No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

S7700 and S9700 V200R012C00

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, VLAN aggregation, MUX VLAN, VLAN termination, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, HVRP, and Layer 2 protocol transparent transmission.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring MAC Address Limiting in a VSI

Example for Configuring MAC Address Limiting in a VSI

Networking Requirements

In Figure 2-17, the enterprise establishes a backbone network. MAC address limiting needs to be configured in virtual switch interfaces (VSIs) of the provider edge (PE) devices to control communication between the customer edge (CE) devices, ensuring the backbone network security.

Figure 2-17  Configuring MAC address limiting in a VSI

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure a routing protocol on the backbone network to implement the interworking.

  2. Set up remote LDP sessions between PEs.

  3. Set up a tunnel between PEs to transmit user data.

  4. Enable MPLS L2VPN on PEs.

  5. Configure a VSI and specify LDP as the signaling protocol on PEs.

  6. Configure MAC address limiting in the VSI on PEs to control communication between CEs.

Procedure

  1. Create VLANs on the CE, PE, and P devices, add interfaces to respective VLANs, and assign IP addresses to VLANIF interfaces.

    # Configure CE1.

    <HUAWEI> system-view
    [HUAWEI] sysname CE1
    [CE1] vlan 10
    [CE1-vlan10] quit
    [CE1] interface vlanif 10
    [CE1-Vlanif10] ip address 10.1.1.1 255.255.255.0
    [CE1-Vlanif10] quit
    [CE1] interface gigabitethernet 1/0/0
    [CE1-GigabitEthernet1/0/0] port link-type trunk
    [CE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10
    [CE1-GigabitEthernet1/0/0] quit

    # Configure CE2.

    <HUAWEI> system-view
    [HUAWEI] sysname CE2
    [CE2] vlan 40
    [CE2-vlan40] quit
    [CE2] interface vlanif 40
    [CE2-Vlanif40] ip address 10.1.1.2 255.255.255.0
    [CE2-Vlanif40] quit
    [CE2] interface gigabitethernet 1/0/0
    [CE2-GigabitEthernet1/0/0] port link-type trunk
    [CE2-GigabitEthernet1/0/0] port trunk allow-pass vlan 40
    [CE2-GigabitEthernet1/0/0] quit

    # Configure PE1.

    <HUAWEI> system-view
    [HUAWEI] sysname PE1
    [PE1] vlan batch 10 20
    [PE1] interface vlanif 20
    [PE1-Vlanif20] ip address 4.4.4.4 255.255.255.0
    [PE1-Vlanif20] quit
    [PE1] interface gigabitethernet 1/0/0
    [PE1-GigabitEthernet1/0/0] port link-type trunk
    [PE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10
    [PE1-GigabitEthernet1/0/0] quit
    [PE1] interface gigabitethernet 2/0/0
    [PE1-GigabitEthernet2/0/0] port link-type trunk
    [PE1-GigabitEthernet2/0/0] port trunk allow-pass vlan 20
    [PE1-GigabitEthernet2/0/0] quit

    # Configure the P device.

    <HUAWEI> system-view
    [HUAWEI] sysname P
    [P] vlan batch 20 30
    [P] interface vlanif 20
    [P-Vlanif20] ip address 4.4.4.2 255.255.255.0
    [P-Vlanif20] quit
    [P] interface vlanif 30
    [P-Vlanif30] ip address 5.5.5.5 255.255.255.0
    [P-Vlanif30] quit
    [P] interface gigabitethernet 1/0/0
    [P-GigabitEthernet1/0/0] port link-type trunk
    [P-GigabitEthernet1/0/0] port trunk allow-pass vlan 20
    [P-GigabitEthernet1/0/0] quit
    [P] interface gigabitethernet 2/0/0
    [P-GigabitEthernet2/0/0] port link-type trunk
    [P-GigabitEthernet2/0/0] port trunk allow-pass vlan 30
    [P-GigabitEthernet2/0/0] quit

    # Configure PE2.

    <HUAWEI> system-view
    [HUAWEI] sysname PE2
    [PE2] vlan batch 30 40
    [PE2] interface vlanif 30
    [PE2-Vlanif30] ip address 5.5.5.2 255.255.255.0
    [PE2-Vlanif30] quit
    [PE2] interface gigabitethernet 1/0/0
    [PE2-GigabitEthernet1/0/0] port link-type trunk
    [PE2-GigabitEthernet1/0/0] port trunk allow-pass vlan 30
    [PE2-GigabitEthernet1/0/0] quit
    [PE2] interface gigabitethernet 2/0/0
    [PE2-GigabitEthernet2/0/0] port link-type trunk
    [PE2-GigabitEthernet2/0/0] port trunk allow-pass vlan 40
    [PE2-GigabitEthernet2/0/0] quit

  2. Configure an IGP. OSPF is used in this example.

    Configure OSPF to advertise the 32-bit loopback interface addresses (LSR IDs) of PE1, P, and PE2.

