VLANIF interfaces are the most
commonly used for inter-VLAN communication. However, a VLANIF interface
needs to be configured for each VLAN and each VLANIF interface requires an
IP address. As a result, this technology wastes IP addresses.
● Dot1q termination sub-interface
A sub-interface is also a Layer 3 logical interface that can be used to
implement inter-VLAN Layer 3 connectivity.
A Dot1q termination sub-interface applies to scenarios where a Layer 3
Ethernet interface connects to multiple VLANs. In such a scenario, data flows
from different VLANs preempt bandwidth of the primary Ethernet interface;
therefore, the primary Ethernet interface may become a bottleneck when the
network is busy.
For details about the Dot1q termination sub-interface, see 8 VLAN
Termination Configuration.

VLANIF interfaces require that users in VLANs be located on different network

segments. (When hosts are located on the same network segment, a host
encapsulates the destination host' MAC address in packets. The device determines
that packets should be forwarded at Layer 2. Layer 2 switching is performed only
in the same VLAN, and broadcast packets cannot reach different VLANs. In this
case, the device cannot obtain destination hosts' MAC addresses and therefore
cannot forward packets to the destination host.) On a network, VLAN aggregation
can allow hosts on the same network segment in different VLANs to
communicate.

VLAN aggregation, also known as super-VLAN, associates a super-VLAN with

multiple sub-VLANs. The sub-VLANs share the IP address of the super-VLAN as the
gateway IP address to implement Layer 3 connectivity with an external network.
Proxy ARP can be enabled between sub-VLANs to implement Layer 3 connectivity
between sub-VLANs. VLAN aggregation conserves IP addresses in inter-VLAN
Layer 3 communication.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 201

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

VLAN aggregation applies to scenarios where multiple VLANs share a gateway. For
details about VLAN aggregation, see 6 VLAN Aggregation Configuration.

Inter-VLAN Communication Through the Same Switch

As shown in Figure 5-14, Host_1 (source host) and Host_2 (destination host)
connect to the same Layer 3 switch, are located on different network segments,
and belong to VLAN 2 and VLAN 3, respectively. After VLANIF 2 and VLANIF 3 are
created on the switch and allocated IP addresses, the default gateway addresses of
the hosts are set to IP addresses of the VLANIF interfaces.

Figure 5-14 Using VLANIF interfaces to implement inter-VLAN communication

through the same switch
VLANIF 2 VLANIF 3
IP: 10.1.1.1/24 IP: 10.2.2.1/24
MAC: 3-3-3 Switch MAC: 4-4-4
IF_1 IF_2
access access
Host_1 VLAN 2 VLAN 3 Host_2
MAC: 1-1-1 MAC: 2-2-2
IP: 10.1.1.2 IP: 10.2.2.2
Gateway address: 10.1.1.1 Gateway address: 10.2.2.1

When Host_1 sends a packet to Host_2, the packet is transmitted as follows

(assuming that no forwarding entry exists on the switch):
1. Host_1 determines that the destination IP address is on a different network
segment from its own IP address, and therefore sends an ARP Request packet
to request the gateway MAC address. The ARP Request packet carries the
destination IP address of 10.1.1.1 (gateway's IP address) and all-F destination
MAC address.
2. When the ARP Request packet reaches IF_1 on the Switch, the Switch tags the
packet with VLAN 2 (PVID of IF_1). The Switch then adds the mapping
between the source MAC address, VLAN ID, and interface (1-1-1, 2, IF_1) in its
MAC address table.
3. The Switch detects that the packet is an ARP Request packet and the
destination IP address is the IP address of VLANIF 2. The Switch then
encapsulates VLANIF 2's MAC address of 3-3-3 into the ARP Reply packet
before sending it from IF_1. In addition, the Switch adds the binding of the IP
address and MAC address of Host_1 in its ARP table.
4. After receiving the ARP Reply packet from the Switch, Host_1 adds the
binding of the IP address and MAC address of VLANIF 2 on the Switch in its
ARP table and sends a packet to the Switch. The packet carries the destination
MAC address of 3-3-3 and destination IP address of 10.2.2.2 (Host_2's IP
address).
5. After the packet reaches IF_1 on the Switch, the Switch tags the packet with
VLAN 2.
6. The Switch updates its MAC address table based on the source MAC address,
VLAN ID, and inbound interface of the packet, and compares the destination

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 202

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

MAC address of the packet with the MAC address of VLANIF 2. If they are the
same, the Switch determines that the packet should be forwarded at Layer 3
and searches for a Layer 3 forwarding entry based on the destination IP
address. If no entry is found, the Switch sends the packet to the CPU. The CPU
then searches for a routing entry to forward the packet.
7. The CPU looks up the routing table based on the destination IP address of the
packet and detects that the destination IP address matches a directly
connected network segment (network segment of VLANIF 3). The CPU
continues to look up its ARP table but finds no matching ARP entry. Therefore,
the Switch broadcasts an ARP Request packet with the destination address of
10.2.2.2 to all interfaces in VLAN 3. The ARP Request packet will be send from
IF_2.
8. After receiving the ARP Request packet, Host_2 detects that the IP address is
its own IP address and sends an ARP Reply packet with its own. Additionally,
Host_2 adds the mapping between the MAC address and IP address of
VLANIF 3 to its ARP table.
9. After IF_2 on the Switch receives the ARP Reply packet, IF_2 tags the packet
with VLAN 3 to the packet and adds the binding of the MAC address and IP
address of Host_2 in its ARP table. Before forwarding the packet from Host_1
to Host_2, the Switch removes the tag with VLAN 3 from the packet. The
Switch also adds the binding of Host_2's IP address, MAC address, VLAN ID,
and outbound interface in its Layer 3 forwarding table.
The packet sent from Host_1 then reaches Host_2. The packet transmission
process from Host_2 to Host_1 is similar. Subsequent packets between Host_1 and
Host_2 are first sent to the gateway (Switch), and the Switch forwards the packets
at Layer 3 based on its Layer 3 forwarding table.

Inter-VLAN Communication Through Multiple Switches

When hosts in different VLANs connect to multiple Layer 3 switches, you need to
configure static routes or a dynamic routing protocol in addition to VLANIF
interface addresses. This is because IP addresses of VLANIF interfaces can only be
used to generate direct routes.
As shown in Figure 5-15, Host_1 (source host) and Host_2 (destination host) are
located on different network segments, connect to Layer 3 switches Switch_1 and
Switch_2, and belong to VLAN 2 and VLAN 3, respectively. On Switch_1, VLANIF 2
and VLANIF 4 are created and allocated IP addresses of 10.1.1.1 and 10.1.4.1. On
Switch_2, VLANIF 3 and VLANIF 4 are created and allocated IP addresses of
10.1.2.1 and 10.1.4.2. Static routes are configured on Switch_1 and Switch_2. On
Switch_1, the destination network segment in the static route is 10.1.2.0/24 and
the next hop address is 10.1.4.2. On Switch_2, the destination network segment in
the static route is 10.1.1.0/24 and the next hop address is 10.1.4.1.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 203

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Figure 5-15 Using VLANIF interfaces to implement inter-VLAN communication

through multiple switches
Switch_1 Switch_2
Trunk
VLAN 4
IF_2 IF_2 IF_1
IF_1 access access
VLAN 2 VLAN 3

Host_1 Host_2
MAC: 1-1-1 MAC: 2-2-2
IP: 10.1.1.2 IP: 10.1.2.2
Gateway address: 10.1.1.1 Gateway address: 10.1.2.1

When Host_1 sends a packet to Host_2, the packet is transmitted as follows

(assuming that no forwarding entry exists on Switch_1 and Switch_2):
1. The first six steps are similar to steps 1 to 6 in inter-VLAN communication
when hosts connect to the same switch. After the steps are complete,
Switch_1 sends the packet to its CPU and the CPU looks up the routing table.
2. The CPU of Switch_1 searches for the routing table based on the destination
IP address of 10.1.2.2 and finds a static route. In the static route, the
destination network segment is 10.1.2.0/24 and the next hop address is
10.1.4.2. The CPU continues to look up its ARP table but finds no matching
ARP entry. Therefore, Switch_1 broadcasts an ARP Request packet with the
destination address of 10.1.4.2 to all interfaces in VLAN 4. IF_2 on Switch_1
transparently transmits the ARP Request packet to IF_2 on Switch_2 without
removing the tag from the packet.
3. After the ARP Request packet reaches Switch_2, Switch_2 finds that the
destination IP address of the ARP Request packet is the IP address of VLANIF
4. Switch_2 then sends an ARP Reply packet with the MAC address of VLANIF
4 to Switch_1.
4. IF_2 on Switch_2 transparently transmits the ARP Reply packet to Switch_1.
After Switch_1 receives the ARP Reply packet, it adds the binding of the MAC
address and IP address of VLANIF4 in its ARP table.
5. Before forwarding the packet of Host_1 to Switch_2, Switch_1 changes the
destination MAC address of the packet to the MAC address of VLANIF 4 on
Switch_2 and the source MAC address to the MAC address of VLANIF 4 on
itself. In addition, Switch_1 records the forwarding entry (10.1.2.0/24, next hop
IP address, VLAN, and outbound interface) in its Layer 3 forwarding table.
Similarly, the packet is transparently transmitted to IF_2 on Switch_2.
6. After Switch_2 receives packets of Host_1 forwarded by Switch_1, the steps
similar to steps 6 to 9 in inter-VLAN communication when hosts connect to
the same switch are performed. In addition, Switch_2 records the forwarding
entry (Host_2's IP address, MAC address, VLAN, and outbound interface) in its
Layer 3 forwarding table.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 204

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

5.2.9 Intra-VLAN Layer 2 Isolation

You can add different users to different VLANs to implement Layer 2 isolation
between users. If an enterprise has many users, VLANs have to be allocated to all
users who are not allowed to communicate with each other. This user isolation
method uses a large number of VLANs and makes configuration more complex,
increasing the maintenance workload of the network administrator.
Huawei provides intra-VLAN Layer 2 isolation technologies including port isolation,
MUX VLAN, and Modular QoS Command-Line Interface (MQC).

Port Isolation
Port isolation can isolate interfaces in a VLAN. You can add interfaces to a port
isolation group to disable Layer 2 packet transmission between the interfaces.
Interfaces in different port isolation groups or out of port isolation groups can
exchange packets with other interfaces. In addition, interfaces can be isolated
unidirectionally, providing more secure and flexible networking.
For details about port isolation, see Configuring Port Isolation in "Ethernet
Interface Configuration" in the S1720, S2700, S5700, and S6720 V200R011C10
Configuration Guide - Interface Management.

MUX VLAN
Multiplex VLAN (MUX VLAN) provides a mechanism to control network resources
using VLANs. It can implement inter-VLAN communication and intra-VLAN
isolation.
For example, an enterprise has the following requirements:
● Employees can communicate with each other but customers are isolated.
● Both employees and customers can access enterprise servers.
You can deploy the MUX VLAN to meet the preceding requirements.
For details about the MUX VLAN feature, see 7 MUX VLAN Configuration.

Intra-VLAN Layer 2 Isolation Based on the Traffic Policy

A traffic policy is configured by binding traffic classifiers to traffic behaviors. You
can define traffic classifiers on a switch to match packets with certain
characteristics and associate the traffic classifiers with the permit or deny behavior
in a traffic policy. The switch then permits or denies packets matching the traffic
classifiers. In this way, intra-VLAN unidirectional or bidirectional isolation is
implemented based on the traffic policy.
The switch supports intra-VLAN Layer 2 isolation based on MQC and ACL-based
simplified traffic polices. For details about MQC and ACL-based simplified traffic
polices, see MQC Configuration and ACL-based Simplified Traffic Policy
Configuration in the S1720, S2700, S5700, and S6720 V200R011C10 Configuration
Guide - QoS.

5.2.10 Inter-VLAN Layer 3 Isolation

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 205

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

After inter-VLAN Layer 3 connectivity is implemented between two VLANs, all

users in the VLANs can communicate. In some scenarios, communication between
some users needs to be prevented or only unidirectional communication is
allowed. For example, user hosts and servers often use unidirectional
communication, and visitors to an enterprise are often allowed to access only the
Internet or some servers. In these scenarios, you need to configure inter-VLAN
isolation.
Inter-VLAN isolation is often implemented using a traffic policy. You can define
traffic classifiers on a switch to match packets with certain characteristics and
associate the traffic classifiers with the permit or deny behavior in a traffic policy.
The switch then permits or rejects the packets matching the traffic classifiers. This
technology implements flexible inter-VLAN isolation.
The switch supports inter-VLAN Layer 3 isolation based on MQC and ACL-based
simplified traffic policies. For details about MQC and ACL-based simplified traffic
policies, see MQC Configuration and ACL-based Simplified Traffic Policy
Configuration in the S1720, S2700, S5700, and S6720 V200R011C10 Configuration
Guide - QoS.

5.2.11 mVLAN
To use a remote network management system (NMS) to manage devices in a
centralized manner, configure a management IP address on the switch. You can
then use the management IP address to log in to the switch using STelnet and
manage the switch. If a user-side interface is added to the VLAN corresponding to
the management IP address, users connected to the interface can also log in to
the switch. This poses security risks to the switch.
To enhance security, you can configure the VLAN as the management VLAN
(mVLAN). Access or Dot1q tunnel interfaces cannot be added to the mVLAN. (The
VLANs not specified as the mVLAN are service VLANs.) Access and Dot1q tunnel
interfaces are often connected to users. When these interfaces are prevented from
joining the mVLAN, users connected to the interfaces cannot log in to the device,
improving device security.

5.2.12 Protocol Packet Transparent Transmission in a VLAN

When a gateway device or Layer 2 switch is enabled with snooping functions such
as DHCP/IGMP/MLD snooping, the device needs to parse and process protocol
packets such as ARP, DHCP, and IGMP packets. That is, protocol packets received
by an interface are sent to the CPU for processing. The interface sends protocol
packets without differentiating VLANs. If the preceding functions are deployed,
protocol packets from all VLANs are sent to the CPU for processing.
If the device works as the gateway or provides the snooping functions for only
some VLANs, the device does not need to process protocol packets in other VLANs.
After the protocol packets in other VLANs are sent to the CPU, the CPU needs to
forward them to other devices. This mechanism is called software forwarding.
Protocol packet processing in software forwarding decreases the forwarding
efficiency.
To address this issue, deploy protocol packet transparent transmission in VLANs
where protocol packets do not need to be processed. This function enables the
device to transparently transmit the protocol packets in the VLANs to other
devices, which improves the forwarding efficiency.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 206

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

NOTE

Only the S5720HI, S5720EI, S6720EI, and S6720S-EI support this function.

5.3 Application Scenarios for VLANs

5.3.1 Using VLAN Assignment to Implement Layer 2 Isolation

Interface-based VLAN Assignment

As shown in Figure 5-16, there are multiple companies in a building. These
companies share network resources to reduce costs. Networks of the companies
connect to different interfaces of the same Layer 2 switch and access the Internet
through an egress.

Figure 5-16 Networking of interface-based VLAN assignment

Internet

L3 Switch

L2 Switch

Company_1 Company_2 Company_3

VLAN 2 VLAN 3 VLAN 4

To isolate services and ensure service security of different companies, add

interfaces connected to the companies to different VLANs. Each company has a
virtual router and each VLAN is a virtual work group.

MAC Address-based VLAN Assignment

As shown in Figure 5-17, a company has two office areas that connect to the
company's network through Switch_2 and Switch_3 respectively. Employees often
move between the two office areas.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 207

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Figure 5-17 Networking of MAC address-based VLAN assignment

Switch_1
Server
VLAN 10

Switch_2 Switch_3

Office Office
area 1 area 2

User_1 User_1
VLAN 10 VLAN 10

To enable employees to access network resources such as servers after they move
from one office area to the other, configure MAC address-based VLAN assignment
on Switch_2 and Switch_3. As long as the MAC address of User_1 remains
unchanged, the user belongs to the same VLAN and can still access the company's
network resources after changing the location.

IP Subnet-based VLAN Assignment

As shown in Figure 5-18, a company has two departments: departments 1 and 2.
The two departments are assigned fixed IP network segments. Employees'
locations often change to strengthen learning and communication, but the
company requires that network resource access rights remain unchanged.

Figure 5-18 Networking of IP subnet-based VLAN assignment

Server of department 1
Switch_1 VLAN 10

Server of department 2
VLAN 20

Switch_2 Switch_3

Department 1 Department 2

10.1.1.2 10.1.2.2 10.1.1.3 10.1.2.3

VLAN 10 VLAN 20 VLAN 10 VLAN 20

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 208

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

To ensure that employees retain the rights to access network resources after
changing locations, configure IP subnet-based VLAN assignment on the company's
central switch. Different network segments of servers are assigned to different
VLANs to isolate data flows of different application services, improving security.

5.3.2 Using VLANIF Interfaces to Implement Inter-VLAN Layer

3 Connectivity
VLANIF interfaces are used to implement inter-VLAN Layer 3 connectivity when
devices are connected to the same Layer 3 switch or different Layer 3 switches.

Inter-VLAN Layer 3 Connectivity Between Devices Connected to the Same

Layer 3 Switch
As shown in Figure 5-19, departments 1 and 2 of a small-scale company belong
to VLAN 2 and VLAN 3, respectively, and connect to a Layer 3 switch (Switch)
through Layer 2 switches. Packets exchanged between the two departments need
to pass the Layer 3 switch.

Figure 5-19 Using VLANIF interfaces to implement inter-VLAN communication

through the same Layer 3 switch
Switch
(L3)

VLANIF 2 VLANIF 3

Switch_1 Switch_2
(L2) (L2)

Department 1 Department 2

PC_1 PC_2
VLAN 2 VLAN 3

Assign VLANs on Switch_1 and Switch_2, configure Switch_1 and Switch_2 to

transparently transmit VLAN packets to the Layer 3 switch, and configure a
VLANIF interface for each VLAN on the Layer 3 switch to allow communication
between VLAN 2 and VLAN 3.

Inter-VLAN Layer 3 Connectivity Between Devices Connected to Different

Layer 3 Switches
As shown in Figure 5-20, departments 1 and 2 of a medium- or large-scale
company are connected across two or more Layer 3 switches, and belong to VLAN
2 and VLAN 3 respectively. Packets exchanged between the two departments need
to pass the Layer 3 switches.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 209

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Figure 5-20 Using VLANIF interfaces to implement inter-VLAN communication

through multiple Layer 3 switches
Switch_1 Switch_2
(L3) (L3)

Layer 3 network
VLANIF 2 VLANIF 3

L2 Switch L2 Switch

Department 1 Department 2

PC_1 PC_2
VLAN 2 VLAN 3

Assign VLANs on the Layer 2 switches, and configure the Layer 2 switches to
transparently transmit VLAN packets to Layer 3 switches. Configure a VLANIF
interface for each user VLAN and interconnected VLANs on Switch_1 and
Switch_2, and configure VLANIF interfaces for interconnected VLANs on other
Layer 3 devices. In addition, configure static routes or a dynamic routing protocol
between Switch_1 and Switch_2 (a dynamic routing protocol is recommended
when devices are connected across more than two Layer 3 switches).

5.3.3 Using a Traffic Policy to Implement Inter-VLAN Access

Control
As shown in Figure 5-21, to ensure communication security, a company divides
the network into visitor area, employee area, and server area, and assigns VLAN
10, VLAN 20, and VLAN 30 to the areas respectively. The company has the
following requirements:
● Employees, visitors, and servers can access the Internet.
● Visitors cannot communicate with employees and can access only Server_1 in
the server area.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 210

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Figure 5-21 Using a traffic policy to implement inter-VLAN access control

Internet

Router

Switch VLANIF 100

(L3)
VLANIF 10 VLANIF 30

VLANIF 20

L2 Switch L2 Switch L2 Switch

Visitor Employee Server

area area area
Visitor_1 Employee_1 Server_1
10.1.1.2/24 10.1.2.2/24 10.1.3.2/24
VLAN 10 VLAN 20 VLAN 30

After the central switch (Switch) is configured with VLANIF 10, VLANIF 20, VLANIF
30, and VLANIF 100 and a route to the router, employees, visitors, and servers can
access the Internet and communicate with each other. To control access rights of
visitors, configure a traffic policy on the central switch and define the following
rules:
● ACL rule 1: denies the packets sent from the IP network segment of visitors to
the IP segment of employees.
● ACL rule 2: permits the packets from the IP network segment of visitors to the
IP address of Server_1, and denies the packets from the IP network segment
of visitors and to the IP segment of servers.
● ACL rule 3: denies the packets from the IP network segment of employees to
the IP segment of visitors.
● ACL rule 4: denies the packets from the IP network segment of servers to the
IP segment of visitors.

Apply the traffic policy to the inbound and outbound direction of the switch
interface connected to the visitor area. Visitors can then only access Server_1 and
cannot communicate with employees.

5.3.4 Using a VLANIF Interface to Implement Layer 3

Connectivity Between the Switch and Router
To reduce costs, most enterprises use switches to connect internal devices and an
egress router to connect to an ISP network, as shown in Figure 5-22.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 211

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Figure 5-22 Connection between the switch and router

Egress
Core switch
router
Enterprise intranet GE0/0/1 ISP
VLANIF10 GE1/0/1.1 network
10.1.1.1/24 10.1.1.2/24

To access the ISP network, the core Layer 3 switch and egress router need to
interwork at Layer 3. Most Layer 3 switches do not support routed interfaces or
support limited routed interfaces. Generally, a VLANIF interface is used as a Layer
3 interface to communicate with the Layer 3 sub-interface of the router, and then
static route or a dynamic routing protocol is configured to implement Layer 3
connectivity between the core switch and egress router.

5.4 Summary of VLAN Configuration Tasks

Table 5-5 describes the VLAN configuration tasks. Figure 5-23 illustrates the
logical relationship between configuration tasks.

Figure 5-23 Logical relationship between configuration tasks

Assign VLANs

Configure VLANIF
Configure MQC-based Configure protocol
interfaces to implement
intra-VLAN Layer 2 Configure mVLAN packet transparent
inter-VLAN
isolation transmission in a VLAN
communication

Configure MQC to
implement inter-VLAN
isolation

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 212

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Table 5-5 VLAN configuration tasks

Configuration Task Description

Assign VLANs: VLANs can isolate the hosts that do not

● Configuring Interface-based need to communicate with each other,
VLAN Assignment which improves network security, reduces
broadcast traffic, and mitigates broadcast
● Configuring MAC Address- storms.
based VLAN Assignment
● Configuring IP Subnet-based
VLAN Assignment
● Configuring Protocol-based
VLAN Assignment
● Configuring Policy-based
VLAN Assignment

Configuring Inter-VLAN After VLANs are assigned, users in different

Communication VLANs cannot directly communicate with
each other. If users in different VLANs need
to communicate, configure VLANIF
interfaces to implement inter-VLAN Layer 3
connectivity.

Configuring a Traffic Policy to After VLANs are assigned, users in the same
Implement Intra-VLAN Layer 2 VLAN can directly communicate with each
Isolation other. If some users in the same VLAN need
to be isolated, configure MQC-based intra-
VLAN Layer 2 isolation.
NOTE
Intra-VLAN isolation can also be implemented
using port isolation. For details about port
isolation, see Configuring Port Isolation in
"Ethernet Interface Configuration" in the S1720,
S2700, S5700, and S6720 V200R011C10
Configuration Guide - Interface Management.

Configuring a Traffic Policy to After VLANIF interfaces are configured to

Implement Inter-VLAN Layer 3 implement inter-VLAN connectivity, users in
Isolation different VLANs can communicate at Layer
3. If some users in different VLANs require
unidirectional communication or need to be
isolated, configure a traffic policy.

Configuring an mVLAN To use the NMS to manage devices in a

centralized manner, assign VLANs and
configure a VLAN as the management
VLAN.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 213

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Configuration Task Description

Configuring Transparent An interface sends protocol packets of all

Transmission of Protocol VLANs to the CPU for processing, affecting
Packets in a VLAN the forwarding efficiency. You can configure
protocol packet transparent transmission in
a VLAN so that the switch sends only
protocol packets in a specified VLAN. This
function improves the forwarding efficiency.

5.5 Licensing Requirements and Limitations for VLANs

Involved Network Elements

Other network elements are not required.

Licensing Requirements
VLAN technology configuration commands are available only after the S1720GW,
S1720GWR, and S1720X have the license (WEB management to full management
Electronic RTU License) loaded and activated and the switches are restarted. VLAN
technology configuration commands on other models are not under license
control.

For details about how to apply for a license, see S Series Switch License Use
Guide.

Version Requirements

Table 5-6 Products and versions supporting VLAN technology

Series Products Software Version

S1700 S1720GFR V200R006C10, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S1720GW, V200R010C00, V200R011C00, V200R011C10

S1720GWR

S1720GW- V200R010C00, V200R011C00, V200R011C10

E,
S1720GWR
-E

S1720X, V200R011C00, V200R011C10

S1720X-E

Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 214

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Series Products Software Version

S2700 S2700SI V100R005C01, V100R006(C00&C01&C03&C05)

S2700EI V100R005C01, V100R006(C00&C01&C03&C05)

S2710SI V100R006(C03&C05)

S2720EI V200R006C10, V200R009C00, V200R010C00,

V200R011C10

S2750EI V200R003C00, V200R005C00SPC300, V200R006C00,

V200R007C00, V200R008C00, V200R009C00,
V200R010C00, V200R011C00, V200R011C10

S3700 S3700SI V100R005C01, V100R006(C00&C01&C03&C05)

S3700EI V100R005C01, V100R006(C00&C01&C03&C05)

S3700HI V100R006C01, V200R001C00

S5700 S5700LI V200R001C00, V200R002C00,

V200R003(C00&C02&C10), V200R005C00SPC300,
V200R006C00, V200R007C00, V200R008C00,
V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5700S-LI V200R001C00, V200R002C00, V200R003C00,

V200R005C00SPC300, V200R006C00, V200R007C00,
V200R008C00, V200R009C00, V200R010C00,
V200R011C00, V200R011C10

S5710-C-LI V200R001C00

S5710-X-LI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S5700EI V100R005C01, V100R006(C00&C01),

V200R001(C00&C01), V200R002C00, V200R003C00,
V200R005(C00&C01&C02&C03)

S5700SI V100R005C01, V100R006C00, V200R001C00,

V200R002C00, V200R003C00, V200R005C00

S5710EI V200R001C00, V200R002C00, V200R003C00,

V200R005(C00&C02)

S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10

S5720LI, V200R010C00, V200R011C00, V200R011C10

S5720S-LI

S5720SI, V200R008C00, V200R009C00, V200R010C00,

S5720S-SI V200R011C00, V200R011C10

S5700HI V100R006C01, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00SPC500&C01&C02)

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 215

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Series Products Software Version

S5710HI V200R003C00, V200R005(C00&C02&C03)

S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5730SI V200R011C10

S5730S-EI V200R011C10

S6700 S6700EI V100R006C00, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00&C01&C02)

S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, V200R011C00, V200R011C10

S6720S-LI

S6720SI, V200R011C00, V200R011C10

S6720S-SI

NOTE
To know details about software mappings, see Hardware Query Tool.

Feature Limitations
● Table 5-7 describes the specifications of VLAN technology.

Table 5-7 Specifications of VLAN technology

Item Specification

Maximum number of VLANs in the 4096 (VLAN 0 and VLAN 4095 are
system reserved)

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 216

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Maximum number of VLANIF ● S2710SI/S5710-C-LI: 1

interfaces in the system ● S2700SI/S2700EI/S1720GFR/
S5710-X-LI: 8
● S2720EI (V200R006C10,
V200R009C00, V200R010C00): 8
● S2720EI (V200R011C10): 1024
● S3700SI/S3700EI/S3700HI/
S5700SI/S5700EI: 256
● S1720GW/S1720GWR/S1720X/
S1720GW-E/S1720GWR-E/
S1720X-E/S5700HI/S5730SI/
S5730S-EI/S5720EI/S5720HI/
S5710HI/S5720SI/S5720S-SI/
S5720LI/S5720S-LI/S6720LI/
S6720S-LI/S6720SI/S6720S-SI/
S6720EI/S6720S-EI: 1024
● S2750EI/S5700LI/S5700S-LI: 1 in
earlier versions of V200R005 and
8 in V200R005 and later versions
● S5710EI/S6700EI: 256 in earlier
versions of V200R005 and 1024
in V200R005 version

● If LNP is used to dynamically negotiate the link type (LNP is enabled by

default), it is recommended that each interface should be added to a
maximum of 1000 VLANs and a maximum of 200 interfaces should be
configured on a switch. If 4094 VLANs are configured globally, it is
recommended that a maximum of 50 interfaces should be enabled with LNP.
Otherwise, the alarm about a high CPU usage is generated for a short time.
● You are advised to plan service and management VLANs so that any
broadcast storms in service VLANs do not affect switch management.
● In practice, specify VLANs from which packets need to be transparently
transmitted by a trunk interface. Do not use the port trunk allow-pass vlan
all command if possible.
● In earlier versions of V200R005, before changing the interface type, restore
the default VLAN of the interface.
● In earlier versions of V200R005, before deleting a VLAN where a VLANIF
interface has been configured, run the undo interface vlanif vlan-id
command to delete the VLANIF interface.
● All interfaces join VLAN 1 by default. When unknown unicast, multicast, or
broadcast packets of VLAN 1 exist on the network, broadcast storms may
occur. When VLAN 1 is used, pay attention to the following points:
– You are not advised to use VLAN 1 as the management VLAN or service
VLAN.
– Remove the interfaces that do not need to join VLAN 1 from VLAN 1 to
prevent loops. A trunk interface often permits packets from VLAN 1 to
pass through. If a trunk interface rejects packets from VLAN 1, some
protocol packets transmitted in VLAN 1 may be incorrectly discarded. To

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 217

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

prevent such faults, take measures to prevent potential risks when

packets of VLAN 1 are allowed to pass through.
– If a spanning tree protocol is used and a trunk interface on the switch
rejects packets from VLAN 1, run the stp bpdu vlan command to enable
the switch to encapsulate the specified VLAN ID in outgoing STP BPDUs
so that the spanning tree protocol runs properly.
– You are advised to remove interfaces from VLAN 1 in Eth-Trunk or ring
networking.
– When the switch connects to an access device, to prevent broadcast
storms in VLAN 1, do not configure the uplink interface of the access
device to transparently transmit packets from VLAN 1.
– When an interface is bound to a VLANIF interface for Layer 3 forwarding,
remove the interface from VLAN 1 to prevent Layer 2 loops in VLAN 1.

5.6 Default Settings for VLANs

Table 5-8 Default setting for VLANs

Parameter Default Setting

Defaul Inter ● S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E,

t face S1720GWR-E, S1720X-E, S2720EI, S2750, S5700LI, S5700S-LI,
config type S5720LI, S5720S-LI, S5730SI, S5730S-EI, S6720LI, S6720S-LI,
uratio S6720SI, S6720S-SI, S5710-X-LI, S5720SI, and S5720S-SI:
n of negotiation-auto
an ● Other models: negotiation-desirable
interfa
ce Defa VLAN 1
ult
VLA
N

VLA ● VLAN 1 that access interfaces join in untagged mode (port

N default vlan 1)
that ● VLANs 1 to 4094 that trunk interfaces join in tagged mode
an (port trunk allow-pass vlan 1 to 4094)
inter
face
joins

Damping time 0s
for a VLANIF
interface in
Down state

Traffic Disabled
statistics
collection in a
VLAN

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 218

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Parameter Default Setting

Traffic Disabled
statistics
collection on
a VLANIF
interface

5.7 Configuring VLANs

5.7.1 Configuring Interface-based VLAN Assignment

(Statically Configured Interface Type)
Context
Interface-based VLAN assignment is the simplest and most effective method.
VLANs are assigned based on interfaces. After an interface is added to a VLAN,
the interface can forward packets from the VLAN. Interface-based VLAN
assignment allows hosts in the same VLAN to communicate and prevents hosts in
different VLANs from communicating, so broadcast packets are limited in a VLAN.
Ethernet interfaces are classified into access, trunk, and hybrid interfaces
according to the objects connected to the Ethernet interfaces and number of
VLANs from which untagged frames are permitted (see Interface Types):
● Access interface
The switch processes only tagged frames and an access interface connected to
devices only receives and sends untagged frames, so the access interface
needs to add a VLAN tag to received frames. That is, you must configure the
default VLAN for the access interface. After the default VLAN is configured,
the access interface joins the VLAN.
An access interface needs to process only untagged frames. If a user connects
a switching device to a user-side interface without permission, the user-side
interface may receive tagged frames. You can configure the user-side interface
to discard tagged frames, preventing unauthorized access.
● Trunk interface
When a trunk interface connects to a device such as an AP or a voice terminal
that can receive and send tagged and untagged frames simultaneously, you
need to configure the default VLAN for the trunk interface so that the trunk
interface can add the VLAN tag to untagged frames.
● Hybrid interface
When a hybrid interface connects to an AP, a voice terminal, a hub, a host, or
a server that sends untagged frames to the switch, you need to configure the
default VLAN for the hybrid interface so that the hybrid interface can add the
VLAN tag to untagged frames.
Frames sent by a switch all carry VLAN tags. In some scenarios, VLAN tags
need to be removed from frames sent by a hybrid interface. For example, in
VLAN stacking scenarios, before packets from multiple VLANs on an ISP

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 219

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

network enter a user network, outer VLAN tags need to be removed from the
packets. A trunk interface allows untagged packets from only one VLAN, so
the interface must be configured as hybrid. For details about VLAN stacking,
see QinQ Configuration.
On the S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E,
S1720X-E, S2720EI, S2750, S5700LI, S5700S-LI, S5720LI, S5720S-LI, S5730SI,
S5730S-EI, S6720LI, S6720S-LI, S6720SI, S6720S-SI, S5710-X-LI, S5720SI, and
S5720S-SI, the type of an interface is negotiation-auto by default. The type of an
interface is negotiation-desirable by default on other models.

Procedure
● Configuring the default VLAN for an access interface
a. Run system-view
The system view is displayed.
b. Run vlan vlan-id
A VLAN is created and the VLAN view is displayed, or the view of an
existing VLAN is displayed.
c. Run quit
Return to the system view.
d. Run interface interface-type interface-number
The view of the Ethernet interface to be added to the VLAN is displayed.
e. Run port link-type access
The Ethernet interface is configured as the access interface.
f. Run port default vlan vlan-id
The default VLAN is configured for the interface and the interface is
added to the specified VLAN.
g. (Optional) Run port discard tagged-packet
The interface is configured to discard incoming tagged packets.
● Configuring the default VLAN for a trunk interface
a. Run system-view
The system view is displayed.
b. Run vlan vlan-id
A VLAN is created and the VLAN view is displayed, or the view of an
existing VLAN is displayed.
c. Run quit
Return to the system view.
d. Run interface interface-type interface-number
The view of the Ethernet interface to be added to the VLAN is displayed.
e. Run port link-type trunk
The Ethernet interface is configured as the trunk interface.
f. Run port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> |
all }
The interface is added to the specified VLAN.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 220

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

g. (Optional) Run port trunk pvid vlan vlan-id

The default VLAN is configured for the trunk interface.

NOTE

If the VLAN allowed by an interface is the default VLAN of the interface, packets from
the VLAN are forwarded in untagged mode.
● Configuring the default VLAN for a hybrid interface
a. Run system-view
The system view is displayed.
b. Run vlan vlan-id
A VLAN is created and the VLAN view is displayed, or the view of an
existing VLAN is displayed.
c. Run quit
Return to the system view.
d. Run interface interface-type interface-number
The view of the Ethernet interface to be added to the VLAN is displayed.
e. Run port link-type hybrid
The Ethernet interface is configured as the hybrid interface.
f. Run the following commands as required.

▪ Run port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] }

&<1-10> | all }
The hybrid interface is added to the VLAN in untagged mode.

▪ Run port hybrid tagged vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> |

all }
The hybrid interface is added to the VLAN in tagged mode.
g. (Optional) Run port hybrid pvid vlan vlan-id
The default VLAN is configured for the hybrid interface.
----End

Configuration Tips
Configuring a name for a VLAN
When multiple VLANs are created on the device, you are advised to configure
names for the VLANs to facilitate management. After a name is configured for a
VLAN, you can directly enter the VLAN view using the name.
# Set the name of VLAN 10 to huawei.
<HUAWEI> system-view
[HUAWEI] vlan 10
[HUAWEI-vlan10] name huawei
[HUAWEI-vlan10] quit

# After a name is configured for a VLAN, you can directly enter the VLAN view
using the name.
[HUAWEI] vlan vlan-name huawei
[HUAWEI-vlan10] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 221

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Adding interfaces to a VLAN in a batch

To perform the same VLAN configuration for multiple Ethernet interfaces, use the
port group, which can reduce the workload. To add access interfaces to a VLAN in
a batch, you can also run the port interface-type { interface-number1 [ to
interface-number2 ] }&<1-10> command in the VLAN view. For details, see Adding
Interfaces to a VLAN in a Batch.

Restoring the default VLAN configuration of an interface

If the VLAN planning of an interface is changed, you need to delete the original
VLAN configuration of the interface. If many noncontiguous VLANs are configured
on the interface, you need to delete the original VLAN configuration multiple
times. To reduce deletion operations, restore the default VLAN configuration of
the interface. For details, see Restoring the Default VLAN Configuration of an
Interface.

Changing the interface type

When the interface planning changes or the current interface type is different
from the configured one, the interface type needs to be changed. For details, see
Changing the Link Type of an Interface.

Deleting a VLAN

If a VLAN is not in use, you are advised to delete it immediately to save VLAN
resources and reduce packets on a network. For details, see Deleting a VLAN or
VLANs in a Batch.

Verifying the Configuration

● Run the display port vlan [ interface-type interface-number | active ] *
command in any view to check information about interfaces of the VLAN.
● Run the display vlan command in any view to check information about
VLANs.

5.7.2 Configuring Interface-based VLAN Assignment (LNP

Dynamically Negotiates the Link Type)

Context
The switch supports the following link types on an Ethernet interface: access,
hybrid, trunk, and QinQ. The four link types are applicable to different network
positions and are manually specified. If the network topology changes, link types
of Ethernet interfaces also need to be reconfigured and the configuration is
complex. To simplify the configuration, LNP supports auto-negotiation of the link
types on Ethernet interfaces and allows Ethernet interfaces to join VLANs after the
auto-negotiation.

When Link-type Negotiation Protocol (LNP) is deployed, the VLAN Central

Management Protocol (VCMP) needs to be deployed so that VLANs can be
created and deleted in a centralized manner and user configurations are
simplified. For details about VCMP, see 13 VCMP Configuration.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 222

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run undo lnp disable

Global LNP is enabled.

By default, global LNP is enabled. That is, LNP is enabled on all interfaces.

Step 3 Run interface interface-type interface-number

The view of the Ethernet interface that needs to be enabled with LNP is displayed.

Step 4 Run undo port negotiation disable

LNP is enabled on the Layer 2 Ethernet interface.

By default, LNP is enabled on all interfaces of the device.

NOTE

When performing this step, ensure that the interface is a Layer 2 interface. If the interface
is not a Layer 2 interface, run the portswitch command to configure the interface as a
Layer 2 interface.
When an LNP-capable device is used with an LNP-incapable device, the LNP-capable device
continuously sends LNP packets, which wastes bandwidth. You can run the port
negotiation disable command in the Layer 2 Ethernet interface view to disable LNP.
To ensure successful negotiation, ensure that LNP is enabled globally and in the interface
view.

Step 5 Run port link-type { negotiation-desirable | negotiation-auto }

An LNP mode is configured.

By default, the LNP mode of a Layer 2 Ethernet interface on the S1720GFR,

S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E, S1720X-E, S2720EI,
S2750, S5700LI, S5700S-LI, S5720LI, S5720S-LI, S6720LI, S6720S-LI, S5710-X-LI,
S5730SI, S5730S-EI, S6720SI, S6720S-SI, S5720SI, and S5720S-SI is negotiation-
auto, and the LNP negotiation mode of a Layer 2 Ethernet interface on other
models is negotiation-desirable.

There are limitations on the interface where the LNP mode is set to negotiation-
desirable or negotiation-auto:
● The sub-interface cannot be created.
● The MUX VLAN cannot be enabled.
● The voice VLAN in auto mode cannot be configured on the interface.

Step 6 Configure the VLAN allowed by an interface.

● When a trunk interface is negotiated, perform the following operations.
a. Run port trunk allow-pass only-vlan { { vlan-id1 [ to vlan-id2 ] }
&<1-10> | none }
The VLAN allowed by the trunk interface is configured.
By default, a trunk interface allows all VLANs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 223

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

b. (Optional) Run port trunk pvid vlan vlan-id

The default VLAN of the interface is configured.
When the interface that connects to an AP or voice terminal receives
untagged and tagged frames, configure the default VLAN for the
interface so that interface adds the VLAN tag to untagged frames.
By default, the default VLAN of a trunk interface is VLAN 1.
● When an access interface is negotiated, perform the following operation.
Run port default vlan vlan-id
The default VLAN is configured for the access interface and the access
interface is added to a specified VLAN.
By default, the default VLAN of an access interface and the VLAN that an
access interface joins are both VLAN 1.

----End

Verifying the Configuration

● Run the display lnp { interface interface-type interface-number | summary }
command in any view to check LNP negotiation information on a Layer 2
Ethernet interface.

5.7.3 Configuring MAC Address-based VLAN Assignment

Context
In MAC address-based VLAN assignment mode, when physical locations of users
change, you do not need to reconfigure VLANs for the users. This improves
security and access flexibility on a network.
The switch that has MAC address-based VLAN assignment enabled processes only
untagged frames, and treats tagged frames in the same manner as interface-
based VLAN assignment.
When receiving an untagged frame, an interface matches the source MAC address
of the frame against the MAC-VLAN table.
● If an entry is matched, the interface forwards the frame based on the VLAN
ID and priority in the entry.
● If no entry is found, the interface matches the frame against other matching
rules.
The total number of MAC-VLAN entries is the number of configured MAC-VLAN
entries multiplied by the number of interfaces where MAC-VLAN entries are
delivered. On different models, the number of MAC-VLAN entries is different:
● The S5720HI, S5720EI, S5720SI, S5720S-SI, S6720EI, and S6720S-EI support a
maximum of 1024 MAC-VLAN entries and a maximum of 64 MAC-VLAN
entries with the mask.
● The S2720EI, S5710-X-LI, S1720GFR, S1720GW, S1720GWR, S1720X,
S1720GW-E, S1720GWR-E, S1720X-E, S5720S-LI, S5730SI, S5730S-EI, S6720SI,
S6720S-SI, S6720LI, S6720S-LI, S5700S-28X-LI-AC and S5700S-52X-LI-AC of
S5700S-LI and S5720LI support a maximum of 512 MAC-VLAN entries and a
maximum of 64 MAC-VLAN entries with the mask.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 224

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

● Other models support a maximum of 512 MAC-VLAN entries and a maximum

of 32 MAC-VLAN entries with the mask.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run vlan vlan-id

A VLAN is created and the VLAN view is displayed. If the specified VLAN has been
created, the VLAN view is directly displayed.

The VLAN ID ranges from 1 to 4094. If VLANs need to be created in a batch, run
the vlan batch { vlan-id1 [ to vlan-id2 ] } &<1-10> command to create VLANs in
a batch, and then run the vlan vlan-id command to enter the view of a specified
VLAN.

NOTE

If a device is configured with multiple VLANs, configuring names for these VLANs is
recommended:
Run the name vlan-name command in the VLAN view. After a VLAN name is configured,
you can run the vlan vlan-name vlan-name command in the system view to enter the
corresponding VLAN view.
The vlan configuration command completes the VLAN configuration when the VLAN is not
created.

Step 3 Run mac-vlan mac-address mac-address [ mac-address-mask | mac-address-

mask-length ] [ priority priority ]
A MAC address is associated with a VLAN.

NOTE

When the mac-vlan mac-address command with the same MAC address specified is
executed multiple times, MAC-VLAN entries take effect according to the longest match
principle. On the S5720EI, S6720EI, and S6720S-EI, MAC-VLAN entries take effect according
to the longest match principle only when the mask has 47 bits or less than 47 bits, and the
MAC-VLAN entry with the 48-bit mask has the lowest priority.
● The MAC address is in H-H-H format. An H is a hexadecimal number of 1 to 4
digits, such as 00e0 and fc01. If you enter fewer than four digits, 0s are
padded before the input digits. For example, if e0 is entered, 00e0 is
displayed. The MAC address cannot be all Fs, all 0s, or a multicast MAC
address.
● If a MAC-VLAN entry with the mask specified (excluding the 48-bit mask or
mask with all Fs), run the undo mac-vlan mac-address command to delete
the MAC-VLAN entry and then run the mac-vlan mac-address command to
change the priority.
● priority specifies the 802.1p priority of a MAC address-based VLAN. The value
ranges from 0 to 7. A larger value indicates a higher priority. The default
value is 0. After the 802.1p priority of a MAC address-based VLAN is specified,
the switch first forwards high-priority frames in the case of congestion.

Step 4 Run quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 225

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Return to the system view.

Step 5 Configure attributes for the Ethernet interface.

1. Run interface interface-type interface-number
The view of the interface that allows the MAC address-based VLAN is
displayed.
2. Run port link-type hybrid
The interface is configured as the hybrid interface.
It is recommended that MAC address-based VLAN assignment should be
configured on the hybrid interface.
3. Run port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }
On access and trunk interfaces, MAC address-based VLAN assignment can be
used only when the MAC address-based VLAN is the same as the PVID. It is
recommended that MAC address-based VLAN assignment be configured on
hybrid interfaces.

Step 6 (Optional) Run vlan precedence mac-vlan

The device is configured to preferentially use MAC address-based VLAN

assignment.

By default, the device preferentially uses MAC address-based VLAN assignment.

NOTE

Only the S1720X, S1720X-E, S5720EI, S5730SI, S5730S-EI, S6720LI, S6720S-LI, S6720SI, S6720S-
SI, S5720SI, S5720S-SI, S6720EI, and S6720S-EI support the vlan precedence command.
S1720X, S1720X-E, S6720LI, S6720S-LI, S6720SI, S6720S-SI, S5730SI, S5730S-EI, S5720SI and
S5720S-SI supports the vlan precedence command only in the system view. Other switches
support the vlan precedence command only in the interface view.
On the S5720EI, S6720EI, and S6720S-EI, if both the subnet VLAN and MAC VLAN with a mask
are configured, the MAC VLAN with a mask is first matched regardless of whether the vlan
precedence command is used.

Step 7 Run mac-vlan enable

MAC address-based VLAN assignment is enabled.

By default, MAC address-based VLAN assignment is disabled.

NOTE

MAC address-based VLAN assignment cannot be used with the MUX VLAN and MAC
address authentication on the same interface.
On the S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E, S1720X-E,
S2720EI, S5720HI, S2750, S5720SI, S5720S-SI, S5730SI, S5730S-EI, S6720SI, S6720S-SI,
S5710-X-LI, S5720LI, S5720S-LI, S6720LI, S6720S-LI, S5700LI, and S5700S-LI, MAC address-
based VLAN assignment is invalid for packets with the VLAN ID of 0, regardless of whether
the mask of the MAC VLAN is specified. On other models, MAC address-based VLAN
assignment is invalid for packets with the VLAN ID of 0 only when the mask of the MAC
VLAN is specified.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 226

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Verifying the Configuration

● Run the display mac-vlan { mac-address { all | mac-address [ mac-address-
mask | mac-address-mask-length ] } | vlan vlan-id } command in any view to
check the configuration of MAC address-based VLAN assignment.
● Run the display vlan command in any view to check information about
VLANs.

5.7.4 Configuring IP Subnet-based VLAN Assignment

Context
Both IP subnet-based and protocol-based VLAN assignment are called network
layer-based VLAN assignment, which reduces manual VLAN configuration
workload and allows users to easily join a VLAN, transfer from one VLAN to
another, and exit from a VLAN. IP subnet-based VLAN assignment applies to
scenarios where there are high requirements for mobility and simplified
management and low requirements for security, for example, scenario where a PC
configured with multiple IP addresses needs to access servers on different network
segments and scenario where the switch adds PCs to other VLANs when the PCs'
IP addresses change.

The switch that has IP subnet-based VLAN assignment enabled processes only
untagged frames, and treats tagged frames in the same manner as interface-
based VLAN assignment.

After receiving untagged frames from an interface, the switch determines the
VLANs to which the frames belong according to source IP addresses or network
segments and transmits the frames in specified VLANs.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run vlan vlan-id

A VLAN is created and the VLAN view is displayed. If the specified VLAN has been
created, the VLAN view is directly displayed.

The VLAN ID ranges from 1 to 4094. If VLANs need to be created in a batch, run
the vlan batch { vlan-id1 [ to vlan-id2 ] } &<1-10> command to create VLANs in
a batch, and then run the vlan vlan-id command to enter the view of a specified
VLAN.

NOTE

If a device is configured with multiple VLANs, configuring names for these VLANs is
recommended:
Run the name vlan-name command in the VLAN view. After a VLAN name is configured,
you can run the vlan vlan-name vlan-name command in the system view to enter the
corresponding VLAN view.
The vlan configuration command completes the VLAN configuration when the VLAN is not
created.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 227

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Step 3 Run ip-subnet-vlan [ ip-subnet-index ] ip ip-address { mask | mask-length }

[ priority priority ]

An IP subnet is associated with a VLAN.

● ip-subnet-index specifies the index of an IP subnet. The index of an IP subnet

can be configured manually or automatically generated by the system
according to the sequence in which IP subnets were associated with a VLAN.
● ip-address specifies the source IP address or network segment associated with
a VLAN. The value is in dotted decimal notation.
● priority specifies the 802.1p priority of a VLAN associated with an IP address
or a network segment. The value ranges from 0 to 7. A larger value indicates
a higher priority. The default value is 0. After the 802.1p priority of a VLAN
associated with an IP address or a network segment is specified, the switch
first forwards high-priority frames in the case of congestion.

Step 4 Run quit

Return to the system view.

Step 5 Configure attributes for the Ethernet interface.

1. Run interface interface-type interface-number
The view of the Ethernet interface to be added to the VLAN is displayed.
2. Run port link-type hybrid
The interface is configured as the hybrid interface.
On access and trunk interfaces, IP subnet-based VLAN assignment can be
used only when the IP subnet-based VLAN is the same as the PVID. It is
recommended that IP subnet-based VLAN assignment be configured on
hybrid interfaces.
3. port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }
The hybrid interface is configured to allow the IP subnet-based VLAN.

Step 6 (Optional) Run vlan precedence ip-subnet-vlan

The device is configured to preferentially use IP subnet-based VLAN assignment.

By default, the device preferentially uses MAC address-based VLAN assignment.

NOTE

Only the S1720X, S1720X-E, S5720EI, S5730SI, S5730S-EI, S6720LI, S6720S-LI, S6720SI, S6720S-
SI, S5720SI, S5720S-SI, S6720EI, and S6720S-EI support the vlan precedence command.
S1720X, S1720X-E, S6720LI, S6720S-LI, S6720SI, S6720S-SI, S5730SI, S5730S-EI, S5720SI and
S5720S-SI supports the vlan precedence command only in the system view. Other switches
support the vlan precedence command only in the interface view.
On the S5720EI, S6720EI, and S6720S-EI, if both the subnet VLAN and MAC VLAN with a mask
are configured, the MAC VLAN with a mask is first matched regardless of whether the vlan
precedence command is used.

Step 7 Run ip-subnet-vlan enable

IP subnet-based VLAN assignment is enabled.

By default, IP subnet-based VLAN assignment is disabled.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 228

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

On the S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E,

S1720X-E, S2750, S2720EI, S5720SI, S5720S-SI, S5700LI, S5720LI, S5720S-LI,
S5710-X-LI, and S5700S-LI, when the ip error-packet-check disable command is
used to disable IP packet check, IP subnet-based VLAN assignment and policy-
based VLAN assignment do not take effect.

NOTE

IP subnet-based VLAN assignment is invalid for packets with the VLAN ID of 0 on the
S5720HI.

----End

Verifying the Configuration

● Run the display ip-subnet-vlan vlan { all | vlan-id1 [ to vlan-id2 ] }
command in any view to check information about IP subnets associated with
VLANs.
● Run the display vlan command in any view to check information about
VLANs.

5.7.5 Configuring Protocol-based VLAN Assignment

Context
Both IP subnet-based and protocol-based VLAN assignment are called network
layer-based VLAN assignment, which reduces manual VLAN configuration
workload and allows users to easily join a VLAN, transfer from one VLAN to
another, and exit from a VLAN. The switch that has protocol-based VLAN
assignment enabled processes only untagged frames, and treats tagged frames in
the same manner as interface-based VLAN assignment.
When receiving an untagged frame from an interface, the switch identifies the
protocol profile of the frame and then determines the VLAN that the frame
belongs to.
● If protocol-based VLANs are configured on the interface and the protocol
profile of the frame matches a protocol-based VLAN, the switch adds the
VLAN tag to the frame.
● If protocol-based VLANs are configured on the interface and the protocol
profile of the frame matches no protocol-based VLAN, the switch adds the
PVID of the interface to the frame.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run vlan vlan-id
A VLAN is created and the VLAN view is displayed. If the specified VLAN has been
created, the VLAN view is directly displayed.
The VLAN ID ranges from 1 to 4094. If VLANs need to be created in a batch, run
the vlan batch { vlan-id1 [ to vlan-id2 ] } &<1-10> command to create VLANs in

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 229

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

a batch, and then run the vlan vlan-id command to enter the view of a specified
VLAN.

NOTE

If a device is configured with multiple VLANs, configuring names for these VLANs is
recommended:
Run the name vlan-name command in the VLAN view. After a VLAN name is configured,
you can run the vlan vlan-name vlan-name command in the system view to enter the
corresponding VLAN view.
The vlan configuration command completes the VLAN configuration when the VLAN is not
created.

Step 3 Run protocol-vlan [ protocol-index ] { at | ipv4 | ipv6 | ipx { ethernetii | llc | raw
| snap } | mode { ethernetii-etype etype-id1 | llc dsap dsap-id ssap ssap-id |
snap-etype etype-id2 } }

Protocols are associated with VLANs and a protocol profile is specified.

● protocol-index specifies the index of a protocol profile.

A protocol profile depends on protocol types and encapsulation formats, and
a VLAN associated with a protocol can be defined in a protocol profile.
● When specifying the source and destination service access points, pay
attention to the following points:
– dsap-id and ssap-id cannot be both set to 0xaa.
– dsap-id and ssap-id cannot be both set to 0xe0. 0xe0 indicates llc,
encapsulation format of IPX packets.
– dsap-id and ssap-id cannot be both set to 0xff. 0xff indicates raw,
encapsulation format of IPX packets.

Step 4 Configure attributes for the Ethernet interface.

1. Run interface interface-type interface-number
The view of the interface that allows the protocol-based VLAN is displayed.
2. Run port link-type hybrid
The interface is configured as the hybrid interface.
On access and trunk interfaces, protocol-based VLAN assignment can be used
only when the protocol-based VLAN is the same as the PVID. It is
recommended that protocol-based VLAN assignment be configured on hybrid
interfaces.
3. Run port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }
The hybrid interface is configured to allow the protocol-based VLAN.
4. Run protocol-vlan vlan vlan-id { all | protocol-index1 [ to protocol-index2 ] }
[ priority priority ]
The interface is associated with a protocol-based VLAN.
– vlan-id must be the ID of a protocol-based VLAN.
– priority specifies the 802.1p priority of a protocol-based VLAN. The value
ranges from 0 to 7. A larger value indicates a higher priority. The default
value is 0. After the 802.1p priority of a protocol-based VLAN is specified,
the switch first forwards high-priority frames in the case of congestion.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 230

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

NOTE

Protocol-based VLAN assignment is invalid for packets with the VLAN ID of 0 on the
S5720HI.

----End

Verifying the Configuration

● Run the display protocol-vlan vlan { all | vlan-id1 [ to vlan-id2 ] } command
in any view to check the types and indexes of the protocols associated with
VLANs.
● Run the display protocol-vlan interface { all | interface-type interface-
number } command in any view to check the protocol-based VLAN
configuration on a specified interface or all interfaces.
● Run the display vlan command in any view to check information about
VLANs.

5.7.6 Configuring Policy-based VLAN Assignment

Context
Policy-based VLAN assignment implements plug-and-play of user terminals and
provides secure data isolation for terminal users.

The switch provides policy-based VLAN assignment based on MAC and IP

addresses or based on MAC and IP addresses and interfaces.

To configure policy-based VLAN assignment, configure MAC and IP addresses or

interfaces of terminals on the switch and associate MAC and IP addresses or
interfaces with VLANs. Only terminals matching a policy can be added to a
specific VLAN. If the IP or MAC addresses of terminals added to a VLAN are
changed, they will exit from the VLAN.

The switch that has policy-based VLAN assignment enabled processes only
untagged frames, and treat tagged frames in the same manner as VLANs
configured based on ports.

When receiving an untagged frame, the switch determines the VLAN according to
the policy matching both MAC and IP addresses of the frame, and transmits the
frame in the VLAN.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run vlan vlan-id

A VLAN is created and the VLAN view is displayed. If the specified VLAN has been
created, the VLAN view is directly displayed.

The VLAN ID ranges from 1 to 4094. If VLANs need to be created in a batch, run
the vlan batch { vlan-id1 [ to vlan-id2 ] } &<1-10> command to create VLANs in

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 231

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

a batch, and then run the vlan vlan-id command to enter the view of a specified
VLAN.

NOTE

If a device is configured with multiple VLANs, configuring names for these VLANs is
recommended:
Run the name vlan-name command in the VLAN view. After a VLAN name is configured,
you can run the vlan vlan-name vlan-name command in the system view to enter the
corresponding VLAN view.
The vlan configuration command completes the VLAN configuration when the VLAN is not
created.

Step 3 Run policy-vlan mac-address mac-address ip ip-address [ interface interface-

type interface-number ] [ priority priority ]
Policy-based VLAN assignment is configured.

If interface interface-type interface-number is not specified, MAC-IP binding

policies are applied to all interfaces in a specified VLAN. Otherwise, MAC-IP
binding policies are only applied to a specified interface in a specified VLAN.

Step 4 Run quit

Return to the system view.

Step 5 Configure attributes for the Ethernet interface.

1. Run interface interface-type interface-number
The view of the interface that allows the policy-based VLAN is displayed.
2. Run port link-type hybrid
The interface is configured as the hybrid interface.
3. Run port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }
The hybrid interface is configured to allow the policy-based VLAN.
On access and trunk interfaces, policy-based VLAN assignment can be used
only when the policy-based VLAN is the same as the PVID. It is recommended
that policy-based VLAN assignment be configured on hybrid interfaces.

NOTE

Policy-based VLAN assignment is invalid for packets with the VLAN ID of 0.

On the S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E, S1720X-E,
S2750, S2720EI, S5720SI, S5720S-SI, S5700LI, S5720LI, S5720S-LI, S5710-X-LI, and S5700S-
LI, when the ip error-packet-check disable command is used to disable IP packet check, IP
subnet-based VLAN assignment and policy-based VLAN assignment do not take effect.

----End

Verifying the Configuration

● Run the display policy-vlan { all | vlan vlan-id } command in any view to
check the configuration of policy-based VLAN assignment.
● Run the display vlan command in any view to check information about
VLANs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 232

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

5.7.7 Configuring Inter-VLAN Communication

Context
After VLANs are assigned, users in the same VLAN can communication with each
other while users in different VLANs cannot. If some users in different VLANs need
to communicate, configure inter-VLAN communication. A VLANIF interface is a
Layer 3 logical interface and can implement inter-VLAN Layer 3 connectivity. It is
simple to configure a VLANIF interface, so the VLANIF interface is the most
commonly used technology. Each VLAN corresponds to a VLANIF interface. After
an IP address is configured for a VLANIF interface, the VLANIF interface is used as
the gateway of the VLAN and forwards packets across network segments at Layer
3 based on IP addresses.
Generally, a VLANIF interface requires only IP address. In some scenarios, you need
to configure multiple IP addresses for the VLANIF interface. For example, a switch
connects to a physical network through an interface, and hosts on this network
belong to multiple network segments (multiple PCs connect to the network
through hubs or simplified Layer 2 switches, or one PC uses dual network adapters
to connect to the network). To enable the switch to communicate with all hosts
on the physical network, configure a primary IP address and multiple secondary IP
addresses for this interface.
If a VLAN goes Down because all interfaces in the VLAN go Down, the system
immediately reports the VLAN Down event to the corresponding VLANIF interface,
instructing the VLANIF interface to go Down. To avoid network flapping caused by
the change of the VLANIF interface status, enable VLAN damping on the VLANIF
interface. After the last interface in Up state in a VLAN goes Down, the device
enabled with VLAN damping starts a delay timer and informs the corresponding
VLANIF interface of the VLAN Down event after the timer expires. If an interface
in the VLAN goes Up during the delay, the VLANIF interface remains Up.
The Maximum Transmission Unit (MTU) determines the maximum number of
bytes each time a sender can send. If the size of packets exceeds the MTU
supported by a receiver or a transit node, the receiver or transit node fragments
the packets or even discards them, aggravating the network transmission load. To
avoid this problem, set the MTU of the VLANIF interface.
After configuring bandwidth for a VLANIF interface, you can use the NMS to query
the bandwidth. This facilitates traffic monitoring.

Pre-configuration Tasks
Before configuring inter-VLAN communication, complete the following tasks:
● Perform the task of assign VLANs.
● Configure the default gateway address of hosts as the IP address of the
VLANIF interface.

Procedure
Step 1 Run system-view
The system view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 233

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Step 2 Run interface vlanif vlan-id

The VLANIF interface view is displayed.

A VLANIF interface goes Up only when at least one physical interface in the
corresponding VLAN is in Up state.

Step 3 (Optional) Run description description

The description of the VLANIF interface is configured.

Step 4 Run ip address ip-address { mask | mask-length } [ sub ]

An IP address is configured for the VLANIF interface to implement Layer 3

connectivity.

If IP addresses assigned to VLANIF interfaces belong to different network

segments, you need to configure a routing protocol on the device to provide
reachable routes.

Each VLANIF interface can be configured with one primary IP address and 31
secondary IP addresses.

NOTE

An IP address of a VLANIF interface can be statically configured or dynamically obtained

using DHCP. For details about DHCP, see DHCP Configuration in the S1720, S2700, S5700,
and S6720 V200R011C10 Configuration Guide - IP Services.

Step 5 (Optional) Run damping time delay-time

The delay of VLAN damping is set.

The value ranges from 0 to 20, in seconds. By default, the delay is 0 seconds,
indicating that VLAN damping is disabled.

Step 6 (Optional) Run mtu mtu

The MTU of the VLANIF interface is set.

By default, the value is 1500 bytes.

NOTE

● After using the mtu command to change the MTU of an interface, restart the interface
to make the new MTU take effect. To restart the interface, run the shutdown command
and then the undo shutdown command, or run the restart command in the interface
view.
● The MTU plus the Layer 2 frame header of a VLANIF interface must be smaller than the
maximum frame length of the remote interface by the jumboframe command;
otherwise, some frames may be discarded.

----End

Verifying the Configuration

● Run the display interface vlanif [ vlan-id | main ] command to check the
status, configuration, and traffic statistics of the VLANIF interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 234

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

NOTE

Only the VLANIF interface in Up state can forward packets at Layer 3. When the
VLANIF interface goes Down, rectify the fault according to 5.10.2 A VLANIF Interface
Goes Down.

5.7.8 Configuring a Traffic Policy to Implement Intra-VLAN

Layer 2 Isolation

Context
After VLANs are assigned, users in the same VLAN can communication with each
other. If users in a VLAN need to be isolated unidirectionally or bidirectionally,
configure a traffic policy. A traffic policy is configured by binding traffic classifiers
to traffic behaviors. The switch classifies packets according to packet information,
and associates a traffic classifier with a traffic behavior to reject the packets
matching the traffic classifier, implementing intra-VLAN isolation.

The switch provides intra-VLAN Layer 2 isolation based on MQC and based on the
ACL-based simplified traffic policy.

Pre-configuration Tasks
Before configuring a traffic policy to implement intra-VLAN Layer 2 isolation,
perform the task of assign VLANs.

Procedure
● Configure MQC to implement intra-VLAN Layer 2 isolation.

Perform the following MQC configurations to implement intra-VLAN Layer 2

isolation:
– Specify permit or deny in the traffic behavior.
– Apply the traffic policy to a VLAN or an interface that allows the VLAN.

For details about how to configure MQC, see Configuring Packet Filtering in
"Packet Filtering Configuration" in the S1720, S2700, S5700, and S6720
V200R011C10 Configuration Guide - QoS.
● Configure an ACL-based simplified traffic policy to implement intra-VLAN
Layer 2 isolation.

For details about how to configure an ACL-based simplified traffic policy, see
Configuring ACL-based Packet Filtering in "ACL-based Simplified Traffic Policy
Configuration" in the S1720, S2700, S5700, and S6720 V200R011C10
Configuration Guide - QoS.
----End

5.7.9 Configuring a Traffic Policy to Implement Inter-VLAN

Layer 3 Isolation

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 235

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Context
After inter-VLAN Layer 3 connectivity is configured, if some users in different
VLANs require unidirectional access or need to be isolated, configure inter-VLAN
Layer 3 isolation. Inter-VLAN Layer 3 isolation is implemented using a traffic
policy. A traffic policy is configured by binding traffic classifiers to traffic behaviors.
The switch classifies packets according to IP addresses or other information in
packets, and associates a traffic classifier with a traffic behavior to reject the
packets matching the traffic classifier, implementing inter-VLAN Layer 3 isolation.
The switch provides inter-VLAN Layer 3 isolation based on MQC and based on the
ACL-based simplified traffic policy. You can select one of them according to your
needs.

Pre-configuration Tasks
Before configuring a traffic policy to implement inter-VLAN Layer 3 isolation,
perform the task of 5.7.7 Configuring Inter-VLAN Communication.

Procedure
● Configure MQC to implement inter-VLAN Layer 3 isolation.
Perform the following MQC configurations to implement inter-VLAN Layer 3
isolation:
– Specify permit or deny in the traffic behavior.
– Apply the traffic policy to a VLAN or an interface that allows the VLAN.
For details about how to configure MQC, see Configuring Packet Filtering in
"Packet Filtering Configuration" in the S1720, S2700, S5700, and S6720
V200R011C10 Configuration Guide - QoS.
● Configure an ACL-based simplified traffic policy to implement inter-VLAN
Layer 3 isolation.
For details about how to configure an ACL-based simplified traffic policy, see
Configuring ACL-based Packet Filtering in "ACL-based Simplified Traffic Policy
Configuration" in the S1720, S2700, S5700, and S6720 V200R011C10
Configuration Guide - QoS.
----End

5.7.10 Configuring an mVLAN

Context
Management VLAN (mVLAN) allows you to use the VLANIF interface of the
mVLAN to log in to the management switch to manage devices in a centralized
manner. To use a remote network management system (NMS) to manage devices
in a centralized manner, configure a management IP address on the switch. You
can then log in to the switch in Telnet mode and manage the switch by using the
management IP address. The management IP address can be configured on a
management interface or VLANIF interface. If a user-side interface is added to the
VLAN, users connected to the interface can also log in to the switch. This brings
security risks to the switch.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 236

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

After a VLAN is configured as an mVLAN, no access interface or Dot1q tunnel

interface can be added to the VLAN. Access and Dot1q tunnel interfaces are often
connected to users. When these interfaces are prevented from joining the mVLAN,
users connected to the interfaces cannot log in to the device, improving device
security.
Generally, a VLANIF interface needs to be configured with only one management
IP addresses. In specified scenarios, for example, users in the same mVLAN belong
to multiple different network segments, you need to configure a primary
management IP address and multiple secondary management IP addresses.
You can only log in to the local device using the management interface, whereas
you can log in to both local and remote devices using a VLANIF interface of an
mVLAN. When logging in to the remote device using the VLANIF interface of an
mVLAN, you need to configure VLANIF interfaces on both local and remote
devices and assign IP addresses on the same network segment to them.

Pre-configuration Tasks
Before configuring an mVLAN, perform the task of assign VLANs.

NOTE

Only trunk and hybrid interfaces can join the mVLAN.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run vlan vlan-id
The VLAN view is displayed.
Step 3 Run management-vlan
The VLAN is configured as the mVLAN.
VLAN 1 cannot be configured as the mVLAN.
Step 4 Run quit
Exit from the VLAN view.
Step 5 Run interface vlanif vlan-id
A VLANIF interface is created and its view is displayed.
Step 6 Run ip address ip-address { mask | mask-length } [ sub ]
An IP address is assigned to the VLANIF interface.

----End

Follow-up Procedure
Log in to the switch to implement centralized management through the NMS.
Select either of the following login modes according to your needs:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 237

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

● To manage local devices, log in to the local switch using Telnet, STelnet,
HTTPS. For details, see Configuring Telnet Login, Configuring STelnet Login, or
Web System Login Configuration in the S1720, S2700, S5700, and S6720
V200R011C10 Configuration Guide - Basic Configurations.
● To manage remote devices, log in to the local device using Telnet or STelnet
and log in to remote devices using Telnet or STelnet from the local device. For
details, see (Optional) Using Telnet to Log In to Another Device From the
Local Device in "Configuring Telnet Login", or (Optional) Logging In to
Another Device From the Local Device Using STelnet in "Configuring STelnet
Login" in the S1720, S2700, S5700, and S6720 V200R011C10 Configuration
Guide - Basic Configurations.

The login IP address is the IP address of the VLANIF interface of an mVLAN.

Verifying the Configuration

● Run the display vlan command to check the mVLAN configuration. In the
command output, the VLAN marked with a * is the mVLAN.

5.7.11 Configuring Transparent Transmission of Protocol

Packets in a VLAN

Context
When the device used as the gateway or Layer 2 switches is enabled with
snooping functions such as DHCP/IGMP/MLD snooping, the device needs to parse
and process protocol packets such as ARP, DHCP, and IGMP packets. That is,
protocol packets received by an interface are sent to the CPU for processing. The
interface sends protocol packets without differentiating VLANs. If the preceding
functions are deployed, protocol packets from all VLANs are sent to the CPU for
processing.

If the device is a gateway of some VLANs or snooping functions is deployed in

some VLANs, the device does not need to process protocol packets in other VLANs.
After the protocol packets in other VLANs are sent to the CPU, the CPU needs to
forward them to other devices. This mechanism is called software forwarding.
Software forwarding affects the forwarding speed and efficiency of protocol
packets because protocol packets need to be processed.

To address this issue, deploy transparent transmission of protocol packets in

VLANs where protocol packets do not need to be processed. This function enables
the device to transparently transmit the protocol packets in the VLANs to other
devices, which improves the forwarding speed and efficiency.

The switch can transparently transmit the following protocol packets:

CFM/ARP/BFD/DHCP/DHCPV6/HTTP/IGMP/MLD/ND/PIM/PIMv6/PPPoE/TACACS.

NOTE

Only the S5720HI, S5720EI, S6720EI, and S6720S-EI support this function.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 238

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Procedure
● Configure transparent transmission of protocol packets in a VLAN.
a. Run system-view
The system view is displayed.
b. Run vlan vlan-id
A VLAN is created and the VLAN view is displayed. If the specified VLAN
has been created, the VLAN view is directly displayed.
c. Run protocol-transparent
Transparent transmission of protocol packets in a VLAN is configured.
By default, transparent transmission of protocol packets in a VLAN is
disabled.
● Configure transparent transmission of protocol packets in multiple VLANs.
a. Run system-view
The system view is displayed.
b. Run vlan batch { vlan-id1 [ to vlan-id2 ] } &<1-10>
Create one or more VLANs.
c. Run vlan range { vlan-id1 [ to vlan-id2 ] } &<1-10>
A temporary VLAN range is created and its view is displayed. If the VLAN
range has been created, this command directly displays the VLAN-Range
view.
Uncreated VLANs cannot be added to a temporary VLAN range.
d. Run protocol-transparent
Transparent transmission of protocol packets in VLANs is configured.
By default, transparent transmission of protocol packets is disabled in
VLANs of a temporary VLAN range.
NOTE

● The vlan range command configuration is not saved in the configuration file. If services
are configured in the VLAN-Range view, the service configurations of all the VLANs in
the VLAN range will be saved in the configuration file.
● After transparent transmission of protocol packets is configured in a VLAN, the VLAN
cannot be configured as the multicast VLAN or control VLAN.
● Before running this command, ensure that IGMP or MLD snooping has been disabled in
the VLAN. Otherwise, the configuration may fail.

Verifying the Configuration

Run the display this command in the VLAN view to check the configuration of
transparent transmission of protocol packets in a VLAN.

5.8 Maintaining VLANs

5.8.1 Collecting VLAN Traffic Statistics

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 239

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Context
You can enable traffic statistics collection in a VLAN or on a VLANIF interface and
view traffic statistics about the VLAN or VLANIF interface to monitor VLAN traffic.

Procedure
● Check VLAN traffic statistics.
a. (Optional) Run the vlan statistics interval command in the system view
to set the interval for VLAN traffic statistics collection.
b. (Optional) Run the vlan statistics { by-packets | by-bytes } command in
the system view to set the VLAN traffic statistics collection mode. You can
configure the switch to collect VLAN traffic statistics based on packets or
bytes.
NOTE

Only the S1720GW, S1720GWR, S1720X, S1720GFR, S1720GW-E, S1720GWR-E,

S1720X-E, S2720EI, S2750EI, S5700LI, S5700S-LI, S5720LI, S5720S-LI, S6720LI, S6720S-
LI, S5710-X-LI, S5730SI, S5730S-EI, S6720SI, S6720S-SI, S5720S-SI, and S5720SI
support this command.
c. Run the statistic enable command in the VLAN view to enable VLAN
traffic statistics collection.
d. Run the display vlan vlan-id statistics command in any view to check
traffic statistics about a specified VLAN.
● Check traffic statistics about a VLANIF interface.
a. Run the statistic enable command in the VLANIF interface view to
enable traffic statistics collection.
NOTE

Only the S5720HI, S5720EI, S6720EI, and S6720S-EI support this command.
b. Run the display interface vlanif [ vlan-id ] command in any view to
check traffic statistics about a VLANIF interface.
----End

5.8.2 Clearing VLAN Traffic Statistics

Context
Before collecting traffic statistics in a given period of time on an interface, clear
existing statistics on the interface.

NOTICE

The cleared VLAN traffic statistics cannot be restored. Exercise caution when you
use the reset vlan command.

To clear VLAN traffic statistics, run the reset vlan statistics command in the user
view.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 240

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Procedure
● Run the reset vlan vlan-id statistics command to clear traffic statistics about
a specified VLAN.

----End

5.8.3 Clearing Packet Statistics on a VLANIF Interface

Context
Before collecting the packet statistics on a VLANIF interface within a certain
period, clear existing packet statistics on the VLANIF interface.

NOTICE

The cleared statistics cannot be restored. Exercise caution when you run the reset
command.

Procedure
● Run the reset counters interface [ interface-type [ interface-number ] ]
command to clear the packet statistics on the specified VLANIF interface.

----End

5.8.4 Clearing LNP Packet Statistics

Context

NOTICE

The cleared LNP packet statistics cannot be restored. Exercise caution when you
run the reset lnp statistics command.

Procedure
● Run the reset lnp statistics [ interface interface-type interface-number ]
command in the user view to clear LNP packet statistics.

----End

5.8.5 Enabling GMAC Ping to Detect Layer 2 Network

Connectivity

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 241

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Context
Similar to IP ping, GMAC ping detects whether a fault occurs on an Ethernet link
or monitors the link quality. GMAC ping efficiently detects and locates Ethernet
faults.

GMAC ping is applicable to networks where no MD, MA, or MEP is configured.

NOTE
The S1720GFR does not support this function.

Procedure
Step 1 Run the system-view command to enter the system view.

Step 2 Run the ping mac enable command to enable GMAC ping globally.

By default, GMAC ping is disabled.

After GMAC ping is enabled on the device, the device can ping the remote device
and respond to received GMAC ping packets.

Step 3 Run the ping mac mac-address vlan vlan-id [ interface interface-type interface-
number | -c count | -s packetsize | -t timeout | -p priority-value ] * command to
perform GMAC ping to check connectivity of the link between the local and
remote devices.

A MEP is not required to initiate GMAC ping. The destination node cannot be a
MEP or MIP. You can perform GMAC ping without configuring the MD, MA, or
MEP on the source device, intermediate device, and destination device.

The two devices must be configured with IEEE 802.1ag of the same version. If the
local device is configured with IEEE 802.1ag Draft 7 and the remote device is
configured with IEEE Standard 802.1ag-2007, the ping mac command does not
take effect. That is, the local device cannot ping the remote device.

----End

5.8.6 Enabling GMAC Trace to Locate Faults

Context
Similar to IP traceroute, GMAC ping detects whether a fault occurs on an Ethernet
link or monitors the link quality. GMAC trace efficiently detects and locates
Ethernet faults.

GMAC trace is applicable to the network where no MD, MA, or MEP is configured.

NOTE
The S1720GFR does not support this function.

Procedure
Step 1 Configure the devices on both ends of a link and the intermediate device.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 242

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Perform the following operations on the devices at both ends of the link to be
tested and intermediate device.

1. Run the system-view command to enter the system view.

2. Run the trace mac enable to enable GMAC trace globally.

By default, GMAC trace is disabled (except the S5720HI).

After GMAC ping is enabled on the device, the device can ping the remote
device and respond to received GMAC ping packets.

Step 2 Perform GMAC trace.

Perform the following operations on the device at one end of the link to be tested.

1. Run the system-view command to enter the system view.

2. Run the trace mac mac-address vlan vlan-id [ interface interface-type
interface-number | -t timeout | -h ]* command to enable the device to locate
connectivity faults between the local and remote devices.

A MEP is not required to initiate GMAC trace. The destination node cannot be
a MEP or MIP. That is, GMAC trace can be implemented without configuring
the MD, MA, or MEP on the source device, intermediate device, and
destination device. All the intermediate devices can respond with an LTR.

The two devices must be configured with IEEE 802.1ag of the same version. If
the local device is configured with IEEE 802.1ag Draft 7 and the remote device
is configured with IEEE Standard 802.1ag-2007, the trace mac command does
not take effect. That is, the connectivity fault cannot be located.

----End

5.9 Configuration Examples for VLANs

5.9.1 Example for Configuring Interface-based VLAN

Assignment (Statically Configured Link Type)

Networking Requirements
As shown in Figure 5-24, multiple user terminals are connected to switches in an
enterprise. Users who use the same service access the enterprise network using
different devices.

To ensure the communication security and avoid broadcast storms, the enterprise
wants to allow users who use the same service to communicate with each other
and isolate users who use different services.

Configure interface-based VLAN assignments on the switch and add interfaces

connected to terminals of users who use the same service to the same VLAN.
Users in different VLANs communicate at Layer 2, and users in the same VLAN
can communicate directly.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 243

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Figure 5-24 Networking of interface-based VLAN assignment

GE0/0/3 GE0/0/3
SwitchA SwitchB
GE0/0/1 GE0/0/2 GE0/0/1 GE0/0/2

User1 User3 User2 User4

VLAN2 VLAN3 VLAN2 VLAN3

Configuration Roadmap
The configuration roadmap is as follows:

1. Create VLANs and add interfaces connecting to user terminals to VLANs to

isolate Layer 2 traffic between users who use different services.
2. Configure the type of link between SwitchA and SwitchB and VLANs to allow
users who use the same service to communicate.

Procedure
Step 1 Create VLAN 2 and VLAN 3 on SwitchA, and add interfaces connected to user
terminals to different VLANs. The configuration of SwitchB is similar to that of
SwitchA, and is not mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 2 3
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type access
[SwitchA-GigabitEthernet0/0/1] port default vlan 2
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type access
[SwitchA-GigabitEthernet0/0/2] port default vlan 3
[SwitchA-GigabitEthernet0/0/2] quit

Step 2 Configure the type of the interface connected to SwitchB on SwitchA and VLANs.
The configuration of SwitchB is similar to that of SwitchA, and is not mentioned
here.

[SwitchA] interface gigabitethernet 0/0/3

[SwitchA-GigabitEthernet0/0/3] port link-type trunk
[SwitchA-GigabitEthernet0/0/3] port trunk allow-pass vlan 2 3

Step 3 Verify the configuration.

Add User1 and User2 to the same IP address segment, for example,
192.168.100.0/24; add User3 and User4 to the same IP address segment, for
example, 192.168.200.0/24.

Only User1's and User2's terminals can ping each other, and only User3's and
User4's terminals can ping each other.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 244

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Configuration Files
SwitchA configuration file
#
sysname SwitchA
#
vlan batch 2 to 3
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 3
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
return

SwitchB configuration file

#
sysname SwitchB
#
vlan batch 2 to 3
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 3
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
return

Related Content
Videos

● Configuring Interface-based VLAN Assignment

● Configuring Interface-based VLAN Assignment(FAQ)
● Deploying a Layer 2 Switch on a LAN

5.9.2 Example for Configuring Interface-based VLAN

Assignment (LNP Dynamically Negotiates the Link Type)

Networking Requirements
Switching devices and user terminals are deployed on the network shown in
Figure 5-25. To implement Layer 2 connectivity, configure the link type for each
interface and add interfaces to VLANs. If the network scale is large, the
configuration is complex. To simplify configurations, switches are connected

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 245

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

through the trunk link, and switches and user terminals are connected through
access links and added to VLANs.

Figure 5-25 Networking of interface-based VLAN assignment (LNP dynamically

negotiates the link type)

Network

Switch3
GE0/0/1 GE0/0/2

GE0/0/2 GE0/0/2
Switch1 …… Switch2
GE0/0/1 GE0/0/3 GE0/0/1 GE0/0/3

……

VLAN10 VLAN20 VLAN10 VLAN20

Configuration Roadmap
The configuration roadmap is as follows:

1. Enable LNP in the system view and interface view to implement auto-
negotiation. Because PCs do not support LNP, switch interfaces connected to
terminals are used as access interfaces and interfaces between switches are
used as trunk interfaces through negotiation.
2. Create VLANs and add interfaces to VLANs to implement Layer 2 connectivity.

Procedure
Step 1 Enable global LNP.

By default, global LNP is enabled. If LNP is disabled, run the undo lnp disable
command in the system view to enable LNP.

Step 2 Create VLANs.

You can create VLANs on each switch, or create VLANs on Switch3 and use the
VLAN Central Management Protocol (VCMP) to synchronize created VLANs to
other switches. The following describes how to create VLANs. If VCMP is used, you
need to configure Switch3 as the VCMP server and Switch1 and Switch2 as the
VCMP clients. For details, see 13 VCMP Configuration.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 246

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

# Create VLAN 10 and VLAN 20 on Switch3. The configuration of Switch1 and

Switch2 is similar to the configuration of Switch3, and is not mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname Switch3
[Switch3] vlan batch 10 20

Step 3 Enable LNP on interfaces, and add switch interfaces connected to PCs to a VLAN
as access interfaces and interfaces between switches to VLANs as trunk interfaces.
NOTE

● If the interface is not a Layer 2 interface, you need to run the portswitch command to
set the interface to work in Layer 2 mode.
● By default, LNP is enabled. If LNP is disabled, run the undo port negotiation disable
command to enable LNP on the interface.

# Configure Switch1. The configuration of Switch2 is similar to the configuration

of Switch1, and is not mentioned here.
[Switch1] interface GigabitEthernet 0/0/1
[Switch1-GigabitEthernet0/0/1] port default vlan 10
[Switch1-GigabitEthernet0/0/1] quit
[Switch1] interface GigabitEthernet 0/0/2
[Switch1-GigabitEthernet0/0/2] port trunk allow-pass only-vlan 10 20
[Switch1-GigabitEthernet0/0/2] quit
[Switch1] interface GigabitEthernet 0/0/3
[Switch1-GigabitEthernet0/0/3] port default vlan 20
[Switch1-GigabitEthernet0/0/3] quit

# Configure Switch3.
[Switch3] interface GigabitEthernet 0/0/1
[Switch3-GigabitEthernet0/0/1] port trunk allow-pass only-vlan 10 20
[Switch3-GigabitEthernet0/0/1] quit
[Switch3] interface GigabitEthernet 0/0/2
[Switch3-GigabitEthernet0/0/2] port trunk allow-pass only-vlan 10 20
[Switch3-GigabitEthernet0/0/2] quit

NOTE
The port trunk allow-pass only-vlan 10 20 command configures the interface to allow
only VLAN 10 and VLAN 20.

Step 4 Verify the configuration.

After the preceding configuration is complete, run the display lnp interface
interface-type interface-number command to view auto-negotiation on the
specified Layer 2 interface.
[Switch1] display lnp interface gigabitethernet0/0/2
LNP information for GigabitEthernet0/0/2:
Port link type: trunk
Negotiation mode: desirable
Hello timer expiration(s): 7
Negotiation timer expiration(s): 0
Trunk timer expiration(s): 278
FSM state: trunk

Packets statistics
56 packets received
0 packets dropped
bad version: 0, bad TLV(s): 0, bad port link type: 0,
bad negotiation state: 0, other: 0
58 packets output
0 packets dropped
other: 0

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 247

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Run the display lnp summary command to view auto-negotiation information on

all interfaces of the Layer 2 device.
[Switch1] display lnp summary
Global LNP : Negotiation enable
-------------------------------------------------------------------------------
C: Configured; N: Negotiated; *: Negotiation disable;
Port link-type(C) link-type(N) InDropped OutDropped FSM
-------------------------------------------------------------------------------
GE0/0/1 desirable access 0 0 access
GE0/0/2 desirable trunk 0 0 trunk
GE0/0/3 desirable access 0 0 access

----End

Configuration Files
● Switch1 configuration file
#
sysname Switch1
#
vlan batch 10 20
#
interface GigabitEthernet0/0/1
port default vlan 10
#
interface GigabitEthernet0/0/2
port trunk allow-pass only-vlan 10 20
#
interface GigabitEthernet0/0/3
port default vlan 20
#
return

● Switch2 configuration file

#
sysname Switch2
#
vlan batch 10 20
#
interface GigabitEthernet0/0/1
port default vlan 10
#
interface GigabitEthernet0/0/2
port trunk allow-pass only-vlan 10 20
#
interface GigabitEthernet0/0/3
port default vlan 20
#
return

● Switch3 configuration file

#
sysname Switch3
#
vlan batch 10 20
#
interface GigabitEthernet0/0/1
port trunk allow-pass only-vlan 10 20
#
interface GigabitEthernet0/0/2
port trunk allow-pass only-vlan 10 20
#
return

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 248

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

5.9.3 Example for Configuring MAC Address-based Assignment

(the Switch Connects to Downstream Terminals)
Networking Requirements
On a company intranet, the network administrator adds the PCs in a department
to the same VLAN. To improve information security, only employees in this
department are allowed to access the intranet.
As shown in Figure 5-26, only PC1, PC2, and PC3 are allowed to access the
intranet through the switch.
You can assign VLANs based on MAC addresses and associate MAC addresses of
PCs with the specified VLAN.

Figure 5-26 Networking of MAC address-based assignment

Enterprise
network

GE0/0/1

Switch

GE0/0/2 GE0/0/4
GE0/0/3

MAC:22-22-22 MAC:33-33-33 MAC:44-44-44

PC1 PC2 PC3
VLAN 10

Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs and determine which VLAN the PCs of employees belong to.
2. Add Ethernet interfaces to VLANs so that packets of the VLANs can pass
through the interfaces.
3. Associate MAC addresses of PC1, PC2, and PC3 with the specified VLAN so
that the VLAN of the packets can be determined based on the source MAC
address.

Procedure
Step 1 Configure the Switch.
# Create VLANs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 249

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 10

# Add interfaces to the VLANs. The configuration of GE0/0/3 or GE0/0/4 is similar

to that of GE0/0/2, and is not mentioned here.
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid tagged vlan 10
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type hybrid
[Switch-GigabitEthernet0/0/2] port hybrid untagged vlan 10
[Switch-GigabitEthernet0/0/2] quit

# Associate MAC addresses of PC1, PC2, and PC3 with VLAN 10.
[Switch] vlan 10
[Switch-vlan10] mac-vlan mac-address 22-22-22
[Switch-vlan10] mac-vlan mac-address 33-33-33
[Switch-vlan10] mac-vlan mac-address 44-44-44
[Switch-vlan10] quit

# Enable MAC address-based VLAN assignment on GE0/0/2. The configuration of

GE0/0/3 or GE0/0/4 is similar to that of GE0/0/2, and is not mentioned here.
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] mac-vlan enable
[Switch-GigabitEthernet0/0/2] quit

Step 2 Verify the configuration.

PC1, PC2, and PC3 can access the intranet, whereas other PCsusers cannot access
the intranet.

----End

Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 10
#
vlan 10
mac-vlan mac-address 0022-0022-0022 priority 0
mac-vlan mac-address 0033-0033-0033 priority 0
mac-vlan mac-address 0044-0044-0044 priority 0
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 10
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid untagged vlan 10
mac-vlan enable
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid untagged vlan 10
mac-vlan enable
#
interface GigabitEthernet0/0/4

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 250

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

port link-type hybrid

port hybrid untagged vlan 10
mac-vlan enable
#
return

5.9.4 Example for Configuring IP Subnet-based VLAN

Assignment
Networking Requirements
A company has multiple services, including IPTV, VoIP, and Internet access. Each
service uses a different IP subnet. To facilitate management, the company requires
that packets of the same service be transmitted in the same VLAN and packets of
different services in different VLANs.
As shown in Figure 5-27, the Switch receives packets of multiple services such as
data, IPTV, and voice services. User devices of these services use IP addresses on
different IP subnets. The Switch needs to assign VLANs to packets of different
services so that the router can transmit packets with different VLAN IDs to
different servers.

Figure 5-27 Networking of IP subnet-based VLAN assignment

IPTV
server

Router
GE0/0/1

GE0/0/2

Switch
GE0/0/1

Simplified Layer 2
switch

Multimedia
User host Phone
terminal
192.168.1.2/24 192.168.2.2/24 192.168.3.2/24

Configuration Roadmap
The configuration roadmap is as follows:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 251

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

1. Create VLANs and add interfaces to VLANs so that the interfaces allow the IP
subnet-based VLANs.
2. Enable IP subnet-based VLAN assignment and associate IP subnets with
VLANs so that the Switch determines VLANs according to IP addresses or
network segments of packets.

NOTE

You do not need to perform any configuration on a simplified Layer 2 switch. To enable the
router to transmit packets with different VLAN IDs to different servers, perform the
following operations:
● Add the router interface connected to the Switch to all service VLANs in tagged mode.
● Add each interface of each service network to a service VLAN and configure a VLANIF
interface.
For details, see the router configuration guide.

Procedure
Step 1 Create VLANs.

# Create VLAN 100, VLAN 200, and VLAN 300 on the Switch.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 100 200 300

Step 2 Configure interfaces.

# On the Switch, configure GE0/0/1 as the hybrid interface, add GE0/0/1 to VLAN
100, VLAN 200, and VLAN 300 in untagged mode, and enable IP subnet-based
VLAN assignment.
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 100 200 300
[Switch-GigabitEthernet0/0/1] ip-subnet-vlan enable
[Switch-GigabitEthernet0/0/1] quit

# On the Switch, configure GE0/0/2 as the trunk interface, add GE0/0/2 to VLAN
100, VLAN 200, and VLAN 300 in tagged mode,
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type trunk
[Switch-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 200 300
[Switch-GigabitEthernet0/0/2] quit

Step 3 Configure IP subnet-based VLAN assignment.

# On the Switch, associate IP subnet 192.168.1.2/24 with VLAN 100 and set the
802.1p priority of VLAN 100 to 2.
[Switch] vlan 100
[Switch-vlan100] ip-subnet-vlan 1 ip 192.168.1.2 24 priority 2
[Switch-vlan100] quit

# On the Switch, associate IP subnet 192.168.2.2/24 with VLAN 200 and set the
802.1p priority of VLAN 200 to 3.
[Switch] vlan 200
[Switch-vlan200] ip-subnet-vlan 1 ip 192.168.2.2 24 priority 3
[Switch-vlan200] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 252

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

# On the Switch, associate IP subnet 192.168.3.2/24 with VLAN 300 and set the
802.1p priority of VLAN 300 to 4.
[Switch] vlan 300
[Switch-vlan300] ip-subnet-vlan 1 ip 192.168.3.2 24 priority 4
[Switch-vlan300] quit

Step 4 Verify the configuration.

Run the display ip-subnet-vlan vlan all command on the Switch. The following
information is displayed:
[Switch] display ip-subnet-vlan vlan all
----------------------------------------------------------------
Vlan Index IpAddress SubnetMask Priority
----------------------------------------------------------------
100 1 192.168.1.2 255.255.255.0 2
200 1 192.168.2.2 255.255.255.0 3
300 1 192.168.3.2 255.255.255.0 4
----------------------------------------------------------------
ip-subnet-vlan count: 3 total count: 3

----End

Configuration Files
● Switch configuration file
#
sysname Switch
#
vlan batch 100 200 300
#
vlan 100
ip-subnet-vlan 1 ip 192.168.1.2 255.255.255.0 priority 2
vlan 200
ip-subnet-vlan 1 ip 192.168.2.2 255.255.255.0 priority 3
vlan 300
ip-subnet-vlan 1 ip 192.168.3.2 255.255.255.0 priority 4
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid untagged vlan 100 200 300
ip-subnet-vlan enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100 200 300
#
return

5.9.5 Example for Configuring Protocol-based VLAN

Assignment

Networking Requirements
A company has multiple services, including IPTV, VoIP, and Internet access. Each
service uses a different protocol. To facilitate network management, each service
is added to a different VLAN.

As shown in Figure 5-28, Swithc1 receives packets of multiple services that use
different protocols. Users in VLAN 10 use IPv4 to communicate with remote users,
and users in VLAN 20 use IPv6 to communicate with the servers. Switch1 needs to

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 253

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

assign VLANs to packets of different services and transmit packets with different
VLAN IDs to different servers.

Figure 5-28 Networking diagram for protocol-based VLAN assignment

Voice
Network Internet

RouterA RouterB
GE0/0/2 GE0/0/3
Switch
GE0/0/1
GE0/0/1

Switch1
GE0/0/2 GE0/0/3

IPv4 IPv6
VLAN 10 VLAN 20

Configuration Roadmap
The configuration roadmap is as follows:

1. Create VLANs and determine which VLAN each service belongs to.
2. Associate protocols with VLANs so that the VLANs that received packets
belong to can be assigned based on protocols.
3. Add interfaces to VLANs so that packets of the protocol-based VLANs can
pass through the interfaces.
4. Associate interfaces with VLANs.
After the Switch receives a frame of a specified protocol, it assigns the VLAN
ID associated with the protocol to the frame.

Procedure
Step 1 Create VLANs.
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan batch 10 20

Step 2 Configure protocol-based VLAN assignment.

# Associate IPv4 with VLAN 10 on Switch1.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 254

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

[Switch1] vlan 10
[Switch1-vlan10] protocol-vlan ipv4
[Switch1-vlan10] quit

# Associate IPv6 with VLAN 20 on Switch1.

[Switch1] vlan 20
[Switch1-vlan20] protocol-vlan ipv6
[Switch1-vlan20] quit

Step 3 Associate interfaces with protocol-based VLANs.

# Associate GE0/0/2 with VLAN 10 and set the 802.1p priority of VLAN 10 to 5 on
Switch1.
[Switch1] interface gigabitethernet 0/0/2
[Switch1-GigabitEthernet0/0/2] protocol-vlan vlan 10 all priority 5
[Switch1-GigabitEthernet0/0/2] quit

# Associate GE0/0/3 with VLAN 20 and set the 802.1p priority of VLAN 20 to 6 on
Switch1.
[Switch1] interface gigabitethernet 0/0/3
[Switch1-GigabitEthernet0/0/3] protocol-vlan vlan 20 all priority 6
[Switch1-GigabitEthernet0/0/3] quit

Step 4 Configure interfaces.

# Add GE0/0/1 to VLAN 10 and VLAN 20 in trunk mode on Switch1.
[Switch1] interface gigabitethernet 0/0/1
[Switch1-GigabitEthernet0/0/1] port link-type trunk
[Switch1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 20
[Switch1-GigabitEthernet0/0/1] quit

# Add GE0/0/2 to VLAN 10 in untagged mode on Switch1.

[Switch1] interface gigabitethernet 0/0/2
[Switch1-GigabitEthernet0/0/2] port link-type hybrid
[Switch1-GigabitEthernet0/0/2] port hybrid untagged vlan 10
[Switch1-GigabitEthernet0/0/2] quit

# Add GE0/0/3 to VLAN 20 in untagged mode on Switch1.

[Switch1] interface gigabitethernet 0/0/3
[Switch1-GigabitEthernet0/0/3] port link-type hybrid
[Switch1-GigabitEthernet0/0/3] port hybrid untagged vlan 20
[Switch1-GigabitEthernet0/0/3] quit

# Add GE0/0/1 to VLAN 10 and VLAN 20 in trunk mode on the switch.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type trunk
[Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 20
[Switch-GigabitEthernet0/0/1] quit

# Add GE0/0/2 to VLAN 10 in trunk mode on the switch.

[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type trunk
[Switch-GigabitEthernet0/0/2] port trunk allow-pass vlan 10
[Switch-GigabitEthernet0/0/2] quit

# Add GE0/0/3 to VLAN 20 in trunk mode on the switch.

[Switch] interface gigabitethernet 0/0/3
[Switch-GigabitEthernet0/0/3] port link-type trunk

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 255

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

[Switch-GigabitEthernet0/0/3] port trunk allow-pass vlan 20

[Switch-GigabitEthernet0/0/3] quit

Step 5 Verify the configuration.

After the configuration is complete, run the display protocol-vlan interface all
command on Switch1 to view the protocol-based VLAN assignment.
[Switch1] display protocol-vlan interface all
-------------------------------------------------------------------------------
Interface VLAN Index Protocol Type Priority
-------------------------------------------------------------------------------
GigabitEthernet0/0/2 10 0 IPv4 5
GigabitEthernet0/0/3 20 0 IPv6 6

----End

Configuration Files
● Switch1 configuration file
#
sysname Switch1
#
vlan batch 10 20
#
vlan 10
protocol-vlan 0 ipv4
vlan 20
protocol-vlan 0 ipv6
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid untagged vlan 10
protocol-vlan vlan 10 0 priority 5
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid untagged vlan 20
protocol-vlan vlan 20 0 priority 6
#
return

● Switch configuration file

#
sysname Switch
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 20
#
return

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 256

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

5.9.6 Example for Configuring VLANIF Interfaces to

Implement Inter-VLAN Communication
Networking Requirements
Different user hosts of a company transmit the same service, and are located on
different network segments. User hosts transmitting the same service belong to
different VLANs and need to communicate.

As shown in Figure 5-29, User1 and User2 use the same service but belong to
different VLANs and are located on different network segments. User1 and User2
need to communicate.

Figure 5-29 Configuring VLANIF interfaces to implement inter-VLAN

communication
Switch

GE0/0/1 GE0/0/2
VLANIF10 VLANIF20
10.10.10.2/24 10.10.20.2/24

VLAN 10 VLAN 20

User1 User2
10.10.10.3/24 10.10.20.3/24

Configuration Roadmap
The configuration roadmap is as follows:

1. Create VLANs and determine VLANs that users belong to.

2. Add interfaces to VLANs and configure the interfaces to allow the VLANs.
3. Create VLANIF interfaces and configure IP addresses for the VLANIF interfaces
to implement Layer 3 connectivity.

NOTE

To implement inter-VLAN communication, hosts in each VLAN must use the IP address of
the corresponding VLANIF interface as the gateway address.

Procedure
Step 1 Configure the Switch.

# Create VLANs.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 10 20

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 257

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

# Add interfaces to VLANs.

[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type access
[Switch-GigabitEthernet0/0/1] port default vlan 10
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type access
[Switch-GigabitEthernet0/0/2] port default vlan 20
[Switch-GigabitEthernet0/0/2] quit

# Assign IP addresses to VLANIF interfaces.

[Switch] interface vlanif 10
[Switch-Vlanif10] ip address 10.10.10.2 24
[Switch-Vlanif10] quit
[Switch] interface vlanif 20
[Switch-Vlanif20] ip address 10.10.20.2 24
[Switch-Vlanif20] quit

Step 2 Verify the configuration.

Configure the IP address of 10.10.10.3/24 and default gateway address as

10.10.10.2/24 (VLANIF 10's IP address) for User1 in VLAN 10.

Configure the IP address of 10.10.20.3/24 and default gateway address as

10.10.20.2/24 (VLANIF 20's IP address) for User2 in VLAN 20.

After the configuration is complete, User1 in VLAN 10 and User2 in VLAN 20 can
communicate.

----End

Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 10 20
#
interface Vlanif10
ip address 10.10.10.2 255.255.255.0
#
interface Vlanif20
ip address 10.10.20.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
#
return

Related Content
Videos

Deploying a Layer 3 Switch on a LAN

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 258

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

5.9.7 Example for Configuring VLANIF Interfaces to

Implement Intra-VLAN Communication

Networking Requirements
As shown in Figure 5-30, Switch_1 and Switch_2 are connected to Layer 2
networks that VLAN 10 belongs to. Switch_1 communicates with Switch_2 through
a Layer 3 network where OSPF is enabled.

PCs of the two Layer 2 networks need to be isolated at Layer 2 and interwork at
Layer 3.

Figure 5-30 Configuring VLANIF interfaces to implement intra-VLAN

communication

Switch_1 Switch_2
GE0/0/2 OSPF GE0/0/2

GE0/0/1 GE0/0/1

GE0/0/2 Switch_3 Switch_4 GE0/0/2

GE0/0/1 GE0/0/1

VLAN10 VLAN10

Configuration Roadmap
The configuration roadmap is as follows:

1. Add interfaces to VLANs and configure the interfaces to allow the VLANs.
2. Configure IP addresses for VLANIF interfaces to implement Layer 3
connectivity.
3. Configure basic OSPF functions to implement interworking.

Procedure
Step 1 Configure Switch_1.

# Create VLAN 10 and VLAN 30.

<HUAWEI> system-view
[HUAWEI] sysname Switch_1
[Switch_1] vlan batch 10 30

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 259

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

# Add GE0/0/1 to VLAN 10 and GE0/0/2 to VLAN 30.

[Switch_1] interface gigabitethernet 0/0/1
[Switch_1-GigabitEthernet0/0/1] port link-type trunk
[Switch_1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Switch_1-GigabitEthernet0/0/1] quit
[Switch_1] interface gigabitethernet 0/0/2
[Switch_1-GigabitEthernet0/0/2] port link-type trunk
[Switch_1-GigabitEthernet0/0/2] port trunk allow-pass vlan 30
[Switch_1-GigabitEthernet0/0/2] quit

# Configure IP addresses of 10.10.10.1/24 and 10.10.30.1/24 for VLANIF 10 and

VLANIF 30 respectively.
[Switch_1] interface vlanif 10
[Switch_1-Vlanif10] ip address 10.10.10.1 24
[Switch_1-Vlanif10] quit
[Switch_1] interface vlanif 30
[Switch_1-Vlanif30] ip address 10.10.30.1 24
[Switch_1-Vlanif30] quit

# Configure basic OSPF functions.

[Switch_1] router id 1.1.1.1
[Switch_1] ospf
[Switch_1-ospf-1] area 0
[Switch_1-ospf-1-area-0.0.0.0] network 10.10.10.0 0.0.0.255
[Switch_1-ospf-1-area-0.0.0.0] network 10.10.30.0 0.0.0.255
[Switch_1-ospf-1-area-0.0.0.0] quit

Step 2 Configure Switch_2.

# Create VLAN 10 and VLAN 30.
<HUAWEI> system-view
[HUAWEI] sysname Switch_2
[Switch_2] vlan batch 10 30

# Add GE0/0/1 to VLAN 10 and GE0/0/2 to VLAN 30.

[Switch_2] interface gigabitethernet 0/0/1
[Switch_2-GigabitEthernet0/0/1] port link-type trunk
[Switch_2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Switch_2-GigabitEthernet0/0/1] quit
[Switch_2] interface gigabitethernet 0/0/2
[Switch_2-GigabitEthernet0/0/2] port link-type trunk
[Switch_2-GigabitEthernet0/0/2] port trunk allow-pass vlan 30
[Switch_2-GigabitEthernet0/0/2] quit

# Configure IP addresses of 10.10.20.1/24 and 10.10.30.2/24 for VLANIF 10 and

VLANIF 30 respectively.
[Switch_2] interface vlanif 10
[Switch_2-Vlanif10] ip address 10.10.20.1 24
[Switch_2-Vlanif10] quit
[Switch_2] interface vlanif 30
[Switch_2-Vlanif30] ip address 10.10.30.2 24
[Switch_2-Vlanif30] quit

# Configure basic OSPF functions.

[Switch_2] router id 2.2.2.2
[Switch_2] ospf
[Switch_2-ospf-1] area 0
[Switch_2-ospf-1-area-0.0.0.0] network 10.10.20.0 0.0.0.255
[Switch_2-ospf-1-area-0.0.0.0] network 10.10.30.0 0.0.0.255
[Switch_2-ospf-1-area-0.0.0.0] quit

Step 3 Configure Switch_3.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 260

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

# Create VLAN 10, add GE0/0/1 to VLAN 10 in untagged mode and GE0/0/2 to
VLAN 10 in tagged mode. The configuration of Switch_4 is similar to that of
Switch_3, and is not mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname Switch_3
[Switch_3] vlan batch 10
[Switch_3] interface gigabitethernet 0/0/1
[Switch_3-GigabitEthernet0/0/1] port link-type access
[Switch_3-GigabitEthernet0/0/1] port default vlan 10
[Switch_3-GigabitEthernet0/0/1] quit
[Switch_3] interface gigabitethernet 0/0/2
[Switch_3-GigabitEthernet0/0/2] port link-type trunk
[Switch_3-GigabitEthernet0/0/2] port trunk allow-pass vlan 10
[Switch_3-GigabitEthernet0/0/2] quit

Step 4 Verify the configuration.

On the PC of the Layer 2 network connected to Switch_1, set the default gateway
address to the IP address of VLANIF10, that is, 10.10.10.1.
On the PC of the Layer 2 network connected to Switch_2, set the default gateway
address to the IP address of VLANIF10, that is, 10.10.20.1.
After the configuration is complete, PCs on the two Layer 2 networks are isolated
at Layer 2 and interwork at Layer 3.

----End

Configuration Files
● Switch_1 configuration file
#
sysname Switch_1
#
router id 1.1.1.1
#
vlan batch 10 30
#
interface Vlanif10
ip address 10.10.10.1 255.255.255.0
#
interface Vlanif30
ip address 10.10.30.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
ospf 1
area 0.0.0.0
network 10.10.10.0 0.0.0.255
network 10.10.30.0 0.0.0.255
#
return

● Switch_2 configuration file

#
sysname Switch_2
#
router id 2.2.2.2
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 261

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

vlan batch 10 30
#
interface Vlanif10
ip address 10.10.20.1 255.255.255.0
#
interface Vlanif30
ip address 10.10.30.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
ospf 1
area 0.0.0.0
network 10.10.20.0 0.0.0.255
network 10.10.30.0 0.0.0.255
#
return

● Switch_3 configuration file

#
sysname Switch_3
#
vlan batch 10
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
return

● Switch_4 configuration file

#
sysname Switch_4
#
vlan batch 10
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
return

Related Content
Videos

Deploying a Layer 3 Switch on a LAN

5.9.8 Example for Configuring VLANIF Interfaces to

Implement Communication of Hosts on Different Network
Segments in the Same VLAN

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 262

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Networking Requirements
On the enterprise network shown in Figure 5-31, hosts in the same VLAN belong
to network segments of 10.1.1.1/24 and 10.1.2.1/24. Hosts on the two network
segments are required to access the Internet through the Switch and
communicate.

Figure 5-31 Configuring VLANIF interfaces to implement communication of hosts

on different network segments in the same VLAN

Internet

Router 10.10.10.2/24
VLANIF10
Primary IP: 10.1.1.1/24
GE0/0/3 Secondary IP: 10.1.2.1/24
VLANIF20
Switch 10.10.10.1/24

GE0/0/1 GE0/0/2

VLAN10

Host1 Host2
10.1.1.2/24 10.1.2.2/24

Configuration Roadmap
If only one IP address is configured for the VLANIF interface on the Switch, only
hosts on one network segment can access the Internet through the Switch. To
enable all hosts on the LAN to access the Internet through the Switch, configure a
secondary IP address for the VLANIF interface. To enable hosts on the two
network segments to communicate, the hosts on the two network segments need
to use the primary and secondary IP addresses of the VLANIF interface as default
gateway addresses.

The configuration roadmap is as follows:

1. Create VLANs and add interfaces to the VLANs.

2. Configure VLANIF interfaces and assign IP addresses to them so that hosts on
the two network segments can communicate.
3. Configure a routing protocol so that hosts can access the Internet through the
Switch.

Procedure
Step 1 Create VLANs and add interfaces to the VLANs.

# Create VLAN 10 and VLAN 20.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 263

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 10 20

# Add GE0/0/1 and GE0/0/2 to VLAN 10 and GE0/0/3 to VLAN 20.

[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type access
[Switch-GigabitEthernet0/0/1] port default vlan 10
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type access
[Switch-GigabitEthernet0/0/2] port default vlan 10
[Switch-GigabitEthernet0/0/2] quit
[Switch] interface gigabitethernet 0/0/3
[Switch-GigabitEthernet0/0/3] port link-type trunk
[Switch-GigabitEthernet0/0/3] port trunk allow-pass vlan 20
[Switch-GigabitEthernet0/0/3] quit

Step 2 Configure VLANIF interfaces.

# Create VLANIF 10 and configure the primary IP address of 10.1.1.1/24 and

secondary IP address of 10.1.2.1/24 for VLANIF 10, and create VLANIF 20 and
configure the IP address of 10.10.10.1/24 for VLANIF 20.
[Switch] interface vlanif 10
[Switch-Vlanif10] ip address 10.1.1.1 24
[Switch-Vlanif10] ip address 10.1.2.1 24 sub
[Switch-Vlanif10] quit
[Switch] interface vlanif 20
[Switch-Vlanif20] ip address 10.10.10.1 24
[Switch-Vlanif20] quit

Step 3 Configure a routing protocol.

# Configure basic OSPF functions and configure OSPF to advertise network

segments of hosts and the network segment between the Switch and router.
[Switch] ospf
[Switch-ospf-1] area 0
[Switch-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[Switch-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[Switch-ospf-1-area-0.0.0.0] network 10.10.10.0 0.0.0.255
[Switch-ospf-1-area-0.0.0.0] quit
[Switch-ospf-1] quit

NOTE

Perform the following configurations on the router:

● Add the interface connected to the Switch to VLAN 20 in tagged mode and specify an
IP address for VLANIF 20 on the same network segment as 10.10.10.1.
● Configure basic OSPF functions and configure OSPF to advertise the network segment
between the Switch and router.
For details, see the router documentation.

Step 4 Verify the configuration.

Configure the IP address of 10.1.1.2/24 and default gateway address of 10.1.1.1

(primary IP address of VLANIF 10) for Host1; configure the IP address of
10.1.2.2/24 and default gateway address of 10.1.2.1 (secondary IP address of
VLANIF 10) for Host2.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 264

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

After the configuration is complete, Host1 and Host2 can ping each other
successfully, and they can ping 10.10.10.2/24, IP address of the router interface
connected to the Switch. That is, they can access the Internet.

----End

Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 10 20
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
ip address 10.1.2.1 255.255.255.0 sub
#
interface Vlanif20
ip address 10.10.10.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 20
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 10.10.10.0 0.0.0.255
#
return

Related Content
Videos
Deploying a Layer 3 Switch on a LAN

5.9.9 Example for Configuring a Traffic Policy to Implement

Inter-VLAN Layer 3 Isolation

Networking Requirements
As shown in Figure 5-32, to ensure communication security, a company assigns
visitors, employees, and servers to VLAN 10, VLAN 20, and VLAN 30 respectively.
The requirements are as follows:
● Employees, visitors, and servers can access the Internet.
● Visitors can access only the Internet, and cannot communicate with
employees in any other VLANs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 265

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

● Employee A can access all resources in the server area, and other employees
can access port 21 (FTP service) of server A.

Figure 5-32 Configuring a traffic policy to implement inter-VLAN Layer 3 isolation

Internet

Router

VLANIF100
GE0/0/4 10.1.100.1/24
GE0/0/1 GE0/0/3

Switch_4 GE0/0/2

GE0/0/2 GE0/0/3 GE0/0/2

Switch_1 Switch_2 Switch_3
GE0/0/1 GE0/0/1 GE0/0/2 GE0/0/1

Visitor Employee Server

area area area
Visitor A Employee A Employee B Server A
10.1.1.2/24 10.1.2.2/24 10.1.2.3/24 10.1.3.2/24
VLAN10 VLAN20 VLAN30

Configuration Roadmap
The configuration roadmap is as follows:

1. Create VLANs and add interfaces to the VLANs to implement Layer 2 isolation
of visitors, employees, and servers.
2. Configure VLANIF interfaces and assign IP addresses to them to implement
Layer 3 connectivity between employees, servers, and visitors.
3. Configure a routing protocol so that visitors, employees, and servers can
access the Internet through the Switch.
4. Configure and apply a traffic policy so that employee A can access all
resources in the server area, other employees can access only port 21 (FTP
service) of server A, employees can access only servers, and visitors can access
only the Internet.

Procedure
Step 1 Create VLANs and add interfaces to the VLANs to implement Layer 2 isolation of
visitors, employees, and servers.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 266

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

# Create VLAN 10 on Switch_1, add GE0/0/1 to VLAN 10 in untagged mode and

GE0/0/2 to VLAN 10 in tagged mode. The configurations of Switch_2 and Switch_3
are similar to the configuration of Switch_1, and are not mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname Switch_1
[Switch_1] vlan batch 10
[Switch_1] interface gigabitethernet 0/0/1
[Switch_1-GigabitEthernet0/0/1] port link-type access
[Switch_1-GigabitEthernet0/0/1] port default vlan 10
[Switch_1-GigabitEthernet0/0/1] quit
[Switch_1] interface gigabitethernet 0/0/2
[Switch_1-GigabitEthernet0/0/2] port link-type trunk
[Switch_1-GigabitEthernet0/0/2] port trunk allow-pass vlan 10
[Switch_1-GigabitEthernet0/0/2] quit

# Create VLAN 10, VLAN 20, VLAN 30, and VLAN 100 on Switch_4, and add
GE0/0/1-GE0/0/4 to VLAN 10, VLAN 20, VLAN 30, and VLAN 100 in tagged mode.
<HUAWEI> system-view
[HUAWEI] sysname Switch_4
[Switch_4] vlan batch 10 20 30 100
[Switch_4] interface gigabitethernet 0/0/1
[Switch_4-GigabitEthernet0/0/1] port link-type trunk
[Switch_4-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Switch_4-GigabitEthernet0/0/1] quit
[Switch_4] interface gigabitethernet 0/0/2
[Switch_4-GigabitEthernet0/0/2] port link-type trunk
[Switch_4-GigabitEthernet0/0/2] port trunk allow-pass vlan 20
[Switch_4-GigabitEthernet0/0/2] quit
[Switch_4] interface gigabitethernet 0/0/3
[Switch_4-GigabitEthernet0/0/3] port link-type trunk
[Switch_4-GigabitEthernet0/0/3] port trunk allow-pass vlan 30
[Switch_4-GigabitEthernet0/0/3] quit
[Switch_4] interface gigabitethernet 0/0/4
[Switch_4-GigabitEthernet0/0/4] port link-type trunk
[Switch_4-GigabitEthernet0/0/4] port trunk allow-pass vlan 100
[Switch_4-GigabitEthernet0/0/4] quit

Step 2 Configure VLANIF interfaces and assign IP addresses to them to implement Layer
3 connectivity between employees, servers, and visitors.
# On Switch_4, create VLAN 10, VLAN 20, VLAN 30, and VLAN 100 and assign IP
addresses of 10.1.1.1/24, 10.1.2.1/24, 10.1.3.1/24, and 10.1.100.1/24 to them
respectively.
[Switch_4] interface vlanif 10
[Switch_4-Vlanif10] ip address 10.1.1.1 24
[Switch_4-Vlanif10] quit
[Switch_4] interface vlanif 20
[Switch_4-Vlanif20] ip address 10.1.2.1 24
[Switch_4-Vlanif20] quit
[Switch_4] interface vlanif 30
[Switch_4-Vlanif30] ip address 10.1.3.1 24
[Switch_4-Vlanif30] quit
[Switch_4] interface vlanif 100
[Switch_4-Vlanif100] ip address 10.1.100.1 24
[Switch_4-Vlanif100] quit

Step 3 Configure a routing protocol so that visitors, employees, and servers can access
the Internet through the Switch.
# Configure basic OSPF functions on Switch_4 and configure OSPF to advertise
network segments of hosts and the network segment between Switch_4 and the
router.
[Switch_4] ospf
[Switch_4-ospf-1] area 0

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 267

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

[Switch_4-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[Switch_4-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[Switch_4-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255
[Switch_4-ospf-1-area-0.0.0.0] network 10.1.100.0 0.0.0.255
[Switch_4-ospf-1-area-0.0.0.0] quit
[Switch_4-ospf-1] quit

NOTE

Perform the following configurations on the router:

● Add the interface connected to the Switch to VLAN 100 in tagged mode and specify
an IP address for VLANIF 100 on the same network segment as 10.1.100.1.
● Configure basic OSPF functions and configure OSPF to advertise the network segment
between the Switch and router.
For details, see the router documentation.

Step 4 Configure and apply a traffic policy to control access of employees, visitors, and
servers.
1. Configure ACLs to define flows.
# Configure ACL 3000 on Switch_4 to prevent visitors from accessing
employees' PCs and servers.
[Switch_4] acl 3000
[Switch_4-acl-adv-3000] rule deny ip destination 10.1.2.1 0.0.0.255
[Switch_4-acl-adv-3000] rule deny ip destination 10.1.3.1 0.0.0.255
[Switch_4-acl-adv-3000] quit

# Configure ACL 3001 on Switch_4 so that employee A can access all

resources in the server area and other employees can access only port 21 of
server A.
[Switch_4] acl 3001
[Switch_4-acl-adv-3001] rule permit ip source 10.1.2.2 0 destination 10.1.3.1 0.0.0.255
[Switch_4-acl-adv-3001] rule permit tcp destination 10.1.3.2 0 destination-port eq 21
[Switch_4-acl-adv-3001] rule deny ip destination 10.1.3.1 0.0.0.255
[Switch_4-acl-adv-3001] quit

2. Configure traffic classifiers to differentiate different flows.

# Configure traffic classifiers c_custom, and c_staff on Switch_4 and
reference ACLs 3000, and 3001 in the traffic classifiers respectively.
[Switch_4] traffic classifier c_custom
[Switch_4-classifier-c_custom] if-match acl 3000
[Switch_4-classifier-c_custom] quit
[Switch_4] traffic classifier c_staff
[Switch_4-classifier-c_staff] if-match acl 3001
[Switch_4-classifier-c_staff] quit

3. Configure a traffic behavior and define an action.

# Configure a traffic behavior named b1 on Switch_4 and define the permit
action.
[Switch_4] traffic behavior b1
[Switch_4-behavior-b1] permit
[Switch_4-behavior-b1] quit

4. Configure traffic policies and associate traffic classifiers with the traffic
behavior in the traffic policies.
# Create traffic policies p_custom and p_staff on Switch_4, and associate
traffic classifiers c_custom and c_staff with traffic behavior b1.
[Switch_4] traffic policy p_custom
[Switch_4-trafficpolicy-p_custom] classifier c_custom behavior b1
[Switch_4-trafficpolicy-p_custom] quit
[Switch_4] traffic policy p_staff

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 268

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

[Switch_4-trafficpolicy-p_staff] classifier c_staff behavior b1

[Switch_4-trafficpolicy-p_staff] quit
5. Apply the traffic policies to control access of employees, visitors, and servers.
# On Switch_4, apply traffic policies p_custom and p_staff in the inbound
direction of VLAN 10 and VLAN 20 respectively.
[Switch_4] vlan 10
[Switch_4-vlan10] traffic-policy p_custom inbound
[Switch_4-vlan10] quit
[Switch_4] vlan 20
[Switch_4-vlan20] traffic-policy p_staff inbound
[Switch_4-vlan20] quit

Step 5 Verify the configuration.

Configure the IP address of 10.1.1.2/24 and default gateway address of 10.1.1.1
(VLANIF 10's IP address) for visitor A; configure the IP address of 10.1.2.2/24 and
default gateway address of 10.1.2.1 (VLANIF 20's IP address) for employee A;
configure the IP address of 10.1.2.3/24 and default gateway address of 10.1.2.1
(VLANIF 20's IP address) for employee B; configure the IP address of 10.1.3.2/24
and default gateway address of 10.1.3.1 (VLANIF 30's IP address) for server A.
After the configuration is complete, the following situations occur:
● Visitor A fails to ping employee A or server A, and employee A and server A
fail to ping visitor A.
● Employee A can successfully ping server A. That is, employee A can use server
A and the FTP service of server A.
● Employee B fails to ping server A, and can only use the FTP service of server
A.
● Visitors, employees A and B, and server A all can ping 10.1.100.2/24, IP
address of the router interface connected to Switch_4. That is, they can access
the Internet.

----End

Configuration Files
● Switch_1 configuration file
#
sysname Switch_1
#
vlan batch 10
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
return
● Switch_2 configuration file
#
sysname Switch_2
#
vlan batch 20
#
interface GigabitEthernet0/0/1
port link-type access

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 269

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

port default vlan 20

#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 20
#
return
● Switch_3 configuration file
#
sysname Switch_3
#
vlan batch 30
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 30
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
return
● Switch_4 configuration file
#
sysname Switch_4
#
vlan batch 10 20 30 100
#
acl number 3000
rule 5 deny ip destination 10.1.2.0 0.0.0.255
rule 10 deny ip destination 10.1.3.0 0.0.0.255
acl number 3001
rule 5 permit tcp destination 10.1.3.2 0 destination-port eq ftp
rule 10 permit ip source 10.1.2.2 0 destination 10.1.3.0 0.0.0.255
rule 15 deny ip destination 10.1.3.0 0.0.0.255
#
traffic classifier c_custom operator and
if-match acl 3000
traffic classifier c_staff operator and
if-match acl 3001
#
traffic behavior b1
permit
#
traffic policy p_custom match-order config
classifier c_custom behavior b1
traffic policy p_staff match-order config
classifier c_staff behavior b1
#
vlan 10
traffic-policy p_custom inbound
vlan 20
traffic-policy p_staff inbound
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface Vlanif20
ip address 10.1.2.1 255.255.255.0
#
interface Vlanif30
ip address 10.1.3.1 255.255.255.0
#
interface Vlanif100

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 270

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

ip address 10.1.100.1 255.255.255.0

#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 100
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
network 10.1.100.0 0.0.0.255
#
return

5.9.10 Example for Configuring an mVLAN to Implement

Remote Management

Networking Requirements
As shown in Figure 5-33, users need to securely log in to the Switch for remote
management. There is no idle management interface on the Switch.

Figure 5-33 Configuring an mVLAN to implement remote management

10.1.1.1/24 10.10.10.2/24
IP GE0/0/1
Network
PC Switch

Configuration Roadmap
A management interface or VLANIF interface of an mVLAN can be used to log in
to the device for remote management. The device has no idle management
interface, so the mVLAN is used. STelnet is used to ensure login security. The
configuration roadmap is as follows:

1. Configure an mVLAN on the Switch and add an interface to the mVLAN.

2. Configure a VLANIF interface and assign an IP address to it on the Switch.
3. Enable STelnet on the Switch and configure an SSH user.
4. Log in to the Switch using STelnet from a user PC.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 271

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

NOTE

● The user PC needs to be configured with the software for logging in to the SSH server,
key pair generation software, and public key conversion software.
● To ensure device security, change the password periodically.

Procedure
Step 1 Configure an mVLAN and add an interface to the mVLAN.

# Create VLAN 10 on the Switch and specify VLAN 10 as the mVLAN, and add
GE0/0/1 to VLAN 10 in tagged mode.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan 10
[Switch-vlan10] management-vlan
[Switch-vlan10] quit
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type trunk
[Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Switch-GigabitEthernet0/0/1] quit

Step 2 Configure a VLANIF interface and assign an IP address to the VLANIF interface.

# Create VLANIF 10 on the Switch and configure the IP address of 10.10.10.2/24

for it.
[Switch] interface vlanif 10
[Switch-Vlanif10] ip address 10.10.10.2 24
[Switch-Vlanif10] quit

Step 3 Enable the STelnet service and configure an SSH user.

1. Configure the Switch to generate a local key pair.
[Switch] rsa local-key-pair create
The key name will be: Switch_Host
The range of public key size is (2048 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 2048]: //Press Enter.
Generating keys...
...................+++++
........................++
....++++
...........++

2. Configure an SSH user.

# Configure the VTY user interface on the Switch.
[Switch] user-interface vty 0 14
[Switch-ui-vty0-14] authentication-mode aaa
[Switch-ui-vty0-14] protocol inbound ssh
[Switch-ui-vty0-14] quit

# Create an SSH user named client001 on the Switch and configure password
authentication.
[Switch] aaa
[Switch-aaa] local-user client001 password irreversible-cipher Huawei@123
[Switch-aaa] local-user client001 privilege level 3
[Switch-aaa] local-user client001 service-type ssh
[Switch-aaa] quit
[Switch] ssh user client001 authentication-type password

3. Enable the STelnet service.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 272

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

# Enable the STelnet service on the Switch.

[Switch] stelnet server enable

# Configure the STelnet service for SSH user client001.

[Switch] ssh user client001 service-type stelnet

NOTE

The PC connects to the switch through the intermediate device. The intermediate device
needs to transparently transmit packets from mVLAN 10 and has a route from 10.1.1.1/24
to 10.10.10.2/24.

Step 4 Verify the configuration.

After the configuration is complete, the user can log in to the Switch from the PC
using password authentication.
# Run the Putty software on the user PC. The dialog box shown in Figure 5-34 is
displayed. Enter 10.10.10.2 (IP address of the Switch) and select SSH.

Figure 5-34 Configuring an mVLAN to implement remote management

# Click Open. On the page that is displayed on the Switch, enter the user name
and password, and press Enter.
login as: client001
SSH server: User Authentication
Using keyboard-interactive authentication.
Password:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 273

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Info: The max number of VTY users is 10, and the number
of current VTY users on line is 1.
The current login time is 2014-02-25 05:45:41+00:00.
<Switch>

The user can successfully log in to the Switch for remote management.
----End

Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 10
#
vlan 10
management-vlan
#
aaa
local-user client001 password irreversible-cipher $1a$EqZEVTq=/@T2XM0q0W{Ec[Fs2@&4YII@-
=(lbr[K>4Dq76]3#BgqMOAxu^%$$
local-user client001 privilege level 3
local-user client001 service-type ssh
#
interface Vlanif10
ip address 10.10.10.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
stelnet server enable
ssh user client001
ssh user client001 authentication-type password
ssh user client001 service-type stelnet
#
user-interface vty 0 14
authentication-mode aaa
#
return

5.9.11 Example for Configuring Transparent Transmission of

Protocol Packets in a VLAN
Networking Requirements
NOTE

Only the S5720HI, S5720EI, S6720EI, and S6720S-EI support this function.

A company has multiple subsidiary companies. When the parent company

communicates with a subsidiary company through the core switch, the core switch
processes the packets before forwarding them. If multiple subsidiary companies
communicate with the parent company simultaneously, processing capabilities of
the core switch deteriorate. As a result, the communication efficiency is lowered
and communication costs increases. Transparent transmission of protocol packets
in a VLAN can be configured on the core switch to solve this problem.
As shown in Figure 5-35, after transparent transmission of protocol packets in a
VLAN is enabled, the Switch forwards data from the specified VLAN without

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 274

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

sending the data to its CPU. This improves the processing efficiency, reduces
communication costs, and minimizes the probability of malicious attacks on the
Switch.

Figure 5-35 VLAN transparent transmission

Parent Company

Pac
ket
GE0/0/2

so
f VL
Switch

AN
GE0/0/1 GE0/0/3

2 0
VLAN 10 VLAN 20
SwitchA SwitchB

Sub Company 1 Sub Company 2

Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs.
2. Enable transparent transmission of protocol packets in a VLAN.
3. Add Ethernet interfaces to VLANs.

Procedure
Step 1 Configure the Switch.
# Create VLANs.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 10 20

# Enable transparent transmission of protocol packets in a VLAN.

[Switch] vlan 20
[Switch-vlan20] protocol-transparent
[Switch-vlan20] quit

# Add interfaces to the VLANs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 275

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

[Switch] interface gigabitethernet 0/0/1

[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid tagged vlan 10
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type hybrid
[Switch-GigabitEthernet0/0/2] port hybrid tagged vlan 10 20
[Switch-GigabitEthernet0/0/2] quit
[Switch] interface gigabitethernet 0/0/3
[Switch-GigabitEthernet0/0/3] port link-type hybrid
[Switch-GigabitEthernet0/0/3] port hybrid tagged vlan 20
[Switch-GigabitEthernet0/0/3] quit

Step 2 Configure SwitchA and SwitchB. Add upstream interfaces on SwitchA and SwitchB
to VLAN 10 and VLAN 20 in tagged mode, and add downstream interfaces to
VLAN 10 and VLAN 20 in default mode. The configuration details are not
mentioned here.

Step 3 Verify the configuration.

# After the configuration is complete, run the display this command in the view
of VLAN 20. The command output shows that transparent transmission of
protocol packets in a VLAN is enabled.
[Switch] vlan 20
[Switch-vlan20] display this
#
vlan 20
protocol-transparent
#
return

----End

Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 10 20
#
vlan 20
protocol-transparent
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 10
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 10 20
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid tagged vlan 20
#
return

5.10 Troubleshooting VLANs

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 276

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

5.10.1 A VLANIF Interface Fails to Be Created

Fault Symptom
When a user attempts to create a VLANIF interface, the system displays an error
message. As a result, the VLANIF interface fails to be created.

Procedure
Step 1 Check the error message during VLANIF interface creation.

Rectify the fault according to the error message. See Table 5-9.

Table 5-9 Fault rectification according to the error message

Message Cause Analysis and Solution

Check Method

Error: Can not create this The number of created Run the undo
interface because the VLANIF interfaces on interface vlanif vlan-
interface number of this the device has reached id command to delete
type has reached its the limit. unnecessary VLANIF
maximum. Run the display interfaces, and then
interface brief create a specified
command to check the VLANIF interface.
number of VLANIF
interfaces, and check
whether the number of
VLANIF interfaces has
reached the limit in
Table 5-7.

Error: The VLAN is used by The VLAN Create a VLANIF

XXX. corresponding to the interface corresponding
NOTE VLANIF interfaces is a to another VLAN.
XXX indicates a feature, such as dynamic, control, or
stack, ERPS, RRPP, SEP, Smart reserved VLAN.
Link, GVRP, or VBST.
Run the display vlan
summary command to
check whether the
value of the Dynamic
vlan or Reserved vlan
field is the VLAN
corresponding to the
VLANIF interface.

Step 2 If the fault persists, collect alarms and logs and contact technical support
personnel.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 277

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

5.10.2 A VLANIF Interface Goes Down

Fault Symptom
A VLANIF interface goes Down.

Common Causes and Solutions

Table 5-10 describes common causes and solutions.

Table 5-10 Common causes and solutions

Common Cause Solution

The VLAN corresponding to the Run the vlan vlan-id command to

VLANIF interface is not created. create a VLAN corresponding to the
VLANIF interface.

The interface is not added to the Run the following commands as

VLAN. required.
NOTE ● Run the port default vlan vlan-id
● The port trunk pvid vlan vlan-id [ step step-number [ increased |
command only configures the PVID on decreased ] ] command in the
a trunk interface, but does not add a interface view to add an access
trunk interface to a VLAN.
interface to a VLAN.
● The port hybrid pvid vlan vlan-id
command only configures the PVID on ● Run the port trunk allow-pass
a hybrid interface, but does not add a vlan { { vlan-id1 [ to vlan-
hybrid interface to a VLAN. id2 ] }&<1-10> | all } command in
the interface view to add a trunk
interface to a VLAN.
● You can add a hybrid interface to a
VLAN in tagged or untagged mode.
Run the port hybrid tagged vlan
{ { vlan-id1 [ to vlan-id2 ] }&<1-10>
| all } command to add a hybrid
interface to a VLAN in tagged
mode, or run the port hybrid
untagged vlan { { vlan-id1 [ to
vlan-id2 ] }&<1-10> | all }
command to add a hybrid interface
to a VLAN in untagged mode.

The physical status of all interfaces Rectify this fault. A VLANIF interface
added to the VLAN is Down. goes Up as long as one interface in the
VLAN is Up.

No IP address is assigned to the Run the ip address command in the

VLANIF interface. VLANIF interface view to assign an IP
address to the VLANIF interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 278

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Common Cause Solution

The VLANIF interface is shut down. Run the undo shutdown command in
the VLANIF interface view to start the
VLANIF interface.

5.10.3 Users in a VLAN Cannot Communicate

Fault Symptom
Users in a VLAN cannot communicate.

Procedure
Step 1 Check whether the interfaces connected to user terminals are in Up state.

Run the display interface interface-type interface-number command in any view

to check the status of the interfaces.

● If the interface is Down, rectify the interface fault.

● If the interface is Up, go to Step 2.

Step 2 Check whether the IP addresses of user terminals are on the same network
segment. If they are on different network segments, change the IP addresses of
the user terminals to be on the same network segment. If the fault persists, go to
Step 3.

Step 3 Check whether the MAC address entry is correct.

Run the display mac-address command on the Switch to check whether MAC
addresses, interfaces, and VLANs in the learned MAC address entries are correct. If
the learned MAC address entries are incorrect, run the undo mac-address mac-
address vlan vlan-id command in the system view to delete MAC address entries
so that the Switch can learn MAC address entries again.

After the MAC address table is updated, check the MAC address entries again.
● If the MAC address entries are incorrect, go to Step 4.
● If the MAC address entries are correct, go to Step 5.

Step 4 Check whether the VLAN is properly configured.

Check the VLAN configuration according to the following table.

Check Item Method

Whether the Run the display vlan vlan-id command in any view to check
VLAN has been whether the VLAN has been created. If not, run the vlan
created command in the system view to create the VLAN.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 279

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Check Item Method

Whether the Run the display vlan vlan-id command in any view to check
interfaces are whether the VLAN contains the interfaces. If not, add the
added to the interfaces to the VLAN.
VLAN NOTE
If the interfaces are located on different switches, add the interfaces
connecting the switches to the VLAN.
The default type of an interface is Negotiation. You can run the port
link-type command to change the link type of an interface.
● Add an access interface to the VLAN by using either of
the following methods. Run the port default vlan
command in the interface view, or run the port command
in the VLAN view.
● Add a trunk interface to the VLAN. Run the port trunk
allow-pass vlan command in the interface view.
● Add a hybrid interface to the VLAN by using either of the
following methods. Run the port hybrid tagged vlan
command in the interface view, or run the port hybrid
untagged vlan command in the interface view.

Whether Correctly connect user terminals to device interfaces.

connections
between
interfaces and
user terminals
are correct

After the preceding operations, if the MAC address entries are correct, go to Step
5.
Step 5 Check whether port isolation is configured.
Run the interface interface-type interface-number command in the system view
to enter the interface view, and then run the display this command to check
whether port isolation is configured on the interface.
● If port isolation is not configured, go to Step 6.
● If port isolation is configured, run the undo port-isolate enable command on
the interface to disable port isolation. If the fault persists, go to Step 6.
Step 6 Check whether correct static Address Resolution Protocol (ARP) entries are
configured on the user terminals. If the static ARP entries are incorrect, modify
them. Otherwise, go to Step 7.
Step 7 Collect logs and alarms and contact technical support personnel.

----End

5.10.4 IP Addresses of the Connected Interfaces Between

Switches Cannot Be Pinged

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 280

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Fault Symptom
As shown in Figure 5-36, the IP address of VLANIF 10 on Switch_2 cannot be
pinged from Switch_1. Similarly, the IP address of VLANIF 10 on Switch_1 cannot
be pinged from Switch_2.

Figure 5-36 Connected switches

Switch_1 Switch_2
VLANIF10
VLANIF10

Procedure
Step 1 Check whether the VLANIF interface is Up.

Run the display interface vlanif vlan-id command on Switch_1 and Switch_2 and
check the current state and Line protocol current state fields.
● If the value of any one of the two fields is DOWN, the VLANIF interface is
Down. Rectify this fault according to 5.10.2 A VLANIF Interface Goes Down.
● If the values of the two fields are UP, the VLANIF interface is Up. Go to Step
2.

Step 2 Check whether the connected Ethernet interfaces between switches join a VLAN.

Run the display vlan vlan-id command on Switch_1 and Switch_2 and check the
Ports field. Check whether the connected Ethernet interfaces exist in the VLAN.
● If the connected Ethernet interfaces do not exist in the VLAN, add the
connected Ethernet interfaces to the VLAN.
● If the connected Ethernet interfaces exist in the VLAN and at least one of
them joins the VLAN in untagged mode (UT displayed before the interface),
change the untagged mode to tagged mode.
● If the connected Ethernet interfaces exist in the VLAN but the interfaces go
Down (D displayed after the interface), rectify the fault according to An
Ethernet Interface Is Physically Down in "Ethernet Interface Configuration" in
the S1720, S2700, S5700, and S6720 V200R011C10 Configuration Guide -
Interface Management.
● If none of the preceding configurations exists, go to Step 3.

Step 3 Check whether the PVID values on the connected Ethernet interface between
switches are the same.

Run the display port vlan interface-type interface-number command on Switch_1

and Switch_2 to check the PVID values.
● If the PVID values are different, change them to be the same.
● If the PVID values are the same, go to Step 4.

Step 4 Collect logs and alarms and contact technical support personnel.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 281

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

5.11 FAQ About VLANs

5.11.1 How Do I Create VLANs in a Batch?

Run the vlan batch command in the system view to create VLANs in a batch.
● Create 10 contiguous VLANs: VLAN 11 to VLAN 20.
<HUAWEI> system-view
[HUAWEI] vlan batch 11 to 20
● Create 10 noncontiguous VLANs in a batch: VLAN 10, VLANs 15 to 19, VLAN
25, VLANs 28 to VLAN 30.
<HUAWEI> system-view
[HUAWEI] vlan batch 10 15 to 19 25 28 to 30

NOTE

You can create a maximum of 10 noncontiguous VLANs or VLAN range at one time. If
there are more than 10 VLANs, run this command multiple times. For example, the
vlan batch 10 15 to 19 25 28 to 30 command creates four noncontiguous VLAN
ranges.

5.11.2 How Do I Add Interfaces to a VLAN in a Batch?

You can add interfaces to a VLAN in a batch using a port group, and can directly
add access interfaces to a VLAN in a batch in the system view.
● Access interface
# Add GE0/0/1-GE0/0/5 to VLAN 10 in a batch.
– Add interfaces to a VLAN in a batch using a port group.
<HUAWEI> system-view
[HUAWEI] port-group pg1
[HUAWEI-port-group-pg1] group-member gigabitethernet0/0/1 to gigabitethernet0/0/5
[HUAWEI-port-group-pg1] port link-type access
[HUAWEI-port-group-pg1] port default vlan 10
– Add interfaces to a VLAN in a batch in the VLAN view.
<HUAWEI> system-view
[HUAWEI] vlan 10
[HUAWEI-vlan10] port gigabitethernet 0/0/1 to 0/0/5

NOTE

Before performing this operation, configure interfaces to be added to a VLAN as

access interface.
● Trunk interface
# Add GE0/0/1-GE0/0/5 to VLAN 10 and VLAN 20 in a batch.
<HUAWEI> system-view
[HUAWEI] port-group pg1
[HUAWEI-port-group-pg1] group-member gigabitethernet0/0/1 to gigabitethernet0/0/5
[HUAWEI-port-group-pg1] port link-type trunk
[HUAWEI-port-group-pg1] port trunk allow-pass vlan 10 20
● Hybrid interface
# Add GE0/0/1-GE0/0/5 to VLAN 10 and VLAN 20 in a batch.
<HUAWEI> system-view
[HUAWEI] port-group pg1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 282

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

[HUAWEI-port-group-pg1] group-member gigabitethernet0/0/1 to gigabitethernet0/0/5

[HUAWEI-port-group-pg1] port link-type hybrid
[HUAWEI-port-group-pg1] port hybrid tagged vlan 10
[HUAWEI-port-group-pg1] port hybrid untagged vlan 20

5.11.3 How Do I Restore the Default VLAN Configuration of

an Interface?
The default VLAN configuration of an interface involves the default VLAN of the
interface and the VLAN that the interface joins. By default, the default VLAN
configuration of an interface is as follows:
● Access: The default VLAN is VLAN 1, and an access interface joins VLAN 1 in
untagged mode.
● Trunk: The default VLAN is VLAN 1, and a trunk interface joins VLAN 1 to
VLAN 4094 in tagged mode. That is, a trunk interface allows all VLANs.
● Hybrid: The default VLAN is VLAN 1, and a hybrid interface joins VLAN 1 in
untagged mode.
● Dot1q-tunnel: The default VLAN is VLAN 1, and a dot1q-tunnel interface joins
VLAN 1.
● Negotiation-auto or Negotiation-desirable: If the interface is negotiated as an
access interface, the default VLAN configuration of the interface is the same
as that of the access interface. If the interface is negotiated as a trunk
interface, the default VLAN is VLAN 1 and the interface joins VLANs 1 to 4094
in tagged mode. That is, the interface allows all VLANs.
Run the display this include-default | include link-type command in the
interface view to check the link type of the interface, and then perform one of the
following configurations to restore the default configuration of the interface.
● Restore the default VLAN configuration of an access or dot1q-tunnel
interface.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] undo port default vlan
● Restore the default VLAN configuration of a trunk interface.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] undo port trunk pvid vlan
[HUAWEI-GigabitEthernet0/0/1] undo port trunk allow-pass vlan all
[HUAWEI-GigabitEthernet0/0/1] port trunk allow-pass vlan 1
● Restore the default VLAN configuration of a hybrid interface.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] undo port hybrid pvid vlan
[HUAWEI-GigabitEthernet0/0/1] undo port hybrid vlan all
[HUAWEI-GigabitEthernet0/0/1] port hybrid untagged vlan 1
● Restore the default VLAN configuration of the Negotiation-auto or
Negotiation-desirable interface.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] undo port default vlan
[HUAWEI-GigabitEthernet0/0/1] undo port trunk pvid vlan
[HUAWEI-GigabitEthernet0/0/1] port trunk allow-pass vlan all

5.11.4 How Do I Change the Link Type of an Interface?

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 283

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

The link type of an interface can be access, trunk, hybrid, or dot1q-tunnel. The
methods used to change the link type of an interface in different versions are
different.
● In V200R005 and later versions, run the port link-type { access | trunk |
hybrid | dot1q-tunnel } command and enter y or n as prompted. When the
interface uses the default VLAN configuration, the system does not display
any message. The link type of the interface is changed directly.
– When you enter y and press Enter, the device automatically deletes the
non-default VLAN configuration of the interface and set the link type of
the interface to the specified one.
– When you enter n and press Enter, the device retains the current link
type and VLAN configuration of the interface.
Change the link type of the interface to hybrid.
<HUAWEI> system-view
[HUAWEI] interface GigabitEthernet0/0/1
[HUAWEI-GigabitEthernet0/0/1] port link-type hybrid
Warning: This command will delete VLANs on this port. Continue?[Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment...done.
● In earlier versions of V200R005, an interface joins VLAN 1 by default, and the
PVID of an interface is VLAN 1. You can run the port link-type { access |
trunk | hybrid | dot1q-tunnel } command to change the link type of the
interface.
– Change the link type of the interface to access.
<HUAWEI> system-view
[HUAWEI] interface GigabitEthernet0/0/1
[HUAWEI-GigabitEthernet0/0/1] port link-type access
[HUAWEI-GigabitEthernet0/0/1] port default vlan 10
– Change the link type of the interface to trunk.
<HUAWEI> system-view
[HUAWEI] interface GigabitEthernet0/0/1
[HUAWEI-GigabitEthernet0/0/1] port link-type trunk
[HUAWEI-GigabitEthernet0/0/1] port trunk pvid vlan 10
[HUAWEI-GigabitEthernet0/0/1] port trunk allow-pass vlan 2 10 20
– Change the link type of the interface to hybrid.
<HUAWEI> system-view
[HUAWEI] interface GigabitEthernet0/0/1
[HUAWEI-GigabitEthernet0/0/1] port link-type hybrid
[HUAWEI-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[HUAWEI-GigabitEthernet0/0/1] port hybrid untagged vlan 2 10
[HUAWEI-GigabitEthernet0/0/1] port hybrid tagged vlan 20
– Change the link type of the interface to dot1q-tunnel.
<HUAWEI> system-view
[HUAWEI] interface GigabitEthernet0/0/1
[HUAWEI-GigabitEthernet0/0/1] port link-type dot1q-tunnel
[HUAWEI-GigabitEthernet0/0/1] port default vlan 10
When you change the link type of an interface that does not use the default
VLAN configuration, the system displays the message "Error: Please renew the
default configurations."
You need to restore the default configuration of the interface, and then
change the link type of the interface.
– Restore the default VLAN configuration of an access or dot1q-tunnel
interface.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] undo port default vlan

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 284

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

– Restore the default VLAN configuration of a trunk interface.

<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] undo port trunk pvid vlan
[HUAWEI-GigabitEthernet0/0/1] undo port trunk allow-pass vlan all
[HUAWEI-GigabitEthernet0/0/1] port trunk allow-pass vlan 1

– Restore the default configuration of a hybrid interface.

<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] undo port hybrid pvid vlan
[HUAWEI-GigabitEthernet0/0/1] undo port hybrid vlan all
[HUAWEI-GigabitEthernet0/0/1] port hybrid untagged vlan 1

5.11.5 How Do I Rapidly Query the Link Types and Default

VLANs of All Interfaces?
Run the display port vlan command to check the link types and default VLANs of
all interfaces. Example:
● V200R005 and later versions
<HUAWEI> display port vlan
Port Link Type PVID Trunk VLAN List
-------------------------------------------------------------------------------
Eth-Trunk2 auto 1 1-4094
Eth-Trunk3 hybrid 1 -
Eth-Trunk5 auto 1 1-4094
Ethernet0/0/1 auto 1 1-4094
Ethernet0/0/2 auto 1 1-4094
Ethernet0/0/3 auto 1 1-4094
Ethernet0/0/4 auto 1 1-4094
Ethernet0/0/5 auto 1 1-4094
Ethernet0/0/6 auto 0 -
Ethernet0/0/7 auto 1 1-4094
Ethernet0/0/8 auto 0 -
Ethernet0/0/9 auto 0 -
Ethernet0/0/10 auto 1 1-4094
Ethernet0/0/11 auto 1 1-4094
Ethernet0/0/12 auto 0 -
Ethernet0/0/13 auto 1 1-4094
Ethernet0/0/14 auto 1 1-4094
Ethernet0/0/15 auto 1 1-4094
Ethernet0/0/16 auto 1 1-4094
Ethernet0/0/17 auto 1 1-4094
Ethernet0/0/18 auto 1 1-4094
Ethernet0/0/19 auto 1 1-4094
Ethernet0/0/20 auto 1 1-4094
Ethernet0/0/21 access 20 -
Ethernet0/0/22 auto 1 1-4094
Ethernet0/0/23 auto 1 1-4094
Ethernet0/0/24 access 4094 -
GigabitEthernet0/0/1 auto 0 -
GigabitEthernet0/0/2 auto 1 1-4094
GigabitEthernet0/0/3 auto 1 1-4094
GigabitEthernet0/0/4 auto 1 1-4094

● Earlier versions of V200R005 (excluding V200R005)

<HUAWEI> display port vlan
Port Link Type PVID Trunk VLAN List
-------------------------------------------------------------------------------
GigabitEthernet0/0/1 trunk 1 1
GigabitEthernet0/0/2 hybrid 1 -
GigabitEthernet0/0/3 hybrid 1 -
GigabitEthernet0/0/4 hybrid 1 -
GigabitEthernet0/0/5 access 10 -
GigabitEthernet0/0/6 hybrid 1 -

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 285

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

GigabitEthernet0/0/7 hybrid 1 -
GigabitEthernet0/0/8 hybrid 1 -
GigabitEthernet0/0/9 hybrid 1 -
GigabitEthernet0/0/10 hybrid 1 -
GigabitEthernet0/0/11 hybrid 1 -
GigabitEthernet0/0/12 hybrid 1 -
GigabitEthernet0/0/13 hybrid 1 -
GigabitEthernet0/0/15 hybrid 1 -
GigabitEthernet0/0/16 hybrid 1 -
GigabitEthernet0/0/17 hybrid 1 -
GigabitEthernet0/0/18 hybrid 1 -
GigabitEthernet0/0/19 hybrid 1 -
GigabitEthernet0/0/20 hybrid 1 -
GigabitEthernet0/0/21 hybrid 1 -
GigabitEthernet0/0/22 hybrid 1 -
GigabitEthernet0/0/23 hybrid 1 -
GigabitEthernet0/0/24 hybrid 1 -

The Link Type field indicates the link type of an interface, the PVID field indicates
the default VLAN, and the Trunk VLAN List field indicates the list of VLANs
allowed by a trunk interface. If the interface does not join any VLAN, the Trunk
VLAN List field is displayed as -. If the link type of an interface is negotiation-
desirable or negotiation-auto, the Trunk VLAN List field is displayed as 1 to
4094.

5.11.6 How Do I Delete a Single VLAN or VLANs in a Batch?

The device supports deletion of a single VLAN or VLANs in a batch.
● Delete VLAN 10.
<HUAWEI> system-view
[HUAWEI] undo vlan 10

● Delete VLAN 10 to VLAN 20 in a batch.

<HUAWEI> system-view
[HUAWEI] undo vlan batch 10 to 20

NOTE

In the earlier versions of V200R005, before deleting a VLAN where a VLANIF interface has
been configured, run the undo interface vlanif command to delete the VLANIF interface.

5.11.7 Can Multiple Network Segments Be Configured in a

VLAN?
Hosts on multiple network segments in the same VLAN can communicate after
the primary and secondary IP addresses for a VLANIF interface are configured.
As shown in Figure 5-37, Host_1 and Host_2 in VLAN 10 belong to 10.1.1.1/24
and 10.1.2.1/24 respectively. The two hosts need to communicate.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 286

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Figure 5-37 Communication for hosts on multiple network segments in the same
VLAN
Switch
VLANIF 10
Primary IP: 10.1.1.1/24
Secondary IP: 10.1.2.1/24

GE0/0/1 GE0/0/2

VLAN10

Host_1 Host_2
10.1.1.2/24 10.1.2.2/24

Configure the Switch.

[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type access
[Switch-GigabitEthernet0/0/1] port default vlan 10
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type access
[Switch-GigabitEthernet0/0/2] port default vlan 10
[Switch-GigabitEthernet0/0/2] quit
[Switch] interface vlanif 10
[Switch-Vlanif10] ip address 10.1.1.1 24
[Switch-Vlanif10] ip address 10.1.2.1 24 sub
[Switch-Vlanif10] quit

After the preceding configurations are performed, Host_1 and Host_2 can
communicate.

5.11.8 How Is the Inter-VLAN Communication Fault Rectified?

The possible causes for the fault of inter-VLAN communication through the
VLANIF interface are as follows:
1. The VLANIF interface is not Up.
Run the display interface vlanif vlan-id to check the current state and Line
protocol current state fields.
<HUAWEI> display interface vlanif 2
Vlanif2 current state : UP
Line protocol current state : UP
Last line protocol up time : 2014-12-26 11:09:08 UTC-08:00
Description:
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 10.1.1.2/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 4c1f-cc41-3a64
Current system time: 2014-12-26 11:09:12-08:00
Input bandwidth utilization : --
Output bandwidth utilization : --

If the value of any one of the two fields is DOWN, the VLANIF interface is
Down. Rectify this fault according to Table 5-11.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 287

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Table 5-11 Common causes and solutions to the VLANIF interface Down
event
Common Cause Solution

The VLAN corresponding to the Run the vlan vlan-id command to

VLANIF interface is not created. create a VLAN corresponding to the
VLANIF interface.

The interface is not added to the Run the following commands as

VLAN. required.
NOTE ● Run the port default vlan vlan-id
● The port trunk pvid vlan vlan-id command in the interface view to
command only configures the PVID add an access interface to a
on a trunk interface, but does not VLAN.
add a trunk interface to a VLAN.
● Run the port trunk allow-pass
● The port hybrid pvid vlan vlan-id
command only configures the PVID vlan { { vlan-id1 [ to vlan-
on a hybrid interface, but does not id2 ] }&<1-10> | all } command
add a hybrid interface to a VLAN. in the interface view to add a
trunk interface to a VLAN.
● You can add a hybrid interface to
a VLAN in tagged or untagged
mode. Run the port hybrid
tagged vlan { { vlan-id1 [ to
vlan-id2 ] }&<1-10> | all }
command to add a hybrid
interface to a VLAN in tagged
mode, or run the port hybrid
untagged vlan { { vlan-id1 [ to
vlan-id2 ] }&<1-10> | all }
command to add a hybrid
interface to a VLAN in untagged
mode.

The physical status of all interfaces Rectify this fault. A VLANIF interface
added to the VLAN is Down. goes Up as long as one interface in
the VLAN is Up.

No IP address is assigned to the Run the ip address ip-address

VLANIF interface. { mask | mask-length } command to
configure an IP address for the
VLANIF interface.

The VLANIF interface is shut down. Run the undo shutdown command
That is, the value of current state is in the VLANIF interface view to start
Administratively DOWN. the VLANIF interface.

2. No corresponding routing entry is generated.

When inter-VLAN communication is implemented across Layer 3 switches, the
routing entries must exist on the switches. As shown in Figure 5-38, the
routing entry with destination IP address 10.2.1.0/24 and next hop address
10.1.4.2 must exist on Switch1, and the routing entry with destination IP
address 10.1.1.0/24 and next hop address 10.1.4.1 must exist on Switch2.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 288

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

Figure 5-38 Inter-VLAN communication across switches

VLANIF 2 VLANIF 3
IP address：10.1.1.1 Switch_1 Switch_2 IP address：10.1.2.1
VLANIF 4 VLAN4 VLANIF 4
IP address：10.1.4.1 IP address：10.1.4.2
VLAN2 VLAN3

PC1 PC2
IP：10.1.1.2 IP：10.1.2.2
网关：10.1.1.1 网关：10.1.2.1

If routing entries do not exist, run the ip route-static command to configure

a static route.
– Switch1: ip route-static 10.1.2.0 255.255.255.0 10.1.4.2
– Switch2: ip route-static 10.1.1.0 255.255.255.0 10.1.4.1

5.11.9 Do VLANs Need to Be Assigned on the Intermediate

Device That Transparently Transmits Packets?
Figure 5-39 Layer 2 device networking
Switch1 Switch Switch2
GE0/0/2 GE0/0/3

GE0/0/1 GE0/0/1

As shown in Figure 5-39, the switch has been configured to transparently transmit
Layer 2 packets. Do VLANs need to be assigned?
● If Switch1 and Switch2 where VLANs are not assigned use default VLAN
configuration, VLANs do not need to be assigned on the switch.
● If VLANs are assigned on Switch1 and Switch2, VLANs need to be assigned on
the switch.
For example, GE0/0/1 interfaces connecting Switch1 and Switch2 to the
switch transparently transmit packets from VLAN 10 and VLAN 20, so GE0/0/2
and GE0/0/3 on the switch need be configured to transparently transmit
packets from VLAN 10 and VLAN 20. Perform the following configurations.
[HUAWEI] vlan batch 10 20
[HUAWEI] interface gigabitethernet 0/0/2
[HUAWEI-GigabitEthernet0/0/2] port link-type trunk
[HUAWEI-GigabitEthernet0/0/2] port trunk allow-pass vlan 10 20
[HUAWEI-GigabitEthernet0/0/2] quit
[HUAWEI] interface gigabitethernet 0/0/3
[HUAWEI-GigabitEthernet0/0/3] port link-type trunk
[HUAWEI-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 20

5.11.10 Why Are MAC-VLAN Entries Invalid?

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 289

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration

MAC-VLAN entries are only valid for untagged packets. If MAC-VLAN entries are
invalid, check whether incoming packets carry VLAN tags.

5.11.11 Can the Switch Collect Statistics on Only Traffic

Destined for the VLANIF Interface Enabled with Traffic
Statistics?

Context
When the VLANIF interface is enabled with traffic statistics, the switch counts
Layer 3 traffic in the VLAN corresponding to the VLANIF interface. That is,
statistics on all traffic passing the VLANIF interface are collected.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 290

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

6 VLAN Aggregation Configuration

About This Chapter

This chapter describes how to configure VLAN aggregation. VLAN aggregation

allows for communication between hosts on the same network segment that are
in different VLANs. A network can conserve IP addresses with VLAN aggregation
technology.

6.1 Overview of VLAN Aggregation

6.2 Understanding VLAN Aggregation
6.3 Application Scenarios for VLAN Aggregation
6.4 Licensing Requirements and Limitations for VLAN Aggregation
6.5 Default Settings for VLAN Aggregation
6.6 Configuring VLAN Aggregation

6.7 Example for Configuring VLAN Aggregation

6.8 FAQ About VLAN Aggregation

6.1 Overview of VLAN Aggregation

Definition
VLAN aggregation, also called super-VLAN, partitions a broadcast domain into
multiple VLANs (sub-VLANs) on a physical network and aggregates the sub-
VLANs into a single logical VLAN (super-VLAN). The sub-VLANs use the same IP
subnet and default gateway address, so the number of IP addresses used is
reduced.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 291

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

Purpose
VLAN technology is commonly used on packet switching networks because it can
flexibly control broadcast domains and is easy to deploy. Usually, a Layer 3 switch
uses a Layer 3 logical interface in each VLAN to allow hosts in different broadcast
domains to communicate. This wastes IP addresses. On a subnet corresponding to
a VLAN, the subnet ID, directed broadcast address, and subnet default gateway
address all cannot be used as IP addresses of hosts in the VLAN. In addition, IP
addresses available in a subnet may exceed the number of hosts. These excess IP
addresses cannot be used by other VLANs.

In Figure 6-1, VLAN 2 requires 10 host addresses. The subnet 10.1.1.0/28 with a
28-bit mask is assigned to VLAN 2, where 10.1.1.0 is the subnet ID, 10.1.1.15 is the
directed broadcast address, and 10.1.1.1 is the default gateway address. Hosts
cannot use these three addresses, but the other 13 addresses ranging from
10.1.1.2 to 10.1.1.14 are available to them.

At least three IP addresses are wasted for VLAN 2, and at least nine IP addresses
are wasted for three VLANs. Although VLAN 2 requires only 10 IP addresses, the
remaining 3 IP addresses cannot be used by other VLANs and are wasted. If more
VLANs are added, the problem is exacerbated.

Figure 6-1 Networking of a common VLAN

L3 Switch
VLANIF 2:10.1.1.1 VLANIF 4:10.1.1.25

VLANIF 3:10.1.1.17

L2 Switch L2 Switch L2 Switch

VLAN 2 VLAN 3 VLAN 4

10.1.1.0/28 10.1.1.16/29 10.1.1.24/30

VLAN aggregation is used to solve the preceding problem. VLAN aggregation

maps each sub-VLAN to a broadcast domain, associates a super-VLAN with
multiple sub-VLANs, and then assigns just one IP subnet to the super-VLAN. This
ensures that all sub-VLANs use the IP address of the associated super-VLAN as the
gateway IP address to implement Layer 3 connectivity.

Sub-VLANs share one gateway address to reduce the number of subnet IDs,
subnet default gateway addresses, and directed broadcast IP addresses used is
reduced. The switch assigns IP addresses to hosts in sub-VLANs according to the
number of hosts. This ensures that each sub-VLAN acts as an independent
broadcast domain, conserves IP addresses, and implements flexible addressing.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 292

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

6.2 Understanding VLAN Aggregation

VLAN aggregation defines the super-VLAN and sub-VLAN. A sub-VLAN is an
independent broadcast domain that contains only physical interfaces. A super-
VLAN contains no physical interface and is used for creating a Layer 3 VLANIF
interface. By mapping a super-VLAN to sub-VLANs, VLAN aggregation associates
the Layer 3 VLANIF interface with physical interfaces so that all sub-VLANs share
one gateway to communicate with an external network. In addition, proxy ARP
can be used to implement Layer 3 connectivity between sub-VLANs.

Implementation
VLAN aggregation defines the super-VLAN and sub-VLAN. A sub-VLAN is an
independent broadcast domain that contains only physical interfaces. A super-
VLAN contains no physical interface and is used for creating a Layer 3 VLANIF
interface. By mapping a super-VLAN to sub-VLANs, VLAN aggregation associates
the Layer 3 VLANIF interface with physical interfaces so that all sub-VLANs share
one gateway to communicate with an external network. In addition, proxy ARP
can be used to implement Layer 3 connectivity between sub-VLANs. The super-
VLAN and sub-VLAN are different from common VLANs that contain a Layer 3
logical interface and multiple physical interfaces.
● Sub-VLAN: contains only physical interfaces, and is used to isolate broadcast
domains. A sub-VLAN cannot be used to create a Layer 3 VLANIF interface.
Hosts in each sub-VLAN use the VLANIF interface of the associated super-
VLAN to communicate with external devices over Layer 3.
● Super-VLAN: is only used for creating a Layer 3 VLANIF interface and contains
no physical interfaces. Its IP address is used as the subnet gateway. A VLANIF
interface in a super-VLAN is Up as long as a physical interface in any
associated sub-VLAN is Up. This is unlike a VLANIF interface, which is Up as
long as a physical interface is Up.
A super-VLAN can contain one or more sub-VLANs. A sub-VLAN does not occupy
an independent subnet. In a super-VLAN, the IP address of a host is the same
subnet segment as the super-VLAN regardless of which sub-VLAN belongs to.
Therefore, sub-VLANs share the same gateway.
Sub-VLANs share one gateway address to reduce the number of subnet IDs,
subnet default gateway addresses, and directed broadcast IP addresses used. This
allows different broadcast domains to use the same subnet address, allows for
flexible addressing, and conserves IP addresses.
6.1 Overview of VLAN Aggregation shows an example network topology. VLAN
10 is configured as the super-VLAN and assigned the subnet address 10.1.1.0/24.
VLAN 2, VLAN 3, and VLAN 4 are configured as sub-VLANs of super-VLAN 10.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 293

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

Figure 6-2 Networking of VLAN aggregation

L3 Switch
Super-VLAN10
VLANIF10：10.1.1.1/24

L2 Switch L2 Switch L2 Switch

Sub-VLAN 2 Sub-VLAN 3 Sub-VLAN 4

10.1.1.2-10.1.1.11 10.1.1.12-10.1.1.16 10.1.1.17
Gateway: Gateway: Gateway:
10.1.1.1/24 10.1.1.1/24 10.1.1.1/24

Sub-VLAN 2, sub-VLAN 3, and sub-VLAN 4 share a subnet (10.1.1.1/24). The

subnet ID (10.1.1.0), default gateway address (10.1.1.1), and directed broadcast
address of the subnet (10.1.1.255) cannot be used as host IP addresses. VLAN
aggregation allows the switch to assign IP addresses to hosts in sub-VLANs
according to the actual number of hosts. For example, when sub-VLAN 2 requires
10 addresses, 10.1.1.2-10.1.1.11 are assigned to sub-VLAN 2.

Communication Between Sub-VLANs

VLAN aggregation allows different sub-VLANs to use IP addresses on the same
network segment, but cannot implement Layer 3 forwarding between sub-VLANs.
In a super-VLAN, hosts in all sub-VLANs use IP addresses on the same network
segment and share a gateway address. However, hosts in different sub-VLANs can
use only Layer 2 forwarding and cannot communicate with each other over Layer
3.
To address this issue, configure proxy ARP.

NOTE

For details about proxy ARP, see Proxy ARP in "ARP Configuration" in the S1720, S2700,
S5700, and S6720 V200R011C10 Configuration Guide - IP Services.

Figure 6-2 shows an example of using proxy ARP to implement Layer 3

communication between sub-VLANs. To allow Host_1 in sub-VLAN 2 to
communicate with Host_2 in sub-VLAN 3, enable proxy ARP on the VLANIF
interface of super-VLAN 10.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 294

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

Figure 6-3 Using proxy ARP to implement Layer 3 communication between sub-
VLANs
Super-VLAN10
L3 Switch VLANIF10：10.1.1.1/24
Proxy ARP

L2 Switch L2 Switch L2 Switch

Host_1 Host_2 Host_3

Sub-VLAN2 Sub-VLAN3 Sub-VLAN4
10.1.1.2/24 10.1.1.12/24 10.1.1.17/24

Host_1 in sub-VLAN 2 communicates with Host_2 in sub-VLAN 3 as follows

(assume that the ARP table of Host_1 in sub-VLAN 2 has no entry for Host_2 in
sub-VLAN 3):
1. Host_1 compares the IP address of Host_2 in sub-VLAN 3 with its IP address,
and finds that both IP addresses are on the same network segment
10.1.1.0/24. However, the ARP table of Host_1 has no entry for Host_2 in sub-
VLAN 3.
2. Host_1 broadcasts an ARP Request packet with the destination IP address of
10.1.1.12 to request the MAC address of Host_2.
3. The Layer 3 switch (gateway) is enabled with proxy ARP between sub-VLANs.
After receiving the ARP Request packet from Host_1 in sub-VLAN 2, the Layer
3 switch searches its routing table for the destination IP address in the ARP
Request packet. The Layer 3 switch finds a matched route in its routing table
where the next-hop address is the directly connected network segment
(10.1.1.0/24 of VLANIF 10). The Layer 3 switch then broadcasts an ARP
Request packet to all sub-VLANs in super-VLAN 10, requesting the MAC
address of Host_2.
4. After receiving the ARP Request packet, Host_2 sends an ARP Reply packet.
5. After receiving the ARP Reply packet, the Layer 3 switch encapsulates the ARP
Reply packet with its MAC address and sends it to Host_1.
6. Subsequent packets sent by Host_1 to Host_2 are first sent to the gateway.
The gateway then forwards the packets across Layer 3.
The packets sent by Host_2 to Host_1 in sub-VLAN 2are processed in the same
way as the packets sent by Host_1 to Host_2.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 295

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

Layer 3 Communication Between Hosts in Sub-VLANs and on an External

Network
In Figure 6-4, user hosts and servers are on different network segments, sub-
VLANs 2 to 4 and VLAN 10 are configured on Switch_1, and VLAN 10 and VLAN
20 are configured on Switch_2.

Figure 6-4 Layer 3 communication between hosts in sub-VLANs and on an

external network
Switch_2 VLANIF20
10.1.2.1/24
VLANIF10
10.1.10.2/24 Server
10.1.2.2/24
VLANIF10
10.1.10.1/24
Super-VLAN4
Switch_1 VLANIF4
10.1.1.1/24

Host_1 Host_2
Sub-VLAN2 Sub-VLAN3
10.1.1.2/24 10.1.1.12/24

When Host_1 in sub-VLAN 2 wants to communicate with the server connected to

Switch_2, the packet forwarding process is as follows (assume that a route to
10.1.2.0/24 has been configured on Switch_1, a route to 10.1.1.0/24 has been
configured on Switch_2, and no Layer 3 forwarding entry exists on either switch):
1. Host_1 compares the server's IP address (10.1.2.2) with its network segment
10.1.1.0/24 and finds that they are on different network segments. Host_1
then sends an ARP Request packet to its gateway to request the gateway's
MAC address. The ARP Request packet carries an all-F destination MAC
address and destination IP address 10.1.1.1.
2. After receiving the ARP Request packet, Switch_1 searches its ARP table for a
mapping between the super-VLAN and sub-VLANs. Switch_1 then sends an
ARP Reply packet with the MAC address of VLANIF 4 (corresponding to super-
VLAN 4) from an interface of sub-VLAN 2 to Host_1.
3. After learning the gateway's MAC address, Host_1 sends a packet with the
MAC address of VLANIF 4 (corresponding to super-VLAN 4) as the destination
MAC address and a destination IP address of 10.1.2.2.
4. After receiving the packet from Host_1, Switch_1 determines that the packet
should be forwarded at Layer 3 according to the mapping between the super-
VLAN and sub-VLANs and the destination MAC address. Switch_1 searches its
Layer 3 forwarding table for a matching entry, but no entry is found. Switch_1
sends the packet to the CPU, and the CPU searches its routing table and
obtains the next-hop address of 10.1.10.2 and the outbound interface of

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 296

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

VLANIF 10. Switch_1 determines the outbound interface according to the ARP
entry and MAC address entry, and sends the packet to Switch_2.
5. Switch_2 sends the packet to the server through Layer 3 forwarding.
After receiving the packet from Host_1, the server sends a response packet with
the destination IP address of 10.1.1.2 and the MAC address of VLANIF 20 on
Switch_2 as the destination MAC address. Then the following process occurs:
1. The response packet reaches Switch_1 through Layer 3 forwarding. When the
response packet reaches Switch_1, the destination MAC address is changed to
the MAC address of VLANIF 10 on Switch_1.
2. After receiving the packet, Switch_1 determines that the packet should be
forwarded at Layer 3 according to the destination MAC address. Switch_1
searches its Layer 3 forwarding table for a matching entry, but no entry is
found. Switch_1 sends the packet to the CPU, and the CPU searches its routing
table and obtains the next-hop address of 10.1.1.2 and the outbound interface
of VLANIF 4. Switch_1 searches the mapping between the super-VLAN and
sub-VLANs and determines that the packet should be sent to Host_1 from an
interface in sub-VLAN 2 according to the ARP entry and MAC address entry.
3. The response packet reaches Host_1.

Layer 2 Communication Between Hosts in Sub-VLANs and Other Devices

Figure 6-5 shows an example network for Layer 2 communication between hosts
in sub-VLANs and other devices. In this example:
● Sub-VLAN 2, sub-VLAN 3, and super-VLAN 4 are configured on Switch_1.
● IF_1 and IF_2 on Switch_1 are access interfaces.
● IF_3 is a trunk interface that allows both VLAN 2 and VLAN 3.
● The interface of Switch_2 connected to Switch_1 is a trunk interface and
allows both VLAN 2 and VLAN 3.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 297

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

Figure 6-5 Layer 2 communication between hosts in sub-VLANs and on an

external network

Internet

Switch_2

Trunk IF_1
Allowed VLAN=2,3
IF_3
Super-VLAN4
Switch_1 VLANIF4
10.1.1.1/24
IF_1 IF_2

Host_1 Host_2
Sub-VLAN2 Sub-VLAN3
10.1.1.2/24 10.1.1.12/24

A tag with VLAN 2 is added to packets sent from Host_1 to Switch_1. Although
sub-VLAN 2 belongs to super-VLAN 4, Switch_1 does not change the tag with
VLAN 2 to a tag with VLAN 4 in packets. Therefore, packets sent from IF_3 of
Switch_1 still carry VLAN 2.

Switch_1 does not send packets from VLAN 4. When another device sends packets
from VLAN 4 to Switch_1, Switch_1 discards the packets because there is no
physical interface corresponding to super-VLAN 4 on Switch_1. IF_3 on Switch_1
does not allow packets from super-VLAN 4. For other devices, only sub-VLAN 2
and sub-VLAN 3 are valid.

The communication between Switch_1 configured with VLAN aggregation and

other devices is similar to normal Layer 2 communication without super-VLAN.

6.3 Application Scenarios for VLAN Aggregation

In Figure 6-6, a company has multiple departments using different switches. To
improve service security, the company adds different departments to different
VLANs, but IP addresses of the company are limited.

The requirements are as follows:

● All departments want to access the Internet.

● Department 1 and department 2 need to communicate with each other.
● Department 3 and department 4 need to communicate with each other.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 298

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

Figure 6-6 Networking of VLAN aggregation

Internet

Switch
Proxy ARP

L2 switch L2 switch L2 switch L2 switch

Super VLAN 2 Super VLAN 3

Sub VLAN 21 Sub VLAN 22 Sub VLAN 31 Sub VLAN 32

VLAN aggregation can be deployed to meet the preceding requirements. Deploy

super-VLAN 2 and super-VLAN 3 on the switch, and add sub-VLAN 21 and sub-
VLAN 22 to super-VLAN 2 and sub-VLAN 31 and sub-VLAN 32 to super-VLAN 3.
After IP addresses are assigned to super-VLAN 2 and super-VLAN 3 on the switch,
users in department 1 and department 2 can access the Internet using the IP
address of super-VLAN 2, and users in department 3 and department 4 can access
the Internet using the IP address of super-VLAN 3.

Therefore, VLAN aggregation allows all departments to access the Internet access
and conserves IP addresses.

To allow communication between department 1 and 2 and departments 3 and 4,

configure proxy ARP on the switch in super-VLAN 2 and super-VLAN 3.

6.4 Licensing Requirements and Limitations for VLAN

Aggregation

Involved Network Elements

Other network elements are not required.

Licensing Requirements
VLAN aggregation, also called super-VLAN, is a basic feature of a switch and is not
under license control.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 299

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

Version Requirements

Table 6-1 Products and versions supporting VLAN aggregation

Product Product Software Version
Model

S1700 S1720GFR Not supported

S1720GW, Not supported

S1720GWR

S1720GW- Not supported

E,
S1720GWR
-E

S1720X, Not supported

S1720X-E

Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.

S2700 S2700SI Not supported

S2700EI V100R005C01, V100R006(C00&C01&C03&C05)

S2710SI Not supported

S2720EI Not supported

S2750EI Not supported

S3700 S3700SI V100R005C01, V100R006(C00&C01&C03&C05)

S3700EI V100R005C01, V100R006(C00&C01&C03&C05)

S3700HI V100R006C01, V200R001C00

S5700 S5700LI Not supported

S5700S-LI Not supported

S5710-C-LI Not supported

S5710-X-LI Not supported

S5700EI V100R005C01, V100R006(C00&C01),

V200R001(C00&C01), V200R002C00, V200R003C00,
V200R005(C00&C01&C02&C03)

S5700SI V100R005C01, V100R006C00, V200R001C00,

V200R002C00, V200R003C00, V200R005C00

S5710EI V200R001C00, V200R002C00, V200R003C00,

V200R005(C00&C02)

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 300

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

Product Product Software Version

Model

S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10

S5720LI, Not supported

S5720S-LI

S5720SI, V200R008C00, V200R009C00, V200R010C00,

S5720S-SI V200R011C00, V200R011C10

S5700HI V100R006C01, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00SPC500&C01&C02)

S5710HI V200R003C00, V200R005(C00&C02&C03)

S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5730SI V200R011C10

S5730S-EI V200R011C10

S6700 S6700EI V100R006C00, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00&C01&C02)

S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, Not supported

S6720S-LI

S6720SI, V200R011C00, V200R011C10

S6720S-SI

NOTE
To know details about software mappings, see Hardware Query Tool.

Feature Limitations
● VLAN 1 cannot be configured as a super-VLAN.
● A physical interface cannot be added to a VLAN configured as a super-VLAN.
● A VLAN that has been configured as a guest VLAN cannot be configured as a
super-VLAN.
● A traffic policy takes effect in a super-VLAN only after the traffic policy is
configured in all sub-VLANs of the super-VLAN.
● When the dot1q termination vid or qinq termination pe-vid ce-vid
command is used to configure a VLAN for the VLAN termination sub-
interface, the VLAN cannot be configured as the super-VLA or sub-VLAN.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 301

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

● An IP address must have been assigned to the VLANIF interface corresponding

to the super-VLAN. Otherwise, proxy ARP cannot take effect.
● In V200R010C00 and earlier versions, only IPv4 addresses can be configured
for VLANIF interfaces of super-VLANs. In versions later than V200R010C00,
both IPv4 and IPv6 addresses can be configured for VLANIF interfaces of
super-VLANs.

6.5 Default Settings for VLAN Aggregation

Table 6-2 Default setting for VLAN aggregation

Parameter Default Setting

Super-VLAN Not configured

Proxy ARP on a VLANIF interface Disabled

corresponding to a super-VLAN

6.6 Configuring VLAN Aggregation

6.6.1 Creating a Sub-VLAN

Context
In VLAN aggregation, physical interfaces can be added to a sub-VLAN but a
VLANIF interface cannot be created for the sub-VLAN. All the interfaces in a sub-
VLAN use the same IP address of the VLANIF interface associated with the super-
VLAN. VLAN aggregation reduces subnet IDs, subnet default gateway addresses,
and directed broadcast IP addresses, and allows the switch to assign IP addresses
to hosts in sub-VLANs according to the number of hosts.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run vlan vlan-id
A VLAN is created and the VLAN view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 302

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

NOTE

If a device is configured with multiple VLANs, configuring names for these VLANs is
recommended:
Run the name vlan-name command in the VLAN view. After a VLAN name is configured,
you can run the vlan vlan-name vlan-name command in the system view to enter the
corresponding VLAN view.
The vlan configuration command completes the VLAN configuration when the VLAN is not
created.

Step 3 Run interface interface-type interface-number

The interface view is displayed.

Step 4 Configure the link type of the interface.

Run either of the following commands as needed:

● Set the link type of the interface to Access.

a. Run port link-type access
The link type of the interface is set to Access.
b. Run port default vlan vlan-id
The interface is added to the sub-VLAN.
● Set the link type of the interface to Trunk.
a. Run port link-type trunk
The link type of the interface is set to Trunk.
b. Run port trunk allow-pass vlan vlan-id
The interface is added to the sub-VLAN.
● Set the link type of the interface to Hybrid.
a. Run port link-type hybrid
The link type of the interface is set to Hybrid.
b. Run port hybrid tagged vlan vlan-id or port hybrid untagged vlan
vlan-id
The interface is added to the sub-VLAN.

Step 5 Run quit

Return to the system view.

----End

6.6.2 Creating a Super-VLAN

Context
A super-VLAN consists of several sub-VLANs. No physical interface can be added
to a super-VLAN, but a VLANIF interface can be configured for the super-VLAN
and an IP address can be assigned to the VLANIF interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 303

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run vlan vlan-id
A VLAN is created and the VLAN view is displayed.
The VLAN ID of a super-VLAN must be different from each sub-VLAN ID.
Step 3 Run aggregate-vlan
A super-VLAN is created.
A super-VLAN cannot contain any physical interfaces.
VLAN 1 cannot be configured as a super-VLAN.
Step 4 Run access-vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>
A sub-VLAN is added to a super-VLAN.
Before adding any sub-VLANs to a super-VLAN, ensure that they are not
configured with VLANIF interfaces.

----End

6.6.3 Configuring a VLANIF Interface Corresponding to a

Super-VLAN

Context
The IP address of the VLANIF interface associated with a super-VLAN must contain
the subnets that users in sub-VLANs belong to. All the sub-VLANs will use that IP
address to conserve IP addresses.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface vlanif vlan-id
A VLANIF interface is created for a super-VLAN, and the view of the VLANIF
interface is displayed.
Step 3 Run either of the following commands as needed:
● Run ip address ip-address { mask | mask-length }
An IPv4 address is assigned to the VLANIF interface.
● Run ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length
An IPv6 address is assigned to the VLANIF interface.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 304

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

6.6.4 (Optional) Enabling Proxy ARP on the VLANIF Interface

Corresponding to a Super-VLAN

Context
VLAN aggregation allows sub-VLANs to use the same subnet address, but prevents
PCs in different sub-VLANs from communicating with each other over Layer 3.
PCs in common VLANs can communicate with each other over Layer 3 using
different gateway addresses. VLAN aggregation enables PCs in a super-VLAN to
use the same subnet address and gateway address. Because PCs in different sub-
VLANs belong to one subnet, they can only communicate with PCs in their sub-
VLAN. PCs in different sub-VLANs cannot communicate with each other.
Proxy ARP is required to enable PCs in a sub-VLAN to communicate with PCs in
another sub-VLAN or PCs on other networks. After a super-VLAN and its VLANIF
interface are created, proxy ARP must be enabled to allow the super-VLAN to
forward or process ARP Request and Reply packets.

NOTE

After proxy ARP is enabled on the VLANIF interface corresponding to a super-VLAN, PCs in
all sub-VLANs of the super-VLAN can communicate. If PCs in some sub-VLANs of the super-
VLAN need to communicate, see 6.8.1 How Do I Implement Communication Between
Specific Sub-VLANs in a Super-VLAN.

VLAN aggregation simplifies configurations for networks where many VLANs are
configured and PCs in different VLANs need to communicate with each other.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface vlanif vlan-id
The view of the VLANIF interface corresponding to the super-VLAN is displayed.
Step 3 Run arp-proxy inter-sub-vlan-proxy enable
Proxy ARP is enabled between sub-VLANs.

----End

6.6.5 Verifying the VLAN Aggregation Configuration

Procedure
● Run the display vlan [ { vlan-id | vlan-name vlan-name } [ verbose ] ]
command to check information about all VLANs or a specified VLAN.
● Run the display interface vlanif [ vlan-id ] command to check the VLANIF
interface configuration.
● Run the display sub-vlan [ vlan-id ] command to check the sub-VLAN
configuration.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 305

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

● Run the display super-vlan [ vlan-id ] command to check the super-VLAN

configuration.

----End

6.7 Example for Configuring VLAN Aggregation

Networking Requirements
In Figure 6-7, a company has many departments on the same network segment.
To improve service security, the company adds different departments to different
VLANs (VLAN 2 and VLAN 3). Each department that wants to access the Internet
and PCs in different departments need to communicate with each other.

Figure 6-7 Networking of VLAN aggregation

Internet

Router

GE0/0/1
VLAN10
SwitchB Super-VLAN 4
GE0/0/5
GE0/0/5
SwitchA
GE0/0/1 GE0/0/4
GE0/0/2 GE0/0/3

VLAN2 VLAN3

Configuration Roadmap
Configure VLAN aggregation on SwitchB to add VLANs of different departments
to a super-VLAN so that PCs in different departments can access the Internet
using the super-VLAN. Deploy proxy ARP in the super-VLAN so that PCs in
different departments can communicate with each other. The configuration
roadmap is as follows:

1. Configure VLANs and interfaces on SwitchA and SwitchB, add PCs from
different departments to different VLANs, and configure interfaces to
transparently transmit packets from VLANs to SwitchB.
2. Configure a super-VLAN, a VLANIF interface, and a static route on SwitchB so
that PCs in different departments can access the Internet.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 306

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

3. Configure proxy ARP in the super-VLAN on SwitchB so that PCs in different

departments can communicate at Layer 3.

Procedure
Step 1 Configure VLANs and interfaces on SwitchA and SwitchB, add PCs from different
departments to different VLANs, and configure interfaces to transparently transmit
packets from VLANs to SwitchB.
1. Configure SwitchA.
# Configure GE0/0/1 as an access interface. The configurations of GE0/0/2,
GE0/0/3, and GE0/0/4 are similar to the configuration of GE0/0/1, and are not
mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type access
[SwitchA-GigabitEthernet0/0/1] quit

# Create VLAN 2 and add GE0/0/1 and GE0/0/2 to VLAN 2.

[SwitchA] vlan 2
[SwitchA-vlan2] port gigabitethernet 0/0/1 0/0/2
[SwitchA-vlan2] quit

# Create VLAN 3 and add GE0/0/3 and GE0/0/4 to VLAN 3.

[SwitchA] vlan 3
[SwitchA-vlan3] port gigabitethernet 0/0/3 0/0/4
[SwitchA-vlan3] quit

# Configure the interface of SwitchA connected to SwitchB to transparently

transmit packets from VLAN 2 and VLAN 3 to SwitchB.
[SwitchA] interface gigabitethernet 0/0/5
[SwitchA-GigabitEthernet0/0/5] port link-type trunk
[SwitchA-GigabitEthernet0/0/5] port trunk allow-pass vlan 2 3
[SwitchA-GigabitEthernet0/0/5] quit

2. Configure SwitchB.
# Create VLAN 2, VLAN 3, VLAN 4, and VLAN 10 and configure the interface
of SwitchB connected to SwitchA to transparently transmit packets from VLAN
2 and VLAN 3 to SwitchB.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 2 3 4 10
[SwitchB] interface gigabitethernet 0/0/5
[SwitchB-GigabitEthernet0/0/5] port link-type trunk
[SwitchB-GigabitEthernet0/0/5] port trunk allow-pass vlan 2 3
[SwitchB-GigabitEthernet0/0/5] quit

Step 2 Configure a super-VLAN and a VLANIF interface corresponding to the super-VLAN.

# Configure super-VLAN 4 on SwitchB and add VLAN 2 and VLAN 3 to super-VLAN

4 as sub-VLANs.
[SwitchB] vlan 4
[SwitchB-vlan4] aggregate-vlan
[SwitchB-vlan4] access-vlan 2 to 3
[SwitchB-vlan4] quit

# Create and configure VLANIF 4 so that PCs in different departments can access
the Internet using super-VLAN 4.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 307

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

[SwitchB] interface vlanif 4

[SwitchB-Vlanif4] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vlanif4] quit

Step 3 Configure a static route.

# Configure the uplink interface GE0/0/1 on SwitchB to transparently transmit
packets from the VLAN that SwitchB and router belong to.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type trunk
[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[SwitchB-GigabitEthernet0/0/1] quit

# Create and configure VLANIF 10 and specify the IP address of VLANIF 10 as the
IP address for connecting SwitchB and the router (egress gateway).
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ip address 10.10.1.1 255.255.255.0
[SwitchB-Vlanif10] quit

# Configure a static route to the router on SwitchB so that PCs can access the
Internet.
[SwitchB] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2

NOTE

Configure the router interface connected to SwitchB and assign the IP address of 10.10.1.2
to the router interface. See the router configuration manual.

Step 4 Assign IP addresses to PCs.

Configure an IP address for each PC and make the PCs reside on the same
network segment as VLAN 4.
After the configuration is complete, PCs in each department can access the
Internet, and PCs in VLAN 2 and VLAN 3 cannot ping each other.
Step 5 Configure proxy ARP.
# Configure proxy ARP in super-VLAN 4 on SwitchB so that PCs in different
departments can communicate at Layer 3.
[SwitchB] interface vlanif 4
[SwitchB-Vlanif4] arp-proxy inter-sub-vlan-proxy enable
[SwitchB-Vlanif4] quit

Step 6 Verify the configuration.

After the configuration is complete, PCs in VLAN 2 and VLAN 3 can ping each
other and access the Internet.

----End

Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 2 to 3
#
interface GigabitEthernet0/0/1
port link-type access

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 308

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

port default vlan 2

#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 3
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 3
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
return

● SwitchB configuration file

#
sysname SwitchB
#
vlan batch 2 to 4 10
#
vlan 4
aggregate-vlan
access-vlan 2 to 3
#
interface Vlanif4
ip address 10.1.1.1 255.255.255.0
arp-proxy inter-sub-vlan-proxy enable
#
interface Vlanif10
ip address 10.10.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
ip route-static 0.0.0.0 0.0.0.0 10.10.1.2
#
return

6.8 FAQ About VLAN Aggregation

6.8.1 How Do I Implement Communication Between Specific
Sub-VLANs in a Super-VLAN
When VLAN aggregation is configured, hosts in a super-VLAN use IP addresses on
the same network segment and share the same gateway address. Hosts in
different sub-VLANs belong to the same subnet, so the switch forwards packets
between the hosts by searching for ARP entries but not through the gateway.
Proxy ARP allows the switch to establish ARP entries for all sub-VLANs for
interworking.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 309

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

To implement communication between some sub-VLANs, configure static ARP

entries to bind destination IP addresses to the gateway MAC address on hosts in
the sub-VLANs.
For example, if host B with the gateway MAC address of 00-aa-00-62-c6-09 wants
to access host B with the IP address of 10.10.10.2/24, perform the following
operations:
1. Choose Start > Run, enter cmd, and press Enter.
2. Enter arp -s 10.10.10.2 00-aa-00-62-c6-09.
After the preceding configuration is complete, host A can access host B. If host B
needs to access host A, configure a static ARP entry to bind host A's IP address to
the gateway MAC address on host B.

6.8.2 How Can a Traffic Policy Be Configured in a Super-VLAN

or Sub-VLAN to Make the Traffic Policy Take Effect
The packets received and sent by the switch configured with VLAN aggregation
carry sub-VLAN tags but not super-VLAN tags, so a traffic policy must be
configured in all sub-VLANs of a super-VLAN. A traffic policy only in the super-
VLAN will not take effect.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 310

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 7 MUX VLAN Configuration

7 MUX VLAN Configuration

About This Chapter

This chapter describes how to configure the Multiplex VLAN (MUX VLAN). The
MUX VLAN allows communication between some users, and prohibits
communication between other users.
7.1 Overview of MUX VLANs
7.2 Licensing Requirements and Limitations for MUX VLANs
7.3 Default Settings for MUX VLANs
7.4 Configuring MUX VLANs
7.5 Configuration Examples for MUX VLANs

7.1 Overview of MUX VLANs

Background
The MUX VLAN function is used to control network resources based on VLANs.
For example, both enterprise employees and customers can access the servers on
an enterprise network. The enterprise allows employees to communicate with
each other but prevents customers from communicating with each other.
To allow all users to access the enterprise servers, inter-VLAN communication
must be configured. If there are a large number of users in an enterprise, VLANs
need to be assigned to the users that the enterprise wishes to restrict
communication. This wastes VLAN IDs and adds significant workload to network
configuration and maintenance.
MUX VLAN provides Layer 2 isolation to allow enterprise employees to
communicate and isolate customers.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 311

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 7 MUX VLAN Configuration

Basic Concepts
A MUX VLAN consists of principal VLANs and subordinate VLANs; subordinate
VLANs are classified into separate VLANs and group VLANs. See Table 7-1 for a
description of these roles.

Table 7-1 Roles in MUX VLAN

MUX VLAN VLAN Type Associated Access Authority
Interface

Principal - Principal A principal interface can

VLAN interface communicate with all interfaces
in a MUX VLAN.

Subordinate Separate Separate A separate interface can

VLAN VLAN interface communicate only with a
principal interface and is
isolated from other types of
interfaces.
Each separate VLAN must be
bound to a principal VLAN.

Group VLAN Group A group interface can

interface communicate with a principal
interface and the other
interfaces in the same group,
but cannot communicate with
interfaces in other groups or a
separate interface.
Each group VLAN must be
bound to a principal VLAN.

Communication in the MUX VLAN

As shown in Figure 7-1, the principal port connects to the enterprise server; the
separate port connects to enterprise customers; the group port connects to
enterprise employees. Accordingly, both enterprise customers and employees can
access the enterprise server, enterprise employees can communicate with each
other, enterprise customers cannot communicate with each other, and enterprise
customers and employees cannot communicate with each other.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 312

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 7 MUX VLAN Configuration

Figure 7-1 MUX VLAN at the access layer

Switch
Principal port

Group port Separate port

Enterprise
server

Enterprise Enterprise
employee customer

On an aggregation device, you can create a VLANIF interface for the principal
VLAN. The IP address of the VLANIF interface can be used as the gateway address
for servers or user hosts. As shown in Figure 7-2, MUX VLAN is configured on the
aggregation device Switch1 to implement user isolation or interworking.

Figure 7-2 MUX VLAN at the aggregation layer

Internet

Switch2
Switch1 Server

VLAN 2
(Principal VLAN)

Switch3 Switch4 Switch5 Switch6

HostB HostC HostD HostE

VLAN 3(Group VLAN) VLAN 4(Separate VLAN)

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 313

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 7 MUX VLAN Configuration

7.2 Licensing Requirements and Limitations for MUX

VLANs

Involved Network Elements

Other network elements are not required.

Licensing Requirements
MUX VLAN configuration commands are available only after the S1720GW,
S1720GWR, and S1720X have the license (WEB management to full management
Electronic RTU License) loaded and activated and the switches are restarted. MUX
VLAN configuration commands on other models are not under license control.

For details about how to apply for a license, see S Series Switch License Use
Guide.

Version Requirements

Table 7-2 Products and versions supporting MUX VLAN

Product Product Software Versions

Model

S1700 S1720GFR V200R006C10, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S1720GW, V200R010C00, V200R011C00, V200R011C10

S1720GWR

S1720GW- V200R010C00, V200R011C00, V200R011C10

E,
S1720GWR
-E

S1720X, V200R011C00, V200R011C10

S1720X-E

Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.

S2700 S2700SI Not supported

S2700EI Not supported

S2710SI Not supported

S2720EI V200R006C10, V200R009C00, V200R010C00,

V200R011C10

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 314

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 7 MUX VLAN Configuration

Product Product Software Versions

Model

S2750EI V200R003C00, V200R005C00SPC300, V200R006C00,

V200R007C00, V200R008C00, V200R009C00,
V200R010C00, V200R011C00, V200R011C10

S3700 S3700SI V100R005C01, V100R006(C00&C01&C03&C05)

S3700EI V100R005C01, V100R006(C00&C01&C03&C05)

S3700HI V100R006C01, V200R001C00

S5700 S5700LI V200R001C00, V200R002C00,

V200R003(C00&C02&C10), V200R005C00SPC300,
V200R006C00, V200R007C00, V200R008C00,
V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5700S-LI V200R001C00, V200R002C00, V200R003C00,

V200R005C00SPC300, V200R006C00, V200R007C00,
V200R008C00, V200R009C00, V200R010C00,
V200R011C00, V200R011C10

S5710-C-LI V200R001C00

S5710-X-LI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S5700EI V100R005C01, V100R006(C00&C01),

V200R001(C00&C01), V200R002C00, V200R003C00,
V200R005(C00&C01&C02&C03)

S5700SI V100R005C01, V100R006C00, V200R001C00,

V200R002C00, V200R003C00, V200R005C00

S5710EI V200R001C00, V200R002C00, V200R003C00,

V200R005(C00&C02)

S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10

S5720LI, V200R010C00, V200R011C00, V200R011C10

S5720S-LI

S5720SI, V200R008C00, V200R009C00, V200R010C00,

S5720S-SI V200R011C00, V200R011C10

S5700HI V100R006C01, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00SPC500&C01&C02)

S5710HI V200R003C00, V200R005(C00&C02&C03)

S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5730SI V200R011C10

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 315

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 7 MUX VLAN Configuration

Product Product Software Versions

Model

S5730S-EI V200R011C10

S6700 S6700EI V100R006C00, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00&C01&C02)

S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, V200R011C00, V200R011C10

S6720S-LI

S6720SI, V200R011C00, V200R011C10

S6720S-SI

NOTE
To know details about software mappings, see Hardware Query Tool.

