nortel 8300

8/9/2019 nortel 8300

1/134

Nortel Ethernet Routing Switch 8300

Configuration VLANs,

Spanning Tree, and StaticLink Aggregation using DeviceManager

NN46200-510 (317348-E Rev 01).

loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/

8/9/2019 nortel 8300

2/134

Document status: Standard

Document version: 03.01

Document date: 27 August 2007

Copyright 2005-2007, Nortel Networks

All Rights Reserved.

The information in this document is subject to change without notice. The statements, configurations, technical

data, and recommendations in this document are believed to be accurate and reliable, but are presented without

express or implied warranty. Users must take full responsibility for their applications of any products specified in this

document. The information in this document is proprietary to Nortel Networks.

The software described in this document is furnished under a license agreement and may be used only in accordance

with the terms of that license. The software license agreement is included in this document.

Trademarks*Nortel, Nortel Networks, the Nortel logo, and the Globemark are trademarks of Nortel Networks.

All other products or services may be trademarks, registered trademarks, service marks, or registered service

marks of their respective owners.

The asterisk after a name denotes a trademarked item.

Restricted rights legendUse, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph

(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.

Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer

software, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth

in the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.

Statement of conditionsIn the interest of improving internal design, operational function, and/or reliability, Nortel Networks reserves the right

to make changes to the products described in this document without notice.

Nortel Networks does not assume any liability that may occur due to the use or application of the product(s) or

circuit layout(s) described herein.

Portions of the code in this software product may be Copyright 1988, Regents of the University of California. All

rights reserved. Redistribution and use in source and binary forms of such portions are permitted, provided that the

above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising

materials, and other materials related to such distribution and use acknowledge that such portions of the software

were developed by the University of California, Berkeley. The name of the University may not be used to endorse or

promote products derived from such portions of the software without specific prior written permission.

SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED

WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND

FITNESS FOR A PARTICULAR PURPOSE.

In addition, the program and information contained herein are licensed only pursuant to a license agreement that

contains restrictions on use and disclosure (that may incorporate by reference certain limitations and notices

imposed by third parties).

Nortel Networks software license agreementThis Software License Agreement ("License Agreement") is between you, the end-user ("Customer") and Nortel

Networks Corporation and its subsidiaries and affiliates ("Nortel Networks"). PLEASE READ THE FOLLOWING

CAREFULLY. YOU MUST ACCEPT THESE LICENSE TERMS IN ORDER TO DOWNLOAD AND/OR USE THE

SOFTWARE. USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OF THIS LICENSE AGREEMENT.

If you do not accept these terms and conditions, return the Software, unused and in the original shipping container,

within 30 days of purchase to obtain a credit for the full purchase price.


8/9/2019 nortel 8300

3/134

"Software" is owned or licensed by Nortel Networks, its parent or one of its subsidiaries or affiliates, and is

copyrighted and licensed, not sold. Software consists of machine-readable instructions, its components, data,

audio-visual content (such as images, text, recordings or pictures) and related licensed materials including all whole

or partial copies. Nortel Networks grants you a license to use the Software only in the country where you acquired the

Software. You obtain no rights other than those granted to you under this License Agreement. You are responsible for

the selection of the Software and for the installation of, use of, and results obtained from the Software.

1. Licensed Use of Software. Nortel Networks grants Customer a nonexclusive license to use a copy of the

Software on only one machine at any one time or to the extent of the activation or authorized usage level,

whichever is applicable. To the extent Software is furnished for use with designated hardware or Customer

furnished equipment ("CFE"), Customer is granted a nonexclusive license to use Software only on such

hardware or CFE, as applicable. Software contains trade secrets and Customer agrees to treat Software as

confidential information using the same care and discretion Customer uses with its own similar information that it

does not wish to disclose, publish or disseminate. Customer will ensure that anyone who uses the Software

does so only in compliance with the terms of this Agreement. Customer shall not a) use, copy, modify, transfer or

distribute the Software except as expressly authorized; b) reverse assemble, reverse compile, reverse engineer

or otherwise translate the Software; c) create derivative works or modifications unless expressly authorized; or d)

sublicense, rent or lease the Software. Licensors of intellectual property to Nortel Networks are beneficiaries of

this provision. Upon termination or breach of the license by Customer or in the event designated hardware or

CFE is no longer in use, Customer will promptly return the Software to Nortel Networks or certify its destruction.

Nortel Networks may audit by remote polling or other reasonable means to determine Customers Softwareactivation or usage levels. If suppliers of third party software included in Software require Nortel Networks to

include additional or different terms, Customer agrees to abide by such terms provided by Nortel Networks

with respect to such third party software.

2. Warranty. Except as may be otherwise expressly agreed to in writing between Nortel Networks and Customer,

Software is provided "AS IS" without any warranties (conditions) of any kind. NORTEL NETWORKS DISCLAIMS

ALL WARRANTIES (CONDITIONS) FOR THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING,

BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A

PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT. Nortel Networks is not obligated

to provide support of any kind for the Software. Some jurisdictions do not allow exclusion of implied warranties,

and, in such event, the above exclusions may not apply.

3. Limitation of Remedies. IN NO EVENT SHALL NORTEL NETWORKS OR ITS AGENTS OR SUPPLIERS BE

LIABLE FOR ANY OF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTY CLAIM; b) LOSS

OF, OR DAMAGE TO, CUSTOMERS RECORDS, FILES OR DATA; OR c) DIRECT, INDIRECT, SPECIAL,INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS),

WHETHER IN CONTRACT, TORT OR OTHERWISE (INCLUDING NEGLIGENCE) ARISING OUT OF YOUR

USE OF THE SOFTWARE, EVEN IF NORTEL NETWORKS, ITS AGENTS OR SUPPLIERS HAVE BEEN

ADVISED OF THEIR POSSIBILITY. The foregoing limitations of remedies also apply to any developer and/or

supplier of the Software. Such developer and/or supplier is an intended beneficiary of this Section. Some

jurisdictions do not allow these limitations or exclusions and, in such event, they may not apply.

4. General

a. If Customer is the United States Government, the following paragraph shall apply: All Nortel Networks

Software available under this License Agreement is commercial computer software and commercial

computer software documentation and, in the event Software is licensed for or on behalf of the United States

Government, the respective rights to the software and software documentation are governed by Nortel

Networks standard commercial license in accordance with U.S. Federal Regulations at 48 C.F.R. Sections

12.212 (for non-DoD entities) and 48 C.F.R. 227.7202 (for DoD entities).

b. Customer may terminate the license at any time. Nortel Networks may terminate the license if Customer

fails to comply with the terms and conditions of this license. In either event, upon termination, Customer

must either return the Software to Nortel Networks or certify its destruction.

c. Customer is responsible for payment of any taxes, including personal property taxes, resulting from

Customers use of the Software. Customer agrees to comply with all applicable laws including all applicable

export and import laws and regulations.

d. Neither party may bring an action, regardless of form, more than two years after the cause of the action

arose.

e. The terms and conditions of this License Agreement form the complete and exclusive agreement between

Customer and Nortel Networks.


8/9/2019 nortel 8300

4/134

f. This License Agreement is governed by the laws of the country in which Customer acquires the Software.

If the Software is acquired in the United States, then this License Agreement is governed by the laws of

the state of New York.


8/9/2019 nortel 8300

5/134

5

Contents

New in this release 11Features 11

Other changes 11

Preface 13Before you begin 13

How to get help 14Getting help from the Nortel web site 14

Getting help over the phone from a Nortel Solutions Center 14

Getting help from a specialist using an Express Routing Code 15

Getting help through a Nortel distributor or reseller 15

VLANs, Spanning Tree, and Static Link Aggregation 17VLANs 17

VLAN ports 18

Port-based VLANs 18

Policy-based VLANs 19

Protocol-based VLANs 20

Independent VLAN Learning (IVL) 22VLAN tagging and port types 22

VLAN router interfaces 24

VLAN implementation 24

Spanning Tree Protocol (STP) 26

Spanning tree groups 26

Spanning Tree modes 28

Spanning Tree FastStart 28

Understanding STGs and VLANs 28

Spanning Tree Protocol topology change detection 29

Static link aggregation 29

Link aggregation traffic distribution 30Link aggregation rules 30

Link aggregation examples 31

Split MultiLink Trunking 34

Overview 35

Advantages of SMLT 36

Nortel Ethernet Routing Switch 8300Configuration VLANs, Spanning Tree, and Static Link Aggregation using Device Manager

NN46200-510 03.01 Standard4.0 27 August 2007


.


