Home > HP > Printer > HP 5500 Ei 5500 Si Switch Series Configuration Guide

HP 5500 Ei 5500 Si Switch Series Configuration Guide

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 2513
    Add page 1071 to Favourites
    image text
    Enable zoom 
    							 382 
Step Command Remarks 
7.  Exit behavior view. 
quit  N/A 
8.  Create a policy and enter 
policy view.  qos policy
 policy-name   N/A 
9.  Associate the class with 
the traffic behavior in the 
QoS policy.  classifier 
tcl-name behavior 
behavior-name   N/A 
 
Applying the QoS policy 
When configuring PBR, you can apply a QoS policy to the following occasions: 
•
  Applied globally —Affects the traffic sent or received on all ports. 
•   Applied to an interface —Affects the traffic sent or received on the interface. 
•   Applied to a VLAN —Affects the traffic sent or received on all ports in the VLAN. 
 
 NOTE: 
A QoS policy used for PBR applies only to traffic received on all ports,  on an interface, or on all ports in
a VLAN.  
 
To apply the QoS policy globally:  
Step Command 
1.   Enter system view. 
system-view 
2.  Apply the QoS policy 
globally.   qos apply policy
 policy-name  global inbound  
 
To apply the QoS policy to an interface:  
Step Command Remarks 
1.  Enter system view. 
system-view  N/A 
2.  Enter interface view or port 
group view. 
• Enter interface view: 
interface interface-type 
interface-number 
• Enter port group view: 
port-group manual 
port-group-name  Use either approach. 
Settings in interface view take 
effect on the current interface; 
settings in port group view take 
e f f e c t  o n  a l l  p o r t s  i n  t h e  p o r t  g r o u p .  
 
3.
  Apply the policy to the 
interface or port group.  qos apply policy
 policy-name 
inbound    N/A 
 
To apply the QoS policy to a VLAN:  
Step Command Remarks 
1.
  Enter system view. 
system-view  N/A 
2.  Apply the QoS policy to 
VLANs.   qos vlan-policy
 policy-name  vlan 
vlan-id-list  inbound   N/A
    Add page 1072 to Favourites
    image text
    Enable zoom 
    							 383 
 NOTE: 
QoS policies cannot be applied to dynamic VLAN s, for example, VLANs created by GVRP.  
 
Displaying and maintaining PBR configuration 
PBR configuration (using a PBR policy)  
Task Command Remarks 
Display the PBR routing 
information. display ip policy-based-route
 [ | { begin | 
exclude  | include  } regular-expression ]   Available in any view 
Display the specified PBR routing 
information.  display ip policy-based-route setup
 
{  interface  interface-type interface-number  | 
local | policy-name  } [ | { begin | exclude  | 
include  } regular-expression ]   Available in any view
 
Display PBR statistics.  display ip policy-based-route statistics
 
{  interface  interface-type interface-number  | 
local } [ |  { begin | exclude |  include } 
regular-expression  ]   Available in any view
 
Display the PBR policy information.  display policy-based-route 
[ policy-name ] 
[ |  { begin |  exclude | include } 
regular-expression  ]   Available in any view 
Clear PBR statistics. 
reset policy-based-route statistics 
[ policy-name 
]  Available in user view 
 