Feature Limitations
● Table 7-3 describes the specifications of the MUX VLAN.

Table 7-3 Specifications of the MUX VLAN

Item Specification

Maximum number of principal 128

VLANs on a switch

Maximum number of separate 1

VLANs in each principal VLAN

Maximum number of group VLANs 128

in each principal VLAN NOTE
Each principal VLAN supports a total of
128 separate and group VLANs. That is,
if one separate VLAN is configured, a
maximum of 127 group VLANs can be
configured.

● The VLAN ID assigned to a principal VLAN cannot be used to configure the

super-VLAN or sub-VLAN. Additionally, it is not recommended that this VLAN
ID be used to configure VLAN mapping and VLAN stacking.
● The VLAN ID assigned to a group or separate VLAN cannot be used to
configure a VLANIF interface, super-VLAN, or sub-VLAN. Additionally, it is not
recommended that this VLAN ID be used to configure VLAN mapping and
VLAN stacking.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 316

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 7 MUX VLAN Configuration

● Disabling MAC address learning or limiting the number of learned MAC

addresses on a port will compromise the performance of the MUX VLAN
feature.
● MUX VLAN and port security cannot be configured on the same port.
● MUX VLAN and MAC address authentication cannot be configured on the
same port.
● MUX VLAN and 802.1x authentication cannot be configured on the same
port.
● When both DHCP snooping and MUX VLAN are configured, if DHCP snooping
is configured in the subordinate VLAN and DHCP clients are configured in the
principal VLAN, the DHCP clients may fail to obtain IP addresses. In this case,
configure the DHCP server in the principal VLAN.
● After the MUX VLAN feature is enabled on a port, VLAN mapping or VLAN
stacking cannot be configured on the port.
● You cannot create a VLANIF interface for a subordinate group VLAN or
separate VLAN. However, you can create a VLANIF interface for a principal
VLAN on the device excluding the S1720GFR, S2750EI, S5700LI, S5700S-28P-
LI-AC, S5700S-28P-PWR-LI-AC, and S5700S-52P-LI-AC.
● When MUX VLAN is enabled on an interface and a PVID is configured using
the port trunk pvid vlan command, do not configure the PVID as the ID of
the principal VLAN or subordinate VLAN of the MUX VLAN. For example,
VLAN 10 is the principal VLAN, VLAN 11 is a subordinate group VLAN, and
VLAN 12 is a subordinate separate VLAN. After the port mux-vlan enable 10
command is used on the interface to enable MUX VLAN, do not run the port
trunk pvid vlan command to set the PVID to VLAN 11 or VLAN 12.
● When you configure a subordinate VLAN using the subordinate group,
subordinate separate command or create a VLAN with an ID same as an
existing subordinate VLAN, the device deletes existing dynamic MAC address
entries and duplicated MUX MAC address entries of the principal VLAN of this
subordinate VLAN.
● User migration is supported between subordinate VLANs, and is not
supported between the principal VLAN and its subordinate VLANs.

7.3 Default Settings for MUX VLANs

Table 7-4 Default setting for MUX VLANs

Parameter Default Setting

MUX VLAN on an interface Disabled

7.4 Configuring MUX VLANs

7.4.1 Configuring a Principal VLAN for MUX VLANs

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 317

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 7 MUX VLAN Configuration

Context
Interfaces in a principal VLAN can communicate with other interfaces in the same
MUX VLAN.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run vlan vlan-id
A VLAN is created and the VLAN view is displayed. If the VLAN already exists, the
VLAN view is displayed.
The VLAN ID ranges from 1 to 4094. To create VLANs in a batch, run the vlan
batch { vlan-id1 [ to vlan-id2 ] } &<1-10> command. Then run the vlan vlan-id
command to enter the view of a specified VLAN.

NOTE

If a device is configured with multiple VLANs, configure names for the VLANs to facilitate
VLAN management.
Run the name vlan-name command in the VLAN view. After a VLAN name is configured,
you can run the vlan vlan-name vlan-name command in the system view to enter the
corresponding VLAN view.

Step 3 Run mux-vlan

The VLAN is configured as a principal VLAN.
The VLAN ID assigned to a principal VLAN cannot be used to configure the super-
VLAN or sub-VLAN. Additionally, it is not recommended that this VLAN ID be used
to configure VLAN mapping and VLAN stacking.

----End

7.4.2 Configuring a Group VLAN for a Subordinate VLAN

Context
A VLAN associated with a group interface is called a group VLAN. Group interfaces
in a group VLAN can communicate with each other.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run vlan vlan-id
The view of a created principal VLAN is displayed.
Step 3 Run subordinate group { vlan-id1 [ to vlan-id2 ] } &<1-10>
A group VLAN is configured for the subordinate VLAN.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 318

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 7 MUX VLAN Configuration

A maximum of 128 group VLANs can be configured for a principal VLAN.

The VLAN ID assigned to a group VLAN cannot be used to configure a VLANIF
interface, super-VLAN, or sub-VLAN. Additionally, it is not recommended that this
VLAN ID be used to configure VLAN mapping and VLAN stacking.

----End

7.4.3 Configuring a Separate VLAN for a Subordinate VLAN

Context
A VLAN associated with separate interfaces is called a separate VLAN. Interfaces in
a separate VLAN cannot communicate with each other.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run vlan vlan-id
The view of a created principal VLAN is displayed.
Step 3 Run subordinate separate vlan-id
A separate VLAN is configured for a subordinate VLAN.
Only one separate VLAN can be configured for a principal VLAN.
Group and separate VLANs in one MUX VLAN must use different VLAN IDs.
The VLAN ID assigned to a separate VLAN cannot be used to configure a VLANIF
interface, super-VLAN, or sub-VLAN. Additionally, it is not recommended that this
VLAN ID be used to configure VLAN mapping and VLAN stacking.

----End

7.4.4 Enabling the MUX VLAN Function on an Interface

Context
You must enable the MUX VLAN function to implement the following functions:
● The principal VLAN and subordinate VLAN can communicate with each other.
● Interfaces in a group VLAN can communicate with each other.
● Interfaces in a separate VLAN cannot communicate with each other.

Pre-configuration Tasks
Before enabling MUX VLAN function, complete the following tasks:
● Add the interface to a principal or subordinate VLAN as an access, hybrid, or
trunk interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 319

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 7 MUX VLAN Configuration

● Configure the interface to allow multiple common VLANs. The interface can
join only one MUX VLAN.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The interface view is displayed.

Step 3 Run port link-type { hybrid | access | trunk }

The link type of the interface is set.

Step 4 Run port mux-vlan enable vlan vlan-id

The MUX VLAN function is enabled.

After the MUX VLAN function is enabled on an interface, VLAN mapping or VLAN
stacking cannot be configured on the interface.

You cannot create a VLANIF interface for a subordinate group VLAN or separate
VLAN. However, you can create a VLANIF interface for a principal VLAN on the
device excluding the S1720GFR, S2750EI, S5700LI, S5700S-28P-LI-AC, S5700S-28P-
PWR-LI-AC, and S5700S-52P-LI-AC.

The port mux-vlan enable command is not supported on a negotiation-auto or

negotiation-desirable port.

NOTE

● Disabling MAC address learning or limiting the number of learned MAC addresses on an
interface will compromise the performance of the MUX VLAN function.
● MUX VLAN and port security cannot be configured on the same interface.
● MUX VLAN and MAC address authentication cannot be configured on the same
interface.
● MUX VLAN and 802.1x authentication cannot be configured on the same interface.
● If a DHCP server is configured in the subordinate VLAN and DHCP clients are configured
in the principal VLAN, the DHCP clients may fail to obtain IP addresses. Therefore, when
the DHCP snooping function is configured, configure the DHCP server in the principal
VLAN.

----End

7.4.5 Verifying the MUX VLAN Configuration

Procedure
● Run the display mux-vlan command to check information about the MUX
VLAN.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 320

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 7 MUX VLAN Configuration

7.5 Configuration Examples for MUX VLANs

7.5.1 Example for Configuring MUX VLAN on the Access

Device
Networking Requirements
All users on an enterprise network are allowed to access the enterprise server. The
enterprise allows communication between some employees and prohibits
communication between others.

As shown in Figure 7-3, MUX VLAN can be configured on the Switch connecting
to user hosts. MUX VLAN meets the enterprise's requirements, conserves VLAN
resources, and has fewer requirements on network maintenance.

Figure 7-3 MUX VLAN configuration

Switch
GE0/0/1 Server

VLAN2
(Principal VLAN)
GE0/0/2 GE0/0/5

GE0/0/3 GE0/0/4

HostB HostC HostD HostE

VLAN3(Group VLAN) VLAN4(Separate VLAN)

Configuration Roadmap
The configuration roadmap is as follows:

1. Configure a principal VLAN.

2. Configure a group VLAN.
3. Configure a separate VLAN.
4. Add interfaces to the VLANs and enable the MUX VLAN function.

Procedure
Step 1 Configure the MUX VLAN.

# Create VLAN 2, VLAN 3, and VLAN 4.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 2 3 4

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 321

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 7 MUX VLAN Configuration

# Configure a group VLAN and a separate VLAN.

[Switch] vlan 2
[Switch-vlan2] mux-vlan
[Switch-vlan2] subordinate group 3
[Switch-vlan2] subordinate separate 4
[Switch-vlan2] quit

# Add interfaces to the VLANs and enable the MUX VLAN function on the
interfaces.
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type access
[Switch-GigabitEthernet0/0/1] port default vlan 2
[Switch-GigabitEthernet0/0/1] port mux-vlan enable vlan 2
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type access
[Switch-GigabitEthernet0/0/2] port default vlan 3
[Switch-GigabitEthernet0/0/2] port mux-vlan enable vlan 3
[Switch-GigabitEthernet0/0/2] quit
[Switch] interface gigabitethernet 0/0/3
[Switch-GigabitEthernet0/0/3] port link-type access
[Switch-GigabitEthernet0/0/3] port default vlan 3
[Switch-GigabitEthernet0/0/3] port mux-vlan enable vlan 3
[Switch-GigabitEthernet0/0/3] quit
[Switch] interface gigabitethernet 0/0/4
[Switch-GigabitEthernet0/0/4] port link-type access
[Switch-GigabitEthernet0/0/4] port default vlan 4
[Switch-GigabitEthernet0/0/4] port mux-vlan enable vlan 4
[Switch-GigabitEthernet0/0/4] quit
[Switch] interface gigabitethernet 0/0/5
[Switch-GigabitEthernet0/0/5] port link-type access
[Switch-GigabitEthernet0/0/5] port default vlan 4
[Switch-GigabitEthernet0/0/5] port mux-vlan enable vlan 4
[Switch-GigabitEthernet0/0/5] quit

Step 2 Verify the configuration.

The server, HostB, HostC, HostD, and HostE are on the same subnet.
The server can communicate with HostB, HostC, HostD, and HostE at Layer 2.
HostB can communicate with HostC at Layer 2.
HostD cannot communicate with HostE at Layer 2.
HostB and HostC cannot communicate with HostD and HostE at Layer 2.

----End

Configuration Files
Switch configuration file

#
sysname Switch
#
vlan batch 2 to 4
#
vlan 2
mux-vlan
subordinate separate 4
subordinate group 3
#
interface GigabitEthernet0/0/1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 322

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 7 MUX VLAN Configuration

port link-type access

port default vlan 2
port mux-vlan enable vlan 2
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 3
port mux-vlan enable vlan 3
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 3
port mux-vlan enable vlan 3
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 4
port mux-vlan enable vlan 4
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 4
port mux-vlan enable vlan 4
#
return

7.5.2 Example for Configuring MUX VLAN on the Aggregation

Device
Networking Requirements
All employees of an enterprise can access the server on the enterprise network.
The enterprise allows communication between some employees and prohibits
communication between others.
As shown in Figure 7-4, Switch1 is located at the aggregation layer and used as
the gateway of user hosts. Switch2, Switch3, Switch4, Switch5, and Switch6 are
access devices. You can configure MUX VLAN on Switch1 to conserve VLAN IDs on
the enterprise network and has fewer requirements on network maintenance.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 323

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 7 MUX VLAN Configuration

Figure 7-4 Networking of the MUX VLAN

Internet

Switch2
Switch1 GE0/0/2
Server
GE0/0/3 GE0/0/6 VLAN 2
(Principal VLAN)

GE
/4
0/0

0/0
GE

/5
Switch3 Switch4 Switch5 Switch6

HostB HostC HostD HostE

VLAN 3(Group VLAN) VLAN 4(Separate VLAN)

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a principal VLAN and a VLANIF interface. The IP address of the
VLANIF interface is used as the gateway IP address of user hosts and server.
2. Configure a group VLAN.
3. Configure a separate VLAN.
4. Add interfaces to the VLANs and enable the MUX VLAN function on the
interfaces.
5. Add interfaces of access switches to VLANs.

Procedure
Step 1 Configure the MUX VLAN.
# Create VLAN 2, VLAN 3, and VLAN 4, and VLANIF 2 on Switch1. The IP address
of VLANIF 2 is used as the gateway IP address for user hosts and server.
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan batch 2 3 4
[Switch1] interface vlanif 2
[Switch1-Vlanif2] ip address 192.168.100.100 24
[Switch1-Vlanif2] quit

# Configure a group VLAN and a separate VLAN on Switch1.

[Switch1] vlan 2
[Switch1-vlan2] mux-vlan
[Switch1-vlan2] subordinate group 3

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 324

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 7 MUX VLAN Configuration

[Switch1-vlan2] subordinate separate 4

[Switch1-vlan2] quit

# Add interfaces to the VLANs and enable the MUX VLAN function on the
interfaces.
[Switch1] interface gigabitethernet 0/0/2
[Switch1-GigabitEthernet0/0/2] port link-type trunk
[Switch1-GigabitEthernet0/0/2] port trunk allow-pass vlan 2
[Switch1-GigabitEthernet0/0/2] port mux-vlan enable vlan 2
[Switch1-GigabitEthernet0/0/2] quit
[Switch1] interface gigabitethernet 0/0/3
[Switch1-GigabitEthernet0/0/3] port link-type trunk
[Switch1-GigabitEthernet0/0/3] port trunk allow-pass vlan 3
[Switch1-GigabitEthernet0/0/3] port mux-vlan enable vlan 3
[Switch1-GigabitEthernet0/0/3] quit
[Switch1] interface gigabitethernet 0/0/4
[Switch1-GigabitEthernet0/0/4] port link-type trunk
[Switch1-GigabitEthernet0/0/4] port trunk allow-pass vlan 3
[Switch1-GigabitEthernet0/0/4] port mux-vlan enable vlan 3
[Switch1-GigabitEthernet0/0/4] quit
[Switch1] interface gigabitethernet 0/0/5
[Switch1-GigabitEthernet0/0/5] port link-type trunk
[Switch1-GigabitEthernet0/0/5] port trunk allow-pass vlan 4
[Switch1-GigabitEthernet0/0/5] port mux-vlan enable vlan 4
[Switch1-GigabitEthernet0/0/5] quit
[Switch1] interface gigabitethernet 0/0/6
[Switch1-GigabitEthernet0/0/6] port link-type trunk
[Switch1-GigabitEthernet0/0/6] port trunk allow-pass vlan 4
[Switch1-GigabitEthernet0/0/6] port mux-vlan enable vlan 4
[Switch1-GigabitEthernet0/0/6] quit

Step 2 Add interfaces of access switches to VLANs. The configuration details are not
mentioned here.
Step 3 Verify the configuration.
The server can communicate with HostB, HostC, HostD, and HostE at Layer 2.
HostB can communicate with HostC at Layer 2.
HostD cannot communicate with HostE at Layer 2.
HostB and HostC cannot communicate with HostD and HostE at Layer 2.

----End

Configuration Files
Switch1 configuration file

#
sysname Switch1
#
vlan batch 2 to 4
#
vlan 2
mux-vlan
subordinate separate 4
subordinate group 3
#
interface Vlanif2
ip address 192.168.100.100 255.255.255.0
#
interface GigabitEthernet0/0/2
port link-type trunk

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 325

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 7 MUX VLAN Configuration

port trunk allow-pass vlan 2

port mux-vlan enable vlan 2
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 3
port mux-vlan enable vlan 3
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 3
port mux-vlan enable vlan 3
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 4
port mux-vlan enable vlan 4
#
interface GigabitEthernet0/0/6
port link-type trunk
port trunk allow-pass vlan 4
port mux-vlan enable vlan 4
#
return

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 326

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

8 VLAN Termination Configuration

About This Chapter

This chapter describes how to configure VLAN termination. The VLAN termination
function includes two sub-functions: Dot1q termination and QinQ termination.
Dot1q termination implements inter-VLAN communication. Use the Dot1q
termination and QinQ termination together to implement LAN and WAN
interconnection.

8.1 Overview of VLAN Termination

8.2 Application Scenarios for VLAN Termination
8.3 Summary of VLAN Termination Configuration Tasks
8.4 Licensing Requirements and Limitations for VLAN Termination
8.5 Default Settings for VLAN Termination
8.6 Configuring a Dot1q Termination Sub-interface to Implement Inter-VLAN
Communication
8.7 Configuring a Dot1q Termination Sub-interface and Connecting It to an L2VPN
8.8 Configuring a Dot1q Termination Sub-interface and Connecting It to an L3VPN
8.9 Configuring a QinQ Termination Sub-interface and Connecting It to an L2VPN
8.10 Configuring a QinQ Termination Sub-interface and Connecting It to an L3VPN
8.11 Configuration Examples for VLAN Termination

8.1 Overview of VLAN Termination

Definition
VLAN termination is a VLAN tag processing mechanism. After VLAN termination is
enabled on a device, the device identifies VLAN tags in received packets, removes
single or double tags from the packets, and then forwards packets at Layer 3 or

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 327

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

takes other actions. These VLAN tags are only useful before termination, and are
not used in Layer 3 forwarding or other processing.
A device with VLAN termination enabled processes incoming and outgoing
packets as follows:
● Removes VLAN tags from the packets received on interfaces, and then
forwards the packets at Layer 3 or takes other actions.
● Adds VLAN tags to the packets that will be sent out through interfaces.

Classification
Depending on the modes in which VLAN tagged packets are processed, VLAN
termination has the following sub-functions:
● Dot1q termination: removes the outer VLAN tag from the received single-
tagged or double-tagged packets, and adds a VLAN tag to the packets to be
sent by an interface.
● QinQ termination: removes double VLAN tags from the received double-
tagged packets, and adds double VLAN tags to the packets to be sent by an
interface.
Generally, VLAN termination is configured on sub-interfaces. A sub-interface that
terminates single tags in packets is called a Dot1q termination sub-interface, and
a sub-interface that terminates double tags in packets is called a QinQ
termination sub-interface.

NOTE
Dot1q and QinQ VLAN tag termination sub-interfaces do not support transparent
transmission of packets that do not contain a VLAN tag, and discard received packets that
do not contain a VLAN tag.

Purpose
After VLANs are assigned on a network, hosts in the same VLAN can
communicate with each other at Layer 2, whereas hosts in different VLANs
cannot. You can use VLANIF interfaces on a Layer 3 switch to implement inter-
VLAN Layer 3 connectivity. As shown in Figure 8-1, when a Layer 3 switch uses
only one Layer 3 Ethernet interface to connect to users or a network, this interface
needs to transmit packets from multiple VLANs. A VLANIF interface cannot
provide this function. You can virtualize a Layer 3 Ethernet interface into multiple
logical sub-interfaces. The Layer 3 Ethernet interface is the main interface for the
logical sub-interfaces.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 328

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Figure 8-1 Networking of configuring sub-interfaces to implement interworking

Layer 3 switch

Port1.1 Port1.2

VLAN Trunk
Layer 2 switch

Host1 Host2 Host3 Host4

VLAN 2 VLAN 3

By default, a Layer 3 Ethernet sub-interface treats received VLAN packets as

invalid packets and discards them; therefore, VLAN termination needs to be
configured on the Layer 3 Ethernet sub-interface so that the sub-interface can
remove VLAN tags from packets.

8.2 Application Scenarios for VLAN Termination

8.2.1 Using a Dot1q Termination Sub-interface to Implement

Inter-VLAN Communication
As shown in Figure 8-2, SwitchA is a Layer 3 switch configured with sub-interfaces
and SwitchB is a Layer 2 switch. SwitchA connects to SwitchB through a Layer 3
Ethernet interface. User hosts are assigned to VLAN 2 and VLAN 3, and need to
communicate with each other.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 329

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Figure 8-2 Using a Dot1q termination sub-interface to implement inter-VLAN

communication
SwitchA

Port1.1 Port1.2

VLAN Trunk
SwitchB

Host1 Host2 Host3 Host4

VLAN2 VLAN3

Perform the following operations to implement inter-VLAN communication:

● Create sub-interfaces Port1.1 and Port1.2 on the Ethernet interface connecting

SwitchA to SwitchB.
● Configure Dot1q termination on Port1.1 and Port1.2 to remove VLAN tags in
packets sent by SwitchB.
● Assign IP addresses to Port1.1 and Port1.2.
● Configure the IP addresses of Port1.1 and Port1.2 as the default gateway
addresses for user hosts.

After the preceding operations are performed, user hosts in VLAN 2 and VLAN 3
can communicate at Layer 3. When a host in VLAN 2 sends packets to a host in
VLAN 3, the process is as follows:
1. Port1.1 removes the VLAN tag of the packets sent from VLAN 2 through
SwitchB, and forwards the packets to Port1.2 at Layer 3.
2. Before sending the packets out, Port1.2 adds VLAN 3 to the packets so that
the packets can reach user hosts in VLAN 3.
The process is reversed when a host in VLAN 3 sends packets to a host in VLAN 2.

8.2.2 Using a Dot1q Termination Sub-interface to Connect to a

VPN

Using a Dot1q Termination Sub-interface to Connect to a PWE3/VLL/VPLS

Network
As shown in Figure 8-3, different branches of an enterprise are interconnected
through a carrier's PWE3/VLL/VPLS network. PEs serve as edge devices of the
carrier's PWE3/VLL/VPLS network and connect to branch networks through sub-

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 330

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

interfaces, and packets sent by CEs to PEs carry one or double VLAN tags. User
hosts in different branches need to communicate with each other.

Figure 8-3 Using a Dot1q termination sub-interface to connect to a PWE3/VLL/

VPLS network

ISP
PWE3/VLL/VPLS
PE1 PE2
Port1.1 Port1.1

CE1 CE2

Branch1 Branch2

Single-tagged packet

Dot1q termination and PWE3/VLL/VPLS are configured on sub-interfaces of PE1

and PE2. When branch 1 sends packets to branch 2, the process is as follows:
1. PE1 checks the outer VLAN tag of data packets sent from CE1. When the
VLAN tag is the same as that specified in the Dot1q termination configuration
on Port1.1, PE1 encapsulates double MPLS labels into the packets and
forwards the packets to the carrier's PWE3/VLL/VPLS network. VLAN tags are
transparent to the carrier's PWE3/VLL/VPLS network.
2. When receiving the packets, PE2 removes double MPLS labels from the
packets, and forwards the packets to CE2 according to the Dot1q termination
configuration on Port1.1.
3. CE2 forwards packets to user hosts to implement interworking of different
branches.
The process is reversed when branch 2 sends packets to branch 1.

Using a Dot1q Termination Sub-interface to Connect to an L3VPN

As shown in Figure 8-4, different branches of an enterprise are interconnected
through a carrier's MPLS L3VPN. PEs serve as edge devices of the carrier's MPLS
L3VPN and connect to branch networks through sub-interfaces, and packets sent
by CEs to PEs carry one or double VLAN tags. Hosts in different branches need to
use the same services.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 331

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Figure 8-4 Using a Dot1q termination sub-interface to connect to an L3VPN

VPN1 VPN1
Branch 1 Branch 2

CE1 CE3
PE1 PE2
Port1.1 ISP Port1.1
MPLS L3VPN
Port1.2 Port1.2

CE2
CE4

Branch 1 Branch 2
VPN2 VPN2

Dot1q termination and L3VPN are configured on sub-interfaces of PE1 and PE2.
When a host in branch 1 of VPN 1 sends packets to a host in branch 2 of VPN 1,
the process is as follows:
1. According to the Dot1q termination configuration on Port1.1, PE1 removes
the outer VLAN tag of the packets sent from CE1.
2. PE1 binds the outer VLAN tag to the VPN instance VPN1, and forwards the
packets to the L3VPN.
3. After the packets reach PE2, PE2 determines that the packets are destined for
CE3 according to the VPN instance.
4. PE2 adds an outer VLAN tag to the packets according to the Dot1q
termination configuration on Port1.1, and then forwards the packets to CE3.
5. CE3 forwards the packets to the destination user host to implement
communication.
The process is reversed when a host in branch 2 of VPN 1 sends packets to branch
1 of VPN 1.

8.2.3 Using a QinQ Termination Sub-interface to Connect to a

VPN

Using a QinQ Termination Sub-interface to Connect to a PWE3/VLL/VPLS

Network
As shown in Figure 8-5, different branches of an enterprise are interconnected
through a carrier's PWE3/VLL/VPLS network. PEs serve as edge devices of the
carrier's PWE3/VLL/VPLS network and connect to branch networks through sub-
interfaces, and packets sent by CEs to PEs carry double VLAN tags. User hosts in
different branches need to communicate with each other.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 332

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Figure 8-5 Using a QinQ termination sub-interface to connect to a PWE3/VLL/

VPLS network

ISP
PWE3/VLL/VPLS
PE1 PE2
Port1.1 Port1.1

CE1 CE2

Branch 1 Branch 2

Double-tagged packet

QinQ termination and PWE3/VLL/VPLS are configured on sub-interfaces of PE1

and PE2. When branch 1 sends packets to branch 2, the process is as follows:
1. PE1 checks the inner and outer VLAN tags of data packets sent from CE1.
When these VLAN tags are the same as those specified in the QinQ
termination configuration on Port1.1, PE1 encapsulates double MPLS labels
into the packets and forwards the packets to the carrier's PWE3/VLL/VPLS
network. VLAN tags are transparent to the carrier's PWE3/VLL/VPLS network.
2. When receiving the packets, PE2 removes double MPLS labels from the
packets, and forwards the packets to CE2 according to the QinQ termination
configuration on Port1.1.
3. CE2 forwards packets to user hosts to implement interworking of different
branches.
The process is reversed when branch 2 sends packets to branch 1.

Using a QinQ Termination Sub-interface to Connect to an L3VPN

As shown in Figure 8-6, different branches of an enterprise are interconnected
through a carrier's MPLS L3VPN. PEs serve as edge devices of the carrier's MPLS
L3VPN and connect to branch networks through sub-interfaces, and packets sent
by CEs to PEs carry double VLAN tags. Hosts in different branches need to use the
same services.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 333

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Figure 8-6 Using a QinQ termination sub-interface to connect to an L3VPN

VPN1 VPN1
Branch 1 Branch 2

CE1 CE3
PE1 PE2
Port1.1 ISP Port1.1
MPLS L3VPN
Port1.2 Port1.2

CE2
CE4

Branch 1 Branch 2
VPN2 VPN2

QinQ termination and L3VPN are configured on sub-interfaces of PE1 and PE2.
When a host in branch 1 of VPN 1 sends packets to a host in branch 2 of VPN 1,
the process is as follows:
1. According to the Dot1q termination configuration on Port1.1, PE1 removes
the inner and outer VLAN tags of the packets sent from CE1.
2. PE1 binds the inner and outer VLAN tags to the VPN instance VPN1, and
forwards the packets to the L3VPN.
3. After the packets reach PE2, PE2 determines that the packets are destined for
CE3 according to the VPN instance.
4. PE2 adds inner and outer VLAN tags to the packets according to the QinQ
termination configuration on Port1.1, and then forwards the packets to CE3.
5. CE3 forwards the packets to the destination user host to implement
communication.
The process is reversed when a host in branch 2 of VPN 1 sends packets to branch
1 of VPN 1.

8.3 Summary of VLAN Termination Configuration Tasks

Table 8-1 describes the VLAN termination configuration tasks. The configuration
tasks can be performed in any sequence.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 334

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Table 8-1 VLAN termination configuration tasks

Configuration Applicable Scenario
Task

8.6 A Layer 3 switch connects to user hosts residing in different

Configuring a VLANs through a Layer 3 Ethernet interface, and these user
Dot1q hosts need to communicate with each other.
Termination
Sub-interface
to Implement
Inter-VLAN
Communicatio
n

8.7 A carrier's network provides the L2VPN service for users. PEs
Configuring a function as user access devices and connect to CEs through
Dot1q sub-interfaces to access user networks. The data packets that
Termination CEs send to PEs carry one VLAN tag. Interworking is required
Sub-interface between user networks.
and
Connecting It
to an L2VPN

8.8 A carrier's network provides the L3VPN service for users. PEs
Configuring a function as user access devices and connect to CEs through
Dot1q sub-interfaces to access user networks. The data packets that
Termination CEs send to PEs carry one VLAN tag. Interworking is required
Sub-interface between user networks.
and
Connecting It
to an L3VPN

8.9 A carrier's network provides the L2VPN service for users. PEs
Configuring a function as user access devices and connect to CEs through
QinQ sub-interfaces to access user networks. The data packets that
Termination CEs send to PEs carry double VLAN tags. Interworking is
Sub-interface required between user networks.
and
Connecting It
to an L2VPN

8.10 A carrier's network provides the L3VPN service for users. PEs
Configuring a function as user access devices and connect to CEs through
QinQ sub-interfaces to access user networks. The data packets that
Termination CEs send to PEs carry double VLAN tags. Interworking is
Sub-interface required between user networks.
and
Connecting It
to an L3VPN

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 335

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

8.4 Licensing Requirements and Limitations for VLAN

Termination

Involved Network Elements

Other network elements are not required.

Licensing Requirements
VLAN termination, that is, QinQ and Dot1q on a sub-interface, is a basic feature
of a switch and is not under license control.

Software Requirements

Table 8-2 Products and versions supporting VLAN termination

Product Product Software Version

Model

S1700 S1720GFR Not supported

S1720GW, Not supported

S1720GWR

S1720GW- Not supported

E,
S1720GWR
-E

S1720X, Not supported

S1720X-E

Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.

S2700 S2700SI Not supported

S2700EI Not supported

S2710SI Not supported

S2720EI Not supported

S2750EI Not supported

S3700 S3700SI Not supported

S3700EI Not supported

S3700HI Not supported

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 336

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Product Product Software Version

Model

S5700 S5700LI, Not supported

S5700S-LI

S5710-C-LI Not supported

S5710-X-LI Not supported

S5700EI Not supported

S5700SI Not supported

S5710EI V200R001C00, V200R002C00, V200R003C00,

V200R005(C00&C02)

S5720EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S5720SI, Not supported

S5720S-SI

S5720LI, Not supported

S5720S-LI

S5700HI V100R006C01, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00SPC500&C01&C02)

S5710HI V200R003C00, V200R005(C00&C02&C03)

S5720HI V200R007C10, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S5730SI Not supported

S5730S-EI Not supported

S6700 S6700EI V100R006C00, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00&C01&C02)

S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, Not supported

S6720S-LI

S6720SI, Not supported

S6720S-SI

NOTE
To know details about software mappings, see Hardware Query Tool.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 337

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Feature Limitations
● Termination sub-interfaces cannot be configured on an Eth-Trunk member
interface.
● You are advised to add member interfaces to an Eth-Trunk and configure
termination sub-interfaces on the Eth-Trunk in sequence. Termination sub-
interfaces can be configured successfully on an Eth-Trunk only when the
device where member interfaces reside support termination sub-interfaces.
● The VLAN IDs terminated by a sub-interface cannot be created in the system
view or be displayed using a display command.
● In V200R005 and earlier versions, When VLAN IDs terminated by a sub-
interface are used for Layer 3 forwarding, only the first VLAN takes effect
even if multiple inner VLAN IDs are specified.
● VLAN termination sub-interfaces cannot be created on a VCMP client.
● When the dot1q termination vid or qinq termination pe-vid ce-vid
command is used to configure a VLAN for the VLAN termination sub-
interface, the VLAN cannot be configured as the super-VLA or sub-VLAN.
● If the PW-side interface is a Layer 3 interface switched by the undo
portswitch command, the AC-side interface cannot be a Layer 3 interface or
subinterface belonging to a Layer 3 interface; otherwise, traffic forwarding is
abnormal. This rule applies to S5720EI, S6720EI, and S6720S-EI.

8.5 Default Settings for VLAN Termination

Table 8-3 Default setting for VLAN termination

Parameter Default Setting

Dot1q termination and QinQ Not configured

termination on each sub-interface

ARP broadcast on each sub-interface Disabled

8.6 Configuring a Dot1q Termination Sub-interface to

Implement Inter-VLAN Communication

Context
When a Layer 3 switch connects to users on different network segments across
different VLANs, configure Dot1q termination and IP addresses for the sub-
interfaces to implement Layer 3 connectivity.

NOTE

● To implement inter-VLAN communication, hosts in each VLAN must use the IP address
of the corresponding sub-interface as the default gateway address.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 338

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The interface view is displayed.

Step 3 Run port link-type { hybrid | trunk }

The link type of the interface is set.

Step 4 Run quit

Exit from the interface view.

Step 5 Run interface interface-type interface-number.subinterface-number

The sub-interface view is displayed.

Step 6 Run ip address ip-address { mask | mask-length } [ sub ]

An IP address is assigned to the sub-interface.

Step 7 Run dot1q termination vid low-pe-vid [ to high-pe-vid ]

Dot1q termination is configured on the sub-interface.

Sub-interfaces of different main interfaces can be associated with the same VLAN,
but sub-interfaces of the same main interface cannot be associated with the same
VLAN.

Step 8 Run arp broadcast enable

ARP broadcast is enabled on the sub-interface.

When you enable or disable ARP broadcast on a sub-interface, the routing status
on the sub-interface alternates between Down and Up. This may result in route
flapping on the entire network, and affects normal operation of services.

----End

8.7 Configuring a Dot1q Termination Sub-interface and

Connecting It to an L2VPN

Pre-configuration Tasks
Before configuring a Dot1q termination sub-interface and connecting it to an
L2VPN, complete the following tasks:
● Connect devices correctly.
● Configure VLANs to which CEs belong and basic Layer 2 forwarding so that
each packet sent from CEs to PEs carries one VLAN tag.
● Ensure that the device is not a VCMP client.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 339

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

8.7.1 Configuring a Dot1q Termination Sub-interface

Context
When a VPN connects to an ISP network through a sub-interface, the sub-
interface needs to remove VLAN tags of the packets that the VPN has sent to the
ISP network. When each packet that CEs send to PEs carries one VLAN tag, the
sub-interface terminates the single VLAN tag. This sub-interface is called Dot1q
termination sub-interface.

Procedure
Step 1 On the PE device, run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The interface view is displayed.

Step 3 Run port link-type { hybrid | trunk }

The port link-type is set.

Step 4 Run quit

Return to the system view.

Step 5 Run interface interface-type interface-number.subinterface-number

The view of the sub-interface connecting the PE to the CE is displayed.

NOTE

If the PW-side interface is a Layer 3 interface switched by the undo portswitch command, the
AC-side interface cannot be a Layer 3 interface or subinterface belonging to a Layer 3 interface;
otherwise, traffic forwarding is abnormal. This rule applies to S5720EI, S6720EI, and S6720S-EI.

Step 6 Run dot1q termination vid low-pe-vid [ to high-pe-vid ]

Dot1q termination is configured on the sub-interface.

After a VLANIF interface is configured, the corresponding VLAN cannot be

configured as a VLAN for Dot1q termination sub-interfaces or an outer VLAN for
QinQ termination sub-interfaces.

----End

8.7.2 Configuring L2VPN

Context
After a Dot1q termination sub-interface is configured, you need to configure the
virtual private network (VPN) service on the sub-interface so that users at both
ends of the L2VPN can communicate with each other.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 340

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Virtual leased line (VLL) technology emulates leased lines on an IP network to

provide inexpensive, asymmetrical digital data network (DDN) services. As a point-
to-point (P2P) L2VPN technology, VLL can support almost all link layer protocols.

For details about L2VPN, see VLL Configuration in the S1720, S2700, S5700, and
S6720 V200R011C10 Configuration Guide - VPN.

NOTE

A Dot1q termination sub-interface can be bound to a VLL that provides homogeneous or

heterogeneous transport in the following modes:
● Local Kompella connection
● Remote Kompella connection
● Local Martini connection
● Remote Martini connection

8.7.3 Verifying the Configuration of a Dot1q Termination Sub-

interface and Its Connection to an L2VPN

Procedure
● Run the display dot1q information termination [ interface interface-type
interface-number [.subinterface-number ] ] command to check dot1q
termination sub-interface information.
● Run the display mpls static-l2vc command to check static VC information.
● Run the display mpls l2vc command on the PE to check Martini VLL
information on the local PE.
● Run the display mpls l2vc remote-info command on the PE to check Martini
VLL information on the remote PE.
● Run the display vll ccc [ ccc-name | type { local | remote } ] command to
check CCC connection information.

----End

8.8 Configuring a Dot1q Termination Sub-interface and

Connecting It to an L3VPN

Pre-configuration Tasks
Before configuring a Dot1q termination sub-interface and connecting it to an
L3VPN, complete the following tasks:
● Connect devices correctly.
● Configure VLANs to which CEs belong and basic Layer 2 forwarding so that
each packet sent from CEs to PEs carries one VLAN tag.
● Ensure that the device is not a VCMP client.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 341

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

8.8.1 Configuring a Dot1q Termination Sub-interface

Context
When a VPN connects to an ISP network through a sub-interface, the sub-
interface needs to remove VLAN tags of the packets that the VPN has sent to the
ISP network. When each packet that CEs send to PEs carries one VLAN tag, the
sub-interface terminates the single VLAN tag. This sub-interface is called Dot1q
termination sub-interface.

Procedure
● Configure an IPv4 address for a sub-interface.
a. On the PE device, run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run port link-type { hybrid | trunk }
The port link-type is set.
d. Run quit
Return to the system view.
e. Run interface interface-type interface-number.subinterface-number
The view of the sub-interface connecting the PE to the CE is displayed.
f. Run ip address ip-address { mask | mask-length }
An IPV4 address is configured for the sub-interface.
g. Run dot1q termination vid low-pe-vid [ to high-pe-vid ]
Dot1q termination is configured on the sub-interface.
After a VLANIF interface is configured, the corresponding VLAN cannot
be configured as a VLAN for Dot1q termination sub-interfaces or an
outer VLAN for QinQ termination sub-interfaces.
h. Run arp broadcast enable
The sub-interface is enabled to forward ARP broadcast packets.
● Configure an IPv6 address for a sub-interface.
a. On the PE device, run system-view
The system view is displayed.
b. Run ipv6
IPv6 packet forwarding is enabled.
c. Run interface interface-type interface-number
The interface view is displayed.
d. Run port link-type { hybrid | trunk }
The port link-type is set.
e. Run quit
Return to the system view.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 342

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

f. Run interface interface-type interface-number.subinterface-number

The view of the sub-interface connecting the PE to the CE is displayed.
g. Run ipv6 enable
The IPv6 function is enabled on the interface.
h. Run ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-
length }
An IPV6 address is configured for the sub-interface.
i. Run dot1q termination vid low-pe-vid [ to high-pe-vid ]
Dot1q termination is configured on the sub-interface.
After a VLANIF interface is configured, the corresponding VLAN cannot
be configured as a VLAN for Dot1q termination sub-interfaces or an
outer VLAN for QinQ termination sub-interfaces.
j. Run ipv6 nd ns multicast-enable
The sub-interface is enabled to send NS multicast packets.

8.8.2 Configuring L3VPN

After a Dot1q termination sub-interface is configured, you need to configure the
VPN service so that users at both ends of the L3VPN can communicate with each
other.
Configure L3VPN on the CE, PE, and P. For details, see BGP/MPLS IP VPN
Configuration or BGP/MPLS IPv6 VPN Configuration in the S1720, S2700, S5700,
and S6720 V200R011C10 Configuration Guide - VPN.

8.8.3 Verifying the Configuration of a Dot1q Termination Sub-

interface and Its Connection to an L3VPN

Procedure
● Run the display dot1q information termination [ interface interface-type
interface-number [.subinterface-number ] ] command to check dot1q
termination sub-interface information.
● Run the display ip vpn-instance [ verbose ] [ vpn-instance-name ] command
to check VPN instance information.
----End

8.9 Configuring a QinQ Termination Sub-interface and

Connecting It to an L2VPN

Pre-configuration Tasks
Before configuring a QinQ termination sub-interface and connecting it to an
L2VPN, complete the following tasks:
● Connect devices correctly.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 343

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

● Configure VLANs to which CEs belong and basic Layer 2 forwarding so that
packets sent from CEs to PEs carry double VLAN tags.
● Ensure that the device is not a VCMP client.

Configuration Process

8.9.1 Configuring a QinQ Sub-interface

Context
When a VPN network connects to an ISP network through a sub-interface, the
sub-interface needs to terminate VLAN tags. When data packets sent by CEs to
PEs carry double VLAN tags, the sub-interface terminates double VLAN tags. This
sub-interface is called QinQ termination sub-interface.

Procedure
Step 1 On the PE device, run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run port link-type { hybrid | trunk }
The port link-type is set.
Step 4 Run quit
Return to the system view.
Step 5 Run interface interface-type interface-number.subinterface-number
The view of the sub-interface connecting the PE to the CE is displayed.

NOTE

If the PW-side interface is a Layer 3 interface switched by the undo portswitch command, the
AC-side interface cannot be a Layer 3 interface or subinterface belonging to a Layer 3 interface;
otherwise, traffic forwarding is abnormal. This rule applies to S5720EI, S6720EI, and S6720S-EI.

Step 6 (Optional) Run qinq termination l2 { symmetry | asymmetry }

The attributes of the sub-interface for QinQ VLAN tag termination are set.
By default, access attributes are not configured on a sub-interface for QinQ VLAN
tag termination.
When a sub-interface for QinQ VLAN tag termination is connected to the L2VPN,
the PE processes packets based on the QinQ termination configuration, attributes
of the sub-interface for QinQ VLAN tag termination when the sub-interface
connects to the PWE3, VLL, or VPLS network, and encapsulation mode.
NOTE
Select the encapsulation mode according to encapsulation (VSI view) or mpls l2vc.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 344

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Table 8-4 Packet processing on the inbound interface in the VPLS scenario
Inbound Interface Type Ethernet Encapsulation VLAN Encapsulation

Symmetrical mode Removes the outer tag. Reserves double tags. No

action is required.

Asymmetrical mode Removes double tags. Removes the outer tag.

Default Removes double tags. Reserves double tags. No

action is required.

Table 8-5 Packet processing on the outbound interface in the VPLS scenario
Inbound Interface Type Ethernet Encapsulation VLAN Encapsulation

Symmetrical mode Removes the MPLS label Removes the MPLS label
and adds the outer tag and replaces the outer
specified by pe-vid that tag with the tag
is configured on the sub- specified by pe-vid that
interface for QinQ VLAN is configured on the sub-
tag termination. interface for QinQ VLAN
tag termination if
packets carry the inner
tag, or removes the
MPLS label and adds the
outer tag specified by
pe-vid that is configured
on the sub-interface for
QinQ VLAN tag
termination if packets do
not carry the inner tag.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 345

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Inbound Interface Type Ethernet Encapsulation VLAN Encapsulation

Asymmetrical mode S5720HI: removes the S5720HI: removes the

MPLS label and adds MPLS label and adds
double tags according to double tags according to
ce-vid and pe-vid ce-vid and pe-vid
configured on the sub- configured on the sub-
interface for QinQ VLAN interface for QinQ VLAN
tag termination. tag termination if
Other models: removes packets do not carry the
the MPLS label and adds inner tag, or removes
double tags according to the MPLS label, removes
ce-vid and pe-vid the inner tag, and adds
configured on the sub- double tags according to
interface for QinQ VLAN ce-vid and pe-vid
tag termination if configured on the sub-
packets do not carry the interface for QinQ VLAN
inner tag, or removes the tag termination if
MPLS label, removes the packets carry the inner
inner tag, and adds tag.
double tags according to Other models: removes
ce-vid and pe-vid the MPLS label and adds
configured on the sub- double tags according to
interface for QinQ VLAN ce-vid and pe-vid
tag termination if configured on the sub-
packets carry the inner interface for QinQ VLAN
tag. tag termination if
packets do not carry the
inner tag; removes the
MPLS label, removes one
inner tag, and adds
double tags according to
ce-vid and pe-vid
configured on the sub-
interface for QinQ VLAN
tag termination if
packets carry one inner
tag; removes the MPLS
label, removes double
inner tags, and adds
double tags according to
ce-vid and pe-vid
configured on the sub-
interface for QinQ VLAN
tag termination if
packets carry double
inner tags.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 346

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Inbound Interface Type Ethernet Encapsulation VLAN Encapsulation

Default S5720HI: removes the Removes the MPLS label

MPLS label and adds and transparently
double tags according to transmits packets.
ce-vid and pe-vid
configured on the sub-
interface for QinQ VLAN
tag termination.
Other models: removes
the MPLS label and adds
double tags according to
ce-vid and pe-vid
configured on the sub-
interface for QinQ VLAN
tag termination if
packets do not carry the
inner tag, or removes the
MPLS label, removes the
inner tag, and adds
double tags according to
ce-vid and pe-vid
configured on the sub-
interface for QinQ VLAN
tag termination if
packets carry the inner
tag.

Table 8-6 Packet processing on the inbound interface in the VLL or PWE3 scenario
Inbound Interface Type Raw Encapsulation Tagged Encapsulation

Symmetrical mode Removes the outer tag. Reserves double tags. No

action is required.

Asymmetrical mode Removes double tags. Removes the outer tag.

Default Removes the outer tag. Reserves double tags. No

action is required.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 347

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Table 8-7 Packet processing on the outbound interface in the VLL or PWE3
scenario
Inbound Interface Type Raw Encapsulation Tagged Encapsulation

Symmetrical mode Removes the MPLS label Removes the MPLS label
and adds the outer tag and replaces the outer
specified by pe-vid that tag with the tag
is configured on the sub- specified by pe-vid that
interface for QinQ VLAN is configured on the sub-
tag termination. interface for QinQ VLAN
tag termination if
packets carry the inner
tag, or removes the
MPLS label and adds the
outer tag specified by
pe-vid that is configured
on the sub-interface for
QinQ VLAN tag
termination if packets do
not carry the inner tag.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 348

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Inbound Interface Type Raw Encapsulation Tagged Encapsulation

Asymmetrical mode S5720HI: removes the S5720HI: removes the

MPLS label and adds MPLS label and adds
double tags according to double tags according to
ce-vid and pe-vid ce-vid and pe-vid
configured on the sub- configured on the sub-
interface for QinQ VLAN interface for QinQ VLAN
tag termination. tag termination if
Other models: removes packets do not carry the
the MPLS label and adds inner tag, or removes
double tags according to the MPLS label, removes
ce-vid and pe-vid the inner tag, and adds
configured on the sub- double tags according to
interface for QinQ VLAN ce-vid and pe-vid
tag termination if configured on the sub-
packets do not carry the interface for QinQ VLAN
inner tag, or removes the tag termination if
MPLS label, removes the packets carry the inner
inner tag, and adds tag.
double tags according to Other models: removes
ce-vid and pe-vid the MPLS label and adds
configured on the sub- double tags according to
interface for QinQ VLAN ce-vid and pe-vid
tag termination if configured on the sub-
packets carry the inner interface for QinQ VLAN
tag. tag termination if
packets do not carry the
inner tag; removes the
MPLS label, removes one
inner tag, and adds
double tags according to
ce-vid and pe-vid
configured on the sub-
interface for QinQ VLAN
tag termination if
packets carry one inner
tag; removes the MPLS
label, removes double
inner tags, and adds
double tags according to
ce-vid and pe-vid
configured on the sub-
interface for QinQ VLAN
tag termination if
packets carry double
inner tags.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 349

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Inbound Interface Type Raw Encapsulation Tagged Encapsulation

Default Removes the MPLS label Removes the MPLS label

and adds the outer tag and replaces the outer
specified by pe-vid that tag with the tag
is configured on the sub- specified by pe-vid on
interface for QinQ VLAN the sub-interface for
tag termination. QinQ VLAN tag
termination if packets
carry the inner tag, or
removes the MPLS label
and adds the outer tag
specified by pe-vid on
the sub-interface for
QinQ VLAN tag
termination if packets do
not carry the inner tag.

Step 7 Run qinq termination pe-vid pe-vid ce-vid ce-vid1 [ to ce-vid2 ]

QinQ termination is configured on the sub-interface.

After a VLANIF interface is configured, the corresponding VLAN cannot be

configured as an outer VLAN for the sub-interface for QinQ VLAN tag termination.

----End

8.9.2 Configuring L2VPN

Context
Virtual leased line (VLL) technology emulates leased lines on an IP network to
provide inexpensive, asymmetrical digital data network (DDN) services. As a point-
to-point (P2P) L2VPN technology, VLL can support almost all link layer protocols.

For details about L2VPN, see VLL Configuration in the S1720, S2700, S5700, and
S6720 V200R011C10 Configuration Guide - VPN.

NOTE

A QinQ termination sub-interface can be bound to a VLL that provides homogeneous or

heterogeneous transport in the following modes:
● Local CCC connection
● Remote CCC connection
● Remote SVC connection
● Local Kompella connection
● Remote Kompella connection
● Remote Martini connection
A QinQ termination sub-interface supports the following VPLS connections:
● Martini VPLS
● Kompella VPLS

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 350

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

8.9.3 Verifying the Configuration of a QinQ Termination Sub-

interface and Its Connection to an L2VPN

Procedure
● Run the display qinq information termination [ interface interface-type
interface-number [.subinterface-number ] ] command to check QinQ
termination sub-interface information.
● Run the display vll ccc [ ccc-name | type { local | remote } ] command to
check CCC connection information.
● Run the display mpls static-l2vc command to check static VC information.
● Run the display mpls l2vc command on the PE to check Martini VLL
information on the local PE.
● Run the display mpls l2vc remote-info command on the PE to check Martini
VLL information on the remote PE.
----End

8.10 Configuring a QinQ Termination Sub-interface

and Connecting It to an L3VPN

Pre-configuration Tasks
Before configuring a QinQ termination sub-interface and connecting it to an
L3VPN, complete the following tasks:
● Connect devices correctly.
● Configure VLANs to which CEs belong and basic Layer 2 forwarding so that
packets sent from CEs to PEs carry double VLAN tags.
● Ensure that the device is not a VCMP client.

Configuration Process

8.10.1 Configuring a QinQ Sub-interface

Context
When a VPN network connects to an ISP network through a sub-interface, the
sub-interface needs to terminate VLAN tags. When data packets sent by CEs to
PEs carry double VLAN tags, the sub-interface terminates double VLAN tags. This
sub-interface is called QinQ termination sub-interface.

Procedure
● Configure an IPv4 address for a sub-interface.
a. On the PE device, run system-view
The system view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 351

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

b. Run interface interface-type interface-number

The interface view is displayed.
c. Run port link-type { hybrid | trunk }
The port link-type is set.
d. Run quit
Return to the system view.
e. Run interface interface-type interface-number.subinterface-number
The view of the sub-interface connecting the PE to the CE is displayed.
f. Run ip address ip-address { mask | mask-length }
An IPV4 address is configured for the sub-interface.
g. Run qinq termination pe-vid pe-vid ce-vid ce-vid1 [ to ce-vid2 ]
QinQ termination is configured on the sub-interface.
After a VLANIF interface is configured, the corresponding VLAN cannot
be configured as an outer VLAN for the sub-interface for QinQ VLAN tag
termination.
h. Run arp broadcast enable
The sub-interface is enabled to forward ARP broadcast packets.
● Configure an IPv6 address for a sub-interface.
a. On the PE device, run system-view
The system view is displayed.
b. Run ipv6
IPv6 packet forwarding is enabled.
c. Run interface interface-type interface-number
The interface view is displayed.
d. Run port link-type { hybrid | trunk }
The port link-type is set.
e. Run quit
Return to the system view.
f. Run interface interface-type interface-number.subinterface-number
The view of the sub-interface connecting the PE to the CE is displayed.
g. Run ipv6 enable
The IPv6 function is enabled on the interface.
h. Run ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-
length }
An IPV6 address is configured for the sub-interface.
i. Run qinq termination pe-vid pe-vid ce-vid ce-vid1 [ to ce-vid2 ]
QinQ termination is configured on the sub-interface.
After a VLANIF interface is configured, the corresponding VLAN cannot
be configured as an outer VLAN for the sub-interface for QinQ VLAN tag
termination.
j. Run ipv6 nd ns multicast-enable
The sub-interface is enabled to send NS multicast packets.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 352

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

8.10.2 Configuring L3VPN

After a QinQ termination sub-interface is configured, you need to configure the
VPN service so that users at both ends of the L3VPN can communicate with each
other.
Configure L3VPN on the CE, PE, and P. For details, see BGP/MPLS IP VPN
Configuration or BGP/MPLS IPv6 VPN Configuration in the S1720, S2700, S5700,
and S6720 V200R011C10 Configuration Guide - VPN.

8.10.3 Verifying the Configuration of QinQ Termination Sub-

interface and Its Connection to an L3VPN
Procedure
● Run the display qinq information termination [ interface interface-type
interface-number [.subinterface-number ] ] command to check QinQ
termination sub-interface information.
● Run the display ip vpn-instance [ verbose ] [ vpn-instance-name ] command
to check VPN instance information.
----End

8.11 Configuration Examples for VLAN Termination

8.11.1 Example for Configuring Dot1q Termination Sub-

interfaces to Implement Inter-VLAN Communication
Networking Requirements
An enterprise's departments are located on different network segments and use
the same services such as Internet access and VoIP. To allow the departments in
different VLANs to use the same service, inter-VLAN communication must be
implemented.
In the networking example shown in Figure 8-7, both department 1 and
department 2 located in different VLANs and network segments need to use the
Internet access service, and users in department 1 and department 2 need to
communicate with each other.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 353

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Figure 8-7 Networking for configuring Dot1q termination sub-interfaces to

implement inter-VLAN communication
Switch

GE0/0/1.1 GE0/0/2.1
10.10.10.1/24 10.10.20.1/24

GE0/0/2 GE0/0/2
SwitchA SwitchB
GE0/0/1 GE0/0/1

Department 1 Department 2

PC1 PC2
10.10.10.2/24 10.10.20.2/24
VLAN 10 VLAN 20

Configuration Roadmap
The configuration roadmap is as follows.
1. Configure the ID of the VLAN to which each interface belongs.
2. Configure Dot1q termination sub-interfaces.
3. Assign IP addresses to the sub-interfaces.

NOTE

VLAN termination sub-interfaces cannot be created on a VCMP client.

Procedure
Step 1 Add the uplink interface of SwitchA to VLAN 10 in tagged mode and the user-side
interface to VLAN 10 in untagged mode, and add the uplink interface of SwitchB
to VLAN 20 in tagged mode and the user-side interface to VLAN 20 in untagged
mode. Configure VLANs on interfaces of SwitchA and SwitchB.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 10
[SwitchA] interface gigabitethernet0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type access
[SwitchA-GigabitEthernet0/0/1] port default vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 10
[SwitchA-GigabitEthernet0/0/2] quit
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 20
[SwitchB] interface gigabitethernet0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type access
[SwitchB-GigabitEthernet0/0/1] port default vlan 20
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet0/0/2

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 354

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

[SwitchB-GigabitEthernet0/0/2] port link-type trunk

[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 20
[SwitchB-GigabitEthernet0/0/2] quit

Step 2 Configure the interface on the Switch connected to SwitchA.

# Create and configure the Ethernet sub-interface GE0/0/1.1.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vcmp role silent
[Switch] interface gigabitethernet0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet0/0/1.1
[Switch-GigabitEthernet0/0/1.1] dot1q termination vid 10
[Switch-GigabitEthernet0/0/1.1] ip address 10.10.10.1 24
[Switch-GigabitEthernet0/0/1.1] arp broadcast enable
[Switch-GigabitEthernet0/0/1.1] quit

Step 3 Configure the interface on the Switch connected to SwitchB.

# Create and configure the Ethernet sub-interface GE0/0/2.1.
[Switch] interface gigabitethernet0/0/2
[Switch-GigabitEthernet0/0/2] port link-type hybrid
[Switch-GigabitEthernet0/0/2] quit
[Switch] interface gigabitethernet 0/0/2.1
[Switch-GigabitEthernet0/0/2.1] dot1q termination vid 20
[Switch-GigabitEthernet0/0/2.1] ip address 10.10.20.1 24
[Switch-GigabitEthernet0/0/2.1] arp broadcast enable
[Switch-GigabitEthernet0/0/2.1] quit

Step 4 Verify the configuration.

On PC1 in VLAN 10, set the default gateway address to 10.10.10.1/24, which is the
IP address of GE0/0/1.1.
On PC2 in VLAN 20, set the default gateway address to 10.10.20.1/24, which is the
IP address of GE0/0/2.1.
After the configuration is complete, PC1 in VLAN 10 and PC2 in VLAN 20 can
communicate with each other.

----End

Configuration Files
Switch configuration file
#
sysname Switch
#
vcmp role silent
#
interface GigabitEthernet0/0/1
port link-type hybrid
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 10
ip address 10.10.10.1 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/2
port link-type hybrid
#
interface GigabitEthernet0/0/2.1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 355

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

dot1q termination vid 20

ip address 10.10.20.1 255.255.255.0
arp broadcast enable
#
return

SwitchA configuration file

#
sysname SwitchA
#
vlan batch 10
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
return

SwitchB configuration file

#
sysname SwitchB
#
vlan batch 20
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
return

8.11.2 Example for Configuring Dot1q Termination Sub-

interfaces to Implement Inter-VLAN Communication Across
Different Networks
Networking Requirements
On the network shown in Figure 8-8, SwitchA and SwitchB are connected to Layer
2 networks that VLAN 10 and VLAN 20 belong to. SwitchA communicates with
SwitchB through a Layer 3 network where OSPF is running.
PCs of the two Layer 2 networks need to be isolated at Layer 2 and interwork at
Layer 3.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 356

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Figure 8-8 Networking for configuring Dot1q termination sub-interfaces to

implement inter-VLAN communication across a network

SwitchA SwitchB
GE0/0/2 GE0/0/1
OSPF

GE0/0/1.1 GE0/0/2.1

VLAN 10 VLAN 20

PC A PC B
10.10.10.2/24 10.10.20.2/24

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure VLANs that interfaces belong to.
2. Assign IP addresses to VLANIF interfaces.
3. Set the encapsulation mode of sub-interfaces.
4. Configure VLANs allowed by sub-interfaces.
5. Assign IP addresses to the sub-interfaces.
6. Configure basic OSPF functions.
NOTE

● The VLANs allowed by a sub-interface cannot be created in the system view.

● VLAN termination sub-interfaces cannot be created on a VCMP client.

Procedure
Step 1 Configure SwitchA.
# Create a VLAN.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 30

# Add an interface to the VLAN.

[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 30
[SwitchA-GigabitEthernet0/0/2] quit

# Assign an IP address to a VLANIF interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 357

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

[SwitchA] interface vlanif 30

[SwitchA-Vlanif30] ip address 10.10.30.1 24
[SwitchA-Vlanif30] quit

# Create and configure GE0/0/1.1.

[SwitchA] vcmp role silent
[SwitchA] interface gigabitethernet0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type hybrid
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/1.1
[SwitchA-GigabitEthernet0/0/1.1] dot1q termination vid 10
[SwitchA-GigabitEthernet0/0/1.1] ip address 10.10.10.1 24
[SwitchA-GigabitEthernet0/0/1.1] arp broadcast enable
[SwitchA-GigabitEthernet0/0/1.1] quit

# Configure basic OSPF functions.

[SwitchA] router id 1.1.1.1
[SwitchA] ospf
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 10.10.10.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] network 10.10.30.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] return

Step 2 Configure SwitchB.

# Create a VLAN.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 30

# Add an interface to the VLAN.

[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type trunk
[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 30
[SwitchB-GigabitEthernet0/0/1] quit

# Assign an IP address to a VLANIF interface.

[SwitchB] interface vlanif 30
[SwitchB-Vlanif30] ip address 10.10.30.2 24
[SwitchB-Vlanif30] quit

# Create and configure GE0/0/2.1.

[SwitchB] vcmp role silent
[SwitchB] interface gigabitethernet0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type hybrid
[SwitchB-GigabitEthernet0/0/2] quit
[SwitchB] interface gigabitethernet 0/0/2.1
[SwitchB-GigabitEthernet0/0/2.1] dot1q termination vid 20
[SwitchB-GigabitEthernet0/0/2.1] ip address 10.10.20.1 24
[SwitchB-GigabitEthernet0/0/2.1] arp broadcast enable
[SwitchB-GigabitEthernet0/0/2.1] quit

# Configure basic OSPF functions.

[SwitchB] router id 2.2.2.2
[SwitchB] ospf
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 10.10.20.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] network 10.10.30.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] return

Step 3 Verify the configuration.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 358

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

On the PCs residing on the Layer 2 network connected to SwitchA, set the default
gateway address to 10.10.10.1/24, which is the IP address of GE0/0/1.1. The switch
connected to SwitchA allows VLAN 10.

On the PCs residing on the Layer 2 network connected to SwitchB, set the default
gateway address to 10.10.20.1/24, which is the IP address of GE0/0/2.1. The switch
connected to SwitchA allows VLAN 20.

After the configuration is complete, PCs on the two Layer 2 networks are isolated
at Layer 2 and interwork at Layer 3.

----End

Configuration Files
SwitchA configuration file
#
sysname SwitchA
#
router id 1.1.1.1
#
vcmp role silent
#
vlan batch 30
#
interface Vlanif30
ip address 10.10.30.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type hybrid
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 10
ip address 10.10.10.1 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
ospf 1
area 0.0.0.0
network 10.10.10.0 0.0.0.255
network 10.10.30.0 0.0.0.255
#
return

SwitchB configuration file

#
sysname SwitchB
#
router id 2.2.2.2
#
vcmp role silent
#
vlan batch 30
#
interface Vlanif30
ip address 10.10.30.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 359

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

interface GigabitEthernet0/0/2
port link-type hybrid
#
interface GigabitEthernet0/0/2.1
dot1q termination vid 20
ip address 10.10.20.1 255.255.255.0
arp broadcast enable
#
ospf 1
area 0.0.0.0
network 10.10.20.0 0.0.0.255
network 10.10.30.0 0.0.0.255
#
return

8.11.3 Example for Connecting Dot1q Sub-interfaces to a VLL

Network

Networking Requirements
On the network shown in Figure 8-9, CE1 and CE2 are respectively connected to
PE1 and PE2 through VLANs.

A Martini VLL is created between CE1 and CE2 so that users residing on the
networks connected to CE1 and CE2 can communicate with each other.

Figure 8-9 Networking diagram for connecting Dot1q sub-interfaces to a VLL

network
Loopback1 Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32 3.3.3.3/32

GE0/0/2 GE0/0/1
PE1 PE2
GE0/0/2 GE0/0/1
GE0/0/1 P GE0/0/2

GE0/0/1 Martini GE0/0/1

CE1 CE2

Switch Interface VLANIF Interface IP Address

PE1 GigabitEthernet0/0 GigabitEthernet0/0 -

/1 /1.1

- GigabitEthernet0/0 VLANIF 20 10.1.1.1/24

/2

- Loopback1 - 1.1.1.1/32

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 360

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Switch Interface VLANIF Interface IP Address

PE2 GigabitEthernet0/0 VLANIF 30 10.2.2.1/24

/1

- GigabitEthernet0/0 GigabitEthernet0/0 -
/2 /2.1

- Loopback1 - 3.3.3.3/32

P GigabitEthernet0/0 VLANIF 30 10.2.2.2/24

/1

- GigabitEthernet0/0 VLANIF 20 10.1.1.2/24

/2

- Loopback1 - 2.2.2.2/32

CE1 GigabitEthernet0/0 VLANIF 10 10.10.10.1/24

/1

CE2 GigabitEthernet0/0 VLANIF 10 10.10.10.2/24

/1

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a routing protocol on PE and P of the backbone network to
implement interworking, and enable MPLS.
2. Use the default tunnel policy to create an LSP and configure the LSP to
transmit data.
3. Enable MPLS L2VPN and create VC connections on PEs.
4. Configure Dot1q sub-interfaces on PE interfaces connected to CEs to
implement VLL access.

NOTE

VLAN termination sub-interfaces cannot be created on a VCMP client.

Procedure
Step 1 Configure the VLANs to which interfaces of CEs, PEs, and P belong and assign IP
addresses to VLANIF interfaces according to Figure 8-9.
# Configure CE1 to ensure that each packet that CE1 sends to PE1 carries one
VLAN tag.
<HUAWEI> system-view
[HUAWEI] sysname CE1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 361

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

[CE1] vlan batch 10

[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.10.10.1 24
[CE1-Vlanif10] quit

# Configure CE2 to ensure that each packet that CE2 sends to PE2 carries one
VLAN tag.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 10
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port link-type trunk
[CE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE2-GigabitEthernet0/0/1] quit
[CE2] interface vlanif 10
[CE2-Vlanif10] ip address 10.10.10.2 24
[CE2-Vlanif10] quit

# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan batch 20
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] port link-type hybrid
[PE1-GigabitEthernet0/0/2] port hybrid pvid vlan 20
[PE1-GigabitEthernet0/0/2] port hybrid tagged vlan 20
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip address 10.1.1.1 24
[PE1-Vlanif20] quit

# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] vlan batch 20 30
[P] interface gigabitethernet 0/0/1
[P-GigabitEthernet0/0/1] port link-type hybrid
[P-GigabitEthernet0/0/1] port hybrid pvid vlan 30
[P-GigabitEthernet0/0/1] port hybrid tagged vlan 30
[P-GigabitEthernet0/0/1] quit
[P] interface gigabitethernet 0/0/2
[P-GigabitEthernet0/0/2] port link-type hybrid
[P-GigabitEthernet0/0/2] port hybrid pvid vlan 20
[P-GigabitEthernet0/0/2] port hybrid tagged vlan 20
[P-GigabitEthernet0/0/2] quit
[P] interface vlanif 20
[P-Vlanif20] ip address 10.1.1.2 24
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] ip address 10.2.2.2 24
[P-Vlanif30] quit

# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] vlan batch 30
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] port link-type hybrid
[PE2-GigabitEthernet0/0/1] port hybrid pvid vlan 30
[PE2-GigabitEthernet0/0/1] port hybrid tagged vlan 30
[PE2-GigabitEthernet0/0/1] quit
[PE2] interface vlanif 30

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 362

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

[PE2-Vlanif30] ip address 10.2.2.1 24

[PE2-Vlanif30] quit

Step 2 Configure an IGP, for example, OSPF, on the MPLS backbone network.
Configure PE1, P, and PE2 to advertise 32-bit loopback interface addresses as the
LSR IDs.
# Configure PE1.
[PE1] router id 1.1.1.1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit

# Configure P.
[P] router id 2.2.2.2
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.2 32
[P-LoopBack1] quit
[P] ospf 1
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit

# Configure PE2.
[PE2] router id 3.3.3.3
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.3 32
[PE2-LoopBack1] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 10.2.2.1 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit

# After the configuration is complete, PE1, P, and PE2 can establish OSPF neighbor
relationships. Run the display ospf peer command to verify that the OSPF
neighbor relationship status is Full. Run the display ip routing-table command to
verify that the PEs learn the route to the Loopback1 interface of each other. The
following is the display on PE1:
[PE1] display ospf peer

OSPF Process 1 with Router ID 1.1.1.1

Neighbors

Area 0.0.0.0 interface 10.1.1.1(Vlanif20)'s neighbors

Router ID: 2.2.2.2 Address: 10.1.1.2
State: Full Mode:Nbr is Master Priority: 1
DR: 10.1.1.2 BDR: 10.1.1.1 MTU: 0
Dead timer due in 34 sec
Retrans timer interval: 5
Neighbor is up for 00:01:16
Authentication Sequence: [ 0 ]
[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 363

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8

Destination/Mask Proto Pre Cost Flags NextHop Interface

1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack1

2.2.2.2/32 OSPF 10 1 D 10.1.1.2 Vlanif20
3.3.3.3/32 OSPF 10 2 D 10.1.1.2 Vlanif20
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif20
10.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif20
10.2.2.0/24 OSPF 10 2 D 10.1.1.2 Vlanif20
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Step 3 Configure basic MPLS functions and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit

# Configure P.
[P] mpls lsr-id 2.2.2.2
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls ldp
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls
[PE2-Vlanif30] mpls ldp
[PE2-Vlanif30] quit

Step 4 Create remote LDP sessions between PEs.

# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] quit

# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 364

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

After the configuration is complete, run the display mpls ldp session command
on PE1 to view the LDP session setup. An LDP session is set up between PE1 and
PE2 as shown in the following display:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:15:29 3717/3717
3.3.3.3:0 Operational DU Passive 0000:00:00 2/2
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.

Step 5 Enable MPLS L2VPN on PEs and establish VC connections.

# On PE1, create a VC connection on GigabitEthernet0/0/1.1 connected to CE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1] vcmp role silent
[PE1] interface gigabitethernet0/0/1
[PE1-GigabitEthernet0/0/1] port link-type hybrid
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface gigabitethernet0/0/1.1
[PE1-GigabitEthernet0/0/1.1] dot1q termination vid 10
[PE1-GigabitEthernet0/0/1.1] mpls l2vc 3.3.3.3 101
[PE1-GigabitEthernet0/0/1.1] quit

# On PE2, create a VC connection on GigabitEthernet0/0/2.1 connected to CE2.

[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2] vcmp role silent
[PE2] interface gigabitethernet0/0/2
[PE2-GigabitEthernet0/0/2] port link-type hybrid
[PE2-GigabitEthernet0/0/2] quit
[PE2] interface gigabitethernet0/0/2.1
[PE2-GigabitEthernet0/0/2.1] dot1q termination vid 10
[PE2-GigabitEthernet0/0/2.1] mpls l2vc 1.1.1.1 101
[PE2-GigabitEthernet0/0/2.1] quit

Step 6 Verify the configuration.

Check L2VPN connections on PEs. You can see that an L2VC connection has been
set up and is in Up state.
The following is the display on PE1:
[PE1] display mpls l2vc interface gigabitethernet0/0/1.1
*client interface : GigabitEthernet0/0/1.1 is up
Administrator PW : no
session state : up
AC status : up
Ignore AC state : disable
VC state : up
Label state :0
Token state :0
VC ID : 101
VC type : VLAN
destination : 3.3.3.3
local group ID :0 remote group ID :0
local VC label : 23552 remote VC label : 23552
local AC OAM State : up
local PSN OAM State : up
local forwarding state : forwarding
local status code : 0x0

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 365

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

remote AC OAM state : up

remote PSN OAM state : up
remote forwarding state: forwarding
remote status code : 0x0
ignore standby state : no
BFD for PW : unavailable
VCCV State : up
manual fault : not set
active state : active
forwarding entry : exist
link state : up
local VC MTU : 1500 remote VC MTU : 1500
local VCCV : alert ttl lsp-ping bfd
remote VCCV : alert ttl lsp-ping bfd
local control word : disable remote control word : disable
tunnel policy name : --
PW template name : --
primary or secondary : primary
load balance type : flow
Access-port : false
Switchover Flag : false
VC tunnel/token info : 1 tunnels/tokens
NO.0 TNL type : lsp , TNL ID : 0x10031
Backup TNL type : lsp , TNL ID : 0x0
create time : 1 days, 22 hours, 15 minutes, 9 seconds
up time : 0 days, 22 hours, 54 minutes, 57 seconds
last change time : 0 days, 22 hours, 54 minutes, 57 seconds
VC last up time : 2010/10/09 19:26:37
VC total up time : 1 days, 20 hours, 42 minutes, 30 seconds
CKey :8
NKey :3
PW redundancy mode : --
AdminPw interface : --
AdminPw link state : --
Diffserv Mode : uniform
Service Class : --
Color : --
DomainId : --
Domain Name : --

CE1 and CE2 can ping each other.

The following is the display on CE1:

[CE1] ping 10.10.10.2
PING 10.10.10.2: 56 data bytes, press CTRL_C to break
Reply from 10.10.10.2: bytes=56 Sequence=1 ttl=255 time=31 ms
Reply from 10.10.10.2: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 10.10.10.2: bytes=56 Sequence=3 ttl=255 time=5 ms
Reply from 10.10.10.2: bytes=56 Sequence=4 ttl=255 time=2 ms
Reply from 10.10.10.2: bytes=56 Sequence=5 ttl=255 time=28 ms

--- 10.10.10.2 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/15/31 ms

----End

Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 366

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

interface Vlanif10
ip address 10.10.10.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
● PE1 configuration file
#
sysname PE1
#
router id 1.1.1.1
#
vcmp role silent
#
vlan batch 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 10
mpls l2vc 3.3.3.3 101
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
● P configuration file
#
sysname P
#
router id 2.2.2.2
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Vlanif20

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 367

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

ip address 10.1.1.2 255.255.255.0

mpls
mpls ldp
#
interface Vlanif30
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
#
return
● PE2 configuration file
#
sysname PE2
#
router id 3.3.3.3
#
vcmp role silent
#
vlan batch 30
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
#
interface Vlanif30
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
port link-type hybrid
#
interface GigabitEthernet0/0/2.1
dot1q termination vid 10
mpls l2vc 1.1.1.1 101
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 368

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.2.2.0 0.0.0.255
#
return

● CE2 configuration file

#
sysname CE2
#
vlan batch 10
#
interface Vlanif10
ip address 10.10.10.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return

8.11.4 Example for Connecting QinQ Termination Sub-

interfaces to a VLL Network
Networking Requirements
On the network shown in Figure 8-10, CE1 and CE2 are respectively connected to
PE1 and PE2 through VLANs.
A Martini VLL is set up between CE1 and CE2.
Switch1 is connected to CE1 and PE1.
Switch2 is connected to CE2 and PE2.
Selective QinQ needs to be configured on the interfaces connected to CEs so that
the Switch adds the VLAN tags specified by the carrier to the packets sent from
CEs.
When the Switch is connected to multiple CEs, the Switch can add the same VLAN
tag to the packets from different CEs, thereby saving VLAN IDs on the public
network.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 369

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Figure 8-10 Networking diagram for connecting QinQ termination sub-interfaces

to a VLL network
Loopback1 Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32 3.3.3.3/32

GE0/0/2 GE0/0/1
PE1 PE2
GE0/0/2 GE0/0/1
GE0/0/1 P GE0/0/2

GE0/0/2 GE0/0/2
Switch1 Switch2
GE0/0/1 GE0/0/1

GE0/0/1 GE0/0/1

CE1 CE2

Switch Interface VLANIF Interface IP Address

PE1 GigabitEthernet0/0 GigabitEthernet0/0 -

/1 /1.1

- GigabitEthernet0/0 VLANIF 20 10.1.1.1/24

/2

- Loopback1 - 1.1.1.1/32

PE2 GigabitEthernet0/0 VLANIF 30 10.2.2.1/24

/1

- GigabitEthernet0/0 GigabitEthernet0/0 -
/2 /2.1

- Loopback1 - 3.3.3.3/32

P GigabitEthernet0/0 VLANIF 30 10.2.2.2/24

/1

- GigabitEthernet0/0 VLANIF 20 10.1.1.2/24

/2

- Loopback1 - 2.2.2.2/32

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 370

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Switch Interface VLANIF Interface IP Address

CE1 GigabitEthernet0/0 VLANIF 10 10.10.10.1/24

/1

CE2 GigabitEthernet0/0 VLANIF 10 10.10.10.2/24

/1

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a routing protocol on PE and P of the backbone network to
implement interworking, and enable MPLS.
2. Use the default tunnel policy to create an LSP and configure the LSP to
transmit data.
3. Enable MPLS L2VPN and create VC connections on PEs.
4. Configure QinQ sub-interfaces on PE interfaces connected to the switches to
implement VLL access.
5. Configure selective QinQ on the switch interfaces connected to CEs.

NOTE

VLAN termination sub-interfaces cannot be created on a VCMP client.

Procedure
Step 1 Configure the VLANs to which interfaces of CEs, PEs, and P belong and assign IP
addresses to VLANIF interfaces according to Figure 8-10.
# Configure CE1 to ensure that each packet sent from CE1 to Switch1 carries one
VLAN tag.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 10
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.10.10.1 24
[CE1-Vlanif10] quit

# Configure CE2 to ensure that each packet sent from CE2 to Switch2 carries one
VLAN tag.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 10
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port link-type trunk
[CE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE2-GigabitEthernet0/0/1] quit
[CE2] interface vlanif 10
[CE2-Vlanif10] ip address 10.10.10.2 24
[CE2-Vlanif10] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 371

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan batch 20
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] port link-type hybrid
[PE1-GigabitEthernet0/0/2] port hybrid pvid vlan 20
[PE1-GigabitEthernet0/0/2] port hybrid tagged vlan 20
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip address 10.1.1.1 24
[PE1-Vlanif20] quit

# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] vlan batch 20 30
[P] interface gigabitethernet 0/0/1
[P-GigabitEthernet0/0/1] port link-type hybrid
[P-GigabitEthernet0/0/1] port hybrid pvid vlan 30
[P-GigabitEthernet0/0/1] port hybrid tagged vlan 30
[P-GigabitEthernet0/0/1] quit
[P] interface gigabitethernet 0/0/2
[P-GigabitEthernet0/0/2] port link-type hybrid
[P-GigabitEthernet0/0/2] port hybrid pvid vlan 20
[P-GigabitEthernet0/0/2] port hybrid tagged vlan 20
[P-GigabitEthernet0/0/2] quit
[P] interface vlanif 20
[P-Vlanif20] ip address 10.1.1.2 24
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] ip address 10.2.2.2 24
[P-Vlanif30] quit

# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] vlan batch 30
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] port link-type hybrid
[PE2-GigabitEthernet0/0/1] port hybrid pvid vlan 30
[PE2-GigabitEthernet0/0/1] port hybrid tagged vlan 30
[PE2-GigabitEthernet0/0/1] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] ip address 10.2.2.1 24
[PE2-Vlanif30] quit

Step 2 Configure selective QinQ on interfaces of the Switch and specify the VLANs
allowed by the interfaces.

# Configure Switch1.
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan 100
[Switch1-vlan100] quit
[Switch1] interface gigabitethernet0/0/2
[Switch1-GigabitEthernet0/0/2] port link-type hybrid
[Switch1-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[Switch1-GigabitEthernet0/0/2] quit
[Switch1] interface gigabitethernet0/0/1
[Switch1-GigabitEthernet0/0/1] port link-type hybrid
[Switch1-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch1-GigabitEthernet0/0/1] qinq vlan-translation enable
[Switch1-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 100
[Switch1-GigabitEthernet0/0/1] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 372

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

# Configure Switch2.
<HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2] vlan 100
[Switch2-vlan100] quit
[Switch2] interface gigabitethernet0/0/2
[Switch2-GigabitEthernet0/0/2] port link-type hybrid
[Switch2-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[Switch2-GigabitEthernet0/0/2] quit
[Switch2] interface gigabitethernet0/0/1
[Switch2-GigabitEthernet0/0/1] port link-type hybrid
[Switch2-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch2-GigabitEthernet0/0/1] qinq vlan-translation enable
[Switch2-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 100
[Switch2-GigabitEthernet0/0/1] quit

Step 3 Configure an IGP, for example, OSPF, on the MPLS backbone network.

Configure PE1, P, and PE2 to advertise 32-bit loopback interface addresses as the
LSR IDs.

# Configure PE1.
[PE1] router id 1.1.1.1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit

# Configure P.
[P] router id 2.2.2.2
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.2 32
[P-LoopBack1] quit
[P] ospf 1
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit

# Configure PE2.
[PE2] router id 3.3.3.3
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.3 32
[PE2-LoopBack1] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 10.2.2.1 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit

# After the configuration is complete, PE1, P, and PE2 can establish OSPF neighbor
relationships. Run the display ospf peer command to verify that the OSPF
neighbor relationship status is Full. Run the display ip routing-table command to
verify that the PEs learn the route to the Loopback1 interface of each other. The
following is the display on PE1:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 373

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

[PE1] display ospf peer

OSPF Process 1 with Router ID 1.1.1.1

Neighbors

Area 0.0.0.0 interface 10.1.1.1(Vlanif20)'s neighbors

Router ID: 2.2.2.2 Address: 10.1.1.2
State: Full Mode:Nbr is Master Priority: 1
DR: 10.1.1.2 BDR: 10.1.1.1 MTU: 0
Dead timer due in 34 sec
Retrans timer interval: 5
Neighbor is up for 00:01:16
Authentication Sequence: [ 0 ]
[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8

Destination/Mask Proto Pre Cost Flags NextHop Interface

1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack1

2.2.2.2/32 OSPF 10 1 D 10.1.1.2 Vlanif20
3.3.3.3/32 OSPF 10 2 D 10.1.1.2 Vlanif20
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif20
10.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif20
10.2.2.0/24 OSPF 10 2 D 10.1.1.2 Vlanif20
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Step 4 Enable basic MPLS functions and MPLS LDP on the MPLS backbone network.

# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit

# Configure P.
[P] mpls lsr-id 2.2.2.2
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls ldp
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 374

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

[PE2-Vlanif30] mpls ldp

[PE2-Vlanif30] quit

Step 5 Set up a remote LDP session between PEs.

# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] quit

# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] quit

After the configuration is complete, run the display mpls ldp session command
on PE1 to view the LDP session setup. You can see an LDP session has been set up
between PE1 and PE2.
The following is the display on PE1:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:15:29 3717/3717
3.3.3.3:0 Operational DU Passive 0000:00:00 2/2
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.

Step 6 Enable MPLS L2VPN on PEs and set up VC connections.

# On PE1, create a VC connection on GigabitEthernet0/0/1.1 connected to
Switch1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1] vcmp role silent
[PE1] interface gigabitethernet0/0/1
[PE1-GigabitEthernet0/0/1] port link-type hybrid
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface gigabitethernet0/0/1.1
[PE1-GigabitEthernet0/0/1.1] qinq termination pe-vid 100 ce-vid 10
[PE1-GigabitEthernet0/0/1.1] mpls l2vc 3.3.3.3 101
[PE1-GigabitEthernet0/0/1.1] quit

# On PE2, create a VC connection on GigabitEthernet0/0/2.1 connected to

Switch2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2] vcmp role silent
[PE2] interface gigabitethernet0/0/2
[PE2-GigabitEthernet0/0/2] port link-type hybrid
[PE2-GigabitEthernet0/0/2] quit
[PE2] interface gigabitethernet0/0/2.1
[PE2-GigabitEthernet0/0/2.1] qinq termination pe-vid 100 ce-vid 10
[PE2-GigabitEthernet0/0/2.1] mpls l2vc 1.1.1.1 101
[PE2-GigabitEthernet0/0/2.1] quit

Step 7 Verify the configuration.

Check the L2VPN connections on PEs. You can see that an L2VC connection has
been set up and is in Up state.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 375

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

The following is the display on PE1:

[PE1] display mpls l2vc interface gigabitethernet0/0/1.1
*client interface : GigabitEthernet0/0/1.1 is up
Administrator PW : no
session state : up
AC status : up
Ignore AC state : disable
VC state : up
Label state :0
Token state :0
VC ID : 101
VC type : VLAN
destination : 3.3.3.3
local group ID :0 remote group ID :0
local VC label : 23552 remote VC label : 23552
local AC OAM State : up
local PSN OAM State : up
local forwarding state : forwarding
local status code : 0x0
remote AC OAM state : up
remote PSN OAM state : up
remote forwarding state: forwarding
remote status code : 0x0
ignore standby state : no
BFD for PW : unavailable
VCCV State : up
manual fault : not set
active state : active
forwarding entry : exist
link state : up
local VC MTU : 1500 remote VC MTU : 1500
local VCCV : alert ttl lsp-ping bfd
remote VCCV : alert ttl lsp-ping bfd
local control word : disable remote control word : disable
tunnel policy name : --
PW template name : --
primary or secondary : primary
load balance type : flow
Access-port : false
Switchover Flag : false
VC tunnel/token info : 1 tunnels/tokens
NO.0 TNL type : lsp , TNL ID : 0x10031
Backup TNL type : lsp , TNL ID : 0x0
create time : 1 days, 22 hours, 15 minutes, 9 seconds
up time : 0 days, 22 hours, 54 minutes, 57 seconds
last change time : 0 days, 22 hours, 54 minutes, 57 seconds
VC last up time : 2010/10/09 19:26:37
VC total up time : 1 days, 20 hours, 42 minutes, 30 seconds
CKey :8
NKey :3
PW redundancy mode : --
AdminPw interface : --
AdminPw link state : --
Diffserv Mode : uniform
Service Class : --
Color : --
DomainId : --
Domain Name : --

CE1 and CE2 can ping each other.

The following is the display on CE1:
[CE1] ping 10.10.10.2
PING 10.10.10.2: 56 data bytes, press CTRL_C to break
Reply from 10.10.10.2: bytes=56 Sequence=1 ttl=255 time=31 ms
Reply from 10.10.10.2: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 10.10.10.2: bytes=56 Sequence=3 ttl=255 time=5 ms
Reply from 10.10.10.2: bytes=56 Sequence=4 ttl=255 time=2 ms

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 376

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Reply from 10.10.10.2: bytes=56 Sequence=5 ttl=255 time=28 ms

--- 10.10.10.2 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/15/31 ms

----End

Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.10.10.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return

● Switch1 configuration file

#
sysname Switch1
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid untagged vlan 100
port vlan-stacking vlan 10 stack-vlan 100
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 100
#
return

● PE1 configuration file

#
sysname PE1
#
router id 1.1.1.1
#
vcmp role silent
#
vlan batch 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 377

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
#
interface GigabitEthernet0/0/1.1
qinq termination pe-vid 100 ce-vid 10
mpls l2vc 3.3.3.3 101
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return

● P configuration file
#
sysname P
#
router id 2.2.2.2
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
#
return

● PE2 configuration file

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 378

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

#
sysname PE2
#
router id 3.3.3.3
#
vcmp role silent
#
vlan batch 30
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
#
interface Vlanif30
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
port link-type hybrid
#
interface GigabitEthernet0/0/2.1
qinq termination pe-vid 100 ce-vid 10
mpls l2vc 1.1.1.1 101
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.2.2.0 0.0.0.255
#
return
● Switch2 configuration file
#
sysname Switch2
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid untagged vlan 100
port vlan-stacking vlan 10 stack-vlan 100
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 100
#
return
● CE2 configuration file
#
sysname CE2
#
vlan batch 10
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 379

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

interface Vlanif10
ip address 10.10.10.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return

8.11.5 Example for Connecting Dot1q Termination Sub-

interfaces to a VPLS Network

Networking Requirements
On the network shown in Figure 8-11, VPLS is enabled on PE1 and PE2. CE1 is
connected to PE1 and CE2 is connected to PE2. CE1 and CE2 are on the same VPLS
network. PWs are established by using LDP as the VPLS signaling protocol, and
VPLS is configured to connect CE1 and CE2.

Figure 8-11 Networking diagram for connecting Dot1q termination sub-interfaces

to a VPLS network
Loopback1 Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32 3.3.3.3/32

GE0/0/1 GE0/0/2
PE1 PE2
GE0/0/2 GE0/0/1
GE0/0/1 P GE0/0/2

GE0/0/1 GE0/0/1

CE1 CE2

Switch Interface VLANIF Interface IP Address

PE1 GigabitEthernet0/0 GigabitEthernet0/0 -

/1 /1.1

- GigabitEthernet0/0 VLANIF 20 4.4.4.4/24

/2

- Loopback1 - 1.1.1.1/32

PE2 GigabitEthernet0/0 VLANIF 30 5.5.5.5/24

/1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 380

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Switch Interface VLANIF Interface IP Address

- GigabitEthernet0/0 GigabitEthernet0/0 -
/2 /2.1

- Loopback1 - 3.3.3.3/32

P GigabitEthernet0/0 VLANIF 20 4.4.4.5/24

/1

- GigabitEthernet0/0 VLANIF 30 5.5.5.4/24

/2

- Loopback1 - 2.2.2.2/32

CE1 GigabitEthernet0/0 VLANIF 10 10.1.1.1/24

/1

CE2 GigabitEthernet0/0 VLANIF 10 10.1.1.2/24

/1

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a routing protocol on the backbone network to implement
interworking between devices.
2. Configure Dot1q sub-interfaces on PE interfaces connected to CEs so that the
Dot1q sub-interfaces can connect to the VPLS network.
3. Set up a remote LDP session between PEs.
4. Establish tunnels between PEs to transmit service data.
5. Enable MPLS L2VPN on the PEs.
6. Create a VSI on PEs and specify the signaling protocol as LDP.
NOTE

VLAN termination sub-interfaces cannot be created on a VCMP client.

Procedure
Step 1 Configure a VLAN to which each interface belongs and assign IP addresses to
VLANIF interfaces according to Figure 8-11.
NOTE

● The AC-side and PW-side physical interfaces of a PE cannot be added to the same
VLAN; otherwise, a loop may occur.
● Ensure that each packet sent from a CE to a PE carries a VLAN tag.

# Configure CE1.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 381

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 10
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 24
[CE1-Vlanif10] quit

# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 10
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port link-type trunk
[CE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE2-GigabitEthernet0/0/1] quit
[CE2] interface vlanif 10
[CE2-Vlanif10] ip address 10.1.1.2 24
[CE2-Vlanif10] quit

# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan batch 20
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] port link-type hybrid
[PE1-GigabitEthernet0/0/2] port hybrid pvid vlan 20
[PE1-GigabitEthernet0/0/2] port hybrid tagged vlan 20
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip address 4.4.4.4 24
[PE1-Vlanif20] quit

# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] vlan batch 20 30
[P] interface gigabitethernet 0/0/1
[P-GigabitEthernet0/0/1] port link-type hybrid
[P-GigabitEthernet0/0/1] port hybrid pvid vlan 20
[P-GigabitEthernet0/0/1] port hybrid tagged vlan 20
[P-GigabitEthernet0/0/1] quit
[P] interface gigabitethernet 0/0/2
[P-GigabitEthernet0/0/2] port link-type hybrid
[P-GigabitEthernet0/0/2] port hybrid pvid vlan 30
[P-GigabitEthernet0/0/2] port hybrid tagged vlan 30
[P-GigabitEthernet0/0/2] quit
[P] interface vlanif 20
[P-Vlanif20] ip address 4.4.4.5 24
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] ip address 5.5.5.4 24
[P-Vlanif30] quit

# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] vlan batch 30
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] port link-type hybrid
[PE2-GigabitEthernet0/0/1] port hybrid pvid vlan 30
[PE2-GigabitEthernet0/0/1] port hybrid tagged vlan 30
[PE2-GigabitEthernet0/0/1] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 382

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

[PE2] interface vlanif 30

[PE2-Vlanif30] ip address 5.5.5.5 24
[PE2-Vlanif30] quit

Step 2 Configure an IGP, for example, OSPF.

Configure PE1, P, and PE2 to advertise 32-bit loopback interface addresses as the
LSR IDs.
# Configure PE1.
[PE1] router id 1.1.1.1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit

# Configure P.
[P] router id 2.2.2.2
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.2 32
[P-LoopBack1] quit
[P] ospf 1
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 4.4.4.5 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 5.5.5.4 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit

# Configure PE2.
[PE2] router id 3.3.3.3
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.3 32
[PE2-LoopBack1] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit

After the configuration is complete, run the display ip routing-table command

on PE1, P, and PE2. You can view the routes that PE1, P, and PE2 have learned
from each other. The following is the display on PE1:
[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8

Destination/Mask Proto Pre Cost Flags NextHop Interface

1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack1

2.2.2.2/32 OSPF 10 1 D 4.4.4.5 Vlanif20
3.3.3.3/32 OSPF 10 2 D 4.4.4.5 Vlanif20
4.4.4.0/24 Direct 0 0 D 4.4.4.4 Vlanif20
4.4.4.4/32 Direct 0 0 D 127.0.0.1 Vlanif20
5.5.5.0/24 OSPF 10 2 D 4.4.4.5 Vlanif20
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 383

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Step 3 Configure basic MPLS functions and MPLS LDP.

# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit

# Configure P.
[P] mpls lsr-id 2.2.2.2
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls ldp
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls
[PE2-Vlanif30] mpls ldp
[PE2-Vlanif30] quit

After the configuration is complete, run the display mpls ldp session command
on PE1, P, and PE2. You can see that the peer relationships are set up between PE1
and P, and between P and PE2. The status of the peer relationship is Operational.
Run the display mpls ldp command to view the MPLS LDP configuration. The
following is the display on PE1:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:15:29 3717/3717
------------------------------------------------------------------------------
TOTAL: 1 session(s) Found.

Step 4 Set up a remote LDP session between PEs.

# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] quit

# Configure PE2.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 384

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

[PE2] mpls ldp remote-peer 1.1.1.1

[PE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] quit

After the configuration is complete, run the display mpls ldp session command
on PE1 or PE2. You can see that the status of the peer relationship between PE1
and PE2 is Operational. That is, the peer relationship is set up. The following is
the display on PE1:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:15:29 3717/3717
3.3.3.3:0 Operational DU Passive 0000:00:00 2/2
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.

Step 5 Enable MPLS L2VPN on the PEs.

# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit

# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit

Step 6 Configure a VSI on the PEs.

# Configure PE1.
[PE1] vsi a2 static
[PE1-vsi-a2] pwsignal ldp
[PE1-vsi-a2-ldp] vsi-id 2
[PE1-vsi-a2-ldp] peer 3.3.3.3
[PE1-vsi-a2-ldp] quit
[PE1-vsi-a2] quit

# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2] pwsignal ldp
[PE2-vsi-a2-ldp] vsi-id 2
[PE2-vsi-a2-ldp] peer 1.1.1.1
[PE2-vsi-a2-ldp] quit
[PE2-vsi-a2] quit

Step 7 Bind interfaces to VSIs on the PEs.

# Configure PE1.
[PE1] vcmp role silent
[PE1] interface gigabitethernet0/0/1
[PE1-GigabitEthernet0/0/1] port link-type hybrid
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface gigabitethernet0/0/1.1
[PE1-GigabitEthernet0/0/1.1] dot1q termination vid 10
[PE1-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE1-GigabitEthernet0/0/1.1] quit

# Configure PE2.
[PE2] vcmp role silent
[PE2] interface gigabitethernet0/0/2

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 385

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

[PE2-GigabitEthernet0/0/2] port link-type hybrid

[PE2-GigabitEthernet0/0/2] quit
[PE2] interface gigabitethernet0/0/2.1
[PE2-GigabitEthernet0/0/2.1] dot1q termination vid 10
[PE2-GigabitEthernet0/0/2.1] l2 binding vsi a2
[PE2-GigabitEthernet0/0/2.1] quit

Step 8 Verify the configuration.

After the configuration is complete, run the display vsi name a2 verbose
command on PE1. You can see that the VSI a2 sets up a PW to PE2 and the VSI
status is Up.
[PE1] display vsi name a2 verbose

***VSI Name : a2
Administrator VSI : no
Isolate Spoken : disable
VSI Index :0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
P2P VSI : disable
Create Time : 0 days, 0 hours, 5 minutes, 1 seconds
VSI State : up

VSI ID :2
*Peer Router ID : 3.3.3.3
Negotiation-vc-id :2
primary or secondary : primary
ignore-standby-state : no
VC Label : 23552
Peer Type : dynamic
Session : up
Tunnel ID : 0x22
Broadcast Tunnel ID : 0x22
Broad BackupTunnel ID : 0x0
CKey :2
NKey :1
Stp Enable :0
PwIndex :0
Control Word : disable

Interface Name : gigabitethernet0/0/1.1

State : up
Access Port : false
Last Up Time : 2010/12/30 11:31:18
Total Up Time : 0 days, 0 hours, 1 minutes, 35 seconds

**PW Information:

*Peer Ip Address : 3.3.3.3

PW State : up
Local VC Label : 23552
Remote VC Label : 23552
Remote Control Word : disable
PW Type : label
Local VCCV : alert lsp-ping bfd
Remote VCCV : alert lsp-ping bfd
Tunnel ID : 0x22
Broadcast Tunnel ID : 0x22
Broad BackupTunnel ID : 0x0

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 386

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Ckey : 0x2
Nkey : 0x1
Main PW Token : 0x22
Slave PW Token : 0x0
Tnl Type : LSP
OutInterface : Vlanif20
Backup OutInterface :
Stp Enable :0
PW Last Up Time : 2010/12/30 11:32:03
PW Total Up Time : 0 days, 0 hours, 0 minutes, 50 seconds

CE1 (10.1.1.1) can ping CE2 (10.1.1.2) successfully.

[CE1] ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 ms
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77 ms
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34 ms
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46 ms
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94 ms

--- 10.1.1.2 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 34/68/94 ms

----End

Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return

● CE2 configuration file

#
sysname CE2
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return

● PE1 configuration file

#
sysname PE1
#
router id 1.1.1.1
#
vcmp role silent

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 387

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

#
vlan batch 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.3
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
#
interface Vlanif20
ip address 4.4.4.4 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 10
l2 binding vsi a2
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 4.4.4.0 0.0.0.255
#
return
● P configuration file
#
sysname P
#
router id 2.2.2.2
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Vlanif20
ip address 4.4.4.5 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 5.5.5.4 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 388

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

port hybrid pvid vlan 20

port hybrid tagged vlan 20
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 4.4.4.0 0.0.0.255
network 5.5.5.0 0.0.0.255
#
return
● PE2 configuration file
#
sysname PE2
#
router id 3.3.3.3
#
vcmp role silent
#
vlan batch 30
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.1
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
#
interface Vlanif30
ip address 5.5.5.5 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
port link-type hybrid
#
interface GigabitEthernet0/0/2.1
dot1q termination vid 10
l2 binding vsi a2
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 5.5.5.0 0.0.0.255
#
return

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 389

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

8.11.6 Example for Connecting QinQ Termination Sub-

interfaces to a VPLS Network
Networking Requirements
On the network shown in Figure 8-12, VPLS is enabled on PE1 and PE2. CE1
connects to PE1 through Switch1 and CE2 connects to PE2 through Switch2. CE1
and CE2 are on the same VPLS network. PWs are established by using LDP as the
VPLS signaling protocol, and VPLS is configured to connect CE1 and CE2.
Selective QinQ needs to be configured on the interfaces connected to CEs so that
the Switch adds the VLAN tags specified by the carrier to the packets sent from
CEs.
When the Switch is connected to multiple CEs, the Switch can add the same VLAN
tag to the packets from different CEs, thereby saving VLAN IDs on the public
network.

Figure 8-12 Networking diagram for connecting QinQ termination sub-interfaces

to a VPLS network
Loopback1 Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32 3.3.3.3/32

GE0/0/2 GE0/0/2
PE1 PE2
GE0/0/1 GE0/0/1
GE0/0/1 P GE0/0/2

GE0/0/2 GE0/0/2
Switch1 Switch2
GE0/0/1 GE0/0/1

GE0/0/1 GE0/0/1

CE1 CE2

Switch Interface VLANIF Interface IP Address

PE1 GigabitEthernet0/0 GigabitEthernet0/0 -

/1 /1.1

- GigabitEthernet0/0 VLANIF 20 4.4.4.4/24

/2

- Loopback1 - 1.1.1.1/32

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 390

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Switch Interface VLANIF Interface IP Address

PE2 GigabitEthernet0/0 VLANIF 30 5.5.5.5/24

/1

- GigabitEthernet0/0 GigabitEthernet0/0 -
/2 /2.1

- Loopback1 - 3.3.3.3/32

P GigabitEthernet0/0 VLANIF 20 4.4.4.5/24

/1

- GigabitEthernet0/0 VLANIF 30 5.5.5.4/24

/2

- Loopback1 - 2.2.2.2/32

CE1 GigabitEthernet0/0 VLANIF 10 10.1.1.1/24

/1

CE2 GigabitEthernet0/0 VLANIF 10 10.1.1.2/24

/1

Configuration Roadmap
The configuration roadmap is as follows:

1. Configure a routing protocol on the backbone network to implement

interworking between devices.
2. Configure selective QinQ on Switch interfaces connected to CEs.
3. Set up a remote LDP session between PEs.
4. Establish tunnels between PEs to transmit service data.
5. Enable MPLS L2VPN on the PEs.
6. Create a VSI on PEs and specify the signaling protocol as LDP.
7. Configure QinQ termination sub-interfaces on PE interfaces connected to the
Switch so that QinQ interfaces can connect to the VPLS network.

NOTE

VLAN termination sub-interfaces cannot be created on a VCMP client.

Procedure
Step 1 Configure the VLAN to which each interface belongs according to Figure 8-12,
and assign IP addresses to VLANIF interfaces.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 391

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

NOTE

● The AC-side and PW-side physical interfaces of a PE cannot be added to the same
VLAN; otherwise, a loop may occur.
● Ensure that each packet sent from a CE to the Switch carries one VLAN tag.

# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 10
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 24
[CE1-Vlanif10] quit

# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 10
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port link-type trunk
[CE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE2-GigabitEthernet0/0/1] quit
[CE2] interface vlanif 10
[CE2-Vlanif10] ip address 10.1.1.2 24
[CE2-Vlanif10] quit

# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan batch 20
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] port link-type hybrid
[PE1-GigabitEthernet0/0/2] port hybrid pvid vlan 20
[PE1-GigabitEthernet0/0/2] port hybrid tagged vlan 20
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip address 4.4.4.4 24
[PE1-Vlanif20] quit

# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] vlan batch 20 30
[P] interface gigabitethernet 0/0/1
[P-GigabitEthernet0/0/1] port link-type hybrid
[P-GigabitEthernet0/0/1] port hybrid pvid vlan 20
[P-GigabitEthernet0/0/1] port hybrid tagged vlan 20
[P-GigabitEthernet0/0/1] quit
[P] interface gigabitethernet 0/0/2
[P-GigabitEthernet0/0/2] port link-type hybrid
[P-GigabitEthernet0/0/2] port hybrid pvid vlan 30
[P-GigabitEthernet0/0/2] port hybrid tagged vlan 30
[P-GigabitEthernet0/0/2] quit
[P] interface vlanif 20
[P-Vlanif20] ip address 4.4.4.5 24
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] ip address 5.5.5.4 24
[P-Vlanif30] quit

# Configure PE2.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 392

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] vlan batch 30
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] port link-type hybrid
[PE2-GigabitEthernet0/0/1] port hybrid pvid vlan 30
[PE2-GigabitEthernet0/0/1] port hybrid tagged vlan 30
[PE2-GigabitEthernet0/0/1] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] ip address 5.5.5.5 24
[PE2-Vlanif30] quit

Step 2 Configure selective QinQ on interfaces of the Switch and specify the VLANs
allowed by the interfaces.

# Configure Switch1.
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan 100
[Switch1-vlan100] quit
[Switch1] interface gigabitethernet0/0/2
[Switch1-GigabitEthernet0/0/2] port link-type hybrid
[Switch1-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[Switch1-GigabitEthernet0/0/2] quit
[Switch1] interface gigabitethernet0/0/1
[Switch1-GigabitEthernet0/0/1] port link-type hybrid
[Switch1-GigabitEthernet0/0/1] qinq vlan-translation enable
[Switch1-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch1-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 100
[Switch1-GigabitEthernet0/0/1] quit

# Configure Switch2.
<HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2] vlan 100
[Switch2-vlan100] quit
[Switch2] interface gigabitethernet0/0/2
[Switch2-GigabitEthernet0/0/2] port link-type hybrid
[Switch2-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[Switch2-GigabitEthernet0/0/2] quit
[Switch2] interface gigabitethernet0/0/1
[Switch2-GigabitEthernet0/0/1] port link-type hybrid
[Switch2-GigabitEthernet0/0/1] qinq vlan-translation enable
[Switch2-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch2-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 100
[Switch2-GigabitEthernet0/0/1] quit

Step 3 Configure an IGP, for example, OSPF.

Configure PE1, P, and PE2 to advertise 32-bit loopback interface addresses as the
LSR IDs.

# Configure PE1.
[PE1] router id 1.1.1.1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit

# Configure P.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 393

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

[P] router id 2.2.2.2

[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.2 32
[P-LoopBack1] quit
[P] ospf 1
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 4.4.4.5 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 5.5.5.4 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit

# Configure PE2.
[PE2] router id 3.3.3.3
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.3 32
[PE2-LoopBack1] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit

After the configuration is complete, run the display ip routing-table command

on PE1, P, and PE2. You can view the routes that PE1, P, and PE2 have learned
from each other. The following is the display on PE1:
[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8

Destination/Mask Proto Pre Cost Flags NextHop Interface

1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack1

2.2.2.2/32 OSPF 10 1 D 4.4.4.5 Vlanif20
3.3.3.3/32 OSPF 10 2 D 4.4.4.5 Vlanif20
4.4.4.0/24 Direct 0 0 D 4.4.4.4 Vlanif20
4.4.4.4/32 Direct 0 0 D 127.0.0.1 Vlanif20
5.5.5.0/24 OSPF 10 2 D 4.4.4.5 Vlanif20
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Step 4 Configure basic MPLS functions and MPLS LDP.

# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit

# Configure P.
[P] mpls lsr-id 2.2.2.2
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 20
[P-Vlanif20] mpls

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 394

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

[P-Vlanif20] mpls ldp

[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls
[PE2-Vlanif30] mpls ldp
[PE2-Vlanif30] quit

After the configuration is complete, run the display mpls ldp session command
on PE1, P, and PE2. You can see that the peer relationships are set up between PE1
and P, and between P and PE2. The status of the peer relationship is Operational.
Run the display mpls ldp command to view the MPLS LDP configuration. The
following is the display on PE1:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:15:29 3717/3717
------------------------------------------------------------------------------
TOTAL: 1 session(s) Found.

Step 5 Set up a remote LDP session between PEs.

# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] quit

# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] quit

After the configuration is complete, run the display mpls ldp session command
on PE1 or PE2. You can see that the status of the peer relationship between PE1
and PE2 is Operational. That is, the peer relationship is set up. The following is the
display on PE1:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:15:29 3717/3717
3.3.3.3:0 Operational DU Passive 0000:00:00 2/2
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 395

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Step 6 Enable MPLS L2VPN on the PEs.

# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit

# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit

Step 7 Configure a VSI on the PEs.

# Configure PE1.
[PE1] vsi a2 static
[PE1-vsi-a2] pwsignal ldp
[PE1-vsi-a2-ldp] vsi-id 2
[PE1-vsi-a2-ldp] peer 3.3.3.3
[PE1-vsi-a2-ldp] quit
[PE1-vsi-a2] quit

# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2] pwsignal ldp
[PE2-vsi-a2-ldp] vsi-id 2
[PE2-vsi-a2-ldp] peer 1.1.1.1
[PE2-vsi-a2-ldp] quit
[PE2-vsi-a2] quit

Step 8 Bind interfaces to VSIs on the PEs.

# Configure PE1.
[PE1] vcmp role silent
[PE1] interface gigabitethernet0/0/1
[PE1-GigabitEthernet0/0/1] port link-type hybrid
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface gigabitethernet0/0/1.1
[PE1-GigabitEthernet0/0/1.1] qinq termination pe-vid 100 ce-vid 10
[PE1-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE1-GigabitEthernet0/0/1.1] quit

# Configure PE2.
[PE2] vcmp role silent
[PE2] interface gigabitethernet0/0/2
[PE2-GigabitEthernet0/0/2] port link-type hybrid
[PE2-GigabitEthernet0/0/2] quit
[PE2] interface gigabitethernet0/0/2.1
[PE2-GigabitEthernet0/0/2.1] qinq termination pe-vid 100 ce-vid 10
[PE2-GigabitEthernet0/0/2.1] l2 binding vsi a2
[PE2-GigabitEthernet0/0/2.1] quit

Step 9 Verify the configuration.

After the configuration is complete, run the display vsi name a2 verbose
command on PE1. You can see that the VSI a2 sets up a PW to PE2 and the VSI
status is Up.
[PE1] display vsi name a2 verbose

***VSI Name : a2
Administrator VSI : no
Isolate Spoken : disable
VSI Index :0
PW Signaling : ldp

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 396

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Member Discovery Style : static

PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
P2P VSI : disable
Create Time : 0 days, 0 hours, 5 minutes, 1 seconds
VSI State : up

VSI ID :2
*Peer Router ID : 3.3.3.3
Negotiation-vc-id :2
primary or secondary : primary
ignore-standby-state : no
VC Label : 23552
Peer Type : dynamic
Session : up
Tunnel ID : 0x22
Broadcast Tunnel ID : 0x22
Broad BackupTunnel ID : 0x0
CKey :2
NKey :1
Stp Enable :0
PwIndex :0
Control Word : disable

Interface Name : gigabitethernet0/0/1.1

State : up
Access Port : false
Last Up Time : 2010/12/30 11:31:18
Total Up Time : 0 days, 0 hours, 1 minutes, 35 seconds

**PW Information:

*Peer Ip Address : 3.3.3.3

PW State : up
Local VC Label : 23552
Remote VC Label : 23552
Remote Control Word : disable
PW Type : label
Local VCCV : alert lsp-ping bfd
Remote VCCV : alert lsp-ping bfd
Tunnel ID : 0x22
Broadcast Tunnel ID : 0x22
Broad BackupTunnel ID : 0x0
Ckey : 0x2
Nkey : 0x1
Main PW Token : 0x22
Slave PW Token : 0x0
Tnl Type : LSP
OutInterface : Vlanif20
Backup OutInterface :
Stp Enable :0
PW Last Up Time : 2010/12/30 11:32:03
PW Total Up Time : 0 days, 0 hours, 0 minutes, 50 seconds

CE1 (10.1.1.1) can ping CE2 (10.1.1.2) successfully.

[CE1] ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 ms
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77 ms
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34 ms
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46 ms
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94 ms

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 397

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

--- 10.1.1.2 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 34/68/94 ms

----End

Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return

● CE2 configuration file

#
sysname CE2
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return

● Switch1 configuration file

#
sysname Switch1
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid untagged vlan 100
port vlan-stacking vlan 10 stack-vlan 100
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 100
#
return

● Switch2 configuration file

#
sysname Switch2
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid untagged vlan 100

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 398

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

port vlan-stacking vlan 10 stack-vlan 100

#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 100
#
return
● PE1 configuration file
#
sysname PE1
#
router id 1.1.1.1
#
vcmp role silent
#
vlan batch 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.3
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
#
interface Vlanif20
ip address 4.4.4.4 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
#
interface GigabitEthernet0/0/1.1
qinq termination pe-vid 100 ce-vid 10
l2 binding vsi a2
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 4.4.4.0 0.0.0.255
#
return
● P configuration file
#
sysname P
#
router id 2.2.2.2
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 399

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

#
mpls ldp
#
interface Vlanif20
ip address 4.4.4.5 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 5.5.5.4 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 4.4.4.0 0.0.0.255
network 5.5.5.0 0.0.0.255
#
return
● PE2 configuration file
#
sysname PE2
#
router id 3.3.3.3
#
vcmp role silent
#
vlan batch 30
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.1
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
#
interface Vlanif30
ip address 5.5.5.5 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 400

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

port link-type hybrid

#
interface GigabitEthernet0/0/2.1
qinq termination pe-vid 100 ce-vid 10
l2 binding vsi a2
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 5.5.5.0 0.0.0.255
#
return

8.11.7 Example for Connecting Dot1q Termination Sub-

interfaces to an L3VPN
Networking Requirements
On the network shown in Figure 8-13, CE1 and CE3 belong to VPN-A, and CE2
and CE4 belong to VPN-B. The VPN targets of VPN-A and VPN-B are 111:1 and
222:2 respectively. Users in different VPNs cannot communicate with each other.

Figure 8-13 Networking diagram for connecting Dot1q termination sub-interfaces

to an L3VPN

VPN-A AS: 65410 AS: 65430 VPN-A

CE1 CE3
GE0/0/1 GE0/0/1

Loopback1
2.2.2.2/32
GE0/0/1 GE0/0/1
PE1 PE2
Loopback1 GE0/0/1 GE0/0/2 Loopback1
1.1.1.1/32 GE0/0/3 GE0/0/3 3.3.3.3/32
GE0/0/2 P GE0/0/2
MPLS backbone
AS: 100

GE0/0/1 GE0/0/1
CE2 CE4
VPN-B VPN-B
AS: 65420 AS: 65440

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 401

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Switch Interface Layer 3 Interface IP Address

PE1 GigabitEthernet0/0 GigabitEthernet0/0 10.1.1.2/24

/1 /1.1

- GigabitEthernet0/0 GigabitEthernet0/0 10.2.1.2/24

/2 /2.1

- GigabitEthernet0/0 VLANIF30 7.7.7.7/24

/3

PE2 GigabitEthernet0/0 GigabitEthernet0/0 10.3.1.2/24

/1 /1.1

- GigabitEthernet0/0 GigabitEthernet0/0 10.4.1.2/24

/2 /2.1

- GigabitEthernet0/0 VLANIF60 6.6.6.7/24

/3

P GigabitEthernet0/0 VLANIF30 7.7.7.8/24

/1

- GigabitEthernet0/0 VLANIF60 6.6.6.6/24

/2

CE1 GigabitEthernet0/0 VLANIF10 10.1.1.1/24

/1

CE2 GigabitEthernet0/0 VLANIF20 10.2.1.1/24

/1

CE3 GigabitEthernet0/0 VLANIF10 10.3.1.1/24

/1

CE4 GigabitEthernet0/0 VLANIF20 10.4.1.1/24

/1

Configuration Roadmap
The configuration roadmap is as follows:

1. Configure VPN instances on PEs connected to CEs on the backbone network,

bind interfaces connected to CEs to VPN instances, and assign IP addresses to
interfaces connected to CEs.
2. Configure OSPF on PEs to implement interworking between PEs.
3. Configure basic MPLS functions and MPLS LDP, and set up MPLS LSPs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 402

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

4. Configure the Multi-protocol Extensions for Interior Border Gateway Protocol

(MP-IBGP) on PEs to exchange VPN routing information.
5. Configure EBGP on CEs and PEs to exchange VPN routing information.
6. Configure Dot1q sub-interfaces on PE interfaces connected to CEs to connect
the Dot1q sub-interfaces to the L3VPN.

NOTE

VLAN termination sub-interfaces cannot be created on a VCMP client.

Procedure
Step 1 Configure an IGP, for example, OSPF, on the MPLS backbone network so that PEs
and the P can communicate with each other.

# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] router id 1.1.1.1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] vlan batch 30
[PE1] interface gigabitethernet 0/0/3
[PE1-GigabitEthernet0/0/3] port link-type hybrid
[PE1-GigabitEthernet0/0/3] port hybrid pvid vlan 30
[PE1-GigabitEthernet0/0/3] port hybrid untagged vlan 30
[PE1-GigabitEthernet0/0/3] quit
[PE1] interface vlanif 30
[PE1-Vlanif30] ip address 7.7.7.7 24
[PE1-Vlanif30] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 7.7.7.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit

# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] router id 2.2.2.2
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.2 32
[P-LoopBack1] quit
[P] vlan batch 30 60
[P] interface gigabitethernet 0/0/1
[P-GigabitEthernet0/0/1] port link-type hybrid
[P-GigabitEthernet0/0/1] port hybrid pvid vlan 30
[P-GigabitEthernet0/0/1] port hybrid untagged vlan 30
[P-GigabitEthernet0/0/1] quit
[P] interface gigabitethernet 0/0/2
[P-GigabitEthernet0/0/2] port link-type hybrid
[P-GigabitEthernet0/0/2] port hybrid pvid vlan 60
[P-GigabitEthernet0/0/2] port hybrid untagged vlan 60
[P-GigabitEthernet0/0/2] quit
[P] interface vlanif 30
[P-Vlanif30] ip address 7.7.7.8 24
[P-Vlanif30] quit
[P] interface vlanif 60
[P-Vlanif60] ip address 6.6.6.6 24
[P-Vlanif60] quit
[P] ospf

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 403

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 7.7.7.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 6.6.6.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit

# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] router id 3.3.3.3
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.3 32
[PE2-LoopBack1] quit
[PE2] vlan batch 60
[PE2] interface gigabitethernet 0/0/3
[PE2-GigabitEthernet0/0/3] port link-type hybrid
[PE2-GigabitEthernet0/0/3] port hybrid pvid vlan 60
[PE2-GigabitEthernet0/0/3] port hybrid untagged vlan 60
[PE2-GigabitEthernet0/0/3] quit
[PE2] interface vlanif 60
[PE2-Vlanif60] ip address 6.6.6.7 24
[PE2-Vlanif60] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 6.6.6.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit

After the configuration is complete, PE1, P, and PE2 can establish OSPF neighbor
relationships. Run the display ospf peer command. You can see that the OSPF
neighbor relationship status is Full. Run the display ip routing-table command.
You can see that the PEs learn each other's routes to the Loopback1 interface.

The following is the display on PE1:

[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8

Destination/Mask Proto Pre Cost Flags NextHop Interface

1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack1

2.2.2.2/32 OSPF 10 1 D 7.7.7.8 Vlanif30
3.3.3.3/32 OSPF 10 2 D 7.7.7.8 Vlanif30
6.6.6.0/24 OSPF 10 2 D 7.7.7.8 Vlanif30
7.7.7.0/24 Direct 0 0 D 7.7.7.7 Vlanif30
7.7.7.7/32 Direct 0 0 D 127.0.0.1 Vlanif30
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[PE1] display ospf peer

OSPF Process 1 with Router ID 1.1.1.1

Neighbors

Area 0.0.0.0 interface 7.7.7.7(Vlanif30)'s neighbors

Router ID: 2.2.2.2 Address: 7.7.7.8
State: Full Mode:Nbr is Master Priority: 1
DR: 7.7.7.8 BDR: 7.7.7.7 MTU: 0
Dead timer due in 37 sec
Retrans timer interval: 5
Neighbor is up for 00:00:20
Authentication Sequence: [ 0 ]

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 404

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Step 2 Configure basic MPLS functions, enable MPLS LDP, and establish LDP LSPs on the
MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 30
[PE1-Vlanif30] mpls
[PE1-Vlanif30] mpls ldp
[PE1-Vlanif30] quit

# Configure P.
[P] mpls lsr-id 2.2.2.2
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit
[P] interface vlanif 60
[P-Vlanif60] mpls
[P-Vlanif60] mpls ldp
[P-Vlanif60] quit

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 60
[PE2-Vlanif60] mpls
[PE2-Vlanif60] mpls ldp
[PE2-Vlanif60] quit

After the configuration is complete, LDP sessions can be set up between PE1 and
the P, and between the P and PE2. Run the display mpls ldp session command.
You can see that the Status field is Operational. Run the display mpls ldp lsp
command to view the MPLS LDP configuration.
The following is the display on PE1:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:15:29 3717/3717
------------------------------------------------------------------------------
TOTAL: 1 session(s) Found.
[PE1] display mpls ldp lsp

LDP LSP Information

-------------------------------------------------------------------------------
Flag after Out IF: (I) - LSP Is Only Iterated by RLFA
-------------------------------------------------------------------------------
DestAddress/Mask In/OutLabel UpstreamPeer NextHop OutInterface
-------------------------------------------------------------------------------

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 405

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

1.1.1.1/32 3/NULL 2.2.2.2 127.0.0.1 InLoop0

*1.1.1.1/32 Liberal/1024 DS/2.2.2.2
2.2.2.2/32 NULL/3 - 7.7.7.8 Vlanif30
2.2.2.2/32 1024/3 2.2.2.2 7.7.7.8 Vlanif30
3.3.3.3/32 NULL/1025 - 7.7.7.8 Vlanif30
3.3.3.3/32 1025/1025 2.2.2.2 7.7.7.8 Vlanif30
-------------------------------------------------------------------------------
TOTAL: 5 Normal LSP(s) Found.
TOTAL: 1 Liberal LSP(s) Found.
TOTAL: 0 Frr LSP(s) Found.
A '*' before an LSP means the LSP is not established
A '*' before a Label means the USCB or DSCB is stale
A '*' before a UpstreamPeer means the session is stale
A '*' before a DS means the session is stale
A '*' before a NextHop means the LSP is FRR LSP

Step 3 Configure a VPN instance on each PE and connect CEs to PEs.

# Configure PE1.
[PE1] ip vpn-instance vpna
[PE1-vpn-instance-vpna] route-distinguisher 100:1
[PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[PE1-vpn-instance-vpna-af-ipv4] quit
[PE1-vpn-instance-vpna] quit
[PE1] ip vpn-instance vpnb
[PE1-vpn-instance-vpnb] route-distinguisher 100:2
[PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
[PE1-vpn-instance-vpnb-af-ipv4] quit
[PE1-vpn-instance-vpnb] quit
[PE1] vcmp role silent
[PE1] interface gigabitethernet 0/0/1
[PE1-GigabitEthernet0/0/1] port link-type hybrid
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface gigabitethernet 0/0/1.1
[PE1-GigabitEthernet0/0/1.1] dot1q termination vid 10
[PE1-GigabitEthernet0/0/1.1] ip binding vpn-instance vpna
[PE1-GigabitEthernet0/0/1.1] ip address 10.1.1.2 24
[PE1-GigabitEthernet0/0/1.1] arp broadcast enable
[PE1-GigabitEthernet0/0/1.1] quit
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] port link-type hybrid
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface gigabitethernet 0/0/2.1
[PE1-GigabitEthernet0/0/2.1] dot1q termination vid 20
[PE1-GigabitEthernet0/0/2.1] ip binding vpn-instance vpnb
[PE1-GigabitEthernet0/0/2.1] ip address 10.2.1.2 24
[PE1-GigabitEthernet0/0/2.1] arp broadcast enable
[PE1-GigabitEthernet0/0/2.1] quit

# Configure PE2.
[PE2] ip vpn-instance vpna
[PE2-vpn-instance-vpna] route-distinguisher 200:1
[PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[PE2-vpn-instance-vpna-af-ipv4] quit
[PE2-vpn-instance-vpna] quit
[PE2] ip vpn-instance vpnb
[PE2-vpn-instance-vpnb] route-distinguisher 200:2
[PE2-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
[PE2-vpn-instance-vpnb-af-ipv4] quit
[PE2-vpn-instance-vpnb] quit
[PE2] vcmp role silent
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] port link-type hybrid
[PE2-GigabitEthernet0/0/1] quit
[PE2] interface gigabitethernet 0/0/1.1
[PE2-GigabitEthernet0/0/1.1] dot1q termination vid 10
[PE2-GigabitEthernet0/0/1.1] ip binding vpn-instance vpna
[PE2-GigabitEthernet0/0/1.1] ip address 10.3.1.2 24

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 406

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

[PE2-GigabitEthernet0/0/1.1] arp broadcast enable

[PE2-GigabitEthernet0/0/1.1] quit
[PE2] interface gigabitethernet 0/0/2
[PE2-GigabitEthernet0/0/2] port link-type hybrid
[PE2-GigabitEthernet0/0/2] quit
[PE2] interface gigabitethernet 0/0/2.1
[PE2-GigabitEthernet0/0/2.1] dot1q termination vid 20
[PE2-GigabitEthernet0/0/2.1] ip binding vpn-instance vpnb
[PE2-GigabitEthernet0/0/2.1] ip address 10.4.1.2 24
[PE2-GigabitEthernet0/0/2.1] arp broadcast enable
[PE2-GigabitEthernet0/0/2.1] quit

# Assign IP addresses to interfaces on CE1 according to Figure 8-13. The

configurations of CE2, CE3, and CE4 are the same as the configuration of CE1, and
are not mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 10
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type hybrid
[CE1-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[CE1-GigabitEthernet0/0/1] port hybrid tagged vlan 10
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 24
[CE1-Vlanif10] quit

After the configuration is complete, run the display ip vpn-instance verbose

command on PEs to view the configurations of VPN instances. Each PE can
successfully ping its connected CE.

NOTE

If multiple interfaces of a PE are bound to the same VPN instance, run the ping -vpn-
instance vpn-instance-name -a source-ip-address dest-ip-address command with -a source-
ip-address specified to ping the CE connected to the remote PE. Otherwise, the ping
operation may fail.

The following is the display on PE1:

[PE1] display ip vpn-instance verbose
Total VPN-Instances configured : 2
Total IPv4 VPN-Instances configured : 2
Total IPv6 VPN-Instances configured : 0

VPN-Instance Name and ID : vpna, 1

Interfaces : Gigabitethernet0/0/1.1
Address family ipv4
Create date : 2013-08-28 21:01:00+00:00
Up time : 0 days, 22 hours, 24 minutes and 53 seconds
Route Distinguisher : 100:1
Export VPN Targets : 111:1
Import VPN Targets : 111:1
Label Policy : label per instance
Per-Instance Label : 4098
Log Interval : 5

VPN-Instance Name and ID : vpnb, 2

Interfaces : Gigabitethernet0/0/2.1
Address family ipv4
Create date : 2013-08-28 21:01:00+00:00
Up time : 0 days, 22 hours, 24 minutes and 53 seconds
Route Distinguisher : 100:2
Export VPN Targets : 222:2
Import VPN Targets : 222:2
Label Policy : label per instance

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 407

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Per-Instance Label : 4099

Log Interval : 5
[PE1] ping -vpn-instance vpna 10.1.1.1
PING 10.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=5 ms
Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=3 ms
Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=3 ms
Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=3 ms
Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=16 ms

--- 10.1.1.1 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/6/16 ms

Step 4 Set up EBGP peer relationships between PEs and CEs and configure CEs to import
VPN routes.
# Configure CE1. The configurations of CE2, CE3, and CE4 are the same as the
configuration of CE1, and are not mentioned here.
[CE1] bgp 65410
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] import-route direct

# Configure PE1. The configuration of PE2 is the same as the configuration of PE1,
and is not mentioned here.
[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpna
[PE1-bgp-vpna] peer 10.1.1.1 as-number 65410
[PE1-bgp-vpna] import-route direct
[PE1-bgp-vpna] quit
[PE1-bgp] ipv4-family vpn-instance vpnb
[PE1-bgp-vpnb] peer 10.2.1.1 as-number 65420
[PE1-bgp-vpnb] import-route direct
[PE1-bgp-vpnb] quit
[PE1-bgp] quit

After the configuration is complete, run the display bgp vpnv4 vpn-instance peer
command on PEs. You can see that BGP peer relationships between PEs and CEs
have been established and are in the Established state.
The following is the peer relationship between PE1 and CE1:
[PE1] display bgp vpnv4 vpn-instance vpna peer

BGP local router ID : 1.1.1.1

Local AS number : 100

VPN-Instance vpna, Router ID 1.1.1.1:

Total number of peers : 1 Peers in established state : 1

Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv

10.1.1.1 4 65410 11 9 0 00:07:25 Established 1

Step 5 Set up an MP-IBGP peer relationship between PEs.

# Configure PE1.
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.3 as-number 100
[PE1-bgp] peer 3.3.3.3 connect-interface loopback 1
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 3.3.3.3 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 408

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

# Configure PE2.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.1 as-number 100
[PE2-bgp] peer 1.1.1.1 connect-interface loopback 1
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 1.1.1.1 enable
[PE2-bgp-af-vpnv4] quit
[PE2-bgp] quit

After the configuration is complete, run the display bgp peer or display bgp
vpnv4 all peer command on PEs. You can see that the BGP peer relationships
have been established between the PEs.
[PE1] display bgp peer

BGP local router ID : 1.1.1.1

Local AS number : 100
Total number of peers : 1 Peers in established state : 1

Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv

3.3.3.3 4 100 12 6 0 00:02:21 Established 0

[PE1] display bgp vpnv4 all peer

BGP local router ID : 1.1.1.1

Local AS number : 100
Total number of peers : 3 Peers in established state : 3

Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv

3.3.3.3 4 100 12 18 0 00:09:38 Established 0

Peer of IPv4-family for vpn instance :

VPN-Instance vpna, Router ID 1.1.1.1:

10.1.1.1 4 65410 25 25 0 00:17:57 Established 1
VPN-Instance vpnb, Router ID 1.1.1.1:
10.2.1.1 4 65420 21 22 0 00:17:10 Established 1

Step 6 Verify the configuration.

Run the display ip routing-table vpn-instance command on a PE. You can view
the routes to the remote CE.

The following is the display on PE1:

[PE1] display ip routing-table vpn-instance vpna
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpna
Destinations : 3 Routes : 3

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.1.1.0/24 Direct 0 0 D 10.1.1.2 Gigabitethernet0/0/1.1

10.1.1.2/32 Direct 0 0 D 127.0.0.1 Gigabitethernet0/0/1.1
10.3.1.0/24 IBGP 255 0 RD 3.3.3.3 Vlanif30
[PE1] display ip routing-table vpn-instance vpnb
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpnb
Destinations : 3 Routes : 3

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.2.1.0/24 Direct 0 0 D 10.2.1.2 Gigabitethernet0/0/2.1

10.2.1.2/32 Direct 0 0 D 127.0.0.1 Gigabitethernet0/0/2.1
10.4.1.0/24 IBGP 255 0 RD 3.3.3.3 Vlanif30

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 409

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

CEs in the same VPN can successfully ping each other but CEs in different VPNs
cannot.

For example, CE1 can successfully ping CE3 at 10.3.1.1 but cannot ping CE4 at
10.4.1.1.
[CE1] ping 10.3.1.1
PING 10.3.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=253 time=72 ms
Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=253 time=34 ms
Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=253 time=50 ms
Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=253 time=50 ms
Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=253 time=34 ms
--- 10.3.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 34/48/72 ms
[CE1] ping 10.4.1.1
PING 10.4.1.1: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 10.4.1.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss

----End

Configuration Files
● PE1 configuration file
#
sysname PE1
#
router id 1.1.1.1
#
vcmp role silent
#
vlan batch 30
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 100:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
ipv4-family
route-distinguisher 100:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
interface Vlanif30
ip address 7.7.7.7 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 410

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

port link-type hybrid

#
interface GigabitEthernet0/0/1.1
dot1q termination vid 10
ip binding vpn-instance vpna
ip address 10.1.1.2 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/2
port link-type hybrid
#
interface GigabitEthernet0/0/2.1
dot1q termination vid 20
ip binding vpn-instance vpnb
ip address 10.2.1.2 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.3 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.3 enable
#
ipv4-family vpn-instance vpna
import-route direct
peer 10.1.1.1 as-number 65410
#
ipv4-family vpn-instance vpnb
import-route direct
peer 10.2.1.1 as-number 65420
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 7.7.7.0 0.0.0.255
#
return
● P configuration file
#
sysname P
#
router id 2.2.2.2
#
vlan batch 30 60
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Vlanif30
ip address 7.7.7.8 255.255.255.0
mpls
mpls ldp
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 411

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

interface Vlanif60
ip address 6.6.6.6 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 6.6.6.0 0.0.0.255
network 7.7.7.0 0.0.0.255
#
return
● PE2 configuration file
#
sysname PE2
#
router id 3.3.3.3
#
vcmp role silent
#
vlan batch 60
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 200:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
ipv4-family
route-distinguisher 200:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
interface Vlanif60
ip address 6.6.6.7 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 10
ip binding vpn-instance vpna
ip address 10.3.1.2 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/2
port link-type hybrid
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 412

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

interface GigabitEthernet0/0/2.1
dot1q termination vid 20
ip binding vpn-instance vpnb
ip address 10.4.1.2 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
#
ipv4-family vpn-instance vpna
import-route direct
peer 10.3.1.1 as-number 65430
#
ipv4-family vpn-instance vpnb
import-route direct
peer 10.4.1.1 as-number 65440
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 6.6.6.0 0.0.0.255
#
return
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 10
port hybrid tagged vlan 10
#
bgp 65410
peer 10.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.1.1.2 enable
#
return
● CE2 configuration file
#
sysname CE2
#
vlan batch 20

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 413

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

#
interface Vlanif20
ip address 10.2.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
bgp 65420
peer 10.2.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.2.1.2 enable
#
return

● CE3 configuration file

#
sysname CE3
#
vlan batch 10
#
interface Vlanif10
ip address 10.3.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 10
port hybrid tagged vlan 10
#
bgp 65430
peer 10.3.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.3.1.2 enable
#
return

● CE4 configuration file

#
sysname CE4
#
vlan batch 20
#
interface Vlanif20
ip address 10.4.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
bgp 65440
peer 10.4.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.4.1.2 enable
#
return

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 414

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

8.11.8 Example for Connecting QinQ Termination Sub-

interfaces to an L3VPN

Networking Requirements
On the network shown in Figure 8-14, CE1 and CE3 belong to VPN-A, and CE2
and CE4 belong to VPN-B. The VPN targets of VPN-A and VPN-B are 111:1 and
222:2 respectively. Users in different VPNs cannot communicate with each other.

Selective QinQ needs to be configured on the interfaces connected to CEs so that

the Switch adds the VLAN tags specified by the carrier to the packets sent from
CEs.

When the Switch is connected to multiple CEs, the Switch can add the same VLAN
tag to the packets from different CEs, thereby saving VLAN IDs on the public
network.

Figure 8-14 Networking diagram for connecting QinQ termination sub-interfaces

to an L3VPN

VPN-A AS: 65410 AS: 65430 VPN-A

CE1 CE3

GE/0/1 GE0/0/1
GE0/0/1 GE0/0/1

Switch1 Loopback1 Switch3

GE0/0/2 2.2.2.2/32 GE0/0/1
GE0/0/1 PE1 PE2 GE0/0/2
Loopback1 GE0/0/1 GE0/0/2 Loopback1
1.1.1.1/32 GE0/0/3 GE0/0/3 3.3.3.3/32
GE0/0/2 P GE0/0/2
GE0/0/2 MPLS backbone GE0/0/2
Switch2 AS: 100 Switch4

GE0/0/1 GE0/0/1
GE0/0/1 GE0/0/1
CE2 CE4
VPN-B VPN-B
AS: 65420 AS: 65440

Switch Interface Layer 3 Interface IP Address

PE1 GigabitEthernet0/0 GigabitEthernet0/0 10.1.1.2/24

/1 /1.1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 415

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Switch Interface Layer 3 Interface IP Address

- GigabitEthernet0/0 GigabitEthernet0/0 10.2.1.2/24

/2 /2.1

- GigabitEthernet0/0 VLANIF 30 7.7.7.7/24

/3

PE2 GigabitEthernet0/0 GigabitEthernet0/0 10.3.1.2/24

/1 /1.1

- GigabitEthernet0/0 GigabitEthernet0/0 10.4.1.2/24

/2 /2.1

- GigabitEthernet0/0 VLANIF 60 6.6.6.7/24

/3

P GigabitEthernet0/0 VLANIF 30 7.7.7.8/24

/1

- GigabitEthernet0/0 VLANIF 60 6.6.6.6/24

/2

CE1 GigabitEthernet0/0 VLANIF 10 10.1.1.1/24

/1

CE2 GigabitEthernet0/0 VLANIF 20 10.2.1.1/24

/1

CE3 GigabitEthernet0/0 VLANIF 10 10.3.1.1/24

/1

CE4 GigabitEthernet0/0 VLANIF 20 10.4.1.1/24

/1

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure VPN instances on PEs connected to CEs on the backbone network,
bind interfaces connected to CEs to VPN instances, and assign IP addresses to
interfaces connected to CEs.
2. Configure OSPF on PEs to implement interworking between PEs.
3. Configure basic MPLS functions and MPLS LDP, and set up MPLS LSPs.
4. Configure the Multi-protocol Extensions for Interior Border Gateway Protocol
(MP-IBGP) on PEs to exchange VPN routing information.
5. Configure EBGP on CEs and PEs to exchange VPN routing information.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 416

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

6. Configure QinQ termination sub-interfaces on PE interfaces connected to the

Switch, so that the QinQ termination sub-interfaces can connect to the
L3VPN.
7. Configure selective QinQ on Switch interfaces connected to CEs.

NOTE

VLAN termination sub-interfaces cannot be created on a VCMP client.

Procedure
Step 1 Configure selective QinQ on interfaces of the Switch and specify the VLANs
allowed by the interfaces.
# Configure Switch1.
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan 100
[Switch1-vlan100] quit
[Switch1] interface GigabitEthernet 0/0/2
[Switch1-GigabitEthernet0/0/2] port link-type hybrid
[Switch1-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[Switch1-GigabitEthernet0/0/2] quit
[Switch1] interface GigabitEthernet 0/0/1
[Switch1-GigabitEthernet0/0/1] port link-type hybrid
[Switch1-GigabitEthernet0/0/1] qinq vlan-translation enable
[Switch1-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch1-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 100
[Switch1-GigabitEthernet0/0/1] quit

# Configure Switch2.
<HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2] vlan 200
[Switch2-vlan200] quit
[Switch2] interface GigabitEthernet 0/0/2
[Switch2-GigabitEthernet0/0/2] port link-type hybrid
[Switch2-GigabitEthernet0/0/2] port hybrid tagged vlan 200
[Switch2-GigabitEthernet0/0/2] quit
[Switch2] interface GigabitEthernet 0/0/1
[Switch2-GigabitEthernet0/0/1] port link-type hybrid
[Switch2-GigabitEthernet0/0/1] qinq vlan-translation enable
[Switch2-GigabitEthernet0/0/1] port hybrid untagged vlan 200
[Switch2-GigabitEthernet0/0/1] port vlan-stacking vlan 20 stack-vlan 200
[Switch2-GigabitEthernet0/0/1] quit

# Configure Switch3.
<HUAWEI> system-view
[HUAWEI] sysname Switch3
[Switch3] vlan 100
[Switch3-vlan100] quit
[Switch3] interface GigabitEthernet 0/0/2
[Switch3-GigabitEthernet0/0/2] port link-type hybrid
[Switch3-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[Switch3-GigabitEthernet0/0/2] quit
[Switch3] interface GigabitEthernet 0/0/1
[Switch3-GigabitEthernet0/0/1] port link-type hybrid
[Switch3-GigabitEthernet0/0/1] qinq vlan-translation enable
[Switch3-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch3-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 100
[Switch3-GigabitEthernet0/0/1] quit

# Configure Switch4.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 417

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

<HUAWEI> system-view
[HUAWEI] sysname Switch4
[Switch4] vlan 200
[Switch4-vlan200] quit
[Switch4] interface GigabitEthernet 0/0/2
[Switch4-GigabitEthernet0/0/2] port link-type hybrid
[Switch4-GigabitEthernet0/0/2] port hybrid tagged vlan 200
[Switch4-GigabitEthernet0/0/2] quit
[Switch4] interface GigabitEthernet 0/0/1
[Switch4-GigabitEthernet0/0/1] port link-type hybrid
[Switch4-GigabitEthernet0/0/1] qinq vlan-translation enable
[Switch4-GigabitEthernet0/0/1] port hybrid untagged vlan 200
[Switch4-GigabitEthernet0/0/1] port vlan-stacking vlan 20 stack-vlan 200
[Switch4-GigabitEthernet0/0/1] quit

Step 2 Configure an IGP, for example, OSPF, on the MPLS backbone network so that PEs
and the P can communicate with each other.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] router id 1.1.1.1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] vlan batch 30
[PE1] interface gigabitethernet 0/0/3
[PE1-GigabitEthernet0/0/3] port link-type hybrid
[PE1-GigabitEthernet0/0/3] port hybrid pvid vlan 30
[PE1-GigabitEthernet0/0/3] port hybrid untagged vlan 30
[PE1-GigabitEthernet0/0/3] quit
[PE1] interface vlanif 30
[PE1-Vlanif30] ip address 7.7.7.7 24
[PE1-Vlanif30] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 7.7.7.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit

# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] router id 2.2.2.2
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.2 32
[P-LoopBack1] quit
[P] vlan batch 30 60
[P] interface gigabitethernet 0/0/1
[P-GigabitEthernet0/0/1] port link-type hybrid
[P-GigabitEthernet0/0/1] port hybrid pvid vlan 30
[P-GigabitEthernet0/0/1] port hybrid untagged vlan 30
[P-GigabitEthernet0/0/1] quit
[P] interface gigabitethernet 0/0/2
[P-GigabitEthernet0/0/2] port link-type hybrid
[P-GigabitEthernet0/0/2] port hybrid pvid vlan 60
[P-GigabitEthernet0/0/2] port hybrid untagged vlan 60
[P-GigabitEthernet0/0/2] quit
[P] interface vlanif 30
[P-Vlanif30] ip address 7.7.7.8 24
[P-Vlanif30] quit
[P] interface vlanif 60
[P-Vlanif60] ip address 6.6.6.6 24
[P-Vlanif60] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 7.7.7.0 0.0.0.255

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 418

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

[P-ospf-1-area-0.0.0.0] network 6.6.6.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit

# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] router id 3.3.3.3
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.3 32
[PE2-LoopBack1] quit
[PE2] vlan batch 60
[PE2] interface gigabitethernet 0/0/3
[PE2-GigabitEthernet0/0/3] port link-type hybrid
[PE2-GigabitEthernet0/0/3] port hybrid pvid vlan 60
[PE2-GigabitEthernet0/0/3] port hybrid untagged vlan 60
[PE2-GigabitEthernet0/0/3] quit
[PE2] interface vlanif 60
[PE2-Vlanif60] ip address 6.6.6.7 24
[PE2-Vlanif60] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 6.6.6.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit

After the configuration is complete, PE1, P, and PE2 can establish OSPF neighbor
relationships. Run the display ospf peer command. You can see that the OSPF
neighbor relationship status is Full. Run the display ip routing-table command.
You can see that the PEs learn each other's routes to the Loopback1 interface.

The following is the display on PE1:

[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8

Destination/Mask Proto Pre Cost Flags NextHop Interface

1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack1

2.2.2.2/32 OSPF 10 1 D 7.7.7.8 Vlanif30
3.3.3.3/32 OSPF 10 2 D 7.7.7.8 Vlanif30
6.6.6.0/24 OSPF 10 2 D 7.7.7.8 Vlanif30
7.7.7.0/24 Direct 0 0 D 7.7.7.7 Vlanif30
7.7.7.7/32 Direct 0 0 D 127.0.0.1 Vlanif30
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[PE1] display ospf peer

OSPF Process 1 with Router ID 1.1.1.1

Neighbors

Area 0.0.0.0 interface 7.7.7.7(Vlanif30)'s neighbors

Router ID: 2.2.2.2 Address: 7.7.7.8
State: Full Mode:Nbr is Master Priority: 1
DR: 7.7.7.8 BDR: 7.7.7.7 MTU: 0
Dead timer due in 37 sec
Retrans timer interval: 5
Neighbor is up for 00:00:20
Authentication Sequence: [ 0 ]

Step 3 Configure basic MPLS functions, enable MPLS LDP, and establish LDP LSPs on the
MPLS backbone network.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 419

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 30
[PE1-Vlanif30] mpls
[PE1-Vlanif30] mpls ldp
[PE1-Vlanif30] quit

# Configure P.
[P] mpls lsr-id 2.2.2.2
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit
[P] interface vlanif 60
[P-Vlanif60] mpls
[P-Vlanif60] mpls ldp
[P-Vlanif60] quit

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 60
[PE2-Vlanif60] mpls
[PE2-Vlanif60] mpls ldp
[PE2-Vlanif60] quit

After the configuration is complete, LDP sessions can be set up between PE1 and
the P, and between the P and PE2. Run the display mpls ldp session command.
You can see that the Status field is Operational. Run the display mpls ldp lsp
command to view the MPLS LDP configuration.
The following is the display on PE1:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:15:29 3717/3717
------------------------------------------------------------------------------
TOTAL: 1 session(s) Found.
[PE1] display mpls ldp lsp

LDP LSP Information

-------------------------------------------------------------------------------
Flag after Out IF: (I) - LSP Is Only Iterated by RLFA
-------------------------------------------------------------------------------
DestAddress/Mask In/OutLabel UpstreamPeer NextHop OutInterface
-------------------------------------------------------------------------------
1.1.1.1/32 3/NULL 2.2.2.2 127.0.0.1 InLoop0
*1.1.1.1/32 Liberal/1024 DS/2.2.2.2
2.2.2.2/32 NULL/3 - 7.7.7.8 Vlanif30
2.2.2.2/32 1024/3 2.2.2.2 7.7.7.8 Vlanif30

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 420

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

3.3.3.3/32 NULL/1025 - 7.7.7.8 Vlanif30

3.3.3.3/32 1025/1025 2.2.2.2 7.7.7.8 Vlanif30
-------------------------------------------------------------------------------
TOTAL: 5 Normal LSP(s) Found.
TOTAL: 1 Liberal LSP(s) Found.
TOTAL: 0 Frr LSP(s) Found.
A '*' before an LSP means the LSP is not established
A '*' before a Label means the USCB or DSCB is stale
A '*' before a UpstreamPeer means the session is stale
A '*' before a DS means the session is stale
A '*' before a NextHop means the LSP is FRR LSP

Step 4 Configure a VPN instance on each PE and connect CEs to PEs.

# Configure PE1.
[PE1] ip vpn-instance vpna
[PE1-vpn-instance-vpna] route-distinguisher 100:1
[PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[PE1-vpn-instance-vpna-af-ipv4] quit
[PE1-vpn-instance-vpna] quit
[PE1] ip vpn-instance vpnb
[PE1-vpn-instance-vpnb] route-distinguisher 100:2
[PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
[PE1-vpn-instance-vpnb-af-ipv4] quit
[PE1-vpn-instance-vpnb] quit
[PE1] vcmp role silent
[PE1] interface GigabitEthernet 0/0/1
[PE1-GigabitEthernet0/0/1] port link-type hybrid
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface GigabitEthernet 0/0/1.1
[PE1-GigabitEthernet0/0/1.1] qinq termination pe-vid 100 ce-vid 10
[PE1-GigabitEthernet0/0/1.1] ip binding vpn-instance vpna
[PE1-GigabitEthernet0/0/1.1] ip address 10.1.1.2 24
[PE1-GigabitEthernet0/0/1.1] arp broadcast enable
[PE1-GigabitEthernet0/0/1.1] quit
[PE1] interface GigabitEthernet 0/0/2
[PE1-GigabitEthernet0/0/2] port link-type hybrid
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface GigabitEthernet 0/0/2.1
[PE1-GigabitEthernet0/0/2.1] qinq termination pe-vid 200 ce-vid 20
[PE1-GigabitEthernet0/0/2.1] ip binding vpn-instance vpnb
[PE1-GigabitEthernet0/0/2.1] ip address 10.2.1.2 24
[PE1-GigabitEthernet0/0/2.1] arp broadcast enable
[PE1-GigabitEthernet0/0/2.1] quit

# Configure PE2.
[PE2] ip vpn-instance vpna
[PE2-vpn-instance-vpna] route-distinguisher 200:1
[PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[PE2-vpn-instance-vpna-af-ipv4] quit
[PE2-vpn-instance-vpna] quit
[PE2] ip vpn-instance vpnb
[PE2-vpn-instance-vpnb] route-distinguisher 200:2
[PE2-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
[PE2-vpn-instance-vpnb-af-ipv4] quit
[PE2-vpn-instance-vpnb] quit
[PE2] vcmp role silent
[PE2] interface GigabitEthernet 0/0/1
[PE2-GigabitEthernet0/0/1] port link-type hybrid
[PE2-GigabitEthernet0/0/1] quit
[PE2] interface GigabitEthernet 0/0/1.1
[PE2-GigabitEthernet0/0/1.1] qinq termination pe-vid 100 ce-vid 10
[PE2-GigabitEthernet0/0/1.1] ip binding vpn-instance vpna
[PE2-GigabitEthernet0/0/1.1] ip address 10.3.1.2 24
[PE2-GigabitEthernet0/0/1.1] arp broadcast enable
[PE2-GigabitEthernet0/0/1.1] quit
[PE2] interface GigabitEthernet 0/0/2
[PE2-GigabitEthernet0/0/2] port link-type hybrid

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 421

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

[PE2-GigabitEthernet0/0/2] quit
[PE2] interface GigabitEthernet 0/0/2.1
[PE2-GigabitEthernet0/0/2.1] qinq termination pe-vid 200 ce-vid 20
[PE2-GigabitEthernet0/0/2.1] ip binding vpn-instance vpnb
[PE2-GigabitEthernet0/0/2.1] ip address 10.4.1.2 24
[PE2-GigabitEthernet0/0/2.1] arp broadcast enable
[PE2-GigabitEthernet0/0/2.1] quit

# Assign IP addresses to interfaces on CE1 according to Figure 8-14. The

configurations of CE2, CE3, and CE4 are the same as the configuration of CE1, and
are not mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 10
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type hybrid
[CE1-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[CE1-GigabitEthernet0/0/1] port hybrid tagged vlan 10
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 24
[CE1-Vlanif10] quit

After the configuration is complete, run the display ip vpn-instance verbose

command on PEs to check the VPN instance configuration. Each PE can
successfully ping its connected CE.

NOTE

If multiple interfaces of a PE are bound to the same VPN instance, run the ping -vpn-
instance vpn-instance-name -a source-ip-address dest-ip-address command with -a source-
ip-address specified to ping the CE connected to the remote PE. Otherwise, the ping
operation may fail.

The following is the display on PE1:

[PE1] display ip vpn-instance verbose
Total VPN-Instances configured : 2
Total IPv4 VPN-Instances configured : 2
Total IPv6 VPN-Instances configured : 0

VPN-Instance Name and ID : vpna, 1

Interfaces : Gigabitethernet0/0/1.1
Address family ipv4
Create date : 2013-08-28 21:01:00+00:00
Up time : 0 days, 22 hours, 24 minutes and 53 seconds
Route Distinguisher : 100:1
Export VPN Targets : 111:1
Import VPN Targets : 111:1
Label Policy : label per instance
Per-Instance Label : 4098
Log Interval : 5

VPN-Instance Name and ID : vpnb, 2

Interfaces : Gigabitethernet0/0/2.1
Address family ipv4
Create date : 2013-08-28 21:01:00+00:00
Up time : 0 days, 22 hours, 24 minutes and 53 seconds
Route Distinguisher : 100:2
Export VPN Targets : 222:2
Import VPN Targets : 222:2
Label Policy : label per instance
Per-Instance Label : 4099
Log Interval : 5
[PE1] ping -vpn-instance vpna 10.1.1.1
PING 10.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=5 ms

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 422

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=3 ms

Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=3 ms
Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=3 ms
Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=16 ms

--- 10.1.1.1 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/6/16 ms

Step 5 Set up EBGP peer relationships between PEs and CEs and configure CEs to import
VPN routes.
# Configure CE1. The configurations of CE2, CE3, and CE4 are the same as the
configuration of CE1, and are not mentioned here.
[CE1] bgp 65410
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] import-route direct

# Configure PE1. The configuration of PE2 is the same as the configuration of PE1,
and is not mentioned here.
[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpna
[PE1-bgp-vpna] peer 10.1.1.1 as-number 65410
[PE1-bgp-vpna] import-route direct
[PE1-bgp-vpna] quit
[PE1-bgp] ipv4-family vpn-instance vpnb
[PE1-bgp-vpnb] peer 10.2.1.1 as-number 65420
[PE1-bgp-vpnb] import-route direct
[PE1-bgp-vpnb] quit
[PE1-bgp] quit

After the configuration is complete, run the display bgp vpnv4 vpn-instance peer
command on PEs. You can see that BGP peer relationships between PEs and CEs
have been established and are in the Established state.
The following is the peer relationship between PE1 and CE1:
[PE1] display bgp vpnv4 vpn-instance vpna peer

BGP local router ID : 1.1.1.1

Local AS number : 100

VPN-Instance vpna, Router ID 1.1.1.1:

Total number of peers : 1 Peers in established state : 1

Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv

10.1.1.1 4 65410 11 9 0 00:07:25 Established 1

Step 6 Set up an MP-IBGP peer relationship between PEs.

# Configure PE1.
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.3 as-number 100
[PE1-bgp] peer 3.3.3.3 connect-interface loopback 1
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 3.3.3.3 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit

# Configure PE2.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.1 as-number 100

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 423

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

[PE2-bgp] peer 1.1.1.1 connect-interface loopback 1

[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 1.1.1.1 enable
[PE2-bgp-af-vpnv4] quit
[PE2-bgp] quit

After the configuration is complete, run the display bgp peer or display bgp
vpnv4 all peer command on PEs. You can see that the BGP peer relationships
have been established between the PEs.
[PE1] display bgp peer

BGP local router ID : 1.1.1.1

Local AS number : 100
Total number of peers : 1 Peers in established state : 1

Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv

3.3.3.3 4 100 12 6 0 00:02:21 Established 0

[PE1] display bgp vpnv4 all peer

BGP local router ID : 1.1.1.1

Local AS number : 100
Total number of peers : 3 Peers in established state : 3

Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv

3.3.3.3 4 100 12 18 0 00:09:38 Established 0

Peer of IPv4-family for vpn instance :

VPN-Instance vpna, Router ID 1.1.1.1:

10.1.1.1 4 65410 25 25 0 00:17:57 Established 1
VPN-Instance vpnb, Router ID 1.1.1.1:
10.2.1.1 4 65420 21 22 0 00:17:10 Established 1

Step 7 Verify the configuration.

Run the display ip routing-table vpn-instance command on a PE. You can view
the routes to the remote CE.

The following is the display on PE1:

[PE1] display ip routing-table vpn-instance vpna
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpna
Destinations : 3 Routes : 3

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.1.1.0/24 Direct 0 0 D 10.1.1.2 Gigabitethernet0/0/1.1

10.1.1.2/32 Direct 0 0 D 127.0.0.1 Gigabitethernet0/0/1.1
10.3.1.0/24 IBGP 255 0 RD 3.3.3.3 Vlanif30
[PE1] display ip routing-table vpn-instance vpnb
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpnb
Destinations : 3 Routes : 3

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.2.1.0/24 Direct 0 0 D 10.2.1.2 Gigabitethernet0/0/2.1

10.2.1.2/32 Direct 0 0 D 127.0.0.1 Gigabitethernet0/0/2.1
10.4.1.0/24 IBGP 255 0 RD 3.3.3.3 Vlanif30

CEs in the same VPN can successfully ping each other but CEs in different VPNs
cannot.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 424

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

For example, CE1 can successfully ping CE3 at 10.3.1.1 but cannot ping CE4 at
10.4.1.1.
[CE1] ping 10.3.1.1
PING 10.3.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=253 time=72 ms
Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=253 time=34 ms
Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=253 time=50 ms
Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=253 time=50 ms
Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=253 time=34 ms
--- 10.3.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 34/48/72 ms
[CE1] ping 10.4.1.1
PING 10.4.1.1: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 10.4.1.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss

----End

Configuration Files
● PE1 configuration file
#
sysname PE1
#
router id 1.1.1.1
#
vcmp role silent
#
vlan batch 30
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 100:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
ipv4-family
route-distinguisher 100:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
interface Vlanif30
ip address 7.7.7.7 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
#
interface GigabitEthernet0/0/1.1
qinq termination pe-vid 100 ce-vid 10

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 425

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

ip binding vpn-instance vpna

ip address 10.1.1.2 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/2
port link-type hybrid
#
interface GigabitEthernet0/0/2.1
qinq termination pe-vid 200 ce-vid 20
ip binding vpn-instance vpnb
ip address 10.2.1.2 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.3 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.3 enable
#
ipv4-family vpn-instance vpna
peer 10.1.1.1 as-number 65410
import-route direct
#
ipv4-family vpn-instance vpnb
peer 10.2.1.1 as-number 65420
import-route direct
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 7.7.7.0 0.0.0.255
#
return
● P configuration file
#
sysname P
#
router id 2.2.2.2
#
vlan batch 30 60
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Vlanif30
ip address 7.7.7.8 255.255.255.0
mpls
mpls ldp
#
interface Vlanif60
ip address 6.6.6.6 255.255.255.0
mpls
mpls ldp

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 426

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 7.7.7.0 0.0.0.255
network 6.6.6.0 0.0.0.255
#
return
● PE2 configuration file
#
sysname PE2
#
router id 3.3.3.3
#
vcmp role silent
#
vlan batch 60
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 200:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
ipv4-family
route-distinguisher 200:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
interface Vlanif60
ip address 6.6.6.7 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
#
interface GigabitEthernet0/0/1.1
qinq termination pe-vid 100 ce-vid 10
ip binding vpn-instance vpna
ip address 10.3.1.2 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/2
port link-type hybrid
#
interface GigabitEthernet0/0/2.1
qinq termination pe-vid 200 ce-vid 20
ip binding vpn-instance vpnb
ip address 10.4.1.2 255.255.255.0

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 427

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

arp broadcast enable

#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
#
ipv4-family vpn-instance vpna
peer 10.3.1.1 as-number 65430
import-route direct
#
ipv4-family vpn-instance vpnb
peer 10.4.1.1 as-number 65440
import-route direct
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 6.6.6.0 0.0.0.255
#
return
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 10
port hybrid tagged vlan 10
#
bgp 65410
peer 10.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.1.1.2 enable
#
return
● CE2 configuration file
#
sysname CE2
#
vlan batch 20
#
interface Vlanif20
ip address 10.2.1.1 255.255.255.0
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 428

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
bgp 65420
peer 10.2.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.2.1.2 enable
#
return
● CE3 configuration file
#
sysname CE3
#
vlan batch 10
#
interface Vlanif10
ip address 10.3.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 10
port hybrid tagged vlan 10
#
bgp 65430
peer 10.3.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.3.1.2 enable
#
return
● CE4 configuration file
#
sysname CE4
#
vlan batch 20
#
interface Vlanif20
ip address 10.4.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
bgp 65440
peer 10.4.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.4.1.2 enable
#
return
● Switch1 configuration file
#
sysname Switch1
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type hybrid

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 429

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 8 VLAN Termination Configuration

qinq vlan-translation enable

port hybrid untagged vlan 100
port vlan-stacking vlan 10 stack-vlan 100
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 100
#
return

● Switch2 configuration file

#
sysname Switch2
#
vlan batch 200
#
interface GigabitEthernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid untagged vlan 200
port vlan-stacking vlan 20 stack-vlan 200
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 200
#
return

● Switch3 configuration file

#
sysname Switch3
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid untagged vlan 100
port vlan-stacking vlan 10 stack-vlan 100
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 100
#
return

● Switch4 configuration file

#
sysname Switch4
#
vlan batch 200
#
interface GigabitEthernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid untagged vlan 200
port vlan-stacking vlan 20 stack-vlan 200
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 200
#
return

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 430

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

9 Voice VLAN Configuration

About This Chapter

This chapter describes how to configure voice VLAN. A voice VLAN changes the
priority of voice data packets to improve voice data transmission quality.

9.1 Overview of Voice VLANs

9.2 Voice VLAN Typical Networking
9.3 Understanding Voice VLANs
9.4 Application Scenarios for Voice VLANs
9.5 Licensing Requirements and Limitations for Voice VLAN
9.6 Default Settings for Voice VLANs
9.7 Configuring a MAC Address-based Voice VLAN
9.8 Configuring a VLAN ID-based Voice VLAN
9.9 Configuration Examples for Voice VLANs

9.1 Overview of Voice VLANs

Definition
Voice VLAN is a technology that transmits voice data.

Purpose
Data, voice, and video services are often transmitted simultaneously over a
network. Voice services, in particular, require a higher forwarding priority than
data or video services. When bandwidth is limited, voice data must have
transmission preference over other types of data. This can be ensured by
configuring a voice VLAN on the switch to transmit voice data and setting QoS
parameters in the voice VLAN so that voice data is given preference when
congestion occurs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 431

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

9.2 Voice VLAN Typical Networking

As shown in Figure 9-1, a PC and an IP phone connect to a switch interface
simultaneously. Therefore, the switch interface transmits both voice and data
services.

Figure 9-1 Connecting a PC and an IP phone to a switch

Network

PC IP Phone Switch

The connection mode in Figure 9-1 is widely used on networks.

Figure 9-2 shows another connection mode, in which only an IP phone connects
to a switch interface.

Figure 9-2 Connecting an IP phone to a switch

Network

IP Phone Switch

Some IP phones (for example, Cisco 7962) send tagged voice packets and some IP
phones (for example, Huawei MC850) send untagged voice packets. The following
sections describe how the MAC address-based voice VLAN and VLAN ID-based
voice VLAN transmit tagged and untagged voice packets.

9.3 Understanding Voice VLANs

Some IP phones (for example, Cisco 7960) send tagged voice packets, and others
(for example, Huawei MC850) send untagged voice packets. This section discusses
how MAC address-based voice VLAN and VLAN ID-based voice VLAN transmit
tagged and untagged voice packets.

A switch configured with voice VLAN can:

● Identify voice data.
● Increase the priority of voice data.
● Forward the voice data based on the increased priority.

The switch identifies voice data based on:

● Source MAC addresses of the received packets

The switch identifies data packets as voice data when the source MAC address
matches the organizationally unique identifier (OUI). The OUI must be
preconfigured and is used in scenarios where IP phones send untagged voice
packets.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 432

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

● Source VLAN tags of the received packets

The switch identifies data packets as voice data when the VLAN ID matches
the configured VLAN ID. This simplifies configurations when many IP phones
connect to the switch. IP phones must be able to obtain voice VLAN
information from the switch to use this mode.
The switch can identify voice data flows based on MAC addresses and VLAN IDs
regardless of whether the packets carry VLAN tags. However, OUIs must be
configured in order for the switch to differentiate untagged voice packets from
data packets. If the voice packets are tagged, configuring VLAN ID-based voice
VLAN simplifies configuration when many IP phones connect to the switch.

MAC Address-based Voice VLAN

● OUI
An OUI is the first 24 bits of a 48-bit MAC address assigned to each vendor by
the Institute of Electrical and Electronics Engineers (IEEE). Voice packets sent
by IP phones can be identified by the MAC address ranges requested by IP
phone vendors.
In voice VLAN, the OUI is user-defined and not necessarily 24 bits long. The
OUI is the result of the AND operation between the MAC address and mask in
the voice-vlan mac-address command.
● Implementation
In Figure 9-3, after receiving an untagged packet from the PC and IP phone,
the switch processes the packet as follows:
– If the source MAC address matches the configured OUI, the switch adds
the voice VLAN tag to the packet and increases the packet priority. (If the
result of the AND operation between the MAC address and mask is the
OUI, the source MAC address matches the OUI.)
– If the source MAC address does not match the configured OUI, the switch
adds the VLAN tag with the PVID to the packet so that voice packets are
preferentially sent.

Figure 9-3 MAC address-based voice VLAN

Data packet Low-priority data packet

Network

PC IP Phone Switch

Voice packet High-priority voice packet

VLAN ID-based Voice VLAN

After receiving packets from the PC and IP phone, the switch determines whether
the VLAN IDs in the packets match the configured voice VLAN ID. If they match,
the switch considers data as voice data and increases the priority. The switch adds
the VLAN tag of the PVID to untagged packets from the PC. When VLAN ID-based

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 433

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

voice VLAN is configured, the IP phone must be able to obtain voice VLAN
information from the switch.
LLDP is one of multiple methods in which an IP phone can obtain voice VLAN
information from a switch.

Figure 9-4 VLAN ID-based voice VLAN

Data packet Low-priority data packet

Network

PC IP phone Switch
1 Send an LLDPDU

2 Encapsulate the voice VLAN 4 High-priority voice packet

ID in the LLDPDU

3 Send the tagged voice packet

to the switch

Figure 9-4 shows a PC and an IP phone connecting to a switch. The IP phone

obtains voice VLAN information from the switch through LLDP as follows:
1. After the IP phone goes online, it sends an LLDPDU to the switch.
2. After receiving the LLDPDU, the switch encapsulates voice VLAN information
in the LLDPDU and sends it to the IP phone.
3. After receiving the LLDPDU, the IP phone sends tagged voice packets.
4. The switch receives tagged voice packets. If the tag matches the voice VLAN
ID on the switch, the switch increases the priority of the packets and forwards
them.
When receiving untagged packets, the switch still sends them in the VLAN
specified by the PVID. When congestion occurs, the switch preferentially sends
voice packets.

9.4 Application Scenarios for Voice VLANs

Figure 9-5 shows PCs and IP phones connecting to the Internet through switches.
Because the voice service is sensitive to delay and jitter, the priority of voice data
flows needs to be increased so that they can be preferentially forwarded when
congestion occurs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 434

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

Figure 9-5 Application scenarios for voice VLAN

Switch Switch1
Internet

IP Phone A
IP Phone C

IP Phone B

PC A PC C

Configure a voice VLAN based on the type of voice packets sent by IP phones:
● Configure MAC address-based voice VLAN when voice packets are untagged
or tagged with VLAN 0.
● Configure VLAN ID-based voice VLAN when IP phones can obtain voice VLAN
information on the switch.

9.5 Licensing Requirements and Limitations for Voice

VLAN

Involved Network Elements

Other network elements are not required.

Licensing Requirements
Voice VLAN configuration commands are available only after the S1720GW,
S1720GWR, and S1720X have the license (WEB management to full management
Electronic RTU License) loaded and activated and the switches are restarted. Voice
VLAN configuration commands on other models are not under license control.
For details about how to apply for a license, see S Series Switch License Use
Guide.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 435

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

Version Requirements

Table 9-1 Products and versions supporting the voice VLAN

Product Product Software Version
Model

S1700 S1720GFR V200R006C10, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S1720GW, V200R010C00, V200R011C00, V200R011C10

S1720GWR

S1720GW- V200R010C00, V200R011C00, V200R011C10

E,
S1720GWR
-E

S1720X, V200R011C00, V200R011C10

S1720X-E

Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.

S2700 S2700SI Not supported

S2700EI V100R005C01, V100R006(C00&C01&C03&C05)

S2710SI V100R006(C03&C05)

S2720EI V200R006C10, V200R009C00, V200R010C00,

V200R011C10

S2750EI V200R003C00, V200R005C00SPC300, V200R006C00,

V200R007C00, V200R008C00, V200R009C00,
V200R010C00, V200R011C00, V200R011C10

S3700 S3700SI V100R005C01, V100R006(C00&C01&C03&C05)

S3700EI V100R005C01, V100R006(C00&C01&C03&C05)

S3700HI V100R006C01, V200R001C00

S5700 S5700LI V200R001C00, V200R002C00,

V200R003(C00&C02&C10), V200R005C00SPC300,
V200R006C00, V200R007C00, V200R008C00,
V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5700S-LI V200R001C00, V200R002C00, V200R003C00,

V200R005C00SPC300, V200R006C00, V200R007C00,
V200R008C00, V200R009C00, V200R010C00,
V200R011C00, V200R011C10

S5710-C-LI V200R001C00

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 436

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

Product Product Software Version

Model

S5710-X-LI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S5700EI V100R005C01, V100R006(C00&C01),

V200R001(C00&C01), V200R002C00, V200R003C00,
V200R005(C00&C01&C02&C03)

S5700SI V100R005C01, V100R006C00, V200R001C00,

V200R002C00, V200R003C00, V200R005C00

S5710EI V200R001C00, V200R002C00, V200R003C00,

V200R005(C00&C02)

S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10

S5720LI, V200R010C00, V200R011C00, V200R011C10

S5720S-LI

S5720SI, V200R008C00, V200R009C00, V200R010C00,

S5720S-SI V200R011C00, V200R011C10

S5700HI V100R006C01, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00SPC500&C01&C02)

S5710HI V200R003C00, V200R005(C00&C02&C03)

S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5730SI V200R011C10

S5730S-EI V200R011C10

S6700 S6700EI V100R006C00, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00&C01&C02)

S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, V200R011C00, V200R011C10

S6720S-LI

S6720SI, V200R011C00, V200R011C10

S6720S-SI

NOTE
To know details about software mappings, see Hardware Query Tool.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 437

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

Feature Limitations
● VLAN 1 cannot be configured as a voice VLAN.
● To transmit different services, ensure that the voice VLAN and default VLAN
on an interface are different VLANs.
● Only one VLAN on an interface can be configured as a voice VLAN at a time.
● After a voice VLAN is configured on an interface, VLAN mapping, VLAN
stacking, or traffic policies cannot be configured on the interface.
● Do not set the VLAN ID to 0 on an IP phone.
● The automatic mode is not supported on the S5720HI.
● In auto mode, access, negotiation-auto, or negotiation-desirable interfaces
cannot be added to a voice VLAN. To add the interface to the voice VLAN, run
the port link-type command to change the link type of the interface to trunk
or hybrid.
● When an IP phone is connected to a switch through the OUI-based voice
VLAN, disable LLDP on the interface. If LLDP is enabled on the interface, the
switch will allocate a voice VLAN ID to the IP phone. The IP phone sends
tagged packets to the switch, whereas the switch sends untagged packets to
the IP phone. As a result, the IP phone cannot go online.
● In V200R003 and later versions, the automatic mode takes effect only when
the voice-vlan remark-mode mac-address command is configured to
increase the priority of voice packets based on MAC addresses and the voice-
vlan enable command without include-untagged specified is configured to
enable voice VLAN on the interface.
● When the remark (user group view) and voice-vlan remark commands are
used together to modify the user packet priority, if the services conflict:
– For S5720HI, the priority configured using the remark (user group view)
command takes effect.
– For S5720EI, S6720EI, and S6720S-EI, the priority configured using the
voice-vlan remark command takes effect.

9.6 Default Settings for Voice VLANs

Parameter Default Setting

Voice VLAN on an interface Disabled

Increase in voice VLAN VLAN ID-based

priority

Adding an interface to voice Manual

VLAN

802.1p priority of the voice 6

VLAN

DSCP priority of the voice 46

VLAN

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 438

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

Parameter Default Setting

Working mode of the voice Normal

VLAN

Interworking with voice Disabled

devices of other vendors

9.7 Configuring a MAC Address-based Voice VLAN

9.7.1 Enabling the Voice VLAN Function

Context
To implement the voice VLAN function, configure the VLAN used to forward voice
packets on the switch as a voice VLAN and enable the voice VLAN. You are
advised to configure different VLANs for voice and data services to facilitate
management.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The interface view is displayed.

Step 3 Run voice-vlan vlan-id enable [ include-untagged | include-tag0 ]*

A voice VLAN is configured and the voice VLAN function is enabled on the
interface.

By default, the voice VLAN function is disabled on an interface.

NOTE

● VLAN 1 cannot be configured as a voice VLAN.

● To transmit different services, ensure that the voice VLAN and default VLAN on an
interface are different VLANs.
● Only one voice VLAN on an interface can be configured as a voice VLAN at a time.
● After a voice VLAN is configured on an interface, VLAN mapping, VLAN stacking, or
traffic policies cannot be configured on the interface.
● When an IP phone sends packets tagged with VLAN 0, include-tag0 must be specified
on the S5720EI, S6720EI, and S6720S-EI. On other models, include-untagged takes
effect for untagged packets and packets tagged with VLAN 0.
● If a VLAN is associated with a BD, it cannot be configured as a voice VLAN.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 439

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

9.7.2 Configuring a Mode in Which the Priority of Voice

Packets Is Increased Based on MAC Addresses
Context
The switch can identify voice data flows according to the source MAC address of
the received data packets. The switch considers data packets with the source MAC
address matching the Organizationally Unique Identifier (OUI) as voice data flows.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run voice-vlan remark-mode mac-address
A mode in which the priority of voice packets is increased is configured.
By default, the priority of voice packets is increased based on VLAN IDs.

----End

9.7.3 Configuring an OUI for a Voice VLAN

Context
An OUI is the first 24 bits of a 48-bit MAC address assigned to each vendor by the
Institute of Electrical and Electronics Engineers (IEEE). Voice packets sent by IP
phones can be identified by the MAC address ranges requested by IP phone
vendors.
In voice VLAN, the OUI is user-defined and not necessarily 24 bits long. The OUI is
the result of the AND operation between the MAC address and mask in the voice-
vlan mac-address command.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run voice-vlan mac-address mac-address mask oui-mask [ description text ]
An OUI is configured for a voice VLAN.
By default, no OUI address is set.
When configuring an OUI for a voice VLAN, note the following:
● The MAC address cannot be all 0s, multicast address, or broadcast address.
● The S5720HI, S5720EI, S6720EI, and S6720S-EI support a maximum of 100
OUIs. When the switch is configured with 100 OUIs, subsequent

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 440

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

configurations will not take effect. Other models support a maximum of 16

OUIs. When the switch is configured with 16 OUIs, subsequent configurations
will not take effect.
● When you run the undo voice-vlan mac-address mac-address command to
delete an OUI, set mac-address to the result of the logical AND operation
between the OUI and the OUI mask that you set.

----End

9.7.4 Configuring a Mode in Which an Interface Is Added to a

Voice VLAN
Context
Based on MAC addresses, an interface can be added to a voice VLAN in auto or
manual mode. You can configure a mode in which an interface is added to a voice
VLAN according to data flows on the interface.
● Auto
The system adds the interface connected to a voice device to the voice VLAN
if the source MAC address of packets sent from the voice device matches the
OUI.
● Manual
In manual mode, the interface connected to a voice device must be added to
the voice VLAN manually after the voice VLAN function is enabled on the
interface. Otherwise, the voice VLAN does not take effect on the interface.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run port link-type hybrid
The interface is configured as the hybrid interface.
Step 4 Run voice-vlan mode { auto | manual }
A mode in which an interface is added to a voice VLAN is configured.
By default, an interface is added to a voice VLAN in manual mode.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 441

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

NOTE

● S5720HI does not support this configuration.

● In auto mode, access, negotiation-auto, or negotiation-desirable interfaces cannot be
added to a voice VLAN. To add the interface to the voice VLAN, run the port link-type
command to change the link type of the interface to trunk or hybrid.
● The automatic mode takes effect only when the voice-vlan remark-mode mac-address
command is configured to increase the priority of voice packets based on MAC
addresses and the voice-vlan enable command without include-untagged specified is
configured to enable voice VLAN on the interface and add voice VLAN IDs to only
tagged packets.

Step 5 (Optional) Add an interface to a voice VLAN in manual mode according to 5.7.1
Configuring Interface-based VLAN Assignment (Statically Configured
Interface Type).

----End

9.7.5 (Optional) Configuring the Secure or Normal Mode of a

Voice VLAN
Context
Based on the data filtering mechanism, a voice VLAN works in either secure or
normal mode.
Table 9-2 describes the voice VLAN working modes.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 442

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

Table 9-2 Security and normal modes

Wor Scenario Packet Processing Configuration Note
king
Mod
e

Secu The inbound interface If the source MAC The secure mode takes
re enabled with the voice address does not effect only when the
VLAN function allows match the OUI, the voice-vlan remark-
only the voice packets interface does not mode mac-address
in which the source change the priority of command is
MAC address matches voice packets and configured to increase
the OUI address of the prevents the voice the priority of voice
voice VLAN, and packets from being packets based on MAC
discards non-voice forwarded in the voice addresses.
packets from the voice VLAN.
VLAN and forwards If the source MAC
packets from other address matches the
VLANs. OUI, the interface
changes the priority of
voice packets and
allows the voice
packets to be
forwarded in the voice
VLAN.

Nor The inbound interface If the source MAC Transmitting voice and
mal enabled with the voice address does not service data at the
VLAN function match the OUI, the same time in a voice
transmits both voice interface does not VLAN is not
packets and non-voice change the priority of recommended. If a
packets. In normal voice packets and voice VLAN must
mode, the interface is allows the voice transmit both voice
vulnerable to attacks packets to be and service data,
from malicious data forwarded in the voice ensure that the voice
traffic. VLAN. VLAN works in normal
If the source MAC mode.
address matches the
OUI, the interface
changes the priority of
voice packets and
allows the voice
packets to be
forwarded in the voice
VLAN.

Procedure
● Configuring the secure mode
a. Run system-view
The system view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 443

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

b. Run interface interface-type interface-number

The interface view is displayed.
c. Run voice-vlan security enable
The voice VLAN is configured to work in secure mode.
By default, a voice VLAN works in normal mode.
● Configuring the normal mode
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run undo voice-vlan security enable
The voice VLAN is configured to work in normal mode.
By default, a voice VLAN works in normal mode.

----End

9.7.6 (Optional) Configuring the 802.1p Priority and DSCP

Priority for a Voice VLAN

Context
By default, the 802.1p priority and DSCP priority for a voice VLAN are 6 and 46
respectively. You can dynamically configure 802.1p priority and DSCP priority to
plan priorities for different voice services.
● The 802.1p priority is indicated by the value in the 3-bit PRI field in each
802.1Q VLAN frame. This field determines the transmission priority for data
packets when a switching device is congested.
● The DSCP value is indicated by the 6 bits in the Type of Service (ToS) field in
the IPv4 packet header. DSCP, as the signaling for DiffServ, is used for QoS
guarantee on IP networks. The traffic controller on the network gateway
takes actions merely based on the information carried by the 6 bits.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run voice-vlan remark { 8021p 8021p-value | dscp dscp-value } *

The 802.1p priority and DSCP priority are configured for a voice VLAN.

By default, the 802.1p priority and DSCP priority for a voice VLAN are 6 and 46
respectively.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 444

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

9.7.7 Verifying the MAC Address-based Voice VLAN

Configuration
Procedure
● Run the display voice-vlan [ vlan-id ] status command to check information
about a voice VLAN, including the status, working mode, 802.1p priority and
DSCP priority of the voice VLAN, and interface enabled with voice VLAN.
● Run the display voice-vlan oui command to check the organizationally
unique identifier (OUI), OUI mask, and OUI description of the voice VLAN.
----End

9.8 Configuring a VLAN ID-based Voice VLAN

9.8.1 Enabling the Voice VLAN Function

Context
To implement the voice VLAN function, configure the VLAN used to forward voice
packets on the switch as a voice VLAN and enable the voice VLAN. You are
advised to configure different VLANs for voice and data services to facilitate
management.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.

Step 3 Run voice-vlan vlan-id enable [ include-untagged | include-tag0 ]*

A voice VLAN is configured and the voice VLAN function is enabled on the
interface.
By default, the voice VLAN function is disabled on an interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 445

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

NOTE

● VLAN 1 cannot be configured as a voice VLAN.

● To transmit different services, ensure that the voice VLAN and default VLAN on an
interface are different VLANs.
● Only one voice VLAN on an interface can be configured as a voice VLAN at a time.
● After a voice VLAN is configured on an interface, VLAN mapping, VLAN stacking, or
traffic policies cannot be configured on the interface.
● When an IP phone sends packets tagged with VLAN 0, include-tag0 must be specified
on the S5720EI, S6720EI, and S6720S-EI. On other models, include-untagged takes
effect for untagged packets and packets tagged with VLAN 0.
● If a VLAN is associated with a BD, it cannot be configured as a voice VLAN.

----End

9.8.2 Configuring a Mode in Which the Priority of Voice

Packets Is Increased Based on VLAN IDs

Context
If the VLAN ID in packets received by a switch interface is the same as the voice
VLAN ID, the switch considers the packets as voice packets and increases the
packet priority.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The interface view is displayed.

Step 3 Run voice-vlan remark-mode vlan

A mode in which the priority of voice packets is increased is configured.

By default, the priority of voice packets is increased based on VLAN IDs.

----End

9.8.3 Configuring a Mode in Which an Interface Is Added to a

Voice VLAN

Context
When a VLAN ID-based voice VLAN is used, the interface connected to a voice
device must be added to the voice VLAN manually so that the voice VLAN can
take effect.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 446

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

Procedure
Step 1 Add an interface to a voice VLAN in manual mode according to 5.7.1 Configuring
Interface-based VLAN Assignment (Statically Configured Interface Type).

----End

9.8.4 Configuring the Switch to Advertise Voice VLAN

Information to an IP Phone
Context
Generally, IP phones that can send tagged voice packets can obtain voice VLAN
information from the switch using a protocol such as LLDP (LLDP is used as an
example). LLDP needs to be enabled. When the switch receives an LLDPDU from
an IP phone, the switch encapsulates voice VLAN information in the LLDPDU and
sends it to the IP phone. The IP phone then sends tagged voice packets.

The switch can encapsulate voice VLAN information into LLDPDUs and send them
to connected IP phones. However, IP phones of some vendors send Cisco Discovery
Protocol (CDP) packets. You can run the voice-vlan legacy enable command to
enable CDP-compatible function so that the switch encapsulates voice VLAN
information in CDP packets and sends them to connected IP phones.

Procedure
● Configuring the switch to advertise voice VLAN information to an IP phone
through LLDP
a. Run system-view

The system view is displayed.

b. Run lldp enable

LLDP is enabled globally.

By default, LLDP is enabled globally.

c. Run interface interface-type interface-number

The interface view is displayed.

d. Run lldp enable

LLDP is enabled on the interface.

After LLDP is enabled in the system view, all interfaces are enabled with
LLDP.
● Configuring Cisco Discovery Protocol (CDP)-compatible Voice VLAN function
a. Run system-view

The system view is displayed.

b. Run interface interface-type interface-number

The interface view is displayed.

c. Run voice-vlan legacy enable

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 447

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

CDP-compatible Voice VLAN function is enabled so that the switch

encapsulates voice VLAN information in CDP packets and sends them to
the IP phone.
By default, CDP-compatible Voice VLAN function is disabled.
----End

9.8.5 (Optional) Configuring the 802.1p Priority and DSCP

Priority for a Voice VLAN
Context
By default, the 802.1p priority and DSCP priority for a voice VLAN are 6 and 46
respectively. You can dynamically configure 802.1p priority and DSCP priority to
plan priorities for different voice services.
● The 802.1p priority is indicated by the value in the 3-bit PRI field in each
802.1Q VLAN frame. This field determines the transmission priority for data
packets when a switching device is congested.
● The DSCP value is indicated by the 6 bits in the Type of Service (ToS) field in
the IPv4 packet header. DSCP, as the signaling for DiffServ, is used for QoS
guarantee on IP networks. The traffic controller on the network gateway
takes actions merely based on the information carried by the 6 bits.

Procedure
Step 1 Run system-view
The system view is displayed.

Step 2 Run voice-vlan remark { 8021p 8021p-value | dscp dscp-value } *

The 802.1p priority and DSCP priority are configured for a voice VLAN.
By default, the 802.1p priority and DSCP priority for a voice VLAN are 6 and 46
respectively.

----End

9.8.6 Verifying the VLAN ID-based Voice VLAN Configuration

Procedure
● Run the display voice-vlan [ vlan-id ] status command to check information
about a voice VLAN, including the status, 802.1p priority and DSCP priority of
the voice VLAN, and interface enabled with voice VLAN.
----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 448

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

9.9 Configuration Examples for Voice VLANs

9.9.1 Example for Configuring a MAC Address-based Voice
VLAN (IP Phones Send Untagged Voice Packets)

Networking Requirements
As shown in Figure 9-6, the switch connects to IP phones and a PC. The switch
uses VLAN 2 to transmit voice packets and VLAN 3 to transmit data packets. PC A
connects to IP phone A and they connect to the switch, and IP phone B separately
connects to the switch. IP phones send untagged voice packets. Users require high
quality of the VoIP service; therefore, voice data flows must be transmitted with a
high priority to ensure the call quality.

Figure 9-6 Networking for configuring a MAC address-based voice VLAN

Switch Switch1

Internet

GE0/0/1 GE0/0/2
IP Phone A GE0/0/1
MAC:0003-6B00-0001
Mask:ffff-ff00-0000

IP Phone C

IP Phone B
MAC:0003-6B00-0002
Mask:ffff-ff00-0000

PC A PC C
286E-D400-0001

Configuration Roadmap
Because voice and data packets received by the switch are untagged, you need to
configure OUIs to differentiate voice and data traffic. The configuration roadmap
is as follows:
1. Create VLANs on the switch and add interfaces to VLANs to implement Layer
2 connectivity.
2. Configure an OUI so that the switch adds a VLAN tag to voice packets in
which the source MAC address matches the OUI.
3. Configure VLAN 2 as the voice VLAN and configure the interface to allow
voice packets to pass through.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 449

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

Procedure
Step 1 Configure VLANs and interfaces on the Switch.
# Create VLANs.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 2 3

# Configure VLANs allowed by GE0/0/1.

[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 3
[Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 2 to 3
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type hybrid
[Switch-GigabitEthernet0/0/2] port hybrid untagged vlan 2
[Switch-GigabitEthernet0/0/2] quit

Step 2 Configure an OUI.

[Switch] voice-vlan mac-address 0003-6B00-0000 mask ffff-ff00-0000

Step 3 # Enable the voice VLAN function on GE0/0/1. The configuration of GE0/0/2 is
similar to the configuration of GE0/0/1, and is not mentioned here.
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] voice-vlan 2 enable include-untagged
[Switch-GigabitEthernet0/0/1] voice-vlan remark-mode mac-address
[Switch-GigabitEthernet0/0/1] quit

Step 4 Verify the configuration.

Run the display voice-vlan 2 status command to check the voice VLAN
configuration.
[Switch] display voice-vlan 2 status
Voice VLAN Configurations:
-----------------------------------------------------------
Voice VLAN ID :2
Voice VLAN status : Enable
Voice VLAN 8021p remark : 6
Voice VLAN dscp remark : 46
-----------------------------------------------------------
Port Information:
-------------------------------------------------------------------------------
Port Add-Mode Security-Mode Legacy PribyVLAN Untag
-------------------------------------------------------------------------------
GigabitEthernet0/0/2 Manual Normal Disable Disable Enable
GigabitEthernet0/0/1 Manual Normal Disable Disable Enable

----End

Configuration Files
Switch configuration file
#
sysname Switch
#
voice-vlan mac-address 0003-6b00-0000 mask ffff-ff00-0000
#
vlan batch 2 to 3
#
interface GigabitEthernet0/0/1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 450

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

port link-type hybrid

voice-vlan 2 enable include-untagged
voice-vlan remark-mode mac-address
port hybrid pvid vlan 3
port hybrid untagged vlan 2 to 3
#
interface GigabitEthernet0/0/2
port link-type hybrid
voice-vlan 2 enable include-untagged
voice-vlan remark-mode mac-address
port hybrid untagged vlan 2
#
return

9.9.2 Example for Configuring a VLAN ID-based Voice VLAN

(IP Phones Send Tagged Voice Packets)

Networking Requirements
As shown in Figure 9-7, the switch connects to IP phones and a PC. The switch
uses VLAN 2 to transmit voice packets and VLAN 3 to transmit data packets. PC A
connects to IP phone A and they connect to the switch, and IP phone B separately
connects to the switch. IP phones can obtain voice VLAN information through
LLDP and send tagged voice packets. Users require high quality of the VoIP
service; therefore, voice data flows must be transmitted with a high priority to
ensure the call quality. In addition, the administrator manages many IP phones
and requires simplified configurations.

Figure 9-7 Networking for configuring a VLAN ID-based voice VLAN

Switch Switch1

Internet

GE0/0/1 GE0/0/2
GE0/0/1

IP Phone A
IP Phone C

IP Phone B

PC A PC C

Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs on the switch and add interfaces to VLANs to implement Layer
2 connectivity.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 451

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

2. Enable LLDP so that IP phones can obtain voice VLAN information through
LLDP.
3. Configure VLAN 2 as the voice VLAN and configure the interface to allow
voice packets to pass through. Configure a VLAN ID-based voice VLAN, which
relieves you from configuring OUIs.

Procedure
Step 1 Configure VLANs and interfaces on the Switch.
# Create VLANs.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 2 3

# Configure VLANs allowed by GE0/0/1.

[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 3
[Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 3
[Switch-GigabitEthernet0/0/1] port hybrid tagged vlan 2
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type hybrid
[Switch-GigabitEthernet0/0/2] port hybrid tagged vlan 2
[Switch-GigabitEthernet0/0/2] quit

Step 2 Enable LLDP.

[Switch] lldp enable

Step 3 # Enable the voice VLAN function on GE0/0/1. The configuration of GE0/0/2 is
similar to the configuration of GE0/0/1, and is not mentioned here.
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] voice-vlan 2 enable
[Switch-GigabitEthernet0/0/1] voice-vlan remark-mode vlan
[Switch-GigabitEthernet0/0/1] quit

Step 4 Verify the configuration.

Run the display voice-vlan 2 status command to check the voice VLAN
configuration.
[Switch] display voice-vlan 2 status
Voice VLAN Configurations:
-----------------------------------------------------------
Voice VLAN ID :2
Voice VLAN status : Enable
Voice VLAN 8021p remark : 6
Voice VLAN dscp remark : 46
-----------------------------------------------------------
Port Information:
-------------------------------------------------------------------------------
Port Add-Mode Security-Mode Legacy PribyVLAN Untag
-------------------------------------------------------------------------------
GigabitEthernet0/0/2 Manual Normal Disable Enable Disable
GigabitEthernet0/0/1 Manual Normal Disable Enable Disable

----End

Configuration Files
Switch configuration file

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 452

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 9 Voice VLAN Configuration

#
sysname Switch
#
vlan batch 2 to 3
#
lldp enable
#
interface GigabitEthernet0/0/1
port link-type hybrid
voice-vlan 2 enable
port hybrid pvid vlan 3
port hybrid tagged vlan 2
port hybrid untagged vlan 3
#
interface GigabitEthernet0/0/2
port link-type hybrid
voice-vlan 2 enable
port hybrid tagged vlan 2
#
return

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 453

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

10 QinQ Configuration

About This Chapter

This chapter describes how to configure 802.1Q-in-802.1Q (QinQ).

10.1 Overview of QinQ

10.2 Understanding QinQ
10.3 Application Scenarios for QinQ
10.4 Summary of QinQ Configuration Tasks
10.5 Licensing Requirements and Limitations for QinQ
10.6 Configuring Basic QinQ
10.7 Configuring Selective QinQ
10.8 Configuring the TPID Value in an Outer VLAN Tag
10.9 Configuring QinQ Stacking on a VLANIF Interface
10.10 Configuring the Device to Add Double VLAN Tags to Untagged Packets
10.11 Configuring QinQ Mapping
10.12 Displaying VLAN Translation Resource Usage
10.13 Configuration Examples for QinQ
10.14 Troubleshooting QinQ
10.15 FAQ About QinQ

10.1 Overview of QinQ

Definition
QinQ expands VLAN space by adding an additional 802.1Q tag to 802.1Q tagged
packets. It allows services in a private VLAN to be transparently transmitted over a

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 454

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

public network. A packet transmitted on the backbone network carries two 802.1Q
tags: a public VLAN tag and a private VLAN tag.

Purpose
Ethernet is widely used on ISP networks, but 802.1Q VLANs are unable to identify
and isolate large numbers of users on metro Ethernet networks because the 12-bit
VLAN tag field defined in IEEE 802.1Q only identifies a maximum of 4096 VLANs.
QinQ was developed to expand VLAN space beyond 4096 VLANs so that a larger
number of users can be identified on a metro Ethernet network.

QinQ was originally developed to expand VLAN space by adding an additional

802.1Q tag to an 802.1Q-tagged packet. In this way, the number of VLANs
increases to 4094 x 4094.

In addition to expanding VLAN space, QinQ is applied in other scenarios with the
development of metro Ethernet networks and carriers' requirements on refined
service operation. The outer and inner VLAN tags can be used to differentiate
packets based on users and services. For example, the inner tag represents a user,
while the outer tag represents a service. Moreover, QinQ is used as a simple and
practical VPN technology because inner tags of QinQ packets are transparently
transmitted over a public network. It extends core MPLS VPN services to metro
Ethernet networks to establish an end-to-end VPN.

Since QinQ technology is easy to use, it has been widely applied in Internet
Service Provider (ISP) networks. For example, QinQ is combined with multiple
services in metro Ethernet solutions. Selective QinQ (VLAN stacking) makes QinQ
more popular among ISPs. As the metro Ethernet develops, equipment vendors
have developed their own metro Ethernet solutions, in which the simple and
flexible QinQ technology plays an important role.

Benefits
QinQ offers the following benefits:
● Extends the VLAN space to isolate and identify more users.
● Facilitates service deployment by allowing the inner and outer tags to
represent different information. For example, the inner tag identifies a user
and the outer tag identifies a service.
● Allows ISPs to implement refined service operation by providing diversified
encapsulation and termination modes.

10.2 Understanding QinQ

10.2.1 QinQ Fundamentals

QinQ expands VLAN space by adding an additional 802.1Q VLAN tag to an
802.1Q-tagged packet. Devices forward packets over the public network according
to outer VLAN tags of the packets, and learn MAC addresses from the outer VLAN
tags. The private VLAN tags in the packets are forwarded as payload of the
packets.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 455

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Figure 10-1 Typical QinQ application

VLAN 1~20 VLAN 1~10

CE2 CE3 CE4

Customer Customer
network B network A

VLAN 4 VLAN 3

PE1 Pubilc PE2

network
VLAN 3 VLAN 4

Customer Customer
network A network B
CE1 CE2

VLAN 1~10 VLAN 1~20

As shown in Figure 10-1, customer network A is divided into private VLANs 1 to

10, and customer network B is divided into private VLANs 1 to 20. The carrier
allocates public VLANs 3 and 4 to customer networks A and B respectively. When
tagged packets from networks A and B arrive at the carrier network, the packets
are tagged outer VLANs 3 and 4. Therefore, the packets from different customer
networks are separated on the carrier network, even though the customer
networks use overlapping VLAN ranges. When the packets reach the PE on the
other side of the carrier network, the PE removes public VLAN tags from the
packets and forwards the packets to the CE of the respective customer network.