8/9/2019 nortel 8300

6/134

6 Contents

How SMLT works 38

Inter-Switch Trunks 40

CP-Limit and SMLT IST 41

Traffic flow in an SMLT environment 42

Single port SMLT 44

SMLT topologies 45

Using MLT-based SMLT with single port SMLT 49

SMLT network design considerations 50

SMLT and VRRP backup master 51

Simple Loop Prevention Protocol 52

Port auto recovery 54

VLAN, STG, and link aggregation feature support 55

Configuring VLANs 57Understanding VLAN ports 57

Displaying defined VLANs 58

Creating a VLAN 60Creating a port-based VLAN 61

Configuring an IP address for a VLAN 62

Creating a protocol-based VLAN 63

Configuring user-defined protocol-based VLANs 66

Managing a VLAN 68

Changing VLAN port membership 68

Configuring advanced VLAN features 69

Configuring a MAC address for auto-learning on a VLAN 73

Managing the VLAN forwarding database 76

Configuring aging in the VLAN forwarding database 76

Configuring static forwarding 80Configuring VLAN forwarding database filters 83

Configuring Layer 2 multicast MAC filtering 85

Configuring port auto recovery 87

Configuring auto recovery delay time 87

Enabling or disabling port auto recovery for a single port 88

Enabling or disabling port auto recovery for multiple ports 89

Configuring Spanning Tree Group 91Configuring Simple Loop Prevention Protocol 103

Configuring SLPP globally 103

Configuring the SLPP by VLAN 104

Configuring the SLPP by port 106

Configuring static link aggregation 109Link aggregation traffic distribution 109

Adding a link aggregation group 110

Viewing link aggregation interface statistics 114

Configuring SMLT 120




.


8/9/2019 nortel 8300

7/134

Contents 7

Adding an MLT-based SMLT 120

Viewing MLT-based SMLT information for the switch 121

Configuring a single port SMLT 122

Viewing single port SMLTs configured on the switch 123

Deleting a single port SMLT 124

Configuring an IST MLT 124

Removing an IST MLT 125

Viewing IST statistics 126

Index 128

FiguresFigure 1 Port-based VLAN 19Figure 2 Dynamic protocol-based VLAN 21Figure 3 VLAN tag insertion 22Figure 4 Multiple spanning tree groups 27Figure 5 Switch-to-switch link aggregation configuration 32Figure 6 Switch-to-server link aggregation configuration 33

Figure 7 Client/Server link aggregation configuration 34Figure 8 Resilient networks with Spanning Tree Protocol 37Figure 9 Resilient networks with SMLT 38

Figure 10 8300 switches as SMLT aggregation switches 39Figure 11 show vlan info fdb-entry 10 sample output 43Figure 12 Network topology for traffic flow example 43Figure 13 Single port SMLT example 45Figure 14 Single Port SMLT topology 46Figure 15 SMLT triangle topology 47

Figure 16 SMLT square topology 48Figure 17 SMLT full mesh topology 49

Figure 18 Changing a split trunk from MLT-based SMLT to single port SMLT 50

Figure 19 SLPP frame 53Figure 20 VLAN dialog box - Basic tab 58Figure 20 VLAN, Insert Basic dialog box for port-based VLANs 61Figure 20 VlanPortMembers dialog box 62Figure 20 IP, VLAN dialog box 63Figure 20 IP, VLAN, Insert IP Address dialog box 63Figure 20 VLAN, Insert Basic dialog box for protocol-based VLANs 64Figure 20 VlanPortMembers dialog box 65

Figure 20 VLAN, Insert Basic: insert a user-defined, protocol-based VLAN 67Figure 20 PortMembers, VLAN dialog box 68

Figure 20 VLAN dialog box - Advanced tab 69Figure 20 Port dialog box - Interface tab 72

Figure 20 Port dialog box - VLAN tab 72

Figure 20 VlanMacLearning dialog box - Manual Edit tab 74Figure 20 VlanMacLearning, Insert Manual Edit dialog box 74Figure 20 BridgeManualEditPorts dialog box 74

Figure 20 VlanMacLearning dialog box - Auto Learn tab 75Figure 20 Bridge, VLAN dialog box - Transparent tab 76

Figure 20 Bridge, VLAN dialog box - Forwarding tab 78




.


8/9/2019 nortel 8300

8/134

8 Contents

Figure 20 VLAN dialog box - Advanced tab: flushing the forwardingdatabase 79

Figure 20 Bridge, VLAN - Static tab 81Figure 20 Bridge, VLAN, Insert Static dialog box 81

Figure 20 Bridge, VLAN, Insert Filter dialog box 83

Figure 20 STG dialog box - Globals tab 92Figure 20 STG dialog box - Configuration tab 93Figure 20 STG, Insert Configuration dialog box 93Figure 20 StgPortMembers dialog box 94Figure 20 STG dialog box - Status tab 97Figure 20 STG dialog box - Ports tab 99Figure 20 MLT dialog box - MultiLink Trunks tab 110Figure 20 MLT, Insert MultiLink Trunks dialog box 111

Figure 20 MltPortMembers dialog box 111Figure 20 VlanIds dialog box 112

Figure 20 Statistics, MLT dialog box - Interface tab 115Figure 20 Statistics, MLT dialog box - Ethernet Errors tab 117

Figure 20 Statistics, MLT dialog box - Interface Utilization tab 119

Figure 20 Multilink Trunks tab on the MLT dialog box 121Figure 20 SMLT Info tab on the SMLT dialog box 122Figure 20 SMLT tab on the Port dialog box 122

Figure 20 Insert SMLT dialog box 123Figure 20 Single Port SMLT tab on the SMLT dialog box 123

Figure 20 IST MLT dialog box 125Figure 20 Ist/SMLT Stats tab on the MLT dialog box 127

TablesTable 1 Port membership types for policy-based VLANS 19

Table 2 PIDs not available for user-defined protocol-based VLANs 21Table 3 VLAN rules 25

Table 4 Spanning Tree Protocol topology change detection configuration

rules 29Table 5 Methods of traffic distribution for packets with a trunk destination 30Table 6 SLPP frame fields 53Table 7 VLAN, STG, and link aggregation support 55Table 8 VLAN - Basic tab fields 59Table 9 VLAN - Advanced tab fields 70Table 10 VlanMacLearning - Insert Manual Edit tab fields 75Table 11 Bridge ,VLAN dialog box - Transparent tab fields 77Table 12 Bridge, VLAN dialog box - Forwarding tab fields 78Table 13 Bridge , VLAN - Static tab fields 82

Table 14 Bridge, VLAN dialog box - Filter tab fields 84Table 15 Bridge, VLAN, Insert Multicast tab fields 86

Table 16 STG Configuration tab fields 94

Table 17 STG Status tab fields 97Table 18 STG Ports tab fields 99Table 19 SLPP - Global tab fields 104Table 20 SLPP - Insert VLANS window fields 106Table 21 SLPP - Ports tab fields 107

Table 22 MLT dialog box - MultiLink Trunks fields 112Table 23 Statistics, MLT dialog box - Interface tab fields 115




.


8/9/2019 nortel 8300

9/134

Contents 9

Table 24 Statistics, MLT dialog box - Ethernet Errors tab fields 117Table 25 Statistics, MLT dialog box - Interface Utilization tab fields 120




.


8/9/2019 nortel 8300

10/134

10 Contents




.


