Overview
LAN Layer 2 technologies include the Address Resolution Protocol (ARP), Media Access Control (MAC), Ethernet link aggregation, and Generic Attribute Registration Protocol (GARP) VLAN Registration Protocol (GVRP).
ARP maps IP addresses to MAC addresses. Proxy ARP solves network connectivity problems. Gratuitous ARP enables a host to send an ARP Request packet using its own IP address as the destination address.
A MAC address defines the position of a network device. A MAC address consists of 48 bits and is displayed as a 12-digit hexadecimal number. Bits 0 to 23 are assigned by IETF and other institutions to identify vendors, and bits 24 to 47 are the unique ID assigned by vendors to identify their network adapters.
Ethernet link aggregation bundles multiple physical links to form a logical link to increase link bandwidth, improve reliability, and implement load balancing.
Through GARP, GVRP is used to dynamically maintain VLAN attributes on devices.
GVRP propagates VLAN attributes of one device throughout the entire switching network.
GVRP enables network devices to dynamically deliver, register, and propagate VLAN attributes, thereby reducing workload of the network administrator and ensuring correct configuration.
Objectives
Upon completion of this exercise guide, you will be able to:
Configure ARP broadcast.
Configure the MAC address table.
Configure link aggregation.
Configure GVRP.
Tasks
The following topology shows the network of company A. Deploy the network according to the following requirements:
(1) Create VLAN 12 and VLAN 21 on SW1 and SW2, and create VLAN 34 on SW3 and SW4.
(2) On SW2, add E0/0/11 to VLAN 12 and E0/0/12 to VLAN 21; add E0/0/13 on SW3 to VLAN
34; add E0/0/14 on SW4 to VLAN 34.
(3) Configure static LACP between SW1 and SW2, configure SW1 as the Actor and the link connected to E0/0/2 as the backup link, and set the timeout interval to 3 seconds.
(4) Configure interconnected interfaces of switches as trunk interfaces and configure them to allow all VLANs.
(5) Enable GVRP on each switch, SW3 never learn the VLAN information carried by GVRP, and implement communication between PC3 and PC4.
(6) Implement communication between PC1 and PC2 through R1.
(7) Set the maximum number of MAC addresses learned by E0/0/13 on SW3 to 2, and configure an interface in error-down state and enable the device to generate alarms when the number of learned MAC addresses reaches the limit. There is no need to consider MAC address loss after device restart.
Topology
IP Address Table
Device Interface IP Address Subnet Mask Default
Gateway
R1 G0/0/1.1 12.1.1.254 255.255.255.0 N/A
G0/0/1.2 21.1.1.254 255.255.255.0 N/A
PC1 / 12.1.1.1 255.255.255.0 12.1.1.254
PC2 / 21.1.1.1 255.255.255.0 21.1.1.254
PC3 / 34.1.1.3 255.255.255.0 N/A
PC4 / 34.1.1.4 255.255.255.0 N/A
Configuration and Verification
1. Create VLAN 12 and VLAN 21 on SW1 and SW2, and create VLAN 34 on
SW3 and SW4.
After this operation is performed, run the display vlan summary command to check the summary of VLANs. The display on SW2 is used as an example.
[SW2]display vlan summary
static vlan:
Total 3 static vlan.
1 12 21
dynamic vlan:
Total 0 dynamic vlan.
reserved vlan:
Total 0 reserved vlan.
2. On SW2, add E0/0/11 to VLAN 12 and E0/0/12 to VLAN 21; add E0/0/13 on SW3 to VLAN 34; add E0/0/14 on SW4 to VLAN 34.
After this operation is performed, run the display vlan command to check information about interfaces and VLANs. The display on SW2 is used as an example. (The following table lists only key information, and as such some information is omitted.)