QinQ Packet Encapsulation Format

A QinQ packet has a fixed format, in which an 802.1Q tag is added outside the
existing 802.1Q tag of the packet. A QinQ packet has 4 more bytes than an
802.1Q packet.

NOTE

Because a QinQ packet has 4 more bytes than an 802.1Q packet, the maximum frame
length allowed by each interface on the carrier network should be at least 1504 bytes. The
default frame length allowed by interfaces of a switch is larger than 1504 bytes, so you do
not need to adjust it. For details on how to configure the frame length allowed by an
interface, see Setting the Jumbo Frame Length Allowed on an Interface in "Ethernet
Interface Configuration" in the S1720, S2700, S5700, and S6720 V200R011C10
Configuration Guide - Interface Management.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 456

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Figure 10-2 802.1Q encapsulation

802.1Q Encapsulation
DA SA 802.1Q TAG LEN/ETYPE DATA FCS
6 Bytes 6 Bytes 4 Bytes 2 Bytes 46 Bytes~1500 Bytes 4 Bytes

QinQ Encapsulation

DA SA 802.1Q TAG 802.1Q TAG LEN/ETYPE DATA FCS

6 Bytes 6 Bytes 4 Bytes 4 Bytes 2 Bytes 46 Bytes~1500 Bytes 4 Bytes

TPID Priority CFI VLAN ID

QinQ Implementation
QinQ can be implemented in either of the following ways:
1. Basic QinQ
Basic QinQ is implemented based on interfaces. After basic QinQ is
configured on an interface, the device adds the default VLAN tag of this
interface to all packets regardless of whether the packets carry VLAN tags.
– If a single-tagged packet is received, the packet becomes a double-
tagged packet.
– If an untagged packet is received, the packet is tagged with the default
VLAN ID of the local interface.
2. Selective QinQ
Selective QinQ is implemented based on interfaces and VLAN IDs. That is, an
interface can forward packets based on a single VLAN tag or double VLAN
tags. In addition, the device processes packets received on an interface as
follows based on their VLAN IDs:
– Adds different outer VLAN tags to packets carrying different inner VLAN
IDs.
– Marks outer 802.1p fields and adds different outer VLAN tags to packets
according to the 802.1p fields in inner VLAN tags.
In addition to separating carrier and customer networks, selective QinQ
provides extensive service features and allows flexible networking.

QinQ Encapsulation
QinQ encapsulation changes a single-tagged packet into a double-tagged packet,
and is usually performed on underlayer provider edge (UPE) interfaces connected
to customer networks.
Depending on the data encapsulated, QinQ encapsulation is applied as interface-
based or flow-based QinQ encapsulation. Additionally, QinQ encapsulation can be
performed on routed sub-interfaces.
● Interface-based QinQ encapsulation

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 457

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

This encapsulation mode is also called QinQ tunneling. It encapsulates

packets arriving at the same interface with the same outer VLAN tag, and
therefore cannot distinguish users and services at the same time.
● Flow-based QinQ encapsulation
This encapsulation mode classifies packets arriving at an interface into
different flows, and then determines whether to add outer VLAN tags and
which outer VLAN tags to add on a per flow basis. This mode is also called
selective QinQ.
Traffic can be classified based on VLAN ID ranges if a customer uses different
VLAN IDs for different services. For example, PC users access the Internet
through VLANs 101 to 200, IPTV users through VLANs 201 to 300, and VIPs
through VLANs 301 to 400. When receiving service data, the UPE adds outer
tag 100 to packets from PCs, outer tag 300 to packets from IPTV users, and
outer tag 500 to packets from VIPs.
● QinQ encapsulation on sub-interfaces
QinQ encapsulation can be performed on both Layer 2 interfaces and Layer 3
sub-interfaces.
When service data is transparently transmitted over an MPLS/IP core network
using PWE3/VLL/VPLS, a network-end provider edge (NPE) sub-interface adds
an outer VLAN tag to a packet based on the inner VLAN tag. Then the packet
is transmitted on the VLL/PWE3/VPLS network using the outer VLAN tag.
Packets from multiple private VLANs can be transparently transmitted
through a sub-interface, which is called a QinQ stacking sub-interface.
QinQ encapsulation on a sub-interface is also a form of flow-based QinQ
encapsulation. The QinQ stacking sub-interface must be used with the L2VPN
service (PWE3/VLL/VPLS), and cannot support Layer 3 forwarding.

10.2.2 Basic QinQ

Basic QinQ, also called QinQ tunneling, is performed based on interfaces. After
basic QinQ is configured on an interface, packets received on the interface are
tagged with the default VLAN ID of the interface. After being processed by basic
QinQ on an interface, single-tagged packets change into double-tagged packets,
and untagged packets change into single-tagged packets with the default VLAN
tag of the interface.
Basic QinQ can be configured to expand VLAN space when multiple VLANs are
required.
As shown in Figure 10-3, Department 1 has two offices and Department 2 has
three offices. These offices are connected to PE1 and PE2 respectively. Department
1 and Department 2 can plan their own VLANs as required.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 458

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Figure 10-3 Networking diagram of QinQ tunneling

Department 2 Department 2
PE2
Port1 Port2

…… Port3 ……

PE1 Port4
VLAN1000 VLAN4094 VLAN500 VLAN2500
Port1 Port2

Port3

…… ……
……

VLAN2 VLAN500 VLAN1000 VLAN2000 VLAN100 VLAN500

Department 1 Department 2 Department 1

Table 10-1 shows the outer VLAN tag plan for Department 1 and Department 2.

Table 10-1 VLAN plan for Department 1 and Department 2

Department VLAN ID Range Outer VLAN ID

Department 1 2 to 500 10

Department 2 500 to 4094 20

QinQ tunneling is configured on PE1 and PE2 in the following way to implement
communication within each department and isolate the two departments:
● Configure PE1 to add the outer VLAN 10 to packets received on Port1 and
Port2 and outer VLAN 20 to packets received on Port3.
● Configure PE2 to add the outer VLAN 20 to packets received on Port1 and
Port2.
● Configure Port4 on PE1 and Port3 on PE2 to allow packets of VLAN 20 to
pass.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 459

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

10.2.3 Selective QinQ

Selective QinQ, also called VLAN stacking or QinQ stacking, is performed based on
interfaces and VLAN IDs. In addition to basic QinQ functions, selective QinQ has
the following functions:
● VLAN ID-based selective QinQ: adds outer VLAN tags based on inner VLAN
IDs.
● 802.1p priority-based selective QinQ: adds outer VLAN tags based on 802.1p
priorities in inner VLAN tags.
● Traffic policy-based selective QinQ: adds outer VLAN tags based on traffic
policies so that differentiated services can be provided based on service types.

Selective QinQ is an extension of basic QinQ and is more flexible. The difference is
as follows:

● Basic QinQ: adds the same outer VLAN tag to all packets arriving at a Layer 2
interface.
● Selective QinQ: adds different outer VLAN tags to packets arriving at a Layer
2 interface based on inner VLAN tags.

As shown in Figure 10-4, Department 1 and Department 2 have multiple offices.

Figure 10-4 Networking diagram of selective QinQ

Department 2 Department 2
PE2
Port1 Port2

…… Port3 ……

PE1 Port3

VLAN1000 VLAN4094 VLAN500 VLAN2500

Port1 Port2

……

……
……

VLAN100 VLAN500

Department 1
VLAN2 VLAN500 VLAN1000 VLAN2000

Department 1 Department 2

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 460

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Table 10-2 VLAN plan for Department 1 and Department 2

Device Interface VLAN ID Range Outer VLAN ID

PE1 Port1 2 to 500 10

Port1 1000 to 2000 20

Port2 100 to 500 10

PE2 Port1 1000 to 4094 20

Port2 500 to 2500 20

● Department 1 uses VLANs 2 to 500.

● Department 2 uses VLANs 500 to 4094.
● Port1 on PE1 receives packets from VLANs of Department 1 and Department
2 simultaneously.
Selective QinQ is configured on PE1 and PE2 in the following way to implement
communication within each department and isolate the two departments.
● Configure outer VLAN tags for packets received on interfaces of PE1 and PE2
according to Table 10-2.
● Configure Port3 on PE1 and Port3 on PE2 to allow packets of VLAN 20 to
pass.

10.2.4 VLAN Stacking on a VLANIF Interface

As shown in Figure 10-5, DeviceA is connected to DeviceB through a third-party
network. DeviceB is configured with the management VLAN. The management
VLAN ID is the same as the VLAN ID of the downstream user connected to
DeviceA but different from the S-VLAN ID.

Figure 10-5 Networking diagram of VLAN stacking on a VLANIF interface

IP 10 20 DeviceB

Internet

DeviceA

IP 10 Management VLAN 10
Interface VLANIF 10

user2

user1
VLAN 10

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 461

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

To log in to DeviceB and manage VLANs from DeviceA, you can configure VLAN
stacking on the VLANIF interface corresponding to the management VLAN on
DeviceB.
● If the double-tagged packets sent to the ISP network have the same outer
VLAN tags as the S-VLAN tags, the packets can be transparently transmitted
to DeviceB over the ISP network.
DeviceB enabled with QinQ stacking compares the VLAN tag of the received
packets with the VLAN tag on the VLANIF interface. If the packets have the
same outer tag as that on the VLANIF interface, DeviceB removes the outer
VLAN tag and sends the packet to the IP layer for processing.
● The VLANIF interface enabled with QinQ stacking on DeviceB adds outer
VLAN tags to received data packets. The outer VLAN tag is the same as the S-
VLAN tag. In this case, the double-tagged packets can be transparently
transmitted to DeviceA over the ISP network. After receiving the packets,
DeviceA removes the outer VLAN tag and forwards the packets to local users.

10.2.5 TPID
The Tag Protocol Identifier (TPID) specifies the protocol type of a VLAN tag. The
TPID value defined in IEEE 802.1Q is 0x8100.
Figure 10-6 shows the Ethernet packet format defined in IEEE 802.1Q. An IEEE
802.1Q tag, containing the TPID, lies between the Source Address field and the
Length/Type field. A device checks the TPID value in a received packet to
determine whether the VLAN tag is an S-VLAN tag or C-VLAN tag. The device
compares the configured TPID value with the TPID value in the packet. For
example, if a frame carries the VLAN tag with TPID 0x8100 but the TPID
configured for a customer network on a device is 0x8200, the device considers the
frame untagged.

Figure 10-6 802.1Q encapsulation

802.1Q Encapsulation
DA SA 802.1Q TAG Length/Type Data FCS
6 Bytes 6 Bytes 4 Bytes 2 Bytes 46 Bytes~1500 Bytes 4 Bytes

TPID 2 Bytes TCI 2 Bytes

0X8100 Priority CFI VLAN ID

3bits 1bit 12bits

Carrier's systems may use different TPID values in outer VLAN tags. When a
Huawei device needs to interoperate with such a carrier system, set the TPID value
to the value used by the carrier so that QinQ packets sent from the Huawei device
can be transmitted across the carrier network. To prevent errors in packet
forwarding and processing, do not set the TPID to any of values listed in Table
10-3.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 462

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Table 10-3 Protocol types and values

Protocol Type Value

ARP 0x0806

RARP 0x8035

IP 0x0800

IPv6 0x86DD

PPPoE 0x8863/0x8864

MPLS 0x8847/0x8848

IPX/SPX 0x8137

LACP 0x8809

802.1x 0x888E

HGMP 0x88A7

Reserved 0xFFFD/0xFFFE/0xFFFF

10.2.6 QinQ Mapping

Implementation
QinQ mapping is performed after packets are received on the inbound interface
and before packets are forwarded through the outbound interface.

● Before sending a packet from a local VLAN, a sub-interface replaces the VLAN
tag of the packet sent with a specified VLAN tag.
● After receiving a packet, a sub-interface replaces the VLAN tag of packet with
a local VLAN tag.

In real-world applications, QinQ mapping can map customer VLAN (C-VLAN) tags
to a service VLAN (S-VLAN) tag to shield different customer VLANs.

QinQ mapping is generally deployed on edge devices of a metro Ethernet and

often used to map a VLAN tag carried in a packet to a specified VLAN tag before
the packet is transmitted on the public network. QinQ mapping applies to the
following scenarios:
● The VLAN IDs deployed in new sites and old sites conflict, but new sites need
to communicate with old sites.
● Sites connected to the public network use conflicting VLAN IDs but do not
need to communicate with one another.
● The VLAN IDs on both ends of the public network are different.

Currently, the device supports the following QinQ mapping modes:

● 1-to-1 mapping

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 463

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

When a sub-interface receives a single-tagged packet, it maps the VLAN tag

to a specified tag.
● 2-to-1 mapping
When a sub-interface receives a double-tagged packet, it maps the outer
VLAN tag to a specified tag and retains the inner VLAN tag.

Figure 10-7 QinQ mapping

IP 50 IP 50
Device2 ISP Device3
GE0/0/2 VLAN Tag:50
GE0/0/2

GE0/0/1.1 GE0/0/1.1
QinQ Mapping
IP 20 IP 40

Device1 Device4

PC1 PC2

172.16.0.1/24 172.16.0.7/24

As shown in Figure 10-7, 1-to-1 QinQ mapping is configured on GE0/0/1.1

interfaces of Device2 and Device3. Frames sent from PC1 to PC2 are processed as
follows:
1. PC1 sends an untagged frame to Device1. After receiving the frame, Device1
adds VLAN tag 20 to the frame.
2. Device1 forwards the frame with VLAN tag 20 to Device2. Device2 replaces
VLAN tag 20 with S-VLAN tag 50 on sub-interface GE0/0/1.1.
3. Device2 sends the frame with S-VLAN tag 50 through GE0/0/2.
4. The frame is transparently transmitted on the ISP network.
5. When the frame arrives at GE0/0/1.1 of Device3, Device3 replaces VLAN tag
50 with VLAN tag 40.
Frames sent from PC2 to PC1 are processed in a similar way.
QinQ mapping allows PC1 to communicate with PC2.

Comparison Between QinQ Mapping and VLAN Mapping

Table 10-4 compares QinQ mapping and VLAN mapping.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 464

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Table 10-4 Comparison between QinQ mapping and VLAN mapping

Mapping Similarity Difference

1-to-1 The interface maps the ● QinQ mapping is performed on sub-

tag in a received single- interfaces and used for VPLS access.
tagged packet to a ● VLAN mapping is performed on main
specified tag. interfaces and applies to Layer 2
networks where packets are
forwarded based on VLANs.

2-to-1 The interface maps the ● QinQ mapping is performed on sub-

outer tag of a received interfaces and used for VPLS access.
double-tagged packet ● VLAN mapping is performed on main
to a specified tag and interfaces and applies to Layer 2
retains the inner tag. networks where packets are
The inner tag is forwarded based on VLANs.
transparently
transmitted as service
data.

10.3 Application Scenarios for QinQ

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 465

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

10.3.1 Public User Services on a Metro Ethernet Network

Figure 10-8 QinQ application on a metro Ethernet network

Core Network

NPE NPE
VLAN 1001 VLAN 1XX
VLAN 2001 VLAN 3XX
VLAN 1000 VLAN 1XX VRRP VLAN 3001 VLAN 5XX
VLAN 2000 VLAN 3XX Metro
VLAN 3000 VLAN 5XX Ethernet

UPE
VLAN 101 VLAN 101
VLAN 301 VLAN 301
VLAN 501 VLAN 501

HSI VOIP IPTV HSI VOIP IPTV

PVC101
PVC301
PVC501

As shown in Figure 10-8, the digital subscriber line access multiplexers (DSLAMs)
support multiple permanent virtual channels (PVCs) so that a same user can use
multiple services, such as High-Speed Internet (HSI), Internet Protocol Television
(IPTV), and voice over IP (VoIP).

The carrier assigns different PVCs and VLAN ranges to HSI, IPTV, and VoIP services,
as described in Table 10-5.

Table 10-5 Example of VLAN assignment

Service VLAN Range

HSI 101 to 300

VoIP 301 to 500

IPTV 501 to 700

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 466

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

A user accesses the VoIP service. When a VoIP packet reaches a DSLAM through a
specified PVC, the DSLAM marks the packet with a VLAN in the VLAN range
mapped to the PVC, such as 301. When the VoIP packet reaches the UPE, the UPE
tags the packets with an outer VLAN ID mapping the VoIP VLAN ID range, such as
2000. The inner VLAN ID represents user information and the outer VLAN ID
represents service information and the location of the DSLAM (packets from
different DSLAMs are tagged with different outer VLAN IDs). When the packet
reaches the NPE indicated by the outer VLAN tag, the VLAN tag is terminated on
the QinQ termination sub-interface. According to the core network configuration,
the packet is forwarded on the IP network or enters the corresponding VPN.
HSI and IPTV services are processed in the same manner, except that VLAN tags of
HSI services are terminated on a broadband remote access server (BRAS).
The NPE can perform HQoS scheduling based on double tags and generate a
DHCP binding table to avoid network attacks. In addition, the NPE can implement
DHCP authentication based on double tags or other information. You can also
configure VRRP on QinQ termination sub-interfaces to ensure service reliability.

10.3.2 Enterprise Network Connection Through Private Lines

As shown in Figure 10-9, an enterprise has two sites in different places. Each site
has three networks: Finance, Marketing, and Others. To ensure network security,
the enterprise requires that users belonging to different networks be unable to
communicate with each other.

Figure 10-9 Private line connection between enterprise users

Outside:VLAN 1000 Inside:VLAN 100 Outside:VLAN 1000 Inside:VLAN 100
Outside:VLAN 1000 Inside:VLAN 200 Outside:VLAN 1000 Inside:VLAN 200
Outside:VLAN 1000 Inside:VLAN 300 Outside:VLAN 1000 Inside:VLAN 300

ME MPLS/IP ME
UPE NPE NPE UPE
VLAN 100 VLAN 100 VLAN 100
VLAN 200 VLAN 200 VLAN 200
VLAN 300 VLAN 300 VLAN 300

Others
Others
Finance Finance VLAN 300
VLAN 300
VLAN 100 VLAN 100
Marketing Marketing
VLAN 200 VLAN 200

The carrier uses VPLS technology on the MPLS/IP core network and QinQ
technology on the metro Ethernet network. Each site is assigned three VLANs 100,
200 and 300, which represent Finance, Marketing, and Others departments
respectively. The UPEs at two ends tag received packets with outer VLAN 1000
(different outer VLAN tags are allowed on two ends), and the same VSI is

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 467

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

configured on the NPEs. This configuration ensures that only users of the same
VLAN in different sites can communicate with each other.

10.4 Summary of QinQ Configuration Tasks

Table 10-6 describes the QinQ configuration tasks.

Table 10-6 QinQ configuration tasks

Scenario Description Task

Configure basic QinQ After basic QinQ is 10.6 Configuring Basic

configured, the switch QinQ
adds a public tag to
incoming packets so that
user packets can be
forwarded on the public
network.

Configure selective QinQ Selective QinQ based on 10.7 Configuring

the VLAN ID enables the Selective QinQ
switch to add different
outer VLAN tags to
received data frames
according to VLAN IDs in
the frames.

Set the TPID value in an This configuration allows 10.8 Configuring the
outer VLAN tag a Huawei device to TPID Value in an Outer
communicate with a VLAN Tag
non-Huawei device.

Configure QinQ stacking To log in to a remote 10.9 Configuring QinQ

on a VLANIF interface device and manage the Stacking on a VLANIF
device, configure QinQ Interface
stacking on the VLANIF
interface corresponding
to the management
VLAN of the remote
device.

Configure the device to The device can be 10.10 Configuring the

add double VLAN tags to configured to add double Device to Add Double
untagged packets VLAN tags to untagged VLAN Tags to Untagged
packets. Packets

Configure QinQ mapping QinQ mapping maps C- 10.11 Configuring QinQ

VLAN tags to S-VLAN Mapping
tags to shield different
C-VLAN tags.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 468

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

10.5 Licensing Requirements and Limitations for QinQ

Involved Network Elements

Other network elements are not required.

Licensing Requirements
QinQ configuration commands are available only after the S1720GW, S1720GWR,
and S1720X have the license (WEB management to full management Electronic
RTU License) loaded and activated and the switches are restarted. QinQ
configuration commands on other models are not under license control.

For details about how to apply for a license, see S Series Switch License Use
Guide.

Version Requirements

Table 10-7 Products and versions supporting QinQ

Product Product Software Version

Model

S1700 S1720GFR V200R006C10, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S1720GW, V200R010C00, V200R011C00, V200R011C10

S1720GWR

S1720GW- V200R010C00, V200R011C00, V200R011C10

E,
S1720GWR
-E

S1720X, V200R011C00, V200R011C10

S1720X-E

Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.

S2700 S2700SI Not supported

S2700EI V100R005C01, V100R006(C00&C01&C03&C05)

NOTE
The S2700EI does not support selective QinQ.

S2710SI Not supported

S2720EI V200R006C10, V200R009C00, V200R010C00,

V200R011C10

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 469

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Product Product Software Version

Model

S2750EI V200R003C00, V200R005C00SPC300, V200R006C00,

V200R007C00, V200R008C00, V200R009C00,
V200R010C00, V200R011C00, V200R011C10

S3700 S3700SI V100R005C01, V100R006(C00&C01&C03&C05)

S3700EI V100R005C01, V100R006(C00&C01&C03&C05)

S3700HI V100R006C01, V200R001C00

S5700 S5700LI V200R001C00, V200R002C00,

V200R003(C00&C02&C10), V200R005C00SPC300,
V200R006C00, V200R007C00, V200R008C00,
V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5700S-LI V200R001C00, V200R002C00, V200R003C00,

V200R005C00SPC300, V200R006C00, V200R007C00,
V200R008C00, V200R009C00, V200R010C00,
V200R011C00, V200R011C10

S5710-C-LI V200R001C00

S5710-X-LI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S5700EI V100R005C01, V100R006(C00&C01),

V200R001(C00&C01), V200R002C00, V200R003C00,
V200R005(C00&C01&C02&C03)

S5700SI V100R005C01, V100R006C00, V200R001C00,

V200R002C00, V200R003C00, V200R005C00

S5710EI V200R001C00, V200R002C00, V200R003C00,

V200R005(C00&C02)

S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10

S5720LI, V200R010C00, V200R011C00, V200R011C10

S5720S-LI

S5720SI, V200R008C00, V200R009C00, V200R010C00,

S5720S-SI V200R011C00, V200R011C10

S5700HI V100R006C01, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00SPC500&C01&C02)

S5710HI V200R003C00, V200R005(C00&C02&C03)

S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5730SI V200R011C10

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 470

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Product Product Software Version

Model

S5730S-EI V200R011C10

S6700 S6700EI V100R006C00, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00&C01&C02)

S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, V200R011C00, V200R011C10

S6720S-LI

S6720SI, V200R011C00, V200R011C10

S6720S-SI

NOTE
To know details about software mappings, see Hardware Query Tool.

Feature Limitations
● For the points of attention when configuring QinQ on a sub-interface, see 8.4
Licensing Requirements and Limitations for VLAN Termination.
● The devices listed in Table 10-8 can add double tags to untagged packets.

Table 10-8 Products and versions supporting the function of adding double
tags to untagged packets

Product Product Software Version

Model

S1700 S1720GFR V200R006C10, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S1720GW, V200R010C00, V200R011C00, V200R011C10

S1720GW
R

S1720GW- V200R010C00, V200R011C00, V200R011C10

E,
S1720GW
R-E

S1720X, V200R011C00, V200R011C10

S1720X-E

Other Models that cannot be configured using

S1700 commands. For details about features and
models versions, see S1700 Documentation Bookshelf.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 471

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Product Product Software Version

Model

S2700 S2700SI Not supported

S2700EI Not supported

S2710SI Not supported

S2720EI V200R006C10, V200R009C00, V200R010C00,

V200R011C10

S2750EI V200R003C00, V200R005C00SPC300,

V200R006C00, V200R007C00, V200R008C00,
V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S3700 S3700SI Not supported

S3700EI Not supported

S3700HI Not supported

S5700 S5700LI V200R003 (C00&C02&C10),

V200R005C00SPC300, V200R006C00,
V200R007C00, V200R008C00, V200R009C00,
V200R010C00, V200R011C00, V200R011C10

S5700S-LI V200R003C00, V200R005C00SPC300,

V200R006C00, V200R007C00, V200R008C00,
V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5710-C- Not supported

LI

S5710-X-LI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S5700EI Not supported

S5700SI Not supported

S5710EI V200R003C00, V200R005 (C00&C02)

S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10

S5720LI, V200R010C00, V200R011C00, V200R011C10

S5720S-LI

S5720SI, V200R008C00, V200R009C00, V200R010C00,

S5720S-SI V200R011C00, V200R011C10

S5700HI V200R002C00, V200R003C00, V200R005

(C00SPC500&C01&C02)

S5710HI V200R003C00, V200R005(C00&C02&C03)

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 472

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Product Product Software Version

Model

S5720HI V200R006C00, V200R007(C00&C10),

V200R008C00, V200R009C00, V200R010C00,
V200R011C00, V200R011C10

S5730SI V200R011C10

S5730S-EI V200R011C10

S6700 S6700EI V200R003C00, V200R005 (C00&C01&C02)

S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, V200R011C00, V200R011C10

S6720S-LI

S6720SI, V200R011C00, V200R011C10

S6720S-SI

● The switch forwards packets based only on their outer VLAN tags and learns
MAC address entries based on the outer VLAN tags.
● Selective QinQ is recommended to be enabled on a hybrid interface and the
qinq vlan-translation enable command must have been executed to enable
VLAN translation. Selective QinQ can only take effect on the interface in the
inbound direction.
● When an interface configured with VLAN stacking needs to remove the outer
tag from outgoing frames, the interface must join the VLAN specified by
stack-vlan in untagged mode. If the outer VLAN does not need to be
removed, the interface must join the VLAN specified by stack-vlan in tagged
mode.
● The device configured with selective QinQ can only add an outer VLAN tag to
a frame with an inner VLAN tag on an interface, and the outer VLAN ID must
exist. Otherwise, the services where selective QinQ is configured are
unavailable.
● A VLAN bound to a BD cannot be specified as the value of stack-vlan (that is,
the outer VLAN ID added to frames) in VLAN stacking commands. Similarly, a
VLAN specified as the value of stack-vlan in VLAN stacking commands cannot
be bound to a BD.
● If only single-tagged packets from a VLAN need to be transparently
transmitted, do not specify the VLAN as the inner VLAN for selective QinQ.
After selective QinQ is configured on the S3700EI, S3700SI, or S5700EI, VLAN
mapping, for example, port vlan-mapping vlan 20 map-vlan 20, must be
configured to map the VLAN to itself from which single-tagged packets need
to be transparently transmitted.
● When VLAN stacking is configured, do not configure stack-vlan to the VLAN
corresponding to the VLANIF interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 473

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

● VLAN-based flow mirroring allows the device to identify only outer VLAN tags
of QinQ packets.
● The globally configured traffic-limit command that takes effect for all
interfaces in the inbound direction is invalid for QinQ packets.
● ND snooping and adding double tags to untagged packets can be configured
together on the S5720EI, S5720HI, S6720EI and S6720S-EI.
● SAVI and adding double tags to untagged packets can be configured together
on the S5720EI, S5720HI, S6720EI and S6720S-EI.
● If the PW-side interface is a Layer 3 interface switched by the undo
portswitch command, the AC-side interface cannot be a Layer 3 interface or
subinterface belonging to a Layer 3 interface; otherwise, traffic forwarding is
abnormal. This rule applies to S5720EI, S6720EI, and S6720S-EI.

10.6 Configuring Basic QinQ

Background
Basic QinQ enables the device to add a public tag to incoming packets so that
user packets can be forwarded on the public network. To separate private
networks from public networks and conserve VLAN resources, configure double
802.1Q tags on QinQ interfaces of the device. Private VLAN tags are used on
private networks such as enterprise networks, and public VLAN tags are used on
external networks such as ISP networks. QinQ expands VLAN space to 4094x4094
and allows packets on different private networks with the same VLAN IDs to be
transparently transmitted.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run vlan vlan-id

A VLAN used on the public network is created.

Step 3 Run quit

Exit from the VLAN view.

Step 4 Run interface interface-type interface-number

The interface view is displayed.

The interface can be a physical interface or an Eth-Trunk interface.

Step 5 Run port link-type dot1q-tunnel

The link type of the interface is set to Dot1q-tunnel.

By default, the link type of an interface on the S1720GFR, S1720GW, S1720GWR,

S1720X, S1720GW-E, S1720GWR-E, S1720X-E, S2750EI, S2720EI, S5700LI, S5700S-
LI, S5720LI, S5720S-LI, S6720LI, S6720S-LI, S5710-X-LI, S5730SI, S5730S-EI,

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 474

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

S6720SI, S6720S-SI, S5720SI, and S5720S-SI is negotiation-auto, and the link type
of an interface on other models is negotiation-desirable.
Dot1q-tunnel interfaces do not support Layer 2 multicast.
Step 6 Run port default vlan vlan-id
The VLAN ID of the public VLAN tag, that is, the default VLAN of the interface, is
configured.
By default, VLAN 1 is the default VLAN of all interfaces.

----End

Verifying the Configuration

● Run the display current-configuration interface interface-type interface-
number command to check the QinQ configuration on the interface.

10.7 Configuring Selective QinQ

Selective QinQ is implemented based on interfaces and VLAN IDs.

Pre-configuration Tasks
Before configuring selective QinQ, create the outer VLAN.

10.7.1 Configuring VLAN ID-based Selective QinQ

Context
VLAN ID-based selective QinQ allows an interface to add outer VLAN tags to
packets based on VLAN IDs of the packets.

NOTE

● Selective QinQ is recommended to be enabled on a hybrid interface and the qinq vlan-
translation enable command must have been executed to enable VLAN translation.
Selective QinQ can only take effect on the interface in the inbound direction.
● The device configured with selective QinQ can only add an outer VLAN tag to a frame with
an inner VLAN tag on an interface, and the outer VLAN ID must exist. Otherwise, the
services where selective QinQ is configured are unavailable.
● When an interface configured with VLAN stacking needs to remove the outer tag from
outgoing frames, the interface must join the VLAN specified by stack-vlan in untagged
mode. If the outer VLAN does not need to be removed, the interface must join the VLAN
specified by stack-vlan in tagged mode.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 475

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

The interface can be a physical interface or an Eth-Trunk interface.

Step 3 Run port link-type hybrid
The link type of the interface is set to hybrid.
By default, the link type of an interface on the S1720GFR, S1720GW, S1720GWR,
S1720X, S1720GW-E, S1720GWR-E, S1720X-E, S2750EI, S2720EI, S5700LI, S5700S-
LI, S5720LI, S5720S-LI, S6720LI, S6720S-LI, S5710-X-LI, S5730SI, S5730S-EI,
S6720SI, S6720S-SI, S5720SI, and S5720S-SI is negotiation-auto, and the link type
of an interface on other models is negotiation-desirable.
Step 4 Run port hybrid untagged vlan vlan-id
The interface is added to the VLAN in untagged mode.
The specified VLAN ID in the command must exist on the device. You do not need
to create a VLAN specified by the original VLAN tag of a received packet.
Step 5 Run qinq vlan-translation enable
VLAN translation is enabled on the interface.
Step 6 When configuring selective QinQ, perform the following configurations as
required:
● Configure only selective QinQ.
Run the port vlan-stacking vlan vlan-id1 [ to vlan-id2 ] stack-vlan vlan-id3
[ remark-8021p 8021p-value1 ] command to configure only selective QinQ.
By default, the priority in the outer VLAN tag is the same as that in the inner
VLAN tag.
● Configure selective QinQ and VLAN mapping.
Run the port vlan-stacking vlan vlan-id1 stack-vlan vlan-id2
[ remark-8021p 8021p-value1 ] map-vlan vlan-id4 [ remark-inner-8021p
8021p-value2 ] command to configure selective QinQ and VLAN mapping.
By default, the priority in the outer VLAN tag is the same as that in the inner
VLAN tag.
NOTE

When map-vlan vlan-id4 is configured to perform VLAN stacking and VLAN mapping
concurrently, on switches other than the S5720EI, S5720HI, S6720EI, and S6720S-EI,
the same outer VLAN tag cannot be added to packets from different user VLANs. On
the S5720EI, S5720HI, S6720EI, and S6720S-EI, the same outer VLAN tag cannot be
added to packets from different user VLANs, and different inner VLAN tags in packets
from different user VLANs cannot be matched to the same VLAN tag. For example, if
packets containing VLAN IDs 10 and 20 respectively are received on an interface, the
port vlan-stacking vlan 10 stack-vlan 100 map-vlan 200 and port vlan-stacking
vlan 20 stack-vlan 100 map-vlan 200 commands cannot be configured together.

Step 7 Run quit

Exit from the interface view.
Step 8 Run interface interface-type interface-number
The view of another interface is displayed.
This interface is the outbound interface for QinQ packets, different from the
interface specified in step 2.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 476

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Step 9 Run port link-type trunk

The link type of the interface is set to trunk.
Step 10 Run port trunk allow-pass vlan vlan-id3
The outer VLAN ID (stack-vlan) added to the original tagged packet is set.

----End

Verifying the Configuration

● Run the display current-configuration interface interface-type interface-
number command to check the selective QinQ configuration on the interface.

Configuration Tips
Deleting QinQ configuration
Use either of the following methods to delete the selective QinQ configuration on
an interface:
● Run the undo port vlan-stacking vlan vlan-id1 [ to vlan-id2 ] [ stack-vlan
vlan-id3 ] command in the interface view to delete a selective QinQ entry on
the interface.
● Run the undo port vlan-stacking all command in the interface view to
delete all the selective QinQ entries on the interface.

10.7.2 Configuring MQC-based Selective QinQ

Context
A traffic policy is configured by associating traffic classifiers with traffic behaviors.
You can specify a VLAN ID or other information in a traffic classifier and associate
the traffic classifier with a traffic behavior to implement selective QinQ. Then the
device adds the specified outer VLAN tag to packets matching the traffic classifier.
Traffic policy-based selective QinQ enables the device to provide differentiated
services based on service types.

NOTE

Only the S1720X, S1720X-E, S5730SI, S5730S-EI, S6720LI, S6720S-LI, S6720SI, and S6720S-
SI support this configuration.

Procedure
1. Configure a traffic classifier.
a. Run system-view
The system view is displayed.
b. Run traffic classifier classifier-name [ operator { and | or } ]
A traffic classifier is created and the traffic classifier view is displayed, or
the existing traffic classifier view is displayed.
and is the logical operator between the rules in the traffic classifier,
which means that:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 477

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

▪ If the traffic classifier contains ACL rules, packets match the traffic
classifier only when they match one ACL rule and all the non-ACL
rules.

▪ If the traffic classifier does not contain any ACL rules, packets match
the traffic classifier only when they match all the rules in the
classifier.
The logical operator or means that packets match the traffic classifier as
long as they match one of rules in the classifier.
By default, the relationship between rules in a traffic classifier is OR.
c. Configure matching rules according to the following table.
Matchin Command Remarks
g Rule

Outer if-match vlan-id start-vlan-id -

VLAN ID [ to end-vlan-id ] [ cvlan-id
or inner cvlan-id ]
and outer
VLAN IDs
of QinQ
packets

Inner and if-match cvlan-id start-vlan-id -

outer [ to end-vlan-id ] [ vlan-id
VLAN IDs vlan-id ]
in QinQ
packets

802.1p if-match 8021p 8021p-value If you enter multiple

priority in &<1-8> 802.1p priority values in
VLAN one command, a packet
packets matches the traffic
classifier as long as it
matches any one of the
802.1p priorities,
regardless of whether the
relationship between
rules in the traffic
classifier is AND or OR.

Destinati if-match destination-mac -

on MAC mac-address [ mac-address-
address mask ]
Source if-match source-mac mac- -
MAC address [ mac-address-mask ]
address

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 478

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Matchin Command Remarks

g Rule

Protocol if-match l2-protocol { arp | ip -

type field | mpls | rarp | protocol-value }
in the
Ethernet
frame
header

All if-match any -

packets

DSCP if-match dscp dscp-value ● If you enter multiple

priority in &<1-8> DSCP values in one
IP command, a packet
packets matches the traffic
classifier as long as it
matches any one of
the DSCP values,
regardless of whether
the relationship
between rules in the
traffic classifier is AND
or OR.
● If the relationship
between rules in a
traffic classifier is AND,
the if-match dscp and
if-match ip-
precedence
commands cannot be
used in the traffic
classifier
simultaneously.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 479

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Matchin Command Remarks

g Rule

IP if-match ip-precedence ip- ● The if-match dscp and

preceden precedence-value &<1-8> if-match ip-
ce in IP precedence
packets commands cannot be
configured in a traffic
classifier in which the
relationship between
rules is AND.
● If you enter multiple IP
precedence values in
one command, a
packet matches the
traffic classifier as long
as it matches any one
of the IP precedence
values, regardless of
whether the
relationship between
rules in the traffic
classifier is AND or OR.

Layer 3 if-match protocol { ip | ipv6 } -

protocol
type

SYN Flag if-match tcp syn-flag { syn- -

in the flag-value | ack | fin | psh | rst
TCP | syn | urg }
packet

Inbound if-match inbound-interface A traffic policy containing

interface interface-type interface- this matching rule cannot
number be applied to the
outbound direction or in
the interface view.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 480

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Matchin Command Remarks

g Rule

ACL rule if-match acl { acl-number | ● When an ACL is used

acl-name } to define a traffic
classification rule, it is
recommended that the
ACL be configured first.
● If an ACL in a traffic
classifier defines
multiple rules, a packet
matches the ACL as
long as it matches one
of rules, regardless of
whether the
relationship between
rules in the traffic
classifier is AND or OR.

ACL6 rule if-match ipv6 acl { acl- Before specifying an ACL6

number | acl-name } in a matching rule,
configure the ACL6.

d. Run quit
Exit from the traffic classifier view.
2. Configure a traffic behavior.
a. Run traffic behavior behavior-name
A traffic behavior is created and the traffic behavior view is displayed.
b. Run add-tag vlan-id vlan-id
The outer VLAN ID is specified in the traffic behavior.
You must specify an existing VLAN ID on the device in this command. You
do not need to create a VLAN specified by the original VLAN tag of a
received packet.
c. Run quit
Exit from the traffic behavior view.
d. Run quit
Exit from the system view.
3. Configure a traffic policy.
a. Run system-view
The system view is displayed.
b. Run traffic policy policy-name
A traffic policy is created and the traffic policy view is displayed, or the
view of an existing traffic policy is displayed.
After a traffic policy is applied, you cannot use the traffic policy
command to modify the matching order of traffic classifiers in the traffic
policy. To modify the matching order, delete the traffic policy, create a
traffic policy, and specify the matching order.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 481

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

When creating a traffic policy, you can specify the matching order of its
matching rules. The matching order can be either automatic order or
configuration order:

▪ Automatic order: Traffic classifiers are matched based on the

priorities of their types. Traffic classifiers based on the following
information are in descending order of priority: Layer 2 and IPv4
Layer 3 information, advanced ACL6 information, basic ACL6
information, Layer 2 information, IPv4 Layer 3 information, and user-
defined ACL information. If data traffic matches multiple traffic
classifiers, and the traffic behaviors conflict with each other, the
traffic behavior corresponding to the highest priority rule takes
effect.

▪ Configuration order: Traffic classifiers are matched based on the

sequence in which traffic classifiers were bound to traffic behaviors.
NOTE

If more than 128 ACL rules defining CAR are configured, a traffic policy must be
applied to an interface, a VLAN, and the system in sequence in the outbound
direction. In the preceding situation, if you need to update ACL rules, delete the
traffic policy from the interface, VLAN, and system and reconfigure it in
sequence.
c. Run classifier classifier-name behavior behavior-name
A traffic behavior is bound to a traffic classifier in the traffic policy.
d. Run quit
Exit from the traffic policy view.
e. Run quit
Exit from the system view.
4. Apply the traffic policy.
– Applying a traffic policy to an interface
i. Run system-view
The system view is displayed.
ii. Run interface interface-type interface-number
The interface view is displayed.
iii. Run traffic-policy policy-name { inbound | outbound }
A traffic policy is applied to the interface.
A traffic policy can be applied to only one direction on an interface,
but a traffic policy can be applied to different directions on different
interfaces. After a traffic policy is applied to an interface, the system
performs traffic policing for all the incoming or outgoing packets
that match traffic classification rules on the interface.
– Applying a traffic policy to a VLAN
i. Run system-view
The system view is displayed.
ii. Run vlan vlan-id
The VLAN view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 482

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

iii. Run traffic-policy policy-name { inbound | outbound }

A traffic policy is applied to the VLAN.
Only one traffic policy can be applied to a VLAN in the inbound or
outbound direction.
After a traffic policy is applied, the system performs traffic policing
for the packets that belong to a VLAN and match traffic classification
rules in the inbound or outbound direction.
– Applying a traffic policy to the system
i. Run system-view
The system view is displayed.
ii. Run traffic-policy policy-name global { inbound | outbound } [ slot
slot-id ]
A traffic policy is applied to the system.
Only one traffic policy can be applied to the system or slot in one
direction. A traffic policy cannot be applied to the same direction in
the system and slot simultaneously.
○ In a stack, a traffic policy that is applied to the system takes
effect on all the interfaces and VLANs of all the member
switches in the stack. The system then performs traffic policing
for all the incoming and outgoing packets that match traffic
classification rules on all the member switches. A traffic policy
that is applied to a specified slot takes effect on all the
interfaces and VLANs of the member switch with the specified
stack ID. The system then performs traffic policing for all the
incoming and outgoing packets that match traffic classification
rules on this member switch.
○ On a standalone switch, a traffic policy that is applied to the
system takes effect on all the interfaces and VLANs of the local
switch. The system then performs traffic policing for all the
incoming and outgoing packets that match traffic classification
rules on the local switch. Traffic policies applied to the slot and
system have the same functions.

Verifying the Configuration

● Run the display traffic classifier user-defined [ classifier-name ] command
to check the traffic classifier configuration on the device.
● Run the display traffic behavior user-defined [ behavior-name ] command
to check the traffic behavior configuration on the device.
● Run the display traffic policy user-defined [ policy-name [ classifier
classifier-name ] ] command to check the user-defined traffic policy
configuration.
● Run the display traffic-applied [ interface [ interface-type interface-
number ] | vlan [ vlan-id ] ] { inbound | outbound } [ verbose ] command to
check traffic actions and ACL rules associated with the system, a VLAN, or an
interface.
● Run the display traffic policy { interface [ interface-type interface-number ]
| vlan [ vlan-id ] | global } [ inbound | outbound ] command to check the
traffic policy configuration on the device.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 483

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

● Run the display traffic-policy applied-record [ policy-name ] command to

check the record of the specified traffic policy.

10.8 Configuring the TPID Value in an Outer VLAN Tag

Context
Devices from different vendors or in different network plans may use different
TPID values in VLAN tags of VLAN packets. To adapt to an existing network plan,
the switch supports TPID value configuration. You can set the TPID value on the
switch to be the same as the TPID value in the network plan to ensure
compatibility with the current network.

NOTE

● To implement interoperability with a non-Huawei device, ensure that the protocol type
in the outer VLAN tag added by the switch can be identified by the non-Huawei device.
● The qinq protocol command identifies incoming packets, and adds or changes the TPID
value of outgoing packets.
● The protocol ID configured on an interface by the qinq protocol command must be
different from other commonly used protocol IDs; otherwise, the interface cannot
distinguish packets of these protocols. For example, protocol-id cannot be set to 0x0806,
which is the ARP protocol ID.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The interface view is displayed.

Step 3 Run qinq protocol protocol-id

The protocol type in the outer VLAN tag is set.

The qinq protocol command cannot be used on Dot1q-tunnel interfaces.

By default, the TPID value in the outer VLAN tag is 0x8100.

----End

Verifying the Configuration

Run the display this command in the interface view to check the configured
protocol type of the outer VLAN tag.

10.9 Configuring QinQ Stacking on a VLANIF Interface

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 484

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Context
To log in to a remote device from the local device to manage the remote device,
configure QinQ stacking on the VLANIF interface corresponding to the
management VLAN on the remote device. As shown in Figure 10-10, SwitchA is
connected to SwitchB through a third-party network. The management VLAN on
SwitchB is the same as the VLAN for users connected to SwitchA and is different
from the VLAN provided by the carrier.

Figure 10-10 Networking for QinQ stacking on a VLANIF interface

20 10 IP SwitchB

Internet
SwitchA

10 IP Management VLAN 10
Interface VLANIF 10

user2

user1
VLAN 10

To log in to SwitchB from SwitchA, you can configure QinQ stacking on the
VLANIF interface corresponding to the management VLAN on SwitchB.
● Packet sent from SwitchA to SwitchB
The user-side interface on SwitchA configured with QinQ sends double-tagged
packets to the ISP network. The outer VLAN tag is the same as the VLAN tag
provided by the carrier so that the packets can be transparently transmitted to
SwitchB over the ISP network.
When SwitchB receives a double-tagged packet, it compares the VLAN tag of
the packet with the VLAN tag configured on the VLANIF interface. If the outer
tag of the packet is the same as the VLAN tag configured on the VLANIF
interface, SwitchB removes the outer tag and sends the packet to the IP layer
for processing.
● Packet sent from SwitchB to SwitchA
When the VLANIF interface of SwitchB receives a data packet, SwitchB adds a
VLAN tag to the packet according to the QinQ stacking configuration. The
new outer VLAN tag is the same as the VLAN tag provided by the carrier so
that the double-tagged data packet can be transparently transmitted to
SwitchA over the ISP network. SwitchA removes the outer VLAN tag of the
packet and forwards the packet.

Pre-configuration Tasks
Before configuring QinQ stacking on a VLANIF interface, complete the following
tasks:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 485

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

● Create a VLAN.
● Configure a management VLAN.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface vlanif vlan-id

The VLANIF interface corresponding to the management VLAN is created.

Before running this command, ensure that the management VLAN exists.

Step 3 Run qinq stacking vlan vlan-id

QinQ stacking is configured on the VLANIF interface.

NOTE

● When configuring QinQ stacking on a VLANIF interface, ensure that the VLANIF
interface corresponds to the management VLAN. VLANIF interfaces corresponding to
other VLANs do not support QinQ stacking.
● Before changing the configured outer VLAN, run the undo qinq stacking vlan
command to delete the original QinQ stacking.
● The qinq stacking vlan and icmp host-unreachable send commands cannot be used
together, so you must run the undo icmp host-unreachable send command before
using the qinq stacking vlan command.
● The outer VLAN added to packets must be an existing VLAN with no VLANIF interface
configured.

----End

Follow-up Procedure
● Run the display vlan [ vlan-id [ verbose ] ] command to check the
management VLAN.
● Run the display this command in the VLANIF interface view to check the
QinQ stacking configuration.

10.10 Configuring the Device to Add Double VLAN Tags

to Untagged Packets

Context
Generally, two devices are required to add double tags to packets. Configuring one
device to add double VLAN tags to untagged packets can simplify configuration.
In addition, a Layer 2 interface can add double tags to untagged packets to
differentiate services or users.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 486

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run vlan vlan-id
The outer VLAN is created.
Step 3 Run quit
Return to the system view.
Step 4 Run interface interface-type interface-number
The interface view is displayed.
Step 5 Run port link-type hybrid
The link type of the interface is set to hybrid.
By default, the link type of an interface on the S1720GFR, S1720GW, S1720GWR,
S1720X, S1720GW-E, S1720GWR-E, S1720X-E, S2750EI, S2720EI, S5700LI, S5700S-
LI, S5720LI, S5720S-LI, S6720LI, S6720S-LI, S5710-X-LI, S5730SI, S5730S-EI,
S6720SI, S6720S-SI, S5720SI, and S5720S-SI is negotiation-auto, and the link type
of an interface on other models is negotiation-desirable.
Step 6 Run qinq vlan-translation enable
VLAN translation is enabled on the interface.
Step 7 Run port hybrid untagged vlan vlan-id
The interface is added to the outer VLAN.
Step 8 Run port vlan-stacking untagged stack-vlan vlan-id1 stack-inner-vlan vlan-id2
The interface is configured to add double VLAN tags to untagged packets.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 487

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

NOTE

To enable an interface to add double VLAN tags to an untagged packet, you must set the
link type of the interface to hybrid and add the interface to the outer VLAN specified by
stack-vlan on the S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E,
S1720X-E, S2720EI, S2750EI, S5700LI, S5700S-LI, S5720LI, S5720S-LI, S6720LI, S6720S-LI,
S5710-X-LI, S6720SI, S6720S-SI, S5730SI, S5730S-EI, S5720SI, and S5720S-SI. On other
devices, you need to set the link type of the interface to hybrid or trunk, and add the
interface to the outer VLAN specified by stack-vlan .
If the PVID of an interface is not VLAN 1, restore the PVID to VLAN 1 before running the
port vlan-stacking untagged command.
The port vlan-stacking untagged command actually configures a VLAN assignment mode.
On the S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E, S1720X-E,
S2750EI, S2720EI, S5700LI, S5700S-LI, S5720LI, S5720S-LI, S6720LI, S6720S-LI, S5710-X-LI,
S5730SI, S5730S-EI, S6720SI, S6720S-SI, S5720SI, and S5720S-SI, different VLAN assignment
modes are in the following order of priority: interface-based VLAN assignment > voice
VLAN include-untagged > MAC address-based VLAN assignment > IP subnet-based VLAN
assignment > port vlan-stacking untagged > protocol-based VLAN assignment >
interface-based VLAN assignment. On other models, different VLAN assignment modes are
in the following order of priority: policy-based VLAN assignment > voice VLAN include-
untagged > MAC address-based VLAN assignment > IP subnet-based VLAN assignment >
protocol-based VLAN assignment > interface-based VLAN assignment.

----End

10.11 Configuring QinQ Mapping

Pre-configuration Tasks
Before configuring QinQ mapping, complete the following tasks:
● Connect the device correctly.
● Configure the VLANs that users belong to so that user packets carry one or
double VLAN tags.
● Ensure that the device is not a VCMP client.

10.11.1 Configuring 1-to-1 QinQ Mapping

Context
1-to-1 QinQ mapping allows a sub-interface to map a tag in a received single-
tagged packet to a specified tag.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The interface view is displayed.

Step 3 Run port link-type { hybrid | trunk }

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 488

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

The port link-type is set.

Step 4 Run quit

Return to the system view.

Step 5 Run interface interface-type interface-number.subinterface-number

The view of the CE-side Ethernet or Eth-Trunk sub-interface of the PE is displayed.

Step 6 Run qinq mapping vid vlan-id1 [ to vlan-id2 ] map-vlan vid vlan-id3

The sub-interface is configured to map a tag of a packet to a specified tag.

The original VLAN IDs of single-tagged packets specified in the command must be
different from the outer VLAN IDs specified on all the other sub-interfaces.

NOTE

● QinQ mapping cannot be used with stacking, QinQ termination, and Dot1q termination
commands on the same sub-interface.
● If the PW-side interface is a Layer 3 interface switched by the undo portswitch
command, the AC-side interface cannot be a Layer 3 interface or subinterface belonging
to a Layer 3 interface; otherwise, traffic forwarding is abnormal. This rule applies to
S5720EI, S6720EI, and S6720S-EI.

----End

10.11.2 Configuring 2-to-1 QinQ Mapping

Context
2-to-1 QinQ mapping allows a sub-interface to map an outer tag in a received
double-tagged packet to a specified tag and retain the inner VLAN tag.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The interface view is displayed.

Step 3 Run port link-type { hybrid | trunk }

The port link-type is set.

Step 4 Run quit

Return to the system view.

Step 5 Run interface interface-type interface-number.subinterface-number

The view of the CE-side Ethernet or Eth-Trunk sub-interface of the PE is displayed.

Step 6 Run qinq mapping pe-vid vlan-id1 ce-vid vlan-id2 [ to vlan-id3 ] map-vlan vid
vlan-id4

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 489

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

The sub-interface is configured to map the outer tag of double-tagged packets to

a specified tag.

The original outer tag of double-tagged packets specified in the command must
be different from outer tags specified on all the other sub-interfaces.

NOTE

● QinQ mapping cannot be used with stacking, QinQ termination, and Dot1q termination
commands on the same sub-interface.
● If the PW-side interface is a Layer 3 interface switched by the undo portswitch
command, the AC-side interface cannot be a Layer 3 interface or subinterface belonging
to a Layer 3 interface; otherwise, traffic forwarding is abnormal. This rule applies to
S5720EI, S6720EI, and S6720S-EI.

----End

10.12 Displaying VLAN Translation Resource Usage

Context
During QinQ configuration (excluding basic QinQ configuration), VLAN translation
resources may be insufficient. You can run commands to view the total number of
inbound/outbound VLAN translation resources, the number of used VLAN
translation resources, and the number of remaining VLAN translation resources.
The command output helps you locate faults.

Procedure
Step 1 Run the display vlan-translation resource [ slot slot-number ] command in any
view to view VLAN translation resource usage.
NOTE

Only the S5720HI, S5720EI, S6720EI, and S6720S-EI support this command.

Step 2 Run the display spare-bucket resource [ slot slot-number ] command in any
view to view the usage of backup resources when VLAN translation resources
conflict.
NOTE
Only the S5720HI supports this command.

----End

10.13 Configuration Examples for QinQ

10.13.1 Example for Configuring Basic QinQ

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 490

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Networking Requirements
As shown in Figure 10-11, there are two enterprises on the network, Enterprise 1
and Enterprise 2. Both of them have two office locations, which connect to
SwitchA and SwitchB of the ISP network. A non-Huawei device on the ISP network
uses the TPID value of 0x9100.

The requirements are as follows:

● Enterprise 1 and Enterprise 2 use independent VLAN plans that do not affect
each other.
● Traffic of an enterprise's branches is transparently transmitted on the ISP
network. Users accessing the same service in an enterprise are allowed to
communicate, and users accessing different services are isolated.
You can configure QinQ to meet the preceding requirements. VLAN 100 and VLAN
200 provided by the ISP network can be used to transmit traffic for Enterprise 1
and Enterprise 2 respectively, thereby implementing communication within an
enterprise and isolating the two enterprises. To implement interoperation with the
non-Huawei device, set the TPID value in outer VLAN tags to 0x9100 on the
interfaces of the Huawei devices connected to the non-Huawei device.

Figure 10-11 Networking for configuring basic QinQ

ISP

VLAN 100,200
TPID=0x9100

GE0/0/3 GE0/0/3

Switch A Switch B
GE0/0/1 GE0/0/2 GE0/0/1 GE0/0/2

Enterprise 1 Enterprise 2 Enterprise 1 Enterprise 2

VLAN 10 to 50 VLAN 20 to 60 VLAN 10 to 50 VLAN 20 to 60

Configuration Roadmap
The configuration roadmap is as follows:

1. Create VLAN 100 and VLAN 200 on SwitchA and SwitchB. Configure interfaces
connected to the two enterprises as QinQ interfaces and add them to VLAN
100 and VLAN 200 respectively, so that packets from the two enterprises are
tagged with different outer VLAN tags.
2. Add interfaces of SwitchA and SwitchB connected to the ISP network to VLAN
100 and VLAN 200 so that packets from the two VLANs are allowed to pass
through.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 491

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

3. On the interfaces of SwitchA and SwitchB connected to the ISP network, set
the TPID in outer VLAN tags to the value used on the non-Huawei device so
that SwitchA and SwitchB can interwork with the non-Huawei device.

Procedure
Step 1 Create VLANs.

# Create VLAN 100 and VLAN 200 on SwitchA.

<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 100 200

# Create VLAN 100 and VLAN 200 on SwitchB.

<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 100 200

Step 2 Set the link type of interfaces to Dot1q-tunnel.

# Configure GE0/0/1 and GE0/0/2 on SwitchA as QinQ interfaces, and set the
default VLAN of GE0/0/1 to VLAN 100 and the default VLAN of GE0/0/2 to VLAN
200. The configuration of SwitchB is similar to the configuration of SwitchA, and is
not mentioned here.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type dot1q-tunnel
[SwitchA-GigabitEthernet0/0/1] port default vlan 100
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type dot1q-tunnel
[SwitchA-GigabitEthernet0/0/2] port default vlan 200
[SwitchA-GigabitEthernet0/0/2] quit

Step 3 Configure the interfaces of SwitchA and SwitchB connected to the ISP network.

# Add GE0/0/3 of SwitchA to VLAN 100 and VLAN 200. The configuration of
SwitchB is similar to the configuration of SwitchA, and is not mentioned here.
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] port link-type trunk
[SwitchA-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 200
[SwitchA-GigabitEthernet0/0/3] quit

Step 4 Configure the TPID value in outer VLAN tags.

# Set the TPID value in outer VLAN tags to 0x9100 on SwitchA.

[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] qinq protocol 9100

# Set the TPID value in outer VLAN tags to 0x9100 on SwitchB.

[SwitchB] interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] qinq protocol 9100

Step 5 Verify the configuration.

In Enterprise 1, ping a PC in a VLAN of a branch from a PC in the same VLAN of

another branch. If the ping operation is successful, internal users of Enterprise 1
can communicate.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 492

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

In Enterprise 2, ping a PC in a VLAN of a branch from a PC in the same VLAN of

another branch. If the ping operation is successful, internal users of Enterprise 2
can communicate.

Ping a PC in any VLAN of Enterprise 2 from a PC in the same VLAN of Enterprise

1. If the ping operation fails, users in Enterprise 1 and Enterprise 2 are isolated.

----End

Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 100 200
#
interface GigabitEthernet0/0/1
port link-type dot1q-tunnel
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type dot1q-tunnel
port default vlan 200
#
interface GigabitEthernet0/0/3
qinq protocol 9100
port link-type trunk
port trunk allow-pass vlan 100 200
#
return

● SwitchB configuration file

#
sysname SwitchB
#
vlan batch 100 200
#
interface GigabitEthernet0/0/1
port link-type dot1q-tunnel
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type dot1q-tunnel
port default vlan 200
#
interface GigabitEthernet0/0/3
qinq protocol 9100
port link-type trunk
port trunk allow-pass vlan 100 200
#
return

Related Content
Videos

Configuring QinQ

10.13.2 Example for Configuring Selective QinQ

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 493

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Networking Requirements
As shown in Figure 10-12, Internet access users (using PCs) and VoIP users (using
VoIP terminals) connect to the ISP network through SwitchA and SwitchB and
communicate with each other through the ISP network.
The enterprise assigns VLAN 100 to PCs and VLAN 300 to VoIP terminals. Packets
from PCs and VoIP terminals need to be transmitted over the ISP network in VLAN
2 and VLAN 3 respectively.

Figure 10-12 Networking diagram for configuring selective QinQ

SwitchA SwitchB
GE0/0/2 Carrier GE0/0/2
network
GE0/0/1 GE0/0/1

PC VoIP VoIP PC

Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs on SwitchA and SwitchB.
2. Configure link types of interfaces on SwitchA and SwitchB and add the
interfaces to VLANs.
3. Configure selective QinQ on interfaces of SwitchA and SwitchB.

Procedure
Step 1 Create VLANs.
# On SwitchA, create VLAN 2 and VLAN 3, that is, VLAN IDs in the outer VLAN
tags to be added.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 2 3

# On SwitchB, create VLAN 2 and VLAN 3, that is, VLAN IDs in the outer VLAN
tags to be added.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 2 3

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 494

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Step 2 Configure selective QinQ on interfaces.

# Configure GE0/0/1 on SwitchA.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type hybrid
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 2 3
[SwitchA-GigabitEthernet0/0/1] qinq vlan-translation enable
[SwitchA-GigabitEthernet0/0/1] port vlan-stacking vlan 100 stack-vlan 2
[SwitchA-GigabitEthernet0/0/1] port vlan-stacking vlan 300 stack-vlan 3
[SwitchA-GigabitEthernet0/0/1] quit

# Configure GE0/0/1 on SwitchB.

[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type hybrid
[SwitchB-GigabitEthernet0/0/1] port hybrid untagged vlan 2 3
[SwitchB-GigabitEthernet0/0/1] qinq vlan-translation enable
[SwitchB-GigabitEthernet0/0/1] port vlan-stacking vlan 100 stack-vlan 2
[SwitchB-GigabitEthernet0/0/1] port vlan-stacking vlan 300 stack-vlan 3
[SwitchB-GigabitEthernet0/0/1] quit

Step 3 Configure other interfaces.

# Add GE0/0/2 to VLAN 2 and VLAN 3 on SwitchA.
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 3
[SwitchA-GigabitEthernet0/0/2] quit

# Add GE0/0/2 to VLAN 2 and VLAN 3 on SwitchB.

[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type trunk
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 3
[SwitchB-GigabitEthernet0/0/2] quit

Step 4 Verify the configuration.

If the configurations on SwitchA and SwitchB are correct, the following situations
occur:
● PCs can communicate with each other through the ISP network.
● VoIP terminals can communicate with each other through the ISP network.

----End

Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 2 to 3
#
interface GigabitEthernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid untagged vlan 2 to 3
port vlan-stacking vlan 100 stack-vlan 2
port vlan-stacking vlan 300 stack-vlan 3
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 3

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 495

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

#
return

● SwitchB configuration file

#
sysname SwitchB
#
vlan batch 2 to 3
#
interface GigabitEthernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid untagged vlan 2 to 3
port vlan-stacking vlan 100 stack-vlan 2
port vlan-stacking vlan 300 stack-vlan 3
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
return

10.13.3 Example for Configuring Selective QinQ and VLAN

Mapping
Networking Requirements
As shown in Figure 10-13, Internet access, IPTV, and VoIP services are provided for
users through home gateways.
The corridor switches allocate VLANs to the services as follows:
● VLANs for the Internet access service of different users: VLAN 1000 to VLAN
1100
● Shared VLAN for the IPTV service: VLAN 1101
● Shared VLAN for the VoIP service: VLAN 1102
● Shared VLAN for home gateways: VLAN 1103
Each community switch is connected to 50 downstream corridor switches, and
maps VLAN IDs in packets of the Internet access service from the corridor switches
to VLANs 101-150.
The aggregation switch of the carrier is connected to 50 downstream community
switches, and adds outer VLAN IDs 21-70 to packets sent from the community
switches.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 496

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Figure 10-13 Networking diagram for configuring selective QinQ and VLAN
mapping

ME60

Internet

Aggregate switch of carrier SwitchA

GE0/0/1
…… ……
GE0/0/2
Community SwitchB
switch
GE0/0/1
…… …… …… ……

Corridor
switch

…… …… …… ……

Home
gateway

Configuration Roadmap
The configuration roadmap is as follows:

1. Create VLANs on SwitchA and SwitchB.

2. Configure VLAN mapping on SwitchB and add GE 0/0/1 and GE 0/0/2 to
VLANs.
3. Configure selective QinQ on SwitchA and add GE 0/0/1 to VLANs.
4. Add other downlink interfaces of SwitchA and SwitchB to VLANs. The
configurations are similar to the configurations of GE 0/0/1 interfaces, and
are not mentioned here.
5. Configure other community switches. The configuration is similar to the
configuration of SwitchB, and is not mentioned here.

Procedure
Step 1 Configure SwitchA.

# Create VLANs.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 21 to 70 1101 to 1103

# Add downlink interface gigabitethernet 0/0/1 to VLANs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 497

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

[SwitchA] interface gigabitethernet 0/0/1

[SwitchA-GigabitEthernet0/0/1] port link-type hybrid
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 21
[SwitchA-GigabitEthernet0/0/1] port hybrid tagged vlan 1101 to 1103
[SwitchA-GigabitEthernet0/0/1] quit

# Configure selective QinQ on gigabitethernet 0/0/1.

[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] qinq vlan-translation enable
[SwitchA-GigabitEthernet0/0/1] port vlan-stacking vlan 101 to 150 stack-vlan 21
[SwitchA-GigabitEthernet0/0/1] quit

Step 2 Configure SwitchB.

# Create VLANs.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 101 to 150 1000 to 1103

# Add interfaces to VLANs.

[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type hybrid
[SwitchB-GigabitEthernet0/0/1] port hybrid tagged vlan 101 1000 to 1103
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type hybrid
[SwitchB-GigabitEthernet0/0/2] port hybrid tagged vlan 101 to 150 1101 to 1103
[SwitchB-GigabitEthernet0/0/2] quit

# Configure VLAN mapping on downlink interface gigabitethernet 0/0/1.

[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] qinq vlan-translation enable
[SwitchB-GigabitEthernet0/0/1] port vlan-mapping vlan 1000 to 1100 map-vlan 101
[SwitchB-GigabitEthernet0/0/1] quit

Step 3 Verify the configuration.

The Internet access service, IPTV service, and VoIP service are available.

----End

Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 21 to 70 1101 to 1103
#
interface GigabitEthernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid tagged vlan 1101 to 1103
port hybrid untagged vlan 21
port vlan-stacking vlan 101 to 150 stack-vlan 21
#
return

● SwitchB configuration file

#
sysname SwitchB
#
vlan batch 101 to 150 1000 to 1103
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 498

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

interface GigabitEthernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid tagged vlan 101 1000 to 1103
port vlan-mapping vlan 1000 to 1100 map-vlan 101
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 101 to 150 1101 to 1103
#
return

10.13.4 Example for Configuring Flow-based Selective QinQ

Networking Requirements
As shown in Figure 10-14, Internet access users (using PCs) and VoIP users (using
VoIP terminals) connect to the ISP network through SwitchA and SwitchB. These
users communicate with each other through the ISP network.

Packets from PCs and VoIP terminals need to be transmitted over the ISP network
in VLAN 2 and VLAN 3 respectively.

You can configure a traffic policy to implement selective QinQ on the Switch.

NOTE

Only the S1720X, S1720X-E, S5730SI, S5730S-EI, S6720LI, S6720S-LI, S6720SI, and S6720S-
SI support this example.

Figure 10-14 Networking diagram for configuring flow-based selective QinQ

SwitchA SwitchB
GE0/0/2 Carrier GE0/0/2
network
GE0/0/1 GE0/0/1

PC VoIP VoIP PC

VLAN100~200 VLAN300~400 VLAN300~400 VLAN100~200

Configuration Roadmap
The configuration roadmap is as follows:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 499

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

1. Create VLANs on SwitchA and SwitchB.

2. Configure traffic classifiers, traffic behaviors, and bind them in a traffic policy
on SwitchA and SwitchB.
3. Configure link types of interfaces on SwitchA and SwitchB, and add the
interfaces to VLANs.
4. Apply the traffic policy to interfaces of SwitchA and SwitchB to implement
selective QinQ.

Procedure
Step 1 Create VLANs.
# On SwitchA, create VLAN 2 and VLAN 3, that is, VLAN IDs in the outer VLAN
tags to be added.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 2 3

# On SwitchB, create VLAN 2 and VLAN 3, that is, VLAN IDs in the outer VLAN
tags to be added.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 2 3

Step 2 Configure a traffic policy on SwitchA.

Configure traffic classifiers, traffic behaviors, and a traffic policy on SwitchA.
[SwitchA] traffic classifier name1
[SwitchA-classifier-name1] if-match vlan-id 100 to 200
[SwitchA-classifier-name1] quit
[SwitchA] traffic behavior name1
[SwitchA-behavior-name1] add-tag vlan-id 2
[SwitchA-behavior-name1] quit
[SwitchA] traffic classifier name2
[SwitchA-classifier-name2] if-match vlan-id 300 to 400
[SwitchA-classifier-name2] quit
[SwitchA] traffic behavior name2
[SwitchA-behavior-name2] add-tag vlan-id 3
[SwitchA-behavior-name2] quit
[SwitchA] traffic policy name1
[SwitchA-trafficpolicy-name1] classifier name1 behavior name1
[SwitchA-trafficpolicy-name1] classifier name2 behavior name2
[SwitchA-trafficpolicy-name1] quit

# Configure traffic classifiers, traffic behaviors, and a traffic policy on SwitchB.

[SwitchB] traffic classifier name1
[SwitchB-classifier-name1] if-match vlan-id 100 to 200
[SwitchB-classifier-name1] quit
[SwitchB] traffic behavior name1
[SwitchB-behavior-name1] add-tag vlan-id 2
[SwitchB-behavior-name1] quit
[SwitchB] traffic classifier name2
[SwitchB-classifier-name2] if-match vlan-id 300 to 400
[SwitchB-classifier-name2] quit
[SwitchB] traffic behavior name2
[SwitchB-behavior-name2] add-tag vlan-id 3
[SwitchB-behavior-name2] quit
[SwitchB] traffic policy name1
[SwitchB-trafficpolicy-name1] classifier name1 behavior name1
[SwitchB-trafficpolicy-name1] classifier name2 behavior name2
[SwitchB-trafficpolicy-name1] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 500

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Step 3 Apply the traffic policy to interfaces of SwitchA and SwitchB to implement
selective QinQ.
# Configure GE 0/0/1 on SwitchA.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type hybrid
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 2 3
[SwitchA-GigabitEthernet0/0/1] traffic-policy name1 inbound
[SwitchA-GigabitEthernet0/0/1] quit

# Configure GE 0/0/1 on SwitchB.

[SwitchB] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type hybrid
[SwitchB-GigabitEthernet0/0/1] port hybrid untagged vlan 2 3
[SwitchB-GigabitEthernet0/0/1] traffic-policy name1 inbound
[SwitchB-GigabitEthernet0/0/1] quit

Step 4 Configure other interfaces.

# Add GE 0/0/2 on SwitchA to VLAN 2 and VLAN 3.
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 3
[SwitchA-GigabitEthernet0/0/2] quit

# Add GE 0/0/2 on SwitchB to VLAN 2 and VLAN 3.

[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type trunk
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 3
[SwitchB-GigabitEthernet0/0/2] quit

Step 5 Verify the configuration.

If the configurations on SwitchA and SwitchB are correct, the following situations
occur:
● PCs can communicate with each other through the ISP network.
● VoIP terminals can communicate with each other through the ISP network.

----End

Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 2 to 3
#
traffic classifier name1 operator or
if-match vlan-id 100 to 200
traffic classifier name2 operator or
if-match vlan-id 300 to 400
#
traffic behavior name1
add-tag vlan-id 2
traffic behavior name2
add-tag vlan-id 3
#
traffic policy name1
classifier name1 behavior name1
classifier name2 behavior name2

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 501

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid untagged vlan 2 to 3
traffic-policy name1 inbound
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
return

● SwitchB configuration file

#
sysname SwitchB
#
vlan batch 2 to 3
#
traffic classifier name1 operator or
if-match vlan-id 100 to 200
traffic classifier name2 operator or
if-match vlan-id 300 to 400
#
traffic behavior name1
add-tag vlan-id 2
traffic behavior name2
add-tag vlan-id 3
#
traffic policy name1
classifier name1 behavior name1
classifier name2 behavior name2
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid untagged vlan 2 to 3
traffic-policy name1 inbound
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
return

10.13.5 Example for Connecting a Single-Tag VLAN Mapping

Sub-Interface to a VLL Network
Networking Requirements
As shown in Figure 10-15, CE1 and CE2 are connected to PE1 and PE2 respectively
through VLANs.
A Martini VLL is set up between CE1 and CE2.

NOTE

● Only the S5720EI, S5720HI, S6720EI, and S6720S-EI support this example.
● VLAN termination sub-interfaces cannot be created on a VCMP client.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 502

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Figure 10-15 Networking diagram for connecting a single-tag VLAN mapping

sub-interface to a VLL network
Loopback1 Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32 3.3.3.3/32

GE0/0/2 GE0/0/1
PE1 PE2
GE0/0/2 GE0/0/1
GE0/0/1 P GE0/0/2

GE0/0/1 Martini GE0/0/1

CE1 CE2

Switch Interface VLANIF Interface IP Address

PE1 GigabitEthernet0/0 GigabitEthernet0/0 -

/1 /1.1

- GigabitEthernet0/0 VLANIF 20 10.1.1.1/24

/2

- Loopback1 - 1.1.1.1/32

PE2 GigabitEthernet0/0 VLANIF 30 10.2.2.1/24

/1

- GigabitEthernet0/0 GigabitEthernet0/0 -
/2 /2.1

- Loopback1 - 3.3.3.3/32

P GigabitEthernet0/0 VLANIF 30 10.2.2.2/24

/1

- GigabitEthernet0/0 VLANIF 20 10.1.1.2/24

/2

- Loopback1 - 2.2.2.2/32

CE1 GigabitEthernet0/0 VLANIF 10 10.10.10.1/24

/1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 503

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Switch Interface VLANIF Interface IP Address

CE2 GigabitEthernet0/0 VLANIF 20 10.10.10.2/24

/1

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a routing protocol on PE and P devices of the backbone network to
implement interworking, and enable MPLS.
2. Use the default tunnel policy to create an LSP for data transmission.
3. Enable MPLS L2VPN and create VC connections on PEs.
4. Create a sub-interface on the interface of PE1 connected to CE1, configure
VLAN mapping of a single tag on the sub-interface, and create a VC to
connect the sub-interface to the VLL network.
5. Configure a Dot1q sub-interface on the interface of PE2 connected to CE2,
and create a VC to connect the sub-interface to the VLL network.

Procedure
Step 1 Add interfaces of CEs, PEs, and P to VLANs and configure IP addresses for the
VLANIF interfaces according to Figure 10-15.
# Configure CE1 to ensure that packets sent from CE1 to PE1 carry a VLAN tag.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 10
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.10.10.1 24
[CE1-Vlanif10] quit

# Configure CE2 to ensure that packets sent from CE2 to PE2 carry a VLAN tag.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 20
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port link-type trunk
[CE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 20
[CE2-GigabitEthernet0/0/1] quit
[CE2] interface vlanif 20
[CE2-Vlanif20] ip address 10.10.10.2 24
[CE2-Vlanif20] quit

# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan batch 20
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] port link-type hybrid
[PE1-GigabitEthernet0/0/2] port hybrid pvid vlan 20
[PE1-GigabitEthernet0/0/2] port hybrid tagged vlan 20

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 504

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

[PE1-GigabitEthernet0/0/2] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip address 10.1.1.1 24
[PE1-Vlanif20] quit

# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] vlan batch 20 30
[P] interface gigabitethernet 0/0/1
[P-GigabitEthernet0/0/1] port link-type hybrid
[P-GigabitEthernet0/0/1] port hybrid pvid vlan 30
[P-GigabitEthernet0/0/1] port hybrid tagged vlan 30
[P-GigabitEthernet0/0/1] quit
[P] interface gigabitethernet 0/0/2
[P-GigabitEthernet0/0/2] port link-type hybrid
[P-GigabitEthernet0/0/2] port hybrid pvid vlan 20
[P-GigabitEthernet0/0/2] port hybrid tagged vlan 20
[P-GigabitEthernet0/0/2] quit
[P] interface vlanif 20
[P-Vlanif20] ip address 10.1.1.2 24
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] ip address 10.2.2.2 24
[P-Vlanif30] quit

# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] vlan batch 30
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] port link-type hybrid
[PE2-GigabitEthernet0/0/1] port hybrid pvid vlan 30
[PE2-GigabitEthernet0/0/1] port hybrid tagged vlan 30
[PE2-GigabitEthernet0/0/1] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] ip address 10.2.2.1 24
[PE2-Vlanif30] quit

Step 2 Configure an IGP on the MPLS backbone network. OSPF is used in this example.

Configure PE1, P, and PE2 to advertise 32-bit loopback interface addresses as the
LSR IDs.

# Configure PE1.
[PE1] router id 1.1.1.1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit

# Configure P.
[P] router id 2.2.2.2
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.2 32
[P-LoopBack1] quit
[P] ospf 1
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 505

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

[P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255

[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit

# Configure PE2.
[PE2] router id 3.3.3.3
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.3 32
[PE2-LoopBack1] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 10.2.2.1 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit

# After the configuration is complete, PE1, P, and PE2 can establish OSPF neighbor
relationships. Run the display ospf peer command to verify that the OSPF
neighbor relationship status is Full. Run the display ip routing-table command to
verify that the PEs learn the route to the Loopback1 interface of each other. The
following is the display on PE1:
[PE1] display ospf peer

OSPF Process 1 with Router ID 1.1.1.1

Neighbors

Area 0.0.0.0 interface 10.1.1.1(Vlanif20)'s neighbors

Router ID: 2.2.2.2 Address: 10.1.1.2
State: Full Mode:Nbr is Master Priority: 1
DR: 10.1.1.2 BDR: 10.1.1.1 MTU: 0
Dead timer due in 34 sec
Retrans timer interval: 5
Neighbor is up for 00:01:16
Authentication Sequence: [ 0 ]
[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8

Destination/Mask Proto Pre Cost Flags NextHop Interface

1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack1

2.2.2.2/32 OSPF 10 1 D 10.1.1.2 Vlanif20
3.3.3.3/32 OSPF 10 2 D 10.1.1.2 Vlanif20
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif20
10.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif20
10.2.2.0/24 OSPF 10 2 D 10.1.1.2 Vlanif20
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Step 3 Enable basic MPLS functions and MPLS LDP on the MPLS network.

# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit

# Configure P.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 506

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

[P] mpls lsr-id 2.2.2.2

[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls ldp
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls
[PE2-Vlanif30] mpls ldp
[PE2-Vlanif30] quit

Step 4 Create remote LDP sessions between PEs.

# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] quit

# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] quit

After the configuration is complete, run the display mpls ldp session command
on PE1 to view the LDP session setup. You can see that an LDP session has been
set up between PE1 and PE2.
The output on PE1 is used as an example:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:15:29 3717/3717
3.3.3.3:0 Operational DU Passive 0000:00:00 2/2
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.

Step 5 Enable MPLS L2VPN on PEs and create VC connections.

# On PE1, create a VC connection on GigabitEthernet0/0/1.1 connected to CE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1] vcmp role silent
[PE1] interface gigabitethernet0/0/1
[PE1-GigabitEthernet0/0/1] port link-type hybrid
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface gigabitethernet0/0/1.1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 507

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

[PE1-GigabitEthernet0/0/1.1] qinq mapping vid 10 map-vlan vid 20

[PE1-GigabitEthernet0/0/1.1] mpls l2vc 3.3.3.3 101
[PE1-GigabitEthernet0/0/1.1] quit

# On PE2, create a VC connection on GigabitEthernet0/0/2.1 connected to CE2.

[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2] vcmp role silent
[PE2] interface gigabitethernet0/0/2
[PE2-GigabitEthernet0/0/2] port link-type hybrid
[PE2-GigabitEthernet0/0/2] quit
[PE2] interface gigabitethernet0/0/2.1
[PE2-GigabitEthernet0/0/2.1] dot1q termination vid 20
[PE2-GigabitEthernet0/0/2.1] mpls l2vc 1.1.1.1 101
[PE2-GigabitEthernet0/0/2.1] quit

Step 6 Verify the configuration.

On PEs, check the L2VPN connections. You can see that an L2VC connection has
been set up and is in Up state.

The output on PE1 is used as an example:

[PE1] display mpls l2vc interface gigabitethernet0/0/1.1
*client interface : GigabitEthernet0/0/1.1 is up
Administrator PW : no
session state : up
AC status : up
Ignore AC state : disable
VC state : up
Label state :0
Token state :0
VC ID : 101
VC type : VLAN
destination : 3.3.3.3
local group ID :0 remote group ID :0
local VC label : 23552 remote VC label : 23552
local AC OAM State : up
local PSN OAM State : up
local forwarding state : forwarding
local status code : 0x0
remote AC OAM state : up
remote PSN OAM state : up
remote forwarding state: forwarding
remote status code : 0x0
ignore standby state : no
BFD for PW : unavailable
VCCV State : up
manual fault : not set
active state : active
forwarding entry : exist
link state : up
local VC MTU : 1500 remote VC MTU : 1500
local VCCV : alert ttl lsp-ping bfd
remote VCCV : alert ttl lsp-ping bfd
local control word : disable remote control word : disable
tunnel policy name : --
PW template name : --
primary or secondary : primary
load balance type : flow
Access-port : false
Switchover Flag : false
VC tunnel/token info : 1 tunnels/tokens
NO.0 TNL type : lsp , TNL ID : 0x10031
Backup TNL type : lsp , TNL ID : 0x0
create time : 1 days, 22 hours, 15 minutes, 9 seconds
up time : 0 days, 22 hours, 54 minutes, 57 seconds
last change time : 0 days, 22 hours, 54 minutes, 57 seconds

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 508

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

VC last up time : 2010/10/09 19:26:37

VC total up time : 1 days, 20 hours, 42 minutes, 30 seconds
CKey :8
NKey :3
PW redundancy mode : --
AdminPw interface : --
AdminPw link state : --
Diffserv Mode : uniform
Service Class : --
Color : --
DomainId : --
Domain Name : --

CE1 and CE2 can ping each other.

The output on CE1 is used as an example:
[CE1] ping 10.10.10.2
PING 10.10.10.2: 56 data bytes, press CTRL_C to break
Reply from 10.10.10.2: bytes=56 Sequence=1 ttl=255 time=31 ms
Reply from 10.10.10.2: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 10.10.10.2: bytes=56 Sequence=3 ttl=255 time=5 ms
Reply from 10.10.10.2: bytes=56 Sequence=4 ttl=255 time=2 ms
Reply from 10.10.10.2: bytes=56 Sequence=5 ttl=255 time=28 ms

--- 10.10.10.2 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/15/31 ms

----End

Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.10.10.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return

● PE1 configuration file

#
sysname PE1
#
router id 1.1.1.1
#
vcmp role silent
#
vlan batch 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.3

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 509

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

remote-ip 3.3.3.3
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
#
interface GigabitEthernet0/0/1.1
qinq mapping vid 10 map-vlan vid 20
mpls l2vc 3.3.3.3 101
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
● P configuration file
#
sysname P
#
router id 2.2.2.2
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 510

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

#
return

● PE2 configuration file

#
sysname PE2
#
router id 3.3.3.3
#
vcmp role silent
#
vlan batch 30
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
#
interface Vlanif30
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
port link-type hybrid
#
interface GigabitEthernet0/0/2.1
dot1q termination vid 20
mpls l2vc 1.1.1.1 101
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.2.2.0 0.0.0.255
#
return

● CE2 configuration file

#
sysname CE2
#
vlan batch 20
#
interface Vlanif20
ip address 10.10.10.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
return

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 511

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

10.13.6 Example for Connecting a Double-Tag VLAN Mapping

Sub-Interface to a VLL Network

Networking Requirements
As shown in Figure 10-16, CE1 and CE2 are connected to PE1 and PE2 respectively
through VLANs.

A Martini VLL is set up between PE1 and PE2.

Switch1 is connected to CE1 and PE1.

Switch2 is connected to CE2 and PE2.

Selective QinQ is required on the switch interfaces connected to CEs to tag

packets sent from CEs with the VLAN IDs specified by the carrier.

When Switch1 and Switch2 add different VLAN tags to packets, configure double-
tag VLAN mapping on PE sub-interfaces and connect the sub-interfaces to the VLL
network so that CE1 and CE2 can communicate with each other.

When a Switch is connected to multiple CEs, the Switch can add the same outer
VLAN tag to packets with different VLAN tags from different CEs, thereby saving
VLAN IDs on the public network.

NOTE

● Only the S5720EI, S5720HI, S6720EI, and S6720S-EI support this example.
● VLAN termination sub-interfaces cannot be created on a VCMP client.

Figure 10-16 Networking diagram for connecting a double-tag VLAN mapping

sub-interface to a VLL network
Loopback1 Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32 3.3.3.3/32

GE0/0/2 GE0/0/1
PE1 PE2
GE0/0/2 GE0/0/1
GE0/0/1 P GE0/0/2

GE0/0/2 GE0/0/2
Switch1 Switch2
GE0/0/1 GE0/0/1

GE0/0/1 GE0/0/1

CE1 CE2

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 512

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Switch Interface VLANIF Interface IP address

PE1 GigabitEthernet0/0 GigabitEthernet0/0 -

/1 /1.1

- GigabitEthernet0/0 VLANIF 20 10.1.1.1/24

/2

- Loopback1 - 1.1.1.1/32

PE2 GigabitEthernet0/0 VLANIF 30 10.2.2.1/24

/1

- GigabitEthernet0/0 GigabitEthernet0/0 -
/2 /2.1

- Loopback1 - 3.3.3.3/32

P GigabitEthernet0/0 VLANIF 30 10.2.2.2/24

/1

- GigabitEthernet0/0 VLANIF 20 10.1.1.2/24

/2

- Loopback1 - 2.2.2.2/32

CE1 GigabitEthernet0/0 VLANIF 10 10.10.10.1/24

/1

CE2 GigabitEthernet0/0 VLANIF 10 10.10.10.2/24

/1

Configuration Roadmap
The configuration roadmap is as follows:

1. Configure a routing protocol on PE and P devices of the backbone network to

implement interworking, and enable MPLS.
2. Use the default tunnel policy to create an LSP for data transmission.
3. Enable MPLS L2VPN and create VC connections on PEs.
4. Create a sub-interface on the PE1 interface connected to Switch1, configure
double-tag VLAN mapping, and create a VC to connect the QinQ sub-
interface to a VLL network.
5. Create a sub-interface on the PE2 interface connected to Switch2, and create
a VC to connect the QinQ sub-interface to a VLL network.
6. Configure selective QinQ on the switch interfaces connected to CEs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 513

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Procedure
Step 1 Configure the VLANs on the CE, PE, and P devices, add interfaces to the VLANs,
and assign IP addresses to the corresponding VLANIF interfaces according to
Figure 10-16.

# Configure CE1 to ensure that each packet sent from CE1 to Switch1 carries one
VLAN tag.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 10
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.10.10.1 24
[CE1-Vlanif10] quit

# Configure CE2 to ensure that each packet sent from CE2 to Switch2 carries one
VLAN tag.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 10
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port link-type trunk
[CE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE2-GigabitEthernet0/0/1] quit
[CE2] interface vlanif 10
[CE2-Vlanif10] ip address 10.10.10.2 24
[CE2-Vlanif10] quit

# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan batch 20
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] port link-type hybrid
[PE1-GigabitEthernet0/0/2] port hybrid pvid vlan 20
[PE1-GigabitEthernet0/0/2] port hybrid tagged vlan 20
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip address 10.1.1.1 24
[PE1-Vlanif20] quit

# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] vlan batch 20 30
[P] interface gigabitethernet 0/0/1
[P-GigabitEthernet0/0/1] port link-type hybrid
[P-GigabitEthernet0/0/1] port hybrid pvid vlan 30
[P-GigabitEthernet0/0/1] port hybrid tagged vlan 30
[P-GigabitEthernet0/0/1] quit
[P] interface gigabitethernet 0/0/2
[P-GigabitEthernet0/0/2] port link-type hybrid
[P-GigabitEthernet0/0/2] port hybrid pvid vlan 20
[P-GigabitEthernet0/0/2] port hybrid tagged vlan 20
[P-GigabitEthernet0/0/2] quit
[P] interface vlanif 20
[P-Vlanif20] ip address 10.1.1.2 24
[P-Vlanif20] quit
[P] interface vlanif 30

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 514

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

[P-Vlanif30] ip address 10.2.2.2 24

[P-Vlanif30] quit

# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] vlan batch 30
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] port link-type hybrid
[PE2-GigabitEthernet0/0/1] port hybrid pvid vlan 30
[PE2-GigabitEthernet0/0/1] port hybrid tagged vlan 30
[PE2-GigabitEthernet0/0/1] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] ip address 10.2.2.1 24
[PE2-Vlanif30] quit

Step 2 Configure selective QinQ on switch interfaces and specify the VLANs allowed by
the interfaces.
# Configure Switch1.
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan 100
[Switch1-vlan100] quit
[Switch1] interface gigabitethernet0/0/2
[Switch1-GigabitEthernet0/0/2] port link-type hybrid
[Switch1-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[Switch1-GigabitEthernet0/0/2] quit
[Switch1] interface gigabitethernet0/0/1
[Switch1-GigabitEthernet0/0/1] port link-type hybrid
[Switch1-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch1-GigabitEthernet0/0/1] qinq vlan-translation enable
[Switch1-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 100
[Switch1-GigabitEthernet0/0/1] quit

# Configure Switch2.
<HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2] vlan 200
[Switch2-vlan200] quit
[Switch2] interface gigabitethernet0/0/2
[Switch2-GigabitEthernet0/0/2] port link-type hybrid
[Switch2-GigabitEthernet0/0/2] port hybrid tagged vlan 200
[Switch2-GigabitEthernet0/0/2] quit
[Switch2] interface gigabitethernet0/0/1
[Switch2-GigabitEthernet0/0/1] port link-type hybrid
[Switch2-GigabitEthernet0/0/1] port hybrid untagged vlan 200
[Switch2-GigabitEthernet0/0/1] qinq vlan-translation enable
[Switch2-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 200
[Switch2-GigabitEthernet0/0/1] quit

Step 3 Configure an IGP on the MPLS backbone network. OSPF is used in this example.
Configure PE1, P, and PE2 to advertise 32-bit loopback interface addresses as the
LSR IDs.
# Configure PE1.
[PE1] router id 1.1.1.1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 515

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit

# Configure P.
[P] router id 2.2.2.2
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.2 32
[P-LoopBack1] quit
[P] ospf 1
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit

# Configure PE2.
[PE2] router id 3.3.3.3
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.3 32
[PE2-LoopBack1] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 10.2.2.1 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit

# After the configuration is complete, PE1, P, and PE2 can establish OSPF neighbor
relationships. Run the display ospf peer command to verify that the OSPF
neighbor relationship status is Full. Run the display ip routing-table command to
verify that the PEs learn the route to the Loopback1 interface of each other. The
following is the display on PE1:
[PE1] display ospf peer

OSPF Process 1 with Router ID 1.1.1.1

Neighbors

Area 0.0.0.0 interface 10.1.1.1(Vlanif20)'s neighbors

Router ID: 2.2.2.2 Address: 10.1.1.2
State: Full Mode:Nbr is Master Priority: 1
DR: 10.1.1.2 BDR: 10.1.1.1 MTU: 0
Dead timer due in 34 sec
Retrans timer interval: 5
Neighbor is up for 00:01:16
Authentication Sequence: [ 0 ]
[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8

Destination/Mask Proto Pre Cost Flags NextHop Interface

1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack1

2.2.2.2/32 OSPF 10 1 D 10.1.1.2 Vlanif20
3.3.3.3/32 OSPF 10 2 D 10.1.1.2 Vlanif20
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif20
10.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif20
10.2.2.0/24 OSPF 10 2 D 10.1.1.2 Vlanif20
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Step 4 Enable basic MPLS functions and MPLS LDP on the MPLS network.
# Configure PE1.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 516

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

[PE1] mpls lsr-id 1.1.1.1

[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit

# Configure P.
[P] mpls lsr-id 2.2.2.2
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls ldp
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls
[PE2-Vlanif30] mpls ldp
[PE2-Vlanif30] quit

Step 5 Create remote LDP sessions between PEs.

# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] quit

# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] quit

After the configuration is complete, run the display mpls ldp session command
on PE1 to view the LDP session setup. You can see that an LDP session has been
set up between PE1 and PE2.
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:15:29 3717/3717
3.3.3.3:0 Operational DU Passive 0000:00:00 2/2
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.

Step 6 Enable MPLS L2VPN on PEs and create VC connections.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 517

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

# On PE1, create a VC connection on GigabitEthernet0/0/1.1 connected to CE1.

[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1] vcmp role silent
[PE1] interface gigabitethernet0/0/1
[PE1-GigabitEthernet0/0/1] port link-type hybrid
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface gigabitethernet0/0/1.1
[PE1-GigabitEthernet0/0/1.1] qinq mapping pe-vid 100 ce-vid 10 map-vlan vid 200
[PE1-GigabitEthernet0/0/1.1] mpls l2vc 3.3.3.3 101
[PE1-GigabitEthernet0/0/1.1] quit

# On PE2, create a VC connection on GigabitEthernet0/0/2.1 connected to

Switch2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2] vcmp role silent
[PE2] interface gigabitethernet0/0/2
[PE2-GigabitEthernet0/0/2] port link-type hybrid
[PE2-GigabitEthernet0/0/2] quit
[PE2] interface gigabitethernet0/0/2.1
[PE2-GigabitEthernet0/0/2.1] qinq termination pe-vid 200 ce-vid 10
[PE2-GigabitEthernet0/0/2.1] mpls l2vc 1.1.1.1 101
[PE2-GigabitEthernet0/0/2.1] quit

Step 7 Verify the configuration.

Check the L2VPN connections on PEs. You can see that an L2VC connection has
been set up and is in Up state.
The display on PE1 is used as an example.
[PE1] display mpls l2vc interface gigabitethernet0/0/1.1
*client interface : GigabitEthernet0/0/1.1 is up
Administrator PW : no
session state : up
AC status : up
Ignore AC state : disable
VC state : up
Label state :0
Token state :0
VC ID : 101
VC type : VLAN
destination : 3.3.3.3
local group ID :0 remote group ID :0
local VC label : 23552 remote VC label : 23552
local AC OAM State : up
local PSN OAM State : up
local forwarding state : forwarding
local status code : 0x0
remote AC OAM state : up
remote PSN OAM state : up
remote forwarding state: forwarding
remote status code : 0x0
ignore standby state : no
BFD for PW : unavailable
VCCV State : up
manual fault : not set
active state : active
forwarding entry : exist
link state : up
local VC MTU : 1500 remote VC MTU : 1500
local VCCV : alert ttl lsp-ping bfd
remote VCCV : alert ttl lsp-ping bfd
local control word : disable remote control word : disable
tunnel policy name : --
PW template name : --

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 518

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

primary or secondary : primary

load balance type : flow
Access-port : false
Switchover Flag : false
VC tunnel/token info : 1 tunnels/tokens
NO.0 TNL type : lsp , TNL ID : 0x10031
Backup TNL type : lsp , TNL ID : 0x0
create time : 1 days, 22 hours, 15 minutes, 9 seconds
up time : 0 days, 22 hours, 54 minutes, 57 seconds
last change time : 0 days, 22 hours, 54 minutes, 57 seconds
VC last up time : 2010/10/09 19:26:37
VC total up time : 1 days, 20 hours, 42 minutes, 30 seconds
CKey :8
NKey :3
PW redundancy mode : --
AdminPw interface : --
AdminPw link state : --
Diffserv Mode : uniform
Service Class : --
Color : --
DomainId : --
Domain Name : --

CE1 and CE2 can ping each other.

The output on CE1 is used as an example:
[CE1] ping 10.10.10.2
PING 10.10.10.2: 56 data bytes, press CTRL_C to break
Reply from 10.10.10.2: bytes=56 Sequence=1 ttl=255 time=6 ms
Reply from 10.10.10.2: bytes=56 Sequence=2 ttl=255 time=5 ms
Reply from 10.10.10.2: bytes=56 Sequence=3 ttl=255 time=5 ms
Reply from 10.10.10.2: bytes=56 Sequence=4 ttl=255 time=13 ms
Reply from 10.10.10.2: bytes=56 Sequence=5 ttl=255 time=5 ms

--- 10.10.10.2 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 5/6/13 ms

----End

Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.10.10.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return

● Switch1 configuration file

#
sysname Switch1
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type hybrid

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 519

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

qinq vlan-translation enable

port hybrid untagged vlan 100
port vlan-stacking vlan 10 stack-vlan 100
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 100
#
return
● PE1 configuration file
#
sysname PE1
#
router id 1.1.1.1
#
vcmp role silent
#
vlan batch 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
#
interface GigabitEthernet0/0/1.1
qinq mapping pe-vid 100 ce-vid 10 map-vlan vid 200
mpls l2vc 3.3.3.3 101
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
● P configuration file
#
sysname P
#
router id 2.2.2.2
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 520

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

interface Vlanif20
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
#
return
● PE2 configuration file
#
sysname PE2
#
router id 3.3.3.3
#
vcmp role silent
#
vlan batch 30
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
#
interface Vlanif30
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
port link-type hybrid
#
interface GigabitEthernet0/0/2.1
qinq termination pe-vid 200 ce-vid 10
mpls l2vc 1.1.1.1 101
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 521

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.2.2.0 0.0.0.255
#
return

● Switch2 configuration file

#
sysname Switch2
#
vlan batch 200
#
interface GigabitEthernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid untagged vlan 200
port vlan-stacking vlan 10 stack-vlan 200
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 200
#
return

● CE2 configuration file

#
sysname CE2
#
vlan batch 10
#
interface Vlanif10
ip address 10.10.10.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return

10.13.7 Example for Connecting a VLAN Stacking Sub-

interface to a VLL Network
Networking Requirements
As shown in Figure 10-17, CE1 and CE2 are connected to PE1 and PE2 respectively
through VLANs.
A Martini VLL is set up between CE1 and CE2.
Switch1 is connected to CE1 and PE1.
Switch2 is connected to CE2 and PE2.
Switch1 forwards the packets sent from CE1 without changing VLAN tags.
Selective QinQ needs to be configured on the interface connected to CE2 so that
Switch2 adds the carrier-specified VLAN tag to the packets sent from CE2.
The packets sent from Switch1 to PE1 contain only one VLAN tag, and the packets
sent from Switch2 to PE2 contain two VLAN tags. To allow CE1 and CE2 to
communicate with each other, configure VLAN stacking on the sub-interface of
PE1 connected to Switch1, and connect the sub-interface to a VLL network.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 522

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

When a Switch is connected to multiple CEs, the Switch can add the same outer
VLAN tag to packets with different VLAN tags from different CEs, thereby saving
VLAN IDs on the public network.

NOTE

● Only the S5720EI, S5720HI, S6720EI, and S6720S-EI support this example.
● VLAN termination sub-interfaces cannot be created on a VCMP client.

Figure 10-17 Networking diagram for connecting a VLAN stacking sub-interface

to a VLL network
Loopback1 Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32 3.3.3.3/32

GE0/0/2 GE0/0/1
PE1 PE2
GE0/0/2 GE0/0/1
GE0/0/1 P GE0/0/2

GE0/0/2 GE0/0/2
Switch1 Switch2
GE0/0/1 GE0/0/1

GE0/0/1 GE0/0/1

CE1 CE2

Switch Interface VLANIF Interface IP address

PE1 GigabitEthernet0/0 GigabitEthernet0/0 -

/1 /1.1

- GigabitEthernet0/0 VLANIF 20 10.1.1.1/24

/2

- Loopback1 - 1.1.1.1/32

PE2 GigabitEthernet0/0 VLANIF 30 10.2.2.1/24

/1

- GigabitEthernet0/0 GigabitEthernet0/0 -
/2 /2.1

- Loopback1 - 3.3.3.3/32

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 523

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Switch Interface VLANIF Interface IP address

P GigabitEthernet0/0 VLANIF 30 10.2.2.2/24

/1

- GigabitEthernet0/0 VLANIF 20 10.1.1.2/24

/2

- Loopback1 - 2.2.2.2/32

CE1 GigabitEthernet0/0 VLANIF 10 10.10.10.1/24

/1

CE2 GigabitEthernet0/0 VLANIF 10 10.10.10.2/24

/1

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a routing protocol on PE and P devices of the backbone network to
implement interworking, and enable MPLS.
2. Use the default tunnel policy to create an LSP for data transmission.
3. Enable MPLS L2VPN and create VC connections on PEs.
4. On PE1, configure VLAN stacking on the sub-interface connected to Switch1,
and create a VC to connect the sub-interface to a VLL network.
5. On PE2, configure a QinQ sub-interface on the interface connected to
Switch2, and create a VC connect the QinQ sub-interface to a VLL network.
6. On Switch1, add the interface connected to CE1 to a specified VLAN.
7. On Switch2, configure selective QinQ on the interface connected to CE2.

Procedure
Step 1 Create VLANs on the CE, PE, and P devices, add interfaces to the VLANs, and
assign IP addresses to VLANIF interfaces according to Figure 10-17.
# Configure CE1 to ensure that each packet sent from CE1 to Switch1 carries one
VLAN tag.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 10
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.10.10.1 24
[CE1-Vlanif10] quit

# Configure CE2 to ensure that each packet sent from CE2 to Switch2 carries one
VLAN tag.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 524

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 10
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port link-type trunk
[CE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE2-GigabitEthernet0/0/1] quit
[CE2] interface vlanif 10
[CE2-Vlanif10] ip address 10.10.10.2 24
[CE2-Vlanif10] quit

# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan batch 20
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] port link-type hybrid
[PE1-GigabitEthernet0/0/2] port hybrid pvid vlan 20
[PE1-GigabitEthernet0/0/2] port hybrid tagged vlan 20
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip address 10.1.1.1 24
[PE1-Vlanif20] quit

# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] vlan batch 20 30
[P] interface gigabitethernet 0/0/1
[P-GigabitEthernet0/0/1] port link-type hybrid
[P-GigabitEthernet0/0/1] port hybrid pvid vlan 30
[P-GigabitEthernet0/0/1] port hybrid tagged vlan 30
[P-GigabitEthernet0/0/1] quit
[P] interface gigabitethernet 0/0/2
[P-GigabitEthernet0/0/2] port link-type hybrid
[P-GigabitEthernet0/0/2] port hybrid pvid vlan 20
[P-GigabitEthernet0/0/2] port hybrid tagged vlan 20
[P-GigabitEthernet0/0/2] quit
[P] interface vlanif 20
[P-Vlanif20] ip address 10.1.1.2 24
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] ip address 10.2.2.2 24
[P-Vlanif30] quit

# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] vlan batch 30
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] port link-type hybrid
[PE2-GigabitEthernet0/0/1] port hybrid pvid vlan 30
[PE2-GigabitEthernet0/0/1] port hybrid tagged vlan 30
[PE2-GigabitEthernet0/0/1] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] ip address 10.2.2.1 24
[PE2-Vlanif30] quit

Step 2 Configure selective QinQ on switch interfaces and specify the VLANs allowed by
the interfaces.
# Configure Switch1.
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan 10
[Switch1-vlan10] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 525

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

[Switch1] interface gigabitethernet0/0/2

[Switch1-GigabitEthernet0/0/2] port link-type hybrid
[Switch1-GigabitEthernet0/0/2] port hybrid tagged vlan 10
[Switch1-GigabitEthernet0/0/2] quit
[Switch1] interface gigabitethernet0/0/1
[Switch1-GigabitEthernet0/0/1] port link-type hybrid
[Switch1-GigabitEthernet0/0/1] port hybrid tagged vlan 10
[Switch1-GigabitEthernet0/0/1] quit

# Configure Switch2.
<HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2] vlan 100
[Switch2-vlan100] quit
[Switch2] interface gigabitethernet0/0/2
[Switch2-GigabitEthernet0/0/2] port link-type hybrid
[Switch2-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[Switch2-GigabitEthernet0/0/2] quit
[Switch2] interface gigabitethernet0/0/1
[Switch2-GigabitEthernet0/0/1] port link-type hybrid
[Switch2-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch2-GigabitEthernet0/0/1] qinq vlan-translation enable
[Switch2-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 100
[Switch2-GigabitEthernet0/0/1] quit

Step 3 Configure an IGP on the MPLS backbone network. OSPF is used in this example.
Configure PE1, P, and PE2 to advertise 32-bit loopback interface addresses as the
LSR IDs.
# Configure PE1.
[PE1] router id 1.1.1.1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit

# Configure P.
[P] router id 2.2.2.2
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.2 32
[P-LoopBack1] quit
[P] ospf 1
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit

# Configure PE2.
[PE2] router id 3.3.3.3
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.3 32
[PE2-LoopBack1] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 10.2.2.1 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 526

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

# After the configuration is complete, PE1, P, and PE2 can establish OSPF neighbor
relationships. Run the display ospf peer command to verify that the OSPF
neighbor relationship status is Full. Run the display ip routing-table command to
verify that the PEs learn the route to the Loopback1 interface of each other. The
following is the display on PE1:
[PE1] display ospf peer

OSPF Process 1 with Router ID 1.1.1.1

Neighbors

Area 0.0.0.0 interface 10.1.1.1(Vlanif20)'s neighbors

Router ID: 2.2.2.2 Address: 10.1.1.2
State: Full Mode:Nbr is Master Priority: 1
DR: 10.1.1.2 BDR: 10.1.1.1 MTU: 0
Dead timer due in 34 sec
Retrans timer interval: 5
Neighbor is up for 00:01:16
Authentication Sequence: [ 0 ]
[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8

Destination/Mask Proto Pre Cost Flags NextHop Interface

1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack1

2.2.2.2/32 OSPF 10 1 D 10.1.1.2 Vlanif20
3.3.3.3/32 OSPF 10 2 D 10.1.1.2 Vlanif20
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif20
10.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif20
10.2.2.0/24 OSPF 10 2 D 10.1.1.2 Vlanif20
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Step 4 Enable basic MPLS functions and MPLS LDP on the MPLS network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit

# Configure P.
[P] mpls lsr-id 2.2.2.2
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls ldp
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 527

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls
[PE2-Vlanif30] mpls ldp
[PE2-Vlanif30] quit

Step 5 Create remote LDP sessions between PEs.

# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] quit

# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] quit

After the configuration is complete, run the display mpls ldp session command
on PE1 to view the LDP session setup. You can see that an LDP session is set up
between PE1 and PE2.
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:15:29 3717/3717
3.3.3.3:0 Operational DU Passive 0000:00:00 2/2
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.

Step 6 Enable MPLS L2VPN on PEs and set up VC connections.

# On PE1, create a VC connection on GigabitEthernet0/0/1.1 that is connected to

Switch1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1] vcmp role silent
[PE1] interface gigabitethernet0/0/1
[PE1-GigabitEthernet0/0/1] port link-type hybrid
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface gigabitethernet0/0/1.1
[PE1-GigabitEthernet0/0/1.1] qinq stacking vid 10 pe-vid 100
[PE1-GigabitEthernet0/0/1.1] mpls l2vc 3.3.3.3 101
[PE1-GigabitEthernet0/0/1.1] quit

# On PE2, create a VC connection on GigabitEthernet0/0/2.1 that is connected to

Switch2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2] vcmp role silent
[PE2] interface gigabitethernet0/0/2
[PE2-GigabitEthernet0/0/2] port link-type hybrid
[PE2-GigabitEthernet0/0/2] quit
[PE2] interface gigabitethernet0/0/2.1
[PE2-GigabitEthernet0/0/2.1] qinq termination pe-vid 100 ce-vid 10
[PE2-GigabitEthernet0/0/2.1] mpls l2vc 1.1.1.1 101
[PE2-GigabitEthernet0/0/2.1] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 528

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Step 7 Verify the configuration.

Check the L2VPN connections on PEs. You can see that an L2VC connection has
been set up and is in Up state.

The display on PE1 is used as an example.

[PE1] display mpls l2vc interface gigabitethernet0/0/1.1
*client interface : GigabitEthernet0/0/1.1 is up
Administrator PW : no
session state : up
AC status : up
Ignore AC state : disable
VC state : up
Label state :0
Token state :0
VC ID : 101
VC type : VLAN
destination : 3.3.3.3
local group ID :0 remote group ID :0
local VC label : 23552 remote VC label : 23552
local AC OAM State : up
local PSN OAM State : up
local forwarding state : forwarding
local status code : 0x0
remote AC OAM state : up
remote PSN OAM state : up
remote forwarding state: forwarding
remote status code : 0x0
ignore standby state : no
BFD for PW : unavailable
VCCV State : up
manual fault : not set
active state : active
forwarding entry : exist
link state : up
local VC MTU : 1500 remote VC MTU : 1500
local VCCV : alert ttl lsp-ping bfd
remote VCCV : alert ttl lsp-ping bfd
local control word : disable remote control word : disable
tunnel policy name : --
PW template name : --
primary or secondary : primary
load balance type : flow
Access-port : false
Switchover Flag : false
VC tunnel/token info : 1 tunnels/tokens
NO.0 TNL type : lsp , TNL ID : 0x10031
Backup TNL type : lsp , TNL ID : 0x0
create time : 1 days, 22 hours, 15 minutes, 9 seconds
up time : 0 days, 22 hours, 54 minutes, 57 seconds
last change time : 0 days, 22 hours, 54 minutes, 57 seconds
VC last up time : 2010/10/09 19:26:37
VC total up time : 1 days, 20 hours, 42 minutes, 30 seconds
CKey :8
NKey :3
PW redundancy mode : --
AdminPw interface : --
AdminPw link state : --
Diffserv Mode : uniform
Service Class : --
Color : --
DomainId : --
Domain Name : --

CE1 and CE2 can ping each other.

The display on CE1 is used as an example.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 529

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

[CE1] ping 10.10.10.2

PING 10.10.10.2: 56 data bytes, press CTRL_C to break
Reply from 10.10.10.2: bytes=56 Sequence=1 ttl=255 time=31 ms
Reply from 10.10.10.2: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 10.10.10.2: bytes=56 Sequence=3 ttl=255 time=5 ms
Reply from 10.10.10.2: bytes=56 Sequence=4 ttl=255 time=2 ms
Reply from 10.10.10.2: bytes=56 Sequence=5 ttl=255 time=28 ms

--- 10.10.10.2 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/15/31 ms

----End

Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.10.10.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return

● Switch1 configuration file

#
sysname Switch1
#
vlan batch 10
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 10
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 10
#
return

● PE1 configuration file

#
sysname PE1
#
router id 1.1.1.1
#
vcmp role silent
#
vlan batch 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 530

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
#
interface GigabitEthernet0/0/1.1
qinq stacking vid 10 pe-vid 100
mpls l2vc 3.3.3.3 101
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return

● P configuration file
#
sysname P
#
router id 2.2.2.2
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 531

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

#
return
● PE2 configuration file
#
sysname PE2
#
router id 3.3.3.3
#
vcmp role silent
#
vlan batch 30
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
#
interface Vlanif30
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2.1
qinq termination pe-vid 100 ce-vid 10
mpls l2vc 1.1.1.1 101
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.2.2.0 0.0.0.255
#
return
● Switch2 configuration file
#
sysname Switch2
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid untagged vlan 100
port vlan-stacking vlan 10 stack-vlan 100
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 100
#
return
● CE2 configuration file
#
sysname CE2
#
vlan batch 10

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 532

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

#
interface Vlanif10
ip address 10.10.10.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return

10.13.8 Example for Connecting a Single-tag VLAN Mapping

Sub-interface to a VPLS Network
Networking Requirements
As shown in Figure 10-18, VPLS is enabled on PE1 and PE2. CE1 is connected to
PE1 and CE2 is connected to PE2. CE1 and CE2 are on the same VPLS network. To
implement communication between CE1 and CE2, use LDP as the VPLS signaling
protocol to establish PWs and configure VPLS.

NOTE

● Only the S5720EI, S5720HI, S6720EI, and S6720S-EI support this example.
● VLAN termination sub-interfaces cannot be created on a VCMP client.

Figure 10-18 Networking diagram for connecting a single-tag VLAN mapping

sub-interface to a VPLS network
Loopback1 Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32 3.3.3.3/32

GE0/0/1 GE0/0/2
PE1 PE2
GE0/0/2 GE0/0/1
GE0/0/1 P GE0/0/2

GE0/0/1 GE0/0/1

CE1 CE2

Switch Interface VLANIF Interface IP Address

PE1 GigabitEthernet0/0 GigabitEthernet0/0 -

/1 /1.1

- GigabitEthernet0/0 VLANIF 20 4.4.4.4/24

/2

- Loopback1 - 1.1.1.1/32

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 533

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Switch Interface VLANIF Interface IP Address

PE2 GigabitEthernet0/0 VLANIF 30 5.5.5.5/24

/1

- GigabitEthernet0/0 GigabitEthernet0/0 -
/2 /2.1

- Loopback1 - 3.3.3.3/32

P GigabitEthernet0/0 VLANIF 20 4.4.4.5/24

/1

- GigabitEthernet0/0 VLANIF 30 5.5.5.4/24

/2

- Loopback1 - 2.2.2.2/32

CE1 GigabitEthernet0/0 VLANIF 10 10.1.1.1/24

/1

CE2 GigabitEthernet0/0 VLANIF 20 10.1.1.2/24

/1

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a routing protocol on the backbone network to implement
interworking between devices.
2. Set up a remote LDP session between PEs.
3. Establish tunnels between PEs to transmit service data.
4. Enable MPLS L2VPN on the PEs.
5. Create a VSI on the PEs and specify LDP as the signaling protocol.
6. Configure single-tag VLAN mapping on the PE1 sub-interface connected to
CE1 and bind the sub-interface the VSI to connect it to the VPLS network.
7. Configure a Dot1q sub-interface on the interface of PE2 connected to CE2 and
bind the sub-interface to the VSI to connect it to the VPLS network.

Procedure
Step 1 Create VLANs on the CE, PE, and P devices, add interfaces to the VLANs, and
assign IP addresses to VLANIF interfaces according to Figure 10-18.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 534

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

NOTE

● The AC-side and PW-side physical interfaces of a PE cannot be added to the same
VLAN; otherwise, a loop may occur.
● After the configuration is complete, the packets sent from a CE to a PE must carry a
VLAN tag.

# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 10
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 24
[CE1-Vlanif10] quit

# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 20
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port link-type trunk
[CE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 20
[CE2-GigabitEthernet0/0/1] quit
[CE2] interface vlanif 20
[CE2-Vlanif20] ip address 10.1.1.2 24
[CE2-Vlanif20] quit

# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan batch 20
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] port link-type hybrid
[PE1-GigabitEthernet0/0/2] port hybrid pvid vlan 20
[PE1-GigabitEthernet0/0/2] port hybrid tagged vlan 20
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip address 4.4.4.4 24
[PE1-Vlanif20] quit

# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] vlan batch 20 30
[P] interface gigabitethernet 0/0/1
[P-GigabitEthernet0/0/1] port link-type hybrid
[P-GigabitEthernet0/0/1] port hybrid pvid vlan 20
[P-GigabitEthernet0/0/1] port hybrid tagged vlan 20
[P-GigabitEthernet0/0/1] quit
[P] interface gigabitethernet 0/0/2
[P-GigabitEthernet0/0/2] port link-type hybrid
[P-GigabitEthernet0/0/2] port hybrid pvid vlan 30
[P-GigabitEthernet0/0/2] port hybrid tagged vlan 30
[P-GigabitEthernet0/0/2] quit
[P] interface vlanif 20
[P-Vlanif20] ip address 4.4.4.5 24
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] ip address 5.5.5.4 24
[P-Vlanif30] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 535

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] vlan batch 30
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] port link-type hybrid
[PE2-GigabitEthernet0/0/1] port hybrid pvid vlan 30
[PE2-GigabitEthernet0/0/1] port hybrid tagged vlan 30
[PE2-GigabitEthernet0/0/1] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] ip address 5.5.5.5 24
[PE2-Vlanif30] quit

Step 2 Configure an IGP protocol. OSPF is used in this example.

Configure PE1, P, and PE2 to advertise 32-bit loopback interface addresses as the
LSR IDs.
# Configure PE1.
[PE1] router id 1.1.1.1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit

# Configure P.
[P] router id 2.2.2.2
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.2 32
[P-LoopBack1] quit
[P] ospf 1
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 4.4.4.5 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 5.5.5.4 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit

# Configure PE2.
[PE2] router id 3.3.3.3
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.3 32
[PE2-LoopBack1] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit

After the configuration is complete, run the display ip routing-table command

on PE1, P, and PE2. You can view the routes that PE1, P, and PE2 have learned
from each other. The following is the display on PE1:
[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 536

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Destination/Mask Proto Pre Cost Flags NextHop Interface

1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack1

2.2.2.2/32 OSPF 10 1 D 4.4.4.5 Vlanif20
3.3.3.3/32 OSPF 10 2 D 4.4.4.5 Vlanif20
4.4.4.0/24 Direct 0 0 D 4.4.4.4 Vlanif20
4.4.4.4/32 Direct 0 0 D 127.0.0.1 Vlanif20
5.5.5.0/24 OSPF 10 2 D 4.4.4.5 Vlanif20
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Step 3 Enable basic MPLS functions and MPLS LDP.

# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit

# Configure P.
[P] mpls lsr-id 2.2.2.2
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls ldp
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls
[PE2-Vlanif30] mpls ldp
[PE2-Vlanif30] quit

After the configuration is complete, run the display mpls ldp session command
on PE1, P, and PE2. You can see that the peer relationships are set up between PE1
and P, and between P and PE2. The status of the peer relationship is Operational.
Run the display mpls ldp command to view the MPLS LDP configuration. The
following is the display on PE1:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:15:29 3717/3717
------------------------------------------------------------------------------
TOTAL: 1 session(s) Found.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 537

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Step 4 Set up a remote LDP session between PEs.

# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] quit

# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] quit

After the configuration is complete, run the display mpls ldp session command
on PE1 or PE2. You can see that the peer status is Operational, indicating that a
peer relationship has been set up between PE1 and PE2. The display on PE1 is
used as an example.
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:15:29 3717/3717
3.3.3.3:0 Operational DU Passive 0000:00:00 2/2
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.

Step 5 Enable MPLS L2VPN on the PEs.

# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit

# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit

Step 6 Configure a VSI on the PEs.

# Configure PE1.
[PE1] vsi a2 static
[PE1-vsi-a2] pwsignal ldp
[PE1-vsi-a2-ldp] vsi-id 2
[PE1-vsi-a2-ldp] peer 3.3.3.3
[PE1-vsi-a2-ldp] quit
[PE1-vsi-a2] quit

# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2] pwsignal ldp
[PE2-vsi-a2-ldp] vsi-id 2
[PE2-vsi-a2-ldp] peer 1.1.1.1
[PE2-vsi-a2-ldp] quit
[PE2-vsi-a2] quit

Step 7 Bind sub-interfaces on the PEs to the VSI.

# Configure PE1.

[PE1] vcmp role silent

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 538

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

[PE1] interface gigabitethernet0/0/1

[PE1-GigabitEthernet0/0/1] port link-type hybrid
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface gigabitethernet0/0/1.1
[PE1-GigabitEthernet0/0/1.1] qinq mapping vid 10 map-vlan vid 20
[PE1-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE1-GigabitEthernet0/0/1.1] quit

# Configure PE2.
[PE2] vcmp role silent
[PE2] interface gigabitethernet0/0/2
[PE2-GigabitEthernet0/0/2] port link-type hybrid
[PE2-GigabitEthernet0/0/2] quit
[PE2] interface gigabitethernet0/0/2.1
[PE2-GigabitEthernet0/0/2.1] dot1q termination vid 20
[PE2-GigabitEthernet0/0/2.1] l2 binding vsi a2
[PE2-GigabitEthernet0/0/2.1] quit

Step 8 Verify the configuration.

After the configuration is complete, run the display vsi name a2 verbose
command on PE1. You can see that the VSI a2 sets up a PW to PE2 and the VSI
status is Up.
[PE1] display vsi name a2 verbose

***VSI Name : a2
Administrator VSI : no
Isolate Spoken : disable
VSI Index :0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
P2P VSI : disable
Create Time : 0 days, 0 hours, 5 minutes, 1 seconds
VSI State : up

VSI ID :2
*Peer Router ID : 3.3.3.3
Negotiation-vc-id :2
primary or secondary : primary
ignore-standby-state : no
VC Label : 23552
Peer Type : dynamic
Session : up
Tunnel ID : 0x22
Broadcast Tunnel ID : 0x22
Broad BackupTunnel ID : 0x0
CKey :2
NKey :1
Stp Enable :0
PwIndex :0
Control Word : disable

Interface Name : gigabitethernet0/0/1.1

State : up
Access Port : false
Last Up Time : 2010/12/30 11:31:18
Total Up Time : 0 days, 0 hours, 1 minutes, 35 seconds

**PW Information:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 539

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

*Peer Ip Address : 3.3.3.3

PW State : up
Local VC Label : 23552
Remote VC Label : 23552
Remote Control Word : disable
PW Type : label
Local VCCV : alert lsp-ping bfd
Remote VCCV : alert lsp-ping bfd
Tunnel ID : 0x22
Broadcast Tunnel ID : 0x22
Broad BackupTunnel ID : 0x0
Ckey : 0x2
Nkey : 0x1
Main PW Token : 0x22
Slave PW Token : 0x0
Tnl Type : LSP
OutInterface : Vlanif20
Backup OutInterface :
Stp Enable :0
PW Last Up Time : 2010/12/30 11:32:03
PW Total Up Time : 0 days, 0 hours, 0 minutes, 50 seconds

CE1 (10.1.1.1) can ping CE2 (10.1.1.2) successfully.

[CE1] ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 ms
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77 ms
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34 ms
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46 ms
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94 ms

--- 10.1.1.2 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 34/68/94 ms

----End

Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return

● CE2 configuration file

#
sysname CE2
#
vlan batch 20
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 540

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

port link-type trunk

port trunk allow-pass vlan 20
#
return
● PE1 configuration file
#
sysname PE1
#
router id 1.1.1.1
#
vcmp role silent
#
vlan batch 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.3
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
#
interface Vlanif20
ip address 4.4.4.4 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
#
interface GigabitEthernet0/0/1.1
qinq mapping vid 10 map-vlan vid 20
l2 binding vsi a2
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 4.4.4.0 0.0.0.255
#
return
● P configuration file
#
sysname P
#
router id 2.2.2.2
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 541

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

interface Vlanif20
ip address 4.4.4.5 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 5.5.5.4 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 4.4.4.0 0.0.0.255
network 5.5.5.0 0.0.0.255
#
return
● PE2 configuration file
#
sysname PE2
#
router id 3.3.3.3
#
vcmp role silent
#
vlan batch 30
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.1
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
#
interface Vlanif30
ip address 5.5.5.5 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
port link-type hybrid
#
interface GigabitEthernet0/0/2.1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 542

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

dot1q termination vid 20

l2 binding vsi a2
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 5.5.5.0 0.0.0.255
#
return

10.13.9 Example for Connecting a Double-tag VLAN Mapping

Sub-interface to a VPLS Network
Networking Requirements
As shown in Figure 10-19, VPLS is enabled on PE1 and PE2. CE1 connects to PE1
through Switch1 and CE2 connects to PE2 through Switch2. CE1 and CE2 are on
the same VPLS network. To implement communication between CE1 and CE2, use
LDP as the VPLS signaling protocol to establish PWs and configure VPLS.
You are required to configure selective QinQ on the switch interfaces connected to
CEs so that Switch1 and Switch2 add the VLAN tags specified by the carrier to the
packets sent from CEs.
When Switch1 and Switch2 allow different VLAN tags, configure a double-tag
VLAN mapping sub-interface on a PE and connect the sub-interface to the VPLS to
enable communication between CE1 and CE2.
When the Switch is connected to multiple CEs, the Switch can add the same outer
VLAN tag to packets with different VLAN tags from different CEs, thereby saving
VLAN IDs on the public network.

NOTE

● Only the S5720EI, S5720HI, S6720EI, and S6720S-EI support this example.
● VLAN termination sub-interfaces cannot be created on a VCMP client.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 543

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Figure 10-19 Networking diagram for connecting a double-tag VLAN mapping

sub-interface to a VPLS network
Loopback1 Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32 3.3.3.3/32

GE0/0/2 GE0/0/2
PE1 PE2
GE0/0/1 GE0/0/1
GE0/0/1 P GE0/0/2

GE0/0/2 GE0/0/2
Switch1 Switch2
GE0/0/1 GE0/0/1

GE0/0/1 GE0/0/1

CE1 CE2

Switch Interface VLANIF Interface IP Address

PE1 GigabitEthernet0/0 GigabitEthernet0/0 -

/1 /1.1

- GigabitEthernet0/0 VLANIF 20 4.4.4.4/24

/2

- Loopback1 - 1.1.1.1/32

PE2 GigabitEthernet0/0 VLANIF 30 5.5.5.5/24

/1

- GigabitEthernet0/0 GigabitEthernet0/0 -
/2 /2.1

- Loopback1 - 3.3.3.3/32

P GigabitEthernet0/0 VLANIF 20 4.4.4.5/24

/1

- GigabitEthernet0/0 VLANIF 30 5.5.5.4/24

/2

- Loopback1 - 2.2.2.2/32

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 544

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Switch Interface VLANIF Interface IP Address

CE1 GigabitEthernet0/0 VLANIF 10 10.1.1.1/24

/1

CE2 GigabitEthernet0/0 VLANIF 10 10.1.1.2/24

/1

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a routing protocol on the backbone network to implement
interworking.
2. Configure selective QinQ on the switch interfaces connected to CEs.
3. Set up a remote LDP session between PEs.
4. Establish tunnels between PEs to transmit service data.
5. Enable MPLS L2VPN on the PEs.
6. Create a VSI on the PEs and specify LDP as the signaling protocol.
7. Configure double-tag VLAN mapping on the sub-interface connected to
Switch1 on PE1 and bind the sub-interface to the VSI to connect it to the
VPLS network.
8. Configure a QinQ sub-interface on the interface connected to Switch2 on PE2
and bind the sub-interface to the VSI to connect it to the VPLS network.

Procedure
Step 1 Create VLANs on the devices, add interfaces to the VLANs, and assign IP addresses
to VLANIF interfaces according to Figure 10-19.
NOTE

● The AC-side and PW-side physical interfaces of a PE cannot be added to the same
VLAN; otherwise, a loop may occur.
● Ensure that each packet sent from a CE to the Switch carries one VLAN tag.

# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 10
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 24
[CE1-Vlanif10] quit

# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 10

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 545

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

[CE2] interface gigabitethernet 0/0/1

[CE2-GigabitEthernet0/0/1] port link-type trunk
[CE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE2-GigabitEthernet0/0/1] quit
[CE2] interface vlanif 10
[CE2-Vlanif10] ip address 10.1.1.2 24
[CE2-Vlanif10] quit

# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan batch 20
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] port link-type hybrid
[PE1-GigabitEthernet0/0/2] port hybrid pvid vlan 20
[PE1-GigabitEthernet0/0/2] port hybrid tagged vlan 20
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip address 4.4.4.4 24
[PE1-Vlanif20] quit

# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] vlan batch 20 30
[P] interface gigabitethernet 0/0/1
[P-GigabitEthernet0/0/1] port link-type hybrid
[P-GigabitEthernet0/0/1] port hybrid pvid vlan 20
[P-GigabitEthernet0/0/1] port hybrid tagged vlan 20
[P-GigabitEthernet0/0/1] quit
[P] interface gigabitethernet 0/0/2
[P-GigabitEthernet0/0/2] port link-type hybrid
[P-GigabitEthernet0/0/2] port hybrid pvid vlan 30
[P-GigabitEthernet0/0/2] port hybrid tagged vlan 30
[P-GigabitEthernet0/0/2] quit
[P] interface vlanif 20
[P-Vlanif20] ip address 4.4.4.5 24
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] ip address 5.5.5.4 24
[P-Vlanif30] quit

# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] vlan batch 30
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] port link-type hybrid
[PE2-GigabitEthernet0/0/1] port hybrid pvid vlan 30
[PE2-GigabitEthernet0/0/1] port hybrid tagged vlan 30
[PE2-GigabitEthernet0/0/1] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] ip address 5.5.5.5 24
[PE2-Vlanif30] quit

Step 2 Configure selective QinQ on switch interfaces and specify the VLANs allowed by
the interfaces.
# Configure Switch1.
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan 100
[Switch1-vlan100] quit
[Switch1] interface gigabitethernet0/0/2
[Switch1-GigabitEthernet0/0/2] port link-type hybrid
[Switch1-GigabitEthernet0/0/2] port hybrid tagged vlan 100

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 546

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

[Switch1-GigabitEthernet0/0/2] quit
[Switch1] interface gigabitethernet0/0/1
[Switch1-GigabitEthernet0/0/1] port link-type hybrid
[Switch1-GigabitEthernet0/0/1] qinq vlan-translation enable
[Switch1-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch1-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 100
[Switch1-GigabitEthernet0/0/1] quit

# Configure Switch2.
<HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2] vlan 200
[Switch2-vlan200] quit
[Switch2] interface gigabitethernet0/0/2
[Switch2-GigabitEthernet0/0/2] port link-type hybrid
[Switch2-GigabitEthernet0/0/2] port hybrid tagged vlan 200
[Switch2-GigabitEthernet0/0/2] quit
[Switch2] interface gigabitethernet0/0/1
[Switch2-GigabitEthernet0/0/1] port link-type hybrid
[Switch2-GigabitEthernet0/0/1] qinq vlan-translation enable
[Switch2-GigabitEthernet0/0/1] port hybrid untagged vlan 200
[Switch2-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 200
[Switch2-GigabitEthernet0/0/1] quit

Step 3 Configure an IGP protocol. OSPF is used in this example.

Configure PE1, P, and PE2 to advertise 32-bit loopback interface addresses as the
LSR IDs.

# Configure PE1.
[PE1] router id 1.1.1.1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit

# Configure P.
[P] router id 2.2.2.2
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.2 32
[P-LoopBack1] quit
[P] ospf 1
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 4.4.4.5 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 5.5.5.4 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit

# Configure PE2.
[PE2] router id 3.3.3.3
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.3 32
[PE2-LoopBack1] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 547

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

After the configuration is complete, run the display ip routing-table command

on PE1, P, and PE2. You can view the routes that PE1, P, and PE2 have learned
from each other. The following is the display on PE1:
[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8

Destination/Mask Proto Pre Cost Flags NextHop Interface

1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack1

2.2.2.2/32 OSPF 10 1 D 4.4.4.5 Vlanif20
3.3.3.3/32 OSPF 10 2 D 4.4.4.5 Vlanif20
4.4.4.0/24 Direct 0 0 D 4.4.4.4 Vlanif20
4.4.4.4/32 Direct 0 0 D 127.0.0.1 Vlanif20
5.5.5.0/24 OSPF 10 2 D 4.4.4.5 Vlanif20
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Step 4 Enable basic MPLS functions and MPLS LDP.

# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit

# Configure P.
[P] mpls lsr-id 2.2.2.2
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls ldp
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls
[PE2-Vlanif30] mpls ldp
[PE2-Vlanif30] quit

After the configuration is complete, run the display mpls ldp session command
on PE1, P, and PE2. You can see that the peer relationships are set up between PE1
and P, and between P and PE2. The status of the peer relationship is Operational.
Run the display mpls ldp command to view the MPLS LDP configuration. The
following is the display on PE1:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 548

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

[PE1] display mpls ldp session

LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:15:29 3717/3717
------------------------------------------------------------------------------
TOTAL: 1 session(s) Found.

Step 5 Set up a remote LDP session between PEs.

# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] quit

# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] quit

After the configuration is complete, run the display mpls ldp session command
on PE1 or PE2. You can see that the status of the peer relationship between PE1
and PE2 is Operational. That is, the peer relationship is set up. The display on PE1
is used as an example.
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:15:29 3717/3717
3.3.3.3:0 Operational DU Passive 0000:00:00 2/2
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.

Step 6 Enable MPLS L2VPN on the PEs.

# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit

# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit

Step 7 Configure a VSI on the PEs.

# Configure PE1.
[PE1] vsi a2 static
[PE1-vsi-a2] pwsignal ldp
[PE1-vsi-a2-ldp] vsi-id 2
[PE1-vsi-a2-ldp] peer 3.3.3.3
[PE1-vsi-a2-ldp] quit
[PE1-vsi-a2] quit

# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2] pwsignal ldp

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 549

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

[PE2-vsi-a2-ldp] vsi-id 2
[PE2-vsi-a2-ldp] peer 1.1.1.1
[PE2-vsi-a2-ldp] quit
[PE2-vsi-a2] quit

Step 8 Bind sub-interfaces interfaces to the VSI on PEs.

# Configure PE1.
[PE1] vcmp role silent
[PE1] interface gigabitethernet0/0/1
[PE1-GigabitEthernet0/0/1] port link-type hybrid
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface gigabitethernet0/0/1.1
[PE1-GigabitEthernet0/0/1.1] qinq mapping pe-vid 100 ce-vid 10 map-vlan vid 200
[PE1-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE1-GigabitEthernet0/0/1.1] quit

# Configure PE2.
[PE2] vcmp role silent
[PE2] interface gigabitethernet0/0/2
[PE2-GigabitEthernet0/0/2] port link-type hybrid
[PE2-GigabitEthernet0/0/2] quit
[PE2] interface gigabitethernet0/0/2.1
[PE2-GigabitEthernet0/0/2.1] qinq termination pe-vid 200 ce-vid 10
[PE2-GigabitEthernet0/0/2.1] l2 binding vsi a2
[PE2-GigabitEthernet0/0/2.1] quit

Step 9 Verify the configuration.

After the configuration is complete, run the display vsi name a2 verbose
command on PE1. You can see that the VSI a2 sets up a PW to PE2 and the VSI
status is Up.
[PE1] display vsi name a2 verbose

***VSI Name : a2
Administrator VSI : no
Isolate Spoken : disable
VSI Index :0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
P2P VSI : disable
Create Time : 0 days, 0 hours, 5 minutes, 1 seconds
VSI State : up

VSI ID :2
*Peer Router ID : 3.3.3.3
Negotiation-vc-id :2
primary or secondary : primary
ignore-standby-state : no
VC Label : 23552
Peer Type : dynamic
Session : up
Tunnel ID : 0x22
Broadcast Tunnel ID : 0x22
Broad BackupTunnel ID : 0x0
CKey :2
NKey :1
Stp Enable :0

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 550

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

PwIndex :0
Control Word : disable

Interface Name : gigabitethernet0/0/1.1

State : up
Access Port : false
Last Up Time : 2010/12/30 11:31:18
Total Up Time : 0 days, 0 hours, 1 minutes, 35 seconds

**PW Information:

*Peer Ip Address : 3.3.3.3

PW State : up
Local VC Label : 23552
Remote VC Label : 23552
Remote Control Word : disable
PW Type : label
Local VCCV : alert lsp-ping bfd
Remote VCCV : alert lsp-ping bfd
Tunnel ID : 0x22
Broadcast Tunnel ID : 0x22
Broad BackupTunnel ID : 0x0
Ckey : 0x2
Nkey : 0x1
Main PW Token : 0x22
Slave PW Token : 0x0
Tnl Type : LSP
OutInterface : Vlanif20
Backup OutInterface :
Stp Enable :0
PW Last Up Time : 2010/12/30 11:32:03
PW Total Up Time : 0 days, 0 hours, 0 minutes, 50 seconds

CE1 (10.1.1.1) can ping CE2 (10.1.1.2) successfully.

<CE1> ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 ms
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77 ms
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34 ms
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46 ms
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94 ms

--- 10.1.1.2 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 34/68/94 ms

----End

Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 551

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

● CE2 configuration file

#
sysname CE2
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
● Switch1 configuration file
#
sysname Switch1
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid untagged vlan 100
port vlan-stacking vlan 10 stack-vlan 100
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 100
#
return
● Switch2 configuration file
#
sysname Switch2
#
vlan batch 200
#
interface GigabitEthernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid untagged vlan 200
port vlan-stacking vlan 10 stack-vlan 200
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 200
#
return
● PE1 configuration file
#
sysname PE1
#
router id 1.1.1.1
#
vcmp role silent
#
vlan batch 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 552

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

peer 3.3.3.3
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
#
interface Vlanif20
ip address 4.4.4.4 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
#
interface GigabitEthernet0/0/1.1
qinq mapping pe-vid 100 ce-vid 10 map-vlan vid 200
l2 binding vsi a2
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 4.4.4.0 0.0.0.255
#
return
● P configuration file
#
sysname P
#
router id 2.2.2.2
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Vlanif20
ip address 4.4.4.5 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 5.5.5.4 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 553

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 4.4.4.0 0.0.0.255
network 5.5.5.0 0.0.0.255
#
return
● PE2 configuration file
#
sysname PE2
#
router id 3.3.3.3
#
vcmp role silent
#
vlan batch 30
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.1
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
#
interface Vlanif30
ip address 5.5.5.5 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
port link-type hybrid
#
interface GigabitEthernet0/0/2.1
qinq termination pe-vid 200 ce-vid 10
l2 binding vsi a2
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 5.5.5.0 0.0.0.255
#
return

10.13.10 Example for Connecting a VLAN Stacking Sub-

interface to a VPLS Network
Networking Requirements
As shown in Figure 10-20, VPLS is enabled on PE1 and PE2. CE1 connects to PE1
through Switch1 and CE2 connects to PE2 through Switch2. CE1 and CE2 are on

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 554

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

the same VPLS network. To implement communication between CE1 and CE2, use
LDP as the VPLS signaling protocol to establish PWs and configure VPLS.

Switch1 forwards the packets sent from CE1 without changing VLAN tags of the
packets.

You are required to configure selective QinQ on the interface connected to CE2 so
that Switch2 adds the carrier-specified VLAN tag to the packets sent from CE2.

The packets sent from Switch1 to PE1 contain only one VLAN tag, and the packets
sent from Switch2 to PE2 contain two VLAN tags. In this case, you need to
configure VLAN stacking on the sub-interface of PE1 connected to Switch1 and
connect the sub-interface to the VPLS network to enable communication between
CE1 and CE2.

When a Switch is connected to multiple CEs, the Switch can add the same outer
VLAN tag to packets with different VLAN tags from different CEs, thereby saving
VLAN IDs on the public network.

NOTE

● Only the S5720EI, S5720HI, S6720EI, and S6720S-EI support this example.
● VLAN termination sub-interfaces cannot be created on a VCMP client.

Figure 10-20 Networking diagram for connecting a VLAN stacking sub-interface

to a VPLS network
Loopback1 Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32 3.3.3.3/32

GE0/0/2 GE0/0/2
PE1 PE2
GE0/0/1 GE0/0/1
GE0/0/1 P GE0/0/2

GE0/0/2 GE0/0/2
Switch1 Switch2
GE0/0/1 GE0/0/1

GE0/0/1 GE0/0/1

CE1 CE2

Switch Interface VLANIF Interface IP Address

PE1 GigabitEthernet0/0 GigabitEthernet0/0 -

/1 /1.1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 555

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Switch Interface VLANIF Interface IP Address

- GigabitEthernet0/0 VLANIF 20 4.4.4.4/24

/2

- Loopback1 - 1.1.1.1/32

PE2 GigabitEthernet0/0 VLANIF 30 5.5.5.5/24

/1

- GigabitEthernet0/0 GigabitEthernet0/0 -
/2 /2.1

- Loopback1 - 3.3.3.3/32

P GigabitEthernet0/0 VLANIF 20 4.4.4.5/24

/1

- GigabitEthernet0/0 VLANIF 30 5.5.5.4/24

/2

- Loopback1 - 2.2.2.2/32

CE1 GigabitEthernet0/0 VLANIF 10 10.1.1.1/24

/1

CE2 GigabitEthernet0/0 VLANIF 10 10.1.1.2/24

/1

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a routing protocol on the backbone network to implement
interworking.
2. Add the interface of Switch1 connected to CE1 to a specified VLAN.
3. Configure selective QinQ on the interface of Switch2 connected to CE2.
4. Set up a remote LDP session between PEs.
5. Establish tunnels between PEs to transmit service data.
6. Enable MPLS L2VPN on the PEs.
7. Create a VSI on the PEs and specify LDP as the signaling protocol.
8. Configure a VLAN stacking sub-interface on the interface of PE1 connected to
Switch1 and bind the sub-interface to the VSI to connect it to the VPLS
network.
9. Configure a QinQ sub-interface on the interface of PE2 connected to Switch2
and bind the sub-interface to the VSI to connect the sub-interface to the VPLS
network.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 556

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Procedure
Step 1 Create VLANs on the devices, add interfaces to the VLANs, and assign IP addresses
to VLANIF interfaces according to Figure 10-20.
NOTE

● The AC-side and PW-side physical interfaces of a PE cannot be added to the same
VLAN; otherwise, a loop may occur.
● Ensure that each packet sent from a CE to the Switch carries one VLAN tag.

# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 10
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 24
[CE1-Vlanif10] quit

# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 10
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port link-type trunk
[CE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE2-GigabitEthernet0/0/1] quit
[CE2] interface vlanif 10
[CE2-Vlanif10] ip address 10.1.1.2 24
[CE2-Vlanif10] quit

# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan batch 20
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] port link-type hybrid
[PE1-GigabitEthernet0/0/2] port hybrid pvid vlan 20
[PE1-GigabitEthernet0/0/2] port hybrid tagged vlan 20
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip address 4.4.4.4 24
[PE1-Vlanif20] quit

# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] vlan batch 20 30
[P] interface gigabitethernet 0/0/1
[P-GigabitEthernet0/0/1] port link-type hybrid
[P-GigabitEthernet0/0/1] port hybrid pvid vlan 20
[P-GigabitEthernet0/0/1] port hybrid tagged vlan 20
[P-GigabitEthernet0/0/1] quit
[P] interface gigabitethernet 0/0/2
[P-GigabitEthernet0/0/2] port link-type hybrid
[P-GigabitEthernet0/0/2] port hybrid pvid vlan 30
[P-GigabitEthernet0/0/2] port hybrid tagged vlan 30
[P-GigabitEthernet0/0/2] quit
[P] interface vlanif 20
[P-Vlanif20] ip address 4.4.4.5 24

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 557

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] ip address 5.5.5.4 24
[P-Vlanif30] quit

# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] vlan batch 30
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] port link-type hybrid
[PE2-GigabitEthernet0/0/1] port hybrid pvid vlan 30
[PE2-GigabitEthernet0/0/1] port hybrid tagged vlan 30
[PE2-GigabitEthernet0/0/1] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] ip address 5.5.5.5 24
[PE2-Vlanif30] quit

Step 2 Configure selective QinQ on switch interfaces and specify the VLANs allowed by
the interfaces.
# Configure Switch1.
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan 10
[Switch1-vlan10] quit
[Switch1] interface gigabitethernet0/0/2
[Switch1-GigabitEthernet0/0/2] port link-type hybrid
[Switch1-GigabitEthernet0/0/2] port hybrid tagged vlan 10
[Switch1-GigabitEthernet0/0/2] quit
[Switch1] interface gigabitethernet0/0/1
[Switch1-GigabitEthernet0/0/1] port link-type hybrid
[Switch1-GigabitEthernet0/0/1] port hybrid tagged vlan 10
[Switch1-GigabitEthernet0/0/1] quit

# Configure Switch2.
<HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2] vlan 100
[Switch2-vlan100] quit
[Switch2] interface gigabitethernet0/0/2
[Switch2-GigabitEthernet0/0/2] port link-type hybrid
[Switch2-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[Switch2-GigabitEthernet0/0/2] quit
[Switch2] interface gigabitethernet0/0/1
[Switch2-GigabitEthernet0/0/1] port link-type hybrid
[Switch2-GigabitEthernet0/0/1] qinq vlan-translation enable
[Switch2-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch2-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 100
[Switch2-GigabitEthernet0/0/1] quit

Step 3 Configure an IGP protocol. OSPF is used in this example.

Configure PE1, P, and PE2 to advertise 32-bit loopback interface addresses as the
LSR IDs.
# Configure PE1.
[PE1] router id 1.1.1.1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.255

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 558

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit

# Configure P.
[P] router id 2.2.2.2
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.2 32
[P-LoopBack1] quit
[P] ospf 1
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 4.4.4.5 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 5.5.5.4 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit

# Configure PE2.
[PE2] router id 3.3.3.3
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.3 32
[PE2-LoopBack1] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit

After the configuration is complete, run the display ip routing-table command

on PE1, P, and PE2. You can view the routes that PE1, P, and PE2 have learned
from each other. The following is the display on PE1:
[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8

Destination/Mask Proto Pre Cost Flags NextHop Interface

1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack1

2.2.2.2/32 OSPF 10 1 D 4.4.4.5 Vlanif20
3.3.3.3/32 OSPF 10 2 D 4.4.4.5 Vlanif20
4.4.4.0/24 Direct 0 0 D 4.4.4.4 Vlanif20
4.4.4.4/32 Direct 0 0 D 127.0.0.1 Vlanif20
5.5.5.0/24 OSPF 10 2 D 4.4.4.5 Vlanif20
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Step 4 Enable basic MPLS functions and MPLS LDP.

# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit

# Configure P.
[P] mpls lsr-id 2.2.2.2
[P] mpls

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 559

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls ldp
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls
[PE2-Vlanif30] mpls ldp
[PE2-Vlanif30] quit

After the configuration is complete, run the display mpls ldp session command
on PE1, P, and PE2. You can see that the peer relationships are set up between PE1
and P, and between P and PE2. The status of the peer relationship is Operational.
Run the display mpls ldp command to view the MPLS LDP configuration. The
following is the display on PE1:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:15:29 3717/3717
------------------------------------------------------------------------------
TOTAL: 1 session(s) Found.

Step 5 Set up a remote LDP session between PEs.

# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] quit

# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] quit

After the configuration is complete, run the display mpls ldp session command
on PE1 or PE2. You can see that the peer status is Operational, indicating that a
peer relationship has been set up between PE1 and PE2. The display on PE1 is
used as an example.
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:15:29 3717/3717

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 560

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

3.3.3.3:0 Operational DU Passive 0000:00:00 2/2

------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.

Step 6 Enable MPLS L2VPN on the PEs.

# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit

# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit

Step 7 Configure a VSI on the PEs.

# Configure PE1.
[PE1] vsi a2 static
[PE1-vsi-a2] pwsignal ldp
[PE1-vsi-a2-ldp] vsi-id 2
[PE1-vsi-a2-ldp] peer 3.3.3.3
[PE1-vsi-a2-ldp] quit
[PE1-vsi-a2] quit

# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2] pwsignal ldp
[PE2-vsi-a2-ldp] vsi-id 2
[PE2-vsi-a2-ldp] peer 1.1.1.1
[PE2-vsi-a2-ldp] quit
[PE2-vsi-a2] quit

Step 8 Bind sub-interfaces to the VSI on the PEs.

# Configure PE1.
[PE1] vcmp role silent
[PE1] interface gigabitethernet0/0/1
[PE1-GigabitEthernet0/0/1] port link-type hybrid
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface gigabitethernet0/0/1.1
[PE1-GigabitEthernet0/0/1.1] qinq stacking vid 10 pe-vid 100
[PE1-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE1-GigabitEthernet0/0/1.1] quit

# Configure PE2.
[PE2] vcmp role silent
[PE2] interface gigabitethernet0/0/2
[PE2-GigabitEthernet0/0/2] port link-type hybrid
[PE2-GigabitEthernet0/0/2] quit
[PE2] interface gigabitethernet0/0/2.1
[PE2-GigabitEthernet0/0/2.1] qinq termination pe-vid 100 ce-vid 10
[PE2-GigabitEthernet0/0/2.1] l2 binding vsi a2
[PE2-GigabitEthernet0/0/2.1] quit

Step 9 Verify the configuration.

After the configuration is complete, run the display vsi name a2 verbose
command on PE1. You can see that the VSI a2 sets up a PW to PE2 and the VSI
status is Up.
[PE1] display vsi name a2 verbose

***VSI Name : a2

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 561

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Administrator VSI : no
Isolate Spoken : disable
VSI Index :0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
P2P VSI : disable
Create Time : 0 days, 0 hours, 5 minutes, 1 seconds
VSI State : up

VSI ID :2
*Peer Router ID : 3.3.3.3
Negotiation-vc-id :2
primary or secondary : primary
ignore-standby-state : no
VC Label : 23552
Peer Type : dynamic
Session : up
Tunnel ID : 0x22
Broadcast Tunnel ID : 0x22
Broad BackupTunnel ID : 0x0
CKey :2
NKey :1
Stp Enable :0
PwIndex :0
Control Word : disable

Interface Name : gigabitethernet0/0/1.1

State : up
Access Port : false
Last Up Time : 2010/12/30 11:31:18
Total Up Time : 0 days, 0 hours, 1 minutes, 35 seconds

**PW Information:

*Peer Ip Address : 3.3.3.3

PW State : up
Local VC Label : 23552
Remote VC Label : 23552
Remote Control Word : disable
PW Type : label
Local VCCV : alert lsp-ping bfd
Remote VCCV : alert lsp-ping bfd
Tunnel ID : 0x22
Broadcast Tunnel ID : 0x22
Broad BackupTunnel ID : 0x0
Ckey : 0x2
Nkey : 0x1
Main PW Token : 0x22
Slave PW Token : 0x0
Tnl Type : LSP
OutInterface : Vlanif20
Backup OutInterface :
Stp Enable :0
PW Last Up Time : 2010/12/30 11:32:03
PW Total Up Time : 0 days, 0 hours, 0 minutes, 50 seconds

CE1 (10.1.1.1) can ping CE2 (10.1.1.2) successfully.

<CE1> ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 ms
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77 ms

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 562

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34 ms

Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46 ms
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94 ms

--- 10.1.1.2 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 34/68/94 ms

----End

Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return

● CE2 configuration file

#
sysname CE2
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return

● Switch1 configuration file

#
sysname Switch1
#
vlan batch 10
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 10
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 10
#
return

● Switch2 configuration file

#
sysname Switch2
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type hybrid

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 563

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

qinq vlan-translation enable

port hybrid untagged vlan 100
port vlan-stacking vlan 10 stack-vlan 100
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 100
#
return
● PE1 configuration file
#
sysname PE1
#
router id 1.1.1.1
#
vcmp role silent
#
vlan batch 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.3
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
#
interface Vlanif20
ip address 4.4.4.4 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
#
interface GigabitEthernet0/0/1.1
qinq stacking vid 10 pe-vid 100
l2 binding vsi a2
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 4.4.4.0 0.0.0.255
#
return
● P configuration file
#
sysname P
#
router id 2.2.2.2
#
vlan batch 20 30
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 564

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

mpls lsr-id 2.2.2.2

mpls
#
mpls ldp
#
interface Vlanif20
ip address 4.4.4.5 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 5.5.5.4 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 4.4.4.0 0.0.0.255
network 5.5.5.0 0.0.0.255
#
return
● PE2 configuration file
#
sysname PE2
#
router id 3.3.3.3
#
vcmp role silent
#
vlan batch 30
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.1
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
#
interface Vlanif30
ip address 5.5.5.5 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 30
port hybrid tagged vlan 30

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 565

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

#
interface GigabitEthernet0/0/2
port link-type hybrid
#
interface GigabitEthernet0/0/2.1
qinq termination pe-vid 100 ce-vid 10
l2 binding vsi a2
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 5.5.5.0 0.0.0.255
#
return

10.13.11 Example for Configuring QinQ Stacking on a VLANIF

Interface
Networking Requirements
As shown in Figure 10-21, SwitchA is connected to SwitchB through a third-party
network. The management VLAN is deployed on SwitchB. The management VLAN
ID is the same as the VLAN ID of SwitchA, and is different from the VLAN ID
provided by the carrier. To remotely log in to SwitchB from SwitchA, you can
configure VLAN stacking.

Figure 10-21 Networking diagram for configuring QinQ stacking on a VLANIF

interface
20 10 IP
SwitchB
GE0/0/2 GE0/0/2
Internet
SwitchA GE0/0/1

10 IP GE0/0/2

GE0/0/1 SwitchC

user1
VLAN 10

To remotely log in to SwitchB from SwitchA to manage VLAN services, configure

QinQ stacking on the VLANIF interface corresponding to the management VLAN
on SwitchB.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 566

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

NOTE

When configuring QinQ stacking on a VLANIF interface, ensure that the VLANIF interface
corresponds to the management VLAN. VLANIF interfaces corresponding to other VLANs do
not support QinQ stacking.

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure QinQ on SwitchA.
2. Perform the following configurations on SwitchB:
a. Create VLAN 10 and configure VLAN 10 as the management VLAN.
b. Create VLANIF 10.
c. Configure QinQ stacking on a VLANIF interface.

Procedure
Step 1 Configure SwitchC.
# Configure SwitchC to allow packets from VLAN 10 to pass through GE0/0/1 and
GE0/0/2.
<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] vlan batch 10
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] port link-type hybrid
[SwitchC-GigabitEthernet0/0/1] port hybrid tagged vlan 10
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] port link-type hybrid
[SwitchC-GigabitEthernet0/0/2] port hybrid tagged vlan 10
[SwitchC-GigabitEthernet0/0/2] quit

Step 2 Configure SwitchA.

# Configure QinQ so that the packets sent from SwitchA to SwitchB carry double
tags.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 20
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type hybrid
[SwitchA-GigabitEthernet0/0/1] qinq vlan-translation enable
[SwitchA-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 20
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 20
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type hybrid
[SwitchA-GigabitEthernet0/0/2] port hybrid tagged vlan 20
[SwitchA-GigabitEthernet0/0/2] quit

Step 3 Configure SwitchB.

# Configure SwitchB to allow packets from VLAN 20 to pass through GE0/0/2.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 10 20
[SwitchB] interface gigabitethernet 0/0/2

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 567

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

[SwitchB-GigabitEthernet0/0/2] port link-type hybrid

[SwitchB-GigabitEthernet0/0/2] port hybrid tagged vlan 10 20
[SwitchB-GigabitEthernet0/0/2] quit

# Configure QinQ stacking.

[SwitchB] vlan 10
[SwitchB-vlan10] management-vlan
[SwitchB-vlan10] quit
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] undo icmp host-unreachable send
[SwitchB-Vlanif10] qinq stacking vlan 20
[SwitchB-Vlanif10] ip address 10.10.10.1 24
[SwitchB-Vlanif10] quit

Step 4 Verify the configuration.

You can log in to SwitchB from SwitchA to manage VLAN services.

----End

Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 20
#
interface GigabitEthernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid untagged vlan 20
port vlan-stacking vlan 10 stack-vlan 20
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 20
#
return
● SwitchC configuration file
#
sysname SwitchC
#
vlan batch 10
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 10
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 10
#
return
● SwitchB configuration file
#
sysname SwitchB
#
vlan batch 10 20
#
vlan 10
management-vlan
#
interface Vlanif10
ip address 10.10.10.1 255.255.255.0

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 568

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

undo icmp host-unreachable send

qinq stacking vlan 20
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 10 20
#
return

10.14 Troubleshooting QinQ

10.14.1 QinQ Traffic Forwarding Fails Because the Outer

VLAN Is Not Created
Fault Symptom
After selective QinQ is configured on an interface, traffic forwarding fails.

Procedure
1. Run the display this command in the view of the interface configured with
selective QinQ to check the outer VLAN tag.
2. Run the display vlan summary command in any view to check whether the
outer VLAN has been created.
<HUAWEI> display vlan summary
Static vlan:
Total 3 static vlan.
1 9 to 10

Dynamic vlan:
Total 0 dynamic vlan.

Reserved vlan:
Total 0 reserved vlan.

– If the command output contains the outer VLAN ID, the outer VLAN has
been created. Continue to check for other common misconfigurations.
– If the command output does not contain the outer VLAN ID, the outer
VLAN is not created. Run the vlan batch command to create a VLAN and
check whether QinQ traffic can be correctly transmitted. If traffic
forwarding still fails, continue to check for other common
misconfigurations.

10.14.2 QinQ Traffic Forwarding Fails Because the Interface

Does Not Transparently Transmit the Outer VLAN ID
Fault Symptom
After selective QinQ is configured on an interface, traffic forwarding fails.

Procedure
1. Run the display this command in the view of the interface configured with
selective QinQ to check the outer VLAN tag.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 569

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

2. Run the display vlan vlan-id command in any view to check whether the
interface configured with selective QinQ belongs to the outer VLAN. vlan-id
specifies the outer VLAN ID.
<HUAWEI> display vlan 3
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------

VID Type Ports

--------------------------------------------------------------------------------
3 common UT:GE0/0/2(U)

VID Status Property MAC-LRN Statistics Description

--------------------------------------------------------------------------------
3 enable default enable disable VLAN 0003

– If the system displays the message "Error:The VLAN does not exist.", the
outer VLAN is not created. Run the vlan batch command to create the
outer VLAN and run the display vlan vlan-id command to check whether
the interface belongs to the VLAN.
– If there is no interface configured with selective QinQ, run the port
hybrid untagged vlan vlan-id command to add the interface to the
VLAN in untagged mode.
– If the command output does not display the interface configured with
selective QinQ but the flag before the interface is not UT, run the port
hybrid untagged vlan vlan-id command to add the interface to the
VLAN in untagged mode.
– If the command output displays the interface configured with selective
QinQ and the interface has joined the VLAN in untagged mode, continue
to check for other common misconfigurations.

10.15 FAQ About QinQ

10.15.1 Does the Switch Support QinQ?

● The S2700EI supports only basic QinQ configured using the port link-type
dot1q-tunnel command, and does not support selective QinQ configured
using the port vlan-stacking vlan command.
● The S2700SI does not support basic QinQ or selective QinQ.
● Other models support both basic QinQ and selective QinQ.

10.15.2 What Are Causes for QinQ Traffic Forwarding

Failures?
Traffic forwarding on an interface configured with selective QinQ fails in the
following situations:

● The outer VLAN specified for selective QinQ is not created.

● The interface is not added to the outer VLAN specified for selective QinQ in
untagged mode.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 570

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration

10.15.3 Can I Rapidly Delete All QinQ Configurations of an

Interface?
On a switch running V100R006 or a later version, the undo port vlan-stacking all
command can be used to quickly delete all selective QinQ configurations from an
interface.

10.15.4 Can I Directly Delete Inner VLAN IDs from QinQ

Configuration?
● If the switch is running V100R005 or an earlier version, one or more inner
VLAN IDs in QinQ cannot be directly deleted. You must delete the current
selective QinQ configuration, and then reconfigure the inner VLAN IDs that
do not need to be deleted. For example, the port vlan-stacking vlan 10 to 20
stack-vlan 100 command is configured on the switch. To delete inner VLAN
15, perform the following operations:
a. Run the undo port vlan-stacking vlan 10 to 20 stack-vlan 100
command to delete the current selective QinQ configuration.
b. Run the port vlan-stacking vlan 10 to 14 stack-vlan 100 and port vlan-
stacking vlan 16 to 20 stack-vlan 100 commands to reconfigure the
inner VLAN IDs that do not need to be deleted.
● If the switch is running a version later than V100R005, one or more inner
VLAN IDs in QinQ can be directly deleted.

10.15.5 Can the Switch Add Double VLAN Tags to Untagged

Packets?
The switch running V200R003 and a later version can add double VLAN tags to
untagged packets, but the S5700EI and S5700SI do not support this function.

10.15.6 Which Tag Does the TPID Configured by the qinq

protocol Command Match?
The TPID configured by the qinq protocol command matches only the outer tag.

10.15.7 Which VLAN Does the Interface Enabled with VLAN

Mapping or QinQ Obtain Through MAC Address Learning?
The VLAN mapping or QinQ implementation is prior to the MAC address learning.
Thus, after the VLAN mapping or QinQ implementation, the interface obtains the
outer VLAN ID through MAC address learning.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 571

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

11 VLAN Mapping Configuration

About This Chapter

This chapter describes how to configure VLAN mapping. VLAN mapping is

configured on the edge device of the public network so that the VLANs of private
networks are isolated from S-VLANs. This saves S-VLAN resources.

11.1 Overview of VLAN Mapping

11.2 Understanding VLAN Mapping
11.3 Application Scenarios for VLAN Mapping
11.4 Licensing Requirements and Limitations for VLAN Mapping
11.5 Configuring VLAN ID-based VLAN Mapping
11.6 Configuring MQC-based VLAN Mapping
11.7 Displaying VLAN Translation Resource Usage
11.8 Configuration Examples for VLAN Mapping
11.9 Troubleshooting VLAN Mapping

11.1 Overview of VLAN Mapping

Definition
VLAN mapping technology changes VLAN tags in packets to map different VLANs.

Purpose
Two Layer 2 user networks in the same VLAN can be connected through a
backbone network. To ensure Layer 2 connectivity between users, and to
uniformly deploy Layer 2 protocols, the two user networks need to interwork
seamlessly. However, the backbone network cannot directly transmit VLAN packets

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 572

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

from the user networks, because the VLAN plans on the backbone and user
networks are different.

To solve this problem, configure VLAN mapping. When VLAN packets from a user
network enter the backbone network, an edge device on the backbone network
changes the customer VLAN (C-VLAN) ID to the service VLAN (S-VLAN ID). After
the packets are transmitted, the edge device reverts the VLAN ID change. This
ensures seamless interworking between the two user networks. The other method
is to configure a Layer 2 tunneling technology such as QinQ or VPLS to
encapsulate VLAN packets into packets on the backbone network so that VLAN
packets are transparently transmitted. However, this method increases extra cost
because packets are encapsulated. In addition, Layer 2 tunneling technology may
not support transparent transmission of packets of some protocol packets. The
other method is to configure VLAN mapping. When VLAN packets from a user
network enter the backbone network, an edge device on the backbone network
changes the C-VLAN ID to the S-VLAN ID. After the packets are transmitted to the
other side, the edge device changes the S-VLAN ID to the C-VLAN ID. This method
implements seamless interworking between two user networks.

Configuring VLAN mapping on the switch connecting the two user networks
allows a user to manage the two networks as a single Layer 2 network, despite
the differing VLAN plans of the user networks.

11.2 Understanding VLAN Mapping

Working Mechanism
Depending on whether a packet is tagged or untagged, the switch processes a
received packet as follows:
● Tagged packed: Based on the VLAN mapping mode, the switch determines
whether a single tag, double tags, or the outer tag is to be replaced. The
switch then learns the MAC addresses in the packet. The switch updates the
MAC address entries in the VLAN mapping table based on the source MAC
address and mapped VLAN ID. It then searches for the MAC address entries
based on the destination MAC address and the mapped VLAN ID. If the
destination MAC address matches an entry, the switch forwards the packet
through the corresponding outbound interface. If not, the switch broadcasts
the packet in the specified VLAN.
● Untagged packet: Based on the VLAN creation mode, the switch determines
whether to add a VLAN tag. If the packet can be added to a VLAN, the switch
adds a VLAN tag to it and learns the MAC addresses. The switch then
performs Layer 2 forwarding based on the destination MAC address. If the
packet cannot be added to a VLAN, the switch either delivers the packet to
the CPU or discards it.

Figure 11-1 shows VLAN mapping between VLAN 2 and VLAN 3 configured on
PORT 1. Before sending packets from VLAN 2 to VLAN 3, PORT 1 replaces the
VLAN tags with VLAN 3 tags. When receiving packets from VLAN 3 to VLAN 2,
PORT 1 replaces the VLAN tags with VLAN 2 tags. This implements
communication between devices in VLAN 2 and VLAN 3.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 573

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Figure 11-1 VLAN mapping

VLAN 2 VLAN 3
2 3

PORT1
3
Switch Switch
A B

3
2

3
172.16.0.1/16 172.16.0.7/16

If devices in two VLANs need to communicate based on VLAN mapping, the IP

addresses of these devices must be on the same network segment. If their IP
addresses are on different network segments, communication between these
devices must be implemented using Layer 3 routes, which makes VLAN mapping
invalid.

VLAN Mapping Mode

The switch supports VLAN-based and MQC-based VLAN mapping:
● VLAN mapping
When the interface on a device configured with VLAN mapping receives a
single-tagged packet, the interface maps the VLAN tag in the packet to an S-
VLAN tag. 1:1 VLAN mapping maps a C-VLAN tag to an S-VLAN tag, whereas
N:1 VLAN mapping maps multiple C-VLAN tags to an S-VLAN tag.
● 2:1 VLAN mapping
When the interface on a device configured with VLAN mapping receives a
double-tagged packet, the interface maps the outer VLAN tag to an S-VLAN
tag and transparently transmits the inner VLAN tag. The interface configured
with 1:1 VLAN mapping maps an outer VLAN tag to an S-VLAN tag and
transparently transmits the inner VLAN tag. The interface configured with N:1
VLAN mapping maps different outer VLAN tags of packets to the same S-
VLAN tag and transparently transmits the inner VLAN tag. Only one outer
VLAN tag can be mapped to an S-VLAN tag at a time; therefore, to achieve N:
1 VLAN mapping, perform this configuration for multiple times.
● 2:2 VLAN mapping
When the interface on a device configured with VLAN mapping receives a
double-tagged packet, the interface maps the double VLAN tags to the
double S-VLAN tags.
MQC-based VLAN mapping uses a traffic classifier to classify packets based on
VLAN IDs. It associates the traffic classifier with a traffic behavior defining VLAN
mapping so that the switch can re-mark the VLAN ID in packets matching the
traffic classifier. MQC-based VLAN mapping implements differentiated services.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 574

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

11.3 Application Scenarios for VLAN Mapping

● 1:1 VLAN mapping
When receiving a single-tagged packet, the interface maps the VLAN tag to a
specified single VLAN tag.
1:1 VLAN mapping applies to the network shown in Figure 11-2.

Figure 11-2 1:1 VLAN mapping

VLAN 2
HSI
Residential
VLAN 3 Gateway

IPTV

VLAN 2->VLAN 201

VLAN 3->VLAN 301
VoIP VLAN 4 VLAN 4->VLAN 401

VLAN 2 Corridor
Switch
HSI
VLAN 2->VLAN 202
Residential VLAN 3->VLAN 302
Gateway VLAN 4->VLAN 402
VLAN 3
IPTV

VLAN 201~VLAN 300->VLAN 501

VLAN 301~VLAN 400->VLAN 502
VoIP VLAN 401~VLAN 500->VLAN 503
VLAN 4 Aggregation
Switch
VLAN 2
VLAN 211~VLAN 310->VLAN 501 Communtity
HSI VLAN 311~VLAN 410->VLAN 502 Switch
VLAN 411~VLAN 510->VLAN 503
Residential
VLAN 3 Gateway
IPTV

VLAN 2->VLAN 211

VLAN 3->VLAN 311 Internet
VoIP Corridor
VLAN 4->VLAN 411
Switch
VLAN 4
VLAN 2
HSI
VLAN 2->VLAN 212
VLAN 3->VLAN 312
VLAN 3 VLAN 4->VLAN 412
IPTV

Residential
Gateway
VoIP
VLAN 4

In the networking diagram shown in Figure 11-2, services (HSI, IPTV, and
VoIP) of each user are transmitted on different VLANs. Same services are
transmitted on the same C-VLAN. To differentiate users, deploy Corridor
Switch to allow the same services used by different users to be transmitted on

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 575

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

different VLANs, which implements 1:1 VLAN mapping. 1:1 VLAN mapping
requires a large number of VLANs to isolate services of different users;
however, the VLAN quantity provided by the network access device at the
aggregation layer is limited. To resolve this problem, configure the VLAN
aggregation function to allow the same services to be transmitted on the
same VLAN (N:1 VLAN mapping).
● 2:1 VLAN mapping
When the interface receives a double-tagged packet, the interface maps the
outer VLAN tag in the packet to an S-VLAN tag and transparently transmits
the inner VLAN tag.
2:1 VLAN mapping applies to the network shown in Figure 11-3.

Figure 11-3 2:1 VLAN mapping

Internet
Aggregation Switch

Community
Switch IP 501 2~3
S5
IP 501 4

IP 201 2 ~3
S3 Corridor S4
Switch
IP 401 4

Residential
S1 Gateway S2

HSI VoIP IPTV HSI VoIP IPTV

VLAN 2 VLAN 3 VLAN 4 VLAN 2 VLAN 3 VLAN 4

In the networking diagram shown in Figure 11-3, Residential Gateway,

Corridor Switch, and Community Switch are connected to the aggregation
layer on the network. To differentiate users and services to facilitate network
management and charging, configure the QinQ function for Corridor Switch.
To save VLAN resources, configure VLAN mapping on Community Switch to
transmit the same services on the same VLAN.
● 2:2 VLAN mapping
2:2 VLAN mapping applies to the network shown in Figure 11-4.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 576

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Figure 11-4 2:2 VLAN mapping

Switch2 Switch3
Internet
outside tag:50
inner tag:60

Switch1 Switch4

outside tag:100 outside tag:200

inner tag:10 VLAN Mapping inner tag:20

In the networking diagram shown in Figure 11-4, QinQ is used to send

double-tagged packets, which prevents the conflict between C-VLAN IDs and
S-VLAN IDs and differentiates services and users. However, the interface will
discard the packets because C-VLAN IDs are different from S-VLAN IDs. To
ensure communication continuity, configure 2:2 VLAN mapping on the PE and
replace double C-VLAN tags with double S-VLAN tags.

11.4 Licensing Requirements and Limitations for VLAN

Mapping

Involved Network Elements

Other network elements are not required.

Licensing Requirements
VLAN mapping configuration commands are available only after the S1720GW,
S1720GWR, and S1720X have the license (WEB management to full management
Electronic RTU License) loaded and activated and the switches are restarted. VLAN
mapping configuration commands on other models are not under license control.
For details about how to apply for a license, see S Series Switch License Use
Guide.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 577

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Version Requirements of 1:1 mode and N:1 mode for 1 to 1VLAN Mapping

Table 11-1 Products and versions supporting VLAN mapping

Product Product Software Version
Model

S1700 S1720GFR V200R006C10, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S1720GW, V200R010C00, V200R011C00, V200R011C10

S1720GWR

S1720GW- V200R010C00, V200R011C00, V200R011C10

E,
S1720GWR
-E

S1720X, V200R011C00, V200R011C10

S1720X-E

Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.

S2700 S2700SI Not supported

S2700EI V100R005C01, V100R006(C00&C01&C03&C05)

NOTE
The S2752EI does not support N:1 VLAN mapping.

S2710SI V100R006(C03&C05)

S2720EI V200R006C10, V200R009C00, V200R010C00,

V200R011C10

S2750EI V200R003C00, V200R005C00SPC300, V200R006C00,

V200R007C00, V200R008C00, V200R009C00,
V200R010C00, V200R011C00, V200R011C10

S3700 S3700SI V100R005C01, V100R006(C00&C01&C03&C05)

S3700EI V100R005C01, V100R006(C00&C01&C03&C05)

S3700HI V100R006C01, V200R001C00

S5700 S5700LI V200R001C00, V200R002C00,

V200R003(C00&C02&C10), V200R005C00SPC300,
V200R006C00, V200R007C00, V200R008C00,
V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5700S-LI V200R001C00, V200R002C00, V200R003C00,

V200R005C00SPC300, V200R006C00, V200R007C00,
V200R008C00, V200R009C00, V200R010C00,
V200R011C00, V200R011C10

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 578

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Product Product Software Version

Model

S5710-C-LI V200R001C00

S5710-X-LI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S5700EI V100R005C01, V100R006(C00&C01),

V200R001(C00&C01), V200R002C00, V200R003C00,
V200R005(C00&C01&C02&C03)

S5700SI V100R005C01, V100R006C00, V200R001C00,

V200R002C00, V200R003C00, V200R005C00

S5710EI V200R001C00, V200R002C00, V200R003C00,

V200R005(C00&C02)

S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10

S5720LI, V200R010C00, V200R011C00, V200R011C10

S5720S-LI

S5720SI, V200R008C00, V200R009C00, V200R010C00,

S5720S-SI V200R011C00, V200R011C10

S5700HI V100R006C01, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00SPC500&C01&C02)

S5710HI V200R003C00, V200R005(C00&C02&C03)

S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

V200R009C00, V200R010C00, V200R011C00,
V200R011C10
NOTE
The S5720HI does not support N:1 VLAN mapping.

S5730SI V200R011C10

S5730S-EI V200R011C10

S6700 S6700EI V100R006C00, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00&C01&C02)

S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, V200R011C00, V200R011C10

S6720S-LI

S6720SI, V200R011C00, V200R011C10

S6720S-SI

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 579

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

NOTE
To know details about software mappings, see Hardware Query Tool.

Version Requirements of 1:1 mode and N:1 mode for 2 to 1 VLAN Mapping

Table 11-2 Products and versions supporting VLAN mapping

Product Product Software Version
Model

S1700 S1720GFR Not supported

S1720GW, Not supported

S1720GWR

S1720GW- Not supported

E,
S1720GWR
-E

S1720X, V200R011C00, V200R011C10

S1720X-E NOTE
The S1720X, S1720X-E does not support N:1 VLAN
mapping.

Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.

S2700 S2700SI Not supported

S2700EI Not supported

S2710SI Not supported

S2720EI Not supported

S2750EI Not supported

S3700 S3700SI Not supported

S3700EI Not supported

S3700HI V100R006C01, V200R001C00

S5700 S5700LI, Not supported

S5700S-LI

S5720LI, Not supported

S5720S-LI

S5710-C-LI Not supported

S5710-X-LI Not supported

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 580

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Product Product Software Version

Model

S5700EI V100R005C01, V100R006(C00&C01),

V200R001(C00&C01), V200R002C00, V200R003C00,
V200R005(C00&C01&C02&C03)

S5700SI Not supported

S5710EI V200R001C00, V200R002C00, V200R003C00,

V200R005(C00&C02)

S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10

S5720SI, Not supported

S5720S-SI

S5700HI V100R006C01, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00SPC500&C01&C02)

S5710HI V200R003C00, V200R005(C00&C02&C03)

S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

V200R009C00, V200R010C00, V200R011C00,
V200R011C10
NOTE
The S5720HI does not support N:1 VLAN mapping.

S5730SI V200R011C10
NOTE
The S5730SI does not support N:1 VLAN mapping.

S5730S-EI V200R011C10
NOTE
The S5730S-EI does not support N:1 VLAN mapping.

S6700 S6700EI V100R006C00, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00&C01&C02)

S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, V200R011C00, V200R011C10

S6720S-LI NOTE
The S6720LI, S6720S-LI does not support N:1 VLAN
mapping.

S6720SI, V200R011C00, V200R011C10

S6720S-SI NOTE
The S6720SI, S6720S-SI does not support N:1 VLAN
mapping.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 581

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Version Requirements of 2:2 VLAN Mapping

Table 11-3 Products and versions supporting 2:2 VLAN mapping

Product Product Software Version
Model

S1700 S1720GFR Not supported

S1720GW, Not supported

S1720GWR

S1720GW- Not supported

E,
S1720GWR
-E

S1720X, V200R011C00, V200R011C10

S1720X-E

Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.

S2700 S2700SI Not supported

S2700EI Not supported

S2710SI Not supported

S2720EI Not supported

S2750EI Not supported

S3700 S3700SI Not supported

S3700EI Not supported

S3700HI Not supported

S5700 S5700LI, Not supported

S5700S-LI

S5720LI, Not supported

S5720S-LI

S5710-C-LI Not supported

S5710-X-LI Not supported

S5700EI Not supported

S5700SI Not supported

S5710EI Not supported

S5720EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 582

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Product Product Software Version

Model

S5720SI, Not supported

S5720S-SI

S5700HI Not supported

S5710HI Not supported

S5720HI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S5730SI V200R011C10

S5730S-EI V200R011C10

S6700 S6700EI Not supported

S6720EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, V200R011C00, V200R011C10

S6720S-LI

S6720SI, V200R011C00, V200R011C10

S6720S-SI

Feature Limitations
● VLAN mapping can be configured only on a trunk or hybrid interface, and the
hybrid interface must be added to the translated VLAN in tagged mode.
● When N:1 VLAN mapping is configured, the interface needs to join the
original VLAN in tagged mode.
● When VLAN mapping is configured, it is not recommended that map-vlan be
configured for the VLAN corresponding to the VLANIF interface.
● If VLAN mapping and DHCP are configured on the same interface, it is
recommended to add the interface to the original VLANs (VLANs before
mapping) in tagged mode.
● N:1 VLAN mapping takes effect only when the packets with original VLANs
are sent first. In this case, if packets are sent from the S-VLAN first, the C-
VLAN to be mapped cannot be determined because no ACL entry is
generated. As a result, the packets are discarded.
● N:1 VLAN mapping is not supported in a stack scenario.
● N:1 VLAN mapping does not take effect for reverse BUM traffic.
● A VLAN bound to a BD cannot be specified as the value of map-vlan (the
outer VLAN ID in the mapped tag) in VLAN mapping commands. Similarly, a
VLAN specified as the value of map-vlan in VLAN mapping commands cannot
be bound to a BD.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 583

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

● Configuring MAC address limiting and N:1 VLAN mapping simultaneously

causes a high CPU usage on some low-end switches, so such configuration is
not recommended.

11.5 Configuring VLAN ID-based VLAN Mapping

Pre-configuration Tasks
Before configuring VLAN ID-based VLAN mapping, complete the following tasks:
● Create the specified VLAN.
● Add the primary interface to the mapped VLAN.

11.5.1 Configuring 1:1 VLAN Mapping

Context
When receiving a tagged packet, an interface maps the VLAN ID in the packet to
an S-VLAN ID.
After the port vlan-mapping vlan vlan-id1 [ to vlan-id2 ] map-vlan vlan-id3
[ remark-8021p 8021p-value ] command is used on an interface, vlan-id1 [ to
vlan-id2 ] is mapped to vlan-id3 in the inbound direction, and vlan-id3 is mapped
to vlan-id1 [ to vlan-id2 ] in the outbound direction.
On the S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E,
S1720X-E, S2750EI, S2720EI, S5700S-LI, S5700LI, S5720LI, S5720S-LI, S6720LI,
S6720S-LI, S5710-X-LI, S5730SI, S5730S-EI, S6720SI, S6720S-SI, S5720SI, and
S5720S-SI, outbound VLAN mapping cannot be used with a traffic policy. You can
run the port vlan-mapping ingress command to configure VLAN mapping in the
inbound direction. The interface configured with VLAN mapping maps vlan-id1
[ to vlan-id2 ] to vlan-id3 in the inbound direction, and does not map vlan-id3 to
vlan-id1 [ to vlan-id2 ] in the outbound direction.

NOTE
The port vlan-mapping ingress command is only supported by S1720GFR, S1720GW,
S1720GWR, S1720X, S1720GW-E, S1720GWR-E, S1720X-E, S2750EI, S2720EI, S5700S-LI,
S5700LI, S5720LI, S5720S-LI, S6720LI, S6720S-LI, S5710-X-LI, S5730SI, S5730S-EI, S6720SI,
S6720S-SI, S5720SI, and S5720S-SI.

Pre-configuration Tasks
Before configuring 1:1 VLAN mapping, complete the following tasks:
● Create the specified VLAN.
● Add the primary interface to the translated VLAN.

Procedure
Step 1 Run system-view
The system view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 584

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Step 2 Run interface interface-type interface-number

The interface view is displayed.
Step 3 Run port link-type { hybrid | trunk }
The port link-type is set.
Step 4 Run qinq vlan-translation enable
VLAN translation is enabled on the interface.
Step 5 (Optional) Run port vlan-mapping ingress
VLAN mapping is configured in the inbound direction.
By default, VLAN mapping is valid for both inbound and outbound directions.
Step 6 Run port vlan-mapping vlan vlan-id1 [ to vlan-id2 ] map-vlan vlan-id3
[ remark-8021p 8021p-value ]
Single-tagged VLAN mapping is configured on the interface.

NOTE

● VLAN mapping can be configured only on a trunk or hybrid interface, and the hybrid
interface must be added to the translated VLAN in tagged mode.
● When N:1 VLAN mapping is configured (VLAN IDs can be non-contiguous before
mapping), the interface needs to be added to these VLANs in tagged mode, and the
VLAN specified by map-vlan cannot be a VLAN corresponding to a VLANIF interface.
● If VLAN mapping and DHCP are configured on the same interface, it is recommended to
add the interface to the original VLANs (VLANs before mapping) in tagged mode.
● Configuring mac-limit and N:1 VLAN mapping simultaneously causes a high CPU usage
on some low-end switches. Therefore, such configuration is not recommended.
● N:1 VLAN mapping takes effect only when the packets with original VLANs are sent
first. In this case, if packets are sent from the S-VLAN first, the C-VLAN to be mapped
cannot be determined because no ACL entry is generated. As a result, the packets are
discarded.

----End

11.5.2 Configuring 2:1 VLAN Mapping

Context
When receiving a tagged packet, an interface maps the VLAN ID in the packet to
an S-VLAN ID.

NOTE

Only the S1720X, S1720X-E, S5720HI, S5720EI, S5730SI, S5730S-EI, S6720LI, S6720S-LI,
S6720SI, S6720S-SI, S6720EI, and S6720S-EI support this configuration.

Procedure
Step 1 Run system-view
The system view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 585

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Step 2 Run interface interface-type interface-number

The interface view is displayed.

Step 3 Run port link-type { hybrid | trunk }

The port link-type is set.

Step 4 Run qinq vlan-translation enable

VLAN translation is enabled on the interface.

Step 5 Run port vlan-mapping vlan vlan-id1 inner-vlan vlan-id2 [ to vlan-id3 ] map-
vlan vlan-id4 [ remark-8021p 8021p-value ]

The outer VLAN tag is replaced.

----End

11.5.3 Configuring 2:2 VLAN Mapping

Context
QinQ is used to send double-tagged packets, which prevents the conflict between
C-VLAN IDs and S-VLAN IDs and differentiates services and users. However, the
interface will discard the packets because C-VLAN IDs are different from S-VLAN
IDs. To ensure communication continuity, configure 2:2 VLAN mapping on the PE
and replace double C-VLAN tags with double S-VLAN tags.

NOTE

Only the S1720X, S1720X-E, S5720HI, S5720EI, S5730SI, S5730S-EI, S6720LI, S6720S-LI,
S6720SI, S6720S-SI, S6720EI, and S6720S-EI support this configuration.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The Ethernet interface view is displayed.

Step 3 Run port link-type { hybrid | trunk }

The port link-type is set.

Step 4 Run qinq vlan-translation enable

VLAN translation is enabled on the interface.

Step 5 Run port vlan-mapping vlan vlan-id1 inner-vlan vlan-id2 map-vlan vlan-id3
map-inner-vlan vlan-id4 [ remark-8021p 8021p-value ]

The outer and inner VLAN tags are replaced.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 586

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

11.5.4 Verifying the VLAN ID-based VLAN Mapping

Configuration

Procedure
● Run the display vlan vlan-id command to check whether the interface is
added to the translated S-VLAN.
● Run the display current-configuration command to check the VLAN
mapping configuration on the interface.
----End

11.6 Configuring MQC-based VLAN Mapping

Context
A traffic policy is a QoS policy configured by binding traffic classifiers to traffic
behaviors. A traffic policy is bound to a traffic classifier and traffic behavior to
implement VLAN mapping. The traffic classifier defines rules based on VLAN IDs.
VLAN mapping based on the traffic policy implements differentiated services.

Procedure
1. Configure a traffic classifier.
a. Run system-view
The system view is displayed.
b. Run traffic classifier classifier-name [ operator { and | or } ]
A traffic classifier is created and the traffic classifier view is displayed, or
an existing traffic classifier view is displayed.
and is the logical operator between the rules in the traffic classifier,
which means that:

▪ If the traffic classifier contains ACL rules, packets match the traffic
classifier only when they match one ACL rule and all the non-ACL
rules.

▪ If the traffic classifier does not contain any ACL rules, packets match
the traffic classifier only when they match all the rules in the
classifier.
The logical operator or means that packets match the traffic classifier if
they match one of the rules in the classifier.
By default, the relationship between rules in a traffic classifier is OR.
c. Configure matching rules according to the following table.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 587

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

NOTE

Only the S5720EI, S6720EI, and S6720S-EI support traffic classifiers with
advanced ACLs containing the ttl-expired field.
When a traffic classifier contains if-match ipv6 acl { acl-number | acl-name },
the S5720HI does not support remark 8021p [ 8021p-value | inner-8021p ],
remark cvlan-id cvlan-id, remark vlan-id vlan-id, or mac-address learning
disable.

Matchin Command Remarks

g Rule

Outer if-match vlan-id start-vlan-id Only the S1720X, S1720X-

VLAN ID [ to end-vlan-id ] [ cvlan-id E, S5720EI, S5720HI,
or inner cvlan-id ] S5730SI, S5730S-EI,
and outer S6720LI, S6720S-LI,
VLAN IDs S6720SI, S6720S-SI,
of QinQ S6720EI, and S6720S-EI
packets support the cvlan-id
cvlan-id parameter.
Inner and if-match cvlan-id start-vlan-id -
outer [ to end-vlan-id ] [ vlan-id
VLAN IDs vlan-id ] (S1720X, S1720X-E,
in QinQ S5720EI, S5720HI, S5730SI,
packets S5730S-EI, S6720LI, S6720S-LI,
S6720SI, S6720S-SI, S6720EI,
S6720S-EI)

802.1p if-match 8021p 8021p-value If you enter multiple

priority in &<1-8> 802.1p priority values in
VLAN one command, a packet
packets matches the traffic
classifier if it matches any
of the priorities,
regardless of whether the
relationship between
rules in the traffic
classifier is AND or OR.

Inner if-match cvlan-8021p 8021p- -

802.1p value &<1-8> (S5720EI,
priority in S5720HI, S6720EI, S6720S-EI)
QinQ
packets

Drop if-match discard (S5720EI, A traffic classifier

packet S5720HI, S6720EI, S6720S-EI) containing this matching
rule can only be bound to
traffic behaviors
containing traffic statistics
collection and flow
mirroring actions.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 588

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Matchin Command Remarks

g Rule

Double if-match double-tag -

tags in (S5720EI, S5720HI, S6720EI,
QinQ S6720S-EI)
packets

Destinati if-match destination-mac -

on MAC mac-address [ mac-address-
address mask ]
Source if-match source-mac mac- -
MAC address [ mac-address-mask ]
address

Protocol if-match l2-protocol { arp | ip -

type field | mpls | rarp | protocol-value }
in the
Ethernet
frame
header

All if-match any After the if-match any

packets command is run, only the
matching rule configured
using this command takes
effect, and the other
matching rules in the
same traffic classifier will
become ineffective.

DSCP if-match dscp dscp-value ● If you enter multiple

priority in &<1-8> DSCP values in one
IP command, a packet
packets matches the traffic
classifier if it matches
any of the DSCP
values, regardless of
whether the
relationship between
rules in the traffic
classifier is AND or OR.
● If the relationship
between rules in a
traffic classifier is AND,
the if-match dscp and
if-match ip-
precedence
commands cannot be
used in the traffic
classifier
simultaneously.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 589

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Matchin Command Remarks

g Rule

IP if-match ip-precedence ip- ● The if-match dscp and

preceden precedence-value &<1-8> if-match ip-
ce in IP precedence
packets commands cannot be
configured in a traffic
classifier in which the
relationship between
rules is AND.
● If you enter multiple IP
precedence values in
one command, a
packet matches the
traffic classifier if it
matches any of the IP
precedence values,
regardless of whether
the relationship
between rules in the
traffic classifier is AND
or OR.

Layer 3 if-match protocol { ip | ipv6 } -

protocol
type

SYN Flag if-match tcp syn-flag { syn- -

in the flag-value | ack | fin | psh | rst
TCP | syn | urg }
packet

Inbound if-match inbound-interface A traffic policy containing

interface interface-type interface- this matching rule cannot
number be applied to the
outbound direction or in
the interface view.

Outboun if-match outbound-interface A traffic policy containing

d interface-type interface- this matching rule cannot
interface number (S5720EI, S5720HI, be applied to the inbound
S6720EI, S6720S-EI) direction on the S5720HI.
The traffic policy
containing this matching
rule cannot be applied in
the interface view.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 590

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Matchin Command Remarks

g Rule

ACL rule if-match acl { acl-number | ● When an ACL is used

acl-name } to define a traffic
classification rule, it is
recommended that the
ACL be configured first.
● If an ACL in a traffic
classifier defines
multiple rules, a packet
matches the ACL as
long as it matches one
of rules, regardless of
whether the
relationship between
rules in the traffic
classifier is AND or OR.

ACL6 rule if-match ipv6 acl { acl- Before specifying an ACL6

number | acl-name } in a matching rule,
configure the ACL6.

Flow ID if-match flow-id flow-id The traffic classifier

(S5720EI, S6720EI, S6720S-EI) containing if-match
flow-id and the traffic
behavior containing
remark flow-id must be
bound to different traffic
policies.
The traffic policy
containing if-match
flow-id can only be
applied to an interface, a
VLAN, or the system in
the inbound direction.

d. Run quit
Exit from the traffic classifier view.
2. Configure a traffic behavior.
a. Run traffic behavior behavior-name
A traffic behavior is created and the traffic behavior view is displayed.
b. Run remark vlan-id vlan-id
The traffic behavior is configured. The outer VLAN ID of the packet is re-
marked.
c. (Optional) Run remark cvlan-id vlan-id
The traffic behavior is configured. The inner VLAN ID of the packet is re-
marked.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 591

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

NOTE

Only the S5720HI, S5720EI, S6720EI, and S6720S-EI support this configuration.
d. Run quit
Exit from the traffic behavior view.
e. Run quit
Exit from the system view.
3. Configure a traffic policy.
a. Run traffic policy policy-name [ match-order { auto | config } ]
A traffic policy is created and the traffic policy view is displayed, or the
view of an existing traffic policy is displayed. If you do not specify a
matching order for traffic classifiers in the traffic policy, the default
matching order config is used.
After a traffic policy is applied, you cannot use the traffic policy
command to modify the matching order of traffic classifiers in the traffic
policy. To modify the matching order, delete the traffic policy, create a
traffic policy, and specify the matching order.
When creating a traffic policy, you can specify the matching order of its
matching rules. The matching order can be either automatic order or
configuration order:

▪ Automatic order: Traffic classifiers are matched based on the

priorities of their types. Traffic classifiers based on the following
information are in descending order of priority: Layer 2 and IPv4
Layer 3 information, advanced ACL6 information, basic ACL6
information, Layer 2 information, IPv4 Layer 3 information, and user-
defined ACL information. If data traffic matches multiple traffic
classifiers, and the traffic behaviors conflict with each other, the
traffic behavior corresponding to the highest priority rule takes
effect.

▪ Configuration order: Traffic classifiers are matched based on the

sequence in which traffic classifiers were bound to traffic behaviors.
NOTE

If more than 128 ACL rules defining CAR are configured, a traffic policy must be
applied to an interface, a VLAN, and the system in sequence in the outbound
direction. In the preceding situation, if you need to update ACL rules, delete the
traffic policy from the interface, VLAN, and system and reconfigure it in
sequence.
b. Run classifier classifier-name behavior behavior-name
A traffic behavior is bound to a traffic classifier in the traffic policy.
c. Run quit
Exit from the traffic policy view.
d. Run quit
Exit from the system view.
4. Apply the traffic policy.
– Applying a traffic policy to an interface

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 592

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

i. Run system-view
The system view is displayed.
ii. Run interface interface-type interface-number
The interface view is displayed.
iii. Run traffic-policy policy-name { inbound | outbound }
A traffic policy is applied to the interface.
A traffic policy can be applied to only one direction on an interface,
but a traffic policy can be applied to different directions on different
interfaces. After a traffic policy is applied to an interface, the system
performs traffic policing for all the incoming or outgoing packets
that match traffic classification rules on the interface.
– Applying a traffic policy to a VLAN
i. Run system-view
The system view is displayed.
ii. Run vlan vlan-id
The VLAN view is displayed.
iii. Run traffic-policy policy-name { inbound | outbound }
A traffic policy is applied to the VLAN.
Only one traffic policy can be applied to a VLAN in the inbound or
outbound direction.
After a traffic policy is applied, the system performs traffic policing
for the packets that belong to a VLAN and match traffic classification
rules in the inbound or outbound direction.
– Applying a traffic policy to the system
i. Run system-view
The system view is displayed.
ii. Run traffic-policy policy-name global { inbound | outbound } [ slot
slot-id ]
A traffic policy is applied to the system.
Only one traffic policy can be applied to the system or slot in one
direction. A traffic policy cannot be applied to the same direction in
the system and slot simultaneously.
○ In a stack, a traffic policy that is applied to the system takes
effect on all the interfaces and VLANs of all the member
switches in the stack. The system then performs traffic policing
for all the incoming and outgoing packets that match traffic
classification rules on all the member switches. A traffic policy
that is applied to a specified slot takes effect on all the
interfaces and VLANs of the member switch with the specified
stack ID. The system then performs traffic policing for all the
incoming and outgoing packets that match traffic classification
rules on this member switch.
○ On a standalone switch, a traffic policy that is applied to the
system takes effect on all the interfaces and VLANs of the local
switch. The system then performs traffic policing for all the
incoming and outgoing packets that match traffic classification

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 593

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

rules on the local switch. Traffic policies applied to the slot and
system have the same functions.

Verifying the Configuration

● Run the display traffic classifier user-defined [ classifier-name ] command
to check the traffic classifier configuration.
● Run the display traffic behavior user-defined [ behavior-name ] command
to check the traffic behavior configuration.
● Run the display traffic policy user-defined [ policy-name [ classifier
classifier-name ] ] command to check the user-defined traffic policy
configuration.
● Run the display traffic-applied [ interface [ interface-type interface-
number ] | vlan [ vlan-id ] ] { inbound | outbound } [ verbose ] command to
check information about ACL-based simplified and MQC-based traffic policies
applied to the system, a VLAN, or an interface.
NOTE

Traffic policies can be applied to a sub-interface, but the display traffic-applied

command cannot be used to check information about ACL-based simplified and MQC-
based traffic policies applied to the sub-interface.
● Run the display traffic policy { interface [ interface-type interface-number
[.subinterface-number ] ] | vlan [ vlan-id ] | ssid-profile [ ssid-profile-name ]
| global } [ inbound | outbound ] command to check the traffic policy
configuration.
NOTE

Only the S5720EI, S5720HI, S6720EI, and S6720S-EI support sub-interfaces.

Only the S5720HI supports ssid-profile [ ssid-profile-name ].
● Run the display traffic-policy applied-record [ policy-name ] command to
check the application record of a specified traffic policy.

11.7 Displaying VLAN Translation Resource Usage

Context
During VLAN Mapping configuration, VLAN translation resources may be
insufficient. You can run commands to view the total number of inbound/
outbound VLAN translation resources, the number of used VLAN translation
resources, and the number of remaining VLAN translation resources. The
command output helps you locate faults.