8/9/2019 nortel 8300

11/134

11

New in this release

The following sections detail what is new in Configuration VLANs,Spanning Tree, and Static Link Aggregation using Device Manager(NN46200-510) for Release 4.0.

"Features" (page 11)

"Other changes" (page 11)

FeaturesSee the following sections for information about feature changes:

"Simple Loop Prevention Protocol" (page 52)

"Configuring Simple Loop Prevention Protocol" (page 103)

"Port auto recovery" (page 54)

Other changesSee the following sections for information about changes that reflect theupgrade to eight port multilink trunking (MLT) for this release:

Table 22 "MLT dialog box - MultiLink Trunks fields" (page 112)

"Adding ports to a link aggregation group" (page 113)

"Adding an MLT-based SMLT" (page 120)

"Link aggregation rules" (page 30)




.


8/9/2019 nortel 8300

12/134

12 New in this release




.


8/9/2019 nortel 8300

13/134

13

Preface

The Nortel* Ethernet Routing Switch (ERS) 8300 is a flexible andmultifunctional Layer 2/Layer 3 switch that supports diverse networkarchitectures and protocols. The ERS 8300 provides security and controlfeatures such as Extensible Authentication Protocol over LAN (EAPoL),Simple Network Management Protocol, Version 3 (SNMP3), and SecureShell (SSH). The ERS 8300 provides quality of service (QoS) for a high

number of attached devices and supports future network requirements forQoS for critical applications, such as Voice over IP (VoIP).

Java Device Manager (Device Manager) is a graphical user interface (GUI)used to configure and manage 8300 Series switches. You install it on amanagement station in the network. For instructions on installing andstarting Device Manager on a Windows*, UNIX*, or Linux* platform, refertoNortel Ethernet Routing Switch 8300 Fundamentals Using DeviceManager(NN46200-303). The manual also describes some commonstartup problems and how to troubleshoot them.

This guide describes how to use Device Manager to configure VLANs,

spanning tree, and static link aggregation for the 8300 Series switches.

Before you beginThis guide is intended for network administrators who have the followingbackground:

basic knowledge of networks, Ethernet bridging, and IP routing

familiarity with networking concepts and terminology

experience with windowing systems or GUIs

basic knowledge of network topologies

Before using this guide, you must complete the following procedures. For anew switch:

Step Action

1 Install the switch.




.


8/9/2019 nortel 8300

14/134

14 Preface

For installation instructions, seeNortel Ethernet Routing Switch 8300Installation Chassis Installation and Maintenance(NN46200-304)andNortel Ethernet Routing Switch 8300 Installation Modules(NN46200-305).

2 Connect the switch to the network.For more information, seeGetting Started(316799-C).

End

Ensure that you are running the latest version of Nortel ERS 8300 software.For information about upgrading the ERS 8300, see Nortel Ethernet RoutingSwitch 8300 Upgrades Software Release 4.0(NN46200-400).

How to get helpThis section explains how to get help for Nortel products and services.

Getting help from the Nortel web siteThe best way to get technical support for Nortel products is from the NortelTechnical Support web site:

www.nortel.com/support

This site provides quick access to software, documentation, bulletins, andtools to address issues with Nortel products. From this site, you can:

Download software, documentation, and product bulletins.

Search the Technical Support Web site and the Nortel Knowledge Base

for answers to technical issues.

Sign up for automatic notification of new software and documentationfor Nortel equipment.

Open and manage technical support cases.

Getting help over the phone from a Nortel Solutions CenterIf you do not find the information you require on the Nortel Technical Supportweb site, and you have a Nortel support contract, you can also get help overthe phone from a Nortel Solutions Center.

In North America, call 1-800-4NORTEL (1-800-466-7835).

Outside North America, go to the following web site to obtain the phonenumber for your region:

www.nortel.com/callus




.


8/9/2019 nortel 8300

15/134

How to get help 15

Getting help from a specialist using an Express Routing CodeTo access some Nortel Technical Solutions Centers, you can use an ExpressRouting Code (ERC) to quickly route your call to a specialist in your Nortelproduct or service. To locate the ERC for your product or service, go to:

www.nortel.com/erc

Getting help through a Nortel distributor or resellerIf you purchased a service contract for your Nortel product from a distributoror authorized reseller, contact the technical support staff for that distributoror reseller.




.


8/9/2019 nortel 8300

16/134

16 Preface




.


8/9/2019 nortel 8300

17/134

17

VLANs, Spanning Tree, and Static LinkAggregation

This chapter describes Virtual LANs, spanning tree groups, and linkaggregation. The following topics are included:

"VLANs" (page 17)

"Spanning Tree Protocol (STP)" (page 26)

"Static link aggregation" (page 29)

"Split MultiLink Trunking" (page 34)

"Simple Loop Prevention Protocol" (page 52)

"Port auto recovery" (page 54)

"VLAN, STG, and link aggregation feature support" (page 55)

VLANsWith a virtual LAN (VLAN), you can divide your LAN into smaller groups

without interfering with the physical network. You can use VLANs to:

Create workgroups for common interest groups.

Create workgroups for specific types of network traffic.

Add, move, or delete members from these workgroups without makingany physical changes to the network.

By dividing the network into separate VLANs, you can create separatebroadcast domains. This conserves bandwidth, especially in networkssupporting broadcast and multicast applications that flood the network withtraffic. A VLAN workgroup can include members from a number of dispersed

physical segments on the network, improving traffic flow between them.The ERS 8300 performs the layer 2 switching functions necessary totransmit information within VLANs as well as the layer 3 routing functionsnecessary for VLANs to communicate with one another. A VLAN can bedefined for a single switch or it can span multiple switches. A port can be amember of multiple VLANs.




.


8/9/2019 nortel 8300

18/134

8/9/2019 nortel 8300

19/134

VLANs 19

Figure 1Port-based VLAN

Policy-based VLANsThe ERS 8300 supports a total of 500 unique policy-based VLANS.However, there are some restrictions on the number of types of policy-basedVLANs.

In a policy-based VLAN, a port can be designated as always a member or

never a member. Table 1 "Port membership types for policy-based VLANS"(page 19)describes these port membership types.

Table 1Port membership types for policy-based VLANS

Membership type Description

Static(Always a member) Static members are always active members ofthe VLAN, when configured as belonging tothat VLAN. This membership type is used in

policy-based and port-based VLANs.

In policy-based VLANs, the tagged ports

are usually configured as static members.

In port-based VLANs, all ports are always

static members.

Not allowed to join(Never a member)

Ports of this type are not allowed to join theVLAN.




.


8/9/2019 nortel 8300

20/134

20 VLANs, Spanning Tree, and Static Link Aggregation

A non-tagged port can belong to multiple VLANs, as long as the VLANs arenot of the same type but are in the same spanning tree group.

Protocol-based VLANsProtocol-based VLANs are an effective way to segment your network

into broadcast domains according to the network protocols in use. Trafficgenerated by any network protocol IPX, Appletalk, and so forth can beautomatically confined to its own VLAN.

Port tagging is not required for a port to be a member of multipleprotocol-based VLANs.

The ERS 8300 supports the following protocol-based VLANs:

IP version 4 (ip)

Novell IPX on Ethernet 802.3 frames (ipx802dot3)

Novell IPX on IEEE 802.2 frames (ipx802dot2)

Novell IPX on Ethernet SNAP frames (ipxSnap)

Novell IPX on Ethernet Type 2 frames (ipxEthernet2)

AppleTalk on Ethernet Type 2 and Ethernet SNAP frames (AppleTalk)

DEC LAT Protocol (decLat)

Other DEC protocols (decOther)

IBM SNA on IEEE 802.2 frames (sna802dot2)

IBM SNA on Ethernet Type 2 frames (snaEthernet2)

NetBIOS Protocol (netBIOS)

Xerox XNS (xns)

Banyan VINES (vines)

IP version 6 (ipv6)

Reverse Address Resolution Protocol (RARP)

User-defined protocols

Example: IPX protocol-based VLANYou can create a VLAN for the IPX protocol and place ports carryingsubstantial IPX traffic into this new VLAN.

