Manual 8600-4.1

Part No.
314725-E Rev 00
May 2006
4655 Great America Parkway

Santa Clara, CA 95054
Configuring VLANs, Spanning

Tree, and Link Aggregation
Ethernet Routing Switch 8600 Software
Release 4.1
2
Copyright © 2006 Nortel Networks. All Rights Reserved.

The information in this document is subject to change without notice. The statements, configurations, technical
data, and recommendations in this document are believed to be accurate and reliable, but are presented without
express or implied warranty. Users must take full responsibility for their applications of any products specified in
this document. The information in this document is proprietary to Nortel Networks.
Trademarks
Nortel, the Nortel logo, and the Globemark are trademarks of Nortel Networks.
Adobe and Acrobat Reader are trademarks of Adobe Systems, Incorporated.
Microsoft, Windows, and Windows NT are trademarks of Microsoft Corporation.
The asterisk after a name denotes a trademarked item.
Restricted rights legend

Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in
subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.
Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer
software, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth
in the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.
Statement of conditions
In the interest of improving internal design, operational function, and/or reliability, Nortel reserves the right to
make changes to the products described in this document without notice.
Nortel does not assume any liability that may occur due to the use or application of the product(s) or circuit
layout(s) described herein.
Portions of the code in this software product may be Copyright © 1988, Regents of the University of California. All
rights reserved. Redistribution and use in source and binary forms of such portions are permitted, provided that the
above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising
materials, and other materials related to such distribution and use acknowledge that such portions of the software
were developed by the University of California, Berkeley. The name of the University may not be used to endorse or
promote products derived from such portions of the software without specific prior written permission.
SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED “AS IS” AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
In addition, the program and information contained herein are licensed only pursuant to a license agreement that
contains restrictions on use and disclosure (that may incorporate by reference certain limitations and notices
imposed by third parties).
Nortel software license agreement

This Software License Agreement (“License Agreement”) is between you, the end-user (“Customer”) and Nortel
Corporation and its subsidiaries and affiliates (“Nortel”). PLEASE READ THE FOLLOWING CAREFULLY.
YOU MUST ACCEPT THESE LICENSE TERMS IN ORDER TO DOWNLOAD AND/OR USE THE
SOFTWARE. USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OF THIS LICENSE
314725-E Rev 00
3
AGREEMENT. If you do not accept these terms and conditions, return the Software, unused and in the original
shipping container, within 30 days of purchase to obtain a credit for the full purchase price.
“Software” is owned or licensed by Nortel, its parent or one of its subsidiaries or affiliates, and is copyrighted and
licensed, not sold. Software consists of machine-readable instructions, its components, data, audio-visual content
(such as images, text, recordings or pictures) and related licensed materials including all whole or partial copies.
Nortel grants you a license to use the Software only in the country where you acquired the Software. You obtain no
rights other than those granted to you under this License Agreement. You are responsible for the selection of the
Software and for the installation of, use of, and results obtained from the Software.
1.Licensed Use of Software. Nortel grants Customer a nonexclusive license to use a copy of the Software on only
one machine at any one time or to the extent of the activation or authorized usage level, whichever is applicable. To
the extent Software is furnished for use with designated hardware or Customer furnished equipment (“CFE”),
Customer is granted a nonexclusive license to use Software only on such hardware or CFE, as applicable. Software
contains trade secrets and Customer agrees to treat Software as confidential information using the same care and
discretion Customer uses with its own similar information that it does not wish to disclose, publish or disseminate.
Customer will ensure that anyone who uses the Software does so only in compliance with the terms of this
Agreement. Customer shall not a) use, copy, modify, transfer or distribute the Software except as expressly
authorized; b) reverse assemble, reverse compile, reverse engineer or otherwise translate the Software; c) create
derivative works or modifications unless expressly authorized; or d) sublicense, rent or lease the Software.
Licensors of intellectual property to Nortel are beneficiaries of this provision. Upon termination or breach of the
license by Customer or in the event designated hardware or CFE is no longer in use, Customer will promptly return
the Software to Nortel or certify its destruction. Nortel may audit by remote polling or other reasonable means to
determine Customer’s Software activation or usage levels. If suppliers of third party software included in Software
require Nortel to include additional or different terms, Customer agrees to abide by such terms provided by Nortel
with respect to such third party software.
2.Warranty. Except as may be otherwise expressly agreed to in writing between Nortel and Customer, Software is
provided “AS IS” without any warranties (conditions) of any kind. Nortel DISCLAIMS ALL WARRANTIES
(CONDITIONS) FOR THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT
LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT. Nortel is not obligated to provide support of
any kind for the Software. Some jurisdictions do not allow exclusion of implied warranties, and, in such event, the
above exclusions may not apply.
3.Limitation of Remedies. IN NO EVENT SHALL Nortel OR ITS AGENTS OR SUPPLIERS BE LIABLE FOR
ANY OF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTY CLAIM; b) LOSS OF, OR
DAMAGE TO, CUSTOMER’S RECORDS, FILES OR DATA; OR c) DIRECT, INDIRECT, SPECIAL,
INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR
SAVINGS), WHETHER IN CONTRACT, TORT OR OTHERWISE (INCLUDING NEGLIGENCE) ARISING
OUT OF YOUR USE OF THE SOFTWARE, EVEN IF Nortel, ITS AGENTS OR SUPPLIERS HAVE BEEN
ADVISED OF THEIR POSSIBILITY. The forgoing limitations of remedies also apply to any developer and/or
supplier of the Software. Such developer and/or supplier is an intended beneficiary of this Section. Some
jurisdictions do not allow these limitations or exclusions and, in such event, they may not apply.
4.General
a. If Customer is the United States Government, the following paragraph shall apply: All Nortel Software
available under this License Agreement is commercial computer software and commercial computer
software documentation and, in the event Software is licensed for or on behalf of the United States
Government, the respective rights to the software and software documentation are governed by Nortel
standard commercial license in accordance with U.S. Federal Regulations at 48 C.F.R. Sections 12.212 (for
non-DoD entities) and 48 C.F.R. 227.7202 (for DoD entities).
b. Customer may terminate the license at any time. Nortel may terminate the license if Customer fails to
comply with the terms and conditions of this license. In either event, upon termination, Customer must
either return the Software to Nortel or certify its destruction.
Configuring VLANs, Spanning Tree, and Link Aggregation

4
c. Customer is responsible for payment of any taxes, including personal property taxes, resulting from
Customer’s use of the Software. Customer agrees to comply with all applicable laws including all
applicable export and import laws and regulations.
d. Neither party may bring an action, regardless of form, more than two years after the cause of the action
arose.
e. The terms and conditions of this License Agreement form the complete and exclusive agreement between
Customer and Nortel.
f. This License Agreement is governed by the laws of the country in which Customer acquires the Software. If
the Software is acquired in the United States, then this License Agreement is governed by the laws of the
state of New York.
314725-E Rev 00
5
Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Text conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Hard-copy technical manuals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
How to get help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Finding the latest updates on the Nortel web site . . . . . . . . . . . . . . . . . . . . . . . . . 35

Getting help from the Nortel web site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Getting help over the phone from a Nortel Solutions Center . . . . . . . . . . . . . . . . . 36
Getting help from a specialist by using an Express Routing Code . . . . . . . . . . . . 36
Getting help through a Nortel distributor or reseller . . . . . . . . . . . . . . . . . . . . . . . . 36
Chapter 1
Layer 2 operational concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Port-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Policy-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Port membership types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Protocol-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
User-defined protocol-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
MAC address-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
IP subnet-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Multihoming support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
VLAN tagging and port types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
802.1Q tagged ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Treatment of tagged and untagged frames . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Untagging Default VLAN on a Tagged Port feature . . . . . . . . . . . . . . . . . . . . . 50

6 Contents
VLAN virtual router interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

IP routing and VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
IPX routing and VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
VLAN implementation on the Ethernet Routing Switch 8600 . . . . . . . . . . . . . . . . 53
Default VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Unassigned VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Brouter ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
VLAN rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
VLAN features supported on the Ethernet Routing Switch 8600 modules . . . . . . 55
MultiLink trunking and VLAN scalability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
VLAN scaling formulas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Maximum VLAN support comparison with Enhanced Operation mode . . . . . 57
Module behavior comparison with Enhanced Operation mode . . . . . . . . . . . . 58
Interoperability between operation mode and module type . . . . . . . . . . . . . . 58
Stacked VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
sVLAN specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
sVLAN rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
sVLAN levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
sVLAN UNI and NNI ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Flooding for Microsoft NLB clustering systems in unicast mode . . . . . . . . . . . . . . 63
VLAN MAC filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Prevention of IP spoofing within a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
VLAN Loop Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Spanning tree protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Spanning tree groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Spanning Tree Protocol controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Spanning Tree FastStart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Understanding STGs and VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Spanning Tree Protocol topology change detection . . . . . . . . . . . . . . . . . . . . 70
Per-VLAN spanning tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Rapid Spanning Tree Protocol and Multiple Spanning Tree Protocol . . . . . . . . . . 73
Interoperability with legacy STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Link aggregation (MLT, SMLT, LACP, VLACP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
MultiLink Trunking (MLT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
314725-E Rev 00
Contents 7
MLT traffic distribution algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

MultiLink Trunking rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Multicast flow distribution over MLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Multicast distribution algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Multicast traffic redistribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
MLT examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
IEEE 802.3ad-based link aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
LACP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Link aggregation operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Principles of link aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
LACP and MLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
LACP and SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
LACP and routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
LACP priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
LACP keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
LACP timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
LACP modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
LACP and spanning tree interaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Link aggregation rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Virtual LACP (VLACP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
VLACP timers and sub-100 ms core convergence . . . . . . . . . . . . . . . . . . . . 104
Split MultiLink Trunking (SMLT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Advantages of SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
How does SMLT work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Traffic flow in an SMLT environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
SMLT-on-Single-CPU feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Single Port SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Split multilink trunk topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Using MLT-based SMLT with Single Port SMLT . . . . . . . . . . . . . . . . . . . . . . 125
Interaction between SMLT and LACP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
SMLT network design considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
SMLT and SLPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
SMLT and IP routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

8 Contents
Simple Loop Prevention Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Chapter 2
Configuring VLANs using Device Manager . . . . . . . . . . . . . . . . . . . . . . . . 135
Displaying defined VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Configuring port-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Creating a port-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Configuring an IP address for a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Configuring a network address and encapsulation for a VLAN . . . . . . . . . . . . . . 144
Configuring policy-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Creating a source IP subnet-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Creating a protocol-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Configuring user-defined protocol-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . 150
Creating a source MAC address-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Enabling source MAC address-based VLANs on the system . . . . . . . . . . . . 152
Configuring a source MAC address-based VLAN . . . . . . . . . . . . . . . . . . . . . 154
Creating a source MAC address-based VLAN using batch files . . . . . . . . . . 157
Managing a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Changing VLAN port membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Configuring advanced VLAN features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Configuring VLAN forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Configuring a VLAN to accept tagged or untagged frames . . . . . . . . . . . . . . . . . 165
Configuring Untagging Default VLAN on a Tagged Port . . . . . . . . . . . . . . . . . . . 169
Configuring MAC address auto-learning on a VLAN . . . . . . . . . . . . . . . . . . . . . . 170
Modifying auto-learned MAC addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Configuring VLAN Loop Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Configuring directed broadcast on a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Managing VLAN bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Configuring the forwarding database timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Viewing the forwarding database for a specific VLAN . . . . . . . . . . . . . . . . . . . . . 179
Clearing learned MAC addresses from the forwarding database . . . . . . . . . . . . 180
Clearing learned MAC addresses by VLAN . . . . . . . . . . . . . . . . . . . . . . . . . 180
Clearing learned MAC addresses for all VLANs by port . . . . . . . . . . . . . . . . 181
Configuring static forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
MAC-layer bridge packet filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
314725-E Rev 00
Contents 9
Configuring a MAC-layer bridge filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

Configuring the Global MAC filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Configuring Enhanced Operation mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Chapter 3
Configuring sVLAN using Device Manager . . . . . . . . . . . . . . . . . . . . . . . . 195
Stacked VLAN configuration overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

Creating an sVLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Setting the sVLAN Ethertype and switch level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Setting the sVLAN port type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Creating an sVLAN STG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Chapter 4
Configuring spanning tree using Device Manager . . . . . . . . . . . . . . . . . . 211
Choosing the spanning tree mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Configuring Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Creating a STG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Editing an STG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Adding ports to an STG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Viewing the STG status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Viewing STG ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Enabling STP on a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Deleting an STG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Configuring STG topology change detection . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Configuring Multiple Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Configuring MSTP globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Configuring CIST ports for MSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Viewing statistics for the CIST ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Configuring MSTI bridges for MSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Configuring MSTI ports for MSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Viewing MSTI port statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Configuring Rapid Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Configuring RSTP globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Configuring RSTP ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Viewing RSTP status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

10 Contents
Viewing statistics for RSTP Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Chapter 5
Configuring link aggregation using Device Manager . . . . . . . . . . . . . . . . 249
Configuring link aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Configuring LACP globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Configuring VLACP globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Adding a MultiLink/LACP trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Adding ports to a multilink trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Viewing multilink trunk interface statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Viewing multilink trunk Ethernet error statistics . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Managing LACP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
Configuring a port for LACP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Configuring a port for Virtual LACP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Viewing LACP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Configuring Split Multilink Trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Adding a MLT-based SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Viewing MLT-based SMLTs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Adding ports to an MLT-based SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Configuring an IST multilink trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
Editing an IST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
Viewing IST statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
Configuring a single port split multilink trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
Viewing Single Port SMLTs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Deleting a Single Port SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Configuring Simple Loop Prevention Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Configuring SLPP globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Configuring the SLPP by VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Configuring the SLPP by port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Chapter 6
Configuring multiple DSAP and SSAP using Device Manager . . . . . . . . 297
Design aspects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

Configuring multiple DSAPs and SSAPs per VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . 300
314725-E Rev 00
Contents 11
Chapter 7
Configuring and managing VLANs using the CLI. . . . . . . . . . . . . . . . . . . 303
Roadmap of VLAN commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

Configuring and managing a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Creating a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Performing general VLAN operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Configuring VLAN parameters in the forwarding database . . . . . . . . . . . . . . . . . 316
Configuring or modifying VLAN entries in the forwarding database . . . . . . . 316
Configuring VLAN filter members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Setting or modifying parameters of VLAN not allowed filter member . . . . . . 318
Configuring VLAN static member parameters . . . . . . . . . . . . . . . . . . . . . . . . 320
Limiting MAC learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
Adding or removing VLAN ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Adding or removing VLAN source MAC addresses . . . . . . . . . . . . . . . . . . . . . . . 324
Configuring NLB unicast support on an IP interface . . . . . . . . . . . . . . . . . . . . . . 325
Configuring Untagging Default VLAN on a Tagged Port . . . . . . . . . . . . . . . . . . . 325
Configuring Enhanced Operation mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
Configuring VLAN Loop Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
Configuring spoof detection for a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Using the VLAN show commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Displaying general VLAN information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Displaying forwarding database information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Displaying forwarding database filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
Displaying database status, MAC address, and QoS levels . . . . . . . . . . . . . . . . 349
Displaying additional parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Displaying ARP configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Displaying VLAN information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
Displaying brouter port information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
Displaying IGMP switch operation information . . . . . . . . . . . . . . . . . . . . . . . . . . 354
Displaying VLAN routing (IP) configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Displaying port member status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
Displaying source MAC addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
Using the show ports commands for VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
Displaying port tagging information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Displaying all port VLAN information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360

12 Contents
Using the VLAN IP commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

Assigning an IP address to a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
Chapter 8
Configuring sVLANs using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Roadmap of sVLAN commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366

Overview of sVLAN CLI configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
Creating an sVLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
Setting the Ethertype and switch level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
Showing Ethertype and switch level information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Setting the sVLAN port type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Creating an sVLAN STG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
Adding UNI or NNI ports to the STG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
Chapter 9
Configuring STGs using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Roadmap of spanning tree commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380

Configuring the spanning tree protocol mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
Configuring Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
Configuring spanning tree group parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
Configuring STG port parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Configuring topology change detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
Querying the change detection setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390
Using the show STG commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
Displaying all STG information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
Displaying STG configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
Displaying STG status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
Displaying basic STG information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
Displaying additional STG information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
Displaying STG statistics counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
Configuring Rapid Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Configuring Rapid Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Showing RSTP config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
Showing RSTP stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Showing RSTP status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406
314725-E Rev 00
Contents 13
Showing ports info RSTP config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407

Showing ports info RSTP stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
Showing ports info RSTP status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Showing ports info RSTP config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
Showing ports info RSTP role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411
Configuring Ethernet RSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
Configuring Multiple Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Configuring Multiple Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Configuring MSTP region . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Configuring MSTP CIST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
Configuring MSTP MSTI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
Showing MSTP configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
Showing MSTP instance information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Showing MSTP stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
Showing MSTP status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
Showing MSTP port information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
Configuring Ethernet MSTP CIST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424
Configuring Ethernet MSTP MSTI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
Chapter 10
Configuring link aggregation using the CLI . . . . . . . . . . . . . . . . . . . . . . . 427
Roadmap of link aggregation commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428

Configuring link aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
Link aggregation commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
Adding ports to a link aggregation group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
Removing ports from a link aggregation group . . . . . . . . . . . . . . . . . . . . . . . . . . 437
Global LACP commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
Aggregator configuration commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
Port configuration commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
LACP show commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443
Displaying global LACP configuration information . . . . . . . . . . . . . . . . . . . . 443
Displaying LACP configuration information . . . . . . . . . . . . . . . . . . . . . . . . . . 444
Displaying LACP statistics information per port . . . . . . . . . . . . . . . . . . . . . . 446
Displaying LACP configuration information per aggregator . . . . . . . . . . . . . 448
Configuring VLACP on a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451

14 Contents
Displaying the VLACP port configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 452

Globally enabling or disabling VLACP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
Creating a split multilink trunk from an existing multilink trunk . . . . . . . . . . . . . . 455
Creating an interswitch trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
Creating an interswitch trunk from an existing multilink trunk . . . . . . . . . . . . 457
Enabling and disabling an interswitch trunk . . . . . . . . . . . . . . . . . . . . . . . . . 458
Configuring CP-Limit for an IST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459
Deleting an interswitch trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460
Creating a single port split multilink trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460
Configuration example: single port split multilink trunk . . . . . . . . . . . . . . . . . 461
Configuring SMLT-on-Single-CPU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462
Using the MLT and SMLT show commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Displaying all multilink trunk information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Displaying information about collision errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
Displaying information about Ethernet errors . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
Displaying multilink trunk status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468
Displaying interswitch trunk status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
Displaying split multilink trunk status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470
Displaying all ports configured for single port split multilink trunk . . . . . . . . . . . . 471
Displaying a port configured for Single Port SMLT . . . . . . . . . . . . . . . . . . . . . . . 471
Displaying MLT statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472
Troubleshooting SMLT problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
Troubleshooting IST problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474
Troubleshooting problems with a single user . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476
Global MAC filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
Configuring Simple Loop Prevention Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
Configuring SLPP on a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
Showing SLPP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481
Showing SLPP port information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482
Chapter 11
Configuring multiple DSAP and SSAP using the CLI . . . . . . . . . . . . . . . . 483
Design aspects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484

Configuring multiple DSAP and SSAP with the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . 487
314725-E Rev 00
Contents 15
Chapter 12
Device Manager configuration examples . . . . . . . . . . . . . . . . . . . . . . . . . 491
LACP point to point LAG configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491

SMLT and LACP configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495
Single Port SMLT and LACP configuration example . . . . . . . . . . . . . . . . . . . . . . . . . 500
Chapter 13
CLI configuration examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
MultiLink Trunking configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504

Single Port SMLT with SLPP configuration example . . . . . . . . . . . . . . . . . . . . . . . . . 505
SMLT triangle with loop detection configuration example . . . . . . . . . . . . . . . . . . . . . 508
Square SMLT configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514
Full mesh SMLT configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518
SMLT and VRRP configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522
SMLT and multicast configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525
Triangle SMLT and LACP configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526
Single Port SMLT and LACP configuration example . . . . . . . . . . . . . . . . . . . . . . . . . 528
SLPP, VRRP BackupMaster, and SMLT configuration example . . . . . . . . . . . . . . . . . 532
Ping Snoop configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 540
LACP point to point LAG configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541
Enabling VLACP on Ethernet links configuration example . . . . . . . . . . . . . . . . . . . . . 543
Per-VLAN Spanning Tree Plus (PVST+) configuration examples . . . . . . . . . . . . . . . 544
Configuring PVST+ on an Ethernet Routing Switch 8600 . . . . . . . . . . . . . . . . . . 544
Configuration example—basic PVST+ setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
Configuration example—load balancing with the Ethernet Routing Switch 8600 as a
distribution switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547
Configuration files for S1 and S2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550
Configuration example—load balancing with the Cisco System switch as a distribution
switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552
Cisco Systems default spanning tree settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 553
Setting the PVST+ bridge ID priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553
Rapid Spanning Tree Protocol configuration example . . . . . . . . . . . . . . . . . . . . . . . . 554
Multiple Spanning Tree Protocol configuration example . . . . . . . . . . . . . . . . . . . . . . 559
Appendix A

16 Contents
Tap and OctaPID assignment (Release 3.x feature set) . . . . . . . . . . . . . . 567
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577
314725-E Rev 00
17
Figures
Figure 1 Port-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Figure 2 Dynamic protocol-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Figure 3 PPPoE and IP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Figure 4 Incorrect use of an IP subnet-based VLAN . . . . . . . . . . . . . . . . . . . . . . . 47
Figure 5 VLAN tag insertion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Figure 6 Network with IP phone and PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Figure 7 Formulas used for VLAN scaling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Figure 8 sVLAN model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Figure 9 One layer sVLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Figure 10 Two layer sVLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Figure 11 Multiple spanning tree groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Figure 12 802.1d spanning tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Figure 13 Multiple instances of spanning tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Figure 14 Negotiation process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Figure 15 Config sys set hash-calc output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Figure 16 Switch-to-switch multilink trunk configuration . . . . . . . . . . . . . . . . . . . . . . 88
Figure 17 Switch-to-server multilink trunk configuration . . . . . . . . . . . . . . . . . . . . . . 89
Figure 18 Client/server multilink trunk configuration . . . . . . . . . . . . . . . . . . . . . . . . . 90
Figure 19 Link aggregation sublayer (according to IEEE 802.3ad) . . . . . . . . . . . . . . 93
Figure 20 Problem description (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Figure 21 Problem description (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Figure 22 Sub-100 ms convergence between SuperMezz modules . . . . . . . . . . . . 106
Figure 23 Resilient networks with Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . 109
Figure 24 Resilient networks with SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Figure 25 Ethernet Routing Switch 8600 as SMLT aggregation switches . . . . . . . 111
Figure 26 Output of the command show vlan info fdb-e 10 . . . . . . . . . . . . . . . . . . 117
Figure 27 Network topology for traffic flow example . . . . . . . . . . . . . . . . . . . . . . . . 118
Figure 28 Single Port SMLT topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Figure 29 SMLT triangle topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

18 Figures
Figure 30 SMLT square topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Figure 31 SMLT full mesh topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Figure 32 Changing a split trunk from MLT-based SMLT to Single Port SMLT . . . 125
Figure 33 SLPP frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Figure 34 VLAN—Basic tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Figure 35 VLAN, Insert Basic box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Figure 36 VlanPortMembers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Figure 37 IP, VLAN box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Figure 38 IP, VLAN, Insert IP Address box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Figure 39 IPX, VLAN—Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Figure 40 IPX, VLAN—Insert Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Figure 42 VLAN, Insert Basic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Figure 43 Chassis, System Flags tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Figure 44 VLAN, Insert Basic—bySrcMac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Figure 46 PortMembers box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Figure 47 VLAN—Advanced tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Figure 48 VLAN—Forwarding tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Figure 49 VLAN, Forwarding—Filter tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Figure 50 Port—Interface tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Figure 51 Port—VLAN tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Figure 52 VLAN—UntagDefaultVlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Figure 53 VLanMacLearning—Manual Edit tab . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Figure 54 VLanMacLearning, Insert Manual Edit box . . . . . . . . . . . . . . . . . . . . . . . 171
Figure 55 BridgeManualEditPorts box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Figure 56 VLanMacLearning—Auto Learn tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Figure 57 Port—VLAN loop detect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Figure 58 Loop Detected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Figure 59 IP, VLAN—Direct Broadcast tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Figure 60 Bridge, VLAN—FDB Aging tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Figure 61 Bridge, VLAN—Forwarding tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Figure 62 VLAN—Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Figure 63 Port—Interface, FlushMacFDB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Figure 64 Bridge, VLAN—Static tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
314725-E Rev 00
Figures 19
Figure 65 Bridge, VLAN—Insert Static box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

Figure 66 BridgeStaticPort . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Figure 67 Bridge, VLAN—Filter tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Figure 68 Bridge, VLAN—Insert Filter box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Figure 69 BridgeFilterPort . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Figure 70 BridgeFilterSrcDiscard box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Figure 71 BridgeFilterDestDiscard box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Figure 72 GlobalMacFiltering tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Figure 73 GlobalMacFiltering, Insert Mac Filter box . . . . . . . . . . . . . . . . . . . . . . . . 190
Figure 74 Chassis—System Flags tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Figure 75 Chassis—System SaveRuntimeConfig . . . . . . . . . . . . . . . . . . . . . . . . . 193
Figure 76 VLAN—Basic tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Figure 77 Insert Basic—for sVLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Figure 79 SVLAN—Ether Type tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Figure 80 Svlan box—Level tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Figure 81 Port box—Interface tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Figure 82 Port—VLAN tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Figure 83 sVLAN configuration warning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Figure 84 STG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Figure 85 STG, Insert Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Figure 86 Spanning Tree—Globals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Figure 87 STG—Configuration tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Figure 88 STG, Insert Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Figure 89 StgPortMembers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Figure 90 StgPortMembers box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Figure 91 STG—Status tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Figure 92 STG—Ports tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Figure 93 MSTP—Globals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Figure 94 MSTP—CIST Port tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Figure 95 CIST Port Stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Figure 96 MSTP—MSTI Bridges tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Figure 97 MSTP—MSTI Port tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Figure 98 MSTI Port.BridgeInstance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Figure 99 RSTP—Globals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