[SW2]display vlan
The total number of vlans is : 3
---
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
---
VID Type Ports
---
1 common UT:Eth0/0/1(U) Eth0/0/2(U) Eth0/0/3(U) Eth0/0/4(U)
Eth0/0/5(D) Eth0/0/6(D) Eth0/0/7(D) Eth0/0/8(D)
Eth0/0/9(D) Eth0/0/10(D) Eth0/0/13(D) Eth0/0/14(D)
Eth0/0/15(D) Eth0/0/16(D) Eth0/0/17(D) Eth0/0/18(D)
Eth0/0/19(D) Eth0/0/20(D) Eth0/0/21(D) Eth0/0/22(D)
GE0/0/1(D) GE0/0/2(D)
12 common UT:Eth0/0/11(U)
21 common UT:Eth0/0/12(U)
3. Configure static LACP between SW1 and SW2, configure SW1 as the Actor and the link connected to E0/0/2 as the backup link, and set the timeout interval to 3 seconds.
After this operation is performed, run the display eth-trunk command to check link aggregation information. The display on SW1 is used as an example.
[SW1]display eth-trunk 12
Eth-Trunk12's state information is:
Local:
LAG ID: 12 WorkingMode: STATIC
Preempt Delay: Disabled Hash arithmetic: According to SIP-XOR-DIP
System Priority: 0 System ID: 4c1f-cc3f-01c3
Least Active-linknumber: 1 Max Active-linknumber: 1
Operate status: up Number Of Up Port In Trunk: 1
---
ActorPortName Status PortType PortPri PortNo PortKey PortState Weight
Ethernet0/0/1 Selected 1000TG 32768 2 3217 11111100 1
Ethernet0/0/2 Unselect 1000TG 65535 3 3217 11100000 1
Partner:
---
ActorPortName SysPri SystemID PortPri PortNo PortKey PortState
Ethernet0/0/1 32768 4c1f-cc3b-8582 32768 2 3217 11111100
Ethernet0/0/2 32768 4c1f-cc3b-8582 32768 3 3217 11110000
When configuring link aggregation, notice that the LACP timeout interval can use fast and slow modes.
Run the display interface eth-trunk and display trunkfwdtbl eth-trunk commands to verify the result:
4. Configure interconnected interfaces of switches as trunk interfaces and configure them to allow all VLANs.
After this operation is performed, run the display vlan command to check VLAN information of SW2.
[SW2]display vlan
The total number of vlans is : 3
---
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
---
VID Type Ports
---
1 common UT:Eth0/0/3(U) Eth0/0/4(U) Eth0/0/5(D) Eth0/0/6(D)
Eth0/0/7(D) Eth0/0/8(D) Eth0/0/9(D) Eth0/0/10(D)
Eth0/0/13(D) Eth0/0/14(D) Eth0/0/15(D) Eth0/0/16(D)
Eth0/0/17(D) Eth0/0/18(D) Eth0/0/19(D) Eth0/0/20(D)
Eth0/0/21(D) Eth0/0/22(D) GE0/0/1(D) GE0/0/2(D)
Eth-Trunk12(U)
12 common UT:Eth0/0/11(U)
TG:Eth0/0/3(U) Eth0/0/4(U) Eth-Trunk12(U)
21 common UT:Eth0/0/12(U)
TG:Eth0/0/3(U) Eth0/0/4(U) Eth-Trunk12(U)
5. Enable GVRP on each switch, SW3 never learn the vlan information carried by GVRP, and implement communication between PC3 and PC4.
After this operation is performed, run the display gvrp statistics command to check GVRP statistics about SW3.
[SW3]display gvrp statistics
GVRP statistics on port Ethernet0/0/3
GVRP status : Enabled
GVRP registrations failed : 46
GVRP last PDU origin : 4c1f-cc3b-8582
GVRP registration type : Fixed
[PC4]ping 34.1.1.3
PING 34.1.1.3: 32 data bytes, press CTRL_C to break
Reply from 34.1.1.3: bytes=32 Sequence=1 ttl=128 time=79 ms
Reply from 34.1.1.3: bytes=32 Sequence=2 ttl=128 time=62 ms
Reply from 34.1.1.3: bytes=32 Sequence=3 ttl=128 time=63 ms
Reply from 34.1.1.3: bytes=32 Sequence=4 ttl=128 time=62 ms
Reply from 34.1.1.3: bytes=32 Sequence=5 ttl=128 time=31 ms
--- 34.1.1.3 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/59/79 ms
Notice that GVRP provides three registration modes. GVRP provides different functions in different modes. Configure a registration mode according to the requirements.