InFigure 2 "Dynamic protocol-based VLAN" (page 21), the networkmanager placed ports 7/1, 3/1, and 3/2 in an IPX VLAN. These ports stillbelong to their respective marketing and sales VLANs, but they are also newmembers of the IPX VLAN. This arrangement localizes traffic and ensuresthat only three ports are flooded with IPX broadcast packets.




.


8/9/2019 nortel 8300

21/134

VLANs 21

Figure 2Dynamic protocol-based VLAN

User-defined protocol-based VLANsYou can create user-defined protocol-based VLANs in support of networkswith non-standard protocols. For user-defined protocol-based VLANs, youcan specify the Protocol Identifier (PID) for the VLAN. For release 2.1, youcan enter the PID as a range of hexadecimal identifiers separated by acomma (,) a dash (-), or some combination of the two. Note that you canprovide a maximum of 8 PIDs in this range.

Frames that match the specified PID for the following are assigned to thatuser-defined VLAN:

the ethertype for Ethernet type 2 frames

the PID in Ethernet SNAP frames

the DSAP or SSAP value in Ethernet 802.2 frames

Table 2 "PIDs not available for user-defined protocol-based VLANs" (page21)lists the predefined policy-based PIDs, which are reserved and cannotbe designated as user-defined PIDs.

Table 2PIDs not available for user-defined protocol-based VLANs

PID (hex) Description

04xx, xx04 sna802dot2

F0xx, xxF0 netBIOS

0000-05DC Overlaps with 802.3 frame length

0600, 0807 xns

0BAD VINES

4242 IEEE 802.1D BPDUs




.


8/9/2019 nortel 8300

22/134

8/9/2019 nortel 8300

23/134

VLANs 23

802.1Q tagged portsTagging a frame adds four octets to a frame, making it bigger than thetraditional maximum frame size. These frames are sometimes referred toas "baby giant" frames. If a device does not support IEEE 802.1Q tagging,it can have problems interpreting tagged frames and receiving baby giant

frames.

In the ERS 8300, your port level configuration determines whether taggedframes are sent and received. Tagging is set as true or false for the port andis applied to all VLANs on that port.

When you enable tagging on an untagged port, the ports previousconfiguration of VLANs and STGs is lost. In addition, the port resets andruns Spanning Tree Protocol, thus breaking connectivity while the protocolgoes through the normal listening and learning states before the forwardingstate.

A ERS 8300 port with tagging enabled sends frames explicitly tagged with aVLAN ID. Tagged ports are typically used to multiplex traffic belonging tomultiple VLANs to other IEEE-802.1Q-compliant devices.

If tagging is disabled on a ERS 8300 port, it does not send tagged frames.A nontagged port connects the ERS 8300 to devices that do not supportIEEE 802.1Q tagging. If a tagged frame is forwarded out a port on whichtagging is set to false, the switch removes the tag from the frame beforesending it out the port.

If a port is set for tagging on a ERS 8300, and the port is also a member of

an untagged multilink trunk (MLT), or the reverse is true. The port settingson the MLT overrides.

Treatment of tagged and untagged framesA ERS 8300 associates a frame with a VLAN based on the data content ofthe frame and the configuration of the destination port. Whether the frameis tagged or untagged dictates how that frame is treated.

If a tagged frame is received on a tagged port, with a VLAN ID specified inthe tag, the ERS 8300 directs it to that VLAN, if it is present.

For untagged frames, VLAN membership is implied from the content ofthe frame itself. For untagged frames received on a tagged port, you can

configure the port to either discard or accept the frame. If you configurea tagged port to accept untagged frames, the port must be assigned toa port-based VLAN.

On the ERS 8300 you have the option to configure tagged ports to senduntagged frames on the default VLAN of the port.




.


8/9/2019 nortel 8300

24/134


How the frame is forwarded is based on the VLAN the frame is receivedand on the forwarding options available for that VLAN. A ERS 8300 tries toassociate untagged frames with a VLAN in the following order:

Does the frame belong to a protocol-based VLAN?

What is the port-based VLAN of the receiving port?

If the frame meets none of the preceding criteria, it is discarded.

VLAN router interfacesVirtual router interfaces correspond to routing on a virtual port associatedwith a VLAN. This type of routing is the routing of IP traffic to and from aVLAN. Because a given port can belong to multiple VLANs (some of whichare configured for routing on the switch and some of which are not), there isnot a one-to-one correspondence between the physical port and the routerinterface. For VLAN routing, the router interface for the VLAN is called avirtual router interface because the IP address is assigned to an interfaceon the routing entity in the switch. This initial interface has a one-to-onecorrespondence with a VLAN on any given switch.

The ERS 8300 chassis supports 4096 MAC addresses. If you are usingan 8600 chassis, make sure it supports 4096 MAC addresses. You caninstall the 8600 MAC upgrade kit to support 4096 MAC addresses. Formore information, see the publication, Adding MAC addresses to the 8600Series Switch (part number 212486-A).

VLAN implementationThis section describes how to implement VLANs on a ERS 8300. The

following topics are included: "Default VLANs" (page 24)

"Unassigned VLANs" (page 24)

"VLAN rules" (page 25)

Default VLANsThe ERS 8300 is factory configured with all ports residing in a port-basedVLAN and default spanning tree group (STG) 1. With all ports in this defaultVLAN, the switch behaves like a layer 2 switch. The VLAN ID of this defaultVLAN is always 1, and it is always a port-based VLAN. The default VLANcannot be deleted.

Unassigned VLANsThe unassigned VLAN is a port-based VLAN that acts as a placeholder forports that are removed from other port-based VLANs. Ports can belong topolicy-based VLANs as well as to the unassigned VLAN. If a frame does notmeet any policy criteria and there is no underlying port-based VLAN, the




.


8/9/2019 nortel 8300

25/134

VLANs 25

port belongs to the unassigned VLAN and the frame is dropped. Only portsin the unassigned VLAN have no spanning tree group association, so theydo not participate in Spanning Tree Protocol negotiation; that is, no BPDUsare sent out of ports in the unassigned VLAN.

The unassigned VLAN cannot be deleted or viewed. If a user-definedspanning tree group is deleted, the ports are moved to the unassignedVLAN and can later be assigned to another spanning tree group. Movingthe ports to the unassigned VLAN avoids creating unwanted loops andduplicate connections. If routing is disabled in these ports, the port iscompletely isolated and no layer 2 or layer 3 functionality is provided.

The unassigned VLAN is useful for security concerns or when using a portfor monitoring a mirrored port.

VLAN rulesTable 3 "VLAN rules" (page 25)describes the VLAN rules for the ERS 8300.

Table 3VLAN rules

In addition to the default VLAN, the ERS 8300 supports 4000 VLANs. VLAN IDs range invalue from 1 to 4000. See note 1

If you enable tagging on a port in a VLAN, the spanning tree group configuration for that port islost. To preserve VLAN assignment of ports, enable tagging on the ports before you assign

the ports to VLANs.

Tagged ports can belong to multiple VLANs and multiple spanning tree groups. When a taggedport belongs to multiple spanning tree groups, the BPDUs are tagged for all spanning tree

groups except for spanning tree group number 1. Under the default configuration, the default

is spanning tree group number 1.

An untagged port can belong to only one port-based VLAN. A port in a port-based VLAN canbelong to other policy-based VLANs.

An untagged port can belong to only one policy-based VLAN for a given protocol. For example,a port can belong to only one policy-based VLAN where the policy is IPX802dot2 protocol.

A VLAN cannot span multiple spanning tree groups; that is, the ports in the VLAN must allbe within one spanning tree group. Spanning tree group IDs can range in value from 1 to64. See note 1

A frames VLAN membership is determined by the following order of precedence:

1. VLAN ID in the frames VLAN tag

2. protocol-based VLAN

3. port-based VLAN

1 Also see Nortel Ethernet Routing Switch 8300 Release Notes Software Release

4.0(NN46200-401) for the latest information about supported software and hardware capabilities.