If a policy has a node with no 
if-match or apply  clause configured, all packets can pass the policy. 
However, no action is taken and the packets will not go  to the next policy node for a match. The statistics 
of PBR will be changed. 
If a policy node has  if-match clauses, but no  apply clauses configured, packets will match against these 
if-match  clauses. However, no  apply clauses are applicable to the permitted packets, and the packets 
will not go to the next policy node for a ma tch. The statistics of PBR will be changed. 
If a policy node has no  if-match clause, but  apply clauses configured, all packets can pass the policy, 
and then are forwarded according to the  apply clauses if the  permit keyword is specified for the node, 
or are denied if the  deny keyword is specified. The packets will not go to the next policy node for a match. 
The statistics of PBR will be changed. 
If the match mode of a policy node is  deny, no apply  clause will be executed for the packets satisfying 
all the  if-match  clauses, and the packets will not go to the next policy node for a match. They will be 
forwarded according to the routing table instead. Neither debugging information nor statistics for the 
deny  match mode can be displayed. 
PBR configuration (using a QoS policy)  
Task Command  Remarks 
Display user-defined QoS policy 
configuration information.  display qos policy user-defined
 [ policy-name 
[ classifier  tcl-name ] ] [ |  { begin  | exclude  | 
include  } regular-expression ]  Available in 
any view
    Add page 1073 to Favourites
    image text
    Enable zoom 
    							 384 
Task Command  Remarks 
Display QoS policy configuration on 
the specified interface or on all 
interfaces. display qos policy interface 
[ interface-type 
interface-number  ] [ inbound | outbound  ] [ | { begin  
|  exclude  | include  } regular-expression ]  Available in 
any view
 
Display VLAN QoS policy 
information.  display qos vlan-policy
 { name policy-name  | vlan  
vlan-id  } [ slot slot-number  ] [ inbound  | outbound  ] 
[  | { begin  | exclude | include  } regular-expression ]  Available in 
any view
 
Display information about global 
QoS policies.  display qos policy global
 [ slot slot-number  ] 
[ inbound  | outbound  ] [ | { begin  | exclude  | 
include  } regular-expression ]   Available in 
user view 
 
PBR configuration examples 
Configuring local PBR based on packet type 
Network requirements 
As shown in Figure 122
, configure PBR on Switch A, so that all TCP packets are forwarded to next hop 
1.1.2.2 and other packets are forwarded according to the routing table. 
Switch A is directly connected to Switch B and Switch C. Switch B and Switch C are unreachable to each 
other. 
Figure 122  Network diagram 
 
 
Configuration procedure 
1. Configure Switch A: 
# Define ACL 3101 to match TCP packets. 
 system-view 
[SwitchA] acl number 3101 
[SwitchA-acl-adv-3101] rule permit tcp 
[SwitchA-acl-adv-3101] quit 
# Configure Node 5 of policy  aaa to forward TCP packets to next hop 1.1.2.2. 
[SwitchA] policy-based-route aaa permit node 5 
[SwitchA-pbr-aaa-5] if-match acl 3101 
[SwitchA-pbr-aaa-5] apply ip-address next-hop 1.1.2.2 
[SwitchA-pbr-aaa-5] quit 
# Apply policy aaa to Switch A. 
[SwitchA] ip local policy-based-route aaa 
# Configure the IP addresses of VLAN-i nterface 10 and VLAN-interface 20. 
[SwitchA] interface vlan-interface 10
    Add page 1074 to Favourites
    image text
    Enable zoom 
    							 385 
[SwitchA-Vlan-interface10] ip address 1.1.2.1 255.255.255.0 
[SwitchA-Vlan-interface10] quit 
[SwitchA] interface vlan-interface 20 
[SwitchA-Vlan-interface20] ip address 1.1.3.1 255.255.255.0 
2. Configure Switch B: 
# Configure the IP address of VLAN-interface 10. 
 system-view 
[SwitchB] interface vlan-interface 10 
[SwitchB-Vlan-interface10] ip address 1.1.2.2 255.255.255.0 
[SwitchB-Vlan-interface10] quit 
3. Configure Switch C: 
# Configure the IP address of VLAN-interface 20. 
 system-view 
[SwitchC] interface vlan-interface 20 
[SwitchC-Vlan-interface20] ip address 1.1.3.2 255.255.255.0 
[SwitchC-Vlan-interface20] quit 
4. Verify the configuration:  
# Telnet to Switch B (1.1.2.2/24) fr om Switch A. The operation succeeds. 
# Telnet to Switch C (1.1.3.2/24) from Switch A. The operation fails. 
 telnet 1.1.3.2 
Trying 1.1.3.2 ... 
Press CTRL+K to abort 
Cant connect to the remote host! 
# Ping Switch C (1.1.3.2/24) from  Switch A. The operation succeeds. 
 ping 1.1.3.2 
  PING 1.1.3.2: 56  data bytes, press CTRL_C to break 
    Reply from 1.1.3.2: bytes=56 Sequence=1 ttl=255 time=2 ms 
    Reply from 1.1.3.2: bytes=56 Sequence=2 ttl=255 time=1 ms 
    Reply from 1.1.3.2: bytes=56 Sequence=3 ttl=255 time=1 ms 
    Reply from 1.1.3.2: bytes=56 Sequence=4 ttl=255 time=1 ms 
    Reply from 1.1.3.2: bytes=56 Sequence=5 ttl=255 time=1 ms 
  --- 1.1.3.2 ping statistics --- 
    5 packet(s) transmitted 
    5 packet(s) received 
    0.00% packet loss 
    round-trip min/avg/max = 1/1/2 ms 
Telnet uses TCP, and ping uses ICMP. The precedin g results show that all TCP packets of Switch A 
are forwarded to next hop 1.1.2.2, and other pac kets are forwarded via VLAN-interface 20. The 
PBR configuration is effective. 
Configuring interface PBR based on packet type 
Network requirements 
As shown in  Figure 123, configure PBR on Switch A, so that TCP packets arriving on VLAN-interface 1 1 
are forwarded to next hop 1.1.2.2 and other packets  are forwarded according to the routing table.
    Add page 1075 to Favourites
    image text
    Enable zoom 
    							 386 
Figure 123 Network diagram 
 