Procedure
Step 1 Run the display vlan-translation resource [ slot slot-number ] command in any
view to view VLAN translation resource usage.
NOTE

Only the S5720HI, S5720EI, S6720EI, and S6720S-EI support this command.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 594

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Step 2 Run the display spare-bucket resource [ slot slot-number ] command in any
view to view the usage of backup resources when VLAN translation resources
conflict.
NOTE
Only the S5720HI supports this command.

----End

11.8 Configuration Examples for VLAN Mapping

11.8.1 Example for Configuring VLAN ID-based 1:1 VLAN

Mapping
Networking Requirements
Users in different communities use the same services, such as the web, IPTV, and
VoIP services. To facilitate management, the network administrator of each
community adds different services to different VLANs. For communities in
different VLANs to use the same services, communication between VLANs must be
implemented.
In Figure 11-5, community 1 and community 2 have the same services, but
belong to different VLANs. Communication between them needs to be
implemented with low costs.

Figure 11-5 Networking diagram for configuring 1:1 VLAN mapping

PE1 PE2
GE0/0/1 ISP GE0/0/1
VLAN10

CE1 GE0/0/3 GE0/0/3 CE2

GE0/0/1 GE0/0/2 GE0/0/1 GE0/0/2

Community1 Community2
VLAN6 VLAN5

172.16.0.2/16 172.16.0.6/16
172.16.0.1/16 172.16.0.3/16 172.16.0.5/16 172.16.0.7/16

Configuration Roadmap
The configuration roadmap is as follows:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 595

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

1. Add the switch port connecting to community 1 to VLAN6 and add the switch
port connecting to community 2 to VLAN5.
2. Configure VLAN mapping on GE0/0/1 of PE1 and PE2 and map C-VLAN IDs to
S-VLAN IDs so that users in different VLANs can communicate with each
other.

Procedure
Step 1 Add downlink interfaces on switches to specified VLANs.
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan 6
[CE1-vlan6] quit
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type access
[CE1-GigabitEthernet0/0/1] port default vlan 6
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface gigabitethernet 0/0/2
[CE1-GigabitEthernet0/0/2] port link-type access
[CE1-GigabitEthernet0/0/2] port default vlan 6
[CE1-GigabitEthernet0/0/2] quit
[CE1] interface gigabitethernet 0/0/3
[CE1-GigabitEthernet0/0/3] port link-type trunk
[CE1-GigabitEthernet0/0/3] port trunk allow-pass vlan 6
[CE1-GigabitEthernet0/0/3] quit

# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan 5
[CE2-vlan5] quit
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port link-type access
[CE2-GigabitEthernet0/0/1] port default vlan 5
[CE2-GigabitEthernet0/0/1] quit
[CE2] interface gigabitethernet 0/0/2
[CE2-GigabitEthernet0/0/2] port link-type access
[CE2-GigabitEthernet0/0/2] port default vlan 5
[CE2-GigabitEthernet0/0/2] quit
[CE2] interface gigabitethernet 0/0/3
[CE2-GigabitEthernet0/0/3] port link-type trunk
[CE2-GigabitEthernet0/0/3] port trunk allow-pass vlan 5
[CE2-GigabitEthernet0/0/3] quit

Step 2 Configure VLAN mapping on the GE0/0/1 of PE1 and PE2.

# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan 10
[PE1-vlan10] quit
[PE1] interface gigabitethernet 0/0/1
[PE1-GigabitEthernet0/0/1] port link-type trunk
[PE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[PE1-GigabitEthernet0/0/1] qinq vlan-translation enable
[PE1-GigabitEthernet0/0/1] port vlan-mapping vlan 6 map-vlan 10
[PE1-GigabitEthernet0/0/1] quit

# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 596

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

[PE2] vlan 10
[PE2-vlan10] quit
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] port link-type trunk
[PE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[PE2-GigabitEthernet0/0/1] qinq vlan-translation enable
[PE2-GigabitEthernet0/0/1] port vlan-mapping vlan 5 map-vlan 10
[PE2-GigabitEthernet0/0/1] quit

Step 3 Verify the configuration.

Verify that users in community 1 and community 2 can communicate with each
other.
----End

Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 6
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 6
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 6
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 6
#
return
● CE2 configuration file
#
sysname CE2
#
vlan batch 5
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 5
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 5
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 5
#
return
● PE1 configuration file
#
sysname PE1
#
vlan batch 10
#
interface GigabitEthernet0/0/1
port link-type trunk
qinq vlan-translation enable
port trunk allow-pass vlan 10

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 597

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

port vlan-mapping vlan 6 map-vlan 10

#
return

● PE2 configuration file

#
sysname PE2
#
vlan batch 10
#
interface GigabitEthernet0/0/1
port link-type trunk
qinq vlan-translation enable
port trunk allow-pass vlan 10
port vlan-mapping vlan 5 map-vlan 10
#
return

11.8.2 Example for Configuring VLAN ID-based N:1 VLAN

Mapping

Networking Requirements
In Figure 11-6, a large number of switches need to be deployed at the corridor so
that the same service used by different users can be sent on different VLANs. To
save VLAN resources, configure the VLAN aggregation function (N:1) on the
switches so that same services are sent on the same VLAN.

Figure 11-6 Networking diagram for configuring N:1 VLAN mapping

Internet

Switch GE0/0/1

VLAN100~109
SwitchA

…… …… ……

SwitchB SwitchC SwitchD SwitchE

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 598

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Configuration Roadmap
The configuration roadmap is as follows:
1. Create the original VLAN and the translated VLAN on the Switch and add
GE0/0/1 to the VLANs in tagged mode.
2. Configure VLAN mapping on GE0/0/1 on the Switch.

Procedure
Step 1 Configure the Switch.
# Create a VLAN.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 10 100 to 109

# Add GE0/0/1 to the VLAN.

[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid tagged vlan 10 100 to 109

# Configure VLAN mapping on GE0/0/1.

[Switch-GigabitEthernet0/0/1] qinq vlan-translation enable
[Switch-GigabitEthernet0/0/1] port vlan-mapping vlan 100 to 109 map-vlan 10

Step 2 Verify the configuration.

Verify that users in VLAN 100 to VLAN 109 can connect to the Internet through
the Switch.

----End

Configuration Files
● Switch configuration file
#
sysname Switch
#
vlan batch 10 100 to 109
#
interface gigabitethernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid tagged vlan 10 100 to 109
port vlan-mapping vlan 100 to 109 map-vlan 10
#
return

11.8.3 Example for Configuring VLAN ID-based 2 to 1 VLAN

Mapping
Networking Requirements
NOTE

Only the S1720X, S1720X-E, S5720HI, S5720EI, S5730SI, S5730S-EI, S6720LI, S6720S-LI,
S6720SI, S6720S-SI, S6720EI, and S6720S-EI support this example.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 599

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

As shown in Figure 11-7, Residential Gateway, Corridor Switch, and Community

Switch allow users to connect to the aggregation layer. To save VLAN resources
and isolate same services used by different users, configure the QinQ function on
the Corridor Switch and configure VLAN mapping on the Community Switch.

Figure 11-7 Networking diagram for configuring 2 to 1 VLAN mapping

Internet

Aggregate switch of carrier

Community GE0/0/3
Switch IP 2 ~3 501
S5
GE0/0/2 GE0/0/1 IP 4 501

S3 GE0/0/2 GE0/0/2 IP 2 ~3 201

Corridor S4
GE0/0/1 Switch GE0/0/1 IP 4 401

S1 GE0/0/4 GE0/0/4 S2
Residential
Gateway
GE

1
1

GE
/0/
GE0/0/2

GE0/0/2
/0/

0/0

0/0
0
0

GE
GE

/3

/3

PC VoIP IPTV PC VoIP IPTV

VLAN 2 VLAN 3 VLAN 4 VLAN 2 VLAN 3 VLAN 4

Configuration Roadmap
The configuration roadmap is as follows:
1. Add switch ports connecting to users to specified VLANs to distinguish
different services.
2. Configure the QinQ function on the Corridor Switch to distinguish users and
services.
3. Configure VLAN mapping on the Community Switch to save VLAN resources.

Procedure
Step 1 Add downlink interfaces of S1 and S2 to specified VLANs.
# Configure S1.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 600

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

<HUAWEI> system-view
[HUAWEI] sysname S1
[S1] vlan batch 2 to 4
[S1] interface gigabitethernet 0/0/1
[S1-GigabitEthernet0/0/1] port link-type access
[S1-GigabitEthernet0/0/1] port default vlan 2
[S1-GigabitEthernet0/0/1] quit
[S1] interface gigabitethernet 0/0/2
[S1-GigabitEthernet0/0/2] port link-type access
[S1-GigabitEthernet0/0/2] port default vlan 3
[S1-GigabitEthernet0/0/2] quit
[S1] interface gigabitethernet 0/0/3
[S1-GigabitEthernet0/0/3] port link-type access
[S1-GigabitEthernet0/0/3] port default vlan 4
[S1-GigabitEthernet0/0/3] quit
[S1] interface gigabitethernet 0/0/4
[S1-GigabitEthernet0/0/4] port link-type trunk
[S1-GigabitEthernet0/0/4] port trunk allow-pass vlan 2 to 4
[S1-GigabitEthernet0/0/4] quit

# Configure S2.
<HUAWEI> system-view
[HUAWEI] sysname S2
[S2] vlan batch 2 to 4
[S2] interface gigabitethernet 0/0/1
[S2-GigabitEthernet0/0/1] port link-type access
[S2-GigabitEthernet0/0/1] port default vlan 2
[S2-GigabitEthernet0/0/1] quit
[S2] interface gigabitethernet 0/0/2
[S2-GigabitEthernet0/0/2] port link-type access
[S2-GigabitEthernet0/0/2] port default vlan 3
[S2-GigabitEthernet0/0/2] quit
[S2] interface gigabitethernet 0/0/3
[S2-GigabitEthernet0/0/3] port link-type access
[S2-GigabitEthernet0/0/3] port default vlan 4
[S2-GigabitEthernet0/0/3] quit
[S2] interface gigabitethernet 0/0/4
[S2-GigabitEthernet0/0/4] port link-type trunk
[S2-GigabitEthernet0/0/4] port trunk allow-pass vlan 2 to 4
[S2-GigabitEthernet0/0/4] quit

Step 2 Configure the QinQ function on the Corridor Switch to allow the Corridor Switch
to send double-tagged packets to the Community Switch.
# Configure S3.
<HUAWEI> system-view
[HUAWEI] sysname S3
[S3] vlan batch 201 401
[S3] interface gigabitethernet 0/0/1
[S3-GigabitEthernet0/0/1] port link-type hybrid
[S3-GigabitEthernet0/0/1] port hybrid untagged vlan 201 401
[S3-GigabitEthernet0/0/1] qinq vlan-translation enable
[S3-GigabitEthernet0/0/1] port vlan-stacking vlan 2 to 3 stack-vlan 201
[S3-GigabitEthernet0/0/1] port vlan-stacking vlan 4 stack-vlan 401
[S3-GigabitEthernet0/0/1] quit
[S3] interface gigabitethernet 0/0/2
[S3-GigabitEthernet0/0/2] port link-type trunk
[S3-GigabitEthernet0/0/2] port trunk allow-pass vlan 201 401
[S3-GigabitEthernet0/0/2] quit

# Configure S4.
<HUAWEI> system-view
[HUAWEI] sysname S4
[S4] vlan batch 201 401
[S4] interface gigabitethernet 0/0/1
[S4-GigabitEthernet0/0/1] port link-type hybrid
[S4-GigabitEthernet0/0/1] port hybrid untagged vlan 201 401

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 601

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

[S4-GigabitEthernet0/0/1] qinq vlan-translation enable

[S4-GigabitEthernet0/0/1] port vlan-stacking vlan 2 to 3 stack-vlan 201
[S4-GigabitEthernet0/0/1] port vlan-stacking vlan 4 stack-vlan 401
[S4-GigabitEthernet0/0/1] quit
[S4] interface gigabitethernet 0/0/2
[S4-GigabitEthernet0/0/2] port link-type trunk
[S4-GigabitEthernet0/0/2] port trunk allow-pass vlan 201 401
[S4-GigabitEthernet0/0/2] quit

Step 3 Configure VLAN mapping on S5.

<HUAWEI> system-view
[HUAWEI] sysname S5
[S5] vlan batch 501
[S5] interface gigabitethernet 0/0/1
[S5-GigabitEthernet0/0/1] port link-type trunk
[S5-GigabitEthernet0/0/1] port trunk allow-pass vlan 501
[S5-GigabitEthernet0/0/1] qinq vlan-translation enable
[S5-GigabitEthernet0/0/1] port vlan-mapping vlan 201 inner-vlan 2 to 3 map-vlan 501
[S5-GigabitEthernet0/0/1] port vlan-mapping vlan 401 inner-vlan 4 map-vlan 501
[S5-GigabitEthernet0/0/1] quit
[S5] interface gigabitethernet 0/0/2
[S5-GigabitEthernet0/0/2] port link-type trunk
[S5-GigabitEthernet0/0/2] port trunk allow-pass vlan 501
[S5-GigabitEthernet0/0/2] qinq vlan-translation enable
[S5-GigabitEthernet0/0/2] port vlan-mapping vlan 201 inner-vlan 2 to 3 map-vlan 501
[S5-GigabitEthernet0/0/2] port vlan-mapping vlan 401 inner-vlan 4 map-vlan 501
[S5-GigabitEthernet0/0/2] quit
[S5] interface gigabitethernet 0/0/3
[S5-GigabitEthernet0/0/3] port link-type trunk
[S5-GigabitEthernet0/0/3] port trunk allow-pass vlan 501
[S5-GigabitEthernet0/0/3] quit

Step 4 Verify the configuration.

Verify that users can connect to the network and that same services are sent on
the same VLAN.
----End

Configuration Files
● Configuration file of S1
#
sysname S1
#
vlan batch 2 to 4
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 3
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 4
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4
#
return
● Configuration file of S2
#
sysname S2

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 602

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

#
vlan batch 2 to 4
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 3
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 4
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4
#
return
● Configuration file of S3
#
sysname S3
#
vlan batch 201 401
#
interface GigabitEthernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid untagged vlan 201 401
port vlan-stacking vlan 2 to 3 stack-vlan 201
port vlan-stacking vlan 4 stack-vlan 401
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 201 401
#
return
● Configuration file of S4
#
sysname S4
#
vlan batch 201 401
#
interface GigabitEthernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid untagged vlan 201 401
port vlan-stacking vlan 2 to 3 stack-vlan 201
port vlan-stacking vlan 4 stack-vlan 401
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 201 401
#
return
● Configuration file of S5
#
sysname S5
#
vlan batch 501
#
interface GigabitEthernet0/0/1
port link-type trunk
qinq vlan-translation enable
port trunk allow-pass vlan 501
port vlan-mapping vlan 201 inner-vlan 2 to 3 map-vlan

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 603

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

501
port vlan-mapping vlan 401 inner-vlan 4 map-vlan 501
#
interface GigabitEthernet0/0/2
port link-type trunk
qinq vlan-translation enable
port trunk allow-pass vlan 501
port vlan-mapping vlan 201 inner-vlan 2 to 3 map-vlan
501
port vlan-mapping vlan 401 inner-vlan 4 map-vlan 501
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 501
#
return

11.8.4 Example for Configuring VLAN ID-based 2:2 VLAN

Mapping
Networking Requirements
NOTE

Only the S1720X, S1720X-E, S5720HI, S5720EI, S5730SI, S5730S-EI, S6720LI, S6720S-LI,
S6720SI, S6720S-SI, S6720EI, and S6720S-EI support this example.

QinQ is used to send double-tagged packets, which prevents the conflict between
C-VLAN IDs and S-VLAN IDs and differentiates services and users. However, the
interface will discard the packets because C-VLAN IDs are different from S-VLAN
IDs. To ensure communication continuity, configure 2:2 VLAN mapping on the PE
and replace double C-VLAN tags with double S-VLAN tags.
In Figure 11-8, users send double-tagged packets to the ISP network. These
packets cannot be sent successfully because the VLAN IDs are different from the
S-VLAN IDs. To solve this problem, ensure that the users of the Switch5 and
Switch6 can communicate.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 604

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Figure 11-8 Networking diagram for configuring 2:2 VLAN mapping

Switch2 Switch3
ISP
outside tag:50
inner tag:60

GE0/0/1 GE0/0/1
GE0/0/2 GE0/0/2
Switch1 Switch4

GE0/0/1 GE0/0/1
GE0/0/2
GE0/0/2

Switch5 Switch6

GE0/0/1 GE0/0/1

VLAN 10 VLAN 30

VLAN Mapping

Configuration Roadmap
The configuration roadmap is as follows:

1. Add switch ports connecting to users to VLAN 10 and VLAN 30.

2. Configure the QinQ function on Switch1 and Switch4 so that packets sent to
the ISP network are double-tagged.
3. Configure 2:2 VLAN mapping on switches connected to the ISP network.

Procedure
Step 1 Add downlink interfaces on switches to specified VLANs.

# Configure Switch5.
<HUAWEI> system-view
[HUAWEI] sysname Switch5
[Switch5] vlan 10
[Switch5-vlan10] quit
[Switch5] interface gigabitethernet 0/0/1
[Switch5-GigabitEthernet0/0/1] port link-type access
[Switch5-GigabitEthernet0/0/1] port default vlan 10
[Switch5-GigabitEthernet0/0/1] quit
[Switch5] interface gigabitethernet 0/0/2
[Switch5-GigabitEthernet0/0/2] port link-type trunk
[Switch5-GigabitEthernet0/0/2] port trunk allow-pass vlan 10

# Configure Switch6.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 605

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

<HUAWEI> system-view
[HUAWEI] sysname Switch6
[Switch6] vlan 30
[Switch6-vlan30] quit
[Switch6] interface gigabitethernet 0/0/1
[Switch6-GigabitEthernet0/0/1] port link-type access
[Switch6-GigabitEthernet0/0/1] port default vlan 30
[Switch6-GigabitEthernet0/0/1] quit
[Switch6] interface gigabitethernet 0/0/2
[Switch6-GigabitEthernet0/0/2] port link-type trunk
[Switch6-GigabitEthernet0/0/2] port trunk allow-pass vlan 30

Step 2 Configure the QinQ function on Switch1 and Switch4 so that packets sent to the
ISP network are double-tagged.

# Configure Switch 1.
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan 20
[Switch1-vlan20] quit
[Switch1] interface gigabitethernet 0/0/1
[Switch1-GigabitEthernet0/0/1] port link-type hybrid
[Switch1-GigabitEthernet0/0/1] port hybrid untagged vlan 20
[Switch1-GigabitEthernet0/0/1] qinq vlan-translation enable
[Switch1-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 20
[Switch1-GigabitEthernet0/0/1] quit
[Switch1] interface gigabitethernet 0/0/2
[Switch1-GigabitEthernet0/0/2] port link-type trunk
[Switch1-GigabitEthernet0/0/2] port trunk allow-pass vlan 20
[Switch1-GigabitEthernet0/0/2] quit

# Configure Switch 4.
<HUAWEI> system-view
[HUAWEI] sysname Switch4
[Switch4] vlan 40
[Switch4-vlan40] quit
[Switch4] interface gigabitethernet 0/0/1
[Switch4-GigabitEthernet0/0/1] port link-type hybrid
[Switch4-GigabitEthernet0/0/1] port hybrid untagged vlan 40
[Switch4-GigabitEthernet0/0/1] qinq vlan-translation enable
[Switch4-GigabitEthernet0/0/1] port vlan-stacking vlan 30 stack-vlan 40
[Switch4-GigabitEthernet0/0/1] quit
[Switch4] interface gigabitethernet 0/0/2
[Switch4-GigabitEthernet0/0/2] port link-type trunk
[Switch4-GigabitEthernet0/0/2] port trunk allow-pass vlan 40
[Switch4-GigabitEthernet0/0/2] quit

Step 3 Configure 2:2 VLAN mapping on switches connected to the ISP network.

# Configure Switch2.
<HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2] interface gigabitethernet 0/0/1
[Switch2-GigabitEthernet0/0/1] port link-type hybrid
[Switch2-GigabitEthernet0/0/1] port hybrid tagged vlan 50
[Switch2-GigabitEthernet0/0/1] qinq vlan-translation enable
[Switch2-GigabitEthernet0/0/1] port vlan-mapping vlan 20 inner-vlan 10 map-vlan 50 map-inner-vlan
60

# Configure Switch3.
<HUAWEI> system-view
[HUAWEI] sysname Switch3
[Switch3] interface gigabitethernet 0/0/1
[Switch3-GigabitEthernet0/0/1] port link-type hybrid
[Switch3-GigabitEthernet0/0/1] port hybrid tagged vlan 50

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 606

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

[Switch3-GigabitEthernet0/0/1] qinq vlan-translation enable

[Switch3-GigabitEthernet0/0/1] port vlan-mapping vlan 40 inner-vlan 30 map-vlan 50 map-inner-vlan
60

Step 4 Verify the configuration.

Verify that users connected to Switch5 and users connected to Switch6 can
communicate with each other.

----End

Configuration Files
● Switch1 configuration file
#
sysname Switch1
#
vlan batch 20
#
interface GigabitEthernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid untagged vlan 20
port vlan-stacking vlan 10 stack-vlan 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
return

● Switch2 configuration file

#
sysname Switch2
#
interface GigabitEthernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid tagged vlan 50
port vlan-mapping vlan 20 inner-vlan 10 map-vlan 50 map-inner-vlan 60
#
return

● Switch3 configuration file

#
sysname Switch3
#
interface GigabitEthernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid tagged vlan 50
port vlan-mapping vlan 40 inner-vlan 30 map-vlan 50 map-inner-vlan 60
#
return

● Switch4 configuration file

#
sysname Switch4
#
vlan batch 40
#
interface GigabitEthernet0/0/1
port link-type hybrid
qinq vlan-translation enable
port hybrid untagged vlan 40
port vlan-stacking vlan 30 stack-vlan 40
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 607

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
return

● Switch5 configuration file

#
sysname Switch5
#
vlan batch 10
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
return

● Switch6 configuration file

#
sysname Switch6
#
vlan batch 30
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 30
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
return

11.9 Troubleshooting VLAN Mapping

11.9.1 Communication Failure After VLAN Mapping

Configuration
Fault Symptom
In Figure 11-9, users in VLAN 6 need to communicate with users in VLAN 5 over
an ISP network. The carrier assigns VLAN 10 as the S-VLAN. Single-tag VLAN
mapping is configured on GE 0/0/1 of SwitchC and SwitchD to map C-VLANs 5
and 6 to S-VLAN 10.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 608

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Figure 11-9 VLAN mapping networking diagram

ISP network
VLAN10
SwitchC SwitchD
GE0/0/1 GE0/0/1
SwitchA SwitchB
VLAN6 GE0/0/1 GE0/0/1 VLAN5
GE0/0/2 GE0/0/3 GE0/0/3
GE0/0/2

172.16.0.1/16 172.16.0.2/16 172.16.0.3/16 172.16.0.5/16 172.16.0.6/16 172.16.0.7/16

After VLAN mapping is configured on the interfaces, users in different VLANs

cannot communicate with each other. This fault is commonly caused by one of the
following:
● The translated VLAN (map-vlan) has not been created.
● The interfaces configured with VLAN mapping are not added to the translated
VLAN.
● The translated VLAN ID configured on SwitchC and SwitchD is different from
the S-VLAN ID assigned by the carrier.
● The interfaces configured with VLAN mapping are faulty.

Procedure
1. In the user view, run the display vlan command to verify that the translated
VLAN (map-vlan) is created.
– If the translated VLAN has not been created, run the vlan command to
create it.
– If the translated VLAN is created, go to the next step.
2. In the interface view, run the display this command to verify that the
interfaces configured with VLAN mapping have been added to the translated
VLAN in tagged mode.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 609

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

NOTE

● VLAN mapping can be configured only on a trunk or hybrid interface, and the hybrid
interface must be added to the translated VLAN in tagged mode.
● If a range of original VLANs is specified by vlan-id1 to vlan-id2 on an interface, the
interface must be added to all the original VLANs in tagged mode, and the translated
VLAN cannot have a VLANIF interface.
● Limiting MAC address learning on an interface may affect N:1 VLAN mapping on the
interface.
– If the interfaces configured with VLAN mapping have not been added to
the translated VLAN in tagged mode, run the port trunk allow-pass vlan
or port hybrid tagged vlan command in the interface view to add the
interfaces to the translated VLAN in tagged mode.
– If the interfaces have been added to the translated VLAN in tagged
mode, go to the next step.
3. In the interface view, run the display this command to verify that the
translated VLAN ID configured on the interface is the same as the S-VLAN ID
assigned by the carrier.
– If the translated VLAN ID on an interface is different from the S-VLAN ID
assigned by the carrier, run the undo port vlan-mapping command on
the interface to delete the VLAN mapping configuration, and run the
port vlan-mapping vlan command to set the translated VLAN ID to the
S-VLAN ID.
– If the translated VLAN ID is the same as the S-VLAN ID assigned by the
carrier, go to the next step.
4. In the user view, run the display vlan vlan-id command to verify that user-
side interfaces are added to C-VLANs.
If the user-side interfaces are not in the C-VLANs, run the port trunk allow-
pass vlan, port hybrid tagged vlan, or port default vlan command to add
the interfaces to the C-VLANs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 610

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

12 GVRP Configuration

About This Chapter

This chapter describes how to configure the Generic VLAN Registration Protocol
(GVRP).

12.1 Overview of GVRP

12.2 Understanding GVRP
12.3 Application Scenarios for GVRP
12.4 Licensing Requirements and Limitations for GVRP
12.5 Default Settings for GVRP
12.6 Configuring GVRP
12.7 Clearing GVRP Statistics
12.8 Example for Configuring GVRP
12.9 FAQ About GVRP

12.1 Overview of GVRP

Definition
The Generic Attribute Registration Protocol (GARP) provides a mechanism for
propagating attributes so that a protocol entity can register and deregister
attributes. By filling different attributes into GARP packets, GARP supports various
upper-layer applications.
The GARP VLAN Registration Protocol (GVRP) is used to register and deregister
VLAN attributes.
GARP identifies applications through destination MAC addresses. IEEE Std 802.1Q
assigns 01-80-C2-00-00-21 to the VLAN application (GVRP).

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 611

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

Purpose
To deploy a VLAN on all devices on a network, a network administrator must
manually create it on each device. In Figure 12-1, three routers are connected
through trunk links. VLAN 2 is configured on SwitchA, and VLAN 1 is configured
on SwitchB and SwitchC. To forward packets of VLAN 2 from SwitchA to SwitchC,
the network administrator must manually create VLAN 2 on SwitchB and SwitchC.

Figure 12-1 GVRP application

SwitchA SwitchC

SwitchB

When a network is complex and the network administrator is unfamiliar with the
network topology, or when many VLANs are configured on the network, the
manual configuration workload is enormous. In addition, configuration errors may
occur due to human error. GVRP can be configured on the network to implement
automatic registration of VLANs, reducing configuration workload and the
likelihood of configuration errors.

Benefits
GVRP is based on GARP. It dynamically maintains VLAN attributes on devices.
Using GVRP, VLAN attributes of one device can be propagated throughout the
entire switching network. GVRP enables network devices to dynamically deliver,
register, and propagate VLAN attributes, reducing the workload of the network
administrator and helping to ensure correct configuration.

12.2 Understanding GVRP

12.2.1 Basic Concepts of GVRP

Participant
On a device, each interface running a protocol is a participant. On a device
running GVRP, each GVRP-enabled interface is treated as a GVRP participant, as
shown in Figure 12-2.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 612

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

Figure 12-2 GVRP participant

GVRP应用实体

SwitchA SwitchC

SwitchB

VLAN Registration and Deregistration

GVRP implements automatic registration and deregistration of VLAN attributes.
The functions of VLAN registration and deregistration are:
● VLAN registration: adds interfaces to VLANs.
● VLAN deregistration: removes interfaces from VLANs.
GVRP registers and deregisters VLAN attributes through attribute declarations and
reclaim declarations as follows:
● When an interface receives a VLAN attribute declaration, it registers the VLAN
specified in the declaration. The interface is added to the VLAN.
● When an interface receives a VLAN attribute reclaim declaration, it deregisters
the VLAN specified in the declaration. The interface is removed from the
VLAN.
Interface register or deregister VLANs only when they receive GVRP messages.

Figure 12-3 VLAN registration and deregistration

Declaration Register

SwitchA Reclaim Deregister SwitchB

declaration

GARP Messages
GARP participants exchange VLAN information through GARP messages. Major
GARP messages are Join messages, Leave messages, and LeaveAll messages.
● Join message
When a GARP participant expects other devices to register its attributes, it
sends Join messages to other devices. When the GARP participant receives a

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 613

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

Join message from another participant or when it is configured with attributes

statically, it also sends Join messages to other devices for the devices to
register the new attributes.
Join messages are classified into two types:
– JoinEmpty message: declares an unregistered attribute.
– JoinIn message: declares a registered attribute.
● Leave message
When a GARP participant expects other devices to deregister its attributes, it
sends Leave messages to other devices. When the GARP participant receives a
Leave message from another participant or when some of its attributes are
deregistered statically, it also sends Leave messages to other devices.
Leave messages are classified into two types:
– LeaveEmpty message: deregisters an unregistered attribute.
– LeaveIn message: deregisters a registered attribute.
● LeaveAll message
When a participant starts, it starts the LeaveAll timer. When the LeaveAll
timer expires, the participant sends LeaveAll messages to other devices.
A participant sends LeaveAll messages to deregister all attributes so that
other participants can re-register attributes of the local participant. LeaveAll
messages are used to periodically delete useless attributes on the network.
For example, an attribute of a participant is deleted. Due to a sudden power
failure, the participant does not send Leave messages to request other
participants to deregister the attribute. In this case, the attribute becomes
useless, necessitating the use of a LeaveAll message.

GARP Timers
GARP defines four timers:
● Join timer
The Join timer controls the sending of Join messages including JoinIn
messages and JoinEmpty messages.
After sending the first Join message, a participant starts the Join timer. If the
participant receives a JoinIn message before the Join timer expires, it does not
send a second Join message. If the participant does not receive any JoinIn
message, it sends a second Join message when the Join timer expires. This
ensures that Join messages can be sent to other participants. Each interface
maintains an independent Join timer.
● Hold timer
The Hold timer controls the sending of Join messages (JoinIn messages and
JoinEmpty messages) and Leave messages (LeaveIn messages and
LeaveEmpty messages).
After a participant is configured with an attribute or receives a message, it
sends the message to other participants only after the Hold timer expires. The
participant encapsulates messages received within the hold time into a
minimum number of packets, reducing the number of packets sent to other
participants. If the participant does not use the Hold timer but forwards a
message immediately after receiving it, a large number of packets are

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 614

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

transmitted on the network. This makes the network unstable and wastes
data fields of packets.
Each interface maintains an independent Hold timer. The Hold timer value
must be equal to or smaller than half of the Join timer value.
● Leave timer
The Leave timer controls attribute deregistration.
A participant starts the Leave timer after receiving a Leave or LeaveAll
message. If the participant does not receive any Join message of the
corresponding attribute before the Leave timer expires, the participant
deregisters the attribute.
A participant sends a Leave message if one of its attributes is deleted, but the
attribute may still exist on other participants. Therefore, the participant
receiving the Leave message cannot deregister the attribute immediately; it
must wait for messages from other participants.
For example, an attribute has two sources on the network: participant A and
participant B. Other participants register the attribute through GARP. If the
attribute is deleted from participant A, participant A sends a Leave message
to other participants. After receiving the Leave message, participant B sends a
Join message to other participants because the attribute still exists on
participant B. After receiving the Join message from participant B, other
participants retain the attribute. Other participants deregister the attribute
only if they do not receive any Join message of the attribute within a period
longer than two times the Join timer value. Therefore, the Leave timer value
must be greater than two times the Join timer value.
Each interface maintains an independent Leave timer.
● LeaveAll timer
When a GARP participant starts, it starts the LeaveAll timer. When the
LeaveAll timer expires, the participant sends a LeaveAll message and restarts
the LeaveAll timer.
After receiving a LeaveAll message, a participant restarts all GARP timers.
When its LeaveAll timer expires, the participant sends another LeaveAll
message. This reduces the number of LeaveAll messages sent within a period
of time.
If the LeaveAll timers of multiple devices expire simultaneously, they send
LeaveAll messages simultaneously, leading to an unnecessary generation of
LeaveAll messages. To solve this problem, each device uses a random value
between the LeaveAll timer value and 1.5 times the LeaveAll timer value as
its LeaveAll timer value. When a LeaveAll event occurs, all attributes on the
entire network are deregistered. The LeaveAll event affects the entire
network; therefore, the LeaveAll timer must be set to a value which is greater
than the Leave timer value.
Each device maintains a global LeaveAll timer.

Registration Modes
A manually configured VLAN is a static VLAN, and a VLAN created through GVRP
is a dynamic VLAN. GVRP provides three registration modes. Static VLANs and
dynamic VLANs are processed differently in each registration mode:
● In normal mode, dynamic VLANs can be registered on interfaces, and
interfaces can send declarations of static VLANs and dynamic VLANs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 615

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

● In fixed mode, dynamic VLANs cannot be registered on interfaces, and

interfaces can send only declarations of static VLANs.
● In forbidden mode, dynamic VLANs cannot be registered on interfaces. All
VLANs except VLAN 1 are deleted from interfaces, and interfaces can send
only the declaration of VLAN 1.

12.2.2 Packet Format

GARP packets are encapsulated in the IEEE 802.3 Ethernet format, as shown in
Figure 12-4.

Figure 12-4 GARP packet format

DA SA length DSAP SSAP Ctrl PDU Ethernet Frame

1 3 N

Protocol ID Message 1 … Message N End Mark GARP PDU structure

1 2 N

Attribute Type Attribute List Message structure

1 N

Attribute 1 … Attribute N End Mark Attribute List structure

1 2 3 N

Attribute Length Attribute Event Attribute Value Attribute structure

The following table describes the fields in a GARP packet.

Field Description Value

Protocol ID Indicates the protocol ID. 1

Message Indicates the messages -

in the packet. Each
message consists of the
Attribute Type and
Attribute List fields.

Attribute Type Indicates an attribute 0x01 for GVRP, indicating

type, which is defined by that the attribute value
the GARP application. is a VLAN ID

Attribute List Indicates the attribute -

list of a message, which
consists of multiple
attributes.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 616

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

Field Description Value

Attribute Indicates an attribute, -

which consists of the
Attribute Length,
Attribute Event, and
Attribute Value fields.

Attribute Length Indicates the length of 2 to 255, in bytes

an attribute.

Attribute Event Indicates the event that ● 0: LeaveAll Event

an attribute describes. ● 1: JoinEmpty Event
● 2: JoinIn Event
● 3: LeaveEmpty Event
● 4: LeaveIn Event
● 5: Empty Event

Attribute Value Indicates the value of an VLAN ID for GVRP

attribute. This field is invalid in a
LeaveAll attribute.

End Mark Indicates the end of a 0x00

GARP PDU.

12.2.3 Working Mechanism

This section describes the working procedure of GVRP by using an example. This
example illustrates how a VLAN attribute is registered and deregistered on a
network in four phases.

One-Way Registration

Figure 12-5 One-way registration of a VLAN attribute

SwitchA SwitchC
Static vlan 2
Port 4
Port 1 JoinEmpty
JoinEmpty

Port 2 Port 3

SwitchB

Static VLAN 2 is created on SwitchA. Ports on SwitchB and SwitchC can join VLAN
2 automatically through one-way registration. The process is as follows:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 617

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

1. After VLAN 2 is created on SwitchA, Port 1 of SwitchA starts the Join timer
and Hold timer. When the Hold timer expires, Port 1 sends the first JoinEmpty
message to SwitchB. When the Join timer expires, Port 1 restarts the Hold
timer. When the Hold timer expires again, Port 1 sends the second JoinEmpty
message.
2. After Port 2 of SwitchB receives the first JoinEmpty message, SwitchB creates
dynamic VLAN 2 and adds Port 2 to VLAN 2. In addition, SwitchB requests
Port 3 to start the Join timer and Hold timer. When the Hold timer expires,
Port 3 sends the first JoinEmpty message to SwitchC. When the Join timer
expires, Port 3 restarts the Hold timer. When the Hold timer expires again,
Port 3 sends the second JoinEmpty message. After Port 2 receives the second
JoinEmpty message, SwitchB does not take any action because Port 2 has
been added to VLAN 2.
3. After Port 4 of SwitchC receives the first JoinEmpty message, SwitchC creates
dynamic VLAN 2 and adds Port 4 to VLAN 2. After Port 4 receives the second
JoinEmpty message, SwitchC does not take any action because Port 4 has
been added to VLAN 2.
4. Every time the LeaveAll timer expires or a LeaveAll message is received, each
switch restarts the LeaveAll, Join, Hold, and Leave timers. Port 1 then repeats
step 1 and sends JoinEmpty messages. In the same way, Port 3 of SwitchB
sends JoinEmpty messages to SwitchC.

Two-Way Registration

Figure 12-6 Two-way registration of a VLAN attribute

SwitchA SwitchC

Static vlan 2 Static vlan 2

Port 4
JoinEmpty
Port 1 JoinIn
JoinIn
JoinEmpty
JoinIn
JoinIn
Port 2 Port 3

SwitchB

After one-way registration is complete, Port 1, Port 2, and Port 4 are added to
VLAN 2 but Port 3 is not added to VLAN 2 because only interfaces receiving a
JoinEmpty or JoinIn message can be added to dynamic VLANs. To transmit traffic
of VLAN 2 in both directions, VLAN registration from SwitchC to SwitchA is
required. The process is as follows:
1. After one-way registration is complete, static VLAN 2 is created on SwitchC
(the dynamic VLAN is replaced by the static VLAN). Port 4 of SwitchC starts
the Join timer and Hold timer. When the Hold timer expires, Port 4 sends the
first JoinIn message (because it has registered VLAN 2) to SwitchB. When the
Join timer expires, Port 4 restarts the Hold timer. When the Hold timer
expires, Port 4 sends the second JoinIn message.
2. After Port 3 of SwitchB receives the first JoinIn message, SwitchB adds Port 3
to VLAN 2 and requests Port 2 to start the Join timer and Hold timer. When

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 618

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

the Hold timer expires, Port 2 sends the first JoinIn message to SwitchA. When
the Join timer expires, Port 2 restarts the Hold timer. When the Hold timer
expires again, Port 2 sends the second JoinIn message. After Port 3 receives
the second JoinIn message, SwitchB does not take any action because Port 3
has been added to VLAN 2.
3. When SwitchA receives the JoinIn message, it stops sending JoinEmpty
messages to SwitchB. Every time the LeaveAll timer expires or a LeaveAll
message is received, each switch restarts the LeaveAll timer, Join timer, Hold
timer, and Leave timer. Port 1 of SwitchA sends a JoinIn message to SwitchB
when the Hold timer expires.
4. SwitchB sends a JoinIn message to SwitchC.
5. After receiving the JoinIn message, SwitchC does not create dynamic VLAN 2
because static VLAN 2 has been created.

One-Way Deregistration

Figure 12-7 One-way deregistration of a VLAN attribute

SwitchA SwitchC
Static vlan 2
LeaveEmpty Port 4
Port 1

LeaveIn
Port 2 Port 3

SwitchB

When VLAN 2 is not required on the switches, the switches can deregister VLAN 2.
The process is as follows:
1. After static VLAN 2 is manually deleted from SwitchA, Port 1 of SwitchA starts
the Hold timer. When the Hold timer expires, Port 1 sends a LeaveEmpty
message to SwitchB. Port 1 needs to send only one LeaveEmpty message.
2. After Port 2 of SwitchB receives the LeaveEmpty message, it starts the Leave
timer. When the Leave timer expires, Port 2 deregisters VLAN 2. Then Port 2 is
deleted from VLAN 2, but VLAN 2 is not deleted from SwitchB because Port 3
is still in VLAN 2. At this time, SwitchB requests Port 3 to start the Hold timer
and Leave timer. When the Hold timer expires, Port 3 sends a LeaveIn
message to SwitchC. Static VLAN 2 is not deleted from SwitchC; therefore,
Port 3 can receive the JoinIn message sent from Port 4 after the Leave timer
expires. In this case, SwitchA and SwitchB can still learn dynamic VLAN 2.
3. After SwitchC receives the LeaveIn message, Port 4 is not deleted from VLAN
2 because VLAN 2 is a static VLAN on SwitchC.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 619

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

Two-Way Deregistration

Figure 12-8 Two-way deregistration of a VLAN attribute

SwitchA SwitchC

LeaveEmpty Port 4
LeaveEmpty
Port 1

LeaveEmpty LeaveIn

Port 2 Port 3

SwitchB

To delete VLAN 2 from all the switches, two-way deregistration is required. The
process is as follows:
1. After static VLAN 2 is manually deleted from SwitchC, Port 4 of SwitchC starts
the Hold timer. When the Hold timer expires, Port 4 sends a LeaveEmpty
message to SwitchB.
2. After Port 3 of SwitchB receives the LeaveEmpty message, it starts the Leave
timer. When the Leave timer expires, Port 3 deregisters VLAN 2. Then Port 3 is
deleted from dynamic VLAN 2, and dynamic VLAN 2 is deleted from SwitchB.
At this time, SwitchB requests Port 2 to start the Hold timer. When the Hold
timer expires, Port 2 sends a LeaveEmpty message to SwitchA.
3. After Port 1 of SwitchA receives the LeaveEmpty message, it starts the Leave
timer. When the Leave timer expires, Port 1 deregisters VLAN 2. Then Port 1 is
deleted from dynamic VLAN 2, and dynamic VLAN 2 is deleted from SwitchA.

12.3 Application Scenarios for GVRP

GVRP enables routers on a network to dynamically maintain and update VLAN
information. With GVRP, you can adjust the VLAN deployment on the entire
network by configuring only a few devices. Analyzing the topology and managing
configurations are not necessary. In Figure 12-9, GVRP is enabled on all devices.
Devices are interconnected through trunk interfaces and each trunk interface
allows packets of all VLANs to pass. Using GVRP, you simply need to configure
static VLANs 100 to 1000 on SwitchA and SwitchC. Other devices can then learn
VLANs 100 to 1000 using GVRP.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 620

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

Figure 12-9 Typical application of GVRP

SwitchB

SwitchA SwitchC
VLAN 100~1000 VLAN 100~1000

12.4 Licensing Requirements and Limitations for GVRP

Involved Network Elements

Other network elements are not required.

Licensing Requirements
GVRP configuration commands are available only after the S1720GW, S1720GWR,
and S1720X have the license (WEB management to full management Electronic
RTU License) loaded and activated and the switches are restarted. GVRP
configuration commands on other models are not under license control.

For details about how to apply for a license, see S Series Switch License Use
Guide.

Version Requirements

Table 12-1 Products and versions supporting GVRP

Product Product Software Version

Model

S1700 S1720GFR V200R006C10, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S1720GW, V200R010C00, V200R011C00, V200R011C10

S1720GWR

S1720GW- V200R010C00, V200R011C00, V200R011C10

E,
S1720GWR
-E

S1720X, V200R011C00, V200R011C10

S1720X-E

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 621

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

Product Product Software Version

Model

Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.

S2700 S2700SI Not supported

S2700EI V100R005C01, V100R006(C00&C01&C03&C05)

S2710SI Not supported

S2720EI V200R006C10, V200R009C00, V200R010C00,

V200R011C10

S2750EI V200R003C00, V200R005C00SPC300, V200R006C00,

V200R007C00, V200R008C00, V200R009C00,
V200R010C00, V200R011C00, V200R011C10

S3700 S3700SI V100R005C01, V100R006(C00&C01&C03&C05)

S3700EI V100R005C01, V100R006(C00&C01&C03&C05)

S3700HI V100R006C01, V200R001C00

S5700 S5700LI V200R001C00, V200R002C00,

V200R003(C00&C02&C10), V200R005C00SPC300,
V200R006C00, V200R007C00, V200R008C00,
V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5700S-LI V200R001C00, V200R002C00, V200R003C00,

V200R005C00SPC300, V200R006C00, V200R007C00,
V200R008C00, V200R009C00, V200R010C00,
V200R011C00, V200R011C10

S5710-C-LI V200R001C00

S5710-X-LI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S5700EI V100R005C01, V100R006(C00&C01),

V200R001(C00&C01), V200R002C00, V200R003C00,
V200R005(C00&C01&C02&C03)

S5700SI V100R005C01, V100R006C00, V200R001C00,

V200R002C00, V200R003C00, V200R005C00

S5710EI V200R001C00, V200R002C00, V200R003C00,

V200R005(C00&C02)

S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10

S5720LI, V200R010C00, V200R011C00, V200R011C10

S5720S-LI

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 622

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

Product Product Software Version

Model

S5720SI, V200R008C00, V200R009C00, V200R010C00,

S5720S-SI V200R011C00, V200R011C10

S5700HI V100R006C01, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00SPC500&C01&C02)

S5710HI V200R003C00, V200R005(C00&C02&C03)

S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5730SI V200R011C10

S5730S-EI V200R011C10

S6700 S6700EI V100R006C00, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00&C01&C02)

S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, V200R011C00, V200R011C10

S6720S-LI

S6720SI, V200R011C00, V200R011C10

S6720S-SI

NOTE
To know details about software mappings, see Hardware Query Tool.

Feature Limitations
● When many dynamic VLANs need to be registered or the network radius is
large, using default values of timers may cause VLAN flapping and high CPU
usage. In this case, increase values of the timers. The following values are
recommended depending on the number of VLANs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 623

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

Table 12-2 Relationship between GARP timer values and number of dynamic
VLANs that need to be registered

Number of Dynamic VLANs to Be Registered (N)

Timer N ≤ 500 500 < N ≤ 1000 < N ≤ N > 1500
1000 1500

GARP Hold 100 200 800 1000

timer centiseconds centiseconds centiseconds centiseconds
(1 second) (2 seconds) (8 seconds) (10 seconds)

GARP Join 600 1200 4000 6000

timer centiseconds centiseconds centiseconds centiseconds
(6 seconds) (12 seconds) (40 seconds) (1 minute)

GARP Leave 3000 6000 20000 30000

timer centiseconds centiseconds centiseconds centiseconds
(30 seconds) (1 minute) (3 minutes (5 minutes)
and 20
seconds)

GARP 12000 24000 30000 32765

LeaveAll centiseconds centiseconds centiseconds centiseconds
timer (2 minutes) (4 minutes) (5 minutes) (5 minutes
and 27.65
seconds)

● The blocked port in instance 0 of STP/RSTP/MSTP can block GVRP packets;

the blocked ports of other MSTIs and other ring network protocols such as
ERPS, SEP, RRPP, Smart Link, and VBST cannot block GVRP packets. To ensure
that GVRP runs normally and prevent GVRP loops, do not enable GVRP on the
blocked port of a ring network protocol.
● The blocked ports of LBDT cannot block GVRP packets. To ensure that GVRP
runs normally and prevent GVRP loops, do not enable GVRP on the blocked
port of LBDT.

12.5 Default Settings for GVRP

Parameter Default Setting

GVRP function Disabled globally and on interfaces

Registration mode of the Normal

GVRP interface

LeaveAll timer 1000 centiseconds

Hold timer 10 centiseconds

Join timer 20 centiseconds

Leave timer 60 centiseconds

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 624

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

12.6 Configuring GVRP

12.6.1 Enabling GVRP

Context
Before enabling GVRP on an interface, you must enable GVRP globally. GVRP can
be enabled only on trunk interfaces. You must perform related configurations to
ensure that all dynamically registered VLANs can pass the trunk interfaces.

NOTE

If the VCMP role is the client or server, GVRP cannot be enabled. In this case, run the vcmp role
command to configure the VCMP role as silent or transparent. If GVRP has been enabled, do
not switch the VCMP role to client or server.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run gvrp
GVRP is enabled globally.
Step 3 Run interface interface-type interface-number
The interface view is displayed.
Step 4 Run port link-type trunk
The link type of the interface is set to trunk.
Step 5 Run port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }
The interface is added to the specified VLANs.
Step 6 Run gvrp
GVRP is enabled on the interface.
By default, GVRP is disabled globally and on each interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 625

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

NOTE

● VLAN configuration will trigger GVRP messages. If too many VLANs are configured, you
are advised to configure VLANs on devices one by one and configure the timer.
Otherwise, dynamic VLANs may flap.
● When many dynamically registered VLANs such as 4094 VLANs are configured, run the
car packet-type gvrp cir cir-value command to increase the CPCAR value. To prevent a
high load on the CPU, the CPCAR cannot be increased infinitely. If the CPCAR values are
adjusted improperly, network services are affected. To adjust the CPCAR values, contact
technical support personnel.
● If an interface is changed to another link type, such as access, hybrid, negotiation-
desirable, or negotiation-auto, the GVRP configuration on the interface is automatically
deleted.
● The blocked interface in instance 0 of STP/RSTP/MSTP can block GVRP packets. The
blocked interfaces of other MSTIs and other ring network protocols such as ERPS, SEP,
RRPP, Smart Link, and VBST cannot block GVRP packets. To ensure that GVRP runs
normally and to prevent GVRP loops, do not enable GVRP on the blocked interface of a
ring network protocol.
● The blocked ports of LBDT cannot block GVRP packets. To ensure that GVRP runs
normally and prevent GVRP loops, do not enable GVRP on the blocked port of LBDT.

----End

12.6.2 (Optional) Setting the Registration Mode for a GVRP

Interface

Context
A GVRP interface supports three registration modes:
● Normal: In this mode, the GVRP interface can dynamically register and
deregister VLANs, as well as transmit dynamic VLAN registration information
and static VLAN registration information.
● Fixed: In this mode, the GVRP interface is disabled from dynamically
registering and deregistering VLANs and can only transmit the static VLAN
registration information. If the registration mode is set to fixed for a trunk
interface, the interface allows only the manually configured VLANs to pass,
even if the interface is configured to allow all the VLANs to pass.
● Forbidden: In this mode, the GVRP interface is disabled from dynamically
registering and deregistering VLANs and can transmit only information about
VLAN 1. If the registration mode is set to forbidden for a trunk interface, the
interface allows only VLAN 1 to pass even if the interface is configured to
allow all the VLANs to pass.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The interface view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 626

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

Step 3 Run gvrp registration { fixed | forbidden | normal }

The registration mode is set for the interface.
By default, the registration mode of a GVRP interface is normal.

NOTE

Before setting the registration mode for an interface, enable GVRP on the interface.

----End

12.6.3 (Optional) Setting GARP Timers

Context
When a GARP participant is enabled, the LeaveAll timer starts. When the LeaveAll
timer expires, the GARP participant sends LeaveAll messages to request that other
GARP participants re-register all of their attributes. The LeaveAll timer then
restarts.
Devices on a network may have different LeaveAll timer settings. In this case, all
the devices use the smallest LeaveAll timer value on the network. When the
LeaveAll timer of a device expires, the device sends LeaveAll messages to other
devices. After other devices receive the LeaveAll messages, they reset their
LeaveAll timers. Therefore, only the LeaveAll timer with the smallest value takes
effect, even if devices have different LeaveAll timer settings.
When using the garp timer command to set GARP timers, pay attention to the
following points:
● The undo garp timer command restores the default values of GARP timers. If
the default value of a timer is out of the valid range, the undo garp timer
command does not take effect.
● The value range of each timer changes along with the values of the other
timers. If a value you set for a timer is not in the allowed range, you can
change the value of the timer that determines the value range of this timer.
● To restore the default values of all the GARP timers, restore the Hold timer to
the default value, and then sequentially restore the Join timer, Leave timer,
and LeaveAll timer to the default values.
When many dynamic VLANs need to be registered or the network radius is large,
using default values of timers may cause VLAN flapping and high CPU usage. In
this case, increase values of the timers. The following values are recommended
depending on the number of VLANs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 627

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

Table 12-3 Relationship between GARP timer values and number of dynamic
VLANs that need to be registered

Number of Dynamic VLANs to Be Registered (N)

Timer N ≤ 500 500 < N ≤ 1000 < N ≤ N > 1500
1000 1500

GARP Hold 100 200 800 1000

timer centiseconds centiseconds centiseconds centiseconds
(1 second) (2 seconds) (8 seconds) (10 seconds)

GARP Join 600 1200 4000 6000

timer centiseconds centiseconds centiseconds centiseconds
(6 seconds) (12 seconds) (40 seconds) (1 minute)

GARP Leave 3000 6000 20000 30000

timer centiseconds centiseconds centiseconds centiseconds
(30 seconds) (1 minute) (3 minutes (5 minutes)
and 20
seconds)

GARP 12000 24000 30000 32765

LeaveAll centiseconds centiseconds centiseconds centiseconds
timer (2 minutes) (4 minutes) (5 minutes) (5 minutes
and 27.65
seconds)

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run garp timer leaveall timer-value

The value of the LeaveAll timer is set.

The default value of the LeaveAll timer is 1000 centiseconds (10 seconds).

The Leave timer length on an interface is restricted by the global LeaveAll timer
length. When configuring the global LeaveAll timer, ensure that all the interfaces
configured with a GARP Leave timer are working properly.

Step 3 Run interface interface-type interface-number

The interface view is displayed.

Step 4 Run garp timer { hold | join | leave } timer-value

The value of the Hold timer, Join timer, or Leave timer is set.

By default, the value of the Hold timer is 10 centiseconds, the value of the Join
timer is 20 centiseconds, and the value of the Leave timer is 60 centiseconds.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 628

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

12.6.4 Verifying the GVRP Configuration

Procedure
● Run the display gvrp status command to view the status of global GVRP.
● Run the display gvrp statistics [ interface { interface-type interface-number
[ to interface-type interface-number ] }&<1-10> ] command to view the
GVRP statistics on an interface.
● Run the display garp timer [ interface { interface-type interface-number [ to
interface-type interface-number ] }&<1-10> ] command to view the values of
the GARP timers.
----End

12.7 Clearing GVRP Statistics

Context

NOTICE

Cleared GVRP statistics cannot be restored. Exercise caution when you run this
command.

Procedure
Step 1 Run the reset garp statistics [ interface { interface-type interface-number [ to
interface-type interface-number ] }&<1-10> ] command in the user view to clear
GARP statistics on the specified interfaces.

----End

12.8 Example for Configuring GVRP

Networking Requirements
In Figure 12-10, company A's headquarters, a branch of company A, and company
B are connected using switches. GVRP is enabled to implement dynamic VLAN
registration.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 629

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

Figure 12-10 Configuring GVRP

SwitchB
GE0/0/1 GE0/0/2
GE0/0/1 GE0/0/1 SwitchC
SwitchA
Company A
GE0/0/2 GE0/0/2

Branch of
Company B
company A

The branch of Company A can communicate with Company A's headquarters

using SwitchA and SwitchB. Company B can communicate with company A's
headquarters using SwitchB and SwitchC. Interfaces connected to company A
allow only the VLAN to which Company B belongs to pass.

Configuration Roadmap
The configuration roadmap is as follows:

1. Enable GVRP to implement dynamic VLAN registration.

2. Configure GVRP on all switches of company A and set the registration mode
of the interfaces to normal to simplify configurations.
3. Configure GVRP on all switches of company A and set the registration mode
to fixed for the interfaces connecting to company A to allow only the VLAN to
which company B belongs to pass.

NOTE

Before enabling GVRP, you must configure the VCMP role as transparent or silent.

Procedure
Step 1 Configure SwitchA.

# Enable GVRP globally.

<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vcmp role silent
[SwitchA] gvrp

# Set the link type of GE 0/0/1 and GE 0/0/2 to trunk and configure the interfaces
to allow all VLANs to pass through.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan all
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 630

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan all

[SwitchA-GigabitEthernet0/0/2] quit

# Enable GVRP and set the registration mode on the interfaces.

[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] gvrp
[SwitchA-GigabitEthernet0/0/1] gvrp registration normal
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] gvrp
[SwitchA-GigabitEthernet0/0/2] gvrp registration normal
[SwitchA-GigabitEthernet0/0/2] quit

The configuration of SwitchB is similar to the configuration of SwitchA, and is not

mentioned here.
Step 2 Configure SwitchB.
# Enable GVRP globally.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vcmp role silent
[SwitchB] gvrp

# Set the link type of GE 0/0/1 and GE 0/0/2 to trunk and configure the interfaces
to allow all VLANs to pass through.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type trunk
[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan all
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type trunk
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan all
[SwitchB-GigabitEthernet0/0/2] quit

# Enable GVRP and set the registration mode on the interfaces.

[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] gvrp
[SwitchB-GigabitEthernet0/0/1] gvrp registration normal
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] gvrp
[SwitchB-GigabitEthernet0/0/2] gvrp registration normal
[SwitchB-GigabitEthernet0/0/2] quit

Step 3 Configure SwitchC.

# Create VLAN 101 to VLAN 200.
<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] vlan batch 101 to 200

# Enable GVRP globally.

[SwitchC] vcmp role silent
[SwitchC] gvrp

# Set the link type of GE 0/0/1 and GE 0/0/2 to trunk and configure the interfaces
to allow all VLANs to pass through.
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] port link-type trunk
[SwitchC-GigabitEthernet0/0/1] port trunk allow-pass vlan all
[SwitchC-GigabitEthernet0/0/1] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 631

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

[SwitchC] interface gigabitethernet 0/0/2

[SwitchC-GigabitEthernet0/0/2] port link-type trunk
[SwitchC-GigabitEthernet0/0/2] port trunk allow-pass vlan all
[SwitchC-GigabitEthernet0/0/2] quit

# Enable GVRP and set the registration mode on the interfaces.

[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] gvrp
[SwitchC-GigabitEthernet0/0/1] gvrp registration fixed
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] gvrp
[SwitchC-GigabitEthernet0/0/2] gvrp registration normal
[SwitchC-GigabitEthernet0/0/2] quit

Step 4 Verify the configuration.

After the configuration is complete, the branch of Company A can communicate
with the headquarters, and users of Company A in VLAN 101 to VLAN 200 can
communicate with users in Company B.
Run the display gvrp statistics command on SwitchA to view GVRP statistics on
GVRP interfaces, including the GVRP state of each interface, number of GVRP
registration failures, source MAC address of the last GVRP PDU, and registration
mode of each interface.
[SwitchA] display gvrp statistics

GVRP statistics on port GigabitEthernet0/0/1

GVRP status : Enabled
GVRP registrations failed :0
GVRP last PDU origin : 0000-0000-0000
GVRP registration type : Normal

GVRP statistics on port GigabitEthernet0/0/2

GVRP status : Enabled
GVRP registrations failed :0
GVRP last PDU origin : 0000-0000-0000
GVRP registration type : Normal
Info: GVRP is disabled on one or multiple ports.

Verify the configurations of SwitchB and SwitchC in the same way.

----End

Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vcmp role silent
#
gvrp
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
#
return

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 632

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

● SwitchB configuration file

#
sysname SwitchB
#
vcmp role silent
#
gvrp
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
#
return

● SwitchC configuration file

#
sysname SwitchC
#
vcmp role silent
#
vlan batch 101 to 200
#
gvrp
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
gvrp registration fixed
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
#
return

12.9 FAQ About GVRP

12.9.1 Why Is the CPU Usage High When VLANs Are Created
or Deleted Through GVRP in Default Configuration?

The switch supports VLAN configuration on devices at both ends. When GVRP is
enabled on the network, it advertises information about dynamic VLANs in two
directions. Then the intermediate devices dynamically create and delete VLANs
based on the information. Dynamic maintenance of VLANs can greatly reduce
manual configurations.

The maximum 4 K dynamic VLANs are frequently created and deleted, which
triggers larger amount of packet communication. Receiving packets and delivering
dynamic VLANs occupy large amount of CPU resources.

In actual networking, you need to adjust GARP timers to the recommended values.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 633

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 12 GVRP Configuration

NOTE
The recommended values of the GARP timers are as follows:
GARP Hold timer: 100 centiseconds (1 second)
GARP Join timer: 600 centiseconds (6 seconds)
GARP Leave timer: 3000 centiseconds (30 seconds)
GARP LeaveAll timer: 12,000 centiseconds (2 minutes)
When more than 100 dynamic VLANs are created, use the preceding recommended values.
When the number of dynamic VLANs increases, lengths of the GARP timers need to be
increased.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 634

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

13 VCMP Configuration

About This Chapter

This chapter describes how to configure the VLAN Central Management Protocol
(VCMP). VCMP allows VLAN creation and deletion on a switch to be synchronized
to other specified switches on a Layer 2 network, implementing centralized VLAN
management and maintenance and reducing network maintenance workload.

13.1 Overview of VCMP

13.2 Understanding VCMP
13.3 Application Scenarios for VCMP
13.4 Licensing Requirements and Limitations for VCMP
13.5 Default Settings for VCMP
13.6 Configuring VCMP
13.7 Maintaining VCMP
13.8 Example for Configuring VCMP to Implement Centralized VLAN Management

13.1 Overview of VCMP

Definition
The Virtual Local Area Network Central Management Protocol (VCMP), a Layer 2
protocol in the Open System Interconnection (OSI) model, transmits VLAN
information and ensures consistent VLAN information on the Layer 2 network.

Purpose
In most cases, switches on an enterprise network need to synchronize VLAN
information with each other to ensure that they can correctly forward data. On a
small-scale enterprise network, the network administrator can log in to each

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 635

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

switch to configure and maintain VLANs. On a large-scale enterprise network, a

lot of switches are deployed, so a large amount of VLAN information needs to be
configured and maintained. If the network administrator manually configures and
maintains all VLANs, the workload is heavy and VLAN information may be
inconsistent.
VCMP is used to implement centralized VLAN management. The network
administrator needs to create and delete VLAN information only on a switch. The
changes on the switch are automatically synchronized to other switches in a
specified scope so that no manual operation is required on these switches. In this
way, the configuration workload is reduced and VLAN information consistency is
ensured.

NOTE

● VCMP can only help the network administrator synchronize VLAN information but not
dynamically assign VLANs. VCMP is often used with Link-type Negotiation Protocol
(LNP) to simplify user configurations. For details about LNP, see 5.2.5 LNP.
● Generic VLAN Registration Protocol (GVRP) can reduce VLAN configurations and
dynamically assign interfaces to VLANs. GVRP creates dynamic VLANs, but VCMP
creates static VLANs.

Benefits to Customers
VCMP configured on a switch of a Layer 2 network brings in the following
benefits:
● Implements centralized VLAN management and maintenance, and reduces
the network maintenance workload.
● Implements the plug-and-play function of access switches.

13.2 Understanding VCMP

13.2.1 Basic Concepts of VCMP

VCMP uses a VCMP domain to manage switches and determine attributes of
switches in the VCMP domain based on roles. VCMP defines four roles: server,
client, transparent, and silent. Figure 13-1 shows VCMP domains and roles in the
VCMP domains.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 636

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

Figure 13-1 VCMP domains and roles

Server
VCMP VCMP
domain 1 domain 2

Transparent Silent Switch

Layer 2
network
Client Client Client

VCMP Domain
As shown in Figure 13-1, a VCMP domain is composed of switches that have the
same VCMP domain name and are connected through trunk or hybrid interfaces.
All switches in the VCMP domain must use the same domain name, and each
switch can join only one VCMP domain. Switches in different VCMP domains
cannot synchronize VLAN information.
A VCMP domain specifies the scope for the administrative switch and managed
switches. Switches in a VCMP domain are managed by the administrative switch.
There is only one administrative switch and multiple managed switches in a VCMP
domain.

VCMP Roles
VCMP determines attributes of switches based on VCMP roles. Table 13-1
describes VCMP roles.

Table 13-1 VCMP roles

VCMP Function Remarks
Role

Server The VCMP server synchronizes VLAN information created and

VLAN information to other deleted on the VCMP server is
switches in the local VCMP broadcast in a VCMP domain.
domain.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 637

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

VCMP Function Remarks

Role

Client A VCMP client belongs to a VLAN information created and

specified VCMP domain and deleted on a VCMP client is not
synchronizes VLAN information broadcast in a VCMP domain,
with the VCMP server. but is overwritten by VLAN
information sent by the VCMP
server.

Transpare A VCMP transparent switch does A VCMP transparent switch

nt not affect other switches in the transparently forwards VCMP
local VCMP domain and is not packets to only trunk or hybrid
affected by VCMP management links.
behaviors such as VLAN creation VLAN information created and
and deletion. deleted on a VCMP transparent
switch is not affected by the
VCMP server and is not
broadcast in a VCMP domain.
In this way, some switches that
do not need to be managed by
VCMP can forward VCMP
packets.

Silent Deployed at the edge of a A VCMP silent switch directly

VCMP domain, a VCMP silent discards received VCMP packets.
switch does not affect other VLAN information created and
switches in the local VCMP deleted on a VCMP silent switch
domain and is not affected by is not affected by the VCMP
VCMP management behaviors. server and is not broadcast in a
The VCMP silent switch prevents VCMP domain.
VCMP packets in a VCMP
domain from being transmitted
to other VCMP domains.

NOTE

● VCMP transparent and silent switches do not belong to any VCMP domain.
● If an edge switch in a VCMP domain needs to be managed, configure the edge switch as
a VCMP client. To prevent VCMP packets in the local VCMP domain from being
transmitted to other VCMP domains, disable VCMP on the edge switch interface
connected to other VCMP domains.

13.2.2 VCMP Implementation

VCMP enables switches of different roles to exchange VCMP packets to implement
centralized VLAN management. VCMP packets can be only transmitted in VLAN 1
on trunk or hybrid interfaces. To retain the same VLAN information on the VCMP
server and clients, VCMP defines two types of multicast packets: Summary-Advert
and Advert-Request. Table 13-2 describes the functions and applicable scenarios
of the two types of packets.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 638

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

Table 13-2 VCMP packets

Packe Function Applicable Scenario Sent By
t Type

Summ The VCMP server ● The VCMP server VCMP server

ary- sends Summary- sends a Summary-
Advert Advert packets to Advert packet
other devices in the every 5 minutes to
local VCMP domain ensure real-time
to notify them of the synchronization of
domain name, device VLAN information
ID, configuration on the VCMP
revision number, and server and clients
VLAN information. and prevent VLAN
information loss
due to packet loss.
● The VCMP server
configuration is
changed. For
example, VLANs
are created or
deleted, the VCMP
domain name or
device ID is
changed, and the
VCMP server
restarts.
● The VCMP server
receives Advert-
Request packets
from VCMP clients
in the same VCMP
domain.

Advert A VCMP client sends ● A VCMP client is VCMP client

- Advert-Request added.
Reque packets to the VCMP ● A VCMP client
st server to request restarts or a client
VLAN information. interface becomes
Up.

Summary-Advert packets sent by the VCMP server carry the configuration revision
number. A VCMP client uses it to determine whether VLAN information sent from
the VCMP server is newer than the local VLAN information. If so, the VCMP client
synchronizes VLAN information with the VCMP server.
A configuration revision number is represented by an 8-digit hexadecimal number.
The four left-most bits indicate the change of the VCMP domain or device ID and
the four right-most bits indicate the VLAN change. Upon a VLAN change on the
VCMP server, the configuration revision number is automatically increased. When
the VCMP domain name or device ID changes, the four left-most bits of the

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 639

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

configuration revision number are recalculated and the four right-most bits are
reset.

VLAN Synchronization When the VCMP Server Configuration Changes

When the VCMP server configuration changes, for example, creating and deleting
VLANs, changing the VCMP domain name and device ID, or restarting the VCMP
server, the VCMP server sends a Summary-Advert packet to instruct VCMP clients
in the local VCMP domain to synchronize VLAN information. The following uses
creation of VLAN 100 on the VCMP server as an example to describe
synchronization upon a server configuration change.

In Figure 13-2:
● SwitchA: VCMP server
● SwitchB: VCMP transparent switch
● SwitchC, SwitchD and SwitchE: VCMP clients
● SwitchF: VCMP silent switch

Figure 13-2 VLAN synchronization when the VCMP server configuration changes
Create VLAN 100.

1. The server sends a Server

Summary-Advert packet. SwitchA

2. Directly forward Transparent

packets. SwitchB

Client Client Client

SwitchC SwitchD SwitchE

3. Create VLAN 100 3. Create VLAN 100 3. Create VLAN 100

and forward packets. and forward and forward packets.
packets.

Silent 4. Discard packets.

VLAN 100 does not
SwitchF need to be created.

Summary-Advert packet

After VLAN 100 is created on SwitchA:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 640

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

1. SwitchA sends a Summary-Advert packet carrying a VLAN information change

to notify the neighbor (SwitchB) of the VLAN information change.
2. When receiving the Summary-Advert packet, SwitchB directly forwards the
packet.
3. After a VCMP client receives the Summary-Advert packet:
– If the VCMP client receives the packet for the first time, it learns the
device ID, revision number, and VLAN ID in the packet. If the VCMP
domain name of the VCMP client is empty, the VCMP client learns the
VCMP domain name in the packet.
– If it is not the first time the VCMP client receives the packet, the VCMP
processes the packet as follows:
i. The VCMP client performs VCMP authentication for the Summary-
Advert packet according to the configured authentication password,
and VCMP domain name, device ID, and configuration revision
number in the Summary-Advert packet. After the Summary-Advert
packet is authenticated, the VCMP client proceeds to the next step.
ii. If the VCMP domain name and device ID are saved locally, the VCMP
client compares the local ones with those in the Summary-Advert
packet. When the local ones are the same as those in the packet, the
VCMP client proceeds to the next step.
iii. The VCMP client compares the local configuration revision number
with that in the Summary-Advert packet:
○ If the four left-most bits are different, the VCMP client
synchronizes VLAN information with the VCMP server according
to the Summary-Advert packet and learns the VCMP domain
name and device ID.
○ If the four left-most bits are the same, the VCMP client checks
whether the local four right-most bits are smaller than or equal
to those in the Summary-Advert packet. If so, the VCMP client
only synchronizes VLAN information with the VCMP server.
iv. The VCMP client forwards the Summary-Advert packet to other
devices in the local VCMP domain.
Here, it is not the first time the VCMP client receives the Summary-Advert
packet. The VCMP client finds that the highest four bits in the local revision
number are the same as those in the Summary-Advert packet but the lowest
four bits in the local revision number are smaller than or equal to those in the
Summary-Advert packet. The VCMP client therefore synchronizes information
of the VCMP server according to the Summary-Advert packet, and creates
VLAN 100 locally.
4. SwitchF directly discards the packet.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 641

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

NOTE

● VLAN information synchronization is similar in other scenarios where Summary-Advert

packets are triggered.
● Within 30 minutes after a client synchronizes VLAN information from the server, the
client generates the vlan.dat file to store the current VLAN information. After the client
restarts, the client reads the vlan.dat file to obtain the VLAN information before the
restart. The vlan.dat file cannot be modified, deleted, or overwritten. The file is deleted
when the following operations are performed:
● Run the reset vcmp command to clear VCMP domain information.
● Run the vcmp role { server | silent | transparent } command to change the VCMP
role to non-client.
● Run the startup saved-configuration configuration-file command to configure a
new configuration file whose name is different from the name of the current
configuration file.
● Run the reset saved-configuration command to delete the saved configuration
file. This operation will delete all the configuration.

VLAN Information Synchronization When a VCMP Client Is Added

To ensure VLAN information synchronization between the VCMP server and
clients, the VCMP server sends a Summary-Advert packet every 5 minutes to
notify switches in the local VCMP domain of the domain name, device ID, and
configuration revision number. When a VCMP client is added or a VCMP client
restarts, the VCMP client sends an Advert-Request packet to the VCMP server to
request VLAN information on the VCMP server. The following describes how the
VCMP client synchronizes VLAN information.
In Figure 13-3:
● SwitchA: VCMP server
● SwitchB: VCMP transparent switch
● SwitchC and SwitchE: VCMP silent switches
● SwitchD: VCMP client
● SwitchF: new VCMP client

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 642

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

Figure 13-3 VLAN synchronization when a VCMP client is added

Server
SwitchA

Reply with a Summary-

Advert packet.

Transparent
Directly forward VCMP packets.
SwitchB

Silent Determine and

Client Silent
SwitchC forward VCMP
SwitchD packets. SwitchE
Directly discard Directly discard
VCMP packets. VCMP packets.

Trigger an Advert-
Request packet. Synchronize VLAN
information on the server.

New client
SwitchF

Summary-Advert packet
Advert-Request packet

After SwitchF is configured with VCMP and specified as a VCMP client, SwitchF
becomes the new VCMP client.
1. SwitchF sends an Advert-Request packet to SwitchD to request VLAN
information on SwitchA.
2. SwitchD forwards the Advert-Request packet to SwitchB.
3. SwitchB forwards the Advert-Request packet to its neighbors.
4. In the following situations:
– When the VCMP server receives an Advert-Request packet:

▪ The VCMP server performs VCMP authentication for the Advert-

Request packet according to the configured authentication password,
and VCMP domain name, device ID, and configuration revision
number in the Advert-Request packet. After the Advert-Request
packet is authenticated, the VCMP server proceeds to the next step.

▪ If the VCMP domain name or device ID in the Advert-Request packet

is not empty but is different from the VCMP domain name or device
ID on the VCMP server, the VCMP server discards the Advert-Request
packet. Otherwise, the VCMP server replies with a Summary-Advert
packet carrying its VLAN information.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 643

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

– The VCMP silent switch directly discards the received Advert-Request

packet.
5. After SwitchD, SwitchB, SwitchC and SwitchE, and SwitchF receive the
Summary-Advert packet from SwitchA, the Summary-Advert packet is
processed according to VLAN Synchronization When the VCMP Server
Configuration Changes. SwitchD compares the locally configured VCMP
domain name, device ID, and configuration revision number with those in the
Summary-Advert packet. If they are the same, SwitchD directly forwards the
packet. SwitchF synchronizes VLAN information on SwitchA. If the VCMP
domain is not configured on the SwitchF, SwitchF learns the VCMP domain
name and device ID on SwitchA.

NOTE

Advert-Request packets are triggered when a VCMP client restarts or a VCMP interface goes
Up. VLAN information synchronization is similar.

Multi-Server Trap
Only one VCMP server exists in a VCMP domain. To prevent attacks of bogus
VCMP servers, the VCMP server matches the VCMP domain name, device ID, and
source MAC address in the received Summary-Advert packets with local ones. If
the VCMP domain name and device ID match local ones but the source MAC
address in the packet is different from the system MAC address, the VCMP server
sends a trap about the multi-server event to the NMS.
To prevent the VCMP server from being affected by too many traps, the VCMP
server sends traps to the NMS once every 30 minutes.

VCMP Authentication
When an unauthorized switch joins a VCMP domain, VLAN information on the
switch may be synchronized in the VCMP domain, affecting network stability. To
prevent unauthorized switches from joining a VCMP domain and enhance VCMP
domain security, configure a VCMP domain authentication password on the VCMP
server and clients.
If the VCMP domain authentication password is configured on the VCMP server or
a VCMP client, the VCMP server or VCMP client uses the password character string
(empty character string is used by default) as the key and performs SHA-256 for
the VCMP domain name, and device ID to obtain a digest. Then the VCMP server
encapsulates the digest in a Summary-Advert packet or the VCMP client
encapsulates the digest in an Advert-Request packet. When each VCMP client in
the VCMP domain receives a Summary-Advert packet from the VCMP server, the
VCMP client uses the locally configured password to perform SHA-256 for the
VCMP domain name, device ID, and configuration revision number, and compares
the calculated digest with the digest in the Summary-Advert packet. If the
calculated digest matches the digest in the Summary-Advert packet, the
Summary-Advert packet passes authentication and further VCMP processing is
performed. Otherwise, the Summary-Advert packet is discarded. When the VCMP
server receives an Advert-Request packet from a VCMP client, authentication and
processing are similar.
If no domain authentication password is set, VCMP packets pass without
authentication.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 644

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

NOTE

● In a VCMP domain, the VCMP domain authentication password on the VCMP server and
clients must be the same.
● To ensure device security, change the password periodically.

13.3 Application Scenarios for VCMP

As the enterprise network scale increases, more switches are deployed, and VLAN
information on the switches needs to be synchronized to ensure correct data
forwarding. Repeated VLAN creation and deletion on the switches are time-
consuming and error-prone.
To solve this problem, deploy VCMP on the enterprise network, determine a VCMP
domain according to the management scope, and select the aggregation or core
switch as the VCMP server. When VLANs are created and deleted on the
aggregation or core switch, VLAN information is synchronized on access switches
in the same VCMP domain. VCMP implements centralized management and
reduces the configuration and maintenance workload. When no authentication
password is configured in a VCMP domain and a non-configured switch is added
to the VCMP domain, the VCMP server notifies other switches in the VCMP
domain of synchronizing VLAN information. This implements plug-and-play.

Figure 13-4 Typical VCMP networking

Internet

Router

Core
switch

Department A Department B
Server Server
VCMP1 AGG1 AGG2 VCMP2

Client Client Client Client

ACC1 ACC2 ACC3 ACC4

VLANs 10-20 VLANs 30-40

As shown in Figure 13-4, departments A and B of an enterprise belong to

different Layer 2 networks. The departments are large and a lot of VLANs need to
be configured and maintained. To facilitate VLAN configuration and maintenance,
deploy VCMP domains VCMP1 and VCMP2 for departments A and B respectively,
and configure AGG1 as the VCMP server in VCMP1, ACC1 and ACC2 as VCMP

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 645

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

clients in VCMP1, AGG2 as the VCMP server in VCMP2, and ACC3 and ACC4 as
VCMP clients in VCMP2. The network administrator needs to create and delete
VLAN information only on AGG1 and AGG2. ACC1 to ACC4 synchronize VLAN
information with AGG1 and AGG2 respectively. This implements centralized VLAN
configuration and management.

NOTE

VCMP packets can be only transmitted on trunk and hybrid interfaces. When deploying
VCMP, you need to deploy LNP to dynamically negotiate the link type, which simplifies use
configurations. For details about LNP, see 5.2.5 LNP.

13.4 Licensing Requirements and Limitations for VCMP

Involved Network Elements

Other network elements are not required.

Licensing Requirements
VCMP configuration commands are available only after the S1720GW, S1720GWR,
and S1720X have the license (WEB management to full management Electronic
RTU License) loaded and activated and the switches are restarted. VCMP
configuration commands on other models are not under license control.

For details about how to apply for a license, see S Series Switch License Use
Guide.

Version Requirements

Table 13-3 Products and versions supporting VCMP

Product Product Software Version

Model

S1700 S1720GFR V200R006C10, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S1720GW, V200R010C00, V200R011C00, V200R011C10

S1720GWR

S1720GW- V200R010C00, V200R011C00, V200R011C10

E,
S1720GWR
-E

S1720X, V200R011C00, V200R011C10

S1720X-E

Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 646

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

Product Product Software Version

Model

S2700 S2700SI Not supported

S2700EI Not supported

S2710SI Not supported

S2720EI V200R006C10, V200R009C00, V200R010C00,

V200R011C10

S2750EI V200R005C00SPC300, V200R006C00, V200R007C00,

V200R008C00, V200R009C00, V200R010C00,
V200R011C00, V200R011C10

S3700 S3700SI Not supported

S3700EI Not supported

S3700HI Not supported

S5700 S5700LI/ V200R005C00SPC300, V200R006C00, V200R007C00,

S5700S-LI V200R008C00, V200R009C00, V200R010C00,
V200R011C00, V200R011C10

S5710-C-LI Not supported

S5710-X-LI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S5700EI V200R005(C00&C01&C02&C03)

S5700SI V200R005C00

S5710EI V200R005(C00&C02)

S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10

S5720LI/ V200R010C00, V200R011C00, V200R011C10

S5720S-LI

S5720SI/ V200R008C00, V200R009C00, V200R010C00,

S5720S-SI V200R011C00, V200R011C10

S5700HI V200R005(C00SPC500&C01&C02)

S5710HI V200R005(C00&C02&C03)

S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5730SI V200R011C10

S5730S-EI V200R011C10

S6700 S6700EI V200R005(C00&C01&C02)

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 647

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

Product Product Software Version

Model

S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, V200R011C00, V200R011C10

S6720S-LI

S6720SI, V200R011C00, V200R011C10

S6720S-SI

NOTE
To know details about software mappings, see Hardware Query Tool.

Feature Limitations
● VCMP can only help the network administrator synchronize VLAN information
but not dynamically assign interfaces to VLANs. VCMP is often used with LNP
to simplify user configurations. For details about LNP, see "LNP" in "VLAN
Configuration" in the Configuration Guide - Ethernet Switching of the
corresponding product version.
● VCMP packets can be only transmitted in VLAN 1. By default, all interfaces
join VLAN 1. To prevent loops, deploy a loop prevention protocol such as STP
in addition to VCMP. After STP is deployed, blocked interfaces cannot receive
or send VCMP packets.
● By default, a switch is a VCMP client. If a switch is upgraded from a version
that does not support VCMP to a VCMP-supporting version, the VCMP role is
Silent by default. In addition, to ensure that the switch's VCMP role is
consistent before and after the upgrade, the switch by default delivers the
undo bpdu mac-address 0118-8255-5555 command to process VCMP
packets as data packets. To enable VCMP, see "Configuring VCMP" in "VCMP
Configuration" in the Configuration Guide – Ethernet Switching Configuration
Guide of the corresponding product version.
● VCMP synchronizes only the VLAN ID in the current version.
● One switch can join only one VCMP domain, and only one VCMP server exists
in a VCMP domain.
● If the VCMP domain authentication password is set, ensure that the VCMP
server and clients use the same VCMP domain authentication password.
● If VLANs created or deleted on the VCMP server are the control VLANs of the
Ethernet Ring Protection Switch (ERPS), Rapid Ring Protection Protocol
(RRPP), Smart Ethernet Protocol (SEP), or Smart link, or reserved VLANs of
stack, a VCMP client does not create or delete the VLANs.
● If the Generic VLAN Registration Protocol (GVRP) has been enabled, the
VCMP role can be only the transparent or silent switch. If the VCMP role is set
to client or server, do not use GVRP.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 648

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

● Termination sub-interfaces cannot be configured on a VCMP client. For details

on how to configure a termination sub-interface, see "Configuring a Sub-
interface" in "Logical Interface Configuration" in the Configuration Guide -
Interface Management of the corresponding product version.
● After a VLAN is deleted on the VCMP server, VCMP clients delete the VLAN
but do not delete configurations in the VLAN. In addition, the vlan vlan-id
configuration command is generated in the configuration file, and the
configurations in the deleted VLAN specified by vlan-id are moved to the
VLAN configuration view.
● When the device used as a VCMP client that connects to a VCMP server
restarts, the VLAN configuration before the restart takes effect. To make the
saved VLAN configuration take effect, use one of the following methods to
delete the vlan.dat file and then restart the device:
– Run the vcmp role { server | silent | transparent } command to change
the device role to a non-client.
– Run the startup saved-configuration configuration-file command to
configure a new configuration file. Ensure that the name of the new
configuration file is different from that of the current configuration file.
– Run the reset saved-configuration command to clear the saved
configuration file. This command will clear all the configuration.
NOTE

When the value of Server ID in the display vcmp status command output is not empty,
the device used as a VCMP client has been connected to a VCMP server.

13.5 Default Settings for VCMP

Parameter Default Setting

VCMP domain Not configured

VCMP role Client

NOTE
If a switch is upgraded from a version that does not
support VCMP to a VCMP-supporting version, the VCMP
role is silent by default.

Device ID Not configured

VCMP domain Not configured

authentication password

VCMP on an interface Enabled

13.6 Configuring VCMP

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 649

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

Context
VCMP implements centralized VLAN management and manages network devices
based on VCMP domains (for details, see VCMP Domain). VCMP defines four
roles: server, client, transparent, and silent (for details, see VCMP Roles). Switches
added to a VCMP domain as clients are managed by the VCMP server in the same
VCMP domain. After a VLAN is created or deleted on the VCMP server, VCMP
clients automatically synchronize VLAN information with the server. VCMP reduces
the workload on modifying the same VLAN information on multiple switches and
ensures VLAN information consistency.
You are advised to configure VCMP on an enterprise network as follows:
● Configure an aggregation or core switch as the VCMP server. Only one VCMP
server exists in a VCMP domain.
● Configure access switches as VCMP clients.
● Configure switches that do not need to be managed by the VCMP server and
are located between the VCMP server and clients as VCMP transparent
switches.
● Configure edge devices connected to other networks as VCMP silent switches
to prevent the connected networks from being affected.
A VCMP client identifies the VCMP server by device ID. The VCMP client obtains
the device ID of the VCMP server from the first received VCMP packet, and
synchronizes VLAN information with only the VCMP server specified by the device
ID. The device ID of the VCMP server learned by a VCMP client remains
unchanged unless the role of the VCMP client changes. The VCMP server can
receive and transmit VCMP packets and achieve centralized management only
when being configured with the device ID.
When an unauthorized switch is added to a VCMP domain, VCMP clients in this
VCMP domain may synchronize VLAN information of the unauthorized switch,
affecting network stability. To prevent unauthorized switches from joining a VCMP
domain, configure an authentication password on the VCMP server and clients in
the VCMP domain.

Pre-configuration Tasks
Before configuring VCMP, complete the following tasks:
● Connect interfaces and setting physical parameters of the interfaces to ensure
that the physical status of the interfaces is Up. For details, see Ethernet
Interface Configuration in the S1720, S2700, S5700, and S6720 V200R011C10
Configuration Guide - Interface Management.
● Configure the link type of interfaces as trunk and hybrid so that the interfaces
can forward VCMP packets.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 650

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

NOTE

● VCMP is often used with LNP to dynamically negotiate the link type, which
simplifies use configurations. For detailed LNP configuration, see steps 1 to 6 in
5.7.2 Configuring Interface-based VLAN Assignment (LNP Dynamically
Negotiates the Link Type).
● You can run the display lnp summary command to check whether LNP is
configured on the switch and check the link type of the interface. If LNP is not
configured on the switch or the link type of the interface is not trunk or hybrid, run
the port link-type { hybrid | trunk } command to configure the link type of the
interface.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run vcmp role { client | server | silent | transparent }

A VCMP role of the switch is configured.

By default, switches in a VCMP domain are VCMP clients.

NOTE

If a switch is upgraded from a version that does not support VCMP to a VCMP-supporting
version, the VCMP role is silent by default.

Step 3 Perform the following operations based on the VCMP role of the switch.
● Perform the following operations on the VCMP server:
a. Run vcmp domain domain-name
A VCMP domain is configured.
By default, no VCMP domain is created.
All switches in a VCMP domain must use the same VCMP domain name.
Each switch can be added to only one VCMP domain.
b. Run vcmp device-id device-name
A device ID is set for the VCMP server.
By default, no device ID is set for the VCMP server.
c. (Optional) Run vcmp authentication sha2-256 password password
A VCMP domain authentication password is configured.
The VCMP server and clients in a VCMP domain must be configured with
the same authentication password. To ensure device security, change the
password periodically.
By default, no authentication password is configured in a VCMP domain,
and VCMP packets pass authentication.
● Perform the following operations on a VCMP client:
a. (Optional) Run vcmp domain domain-name
A VCMP domain is configured.
By default, no VCMP domain is created.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 651

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

All switches in a VCMP domain must use the same VCMP domain name.
If the domain name is not set on a VCMP client, the VCMP client learns
the domain name in the first received VCMP packet.
Each switch can be added to only one VCMP domain.
b. (Optional) Run vcmp authentication sha2-256 password password
A VCMP domain authentication password is configured.
The VCMP server and clients in a VCMP domain must be configured with
the same authentication password. To ensure device security, change the
password periodically.
By default, no authentication password is configured in a VCMP domain,
and VCMP packets pass authentication.
● When the VCMP role is transparent or silent, go to the next step.
Step 4 Run interface interface-type interface-number
The view of a Layer 2 Ethernet interface where VCMP is to be enabled is displayed.
VCMP can be enabled only on Layer 2 Ethernet interfaces.
Step 5 Run undo vcmp disable
VCMP is enabled on the interface.
By default, VCMP is enabled on all interfaces of a switch.

NOTE

If an edge switch in a VCMP domain needs to be managed, configure the edge switch as a
VCMP client. To prevent VCMP packets in the local VCMP domain from being transmitted to
other VCMP domains, run the vcmp disable command to disable VCMP on the edge switch
interface connected to other VCMP domains.

Step 6 (Optional) Run snmp-agent trap enable feature-namevcmp

The VCMP trap function is enabled.
To protect the switch against attacks of bogus VCMP servers, enable the VCMP
trap function. When receiving VCMP packets from bogus VCMP servers, the switch
sends traps about the multi-server event to the NMS.

----End

Verifying the Configuration

After you configure VCMP, check whether the configuration takes effect.
● Run the display vcmp status command to check the VCMP configuration,
including the VCMP domain name, VCMP role, device ID, configuration
revision number, and VCMP domain authentication password.
● Run the display vcmp interface brief command to check the VCMP status on
Layer 2 Ethernet interfaces.

13.7 Maintaining VCMP

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 652

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

13.7.1 Displaying VCMP Running Information

Context
If faults occur during VCMP running, you can view VCMP packet statistics or VLAN
change trace on the VCMP client to locate faults.

Procedure
● Run the display vcmp counters command in any view to view statistics on
VCMP packets.
● Run the display vcmp track command in any view to view the VLAN change
trace on the VCMP client.
----End

13.7.2 Clearing VCMP Running Information

Context
The VCMP domain ID and device ID learned by a VCMP client remain unchanged.
The VCMP client needs to learn VCMP information again when the VCMP server in
the local VCMP domain is changed. Therefore, clear learned VCMP information
before the VCMP client learns VCMP information.
Before viewing the VLAN change trace on the VCMP client in a given period of
time, clear the existing VLAN change trace.

NOTICE

VCMP running information cannot be restored after being cleared. Therefore,

exercise caution when you run these clearing commands.

Procedure
● Run the reset vcmp command in the user view to clear learned VCMP
information.
● Run the reset vcmp track command in the user view to clear the existing
VLAN change trace.
----End

13.8 Example for Configuring VCMP to Implement

Centralized VLAN Management

Networking Requirements
As shown in Figure 13-5, the enterprise branch network is a Layer 2 network. The
AGG is the aggregation switch, ACC1 to ACC3 are access switches, and ACC1 is

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 653

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

connected to visitors. As the enterprise branch scale increases, the network

administrator needs to configure and maintain too much VLAN information. The
workload is heavy and configuration errors can easily occur. The administrator
requires that the VLAN configuration and maintenance workload be reduced and
rights of visitors connected to the branch network be limited. VLANs on ACC1 are
required to be configured and maintained independently.

Figure 13-5 Networking for configuring VCMP to implement centralized VLAN

management

Internet

Router

GE0/0/1 GE0/0/3
Server
GE0/0/2 AGG

GE0/0/1 GE0/0/1 GE0/0/1

Silent Client Client
ACC1 ACC2 ACC3
GE0/0/2 GE0/0/2 GE0/0/2

Visitor Office PC Office PC

Configuration Roadmap
VCMP can be deployed on the enterprise branch network by configuring the AGG
as the VCMP server, ACC2 and ACC3 as VCMP clients, and ACC1 as a VCMP silent
switch. In this way, the network administrator only needs to modify VLAN
information on the AGG. The AGG sends the modified VLAN information to ACC1,
ACC2, and ACC3 on the enterprise branch network. ACC2 and ACC3 synchronize
VLAN information with the AGG, whereas ACC1 does not. VCMP reduces the
workload on modifying the same VLAN information on multiple switches and
allows the independent VLAN configuration on ACC1.
To relieve the network administrator from setting the link type, configure LNP to
automatically negotiate the link type.
The configuration roadmap is as follows:
1. Configure LNP to automatically negotiate the link type, which simplifies use
configurations.
2. Specify VCMP roles for switches to determine the VCMP management scope,
administrative switch, and managed switches.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 654

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

3. Set VCMP parameters such as the authentication password and device ID on

the VCMP server and clients to ensure secure communication and identity
identification between the VCMP server and clients.
4. Enable VCMP.

Procedure
Step 1 Configure LNP to automatically negotiate the link type.

By default, LNP is enabled globally and on all interfaces. That is, the link type of
the interfaces will be automatically negotiated through LNP.

You can run the display lnp summary command to check whether LNP is enabled
globally and on an interface (Global LNP and link-type(C) fields) and check the
link type of the interface (link-type(N)).
● If LNP is not enabled globally or on an interface, perform the following
operations:
# Enable global LNP. The configurations of ACC1, ACC2, and ACC3 are similar
to the configuration of the AGG, and are not mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname AGG
[AGG] undo lnp disable

# Enable LNP on interfaces. The configurations of ACC1, ACC2, and ACC3 are
similar to the configuration of the AGG, and are not mentioned here.
[AGG] interface GigabitEthernet 0/0/1
[AGG-GigabitEthernet0/0/1] undo port negotiation disable
[AGG-GigabitEthernet0/0/1] port link-type negotiation-desirable
[AGG-GigabitEthernet0/0/1] quit
[AGG] interface GigabitEthernet 0/0/2
[AGG-GigabitEthernet0/0/2] undo port negotiation disable
[AGG-GigabitEthernet0/0/2] port link-type negotiation-desirable
[AGG-GigabitEthernet0/0/2] quit
[AGG] interface GigabitEthernet 0/0/3
[AGG-GigabitEthernet0/0/3] undo port negotiation disable
[AGG-GigabitEthernet0/0/3] port link-type negotiation-desirable
[AGG-GigabitEthernet0/0/3] quit

● If LNP is enabled globally and on an interface but the link type of the
interface connecting switches is Access, run the port link-type { trunk |
hybrid } command to specify the link type of the interface so that VCMP can
work properly.

Step 2 Specify VCMP roles for switches.

# Configure the AGG as the VCMP server.

[AGG] vcmp role server

# Configure ACC1 as a VCMP silent switch.

[ACC1] vcmp role silent

# Configure ACC2 as a VCMP client.

[ACC2] vcmp role client

# Configure ACC3 as a VCMP client.

[ACC3] vcmp role client

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 655

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

Step 3 Set VCMP parameters on the VCMP server and clients.

# On the AGG, configure the VCMP domain, device ID, and authentication
password.
[AGG] vcmp domain vd1
[AGG] vcmp device-id server
[AGG] vcmp authentication sha2-256 password Hello

# On ACC2, configure the VCMP domain and authentication password.

[ACC2] vcmp domain vd1
[ACC2] vcmp authentication sha2-256 password Hello

# On ACC3, configure the VCMP domain and authentication password.

[ACC3] vcmp domain vd1
[ACC3] vcmp authentication sha2-256 password Hello

Step 4 Enable VCMP.

By default, VCMP is enabled on interfaces. To prevent VCMP packets from
affecting the PC, disable VCMP on the client interface connected to the PC.
[ACC2] interface GigabitEthernet 0/0/2
[ACC2-GigabitEthernet0/0/2] vcmp disable
[ACC2-GigabitEthernet0/0/2] quit
[ACC3] interface GigabitEthernet 0/0/2
[ACC3-GigabitEthernet0/0/2] vcmp disable
[ACC3-GigabitEthernet0/0/2] quit

Step 5 Verify the configuration.

After the configurations are complete, run the display vcmp status command to
view the VCMP configuration, including the VCMP domain name, VCMP role,
device ID, configuration revision number, and VCMP domain authentication
password.
The display on the AGG is used as an example.
[AGG] display vcmp status
VCMP information:
Domain : vd1
Role : Server
Server ID : server
Configuration Revision : 0x239c0000
Password : ******

On the AGG, run the vlan vlan-id command to create VLAN 10, and run the
display vlan summary command on ACC1, ACC2, and ACC3 respectively to view
VLAN information. The command output shows that ACC2 and ACC3 have
synchronized VLAN information with that on the AGG, whereas ACC1 has not.
[AGG] vlan 10
[AGG-vlan10] quit
[AGG] display vlan summary
Static VLAN:
Total 2 static VLAN.
1 10

Dynamic VLAN:
Total 0 dynamic VLAN.

Reserved VLAN:
Total 0 reserved VLAN.
[ACC1] display vlan summary
Static VLAN:
Total 1 static VLAN.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 656

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

Dynamic VLAN:
Total 0 dynamic VLAN.

Reserved VLAN:
Total 0 reserved VLAN.
[ACC2] display vlan summary
Static VLAN:
Total 2 static VLAN.
1 10

Dynamic VLAN:
Total 0 dynamic VLAN.

Reserved VLAN:
Total 0 reserved VLAN.
[ACC3] display vlan summary
Static VLAN:
Total 2 static VLAN.
1 10

Dynamic VLAN:
Total 0 dynamic VLAN.

Reserved VLAN:
Total 0 reserved VLAN.

----End

Configuration Files
● AGG configuration file
#
sysname AGG
#
vcmp role server
vcmp domain vd1
vcmp device-id server
vcmp authentication sha2-256 password %^%#6dD+>}ffA7*[j2#]0%%GfN#;I}#.lQ2Yfb2b1y"0%^%#
#
vlan batch 10
#
return

● ACC1 configuration file

#
sysname ACC1
#
vcmp role silent
#
return

● ACC2 configuration file

#
sysname ACC2
#
vcmp domain vd1
vcmp authentication sha2-256 password %^%#6dD+>}ffA7*[j2#]0%%GfN#;I}#.lQ2Yfb2b1y"0%^%#
#
vlan batch 10
#
interface GigabitEthernet0/0/2
vcmp disable
#
return

● ACC3 configuration file

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 657

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 13 VCMP Configuration

#
sysname ACC3
#
vcmp domain vd1
vcmp authentication sha2-256 password %^%#6dD+>}ffA7*[j2#]0%%GfN#;I}#.lQ2Yfb2b1y"0%^%#
#
vlan batch 10
#
interface GigabitEthernet0/0/2
vcmp disable
#
return

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 658

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

14 STP/RSTP Configuration

About This Chapter

This chapter describes how to configure the Spanning Tree Protocol (STP) and
Rapid Spanning Tree Protocol (RSTP).

14.1 Overview of STP/RSTP

14.2 Understanding STP/RSTP
14.3 Application Scenarios for STP
14.4 Summary of STP/RSTP Configuration Tasks
14.5 Licensing Requirements and Limitations for STP/RSTP
14.6 Default Settings for STP/RSTP
14.7 Configuring STP/RSTP
14.8 Setting STP Parameters That Affect STP Convergence
14.9 Setting RSTP Parameters that Affect RSTP Convergence
14.10 Configuring RSTP Protection Functions
14.11 Setting Parameters for Interoperation Between Huawei and Non-Huawei
Devices
14.12 Maintaining STP/RSTP
14.13 Configuration Examples for STP/RSTP
14.14 FAQ About STP/RSTP

14.1 Overview of STP/RSTP

Definition
Generally, redundant links are used on an Ethernet switching network to provide
link backup and enhance network reliability. The use of redundant links, however,

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 659

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

may produce loops, causing broadcast storms and making the MAC address table
unstable. As a result, network communication may encounter quality deterioration
or even be interrupted. STP solves this problem.
Devices running STP exchange STP bridge protocol data units (BPDUs) to discover
loops on the network and block some ports to prune the network into a loop-free
tree network. STP prevents infinite looping of packets to ensure packet processing
capabilities of switches.
The STP network convergence speed is slow, so IEEE released 802.1w in 2001,
which introduces RSTP. RSTP improves STP to speed up network convergence.

Purpose
After a spanning tree protocol is configured on an Ethernet switching network, the
protocol calculates the network topology to implement the following functions:
● Loop prevention: The spanning tree protocol blocks redundant links to prevent
potential loops on the network.
● Link redundancy: If an active link fails and a redundant link exists, the
spanning tree protocol activates the redundant link to ensure network
connectivity.

14.2 Understanding STP/RSTP

14.2.1 Background
STP prevents loops on a local area network (LAN). The switching devices running
STP exchange information with one another to discover loops on the network, and
block certain ports to eliminate loops. With the growth in scale of LANs, STP has
become an important protocol for a LAN.

Figure 14-1 Typical LAN networking

Host A

port1 port1
S1 S2
port2 port2

Host B
Data flow

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 660

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

On the network shown in Figure 14-1, the following situations may occur:
● Broadcast storms cause a breakdown of the network.
If a loop exists on the network, broadcast storms may occur, leading to a
breakdown of the network. In Figure 14-1, STP is not enabled on the
switching devices. If Host A sends a broadcast request, both S1 and S2 receive
the request on port 1 and forward the request through their port 2. Then, S1
and S2 receive the request forwarded by each other on port 2 and forward the
request through port 1. As this process repeats, resources on the entire
network are exhausted, and the network finally breaks down.
● Assume that no broadcast storm has occurred on the network shown in
Figure 14-1. HostA sends a unicast packet to HostB. If HostB is temporarily
removed from the network at this time, the MAC address entry for HostB will
be deleted on S1 and S2. The unicast packet sent by HostA to HostB is
received by port 1 on S1. S1 has no matching MAC address entry, so the
unicast packet is forwarded to port 2. Then port 2 on S2 receives the unicast
packet from port 2 on S1 and sends it out through port 1. In addition, port 1
on S2 also receives the unicast packet sent by HostA to HostB, and sends it
out through port 2. As such transmissions repeat, port 1 and port 2 on S1 and
S2 continuously receive unicast packets from HostA. S1 and S2 modify the
MAC address entries continuously, causing the MAC address table to flap. As a
result, MAC address entries are damaged.

14.2.2 Basic Concepts of STP/RSTP

Root Bridge
A tree topology must have a root. As defined in STP, the device that functions as
the root of a tree network is called the root bridge.
There is only one root bridge on the entire STP network. The root bridge is the
logical center of but is not necessarily at the physical center of the network. The
root bridge changes dynamically with the network topology.
After network convergence, the root bridge generates and sends configuration
BPDUs at a specific interval. Upon receipt of the configuration BPDUs, non-root
bridges compare whether the priority of the received BPDUs is higher than that of
their local configuration BPDUs. If the priority is higher, the non-root bridges
update their configuration BPDU information stored on their STP interfaces based
on the information in the received BPDUs. If the priority is lower, the non-root
bridges discard the received configuration BPDUs.

Metrics for Spanning Tree Calculation

A spanning tree is calculated based on the following metrics: bridge ID (BID), port
ID (PID), and path cost.
● BID and PID
According to IEEE 802.1D, a BID is composed of a bridge priority (leftmost 16
bits) and a bridge MAC address (rightmost 48 bits).
On an STP network, the device with the smallest BID is elected as the root
bridge.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 661

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

IDs are classified into bridge ID (BID) and port ID (PID).

A PID is composed of a port priority (leftmost 4 bits) and a port number
(rightmost 12 bits).
The PID is used to select the designated port.
NOTE

The port priority affects the role of a port in a specified spanning tree instance. For
details, see 14.2.4 STP Topology Calculation.
● Path cost
The path cost is a port variable used for link selection. STP calculates path
costs to select robust links and blocks redundant links, and finally trims the
network into a loop-free tree topology.
On an STP network, a port's path cost to the root bridge is the sum of the
path costs of all ports between the port and the root bridge. This path cost is
the root path cost.

Root Bridge, Root Port, and Designated Port

Three elements are involved in pruning a ring network into a tree network: root
bridge, root port, and designated port. Figure 14-2 shows the three elements in
the STP network architecture.

Figure 14-2 STP network architecture

root bridge
A B S2
PC=100;RPC=0 PC=100;RPC=100
S1

B A
PC=100;RPC=0 PC=99;RPC=100

A B
PC=100;RPC=100 PC=99;RPC=199

B A
S3 PC=200;RPC=100 PC=200;RPC=300 S4

PC: path cost

RPC: root path cost
root port
designated port
blocked port

● Root bridge
The root bridge is the bridge with the smallest BID. The smallest BID is
discovered by exchanging configuration BPDUs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 662

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

● Root port
The root port on an STP device is the port with the smallest path cost to the
root bridge and is responsible for forwarding data to the root bridge. An STP
device has only one root port, and there is no root port on the root bridge.
● Designated port
Table 14-1 explains the designated bridge and designated port.

Table 14-1 Designated bridge and designated port

Reference Designated Bridge Designated Port
Object

Device A directly connected The designated bridge's port

device that forwards that forwards configuration
configuration BPDUs to BPDUs to the device
the device

LAN A device that forwards The designated bridge's port

configuration BPDUs to that forwards configuration
the LAN BPDUs to the LAN

As shown in Figure 14-3, AP1 and AP2 are ports of S1; BP1 and BP2 are ports
of S2; CP1 and CP2 are ports of S3.
– S1 sends configuration BPDUs to S2 through AP1, so S1 is the designated
bridge for S2, and AP1 is the designated port on S1.
– S2 and S3 are connected to the LAN. If S2 forwards configuration BPDUs
to the LAN, S2 is the designated bridge for the LAN, and BP2 is the
designated port on S2.

Figure 14-3 Designated bridge and designated port

S1

AP1 AP2

BP1 CP1
S2 S3

BP2 CP2

LAN

After the root bridge, root ports, and designated ports are selected successfully, a
tree topology is set up on the entire network. When the topology is stable, only

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 663

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

the root port and designated ports forward traffic. The other ports are in the
Blocking state; they only receive STP BPDUs and do not forward user traffic.

Comparison Principles
During role election, STP devices compare four fields, which form a BPDU priority
vector {root ID, root path cost, sender BID, PID}.
Table 14-2 describes the four fields carried in a configuration BPDU.

Table 14-2 Four fields

Field Description

Root ID ID of the root bridge. Each STP network has

only one root bridge.

Root path cost Path cost to the root bridge. It is determined by

the distance between the port sending the
configuration BPDU and the root bridge.

Sender BID BID of the device that sends the configuration

BPDU.

PID PID of the port that sends the configuration

BPDU.

After a device on the STP network receives a configuration BPDU, it compares the
fields listed in Table 14-2 with its own values. The four comparison principles are
as follows:
● Smallest BID: used to select the root bridge. Devices on an STP network select
the device with the smallest BID based on the root ID field in Table 14-2.
● Smallest root path cost: used to select the root port on a non-root bridge. On
the root bridge, the path cost of each port is 0.
● Smallest sender BID: used to select the root port among ports with the same
root path cost. The port with the smallest BID is selected as the root port in
STP calculation. For example, S2 has a smaller BID than S3 in Figure 14-2. If
the BPDUs received on port A and port B of S4 contain the same root path
cost, port B becomes the root port on S4 because the BPDU received on port
B has a smaller sender BID.
● Smallest PID: used to determine which port should be blocked when multiple
ports have the same root path cost. The port with the greatest PID is blocked.
The PIDs are compared in the scenario shown in Figure 14-4. The BPDUs
received on port A and port B of S1 contain the same root path cost and
sender BID. Port A has a smaller PID than port B. Therefore, port B is blocked
to prevent loops.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 664

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Figure 14-4 Scenario where PIDs need to be compared

S1 S2

A B

designated port
blocked port

Port States
Table 14-3 describes the possible states of ports on an STP device.

Table 14-3 STP port states

Port Purpose Description
State

Forwardi A port in Forwarding state can Only the root port and
ng forward user traffic and process designated port can enter the
BPDUs. Forwarding state.

Learning When a port is in Learning state, This is a transitional state, which

the device creates MAC address is designed to prevent temporary
entries based on user traffic loops.
received on the port but does not
forward user traffic through the
port.

Listenin All ports are in Listening state This is a transitional state.

g before the root bridge, root port,
and designated port are selected.

Blocking A port in Blocking state receives This is the final state of a

and processes only BPDUs, and blocked port.
does not forward user traffic.

Disabled A port in Disabled state does not The port is Down.

process BPDUs or forward user
traffic.

Figure 14-5 shows the state transitions of a port.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 665

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Figure 14-5 STP state transitions of a port

Disabled or
Down

①
⑤
Blocking

②
④ ⑤
Listening

③
④ ⑤
Learning

③
④ ⑤
Forwarding

1 The port is initialized or enabled, and enters the Blocking state.

2 The port is selected as the root or designated port, and enters

the Listening state.

3 When the time for keeping the port in a temporary state is

reached, the port enters the Learning or Forwarding state. The
port is selected as the root or designated port.
4 The port is not the root or designated port, and enters the
blocking state.
5 The port is disabled or the link fails.

NOTE

By default, a Huawei network device uses the MSTP mode. After a device transitions from
the MSTP mode to the STP mode, its STP ports support only those states defined in MSTP,
which are Forwarding, Learning, and Discarding. Table 14-4 describes the three port states.

Table 14-4 MSTP port states

Port Description
State

Forwardi A port in Forwarding state can forward user traffic and process
ng BPDUs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 666

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Port Description
State

Learning This is a transitional state. When a port is in Learning state, it can

send and receive BPDUs, but does not forward user traffic. The
device creates MAC address entries based on user traffic received on
the port but does not forward user traffic through the port.

Discardi A port in the Discarding state can only receive BPDUs.

ng

The following parameters affect the STP port states and convergence.

● Hello Time
The Hello Time specifies the interval at which an STP device sends
configuration BPDU packets to detect link failures.
When the Hello Time is changed, the new value takes effect only after a new
root bridge is elected. The new root bridge adds the new Hello Time value in
BPDUs it sends to non-root bridges. When the network topology changes,
TCN BPDUs are transmitted immediately, independent of the Hello Time.
● Forward Delay
The Forward Delay timer specifies the length of delay before a port state
transition. When a link fails, STP calculation is triggered and the spanning tree
structure changes. However, new configuration BPDUs cannot be immediately
spread over the entire network. If the new root port and designated port
forward data immediately, transient loops may occur. Therefore, STP defines a
port state transition delay mechanism. The newly selected root port and
designated port must wait for two Forward Delay intervals before
transitioning to the Forwarding state. Within this period, the new
configuration BPDUs can be transmitted over the network, preventing
transient loops.
The default Forward Delay timer value is 15 seconds. This means that the port
stays in the Listening state for 15 seconds and then stays in the Learning state
for another 15 seconds before transitioning to the Forwarding state. The port
is blocked when it is in the Listening or Learning state, which is key to
preventing transient loops.
● Max Age
The Max Age specifies the aging time of BPDUs. This parameter is
configurable on the root bridge.
The Max Age is spread to the entire network with configuration BPDUs. After
a non-root bridge receives a configuration BPDU, it compares the Message
Age value with the Max Age value in the received configuration BPDU.
– If the Message Age value is smaller than or equal to the Max Age value,
the non-root bridge forwards the configuration BPDU.
– If the Message Age value is larger than the Max Age value, the non-root
bridge discards the configuration BPDU. When this happens, the network
size is considered too large and the non-root bridge disconnects from the
root bridge.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 667

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

If the configuration BPDU is sent from the root bridge, the value of Message
Age is 0. Otherwise, the value of Message Age is the total time spent to
transmit the BPDU from the root bridge to the local bridge, including the
transmission delay. In real world situations, the Message Age value of a
configuration BPDU increases by 1 each time the configuration BPDU passes
through a bridge.
Table 14-5 provides the timer values defined in IEEE 802.1D.

Table 14-5 Values of STP timer parameters

Parameter Default Value Value Range

Hello Time 200 centiseconds (2 100-1000

seconds)

Max Age 2000 centiseconds (20 600-4000

seconds)

Forward Delay 1500 centiseconds (15 400-3000

seconds)

14.2.3 BPDU Format

A BPDU carries the BID, root path cost, and PID. There are two types of STP
BPDUs:
● Configuration BPDUs are heartbeat packets. STP-enabled designated ports
send configuration BPDUs at Hello intervals.
● Topology Change Notification (TCN) BPDUs are sent only after a device
detects a network topology change.
A BPDU is encapsulated in an Ethernet frame. Its destination MAC address is a
multicast MAC address 01-80-C2-00-00-00. The Length field specifies the number
of bytes of the Data field (excluding the CRC field). The LLC header and BPDU
packet header are appended to the Length field in sequence. Figure 14-6 shows
the Ethernet frame format.

Figure 14-6 Format of an Ethernet frame

6 bytes 6 bytes 2 bytes 3 bytes 43-1497 bytes 4 bytes

DMAC SMAC Length LLC Data CRC

Configuration BPDU
Configuration BPDUs are used most commonly and are sent to exchange topology
information among STP devices.
Each bridge actively sends configuration BPDUs during initialization. After the
network topology becomes stable, the designated port of each device periodically
sends configuration BPDUs. A configuration BPDU is at least 35 bytes long,

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 668

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

including the parameters such as the BID, root path cost, and PID. A bridge
processes a received configuration BPDU only when it finds that at least one of
the sender BID and PID is different from that on the local receive port. If both
fields are the same as those on the receive port, the bridge drops the
configuration BPDU. In this way, the bridge does not need to process BPDUs with
the same information as the local port.

A configuration BPDU is sent in one of the following scenarios:

● After STP is enabled on ports of a device, the designated port on the device
sends configuration BPDUs at Hello intervals.
● When a root port receives a configuration BPDU with a priority higher than
that of its own configuration BPDU, the device where the root port resides
updates the configuration BPDU information stored on its STP ports based on
the information in the received configuration BPDU and sends the
information to a downstream device through a designated port. In contrast, if
the root port receives a configuration BPDU with a priority lower than that of
its own configuration BPDU, the root port discards the received configuration
BPDU.
● When a designated port receives an inferior configuration BPDU, the
designated port immediately sends its own configuration BPDU to the
downstream device.

Table 14-6 describes fields in a BPDU.

Table 14-6 Fields in a BPDU

Field Byte Description

s

Protocol Identifier 2 The value is fixed at 0, representing a spanning tree

protocol.

Protocol Version 1 The value is fixed at 0, representing the STP protocol

Identifier

BPDU Type 1 Indicates the type of a BPDU. The value is one of the
following:
● 0x00: configuration BPDU
● 0x80: TCN BPDU

Flags 1 Indicates whether the network topology has

changed.
● The rightmost bit is the Topology Change (TC)
flag.
● The leftmost bit is the Topology Change
Acknowledgment (TCA) flag.

Root Identifier 8 Indicates the BID of the current root bridge.

Root Path Cost 4 Indicates the accumulated path cost from a port to
the root bridge.

Bridge Identifier 8 Indicates the BID of the bridge that sends the BPDU.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 669

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Field Byte Description

s

Port Identifier 2 Indicates the ID of the port that sends the BPDU.

Message Age 2 Records the time that has elapsed since the original
BPDU was generated on the root bridge.
If the configuration BPDU is sent from the root
bridge, the value of Message Age is 0. Otherwise, the
value of Message Age is the total time spent to
transmit the BPDU from the root bridge to the local
bridge, including the transmission delay. In real
world situations, the Message Age value of a
configuration BPDU increases by 1 each time the
configuration BPDU passes through a bridge.

Max Age 2 Indicates the aging time of a BPDU.

Hello Time 2 Indicates the interval at which BPDUs are sent.

Forward Delay 2 Indicates the period during which a port stays in the
Listening and Learning states.

Figure 14-7 shows the Flags field. Only the leftmost and rightmost bits are used
in STP.

Figure 14-7 Format of the Flags field

Reserved

Bit7 Bit0

TCA (Topology Change TC (Topology

Acknowledgment flag) Change flag)

TCN BPDU
A TCN BPDU contains only three fields: Protocol Identifier, Version, and Type, as
shown in Table 14-6. The Type field is four bytes long and is fixed at 0x80.
When the network topology changes, TCN BPDUs are transmitted upstream until
they reach the root bridge. A TCN BPDU is sent in either of the following
scenarios:
● A port transitions to the Forwarding state.
● A designated port receives a TCN BPDU and sends a copy to the root bridge.

14.2.4 STP Topology Calculation

After STP is enabled on all devices on a network, all devices consider themselves
the root bridge. They only transmit and receive BPDUs and do not forward user

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 670

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

traffic. All ports on the devices are in Listening state. Then the devices select the
root bridge, root ports, and designated ports based on configuration BPDUs.

BPDU Exchange
Figure 14-8 shows the initial information exchange process. The four parameters
in a pair of brackets represent the root ID (S1_MAC and S2_MAC are BIDs of the
two devices), root path cost, sender BID, and PID carried in configuration BPDUs.
Configuration BPDUs are sent at Hello intervals.

Figure 14-8 Initial BPDU exchange

{S1_MAC,0,S1_MAC,A_PID}

A B
S1 {S2_MAC,0,S2_MAC,B_PID} S2

STP Algorithm Implementation

1. Initialization
Because each bridge considers itself the root bridge, the BPDU sent from a
port is set as follows:
The root ID is the BID of the local bridge, the root path cost is the
accumulative path cost from the port to the local bridge, the sender BID is the
BID of the local bridge, and the PID is the ID of the port that sends the BPDU.
2. Root bridge election
During network initialization, every device considers itself the root bridge and
sets the root ID to its own BID. Then devices exchange configuration BPDUs
and compare their root IDs to find the device with the smallest BID, which
finally becomes the root bridge.
3. Root port and designated port selection
Table 14-7 describes the process of selecting the root port and designated
port.

Table 14-7 Selecting the root port and designated port

St Process
ep

1 A non-bridge device selects the port that receives the optimal

configuration BPDU as the root port. Table 14-8 describes the process
of selecting the optimal configuration BPDU.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 671

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

St Process
ep

2 The device generates a configuration BPDU for each port and

calculates the fields in the configuration BPDU based on the
configuration BPDU on the root port and path cost of the root port:
● Replaces the root ID with the root ID in the configuration BPDU on
the root port.
● Replaces the root path cost with the sum of the root path cost in
configuration BPDU on the root port and the path cost of the root
port.
● Replaces the sender BID with the local BID.
● Replaces the PID with the local port ID.

3 The device compares the calculated configuration BPDU with the

configuration BPDU received on the port:
● If the calculated configuration BPDU is superior, the port is selected
as the designated port and periodically sends the calculated
configuration BPDU.
● If the port's own configuration BPDU is superior, the configuration
BPDU on the port is not updated and the port is blocked. After
that, the port only receives BPDUs, and does not forward data or
send BPDUs.

Table 14-8 Selecting the optimal configuration BPDU

St Process
ep

1 Each port compares the received configuration BPDU with its own
configuration BPDU:
● If the received configuration BPDU is inferior, the port discards the
received configuration BPDU and retains its own configuration
BPDU.
● If the received configuration BPDU is superior, the port replaces its
own configuration BPDU with the received one.
● If the received configuration BPDU is the same, the port discards
the received configuration BPDU.

2 The device compares configuration BPDUs on all the ports and selects
the optimal one.

Example of STP Topology Calculation

After the root bridge, root ports, and designated ports are selected successfully, a
tree topology is set up on the entire network. The following example illustrates
how STP calculation is implemented.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 672

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Figure 14-9 STP networking and calculated topology

DeviceA
Priority=0 DeviceA

Port A1 Port A2 Root Bridge

STP Topology
Calculation

Pa
=5

th
st

co
co

st
th

=1
Pa

0
Port B1 Port C1
Path cost=4
Port B2 Port C2
DeviceB DeviceC DeviceC
DeviceB
Priority=1 Priority=2
root port
designated port
blocked port

As shown in Figure 14-9, DeviceA, DeviceB, and DeviceC are deployed on the
network, with priorities 0, 1, and 2, respectively. The path costs between DeviceA
and DeviceB, DeviceA and DeviceC, and DeviceB and DeviceC are 5, 10, and 4,
respectively.

1. Initial state of each device

Table 14-9 lists the initial state of each device.

Table 14-9 Initial state of each device

Device Port Configuration BPDU

DeviceA Port A1 {0, 0, 0, Port A1}

Port A2 {0, 0, 0, Port A2}

DeviceB Port B1 {1, 0, 1, Port B1}

Port B2 {1, 0, 1, Port B2}

DeviceC Port C1 {2, 0, 2, Port C1}

Port C2 {2, 0, 2, Port C2}

2. Configuration BPDU comparison and result

Table 14-10 describes configuration BPDU comparison process and result.
NOTE
The fields in a configuration BPDU are {root ID, root path cost, sender BID, PID}.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 673

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Table 14-10 Topology calculation process and result

Dev Comparison Configuration BPDU
ice After Comparison

Dev ● Port A1 receives the configuration BPDU ● Port A1: {0, 0, 0,

iceA {1, 0, 1, Port B1} from Port B1 and finds Port A1}
it inferior to its own configuration BPDU ● Port A2: {0, 0, 0,
{0, 0, 0, Port A1}, so Port A1 discards Port A2}
the received configuration BPDU.
● Port A2 receives the configuration BPDU
{2, 0, 2, Port C1} from Port C1 and finds
it inferior to its own configuration BPDU
{0, 0, 0, Port A2} superior, so Port A2
discards the received configuration
BPDU.
● DeviceA finds that the root bridge and
designated bridge specified in the
configuration BPDUs on its ports are
both itself. Therefore, DeviceA considers
itself as the root bridge and periodically
sends configuration BPDUs from each
port without modifying the BPDUs.

Dev ● Port B1 receives the configuration BPDU ● Port B1: {0, 0, 0, Port
iceB {0, 0, 0, Port A1} from Port A1 and finds A1}
it superior to its own configuration ● Port B2: {1, 0, 1, Port
BPDU {1, 0, 1, Port B1}, so Port B1 B2}
updates its configuration BPDU.
● Port B2 receives the configuration BPDU
{2, 0, 2, Port C2} from Port C2 and finds
it inferior to its own configuration BPDU
{1, 0, 1, Port B2}, so Port B2 discards the
received configuration BPDU.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 674

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Dev Comparison Configuration BPDU

ice After Comparison

● DeviceB compares the configuration ● Root port (Port B1):

BPDU on each port and finds that Port {0, 0, 0, Port A1}
B1 has optimal configuration BPDU. ● Designated port
DeviceB selects Port B1 as the root port (Port B2): {0, 5, 1,
and retains the configuration BPDU on Port B2}
Port B1.
● DeviceB calculates the configuration
BPDU {0, 5, 1, Port B2} for Port B2
based on the configuration BPDU and
path cost of the root port, and
compares the calculated configuration
BPDU with the original configuration
BPDU {1, 0, 1, Port B2} on Port B2. The
calculated configuration BPDU is
superior to the original one, so DeviceB
selects Port B2 as the designated port,
replaces Port B2's configuration BPDU
with the calculated one, and periodically
sends the configuration BPDU from Port
B2.

Dev ● Port C1 receives the configuration BPDU ● Port C1: {0, 0, 0, Port
iceC {0, 0, 0, Port A2} from Port A2 and finds A2}
it superior to its own configuration ● Port C2: {1, 0, 1, Port
BPDU {0, 0, 0, Port C1}, so Port C1 B2}
updates its configuration BPDU.
● Port C2 receives the configuration BPDU
{1, 0, 1, Port B2} from Port B2 and finds
it superior to its own configuration
BPDU {1, 0, 1, Port C2}, so Port C2
updates its configuration BPDU.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 675

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Dev Comparison Configuration BPDU

ice After Comparison

● DeviceC compares the configuration ● Root port (Port C1):

BPDU on each port and finds that the {0, 0, 0, Port A2}
configuration BPDU on Port C1 is ● Designated port
optimal. DeviceC selects Port C1 as the (Port C2): {0, 10, 2,
root port and retains the configuration Port C2}
BPDU on Port C1.
● DeviceC calculates the configuration
BPDU {0, 10, 2, Port C2} for Port C2
based on the configuration BPDU and
path cost of the root port, and
compares the calculated configuration
BPDU with the original configuration
BPDU {1, 0, 1, Port B2} on Port C2. The
calculated configuration BPDU is
superior to the original one, so DeviceC
selects Port C2 as the designated port
and replaces its configuration BPDU
with the calculated one.

● Port C2 receives the configuration BPDU ● Port C1: {0, 0, 0, Port

{0, 5, 1, Port B2} from Port B2 and finds A2}
it superior to its own configuration ● Port C2: {0, 5, 1, Port
BPDU {0, 10, 2, Port C2}, so Port C2 B2}
updates its configuration BPDU.
● Port C1 receives the configuration BPDU
{0, 0, 0, Port A2} from Port A2 and finds
it the same as its own configuration
BPDU, so Port C1 discards the received
configuration BPDU.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 676

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Dev Comparison Configuration BPDU

ice After Comparison

● The root path cost of Port C1 is 10 (root ● Blocked port (Port

path cost 0 in the received configuration C1): {0, 0, 0, Port
BPDU plus the link patch cost 10), and A2}
the root path cost of Port C2 is 9 (root ● Root port (Port C2):
path cost 5 in the received configuration {0, 5, 1, Port B2}
BPDU plus the link patch cost 4).
DeviceC finds that Port C2 has a smaller
root path cost and therefore considers
the configuration BPDU of Port C2
superior to that of Port C1. DeviceC
then selects Port C2 as the root port
and retains its configuration BPDU.
● DeviceC calculates the configuration
BPDU {0, 9, 2, Port C1} for Port C1
based on the configuration BPDU and
path cost of the root port, and finds the
calculated configuration BPDU inferior
to the original configuration BPDU {0, 0,
0, Port A2} on Port C1. DeviceC blocks
Port C1 and does not update its
configuration BPDU. Port C1 no longer
forwards data until STP recalculation is
triggered, for example, when the link
between DeviceB and DeviceC is Down.

After the topology becomes stable, the root bridge still sends configuration BPDUs
at a specific interval. If the received configuration BPDU is superior, a non-root
bridge replaces the configuration BPDU on the corresponding port with the
received configuration BPDU. If the received configuration BPDU is inferior or the
same, a non-root bridge discards the received configuration BPDU.

STP Topology Changes

Figure 14-10 shows the packet transmission process after an STP topology
change.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 677

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Figure 14-10 Packet transmission after a topology change

Root Bridge Root Bridge

1. When the status of the interface at point T changes, a downstream device

continuously sends TCN BPDUs to the upstream device.
2. The upstream device processes only the TCN BPDUs received on the
designated port and drops TCN BPDUs on other ports.
3. The upstream device sets the TCA bit of the Flags field in the configuration
BPDUs to 1 and returns the configuration BPDUs to instruct the downstream
device to stop sending TCN BPDUs.
4. The upstream device sends a copy of the TCN BPDUs toward the root bridge.
5. Steps 1, 2, 3 and 4 are repeated until the root bridge receives the TCN BPDUs.
6. The root bridge sets the TC and TCA bits of the Flags field in the configuration
BPDUs to 1. The TC bit of 1 indicates that the root bridge notifies the
downstream device of deleting MAC address entries, and the TCA bit of 1
indicates that the root bridge notifies the downstream device of stopping
sending TCN BPDUs.

NOTE

● TCN BPDUs are used to inform the upstream device and root bridge of topology
changes.
● Configuration BPDUs with the TCA bit set to 1 are used by the upstream device to
inform the downstream device that the topology changes are known and instruct the
downstream device to stop sending TCN BPDUs.
● Configuration BPDUs with the TC bit set to 1 are used by the upstream device to inform
the downstream device of topology changes and instruct the downstream device to
delete MAC address entries. In this manner, fast network convergence is achieved.

14.2.5 Improvements in RSTP

In 2001, IEEE 802.1w was published to introduce the Rapid Spanning Tree Protocol
(RSTP), an extension of the Spanning Tree Protocol (STP). RSTP was developed
based on STP and makes supplements and modifications to STP.

Disadvantages of STP
STP ensures a loop-free network but has a slow network topology convergence
speed, leading to service quality deterioration. If the network topology changes

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 678

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

frequently, connections on the STP network are frequently torn down, causing
frequent service interruption. This is unacceptable to users.
STP has the following disadvantages:
● STP does not distinguish port states and port roles clearly, making it difficult
for less experienced administrators to learn and deploy this protocol.
A network protocol that clearly defines and distinguishes different situations
outperforms the others that fail to do so.
– Ports in the Listening, Learning, and Blocking states are the same to users
because they are all prevented from forwarding service traffic.
– From the perspective of port use and configuration, the essential
differences between ports lie in the port roles rather than port states.
Both root and designated ports can be in Listening state or Forwarding
state, so the ports cannot be distinguished by their states.
● The STP algorithm determines topology changes after the timer expires,
which slows down network convergence.
● The STP algorithm requires that the root bridge should send configuration
BPDUs after the network topology becomes stable, and other devices process
and spread the configuration BPDUs to the entire network. This also slows
down topology convergence.

Improvements Made in RSTP

RSTP deletes three port states, defines two new port roles, and distinguishes port
attributes based on port states and roles. In addition, RSTP provides enhanced
features and protection measures to ensure network stability and fast
convergence.
● More port roles are defined to simplify the learning and deployment of the
protocol.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 679

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Figure 14-11 Diagram of port roles

S1
root bridge

B A

S2 S3
A A a

S1
root bridge

B A

S2 S3
A a
B A
b

root port
designated port

Alternate port
Backup port

As shown in Figure 14-11, RSTP defines four port roles: root port, designated
port, alternate port, and backup port.
The functions of the root port and designated port are the same as those
defined in STP. The alternate port and backup port are described as follows:
– From the perspective of configuration BPDU transmission:

▪ An alternate port is blocked after learning a configuration BPDU sent

by another bridge.

▪ A backup port is blocked after learning a configuration BPDU sent by

itself.
– From the perspective of user traffic:

▪ An alternate port acts as a backup of the root port and provides an

alternate path from the designated bridge to the root bridge.

▪ A backup port acts as a backup of the designated port and provides

a backup path from the root bridge to the related network segment.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 680

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

After roles of all RSTP ports are determined, the topology convergence is
completed.
● RSTP redefines port states.
RSTP deletes two port states defined in STP and reduces the number of port
states to 3. Depending on whether a port can forward user traffic and learn
MAC addresses, the port may be in any of the following states:
– If the port does not forward user traffic or learn MAC addresses, it is in
the Discarding state.
– If the port does not forward user traffic but learns MAC addresses, it is in
the Learning state.
– If the port forwards user traffic and learns MAC addresses, it is in the
Forwarding state.
Table 14-11 compares the port states defined in STP and RSTP. Port states are
not necessarily related to port roles. Table 14-11 lists possible states for
different port roles.

Table 14-11 Comparison between port states defined in STP and RSTP
STP Port State RSTP Port State Port Role

Forwarding Forwarding Root port or designated port

Learning Learning Root port or designated port

Listening Discarding Root port or designated port

Blocking Discarding Alternate port or backup port

Disabled Discarding -

● RSTP changes the configuration BPDU format and uses the Flags field to
describe port roles.
RSTP retains the basic configuration BPDU format defined in STP and makes
minor changes:
– The value of the Type field is changed from 0 to 2. Devices running STP
will drop the configuration BPDUs sent from devices running RSTP.
– The Flags field uses the six bits reserved in STP. This configuration BPDU
is called an RST BPDU. Figure 14-12 shows the Flags field in an RST
BPDU.

Figure 14-12 Format of the Flags field in an RST BPDU

Bit7 Bit6 Bit5 Bit4 Bit3 Bit2 Bit1 Bit0
TCA Agreement Forwarding Learning Port role Proposal TC

Topology Change Topology

Acknowledgment flag Change flag
Port role = 00 Unknown
01 Alternate/Backup port
10 Root port
11 Designated port

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 681

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

● Configuration BPDUs are processed in a different way.

– Configuration BPDU transmission
In STP, the root bridge sends configuration BPDUs at Hello intervals after
the topology becomes stable. Non-root bridges send configuration BPDUs
only after they receive configuration BPDUs from upstream devices. This
complicates the STP calculation and slows down network convergence.
RSTP allows non-root bridges to send configuration BPDUs at Hello time
intervals after the topology becomes stable, regardless of whether they
have received configuration BPDUs from the root bridge.
– BPDU timeout period
In STP, a device has to wait a Max Age period before determining a
negotiation failure. In RSTP, a device determines that the negotiation
between its port and the upstream device has failed if the port does not
receive any configuration BPDUs sent from the upstream device within
the timeout interval (Hello Time x 3 x Timer Factor).
– Processing of inferior BPDUs
When an RSTP port receives an RST BPDU from the upstream designated
bridge, the port compares the received RST BPDU with its own RST BPDU.
If its own RST BPDU is superior to the received one, the port discards the
received RST BPDU and immediately responds to the upstream device
with its own RST BPDU. After receiving the RST BPDU, the upstream
device replaces its own RST BPDU with the received RST BPDU.
In this manner, RSTP processes inferior BPDUs more rapidly, independent
of any timer.
● Rapid convergence
– Proposal/agreement mechanism
In STP, a port that is selected as a designated port needs to wait at least
one Forward Delay interval (Learning state) before it enters the
Forwarding state. In RSTP, such a port enters the Discarding state, and
then the proposal/agreement mechanism allows the port to immediately
enter the Forwarding state. The proposal/agreement mechanism must be
applied on P2P links in full-duplex mode.
For details, see 14.2.6 RSTP Technology Details.
– Fast switchover of the root port
If a root port fails, the best alternate port becomes the root port and
enters Forwarding state. This is because the network segment connected
to this alternate port has a designated port connected to the root bridge.
When the port role changes, the network topology changes accordingly.
For details, see 14.2.6 RSTP Technology Details.
– Edge ports
In RSTP, a designated port on the network edge is called an edge port. An
edge port directly connects to a terminal and does not connect to any
other switching devices.
An edge port does not participate in RSTP calculation. This port can
transition from Disable to Forwarding state immediately without a delay.
An edge port becomes a common STP port once it is connected to a

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 682

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

switching device and receives a configuration BPDU. The spanning tree

needs to be recalculated, causing network flapping.
● Protection functions
RSTP provides the following functions:
– BPDU protection
On a switching device, ports directly connected to a user terminal such as
a PC or file server are edge ports. Usually, no RST BPDUs are sent to edge
ports. If a switching device receives bogus RST BPDUs on an edge port,
the switching device automatically sets the edge port to a non-edge port
and performs STP calculation. This causes network flapping.
BPDU protection enables a switching device to set the state of an edge
port to error-down if the edge port receives an RST BPDU. In this case,
the port remains the edge port, and the switching device sends a
notification to the NMS.
– Root protection
The root bridge on a network may receive superior RST BPDUs due to
incorrect configurations or malicious attacks. When this occurs, the root
bridge can no longer serve as the root bridge, causing an incorrect
change of the network topology. As a result, traffic may be switched from
high-speed links to low-speed links, leading to network congestion.
If root protection is enabled on a designated port, the port role cannot be
changed. When the designated port receives a superior RST BPDU, the
port enters the Discarding state and does not forward packets. If the port
does not receive any superior RST BPDUs within a period (generally two
Forward Delay periods), the port automatically enters the Forwarding
state.
NOTE

Root protection takes effect only on designated ports.

– Loop protection
On an RSTP network, a switching device maintains the states of the root
port and blocked ports based on RST BPDUs received from the upstream
switching device. If the ports cannot receive RST BPDUs from the
upstream switching device because of link congestion or unidirectional
link failures, the switching device re-selects a root port. Then, the
previous root port becomes a designated port and the blocked ports
change to the Forwarding state. As a result, loops may occur on the
network.
As shown in Figure 14-13, when the link between BP2 and CP1 is
congested, the root port CP1 on DeviceC cannot receive BPDUs from the
upstream device. After a specified period, the alternate port CP2 becomes
the root port and CP1 becomes the designated port. As a result, a loop
occurs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 683

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Figure 14-13 Topology change upon link congestion

DeviceA DeviceA

Root Bridge Root Bridge

AP1 AP2 AP1 AP2

BP1 CP2 BP1 CP2

BP2 CP1 BP2 CP1

DeviceB DeviceC DeviceB DeviceC
a. The link is normal. b. Congestion occurs in the link.

root port
designated port
Alternate port

If the root port or alternate port does not receive BPDUs from the
upstream device for a long time, the switch enabled with loop protection
sends a notification to the NMS. The root port enters the Discarding state
and becomes the designated port, whereas the alternate port keeps
blocked and becomes the designated port. In this case, loops will not
occur. After the link is not congested or unidirectional link failures are
rectified, the port receives BPDUs for negotiation and restores its original
role and status.
NOTE

Loop protection takes effect only on the root port and alternate ports.
– TC BPDU attack defense
A switching device deletes its MAC address entries and ARP entries after
receiving TC BPDUs. If an attacker sends a large number of bogus TC
BPDUs to the switching device in a short time, the device frequently
deletes MAC address entries and ARP entries. This increases the load on
the switching device and threatens network stability.
After enabling TC BPDU attack defense on a switching device, you can set
the number of times the device processes TC BPDUs within a given time.
If the number of TC BPDUs that the switching device receives within the
given time exceeds the specified threshold, the switching device processes
only the specified number of TC BPDUs. Excess TC BPDUs are processed
by the switching device as a whole after the specified period expires. This
function prevents the switching device from frequently deleting its MAC
address entries and ARP entries.

14.2.6 RSTP Technology Details

The Proposal/Agreement mechanism enables a designated port to enter the
Forwarding state quickly. As shown in Figure 14-14, root bridge S1 establishes a

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 684

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

link with S2. On S2, p2 is an alternate port; p3 is a designated port and is in the
Forwarding state; p4 is an edge port.

Figure 14-14 Proposal/Agreement negotiation process

S1

p0 1 Proposal
3 Agreement

p1

S2
p2 E p4
p3

2 sync 2 sync 2 sync

(Leaves the port (Leaves the port
(Blocks the port)
state unchanged) state unchanged)

Designated port
Alternate port
E Edge port

The Proposal/Agreement mechanism works as follows:

1. p0 and p1 become designated ports and send RST BPDUs to each other.
2. The RST BPDU sent from p0 is superior to that of p1, so p1 becomes a root
port and stops sending RST BPDUs.
3. p0 enters the Discarding state and sets the Proposal and Agreement field in
its RST BPDU to 1.
4. After S2 receives an RST BPDU with the Proposal field set to 1, it sets the sync
variable to 1 for all its ports.
5. As p2 has been blocked, its state remains unchanged. p4 is an edge port and
does not participate in calculation. Therefore, only the non-edge designated
port p3 needs to be blocked.
6. After the synced variable of each port is set to 1, p2 and p3 enter the
Discarding state, and p1 enters the Forwarding state and returns an RST
BPDU with the Agreement field being set to 1 to S1.
7. After S1 receives this RST BPDU, it identifies that the RST BPDU is a response
to the proposal that it has sent. Then p0 immediately enters the Forwarding
state.

The proposal/agreement process can proceed to downstream devices.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 685

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

STP can select designated ports quickly; however, to prevent loops, all ports must
wait at least one Forward Delay interval before starting data forwarding. RSTP
blocks non-root ports to prevent loops and uses the proposal/agreement
mechanism to shorten the time that an upstream port waits before transitioning
to the Forwarding state.

NOTE

The proposal/agreement mechanism applies only to P2P full-duplex links between two
switching devices. When proposal/agreement fails, a designated port is elected after two
Forward Delay intervals, same as designated port election in STP mode.

RSTP Topology Changes

RSTP considers that the network topology has changed when a non-edge port
transitions to the Forwarding state.
When detecting a topology change, RSTP devices react as follows:
● The local device starts a TC While timer on each non-edge designated port
and root port. The TC While timer value is twice the Hello Time value.
Within the TC While time, the local device clears MAC address entries learned
on all ports.
At the same time, the non-edge designated ports and root ports send out RST
BPDUs with the TC bit set to 1. When the TC While timer expires, the ports
stop sending RST BPDUs.
● When other switching devices receive RST BPDUs, they clear MAC address
entries learned on all their ports except the ports that receive the RST BPDUs.
These switching devices also start a TC While timer on each non-edge
designated port and root port and repeat the preceding process.
RST BPDUs are then flooded on the entire network.

Interoperability with STP

RSTP can interoperate with STP, but its advantages such as fast convergence are
lost when it interoperates with STP.
On a network with both STP-capable and RSTP-capable devices, STP-capable
devices drop RST BPDUs. If a port on an RSTP-capable device receives a
configuration BPDU from an STP-capable device, the port switches to the STP
mode and starts to send configuration BPDUs after two Hello intervals.
After STP-capable devices are removed, Huawei RSTP-capable devices can switch
back to the RSTP mode.

14.3 Application Scenarios for STP

STP Application
Loops often occur on a complex network, because multiple physical links are often
deployed between two devices to implement link redundancy. Loops may cause
broadcast storms and damage MAC address entries on network devices.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 686

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Figure 14-15 Typical STP application

Network

PE1 Root PE2

Bridge

STP

CE1 CE2

PC1 PC2
Blocked port

As shown in Figure 14-15, STP is deployed on the devices. The devices exchange
information to discover loops on the network and block a port to trim the ring
topology into a loop-free tree topology. The tree topology prevents infinite looping
of packets on the network and ensures packet processing capabilities of the
devices.

14.4 Summary of STP/RSTP Configuration Tasks

Table 14-12 summarizes STP/RSTP configuration tasks.

Table 14-12 STP/RSTP configuration tasks

Scenario Description Task

Configuring basic STP/ Configure STP/RSTP on 14.7 Configuring STP/

RSTP functions switching devices on a RSTP
network to trim the
network into a tree
topology free from loops.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 687

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Scenario Description Task

Setting STP parameters STP cannot implement 14.8 Setting STP

that affect STP rapid convergence. Parameters That Affect
convergence However, you can set STP Convergence
STP parameters,
including the network
diameter, timeout
interval, Hello timer
value, Max Age timer
value, and Forward
Delay timer value to
speed up convergence.

Setting RSTP parameters RSTP supports link type 14.9 Setting RSTP
that affect RSTP and fast transition Parameters that Affect
convergence configuration on ports to RSTP Convergence
implement rapid
convergence.

Configuring RSTP You can configure one or 14.10 Configuring RSTP

protection functions more functions RSTP Protection Functions
protection functions on a
Huawei device.

Setting parameters for To implement 14.11 Setting

interoperation between interoperation between a Parameters for
Huawei and non-Huawei Huawei device and a Interoperation Between
devices non-Huawei device, Huawei and Non-
select the fast transition Huawei Devices
mode based on the
Proposal/Agreement
mechanism of the non-
Huawei device.

14.5 Licensing Requirements and Limitations for STP/

RSTP
Involved Network Elements
Other network elements also need to support STP or RSTP.

Licensing Requirements
STP or RSTP configuration commands are available only after the S1720GW,
S1720GWR, and S1720X have the license (WEB management to full management
Electronic RTU License) loaded and activated and the switches are restarted. STP
or RSTP configuration commands on other models are not under license control.
For details about how to apply for a license, see S Series Switch License Use
Guide.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 688

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Version Requirements

Table 14-13 Products and versions supporting STP or RSTP

Product Product Software Version
Model

S1700 S1720GFR V200R006C10, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S1720GW, V200R010C00, V200R011C00, V200R011C10

S1720GWR

S1720GW- V200R010C00, V200R011C00, V200R011C10

E,
S1720GWR
-E

S1720X, V200R011C00, V200R011C10

S1720X-E

Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.

S2700 S2700SI V100R005C01, V100R006(C00&C01&C03&C05)

S2700EI V100R005C01, V100R006(C00&C01&C03&C05)

S2710SI V100R006(C03&C05)

S2720EI V200R006C10, V200R009C00, V200R010C00,

V200R011C10

S2750EI V200R003C00, V200R005C00SPC300, V200R006C00,

V200R007C00, V200R008C00, V200R009C00,
V200R010C00, V200R011C00, V200R011C10

S3700 S3700SI V100R005C01, V100R006(C00&C01&C03&C05)

S3700EI V100R005C01, V100R006(C00&C01&C03&C05)

S3700HI V100R006C01, V200R001C00

S5700 S5700LI V200R001C00, V200R002C00,

V200R003(C00&C02&C10), V200R005C00SPC300,
V200R006C00, V200R007C00, V200R008C00,
V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5700S-LI V200R001C00, V200R002C00, V200R003C00,

V200R005C00SPC300, V200R006C00, V200R007C00,
V200R008C00, V200R009C00, V200R010C00,
V200R011C00, V200R011C10

S5710-C-LI V200R001C00

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 689

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Product Product Software Version

Model

S5710-X-LI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S5700EI V100R005C01, V100R006(C00&C01),

V200R001(C00&C01), V200R002C00, V200R003C00,
V200R005(C00&C01&C02&C03)

S5700SI V100R005C01, V100R006C00, V200R001C00,

V200R002C00, V200R003C00, V200R005C00

S5710EI V200R001C00, V200R002C00, V200R003C00,

V200R005(C00&C02)

S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10

S5720LI, V200R010C00, V200R011C00, V200R011C10

S5720S-LI

S5720SI, V200R008C00, V200R009C00, V200R010C00,

S5720S-SI V200R011C00, V200R011C10

S5700HI V100R006C01, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00SPC500&C01&C02)

S5710HI V200R003C00, V200R005(C00&C02&C03)

S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5730SI V200R011C10

S5730S-EI V200R011C10

S6700 S6700EI V100R006C00, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00&C01&C02)

S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, V200R011C00, V200R011C10

S6720S-LI

S6720SI, V200R011C00, V200R011C10

S6720S-SI

NOTE
To know details about software mappings, see Hardware Query Tool.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 690

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Feature Limitations
When STP or RSTP is enabled on a ring network, STP or RSTP immediately starts
spanning tree calculation. Parameters such as the device priority and port priority
affect spanning tree calculation, and the change of these parameters may cause
network flapping. To ensure fast and stable spanning tree calculation, configure
parameters such as the device priority and port priority before enabling STP or
RSTP.

On a switch enabled with a spanning tree protocol, when a terminal connects to

the switch, spanning tree calculation is performed again. As a result, it takes a
long period of time for the terminal to obtain an IP address. In this case, disable
the spanning tree protocol on the switch port connected to the terminal or
configure this switch port as the edge port.

14.6 Default Settings for STP/RSTP

Parameter Default Setting

Working mode MSTP

STP/RSTP status Enabled globally and on an interface

Switching device priority 32768

Port priority 128

Algorithm used to calculate dot1t, IEEE 802.1t

the path cost

Forward Delay 1500 centiseconds (15 seconds)

Hello Time 200 centiseconds (2 seconds)

Max Age 2000 centiseconds (20 seconds)

14.7 Configuring STP/RSTP

14.7.1 Configuring the STP/RSTP Mode

Context
A switching device supports three working modes: STP, RSTP, and MSTP. Use the
STP mode on a ring network running only STP, and use the RSTP mode on a ring
network running only RSTP.

Procedure
Step 1 Run system-view

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 691

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

The system view is displayed.

Step 2 Run stp mode { stp | rstp }
The working mode of the switching device is set to STP or RSTP.
By default, the working mode of a switching device is MSTP. MSTP is compatible
with STP and RSTP.

----End

14.7.2 (Optional) Configuring the Root Bridge and Secondary

Root Bridge
Context
The root bridge of a spanning tree is automatically calculated. You can also
manually specify a root bridge or secondary root bridge.
● A spanning tree can have only one effective root bridge. When two or more
devices are specified as root bridges for a spanning tree, the device with the
smallest MAC address is elected as the root bridge.
● You can specify multiple secondary root bridges for each spanning tree. When
the root bridge fails or is powered off, a secondary root bridge becomes the
new root bridge. If a new root bridge is specified, the secondary root bridge
will not become the root bridge. If there are multiple secondary root bridges,
the one with the smallest MAC address becomes the root bridge of the
spanning tree.

NOTE
It is recommended that you specify the root bridge and secondary root bridge when
configuring STP/RSTP.

Procedure
● Perform the following operations on the device to be used as the root bridge.
a. Run system-view
The system view is displayed.
b. Run stp root primary
The device is configured as the root bridge.
By default, a switching device does not function as the root bridge. After
you run this command, the priority value of the device is set to 0 and
cannot be changed.
● Perform the following operations on the device to be used as the secondary
root bridge.
a. Run system-view
The system view is displayed.
b. Run stp root secondary
The device is configured as the secondary root bridge.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 692

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

By default, a switching device does not function as the secondary root

bridge. After you run this command, the priority value of the device is set
to 4096 and cannot be changed.

----End

14.7.3 (Optional) Setting a Priority for a Switching Device

Context
An STP/RSTP network can have only one root bridge, which is the logical center of
the spanning tree. The root bridge should be a high-performance switching device
deployed at a high network layer; however, such a device may not have the
highest priority on the network. Therefore, you need to set a high priority for such
a device to ensure that it can be selected as the root bridge.

Because low-performance devices at lower network layers are not suitable as the
root bridge, set low priorities for these devices.

A smaller priority value indicates a higher priority of the switching device. The
switching device with a higher priority is more likely to be elected as the root
bridge.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run stp priority priority

A priority is set for the switching device.

The default priority value of a switching device is 32768.

If the stp root primary or stp root secondary command has been executed to
configure the device as the root bridge or secondary root bridge, run the undo stp
root command to disable the root bridge or secondary root bridge function and
then run the stp priority priority command to set a priority.

----End

14.7.4 (Optional) Setting a Path Cost for a Port

Context
Path cost is the reference value used for link selection on an STP/RSTP network.

The path cost value range is determined by the calculation method. After the
calculation method is determined, it is recommended that you set smaller path
cost values for the ports with higher link rates.

In the Huawei calculation method, the link rate determines the recommended
value for the path cost. Table 14-14 lists the recommended path costs for ports
with different link rates.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 693

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Table 14-14 Mappings between link rates and path cost values
Link Rate Recommended Recommended Allowable Path
Path Cost Path Cost Range Cost Range

10 Mbit/s 2000 200 to 20000 1 to 200000

100 Mbit/s 200 20 to 2000 1 to 200000

1 Gbit/s 20 2 to 200 1 to 200000

10 Gbit/s 2 2 to 20 1 to 200000

Over 10 Gbit/s 1 1 to 2 1 to 200000

If a network has loops, it is recommended that you set a large path cost for ports
with low link rates. STP/RSTP then blocks these ports.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 (Optional) Run stp pathcost-standard { dot1d-1998 | dot1t | legacy }
A path cost calculation method is specified.
By default, the IEEE 802.1t standard (dot1t) is used to calculate the path cost.
All switching devices on a network must use the same path cost calculation
method.
Step 3 Run interface interface-type interface-number
The view of an interface participating in STP calculation is displayed.
Step 4 Run stp cost cost
A path cost is set for the interface.
● When the Huawei calculation method is used, cost ranges from 1 to 200000.
● When the IEEE 802.1d standard method is used, cost ranges from 1 to 65535.
● When the IEEE 802.1t standard method is used, cost ranges from 1 to
200000000.

----End

14.7.5 (Optional) Setting a Priority for a Port

Context
In spanning tree calculation, priorities of the ports in a ring affect designated port
election.
To block a port on a switching device, set a greater priority value than the default
priority value for the port.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 694

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The view of an interface participating in STP calculation is displayed.

Step 3 Run stp port priority priority

A priority is set for the interface.

The default priority value of a port on a switching device is 128.

----End

14.7.6 Enabling STP/RSTP

Context

NOTICE

After STP/RSTP is enabled on a ring network, spanning tree calculation starts

immediately on the network. Configurations on a switching device, such as the
device priority and port priority, affect spanning tree calculation. Any change to
these configurations may cause network flapping. To ensure rapid, stable spanning
tree calculation, perform basic configuration on the switching device and its ports
before enabling STP/RSTP.

Procedure
Step 1 Run system-view

The system view is displayed.

STP/RSTP-enabled devices calculate spanning trees by exchanging BPDUs.

Therefore, all the interfaces participating in spanning tree calculation must be
enabled to send BPDUs to the CPU for processing. By default, an interface is
enabled to send BPDUs to the CPU. You can run the bpdu enable command in
interface view to enable an interface to send BPDUs to the CPU. The S5720EI,
S5720HI, S6720EI, and S6720S-EI do not support the bpdu command.

Step 2 Run stp enable

STP/RSTP is enabled on the switching device.

By default, STP/RSTP is enabled on a device. If you specify a VLANIF interface of a

VLAN as the management network interface for an MSTP-enabled device, you can
run the ethernet-loop-protection ignored-vlan command to specify this VLAN as
an ignored VLAN. Then interfaces in the ignored VLAN will not enter the Blocking
state and stay in the Forwarding state. Therefore, services will not be interrupted
on these interfaces.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 695

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

NOTE

For the S1720GFR, S2750EI, S5700LI, and S5700S-LI, a maximum of 64 STP-enabled ports in Up
state are recommended. If there are more than 64 STP-enabled ports in Up state, the CPU may
be affected and faults such as protocol flapping may occur.
For the S1720GW, S1720GWR, S1720GW-E, S1720GWR-E, S2720EI, S5710-X-LI, S5720LI, S5720S-
LI, S5730SI, S5730S-EI, S1720X, S1720X-E, S6720LI, S6720S-LI, S6720SI, S6720S-SI, S5720SI, and
S5720S-SI, a maximum of 128 STP-enabled ports in Up state are recommended. If there are
more than 128 STP-enabled ports in Up state, the CPU may be affected and faults such as
protocol flapping may occur.
For the S5720EI, a maximum of 200 STP-enabled ports in Up state are recommended. If there
are more than 200 STP-enabled ports in Up state, the CPU may be affected and faults such as
protocol flapping may occur.
For the S5720HI, S6720EI, and S6720S-EI, a maximum of 256 STP-enabled ports in Up state are
recommended. If there are more than 256 STP-enabled ports in Up state, the CPU may be
affected and faults such as protocol flapping may occur.

----End

Follow-up Procedure
When the topology of a spanning tree changes, the forwarding paths for
associated VLANs are changed. Switching devices need to update the ARP entries
corresponding to those VLANs. Depending on how switching devices process ARP
entries, STP/RSTP convergence mode can be fast or normal.
● In fast mode, ARP entries to be updated are directly deleted.
● In normal mode, ARP entries to be updated are rapidly aged.
The remaining lifetime of ARP entries to be updated is set to 0 to immediately
age the ARP entries out. If the number of ARP aging probes is greater than 0,
the switching device performs aging probe for these ARP entries.
Run the stp converge { fast | normal } command in the system view to configure
the STP/RSTP convergence mode.
By default, the normal STP/RSTP convergence mode is used. The normal mode is
recommended. If the fast mode is used, ARP entries will be frequently deleted,
causing a high CPU usage (even 100%). As a result, network flapping will
frequently occur.

14.7.7 Verifying the STP/RSTP Configuration

Procedure
● Run the display stp [ interface interface-type interface-number | slot slot-id ]
[ brief ] command to view the spanning tree status and statistics.
----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 696

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

14.8 Setting STP Parameters That Affect STP

Convergence
STP cannot implement rapid convergence. However, STP parameters including the
network diameter, timeout interval, Hello timer value, Max Age timer value, and
Forward Delay timer value can affect the STP convergence speed.

Pre-configuration Tasks
Before setting STP parameters that affect STP convergence, configure basic STP
functions.

14.8.1 Setting the STP Network Diameter

Context
Any two terminals on a switching network are connected through a specific path
along multiple devices. The network diameter is the maximum number of devices
between any two terminals. A larger network diameter indicates a larger network
scale.

An improper network diameter may cause slow network convergence and affect
communication. Run the stp bridge-diameter command to set an appropriate
network diameter based on the network scale, which helps speed up convergence.

It is recommended that all devices be configured with the same network diameter.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run stp bridge-diameter diameter

The network diameter is configured.

By default, the network diameter is 7.

NOTE

● RSTP uses a single spanning tree instance on the entire network. As a result,
performance deterioration cannot be prevented when the network scale grows.
Therefore, the network diameter cannot be larger than 7.
● It is recommended that you run the stp bridge-diameter diameter command to set the
network diameter. Then, the switching device calculates the optimal Forward Delay
timer value, Hello timer value, and Max Age timer value based on the configured
network diameter.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 697

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

14.8.2 Setting the STP Timeout Interval

Context
If a device does not receive any BPDUs from the upstream device within the
timeout interval, the device considers the upstream device to have failed and
recalculates the spanning tree.

Sometimes, a device cannot receive the BPDU from the upstream device within
the timeout interval because the upstream device is busy. In this case,
recalculating the spanning tree will cause a waste of network resources. To avoid
wasting network resources, set a long timeout interval on a stable network.

If a switching device does not receive any BPDUs from the upstream device within
the timeout interval, spanning tree recalculation is performed. The timeout
interval is calculated as follows:

Timeout interval = Hello time x 3 x Timer Factor

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run stp timer-factor factor

The Timer Factor value is set. This parameter determines the timeout interval
during which the device waits for BPDUs from the upstream device.

By default, the timeout period is 9 times the Hello timer value.

----End

14.8.3 Setting the STP Timers

Context
The following timers are used in spanning tree calculation:
● Forward Delay: specifies the delay before a state transition. After the topology
of a ring network changes, it takes some time to spread the new
configuration BPDU throughout the entire network. As a result, the original
blocked port may be unblocked before a new port is blocked. When this
occurs, a loop exists on the network. You can set the Forward Delay timer to
prevent loops. When the topology changes, all ports will be temporarily
blocked during the Forward Delay.
● Hello Time: specifies the interval at which hello packets are sent. A device
sends configuration BPDUs at the specified interval to detect link failures. If
the switching device does not receive any BPDUs within the timeout period
(timeout period = Hello Time x 3 x Timer Factor), the device recalculates the
spanning tree.
● Max Age: determines whether BPDUs expire. A switching device determines
that a received configuration BPDU times out when the Max Age expires.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 698

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Devices on a ring network must use the same values of Forward Delay, Hello
Time, and Max Age.
You are not advised to directly change the preceding three timers. The three
parameters are relevant to the network scale; therefore, it is recommended that
you set the network diameter so that the spanning tree protocol automatically
adjusts these timers. When the default network diameter is used, the three timers
also retain their default values.

NOTICE

To prevent frequent network flapping, make sure that the Hello Time, Forward
Delay, and Max Age timer values conform to the following formulas:
● 2 x (Forward Delay - 1.0 second) ≥ Max Age
● Max Age ≥ 2 x (Hello Time + 1.0 second)

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Set the Forward Delay, Hello Time, and Max Age timers.
1. Run stp timer forward-delay forward-delay
The Forward Delay timer is set for the switching device.
By default, the Forward Delay timer is 1500 centiseconds (15 seconds).
2. Run stp timer hello hello-time
The Hello Time is set for the switching device.
By default, the Hello Time is 200 centiseconds (2 seconds).
3. Run stp timer max-age max-age
The Max Age timer is set for the switching device.
By default, the Max Age timer is 2000 centiseconds (20 seconds).

----End

14.8.4 Setting the Maximum Number of Connections in an

Eth-Trunk that Affects Spanning Tree Calculation
Context
The path costs affect spanning tree calculation. Changes of path costs trigger
spanning tree recalculation. The path cost of an interface is affected by its
bandwidth, so you can change the interface bandwidth to affect spanning tree
calculation.
As shown in Figure 14-16, deviceA and deviceB are connected through two Eth-
Trunk links. Eth-Trunk 1 has three member interfaces in Up state and Eth-Trunk 2

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 699

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

has two member interfaces in Up state. Each member link has the same
bandwidth, and deviceA is selected as the root bridge.
● Eth-Trunk 1 has higher bandwidth than Eth-Trunk 2. After STP calculation,
Eth-Trunk 1 on deviceB is selected as the root port and Eth-Trunk 2 is selected
as the alternate port.
● If the maximum number of connections affecting bandwidth of Eth-Trunk 1 is
set to 1, the path cost of Eth-Trunk 1 is larger than the path cost of Eth-Trunk
2. Therefore, the two devices perform spanning tree recalculation. Then Eth-
Trunk 1 on deviceB becomes the alternate port and Eth-Trunk 2 becomes the
root port.

Figure 14-16 Setting the maximum number of connections in an Eth-Trunk

SwitchA SwitchB
Before Eth-Trunk1
configuration Eth-Trunk2

Root Bridge

SwitchA SwitchB
Eth-Trunk1
After
configuration Eth-Trunk2

Root Bridge
Alternate port
Root port
Designated port

The maximum number of connections affects only the path cost of an Eth-Trunk
interface participating in spanning tree calculation, and does not affect the actual
bandwidth of the Eth-Trunk link. The actual bandwidth for an Eth-Trunk link
depends on the number of active member interfaces in the Eth-Trunk.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface eth-trunk trunk-id

The Eth-Trunk interface view is displayed.

Step 3 Run max bandwidth-affected-linknumber link-number

The maximum number of connections affecting the Eth-Trunk bandwidth is set.

By default, the maximum number of connections affecting the bandwidth of an

Eth-Trunk is 8.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 700

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

14.8.5 Verifying the Configuration of STP Parameters that

Affect STP Convergence
Procedure
● Run the display stp [ interface interface-type interface-number | slot slot-id ]
[ brief ] command to view the spanning tree status and statistics.
----End

14.9 Setting RSTP Parameters that Affect RSTP

Convergence

Pre-configuration Tasks
Before configuring RSTP parameters that affect RSTP convergence, configure basic
RSTP functions.

14.9.1 Setting the RSTP Network Diameter

Context
Any two terminals on a switching network are connected through a specific path
along multiple devices. The network diameter is the maximum number of devices
between any two terminals. A larger network diameter indicates a larger network
scale.
An improper network diameter may cause slow network convergence and affect
communication. Run the stp bridge-diameter command to set an appropriate
network diameter based on the network scale, which helps speed up convergence.
It is recommended that all devices be configured with the same network diameter.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run stp bridge-diameter diameter
The network diameter is configured.
By default, the network diameter is 7.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 701

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

NOTE

● RSTP uses a single spanning tree instance on the entire network. As a result,
performance deterioration cannot be prevented when the network scale grows.
Therefore, the network diameter cannot be larger than 7.
● It is recommended that you run the stp bridge-diameter diameter command to set the
network diameter. Then, the switching device calculates the optimal Forward Delay
timer value, Hello timer value, and Max Age timer value based on the configured
network diameter.

----End

14.9.2 Setting the RSTP Timeout Interval

Context
If a device does not receive any BPDUs from the upstream device within the
timeout interval, the device considers the upstream device to have failed and
recalculates the spanning tree.
Sometimes, a device cannot receive the BPDU from the upstream device within
the timeout interval because the upstream device is busy. In this case,
recalculating the spanning tree will cause a waste of network resources. To avoid
wasting network resources, set a long timeout interval on a stable network.
If a switching device does not receive any BPDUs from the upstream device within
the timeout interval, spanning tree recalculation is performed. The timeout
interval is calculated as follows:
Timeout interval = Hello time x 3 x Timer Factor

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run stp timer-factor factor
The Timer Factor value is set. This parameter determines the timeout interval
during which the device waits for BPDUs from the upstream device.
By default, the timeout period is 9 times the Hello timer value.

----End

14.9.3 Setting RSTP Timers

Context
The following timers are used in spanning tree calculation:
● Forward Delay: specifies the delay before a state transition. After the topology
of a ring network changes, it takes some time to spread the new
configuration BPDU throughout the entire network. As a result, the original
blocked port may be unblocked before a new port is blocked. When this
occurs, a loop exists on the network. You can set the Forward Delay timer to

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 702

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

prevent loops. When the topology changes, all ports will be temporarily
blocked during the Forward Delay.
● Hello Time: specifies the interval at which hello packets are sent. A device
sends configuration BPDUs at the specified interval to detect link failures. If
the switching device does not receive any BPDUs within the timeout period
(timeout period = Hello Time x 3 x Timer Factor), the device recalculates the
spanning tree.
● Max Age: determines whether BPDUs expire. A switching device determines
that a received configuration BPDU times out when the Max Age expires.

Devices on a ring network must use the same values of Forward Delay, Hello
Time, and Max Age.

You are not advised to directly change the preceding three timers. The three
parameters are relevant to the network scale; therefore, it is recommended that
you set the network diameter so that the spanning tree protocol automatically
adjusts these timers. When the default network diameter is used, the three timers
also retain their default values.

NOTICE

To prevent frequent network flapping, make sure that the Hello Time, Forward
Delay, and Max Age timer values conform to the following formulas:
● 2 x (Forward Delay - 1.0 second) ≥ Max Age
● Max Age ≥ 2 x (Hello Time + 1.0 second)

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Set the Forward Delay, Hello Time, and Max Age timers.
1. Run stp timer forward-delay forward-delay

The Forward Delay timer is set for the switching device.

By default, the Forward Delay timer is 1500 centiseconds (15 seconds).

2. Run stp timer hello hello-time

The Hello Time is set for the switching device.

By default, the Hello Time is 200 centiseconds (2 seconds).

3. Run stp timer max-age max-age

The Max Age timer is set for the switching device.

By default, the Max Age timer is 2000 centiseconds (20 seconds).

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 703

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

14.9.4 Setting the Maximum Number of Connections in an

Eth-Trunk that Affects Spanning Tree Calculation

Context
The path costs affect spanning tree calculation. Changes of path costs trigger
spanning tree recalculation. The path cost of an interface is affected by its
bandwidth, so you can change the interface bandwidth to affect spanning tree
calculation.

As shown in Figure 14-17, deviceA and deviceB are connected through two Eth-
Trunk links. Eth-Trunk 1 has three member interfaces in Up state and Eth-Trunk 2
has two member interfaces in Up state. Each member link has the same
bandwidth, and deviceA is selected as the root bridge.
● Eth-Trunk 1 has higher bandwidth than Eth-Trunk 2. After STP calculation,
Eth-Trunk 1 on deviceB is selected as the root port and Eth-Trunk 2 is selected
as the alternate port.
● If the maximum number of connections affecting bandwidth of Eth-Trunk 1 is
set to 1, the path cost of Eth-Trunk 1 is larger than the path cost of Eth-Trunk
2. Therefore, the two devices perform spanning tree recalculation. Then Eth-
Trunk 1 on deviceB becomes the alternate port and Eth-Trunk 2 becomes the
root port.

Figure 14-17 Setting the maximum number of connections in an Eth-Trunk

SwitchA SwitchB
Before Eth-Trunk1
configuration Eth-Trunk2

Root Bridge

SwitchA SwitchB
Eth-Trunk1
After
configuration Eth-Trunk2

Root Bridge
Alternate port
Root port
Designated port

The maximum number of connections affects only the path cost of an Eth-Trunk
interface participating in spanning tree calculation, and does not affect the actual
bandwidth of the Eth-Trunk link. The actual bandwidth for an Eth-Trunk link
depends on the number of active member interfaces in the Eth-Trunk.

Procedure
Step 1 Run system-view

The system view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 704

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Step 2 Run interface eth-trunk trunk-id

The Eth-Trunk interface view is displayed.

Step 3 Run max bandwidth-affected-linknumber link-number

The maximum number of connections affecting the Eth-Trunk bandwidth is set.

By default, the maximum number of connections affecting the bandwidth of an

Eth-Trunk is 8.

----End

14.9.5 Setting the Link Type for a Port

Context
P2P links can implement rapid convergence. If the two ports connected to a P2P
link are root or designated ports, the ports can transit to the forwarding state
quickly by sending Proposal and Agreement packets. This reduces the forwarding
delay.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The view of an Ethernet interface participating in STP calculation is displayed.

Step 3 Run stp point-to-point { auto | force-false | force-true }

The link type is set for the interface.

By default, an interface automatically identifies whether it is connected to a P2P

link. P2P links implement rapid network convergence.

● If the Ethernet interface works in full-duplex mode, the interface is connected

to a P2P link. In this case, force-true can be specified in the command to
implement rapid network convergence.
● If the Ethernet interface works in half-duplex mode, you can run the stp
point-to-point force-true command to forcibly set the link type to P2P.

----End

14.9.6 Setting the Maximum Transmission Rate of an Interface

Context
The more BPDUs sent from an interface within a Hello Time interval, the more
system resources consumed. Setting a proper transmission rate (packet-number)
on an interface prevents excess bandwidth usage when network flapping occurs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 705

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The view of an Ethernet interface participating in STP calculation is displayed.
Step 3 Run stp transmit-limit packet-number
The maximum transmission rate of BPDUs (BPDUs per second) is set for the
interface.
By default, an interface sends a maximum of six BPDUs per second. If the same
maximum transmission rate of BPDUs needs to be set for each interface on a
device, run the stp transmit-limit (system view) command.

----End

14.9.7 Switching to the RSTP Mode

Context
If an interface on an RSTP-enabled device is connected to an STP-enabled device,
the interface switches to the STP compatible mode.
If the STP-enabled device is powered off or disconnected from the RSTP-enabled
device, the interface cannot switch back to the RSTP mode. In this case, run the
stp mcheck command to switch the interface to the RSTP mode.
You need to manually switch the interface to the RSTP mode in the following
situations:
● The STP-enabled device is shut down or disconnected.
● The STP-enabled device is switched to the RSTP mode.

Procedure
● Switching to the RSTP mode in the interface view
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The view of an interface participating in spanning tree calculation is
displayed.
c. Run stp mcheck
The interface is switched to the RSTP mode.
● Switching to the RSTP mode in the system view
a. Run system-view
The system view is displayed.
b. Run stp mcheck

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 706

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

The device is switched to the RSTP mode.

----End

14.9.8 Configuring Edge Ports and BPDU Filter Ports

Context
As defined in RSTP, a port that is located at the edge of a network and directly
connected to a terminal device is an edge port.
Edge ports can still send BPDUs. If the BPDUs are sent to another network, this
network may encounter network flapping. To prevent this problem, configure the
BPDU filter function on edge ports so that the edge ports do not process or send
BPDUs.

NOTE

After all ports are configured as edge ports and BPDU filter ports in the system view, none
of ports on the local device sends BPDUs or negotiates the STP states with directly
connected ports on the peer device. All ports are in forwarding state. This may cause loops
on the network, leading to broadcast storms. Exercise caution when deciding to perform
this configuration.
After a specified port is configured as an edge port and BPDU filter port in the interface
view, the port does not process or send BPDUs and cannot negotiate the STP state with the
directly connected port on the peer device. Exercise caution when deciding to perform this
configuration.

Procedure
● Configuring all ports as edge ports and BPDU filter ports
a. Run system-view
The system view is displayed.
b. Run stp edged-port default
All ports are configured as edge ports.
By default, all ports are non-edge ports.
c. Run stp bpdu-filter default
All ports are configured as BPDU filter ports.
By default, all ports are non-BPDU filter ports.
● Configuring a specified port as an edge port and BPDU filter port
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The view of an Ethernet interface that participates in spanning tree
calculation is displayed.
c. Run stp edged-port enable
The port is configured as an edge port.
By default, all ports are non-edge ports.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 707

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

d. Run stp bpdu-filter enable

The port is configured as a BPDU filter port.

By default, a port is a non-BPDU filter port.

----End

14.9.9 Verifying the Configuration of RSTP Parameters that

Affect RSTP Convergence

Procedure
● Run the display stp [ interface interface-type interface-number | slot slot-id ]
[ brief ] command to view the spanning tree status and statistics.

----End

14.10 Configuring RSTP Protection Functions

14.10.1 Configuring BPDU Protection on a Switching Device

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run stp bpdu-protection

BPDU protection is enabled on the switching device.

By default, BPDU protection is disabled on a switching device.

----End

Follow-up Procedure
If you want an edge port to automatically recover from the error-down state, run
the error-down auto-recovery cause bpdu-protection interval interval-value
command in the system view to configure the auto recovery function and set a
recovery delay on the port. Then a port in error-down state can automatically go
Up after the delay expires. Note the following when setting the recovery delay:
● By default, the auto recovery function is disabled; therefore, the recovery
delay parameter does not have a default value. When you enable the auto
recovery function, you must set a recovery delay.
● A smaller value of interval-value indicates a shorter time taken for an edge
port to go Up, and a higher frequency of Up/Down state transitions on the
port.
● A larger value of interval-value indicates a longer time taken for the edge
port to go Up, and a longer service interruption time.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 708

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

● The auto recovery function takes effect only for the interfaces that transition
to the error-down state after the error-down auto-recovery command is
executed.

14.10.2 Configuring TC Protection on a Switching Device

Context
If attackers send pseudo TC BPDUs to attack a switching device, the device
receives a large number of TC BPDUs within a short time and frequently deletes
MAC address entries and ARP entries. This wastes resources on the switching
device and threatens network stability.
To suppress TC BPDUs, enable TC protection on a switching device and set the
maximum number of TC BPDUs that the device can process within a given time
period. If the number of TC BPDUs that the switching device receives within a
given time period exceeds the specified threshold, the switching device processes
only the specified number of TC BPDUs. After the specified time period expires, the
switching devices process all the excess TC BPDUs together. This function prevents
the switching device from frequently deleting MAC entries and ARP entries,
protecting the switching device from being overburdened.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run stp tc-protection interval interval-value
The time period during which the device processes the maximum number of TC
BPDUs is set.
By default, the time period is the Hello time.
Step 3 Run stp tc-protection threshold threshold
The maximum number of times the switching device processes TC BPDUs and
updates forwarding entries within the specified time period is set.
By default, the device processes only one TC BPDU within a specified time period.
The switch processes only TC BPDUs of a number configured by stp tc-protection
threshold within the time period configured by the stp tc-protection interval
command. Other packets are processed after a delay, so spanning tree
convergence speed may slow down. For example, if the time period is set to 10
seconds and the maximum of TC BPDUs is set to 5, the switch processes only the
first five TC BPDUs within 10 seconds. Subsequent TC BPDUs are processed
together 10 seconds later.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 709

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

14.10.3 Configuring Root Protection on a Port

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The view of an interface participating in STP calculation is displayed.
Step 3 Run stp root-protection
Root protection is enabled on the interface.
By default, root protection is disabled on the interface. Root protection takes
effect only on designated ports. Generally, root protection is configured on the
interfaces of the root bridge.
Root protection and loop protection cannot be configured on the same interface.

----End

14.10.4 Configuring Loop Protection on a Port

Context
On an RSTP network, a switching device maintains states of the root port and
blocked ports based on BPDUs received from an upstream switching device. If the
switching device cannot receive BPDUs from the upstream because of link
congestion or unidirectional link failure, the switching device selects a new root
port. The original root port becomes a designated port, and the original blocked
ports change to the Forwarding state, which may cause loops on the network. To
prevent such a problem, configure loop protection.
If the root port or alternate port does not receive BPDUs from the upstream device
for a long time, the switch enabled with loop protection sends a notification to the
NMS. If the root port is used, the root port enters the Discarding state and
becomes the designated port. If the alternate port is used, the alternate port
keeps blocked and becomes the designated port. In this case, loops will not occur.
After the link is not congested or unidirectional link failures are rectified, the port
receives BPDUs for negotiation and restores its original role and status.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The view of the root port or alternate port is displayed.
Step 3 Run stp loop-protection
Loop protection is enabled on the root port or alternate port.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 710

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

By default, loop protection is disabled on a port.

NOTE

An alternate port is a backup for a root port. If a switching device has an alternate port,
configure loop protection on both the root port and the alternate port.
Root protection and loop protection cannot be configured on the same port.

----End

14.10.5 Verifying the Configuration of RSTP Protection

Functions
Procedure
● Run the display stp [ interface interface-type interface-number | slot slot-id ]
[ brief ] command to view the spanning tree status and statistics.
----End

14.11 Setting Parameters for Interoperation Between

Huawei and Non-Huawei Devices

Context
A switching device supports the following Proposal/Agreement modes:
● Enhanced mode: The device determines the root port when it calculates the
synchronization flag bit.
a. An upstream device sends a Proposal message to a downstream device to
request fast state transition. After receiving the message, the downstream
device sets the port connected to the upstream device as the root port
and blocks all non-edge ports.
b. The upstream device sends an Agreement message to the downstream
device. After the downstream device receives the message, the root port
transitions to the Forwarding state.
c. The downstream device responds with an Agreement message. After
receiving the message, the upstream device sets the port connected to
the downstream device as the designated port, and then the designated
port transitions to the Forwarding state.
● Common mode: The device ignores the root port when it calculates the
synchronization flag bit.
a. An upstream device sends a Proposal message to a downstream device to
request fast state transition. After receiving the message, the downstream
device sets the port connected to the upstream device as the root port
and blocks all non-edge ports. Then, the root port transitions to the
Forwarding state.
b. The downstream device responds with an Agreement message. After
receiving the message, the upstream device sets the port connected to

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 711

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

the downstream device as the designated port, and then the designated
port transitions to the Forwarding state.

On an STP network, if a Huawei switching device is connected to a non-Huawei

device that uses a different Proposal/Agreement mechanism, the two devices may
fail to interoperate with each other. Select the enhanced mode or common mode
based on the Proposal/Agreement mechanism of the non-Huawei device.

Pre-configuration Tasks
Before setting parameters for interoperation between Huawei and non-Huawei
devices, configure basic STP/RSTP functions.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The view of an interface participating in spanning tree calculation is displayed.

Step 3 Run stp no-agreement-check

The common fast transition mode is specified.

By default, the enhanced fast transition mode is used on a port.

----End

14.12 Maintaining STP/RSTP

14.12.1 Clearing STP/RSTP Statistics

Context

NOTICE

STP/RSTP statistics cannot be restored after being cleared. Exercise caution when
deciding to clear STP/RSTP statistics.

Procedure
● Run the reset stp [ interface interface-type interface-number ] statistics
command to clear spanning-tree statistics.
● Run the reset stp error packet statistics command to clear statistics about
error STP packets.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 712

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

14.12.2 Monitoring STP/RSTP Topology Change Statistics

Context
The statistics about STP/RSTP topology changes can be viewed. If the statistics
increase, network flapping occurs.

Procedure
● Run the display stp topology-change command to view statistics about STP/
RSTP topology changes.
● Run the display stp [ interface interface-type interface-number | slot slot-id ]
tc-bpdu statistics command to view statistics about sent and received
TC/TCN packets.
● Run the display stp [ interface interface-type interface-number | slot slot-id ]
[ brief ] command to view the spanning tree status and statistics.
----End

14.13 Configuration Examples for STP/RSTP

14.13.1 Example for Configuring Basic STP Functions

Networking Requirements
On a complex network, multiple physical links are often deployed between two
devices for link redundancy (one as the active link and the others as standby
links). Redundant links may cause loops on the network, which result in broadcast
storms and unstable MAC address entries.
STP can be deployed on a network to eliminate loops by blocking ports. In Figure
14-18, a loop exists on the network, and SwitchA, SwitchB, SwitchC, and SwitchD
are all running STP. These devices exchange BPDUs to discover the loops and block
the appropriate ports in order to trim the ring topology into a loop-free tree
topology. The tree topology prevents infinite looping of packets, which in turn
helps improve packet processing performance.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 713

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Figure 14-18 Networking diagram of basic STP configurations

Network

GE0/0/3 GE0/0/3
Root
SwitchD GE0/0/1 GE0/0/1
Bridge

GE0/0/2 GE0/0/2 SwitchA

STP

GE0/0/3 GE0/0/3

SwitchC SwitchB
GE0/0/1 GE0/0/1
GE0/0/2 GE0/0/2

PC1 PC2
Blocked port

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the STP mode for the switches on the ring network.
2. Configure the primary and secondary root bridges.
3. Set a path cost for the ports to be blocked.
4. Enable STP to eliminate loops. Because ports connected to the PCs do not
participate in STP calculation, configure these ports as both edge ports.

Procedure
Step 1 Configure basic STP functions.
1. Configure the STP mode for the switches on the ring network.
# Configure the STP mode on SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] stp mode stp

# Configure the STP mode on SwitchB.

<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] stp mode stp

# Configure the STP mode on SwitchC.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 714

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] stp mode stp
# Configure the STP mode on SwitchD.
<HUAWEI> system-view
[HUAWEI] sysname SwitchD
[SwitchD] stp mode stp
2. Configure the primary and secondary root bridges.
# Configure SwitchA as the primary root bridge.
[SwitchA] stp root primary
# Configure SwitchD as the secondary root bridge.
[SwitchD] stp root secondary
3. Set a path cost for the ports to be blocked.
– The path cost value range depends on path cost calculation methods.
This example uses the Huawei proprietary calculation method and sets
the path cost to 20000 (the greatest value in the range).
– All switching devices on a network must use the same path cost
calculation method.
# On Switch A, set the path cost calculation method to the Huawei
proprietary method.
[SwitchA] stp pathcost-standard legacy
# On Switch B, set the path cost calculation method to the Huawei
proprietary method.
[SwitchB] stp pathcost-standard legacy
# On Switch C, set the path cost of GigabitEthernet0/0/1 to 20000.
[SwitchC] stp pathcost-standard legacy
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] stp cost 20000
[SwitchC-GigabitEthernet0/0/1] quit
# On SwitchD, set the path cost calculation method to the Huawei proprietary
method.
[SwitchD] stp pathcost-standard legacy
4. Enable STP to eliminate loops.
– Configure the ports connected to PCs as both edge ports.
# Configure GigabitEthernet0/0/2 on SwitchB as both an edge port.
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] stp edged-port enable
[SwitchB-GigabitEthernet0/0/2] quit
(Optional) Configure BPDU protection on SwitchB.
[SwitchB] stp bpdu-protection
# Configure GigabitEthernet0/0/2 on SwitchC as both an edge port.
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] stp edged-port enable
[SwitchC-GigabitEthernet0/0/2] quit
(Optional) Configure BPDU protection on SwitchC.
[SwitchC] stp bpdu-protection

NOTE
If edge ports are connected to network devices that have STP enabled and BPDU
protection is enabled, the edge ports will be shut down and their attributes
remain unchanged after they receive BPDUs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 715

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

– Enable STP globally.

# Enable STP globally on SwitchA.
[SwitchA] stp enable

# Enable STP globally on SwitchB.

[SwitchB] stp enable

# Enable STP globally on SwitchC.

[SwitchC] stp enable

# Enable STP globally on SwitchD.

[SwitchD] stp enable

Step 2 Verify the configuration.

After the preceding configuration is complete and the network becomes stable,
perform the following operations to verify the configuration:
# Run the display stp brief command on SwitchA to view the port states and
protection type. The following information is displayed:
[SwitchA] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING NONE
0 GigabitEthernet0/0/2 DESI FORWARDING NONE

After SwitchA is configured as the root bridge, GigabitEthernet 0/0/2 connected to

SwitchB and GigabitEthernet 0/0/1 connected to SwitchD are elected as
designated ports through spanning tree calculation.
# Run the display stp interface gigabitethernet 0/0/1 brief command on
SwitchB to view status of GigabitEthernet 0/0/1. The following information is
displayed:
[SwitchB] display stp interface gigabitethernet 0/0/1 brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING NONE

GigabitEthernet 0/0/1 is elected as a designated port and is in the Forwarding

state.
# Run the display stp brief command on SwitchC to view the interface states and
protection type. The following information is displayed:
[SwitchC] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ALTE DISCARDING NONE
0 GigabitEthernet0/0/3 ROOT FORWARDING NONE

GigabitEthernet 0/0/3 is elected as a root port and is in the Forwarding state.

GigabitEthernet 0/0/1 is elected as an alternate port and is in the Discarding state.

----End

Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
stp mode stp
stp instance 0 root primary

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 716

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

stp pathcost-standard legacy

#
return
● SwitchB configuration file
#
sysname SwitchB
#
stp mode stp
stp bpdu-protection
stp pathcost-standard legacy
#
interface GigabitEthernet0/0/2
stp edged-port enable
#
return
● SwitchC configuration file
#
sysname SwitchC
#
stp mode stp
stp pathcost-standard legacy
stp bpdu-protection
#
interface GigabitEthernet0/0/1
stp instance 0 cost 20000
#
interface GigabitEthernet0/0/2
stp edged-port enable
#
return
● SwitchD configuration file
#
sysname SwitchD
#
stp mode stp
stp instance 0 root secondary
stp pathcost-standard legacy
#
return

Related Content
Videos
Configuring STP to Prevent Loops

14.13.2 Example for Configuring Basic RSTP Functions

Networking Requirements
On a complex network, multiple physical links are often deployed between two
devices for link redundancy (one as the active link and the others as standby
links). Redundant links may cause loops on the network, which result in broadcast
storms and unstable MAC address entries.
RSTP can be deployed on a network to eliminate loops by blocking ports. In
Figure 14-19, a loop exists on the network, and SwitchA, SwitchB, SwitchC, and
SwitchD are all running RSTP. These devices exchange BPDUs to discover the loops
and block the appropriate ports in order to trim the ring topology into a loop-free
tree topology. The tree topology prevents infinite looping of packets, which in turn
helps improve packet processing performance.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 717

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Figure 14-19 Networking diagram of basic RSTP configurations

Network

GE0/0/3 GE0/0/3
Root
GE0/0/1 GE0/0/1
SwitchD Bridge

GE0/0/2 GE0/0/2 SwitchA

RSTP

GE0/0/3 GE0/0/3

SwitchC SwitchB
GE0/0/1 GE0/0/1
GE0/0/2 GE0/0/2

PC1 PC2
Blocked port

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic RSTP functions.
a. Configure the RSTP mode for the switches on the ring network.
b. Configure the primary and secondary root bridges.
c. Set a path cost for the ports to be blocked.
d. Enable RSTP to eliminate loops. Because ports connected to the PCs do
not participate in RSTP calculation, configure these ports as both edge
ports.
2. Configure RSTP protection functions. For example, configure root protection
on designated ports of the root bridge.

Procedure
Step 1 Configure basic RSTP functions.
1. Configure the RSTP mode for the switches on the ring network.
# Configure the RSTP mode on SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] stp mode rstp

# Configure the RSTP mode on SwitchB.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 718

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] stp mode rstp

# Configure the RSTP mode on SwitchC.

<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] stp mode rstp

# Configure the RSTP mode on SwitchD.

<HUAWEI> system-view
[HUAWEI] sysname SwitchD
[SwitchD] stp mode rstp

2. Configure the primary and secondary root bridges.

# Configure SwitchA as the primary root bridge.
[SwitchA] stp root primary

# Configure SwitchD as the secondary root bridge.

[SwitchD] stp root secondary

3. Set a path cost for the ports to be blocked.

– The path cost value range depends on path cost calculation methods.
This example uses the Huawei proprietary calculation method and sets
the path cost to 20000.
– All switching devices on a network must use the same path cost
calculation method.
# On SwitchA, set the path cost calculation method to the Huawei proprietary
method.
[SwitchA] stp pathcost-standard legacy

# On SwitchB, set the path cost calculation method to the Huawei proprietary
method.
[SwitchB] stp pathcost-standard legacy

# On SwitchC, set the path cost of GigabitEthernet0/0/1 to 20000.

[SwitchC] stp pathcost-standard legacy
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] stp cost 20000
[SwitchC-GigabitEthernet0/0/1] quit

# On SwitchD, set the path cost calculation method to the Huawei proprietary
method.
[SwitchD] stp pathcost-standard legacy

4. Enable RSTP to eliminate loops.

– Configure the ports connected to PCs as both edge ports.
# Configure GigabitEthernet0/0/2 on SwitchB as both an edge port.
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] stp edged-port enable
[SwitchB-GigabitEthernet0/0/2] quit

(Optional) Configure BPDU protection on SwitchB.

[SwitchB] stp bpdu-protection

# Configure GigabitEthernet0/0/2 on SwitchC as both an edge port.

[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] stp edged-port enable
[SwitchC-GigabitEthernet0/0/2] quit

(Optional) Configure BPDU protection on SwitchC.

[SwitchC] stp bpdu-protection

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 719

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

NOTE
If edge ports are connected to network devices that have STP enabled and BPDU
protection is enabled, the edge ports will be shut down and their attributes
remain unchanged after they receive BPDUs.
– Enable RSTP globally.
# Enable RSTP globally on SwitchA.
[SwitchA] stp enable
# Enable RSTP globally on SwitchB.
[SwitchB] stp enable
# Enable RSTP globally on SwitchC.
[SwitchC] stp enable
# Enable RSTP globally on SwitchD.
[SwitchD] stp enable

Step 2 Configure RSTP protection functions. For example, configure root protection on
designated ports of the root bridge.
# Enable root protection on GE 0/0/1 on SwitchA.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] stp root-protection
[SwitchA-GigabitEthernet0/0/1] quit

# Enable root protection on GE 0/0/2 on SwitchA.

[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] stp root-protection
[SwitchA-GigabitEthernet0/0/2] quit

Step 3 Verify the configuration.

After the preceding configuration is complete and the network becomes stable,
perform the following operations to verify the configuration:
# Run the display stp brief command on SwitchA to view the port roles and
states. The following information is displayed:
[SwitchA] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING ROOT
0 GigabitEthernet0/0/2 DESI FORWARDING ROOT

After SwitchA is configured as the root bridge, GigabitEthernet0/0/2 connected to

SwitchB and GigabitEthernet0/0/1 connected to SwitchD are elected as designated
ports through spanning tree calculation. Root protection is enabled on the
designated ports.
# Run the display stp interface gigabitethernet 0/0/1 brief command on
SwitchB to view the role and state of GigabitEthernet0/0/1. The following
information is displayed:
[SwitchB] display stp interface gigabitethernet 0/0/1 brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING NONE

GigabitEthernet0/0/1 is elected as a designated port and is in the Forwarding

state.
# Run the display stp brief command on SwitchC to view the port roles and
states. The following information is displayed:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 720

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

[SwitchC] display stp brief

MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ALTE DISCARDING NONE
0 GigabitEthernet0/0/2 DESI FORWARDING BPDU
0 GigabitEthernet0/0/3 ROOT FORWARDING NONE

GE0/0/1 is elected as an alternate port and is in the Discarding state.

GE0/0/3 is elected as a root port and is in the Forwarding state.

----End

Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
stp mode rstp
stp instance 0 root primary
stp pathcost-standard legacy
#
interface GigabitEthernet0/0/1
stp root-protection
#
interface GigabitEthernet0/0/2
stp root-protection
#
return
● SwitchB configuration file
#
sysname SwitchB
#
stp mode rstp
stp bpdu-protection
stp pathcost-standard legacy
#
interface GigabitEthernet0/0/2
stp edged-port enable
#
return
● SwitchC configuration file
#
sysname SwitchC
#
stp mode rstp
stp bpdu-protection
stp pathcost-standard legacy
#
interface GigabitEthernet0/0/1
stp instance 0 cost 20000
#
interface GigabitEthernet0/0/2
stp edged-port enable
#
return
● SwitchD configuration file
#
sysname SwitchD
#
stp mode rstp
stp instance 0 root secondary
stp pathcost-standard legacy
#
return

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 721

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

Related Content
Videos

Configuring STP to Prevent Loops

14.14 FAQ About STP/RSTP

14.14.1 How to Prevent Low Convergence for STP Edge Ports

that Connect Terminals?
Terminal devices cannot participate in the STP calculation or respond to STP
packets, causing low convergence. You can prevent low convergence for STP edge
switch ports for connecting user terminals or servers as follows:

● On a port, run the stp edge-port enable command to configure the port as
an STP edge port, and run the stp bpdu-filter enable command to enable
the BPDU packet filtering function and prevent the port from sending BPDU
packets.
● Run the stp disable command on the port to disable the STP protocol and
make the port remain in forwarding state.
To ensure availability and security, you are advised to configure the port as an STP
edge port. This is because when a loop occurs on a terminal device connected to
an edge port, the port automatically switches to a non-edge port and enables the
loop breaking function of STP.

14.14.2 Can Switches Using RSTP and STP Be Connected?

Switches using RSTP and STP can be connected. STP protocols include the STP,
RSTP, and MSTP protocols. These protocols support forward compatibility and
connection to a certain extent. The following table describes the connection
effects.

Scenario Connection Effect

An STP device connects to RSTP connects to the STP port, and the mode
an RSTP device. automatically changes to STP to implement slow
convergence.

An RSTP device connects The CIST can be connected. That is, instance 0 can
to an MSTP device. be connected. The connection ports are inter-AS
ports.

An MSTP device connects MSTP connects to the STP port, and the mode
to an STP device. automatically changes to STP to implement slow
convergence.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 722

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

NOTE
When a port whose mode switches reconnects to another device, the original mode must
be restored by running the stp mcheck command.

14.14.3 Why Is the Recommended Value of STP Network

Radius Within 7?
According to the initial spanning tree protocol, the default interval for an STP
switch to send BPDUs is 2 seconds. Each switch receives and processes BPDUs for
about 1 second each time, and supports a maximum of 20 hops.
According to the RSTP protocol, packets are aged after three intervals (6 seconds)
by default. If a hop takes 1 second, a packet times out after 6 hops. Therefore, the
recommended value of STP network radius cannot be greater than 7.
There are also some other considerations such as bandwidth usage, storm range,
and the maintainability and manageability of the network.

14.14.4 Why Does the STP Convergence Fail for a Switch?

The switch STP calculation, convergence, and damage are implemented using
BPDUs. The BPDU processing capacity must be enabled for the port. Otherwise,
the switch discards the BPDUs by default, making the STP convergence fail.

NOTE
Globally run the bpdu enable command for the S2700 switch. Run the bpdu enable
command on the port for other devices.

14.14.5 In What Condition Do I Need to Configure STP Edge

Ports?
User-side devices such as servers do not need to run STP. If STP is enabled on
switch ports connected to these devices, the ports will alternate between Up and
Down or cannot enter the Forwarding state immediately after a topology change
on the STP network, which is unacceptable for some services. To prevent the
preceding problem, configure the ports that do not need to run STP as edge ports.
Edge ports can enter the Forwarding state immediately after they go Up. In
addition, edge ports do not send TC BPDUs and therefore do not affect services on
the STP network.

14.14.6 What Are Precautions for Configuring the Formats of

Sent and Received BPDUs on an STP Interface?
There are two STP BPDU formats: standard IEEE 802.1s format and proprietary
format. The switch supports both formats and works in auto mode by default. You
can run the stp compliance command on an STP interface to change the packet
format. In auto mode, an STP interface can parse BPDUs in any format received
from the peer interface.
When a Huawei switch is connected to another vendor' device, the two devices
may fail to communicate because of different keys in BPDUs even though they

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 723

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

have the same domain name, revision level, and VLAN mapping table. To solve
this problem, run the stp config-digest-snoop command to enable digest
snooping. This function enables the Huawei switch to keep its BPDU key
consistent with that used on the peer device.