    # Configure PE1.

    [PE1] router id 1.1.1.1
    [PE1] interface loopback 1
    [PE1-LoopBack1] ip address 1.1.1.1 32
    [PE1-LoopBack1] quit
    [PE1] ospf 1
    [PE1-ospf-1] area 0
    [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
    [PE1-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.255
    [PE1-ospf-1-area-0.0.0.0] quit
    [PE1-ospf-1] quit

    # Configure the P device.

    [P] router id 2.2.2.2
    [P] interface loopback 1
    [P-LoopBack1] ip address 2.2.2.2 32
    [P-LoopBack1] quit
    [P] ospf 1
    [P-ospf-1] area 0
    [P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
    [P-ospf-1-area-0.0.0.0] network 4.4.4.2 0.0.0.255
    [P-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.255
    [P-ospf-1-area-0.0.0.0] quit
    [P-ospf-1] quit

    # Configure PE2.

    [PE2] router id 3.3.3.3
    [PE2] interface loopback 1
    [PE2-LoopBack1] ip address 3.3.3.3 32
    [PE2-LoopBack1] quit
    [PE2] ospf 1
    [PE2-ospf-1] area 0
    [PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
    [PE2-ospf-1-area-0.0.0.0] network 5.5.5.2 0.0.0.255
    [PE2-ospf-1-area-0.0.0.0] quit
    [PE2-ospf-1] quit

    After the configuration is complete, run the display ip routing-table command on PE1, P, and PE2. The command output shows that PE1, P, and PE2 have learned routes from each other. The display on PE1 is used as an example.

    [PE1] display ip routing-table                                                   
    Route Flags: R - relay, D - download to fib                                     
    ------------------------------------------------------------------------------  
    Routing Tables: Public                                                          
             Destinations : 8       Routes : 8                                      
                                                                                    
    Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface      
                                                                                    
            1.1.1.1/32  Direct  0    0           D   127.0.0.1       LoopBack1      
            2.2.2.2/32  OSPF    10   1           D   4.4.4.2         Vlanif20       
            3.3.3.3/32  OSPF    10   2           D   4.4.4.2         Vlanif20       
            4.4.4.0/24  Direct  0    0           D   4.4.4.4         Vlanif20       
            4.4.4.4/32  Direct  0    0           D   127.0.0.1       Vlanif20       
            5.5.5.0/24  OSPF    10   2           D   4.4.4.2         Vlanif20       
          127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0    
          127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0    
     

  3. Configure basic MPLS functions and LDP.

    # Configure PE1.

    [PE1] mpls lsr-id 1.1.1.1
    [PE1] mpls
    [PE1-mpls] quit
    [PE1] mpls ldp
    [PE1-mpls-ldp] quit
    [PE1] interface vlanif 20
    [PE1-Vlanif20] mpls
    [PE1-Vlanif20] mpls ldp
    [PE1-Vlanif20] quit

    # Configure the P device.

    [P] mpls lsr-id 2.2.2.2
    [P] mpls
    [P-mpls] quit
    [P] mpls ldp
    [P-mpls-ldp] quit
    [P] interface vlanif 20
    [P-Vlanif20] mpls
    [P-Vlanif20] mpls ldp
    [P-Vlanif20] quit
    [P] interface vlanif 30
    [P-Vlanif30] mpls
    [P-Vlanif30] mpls ldp
    [P-Vlanif30] quit

    # Configure PE2.

    [PE2] mpls lsr-id 3.3.3.3
    [PE2] mpls
    [PE2-mpls] quit
    [PE2] mpls ldp
    [PE2-mpls-ldp] quit
    [PE2] interface vlanif 30
    [PE2-Vlanif30] mpls
    [PE2-Vlanif30] mpls ldp
    [PE2-Vlanif30] quit

    After the configuration is complete, run the display mpls ldp session command on PE1, P, and PE2. You can view that a peer relationship is set up between PE1 and the P device, and between the P device and PE2. The peer relationship is in Operational state. Run the display mpls lsp command to check the LSP status. The display on PE1 is used as an example.