.


8/9/2019 nortel 8300

26/134


Spanning Tree Protocol (STP)The operation of the Spanning Tree Protocol (STP) is defined in the IEEEStd 802.1D. The Spanning Tree Protocol detects and eliminates logicalloops in a bridged or switched network. When multiple paths exist, thespanning tree algorithm configures the network so that a bridge or switch

uses only the most efficient path. If that path fails, the protocol automaticallyreconfigures the network to make another path become active, thussustaining network operations. You can control path redundancy for VLANsby implementing the panning Tree Protocol (STP).

A network can include multiple instances of STP. The collection of ports inone spanning tree instance is called a spanning tree group (STG).

This section includes the following topics:

"Spanning tree groups" (page 26)

"Spanning Tree modes" (page 28)

"Spanning Tree FastStart" (page 28) "Understanding STGs and VLANs" (page 28)

"Spanning Tree Protocol topology change detection" (page 29)

Spanning tree groupsEach STG consists of a collection of ports that belong to the same instanceof the STP protocol. These STP instances are completely independentfrom each other (for example, they send their own BPDUs, they have theirown timers, and so on).

Multiple STGs are possible within the same switch; that is, the routing switch

can participate in the negotiation for multiple spanning trees.

Figure 4 "Multiple spanning tree groups" (page 27)shows multiple spanningtree groups.




.


8/9/2019 nortel 8300

27/134

Spanning Tree Protocol (STP) 27

Figure 4Multiple spanning tree groups

Spanning Tree Protocol controlsThe ports associated with a VLAN and VLANs themselves must becontained within a single STG to prevents problems with spanning treeblocking ports and loss of connectivity within the VLAN.

Each untagged port can belong only one STG, while tagged ports canbelong to more than one STG. When a tagged port belongs to more thanone STG, the spanning tree bridge protocol data units (BPDUs) are taggedto distinguish those of one STG from those of another STG. BPDUs fromSTG 1 are not tagged. The tagged BPDUs are transmitted using a multicastMAC address as tagged frames with a VLAN ID. Because tagged BPDUsare not part of the IEEE 802.1D standard, not all devices can interpret

tagged BPDUs.You can enable or disable the Spanning Tree Protocol at the port or at thespanning tree group level. If you disable the protocol at the group level,received BPDUs are handled like a MAC-level multicast and flooded out theother ports of the STG. Note that an STG can contain one or more VLANs.Remember that MAC broadcasts are flooded out on all ports of a VLAN; aBPDU is a MAC-level message, but the BPDU is flooded out all ports onthe STG, which can encompass many VLANs.

When STP is globally enabled on the STG, BPDU handling depends onthe STP setting of the port:

When STP is enabled on the port, received BPDUs are processed inaccordance with STP.

When STP is disabled on the port, the port stays in a forwarding state,received BPDUs are dropped and not processed, and no BPDU isgenerated.




.


8/9/2019 nortel 8300

28/134


Spanning Tree modesERS 8300 software release 2.2 introduces a Cisco-compatible SpanningTree mode. By default, the Nortel STG (NTSTG) is enabled, and allBPDUs are sent on every MLT link. To use the Cisco-compatible SpanningTree mode, disable NTSTG BPDUs are sent on only one link of the

aggregation group. See"Adding a link aggregation group" (page 110)forconfiguration instructions.

Spanning Tree FastStartWhen enabled on a port with no other bridges, Spanning Tree FastStartbrings the port up more quickly following switch initialization or a spanningtree change. The port goes through the normal blocking and learning statesbefore the forwarding state, but the hold times for these states is the bridgehello timer (2 seconds by default) instead of the bridge forward delay timer(15 seconds by default). Thus, if FastStart is enabled on a port using thedefaults of 2 seconds for Hello time and 15 seconds for Forward Delaytime, it goes into the forwarding state in 4 seconds, instead of the usual 30seconds. If the port sees a BPDU, it reverts to regular behavior.

Instead of disabling STP on a port, Nortel recommends enabling FastStarton the port as an alternative.

FastStart is intended for access ports where only one device is connectedto the switch (as in workstations with no other spanning tree devices). Itmay not be desirable to wait the usual 30 to 35 seconds for spanning treeinitialization and bridge learning.

Use Spanning Tree FastStart with caution. This procedure is contrary

to that specified in the IEEE 802.1D standard for Spanning Tree Protocol(STP), in which a port enters the blocking state following the initializationof the bridging device or from the disabled state when the port is enabledthrough configuration.

Understanding STGs and VLANsA VLAN can include all the ports in a given STG and there can be multipleVLANs in an STG, but a VLAN never has more ports than exist in the STG.The recommended practice is to plan STGs and then create VLANs.

In the ERS 8300 default configuration, a single STG encompasses all theports in the switch. For most applications, this configuration is sufficient.

The default STG is assigned ID 1 (STG1).

If a VLAN spans multiple switches, it must be within the same STG acrossall switches; that is, the ID of the STG in which it is defined must be thesame across all devices.




.


8/9/2019 nortel 8300

29/134


Spanning Tree Protocol topology change detectionChange detection enables the detection of topology changes and sends atopology change notification (TCN) to the Root, on an individual port basis.Change detection is enabled by default. When change detection is enabledand a topology change occurs, a trap is sent containing the following

information so that you can identify the device:

the MAC address of the STG sending the TCN

the port number

the STG ID

You can disable change detection on ports where a single end station isconnected, and where powering that end station on and off triggers theTCN. Change detection is referenced in IEEE STD 802.1D.

Topology change detection configuration rules

The following rules apply to the Spanning Tree topology change detectionsetting.

Table 4

Spanning Tree Protocol topology change detection configuration rules

You can configure change detection on access ports only. This also applies to link aggregationports.

If you disable change detection and then change the port from access to tagging-enabled,the switch automatically sets change-detection to enabled for the port. This also applies tolink aggregation ports.

In a link aggregation group with access ports, modifications to change detection for a member

port are automatically applied to the remaining member ports.

Static link aggregationLink aggregation is a point-to-point connection that aggregates multipleports so that they logically act like a single port with the aggregatedbandwidth. Grouping multiple ports into a logical link provides higheraggregate throughput on a switch-to-switch or switch-to-server application.Link aggregation provides media and module redundancy.

The ERS 8300 supports link aggregation in a static configuration modewhere no LACP is used. The ERS 8300 link aggregation is interoperablewith Baystack and Ethernet Routing Switch 8600 link aggregation, also

referred to as MLT.

This section includes the following topics:

"Link aggregation traffic distribution" (page 30)

"Link aggregation rules" (page 30)

"Link aggregation examples" (page 31)




.


8/9/2019 nortel 8300

30/134


Link aggregation traffic distributionStatic aggregation groups can be used to aggregate bandwidth betweentwo switches. The ERS 8300 distributes traffic by determining the activeport in a link aggregation group that can be used for each outgoing packet.Link aggregation group algorithms provide load sharing while ensuring that

packets do not arrive out of sequence.

The ERS 8300 determines the port a packet is transmitted through by:

Tabulating the trunks and their active assigned port members for eachlink aggregation group. Ports defined as trunk members are written tothe table in the order in which they are activated. If a link goes down, thetable is rewritten with one less trunk member.

Using a selected index, based on traffic type and a hashing algorithm.

Packet distribution methodsTable 5 "Methods of traffic distribution for packets with a trunk destination"

(page 30)shows the methods used, by type of packet, to distribute packetswith a trunk destination.

Table 5

Methods of traffic distribution for packets with a trunk destination

Type of packet

MAC

sourceaddress(SA)

MACdestinationaddress (DA)

IPv4

source IPaddress

(SIP)

IPv4

destinationIP address

(DIP)

Layer 3

protocol

Bridged packet X X

Bridged packet with

Layer 3 trunk loadbalancing

X X

Routed packet X X X

Trunk load sharing algorithms by traffic typeFor information about hashing parameters and algorithms that are used fordistributing link aggregation traffic, seeNortel Ethernet Routing Switch 8300Planning and EngineeringNetwork Design Guidelines(NN46200-200).