20 Figures
Figure 100 RSTP—RSTP Ports tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

Figure 101 RSTP Status tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Figure 102 RSTP Port—RSTP Stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Figure 103 MLT_LACP—LACP Global tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Figure 104 VLACP Global . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Figure 105 MLT_LACP—MultiLink/LACP Trunks . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Figure 106 MLT_LACP, Insert MultiLink/LACP Trunks box . . . . . . . . . . . . . . . . . . . . 255
Figure 107 MltPortMembers box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Figure 108 Statistics, MLT—Interface tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Figure 109 Statistics, MLT—Ethernet Errors tab . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Figure 110 MLT_LACP—LACP tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
Figure 111 Port—LACP tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Figure 112 Port—VLACP tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Figure 113 Graph Port—Interface tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Figure 114 Graph Port—LACP tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Figure 115 SMLT—SMLT Info tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Figure 116 IST MLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Figure 117 IST MLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
Figure 118 Ist/SMLT Stats tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Figure 119 Port—SMLT tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
Figure 120 Port, Insert SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Figure 121 SMLT—Single Port SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Figure 122 Deleting a Single Port SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Figure 123 SLPP—Global . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Figure 124 Slpp—VLANS tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Figure 125 Slpp, Insert VLANS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Figure 126 Slpp—Insert VlanId . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Figure 127 Slpp—Ports tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Figure 128 VLAN—Advanced tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Figure 129 VLAN—DSAP/SSAP VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Figure 130 DSAP/SSAP, VLAN, Insert DSAP/SSAP . . . . . . . . . . . . . . . . . . . . . . . . 301
Figure 131 Config vlan create info command output . . . . . . . . . . . . . . . . . . . . . . . . 313
Figure 132 Config vlan info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Figure 133 Config vlan ports info command output . . . . . . . . . . . . . . . . . . . . . . . . . 324
Figure 134 Configuration example for supporting 1980 VLANs command output . . 327
314725-E Rev 00
Figures 21
Figure 135 Config and show sys link-flap-detect command output . . . . . . . . . . . . . 329
Figure 136 Sample configuration using the loop-detect commands. . . . . . . . . . . . . 331
Figure 137 Show vlan info all command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
Figure 138 Show vlan info fdb-entry command output . . . . . . . . . . . . . . . . . . . . . . . 347
Figure 139 Show vlan info fdb-filter command output . . . . . . . . . . . . . . . . . . . . . . . . 348
Figure 140 Show vlan info fdb-static command output . . . . . . . . . . . . . . . . . . . . . . . 349
Figure 141 Show vlan info advance command output . . . . . . . . . . . . . . . . . . . . . . . 351
Figure 142 Show vlan info arp command output . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
Figure 143 Show vlan info basic command output . . . . . . . . . . . . . . . . . . . . . . . . . 353
Figure 144 Show vlan info brouter-port command output . . . . . . . . . . . . . . . . . . . . . 354
Figure 145 Show vlan info igmp command output . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Figure 146 Show vlan info ip command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
Figure 147 Show vlan info ports command output . . . . . . . . . . . . . . . . . . . . . . . . . . 357
Figure 148 Show vlan info srcmac command output . . . . . . . . . . . . . . . . . . . . . . . . 358
Figure 149 Show ports info vlan command output . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Figure 150 Show ports info port all command output . . . . . . . . . . . . . . . . . . . . . . . . 361
Figure 151 Config vlan ip info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
Figure 152 Config vlan info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
Figure 153 Sample command output for creating an sVLAN . . . . . . . . . . . . . . . . . . 370
Figure 154 Config svlan info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Figure 155 Show svlan info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Figure 156 sVLAN-porttype warning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Figure 157 Config ethernet <ports> info command output . . . . . . . . . . . . . . . . . . . . 375
Figure 158 Config stg info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
Figure 159 Spanning tree mode commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
Figure 160 Config stg info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Figure 161 Config ethernet <slot/port> stg <sid> info command output . . . . . . . . . . 389
Figure 162 Show ports info stg main command output . . . . . . . . . . . . . . . . . . . . . . . 391
Figure 163 Show stg show-all sample output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
Figure 164 Show stg info config command output . . . . . . . . . . . . . . . . . . . . . . . . . . 397
Figure 165 Show stg info status command output . . . . . . . . . . . . . . . . . . . . . . . . . . 398
Figure 166 Show ports info stg main command output . . . . . . . . . . . . . . . . . . . . . . . 399
Figure 167 Show ports info stg extended command output . . . . . . . . . . . . . . . . . . . 400
Figure 168 Show ports stats stg command (partial output) . . . . . . . . . . . . . . . . . . . 402
Figure 169 Show rstp config command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405

22 Figures
Figure 170 Show rstp stats command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406

Figure 171 Show rstp status command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
Figure 172 Show ports info rstp config command output . . . . . . . . . . . . . . . . . . . . . 408
Figure 173 Show ports info rstp stats command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Figure 174 Show ports info rstp status command . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
Figure 175 Show ports info rstp config command . . . . . . . . . . . . . . . . . . . . . . . . . . . 411
Figure 176 Show ports info rstp role command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
Figure 177 Config mstp info command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Figure 178 Config mstp region command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
Figure 179 Config mstp cist command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
Figure 180 Config mstp msti command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
Figure 181 Show mstp config. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Figure 182 Show mstp instance command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
Figure 183 Show mstp stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
Figure 184 Show mstp status command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
Figure 185 Show ports info mstp cistinfo command output . . . . . . . . . . . . . . . . . . . 423
Figure 186 Config mlt info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
Figure 187 Show lacp info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
Figure 188 Show ports info lacp all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
Figure 189 Show ports stats lacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
Figure 190 Show mlt lacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449
Figure 191 Show mlt lacp info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
Figure 192 Show ports info vlacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
Figure 193 Show ports info vlacp all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
Figure 194 Config mlt ist create ip vlan-id command output . . . . . . . . . . . . . . . . . . . 458
Figure 195 Config mlt ist enable/disable command output . . . . . . . . . . . . . . . . . . . . 459
Figure 196 Configuration example: Single Port SMLT . . . . . . . . . . . . . . . . . . . . . . . 462
Figure 197 Show mlt show-all sample output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464
Figure 198 Show mlt show-all sample output (continued) . . . . . . . . . . . . . . . . . . . . 465
Figure 199 Show mlt show-all sample output (continued) . . . . . . . . . . . . . . . . . . . . 466
Figure 200 Show mlt error collision command output . . . . . . . . . . . . . . . . . . . . . . . . 467
Figure 201 Show mlt error main command output . . . . . . . . . . . . . . . . . . . . . . . . . . 468
Figure 202 Show mlt info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
Figure 203 Show mlt ist info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
Figure 204 Show smlt info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470
314725-E Rev 00
Figures 23
Figure 205 Show ports info smlt command output . . . . . . . . . . . . . . . . . . . . . . . . . . 471

Figure 206 Show ports info config command output . . . . . . . . . . . . . . . . . . . . . . . . . 472
Figure 207 Show mlt stats command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
Figure 208 Show mlt ist stat command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474
Figure 209 Show mlt ist info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
Figure 210 Show mlt smlt info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
Figure 211 Show vlan info fdb-entry command output . . . . . . . . . . . . . . . . . . . . . . . 476
Figure 212 Config fdb fdb-filter info command output . . . . . . . . . . . . . . . . . . . . . . . . 477
Figure 213 Show fdb fdb-filter command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
Figure 214 Config slpp slpp info command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
Figure 215 Config ethernet command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481
Figure 216 Show slpp info command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481
Figure 217 Show ports info slpp command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482
Figure 218 Config vlan create byprotocol commands . . . . . . . . . . . . . . . . . . . . . . . . 489
Figure 219 Point to point LAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492
Figure 220 MLT LCAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492
Figure 221 Insert Multilink/LACP Trunks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493
Figure 222 MLT_LACP tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
Figure 223 Port LACP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495
Figure 224 SMLT and LACP configuration example . . . . . . . . . . . . . . . . . . . . . . . . . 496
Figure 225 Insert Multilink/LACP Trunks box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498
Figure 226 MLT LACP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499
Figure 227 MLT_LACP—LACP tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499
Figure 228 Network topology for Single Port SMLT example . . . . . . . . . . . . . . . . . . 500
Figure 229 Port box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501
Figure 230 Insert SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502
Figure 231 LACP enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502
Figure 232 MLT within a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504
Figure 233 Single Port SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506
Figure 234 SMLT triangle configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . 508
Figure 235 Show mlt info output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
Figure 236 Show mlt commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Figure 237 Show mlt commands, part 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513
Figure 238 Loop detection commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514
Figure 239 Square SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515

24 Figures
Figure 240 Full mesh SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519

Figure 241 Network topology for SMLT and VRRP . . . . . . . . . . . . . . . . . . . . . . . . . . 523
Figure 242 SMLT and IEEE 802.3ad configuration example . . . . . . . . . . . . . . . . . . 526
Figure 243 Network topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530
Figure 244 SLPP example network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533
Figure 245 Show slpp results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 534
Figure 246 Show ports info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 534
Figure 247 Show ports info interface port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535
Figure 248 Show log file tail for ERS8600B after port disabled . . . . . . . . . . . . . . . . 535
Figure 249 Enabling SMLT and show log file tail after port enabled . . . . . . . . . . . . . 536
Figure 250 Commands to configure the 8600A MLT, VLAN, ports . . . . . . . . . . . . . . 537
Figure 251 Commands to configure the 8600B MLT, VLAN, ports . . . . . . . . . . . . . . 538
Figure 252 Commands used to configure the ERS 3510 VLAN . . . . . . . . . . . . . . . . 539
Figure 253 LACP configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541
Figure 254 Enabling VLACP on Ethernet links configuration example . . . . . . . . . . . 543
Figure 255 Basic setup configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546
Figure 256 Load balancing configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . 548
Figure 257 RSTP topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555
Figure 258 Multiple spanning tree topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560
314725-E Rev 00
25
Tables
Table 1 Port membership types for policy-based VLANs . . . . . . . . . . . . . . . . . . . 41

Table 2 Supported policy-based VLAN types . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Table 3 PIDs that cannot be used for user-defined protocol-based VLANs . . . . . 45
Table 4 VLAN, STG, and MLT support in the Ethernet Routing Switch 8600 . . . . 55
Table 5 Maximum numbers of port/protocol-based VLANs . . . . . . . . . . . . . . . . . . 57
Table 6 Module behavior with and without Enhanced Operation mode . . . . . . . 58
Table 7 Operation mode and module type interoperability . . . . . . . . . . . . . . . . . . 58
Table 8 Differences in port roles for STP and RSTP . . . . . . . . . . . . . . . . . . . . . . . 74
Table 9 Recommended path cost values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Table 10 Ethernet Routing Switch 8600 LACP and VLACP timer comparison . . . 105
Table 11 VLAN—Basic tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Table 12 VLAN, Insert Basic fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Table 13 IP, VLAN field descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Table 14 VLAN—Advanced tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Table 15 VLAN—Forwarding tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Table 16 Port—VLAN field descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Table 17 VLAN MAC Learning—Insert Manual Edit tab fields . . . . . . . . . . . . . . . 172
Table 18 VLAN Auto Learn tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Table 19 LoopDetected dialog box parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Table 20 IP, VLAN Direct Broadcast tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Table 21 Bridge VLAN—FDB Aging tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Table 22 Bridge, VLAN—Forwarding tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Table 23 Bridge VLAN static fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Table 24 Bridge VLAN Filter fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Table 25 GlobalMacFiltering tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Table 26 SVLAN—Ether Type tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Table 27 SVLAN—Level tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Table 28 Port—VLAN fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Table 29 STG configuration fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

26 Tables
Table 30 STG Status fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

Table 31 STG Ports tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Table 32 MSTP—Globals fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Table 33 CIST Port fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Table 34 CIST Port Stats fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Table 35 MSTI Bridges fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Table 36 MSTP—MSTI Port fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Table 37 MSTI Port Stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Table 38 RSTP—Globals fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Table 39 RSTP—RSTP Ports tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Table 40 RSTP—RSTP Status fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Table 41 RSTP Port—RSTP Stats fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Table 42 MLT_LACP—LACP Global tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Table 43 MultiLink/LACP Trunks tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Table 44 Statistics, MLT—Interface tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Table 45 Statistics, MLT—Ethernet Errors tab fields . . . . . . . . . . . . . . . . . . . . . . . 263
Table 46 MLT_LACP—LACP tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
Table 47 Port—LACP tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Table 48 Port—VLACP tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Table 49 Graph Port—LACP tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Table 50 SMLT Info tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Table 51 Ist multilink trunk fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
Table 52 MLT_LACP—Ist/SMLT Stats tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Table 53 Port SMLT tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Table 54 SMLT—Single Port SMLT tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Table 55 SLPP—Global tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Table 56 SLPP, Insert VLANS fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Table 57 Slpp—Ports tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Table 58 DSAP/SSAP values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Table 59 Show vlan info all parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
Table 60 Show ports info vlan parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Table 61 Show svlan info ether-type parameters . . . . . . . . . . . . . . . . . . . . . . . . . 372
Table 62 Show ports info stg main parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
Table 63 Show stg show-all parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
Table 64 Show ports info stg extended parameters . . . . . . . . . . . . . . . . . . . . . . . 400
314725-E Rev 00
Tables 27
Table 65 Show ports stats stg extended parameters . . . . . . . . . . . . . . . . . . . . . . 402

Table 66 Show ports stats lacp field descriptions . . . . . . . . . . . . . . . . . . . . . . . . . 447
Table 67 Show ports info slpp field descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . 482
Table 68 Reserved values for configuring SNA or user-defined VLANs . . . . . . . . 485
Table 69 Available module types and OctapPID ID assignments . . . . . . . . . . . . . 568
Table 70 8608GBE/8608GBM/8608GTE/8608GTM/8608SXE modules . . . . . . . . 569
Table 71 8616SXE module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569
Table 72 8624FXE module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 570
Table 73 8632TXE and 8632TZM modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 570
Table 74 8648TXE and 8648TXM modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 570
Table 75 8672ATME and 8672ATMM modules . . . . . . . . . . . . . . . . . . . . . . . . . . . 571
Table 76 8681XLR module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571
Table 77 8681XLW module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 572
Table 78 8683POSM module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 572

28 Tables
314725-E Rev 00
29
Preface
This guide describes how to configure VLANs, spanning tree, and link
aggregation on the Ethernet Routing Switch 8600.
Before you begin
This guide is intended for network administrators with the following background:
• Basic knowledge of networks, Ethernet bridging, and IP routing

• Familiarity with networking concepts and terminology
• Experience with graphical user interfaces (GUI)
• Basic knowledge of network topologies
Before using this guide, you must complete the following procedures. For a new
switch:
• Install the switch (see the Installation Guide that came with your switch).
• Connect the switch to the network (see Getting Started with the Management
Software for more information).
Make sure that you are running the latest version of the Ethernet Routing Switch
8600 and Device Manager software. For information about upgrading the Ethernet
Routing Switch 8600 and Device Manager, see the upgrading guide for your
version of the Ethernet Routing Switch.

30 Preface
Text conventions
This guide uses the following text conventions:
angle brackets (< >) Indicate that you choose the text to enter based on the
description inside the brackets. Do not type the
brackets when entering the command.
Example: If the command syntax is
ping <ip_address>, you enter
ping 192.32.10.12
bold Courier text Indicates command names and options and text that
you need to enter.
Example: Use the dinfo command.
Example: Enter show ip {alerts|routes}.
braces ({}) Indicate required elements in syntax descriptions where
there is more than one option. You must choose only
one of the options. Do not type the braces when
entering the command.
show ip {alerts|routes}, you must enter either
show ip alerts or show ip routes, but not both.
brackets ([ ]) Indicate optional elements in syntax descriptions. Do
not type the brackets when entering the command.
show ip interfaces [-alerts], you can enter
either show ip interfaces or
show ip interfaces -alerts.
ellipsis points (. . . ) Indicate that you repeat the last element of the
command as needed.
ethernet/2/1 [<parameter> <value>]... ,
you enter ethernet/2/1 and as many
parameter-value pairs as needed.
314725-E Rev 00
Preface 31
italic text Indicates new terms, book titles, and variables in

command syntax descriptions. Where a variable is two
or more words, the words are connected by an
underscore.
show at <valid_route>, valid_route is one
variable and you substitute one value for it.
plain Courier Indicates command syntax and system output, for
text example, prompts and system messages.
Example: Set Trap Monitor Filters
separator ( > ) Shows menu paths.
Example: Protocols > IP identifies the IP command on
the Protocols menu.
vertical line ( | ) Separates choices for command keywords and
arguments. Enter only one of the choices. Do not type
the vertical line when entering the command.
show ip {alerts|routes}, you enter either
show ip alerts or show ip routes, but not
both.
Acronyms
This guide uses the following acronyms:
ARP Address Resolution Protocol

ATM Asynchronous Transfer Mode
BGP Border Gateway Protocol
BPDU bridge protocol data unit
CIST Common and Internal Spanning Tree
CLI command line interface
CPU Central Processing Unit
DF designated forwarding
DMLT Distributed MultiLink Trunking

32 Preface
DSAP Destination Service Access Point

ES Extranet Switch
FCS Frame Check Sequence
FDB forwarding database
GbE Gigabit Ethernet
ICMP Internet Control Message Protocol
I/O input/output
IEEE Institute of Electrical and Electronics Engineers
IGMP Internet Group Management Protocol
IGP interior gateway protocol
IP Internet Protocol
IPX Internetwork Packet Exchange
ISP Internet Service Provider
IST Internal Spanning Tree
IST InterSwitch Trunking
LACP Link Aggregation Control Protocol
LACPDU Link Aggregation Control Protocol data unit
LAG link aggregation group
LLC Logical Link Control
MAC Media Access Control
MIB management information base
MLT MultiLink Trunking
MSTI Multiple Spanning Tree Instance
MSTP Multiple Spanning Tree Protocol
NIC network interface card
NLB Network Load Balancer
NNI network-to-network interface
OSI Open Systems Interconnect
OSPF Open Shortest Path First
314725-E Rev 00
Preface 33
PCAP Packet Capture Tool

PID protocol identifier
PDU protocol data unit
POS Packet over SONET
PPP Point-to-Point Protocol
PPPoE Point-to-Point Protocol over Ethernet
PVST Per-VLAN Spanning Tree
QoS Quality of Service
RARP Reverse Address Resolution Protocol
RIP Routing Information Protocol
RF root forwarding
RSMLT Routed Split MultiLink Trunking
RSTP Rapid Spanning Tree Protocol
SLPP Simple Loop Prevention Protocol
SMLT Split MultiLink Trunking
SNA Systems Network Architecture
SNAP Sub-Network Access Protocol
SNMP Simple Network Management Protocol
SSAP Source Service Access Point
SST single spanning tree
STG spanning tree group
STP Spanning Tree Protocol
sVLAN stacked virtual local area network
TCN topology change notification
UNI user-to-network interface
VLACP Virtual Link Aggregation Control Protocol
VLAN virtual local area network
VRRP Virtual Router Redundancy Protocol
XOR exclusive OR

34 Preface
Hard-copy technical manuals
You can print selected technical manuals and release notes free, directly from the
Internet. Go to the www.nortel.com/documentation URL. Find the product for
which you need documentation. Then locate the specific category and model or
version for your hardware or software product. Use Adobe* Reader* to open the
manuals and release notes, search for the sections you need, and print them on
most standard printers. Go to Adobe Systems at the www.adobe.com URL to
download a free copy of the Adobe Reader.
Note: The list of related publications for this manual can be found in the
release notes that came with your software.
314725-E Rev 00
35
How to get help
This section explains how to get help for Nortel products and services.
Finding the latest updates on the Nortel web site
The content of this documentation was current at the time the product was
released. To check for updates to the latest documentation and software for
Ethernet Routing Switch, click one of the following links:
Link to Takes you directly to the
Latest software Nortel page for Ethernet Routing Switch

software located at:
www130.nortelnetworks.com/cgi-bin/eserv/cs/
main.jsp?cscat=SOFTWARE&resetFilter=1&tran
Product=9015
Latest documentation Nortel page for Ethernet Routing Switch

documentation located at:
www130.nortelnetworks.com/cgi-bin/eserv/cs/
main.jsp?cscat=DOCUMENTATION&resetFilter=
1&tranProduct=9015
Getting help from the Nortel web site
The best way to get technical support for Nortel products is from the Nortel
Technical Support web site:
www.nortel.com/support
This site provides quick access to software, documentation, bulletins, and tools to
address issues with Nortel products. From this site, you can:

36 How to get help
• download software, documentation, and product bulletins

• search the Technical Support web site and the Nortel Knowledge Base for
answers to technical issues
• sign up for automatic notification of new software and documentation for
Nortel equipment
• open and manage technical support cases
Getting help over the phone from a Nortel Solutions Center
If you do not find the information you require on the Nortel Technical Support
web site, and you have a Nortel support contract, you can also get help over the
phone from a Nortel Solutions Center.
In North America, call 1-800-4NORTEL (1-800-466-7835).
Outside North America, go to the following web site to obtain the phone number
for your region:
www.nortel.com/callus
Getting help from a specialist by using an Express Routing

Code
To access some Nortel Technical Solutions Centers, you can use an Express
Routing Code (ERC) to quickly route your call to a specialist in your Nortel
product or service. To locate the ERC for your product or service, go to:
www.nortel.com/erc
Getting help through a Nortel distributor or reseller
If you purchased a service contract for your Nortel product from a distributor or
authorized reseller, contact the technical support staff for that distributor or
reseller.
314725-E Rev 00
37
Chapter 1
Layer 2 operational concepts
This chapter describes Layer 2 operational concepts and features supported on

your Ethernet Routing Switch.
Note: See Chapter 12, “Device Manager configuration examples,” on

page 491, and Chapter 13, “CLI configuration examples,” on page 503 for
configuration examples, including command line interface (CLI)
commands, for concepts described in this chapter.
This chapter covers the following topics:
Topic Page
VLANs 37
Spanning tree protocols 66
Link aggregation (MLT, SMLT, LACP, VLACP) 78
Simple Loop Prevention Protocol 130
VLANs
Using a virtual LAN (VLAN), you can divide your LAN into smaller groups
without interfering with the physical network. VLAN practical applications
include the following:
• You can create VLANs, or workgroups, for common interest groups.

• You can create VLANs, or workgroups, for specific types of network traffic.
• You can add, move, or delete members from these workgroups without
making any physical changes to the network.

38 Chapter 1 Layer 2 operational concepts
By dividing the network into separate VLANs, you can create separate broadcast
domains. This arrangement conserves bandwidth, especially in networks
supporting broadcast and multicast applications that flood the network with
traffic. A VLAN workgroup can include members from a number of dispersed
physical segments on the network, improving traffic flow between them.
The Ethernet Routing Switch 8600 Software Release 4.1 performs the Layer 2
switching functions necessary to transmit information within VLANs, as well as
the Layer 3 routing functions necessary for VLANs to communicate with one
another. A VLAN can be defined for a single switch or it can span multiple
switches. A port can be a member of multiple VLANs.
For information about configuring VLANs, see Chapter 2, “Configuring VLANs

using Device Manager,” on page 135 and Chapter 7, “Configuring and managing
VLANs using the CLI,” on page 303.
This section includes the following topics:
• “Port-based VLANs”
• “Policy-based VLANs” on page 40
• “Multihoming support” on page 47
• “VLAN tagging and port types” on page 48
• “VLAN virtual router interfaces” on page 52
• “IP routing and VLANs” on page 52
• “IPX routing and VLANs” on page 52
• “VLAN implementation on the Ethernet Routing Switch 8600” on page 53
• “VLAN rules” on page 54
• “VLAN features supported on the Ethernet Routing Switch 8600 modules” on
page 55
• “MultiLink trunking and VLAN scalability” on page 56
• “Stacked VLANs” on page 59
• “Flooding for Microsoft NLB clustering systems in unicast mode” on page 63
• “VLAN MAC filtering” on page 64
• “Prevention of IP spoofing within a VLAN” on page 64
• “VLAN Loop Detection” on page 65
314725-E Rev 00
Chapter 1 Layer 2 operational concepts 39
Port-based VLANs
A port-based VLAN is a VLAN in which the ports are explicitly configured to be

in the VLAN. When creating a port-based VLAN on a switch, you assign a VLAN
identification number (VLAN ID) and specify the ports that belong to the VLAN.
The VLAN ID is used to coordinate VLANs across multiple switches.
The example in Figure 1 shows two port-based VLANs: one for the marketing
department, and one for the sales department. Ports are assigned to each
port-based VLAN. A change in the sales area can move the sales representative at
port 3/1 (the first port in the input/output (I/O) module in chassis slot 3) to the
marketing department without moving cables. With a port-based VLAN, you only
need to indicate in Device Manager or the CLI that port 3/1 in the sales VLAN
now is a member of the marketing VLAN.
Figure 1 Port-based VLAN

Policy-based VLANs
A policy-based VLAN consists of ports that are dynamically added to the VLAN
on the basis of the traffic coming into the port.
• “Port membership types”

• “Protocol-based VLANs” on page 41
• “User-defined protocol-based VLANs” on page 44
• “MAC address-based VLANs” on page 45
• “IP subnet-based VLANs” on page 46
Port membership types
In a policy-based VLAN, a port can be designated as always a member or never a

member of the VLAN describing the port membership types.
In addition, you can designate a port as a potential member of the VLAN on the
Ethernet Routing Switch 8600. When a port is designated as a potential member
of the VLAN, and the incoming traffic matches the policy, the port is dynamically
added to the VLAN. Potential member ports that join the VLAN are removed,
timed out from the VLAN when the timeout (aging time) period of that VLAN
expires.
Port membership in a VLAN is determined by the traffic coming into the port.
Nortel recommends that you designate at least some ports as always a member of
the VLAN. If a server or router connects to a port, then designate that port as
always a member of a VLAN. If a server connects to a port that is only a potential
member and the server sends very little traffic, a client fails to reach the server if
the server port has timed out of the VLAN.
Note: A port can belong to one port-based VLAN and many policy-based
VLANs.
314725-E Rev 00
Table 1 describes port membership types for policy-based VLANs.

.
Table 1 Port membership types for policy-based VLANs
Membership type Description
Static Static members are always active members of the VLAN

(always a member) after they are configured as belonging to that VLAN. This
membership type is used in policy-based and port-based
VLANs.
• In policy-based VLANs, the tagged ports are usually
configured as static members.
• In port-based VLANs, all ports are always static
members.
Not allowed to join Ports of this type are not allowed to join the VLAN.
(never a member)
Table 2 lists supported policy-based VLANs.
Table 2 Supported policy-based VLAN types
VLAN type Ethernet Routing Switch 8600
Protocol-based supported
User-defined protocol-based supported
MAC address-based supported
IP subnet-based supported
Stacked VLANs supported (not on R modules)
Protocol-based VLANs
Protocol-based VLANs are an effective way to segment your network into

broadcast domains according to the network protocols in use. Traffic generated by
any network protocol—IPX, Appletalk, Point-to-Point Protocol over Ethernet
(PPPoE)—can be automatically confined to its own VLAN.

All ports within a protocol-based VLAN must be in the same port-based VLAN.
However, the same port within a port-based VLAN can belong to multiple
protocol-based VLANs. Port tagging is not required for a port to be a member of
multiple protocol-based VLANs.
The Ethernet Routing Switch 8600 supports the following protocol-based

VLANs:
• IP version 4 (ip)
• Novell IPX on Ethernet 802.3 frames (ipx802dot3)
• Novell IPX on IEEE 802.2 frames (ipx802dot2)
• Novell IPX on Ethernet SNAP frames (ipxSnap)
• Novell IPX on Ethernet Type 2 frames (ipxEthernet2)
• AppleTalk on Ethernet Type 2 and Ethernet SNAP frames (AppleTalk)
• DEC LAT Protocol (decLat)
• Other DEC protocols (decOther)
• IBM SNA on IEEE 802.2 frames (sna802dot2)
• IBM SNA on Ethernet Type 2 frames (snaEthernet2)
• NetBIOS Protocol (netBIOS)
• Xerox XNS (xns)
• Banyan VINES (vines)
• IP version 6 (ipv6)
• Reverse Address Resolution Protocol (RARP)
• Point-to-Point Protocol over Ethernet (PPPoE)
• User-defined protocols
IPX protocol-based VLAN example
You can create a VLAN for the IPX protocol and place ports carrying substantial
IPX traffic into this new VLAN. In Figure 2 on page 43, the network manager has
placed ports 7/1, 3/1, and 3/2 in an IPX VLAN. These ports still belong to their
respective marketing and sales VLANs, but they are also new members of the IPX
VLAN. This arrangement localizes traffic and ensures that only three ports are
flooded with IPX broadcast packets.
314725-E Rev 00
Figure 2 Dynamic protocol-based VLAN
Example: PPPoE protocol-based VLAN
With PPPoE, you can connect multiple computers on Ethernet to a remote site
through a device, such as a modem, so that multiple users can share a common
line connection to the Internet. PPPoE combines the Point-to-Point Protocol
(PPP), commonly used in dial-up connections, with the Ethernet protocol, which
supports multiple users in a local area network (LAN) by encapsulating the PPP
frame within an Ethernet frame.
PPPoE occurs in two stages—a discovery stage and a PPP session stage. The
Ether_Type field in the Ethernet frame identifies the stage:
• The discovery stage uses 0x8863 Ether_Type

• The session stage uses 0x8864 Ether_Type
In Figure 3 on page 44, VLAN 2 is a protocol-based VLAN that transports PPPoE

traffic to the Internet Service Provider (ISP) network. The traffic to the ISP is
bridged.
IP traffic can also be routed to the LAN using port-based VLANs, IP

protocol-based VLANs, or IP subnet-based VLANs.