14.14.7 How Do I Configure a User-Side Interface on an STP

Switch?
Terminal devices cannot participate in the STP calculation or respond to STP
packets. You can configure a user-side interface as follows:
● On a port, run the stp edge-port enable command to configure the port as
an STP edge port, and run the stp bpdu-filter enable command to enable
the BPDU packet filtering function and prevent the port from sending BPDU
packets.
● Run the stp disable command on the port to disable the STP protocol and
make the port remain in forwarding state.
To ensure availability and security, you are advised to configure the port as an STP
edge port. This is because when a loop occurs on a terminal device connected to
an edge port, the port automatically switches to a non-edge port and enables the
loop breaking function of STP.

14.14.8 How Do I Prevent Terminals' Failures to Ping the

Gateway or Low Speed in Obtaining IP Addresses When They
Connect to an STP Network?
Terminal devices such as servers or network management workstations do not
support STP. However, STP is enabled on switch interfaces by default. An STP
interface enters the Forwarding state 30 seconds after it changes to the Up state.
If an interface alternates between Up and Down states, the terminal connected to
the interface will fail to communicate with the gateway or spends a long time to
obtain an IP address.
To solve this problem, configure interfaces connected to terminals as edge ports or
disable STP on the interfaces.
To ensure availability and security, you are advised to configure the port as an STP
edge port. This is because when a loop occurs on a terminal device connected to
an edge port, the port automatically switches to a non-edge port and enables the
loop breaking function of STP.

14.14.9 Can the Switch Work with the Non-Huawei Devices

Running STP or RSTP?
The switch adopts the standard STP or RSTP algorithm. Whether the switch can
work with the STP or RSTP devices of other vendors depends on the protocols
running by those STP or RSTP devices:
● If a non-Huawei device runs the standard STP or RSTP protocol, including STP,
and RSTP, the switch can work with it.
● If a non-Huawei device runs non-standard STP or RSTP protocol, except for
the Cisco Per VLAN Spanning Tree (PVST) protocol, the switch can

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 724

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 14 STP/RSTP Configuration

transparently transmit the STP or RSTP packets from the device after the stp
disable and bpdu enable commands are run on the interface.
● If a non-Huawei device is a Cisco device that runs PVST, the switch cannot
negotiate with the device, but can transparently transmit the packets from the
device.

14.14.10 What Is the Function of the Automatic Edge-port

Detecting?
After STP is enabled on a port, edge-port detecting is started automatically. If the
port fails to receive BPDU packets within (2 x Hello Timer + 1) seconds, the port is
set to an edge port. Otherwise, the port is set to a non-edge port. If the stp
edged-port enable or stp edged-port disable command is executed in the
interface view or the stp edged-port default command is configured in the
system view, automatic detection of the edge port becomes invalid.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 725

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

15 MSTP Configuration

About This Chapter

This chapter describes how to configure the Multiple Spanning Tree Protocol
(MSTP).

15.1 Overview of MSTP

15.2 Understanding MSTP
15.3 Application Scenarios for MSTP
15.4 Summary of MSTP Configuration Tasks
15.5 Licensing Requirements and Limitations for MSTP
15.6 Default Settings for MSTP
15.7 Configuring MSTP
15.8 Configuring MSTP Multi-Process
15.9 Configuring MSTP Parameters on an Interface
15.10 Configuring MSTP Protection Functions
15.11 Configuring MSTP Interoperability Between Huawei and Non-Huawei
Devices
15.12 Maintaining MSTP
15.13 Configuration Examples for MSTP
15.14 FAQ About MSTP

15.1 Overview of MSTP

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 726

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Definition
The Multiple Spanning Tree Protocol (MSTP) enables multiple VLAN instances to
be mapped to the same spanning tree without creating loops. MSTP is a Layer 2
protocol that was first defined in IEEE 802.1s.

Purpose
MSTP generates multiple spanning trees that are used independently of each
other to forward traffic in different VLANs, which allows load balancing to be
implemented without the risk of broadcast storms.

15.2 Understanding MSTP

15.2.1 MSTP Background

STP/RSTP Defect
Both STP and RSTP (which is an evolution of STP and allows for fast network
topology convergence) suffer from a significant limitation: neither can implement
VLAN-based load balancing because all VLANs on a LAN use one spanning tree.
When a link is blocked, it no longer transmits traffic, which wastes bandwidth and
prevents certain VLAN packets from being forwarded.
Figure 15-1 provides an example scenario where STP or RSTP is enabled on a
LAN. In Figure 15-1, the broken line shows the spanning tree.

Figure 15-1 Limitation of STP/RSTP

S1 S4
VLAN 3 VLAN 2 VLAN 3 VLAN 2

HostC VLAN 3 VLAN 2 HostA

(VLAN 3) (VLAN 2)

VLAN 2 VLAN 3
S2 S5

HostB VLAN 2 VLAN 2 HostD

(VLAN 2) VLAN 3 VLAN 3 (VLAN 3)
VLAN 3
VLAN 2 VLAN 3

S3 S6
spanning tree(root bridge:S6)

In Figure 15-1, S6 is the root switch. The links between S2 and S5 and between S1
and S4 are blocked. VLAN packets are transmitted through "VLAN 2" or "VLAN 3"
links.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 727

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Because the link between S2 and S5 is blocked and the link between S3 and S6
denies packets from VLAN 2, HostA and HostB cannot communicate with each
other despite both belonging to VLAN 2.

MSTP Improvements
Because the link between S2 and S5 is blocked and the link between S3 and S6
denies packets from VLAN 2, HostA and HostB cannot communicate with each
other despite both belonging to VLAN 2.

To address the limitation of STP and RSTP, MSTP allows fast convergence and
provides multiple paths to load balance VLAN traffic.

MSTP divides a switching network into multiple regions, each of which has
multiple spanning trees that are independent of each other. Each spanning tree is
called a Multiple Spanning Tree Instance (MSTI) and each region is called a
Multiple Spanning Tree (MST) region. Figure 15-2 shows an example of an MST
region.

NOTE

An MSTI is a collection of VLANs. Binding multiple VLANs to a single MSTI reduces

communication costs and resource usage. The topology of each MSTI is calculated
independently, and traffic can be balanced among MSTIs. Multiple VLANs with the same
topology can be mapped to a single MSTI. The forwarding state of the VLANs for a port is
determined by the port state in the MSTI.

Figure 15-2 Multiple spanning trees in an MST region

S1 S4
VLAN 3 VLAN 2 VLAN 3 VLAN 2

HostC HostA
VLAN 3 VLAN 2
(VLAN 3) (VLAN 2)
VLAN 2
S2 S5

HostB VLAN 2 VLAN 2 HostD

(VLAN 2) VLAN 3 VLAN 3 (VLAN 3)
VLAN 3
VLAN 2 VLAN 3

S3 S6
spanning tree(root bridge:S4)
spanning tree(root bridge:S6)

In Figure 15-2, MSTP maps VLANs to MSTIs in the VLAN mapping table. Each
VLAN can be mapped to only one MSTI. This means that traffic of a VLAN can be
transmitted in only one MSTI. An MSTI, however, can correspond to multiple
VLANs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 728

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Two MSTIs are calculated:

● MSTI 1 uses S4 as the root switch to forward packets of VLAN 2.
● MSTI 2 uses S6 as the root switch to forward packets of VLAN 3.

In this situation, devices within the same VLAN can communicate with each other.
Packets of different VLANs are load balanced along different paths.

15.2.2 Basic Concepts of MSTP

MSTP Network Hierarchy

An MSTP network consists of one or more MST regions, each of which contains
one or more MSTIs. An MSTI is a tree network that consists of switches running
MSTP. Figure 15-3 provides an example of an MSTP network.

Figure 15-3 MSTP network hierarchy

MSTP Network

MST Region 1 MST Region 2

VLAN 1 -> MSTI 1 VLAN 1 -> MSTI 1
VLAN 2 -> MSTI 2 VLAN 2 -> MSTI 2
other VLAN S -> MSTI 3 other VLAN S -> MSTI 3

S1

VLAN 1 -> MSTI 1 VLAN 1 -> MSTI 1

VLAN 2 -> MSTI 2 VLAN 2 -> MSTI 2
other VLAN S -> MSTI 3 other VLAN S -> MSTI 3

MST Region 3 MST Region 4

CST
IST

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 729

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

MST Region
An MST region contains multiple network segments, each of which contains one
or more switches. The switches in one MST region all share the following
characteristics:
● MSTP-enabled
● Same region name
● Same VLAN-MSTI mappings
● Same MSTP revision level

Multiple switches can be grouped into an MST region by using MSTP configuration
commands.

In Figure 15-4, MST region 4 contains SwitchA, SwitchB, SwitchC, and SwitchD,
and has three MSTIs.

Figure 15-4 MST region with four switches and three MSTIs

A D A D

B C B C
MSTI 1 MSTI 2
S3
A D
Root
VLAN 1 -> MSTI 1 bridge
VLAN 2 -> MSTI 2
other VLAN S -> MSTI 3
B C MSTI
MST Region 4 MSTI 3
MSTI topology in MST region 4

VLAN Mapping Table

Each MST region has a VLAN mapping table. The VLAN mapping table maps
VLANs to MSTIs.

In Figure 15-4, the mappings in MST region 4 are as follows:

● VLAN 1 is mapped to MSTI 1.
● VLAN 2 is mapped to MSTI 2.
● Other VLANs are mapped to MSTI 3.

CST
A Common Spanning Tree (CST) connects all MST regions on a switching network.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 730

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

The CST is calculated using STP or RSTP, with each MST region being considered
as a single node.

In Figure 15-3, the regions that are connected through blue lines form a CST.

IST
An Internal Spanning Tree (IST) resides within an MST region.

An IST is a special MSTI with an MSTI ID of 0.

An IST is a segment of the CIST in an MST region.

In Figure 15-3, the switches that are connected through dark blue lines in an MST
region form an IST.

SST
A Single Spanning Tree (SST) is formed in either of the following situations:
● A switch running STP or RSTP belongs to only one spanning tree.
● An MST region has only one switch.

CIST
A Common and Internal Spanning Tree (CIST) connects all the switches on a
switching network and is calculated using STP or RSTP.

In Figure 15-3, all ISTs and the CST form a CIST.

Regional Root
Regional roots are classified into Internal Spanning Tree (IST) and MSTI regional
roots.

In Figure 15-3, the switches that are closest to the CIST root are IST regional
roots.

An MST region can contain multiple spanning trees, each of which is called an
MSTI. An MSTI regional root is the root of the MSTI. In Figure 15-4, each MSTI
has its own regional root.

CIST Root
In Figure 15-3, the CIST root is the root bridge of the CIST. The CIST root is a
device in S1.

Master Bridge
The master bridge is the switch closest to the CIST root in a region, for example,
S1 in Figure 15-3.

If the CIST root is in an MST region, the CIST root is the master bridge of the
region.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 731

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Port Roles
MSTP adds two extra port roles to those defined in RSTP. Table 15-1 describes the
port roles included in MSTP.

NOTE

Except edge ports, all ports participate in MSTP calculation.

A port can play different roles in different spanning tree instances.

Table 15-1 Port roles

Port Description
Role

Root A root port sends data to a root bridge and is the port closest to the
port root bridge. Root bridges do not have root ports.
Root ports are responsible for sending data to root bridges.
In Figure 15-5, S1 is the root; CP1 is the root port on S3; BP1 is the
root port on S2.

Designat The designated port on a switch forwards BPDUs to a downstream

ed port switch.
In Figure 15-5, AP2 and AP3 are designated ports on S1; CP2 is a
designated port on S3.

Alternat ● Alternate ports provide an alternate path to the root bridge. This
e port path is different from the path through the root port.
● An alternate port is blocked from sending BPDUs after a BPDU
sent by another bridge is received.
In Figure 15-5, BP2 is an alternate port.

Backup ● Backup ports provide a backup path to a segment already

port connected by a designated port.
● Backup ports are blocked from sending BPDUs after a BPDU sent
by itself is received.
In Figure 15-5, CP3 is a backup port.

Master A master port is on the shortest path connecting MST regions to the
port CIST root.
BPDUs of an MST region are sent to the CIST root through the
master port.
Master ports are special regional edge ports, functioning as root
ports on ISTs or CISTs and master ports in instances.
In Figure 15-6, S1, S2, S3, and S4 form an MST region. AP1 on S1 is
the master port because it is the closest port in the region to the
CIST root.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 732

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Port Description
Role

Regional A regional edge port is located at the edge of an MST region and
edge connects to another MST region or an SST.
port In Figure 15-6, AP1, DP1, and DP2 in an MST region are directly
connected to other regions. This means that they are all regional
edge ports of the MST region.

Edge An edge port is located at the edge of an MST region and does not
port connect to any switching device.
Generally, edge ports are directly connected to terminals.
After MSTP is enabled on a port, edge port detection is started
automatically. If the port fails to receive BPDU packets within (2 x
Hello Timer + 1) seconds, the port is set to an edge port. Otherwise,
the port is set to a non-edge port.

Figure 15-5 MSTP port roles

S1

Root
AP2 AP3

CP1 BP1
S3 S2

CP2 CP3 BP2

root port
designated port
Alternate port
Backup port

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 733

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Figure 15-6 Master port and regional edge port

Connect to the
CIST root

AP1
Master
S1

S2 S3

S4

DP1 DP2 MST Region

Blocked port

MSTP Port States

Table 15-2 describes the MSTP port states, which are the same as those used in
RSTP.

Table 15-2 Port states

Port Description
State

Forwardi A port in this state can send and receive BPDUs. It can also forward
ng user traffic.

Learning A port in this state learns MAC addresses from user traffic to
construct a MAC address table.
In Learning state, the port can send and receive BPDUs, but cannot
forward user traffic.

Discardi A port in this state can send and receive BPDUs.

ng

NOTE

Root, master, designated, and regional edge ports support all three port states. Alternate and
backup ports support only the Discarding state.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 734

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

15.2.3 MST BPDUs

MSTP calculates spanning trees based on Multiple Spanning Tree Bridge Protocol
Data Units (MST BPDUs). Switches on an MSTP network transmit MST BPDUs to
calculate spanning tree topologies, maintain network topologies, and
communicate topology changes.
Table 15-3 describes differences between TCN BPDUs, configuration BPDUs
defined by STP, RST BPDUs defined by RSTP, and MST BPDUs defined by MSTP.

Table 15-3 Differences between BPDUs

Version Type Name

0 0x00 Configuration BPDU

0 0x80 TCN BPDU

2 0x02 RST BPDU

3 0x02 MST BPDU

Format of an MST BPDU

Figure 15-7 shows the format of an MST BPDU.

Figure 15-7 MST BPDU format

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 735

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

NOTE

The first 36 bytes of an MST BPDU are the same as those of an RST BPDU.
Fields from the 37th byte of an MST BPDU are MSTP-specific. The MSTI Configuration
Messages field consists of configuration messages of multiple MSTIs.

Table 15-4 describes the fields in an MST BPDU.

Table 15-4 Fields in an MST BPDU

Field Length Description
(Bytes)

Protocol 2 Identifies a protocol.

Identifier

Protocol 1 Indicates the protocol version identifier:

Version ● 0: STP
Identifier
● 2: RSTP
● 3: MSTP

BPDU Type 1 Indicates the BPDU type:

● 0x00: Configuration BPDU for STP
● 0x80: TCN BPDU for STP
● 0x02: RST BPDU or MST BPDU

CIST Flags 1 Identifies the CIST.

CIST Root 8 Indicates the ID of the CIST root switch.

Identifier

CIST External 4 Indicates the total path cost from the MST
Path Cost region where the switch resides to the MST
region where the CIST root switch resides. This
value is calculated based on link bandwidth.

CIST 8 Indicates the ID of the regional root switch on

Regional the CIST. If the root is in this region, the CIST
Root Regional Root Identifier is the same as the CIST
Identifier Root Identifier.

CIST Port 2 Indicates the ID of the designated port in the

Identifier IST.

Message Age 2 Indicates the lifecycle of the BPDU.

Max Age 2 Indicates the maximum lifecycle of the BPDU. If

the Max Age timer expires, the link to the root is
considered faulty.

Hello Time 2 Indicates the Hello timer value. The default

value is 2 seconds.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 736

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Field Length Description

(Bytes)

Forward 2 Indicates the forwarding delay timer. The default

Delay value is 15 seconds.

Version 1 1 Indicates the BPDUv1 length, which has a fixed

Length value of 0.

Version 3 2 Indicates the BPDUv3 length.

Length

MST 51 Indicates the MST configuration identifier, which

Configuratio has four fields.
n Identifier

CIST Internal 4 Indicates the total path costs from the local port
Root Path to the IST master. This value is calculated based
Cost on link bandwidth.

CIST Bridge 8 Indicates the ID of the designated switch on the

Identifier CIST.

CIST 1 Indicates the number of remaining hops of the

Remaining BPDU in the CIST.
Hops

MSTI 16 Indicates an MSTI configuration message. Each

Configuratio MSTI configuration message occupies 16 bytes.
n If there are n MSTIs, MSTI configuration
Messages(m messages are n*16 bytes long.
ay be
absent)

Configurable Format of MST BPDUs

There are two formats of MST BPDUs:
● dot1s: BPDU format defined in IEEE 802.1s
● legacy: private BPDU format
Remote devices must transmit and receive the same MST BPDU format. If MST
BPDU formats are different, loops may occur.
To configure ports on a Huawei switch to automatically adopt the BPDU format of
the remote device, use the stp compliance command. The following modes can
be set on Huawei switches:
● auto
● dot1s
● legacy
In auto mode, a port uses the dot1s BPDU format by default, but switches format
if legacy BDPUs are received from the remote end.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 737

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Maximum Number of BPDUs Sent by a Port at a Hello Interval

The maximum number of BPDUs sent by a port during a Hello interval can be
configured on Huawei switches.

The number of BPDUs sent during a Hello interval increases as the Hello Time
value is increased. Setting the Hello Time to a smaller value limits the number of
BPDUs sent by a port during a Hello interval, which helps prevent network
topology flapping and excessive use of bandwidth resources by BPDUs.

15.2.4 MSTP Topology Calculation

MSTP can divide the entire Layer 2 network into multiple MST regions. The CST is
generated through calculation. In an MST region, multiple spanning trees are
calculated, each of which is called an MSTI. Among these MSTIs, MSTI 0 is also
known as the internal spanning tree (IST). Like STP, MSTP uses configuration
messages to calculate spanning trees. These configuration messages, however, are
MSTP-specific.

Vectors
Both MSTIs and the CIST are calculated based on vectors, carried in MST BPDUs.

There are seven types of vectors used to calculate MSTIs and the CIST. Each vector
carries a priority value. For each vector, smaller priority values indicate higher
priorities.

If the priority of a vector carried in the configuration message of a BPDU received

by a port is higher than the priority of the vector in the configuration message
saved on the port, the port replaces the saved configuration message with the
received message and updates the global configuration message saved on the
device.

If the priority of a vector carried in the configuration message of a BPDU received

on a port is equal to or lower than that saved on the port, the port discards the
BPDU. Table 15-5 describes each vector.

Table 15-5 Vector description

Vector Name Description

Root ID Identifies the root switch for the CIST. The root identifier
consists of the priority value (16 bits) and MAC address (48
bits).
The priority value is the priority of MSTI 0.

External root Indicates the path cost from a CIST regional root to the root.
path cost (ERPC) ERPCs are the same on all switches in an MST region. If the
CIST root is in an MST region, all ERPCs in that MST region
are set to 0.

Regional root ID Identifies the MSTI regional root and consists of the priority
value (16 bits) and MAC address (48 bits).
The priority value is the priority of MSTI 0.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 738

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Vector Name Description

Internal root Indicates the path cost from the local bridge to the regional
path cost (IRPC) root. The IRPC saved on a regional edge port must be
greater than the IRPC saved on a non-regional edge port.

Designated Identifies the nearest upstream bridge on the path from the
switching device local bridge to the regional root. If the local bridge is the
ID root or the regional root, this ID is the same as the local
bridge ID.

Designated port Identifies the port on the designated switch connected to the
ID root port on the local bridge. The designated port ID consists
of the priority value (4 bits) and port number (12 bits). The
priority value must be a multiple of 16.

Receiving port Identifies the port receiving the BPDU. The receiving port ID
ID consists of the priority value (4 bits) and port number (12
bits). The priority value must be a multiple of 16.

The following vectors are used in CIST calculation:

● Root ID
● External root path cost
● Regional root ID
● Internal root path cost
● Designated switch ID
● Designated port ID
● Receiving port ID

The following vectors are used in MSTI calculation:

● Regional root ID
● Internal root path cost
● Designated switch ID
● Designated port ID
● Receiving port ID
NOTE

The preceding vectors are listed in descending order of priority.

Vectors are compared in the following sequence:

● Root IDs
● ERPCs
● Regional root IDs
● IRPCs
● Designated switch IDs

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 739

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

● Designated port IDs

● Receiving port IDs

If the vectors being compared are the same, the next vector in the list is
compared. If the vectors being compared are different, the remaining vectors are
not compared

CIST Calculation
After comparing the vectors, the switch with the highest priority on the entire
network is selected as the CIST root. MSTP calculates an IST for each MST region,
and calculates a CST to interconnect MST regions. The CST and ISTs form a CIST
for the entire network.

MSTI Calculation
In an MST region, MSTP independently calculates an MSTI for each VLAN based
on mappings between VLANs and MSTIs. The calculation process is similar to that
used by STP to calculate a spanning tree. For details, see 14.2.4 STP Topology
Calculation.

MSTIs have the following characteristics:

● The spanning tree is calculated independently for each MSTI. Spanning trees
of MSTIs are independent of each other.
● Spanning trees of MSTIs can have different roots and topologies.
● Each MSTI sends BPDUs in its spanning tree.
● The topology of each MSTI is configured by using commands.
● A port can be configured with different parameters for different MSTIs.
● A port can play different roles or have different status in different MSTIs.

On an MSTP-aware network, a VLAN packet is forwarded along the following

paths:
● MSTI in an MST region
● CST among MST regions

MSTP Responding to Topology Changes

MSTP topology changes are processed in a similar manner to how RSTP topology
changes are processed. For details, see 14.2.6 RSTP Technology Details.

15.2.5 MSTP Fast Convergence

MSTP supports both ordinary and enhanced Proposal/Agreement (P/A)
mechanisms:
● Ordinary P/A
Ordinary P/A mechanism supported by MSTP is implemented in the same
manner as that supported by RSTP. For details, see 14.2.6 RSTP Technology
Details.
● Enhanced P/A

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 740

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Figure 15-8 Enhanced P/A mechanism

Upstream Downstream
device device

Send a proposal so
that the port can
rapidly enter the
Forwarding state Configure the root port
and block non-edge ports
Send an agreement
The root port
The designated enters the
port enters the Send an agreement Forwarding state
Forwarding state
Root port
Designated port

Enhanced P/A works as follows:

a. At the beginning of the negotiation, all devices consider themselves as
the root bridge, and all ports on the root bridge are designated ports in
Discarding state. When the synced variable is set to 1, the Proposal and
Agreement fields are set to 1. The upstream device sends a proposal to
the downstream device, indicating that the port connecting to the
downstream device wants to enter the Forwarding state. After receiving
this BPDU, the downstream device sets its port connected to the
upstream device as the root port, and blocks all non-edge ports.
b. The upstream device sends an agreement BPDU. After receiving this
BPDU, the root port enters the Forwarding state.
c. The downstream device replies with an agreement BPDU. After receiving
this BPDU, the upstream device sets its port connected to the
downstream device as the designated port, and the port enters the
Forwarding state.
By default, Huawei switches use fast transition in enhanced P/A. To enable a
Huawei switch to communicate with a third-party device that uses fast transition
in common P/A, configure the Huawei switch to use ordinary P/A.

15.2.6 MSTP Multi-Process

Background
MSTP multi-process is an enhancement to MSTP and allows ports on switching
devices to be bound to different processes. A process controls a ring composed of
switches, which means that only the ports bound to a process can participate in
MSTP calculation for this process.
With MSTP multi-process, spanning trees of different processes are calculated
independently and do not affect each other.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 741

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

The network shown in Figure 15-9 can be divided into multiple MSTP processes
by using MSTP multi-process. In Figure 15-9:

● User-facing Provider Edges (UPEs) are deployed at the aggregation layer,

running MSTP.
● UPE1 and UPE2 are connected by a Layer 2 link.
● Multiple rings are connected to UPE1 and UPE2 through different ports.
● Switching devices on the rings reside at the access layer, running STP or RSTP.
Because UPE1 and UPE2 work for different carriers, they reside on different
spanning trees so that their topology changes do not affect each other.

Figure 15-9 Application of both MSTP and STP/RSTP

MPLS/IP Core

Core
UPE4 UPE3

Aggregation
MSTP

UPE1 UPE2

STP/RSTP

S1 S4
Access

S2 S3

NOTE

MSTP multi-process is applicable to MSTP, RSTP, and STP.

Purpose
MSTP multi-process provides the following benefits:
● Greatly improves the applicability of STP to different networking conditions.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 742

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

On a network running different spanning tree protocols, devices that run

different spanning tree protocols can be bound to different processes,
allowing every process to calculate a separate, independent spanning tree.
● Improves networking reliability.
Network topology is calculated for each process so that, if a device fails, only
the topology corresponding to the process that the device belongs to is
affected. On a network with many Layer 2 access devices, MSTP multi-process
reduces the adverse effect of a single node failure on the entire network.
● Reduces the network administrator workload during network expansion.
To expand a network, a network administrator must configure new processes,
connect the processes to the existing network, and keep the existing MSTP
processes unchanged. If device expansion is performed in a process, only this
process needs to be modified.
● Implements separate Layer 2 port management
An MSTP process manages separate port functions on a device. Layer 2 ports
on a device are separately managed by multiple MSTP processes.

Additional Concepts
● Public link status
In Figure 15-9, the public link between UPE1 and UPE2 is a Layer 2 link
running MSTP. This public link is different from the links that connect
switching devices to UPEs. The ports on the public link need to participate in
the calculation for multiple access rings and MSTP processes. Therefore, the
UPEs must identify the process from which MST BPDUs are sent.
In addition, a port on the public link participates in the calculation for
multiple MSTP processes, and obtains different status. As a result, the port
cannot determine its status.
To prevent this situation, the port always adopts its status in MSTP process 0
when participating in the calculation for multiple MSTP processes.
NOTE

By default, MSTP process 0 is created when a device starts, and MSTP configurations
in the system view and interface view belong to this process.
● Reliability
On the network shown in Figure 15-10, after the topology of a ring changes,
the MSTP multi-process mechanism helps UPEs flood a TC BPDU to all devices
on the ring and prevent the TC BPDU from being flooded to devices on the
other ring. UPE1 and UPE2 update MAC and ARP entries on the ports
corresponding to the changed spanning tree.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 743

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Figure 15-10 MSTP multi-process topology change

MPLS/IP Core

Core
UPE4 UPE3

Aggregation
MSTP

UPE1 UPE2

STP/RSTP

S1 S4

Access
S3
S2

Topology change

Flood STP/RSTP TC BPDUs at the access layer

Flood STP/RSTP TC BPDUs at the aggregation layer

On the network shown in Figure 15-11, if the public link between UPE1 and
UPE2 fails, multiple switching devices that are connected to the UPEs will
unblock their blocked ports.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 744

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Figure 15-11 Public link fault

MPLS/IP Core

Core
UPE4 UPE3

Aggregation
MSTP

UPE1 UPE2

STP/RSTP

Access
S2 S4

S1 S3

UPE1 is configured with the highest priority, UPE2 with the second highest
priority, and all other switches with default or lower priorities. After the link
between UPE1 and UPE2 fails, the blocked ports (replacing the root ports) on
switching devices no longer receive packets with higher priorities, triggering
state machine calculation. If the calculation changes the blocked ports to
designated ports, a permanent loop forms, as shown in Figure 15-12.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 745

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Figure 15-12 Loop between access rings

Core
MPLS/IP Core

UPE4 UPE3

Aggregation
MSTP

UPE1 UPE2

STP/RSTP

Access
S2 S4

S1 S3

Flood MSTP TC BPDUs at the aggregation layer

Flood STP/RSTP TC BPDUs at the access layer

● Loop prevention solutions

To prevent a loop from occurring between access rings, use either of the
following solutions:
– Configure an inter-board Eth-Trunk link between UPE1 and UPE2.
An inter-board Eth-Trunk link can be used as the public link between
UPE1 and UPE2 to improve link reliability, as shown in Figure 15-13.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 746

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Figure 15-13 inter-board Eth-Trunk link

MPLS/IP Core

Core
UPE4 UPE3

Aggregation
MSTP

UPE1 UPE2
Eth-Trunk

STP/RSTP

Access
S2 S4

S1 S3

– Configure root protection between UPE1 and UPE2.

If all physical links between UPE1 and UPE2 fail, configuring an inter-
board Eth-Trunk link cannot prevent the loop. Root protection can be
configured to prevent the loop, as shown in Figure 15-12.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 747

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Figure 15-14 MSTP multi-process with root protection

Core
MPLS/IP Core

UPE4 UPE3

Aggregation
MSTP

UPE1 UPE2

Root
protection
S2
S4

Access
STP/RSTP

S1 S3

The blue ring in Figure 15-14 is used as an example. UPE1 is configured

with the highest priority, UPE2 with the second highest priority, and
switching devices on the blue ring with default or lower priorities. Root
protection is enabled on UPE2.
If a port on S1 is blocked, when the public link between UPE1 and UPE2
fails, the blocked port on S1 starts to perform state machine calculation.
After calculation, the blocked port becomes the designated port and
performs P/A negotiation with the downstream device.
After S1 sends BPDUs of higher priorities to the UPE2 port enabled with
root protection, the port is blocked. The port remains blocked because it
continues to receive BPDUs of higher priorities, which prevents loops
from occurring.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 748

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

15.3 Application Scenarios for MSTP

Application of MSTP

Figure 15-15 Network of a typical MSTP application

MST Region
S1 S2
all VLAN

VLAN
VLAN VLAN
10&20 VLAN
20&30 20&30
10&20

VLAN
S3 20&40 S4

MSTP allows packets in different VLANs to be forwarded by using different

spanning tree instances. An example of a network using MSTP is shown in Figure
15-15. The network is configured in the following ways:

● All devices on the network belong to the same MST region.

● VLAN 10 packets are forwarded within MSTI 1.
● VLAN 30 packets are forwarded within MSTI 3.
● VLAN 40 packets are forwarded within MSTI 4.
● VLAN 20 packets are forwarded within MSTI 0.

In Figure 15-15, S1 and S2 are devices at the aggregation layer, and S3 and S4 are
devices at the access layer. Traffic from VLAN 10 and VLAN 30 is terminated by
aggregation devices, and traffic from VLAN 40 is terminated by the access device.
Therefore, S1 and S2 can be configured as the roots of MSTI 1 and MSTI 3, and S3
can be configured as the root of MSTI 4.

Application of MSTP Multi-process

In Figure 15-16, the UPEs are connected to each other through Layer 2 links and
enabled with MSTP. The rings connected to the UPEs must be independent of each
other. The devices on the rings connected to the UPEs support only RSTP, not
MSTP.

After MSTP multi-process is enabled, each MSTP process corresponds to a ring

connected to the UPE. STP on each ring calculates a tree independently.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 749

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Figure 15-16 Application of both MSTP and STP/RSTP

MPLS/IP Core

Core
UPE4 UPE3

Aggregation
MSTP

UPE1 UPE2

STP/RSTP

S1 S4

Access
S2 S3

15.4 Summary of MSTP Configuration Tasks

Table 15-6 lists the configuration task summary of MSTP.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 750

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Table 15-6 MSTP configuration tasks

Task Description Reference

Configure basic MSTP MSTP is commonly 15.7 Configuring MSTP

functions. configured on switches
to trim a ring network to
a loop-free network.
Devices start spanning
tree calculation after the
working mode is set and
MSTP is enabled. Use
any of the following
methods if you need to
intervene in the
spanning tree
calculation:
● Manually configure
the root bridge and
secondary root bridge.
● Set a priority for a
switch in an MSTI.
● Set a path cost for a
port in an MSTI.
● Set a priority for a
port in an MSTI.

Configure MSTP multi- On a network deployed 15.8 Configuring MSTP

process. with Layer 2 single- Multi-Process
access rings and multi-
access rings, configure
multiple MSTP processes
so that spanning trees of
different processes are
calculated independently
and do not affect each
other.

Configure MSTP Setting optimal MSTP 15.9 Configuring MSTP

parameters on an parameters achieve rapid Parameters on an
interface. convergence. Interface

Configure MSTP You can configure one or 15.10 Configuring

protection functions. more functions. MSTP Protection
Functions

Configure MSTP To communicate with a 15.11 Configuring

interoperability between non-Huawei device, set MSTP Interoperability
Huawei devices and non- proper parameters on Between Huawei and
Huawei devices. the MSTP-enabled Non-Huawei Devices
Huawei device.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 751

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

15.5 Licensing Requirements and Limitations for MSTP

Involved Network Elements

Other network elements also need to support MSTP.

Licensing Requirements
MSTP configuration commands are available only after the S1720GW, S1720GWR,
and S1720X have the license (WEB management to full management Electronic
RTU License) loaded and activated and the switches are restarted. MSTP
configuration commands on other models are not under license control.
For details about how to apply for a license, see S Series Switch License Use
Guide.

Version Requirements

Table 15-7 Products and versions supporting MSTP

Product Product Software Version
Model

S1700 S1720GFR V200R006C10, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S1720GW, V200R010C00, V200R011C00, V200R011C10

S1720GWR

S1720GW- V200R010C00, V200R011C00, V200R011C10

E,
S1720GWR
-E

S1720X, V200R011C00, V200R011C10

S1720X-E

Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.

S2700 S2700SI Not supported

S2700EI V100R005C01, V100R006(C00&C01&C03&C05)

S2710SI V100R006(C03&C05)

S2720EI V200R006C10, V200R009C00, V200R010C00,

V200R011C10

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 752

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Product Product Software Version

Model

S2750EI V200R003C00, V200R005C00SPC300, V200R006C00,

V200R007C00, V200R008C00, V200R009C00,
V200R010C00, V200R011C00, V200R011C10

S3700 S3700SI V100R005C01, V100R006(C00&C01&C03&C05)

S3700EI V100R005C01, V100R006(C00&C01&C03&C05)

S3700HI V100R006C01, V200R001C00

S5700 S5700LI V200R001C00, V200R002C00,

V200R003(C00&C02&C10), V200R005C00SPC300,
V200R006C00, V200R007C00, V200R008C00,
V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5700S-LI V200R001C00, V200R002C00, V200R003C00,

V200R005C00SPC300, V200R006C00, V200R007C00,
V200R008C00, V200R009C00, V200R010C00,
V200R011C00, V200R011C10

S5710-C-LI V200R001C00

S5710-X-LI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S5700EI V100R005C01, V100R006(C00&C01),

V200R001(C00&C01), V200R002C00, V200R003C00,
V200R005(C00&C01&C02&C03)

S5700SI V100R005C01, V100R006C00, V200R001C00,

V200R002C00, V200R003C00, V200R005C00

S5710EI V200R001C00, V200R002C00, V200R003C00,

V200R005(C00&C02)

S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10

S5720LI, V200R010C00, V200R011C00, V200R011C10

S5720S-LI

S5720SI, V200R008C00, V200R009C00, V200R010C00,

S5720S-SI V200R011C00, V200R011C10

S5700HI V100R006C01, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00SPC500&C01&C02)

S5710HI V200R003C00, V200R005(C00&C02&C03)

S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5730SI V200R011C10

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 753

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Product Product Software Version

Model

S5730S-EI V200R011C10

S6700 S6700EI V100R006C00, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00&C01&C02)

S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, V200R011C00, V200R011C10

S6720S-LI

S6720SI, V200R011C00, V200R011C10

S6720S-SI

NOTE
To know details about software mappings, see Hardware Query Tool.

Feature Limitations
● Table 15-8 lists the specification of MSTP.

Table 15-8 Specification of MSTP

Item Specification

Maximum number of instances on 65

the entire system

● MSTP BPDUs may be discarded in a scenario wherein there are many MSTIs
and MSTP multi-process is configured. This is due to the default CIR of STP
being insufficient. (The default CIR of STP is insufficient because the length of
MSTP BPDUs increases as the number of MSTIs increases, and the number of
outgoing MSTP BPDUs increases when MSTP multi-process is configured.) To
avoid this situation, increase the CIR of STP.
If the CPCAR values are adjusted improperly, network services are affected. To
adjust the CPCAR values of STP BPDUs, contact technical support personnel.
● Enabling MSTP on a ring network immediately triggers spanning tree
calculation. If basic configurations are not performed on switches and
interfaces before MSTP is enabled, network flapping may occur upon changes
to parameters such as device priority and interface priority.

15.6 Default Settings for MSTP

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 754

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Parameter Default Setting

Working mode MSTP

MSTP status MSTP is enabled globally and on an interface.

Switching device priority 32768

Port priority 128

Algorithm used to calculate dot1t, IEEE 802.1t

the path cost

Forward Delay Time 1500 centiseconds

Hello Time 200 centiseconds

Max Age Time 2000 centiseconds

15.7 Configuring MSTP

Context
MSTP based on the basic STP/RSTP function divides a switching network into
multiple regions, each of which has multiple spanning trees that are independent
of each other. MSTP isolates different VLANs' traffic, and load-balances VLAN
traffic. MSTP is configured on switches to trim a ring network to a loop-free
network. Devices start spanning tree calculation after the working mode is set and
MSTP is enabled. To intervene in the spanning tree calculation, use any of the
following methods:

● Manually configure the root bridge and secondary root bridge.

● Set a priority for a switch in an MSTI. The lower the numerical value, the
higher the priority of the switch and the more likely the switch becomes a
root bridge.
● Set a path cost for a port in an MSTI. The lower the numerical value, the
smaller the cost of the path from the port to the root bridge and the more
likely the port becomes a root port (assuming the same calculation method is
used).
● Set a priority for a port in an MSTI. The lower the numerical value, the more
likely the port becomes a designated port.

15.7.1 Configuring the MSTP Mode

Context
Before configuring basic MSTP functions, set the working mode of a switch to
MSTP. MSTP is compatible with STP and RSTP.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 755

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run stp mode mstp
The working mode of the switch is set to MSTP. By default, the working mode is
MSTP.
MSTP can recognize RSTP BPDUs and, conversely, RSTP can recognize MSTP
BPDUs. However, MSTP and STP cannot recognize each other's BPDUs. To enable
devices running different spanning tree protocols to interwork with each other,
interfaces of an MSTP-enabled switch connected to devices running STP
automatically transition to STP mode; other interfaces continue to work in MSTP
mode.

----End

15.7.2 Configuring and Activating an MST Region

Context
An MST region contains multiple switches and network segments. These switches
are directly connected and, after MSTP is enabled, have the same region name,
VLAN-to-MSTI mapping, and configuration revision number. One switching
network can have multiple MST regions. Running MSTP commands allows you to
group multiple switches into one MST region.

NOTE

Two switches belong to the same MST region when they have the same:
● Name of the MST region
● Mapping between VLANs and MSTIs
● Revision level of the MST region

Perform the following steps on a switch that needs to join an MST region.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run stp region-configuration
The MST region view is displayed.
Step 3 Run region-name name
The name of an MST region is configured.
By default, the MST region name is the MAC address of the bridge MAC of the
switch.
Step 4 Perform either of the following steps to configure VLAN-to-instance mappings.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 756

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

● Run the instance instance-id vlan { vlan-id1 [ to vlan-id2 ] }&<1-10>

command to configure VLAN-to-instance mappings.
● Run the vlan-mapping modulo modulo command to enable VLAN-to-
instance mapping assignment based on a default algorithm.
By default, all VLANs in an MST region are mapped to MSTI 0.
● The VLAN-to-instance mappings generated using the vlan-mapping modulo
modulo commands cannot meet network requirements. It is recommended
that you run the instance instance-id vlan { vlan-id1 [ to vlan-id2 ] }&<1-10>
command to configure VLAN-to-instance mappings.
● The vlan-mapping modulo specifies the formula (VLAN ID-1)%modulo+1. In
the formula, (VLAN ID-1)%modulo means the remainder of (VLAN ID-1)
divided by the value of modulo. This formula is used to map a VLAN to the
corresponding MSTI. The calculation result of the formula is the ID of the
mapping MSTI.
● To configure the mapping between a spanning tree instance and a MUX
VLAN, you are advised to configure the principal VLAN, subordinate group
VLANs, and subordinate separate VLANs of the MUX VLAN in the same
protected instance. Otherwise, loops may occur.
Step 5 (Optional) Run revision-level level
The MSTP revision number is set.
By default, the MSTP revision number is 0.
MSTP is a standard protocol; therefore, the MSTP revision level of a device is 0 by
default. If the revision level of some devices from a specified manufacturer is not
0, you must change the value to 0 to facilitate tree calculation in an MST region.

NOTE

Changing MST region configurations (especially changes in the VLAN mapping table)
triggers spanning tree recalculation and may cause route flapping. Therefore:
● After configuring an MST region name, VLAN-to-MSTI mappings, and an MSTP revision
number, run the check region-configuration command in the MST region view to
verify the configuration. After confirming the region configurations, run the active
region-configuration command to activate MST region configurations.
● You are advised not to modify MST region parameters after the MST region is activated.

Step 6 Run active region-configuration

MST region configurations are activated so that the configured region name,
VLAN-to-MSTI mappings, and revision number can take effect.
The preceding configurations do not take effect until this command is run.
If MST region configurations on the switch change after MSTP starts, the active
region-configuration command must be run before the changes take effect.
Before using the active region-configuration command to activate the modified
MST region parameters, run the check region-configuration command to check
whether parameters are correct. After the active region-configuration command
is run, if a message that indicates an activation failure is displayed, reconfigure
MSTP parameters.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 757

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

15.7.3 (Optional) Configuring the Root Bridge and Secondary

Root Bridge

Context
MSTP can calculate the root bridge or you can manually configure the root bridge
or secondary root bridge. Manually configuring the root bridge and secondary root
bridge is recommended.

A switch can function as a root bridge or a secondary root bridge in a spanning

tree. It can also function as the root bridge or secondary root bridge of another
spanning tree. In a spanning tree:
● Only one root bridge takes effect. If two or more root bridges are specified in
a spanning tree, the device with the smallest MAC address is used.
● Multiple secondary root bridges can be specified. If the root bridge fails or is
powered off and no new root bridge is specified, the secondary root bridge
with smallest MAC address will become the root bridge of the spanning tree.

Procedure
● Perform the following operations on the device to be used as the root bridge.
a. Run system-view

The system view is displayed.

b. Run stp [ instance instance-id ] root primary

The device is configured as the root bridge.

By default, a switch does not function as the root bridge. After the
configuration is complete, the priority value of the device is 0 (this value
cannot be modified).

If instance is not specified, the device in MSTI 0 is a root bridge.

● Perform the following operations on the device to be used as the secondary
root bridge.
a. Run system-view

The system view is displayed.

b. Run stp [ instance instance-id ] root secondary

The device is configured as the secondary root bridge.

By default, a switch does not function as the secondary root bridge. After
the configuration is complete, the priority value of the device is 4096
(this value cannot be modified).

If instance is not specified, the device in MSTI 0 is a secondary root

bridge.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 758

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

15.7.4 (Optional) Configuring a Priority for a Switch in an

MSTI
Context
In an MSTI, there can be only one root bridge, which is the logical center of the
MSTI. The root bridge should be a high-performance switch; however, the priority
of such a device may not be the highest on the network. To ensure that such a
device is selected as the root bridge, set a low priority for low-performance
switches, and set a high priority for high-performance switches. A smaller priority
value indicates a higher priority.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run stp [ instance instance-id ] priority priority
A priority is set for the switch in an MSTI.
The default priority value of the switch is 32768.
If instance-id is not specified, a priority is set for the switch in MSTI 0.

NOTE

If the stp [ instance instance-id ] root primary or stp [ instance instance-id ] root
secondary command has been executed to configure the device as the root bridge or
secondary root bridge, to change the device priority, run the undo stp [ instance instance-
id ] root command to disable the root bridge or secondary root bridge function and run the
stp [ instance instance-id ] priority priority command to set a priority.

----End

15.7.5 (Optional) Configuring a Path Cost of a Port in an MSTI

Context
A path cost is port-specific and is used by MSTP to select a link.
Path costs of ports are an important metric used in spanning tree calculation and
determine root port selection in an MSTI. The port with the lowest path cost to
the root bridge is selected as the root port. Setting different path costs for a port
in different MSTIs allows VLAN traffic to be transmitted along different physical
links for load balancing.
If loops occur on a network, it is recommended that you set a large path cost for
ports with low link rates.

Procedure
Step 1 Run system-view
The system view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 759

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Step 2 Run stp pathcost-standard { dot1d-1998 | dot1t | legacy }

A path cost calculation method is configured.
By default, the IEEE 802.1t standard (dot1t) is used to calculate the path cost.
All switches on a network must use the same path cost calculation method.
Step 3 Run interface interface-type interface-number
The Ethernet interface view is displayed.
Step 4 Run stp instance instance-id cost cost
A path cost is set for the port in the current MSTI.
● When the Huawei calculation method is used, cost ranges from 1 to 200000.
● When the IEEE 802.1d standard method is used, cost ranges from 1 to 65535.
● When the IEEE 802.1t standard method is used, cost ranges from 1 to
200000000.
----End

15.7.6 (Optional) Configuring a Port Priority in an MSTI

Context
During spanning tree calculation, port priorities in MSTIs determine which ports
are selected as designated ports.
To block a port in an MSTI to eliminate loops, set the port priority to a value
larger than the default value. This port will be blocked during designated port
selection.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The Ethernet interface view is displayed.
Step 3 Run stp instance instance-id port priority priority
A port priority is set in an MSTI.
By default, the port priority is 128.
The priority value ranges from 0 to 240, in increments of 16.
----End

15.7.7 Enabling MSTP

Context
Enabling MSTP on a ring network immediately triggers spanning tree calculation.
If basic configurations are not performed on switches and interfaces before MSTP

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 760

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

is enabled, network flapping may occur upon changes to parameters such as

device priority and interface priority.

Procedure
Step 1 Run system-view

The system view is displayed.

STP/RSTP-enabled devices calculate spanning trees by exchanging BPDUs.

Therefore, all the interfaces participating in spanning tree calculation must be
enabled to send BPDUs to the CPU for processing. By default, an interface is
enabled to send BPDUs to the CPU. You can run the bpdu enable command in
interface view to enable an interface to send BPDUs to the CPU. The S5720EI,
S5720HI, S6720EI, and S6720S-EI do not support the bpdu command.

Step 2 Run stp enable

MSTP is enabled on the switch.

By default, the MSTP function is enabled on the device.

NOTE

If the management network interface for an MSTP-enabled device is a VLANIF interface of

a VLAN, run the ethernet-loop-protection ignored-vlan command to specify this VLAN as
an ignored VLAN. During MSTP calculation, the interface on which the ignored VLAN is
configured remains in forwarding state. Therefore, services are not interrupted.
After MSTP is enabled on a port, edge port detection is started automatically. If the port
fails to receive BPDU packets within (2 x Hello Timer + 1) seconds, the port is set to an
edge port. Otherwise, the port is set to a non-edge port.

NOTE

For the S1720GFR, S2750EI, S5700LI, and S5700S-LI, a maximum of 64 STP-enabled ports in Up
state are recommended. If there are more than 64 STP-enabled ports in Up state, the CPU may
be affected and faults such as protocol flapping may occur.
For the S1720GW, S1720GWR, S1720GW-E, S1720GWR-E, S2720EI, S5710-X-LI, S5720LI, S5720S-
LI, S5730SI, S5730S-EI, S1720X, S1720X-E, S6720LI, S6720S-LI, S6720SI, S6720S-SI, S5720SI, and
S5720S-SI, a maximum of 128 STP-enabled ports in Up state are recommended. If there are
more than 128 STP-enabled ports in Up state, the CPU may be affected and faults such as
protocol flapping may occur.
For the S5720EI, a maximum of 200 STP-enabled ports in Up state are recommended. If there
are more than 200 STP-enabled ports in Up state, the CPU may be affected and faults such as
protocol flapping may occur.
For the S5720HI, S6720EI, and S6720S-EI, a maximum of 256 STP-enabled ports in Up state are
recommended. If there are more than 256 STP-enabled ports in Up state, the CPU may be
affected and faults such as protocol flapping may occur.

----End

Follow-up Procedure
If the topology of a spanning tree changes, the forwarding paths to associated
VLANs are changed. On the switch, therefore, the ARP entries corresponding to
these VLANs need to be updated. MSTP processes ARP entries in either fast or
normal mode.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 761

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

● In fast mode, ARP entries to be updated are directly deleted.

● In normal mode, ARP entries to be updated are rapidly aged.
The remaining lifetime of ARP entries to be updated is set to 0. The switch
rapidly processes these aged entries. If the number of ARP aging probe
attempts is not set to 0, ARP implements aging probe for these ARP entries.

To specify which mode is used for STP/RSTP convergence, run the stp converge
{ fast | normal } command in the system view.

By default, the normal MSTP convergence mode is used.

NOTE

If fast mode is used, ARP entries are frequently deleted. This causes high CPU usage on the
device (reaching 100%) and results in frequent network flapping. Therefore, using normal
mode is recommended.

15.7.8 Verifying the Basic MSTP Configuration

Procedure
● Run the display stp [ instance instance-id ] [ interface interface-type
interface-number | slot slot-id ] [ brief ] command to view spanning-tree
status and statistics.
● Run the display stp region-configuration command to view configurations
of activated MST regions.
● Run the display stp region-configuration digest command to view the
digest configurations of activated MST regions.

----End

15.8 Configuring MSTP Multi-Process

Pre-configuration Tasks
MSTP ensures that spanning trees in rings are calculated independently. After
MSTP multi-process is enabled, each MSTP process can manage certain ports on a
device. Each Layer 2 interface can be managed by multiple MSTP processes.

Before configuring MSTP multi-process, complete and activate the MST region
configuration.

15.8.1 Creating an MSTP Process

Context
A process ID uniquely identifies an MSTP process. After the ports on an MSTP-
enabled device are bound to different processes, the switch performs MSTP
calculation based on processes, with only relevant ports in each process taking
part in MSTP calculation. To create an MSTP process, perform the following
procedure on the devices connected to access rings.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 762

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run stp process process-id

An MSTP process is created and the MSTP process view is displayed.

Step 3 Run stp mode mstp

A working mode is configured for the MSTP process.

The default mode is MSTP.

NOTE

● A default MSTP process with the ID 0 is established when a device starts. MSTP
configurations in the system view and interface view belong to this process. The default
working mode of this process is MSTP.
● To add an interface to an MSTP process whose ID is not 0, run the stp process
command followed by the stp binding process command.

----End

15.8.2 Adding a Port to an MSTP Process

Context
After being added to MSTP processes, interfaces can participate in MSTP
calculation. The links connecting MSTP-enabled devices and access rings are called
access links, and the link shared by multiple access rings is called a shared link.
Interfaces on this shared link participate in MSTP calculation in multiple access
rings and MSTP processes.

Procedure
● Adding a port on an access link to an MSTP process
a. Run system-view

The system view is displayed.

b. Run interface interface-type interface-number

The Ethernet interface view is displayed.

The interface specified in this command must be the interface that

connects the device and the access ring.
c. Run stp binding process process-id

The port is added to the specified MSTP process.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 763

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

NOTE

On the S5720EI, S5720HI, S6720EI, and S6720S-EI, if an interface joining the

MSTP process has sub-interfaces configured with other features such as VPLS,
run the stp vpls-subinterface enable command. The main interface can then
notify its sub-interfaces to update MAC address entries and ARP entries after
receiving a TC-BPDU. This prevents service interruption. In addition, root
protection needs to be configured on the main interface.
● Adding a port on a shared link to an MSTP process
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The view of the Ethernet interface that participates in spanning tree
calculation is displayed.
The interface specified in this command must be an interface on the
shared link between the devices configured with MSTP multi-process. It
cannot be an interface that connects an access ring and device.
c. Run stp binding process process-id1 [ to process-id2 ] link-share
The port is added to multiple MSTP processes to complete MSTP
calculation.

NOTE

In an MSTP process where there are multiple shared links, run the stp enable
command in the MSTP multi-instance view. On an interface that is added to an
MSTP process, run the stp enable command in the interface view.

----End

15.8.3 (Optional) Configuring the Root Bridge and Secondary

Root Bridge
Context
MSTP can calculate the root bridge or you can manually configure the root bridge
or secondary root bridge. Manually configuring the root bridge and secondary root
bridge is recommended.
A switch can function as a root bridge or a secondary root bridge in a spanning
tree. It can also function as the root bridge or secondary root bridge of another
spanning tree. In a spanning tree:
● Only one root bridge takes effect. If two or more root bridges are specified in
a spanning tree, the device with the smallest MAC address is used.
● Multiple secondary root bridges can be specified. If the root bridge fails or is
powered off and no new root bridge is specified, the secondary root bridge
with smallest MAC address will become the root bridge of the spanning tree.

Procedure
● Perform the following operations on the device to be used as the root bridge.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 764

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

a. Run system-view
The system view is displayed.
b. Run stp process process-id
The MSTP process view is displayed.
c. Run stp [ instance instance-id ] root primary
The device is configured as the root bridge.
By default, a switch does not function as the root bridge. After the
configuration is complete, the priority value of the device is 0 (this value
cannot be modified).
If instance is not specified, the device in MSTI 0 is a root bridge.
● Perform the following operations on the device to be used as the secondary
root bridge.
a. Run system-view
The system view is displayed.
b. Run stp process process-id
The MSTP process view is displayed.
c. Run stp [ instance instance-id ] root secondary
The device is configured as the secondary root bridge.
By default, a switch does not function as the secondary root bridge. After
the configuration is complete, the priority value of the device is 4096
(this value cannot be modified).
If instance is not specified, the device in MSTI 0 is a secondary root
bridge.
----End

15.8.4 (Optional) Configuring a Priority for a Switch in an

MSTI
Context
In an MSTI, there can be only one root bridge, which is the logical center of the
MSTI. The root bridge should be a high-performance switch; however, the priority
of such a device may not be the highest on the network. To ensure that such a
device is selected as the root bridge, set a low priority for low-performance
switches, and set a high priority for high-performance switches. A smaller priority
value indicates a higher priority.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run stp process process-id

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 765

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

The MSTP process view is displayed.

Step 3 Run stp [ instance instance-id ] priority priority

A priority is set for the switch in an MSTI.

The default priority value of the switch is 32768.

If instance-id is not specified, a priority is set for the switch in MSTI 0.

NOTE

● To configure a switch as the primary root bridge, run the stp [ instance instance-id ]
root primary command directly. The priority value of this switch is 0.
● To configure a switch as the secondary root bridge, run the stp [ instance instance-id ]
root secondary command. The priority value of this switch is 4096.
In an MSTI, a switch cannot act as the primary root bridge and secondary root bridge at
the same time.
● If the stp [ instance instance-id ] root primary or stp [ instance instance-id ] root
secondary command has been executed to configure the device as the root bridge or
secondary root bridge, to change the device priority, run the undo stp [ instance
instance-id ] root command to disable the root bridge or secondary root bridge function
and run the stp [ instance instance-id ] priority priority command to set a priority.

----End

15.8.5 (Optional) Configuring a Path Cost of a Port in an MSTI

Context
A path cost is port-specific and is used by MSTP to select a link.

Path costs of ports are an important metric used in spanning tree calculation and
determine root port selection in an MSTI. The port with the lowest path cost to
the root bridge is selected as the root port. Setting different path costs for a port
in different MSTIs allows VLAN traffic to be transmitted along different physical
links for load balancing.

If loops occur on a network, it is recommended that you set a large path cost for
ports with low link rates. MSTP then blocks these ports.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run stp pathcost-standard { dot1d-1998 | dot1t | legacy }

A path cost calculation method is configured.

By default, the IEEE 802.1t standard (dot1t) is used to calculate the path cost.

All switches on a network must use the same path cost calculation method.

Step 3 Run interface interface-type interface-number

The Ethernet interface view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 766

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Step 4 Run stp binding process process-id

The port is bound to an MSTP process.
Step 5 Run stp [ process process-id ] instance instance-id cost cost
A path cost is set for the port in the current MSTI.
● When the Huawei calculation method is used, cost ranges from 1 to 200000.
● When the IEEE 802.1d standard method is used, cost ranges from 1 to 65535.
● When the IEEE 802.1t standard method is used, cost ranges from 1 to
200000000.

----End

15.8.6 (Optional) Configuring a Port Priority in an MSTI

Context
During spanning tree calculation, port priorities in MSTIs determine which ports
are selected as designated ports.
To block a port in an MSTI to eliminate loops, set the port priority to a value
larger than the default value. This port will be blocked during designated port
selection.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The Ethernet interface view is displayed.
Step 3 Run stp binding process process-id
The port is bound to an MSTP process.
Step 4 Run stp [ process process-id ] instance instance-id port priority priority
A port priority is set in an MSTI.
By default, the port priority is 128.
The priority value ranges from 0 to 240, in increments of 16.

----End

15.8.7 Configuring TC Notification in MSTP Multi-process

Context
After the TC notification function is configured for MSTP multi-process, an MSTP
process can notify the MSTIs in other specified MSTP processes to refresh MAC
address entries and ARP entries after receiving a TC-BPDU. This ensures service

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 767

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

continuity. To configure the TC notification function for MSTP multi-process,

perform the following procedure on the devices connected to access rings.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run stp process process-id

The view of the created MSTP process is displayed.

Step 3 Run stp tc-notify process 0

TC notification is enabled in the MSTP process.

After the stp tc-notify process 0 command is run, the current MSTP process
notifies the MSTIs in MSTP process 0 to update MAC entries and ARP entries after
receiving a TC-BPDU. This prevents services from being interrupted.

----End

15.8.8 Enabling MSTP

Context
After MSTP multi-process is enabled on the switch, you must enable MSTP in the
MSTP process view so that the MSTP configuration can take effect in the MSTP
process.

Enabling MSTP on a ring network immediately triggers spanning tree calculation

on the network. On the switch, configurations such as the switch priority and port
priority affect spanning tree calculation. Any change to these configurations may
cause network flapping. Therefore, to ensure rapid and stable spanning tree
calculation, perform basic configurations on the switch and its ports and enable
MSTP.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run stp process process-id

The view of the created MSTP process is displayed.

Step 3 Run stp enable

MSTP is enabled on the MSTP process of the device.

By default, the MSTP function is enabled on the device.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 768

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

NOTE

For the S1720GFR, S2750EI, S5700LI, and S5700S-LI, a maximum of 64 STP-enabled ports in Up
state are recommended. If there are more than 64 STP-enabled ports in Up state, the CPU may
be affected and faults such as protocol flapping may occur.
For the S1720GW, S1720GWR, S1720GW-E, S1720GWR-E, S2720EI, S5710-X-LI, S5720LI, S5720S-
LI, S5730SI, S5730S-EI, S1720X, S1720X-E, S6720LI, S6720S-LI, S6720SI, S6720S-SI, S5720SI, and
S5720S-SI, a maximum of 128 STP-enabled ports in Up state are recommended. If there are
more than 128 STP-enabled ports in Up state, the CPU may be affected and faults such as
protocol flapping may occur.
For the S5720EI, a maximum of 200 STP-enabled ports in Up state are recommended. If there
are more than 200 STP-enabled ports in Up state, the CPU may be affected and faults such as
protocol flapping may occur.
For the S5720HI, S6720EI, and S6720S-EI, a maximum of 256 STP-enabled ports in Up state are
recommended. If there are more than 256 STP-enabled ports in Up state, the CPU may be
affected and faults such as protocol flapping may occur.

----End

Follow-up Procedure
If the topology of a spanning tree changes, the forwarding paths to associated
VLANs are changed. On the switch, therefore, the ARP entries corresponding to
these VLANs need to be updated. MSTP processes ARP entries in either fast or
normal mode.
● In fast mode, ARP entries to be updated are directly deleted.
● In normal mode, ARP entries to be updated are rapidly aged.
The remaining lifetime of ARP entries to be updated is set to 0. The switch
rapidly processes these aged entries. If the number of ARP aging probe
attempts is not set to 0, ARP implements aging probe for these ARP entries.
In either fast or normal mode, MAC entries are directly deleted.
To specify which mode is used for STP/RSTP convergence, run the stp converge
{ fast | normal } command in the system view.
By default, the normal MSTP convergence mode is used.

NOTICE

If fast mode is used, ARP entries are frequently deleted. This causes high CPU
usage on the device (reaching 100%) and results in frequent network flapping.
Therefore, using normal mode is recommended.

15.8.9 Verifying the MSTP Multi-Process Configuration

Procedure
● Run the display stp process process-id [ instance instance-id ] [ interface
interface-type interface-number | slot slot-id ] [ brief ] command to view
spanning-tree status and statistics.
----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 769

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

15.9 Configuring MSTP Parameters on an Interface

Pre-configuration Tasks
Before configuring MSTP parameters that affect route convergence, configure
MSTP or MSTP multi-process.

15.9.1 Setting the MSTP Network Diameter

Context
Any two terminals on a switching network are connected through a specific path
along multiple devices. The network diameter is the maximum number of devices
between any two terminals. A larger network diameter indicates a larger network
scale.

An improper network diameter may cause slow network convergence and affect
communication. Run the stp bridge-diameter command to set an appropriate
network diameter based on the network scale, which helps speed up convergence.

It is recommended that all devices be configured with the same network diameter.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 (Optional) Run stp process process-id

The MSTP process view is displayed.

NOTE

Skip this step if you perform configurations in the MSTP process 0.

Step 3 Run stp bridge-diameter diameter

The network diameter is configured.

By default, the network diameter is 7.

The switch calculates the optimal Forward Delay period, Hello timer value, and
Max Age timer value based on the specified network diameter.

NOTE
RSTP uses a single spanning tree instance on the entire network, meaning that performance
deterioration cannot be prevented when the network scale increases. Therefore, the network
diameter cannot be larger than 7.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 770

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

15.9.2 Setting the MSTP Timeout Interval

Context
If a device does not receive any BPDUs from the upstream device within the
timeout interval, the device considers the upstream device to have failed and
recalculates the spanning tree.
Sometimes, a device cannot receive the BPDU from the upstream device within
the timeout interval because the upstream device is busy. In this case,
recalculating the spanning tree will cause a waste of network resources. To avoid
wasting network resources, set a long timeout interval on a stable network.
If a switching device does not receive any BPDUs from the upstream device within
the timeout interval, spanning tree recalculation is performed. The timeout
interval is calculated as follows:
Timeout interval = Hello time x 3 x Timer Factor

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 (Optional) Run stp process process-id
The MSTP process view is displayed.

NOTE

Skip this step if you perform configurations in the MSTP process 0.

Step 3 Run stp timer-factor factor

The timeout interval is set, specifying how long the upstream device waits for
BPDUs.
By default, the timeout interval is 9 times the Hello timer value.

----End

15.9.3 Setting the Values of MSTP Timers

Context
The following timers are used in spanning tree calculation:
● Forward Delay: specifies the delay before a state transition. After the topology
of a ring network changes, it takes some time to spread the new
configuration BPDU throughout the entire network. As a result, the original
blocked port may be unblocked before a new port is blocked. When this
occurs, a loop exists on the network. You can set the Forward Delay timer to
prevent loops. When the topology changes, all ports will be temporarily
blocked during the Forward Delay.
● Hello Time: specifies the interval at which hello packets are sent. A device
sends configuration BPDUs at the specified interval to detect link failures. If

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 771

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

the switching device does not receive any BPDUs within the timeout period
(timeout period = Hello Time x 3 x Timer Factor), the device recalculates the
spanning tree.
● Max Age: determines whether BPDUs expire. A switching device determines
that a received configuration BPDU times out when the Max Age expires.
Devices on a ring network must use the same values of Forward Delay, Hello
Time, and Max Age.
You are not advised to directly change the preceding three timers. The three
parameters are relevant to the network scale; therefore, it is recommended that
you set the network diameter so that the spanning tree protocol automatically
adjusts these timers. When the default network diameter is used, the three timers
also retain their default values.

NOTICE

To prevent frequent network flapping, make sure that the Hello Time, Forward
Delay, and Max Age timer values conform to the following formulas:
● 2 x (Forward Delay - 1.0 second) ≥ Max Age
● Max Age ≥ 2 x (Hello Time + 1.0 second)

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 (Optional) Run stp process process-id
The MSTP process view is displayed.

NOTE

Skip this step if you perform configurations in the MSTP process 0.

Step 3 Set Forward Delay, Hello Time, and Max Age.

1. Run stp timer forward-delay forward-delay
The value of Forward Delay of the switch is set.
By default, the value of Forward Delay of the switch is 1500 centiseconds.
2. Run stp timer hello hello-time
The value of Hello Time of the switch is set.
By default, the value of Hello Time of the switch is 200 centiseconds.
3. Run stp timer max-age max-age
The value of Max Age of the switch is set.
By default, the value of Max Age of the switch is 2000 centiseconds.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 772

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

15.9.4 Setting the Maximum Number of Connections in an

Eth-Trunk that Affects Spanning Tree Calculation

Context
The path costs affect spanning tree calculation. Changes of path costs trigger
spanning tree recalculation. The path cost of an interface is affected by its
bandwidth, so you can change the interface bandwidth to affect spanning tree
calculation.

As shown in Figure 15-17, deviceA and deviceB are connected through two Eth-
Trunk links. Eth-Trunk 1 has three member interfaces in Up state and Eth-Trunk 2
has two member interfaces in Up state. Each member link has the same
bandwidth, and deviceA is selected as the root bridge.
● Eth-Trunk 1 has higher bandwidth than Eth-Trunk 2. After STP calculation,
Eth-Trunk 1 on deviceB is selected as the root port and Eth-Trunk 2 is selected
as the alternate port.
● If the maximum number of connections affecting bandwidth of Eth-Trunk 1 is
set to 1, the path cost of Eth-Trunk 1 is larger than the path cost of Eth-Trunk
2. Therefore, the two devices perform spanning tree recalculation. Then Eth-
Trunk 1 on deviceB becomes the alternate port and Eth-Trunk 2 becomes the
root port.

Figure 15-17 Setting the maximum number of connections in an Eth-Trunk

SwitchA SwitchB
Before Eth-Trunk1
configuration Eth-Trunk2

Root Bridge

SwitchA SwitchB
Eth-Trunk1
After
configuration Eth-Trunk2

Root Bridge
Alternate port
Root port
Designated port

The maximum number of connections affects only the path cost of an Eth-Trunk
interface participating in spanning tree calculation, and does not affect the actual
bandwidth of the Eth-Trunk link. The actual bandwidth for an Eth-Trunk link
depends on the number of active member interfaces in the Eth-Trunk.

Procedure
Step 1 Run system-view

The system view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 773

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Step 2 Run interface eth-trunk trunk-id

The Eth-Trunk interface view is displayed.

Step 3 Run max bandwidth-affected-linknumber link-number

The maximum number of connections affecting the Eth-Trunk bandwidth is set.

By default, the maximum number of connections affecting the bandwidth of an

Eth-Trunk is 8.

----End

15.9.5 Setting the Link Type for a Port

Context
It is easy to implement rapid convergence on a P2P link. If the two ports
connected to a P2P link are root or designated ports, the ports can transit to the
forwarding state quickly by sending Proposal and Agreement packets. This reduces
the forwarding delay.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The view of the Ethernet interface participating in STP calculation is displayed.

Step 3 Run stp point-to-point { auto | force-false | force-true }

The link type is configured for the interface.

By default, an interface automatically determines whether to connect to a P2P

link. The P2P link supports rapid network convergence.

● If the Ethernet port works in full-duplex mode, it is connected to a P2P link. In

this case, specify force-true to implement rapid network convergence.
● If the Ethernet port works in half-duplex mode, specify force-true to forcibly
set the link type to P2P.

----End

15.9.6 Setting the Maximum Transmission Rate of an Interface

Context
A larger value of packet-number indicates more BPDUs sent in a hello interval
and therefore more system resources occupied. Setting the proper value of
packet-number prevents excess bandwidth usage when route flapping occurs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 774

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The view of the Ethernet interface participating in STP calculation is displayed.

Step 3 Run stp transmit-limit packet-number

The maximum number of BPDUs sent by a port in a specified period is set.

By default, the maximum number of BPDUs that a port sends is 6 per second.

----End

15.9.7 Switching to the MSTP Mode

Context
If an interface on an MSTP-enabled device is connected to an STP-enabled device,
the interface switches to the STP-compatible mode.

If the STP-enabled device is switched to MSTP mode, or if it is powered off or

disconnected from the MSTP-enabled device, the interface cannot switch to MSTP
mode. In this case, use the stp mcheck command to switch the interface to MSTP
mode.

Procedure
● Switch to the MSTP mode in the interface view.
a. Run system-view

The system view is displayed.

b. Run interface interface-type interface-number

The view of the Ethernet interface that participates in spanning tree

calculation is displayed.
c. Run stp mcheck

The device is switched to the MSTP mode.

● Switch to the MSTP mode in the system view.
a. Run system-view

The system view is displayed.

b. (Optional) Run stp process process-id

The MSTP process view is displayed.

NOTE

Skip this step if you perform configurations in the MSTP process 0.

c. Run stp mcheck

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 775

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

The device is switched to the MSTP mode.

----End

15.9.8 Configuring a Port as an Edge Port and BPDU Filter

Port
Context
If a designated port is located at the edge of a network and is directly connected
to terminal devices, this port is called edge port.
An edge port does not receive or process configuration BPDUs and does not
participate in MSTP calculation. It can transition from Disabled to Forwarding
without any delay.
After a designated port is configured as an edge port, the port can still send
BPDUs. The BPDUs are sent to other networks, which causes flapping on other
networks. To prevent a port from processing and sending BPDUs, configure the
port as an edge port and BPDU filter port.

NOTICE

After all ports are configured as edge ports and BPDU filter ports in the system
view, the ports do not send BPDUs or negotiate the STP status with directly
connected ports on the peer device. All ports are in the Forwarding state, which
may cause loops on the network and lead to broadcast storms. Exercise caution
when you configure a port as an edge port and BPDU filter port.
After a port is configured as an edge port and BPDU filter port in the interface
view, the port does not process or send BPDUs. The port cannot negotiate the STP
status with the directly connected port on the peer device. Exercise caution when
you configure a port as an edge port and BPDU filter port.

Procedure
● Configuring all ports as edge ports and BPDU filter ports in the system view
a. Run system-view
The system view is displayed.
b. Run stp edged-port default
All ports are configured as edge ports.
By default, all ports are non-edge ports.
c. Run stp bpdu-filter default
All ports are configured as BPDU filter ports.
By default, a port is a non-BPDU filter port.
● Configuring a port as an edge port and BPDU filter port in the interface view
a. Run system-view
The system view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 776

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

b. Run interface interface-type interface-number

The view of the Ethernet interface that participates in spanning tree
calculation is displayed.
c. (Optional) Run stp edged-port enable
The port is configured as an edge port.
By default, all ports are non-edge ports.
d. Run stp bpdu-filter enable
The port is configured as a BPDU filter port.
By default, a port is a non-BPDU filter port.
----End

15.9.9 Setting the Maximum Number of Hops in an MST

Region
Context
To communicate with each other on a Layer 2 network running MSTP, switches
exchange MST BPDUs. MST BPDUs have a field that indicates the number of
remaining hops.
● The number of remaining hops in a BPDU sent by the root bridge equals the
maximum number of hops.
● The number of remaining hops in a BPDU sent by a non-root bridge equals
the maximum number of hops minus the number of hops from the non-root
bridge to the root bridge.
● If a switch receives a BPDU in which the number of remaining hops is 0, the
switch will discard the BPDU.
The maximum number of hops of a spanning tree in an MST region determines
the network scale. The stp max-hops command can be used to set the maximum
number of hops in an MST domain so that the network scale of a spanning tree
can be controlled.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 (Optional) Run stp process process-id
The MSTP process view is displayed.

NOTE

Skip this step if you perform configurations in the MSTP process 0.

Step 3 Run stp max-hops hop

The maximum number of hops in an MST region is set.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 777

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

By default, the maximum number of hops of the spanning tree in an MST region
is 20.

----End

15.9.10 Verifying the Configuration of MSTP Parameters on an

Interface

Procedure
● Run the display stp [ process process-id ] [ instance instance-id ] [ interface
interface-type interface-number | slot slot-id ] [ brief ] command to view
spanning-tree status and statistics.

----End

15.10 Configuring MSTP Protection Functions

Pre-configuration Tasks
Before configuring MSTP protection functions, configure MSTP or MSTP multi-
process.

15.10.1 Configuring BPDU Protection on a Switch

Context
Edge ports are directly connected to user terminals and will not receive BPDUs.
Attackers may send pseudo BPDUs to attack the switch. If the edge ports receive
the BPDUs, the switch configures the edge ports as non-edge ports and triggers a
new spanning tree calculation. Network flapping then occurs. BPDU protection can
be used to protect switches against malicious attacks.

Perform the following procedure on all switches that have edge ports.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 (Optional) Run stp process process-id

The MSTP process view is displayed.

NOTE

Skip this step if you perform configurations in the MSTP process 0.

Step 3 Run stp bpdu-protection

BPDU protection is enabled on the switch.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 778

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

By default, BPDU protection is disabled on the switch.

----End

Follow-up Procedure
If you want an edge port to automatically recover from the error-down state, run
the error-down auto-recovery cause bpdu-protection interval interval-value
command in the system view to configure the auto recovery function and set a
recovery delay on the port. Then a port in error-down state can automatically go
Up after the delay expires. Note the following when setting the recovery delay:
● By default, the auto recovery function is disabled; therefore, the recovery
delay parameter does not have a default value. When you enable the auto
recovery function, you must set a recovery delay.
● A smaller value of interval-value indicates a shorter time taken for an edge
port to go Up, and a higher frequency of Up/Down state transitions on the
port.
● A larger value of interval-value indicates a longer time taken for the edge
port to go Up, and a longer service interruption time.
● The auto recovery function takes effect only for the interfaces that transition
to the error-down state after the error-down auto-recovery command is
executed.

15.10.2 Configuring TC Protection on a Switch

Context
If attackers forge TC-BPDUs to attack the switch, the switch receives a large
number of TC BPDUs within a short period. If MAC address entries and ARP entries
are deleted frequently, the switch is heavily burdened, causing potential risks to
the network.

TC protection is used to suppress TC BPDUs. The number of TC BPDUs processed

by a switch within a given period is configurable. If the number of TC BPDUs
received by a switch exceeds the specified threshold within a given period, the
switch handles only the specified number of TC BPDUs. The processing of excess
TC BPDUs is delayed until after the specified period expires. This protects the
switch from becoming overburdened with frequently deleting MAC entries and
ARP entries.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 (Optional) Run stp process process-id

The MSTP process view is displayed.

NOTE

Skip this step if you perform configurations in the MSTP process 0.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 779

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Step 3 Run stp tc-protection interval interval-value

The time taken by the device to process the maximum number of TC BPDUs is set.
By default, the device processes the maximum number of TC BPDUs at an interval
of the Hello time.
Step 4 Run stp tc-protection threshold threshold
The number of times the MSTP process handles the received TC BPDUs and
updates forwarding entries within a given time is set.

NOTE

Within the time specified by stp tc-protection interval, the switch processes the number of
TC BPDUs specified by stp tc-protection threshold. Packets that exceed this threshold are
delayed, so spanning tree convergence may be affected. For example, if the period is set to
10s and the threshold is set to 5, the device processes five TC BPDUs within 10s. After 10s,
the device processes subsequent TC BPDUs.

----End

15.10.3 Configuring Root Protection on an Interface

Context
Due to incorrect configurations or malicious attacks on the network, a root bridge
may receive BPDUs with a higher priority. Consequently, the legitimate root bridge
is no longer able to serve as the root bridge and the network topology is changed,
triggering spanning tree recalculation. This may also result in traffic that should
be transmitted over high-speed links being transmitted over low-speed links,
leading to network congestion. The root protection function on a switch preserves
the role of the designated port in order to protect the root bridge.

NOTE

Root protection takes effect only on designated ports.

Perform the following steps on the root bridge in an MST region.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The view of the Ethernet interface participating in STP calculation is displayed.
Step 3 (Optional) Run stp binding process process-id
The port is bound to an MSTP process.

NOTE

Skip this step if the interface belongs to process 0.

Step 4 Run stp root-protection

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 780

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Root protection is configured on the switch.

By default, root protection is disabled.

----End

15.10.4 Configuring Loop Protection on an Interface

Context
To maintain the root port status and status of blocked ports on a network running
MSTP, a switch receives BPDUs from an upstream switch. If the switch cannot
receive these BPDUs because of link congestion or unidirectional-link failure, the
switch re-selects a root port. The original root port becomes a designated port and
the original blocked ports change to the Forwarding state. This may cause
network loops. To mitigate this issue, configure loop protection.
If the root port or alternate port does not receive BPDUs from the upstream device
for a long period, the switch enabled with loop protection sends a notification to
the NMS. If the root port is used, the root port enters the Discarding state and
becomes the designated port. If the alternate port is used, the alternate port
remains blocked and becomes the designated port. In this case, loops will not
occur. After the link congestion subsides or unidirectional link failures are rectified,
the port receives BPDUs for negotiation and restores its original role and status.

NOTE
An alternate port is a backup port for a root port. If a switch has an alternate port,
configure loop protection on both the root port and the alternate port.

Perform the following steps on the root port and alternate port on a switch in an
MST region.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The Ethernet interface view is displayed.
Step 3 (Optional) Run stp binding process process-id
The port is bound to an MSTP process.

NOTE

Skip this step if the interface belongs to process 0.

Step 4 Run stp loop-protection

Loop protection for the root port is configured on the switch.
By default, loop protection is disabled.
Root protection and loop protection cannot be configured simultaneously.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 781

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

15.10.5 Configuring Shared-Link Protection on a Switch

Context
Shared-link protection is used in scenarios where a switch is dual homed to a
network.
If a shared link fails, shared-link protection forcibly changes the working mode of
a local switch to RSTP. This function can be used together with root protection to
avoid network loops.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run stp process process-id
The MSTP process view is displayed.

NOTE

Skip this step if you perform configurations in the MSTP process 0.

Step 3 Run stp link-share-protection

Shared-link protection is enabled.

----End

15.10.6 Verifying the MSTP Protection Function Configuration

Procedure
● Run the display stp [ process process-id ] [ instance instance-id ] [ interface
interface-type interface-number | slot slot-id ] [ brief ] command to view
spanning-tree status and statistics.
----End

15.11 Configuring MSTP Interoperability Between

Huawei and Non-Huawei Devices

15.11.1 Configuring a Proposal/Agreement Mechanism

Context
The rapid transition mechanism is also called the Proposal/Agreement mechanism.
All switches support the following modes:
● Enhanced mode: The current interface includes the root port calculation when
it computes the synchronization flag bit.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 782

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

– An upstream device sends a Proposal message to a downstream device,

requesting rapid status transition. After receiving the message, the
downstream device sets the port connected to the upstream device as a
root port and blocks all non-edge ports.
– The upstream device then sends an Agreement message to the
downstream device. After the downstream device receives the message,
the root port transitions to the Forwarding state.
– The downstream device responds to the Proposal message with an
Agreement message. After receiving the message, the upstream device
sets the port connected to the downstream device as a designated port,
and the designated port transitions to the Forwarding state.
● Common mode: The current interface ignores the root port when it computes
the synchronization flag bit.
– An upstream device sends a Proposal message to a downstream device,
requesting rapid status transition. After receiving the message, the
downstream device sets the port connected to the upstream device as a
root port and blocks all non-edge ports. The root port then transitions to
the Forwarding state.
– The downstream device responds to the Proposal message with an
Agreement message. After receiving the message, the upstream device
sets the port connected to the downstream device as a designated port.
The designated port then transitions to the Forwarding state.

When Huawei devices are connected to non-Huawei devices, select the same
mode as that used on non-Huawei devices.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The Ethernet interface view is displayed.

Step 3 Run stp no-agreement-check

The common rapid transition mechanism is configured.

By default, the interface uses the enhanced rapid transition mechanism.

----End

15.11.2 Configuring the MSTP Protocol Packet Format on an

Interface

Context
MSTP protocol packets have two formats: dot1s (IEEE 802.1s standard packets)
and legacy (proprietary protocol packets).

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 783

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

You can specify the packet format or use the auto mode. In auto mode, the switch
switches the MSTP protocol packet format based on the received MSTP protocol
packet format so that the switch can communicate with the peer device.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The Ethernet interface view is displayed.

Step 3 Run stp compliance { auto | dot1s | legacy }

The MSTP protocol packet format is configured on the interface.

The auto mode is used by default.

NOTE

The negotiation will fail if the format of MSTP packets is set to dot1s at one end and
legacy at the other end.

----End

15.11.3 Enabling the Digest Snooping Function

Context
Interconnected Huawei and non-Huawei devices cannot communicate with each
other if they have the same region name, revision number, and VLAN-to-instance
mappings but different BPDU keys. To address this problem, enable the digest
snooping function on the Huawei device.

Perform the following steps on a switch in an MST region to enable the digest
snooping function.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The Ethernet interface view is displayed.

Step 3 Run stp config-digest-snoop

The digest snooping function is enabled.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 784

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

15.11.4 Verifying the Configuration of MSTP Interoperability

Between Huawei and Non-Huawei Devices

Procedure
● Run the display stp [ process process-id ] [ instance instance-id ] [ interface
interface-type interface-number | slot slot-id ] [ brief ] command to view
spanning-tree status and statistics.

----End

15.12 Maintaining MSTP

15.12.1 Clearing MSTP Statistics

Context

NOTICE

MSTP statistics cannot be restored after being cleared.

Procedure
● Run the reset stp [ interface interface-type interface-number ] statistics
command to clear spanning-tree statistics.
● Run the reset stp error packet statistics to clear the statistics of error STP
packets.

----End

15.12.2 Monitoring the Statistics on MSTP Topology Changes

Procedure
● Run the display stp [ process process-id ] [ instance instance-id ] topology-
change command to view the statistics about MSTP topology changes.

In the case of a non-zero process, the stp process process-id command must
be used to create a process before the display stp [ process process-id ]
[ instance instance-id ] topology-change command is used.
● Run the display stp [ process process-id ] [ instance instance-id ] [ interface
interface-type interface-number | slot slot-id ] tc-bpdu statistics command
to view the statistics about TC/TCN packets.

In the case of a non-zero process, the stp process process-id command must
be used to create a process before the display stp [ process process-id ]

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 785

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

[ instance instance-id ] [ interface interface-type interface-number | slot

slot-id ] tc-bpdu statistics command is used.
----End

15.13 Configuration Examples for MSTP

15.13.1 Example for Configuring MSTP

Networking Requirements
To implement redundancy on a complex network, network designers tend to
deploy multiple physical links between two devices, one of which is the master
and the others are the backup. Loops occur, causing broadcast storms or
damaging MAC addresses. After the network is planned, deploy MSTP on the
network to prevent loops. MSTP blocks redundant links and prunes a network into
a tree topology free from loops.
As shown in Figure 15-18, SwitchA, SwitchB, SwitchC, and SwitchD run MSTP. To
load balance traffic from VLANs 2 to 10 and VLANs 11 to 20, use MSTP multi-
instance. You can configure a VLAN mapping table to associate VLANs with MSTIs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 786

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Figure 15-18 Networking diagram of MSTP configuration

Network

RG1
SwitchA Eth-Trunk1 SwitchB

GE0/0/1 Eth-Trunk1
GE0/0/1

GE0/0/3 GE0/0/3
GE0/0/2
SwitchC SwitchD
GE0/0/2
GE0/0/1 GE0/0/1

VLAN 2~10 MSTI 1

VLAN 11~20 MSTI 2

MSTI 1:

Root Switch:SwitchA
Blocked port

MSTI 2:

Root Switch:SwitchB
Blocked port

Configuration Roadmap
The configuration roadmap is as follows:

1. Configure basic MSTP functions on the switch on the ring network. Because
ports connected to the PCs do not participate in MSTP calculation, configure
these ports as edge ports.
2. Configure protection functions to protect devices or links. You can configure
root protection on the designated port of the root bridge.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 787

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

NOTE

When the link between the root bridge and secondary root bridge goes Down, the port
enabled with root protection becomes Discarding because root protection takes effect.
To improve the reliability, you are advised to bind the link between the root bridge and
secondary root bridge to an Eth-Trunk.
3. Configure Layer 2 forwarding.

Procedure
Step 1 Configure basic MSTP functions.
1. Configure SwitchA, SwitchB, SwitchC, and SwitchD in the same MST region
named RG1 and create MSTI 1 and MSTI 2.
NOTE

Two switches belong to the same MST region when they have the same:
– Name of the MST region
– Mapping between VLANs and MSTIs
– Revision level of the MST region
# Configure an MST region on SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name RG1
[SwitchA-mst-region] instance 1 vlan 2 to 10
[SwitchA-mst-region] instance 2 vlan 11 to 20
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
# Configure an MST region on SwitchB.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] stp region-configuration
[SwitchB-mst-region] region-name RG1
[SwitchB-mst-region] instance 1 vlan 2 to 10
[SwitchB-mst-region] instance 2 vlan 11 to 20
[SwitchB-mst-region] active region-configuration
[SwitchB-mst-region] quit
# Configure an MST region on SwitchC.
<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] stp region-configuration
[SwitchC-mst-region] region-name RG1
[SwitchC-mst-region] instance 1 vlan 2 to 10
[SwitchC-mst-region] instance 2 vlan 11 to 20
[SwitchC-mst-region] active region-configuration
[SwitchC-mst-region] quit
# Configure an MST region on SwitchD.
<HUAWEI> system-view
[HUAWEI] sysname SwitchD
[SwitchD] stp region-configuration
[SwitchD-mst-region] region-name RG1
[SwitchD-mst-region] instance 1 vlan 2 to 10
[SwitchD-mst-region] instance 2 vlan 11 to 20
[SwitchD-mst-region] active region-configuration
[SwitchD-mst-region] quit
2. In the MST region RG1, configure the root bridge and secondary root bridge
in MSTI 1 and MSTI 2.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 788

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

– Configure the root bridge and secondary root bridge in MSTI 1.

# Configure SwitchA as the root bridge in MSTI 1.
[SwitchA] stp instance 1 root primary

# Configure SwitchB as the secondary root bridge in MSTI 1.

[SwitchB] stp instance 1 root secondary

– Configure the root bridge and secondary root bridge in MSTI 2.

# Configure SwitchB as the root bridge in MSTI 2.
[SwitchB] stp instance 2 root primary

# Configure SwitchA as the secondary root bridge in MSTI 2.

[SwitchA] stp instance 2 root secondary

3. Set the path costs of the ports to be blocked in MSTI 1 and MSTI 2 to be
greater than the default value.
NOTE

– The path cost values depend on path cost calculation methods. This example uses
the Huawei calculation method as an example to set the path cost to 20000 for
the ports to be blocked.
– All switches on a network must use the same path cost calculation method.
# Configure SwitchA to use Huawei calculation method to calculate the path
cost.
[SwitchA] stp pathcost-standard legacy

# Configure SwitchB to use Huawei calculation method to calculate the path

cost.
[SwitchB] stp pathcost-standard legacy

# Configure SwitchC to use Huawei calculation method to calculate the path

cost, and set the path cost of GE0/0/2 in MSTI 2 to 20000.
[SwitchC] stp pathcost-standard legacy
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] stp instance 2 cost 20000
[SwitchC-GigabitEthernet0/0/2] quit

# Configure SwitchD to use Huawei calculation method to calculate the path

cost, and set the path cost of GE0/0/2 in MSTI 1 to 20000.
[SwitchD] stp pathcost-standard legacy
[SwitchD] interface gigabitethernet 0/0/2
[SwitchD-GigabitEthernet0/0/2] stp instance 1 cost 20000
[SwitchD-GigabitEthernet0/0/2] quit

4. Enable MSTP to eliminate loops.

– Enable MSTP globally.
# Enable MSTP on SwitchA.
[SwitchA] stp enable

# Enable MSTP on SwitchB.

[SwitchB] stp enable

# Enable MSTP on SwitchC.

[SwitchC] stp enable

# Enable MSTP on SwitchD.

[SwitchD] stp enable

– Configure the ports connected to the terminal as edge ports.

# Configure GE0/0/1 of SwitchC as an edge port.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 789

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

[SwitchC] interface gigabitethernet 0/0/1

[SwitchC-GigabitEthernet0/0/1] stp edged-port enable
[SwitchC-GigabitEthernet0/0/1] quit

(Optional) Configure BPDU protection on SwitchC.

[SwitchC] stp bpdu-protection

# Configure GE0/0/1 of SwitchD as an edge port.

[SwitchD] interface gigabitethernet 0/0/1
[SwitchD-GigabitEthernet0/0/1] stp edged-port enable
[SwitchD-GigabitEthernet0/0/1] quit

(Optional) Configure BPDU protection on SwitchD.

[SwitchD] stp bpdu-protection

NOTE
If edge ports are connected to network devices that have STP enabled and BPDU
protection is enabled, the edge ports will be shut down and their attributes
remain unchanged after they receive BPDUs.

Step 2 Configure root protection on the designated port of the root bridge.

# Enable root protection on GE0/0/1 of SwitchA.

[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] stp root-protection
[SwitchA-GigabitEthernet0/0/1] quit

# Enable root protection on GE0/0/1 of SwitchB.

[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] stp root-protection
[SwitchB-GigabitEthernet0/0/1] quit

Step 3 Configure Layer 2 forwarding on devices on the ring network.

● Create VLANs 2 to 20 on SwitchA, SwitchB, SwitchC, and SwitchD.
# Create VLANs 2 to 20 on SwitchA.
[SwitchA] vlan batch 2 to 20

# Create VLANs 2 to 20 on SwitchB.

[SwitchB] vlan batch 2 to 20

# Create VLANs 2 to 20 on SwitchC.

[SwitchC] vlan batch 2 to 20

# Create VLANs 2 to 20 on SwitchD.

[SwitchD] vlan batch 2 to 20

● Add ports on switches to VLANs.

# Add GE0/0/1 on SwitchA to a VLAN.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 2 to 20
[SwitchA-GigabitEthernet0/0/1] quit

# Add Eth-Trunk1 on SwitchA to a VLAN.

[SwitchA] interface Eth-Trunk 1
[SwitchA-Eth-Trunk1] trunkport gigabitethernet 0/0/2
[SwitchA-Eth-Trunk1] trunkport gigabitethernet 0/0/3
[SwitchA-Eth-Trunk1] port link-type trunk
[SwitchA-Eth-Trunk1] port trunk allow-pass vlan 2 to 20
[SwitchA-Eth-Trunk1] quit

# Add GE0/0/1 on SwitchB to a VLAN.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 790

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

[SwitchB] interface gigabitethernet 0/0/1

[SwitchB-GigabitEthernet0/0/1] port link-type trunk
[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 2 to 20
[SwitchB-GigabitEthernet0/0/1] quit

# Add Eth-Trunk1 on SwitchB to a VLAN.

[SwitchB] interface Eth-Trunk 1
[SwitchB-Eth-Trunk1] trunkport gigabitethernet 0/0/2
[SwitchB-Eth-Trunk1] trunkport gigabitethernet 0/0/3
[SwitchB-Eth-Trunk1] port link-type trunk
[SwitchB-Eth-Trunk1] port trunk allow-pass vlan 2 to 20
[SwitchB-Eth-Trunk1] quit

# Add GE0/0/1 on SwitchC to a VLAN.

[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] port link-type access
[SwitchC-GigabitEthernet0/0/1] port default vlan 2
[SwitchC-GigabitEthernet0/0/1] quit

# Add GE0/0/2 on SwitchC to a VLAN.

[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] port link-type trunk
[SwitchC-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 to 20
[SwitchC-GigabitEthernet0/0/2] quit

# Add GE0/0/3 on SwitchC to a VLAN.

[SwitchC] interface gigabitethernet 0/0/3
[SwitchC-GigabitEthernet0/0/3] port link-type trunk
[SwitchC-GigabitEthernet0/0/3] port trunk allow-pass vlan 2 to 20
[SwitchC-GigabitEthernet0/0/3] quit

# Add GE0/0/1 on SwitchD to a VLAN.

[SwitchD] interface gigabitethernet 0/0/1
[SwitchD-GigabitEthernet0/0/1] port link-type access
[SwitchD-GigabitEthernet0/0/1] port default vlan 11
[SwitchD-GigabitEthernet0/0/1] quit

# Add GE0/0/2 on SwitchD to a VLAN.

[SwitchD] interface gigabitethernet 0/0/2
[SwitchD-GigabitEthernet0/0/2] port link-type trunk
[SwitchD-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 to 20
[SwitchD-GigabitEthernet0/0/2] quit

# Add GE0/0/3 on SwitchD to a VLAN.

[SwitchD] interface gigabitethernet 0/0/3
[SwitchD-GigabitEthernet0/0/3] port link-type trunk
[SwitchD-GigabitEthernet0/0/3] port trunk allow-pass vlan 2 to 20
[SwitchD-GigabitEthernet0/0/3] quit

Step 4 Verify the configuration.

After the preceding configurations are complete and the network topology
becomes stable, perform the following operations to verify the configuration.

NOTE

MSTI 1 and MSTI 2 are used as examples. You do not need to check the interface status in
MSTI 0.

# Run the display stp brief command on SwitchA to view the status and
protection mode on the ports. Output similar to the following is displayed:
[SwitchA] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING ROOT
0 Eth-Trunk1 DESI FORWARDING NONE
1 GigabitEthernet0/0/1 DESI FORWARDING ROOT

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 791

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

1 Eth-Trunk1 DESI FORWARDING NONE

2 GigabitEthernet0/0/1 DESI FORWARDING ROOT
2 Eth-Trunk1 ROOT FORWARDING NONE

In MSTI 1, GE0/0/1 and Eth-Trunk1 are designated ports because SwitchA is the
root bridge. In MSTI 2, GE0/0/1 on SwitchA is the designated port and Eth-Trunk1
is the root port.
# Run the display stp brief command on SwitchB. Output similar to the following
is displayed:
[SwitchB] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING ROOT
0 Eth-Trunk1 ROOT FORWARDING NONE
1 GigabitEthernet0/0/1 DESI FORWARDING ROOT
1 Eth-Trunk1 ROOT FORWARDING NONE
2 GigabitEthernet0/0/1 DESI FORWARDING ROOT
2 Eth-Trunk1 DESI FORWARDING NONE

In MSTI 2, GE0/0/1 and Eth-Trunk1 are designated ports because SwitchB is the
root bridge. In MSTI 1, GE0/0/1 on SwitchB is the designated port and Eth-Trunk1
is the root port.
# Run the display stp interface brief commands on SwitchC. Output similar to
the following is displayed:
[SwitchC] display stp interface gigabitethernet 0/0/3 brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/3 ROOT FORWARDING NONE
1 GigabitEthernet0/0/3 ROOT FORWARDING NONE
2 GigabitEthernet0/0/3 ROOT FORWARDING NONE
[SwitchC] display stp interface gigabitethernet 0/0/2 brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/2 DESI FORWARDING NONE
1 GigabitEthernet0/0/2 DESI FORWARDING NONE
2 GigabitEthernet0/0/2 ALTE DISCARDING NONE

GE0/0/3 on SwitchC is the root port in MSTI 1 and MSTI 2. GE0/0/2 on SwitchC is
the designated port in MSTI 1 but is blocked in MSTI 2.
# Run the display stp interface brief commands on SwitchD. Output similar to
the following is displayed:
[SwitchD] display stp interface gigabitethernet 0/0/3 brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/3 ROOT FORWARDING NONE
1 GigabitEthernet0/0/3 ROOT FORWARDING NONE
2 GigabitEthernet0/0/3 ROOT FORWARDING NONE
[SwitchD] display stp interface gigabitethernet 0/0/2 brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/2 ALTE DISCARDING NONE
1 GigabitEthernet0/0/2 ALTE DISCARDING NONE
2 GigabitEthernet0/0/2 DESI FORWARDING NONE

GE0/0/3 on SwitchD is the root port in MSTI 1 and MSTI 2. GE0/0/2 on SwitchD is
the blocked port in MSTI 1 and is the designated port in MSTI 2.

----End

Configuration Files
● SwitchA configuration file
#
sysname SwitchA

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 792

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

#
vlan batch 2 to 20
#
stp instance 1 root primary
stp instance 2 root secondary
stp pathcost-standard legacy
#
stp region-configuration
region-name RG1
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 20
stp root-protection
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
return
● SwitchB configuration file
#
sysname SwitchB
#
vlan batch 2 to 20
#
stp instance 1 root secondary
stp instance 2 root primary
stp pathcost-standard legacy
#
stp region-configuration
region-name RG1
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 20
stp root-protection
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
return
● SwitchC configuration file
#
sysname SwitchC
#
vlan batch 2 to 20
#
stp bpdu-protection

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 793

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

stp pathcost-standard legacy

#
stp region-configuration
region-name RG1
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
stp edged-port enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 20
stp instance 2 cost 20000
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 20
#
return

● SwitchD configuration file

#
sysname SwitchD
#
vlan batch 2 to 20
#
stp bpdu-protection
stp pathcost-standard legacy
#
stp region-configuration
region-name RG1
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 11
stp edged-port enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 20
stp instance 1 cost 20000
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 20
#
return

Related Content
Videos
Configuring MSTP to Prevent Loops

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 794

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

15.13.2 Example for Configuring MSTP + VRRP Network

Networking Requirements
NOTE

Only the S5720SI, S5720S-SI, S5730SI, S5730S-EI, S6720SI, S6720S-SI, S5720EI, S5720HI,
S6720EI, and S6720S-EI support this example.

In Figure 15-19, hosts connect to Switch C, and Switch C connects to the Internet
through Switch A and Switch B. To improve access reliability, the user configures
redundant links. The redundant links cause a network loop, which leads to
broadcast storms and MAC address damaging.
It is required that the network loop be prevented when redundant links are
deployed, traffic be switched to another link when one link fails, and network
bandwidth be effectively used.
MSTP can be configured on the network to prevent loops. MSTP blocks redundant
links and prunes a network into a tree topology free from loops. In addition, VRRP
needs to be configured on Switch A and Switch B. Host A connects to the Internet
by using Switch A as the default gateway and Switch B as the secondary gateway.
Host B connects to the Internet by using Switch B as the default gateway and
Switch A as the secondary gateway. This allows traffic to be load balanced and
communication reliability improved.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 795

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Figure 15-19 MSTP + VRRP network

VRRP VRID 1 SwitchA
Virtual IP Address: VRID 1:Master
HostA 10.1.2.100 VRID 2:Backup
VLAN2 /1
10.1.2.101/24 0/0 GE
G E 0/0
/3 RouterA
GE
0/0

GE0/0/2
/2 /1
E 0/0
G
SwitchC MSTP Internet

GE0/0/2
GE
3 0
0/0/ SwitchC /0/4
GE
HostB GE RouterB
0/0 0/3
VLAN3 /1 GE0/
10.1.3.101/24
SwitchB
VRID 1:Backup
VRRP VRID 2 VRID 2:Master
Virtual IP Address:
10.1.3.100

VLAN2 MSTI1 VLAN3 MSTI2

MSTI1: MSTI2:

Root Switch:SwitchA Root Switch:SwitchB

Blocked port Blocked port

Device Interface VLANIF Interface IP Address

SwitchA GE0/0/1 and VLANIF 2 10.1.2.102/24

GE0/0/2

GE0/0/1 and VLANIF 3 10.1.3.102/24

GE0/0/2

GE0/0/3 VLANIF 4 10.1.4.102/24

SwitchB GE0/0/1 and VLANIF 2 10.1.2.103/24

GE0/0/2

GE0/0/1 and VLANIF 3 10.1.3.103/24

GE0/0/2

GE0/0/3 VLANIF 5 10.1.5.103/24

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 796

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic MSTP on the switches, including:
a. Configure MST and create multi-instance, map VLAN 2 to MSTI 1, and
map VLAN 3 to MSTI 2 to load balance traffic.
b. Configure the root bridge and backup bridge in the MST region.
c. Configure the path cost on an interface so that the interface can be
blocked.
d. Enable MSTP to prevent loops:

▪ Enable MSTP globally.

▪ Enable MSTP on all interfaces except the interfaces connecting to

hosts.
NOTE

Because the interfaces connecting to hosts do not participate in MSTP

calculation, configure these ports as edge ports.
2. Enable the protection function to protect devices or links. For example, enable
the protection function on the root bridge of each instance to protect roots.
3. Configure Layer 2 forwarding.
4. Assign an IP address to each interface and configure the routing protocol on
each device to ensure network connectivity.
NOTE
SwitchA and SwitchB must support VRRP and OSPF. For details about models
supporting VRRP and OSPF, see relevant documentation.
5. Create VRRP group 1 and VRRP group 2 on Switch A and Switch B. Configure
Switch A as the master device and Switch B as the backup device of VRRP
group 1. Configure Switch B as the master device and Switch A as the backup
device of VRRP group 2.

Procedure
Step 1 Configure basic MSTP functions.
1. Add Switch A, Switch B, and Switch C to region RG1, and create instances
MSTI 1 and MSTI 2.
# Configure an MST region on Switch A.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name RG1
[SwitchA-mst-region] instance 1 vlan 2
[SwitchA-mst-region] instance 2 vlan 3
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
# Configure an MST region on Switch B.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] stp region-configuration
[SwitchB-mst-region] region-name RG1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 797

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

[SwitchB-mst-region] instance 1 vlan 2

[SwitchB-mst-region] instance 2 vlan 3
[SwitchB-mst-region] active region-configuration
[SwitchB-mst-region] quit

# Configure an MST region on Switch C.

<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] stp region-configuration
[SwitchC-mst-region] region-name RG1
[SwitchC-mst-region] instance 1 vlan 2
[SwitchC-mst-region] instance 2 vlan 3
[SwitchC-mst-region] active region-configuration
[SwitchC-mst-region] quit

2. Configure the root bridges and backup bridges for MSTI 1 and MSTI 2 in RG1.
– Configure the root bridge and backup bridge for MSTI 1.
# Set Switch A as the root bridge of MSTI 1.
[SwitchA] stp instance 1 root primary

# Set Switch B as the backup bridge of MSTI 1.

[SwitchB] stp instance 1 root secondary

– Configure the root bridge and backup bridge for MSTI 2.

# Set Switch B as the root bridge of MSTI 2.
[SwitchB] stp instance 2 root primary

# Set Switch A as the backup bridge of MSTI 2.

[SwitchA] stp instance 2 root secondary

3. Set the path costs of the interfaces that you want to block on MSTI 1 and
MSTI 2 to be greater than the default value.
NOTE

– The path cost range is determined by the calculation method. The Huawei
calculation method is used as an example. Set the path costs of the interfaces to
20000.
– The switches on the same network must use the same calculation method to
calculate path costs.
# Set the path cost calculation method on Switch A to Huawei calculation
method.
[SwitchA] stp pathcost-standard legacy

# Set the path cost calculation method on Switch B to Huawei calculation

method.
[SwitchB] stp pathcost-standard legacy

# Set the path cost calculation method on Switch C to Huawei calculation

method. Set the path cost of GE0/0/1 in MSTI 2 to 20000; set the path cost of
GE0/0/4 in MSTI 1 to 20000.
[SwitchC] stp pathcost-standard legacy
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] stp instance 2 cost 20000
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface gigabitethernet 0/0/4
[SwitchC-GigabitEthernet0/0/4] stp instance 1 cost 20000
[SwitchC-GigabitEthernet0/0/4] quit

4. Enable MSTP to prevent loops.

– Enable MSTP globally.
# Enable MSTP on Switch A.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 798

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

[SwitchA] stp enable

# Enable MSTP on Switch B.
[SwitchB] stp enable
# Enable MSTP on Switch C.
[SwitchC] stp enable
– Configure the ports connected to hosts as edge ports.
# Configure GE0/0/2 and GE0/0/3 of Switch C as an edge port.
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] stp edged-port enable
[SwitchC-GigabitEthernet0/0/2] quit
[SwitchC] interface gigabitethernet 0/0/3
[SwitchC-GigabitEthernet0/0/3] stp edged-port enable
[SwitchC-GigabitEthernet0/0/3] quit
(Optional) Configure BPDU protection on SwitchC.
[SwitchC] stp bpdu-protection
– Configure the ports connected to Router as edge ports.
# Configure GE0/0/3 of Switch A as an edge port.
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] stp edged-port enable
[SwitchA-GigabitEthernet0/0/3] quit
(Optional) Configure BPDU protection on SwitchA.
[SwitchA] stp bpdu-protection
# Disable STP on GE0/0/3 of Switch B as an edge port.
[SwitchB] interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] stp edged-port enable
[SwitchB-GigabitEthernet0/0/3] quit
(Optional) Configure BPDU protection on SwitchB.
[SwitchB] stp bpdu-protection

NOTE
If edge ports are connected to network devices that have STP enabled and BPDU
protection is enabled, the edge ports will be shut down and their attributes
remain unchanged after they receive BPDUs.

Step 2 Enable the protection function on the designated interfaces of each root bridge.
# Enable root protection on GE0/0/1 of Switch A.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] stp root-protection
[SwitchA-GigabitEthernet0/0/1] quit

# Enable root protection on GE0/0/1 of Switch B.

[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] stp root-protection
[SwitchB-GigabitEthernet0/0/1] quit

Step 3 Configure Layer 2 forwarding on the switches in the ring.

● Create VLANs 2 and 3 on Switch A, Switch B, and Switch C.
# Create VLANs 2 and 3 on Switch A.
[SwitchA] vlan batch 2 to 3
# Create VLANs 2 and 3 on Switch B.
[SwitchB] vlan batch 2 to 3
# Create VLANs 2 and 3 on Switch C.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 799

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

[SwitchC] vlan batch 2 to 3

● Add the interfaces connecting to the loops to VLANs.

# Add GE0/0/1 of Switch A to VLANs.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 2 to 3
[SwitchA-GigabitEthernet0/0/1] quit

# Add GE0/0/2 of Switch A to VLANs.

[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 to 3
[SwitchA-GigabitEthernet0/0/2] quit

# Add GE0/0/1 of Switch B to VLANs.

[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type trunk
[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 2 to 3
[SwitchB-GigabitEthernet0/0/1] quit

# Add GE0/0/2 of Switch B to VLANs.

[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type trunk
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 to 3
[SwitchB-GigabitEthernet0/0/2] quit

# Add GE0/0/1 of Switch C to VLANs.

[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] port link-type trunk
[SwitchC-GigabitEthernet0/0/1] port trunk allow-pass vlan 2 to 3
[SwitchC-GigabitEthernet0/0/1] quit

# Add GE0/0/2 of Switch C to VLAN 2.

[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] port link-type access
[SwitchC-GigabitEthernet0/0/2] port default vlan 2
[SwitchC-GigabitEthernet0/0/2] quit

# Add GE0/0/3 of Switch C to VLAN 3.

[SwitchC] interface gigabitethernet 0/0/3
[SwitchC-GigabitEthernet0/0/3] port link-type access
[SwitchC-GigabitEthernet0/0/3] port default vlan 3
[SwitchC-GigabitEthernet0/0/3] quit

# Add GE0/0/4 of Switch C to VLANs.

[SwitchC] interface gigabitethernet 0/0/4
[SwitchC-GigabitEthernet0/0/4] port link-type trunk
[SwitchC-GigabitEthernet0/0/4] port trunk allow-pass vlan 2 to 3
[SwitchC-GigabitEthernet0/0/4] quit

Step 4 Verify the configuration.

After the preceding configurations are complete and the network topology
becomes stable, perform the following operations to verify the configuration.

NOTE

MSTI 1 and MSTI 2 are used as examples. You do not need to check the interface status in
MSTI 0.

# Run the display stp brief command on Switch A to view the status and
protection mode on ports. Output similar to the following is displayed:
[SwitchA] display stp brief
MSTID Port Role STP State Protection

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 800

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

0 GigabitEthernet0/0/1 DESI FORWARDING ROOT

0 GigabitEthernet0/0/2 DESI FORWARDING NONE
1 GigabitEthernet0/0/1 DESI FORWARDING ROOT
1 GigabitEthernet0/0/2 DESI FORWARDING NONE
2 GigabitEthernet0/0/1 DESI FORWARDING ROOT
2 GigabitEthernet0/0/2 ROOT FORWARDING NONE

In MSTI 1, GE0/0/2 and GE0/0/1 of Switch A are set as designated interfaces

because Switch A is the root bridge of MSTI 1. In MSTI 2, GE0/0/1 of Switch A is
set as the designated interface and GE0/0/2 is set as the root interface.

# Run the display stp brief command on Switch B. Output similar to the
following is displayed:
[SwitchB] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING ROOT
0 GigabitEthernet0/0/2 ROOT FORWARDING NONE
1 GigabitEthernet0/0/1 DESI FORWARDING ROOT
1 GigabitEthernet0/0/2 ROOT FORWARDING NONE
2 GigabitEthernet0/0/1 DESI FORWARDING ROOT
2 GigabitEthernet0/0/2 DESI FORWARDING NONE

In MSTI 2, GE0/0/1 and GE0/0/2 of Switch B are set as designated interfaces

because Switch B is the root bridge of MSTI 2. In MSTI 1, GE0/0/1 of Switch B is
set as the designated interface and GE0/0/2 is set as the root interface.

# Run the display stp interface brief command on Switch C. Output similar to
the following is displayed:
[SwitchC] display stp interface gigabitethernet 0/0/1 brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ROOT FORWARDING NONE
1 GigabitEthernet0/0/1 ROOT FORWARDING NONE
2 GigabitEthernet0/0/1 ALTE DISCARDING NONE
[SwitchC] display stp interface gigabitethernet 0/0/4 brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/4 ALTE DISCARDING NONE
1 GigabitEthernet0/0/4 ALTE DISCARDING NONE
2 GigabitEthernet0/0/4 ROOT FORWARDING NONE

GE0/0/1 of Switch C is the root interface of MSTI 1, and is blocked in MSTI 2.

GE0/0/4 of Switch C is the root interface of MSTI 2, and is blocked in MSTI 1.

Step 5 Connect devices.

# Assign an IP address to each interface, for example, the interfaces on SwitchA.

The configuration on SwitchB is similar to the configuration on SwitchA. For
details, see the configuration files.
[SwitchA] vlan batch 4
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] port link-type trunk
[SwitchA-GigabitEthernet0/0/3] port trunk allow-pass vlan 4
[SwitchA-GigabitEthernet0/0/3] quit
[SwitchA] interface vlanif 2
[SwitchA-Vlanif2] ip address 10.1.2.102 24
[SwitchA-Vlanif2] quit
[SwitchA] interface vlanif 3
[SwitchA-Vlanif3] ip address 10.1.3.102 24
[SwitchA-Vlanif3] quit
[SwitchA] interface vlanif 4
[SwitchA-Vlanif4] ip address 10.1.4.102 24
[SwitchA-Vlanif4] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 801

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

# Run OSPF on SwitchA, SwitchB, and routers. The configuration on SwitchA is

used as an example. The configuration on SwitchB is similar to the configuration
on SwitchA. For details, see the configuration files.
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.4.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit

Step 6 Configure VRRP groups.

# Create VRRP group 1 on SwitchA and SwitchB. Set SwitchA as the master device,
priority to 120, and preemption delay to 20 seconds. Set SwitchB as the backup
device and retain the default priority.
[SwitchA] interface vlanif 2
[SwitchA-Vlanif2] vrrp vrid 1 virtual-ip 10.1.2.100
[SwitchA-Vlanif2] vrrp vrid 1 priority 120
[SwitchA-Vlanif2] vrrp vrid 1 preempt-mode timer delay 20
[SwitchA-Vlanif2] quit
[SwitchB] interface vlanif 2
[SwitchB-Vlanif2] vrrp vrid 1 virtual-ip 10.1.2.100
[SwitchB-Vlanif2] quit

# Create VRRP group 2 on SwitchA and SwitchB. Set SwitchB as the master device,
priority to 120, and preemption delay to 20 seconds. Set SwitchA as the backup
device and retain the default priority.
[SwitchB] interface vlanif 3
[SwitchB-Vlanif3] vrrp vrid 2 virtual-ip 10.1.3.100
[SwitchB-Vlanif3] vrrp vrid 2 priority 120
[SwitchB-Vlanif3] vrrp vrid 2 preempt-mode timer delay 20
[SwitchB-Vlanif3] quit
[SwitchA] interface vlanif 3
[SwitchA-Vlanif3] vrrp vrid 2 virtual-ip 10.1.3.100
[SwitchA-Vlanif3] quit

# Set the virtual IP address 10.1.2.100 of VRRP group 1 as the default gateway of
Host A, and the virtual IP address 10.1.3.100 of VRRP group 2 as the default
gateway of Host B.
Step 7 Verify the configuration.
# After completing the preceding configurations, run the display vrrp command
on SwitchA. SwitchA's VRRP status is master in VRRP group 1 and backup in VRRP
group 2.
[SwitchA] display vrrp
Vlanif2 | Virtual Router 1
State : Master
Virtual IP : 10.1.2.100
Master IP : 10.1.2.102
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 20 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 802

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Create time : 2012-05-11 11:39:18

Last change time : 2012-05-26 11:38:58

Vlanif3 | Virtual Router 2

State : Backup
Virtual IP : 10.1.3.100
Master IP : 10.1.3.103
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-05-11 11:40:18
Last change time : 2012-05-26 11:48:58

# Run the display vrrp command on SwitchB. SwitchB's VRRP status is backup in
VRRP group 1 and master in VRRP group 2.
[SwitchB] display vrrp
Vlanif2 | Virtual Router 1
State : Backup
Virtual IP : 10.1.2.100
Master IP : 10.1.2.102
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-05-11 11:39:18
Last change time : 2012-05-26 11:38:58

Vlanif3 | Virtual Router 2

State : Master
Virtual IP : 10.1.3.100
Master IP : 10.1.3.103
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 20 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-05-11 11:40:18
Last change time : 2012-05-26 11:48:58

----End

Configuration Files
● SwitchA configuration file
#
sysname SwitchA

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 803

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

#
vlan batch 2 to 4
#
stp bpdu-protection
stp instance 1 root primary
stp instance 2 root secondary
stp pathcost-standard legacy
#
stp region-configuration
region-name RG1
instance 1 vlan 2
instance 2 vlan 3
active region-configuration
#
interface Vlanif2
ip address 10.1.2.102 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.2.100
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 20
#
interface Vlanif3
ip address 10.1.3.102 255.255.255.0
vrrp vrid 2 virtual-ip 10.1.3.100
#
interface Vlanif4
ip address 10.1.4.102 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 3
stp root-protection
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 4
stp edged-port enable
#
ospf 1
area 0.0.0.0
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
network 10.1.4.0 0.0.0.255
#
return
● SwitchB configuration file
#
sysname SwitchB
#
vlan batch 2 to 3 5
#
stp instance 1 root secondary
stp instance 2 root primary
stp bpdu-protection
stp pathcost-standard legacy
#
stp region-configuration
region-name RG1
instance 1 vlan 2
instance 2 vlan 3
active region-configuration
#
interface Vlanif2
ip address 10.1.2.103 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.2.100
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 804

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

interface Vlanif3
ip address 10.1.3.103 255.255.255.0
vrrp vrid 2 virtual-ip 10.1.3.100
vrrp vrid 2 priority 120
vrrp vrid 2 preempt-mode timer delay 20
#
interface Vlanif5
ip address 10.1.5.103 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 3
stp root-protection
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 5
stp edged-port enable
#
ospf 1
area 0.0.0.0
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
network 10.1.5.0 0.0.0.255
#
return

● SwitchC configuration file

#
sysname SwitchC
#
vlan batch 2 to 3
#
stp bpdu-protection
stp pathcost-standard legacy
#
stp region-configuration
region-name RG1
instance 1 vlan 2
instance 2 vlan 3
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 3
stp instance 2 cost 20000
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 2
stp edged-port enable
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 3
stp edged-port enable
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 3
stp instance 1 cost 20000
#
return

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 805

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

15.13.3 Example for Connecting CEs to the VPLS in Dual-

Homing Mode Through MSTP
Networking Requirements
NOTE

This configuration can be supported only on the S5720EI, S5720HI, S6720EI, and S6720S-EI.

In Figure 15-20, each CE is dual-homed to PEs. The PEs establish a VPLS full
mesh. The CEs and PEs run MSTP. Generally, traffic is forwarded through the
primary link. If the primary link fails, traffic is switched to the secondary link.

Figure 15-20 Network diagram for connecting CEs to the VPLS in dual-homing
mode
1.1.1.1/32 2.2.2.2/32

PE1 PE2
GE0/0/1 GE0/0/1
GE0/0/2 GE0/0/2
GE0/0/1 GE0/0/3 GE0/0/3 GE0/0/1
GE0/0/2 VPLS GE0/0/2
CE1 GE0/0/3 GE0/0/2 CE2
PC1 GE0/0/4 GE0/0/2 GE0/0/3 GE0/0/4 PC2
10.1.1.1/24 GE0/0/1 GE0/0/1 10.1.1.2/24
PE4 PE3
4.4.4.4/32 3.3.3.3/32

Switch Interface VLANIF Interface IP Address

PE1 GigabitEthernet0/ GigabitEthernet0/ -

0/1 0/1.1

GigabitEthernet0/ VLANIF 10 172.16.1.1/24

0/2

GigabitEthernet0/ VLANIF 40 172.19.1.2/24

0/3

Loopback1 - 1.1.1.1/32

PE2 GigabitEthernet0/ GigabitEthernet0/ -

0/1 0/1.1

GigabitEthernet0/ VLANIF 10 172.16.1.2/24

0/2

GigabitEthernet0/ VLANIF 20 172.17.1.1/24

0/3

Loopback1 - 2.2.2.2/32

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 806

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Switch Interface VLANIF Interface IP Address

PE3 GigabitEthernet0/ GigabitEthernet0/ -

0/1 0/1.1

GigabitEthernet0/ VLANIF 20 172.17.1.2/24

0/2

GigabitEthernet0/ VLANIF 30 172.18.1.1/24

0/3

Loopback1 - 3.3.3.3/32

PE4 GigabitEthernet0/ GigabitEthernet0/ -

0/1 0/1.1

GigabitEthernet0/ VLANIF 30 172.18.1.2/24

0/2

GigabitEthernet0/ VLANIF 40 172.19.1.1/24

0/3

Loopback1 - 4.4.4.4/32

CE1 GigabitEthernet0/ - -
0/1

GigabitEthernet0/ - -
0/4

GigabitEthernet0/ - -
0/2

CE2 GigabitEthernet0/ - -
0/1

GigabitEthernet0/ - -
0/4

GigabitEthernet0/ - -
0/2

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the routing protocol on the backbone network to implement
interworking.
2. Set up a remote LDP session between the PEs.
3. Establish a VPLS full mesh between PEs.
4. Configure MSTP. Configure PE1 and PE2 as the primary roots, and configure
PE3 and PE4 as the secondary roots.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 807

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Procedure
Step 1 Specify the VLANs that device interfaces belong to and set the IP addresses of the
corresponding VLANIF interfaces according to Figure 15-20.
NOTE

● The AC-side and PW-side physical interfaces of a PE cannot be added to the same
VLAN; otherwise, a loop may occur.
● Packets sent from CEs to PEs must contain VLAN tags.

# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 100
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface gigabitethernet 0/0/4
[CE1-GigabitEthernet0/0/4] port link-type trunk
[CE1-GigabitEthernet0/0/4] port trunk allow-pass vlan 100
[CE1-GigabitEthernet0/0/4] quit
[CE1] interface gigabitethernet 0/0/2
[CE1-GigabitEthernet0/0/2] port link-type access
[CE1-GigabitEthernet0/0/2] port default vlan 100
[CE1-GigabitEthernet0/0/2] quit

# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 100
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port link-type trunk
[CE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[CE2-GigabitEthernet0/0/1] quit
[CE2] interface gigabitethernet 0/0/4
[CE2-GigabitEthernet0/0/4] port link-type trunk
[CE2-GigabitEthernet0/0/4] port trunk allow-pass vlan 100
[CE2-GigabitEthernet0/0/4] quit
[CE2] interface gigabitethernet 0/0/2
[CE2-GigabitEthernet0/0/2] port link-type access
[CE2-GigabitEthernet0/0/2] port default vlan 100
[CE2-GigabitEthernet0/0/2] quit

# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan batch 10 40
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] port link-type trunk
[PE1-GigabitEthernet0/0/2] port trunk allow-pass vlan 10
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface gigabitethernet 0/0/3
[PE1-GigabitEthernet0/0/3] port link-type trunk
[PE1-GigabitEthernet0/0/3] port trunk allow-pass vlan 40
[PE1-GigabitEthernet0/0/3] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] ip address 172.16.1.1 24
[PE1-Vlanif10] quit
[PE1] interface vlanif 40
[PE1-Vlanif40] ip address 172.19.1.2 24
[PE1-Vlanif40] quit

# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 808

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

[PE2] vlan batch 10 20

[PE2] interface gigabitethernet 0/0/2
[PE2-GigabitEthernet0/0/2] port link-type trunk
[PE2-GigabitEthernet0/0/2] port trunk allow-pass vlan 10
[PE2-GigabitEthernet0/0/2] quit
[PE2] interface gigabitethernet 0/0/3
[PE2-GigabitEthernet0/0/3] port link-type trunk
[PE2-GigabitEthernet0/0/3] port trunk allow-pass vlan 20
[PE2-GigabitEthernet0/0/3] quit
[PE2] interface vlanif 10
[PE2-Vlanif10] ip address 172.16.1.2 24
[PE2-Vlanif10] quit
[PE2] interface vlanif 20
[PE2-Vlanif20] ip address 172.17.1.1 24
[PE2-Vlanif20] quit

# Configure PE3.
<HUAWEI> system-view
[HUAWEI] sysname PE3
[PE3] vlan batch 20 30
[PE3] interface gigabitethernet 0/0/2
[PE3-GigabitEthernet0/0/2] port link-type trunk
[PE3-GigabitEthernet0/0/2] port trunk allow-pass vlan 20
[PE3-GigabitEthernet0/0/2] quit
[PE3] interface gigabitethernet 0/0/3
[PE3-GigabitEthernet0/0/3] port link-type trunk
[PE3-GigabitEthernet0/0/3] port trunk allow-pass vlan 30
[PE3-GigabitEthernet0/0/3] quit
[PE3] interface vlanif 20
[PE3-Vlanif20] ip address 172.17.1.2 24
[PE3-Vlanif20] quit
[PE3] interface vlanif 30
[PE3-Vlanif30] ip address 172.18.1.1 24
[PE3-Vlanif30] quit

# Configure PE4.
<HUAWEI> system-view
[HUAWEI] sysname PE4
[PE4] vlan batch 30 40
[PE4] interface gigabitethernet 0/0/2
[PE4-GigabitEthernet0/0/2] port link-type trunk
[PE4-GigabitEthernet0/0/2] port trunk allow-pass vlan 30
[PE4-GigabitEthernet0/0/2] quit
[PE4] interface gigabitethernet 0/0/3
[PE4-GigabitEthernet0/0/3] port link-type trunk
[PE4-GigabitEthernet0/0/3] port trunk allow-pass vlan 40
[PE4-GigabitEthernet0/0/3] quit
[PE4] interface vlanif 30
[PE4-Vlanif30] ip address 172.18.1.2 24
[PE4-Vlanif30] quit
[PE4] interface vlanif 40
[PE4-Vlanif40] ip address 172.19.1.1 24
[PE4-Vlanif40] quit

Step 2 Configure an IGP. In this example, OSPF is used.

When configuring OSPF, advertise 32-bit loopback interface addresses (LSR IDs) of
PE1, PE2, PE3, and PE4.
# Configure PE1.
[PE1] router id 1.1.1.1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 172.16.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 172.19.1.0 0.0.0.255

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 809

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit

# Configure PE2.
[PE2] router id 2.2.2.2
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 2.2.2.2 32
[PE2-LoopBack1] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 172.16.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 172.17.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit

# Configure PE3.
[PE3] router id 3.3.3.3
[PE3] interface loopback 1
[PE3-LoopBack1] ip address 3.3.3.3 32
[PE3-LoopBack1] quit
[PE3] ospf 1
[PE3-ospf-1] area 0
[PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE3-ospf-1-area-0.0.0.0] network 172.17.1.0 0.0.0.255
[PE3-ospf-1-area-0.0.0.0] network 172.18.1.0 0.0.0.255
[PE3-ospf-1-area-0.0.0.0] quit
[PE3-ospf-1] quit

# Configure PE4.
[PE4] router id 4.4.4.4
[PE4] interface loopback 1
[PE4-LoopBack1] ip address 4.4.4.4 32
[PE4-LoopBack1] quit
[PE4] ospf 1
[PE4-ospf-1] area 0
[PE4-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0
[PE4-ospf-1-area-0.0.0.0] network 172.18.1.0 0.0.0.255
[PE4-ospf-1-area-0.0.0.0] network 172.19.1.0 0.0.0.255
[PE4-ospf-1-area-0.0.0.0] quit
[PE4-ospf-1] quit

# Wait for 40s and run the display ip routing-table command on PE1, PE2, and
PE3. Output similar to the following is displayed (PE1 is used as an example). The
output indicates that the PEs have learned the routes to one another.
[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 13

Destination/Mask Proto Pre Cost Flags NextHop Interface

1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack1

2.2.2.2/32 OSPF 10 1 D 172.16.1.2 Vlanif10
3.3.3.3/32 OSPF 10 2 D 172.19.1.1 Vlanif40
OSPF 10 2 D 172.16.1.2 Vlanif10
4.4.4.4/32 OSPF 10 1 D 172.19.1.1 Vlanif40
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 Direct 0 0 D 172.16.1.1 Vlanif10
172.16.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10
172.17.1.0/24 OSPF 10 2 D 172.16.1.2 Vlanif10
172.18.1.0/24 OSPF 10 2 D 172.19.1.1 Vlanif40
172.19.1.0/24 Direct 0 0 D 172.19.1.2 Vlanif40
172.19.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif40

Step 3 Configure basic MPLS functions and LDP.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 810

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] mpls
[PE1-Vlanif10] mpls ldp
[PE1-Vlanif10] quit
[PE1] interface vlanif 40
[PE1-Vlanif40] mpls
[PE1-Vlanif40] mpls ldp
[PE1-Vlanif40] quit

# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 10
[PE2-Vlanif10] mpls
[PE2-Vlanif10] mpls ldp
[PE2-Vlanif10] quit
[PE2] interface vlanif 20
[PE2-Vlanif20] mpls
[PE2-Vlanif20] mpls ldp
[PE2-Vlanif20] quit

# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3
[PE3] mpls
[PE3-mpls] quit
[PE3] mpls ldp
[PE3-mpls-ldp] quit
[PE3] interface vlanif 20
[PE3-Vlanif20] mpls
[PE3-Vlanif20] mpls ldp
[PE3-Vlanif20] quit
[PE3] interface vlanif 30
[PE3-Vlanif30] mpls
[PE3-Vlanif30] mpls ldp
[PE3-Vlanif30] quit

# Configure PE4.
[PE4] mpls lsr-id 4.4.4.4
[PE4] mpls
[PE4-mpls] quit
[PE4] mpls ldp
[PE4-mpls-ldp] quit
[PE4] interface vlanif 30
[PE4-Vlanif30] mpls
[PE4-Vlanif30] mpls ldp
[PE4-Vlanif30] quit
[PE4] interface vlanif 40
[PE4-Vlanif40] mpls
[PE4-Vlanif40] mpls ldp
[PE4-Vlanif40] quit

Step 4 Create a remote LDP session between PEs.

# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] quit

# Configure PE2.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 811

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

[PE2] mpls ldp remote-peer 4.4.4.4

[PE2-mpls-ldp-remote-4.4.4.4] remote-ip 4.4.4.4
[PE2-mpls-ldp-remote-4.4.4.4] quit

# Configure PE3.
[PE3] mpls ldp remote-peer 1.1.1.1
[PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
[PE3-mpls-ldp-remote-1.1.1.1] quit

# Configure PE4.
[PE4] mpls ldp remote-peer 2.2.2.2
[PE4-mpls-ldp-remote-2.2.2.2] remote-ip 2.2.2.2
[PE4-mpls-ldp-remote-2.2.2.2] quit

After the configuration is complete, run the display mpls ldp session command
on the PEs. The command output shows that the status of the remote LDP peer
relationship is Operational, indicating that remote LDP sessions have been set up.
The output on PE1 is used as an example:
[PE1] display mpls ldp session

LDP Session(s) in Public Network

Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:00:00 4/4
3.3.3.3:0 Operational DU Passive 0000:00:00 4/4
4.4.4.4:0 Operational DU Passive 0000:00:00 4/4
------------------------------------------------------------------------------
TOTAL: 3 session(s) Found.

Step 5 Enable MPLS L2VPN on the PEs.

# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit

# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit

# Configure PE3.
[PE3] mpls l2vpn
[PE3-l2vpn] quit

# Configure PE4.
[PE4] mpls l2vpn
[PE4-l2vpn] quit

Step 6 Configure a VSI on the PEs.

# Configure PE1.
[PE1] vsi a2 static
[PE1-vsi-a2] pwsignal ldp
[PE1-vsi-a2-ldp] vsi-id 2
[PE1-vsi-a2-ldp] peer 2.2.2.2
[PE1-vsi-a2-ldp] peer 3.3.3.3
[PE1-vsi-a2-ldp] peer 4.4.4.4
[PE1-vsi-a2-ldp] quit
[PE1-vsi-a2] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 812

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2] pwsignal ldp
[PE2-vsi-a2-ldp] vsi-id 2
[PE2-vsi-a2-ldp] peer 1.1.1.1
[PE2-vsi-a2-ldp] peer 3.3.3.3
[PE2-vsi-a2-ldp] peer 4.4.4.4
[PE2-vsi-a2-ldp] quit
[PE2-vsi-a2] quit

Configuration of PE3 and PE4 is similar to configuration of PE1 and PE2.

Step 7 Bind the VSI to interfaces on the PEs.

NOTE

Before configuring the termination sub-interface, run the display vcmp status command to
view the VCMP role. If the value of the Role field is Client, run the vcmp role { silent |
transparent } command to change the VCMP role to silent or transparent.

# Configure PE1.
[PE1] interface gigabitethernet 0/0/1
[PE1-GigabitEthernet0/0/1] port link-type hybrid
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface gigabitethernet 0/0/1.1
[PE1-GigabitEthernet0/0/1.1] dot1q termination vid 100
[PE1-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE1-GigabitEthernet0/0/1.1] quit

# Configure PE2.
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] port link-type hybrid
[PE2-GigabitEthernet0/0/1] quit
[PE2] interface gigabitethernet 0/0/1.1
[PE2-GigabitEthernet0/0/1.1] dot1q termination vid 100
[PE2-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE2-GigabitEthernet0/0/1.1] quit

# Configure PE3.
[PE3] interface gigabitethernet 0/0/1
[PE3-GigabitEthernet0/0/1] port link-type hybrid
[PE3-GigabitEthernet0/0/1] quit
[PE3] interface gigabitethernet 0/0/1.1
[PE3-GigabitEthernet0/0/1.1] dot1q termination vid 100
[PE3-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE3-GigabitEthernet0/0/1.1] quit

# Configure PE4.
[PE4] interface gigabitethernet 0/0/1
[PE4-GigabitEthernet0/0/1] port link-type hybrid
[PE4-GigabitEthernet0/0/1] quit
[PE4] interface gigabitethernet 0/0/1.1
[PE4-GigabitEthernet0/0/1.1] dot1q termination vid 100
[PE4-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE4-GigabitEthernet0/0/1.1] quit

Step 8 Configure STP.

1. Configure the MST region and activate the region.
# Configure PE1.
[PE1] stp region-configuration
[PE1-mst-region] region-name RG1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 813

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

[PE1-mst-region] active region-configuration

[PE1-mst-region] quit
# Configure PE4.
[PE4] stp region-configuration
[PE4-mst-region] region-name RG1
[PE4-mst-region] active region-configuration
[PE4-mst-region] quit
# Configure CE1.
[CE1] stp region-configuration
[CE1-mst-region] region-name RG1
[CE1-mst-region] active region-configuration
[CE1-mst-region] quit
# Configure PE2.
[PE2] stp region-configuration
[PE2-mst-region] region-name RG1
[PE2-mst-region] active region-configuration
[PE2-mst-region] quit
# Configure PE3.
[PE3] stp region-configuration
[PE3-mst-region] region-name RG1
[PE3-mst-region] active region-configuration
[PE3-mst-region] quit
# Configure CE2.
[CE2] stp region-configuration
[CE2-mst-region] region-name RG1
[CE2-mst-region] active region-configuration
[CE2-mst-region] quit
2. Configure the priorities of the PEs to make PE1 and PE2 the primary roots and
PE3 and PE4 the secondary roots.
# Configure PE1.
[PE1] stp instance 0 priority 0
# Configure PE2.
[PE2] stp instance 0 priority 0
# Configure PE3.
[PE3] stp instance 0 priority 4096
# Configure PE4.
[PE4] stp instance 0 priority 4096
3. Enable association between MSTP and VPLS on the CEs and PEs, and
configure root protection on the secondary roots.
# Configure CE1.
[CE1] stp enable
[CE1] interface gigabitethernet 0/0/4
[CE1-GigabitEthernet0/0/4] stp enable
[CE1-GigabitEthernet0/0/4] quit
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] stp enable
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface gigabitethernet 0/0/2
[CE1-GigabitEthernet0/0/2] stp edged-port enable
[CE1-GigabitEthernet0/0/2] quit
(Optional) Configure BPDU protection on CE1.
[CE1] stp bpdu-protection
# Configure CE2.
[CE2] stp enable
[CE2] interface gigabitethernet 0/0/4

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 814

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

[CE2-GigabitEthernet0/0/4] stp enable

[CE2-GigabitEthernet0/0/4] quit
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] stp enable
[CE2-GigabitEthernet0/0/1] quit
[CE2] interface gigabitethernet 0/0/2
[CE2-GigabitEthernet0/0/2] stp edged-port enable
[CE2-GigabitEthernet0/0/2] quit

(Optional) Configure BPDU protection on CE2.

[CE2] stp bpdu-protection

NOTE
If edge ports are connected to network devices that have STP enabled and BPDU
protection is enabled, the edge ports will be shut down and their attributes remain
unchanged after they receive BPDUs.
# Configure PE1.
[PE1] stp enable
[PE1] interface gigabitethernet 0/0/1
[PE1-GigabitEthernet0/0/1] stp vpls-subinterface enable
[PE1-GigabitEthernet0/0/1] stp enable
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] stp disable
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface gigabitethernet 0/0/3
[PE1-GigabitEthernet0/0/3] stp disable
[PE1-GigabitEthernet0/0/3] quit

# Configure PE2.
[PE2] stp enable
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] stp vpls-subinterface enable
[PE2-GigabitEthernet0/0/1] stp enable
[PE2-GigabitEthernet0/0/1] quit
[PE2] interface gigabitethernet 0/0/2
[PE2-GigabitEthernet0/0/2] stp disable
[PE2-GigabitEthernet0/0/2] quit
[PE2] interface gigabitethernet 0/0/3
[PE2-GigabitEthernet0/0/3] stp disable
[PE2-GigabitEthernet0/0/3] quit

# Configure PE3.
[PE3] stp enable
[PE3] interface gigabitethernet 0/0/1
[PE3-GigabitEthernet0/0/1] stp vpls-subinterface enable
[PE3-GigabitEthernet0/0/1] stp root-protection
[PE3-GigabitEthernet0/0/1] stp enable
[PE3-GigabitEthernet0/0/1] quit
[PE3] interface gigabitethernet 0/0/2
[PE3-GigabitEthernet0/0/2] stp disable
[PE3-GigabitEthernet0/0/2] quit
[PE3] interface gigabitethernet 0/0/3
[PE3-GigabitEthernet0/0/3] stp disable
[PE3-GigabitEthernet0/0/3] quit

# Configure PE4.
[PE4] stp enable
[PE4] interface gigabitethernet 0/0/1
[PE4-GigabitEthernet0/0/1] stp vpls-subinterface enable
[PE4-GigabitEthernet0/0/1] stp root-protection
[PE4-GigabitEthernet0/0/1] stp enable
[PE4-GigabitEthernet0/0/1] quit
[PE4] interface gigabitethernet 0/0/2
[PE4-GigabitEthernet0/0/2] stp disable
[PE4-GigabitEthernet0/0/2] quit
[PE4] interface gigabitethernet 0/0/3

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 815

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

[PE4-GigabitEthernet0/0/3] stp disable

[PE4-GigabitEthernet0/0/3] quit

Step 9 Verify the configuration.

Run the display vsi name a2 verbose command on PE1. The command output
shows that the VSI state is Up.
[PE1] display vsi name a2 verbose

***VSI Name : a2
Administrator VSI : no
Isolate Spoken : disable
VSI Index :0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
P2P VSI : disable
Create Time : 0 days, 20 hours, 29 minutes, 54 seconds
VSI State : up

VSI ID :2
*Peer Router ID : 2.2.2.2
Negotiation-vc-id :2
primary or secondary : primary
ignore-standby-state : no
VC Label : 4099
Peer Type : dynamic
Session : up
Tunnel ID : 0xd
Broadcast Tunnel ID : 0xd
Broad BackupTunnel ID : 0x0
CKey :2
NKey :1
Stp Enable :0
PwIndex :0
Control Word : disable
*Peer Router ID : 3.3.3.3
Negotiation-vc-id :2
primary or secondary : primary
ignore-standby-state : no
VC Label : 4100
Peer Type : dynamic
Session : up
Tunnel ID : 0xf
Broadcast Tunnel ID : 0xf
Broad BackupTunnel ID : 0x0
CKey :4
NKey :3
Stp Enable :0
PwIndex :0
Control Word : disable
*Peer Router ID : 4.4.4.4
Negotiation-vc-id :2
primary or secondary : primary
ignore-standby-state : no
VC Label : 4101
Peer Type : dynamic
Session : up
Tunnel ID : 0xb
Broadcast Tunnel ID : 0xb
Broad BackupTunnel ID : 0x0
CKey :6

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 816

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

NKey :5
Stp Enable :0
PwIndex :0
Control Word : disable

Interface Name : GigabitEthernet0/0/1.1

State : up
Access Port : false
Last Up Time : 2015/03/16 15:56:44
Total Up Time : 0 days, 0 hours, 1 minutes, 24 seconds

**PW Information:

*Peer Ip Address : 3.3.3.3

PW State : up
Local VC Label : 4100
Remote VC Label : 4099
Remote Control Word : disable
PW Type : label
Local VCCV : alert lsp-ping bfd
Remote VCCV : alert lsp-ping bfd
Tunnel ID : 0xf
Broadcast Tunnel ID : 0xf
Broad BackupTunnel ID : 0x0
Ckey : 0x4
Nkey : 0x3
Main PW Token : 0xf
Slave PW Token : 0x0
Tnl Type : LSP
OutInterface : Vlanif10
Backup OutInterface :
Stp Enable :0
PW Last Up Time : 2015/03/16 15:56:48
PW Total Up Time : 0 days, 0 hours, 1 minutes, 24 seconds
*Peer Ip Address : 4.4.4.4
PW State : up
Local VC Label : 4101
Remote VC Label : 4099
Remote Control Word : disable
PW Type : label
Local VCCV : alert lsp-ping bfd
Remote VCCV : alert lsp-ping bfd
Tunnel ID : 0xb
Broadcast Tunnel ID : 0xb
Broad BackupTunnel ID : 0x0
Ckey : 0x6
Nkey : 0x5
Main PW Token : 0xb
Slave PW Token : 0x0
Tnl Type : LSP
OutInterface : Vlanif40
Backup OutInterface :
Stp Enable :0
PW Last Up Time : 2015/03/16 15:56:49
PW Total Up Time : 0 days, 0 hours, 1 minutes, 24 seconds
*Peer Ip Address : 2.2.2.2
PW State : up
Local VC Label : 4099
Remote VC Label : 4099
Remote Control Word : disable
PW Type : label
Local VCCV : alert lsp-ping bfd
Remote VCCV : alert lsp-ping bfd
Tunnel ID : 0xd
Broadcast Tunnel ID : 0xd
Broad BackupTunnel ID : 0x0
Ckey : 0x2
Nkey : 0x1
Main PW Token : 0xd

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 817

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Slave PW Token : 0x0

Tnl Type : LSP
OutInterface : Vlanif10
Backup OutInterface :
Stp Enable :0
PW Last Up Time : 2015/03/16 15:57:06
PW Total Up Time : 0 days, 0 hours, 1 minutes, 24 seconds

PC1 (10.1.1.1) can ping PC2 (10.1.1.2).

If the link between CE1 and PE1 fails or PE1 is faulty, PE4 becomes the primary
root. In this case, PC1 and PE2 can still ping each other.

----End

Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 100
#
stp bpdu-protection
#
stp region-configuration
region-name RG1
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 100
stp edged-port enable
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 100
#
return
● CE2 configuration file
#
sysname CE2
#
vlan batch 100
#
stp bpdu-protection
#
stp region-configuration
region-name RG1
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 100
stp edged-port enable
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 100

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 818

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

#
return
● PE1 configuration file
#
sysname PE1
#
router id 1.1.1.1
#
vlan batch 10 40
#
stp instance 0 priority 0
#
stp region-configuration
region-name RG1
active region-configuration
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 2.2.2.2
peer 3.3.3.3
peer 4.4.4.4
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
#
interface Vlanif10
ip address 172.16.1.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 172.19.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
stp vpls-subinterface enable
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 100
l2 binding vsi a2
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
stp disable
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 40
stp disable
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 172.16.1.0 0.0.0.255
network 172.19.1.0 0.0.0.255

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 819

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

#
return
● PE2 configuration file
#
sysname PE2
#
router id 2.2.2.2
#
vlan batch 10 20
#
stp instance 0 priority 0
#
stp region-configuration
region-name RG1
active region-configuration
#
mpls lsr-id 2.2.2.2
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.1
peer 3.3.3.3
peer 4.4.4.4
#
mpls ldp
#
mpls ldp remote-peer 4.4.4.4
remote-ip 4.4.4.4
#
interface Vlanif10
ip address 172.16.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif20
ip address 172.17.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
stp vpls-subinterface enable
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 100
l2 binding vsi a2
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
stp disable
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 20
stp disable
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 172.16.1.0 0.0.0.255
network 172.17.1.0 0.0.0.255

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 820

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

#
return
● PE3 configuration file
#
sysname PE3
#
router id 3.3.3.3
#
vlan batch 20 30
#
stp instance 0 priority 4096
#
stp region-configuration
region-name RG1
active region-configuration
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.1
peer 2.2.2.2
peer 4.4.4.4
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
#
interface Vlanif20
ip address 172.17.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 172.18.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
stp root-protection
stp vpls-subinterface enable
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 100
l2 binding vsi a2
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
stp disable
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 30
stp disable
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 172.17.1.0 0.0.0.255

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 821

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

network 172.18.1.0 0.0.0.255

#
return
● PE4 configuration file
#
sysname PE4
#
router id 4.4.4.4
#
vlan batch 30 40
#
stp instance 0 priority 4096
#
stp region-configuration
region-name RG1
active region-configuration
#
mpls lsr-id 4.4.4.4
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.1
peer 2.2.2.2
peer 3.3.3.3
#
mpls ldp
#
mpls ldp remote-peer 2.2.2.2
remote-ip 2.2.2.2
#
interface Vlanif30
ip address 172.18.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 172.19.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
stp root-protection
stp vpls-subinterface enable
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 100
l2 binding vsi a2
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30
stp disable
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 40
stp disable
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
ospf 1
area 0.0.0.0
network 4.4.4.4 0.0.0.0

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 822

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

network 172.18.1.0 0.0.0.255

network 172.19.1.0 0.0.0.255
#
return

15.13.4 Example for Configuring MSTP Multi-Process for Layer

2 Single-Access Rings and Layer 2 Multi-Access Rings

Networking Requirements
On a network deployed with both Layer 2 single-access rings and multi-access
rings, switches transmit both Layer 2 and Layer 3 services. To enable different
rings to transmit different services, configure MSTP multi-process. Spanning trees
of different processes are calculated independently.

In Figure 15-21, both Layer 2 single-access rings and dual-access rings are
deployed and switches A and B carry both Layer 2 and Layer 3 services. Switches A
and B connected to dual-access rings are also connected to a single-access ring.

NOTE
In the ring where MSTP multi-process is configured, you are advised not to block the
interface directly connected to the root protection-enabled designated port.

Figure 15-21 MSTP multi-process for Layer 2 single-access rings and multi-access
rings

Network

SwitchC
GE0/0/5 GE0/0/5
Region name:RG1
PE2
PE1 SwitchB
SwitchA
CE CE
GE0/0/4 GE0/0/1 GE0/0/4
GE0/0/1
GE0/0/3 GE0/0/3
GE0/0/2 GE0/0/2
CE
CE

Instance1:VLAN2~100 Instance3:VLAN201~300
Process 1
Process 3
CE CE

Instance2:VLAN101~200
Process 2

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 823

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic MSTP functions, add a device to an MST region, and create
MSTIs.
NOTE

● Each ring can belong to only one region.

● Each CE can join only one ring.
2. Configure multiple MSTP processes:
a. Create multiple MSTP processes and add interfaces to these processes.
b. Configure a shared link.
3. Configure MSTP protection functions:
– Configure priorities of MSTP processes and enable root protection.
– Configure shared link protection.
4. Configure the Layer 2 forwarding function on devices.

Procedure
Step 1 Configure basic MSTP functions, add devices to an MST region, and create MSTIs.
1. Configure MST regions and create MSTIs.
# Configure an MST region and create MSTIs on SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name RG1
[SwitchA-mst-region] instance 1 vlan 2 to 100
[SwitchA-mst-region] instance 2 vlan 101 to 200
[SwitchA-mst-region] instance 3 vlan 201 to 300
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit

# Configure an MST region and create MSTIs on SwitchB.

<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] stp region-configuration
[SwitchB-mst-region] region-name RG1
[SwitchB-mst-region] instance 1 vlan 2 to 100
[SwitchB-mst-region] instance 2 vlan 101 to 200
[SwitchB-mst-region] instance 3 vlan 201 to 300
[SwitchB-mst-region] active region-configuration
[SwitchB-mst-region] quit

2. Enable MSTP.
# Configure SwitchA.
[SwitchA] stp enable

# Configure SwitchB.
[SwitchB] stp enable

Step 2 Configure multiple MSTP processes.

1. Create multiple MSTP processes and add interfaces to these processes.
# Create MSTP processes 1 and 2 on SwitchA.
[SwitchA] stp process 1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 824

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

[SwitchA-mst-process-1] quit
[SwitchA] stp process 2
[SwitchA-mst-process-2] quit

# Create MSTP processes 2 and 3 on SwitchB.

[SwitchB] stp process 2
[SwitchB-mst-process-2] quit
[SwitchB] stp process 3
[SwitchB-mst-process-3] quit

# Add GE 0/0/3 and GE 0/0/4 on SwitchA to MSTP process 1 and GE 0/0/2 to

MSTP process 2.
[SwitchA] interface gigabitethernet 0/0/4
[SwitchA-GigabitEthernet0/0/4] stp enable
[SwitchA-GigabitEthernet0/0/4] bpdu enable
[SwitchA-GigabitEthernet0/0/4] stp binding process 1
[SwitchA-GigabitEthernet0/0/4] quit
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] stp enable
[SwitchA-GigabitEthernet0/0/3] bpdu enable
[SwitchA-GigabitEthernet0/0/3] stp binding process 1
[SwitchA-GigabitEthernet0/0/3] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] stp enable
[SwitchA-GigabitEthernet0/0/2] bpdu enable
[SwitchA-GigabitEthernet0/0/2] stp binding process 2
[SwitchA-GigabitEthernet0/0/2] quit

# Add GE 0/0/3 and GE 0/0/4 on SwitchB to MSTP process 3 and GE 0/0/2 to

MSTP process 2.
[SwitchB] interface gigabitethernet 0/0/4
[SwitchB-GigabitEthernet0/0/4] stp enable
[SwitchB-GigabitEthernet0/0/4] bpdu enable
[SwitchB-GigabitEthernet0/0/4] stp binding process 3
[SwitchB-GigabitEthernet0/0/4] quit
[SwitchB] interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] stp enable
[SwitchB-GigabitEthernet0/0/3] bpdu enable
[SwitchB-GigabitEthernet0/0/3] stp binding process 3
[SwitchB-GigabitEthernet0/0/3] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] stp enable
[SwitchB-GigabitEthernet0/0/2] bpdu enable
[SwitchB-GigabitEthernet0/0/2] stp binding process 2
[SwitchB-GigabitEthernet0/0/2] quit

2. Configure a shared link.

# Configure SwitchA.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] stp enable
[SwitchA-GigabitEthernet0/0/1] bpdu enable
[SwitchA-GigabitEthernet0/0/1] stp binding process 2 link-share
[SwitchA-GigabitEthernet0/0/1] quit

# Configure SwitchB.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] stp enable
[SwitchB-GigabitEthernet0/0/1] bpdu enable
[SwitchB-GigabitEthernet0/0/1] stp binding process 2 link-share
[SwitchB-GigabitEthernet0/0/1] quit

3. Enable the MSTP function in MSTP multi-process.

# Configure SwitchA.
[SwitchA] stp process 1
[SwitchA-mst-process-1] stp enable
[SwitchA-mst-process-1] quit
[SwitchA] stp process 2

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 825

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

[SwitchA-mst-process-2] stp enable

[SwitchA-mst-process-2] quit

# Configure SwitchB.
[SwitchB] stp process 3
[SwitchB-mst-process-3] stp enable
[SwitchB-mst-process-3] quit
[SwitchB] stp process 2
[SwitchB-mst-process-2] stp enable
[SwitchB-mst-process-2] quit

Step 3 Configure MSTP protection functions.

● Configure priorities of MSTP processes and enable root protection.
# Configure SwitchA.
[SwitchA] stp process 1
[SwitchA-mst-process-1] stp instance 0 root primary
[SwitchA-mst-process-1] stp instance 1 root primary
[SwitchA-mst-process-1] quit
[SwitchA] stp process 2
[SwitchA-mst-process-2] stp instance 0 root primary
[SwitchA-mst-process-2] stp instance 2 root primary
[SwitchA-mst-process-2] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] stp root-protection
[SwitchA-GigabitEthernet0/0/2] quit

# Configure SwitchB.
[SwitchB] stp process 3
[SwitchB-mst-process-3] stp instance 0 root primary
[SwitchB-mst-process-3] stp instance 3 root primary
[SwitchB-mst-process-3] quit
[SwitchB] stp process 2
[SwitchB-mst-process-2] stp instance 0 root secondary
[SwitchB-mst-process-2] stp instance 2 root secondary
[SwitchB-mst-process-2] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] stp root-protection
[SwitchB-GigabitEthernet0/0/2] quit

NOTE

– In each ring, the priority of the MSTP process on the downstream CE must be
lower than the priority of the MSTP process on the switch.
– For switches A and B on the dual-access ring, you are recommended to configure
them as the primary root bridges of different MSTIs.
● Configure shared link protection.
# Configure SwitchA.
[SwitchA] stp process 2
[SwitchA-mst-process-2] stp link-share-protection
[SwitchA-mst-process-2] quit

# Configure SwitchB.
[SwitchB] stp process 2
[SwitchB-mst-process-2] stp link-share-protection
[SwitchB-mst-process-2] quit

Step 4 Create VLANs and add interfaces to VLANs.

# Create VLANs 2 to 200 on SwitchA. Add GE 0/0/3 and GE 0/0/4 to VLANs 2 to
100, and add GE 0/0/1 and GE 0/0/2 to VLANs 101 to 200.
[SwitchA] vlan batch 2 to 200
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] port link-type trunk

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 826

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

[SwitchA-GigabitEthernet0/0/3] port trunk allow-pass vlan 2 to 100

[SwitchA-GigabitEthernet0/0/3] quit
[SwitchA] interface gigabitethernet 0/0/4
[SwitchA-GigabitEthernet0/0/4] port link-type trunk
[SwitchA-GigabitEthernet0/0/4] port trunk allow-pass vlan 2 to 100
[SwitchA-GigabitEthernet0/0/4] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 101 to 200
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 101 to 200
[SwitchA-GigabitEthernet0/0/2] quit

# Create VLANs 101 to 300 on SwitchB. Add GE 0/0/3 and GE 0/0/4 to VLANs 201
to 300, and add GE 0/0/1 and GE 0/0/2 to VLANs 101 to 200.
[SwitchB] vlan batch 101 to 300
[SwitchB] interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] port link-type trunk
[SwitchB-GigabitEthernet0/0/3] port trunk allow-pass vlan 201 to 300
[SwitchB-GigabitEthernet0/0/3] quit
[SwitchB] interface gigabitethernet 0/0/4
[SwitchB-GigabitEthernet0/0/4] port link-type trunk
[SwitchB-GigabitEthernet0/0/4] port trunk allow-pass vlan 201 to 300
[SwitchB-GigabitEthernet0/0/4] quit
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type trunk
[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 101 to 200
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type trunk
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 101 to 200
[SwitchB-GigabitEthernet0/0/2] quit

Step 5 Verify the configuration.

● Run the display stp interface brief command on SwitchA.
# GE 0/0/4 is a designated port in the CIST of MSTP process 1 and in MSTI 1.
[SwitchA] display stp process 1 interface gigabitethernet 0/0/4 brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/4 DESI FORWARDING NONE
1 GigabitEthernet0/0/4 DESI FORWARDING NONE

# GE 0/0/2 is a designated port in the CIST of MSTP process 2 and in MSTI 2.

[SwitchA] display stp process 2 interface gigabitethernet 0/0/2 brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/2 DESI FORWARDING ROOT
2 GigabitEthernet0/0/2 DESI FORWARDING ROOT

● Run the display stp interface brief command on SwitchB.

# GE 0/0/4 is a designated port in the CIST of MSTP process 3 and in MSTI 3.
[SwitchB] display stp process 3 interface gigabitethernet 0/0/4 brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/4 DESI FORWARDING NONE
3 GigabitEthernet0/0/4 DESI FORWARDING NONE

# GE 0/0/2 is a designated port in the CIST of MSTP process 2 and in MSTI 2.

[SwitchB] display stp process 2 interface gigabitethernet 0/0/2 brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/2 DESI FORWARDING ROOT
2 GigabitEthernet0/0/2 DESI FORWARDING ROOT

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 827

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

Configuration Files
Only the MSTP-related configuration files are provided.
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 2 to 200
#
stp region-configuration
region-name RG1
instance 1 vlan 2 to 100
instance 2 vlan 101 to 200
instance 3 vlan 201 to 300
active region-configuration
#
stp process 1
stp instance 0 root primary
stp instance 1 root primary
stp enable
stp process 2
stp instance 0 root primary
stp instance 2 root primary
stp link-share-protection
stp enable
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 101 to 200
stp binding process 2 link-share
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 101 to 200
stp binding process 2
stp root-protection
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 100
stp binding process 1
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 100
stp binding process 1
#
return
● SwitchB configuration file
#
sysname SwitchB
#
vlan batch 101 to 300
#
stp region-configuration
region-name RG1
instance 1 vlan 2 to 100
instance 2 vlan 101 to 200
instance 3 vlan 201 to 300
active region-configuration
#
stp process 2
stp instance 0 root secondary
stp instance 2 root secondary
stp link-share-protection
stp enable
stp process 3

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 828

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

stp instance 0 root primary

stp instance 3 root primary
stp enable
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 101 to 200
stp binding process 2 link-share
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 101 to 200
stp binding process 2
stp root-protection
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 201 to 300
stp binding process 3
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 201 to 300
stp binding process 3
#
return

15.14 FAQ About MSTP

15.14.1 Can a Huawei STP Switch Work with a Non-Huawei

STP Device?
Huawei switches use the standard STP protocol. Whether a switch can work with a
non-Huawei STP device depends on the protocol running on the non-Huawei
device:
● If the non-Huawei device runs a standard STP protocol, including STP, MSTP,
and RSTP, the Huawei switch can work with it.
● If the non-Huawei device runs a non-standard STP protocol, except for the
Cisco Per VLAN Spanning Tree (PVST) protocol, the Huawei switch can
transparently transmit the STP packets from the device after you run the stp
disable and bpdu enable commands on the interface connected to the non-
Huawei device.
● If the non-Huawei device is a Cisco device that runs PVST, the switch cannot
negotiate with the device, but can transparently transmit the packets from the
device.

15.14.2 How to Prevent Low Convergence for STP Edge Ports

that Connect Terminals?
Terminal devices cannot participate in the STP calculation or respond to STP
packets, causing low convergence. You can prevent low convergence for STP edge
switch ports for connecting user terminals or servers as follows:

● On a port, run the stp edge-port enable command to configure the port as
an STP edge port, and run the stp bpdu-filter enable command to enable

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 829

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 15 MSTP Configuration

the BPDU packet filtering function and prevent the port from sending BPDU
packets.
● Run the stp disable command on the port to disable the STP protocol and
make the port remain in forwarding state.
To ensure availability and security, you are advised to configure the port as an STP
edge port. This is because when a loop occurs on a terminal device connected to
an edge port, the port automatically switches to a non-edge port and enables the
loop breaking function of STP.

15.14.3 How Do I Configure a User-Side Interface on an STP

Switch?
Terminal devices cannot participate in the STP calculation or respond to STP
packets. You can configure a user-side interface as follows:
● On a port, run the stp edge-port enable command to configure the port as
an STP edge port, and run the stp bpdu-filter enable command to enable
the BPDU packet filtering function and prevent the port from sending BPDU
packets.
● Run the stp disable command on the port to disable the STP protocol and
make the port remain in forwarding state.
To ensure availability and security, you are advised to configure the port as an STP
edge port. This is because when a loop occurs on a terminal device connected to
an edge port, the port automatically switches to a non-edge port and enables the
loop breaking function of STP.

15.14.4 How Do I Prevent Terminals' Failures to Ping the

Gateway or Low Speed in Obtaining IP Addresses When They
Connect to an STP Network?
Terminal devices such as servers or network management workstations do not
support STP. However, STP is enabled on switch interfaces by default. An STP
interface enters the Forwarding state 30 seconds after it changes to the Up state.
If an interface alternates between Up and Down states, the terminal connected to
the interface will fail to communicate with the gateway or spends a long time to
obtain an IP address.
To solve this problem, configure interfaces connected to terminals as edge ports or
disable STP on the interfaces.
To ensure availability and security, you are advised to configure the port as an STP
edge port. This is because when a loop occurs on a terminal device connected to
an edge port, the port automatically switches to a non-edge port and enables the
loop breaking function of STP.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 830

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

16 VBST Configuration

About This Chapter

This chapter describes how to configure the VLAN-based Spanning Tree (VBST).
VBST is a spanning tree protocol developed by Huawei. It constructs a spanning
tree in each VLAN to load balance traffic from different VLANs, improving link use
efficiency.

16.1 Overview of VBST

16.2 Understanding VBST
16.3 Application Scenarios for VBST
16.4 Summary of VBST Configuration Tasks
16.5 Licensing Requirements and Limitations for VBST
16.6 Default Settings for VBST
16.7 Configuring VBST
16.8 Setting VBST Parameters That Affect VBST Convergence
16.9 Configuring Protection Functions of VBST
16.10 Setting Parameters for Interworking Between a Huawei Datacom Device and
a Non-Huawei Device
16.11 Maintaining VBST
16.12 Example for Configuring VBST

16.1 Overview of VBST

Definition
VBST, a Huawei spanning tree protocol, constructs a spanning tree in each VLAN
so that traffic from different VLANs is forwarded through different spanning trees.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 831

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

VBST is equivalent to STP or RSTP running in each VLAN. Spanning trees in

different VLANs are independent of each other.

Purpose
Currently, there are three standard spanning tree protocols: Spanning Tree Protocol
(STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol
(MSTP). STP and RSTP cannot implement VLAN-based load balancing, because all
the VLANs on a LAN share a spanning tree and packets in all VLANs are
forwarded along this spanning tree. In addition, the blocked link does not carry
any traffic, which wastes bandwidth and may cause a failure to forward packets
from some VLANs. In real-world situations, MSTP is preferred because it is
compatible with STP and RSTP, ensures fast convergence, and provides multiple
paths to load balance traffic.
On enterprise networks, enterprise users need functions that are easy to use and
maintain, whereas the configuration of MSTP multi-instance and multi-process is
complex and has high requirements for engineers' skills.
To address this issue, Huawei develops VBST. VBST constructs a spanning tree in
each VLAN so that traffic from different VLANs is load balanced along different
spanning trees. In addition, VBST is easy to configure and maintain.

Benefits
VBST brings in the following benefits:
● Eliminates loops.
● Implements link multiplexing and load balancing, and therefore improving
link use efficiency.
● Reduces configuration and maintenance costs.

Comparisons Between VBST and Standard Spanning Tree Protocols

Table 16-1 lists the comparisons between VBST and STP/RSTP/MSTP.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 832

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Table 16-1 Comparisons between VBST and STP/RSTP/MSTP

Spannin Difference
g Tree
Similarity Convergen Traffic Usage Complex
Protoco
l ce Speed Forwarding Scenario ity

VBST Forms a RSTP/ A spanning ● Service Medium

loop-free MSTP/VBST tree is traffic
tree provides formed in needs to be
topology to faster each VLAN, differentiat
prevent convergenc so that ed and load
broadcast e than STP. traffic from balanced.
storms and different ● VBST
implement VLANs is interworks
link backup. forwarded with PVST,
through PVST+, and
different Rapid PVST
spanning +.
trees that
are
independen
t of each
other.

MSTP Provides Service traffic High

mappings needs to be
between differentiated
MSTIs and and load
VLANs so balanced.
that traffic
from
different
VLANs is
forwarded
through
different
spanning
trees that
are
independen
t of each
other.

RSTP Maps all Service traffic Low

VLANs to does not need
one to be
spanning differentiated.
tree, so
traffic from
all VLANs is
forwarded
through the
same

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 833

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Spannin Difference
g Tree
Similarity Convergen Traffic Usage Complex
Protoco
l ce Speed Forwarding Scenario ity

STP Slowest spanning Low

tree.

16.2 Understanding VBST

VBST is equivalent to running STP or RSTP in each VLAN so that spanning trees in
different VLANs are independent of each other. Though VBST does not provide
multi-instance, VBST implements load balancing of traffic from different VLANs.
VBST inherits the following concepts of STP/RSTP:
● One root bridge
● Two measurements: ID and path cost
● Three port statuses: Discarding, Learning, and Forwarding
● Five port roles: root port, alternate port, backup port, designated port, and
edge port
● Three timers: Hello Time, Forward Delay, and Max Age
Difference between VBST and STP/RSTP:
● Bridge ID (BID)
In VBST, the BID consists of the bridge priority, VLAN ID, and bridge MAC
address. The sum of the bridge priority and VLAN ID occupies the leftmost 16
bits, and the bridge MAC address occupies the rightmost 48 bits.
On a VBST network, the device with the smallest bridge ID will be selected as
the root bridge.
● VBST transmits VBST BPDUs in VLANs to determine the network topology.
VBST BPDUs are based on STP/RSTP BPDUs and a 4-byte 802.1Q tag is added
between the source MAC address and protocol length. Figure 16-1 shows the
comparisons between the STP/RSTP BPDU and VBST BPDU.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 834

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Figure 16-1 Comparisons between the formats of the STP/RSTP BPDU and
VBST BPDU
6 bytes 6 bytes 2 bytes 38-1492 bytes 4 bytes
STP/RSTP BPDU
DMAC SMAC Length LLC Data CRC
encapsulation
format

DSAP SSAP Control

1 byte 1 byte 1 byte

VBST BPDU 6 bytes 6 bytes 4 bytes 2 bytes 38-1492 bytes 4 bytes

encapsulation
DMAC SMAC 802.1Q Tag Length LLC Data CRC
format

DSAP SSAP Control

1 byte 1 byte 1 byte

The DMAC identifies the destination MAC address of packets. The DMAC in a
VBST BPDU is 0100-0CCC-CCCD; the Data field in a standard RSTP/STP BPDU
is used as the Data field in a VBST BPDU. By default, the Data field in a
standard RSTP BPDU is used as the Data field in a VBST BPDU.
VBST implements VLAN-based spanning tree calculation, topology
convergence, and interworking with spanning tree protocols of other vendors.

VBST Topology Calculation

VBST supports VLAN-based topology calculation. Tagged VBST BPDUs are sent in
each VLAN except VLAN 1 and topology calculation is performed separately. The
VBST topology calculation method is similar to the STP/RSTP calculation method.
For details, see 14.2.4 STP Topology Calculation. Different root bridges can be
selected in VLANs. Figure 16-2 shows the topology calculation results of STP/RSTP
and VBST.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 835

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Figure 16-2 Topology calculation results of STP/RSTP and VBST

S1 S4
VLAN 3 VLAN 2, 3 VLAN 2

HostC HostA
(VLAN 3) VLAN 3 VLAN 2 (VLAN 2)

VLAN 2
S2 S5

HostB VLAN 2, 3 VLAN 2, 3 HostD

(VLAN 2) (VLAN 3)
VLAN 3
VLAN 2 VLAN 3

S3 S6
STP/RSTP spanning tree (root bridge S6)

S1 S4
VLAN 3 VLAN 2, 3 VLAN 2

HostC HostA
(VLAN 3) VLAN 3 VLAN 2 (VLAN 2)

VLAN 2
S2 S5

HostB VLAN 2, 3 VLAN 2, 3 HostD

(VLAN 2) (VLAN 3)
VLAN 3
VLAN 2 VLAN 3

S3 S6

Spanning tree for VBST VLAN 2 (root bridge S4)

Spanning tree for VBST VLAN 3 (root bridge S6)

In Figure 16-2:
● Through topology calculation, STP/RSTP generates a spanning tree with the
root bridge as S6. The links between S2 and S5 and between S1 and S4 are
blocked. HostA and HostB belong to VLAN 2. The link between S2 and S5
does not permit packets of VLAN 2 to pass through because the link between
S2 and S5 is blocked. Therefore, HostA fails to communicate with HostB.
● Through topology calculation, VBST generates spanning trees VLAN 2 and
VLAN 3 with root bridges as S4 and S6 respectively. Traffic in VLAN 2 and
VLAN3 is forwarded through their respective spanning trees so that traffic is
load balanced between paths S2-S5 and S3-S6.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 836

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Fast Convergence of VBST

VBST supports the Proposal/Agreement mechanism in common and enhanced
modes:
● Common mode
The Proposal/Agreement mechanism in common mode supported by VBST is
similar to that supported by RSTP. For details, see 14.2.6 RSTP Technology
Details.
● Enhanced mode
The Proposal/Agreement mechanism in enhanced mode supported by VBST is
similar to that supported by MSTP. For details, see 15.2.5 MSTP Fast
Convergence.

Protection Mechanisms of VBST

Similar to RSTP, VBST provides BPDU protection, TC protection, root protection,
and loop protection. For details, see Protection functions.

Interworking Between VBST and Standard STP/RSTP

On a live network, VBST-enabled devices may connect to STP/RSTP-enabled
devices. VBST and STP/RSTP use different BPDU formats, so there are interworking
problems. To implement interworking between VBST and standard STP/RSTP, take
the following measures:
● On a trunk interface:
– When a VBST-enabled device connects to an RSTP-enabled device, the
VBST-enabled device uses standard RSTP BPDUs in VLAN 1 and VBST
BPDUs with the Data field of RSTP BPDUs in other VLANs to exchange
with the RSTP-enabled device.
– When a VBST-enabled device connects to an STP-enabled device, the
VBST-enabled device uses standard STP BPDUs in VLAN 1 and VBST
BPDUs with the Data field of STP BPDUs in other VLANs to exchange
with the STP-enabled device.
The following describes spanning tree implementation, as shown in Figure
16-3.
As shown in Figure 16-3, STP/RSTP is deployed on S1 and S2, and VBST is
deployed on S3 and S4. Devices are connected through trunk interfaces, and
interfaces on S1 through S4 allow packets from VLAN 1 and VLAN 10 to pass
through.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 837

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Figure 16-3 Interworking between VBST and STP/RSTP on a trunk interface

S1 S2
Trunk
STP/RSTP STP/RSTP
VLAN 1, 10

Trunk VLAN 1, 10 VLAN 1, 10 Trunk

VLAN 1, 10
VBST VBST
Trunk
S3 S4

Spanning tree Spanning tree Spanning tree for

for VLAN 1 for VLAN 10 VLAN 1 and 10

Root bridge
Unblocked link
Blocked link
Blocked port

An STP/RSTP-enabled device can only send and receive STP/RSTP BPDUs, and
transparently transmit VBST BPDUs, so a spanning tree is formed in VLAN 1
as defined by STP/RSTP.
Assume that the congestion point of the spanning tree in VLAN 1 is on S4.
Because VBST runs on S4, so the congestion point exists in VLAN 1. S4 can
still receive and forward VBST BPDUs in VLAN 10. Loops occur in VLAN 10, so
spanning tree calculation in VLAN 10 is triggered. S1 and S2 transparently
transmit VBST BPDUs in VLAN 10, so only four interfaces on S3 and S4
participate in spanning tree calculation in VLAN 10. Then the spanning trees
in VLAN 1 and VLAN 10 are formed, as shown in Figure 16-3.
Assume that the blocking point of the spanning tree in VLAN 1 is on S2. STP/
RSTP runs on S2, so the blocking port exists on S2. S2 cannot forward VBST
BPDUs from VLAN 10 and no loop occurs in VLAN 10, so spanning tree
calculation in VLAN 10 is not triggered. VBST BPDUs from VLAN 10 can be
forwarded along the spanning tree in VLAN 1, that is, VLAN 10 and VLAN 1
share the spanning tree. as shown in Figure 16-3.
● On an access interface, a VBST-enabled device uses standard STP or RSTP
BPDUs to exchange with the remote end according to the VLAN that the
access interface belongs to. Topology calculation is performed as defined by
STP/RSTP. Because STP/RSTP does not differentiate VLANs, a spanning tree
shared by VLANs is formed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 838

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

When a VBST-enabled device connects to an STP/RSTP-enabled device, the trunk

interface must be used to connect the two devices and the blocking point must be
located on the VBST-enabled device to implement load balancing.

Interworking Between VBST and PVST/PVST+/Rapid PVST+

On a live network, a VBST-enabled device may connect to a device enabled with
PVST/PVST+/Rapid PVST+.
● Trunk interface
– When a VBST-enabled device connects to a device enabled with Rapid
PVST+, the VBST-enabled device sends standard RSTP BPDUs (or VBST
BPDUs with the Data field of RSTP BPDUs) and VBST BPDUs with the
Data field of RSTP BPDUs in other VLANs to exchange with the device
enabled with Rapid PVST+.
– When a VBST-enabled device connects to a device enabled with PVST+,
the VBST-enabled device sends standard STP BPDUs (or VBST BPDUs with
the Data field of STP BPDUs) and VBST BPDUs with the Data field of STP
BPDUs in other VLANs to exchange with the device enabled with PVST+.
– When a VBST-enabled device connects to a PVST-enabled device, packet
exchange is similar to that in the scenario where a VBST-enabled device
connects to a device enabled with PVST+. The difference is that the VBST-
enabled device and PVST-enabled device send only VBST BPDUs with the
Data field of STP BPDUs in VLAN 1.
The two devices can identify the BPDUs carrying VLAN information, so a
VLAN-based spanning tree is formed. The connection between a VBST-
enabled device and a device enabled with PVST/PVST+/Rapid PVST+ through
a trunk interface is similar to the connection between two VBST-enabled
devices.
● Access interface
A VBST-enabled device uses standard STP BPDUs to exchange with the device
enabled with PVST/PVST+ or RSTP BPDUs to exchange with the device
enabled with Rapid PVST+ according to the VLAN that the access interface
belongs to. Topology calculation is performed as defined by STP/RSTP.
Because STP/RSTP does not differentiate VLANs, a spanning tree shared by
VLANs is formed.

16.3 Application Scenarios for VBST

To improve reliability of an enterprise network, access switches often connect to
aggregation switches in dual-homing or multi-homing mode networking. In such
networking, one link is the active link, and other links are standby links. When
multiple links are used, loops may occur. As a result, broadcast storms occur and
MAC address entries are damaged. In addition, one access switch often needs to
transmit services from different VLANs.
Deploying MSTP can eliminate loops and load balance traffic from different
VLANs, whereas it is difficult to configure and maintain MSTP multi-instance and
multi-process.
You can deploy VBST. VBST constructs a spanning tree in each VLAN so that traffic
from different VLANs is forwarded through different spanning trees. This

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 839

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

eliminates loops and implements load balancing of traffic. In addition, VBST is

easy to configure and maintain.

Figure 16-4 VBST implementing load balancing

Core Network

SwitchA SwitchB
Aggregation
VLAN 10, 20, 30 switch

VLAN 10, 20 VLAN 20, 30

0 VL
,2 AN
10 20
,
A N 30
VL
Access
switch
SwitchC SwitchD

Spanning tree Spanning tree Spanning tree

for VLAN 10 for VLAN 20 for VLAN 30

Forwarding path for

Root bridge traffic from VLAN 30
Unblocked link Forwarding path for
Blocked link traffic from VLAN 20
Blocked port Forwarding path for
traffic from VLAN 10

As shown in Figure 16-4, SwitchC and SwitchD are access switches; SwitchA and
SwitchB are aggregation switches. SwitchC and SwitchD are dual-homed to
SwitchA and SwitchB. To eliminate loops and load balance traffic from different
VLANs, deploy VBST on SwitchA, SwitchB, SwitchC, and SwitchD. Configure
SwitchA as the root bridge of VLAN 10 and VLAN 20 and SwitchB as the root
bridge of VLAN 30.

Loops are eliminated based on VLANs. Figure 16-4 shows the formed spanning
trees and forwarding paths. In Figure 16-4, traffic from VLAN 10, VLAN 20, and
VLAN 30 is forwarded through their respective spanning trees. In this manner,
traffic from VLAN 10, VLAN 20, and VLAN 30 is load balanced on paths SwitchC<-
>SwitchA, SwitchD<->SwitchA, and SwitchD<->SwitchB.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 840

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

16.4 Summary of VBST Configuration Tasks

Table 16-2 describes the VBST configuration tasks. VBST blocks redundant links
and prunes a network into a tree topology to eliminate loops and implement load
balancing. You can perform the following configurations to meet requirements in
special scenarios:
● Setting VBST parameters that affect VBST convergence
● Configuring protection functions
● Setting parameters for interworking between a Huawei datacom device and a
non-Huawei device

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 841

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Table 16-2 VBST configuration tasks

Scenario Description Task

(Mandatory) Configure After you configure the 16.7 Configuring VBST

basic VBST functions operation mode of VBST
and start VBST, VBST
calculates the spanning
tree and prunes a
network into a tree
network to eliminate
loops. You can perform
the following
configurations to
manually adjust the
spanning tree calculation
result:
● Manually configure
the root bridge and
secondary root bridge.
● Configure the switch
priority. A smaller
priority value
indicates a higher
priority of the switch
and higher probability
of becoming the root
bridge.
● Configure the port
path cost. A smaller
path cost indicates a
smaller cost from the
port to the root
bridge and higher
probability of
becoming the root
port.
● Configure the port
priority. A smaller
priority value
indicates higher
probability of
becoming the
designated port.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 842

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Scenario Description Task

(Optional) Set VBST The network diameter, 16.8 Setting VBST

parameters that affect timeout interval, Hello Parameters That Affect
VBST convergence time, Max Age, and VBST Convergence
Forward Delay affect
VBST convergence.
Proper settings of these
parameters can speed up
VBST convergence speed.

(Optional) Configure Huawei datacom devices 16.9 Configuring

protection functions provide the following Protection Functions of
protection functions: VBST
● BPDU protection:
prevents malicious
attacks from bogus
BPDUs.
● TC protection: reduces
the impact of
malicious attacks
from bogus TCN
BPDUs.
● Root protection:
protects the role of
the root bridge by
retaining the role of
the designated port
and prevents network
congestion caused by
malicious attacks.
● Loop protection:
prevents loops caused
by link congestion.

(Optional) Set To implement 16.10 Setting

parameters for interworking between a Parameters for
interworking between a Huawei datacom device Interworking Between
Huawei datacom device and a non-Huawei a Huawei Datacom
and a non-Huawei device, configure the fast Device and a Non-
device transition mode Huawei Device
according to the
Proposal/Agreement
mechanism of the non-
Huawei device.

16.5 Licensing Requirements and Limitations for VBST

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 843

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Involved Network Elements

Other network elements also need to support VBST.

Licensing Requirements
VBST configuration commands are available only after the S1720GW, S1720GWR,
and S1720X have the license (WEB management to full management Electronic
RTU License) loaded and activated and the switches are restarted. VBST
configuration commands on other models are not under license control.
For details about how to apply for a license, see S Series Switch License Use
Guide.

Version Requirements

Table 16-3 Products and versions supporting VBST

Product Product Software Version
Model

S1700 S1720GFR V200R006C10, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S1720GW, V200R010C00, V200R011C00, V200R011C10

S1720GWR

S1720GW- V200R010C00, V200R011C00, V200R011C10

E,
S1720GWR
-E

S1720X, V200R011C00, V200R011C10

S1720X-E

Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.

S2700 S2700SI Not supported

S2700EI Not supported

S2710SI Not supported

S2720EI V200R006C10, V200R009C00, V200R010C00,

V200R011C10

S2750EI V200R005C00SPC300, V200R006C00, V200R007C00,

V200R008C00, V200R009C00, V200R010C00,
V200R011C00, V200R011C10

S3700 S3700SI Not supported

S3700EI Not supported

S3700HI Not supported

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 844

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Product Product Software Version

Model

S5700 S5700LI, V200R005C00SPC300, V200R006C00, V200R007C00,

S5700S-LI V200R008C00, V200R009C00, V200R010C00,
V200R011C00, V200R011C10

S5710-C-LI Not supported

S5710-X-LI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S5700SI V200R005C00

S5700EI V200R005(C00&C01&C02&C03)

S5710EI V200R005(C00&C02)

S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10

S5720LI, V200R010C00, V200R011C00, V200R011C10

S5720S-LI

S5720SI, V200R008C00, V200R009C00, V200R010C00,

S5720S-SI V200R011C00, V200R011C10

S5700HI V200R005(C00SPC500&C01&C02)

S5710HI V200R005(C00&C02&C03)

S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5730SI V200R011C10

S5730S-EI V200R011C10

S6700 S6700EI V200R005(C00&C01&C02)

S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, V200R011C00, V200R011C10

S6720S-LI

S6720SI, V200R011C00, V200R011C10

S6720S-SI

NOTE
To know details about software mappings, see Hardware Query Tool.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 845

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Feature Limitations
● Table 16-4 describes the specifications of VBST.

Table 16-4 Specifications of VBST

Item Specification

Number of protected VLANs 128

PV quantity (production of number ● The CPU usage of VBST is in

of VBST-enabled ports and number direct proportion to the PV
of VLANs) quantity.
● In V200R009 and earlier versions,
the S5720HI, S6720EI, and
S6720S-EI support a maximum of
1200 PVs, the S5720EI supports a
maximum of 600 PVs, and other
switches support a maximum of
300 PVs.
● In later versions of V200R009, the
S5720HI, S6720EI, and S6720S-EI
support a maximum of 1200 PVs,
the S1720X, S1720X-E, S5730SI,
S5730S-EI, S6720LI, S6720S-LI,
S6720SI, S6720S-SI, and S5720EI
supports a maximum of 1000
PVs, the S1720GFR, S2750EI, and
S5700LI support a maximum of
300 PVs, and other switches
support a maximum of 600 PVs.
● The number of PVs in the stack is
the sum of PVs of member
switches. However, the S5720EI
supports up to 2400 PVs.
● For an Eth-Trunk, the number of
PVs supported by the system is
the number of PVs supported by
the master device.
NOTICE
If the PV quantity exceeds the
specifications, the CPU usage may
exceed the threshold. As a result, the
switch cannot process tasks in a timely
manner, protocol calculation is affected,
and even the device cannot be managed
by the NMS.

● The switch does not support association between VBST and VPLS.
● When VBST is enabled on a ring network, VBST immediately starts spanning
tree calculation. Parameters such as the device priority and port priority affect
spanning tree calculation, and the change of these parameters may cause

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 846

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

network flapping. To ensure fast and stable spanning tree calculation, perform
basic configurations on the switch and interfaces before enabling VBST.
● If the protected instance has been configured in a SEP segment or ERPS ring
but the mapping between protected instances and VLANs is not configured,
VBST cannot be enabled.
● VBST cannot be enabled in the ignored VLAN or control VLAN used by ERPS,
RRPP, SEP, or Smart Link.
● If 1:N (N>1) mapping between MSTIs and VLANs has been configured on the
switch, delete the mapping before changing the STP working mode to VBST.
● If the stp vpls-subinterface enable command has been configured on a
switch, run the undo stp vpls-subinterface enable command on an interface
before changing the STP working mode to VBST.
● If the device has been configured as the root bridge or secondary root bridge,
run the undo stp vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> root command to
disable the root bridge or secondary root bridge function and run the stp vlan
{ vlan-id1 [ to vlan-id2 ] } &<1-10> priority priority command to change the
device priority.
● When more than 128 MSTIs are dynamically specified, STP is disabled in a
created VLAN in the configuration file, for example, stp vlan 100 disable.
● To prevent frequent network flapping, ensure that the values of Hello time,
Forward Delay, and Max Age conform to the following formulas:
– 2 x (Forward Delay - 1.0 second) ≥ Max Age
– Max Age ≥ 2 x (Hello Time + 1.0 second)
● After all ports are configured as edge ports and BPDU filter ports in the
system view, none of ports on the switch send BPDUs or negotiate the VBST
status with directly connected ports on the remote device. All ports are in
forwarding state. This may cause loops on the network, leading to broadcast
storms. Exercise caution when you configure a port as an edge port and BPDU
filter port.
● After a port is configured as an edge port and BPDU filter port in the
interface view, the port does not process or send BPDUs. The port cannot
negotiate the VBST status with the directly connected port on the peer device.
Exercise caution when you configure a port as an edge port and BPDU filter
port.
● Root protection takes effect only on designated ports.
● In VBST networking, if the link type of the local interface is set to access, the
link type of the remote interface must also be set to access; if the link types
of the local and remote interfaces are both not access, the PVIDs of the two
interfaces must be the same. Otherwise, the two devices cannot negotiate the
VBST status, failing to achieve loop prevention.
● If a switch has an alternate port (backup of the root port), configure loop
protection on both the root port and alternate port.

16.6 Default Settings for VBST

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 847

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Parameter Default Setting

Working mode MSTP

VBST Enabled globally, enabled on an interface, and

STP enabled in each VLAN

Switching device priority 32768

Port priority 128

Algorithm used to calculate Dot1t, IEEE 802.1t

the default path cost

Forward Delay 1500 centiseconds

Hello time 200 centiseconds

Max Age 2000 centiseconds

16.7 Configuring VBST

After you configure the operation mode of VBST and start VBST, VBST calculates
the spanning tree and prunes a network into a tree network to eliminate loops.
Network planners can also set parameters such as the switch priority, port path
cost, and port priority to adjust the spanning tree calculation result.

Pre-configuration Tasks
Before configuring basic VBST functions, connect ports and set the physical
parameters of each interface to make the physical layer in Up state. For details,
see Basic Configuration for Interfaces and Ethernet Interface Configuration in the
S1720, S2700, S5700, and S6720 V200R011C10 Configuration Guide - Interface
Management.

16.7.1 (Optional) Setting the Device Priority

Context
The device priority is used in spanning tree calculation, and determines whether
the device can be configured as a root bridge of a spanning tree. A smaller value
indicates a higher priority.
Generally, a high-performance switch at a high network layer is required to be
selected as the root bridge. However, the high-performance switch at a high
network layer may not have a high priority. It is necessary to set the device
priority to ensure that the device functions as the root bridge. Low-performance
devices at lower network layers are not fit to serve as root bridges. Therefore, set
low priorities for these devices.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 848

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run stp vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> priority priority

The priority of the switch in a specified VLAN is set.

By default, the priority of the device is 32768.

NOTE

If the device has been configured as the root bridge or secondary root bridge, to change the
device priority, run the undo stp vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> root command to
disable the root bridge or secondary root bridge function and run the stp vlan { vlan-id1
[ to vlan-id2 ] } &<1-10> priority priority command to set the device priority.

----End

16.7.2 (Optional) Setting the Path Cost for a Port

Context
A path cost is port-specific and is used by VBST to select a link. A port in different
VLANs may have different path costs on a network running VBST. Traffic from
different VLANs is forwarded through different physical links by setting a proper
path cost enable, therefore implementing VLAN-based load balancing.

The path cost value range is determined by the calculation method. The following
calculation methods are used:
● dot1d-1998: IEEE 802.1d standard is used to calculate the path cost.
● dot1t: IEEE 802.1T standard is used to calculate the path cost.
● legacy: Huawei calculation method is used to calculate the path cost.

After the calculation method is determined, the path cost of a port can be set.
Generally, a higher path cost indicates higher probability of a port to be blocked. If
the link rate of a port is small, you are advised to set a large path cost so that the
port is selected as the blocking port during spanning tree calculation and its link is
blocked.

The default path cost varies according to the interface rate. Huawei calculation
method is used as an example. Table 16-5 shows the mapping between link rates
and path costs.

Table 16-5 Mappings between link rates and path costs

Interface Rate Default Value Recommended Path Cost Range

Value Range

10 Mbit/s 2000 200-20000 1-200000

100 Mbit/s 200 20-2000 1-200000

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 849

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Interface Rate Default Value Recommended Path Cost Range

Value Range

1 Gbit/s 20 2-200 1-200000

10 Gbit/s 2 2-20 1-200000

Over 10 Gbit/s 1 1-2 1-200000

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run stp pathcost-standard { dot1d-1998 | dot1t | legacy }

A path cost calculation method is configured.

By default, IEEE 802.1T standard is used to calculate the path cost.

All switches on the same network must use the same path cost calculation
method.

Step 3 Run interface interface-type interface-number

The view of the Ethernet interface that participates in spanning tree calculation is
displayed.

Step 4 Run stp vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> cost cost

The path cost of the port in each VLAN is set.

● If Huawei calculation method is used, the path cost ranges from 1 to 200000.
● If IEEE 802.1D standard is used, the path cost ranges from 1 to 65535.
● If IEEE 802.1T standard is used, the path cost ranges from 1 to 200000000.

----End

16.7.3 (Optional) Configuring Port Priorities

Context
In VBST spanning tree calculation, the port path cost, bridge ID of the sending
switch, and port priority determine whether the port can be selected as the
designated port. A smaller priority value indicates higher probability of becoming
the designated port, and a larger priority value indicates higher probability of
becoming the blocking port.

On a network running VBST, a port can function as different roles in different

spanning trees so that traffic from different VLANs is forwarded through different
physical paths.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 850

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The view of the Ethernet interface that participates in spanning tree calculation is
displayed.
Step 3 Run stp vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> port priority priority
The priority of the port in each VLAN is set.
By default, the priority of a switch port is 128.

----End

16.7.4 (Optional) Manually Configuring the Mapping between

MSTIs and VLANs

Context
Based on the mappings between MSTIs and VLANs of MSTP, VBST maps each
MSTI to a VLAN to establish 1:1 mapping. The 1:1 mapping between MSTIs and
VLANs is used only by the switch to determine the VBST forwarding status. This
does not mean that VBST supports multi-instance.
The mapping between MSTIs and VLANs can be manually configured or
dynamically specified.
● You can manually configure the mapping between MSTIs and VLANs on the
switch. If a static mapping is also configured for a VLAN, the static mapping
takes effect.
● After VBST is enabled, the system dynamically allocates instance IDs to
existing or new VLANs in ascending order. The dynamically specified mapping
cannot be changed manually. After a VLAN is deleted or STP is disabled
globally, its mapping is automatically deleted.
NOTE

When more than 128 MSTIs are dynamically specified, if a VLAN is created, in the
configuration file, STP is disabled, for example, stp vlan 100 disable.

The following steps are performed to manually configure the mapping between
MSTIs and VLANs.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run stp region-configuration
The MST region view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 851

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Step 3 Run instance instance-id vlan vlan-id

1:1 mapping between MSTIs and VLANs is configured.
By default, all VLANs in an MST region are mapped to MSTI 0.

NOTE

After this step is performed, the dynamic mapping between MSTIs and VLANs cannot be
canceled even if VLANs are deleted or STP is disabled globally.

Step 4 Run active region-configuration

1:1 mapping between MSTIs and VLANs is activated.

NOTICE

The change of 1:1 mapping between MSTIs and VLANs causes VBST recalculation
and network flapping. Therefore, it is recommended that you run the check
region-configuration command in the MST region view to check whether the
parameters of the MST region are set correctly before activating the configuration
of the MST region. When determining that parameters of the MST region are set
correctly, run the active region-configuration command to activate 1:1 mapping
between MSTIs and VLANs.

----End

16.7.5 Enabling VBST

Context
The VBST configuration takes effect only when VBST is enabled.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 852

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

NOTICE

When VBST is enabled on a ring network, VBST immediately starts spanning tree
calculation. Parameters such as the switch priority and port priority affect
spanning tree calculation, and change of these parameters may cause network
flapping. To ensure fast and stable spanning tree calculation, perform basic
configurations on the switch and ports before enabling VBST.
The PV quantity is the number of VBST-enabled interfaces multiplied by the
number of VLANs. If the PV quantity exceeds the specifications, the CPU usage
may exceed the threshold. As a result, the switch cannot process tasks in a timely
manner, protocol calculation is affected, and even the device cannot be managed
by the NMS. The PV quantity supported by the device is as follows:
● The CPU usage of VBST is in direct proportion to the PV quantity.
● The S5720HI, S6720EI, and S6720S-EI support up to 1200 PVs, the S1720X,
S1720X-E, S6720LI, S6720S-LI, S6720SI, S6720S-SI, S5730SI, S5730S-EI, and
S5720EI supports up to 1000 PVs, the S1720GFR, S2750EI, and S5700LI support
up to 300 PVs, and other switches support up to 600 PVs.
● The number of PVs in the stack is the sum of PVs of member switches.
However, the S5720EI supports up to 2400 PVs.
● For an Eth-Trunk, the number of PVs supported by the system is the number of
PVs supported by the master device.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run stp mode vbst

The working mode of the switch is set to VBST.

By default, the switch works in MSTP mode.

NOTE

● The VBST mode cannot be used with the STP/RSTP/MSTP mode.

● If a protected instance in a segment has been configured by the protected-instance
(sep segment view) command or a protected instance in an ERPS ring has been
configured by the protected-instance (ERPS ring view) command, you must perform
the operation of 16.7.4 (Optional) Manually Configuring the Mapping between
MSTIs and VLANs. Otherwise, the STP working mode cannot be changed to VBST.
● If 1:N (N>1) mapping between MSTIs and VLANs has been configured on the switch,
the mapping must be deleted before changing the STP working mode to VBST.
● On the S5720EI, S5720HI, S6720EI, and S6720S-EI, if stp vpls-subinterface enable has
been configured on the switch, the undo stp vpls-subinterface enable command must
be run on the interface before changing the STP working mode to VBST.

Step 3 Run stp enable

Global STP is enabled.

By default, STP is enabled globally.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 853

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Step 4 Run stp vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> enable

VBST is enabled in the specified VLANs.

By default, VBST is enabled in each VLAN.

NOTE

VBST cannot be enabled in the ignored VLAN or control VLAN used by ERPS, RRPP, SEP, or
Smart Link.
If VLAN mapping or VLAN stacking is configured on an interface corresponding to the
VLAN, VBST negotiation for this VLAN will fail.

Step 5 Run interface interface-type interface-number

The interface view is displayed.

Step 6 Run stp enable

STP is enabled on the interface.

By default, STP is enabled on each switch interface.

NOTE

STP cannot be used with SEP or Smart Link. An STP-enabled interface cannot join a SEP
segment or Smart Link group. Similarly, the interface that has joined the SEP segment or
Smart Link group cannot be enabled with STP.

----End

16.7.6 Verifying the Basic VBST Configuration

Procedure
● Run the display stp [ vlan vlan-id ] [ interface interface-type interface-
number | slot slot-id ] [ brief ] command to check the spanning tree status
and statistics.
● Run the display stp [ vlan vlan-id ] active command to check details of and
statistics on spanning trees of all ports in Up state.
● Run the display stp [ vlan vlan-id ] bridge { root | local } command to check
the spanning tree status of the local bridge and root bridge.
● Run the display stp global command to check the summary of the spanning
tree protocol.
● Run the display stp region-configuration command to check the mapping
between instances and VLANs.

----End

16.8 Setting VBST Parameters That Affect VBST

Convergence

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 854

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Context
After basic VBST functions are configured, VBST implements fast convergence
using default parameters. To achieve better convergence, set parameters that
affect VBST convergence. All steps in this configuration task are optional. You can
perform the steps as needed.

Pre-configuration Tasks
Before configuring VBST parameters that affect VBST convergence, perform the
task of 16.7 Configuring VBST.

16.8.1 Setting the Network Diameter

Context
Any two terminals on a switching network are connected through a specific path
along which multiple devices are located. The network diameter is the maximum
number of devices between any two terminals. A larger network diameter
indicates a larger network scale.
An improper network diameter may cause slow network convergence and affect
communication. Setting a proper network diameter according to the network scale
helps speed up network convergence.
The switch calculates the Forward Delay, Hello time, and Max-Age based on the
configured network diameter. It is recommended that you set the network
diameter to configure timers.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run stp vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> bridge-diameter diameter
A network diameter is set.
By default, the network diameter is 7.
● Rapid Spanning Tree Protocol (RSTP) uses a single spanning tree instance on
the entire network. As a result, performance deteriorates when the network
scale grows. Therefore, the network diameter cannot be larger than 7.
● It is recommended that all devices on a ring network use the same network
diameter.