    [PE1] display mpls ldp session
    
     LDP Session(s) in Public Network
     Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
     A '*' before a session means the session is being deleted.
     ------------------------------------------------------------------------------
     PeerID            Status      LAM  SsnRole  SsnAge      KASent/Rcv
     ------------------------------------------------------------------------------
     2.2.2.2:0          Operational DU Passive  000:15:29   3717/3717
     ------------------------------------------------------------------------------
     TOTAL: 1 session(s) Found.
    

  4. Create a remote LDP session between the PE devices.

    # Configure PE1.

    [PE1] mpls ldp remote-peer 3.3.3.3
    [PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
    [PE1-mpls-ldp-remote-3.3.3.3] quit

    # Configure PE2.

    [PE2] mpls ldp remote-peer 1.1.1.1
    [PE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
    [PE2-mpls-ldp-remote-1.1.1.1] quit

    After the configuration is complete, run the display mpls ldp session command on PE1 or PE2. You can view that the peer relationship between PE1 and PE2 is in Operational state. That is, the peer relationship is set up.

  5. Enable MPLS L2VPN on each PE device.

    # Configure PE1.

    [PE1] mpls l2vpn
    [PE1-l2vpn] quit

    # Configure PE2.

    [PE2] mpls l2vpn
    [PE2-l2vpn] quit

  6. Configure a VSI on the PE devices.

    # Configure PE1.

    [PE1] vsi a2 static
    [PE1-vsi-a2] pwsignal ldp
    [PE1-vsi-a2-ldp] vsi-id 2
    [PE1-vsi-a2-ldp] peer 3.3.3.3
    [PE1-vsi-a2-ldp] quit
    [PE1-vsi-a2] quit

    # Configure PE2.

    [PE2] vsi a2 static
    [PE2-vsi-a2] pwsignal ldp
    [PE2-vsi-a2-ldp] vsi-id 2
    [PE2-vsi-a2-ldp] peer 1.1.1.1
    [PE2-vsi-a2-ldp] quit
    [PE2-vsi-a2] quit

  7. Bind the VSI to the VLANIF interfaces of the PE devices.

    # Configure PE1.

    [PE1] interface vlanif 10
    [PE1-Vlanif10] l2 binding vsi a2
    [PE1-Vlanif10] quit

    # Configure PE2.

    [PE2] interface vlanif 40
    [PE2-Vlanif40] l2 binding vsi a2
    [PE2-Vlanif40] quit

  8. Verify the configuration.

    After the configuration is complete, run the display vsi name a2 verbose command on PE1. You can view that VSI a2 sets up a PW to PE2, and the VSI status is Up.

    [PE1] display vsi name a2 verbose
    
     ***VSI Name               : a2
        Administrator VSI      : no
        Isolate Spoken         : disable
        VSI Index              : 0
        PW Signaling           : ldp
        Member Discovery Style : static
        PW MAC Learn Style     : unqualify
        Encapsulation Type     : vlan
        MTU                    : 1500
        Diffserv Mode          : uniform
        Mpls Exp               : --
        DomainId               : 255
        Domain Name            :
        Ignore AcState         : disable
        P2P VSI                : disable
        Create Time            : 0 days, 0 hours, 5 minutes, 1 seconds
        VSI State              : up
    
        VSI ID                 : 2
       *Peer Router ID         : 3.3.3.3
        Negotiation-vc-id      : 2
        primary or secondary   : primary
        ignore-standby-state   : no
        VC Label               : 4098
        Peer Type              : dynamic
        Session                : up
        Tunnel ID              : 0x1
        Broadcast Tunnel ID    : 0x1
        Broad BackupTunnel ID  : 0x0
        CKey                   : 2
        NKey                   : 1
        Stp Enable             : 0
        PwIndex                : 0
        Control Word           : disable
    
        Interface Name         : Vlanif10
        State                  : up
        Access Port            : false
        Last Up Time           : 2010/12/30 11:31:18
        Total Up Time          : 0 days, 0 hours, 1 minutes, 35 seconds
    
        **PW Information:
    
       *Peer Ip Address        : 3.3.3.3
        PW State               : up
        Local VC Label         : 4098
        Remote VC Label        : 4098
        Remote Control Word    : disable
        PW Type                : label
        Local  VCCV            : alert lsp-ping bfd
        Remote VCCV            : alert lsp-ping bfd
        Tunnel ID              : 0x1
        Broadcast Tunnel ID    : 0x1
        Broad BackupTunnel ID  : 0x0
        Ckey                   : 0x2
        Nkey                   : 0x1
        Main PW Token          : 0x1
        Slave PW Token         : 0x0
        Tnl Type               : LSP
        OutInterface           : Vlanif20
        Backup OutInterface    :
        Stp Enable             : 0
        PW Last Up Time        : 2010/12/30 11:32:03
        PW Total Up Time       : 0 days, 0 hours, 1 minutes, 35 seconds

    CE1 (10.1.1.1) can ping CE2 (10.1.1.2) successfully.