Figure 3 PPPoE and IP configuration
User-defined protocol-based VLANs
You can create user-defined protocol-based VLANs to support networks with

non-standard protocols. For user-defined protocol-based VLANs, you can specify
the Protocol Identifier (PID) for the VLAN. Frames that match the specified PID
for the following are assigned to that user-defined VLAN:
• The ethertype for Ethernet type 2 frames

• The PID in Ethernet Sub-Network Access Protocol (SNAP) frames
• The Destination Service Access Point (DSAP) or Source Service Access
Point (SSAP) value in Ethernet 802.2 frames
314725-E Rev 00
Table 3 lists reserved, predefined policy-based PIDs that cannot be used as

user-defined PIDs.
Table 3 PIDs that cannot be used for user-defined protocol-based VLANs
PID (hex) Description

04xx, xx04 sna802.2
F0xx, xxF0 netBIOS
0000-05DC Overlaps with 802.3 frame length
0600, 0807 xns
0BAD VINES
4242 IEEE 802.1d BPDUs
6000-6003, 6005-6009 decOther
6004 decLat
0800, 0806 ip
8035 RARP
809B, 80F3 AppleTalk
8100 Reserved by IEEE 802.1Q for tagged frames
8137, 8138 ipxEthernet2 and ipxSnap
80D5 snaEthernet2
86DD ipv6
8808 IEEE 802.3x pause frames
9000 Used by diagnostic loopback frames
8863, 8864 PPPoE
MAC address-based VLANs
As with all policy-based VLANs, using source media access control (MAC)
address VLANs allows Ethernet Routing Switch 8600 modules to associate
frames with a VLAN based on the frame content. With source MAC-based
VLANs, a frame is associated with a VLAN if the source MAC address is one of
the MAC addresses explicitly associated with the VLAN. To create a source
MAC-based VLAN, you add the MAC address to a list of MAC addresses that
constitutes the VLAN. However, because it is necessary to explicitly associate
MAC addresses with a source MAC-based VLAN, the administrative overhead
can be quite high.

Use source MAC-based VLANs when you want to enforce a MAC level security
scheme to differentiate groups of users. For example, in a university environment,
the students are part of a student VLAN with certain services and access
privileges, and the faculty are part of a source MAC-based VLAN with faculty
services and access privileges. Therefore, a student and a faculty member can plug
into the same port, but have access to a different range of services. To provide the
correct services throughout the campus, the source MAC-based VLAN must be
defined on Ethernet Routing Switch 8600 devices throughout the campus, which
entails administrative overhead.
When a source MAC VLAN is created, not all of the port members of the
spanning tree group (STG) are automatically made potential members of
the VLAN by default.
The source MAC VLAN must have static port members on either the
access or trunk switch for source MAC VLANS to explicitly associate the
MAC address with the source MAC VLAN. If the static port members are
not set, then any source MAC address gains access to the network.
IP subnet-based VLANs
Ethernet Routing Switch 8600 modules support policy-based VLANs based on IP

subnets. You can assign access ports to multiple subnet-based VLANs. A frame’s
membership in a subnet-based VLAN is based on the IP source address associated
with a mask. Subnet-based VLANs are optionally routable. Using source IP
subnet-based VLANs, multiple workstations on a single port can belong to
different subnets, similar to multinetting.
Note: You cannot use IP subnet-based VLANs on segments that act as a

transit network.
Figure 4 on page 47 shows two examples of the incorrect use of IP subnet-based

VLANs that result in traffic loss. In the IP unicast routing example, the host on
172.100.10.2 sends traffic to switch 2 (172.100.10.1) destined for the router in
switch 1 (192.168.1.1). Switch 2 attempts to route the IP traffic, but that traffic
does not arrive at the router in switch 1. Switch 1 will not assign this frame to IP
314725-E Rev 00
subnet-based VLAN 2 because the IP address of the traffic source does not match
the IP subnet assigned to VLAN 2. If the access link in VLAN 2 which connects
switches 1 and 2 is a tagged link, the traffic is associated with the VLAN tag, not
the IP address, and is forwarded correctly to switch 1.
In the IP multicast routing example, the multicast stream is on an access link that
is part of IP subnet-based VLAN 2. If the source IP address in the multicast data
packets received on the access port is not within the subnet of VLAN 2 (a likely
scenario), the multicast stream will not reach the multicast router (MR).
Figure 4 Incorrect use of an IP subnet-based VLAN
Multihoming support
Using the multihoming feature, the Ethernet Routing Switch 8600 can support
clients or servers that have multiple IPs addresses associated with a single MAC
address. Multihomed hosts can be connected to port-based, policy-based, and IP
subnet-based VLANs.
The IP addresses associated with a single MAC address on a host must be in the
same IP subnet. Multihomed hosts with up to 16 IP addresses per MAC address
are supported on the Ethernet Routing Switch 8600.

VLAN tagging and port types
The Ethernet Routing Switch 8600 supports the IEEE 802.1Q specification for
tagging frames and coordinating VLANs across multiple switches.
Figure 5 shows how an additional four octet (tag) header is inserted in a frame
after the source address and before the frame type. The tag contains the VLAN ID
associated with the frame.
Figure 5 VLAN tag insertion
802.1Q tagged ports
Tagging a frame adds four octets to a frame, making it bigger than the traditional
maximum frame size. These frames are sometimes referred to as baby giant
frames. If a device does not support IEEE 802.1Q tagging, it can have problems
interpreting tagged frames and receiving baby giant frames.
314725-E Rev 00
On the Ethernet Routing Switch 8600, whether or not tagged frames are sent or
received depends on what you configure at the port level. Tagging is set as true or
false for the port and is applied to all VLANs on that port.
Note: When you enable tagging on an untagged port, the previous port
configuration of VLANs, STGs, and multilink trunking (MLT) is lost. In
addition, the port resets and runs Spanning Tree Protocol. This process
breaks connectivity while the protocol proceeds through the normal
blocking and learning stages before the port enters the forwarding state.
A port with tagging enabled sends frames explicitly tagged with a VLAN ID.
Tagged ports are typically used to multiplex traffic belonging to multiple VLANs
to other IEEE 802.1Q-compliant devices.
If you disable tagging on a port, it does not send tagged frames. A non-tagged port
connects an Ethernet Routing Switch to devices that do not support IEEE 802.1Q
tagging. If a tagged frame is forwarded to a port with tagging set to false, the
Ethernet Routing Switch removes the tag from the frame before sending it to the
port.
Treatment of tagged and untagged frames
An Ethernet Routing Switch 8600 associates a frame with a VLAN based on the
data content of the frame and the configuration of the destination port. The
treatment of the frame depends on whether it is tagged or untagged.
If a tagged frame is received on a tagged port with a VLAN ID specified in the

tag, the Ethernet Routing Switch 8600 directs it to that VLAN if the VLAN is
present. For tagged frames received on an untagged port, you can configure that
port to either discard the frame or accept it. The discarding of tagged frames on an
untagged port is not applicable for the port-based VLAN. If you choose not to
discard tagged frames, the Ethernet Routing Switch 8600 sends the frame to the
VLAN identified in the frame tag.
For untagged frames, VLAN membership is implied from the content of the frame
itself. For untagged frames received on a tagged port, you can configure the port
to either discard or accept the frame. If you configure a tagged port to accept
untagged frames, the port must be assigned to a port-based VLAN in spanning
tree group 1 (STG1).

The frame is forwarded based on the VLAN on which the frame is received, and
on the forwarding options available for that VLAN. The Ethernet Routing Switch
8600 tries to associate untagged frames with a VLAN in the following order:
• Does the frame belong to a source MAC-based VLAN? (Ethernet Routing

Switch 8600 modules only)
• Does the frame belong to an IP subnet-based VLAN? (Ethernet Routing
Switch 8600 modules only)
• Does the frame belong to a protocol-based VLAN?
• What is the port-based VLAN of the receiving port?
If the frame meets none of the criteria listed, it is discarded.
Untagging Default VLAN on a Tagged Port feature
This feature provides the ability to connect both an IP phone and a PC to a single
port of an Ethernet Routing Switch 8600. Most IP phones ship with an embedded
three port switch, and traffic coming from the phone is generally tagged (VLAN
ID configured statically or remotely). However, the traffic originating from a PC is
usually untagged traffic and must be separated from the IP phone traffic. This
separation ensures that broadcast traffic from the PC does not impact voice
quality.
In the case of the Ethernet Routing Switch, when an IP phone is attached to an

untagged port and configured into an IP subnet-based VLAN, it can fail to register
with a remote Internet Telephony Gateway (or equivalent device) dependent on
the netmask of the destination IP address (Call Server subnet).
314725-E Rev 00
Figure 6 Network with IP phone and PC
Ethernet Routing
Switch 8600
In Figure 6, IP phones and PCs coexist on the same port due to the use of an
embedded IP Phone Layer 2 switch. In this scenario, the port is configured to be
untagged and is a member of two IP subnet-based VLANs. In this network
configuration, under certain conditions, packets from the IP phone are not routed
and therefore are unable to reach their designated Call Server to register.
The Untagging Default VLAN on a Tagged Port feature separates untagged

packets originating from a PC from the tagged packets originating from the
IP phone.
You can configure the switch to send untagged packets for the default VLAN on a
tagged port. After you configure this option, all the packets sent on a tagged port
for the default VLAN are untagged packets.
When a port belongs to multiple VLANs, and the port is removed from the current
default VLAN, the lowest VLAN by index (among the VLANs of which the port
is a member) is made the default VLAN. In this case, packets for new default
VLAN are sent untagged.
To configure this feature using the CLI, see “Configuring VLAN Loop Detection”
on page 327. To configure this feature using Device Manager, see “Configuring
Untagging Default VLAN on a Tagged Port” on page 169.

VLAN virtual router interfaces
Virtual router interfaces correspond to routing on a virtual port that is associated

with a VLAN. This type of routing is the routing of IP traffic to and from a
VLAN. Because a given port can belong to multiple VLANs (some of which are
configured for routing on the switch and some of which are not), there is no longer
a one-to-one correspondence between the physical port and the router interface.
For VLAN routing, the router interface for the VLAN is called a virtual router
interface because the IP address is assigned to an interface on the routing entity in
the switch. This initial interface has a one-to-one correspondence with a VLAN on
any given switch.
IP routing and VLANs
Ethernet Routing Switch 8600 modules support IP routing on the following types
of VLANs only:
• Port-based VLANs
• Source IP subnet-based VLANs
• IP protocol-based VLANs
• Source MAC-based VLANs
IP routing is not supported on VLANs based on other protocols, including

user-defined protocol-based VLANs.
IPX routing and VLANs
The Ethernet Routing Switch does not support IPX routing on R modules. IPX
routing is supported on non-R modules. All modules support IPX protocol-based
VLANs and port-based VLANs.
The IPX network number is associated with a VLAN, and the VLAN can
comprise one or more ports with one of four supported frame formats: Ethernet II,
802.3-SNAP, 802.2-RAW, and 802.3-LLC.
314725-E Rev 00
You can configure up to four IPX protocol-based VLANs on one port as long as
each of these VLANs uses a different IPX encapsulation. With port-based
VLANs, you can associate the same VID with any or all of the four IPX
encapsulation formats.
You can configure IPX protocol-based VLANs and port-based VLANs on the
same port, but traffic routes to the protocol-based VLAN and not to the port-based
VLAN (protocol-based VLANs have precedence over port-based VLANs).
VLAN implementation on the Ethernet Routing Switch 8600
This section describes how to implement VLANs on the Ethernet Routing Switch
8600 and describes default VLANs, unassigned VLANs, and brouter ports. It also
summarizes the defaults and rules regarding VLAN creation on the Ethernet
Routing Switch 8600.
• “Default VLAN”
• “Unassigned VLAN”
• “Brouter ports” on page 54
Default VLAN
Ethernet Routing Switch 8600 devices are factory configured so that all ports are
in a port-based VLAN called the default VLAN. Because all ports are in the
default VLAN, the switch behaves like a Layer 2 switch. The VLAN ID of this
default VLAN is always 1, and it is always a port-based VLAN. The default
VLAN cannot be deleted.
Unassigned VLAN
Internally, an Ethernet Routing Switch 8600 supports a placeholder for ports that
is called an unassigned port-based VLAN. This concept is used for ports that are
removed from all port-based VLANs. Ports can belong to policy-based VLANs as
well as to the unassigned VLAN. If a frame does not meet any policy criteria and
there is no underlying port-based VLAN, the port belongs to the unassigned

VLAN and the frame is dropped. Only ports in the unassigned VLAN have no
spanning tree group association, so these ports do not participate in Spanning Tree
Protocol negotiation; that is, no Bridge Protocol Data Units (BPDU) are sent out
of ports in the unassigned VLAN.
Because it is an internal construct, the unassigned VLAN cannot be deleted. If a

user-defined spanning tree group is deleted, the ports are moved to the unassigned
VLAN and can later be assigned to another spanning tree group. Moving the ports
to the unassigned VLAN avoids creating unwanted loops and duplicate
connections. If routing is disabled in these ports, the port is completely isolated
and no Layer 2 or Layer 3 functionality is provided.
The concept of the unassigned VLAN is useful for security purposes or when
using a port for monitoring a mirrored port.
Brouter ports
A brouter port is actually a one-port VLAN. The difference between a brouter port
and a standard IP protocol-based VLAN configured to do routing is that the
routing interface of the brouter port is not subject to the spanning tree state of the
port.
VLAN rules
The following are VLAN rules for the Ethernet Routing Switch 8600.
• In addition to the default VLAN, the Ethernet Routing Switch 8600 can
support up to 1980 VLANs (1972 if R modules are present in the chassis).
VLAN IDs value range is from 1 to 4093.
• If you enable tagging on a port that is in a VLAN, the spanning tree group
configuration for that port is lost. To preserve VLAN assignment of ports,
enable tagging on the ports before you assign the ports to VLANs.
• A tagged port can belong to multiple VLANs and multiple spanning tree
groups. When a tagged port belongs to multiple spanning tree groups, the
BPDUs are tagged for all spanning tree groups except for spanning tree
group 1. Under the default configuration, the default spanning tree group is
number 1.
• An untagged port can belong to only one port-based VLAN. A port in a
port-based VLAN can belong to other policy-based VLANs.
314725-E Rev 00
• An untagged port can belong to only one policy-based VLAN for a given
protocol. For example, a port can belong to only one policy-based VLAN
when the policy is the IPX802.2 protocol.
• For every VLAN with MultiLink Trunking that you create, you reduce the
number of available VLANs by eight.
• When Enhanced Operation mode is disabled, a VLAN cannot span multiple
spanning tree groups; that is, the ports in the VLAN must all be within one
spanning tree group.
Note: When Enhanced Operation mode is enabled, VLAN scalability is

not affected.
• The VLAN membership of a frame is determined by the following order of

precedence, if applicable:
• IEEE 802.1Q tagged VLAN ID
• source MAC-based VLAN
• IP subnet-based VLAN
• protocol-based VLAN
• port-based VLAN
• The IP subnet-based VLAN must not be assigned to a transit network (for
example, a network routed to a bridged subnet).
VLAN features supported on the Ethernet Routing Switch

8600 modules
Table 4 summarizes the features supported on the Ethernet Routing Switch 8600
modules.
Note: Table 4 is subject to change. Refer to the release notes that came
with your switch to obtain the latest scalability information.
Table 4 VLAN, STG, and MLT support in the Ethernet Routing Switch 8600
Feature
Number of VLANs 1980 (1972 if R modules are in the chassis)

Port-based VLANs Supported

Table 4 VLAN, STG, and MLT support in the Ethernet Routing Switch 8600
Feature
Policy-based VLANs
• Protocol-based Supported
• Source MAC-based Supported
• Source IP subnet-based Supported
IEEE 802.1Q tagging Supported
IP routing and VLANs Supported
IPX routing and VLANs Supported on non-R modules
Special VLANs
• Default VLAN Supported
• Unassigned VLAN Supported
• Brouter ports Supported
Stacked VLAN Not supported on R modules
Number of spanning tree groups 64
Spanning Tree FastStart Supported
Aggregation groups 32 (128 with R module in R mode)
• 802.3ad aggregation groups
• multilink trunk groups
Number of links (ports) per MLT 8
group
MultiLink trunking and VLAN scalability

For release 3.2 and earlier, the maximum number of VLANs depends on whether
the VLANs reside on a multilink trunk. With Enhanced Operation mode, you can
now increase the maximum number of VLANs when you use MultiLink Trunking
(MLT) to 1980 (1972 if R modules are present in the chassis) and to 989 when you
use SMLT. Enhanced Operation mode requires Ethernet Routing Switch 8600 E,
M, or R modules.
Caution: When Enhanced Operation mode is enabled, only Ethernet

Routing Switch 8600 E, M, or R modules are initialized (other modules
are placed offline). To avoid losing modules and network connectivity,
replace non-E, M, or R modules or move the network connections to an E,
M, or R module before enabling Enhanced Operation mode.
314725-E Rev 00
For instructions for configuring Enhanced Operation mode, see:
• “Configuring Enhanced Operation mode” on page 191 (Device Manager)

• “Configuring Enhanced Operation mode” on page 326 (CLI)
VLAN scaling formulas
Figure 7 shows the formulas used for VLAN scaling.
Figure 7 Formulas used for VLAN scaling

VLAN scaling formula used with SMLT/IST without Enhanced mode:
(2 * no. of VLANs on regular ports) + (16 * no. of VLANs of SMLT/MLT ports) = 1980
VLAN scaling formula used without SMLT/IST without Enhanced mode:

(no. of VLANs on regular ports) + (8 * no. of VLANs on MLT ports) = 1980
VLAN scaling formula used with Enhanced mode:

(no. of VLANs on regular ports or MLT ports) + (2 * no. of VLANs on SMLT ports) = 1980
Maximum VLAN support comparison with Enhanced Operation

mode
Table 5 shows the maximum number of VLANs available with and without
Enhanced Operation mode.
Table 5 Maximum numbers of port/protocol-based VLANs
Maximum VLAN support with Maximum VLAN support with

VLAN type
enhanced mode enabled enhanced mode disabled
MLT 1980 240

IST/SMLT 989 120

Module behavior comparison with Enhanced Operation mode
Table 6 compares the behavior of Ethernet Routing Switch 8600 modules with
and without Enhanced Operation mode:
Table 6 Module behavior with and without Enhanced Operation mode
Enhanced Operation
Module type Behavior
mode setting
E, M, or R Enable (true) The module is initialized and comes online. It can be

module configured with up to 1980 VLANs with MLT.
E, M, or R Disable (false) The module is initialized and comes online. It can be
module configured with up to 240 VLANs with MLT.
Legacy module Enable (true) The module is not initialized and remains offline. The
following error message is displayed and a trap is sent:
[12/18/01 15:17:25] Card taken off-line:
Slot=1 Type= -- [12/18/01 15:17:25]
ERROR Code=0x3006b Task=rcStart
chCardIn: can't initialize a non ETICKET
card in enhanced operation mode
Legacy module Disable (false) The module is initialized and remains online. It can be
configured with up to 240 VLANs with MLT.
Interoperability between operation mode and module type
R mode supports the operation of R module-specific features. The modules

(pre-E, E, M, and R) that are enabled depend on the operation mode (default, M,
or R) and the system configuration. Table 7 shows this interoperability
information.
Table 7 Operation mode and module type interoperability
Module types
Chassis Operation mode R M E Pre-E

configuration
Same type Default — — — enabled
module chassis
M — — enabled —
R enabled — — —
314725-E Rev 00
Table 7 Operation mode and module type interoperability
Module types
Mixed type Default enabled enabled enabled enabled

module chassis
M enabled enabled disabled disabled
R enabled disabled disabled disabled
Stacked VLANs
A stacked VLAN (sVLAN) transparently tunnels packets through the sVLAN

domain by adding an additional 4-byte header to each packet.
Note: R modules do not support the sVLAN feature.
Figure 8 shows a basic sVLAN model that uses two Ethernet Routing Switch
8600s to interconnect two 802.1Q domains.
Figure 8 sVLAN model

Ethernet Ethernet
Routing Routing
Switch 8600 Switch 8600
802.1Q sVLAN Core 802.1Q

Domain A Domain B
Routing cannot be enabled on an sVLAN port. sVLAN user-to-network interface

(UNI) ports are VLAN unaware and classify any traffic into the sVLAN that is
configured on the port. sVLAN network-to-network interface (NNI) ports connect
sVLAN switches together and support multiple sVLANs per port.
Note: You can enable sVLANs on all ports. If the port belongs to a
multilink trunk, perform all sVLAN configurations at the multilink trunk
level.

sVLAN specifications
sVLANs provide the following features:
• VLAN transparency for IEEE 802.1Q tagged or untagged traffic through

service provider core network
• A solution to VLAN scalability issues—you can summarize customer
VLANs into core sVLANs
• Uses a layered architecture to improve scalability
sVLAN rules
The following are sVLAN configuration rules.
• IP filters are not supported on an sVLAN.

• To apply Quality of Service (QoS) to an sVLAN, use the per-VLAN QoS
option.
• Because regular VLANs are not supported on an sVLAN NNI port, sVLAN
switches cannot be managed in-band. Nortel recommends an out-of-band or
parallel network for managing the devices.
• When you create an sVLAN spanning tree group, ensure that the tagged
BPDU address of the spanning tree group is different than the standardized
BDPU MAC address.
• The sVLAN is created with UNI and NNI ports.
• An sVLAN cannot span multiple spanning tree groups; that is, the ports in the
sVLAN must all be within one spanning tree group. Spanning tree group IDs
can range in value from 1 to 64.
• sVLANs cannot have routing enabled.
• sVLAN UNI and NNI ports are applicable on a per OctaPID basis. All ports
on an OctaPID can either be normal ports or sVLAN NNI/UNI ports. For
more information, see Appendix A, “Tap and OctaPID assignment (Release
3.x feature set)” on page 567.
sVLAN levels
You can stack sVLANs in a hierarchy to achieve greater VLAN scalability. An

sVLAN level defines the hierarchy for the operating switch. When you configure
the switch, you must specify only one level at a time.
314725-E Rev 00
You must configure the UNI ports on both ends of the tunnel at the same level.
Because sVLAN switching is MAC address-based, the usual issues of VLAN
switching apply.
• If you build sVLAN networks with multiple levels, the network MAC
addresses you specify must all be unique.
• Independent VLAN learning is only applicable within the outer level of
sVLAN and does not take inner tags into account.
Note: Spanning Tree Protocol (STP) is not supported in multilevel

sVLAN networks. It is supported for single level sVLAN networks only.
Figure 9 shows a one layer sVLAN.
Figure 9 One layer sVLAN
Payload Ethernet Ethernet Payload Ethernet

VLAN
header
Payload VLAN sVLAN header
VLAN
header
Ethernet Ethernet
Routing Routing
Switch 8600 Switch 8600
802.1Q sVLAN 802.1Q

Domain core Domain
UNI port NNI port UNI port

Level 1 Level 1 Level 1
Figure 10 on page 62 shows a two layer sVLAN.

Figure 10 Two layer sVLAN

Level 1 sVLAN Packet Level 1 sVLAN Packet
Ethernet Ethernet
Level D Packet Level 2 sVLAN Packet Level D Packet

Payload Ethernet Ethernet Payload Ethernet
VLAN Payload VLAN sVLAN sVLAN VLAN
header header header
8600 8600 8600 8600

802.1Q sVLAN sVLAN sVLAN 802.1Q
Domain Level 1 Level 2 Level 1 Domain
UNI Port NNI Port UNI Port NNI Ports UNI Port NNI Port UNI Port
(Level 1) (Level 1) (Level 2) (Level 2) (Level 2) (Level 1) (Level 1)
sVLAN UNI and NNI ports
The ports in the switch can be configured as an sVLAN user-to-network interface

(UNI), an sVLAN network-to-network interface (NNI), or a normal interface.
Note: You must change the switch level to 1 or above before you
configure sVLAN, UNI, or NNI ports.
You must configure the ports to which you want to provide VLAN transparency as
UNI ports. UNI ports can only belong to one sVLAN. When you configure a UNI
port in the CLI, the tagged-frames-discard parameter is automatically enabled.
NNI ports interconnect the switches in the core network, drop untagged frames on
ingress, and insert the sVLAN tag at the egress. NNI ports can belong to multiple
sVLANs. An NNI port sends sVLAN tagged frames. When you configure an NNI
port in the CLI, the untagged-frames-discard parameter is automatically enabled.
• If a spanning tree group (STG) contains both UNI and NNI ports, change the
standardized MAC addresses used for BPDUs to a non-standardized BPDU
MAC address to avoid interference with regular customer BPDUs.
• The UNI and NNI ports are kept in sVLAN type STG.
314725-E Rev 00
• All the ports in the multilink trunk should have the same port type (normal/
UNI/NNI).
• Large frame support is automatically enabled on UNI or NNI ports.
When you change the sVLAN port type from normal to UNI or NNI, all the
affected ports are removed from the configured STGs and VLANs. Similarly,
when you change the sVLAN port type from UNI or NNI to normal, all the
affected ports are removed from the configured STGs and VLANs and added to
the default STG and default VLAN.
Note: The affected ports are all the ports in the OctaPID. See
Appendix A, “Tap and OctaPID assignment (Release 3.x feature set)” on
page 567.
Note: An NNI port belonging to a default VLAN or a default STG is not

saved across reboots. To avoid this problem, do not configure an NNI port
under the default VLAN or STG.
Flooding for Microsoft NLB clustering systems in unicast

mode
You can use Microsoft Network Load Balancer (NLB) to share workload among
multiple clustering servers. All servers in the cluster share a common virtual MAC
address, which is 02-bf-x-x-x-x in unicast mode. All traffic destined to this MAC
address is sent to all the servers in the cluster. The virtual MAC address is
specified in the source MAC address field of an Address Resolution Protocol
(ARP) request, and ARP responses from the Ethernet Routing Switch 8600 are
sent to the virtual MAC address (rather than to the hardware MAC address).
The Ethernet Routing Switch 8600 Software Release 4.1 includes a configurable
option for NLB cluster support. The NLB cluster is identified by MAC addresses
starting with 02-bf. When you enable the NLB option, the Ethernet Routing
Switch 8600 floods routed traffic destined to this MAC address to the VLAN.
ARP reply packets sent by the switch are flooded throughout the VLAN to allow
all servers to learn the ARP entry corresponding to the switch. The ARP reply
packet sent by the switch contains the virtual MAC address in the destination field
(rather than the hardware MAC address of the NLB node).

For information about enabling or disabling NLB unicast support, see

“Configuring NLB unicast support on an IP interface” on page 325.
VLAN MAC filtering
To perform MAC-layer bridging, the switch must know the destination

MAC-layer address of each device on each attached network so it can forward
packets to the appropriate destination. MAC-layer addresses are stored in
the bridging table, and you can filter packet traffic based on the destination
MAC-layer address information.
For MAC address filtering, the Ethernet Routing Switch 8600 supports Bridge
MIB filtering (RFC 1493). The number of MAC filters is limited to 100. You can
create a filter entry in much the same way as you create a static MAC entry, by
entering a MAC address and the port on which it resides. In the MAC filter record,
you can also specify ports to discard source or destination packets for the MAC
address on a port.
Global MAC filtering eliminates the need for configuring multiple per-VLAN
filter records for the same MAC. It provides the ability to discard a list of MAC
addresses, globally, on the switch. By using a global list you do not have to
configure a MAC per VLAN.
For information about configuring bridge MAC filtering with Device Manager,
see “Configuring a MAC-layer bridge filter” on page 186. For information about
configuring global MAC filtering with Device Manager, see “Configuring the
Global MAC filter” on page 189.
Prevention of IP spoofing within a VLAN
You can prevent VLAN logical IP spoofing by blocking the external use of the
switch IP address. A configurable option is provided, on a per-port basis, which
detects a duplicate IP address (that is, an address that is the same as the switch
VLAN IP address) and blocks all packets with a source or destination address
equal to that address.
314725-E Rev 00
If an ARP packet is received that has the same source IP address as the logical
VLAN IP address, all traffic coming to any port of the switch in that VLAN (with
this MAC address as source/destination address) is silently discarded by the
hardware. After detecting a duplicate IP address, the switch sends a gratuitous
ARP packet to inform devices on the VLAN about the correct MAC address for
that IP address. You can specify a time on a configurable global timer after which
the MAC discard record is deleted and the switch resumes accepting packets from
that MAC address.
For information about configuring this option using the CLI, see “Configuring
spoof detection for a VLAN” on page 332.
Note: If you use Split MultiLink Trunking (SMLT), configure this

option on both SMLT aggregation switches to avoid connectivity issues.
Warning: Enabling the IP spoofing feature requires you to reboot the

switch.
VLAN Loop Detection
On a per-port basis, the Loop Detection feature detects MAC addresses that are
looping from one port to other ports. After a loop is detected, the port on which
the MAC addresses were learned is disabled. Additionally, if a MAC address is
found to loop, the MAC address is disabled for that VLAN.
The Loop Detection feature is used at the edge of a network to prevent loops. It
detects whether the same MAC address appears on different ports. This feature
can disable a VLAN or a port. The Loop Detection feature can also disable a
group of ports if it detects the same MAC address on two different ports five times
in a configurable amount of time.
Note: The Loop Detection feature must only be enabled on SMLT ports,
and never used on IST ports or core SMLT square or full mesh ports.