Run the following command to verify the result:
display gvrp status
6. Implement communication between PC1 and PC2 through R1.
After this operation is performed, perform the ping operation on PC1.
[PC1]ping 21.1.1.1
PING 21.1.1.1: 32 data bytes, press CTRL_C to break
Reply from 21.1.1.1: bytes=32 Sequence=1 ttl=127 time=109 ms
Reply from 21.1.1.1: bytes=32 Sequence=2 ttl=127 time=94 ms
Reply from 21.1.1.1: bytes=32 Sequence=3 ttl=127 time=109 ms
Reply from 21.1.1.1: bytes=32 Sequence=4 ttl=127 time=94 ms
Reply from 21.1.1.1: bytes=32 Sequence=5 ttl=127 time=78 ms
--- 21.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 79/96/109 ms
You can use the router-on-a-stick and VLANIF interface to implement communication
between VLANs. Select a technique according to the requirements.
7. Set the maximum number of MAC addresses learned by E0/0/13 on SW3 to 2, and configure an interface in error-down state and enable the device to generate alarms when the number of learned MAC addresses reaches the limit. There is no need to consider MAC address loss after device restart.
After this operation is performed, perform the ping operation on PC3.
[SW3]display mac-address security vlan 34
MAC address table of slot 0:
---
MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID
VSI/SI MAC-Tunnel
---
5489-98cf-3447 34 - - Eth0/0/13 security -
---
Total matching items on slot 0 displayed = 1
The port security function changes MAC addresses learned on an interface into secure dynamic MAC addresses and sticky MAC addresses. There are differences between secure dynamic MAC addresses and sticky MAC addresses in terms of aging and MAC address loss after device restart.
Questions
How are packets forwarded when the router-on-a-stick method is used?
Configuration List
<R1>display current-configuration
#
sysname R1
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 12
ip address 12.1.1.254 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1.2
dot1q termination vid 21
ip address 21.1.1.254 255.255.255.0
arp broadcast enable
#
return
<SW1>display current-configuration
#
sysname SW1
#
vlan batch 12 21
#
gvrp
#
lacp priority 0
#
interface Eth-Trunk12
port link-type trunk
port trunk allow-pass vlan 2 to 4094
mode lacp-static
lacp timeout fast
max active-linknumber 1
gvrp
#
interface Ethernet0/0/1
eth-trunk 12
#
interface Ethernet0/0/2
eth-trunk 12
lacp priority 65535
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
return
<SW2>display current-configuration
#
sysname SW2
#
vlan batch 12 21
#
gvrp
#
interface Eth-Trunk12
port link-type trunk
port trunk allow-pass vlan 2 to 4094
mode lacp-static
lacp timeout fast
gvrp
#
interface Ethernet0/0/1
eth-trunk 12
#
interface Ethernet0/0/2
eth-trunk 12
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
#
interface Ethernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
#
interface Ethernet0/0/11
port link-type access
port default vlan 12
#
interface Ethernet0/0/12
port link-type access
port default vlan 21
#
return
<SW3>display current-configuration
#
sysname SW3
#
vlan batch 34
#
gvrp
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
gvrp registration fixed
#
interface Ethernet0/0/13
port link-type access
port default vlan 34
port-security enable
port-security protect-action shutdown
port-security max-mac-num 2
#
return
<SW4>display current-configuration
#
sysname SW4
#
vlan batch 34
#
gvrp
#
interface Ethernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
#