----End

16.8.2 Setting Values of VBST Timers

Context
VBST uses the following parameters in spanning tree calculation:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 855

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

● Forward Delay: determines the interval for port status transition. On a

network where a spanning tree algorithm is used, when the network topology
changes, new BPDUs are transmitted throughout the network after a given
period of time. During the period, the port that should enter the blocking
state may be not blocked and the originally blocked port may be unblocked,
causing temporary loops. To address this problem, set the Forward Delay
during which all ports are blocked temporarily.
● Hello Time: is the interval at which Hello packets are sent. The switch sends
BPDUs to neighboring devices at an interval of the Hello Time to check
whether links are faulty. If the switch does not receive any BPDU within the
timeout period (timeout period = Hello Time x 3 x Timer Factor), the switch
recalculates the spanning tree due to BPDU timeout.
● Max Age: determines whether BPDUs expire. The switch determines whether
the received BPDU expires based on this value. If the received BPDU expires,
the spanning tree needs to be recalculated.

Devices on a ring network must use the same values of Forward Delay, Hello
Time, and Max Age.

Generally, you are not advised to adjust values of the three parameters. This is
because the three parameters are relevant to the network scale. It is
recommended that the network diameter be adjusted so that the spanning tree
protocol automatically adjusts the three parameters. When the default network
diameter is used, the default values of the three parameters are used.

NOTICE

To prevent frequent network flapping, ensure that the values of Hello time,
Forward Delay, and Max Age conform to the following formulas:
● 2 x (Forward Delay - 1.0 second) ≥ Max Age
● Max Age ≥ 2 x (Hello time + 1.0 second)

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Set values of Hello time, Forward Delay, and Max Age.
● Run stp vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> timer forward-delay
forward-delay
The value of Forward Delay is set.
By default, the value of Forward Delay is 1500 centiseconds.
● Run stp vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> timer hello hello-time
The value of Hello time is set.
By default, the value of Hello time is 200 centiseconds.
● Run stp vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> timer max-age max-age
The value of Max Age is set.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 856

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

By default, the value of Max Age is 2000 centiseconds.

----End

16.8.3 Setting the VBST Timeout Interval

Context
The timeout interval of the switch is calculated through the following formula:
● Timeout interval = Hello time x 3 x Timer factor
On a network running VBST, when the network topology becomes stable, the non-
root-bridge switch forwards BPDUs sent by the root bridge to neighboring
switches at an interval of Hello time to check whether links are faulty. If the
switch does not receive any BPDU from the upstream device within the timeout
interval, the switch considers that the upstream device fails and recalculates the
spanning tree.
Sometimes, the switch may not receive BPDUs in a long time from the upstream
device because the upstream device is busy. In this case, the device should not
recalculate its spanning tree. Therefore, you can set a long timeout interval for the
device on a stable network to reduce waste of network resources.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run stp timer-factor factor
The timeout interval for the switch to wait for BPDUs from the upstream device is
set.
By default, the timeout interval is 9 times the value of Hello time.

----End

16.8.4 Setting the Link Type for a Port

Context
Implementing fast convergence on a P2P link is easy. If the two ports connected to
a P2P link are root or designated ports, the ports can transit to the forwarding
state quickly by sending Proposal and Agreement packets. This reduces the
forwarding delay.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 857

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

The view of the interface that participates in spanning tree calculation is

displayed.

Step 3 Run stp point-to-point { auto | force-false | force-true }

The link type of the interface is set.

By default, the link type of a port is auto.

● If the Ethernet port works in full-duplex mode, the port is connected to a P2P
link. You can specify force-true to implement fast convergence.
● If the Ethernet port works in half-duplex mode, specify force-true to forcibly
set the link type to P2P to implement fast convergence.
● In other situations, specify auto so that the port identifies whether it is
connected to a P2P link.

----End

16.8.5 Setting the Maximum Transmission Rate of a Port

Context
The maximum transmission rate of a port indicates the maximum number of
BPDUs sent per second. A larger value of the maximum transmission rate of a port
indicates more BPDUs sent at an interval of Hello time and therefore more system
resources are occupied.

Setting the proper value of this parameter prevents excess bandwidth usage when
route flapping occurs. If network flapping occurs frequently, and the switch needs
to detect topology change in a timely manner and has sufficient bandwidth
resources, set a large value for this parameter.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The view of the interface that participates in spanning tree calculation is

displayed.

Step 3 Run stp transmit-limit packet-number

The maximum number of BPDUs that the port can send at an interval of Hello
time is set.

By default, a port sends a maximum of 6 BPDUs per second.

NOTE

If the maximum number of BPDUs needs to be set on all ports of the switch, run the stp
transmit-limit (system view) command.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 858

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

16.8.6 Manually Switching to the VBST Mode

Context
When a port on a VBST-enabled switch is connected to an STP-enabled switch, the
port automatically switches to the STP mode.

In the following cases, you need to switch the port back to the VBST mode
manually:

● The STP-enabled switch is shut down or disconnected.

● The STP-enabled switch is switched to the RSTP/MSTP mode.

When a VBST-enabled switch connects to an MSTP-enabled switch, the connected

port of the MSTP-enabled switch automatically switches to the RSTP mode
through negotiation. When the VBST-enabled switch switches to the MSTP mode,
the connected ports of the two switches may still work in RSTP mode due to the
time sequence problem. You can perform the following operations to manually
switch the ports to the MSTP mode.

Procedure
● Switching a port to the VBST mode
a. Run system-view

The system view is displayed.

b. Run interface interface-type interface-number

The view of the interface that participates in spanning tree calculation is

displayed.
c. Run stp mcheck

The port is switched to the VBST mode.

● Switching the switch to the VBST mode
a. Run system-view

The system view is displayed.

b. Run stp mcheck

The switch is switched to the VBST mode.

After the switch is switched to the VBST mode in the system view, all
ports switch to the VBST mode.

----End

16.8.7 Configuring a VBST Convergence Mode

Context
When the topology of an MSTI changes, the forwarding path of the VLAN
mapping the MSTI also changes. The MAC address entries and ARP entries

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 859

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

relevant to the VLAN need to be updated. VBST provides the following

convergence modes:
● fast: The system directly deletes ARP entries to be updated.
● normal: The system rapidly ages ARP entries to be updated.
In fast or normal mode, the system directly deletes MAC addresses.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run stp converge { fast | normal }
A convergence mode is configured.
By default, the VBST convergence mode of a port is normal.

NOTE

normal is recommended. If fast is used, frequently deleting ARP entries may result in 100%
CPU usage of the device. As a result, packets are not processed in a timely manner and
network flapping occurs.

----End

16.8.8 Configuring a Port as an Edge Port and BPDU Filter

Port

Context
If a designated port is located at the edge of a network and is directly connected
to terminals, this port is called edge port. The switch does not learn whether a
port is directly connected to terminals, and the port needs to be manually
configured as an edge port.
An edge port does not receive or process configuration BPDUs, or participate in
VBST calculation. It can transit from Disable to Forwarding without any delay to
implement fast convergence.
After a designated port is configured as an edge port, the port can still send
BPDUs. Then BPDUs are sent to other networks, causing flapping of other
networks. You can configure a port as an edge port and BPDU filter port so that
the port does not process or send BPDUs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 860

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

NOTICE

● After all ports are configured as edge ports and BPDU filter ports in the system
view, none of ports on the switch send BPDUs or negotiate the VBST status
with directly connected ports on the peer device. All ports are in forwarding
state. This may cause loops on the network, leading to broadcast storms.
Exercise caution when you configure a port as an edge port and BPDU filter
port.
● After a port is configured as an edge port and BPDU filter port in the interface
view, the port does not process or send BPDUs. The port cannot negotiate the
VBST status with the directly connected port on the peer device. Exercise
caution when you configure a port as an edge port and BPDU filter port.

Procedure
● Configuring all ports as edge ports and BPDU filter ports in the system view
a. Run system-view
The system view is displayed.
b. Run stp edged-port default
All ports are configured as edge ports.
By default, a port is a non-edge port.
c. Run stp bpdu-filter default
All ports are configured as BPDU filter ports.
By default, a port is a non-BPDU filter port.
● Configuring a port as an edge port and BPDU filter port in the interface view
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The view of the Ethernet interface that participates in spanning tree
calculation is displayed.
c. Run stp edged-port enable
The port is configured as an edge port.
By default, a port is a non-edge port.
d. Run stp bpdu-filter enable
The port is configured as a BPDU filter port.
By default, a port is a non-BPDU filter port.
----End

16.8.9 Verifying the Configuration of VBST Parameters That

Affect VBST Convergence

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 861

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Procedure
● Run the display stp [ vlan vlan-id ] [ interface interface-type interface-
number | slot slot-id ] [ brief ] command to check the spanning tree status
and statistics.
● Run the display stp [ vlan vlan-id ] active command to check details of and
statistics on spanning trees of all ports in Up state.
● Run the display stp [ vlan vlan-id ] bridge { root | local } command to check
the spanning tree status of the local bridge and root bridge.
● Run the display stp global command to check the summary of the spanning
tree protocol.

----End

16.9 Configuring Protection Functions of VBST

VBST provides BPDU protection, TC protection, root protection, and loop
protection, and you can configure one or more protection functions as needed.

Pre-configuration Tasks
Before configuring protection functions of VBST, complete the following task:
● Perform the task of 16.7 Configuring VBST.
● (Optional) Perform the operation of Configuring an Edge Port before
configuring BPDU protection.

16.9.1 Configuring BPDU Protection on the Switch

Context
Edge ports are directly connected to user terminals and will not receive BPDUs. If
a switch is attacked by bogus BPDUs, edge ports will receive these BPDUs. The
switch then sets the edge ports as non-edge ports and recalculates the spanning
tree, resulting in network flapping.

BPDU protection can be used to protect the switch against malicious attacks. After
BPDU protection is enabled on the switch, the switch shuts down an edge port if
the edge port receives a BPDU.

Perform the following operations on the switch configured with an edge port.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run stp bpdu-protection

BPDU protection is enabled on the switch.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 862

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

By default, BPDU protection is disabled on the switch.

----End

Follow-up Procedure
To configure a shutdown edge port to go Up automatically, run the error-down
auto-recovery cause bpdu-protection interval interval-value command in the
system view to configure the automatic recovery function and set the recovery
delay. After the delay expires, the port automatically goes Up. Note the following
when setting interval interval-value:
● A smaller value indicates a shorter delay for the port to go Up automatically
and a higher frequency at which the port alternates between Up and Down
states.
● A larger value indicates a longer delay for the port to go Up automatically
and longer traffic interruption.

16.9.2 Configuring TC Protection on the Switch

Context
When malicious attackers send bogus TC BPDUs to attack the switch, the switch
receives a large number of TC BPDUs within a short time. If MAC address entries
and ARP entries are deleted frequently, the switch is heavily burdened, causing
potential risks to the network.

TC protection is used to suppress TC BPDUs. You can set the number of times the
switch processes TC BPDUs within a given time period. If the number of TC BPDUs
that the switch receives within a given time exceeds the specified threshold, the
switch processes TC BPDUs only for the specified number of times. After the
specified number of times is reached, the switch processes excess TC BPDUs at one
time only. For example, the period is set to 10s and the threshold is set to 5. After
the switch receives TC BPDUs, the switch processes the first five TC BPDUs within
10s. After 10s, the switch processes subsequent TC BPDUs. In this way, the switch
does not need to frequently delete MAC entries and ARP entries.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Configure either of or both of the parameters.

● Run stp tc-protection interval interval-value
The time taken by the switch to process the maximum of TC BPDUs is 10s.
By default, the time is the Hello timer length.
● Run stp tc-protection threshold threshold
10102
The maximum number of TC BPDUs processed by the switch in a given time is
set.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 863

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

By default, the default number of times that the switch handles the TC BPDUs
and updates forwarding entries is 1 within a unit time.
NOTE

Within the time specified by stp tc-protection interval, the switch processes TC BPDUs of a
number specified by stp tc-protection threshold. Other packets are delayed, so
convergence may be affected.

----End

16.9.3 Configuring Root Protection on a Port

Context
Due to incorrect configurations or malicious attacks on a network, a valid root
bridge may receive BPDUs with a higher priority. Consequently, the valid root
bridge is no longer able to serve as the root bridge and the network topology is
changed, triggering spanning tree recalculation. As a result, traffic may be
switched from high-speed links to low-speed links, causing network congestion. To
prevent network congestion, enable root protection on the switch to protect the
role of the root switch by retaining the role of the designated port.

NOTE

Root protection takes effect only on designated ports.

Perform the following operations on the root bridge.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The Ethernet interface view is displayed.
Step 3 Run stp root-protection
Root protection is enabled on the switch.
By default, root protection is disabled on a switch port.

----End

16.9.4 Configuring Loop Protection on a Port

Context
On a network running VBST, the switch maintains the root port status and status
of blocked ports by receiving BPDUs from an upstream switch. If the switch cannot
receive any BPDU from the upstream switch because of link congestion or
unidirectional link failures, the switch selects a new root port. The original root
port becomes a designated port and the original blocked ports change to the

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 864

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Forwarding state. This switching may cause network loops, which can be
mitigated by configuring loop protection.

If the root port or alternate port does not receive BPDUs from the upstream device
for a long time, the switch enabled with loop protection sends a notification to the
NMS. If the root port is used, the root port enters the Discarding state and
becomes the designated port. If the alternate port is used, the alternate port
keeps blocked and becomes the designated port. In this case, loops will not occur.
After the link is not congested or unidirectional link failures are rectified, the port
receives BPDUs for negotiation and restores its original role and status.

NOTE

An alternate port is the backup of the root port. If a switch has an alternate port, you need
to configure loop protection on both the root port and alternate port.
Perform the following operations on the root port and alternate port of the switch.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The view of the root port or alternate port is displayed.

Step 3 Run stp loop-protection

Loop protection is enabled.

By default, loop protection is disabled on a switch port.

----End

16.9.5 Verifying the Configuration of VBST Protection

Functions

Procedure
● Run the display stp [ vlan vlan-id ] [ interface interface-type interface-
number | slot slot-id ] [ brief ] command to check the spanning tree status,
including the root protection status and information about other protection
functions.
● Run the display stp [ vlan vlan-id ] active command to check details of and
statistics on spanning trees of all ports in Up state, including the root
protection status and information about other protection functions.
● Run the display stp global command to check the summary of the spanning
tree protocol.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 865

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

16.10 Setting Parameters for Interworking Between a

Huawei Datacom Device and a Non-Huawei Device

Context
To implement interworking between a Huawei datacom device and a non-Huawei
device, configure the fast transition mode according to the Proposal/Agreement
mechanism of the non-Huawei device. The switch supports the following modes
on the Proposal/Agreement mechanism:
● Enhanced mode: The port participates in calculation of the root port when
calculating the synchronization flag bit.
a. An upstream device sends a Proposal message to a downstream device,
requesting fast transition. After receiving the message, the downstream
device sets the port connected to the upstream device as a root port and
blocks all non-edge ports.
b. The upstream device then sends an Agreement message to the
downstream device. After the downstream device receives the message,
the root port transitions to the Forwarding state.
c. The downstream device sends an Agreement message to the upstream
device. After receiving the Agreement message, the upstream device sets
the port connected to the downstream device as a designated port, and
the designated port transitions to the Forwarding state.
● Common mode: The port ignores the root port when calculating the
synchronization flag bit.
a. An upstream device sends a Proposal message to a downstream device,
requesting fast transition. After receiving the Proposal message, the
downstream device sets the port connected to the upstream device as a
root port and blocks all non-edge ports. The root port then transitions to
the Forwarding state.
b. The downstream device sends an Agreement message to the upstream
device. After receiving the Agreement message, the upstream device sets
the port connected to the downstream device as a designated port, and
the designated port transitions to the Forwarding state.
On a network running VBST protocol, a Huawei datacom device and the
connected non-Huawei device may fail to communicate if they use different
Proposal/Agreement modes. The Huawei datacom device can select the same
mode as that on the non-Huawei device to implement interworking.
If Huawei datacom device and Handreamnet switch are deployed on the VBST
network, non-standard STP/RSTP packets sent by the Handreamnet switch may
cause temporary loops. Therefore, the Huawei datacom device interface needs to
be configured to discard non-standard STP/RSTP packets to prevent temporary
loops.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 866

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Pre-configuration Tasks
Before setting parameters for interworking between a Huawei datacom device and
a non-Huawei device, perform the task of 16.7 Configuring VBST.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The view of the interface that participates in spanning tree calculation is
displayed.
Step 3 Run stp no-agreement-check
The common mode is configured.
By default, the enhanced mode is used on a port.
Step 4 (Optional) Run stp agreement-legacy
The interface is configured to discard non-standard STP/RSTP packets sent by the
Handreamnet switch.
By default, Huawei datacom device interface does not discard non-standard STP/
RSTP packets sent by the Handreamnet switch.
Step 5 (Optional) Run stp revertive slow
The interface is configured the delay in revertive switching during VBST calculation
on a port.

NOTE

● When a VBST-enabled switch interworks with a PVST-enabled third-party device that

does not support P/A negotiation, negotiation is asynchronous. As a result, the network
convergence time is long. If the remote device is the root bridge and the VBST-enabled
switch provides the alternate port in addition to the interconnected port, you can enable
the delay in revertive switching on the interconnected interface. The delay is calculated
as follows: 2 * Forward Delay + 8s After the delay function is enabled, the remote
interface first completes spanning tree calculation when the port status changes. Then
the local interface performs spanning tree status switching. During status switching,
services are not interrupted.
● After the delay in revertive switching is enabled on a port, this function takes effect for
all VLANs that the interface joins in. If there is no alternate port in the VLAN where the
interconnected port belongs, the port needs to wait for the delay for recovery. Exercise
caution when you run this command in this situation.

----End

16.11 Maintaining VBST

16.11.1 Displaying VBST Running Information and Statistics

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 867

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Context
You can view the VBST running information and statistics on VBST BPDUs. If the
number of topology change times increases, network flapping occurs.

Procedure
● Run the display stp [ vlan vlan-id ] topology-change command to check
VBST topology change statistics.
● Run the display stp error packet command to check the number of received
error packets and the content of recently received error packets.
● Run the display vbst [ vlan vlan-id ] [ interface interface-type interface-
number | slot slot-id ] bpdu-statistics command to check BPDU statistics.
● Run the display stp [ vlan vlan-id ] [ interface interface-type interface-
number | slot slot-id ] tc-bpdu statistics command to check statistics on TC
or TCN BPDUs on the VBST-enabled port.
----End

16.11.2 Clearing VBST Statistics

Context
Before recollecting statistics on VBST BPDUs in a certain period, clear existing
statistics on VBST BPDUs.

NOTICE

Cleared statistics on VBST BPDUs cannot be restored. Exercise caution when you
run the reset vbst command.

Procedure
● Run the reset vbst [ interface interface-type interface-number | slot slot-id ]
bpdu-statistics command in the user view to clear statistics on VBST BPDUs.
----End

16.12 Example for Configuring VBST

Networking Requirements
As shown in Figure 16-5, SwitchC and SwitchD (access switches) are dual-homed
to SwitchA and SwitchB (aggregation switches) respectively. SwitchC transmits
traffic from VLAN 10 and VLAN 20, and SwitchD transmits traffic from VLAN 20
and VLAN 30. A ring network is formed between the access layer and aggregation
layer. The enterprise requires that service traffic in each VLAN be correctly
forwarded and service traffic from different VLANs be load balanced to improve
link use efficiency.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 868

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Figure 16-5 VBST networking

Core Network

SwitchA SwitchB
GE0/0/1 GE0/0/1
VLAN10, 20, 30
GE0/0/3 GE0/0/2 GE0/0/2 GE0/0/3

VLAN10, 20 VLAN20, 30
20 VL
10, AN
N 20
VLA ,3
0
GE0/0/3 GE0/0/3
GE0/0/2 GE0/0/2
SwitchC SwitchD

GE0/0/4 GE0/0/5 GE0/0/4 GE0/0/5

VLAN10 VLAN20 VLAN20 VLAN30

Spanning tree Spanning tree Spanning tree

for VLAN 10 for VLAN 20 for VLAN 30

Root bridge
Unblocked link
Blocked link
Blocked port

Configuration Roadmap
VBST can be used to eliminate loops between the access layer and aggregation
layer and ensures that service traffic in each VLAN is correctly forwarded. In
addition, traffic from different VLANs can be load balanced. The configuration
roadmap is as follows:

1. Configure Layer 2 forwarding on access and aggregation switches.

2. Configure basic VBST functions on SwitchA, SwitchB, SwitchC, and SwitchD.
Perform the following operations so that a spanning tree shown in Figure
16-5 is formed through calculation:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 869

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

– Configure the root bridge and secondary root bridge of VLAN 10 as

SwitchA and SwitchB respectively, configure the root bridge and
secondary root bridge of VLAN 20 as SwitchA and SwitchB respectively,
and configure the root bridge and secondary root bridge of VLAN 30 as
SwitchB and SwitchA respectively, to ensure root bridge reliability.
– Set a larger path cost for GE0/0/2 on SwitchC in VLAN 10 and VLAN 20
so that GE0/0/2 is blocked in spanning trees of VLAN 10 and VLAN 20
accordingly, set a larger path cost for GE0/0/2 on SwitchD in VLAN 20
and VLAN 30 so that GE0/0/2 is blocked in the spanning tree of VLAN 20
and VLAN 30 accordingly.
3. Configure ports on SwitchC and SwitchD connected to terminals as edge ports
to reduce VBST topology calculation and improve topology convergence.

Procedure
Step 1 Configure Layer 2 forwarding on switches on the ring network.
● Create VLAN 10, VLAN 20, and VLAN 30 on SwitchA, SwitchB, SwitchC, and
SwitchD.
# Create VLAN 10, VLAN 20, and VLAN 30 on SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 10 20 30

# Create VLAN 10, VLAN 20, and VLAN 30 on SwitchB.

<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 10 20 30

# Create VLAN 10 and VLAN 20 on SwitchC.

<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] vlan batch 10 20

# Create VLAN 20 and VLAN 30 on SwitchD.

<HUAWEI> system-view
[HUAWEI] sysname SwitchD
[SwitchD] vlan batch 20 30

● Add ports connected to the ring to VLANs.

# Add GE0/0/1 on SwitchA to VLAN 10, VLAN 20, and VLAN 30.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 20 30
[SwitchA-GigabitEthernet0/0/1] quit

# Add GE0/0/2 on SwitchA to VLAN 20 and VLAN 30.

[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 20 30
[SwitchA-GigabitEthernet0/0/2] quit

# Add GE0/0/3 on SwitchA to VLAN 10 and VLAN 20.

[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] port link-type trunk
[SwitchA-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 20
[SwitchA-GigabitEthernet0/0/3] quit

# Add GE0/0/1 on SwitchB to VLAN 10, VLAN 20, and VLAN 30.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type trunk

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 870

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 20 30

[SwitchB-GigabitEthernet0/0/1] quit

# Add GE0/0/2 on SwitchB to VLAN 10 and VLAN 20.

[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type trunk
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 10 20
[SwitchB-GigabitEthernet0/0/2] quit

# Add GE0/0/3 on SwitchB to VLAN 20 and VLAN 30.

[SwitchB] interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] port link-type trunk
[SwitchB-GigabitEthernet0/0/3] port trunk allow-pass vlan 20 30
[SwitchB-GigabitEthernet0/0/3] quit

# Add GE0/0/2 on SwitchC to VLAN 10 and VLAN 20.

[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] port link-type trunk
[SwitchC-GigabitEthernet0/0/2] port trunk allow-pass vlan 10 20
[SwitchC-GigabitEthernet0/0/2] quit

# Add GE0/0/3 on SwitchC to VLAN 10 and VLAN 20.

[SwitchC] interface gigabitethernet 0/0/3
[SwitchC-GigabitEthernet0/0/3] port link-type trunk
[SwitchC-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 20
[SwitchC-GigabitEthernet0/0/3] quit

# Add GE0/0/4 on SwitchC to VLAN 10 and GE0/0/5 to VLAN 20.

[SwitchC] interface gigabitethernet 0/0/4
[SwitchC-GigabitEthernet0/0/4] port link-type access
[SwitchC-GigabitEthernet0/0/4] port default vlan 10
[SwitchC-GigabitEthernet0/0/4] quit
[SwitchC] interface gigabitethernet 0/0/5
[SwitchC-GigabitEthernet0/0/5] port link-type access
[SwitchC-GigabitEthernet0/0/5] port default vlan 20
[SwitchC-GigabitEthernet0/0/5] quit

# Add GE0/0/2 on SwitchD to VLAN 20 and VLAN 30.

[SwitchD] interface gigabitethernet 0/0/2
[SwitchD-GigabitEthernet0/0/2] port link-type trunk
[SwitchD-GigabitEthernet0/0/2] port trunk allow-pass vlan 20 30
[SwitchD-GigabitEthernet0/0/2] quit

# Add GE0/0/3 on SwitchD to VLAN 20 and VLAN 30.

[SwitchD] interface gigabitethernet 0/0/3
[SwitchD-GigabitEthernet0/0/3] port link-type trunk
[SwitchD-GigabitEthernet0/0/3] port trunk allow-pass vlan 20 30
[SwitchD-GigabitEthernet0/0/3] quit

# Add GE0/0/4 on SwitchD to VLAN 20 and GE0/0/5 to VLAN 30.

[SwitchD] interface gigabitethernet 0/0/4
[SwitchD-GigabitEthernet0/0/4] port link-type access
[SwitchD-GigabitEthernet0/0/4] port default vlan 20
[SwitchD-GigabitEthernet0/0/4] quit
[SwitchD] interface gigabitethernet 0/0/5
[SwitchD-GigabitEthernet0/0/5] port link-type access
[SwitchD-GigabitEthernet0/0/5] port default vlan 30
[SwitchD-GigabitEthernet0/0/5] quit

Step 2 Configure basic VBST functions.

1. Configure switches on the ring network to work in VBST mode.
# Configure SwitchA to work in VBST mode.
[SwitchA] stp mode vbst

# Configure SwitchB to work in VBST mode.

[SwitchB] stp mode vbst

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 871

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

# Configure SwitchC to work in VBST mode.

[SwitchC] stp mode vbst
# Configure SwitchD to work in VBST mode.
[SwitchD] stp mode vbst
2. Configure the root bridge and secondary root bridge.
– Configure the root bridge and secondary root bridge in VLAN 10.
# Configure SwitchA as the root bridge in VLAN 10.
[SwitchA] stp vlan 10 root primary
# Configure SwitchB as the secondary root bridge in VLAN 10.
[SwitchB] stp vlan 10 root secondary
– Configure the root bridge and secondary root bridge in VLAN 20.
# Configure SwitchA as the root bridge in VLAN 20.
[SwitchA] stp vlan 20 root primary
# Configure SwitchB as the secondary root bridge in VLAN 20.
[SwitchB] stp vlan 20 root secondary
– Configure the root bridge and secondary root bridge in VLAN 30.
# Configure SwitchB as the root bridge in VLAN 30.
[SwitchB] stp vlan 30 root primary
# Configure SwitchA as the secondary root bridge in VLAN 30.
[SwitchA] stp vlan 30 root secondary
3. Configure the path cost for a port so that the port can be blocked.
NOTE

– The path cost range depends on the algorithm. IEEE 802.1t standard is used as an
example. Set the path costs of the ports to be blocked to 2000000.
– All switches on the same network must use the same path cost calculation
method.
# Set the path cost of GE0/0/2 on SwitchC to 2000000 in VLAN 10 and VLAN
20.
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] stp vlan 10 cost 2000000
[SwitchC-GigabitEthernet0/0/2] stp vlan 20 cost 2000000
[SwitchC-GigabitEthernet0/0/2] quit
# Set the path cost of GE0/0/2 on SwitchD to 2000000 in VLAN 20 and VLAN
30.
[SwitchD] interface gigabitethernet 0/0/2
[SwitchD-GigabitEthernet0/0/2] stp vlan 20 cost 2000000
[SwitchD-GigabitEthernet0/0/2] stp vlan 30 cost 2000000
[SwitchD-GigabitEthernet0/0/2] quit
4. Enable VBST to eliminate loops.
– Disable VBST in VLAN 1.
NOTE

By default, all interfaces join VLAN 1 and VBST in VLAN 1 is enabled. In this
example, to reduce spanning tree calculation, VBST is disabled in VLAN 1. To
prevent loops in VLAN 1 after VBST is disabled, delete interfaces from VLAN 1.
# Disable VBST in VLAN 1 on SwitchA. The configurations on SwitchB,
SwitchC, and SwitchD are similar to the configuration of SwitchA, and are
not mentioned here.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 872

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

[SwitchA] stp vlan 1 disable

# Delete GE0/0/1 through GE0/0/3 on SwitchA from VLAN 1. The

configurations on SwitchB, SwitchC, and SwitchD are similar to the
configuration of SwitchA, and are not mentioned here. The difference is
that GE0/0/4 and GE0/0/5 on SwitchC and SwitchD do not need to be
removed from VLAN 1.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet0/0/2] quit
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet0/0/3] quit

– Enable VBST globally.

# Enable global VBST on SwitchA.
[SwitchA] stp enable

# Enable global VBST on SwitchB.

[SwitchB] stp enable

# Enable global VBST on SwitchC.

[SwitchC] stp enable

# Enable global VBST on SwitchD.

[SwitchD] stp enable

– Enable VBST globally.

By default, VBST is enabled globally.
Run the display stp global command to check the VBST status. If VBST is
disabled, run the stp enable command in the system view to enable
VBST globally.
– Enable VBST in a VLAN.
By default, VBST is enabled in a VLAN.
Run the display stp vlan vlan-id command to check the VBST status. If
the message "The protocol is disabled" is displayed, VBST is disabled in
the VLAN. Run the stp vlan vlan-id enable command in the system view
to enable VBST in the VLAN.
– Enable VBST on ports.
By default, VBST is enabled on Layer 2 Ethernet ports.
Run the display stp interface interface-type interface-number command
to check the VBST status on an interface. If the message "The protocol is
disabled" is displayed, VBST is disabled on the interface. Run the stp
enable command in the interface view to enable VBST on the interface.
Step 3 Configure ports connected to terminals as edge ports to improve topology
convergence.
# Configure GE0/0/4 and GE0/0/5 on SwitchC connected to terminals as edge
ports. The edge port configuration on SwitchD is similar to that of SwitchC, and is
not mentioned here.
[SwitchC] interface gigabitethernet 0/0/4
[SwitchC-GigabitEthernet0/0/4] stp edged-port enable
[SwitchC-GigabitEthernet0/0/4] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 873

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

[SwitchC] interface gigabitethernet 0/0/5

[SwitchC-GigabitEthernet0/0/5] stp edged-port enable
[SwitchC-GigabitEthernet0/0/5] quit

Step 4 Verify the configuration.

After the configuration is complete and the network topology becomes stable,
perform the following operations to verify the configuration.
# Run the display stp bridge local command on SwitchA to view the STP working
mode.
[SwitchA] display stp bridge local
VLAN-ID Bridge ID Hello Max Forward Protocol
Time Age Delay
----- -------------------- ----- --- ------- ---------------------------
10 10.0200-0000-6703 2 20 15 VBST
20 20.0200-0000-6703 2 20 15 VBST
30 4126.0200-0000-6703 2 20 15 VBST

The preceding information shows that the VBST mode is used.

# Run the display stp brief command on SwitchA to view the port status.
[SwitchA] display stp brief
VLAN-ID Port Role STP State Protection
10 GigabitEthernet0/0/1 DESI FORWARDING NONE
10 GigabitEthernet0/0/3 DESI FORWARDING NONE
20 GigabitEthernet0/0/1 DESI FORWARDING NONE
20 GigabitEthernet0/0/2 DESI FORWARDING NONE
20 GigabitEthernet0/0/3 DESI FORWARDING NONE
30 GigabitEthernet0/0/1 ROOT FORWARDING NONE
30 GigabitEthernet0/0/2 DESI FORWARDING NONE

The preceding information shows that SwitchA participates in spanning tree

calculation in VLAN 10, VLAN 20, and VLAN 30. For example, SwitchA is the root
bridge in VLAN 10 and VLAN 20, so GE0/0/1 and GE0/0/3 in VLAN 10 are selected
as designated ports. GE0/0/1, GE0/0/2, and GE0/0/3 in VLAN 20 are selected as
designated ports. SwitchA is the secondary root bridge in VLAN 30, so GE0/0/1 is
selected as the root port and GE0/0/2 is selected as the designated port in VLAN
30.
# Run the display stp vlan 10 command on SwitchA to view detailed information
about VLAN 10.
[SwitchA] display stp vlan 10
-------[VLAN 10 Global Info]-------
Bridge ID :10 .0200-0000-6703
Bridge Diameter :7
Config Times :Hello 2s MaxAge 20s FwDly 15s
Active Times :Hello 2s MaxAge 20s FwDly 15s
Root ID / RPC :10 .0200-0000-6703 / 0 (This bridge is the root)
RootPortId :0.0
Root Type :Primary
BPDU-Protection :Disabled
STP Converge Mode :Normal
Time since last TC :0 days 0h:10m:46s
Number of TC :1
----[Port4093(GigabitEthernet0/0/1)][FORWARDING]----
Port Role :Designated Port
Port Priority :128
Port Cost(Dot1T) :Config=Auto / Active=20000
Desg. Bridge/Port :10 .0200-0000-6703 / 128.4093
Port Edged :Config=Default / Active=Disabled
Point-to-point :Config=Auto / Active=true
Port Revert Slow :Disabled
Port Agreement Legacy :Disabled

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 874

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Transit Limit :6 packets/hello

Protection Type :None
Port STP Mode :VBST
BPDU Encapsulation :Config=VBST / Active=VBST
----[Port4092(GigabitEthernet0/0/3)][FORWARDING]----
Port Role :Designated Port
Port Priority :128
Port Cost(Dot1T) :Config=Auto / Active=199999
Desg. Bridge/Port :10 .0200-0000-6703 / 128.4092
Port Edged :Config=Default / Active=Disabled
Point-to-point :Config=Auto / Active=true
Port Revert Slow :Disabled
Port Agreement Legacy :Disabled
Transit Limit :6 packets/hello
Protection Type :None
Port STP Mode :VBST
BPDU Encapsulation :Config=VBST / Active=VBST

The preceding information shows that SwitchA is selected as the root bridge in
VLAN 10 and GE0/0/1 and GE0/0/3 are selected as designated ports in Forwarding
state.
# Run the display stp brief command on SwitchB, SwitchC, and SwitchD to view
the port status.
[SwitchB] display stp brief
VLAN-ID Port Role STP State Protection
10 GigabitEthernet0/0/1 ROOT FORWARDING NONE
10 GigabitEthernet0/0/2 DESI FORWARDING NONE
20 GigabitEthernet0/0/1 ROOT FORWARDING NONE
20 GigabitEthernet0/0/2 DESI FORWARDING NONE
20 GigabitEthernet0/0/3 DESI FORWARDING NONE
30 GigabitEthernet0/0/1 DESI FORWARDING NONE
30 GigabitEthernet0/0/3 DESI FORWARDING NONE
[SwitchC] display stp brief
VLAN-ID Port Role STP State Protection
10 GigabitEthernet0/0/2 ALTE DISCARDING NONE
10 GigabitEthernet0/0/3 ROOT FORWARDING NONE
10 GigabitEthernet0/0/4 DESI FORWARDING NONE
20 GigabitEthernet0/0/2 ALTE DISCARDING NONE
20 GigabitEthernet0/0/3 ROOT FORWARDING NONE
20 GigabitEthernet0/0/5 DESI FORWARDING NONE
[SwitchD] display stp brief
VLAN-ID Port Role STP State Protection
20 GigabitEthernet0/0/2 ALTE DISCARDING NONE
20 GigabitEthernet0/0/3 ROOT FORWARDING NONE
20 GigabitEthernet0/0/4 DESI FORWARDING NONE
30 GigabitEthernet0/0/2 ALTE DISCARDING NONE
30 GigabitEthernet0/0/3 ROOT FORWARDING NONE
30 GigabitEthernet0/0/5 DESI FORWARDING NONE

The preceding information shows that SwitchB participates in spanning tree

calculation in VLAN 10, VLAN 20, and VLAN 30, SwitchC participates in spanning
tree calculation in VLAN 10 and VLAN 20, and SwitchD participates in spanning
tree calculation in VLAN 20 and VLAN 30. After the calculation is complete, ports
are selected as different roles to eliminate loops.
Different spanning trees are formed in VLAN 10, VLAN 20, and VLAN 30, and
traffic in VLAN 10, VLAN 20, and VLAN 30 is forwarded along different spanning
trees to implement load balancing.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 875

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 10 20 30
#
stp mode vbst
#
stp vlan 1 disable
stp vlan 30 root secondary
stp vlan 10 20 root primary
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20 30
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 30
#
interface GigabitEthernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20
#
return
● SwitchB configuration file
#
sysname SwitchB
#
vlan batch 10 20 30
#
stp mode vbst
#
stp vlan 1 disable
stp vlan 10 20 root secondary
stp vlan 30 root primary
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20 30
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 30
#
return
● SwitchC configuration file
#
sysname SwitchC
#
vlan batch 10 20
#
stp mode vbst
#
stp vlan 1 disable

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 876

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 16 VBST Configuration

#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20
stp vlan 10 20 cost 2000000
#
interface GigabitEthernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 10
stp edged-port enable
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 20
stp edged-port enable
#
return

● SwitchD configuration file

#
sysname SwitchD
#
vlan batch 20 30
#
stp mode vbst
#
stp vlan 1 disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 30
stp vlan 20 30 cost 2000000
#
interface GigabitEthernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 30
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 20
stp edged-port enable
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 30
stp edged-port enable
#
return

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 877

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

17 SEP Configuration

About This Chapter

This chapter describes how to configure the Smart Ethernet Protection (SEP). SEP
is a ring network protocol specially used for the Ethernet link layer. It blocks
redundant links to prevent logical loops on a ring network.

17.1 Overview of SEP

17.2 Understanding SEP
17.3 Application Scenarios for SEP
17.4 Summary of SEP Configuration Tasks
17.5 Licensing Requirements and Limitations for SEP
17.6 Configuring SEP
17.7 Specifying an Interface to Block
17.8 Configuring SEP Multi-Instance
17.9 Configuring the Topology Change Notification Function
17.10 Clearing SEP Statistics
17.11 Configuration Examples for SEP

17.1 Overview of SEP

Definition
The Smart Ethernet Protection (SEP) protocol is a ring network protocol specially
used for the Ethernet link layer. A SEP segment consists of interconnected Layer 2
switching devices configured with the same SEP segment ID and control VLAN ID.
A SEP segment is the basic unit of SEP.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 878

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Purpose
SEP blocks redundant links to prevent logical loops on a ring network. Redundant
links are used on an Ethernet switching network to provide link backup and
enhance network reliability. However, the use of redundant links may produce
loops, causing broadcast storms and rendering the MAC address table unstable. As
a result, communication quality deteriorates, and services may even be
interrupted. Huawei switches support the following ring network protocols:
● STP/RSTP/MSTP
STP, RSTP, and MSTP are standard protocols for breaking loops on Ethernet
networks. Networks running these protocols converge slowly, failing to meet
the transmission requirements of some real-time services. The convergence
time is affected by the network topology. Huawei devices running STP, RSTP,
or MSTP can communicate with non-Huawei devices.
● RRPP
RRPP is a fast convergence Huawei proprietary protocol. RRPP requires a
physical topology to be divided into logical topologies so that major rings and
sub-rings can be differentiated. Therefore, RRPP does not apply to complex
networks. A Huawei device running RRPP cannot communicate with any non-
Huawei device.

Huawei developed SEP to overcome the disadvantages of the preceding ring

network protocols. SEP has the following advantages:
● Works on diverse complex networks and supports all topologies and network
topology queries. A network running SEP can connect to a network running
STP, RSTP, MSTP, or RRPP.
Helps quickly locate blocked interfaces through network topology display.
When a fault occurs, SEP can quickly locate the fault, improving network
maintainability.
● Implements traffic load balancing by selectively blocking interfaces.
● Improves network stability by preventing traffic from switching back after link
recovery.

17.2 Understanding SEP

17.2.1 SEP Implementation

SEP is a ring network protocol dedicated to the Ethernet link layer. Only two
interfaces on a switching device can be added to the same SEP segment (a basic
unit for SEP).

To prevent loops in a SEP segment, a ring protection mechanism selectively blocks

interfaces to eliminate redundant Ethernet links. When a link on a ring network
fails, the device running SEP immediately unblocks the interface and performs link
switching to restore communication between nodes.

Figure 17-1 shows a typical SEP application. CE1 is connected to Network Provider
Edges (NPEs) through a semi-ring formed by switches. A Virtual Router
Redundancy Protocol (VRRP) group is deployed on the NPEs. NPE1 initially serves

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 879

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

as the master and NPE2 as the backup. When the link between NPE1 and LSW5 or
a node on the link becomes faulty, NPE1 becomes the backup. NPE2 then
becomes the master. The following situations occur depending on whether SEP is
deployed. The following assumes that the link between LSW1 and LSW5 becomes
faulty.
● If SEP is not deployed on the semi-ring, CE1 traffic is still transmitted along
the original path, but NPE1 does not forward traffic, causing traffic
interruption.
● If SEP is deployed on the semi-ring, the blocked interface on LSW5 becomes
unblocked, enters the Forwarding state, and sends link state advertisements
(LSAs) to instruct other nodes on the SEP segment to update their LSA
databases. CE1 traffic is transmitted along backup link LSW5 -> LSW2 ->
LSW4 -> NPE2, ensuring uninterrupted traffic transmission.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 880

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Figure 17-1 SEP network

Access Aggregation Core

LSW1 LSW3 Master Backup

NPE1
VRRP+peer BFD IP/MPLS
NPE2 Core
CE1
LSW5

LSW2 LSW4 Backup Master

a,SEP is not deployed on the semi-ring

Access Aggregation Core

LSW1 LSW3 Master Backup

SEP NPE1 IP/MPLS

Segment VRRP+peer BFD Core
NPE2
CE1
LSW5

LSW2 LSW4 Backup Master

Access Aggregation Core

LSW1 LSW3 Master Backup

SEP NPE1 IP/MPLS

Segment VRRP+peer BFD Core
NPE2
CE1
LSW5

LSW2 LSW4 Backup Master

b,SEP is deployed on the semi-ring

Primary Edge Port
Secondary Edge Port
Block Port

In typical SEP networking, a physical ring can be configured with only one SEP
segment in which only one interface can be blocked. If an interface in a complete
SEP segment is blocked, all service data is transmitted only along the path where
the primary edge interface is located. The path where the secondary edge
interface is located remains idle, wasting bandwidth.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 881

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

SEP multi-instance is used to improve bandwidth efficiency and implement traffic

load balancing. SEP multi-instance allows two SEP segments to be configured on a
physical ring. Each SEP segment independently detects the completeness of a
physical ring and blocks or unblocks interfaces without affecting the other.
For details about SEP multi-instance, see 17.2.3 SEP Implementation
Mechanisms.

17.2.2 Basic Concepts of SEP

SEP Network
In Figure 17-2, LSW1 through LSW5 constitute a ring and are dual-homed to an
upper-layer or a Layer 2 network. Two edge devices (LSW1 and LSW5) are
indirectly connected. This networking is called open ring networking. This mode
will cause a loop on the entire network. To eliminate redundant links and ensure
link connectivity, a mechanism used to prevent loops is required.
Figure 17-2 shows the typical networking of an open ring running SEP. The
following describes the basic concepts of SEP.

Figure 17-2 Open ring running SEP

Network Network
LSW5

LSW1 LSW1 LSW5

SEP SEP
Segment Segment

LSW2 LSW4 LSW2 LSW4

LSW3
LSW3

CE
CE
No-Neighbor Primary Edge Port
No-Neighbor Secondary Edge Port
Primary Edge Port
Secondary Edge Port
Block Port

The following includes basic SEP concepts:

● SEP segment

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 882

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

A SEP segment is the basic unit of SEP. A SEP segment consists of

interconnected Layer 2 switching devices configured with the same SEP
segment ID and control VLAN ID.
A SEP segment is a ring or linear Ethernet topology. Each SEP segment has a
control VLAN, edge interfaces, and common interfaces.
● Control VLAN
In a SEP segment, the control VLAN is used to transmit only SEP packets.
Each SEP segment must have a control VLAN. After an interface is added to a
SEP segment that has a control VLAN, the interface is automatically added to
the control VLAN.
Different SEP segments can use the same control VLAN.
Different from a control VLAN, a data VLAN is used to transmit data packets.
● Node
Each Layer 2 switching device in a SEP segment is a node. Each node can
have a maximum of two interfaces added to the same SEP segment.
● Interface role
As defined by SEP, there are two interface roles: common and edge interfaces.
In Table 17-1, edge interfaces are further classified into primary edge
interfaces, secondary edge interfaces, no-neighbor primary edge interfaces,
and no-neighbor secondary edge interfaces.
NOTE

It is not recommended to configure primary edge interfaces and no-neighbor edge

interfaces in the same SEP segment.
It is not recommended to configure secondary edge interfaces and no-neighbor edge
interfaces in the same SEP segment.

Table 17-1 Interface roles

Interface Role Sub-role Description

Edge interface Primary edge A SEP segment has only one primary
interface edge interface, which is determined
by the configuration and election.
The primary edge interface initiates
blocked interface preemption,
terminates packets, and sends
topology change notification
messages to other networks.

Secondary edge A SEP segment has only one

interface secondary edge interface, which is
determined by the configuration and
election.
The secondary edge interface
terminates packets and sends
topology change notification
messages to other networks.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 883

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Interface Role Sub-role Description

No-neighbor An interface at the edge of a SEP

primary edge segment is a no-neighbor edge
interface interface, which is determined by the
configuration and election.
The no-neighbor primary edge
interface terminates packets and
sends topology change notification
messages to other networks.
No-neighbor primary edge interfaces
are used to interconnect Huawei
devices and non-Huawei devices or
interconnect Huawei devices and
devices that do not support SEP.

No-neighbor A SEP segment has only one no-

secondary edge neighbor secondary edge interface,
interface which is determined by the
configuration and election.
The no-neighbor secondary edge
interface terminates packets and
sends topology change notification
messages to other networks.
No-neighbor secondary edge
interfaces are used to interconnect
Huawei devices and non-Huawei
devices or interconnect Huawei
devices and devices that do not
support SEP.

Common - In a SEP segment, all interfaces

interface except edge interfaces are common
interfaces.
A common interface monitors the
status of a directly-connected SEP
link. When the status of a link
changes, the interface sends a
topology change notification
message to notify its neighbors.
Then the topology change
notification message is flooded on
the link until it finally reaches the
primary edge interface. The primary
edge interface determines how to
process the link change.

● Blocked interface
In a SEP segment, some interfaces are blocked to prevent loops.
Any interface in a SEP segment may be blocked if no interface is specified for
blocking. A complete SEP segment has only one blocked interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 884

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

● SEP interface status

In a SEP segment, a SEP interface has two working states:
– Forwarding: The interface can forward user traffic, receive and send SEP
packets.
– Discarding: The interface can receive and send SEP packets but cannot
forward user traffic.
An interface may be in Forwarding or Discarding state regardless of its role.

SEP Packet
Table 17-2 shows the types of SEP packets.

Table 17-2 Types of SEP packets

Packet Type Packet Description
Subtype

Hello packet - After an interface is added to a SEP segment,

neighbor negotiations start. The interface and
its neighbor exchange Hello packets to
establish a neighbor relationship. After
neighbor negotiations succeed, the two
interfaces continue to exchange Hello packets
to detect their neighbor status.

LSA LSA request After an interface has SEP enabled, the

packet interface periodically sends LSAs to its
neighbor. After the state machine of the
LSA ACK neighbor goes Up, the two interfaces update
packet their LSA databases with all topology
information.

TC packet - When the topology of a SEP segment changes,

the device where the SEP segment and the
upper-layer network intersect sends a
Topology Change (TC) packet to notify the
upper-layer network. All nodes on the upper-
layer network need to update their MAC
address tables and ARP tables.

GR packet - When a device performs an active/standby

switchover, it sends a SEP Graceful Restart
packet to instruct other nodes to prolong the
aging time of LSAs received from the device.
After completing an active/standby switchover,
the device must send another Grateful Restart
(GR) packet to instruct other nodes to restore
the aging time to the previous value.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 885

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Packet Type Packet Description

Subtype

Primary - After an interface has SEP enabled, it considers

edge itself the primary edge interface if it is
interface qualified for primary edge interface selection.
election The interface then periodically sends primary
packet edge interface election packets without
waiting for successful neighbor negotiations. A
primary edge interface election packet
contains the interface role (primary edge
interface, secondary edge interface, or
common interface), bridge MAC address of the
interface, interface ID, and integrity of the
topology database.

Preemption Preemption A preemption packet is used to block a

packet request packet specified interface.

Preemption Preemption packets are sent by the elected

ACK packet primary edge interface or brother interface of
a no-neighbor primary edge interface.

17.2.3 SEP Implementation Mechanisms

Neighbor Negotiation Mechanism
After an interface is added to a SEP segment, the interface and its neighbor
exchange Hello packets to initiate a neighbor relationship. After neighbor
negotiations succeed, the two interfaces continue to exchange Hello packets to
detect their neighbor status.
Neighbor negotiations are bidirectional and therefore prevent unidirectional links.
Interfaces at both ends of a link must send Hello packets to each other for status
confirmation. If an interface does not receive a Hello packet from an interface
within a specified interval, the interface considers the other to be Down.
Neighbor negotiations provide information required to obtain the SEP segment
topology. Interfaces form a complete SEP segment by establishing neighbor
relationships through neighbor negotiations.

Synchronization of SEP LSA Databases and Topology Display

● Synchronization of SEP link state advertisement (LSA) databases
After neighbor negotiations are complete, devices in a SEP segment enter the
LSA database synchronization phase and periodically send LSAs. After a device
receives LSAs from other devices, the device updates its LSA database. This
ensures consistency in the LSA databases of all devices in the SEP segment.
If a device does not receive LSAs within three LSA transmission intervals, the
device will age the database that saves the LSAs of the other devices in the
SEP segment.
When a faulty device in a SEP segment recovers, the device must obtain
topology information from other devices (peer and other devices) in the SEP

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 886

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

segment and send LSA request packets to the devices. After receiving LSA
request packets from the device, neighboring interfaces reply with LSA ACK
packets that contain the latest link state information.
● SEP segment topology display
The topology display function allows you to view the topology that has the
highest network connectivity of any device in a SEP segment. Link state
synchronization ensures that all devices in a SEP segment display the same
topology.
Table 17-3 describes different types of SEP segment topologies.

Table 17-3 Types of SEP segment topologies

Topology Type Description Constraint

Ring topology Each interface in a SEP ● If the primary edge

segment has a interface is elected
neighboring interface on a ring, the
in Up state and a primary edge
brother interface. Each interface is listed
node has two first in the topology
interfaces in the SEP information
segment. displayed on each
interface.
● If the secondary
edge interface is
elected, it is listed
first in the topology
information
displayed on each
interface

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 887

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Topology Type Description Constraint

Linear topology All topologies except For interfaces at both

ring topologies are ends of a link:
linear topologies. ● If one interface
functions as the
primary edge
interface, the
primary edge
interface is listed
first in the topology
information
displayed on each
interface.
● If the secondary
edge interface is
elected, the
secondary edge
interface is listed
first in the topology
information
displayed on each
interface.

NOTE

The constraints listed in Table 17-3 ensure that each node in a ring or linear topology
displays the same topology information.

Primary Edge Interface Election

Only no-neighbor, primary, and secondary edge interfaces can participate in
primary edge interface election.

NOTE

If only one interface on a node has SEP enabled, you must set the role of the interface to
edge so that the interface can function as an edge interface.

In Figure 17-3, if there is no faulty link on the network and SEP is enabled on the
interfaces, the following situations occur:
● Common interfaces do not participate in primary edge interface election. Only
P1 on LSW1 and P1 on LSW5 participate in primary edge interface election.
● If P1 on LSW1 and P1 on LSW5 have the same role, P1 with a larger MAC
address is elected as the primary edge interface.

After the primary edge interface is selected, it periodically sends primary edge
interface election packets without waiting for successful neighbor negotiations. A
primary edge interface election packet contains the interface role (primary edge
interface, secondary edge interface, or common interface), bridge MAC address of
the interface, interface ID, and integrity of the topology database.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 888

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Figure 17-3 Networking diagram of electing the primary edge interface

LSW1 LSW5 LSW1 LSW5

Network Network

P1 P1 P1 P1

SEP SEP
Segment Segment

LSW2 LSW4 LSW2 LSW4

Failed
Failed
LSW3 LSW3

Primary Edge Port

Secondary Edge Port
Election packet of
Primary Edge Port

If a link fault occurs in the SEP segment of Figure 17-3:

● P1 on LSW1 and P1 on LSW5 receive fault notification packets, and P1 on
LSW1 becomes the secondary edge interface.
● P1 on LSW5 does not receive primary edge interface election packets within a
specified period, and P1 on LSW1 becomes the secondary edge interface.

Two secondary edge interfaces exist in the SEP segment and periodically send
primary edge interface election packets.

When all link faults in the SEP segment are rectified, the two secondary edge
interfaces can receive primary edge interface election packets and elect a new
primary edge interface within a configured interval (1s by default).

Specifying an Interface to Block

A blocked interface is typically one of the two interfaces that complete neighbor
negotiations last. You can specify an interface to block according to network
requirements. The preemption mechanism must take effect before a specified
interface preempts to be the blocked interface.

The following describes the interface blocking mode and preemption mechanism.

● Interface blocking mode

You can configure the interface blocking mode to specify a blocked interface.
Table 17-4 describes interface blocking modes.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 889

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Table 17-4 Interface blocking mode

Interface Blocking Description
Mode

Specify the interface with SEP compares interface priorities by:

the highest priority as 1. Comparing configured interface priority
the blocked interface. values. A larger value indicates a higher
priority.
2. Comparing bridge MAC addresses of
interfaces with same priority values. A
smaller bridge MAC address indicates a
higher priority.
3. Comparing interface numbers of interfaces
with identical bridge MAC addresses. A
smaller interface number indicates a higher
priority.

Specify the interface in -

the middle of a SEP
segment as the blocked
interface.

Specify a blocked SEP sets the hop count of the primary edge
interface based on the interface to 1 and the hop count of the
configured hop count. neighboring interface of the primary interface
to 2. Hop counts of other interfaces increase by
steps of 1 in the downstream direction of the
primary edge interface.

Specify a blocked After SEP is configured, the names of the device

interface based on the and interface determine the interface to be
device and interface blocked. Before specifying an interface to be
names. blocked, run the display command to view the
current ring topology and all interfaces and
then specify the device and interface names.
If multiple interfaces on the ring have the same
device and interface names, SEP blocks the
interface nearest to the primary edge interface
in the topology.
NOTE
If you change the device name or interface name
after specifying the interface to block, the interface
cannot preempt to be the blocked interface.

● Preemption
After the interface blocking mode is specified, you can configure the
preemption mode to determine whether an interface will be blocked. Table
17-5 describes the preemption modes.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 890

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Table 17-5 Preemption mode

Preemption Mode Description

Non-preemption When all link faults are rectified or the last two
interfaces enabled with SEP complete neighbor
negotiations, interfaces send blocking status
packets to each other. The interface with the
highest priority is then blocked and the other
interfaces enter the Forwarding state.

Preemption Preemption is classified into delayed

NOTE preemption and manual preemption.
Preemption can only be ● Delayed preemption
implemented on the device
where the primary edge After all the faulty interfaces recover, the
interface or no-neighbor edge interfaces no longer receive fault
primary edge interface notification packets. If the primary edge
resides. interface does not receive fault
advertisement packets within 3 seconds, it
starts the delay timer. After the delay timer
expires, nodes in the SEP segment start
blocked interface preemption.
● Manual preemption
When the link status databases of the
primary and secondary edge interfaces are
complete, the primary edge interface or
brother interface of the no-neighbor primary
edge interface sends preemption packets to
block a specified interface. The specified
interface then sends blocking status packets
to request the previously blocked interface to
transition to the Forwarding state.
NOTE
Preemption can only be implemented on the
device where the primary edge interface or no-
neighbor primary edge interface resides.
Only two interfaces on a device can be added to
the same SEP segment. If one interface is the no-
neighbor primary edge interface, the other
interface is the brother interface of the no-
neighbor primary edge interface.
If the brother interface is blocked, it does not need
to send preemption packets.
If the brother interface is unblocked, it must send
preemption packets.

SEP Topology Change Notification

SEP considers that the topology of a SEP-enabled network change depending on
certain situations. Table 17-6 describes situations of SEP topology change
notification.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 891

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Table 17-6 SEP topology change notification

Situation of SEP Topology Description
Change Notification

An interface fault occurs. An interface fault can be a link fault or

neighboring interface fault.
If an interface (in the SEP segment) is in
Forwarding state and receives a fault
advertisement packet, the device must send a
Flush-Forwarding Database (Flush-FDB) packet
through the interface to notify other nodes that
there is a change in topology

The fault is rectified and After faults occur in the SEP segment and the last
the preemption function faulty interface recovers, the blocked interface is
takes effect. preempted and the topology is considered
changed.
Preemption is triggered by the primary edge
interface. When an interface in a SEP segment
receives a preemption packet from the primary
edge interface, the interface must send Flush-FDB
packets to notify other nodes in the SEP segment
that there is a change in topology.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 892

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Figure 17-4 Network of SEP topology change notification

Network

LSW8
SEP SEP
LSW1 Segment1 Segment3 LSW13
LSW9 LSW10

LSW2 SEP LSW11 LSW12

SEP
Segment2 Segment4

Failed
LSW3 LSW4 LSW5 LSW6 LSW7

Primary Edge Port

Block Port
Forwarding Database
Topology Change

NOTE

The topology change notification function is configured on devices that connect an upper-
layer network and a lower-layer network. If the topology of one network changes, devices
affected inform the other network of the change.

Table 17-7 lists the scenarios in which topology changes are reported.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 893

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Table 17-7 SEP topology change notification

SEP Scenario Description Solution
Topology
Change
Notification

Topology A SEP network is ● If the blocked Configure the

change connected to an interface on a lower- SEP topology
notification upper-layer layer SEP network is change
from a network that runs manually changed, notification
lower-layer other features the topology of the function.
network to such as SEP, STP, SEP segment also
an upper- Smart Link and changes. Because the
layer RRPP. upper-layer network
network is unable to detect
the change in
topology, traffic is
interrupted.
● If an interface on a
lower-layer SEP
network becomes
faulty, the topology
of the SEP segment
changes but the
upper-layer network
is unable to detect
the change. As a
result, traffic is
interrupted.

A host is During an active/standby Enable the edge

connected to a switchover of member devices in the
SEP network interfaces in the Smart SEP segment to
using a Smart Link group, the host process Smart
Link group. sends a Smart Link Flush Link Flush
packet to notify packets.
connected devices in the
SEP segment of the
switchover.
If connected devices in
the SEP segment cannot
identify the Smart Link
Flush packet, traffic is
interrupted.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 894

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

SEP Scenario Description Solution

Topology
Change
Notification

Topology A SEP network is If a fault occurs on the Configure

change connected to an upper-layer network, the association
notification upper-layer topology of that between SEP
from an network where network changes but the and CFM.
upper-layer CFM is deployed. lower-layer network is In Figure 17-5,
network to a unable to detect the association
lower-layer change. As a result, between SEP
network traffic is interrupted. and CFM is
configured on
LSW1.

Figure 17-5 Association between SEP and CFM

IP/MPLS Core
CFM

PE-AGG1 PE-AGG2

LSW1 LSW5

SEP
Segment
LSW2 LSW4

LSW3

CE
No-neighbor Primary Edge Port
No-neighbor Secondary Edge Port
Block Port
SEP associated with Ethernet CFM

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 895

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

In Figure 17-5, association between SEP and CFM is configured on LSW1 in the
SEP segment. When CFM detects a fault on the network at the aggregation layer,
LSW1 sends a CCM to notify the Operation, Administration, and Maintenance
(OAM) module of the fault. The SEP status of the interface associated with CFM
then changes to Down.
The interface associated with CFM is in the SEP segment. If this interface goes
Down, LSW2 must send a Flush-FDB packet to notify other nodes of the change in
topology. After LSW3 receives the Flush-FDB packet, the blocked interface on
LSW3 is unblocked and enters the Forwarding state. This interface sends a Flush-
FDB packet to instruct other nodes in the SEP segment to update their MAC
address tables and ARP tables. The lower-layer network can then detect the faults
on the upper-layer network, ensuring reliable service transmission.

Suppression of SEP TC Notification Packets

Topology changes on a SEP segment are advertised to other SEP segments or
upper-layer networks. A significant number of Topology Change (TC) notification
packets are generated in the following cases:
● A link becomes disconnected transiently.
● A SEP segment is attacked by invalid TC notification packets.
● There are multiple SEP rings.
Figure 17-6 shows a networking scenario with three SEP rings. If the topology
of SEP segment 3 changes, the number of TC notification packets doubles and
SEP segment 2 is flooded with these packets. Each time TC notification
packets pass through a SEP segment, its number doubles.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 896

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Figure 17-6 Network with multiple SEP rings

LSW9 LSW10

SEP
Segment 1
LSW7 LSW8

SEP
Segment2
LSW4 LSW6

LSW5

SEP
Segment3
LSW1 LSW3

LSW2

Primary Edge Port

Secondary Edge Port
Block Port

Sending many TC notification packets reduces the capability of a CPU to quickly

process other packet types. In addition, devices in SEP segments frequently update
MAC address entries, consuming bandwidth resources. The following measures can
be taken to suppress TC notification packets:
● Configure a device to only process one of the TC notification packets that
carry the same source address.
● Configure a device to process a specified number of TC notification packets
within a specified period. By default, three TC notification packets with
different source addresses are processed in 2s.
● Avoid having more than three SEP rings.

SEP Multi-Instance
In common SEP networking shown in Figure 17-7, a physical ring network can be
configured with only one SEP segment in which only one interface can be blocked.
If an interface in a complete SEP segment is blocked, all service data is
transmitted only along the path where the primary edge interface is located. The
path where the secondary edge interface is located remains idle, wasting
bandwidth.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 897

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Figure 17-7 Networking diagram for SEP

LSW2 LSW4
SEP
Segment1

LSW1 LSW3
VLAN 100~200 VLAN 201~400

CE1 CE2
Primary Edge Port
Secondary Edge Port
Block Port

SEP multi-instance allows two SEP segments to be configured on a physical ring.

Each SEP segment independently detects the completeness of a physical ring and
blocks or unblocks interfaces without affecting the other.
A physical ring may contain one or two SEP segments. Each SEP segment needs to
be configured with a protected instance, each protected instance indicating a
VLAN range. The topology calculated by a SEP segment is only valid for that SEP
segment.
After different protected instances are configured for SEP segments and the
mapping between protected instances and VLANs is set, a blocked interface is only
valid for the VLANs protected by the SEP segment where the blocked interface
resides. Data traffic for different VLANs can be transmitted along different paths.
This implements traffic load balancing and link backup.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 898

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Figure 17-8 Networking diagram for SEP multi-instance

LSW2 LSW4
SEP
Segment2
P2 SEP Segment1 P1

LSW1 LSW3
Instance1: Instance2:
VLAN 100~200 VLAN 201~400

CE1 CE2
Primary Edge Port
Secondary Edge Port
Block Port

In Figure 17-8, the SEP multi-instance ring network that consists of LSW1 to
LSW4 has two SEP segments. P1 is the blocked interface in SEP segment 1, and P2
is the blocked interface in SEP segment 2.
● Protected instance 1 is configured in SEP segment 1 to protect the data from
VLAN 100 to VLAN 200. The data is transmitted along path LSW1 -> LSW2. As
the blocked interface in SEP segment 2, P2 blocks only the data from VLAN
201 to VLAN 400.
● Protected instance 2 is configured in SEP segment 2 to protect the data from
VLAN 201 to VLAN 400. The data is transmitted along path LSW3 -> LSW4. As
the blocked interface in SEP segment 1, P1 blocks only the data from VLAN
100 to VLAN 200.
When a node or link fault occurs, each SEP segment calculates its own topology
independently, and the nodes in each SEP segment update their own LSA
databases.
In Figure 17-9, a fault occurs on the link between LSW3 and LSW4. The link fault
does not affect the transmission path for the data from VLAN 100 to VLAN 200 in
SEP segment 1, but blocks the transmission path for the data from VLAN 201 to
VLAN 400 in SEP segment 2.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 899

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Figure 17-9 Networking diagram for a link fault on a SEP multi-instance network

LSW2 LSW4
SEP
Segment2
P2 SEP Segment1 P1

LSW1 LSW3
Instance1: Instance2:
VLAN 100~200 VLAN 201~400

CE1 CE2

Primary Edge Port

Secondary Edge Port
Block Port

After the link between LSW3 and LSW4 becomes faulty, LSW3 starts to send LSAs
to instruct the other devices in SEP segment 2 to update their LSA databases, and
the blocked interface enters the Forwarding state. After the topology of SEP
segment 2 is recalculated, the data from VLAN 201 to VLAN 400 is transmitted
along path LSW3 -> LSW1 -> LSW2.
After the link between LSW3 and LSW4 recovers, the devices in SEP segment 2
perform delayed preemption. After the preemption delay expires, P1 becomes the
blocked interface again, and sends LSAs to instruct the other devices in SEP
segment 2 to update their LSA databases. After the topology of SEP segment 2 is
recalculated, the data from VLAN 201 to VLAN 400 is transmitted along path
LSW3 -> LSW4.

17.3 Application Scenarios for SEP

17.3.1 Open Ring Networking

Open ring networking occurs at the access layer and is used to transparently
transmit Layer 2 unicast and multicast services. When SEP runs at the access layer,
redundancy protection switching can be implemented at the access layer and
topology of the SEP segment can be displayed. On an open ring network, edge
interfaces are located on two edge devices in the SEP segment.
Figure 17-10 shows a networking diagram of an open ring running SEP.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 900

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Figure 17-10 Open ring running SEP

Network

LSW1 LSW5

SEP
Segment

LSW2 LSW4

LSW3

CE

Primary Edge Port

Secondary Edge Port
Block Port

In Figure 17-10, LSW1 to LSW5 are not directly connected and form an open ring
to connect to a Layer 2 network.

17.3.2 Closed Ring Networking

Closed ring-networking is at the aggregation layer and is used to aggregate Layer
2 unicast and multicast services. When SEP runs at the aggregation layer,
redundancy protection switching can be implemented at the aggregation layer
and the topology of the SEP segment can be displayed. On a closed ring network,
two edge interfaces are located on the same edge device.
Figure 17-11 shows a networking diagram of a closed ring running SEP.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 901

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Figure 17-11 Closed ring running SEP

LSW1 LSW5
SEP
Segment

LSW2 LSW4

LSW3

CE1 CE2 CE3

Primary Edge Port

Secondary Edge Port
Block Port

In Figure 17-11, LSW1 to LSW5 form a dual-homed link to access a Layer 2

network. LSW1 and LSW5 at the edge of the Layer 2 network are directly
connected.

17.3.3 Multi-Ring Networking

When SEP runs at the access layer and the aggregation layer, redundancy
protection switching can be implemented at the access layer and the aggregation
layer and the topology of the SEP segment can be displayed.
In multi-ring networking, the topology change notification function must be
configured among ring networks.
Figure 17-12 shows a networking diagram of multiple rings running SEP.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 902

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Figure 17-12 Multiple rings running SEP

LSW1 SEP LSW5

Segment 1

LSW2 LSW4
LSW3

Se
SE ent
gm
P 3
t2
gm SEP

SEP
en

LSW9
LSW6 Segment 4
Se

LSW12
SEP
LSW8 Segment 5
LSW14

LSW7 LSW13
LSW10 LSW11

Block Port

In Figure 17-12, LSW1 to LSW5 are at the aggregation layer, and LSW6 to LSW14
are at the access layer. Layer 2 services are transparently transmitted at the access
layer and the aggregation layer.
If the topology of the access layer changes, a node in the SEP segment sends a
Flush-FDB packet to instruct other nodes in the SEP segment to update their MAC
address tables and ARP tables. Edge devices in the SEP segment send TC packets
to notify the upper-layer network that the topology of the SEP segment changes.

17.3.4 Hybrid SEP+MSTP Ring Networking

In hybrid-ring networking, no-neighbor edge interfaces need to be deployed on
the edge devices of SEP networks, and the SEP networks need to report topology
changes to MSTP networks. When SEP runs at the access layer, redundancy
protection switching can be implemented at the access layer.
Figure 17-13 shows a networking diagram of hybrid rings running SEP+MSTP.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 903

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Figure 17-13 Hybrid rings running SEP+MSTP

PE3 PE4
MSTP

PE1 PE2

Do not Support SEP

SEP
Segment

LSW1 LSW2

LSW3
No-neighbor Primary Edge Port
No-neighbor Secondary Edge Port
Block Port

In Figure 17-13, LSW1 to LSW3 form a SEP segment to access the MSTP ring.
LSW1 to LSW3 are at the access layer and transparently transmit Layer 2 unicast
and multicast services.
If the topology of the access layer changes, a node in the SEP segment sends a
Flush-FDB packet to instruct other nodes in the SEP segment to update their MAC
address tables and ARP tables. LSW1 and LSW2 at the edge of the SEP segment
send a TC packet to notify the aggregation layer of the topology change in the
SEP segment.

17.3.5 Hybrid SEP+RRPP Ring Networking

In hybrid SEP+RRPP ring networking, SEP networks need to report topology
changes to RRPP networks on the edge devices of SEP networks.
Figure 17-14 shows a networking diagram of hybrid rings running SEP+RRPP.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 904

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Figure 17-14 Hybrid rings running SEP and RRPP

PE3 PE4
RRPP

PE1 PE2

SEP
Segment

LSW1 LSW2

LSW3
Primary Edge Port
Secondary Edge Port
Block Port

In Figure 17-14, PE1, PE2 and LSW1 to LSW3 form a SEP segment to access the
RRPP ring. PE1, PE2 and LSW1 to LSW3 are at the access layer and transparently
transmit Layer 2 unicast and multicast services. When SEP runs at the access layer,
redundancy protection switching can be implemented at the access layer.

If the topology of the access layer changes, a node in the SEP segment sends a
Flush-FDB packet to instruct other nodes to update their MAC address tables and
ARP tables. PE1 and PE2 at the edge of the SEP segment send a TC packet to
notify the aggregation layer of the topology change in the SEP segment.

17.3.6 SEP Multi-Instance

In Figure 17-15, SEP multi-instance allows two SEP segments to be configured on
a physical ring. Each SEP segment independently detects the completeness of a
physical ring and blocks or unblocks interfaces without affecting the other.

A physical ring may contain one or two SEP segments. Each SEP segment needs to
be configured with a protected instance, each protected instance indicating a
VLAN range. The topology calculated by a SEP segment is only valid for that SEP
segment.

After different protected instances are configured for SEP segments and the
mapping between protected instances and VLANs is set, a blocked interface is only
valid for the VLANs protected by the SEP segment where the blocked interface
resides. Data traffic for different VLANs can be transmitted along different paths.
This implements traffic load balancing and link backup.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 905

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Figure 17-15 Networking diagram for SEP multi-instance

LSW2 LSW4
SEP
Segment2
P2 SEP Segment1 P1

LSW1 LSW3
Instance1: Instance2:
VLAN 100~200 VLAN 201~400

CE1 CE2
Primary Edge Port
Secondary Edge Port
Block Port

17.3.7 Association Between SEP and CFM

Association between SEP and CFM can be configured on the edge devices on a
SEP segment. When CFM detects a fault on the network at the aggregation layer,
edge devices send CCMs to notify the fault to the Operation, Administration, and
Maintenance (OAM) module. The SEP status of the interface associated with CFM
then changes to Down.
Figure 17-16 shows a networking diagram of association between SEP and CFM.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 906

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Figure 17-16 Association between SEP and CFM

IP/MPLS Core
CFM

PE-AGG1 PE-AGG2

LSW1 LSW5

SEP
Segment
LSW2 LSW4

LSW3

CE
No-neighbor Primary Edge Port
No-neighbor Secondary Edge Port
Block Port
SEP associated with Ethernet CFM

In Figure 17-16, LSW1 to LSW5 run SEP to implement redundancy protection

switching at the access layer and display the topology. The interface associated
with CFM is in the SEP segment.

When the SEP status of the interface associated with CFM goes Down, LSW2 must
send a Flush-FDB packet to notify other nodes of the topology changes. After
LSW3 receives the Flush-FDB packet, the blocked interface on LSW3 is unblocked
and enters the Forwarding state. The interface sends a Flush-FDB packet to
instruct the other nodes to update their MAC address and ARP tables. Therefore,
the lower-layer network can then detect the faults on the upper-layer network,
ensuring reliable service transmission.

17.4 Summary of SEP Configuration Tasks

Table 17-8 lists the SEP configuration tasks.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 907

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Table 17-8 SEP configuration tasks

Item Description Task

Configure basic SEP After basic SEP functions 17.6 Configuring SEP
functions. are configured on
devices, the devices start
SEP negotiation.
Interfaces that complete
neighbor negotiations
last are blocked to
eliminate redundant
links.
NOTE
When logging in to nodes
on a SEP semi-ring
through Telnet to
configure the nodes, note
the following points:
● VLANIF interfaces and
their IP addresses need
to be configured,
because these nodes
are Layer 2 devices.
The VLANs to which
these VLANIF
interfaces correspond
must be mapped to
SEP protected
instances.
● Basic SEP functions
need to be configured
from the node at one
end of the semi-ring to
the node at the other
end of the semi-ring.

Specify an interface to In some cases, however, 17.7 Specifying an

block. the negotiated blocked Interface to Block
interface may not be the
required one. You can
specify an interface to
block according to
network requirements.

Configure SEP multi- To implement load 17.8 Configuring SEP

instance. balancing and to use of Multi-Instance
bandwidth efficiently,
protected instances need
to be deployed on a SEP
network and mapped to
VLANs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 908

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Item Description Task

Configure the topology A SEP network must 17.9 Configuring the

change notification work together with Topology Change
function. another network that Notification Function
runs other features. If
the topology of one
network changes, the
other network must be
able to detect the
topology change and
take measures to ensure
reliable data
transmission. Therefore,
the topology change
notification function
must be enabled on the
SEP network to ensure
network reliability.

17.5 Licensing Requirements and Limitations for SEP

Involved Network Elements

Other network elements also need to support SEP.

Licensing Requirements
SEP configuration commands are available only after the S1720GW, S1720GWR,
and S1720X have the license (WEB management to full management Electronic
RTU License) loaded and activated and the switches are restarted. SEP
configuration commands on other models are not under license control.

For details about how to apply for a license, see S Series Switch License Use
Guide.

Version Requirements

Table 17-9 Products and versions supporting SEP

Product Product Software Version

Model

S1700 S1720GFR Not supported

S1720GW, V200R010C00, V200R011C00, V200R011C10

S1720GWR

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 909

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Product Product Software Version

Model

S1720GW- V200R010C00, V200R011C00, V200R011C10

E,
S1720GWR
-E

S1720X, V200R011C00, V200R011C10

S1720X-E

Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.

S2700 S2700SI Not supported

S2700EI Not supported

S2710SI Not supported

S2720EI V200R006C10, V200R009C00, V200R010C00,

V200R011C10

S2750EI V200R003C00, V200R005C00SPC300, V200R006C00,

V200R007C00, V200R008C00, V200R009C00,
V200R010C00, V200R011C00, V200R011C10

S3700 S3700SI V100R005C01, V100R006(C00&C01&C03&C05)

S3700EI V100R005C01, V100R006(C00&C01&C03&C05)

S3700HI V100R006C01, V200R001C00

S5700 S5700LI V200R001C00, V200R002C00,

V200R003(C00&C02&C10), V200R005C00SPC300,
V200R006C00, V200R007C00, V200R008C00,
V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5700S-LI V200R001C00, V200R002C00, V200R003C00,

V200R005C00SPC300, V200R006C00, V200R007C00,
V200R008C00, V200R009C00, V200R010C00,
V200R011C00, V200R011C10

S5710-C-LI V200R001C00

S5710-X-LI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S5700EI V100R005C01, V100R006(C00&C01),

V200R001(C00&C01), V200R002C00, V200R003C00,
V200R005(C00&C01&C02&C03)

S5700SI V100R005C01, V100R006C00, V200R001C00,

V200R002C00, V200R003C00, V200R005C00

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 910

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Product Product Software Version

Model

S5710EI V200R001C00, V200R002C00, V200R003C00,

V200R005(C00&C02)

S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10

S5720LI, V200R010C00, V200R011C00, V200R011C10

S5720S-LI

S5720SI, V200R008C00, V200R009C00, V200R010C00,

S5720S-SI V200R011C00, V200R011C10

S5700HI V100R006C01, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00SPC500&C01&C02)

S5710HI V200R003C00, V200R005(C00&C02&C03)

S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5730SI V200R011C10

S5730S-EI V200R011C10

S6700 S6700EI V100R006C00, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00&C01&C02)

S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, V200R011C00, V200R011C10

S6720S-LI

S6720SI, V200R011C00, V200R011C10

S6720S-SI

NOTE
To know details about software mappings, see Hardware Query Tool.

Feature Limitations
● Table 17-10 lists the specification of SEP.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 911

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Table 17-10 Specification of SEP

Item Specification

Maximum number of segments on 16

the device

● On a SEP network where there are no-neighbor edge interfaces, a device that
is not in a SEP segment cannot be added to the control VLAN of the SEP
segment. Otherwise, a loop will occur on the network.

17.6 Configuring SEP

When there is no faulty link on a ring network running SEP, SEP can eliminate
loops on the Ethernet. When a link fault occurs on the ring network, SEP can
immediately restore the communication between the nodes on the network.

Pre-configuration Tasks
Before configuring basic SEP functions, complete the following tasks:
● Establish the ring network.
● Ensure that the devices are powered on correctly and operate properly.

17.6.1 Configuring a SEP Segment

Context
A SEP segment is the basic unit of SEP. A SEP segment consists of interconnected
Layer 2 switching devices configured with the same SEP segment ID and control
VLAN ID.
After SEP is configured on a device, you can run the description command to
configure the description of the SEP segment, including the SEP segment ID, to
facilitate maintenance.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run sep segment segment-id
A SEP segment is created and the view of the SEP segment is displayed.
The switch supports a maximum of 16 SEP segments.
Step 3 (Optional) Run description text
A description is configured for the SEP segment.
By default, no description is configured for an SEP segment.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 912

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

17.6.2 Configuring a Control VLAN

Context
In a SEP segment, a control VLAN is used to transmit SEP packets but not service
packets, enhancing SEP security. Each SEP segment must be configured with a
control VLAN. After being added to a SEP segment configured with a control
VLAN, an interface is added to the control VLAN automatically.

NOTE

On a SEP network that has no-neighbor edge interfaces, a device that is not in a SEP
segment cannot be added to the control VLAN of the SEP segment. Otherwise, a loop will
occur on the network.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run sep segment segment-id
A SEP segment is created and the view of the SEP segment is displayed.
Step 3 Run control-vlan vlan-id
A control VLAN is configured for the SEP segment to transmit SEP packets.
The control VLAN must be not created, and is not used by RRPP, dynamic
instances of VBST, VLAN mapping, and VLAN stacking. Additionally, no interface is
added to the control VLAN in trunk, access, hybrid, or qinq mode.
● Different SEP segments can use the same control VLAN.
● If an interface has been added to the SEP segment, the control VLAN of the
SEP segment cannot be deleted directly. To delete the control VLAN, run the
undo sep segment segment-id command in the interface view to delete the
interface from the SEP segment, and then run the undo control-vlan
command in the SEP segment view to delete the control VLAN.
● If no interface is added to the SEP segment, you can run the control-vlan
vlan-id command multiple times. Only the latest configuration takes effect.
● After the control VLAN is created successfully, the command used to create a
common VLAN will be displayed in the configuration file.
Each SEP segment must be configured with a control VLAN. After an interface
is added to a SEP segment configured with a control VLAN, the interface will
be automatically added to the control VLAN.
– If the interface type is trunk, in the configuration file, the port trunk
allow-pass vlan command is displayed in the view of the interface added
to the SEP segment.
– If the interface type is hybrid, in the configuration file, the port hybrid
tagged vlan command is displayed in the view of the interface added to
the SEP segment.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 913

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

17.6.3 Configuring a Protected Instance

Context
Interfaces can be added to a SEP segment only after the SEP segment is
configured with protected instances.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 (Optional) Create and configure the mapping between MSTIs and VLANs.
NOTE

If the stp mode vbst command sets the STP working mode to VBST, you must perform this
step to configure the mapping between MSTIs and VLANs. Otherwise, the protected
instance in a SEP segment cannot be configured.

1. Run stp region-configuration

The MST region view is displayed.
2. Run instance instance-id vlan vlan-id
The mapping between MSTIs and VLANs is created and configured.
By default, all VLANs map to MSTI 0.
3. Run active region-configuration
The mapping between MSTIs and VLANs is activated.
4. Run quit
Exit from the MST region view.

Step 3 Run sep segment segment-id

A SEP segment is created and the view of the SEP segment is displayed.

Step 4 Run protected-instance { all | { instance-id1 [ to instance-id2 ] } &<1-10> }

A protected instance is configured in a SEP segment.

When the mapping between MSTIs and VLANs is configured, instance-id in this
step must be the same as instance-id in the instance command.

By default, no protected instance is configured in a SEP segment.

NOTE

When the mapping between MSTIs and VLANs is not configured, the SEP protected
instance is valid for all VLANs.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 914

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

17.6.4 Adding a Layer 2 Interface to a SEP Segment and

Configuring a Role for the Interface
Context
To ensure that SEP packets are forwarded correctly in a SEP segment, add Layer 2
interfaces to the SEP segment and configure different roles for the interfaces.
After an interface is added to a SEP segment, the interface sets its interface role to
the primary edge interface if the interface has the right to participate in primary
edge interface election. Then, the interface periodically sends a primary edge
interface election packet without waiting for the success of neighbor negotiations.
A primary edge interface election packet contains the interface role (primary edge
interface, secondary edge interface, or common interface), bridge MAC address of
the interface, interface ID, and integrity of the topology database.
Table 17-11 lists interface roles.

Table 17-11 Interface roles

Interface Sub-role Description Deployment Scenario
Role

Common - In a SEP segment, all -

interface interfaces except edge
interfaces and blocked
interfaces are common
interfaces.
A common interface
monitors the status of a
directly-connected SEP
link. When the link
status changes, the
interface sends a
topology change
notification message to
notify its neighbors. Then
the topology change
notification message is
flooded on the link until
it finally reaches the
primary edge interface.
The primary edge
interface determines how
to process the link
change.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 915

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Interface Sub-role Description Deployment Scenario

Role

Edge Primary A SEP segment has only Open ring networking

interface edge one primary edge Closed ring networking
interface interface, which is
determined by the Multi-ring networking
configuration and Hybrid SEP+RRPP ring
election. networking
The primary edge
interface initiates
blocked interface
preemption, terminates
packets, and sends
topology change
notification messages to
other networks.

Secondary A SEP segment has only

edge one secondary edge
interface interface, which is
determined by the
configuration and
election.
The secondary edge
interface terminates
packets and sends
topology change
notification messages to
other networks.

No- An interface at the edge Hybrid SEP+MSTP ring

neighbor of a SEP segment is a networking
primary no-neighbor edge
edge interface, which is
interface determined by the
configuration and
election.
The no-neighbor primary
edge interface
terminates packets and
sends topology change
notification messages to
other networks.
No-neighbor primary
edge interfaces are used
to interconnect Huawei
devices and non-Huawei
devices or interconnect
Huawei devices and
devices that do not
support SEP.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 916

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Interface Sub-role Description Deployment Scenario

Role

No- The no-neighbor

neighbor secondary edge interface
secondary terminates packets and
edge sends topology change
interface notification messages to
other networks.
No-neighbor secondary
edge interfaces are used
to interconnect Huawei
devices and non-Huawei
devices or interconnect
Huawei devices and
devices that do not
support SEP.

NOTE

● Normally, edge interfaces and no-neighbor edge interfaces belong to different SEP
segments.
● Before adding a Layer 2 interface to a SEP segment, ensure that STP has been disabled
on the interface (except that the interface is a no-neighbor edge interface).
● Before adding an interface to a SEP segment, disable Smart Link on the interface.
● Before adding an interface to a SEP segment, disable port security on the interface;
otherwise, loops cannot be prevented.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The view of an Ethernet interface added to the SEP segment is displayed.

Step 3 Run port link-type { trunk | hybrid }

The link type of the interface is set to trunk or hybrid.

Step 4 Run stp disable

STP is disabled on the interface.

Step 5 Run sep segment segment-id [ edge [ no-neighbor ] { primary | secondary } ]

The Ethernet interface is added to a specified SEP segment and a role is

configured for the interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 917

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

NOTE

An interface can be added to a maximum of two SEP segments.

----End

17.6.5 Verifying the Basic SEP Configuration

Procedure
● Run the display sep segment { segment-id | all } command to check the
configurations of SEP segments.
● Run the display sep interface [ interface-type interface-number | segment
segment-id ] [ verbose ] command to check information about interfaces
that are added to a specified SEP segment.
● Run the display sep topology [ segment segment-id ] [ verbose ] command
to check the topology status of a specified SEP segment.

----End

17.7 Specifying an Interface to Block

17.7.1 Setting an Interface Blocking Mode

Context
In a SEP segment, some interfaces are blocked to prevent loops.

You can configure the interface blocking mode to specify a blocked interface.
Table 17-12 lists interface blocking modes.

Table 17-12 Interface blocking mode

Interface Blocking Description

Mode

Specify the interface This mode applies to a large-scale network.

with the highest After fault recovery, the interface with the highest
priority as the blocked priority in a SEP segment becomes the blocked
interface. interface. In this mode, the priorities of the interfaces in
the SEP segment need to be set in advance.

Specify the interface This mode applies to a network where traffic is

in the middle of a SEP symmetrically distributed.
segment as the After fault recovery, the interface in the middle of a
blocked interface. SEP segment becomes the blocked interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 918

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Interface Blocking Description

Mode

Specify a blocked This mode applies to a small-scale network.

interface based on the After fault recovery, a specified interface is blocked
configured hop count. based on the hop count. A network planner needs to
be familiar with the topology of the entire SEP segment
and the number of hops from the blocked interface to
the primary edge interface.

Specify a blocked This mode applies to a small-scale network.

interface based on the After fault recovery, a specified interface is blocked
device and interface based on the device and interface names. A network
names. planner needs to be familiar with the names of devices
and interfaces in the entire SEP segment and ensures
that each device name is unique.

Perform the following operations on the device where the primary edge interface
or no-neighbor primary edge interface is located:

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run sep segment segment-id
A SEP segment is created and the view of the SEP segment is displayed.
Step 3 Run block port { optimal | middle | hop hop-id | sysname sysname interface
{ interface-type interface-number | interface-name } }
An interface blocking mode is set.
By default, one of the interfaces at two ends of the link that is set up last or
recovers from a fault last is blocked.

----End

Follow-up Procedure
If the interface with the highest priority is specified to block, run the sep segment
segment-id priority priority command in the view of the interface to be blocked
to increase its priority. When a fault is rectified, the specified interface is blocked.
The default priority of an interface added to a SEP segment is 64. The priority
value of an interface is an integer that ranges from 1 to 128. A larger priority
value indicates a higher priority.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 919

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

17.7.2 Configuring the Preemption Mode

Context
After the interface blocking mode is specified, whether a specified interface will be
blocked is determined by the preemption mode. Table 17-13 lists the preemption
modes.

Table 17-13 Preemption mode

Preemption Advantage Disadvantage

Mode

Non-preemption SEP is in non- The blocked interface is one of the

mode preemption mode by two interfaces that complete
default. neighbor negotiations last.
In this mode,
blocking an interface
does not disconnect
any link in a SEP
segment.

Preem Delaye Each time a fault is ● The delayed preemption mode

ption d rectified, the system needs to be specified in advance.
mode preem automatically There is no default delay in
ption completes preemption, and the delay time
preemption and needs to be configured using a
ensures that the command.
specified interface is ● After delayed preemption is
blocked. configured successfully, a fault
needs to be simulated to ensure
that the specified interface is
blocked.

Manua Whether the ● The manual preemption mode

l specified interface needs to be specified in advance.
preem will be blocked can ● After a network fault is rectified
ption be controlled and the preemption action is
manually. taken, manual preemption no
longer takes effect.
Manual preemption needs to be
configured again to ensure that
the blocked point can be moved
to the specified point after the
next fault is rectified. This
increases the maintenance
workload.

The following conditions must be met to trigger preemption:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 920

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

● The SEP segment topology is complete.

● The primary edge interface or no-neighbor primary edge interface has been
elected in the SEP segment.
● The function of flexibly specifying a blocked interface is enabled on the device
where the primary edge interface or no-neighbor primary edge interface
resides.
Perform the following operations on the Layer 2 switching device where the
primary edge interface or no-neighbor primary edge interface resides.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run sep segment segment-id
A SEP segment is created and the view of the SEP segment is displayed.
Step 3 Run preempt { manual | delay seconds }
The preemption mode is configured on the primary edge interface.
By default, no preemption mode is configured on the primary edge interface, that
is, the non-preemption mode is used.

----End

17.7.3 Verifying the Configuration of Specifying an Interface

to Block
Procedure
● Run the display sep topology [ segment segment-id ] [ verbose ] command
to check the topology status of a specified SEP segment.
----End

17.8 Configuring SEP Multi-Instance

Applicable Environment
In typical SEP networking, a physical ring can be configured with only one SEP
segment in which only one interface can be blocked. If an interface in a complete
SEP segment is blocked, all service data is transmitted only along the path where
the primary edge interface is located. The path where the secondary edge
interface is located remains idle, wasting bandwidth.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 921

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Figure 17-17 Networking diagram for SEP multi-instance

IP/MPLS Core
group 2:Master
Core

group 1:Master
group 2:Backup group 1:Backup
NPE1 NPE2
VRRP+peer BFD
Aggregation

LSW2 LSW4
SEP
Segment2
P2 SEP Segment1 P1

LSW1 LSW3
Instance1: Instance2:
Access

VLAN 100~200 VLAN 201~400

CE1 CE2

Primary Edge Port

Secondary Edge Port
Block Port

SEP multi-instance is used to improve bandwidth efficiency and implement traffic

load balancing and link backup. In Figure 17-17, multiple instances are deployed
in the SEP segment, and protected instances are mapped to different VLANs. Data
traffic for different VLANs can be transmitted along different paths.

NOTE

Currently, SEP multi-instance allows two SEP segments to be configured on a physical ring.
Different blocked interfaces and priorities need to be configured for the two SEP segments.

Pre-configuration Tasks
Before configuring SEP multi-instance, complete the following tasks:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 922

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

● Configure basic SEP functions.

● Specify an interface to block.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run stp region-configuration
The MST region view is displayed.
Step 3 Run instance instance-id vlan { vlan-id [ to vlan-id ] } &<1-10>
Mappings between protected instances and VLANs are configured.
The value of instance-id specified in this command must be the same as that of
instance-id specified in the protected-instance command.
Before you switch a VLAN from one SEP segment to another segment, shut down
the blocked port. If you do not shut down the blocked port, a routing loop may
occur after the VLAN switchover.

NOTE

To configure the mapping between a protected instance and a MUX VLAN, you are advised
to configure the principal VLAN, subordinate group VLANs, and subordinate separate
VLANs of the MUX VLAN in the same protected instance. Otherwise, loops may occur.

Step 4 Run active region-configuration

Mappings between protected instances and VLANs are activated.
After mappings between protected instances and VLANs take effect, topology
changes of a SEP segment affect only corresponding VLANs. This ensures reliable
service data transmission.

----End

Verifying the Configuration

Run the display stp region-configuration command to check the effective
configuration of the MST region.

17.9 Configuring the Topology Change Notification

Function

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 923

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

17.9.1 Reporting Topology Changes in a Lower-Layer Network

- SEP Topology Change Notification
Context
SEP runs on devices at the access layer. The topology change notification function
enables devices to detect topology changes on the upper and lower-layer
networks.
If the upper-layer network fails to be notified of the topology change in a SEP
segment, the MAC address entries remain unchanged on the upper layer network
and user traffic may be interrupted. To ensure uninterrupted traffic forwarding,
configure devices on the lower-layer network to report topology changes to the
upper-layer network and specify the devices on the upper-layer network that will
be notified of topology changes.

NOTE

Currently, topology changes in a SEP segment can be reported to other SEP segments, STP
networks, RRPP networks, VPLS networks, and SmartLink networks.
Only S5720EI, S5720HI, S6720EI, and S6720S-EI support VPLS networks.

After receiving a topology change notification from a lower-layer network, a

device on the upper-layer network sends TC packets to instruct other devices on
the upper-layer network to clear original MAC addresses and learn new MAC
addresses after the topology of the lower-layer network changes. This ensures
uninterrupted traffic forwarding.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run sep segment segment-id
A SEP segment is created and the view of the SEP segment is displayed.
Step 3 Run tc-notify { segment { segment-id1 [ to segment-id2 ] } &<1-10> | stp | rrpp |
smart-link send-packet vlan vlan-id | vpls }
The topology change of the specified SEP segment is reported to another SEP
segment or a network running other ring protocols such as STP or RRPP.
By default, the topology change of a SEP segment is not reported.

NOTE

Only S5720EI, S5720HI, S6720EI, and S6720S-EI support vpls parameter.

----End

Follow-up Procedure
In the networking scenario where three or more SEP ring networks exist, when a
topology change notification is sent through multiple links, the upper-layer

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 924

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

network will receive it multiple times. This reduces packet processing efficiency on
the upper-layer network. Therefore, topology change notifications need to be
suppressed. Suppressing topology change notifications frees the upper-layer
network from processing multiple duplicate packets and protects the devices in
the SEP segment against topology change notification attacks.
Run the tc-protection interval interval-value command in the SEP segment view
to set the interval for suppressing topology change notifications.
By default, the interval for suppressing topology change notifications is 2s, and
three topology change notifications with different source addresses are processed
within 2s.

NOTE

● In the networking scenario where three or more SEP ring networks exist, the tc-
protection interval interval-value command must be run. If this command is not run,
the default interval for suppressing topology change notifications is used.
● A longer interval ensures stable SEP operation but reduces convergence performance.

17.9.2 Reporting Topology Changes in a Lower-Layer Network

- Enabling the Devices in a SEP Segment to Process SmartLink
Flush Packets
Context
When a host is connected to a SEP network using a SmartLink group, the host
sends SmartLink Flush packets to inform the remote device in the SEP segment if
devices in the SmartLink group experience an active/standby switchover. Therefore,
devices in a SEP segment must be able to process SmartLink Flush packets.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run sep segment segment-id
A SEP segment is created and the view of the SEP segment is displayed.
Step 3 Run deal smart-link-flush
The device in a SEP segment is configured to process SmartLink Flush packets.
By default, no device in a SEP segment is configured to process SmartLink Flush
packets.
Step 4 Run quit
Return to the system view.
Step 5 Run interface interface-type interface-number
The interface view is displayed.
Step 6 Run smart-link flush receive control-vlan vlan-id [ password { simple | sha }
password ]

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 925

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

The interface is configured to receive Flush packets.

By default, an interface is prohibited from receiving Flush packets.

The password parameter is optional. If no password is specified, no password is

used for authentication.

The control VLAN ID and password contained in Flush packets on both devices
must be the same.

----End

17.9.3 Reporting Topology Changes in an Upper-Layer

Network - Configuring Association Between SEP and CFM

Context
SEP runs on devices at the access layer or aggregation layer. To enable devices
running SEP to detect the topology changes in an upper-layer network, you must
configure on SEP and CFM association the device connecting the lower-layer
network to the upper-layer network.

When CFM detects a fault on the upper-layer network, the edge device sends a
CFM packet to notify the OAM module of the fault. Then the SEP status of the
interface associated with CFM on the edge device changes to Down.

The peer device (on the SEP segment) of the edge device notifies other nodes in
the same SEP segment of topology changes by sending Flush-FDB packets. After a
device in the SEP segment receives the Flush-FDB packet, the blocked interface on
the device is unblocked, enters the Forwarding state, and sends a Flush-FDB
packet to instruct other nodes in the SEP segment to refresh their MAC forwarding
tables and ARP tables. Therefore, the lower-layer network can then detect the
faults on the upper-layer network, ensuring reliable service transmission.

NOTE

IEEE 802.1ag, also known as Connectivity Fault Management (CFM), defines OAM
functions, such as continuity check (CC), link trace (LT) and loopback (LB), for Ethernet
networks. CFM is network-level OAM and applies to large-scale end-to-end networking.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run oam-mgr

The OAM management view is displayed.

Step 3 Run oam-bind ingress cfm md md-name ma ma-name egress sep segment
segment-id interface interface-type interface-number
Association between SEP and CFM is configured.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 926

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

17.9.4 Verifying the Configuration of the Topology Change

Notification Function
Procedure
● Run the display sep interface verbose command to check information about
the interfaces added to a SEP segment.
● Run the display this command in the OAM management view to check the
configuration of topology change notification on the upper-layer network
topology.
----End

17.10 Clearing SEP Statistics

Context

NOTICE

SEP statistics cannot be restored after being cleared. Therefore, exercise caution
when you run reset commands.

Procedure
Step 1 Run the reset sep interface interface-type interface-number statistics command
in the user view to clear SEP packet statistics on a specified interface in a SEP
segment.

----End

17.11 Configuration Examples for SEP

17.11.1 Example for Configuring SEP on a Closed Ring

Network
Networking Requirements
Generally, redundant links are used to connect an Ethernet switching network to
an upper-layer network to provide link backup and enhance network reliability.
The use of redundant links, however, may produce loops, causing broadcast storms
and rendering the MAC address table unstable. As a result, communication quality
deteriorates, and services may even be interrupted. SEP can be deployed on the
ring network to eliminate loops and restore communication if a link fault occurs.
In the closed ring networking, CE1 is dual-homed to a Layer 2 network through
multiple Layer 2 switching devices. The two edge devices connected to the upper-

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 927

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

layer Layer 2 network are directly connected to each other. The closed ring
network is deployed at the aggregation layer to transparently transmit Layer 2
unicast and multicast packets. SEP runs at the aggregation layer to implement link
redundancy.
In Figure 17-18, Layer 2 switching devices LSW1 to LSW5 form a ring network.
SEP runs at the aggregation layer.
● When there is no faulty link on a ring network, SEP can eliminate loops on
the network.
● When a link fails on the ring network, SEP can rapidly restore communication
between nodes on the network.

Figure 17-18 Networking diagram of a closed ring SEP network

IP/MPLS Core
Core

GE0/0/2 GE0/0/3 GE0/0/2

LSW1 LSW5
GE0/0/3
GE0/0/1 GE0/0/1
Aggregation

SEP
Segment1
GE0/0/1 GE0/0/1
LSW2 LSW4
LSW3 GE0/0/2
GE0/0/2
GE0/0/1 GE0/0/2
GE0/0/3
GE0/0/1
Primary Edge Port
Access

CE1
Secondary Edge Port
VLAN
100 Block Port

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 928

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic SEP functions.
a. Configure SEP segment 1 on LSW1 to LSW5 and configure VLAN 10 as
the control VLAN of SEP segment 1.
b. Add all devices on the ring to SEP segment 1, and configure the roles of
GE0/0/1 and GE0/0/3 of LSW1 in SEP segment 1.
c. On the device where the primary edge interface is located, specify the
interface with the highest priority to block.
d. Set priorities of the interfaces in the SEP segment.
Set the highest priority for GE0/0/2 of LSW3 and retain the default
priority of the other interfaces so that GE0/0/2 of LSW3 will be blocked.
e. Configure delayed preemption on the device where the primary edge
interface is located.
2. Configure the Layer 2 forwarding function on CE1 and LSW1 to LSW5.

Procedure
Step 1 Configure basic SEP functions.
1. Configure SEP segment 1 on LSW1 to LSW5 and configure VLAN 10 as the
control VLAN of SEP segment 1.
# Configure LSW1.
<HUAWEI> system-view
[HUAWEI] sysname LSW1
[LSW1] sep segment 1
[LSW1-sep-segment1] control-vlan 10
[LSW1-sep-segment1] protected-instance all
[LSW1-sep-segment1] quit

# Configure LSW2.
<HUAWEI> system-view
[HUAWEI] sysname LSW2
[LSW2] sep segment 1
[LSW2-sep-segment1] control-vlan 10
[LSW2-sep-segment1] protected-instance all
[LSW2-sep-segment1] quit

# Configure LSW3.
<HUAWEI> system-view
[HUAWEI] sysname LSW3
[LSW3] sep segment 1
[LSW3-sep-segment1] control-vlan 10
[LSW3-sep-segment1] protected-instance all
[LSW3-sep-segment1] quit

# Configure LSW4.
<HUAWEI> system-view
[HUAWEI] sysname LSW4
[LSW4] sep segment 1
[LSW4-sep-segment1] control-vlan 10
[LSW4-sep-segment1] protected-instance all
[LSW4-sep-segment1] quit

# Configure LSW5.
<HUAWEI> system-view
[HUAWEI] sysname LSW5
[LSW5] sep segment 1
[LSW5-sep-segment1] control-vlan 10

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 929

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

[LSW5-sep-segment1] protected-instance all

[LSW5-sep-segment1] quit

NOTE

– The control VLAN must be a VLAN that has not been created or used, but the
configuration file automatically displays the command for creating the VLAN.
– Each SEP segment must be configured with a control VLAN. After an interface is
added to a SEP segment configured with a control VLAN, the interface will be
automatically added to the control VLAN.
2. Add all devices on the ring to SEP segment 1 and configure interface roles on
the devices.
NOTE

By default, STP is enabled on a Layer 2 interface. Before adding an interface to a SEP

segment, disable STP on the interface.
# On LSW1, configure GE0/0/1 as the primary edge interface and GE0/0/3 as
the secondary edge interface.
[LSW1] interface gigabitethernet 0/0/1
[LSW1-GigabitEthernet0/0/1] port link-type hybrid
[LSW1-GigabitEthernet0/0/1] stp disable
[LSW1-GigabitEthernet0/0/1] sep segment 1 edge primary
[LSW1-GigabitEthernet0/0/1] quit
[LSW1] interface gigabitethernet 0/0/3
[LSW1-GigabitEthernet0/0/3] port link-type hybrid
[LSW1-GigabitEthernet0/0/3] stp disable
[LSW1-GigabitEthernet0/0/3] sep segment 1 edge secondary
[LSW1-GigabitEthernet0/0/3] quit

# Configure LSW2.
[LSW2] interface gigabitethernet 0/0/1
[LSW2-GigabitEthernet0/0/1] port link-type hybrid
[LSW2-GigabitEthernet0/0/1] stp disable
[LSW2-GigabitEthernet0/0/1] sep segment 1
[LSW2-GigabitEthernet0/0/1] quit
[LSW2] interface gigabitethernet 0/0/2
[LSW2-GigabitEthernet0/0/2] port link-type hybrid
[LSW2-GigabitEthernet0/0/2] stp disable
[LSW2-GigabitEthernet0/0/2] sep segment 1
[LSW2-GigabitEthernet0/0/2] quit

# Configure LSW3.
[LSW3] interface gigabitethernet 0/0/1
[LSW3-GigabitEthernet0/0/1] port link-type hybrid
[LSW3-GigabitEthernet0/0/1] stp disable
[LSW3-GigabitEthernet0/0/1] sep segment 1
[LSW3-GigabitEthernet0/0/1] quit
[LSW3] interface gigabitethernet 0/0/2
[LSW3-GigabitEthernet0/0/2] port link-type hybrid
[LSW3-GigabitEthernet0/0/2] stp disable
[LSW3-GigabitEthernet0/0/2] sep segment 1
[LSW3-GigabitEthernet0/0/2] quit

# Configure LSW4.
[LSW4] interface gigabitethernet 0/0/1
[LSW4-GigabitEthernet0/0/1] port link-type hybrid
[LSW4-GigabitEthernet0/0/1] stp disable
[LSW4-GigabitEthernet0/0/1] sep segment 1
[LSW4-GigabitEthernet0/0/1] quit
[LSW4] interface gigabitethernet 0/0/2
[LSW4-GigabitEthernet0/0/2] port link-type hybrid
[LSW4-GigabitEthernet0/0/2] stp disable
[LSW4-GigabitEthernet0/0/2] sep segment 1
[LSW4-GigabitEthernet0/0/2] quit

# Configure LSW5.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 930

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

[LSW5] interface gigabitethernet 0/0/1

[LSW5-GigabitEthernet0/0/1] port link-type hybrid
[LSW5-GigabitEthernet0/0/1] stp disable
[LSW5-GigabitEthernet0/0/1] sep segment 1
[LSW5-GigabitEthernet0/0/1] quit
[LSW5] interface gigabitethernet 0/0/3
[LSW5-GigabitEthernet0/0/3] port link-type hybrid
[LSW5-GigabitEthernet0/0/3] stp disable
[LSW5-GigabitEthernet0/0/3] sep segment 1
[LSW5-GigabitEthernet0/0/3] quit

3. Specify an interface to block.

# On LSW1 where the primary edge interface is located, specify the interface
with the highest priority to block.
[LSW1] sep segment 1
[LSW1-sep-segment1] block port optimal

4. Set the priority of GE0/0/2 on LSW3.

[LSW3] interface gigabitethernet 0/0/2
[LSW3-GigabitEthernet0/0/2] sep segment 1 priority 128
[LSW3-GigabitEthernet0/0/2] quit

5. Configure the preemption mode.

# Configure delayed preemption on LSW1.
[LSW1-sep-segment1] preempt delay 30
[LSW1-sep-segment1] quit

NOTE

– You must set the preemption delay when delayed preemption is used because
there is no default delay time.
– When the last faulty interface recovers, edge interfaces do not receive any fault
notification packet. If the primary edge interface does not receive any fault
notification packet, it starts the delay timer. After the delay timer expires, nodes in
the SEP segment start blocked interface preemption.
To implement delayed preemption in this example, simulate a port fault and then
rectify the fault. For example:
Run the shutdown command on GE0/0/2 of LSW2 to simulate an interface fault,
and then run the undo shutdown command on GE0/0/2 to rectify the fault.

Step 2 Configure the Layer 2 forwarding function on CE1 and LSW1 to LSW5.
For details about the configuration, see the configuration files.
Step 3 Verify the configuration.
● Run the shutdown command on GE0/0/1 of LSW3 to simulate an interface
fault, and then run the display sep interface command on LSW3 to check
whether GE0/0/2 of LSW3 has switched from the Discarding state to the
Forwarding state.
<LSW3> display sep interface gigabitethernet 0/0/2
SEP segment 1
----------------------------------------------------------------
Interface Port Role Neighbor Status Port Status
----------------------------------------------------------------
GE0/0/2 common up forwarding

----End

Configuration Files
● LSW1 configuration file

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 931

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

#
sysname LSW1
#
vlan batch 10 100 200
#
sep segment 1
control-vlan 10
block port optimal
preempt delay 30
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 10 100
stp disable
sep segment 1 edge primary
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 200
port hybrid tagged vlan 100
port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1 edge secondary
#
return
● LSW2 configuration file
#
sysname LSW2
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
return
● LSW3 configuration file
#
sysname LSW3
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 10 100
stp disable
sep segment 1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 932

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 10 100
stp disable
sep segment 1
sep segment 1 priority 128
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid tagged vlan 100
#
return

● LSW4 configuration file

#
sysname LSW4
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
return

● LSW5 configuration file

#
sysname LSW5
#
vlan batch 10 100 200
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 200
port hybrid tagged vlan 100
port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1
#
return

● CE1 configuration file

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 933

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

#
sysname CE1
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 100
#
return

Related Content
Videos
Configuring SEP

17.11.2 Example for Configuring SEP on a Multi-Ring Network

Networking Requirements
Generally, redundant links are used to connect an Ethernet switching network to
an upper-layer network to provide link backup and enhance network reliability.
The use of redundant links, however, may produce loops, causing broadcast storms
and rendering the MAC address table unstable. As a result, communication quality
deteriorates, and services may even be interrupted. SEP can be deployed on the
ring network to eliminate loops and restore communication if a link fault occurs.
In multi-ring networking, multiple rings consisting of Layer 2 switching devices are
deployed at the access layer and aggregation layer. SEP runs at the access layer
and aggregation layer to implement link redundancy.
In Figure 17-19, multiple Layer 2 switching devices form ring networks at the
access layer and aggregation layer.
SEP runs at the access layer and aggregation layer. When there is no faulty link on
a ring network, SEP can eliminate loops on the network. When a link fails on the
ring network, SEP can rapidly restore communication between nodes on the
network.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 934

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Figure 17-19 Networking diagram of a multi-ring SEP network

Core

IP/MPLS Core

GE0/0/2 GE0/0/2

LSW1 GE0/0/3 GE0/0/3 LSW5

GE0/0/1 GE0/0/1
SEP
Aggregation

GE0/0/1 GE0/0/3
Segment 1
LSW4
LSW2 GE0/0/1
GE0/0/2
GE0/0/2
G

LSW3
E0
/
0/
3

GE0/0/4
GE0/0/1 GE0/0/2 GE0/0/1 GE0/0/2
t2
gm EP

Se
en

SE en

LSW6 GE0/0/2
Se S

LSW11
gm

P t

GE0/0/2 LSW8
GE0/0/1
3

GE0/0/1 GE0/0/1 GE0/0/2

GE0/0/1 GE0/0/2 LSW9 GE0/0/1
LSW7 GE0/0/3 LSW10 GE0/0/3
Access

GE0/0/1 GE0/0/1
CE2
CE1

VLAN VLAN
200 100

Primary Edge Port Control VLAN 10

Secondary Edge Port Control VLAN 20
Block Port Control VLAN 30

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 935

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic SEP functions.
a. Configure SEP segments 1 to 3 and configure VLAN 10, VLAN 20, and
VLAN 30 as their respective control VLANs.

▪ Configure SEP segment 1 on LSW1 to LSW5 and configure VLAN 10

as the control VLAN of SEP segment 1.

▪ Configure SEP segment 2 on LSW2, LSW3, and LSW6 to LSW8, and

configure VLAN 20 as the control VLAN of SEP segment 2.

▪ Configure SEP segment 3 on LSW3, LSW4, and LSW9 to LSW11, and

configure VLAN 30 as the control VLAN of SEP segment 3.
b. Add devices on the rings to the SEP segments and configure interface
roles on the edge devices of the SEP segments.

▪ On LSW1 to LSW5, add the interfaces on the ring at the access layer
to SEP segment 1. Configure the roles of GE0/0/1 and GE0/0/3 of
LSW1 in SEP segment 1.

▪ Add GE0/0/2 of LSW2, GE0/0/1 and GE0/0/2 of LSW6 to LSW8, and

GE0/0/2 of LSW3 to SEP segment 2. Configure the roles of GE0/0/2
of LSW2 and GE0/0/2 of LSW3 in SEP segment 2.

▪ Add GE0/0/1 of LSW3, GE0/0/1 and GE0/0/2 of LSW9 to LSW11, and

GE0/0/1 of LSW4 to SEP segment 3. Configure the roles of GE0/0/1
of LSW3 and GE0/0/1 of LSW4 in SEP segment 3.
c. Specify an interface to block on the device where the primary edge
interface is located.

▪ In SEP segment 1, specify the interface with the highest priority to

block.

▪ In SEP segment 2, specify the device and interface names to block

the specified interface.

▪ In SEP segment 3, specify the blocked interface based on the

configured hop count.
d. Configure the preemption mode on the device where the primary edge
interface is located.
Configure delayed preemption in SEP segment 1 and manual preemption
in SEP segment 2 and SEP segment 3.
e. Configure the topology change notification function on the edge devices
between SEP segments, namely, LSW2, LSW3, and LSW4.
2. Configure the Layer 2 forwarding function on CE1, CE2, and LSW1 to LSW11.

Procedure
Step 1 Configure basic SEP functions.
1. Configure SEP segments 1 to 3 and configure VLAN 10, VLAN 20, and VLAN
30 as their respective control VLANs, In Figure 17-19.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 936

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

# Configure LSW1.
<HUAWEI> system-view
[HUAWEI] sysname LSW1
[LSW1] sep segment 1
[LSW1-sep-segment1] control-vlan 10
[LSW1-sep-segment1] protected-instance all
[LSW1-sep-segment1] quit

# Configure LSW2.
<HUAWEI> system-view
[HUAWEI] sysname LSW2
[LSW2] sep segment 1
[LSW2-sep-segment1] control-vlan 10
[LSW2-sep-segment1] protected-instance all
[LSW2-sep-segment1] quit
[LSW2] sep segment 2
[LSW2-sep-segment2] control-vlan 20
[LSW2-sep-segment2] protected-instance all
[LSW2-sep-segment2] quit

# Configure LSW3.
<HUAWEI> system-view
[HUAWEI] sysname LSW3
[LSW3] sep segment 1
[LSW3-sep-segment1] control-vlan 10
[LSW3-sep-segment1] protected-instance all
[LSW3-sep-segment1] quit
[LSW3] sep segment 2
[LSW3-sep-segment2] control-vlan 20
[LSW3-sep-segment2] protected-instance all
[LSW3-sep-segment2] quit
[LSW3] sep segment 3
[LSW3-sep-segment3] control-vlan 30
[LSW3-sep-segment3] protected-instance all
[LSW3-sep-segment3] quit

# Configure LSW4.
<HUAWEI> system-view
[HUAWEI] sysname LSW4
[LSW4] sep segment 1
[LSW4-sep-segment1] control-vlan 10
[LSW4-sep-segment1] protected-instance all
[LSW4-sep-segment1] quit
[LSW4] sep segment 3
[LSW4-sep-segment3] control-vlan 30
[LSW4-sep-segment3] protected-instance all
[LSW4-sep-segment3] quit

# Configure LSW5.
<HUAWEI> system-view
[HUAWEI] sysname LSW5
[LSW5] sep segment 1
[LSW5-sep-segment1] control-vlan 10
[LSW5-sep-segment1] protected-instance all
[LSW5-sep-segment1] quit

# Configure LSW6 to LSW11.

The configurations of LSW6 to LSW11 are similar to the configurations of
LSW1 to LSW5 except for the control VLANs of different SEP segments.
For details about the configuration, see the configuration files.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 937

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

NOTE

– The control VLAN must be a VLAN that has not been created or used, but the
configuration file automatically displays the command for creating the VLAN.
– Each SEP segment must be configured with a control VLAN. After an interface is
added to a SEP segment configured with a control VLAN, the interface will be
automatically added to the control VLAN.
2. Add devices on the rings to the SEP segments and configure interface roles
according to Figure 17-19.
NOTE

By default, STP is enabled on a Layer 2 interface. Before adding an interface to a SEP

segment, disable STP on the interface.
# On LSW1, configure GE0/0/1 as the primary edge interface and GE0/0/3 as
the secondary edge interface.
[LSW1] interface gigabitethernet 0/0/1
[LSW1-GigabitEthernet0/0/1] port link-type hybrid
[LSW1-GigabitEthernet0/0/1] stp disable
[LSW1-GigabitEthernet0/0/1] sep segment 1 edge primary
[LSW1-GigabitEthernet0/0/1] quit
[LSW1] interface gigabitethernet 0/0/3
[LSW1-GigabitEthernet0/0/3] port link-type hybrid
[LSW1-GigabitEthernet0/0/3] stp disable
[LSW1-GigabitEthernet0/0/3] sep segment 1 edge secondary
[LSW1-GigabitEthernet0/0/3] quit

# Configure LSW2.
[LSW2] interface gigabitethernet 0/0/1
[LSW2-GigabitEthernet0/0/1] port link-type hybrid
[LSW2-GigabitEthernet0/0/1] stp disable
[LSW2-GigabitEthernet0/0/1] sep segment 1
[LSW2-GigabitEthernet0/0/1] quit
[LSW2] interface gigabitethernet 0/0/3
[LSW2-GigabitEthernet0/0/3] port link-type hybrid
[LSW2-GigabitEthernet0/0/3] stp disable
[LSW2-GigabitEthernet0/0/3] sep segment 1
[LSW2-GigabitEthernet0/0/3] quit
[LSW2] interface gigabitethernet 0/0/2
[LSW2-GigabitEthernet0/0/2] port link-type hybrid
[LSW2-GigabitEthernet0/0/2] stp disable
[LSW2-GigabitEthernet0/0/2] sep segment 2 edge primary
[LSW2-GigabitEthernet0/0/2] quit

# Configure LSW3.
[LSW3] interface gigabitethernet 0/0/3
[LSW3-GigabitEthernet0/0/3] port link-type hybrid
[LSW3-GigabitEthernet0/0/3] stp disable
[LSW3-GigabitEthernet0/0/3] sep segment 1
[LSW3-GigabitEthernet0/0/3] quit
[LSW3] interface gigabitethernet 0/0/4
[LSW3-GigabitEthernet0/0/4] port link-type hybrid
[LSW3-GigabitEthernet0/0/4] stp disable
[LSW3-GigabitEthernet0/0/4] sep segment 1
[LSW3-GigabitEthernet0/0/4] quit
[LSW3] interface gigabitethernet 0/0/2
[LSW3-GigabitEthernet0/0/2] port link-type hybrid
[LSW3-GigabitEthernet0/0/2] stp disable
[LSW3-GigabitEthernet0/0/2] sep segment 2 edge secondary
[LSW3-GigabitEthernet0/0/2] quit
[LSW3] interface gigabitethernet 0/0/1
[LSW3-GigabitEthernet0/0/1] port link-type hybrid
[LSW3-GigabitEthernet0/0/1] stp disable
[LSW3-GigabitEthernet0/0/1] sep segment 3 edge secondary
[LSW3-GigabitEthernet0/0/1] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 938

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

# Configure LSW4.
[LSW4] interface gigabitethernet 0/0/2
[LSW4-GigabitEthernet0/0/2] port link-type hybrid
[LSW4-GigabitEthernet0/0/2] stp disable
[LSW4-GigabitEthernet0/0/2] sep segment 1
[LSW4-GigabitEthernet0/0/2] quit
[LSW4] interface gigabitethernet 0/0/3
[LSW4-GigabitEthernet0/0/3] port link-type hybrid
[LSW4-GigabitEthernet0/0/3] stp disable
[LSW4-GigabitEthernet0/0/3] sep segment 1
[LSW4-GigabitEthernet0/0/3] quit
[LSW4] interface gigabitethernet 0/0/1
[LSW4-GigabitEthernet0/0/1] port link-type hybrid
[LSW4-GigabitEthernet0/0/1] stp disable
[LSW4-GigabitEthernet0/0/1] sep segment 3 edge primary
[LSW4-GigabitEthernet0/0/1] quit

# Configure LSW5.
[LSW5] interface gigabitethernet 0/0/1
[LSW5-GigabitEthernet0/0/1] port link-type hybrid
[LSW5-GigabitEthernet0/0/1] stp disable
[LSW5-GigabitEthernet0/0/1] sep segment 1
[LSW5-GigabitEthernet0/0/1] quit
[LSW5] interface gigabitethernet 0/0/3
[LSW5-GigabitEthernet0/0/3] port link-type hybrid
[LSW5-GigabitEthernet0/0/3] stp disable
[LSW5-GigabitEthernet0/0/3] sep segment 1
[LSW5-GigabitEthernet0/0/3] quit

# Configure LSW6 to LSW11.

The configurations of LSW6 to LSW11 are similar to the configurations of
LSW1 to LSW5 except for the interface roles.
For details about the configuration, see the configuration files.
3. Specify an interface to block.
# On LSW1 where the primary edge interface of SEP segment 1 is located,
specify the interface with the highest priority to block.
[LSW1] sep segment 1
[LSW1-sep-segment1] block port optimal
[LSW1-sep-segment1] quit

# On LSW3, set the priority of GE0/0/4 to 128, which is the highest priority
among the interfaces so that GE0/0/4 will be blocked.
[LSW3] interface gigabitethernet 0/0/4
[LSW3-GigabitEthernet0/0/4] sep segment 1 priority 128
[LSW3-GigabitEthernet0/0/4] quit

Retain the default priority of the other interfaces in SEP segment 1.

# On LSW2 where the primary edge interface of SPE segment 2 is located,
specify the device and interface names so that the specified interface will be
blocked.
Before specifying the interface to block, use the display sep topology
command to view the current topology information and obtain information
about all the interfaces in the topology. Then specify the device and interface
names.
[LSW2] sep segment 2
[LSW2-sep-segment2] block port sysname LSW7 interface gigabitethernet 0/0/1
[LSW2-sep-segment2] quit

# On LSW4 where the primary edge interface of SEP segment 3 is located,

specify the blocked interface based on the configured hop count.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 939

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

[LSW4] sep segment 3

[LSW4-sep-segment3] block port hop 5
[LSW4-sep-segment3] quit

NOTE

SEP sets the hop count of the primary edge interface to 1 and the hop count of the
secondary edge interface to 2. Hop counts of other interfaces increase by steps of 1 in
the downstream direction of the primary interface.
4. Configure the preemption mode.
# Configure delayed preemption on LSW1.
[LSW1] sep segment 1
[LSW1-sep-segment1] preempt delay 30

NOTE

– You must set the preemption delay when delayed preemption is used because
there is no default delay time.
– When the last faulty interface recovers, edge interfaces do not receive any fault
notification packet. If the primary edge interface does not receive any fault
notification packet, it starts the delay timer. After the delay timer expires, nodes in
the SEP segment start blocked interface preemption.
To implement delayed preemption in this example, simulate a port fault and then
rectify the fault. For example:
Run the shutdown command on GE0/0/2 of LSW2 to simulate an interface fault,
and then run the undo shutdown command on GE0/0/2 to rectify the fault.
# Configure manual preemption on LSW2.
[LSW2] sep segment 2
[LSW2-sep-segment2] preempt manual

# Configure the manual preemption mode on LSW4.

[LSW4] sep segment 3
[LSW4-sep-segment3] preempt manual

5. Configure the topology change notification function.

# Configure devices in SEP segment 2 to notify SEP segment 1 of topology
changes.
# Configure LSW2.
[LSW2] sep segment 2
[LSW2-sep-segment2] tc-notify segment 1
[LSW2-sep-segment2] quit

# Configure LSW3.
[LSW3] sep segment 2
[LSW3-sep-segment2] tc-notify segment 1
[LSW3-sep-segment2] quit

# Configure SEP segment 3 to notify SEP segment 1 of topology changes.

# Configure LSW3.
[LSW3] sep segment 3
[LSW3-sep-segment3] tc-notify segment 1
[LSW3-sep-segment3] quit

# Configure LSW4.
[LSW4] sep segment 3
[LSW4-sep-segment3] tc-notify segment 1
[LSW4-sep-segment3] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 940

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

NOTE

The topology change notification function is configured on edge devices between SEP
segments so that the upper-layer network can be notified of topology changes on the
lower-layer network.

Step 2 Configure the Layer 2 forwarding function on the CEs and LSW1 to LSW11.
For details about the configuration, see the configuration files.
Step 3 Verify the configuration.
After completing the preceding configurations, verify the configuration. LSW1 is
used as an example.
● Run the shutdown command on GE0/0/1 of LSW2 to simulate an interface
fault, and then run the display sep interface command on LSW3 to check
whether GE0/0/4 of LSW3 has switched from the Discarding state to the
Forwarding state.
<LSW3> display sep interface gigabitethernet 0/0/4
SEP segment 1
----------------------------------------------------------------
Interface Port Role Neighbor Status Port Status
----------------------------------------------------------------
GE0/0/4 common up forwarding

----End

Configuration Files
● LSW1 configuration file
#
sysname LSW1
#
vlan batch 10 100 200 300
#
sep segment 1
control-vlan 10
block port optimal
preempt delay 30
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1 edge primary
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 300
port hybrid tagged vlan 100 200
port hybrid untagged vlan 300
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid tagged vlan 10 100 200 300
stp disable
sep segment 1 edge secondary
#
return
● LSW2 configuration file
#
sysname LSW2

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 941

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

#
vlan batch 10 20 100 200
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
sep segment 2
control-vlan 20
block port sysname LSW7 interface GigabitEthernet0/0/1
tc-notify segment 1
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 20 200
stp disable
sep segment 2 edge primary
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1
#
return
● LSW3 configuration file
#
sysname LSW3
#
vlan batch 10 20 30 100 200
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
sep segment 2
control-vlan 20
tc-notify segment 1
protected-instance 0 to 48
sep segment 3
control-vlan 30
tc-notify segment 1
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 30 100
stp disable
sep segment 3 edge secondary
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 20 200
stp disable
sep segment 2 edge secondary
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1
#
interface GigabitEthernet0/0/4
port link-type hybrid

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 942

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

port hybrid tagged vlan 10 100 200

stp disable
sep segment 1
sep segment 1 priority 128
#
return

● LSW4 configuration file

#
sysname LSW4
#
vlan batch 10 30 100 200
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
sep segment 3
control-vlan 30
block port hop 5
tc-notify segment 1
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 30 100
stp disable
sep segment 3 edge primary
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1
#
return

● LSW5 configuration file

#
sysname LSW5
#
vlan batch 10 100 200 300
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 300
port hybrid tagged vlan 100 200
port hybrid untagged vlan 300
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid tagged vlan 10 100 200 300
stp disable
sep segment 1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 943

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

#
return
● LSW6 configuration file
#
sysname LSW6
#
vlan batch 20 200
#
sep segment 2
control-vlan 20
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 20 200
stp disable
sep segment 2
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 20 200
stp disable
sep segment 2
#
return
● LSW7 configuration file
#
sysname LSW7
#
vlan batch 20 200
#
sep segment 2
control-vlan 20
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 20 200
stp disable
sep segment 2
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 20 200
stp disable
sep segment 2
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid tagged vlan 200
#
return
● LSW8 configuration file
#
sysname LSW8
#
vlan batch 20 200
#
sep segment 2
control-vlan 20
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 20 200
stp disable
sep segment 2

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 944

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 20 200
stp disable
sep segment 2
#
return
● LSW9 configuration file
#
sysname LSW9
#
vlan batch 30 100
#
sep segment 3
control-vlan 30
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 30 100
stp disable
sep segment 3
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 30 100
stp disable
sep segment 3
#
return
● LSW10 configuration file
#
sysname LSW10
#
vlan batch 30 100
#
sep segment 3
control-vlan 30
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 30 100
stp disable
sep segment 3
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 30 100
stp disable
sep segment 3
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid tagged vlan 100
#
return
● LSW11 configuration file
#
sysname LSW11
#
vlan batch 30 100
#
sep segment 3
control-vlan 30
protected-instance 0 to 48

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 945

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 30 100
stp disable
sep segment 3
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 30 100
stp disable
sep segment 3
#
return
● CE1 configuration file
#
sysname CE1
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 100
#
return
● CE2 configuration file
#
sysname CE2
#
vlan batch 200
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 200
#
return

Related Content
Videos
Configuring SEP

17.11.3 Example for Configuring a Hybrid SEP+MSTP Ring

Network
Networking Requirements
Generally, redundant links are used to connect an Ethernet switching network to
an upper-layer network to provide link backup and enhance network reliability.
The use of redundant links, however, may produce loops, causing broadcast storms
and rendering the MAC address table unstable. As a result, communication quality
deteriorates, and services may even be interrupted. SEP can be deployed on the
ring network to eliminate loops and restore communication if a link fault occurs.

NOTE

In this example, devices at the aggregation layer run the MSTP protocol.

In Figure 17-20, multiple Layer 2 switching devices form a ring at the access layer,
and multiple Layer 3 devices form a ring at the aggregation layer. The two devices

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 946

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

where the access layer and the aggregation layer are intersected do not support
SEP. You can configure SEP at the access layer to implement redundancy
protection switching and configure the topology change notification function on
an edge device in a SEP segment. This function enables an upper-layer network to
detect topology changes in a lower-layer network in time.
● When there is no faulty link on the ring network, SEP can eliminate loops.
● When a link fails on the ring network, SEP can rapidly restore communication
between nodes.
● The topology change notification function must be configured on an edge
device in a SEP segment. This enables an upper-layer network to detect
topology changes in a lower-layer network in time.
After receiving a message indicating the topology change in a lower-layer
network, a device on an upper-layer network sends TC packets to instruct other
devices to delete original MAC addresses and learn new MAC addresses after the
topology of the lower-layer network changes. This ensures uninterrupted traffic
forwarding.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 947

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Figure 17-20 Networking diagram of a hybrid-ring SEP network

IP/MPLS Core
Core

GE0/0/2
GE0/0/3 GE0/0/3
GE0/0/2 PE4
Aggregation

PE3
GE0/0/1
GE0/0/1

MSTP

GE0/0/2 PE1 PE2 GE0/0/2

GE0/0/3
GE0/0/1 Do not Support SEP GE0/0/1
GE0/0/1 GE0/0/1
SEP
LSW1 Segment1 LSW2

GE0/0/2 GE0/0/2

GE0/0/2 GE0/0/1
Access

GE0/0/3 LSW3

GE0/0/1
CE
No-neighbor Primary Edge Port
No-neighbor Secondary Edge Port
VLAN100 Block Port(SEP)
Block Port(MSTP)

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic SEP functions.
a. Configure SEP segment 1 on LSW1 to LSW3 and configure VLAN 10 as
the control VLAN of SEP segment 1.
b. Add LSW1 to LSW3 to SEP segment 1 and configure interface roles on
the edge devices (LSW1 and LSW2) of the SEP segment.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 948

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

NOTE

PE1 and PE2 do not support the SEP protocol; therefore, the interfaces of LSW1
and LSW2 connected to the PEs must be no-neighbor edge interfaces.
c. On the device where the no-neighbor primary edge interface is located,
specify the interface in the middle of the SEP segment as the interface to
block.
d. Configure manual preemption.
e. Configure the topology change notification function so that the upper-
layer network running MSTP can be notified of topology changes in the
SEP segment.
2. Configure basic MSTP functions.
a. Add LSW1, LSW2, PE1 to PE4 to an MST region RG1.
b. Create VLANs on LSW1, LSW2, PE1 to PE4 and add interfaces on the STP
ring to the VLANs.
c. Configure PE3 as the root bridge and PE4 as the backup root bridge.
3. Configure the Layer 2 forwarding function on CE and LSW1 to LSW3.

Procedure
Step 1 Configure basic SEP functions.
1. Configure SEP segment 1 on LSW1 to LSW3 and configure VLAN 10 as the
control VLAN of SEP segment 1.
# Configure LSW1.
<HUAWEI> system-view
[HUAWEI] sysname LSW1
[LSW1] sep segment 1
[LSW1-sep-segment1] control-vlan 10
[LSW1-sep-segment1] protected-instance all
[LSW1-sep-segment1] quit

# Configure LSW2.
<HUAWEI> system-view
[HUAWEI] sysname LSW2
[LSW2] sep segment 1
[LSW2-sep-segment1] control-vlan 10
[LSW2-sep-segment1] protected-instance all
[LSW2-sep-segment1] quit

# Configure LSW3.
<HUAWEI> system-view
[HUAWEI] sysname LSW3
[LSW3] sep segment 1
[LSW3-sep-segment1] control-vlan 10
[LSW3-sep-segment1] protected-instance all
[LSW3-sep-segment1] quit

NOTE

– The control VLAN must be a VLAN that has not been created or used, but the
configuration file automatically displays the command for creating the VLAN.
– Each SEP segment must be configured with a control VLAN. After an interface is
added to a SEP segment configured with a control VLAN, the interface will be
automatically added to the control VLAN.
2. Add LSW1 to LSW3 to SEP segment 1 and configure interface roles.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 949

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

NOTE

By default, STP is enabled on a Layer 2 interface. Before adding an interface to a SEP

segment, disable STP on the interface.
# Configure LSW1.
[LSW1] interface gigabitethernet 0/0/1
[LSW1-GigabitEthernet0/0/1] port link-type hybrid
[LSW1-GigabitEthernet0/0/1] sep segment 1 edge no-neighbor primary
[LSW1-GigabitEthernet0/0/1] quit
[LSW1] interface gigabitethernet 0/0/2
[LSW1-GigabitEthernet0/0/2] port link-type hybrid
[LSW1-GigabitEthernet0/0/2] stp disable
[LSW1-GigabitEthernet0/0/2] sep segment 1
[LSW1-GigabitEthernet0/0/2] quit

# Configure LSW2.
[LSW2] interface gigabitethernet 0/0/1
[LSW2-GigabitEthernet0/0/1] port link-type hybrid
[LSW2-GigabitEthernet0/0/1] sep segment 1 edge no-neighbor secondary
[LSW2-GigabitEthernet0/0/1] quit
[LSW2] interface gigabitethernet 0/0/2
[LSW2-GigabitEthernet0/0/2] port link-type hybrid
[LSW2-GigabitEthernet0/0/2] stp disable
[LSW2-GigabitEthernet0/0/2] sep segment 1
[LSW2-GigabitEthernet0/0/2] quit

# Configure LSW3.
[LSW3] interface gigabitethernet 0/0/1
[LSW3-GigabitEthernet0/0/1] port link-type hybrid
[LSW3-GigabitEthernet0/0/1] stp disable
[LSW3-GigabitEthernet0/0/1] sep segment 1
[LSW3-GigabitEthernet0/0/1] quit
[LSW3] interface gigabitethernet 0/0/2
[LSW3-GigabitEthernet0/0/2] port link-type hybrid
[LSW3-GigabitEthernet0/0/2] stp disable
[LSW3-GigabitEthernet0/0/2] sep segment 1
[LSW3-GigabitEthernet0/0/2] quit

3. Specify an interface to block.

# On LSW1 where the no-neighbor primary edge interface of SEP segment 1
is located, specify the interface in the middle of the SEP segment as the
interface to block.
[LSW1] sep segment 1
[LSW1-sep-segment1] block port middle

4. Configure the preemption mode.

# Configure the manual preemption mode on LSW1.
[LSW1-sep-segment1] preempt manual

5. Configure the topology change notification function.

# Configure devices in SEP segment 1 to notify the MSTP network of topology
changes.
# Configure LSW1.
[LSW1-sep-segment1] tc-notify stp
[LSW1-sep-segment1] quit

# Configure LSW2.
[LSW2] sep segment 1
[LSW2-sep-segment1] tc-notify stp
[LSW2-sep-segment1] quit

Step 2 Configure basic MSTP functions.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 950

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

1. Configure an MST region.

# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] stp region-configuration
[PE1-mst-region] region-name RG1
[PE1-mst-region] active region-configuration
[PE1-mst-region] quit

# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] stp region-configuration
[PE2-mst-region] region-name RG1
[PE2-mst-region] active region-configuration
[PE2-mst-region] quit

# Configure PE3.
<HUAWEI> system-view
[HUAWEI] sysname PE3
[PE3] stp region-configuration
[PE3-mst-region] region-name RG1
[PE3-mst-region] active region-configuration
[PE3-mst-region] quit

# Configure PE4.
<HUAWEI> system-view
[HUAWEI] sysname PE4
[PE4] stp region-configuration
[PE4-mst-region] region-name RG1
[PE4-mst-region] active region-configuration
[PE4-mst-region] quit

# Configure LSW1.
[LSW1] stp region-configuration
[LSW1-mst-region] region-name RG1
[LSW1-mst-region] active region-configuration
[LSW1-mst-region] quit

# Configure LSW2.
[LSW2] stp region-configuration
[LSW2-mst-region] region-name RG1
[LSW2-mst-region] active region-configuration
[LSW2-mst-region] quit

2. Create VLANs and add interfaces to VLANs.

# On PE1, create VLAN 100 and add GE0/0/1, GE0/0/2, and GE0/0/3 to VLAN
100.
[PE1] vlan 100
[PE1-vlan100] quit
[PE1] interface gigabitethernet 0/0/1
[PE1-GigabitEthernet0/0/1] port link-type hybrid
[PE1-GigabitEthernet0/0/1] port hybrid tagged vlan 100
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] port link-type hybrid
[PE1-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface gigabitethernet 0/0/3
[PE1-GigabitEthernet0/0/3] port link-type hybrid
[PE1-GigabitEthernet0/0/3] port hybrid tagged vlan 100
[PE1-GigabitEthernet0/0/3] quit

# On PE2, PE3, and PE4, create VLAN 100 and add GE0/0/1, GE0/0/2, and
GE0/0/3 to VLAN 100.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 951

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

The configurations of PE2, PE3, and PE4 are similar to the configuration of
PE1. For details about the configuration, see the configuration files.
# On LSW1 and LSW2, create VLAN 100 and add GE0/0/1 to VLAN 100. The
configurations of LSW1 and LSW2 are similar to the configuration of PE1. For
details about the configuration, see the configuration files.
3. Enable MSTP.
# Configure PE1.
[PE1] stp enable

# Configure PE2.
[PE2] stp enable

# Configure PE3.
[PE3] stp enable

# Configure PE4.
[PE4] stp enable

# Configure LSW1.
[LSW1] stp enable

# Configure LSW2.
[LSW2] stp enable

4. Configure PE3 as the root bridge and PE4 as the backup root bridge.
# Set the priority of PE3 to 0 in MSTI0 to ensure that PE3 functions as the
root bridge.
[PE3] stp root primary

# Set the priority of PE4 to 4096 in MSTI0 to ensure that PE4 functions as the
backup root bridge.
[PE4] stp root secondary

Step 3 Configure the Layer 2 forwarding function on the CE and LSW1 to LSW3.
For details about the configuration, see the configuration files.
Step 4 Verify the configuration.
After the configurations are complete and network becomes stable, run the
following commands to verify the configuration. LSW1 is used as an example.
● Run the shutdown command on GE0/0/1 of LSW2 to simulate an interface
fault, and then run the display sep interface command on LSW3 to check
whether GE0/0/2 of LSW3 has switched from the Discarding state to the
Forwarding state.
<LSW3> display sep interface gigabitethernet 0/0/2
SEP segment 1
----------------------------------------------------------------
Interface Port Role Neighbor Status Port Status
----------------------------------------------------------------
GE0/0/2 common up forwarding

----End

Configuration Files
● LSW1 configuration file
#
sysname LSW1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 952

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

#
vlan batch 10 100
#
stp region-configuration
region-name RG1
active region-configuration
#
sep segment 1
control-vlan 10
block port middle
tc-notify stp
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 10 100
sep segment 1 edge no-neighbor primary
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
return
● LSW2 configuration file
#
sysname LSW2
#
vlan batch 10 100
#
stp region-configuration
region-name RG1
active region-configuration
#
sep segment 1
control-vlan 10
tc-notify stp
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 10 100
sep segment 1 edge no-neighbor secondary
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
return
● LSW3 configuration file
#
sysname LSW3
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 953

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid tagged vlan vlan 100
#
return
● PE1 configuration file
#
sysname PE1
#
vlan batch 100
#
stp region-configuration
region-name RG1
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 100
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 100
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid tagged vlan 100
#
return
● PE2 configuration file
#
sysname PE2
#
vlan batch 100
#
stp region-configuration
region-name RG1
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 100
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 100
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid tagged vlan 100
#
return
● PE3 configuration file
#
sysname PE3
#
vlan batch 100 200
#
stp instance 0 root primary
#
stp region-configuration
region-name RG1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 954

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

active region-configuration
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 100
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 100 200
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid pvid vlan 200
port hybrid tagged vlan 100
port hybrid untagged vlan 200
#
return
● PE4 configuration file
#
sysname PE4
#
vlan batch 100 200
#
stp instance 0 root secondary
#
stp region-configuration
region-name RG1
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 100
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 100 200
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid pvid vlan 200
port hybrid tagged vlan 100
port hybrid untagged vlan 200
#
return
● CE configuration file
#
sysname CE
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 100
#
return

Related Content
Videos
Configuring SEP

17.11.4 Example for Configuring a Hybrid SEP+RRPP Ring

Network

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 955

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Networking Requirements
Generally, redundant links are used to connect an Ethernet switching network to
an upper-layer network to provide link backup and enhance network reliability.
The use of redundant links, however, may produce loops, causing broadcast storms
and rendering the MAC address table unstable. As a result, communication quality
deteriorates, and services may even be interrupted. SEP can be deployed on the
ring network to eliminate loops and restore communication if a link fault occurs.

In this example, you can configure SEP at the access layer to implement
redundancy protection switching and configure the topology change notification
function on an edge device in a SEP segment. This enables an upper-layer network
to detect topology changes in a lower-layer network in time.

Figure 17-21 Hybrid rings running SEP and RRPP

Network

NPE1 NPE2

GE0/0/2
GE0/0/3 GE0/0/3
GE0/0/2 PE4
Aggregation

PE3
GE0/0/1
GE0/0/1

RRPP

GE0/0/2 PE1 PE2 GE0/0/2

GE0/0/3
GE0/0/1 GE0/0/1
GE0/0/1 GE0/0/1
SEP
LSW1 Segment1 LSW2

GE0/0/2 GE0/0/2

GE0/0/2 GE0/0/1
Access

LSW3
GE0/0/3

GE0/0/1
CE
Primary Edge Port
Secondary Edge Port
VLAN100 Block Port(SEP)
Block Port(RRPP)

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 956

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

In Figure 17-21, multiple Layer 2 switching devices at the access layer and
aggregation layer form a ring network to access the core layer. RRPP has been
configured at the aggregation layer to eliminate loops. In this case, SEP needs to
run at the access layer to implement the following functions:

● Eliminates loops when there is no faulty link on the ring network.

● Rapidly restores communication between nodes when a link fault occurs on
the ring network.
● Provides the topology change notification function on an edge device in a SEP
segment. This function enables an upper-layer network to detect topology
changes in a lower-layer network in time.
After receiving a message indicating the topology change in a lower-layer
network, a device on an upper-layer network sends TC packets to instruct
other devices to delete original MAC addresses and learn new MAC addresses
after the topology of the lower-layer network changes. This ensures
uninterrupted traffic forwarding.

Configuration Roadmap
The configuration roadmap is as follows:

1. Configure basic SEP functions.

a. Configure SEP segment 1 on PE1, PE2, and LSW1 to LSW3 and configure
VLAN 10 as the control VLAN of SEP segment 1.
b. Add PE1, PE2, and LSW1 to LSW3 to SEP segment 1, and configure
interface roles on edge devices (PE1 and PE2) of the SEP segment.
c. Set an interface blocking mode on the device where a primary edge
interface is located to specify an interface to block.
d. Configure the preemption mode to ensure that the specified interface is
blocked when a fault is rectified.
e. Configure the topology change notification function so that the topology
change in the local SEP segment can be notified to the upper-layer
network where RRPP is enabled.
2. Configure basic RRPP functions.
a. Add PE1 to PE4 to RRPP domain 1, create control VLAN 5 on PE1 to PE4,
and configure a protected VLAN.
b. Configure PE1 as the master node and PE2 to PE4 as transit nodes on the
major ring, and configure the primary and secondary interfaces of the
major ring.
c. Create a VLAN on PE1 to PE4, and add the interfaces on the RRPP ring
network to the VLAN.
3. Configure the Layer 2 forwarding function on the CE, LSW1 to LSW3, and PE1
to PE4.

Procedure
Step 1 Configure basic SEP functions.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 957

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

1. Configure SEP segment 1 on PE1, PE2, and LSW1 to LSW3 and configure
VLAN 10 as the control VLAN of SEP segment 1.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] sep segment 1
[PE1-sep-segment1] control-vlan 10
[PE1-sep-segment1] protected-instance all
[PE1-sep-segment1] quit

# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] sep segment 1
[PE2-sep-segment1] control-vlan 10
[PE2-sep-segment1] protected-instance all
[PE2-sep-segment1] quit

# Configure LSW1.
<HUAWEI> system-view
[HUAWEI] sysname LSW1
[LSW1] sep segment 1
[LSW1-sep-segment1] control-vlan 10
[LSW1-sep-segment1] protected-instance all
[LSW1-sep-segment1] quit

# Configure LSW2.
<HUAWEI> system-view
[HUAWEI] sysname LSW2
[LSW2] sep segment 1
[LSW2-sep-segment1] control-vlan 10
[LSW2-sep-segment1] protected-instance all
[LSW2-sep-segment1] quit

# Configure LSW3.
<HUAWEI> system-view
[HUAWEI] sysname LSW3
[LSW3] sep segment 1
[LSW3-sep-segment1] control-vlan 10
[LSW3-sep-segment1] protected-instance all
[LSW3-sep-segment1] quit

2. Add PE1, PE2, and LSW1 to LSW3 to SEP segment 1 and configure interface
roles.
NOTE

By default, STP is enabled on an interface. Before adding an interface to a SEP

segment, disable STP on the interface.
# Configure PE1.
[PE1] interface gigabitethernet 0/0/1
[PE1-GigabitEthernet0/0/1] port link-type trunk
[PE1-GigabitEthernet0/0/1] stp disable
[PE1-GigabitEthernet0/0/1] sep segment 1 edge primary
[PE1-GigabitEthernet0/0/1] quit

# Configure LSW1.
[LSW1] interface gigabitethernet 0/0/1
[LSW1-GigabitEthernet0/0/1] port link-type trunk
[LSW1-GigabitEthernet0/0/1] stp disable
[LSW1-GigabitEthernet0/0/1] sep segment 1
[LSW1-GigabitEthernet0/0/1] quit
[LSW1] interface gigabitethernet 0/0/2
[LSW1-GigabitEthernet0/0/2] port link-type trunk
[LSW1-GigabitEthernet0/0/2] stp disable
[LSW1-GigabitEthernet0/0/2] sep segment 1
[LSW1-GigabitEthernet0/0/2] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 958

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

# Configure LSW2.
[LSW2] interface gigabitethernet 0/0/1
[LSW2-GigabitEthernet0/0/1] port link-type trunk
[LSW2-GigabitEthernet0/0/1] stp disable
[LSW2-GigabitEthernet0/0/1] sep segment 1
[LSW2-GigabitEthernet0/0/1] quit
[LSW2] interface gigabitethernet 0/0/2
[LSW2-GigabitEthernet0/0/2] port link-type trunk
[LSW2-GigabitEthernet0/0/2] stp disable
[LSW2-GigabitEthernet0/0/2] sep segment 1
[LSW2-GigabitEthernet0/0/2] quit

# Configure LSW3.
[LSW3] interface gigabitethernet 0/0/1
[LSW3-GigabitEthernet0/0/1] port link-type trunk
[LSW3-GigabitEthernet0/0/1] stp disable
[LSW3-GigabitEthernet0/0/1] sep segment 1
[LSW3-GigabitEthernet0/0/1] quit
[LSW3] interface gigabitethernet 0/0/2
[LSW3-GigabitEthernet0/0/2] port link-type trunk
[LSW3-GigabitEthernet0/0/2] stp disable
[LSW3-GigabitEthernet0/0/2] sep segment 1
[LSW3-GigabitEthernet0/0/2] quit

# Configure PE2.
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] port link-type trunk
[PE2-GigabitEthernet0/0/1] stp disable
[PE2-GigabitEthernet0/0/1] sep segment 1 edge secondary
[PE2-GigabitEthernet0/0/1] quit

After completing the preceding configurations, run the display sep topology
command on PE1 to view the topology of the SEP segment. The command
output shows that the blocked interface is one of the two interfaces that
complete neighbor negotiations last.
[PE1] display sep topology
SEP segment 1
-------------------------------------------------------------------------
System Name Port Name Port Role Port Status Hop
-------------------------------------------------------------------------
PE1 GE0/0/1 primary forwarding 1
LSW1 GE0/0/1 common forwarding 2
LSW1 GE0/0/2 common forwarding 3
LSW3 GE0/0/2 common forwarding 4
LSW3 GE0/0/1 common forwarding 5
LSW2 GE0/0/2 common forwarding 6
LSW2 GE0/0/1 common forwarding 7
PE2 GE0/0/1 secondary discarding 8

3. Set an interface blocking mode.

# In SEP segment 1, block the interface in the middle of the SEP segment on
PE1 where the primary edge interface resides.
[PE1] sep segment 1
[PE1-sep-segment1] block port middle

4. Set the preemption mode.

# In SEP segment 1, set manual preemption on PE1 where the primary edge
interface resides.
[PE1-sep-segment1] preempt manual

5. Configure the topology change notification function.

# Configure devices in SEP segment 1 to notify topology changes to the RRPP
ring network.
# Configure PE1.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 959

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

[PE1-sep-segment1] tc-notify rrpp

[PE1-sep-segment1] quit
# Configure PE2.
[PE2] sep segment 1
[PE2-sep-segment1] tc-notify rrpp
[PE2-sep-segment1] quit

After the preceding configurations are successful, perform the following

operations to verify the configurations. PE1 is used as an example.
● Run the display sep topology command on PE1 to view the topology of the
SEP segment.
The command output shows that the status of GE 0/0/2 on LSW3 is
discarding and the status of the other interfaces is forwarding.
[PE1] display sep topology
SEP segment 1
-------------------------------------------------------------------------
System Name Port Name Port Role Port Status Hop
-------------------------------------------------------------------------
PE1 GE0/0/1 primary forwarding 1
LSW1 GE0/0/1 common forwarding 2
LSW1 GE0/0/2 common forwarding 3
LSW3 GE0/0/2 common discarding 4
LSW3 GE0/0/1 common forwarding 5
LSW2 GE0/0/2 common forwarding 6
LSW2 GE0/0/1 common forwarding 7
PE2 GE0/0/1 secondary forwarding 8
● Run the display sep interface verbose command on PE1 to view detailed
information about the interfaces added to the SEP segment.
[PE1] display sep interface verbose
SEP segment 1
Control-vlan :10
Preempt Delay Timer :0
TC-Notify Propagate to :rrpp
----------------------------------------------------------------
Interface :GE0/0/1
Port Role :Config = primary / Active = primary
Port Priority :64
Port Status :forwarding
Neighbor Status :up
Neighbor Port :LSW1 - GE0/0/1 (00e0-0829-7c00.0000)
NBR TLV rx :2124 tx :2126
LSP INFO TLV rx :2939 tx :135
LSP ACK TLV rx :113 tx :768
PREEMPT REQ TLV rx :0 tx :3
PREEMPT ACK TLV rx :3 tx :0
TC Notify rx :5 tx :3
EPA rx :363 tx :397

Step 2 Configure basic RRPP functions.

1. Add PE1 to PE4 to RRPP domain 1, create control VLAN 5 on PE1 to PE4, and
configure a protected VLAN.
# Configure PE1.
[PE1] stp region-configuration
[PE1-mst-region] instance 1 vlan 5 6 100
[PE1-mst-region] active region-configuration
[PE1-mst-region] quit
[PE1] rrpp domain 1
[PE1-rrpp-domain-region1] control-vlan 5
[PE1-rrpp-domain-region1] protected-vlan reference-instance 1
# Configure PE2.
[PE2] stp region-configuration

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 960

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

[PE2-mst-region] instance 1 vlan 5 6 100

[PE2-mst-region] active region-configuration
[PE2-mst-region] quit
[PE2] rrpp domain 1
[PE2-rrpp-domain-region1] control-vlan 5
[PE2-rrpp-domain-region1] protected-vlan reference-instance 1
# Configure PE3.
[PE3] stp region-configuration
[PE3-mst-region] instance 1 vlan 5 6 100
[PE3-mst-region] active region-configuration
[PE3-mst-region] quit
[PE3] rrpp domain 1
[PE3-rrpp-domain-region1] control-vlan 5
[PE3-rrpp-domain-region1] protected-vlan reference-instance 1
# Configure PE4.
[PE4] stp region-configuration
[PE4-mst-region] instance 1 vlan 5 6 100
[PE4-mst-region] active region-configuration
[PE4-mst-region] quit
[PE4] rrpp domain 1
[PE4-rrpp-domain-region1] control-vlan 5
[PE4-rrpp-domain-region1] protected-vlan reference-instance 1
2. Create a VLAN and add interfaces on the ring network to the VLAN.
# Create VLAN 100 on PE1, and add GE 0/0/1, GE 0/0/2, and GE 0/0/3 to
VLAN 100.
[PE1] vlan 100
[PE1-vlan100] quit
[PE1] interface gigabitethernet 0/0/1
[PE1-GigabitEthernet0/0/1] stp disable
[PE1-GigabitEthernet0/0/1] port link-type trunk
[PE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] stp disable
[PE1-GigabitEthernet0/0/2] port link-type trunk
[PE1-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface gigabitethernet 0/0/3
[PE1-GigabitEthernet0/0/3] stp disable
[PE1-GigabitEthernet0/0/3] port link-type trunk
[PE1-GigabitEthernet0/0/3] port trunk allow-pass vlan 100
[PE1-GigabitEthernet0/0/3] quit
# Create VLAN 100 on PE2, and add GE 0/0/1, GE 0/0/2, and GE 0/0/3 to
VLAN 100.
[PE2] vlan 100
[PE2-vlan100] quit
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] stp disable
[PE2-GigabitEthernet0/0/1] port link-type trunk
[PE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[PE2-GigabitEthernet0/0/1] quit
[PE2] interface gigabitethernet 0/0/2
[PE2-GigabitEthernet0/0/2] stp disable
[PE2-GigabitEthernet0/0/2] port link-type trunk
[PE2-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[PE2-GigabitEthernet0/0/2] quit
[PE2] interface gigabitethernet 0/0/3
[PE2-GigabitEthernet0/0/3] stp disable
[PE2-GigabitEthernet0/0/3] port link-type trunk
[PE2-GigabitEthernet0/0/3] port trunk allow-pass vlan 100
[PE2-GigabitEthernet0/0/3] quit
# Create VLAN 100 on PE3, and add GE 0/0/1 and GE 0/0/2 to VLAN 100.
[PE3] vlan 100

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 961

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

[PE3-vlan100] quit
[PE3] interface gigabitethernet 0/0/1
[PE3-GigabitEthernet0/0/1] stp disable
[PE3-GigabitEthernet0/0/1] port link-type trunk
[PE3-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[PE3-GigabitEthernet0/0/1] quit
[PE3] interface gigabitethernet 0/0/2
[PE3-GigabitEthernet0/0/2] stp disable
[PE3-GigabitEthernet0/0/2] port link-type trunk
[PE3-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[PE3-GigabitEthernet0/0/2] quit

# Create VLAN 100 on PE4, and add GE 0/0/1 and GE 0/0/2 to VLAN 100.
[PE4] vlan 100
[PE4-vlan100] quit
[PE4] interface gigabitethernet 0/0/1
[PE4-GigabitEthernet0/0/1] stp disable
[PE4-GigabitEthernet0/0/1] port link-type trunk
[PE4-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[PE4-GigabitEthernet0/0/1] quit
[PE4] interface gigabitethernet 0/0/2
[PE4-GigabitEthernet0/0/2] stp disable
[PE4-GigabitEthernet0/0/2] port link-type trunk
[PE4-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[PE4-GigabitEthernet0/0/2] quit

3. Configure PE1 as the master node and PE2 to PE4 as transit nodes on the
major ring, and configure the primary and secondary interfaces of the major
ring.
# Configure PE1.
[PE1] rrpp domain 1
[PE1-rrpp-domain-region1] ring 1 node-mode master primary-port gigabitethernet0/0/2
secondary-port gigabitethernet0/0/3 level 0
[PE1-rrpp-domain-region1] ring 1 enable

# Configure PE2.
[PE2] rrpp domain 1
[PE2-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet0/0/2
secondary-port gigabitethernet0/0/3 level 0
[PE2-rrpp-domain-region1] ring 1 enable

# Configure PE3.
[PE3] rrpp domain 1
[PE3-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet0/0/1
secondary-port gigabitethernet0/0/2 level 0
[PE3-rrpp-domain-region1] ring 1 enable

# Configure PE4.
[PE4] rrpp domain 1
[PE4-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet0/0/1
secondary-port gigabitethernet0/0/2 level 0
[PE4-rrpp-domain-region1] ring 1 enable

4. Enable RRPP.
# Configure PE1.
[PE1] rrpp enable

# Configure PE2.
[PE2] rrpp enable

# Configure PE3.
[PE3] rrpp enable

# Configure PE4.
[PE4] rrpp enable

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 962

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

After completing the preceding configurations, run the display rrpp brief or
display rrpp verbose domain command on PE1 to check the RRPP configuration.
[PE1] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge

RRPP Protocol Status: Enable

RRPP Working Mode: HW
RRPP Linkup Delay Timer: 0 sec (0 sec default)
Number of RRPP Domains: 1

Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
Ring Ring Node Primary/Common Secondary/Edge Is
ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
1 0 M GigabitEthernet0/0/2 GigabitEthernet0/0/3 Yes

The command output shows that RRPP is enabled on PE1. In domain 1, VLAN 5 is
the major control VLAN, VLAN 6 is the sub-control VLAN, Instance 1 is the
protected VLAN, and PE1 is the master node in major ring 1 with the primary and
secondary interfaces as GigabitEthernet0/0/2 and GigabitEthernet0/0/3
respectively.
[PE1] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

RRPP Ring :1
Ring Level :0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet0/0/2 Port status: UP
Secondary port : GigabitEthernet0/0/3 Port status: BLOCKED

The command output shows that in domain 1, VLAN 5 is the major control VLAN,
VLAN 6 is the sub-control VLAN, Instance 1 is the protected VLAN, PE1 is the
master node in major ring 1 with the primary and secondary interfaces as
GigabitEthernet0/0/2 and GigabitEthernet0/0/3 respectively, and the node status is
Complete.

Step 3 Configure the Layer 2 forwarding function on the CE, LSW1 to LSW3, and PE1 to
PE4.

For the configuration details, see the configuration files.

Step 4 Verify the configuration.

After the previous configurations, run the following commands to verify the
configuration when the network is stable. LSW1 is used as an example.

● Run the shutdown command on GE0/0/1 of LSW2 to simulate an interface

fault, and then run the display sep interface command on LSW3 to check
whether the status of GE0/0/2 changes from blocked to forwarding.
[LSW3] display sep interface gigabitethernet 0/0/2
SEP segment 1
----------------------------------------------------------------
Interface Port Role Neighbor Status Port Status

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 963

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

----------------------------------------------------------------
GE0/0/2 common up forwarding

----End

Configuration Files
● LSW1 configuration file
#
sysname LSW1
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
#
return

● LSW2 configuration file

#
sysname LSW2
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
#
return

● LSW3 configuration file

#
sysname LSW3
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 964

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

stp disable
sep segment 1
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 100
#
return
● PE1 configuration file
#
sysname PE1
#
vlan batch 5 to 6 10 100
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode master primary-port GigabitEthernet 0/0/2 secondary-port GigabitEthernet 0/0/3
level 0
ring 1 enable
#
sep segment 1
control-vlan 10
block port middle
tc-notify rrpp
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1 edge primary
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 5 to 6 100
stp disable
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 5 to 6 100
stp disable
#
return
● PE2 configuration file
#
sysname PE2
#
vlan batch 5 to 6 10 100
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100
active region-configuration
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 965

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet 0/0/2 secondary-port GigabitEthernet 0/0/3
level 0
ring 1 enable
#
sep segment 1
control-vlan 10
tc-notify rrpp
protected-instance 0 to 48
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1 edge secondary
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 5 to 6 100
stp disable
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 5 to 6 100
stp disable
#
return
● PE3 configuration file
#
sysname PE3
#
vlan batch 5 to 6 100 200
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet 0/0/1 secondary-port GigabitEthernet 0/0/2
level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 5 to 6 100 200
stp disable
#
interface GigabitEthernet0/0/3
port link-type trunk
port default vlan 200
port trunk allow-pass vlan 5 to 6 100
#
return
● PE4 configuration file
#
sysname PE4
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 966

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

vlan batch 5 to 6 100 200

#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet 0/0/1 secondary-port GigabitEthernet 0/0/2
level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 5 to 6 100 200
stp disable
#
interface GigabitEthernet0/0/3
port link-type trunk
port default vlan 200
port trunk allow-pass vlan 5 to 6 100
#
return

● CE1 configuration file

#
sysname CE1
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
return

Related Content
Videos

Configuring SEP

17.11.5 Example for Configuring SEP Multi-Instance

Networking Requirements
On a closed ring network, two SEP segments are configured to process different
VLAN services, implement load balancing, and provide link backup.

In typical SEP networking, a physical ring can be configured with only one SEP
segment in which only one interface can be blocked. If an interface in a complete
SEP segment is blocked, all service data is transmitted only along the path where
the primary edge interface is located. The path where the secondary edge
interface is located remains idle, wasting bandwidth.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 967

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

To improve bandwidth efficiency and implement traffic load balancing, Huawei

develops SEP multi-instance.

Figure 17-22 SEP multi-instance on a closed ring network

IP/MPLS Core
NPE1 NPE2
Core

/0/3 GE0/
0/3
GE0/0/2 GE0 GE0/0/2
LSW1 LSW4
GE0/0/1
GE0/0/1
Aggregation

P2 P1
GE0/0/1 GE0/0/1
LSW2 GE LSW3
0 /0/ /0/2
GE0/0/3 2 GE0 GE0/0/3

GE0/0/1 GE0/0/1
CE1 CE2
Access

Instance1: Instance2:
VLAN 100~300 VLAN 301~500

SEP Segment1
SEP Segment2
Primary Edge Port
Secondary Edge Port
Block Port

In Figure 17-22, a ring network comprising Layer 2 switches (LSW1 to LSW5) is

connected to the network. SEP runs at the aggregation layer. SEP multi-instance is
configured on LSW1 to LSW4 to allow for two SEP segments to improve
bandwidth efficiency, implement load balancing, and provide link backup.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 968

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic SEP functions.
a. Create two SEP segments and a control VLAN on LSW1 to LSW4.
Different SEP segments can use the same control VLAN.
b. Configure SEP protected instances, and set mappings between SEP
protected instances and user VLANs to ensure that topology changes
affect only corresponding VLANs.
c. Add all the devices on the ring network to the SEP segments, and
configure GE0/0/1 as the primary edge interface and GE0/0/3 as the
secondary edge interface on LSW1.
d. Configure an interface blocking mode on the device where the primary
edge interface resides.
e. Configure the preemption mode to ensure that the specified interface is
blocked when a fault is rectified.
2. Configure the Layer 2 forwarding function on CE1, CE2, and LSW1 to LSW4.

Procedure
Step 1 Configure basic SEP functions.
● Configure SEP segment 1 and control VLAN 10.
# Configure LSW1.
<HUAWEI> system-view
[HUAWEI] sysname LSW1
[LSW1] sep segment 1
[LSW1-sep-segment1] control-vlan 10
[LSW1-sep-segment1] quit
# Configure LSW2.
<HUAWEI> system-view
[HUAWEI] sysname LSW2
[LSW2] sep segment1
[LSW2-sep-segment1] control-vlan 10
[LSW2-sep-segment1] quit
# Configure LSW3.
<HUAWEI> system-view
[HUAWEI] sysname LSW3
[LSW3] sep segment 1
[LSW3-sep-segment1] control-vlan 10
[LSW3-sep-segment1] quit
# Configure LSW4.
<HUAWEI> system-view
[HUAWEI] sysname LSW4
[LSW4] sep segment 1
[LSW4-sep-segment1] control-vlan 10
[LSW4-sep-segment1] quit
● Configure SEP segment 2 and control VLAN 10.
# Configure LSW1.
[LSW1] sep segment 2
[LSW1-sep-segment2] control-vlan 10
[LSW1-sep-segment2] quit
# Configure LSW2.
[LSW2] sep segment2
[LSW2-sep-segment2] control-vlan 10

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 969

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

[LSW2-sep-segment2] quit

# Configure LSW3.
[LSW3] sep segment 2
[LSW3-sep-segment2] control-vlan 10
[LSW3-sep-segment2] quit

# Configure LSW4.
[LSW4] sep segment 2
[LSW4-sep-segment2] control-vlan 10
[LSW4-sep-segment2] quit

NOTE

● The control VLAN must be a new one.

● The command used to create a common VLAN is automatically displayed in a
configuration file.
● Each SEP segment must be configured with a control VLAN. After being added to a SEP
segment configured with a control VLAN, an interface is added to the control VLAN
automatically. You do not need to run the port trunk allow-pass vlan command. In the
configuration file, the port trunk allow-pass vlan command, however, is displayed in
the view of the interface added to the SEP segment.

Step 2 Configure SEP protected instances, and configure mappings between SEP
protected instances and user VLANs.

# Configure LSW1.
[LSW1] vlan batch 100 to 500
[LSW1] sep segment 1
[LSW1-sep-segment1] protected-instance 1
[LSW1-sep-segment1] quit
[LSW1] sep segment 2
[LSW1-sep-segment2] protected-instance 2
[LSW1-sep-segment2] quit
[LSW1] stp region-configuration
[LSW1-mst-region] instance 1 vlan 100 to 300
[LSW1-mst-region] instance 2 vlan 301 to 500
[LSW1-mst-region] active region-configuration
[LSW1-mst-region] quit

The configurations of LSW2 to LSW4 are similar to that of LSW1, and are not
mentioned here. For details, see the configuration files.

Step 3 Add all the devices on the ring network to the SEP segments and configure
interface roles.
NOTE
By default, STP is enabled on a Layer 2 interface. Before adding an interface to a SEP
segment, disable STP on the interface.

# On LSW1, configure GE0/0/1 as the primary edge interface and GE0/0/3 as the
secondary edge interface.
[LSW1] interface gigabitethernet 0/0/1
[LSW1-GigabitEthernet0/0/1] port link-type hybrid
[LSW1-GigabitEthernet0/0/1] stp disable
[LSW1-GigabitEthernet0/0/1] sep segment 1 edge primary
[LSW1-GigabitEthernet0/0/1] sep segment 2 edge primary
[LSW1-GigabitEthernet0/0/1] quit
[LSW1] interface gigabitethernet 0/0/3
[LSW1-GigabitEthernet0/0/3] port link-type hybrid
[LSW1-GigabitEthernet0/0/3] stp disable
[LSW1-GigabitEthernet0/0/3] sep segment 1 edge secondary
[LSW1-GigabitEthernet0/0/3] sep segment 2 edge secondary
[LSW1-GigabitEthernet0/0/3] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 970

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

# Configure LSW2.
[LSW2] interface gigabitethernet 0/0/1
[LSW2-GigabitEthernet0/0/1] port link-type hybrid
[LSW2-GigabitEthernet0/0/1] stp disable
[LSW2-GigabitEthernet0/0/1] sep segment 1
[LSW2-GigabitEthernet0/0/1] sep segment 2
[LSW2-GigabitEthernet0/0/1] quit
[LSW2] interface gigabitethernet 0/0/2
[LSW2-GigabitEthernet0/0/2] port link-type hybrid
[LSW2-GigabitEthernet0/0/2] stp disable
[LSW2-GigabitEthernet0/0/2] sep segment 1
[LSW2-GigabitEthernet0/0/2] sep segment 2
[LSW2-GigabitEthernet0/0/2] quit

# Configure LSW3.
[LSW3] interface gigabitethernet 0/0/1
[LSW3-GigabitEthernet0/0/1] port link-type hybrid
[LSW3-GigabitEthernet0/0/1] stp disable
[LSW3-GigabitEthernet0/0/1] sep segment 1
[LSW3-GigabitEthernet0/0/1] sep segment 2
[LSW3-GigabitEthernet0/0/1] quit
[LSW3] interface gigabitethernet 0/0/2
[LSW3-GigabitEthernet0/0/2] port link-type hybrid
[LSW3-GigabitEthernet0/0/2] stp disable
[LSW3-GigabitEthernet0/0/2] sep segment 1
[LSW3-GigabitEthernet0/0/2] sep segment 2
[LSW3-GigabitEthernet0/0/2] quit

# Configure LSW4.
[LSW4] interface gigabitethernet 0/0/1
[LSW4-GigabitEthernet0/0/1] port link-type hybrid
[LSW4-GigabitEthernet0/0/1] stp disable
[LSW4-GigabitEthernet0/0/1] sep segment 1
[LSW4-GigabitEthernet0/0/1] sep segment 2
[LSW4-GigabitEthernet0/0/1] quit
[LSW4] interface gigabitethernet 0/0/3
[LSW4-GigabitEthernet0/0/3] port link-type hybrid
[LSW4-GigabitEthernet0/0/3] stp disable
[LSW4-GigabitEthernet0/0/3] sep segment 1
[LSW4-GigabitEthernet0/0/3] sep segment 2
[LSW4-GigabitEthernet0/0/3] quit

Step 4 Specify an interface to block.

# Configure delayed preemption and block an interface based on the device and
interface names on LSW1 where the primary edge interface is located.
[LSW1] sep segment 1
[LSW1-sep-segment1] block port sysname LSW3 interface gigabitethernet 0/0/1
[LSW1-sep-segment1] preempt delay 15
[LSW1-sep-segment1] quit
[LSW1] sep segment 2
[LSW1-sep-segment2] block port sysname LSW2 interface gigabitethernet 0/0/1
[LSW1-sep-segment2] preempt delay 15
[LSW1-sep-segment2] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 971

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

NOTE

● In this configuration example, an interface fault needs to be simulated and then

rectified to implement delayed preemption. To ensure that delayed preemption takes
effect on the two SEP segments, simulate an interface fault in the two SEP segments.
For example:
– In SEP segment 1, run the shutdown command on GE 0/0/1 of LSW2 to simulate
an interface fault. Then, run the undo shutdown command on GE0/0/1 to
simulate interface fault recovery.
– In SEP segment 2, run the shutdown command on GE 0/0/1 of LSW3 to simulate
an interface fault. Then, run the undo shutdown command on GE0/0/1 to
simulate interface fault recovery.

Step 5 Configure the Layer 2 forwarding function on CE1, CE2, and LSW1 to LSW4.
The configuration details are not mentioned here. For details, see the
configuration files.
Step 6 Verify the configuration.
Simulate a fault, and then check whether the status of the blocked interface
changes from blocked to forwarding.
Run the shutdown command on GE0/0/1 of LSW2 to simulate an interface fault.
Run the display sep interface command on LSW3 to check whether the status of
GE0/0/1 in SEP segment 1 changes from blocked to forwarding.
[LSW3] display sep interface gigabitethernet 0/0/1
SEP segment 1
----------------------------------------------------------------
Interface Port Role Neighbor Status Port Status
----------------------------------------------------------------
GE0/0/1 common up forwarding
SEP segment 2
----------------------------------------------------------------
Interface Port Role Neighbor Status Port Status
----------------------------------------------------------------
GE0/0/1 common up forwarding

The preceding command output shows that the status of GE0/0/1 changes from
blocked to forwarding and the forwarding path change in SEP segment 1 does not
affect the forwarding path in SEP segment 2.

----End

Configuration Files
● LSW1 configuration file
#
sysname LSW1
#
vlan batch 10 100 to 500
#
stp region-configuration
instance 1 vlan 100 to 300
instance 2 vlan 301 to 500
active region-configuration
#
sep segment 1
control-vlan 10
block port sysname LSW3 interface GigabitEthernet0/0/1
preempt delay 15

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 972

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

protected-instance 1
sep segment 2
control-vlan 10
block port sysname LSW2 interface GigabitEthernet0/0/1
preempt delay 15
protected-instance 2
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 10 100 to 500
stp disable
sep segment 1 edge primary
sep segment 2 edge primary
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid tagged vlan 10 100 to 500
stp disable
sep segment 1 edge secondary
sep segment 2 edge secondary
#
return
● LSW2 configuration file
#
sysname LSW2
#
vlan batch 10 100 to 500
#
stp region-configuration
instance 1 vlan 100 to 300
instance 2 vlan 301 to 500
active region-configuration
#
sep segment 1
control-vlan 10
protected-instance 1
sep segment 2
control-vlan 10
protected-instance 2
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 10 100 to 500
stp disable
sep segment 1
sep segment 2
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 10 100 to 500
stp disable
sep segment 1
sep segment 2
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid tagged vlan 100 to 300
#
return
● LSW3 configuration file
#
sysname LSW3
#
vlan batch 10 100 to 500
#
stp region-configuration
instance 1 vlan 100 to 300
instance 2 vlan 301 to 500

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 973

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

active region-configuration
#
sep segment 1
control-vlan 10
protected-instance 1
sep segment 2
control-vlan 10
protected-instance 2
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 10 100 to 500
stp disable
sep segment 1
sep segment 2
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 10 100 to 500
stp disable
sep segment 1
sep segment 2
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid tagged vlan 301 to 500
#
return
● LSW4 configuration file
#
sysname LSW4
#
vlan batch 10 60 100 to 500
#
stp region-configuration
instance 1 vlan 100 to 300
instance 2 vlan 301 to 500
active region-configuration
#
sep segment 1
control-vlan 10
protected-instance 1
sep segment 2
control-vlan 10
protected-instance 2
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 10 100 to 500
stp disable
sep segment 1
sep segment 2
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid tagged vlan 10 100 to 500
stp disable
sep segment 1
sep segment 2
#
return
● CE1 configuration file
#
sysname CE1
#
vlan batch 100 to 300
#
interface GigabitEthernet0/0/1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 974

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 17 SEP Configuration

port link-type hybrid

port hybrid tagged vlan 100 to 300
#
return

● CE2 configuration file

#
sysname CE2
#
vlan batch 301 to 500
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 301 to 500
#
return

Related Content
Videos
Configuring SEP

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 975

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

18 RRPP Configuration

About This Chapter

This chapter describes how to configure the Rapid Ring Protection Protocol (RRPP)
to prevent loops and implement fast convergence on ring networks.

18.1 Overview of RRPP

18.2 Understanding RRPP
18.3 Application Scenarios for RRPP
18.4 Summary of RRPP Configuration Tasks
18.5 Licensing Requirements and Limitations for RRPP
18.6 Default Settings for RRPP
18.7 Configuring RRPP
18.8 Configuring RRPP Snooping
18.9 Clearing RRPP Statistics
18.10 Configuration Examples for RRPP
18.11 Troubleshooting RRPP
18.12 FAQ About RRPP

18.1 Overview of RRPP

Definition
The Rapid Ring Protection Protocol (RRPP) is a link layer protocol used to prevent
loops on an Ethernet ring network.
Once a network is established, RRPP-enabled devices discover and eliminate loops
on the network by blocking certain interfaces. If a network fault occurs, RRPP-

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 976

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

enabled devices unblock blocked interfaces and switch data services to a

functioning link.

Purpose
The ring network topology is applied to metropolitan area networks (MANs) and
enterprise intranets to improve network reliability. If a fault occurs on a node or
on a link between nodes, data services are switched to the backup link to ensure
service. However, broadcast storms may occur on ring networks.
Many protocols can prevent broadcast storms on ring networks. However, if a fault
occurs on a ring network, most protocols are slow to switch data services to the
backup link. The network convergence is slow, causing service interruptions.
To shorten the convergence time and eliminate the impact of network scale on
convergence time, Huawei developed RRPP. Compared with other Ethernet ring
protocols, RRPP has the following advantages:
● RRPP can be applied to large networks because the convergence time is not
affected by the number of nodes on the ring network.
● RRPP prevents broadcast storms caused by data loops when an Ethernet ring
is complete.
● If a fault occurs on an Ethernet ring network, the backup link rapidly restores
the communication among the Ethernet ring network nodes.

Table 18-1 Comparison of ring network protocols

Ring Network Characteristics
Protocol

Token ring The token ring was the first ring technology introduced to the
data communication field and applied in LANs.
The token ring does not have the self-healing capability.

FDDI Fiber Distributed Digital Interface (FDDI) is an improved

token ring technology that uses a token to transmit the right
to control a ring network. FDDI uses a double-ring structure.
FDDI uses optical fibers for transmission, which greatly
improves the performance and efficiency compared with the
token ring. FDDI does not have self-healing capability.
The bandwidth of an FDDI ring network cannot be efficiently
utilized because FDDI uses source address stripping
technology.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 977

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Ring Network Characteristics

Protocol

SDH/SONET Synchronous Digital Hierarchy/Synchronous Optical Network

(SDH/SONET) is a widely used ring technology that supports
both single and multiple rings. SDH/SONET features high
reliability and an automatic protection switching (APS)-based
self-healing mechanism.
On an SDH/SONET network, the bandwidth between two
nodes is fixed and reserved based on its point-to-point (P2P)
structure and the circuit switching design. The bandwidth
cannot adapt to the actual situation, which leads to inefficient
bandwidth use. As a result, the SDH/SONET technology
cannot meet the bandwidth requirements of IP data services
with frequent data bursts.
In addition, broadcast and multicast packets on the SDH/
SONET network are transmitted as unicast packets, wasting
bandwidth. APS requires a maximum of 50% redundant
bandwidth, which makes a flexible selection mechanism
impossible.

RPR Resilient Packet Ring (RPR) is a MAC-layer protocol on the

ring topology developed and standardized by IEEE 802.17 and
RPR alliance. RPR defines a logical P2P closed ring based on
the MAC layer.
On the physical layer, an RPR network is a ring network that
consists of P2P links; on the data link layer, an RPR network is
a broadcast network similar to an Ethernet network.
RPR is implemented based on dedicated hardware and a
complex fairness algorithm.

STP/RSTP/ The Spanning Tree Protocol (STP)/Rapid Spanning Tree

MSTP Protocol (RSTP)/Multi-Spanning Tree Protocol (MSTP) builds a
loop-free tree to prevent broadcast storms and implement
redundancy backup.
Multiple spanning trees perform load balancing and transmit
traffic in different VLANs along different paths.
As a protocol with the automatic calculation function, STP/
RSTP/MSTP supports any topology.
The network convergence time is affected by the topology.

RRPP RRPP is short for Rapid Ring Protection Protocol.

The network convergence time is not determined by the
number of nodes on a ring network, so the convergence
speed is fast.
RRPP multi-instance supports load balancing of different
types of service traffic.
RRPP is a Huawei proprietary protocol.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 978

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

18.2 Understanding RRPP

18.2.1 Basic Concepts of RRPP

After an RRPP domain and ring are created, RRPP specifies devices on the ring
network as nodes in different roles. Nodes on the ring network detect the ring
network status and transmit topology changes by sending, receiving, and
processing RRPP packets through primary and secondary interfaces. Nodes on the
ring network block or unblock the interfaces based on the ring network status.
RRPP can prevent loops when the ring is complete, and rapidly switch service data
to the backup link if a device or link fails, ensuring nonstop service transmission.

RRPP Entities
A group of interconnected switches configured with the same domain ID and
control VLAN constitute an RRPP domain.
Figure 18-1 illustrates the entities in an RRPP domain.

Figure 18-1 RRPP network

RRPP Domain

Transit Node Edge Node

Master Node SwitchA SwitchC SwitchE Master Node
S S
E
P C P
Major Ring Sub Ring

C
E

Transit Node SwitchB SwitchD SwitchF Transit Node

Transit Node Assistant-Edge Node
P: Primary Interface
S: Secondary Interface
C: Common Interface
E: Edge Interface

RRPP Domain ID
An RRPP domain ID distinguishes an RRPP domain.

RRPP Ring
A physical RRPP ring uses an Ethernet ring topology. An RRPP domain comprises a
single ring or multiple interconnected rings. When multiple interconnected rings
exist, one ring is the major ring and the others are sub-rings.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 979

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

An RRPP domain may have multiple sub-rings but only one major ring. The RRPP
domain in Figure 18-1 consists of a major ring and a sub-ring.

RRPP is applied to the networking of a single ring, intersecting rings, and tangent
rings. For details about different ring types, see Common RRPP Rings.

Control VLAN and Data VLAN

In an RRPP domain, a control VLAN is used to transmit only RRPP packets, while a
data VLAN is used to transmit data packets. The control VLAN is relative to the
data VLAN.

When an RRPP domain consists of a major ring and sub-rings, the RRPP domain is
configured with two control VLANs: a major control VLAN and a sub-control
VLAN. A major control VLAN belongs to the major ring, while a sub-control VLAN
belongs to a sub-ring. You only need to specify the major control VLAN. The VLAN
whose ID is one greater than the ID of the major control VLAN automatically
becomes the sub-control VLAN.

Protocol packets on the major ring are transmitted in the major control VLAN, and
RRPP packets on the sub-rings are transmitted in the sub-control VLAN. Protocol
packets on the sub-rings are transmitted as data packets on the major ring. For
example, in Figure 18-1, when the secondary interface of the master node on the
major ring is blocked, both data packets and protocol packets on the sub-ring
must be blocked. When the secondary interface is unblocked, both data packets
and protocol packets on the sub-ring are forwarded. Protocol packets on the sub-
ring are transmitted as data packets on the major ring, and protocol packets on
the major ring are only transmitted on the major ring.

Node
Each device on an RRPP ring is a node. Nodes on the RRPP ring are classified into
the following types:

● Master node
The master node determines how to handle topology changes. Each RRPP
ring must have only one master node.
Any device on an Ethernet ring can serve as the master node.
The master node can be in either Complete or Failed state. The master node
status indicates the RRPP ring status.
● Transit node
On an RRPP ring, all nodes except the master node are transit nodes. A transit
node monitors the status of its directly-connected links and notifies the
master node of link changes.
A transit node can be in LinkUp, LinkDown, or Preforwarding state.
– When the primary and secondary interfaces of a transit node are Up, the
transit node is in LinkUp state. The transit node can receive and forward
data packets and RRPP packets.
– When the primary or secondary interface of a transit node is Down, the
transit node is in LinkDown state.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 980

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

– When the primary or secondary interface of a transit node is Blocked, the

transit node is in Preforwarding state and can receive and forward only
RRPP packets.
● Edge node and assistant edge node
A switch functions as an edge node or an assistant edge node on a sub-ring,
and functions as a transit node on the major ring.
On the link where the major ring and sub-ring overlap, if the switch on one
intersection point is an edge node, the switch on the other intersection point
is an assistant edge node.
A sub-ring has only one edge node and one assistant edge node.
Edge nodes and assistant edge nodes are special transit nodes. They support
the same states as transit nodes but differ in the following situations:
– If an edge interface is Up, the edge node or assistant edge node is in
LinkUp state and can receive and forward data packets and RRPP packets.
– If an edge interface is Down, the edge node or assistant edge node is in
LinkDown state.
– If an edge interface is blocked, the edge node or assistant edge node is in
Preforwarding state and can receive and forward only RRPP packets.
If the changes of the link status on the interface of an edge node or assistant
edge node causes the state transition, only the edge interface status changes.
NOTE

The status of the RRPP ring on a node is the status of the node.

Interfaces
Interfaces are classified into the following types:
● Primary interface and secondary interface
On both the master node and transit node, one of the two interfaces
connected to an Ethernet ring is the primary interface, and the other is the
secondary interface. The interface roles depend on the configuration.
The primary and secondary interfaces on the master node provide different
functions:
– The master node sends Hello packets from its primary interface and
receives Hello packets on its secondary interface.
– Based on the network status, the master node blocks the secondary
interface to prevent loops or unblocks the secondary interface to ensure
communication among all the nodes on the ring.
The primary and secondary interfaces on a transit node provide the same
function.
● Common interface and edge interface
On an edge node or an assistant edge node, an interface shared by the major
ring and a sub-ring is called the common interface. An interface used only by
a sub-ring is called the edge interface.
The common interface is considered an interface on the major ring and
belongs to both the major control VLAN and sub-control VLAN. The edge
interface belongs only to the sub-control VLAN.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 981

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Common RRPP Rings

RRPP can be applied to networks consisting of a single ring, intersecting rings, or
tangent rings. Different networks require different RRPP domain configurations:
● All the devices on a single ring must be configured in the same RRPP domain.
● All the devices on intersecting rings must be configured in the same RRPP
domain.
● Devices on two tangent rings must be configured in different RRPP domains.
The tangent rings are equal to two single rings and must be configured in
two RRPP domains. Each RRPP domain has only one ring.

Single Ring
When only a single ring exists in the network topology, you can define one RRPP
domain and one RRPP ring. This topology is applicable to simple ring networks
and features a quick response to topology changes and short convergence time.

Figure 18-2 Single ring

Domain 1

SwitchA SwitchB

Master Node Transit Node

Ring 1

Transit Node Transit Node

SwitchD SwitchC

Intersecting Rings
When two or more rings exist in the network topology, and multiple common
nodes exist between two neighboring rings, they are considered intersecting rings
and you need to define only one RRPP domain. Configure one ring as the major
ring and the remaining rings as sub-rings. This topology is applicable when the
master node on a sub-ring needs to be dual-homed to the major ring through the
edge node and assistant edge node to provide uplink backup.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 982

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Figure 18-3 Intersecting rings

Domain 1

SwitchA SwitchB
Edge Node
Master Node

SwitchE
Ring 1
Ring 2

Master Node

Transit Node Assistant-Edge Node

SwitchD SwitchC

Tangent Rings
When two or more rings exist in the network topology and only one common
node exists between two neighboring rings, they are considered to be tangent
rings, and you need to configure the rings to belong to different RRPP domains.
This topology is applicable to large-scale networks that require domain-based
management.

Figure 18-4 Tangent rings

Domain 1

SwitchA SwitchE
Transit Node

Transit Node
SwitchB
SwitchD
Ring 2
SwitchF
Master Node Ring 1
SwitchC Transit Node

Transit Node Master Node

SwitchG

Domain 2
Transit Node

18.2.2 RRPP Packets

Table 18-2 lists different types of RRPP packets.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 983

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Table 18-2 Types of RRPP packets

RRPP Packet Description
Type

Hello The master node sends Hello packets to check for loops on a
(HEALTH) network.

LINK-DOWN Transit nodes, edge nodes, or assistant edge nodes send

LINK-DOWN packets to notify the master node that an
interface is Down.

COMMON- The master node sends COMMON-FLUSH-FDB packets to

FLUSH-FDB request that transit nodes, edge nodes, or assistant edge
nodes update their MAC address entries, ARP entries, and ND
entries.

COMPLETE- The master node sends COMPLETE-FLUSH-FDB packets to

FLUSH-FDB request that transit nodes, edge nodes, or assistant edge
nodes update their MAC address entries, ARP entries, and ND
entries, and enable transit nodes to unblock temporarily
blocked interfaces to forward data packets.

EDGE-HELLO The edge node sends EDGE-HELLO packets on a sub-ring

and the assistant edge node on the same sub-ring receives
EDGE-HELLO packets to check whether the major ring is
complete in the same RRPP domain as the sub-ring.

MAJOR-FAULT The assistant edge node on a sub-ring sends MAJOR-FAULT

packets to notify the edge node that the major ring in the
RRPP domain fails when the assistant edge node does not
receive the Edge-Hello packet from the edge interface within
a specified period.

Although there are many different types of RRPP packets, they all have a similar
format. Figure 18-5 demonstrates the format of an RRPP packet.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 984

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Figure 18-5 Format of an RRPP packet

0 7 8 15 16 23 24 31 32 47
Destination MAC address (6 bytes)
Source MAC address (6 bytes)
EtherType PRI VLAN ID Frame Length
DSAP/SSAP CONTROL OUI = 0x00e02b
0x00bb 0x99 0x0b RRPP Length
RRPP_VER RRPP TYPE Domain ID Ring ID
0x0000 SYSTEM_MAC_ADDR (6 bytes)
HELLO_TIMER FAIL_TIMER
0x00 LEVEL HELLO_SEQ 0x0000
RESERVED(0x000000000000)
RESERVED(0x000000000000)
RESERVED(0x000000000000)
RESERVED(0x000000000000)
RESERVED(0x000000000000)
RESERVED(0x000000000000)

Descriptions of each field in an RRPP packet are as follows:

● Destination MAC address: indicates the destination MAC address of the

packet. The field occupies 48 bits.
● Source MAC address: indicates the source MAC address of the packet. The
MAC address is the bridge MAC address. The field occupies 48 bits.
● EtherType: indicates the encapsulation type. The EtherType value is fixed as
0x8100, which indicates tagged encapsulation. The field occupies 16 bits.
● PRI: indicates the Class of Service (CoS) value. The PRI value is fixed as 0xe.
The field occupies 4 bits.
● VLAN ID: indicates the ID of the VLAN to which the packet belongs. The field
occupies 12 bits.
● Frame Length: indicates the length of the Ethernet frame. The Frame Length
value is fixed as 0x0048. The field occupies 16 bits.
● DSAP/SSAP: indicates the destination or source service access point. The
DSAP/SSAP value is fixed as 0xaaaa. The field occupies 16 bits.
● CONTROL: The field has no significance and occupies 8 bits. The CONTROL
value is fixed as 0x03.
● OUI: The field has no significance and occupies 24 bits. The OUI value is fixed
as 0x00e02b.
● RRPP_LENGTH: indicates the length of the RRPP data unit. The RRPP_LENGTH
value is fixed as 0x0040. The field occupies 16 bits.
● RRPP_VER: indicates the RRPP version. The current version is 0x01. The field
occupies 8 bits.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 985

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

● RRPP TYPE: indicates the type of the RRPP packet. The field occupies 8 bits.
The RRPP packet types and values are described as follows:
– HEALTH = 0x05
– COMPLETE-FLUSH-FDB = 0x06
– COMMON-FLUSH-FDB = 0x07
– LINK-DOWN = 0x08
– EDGE-HELLO = 0x0a
– MAJOR-FAULT = 0x0b
● DOMAIN_ID: indicates the ID of the RRPP domain to which the packet
belongs. The field occupies 16 bits.
● RING_ID: indicates the ID of the RRPP ring to which the packet belongs. The
field occupies 16 bits.
● SYSTEM_MAC_ADDR: indicates the bridge MAC address from which the
packet is sent. The field occupies 48 bits.
● HELLO_TIMER: indicates the timeout period (in seconds) of the Hello timer on
the node that sends the packet. The field occupies 16 bits.
● FAIL_TIMER: indicates the timeout period (in seconds) of the Fail timer on the
node that sends the packet. The field occupies 16 bits.
● LEVEL: indicates the level of the RRPP ring to which the packet belongs. The
field occupies 8 bits.
● HELLO-SEQ: indicates the sequence number of the Hello packet. The field
occupies 16 bits.

18.2.3 Implementation of a Single RRPP Ring (When the Ring

is Complete)

Implementation of a Single RRPP Ring

When all the links and nodes on a single ring are Up, the master node is in
Complete state.
In Figure 18-6, the master node blocks its secondary interface to prevent
broadcast loops caused by data packets. The blocked secondary interface can only
receive RRPP packets but cannot forward data packets. Hello packets sent by the
master node to monitor the ring status can pass through the secondary interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 986

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Figure 18-6 Complete RRPP ring

Network

Router1 Router2

Master Node

Block
P S

User primary interface

network secondary interface
Data Packet
Hello

Polling Mechanism
The master node uses a polling mechanism to monitor the ring status and
perform operations by sending Hello packets.
Hello timer and Fail timer
The polling mechanism uses the Hello timer and Fail timer.
● The value of the Hello timer specifies the interval at which the master node
sends Hello packets from the primary interface.
● The value of the Fail timer specifies the maximum delay in which the primary
interface sends a Hello packet and the secondary interface receives the Hello
packet.
● The value of the Fail timer must be three times or larger the value of the
Hello timer.
The master node determines whether to unblock the secondary interface by
sending a Hello packet according to the value of the Hello timer and checking
whether the secondary interface receives the Hello packet within the delay
specified by the Fail timer.
Process of the polling mechanism
The process of the polling mechanism is as follows:
1. The master node periodically sends a Hello packet from its primary interface
based on the value of the Hello timer.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 987

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

2. The Hello packet is transmitted along transit nodes on the ring, as shown in
Figure 18-6. The master node typically receives the Hello packet on its
secondary interface.
– If the secondary interface on the master node receives the Hello packet
before the Fail timer times out, the master node considers the ring
complete.
– If the secondary interface on the master node does not receive the Hello
packet after the Fail timer times out, the master node considers the ring
faulty.

18.2.4 Implementation of a Single RRPP Ring (When the Ring

is Faulty)

Implementation of a Single RRPP Ring

In Figure 18-7, the link between SwitchA and SwitchB fails. SwitchA and SwitchB
are transit nodes on the ring.

Figure 18-7 Faulty RRPP ring

Network

Router1 Router2
Interface2
SwitchB

Link Failure

SwitchA
Interface1 Master Node

P S

User
network
primary interface
secondary interface
Data Packet
LINK-DOWN

● When SwitchA and SwitchB detect the link failure, they send LinkDown
packets to the master node from Interface1 and Interface2 respectively.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 988

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

● Upon receiving a LinkDown packet, the master node changes from Complete
state to Failed state and unblocks the secondary interface so that data
packets can pass through.
● When the network topology changes, the master node updates the
forwarding entries to ensure correct packet forwarding. In addition, the
master node sends a Common-Flush-FDB packet from the primary and
secondary interfaces to request that all transit nodes update the forwarding
entries.

Fault Detection and Processing

Faults on a ring can be detected in the following two ways:

LinkDown notification mechanism

Nodes on an RRPP ring monitor the link status of their interfaces. If a fault occurs
on a link, the status of the interface directly connected to the link becomes Down.
Upon detecting the Down state, the node immediately takes the following
measures:

● If the primary interface on the master node is Down, the master node detects
the link fault and immediately unblocks the secondary interface. In addition,
the master node sends a Common-Flush-FDB packet from the secondary
interface to request that all the transit nodes on the ring update their MAC
address entries and ARP entries.
● If the interface on a transit node is Down, the node sends a LinkDown packet
from its interface in Up state to the master node. When receiving the
LinkDown packet, the master node changes to Failed state and unblocks its
secondary interface. When the network topology changes, the master node
must update its MAC address entries and ARP entries to prevent incorrect
packet forwarding. In addition, the master node sends a Common-Flush-FDB
packet from its primary and secondary interfaces to request that all transit
nodes update their MAC address entries and ARP entries.