The Loop Detection feature is configured per-switch. If a loop detection event

takes place, peer switches are not notified.
You can also use Simple Loop Prevention Protocol to detect VLAN loops (see
“Simple Loop Prevention Protocol” on page 130).
The Loop Detection feature has the following traits:
• If a source MAC address is found to loop, and the specified loop detect action
is mac-discard, the MAC address is disabled. Any incoming packets with this
source or destination MAC address will be discarded for that VLAN.
• Ports, VLANs, and MAC addresses that have been disabled by the Loop
Detection feature are reenabled for automatic recovery.
• The link flap feature sets ports to operational down rather than admin down.
• Loop detection cannot be enabled on interswitch trunk ports.
For information about configuring Loop Detection with Device Manager, see
“Configuring VLAN Loop Detection” on page 173. For information about
configuring Loop Detection with the CLI, see “Configuring VLAN Loop
Detection” on page 327. For a CLI loop detection configuration example, see
“SMLT triangle with loop detection configuration example” on page 508.
Spanning tree protocols

The Ethernet Routing Switch 8600 can use one of three spanning tree protocols.
These include the Spanning Tree Protocol, the Rapid Spanning Tree Protocol, and
the Multiple Spanning Tree Protocol.
For information about configuring spanning tree, see Chapter 4, “Configuring

spanning tree using Device Manager,” on page 211 and Chapter 9, “Configuring
STGs using the CLI,” on page 379.
• “Spanning Tree Protocol” on page 67

• “Rapid Spanning Tree Protocol and Multiple Spanning Tree Protocol” on
page 73
314725-E Rev 00
Spanning Tree Protocol
The operation of the Spanning Tree Protocol (STP) is defined in the IEEE 802.1d
standard. The STP detects and eliminates logical loops in a bridged or switched
network. When multiple paths exist, the spanning tree algorithm configures the
network so that a bridge or switch uses only the most efficient path. If that path
fails, the protocol automatically reconfigures the network and makes another path
active, which sustains network operations. You can control path redundancy for
VLANs by implementing the STP.
A network can include multiple instances of STP. The collection of ports in one
spanning tree instance is called a spanning tree group (STG). Ethernet Routing
Switch 8600 modules support STP and up to 64 spanning tree groups.
• “Spanning tree groups”

• “Spanning Tree FastStart” on page 69
• “Understanding STGs and VLANs” on page 69
• “Spanning Tree Protocol topology change detection” on page 70
• “Per-VLAN spanning tree” on page 71
Spanning tree groups
Each STG consists of a collection of ports that belong to the same instance of the
STP protocol. These STP instances are completely independent from each other.
For example, they send their own BPDUs, and they have their own timers.
For Ethernet Routing Switch 8600s, multiple STGs are possible within the same
switch; that is, the routing switch can participate in the negotiation for multiple
spanning trees.
Figure 11 on page 68 shows multiple spanning tree groups.

Figure 11 Multiple spanning tree groups
Spanning Tree Protocol controls
The ports associated with a VLAN must be contained within a single spanning
tree group. If you do not allow a VLAN to span multiple STGs, you avoid
problems with spanning tree blocking ports (which causes a loss of connectivity
within the VLAN).
Each untagged port can belong to only one STG, while tagged ports can belong to
more than one STG. When a tagged port belongs to more than one STG, the
spanning tree BPDUs are tagged to distinguish the BPDUs of one STG from those
of another STG. BPDUs from STG 1 are not tagged. The tagged BPDUs are
transmitted using a multicast MAC address as tagged frames with a VLAN ID,
and you specify the multicast MAC address and the VLAN ID. Because tagged
BPDUs are not part of the IEEE 802.1d standard, not all devices can interpret
tagged BPDUs.
You can enable or disable the Spanning Tree Protocol at the port or at the
spanning tree group level. If you disable the protocol at the group level, received
BPDUs are handled like a MAC-level multicast and flooded out of the other ports
of the STG. Note that an STG can contain one or more VLANs. Remember that
MAC broadcasts are flooded out on all ports of a VLAN; a BPDU is a MAC-level
message, but the BPDU is flooded out of all ports on the STG, which can
encompass many VLANs.
When STP is globally enabled on the STG, BPDU handling depends on the STP
setting of the port:
314725-E Rev 00
• When STP is enabled on the port, received BPDUs are processed in

accordance with STP.
• When STP is disabled on the port, the port stays in a forwarding state,
received BPDUs are dropped and not processed, and no BPDU is generated.
An alternative to disabling the Spanning Tree Protocol is to enable Spanning Tree

FastStart.
Spanning Tree FastStart
Spanning Tree FastStart is an enhanced port mode supported by the Ethernet

Routing Switch 8600. If you enable Spanning Tree FastStart on a port with no
other bridges, Spanning Tree FastStart brings the port up more quickly following
switch initialization or a spanning tree change. The port goes through the usual
blocking and learning states before the forwarding state, but the hold times for
these states is determined by the bridge hello timer (2 seconds by default) instead
of the bridge forward delay timer (15 seconds by default). If the port receives a
BPDU, it reverts to regular behavior.
FastStart is intended for access ports in which only one device is connected to the
switch (as in workstations with no other spanning tree devices). It may not be
desirable to wait the usual 30 to 35 seconds for spanning tree initialization and
bridge learning.
Note: Use Spanning Tree FastStart with caution. This procedure is

contrary to that specified in the IEEE 802.1d standard for Spanning Tree
Protocol (STP), in which a port enters the blocking state following the
initialization of the bridging device or from the disabled state when the
port is enabled through configuration.
Understanding STGs and VLANs
For the purposes of Spanning Tree Protocol negotiation, the ports on an Ethernet
Routing Switch 8600 can be divided into groups of ports where each group of
ports performs its own spanning tree negotiation with neighboring devices. In an
Ethernet Routing Switch 8600, these groups of ports are called spanning tree
groups (STG). The Ethernet Routing Switch 8600 supports up to 64 STGs.

The ports in a VLAN are always a subset of the ports in an STG. A VLAN can
include all the ports in a given STG, and there can be multiple VLANs in an STG,
but a VLAN cannot have more ports than exist in the STG. Because VLANs are
always subsets of STGs, the recommended practice is to plan STGs and then
create VLANs.
In the Ethernet Routing Switch 8600 default configuration, a single STG

encompasses all the ports in the switch. For most applications, this configuration
is sufficient. The default STG is assigned ID 1 (STG1).
If a VLAN spans multiple switches, it must be within the same STG across all
switches; that is, the ID of the STG in which it is defined must be the same across
all devices.
Spanning Tree Protocol topology change detection
Change detection enables the detection of topology changes and sends a topology
change notification (TCN) to the root on a per-port basis. Change detection is
enabled by default. When change detection is enabled and a topology change
occurs, a trap is sent with the following information so that you can identify the
device:
• the MAC address of the STG sending the TCN

• the port number
• the STG ID
You can disable change detection on ports on which a single end station is
connected, and where powering that end station on and off will trigger the TCN.
Change detection is referenced in IEEE 802.1d.
Topology change detection configuration rules
When you work with change detection settings:
• You can configure change detection only on access ports. This also applies to
link aggregation ports.
• If you disable change detection and then change the port from access to
tagging-enabled, the switch automatically sets change detection to enabled
for the port. This also applies to link aggregation ports.
314725-E Rev 00
• In a link aggregation group with access ports, modifications to change

detection for a member port are automatically applied to the remaining
member ports.
To configure change detection using Device Manager, see “Configuring STG

topology change detection” on page 225.
To configure change detection using the CLI, see “Configuring topology change
detection” on page 389.
Per-VLAN spanning tree
The Ethernet Routing Switch supports standards-based IEEE 802.1d STP in

addition to supporting proprietary mechanisms for multiple instances of spanning
tree.
Unfortunately, the IEEE 802.1d spanning tree provides only one instance of the
STP that can lead to incomplete connectivity for certain VLANs, depending on
the network topology.
For example, Figure 12 shows a network in which one or more VLANs span only
some switches. In this example, the STP can block a VLAN path if that VLAN
does not span across all switches.
Figure 12 802.1d spanning tree
You can avoid this issue by configuring multiple spanning tree instances, as shown
in Figure 13 on page 72.

The Ethernet Routing Switch 8600 uses a tagged BPDU address that is associated
with a VLAN tag ID. The VLAN tag ID is applied to one or more VLANs, and is
used among switches to prevent loops. The same tagged BPDU address must be
configured on all switches in the network.
The Cisco Systems proprietary implementation of multiple spanning tree

(pre-IEEE 802.1s) is called PVST/PVST+ (Per VLAN Spanning Tree), which
uses a spanning tree instance per VLAN.
Figure 13 Multiple instances of spanning tree
With software release 3.7 or greater, you can configure your Ethernet Routing
Switch using either of two methods: Ethernet Routing Switch 8600 tagged BPDU
or PVST+.
Similar to the Ethernet Routing Switch 8600 implementation of multiple STP

instances, PVST+ uses the standard IEEE 802.1d STP for VLAN 1; all other
VLANs use PVST+ BPDUs.
You can use IEEE 802.1Q VLAN tagging to tunnel the multicast PVST+ BPDUs
within a IEEE 802.1Q region. The standard BPDUs for VLAN 1 are all addressed
to the well-known STP multicast address 01-80-C2-00-00-00, while PVST+
BPDUs in other VLANs are addressed to the multicast address of
01-00-0C-CC-CC-CD.
You can use PVST+ to load balance the VLANs by changing the VLAN bridge
priority.
For PVST+ configuration examples with included CLI commands, refer to

“Per-VLAN Spanning Tree Plus (PVST+) configuration examples” on page 544.
314725-E Rev 00
Rapid Spanning Tree Protocol and Multiple Spanning Tree

Protocol
The Rapid Spanning Tree Protocol (RSTP or IEEE 802.1w) reduces the recovery
time after a network breakdown. It also maintains backward compatibility with
IEEE 802.1d (the spanning tree implementation prior to RSTP). In certain
configurations, the recovery time of RSTP can be reduced to less than 1 second.
RSTP also reduces the amount of flooding in the network by enhancing the way
Topology Change Notification (TCN) packets are generated.
With Multiple Spanning Tree Protocol (MSTP or IEEE 802.1s), you can configure
multiple instances of RSTP on the same switch. Each RSTP instance can include
one or more VLANs. The operation of the MSTP is similar to the current Nortel
proprietary MSTP.
Using RSTP and MSTP in addition to the current proprietary STP

implementation, the Ethernet Routing Switch 8600 can achieve the following:
• reduced convergence time after a topology change (from 30 seconds to less

than 1 or 2 seconds);
• unnecessary flushing of the MAC database and the flooding of traffic to the
network eliminated;
• backward compatibility with legacy 802.1d switches;
• support for 64 instances of spanning tree in MSTP mode.
For RSTP and MSTP configuration examples, see “Rapid Spanning Tree Protocol
configuration example” on page 554 and “Multiple Spanning Tree Protocol
configuration example” on page 559.
Interoperability with legacy STP
RSTP provides a new parameter called ForceVersion to provide backward

compatibility with legacy STP. A user can configure a port in either
STP-compatible mode or RSTP mode.
• An STP-compatible port transmits and receives only STP BPDUs. Any RSTP
BPDU that the port receives in this mode is discarded.

• An RSTP-compatible port transmits and receives only RSTP BPDUs. If an

RSTP port receives a STP BPDU, it becomes an STP port. User intervention
is required to change this port back to RSTP mode. This process is called Port
Protocol Migration.
Differences in port roles
RSTP is an enhanced version of STP. These two protocols have almost the same
set of parameters.
Table 8 lists the differences in port roles for STP and RSTP. STP supports two port
roles while RSTP supports four port roles.
Table 8 Differences in port roles for STP and RSTP
Port Role STP RSTP Description
Root Yes Yes This port receives a better BPDU

than its own and has the best path
to reach the Root. The root port is
in Forwarding state. The root port
and designated ports can be in the
Discarding state before they go to
root forwarding.
Designated Yes Yes This port has the best BPDU on
the segment. The designated port
is in the Forwarding state.
Alternate No Yes This port receives a better BPDU
than its own BPDU, and there is a
Root port within the same switch.
The alternate port is in the
Discarding state.
Backup No Yes This port receives a better BPDU
than its own BPDU, and this BPDU
is from another port within the
same switch. The backup port is in
the Discarding state.
314725-E Rev 00
Port roles—root forwarding role
MSTP and RSTP root forwarding roles are as follows:
• The port that receives the best path BPDU on a switch is the root port, and is
referred to as a Root Forwarding (RF) port. This is the port that is the closest
to the root bridge in terms of path cost.
• The spanning tree algorithm elects a single root bridge in a bridged network
per spanning tree instance.
• The root bridge is the only bridge in a network that does not have root ports;
all ports on a root bridge are Designated Forwarding (DF).
• There can only be one path towards a root bridge on a given segment,
otherwise there will be loops.
Port roles—designated forwarding role
MSTP and RSTP designated forwarding roles are as follows:
• All bridges connected on a given segment monitor each other’s BPDUs. The
bridge that sends the best BPDU is, by mutual agreement, the root bridge for
the segment.
• The corresponding port on the bridge is referred to as a Designated
Forwarding Port.
Port roles—alternate blocking role
MSTP and RSTP alternate blocking roles are as follows:
• A blocked port is defined as a port not designated by a root port.

• An Alternate Blocked port is a port that is blocked because it received better
path cost BPDUs from another bridge.
Edge port
RSTP uses a new parameter called the edge port. When a port connects to a
non-switch device, such as a PC or a workstation, it must be configured as an edge
port. An active edge port enters forwarding state without delay. An edge port
becomes a non-edge port if it receives a BPDU.

Path cost values
RSTP and MSTP recommend new path cost values that support a wide range of
link speeds. Table 9 lists the recommended path cost values.
Table 9 Recommended path cost values
Link Speed Recommended Value
Less than or equal to 100 Kb/s 200 000 000

1 Mb/s 20 000 000
10 Mb/s 2 000 000
100 Mb/s 200 000
1 Gb/s 20 000
10 Gb/s 2 000
100 Gb/s 200
1 Tb/s 20
10 Tb/s 2
Negotiation process
The following section describes the negotiation process between switches that
takes place before PCs can exchange data (see Figure 14 on page 77).
314725-E Rev 00
Figure 14 Negotiation process
After power-up, all ports assume the role of designated ports. All ports are in the
discarding state except edge ports. Edge ports go directly into forwarding state
without delay.
Switch A port 1 and switch B port 1 exchange BPDUs. Switch A knows that it is
the root and that switch A port 1 is the designated port. Switch B learns that
switch A has higher priority. Switch B port 1 becomes the root port. Both switch
A port 1 and switch B port 1 are still in discarding state.
Switch A starts the negotiation process by sending a BPDU with the proposal bit
set.
Switch B receives the proposal BPDU and sets its non-edge ports to discarding
state. This operation occurs during the synchronization process.
Switch B sends a BPDU to switch A with the agreement bit set.

Switch A sets port 1 to forwarding state and switch B sets port 1 to forwarding
state. PC 1 and PC 2 can now communicate. The negotiation process now moves
on to switch B port 3 and its partner port. PC 3 cannot exchange data with either
PC 1 or PC 2 until the negotiation process between switch B and switch C
finishes.
The RSTP convergence time depends on how quickly the switch can exchange
BPDUs during the negotiation process, and on the number of switches in the
network.
Link aggregation (MLT, SMLT, LACP, VLACP)

Link aggregation allows you to bundle a set of ports into a port group, which is
represented as one logical interface to upper layer protocols.
Your Ethernet Routing Switch 8600 supports multiple types of link aggregation:
• MultiLink Trunking (MLT) is a statically configured link bundling method.

• IEEE 802.3ad-based link aggregation, through the Link Aggregation Control
Protocol (LACP), supports a dynamic link aggregation function, which can
add links dynamically, as they become available, to a trunk group.
• Both MLT and IEEE 802.3ad-based link aggregation are defined as
point-to-point functions, although Split MultiLink Trunking (SMLT) allows
you to connect a multilink trunk point to two SMLT endpoints. SMLT can
connect two SMLT end points to two other SMLT endpoints as well.
• SMLT allows not only module redundancy, but also allows system
redundancy while allowing bandwidth aggregation at the same time. In
addition, SMLT functionality was extended to include LACP for dynamic link
aggregation.
314725-E Rev 00
• VLACP provides an end to end failure detection mechanism, which notifies

the Ethernet Routing Switch 8600 of unidirectional or bidirectional link
failures.
Note: For information about configuring link aggregation, see

Chapter 5, “Configuring link aggregation using Device Manager,” on
page 249 and Chapter 10, “Configuring link aggregation using the CLI,”
on page 427.
Note: See Chapter 12, “Device Manager configuration examples,” on
page 491 and Chapter 13, “CLI configuration examples,” on page 503
for configuration examples, including CLI commands, for concepts
described in this section.
• “MultiLink Trunking (MLT)” on page 79

• “IEEE 802.3ad-based link aggregation” on page 91
• “Virtual LACP (VLACP)” on page 101
• “Split MultiLink Trunking (SMLT)” on page 106
MultiLink Trunking (MLT)
MultiLink Trunking is a point-to-point connection that aggregates multiple ports

so that they logically act like a single port, but with the aggregated bandwidth.
Grouping multiple ports into a logical link provides higher aggregate throughput
on a switch-to-switch or switch-to-server application.
MultiLink Trunking provides media and module redundancy. Module redundancy

is provided in the form of Distributed MLT (DMLT), which you can use to
aggregate similar ports from different modules.
Note: MLT links must be statically configured to be trunk group

members.

• “MLT traffic distribution algorithm”

• “MultiLink Trunking rules” on page 82
• “Multicast flow distribution over MLT” on page 83
• “Multicast distribution algorithm” on page 84
• “Multicast traffic redistribution” on page 86
• “MLT examples” on page 87
MLT traffic distribution algorithm
A multilink trunk can be used to aggregate bandwidth between two switches. The
Ethernet Routing Switch 8600 uses one of two algorithms to determine which
active port in the multilink trunk is used for each packet. The MLT algorithms
provide load sharing while ensuring that each packet in a flow does not arrive out
of sequence.
Note: The algorithms are the same traffic distribution algorithms used for
the IEEE 802.3ad-based link aggregation.
Traffic distribution algorithm for legacy modules
For non-R modules (that is, legacy, E, or M modules), the distribution algorithm
for any bridged packet (except IP distribution) is based on:
(DestIP[5:0] XOR SrcIP[5:0]) MOD (number of active links)
Bridged and routed IP or routed Internetwork Packet Exchange (IPX) distribution

is based on:
(DestMAC[5:0] XOR SrcMAC[5:0]) MOD (number of active links)
Traffic distribution algorithm for R modules
Release 4.1 uses an enhanced traffic distribution algorithm for R modules. This
ensures proper traffic distribution in all customer networks. The entire MAC or IP
source and destination fields, and a hardware-assisted hash mechanism, are used
to obtain better load distribution.
314725-E Rev 00
The existing distribution algorithm for IP traffic (bridged or routed) using

R modules is:
Result = (DestIP[5:0] XOR SrcIP[5:0])
Other types of traffic use:
Result = (DestMAC[5:0] XOR SrcMAC[5:0])
The result is used as an index to a table that is populated with active MLT ports
repeated over 63 entries.
The distribution algorithm enhancement for any IPv4 traffic (bridged or routed) is
to form a 64 bit hash key using the 32 bit DestIp and 32 bit SrcIp fields.
The distribution algorithm enhancement for any IPv6 traffic (bridged or routed) is:
64 bit key = (SrcIP[63:0] XOR srcIpIp[127:64])

64 bit key = ((64 bit key) XOR DestIp[63:0])
64 bit key = ((64 bit key) XOR DestIp[127:64])
The distribution algorithm enhancement for other types of traffic is to form a 64

bit hash key using the lower 32 bits of the DestMAC field and the lower 32 bits of
the SrcMAC field:
Result = hash(64 bit key, hashFcn)
where hash is an RSP instruction and hashFcn is chosen to produce a 6 bit result.
The hash function is 0x000c00003f000000, which contains a 25 bit seed, a 24 bit
hash polynomial coefficient, and a 5 bit polynomial width.
The result is used as an index to a table that is populated with active multilink
trunk ports repeated over 63 entries.
To view the MLT port calculated by the new distribution algorithm for R modules,
use the following command:
config sys set hash-calc getmltindex traffic-type <value>

dest-val <value> src-val <value> mltID <value>

where
• traffic-type <value> is one of non-ip, ipv4, or ipv6

• dest-val <value> is the destination address in the range of 1 to 1536
• src-val <value> is the source address in the range of 1 to 1536
• mltID <value> is the MLT ID.
The source and destination addresses cannot have the same value. Figure 15
shows sample output for the config sys set hash-calc command.
Figure 15 Config sys set hash-calc output
ERS-8610:5# config sys set hash-calc getmltindex traffic-type ipv4

dest-val 1 src-val 1 mltID 1
Dest-addr and Src-addr cannot be same!
ERS-8610:5# config sys set hash-calc getmltindex traffic-type ipv4

dest-val 1 src-val 2 mltID 1
mltHashIndex: 0x37
mltId: 1, mltPortIndex 55 mltPort cpp
ERS-8610:5#
MultiLink Trunking rules
All Ethernet Routing Switch 8600 multilink trunks operate under the following set
of rules:
• MLT is supported on 10BaseT, 100BaseTX, 100BaseFX, Gigabit Ethernet,

and 10 Gigabit Ethernet module ports.
• All ports in an multilink trunk must be of the same media type (copper or
fiber) and have the same speed and duplex settings.
• All ports in a multilink trunk must be in the same STG, unless the port is
tagged; tagging allows ports to belong to multiple STGs.
• MLT is compatible with the Spanning Tree Protocol.
• IEEE 802.1Q tagging is supported on a multilink trunk.
314725-E Rev 00
Ethernet Routing Switch 8600 multilink trunks have the following general
features and requirements:
• Up to 128 MLT groups (using R modules and R mode) are supported with as
many as 8 same-type ports belonging to a single multilink trunk.
• The ports in a multilink trunk can span modules, providing module
redundancy.
• All ports in a multilink trunk must be in the same STG, unless the port is
tagged; tagging allows ports to belong to multiple STGs.
• Apply filters individually to each port in a multilink trunk.
Multicast flow distribution over MLT
MultiLink Trunking (MLT) provides a mechanism for distributing multicast

streams over a multilink trunk. The mechanism is based on source-subnet and
group addresses, and you can use it to choose the address and the bytes in the
address for the distribution algorithm.
Note: This algorithm is the same multicast flow distribution algorithm

used for IEEE 802.3ad-based link aggregation.
As a result, you can distribute the load on different ports of the multilink trunk and
achieve an even distribution of the streams. In applications such as TV
distribution, multicast traffic distribution is particularly important, because
bandwidth requirements can be substantial when a large number of TV streams
are employed.
Note: The Multicast Distribution over MLT feature is supported

only on Ethernet Routing Switch 8600 E, M, and R modules. As a
result, all the modules that have ports in a multilink trunk must be
Ethernet Routing Switch 8600 E, M, or R modules to enable
multicast flow distribution over MLT.

Multicast distribution algorithm
To determine the port for a particular source, group (S, G) pair, use the number of
active MLT ports to MOD the number generated by the XOR (exclusive OR
operation) for each byte of the masked group address, with the masked source
address.
By default, the group mask and source mask is 255.255.255.255. A byte with a
value of 255 in the mask means that the corresponding byte in the group or source
address is taken into account when the algorithm is applied.
For example, given:
group address G[0].G[1].G[2].G[3]

group mask GM[0].GM[1].GM[2].GM[3]
source subnet address S[0].S[1].S[2].S[3]
source mask SM[0].SM[1].SM[2].SM[3]
The port is calculated using:
( ( ( (( G[0] AND GM[0] ) XOR ( S[0] AND SM[0] ) ) XOR ( (G[1] AND
GM[0] ) XOR ( S[1] AND SM[1] )) ) XOR ( (G[2] AND GM[2] ) XOR ( S[2]
AND SM[2] )) ) XOR ( ( G[3] AND GM[3] ) XOR ( S[3] AND SM[3] )) )
MOD (active ports of the MLT)
Algorithm example
The algorithm used for traffic distribution causes the distribution to be sequential
if the streams are similar to those in this example.
For this example, assume that the MLT ports are 1/1 to 1/4, that the mask
configuration is 0.0.0.0 for the source mask and 0.0.0.255 for the group mask, and
that source A.B.C.D sends to groups:
X.Y.Z.1
X.Y.Z.2
X.Y.Z.3 to X.Y.Z.10
314725-E Rev 00
The algorithm chooses link 1/1 for group X.Y.Z.1, and then X.Y.Z.2 goes on port
1/2, X.Y.Z.3 goes on port 1/3, X.Y.Z.4 goes on port 1/4, X.Y.Z.5 goes on port 1/1,
and so on.
Configuration example
In this configuration example, only the first byte of the group mask, and the first
two bytes of the source subnet mask are considered when distributing the streams.
config sys mcast-mlt-distribution grp-mask 255.0.0.0

config sys mcast-mlt-distribution src-mask 255.255.0.0
config sys mcast-mlt-distribution enable
config sys mcast-mlt-distribution redistribution enable
Note: When you configure flow distribution over MLT, Nortel

recommends that you choose source and group masks that result
in the most even traffic distribution over the multilink trunk links.
For example, if you find that group addresses change
incrementally, while there are few sources sending to different
groups, use a source mask of 0.0.0.0 and a group mask of
255.255.255.255. In most cases, this provides a sequential
distribution of traffic on the multilink trunk links.
For a detailed description of commands used to configure multicast flow

distribution over MLT, see the publication, Configuring IP Routing Multicast
Protocols.

Multicast traffic redistribution
The overall goal of traffic redistribution is to achieve a distribution of the streams

on the multilink trunk links in the event of an MLT configuration change. Traffic
distribution is based on the IP multicast MLT distribution algorithm (see
“Multicast distribution algorithm” on page 84), and the algorithm behavior is the
same for R and non-R modules.
By default, redistribution is disabled. When you add or remove a link from the
multilink trunk, the active streams continue flowing on their original links if
redistribution is disabled. If redistribution is enabled, however, the active streams
are redistributed according to the distribution algorithm on the links of the
multilink trunk.
Note: Traffic redistribution can cause minor traffic interruptions.
To minimize the effect of redistribution of multicast traffic on the multilink trunks,

the implementation does not move the streams to the appropriate links all at once.
Instead, it redistributes a few streams at every time tick of the system. To that end,
when an MLT port becomes inactive and redistribution is disabled, only the
affected streams are redistributed on the remaining active ports.
If redistribution is enabled, all the streams are redistributed on the MLT ports
based on the assignment provided by the distribution algorithm. For more
information, see “Multicast distribution algorithm” on page 84.
When a new port becomes active in a multilink trunk and redistribution is

disabled, existing streams remain on their original links. If you need to
redistribute the streams dynamically to split the load on all the links of the
multilink trunk, you can enable redistribution. This results in a few streams being
redistributed every system time tick.
For a detailed description of the commands used to configure multicast flow

distribution over MLT, see Configuring IP Routing Multicast Protocols.
314725-E Rev 00
MLT examples
This section provides three MLT examples and includes the following topics:
• “Switch-to-switch MLT example”, next

• “Switch-to-server MLT example” on page 89
• “Client/server MLT example” on page 89

Switch-to-switch MLT example
Figure 16 shows two multilink trunks (T1 and T2) connecting switch S1 to
switches S2 and S3.
Figure 16 Switch-to-switch multilink trunk configuration
S1
T1
T2
S2 S3
Legend
Ethernet Routing Switch 8600
9050EB
Each of the trunks shown in Figure 16 can be configured with multiple switch
ports to increase bandwidth and redundancy. When traffic between
switch-to-switch connections approaches single port bandwidth limitations, you
can create a multilink trunk to supply the additional bandwidth required to
improve performance.
314725-E Rev 00
Switch-to-server MLT example
Figure 17 shows a typical switch-to-server trunk configuration. In this example,

file server FS1 utilizes dual MAC addresses, using one MAC address for each
network interface card (NIC). No multilink trunk is configured on FS1. FS2 is a
single MAC server (with a four port NIC) and is configured as multilink trunk
configuration T1.
As shown in this example, one port on FS1 is blocked, thus is unused, whereas
FS2 benefits from having aggregated bandwidth on multilink trunk T1.
Figure 17 Switch-to-server multilink trunk configuration

MAC addresses
FS1 FS2
00:80:2d:01:f0:00
00:80:2d:01:f0:01
T1
S1
Legend

9051EB
Client/server MLT example
Figure 18 on page 90 shows an example of how multilink trunks can be used in a

client/server configuration. In this example, both servers are connected directly to
switch S1. FS2 is connected through a multilink trunk configuration (T1). The
switch-to-switch connections are through multilink trunk T2, T3, and T4. Clients
accessing data from the servers (FS1 and FS2) are provided with maximized

bandwidth through T1, T2, T3, and T4. On the Ethernet Routing Switch 8600,
trunk members (the ports that comprise each multilink trunk) do not have to be
consecutive switch ports; they can be selected across different modules for
module redundancy.
Figure 18 Client/server multilink trunk configuration

FS1 FS2
T1
S1
T2 T3 T4
S2 S3 S4
Legend

9052EB
With spanning tree enabled, ports that belong to the same MultiLink Trunk
operate as follows:
• All ports in the multilink trunk must belong to the same spanning tree group if
spanning tree is enabled.
• Identical bridge protocol data units (BPDU) are sent from each port.
314725-E Rev 00
• The multilink trunk port ID is the ID of the lowest numbered port.