Configuration procedure 
In this example, static routes are configured to ensure the reachability among devices. 
1. Configure Switch A: 
# Define ACL 3101 to match TCP packets. 
 system-view 
[SwitchA] acl number 3101 
[SwitchA-acl-adv-3101] rule permit tcp 
[SwitchA-acl-adv-3101] quit 
# Configure Node 5 of policy  aaa to forward TCP packets to next hop 1.1.2.2. 
[SwitchA] policy-based-route aaa permit node 5 
[SwitchA-pbr-aaa-5] if-match acl 3101 
[SwitchA-pbr-aaa-5] apply ip-address next-hop 1.1.2.2 
[SwitchA-pbr-aaa-5] quit 
# Apply the policy aaa to VLAN-interface 11. 
[SwitchA] interface vlan-interface 11 
[SwitchA-Vlan-interface11] ip address 10.110.0.10 255.255.255.0 
[SwitchA-Vlan-interface11] ip policy-based-route aaa 
[SwitchA-Vlan-interface11] quit 
# Configure the IP addresses of VLAN-i nterface 10 and VLAN-interface 20. 
[SwitchA] interface vlan-interface 10 
[SwitchA-Vlan-interface10] ip address 1.1.2.1 255.255.255.0 
[SwitchA-Vlan-interface10] quit 
[SwitchA] interface vlan-interface 20 
[SwitchA-Vlan-interface20] ip address 1.1.3.1 255.255.255.0 
2. Configure Switch B: 
# Configure a static route to subnet 10.110.0.0/24.
    Add page 1076 to Favourites
    image text
    Enable zoom 
    							 387 
 system-view 
[SwitchB] ip route-static 10.110.0.0 24 1.1.2.1 
# Configure the IP address of VLAN-interface 10. 
[SwitchB] interface vlan-interface 10 
[SwitchB-Vlan-interface10] ip address 1.1.2.2 255.255.255.0 
[SwitchB-Vlan-interface10] quit 
3. Configure Switch C: 
# Configure a static route to subnet 10.110.0.0/24. 
 system-view 
[SwitchC] ip route-static 10.110.0.0 24 1.1.3.1 
# Configure the IP address of VLAN-interface 20. 
[SwitchC] interface vlan-interface 20 
[SwitchC-Vlan-interface20] ip address 1.1.3.2 255.255.255.0 
[SwitchC-Vlan-interface20] quit 
Verifying the configuration 
Configure the IP address of Host A as 10.1 10.0.20/24, and the gateway as 10.110 . 0 .10 .  
On Host A, Telnet to Switch B (1.1.2.2) that is directly connected to Switch A. The operation succeeds. 
On Host A, Telnet to Switch C (1.1.3.2) that is directly connected to Switch A. The operation fails. 
Ping Switch C from Host A. The operation succeeds. 
Telnet uses TCP, and ping uses ICMP. The precedin g results show that all TCP packets arriving on 
VLAN-interface 1 1 of Switch A are forwarded to next hop 1.1.2.2, and other packets are forwarded via 
VLAN-interface 20. The PBR configuration is effective. 
IPv4 PBR configuration example (using a QoS policy) 
Network requirements 
As shown in Figure 124 , redirect all packets received on GigabitEthernet 1/0/1 of Switch A to the next 
h o p  2 0 2 .1.1. 2 .  
Figure 124  Network diagram 
 