Link aggregation rulesThis section describes the rules for the link aggregation groups in the ERS8300 ..

Link aggregation is supported on 10BASE-T, 100BASE-TX,100Base-FX, Gigabit Ethernet ports, and 10Gigabit Ethernet ports.

The switch supports eight ports per aggregation group. All ports in alink aggregation group must be of the same media type and have thesame speed and duplex settings.




.


8/9/2019 nortel 8300

31/134


A physical port cannot belong to more than one link aggregation group.

Link aggregation is compatible with the Spanning Tree Protocol.

IEEE 802.1Q tagging is supported on a link aggregation group.

All ports in a link aggregation group must be in the same STG unlessthey are tagged. If tagged, they can belong to multiple STGs.

For static aggregation groups, follow these guidelines:

For 8348TX, 8348TX-PWR, and 8324FX ports, you can use onlylink aggregation groups 1 to 7.

For 8348GB, 8324GTX, 8324GTX-PWR, 8348GTX, and8348GTX-PWR ports, as well as 8308XL, 8393SF, and 8394SF, youcan use link aggregation groups 1 to 31.

See note1.

In addition to the default VLAN, the ERS 8300 supports 4000 VLANs.VLAN IDs range in value from 1 to 4000.

The ports in a link aggregation group can span modules, providingmodule redundancy.

Bridged packet traffic (except for IP distribution) is distributed acrossthe link aggregation group using a source and destination MACaddress-based algorithm.

Bridged and routed IP traffic is distributed across the link aggregationgroup using a source and destination MAC and IP address-basedalgorithm.

1 SeeNortel Ethernet Routing Switch Release Notes Software Release4.0 (NN46200-401) for the latest information about supported softwareand hardware capabilities.

Link aggregation examplesWith link aggregation, you can group switch ports together to form a linkto another switch or server, thus increasing aggregate throughput of theinterconnection between the devices. When the Spanning Tree Protocol isenabled, Link aggregation software detects misconfigured or broken trunklinks and removes the port from the link aggregation group.

Switch-to-switch link aggregation configurationFigure 5 "Switch-to-switch link aggregation configuration" (page 32) showstwo trunks (T1 and T2) connecting switch S1 to switches S2 and S3.




.


8/9/2019 nortel 8300

32/134


Figure 5Switch-to-switch link aggregation configuration

Each of the trunks shown inFigure 5 "Switch-to-switch link aggregationconfiguration" (page 32)can be configured with multiple switch ports toincrease bandwidth and redundancy. When traffic between switch-to-switchconnections approaches single port bandwidth limitations, creating a linkaggregation group can supply the additional bandwidth required to improveperformance.

Switch-to-server link aggregation configurationFigure 6 "Switch-to-server link aggregation configuration" (page 33)showsa typical switch-to-server trunk configuration. In this example, file serverFS1 utilizes dual MAC addresses, using one MAC address for each networkinterface card (NIC). No link aggregation group is configured to FS1. FS2 isa single MAC server (with a 4-port NIC) and is set up as trunk configurationT1.




.


8/9/2019 nortel 8300

33/134


Figure 6Switch-to-server link aggregation configuration

Client/server link aggregation configurationFigure 7 "Client/Server link aggregation configuration" (page 34)shows anexample of how link aggregation can be used in a client/server configuration.In this example, both servers are connected directly to switch S1. FS2 isconnected through a trunk configuration (T1).The switch-to-switch connections are through trunks (T2, T3, T4, and T5).Clients accessing data from the servers (FS1 and FS2) are provided withmaximized bandwidth through trunks T1, T2, T3, T4, and T5. On the ERS8300, trunk members (the ports making up each trunk) do not have to beconsecutive switch ports; they can be selected across different modules formodule redundancy.

With spanning tree enabled and trunks T2 and T3 in the same spanningtree group, one of the trunks (T2 or T3) acts as a redundant (backup)trunk to switch S2, and STP blocks one of the trunks. With spanning treedisabled, neither trunk T2 nor trunk T3 is blocked; they must be configuredinto separate STGs to avoid a loop in the network.




.


8/9/2019 nortel 8300

34/134


Figure 7Client/Server link aggregation configuration

With spanning tree enabled, ports that belong to the same link aggregation

group operate as follows. All ports in the group must belong to the samespanning tree group if spanning tree is enabled. Identical bridge protocoldata units (BPDUs) are sent out of each port. The group port ID is the ID ofthe lowest numbered port. If identical BPDUs are received on all ports, thelink aggregation mode is forwarding. If no BPDU is received on a port or ifBPDU tagging and port tagging do not match, the individual port is takenoffline. Path cost is inversely proportional to the active link aggregationbandwidth.

Split MultiLink TrunkingThis section describes the Split MultiLink Trunking (SMLT) feature. Thefollowing topics are included:

"Overview" (page 35)

"Advantages of SMLT" (page 36)

"How SMLT works" (page 38)

"Inter-Switch Trunks" (page 40)




.


8/9/2019 nortel 8300

35/134


"CP-Limit and SMLT IST" (page 41)

"Traffic flow in an SMLT environment" (page 42)

"Single port SMLT" (page 44)

"SMLT topologies" (page 45) "Using MLT-based SMLT with single port SMLT" (page 49)

"SMLT network design considerations" (page 50)

"SMLT and VRRP backup master" (page 51)

To configure SMLT using Device Manager, see"Configuring SMLT" (page120).

OverviewLink Aggregation technologies have become popular for improving linkbandwidth and to protect against link failures.

SMLT is an extension of link aggregation, which improves the level ofLayer 2/Layer 3 resiliency by providing nodal protection in addition to linkfailure protection and flexible bandwidth scaling. SMLT achieves this byallowing edge switches using link aggregation to dual-home to two SMLTaggregation switches. SMLT is transparent to those attached devices thatsupport link aggregation.

Because SMLT inherently avoids loops due to its superior enhanced linkaggregation control protocol, when designing networks using SMLT, it is notnecessary to use the IEEE 802.1d/w Spanning Tree protocols to enableloop-free triangle topologies.

With split multilink trunking, two aggregation switches can appear as a singledevice to edge switches, which are dual-homed to the aggregation switches.The aggregation switches are interconnected using an Inter-Switch Trunk(IST) and can exchange addressing and state information (permitting rapidfault detection and forwarding path modification). Although SMLT is primarilydesigned for Layer 2, it also provides benefits for Layer 3 networks.

ATTENTIONLayer 2 edge switches must support some form of link aggregation (such as MLT)to allow communications with the SMLT aggregation switches.




.


8/9/2019 nortel 8300

36/134

8/9/2019 nortel 8300

37/134


Figure 8Resilient networks with Spanning Tree Protocol

As shown inFigure 9 "Resilient networks with SMLT" (page 38), with theintroduction of SMLT, all dual-homed Layer 2 frame-switched networkdevices are no longer dependent upon STP for loop detection because aproperly designed SMLT network inherently does not have any logical loops.




.


8/9/2019 nortel 8300

38/134


Figure 9Resilient networks with SMLT

SMLT solves the Spanning Tree problem by combining two aggregation

switches into one logical MLT entity, which makes it transparent to any typeof edge switch. In the process, it provides quick convergence, while loadsharing across all available trunks.

How SMLT worksFigure 10 "8300 switches as SMLT aggregation switches" (page39)illustrates an SMLT configuration with a pair of 8300 switches (E andF) as aggregation switches. Also included are four separate edge switches(A, B, C, and D). Refer to the following sections for a description of thecomponents shown in this SMLT example:

"Inter-Switch Trunks" (page 40)

"CP-Limit and SMLT IST" (page 41)

"Other SMLT aggregation switch connections" (page 39)




.