• If identical BPDUs are received on all ports, the multilink trunk mode is
forwarding.
Note: You can disable the Nortel Spanning Tree Protocol (ntstg
<enable|disable>) if you do not want to receive BPDUs on all ports.
• If no BPDU is received on a port or if BPDU tagging and port tagging do not

match, the individual port is taken offline.
• Path cost is inversely proportional to the active multilink trunk bandwidth.
IEEE 802.3ad-based link aggregation
IEEE 802.3ad-based (IEEE 802.3 2002 clause 43) link aggregation allows you to
aggregate one or more links together to form a link aggregation group (LAG),
such that a MAC client can treat the LAG as if it were a single link.
Although IEEE 802.3ad-based link aggregation and MLT provide similar

services, MLT is statically defined, whereas IEEE 802.3ad-based link aggregation
is dynamic and provides more functionality through the Link Aggregation Control
Protocol (LACP). LACP dynamically detects whether links can be aggregated into
a link aggregation group and does so when links become available.
IEEE 802.3ad was designed for point-to-point link aggregation only. However, the
Ethernet Routing Switch 8600 provides extensions to support IEEE 802.3ad in
SMLT configurations, thereby allowing any IEEE 802.3ad-capable device to be
connected to an SMLT aggregation pair.
• “Overview” on page 93
• “LACP” on page 94
• “Link aggregation operations” on page 94
• “Principles of link aggregation” on page 95
• “LACP and MLT” on page 97
• “LACP and SMLT” on page 98
• “LACP and routing” on page 98

• “LACP priority” on page 98

• “LACP keys” on page 99
• “LACP timers” on page 99
• “LACP modes” on page 100
• “LACP and spanning tree interaction” on page 100
314725-E Rev 00
Overview
The IEEE 802.3ad standard comprises of service interfaces, the Link Aggregation
Control Protocol, the Marker Protocol, link aggregation selection logic, parser/
multiplexer, frame distribution, and frame collection functions.
Figure 19 shows the major functions of IEEE 802.3ad defined as multiple link
aggregation.
Figure 19 Link aggregation sublayer (according to IEEE 802.3ad)

LACP
The main purpose of LACP is to manage switch ports and their port memberships
to form link aggregation groups (LAG). LACP can dynamically add or remove
LAG ports, depending on their availability and states.
Aside from automatic link aggregation, a side benefit of LACP is its ability to
detect link layer failure within a service provider network. LACP packets are
exchanged end to end, thus if a link in the middle fails, but the local ports do not
register the failure, LACP times out and disables the port for traffic. VLACP—
Virtual LACP—can be used to speed up the link layer failure detection process if
necessary.
The interfaces between the LACP module and the other modules is shown in
Figure 19 on page 93.
Link aggregation operations
As shown in Figure 19 on page 93, the link aggregation sublayer comprises the
following functions:
• Frame distribution:
This block takes frames submitted by the MAC client and submits them for
transmission on the appropriate port, based on a frame distribution algorithm
employed by the Frame Distributor.
Frame distribution also includes an optional Marker Generator/Receiver used
for the Marker Protocol. For the Ethernet Routing Switch 8600, only the
Marker Receiver function is implemented. Refer to “MultiLink Trunking
(MLT)” on page 79 for details about the frame distribution function.
• Frame collection:
This block passes frames received from the various ports to the MAC client.
Frame collection also includes a Marker Responder, used for the Marker
Protocol.
• Aggregator Parser/Multiplexers:
— During transmission operations, these blocks pass frame transmission
requests from the Distributor, Marker Generator, and Marker Responder
to the appropriate port.
314725-E Rev 00
— During receive operations, these blocks distinguish among Marker

Request, Marker Response, and MAC Client PDUs, and pass each to the
appropriate entity (Marker Responder, Marker Receiver, and Collector,
respectively).
• Aggregator:
The combination of frame distribution and collection, along with Aggregator
Parser/Multiplexers, is referred to as the Aggregator.
• Aggregation Control:
This block configures and controls link aggregation. It incorporates LACP,
which can be used for automatic communication of aggregation capabilities
between systems. and automatic configuration of link aggregation.
• Control Parser/Multiplexers:
— During transmission operations, these blocks pass frame transmission
requests from the Aggregator and Control entities to the appropriate port.
— During receive operations, these blocks distinguish Link Aggregation
Control PDUs (LACPDU) from other frames, passing the LACPDUs to
the appropriate sublayer entity, and all other frames to the aggregator.
Principles of link aggregation
Link aggregation allows you to group switch ports together to form a link group to
another switch or server, thus increasing aggregate throughput of the
interconnection between the devices while providing link redundancy.
Link aggregation employs the following principles and concepts:
• A MAC client communicates with a set of ports through an aggregator, which

presents a standard IEEE 802.3 service interface to the MAC client. The
Aggregator binds to one or more ports within a system.
• The aggregator distributes frame transmissions from the MAC client to the
various ports, and collects received frames from the ports and passes them to
the MAC client transparently.
• A system can contain multiple aggregators serving multiple MAC clients. A
given port binds to (at most) a single aggregator at any time. A MAC client is
served by a single aggregator at a time.

• The binding of ports to aggregators within a system is managed by the Link

Aggregation Control function for that system. The control function
determines which links can be aggregated, aggregates them, binds the ports
within the system to an appropriate aggregator, and monitors conditions to
determine when a change in aggregation is needed. Such determination and
binding can be under manual control through direct manipulation of the state
variables of link aggregation (for example, keys) by a network manager. In
addition, automatic determination, configuration, binding, and monitoring can
occur through the use of a LACP.
• The LACP uses peer exchanges across the links to determine, on an ongoing
basis, the aggregation capability of the various links, and continuously
provides the maximum level of aggregation capability achievable between a
given pair of systems.
• Frame ordering is maintained for certain sequences of frame exchanges
between MAC Clients. The distributor ensures that all frames of a given
conversation are passed to a single port. For any given port, the collector is
required to pass frames to the MAC client in the order that they are received
from that port. The collector is otherwise free to select frames received from
the aggregated ports in any order. Because there are no means for frames to be
mis-ordered on a single link, this guarantees that frame ordering is maintained
for any conversation.
• Conversations can be moved among ports within an aggregation, both for load
balancing and for maintaining availability in the event of link failures.
• The standard does not impose any particular distribution algorithm on the
distributor. Use an algorithm that is appropriate for the supported MAC client.
For frame distribution function details, see “MultiLink Trunking (MLT)” on
page 79.
• Each port is assigned a unique, globally administered MAC address.
The MAC address is used as the source address for frame exchanges that are
initiated by entities within the link aggregation sublayer itself (for example,
LACP and Marker Protocol exchanges).
• Each aggregator is assigned a unique, globally administered MAC address,
which is used as the MAC address of the aggregation from the perspective of
the MAC Client, both as a source address for transmitted frames and as the
destination address for received frames.
The MAC address of the aggregator can be one of the MAC addresses of a
port in the associated LAG.
314725-E Rev 00
LACP and MLT
When you configure standards-based link aggregation, you must enable the
aggregatable field. After you enable the aggregatable field, the LACP aggregator
is one-to-one mapped to the specified multilink trunk.
For example, when you configure a link aggregation group (LAG), use the
following steps:
1 Assign a numeric key to the ports you want to include in the LAG.
2 Configure the LAG to be aggregatable.
3 Enable LACP on the port.
4 Create a multilink trunk and assign the same key to that multilink trunk.
The multilink trunk/LAG only aggregates those ports whose key matches its
own.
The newly created multilink trunk/LAG adopts the VLAN membership of its
member ports when the first port is attached to the aggregator associated with this
LAG. When a port is detached from an aggregator, the port is deleted from the
associated LAG port member list. When the last port member is deleted from the
LAG, the LAG is deleted from all VLANs and STGs.
After the multilink trunk is configured as aggregatable, you cannot add or delete
ports or VLANs manually.
To enable tagging on ports belonging to LAG, first disable LACP on the port, and
then enable tagging on the port and enable LACP.

LACP and SMLT
The following are some guidelines to follow when using LACP and SMLT:
• If you use LACP in an SMLT square configuration, the LACP ports must have
the same keys for that SMLT LAG; otherwise, the aggregation can fail if a
switch failure occurs.
• If an SMLT aggregation switch has LACP enabled on some of its multilink
trunks, do not change LACP system priority after LACP is enabled on ports. If
some ports do not enter the desired multilink trunk after a dynamic
configuration change, use the CLI command (assume MLT 10): conf mlt
10 lacp clear-link-aggrgate
• Nortel recommends that LACP not be enabled on interswitch trunks to avoid
unnecessary processing and to maintain simplicity. If a failure detection
mechanism is required when there is an optical network between the SMLT
core switches, use VLACP.
LACP is supported on single port split multilink trunks and split multilink trunks.
Note: The Ethernet Routing Switch 8600 Software Release 4.1 does not
support the use of Simple Loop Prevention Protocol (SLPP) in an
LACP-SMLT environment.
LACP and routing
If Open Shortest Path First (OSPF) routing is enabled on the port, do not set the
LACP periodic transmission timer to less than 1 second.
LACP priority
LACP priority is configured at the system level and at the port level.
• Port priority—determines which ports are aggregated into LAG if more than
eight ports are configured for the LAG, as in a standby-port configuration.
314725-E Rev 00
• System priority—generates the switch ID when communicating with other

switches. For SMLT applications, this is used to determine a master/slave
relationship between the SMLT switches. Nortel recommends that this value
remain at its default value. If it must be changed, Nortel recommends that you
disable LACP first, and then reenable it after the value is changed.
LACP keys
LACP keys are used to determine which ports are eligible to be aggregated into a
LAG. The LACP keys are defined under the ports when the multilink trunk is
configured. The ports whose keys match the multilink trunk’s key can be
aggregated into that multilink trunk.
• Keys need not match between two LACP peers.

• Keys must match on SMLT core switches when using LACP with SMLT.
LACP timers
You can customize failover times by changing the LACP timer attributes (fast
periodic time; slow periodic time; aggregate wait time). These values are set by
default to match the IEEE 802.3ad values. If they are changed, these values must
match on the ports participating in aggregation between two devices.
Any changes to these values at the global level are reflected on all ports. However,
these values can be changed on a per-port level. When you change a LACP timer
globally, this value is set on all ports. The global timer value overwrites the local
port value irrespective of the LACP state. You must reconfigure any port values
that differ from the global values.
The user can use either the fast or slow timer, and this is set on the port level. By
default, the Ethernet Routing Switch 8600 uses the long timer. LACP uses the
following timers, which have the parameters indicated:
• fast periodic timer—200 to 20 000 ms; default 1000 ms

• slow periodic timer—10 000 to 30 000 ms; default 30 000 ms
• aggregation wait timer—200 to 2000; default 2000

Timer changes must be made to all ports participating in link aggregation, as well
as to the ports on the partnering node.
Note: Configuration changes to the LACP timers are not reflected

immediately. LACP timers are not reset until the next time LACP is
restarted globally or on a port. This action ensures consistency with peer
switches.
When you enable LACP on a port, the timer values used are those set at the port
level. Toggling of the LACP status is required when timer values change. Existing
ports are not impacted by this change unless you toggle the LACP status on the
port.
LACP modes
LACP uses two mode types, active and passive.
• Active mode—ports initiate the aggregation process. Active mode ports

aggregate with other active mode ports or passive mode ports.
• Passive mode—ports participate in LACP but do not initiate the aggregation
process. Passive mode ports must be partnered with active mode ports for
aggregation to occur.
LACP and spanning tree interaction
LACP module operation is only affected by the physical link state or its LACP
peer status. When a link is enabled or disabled, the LACP module is notified. The
STP forwarding state does not affect the operation of LACP module. LACPDUs
can be sent even if the port is in the STP blocking state.
Unlike legacy multilink trunks, configuration changes (such as speed and duplex
mode) to a LAG member port are not applied to all the member ports in the
multilink trunk. Instead, the changed port is removed from the LAG and the
corresponding aggregator, and the user is alerted when the configuration is
created.
314725-E Rev 00
In contrast to MLT, IEEE 802.3ad-based link aggregation does not expect BPDUs
to be replicated over all ports in the trunk group. Therefore, you must enter the
ntstg disable command to disable the parameter on the spanning tree group
for LACP-based link aggregation. See “Configuring Spanning Tree Protocol” on
page 385 for more information about this command.
Be aware that this parameter is applicable to all trunk groups that are members of
the spanning tree group. This is necessary when internetworking with devices that
only send BPDUs out of one port of the LAG.
Link aggregation rules
Ethernet Routing Switch 8600 link aggregation groups operate under the
following rules:
• All ports in a LAG must operate in full-duplex mode.

• All ports in a LAG must operate at the same data rate.
• All ports in a LAG must be in the same VLAN.
• Link aggregation is compatible with the Spanning Tree Protocol (STP).
• Link aggregation groups must be in the same STP groups.
• Ports in a link aggregation group can exist on different modules.
• A maximum of 32 link aggregation groups (128 for R modules in R mode) are
supported.
• A maximum of eight active links are supported per LAG.
• A maximum of eight standby links are supported per LAG.
• With the 4.1 release, you can configure up to eight ports (mixture of active
and standby ports) in an 802.3ad group.
Virtual LACP (VLACP)
Virtual LACP is an LACP extension that is used for end to end failure
detection.VLACP uses the Hello mechanism of LACP to periodically send Hello
packets to ensure there is end to end reachability. When Hello packets are not
received, VLACP transitions to a failure state, which indicates a service provider
failure, and the port is disabled. An advantage of VLACP is that VLACP timers
can be reduced to 200 milliseconds, which allows approximately one second
failure detection and switchover time.

For the Ethernet Routing Switch 8600 Software Release 4.1, the VLACP fast
periodic timer is reduced to 10 ms, which allows sub-100 ms failover time. To
attain sub-100 ms core convergence, each switch must use the Enterprise
enhanced CPU daughter card 8692SF (also called SuperMezz). This feature is
only supported between core Ethernet Routing Switches. For more information
about this feature, see “VLACP timers and sub-100 ms core convergence” on
page 104.
VLACP only works for port-to-port communications where there is a guarantee

for a logical port-to-port match through the service provider. It does not work for
port-to-multiport communications where there is no guarantee for a point-to-point
match through the service provider. VLACP can be configured on a port in
addition to LACP. LACP can be used for link aggregation, and VLACP can be
used for end to end failure detection.
Ethernet cannot detect end to end failures. Ethernet was extended to detect remote
link failures through functions such as remote fault indication or far-end fault
indication mechanisms, but a major limitation of these functions is that they
terminate at the next Ethernet hop; failures cannot be determined on an end to end
basis.
For example, as shown in Figure 20 on page 103, when enterprise networks

connect their aggregated Ethernet trunk groups through a service provider
network connection (for example, through a VPN), far-end failures cannot be
signaled with Ethernet-based functions that operate end to end through the service
provider cloud. In this example, the multilink trunk (between enterprise switches
S1 and S2) extends through the service provider (SP) network.
314725-E Rev 00
Figure 20 Problem description (1 of 2)
As shown in Figure 21, if the L2 link on S1 (S1/L2) fails, the link-down failure is
not propagated over the SP network to S2. Thus S2 continues to send traffic over
the failed S2/L2 link.
Figure 21 Problem description (2 of 2)
Note that LACP, as defined by IEEE, is a protocol that exists between two bridge
endpoints; therefore the LACP PDUs are terminated at the next SP interface.

Using VLACP, far-end failures can be detected, which allows MLT to properly
failover when end to end connectivity is not guaranteed for certain links in an
aggregation group. VLACP prevents the failure scenario shown in Figure 21 on
page 103.
When used in conjunction with SMLT, VLACP allows you to switch traffic
around entire network devices before Layer 3 protocols detect a network failure,
thus minimizing network outages.
The Ethernet Routing Switch 8600 Software Release 4.1 uses the following
VLACP timers, which have the parameters indicated:
• fast periodic timer—10 to 20 000 ms; default 200 ms

• slow periodic timer—10 000 to 30 000 ms; default 30 000 ms
VLACP timers and sub-100 ms core convergence
Ethernet Routing Switch 8600 Software Release 4.1 can attain sub-100
millisecond (ms) failover time. The VLACP fast periodic timer is reduced to a
minimum value of 10 ms to enable sub-100 ms convergence. Sub-100 ms
convergence guarantees ultra fast convergence for critical business and
multimedia applications.
To attain sub-100 ms core convergence, each switch must use the Enterprise
enhanced CPU daughter card 8692SF (also called SuperMezz). This feature is
only supported between core Ethernet Routing Switch 8600s. For more
information about SuperMezz, see the document Installing Ethernet Routing
Switch 8600 Modules.
314725-E Rev 00
Figure 22 on page 106 depicts four core Ethernet Routing Switch 8600s equipped
with SuperMezz modules exchanging fast periodic timer messages to acheive
sub-100 ms convergence. Table 10 compares the timer ranges (in milliseconds)
used in VLACP and LACP for Release 3.7 and 4.1.
Table 10 Ethernet Routing Switch 8600 LACP and VLACP timer comparison
Release 4.1 without Release 4.1 with

Release 3.7
SuperMezz SuperMezz
LACP
Fast periodic timer range (ms) 200 to 20 000 200 to 20 000 200 to 20 000
Default 1000 Default 1000 Default 1000
Slow periodic timer range (ms) 10 000 to 30 000 10 000 to 30 000 10 000 to 30 000
Default 30 000 Default 30 000 Default 30 000
Aggregation wait timer range (ms) 200 to 2000 200 to 2000 200 to 2000
VLACP
Fast periodic timer range (ms) 200 to 20 000 200 to 20 000 10 to 20 000 (NEW)
Slow periodic timer range (ms) 10 000 to 30 000 10 000 to 30 000 10 000 to 30 000
Default 30 000 Default 30 000 Default 30 000

Figure 22 Sub-100 ms convergence between SuperMezz modules
Split MultiLink Trunking (SMLT)
Note: Routed SMLT, or RSMLT, is a Layer 3 protocol whereas SMLT is

a Layer 2 protocol. SMLT is described in this document, and RSMLT is
described in the document Configuring IP Routing Operations.
This section describes the Split MultiLink Trunking (SMLT) feature and includes
the following topics. For help with common terms and acronyms used with SMLT,
refer to the “Glossary” on page 573.
• “Overview”
• “Advantages of SMLT” on page 107
• “How does SMLT work?” on page 111
• “SMLT-on-Single-CPU feature” on page 118
• “Single Port SMLT” on page 119
314725-E Rev 00
• “Using MLT-based SMLT with Single Port SMLT” on page 125

• “SMLT network design considerations” on page 127
Overview
Link aggregation technologies are popular for improving link bandwidth

efficiency and preventing link failures. IEEE 802.3ad is the standardized link
aggregation protocol, although various vendors have developed their own
proprietary implementations. IEEE 802.3ad is defined for point-to-point
applications, however; it was not designed to recover around a nodal failure.
Split MultiLink Trunking (SMLT) is an extension to IEEE 802.3ad that improves

Layer 2 and Layer 3 resiliency by providing nodal protection, in addition to link
failure protection, and flexible bandwidth scaling. SMLT achieves this by
allowing edge switches using IEEE 802.3ad to dual-home to two SMLT
aggregation switches. SMLT is transparent to attached devices supporting IEEE
802.3ad.
Because SMLT inherently avoids loops due to its superior enhanced link
aggregation protocol, SMLT networks do not need to use the IEEE 802.1d
Spanning Tree Protocol to enable loop-free triangle topologies. This is
accomplished by implementing a method that allows two aggregation switches to
appear as a single device to edge switches, which are dual-homed to the
aggregation switches. The aggregation switches are interconnected using an
interswitch trunk, which allows them to exchange addressing and state
information (permitting rapid fault detection and forwarding path modification).
Although SMLT is primarily designed for Layer 2, it also provides benefits for
Layer 3 networks as well.
Note: Layer 2 edge switches must support some form of link aggregation
(such as MLT) to allow communications with an SMLT aggregation
switch.
Advantages of SMLT
SMLT improves the reliability of Layer 2 networks that operate between user
access switches and the network center aggregation switch by providing:
• Load sharing among all links

• Fast failover in case of link failures

• Elimination of single point of failure
• Fast recovery, in case of nodal failure
• Transparent and interoperable solutions
• Removes STP convergence issues
These advantages are described in more detail in the sections that follow.
Note: R modules support SMLT over 10 Gigabit Ethernet. This is

available only on the 8683XLR/XZR modules.
Single point of failure elimination
SMLT helps eliminate all single points of failure and creates multiple paths from
all user access switches to the core of the network. In case of failure, SMLT
recovers as quickly as possible so that no capacity is unused. SMLT provides a
transparent and interoperable solution that requires no modification on the part of
the majority of existing user access devices.
SMLT compared to Spanning Tree Protocol
Networks that are designed to have user access switches dual-homed to two
aggregation switches, and have VLANs spanning two or more user access
switches, experience the following design constraints:
• Spanning tree must be used to detect loops

• No load sharing exists over redundant links
• Network convergence is slow in case of failure
314725-E Rev 00
Figure 23 shows a typical aggregator switch configuration that is dependent upon

STP for loop detection.
Figure 23 Resilient networks with Spanning Tree Protocol
As shown in Figure 24 on page 110, with the introduction of SMLT, all

dual-homed Layer 2 frame-switched network devices are no longer dependent
upon Spanning Tree Protocol for loop detection, because a properly designed
SMLT network inherently does not have any logical loops.
Similarly, Layer 3 networks can benefit from SMLT as well.

Figure 24 Resilient networks with SMLT
SMLT solves the spanning tree problem by combining two aggregation switches
into one logical MLT entity, thus making it transparent to any type of edge switch.
In the process, it provides quick convergence, while load sharing across all
available trunks.
314725-E Rev 00
How does SMLT work?

Figure 25 illustrates an SMLT configuration with a pair of Ethernet Routing
Switch 8600 devices (E and F) as aggregation switches. Also included are four
separate user access switches (A, B, C, and D). Refer to the following sections for
a description of the components shown in this SMLT example.
• “Interswitch trunking”
• “CP Limit and SMLT interswitch trunking” on page 112
• “Other SMLT aggregation switch connections” on page 114
Figure 25 Ethernet Routing Switch 8600 as SMLT aggregation switches
Interswitch trunking
SMLT aggregation switches must be connected through an interswitch trunk. For

example, user access switches B and C are connected to the aggregation switches
via multilink trunks split between the two aggregation switches. As shown in
Figure 25, the implementation of SMLT only requires two SMLT-capable
aggregation switches. These switches must be connected through an interswitch
trunk.

Aggregation switches use the interswitch trunk to:
• Confirm that they are alive and exchange MAC address forwarding tables.
• Send traffic between single switches attached to the aggregation switches.
• Serve as a backup if one SMLT link fails.
Because the interswitch trunk is required for SMLT, for proper operation Nortel
recommends that you use multiple links on the interswitch trunk to ensure
reliability and high availability. Nortel recommends using Gigabit Ethernet links
for interswitch trunk connectivity to provide enough bandwidth for potential cross
traffic.
Note: Asynchronous Transfer Mode (ATM) and Packet over SONET

(PoS) links are not supported for use as interswitch trunk links.
CP Limit and SMLT interswitch trunking
Control packet rate limit (CP Limit) is a feature that controls the amount of
multicast and broadcast traffic that can be sent to the CPU from a physical port. It
protects the CPU from being flooded by traffic from a single, unstable port. The
CP-Limit default settings are:
• default state = enabled

• default multicast packets-per-second (pps) value = 15 000
• default broadcast pps value = 10 000
Note: When you configure SMLT links, Nortel recommends setting the
multicast packets-per-second value to 6000 pps.
Note that for SMLT ports, CP Limit is enabled by default. Packets that are
destined for the control plane (that is, packets that have a QoS level of 7 such as
BPDU, OSPF hello) trigger this feature. When the threshold is reached, CP Limit
disables the port from which the offending traffic is received.
314725-E Rev 00
You can enable CP Limit for all ports so that the Ethernet Routing Switch 8600
can disable any port that receives excess control traffic. SMLT is an exception
because of the importance of the interswitch trunk. Nortel recommends that you
disable the CP Limit feature on all interswitch trunk ports so that these ports are
not disabled, which can compromise the stability of SMLT.
Do not confuse CP Limit with port rate limiting. Port rate limiting and CP Limit
serve different purposes. Port level rate limiting, if enabled, limits all packets with
broadcast and multicast addresses to control the amount of user traffic. CP Limit
is a protection mechanism for the control plane that only counts packets that are
destined for the control plane, or packets that are processed by the CPU with a
QoS=7.
The CPU can count packets which are not counted by the CP Limit feature. Such
packet types can include auto-topology or NetBIOS. The QoS level ensures that
control plane traffic (with QoS=7) is processed first in the case of congestion in
the CPU buffer.
If the actual packets-per-second rate sent from a port exceeds the defined rate,
then the port is administratively shut down to protect the CPU from continued
bombardment. Disabling interswitch trunk ports in this way can impair network
traffic flow, as this is a critical port for SMLT configurations.
Note: Nortel recommends that an interswitch multilink trunk contain at

least two physical ports. Nortel also recommends that you disable
CP-Limit on all physical ports that are members of an interswitch trunk
multilink trunk.
Disabling CP Limit on interswitch trunk multilink trunk ports forces another,

less-critical port to be disabled if the defined CP Limits are exceeded. In doing so,
you preserve network stability if a protection condition (CP Limit) arises. Note
that, although it is likely that one of the multilink trunk ports (risers) will be
disabled in such a condition, traffic continues to flow uninterrupted through the
remaining SMLT ports.
Note: CP Limit can only be configured through the CLI.

The command syntax to enable or disable CP Limit is:
config ethernet <slot/port> cp-limit <enable|disable>
The Ethernet Routing Switch 8600 also supports the Extended CP Limit feature.
For more information about Extended CP Limit, see Configuring Network
Management.
Other SMLT aggregation switch connections

The example shown in Figure 25 on page 111 includes end stations which connect
to each of the switches. In this example, a, b1, b2, c1, c2, and d are clients and
printers, while e and f are servers or routers.
User access switches B and C can use any method to determine which link of their
multilink trunk connections to use to forward a packet, as long as the same link is
used for a given source/destination address (SA/DA) pair. This is true regardless
of whether the DA is known by B or C. SMLT aggregation switches always send
traffic directly to a user access switch, and only use the interswitch trunk for
traffic that they cannot forward in another, more direct way.
The examples that follow explain the process in more detail.
• “Example 1: Traffic flow from a to b1 or b2”

• “Example 2: Traffic flow from b1/b2 to c1/c2” on page 115
• “Example 3: Traffic flow from a to d” on page 115
• “Example 4: Traffic flow from f to c1/c2” on page 115
Example 1: Traffic flow from a to b1 or b2
Assuming a and b1/b2 are communicating through Layer 2, traffic flows from A
to switch E and is forwarded over its direct link to B. Traffic coming from b1 or b2
to a is sent by B on one of its multilink trunk ports.
B can send traffic from b1 to a on the link to switch E, and traffic from b2 to a on
the link to F. In the case of traffic from b1, switch E forwards the traffic directly to
switch A, while traffic from b2, which arrived at F, is forwarded across the
interswitch trunk to E and then on to A.
314725-E Rev 00
Example 2: Traffic flow from b1/b2 to c1/c2

Traffic from b1/b2 to c1/c2 is always sent by switch B through its multilink trunk
to the core. No matter which switch (E or F) it arrives at, it will be sent directly to
C through the local link.
Example 3: Traffic flow from a to d

Traffic from a to d (and d to a) is forwarded across the interswitch trunk because it
is the shortest path. This is treated as a standard link; SMLT and interswitch trunk
parameters are not considered.
Example 4: Traffic flow from f to c1/c2

Traffic from f to c1/c2 is sent out directly from F. Return traffic from c1/c2 allows
you to have one active VRRP Master per IP subnet. It is passed across the
interswitch trunk if switch C sends it to E.
Traffic flow in an SMLT environment
Traffic flow in an SMLT environment follows these rules:
• If a packet is received from an interswitch trunk port, it is not forwarded to

any active SMLT groups. This is key in preventing network loops.
• When a packet is received, a look-up is performed on the forwarding
database. If an entry exists, and if the entry was learned locally from the split
multilink trunk or through the interswitch trunk as a remote split multilink
trunk, it is forwarded out the local port (the packet should not be sent to the
interswitch trunk for forwarding unless there is no local connection).
Unknown and Broadcast packets are flooded out all ports that are members of
this VLAN.
• For loadsharing purposes in an SMLT scenario, the Ethernet Routing Switch
8600 obeys the MLT traffic distribution algorithm. See “MLT traffic
distribution algorithm” on page 80 for more details about the algorithms.