 
Configuration procedure 
# Configure ACL 2000. 
 system-view 
[SwitchA] acl number 2000
    Add page 1077 to Favourites
    image text
    Enable zoom 
    							 388 
[SwitchA-acl-basic-2000] rule 0 permit source any 
[SwitchA-acl-basic-2000] quit 
# Define a match criterion for class a to match ACL 2000. 
[SwitchA] traffic classifier a 
[SwitchA-classifier-a] if-match acl 2000 
[SwitchA-classifier-a] quit 
# Configure the action of redirecting traffic to the next hop 202.1.1.2 for behavior  a. 
[SwitchA] traffic behavior a 
[SwitchA-behavior-a] redirect next-hop 202.1.1.2 
[SwitchA-behavior-a] quit 
# Associate class  a with behavior a  in QoS policy a.  
[SwitchA] qos policy a 
[SwitchA-qospolicy-a] classifier a behavior a 
[SwitchA-qospolicy-a] quit 
# Apply QoS policy a  to the incoming traffic of GigabitEthernet 1/0/1.  
[SwitchA] interface gigabitethernet 1/0/1 
[SwitchA-GigabitEthernet1/0/1] qos apply policy a inbound 
Verifying the configuration 
After completing the configuration, verify that when Switch A receives packets with destination IP address 
201.1.1.2, it forwards the packets to Switch C instead of Switch B. 
IPv6 PBR configuration example (using a QoS policy) 
Network requirements 
As shown in Figure 125, r edirect all packets received on GigabitEthernet 1/0/1 of Switch A to the next 
hop 202::2. 
Figure 125  Network diagram 
 