8/9/2019 nortel 8300

39/134


Figure 108300 switches as SMLT aggregation switches

Other SMLT aggregation switch connectionsFigure 10 "8300 switches as SMLT aggregation switches" (page 39)alsoincludes end stations connected to each of the switches.

In this example, a, b1, b2, c1, c2, and d are clients and printers, while e andf can be servers or routers.

Edge switches B and C can use any method for determining a link of theirmultilink trunk connections to use for forwarding a packet, as long as thesame link is used for a given Source/Destination (SA/DA) pair. This is true,regardless of whether or not the DA is known by B or C. SMLT aggregationswitches always send traffic directly to an edge switch and only use the ISTfor traffic that they cannot forward in another more direct way.

The examples that follow explain the process in more detail:

"Example 1-Traffic flow from a to b1 or b2" (page 40)

"Example 2-Traffic flow from b1/b2 to c1/c2" (page 40)

"Example 3-Traffic flow from a to d" (page 40)

"Example 4-Traffic flow from f to c1/c2" (page 40)




.


8/9/2019 nortel 8300

40/134


Example 1-Traffic flow from a to b1 or b2 Assuming a and b1/b2are communicating using Layer 2, traffic flows from A to switch E and isforwarded over the direct link to B. Traffic coming from b1 or b2 to a is sentby B on one of its MLT ports.

B sends traffic from b1 to a on the link to switch E, and traffic from b2 to aon the link to F. In the case of traffic from b1, switch E forwards the trafficdirectly to switch A, while traffic from b2, which arrived at F, is forwardedacross the IST to E and then on to A.

Example 2-Traffic flow from b1/b2 to c1/c2 Traffic from b1/b2 to c1/c2is always sent by switch B through the MLT to the core. No matter whichswitch (E or F) it arrives at, traffic is sent directly to C through the local link.

Example 3-Traffic flow from a to d Traffic from a to d (and the reverse)is forwarded across the IST because it is the shortest path. This link istreated purely as a standard link with no account taken of SMLT and the factthat it is also an IST.

Example 4-Traffic flow from f to c1/c2 Traffic from f to c1/c2 is sentdirectly from F. With return traffic from c1/c2, you can have one active VRRPMaster for each IP subnet. The traffic is passed across the IST if switch Csends it through the link to E.

Inter-Switch TrunksSMLT aggregation switches must be connected with an Inter-Switch Trunk(IST). For example, inFigure 10 "8300 switches as SMLT aggregationswitches" (page 39), edge switches B and C are connected to the

aggregation switches using multilink trunks split between the twoaggregation switches. The implementation of SMLT requires only twoSMLT-capable aggregation switches.

Aggregation switches use the IST to:

Confirm that they are alive and exchange MAC address forwardingtables.

Carry the SMLT control packets.

Send traffic between single switches attached to the aggregationswitches.

Serve as a backup if one SMLT link fails.

Because the IST is required for the SMLT, Nortel recommends that you usemultiple links on the IST to ensure reliability and high availability. Nortelrecommends using Gigabit Ethernet links for IST connectivity to provideenough bandwidth for potential cross traffic.




.


8/9/2019 nortel 8300

41/134


ATTENTIONNortel recommends that an IST MLT contain at least 2 physical ports.

CP-Limit and SMLT ISTControl packet rate limit (CP-Limit) controls the amount of multicast andbroadcast traffic that can be sent to the CPU from a physical port. It protectsthe CPU from being flooded by traffic from a single, unstable port. TheCP-Limit default settings are:

default state = enabled

default multicast packets-per-second (pps) value = 15 000

default broadcast pps value = 10 000

ATTENTIONNortel recommends setting the multicast packets-per-second value to 6000 ppswhen you configure SMLT links.

If the actual rate of packets-per-second sent from a port exceeds thedefined rate, the port is administratively shut down to protect the CPU fromcontinued bombardment. Disabling IST ports in this way can impair networktraffic flow in an SMLT configuration.

To avoid this scenario, the 8300 Series switch automatically disablesCP-Limit on all IST port members.

Disabling CP-Limit on IST MLT ports forces another, less-critical port to bedisabled if the defined CP-Limits are exceeded. In doing so, the switchpreserves network stability if a protection condition (CP-Limit) arises.Note that, although it is likely that one of the SMLT MLT ports (risers) isdisabled in such a condition, traffic continues to flow uninterrupted throughthe remaining SMLT ports.

When you remove the IST configuration from an IST port member, theswitch returns the CP-Limit for the port to the default state (enabled).

Do not confuse CP-Limit with port rate limiting. Port rate limiting andCP-Limit serve different purposes. Port level rate limiting, if enabled, limits

all packets with broadcast and multicast addresses to control the amount ofuser traffic. CP-Limit is a protection mechanism for the control plane thatonly counts packets that are destined for the control plane, or packets thatare processed by the CPU with a QoS=7.




.


8/9/2019 nortel 8300

42/134

8/9/2019 nortel 8300

43/134


Figure 11show vlan info fdb-entry 10 sample output

Figure 12

Network topology for traffic flow example




.


8/9/2019 nortel 8300

44/134


Single port SMLTWith single port SMLT, you can configure a split multilink trunk using a singleport and scale the number of split multilink trunks on a switch to a maximumnumber of available ports. Single port SMLT behaves just like an MLT-basedSMLT and can coexist with SMLTs in the same system.

Split MLT links can exist in the following combinations on the SMLTaggregation switch pair:

MLT-based SMLT + MLT-based SMLT

MLT-based SMLT + single port SMLT

single port SMLT + single port SMLT

The rules for configuring single port SMLT are the following:

The dual-homed device connecting to the aggregation switches must becapable of supporting MLT.

Single port SMLT is supported on Ethernet ports.

Each single port SMLT is assigned an SMLT ID from 1 to 512.

Single port SMLT ports can be designated as Access or Trunk (that is,IEEE 802.1Q tagged or not), and changing the type does not affecttheir behavior.

You cannot change a single port SMLT into an MLT-based SMLT byadding more ports. You must delete the single port SMLT, and thenreconfigure the port as SMLT/MLT.

You cannot change an MLT-based SMLT into a single por t SMLT bydeleting all ports but one. You must first remove the SMLT/MLT and then

reconfigure the port as single port SMLT.

A port cannot be configured as MLT-based SMLT and as single portSMLT at the same time.

Figure 13 "Single port SMLT example" (page 45)shows a configuration, inwhich both aggregation switches have single port SMLTs with the sameIDs. With this configuration, you can have as many single port SMLTs asthere are available ports on the switch.




.


8/9/2019 nortel 8300

45/134


Figure 13Single port SMLT example

SMLT topologiesFour generic topologies are available, in which SMLT can be deployed.Depending on the resiliency and redundancy you require, you can chooseamong one of the following configurations:

"Single port SMLT topology" (page 45)

"SMLT triangle topology" (page 46)

"SMLT square topology" (page 47) "SMLT full mesh topology" (page 48)

Single port SMLT topologySometimes you need to exceed the Ethernet Routing Switch 8300 multilinktrunk Group ID limit for server farm applications. In this case, you can useSingle Port SMLT (seeFigure 14 "Single Port SMLT topology" (page 46)).With this topology, you can scale up to the maximum number of ports ona switch. Any Layer 2 switch capable of link aggregation can be used asthe client in this case.




.


8/9/2019 nortel 8300

46/134


Figure 14Single Port SMLT topology

SMLT triangle topologyThe most often used configuration, the triangle configuration, connectsmultiple access switches to a pair of Ethernet Routing Switch 8300 devices.In many cases, dual-NIC servers capable of link aggregation are connected

directly to the Ethernet Routing Switch 8300 devices in a similar fashion.The following figure,Figure 15 "SMLT triangle topology" (page 47), depictsExtranet Switches (ES) as the SMLT Clients. In real-world applications, anyLayer 2 device capable of link aggregation can become the SMLT client.




.