Traffic flow example
In an SMLT environment, the two aggregation switches share the same

forwarding database by exchanging forwarding entries using the IST. In Figure 26
on page 117, the forwarding databases are shown for a pair of IST nodes (B and
C). Note that the entry for 00:E0:7B:B3:04:00 is shown on node C as being
learned on MLT-1, but because SMLT REMOTE is true, this entry was actually
learned from node B. On B, that same entry is shown as being directly learned
through MLT-1 because SMLT REMOTE is false. Figure 27 on page 118 shows
the network topology.
When a packet arrives at node C destined for 00:E0:7B:B3:04:00, if the SMLT

REMOTE status is true, then the switch tries to send the packet out MLT-1 first,
rather than through the interswitch trunk. Traffic rarely traverses the interswitch
trunk unless there is a failure. If this same packet arrives at B, then it will be
forwarded to MLT-1 on the local ports.
314725-E Rev 00
Figure 26 Output of the command show vlan info fdb-e 10
Response from B:
ERS-8610:5# show vlan info fdb-e 10

=========================================================================
Vlan Fdb
=========================================================================
VLAN MAC QOS SMLT
ID STATUS ADDRESS INTERFACE MONITOR LEVEL REMOTE
-------------------------------------------------------------------------
10 self 00:00:5e:00:01:01 - false 1 false
10 learned 00:80:2d:ba:d6:01 MLT-5 false 1 true
10 self 00:80:2d:be:22:01 - false 1 false
10 learned 00:e0:7b:b3:04:00 MLT-1 false 1 false
10 learned 00:e0:7b:b3:04:10 MLT-1 false 1 true
Response from C:
=========================================================================
Vlan Fdb
=========================================================================
VLAN MAC QOS SMLT
-------------------------------------------------------------------------
10 self 00:00:5e:00:01:01 - false 1 false
10 self 00:80:2d:ba:d6:01 - false 1 false
10 learned 00:80:2d:be:22:01 MLT-5 false 1 true
10 learned 00:e0:7b:b3:04:00 MLT-1 false 1 true
10 learned 00:e0:7b:b3:04:10 MLT-1 false 1 false

Figure 27 Network topology for traffic flow example
SMLT-on-Single-CPU feature
Beginning with Ethernet Routing Switch 8600 Software Release 3.5 and
continuing through the latest hardware revisions, an enhancement was added to
improve SMLT failover behaviors for single CPU/SF configurations.
Prior to this release, Nortel required that two switch fabric modules be installed in
a chassis running SMLT. This was a requirement because SMLT clients did not
reroute traffic around SMLT aggregation switches with a single failed CPU. Thus,
packet loss can occur in this rare failure case.
The SMLT-on-Single-CPU feature establishes a polling mechanism between the

CPU and the interface modules. Because single CPU/SF configurations do not
benefit from standard CPU/SF redundancy, in the rare event that a CPU failure
occurs on the aggregation switch, this enhancement forces the interface modules
offline and allows network redundancy configurations to activate more quickly.
You can configure this feature using the CLI. For instructions, see “Configuring
SMLT-on-Single-CPU” on page 462.
314725-E Rev 00
This feature is applicable to all I/O modules capable of supporting the new Single
CPU/Switch Fabric reliability enhancement. By default, the
SMLT-on-Single-CPU feature is disabled.
The SMLT-on-Single-CPU feature can also be implemented on dual SSF/CPU

chassis, and is independent of SMLT design. In dual SSF/CPU systems, Nortel
recommends that you consider enabling this feature. Its use provides for faster
High-Availability-like failover for dual SSF/CPU systems in terms of proper link
status. This feature is fully supported on R modules; R modules always operate in
this mode independent of configuration settings. R modules have been designed
for faster failover without software control.
Note that not all versions of classic (legacy) modules can support this feature. If
non-supported modules are in a chassis which has this feature enabled, those
modules will not be initialized and an error message will be logged to the log file.
For information on module version support consult your Nortel representative.
For example, the 8608SX/8608SXE modules are one example of non-supported
module types.
Single Port SMLT
Single Port SMLT lets you configure a split multilink trunk using a single port.
The Single Port SMLT behaves like an MLT-based SMLT, and can coexist with
SMLTs in the same system. Single Port SMLT lets you scale the number of split
multilink trunks on a switch to the maximum number of available ports.
Split multilink trunk links can exist in the following combinations on the
SMLT-aggregation switch pair:
• MLT-based SMLT + MLT-based SMLT

• MLT-based SMLT + single link SMLT
• single link SMLT + single link SMLT
Rules for configuring Single Port SMLT include:
• The dual-homed device that connects to the aggregation switches must

support MLT.

• Single Port SMLT is supported on Ethernet, PoS, and ATM ports.
Note: Single Port SMLT is not supported on the 8681 module 10 Gigabit
Ethernet ports with Software Release 3.5.
• Each Single Port SMLT is assigned an SMLT ID from 1 to 512.

• Single Port SMLT ports can be designated as Access or Trunk (that is, IEEE
802.1Q tagged or not); changing the type does not affect their behavior.
• You cannot change a single port split multilink trunk to an MLT-based SMLT
by adding more ports. You must delete the single port split multilink trunk,
and then reconfigure the port as SMLT/MLT.
• You cannot change an MLT-based split multilink trunk into a single port split
multilink trunk by deleting all ports but one. You must first remove the SMLT/
MLT, then reconfigure the port as Single Port SMLT.
• A port cannot be configured as a MLT-based split multilink trunk and as a
single port split multilink trunk at the same time.
• Two or more aggregation switches can have single port split multilink trunks
with the same IDs. You can have as many single port split multilink trunks as
there are available ports on the switch.
• LACP is supported on single port split multilink trunks.
Split multilink trunk topologies
There are four generic topologies in which SMLT can be deployed. The user can
choose either a Single Port SMLT configuration, a triangle configuration, a square
configuration, or a full mesh configuration, depending on the resiliency and
redundancy required.
314725-E Rev 00
Single Port SMLT topology
Sometimes you need to exceed the Ethernet Routing Switch 8600 multilink trunk
Group ID limit for server farm applications. In this case, you can use Single Port
SMLT (see Figure 28). This topology allows scaling up to the maximum number
of ports on a switch. Any Layer 2 switch capable of link aggregation can be used
as the client in this case.
Figure 28 Single Port SMLT topology

SMLT triangle topology
The most often used configuration, the triangle configuration, connects multiple
access switches to a pair of Ethernet Routing Switch 8600 devices. In many cases,
dual-NIC servers capable of link aggregation are connected directly to the
Ethernet Routing Switch 8600 devices in a similar fashion. Figure 29 depicts
Extranet Switches (ES) as the SMLT Clients. In real-world applications, any
Layer 2 device capable of link aggregation can become the SMLT client.
Figure 29 SMLT triangle topology
314725-E Rev 00
SMLT square topology
Often used in an enterprise core, the square SMLT configuration provides network
resiliency. Figure 30 shows this topology.
Figure 30 SMLT square topology

SMLT full mesh topology
For maximum reliability and resiliency, all SMLT nodes can be fully meshed. This
may not be an economical solution for many cases, but if traffic loss cannot be
tolerated, this design can route traffic around any failure. Figure 31 shows the full
mesh topology.
Figure 31 SMLT full mesh topology
314725-E Rev 00
Using MLT-based SMLT with Single Port SMLT
You can configure a split multilink trunk with a single port split multilink trunk on
one side and an MLT-based split multilink trunk on the other. Both must have the
same SMLT ID. In addition to general use, Figure 32 shows how this
configuration can be used for upgrading an MLT-based split multilink trunk to a
single port split multilink trunk without taking down the split trunk.
Figure 32 Changing a split trunk from MLT-based SMLT to Single Port SMLT
Switch A Switch B Switch A Switch B
IST IST
MLT-based MLT-based MLT-based

SMLT ID 10 SMLT ID 10 SMLT ID 10
1 Switches A and B are configured with 2 Delete MLT-based SMLT 10 on switch B. All
MLT-based SMLT. traffic switches over SMLT 10 on switch A.
Switch A Switch B Switch A Switch B
IST IST
MLT-based Single port Single port

SMLT ID 10 SMLT ID 10 SMLT ID 10
3 Configure single port SMLT ID 10 on switch B. 4 Delete MLT-based SMLT 10 on switch A. All
Traffic switches over both sides of split trunk. traffic switches over single port SMLT 10 on
switch B.
Switch A Switch B
IST
Single port Single port

SMLT ID 10 SMLT ID 10
5 Configure single port SMLT 10 on switch A. Traffic

switches over both sides of split trunk.
11099EA
To configure Single Port SMLT using Device Manager, see “Configuring a single
port split multilink trunk” on page 286.

To configure Single Port SMLT using the CLI, see “Creating a single port split
multilink trunk” on page 460.
Interaction between SMLT and LACP
The Ethernet Routing Switch 8600 fully supports the IEEE 802.3ad Link
Aggregation Control Protocol (LACP); this is supported not only on multilink
trunks, but also on a pair of SMLT switches.
With this protocol, the Ethernet Routing Switch 8600 provides a standardized
external link aggregation interface to third-party vendor IEEE 802.3ad
implementations. This protocol extension provides dynamic link aggregation
mechanisms. Advantages of this protocol extension include:
• MLT peers and SMLT client devices can be network switches, and can also be
any type of server/workstation that supports link bundling through IEEE
802.3ad.
• Single-link and multilink trunk solutions support dual-homed connectivity for
more than 350 attached devices, so that you can build dual-homed server farm
solutions.
• Nortel tightly coupled the IEEE link aggregation standard with the SMLT
solution to provide seamless configuration integration, while also detecting
failure scenarios during network setup or operations.
Supported scenarios
SMLT/IEEE link aggregation interaction supports all known SMLT scenarios in

which an IEEE 802.3ad SMLT pair can be connected to SMLT clients, or in which
two IEEE 802.3ad SMLT pairs can be connected to each other in a square or full
mesh topology.
Non-supported scenarios
Some factors leading to failure are:
• Wrong ports connected
314725-E Rev 00
• Mismatched SMLT IDs assigned to SMLT client: SMLT switches can detect
if SMLT IDs are not consistent. The SMLT aggregation switch, which has the
lower IP address, does not allow the SMLT port to become a member of the
aggregation, thus avoiding misconfigurations.
• SMLT client switch does not have automatic aggregation enabled (LACP
disabled): SMLT aggregation switches can detect that aggregation is not
enabled on the SMLT client, thus no automatic link aggregation is established
until the configuration is resolved.
• Single CPU failures: In the case of a CPU failure in a system with only one
switch fabric, the LACP on the other switch (or switches) detects the remote
failure and triggers all links connected to the failed system to be removed
from the link aggregation group. This process allows failure recovery for the
network along a different network path.
Note: Only dual-homed devices will benefit from this enhancement.
SMLT network design considerations
If you use LACP in a square SMLT topology, LACP must have the same keys for
that SMLT LAG; otherwise, the aggregation can fail if a switch failure occurs.
Use the following procedure when designing and configuring a SMLT network
(for more information, see Network Design Guidelines).
1 Define a separate VLAN for the IST protocol:

config mlt 1 ist create ip <value> vlan-id <value>
2 Disable CP-Limit on the IST ports:
config ethernet <slot|port> cp-limit disable
3 Keep CP-Limit enabled on the split multilink trunk ports and change
multicast-limit value to 6000:
config ethernet <slot|port> cp-limit enable multicast-limit
6000
4 Disable loop detect on split multilink trunk ports:
config ethernet <slot|port> loop-detect disable

5 Enable tagging on split multilink trunk links:

config ethernet <slot/port> perform-tagging enable
6 Enable dropping of untagged frames on split multilink trunk links:
config ethernet <slot/port> untagged-frames-discard enable
SMLT and SLPP
Do not enable Simple Loop Prevention Protocol (SLPP) on all the ports of a
square, partial, or full mesh split multilink trunk core. SLPP can be enabled on
other non-SMLT ports of the core. For more information about SLPP, see “Simple
Loop Prevention Protocol” on page 130.
SMLT and IP routing

This section describes SMLT and IP routing interactions and includes the
following topics:
• “SMLT and Virtual Router Redundancy Protocol”
• “VRRP BackupMaster” on page 129
• “Routed SMLT (RSMLT)” on page 130
SMLT and Virtual Router Redundancy Protocol
Using VRRP, you can have one active primary router per IP subnet, with all other
network VRRP interfaces operating in backup mode.
VRRP, when used with SMLT, becomes less efficient. Users that access switches
aggregated into two Split-MLT switches send their shared traffic load (based on
source and destination MAC or IP addresses) on all uplinks towards the SMLT
aggregation switches.
VRRP, however, has only one active routing interface enabled. All other interfaces
are in backup (standby) mode. In this case, all traffic is forwarded over the IST
link towards the primary VRRP switch. Potentially, all traffic that arrives at the
VRRP backup interface is forwarded, so there is not enough bandwidth on the IST
link to carry all the aggregated riser traffic. However, an enhancement to VRRP
overcomes this issue by ensuring that the IST trunk is not used in such a case for
primary data forwarding.
314725-E Rev 00
VRRP BackupMaster
If enabled, the VRRP BackupMaster acts as an IP router for packets destined for
the logical VRRP IP address. Thus, all traffic is directly routed to the subnetwork
it is destined for, and not Layer 2 switched to the VRRP master. This eliminates a
potential limitation in the available interswitch trunk bandwidth.
Note: To avoid potential frame duplication problems, the VRRP

BackupMaster feature for SMLT can only be used on interfaces that are
defined for SMLT. It cannot be used in conjunction with hubs to avoid
frame duplication. Also, it cannot be used on brouter or VLAN interfaces.
When using SMLT with routing on SMLT aggregation switches, Nortel

recommends that you use VRRP for default gateway redundancy. In a VRRP
environment, usually one switch is active and the other is backup. For SMLT, an
active-active concept can be used by enabling VRRP BackupMaster. The VRRP
BackupMaster router will route traffic that is received on the SMLT VLAN, thus
avoiding traffic flow across the interswitch trunk. This provides true load sharing
abilities.
The BackupMaster feature provides an additional benefit. Under normal VRRP

operation, a hello packet is sent every second. When three hellos are not received,
all switches automatically revert to master mode. This results in a 3 second
outage. When you are using VRRP in an SMLT environment, and a link goes
down, traffic is automatically forwarded to the remaining ports configured for
SMLT VRRP BackupMaster. Because both switches are processing traffic, the
node immediately recognizes the VRRP state change, so there is faster failure
recovery (less than 1 second).
The following sections describe a few guidelines to follow when using VRRP
BackupMaster with SMLT:
• The VRRP virtual IP address and the VLAN IP address cannot be the same.
• Configure the hold-down timer for VRRP to a value that is approximately 150
percent of the IGP (Interior Gateway Protocol, such as RIP or OSPF)
convergence time to allow the IGP enough time to reconverge following a
failure. That is, if OSPF takes 40 seconds to reconverge, set the holddown
timer to 60 seconds.

• Stagger the hold-down timers with ARP requests. This means that the
Ethernet Routing Switch 8600 will not have to run ARP at the same time,
causing excess CPU load. For example, if one node has the hold-down timer
set for 60 seconds, you can set the other to 65 seconds.
• Enable hold-down times on both VRRP sides (Master and BackupMaster).
Routed SMLT (RSMLT)
SMLT subsecond failover benefits are only supported in Layer 2 networks. When
routing is involved, depending on the specific routing protocol, this convergence
time can cause network interruptions ranging from seconds to minutes.
The Nortel RSMLT feature extends the subsecond failover benefit to core
topologies by providing an active-active router concept to core SMLT networks.
Supported scenarios are split multilink trunk triangle, square, and full mesh
topologies, with routing enabled on the core VLANs.
Routing protocols can be any of the following protocol types: IP Unicast Static
Routes, RIP1, RIP2, OSPF, BGP and IPX RIP.
In the case of core router failures, RSMLT provides packet forwarding, thus
eliminating dropped packets during the routing protocol convergence.
For detailed information about RSMLT, see Configuring IP Routing Operations.
Simple Loop Prevention Protocol

Simple Loop Prevention Protocol (SLPP) is used at the edge of a network to
prevent loops in a SMLT network if Spanning Tree is not used. SLPP is focused
on SMLT networks; however, it also works with other configurations. Logical
loops can occur in SMLT networks because of the following:
• misconfigurations (for example, when SMLT client devices are erroneously

directly connected together)
• MLT is not operating correctly (for example, when a switch is connected to
the network using the default configuration without any MLT settings)
314725-E Rev 00
• problems with the edge switch (for example, when MLT or some other form
of link aggregation is not working)
You can detect loops with SLPP. You can also use the Ethernet Routing Switch
8600 Loop Detection feature (see “Configuring VLAN Loop Detection” on
page 173).
Loop detection is achieved by detecting if a SLPP test packet—called a

SLPP-packet data unit (SLPP-PDU)— is received on a peering split multilink
trunk switch port or on the same switch from which it originated. If the packet is
received by the originating switch, or by a peer aggregation switch on the same
VLAN, the port is disabled.
When you configure and enable SLPP, the switch control processor (CP) sends a
SLPP-PDU to the VLAN. If there is a loop on the VLAN, the SLPP-PDU
eventually returns to the originating port and is received by the CP. The CP
disables that port, and a message appears on the console to describe the reason.
After a port is disabled, it remains disabled, and manual intervention is required to
reenable the port. The port auto-enable feature can be used to reenable the port
after a predefined interval.
Figure 33 on page 131 shows the fields of an SLPP-PDU. The destination address
(DA) is the switch MAC address with the multicast bit set; the source address
(SA) is the switch MAC address; the protocol ID (PID) default is 0x8104 and is
user configurable; and the payload contains three fields: (1) SLPP protocol
version (one byte), (2) reserved (one byte), (3) VLAN ID (two bytes).
Figure 33 SLPP frame
There are several factors to keep in mind when you use SLPP:
• SLPP-BPUs are forwarded on a per VLAN basis.

• SLPP-PDU reception and processing only operates on a port if SLPP-Rx is
enabled on that port.
• SLPP-PDUs are automatically forwarded on all ports of the VLANs that are
configured for SLPP.

• The SLPP-PDU destination MAC address is the switch MAC address (with
the multicast bit set) while the source MAC address is the switch MAC
address.
• The SLPP-PDU is sent out as a multicast packet and is constrained to the
VLAN on which it is sent.
• The SLPP-PDU payload contains the VLAN ID; a separate SLPP-PDU is sent
for each VLAN.
• The SLPP-PDU packet transmission interval default is 500 milliseconds and
is configurable from 500 to 5000 milliseconds.
• When a SLPP-PDU is received on a port that is a member of a multilink trunk,
all port members in that multilink trunk are disabled if SLPP-Rx is enabled on
all port members. If all port members do not have SLPP-Rx enabled, only
those that have SLPP-Rx enabled are disabled.
• The SLPP-PDU can be received by the originating CP or the peer SMLT CP.
All other switches treat the SLPP-PDU as a normal multicast packet, ignore it,
and forward it to the VLAN.
• SLPP-PDU transmission and reception only operates on ports for which STP
is in forwarding state (if STP is enabled on one switch in the path).
• You must enable SLPP packet receive on a per-port basis to detect a loop:
— SLPP packet reception should only be enabled on SMLT access ports. It
should never be enabled on SMLT IST ports, nor should it be enabled on
any SMLT square or full mesh core ports.
— By default, the SLPP packet receive threshold is set to 1 second. It is
configurable from 1 to 20 seconds.
— Vary the SLPP packet receive threshold between the two core SMLT
switches so that if a loop is detected, the access ports on both switches
does not go down, which avoids SMLT client isolation.
Note: SLPP is port-based, so a port will be disabled if it receives

SLPP-BDUs on one or more VLANs on a tagged port. For example, if
the SLPP packet receive threshold is set to five, a port is shut down if it
receives five SLPP-BDUs from one or more VLANs on a tagged port.
SLPP does not have any hardware requirements or dependencies.
Note: SLPP does not support jumbo frames on the Ethernet Routing
Switch 8600 v4.1
314725-E Rev 00
SLPP does not replace the functionality of Spanning Tree Protocol, but is a
supplement to help detect and prevent loops in the SMLT environment. Nortel
recommends that you use this feature in a SMLT environment only.
Note: The Ethernet Routing Switch 8600 Software Release 4.1 does not
support the use of SLPP in an LACP-SMLT environment.
For information about configuring SLPP with the CLI, see “Configuring Simple
Loop Prevention Protocol” on page 478. For information about configuring SLPP
with Device Manager, see “Configuring Simple Loop Prevention Protocol” on
page 290.

314725-E Rev 00
135
Chapter 2
Configuring VLANs using Device Manager
This chapter describes how to configure VLANs on an Ethernet Routing Switch

8600 with Device Manager.
This chapter includes the following topics:
Topic Page
Displaying defined VLANs 135

Configuring port-based VLANs 138
Configuring policy-based VLANs 145
Managing a VLAN 158
Managing VLAN bridging 177
Configuring Enhanced Operation mode 189
For conceptual information about VLANs, see“VLANs” on page 37.
Displaying defined VLANs

To display all defined VLANs, their configurations, and their current status:
➨ From the Device Manager menu bar, choose VLAN > VLANs.
The VLAN box appears with the Basic tab displayed, which shows all defined
VLANs (Figure 34).

136 Chapter 2 Configuring VLANs using Device Manager
Figure 34 VLAN—Basic tab
Table 11 describes the VLAN—Basic tab fields.
Table 11 VLAN—Basic tab fields
Field Description
Id VLAN ID for the VLAN.

Name Name of the VLAN.
IfIndex The logical interface index assigned to the VLAN.
Color Identifier A proprietary color scheme to associate a color with the VLAN.
Color does not affect how frames are forwarded.
Type Type of VLAN:
• byPort
• byIpSubnet
• byProtocolId
• bySrcMac
• bySvlan
314725-E Rev 00
Chapter 2 Configuring VLANs using Device Manager 137
Table 11 VLAN—Basic tab fields (continued)
Field Description
StgId The ID of the spanning tree group to which the VLAN belongs.
PortMembers The slot/port of each possible VLAN member.
ActiveMembers The slot/port of each active VLAN member, including all static
members and potential members meeting the policy.
StaticMembers Slot/port of each static (always) member of a protocol-based
VLAN.
NotAllowToJoin The slot/ports that are never allowed to become a member of the
protocol-based VLAN.
OspfPassiveMembers The slot/ports of each OSPF passive member.
ProtocolId Specify the network protocol for protocol-based VLANs. This
value is taken from the Assigned Numbers RFC.
• ip (IP version 4)
• ipx802dot3 (Novell IPX on Ethernet 802.3 frames)
• ipx802dot2 (Novell IPX on IEEE 802.2 frames)
• ipxSnap (Novell IPX on Ethernet SNAP frames)
• ipxEthernet2 (Novell IPX on Ethernet Type 2 frames)
• appleTalk (AppleTalk on Ethernet Type 2 and Ethernet SNAP
frames)
• decLat (DEC LAT protocol)
• decOther (Other DEC protocols)
• sna802dot2 (IBM SNA on IEEE 802.2 frames)
• snaEthernet2 (IBM SNA on Ethernet Type 2 frames)
• netBIOS (NetBIOS protocol)
• xns (Xerox XNS)
• vines (Banyan VINES)
• ipv6 (IP version 6)
• usrDefined (user-defined protocol)
• RARP (Reverse Address Resolution Protocol)
• PPPoE (Point-to-Point Protocol over Ethernet)
Note: if the VLAN type is port-based, None is displayed in the
Basic tab ProtocolId field.
SubnetAddr The source IP subnet address (IP subnet-based VLANs only).
SubnetMask The source IP subnet mask (IP subnet-based VLANs only).

Configuring port-based VLANs

A port-based VLAN is a VLAN in which the ports are explicitly configured to be
in the VLAN. For more information about port-based VLANs, see “Port-based
VLANs” on page 39.
This section describes how you can create and configure port-based VLANs using
the following procedures.
• “Creating a port-based VLAN”

• “Configuring an IP address for a VLAN” on page 142
• “Configuring a network address and encapsulation for a VLAN” on page 144
When creating a VLAN, keep in mind the rules described in “VLAN rules” on
page 54.
Creating a port-based VLAN
To create a port-based VLAN:
1 From the Device Manager menu bar, choose VLAN > VLANs.
The VLAN box appears with the Basic tab displayed, which shows all defined
VLANs (Figure 34 on page 136).
2 In the Basic tab, click Insert.

The VLAN, Insert Basic box appears (Figure 35 on page 139).
314725-E Rev 00
Figure 35 VLAN, Insert Basic box
3 In the Id box, enter an unused VLAN ID, or use the ID provided.

— (Optional) In Name, type the VLAN name, or use the name provided.

— (Optional) In Color Identifier, click the down arrow and choose a color
from the list, or use the color provided.
4 In the StgId box, type or select the spanning tree group ID of the VLAN.
5 In the Type box, select byPort.
6 In the PortMembers box, click the ellipsis (...).
The VlanPortMembers box appears (Figure 36).
Figure 36 VlanPortMembers
7 Click the ports that are always members. The ports that are selected are
recessed, while the non selected ports are not recessed. Port numbers that are
dimmed cannot be selected as VLAN port members. (For example, you
cannot select ports that do not have the same spanning tree group ID as that of
the new VLAN.)
8 Click OK.
The Port Membership box closes and the port members appear in the Insert
Basic box.
9 In the VLAN, Insert Basic box, click Insert.

The Insert box closes and the new VLAN is displayed in the Basic tab.
10 In the Basic tab, click Close.

The VLAN is configured and the VLAN box closes.
314725-E Rev 00
Table 12 describes the VLAN, Insert Basic fields.

.
Table 12 VLAN, Insert Basic fields
Field Description
Id A value that uniquely identifies the virtual LAN associated with

this entry. This value corresponds to the lower 12 bits in the
IEEE 802.1Q VLAN tag.
Name An assigned name for this VLAN.
Color Identifier An assigned color code for this VLAN. The value of this object
is used by the VLAN Manager GUI tool.
Stg Id Indicates the Spanning Tree Group (STG) used by this VLAN
to determine the state of its ports. If this VLAN is not
associated with an STG, set StgId to zero. This field is shown
only if the switch is in STG mode.
MstpInstance Indicates the MSTP instance for the VLAN. This field is shown
only if the switch is in MSTP mode.
Type The type of VLAN, distinguished according to the policy used
to define its port membership.
PortMembers The set of ports that are members (static or dynamic) of this
VLAN.
StaticMembers The set of ports that are static members of this VLAN. A static
member of a VLAN is always active and is never aged out.
NotAllowtoJoin The set of ports that are not allowed to become members of
this VLAN.
OspfPassiveMembers The set of ports in the VLAN that are designated as OSPF
passive
SubnetAddr The IP subnet address of this VLAN. This value is meaningful
only if Type is equal to byIpSubnet. For other VLAN types it
must have the value 0.0.0.0.
SubnetMask The IP subnet mask of this VLAN. This value is meaningful
only if Type is equal to byIpSubnet. For other VLAN types it
must have the value 0.0.0.0.
ProtocolId The protocol identifier of this VLAN. This value is meaningful
only if Type is equal to byProtocolId. For other VLAN types it
must have the value none.
UserDefinedPid When ProtocolId is set to usrDefined in a protocol-based
VLAN, this field represents the 16 bit user defined protocol
identifier.