 
Configuration procedure 
# Configure IPv6 ACL 2000. 
 system-view 
[SwitchA] acl ipv6 number 2000 
[SwitchA-acl6-basic-2000] rule 0 permit source any 
[SwitchA-acl6-basic-2000] quit 
# Define a match criterion for class a to match IPv6 ACL 2000.
    Add page 1078 to Favourites
    image text
    Enable zoom 
    							 389 
[SwitchA] traffic classifier a 
[SwitchA-classifier-a] if-match acl ipv6 2000 
[SwitchA-classifier-a] quit 
# Configure the action of redirecting traffic to the next hop 202::2 for behavior  a. 
[SwitchA] traffic behavior a 
[SwitchA-behavior-a] redirect next-hop 202::2 
[SwitchA-behavior-a] quit 
# Associate class  a with behavior a  in QoS policy a. 
[SwitchA] qos policy a 
[SwitchA-qospolicy-a] classifier a behavior a 
[SwitchA-qospolicy-a] quit 
# Apply QoS policy a  to the incoming traffic of GigabitEthernet 1/0/1. 
[SwitchA] interface gigabitethernet 1/0/1 
[SwitchA-GigabitEthernet1/0/1] qos apply policy a inbound 
Verifying th configuration 
After completing the configuration, verify that when Switch A receives packets with destination IP address 
201::2, it forwards the packets to Switch C instead of Switch B.
    Add page 1079 to Favourites
    image text
    Enable zoom 
    							 390 
Configuring MCE 
The term router in this document refers to both routers and Layer 3 switches. 
The term Layer 3 interface in this chapter refers to route -mode (or Layer 3) Ethernet ports. You can set 
an Ethernet port to operate in route mode by using the port link-mode  route  command (see  Layer 
2—LAN Switching Configuration Guide ). 
This chapter covers MCE related configuration. For information about routing protocols, see  Layer 3—IP 
Services Configuration Guide . The MCE function is available only on the HP 5500 EI switch series. 
MCE overview 
MPLS L3VPN overview 
MPLS L3VPN is a type of PE-based L3VPN technology for service provider VPN solutions. It uses BGP to 
advertise VPN routes and uses MPLS to forward VPN packets on service provider backbones. 
MPLS L3VPN provides flexible networking modes, exce llent scalability, and convenient support for MPLS 
QoS and MPLS TE.  
The MPLS L3VPN model consists of the following types of devices: 
•   Customer edge (CE) device —A CE resides on a customer network and has one or more interfaces 
directly connected with service provider networks. It can be a router, a switch, or a host. It can 
neither sense the existence of any VPN nor does it need to support MPLS. 
•   Provider edge (PE) device —A PE resides on a service provider network and connects one or more 
CEs to the network. On an MPLS network, all VPN processing occurs on the PEs. 
•   Provider (P) device —A P device is a core device on a service provider network. It is not directly 
connected with any CE. It only needs to be equipped with basic MPLS forwarding capability. 
Figure 126  Network diagram for MPLS L3VPN model
    Add page 1080 to Favourites
    image text
    Enable zoom 
    							 391 
CEs and PEs mark the boundary between the service providers and the customers. 
After a CE establishes adjacency with a directly connected PE, it advertises its VPN routes to the PE and 
learns remote VPN routes from the PE. A CE and a PE  use BGP/IGP to exchange routing information. You 
can also configure static routes between them. 
After a PE learns the VPN routing information of a CE, it uses BGP to exchange VPN routing information 
with other PEs. A PE maintains routing information about only VPNs that are directly connected, rather 
than all VPN routing information on the provider network. 
A P router maintains only routes to PEs and  does not deal with VPN routing information. 
When VPN traffic travels over the MPLS backbone, the ingress PE functions as the ingress Label Switching 
Router (LSR), the egress PE functions as the egress LSR, and P routers function as the transit LSRs. 
MPLS L3VPN concepts  
Site 
Sites are often mentioned in the VPN. A site has the following features: 
•   A  s i t e  i s  a  g ro u p  o f  I P  sys t e m s  wi t h  I P  c o n n e c t i vi t y  that does not rely on any service provider network 
to implement. 
•   The classification of a site depends on the topolo gy relationship of the devices, rather than the 
geographical positions, though the devices at a si te are, in most cases, adjacent to each other 
geographically.  
•   The devices at a site can belong to multiple VPNs. 
•   A site is connected to a provider network through one or more CEs. A site can contain many CEs, 
but a CE can belong to only one site.  
Sites connected to the same provider network can be cl assified into different sets by policies. Only the 
sites in the same set can access each other through the provider network. Such a set is called a VPN. 
Address space overlapping 
Each VPN independently manages the addresses it uses. The assembly of such addresses for a VPN is 
called an address space. 
The address spaces of VPNs may overlap. For example, if both VPN 1 and VPN 2 use the addresses on 
network segment 10.1 10.10.0/24, address space overlapping occurs. 
VPN instance 
In MPLS VPN, routes of different VPNs are identified by VPN instance. 
A PE creates and maintains a separate VPN instance for each VPN at a directly connected site. Each 
VPN instance contains the VPN membership and routing ru les of the corresponding site. If a user at a site 
belongs to multiple VPNs at the same time, the VPN in stance of the site contains information about all of 
the VPNs. 
For independence and security of VPN data, each  VPN instance on a PE maintains a relatively 
independent routing table and a separate label forwarding information base (LFIB). VPN instance 
information contains the following items: the LFIB, IP  routing table, interfaces bound to the VPN instance, 
and administration information of the VPN instance.  The administration information of the VPN instance 
includes the route distinguisher (RD), route  filtering policy, and member interface list.
    All HP manuals Comments (0)

    Related Manuals for HP 5500 Ei 5500 Si Switch Series Configuration Guide