Polling mechanism

If the LinkDown packet is lost during transmission, the polling mechanism is used
on the master node.

The master node periodically sends Hello packets from its primary interface. The
packets are then transmitted through all transit nodes on the ring. If the
secondary interface on the master node does not receive the Hello packet from
the primary interface in the specified period, the master node considers the ring
faulty. The fault is processed in the same way as a fault actively reported by a
transit node. The master node changes to Failed state and unblocks the secondary
interface. In addition, the master node sends a Common-Flush-FDB packet from
its primary and secondary interfaces to request that all transit nodes update their
MAC address entries and ARP entries.

The LinkDown notification mechanism processes faults more quickly than the
polling mechanism, allowing RRPP to implement fast link switchover and
convergence.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 989

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

18.2.5 Implementation of a Single RRPP Ring (When the Fault

is Rectified)

Implementation of a Single RRPP Ring

In Figure 18-8:
1. When the faulty interface on a transit node recovers, the transit node enters
the Preforwarding state and blocks the recovered interface.
2. After all the failed links on the ring recover, the secondary interface on the
master node receives the Hello packets sent from the primary interface.
3. When receiving the Hello packets, the master node enters the Complete state
and blocks the secondary interface.
4. The master node sends a Complete-Flush-FDB packet from the primary
interface to request that all transit nodes update forwarding entries.
5. When receiving the Complete-Flush-FDB packet, the transit node enters the
LinkUp state, unblocks the temporarily blocked interface, and updates
forwarding entries.

Figure 18-8 RRPP implementation

Network

Router1 Router2

Master Node

Block
P S

User
network
primary interface
secondary interface
Data Packet
COMPLETE-FLUSH-FDB

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 990

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Fault Rectification Detection and Processing

When the primary interface on a transit node changes to Up, the master node
does not immediately detect the change and the secondary interface remains
unblocked. If the transit node immediately switches back to the LinkUp state, a
temporary loop caused by data packets occurs on the ring. To prevent such loops,
the transit node immediately blocks the recovered interfaces and enters the
Preforwarding state when the primary and secondary interfaces on the transit
node recover. However, the ring does not recover because ring recovery is initiated
by the master node. When all links on the ring are Up and the secondary interface
on the master node can receive the Hello packets sent by the primary interface on
the master node, the master node enters the Complete state.
When the network topology changes, the master node must update the MAC
address entries and ARP entries. The master node must also send a Common-
Flush-FDB packet from the primary interface to request that all transit nodes
update their MAC address entries and ARP entries. Upon receiving the Complete-
Flush-FDB packet from the master node, the transit nodes in Preforwarding state
enter the LinkUp state.
If the Complete-Flush-FDB packet is lost during transmission, a backup
mechanism is used to unblock the temporarily blocked interfaces on transit nodes.
If a transit node is in Preforwarding state, the transit node unblocks the
temporarily blocked interfaces when receiving no Complete-Flush-FDB packet
from the master node in the period specified by the Fail timer. The transit node
then updates its MAC address entries and ARP entries to recover data
communication.

LinkUp Timer
After the link recovers, traffic transmission paths are switched frequently if the link
status changes frequently on a ring. As a result, loop flapping occurs and system
performance deteriorates. To address this problem, a LinkUp timer is used to set
the period after which the faulty master node enters the Complete state. This
prevents transmission paths from changing frequently and reduces loop flapping
impact on system performance.
If a LinkUp timer is configured, the master node does not immediately enter
Complete state when its secondary interface receives a Hello message. Instead,
the master node triggers the LinkUp timer and performs the following operations:
● Before the LinkUp timer expires, the master node does not process the Hello
message received from the secondary interface and the RRPP ring topology
remains unchanged. If the link status changes (for example, the master node
receives a LinkDown packet or the link goes Down) the timer is closed.
● After the LinkUp timer expires, the master node processes the Hello message.
The master node blocks its secondary interface and requests all transit nodes
to update their forwarding entries. The RRPP ring is re-converged.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 991

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Figure 18-9 LinkUp timer implementation

Network

Router1 Router2

SwitchD

Link Failure

Master Node
SwitchC
Block
P S

User
network primary interface
secondary interface
Data Flow1
Data Flow2

In Figure 18-9, traffic between SwitchC and SwitchD is forwarded along data flow
1 when the ring fails. After the fault is rectified, the RRPP ring recalculates the
topology. Traffic between SwitchC and SwitchD is switched to data flow 2.

● When no LinkUp timer is configured, if the recovered link is unstable and fails
again, the RRPP ring recalculates the topology. Traffic between SwitchC and
SwitchD is switched to data flow 1. This may cause frequent changes of traffic
transmission paths. As a result, traffic is lost and system performance
deteriorates.
● When a LinkUp timer is configured, traffic is not switched immediately when
the fault is rectified. If the recovered link fails again, traffic between SwitchC
and SwitchD is still transmitted along data flow 1.

18.2.6 Implementation of Multiple Rings

A multi-ring RRPP network works in almost the same way as a single-ring RRPP
network. On a multiple-ring network:

● When receiving Common-Flush-FDB or Complete-Flush-FDB packets from a

sub-ring, a node on the major ring relearns the entries and updates its
forwarding entries. Data flows re-select the path.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 992

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

● A transit node on the major ring unblocks the temporarily blocked interface
only when receiving a Complete-Flush-FDB packet sent from the major ring,
not from the sub-ring.
● The path status detection mechanism for sub-ring protocol packets on the
major ring is used on a network with multiple rings. For details, see Path
Status Detection Mechanism for Sub-Ring Protocol Packets on the Major
Ring.
● Ring groups are used to improve system performance. For details, see Ring
Group.

Path Status Detection Mechanism for Sub-Ring Protocol Packets on the

Major Ring
This mechanism applies to networks where multiple sub-rings intersect with the
master ring. It is used to prevent loops among sub-rings after secondary interfaces
are unblocked by master nodes on sub-rings.
Figure 18-10 shows an example of broadcast loops forming between sub-rings,
and how the path status detection mechanism can prevent these loops.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 993

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Figure 18-10 Loop formation between sub-rings

Network

Router1 Router2

Master Transit

Major Ring

Edge
Assistant-Edge
Block Block

Sub-Ring1 Sub-Ring2

P P
Sub S Sub
S
Master 1 Master2

PC1 PC2
Block MAJOR_FAULT packets

P Primary Interface EDGE-HELLO packets

S Secondary Interface Possible ring if the Edge interfaces are not blocked

When the common link between the major ring and sub-ring is faulty and at least
one non-common link is faulty, the master node on each sub-ring unblocks its
secondary interface (S in Figure 18-10) because the secondary interface does not
receive Hello packets. In this case, broadcast loops (blue dashed lines in Figure
18-10) may occur between sub-rings. To prevent loops, the network deploys the
path status detection mechanism for sub-ring protocol packets on the major ring.
After this mechanism is configured, the edge node and assistant edge node detect
the path status. When the edge node detects that the path is interrupted, the
edge interfaces on the two sub-rings are blocked before the master nodes on the
two sub-rings unblock their secondary interfaces. This prevents loops between
sub-rings. The edge interfaces on the edge nodes of sub-ring 1 and sub-ring 2 are
blocked, preventing loops. If the edge port is blocked, device connectivity cannot
be ensured.
The specific procedure for preventing loops using the path status detection
mechanism for sub-ring protocol packets is as follows:
1. The edge node checks the path status of sub-ring protocol packets on the
major ring.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 994

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

The edge node on a sub-ring periodically sends Edge-Hello packets to the

major ring through two RRPP interfaces on the major ring. Edge-Hello
packets are transmitted through all transit nodes on the ring. The assistant
edge node does not forward the received Edge-Hello packets.
In Figure 18-11, the edge node sends Edge-Hello packets to the major ring
through Interface1 and Interface2, which are also located on the major ring.

Figure 18-11 Edge node sending Edge-Hello packets

Network

Router1 Router2

Master
S Block

Major Ring
Interface1
Edge
Assistant
Interface2

Sub Ring
Block
S P
Master

EDGE-HELLO
Data Packet

Block
PC
P Primary Interface

S Secondary Interface

If the assistant edge node receives the Edge-Hello packets within the specified
period, the protocol packet path is normal; if the assistant edge node receives
no Edge-Hello packets within the specified period, the path is faulty.
2. The path is disconnected and the edge node blocks the edge interfaces.
Upon detecting that the sub-ring protocol packet path is disconnected, the
assistant edge node immediately sends a Major-Fault packet to the edge
node. After receiving the Major-Fault packet, the edge node blocks its edge
interfaces.
In Figure 18-12, the assistant node sends a Major-Fault packet to the edge
node from Interface3.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 995

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Figure 18-12 Blocking edge interfaces

Network

Router1 Router2

P
Master
S

Major Ring

Edge
Assistant
Interface3 Block
Sub Ring

S P
Block Master

MAJOR-FAULT
Data Packet

Block
PC
P Primary Interface

S Secondary Interface

3. The master node on the sub-ring unblocks the secondary interface after the
Fail timer expires.
After the edge node blocks its edge interfaces, the path for sub-ring protocol
packets is disconnected because of the failure on the major ring. As a result,
the master node on the sub-ring cannot receive the Hello packet sent by the
master node within the specified period. The master node changes to Failed
state and unblocks the secondary interface.
In Figure 18-13, the edge node blocks its edge interfaces. The master node
on the sub-ring unblocks the secondary interface that is blocked in Figure
18-12.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 996

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Figure 18-13 Sub-ring disconnected due to the blocked path on the major
ring

Network

Router1 Router2
P

Master
S

Major Ring

Edge
Assistant
Interface3 Block
Sub Ring

S P
Master

Data Packet

Block
PC
P Primary Interface

S Secondary Interface

4. The sub-ring protocol packet path recovers.

After the link on the major ring recovers, the communication between the
edge node and assistant edge node recovers, and the path for the sub-ring
protocol packets is recovered. The secondary interface on the sub-ring can
receive the Hello packets sent from the master node. The master node then
changes to Complete state and blocks the secondary interface. Figure 18-14
illustrates this process (recovery of the sub-ring protocol packet path).

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 997

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Figure 18-14 Recovery of the sub-ring protocol packet path

Network

Router1 Router2
P

Master
S

Major Ring

Edge
Assistant
Interface3 Block
Sub Ring

S P
Block Master

Hello
Data Packet

Block
PC
P Primary Interface

S Secondary Interface

In Figure 18-15, the master node on the sub-ring sends a Complete-Flush-

FDB packet. Upon receiving the packet, the edge node unblocks the edge
interfaces.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 998

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Figure 18-15 Unblocking the edge interfaces on the edge node of the sub-
ring

Network

Router1 Router2
P

Master
S

Major Ring

Edge
Assistant
Interface3 Block
Sub Ring

S P
Block Master

Hello
Data Packet

Block
PC
P Primary Interface

S Secondary Interface

Ring Group
In RRPP multi-instance, sub-rings are grouped to reduce the number of received
and sent Edge-Hello packets, improving system performance.
In the path status detection mechanism for sub-ring protocol packets on the
major ring, the edge node on a sub-ring periodically sends Edge-Hello packets to
the two RRPP interfaces on the major ring to detect the completeness of the path
for sub-ring protocol packets.
In Figure 18-16, the edge nodes on multiple sub-rings (sub-ring 2 and sub-ring 3
in domain 1; sub-ring 2 and sub-ring 3 in domain 2) are the same device, and the
assistant edge nodes on the sub-rings are the same device. In addition, edge
nodes and assistant edge nodes connect to the major ring in the same link. The
Edge-Hello packets from edge nodes on the sub-rings arrive at assistant edge
nodes along the same path. In this case, the sub-rings that have the same edge
nodes and assistant edge nodes can be added into a ring group. A sub-ring in the
ring group is selected to send Edge-Hello packets to detect the path for sub-ring
protocol packets on the major ring. This reduces the number of received and sent
Edge-Hello packets and improves system performance.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 999

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Figure 18-16 Ring group in RRPP multi-instance

Network

Router1 Router2

SwitchC SwitchD
Domain 1 Major ring
1
Domain 2 Major ring
1
Edge
Assistant
SwitchA SwitchB

Domain 1 sub ring 2 Domain 1 sub ring 3

Domain 2 sub ring 2
Domain 2 sub ring 3

SwitchE SwitchF

Master Master

PC1 PC2
domain 1
domain 2

A sub-ring in the ring group is selected to send the Edge-Hello packet in the
following procedure:
1. The sub-rings with the smallest domain ID are selected from all the activated
rings in the ring group on the edge node. In Figure 18-16, the sub-rings with
the smallest domain ID are ring 2 in domain 1 and ring 3 in domain 1.
2. The smallest ring ID is selected from the rings with the smallest domain ID.
The edge node on the ring with the smallest ring ID then sends Edge-Hello
packets. In Figure 18-16, the sub-ring with the smallest ring ID is Ring 2 in
Domain 1. Therefore, the edge node on Ring 2 in Domain 1 sends Edge-Hello
packets in the ring group formed by ring 2 in domain 1, ring 3 in domain 1,
ring 2 in domain 2, and ring 3 in domain 2.
3. When any sub-ring receives an Edge-Hello packet on all the activated rings in
the ring group where assistant edge nodes reside, the sub-ring notifies other
sub-rings of the packet.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1000

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

18.2.7 RRPP Multi-Instance

On a common RRPP network, a physical ring contains only one RRPP domain.

When an RRPP ring is in Complete state, the master node blocks the secondary
interface, preventing all service packets from passing through. All service packets
are transmitted on the RRPP ring along one path. As a result, the link on the
secondary interface side of the master node becomes idle, wasting bandwidth. For
example, in Figure 18-17, the link between SwitchA and SwitchC is idle and does
not forward data.

Figure 18-17 RRPP network

SwitchC
S ( Block )
Master
SwitchA P

VLAN 100-200

SwitchE
RRPP ring Backbone
network

VLAN 201-400

SwitchB
Block

SwitchD P Primary interface

S Secondary interface
VLAN 100 - 200
VLAN 201 - 400

In Figure 18-17, the devices (SwitchA, SwitchB, SwitchC, and SwitchD) support
multiple RRPP domains on one physical ring. An RRPP domain takes effect for
data from a protected VLAN associated with the domain. Therefore, you can
configure different protected VLANs for each domain. When the master node in a
domain blocks its secondary interface, data from protected VLANs in different
domains is transmitted through different paths. This allows for link backup and
traffic load balancing.

NOTE

RRPP only takes effect for data from protected VLANs. Loops may occur if data does not
belong to the protected VLANs.

In the example shown in Figure 18-18, two domains exist on the RRPP multi-
instance ring that consists of SwitchA, SwitchB, SwitchC, SwitchD, and SwitchE.
SwitchC is the master node in domain 2 and SwitchD is the master node in
domain 1.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1001

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

● Instance1 is created in domain 1, and data in VLANs 100 to 200 is mapped to

Instance1 and transmitted along the path SwitchA -> SwitchC -> SwitchE.
Master2 (SwitchC) serves as the master node in Domain 2. The secondary
interface on Master2 is blocked. Only data in VLANs 201 to 400 is blocked
and data in VLANs 100 to 200 can pass through.
● Instance2 is created in domain 2, and data in VLANs 201 to 400 is mapped to
Instance2 and transmitted along the path SwitchB -> SwitchD -> SwitchE.
Master1 (SwitchD) serves as the master node in Domain 1. The secondary
interface on Master1 is blocked. Only data in VLANs 100 to 200 is blocked
and data in VLANs 201 to 400 can pass through.

Figure 18-18 RRPP multi-instance

SwitchC
S(Block) Master2
SwitchA P

Instance1:
VLAN 100 - 200
SwitchE
RRPP ring
Backbone
network
Instance2:
VLAN 201 - 400

SwitchB P
S(Block) Master1
SwitchD
Block
P Primary interface
S Secondary interface
Instance1:VLAN 100-200
Instance2:VLAN 201-400

When a node or link is faulty, each RRPP domain independently calculates the
topology and updates forwarding entries on each node.
In Figure 18-19, a fault occurs on the link between SwitchD and SwitchE. This
fault does not affect the transmission path for the packets in VLANs 100 to 200 in
domain 1, but the transmission path is blocked for the packets in VLANs 201 to
400 in Domain 2.
The master node SwitchC in domain 2 cannot receive Hello packets on the
secondary interface. As a result, SwitchC unblocks the secondary interface and
requests nodes in domain 2 to update their forwarding entries. After the topology
in domain 2 re-converges, the transmission path of the packets in VLANs 201 to
400 changes to SwitchB ->SwitchA ->SwitchC->SwitchE.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1002

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Figure 18-19 RRPP multi-instance (when the link is faulty)

SwitchC
S(Unblock) Master2
SwitchA P

Instance1:
VLAN 100 - 200
SwitchE
RRPP ring Backbone
network
Instance2:
VLAN 201 - 400

SwitchB
P
S(Block) Master1
SwitchD
Block
P Primary interface
S Secondary interface
Instance1:VLAN 100-200
Instance2:VLAN 201-400

After the link between SwitchD and SwitchE recovers, SwitchC receives Hello
packets on the secondary interface. As a result, SwitchC blocks the secondary
interface and requests nodes in domain 2 to update their forwarding entries. After
the topology in domain 2 re-converges, the packets in VLANs 201 to 400 are
switched back to the original path SwitchB ->SwitchD ->SwitchE.

18.3 Application Scenarios for RRPP

18.3.1 Application of a Single Ring

To provide link backup and improve network reliability, you can construct a ring
on the network.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1003

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Figure 18-20 Network of a single ring

RRPP Domain

Transit 2

CE

Master
P
Core Net
CE Transit 1 S
BLOCK MSE/NPE

Data Flow
CE: Customer Edge
MSE: Multi Service Edge
Transit 3 NPE: Network Provider Edge

In Figure 18-20, Transit 1, Transit 2, Transit 3, and Master constitute a single RRPP
ring. Data traffic is transmitted along the path Transit 1 -> Transit 2 -> Master.
If RRPP detects a fault on the link between Transit 1 and Transit 2, Master
unblocks its secondary interface and immediately instructs other nodes on the ring
to re-learn MAC address entries and ARP entries. Traffic on the RRPP ring is then
switched to the path Transit 1 -> Transit 3 -> Master.

18.3.2 Application of Tangent RRPP Rings

Metro Ethernet typically uses two-layer rings:
● One layer is the aggregation layer between aggregation devices PE-AGGs (for
example, RRPP domain 1 in Figure 18-21).
● The other layer is the access layer between PE-AGGs and UPEs (for example,
RRPP domain 2 and RRPP domain 3 in Figure 18-21).

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1004

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Figure 18-21 Tangent RRPP rings

Master
UPE

UPE PE-AGG
RRPP Transit 1
Domain2
Master
PE-AGG
UPE RRPP P IP/MPLS
Domain1 Core
UPE S
UPE Block NPE
RRPP Transit 2
Domain3
PE-AGG
PE-AGG: PE-Aggregation
NPE: Network Provider Edge
Master UPE: Underlayer Provider Edge
UPE

Tangent RRPP rings can be used in this scenario, as shown in Figure 18-21. The
aggregation layer and access layer are RRPP rings and the different layer's rings
are tangent.

18.3.3 Application of Intersecting RRPP Rings

Metro Ethernet typically uses two-layer rings:
● One layer is the aggregation layer between aggregation devices PE-AGGs.
● The other layer is the access layer between PE-AGGs and UPEs

Figure 18-22 Intersecting RRPP rings

RRPP Domain

UPE
PE-AGG
Edge Master
Sub PE-AGG
Ring 1
Master
Major P Core Net
Ring S
UPE Sub Block NPE
LANSwitch Ring 2
Assistant
PE-AGG PE-AGG: PE-Aggregation
Master NPE: Network Provider Edge
UPE: Underlayer Provider Edge

CE

Intersecting RRPP rings can be used in this scenario, as shown in Figure 18-22.
The aggregation layer is the RRPP major ring and the access layer is the RRPP sub-
ring.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1005

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

18.3.4 Application of RRPP and STP

RRPP cannot be configured with STP/RSTP/MSTP on the same interface at the
same time, but you can configure RRPP and STP on different interfaces of a
device. Figure 18-23 shows an example of a network that has RRPP and STP
configured on different interfaces of the same device.

Figure 18-23 Network of RRPP and STP

STP Network

UPE: Underlayer Provider Edge

NPE: Network Provider Edge
PE-AGG: PE-Aggregation

UPE5 PE-AGG NPE NPE

UPE4

Master
UPE1
RRPP Ring

UPE3
PE-AGG NPE
UPE2

In Figure 18-23, RRPP is applied to an Ethernet network enabled with STP/RSTP/

MSTP in tangent mode. You can enable RRPP and STP/RSTP/MSTP on different
interfaces of the intersecting device (UPE1) so that the RRPP network and the
STP/RSTP/MSTP network are used together.

18.3.5 Application of Intersecting RRPP Rings of Multi-

Instance on a MAN
In Figure 18-24, Customer Edges (CEs) are dual-homed to Underlayer Provider
Edges (UPEs) and two RRPP rings are formed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1006

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Figure 18-24 Intersecting RRPP rings of multi-instance in a MAN (CEs supporting

RRPP multi-instance)
CE ring
Master Domain 1 2 Domain 1
ring
UPE 1
Edge UPE

Domain 2
ring
2
PE-AGG
Backbone
network
ring Master
3
Domain 2

Assistant
UPE
Master UPE
ring Block
CE Domain 1 ring
3 Domain 2 Instance1: VLAN 101-200
1
Instance2: VLAN 1-100
domain 1
domain 2

In Figure 18-24, four UPEs and one PE-AGG construct a ring and RRPP multi-
instance is configured on the ring. Traffic on the RRPP ring flows into the
backbone network through the PE-AGG.
Two RRPP rings are configured on the four UPEs and the PE-AGG: ring 1 in
domain 1 and ring 1 in domain 2. Domain 1 processes data in VLANs 101 to 200
and domain 2 processes data in VLANs 1 to 100.
Four RRPP rings are configured on the two CEs and two UPEs: ring 2 in domain 1,
ring 2 in domain 2, ring 3 in domain 1, and ring 3 in domain 2.
RRPP rings provide master/slave protection and load balancing for the Layer 2
services in VLANs 1 to 200. When all the nodes and links on the rings are working
properly, traffic sent to sub-rings is transmitted along different paths according to
the service VLAN, implementing load balancing.
However, CEs may not support RRPP multi-instance, like the example shown in
Figure 18-25. The major ring constructed by four UPEs and one PE-AGG belongs
to multiple domains; however, the sub-rings constructed by CEs and UPEs belong
to only one domain. Load balancing is not implemented on the sub-ring, and data
in all VLANs is transmitted along the same path on the sub-ring. After entering
the major ring, the traffic sent to sub-rings is transmitted along different paths
according to the service VLAN, implementing load balancing.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1007

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Figure 18-25 Intersecting RRPP rings of multi-instance on a MAN (CEs not

supporting multi-instance)
CE
Master ring
Domain 1
UPE 1
Edge UPE

Domain 2
ring
2
PE-AGG
Backbone
network
ring Master
3
Domain 2

Assistant
UPE
Master UPE
Block
CE ring
Domain 2 Instance1: VLAN 101-200
1
Instance2: VLAN 1-100
domain 1
domain 2

18.3.6 Application of Tangent RRPP Rings of Multi-Instance on

a MAN
In Figure 18-26, two RRPP rings (ring 1 in domain 1 and ring 1 in domain 2) are
configured on the five UPEs on the CE (left) side. One RRPP ring (ring 1 in domain
3) is configured on the four UPEs on the right side.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1008

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Figure 18-26 Tangent RRPP rings of multi-instance in a MAN

ring
Domain 1
1 UPE
CE UPE UPE

UPE
ring
Master Domain 3
1

UPE Master

CE UPE UPE

ring UPE
Domain 2 Block
1
Instance1: VLAN 101-200
Instance2: VLAN 1-100
domain 1
domain 2
domain 3

Domain 1 processes data in VLANs 101 to 200, Domain 2 processes data in VLANs
1 to 100, and Domain 3 processes data in VLANs 1 to 200.
The RRPP ring on the left side implements master/slave protection and load
balancing for the Layer 2 services in VLANs 1 to 200. When all the nodes and links
on the RRPP rings are working properly, traffic sent to rings from CEs is
transmitted along different paths according to the service VLAN, implementing
traffic load balancing.
Traffic in VLANs 1 to 200 flows from the tangent node into the RRPP ring on the
right side.

18.3.7 Application of Multiple Instances Single-homed to an

RRPP Aggregation Ring
In Figure 18-27, CEs access an RRPP ring through UPEs, and then access the
backbone network through the PE-AGG.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1009

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Figure 18-27 Multiple instances single-homed to an RRPP aggregation ring

CE
UPE
in S
st
an P
ce
1
UPE
Master 2

e2
anc
inst
CE Backbone
network
PE-AGG

Master 1 Block
UPE P Primary interface
P S Secondary interface
S UPE Domain 1
Domain 2

Four UPEs and one PE-AGG construct a ring in two domains: ring 1 in domain 1
and ring 1 in domain 2. Domain 1 processes data in VLANs 101 to 200 and
domain 2 processes data in VLANs 1 to 100.
Domain 1 maps instance 1 and domain 2 maps instance 2. Services in VLANs 1 to
200 are sent from CEs.
Service VLANs processed in the two RRPP domains do not overlap and all service
VLANs are processed. Traffic in domain 1 and domain 2 is load balanced on the
RRPP ring.

18.3.8 Application of the RRPP Multi-instance Ring and Smart

Link Network
In Figure 18-28, CEs are dual-homed to UPEs through Smart Link technology.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1010

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Figure 18-28 RRPP multi-instance ring and Smart Link network

ring
Domain 1
1
UPE UPE

PE-AGG
CE
Backbone
network
Master

UPE UPE

ring Block
Domain 2
1 Instance1: VLAN 101-200
Instance2: VLAN 1-100
domain 1
domain 2

Four UPEs and one PE-AGG construct a ring. After RRPP multi-instance on the ring
is enabled, traffic flows into the backbone network through the PE-AGG.

Nodes on the RRPP ring and the PE-AGG must support Smart Link.

18.3.9 Application of RRPP Snooping

NOTE

Only the S5720HI, S5720EI, S6720S-EI, and S6720EI support this function.

RRPP snooping notifies a VPLS network of changes on the RRPP ring. After RRPP
snooping is enabled on sub-interfaces or VLANIF interfaces, the VPLS network can
transparently transmit RRPP packets, detect changes on the RRPP ring, and update
forwarding entries, ensuring that traffic can be rapidly switched to a non-blocking
path.

In Figure 18-29, UPEs are connected as an RRPP ring to the VPLS network where
NPEs reside. NPEs are connected through a PW, and therefore cannot serve as
RRPP nodes to directly respond to RRPP packets. As a result, the VPLS network
cannot sense the status change of the RRPP ring. When the RRPP ring topology
changes, each node on the VPLS network forwards downstream data according to
the MAC address table generated before the RRPP ring topology changes. As a
result, the downstream traffic cannot be forwarded.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1011

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Figure 18-29 Network of RRPP and VPLS

NPEB

NPEA VPLS NPEC

GE0/0/1.100 GE0/0/2.100

NPED
GE RRPP ring
Control VLAN:100
P User VLAN:10~20

UPEA UPEB
S
data packet
hello packet
primary interface
P secondary interface
S

To solve this problem, RRPP snooping can be enabled on the sub-interface or

VLANIF interface of NPED and associated with other VSIs on the local device.
When RRPP snooping is enabled, if the RRPP ring is faulty, NPED on the VPLS
network clears the forwarding entries of the VSIs (including the associated VSIs)
on the local node and the forwarding entries of the remote NPEB to re-learn
forwarding entries. This ensures that traffic can be switched to a normal path and
downstream traffic can be properly forwarded.
In Figure 18-30, when the link between NPED and UPEA is faulty, and the master
node UPEA sends a Common-Flush-FDB packet to request that the transit nodes
on the RRPP ring clear their MAC address tables.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1012

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Figure 18-30 Network of RRPP and VPLS (when the RRPP ring is faulty)
NPEB

NPEA VPLS NPEC

GE0/0/1.100 GE0/0/2.100

NPED
GE RRPP ring
Control VLAN:100
P User VLAN:10~20

UPEA UPEB
S

data packet
COMMON-FLUSH-FDB
primary interface
P
secondary interface
S

The original MAC address table is not cleared because NPED cannot process the
Common-Flush-FDB packet. If downstream service packets are still sent to UPEA,
NPED sends the packets to UPEA along the original path. This interrupts the
downstream traffic between NPED and NPEA. After UPEB clears the MAC address
table, the upstream service packets sent by UPEA are regarded as unknown
unicast packets and are forwarded to the VPLS network along the path UPEA ->
UPEB -> NPED. After re-learning the MAC address, NPED can forward the
downstream traffic destined to UPEA.
When the fault on the RRPP ring is recovered, the master node UPEA sends a
Complete-Flush-FDB packet to request that the transit nodes clear their MAC
address tables. The downstream traffic between NPED and UPEA is interrupted
because NPED cannot process the Complete-Flush-FDB packet.
Figure 18-31 demonstrates that after RRPP snooping is enabled on sub-interfaces
GE0/0/1.100 and GE0/0/2.100 of NPED, NPED can process the Common-Flush-FDB
and Complete-Flush-FDB packets.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1013

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Figure 18-31 Network of RRPP and VPLS (when RRPP snooping is enabled)
NPEB

NPEA VPLS NPEC

GE0/0/1.100 GE0/0/2.100
RRPP snooping RRPP snooping
NPED
GE RRPP ring
Control VLAN:100
P User VLAN:10~20

UPEA UPEB
S

data packet
COMMON-FLUSH-FDB
P primary interface
S secondary interface

When the RRPP ring topology changes and NPED receives the Common-Flush-FDB
or Complete-Flush-FDB packet from the master node UPEA, NPED clears the MAC
address table of the VSI associated with sub-interfaces GE0/0/1.100 and
GE0/0/2.100. NPED then requests that other NPEs in this VSI clear their MAC
address tables.
If the downstream data packets are still sent to UPEA, the packets are regarded as
unknown unicast packets and are broadcast in the VLAN and sent to UPEA along
the path UPED -> UPEB -> NPEA because NPED cannot find mapping MAC
address entries. This ensures downstream traffic continuity.

18.4 Summary of RRPP Configuration Tasks

You can deploy RRPP only after basic functions of RRPP are configured. If RRPP is
deployed with VPLS, you need to configure RRPP snooping. Table 18-3 describes
the RRPP configuration tasks.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1014

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Table 18-3 RRPP configuration tasks

Scenario Description Task

Configure RRPP RRPP prevents loops 18.7 Configuring RRPP

when the ring is
complete. RRPP can
rapidly restore
communication on the
ring network when the
ring network is faulty.
There are three
networking modes:
single ring, intersectant
ring, and tangent ring.

Configure RRPP snooping RRPP snooping notifies a 18.8 Configuring RRPP

NOTE VPLS network of changes Snooping
Only the S5720HI, S5720EI, on an RRPP ring. After
S6720S-EI, and S6720EI RRPP snooping is
support this function. enabled on sub-
interfaces or VLANIF
interfaces, the VPLS
network can
transparently transmit
RRPP packets, detect
changes on the RRPP
ring, and update
forwarding entries,
ensuring that traffic can
be rapidly switched to a
non-blocking path.

18.5 Licensing Requirements and Limitations for RRPP

Involved Network Elements

Other network elements are not required.

Licensing Requirements
RRPP configuration commands are available only after the S1720GW, S1720GWR,
and S1720X have the license (WEB management to full management Electronic
RTU License) loaded and activated and the switches are restarted. RRPP
configuration commands on other models are not under license control.
For details about how to apply for a license, see S Series Switch License Use
Guide.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1015

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Version Requirements

Table 18-4 Products and versions supporting RRPP

Product Product Software Version
Model

S1700 S1720GFR Not supported

S1720GW, V200R010C00, V200R011C00, V200R011C10

S1720GWR

S1720GW- V200R010C00, V200R011C00, V200R011C10

E,
S1720GWR
-E

S1720X, V200R011C00, V200R011C10

S1720X-E

Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.

S2700 S2700SI Not supported

S2700EI V100R005C01, V100R006(C00&C01&C03&C05)

S2710SI V100R006(C03&C05)

S2720EI V200R006C10, V200R009C00, V200R010C00,

V200R011C10

S2750EI V200R003C00, V200R005C00SPC300, V200R006C00,

V200R007C00, V200R008C00, V200R009C00,
V200R010C00, V200R011C00, V200R011C10

S3700 S3700SI V100R005C01, V100R006(C00&C01&C03&C05)

S3700EI V100R005C01, V100R006(C00&C01&C03&C05)

S3700HI V100R006C01, V200R001C00

S5700 S5700LI V200R001C00, V200R002C00,

V200R003(C00&C02&C10), V200R005C00SPC300,
V200R006C00, V200R007C00, V200R008C00,
V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5700S-LI V200R001C00, V200R002C00, V200R003C00,

V200R005C00SPC300, V200R006C00, V200R007C00,
V200R008C00, V200R009C00, V200R010C00,
V200R011C00, V200R011C10

S5710-C-LI V200R001C00

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1016

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Product Product Software Version

Model

S5710-X-LI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S5700EI V100R005C01, V100R006(C00&C01),

V200R001(C00&C01), V200R002C00, V200R003C00,
V200R005(C00&C01&C02&C03)

S5700SI V100R005C01, V100R006C00, V200R001C00,

V200R002C00, V200R003C00, V200R005C00

S5710EI V200R001C00, V200R002C00, V200R003C00,

V200R005(C00&C02)

S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10

S5720LI, V200R010C00, V200R011C00, V200R011C10

S5720S-LI

S5720SI, V200R008C00, V200R009C00, V200R010C00,

S5720S-SI V200R011C00, V200R011C10

S5700HI V100R006C01, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00SPC500&C01&C02)

S5710HI V200R003C00, V200R005(C00&C02&C03)

S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5730SI V200R011C10

S5730S-EI V200R011C10

S6700 S6700EI V100R006C00, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00&C01&C02)

S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, V200R011C00, V200R011C10

S6720S-LI

S6720SI, V200R011C00, V200R011C10

S6720S-SI

NOTE
To know details about software mappings, see Hardware Query Tool.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1017

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Feature Limitations
● Only the S5700HI, S5710HI, S5720EI, S5720HI, S5710EI, S6700EI, S6720S-EI,
and S6720EI support RRPP snooping.
● When you configure the list of protected VLANs, note the following points:
– Protected VLANs must be configured before you configure an RRPP ring.
– You can delete or change existing protected VLANs before configuring an
RRPP ring. The protected VLANs cannot be changed after the RRPP ring is
configured.
– In the same physical topology, the control VLAN in a domain cannot be
configured as a protected VLAN in another domain.
– The control VLAN must be included in the protected VLANs; otherwise,
the RRPP ring cannot be configured.
– The control VLAN can be mapped to other instances before the RRPP ring
is created. After the RRPP ring is created, the mapping cannot be
changed unless you delete the RRPP ring.
– When the mapping between instances and VLANs changes, the protected
VLANs in the RRPP domain also change.
– All the VLANs allowed by an RRPP interface must be configured as
protected VLANs.

18.6 Default Settings for RRPP

Table 18-5 lists the detailed RRPP default settings.

Table 18-5 Default setting for RRPP

Parameter Default Value

RRPP domain Not created

RRPP ring Not created

RRPP protocol Disabled

RRPP snooping Disabled

NOTE
Only the S5720HI, S5720EI, S6720S-EI, and
S6720EI support this function.

LinkUp delay timer 0 seconds

Hello timer 1 second

Fail timer 6 seconds

18.7 Configuring RRPP

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1018

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

18.7.1 Configuring Interfaces on an RRPP Ring

Context
Data in different VLANs is transmitted on the RRPP ring, including data VLANs
and control VLANs. You need to configure an interface to allow data from these
VLANs to pass through, ensuring data transmission on the ring.

RRPP cannot be configured on an interface configured with Smart Link, MUX

VLAN, or MSTP. Before configuring RRPP, ensure that the interface is not
configured with protocols that conflict with RRPP.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The interface view is displayed.

Step 3 Run port link-type hybrid

The link type of the interface is configured as hybrid.

Step 4 Run port hybrid tagged vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }

The VLAN allowed by an RRPP-enabled interface is specified.

An RRPP-enabled interface needs to allow packets of control VLANs and data

VLANs to pass through, so the interface must be configured as a trunk or hybrid
interface.

After the control-vlan command is use in the RRPP domain view to configure a
control VLAN and the ring node-mode command is configured, the interfaces on
the RRPP ring allow packets of the control VLAN to pass through. Therefore, you
need to specify only the IDs of data VLANs in this step.

NOTE

If RRPP snooping is enabled on the VLANIF interface of a VLAN, RRPP-enabled interfaces

cannot be added to the VLAN.

Step 5 Run stp disable

STP is disabled on the RRPP interface.

RRPP and STP cannot be configured on an interface simultaneously. By default,

STP is enabled on all the interfaces on the device. Therefore, before creating an
RRPP ring, disable STP on the interfaces that need to be added to the RRPP ring.

----End

18.7.2 Creating an RRPP Domain and the Control VLAN

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1019

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Context
A group of interconnected switches configured with the same domain ID and
control VLAN constitute an RRPP domain. Different RRPP domains must be
configured with different domain IDs and control VLANs.

An RRPP domain has two control VLANs, that is, the major control VLAN and sub-
control VLAN. Protocol packets on the major ring are transmitted in the major
control VLAN, and RRPP packets on the sub-rings are transmitted in the sub-
control VLAN.

Procedure
Step 1 On each switch in an RRPP domain, run system-view

The system view is displayed.

Step 2 Run rrpp domain domain-id

An RRPP domain is created and the RRPP domain view is displayed.

A maximum of 24 domains can be created on the S5720EI, S5720SI, S5720S-SI,

S5730SI, S5730S-EI, S6720SI, S6720S-SI, S6720LI, S6720S-LI, S5720HI, S6720S-EI,
and S6720EI. On other devices, a maximum of 8 domains can be created.

When creating an RRPP domain, specify the domain ID. If the domain to be
configured exists, the domain view is displayed.

Step 3 (Optional) Run description text

A description is configured for the RRPP domain.

By default, no description is configured for an RRPP domain.

After RRPP is configured on a device, you can run the description command to
configure the description of the RRPP domain, including the RPPP domain ID, to
facilitate maintenance.

Step 4 Run control-vlan vlan-id

A control VLAN is created.

An RRPP domain has two control VLANs, that is, the major control VLAN and sub-
control VLAN. You need to specify only the major control VLAN. The VLAN whose
ID is one greater than the ID of the major control VLAN becomes the sub-control
VLAN.

The control VLAN specified by vlan-id and the sub-control VLAN specified by vlan-
id plus one must be VLANs that have not been created or used.

After configuring a control VLAN for an RRPP domain, you cannot directly change
the control VLAN. To change the control VLAN, you need to delete the domain
and then configure a new control VLAN. You can also run the undo control-vlan
command to delete the control VLAN and then configure a new control VLAN. The
sub-control VLAN is deleted when the RRPP domain is deleted.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1020

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

NOTE

DHCP services cannot be configured for control VLANs.

Do not run the mac-limit command in the control VLAN view to configure a MAC address
limiting rule.
VLAN 1 is the default VLAN and cannot be configured as the control VLAN.

----End

18.7.3 Creating an Instance

Context
You can map data in VLANs to an instance and configure the instance to the
protected VLAN so that the device can control data in VLANs based on RRPP.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run stp region-configuration

The MST region view is displayed.

Step 3 Run instance instance-id vlan { vlan-id1 [ to vlan-id2 ] }&<1-10>

The mapping between the instance and VLAN is configured.

instance-id in this command must be the same as instance-id used by the

protected-instance command.

NOTE

The control VLANs of the major ring and the sub-rings must be contained in the VLAN list.
To configure the mapping between an instance and a MUX VLAN, you are advised to
configure the principal VLAN, subordinate group VLANs, and subordinate separate VLANs
of the MUX VLAN in the same instance. Otherwise, loops may occur.
If the stp mode (system view) command is used to configure the switch to work in VBST
mode, the static instance protected by RRPP cannot be directly deleted.

Instance 0 is the default instance and does not need to be created.

By default, all VLANs are mapped to Instance 0.

Step 4 Run active region-configuration

The configuration of the MST domain is activated.

----End

18.7.4 Configuring a Protected VLAN

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1021

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Context
The device controls only data in the protected VLANs based on RRPP. Data out of
the protected VLANs may cause storms on the ring network.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run rrpp domain domain-id
The RRPP domain view is displayed.
Step 3 Run protected-vlan reference-instance { { instance-id1 [ to instance-id2 ] }
&<1-10> | all }
The list of protected VLANs in the RRPP domain is configured.
All the VLANs whose packets need to pass through an RRPP interface, including
the control VLANs and data VLANs, must be configured as protected VLANs.

NOTE

When you configure the list of protected VLANs, note the following points:
● Protected VLANs must be configured before you configure an RRPP ring.
● You can delete or change existing protected VLANs before configuring an RRPP ring. The
protected VLANs cannot be changed after the RRPP ring is configured.
● In the same physical topology, the control VLAN in a domain cannot be configured as a
protected VLAN in another domain.
● The control VLAN must be included in the protected VLANs; otherwise, the RRPP ring
cannot be configured.
● The control VLAN can be mapped to other instances before the RRPP ring is created.
After the RRPP ring is created, the mapping cannot be changed unless you delete the
RRPP ring.
● When the mapping between an instance and VLANs changes, the protected VLANs in
the RRPP domain also change.
● All the VLANs allowed by an RRPP interface must be configured as protected VLANs.

----End

18.7.5 Creating and Enabling an RRPP Ring

Context
You need to manually add nodes to an RRPP ring and configure an interface role
for each node.
The RRPP ring can be activated only when both the RRPP ring and the RRPP
protocol are enabled on all the switches on an RRPP ring.

Prerequisites
STP has been disabled on the interfaces that need to be added to the RRPP ring.
(By default, STP is enabled on all interfaces of the device.)

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1022

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run rrpp domain domain-id
The RRPP domain view is displayed.
Step 3 Run ring ring-id node-mode { master | transit } primary-port interface-type
interface-number secondary-port interface-type interface-number level level-
value
An RRPP ring is created.
Level 0 indicates the major ring, and Level 1 indicates a sub-ring.

NOTE

● A domain contains only one major ring. Before creating a sub-ring, you must create the
major ring.
● The master node on the sub-ring cannot server as the edge node or the assistant edge
node.
● A maximum of 24 rings can be created on the S5720EI, S5720SI, S5720S-SI, S5730SI,
S5730S-EI, S6720SI, S6720S-SI, S5720HI, S6720LI, S6720S-LI, S6720S-EI, and S6720EI,
and 16 rings on other models.
● Before adding an interface to an RRPP ring, disable port security on the interface;
otherwise, loops cannot be prevented.

Step 4 Run ring ring-id node-mode { edge | assistant-edge } common-port interface-

type interface-number edge-port interface-type interface-number
An edge node and an assistant edge node on the RRPP sub-ring are configured.
The common interfaces on the edge node and assistant edge node must be
located on the major ring.
The system automatically sets the level of the ring where the edge node and
assistant edge node reside to 1.
Step 5 Run ring ring-id enable
The RRPP ring is enabled.

----End

18.7.6 Enabling RRPP

Context
After the RRPP ring is enabled, you need to enable the RRPP protocol for devices
on the RRPP ring so that RRPP can work properly.

Procedure
Step 1 Run system-view

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1023

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

The system view is displayed.

Step 2 Run rrpp enable
RRPP is enabled.

----End

18.7.7 (Optional) Creating a Ring Group

Context
To reduce the number of received and sent Edge-Hello packets, you can use a ring
group, in which a group of sub-rings with the same configuration of edge nodes
or assistant edge nodes are added to the ring group.

Procedure
Step 1 On the edge node or assistant edge node, run system-view
The system view is displayed.
Step 2 Run rrpp ring-group ring-group-id
A ring group is created.
A ring group can be created only on an edge node or an assistant edge on a sub-
ring.
All the sub-rings in a ring group must be on nodes of the same type, for example,
all the sub-rings are located on edge nodes or assistant edge nodes.
Step 3 Run domain domain-id ring { ring-id1 [ to ring-id2 ] } &<1-10>
Sub-rings are added to the ring group.
Sub-rings in the same ring group share the same edge node, and the same
assistant edge node.
A sub-ring can belong to only one ring group.
When you add a sub-ring to a ring group or delete a sub-ring from the ring group,
note the following points:
● To add an activated sub-ring to a ring group, add the sub-ring to the ring
group on the assistant edge node, and then perform the same operation on
the edge node.
● To delete an activated sub-ring from a ring group, delete the sub-ring from
the ring group on the edge node, and then perform the same operation on
the assistant edge node.

----End

18.7.8 (Optional) Setting the Values of the Hello Timer and

Fail Timer in an RRPP Domain

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1024

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Context
The Hello timer and Fail timer are used when the master node sends and receives
RRPP packets. The value of the Hello timer specifies the interval at which the
master node sends Hello packets from the primary interface. The value of the Fail
timer specifies the maximum delay in which the primary interface on the master
node sends a Hello packet and the secondary interface receives the Hello packet.

You only need to set the values of the Hello timer and Fail timer on the master
node in an RRPP domain.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run rrpp domain domain-id

The RRPP domain view is displayed.

Step 3 Run timer hello-timer hello-value fail-timer fail-value

The values of the Hello timer and the Fail timer in an RRPP domain are set.

The value of the Fail timer must be no smaller than three times the value of the
Hello timer.

By default, the value of the Hello timer on an edge node is half of the value of the
Hello timer on the master node of the major ring.

The values of both the Hello timer and Fail timer must be set the same on each
node in an RRPP domain; otherwise, edge interfaces on the edge nodes may be
unstable.

It is recommended that the value of the Fail timer be configured based on the
actual networking. If the value of the Fail timer is incorrect, for example, the value
is too small, loops may occur.

----End

18.7.9 (Optional) Setting the Value of the Link-Up Timer

Context
After the value of the Link-Up timer is set, the RRPP link does not immediately
change its status but changes the status when the Link-Up timer times out. This
reduces flapping of the link status.

You only need to set the value of the Link-Up timer on the master node.

Procedure
Step 1 On the master node, run system-view

The system view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1025

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Step 2 Run rrpp linkup-delay-timer linkup-delay-timer-value

The value of the Link-Up timer is set for the RRPP link.
The value set by the linkup-delay-timer-value command must be no larger than
the value of the Fail timer minus twice the value of the Hello timer. The default
value of the Link-Up timer is 0.

----End

18.7.10 Verifying the RRPP Configuration

Procedure
● Run the display stp region-configuration command to check the mapping
between MSTIs and VLANs.
● Run the display rrpp brief [ domain domain-id ] command to check
summary information about an RRPP domain.
● Run the display rrpp verbose domain domain-id [ ring ring-id ] command to
check detailed information about an RRPP domain.
● Run the display rrpp statistics domain domain-id [ ring ring-id ] command
to check the statistics on packets in an RRPP domain.
----End

18.8 Configuring RRPP Snooping

Prerequisites
NOTE

Only the S5720HI, S5720EI, S6720S-EI, and S6720EI support this function.

RRPP snooping is a technology that notifies the VPLS network of changes in the
RRPP ring. After RRPP snooping is enabled on sub-interfaces or VLANIF interfaces,
the VPLS network can transparently transmit RRPP packets, detect changes on the
RRPP ring, and upgrade forwarding entries, ensuring that traffic can be rapidly
switched to a non-blocking path. Before configuring RRPP snooping, complete the
following tasks:
● Configuring a VPLS network
● Configuring RRPP

18.8.1 Enabling RRPP Snooping

Context
When RRPP snooping is enabled on an interface, the status of the RRPP ring can
be detected through RRPP control packets. When the status of the RRPP ring
changes, the interface requests the VSI bound to the interface to update its MAC
address table.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1026

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

NOTE

RRPP and RRPP snooping cannot be simultaneously configured on the same interface.

Configure RRPP snooping only on the node connecting the RRPP ring to the VPLS
network.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Entering the view of the interface to be enabled with RRPP snooping using the
following commands as required
● Run interface interface-type interface-number.subinterface-number
The sub-interface view is displayed.
● Run interface vlanif vlan-id
The VLANIF interface view is displayed.
Specifying that the sub-interface or VLANIF interface permits only the packets in
the control VLAN of the RRPP domain to pass through.
Step 3 Run rrpp snooping enable
RRPP snooping is enabled.
Before running this command, bind the sub-interface or VLANIF interface to the
VSI.
If the sub-interface or VLANIF interface is removed from the VSI, RRPP snooping is
automatically disabled on the interface.
After RRPP snooping is enabled on the sub-interface or VLANIF interface, the sub-
interface or VLANIF interface is automatically associated with the VSI.
By default, RRPP snooping is disabled.

----End

18.8.2 Configuring the VSI Associated with RRPP Snooping

Context
If you associate an RRPP snooping-enabled sub-interface or VLANIF interface with
another VSI on the device, the interface notifies the associated VSI of changes of
the RRPP ring status. In this way, the VSI can immediately update the MAC
address table.
You only need to configure the VSI associated with RRPP snooping on the NPE
node connecting the RRPP ring to the VPLS network.

Procedure
Step 1 Run system-view

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1027

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

The system view is displayed.

Step 2 Entering the view of the interface to be enabled with RRPP snooping using the
following commands as required
● Run interface interface-type interface-number.subinterface-number
The sub-interface view is displayed.
● Run interface vlanif vlan-id
The VLANIF interface view is displayed.
The VLANIF interface in this step must map the RRPP control VLAN. For
example, if the RRPP control VLAN ID is 100, the VLANIF interface here must
be VLANIF 100.

Step 3 Configuring the VSI associated with RRPP snooping on the sub-interface or
VLANIF interface using the following commands as required
● Run rrpp snooping vsi vsi-name
The VSI associated with RRPP snooping is configured on the sub-interface or
VLANIF interface.
● Run rrpp snooping all-vsi
VSIs that are bound to all the other sub-interfaces connected to the same
main interface are automatically associated on the sub-interface.
NOTE

The rrpp snooping vsi vsi-name command associates the interface with only one VSI at a
time. To associate the sub-interface or VLANIF interface with multiple VSIs, run this
command multiple times.

----End

18.8.3 Verifying the RRPP Snooping Configuration

Procedure
● Run the display rrpp snooping enable { all | interface vlanif interface-
number } command to check the interfaces that are enabled with RRPP
snooping.
● Run the display rrpp snooping vsi { all | interface vlanif interface-number }
command to check the VSIs associated with RRPP snooping.

----End

18.9 Clearing RRPP Statistics

Context
You can set the RRPP statistics to 0 for collecting new statistics about RRPP
packets.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1028

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

NOTICE

RRPP statistics cannot be restored after you clear them. Therefore, exercise caution
when you run the command.

Procedure
Step 1 Run the reset rrpp statistics domain domain-id [ ring ring-id ] command in the
user view to clear RRPP statistics.

----End

18.10 Configuration Examples for RRPP

18.10.1 Example for Configuring a Single RRPP Ring with a

Single Instance

Networking Requirements
As shown in Figure 18-32, SwitchA, SwitchB, and SwitchC constitute a ring
network. The network is required to prevent loops when the ring is complete and
implement fast convergence to rapidly restore communication between nodes on
the ring when the ring fails. You can enable RRPP on SwitchA, SwitchB, and
SwitchC to meet this requirement.

Figure 18-32 Networking diagram of a single RRPP ring

SwitchB

GE0/0/2

GE0/0/1 GE0/0/1
Ring 1
GE0/0/2 GE0/0/2 SwitchC

GE0/0/1
SwitchA
Primary interface
Secondary interface

Configuration Roadmap
The configuration roadmap is as follows:

1. Configure interfaces to be added to the RRPP domain on the devices so that

data can pass through the interfaces. Disable protocols that conflict with
RRPP, such as STP.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1029

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

2. Create an RRPP domain and its control VLAN.

3. Map data that needs to pass through the VLANs on the RRPP ring to Instance
1, including data VLANs 100 to 300 and control VLANs 20 and 21 (VLAN 21 is
the sub-control VLAN generated by the device).
4. In the RRPP domain, configure a protected VLAN, create an RRPP ring and
configure SwitchA, SwitchB, and SwitchC as nodes on Ring 1 in Domain 1.
Configure SwitchA as the master node on Ring 1, and configure SwitchB and
SwitchC as transit nodes on Ring 1.
5. Enable the RRPP ring and RRPP protocol on devices to make RRPP take effect.

Procedure
Step 1 Create an RRPP domain and its control VLAN.
# Configure SwitchA. The configurations on SwitchB and SwitchC are similar to
that on SwitchA and not mentioned here. For details, see the configuration files.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] rrpp domain 1
[SwitchA-rrpp-domain-region1] control-vlan 20
[SwitchA-rrpp-domain-region1] quit

Step 2 Map Instance 1 to control VLANs 20 and 21 and data VLANs 100 to 300.
# Configure SwitchA. The configurations on SwitchB and SwitchC are the same as
that of SwitchA and not mentioned here. For details, see the configuration files.
[SwitchA] vlan batch 100 to 300
[SwitchA] stp region-configuration
[SwitchA-mst-region] instance 1 vlan 20 21 100 to 300
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit

Step 3 Configure the interfaces to be added to the RRPP ring as trunk interfaces, allow
data VLANs 100 to 300 to pass through the interfaces, and disable STP on the
interfaces.
# Configure SwitchA. The configurations on SwitchB and SwitchC are the same as
that ofSwitchA and not mentioned here. For details, see the configuration files.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 to 300
[SwitchA-GigabitEthernet0/0/1] stp disable
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 to 300
[SwitchA-GigabitEthernet0/0/2] stp disable
[SwitchA-GigabitEthernet0/0/2] quit

Step 4 Specify a protected VLAN, and create and enable an RRPP ring.
# Configure SwitchA.
[SwitchA] rrpp domain 1
[SwitchA-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchA-rrpp-domain-region1] ring 1 node-mode master primary-port gigabitethernet 0/0/1
secondary-port gigabitethernet 0/0/2 level 0

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1030

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

[SwitchA-rrpp-domain-region1] ring 1 enable

[SwitchA-rrpp-domain-region1] quit

# Configure SwitchB.
[SwitchB] rrpp domain 1
[SwitchB-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchB-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[SwitchB-rrpp-domain-region1] ring 1 enable
[SwitchB-rrpp-domain-region1] quit

# Configure SwitchC.
[SwitchC] rrpp domain 1
[SwitchC-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchC-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[SwitchC-rrpp-domain-region1] ring 1 enable
[SwitchC-rrpp-domain-region1] quit

Step 5 Enable RRPP.

# Configure SwitchA. The configurations on SwitchB and SwitchC are the same as
that of SwitchA and not mentioned here. For details, see the configuration files.
[SwitchA] rrpp enable

Step 6 Verify the configuration.

After the preceding configurations are complete and the network becomes stable,
run the following commands to verify the configuration. The display on Switch A
is used as an example.
# Run the display rrpp brief command on SwitchA. The command output is as
follows:
[SwitchA] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge

RRPP Protocol Status: Enable

RRPP Working Mode: HW
RRPP Linkup Delay Timer: 0 sec (0 sec default)
Number of RRPP Domains: 1

Domain Index : 1
Control VLAN : major 20 sub 21
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

Ring Ring Node Primary/Common Secondary/Edge Is

ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
1 0 M GigabitEthernet0/0/1 GigabitEthernet0/0/2 Yes

The command output shows that RRPP is enabled on SwitchA, the major control
VLAN of domain 1 is VLAN 20 and the sub-control VLAN is VLAN 21, and SwitchA
is the master node on Ring 1. The primary interface is GigabitEthernet0/0/1 and
the secondary interface is GigabitEthernet0/0/2.
# Run the display rrpp verbose domain command on SwitchA. The command
output is as follows:
[SwitchA] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 20 sub 21

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1031

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Protected VLAN : Reference Instance 1

Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

RRPP Ring :1
Ring Level :0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet0/0/1 Port status: UP
Secondary port : GigabitEthernet0/0/2 Port status: BLOCKED

The command output shows that the RRPP ring is complete.

----End

Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 20 to 21 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 20 to 21 100 to 300
active region-configuration
#
rrpp domain 1
control-vlan 20
protected-vlan reference-instance 1
ring 1 node-mode master primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
return

● SwitchB configuration file

#
sysname SwitchB
#
vlan batch 20 to 21 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 20 to 21 100 to 300
active region-configuration
#
rrpp domain 1
control-vlan 20
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1032

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
return

● SwitchC configuration file

#
sysname SwitchC
#
vlan batch 20 to 21 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 20 to 21 100 to 300
active region-configuration
#
rrpp domain 1
control-vlan 20
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
return

Relevant Information
Video

Configure RRPP

18.10.2 Example for Configuring Intersecting RRPP Rings with

a Single Instance

Networking Requirements
Ethernet network uses two-layer rings: one is the aggregation layer between
aggregation devices PE-AGGs and the other is the access layer between PE-AGGs
and UPEs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1033

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Figure 18-33 Networking diagram of intersecting RRPP rings with a single

instance
RRPP Domain

UPE1 PE-AGG2
Edge Master
Sub PE-AGG1
Ring 1
Master
Major P Core Net
Ring S
UPE Sub Block NPE
LANSwitch Ring 2
Assistant
PE-AGG: PE-Aggregation
PE-AGG3
Master NPE: Network Provider Edge
UPE: Underlayer Provider Edge

LANSwitch

As shown in Figure 18-33, the network is required to prevent loops when the ring
is complete and implement fast convergence to rapidly restore communication
between nodes on the ring when the ring fails. RRPP can meet this requirement.
RRPP supports multiple rings. You can configure the aggregation layer as the
major ring and the access layer as the sub-ring, simplifying the network
configuration.

As shown in Figure 18-34, SwitchB, SwitchA, SwitchD, and SwitchC map PE-AGG1,
PE-AGG2, PE-AGG3, and UPE1 in Figure 18-33 respectively. Figure 18-34 is used
as an example to describe how to configure intersecting RRPP rings with a single
instance in the RRPP version defined by Huawei.

Figure 18-34 Networking diagram of intersecting RRPP rings with a single

instance
SwitchA
GE0/0/3 GE0/0/1

SwitchC GE0/0/2 SwitchB

GE0/0/2 GE0/0/1
sub-ring major ring
GE0/0/1 GE0/0/2
GE0/0/2

GE0/0/3 GE0/0/1 SwitchD

Configuration Roadmap
The configuration roadmap is as follows:

1. Create an RRPP domain and its control VLAN.

2. Map the VLANs that need to pass through the RRPP ring to Instance 1,
including data VLANs 2 to 9 and control VLANs 10 and 11 (VLAN 11 is the
sub-control VLAN generated by the device).

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1034

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

3. Configure interfaces to be added to the RRPP domain on the devices so that

data can pass through the interfaces. Disable protocols that conflict with
RRPP, such as STP.
4. Configure a protected VLAN and create an RRPP ring in the RRPP domain.
a. Configure Ring 1 (major ring) in Domain 1 on SwitchA, SwitchB, and
SwitchD.
b. Configure Ring 2 (sub-ring) in Domain 1 on SwitchA, SwitchC, and
SwitchD.
c. Configure SwitchB as the master node on the major ring and configure
SwitchA and SwitchD as transit nodes on the major ring.
d. Configure SwitchC as the master node on the sub-ring, configure SwitchA
as the edge node on the sub-ring, and configure SwitchD as the assistant
edge node on the sub-ring.
5. Enable the RRPP ring and RRPP protocol on devices to make RRPP take effect.

Procedure
Step 1 Configure SwitchB as the master node on the major ring.

# Create data VLANs 2 to 9 on SwitchB.

<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 2 to 9

# Configure Instance 1, and map it to the data VLANs and control VLANs allowed
by the RRPP interface.
[SwitchB] stp region-configuration
[SwitchB-mst-region] instance 1 vlan 2 to 11
[SwitchB-mst-region] active region-configuration
[SwitchB-mst-region] quit

# Configure Domain 1 on SwitchB. Configure VLAN 10 as the major control VLAN

and bind Instance 1 to the protected VLAN in Domain 1.
[SwitchB] rrpp domain 1
[SwitchB-rrpp-domain-region1] control-vlan 10
[SwitchB-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchB-rrpp-domain-region1] quit

# Configure the RRPP interface as a trunk interface to allow data from VLANs 2 to
9 to pass through and disable STP on the interface to be added to the RRPP ring.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type trunk
[SwitchB-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 2 to 9
[SwitchB-GigabitEthernet0/0/1] stp disable
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type trunk
[SwitchB-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 to 9
[SwitchB-GigabitEthernet0/0/2] stp disable
[SwitchB-GigabitEthernet0/0/2] quit

# Configure the primary interface and secondary interface on the master node of
the major ring.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1035

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

[SwitchB] rrpp domain 1

[SwitchB-rrpp-domain-region1] ring 1 node-mode master primary-port gigabitethernet 0/0/1
secondary-port gigabitethernet 0/0/2 level 0
[SwitchB-rrpp-domain-region1] ring 1 enable
[SwitchB-rrpp-domain-region1] quit

Step 2 Configure SwitchC as the master node on the sub-ring.

# Create data VLANs 2 to 9 on SwitchC.
<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] vlan batch 2 to 9

# Configure Instance 1, and map it to the data VLANs and control VLANs allowed
by the RRPP interface.
[SwitchC] stp region-configuration
[SwitchC-mst-region] instance 1 vlan 2 to 11
[SwitchC-mst-region] active region-configuration
[SwitchC-mst-region] quit

# Configure Domain 1 on SwitchC. Configure VLAN 10 as the major control VLAN

and bind Instance 1 to the protected VLAN in Domain 1.
[SwitchC] rrpp domain 1
[SwitchC-rrpp-domain-region1] control-vlan 10
[SwitchC-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchC-rrpp-domain-region1] quit

# Disable STP on the interface to be added to the RRPP ring and configure the
RRPP interface as a trunk interface to allow data from VLANs 2 to 9 to pass
through.
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] port link-type trunk
[SwitchC-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[SwitchC-GigabitEthernet0/0/1] port trunk allow-pass vlan 2 to 9
[SwitchC-GigabitEthernet0/0/1] stp disable
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] port link-type trunk
[SwitchC-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1
[SwitchC-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 to 9
[SwitchC-GigabitEthernet0/0/2] stp disable
[SwitchC-GigabitEthernet0/0/2] quit

# Configure the primary interface and secondary interface on the master node of
the sub-ring.
[SwitchC] rrpp domain 1
[SwitchC-rrpp-domain-region1] ring 2 node-mode master primary-port gigabitethernet 0/0/1
secondary-port gigabitethernet 0/0/2 level 1
[SwitchC-rrpp-domain-region1] ring 2 enable
[SwitchC-rrpp-domain-region1] quit

Step 3 Configure SwitchA as the transit node on the major ring and the edge node on the
sub-ring.
# Create data VLANs 2 to 9 on SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 2 to 9

# Configure Instance 1, and map it to the data VLANs and control VLANs allowed
by the RRPP interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1036

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

[SwitchA] stp region-configuration

[SwitchA-mst-region] instance 1 vlan 2 to 11
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit

# Configure Domain 1 on SwitchA. Configure VLAN 10 as the major control VLAN

and bind Instance 1 to the protected VLAN in Domain 1.
[SwitchA] rrpp domain 1
[SwitchA-rrpp-domain-region1] control-vlan 10
[SwitchA-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchA-rrpp-domain-region1] quit

# Disable STP on the interface to be added to the RRPP ring and configure the
RRPP interface as a trunk interface to allow data from VLANs 2 to 9 to pass
through.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 2 to 9
[SwitchA-GigabitEthernet0/0/1] stp disable
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 to 9
[SwitchA-GigabitEthernet0/0/2] stp disable
[SwitchA-GigabitEthernet0/0/2] quit
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] port link-type trunk
[SwitchA-GigabitEthernet0/0/3] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet0/0/3] port trunk allow-pass vlan 2 to 9
[SwitchA-GigabitEthernet0/0/3] stp disable
[SwitchA-GigabitEthernet0/0/3] quit

# Configure the primary interface and secondary interface on the transit node of
the major ring.
[SwitchA] rrpp domain 1
[SwitchA-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 0/0/2 secondary-
port gigabitethernet 0/0/1 level 0
[SwitchA-rrpp-domain-region1] ring 1 enable
[SwitchA-rrpp-domain-region1] quit

# Configure the common interface and edge interface on the edge node of the
sub-ring.
[SwitchA] rrpp domain 1
[SwitchA-rrpp-domain-region1] ring 2 node-mode edge common-port gigabitethernet 0/0/2 edge-port
gigabitethernet 0/0/3
[SwitchA-rrpp-domain-region1] ring 2 enable
[SwitchA-rrpp-domain-region1] quit

Step 4 Configure SwitchD as the transit node on the major ring and the assistant edge
node on the sub-ring.
# Create data VLANs 2 to 9 on SwitchD.
<HUAWEI> system-view
[HUAWEI] sysname SwitchD
[SwitchD] vlan batch 2 to 9

# Configure Instance 1, and map it to the data VLANs and control VLANs allowed
by the RRPP interface.
[SwitchD] stp region-configuration
[SwitchD-mst-region] instance 1 vlan 2 to 11

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1037

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

[SwitchD-mst-region] active region-configuration

[SwitchD-mst-region] quit

# On SwitchD, configure Domain 1. Configure VLAN 10 as the major control VLAN

and bind Instance 1 to the protected VLAN in Domain 1.
[SwitchD] rrpp domain 1
[SwitchD-rrpp-domain-region1] control-vlan 10
[SwitchD-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchD-rrpp-domain-region1] quit

# Disable STP on the interface to be added to the RRPP ring, configure the RRPP
interface as a trunk interface, and configure the interfaces to allow service packets
of VLAN 2 to VLAN 9 to pass through.
[SwitchD] interface gigabitethernet 0/0/1
[SwitchD-GigabitEthernet0/0/1] port link-type trunk
[SwitchD-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[SwitchD-GigabitEthernet0/0/1] port trunk allow-pass vlan 2 to 9
[SwitchD-GigabitEthernet0/0/1] stp disable
[SwitchD-GigabitEthernet0/0/1] quit
[SwitchD] interface gigabitethernet 0/0/2
[SwitchD-GigabitEthernet0/0/2] port link-type trunk
[SwitchD-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1
[SwitchD-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 to 9
[SwitchD-GigabitEthernet0/0/2] stp disable
[SwitchD-GigabitEthernet0/0/2] quit
[SwitchD] interface gigabitethernet 0/0/3
[SwitchD-GigabitEthernet0/0/3] port link-type trunk
[SwitchD-GigabitEthernet0/0/3] undo port trunk allow-pass vlan 1
[SwitchD-GigabitEthernet0/0/3] port trunk allow-pass vlan 2 to 9
[SwitchD-GigabitEthernet0/0/3] stp disable
[SwitchD-GigabitEthernet0/0/3] quit

# Configure the primary interface and secondary interface on the transit node of
the major ring.
[SwitchD] rrpp domain 1
[SwitchD-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 0/0/2
secondary-port gigabitethernet 0/0/1 level 0
[SwitchD-rrpp-domain-region1] ring 1 enable
[SwitchD-rrpp-domain-region1] quit

# Configure the common interface and edge interface on the assistant edge node
of the sub-ring.
[SwitchD] rrpp domain 1
[SwitchD-rrpp-domain-region1] ring 2 node-mode assistant-edge common-port gigabitethernet 0/0/2
edge-port gigabitethernet 0/0/3
[SwitchD-rrpp-domain-region1] ring 2 enable
[SwitchD-rrpp-domain-region1] quit

Step 5 Enable RRPP.

# Configure SwitchA. The configurations on SwitchB, SwitchC, and SwitchD are the
same as that of SwitchA and not mentioned here. For details, see the
configuration files.
[SwitchA] rrpp enable

Step 6 Verify the configuration.

After the preceding configurations are complete and the network becomes stable,
run the following commands to verify the configuration.
# Run the display rrpp brief command on SwitchB. The command output is as
follows:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1038

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

[SwitchB] display rrpp brief

Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge

RRPP Protocol Status: Enable

RRPP Working Mode: HW
RRPP Linkup Delay Timer: 0 sec (0 sec default)
Number of RRPP Domains: 1

Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

Ring Ring Node Primary/Common Secondary/Edge Is

ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
1 0 M GigabitEthernet0/0/1 GigabitEthernet0/0/2 Yes

The command output shows that RRPP is enabled on SwitchB. The major control
VLAN is VLAN 10, and the sub-control VLAN is VLAN 11; SwitchB is the master
node on the major ring, with GE0/0/1 as the primary interface and GE0/0/2 as the
secondary interface.
# Run the display rrpp verbose domain command on SwitchB. The command
output is as follows:
[SwitchB] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

RRPP Ring :1
Ring Level :0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet0/0/1 Port status: UP
Secondary port : GigabitEthernet0/0/2 Port status: BLOCKED

The command output shows that the ring is in Complete state, and the secondary
interface on the master node is blocked.
# Run the display rrpp brief command on SwitchC. The command output is as
follows:
[SwitchC] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge

RRPP Protocol Status: Enable

RRPP Working Mode: HW
RRPP Linkup Delay Timer: 0 sec (0 sec default)
Number of RRPP Domains: 1

Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

Ring Ring Node Primary/Common Secondary/Edge Is

ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
2 1 M GigabitEthernet0/0/1 GigabitEthernet0/0/2 Yes

You can find that RRPP is enabled on SwitchC. The major control VLAN is VLAN
10, and the sub-control VLAN is VLAN 11; SwitchC is the master node on the sub-

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1039

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

ring, with GE0/0/1 as the primary interface and GE0/0/2 as the secondary
interface.

# Run the display rrpp verbose domain command on SwitchC. The command
output is as follows:
[SwitchC] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

RRPP Ring :2
Ring Level : 1
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet0/0/1 Port status: UP
Secondary port : GigabitEthernet0/0/2 Port status: BLOCKED

The command output shows that the sub-ring is in Complete state, and the
secondary interface on the master node of the sub-ring is blocked.

# Run the display rrpp brief command on SwitchA. The command output is as
follows:
[SwitchA] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge

RRPP Protocol Status: Enable

RRPP Working Mode: HW
RRPP Linkup Delay Timer: 0 sec (0 sec default)
Number of RRPP Domains: 1

Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

Ring Ring Node Primary/Common Secondary/Edge Is

ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
1 0 T GigabitEthernet0/0/2 GigabitEthernet0/0/1 Yes
2 1 E GigabitEthernet0/0/2 GigabitEthernet0/0/3 Yes

The command output shows that RRPP is enabled on SwitchA. The major control
VLAN is VLAN 10, and the sub-control VLAN is VLAN 11. SwitchA is the transit
node on the major ring. The primary interface is GE0/0/2 and the secondary
interface is GE0/0/1.

SwitchA is also the edge node on the sub-ring, with GE0/0/2 as the common
interface and GE0/0/3 as the edge interface.

# Run the display rrpp verbose domain command on SwitchA. The command
output is as follows:
[SwitchA] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

RRPP Ring :1
Ring Level :0
Node Mode : Transit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1040

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Ring State : LinkUp

Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet0/0/2 Port status: UP
Secondary port : GigabitEthernet0/0/1 Port status: UP

RRPP Ring :2
Ring Level :1
Node Mode : Edge
Ring State : LinkUp
Is Enabled : Enable Is Active: Yes
Common port : GigabitEthernet0/0/2 Port status: UP
Edge port : GigabitEthernet0/0/3 Port status: UP

# Run the display rrpp brief command on SwitchD. The command output is as
follows:
[SwitchD] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge

RRPP Protocol Status: Enable

RRPP Working Mode: HW
RRPP Linkup Delay Timer: 0 sec (0 sec default)
Number of RRPP Domains: 1

Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

Ring Ring Node Primary/Common Secondary/Edge Is

ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
1 0 T GigabitEthernet0/0/2 GigabitEthernet0/0/1 Yes
2 1 A GigabitEthernet0/0/2 GigabitEthernet0/0/3 Yes

The command output shows that RRPP is enabled on SwitchD. The major control
VLAN is VLAN 10, and the sub-control VLAN is VLAN 11. SwitchD is the transit
node on the major ring, with GE0/0/2 as the primary interface and GE0/0/1 as the
secondary interface. SwitchD is also the assistant edge node on the sub-ring, with
GE0/0/2 as the common interface and GE0/0/3 as the edge interface.
# Run the display rrpp verbose domain command on SwitchD. The command
output is as follows:
[SwitchD] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

RRPP Ring :1
Ring Level :0
Node Mode : Transit
Ring State : LinkUp
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet0/0/2 Port status: UP
Secondary port : GigabitEthernet0/0/1 Port status: UP

RRPP Ring :2
Ring Level :1
Node Mode : Assistant-edge
Ring State : LinkUp
Is Enabled : Enable Is Active: Yes
Common port : GigabitEthernet0/0/2 Port status: UP
Edge port : GigabitEthernet0/0/3 Port status: UP

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1041

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 2 to 11
#
rrpp enable
#
stp region-configuration
instance 1 vlan 2 to 11
active region-configuration
#
rrpp domain 1
control-vlan 10
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet0/0/2 secondary-port GigabitEthernet0/0/1
level 0
ring 1 enable
ring 2 node-mode edge common-port GigabitEthernet0/0/2 edge-port GigabitEthernet0/0/3
ring 2 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 11
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 11
stp disable
#
interface GigabitEthernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 9 11
stp disable
#
return

● SwitchB configuration file

#
sysname SwitchB
#
vlan batch 2 to 11
#
rrpp enable
#
stp region-configuration
instance 1 vlan 2 to 11
active region-configuration
#
rrpp domain 1
control-vlan 10
protected-vlan reference-instance 1
ring 1 node-mode master primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 11
stp disable
#
interface GigabitEthernet0/0/2

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1042

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

port link-type trunk

undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 11
stp disable
#
return
● SwitchC configuration file
#
sysname SwitchC
#
vlan batch 2 to 11
#
rrpp enable
#
stp region-configuration
instance 1 vlan 2 to 11
active region-configuration
#
rrpp domain 1
control-vlan 10
protected-vlan reference-instance 1
ring 2 node-mode master primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 1
ring 2 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 9 11
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 9 11
stp disable
#
return
● SwitchD configuration file
#
sysname SwitchD
#
vlan batch 2 to 11
#
rrpp enable
#
stp region-configuration
instance 1 vlan 2 to 11
active region-configuration
#
rrpp domain 1
control-vlan 10
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet0/0/2 secondary-port GigabitEthernet0/0/1
level 0
ring 1 enable
ring 2 node-mode assistant-edge common-port GigabitEthernet0/0/2 edge-port GigabitEthernet0/0/3
ring 2 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 11
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1043

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

port trunk allow-pass vlan 2 to 11

stp disable
#
interface GigabitEthernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 9 11
stp disable
#
return

Relevant Information
Video

Configure RRPP

18.10.3 Example for Configuring Tangent RRPP Rings

Networking Requirements
Ethernet network uses two-layer rings:

● One layer is the aggregation layer between aggregation devices PE-AGGs,

such as RRPP Domain 1 in Figure 18-35.
● The other layer is the access layer between PE-AGGs and UPEs, such as RRPP
Domain 2 and RRPP Domain 3 in Figure 18-35.

Figure 18-35 Tangent RRPP rings

Master
UPE1

UPE2 PE-AGG3
RRPP Transit 1
Domain2
Master
PE-AGG1
UPE RRPP P IP/MPLS
Domain1 Core
UPE S
UPE Block NPE
RRPP Transit 2
Domain3
PE-AGG2
Master PE-AGG: PE-Aggregation
UPE NPE: Network Provider Edge
UPE: Underlayer Provider Edge

LANSwitch LANSwitch

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1044

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Master
UPE1

UPE2 PE-AGG3
RRPP Transit 1
Domain2
Master
PE-AGG1
UPE RRPP P IP/MPLS
Domain1 Core
UPE S
UPE Block NPE
RRPP Transit 2
Domain3
PE-AGG2
Master PE-AGG: PE-Aggregation
UPE NPE: Network Provider Edge
UPE: Underlayer Provider Edge

LANSwitch LANSwitch

As shown in Figure 18-35, the network is required to prevent loops when the ring
is complete and implement fast convergence to rapidly restore communication
between nodes on the ring when the ring fails. RRPP can meet this requirement.
RRPP supports multiple rings. You can configure the aggregation layer and access
layer as RRPP rings and the two rings are tangent, simplifying the network
configuration.
As shown in Figure 18-36, SwitchE, SwitchD, SwitchC, SwitchA, and SwitchB map
PE-AGG1, PE-AGG2, PE-AGG3, UPE 1, and UPE 2 in Figure 18-35 respectively.
Figure 18-36 is used as an example to describe how to configure tangent RRPP
rings with a single instance.

Figure 18-36 Network of tangent RRPP rings

SwitchA SwitchE
GE0/0/2 GE0/0/1

GE0/0/1 GE0/0/3 GE0/0/2 GE0/0/2

Domain 2 Ring 2 SwitchC Ring 1 Domain 1

GE0/0/4 GE0/0/1
GE0/0/2 GE0/0/1

GE0/0/1 GE0/0/2

SwitchB SwitchD

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1045

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Configuration Roadmap
The configuration roadmap is as follows:

1. Create different RRPP domains and control VLANs to configure an RRPP ring.
2. Map the VLANs that need to pass through Ring 1 to Instance 1, including
data VLANs and control VLANs to configure protected VLANs.
Map the VLANs that need to pass through Ring 2 to Instance 2, including
data VLANs and control VLANs to configure protected VLANs.
3. Configure timers for different RRPP domains.
NOTE

You can configure two timers for tangent points because two tangent rings locate in
different domains.
4. Configure interfaces to be added to the RRPP domain on the devices so that
data can pass through the interfaces. Disable protocols that conflict with
RRPP, such as STP.
5. Configure protected VLANs and create RRPP rings in RRPP domains.
a. Configure Ring 2 in Domain 2 on SwitchA, SwitchB, and SwitchC.
b. Configure Ring 1 in Domain 1 on SwitchC, SwitchD, and SwitchE.
c. Configure SwitchA as the master node on Ring 2, and configure SwitchB
and SwitchC as transit nodes on Ring 2.
d. Configure SwitchE as the master node on Ring 1, and configure SwitchC
and SwitchD as transit nodes on Ring 1.
6. Enable the RRPP ring and RRPP protocol on devices to make RRPP take effect.

Procedure
Step 1 Configure instance 2, and map it to the data VLANs and control VLANs allowed by
the RRPP interface.

# Configure SwitchA. The configurations of SwitchB, SwitchC, SwitchD, and

SwitchE are similar to the configuration of SwitchA and not mentioned here. For
details, see the configuration files.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] stp region-configuration
[SwitchA-mst-region] instance 2 vlan 20 to 21
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit

Step 2 Create RRPP domains and configure control VLANs and protected VLANs in the
domains.

# Configure SwitchE. The configurations of SwitchA, SwitchB, SwitchC, and

SwitchD are similar to the configuration of SwitchE and not mentioned here. For
details, see the configuration files.
[SwitchE] rrpp domain 1
[SwitchE-rrpp-domain-region1] control-vlan 10
[SwitchE-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchE-rrpp-domain-region1] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1046

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Step 3 Set the timers of RRPP domains.

# Set the timers for SwitchE, the master node on Ring 1.

[SwitchE] rrpp domain 1
[SwitchE-rrpp-domain-region1] timer hello-timer 2 fail-timer 7
[SwitchE-rrpp-domain-region1] quit

# Set the timers for SwitchD, the transit node on Ring 1.

[SwitchD] rrpp domain 1
[SwitchD-rrpp-domain-region1] timer hello-timer 2 fail-timer 7
[SwitchD-rrpp-domain-region1] quit

# Set the timers for SwitchC, the transit node on Ring 1.

[SwitchC] rrpp domain 1
[SwitchC-rrpp-domain-region1] timer hello-timer 2 fail-timer 7
[SwitchC-rrpp-domain-region1] quit

# Set the timers for SwitchA, the master node on Ring 2.

[SwitchA] rrpp domain 2
[SwitchA-rrpp-domain-region2] timer hello-timer 3 fail-timer 10
[SwitchA-rrpp-domain-region2] quit

# Set the timers for SwitchB, the transit node on Ring 2.

[SwitchB] rrpp domain 2
[SwitchB-rrpp-domain-region2] timer hello-timer 3 fail-timer 10
[SwitchB-rrpp-domain-region2] quit

# Set the timers for SwitchC, the transit node on Ring 2.

[SwitchC] rrpp domain 2
[SwitchC-rrpp-domain-region2] timer hello-timer 3 fail-timer 10
[SwitchC-rrpp-domain-region2] quit

Step 4 Configure the interfaces to be added to the RRPP ring as trunk interfaces and
disable STP on the interfaces.

# Configure SwitchA. The configurations of SwitchB, SwitchC, SwitchD, and

SwitchE are similar to the configuration of SwitchA and not mentioned here. For
details, see the configuration files.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet0/0/1] stp disable
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet0/0/2] stp disable
[SwitchA-GigabitEthernet0/0/2] quit

Step 5 Create and enable RRPP rings.

● Configure nodes on Ring 2.
# Configure SwitchA as the master node on Ring 2 and specify the primary
and secondary interfaces.
[SwitchA] rrpp domain 2
[SwitchA-rrpp-domain-region2] ring 2 node-mode master primary-port gigabitethernet 0/0/1
secondary-port gigabitethernet 0/0/2 level 0
[SwitchA-rrpp-domain-region2] ring 2 enable
[SwitchA-rrpp-domain-region2] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1047

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

# Configure SwitchB as a transit node on Ring 2 (major ring) and specify the
primary and secondary interfaces.
[SwitchB] rrpp domain 2
[SwitchB-rrpp-domain-region2] ring 2 node-mode transit primary-port gigabitethernet 0/0/1
secondary-port gigabitethernet 0/0/2 level 0
[SwitchB-rrpp-domain-region2] ring 2 enable
[SwitchB-rrpp-domain-region2] quit

# Configure SwitchC as a transit node on Ring 2 and specify the primary and
secondary interfaces.
[SwitchC] rrpp domain 2
[SwitchC-rrpp-domain-region2] ring 2 node-mode transit primary-port gigabitethernet 0/0/3
secondary-port gigabitethernet 0/0/4 level 0
[SwitchC-rrpp-domain-region2] ring 2 enable
[SwitchC-rrpp-domain-region2] quit

● Configure nodes on Ring 1. The configuration procedure is as follows:

# Configure SwitchE as the master node on Ring 1 (major ring) and specify
the primary and secondary interfaces.
[SwitchE] rrpp domain 1
[SwitchE-rrpp-domain-region1] ring 1 node-mode master primary-port gigabitethernet 0/0/1
secondary-port gigabitethernet 0/0/2 level 0
[SwitchE-rrpp-domain-region1] ring 1 enable
[SwitchE-rrpp-domain-region1] quit

# Configure SwitchC as a transit node on Ring 1 and specify the primary and
secondary interfaces.
[SwitchC] rrpp domain 1
[SwitchC-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 0/0/1
secondary-port gigabitethernet 0/0/2 level 0
[SwitchC-rrpp-domain-region1] ring 1 enable
[SwitchC-rrpp-domain-region1] quit

# Configure SwitchD as a transit node on Ring 1 and specify the primary and
secondary interfaces.
[SwitchD] rrpp domain 1
[SwitchD-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 0/0/1
secondary-port gigabitethernet 0/0/2 level 0
[SwitchD-rrpp-domain-region1] ring 1 enable
[SwitchD-rrpp-domain-region1] quit

Step 6 Enable RRPP.

# Configure SwitchA. The configurations on SwitchB, SwitchC, SwitchD, and
SwitchE are the same as that of SwitchA and not mentioned here. For details, see
the configuration files.
[SwitchA] rrpp enable

Step 7 Verify the configuration.

After the preceding configurations are complete and the network topology
becomes stable, perform the following operations to verify the configuration. The
tangent point SwitchC is used as an example.
# Run the display rrpp brief command on SwitchC. The command output is as
follows:
[SwitchC] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge

RRPP Protocol Status: Enable

RRPP Working Mode: HW

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1048

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

RRPP Linkup Delay Timer: 0 sec (0 sec default)

Number of RRPP Domains: 2

Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 2 sec(default is 1 sec) Fail Timer : 7 sec(default is 6 sec)

Ring Ring Node Primary/Common Secondary/Edge Is

ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
1 0 T GigabitEthernet0/0/1 GigabitEthernet0/0/2 Yes

Domain Index : 2
Control VLAN : major 20 sub 21
Protected VLAN : Reference Instance 2
Hello Timer : 3 sec(default is 1 sec) Fail Timer : 10 sec(default is 6 sec)

Ring Ring Node Primary/Common Secondary/Edge Is

ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
2 0 T GigabitEthernet0/0/3 GigabitEthernet0/0/4 Yes

The command output shows that RRPP is enabled on SwitchC. In Domain 1, the
major control VLAN is VLAN 10, and the sub-control VLAN is VLAN 11. SwitchC is
the transit node on the major ring, with GigabitEthernet0/0/1 as the primary
interface and GigabitEthernet0/0/2 as the secondary interface.
In Domain 2, the major control VLAN is VLAN 20, and the sub-control VLAN is
VLAN 21. SwitchC is a transit node on Ring 2. GigabitEthernet0/0/3 is the primary
interface and GigabitEthernet0/0/4 is the secondary interface.
Run the display rrpp verbose domain command on SwitchC. The command
output is as follows:
# Display detailed information about Domain 1 on SwitchC.
[SwitchC] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 2 sec(default is 1 sec) Fail Timer : 7 sec(default is 6 sec)

RRPP Ring :1
Ring Level :0
Node Mode : Transit
Ring State : LinkUp
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet0/0/1 Port status: UP
Secondary port : GigabitEthernet0/0/2 Port status: UP

# Display detailed information about Domain 2 on SwitchC.

[SwitchC] display rrpp verbose domain 2
Domain Index : 2
Control VLAN : major 20 sub 21
Protected VLAN : Reference Instance 2
Hello Timer : 3 sec(default is 1 sec) Fail Timer : 10 sec(default is 6 sec)

RRPP Ring :2
Ring Level :0
Node Mode : Transit
Ring State : LinkUp
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet0/0/3 Port status: UP
Secondary port : GigabitEthernet0/0/4 Port status: UP

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1049

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 20 to 21
#
rrpp enable
#
stp region-configuration
instance 2 vlan 20 to 21
active region-configuration
#
rrpp domain 2
control-vlan 20
protected-vlan reference-instance 2
timer hello-timer 3 fail-timer 10
ring 2 node-mode master primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 2 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21
stp disable
#
return

● SwitchB configuration file

#
sysname SwitchB
#
vlan batch 20 to 21
#
rrpp enable
#
stp region-configuration
instance 2 vlan 20 to 21
active region-configuration
#
rrpp domain 2
control-vlan 20
protected-vlan reference-instance 2
timer hello-timer 3 fail-timer 10
ring 2 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 2 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21
stp disable
#
return

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1050

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

● SwitchC configuration file

#
sysname SwitchC
#
vlan batch 10 to 11 20 to 21
#
rrpp enable
#
stp region-configuration
instance 1 vlan 10 to 11
instance 2 vlan 20 to 21
active region-configuration
#
rrpp domain 1
control-vlan 10
protected-vlan reference-instance 1
timer hello-timer 2 fail-timer 7
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
rrpp domain 2
control-vlan 20
protected-vlan reference-instance 2
timer hello-timer 3 fail-timer 10
ring 2 node-mode transit primary-port GigabitEthernet0/0/3 secondary-port GigabitEthernet0/0/4
level 0
ring 2 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 to 11
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 to 11
stp disable
#
interface GigabitEthernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21
stp disable
#
interface GigabitEthernet0/0/4
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21
stp disable
#
return

● SwitchD configuration file

#
sysname SwitchD
#
vlan batch 10 to 11
#
rrpp enable
#
stp region-configuration
instance 1 vlan 10 to 11
active region-configuration
#
rrpp domain 1
control-vlan 10
protected-vlan reference-instance 1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1051

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

timer hello-timer 2 fail-timer 7

ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 to 11
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 to 11
stp disable
#
return

● SwitchE configuration file

#
sysname SwitchE
#
vlan batch 10 to 11
#
rrpp enable
#
stp region-configuration
instance 1 vlan 10 to 11
active region-configuration
#
rrpp domain 1
control-vlan 10
protected-vlan reference-instance 1
timer hello-timer 2 fail-timer 7
ring 1 node-mode master primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 to 11
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 to 11
stp disable
#
return

Relevant Information
Video
Configure RRPP

18.10.4 Example for Configuring a Single RRPP Ring with

Multiple Instances

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1052

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Networking Requirements
As shown in Figure 18-37, on a ring network, idle links are required to forward
data. In this way, data in different VLANs is forwarded along different paths,
improving network efficiency and implementing load balancing.

Figure 18-37 Network of single RRPP ring with multiple instances

UPEB
GE0/0/1 GE0/0/2

CE 1
VLAN 100-300

PEAGG
GE0/0/1 Ring GE0/0/1
1 Master 1 Backbone
UPEA
Master 2 network
GE0/0/2 GE0/0/2

CE 2
VLAN 100-300
Domain 1 ring 1
GE0/0/2 GE0/0/1
Domain 2 ring 1
UPEC

Data Plan
Table 18-6 shows the mapping between protected VLANs and instances in
Domain 1 and Domain 2.

Table 18-6 Mapping between the protected VLAN and instance

Domain ID Control VLAN ID Data VLAN ID Instance ID

Domain 1 VLANs 5 and 6 VLANs 100 to 200 Instance 1

Domain 2 VLANs 10 and 11 VLANs 201 to 300 Instance 2

Table 18-7 shows the master node on each ring and the primary and secondary
interfaces on each master node.

Table 18-7 Master node and its primary and secondary interfaces

Ring ID Master Node Primary Port Secondary Port

Ring 1 in Domain PEAGG GE0/0/1 GE0/0/2

1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1053

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Ring ID Master Node Primary Port Secondary Port

Ring 1 in Domain PEAGG GE0/0/2 GE0/0/1

2

Configuration Roadmap
The configuration roadmap is as follows:
1. Create different RRPP domains and control VLANs.
2. Map the VLANs that need to pass through Ring 1 in Domain 1 to Instance 1,
including data VLANs and control VLANs.
Map the VLANs that need to pass through Ring 1 in Domain 2 to Instance 2,
including data VLANs and control VLANs.
3. Configure interfaces to be added to the RRPP domain on the devices so that
data can pass through the interfaces. Disable protocols that conflict with
RRPP, such as STP.
4. Configure protected VLANs and create RRPP rings in RRPP domains.
a. Add UPEA, UPEB, UPEC, and PEAGG to Ring 1 in Domain 1. Configure
PEAGG as the master node on Ring 1 in Domain 1 and configure UPEA,
UPEB, and UPEC as transit nodes.
b. Add UPEA, UPEB, UPEC, and PEAGG to Ring 1 in Domain 2. Configure
PEAGG as the master node on Ring 1 in Domain 2 and configure UPEA,
UPEB, and UPEC as transit nodes.
5. Enable the RRPP ring and RRPP protocol on devices to make RRPP take effect.

Procedure
Step 1 Create an RRPP domain and its control VLAN.
# Configure UPEA. The configurations on UPEB, UPEC, and PEAGG are similar to
that on UPEA and not mentioned here. For details, see the configuration files.
<HUAWEI> system-view
[HUAWEI] sysname UPEA
[UPEA] rrpp domain 1
[UPEA-rrpp-domain-region1] control-vlan 5
[UPEA-rrpp-domain-region1] quit
[UPEA] rrpp domain 2
[UPEA-rrpp-domain-region2] control-vlan 10
[UPEA-rrpp-domain-region2] quit

Step 2 Configure instances, and map it to the data VLANs and control VLANs allowed by
the RRPP interface.
# Configure UPEA. The configurations on UPEB, UPEC, and PEAGG are the same
as that of UPEA and not mentioned here. For details, see the configuration files.
[UPEA] vlan batch 100 to 300
[UPEA] stp region-configuration
[UPEA-mst-region] instance 1 vlan 5 6 100 to 200
[UPEA-mst-region] instance 2 vlan 10 11 201 to 300
[UPEA-mst-region] active region-configuration
[UPEA-mst-region] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1054

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Step 3 Configure the interfaces to be added into the RRPP rings.

# Configure UPEA. The configurations on UPEB, UPEC, and PEAGG are the same
as that of UPEA and not mentioned here. For details, see the configuration files.
[UPEA] interface gigabitethernet 0/0/1
[UPEA-GigabitEthernet0/0/1] port link-type trunk
[UPEA-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[UPEA-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 to 300
[UPEA-GigabitEthernet0/0/1] stp disable
[UPEA-GigabitEthernet0/0/1] quit
[UPEA] interface gigabitethernet 0/0/2
[UPEA-GigabitEthernet0/0/2] port link-type trunk
[UPEA-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1
[UPEA-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 to 300
[UPEA-GigabitEthernet0/0/2] stp disable
[UPEA-GigabitEthernet0/0/2] quit

Step 4 Specify a protected VLAN, and create and enable an RRPP ring.

# Configure UPEA as a transit node on Ring 1 in Domain 1 and specify primary

and secondary interfaces on UPEA.
[UPEA] rrpp domain 1
[UPEA-rrpp-domain-region1] protected-vlan reference-instance 1
[UPEA-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[UPEA-rrpp-domain-region1] ring 1 enable
[UPEA-rrpp-domain-region1] quit

# Configure UPEA as a transit node on Ring 1 in Domain 2 and specify primary

and secondary interfaces on UPEA.
[UPEA] rrpp domain 2
[UPEA-rrpp-domain-region2] protected-vlan reference-instance 2
[UPEA-rrpp-domain-region2] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[UPEA-rrpp-domain-region2] ring 1 enable
[UPEA-rrpp-domain-region2] quit

# Configure UPEB as a transit node on Ring 1 in Domain 1 and specify primary

and secondary interfaces on UPEB.
[UPEB] rrpp domain 1
[UPEB-rrpp-domain-region1] protected-vlan reference-instance 1
[UPEB-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[UPEB-rrpp-domain-region1] ring 1 enable
[UPEB-rrpp-domain-region1] quit

# Configure UPEB as a transit node on Ring 1 in Domain 2 and specify primary

and secondary interfaces on UPEB.
[UPEB] rrpp domain 2
[UPEB-rrpp-domain-region2] protected-vlan reference-instance 2
[UPEB-rrpp-domain-region2] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[UPEB-rrpp-domain-region2] ring 1 enable
[UPEB-rrpp-domain-region2] quit

# Configure UPEC as a transit node on Ring 1 in Domain 1 and specify primary

and secondary interfaces on UPEC.
[UPEC] rrpp domain 1
[UPEC-rrpp-domain-region1] protected-vlan reference-instance 1
[UPEC-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1055

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

[UPEC-rrpp-domain-region1] ring 1 enable

[UPEC-rrpp-domain-region1] quit

# Configure UPEC as a transit node on Ring 1 in Domain 2 and specify primary

and secondary interfaces on UPEC.
[UPEC] rrpp domain 2
[UPEC-rrpp-domain-region2] protected-vlan reference-instance 2
[UPEC-rrpp-domain-region2] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[UPEC-rrpp-domain-region2] ring 1 enable
[UPEC-rrpp-domain-region2] quit

# Configure PEAGG as the master node on Ring 1 in Domain 1, with GE0/0/1 as

the primary interface and GE0/0/2 as the secondary interface.
[PEAGG] rrpp domain 1
[PEAGG-rrpp-domain-region1] protected-vlan reference-instance 1
[PEAGG-rrpp-domain-region1] ring 1 node-mode master primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[PEAGG-rrpp-domain-region1] ring 1 enable
[PEAGG-rrpp-domain-region1] quit

# Configure PEAGG as the master node on Ring 1 in Domain 2, with GE0/0/2 as

the primary interface and GE0/0/1 as the secondary interface.
[PEAGG] rrpp domain 2
[PEAGG-rrpp-domain-region2] protected-vlan reference-instance 2
[PEAGG-rrpp-domain-region2] ring 1 node-mode master primary-port gigabitethernet 0/0/2 secondary-
port gigabitethernet 0/0/1 level 0
[PEAGG-rrpp-domain-region2] ring 1 enable
[PEAGG-rrpp-domain-region2] quit

Step 5 Enable RRPP.

# Configure UPEA. The configurations on UPEB, UPEC, and PEAGG are the same
as that of UPEA and not mentioned here. For details, see the configuration files.
[UPEA] rrpp enable

Step 6 Verify the configuration.

After the preceding configurations are complete and the network becomes stable,
run the following commands to verify the configuration. UPEA and PEAGG are
used as examples.
# Run the display rrpp brief command on UPEA. The command output is as
follows:
[UPEA] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge

RRPP Protocol Status: Enable

RRPP Working Mode: HW
RRPP Linkup Delay Timer: 0 sec (0 sec default)
Number of RRPP Domains: 2

Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

Ring Ring Node Primary/Common Secondary/Edge Is

ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
1 0 T GigabitEthernet0/0/1 GigabitEthernet0/0/2 Yes

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1056

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Domain Index : 2
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 2
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

Ring Ring Node Primary/Common Secondary/Edge Is

ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
1 0 T GigabitEthernet0/0/1 GigabitEthernet0/0/2 Yes

The command output shows that RRPP is enabled on UPEA.

In Domain 1, the major control VLAN is VLAN 5 and the protected VLANs are
VLANs mapping Instance 1. UPEA is a transit node on Ring 1. GigabitEthernet0/0/1
is the primary interface and GigabitEthernet0/0/2 is the secondary interface.

In Domain 2, the major control VLAN is VLAN 10 and the protected VLANs are
VLANs mapping Instance 2. UPEA is a transit node on Ring 1. GigabitEthernet0/0/1
is the primary interface and GigabitEthernet0/0/2 is the secondary interface.

# Run the display rrpp brief command on PEAGG. The command output is as
follows:
[PEAGG] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge

RRPP Protocol Status: Enable

RRPP Working Mode: HW
RRPP Linkup Delay Timer: 0 sec (0 sec default)
Number of RRPP Domains: 2

Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

Ring Ring Node Primary/Common Secondary/Edge Is

ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
1 0 M GigabitEthernet0/0/1 GigabitEthernet0/0/2 Yes

Domain Index : 2
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 2
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

Ring Ring Node Primary/Common Secondary/Edge Is

ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
1 0 M GigabitEthernet0/0/2 GigabitEthernet0/0/1 Yes

The command output shows that RRPP is enabled on PEAGG.

In Domain 1, the major control VLAN is VLAN 5, the protected VLAN is the VLAN
mapped to Instance 1, and the master node on Ring 1 is PEAGG.
GigabitEthernet0/0/1 is the primary interface and GigabitEthernet0/0/2 is the
secondary interface.

In Domain 2, the major control VLAN is VLAN 10, the protected VLAN is the VLAN
mapped to Instance 2, and the master node on Ring 1 is PEAGG.
GigabitEthernet0/0/2 is the primary interface and GigabitEthernet0/0/1 is the
secondary interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1057

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

# Check detailed information about UPEA in Domain 1. Run the display rrpp
verbose domain command on UPEA. The command output is as follows:
[UPEA] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

RRPP Ring :1
Ring Level :0
Node Mode : Transit
Ring State : LinkUp
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet0/0/1 Port status: UP
Secondary port : GigabitEthernet0/0/2 Port status: UP

The command output shows that the control VLAN in Domain 1 is VLAN 5, and
the protected VLANs are the VLANs mapping Instance 1. UPEA is a transit node in
Domain 1 and is in LinkUp state.
# Check detailed information about UPEA in Domain 2.
[UPEA] display rrpp verbose domain 2
Domain Index : 2
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 2
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

RRPP Ring :1
Ring Level :0
Node Mode : Transit
Ring State : LinkUp
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet0/0/1 Port status: UP
Secondary port : GigabitEthernet0/0/2 Port status: UP

The command output shows that, in Domain 2, the control VLAN is VLAN 10 and
the protected VLAN is the VLAN mapped to Instance 2. UPEA is a transit node in
Domain 2 and is in LinkUp state.
Run the display rrpp verbose domain command on PEAGG. The command
output is as follows:
# Check detailed information about PEAGG in Domain 1.
[PEAGG] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

RRPP Ring :1
Ring Level :0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet0/0/1 Port status: UP
Secondary port : GigabitEthernet0/0/2 Port status: BLOCKED

The command output shows that the control VLAN in Domain 1 is VLAN 5, and
the protected VLANs are the VLANs mapping Instance 1.
PEAGG is the master node in Domain 1 and is in Complete state.
The primary interface is GigabitEthernet0/0/1 and the secondary interface is
GigabitEthernet0/0/2.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1058

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

# Check detailed information about PEAGG in Domain 2.

[PEAGG] display rrpp verbose domain 2
Domain Index : 2
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 2
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

RRPP Ring :1
Ring Level :0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet0/0/2 Port status: UP
Secondary port : GigabitEthernet0/0/1 Port status: BLOCKED

The command output shows that, in Domain 2, the control VLAN is VLAN 10, and
the protected VLAN is the VLAN mapped to Instance 2.
PEAGG is the master node in Domain 2 and is in Complete state.
The primary interface is GigabitEthernet0/0/2 and the secondary interface is
GigabitEthernet0/0/1.

----End

Configuration Files
● UPEA configuration file
#
sysname UPEA
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
return

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1059

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

● UPEB configuration file

#
sysname UPEB
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
return

● UPEC configuration file

#
sysname UPEC
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1060

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300

stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
return

● PEAGG configuration file

#
sysname PEAGG
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode master primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode master primary-port GigabitEthernet0/0/2 secondary-port GigabitEthernet0/0/1
level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
return

Relevant Information
Video
Configure RRPP

18.10.5 Example for Configuring Intersecting RRPP Rings with

Multiple Instances

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1061

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Networking Requirements
As shown in Figure 18-38, on a ring network, idle links are required to forward
data. In this way, data in different VLANs is forwarded along different paths,
improving network efficiency and implementing load balancing.

Figure 18-38 Networking diagram of intersecting RRPP rings with multiple

instances

Backbone
network

GE0/0/1 GE0/0/2

PEAGG
Master 1
GE0/0/1 Master 2 GE0/0/1

UPEA Domain 1 ring 1 UPED

GE0/0/2 Domain 2 ring 1 GE0/0/2

Edge Transit Edge Transit

GE0/0/2 GE0/0/1
UPEB GE0/0/1 UPEC
GE0/0/2
GE0/0/3 GE0/0/3
GE0/0/4 GE0/0/4

Domain 2 ring 2 Domain 2 ring 3

GE0/0/1
GE0/0/2

Master 1 Master 1
Master 2 GE0/0/2 GE0/0/1 Master 2
CE1 Domain 1 ring 2 Domain 1 ring 3
CE2
VLAN 100-300 VLAN 100-300

Domain 1

Domain 2

Data Plan
Table 18-8 shows the mapping between protected VLANs and instances in
Domain 1 and Domain 2.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1062

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Table 18-8 Mapping between the protected VLAN and instance

Domain ID Control VLAN ID Data VLAN ID Instance ID

Domain 1 VLANs 5 and 6 VLANs 100 to 200 Instance 1

Domain 2 VLANs 10 and 11 VLANs 201 to 300 Instance 2

Table 18-9 shows the master node on each ring and the primary and secondary
interfaces on each master node.

Table 18-9 Master node and its primary and secondary interfaces
Ring ID Master Node Primary Port Secondary Port Ring Type

Ring 1 in PEAGG GE0/0/1 GE0/0/2 Major ring

Domain 1

Ring 1 in PEAGG GE0/0/2 GE0/0/1 Major ring

Domain 2

Ring 2 in CE1 GE0/0/1 GE0/0/2 Sub-ring

Domain 1

Ring 2 in CE1 GE0/0/2 GE0/0/1 Sub-ring

Domain 2

Ring 3 in CE2 GE0/0/1 GE0/0/2 Sub-ring

Domain 1

Ring 3 in CE2 GE0/0/2 GE0/0/1 Sub-ring

Domain 2

Table 18-10 shows the edge nodes, assistant edge nodes, common interface, and
edge interfaces of the sub-rings.

Table 18-10 Edge nodes, assistant edge nodes, common interface, and edge
interfaces of the sub-rings
Ring Edge Common Edge Edge- Common Edge
ID Node Port Port Assistant Port Port
Node

Ring 2 UPEB GE0/0/1 GE0/0/3 UPEC GE0/0/2 GE0/0/4

in
Domai
n1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1063

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Ring Edge Common Edge Edge- Common Edge

ID Node Port Port Assistant Port Port
Node

Ring 3 UPEB GE0/0/1 GE0/0/4 UPEC GE0/0/2 GE0/0/3

in
Domai
n1

Ring 2 UPEB GE0/0/1 GE0/0/3 UPEC GE0/0/2 GE0/0/4

in
Domai
n2

Ring 3 UPEB GE0/0/1 GE0/0/4 UPEC GE0/0/2 GE0/0/3

in
Domai
n2

Configuration Roadmap
The configuration roadmap is as follows:

1. Create different RRPP domains and control VLANs.

2. Map the VLANs that need to pass through Domain 1 to Instance 1, including
data VLANs and control VLANs.
Map the VLANs that need to pass through Domain 2 to Instance 2, including
data VLANs and control VLANs.
3. Configure interfaces to be added to the RRPP domain on the devices so that
data can pass through the interfaces. Disable protocols that conflict with
RRPP, such as STP.
4. Configure protected VLANs and create RRPP rings in RRPP domains.
a. Add UPEA, UPEB, UPEC, UPED, and PEAGG to Ring 1 in Domain 1 and
Ring 1 in Domain 2.
b. Add CE1, UPEB, and UPEC to Ring 2 in Domain 1 and Ring 2 in Domain 2.
c. Add CE2, UPEB, and UPEC to Ring 3 in Domain 1 and Ring 3 in Domain 2.
d. Configure PEAGG as the master node and configure UPEA, UPEB, UPEC,
and UPED as transit nodes on Ring 1 in Domain 1 and Ring 1 in Domain
2.
e. Configure CE1 as the master node, UPEB as an edge node, and UPEC as
an assistant edge node on Ring 2 in Domain 1 and Ring 2 in Domain 2.
f. Configure CE2 as the master node, UPEB as an edge node, and UPEC as
an assistant edge node on Ring 3 in Domain 1 and Ring 3 in Domain 2.
5. To prevent topology flapping, set the LinkUp timer on the master nodes.
6. To reduce the Edge-Hello packets sent on the major ring and increase
available bandwidth, add the four sub-rings to a ring group.
7. Enable the RRPP ring and RRPP protocol on devices to make RRPP take effect.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1064

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Procedure
Step 1 Configure instances, and map it to the data VLANs and control VLANs allowed by
the RRPP interface.

# Configure CE1. The configurations on CE2, UPEA, UPEB, UPEC, UPED, and
PEAGG are the same as that of CE1 and not mentioned here. For details, see the
configuration files.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] stp region-configuration
[CE1-mst-region] instance 1 vlan 5 6 100 to 200
[CE1-mst-region] instance 2 vlan 10 11 201 to 300
[CE1-mst-region] active region-configuration
[CE1-mst-region] quit

Step 2 Configure the interfaces to be added into the RRPP rings.

# Configure CE1. The configurations on CE2, UPEA, UPEB, UPEC, UPED, and
PEAGG are the same as that of CE1 and not mentioned here. For details, see the
configuration files.
[CE1] vlan batch 100 to 300
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 to 300
[CE1-GigabitEthernet0/0/1] stp disable
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface gigabitethernet 0/0/2
[CE1-GigabitEthernet0/0/2] port link-type trunk
[CE1-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1
[CE1-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 to 300
[CE1-GigabitEthernet0/0/2] stp disable
[CE1-GigabitEthernet0/0/2] quit

Step 3 Create RRPP domains and configure protected VLANs and control VLANs.

# Configure CE1. The configurations on CE2, UPEA, UPEB, UPEC, UPED, and
PEAGG are the same as that of CE1 and not mentioned here. For details, see the
configuration files.
[CE1] rrpp domain 1
[CE1-rrpp-domain-region1] protected-vlan reference-instance 1
[CE1-rrpp-domain-region1] control-vlan 5
[CE1-rrpp-domain-region1] quit
[CE1] rrpp domain 2
[CE1-rrpp-domain-region2] protected-vlan reference-instance 2
[CE1-rrpp-domain-region2] control-vlan 10
[CE1-rrpp-domain-region2] quit

Step 4 Create RRPP rings.

# Configure PEAGG as the master node on Ring 1 in Domain 1, with GE0/0/1 as

the primary interface and GE0/0/2 as the secondary interface.
[PEAGG] rrpp domain 1
[PEAGG-rrpp-domain-region1] ring 1 node-mode master primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[PEAGG-rrpp-domain-region1] ring 1 enable
[PEAGG-rrpp-domain-region1] quit

# Configure PEAGG as the master node on Ring 1 in Domain 2, with GE0/0/2 as

the primary interface and GE0/0/1 as the secondary interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1065

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

[PEAGG] rrpp domain 2

[PEAGG-rrpp-domain-region2] ring 1 node-mode master primary-port gigabitethernet 0/0/2 secondary-
port gigabitethernet 0/0/1 level 0
[PEAGG-rrpp-domain-region2] ring 1 enable
[PEAGG-rrpp-domain-region2] quit

# Configure UPEA as a transit node on Ring 1 in Domain 1 and specify primary

and secondary interfaces.
[UPEA] rrpp domain 1
[UPEA-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[UPEA-rrpp-domain-region1] ring 1 enable
[UPEA-rrpp-domain-region1] quit

# Configure UPEA as a transit node on Ring 1 in Domain 2 and specify primary

and secondary interfaces.
[UPEA] rrpp domain 2
[UPEA-rrpp-domain-region2] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[UPEA-rrpp-domain-region2] ring 1 enable
[UPEA-rrpp-domain-region2] quit

# Configure UPED as a transit node on Ring 1 in Domain 1 and specify primary

and secondary interfaces.
[UPED] rrpp domain 1
[UPED-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[UPED-rrpp-domain-region1] ring 1 enable
[UPED-rrpp-domain-region1] quit

# Configure UPED as a transit node on Ring 1 in Domain 2 and specify primary

and secondary interfaces.
[UPED] rrpp domain 2
[UPED-rrpp-domain-region2] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[UPED-rrpp-domain-region2] ring 1 enable
[UPED-rrpp-domain-region2] quit

# Configure UPEB as a transit node on Ring 1 in Domain 1 and specify primary

and secondary interfaces.
[UPEB] rrpp domain 1
[UPEB-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[UPEB-rrpp-domain-region1] ring 1 enable
[UPEB-rrpp-domain-region1] quit

# Configure UPEB as a transit node on Ring 1 in Domain 2 and specify primary

and secondary interfaces.
[UPEB] rrpp domain 2
[UPEB-rrpp-domain-region2] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[UPEB-rrpp-domain-region2] ring 1 enable
[UPEB-rrpp-domain-region2] quit

# Configure UPEB as an edge node on Ring 2 in Domain 1, with GE0/0/1 as the

common interface and GE0/0/3 as the edge interface.
[UPEB] rrpp domain 1
[UPEB-rrpp-domain-region1] ring 2 node-mode edge common-port gigabitethernet 0/0/1 edge-port
gigabitethernet 0/0/3
[UPEB-rrpp-domain-region1] ring 2 enable
[UPEB-rrpp-domain-region1] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1066

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

# Configure UPEB as an edge node on Ring 2 in Domain 2, with GE0/0/1 as the

common interface and GE0/0/3 as the edge interface.
[UPEB] rrpp domain 2
[UPEB-rrpp-domain-region2] ring 2 node-mode edge common-port gigabitethernet 0/0/1 edge-port
gigabitethernet 0/0/3
[UPEB-rrpp-domain-region2] ring 2 enable
[UPEB-rrpp-domain-region2] quit

# Configure UPEB as an edge node on Ring 3 in Domain 1, with GE0/0/1 as the

common interface and GE0/0/4 as the edge interface.
[UPEB] rrpp domain 1
[UPEB-rrpp-domain-region1] ring 3 node-mode edge common-port gigabitethernet 0/0/1 edge-port
gigabitethernet 0/0/4
[UPEB-rrpp-domain-region1] ring 3 enable
[UPEB-rrpp-domain-region1] quit

# Configure UPEB as an edge node on Ring 3 in Domain 2, with GE0/0/1 as the

common interface and GE0/0/4 as the edge interface.
[UPEB] rrpp domain 2
[UPEB-rrpp-domain-region2] ring 3 node-mode edge common-port gigabitethernet 0/0/1 edge-port
gigabitethernet 0/0/4
[UPEB-rrpp-domain-region2] ring 3 enable
[UPEB-rrpp-domain-region2] quit

# Configure UPEC as a transit node on Ring 1 in Domain 1 and specify primary

and secondary interfaces.
[UPEC] rrpp domain 1
[UPEC-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[UPEC-rrpp-domain-region1] ring 1 enable
[UPEC-rrpp-domain-region1] quit

# Configure UPEC as a transit node on Ring 1 in Domain 2 and specify primary

and secondary interfaces.
[UPEC] rrpp domain 2
[UPEC-rrpp-domain-region2] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[UPEC-rrpp-domain-region2] ring 1 enable
[UPEC-rrpp-domain-region2] quit

# Configure UPEC as an assistant edge node on Ring 2 in Domain 1, with GE0/0/2

as the common interface and GE0/0/4 as the edge interface.
[UPEC] rrpp domain 1
[UPEC-rrpp-domain-region1] ring 2 node-mode assistant-edge common-port gigabitethernet 0/0/2
edge-port gigabitethernet 0/0/4
[UPEC-rrpp-domain-region1] ring 2 enable
[UPEC-rrpp-domain-region1] quit

# Configure UPEC as an assistant edge node on Ring 2 in Domain 2, with GE0/0/2

as the common interface and GE0/0/4 as the edge interface.
[UPEC] rrpp domain 2
[UPEC-rrpp-domain-region2] ring 2 node-mode assistant-edge common-port gigabitethernet 0/0/2
edge-port gigabitethernet 0/0/4
[UPEC-rrpp-domain-region2] ring 2 enable
[UPEC-rrpp-domain-region2] quit

# Configure UPEC as an assistant edge node on Ring 3 in Domain 1, with GE0/0/2

as the common interface and GE0/0/3 as the edge interface.
[UPEC] rrpp domain 1
[UPEC-rrpp-domain-region1] ring 3 node-mode assistant-edge common-port gigabitethernet 0/0/2

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1067

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

edge-port gigabitethernet 0/0/3

[UPEC-rrpp-domain-region1] ring 3 enable
[UPEC-rrpp-domain-region1] quit

# Configure UPEC as an assistant edge node on Ring 3 in Domain 2, with GE0/0/2

as the common interface and GE0/0/3 as the edge interface.
[UPEC] rrpp domain 2
[UPEC-rrpp-domain-region2] ring 3 node-mode assistant-edge common-port gigabitethernet 0/0/2
edge-port gigabitethernet 0/0/3
[UPEC-rrpp-domain-region2] ring 3 enable
[UPEC-rrpp-domain-region2] quit

# Configure CE1 as the master node on Ring 2 in Domain 1, with GE0/0/1 as the
primary interface and GE0/0/2 as the secondary interface.
[CE1] rrpp domain 1
[CE1-rrpp-domain-region1] ring 2 node-mode master primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 1
[CE1-rrpp-domain-region1] ring 2 enable
[CE1-rrpp-domain-region1] quit

# Configure CE1 as the master node on Ring 2 in Domain 2, with GE0/0/2 as the
primary interface and GE0/0/1 as the secondary interface.
[CE1] rrpp domain 2
[CE1-rrpp-domain-region2] ring 2 node-mode master primary-port gigabitethernet 0/0/2 secondary-
port gigabitethernet 0/0/1 level 1
[CE1-rrpp-domain-region2] ring 2 enable
[CE1-rrpp-domain-region2] quit

# Configure CE2 as the master node on Ring 3 in Domain 1, with GE0/0/1 as the
primary interface and GE0/0/2 as the secondary interface.
[CE2] rrpp domain 1
[CE2-rrpp-domain-region1] ring 3 node-mode master primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 1
[CE2-rrpp-domain-region1] ring 3 enable
[CE2-rrpp-domain-region1] quit

# Configure CE2 as the master node on Ring 3 in Domain 2, with GE0/0/2 as the
primary interface and GE0/0/1 as the secondary interface.
[CE2] rrpp domain 2
[CE2-rrpp-domain-region2] ring 3 node-mode master primary-port gigabitethernet 0/0/2 secondary-
port gigabitethernet 0/0/1 level 1
[CE2-rrpp-domain-region2] ring 3 enable
[CE2-rrpp-domain-region2] quit

Step 5 Enable RRPP.

# Configure CE1. The configurations on CE2, UPEA, UPEB, UPEC, UPED, and
PEAGG are the same as that of CE1 and not mentioned here. For details, see the
configuration files.
[CE1] rrpp enable

Step 6 Configure ring groups.

# Create ring group 1 on UPEC, which consists of four sub-rings: Ring 2 in Domain
1, Ring 3 in Domain 1, Ring 2 in Domain 2, and Ring 3 in Domain 2.
[UPEC] rrpp ring-group 1
[UPEC-rrpp-ring-group1] domain 1 ring 2 to 3
[UPEC-rrpp-ring-group1] domain 2 ring 2 to 3
[UPEC-rrpp-ring-group1] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1068

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

# Create ring group 1 on UPEB, which consists of four sub-rings: Ring 2 in Domain
1, Ring 3 in Domain 1, Ring 2 in Domain 2, and Ring 3 in Domain 2.
[UPEB] rrpp ring-group 1
[UPEB-rrpp-ring-group1] domain 1 ring 2 to 3
[UPEB-rrpp-ring-group1] domain 2 ring 2 to 3
[UPEB-rrpp-ring-group1] quit

Step 7 Set the LinkUp timer.

# Set the LinkUp timer to 1 second. CE1 is used as an example. The configurations
on CE2 and PEAGG are the same as that of CE1 and not mentioned here. For
details, see the configuration files.
[CE1] rrpp linkup-delay-timer 1

Step 8 Verify the configuration.

After the preceding configurations are complete and the network topology
becomes stable, perform the following operations to verify the configuration.
UPEB and PEAGG are used as examples.
# Run the display rrpp brief command on UPEB. The command output is as
follows:
[UPEB] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge

RRPP Protocol Status: Enable

RRPP Working Mode: HW
RRPP Linkup Delay Timer: 0 sec (0 sec default)
Number of RRPP Domains: 2

Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

Ring Ring Node Primary/Common Secondary/Edge Is

ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
1 0 T GigabitEthernet0/0/1 GigabitEthernet0/0/2 Yes
2 1 E GigabitEthernet0/0/1 GigabitEthernet0/0/3 Yes
3 1 E GigabitEthernet0/0/1 GigabitEthernet0/0/4 Yes

Domain Index : 2
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 2
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

Ring Ring Node Primary/Common Secondary/Edge Is

ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
1 0 T GigabitEthernet0/0/1 GigabitEthernet0/0/2 Yes
2 1 E GigabitEthernet0/0/1 GigabitEthernet0/0/3 Yes
3 1 E GigabitEthernet0/0/1 GigabitEthernet0/0/4 Yes

The command output shows that RRPP is enabled on UPEB.

In Domain 1:
The major control VLAN is VLAN 5 and the protected VLANs are the VLANs
mapped to Instance 1.
UPEB is a transit node on Ring 1. The primary interface is GE0/0/1 and the
secondary interface is GE0/0/2.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1069

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

On Ring 2, UPEB is the edge node. GE0/0/1 is the common interface and GE0/0/3
is the edge interface.
On Ring 3, UPEB is the edge node. GE0/0/1 is the common interface and GE0/0/4
is the edge interface.
In Domain 2:
The major control VLAN is VLAN 10, and the protected VLANs are the VLANs
mapped to Instance 2.
UPEB is a transit node on Ring 1. The primary interface is GE0/0/1 and the
secondary interface is GE0/0/2.
On Ring 2, UPEB is the edge node. GE0/0/1 is the common interface and GE0/0/3
is the edge interface.
On Ring 3, UPEB is the edge node. GE0/0/1 is the common interface and GE0/0/4
is the edge interface.
# Run the display rrpp brief command on PEAGG. The command output is as
follows:
[PEAGG] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge

RRPP Protocol Status: Enable

RRPP Working Mode: HW
RRPP Linkup Delay Timer: 1 sec (0 sec default)
Number of RRPP Domains: 2

Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

Ring Ring Node Primary/Common Secondary/Edge Is

ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
1 0 M GigabitEthernet0/0/1 GigabitEthernet0/0/2 Yes

Domain Index : 2
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 2
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

Ring Ring Node Primary/Common Secondary/Edge Is

ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
1 0 M GigabitEthernet0/0/2 GigabitEthernet0/0/1 Yes

The command output shows that RRPP is enabled on PEAGG, and the LinkUp
timer is 2 seconds.
In Domain 1, the major control VLAN is VLAN 5, the protected VLAN is the VLAN
mapped to Instance 1, and the master node on Ring 1 is PEAGG. The primary
interface is GE0/0/1 and the secondary interface is GE0/0/2.
In Domain 2, the major control VLAN is VLAN 10, the protected VLAN is the VLAN
mapped to Instance 2, and the master node on Ring 1 is PEAGG. The primary
interface is GE0/0/2 and the secondary interface is GE0/0/1.
Run the display rrpp verbose domain command on UPEB. The command output
is as follows:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1070

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

# Check detailed information about UPEB in Domain 1.

[UPEB] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

RRPP Ring :1
Ring Level :0
Node Mode : Transit
Ring State : LinkUp
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet0/0/1 Port status: UP
Secondary port : GigabitEthernet0/0/2 Port status: UP

RRPP Ring :2
Ring Level :1
Node Mode : Edge
Ring State : LinkUp
Is Enabled : Enable Is Active: Yes
Common port : GigabitEthernet0/0/1 Port status: UP
Edge port : GigabitEthernet0/0/3 Port status: UP

RRPP Ring :3
Ring Level :1
Node Mode : Edge
Ring State : LinkUp
Is Enabled : Enable Is Active: Yes
Common port : GigabitEthernet0/0/1 Port status: UP
Edge port : GigabitEthernet0/0/4 Port status: UP

The command output shows that the control VLAN in Domain 1 is VLAN 5, and
the protected VLANs are the VLANs mapping Instance 1.

UPEB is a transit node on Ring 1 in Domain 1 and is in LinkUp state.

UPEB is the edge node on Ring 2 in Domain 1 and is in LinkUp state. GE0/0/1 is
the common interface and GE0/0/3 is the edge interface.

UPEB is the edge node on Ring 3 in Domain 1 and is in LinkUp state. GE0/0/1 is
the common interface and GE0/0/4 is the edge interface.

# Check detailed information about UPEB in Domain 2.

[UPEB] display rrpp verbose domain 2
Domain Index : 2
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 2
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

RRPP Ring :1
Ring Level :0
Node Mode : Transit
Ring State : LinkUp
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet0/0/1 Port status: UP
Secondary port : GigabitEthernet0/0/2 Port status: UP

RRPP Ring :2
Ring Level :1
Node Mode : Edge
Ring State : LinkUp
Is Enabled : Enable Is Active: Yes
Common port : GigabitEthernet0/0/1 Port status: UP
Edge port : GigabitEthernet0/0/3 Port status: UP

RRPP Ring :3

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1071

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Ring Level :1
Node Mode : Edge
Ring State : LinkUp
Is Enabled : Enable Is Active: Yes
Common port : GigabitEthernet0/0/1 Port status: UP
Edge port : GigabitEthernet0/0/4 Port status: UP

You can find that, in Domain 2, the control VLAN is VLAN 10, and the protected
VLAN is the VLAN mapped to Instance 2.
UPEB is a transit node on Ring 1 in Domain 2 and is in LinkUp state.
UPEB is the edge node on Ring 2 in Domain 2 and is in LinkUp state. GE0/0/1 is
the common interface and GE0/0/3 is the edge interface.
UPEB is the edge node on Ring 3 in Domain 2 and is in LinkUp state. GE0/0/1 is
the common interface and GE0/0/4 is the edge interface.
Run the display rrpp verbose domain 1 command on PEAGG. The command
output is as follows:
# Check detailed information about PEAGG in Domain 1.
[PEAGG] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

RRPP Ring :1
Ring Level :0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet0/0/1 Port status: UP
Secondary port : GigabitEthernet0/0/2 Port status: BLOCKED

The command output shows that the control VLAN in Domain 1 is VLAN 5, and
the protected VLANs are the VLANs mapping Instance 1.
PEAGG is the master node in Domain 1 and is in Complete state.
GE0/0/1 is the primary interface and GE0/0/2 is the secondary interface.
# Check detailed information about PEAGG in Domain 2.
[PEAGG] display rrpp verbose domain 2
Domain Index : 2
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 2
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

RRPP Ring :1
Ring Level :0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet0/0/2 Port status: UP
Secondary port : GigabitEthernet0/0/1 Port status: BLOCKED

The command output shows that, in Domain 2, the control VLAN is VLAN 10, and
the protected VLAN is the VLAN mapped to Instance 2.
PEAGG is the master node in Domain 2 and is in Complete state.
GE0/0/2 is the primary interface and GE0/0/1 is the secondary interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1072

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Run the display rrpp ring-group command on UPEB to check the configuration of
the ring group.
# Check the configuration of ring group 1.
[UPEB] display rrpp ring-group 1
Ring Group 1:
domain 1 ring 2 to 3
domain 2 ring 2 to 3
domain 1 ring 2 send Edge-Hello packet

----End

Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
rrpp linkup-delay-timer 1
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 2 node-mode master primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 1
ring 2 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 2 node-mode master primary-port GigabitEthernet0/0/2 secondary-port GigabitEthernet0/0/1
level 1
ring 2 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
return
● CE2 configuration file
#
sysname CE2
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
rrpp linkup-delay-timer 1
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1073

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 3 node-mode master primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 1
ring 3 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 3 node-mode master primary-port GigabitEthernet0/0/2 secondary-port GigabitEthernet0/0/1
level 1
ring 3 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
return

● UPEA configuration file

#
sysname UPEA
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
return

● UPEB configuration file

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1074

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

#
sysname UPEB
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
ring 2 node-mode edge common-port GigabitEthernet0/0/1 edge-port GigabitEthernet0/0/3
ring 2 enable
ring 3 node-mode edge common-port GigabitEthernet0/0/1 edge-port GigabitEthernet0/0/4
ring 3 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
ring 2 node-mode edge common-port GigabitEthernet0/0/1 edge-port GigabitEthernet0/0/3
ring 2 enable
ring 3 node-mode edge common-port GigabitEthernet0/0/1 edge-port GigabitEthernet0/0/4
ring 3 enable
#
rrpp ring-group 1
domain 1 ring 2 to 3
domain 2 ring 2 to 3
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface GigabitEthernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
interface GigabitEthernet0/0/4
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
return
● UPEC configuration file
#
sysname UPEC
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1075

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
ring 2 node-mode assistant-edge common-port GigabitEthernet0/0/2 edge-port GigabitEthernet0/0/4
ring 2 enable
ring 3 node-mode assistant-edge common-port GigabitEthernet0/0/2 edge-port GigabitEthernet0/0/3
ring 3 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
ring 2 node-mode assistant-edge common-port GigabitEthernet0/0/2 edge-port GigabitEthernet0/0/4
ring 2 enable
ring 3 node-mode assistant-edge common-port GigabitEthernet0/0/2 edge-port GigabitEthernet0/0/3
ring 3 enable
#
rrpp ring-group 1
domain 1 ring 2 to 3
domain 2 ring 2 to 3
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface GigabitEthernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
interface GigabitEthernet0/0/4
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
return
● UPED configuration file
#
sysname UPED
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1076

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
return

● PEAGG configuration file

#
sysname PEAGG
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
rrpp linkup-delay-timer 1
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode master primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode master primary-port GigabitEthernet0/0/2 secondary-port GigabitEthernet0/0/1
level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
return

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1077

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Relevant Information
Video

Configure RRPP

18.10.6 Example for Configuring Tangent RRPP Rings with

Multiple Instances

Networking Requirements
As shown in Figure 18-39, on a ring network, idle links are required to forward
data. In this way, data in different VLANs is forwarded along different paths,
improving network efficiency and implementing load balancing.

Figure 18-39 Networking diagram of tangent RRPP rings with multiple instances
UPEB UPEE
GE0/0/1 GE0/0/2
GE0/0/1 GE0/0/2

Domain 1 ring 1

CE GE0/0/2 GE0/0/1 GE0/0/3 GE0/0/1 UPEF

Master 1
UPEA
Master 2 UPED Master 3
VLAN 100-300 GE0/0/1 GE0/0/2 GE0/0/4 GE0/0/2
Domain 2 ring 1 Domain 3 ring 1

GE0/0/2 GE0/0/1 GE0/0/2 GE0/0/1

UPEC UPEG
domain 1
domain 2
domain 3

Data Plan
Table 18-11 shows the mapping between protected VLANs and instances in
Domain 1, Domain 2, and Domain 3.

Table 18-11 Mapping between the protected VLAN and instance

Domain ID Control VLAN Data VLAN Instance ID

Domain 1 VLANs 5 and 6 VLANs 100 to 200 Instance 1

Domain 2 VLANs 10 and 11 VLANs 201 to 300 Instance 2

Domain 3 (on VLANs 20 and 21 VLANs 100 to 300 Instance 1,

UPED) Instance 2, and
Instance 3

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1078

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Domain ID Control VLAN Data VLAN Instance ID

Domain 3 (on VLANs 20 and 21 VLANs 100 to 300 Instance 1

UPEE, UPEF, and
UPEG)

Table 18-12 shows the master node on each ring, and its primary and secondary
interfaces.

Table 18-12 Master node and its primary and secondary interfaces

Ring ID Master Node Primary Port Secondary Port

Ring 1 in Domain UPED GE0/0/1 GE0/0/2

1

Ring 1 in Domain UPED GE0/0/2 GE0/0/1

2

Ring 1 in Domain UPEF GE0/0/1 GE0/0/2

3

Configuration Roadmap
The configuration roadmap is as follows:

1. Create different RRPP domains and control VLANs.

2. Map the VLANs that need to pass through the domain to the instance.
3. Configure interfaces to be added to the RRPP domain on the devices so that
data can pass through the interfaces. Disable protocols that conflict with
RRPP, such as STP.
4. Configure protected VLANs and create RRPP rings in RRPP domains.
a. Add UPEA, UPEB, UPEC, and UPED to Ring 1 in Domain 1 and Ring 1 in
Domain 2.
b. Add UPED, UPEE, UPEF, and UPEG to Ring 1 in Domain 3.
c. Configure UPED as the master node and configure UPEA, UPEB, and
UPEC as transit nodes on Ring 1 in Domain 1 and Ring 1 in Domain 2.
d. Configure UPEF as the master node and configure UPED, UPEE, and
UPEG as transit nodes on Ring 1 in Domain 3.
5. Enable the RRPP ring and RRPP protocol on devices to make RRPP take effect.

Procedure
Step 1 Configure instances, and map it to the data VLANs and control VLANs allowed by
the RRPP interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1079

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

# Configure UPEA. The configurations on UPEB, UPEC, UPED, UPEE, UPEF, and
UPEG are the same as that of UPEA and not mentioned here. For details, see the
configuration files.
<HUAWEI> system-view
[HUAWEI] sysname UPEA
[UPEA] stp region-configuration
[UPEA-mst-region] instance 1 vlan 5 6 100 to 200
[UPEA-mst-region] instance 2 vlan 10 11 201 to 300
[UPEA-mst-region] active region-configuration
[UPEA-mst-region] quit

Step 2 Configure the interfaces to be added into the RRPP rings.

# Configure UPEA. The configurations on UPEB, UPEC, UPED, UPEE, UPEF, and
UPEG are the same as that of UPEA and not mentioned here. For details, see the
configuration files.
[UPEA] vlan batch 100 to 300
[UPEA] interface gigabitethernet 0/0/1
[UPEA-GigabitEthernet0/0/1] port link-type trunk
[UPEA-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[UPEA-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 to 300
[UPEA-GigabitEthernet0/0/1] stp disable
[UPEA-GigabitEthernet0/0/1] quit
[UPEA] interface gigabitethernet 0/0/2
[UPEA-GigabitEthernet0/0/2] port link-type trunk
[UPEA-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1
[UPEA-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 to 300
[UPEA-GigabitEthernet0/0/2] stp disable
[UPEA-GigabitEthernet0/0/2] quit

Step 3 Create RRPP domains and configure protected VLANs and control VLANs.

# Configure UPEA. The configurations on UPEB, UPEC, UPED, UPEE, UPEF, and
UPEG are similar to that on UPEA and not mentioned here. For details, see the
configuration files.
[UPEA] rrpp domain 1
[UPEA-rrpp-domain-region1] protected-vlan reference-instance 1
[UPEA-rrpp-domain-region1] control-vlan 5
[UPEA-rrpp-domain-region1] quit
[UPEA] rrpp domain 2
[UPEA-rrpp-domain-region2] protected-vlan reference-instance 2
[UPEA-rrpp-domain-region2] control-vlan 10
[UPEA-rrpp-domain-region2] quit

Step 4 Create RRPP rings.

# Configure UPEA as a transit node on Ring 1 in Domain 1 and specify primary

and secondary interfaces on UPEA.
[UPEA] rrpp domain 1
[UPEA-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[UPEA-rrpp-domain-region1] ring 1 enable
[UPEA-rrpp-domain-region1] quit

# Configure UPEA as a transit node on Ring 1 in Domain 2 and specify primary

and secondary interfaces on UPEA.
[UPEA] rrpp domain 2
[UPEA-rrpp-domain-region2] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[UPEA-rrpp-domain-region2] ring 1 enable
[UPEA-rrpp-domain-region2] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1080

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

# Configure UPEB as a transit node on Ring 1 in Domain 1 and specify primary

and secondary interfaces on UPEB.
[UPEB] rrpp domain 1
[UPEB-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[UPEB-rrpp-domain-region1] ring 1 enable
[UPEB-rrpp-domain-region1] quit

# Configure UPEB as a transit node on Ring 1 in Domain 2 and specify primary

and secondary interfaces on UPEB.
[UPEB] rrpp domain 2
[UPEB-rrpp-domain-region2] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[UPEB-rrpp-domain-region2] ring 1 enable
[UPEB-rrpp-domain-region2] quit

# Configure UPEC as a transit node on Ring 1 in Domain 1 and specify primary

and secondary interfaces on UPEC.
[UPEC] rrpp domain 1
[UPEC-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[UPEC-rrpp-domain-region1] ring 1 enable
[UPEC-rrpp-domain-region1] quit

# Configure UPEC as a transit node on Ring 1 in Domain 2 and specify primary

and secondary interfaces on UPEC.
[UPEC] rrpp domain 2
[UPEC-rrpp-domain-region2] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[UPEC-rrpp-domain-region2] ring 1 enable
[UPEC-rrpp-domain-region2] quit

# Configure UPED as the master node on Ring 1 in Domain 1 and specify GE0/0/1
as the primary interface and GE0/0/2 as the secondary interface on UPED.
[UPED] rrpp domain 1
[UPED-rrpp-domain-region1] ring 1 node-mode master primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[UPED-rrpp-domain-region1] ring 1 enable
[UPED-rrpp-domain-region1] quit

# Configure UPED as the master node on Ring 1 in Domain 2 and specify GE0/0/2
as the primary interface and GE0/0/1 as the secondary interface on UPED.
[UPED] rrpp domain 2
[UPED-rrpp-domain-region2] ring 1 node-mode master primary-port gigabitethernet 0/0/2 secondary-
port gigabitethernet 0/0/1 level 0
[UPED-rrpp-domain-region2] ring 1 enable
[UPED-rrpp-domain-region2] quit

# Configure UPED as a transit node on Ring 1 in Domain 3 and specify primary

and secondary interfaces on UPED.
[UPED] rrpp domain 3
[UPED-rrpp-domain-region3] ring 1 node-mode transit primary-port gigabitethernet 0/0/3 secondary-
port gigabitethernet 0/0/4 level 0
[UPED-rrpp-domain-region3] ring 1 enable
[UPED-rrpp-domain-region3] quit

# Configure UPEE as a transit node on Ring 1 in Domain 3 and specify primary

and secondary interfaces on UPEE.
[UPEE] rrpp domain 3
[UPEE-rrpp-domain-region3] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1081

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

port gigabitethernet 0/0/2 level 0

[UPEE-rrpp-domain-region3] ring 1 enable
[UPEE-rrpp-domain-region3] quit

# Configure UPEF as the master node on Ring 1 in Domain 3 and specify GE0/0/1
as the primary interface and GE0/0/2 as the secondary interface on UPEF.

[UPEF] rrpp domain 3

[UPEF-rrpp-domain-region3] ring 1 node-mode master primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[UPEF-rrpp-domain-region3] ring 1 enable
[UPEF-rrpp-domain-region3] quit

# Configure UPEG as a transit node on Ring 1 in Domain 3 and specify primary

and secondary interfaces.
[UPEG] rrpp domain 3
[UPEG-rrpp-domain-region3] ring 1 node-mode transit primary-port gigabitethernet 0/0/1 secondary-
port gigabitethernet 0/0/2 level 0
[UPEG-rrpp-domain-region3] ring 1 enable
[UPEG-rrpp-domain-region3] quit

Step 5 Enable RRPP.

# Configure UPEA. The configurations on UPEB, UPEC, UPED, UPEE, UPEF, and
UPEG are the same as that of UPEA and not mentioned here. For details, see the
configuration files.
[UPEA] rrpp enable

Step 6 Verify the configuration.

After the preceding configurations are complete and the network topology
becomes stable, perform the following operations to verify the configuration.
UPED is used as an example.
# Run the display rrpp brief command on UPED. The command output is as
follows:
[UPED] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge

RRPP Protocol Status: Enable

RRPP Working Mode: HW
RRPP Linkup Delay Timer: 0 sec (0 sec default)
Number of RRPP Domains: 3

Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

Ring Ring Node Primary/Common Secondary/Edge Is

ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
1 0 M GigabitEthernet0/0/1 GigabitEthernet0/0/2 Yes

Domain Index : 2
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 2
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

Ring Ring Node Primary/Common Secondary/Edge Is

ID Level Mode Port Port Enabled
----------------------------------------------------------------------------

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1082

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

1 0 M GigabitEthernet0/0/2 GigabitEthernet0/0/1 Yes

Domain Index : 3
Control VLAN : major 20 sub 21
Protected VLAN : Reference Instance 1 to 3
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

Ring Ring Node Primary/Common Secondary/Edge Is

ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
1 0 T GigabitEthernet0/0/3 GigabitEthernet0/0/4 Yes

The command output shows that RRPP is enabled on UPED.

In Domain 1:
The major control VLAN is VLAN 5, and the protected VLANs are the VLANs
mapped to Instance 1.
UPED is the master node on Ring 1. GigabitEthernet0/0/1 is the primary interface
and GigabitEthernet0/0/2 is the secondary interface.
In Domain 2:
The major control VLAN is VLAN 10, and the protected VLANs are the VLANs
mapped to Instance 2.
UPED is the master node on Ring 1. GigabitEthernet0/0/2 is the primary interface
and GigabitEthernet0/0/1 is the secondary interface.
In Domain 3:
The major control VLAN is VLAN 20, and the protected VLANs are the VLANs
mapped to instances 1 to 3.
UPED is a transit node on Ring 1. GigabitEthernet0/0/3 is the primary interface
and GigabitEthernet0/0/4 is the secondary interface.
Run the display rrpp verbose domain command on UPED. The command output
is as follows:
# Check detailed information about UPED in Domain 1.
[UPED] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

RRPP Ring :1
Ring Level :0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet0/0/1 Port status: UP
Secondary port : GigabitEthernet0/0/2 Port status: BLOCKED

The command output shows that the control VLAN in Domain 1 is VLAN 5, and
the protected VLANs are the VLANs mapping Instance 1.
UPED is the master node in Domain 1 and is in Complete state.
The primary interface is GigabitEthernet0/0/1 and the secondary interface is
GigabitEthernet0/0/2.
# Check detailed information about UPED in Domain 2.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1083

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

[UPED] display rrpp verbose domain 2

Domain Index : 2
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 2
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

RRPP Ring :1
Ring Level :0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet0/0/2 Port status: UP
Secondary port : GigabitEthernet0/0/1 Port status: BLOCKED

The command output shows that, in Domain 2, the control VLAN is VLAN 10, and
the protected VLAN is the VLAN mapped to Instance 2.
UPED is the master node in Domain 2 and is in Complete state.
The primary interface is GigabitEthernet0/0/2 and the secondary interface is
GigabitEthernet0/0/1.
# Check detailed information about UPED in Domain 3.
[UPED] display rrpp verbose domain 3
Domain Index : 3
Control VLAN : major 20 sub 21
Protected VLAN : Reference Instance 1 to 3
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)

RRPP Ring :1
Ring Level :0
Node Mode : Transit
Ring State : LinkUp
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet0/0/3 Port status: UP
Secondary port : GigabitEthernet0/0/4 Port status: UP

The command output shows that, in Domain 3, the control VLAN is VLAN 20 and
the protected VLANs are the VLANs mapped to instances 1 to 3.
UPED is a transit node in Domain 3 and is in LinkUp state.
The primary interface is GigabitEthernet0/0/3 and the secondary interface is
GigabitEthernet0/0/4.

----End

Configuration Files
● UPEA configuration file
#
sysname UPEA
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1084

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2

level 0
ring 1 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
return
● UPEB configuration file
#
sysname UPEB
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
return
● UPEC configuration file
#
sysname UPEC
#
vlan batch 5 to 6 10 to 11 100 to 300
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1085

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
return
● UPED configuration file
#
sysname UPED
#
vlan batch 5 to 6 10 to 11 20 to 21 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
instance 3 vlan 20 to 21
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode master primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode master primary-port GigabitEthernet0/0/2 secondary-port GigabitEthernet0/0/1
level 0
ring 1 enable
rrpp domain 3
control-vlan 20
protected-vlan reference-instance 1 to 3
ring 1 node-mode transit primary-port GigabitEthernet0/0/3 secondary-port GigabitEthernet0/0/4
level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1086

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300

stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface GigabitEthernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
interface GigabitEthernet0/0/4
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
return
● UPEE configuration file
#
sysname UPEE
#
vlan batch 20 to 21 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 20 to 21 100 to 300
active region-configuration
#
rrpp domain 3
control-vlan 20
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
return
● UPEF configuration file
#
sysname UPEF
#
vlan batch 20 to 21 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 20 to 21 100 to 300
active region-configuration
#
rrpp domain 3
control-vlan 20

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1087

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

protected-vlan reference-instance 1
ring 1 node-mode master primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
return
● UPEG configuration file
#
sysname UPEG
#
vlan batch 20 to 21 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 20 to 21 100 to 300
active region-configuration
#
rrpp domain 3
control-vlan 20
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet0/0/1 secondary-port GigabitEthernet0/0/2
level 0
ring 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
return

Relevant Information
Video
Configure RRPP

18.11 Troubleshooting RRPP

18.11.1 A Loop Occurs After the RRPP Configuration is

Complete

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1088

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Fault Description
After the RRPP configuration is complete, a loop occurs.

This fault is commonly caused by one of the following:

● RRPP is incorrectly configured.
● The values of the Fail timers are set different on the devices of the ring.

Procedure
Step 1 Check whether nodes are correctly configured on the RRPP ring.

Run the display this command in the RRPP domain view on nodes of the ring to
check RRPP configurations.

Check whether nodes on the RRPP ring are located in the same domain, whether
the control VLAN map the instance, and whether only one master node exists on
the RRPP ring.
● If a fault occurs in the preceding configurations, see 18 RRPP Configuration.
● If the preceding configurations are correct, go to step 2.

Step 2 Check whether the values of Fail timers are set the same on nodes of the RRPP
ring.

Run the display rrpp verbose domain domain-id command in any view to check
detailed information about the RRPP configuration.

If the values of the Fail timer are set different on nodes of the RRPP ring, see 18
RRPP Configuration.

----End

18.12 FAQ About RRPP

18.12.1 Why Does a Broadcast Storm Occur When the

Secondary Port of the Master Node Is Blocked?
After an RRPP ring network is built, the master node and transit nodes work
properly. The secondary port on the master node has been blocked. However, a
broadcast storm still occurs when unknown unicast packets are sent to the RRPP
ring network.

On some RRPP nodes, data VLANs are not added to the control VLAN instance,
causing a failure to block data VLANs. Consequently, a broadcast storm occurs.
The problem can be solved after the data VLANs are added to the control VLAN
instance.

18.12.2 Can Data Packets Be Blocked in the Control VLAN of

RRPP?

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1089

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 18 RRPP Configuration

Data packets are not blocked in the control VLAN though the control VLAN is
configured in the instance.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1090

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

19 ERPS (G.8032) Configuration

About This Chapter

This chapter describes how to configure Ethernet Ring Protection Switching

(ERPS). ERPS is a protocol defined by the International Telecommunication Union
- Telecommunication Standardization Sector (ITU-T) to eliminate loops at Layer 2.
It implements convergence of carrier-class reliability standards, and allows all
ERPS-capable devices on a ring network to communicate.

19.1 Overview of ERPS

19.2 Understanding ERPS
19.3 Application Scenarios for ERPS
19.4 Summary of ERPS Configuration Tasks
19.5 Licensing Requirements and Limitations for ERPS
19.6 Default Settings for ERPS
19.7 Configuring ERPSv1
19.8 Configuring ERPSv2
19.9 Configuring the ERPS over VPLS Function
19.10 Clearing ERPS Statistics
19.11 Configuration Examples for ERPS
19.12 Troubleshooting ERPS

19.1 Overview of ERPS

Definition
ERPS is a protocol defined by the International Telecommunication Union -
Telecommunication Standardization Sector (ITU-T) to eliminate loops at Layer 2.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1091

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Because the standard number is ITU-T G.8032/Y1344, ERPS is also called G.8032.
ERPS defines Ring Auto Protection Switching (RAPS) Protocol Data Units (PDUs)
and protection switching mechanisms.
ERPS has two versions: ERPSv1 released by ITU-T in June 2008 and ERPSv2
released in August 2010. ERPSv2, fully compatible with ERPSv1, provides the
following enhanced functions:
● Multi-ring topologies, such as intersecting rings
● RAPS PDU transmission on virtual channels (VCs) and non-virtual-channels
(NVCs) in sub-rings
● Forced Switch (FS) and Manual Switch (MS)
● Revertive and non-revertive switching

Purpose
Generally, redundant links are used on an Ethernet switching network such as a
ring network to provide link backup and enhance network reliability. The use of
redundant links, however, may produce loops, causing broadcast storms and
rendering the MAC address table unstable. As a result, communication quality
deteriorates, and communication services may even be interrupted. Table 19-1
describes ring network protocols supported by devices.

Table 19-1 Ring network protocols supported by devices

Ring Network Advantage Disadvantage
Protocol

RRPP Provides fast convergence ● Supports only level-1

and carrier-class reliability. sub-ring in ring
networking.
● Is a Huawei proprietary
protocol that cannot be
used for communication
between Huawei and
non-Huawei devices.

STP/RSTP/MSTP ● Applies to all Layer 2 Provides low convergence

networks. on a large network, which
● Is a standard IEEE cannot meet the carrier-
protocol that allows class reliability requirement.
Huawei devices to
communicate with non-
Huawei devices.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1092

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Ring Network Advantage Disadvantage

Protocol

SEP ● Applies to all Layer 2 Is a Huawei proprietary

networks. protocol that cannot be
● Provides fast used for communication
convergence and carrier- between Huawei and non-
class reliability. Huawei devices.
● Displays the topology of
an entire ring,
facilitating fault location
and device maintenance.

ERPS ● Provides fast Requires the network

convergence and carrier- topology to be planned in
class reliability. advance. The configuration
● Is a standard ITU-T is complex.
protocol that allows
Huawei devices to
communicate with non-
Huawei devices.
● Supports single-ring and
multi-ring topologies in
ERPSv2.

Ethernet networks demand faster protection switching. STP does not meet the
requirement for fast convergence. RRPP and SEP are Huawei proprietary ring
protocols, which cannot be used for communication between Huawei and non-
Huawei devices on a ring network.
ERPS, a standard ITU-T protocol, prevent loops on ring networks. It optimizes
detection and performs fast convergence. ERPS allows all ERPS-capable devices on
a ring network to communicate.

Benefits
● Prevents broadcast storms and implements fast traffic switchover on a
network where there are loops.
● Provides fast convergence and carrier-class reliability.
● Allows all ERPS-capable devices on a ring network to communicate.

19.2 Understanding ERPS

19.2.1 Basic Concepts of ERPS

ERPS eliminates loops at the link layer of an Ethernet network. ERPS works for
ERPS rings. There are several nodes in an ERPS ring. ERPS blocks the RPL owner

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1093

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

port and controls common ports to switch the port status between Forwarding
and Discarding and eliminate loops. ERPS uses the control VLAN, data VLAN, and
Ethernet Ring Protection (ERP) instance.
On the network shown in Figure 19-1, SwitchA through SwitchD constitute a ring
and are dual-homed to the upstream network. This access mode will cause a loop
on the entire network. To eliminate redundant links and ensure link connectivity,
ERPS is used to prevent loops.

Figure 19-1 ERPS single-ring networking

Network

Router1 Router2

SwitchA SwitchD

ERPS

RPL SwitchC
SwitchB

User
network

RPL owner
RPL neighbour

ERPS can be deployed on the network shown in Figure 19-1.

ERPS Ring
An ERPS ring consists of interconnected Layer 2 switching devices configured with
the same control VLAN.
An ERPS ring can be a major ring or a sub-ring. By default, an ERPS ring is a major
ring. The major ring is a closed ring, whereas a sub-ring is a non-closed ring. The
major ring and sub-ring are configured using commands. On the network shown
in Figure 19-2, SwitchA through SwitchD constitute a major ring, and SwitchC
through SwitchF constitute a sub-ring.
Only ERPSv2 supports sub-rings.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1094

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Figure 19-2 ERPS major ring and sub-ring networking

SwitchC
SwitchA SwitchE

Major Ring Sub-Ring

SwitchB SwitchF

SwitchD

Node
A node refers to a Layer 2 switching device added to an ERPS ring. A maximum of
two ports on each node can be added to the same ERPS ring. SwitchA through
SwitchD in Figure 19-2 are nodes in an ERPS major ring.

Port Role
ERPS defines three port roles: RPL owner port, RPL neighbor port (only in ERPSv2),
and common port.
● RPL owner port
An RPL owner port is responsible for blocking traffic over the Ring Protection
Link (RPL) to prevent loops. An ERPS ring has only one RPL owner port.
When the node on which the RPL owner port resides receives an RAPS PDU
indicating a link or node fault in an ERPS ring, the node unblocks the RPL
owner port. Then the RPL owner port can send and receive traffic to ensure
nonstop traffic forwarding.
The link where the RPL owner port resides is the RPL.
● RPL neighbor port
An RPL neighbor port is directly connected to an RPL owner port.
Both the RPL owner port and RPL neighbor ports are blocked in normal
situations to prevent loops.
If an ERPS ring fails, both the RPL owner and neighbor ports are unblocked.
The RPL neighbor port helps reduce the number of FDB entry updates on the
device where the RPL neighbor port resides.
● Common port
Common ports are ring ports other than the RPL owner and neighbor ports.
A common port monitors the status of the directly connected ERPS link and
sends RAPS PDUs to notify the other ports of its link status changes.

Port Status
On an ERPS ring, an ERPS-enabled port has two statuses:
● Forwarding: forwards user traffic and sends and receives RAPS PDUs.
● Discarding: only sends and receives RAPS PDUs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1095

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Control VLAN
A control VLAN is configured in an ERPS ring to transmit RAPS PDUs.

Each ERPS ring must be configured with a control VLAN. After a port is added to
an ERPS ring configured with a control VLAN, the port is added to the control
VLAN automatically.

Different ERPS rings must use different control VLANs.

Data VLAN
Unlike control VLANs, data VLANs are used to transmit data packets.

ERP Instance
On a Layer 2 device running ERPS, the VLAN in which RAPS PDUs and data
packets are transmitted must be mapped to an Ethernet Ring Protection (ERP)
instance so that ERPS forwards or blocks the packets based on configured rules. If
the mapping is not configured, the preceding packets may cause broadcast storms
on the ring network. As a result, the network becomes unavailable.

Timer
ERPS defines four timers: Guard timer, WTR timer, Holdoff timer, and WTB timer
(only in ERPSv2).
● Guard timer
After a faulty link or node recovers or a clear operation is executed, the device
sends RAPS No Request (NR) messages to inform the other nodes of the link
or node recovery and starts the Guard timer. Before the Guard timer expires,
the device does not process any RAPS (NR) messages to avoid receiving out-
of-date RAPS (NR) messages. After the Guard timer expires, if the device still
receives an RAPS (NR) message, the local port enters the Forwarding state.
● WTR timer
If an RPL owner port is unblocked due to a link or node fault, the involved
port may not go Up immediately after the link or node recovers. Blocking the
RPL owner port may cause network flapping. To prevent this problem, the
node where the RPL owner port resides starts the wait to restore (WTR) timer
after receiving an RAPS (NR) message. If the node receives an RAPS Signal
Fail (SF) message before the timer expires, it terminates the WTR timer. If the
node does not receive any RAPS (SF) message before the timer expires, it
blocks the RPL owner port when the timer expires and sends an RAPS (no
request, root blocked) message. After receiving this RAPS (NR, RB) message,
the nodes set their recovered ports on the ring to the Forwarding state.
● Holdoff timer
On Layer 2 networks running ERPS, there may be different requirements for
protection switching. For example, on a network where multi-layer services
are provided, after a server fails, users may require a period of time to rectify
the server fault so that clients do not detect the fault. You can set the Holdoff
timer. If the fault occurs, the fault is not immediately sent to ERPS until the
Holdoff timer expires.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1096

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

● WTB timer
The wait to block (WTB) timer starts when Forced Switch (FS) or Manual
Switch (MS) is performed. Because multiple nodes on an ERPS ring may be in
FS or MS state, the clear operation takes effect only after the WTB timer
expires. This prevents the RPL owner port from being blocked immediately.
The WTB timer value cannot be configured. Its value is the Guard timer value
plus 5. The default WTB timer value is 7s.

Revertive and Non-revertive Switching

After link faults in an ERPS ring are rectified, re-blocking the RPL owner port
depends on the switching mode:

● In revertive switching, the RPL owner port is re-blocked after the WTR timer
expires, and the RPL is blocked.
● In non-revertive switching, the WTR timer is not started, and the original
faulty link is still blocked.

ERPS rings use revertive switching by default.

ERPSv1 supports only revertive switching. ERPSv2 supports both revertive and non-
revertive switching.

Port Blocking Modes

Because the Ring Protection Link (RPL) may have high bandwidth, you can block
the low-bandwidth link so that user traffic can be transmitted on the RPL. ERPSv2
supports both Forced Switch (FS) and Manual Switch (MS) modes for blocking an
ERPS port:
● FS: forcibly blocks a port immediately after FS is configured, irrespective of
whether link failures have occurred.
● MS: blocks a port on which MS is configured when the ERPS ring is in Idle or
Pending state.

In addition to FS and MS operations, ERPS also supports the clear operation. The
clear operation has the following functions:
● Clears an existing FS or MS operation.
● Triggers revertive switching before the WTR or WTB timer expires in the case
of revertive switching operations.
● Triggers revertive switching in the case of non-revertive switching operations.

Only ERPSv2 supports port blocking modes.

RAPS PDU Transmission Mode in a Sub-ring

ERPSv2 supports single-ring and multi-ring topologies. In multi-ring topologies,
both the virtual channel (VC) and non-virtual-channel (NVC) can be used to
transmit RAPS PDUs in sub-rings.

● VC: RAPS PDUs in sub-rings are transmitted to the major ring through
interconnected nodes. The RPL owner port of the sub-ring blocks both RAPS
PDUs and data traffic.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1097

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

● NVC: RAPS PDUs in sub-rings are terminated on the interconnected nodes.

The RPL owner port blocks data traffic but not RAPS PDUs in each sub-ring.
On the network shown in Figure 19-3, a major ring is interconnected with two
sub-rings. The sub-ring on the left has a VC, whereas the sub-ring on the right has
an NVC.

Figure 19-3 Interconnected rings with a VC or NVC

Major Ring

Sub-Ring Sub-Ring
with virtual without
channel virtual
channel

Ethernet Ring Node

Interconnection Node

RPL owner Interface

RAPS Virtual Channel

By default, sub-rings use NVCs to transmit RAPS PDUs, except for the scenario
shown in Figure 19-4.
NOTE

When sub-ring links are discontiguous, VCs must be used.

On the network shown in Figure 19-4, links b and d belong to major rings 1 and 2
respectively; links a and c belong to the sub-ring. As links a and c are
discontiguous, they cannot detect the status change between each other, so VCs
must be used for RAPS PDU transmission.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1098

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Figure 19-4 VC networking

a

Sub-Ring
with virtual
channel
b d
Major Major
Ring1 Ring2
c

Ethernet Ring Node

Interconnection Node

RPL owner Interface

RAPS Virtual Channel

Table 19-2 lists the advantages and disadvantages of RAPS PDU transmission
modes in sub-rings with VCs or NVCs.

Table 19-2 Comparison between RAPS PDU transmission modes in a sub-ring with
VCs or NVCs

RAPS Advantage Disadvantage

PDU
Transmis
sion
Mode in
a Sub-
ring

VC Applies to scenarios in Requires VC resource reservation and

which sub-ring links are controls VLAN assignment from
discontiguous. adjacent rings.

NVC Does not need to reserve Is not applicable to scenarios in

resources or control VLAN which sub-ring links are
assignment from adjacent discontiguous.
rings.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1099

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

19.2.2 RAPS PDUs

ERPS protocol packets are called Ring Auto Protection Switching (RAPS) Protocol
Data Units (PDUs), which are transmitted in ERPS rings to convey ERPS ring
information. Figure 19-5 shows the RAPS PDU format.

Figure 19-5 RAPS PDU format

1 2 3 4
8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1
1
MEL Version(0) OpCode(R-APS=40) Flags(0) TLV Offset(32)
5

... R-APS Specific Information(32 octets)

...
37
[optional TLV starts here;otherwise End TLV]
last End TLV(0)

Table 19-3 describes the fields in an RAPS PDU.

Table 19-3 Fields in an RAPS PDU

Field Leng Description

th

MEL 3 bits Identifies the maintenance entity group (MEG) level

of the RAPS PDU.

Version 5 bits ● 0x00: ERPSv1

● 0x01: ERPSv2

OpCode 8 bits Indicates an RAPS PDU. The value of this field is 0x28.

Flags 8 bits Is ignored upon RAPS PDU receiving. The value of this
field is 0x00.

TLV Offset 8 bits Indicates that the TLV starts after an offset of 32
bytes. The value of this field is 0x20.

R-APS Specific 32x8 Is the core field in an RAPS PDU and carries ERPS ring
Information bits information. There are differences between sub-fields
in ERPSv1 and ERPSv2. Figure 19-6 shows the R-APS
Specific Information field format in ERPSv1. Figure
19-7 shows the R-APS Specific Information field
format in ERPSv2.

TLV Not Describes information to be loaded. The end TLV

limite value is 0x00.
d

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1100

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Figure 19-6 Format of the R-APS Specific Information field in ERPSv1

1 2 3 4
8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1

Request/ Status Node ID(6 octets)

Reserved
State 1 R D
B N Status Reserved
F

(Node ID)

Reserved 2(24 octets)

Figure 19-7 Format of the R-APS Specific Information field in ERPSv2

Table 19-4 describes sub-fields in the R-APS Specific Information field.

Table 19-4 Sub-fields in the R-APS Specific Information field

Sub-Field Length Description

Request/ 4 bits Indicates that this RAPS PDU is a request or state PDU.
State The value can be:
● 1101: forced switch (FS)
● 1110: Event
● 1011: signal failed (SF)
● 0111: manual switch (MS)
● 0000: no request (NR)
● Others: reserved

Reserved 4 bits Reserved 1 is used in ERPSv1 for message reply or

1 protection identifier.
Sub-code is used in ERPSv2. The value depends on the
Request/State field value:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1101

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Sub-Field Length Description

Sub-code ● If the Request/State field value is 1110, the Sub-

code value is 0000, indicating FDB entry update.
● If the Request/State field value is any other value
than 1110, the Sub-code value is 0000 and ignored
upon RAPS PDU receiving.

Status 8 bits Includes the following status information:

● RPL Blocked (RB) (1 bit): The value 1 indicates that
the RPL owner port is blocked; the value 0 indicates
that the RPL owner port is unblocked. The nodes
where the RPL owner port is not configured set this
sub-field to 0 in outgoing RAPS PDUs.
● Do Not Flush (DNF) (1 bit): The value 1 indicates
that FDB entries are not updated when RAPS PDUs
are received; the value 0 indicates that FDB entries
may be updated when RAPS PDUs are received.
● Blocked port reference (BPR) (1 bit): The value 0
indicates that ring link 0 is blocked; The value 1
indicates that ring link 1 is blocked.
BPR is valid only in ERPSv2.
● Status Reserved: This sub-field is reserved. This sub-
field is all 0s during RAPS PDU transmission, and is
ignored upon RAPS PDU receiving. In ERPSv1, this
sub-field has 6 bits. In ERPSv2, this sub-field has 5
bits.

Node ID 6 x 8 bits Identifies the MAC address of a node in an ERPS ring.

It is informational and does not affect protection
switching in the ERPS ring.

Reserved 24 x 8 bits Is reserved and ignored upon RAPS PDU receiving. The
2 value is all 0 during RAPS PDU transmission.

19.2.3 ERPS Single-ring Implementation

ERPS is a standard ring protocol used to prevent loops in ERPS rings at the
Ethernet link layer. A maximum of two ports on each Layer 2 switching device can
be added to the same ERPS ring.
To prevent loops in an ERPS ring, you can enable a loop-breaking mechanism to
block the Ring Protection Link (RPL) owner port to eliminate loops. If a link on the
ring network fails, the ERPS-enabled device immediately unblocks the blocked
port and performs link switching to restore communication between nodes on the
ring network.
This section describes how ERPS is implemented on a single-ring network when
links are normal, when a link fails, and when the link recovers (including
protection switching operations).

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1102

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Links Are Normal

On the network shown in Figure 19-8, SwitchA through SwitchE constitute a ring
network, and they can communicate with each other.
1. To prevent loops, ERPS blocks the RPL owner port and also the RPL neighbor
port (if any is configured). All other ports can transmit service traffic.
2. The RPL owner port sends RAPS (NRRB) messages to all other nodes in the
ring at an interval of 5s, indicating that ERPS links are normal.

Figure 19-8 ERPS single-ring networking (links are normal)

Network

Router1 Router2

SwitchA SwitchE

ERPS

RPL SwitchD
SwitchB

RPL owner SwitchC

User
network

Blocked Interface
Data Flow

A Link Fails
As shown in Figure 19-9, if the link between SwitchD and SwitchE fails, the ERPS
protection switching mechanism is triggered. The ports on both ends of the faulty
link are blocked, and the RPL owner port and RPL neighbor port are unblocked to
send and receive traffic. This mechanism ensures nonstop traffic transmission. The
process is as follows:

1. After SwitchD and SwitchE detect the link fault, they block their ports on the
faulty link and update Filtering Database (FDB) entries.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1103

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

2. SwitchD and SwitchE send three consecutive RAPS Signal Fail (SF) messages
to the other LSWs and send one RAPS (SF) message at an interval of 5s
afterwards.
3. After receiving an RAPS (SF) message, the other LSWs update their FDB
entries. SwitchC on which the RPL owner port resides and SwitchB on which
the RPL neighbor port resides unblock the respective RPL owner port and RPL
neighbor port, and update FDB entries.

Figure 19-9 ERPS single-ring networking (unblocking the RPL owner port and RPL
neighbor port if a link fails)

Network

Router1 Router2

SwitchA SwitchE

ERPS

SwitchB RPL
SwitchD

RPL owner SwitchC

User
network Failed Link
Blocked Interface
Data Flow

The Link Recovers

After the link fault is rectified, either of two situations may occur:
● If the ERPS ring uses revertive switching, the RPL owner port is blocked again,
and the link that has recovered is used to forward traffic.
● If the ERPS ring uses non-revertive switching, the RPL remains unblocked, and
the link that has recovered is still blocked.
The following example uses revertive switching to illustrate the process after the
link recovers.
1. After the link between SwitchD and SwitchE recovers, SwitchD and SwitchE
start the Guard timer to avoid receiving out-of-date RAPS PDUs. The two

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1104

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

switches do not receive any RAPS PDUs before the timer expires. At the same
time, SwitchD and SwitchE send RAPS (NR) messages to the other LSWs.
2. After receiving an RAPS (NR) message, SwitchC on which the RPL owner port
resides starts the WTR timer. After the WTR timer expires, SwitchC blocks the
RPL owner port and sends RAPS (NR, RB) messages.
3. After receiving an RAPS (NR, RB) message, SwitchD and SwitchE unblock the
ports at the two ends of the link that has recovered, stop sending RAPS (NR)
messages, and update FDB entries. The other LSWs also update FDB entries
after receiving an RAPS (NR, RB) message.

Protection Switching
● Forced switch
On the network shown in Figure 19-10, SwitchA through SwitchE in the ERPS
ring can communicate with each other. A forced switch (FS) operation is
performed on the SwitchE's port that connects to SwitchD, and the SwitchE's
port is blocked. Then the RPL owner port and RPL neighbor port are
unblocked to send and receive traffic. This mechanism ensures nonstop traffic
transmission. The process is as follows:
a. After the SwitchD's port that connects to SwitchE is forcibly blocked,
SwitchE update FDB entries.
b. SwitchE sends three consecutive RAPS (SF) messages to the other LSWs
and sends one RAPS (SF) message at an interval of 5s afterwards.
c. After receiving an RAPS (SF) message, the other LSWs update their FDB
entries. SwitchC on which the RPL owner port resides and SwitchB on
which the RPL neighbor port resides unblock the respective RPL owner
port and RPL neighbor port, and update FDB entries.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1105

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Figure 19-10 Layer 2 ERPS ring networking (blocking a port in FS mode)

Network

Router1 Router2

SwitchA SwitchE

ERPS

SwitchB RPL
SwitchD

RPL owner SwitchC

User
network
Blocked Interface
Data Flow

● Clear
After a clear operation is performed on SwitchE, the port that is forcibly
blocked by FS sends RAPS (NR) messages to all other ports in the ERPS ring.
– If the ERPS ring uses revertive switching, the RPL owner port starts the
WTB timer after receiving an RAPS (NR) message. After the WTB timer
expires, the FS operation is cleared. Then the RPL owner port is blocked,
and the blocked port on SwitchE is unblocked. If you perform a clear
operation on SwitchC on which the RPL owner port resides before the
WTB timer expires, the RPL owner port is immediately blocked, and the
blocked port on SwitchE is unblocked.
– If the ERPS ring uses non-revertive switching and you want to block the
RPL owner port, perform a clear operation on SwitchC on which the RPL
owner port resides.
● Manual switch
The MS process in an ERPS ring is similar to the FS process. The difference is
that the MS operation does not take effect when the ERPS ring is not idle or
pending.

19.2.4 ERPS Multi-ring Implementation

Ethernet Ring Protection Switching Version 1 (ERPSv1) supports only single-ring
topology, whereas ERPSv2 supports single-ring and multi-ring topologies.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1106

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

A multi-ring network consists of one or more major rings and sub-rings. A sub-
ring can have a virtual channel (VC) or non-virtual channel (NVC), depending on
whether RAPS PDUs in the sub-ring will be transmitted to a major ring.
This section describes how ERPS is implemented on a multi-ring network where
sub-rings use NVCs when links are normal, when a link fails, and when the link
recovers.

Links Are Normal

On the multi-ring network shown in Figure 19-11, SwitchA through SwitchE
constitute a major ring; SwitchB, SwitchC, and SwitchF constitute sub-ring 1, and
SwitchC, SwitchD, and SwitchG constitute sub-ring 2. The LSWs in each ring can
communicate with each other.
1. To prevent loops, each ring blocks its RPL owner port. All other ports can
transmit service traffic.
2. The RPL owner port on each ring sends RAPS (NRRB) messages to all other
nodes in the same ring at an interval of 5s. The RAPS (NRRB) messages in the
major ring are transmitted only in this ring. The RAPS (NRRB) messages in
each sub-ring are terminated on the interconnected nodes and therefore are
not transmitted to the major ring.
Traffic between PC1 and the upper-layer network travels along the path PC1 ->
SwitchF -> SwitchB -> SwitchA -> Router1; traffic between PC2 and the upper-
layer network travels along the path PC2 -> SwitchG -> SwitchD -> SwitchE ->
Router2.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1107

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Figure 19-11 ERPS multi-ring networking (links are normal)

Network

Router1 Router2

SwitchA SwitchE

Major Ring SwitchD

SwitchB
L
RP

Sub-Ring2
Sub-Ring1 RP
L SwitchC L
RP

SwitchF SwitchG

PC1 PC2

RPL owner
Data Flow

A Link Fails
As shown in Figure 19-12, if the link between SwitchD and SwitchG fails, the ERPS
protection switching mechanism is triggered. The ports on both ends of the faulty
link are blocked, and the RPL owner port in sub-ring 2 is unblocked to send and
receive traffic. In this situation, traffic from PC1 still travels along the original
path. SwitchC and SwitchD inform the other nodes in the major ring of the
topology change so that traffic from PC2 is also not interrupted. Traffic between
PC2 and the upper-layer network travels along the path PC2 -> SwitchG ->
SwitchC -> SwitchB -> SwitchA -> SwitchE -> Router2. The process is as follows:
1. After SwitchD and SwitchG detect the link fault, they block their ports on the
faulty link and update Filtering Database (FDB) entries.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1108

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

2. SwitchG sends three consecutive RAPS (SF) messages to the other LSWs and
sends one RAPS (SF) message at an interval of 5s afterwards.
3. SwitchG then unblocks the RPL owner port and updates FDB entries.
4. After the interconnected node SwitchC receives an RAPS (SF) message, it
updates FDB entries. SwitchC and SwitchD then send RAPS Event messages
within the major ring to notify the topology change in sub-ring 2.
5. After receiving an RAPS Event message, the other LSWs in the major ring
update FDB entries.

Then traffic from PC2 is switched to a normal link.

Figure 19-12 ERPS multi-ring networking (unblocking the RPL owner port if a link
fails)

Network

Router1 Router2

SwitchA SwitchE

Major Ring SwitchD

SwitchB
L
RP

Sub-Ring2
Sub-Ring1 RP
L L
RP SwitchC

SwitchG

PC1 PC2

Blocked Interface
Data Flow

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1109

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

The Link Recovers

After the link fault is rectified, either of two situations may occur:
● If the ERPS ring uses revertive switching, the RPL owner port is blocked again,
and the link that has recovered is used to forward traffic.
● If the ERPS ring uses non-revertive switching, the RPL remains unblocked, and
the link that has recovered is still blocked.
The following example uses revertive switching to illustrate the process after the
link recovers.
1. After the link between SwitchD and SwitchG recovers, SwitchD and SwitchG
start the Guard timer to avoid receiving out-of-date RAPS PDUs. The two
devices do not receive any RAPS PDUs before the timer expires. Then SwitchD
and SwitchG send RAPS (NR) messages within sub-ring 2.
2. SwitchG on which the RPL owner port resides starts the WTR timer. After the
WTR timer expires, SwitchG blocks the RPL owner port and unblocks its port
on the link that has recovered and then sends RAPS (NR, RB) messages within
sub-ring 2.
3. After receiving an RAPS (NR, RB) message from SwitchG, SwitchD unblocks its
port on the recovered link, stops sending RAPS (NR) messages, and updates
FDB entries. SwitchC also updates FDB entries.
4. SwitchC and SwitchD (interconnected nodes) send RAPS Event messages
within the major ring to notify the link recovery of sub-ring 2.
5. After receiving an RAPS Event message, the other LSWs in the major ring
update FDB entries.
Then traffic changes to the normal state, as shown in Figure 19-11.

19.2.5 ERPS Multi-instance

On a common ERPS network, a physical ring can be configured with a single ERPS
ring, and only one blocked port can be specified in the ring. When the ERPS ring is
in normal state, the blocked port prohibits all service packets from passing
through. As a result, all service data is transmitted through one path over the
ERPS ring, and the other link on the blocked port becomes idle, wasting
bandwidth. As shown in Figure 19-13, when only ERPS Ring1 is configured,
Interface1 is blocked and data is forwarded through the path where Data Flow1
travels. The link SwitchC -> SwitchD -> SwitchE is idle.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1110

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Figure 19-13 Networking diagram of ERPS multi-instance

Network
Router1 Router2

SwitchE
SwitchA
ERPS Ring2

ERPS Ring1
SwitchD
SwitchB

Interface2 Interface1

SwitchC
Ring1 Blocked Port
CE1 Ring2 Blocked Port
Data Flow1
VLAN 100-200 Data Flow2
and VLAN 300-
400

To improve link use efficiency, only two logical rings can be configured in the
same physical ring in the ERPS multi-instance. A port may have different roles in
different ERPS rings and different ERPS rings use different control VLANs. A
physical ring can have two blocked ports accordingly. Each blocked port
independently monitors the physical ring status and is blocked or unblocked. An
ERPS ring must be configured with an ERP instance, and each ERP instance
specifies a range of VLANs. The topology calculated for a specific ERPS ring only
takes effect in the ERPS ring. Different VLANs can use separate paths,
implementing traffic load balancing and link backup.
As shown in Figure 19-13, you can configure ERPS Ring1 and ERPS Ring2 in the
physical ring consisting of SwitchA through SwitchE. Interface1 is the blocked port
in ERPS Ring1. The VLANs mapping to the ERP instance is VLANs 100 to 200.
Interface2 is the blocked port in ERPS Ring2. The VLANs mapping to the ERP
instance is VLANs 300 to 400. After the configuration is completed, data from
VLANs 100 to 200 is forwarded through Data Flow1, and data from VLANs 300 to
400 is forwarded through Data Flow2. In this manner, load balancing is
implemented and link use efficiency is improved.

19.3 Application Scenarios for ERPS

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1111

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Generally, redundant links are used on an Ethernet switching network to provide

link backup and enhance network reliability. The use of redundant links, however,
may produce loops, causing broadcast storms and rendering the MAC address
table unstable. As a result, communication quality deteriorates, and
communication services may even be interrupted.
To prevent loops caused by redundant links, enable ERPS on the nodes of the ring
network. ERPS is a Layer 2 loop-breaking protocol defined by the ITU-T, and
provides fast convergence of carrier-class reliability standards.

Figure 19-14 Layer 2 application of ERPS

Network

Router1 Router2

SwitchE
SwitchA

ERPS SwitchD
SwitchB

RPL

RPL Owner
SwitchC

User User
network1 network3

User
network2
Blocked Port
Data Flow1
Data Flow2
Data Flow3

As shown in Figure 19-14, SwitchA through SwitchE constitute a ring. The ring
runs ERPS to provide protection switching for Layer 2 redundant links and prevent
loops that cause broadcast storms and render the MAC address table unstable.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1112

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Generally, the RPL owner port is blocked and does not forward service packets,
preventing loops. If a fault occurs on the link between SwitchA and SwitchB, ERPS
will unblock the blocked RPL owner port and traffic from User network1 and User
network2 is forwarded through the path SwitchC ->SwitchD ->SwitchE.

19.4 Summary of ERPS Configuration Tasks

After a single ERPS ring or intersecting ERPS ring is configured, a specified port
can be blocked to remove loops. Table 19-5 describes the ERPS configuration
tasks.

Table 19-5 ERPS configuration tasks

Scenario Description Task

Configure ERPS single- You can configure ERPS 19.7 Configuring

ring networking single-ring networking ERPSv1
when there is only one
ring in the network
topology.

Configure ERPS You can configure ERPS 19.8 Configuring

intersecting-ring intersecting-ring ERPSv2
networking networking when there
are two or more rings in
the network topology
and many common
nodes between two
rings.

Configure association ERPS cannot 19.7.7 (Optional)

between ERPS and CFM automatically detect link Configuring Association
faults. When there are Between ERPS and
transmission devices in Ethernet CFM
an ERPS ring, ERPS
cannot detect whether
faults on transmission
devices cause slow
convergence and traffic
interruption. Association
between ERPS and CFM
solves this problem.

19.5 Licensing Requirements and Limitations for ERPS

Involved Network Elements

Other network elements are required to support ERPS functions.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1113

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Licensing Requirements
ERPS configuration commands are available only after the S1720GW, S1720GWR,
and S1720X have the license (WEB management to full management Electronic
RTU License) loaded and activated and the switches are restarted. ERPS
configuration commands on other models are not under license control.
For details about how to apply for a license, see S Series Switch License Use
Guide.

Version Requirements

Table 19-6 Products and versions supporting ERPS

Product Product Software Version
Model

S1700 S1720GFR Not supported

S1720GW, V200R010C00, V200R011C00, V200R011C10

S1720GWR

S1720GW- V200R010C00, V200R011C00, V200R011C10

E,
S1720GWR
-E

S1720X, V200R011C00, V200R011C10

S1720X-E

Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.

S2700 S2700SI Not supported

S2700EI V100R005C01, V100R006(C00&C01&C03&C05)

S2710SI Not supported

S2720EI V200R006C10, V200R009C00, V200R010C00,

V200R011C10

S2750EI V200R003C00, V200R005C00SPC300, V200R006C00,

V200R007C00, V200R008C00, V200R009C00,
V200R010C00, V200R011C00, V200R011C10

S3700 S3700SI Not supported

S3700EI Not supported

S3700HI V200R001C00

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1114

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Product Product Software Version

Model

S5700 S5700LI V200R001C00, V200R002C00,

V200R003(C00&C02&C10), V200R005C00SPC300,
V200R006C00, V200R007C00, V200R008C00,
V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5700S-LI Not supported

S5710-C-LI V200R001C00

S5710-X-LI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S5700SI V200R001C00, V200R002C00, V200R003C00,

V200R005C00

S5700EI V200R001(C00&C01), V200R002C00, V200R003C00,

V200R005(C00&C01&C02&C03)

S5710EI V200R001C00, V200R002C00, V200R003C00,

V200R005(C00&C02)

S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10

S5700HI V200R001(C00&C01), V200R002C00, V200R003C00,

V200R005(C00&C01&C02)

S5710HI V200R003C00, V200R005(C00&C02&C03)

S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5720LI, V200R010C00, V200R011C00, V200R011C10

S5720S-LI

S5720SI, V200R008C00, V200R009C00, V200R010C00,

S5720S-SI V200R011C00, V200R011C10

S5730SI V200R011C10

S5730S-EI V200R011C10

S6700 S6700EI V200R001(C00&C01), V200R002C00, V200R003C00,

V200R005(C00&C01&C02)

S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, V200R011C00, V200R011C10

S6720S-LI

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1115

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Product Product Software Version

Model

S6720SI, V200R011C00, V200R011C10

S6720S-SI

NOTE
To know details about software mappings, see Hardware Query Tool.

Feature Limitations
● V200R002 and earlier versions support only ERPSv1.
● Before adding a port to an ERPS ring, ensure that port security has been
disabled on the port. Otherwise, loops cannot be eliminated.
● Before adding a port to an ERPS ring, ensure that the Spanning Tree Protocol
(STP), Rapid Ring Protection Protocol (RRPP), Smart Ethernet Protection
(SEP), or Smart Link is not enabled on the port.
● The service loopback function and ERPS cannot be configured on an Eth-Trunk
simultaneously.
● The S6700EI does not support association between an ERPS interface and
Ethernet CFM.

19.6 Default Settings for ERPS

Table 19-7 describes default ERPS settings.

Table 19-7 Default setting for ERPS

Parameter Default Setting

ERPS ring Not created

Guard timer 200 centiseconds

Wait to restore (WTR) timer 5 minutes

Holdoff timer 0 deciseconds

ERPS version ERPSv1

19.7 Configuring ERPSv1

19.7.1 Creating an ERPS Ring

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1116

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Context
ERPS works for ERPS rings. An ERPS ring consists of interconnected Layer 2
switching devices configured with the same control VLAN and data VLAN. Before
configuring other ERPS functions, you must configure an ERPS ring.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run erps ring ring-id

An ERPS ring is created and the ERPS ring view is displayed.

Step 3 (Optional) Run description

The description of the device is configured. The description can contain the ERPS
ring ID, which facilitate device maintenance in an ERPS ring.

By default, the description of an ERPS ring is the ERPS ring name, for example,
Ring 1.

----End

19.7.2 Configuring the Control VLAN

Context
In an ERPS ring, the control VLAN is used only to forward RAPS PDUs but not
service packets, so the security of ERPS is improved. All the devices in an ERPS ring
must be configured with the same control VLAN, and different ERPS rings must
use different control VLANs.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run erps ring ring-id

The ERPS ring view is displayed.

Step 3 Run control-vlan vlan-id

The control VLAN of the ERPS ring is configured.

● The control VLAN specified by vlan-id must be a VLAN that has not been
created or used.
● If you run the control-vlan command multiple times, only the latest
configuration takes effect.
● If the ERPS ring contains ports, the control VLAN cannot be changed. To
delete the configured control VLAN, run the undo erps ring command in the
interface view or the undo port command in the ERPS ring view to delete

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1117

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

ports from the ERPS ring, and run the undo control-vlan command to delete
the control VLAN.
● After a control VLAN is created, the vlan batch vlan-id1 [ to vlan-id2 ]
&<1-10> command used to create common VLANs is displayed in the
configuration file.
● After a port is added to an ERPS ring configured with a control VLAN, the port
is added to the control VLAN.
– If the port is a trunk port, the port trunk allow-pass vlan vlan-id
command is displayed in the record of the port that has been added to
the ERPS ring in the configuration file.
– If the port is a hybrid port, the port hybrid tagged vlan vlan-id
command is displayed in the record of the port that has been added to
the ERPS ring in the configuration file.

----End

19.7.3 Configuring an ERP Instance and Activating the

Mapping Between the ERP Instance and VLAN

Context
On a Layer 2 device running ERPS, the VLAN in which RAPS PDUs and data
packets are transmitted must be mapped to an ERP instance so that ERPS
forwards or blocks the packets based on configured rules. If the mapping is not
configured, the preceding packets may cause broadcast storms on the ring
network. As a result, the network becomes unavailable.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run erps ring ring-id
The ERPS ring view is displayed.
Step 3 Run protected-instance { all | { instance-id1 [ to instance-id2 ] &<1-10> } }
An ERP instance is created for the ERPS ring.
By default, no ERP instance is configured in an ERPS ring.

NOTE

● If the stp mode (system view) command is used to set the STP working mode to
VLAN-based Spanning Tree (VBST), the ERP instance specified by the protected-
instance command must be the created static instance.
● If you run the protected-instance command multiple times in the same ERPS ring,
multiple ERP instances are configured.
● If the ERPS ring contains ports, the ERP instance cannot be changed. To delete the
configured ERP instance, run the undo erps ring command in the interface view or the
undo port command in the ERPS ring view to delete ports from the ERPS ring, and run
the undo protected instance command to delete the ERP instance.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1118

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Step 4 Run quit

The system view is displayed.
Step 5 Configure the mapping between an ERP instance and VLAN.
1. Run stp region-configuration
The Multiple Spanning Tree (MST) region view is displayed.
2. Run instance instance-id vlan { vlan-id [ to vlan-id ] } &<1-10>
The mapping between the ERP instance and VLAN is configured.
By default, all VLANs in an MST region are mapped to instance 0.
instance-id in this command must be the same as instance-id used by the
protected-instance command.
NOTE

– A VLAN cannot be mapped to multiple MSTIs. If you map a VLAN that has already
been mapped to an MSTI to another MSTI, the original mapping will be deleted.
– The vlan-mapping modulo modulo command configures the mapping between
MSTIs and VLANs based on the default algorithm. However, the mapping
configured using this command cannot always meet the actual demand. Therefore,
running this command is not recommended.
– To configure the mapping between an ERP instance and a MUX VLAN, you are
advised to configure the principal VLAN, subordinate group VLANs, and
subordinate separate VLANs of the MUX VLAN in the same ERP instance.
Otherwise, loops may occur.
3. Run active region-configuration
The mapping between the ERP instance and the VLAN is activated.

----End

19.7.4 Adding a Layer 2 Port to an ERPS Ring and Configuring

the Port Role

Context
After ERPS is configured, add Layer 2 ports to an ERPS ring and configure port
roles so that ERPS can work properly.
You can add a Layer 2 port to an ERPS ring in either of the following ways:
● In the ERPS ring view, add a specified port to the ERPS ring and configure the
port role.
● In the interface view, add the current port to the ERPS ring and configure the
port role.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1119

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

NOTE

● A port can be added to at most two ERPS rings, but cannot be added to ERPS rings
configured with the same protected instance.
● An ERPS-enabled port needs to allow packets of control VLANs and data VLANs to pass
through, so the link type of the port must be configured as trunk or hybrid.
● Flush-FDB packets for updating MAC addresses cannot be separately sent, so do not
configure a direct link between two upstream nodes as the RPL.
● Before changing the port role, use the shutdown command to disable the port. When
the port role is changed, use the undo shutdown command to enable the port. This
prevents traffic interruptions.
● Before adding an interface to an ERPS ring, disable port security on the interface;
otherwise, loops cannot be prevented.

Prerequisites
● The port is not a Layer 3 port. If the port is a Layer 3 port, run the portswitch
command to switch the port to the Layer 2 mode.
● Spanning Tree Protocol (STP), Rapid Ring Protection Protocol (RRPP), Smart
Ethernet Protection (SEP), or Smart Link is not enabled on the port.
– If the port has STP enabled, run the stp disable command in the
interface view to disable STP.
– If the port has RRPP enabled, run the undo ring ring-id command in the
RRPP domain view to disable RRPP.
– If the port has SEP enabled, run the undo sep segment segment-id
command in the interface view to disable SEP.
– If the port has Smart Link enabled, run the undo port command in the
Smart Link group view to disable Smart Link.
● The control-vlan command has been executed to configure a control VLAN
and the protected-instance command has been executed to configure an
ERP instance.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Add a Layer 2 port to an ERPS ring and configure the port role in either of the
following ways.
● In the ERPS ring view, add a specified port to the ERPS ring and configure the
port role.
a. Run interface interface-type interface-number
The interface view is displayed.
b. Run stp disable
STP is disabled on the ERPS-enabled port.
c. Run port link-type trunk
The link type of the ERPS-enabled port is configured as trunk.
d. Run port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> |
all }

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1120

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

The VLANs allowed by the ERPS-enabled port are specified.

After the control-vlan command is used in the ERPS ring view to
configure a control VLAN and the port interface-type interface-number
[ rpl owner ] command is configured, the ports in the ERPS ring allow
packets of the control VLAN to pass through. Therefore, you need to
specify only the IDs of data VLANs in this step.
e. Run quit
Return to the system view.
f. Run erps ring ring-id
The ERPS ring view is displayed.
g. Run port interface-type interface-number [ rpl owner ]
The port is added to the ERPS ring and its role is configured. If rpl owner
is specified, the port is configured as an RPL owner port. If rpl owner is
not specified, the port is a common port.
● In the interface view, add the current port to the ERPS ring and configure the
port role.
a. Run interface interface-type interface-number
The specified interface view is displayed.
b. Run stp disable
STP is disabled on the ERPS-enabled port.
c. Run port link-type trunk
The link type of the ERPS-enabled port is configured as trunk.
d. Run port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> |
all }
The VLANs allowed by the ERPS-enabled port are specified.
After the control-vlan command is used in the ERPS ring view to
configure a control VLAN and the port interface-type interface-number
[ rpl owner ] command is configured, the ports in the ERPS ring allow
packets of the control VLAN to pass through. Therefore, you need to
specify only the IDs of data VLANs in this step.
e. Run erps ring ring-id [ rpl owner ]
The current port is added to the ERPS ring and its role is configured. If rpl
owner is specified, the port is configured as an RPL owner port. If rpl
owner is not specified, the port is a common port.

----End

19.7.5 (Optional) Configuring Timers in an ERPS Ring

Context
After a link or node failure in an ERPS ring recovers, the device starts timers in the
ERPS ring to reduce traffic interruptions. This prevents network flapping.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1121

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run erps ring ring-id
The ERPS ring view is displayed.
Step 3 Configure the WTR timer, Guard timer, and Holdoff timer in the ERPS ring
according to actual networking.
● Run wtr-timer time-value
The WTR timer is set.
By default, the WTR timer is 5 minutes in an ERPS ring.
● Run guard-timer time-value
The Guard timer is set.
By default, the Guard timer is 200 centiseconds in an ERPS ring.
● Run holdoff-timer time-value
The Holdoff timer is set.
By default, the Holdoff timer is 0 deciseconds in an ERPS ring.

----End

19.7.6 (Optional) Configuring the MEL Value

Context
On a Layer 2 network running ERPS, if another fault detection protocol (for
example, CFM) is enabled, the MEL field in RAPS PDUs determines whether the
RAPS PDUs can be forwarded. If the MEL value in an ERPS ring is smaller than the
MEL value of the fault detection protocol, the RAPS PDUs have a lower priority
and are discarded. If the MEL value in an ERPS ring is larger than the MEL value of
the fault detection protocol, the RAPS PDUs can be forwarded. In addition, the
MEL value can also be used for interworking with other vendors' devices in an
ERPS ring. The same MEL value ensures smooth communication between devices.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run erps ring ring-id
The ERPS ring view is displayed.
Step 3 Run raps-mel level-id
The MEL value in the ERPS ring is set.
By default, the MEL value in RAPS PDUs is 7.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1122

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

19.7.7 (Optional) Configuring Association Between ERPS and

Ethernet CFM
Context
Association between Ethernet Connectivity Fault Management (CFM) and
Ethernet Ring Protection Switching (ERPS) on a port added to an ERPS ring
accelerates fault detection, implements fast convergence, and shortens traffic
interruptions.
Before configuring association between ERPS and Ethernet CFM, configure basic
CFM functions on the port added to the ERPS ring. For details, see Configuring
Basic Ethernet CFM Functions in "CFM Configuration" in the S1720, S2700, S5700,
and S6720 V200R011C10 Configuration Guide - Reliability.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run erps ring ring-id track cfm md md-name ma ma-name mep mep-id
remote-mep rmep-id
ERPS is associated with Ethernet CFM to fast detect link failures.
The association between ERPS and CFM takes effect only when the interface has
ERPS associated with CFM and has an interface-based MEP created using the mep
mep-id command.

----End

Follow-up Procedure
After ERPS is associated with Ethernet CFM, ensure that the maintenance entity
group level (MEL) value of Ring Auto Protection Switching (RAPS) Protocol Data
Units (PDUs) in ERPS rings is larger than the MEL value in CFM protocol packets.
Otherwise, Ethernet CFM cannot allow RAPS PDUs to pass through. The MEL
value can be used for interworking with other vendors' devices in an ERPS ring.
The same MEL value ensures smooth communication between devices.
You can run the raps-mel level-id command in the ERPS ring view to set the MEL
value in RAPS PDUs.
By default, the MEL in RAPS PDUs is 7.

19.7.8 Verifying the ERPSv1 Configuration

Procedure
● Run the display erps [ ring ring-id ] [ verbose ] command to check the
device ports added to an ERPS ring and ERPS ring configurations.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1123

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

● Run the display erps interface interface-type interface-number [ ring ring-

id ] command to check physical configurations of the port added to an ERPS
ring.
----End

19.8 Configuring ERPSv2

19.8.1 Creating an ERPS Ring

Context
ERPS works for ERPS rings. An ERPS ring consists of interconnected Layer 2
switching devices configured with the same control VLAN and data VLAN. Before
configuring other ERPS functions, configure an ERPS ring.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run erps ring ring-id
An ERPS ring is created and the ERPS ring view is displayed.
By default, an ERPS ring configured using the erps ring ring-id command is a
major ring.
Step 3 Run version v2
ERPSv2 is specified.
By default, ERPSv1 is used.
Before specifying ERPSv1 for an ERPSv2-enabled device, delete all ERPS
configurations that ERPSv1 does not support.
Step 4 (Optional) Run sub-ring
The ERPS ring is configured as a sub-ring.
By default, an ERPS ring is a major ring. Major rings are closed, and sub-rings are
open. This step is performed only when an existing ERPS ring needs to be used as
a sub-ring.
An ERPS ring that has a port cannot be configured as a sub-ring. Before
configuring an ERPS ring that has a port as a sub-ring, run the undo erps ring
command in the interface view or the undo port command in the ERPS ring view
to delete the port from the ERPS ring. Then run the sub-ring command to
configure the ERPS ring as a sub-ring.
Step 5 (Optional) Run virtual-channel { enable | disable }
The RAPS PDU transmission mode is specified in the sub-ring.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1124

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

By default, sub-rings use non-virtual-channels (NVCs) to transmit RAPS PDUs. The

default transmission mode is recommended. When sub-ring links are
noncontiguous, VCs must be used. This step takes effect only in a sub-ring.

NOTE

If a virtual channel (VC) needs to be used, configure VCs on all nodes of a sub-ring and
intersecting point of the sub-ring and major ring.

Step 6 (Optional) Run description text

The description is configured for the ERPS ring.

By default, the description of an ERPS ring is the ERPS ring name, for example,
Ring 1.