Table 12 VLAN, Insert Basic fields
Field Description
Encap This is the encapsulation type for user defined protocol-based

VLANs. This is not meaningful for other types of VLANs. The
default value is null.
AgingTime The timeout period (in seconds) used for aging out FDB
entries of this VLAN.
QosLevel Used to specify the QoS level which packets, carried in this
VLAN, should be processed with.
FirewallVlanType The firewall VLAN type for port-based VLANs.
FirewallClusterId Firewall cluster ID.
Configuring an IP address for a VLAN
To configure an IP address for a VLAN:
The VLAN box appears with the Basic tab displayed (Figure 34 on page 136).
2 In the Basic tab, select the VLAN for which you are configuring an IP
address.
The VLAN is highlighted.
3 Click IP.
The IP, VLAN box for the selected VLAN appears with the IP Address tab
displayed (Figure 37).
Figure 37 IP, VLAN box
4 Click Insert.
314725-E Rev 00
The Insert IP Address box appears (Figure 38).
Figure 38 IP, VLAN, Insert IP Address box
5 Enter an IP address and net mask for routing purposes.

6 Click Insert.
The Insert IP box closes and the IP Address and Net Mask appear in the IP,
VLAN box.
7 In the IP, VLAN box and the VLAN box, click Close.
The IP subnet-based VLAN is configured.
Table 13 describes the IP, VLAN fields.
Table 13 IP, VLAN field descriptions
Field Description
Interface Identifies the interface to which this entry is applicable.

Ip Address The IP address to which addressing information pertains.
NetMask The subnet mask associated with the IP address of this entry. The
value of the mask is an IP address with all the network bits set to 1
and all the hosts bits set to 0.
BcastAddrFormat The IP broadcast address format used on this interface.
ReasmMaxSize The size of the largest IP packets which this entity can reassemble
from incoming IP fragmented packets received on this interface.
VlanId Identifies the virtual LAN associated with this entry. This value
corresponds to the lower 12 bits in the IEEE 802.1Q VLAN tag.
BrouterPort Indicates whether this entry corresponds to a brouter port (as
opposed to a routable VLAN). This value cannot be changed after
the row is created.

Configuring a network address and encapsulation for a

VLAN
To configure an IPX network address and select an encapsulation method:
2 In the Basic tab, select the VLAN for which you are configuring a network
address and encapsulation.
3 Click IPX.
The IPX, VLAN box for the selected VLAN appears with the Addresses tab
displayed (Figure 39).
Figure 39 IPX, VLAN—Addresses
4 Click Insert.
The IPX, VLAN, Insert Addresses box appears (Figure 40 on page 145).
314725-E Rev 00
Figure 40 IPX, VLAN—Insert Addresses
5 In the NetAddr box, enter a network address for routing.

6 In the Encap box, select an encapsulation method (Ethernet II, SNAP, LLC,
or RAW).
7 Click Insert.
The IPX, VLAN, Insert Addresses box closes and the network address and
encapsulation method appear in the IPX, VLAN box.
8 In both the IP, VLAN box and the VLAN box, click Close.
The network address and encapsulation method are configured for the VLAN.
Configuring policy-based VLANs

A policy-based VLAN consists of ports that are dynamically added to the VLAN
on the basis of the traffic coming into the port. Policy-based VLAN types include:
• Protocol-based
• User-defined protocol-based
• MAC address-based
• IP subnet-based
• sVLAN-based
For information about creating sVLAN-based VLANs, see “Creating an sVLAN”

on page 196.
This section describes how you can create and configure policy-based VLANs
using the following procedures.

• “Creating a source IP subnet-based VLAN” on page 146

• “Creating a protocol-based VLAN” on page 147
• “Configuring user-defined protocol-based VLANs” on page 150
• “Creating a source MAC address-based VLAN” on page 152
Creating a source IP subnet-based VLAN
To create a source IP subnet-based VLAN:
The VLAN box appears with the Basic tab displayed (see Figure 34 on
page 136).

The VLAN, Insert Basic box appears (see Figure 35 on page 139).
3 In the Type box, select byIpSubnet.
4 In the Id box, type the VLAN ID.
5 (Optional) In the Name box, type the VLAN name.
If no name is entered, a default name is created.
6 (Optional) In the Color Identifier box, select the color or use the color
provided.
This color is used by VLAN Manager to visually distinguish the VLANs in a
network.
7 In the StgId box, select the spanning tree group ID of the VLAN.
8 Specify port membership by clicking the ellipsis (...) for one of the following:
• PortMembers (use this for VLAN by IpSubnet, Protocolid, or SrcMac)
• StaticMembers
• NotAllowedToJoin
The VlanPortMembers box appears (Figure 41 on page 147).
314725-E Rev 00
9 Click each port to choose the desired color:

• Yellow—Potential members
• Green—Always members, static
• Red—Never members, not allowed to join
Note: In a source IP subnet-based VLAN, a potential member becomes

an active member of the VLAN when a frame is received from the
specified source IP address.
10 Click OK.
The Port Membership box closes, and the port members appears in the
VLAN, Insert Basic box.
11 In the SubnetAddr box, enter an IP address for the VLAN.

12 In the SubnetMask box, enter an IP subnet mask for the VLAN.
13 In the AgingTime box, enter the timeout period in seconds for aging out the
dynamic VLAN member ports, or use the 600 second default.
14 (Optional) In the QosLevel box, select a Quality of Service level (0 to 6).
15 Click Insert.
The VLAN, Insert Basic box closes, and the source IP subnet-based VLAN
appears in the Basic tab.
Creating a protocol-based VLAN
To create a protocol-based VLAN:

page 136).

3 In the Type box, select byProtocolId.
4 In the Id box, type the unique VLAN ID, or use the ID provided.
5 (Optional) In the Name box, type the VLAN name, or use the name provided.
6 (Optional) In the Color Identifier box, select the color, or use the color
provided.
network.
7 In the StgID box, select the spanning tree group ID of the VLAN.
8 To specify the VLAN port membership, click the ellipsis (...) for one of the
following fields.
• Port Members
• StaticMembers
The VlanPortMembers box appears (see Figure 45 on page 156).
9 In the VlanPortMembers box, click each port button to choose the desired
membership color.
• Yellow: Potential members—dynamic (potential members are treated as
always members).
• Green: Always members—static
• Red: Never members—not allowed to join
314725-E Rev 00
When you have two VLANs with potential members and you want to move ports
from one VLAN to the other, you must first change their port membership to
Never. Then you can assign the ports to the other VLAN.
Note: When a protocol-based VLAN is created, all ports in the

underlying STG are automatically added as potential members if they are
not already members of an existing protocol-based VLAN of the same
type.
Note: In a protocol-based VLAN for an Ethernet Routing Switch 8600

module, a potential member becomes an active member of the VLAN
when a frame of the specified protocol is received.
10 Click OK.
The VlanPortMembers box closes and the port members are added to the
Insert Basic box.
11 In the ProtocolId box, select a protocol ID.

To configure a non-standard protocol, see “Configuring user-defined
protocol-based VLANs” on page 150.
12 In the AgingTime box, specify the timeout period, in seconds, for aging out
the dynamic member ports of the VLAN, or use the default of 600 seconds.
13 In the QosLevel box, select a level.
14 Click Insert.
The VLAN, Insert Basic box closes, and the protocol-based VLAN is added
to the Basic tab of the VLAN box.
15 Click Close.

Configuring user-defined protocol-based VLANs
You can create user-defined protocol-based VLANs in support of networks with

non-standard protocols.
To create a user-defined protocol-based VLAN:
page 136).
2 On the Basic tab, click Insert.

3 In the Type box, select byProtocolId.
following fields.
• Port Members
• StaticMembers
The VlanPortMembers box appears (see Figure 45 on page 156).
5 In the VlanPortMembers box, click each port button to achieve the desired
membership color.
• Yellow: Potential members—dynamic.
• Green: Always members—static
• Red: Never members—not allowed to join
Note: In a user-defined protocol-based VLAN on an Ethernet Routing

Switch 8600 module, a potential member becomes an active member
when a frame from the specified protocol is received.
6 In the ProtocolId box, select usrDefined.

The UserDefinedPID field becomes editable and the Encap field becomes
active (Figure 42 on page 151).
314725-E Rev 00
Figure 42 VLAN, Insert Basic
7 In the UserDefinedPID box, enter the protocol ID for the protocol in the
format 0x (protocol type in hexadecimal).
In the Ethernet Routing Switch 8600 modules, the 16-bit PID assigned to a
protocol-based VLAN specifies either an Ethertype, a DSAP/SSAP, or a
SNAP PID, depending on whether the frame encapsulation is Ethernet 2,
802.2, or LLC-SNAP, respectively.
The following PIDs are not valid:
• PID0x0000 through 0x05dc: overlaps with the 802.3 frame length

• PIDs of predefined protocols (for example, IP, IPX, AppleTalk)
• PID 0x8100: reserved by 802.1Q to identify tagged frames

• PID0x9000: used by the diagnostic loopback frames

• PID0x8808: used by 802.3x pause frames
• PID0x4242: overlaps with the BPDU DSAP/SSAP
8 In the AgingTime box, specify the timeout period, in seconds, for aging out
9 In the QosLevel box, select a level.
10 Click Insert.
The VLAN, Insert Basic box closes, and the protocol-based VLAN is added
to the Basic tab of the VLAN box.
11 Click Close.
The non-standard protocol-based VLAN is configured.
Creating a source MAC address-based VLAN
Before creating a source MAC-based VLAN, you must first enable source MAC
address-based VLANs in the system.
• “Enabling source MAC address-based VLANs on the system” on page 152

• “Configuring a source MAC address-based VLAN” on page 154
• “Creating a source MAC address-based VLAN using batch files” on page 157
Enabling source MAC address-based VLANs on the system
To enable source MAC address-based VLANs on the system:
1 From the Device Manager menu bar, choose Edit > Chassis.
The Chassis box appears with the System tab displayed.
2 Click the System Flags tab.

The System Flags tab appears (see Figure 43 on page 153).
314725-E Rev 00
Figure 43 Chassis, System Flags tab
3 Clear the GlobalFilterEnable check box.

• Global filters are disabled when the GlobalFilterEnable check box is
cleared.

• Global filters are enabled when the GlobalFilterEnable check box is

selected.
4 Click Apply.
5 Select the VlanBySrcMacEnable check box.
• Source MAC-based VLANs are enabled when the GlobalFilterEnable
check box is selected.
6 Click Apply.
The Chassis box closes and source MAC address-based VLANs are enabled
on the system.
Configuring a source MAC address-based VLAN
Before configuring a source MAC address-based VLAN, you must first enable
source MAC address-based VLANs on the system (see “Enabling source MAC
address-based VLANs on the system” on page 152).
To configure a source MAC-address-based VLAN:
page 136).
2 Click Insert.
3 In the Type box, select bySrcMac.

The fields needed to set up source MAC-based VLANs become editable (see
Figure 44 on page 155).
314725-E Rev 00
Figure 44 VLAN, Insert Basic—bySrcMac
4 In the Id box, enter a unique VLAN ID.

5 (Optional) In the Name box, type the VLAN name, or use the one provided.
6 (Optional) In the Color Identifier box, select a color, or use the one provided.
network.
7 In the StgId box, click the down arrow, and select a spanning tree group ID
for the VLAN.
following fields:
• Port Members
• StaticMembers
The VlanPortMembers box appears (see Figure 45).
9 Click each port to choose the desired color.

• Yellow—Potential members, dynamic.
• Green—Always members, static
• Red—Never members, not allowed to join
10 Click Ok.
The VlanPortMembers box closes, and the selected port members appear in
the VLAN, Insert Basic box.
314725-E Rev 00
11 In the Aging Time box, specify the timeout period in seconds for aging out
12 (Optional) In the QosLevel box, select a Quality of Service level, or use the
default, level 1.
13 Click Insert.
The VLAN, Insert Basic box closes, and the VLAN appears on the Basic tab.
14 On the VLAN Basic tab, select the newly created VLAN.

15 Click Mac.
The MAC, VLAN box appears.
16 Click Insert.
The Insert MAC VLAN box appears.
17 In the MacAddr box, specify a source MAC address for the VLAN.
18 Click Insert.
The Insert MAC VLAN box closes and the MAC address appears in the
MAC, VLAN box.
19 Click Close.
The MAC, VLAN and VLAN boxes close, and the Source MAC
address-based VLAN is configured.
Note: In a source MAC-based VLAN, a potential member becomes an

active member of the VLAN when a frame with the specified source
MAC address is received.
Creating a source MAC address-based VLAN using batch files
Before configuring a source MAC address-based VLAN, you must first enable
source MAC address-based VLANs on the system (see “Enabling source MAC
address-based VLANs on the system” on page 152).

To create a source MAC address-based VLAN using batch files:
page 136).
2 In the VLAN Basic tab, select a source MAC address-based VLAN.

3 Click Mac.
The MAC, VLAN box appears.
4 Click File.
The Edit MAC VLAN box appears.
5 Do one of the following:

• To add a MAC address from a file, select Add From File and use the
selection box to browse for the file location.
• To save a MAC address to a file, select it, select Save to File, and use the
selection box to browse for a save location.
• To delete a MAC address, select it, and select Delete Members on
Device.
6 Click Close.
The Edit MAC box closes.
7 Click Close in the MAC VLAN, and VLAN boxes.

The source MAC address-based VLAN is configured.
Managing a VLAN
After you have configured a VLAN, you may wish to enable features to improve
VLAN performance. This section describes how to configure advanced VLAN
operations, such as forwarding, MAC address auto-learning, and Loop Detection.
314725-E Rev 00
• “Changing VLAN port membership”

• “Configuring advanced VLAN features” on page 160
• “Configuring VLAN forwarding” on page 163
• “Configuring a VLAN to accept tagged or untagged frames” on page 165
• “Configuring Untagging Default VLAN on a Tagged Port” on page 169
• “Configuring MAC address auto-learning on a VLAN” on page 170
• “Modifying auto-learned MAC addresses” on page 172
• “Configuring VLAN Loop Detection” on page 173
• “Configuring directed broadcast on a VLAN” on page 175
Note: After you create a VLAN, you cannot change the VLAN type.
You must first delete the VLAN, and then create a new VLAN of a
different type.
Changing VLAN port membership
To change VLAN port membership:
1 On the Device Manager menu bar, choose VLAN > VLANs.

The VLAN box appears with the Basic tag displayed (see Figure 34 on
page 136).
2 Double-click the PortMember number for the VLAN whose ports you want
to change.
The PortMembers box appears (Figure 46 on page 160).

Figure 46 PortMembers box
3 Click the port members you wish to add or remove.

4 Click Ok.
The Port Member box closes and the changes appear in the Basic tab.
5 Click Apply.
The VLAN’s port membership is changed and the VLAN box closes.
Configuring advanced VLAN features
The Advanced tab contains information which can be useful in troubleshooting—

VlanOperationAction can be especially useful.
page 136).
2 Click the Advanced tab.
The Advanced tab appears (Figure 47 on page 161).
3 Configure the parameters as required.
314725-E Rev 00
Figure 47 VLAN—Advanced tab
Table 14 describes the VLAN—Advanced tab fields.
Table 14 VLAN—Advanced tab fields
Field Description
Id The VLAN ID.

Name The name of the VLAN.
IfIndex The logical interface index assigned to the VLAN.
Type Type of VLAN:
• byPort
• byIpSubnet
• byProtocolId
• bySrcMac
• bySvlan
• byIds

Table 14 VLAN—Advanced tab fields (continued)
Field Description
ProtocolId Specify the network protocol for protocol-based VLANs. This value
is taken from the Assigned Numbers RFC.
• ip (IP version 4)
• ipx802dot3 (Novell IPX on Ethernet 802.3 frames)
• ipx802dot2 (Novell IPX on IEEE 802.2 frames)
• ipxSnap (Novell IPX on Ethernet SNAP frames)
• ipxEthernet2 (Novell IPX on Ethernet Type 2 frames)
• appleTalk (AppleTalk on Ethernet Type 2 and Ethernet SNAP
frames)
• decLat (DEC LAT protocol)
• decOther (Other DEC protocols)
• sna802dot2 (IBM SNA on IEEE 802.2 frames)
• snaEthernet2 (IBM SNA on Ethernet Type 2 frames)
• netBIOS (NetBIOS protocol)
• xns (Xerox XNS)
• vines (Banyan VINES)
• ipv6 (IP version 6)
• usrDefined (user-defined protocol)
• RARP (Reverse Address Resolution protocol)
• PPPoE (Point-to-point protocol over Ethernet)
Note: if the VLAN type is port-based, None is displayed in the
Basic tab ProtocolId field.
Encap Specifies the encapsulation method. Values are:
• Ethernet II
• SNAP
• LLC
• RAW
AgingTime The timeout period in seconds for aging out the dynamic member
ports of policy-based VLANs.
MacAddress The MAC address assigned to the virtual router interface for this
VLAN. This field is relevant only when the VLAN is configured for
routing. This MAC address is used as the Source MAC in routed
frames, ARP replies, or RIP and OSPF frames.
314725-E Rev 00
Table 14 VLAN—Advanced tab fields (continued)
Field Description
Vlan Operation One of the following VLAN-related actions:

Action • flushMacFdb—flush MAC forwarding table for VLAN
• flushArp—flush ARP table for VLAN
• flushIp—flush IP route table for VLAN
• flushDynMemb—flush dynamic VLAN port members
• all—flush all tables for VLAN
• flushSnoopMem—flush dynamically learned multicast group
membership
• triggerRipUpdate—set automatic triggered updates for RIP
• flushSnoopMRtr—flush learned multicast router ports
Result Result code for action.
UserDefinedPid Specifies the 16-bit user-defined network protocol identifier when
the ProtocolID field is set to usrDefined for a protocol-based VLAN
type.
UserPriority User-assigned priority level.
QosLevel User-assigned Quality of Service level.
FirewallVlanType The firewall VLAN type for port-based VLANs.
FirewallClusterId Firewall cluster ID.
Configuring VLAN forwarding
The VLAN Forwarding tab configures filtering for the VLAN.
page 136).
2 Click the Forwarding tab.
The Forwarding tab appears (Figure 48 on page 164).

Figure 48 VLAN—Forwarding tab
Table 15 describes the fields in the Forwarding tab, as well as those displayed by
clicking the Filter button.
Table 15 VLAN—Forwarding tab
Field Description
Address An address for which the filter has forwarding or filtering

information.
VlanId The ID of the VLAN.
Port The port number.
Monitor Select true or false to copy packets with a MAC address in the
source or destination field. Used with port mirroring.
QoSLevel User-assigned Quality of Service level.
SmltRemote Specifies whether you want to use split multilink trunking.
Status Values include:
• self—one of the bridge addresses
• learned—a learned entry that is being used
• mgmt—a static entry
3 Click Filter.
The VLAN, Forwarding—Filter tab appears (Figure 49 on page 165).
314725-E Rev 00
Figure 49 VLAN, Forwarding—Filter tab
4 Configure the filter.

5 Click Filter.
Configuring a VLAN to accept tagged or untagged frames
Perform the following steps to configure a VLAN to accept tagged or untagged

frames from a port:
1 In the Device Manager main window, select the port.

The port is highlighted.
2 From the Device Manager menu bar, choose Edit > Port > General.
The Port box appears with the Interface tab displayed (see Figure 50 on
page 166).

Figure 50 Port—Interface tab
3 Click the VLAN tab.

The VLAN tab appears (Figure 51 on page 167).
314725-E Rev 00
Figure 51 Port—VLAN tab
4 To configure tagging on the port, select the PerformTagging check box. This
setting is applied to all VLANs associated with the port.
If the check box is selected, tagging is enabled. All frames sent from this port
are tagged. You can either discard the tagged frames (go to step 5) or forward
them to a VLAN (go to step 6).
• If the check box is cleared, tagging is disabled. The port does not send
tagged frames. The switch removes the tag before sending the frame out
of the port. You can either discard the untagged frames (go to step 5) or
forward them to a VLAN (go to step 6).
Note: When you enable tagging on an untagged port, the previous

configuration of VLANs, STGs, and MLTs is lost for that port. In
addition, the port resets and runs Spanning Tree Protocol, thus breaking
connectivity while the protocol goes through the usual blocking and
learning states before the forwarding state.

• To discard tagged frames on a port for which tagging is disabled, select
DiscardTaggedFrames.

• To discard untagged frames on a port for which tagging is enabled, select

DiscardUntaggedFrames.
Note: To optimize performance, on untagged ports in configurations in

which you do not expect to see tagged frames, set DiscardTaggedFrames
to true. However, on untagged ports for interconnecting switches, set
DiscardTaggedFrames to false.
6 To designate a default VLAN to associate with discarded frames, enter a

VLAN ID in the Default VLAN ID box (or use the default VLAN 1).
7 Click Apply > Close.
Tagging is configured for the port.
Table 16 describes the Port—VLAN tab fields.
Table 16 Port—VLAN field descriptions
Field Description
SvlanPortType Sets the stacked VLAN (sVLAN) port type:

normal (default)
uni (User-to-Network Interface) You must configure ports to which you want to
provide VLAN transparency as UNI ports. UNI ports can only belong to one
sVLAN. When you designate a port as a UNI port, the DiscardTaggedFrames
parameter is automatically configured (Edit > Port > General > VLAN). This
prevents traffic from leaking to other VLANs.
nni (Network-to-Network Interface) NNI ports interconnect the switches in the
core network, drop untagged frames on ingress, and insert the sVLAN tag at
the egress. When you configure an NNI port, the DiscardUnTaggedFrames
parameter is automatically configured (Edit > Port > General > VLAN).
Before configuring a port as uni or nni, you must change the switch level to 1
or above (VLAN > SVLAN > Level).
PerformTagging Enable or disable the port on the current VLAN to perform tagging
VlanNames Identifies which VLANs this port is assigned. Each VLAN ID is stored as a two
octet value. The first octet in the pair holds bits 15 to 8 of the VLAN ID, the
second octet holds bits 7 to 0 of the VLAN ID.
DiscardTaggedFrames Determines how to process tagged frames received on this access port. When
the flag is set, these frames are discarded by the forwarding process. When
the flag is reset, these frames are processed normally.
314725-E Rev 00
Table 16 Port—VLAN field descriptions (continued)
Field Description
DiscardUntaggedFrames Determines how to process untagged frames received on this tagged port.
When the flag is set, these frames are discarded by the forwarding process.
When the flag is reset, these frames are assigned to the VLAN specified by
the DefaultVlanId.
UntagDefaultVLAN Enables or disables egress tagging on the default VLAN of the port.
DefaultVlanId The VLAN ID assigned to untagged frames received on this trunk port.
This field is meaningless when the port is not a trunk port.
LoopDetect Enables loop detection.
ArpDetect Enables or disables the ARP loop detection feature on this port. If a loop is
detected, the port is disabled. For more information about this feature, see
Configuring IP Routing Operations.
LoopDetectAction This value is used to specify the action which needs to be taken once a MAC
loop is detected on a specific port. They include portDown, vlanBlock, and
macDiscard.
Configuring Untagging Default VLAN on a Tagged Port

packets originating from a PC from the tagged packets originating from an IP
phone.
For more information about this feature, see “Untagging Default VLAN on a
Tagged Port feature” on page 50.
To enable this feature with Device Manager:
1 In Device Manager, select a port.

2 Right-click and choose Edit > Port > General.
The Port box appears.
3 Click the VLAN tab (Figure 52 on page 170).
4 Select UntagDefaultVlan.
5 Click Apply.

Figure 52 VLAN—UntagDefaultVlan
Configuring MAC address auto-learning on a VLAN
You can use MAC address auto-learning to define VLAN ports that you want to
automatically learn MAC addresses.
To configure MAC address learning for a VLAN:
1 From the Device Manager menu bar, choose VLAN > MAC Learning.
The VLanMacLearning box appears with the Manual Edit tab displayed
(Figure 53).
Figure 53 VLanMacLearning—Manual Edit tab
2 Click Insert.
314725-E Rev 00
The VLAN MAC Learning, Insert Manual Edit box appears (Figure 54).
Figure 54 VLanMacLearning, Insert Manual Edit box
3 In the Address box, enter the source MAC address.

4 In the Ports box, click the ellipsis (...).
The BridgeManualEditPorts box appears and shows the available ports
(Figure 55).
Figure 55 BridgeManualEditPorts box
5 Click the ports you want to configure to use VLAN MAC learning, and then
click Ok.
The BridgeManualEditPorts box closes and the port numbers are added to the
Insert Manual Edit box.
6 Click Insert.
The Insert Manual Edit box closes and the MAC address and ports are added
to the VLAN MAC Learning Manual Edit box.
7 Click Close.
VLAN MAC learning is configured and the box closes.

Table 17 describes the Insert Manual Edit tab fields.
Table 17 VLAN MAC Learning—Insert Manual Edit tab fields
Field Description
Address The source MAC address of an entry.

Ports The allowed ports on which the MAC address of this entry are learned.
Modifying auto-learned MAC addresses
Use the Auto Learn tab to change a MAC address that was automatically learned
to one that can be manually edited.
To modify a MAC address that was automatically learned:
1 On the Device Manager menu bar, choose VLAN > MAC Learning.
The VlanMacLearning box appears with the Manual Edit tab displayed (see
2 Click the Auto Learn tab.

The Auto Learn tab appears and shows automatically learned MAC addresses
(Figure 56).
Figure 56 VLanMacLearning—Auto Learn tab
3 Double-click in the Auto Learn Action field on the address you want to
change, and select ConvertToManualEdit from the list.
4 Click Apply.
The Auto Learn Action is changed.
314725-E Rev 00
Table 18 describes the VLAN Auto Learn tab fields.
Table 18 VLAN Auto Learn tab fields
Field Description
Address The source MAC address of the auto-learned entries.

Port The port where the MAC address was learned.
Auto Learn Action This field is for converting an auto-learned MAC address entry to a
manual edit MAC address entry. The variable provides a
mechanism for you to move a MAC address entry from the
auto-learned table to the Manual Edit table.
Settings:
• None
• convertToManualEdit
Configuring VLAN Loop Detection
For information about the Loop Detection feature, see “VLAN Loop Detection”
on page 65.
To configure Loop Detection using Device Manager, do the following:
1 In Device Manager, select a port and right-click.

A menu appears.
2 Select Edit General, and then click the VLAN tab.

The VLAN tab appears (Figure 57). Table 16 on page 168 describes the fields
in the VLAN tab.
Figure 57 Port—VLAN loop detect
3 Select the LoopDetect check box.

4 In the LoopDetectAction box, select the action to be taken if a loop is
detected.
Note: Nortel recommends that you select portDown as opposed to a

VLAN shutdown (vlanBlock). If vlanBlock is selected, the VLAN is
shut down, not the port. The access switch continues to forward traffic to
the port. If portDown is selected, then the access switch recovers by
detecting the failed link.
5 Click Apply.
6 To view loop detection information, click Loop Detect.
The Loop Detected tab appears (Figure 58 on page 175), showing loop
detection information.
314725-E Rev 00
Figure 58 Loop Detected
Table 19 describes the LoopDetected fields.
Table 19 LoopDetected dialog box parameters
Field Description
PortIndex Port number.

VlanId The assigned ID of the VLAN.
Value Specifies that a loop has been detected (yes), or that no loop
has been detected (no).
Configuring directed broadcast on a VLAN
You can enable or disable directed broadcast traffic forwarding for an IP interface
on the Direct Broadcast tab.
To configure directed broadcast for a VLAN:
page 136).
2 Select a VLAN.
3 Click IP.

The IP, VLAN box appears with the IP Address tab displayed (Figure 37 on
page 142).
4 Click the Direct Broadcast tab.
The Direct Broadcast tab appears (Figure 59).
Figure 59 IP, VLAN—Direct Broadcast tab
5 Select DirectBroadcastEnable.
• If selected, IP-directed broadcasts are enabled.
• If cleared, IP-directed broadcasts are suppressed.
Note: Multiple VLANs or IPs in the same subnet but in different

switches must be configured simultaneously.
6 Click Apply, and then click Close.

Directed broadcast is configured for the VLAN.
314725-E Rev 00
Table 20 describes the Direct Broadcast tab.
Table 20 IP, VLAN Direct Broadcast tab
Field Description
DirectBroadcastEnable If enabled, an Isolated Routing Port (IRP) can forward directed

broadcast traffic. A directed broadcast is a frame sent to the
subnet broadcast address on a remote IP subnet. By disabling
or suppressing directed broadcast on an interface, all frames
sent to the subnet broadcast address for a local router
interface are dropped. Disabling this function protects a host
from possible denial of service (DOS) attacks.
Note: This feature is enabled by default. With the feature
enabled, the CPU does not receive a copy of the directed
broadcast. As a result, the switch does not respond to a
subnet broadcast ping sent from a remote subnet.
Managing VLAN bridging

Bridging occurs at Layer 2 of the Open Systems Interconnect (OSI) model, in
which only the MAC address in the packet header is considered when forwarding.
With the Ethernet Routing Switch 8600, all bridging is done within the context of
a VLAN, in which each VLAN has its own bridging configuration and forwarding
table.
• “Configuring the forwarding database timeout” on page 178

• “Viewing the forwarding database for a specific VLAN” on page 179
• “Clearing learned MAC addresses from the forwarding database” on page 180
• “Configuring static forwarding” on page 183
• “MAC-layer bridge packet filtering” on page 185
• “Configuring a MAC-layer bridge filter” on page 186
• “Configuring the Global MAC filter” on page 189

Configuring the forwarding database timeout
To configure the forwarding database (FDB) timeout:
page 136).
2 Select a VLAN, and then click Bridge.