8/9/2019 nortel 8300

47/134


Figure 15SMLT triangle topology

SMLT square topologyOften used in an enterprise core, the square SMLT configuration providesnetwork resiliency. The following figure,Figure 16 "SMLT square topology"(page 48), shows this topology.




.


8/9/2019 nortel 8300

48/134


Figure 16SMLT square topology

SMLT full mesh topologyFor maximum reliability and resiliency, all SMLT nodes can be fully meshed.This may not be an economical solution for many cases, but if traffic losscannot be tolerated, this design can route traffic around any failure. Thefollowing figure,Figure 17 "SMLT full mesh topology" (page 49), showsthe full mesh topology.




.


8/9/2019 nortel 8300

49/134


Figure 17SMLT full mesh topology

Using MLT-based SMLT with single port SMLTYou can configure a split trunk with a single port SMLT on one side andan MLT-based SMLT on the other. Both must have the same SMLT ID. Inaddition to general use,Figure 18 "Changing a split trunk from MLT-basedSMLT to single port SMLT" (page 50)shows how this configuration can beused for upgrading an MLT-based SMLT to a single port SMLT withouttaking down the split trunk.




.


8/9/2019 nortel 8300

50/134


Figure 18Changing a split trunk from MLT-based SMLT to single port SMLT

SMLT network design considerationsUse the following base guidelines when designing an SMLT network (formore information, refer to Nortel Ethernet Routing Switch 8300 Planningand Engineering Network Design Guidelines(NN46200-200)).

Step Action

1 Define a separate VLAN for the IST protocol:

config mlt 1 ist create ip vlan-id

2 Enable tagging on IST trunk links:




.


8/9/2019 nortel 8300

51/134


config ethernet perform-tagging enable

3 Enable dropping of untagged frames on IST trunk links:

config ethernet untagged-frames-

discard enable

End

SMLT and VRRP backup masterWhen configuring routing on SMLT aggregation switches, Nortelrecommends that you use VRRP for default gateway redundancy. Withthe standard implementation in a VRRP environment, you can have oneactive primary router per IP subnet, with all other network VRRP interfacesin backup mode.

A deficiency occurs when VRRP-enabled switches use SMLT. If VRRPswitches are aggregated into two SMLT switches, the end host traffic isload-shared on all uplinks to the aggregation switches (based on the MLTtraffic distribution algorithm).

VRRP normally has only one active routing interface enabled. All otherVRRP routers are in backup (standby) mode. Therefore, all traffic thatreaches the backup VRRP router is forwarded over the Inter Switch Trunk(IST) link towards the master VRRP router. In this case, the IST link doesnot have enough bandwidth to carry all the aggregated traffic.

You can overcome this issue by assigning the backup router as the Backup

Master router. The Backup Master router is a backup router permitted toactively load-share the routing traffic with a master router.

When enabled, the VRRP Backup Master acts as an IP router for packetsdestined for the logical VRRP IP address. With the Backup Master routerenabled, the incoming host traffic is forwarded over the SMLT links asnormal. The Backup Master routes traffic received on the SMLT VLAN,thus avoiding traffic flow across the IST trunk. This eliminates the potentiallimitation in the available IST bandwidth and provides true load-sharingcapabilities.

ATTENTIONTo avoid potential frame duplication problems, the VRRP Backup Master featurefor SMLT can be used only on interfaces defined for SMLT. It cannot be used inconjunction with HUBs to avoid frame duplication.




.


8/9/2019 nortel 8300

52/134


The Backup Master feature provides an additional benefit. Under normalVRRP operation, a hello packet is sent every second. When three hellos arenot received, all switches automatically revert to master mode. This resultsin a 3 second outage. When you are using VRRP in an SMLT environment,and a link goes down, traffic is automatically forwarded to the remaining

ports configured for SMLT VRRP Backup Master. Because both switchesare processing traffic, the node immediately recognizes the VRRP statechange, so there is faster failure recovery (less than 1 second).

Network design considerations for SMLT with VRRPWhen you enable the VRRP BackupMaster with SMLT, refer to the followingguidelines:

The VRRP virtual IP address and the VLAN IP address cannot be thesame.

Configure the hold-down timer for VRRP to a value approximately 150percent of the IGP (Interior Gateway Protocol, such as RIP or OSPF)

convergence time to allow the IGP enough time to reconverge followinga failure. That is, if OSPF takes 40 seconds to reconverge, set theholddown timer to 60 seconds.

Stagger the hold-down timers with ARP requests. This means that theEthernet Routing Switch 8300 does not have to run ARP at the sametime, causing excess CPU load. For example, if one node has thehold-down timer set for 60 seconds, you can set the other to 65 seconds.

Enable hold-down times on both VRRP sides (Master andBackupMaster).

Simple Loop Prevention ProtocolSimple Loop Prevention Protocol (SLPP) is used at the edge of a network toprevent loops in an SMLT network if Spanning Tree is not used. AlthoughSLPP is focused on SMLT networks, it also works with other configurations.Logical loops can occur in SMLT networks for the following reasons:

Misconfigurations occur (for example, when SMLT client devices areerroneously directly connected together).

MLT is not operating correctly (for example, when a switch is connectedto the network using the default configuration without any MLT settings).

Problems occur with the edge switch (for example, when MLT or someother form of link aggregation is not working).

You can detect loops with SLPP and the 8000 Series switch Loop Detectionfeature.

If an SLPP test packetcalled an SLPP-packet data unit (SLPP-PDU) isreceived by the originating switch SMLT port or by a peer aggregation switchon the same VLAN, a loop exists and the port is disabled.




.


8/9/2019 nortel 8300

53/134

Simple Loop Prevention Protocol 53

When you configure and enable SLPP, the switch control processor (CP)sends an SLPP-PDU to the VLAN. If a loop exists on the VLAN, theSLPP-PDU eventually returns to the originating port and is received bythe CP. The CP disables that port and a message appears on the consoledescribing why the port is disabled. A disabled port remains disabled until

you enable it. You can use the port auto enable feature to enable the portafter a predefined interval.

Figure 19 "SLPP frame" (page 53)shows the fields of an SLPP-PDU frame.

Figure 19

SLPP frame

Table 6 "SLPP frame fields" (page 53)describes the fields of the SLPPframe.

Table 6SLPP frame fields

Field Description

DA destination MAC address (the switch MACaddress with the multicast bit set)

SA source MAC address (the switch MAC address)

PID user-configurable protocol ID (the default is0x8104)

Payload contains three fields:

1. SLPP protocol version (one byte)

2. reserved (one byte)

3. VLAN ID (two bytes)

You must keep several factors in mind when you use SLPP:

SLPP-PDUs are forwarded on an individual VLAN basis.

SLPP-PDU reception and processing operates on a port only ifSLPP-RX is enabled on that port.

SLPP-PDUs are automatically forwarded on all ports of the VLANs thatare configured for SLPP.

The SLPP-PDU is sent out as a multicast packet and is constrainedto the VLAN on which it is sent.

The SLPP-PDU payload contains the VLAN ID. A separate SLPP-PDUis sent for each VLAN.




.


8/9/2019 nortel 8300

54/134


The SLPP-PDU packet transmission interval is configurable from 500to 5000 milliseconds (ms). The default packet transmission intervalis 500 ms.

After an SLPP-PDU is received on a port that is a member of a multilink

trunk, port members with SLPP-RX enabled and RX-Threshold reached,are disabled.

The SLPP-PDU can be received by the originating CP or the peer SMLTCP. All other switches treat the SLPP-PDU as a normal multicast packet.The switches ignore it and forward it to the VLAN.

SLPP-PDU transmission and reception operates only on ports for whichSTP is in a forwarding state (if STP is enabled on one switch in the path).

You must enable SLPP packet receive on an individual port basis todetect a loop:

SLPP packet reception can only be enabled on SMLT access por ts

and never on SMLT IST ports or any SMLT square or full meshcore ports.

Vary the SLPP packet receive threshold between the two core SMLTswitches

nortel 8300

Documents

Transcript of nortel 8300