----End

19.8.2 Configuring the Control VLAN

Context
In an ERPS ring, the control VLAN is used only to forward RAPS PDUs but not
service packets, so the security of ERPS is improved. All the devices in an ERPS ring
must be configured with the same control VLAN, and different ERPS rings must
use different control VLANs.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run erps ring ring-id

The ERPS ring view is displayed.

Step 3 Run control-vlan vlan-id

The control VLAN of the ERPS ring is configured.

● The control VLAN specified by vlan-id must be a VLAN that has not been
created or used.
● If you run the control-vlan command multiple times, only the latest
configuration takes effect.
● If the ERPS ring contains ports, the control VLAN cannot be changed. To
delete the configured control VLAN, run the undo erps ring command in the
interface view or the undo port command in the ERPS ring view to delete
ports from the ERPS ring, and run the undo control-vlan command to delete
the control VLAN.
● After a control VLAN is created, the vlan batch vlan-id1 [ to vlan-id2 ]
&<1-10> command used to create common VLANs is displayed in the
configuration file.
● After a port is added to an ERPS ring configured with a control VLAN, the port
is added to the control VLAN.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1125

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

– If the port is a trunk port, the port trunk allow-pass vlan vlan-id
command is displayed in the record of the port that has been added to
the ERPS ring in the configuration file.
– If the port is a hybrid port, the port hybrid tagged vlan vlan-id
command is displayed in the record of the port that has been added to
the ERPS ring in the configuration file.

----End

19.8.3 Configuring an ERP Instance and Activating the

Mapping Between the ERP Instance and VLAN

Context
On a Layer 2 device running ERPS, the VLAN in which RAPS PDUs and data
packets are transmitted must be mapped to an ERP instance so that ERPS
forwards or blocks the packets based on configured rules. If the mapping is not
configured, the preceding packets may cause broadcast storms on the ring
network. As a result, the network becomes unavailable.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run erps ring ring-id
The ERPS ring view is displayed.
Step 3 Run protected-instance { all | { instance-id1 [ to instance-id2 ] &<1-10> } }
An ERP instance is created for the ERPS ring.
By default, no ERP instance is configured in an ERPS ring.

NOTE

● If the stp mode (system view) command is used to set the STP working mode to
VLAN-based Spanning Tree (VBST), the ERP instance specified by the protected-
instance command must be the created static instance.
● If you run the protected-instance command multiple times in the same ERPS ring,
multiple ERP instances are configured.
● If the ERPS ring contains ports, the ERP instance cannot be changed. To delete the
configured ERP instance, run the undo erps ring command in the interface view or the
undo port command in the ERPS ring view to delete ports from the ERPS ring, and run
the undo protected instance command to delete the ERP instance.

Step 4 Run quit

The system view is displayed.
Step 5 Configure the mapping between an ERP instance and VLAN.
1. Run stp region-configuration
The Multiple Spanning Tree (MST) region view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1126

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

2. Run instance instance-id vlan { vlan-id [ to vlan-id ] } &<1-10>

The mapping between the ERP instance and VLAN is configured.
By default, all VLANs in an MST region are mapped to instance 0.
instance-id in this command must be the same as instance-id used by the
protected-instance command.
NOTE

– A VLAN cannot be mapped to multiple MSTIs. If you map a VLAN that has already
been mapped to an MSTI to another MSTI, the original mapping will be deleted.
– The vlan-mapping modulo modulo command configures the mapping between
MSTIs and VLANs based on the default algorithm. However, the mapping
configured using this command cannot always meet the actual demand. Therefore,
running this command is not recommended.
– To configure the mapping between an ERP instance and a MUX VLAN, you are
advised to configure the principal VLAN, subordinate group VLANs, and
subordinate separate VLANs of the MUX VLAN in the same ERP instance.
Otherwise, loops may occur.
3. Run active region-configuration
The mapping between the ERP instance and the VLAN is activated.

----End

19.8.4 Adding a Layer 2 Port to an ERPS Ring and Configuring

the Port Role

Context
After ERPS is configured, add Layer 2 ports to an ERPS ring and configure port
roles so that ERPS can work properly.

You can add a Layer 2 port to an ERPS ring in either of the following ways:
● In the ERPS ring view, add a specified port to the ERPS ring and configure the
port role.
● In the interface view, add the current port to the ERPS ring and configure the
port role.

NOTE

● A port can be added to a maximum of two ERPS rings.

● An ERPS-enabled port needs to allow packets of control VLANs and data VLANs to pass
through, so the link type of the port must be configured as trunk or hybrid.
● Flush-FDB packets for updating MAC addresses cannot be separately sent, so do not
configure a direct link between two upstream nodes as the RPL.
● Before changing the port role, use the shutdown command to disable the port. When
the port role is changed, use the undo shutdown command to enable the port. This
prevents traffic interruptions.
● Before adding an interface to an ERPS ring, disable port security on the interface;
otherwise, loops cannot be prevented.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1127

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Prerequisites
● The port is not a Layer 3 port. If the port is a Layer 3 port, run the portswitch
command to switch the port to the Layer 2 mode.
● Spanning Tree Protocol (STP), Rapid Ring Protection Protocol (RRPP), Smart
Ethernet Protection (SEP), or Smart Link is not enabled on the port.
– If the port has STP enabled, run the stp disable command in the
interface view to disable STP.
– If the port has RRPP enabled, run the undo ring ring-id command in the
RRPP domain view to disable RRPP.
– If the port has SEP enabled, run the undo sep segment segment-id
command in the interface view to disable SEP.
– If the port has Smart Link enabled, run the undo port command in the
Smart Link group view to disable Smart Link.
● The control-vlan command has been executed to configure a control VLAN
and the protected-instance command has been executed to configure an
ERP instance.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Add a Layer 2 port to an ERPS ring and configure the port role in either of the
following ways.
● In the ERPS ring view, add a specified port to the ERPS ring and configure the
port role.
a. Run interface interface-type interface-number
The interface view is displayed.
b. Run stp disable
STP is disabled on the ERPS-enabled port.
c. Run port link-type trunk
The link type of the ERPS-enabled port is configured as trunk.
d. Run port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> |
all }
The VLANs allowed by the ERPS-enabled port are specified.
After the control-vlan command is used in the ERPS ring view to
configure a control VLAN and the port interface-type interface-number
[ rpl { owner | neighbour } ] command is configured, the ports in the
ERPS ring allow packets of the control VLAN to pass through. Therefore,
you need to specify only the IDs of data VLANs in this step.
e. Run quit
The system view is displayed.
f. Run erps ring ring-id
The ERPS ring view is displayed.
g. Run port interface-type interface-number [ rpl { owner | neighbour } ]

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1128

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

The port is added to the ERPS ring and its role is configured.
● In the interface view, add the current port to the ERPS ring and configure the
port role.
a. Run interface interface-type interface-number
The specified interface view is displayed.
b. Run stp disable
STP is disabled on the ERPS-enabled port.
c. Run port link-type trunk
The link type of the ERPS-enabled port is configured as trunk.
d. Run port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> |
all }
The VLANs allowed by the ERPS-enabled port are specified.
After the control-vlan command is used in the ERPS ring view to
configure a control VLAN and the port interface-type interface-number
[ rpl { owner | neighbour } ] command is configured, the ports in the
ERPS ring allow packets of the control VLAN to pass through. Therefore,
you need to specify only the IDs of data VLANs in this step.
e. Run erps ring ring-id [ rpl { owner | neighbour } ]
The current port is added to the ERPS ring and its role is configured.

----End

19.8.5 Configuring the Topology Change Notification Function

Context
If an upper-layer Layer 2 network is not notified of the topology change in an
ERPS ring, the MAC address entries remain unchanged on the upper-layer network
and therefore user traffic is interrupted. To ensure nonstop traffic transmission,
configure the topology change notification function and specify the ERPS rings
that will be notified of the topology change.

In addition, if an ERPS ring frequently receives topology change notifications, its

nodes will have lower CPU processing capability and repeatedly update Flush-FDB
packets, consuming much bandwidth. To resolve this problem, set the topology
change protection interval at which topology change notifications are sent to
suppress topology change notification transmission, and set the maximum number
of topology change notifications that can be processed during the topology
change protection interval to prevent frequent MAC address and ARP entry
updates.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run erps ring ring-id

The ERPS ring view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1129

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Step 3 Run tc-notify erps ring { ring-id1 [ to ring-id2 ] } &<1-10>

The ERPS ring is configured to notify other ERPS rings of its topology change.
ring-id1 [ to ring-id2 ] specifies the start and end ring IDs of the ERPS rings that
will be notified of the topology change. Ensure that the ERPS rings specified by
ring-id1 and ring-id2 exist. If the specified rings do not exist, the topology change
notification function does not take effect.
After the ERPS rings receive the topology change notification from an ERPS ring,
they send Flush-FDB messages on their separate rings to instruct their nodes to
update MAC addresses so that user traffic is not interrupted.
Step 4 (Optional) Run tc-protection interval interval-value
The topology change protection interval at which topology change notification
messages are sent is set.
Step 5 (Optional) Run tc-protection threshold threshold-value
The number of times ERPS parses topology change notifications and updates
forwarding entries in the topology change protection interval is set.
The topology change protection interval is the one specified by the tc-protection
interval command.

----End

19.8.6 (Optional) Configuring ERPS Protection Switching

Context
To ensure that ERPS rings function normally when a node or link fails, configure
revertive/non-revertive switching, port blocking mode, and timers.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run erps ring ring-id
The ERPS ring view is displayed.
Step 3 Run revertive { enable | disable }
The protection switching mode is specified.
By default, ERPS rings use revertive switching.
Step 4 Run quit
Return to the system view.
Step 5 Run interface interface-type interface-number
The interface view is displayed.
Step 6 Run erps ring ring-id protect-switch { force | manual }

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1130

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

A port blocking mode is specified.

The ERPS ring specified by ring ring-id must be the one to which the port belongs.

To delete the specified port blocking mode, run the clear command in the ERPS
ring view.

Step 7 Run quit

Return to the system view.

----End

19.8.7 (Optional) Configuring Timers in an ERPS Ring

Context
After a link or node failure in an ERPS ring recovers, the device starts timers in the
ERPS ring to reduce traffic interruptions. This prevents network flapping.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run erps ring ring-id

The ERPS ring view is displayed.

Step 3 Configure the WTR timer, Guard timer, and Holdoff timer in the ERPS ring
according to actual networking.
● Run wtr-timer time-value
The WTR timer is set.
By default, the WTR timer is 5 minutes in an ERPS ring.
● Run guard-timer time-value
The Guard timer is set.
By default, the Guard timer is 200 centiseconds in an ERPS ring.
● Run holdoff-timer time-value
The Holdoff timer is set.
By default, the Holdoff timer is 0 deciseconds in an ERPS ring.

----End

19.8.8 (Optional) Configuring Association Between ERPS and

Ethernet CFM
Context
Association between Ethernet Connectivity Fault Management (CFM) and
Ethernet Ring Protection Switching (ERPS) on a port added to an ERPS ring

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1131

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

accelerates fault detection, implements fast convergence, and shortens traffic

interruptions.

Before configuring association between ERPS and Ethernet CFM, configure basic
CFM functions on the port added to the ERPS ring. For details, see Configuring
Basic Ethernet CFM Functions in "CFM Configuration" in the S1720, S2700, S5700,
and S6720 V200R011C10 Configuration Guide - Reliability.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The interface view is displayed.

Step 3 Run erps ring ring-id track cfm md md-name ma ma-name mep mep-id
remote-mep rmep-id

ERPS is associated with Ethernet CFM to fast detect link failures.

The association between ERPS and CFM takes effect only when the interface has
ERPS associated with CFM and has an interface-based MEP created using the mep
mep-id command.

----End

Follow-up Procedure
After ERPS is associated with Ethernet CFM, ensure that the maintenance entity
group level (MEL) value of Ring Auto Protection Switching (RAPS) Protocol Data
Units (PDUs) in ERPS rings is larger than the MEL value in CFM protocol packets.
Otherwise, Ethernet CFM cannot allow RAPS PDUs to pass through. The MEL
value can be used for interworking with other vendors' devices in an ERPS ring.
The same MEL value ensures smooth communication between devices.

You can run the raps-mel level-id command in the ERPS ring view to set the MEL
value in RAPS PDUs.

By default, the MEL in RAPS PDUs is 7.

19.8.9 Verifying the ERPSv2 Configuration

Procedure
● Run the display erps [ ring ring-id ] [ verbose ] command to check the
device ports added to an ERPS ring and ERPS ring configurations.
● Run the display erps interface interface-type interface-number [ ring ring-
id ] command to check physical configurations of the port added to an ERPS
ring.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1132

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

19.9 Configuring the ERPS over VPLS Function

Prerequisites
1. A routing protocol has been run on the PEs on the VPLS network to ensure
that they can communicate.
2. Basic MPLS capabilities have been configured on the VPLS network, and LDP
LSPs has been established.
3. VPLS connections have been established between each two PEs, and each
Ethernet sub-interface or VLANIF interface has been bound to a VSI.
4. Interfaces on CEs and PEs have been added to the ERPS ring.

Context
On the VPLS network shown in Figure 19-15, CEs are dual-homed to PEs.
However, PE3 receives two copies of CE1 traffic from both PE1 and PE2. To resolve
this problem, enable ERPS on CE1, CE2, PE1, and PE2 and configure CE2's
interface2 as an RPL owner port to block traffic from CE1. In this way, CE1's traffic
reaches PE3 over PE1 without traversing CE2, thereby preventing any duplicate
traffic or loops.

In Figure 19-15, the ERPS ring connects to a VPLS network through Ethernet sub-
interfaces or VLANIF interfaces. To ensure that the VPLS network can promptly
detect topology changes of the ERPS ring, enable topology change notification on
the main interface through which PE1 and PE2 access the ERPS ring.

Figure 19-15 Example for configuring ERPS over VPLS in scenarios where a CE is
dual-homed to PEs (through Ethernet sub-interfaces or VLANIF interfaces)
VPLS Network
CE1 PE1
interface1 interface1
interface2

interface2 interface1
ERPS PW
sub-ring PE3

PW interface2
interface2

interface1 interface1 interface2

CE2 PE2

RPL owner

Sub-interface
VLANIF interface

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1133

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

NOTE

Only the S5720EI, S5720HI, S6720EI, and S6720S-EI support this function.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run erps vpls-subinterface enable
Topology change notification is enabled on the interface.
By default, the interface does not instruct VSI-bound sub-interfaces or VLANIF
interfaces to update MAC address entries promptly after the ERPS ring topology
changes.
After topology change notification is enabled on the interface, when the
forwarding status of the interface changes to Discarding, its VSI-bound sub-
interfaces or member interfaces of the VLANIF interface will change to the
Discarding state to prevent loops on the VPLS network on which a CE is dual-
homed to PEs.

----End

Verifying the Configuration

Run the display this command in the interface view to verify that topology
change notification is enabled.

19.10 Clearing ERPS Statistics

Context
Before recollecting ERPS statistics, run the reset erps command to clear existing
ERPS statistics.

NOTICE

The cleared ERPS statistics cannot be restored. Exercise caution when you run this
command.

Procedure
Step 1 Run the reset erps [ ring ring-id ] statistics command to clear packet statistics in
an ERPS ring.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1134

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

19.11 Configuration Examples for ERPS

19.11.1 Example for Configuring ERPS Multi-instance

Networking Requirements
Generally, redundant links are used on an Ethernet switching network to provide
link backup and enhance network reliability. The use of redundant links, however,
may produce loops, causing broadcast storms and rendering the MAC address
table unstable. As a result, communication quality deteriorates, and
communication services may even be interrupted.
To prevent loops caused by redundant links, enable ERPS on the nodes of the ring
network. ERPS is a Layer 2 loop-breaking protocol defined by the ITU-T, and
provides fast convergence of carrier-class reliability standards.
Figure 19-16 shows a network on which a multi-instance ERPS ring is used.
SwitchA through SwitchD constitute a ring network at the aggregation layer to
implement service aggregation at Layer 2 and process Layer 3 services. ERPS is
used on the ring network to provide protection switching for Layer 2 redundant
links. ERPS ring 1 and ERPS ring 2 are configured on SwitchA through SwitchD. P1
on SwitchB is a blocked port in ERPS ring 1, and P2 on SwitchA is a blocked port in
ERPS ring 2, implementing load balancing and link backup.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1135

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Figure 19-16 ERPS multi-instance networking

Network

Router1 Router2

SwitchC GE0/0/1 SwitchD

GE0/0/2
GE0/0/1
GE0/0/2

ERPS

GE0/0/2
GE0/0/1
SwitchA P2 GE0/0/2
SwitchB
GE0/0/1 P1

VLAN: VLAN:
100~200 300~400

ERPS ring1
ERPS ring2
Blocked Port1
Blocked Port2
Data Flow1
Data Flow2

Configuration Roadmap
The configuration roadmap is as follows:

1. Configure the link type of all ports to be added to ERPS rings as trunk.
2. Create ERPS rings and configure control VLANs and Ethernet Ring Protection
(ERP) instances in the ERPS rings.
3. Add Layer 2 ports to ERPS rings and specify port roles.
4. Configure the Guard timers and WTR timers in the ERPS rings.
5. Configure Layer 2 forwarding on SwitchA through SwitchD.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1136

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Procedure
Step 1 Configure the link type of all ports to be added to an ERPS ring as trunk.
# Configure SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] quit

# Configure SwitchB.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type trunk
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type trunk
[SwitchB-GigabitEthernet0/0/2] quit

# Configure SwitchC.
<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] port link-type trunk
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] port link-type trunk
[SwitchC-GigabitEthernet0/0/2] quit

# Configure SwitchD.
<HUAWEI> system-view
[HUAWEI] sysname SwitchD
[SwitchD] interface gigabitethernet 0/0/1
[SwitchD-GigabitEthernet0/0/1] port link-type trunk
[SwitchD-GigabitEthernet0/0/1] quit
[SwitchD] interface gigabitethernet 0/0/2
[SwitchD-GigabitEthernet0/0/2] port link-type trunk
[SwitchD-GigabitEthernet0/0/2] quit

Step 2 Create ERPS ring 1 and ERPS ring 2 and configure ERP instances in the two rings.
Set the control VLAN ID of ERPS ring 1 to 10 and the control VLAN ID of ERPS ring
2 to 20. Enable ERPS ring 1 to transmit data packets from VLANs 100 to 200 and
enable ERPS ring 2 to transmit data packets from VLANs 300 to 400.
# Configure SwitchA.
[SwitchA] erps ring 1
[SwitchA-erps-ring1] control-vlan 10
[SwitchA-erps-ring1] protected-instance 1
[SwitchA-erps-ring1] quit
[SwitchA] stp region-configuration
[SwitchA-mst-region] instance 1 vlan 10 100 to 200
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
[SwitchA] erps ring 2
[SwitchA-erps-ring2] control-vlan 20
[SwitchA-erps-ring2] protected-instance 2
[SwitchA-erps-ring2] quit
[SwitchA] stp region-configuration

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1137

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

[SwitchA-mst-region] instance 2 vlan 20 300 to 400

[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit

# Configure SwitchB.
[SwitchB] erps ring 1
[SwitchB-erps-ring1] control-vlan 10
[SwitchB-erps-ring1] protected-instance 1
[SwitchB-erps-ring1] quit
[SwitchB] stp region-configuration
[SwitchB-mst-region] instance 1 vlan 10 100 to 200
[SwitchB-mst-region] active region-configuration
[SwitchB-mst-region] quit
[SwitchB] erps ring 2
[SwitchB-erps-ring2] control-vlan 20
[SwitchB-erps-ring2] protected-instance 2
[SwitchB-erps-ring2] quit
[SwitchB] stp region-configuration
[SwitchB-mst-region] instance 2 vlan 20 300 to 400
[SwitchB-mst-region] active region-configuration
[SwitchB-mst-region] quit

# Configure SwitchC.
[SwitchC] erps ring 1
[SwitchC-erps-ring1] control-vlan 10
[SwitchC-erps-ring1] protected-instance 1
[SwitchC-erps-ring1] quit
[SwitchC] stp region-configuration
[SwitchC-mst-region] instance 1 vlan 10 100 to 200
[SwitchC-mst-region] active region-configuration
[SwitchC-mst-region] quit
[SwitchC] erps ring 2
[SwitchC-erps-ring2] control-vlan 20
[SwitchC-erps-ring2] protected-instance 2
[SwitchC-erps-ring2] quit
[SwitchC] stp region-configuration
[SwitchC-mst-region] instance 2 vlan 20 300 to 400
[SwitchC-mst-region] active region-configuration
[SwitchC-mst-region] quit

# Configure SwitchD.
[SwitchD] erps ring 1
[SwitchD-erps-ring1] control-vlan 10
[SwitchD-erps-ring1] protected-instance 1
[SwitchD-erps-ring1] quit
[SwitchD] stp region-configuration
[SwitchD-mst-region] instance 1 vlan 10 100 to 200
[SwitchD-mst-region] active region-configuration
[SwitchD-mst-region] quit
[SwitchD] erps ring 2
[SwitchD-erps-ring2] control-vlan 20
[SwitchD-erps-ring2] protected-instance 2
[SwitchD-erps-ring2] quit
[SwitchD] stp region-configuration
[SwitchD-mst-region] instance 2 vlan 20 300 to 400
[SwitchD-mst-region] active region-configuration
[SwitchD-mst-region] quit

Step 3 Add Layer 2 ports to ERPS rings and specify port roles. Configure GE 0/0/1 on
SwitchA and GE 0/0/2 on SwitchB as their respective RPL owner ports.
# Configure SwitchA.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] stp disable
[SwitchA-GigabitEthernet0/0/1] erps ring 1
[SwitchA-GigabitEthernet0/0/1] erps ring 2 rpl owner

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1138

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] stp disable
[SwitchA-GigabitEthernet0/0/2] erps ring 1
[SwitchA-GigabitEthernet0/0/2] erps ring 2
[SwitchA-GigabitEthernet0/0/2] quit

# Configure SwitchB.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] stp disable
[SwitchB-GigabitEthernet0/0/1] erps ring 1
[SwitchB-GigabitEthernet0/0/1] erps ring 2
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] stp disable
[SwitchB-GigabitEthernet0/0/2] erps ring 1 rpl owner
[SwitchB-GigabitEthernet0/0/2] erps ring 2
[SwitchB-GigabitEthernet0/0/2] quit

# Configure SwitchC.
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] stp disable
[SwitchC-GigabitEthernet0/0/1] erps ring 1
[SwitchC-GigabitEthernet0/0/1] erps ring 2
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] stp disable
[SwitchC-GigabitEthernet0/0/2] erps ring 1
[SwitchC-GigabitEthernet0/0/2] erps ring 2
[SwitchC-GigabitEthernet0/0/2] quit

# Configure SwitchD.
[SwitchD] interface gigabitethernet 0/0/1
[SwitchD-GigabitEthernet0/0/1] stp disable
[SwitchD-GigabitEthernet0/0/1] erps ring 1
[SwitchD-GigabitEthernet0/0/1] erps ring 2
[SwitchD-GigabitEthernet0/0/1] quit
[SwitchD] interface gigabitethernet 0/0/2
[SwitchD-GigabitEthernet0/0/2] stp disable
[SwitchD-GigabitEthernet0/0/2] erps ring 1
[SwitchD-GigabitEthernet0/0/2] erps ring 2
[SwitchD-GigabitEthernet0/0/2] quit

Step 4 Configure the Guard timers and WTR timers in the ERPS rings.

# Configure SwitchA.
[SwitchA] erps ring 1
[SwitchA-erps-ring1] wtr-timer 6
[SwitchA-erps-ring1] guard-timer 100
[SwitchA-erps-ring1] quit
[SwitchA] erps ring 2
[SwitchA-erps-ring2] wtr-timer 6
[SwitchA-erps-ring2] guard-timer 100
[SwitchA-erps-ring2] quit

# Configure SwitchB.
[SwitchB] erps ring 1
[SwitchB-erps-ring1] wtr-timer 6
[SwitchB-erps-ring1] guard-timer 100
[SwitchB-erps-ring1] quit
[SwitchB] erps ring 2
[SwitchB-erps-ring2] wtr-timer 6
[SwitchB-erps-ring2] guard-timer 100
[SwitchB-erps-ring2] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1139

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

# Configure SwitchC.
[SwitchC] erps ring 1
[SwitchC-erps-ring1] wtr-timer 6
[SwitchC-erps-ring1] guard-timer 100
[SwitchC-erps-ring1] quit
[SwitchC] erps ring 2
[SwitchC-erps-ring2] wtr-timer 6
[SwitchC-erps-ring2] guard-timer 100
[SwitchC-erps-ring2] quit

# Configure SwitchD.
[SwitchD] erps ring 1
[SwitchD-erps-ring1] wtr-timer 6
[SwitchD-erps-ring1] guard-timer 100
[SwitchD-erps-ring1] quit
[SwitchD] erps ring 2
[SwitchD-erps-ring2] wtr-timer 6
[SwitchD-erps-ring2] guard-timer 100
[SwitchD-erps-ring2] quit

Step 5 Configure Layer 2 forwarding on SwitchA through SwitchD.

# Configure SwitchA.
[SwitchA] vlan batch 100 to 200 300 to 400
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 to 200 300 to 400
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 to 200 300 to 400
[SwitchA-GigabitEthernet0/0/2] quit

# Configure SwitchB.
[SwitchB] vlan batch 100 to 200 300 to 400
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 to 200 300 to 400
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 to 200 300 to 400
[SwitchB-GigabitEthernet0/0/2] quit

# Configure SwitchC.
[SwitchC] vlan batch 100 to 200 300 to 400
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[SwitchC-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 to 200 300 to 400
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1
[SwitchC-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 to 200 300 to 400
[SwitchC-GigabitEthernet0/0/2] quit

# Configure SwitchD.
[SwitchD] vlan batch 100 to 200 300 to 400
[SwitchD] interface gigabitethernet 0/0/1
[SwitchD-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[SwitchD-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 to 200 300 to 400
[SwitchD-GigabitEthernet0/0/1] quit
[SwitchD] interface gigabitethernet 0/0/2
[SwitchD-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1140

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

[SwitchD-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 to 200 300 to 400

[SwitchD-GigabitEthernet0/0/2] quit

Step 6 Verify the configuration.

# After the network becomes stable, run the display erps command to check brief
information about the ERPS ring and ports added to the ERPS ring. SwitchB is used
as an example.
[SwitchB] display erps
D : Discarding
F : Forwarding
R : RPL Owner
N : RPL Neighbour
FS : Forced Switch
MS : Manual Switch
Total number of rings configured = 2
Ring Control WTR Timer Guard Timer Port 1 Port 2
ID VLAN (min) (csec)
--------------------------------------------------------------------------------
1 10 6 100 (F)GE0/0/1 (D,R)GE0/0/2
2 20 6 100 (F)GE0/0/1 (F)GE0/0/2
--------------------------------------------------------------------------------

# Run the display erps verbose command to check detailed information about
the ERPS ring and ports added to the ERPS ring. SwitchB is used as an example.
[SwitchB] display erps verbose
Ring ID :1
Description : Ring 1
Control Vlan : 10
Protected Instance :1
Service Vlan : 100 to 200
WTR Timer Setting (min) :6 Running (s) :0
Guard Timer Setting (csec) : 100 Running (csec) :0
Holdoff Timer Setting (deciseconds) : 0 Running (deciseconds) : 0
WTB Timer Running (csec) :0
Ring State : Idle
RAPS_MEL :7
Revertive Mode : Revertive
R-APS Channel Mode :-
Version :1
Sub-ring : No
Forced Switch Port :-
Manual Switch Port :-
TC-Notify :-
Time since last topology change : 0 days 0h:35m:5s
--------------------------------------------------------------------------------
Port Port Role Port Status Signal Status
--------------------------------------------------------------------------------
GE0/0/1 Common Forwarding Non-failed
GE0/0/2 RPL Owner Discarding Non-failed

Ring ID :2
Description : Ring 2
Control Vlan : 20
Protected Instance :2
Service Vlan : 300 to 400
WTR Timer Setting (min) :6 Running (s) :0
Guard Timer Setting (csec) : 100 Running (csec) :0
Holdoff Timer Setting (deciseconds) : 0 Running (deciseconds) : 0
WTB Timer Running (csec) :0
Ring State : Idle
RAPS_MEL :7
Revertive Mode : Revertive
R-APS Channel Mode :-
Version :1
Sub-ring : No
Forced Switch Port :-

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1141

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Manual Switch Port :-

TC-Notify :-
Time since last topology change : 0 days 0h:35m:30s
--------------------------------------------------------------------------------
Port Port Role Port Status Signal Status
--------------------------------------------------------------------------------
GE0/0/1 Common Forwarding Non-failed
GE0/0/2 Common Forwarding Non-failed

----End

Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 10 20 100 to 200 300 to 400
#
stp region-configuration
instance 1 vlan 10 100 to 200
instance 2 vlan 20 300 to 400
active region-configuration
#
erps ring 1
control-vlan 10
protected-instance 1
wtr-timer 6
guard-timer 100
erps ring 2
control-vlan 20
protected-instance 2
wtr-timer 6
guard-timer 100
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20 100 to 200 300 to 400
stp disable
erps ring 1
erps ring 2 rpl owner
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20 100 to 200 300 to 400
stp disable
erps ring 1
erps ring 2
#
return

● SwitchB configuration file

#
sysname SwitchB
#
vlan batch 10 20 100 to 200 300 to 400
#
stp region-configuration
instance 1 vlan 10 100 to 200
instance 2 vlan 20 300 to 400
active region-configuration
#
erps ring 1
control-vlan 10
protected-instance 1
wtr-timer 6

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1142

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

guard-timer 100
erps ring 2
control-vlan 20
protected-instance 2
wtr-timer 6
guard-timer 100
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20 100 to 200 300 to 400
stp disable
erps ring 1
erps ring 2
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20 100 to 200 300 to 400
stp disable
erps ring 1 rpl owner
erps ring 2
#
return
● SwitchC configuration file
#
sysname SwitchC
#
vlan batch 10 20 100 to 200 300 to 400
#
stp region-configuration
instance 1 vlan 10 100 to 200
instance 2 vlan 20 300 to 400
active region-configuration
#
erps ring 1
control-vlan 10
protected-instance 1
wtr-timer 6
guard-timer 100
erps ring 2
control-vlan 20
protected-instance 2
wtr-timer 6
guard-timer 100
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20 100 to 200 300 to 400
stp disable
erps ring 1
erps ring 2
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20 100 to 200 300 to 400
stp disable
erps ring 1
erps ring 2
#
return
● SwitchD configuration file
#
sysname SwitchD
#
vlan batch 10 20 100 to 200 300 to 400

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1143

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

#
stp region-configuration
instance 1 vlan 10 100 to 200
instance 2 vlan 20 300 to 400
active region-configuration
#
erps ring 1
control-vlan 10
protected-instance 1
wtr-timer 6
guard-timer 100
erps ring 2
control-vlan 20
protected-instance 2
wtr-timer 6
guard-timer 100
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20 100 to 200 300 to 400
stp disable
erps ring 1
erps ring 2
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20 100 to 200 300 to 400
stp disable
erps ring 1
erps ring 2
#
return

19.11.2 Example for Configuring Intersecting ERPS Rings

Networking Requirements
Generally, redundant links are used on an Ethernet switching network to provide
link backup and enhance network reliability. The use of redundant links, however,
may produce loops, causing broadcast storms and rendering the MAC address
table unstable. As a result, communication quality deteriorates, and
communication services may even be interrupted.
To prevent loops caused by redundant links, enable ERPS on the nodes of the ring
network. ERPS is a Layer 2 loop-breaking protocol defined by the ITU-T, and
provides fast convergence of carrier-class reliability standards.
As shown in Figure 19-17, intersecting ERPS rings are used. SwitchA, SwitchB,
SwitchC, and SwitchD constitute the major ring, and SwitchA, LSW1, LSW2, LSW3,
and SwitchD constitute a sub-ring.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1144

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Figure 19-17 Networking of intersecting ERPS rings

Network

Router1 Router2

GE0/0/2

SwitchB GE0/0/2 SwitchC

GE0/0/1
GE0/0/1
major ring
ring 1

GE0/0/2 SwitchA SwitchD GE0/0/2

GE0/0/3
GE0/0/1 GE0/0/3 GE0/0/1

GE0/0/1 sub-ring GE0/0/2

ring 2 LSW3
LSW1
GE0/0/2 GE0/0/1

GE0/0/1 GE0/0/2
LSW2 RPL owner

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the link type of all ports to be added to ERPS rings as trunk.
2. Create ERPS rings and configure control VLANs and Ethernet Ring Protection
(ERP) instances in the ERPS rings.
3. Specify the ERPS version and configure a sub-ring.
4. Add Layer 2 ports to ERPS rings and specify port roles.
5. Configure the topology change notification and TC protection.
6. Configure the Guard timers and WTR timers in the ERPS rings.
7. Configure Layer 2 forwarding on SwitchA through SwitchD and LSW1 through
LSW3.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1145

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Procedure
Step 1 Configure the link type of all ports to be added to ERPS rings as trunk.
# Configure SwitchA. The configurations of SwitchB, SwitchC, SwitchD, LSW1,
LSW2, and LSW3 are similar to the configuration of SwitchA, and are not
mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] quit
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] port link-type trunk
[SwitchA-GigabitEthernet0/0/3] quit

Step 2 Create ERPS ring 1 and ERPS ring 2 and configure ERP instances in the two rings.
Set the control VLAN ID of ERPS ring 1 to 10 and the control VLAN ID of ERPS ring
2 to 20. Enable ERPS rings 1 and 2 to transmit data packets from VLANs 100 to
200.
# Configure SwitchA. The configurations of SwitchB, SwitchC, SwitchD, LSW1,
LSW2, and LSW3 are similar to the configuration of SwitchA, and are not
mentioned here.
[SwitchA] stp region-configuration
[SwitchA-mst-region] instance 1 vlan 10 20 100 to 200
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
[SwitchA] erps ring 1
[SwitchA-erps-ring1] control-vlan 10
[SwitchA-erps-ring1] protected-instance 1
[SwitchA-erps-ring1] quit
[SwitchA] erps ring 2
[SwitchA-erps-ring2] control-vlan 20
[SwitchA-erps-ring2] protected-instance 1
[SwitchA-erps-ring2] quit

Step 3 Specify ERPSv2 and configure ERPS ring 2 as a sub-ring.

# Configure SwitchA. The configurations of SwitchB, SwitchC, SwitchD, LSW1,
LSW2, and LSW3 are similar to the configurations of SwitchA, and are not
mentioned here.
[SwitchA] erps ring 1
[SwitchA-erps-ring1] version v2
[SwitchA-erps-ring1] quit
[SwitchA] erps ring 2
[SwitchA-erps-ring2] version v2
[SwitchA-erps-ring2] sub-ring
[SwitchA-erps-ring2] quit

Step 4 Add the ports to ERPS rings and specify port roles. Configure GE0/0/1 on SwitchB
and GE0/0/2 on LSW3 as their respective RPL owner ports.
# Configure SwitchA. The configurations of SwitchC, SwitchD, LSW1, and LSW2 are
similar to the configurations of SwitchA, and are not mentioned here.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] stp disable
[SwitchA-GigabitEthernet0/0/1] erps ring 2

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1146

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] stp disable
[SwitchA-GigabitEthernet0/0/2] erps ring 1
[SwitchA-GigabitEthernet0/0/2] quit
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] stp disable
[SwitchA-GigabitEthernet0/0/3] erps ring 1
[SwitchA-GigabitEthernet0/0/3] quit

# Configure SwitchB. The configurations of LSW3 are similar to the configurations

of SwitchB, and are not mentioned here.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] stp disable
[SwitchB-GigabitEthernet0/0/1] erps ring 1 rpl owner
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] stp disable
[SwitchB-GigabitEthernet0/0/2] erps ring 1
[SwitchB-GigabitEthernet0/0/2] quit

Step 5 Configure the topology change notification function and TC protection on SwitchA
and SwitchD (interconnecting nodes).
# Configure SwitchA.
[SwitchA] erps ring 1
[SwitchA-erps-ring1] tc-protection interval 200
[SwitchA-erps-ring1] tc-protection threshold 60
[SwitchA-erps-ring1] quit
[SwitchA] erps ring 2
[SwitchA-erps-ring2] tc-notify erps ring 1
[SwitchA-erps-ring2] quit

# Configure SwitchD.
[SwitchD] erps ring 1
[SwitchD-erps-ring1] tc-protection interval 200
[SwitchD-erps-ring1] tc-protection threshold 60
[SwitchD-erps-ring1] quit
[SwitchD] erps ring 2
[SwitchD-erps-ring2] tc-notify erps ring 1
[SwitchD-erps-ring2] quit

Step 6 Configure the Guard timers and WTR timers in the ERPS rings.
# Configure SwitchA. The configurations of SwitchB, SwitchC, SwitchD, LSW1,
LSW2, and LSW3 are similar to the configuration of SwitchA, and are not
mentioned here.
[SwitchA] erps ring 1
[SwitchA-erps-ring1] wtr-timer 6
[SwitchA-erps-ring1] guard-timer 100
[SwitchA-erps-ring1] quit
[SwitchA] erps ring 2
[SwitchA-erps-ring2] wtr-timer 6
[SwitchA-erps-ring2] guard-timer 100
[SwitchA-erps-ring2] quit

Step 7 Configure Layer 2 forwarding on SwitchA through SwitchD.

# Configure SwitchA. The configurations of SwitchB, SwitchC, SwitchD, LSW1,
LSW2, and LSW3 are similar to the configuration of SwitchA, and are not
mentioned here.
[SwitchA] vlan batch 100 to 200
[SwitchA] interface gigabitethernet 0/0/1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1147

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

[SwitchA-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1

[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 to 200
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 to 200
[SwitchA-GigabitEthernet0/0/2] quit
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 to 200
[SwitchA-GigabitEthernet0/0/3] quit

Step 8 Verify the configuration.

# After the network becomes stable, run the display erps command to check brief
information about the ERPS ring and ports added to the ERPS ring. SwitchB is used
as an example.
[SwitchB] display erps
D : Discarding
F : Forwarding
R : RPL Owner
N : RPL Neighbour
FS : Forced Switch
MS : Manual Switch
Total number of rings configured = 1
Ring Control WTR Timer Guard Timer Port 1 Port 2
ID VLAN (min) (csec)
--------------------------------------------------------------------------------
1 10 6 100 (D,R)GE0/0/1 (F)GE0/0/2
--------------------------------------------------------------------------------

# Run the display erps verbose command to check detailed information about
the ERPS ring and ports added to the ERPS ring.
[SwitchB] display erps verbose
Ring ID :1
Description : Ring 1
Control Vlan : 10
Protected Instance :1
Service Vlan : 100 to 200
WTR Timer Setting (min) :6 Running (s) :0
Guard Timer Setting (csec) : 100 Running (csec) :0
Holdoff Timer Setting (deciseconds) : 0 Running (deciseconds) : 0
WTB Timer Running (csec) :0
Ring State : Idle
RAPS_MEL :7
Revertive Mode : Revertive
R-APS Channel Mode :-
Version :2
Sub-ring : No
Forced Switch Port :-
Manual Switch Port :-
TC-Notify :-
Time since last topology change : 0 days 4h:12m:20s
--------------------------------------------------------------------------------
Port Port Role Port Status Signal Status
--------------------------------------------------------------------------------
GE0/0/1 RPL Owner Discarding Non-failed
GE0/0/2 Common Forwarding Non-failed

----End

Configuration Files
● SwitchA configuration file
#
sysname SwitchA

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1148

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

#
vlan batch 10 20 100 to 200
#
stp region-configuration
instance 1 vlan 10 20 100 to 200
active region-configuration
#
erps ring 1
control-vlan 10
protected-instance 1
wtr-timer 6
guard-timer 100
version v2
tc-protection interval 200
tc-protection threshold 60
erps ring 2
control-vlan 20
protected-instance 1
wtr-timer 6
guard-timer 100
version v2
sub-ring
tc-notify erps ring 1
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 100 to 200
stp disable
erps ring 2
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100 to 200
stp disable
erps ring 1
#
interface GigabitEthernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100 to 200
stp disable
erps ring 1
#
return
● SwitchB configuration file
#
sysname SwitchB
#
vlan batch 10 100 to 200
#
stp region-configuration
instance 1 vlan 10 100 to 200
active region-configuration
#
erps ring 1
control-vlan 10
protected-instance 1
wtr-timer 6
guard-timer 100
version v2
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100 to 200
stp disable
erps ring 1 rpl owner

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1149

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100 to 200
stp disable
erps ring 1
#
return
● SwitchC configuration file
#
sysname SwitchC
#
vlan batch 10 100 to 200
#
stp region-configuration
instance 1 vlan 10 100 to 200
active region-configuration
#
erps ring 1
control-vlan 10
protected-instance 1
wtr-timer 6
guard-timer 100
version v2
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100 to 200
stp disable
erps ring 1
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100 to 200
stp disable
erps ring 1
#
return
● SwitchD configuration file
#
sysname SwitchD
#
vlan batch 10 20 100 to 200
#
stp region-configuration
instance 1 vlan 10 20 100 to 200
active region-configuration
#
erps ring 1
control-vlan 10
protected-instance 1
wtr-timer 6
guard-timer 100
version v2
tc-protection interval 200
tc-protection threshold 60
erps ring 2
control-vlan 20
protected-instance 1
wtr-timer 6
guard-timer 100
version v2
sub-ring
tc-notify erps ring 1
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1150

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 100 to 200
stp disable
erps ring 2
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100 to 200
stp disable
erps ring 1
#
interface GigabitEthernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100 to 200
stp disable
erps ring 1
#
return
● LSW1 configuration file
#
sysname LSW1
#
vlan batch 20 100 to 200
#
stp region-configuration
instance 1 vlan 20 100 to 200
active region-configuration
#
erps ring 2
control-vlan 20
protected-instance 1
wtr-timer 6
guard-timer 100
version v2
sub-ring
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 100 to 200
stp disable
erps ring 2
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 100 to 200
stp disable
erps ring 2
#
return
● LSW2 configuration file
#
sysname LSW2
#
vlan batch 20 100 to 200
#
stp region-configuration
instance 1 vlan 20 100 to 200
active region-configuration
#
erps ring 2
control-vlan 20
protected-instance 1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1151

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

wtr-timer 6
guard-timer 100
version v2
sub-ring
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 100 to 200
stp disable
erps ring 2
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 100 to 200
stp disable
erps ring 2
#
return

● LSW3 configuration file

#
sysname LSW3
#
vlan batch 20 100 to 200
#
stp region-configuration
instance 1 vlan 20 100 to 200
active region-configuration
#
erps ring 2
control-vlan 20
protected-instance 1
wtr-timer 6
guard-timer 100
version v2
sub-ring
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 100 to 200
stp disable
erps ring 2
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 100 to 200
stp disable
erps ring 2 rpl owner
#
return

19.11.3 Example for Configuring ERPS over VPLS in Scenarios

Where a CE Is Dual-Homed to PEs (Through Ethernet Sub-
interfaces)

Networking Requirements
To configure ERPS over VPLS in scenarios where a CE is dual-homed to PEs, enable
ERPS on CE1, CE2, PE1, and PE2 and configure the ERPS sub-ring to access the
VPLS network in NVC mode. Using Ethernet sub-interfaces to access the VPLS

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1152

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

network must have the TC notification function enabled so that the VPLS network
can have ARP and MAC address entries updated promptly after receiving TC
packets. On the VPLS network shown in Figure 19-18, CEs are dual-homed to PEs
through Ethernet sub-interfaces. However, this networking will cause PE3 to
receive two copies of CE1 traffic from both PE1 and PE2. To resolve this problem,
enable ERPS on CE1, CE2, PE1, and PE2 and configure CE2's GE0/0/2 as an RPL
owner port to block traffic from CE1. In this way, CE1's traffic reaches PE3 over
PE1 without traversing CE2, thereby preventing any duplicate traffic or loops.

In Figure 19-18, the ERPS ring connects to a VPLS network through Ethernet sub-
interfaces.

Figure 19-18 Configuring ERPS over VPLS in scenarios where a CE is dual-homed

to PEs (through Ethernet sub-interfaces)
VPLS Network
CE1 PE1
GE0/0/1 GE0/0/1.1
GE0/0/2

GE0/0/2 GE0/0/1
ERPS PW PE3
sub-ring GE0/0/3.1
PW GE0/0/2
GE0/0/2

GE0/0/1 GE0/0/1.1 GE0/0/2

CE2 PE2

RPL owner

Sub-interface

NOTE

This section uses CE dual-homing scenarios as an example. The configurations of ERPS over
VPLS in CE single-homing scenarios are similar to those in CE dual-homing scenarios.

The IP addresses of the interfaces on PE1, PE2, and PE3 are listed in Table 19-8.

Table 19-8 Data planning

Device Name Interface Name Interface IP Address

PE1 GE0/0/1.1 --

GE0/0/2 10.1.1.1/24

Loopback1 1.1.1.1/32

PE2 GE0/0/1.1 --

GE0/0/2 10.2.1.1/24

Loopback1 2.2.2.2/32

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1153

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Device Name Interface Name Interface IP Address

PE3 GE0/0/1 10.1.1.2/24

GE0/0/2 10.2.1.2/24

GE0/0/3.1 --

Loopback1 3.3.3.3/32

Configuration Roadmap
The configuration roadmap is as follows:
1. Run an IGP protocol on the PEs to ensure that they can communicate on the
VPLS network.
2. Configure basic MPLS capabilities on the VPLS network, and establish LDP
LSPs.
3. Establish VPLS connections between every two PEs and bind each Ethernet
sub-interface to a VSI.
4. Configure ERPS, including:
– Enable ERPS on CE1, CE2, PE1, and PE2.
– Configure CE2's GE0/0/2 as an RPL owner port.

Data Preparation
To complete the configuration, you need the following data:
● Data needed for configuring OSPF: IP address of each interface, OSPF process
ID, and OSPF domain ID
● MPLS LSR ID (as the MPLS peer address)
● VSI name and VSI ID
● Names of the VSI-bound Ethernet sub-interfaces
● ERPS ring ID, control VLAN ID, and RPL owner port number

Procedure
Step 1 Assign an IP address to each interface and configure an IGP on the VPLS network
to allow PEs to communicate. This example uses OSPF as the IGP.
When configuring OSPF, advertise the 32-bit IP addresses of loopback interfaces,
which are used as LSR IDs, on the PEs.
For configuration details, see Configuration Files in this section.
Step 2 Configure basic MPLS capabilities on the MPLS backbone network, and set up LDP
LSPs among the PEs.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1154

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] mpls
[PE1-GigabitEthernet0/0/2] mpls ldp
[PE1-GigabitEthernet0/0/2] quit

# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface gigabitethernet 0/0/2
[PE2-GigabitEthernet0/0/2] mpls
[PE2-GigabitEthernet0/0/2] mpls ldp
[PE2-GigabitEthernet0/0/2] quit

# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3
[PE3] mpls
[PE3-mpls] quit
[PE3] mpls ldp
[PE3-mpls-ldp] quit
[PE3] interface gigabitethernet 0/0/1
[PE3-GigabitEthernet0/0/1] mpls
[PE3-GigabitEthernet0/0/1] mpls ldp
[PE3-GigabitEthernet0/0/1] quit
[PE3] interface gigabitethernet 0/0/2
[PE3-GigabitEthernet0/0/2] mpls
[PE3-GigabitEthernet0/0/2] mpls ldp
[PE3-GigabitEthernet0/0/2] quit

Step 3 Enable MPLS L2VPN on the PEs.

# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit

# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit

# Configure PE3.
[PE3] mpls l2vpn
[PE3-l2vpn] quit

Step 4 Configure a VPLS network.

# Configure PE1.
[PE1] vsi s1 static
[PE1-vsi-s1] pwsignal ldp
[PE1-vsi-s1-ldp] vsi-id 10
[PE1-vsi-s1-ldp] peer 3.3.3.3
[PE1-vsi-s1-ldp] quit
[PE1-vsi-s1] quit
[PE1] interface gigabitethernet 0/0/1.1
[PE1-GigabitEthernet0/0/1.1] shutdown
[PE1-GigabitEthernet0/0/1.1] dot1q termination vid 10
[PE1-GigabitEthernet0/0/1.1] l2 binding vsi s1
[PE1-GigabitEthernet0/0/1.1] undo shutdown
[PE1-GigabitEthernet0/0/1.1] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1155

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

# Configure PE2.
[PE2] vsi s1 static
[PE2-vsi-s1] pwsignal ldp
[PE2-vsi-s1-ldp] vsi-id 10
[PE2-vsi-s1-ldp] peer 3.3.3.3
[PE2-vsi-s1-ldp] quit
[PE2-vsi-s1] quit
[PE2] interface gigabitethernet 0/0/1.1
[PE2-GigabitEthernet0/0/1.1] shutdown
[PE2-GigabitEthernet0/0/1.1] dot1q termination vid 10
[PE2-GigabitEthernet0/0/1.1] l2 binding vsi s1
[PE2-GigabitEthernet0/0/1.1] undo shutdown
[PE2-GigabitEthernet0/0/1.1] quit

# Configure PE3.
[PE3] vsi s1 static
[PE3-vsi-s1] pwsignal ldp
[PE3-vsi-s1-ldp] vsi-id 10
[PE3-vsi-s1-ldp] peer 1.1.1.1
[PE3-vsi-s1-ldp] peer 2.2.2.2
[PE3-vsi-s1-ldp] quit
[PE3-vsi-s1] quit
[PE3] interface gigabitethernet 0/0/3.1
[PE3-GigabitEthernet0/0/3.1] shutdown
[PE3-GigabitEthernet0/0/3.1] dot1q termination vid 10
[PE3-GigabitEthernet0/0/3.1] l2 binding vsi s1
[PE3-GigabitEthernet0/0/3.1] undo shutdown
[PE3-GigabitEthernet0/0/3.1] quit

Step 5 Configure ERPS on PE1, PE2, CE1, and CE2.

# Configure PE1.
[PE1] erps ring 1
[PE1-erps-ring1] control-vlan 100
[PE1-erps-ring1] protected-instance 1
[PE1-erps-ring1] version v2
[PE1-erps-ring1] sub-ring
[PE1-erps-ring1] quit
[PE1] stp region-configuration
[PE1-mst-region] instance 1 vlan 10 100
[PE1-mst-region] active region-configuration
[PE1-mst-region] quit
[PE1] interface gigabitethernet 0/0/1
[PE1-GigabitEthernet0/0/1] port link-type trunk
[PE1-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[PE1-GigabitEthernet0/0/1] stp disable
[PE1-GigabitEthernet0/0/1] erps ring 1
[PE1-GigabitEthernet0/0/1] erps vpls-subinterface enable
[PE1-GigabitEthernet0/0/1] quit

# Configure PE2.
[PE2] erps ring 1
[PE2-erps-ring1] control-vlan 100
[PE2-erps-ring1] protected-instance 1
[PE2-erps-ring1] version v2
[PE2-erps-ring1] sub-ring
[PE2-erps-ring1] quit
[PE2] stp region-configuration
[PE2-mst-region] instance 1 vlan 10 100
[PE2-mst-region] active region-configuration
[PE2-mst-region] quit
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] port link-type trunk
[PE2-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[PE2-GigabitEthernet0/0/1] stp disable
[PE2-GigabitEthernet0/0/1] erps ring 1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1156

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

[PE2-GigabitEthernet0/0/1] erps vpls-subinterface enable

[PE2-GigabitEthernet0/0/1] quit

# Configure CE1.
<Switch> system-view
[Switch] sysname CE1
[CE1] erps ring 1
[CE1-erps-ring1] control-vlan 100
[CE1-erps-ring1] protected-instance 1
[CE1-erps-ring1] version v2
[CE1-erps-ring1] sub-ring
[CE1-erps-ring1] quit
[CE1] stp region-configuration
[CE1-mst-region] instance 1 vlan 10 100
[CE1-mst-region] active region-configuration
[CE1-mst-region] quit
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] stp disable
[CE1-GigabitEthernet0/0/1] erps ring 1
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface gigabitethernet 0/0/2
[CE1-GigabitEthernet0/0/2] port link-type trunk
[CE1-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1
[CE1-GigabitEthernet0/0/2] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/2] stp disable
[CE1-GigabitEthernet0/0/2] erps ring 1
[CE1-GigabitEthernet0/0/2] quit

# Configure CE2.
<Switch> system-view
[Switch] sysname CE2
[CE2] erps ring 1
[CE2-erps-ring1] control-vlan 100
[CE2-erps-ring1] protected-instance 1
[CE2-erps-ring1] version v2
[CE2-erps-ring1] sub-ring
[CE2-erps-ring1] quit
[CE2] stp region-configuration
[CE2-mst-region] instance 1 vlan 10 100
[CE2-mst-region] active region-configuration
[CE2-mst-region] quit
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port link-type trunk
[CE2-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[CE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE2-GigabitEthernet0/0/1] stp disable
[CE2-GigabitEthernet0/0/1] erps ring 1
[CE2-GigabitEthernet0/0/1] quit
[CE2] interface gigabitethernet 0/0/2
[CE2-GigabitEthernet0/0/2] port link-type trunk
[CE2-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1
[CE2-GigabitEthernet0/0/2] port trunk allow-pass vlan 10
[CE2-GigabitEthernet0/0/2] stp disable
[CE2-GigabitEthernet0/0/2] erps ring 1 rpl owner
[CE2-GigabitEthernet0/0/2] quit

Step 6 Verify the configuration.

After completing the configuration, run the display vsi name s1 verbose
command on PE3. The command output shows that PE3 has established PWs with
PE1 (1.1.1.1) and PE2 (2.2.2.2).
[PE3] display vsi name s1 verbose
***VSI Name : s1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1157

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Administrator VSI : no
Isolate Spoken : disable
VSI Index :2
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
P2P VSI : disable
Create Time : 0 days, 1 hours, 19 minutes, 38 seconds
VSI State : up

VSI ID : 10
*Peer Router ID : 1.1.1.1
Negotiation-vc-id : 10
primary or secondary : primary
ignore-standby-state : no
VC Label : 32891
Peer Type : dynamic
Session : up
Tunnel ID : 0x0000000001004c4b41
Broadcast Tunnel ID : --
Broad BackupTunnel ID : --
CKey :2
NKey : 1862271177
Stp Enable :0
PwIndex :1
Control Word : disable
BFD for PW : unavailable
*Peer Router ID : 2.2.2.2
Negotiation-vc-id : 10
primary or secondary : primary
ignore-standby-state : no
VC Label : 32892
Peer Type : dynamic
Session : up
Tunnel ID : 0x0000000001004c4b42
Broadcast Tunnel ID : --
Broad BackupTunnel ID : --
CKey :2
NKey : 1862271178
Stp Enable :0
PwIndex :2
Control Word : disable
BFD for PW : unavailable

**PW Information:

*Peer Ip Address : 1.1.1.1

PW State : up
Local VC Label : 32891
Remote VC Label : 32890
Remote Control Word : disable
PW Type : label
Local VCCV : alert lsp-ping bfd
Remote VCCV : alert lsp-ping bfd
Tunnel ID : 0x0000000001004c4b41
Broadcast Tunnel ID : --
Broad BackupTunnel ID : --
Ckey :2
Nkey : 1862271177
Main PW Token : 0x0
Slave PW Token : 0x0
Tnl Type : ldp

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1158

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

OutInterface : LDP LSP

Backup OutInterface : --
Stp Enable :0
PW Last Up Time : 2016/06/14 17:35:12
PW Total Up Time : 0 days, 1 hours, 19 minutes, 38 seconds
*Peer Ip Address : 2.2.2.2
PW State : up
Local VC Label : 32892
Remote VC Label : 32893
Remote Control Word : disable
PW Type : label
Local VCCV : alert lsp-ping bfd
Remote VCCV : alert lsp-ping bfd
Tunnel ID : 0x0000000001004c4b42
Broadcast Tunnel ID : --
Broad BackupTunnel ID : --
Ckey :2
Nkey : 1862271178
Main PW Token : 0x0
Slave PW Token : 0x0
Tnl Type : ldp
OutInterface : LDP LSP
Backup OutInterface : --
Stp Enable :0
PW Last Up Time : 2016/06/14 10:35:45
PW Total Up Time : 0 days, 1 hours, 19 minutes, 45 seconds

The command output also shows that the link between CE1 and CE2 is blocked.
[CE2] display erps
D : Discarding
F : Forwarding
R : RPL Owner
N : RPL Neighbour
FS : Forced Switch
MS : Manual Switch
Total number of rings configured = 1
Ring Control WTR Timer Guard Timer Port 1 Port 2
ID VLAN (min) (csec)
--------------------------------------------------------------------------------
1 100 5 200 (F)GE0/0/1 (D,R)GE0/0/2
--------------------------------------------------------------------------------

----End

Configuration Files
● PE1 configuration file
#
sysname PE1
#
vlan batch 100
#
stp region-configuration
instance 1 vlan 10 100
active region-configuration
#
erps ring 1
control-vlan 100
protected-instance 1
version v2
sub-ring
#
mpls lsr-id 1.1.1.1
#
mpls
#
mpls l2vpn

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1159

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

#
vsi s1 static
pwsignal ldp
vsi-id 10
peer 3.3.3.3
#
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100
stp disable
erps ring 1
erps vpls-subinterface enable
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 10
l2 binding vsi s1
#
interface GigabitEthernet0/0/2
undo portswitch
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
● PE2 configuration file
#
sysname PE2
#
vlan batch 100
#
stp region-configuration
instance 1 vlan 10 100
active region-configuration
#
erps ring 1
control-vlan 100
protected-instance 1
version v2
sub-ring
#
mpls lsr-id 2.2.2.2
#
mpls
#
mpls l2vpn
#
vsi s1 static
pwsignal ldp
vsi-id 10
peer 3.3.3.3
#
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100
stp disable

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1160

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

erps ring 1
erps vpls-subinterface enable
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 10
l2 binding vsi s1
#
interface GigabitEthernet0/0/2
undo portswitch
ip address 10.2.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.2.1.0 0.0.0.255
#
return

● PE3 configuration file

#
sysname PE3
#
mpls lsr-id 3.3.3.3
#
mpls
#
mpls l2vpn
#
vsi s1 static
pwsignal ldp
vsi-id 10
peer 1.1.1.1
peer 2.2.2.2
#
mpls ldp
#
interface GigabitEthernet0/0/1
undo portswitch
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
undo portswitch
ip address 10.2.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/3.1
dot1q termination vid 10
l2 binding vsi s1
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
#
return

● CE1 configuration file

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1161

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

#
sysname CE1
#
vlan batch 10 100
#
stp region-configuration
instance 1 vlan 10 100
active region-configuration
#
erps ring 1
control-vlan 100
protected-instance 1
version v2
sub-ring
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100
stp disable
erps ring 1
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100
stp disable
erps ring 1
#
return

● CE2 configuration file

#
sysname CE1
#
vlan batch 10 100
#
stp region-configuration
instance 1 vlan 10 100
active region-configuration
#
erps ring 1
control-vlan 100
protected-instance 1
version v2
sub-ring
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100
stp disable
erps ring 1
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100
stp disable
erps ring 1 rpl owner
#
return

19.11.4 Example for Configuring ERPS over VPLS in Scenarios

Where a CE Is Dual-Homed to PEs (Through VLANIF
Interfaces)

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1162

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Networking Requirements
To configure ERPS over VPLS in scenarios where a CE is dual-homed to PEs, enable
ERPS on CE1, CE2, PE1, and PE2 and configure the ERPS sub-ring to access the
VPLS network in NVC mode. Using VLANIF interfaces to access the VPLS network
must have the TC notification function enabled so that the VPLS network can have
ARP and MAC address entries updated promptly after receiving TC packets. On the
VPLS network shown in Figure 19-19, CEs are dual-homed to PEs. However, this
networking will cause PE3 to receive two copies of CE1 traffic from both PE1 and
PE2. To resolve this problem, enable ERPS on CE1, CE2, PE1, and PE2 and
configure CE2's GE0/0/2 as an RPL owner port to block traffic from CE1. In this
way, CE1's traffic reaches PE3 over PE1 without traversing CE2, thereby preventing
any duplicate traffic or loops.
In Figure 19-19, the ERPS ring connects to a VPLS ring through VLANIF interfaces.

Figure 19-19 Configuring ERPS over VPLS in scenarios where CE1 is dual-homed
to PE1 and PE2 through VLANIF interfaces
VPLS Network
CE1 PE1
GE0/0/1 VLANIF10
GE0/0/2

GE0/0/2 GE0/0/1
ERPS PW PE3
sub-ring VLANIF10
PW GE0/0/2
GE0/0/2

GE0/0/1 VLANIF10 GE0/0/2

CE2 PE2

RPL owner

Sub-interface

NOTE

This section uses CE dual-homing scenarios as an example. The configurations of ERPS over
VPLS in CE single-homing scenarios are similar to those in CE dual-homing scenarios.

The IP addresses of the interfaces on PE1, PE2, and PE3 are listed in Table 19-9.

Table 19-9 Data planning

Device Name Interface Name Interface IP Address

PE1 GE0/0/1 --

GE0/0/2 10.1.1.1/24

Loopback1 1.1.1.1/32

PE2 GE0/0/1 --

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1163

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Device Name Interface Name Interface IP Address

GE0/0/2 10.2.1.1/24

Loopback1 2.2.2.2/32

PE3 GE0/0/1 10.1.1.2/24

GE0/0/2 10.2.1.2/24

GE0/0/3 --

Loopback1 3.3.3.3/32

Configuration Roadmap
The configuration roadmap is as follows:
1. Run an IGP protocol on the PEs to ensure that they can communicate on the
VPLS network.
2. Configure basic MPLS capabilities on the VPLS network, and establish LDP
LSPs.
3. Establish VPLS connections between each two PEs and bind each VLANIF
interface to a VSI.
4. Configure ERPS, including:
– Enable ERPS on CE1, CE2, PE1, and PE2.
– Configure CE2's GE0/0/2 as an RPL owner port.

Data Preparation
To complete the configuration, you need the following data:
● Data needed for configuring OSPF: IP address of each interface, OSPF process
ID, and OSPF domain ID
● MPLS LSR ID (as the MPLS peer address)
● VSI name and VSI ID
● VSI-bound VLANIF interfaces
● ERPS ring ID, control VLAN ID, and RPL owner port number

Procedure
Step 1 Assign an IP address to each interface and configure an IGP on the VPLS network
to allow PEs to communicate. This example uses OSPF as the IGP.
When configuring OSPF, advertise the 32-bit IP addresses of loopback interfaces,
which are used as LSR IDs, on the PEs.
For configuration details, see Configuration Files in this section.
Step 2 Configure basic MPLS capabilities on the MPLS backbone network, and set up LDP
LSPs among the PEs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1164

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] mpls
[PE1-GigabitEthernet0/0/2] mpls ldp
[PE1-GigabitEthernet0/0/2] quit

# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface gigabitethernet 0/0/2
[PE2-GigabitEthernet0/0/2] mpls
[PE2-GigabitEthernet0/0/2] mpls ldp
[PE2-GigabitEthernet0/0/2] quit

# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3
[PE3] mpls
[PE3-mpls] quit
[PE3] mpls ldp
[PE3-mpls-ldp] quit
[PE3] interface gigabitethernet 0/0/1
[PE3-GigabitEthernet0/0/1] mpls
[PE3-GigabitEthernet0/0/1] mpls ldp
[PE3-GigabitEthernet0/0/1] quit
[PE3] interface gigabitethernet 0/0/2
[PE3-GigabitEthernet0/0/2] mpls
[PE3-GigabitEthernet0/0/2] mpls ldp
[PE3-GigabitEthernet0/0/2] quit

Step 3 Enable MPLS L2VPN on the PEs.

# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit

# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit

# Configure PE3.
[PE3] mpls l2vpn
[PE3-l2vpn] quit

Step 4 Configure a VPLS network.

# Configure PE1.
[PE1] vsi s1 static
[PE1-vsi-s1] pwsignal ldp
[PE1-vsi-s1-ldp] vsi-id 10
[PE1-vsi-s1-ldp] peer 3.3.3.3
[PE1-vsi-s1-ldp] quit
[PE1-vsi-s1] quit
[PE1] vlan 10
[PE1-vlan10] quit
[PE1] interface vlanif10

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1165

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

[PE1-Vlanif10] l2 binding vsi s1

[PE1-Vlanif10] quit

# Configure PE2.
[PE2] vsi s1 static
[PE2-vsi-s1] pwsignal ldp
[PE2-vsi-s1-ldp] vsi-id 10
[PE2-vsi-s1-ldp] peer 3.3.3.3
[PE2-vsi-s1-ldp] quit
[PE2-vsi-s1] quit
[PE2] vlan 10
[PE2-vlan10] quit
[PE2] interface vlanif10
[PE2-Vlanif10] l2 binding vsi s1
[PE2-Vlanif10] quit

# Configure PE3.
[PE3] vsi s1 static
[PE3-vsi-s1] pwsignal ldp
[PE3-vsi-s1-ldp] vsi-id 10
[PE3-vsi-s1-ldp] peer 1.1.1.1
[PE3-vsi-s1-ldp] peer 2.2.2.2
[PE3-vsi-s1-ldp] quit
[PE3-vsi-s1] quit
[PE3] vlan 10
[PE3-vlan10] quit
[PE3] interface gigabitethernet 0/0/3
[PE3-GigabitEthernet0/0/3] port link-type trunk
[PE3-GigabitEthernet0/0/3] port trunk allow-pass vlan 10
[PE3-GigabitEthernet0/0/3] quit
[PE3] interface vlanif10
[PE3-Vlanif10] l2 binding vsi s1
[PE3-Vlanif10] quit

Step 5 Configure ERPS on PE1, PE2, CE1, and CE2.

# Configure PE1.
[PE1] erps ring 1
[PE1-erps-ring1] control-vlan 100
[PE1-erps-ring1] protected-instance 1
[PE1-erps-ring1] version v2
[PE1-erps-ring1] sub-ring
[PE1-erps-ring1] quit
[PE1] stp region-configuration
[PE1-mst-region] instance 1 vlan 10 100
[PE1-mst-region] active region-configuration
[PE1-mst-region] quit
[PE1] interface gigabitethernet 0/0/1
[PE1-GigabitEthernet0/0/1] port link-type trunk
[PE1-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[PE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[PE1-GigabitEthernet0/0/1] stp disable
[PE1-GigabitEthernet0/0/1] erps ring 1
[PE1-GigabitEthernet0/0/1] erps vpls-subinterface enable
[PE1-GigabitEthernet0/0/1] quit

# Configure PE2.
[PE2] erps ring 1
[PE2-erps-ring1] control-vlan 100
[PE2-erps-ring1] protected-instance 1
[PE2-erps-ring1] version v2
[PE2-erps-ring1] sub-ring
[PE2-erps-ring1] quit
[PE2] stp region-configuration
[PE2-mst-region] instance 1 vlan 10 100
[PE2-mst-region] active region-configuration

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1166

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

[PE2-mst-region] quit
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] port link-type trunk
[PE2-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[PE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[PE2-GigabitEthernet0/0/1] stp disable
[PE2-GigabitEthernet0/0/1] erps ring 1
[PE1-GigabitEthernet0/0/1] erps vpls-subinterface enable
[PE2-GigabitEthernet0/0/1] quit

# Configure CE1.
<Switch> system-view
[Switch] sysname CE1
[CE1] erps ring 1
[CE1-erps-ring1] control-vlan 100
[CE1-erps-ring1] protected-instance 1
[CE1-erps-ring1] version v2
[CE1-erps-ring1] sub-ring
[CE1-erps-ring1] quit
[CE1] stp region-configuration
[CE1-mst-region] instance 1 vlan 10 100
[CE1-mst-region] active region-configuration
[CE1-mst-region] quit
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] stp disable
[CE1-GigabitEthernet0/0/1] erps ring 1
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface gigabitethernet 0/0/2
[CE1-GigabitEthernet0/0/2] port link-type trunk
[CE1-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1
[CE1-GigabitEthernet0/0/2] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/2] stp disable
[CE1-GigabitEthernet0/0/2] erps ring 1
[CE1-GigabitEthernet0/0/2] quit

# Configure CE2.
<Switch> system-view
[Switch] sysname CE2
[CE2] erps ring 1
[CE2-erps-ring1] control-vlan 100
[CE2-erps-ring1] protected-instance 1
[CE2-erps-ring1] version v2
[CE2-erps-ring1] sub-ring
[CE2-erps-ring1] quit
[CE2] stp region-configuration
[CE2-mst-region] instance 1 vlan 10 100
[CE2-mst-region] active region-configuration
[CE2-mst-region] quit
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port link-type trunk
[CE2-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[CE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE2-GigabitEthernet0/0/1] stp disable
[CE2-GigabitEthernet0/0/1] erps ring 1
[CE2-GigabitEthernet0/0/1] quit
[CE2] interface gigabitethernet 0/0/2
[CE2-GigabitEthernet0/0/2] port link-type trunk
[CE2-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1
[CE2-GigabitEthernet0/0/2] port trunk allow-pass vlan 10
[CE2-GigabitEthernet0/0/2] stp disable
[CE2-GigabitEthernet0/0/2] erps ring 1 rpl owner
[CE2-GigabitEthernet0/0/2] quit

Step 6 Verify the configuration.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1167

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

After completing the configuration, run the display vsi name s1 verbose
command on PE3. The command output shows that PE3 has established PWs with
PE1 (1.1.1.1) and PE2 (2.2.2.2).
[PE3] display vsi name s1 verbose
***VSI Name : s1
Administrator VSI : no
Isolate Spoken : disable
VSI Index :2
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
P2P VSI : disable
Create Time : 0 days, 1 hours, 19 minutes, 38 seconds
VSI State : up

VSI ID : 10
*Peer Router ID : 1.1.1.1
Negotiation-vc-id : 10
primary or secondary : primary
ignore-standby-state : no
VC Label : 32891
Peer Type : dynamic
Session : up
Tunnel ID : 0x0000000001004c4b41
Broadcast Tunnel ID : --
Broad BackupTunnel ID : --
CKey :2
NKey : 1862271177
Stp Enable :0
PwIndex :1
Control Word : disable
BFD for PW : unavailable
*Peer Router ID : 2.2.2.2
Negotiation-vc-id : 10
primary or secondary : primary
ignore-standby-state : no
VC Label : 32892
Peer Type : dynamic
Session : up
Tunnel ID : 0x0000000001004c4b42
Broadcast Tunnel ID : --
Broad BackupTunnel ID : --
CKey :2
NKey : 1862271178
Stp Enable :0
PwIndex :2
Control Word : disable
BFD for PW : unavailable

**PW Information:

*Peer Ip Address : 1.1.1.1

PW State : up
Local VC Label : 32891
Remote VC Label : 32890
Remote Control Word : disable
PW Type : label
Local VCCV : alert lsp-ping bfd
Remote VCCV : alert lsp-ping bfd
Tunnel ID : 0x0000000001004c4b41
Broadcast Tunnel ID : --

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1168

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

Broad BackupTunnel ID : --
Ckey :2
Nkey : 1862271177
Main PW Token : 0x0
Slave PW Token : 0x0
Tnl Type : ldp
OutInterface : LDP LSP
Backup OutInterface : --
Stp Enable :0
PW Last Up Time : 2016/06/14 17:35:12
PW Total Up Time : 0 days, 1 hours, 19 minutes, 38 seconds
*Peer Ip Address : 2.2.2.2
PW State : up
Local VC Label : 32892
Remote VC Label : 32893
Remote Control Word : disable
PW Type : label
Local VCCV : alert lsp-ping bfd
Remote VCCV : alert lsp-ping bfd
Tunnel ID : 0x0000000001004c4b42
Broadcast Tunnel ID : --
Broad BackupTunnel ID : --
Ckey :2
Nkey : 1862271178
Main PW Token : 0x0
Slave PW Token : 0x0
Tnl Type : ldp
OutInterface : LDP LSP
Backup OutInterface : --
Stp Enable :0
PW Last Up Time : 2016/06/14 10:35:45
PW Total Up Time : 0 days, 1 hours, 19 minutes, 45 seconds

The command output also shows that the link between CE1 and CE2 is blocked.
[CE2] display erps
D : Discarding
F : Forwarding
R : RPL Owner
N : RPL Neighbour
FS : Forced Switch
MS : Manual Switch
Total number of rings configured = 1
Ring Control WTR Timer Guard Timer Port 1 Port 2
ID VLAN (min) (csec)
--------------------------------------------------------------------------------
1 100 5 200 (F)GE0/0/1 (D,R)GE0/0/2
--------------------------------------------------------------------------------

----End

Configuration Files
● PE1 configuration file
#
sysname PE1
#
vlan batch 10 100
#
stp region-configuration
instance 1 vlan 10 100
active region-configuration
#
erps ring 1
control-vlan 100
protected-instance 1
version v2
sub-ring

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1169

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

#
mpls lsr-id 1.1.1.1
#
mpls
#
mpls l2vpn
#
vsi s1 static
pwsignal ldp
vsi-id 10
peer 3.3.3.3
#
mpls ldp
#
interface Vlanif10
l2 binding vsi s1
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100
stp disable
erps ring 1
erps vpls-subinterface enable
#
interface GigabitEthernet0/0/2
undo portswitch
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
● PE2 configuration file
#
sysname PE2
#
vlan batch 10 100
#
stp region-configuration
instance 1 vlan 10 100
active region-configuration
#
erps ring 1
control-vlan 100
protected-instance 1
version v2
sub-ring
#
mpls lsr-id 2.2.2.2
#
mpls
#
mpls l2vpn
#
vsi s1 static
pwsignal ldp
vsi-id 10
peer 3.3.3.3
#
mpls ldp
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1170

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

interface Vlanif10
l2 binding vsi s1
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100
stp disable
erps ring 1
erps vpls-subinterface enable
#
interface GigabitEthernet0/0/2
undo portswitch
ip address 10.2.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.2.1.0 0.0.0.255
#
return
● PE3 configuration file
#
sysname PE3
#
vlan batch 10
#
mpls lsr-id 3.3.3.3
#
mpls
#
mpls l2vpn
#
vsi s1 static
pwsignal ldp
vsi-id 10
peer 1.1.1.1
peer 2.2.2.2
#
mpls ldp
#
interface Vlanif10
l2 binding vsi s1
suppression enable percent
broadcast-suppression percent 1
multicast-suppression percent 1
unknown-unicast-suppression percent 1
#
interface GigabitEthernet0/0/1
undo portswitch
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
undo portswitch
ip address 10.2.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10
#

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1171

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
#
return
● CE1 configuration file
#
sysname CE1
#
vlan batch 10 100
#
stp region-configuration
instance 1 vlan 10 100
active region-configuration
#
erps ring 1
control-vlan 100
protected-instance 1
version v2
sub-ring
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100
stp disable
erps ring 1
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100
stp disable
erps ring 1
#
return
● CE2 configuration file
#
sysname CE1
#
vlan batch 10 100
#
stp region-configuration
instance 1 vlan 10 100
active region-configuration
#
erps ring 1
control-vlan 100
protected-instance 1
version v2
sub-ring
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100
stp disable
erps ring 1
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1172

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 19 ERPS (G.8032) Configuration

stp disable
erps ring 1 rpl owner
#
return

19.12 Troubleshooting ERPS

19.12.1 Traffic Forwarding Fails in an ERPS Ring

Fault Description
After ERPS is configured, user traffic cannot be properly forwarded due to
abnormal ERPS ring status.

Procedure
Step 1 Check the port roles in the ERPS ring and status of each device in the ring.
In an ERPS ring, there should be only one RPL owner port. Other ports are
common ports or RPL neighbor ports.
Run the display erps [ ring ring-id ] verbose command in any view to check
whether the value of Ring State is Idle. (Perform this operation on each device in
the ERPS ring.)
If the ERPS ring is incomplete or its status is abnormal, perform the following
operations:
1. Verify that all nodes in the ERPS ring are added to the ERPS ring.
2. Check whether the ERPS ring configuration including the ERPS version
number and major ring/sub-ring on devices in the ERPS ring are the same.
3. Verify that port roles, control VLANs, and protected instances are correctly
configured on all nodes in the ERPS ring.
4. Verify that ports can allow packets of the specified VLANs to pass.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1173

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

20 LBDT Configuration

About This Chapter

This chapter describes how to configure loopback detection (LBDT) function,

which allows the device to detect loopbacks on an interface, loops on the
downstream network or device and loops between two device interfaces. When
detecting a loop, the device notifies users in a timely manner and takes a
preconfigured action on the problematic interface to minimize the impact of the
loop on the device and network.

20.1 Overview of LBDT

20.2 Understanding LDT and LBDT
20.3 Application Scenarios for LDT and LBDT
20.4 Licensing Requirements and Limitations for LDT and LBDT
20.5 Default Settings for LDT and LBDT
20.6 Configuring Automatic LBDT
20.7 Configuring Manual LBDT
20.8 Configuration Examples for LBDT

20.1 Overview of LBDT

LBDT periodically sends detection packets through an interface to detect loops on
the interface, on the downstream network or device, or between two device
interfaces.
When a loop occurs on a network, broadcast, multicast, and unknown unicast
packets are circulated on the network. This wastes network resources and can
result in network breakdowns. Quickly detecting loops on a Layer 2 network is
crucial for users to minimize the impact of loops on a network. LDT and LBDT
help users check network connections and configurations, and control the looped
interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1174

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

LBDT periodically sends detection packets on an interface to check whether the

packets return to the local device (through the same interface or another
interface), and determines whether a loop occurs on the interface, on the
downstream network or device, or between two device interfaces. After a loop is
detected, the device sends a trap to the NMS and records a log, and takes a
preconfigured action on the looped interface (the interface is shut down by
default) to minimize impact of the loop on the device and entire network.

NOTE

LBDT can only detect loops on a single node, but cannot eliminate loops in the same
manner as ring network technologies including ERPS, RRPP, SEP, Smart Link, STP, RSTP,
MSTP, and VBST.

20.2 Understanding LDT and LBDT

LBDT periodically sends detection packets on an interface (see Detection Packet)
to check whether the packets return to the local device (through the same
interface or another interface), and determines whether a loop occurs on the
interface, on the downstream network or device, or between two device interfaces.
● If detection packets are received by the same interface, a loopback occurs on
the interface or a loop occurs on the downstream network or device
connected to the interface.
● If detection packets are received by another interface on the same device, a
loop occurs on the device or network connected to the interface.
Once a loop is detected, a Huawei switch sends a trap to the NMS and records a
log. It then takes a preconfigured action on the interface (see Action Taken After
a Loop Is Detected) to minimize the impact of the loop on the device and entire
network.
When the device does not receive detection packets from the interface within the
recovery time, the device considers that the loop is eliminated and restores the
interface (see Automatic Recovery of an Interface).

Detection Packet
LBDT periodically sends detection packets on an interface to check whether the
packets return to the local device to determine whether loops occur on the
interface, on the downstream network or device, or between two device interfaces.
The following conditions must be met:
● Detection packets sent from an interface are sent back to the local device
when a loop occurs on an interface, or network connected to the interface.
● The system identifies detection packets sent from the local device, and
detection packets that the interface sends.
Detection packets sent from a device carry the device's MAC address and
outbound interface number. The device can identify the packets sent by itself as
well as the source interface. The packets also carry the broadcast or multicast
destination MAC address to ensure that the packets can be sent back to the local
device when a loop occurs on the interface or network connected to the interface.
Figure 20-1 shows the format of LBDT packets.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1175

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

Figure 20-1 Format of LBDT packets

DMAC SMAC 802.1Q Tag LDT-Type PortInfo Flag

Table 20-1 describes the fields.

Table 20-1 Description of each field

Item Description

DMAC The destination MAC address of a tagged packet is all Fs; the
destination MAC address of an untagged packet is a BPDU MAC
address, broadcast MAC address (all Fs), or multicast MAC
address.
The broadcast destination MAC address, multicast destination
MAC address, or BPDU MAC address ensures that the detection
packet can be sent back to the local device when a loop occurs
on the interface or network connected to the interface.

SMAC Source MAC address. The value is the system MAC address of the
device, which identifies packets sent from the local device.

802.1Q Tag Tag Protocol Identifier (TPID). The value of the TPID is 0x8100,
representing the 802.1Q tagged frame.

LDT-Type Detection packet type, including the protocol number and

subprotocol number.
The protocol number and subprotocol number are 0x9998 and
0x0001 respectively, indicating LBDT packets.

PortInfo Information about the interface that sends detection packets,

which is used by the device to determine whether packets are
sent from the interface.

Flag Untagged detection packet flag:

● 0x0003: indicates untagged packets.
● 0x0004: indicates tagged packets.

LBDT sends both tagged and untagged detection packets, so it can detect loops
based on interfaces and VLANs.

Action Taken After a Loop Is Detected

When the system detects a loop on an interface, it can take a preconfigured
action on the interface. Table 20-2 describes these preconfigured actions.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1176

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

Table 20-2 Actions taken after a loop is detected

Action Description Usage Scenario

Trap The device only sends a trap to Select this action when only traps
the NMS and records a log. need to be reported without
affecting traffic forwarding on the
interface.
This action cannot suppress
broadcast storms.

Block The device sends a trap to the Select this action when the
NMS, blocks the interface, and interface needs to be disabled
allows only BPDUs to pass from forwarding data packets and
through. needs to forward BPDUs such as
Link Layer Discovery Protocol Data
Units (LLDPDUs).
This action can suppress broadcast
storms.

Shutdo The device sends a trap to the Select this action to prevent
wn NMS and shuts down the broadcast storms when the
interface. interface does not participate in
any calculation or forwarding.
This action can suppress broadcast
storms.

No The device sends a trap to the Select this action when the
learnin NMS and disables the interface interface needs to process data
g from learning new MAC packets and send them to the
addresses. correct link.
This action cannot suppress
broadcast storms.

Quitvl The device sends a trap to the Select this action when loops in a
an NMS and removes the interface VLAN need to be eliminated
from the VLAN where the loop without affecting traffic
occurs. forwarding in other VLANs.
This action can suppress broadcast
storms.

LBDT can only detect loops on a single node, but cannot eliminate loops on the
entire network. After a loop is detected, you are advised to eliminate the loop
immediately.

Automatic Recovery of an Interface

The automatic recovery mechanism of LBDT allows the looped interface to be
restored immediately after a loop is eliminated. After the configured recovery time
expires, the system attempts to restore the looped interface. If the device does not
receive detection packets from the looped interface within the next recovery time,
it considers that the loop is eliminated on the interface and restores the interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1177

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

NOTE

● The interface that is disabled by LBDT cannot be restored after the recovery time.
● After the LBDT action of an interface is changed, the interface is restored. Then the
changed LBDT action is taken when a loop is detected.
● When VLAN-based LBDT is configured on an interface:
● If detection of this VLAN is canceled, the interface is restored automatically.
● If GVRP is not enabled on the interface and the interface is removed from the
VLAN manually, the interface is restored automatically.
● If GVRP is enabled on the interface, the interface is manually removed from the
VLAN or dynamically removed from the VLAN through GVRP, and the action to be
taken is not shutdown, the interface can be restored automatically.
● If GVRP is enabled on the interface, the interface is manually removed from the
VLAN or dynamically removed from the VLAN through GVRP, and the action to be
taken is shutdown, the interface cannot be restored automatically. In the alarm
periodically reported by the device, information about the VLAN where loops are
detected is empty. You must run the shutdown and undo shutdown commands to
manually restore the interface or run the restart command to enable the interface
again.

20.3 Application Scenarios for LDT and LBDT

LBDT can be used to detect loopbacks on an interface, a loop on the
downstream network or device or a loop between two device interfaces.
Automatic loop detection is enabled in the VLAN specified by the PVID on an
interface by default.

Detecting Loopbacks on an Interface

Figure 20-2 shows a loopback on an interface of the Switch. During network
deployment, incorrect fiber connection or high voltage damage on the interface
causes loopbacks to occur between the Tx (transmit end) and Rx (receive end)
ends of an interface. Packets sent from one interface are forwarded back to the
same interface, resulting in possible traffic forwarding errors or MAC address
flapping on the interface.

Figure 20-2 Detecting loopbacks on an interface

Switch

Tx Rx

You can configure LBDT on the interface of the Switch to detect loopbacks. When
detecting a loopback on the interface, the Switch reports a trap and records a log,
and takes a preconfigured action (such as Shutdown, Block, No learning, or

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1178

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

Quitvlan) on the interface to reduce the impact of the loopback on the Switch.
When the Switch detects that the loopback is eliminated on the interface, the
interface can be restored. However, the interface shut down cannot be restored.

Detecting a Loop on the Downstream Network or Device

Figure 20-3 shows two network examples whereas a loop is detected on a
downstream network or device connected to the Switch. Packets sent from
Interface1 that pass through the downstream network or device are sent back to
Interface1.

Figure 20-3 Detecting a loop on the downstream network or device

Switch
Switch

Interface1
Interface1

a. Loop on the b. Loop on the

downstream network downstream device

You can configure LBDT on Interface1 of the Switch to detect whether a loop
occurs on the downstream network or device. When detecting a loop on the
downstream network or device, the Switch reports a trap and records a log, and
takes a preconfigured action (such as Shutdown, Block, No learning, or
Quitvlan) on the interface to reduce the impact of the loop on the Switch. When
the Switch detects that the loop is eliminated on the downstream network or
device, the interface can be restored. However, the interface shut down cannot be
restored.

Detecting a Loop Between Two Device Interfaces

As shown in Figure 20-4, a loop occurs on the network where the Switch resides.
Packets sent from Interface1 are forwarded by devices on other networks and
looped back to Interface2.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1179

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

Figure 20-4 Detecting a loop between two device interfaces

Switch

Interface1 Interface2 Switch

Interface1 Interface2

a. Loop on the local b. Loop between two

network device interfaces

You can configure LBDT on Interface1 and Interface2 of the Switch to detect
whether a loop occurs on the local network or between two device interfaces.
When detecting a loop, the Switch reports a trap and records a log, and takes
preconfigured actions (such as Shutdown, Block, No learning, or Quitvlan) on
Interface1 and Interface2 to reduce the impact of the loop on the Switch. When
the Switch detects that the loop is eliminated on the local network or between
two interfaces, Interface1 or Interface2 can be restored. However, the interface
shut down cannot be restored.

Automatically Detecting Loops in the VLAN Specified by the PVID on an

Interface
The switch joins VLAN 1 by default, and the PVID of all interfaces is VLAN 1.
When an interface changes from Down to Up, a loop may occur. You can
configure the switch to automatically detect loops in the VLAN specified by the
PVID on the interface. When a loop is detected, only an alarm is reported.

By default, the switch is configured to automatically detect loops in the VLAN

specified by the PVID on an interface. You can run the loopback-detect auto
disable command to disable automatic loop detection.

Automatically Detecting Loops in the VLAN Where MAC Address Flapping Is

Detected
The device is enabled with MAC address flapping detection by default. When the
device detects MAC address flapping in a VLAN, automatic LBDT is triggered to
detect loops in the VLAN. The device sends LBDT packets in the VLAN specified in
the MAC address flapping record to detect whether there are loops. If loops exist
in the VLAN where MAC address flapping occurs, a trap is only sent by default. For
a loop between two device interfaces, you can run the loopback-detect auto
action command to configure an action.

20.4 Licensing Requirements and Limitations for LDT

and LBDT

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1180

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

Involved Network Elements

Other network elements are not required.

Licensing Requirements
LBDT configuration commands are available only after the S1720GW, S1720GWR,
and S1720X have the license (WEB management to full management Electronic
RTU License) loaded and activated and the switches are restarted. LBDT
configuration commands on other models are not under license control.
For details about how to apply for a license, see S Series Switch License Use
Guide.

Version Requirements

Table 20-3 Products and versions supporting LBDT

Product Product Software Version
Model

S1700 S1720GFR V200R006C10, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S1720GW, V200R010C00, V200R011C00, V200R011C10

S1720GWR

S1720GW- V200R010C00, V200R011C00, V200R011C10

E,
S1720GWR
-E

S1720X, V200R011C00, V200R011C10

S1720X-E

Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.

S2700 S2700SI V100R005C01, V100R006(C00&C01&C03&C05)

S2700EI V100R005C01, V100R006(C00&C01&C03&C05)

S2710SI V100R006(C03&C05)

S2720EI V200R006C10, V200R009C00, V200R010C00,

V200R011C10

S2750EI V200R003C00, V200R005C00SPC300, V200R006C00,

V200R007C00, V200R008C00, V200R009C00,
V200R010C00, V200R011C00, V200R011C10

S3700 S3700SI V100R005C01, V100R006(C00&C01&C03&C05)

S3700EI V100R005C01, V100R006(C00&C01&C03&C05)

S3700HI V100R006C01, V200R001C00

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1181

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

Product Product Software Version

Model

S5700 S5700LI V200R001C00, V200R002C00,

V200R003(C00&C02&C10), V200R005C00SPC300,
V200R006C00, V200R007C00, V200R008C00,
V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5700S-LI V200R001C00, V200R002C00, V200R003C00,

V200R005C00SPC300, V200R006C00, V200R007C00,
V200R008C00, V200R009C00, V200R010C00,
V200R011C00, V200R011C10

S5710-C-LI V200R001C00

S5710-X-LI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S5700EI V100R005C01, V100R006(C00&C01),

V200R001(C00&C01), V200R002C00, V200R003C00,
V200R005(C00&C01&C02&C03)

S5700SI V100R005C01, V100R006C00, V200R001C00,

V200R002C00, V200R003C00, V200R005C00

S5710EI V200R001C00, V200R002C00, V200R003C00,

V200R005(C00&C02)

S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10

S5720LI, V200R010C00, V200R011C00, V200R011C10

S5720S-LI

S5720SI, V200R008C00, V200R009C00, V200R010C00,

S5720S-SI V200R011C00, V200R011C10

S5700HI V100R006C01, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00SPC500&C01&C02)

S5710HI V200R003C00, V200R005(C00&C02&C03)

S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5730SI V200R011C10

S5730S-EI V200R011C10

S6700 S6700EI V100R006C00, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00&C01&C02)

S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1182

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

Product Product Software Version

Model

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, V200R011C00, V200R011C10

S6720S-LI

S6720SI, V200R011C00, V200R011C10

S6720S-SI

NOTE
To know details about software mappings, see Hardware Query Tool.

Feature Limitations
● In V200R008C00 and earlier versions, LBDT does not take effect in dynamic
VLANs. In V200R008C00 and later versions, the LBDT-enabled switch can
detect loops in dynamic VLANs, but the Quitvlan action is invalid for dynamic
VLANs.
● LBDT requires that the device should send a large number of detection
packets to detect loops, occupying system resources. Therefore, disable LBDT
if loops do not need to be detected.
● LBDT cannot be configured on an Eth-Trunk or its member interfaces.
● The blocked ports of LBDT cannot block GVRP packets. To ensure that GVRP
runs normally and prevent GVRP loops, do not enable GVRP on the blocked
port of LBDT.
● The S2700SI and S2710SI support only detection of self-loops on an interface,
and do not support detection loops on the downstream device or between
interfaces.

20.5 Default Settings for LDT and LBDT

Table 20-4 Default setting for LBDT

Parameter Default Setting

Automatic LBDT Enable

Manual LBDT Disabled on an interface and in a

VLAN

Action after a loop is detected Shutdown

Interval for sending LBDT packets 5s

Interface recovery time 3 times the interval for sending

detection packets

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1183

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

20.6 Configuring Automatic LBDT

LBDT technology detects loops. To enable the switch to detect loops in the VLAN
specified by the PVID or in the VLAN where MAC address flapping is detected, you
can configure automatic LBDT. Then the switch can immediately detect loops on
the downstream network or between two interfaces and send traps to notify users
to minimize the impact of loops on the switch or the network.

20.6.1 Enabling Automatic LBDT

Context
The switch joins VLAN 1 by default, and the PVID of all interfaces is VLAN 1.
When an interface changes from Down to Up, a loop may occur. You can
configure automatic LBDT to detect loops in the VLAN specified by the PVID on an
interface. When the switch is enabled with MAC address flapping detection, if
MAC address flapping is detected in a VLAN, automatic LBDT is triggered to detect
loops in the VLAN.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run undo loopback-detect auto disable

Automatic LBDT is enabled on all interfaces.

By default, automatic LBDT is enabled on all interfaces. When a loop is detected in

the VLAN specified by the PVID on an interface, a trap is reported.

NOTE

● To disable automatic LBDT, run the loopback-detect auto disable command.

● When the loopback-detect enable command is used to configure manual LBDT,
automatic LBDT becomes invalid.
● When the loopback-detect enable command is used to configure manual LBDT,
automatic LBDT on the corresponding interface becomes invalid.

----End

Follow-up Procedure
To enable LBDT triggered by MAC address flapping, first configure MAC address
flapping detection. For details on how to configure MAC address flapping
detection, see 3.9 Configuring MAC Address Flapping Detection.

By default, global MAC address flapping detection is enabled. The switch detects
MAC address flapping in all VLANs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1184

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

When automatic LBDT is triggered to automatically detect loops in the VLAN

where MAC address flapping is detected, you can configure either of the following
actions on the interface:
● trap: The interface only sends a trap.
● quitvlan: The interface is removed from the VLAN where a loop occurs.
You can run the loopback-detect auto action { quitvlan | trap } command in the
system view to configure the action when automatic LBDT is triggered to
automatically detect loops in the VLAN where MAC address flapping is detected.
By default, the action is trap when automatic LBDT is triggered to detect loops in
the VLAN where MAC address flapping is detected.

NOTE

The quitvlan action that is configured using this command takes effect only in the scenario
where automatic LBDT is triggered to detect a loop between interfaces in the VLAN where
MAC address flapping is detected. The trap action is used in the scenario where automatic
LBDT is triggered to detect a loop on the downstream network or device in the VLAN
where MAC address flapping is detected.

20.6.2 (Optional) Setting the Interval for Sending LBDT

Packets

Context
An LBDT-enabled interface sends LBDT packets at intervals. A shorter interval
indicates that the system sends more LBDT packets in a given period and detects
loops more accurately. However, more system resources are consumed and system
performance is affected. You can adjust the interval for sending LBDT packets
according to actual networking to balance system performance and LBDT
accuracy.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run loopback-detect packet-interval packet-interval-time
The interval for sending LBDT packets is set.
By default, the interval for sending LBDT packets is 5s.

----End

20.6.3 (Optional) Setting the Recovery Time of an Interface

Context
An LBDT-enabled interface periodically sends LBDT packets to detect loops. After a
loop is detected, an action configured by the loopback-detect action command is

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1185

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

taken on the interface. In addition, the system counts the time. After the
configured recovery time expires, the system attempts to restore the problematic
interface. If the device does not receive detection packets from the problematic
interface within the next recovery time, it considers that the loop is eliminated on
the interface and restores the interface.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run loopback-detect recovery-time recovery-time
The interface recovery time after a loop is removed is set.
By default, the interface recovery time is three times the interval for sending LBDT
packets.

NOTE

It is recommended that the interface recovery time be three times the packet sending
interval at least. If the packet sending interval has been set to a small value, the interface
recovery time should be at least 10 seconds longer than the packet sending interval.

----End

20.6.4 Verifying the Automatic LBDT Configuration

Procedure
● Run the display loopback-detect command to check the LBDT configuration
and status of LBDT-enabled interfaces.
----End

20.7 Configuring Manual LBDT

20.7.1 Enabling Manual LBDT

Context

NOTICE

● LBDT needs to send a large number of LBDT packets to detect loops, occupying
system resources. Therefore, disable LBDT if loops do not need to be detected.
● The blocked ports of LBDT cannot block GVRP packets. To ensure that GVRP
runs normally and prevent GVRP loops, do not enable GVRP on the blocked
port of LBDT.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1186

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

An LBDT-enabled interface periodically sends untagged LBDT packets with the

destination MAC address as the BPDU MAC address to detect loops. Generally, the
switch does not allow BPDUs to pass through, so LBDT can only detect loopbacks
on an Interface, but cannot detect a loop on the downstream network or
device or between two device interfaces.
To enable LBDT to detect a loop on the downstream network or device,
configure LBDT in a specified VLAN. When the connected interface is an access
interface or the PVIDs of the inbound and outbound interfaces are the same, you
can also run the loopback-detect untagged mac-address command to detect
loops.
To enable LBDT to detect a loop between two device interfaces, configure LBDT
in a specified VLAN.
On the switch, you can enable LBDT on all interfaces in the system view or on an
interface.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run the following commands as required.
● Enable LBDT on all interfaces.
Run the loopback-detect enable command to enable LBDT on all interfaces.
When LBDT needs to be configured on most interfaces, perform this
operation. This operation simplifies the configuration.
● Enable LBDT on an interface.
a. Run the interface interface-type interface-number command to enter the
interface view.
b. Run the loopback-detect enable command to enable LBDT on the
interface.
By default, LBDT is disabled on an interface.
Step 3 Run the following commands as required.
If LBDT Detecting Loopbacks on an Interface is required, skip this step.
If Detecting a Loop on the Downstream Network or Device or Detecting a
Loop Between Two Device Interfaces is required, perform this step.
● Configuring LBDT in a specified VLAN
a. Run interface interface-type interface-number
The interface view is displayed.
b. Select either of the following configurations to add the VLAN where
loops need to be detected.

▪ Access interface
1) Run port link-type access
The link type of the interface is configured as access.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1187

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

2) Run port default vlan vlan-id

The access interface is added to the VLAN where loops need to
be detected.

▪ Hybrid interface
1) Run port link-type hybrid
The link type of the interface is configured as hybrid.
2) Run port hybrid tagged vlan { { vlan-id1 [ to vlan-
id2 ] }&<1-10> | all } or port hybrid untagged vlan { { vlan-id1
[ to vlan-id2 ] }&<1-10> | all }
The hybrid interface is added to the VLAN where loops need to
be detected.

▪ Trunk interface
1) Run port link-type trunk
The link type of the interface is configured as trunk.
2) Run port trunk allow-pass vlan { { vlan-id1 [ to vlan-
id2 ] }&<1-10> | all }
The trunk interface is added to the VLAN where loops need to
be detected.
c. Run loopback-detect packet vlan { vlan-id1 [ to vlan-id2 ] } &<1-8>
Configure LBDT in a specified VLAN.
By default, LBDT is disabled in a VLAN.

NOTE

– An interface sends tagged LBDT packets only when the specified VLAN has been
created.
– When the PVID of the interface in the loop is the detected VLAN ID or the
interface joins the detected VLAN in untagged mode, VLAN tags of LBDT packets
are removed. As a result, the packet priority changes and the system may fail to
detect loops.
● Configuring the destination MAC address of untagged LBDT packets
Run the loopback-detect untagged mac-address mac-address command to
set the destination MAC address of untagged LBDT packets.
By default, the destination MAC address of untagged LBDT packets is 0180-
C200-000A.
Do not configure the destination MAC address of untagged LBDT packets as
the destination MAC address of other protocols. You are advised to set the
destination MAC address of untagged LBDT packets to a broadcast MAC
address (all Fs).

----End

20.7.2 (Optional) Setting the Interval for Sending LBDT

Packets

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1188

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

Context
An LBDT-enabled interface sends LBDT packets at intervals. A shorter interval
indicates that the system sends more LBDT packets in a given period and detects
loops more accurately. However, more system resources are consumed and system
performance is affected. You can adjust the interval for sending LBDT packets
according to actual networking to balance system performance and LBDT
accuracy.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run loopback-detect packet-interval packet-interval-time

The interval for sending LBDT packets is set.

By default, the interval for sending LBDT packets is 5s.

----End

20.7.3 Configuring an Action Taken After a Loop Is Detected

Context
By default, when a loop on an interface or the network connected to the interface,
the device does not take any action on the interface. In this case, the interface
needs to be shut down to prevent the impact of the loopback on the device and
entire network.

You can preconfigure an action to be taken after LBDT detects a loop. After
detecting a loop, the device takes the preconfigured action on the interface to
prevent the impact of the loop on the device and entire network.

The device provides the following actions after LBDT detects a loop:
● Trap: The device reports a trap to the NMS and records a log, but does not
take any action on the interface.
● Block: The device isolates an interface where a loop occurs from other
interfaces, and can forward only BPDUs.
● No learning: The interface is disabled from learning MAC addresses.
● Shutdown: The device shuts down the interface.
● Quitvlan: The interface is removed from the VLAN where a loop occurs.

For details about the actions, see Action Taken After a Loop Is Detected. You can
configure one of the actions according to actual networking.

Procedure
Step 1 Run system-view

The system view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1189

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

Step 2 (Optional) Run snmp-agent trap enable

Or, run snmp-agent trap enable feature-name lbdt
The trap function is enabled for LBDT. This function allows the device to send
traps of LBDT.
By default, the trap function is enabled for LBDT.
Step 3 Run interface interface-type interface-number
The interface view is displayed.
Step 4 Run loopback-detect action { block | nolearn | shutdown | trap | quitvlan }
An action taken on an interface where LBDT detects a loop is configured.
By default, the shutdown action is taken on an interface where LBDT detects a
loop.

NOTE

● When the Quitvlan action is used, the configuration file remains unchanged.
● The LBDT action and MAC address flapping action affect each other, and cannot be
configured simultaneously.
● The Quitvlan action of LBDT conflicts with dynamic removal from VLANs (for example,
GVRP and HVRP), and cannot be configured simultaneously.

----End

20.7.4 (Optional) Setting the Recovery Time of an Interface

Context
An LBDT-enabled interface periodically sends LBDT packets to detect loops. After a
loop is detected, an action configured by the loopback-detect action command is
taken on the interface. In addition, the system counts the time. After the
configured recovery time expires, the system attempts to restore the problematic
interface. If the device does not receive detection packets from the problematic
interface within the next recovery time, it considers that the loop is eliminated on
the interface and restores the interface.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run loopback-detect recovery-time recovery-time
The interface recovery time after a loop is removed is set.
By default, the interface recovery time is three times the interval for sending LBDT
packets.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1190

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

NOTE

● It is recommended that the interface recovery time be three times the packet sending
interval at least. If the packet sending interval has been set to a small value, the
interface recovery time should be at least 10 seconds longer than the packet sending
interval.
● Automatic recovery is valid for Trap, Quitvlan, Block, and No learning. After a loop is
eliminated, the shutdown interface cannot be restored automatically. You must run the
shutdown and undo shutdown commands or run the restart command to restore the
interface.

----End

20.7.5 Verifying the Manual LBDT Configuration

Procedure
● Run the display loopback-detect command to check the LBDT configuration
and status of LBDT-enabled interfaces.

----End

20.8 Configuration Examples for LBDT

20.8.1 Example for Configuring LBDT to Detect Loopbacks on

an Interface

Networking Requirements
As shown in Figure 20-5, aggregation switch SwitchA on an enterprise network
connects to a new access switch SwitchB. To prevent a loopback from occurring
between the Tx and Rx ends of GE0/0/1 due to incorrect fiber connection or high
voltage damage, SwitchA is required to detect loopbacks on GE0/0/1. Furthermore,
it is required that the interface be blocked to reduce the impact of the loopback
on the network when a loopback is detected, and the interface be restored after
the loopback is removed.

Figure 20-5 Networking for configuring LBDT to detect loopbacks on an interface

SwitchA

GE0/0/1

Tx Rx

GE0/0/1

SwitchB

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1191

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

Configuration Roadmap
To detect loopbacks on downlink interface GE0/0/1 of SwitchA, configure LBDT on
GE0/0/1 of SwitchA. The configuration roadmap is as follows:
1. Enable LBDT on GE0/0/1 of SwitchA to detect loopbacks.
2. Configure an action taken after a loopback is detected and set the recovery
time. After a loopback is detected, the system blocks the interface to reduce
the impact of the loopback on the network. After a loop is eliminated, the
system restores the interface.

Procedure
Step 1 Enable LBDT on an interface.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] loopback-detect enable
[SwitchA-GigabitEthernet0/0/1] quit

Step 2 Configure an action taken after a loopback is detected and set the recovery time.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] loopback-detect action block
[SwitchA-GigabitEthernet0/0/1] loopback-detect recovery-time 30
[SwitchA-GigabitEthernet0/0/1] quit

Step 3 Verify the configuration.

1. Run the display loopback-detect command to check the LBDT configuration.
[SwitchA] display loopback-detect
Loopback-detect sending-packet interval: 5

(A): Auto Loopback-detect

-----------------------------------------------------------------
Interface RecoverTime Action Status
-----------------------------------------------------------------
GigabitEthernet0/0/1 30 block NORMAL
-----------------------------------------------------------------
The preceding command output shows that the LBDT configuration is
successful.
2. After about 5s, run the display loopback-detect command to check whether
GE0/0/1 is blocked.
[SwitchA] display loopback-detect
Loopback-detect sending-packet interval: 5

(A): Auto Loopback-detect

-----------------------------------------------------------------
Interface RecoverTime Action Status
-----------------------------------------------------------------
GigabitEthernet0/0/1 30 block BLOCK
-----------------------------------------------------------------
The preceding command output shows that GE0/0/1 is blocked, indicating
that a loopback occurs on GE0/0/1.
3. Manually remove the loopback. Run the display loopback-detect command
to check whether GE0/0/1 is restored.
[SwitchA] display loopback-detect
Loopback-detect sending-packet interval: 5

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1192

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

(A): Auto Loopback-detect

-----------------------------------------------------------------
Interface RecoverTime Action Status
-----------------------------------------------------------------
GigabitEthernet0/0/1 30 block NORMAL
-----------------------------------------------------------------

The preceding command output shows that GE0/0/1 is restored.

----End

Configuration Files
SwitchA configuration file
#
sysname SwitchA
#
interface GigabitEthernet0/0/1
loopback-detect recovery-time 30
loopback-detect enable
loopback-detect action block
#
return

20.8.2 Example for Configuring LBDT to Detect Loops on the

Downstream Network

Networking Requirements
As shown in Figure 20-6, a new department of an enterprise connects to
aggregation switch Switch, and this department belongs to VLAN 100. Loops may
occur due to incorrect connections or configurations. As a result, communication
on the Switch and uplink network may be affected.
It is required that the Switch should detect loops on the new network to prevent
the impact of loops on the Switch and connected network.

Figure 20-6 Networking for configuring LBDT to detect loops on the downstream
network
Switch

GE0/0/1

New department
VLAN 100

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1193

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

Configuration Roadmap
The new department network has only VLAN 100, so configure LBDT on the
Switch to detect loops. The configuration roadmap is as follows:

1. Enable LBDT on the GE0/0/1 of the Switch to detect loops in a specified VLAN
so that loops on the downstream network can be detected.
2. Set LBDT parameters so that the Switch can immediately shut down GE0/0/1
after a loop is detected. This prevents the impact of the loop on the Switch
and connected network.

NOTE

Configure interfaces on other switching interfaces as trunk or hybrid interfaces and

configure these interfaces to allow packets from VLANs to pass through to ensure Layer 2
connectivity on the new network and between the new network and the Switch.

Procedure
Step 1 Enable LBDT on the interface.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] loopback-detect enable
[Switch-GigabitEthernet0/0/1] quit

Step 2 Specify the VLAN ID of LBDT packets.

[Switch] vlan 100
[Switch-vlan100] quit
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid tagged vlan 100
[Switch-GigabitEthernet0/0/1] loopback-detect packet vlan 100
[Switch-GigabitEthernet0/0/1] quit

Step 3 Configure LBDT parameters.

# Set the interval for sending LBDT packets.

[Switch] loopback-detect packet-interval 10

# Configure an action taken after a loop is detected.

[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] loopback-detect action shutdown
[Switch-GigabitEthernet0/0/1] quit

Step 4 Verify the configuration.

1. Run the display loopback-detect command to check the LBDT configuration.
[Switch] display loopback-detect
Loopback-detect sending-packet interval: 10

(A): Auto Loopback-detect

-----------------------------------------------------------------
Interface RecoverTime Action Status
-----------------------------------------------------------------
GigabitEthernet0/0/1 30 shutdown NORMAL
-----------------------------------------------------------------

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1194

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

The preceding command output shows that the LBDT configuration is

successful.
2. Construct loops on the downstream network and run the display loopback-
detect command to check whether GE0/0/1 is shut down.
[Switch] display loopback-detect
Loopback-detect sending-packet interval: 10

(A): Auto Loopback-detect

-----------------------------------------------------------------
Interface RecoverTime Action Status
-----------------------------------------------------------------
GigabitEthernet0/0/1 30 shutdown SHUTDOWN
-----------------------------------------------------------------

The preceding command output shows that GE0/0/1 is shut down.

----End

Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 100
#
loopback-detect packet-interval 10
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 100
loopback-detect packet vlan 100
loopback-detect enable
#
return

20.8.3 Example for Configuring LBDT to Detect Loops on the

Local Network

Networking Requirements
As shown in Figure 20-7, a small-scale enterprise uses Layer 2 networking and
belongs to VLAN 100. Because employees often move, the network topology
changes frequently. Loops may occur due to incorrect connections or
configurations during the change. As a result, broadcast storms may occur and
affect communication of the Switch and entire network.
The requirements are as follows: The Switch detects loops. When a loop exists, the
interface is blocked to reduce the impact of the loop on the Switch and network.
When the loop is eliminated, the interface can be restored.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1195

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

Figure 20-7 Networking for configuring LBDT to detect loops on the local network

Switch

GE0/0/1 GE0/0/2

VLAN 100

Configuration Roadmap
To detect loops on the network where the Switch is deployed, configure LBDT on
GE0/0/1 and GE0/0/2 of the Switch. In this example, untagged LBDT packets sent
by the Switch will be discarded by other switches on the network. As a result, the
packets cannot be sent back to the Switch, and LBDT fails. Therefore, LBDT is
configured in a specified VLAN. The configuration roadmap is as follows:
1. Enable LBDT on an interface and configure the Switch to detect loops in
VLAN 100 to implement LBDT on the network where the Switch is deployed.
2. Configure an action taken after a loop is detected and set the recovery time.
After a loop is detected, the Switch blocks the interface to reduce the impact
of the loop on the network. After a loop is eliminated, the Switch restores the
interface.

NOTE

Configure interfaces on other switching interfaces as trunk or hybrid interfaces and

configure these interfaces to allow packets from VLANs to pass through to ensure Layer 2
connectivity.

Procedure
Step 1 Enable LBDT on an interface.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] loopback-detect enable
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] loopback-detect enable
[Switch-GigabitEthernet0/0/2] quit

Step 2 Specify the VLAN ID of LBDT packets.

[Switch] vlan 100
[Switch-vlan100] quit
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid tagged vlan 100
[Switch-GigabitEthernet0/0/1] loopback-detect packet vlan 100
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type hybrid

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1196

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

[Switch-GigabitEthernet0/0/2] port hybrid tagged vlan 100

[Switch-GigabitEthernet0/0/2] loopback-detect packet vlan 100
[Switch-GigabitEthernet0/0/2] quit

Step 3 Configure an action taken after a loop is detected and set the recovery time.
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] loopback-detect action block
[Switch-GigabitEthernet0/0/1] loopback-detect recovery-time 30
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] loopback-detect action block
[Switch-GigabitEthernet0/0/2] loopback-detect recovery-time 30
[Switch-GigabitEthernet0/0/2] quit

Step 4 Verify the configuration.

1. Run the display loopback-detect command to check the LBDT configuration.
[Switch] display loopback-detect
Loopback-detect sending-packet interval: 5

(A): Auto Loopback-detect

-----------------------------------------------------------------
Interface RecoverTime Action Status
-----------------------------------------------------------------
GigabitEthernet0/0/1 30 block NORMAL
GigabitEthernet0/0/2 30 block NORMAL
-----------------------------------------------------------------

The preceding command output shows that the LBDT configuration is

successful.
2. After about 5s, run the display loopback-detect command to check whether
GE0/0/1 or GE0/0/2 is blocked.
[Switch] display loopback-detect
Loopback-detect sending-packet interval: 5

(A): Auto Loopback-detect

-----------------------------------------------------------------
Interface RecoverTime Action Status
-----------------------------------------------------------------
GigabitEthernet0/0/1 30 block NORMAL
GigabitEthernet0/0/2 30 block BLOCK
-----------------------------------------------------------------

The preceding command output shows that GE0/0/2 is blocked.

3. Shut down GE0/0/1. After 30s, run the display loopback-detect command to
check whether GE0/0/2 is restored.
[Switch] display loopback-detect
Loopback-detect sending-packet interval: 5

(A): Auto Loopback-detect

-----------------------------------------------------------------
Interface RecoverTime Action Status
-----------------------------------------------------------------
GigabitEthernet0/0/1 30 block NORMAL
GigabitEthernet0/0/2 30 block NORMAL
-----------------------------------------------------------------

The preceding command output shows that GE0/0/2 is restored.

----End

Configuration Files
Switch configuration file

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1197

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 20 LBDT Configuration

#
sysname Switch
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 100
loopback-detect recovery-time 30
loopback-detect packet vlan 100
loopback-detect enable
loopback-detect action block
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 100
loopback-detect recovery-time 30
loopback-detect packet vlan 100
loopback-detect enable
loopback-detect action block
#
return

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1198

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

21 Layer 2 Protocol Transparent

Transmission Configuration

About This Chapter

This chapter describes how to configure Layer 2 protocol transparent transmission.

21.1 Overview of Layer 2 Protocol Transparent Transmission

21.2 Understanding Layer 2 Protocol Transparent Transmission
21.3 Application Scenarios for Layer 2 Protocol Transparent Transmission
21.4 Summary of Layer 2 Protocol Transparent Transmission Configuration Tasks
21.5 Licensing Requirements and Limitations for Layer 2 Protocol Transparent
Transmission
21.6 Configuring Interface-based Layer 2 Protocol Transparent Transmission
21.7 Configuring VLAN-based Layer 2 Protocol Transparent Transmission
21.8 Configuring QinQ-based Layer 2 Protocol Transparent Transmission
21.9 Configuring VPLS-based Layer 2 Protocol Transparent Transmission
21.10 Configuration Examples for Layer 2 Protocol Transparent Transmission
21.11 FAQ About Layer 2 Protocol Transparent Transmission

21.1 Overview of Layer 2 Protocol Transparent

Transmission

Definition
Layer 2 protocol transparent transmission is a Layer 2 tunneling technology that
transparently transmits BPDUs between private networks at different locations
over a specified tunnel on a public Internet Service Provider (ISP) network.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1199

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

Purpose
Leased lines of ISPs are often used to establish Layer 2 networks. As a result,
private user networks can be located at two sides of ISP networks. In Figure 21-1,
User A has two networks: network1 and network2. The two networks are
connected through the ISP network. When network1 and network2 run the same
Layer 2 protocol (such as MSTP), Layer 2 protocol packets from network1 and
network2 must be transmitted through the ISP network to perform Layer 2
protocol calculation (for example, calculating a spanning tree). Generally, the
destination MAC addresses in Layer 2 protocol packets of the same Layer 2
protocol are the same. For example, the MSTP PDUs are BPDUs with the
destination MAC address 0180-C200-0000. Therefore, when a Layer 2 protocol
packet reaches an edge device on the ISP network, the edge device cannot identify
whether the Layer 2 protocol packet comes from a user network or the ISP
network and sends the Layer 2 protocol packets to the CPU to calculate a
spanning tree.

In Figure 21-1, devices on user network1 build a spanning tree together with PE1
but not with devices on user network2. As a result, the Layer 2 protocol packets
on user network1 cannot traverse the ISP network to reach user network2.

Figure 21-1 Transparent transmission of Layer 2 protocol packets on the ISP

network

ISP
PE1 network PE2

CE1 CE2
User A
User A
network1
network2

You can use Layer 2 protocol transparent transmission to transparently transmit

Layer 2 protocol packets from the user networks for the ISP network. This
addresses the network identity issue. The procedure is as follows:
1. After receiving Layer 2 protocol packets sent from CE1, PE1 replaces the
destination MAC address with a specified multicast MAC address. Then PE1
forwards the packets on the ISP network.
2. Layer 2 protocol packets are forwarded to PE2. PE2 restores the original
destination MAC address of the packets and sends them to CE2.

Huawei device can transparently transmit packets of the following Layer 2

protocols:
● Spanning Tree Protocol (STP)
● Link Aggregation Control Protocol (LACP)
● Ethernet Operation, Administration, and Maintenance 802.3ah (EOAM3ah)
● Link Layer Discovery Protocol (LLDP)

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1200

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

● GARP VLAN Registration Protocol (GVRP)

● GARP Multicast Registration Protocol (GMRP)
● HUAWEI Group Management Protocol (HGMP)
● VLAN Trunking Protocol (VTP)
● Unidirectional Link Detection (UDLD)
● Port Aggregation Protocol (PAGP)
● Cisco Discovery Protocol (CDP)
● Per VLAN Spanning Tree Plus (PVST+)
● Shared Spanning Tree Protocol (SSTP)
● Dynamic Trunking Protocol (DTP)
● Device Link Detection Protocol (DLDP)
● Ethernet Synchronization Message Channel (ESMC)
● User-defined protocols

21.2 Understanding Layer 2 Protocol Transparent

Transmission
Layer 2 protocol packets are transparently transmitted based on the following
principles:
● The destination multicast MAC address of a Layer 2 protocol packet is
replaced with a specified multicast MAC address on the ingress Provider Edge
(PE) of the ISP network.
● The devices on the ISP network determine whether to process the protocol
packet based on the configured transparent transmission mode.
● When the Layer 2 protocol packet reaches the egress, the PE restores the
destination multicast MAC address of the Layer 2 protocol packet to the
standard destination multicast MAC address based on the mapping between
the specified destination multicast MAC address and the Layer 2 protocol
configured on the device. The egress PE also determines whether to process
the packet based on the configured transparent transmission mode.

To transparently transmit Layer 2 protocol packets on the ISP network, ensure that
the following requirements are met:

● All branches of a user network can receive Layer 2 protocol packets from
other branches.
● Layer 2 protocol packets of a user network cannot be processed by the CPU of
devices on the ISP network.
● Layer 2 protocol packets from different user networks must be isolated and
not affect each other.

Huawei switches support the following Layer 2 protocol transparent transmission

modes in different scenarios:

● Interface-based
● VLAN-based

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1201

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

● QinQ-based
● VPLS-based

Interface-based Layer 2 Protocol Transparent Transmission

Figure 21-2 Interface-based Layer 2 protocol transparent transmission

ISP Network
BPDU Tunnel
PE1 PE2

Port based Port based

VLAN 300 VLAN 300
LAN-A
LAN-A
MSTP
MSTP

In Figure 21-2, each PE interface connects to one user network. These user
networks do not belong to the same LAN. If BPDUs received from user networks
do not carry any VLAN tag, the PE must identify the LAN that the BPDUs come
from. BPDUs of a user network on LAN-A must be sent to other user networks on
LAN-A. In addition, BPDUs must not be processed by devices on the ISP network.

In this scenario, the following processing methods are available:

● Change the default multicast MAC address of the Layer 2 protocol packet that
can be identified by the devices on the ISP network to another multicast MAC
address. This method only applies to STP, RSTP, or MSTP, and the
configuration command is bpdu-tunnel stp bridge role provider.
a. Set roles of all ISP network devices to provider so that the multicast MAC
addresses of BPDUs sent by these devices are changed to 01-80-
C2-00-00-08.
b. Set roles of all user network devices to customer so that the multicast
MAC addresses of BPDUs sent by the user network are 01-80-
C2-00-00-00.
c. Add interfaces that connect to the same user network to the same VLAN
on ISP network devices. PEs add VLAN tags to received Layer 2 protocol
packets based on default VLAN IDs of the interfaces.
d. PEs (providers) do not consider the packets as Layer 2 BPDUs and do not
send them to the CPU. Instead, PEs select a Layer 2 tunnel to forward the
packets based on the default VLAN IDs of the interfaces.
e. Internal nodes on the ISP network forward the packets through the ISP
network as common Layer 2 packets.
f. PEs on the ISP network forward the packets to CEs without modifying the
packets.
● Replace the original multicast MAC address of the Layer 2 protocol packet
with a specified multicast MAC address.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1202

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

a. Add the interfaces that connect to the same user network to the same
VLAN on the switch of the ISP network. After receiving and identifying
the Layer 2 protocol packet (such as a BPDU of the STP protocol) from
the user network, the switch on the ISP network adds the default VLAN
ID of the interface to the Layer 2 protocol packet. This method applies to
all modes of Layer 2 protocol transparent transmission.
b. The ingress PE on the ISP network replaces the standard destination
multicast MAC address of the Layer 2 protocol packet with the specified
destination multicast MAC address based on the mapping between the
specified destination multicast MAC address and the Layer 2 protocol.
c. Internal nodes on the ISP network forward the packet as a common
Layer 2 packet through the ISP network.
d. The egress PE on the ISP network restores the original standard
destination MAC address of the packet based on the mapping between
the specified destination multicast MAC address and the Layer 2 protocol
and forwards the packet to the CE.

VLAN-based Layer 2 Protocol Transparent Transmission

Figure 21-3 VLAN-based Layer 2 protocol transparent transmission

LAN-B LAN-B
MSTP MSTP

CE-VLAN 100 CE-VLAN 100

PE 1 PE 2
ISP Network
BPDU Tunnel

CE-VLAN 200 CE-VLAN 200

Trunk Link Trunk Link
100-200 100-200

LAN-A LAN-A
MSTP MSTP

In most cases, a PE serves as an aggregation device. In Figure 21-3, the

aggregation interface on PE1 receives Layer 2 protocol packets from LAN-A and
LAN-B. To differentiate BPDUs from two LANs, BPDUs sent from CEs to PEs must
have VLAN tags. Packets sent from LAN-A contain VLAN ID 200 and packets sent
from LAN-B contain VLAN ID 100. BPDUs of a user network in LAN-A must be
forwarded to other user networks in LAN-A, but not to user networks in LAN-B. In
addition, BPDUs cannot be processed by PEs on the ISP network. In this case, you
can configure VLAN-based Layer 2 protocol transparent transmission on PEs, so
that Layer 2 protocol packets can traverse the ISP network through Layer 2
tunnels.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1203

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

Similar to interface-based Layer 2 protocol transparent transmission, you can use

either of the following methods to implement VLAN-based Layer 2 protocol
transparent transmission:
● Change the default multicast MAC address of the Layer 2 protocol packet that
can be identified by the devices on the ISP network to another multicast MAC
address. This method only applies to STP, RSTP, or MSTP, and the
configuration command is bpdu-tunnel stp bridge role provider.
a. Set roles of all ISP network devices to provider, so that the multicast MAC
addresses of the BPDUs sent by these devices are changed from 01-80-
C2-00-00-00 to 01-80-C2-00-00-08.
b. Set roles of all user network devices to customer, so that the multicast
MAC addresses of the BPDUs sent by the user network remain 01-80-
C2-00-00-00.
c. Set specified VLAN IDs for Layer 2 protocol packets sent from user
networks to the ISP network.
d. Enable the devices on the ISP network to identify Layer 2 protocol
packets with the specified VLAN IDs and allow these packets to pass.
e. PEs (providers) do not consider these packets Layer 2 protocol BPDUs
and do not send them to the CPU. Instead, PEs select a Layer 2 tunnel to
forward the packets based on the default VLAN IDs of interfaces.
f. Internal nodes on the ISP network forward the packets as common Layer
2 packets through the ISP network.
g. PEs on the ISP network forward the packets to CEs without modifying the
packets.
● Replace the original multicast MAC address of the Layer 2 protocol packet
with a specified multicast MAC address. This method applies to all modes of
Layer 2 protocol transparent transmission.
a. Set specified VLAN IDs for Layer 2 protocol packets that are sent from
user networks to the ISP network.
b. Enable the devices on the ISP network to identify Layer 2 protocol
packets with the specified VLAN IDs and allow these packets to pass.
c. The ingress PE on the ISP network replaces the standard destination
multicast MAC address of the Layer 2 protocol packet with the specified
destination multicast MAC address based on the mapping between the
specified destination multicast MAC address and the Layer 2 protocol.
d. Internal nodes on the ISP network forward the packets as common Layer
2 packets through the ISP network.
e. The egress PE on the ISP network restores the original standard
destination MAC address of the packet based on the mapping between
the specified destination multicast MAC address and the Layer 2 protocol
and forwards the packet to the CE.

QinQ-based Layer 2 Protocol Transparent Transmission

If Layer 2 protocol packets are still transmitted transparently in VLAN-based mode
when many user networks are connected to the ISP network, many VLAN IDs of
the ISP network are required. This may result in insufficient VLAN ID resources. To
conserve VLAN IDs, you can configure QinQ-based Layer 2 protocol transparent
transmission to forward Layer 2 protocol packets on the ISP network.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1204

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

The QinQ protocol is a Layer 2 tunneling protocol based on IEEE 802.1Q. QinQ
technology improves VLAN utilization by adding another 802.1Q tag to a packet,
allowing services on a private VLAN to be transparently transmitted to the public
network.

Figure 21-4 QinQ-based Layer 2 protocol transparent transmission

LAN-B LAN-B
MSTP MSTP

PE-VLAN20:CE-VLAN 100~199

ISP Network
PE1 PE2
CE-VLAN 100 BPDU Tunnel CE-VLAN 100
BPDU Tunnel
CE-VLAN 200 CE-VLAN 200

PE-VLAN30:CE-VLAN 200~299

LAN-A LAN-A
MSTP MSTP

In Figure 21-4, QinQ-based Layer 2 protocol transparent transmission is

configured on aggregation interfaces of PEs. Packets from different user networks
are encapsulated in different outer VLAN tags. QinQ-based Layer 2 protocol
transparent transmission is implemented as follows:
1. Set specified VLAN IDs for Layer 2 protocol packets sent from user networks
to the ISP network.
2. Enable Layer 2 protocol transparent transmission and QinQ on interfaces of
the ingress PE on the ISP network.
3. Configure PEs to add different outer VLAN tags (public VLAN IDs) to packets
based on customer VLAN IDs. and based on the mapping between the
specified destination multicast MAC address and the Layer 2 protocol, the
ingress PE on the ISP network replaces the standard destination multicast
MAC address of the Layer 2 protocol packet with the specified destination
multicast MAC address.
4. PEs select different Layer 2 tunnels based on outer VLAN tags of packets.
Internal nodes on the ISP network forward the packets as common Layer 2
packets through the ISP network.
5. Enable Layer 2 protocol transparent transmission and QinQ on interfaces of
the egress PE on the ISP network.
6. The egress PE removes outer VLAN tags from packets and forwards them to
user networks based on customer VLAN IDs. and restores the original
standard destination MAC address of the packet based on the mapping
between the specified destination multicast MAC address and the Layer 2
protocol.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1205

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

In Figure 21-4, PEs add outer VLAN ID 20 to Layer 2 protocol packets of VLAN
100 to VLAN 199, add outer VLAN ID 30 to Layer 2 protocol packets of VLAN 200
to VLAN 299, and forward the packets to other devices on the ISP network. In this
way, Layer 2 protocol packets of different user networks can be transparently
transmitted on the ISP network and carrier VLAN IDs are conserved.

VPLS-based Layer 2 Protocol Transparent Transmission

When access users use VPLS-based L2VPN on the carrier network for interworking,
you can configure VPLS-based Layer 2 protocol transparent transmission so that
Layer 2 protocol packets can be transparently transmitted on the backbone
network.

Figure 21-5 VPLS-based Layer 2 protocol transparent transmission

VPLS Network
BPDU Tunnel
PE1 PE2

LAN-A
LAN-A
MSTP
MSTP

In Figure 21-5, VPLS-based Layer 2 protocol transparent transmission is

configured on aggregation interfaces of PEs, and interfaces of PEs are bound to
VSIs.
1. Configure Layer 2 protocol transparent transmission on interfaces of PEs
connected to user network devices and configure PEs to replace the multicast
MAC address of Layer 2 protocol packets with the specified multicast MAC
address.
2. Bind user-side interfaces to the same L2VPN so that Layer 2 protocol packets
can be transparently transmitted on the backbone network through the
L2VPN tunnel.

21.3 Application Scenarios for Layer 2 Protocol

Transparent Transmission
As shown in Figure 21-6, CE1 and CE2 are edge devices on private networks of
User A in different locations. The two private networks connect to the ISP network
through PE1 and PE2. Networks of User A have redundant links, so MSTP is used
to remove loops on the Layer 2 network. When MSTP packets sent by CEs reach
PEs, PEs send the packets to the CPUs for processing because they cannot identify
the network that MSTP packets come from. Layer 2 protocol calculations on the
user network and ISP network affect each other and cannot be implemented
independently.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1206

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

You can configure Layer 2 protocol transparent transmission on PEs, so that MSTP
packets are not sent to the CPUs of PEs for processing. This prevents PEs from
participating in spanning tree calculation.

Figure 21-6 Interface-based transparent transmission of Layer 2 control protocol

packets on a Layer 2 network

ISP
PE1 network PE2

CE1 CE2
User A
User A
network1
network2

21.4 Summary of Layer 2 Protocol Transparent

Transmission Configuration Tasks
Table 21-1 lists the configuration task summary of Layer 2 protocol transparent
transmission.

Table 21-1 Layer 2 protocol transparent transmission configuration tasks

Item Description Task

Configuring interface- When each interface of a 21.6 Configuring

based Layer 2 protocol backbone device is Interface-based Layer 2
transparent transmission connected to only one Protocol Transparent
user network and Layer Transmission
2 protocol packets sent
from the user network
do not need VLAN tags,
configure interface-
based Layer 2 protocol
transparent transmission
on the interface
connected to the user
network. This
configuration allows
Layer 2 protocol packets
to be transparently
transmitted on the
backbone network.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1207

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

Item Description Task

Configuring VLAN-based When each interface of a 21.7 Configuring VLAN-

Layer 2 protocol backbone device is based Layer 2 Protocol
transparent transmission connected to multiple Transparent
user networks and Layer Transmission
2 protocol packets sent
from user networks
contain VLAN tags,
configure VLAN-based
Layer 2 protocol
transparent transmission.
This configuration allows
Layer 2 protocol packets
to be transparently
transmitted on the
backbone network.

Configuring basic QinQ- When each interface of a 21.8 Configuring QinQ-

based Layer 2 protocol backbone device is based Layer 2 Protocol
transparent transmission connected to multiple Transparent
user networks and Layer Transmission
2 protocol packets sent
from user networks
contain VLAN tags,
configure basic QinQ-
based Layer 2 protocol
transparent transmission.
This configuration allows
Layer 2 protocol packets
to be transparently
transmitted on the
backbone network and
reduces VLAN IDs that
the carrier uses.

Configuring VPLS-based When the backbone 21.9 Configuring VPLS-

Layer 2 protocol network is the L2VPN based Layer 2 Protocol
transparent transmission that is built based on Transparent
VPLS, you can configure Transmission
VPLS-based Layer 2
protocol transparent
transmission so that
Layer 2 protocol packets
can be transmitted on
the backbone network.

21.5 Licensing Requirements and Limitations for Layer

2 Protocol Transparent Transmission

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1208

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

Involved Network Elements

Other network elements are not required.

Licensing Requirements
Configuration commands of Layer 2 protocol transparent transmission are
available only after the S1720GW, S1720GWR, and S1720X have the license (WEB
management to full management Electronic RTU License) loaded and activated
and the switches are restarted. Configuration commands of Layer 2 protocol
transparent transmission on other models are not under license control.

For details about how to apply for a license, see S Series Switch License Use
Guide.

Version Requirements

Table 21-2 Products and versions supporting Layer 2 protocol transparent

transmission

Product Product Software Version

Model

S1700 S1720GFR V200R006C10, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S1720GW, V200R010C00, V200R011C00, V200R011C10

S1720GWR

S1720GW- V200R010C00, V200R011C00, V200R011C10

E,
S1720GWR
-E

S1720X, V200R011C00, V200R011C10

S1720X-E

Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.

S2700 S2700SI Not supported

S2700EI V100R005C01, V100R006(C00&C01&C03&C05)

S2710SI Not supported

S2720EI V200R006C10, V200R009C00, V200R010C00,

V200R011C10

S2750EI V200R003C00, V200R005C00SPC300, V200R006C00,

V200R007C00, V200R008C00, V200R009C00,
V200R010C00, V200R011C00, V200R011C10

S3700 S3700SI V100R005C01, V100R006(C00&C01&C03&C05)

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1209

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

Product Product Software Version

Model

S3700EI V100R005C01, V100R006(C00&C01&C03&C05)

S3700HI V100R006C01, V200R001C00

S5700 S5700LI V200R001C00, V200R002C00,

V200R003(C00&C02&C10), V200R005C00SPC300,
V200R006C00, V200R007C00, V200R008C00,
V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5700S-LI V200R001C00, V200R002C00, V200R003C00,

V200R005C00SPC300, V200R006C00, V200R007C00,
V200R008C00, V200R009C00, V200R010C00,
V200R011C00, V200R011C10

S5710-C-LI V200R001C00

S5710-X-LI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S5700EI V100R005C01, V100R006(C00&C01),

V200R001(C00&C01), V200R002C00, V200R003C00,
V200R005(C00&C01&C02&C03)

S5700SI V100R005C01, V100R006C00, V200R001C00,

V200R002C00, V200R003C00, V200R005C00

S5710EI V200R001C00, V200R002C00, V200R003C00,

V200R005(C00&C02)

S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10

S5720LI, V200R010C00, V200R011C00, V200R011C10

S5720S-LI

S5720SI, V200R008C00, V200R009C00, V200R010C00,

S5720S-SI V200R011C00, V200R011C10

S5700HI V100R006C01, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00SPC500&C01&C02)

S5710HI V200R003C00, V200R005(C00&C02&C03)

S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5730SI V200R011C10

S5730S-EI V200R011C10

S6700 S6700EI V100R006C00, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00&C01&C02)

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1210

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

Product Product Software Version

Model

S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, V200R011C00, V200R011C10

S6720S-LI

S6720SI, V200R011C00, V200R011C10

S6720S-SI

NOTE
To know details about software mappings, see Hardware Query Tool.

Feature Limitations
● When the default CPCAR value is used, the device transparently transmits a
maximum of 10 Layer 2 protocol packets per second. Excess packets are
discarded.
● On the S5700HI, if the VLANIF interface configured based on a PVID is bound
to a VSI, interfaces corresponding to this PVID cannot forward Layer 2
protocol BPDUs.
● In V200R005 and later versions, when PVST+ packets need to be transparently
transmitted, disable VBST on the interface. Otherwise, PVST+ packets cannot
be transparently transmitted.
● Do not replace the destination MAC addresses of SSTP, STP, GVRP, and GMRP
packets with the same multicast MAC address.
● When configuring Layer 2 protocol transparent transmission, do not use any
of the following multicast MAC addresses to replace the destination MAC
address of Layer 2 protocol packets:
– Destination MAC addresses of BPDUs: 0180-C200-0000 to 0180-
C200-002F
– Destination MAC address of Smart Link packets: 010F-E200-0004
– Special multicast MAC addresses: 0100-0CCC-CCCC and 0100-0CCC-
CCCD. By default, on the S2720EI and S2750EI, 0100-0CCC-CCCC and
0100-0CCC-CCCD are not destination MAC addresses of BPDU packets.
– Common multicast MAC addresses that have been used on the device
● To transparently transmit BPDUs such as DLDP and EFM packets on a physical
interface, the L2PT tunnel egress cannot be the Eth-Trunk. Otherwise, BPDU
negotiation may be abnormal.
● When an interface is enabled to transparently transmit the packets of a
certain protocol, these packets do not participate in protocol processing. For
example, after an interface is enabled to transparently transmit STP packets,
the interface does not participate in STP calculation. Therefore, you are

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1211

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

advised not to enable a protocol and the transparent transmission of this

protocol on the same interface.
● Only the S5720HI supports configuring VPLS-based Layer 2 Protocol
Transparent Transmission.

21.6 Configuring Interface-based Layer 2 Protocol

Transparent Transmission
When each interface of a backbone device is connected to only one user network
and Layer 2 protocol packets sent from the user network do not need VLAN tags,
configure interface-based Layer 2 protocol transparent transmission on the
interface connected to the user network. This configuration allows Layer 2
protocol packets to be transparently transmitted on the backbone network.

Pre-configuration Tasks
Before configuring interface-based Layer 2 protocol transparent transmission,
complete the following task:
● Set link layer protocol parameters and IP addresses for interfaces to ensure
that the link layer protocol on the interfaces is Up.
● Use the bpdu enable command to enable the interfaces to send BPDUs to
the CPU.

21.6.1 (Optional) Defining Characteristic Information About a

Layer 2 Protocol

Context
When non-standard Layer 2 protocol packets with a specified multicast
destination MAC address need to be transparently transmitted on the backbone
network, define Layer 2 protocol characteristics on the PE. Layer 2 protocol
characteristics include the protocol name, Ethernet encapsulation format,
destination MAC address, and MAC address that replaces the destination MAC
address of Layer 2 protocol packets.
When defining Layer 2 protocol characteristics, do not use the following multicast
MAC addresses to replace the destination MAC address of Layer 2 protocol
packets:
● Destination MAC addresses of BPDUs: 0180-C200-0000 to 0180-C200-002F
● Destination MAC addresses of Smart Link packets: 010F-E200-0004
● Special multicast MAC addresses: 0100-0CCC-CCCC and 0100-0CCC-CCCD
● Common multicast MAC addresses that have been used on the switch
Perform the following operations on PEs.

Procedure
Step 1 Run system-view

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1212

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

The system view is displayed.

Step 2 Run l2protocol-tunnel user-defined-protocol protocol-name protocol-mac

protocol-mac [ encap-type { { ethernetii | snap } protocol-type protocol-type |
llc dsap dsap-value ssap ssap-value } ] group-mac { group-mac | default-group-
mac }

Characteristic information about a Layer 2 protocol is defined.

----End

21.6.2 Configuring Layer 2 Protocol Transparent Transmission

Mode

Context
You can configure Layer 2 protocol transparent transmission on the device to
replace:
● Default multicast MAC address of Layer 2 protocol packets that can be
identified by PEs with another multicast MAC address. This mode can be used
to transparently transmit Layer 2 protocol packets of only STP, RSTP, and
MSTP.
● Original multicast MAC address of Layer 2 protocol packets with a specified
multicast MAC address. This mode can be used to transparently transmit all
types of Layer 2 protocol packets.

Perform either of the following operations on PEs based on the Layer 2 protocol
type and the required transparent transmission mode.

Procedure
● Replace the default multicast MAC address of Layer 2 protocols that can be
identified by PEs with another multicast MAC address.
a. Run system-view

The system view is displayed.

b. Run bpdu-tunnel stp bridge role provider

The PE is configured as a provider.

Only the S1720X, S1720X-E, S6720LI, S6720S-LI, S5730SI, S5730S-EI, S6720SI,

S6720S-SI, S5720SI and S5720S-SI support this configuration.
● Replace the original multicast MAC address of Layer 2 protocol packets from
user networks with a specified multicast MAC address.
a. Run system-view

The system view is displayed.

b. (Optional) Run bpdu mac-address mac-address [ mac-address-mask ]

The specific MAC address is configured as the BPDU MAC address.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1213

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

▪ For the S2750EI, if CDP packets need to be transparently transmitted,

run the bpdu mac-address 0100-0CCC-CCCC command to set the
BPDU MAC address to 0100-0CCC-CCCC.

▪ For the S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E,

S1720GWR-E, S1720X-E, S2750EI, S2720EI, S5700LI, S5700S-LI,
S5720LI, S5720S-LI, S6720LI, S6720S-LI, S5710-X-LI, S5730SI, S5730S-
EI, S6720SI, S6720S-SI, S5720SI, and S5720S-SI, if PVST+ packets
need to be transparently transmitted, run the bpdu mac-address
0100-0CCC-CCCD command to set the BPDU MAC address to
0100-0CCC-CCCD.
c. Run l2protocol-tunnel protocol-type group-mac group-mac
The original multicast destination MAC address of Layer 2 protocol
packets is replaced with a specified multicast MAC address.

NOTE

Do not replace the destination MAC addresses of SSTP, STP, GVRP, and GMRP
packets with the same multicast MAC address.
When configuring Layer 2 protocol transparent transmission, do not use the
following multicast MAC addresses to replace the destination MAC address of
Layer 2 protocol packets:
● Destination MAC addresses of BPDUs: 0180-C200-0000 to 0180-C200-002F
● Destination MAC addresses of Smart Link packets: 010F-E200-0004
● Special multicast MAC addresses: 0100-0CCC-CCCC and 0100-0CCC-CCCD.
By default, on the S2750EI, 0100-0CCC-CCCC and 0100-0CCC-CCCD are not
destination MAC addresses of BPDU packets.
● Common multicast MAC addresses that have been used on the switch

----End

21.6.3 Enabling Layer 2 Protocol Transparent Transmission on

an Interface

Context
Perform the following operations on PEs based on the required Layer 2 protocol
transparent transmission mode.

NOTE

The l2protocol-tunnel and l2protocol-tunnel vlan commands cannot specify the same
protocol type on the same interface. Otherwise, the configurations conflict.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The user-side interface view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1214

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

Step 3 Run port link-type hybrid

The link type of the interface is set to hybrid.

Step 4 Run port hybrid pvid vlan vlan-id

The default VLAN of the interface is configured.

Step 5 Run port hybrid untagged vlan vlan-id

The interface is added to the default VLAN in untagged mode.

Step 6 Run l2protocol-tunnel { all | protocol-type | user-defined-protocol protocol-

name } enable
Layer 2 protocol transparent transmission is enabled on the interface.

----End

21.6.4 Verifying the Configuration of Interface-based Layer 2

Protocol Transparent Transmission

Procedure
● Run the display l2protocol-tunnel group-mac { all | protocol-type | user-
defined-protocol protocol-name } command to check transparent
transmission information of specified or all Layer 2 protocol packets.

----End

21.7 Configuring VLAN-based Layer 2 Protocol

Transparent Transmission
When each interface of a backbone device is connected to multiple user networks
and Layer 2 protocol packets sent from user networks contain VLAN tags,
configure VLAN-based Layer 2 protocol transparent transmission. This
configuration allows Layer 2 protocol packets to be transparently transmitted on
the backbone network.

Pre-configuration Tasks
Before configuring VLAN-based Layer 2 protocol transparent transmission,
complete the following task:
● Set link layer protocol parameters and IP addresses for interfaces to ensure
that the link layer protocol on the interfaces is Up.
● Use the bpdu enable command to enable the interfaces to send BPDUs to
the CPU.

21.7.1 (Optional) Defining Characteristic Information About a

Layer 2 Protocol

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1215

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

Context
When non-standard Layer 2 protocol packets with a specified multicast
destination MAC address need to be transparently transmitted on the backbone
network, define Layer 2 protocol characteristics on the PE. Layer 2 protocol
characteristics include the protocol name, Ethernet encapsulation format,
destination MAC address, and MAC address that replaces the destination MAC
address of Layer 2 protocol packets.

When defining Layer 2 protocol characteristics, do not use the following multicast
MAC addresses to replace the destination MAC address of Layer 2 protocol
packets:

● Destination MAC addresses of BPDUs: 0180-C200-0000 to 0180-C200-002F

● Destination MAC addresses of Smart Link packets: 010F-E200-0004
● Special multicast MAC addresses: 0100-0CCC-CCCC and 0100-0CCC-CCCD
● Common multicast MAC addresses that have been used on the switch

Perform the following operations on PEs.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run l2protocol-tunnel user-defined-protocol protocol-name protocol-mac

protocol-mac [ encap-type { { ethernetii | snap } protocol-type protocol-type |
llc dsap dsap-value ssap ssap-value } ] group-mac { group-mac | default-group-
mac }

Characteristic information about a Layer 2 protocol is defined.

----End

21.7.2 Configuring Layer 2 Protocol Transparent Transmission

Mode

Context
You can configure Layer 2 protocol transparent transmission on the device to
replace:
● Default multicast MAC address of Layer 2 protocol packets that can be
identified by PEs with another multicast MAC address. This mode can be used
to transparently transmit Layer 2 protocol packets of only STP, RSTP, and
MSTP.
● Original multicast MAC address of Layer 2 protocol packets with a specified
multicast MAC address. This mode can be used to transparently transmit all
types of Layer 2 protocol packets.

Perform either of the following operations on PEs based on the Layer 2 protocol
type and the required transparent transmission mode.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1216

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

Procedure
● Replace the default multicast MAC address of Layer 2 protocols that can be
identified by PEs with another multicast MAC address.
a. Run system-view

The system view is displayed.

b. Run bpdu-tunnel stp bridge role provider

The PE is configured as a provider.

Only the S1720X, S1720X-E, S6720LI, S6720S-LI, S5730SI, S5730S-EI, S6720SI,

S6720S-SI, S5720SI and S5720S-SI support this configuration.
● Replace the original multicast MAC address of Layer 2 protocol packets from
user networks with a specified multicast MAC address.
a. Run system-view

The system view is displayed.

b. (Optional) Run bpdu mac-address mac-address [ mac-address-mask ]

The specific MAC address is configured as the BPDU MAC address.

▪ For the S2750EI, if CDP packets need to be transparently transmitted,

run the bpdu mac-address 0100-0CCC-CCCC command to set the
BPDU MAC address to 0100-0CCC-CCCC.

▪ For the S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E,

S1720GWR-E, S1720X-E, S2750EI, S2720EI, S5700LI, S5700S-LI,
S5720LI, S5720S-LI, S6720LI, S6720S-LI, S5710-X-LI, S5730SI, S5730S-
EI, S6720SI, S6720S-SI, S5720SI, and S5720S-SI, if PVST+ packets
need to be transparently transmitted, run the bpdu mac-address
0100-0CCC-CCCD command to set the BPDU MAC address to
0100-0CCC-CCCD.
c. Run l2protocol-tunnel protocol-type group-mac group-mac

The original multicast destination MAC address of Layer 2 protocol

packets is replaced with a specified multicast MAC address.

NOTE

Do not replace the destination MAC addresses of SSTP, STP, GVRP, and GMRP
packets with the same multicast MAC address.
When configuring Layer 2 protocol transparent transmission, do not use the
following multicast MAC addresses to replace the destination MAC address of
Layer 2 protocol packets:
● Destination MAC addresses of BPDUs: 0180-C200-0000 to 0180-C200-002F
● Destination MAC addresses of Smart Link packets: 010F-E200-0004
● Special multicast MAC addresses: 0100-0CCC-CCCC and 0100-0CCC-CCCD.
By default, on the S2750EI, 0100-0CCC-CCCC and 0100-0CCC-CCCD are not
destination MAC addresses of BPDU packets.
● Common multicast MAC addresses that have been used on the switch

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1217

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

21.7.3 Enabling VLAN-based Layer 2 Protocol Transparent

Transmission on an Interface

Context
Perform the following operations on PEs according to the type of Layer 2 protocol
packets to be transparently transmitted.

NOTE

The l2protocol-tunnel vlan and l2protocol-tunnel commands cannot specify the same
protocol type on the same interface. Otherwise, the configurations conflict.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The user-side interface view is displayed.

Step 3 Run port link-type hybrid

The link type of the interface is set to hybrid.

Step 4 Run port hybrid tagged vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }

The interface is added to the specified VLANs in tagged mode.

NOTE

● The range of VLAN IDs specified in this step must include VLAN IDs of Layer 2 protocol
packets from user networks.
● The VLAN for VLAN-based Layer 2 protocol transparent transmission must be the static
VLAN, and cannot be the VLAN dynamically created by GVRP and VCMP.

Step 5 Run l2protocol-tunnel { all | protocol-type | user-defined-protocol protocol-

name } vlan { low-id [ to high-id ] } &<1-10>
VLAN-based Layer 2 protocol transparent transmission is enabled on the interface.

----End

21.7.4 Verifying the Layer 2 Protocol Transparent Transmission

Configuration

Procedure
● Run the display l2protocol-tunnel group-mac { all | protocol-type | user-
defined-protocol protocol-name } command to check information about
transparent transmission of specified or all Layer 2 protocol packets.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1218

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

21.8 Configuring QinQ-based Layer 2 Protocol

Transparent Transmission
When each interface of a backbone device is connected to multiple user networks
and Layer 2 protocol packets sent from user networks contain VLAN tags,
configure QinQ-based Layer 2 protocol transparent transmission. This
configuration allows Layer 2 protocol packets to be transparently transmitted on
the backbone network and reduces VLAN IDs that the carrier uses.

Pre-configuration Tasks
Before configuring QinQ-based Layer 2 protocol transparent transmission,
complete the following task:
● Set link layer protocol parameters and IP addresses for interfaces to ensure
that the link layer protocol on the interfaces is Up.
● Use the bpdu enable command to enable the interfaces to send BPDUs to
the CPU.

21.8.1 (Optional) Defining Characteristic Information About a

Layer 2 Protocol

Context
When non-standard Layer 2 protocol packets with a specified multicast
destination MAC address need to be transparently transmitted on the backbone
network, define Layer 2 protocol characteristics on the PE. Layer 2 protocol
characteristics include the protocol name, Ethernet encapsulation format,
destination MAC address, and MAC address that replaces the destination MAC
address of Layer 2 protocol packets.
When defining Layer 2 protocol characteristics, do not use the following multicast
MAC addresses to replace the destination MAC address of Layer 2 protocol
packets:
● Destination MAC addresses of BPDUs: 0180-C200-0000 to 0180-C200-002F
● Destination MAC addresses of Smart Link packets: 010F-E200-0004
● Special multicast MAC addresses: 0100-0CCC-CCCC and 0100-0CCC-CCCD
● Common multicast MAC addresses that have been used on the switch
Perform the following operations on PEs.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run l2protocol-tunnel user-defined-protocol protocol-name protocol-mac
protocol-mac [ encap-type { { ethernetii | snap } protocol-type protocol-type |

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1219

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

llc dsap dsap-value ssap ssap-value } ] group-mac { group-mac | default-group-

mac }
Characteristic information about a Layer 2 protocol is defined.

----End

21.8.2 Configuring Layer 2 Protocol Transparent Transmission

Mode

Context
You can configure the following Layer 2 protocol transparent transmission modes:
● Configure the device to replace the default multicast MAC address of Layer 2
protocol packets that can be identified by PEs with another multicast MAC
address. This mode can be used to transparently transmit Layer 2 protocol
packets of only STP, RSTP, and MSTP.
● Configure the device to replace the original multicast MAC address of Layer 2
protocol packets with a specified multicast MAC address. This mode can be
used to transparently transmit all types of Layer 2 protocol packets.
Perform either of the following operations on PEs based on the Layer 2 protocol
type and the required transparent transmission mode.

Procedure
● Replace the default multicast MAC address of Layer 2 protocols that can be
identified by PEs with another multicast MAC address.
a. Run system-view
The system view is displayed.
b. Run bpdu-tunnel stp bridge role provider
The PE is configured as a provider.
Only the S1720X, S1720X-E, S6720LI, S6720S-LI, S5730SI, S5730S-EI, S6720SI,
S6720S-SI, S5720SI and S5720S-SI support this configuration.
● Replace the original multicast MAC address of Layer 2 protocol packets from
user networks with a specified multicast MAC address.
a. Run system-view
The system view is displayed.
b. (Optional) Run bpdu mac-address mac-address [ mac-address-mask ]
The specific MAC address is configured as the BPDU MAC address.

▪ For the S2750EI, if CDP packets need to be transparently transmitted,

run the bpdu mac-address 0100-0CCC-CCCC command to set the
BPDU MAC address to 0100-0CCC-CCCC.

▪ For the S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E,

S1720GWR-E, S1720X-E, S2750EI, S2720EI, S5700LI, S5700S-LI,
S5720LI, S5720S-LI, S6720LI, S6720S-LI, S5710-X-LI, S5730SI, S5730S-

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1220

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

EI, S6720SI, S6720S-SI, S5720SI, and S5720S-SI, if PVST+ packets

need to be transparently transmitted, run the bpdu mac-address
0100-0CCC-CCCD command to set the BPDU MAC address to
0100-0CCC-CCCD.
c. Run l2protocol-tunnel protocol-type group-mac group-mac
The original multicast destination MAC address of Layer 2 protocol
packets is replaced with a specified multicast MAC address.

NOTE

When configuring Layer 2 protocol transparent transmission, do not use the following
multicast MAC addresses to replace the destination MAC address of Layer 2 protocol
packets:
● Destination MAC addresses of BPDUs: 0180-C200-0000 to 0180-C200-002F
● Destination MAC addresses of Smart Link packets: 010F-E200-0004
● Special multicast MAC addresses: 0100-0CCC-CCCC and 0100-0CCC-CCCD. By
default, on the S2750EI, 0100-0CCC-CCCC and 0100-0CCC-CCCD are not
destination MAC addresses of BPDU packets.
● Common multicast MAC addresses that have been used on the switch

----End

21.8.3 Enabling QinQ-based Layer 2 Transparent Transmission

on an Interface

Context
Perform the following operations on PEs based on the required Layer 2 protocol
transparent transmission mode.

NOTE

The l2protocol-tunnel vlan and l2protocol-tunnel commands cannot specify the same
protocol type on the same interface. Otherwise, the configurations conflict.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The user-side interface view is displayed.
Step 3 Run port link-type hybrid
The link type of the interface is set to hybrid.
Step 4 Run port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }
The interface is added to specified VLANs in untagged mode.
Step 5 Run qinq vlan-translation enable
VLAN translation is enabled on the interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1221

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

Step 6 Run port vlan-stacking vlan vlan-id1 [ to vlan-id2 ] stack-vlan vlan-id3

The interface is configured to add an outer VLAN tag to Layer 2 protocol packets.

Step 7 Run l2protocol-tunnel { all | protocol-type | user-defined-protocol protocol-

name } vlan { low-id [ to high-id ] } &<1-10>
QinQ-based Layer 2 protocol transparent transmission is enabled on the interface.

NOTE

● The outer VLAN tag (vlan-id3) specified in the port vlan-stacking command must be
included in the VLAN range specified in the port hybrid untagged vlancommand.

----End

21.8.4 Verifying the Layer 2 Protocol Transparent Transmission

Configuration

Procedure
● Run the display l2protocol-tunnel group-mac { all | protocol-type | user-
defined-protocol protocol-name } command to check information about
transparent transmission of specified or all Layer 2 protocol packets.

----End

21.9 Configuring VPLS-based Layer 2 Protocol

Transparent Transmission
When the backbone network is the L2VPN that is built based on VPLS, you can
configure VPLS-based Layer 2 protocol transparent transmission so that protocol
packets from different user networks can be transmitted on the backbone
network.

Pre-configuration Tasks
Before configuring VPLS-based Layer 2 protocol transparent transmission, deploy
VPLS-based L2VPN on PEs and the backbone network. For details, see VPLS
Configuration in S1720, S2700, S5700, and S6720 V200R011C10 Configuration
Guide - VPN.

21.9.1 (Optional) Defining Characteristic Information About a

Layer 2 Protocol

Context
When non-standard Layer 2 protocol packets with a specified multicast
destination MAC address need to be transparently transmitted on the backbone
network, define Layer 2 protocol characteristics on the PE. Layer 2 protocol
characteristics include the protocol name, Ethernet encapsulation format,

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1222

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

destination MAC address, and MAC address that replaces the destination MAC
address of Layer 2 protocol packets.
When defining Layer 2 protocol characteristics, do not use the following multicast
MAC addresses to replace the destination MAC address of Layer 2 protocol
packets:
● Destination MAC addresses of BPDUs: 0180-C200-0000 to 0180-C200-002F
● Destination MAC addresses of Smart Link packets: 010F-E200-0004
● Special multicast MAC addresses: 0100-0CCC-CCCC and 0100-0CCC-CCCD
● Common multicast MAC addresses that have been used on the switch
Perform the following operations on PEs.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run l2protocol-tunnel user-defined-protocol protocol-name protocol-mac
protocol-mac [ encap-type { { ethernetii | snap } protocol-type protocol-type |
llc dsap dsap-value ssap ssap-value } ] group-mac { group-mac | default-group-
mac }
Characteristic information about a Layer 2 protocol is defined.

----End

21.9.2 Configuring Layer 2 Protocol Transparent Transmission

Mode

Context
You can configure Layer 2 protocol transparent transmission on the device to
replace:
● Default multicast MAC address of Layer 2 protocol packets that can be
identified by PEs with another multicast MAC address. This mode can be used
to transparently transmit Layer 2 protocol packets of only STP, RSTP, and
MSTP.
● Original multicast MAC address of Layer 2 protocol packets with a specified
multicast MAC address. This mode can be used to transparently transmit all
types of Layer 2 protocol packets.
Perform either of the following operations on PEs based on the Layer 2 protocol
type and the required transparent transmission mode.

Procedure
● Replace the default multicast MAC address of Layer 2 protocols that can be
identified by PEs with another multicast MAC address.
a. Run system-view
The system view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1223

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

b. Run bpdu-tunnel stp bridge role provider

The PE is configured as a provider.
Only the S1720X, S1720X-E, S6720LI, S6720S-LI, S5730SI, S5730S-EI, S6720SI,
S6720S-SI, S5720SI and S5720S-SI support this configuration.
● Replace the original multicast MAC address of Layer 2 protocol packets from
user networks with a specified multicast MAC address.
a. Run system-view
The system view is displayed.
b. Run l2protocol-tunnel protocol-type group-mac group-mac
The original multicast destination MAC address of Layer 2 protocol
packets is replaced with a specified multicast MAC address.

NOTE

Do not replace the destination MAC addresses of SSTP, STP, GVRP, and GMRP
packets with the same multicast MAC address.
When configuring Layer 2 protocol transparent transmission, do not use the
following multicast MAC addresses to replace the destination MAC address of
Layer 2 protocol packets:
● Destination MAC addresses of BPDUs: 0180-C200-0000 to 0180-C200-002F
● Destination MAC addresses of Smart Link packets: 010F-E200-0004
● Special multicast MAC addresses: 0100-0CCC-CCCC and 0100-0CCC-CCCD.
By default, on the S2750EI, 0100-0CCC-CCCC and 0100-0CCC-CCCD are not
destination MAC addresses of BPDU packets.
● Common multicast MAC addresses that have been used on the switch

----End

21.9.3 Enabling VPLS-based Layer 2 Protocol Transparent

Transmission on an Interface

Context
Perform the following operations on PEs according to the type of Layer 2 protocol
packets to be transparently transmitted.

Procedure
● Configure Layer 2 protocol transparent transmission when Ethernet interfaces
are connected to the VPLS network.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The Ethernet interface view is displayed.
c. Run undo portswitch
The Ethernet interface is switched from Layer 2 mode to Layer 3 mode.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1224

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

d. Run l2 binding vsi vsi-name

The Ethernet interface is bound to the VSI.

NOTE

● If the remote PE is configured to receive tagged packets only, run the mpls
l2vpn default vlan command to configure the default VLAN of the main
interface before binding the local Ethernet interface to the VSI.
● If the remote PE is configured to receive double-tagged packets only, run the
mpls l2vpn vlan-stacking stack-vlan command to configure the stacked
VLAN of the main interface before binding the local Ethernet interface to the
VSI.
e. Run l2protocol-tunnel { all | protocol-type | user-defined-protocol
protocol-name } enable
VPLS-based Layer 2 protocol transparent transmission is enabled on the
interface.
● Configure Layer 2 protocol transparent transmission when Ethernet sub-
interfaces are connected to the VPLS network.
a. Run system-view

The system view is displayed.

b. Run interface interface-type interface-number

The Ethernet interface view is displayed.

c. Run port link-type { hybrid | trunk }

The interface type is specified.

d. Run quit

Exit from the interface view.

e. Run interface interface-type interface-number.subinterface-number

The Ethernet sub-interface view is displayed.

f. Perform one of the following operations as required.

▪ Run dot1q termination vid low-pe-vid

The single VLAN ID for dot1q encapsulation is set on a sub-interface.

▪ Run qinq termination pe-vid pe-vid ce-vid ce-vid1 [ to ce-vid2 ]

The double VLAN IDs for QinQ encapsulation are set on a sub-
interface.
g. Run l2 binding vsi vsi-name

The Ethernet sub-interface is bound to the VSI.

h. Run l2protocol-tunnel { all | protocol-type | user-defined-protocol
protocol-name } enable
VPLS-based Layer 2 protocol transparent transmission is enabled on the
sub-interface.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1225

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

21.9.4 Verifying the Layer 2 Protocol Transparent Transmission

Configuration
Procedure
● Run the display l2protocol-tunnel group-mac { all | protocol-type | user-
defined-protocol protocol-name } command to check information about
transparent transmission of specified or all Layer 2 protocol packets.

----End

21.10 Configuration Examples for Layer 2 Protocol

Transparent Transmission

21.10.1 Example for Configuring Interface-based Layer 2

Protocol Transparent Transmission

Networking Requirements
In Figure 21-7, the CEs are edge devices on two private networks (located in
different areas) of an enterprise. The PEs are edge devices on the ISP network. The
two private networks of the enterprise are Layer 2 networks and they are
connected through the ISP network. STP is run on the Layer 2 networks to prevent
loops. Enterprise users require that only STP run on the private networks so that
spanning trees can be generated correctly.

Figure 21-7 Networking diagram for configuring interface-based Layer 2 protocol

transparent transmission
PE1 PE2
GE0/0/2 ISP GE0/0/2
network
GE0/0/1 GE0/0/1

GE0/0/1 GE0/0/1
CE1
CE2

User A User A
network1 network2

Configuration Roadmap
The configuration roadmap is as follows:

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1226

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

1. Configure STP on CEs to prevent loops on the Layer 2 network.

2. Add PE interfaces connected to CEs to specified VLANs so that PEs forward
packets from the VLANs.
3. Configure interface-based Layer 2 protocol transparent transmission on PEs so
that STP packets are not sent to the CPUs of PEs for processing.

Procedure
Step 1 Enable STP on CEs.
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan 100
[CE1-vlan100] quit
[CE1] stp enable
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type hybrid
[CE1-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[CE1-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[CE1-GigabitEthernet0/0/1] quit

# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan 100
[CE2-vlan100] quit
[CE2] stp enable
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port link-type hybrid
[CE2-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[CE2-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[CE2-GigabitEthernet0/0/1] quit

Step 2 Add GE0/0/1 on PE1 and PE2 to VLAN 100 and enable Layer 2 protocol
transparent transmission on PEs.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan 100
[PE1-vlan100] quit
[PE1] interface gigabitethernet 0/0/1
[PE1-GigabitEthernet0/0/1] port link-type hybrid
[PE1-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[PE1-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[PE1-GigabitEthernet0/0/1] l2protocol-tunnel stp enable
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface GigabitEthernet 0/0/2
[PE1-GigabitEthernet0/0/2] port link-type trunk
[PE1-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[PE1-GigabitEthernet0/0/2] quit

# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] vlan 100
[PE2-vlan100] quit
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] port link-type hybrid
[PE2-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[PE2-GigabitEthernet0/0/1] port hybrid untagged vlan 100

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1227

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

[PE2-GigabitEthernet0/0/1] l2protocol-tunnel stp enable

[PE2-GigabitEthernet0/0/1] quit
[PE2] interface gigabitethernet 0/0/2
[PE2-GigabitEthernet0/0/2] port link-type trunk
[PE2-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[PE2-GigabitEthernet0/0/2] quit

Step 3 Configure PEs to replace the destination MAC address of STP packets received
from CEs.

# Configure PE1.
[PE1] l2protocol-tunnel stp group-mac 0100-0100-0100

# Configure PE2.
[PE2] l2protocol-tunnel stp group-mac 0100-0100-0100

Step 4 Configure CE2 to the priority of a switching device is 4096.

[CE2] stp priority 4096

Step 5 Verify the configuration.

# After the configuration is complete, run the display l2protocol-tunnel group-

mac command on PEs. You can view the protocol type or name, multicast
destination MAC address, group MAC address, and priority of Layer 2 protocol
packets to be transparently transmitted.

The display on PE1 is used as an example.

[PE1] display l2protocol-tunnel group-mac stp
Protocol EncapeType ProtocolType Protocol-MAC Group-MAC Pri
-----------------------------------------------------------------------------
stp llc dsap 0x42 0180-c200-0000 0100-0100-0100 0
ssap 0x42

# After 30s, run the display stp command on CE1 and CE2 to view the root in the
MSTP region. You can find that a spanning tree is calculated between CE1 and
CE2. GE0/0/1 on CE1 is the root port and GE0/0/1 on CE2 is the designated port.
[CE1] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ROOT FORWARDING NONE
[CE2] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING NONE

----End

Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
return

● CE2 configuration file

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1228

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

#
sysname CE2
#
vlan batch 100
#
stp instance 0 priority 4096
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
return
● PE1 configuration file
#
sysname PE1
#
vlan batch 100
#
l2protocol-tunnel stp group-mac 0100-0100-0100
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 100
port hybrid untagged vlan 100
l2protocol-tunnel stp enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100
#
return
● PE2 configuration file
#
sysname PE2
#
vlan batch 100
#
l2protocol-tunnel stp group-mac 0100-0100-0100
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 100
port hybrid untagged vlan 100
l2protocol-tunnel stp enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100
#
return

21.10.2 Example for Configuring VLAN-based Layer 2 Protocol

Transparent Transmission

Networking Requirements
In Figure 21-8, CEs are edge devices on two private networks of an enterprise
located in different areas, and PE1 and PE2 are edge devices on the ISP network.
VLAN 100 and VLAN 200 are Layer 2 networks for different users and are
connected through the ISP network. STP is run on the Layer 2 networks to prevent
loops. Enterprise users require that only STP run on the private networks so that
spanning trees can be generated correctly.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1229

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

● All the devices in VLAN 100 participate in calculation of a spanning tree.

● All the devices in VLAN 200 participate in calculation of a spanning tree.

Figure 21-8 Networking diagram for configuring VLAN-based Layer 2 protocol

transparent transmission
PE1 PE2
GE0/0/1 ISP GE0/0/1
network
GE0/0/2 GE0/0/3 GE0/0/2 GE0/0/3

GE0/0/1 GE0/0/1 GE0/0/1

GE0/0/1
CE1 CE3 CE2 CE4

VLAN 100 VLAN 200 VLAN 100 VLAN 200

User A User B User A User B

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure STP on CEs to prevent loops on Layer 2 networks.
2. Configure CEs to send STP BPDUs with specified VLAN tags to PEs so that
calculation of a spanning tree is complete independently in VLAN 100 and
VLAN 200.
3. Configure VLAN-based Layer 2 protocol transparent transmission on PEs so
that STP BPDUs are not sent to the CPUs of PEs for processing.

Procedure
Step 1 Enable STP on CEs.
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] stp enable

# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] stp enable

# Configure CE3.
<HUAWEI> system-view
[HUAWEI] sysname CE3
[CE3] stp enable

# Configure CE4.
<HUAWEI> system-view
[HUAWEI] sysname CE4
[CE4] stp enable

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1230

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

Step 2 Configure CE1 and CE2 to send STP BPDUs with VLAN tag 100 to PEs, and
configure CE3 and CE4 to send STP BPDUs with VLAN tag 200 to PEs.

# Configure CE1.
[CE1] vlan 100
[CE1-vlan100] quit
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type hybrid
[CE1-GigabitEthernet0/0/1] port hybrid tagged vlan 100
[CE1-GigabitEthernet0/0/1] stp bpdu vlan 100
[CE1-GigabitEthernet0/0/1] quit

# Configure CE2.
[CE2] vlan 100
[CE2-vlan100] quit
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port link-type hybrid
[CE2-GigabitEthernet0/0/1] port hybrid tagged vlan 100
[CE2-GigabitEthernet0/0/1] stp bpdu vlan 100
[CE2-GigabitEthernet0/0/1] quit

# Configure CE3.
[CE3] vlan 200
[CE3-vlan200] quit
[CE3] interface gigabitethernet 0/0/1
[CE3-GigabitEthernet0/0/1] port link-type hybrid
[CE3-GigabitEthernet0/0/1] port hybrid tagged vlan 200
[CE3-GigabitEthernet0/0/1] stp bpdu vlan 200
[CE3-GigabitEthernet0/0/1] quit

# Configure CE4.
[CE4] vlan 200
[CE4-vlan200] quit
[CE4] interface gigabitethernet 0/0/1
[CE4-GigabitEthernet0/0/1] port link-type hybrid
[CE4-GigabitEthernet0/0/1] port hybrid tagged vlan 200
[CE4-GigabitEthernet0/0/1] stp bpdu vlan 200
[CE4-GigabitEthernet0/0/1] quit

Step 3 Configure PE interfaces to transparently transmit STP BPDUs of CEs to the peer
ends.

# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan 100
[PE1-vlan100] quit
[PE1] vlan 200
[PE1-vlan200] quit
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] port link-type hybrid
[PE1-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[PE1-GigabitEthernet0/0/2] l2protocol-tunnel stp vlan 100
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface gigabitethernet 0/0/3
[PE1-GigabitEthernet0/0/3] port link-type hybrid
[PE1-GigabitEthernet0/0/3] port hybrid tagged vlan 200
[PE1-GigabitEthernet0/0/3] l2protocol-tunnel stp vlan 200
[PE1-GigabitEthernet0/0/3] quit
[PE1] interface GigabitEthernet 0/0/1
[PE1-GigabitEthernet0/0/1] port link-type trunk
[PE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 200
[PE1-GigabitEthernet0/0/1] quit

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1231

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] vlan 100
[PE2-vlan100] quit
[PE2] vlan 200
[PE2-vlan200] quit
[PE2] interface gigabitethernet 0/0/2
[PE2-GigabitEthernet0/0/2] port link-type hybrid
[PE2-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[PE2-GigabitEthernet0/0/2] l2protocol-tunnel stp vlan 100
[PE2-GigabitEthernet0/0/2] quit
[PE2] interface gigabitethernet 0/0/3
[PE2-GigabitEthernet0/0/3] port link-type hybrid
[PE2-GigabitEthernet0/0/3] port hybrid tagged vlan 200
[PE2-GigabitEthernet0/0/3] l2protocol-tunnel stp vlan 200
[PE2-GigabitEthernet0/0/3] quit
[PE2] interface GigabitEthernet 0/0/1
[PE2-GigabitEthernet0/0/1] port link-type trunk
[PE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 200
[PE2-GigabitEthernet0/0/1] quit

Step 4 Configure PEs to replace the destination MAC address of STP BPDUs received from
CEs.

# Configure PE1.
[PE1] l2protocol-tunnel stp group-mac 0100-0100-0100

# Configure PE2.
[PE2] l2protocol-tunnel stp group-mac 0100-0100-0100

Step 5 Configure CE2 and CE4 to the priority of a switching device is 4096.

# Configure CE2.
[CE2] stp priority 4096

# Configure CE4.
[CE4] stp priority 4096

Step 6 Verify the configuration.

# After the configuration is complete, run the display l2protocol-tunnel group-

mac command on PEs. You can view the protocol type or name, multicast
destination MAC address, group MAC address, and priority of Layer 2 protocol
packets to be transparently transmitted.

The display on PE1 is used as an example.

[PE1] display l2protocol-tunnel group-mac stp
Protocol EncapeType ProtocolType Protocol-MAC Group-MAC Pri
-----------------------------------------------------------------------------
stp llc dsap 0x42 0180-c200-0000 0100-0100-0100 0
ssap 0x42

# After 30s, run the display stp command on CE1 and CE2 to view the root in the
MSTP region. You can see that a spanning tree is calculated between CE1 and CE2.
GE0/0/1 on CE1 is the root port and GE0/0/1 on CE2 is the designated port.
[CE1] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ROOT FORWARDING NONE

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1232

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

[CE2] display stp brief

MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING NONE

# After 30s, run the display stp command on CE3 and CE4 to view the root in the
MSTP region. You can see that a spanning tree is calculated between CE3 and CE4.
GE0/0/1 on CE3 is the root port and GE0/0/1 on CE4 is the designated port.
[CE3] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ROOT FORWARDING NONE
[CE4] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING NONE

----End

Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 100
stp bpdu vlan 100
#
return

● CE2 configuration file

#
sysname CE2
#
vlan batch 100
#
stp instance 0 priority 4096
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 100
stp bpdu vlan 100
#
return

● CE3 configuration file

#
sysname CE3
#
vlan batch 200
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 200
stp bpdu vlan 200
#
return

● CE4 configuration file

#
sysname CE4
#
vlan batch 200
#
stp instance 0 priority 4096

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1233

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 200
stp bpdu vlan 200
#
return
● PE1 configuration file
#
sysname PE1
#
vlan batch 100 200
#
l2protocol-tunnel stp group-mac 0100-0100-0100
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 200
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 100
l2protocol-tunnel stp vlan 100
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid tagged vlan 200
l2protocol-tunnel stp vlan 200
#
return
● PE2 configuration file
#
sysname PE2
#
vlan batch 100 200
#
l2protocol-tunnel stp group-mac 0100-0100-0100
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 200
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid tagged vlan 100
l2protocol-tunnel stp vlan 100
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid tagged vlan 200
l2protocol-tunnel stp vlan 200
#
return

21.10.3 Example for Configuring QinQ-based Layer 2 Protocol

Transparent Transmission

Networking Requirements
In Figure 21-9, CEs are edge devices on two private networks of an enterprise
located in different areas, and PE1 and PE2 are edge devices on the ISP network.
VLAN 100 and VLAN 200 are Layer 2 networks for different users and are
connected through the ISP network. STP is run on the Layer 2 networks to prevent

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1234

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

loops. Enterprise users require that only STP run on the private networks so that
spanning trees can be generated correctly.

● All the devices in VLAN 100 participate in calculation of a spanning tree.

● All the devices in VLAN 200 participate in calculation of a spanning tree.

Because of shortage of public VLAN resources, VLAN IDs on carrier networks must
be saved.

Figure 21-9 Networking diagram for configuring QinQ-based Layer 2 protocol

transparent transmission

User A User A
VLAN100 VLAN100
GE0/0/1
GE0/0/1
GE0/0/2 GE0/0/2
CE1 CE2
GE0/0/1 ISP GE0/0/1
PE1 PE2
Network
CE3 GE0/0/3 GE0/0/3 CE4
GE0/0/1 GE0/0/1

User B User B
VLAN200 VLAN200

Configuration Roadmap
The configuration roadmap is as follows:

1. Configure STP on CEs to prevent loops on Layer 2 networks.

2. Configure CEs to send STP BPDUs with specified VLAN tags to PEs so that
calculation of a spanning tree is complete independently in VLAN 100 and
VLAN 200.
3. Configure VLAN-based Layer 2 protocol transparent transmission on PEs so
that STP BPDUs are not sent to the CPUs of PEs for processing.
4. Configure QinQ (VLAN stacking) on PEs so that PEs add outer VLAN tag 10 to
STP BPDUs sent from CEs, saving public network VLAN IDs.

Procedure
Step 1 Enable STP on CEs.

# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] stp enable

# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] stp enable

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1235

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

# Configure CE3.
<HUAWEI> system-view
[HUAWEI] sysname CE3
[CE3] stp enable

# Configure CE4.
<HUAWEI> system-view
[HUAWEI] sysname CE4
[CE4] stp enable

Step 2 Configure CE1 and CE2 to send STP BPDUs with VLAN tag 100 to PEs, and
configure CE3 and CE4 to send STP BPDUs with VLAN tag 200 to PEs.
# Configure CE1.
[CE1] vlan 100
[CE1-vlan100] quit
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type hybrid
[CE1-GigabitEthernet0/0/1] port hybrid tagged vlan 100
[CE1-GigabitEthernet0/0/1] stp bpdu vlan 100
[CE1-GigabitEthernet0/0/1] quit

# Configure CE2.
[CE2] vlan 100
[CE2-vlan100] quit
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port link-type hybrid
[CE2-GigabitEthernet0/0/1] port hybrid tagged vlan 100
[CE2-GigabitEthernet0/0/1] stp bpdu vlan 100
[CE2-GigabitEthernet0/0/1] quit

# Configure CE3.
[CE3] vlan 200
[CE3-vlan200] quit
[CE3] interface gigabitethernet 0/0/1
[CE3-GigabitEthernet0/0/1] port link-type hybrid
[CE3-GigabitEthernet0/0/1] port hybrid tagged vlan 200
[CE3-GigabitEthernet0/0/1] stp bpdu vlan 200
[CE3-GigabitEthernet0/0/1] quit

# Configure CE4.
[CE4] vlan 200
[CE4-vlan200] quit
[CE4] interface gigabitethernet 0/0/1
[CE4-GigabitEthernet0/0/1] port link-type hybrid
[CE4-GigabitEthernet0/0/1] port hybrid tagged vlan 200
[CE4-GigabitEthernet0/0/1] stp bpdu vlan 200
[CE4-GigabitEthernet0/0/1] quit

Step 3 Configure QinQ-based Layer 2 protocol transparent transmission on PEs so that

STP BPDUs with VLAN tags 100 and 200 are tagged with outer VLAN 10 by PEs
and can be transmitted on the ISP network.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan 10
[PE1-vlan10] quit
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] port link-type hybrid
[PE1-GigabitEthernet0/0/2] qinq vlan-translation enable
[PE1-GigabitEthernet0/0/2] port hybrid untagged vlan 10

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1236

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

[PE1-GigabitEthernet0/0/2] port vlan-stacking vlan 100 stack-vlan 10

[PE1-GigabitEthernet0/0/2] l2protocol-tunnel stp vlan 10
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface gigabitethernet 0/0/3
[PE1-GigabitEthernet0/0/3] port link-type hybrid
[PE1-GigabitEthernet0/0/3] qinq vlan-translation enable
[PE1-GigabitEthernet0/0/3] port hybrid untagged vlan 10
[PE1-GigabitEthernet0/0/3] port vlan-stacking vlan 200 stack-vlan 10
[PE1-GigabitEthernet0/0/3] l2protocol-tunnel stp vlan 10
[PE1-GigabitEthernet0/0/3] quit
[PE1] interface GigabitEthernet 0/0/1
[PE1-GigabitEthernet0/0/1] port link-type trunk
[PE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[PE1-GigabitEthernet0/0/1] quit

# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] vlan 10
[PE2-vlan10] quit
[PE2] interface gigabitethernet 0/0/2
[PE2-GigabitEthernet0/0/2] port link-type hybrid
[PE2-GigabitEthernet0/0/2] qinq vlan-translation enable
[PE2-GigabitEthernet0/0/2] port hybrid untagged vlan 10
[PE2-GigabitEthernet0/0/2] port vlan-stacking vlan 100 stack-vlan 10
[PE2-GigabitEthernet0/0/2] l2protocol-tunnel stp vlan 10
[PE2-GigabitEthernet0/0/2] quit
[PE2] interface gigabitethernet 0/0/3
[PE2-GigabitEthernet0/0/3] port link-type hybrid
[PE2-GigabitEthernet0/0/3] qinq vlan-translation enable
[PE2-GigabitEthernet0/0/3] port hybrid untagged vlan 10
[PE2-GigabitEthernet0/0/3] port vlan-stacking vlan 200 stack-vlan 10
[PE2-GigabitEthernet0/0/3] l2protocol-tunnel stp vlan 10
[PE2-GigabitEthernet0/0/3] quit
[PE2] interface GigabitEthernet 0/0/1
[PE2-GigabitEthernet0/0/1] port link-type trunk
[PE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[PE2-GigabitEthernet0/0/1] quit

Step 4 Configure PEs to replace the destination MAC address of STP BPDUs received from
CEs.
# Configure PE1.
[PE1] l2protocol-tunnel stp group-mac 0100-0100-0100

# Configure PE2.
[PE2] l2protocol-tunnel stp group-mac 0100-0100-0100

Step 5 Configure CE2 and CE4 to the priority of a switching device is 4096.
# Configure CE2.
[CE2] stp priority 4096

# Configure CE4.
[CE4] stp priority 4096

Step 6 Verify the configuration.

# After the configuration is complete, run the display l2protocol-tunnel group-
mac command on PEs. You can view the protocol type or name, multicast
destination MAC address, group MAC address, and priority of Layer 2 protocol
packets to be transparently transmitted.
The display on PE1 is used as an example.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1237

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

[PE1] display l2protocol-tunnel group-mac stp

Protocol EncapeType ProtocolType Protocol-MAC Group-MAC Pri
-----------------------------------------------------------------------------
stp llc dsap 0x42 0180-c200-0000 0100-0100-0100 0
ssap 0x42

# After 30s, run the display stp command on CE1 and CE2 to view the root in the
MSTP region. You can see that a spanning tree is calculated between CE1 and CE2.
GE0/0/1 on CE1 is the root port and GE0/0/1 on CE2 is the designated port.
[CE1] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ROOT FORWARDING NONE
[CE2] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING NONE

# After 30s, run the display stp command on CE3 and CE4 to view the root in the
MSTP region. You can see that a spanning tree is calculated between CE3 and CE4.
GE0/0/1 on CE3 is the root port and GE0/0/1 on CE4 is the designated port.
[CE3] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ROOT FORWARDING NONE
[CE4] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING NONE

----End

Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 100
stp bpdu vlan 100
#
return

● CE2 configuration file

#
sysname CE2
#
vlan batch 100
#
stp instance 0 priority 4096
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 100
stp bpdu vlan 100
#
return

● CE3 configuration file

#
sysname CE3
#
vlan batch 200
#
interface GigabitEthernet0/0/1

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1238

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

port link-type hybrid

port hybrid tagged vlan 200
stp bpdu vlan 200
#
return
● CE4 configuration file
#
sysname CE4
#
vlan batch 200
#
stp instance 0 priority 4096
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid tagged vlan 200
stp bpdu vlan 200
#
return
● PE1 configuration file
#
sysname PE1
#
vlan batch 10
#
l2protocol-tunnel stp group-mac 0100-0100-0100
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type hybrid
qinq vlan-translation enable
port hybrid untagged vlan 10
port vlan-stacking vlan 100 stack-vlan 10
l2protocol-tunnel stp vlan 10
#
interface GigabitEthernet0/0/3
port link-type hybrid
qinq vlan-translation enable
port hybrid untagged vlan 10
port vlan-stacking vlan 200 stack-vlan 10
l2protocol-tunnel stp vlan 10
#
return
● PE2 configuration file
#
sysname PE2
#
vlan batch 10
#
l2protocol-tunnel stp group-mac 0100-0100-0100
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type hybrid
qinq vlan-translation enable
port hybrid untagged vlan 10
port vlan-stacking vlan 100 stack-vlan 10
l2protocol-tunnel stp vlan 10
#
interface GigabitEthernet0/0/3
port link-type hybrid

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1239

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

qinq vlan-translation enable

port hybrid untagged vlan 10
port vlan-stacking vlan 200 stack-vlan 10
l2protocol-tunnel stp vlan 10
#
return

21.10.4 Example for Configuring VPLS-based Layer 2 Protocol

Transparent Transmission

Networking Requirements
In Figure 21-10, CEs are located on two networks of an enterprise, and PE1 and
PE2 are edge devices of the carrier network. The two networks of the enterprise
are Layer 2 networks, and VPLS is used on the carrier network to construct an
L2VPN to implement Layer 2 interconnection. STP is used to prevent loops on the
Layer 2 network, and STP is required to run on enterprise networks to generate
correct spanning trees.

Figure 21-10 Networking of VPLS-based Layer 2 protocol transparent transmission

Loopback1 Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32 3.3.3.3/32

GE0/0/1 GE0/0/2
PE1 PE2
GE0/0/2 GE0/0/1
GE0/0/1 P GE0/0/2

GE0/0/1 GE0/0/1
CE1
CE2
User A User A
network1 network2

Switch Interface VLANIF Interface IP Address

PE1 GigabitEthernet0/0 GigabitEthernet0/0 -

/1 /1.1

- GigabitEthernet0/0 VLANIF 20 4.4.4.4/24

/2

- Loopback1 - 1.1.1.1/32

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1240

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

Switch Interface VLANIF Interface IP Address

PE2 GigabitEthernet0/0 VLANIF 30 5.5.5.5/24

/1

- GigabitEthernet0/0 GigabitEthernet0/0 -
/2 /2.1

- Loopback1 - 3.3.3.3/32

P GigabitEthernet0/0 VLANIF 20 4.4.4.5/24

/1

- GigabitEthernet0/0 VLANIF 30 5.5.5.4/24

/2

- Loopback1 - 2.2.2.2/32

CE1 GigabitEthernet0/0 VLANIF 10 10.1.1.1/24

/1

CE2 GigabitEthernet0/0 VLANIF 10 10.1.1.2/24

/1

Configuration Roadmap
The configuration roadmap is as follows:
1. Use VPLS to build an L2VPN between PE1 and PE2.
2. Configure STP on CEs to prevent loops on the Layer 2 network.
3. Create termination sub-interfaces on interfaces of CEs connected to PEs and
bind sub-interfaces to VSIs so that CEs can be connected to the L2VPN.
4. Configure VPLS-based Layer 2 protocol transparent transmission on PEs so
that STP BPDUs are not sent to the CPU of PEs for processing.

NOTE

VLAN termination sub-interfaces cannot be created on a VCMP client.

Procedure
Step 1 Configure a VPLS-based L2VPN between PEs.
1. Configure VLANs that interfaces belong to and IP addresses for VLANIF
interfaces according to Figure 21-10.
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 10

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1241

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

[CE1] interface gigabitethernet 0/0/1

[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 24
[CE1-Vlanif10] quit

# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 10
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port link-type trunk
[CE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE2-GigabitEthernet0/0/1] quit
[CE2] interface vlanif 10
[CE2-Vlanif10] ip address 10.1.1.2 24
[CE2-Vlanif10] quit

# Configure PE1. The configurations of PE2 and P device are similar to the
configuration of PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan batch 20
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] port link-type hybrid
[PE1-GigabitEthernet0/0/2] port hybrid pvid vlan 20
[PE1-GigabitEthernet0/0/2] port hybrid tagged vlan 20
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip address 4.4.4.4 24
[PE1-Vlanif20] quit

2. Configure a routing protocol.

When configuring OSPF, advertise the 32-bit loopback interface addresses
(LSR IDs) of PE1, P device, and PE2.
# Configure PE1.
[PE1] router id 1.1.1.1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit

# Configure the P device.

[P] router id 2.2.2.2
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.2 32
[P-LoopBack1] quit
[P] ospf 1
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 4.4.4.5 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 5.5.5.4 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit

# Configure PE2.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1242

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

[PE2] router id 3.3.3.3

[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.3 32
[PE2-LoopBack1] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
3. Configure basic MPLS functions and LDP.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit

# Configure the P device.

[P] mpls lsr-id 2.2.2.2
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls ldp
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls
[PE2-Vlanif30] mpls ldp
[PE2-Vlanif30] quit

After the configuration is complete, run the display mpls ldp session
command on PE1, P, and PE2. You can see that the peer relationship is set up
between PE1 and P, and between P and PE2. The status of the peer
relationship is Operational. Run the display mpls lsp command to check the
LSP status. The display on PE1 is used as an example.
[PE1] display mpls ldp session

LDP Session(s) in Public Network

Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:15:29 3717/3717
------------------------------------------------------------------------------
TOTAL: 1 session(s) Found.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1243

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

4. Create a remote LDP session between PE1 and PE2.

# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] quit

# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] quit

After the configuration is complete, run the display mpls ldp session
command on PE1 or PE2. The command output shows that Status of the peer
relationship between PE1 and PE2 is Operational, indicating that the peer
relationship has been established. The display on PE1 is used as an example.
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:15:29 3717/3717
3.3.3.3:0 Operational DU Passive 0000:00:00 2/2
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
5. Enable MPLS L2VPN on the PEs.
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit

# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
6. Configure a VSI on the PEs.
# Configure PE1.
[PE1] vsi a2 static
[PE1-vsi-a2] pwsignal ldp
[PE1-vsi-a2-ldp] vsi-id 2
[PE1-vsi-a2-ldp] peer 3.3.3.3
[PE1-vsi-a2-ldp] quit
[PE1-vsi-a2] quit

# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2] pwsignal ldp
[PE2-vsi-a2-ldp] vsi-id 2
[PE2-vsi-a2-ldp] peer 1.1.1.1
[PE2-vsi-a2-ldp] quit
[PE2-vsi-a2] quit

Step 2 Enable spanning tree calculation on CEs.

# Configure CE1.
[CE1] stp enable

# Configure CE2.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1244

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

[CE2] stp enable

Step 3 Bind access-side sub-interfaces on PE1 and PE2 to VSIs and enable Layer 2
protocol transparent transmission.

# Configure PE1.
[PE1] vcmp role silent
[PE1] interface gigabitethernet0/0/1
[PE1-GigabitEthernet0/0/1] port link-type hybrid
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface gigabitethernet0/0/1.1
[PE1-GigabitEthernet0/0/1.1] dot1q termination vid 10
[PE1-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE1-GigabitEthernet0/0/1.1] l2protocol-tunnel stp enable
[PE1-GigabitEthernet0/0/1.1] quit

# Configure PE2.
[PE2] vcmp role silent
[PE2] interface gigabitethernet0/0/2
[PE2-GigabitEthernet0/0/2] port link-type hybrid
[PE2-GigabitEthernet0/0/2] quit
[PE2] interface gigabitethernet0/0/2.1
[PE2-GigabitEthernet0/0/2.1] dot1q termination vid 10
[PE2-GigabitEthernet0/0/2.1] l2 binding vsi a2
[PE2-GigabitEthernet0/0/2.1] l2protocol-tunnel stp enable
[PE2-GigabitEthernet0/0/2.1] quit

Step 4 Configure PEs to replace the destination MAC address of STP BPDUs received from
CEs.

# Configure PE1.
[PE1] l2protocol-tunnel stp group-mac 0100-0100-0100

# Configure PE2.
[PE2] l2protocol-tunnel stp group-mac 0100-0100-0100

Step 5 Set the priority of CE2 to 4096.

[CE2] stp priority 4096

Step 6 Verify the configuration.

# After the configuration, run the display l2protocol-tunnel group-mac

command. You can check the protocol type or name, original destination MAC
address, new destination MAC address, and priority of Layer 2 protocol packets to
be transparently transmitted.

The display on PE1 is used as an example.

[PE1] display l2protocol-tunnel group-mac stp
Protocol EncapeType ProtocolType Protocol-MAC Group-MAC Pri
-----------------------------------------------------------------------------
stp llc dsap 0x42 0180-c200-0000 0100-0100-0100 0
ssap 0x42

# Wait for 30s and run the display stp command on CE1 and CE2 to check the
root in the MST region. A spanning tree is calculated between CE1 and CE2.
GE0/0/1 on CE1 is the root port, and GE0/0/1 on CE2 is the designated port.
[CE1] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ROOT FORWARDING NONE

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1245

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

[CE2] display stp brief

MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING NONE

----End

Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return

● CE2 configuration file

#
sysname CE2
#
vlan batch 10
#
stp instance 0 priority 4096
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return

● PE1 configuration file

#
sysname PE1
#
router id 1.1.1.1
#
vcmp role silent
#
vlan batch 20
#
l2protocol-tunnel stp group-mac 0100-0100-0100
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.3
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
#
interface Vlanif20

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1246

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

ip address 4.4.4.4 255.255.255.0

mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 10
l2 binding vsi a2
l2protocol-tunnel stp enable
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 4.4.4.0 0.0.0.255
#
return
● P configuration file
#
sysname P
#
router id 2.2.2.2
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Vlanif20
ip address 4.4.4.5 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 5.5.5.4 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 4.4.4.0 0.0.0.255
network 5.5.5.0 0.0.0.255
#
return

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1247

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

● PE2 configuration file

#
sysname PE2
#
router id 3.3.3.3
#
vcmp role silent
#
vlan batch 30
#
l2protocol-tunnel stp group-mac 0100-0100-0100
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.1
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
#
interface Vlanif30
ip address 5.5.5.5 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet0/0/2
port link-type hybrid
#
interface GigabitEthernet0/0/2.1
dot1q termination vid 10
l2 binding vsi a2
l2protocol-tunnel stp enable
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 5.5.5.0 0.0.0.255
#
return

21.11 FAQ About Layer 2 Protocol Transparent

Transmission
21.11.1 How Can I Configure BPDU Tunnel to Transparently
Transmit BPDUs?
● To transparently transmit untagged BPDUs, run the port default vlan
command on the inbound and outbound interfaces of the BPDUs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1248

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 21 Layer 2 Protocol Transparent Transmission
Configuration Guide - Ethernet Switching Configuration

● To transparently transmit tagged BPDUs, run the port default vlan command
on the outbound interface of the BPDUs.

21.11.2 Can the Interfaces Not Enabled with the BPDU

Function Send BPDUs?
The BPDU function affects only BPDU receiving. Therefore, the interfaces not
enabled with the BPDU function can still send BPDUs.
If the BPDU function is not enabled, functions such as LACP, LLDP, STP, and HGMP
that communicate through BPDUs are affected.

NOTE

The S2700 enables the BPDU function globally rather than on interfaces.
The S3700, S5700, and S6700 need to enable the BPDU function on only interfaces.

21.11.3 How to View and Change MAC Addresses of BPDUs?

Run the display bpdu mac-address command to query the current BPDU MAC
addresses. By default, all multicast MAC addresses in the segment from 0180-
c200-0010 to 0180-c200-002f are BPDU MAC addresses, and 0100-0ccc-cccd is
also a BPDU MAC address.
Run the bpdu mac-address mac-address command to specify an MAC address to
be a BPDU MAC address.
Example: bpdu mac-address 0100-0ccc-cccc

21.11.4 How Does a Switch Process BPDUs?

● On the S5710EI, S5710HI, S5720HI, S5720EI, S6720EI, and S6720S-EI, an
interface directly discards BPDUs by default. If BPDUs of a protocol need to be
sent to the CPU for processing, enable functions of the protocol. For example,
if STP BPDUs need to be sent to the CPU for processing, enable STP globally
and on the interface.
● On other models, BPDUs are sent to the CPU for processing by default. If
BPDUs do not need to be sent to the CPU for processing, run the bpdu
disable command to configure an interface to directly discard BPDUs.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 1249