    [CE1] ping 10.1.1.2
      PING 10.1.1.2: 56  data bytes, press CTRL_C to break
        Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 ms
        Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77 ms
        Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34 ms
        Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46 ms
        Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94 ms
    
      --- 10.1.1.2 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 34/68/94 ms 

  9. Configure MAC address limiting in the VSI on PE1.

    # Configure the following MAC address limiting rule in the VSI: A maximum of 300 MAC addresses can be learned. When the number of learned MAC addresses reaches the limit, the PE discards packets with new source MAC addresses and sends an alarm to the NMS.

    [PE1] vsi a2 static
    [PE1-vsi-a2] mac-limit maximum 300 action discard alarm enable
    [PE1-vsi-a2] return

  10. Verify the configuration.

    # Run the display mac-limit command in any view to check whether the MAC address limiting rule is successfully configured.

    <PE1> display mac-limit
    MAC limit is enabled
    Total MAC limit rule count : 1
    
    PORT                 VLAN/VSI      SLOT Maximum Rate(ms) Action  Alarm
    ----------------------------------------------------------------------------
    -                    a2            -    300     -        discard enable 
    

Configuration Files

  • CE1 configuration file

    #
    sysname CE1
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 10.1.1.1 255.255.255.0
    #
    interface GigabitEthernet1/0/0
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    return
  • CE2 configuration file

    #
    sysname CE2
    #
    vlan batch 40
    #
    interface Vlanif40
     ip address 10.1.1.2 255.255.255.0
    #
    interface GigabitEthernet1/0/0
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    return
  • PE1 configuration file

    #
    sysname PE1
    #
    router id 1.1.1.1
    #
    vlan batch 10 20
    #
    mpls lsr-id 1.1.1.1
    mpls
    #
    mpls l2vpn
    #
    vsi a2 static 
     mac-limit maximum 300
     pwsignal ldp 
      vsi-id 2    
      peer 3.3.3.3
    # 
    mpls ldp
    #
    mpls ldp remote-peer 3.3.3.3
     remote-ip 3.3.3.3
    #
    interface Vlanif10
     l2 binding vsi a2
    #
    interface Vlanif20
     ip address 4.4.4.4 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet1/0/0
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface GigabitEthernet2/0/0
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface LoopBack1
     ip address 1.1.1.1 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.1 0.0.0.0
      network 4.4.4.0 0.0.0.255
    #
    return
  • P configuration file

    #
    sysname P
    #
    router id 2.2.2.2
    #
    vlan batch 20 30
    #
    mpls lsr-id 2.2.2.2
    mpls
    #
    mpls ldp
    #
    interface Vlanif20
     ip address 4.4.4.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif30
     ip address 5.5.5.5 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet1/0/0
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface GigabitEthernet2/0/0
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface LoopBack1
     ip address 2.2.2.2 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.2 0.0.0.0
      network 4.4.4.0 0.0.0.255
      network 5.5.5.0 0.0.0.255
    #
    return
  • PE2 configuration file

    #
    sysname PE2
    #
    router id 3.3.3.3
    #
    vlan batch 30 40
    #
    mpls lsr-id 3.3.3.3
    mpls
    #
    mpls l2vpn
    #
    vsi a2 static
     pwsignal ldp
      vsi-id 2
      peer 1.1.1.1
    #
    mpls ldp
    #
    mpls ldp remote-peer 1.1.1.1
     remote-ip 1.1.1.1
    #
    interface Vlanif30
     ip address 5.5.5.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif40
     l2 binding vsi a2
    #
    interface GigabitEthernet1/0/0
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface GigabitEthernet2/0/0
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface LoopBack1
     ip address 3.3.3.3 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.3 0.0.0.0
      network 5.5.5.0 0.0.0.255
    #
    return
Translation
Download
Updated: 2019-01-18

Document ID: EDOC1100038843

Views: 109022

Downloads: 72

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next