The Bridge, VLAN box appears with the FDB Aging tab displayed
(Figure 60).
Figure 60 Bridge, VLAN—FDB Aging tab
3 In the FdbAging box, enter an interval, in seconds, for aging out dynamically
learned forwarding information, or keep the default (300 seconds).
4 Click Apply and then click Close.
Your changes are applied and the Bridge, VLAN box closes.
Table 21 describes the Bridge VLAN—FDB Aging tab fields.
Table 21 Bridge VLAN—FDB Aging tab fields
Field Description
FdbAging The timeout period (in seconds) used for aging out FDB entries
of this VLAN.
314725-E Rev 00
Viewing the forwarding database for a specific VLAN
The Forwarding tab shows the forwarding database for the VLAN and contains
unicast information about bridge forwarding or filtering. This information is used
by transparent bridging to determine how to forward a received frame.
To view all entries in the forwarding database, for a specific VLAN:
2 Select a VLAN and click Bridge.

The Bridge, VLAN box appears with the FDB Aging tab displayed (see
3 Click the Forwarding tab.

The Bridge, VLAN—Forwarding tab appears (Figure 61).
Figure 61 Bridge, VLAN—Forwarding tab
Table 22 describes the Bridge, VLAN—Forwarding tab fields.
Table 22 Bridge, VLAN—Forwarding tab fields
Field Description
Address A unicast MAC address for which the bridge has forwarding or filtering
information.

Table 22 Bridge, VLAN—Forwarding tab fields (continued)
Field Description
Port Either a value of zero (0) or the port number of the port on which a
frame having the specified MAC address was seen. A value of 0
indicates a self-assigned MAC address.
Monitor Select true or false to copy packets with a MAC address in the source
or destination field. Used with port mirroring.
QosLevel Quality of Service level.
SmltRemote Specifies whether you want to use SMLT.
Status Values include:
Clearing learned MAC addresses from the forwarding

database
For troubleshooting, you need to manually flush the bridge forwarding database of
learned MAC addresses.
You can perform this procedure for all MAC addresses as described in the
following sections:
• “Clearing learned MAC addresses by VLAN”

• “Clearing learned MAC addresses for all VLANs by port” on page 181
Clearing learned MAC addresses by VLAN
To clear the forwarding database of learned MAC addresses for a VLAN:
page 136).
2 In the VLAN box, click the Advanced tab.

The Advanced tab appears (Figure 62 on page 181).
314725-E Rev 00
Figure 62 VLAN—Advanced
3 Double-click in the VLAN Operation Action field, and choose

FlushMacFdb from the list.
4 Click Apply.
The VLAN is set for flushing the bridge forwarding database.
Clearing learned MAC addresses for all VLANs by port
To clear learned MAC addresses from the forwarding database for all VLANs by
port:
1 From the Device Manager main window, select a port.

2 From the menu bar, choose Edit > Port > General.
The Port box appears with the Interface tab displayed (see Figure 63 on
page 182).

Figure 63 Port—Interface, FlushMacFDB
3 In the Action box, select FlushMacFdb.

4 Click Apply.
All learned MAC addresses are cleared from the forwarding database (FDB)
for VLANs associated with this port.
5 Click Close.
314725-E Rev 00
Configuring static forwarding
The Static tab contains static forwarding information configured by local or

network bridge management. The information is used to specify the set of ports
that are allowed to forward frames.
Entries are valid for unicast and for group/broadcast addresses.
To configure forwarding information:
page 136).
2 In the VLAN box, select a VLAN and then click Bridge.

The Bridge, VLAN box appears (see Figure 60 on page 178).
3 Click the Static tab.
The Static tab is displayed (Figure 64).
Figure 64 Bridge, VLAN—Static tab
4 In the Static tab, click Insert.

The Bridge, VLAN Insert Static box appears (Figure 65 on page 184).

Figure 65 Bridge, VLAN—Insert Static box
5 In the MacAddress box, enter a forwarding destination MAC address.

6 In the Port box, click the ellipsis (...).
The BridgeStaticPort box appears (Figure 66).
Figure 66 BridgeStaticPort
7 Select the port on which the frame is received.

8 Click Ok.
The Bridge Static Port box closes and the selected port appears in the Insert
Static box.
9 To copy packets with a MAC address in the source or destination field, select
Monitor.
10 In the QoS box, select a Quality of Service level, or keep the default, level 1.
Note that Level 7 is reserved for network control traffic.
314725-E Rev 00
11 Click Insert.
The Insert Static box closes and the static information appears in the Bridge,
VLAN Static tab.
12 Click Close.
The static forwarding information is configured, and the Bridge VLAN box
closes.
Table 23 describes the bridge, VLAN static fields.
Table 23 Bridge VLAN static fields
Field Description
MacAddress The destination MAC address in a frame to which the forwarding

information for this entry applies. This object can take the value of a
unicast address.
Port The port number of the port on which the frame is received.
Monitor Setting to copy packets with a MAC address in the source or destination
field. Used with port mirroring. In Static tab, display = true or false.
QosLevel Quality of Service level.
Status Specifies the status of this entry. Select one of the following values:
• permanent—in use and remains so after the next bridge reset. This
is the default value.
• deleteOnReset—in use and remains so until the next bridge reset.
• deleteOnTimeout—currently in use and remains so until it is aged.
• other—in use but the conditions under which it remains so are
different from other values.
MAC-layer bridge packet filtering
To perform MAC-layer bridging, the switch must know the destination

MAC-layer address of each device on each attached network so it can forward
packets to the appropriate destination. MAC-layer addresses are stored in
the bridging table, and you can filter packet traffic based on the destination
MAC-layer address information.

For MAC address filtering, the Ethernet Routing Switch 8600 supports Bridge
Management Information Base (MIB) filtering (RFC 1493). The number of MAC
filters is limited to 100. You can create a filter entry in much the same way as you
create a static MAC entry, by entering a MAC address and the port on which it
resides. In the MAC filter record, you can also specify ports to discard source or
destination packets for the MAC address on a port.
Configuring a MAC-layer bridge filter
To configure a MAC layer bridge filter:
page 136).
2 In the VLAN box, select a VLAN and click Bridge.

The Bridge, VLAN box appears (see Figure 60 on page 178).
3 Click the Filter tab.
The Filter tab appears (Figure 67).
Figure 67 Bridge, VLAN—Filter tab
4 Click Insert.
The Bridge, VLAN Insert Filter box appears (Figure 68 on page 187).
314725-E Rev 00
Figure 68 Bridge, VLAN—Insert Filter box
5 In the MacAddress box, enter the MAC address used to match the destination
address of incoming packets.
6 In the Port box, click the ellipsis (...).
The BridgeFilterPort box appears (Figure 69).
Figure 69 BridgeFilterPort
7 Click the port on which this MAC address is found, and then click OK.
The BridgeFilterPort box closes and the port is added to the Port box on the
Bridge, VLAN, Insert Filter box.
8 In the SrcDiscard box, click the ellipsis (...).

The BridgeFilterSrcDiscard box appears (Figure 70 on page 188).

Figure 70 BridgeFilterSrcDiscard box
9 Click the ports from which you do not want packet traffic received by this
MAC address, and then click Ok.
The box closes and the ports are added to the SrcDiscard field in the Bridge,
VLAN, Insert Filter box.
10 In the DestDiscard box, click the ellipsis (...).

The BridgeFilterDestDiscard box appears (Figure 71).
Figure 71 BridgeFilterDestDiscard box
11 Click the ports to which you do not want packet traffic sent from this MAC
address, and then click Ok.
The box closes and the ports are added to the DestDiscard box in the Bridge,
VLAN, Insert Filter box.
12 Enable Pcap if required.

13 Click Insert.
The Insert Filter box closes and the filter appears in the Filter tab.
314725-E Rev 00
14 In the Bridge VLAN box and the VLAN box, click Close.
The MAC layer bridge filter is configured.
Table 24 describes the Bridge VLAN Filter fields.
Table 24 Bridge VLAN Filter fields
Field Description
MacAddress The MAC address of this entry. This address is used to match the
destination address of incoming packets.
Port Port on which this MAC address is found.
SrcDiscard Specify a set of ports. Traffic arriving on any of the specified ports is
not forwarded to this MAC address.
DestDiscard Specify a set of ports. Traffic arriving on any of the specified ports
from this MAC address is discarded.
Status Specifies the status of the VLAN. Values include:
Pcap Enable or disable the Packet Capture Tool (PCAP) for the MAC
address (FDB filter). For more information about PCAP, see Using
the Packet Capture Tool.
Configuring the Global MAC filter
To configure the Global MAC filter:
1 From the Device Manager window, select VLAN > Global Mac Filtering.
The GlobalMacFiltering tab appears (Figure 72 on page 190).

Figure 72 GlobalMacFiltering tab
Table 25 describes the fields on the GlobalMacFiltering tab.

2 Click Insert.
The GlobalMacFiltering, Insert Mac Filter box appears (Figure 73).
Figure 73 GlobalMacFiltering, Insert Mac Filter box
3 In the GlobalMacFilterAddress box, enter the address, and then click Insert.
The address you entered appears in the GlobalMacFiltering tab.
Table 25 GlobalMacFiltering tab fields
Field Description
GlobalMacFilterAddress A MAC address which the switch discards globally.
314725-E Rev 00
Configuring Enhanced Operation mode

With Enhanced Operation mode, you can now increase the maximum number of
VLANs when you use MultiLink Trunking to 1980 (1972 if R modules are
present in the chassis) and to 989 when you use SMLT. Enhanced Operation mode
requires Ethernet Routing Switch 8600 E, M, or R modules.
Caution: When Enhanced Operation mode is enabled, only Ethernet

Routing Switch 8600 E, M, or R modules are initialized (other modules
are placed offline). To avoid losing modules and network connectivity,
replace non-E, M, or R modules or move the network connections to an E,
M, or R module before enabling Enhanced Operation mode.
For more information about Enhanced Operation mode, see “MultiLink trunking
and VLAN scalability” on page 56.
To enable Enhanced Operation mode:
1 From the Device Manager menu bar, choose Edit > Chassis.
The Chassis box appears with the System tab displayed (Figure 43 on
page 153).
2 Click the System Flags tab.

The System Flags tab appears (Figure 74 on page 192).

Figure 74 Chassis—System Flags tab
3 Select the NewEnhancedOperMode check box.

4 Click Apply.
The system notifies you that the setting takes effect after save and reboot.
5 Click the System tab.

The System tab appears (Figure 75 on page 193).
314725-E Rev 00
Figure 75 Chassis—System SaveRuntimeConfig
6 In the ActionGroup1 box, select saveRuntimeConfig.

7 Click Apply > Close.
Enhanced Operation mode is configured.

314725-E Rev 00
195
Chapter 3
Configuring sVLAN using Device Manager
This chapter describes using Device Manager to configure stacked VLAN

(sVLAN) on an Ethernet Routing Switch 8600. For conceptual infortmation about
sVLANs, see Chapter 1, “Layer 2 operational concepts,” on page 59.
Topic Page
Stacked VLAN configuration overview 195

Creating an sVLAN 196
Setting the sVLAN Ethertype and switch level 200
Setting the sVLAN port type 202
Creating an sVLAN STG 207
Stacked VLAN configuration overview

The stacked VLAN (sVLAN) protocol transparently transports packets through an
sVLAN domain by adding an additional four byte header to each packet. For more
information, see “Stacked VLANs” on page 59.

196 Chapter 3 Configuring sVLAN using Device Manager
Follow these steps to configure an sVLAN using Device Manager:
Note: You must follow these steps in sequence to configure an sVLAN.
1 Change the Ethertype and set the switch level to 1 or above.

For more information, see “Setting the sVLAN Ethertype and switch level” on
page 200.
2 Configure user-to-network interface (UNI) and network-to-network interface

(NNI) ports.
For more information, see “Setting the sVLAN port type” on page 202.
3 Create a spanning tree group (STG) of type sVLAN.

For more information, see “Creating an sVLAN STG” on page 207.
4 Create a VLAN of type sVLAN within the STG created in Step 3 and add
ports to it.
For more information, see “Creating an sVLAN” on page 196.
Creating an sVLAN
To create an sVLAN:
The VLAN—Basic box appears (Figure 76 on page 197).
314725-E Rev 00
Chapter 3 Configuring sVLAN using Device Manager 197
Figure 76 VLAN—Basic tab
2 Click Insert.
The VLAN, Insert Basic box appears (Figure 77 on page 198).

Figure 77 Insert Basic—for sVLANs
314725-E Rev 00
3 In the Id box, enter an unused VLAN ID or use the ID provided. The default
VLAN is VLAN ID 1.
4 (Optional) In the Name box, type the VLAN name, or use the name provided.
5 (Optional) In the Color Identifier box, click the down arrow and choose a
color from the list, or use the color provided.
Device Manager suggests a color, but you can change it. This color is used by
VLAN Manager to display the different VLANs in a network.
6 In the StgId box, type or select the spanning tree group ID for the VLAN.
7 In the Type box, select bySvlan.
The VlanPortMembers box appears (Figure 78).
9 Click the ports you want to include in the new sVLAN.

10 Click Ok.
The Port Membership box closes and the port members appear in the Insert
Basic box.
11 (Optional) In the QoS box, select a Quality of Service level.

12 On the VLAN, Insert Basic box, click Insert.
The Insert box closes and the VLAN appears in the Basic tab.
13 In the VLAN, Basic tab, click Close.


Setting the sVLAN Ethertype and switch level

To configure the sVLAN Ethertype and switch level for the switch:
Note: sVLAN is not supported on the Ethernet Routing Switch 8600

R module v4.1.
1 From the Device Manager menu bar choose VLAN > SVLAN.
The Svlan—Ether Type tab (Figure 79) appears, displaying the Ether types
used for sVLAN tagging.
Figure 79 SVLAN—Ether Type tab

• Use the default Ether Type-Switch Level mapping and continue to Step 3.
• To modify an Ethertype, double-click an EtherType box, enter a new
value, and click Apply.
The Ethertype is changed.
Table 26 on page 202 describes the sVLAN Ether Type tab.
3 Click the Level tab.
314725-E Rev 00
The Level tab appears (Figure 80).
Figure 80 Svlan box—Level tab
4 In the ActiveLevel box, enter an active switch level.
Note: Change the switch level default of 0 to a value of 1 through 7

before configuring UNI or NNI ports.
5 Click Apply.
The Ethertype and active switch level are configured.

Table 27 describes the sVLAN Level tab.
Table 26 SVLAN—Ether Type tab
Field Description
Id Index ID for this row in the table of switch levels.

Level The switch level associated with this entry.
EtherType Specifies the Ethertype used for sVLAN tagging.
The following are the default Ethertypes and switch levels:
• Level 0 — 0x8100 (Ethertype defined by IEEE for
802.1Q tagged frames)
• Level 1 — 0x8020
• Level 2 — 0x8030
• Level 3 — 0x8040
• Level 4 — 0x8050
• Level 5 — 0x8060
• Level 6 — 0x8070
• Level 7 — 0x8080
Table 27 SVLAN—Level tab
Field Description
Active Level Specifies the active level for the switch. The default is level
0.
Note: You must configure the switch level to 1 or above
before configuring UNI or NNI ports.
Setting the sVLAN port type
Note: You must change the switch level to 1 or above before you
configure UNI or NNI ports. See “Setting the sVLAN Ethertype and
switch level” on page 200.”
To set the sVLAN port type:
314725-E Rev 00
1 From the Device Manager view, select the port.

The Port—Interface tab appears (Figure 81).
Figure 81 Port box—Interface tab
3 Click the VLAN tab.

The VLAN tab appears (Figure 82 on page 204).

Figure 82 Port—VLAN tab
4 In the sVLANPortType box, select one of the following:

• uni—user-to-network interface
You must configure ports for which you want to provide VLAN
transparency as UNI ports. UNI ports can only belong to one sVLAN.
When you designate a port as a UNI port, the DiscardTaggedFrames
parameter is automatically enabled. This prevents traffic from leaking to
other VLANs.
• nni—network-to-network interface
314725-E Rev 00
NNI ports interconnect the switches in the core network, drop untagged
frames on ingress, and insert the sVLAN tag at the egress. When you
configure an NNI port, the DiscardUnTaggedFrames parameter is
automatically enabled.
Note: All ports within the same OctaPID have the same designation that
is, all eight ports are either Normal, or all eight ports are UNI/NNI.
When you change a port from normal to UNI/NNI, the other seven ports
are changed automatically, and in reverse. For more details, see “Tap and
OctaPID assignment (Release 3.x feature set)” on page 567”.
5 Click Apply.
The system warns you that by changing the port type, all ports in the OctaPID
can be removed from all VLANs and STGs (Figure 83). This message shows
the port range for the OctaPID. If you changed a port from Normal to UNI/
NNI, the other seven ports in the OctaPID are changed automatically.
Figure 83 sVLAN configuration warning
6 To continue applying the configuration, click Yes.

The sVLAN port type is configured.
7 Click Close.
The Port box closes.

Table 28 describes the Port—VLAN tab.

.
Table 28 Port—VLAN fields
Field Description
SvlanPortType Sets the stacked VLAN (SVLAN) port type:

normal (default)
uni (User-to-Network Interface) You must configure ports to which you want to
provide VLAN transparency as UNI ports. UNI ports can only belong to one
SVLAN. When you designate a port as a UNI port, the DiscardTaggedFrames
parameter is automatically configured (Edit > Port > General > VLAN). This
prevents traffic from leaking to other VLANs.
nni (Network-to-Network Interface) NNI ports interconnect the switches in the
core network, drop untagged frames on ingress, and insert the SVLAN tag at
the egress. When you configure an NNI port, the DiscardUnTaggedFrames
parameter is automatically configured (Edit > Port > General > VLAN).
Before configuring a port as uni or nni, you must change the switch level to 1
or above (VLAN > SVLAN > Level).
PerformTagging Enable or disable the port on the current VLAN to perform tagging
VlanNames Identifies which VLANs this port is assigned. Each VLAN ID is stored as a two
octet value. The first octet in the pair holds bits 15 to 8 of the VLAN ID, the
second octet holds bits 7 to 0 of the VLAN ID.
DiscardTaggedFrames Determines how to process tagged frames received on this access port. When
the flag is set, these frames are discarded by the forwarding process. When
the flag is reset, these frames are processed normally.
DiscardUntaggedFrames Determines how to process untagged frames received on this tagged port.
When the flag is set, these frames are discarded by the forwarding process.
When the flag is reset, these frames are assigned to the VLAN specified by
the DefaultVlanId.
UntagDefaultVLAN Enables or disables egress tagging on the default VLAN of the port.
DefaultVlanId The VLAN ID assigned to untagged frames received on this trunk port.
This field is meaningless when the port is not a trunk port.
LoopDetect Enables loop detection.
ArpDetect Enables or disables the ARP loop detection feature on this port. If a loop is
detected, the port is disabled. For more information about this feature, see
Configuring IP Routing Operations.
LoopDetectAction This value is used to specify the action which needs to be taken once a MAC
loop is detected on a specific port. They include portDown, vlanBlock, and
macDiscard.
314725-E Rev 00
Creating an sVLAN STG

To create an sVLAN spanning tree group:
1 From the Device Manager menu bar, choose VLAN > Spanning Tree > STG.
The STG box appears (Figure 84).
Figure 84 STG
2 Click Insert.
The STG, Insert Configuration box appears (Figure 85 on page 208).

Figure 85 STG, Insert Configuration
3 In the Id box, enter an STG ID, or use the displayed ID.

4 In the Type box, select svlan.
5 In the TaggedBpduAddress box, enter a MAC address to be assigned to the
destination MAC address field in tagged BPDUs.
Note: The MAC address you enter must be different from the
standardized BPDU MAC address.

The StgPortMembers box appears, displaying available ports.
7 Click the ports you want to include in the sVLAN STG, and then click Ok.
The StgPortMembers box closes, and the ports appear in the STG, Insert
Configuration box.
8 Click Insert.
314725-E Rev 00
The STG appears in the Configuration tab.
9 On the Configuration tab, click Close.

The STG is configured and the STG box closes.

314725-E Rev 00
211
Chapter 4
Configuring spanning tree using Device Manager
This chapter discusses using Device Manager to create, manage, and monitor
spanning tree groups (STG), and discusses using Device Manager to configure
Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP) and
Multiple Spanning Tree Protocol (MSTP).
Topic Page
Choosing the spanning tree mode 211

Configuring Spanning Tree Protocol 212
Configuring Multiple Spanning Tree Protocol 226
Configuring Rapid Spanning Tree Protocol 240
Choosing the spanning tree mode

You can choose to use STP, MSTP, or RSTP with the Ethernet Routing Switch
8600. To configure the mode:
1 From the Device Manager menu bar, choose VLAN > Spanning Tree >
Globals.
The Spanning Tree Globals box appears (Figure 86 on page 212).

212 Chapter 4 Configuring spanning tree using Device Manager
Figure 86 Spanning Tree—Globals
2 Select the required spanning tree mode.

3 Click Apply.
Warning: After you change the mode, you must reboot the switch for
changes to take effect. You can reboot the switch using the command line
interface (CLI) by first saving the boot file with the command save
bootconfig, and then entering the command boot <filename>,
where filename is the saved boot config file. You can also reboot the
switch using Device Manager. Go to Edit > Chassis. In the
ActionGroup1 box, select saveBootConfig. Click Apply. Next, in
ActionGroup4, select softReset. Click Apply.
Configuring Spanning Tree Protocol

This section discusses using Device Manager to create, manage, and monitor
spanning tree groups. For more information about STP, see “Spanning Tree
Protocol” on page 67.
• “Creating a STG” on page 213

• “Editing an STG” on page 217
• “Adding ports to an STG” on page 218
• “Viewing the STG status” on page 219
• “Viewing STG ports” on page 221
• “Enabling STP on a port” on page 224
• “Deleting an STG” on page 224
314725-E Rev 00
Chapter 4 Configuring spanning tree using Device Manager 213
• “Configuring STG topology change detection” on page 225
Creating a STG
A network can include multiple instances of STP. The collection of ports in one
spanning tree instance is called a spanning tree group (STG). The Ethernet
Routing Switch 8600 supports STP and up to 64 spanning tree groups.
Note: This information applies to Ethernet Routing Switch 8600

modules only. Spanning Tree Protocol must be disabled on split
multilink trunking (SMLT) or interswitch trunk ports, because spanning
tree is not a supported configuration on these ports.
To create a STG:
The STG—Configuration tab appears (Figure 87).
Figure 87 STG—Configuration tab
2 On the Configuration tab, click Insert.

The STG, Insert Configuration box appears (see Figure 88 on page 214).
Table 29 on page 216 describes the STG—Configuration tab parameters.

Figure 88 STG, Insert Configuration
3 Use the fields in the STG, Insert Configuration box to configure the STG.
Note: In the STG table, the STG ID and TaggedBpduVlanId must be

unique. If you change the STG ID without updating TaggedBpduVlandId,
the insertion can fail because of a duplicate TaggedBpduVlanId.
4 In the PortMembers box, click the ellipses (...).

The StgPortMembers box (Figure 89 on page 215) appears.
314725-E Rev 00
Figure 89 StgPortMembers
5 Click the ports you want to add to the STG, and then click Ok.
The StgPortMembers box closes, and the ports are added to the Port Members
field in the Insert Configuration box.
Note: Spanning Tree Protocol must be disabled on SMLT or interswitch

trunk ports.
6 Click Insert.
The Insert Configuration box closes, and the STG appears in the
Configuration tab.
7 Click Close.
The STG is configured.

Table 29 describes the STG—Configuration fields.
Table 29 STG configuration fields
Field Description
Id The ID number for the STG.

Note: The STG ID and TaggedBpduVlanId must be unique in
the STG table. If you change the STG ID without updating
TaggedBpduVlanId, the insertion can fail because of a duplicate
TaggedBpduVlanId.
Type Specifies the type of STG.
• normal = normal STG
• svlan = stacked VLAN STG
Priority Sets the STP bridge priority, in decimal.
BridgeMaxAge The value in hundredths of a second that all bridges use for
MaxAge when this bridge is acting as the root.
Note: The 802.1d-1990 standard specifies that the
BridgeMaxAge range is related to the value of
dot1dStpBridgeHelloTime. The default is 2000 (20 seconds).
BridgeHelloTime The value in hundredths of a second that all bridges use for
HelloTime when this bridge is acting as the root. The granularity
of this timer is specified by the IEEE 802.1d-1990 standard to
be in increments of 1/100 of a second. The default is
200 (2 seconds).
BridgeForwardDelay The value in hundredths of a second that all bridges use for
forward delay when this bridge is acting as the root. The default
is 1500 (15 seconds).
EnableSTP Enables or disables the spanning tree algorithm for the STG.
StpTrapEnable Enables SNMP traps to be sent to trace receiver every time an
STP topology occurs.
TaggedBpduAddress Represents a MAC address; specifically for tagged BPDUs.
314725-E Rev 00
Table 29 STG configuration fields (continued)
Field Description
TaggedBpduVlanId Represents the VLAN tag associated with the STG. This ID is
used to tag BPDUs through a non-IEEE tagging bridge to
another Ethernet Routing Switch 8600.
Note: By default, the TaggedBpduVlanId is an address
calculated based on the STG ID by Device Manager. Accepting
the default value calculated by Device Manager makes it much
simpler to coordinate STGs across multiple switches. If you
enter a custom value for this field, you must manually
coordinate it across all switches.
Note: The STG ID and TaggedBpduVlanId must be unique in
the STG table. If you change the STG ID without updating
TaggedBpduVlanId, the insertion can fail because of a duplicate
TaggedBpduVlanId.
Port Members The ports you want to become members of the new STG.
You cannot select a port if it is:
• configured as Single Port SMLT, MLT-based SMLT, or IST
• configured as members of any other STG
NtStgEnable Indicates whether this STG is operating in Nortel mode or in
Cisco mode:
• true—Nortel mode
• false—Cisco mode
Note: Untagged ports can only belong to one STG.
Editing an STG
Note: The information about editing an STG applies to Ethernet

Routing Switch 8600 modules only.
To edit an STG:
The STG—Configuration box appears (Figure 87 on page 213).

2 Double-click the field for the STG you want to edit.

The field becomes editable.
3 Enter a new value or select a new setting from the menu.

4 Click Apply.
The changes are applied to the STG.
Adding ports to an STG
To add ports to a spanning tree group:
The STG—Configuration tab appears (Figure 87 on page 213).
2 Double-click the Port Members field for the STG.

The StgPortMembers box (Figure 90) appears, indicating the port members
assigned to this STG.
Figure 90 StgPortMembers box
3 Click the ports you want to add to the STG, and click OK.
The StgPortMembers box closes, and the ports are added to the Port Members
field in the Configuration tab.
Note: Spanning Tree Protocol must be disabled on SMLT or IST ports.
314725-E Rev 00
4 Click Apply.
The ports are added to the STG.
Viewing the STG status
You can use the STG Status tab to view the status of the spanning tree for each
STG that is associated with the network.
To view STG status:
2 Click the Status tab.
The Status tab appears (Figure 91 on page 220), displaying the STG status.

Figure 91 STG—Status tab
Table 30 describes the STG Status fields.
Table 30 STG Status fields
Field Description
BridgeAddress The MAC address used by this bridge when it must be

referred to in a unique fashion.
NumPorts The number of ports controlled by this bridging entity.
ProtocolSpecification An indication of what version of the Spanning Tree Protocol
is being run. The IEEE 802.1d implementations return
ieee8021d.
TimeSinceTopologyChange The time in hundredths of a second since the last time
a topology change was detected by the bridge entity or
STG.
TopChanges A topology change trap is sent by a bridge when any of its
configured ports transitions from the Learning state to the
Forwarding state, or from the Forwarding state to the
Blocking state. The trap is not sent if a new root trap is sent
for the same transition. Implementation of this trap is
optional.
DesignatedRoot The bridge identifier of the root of the spanning tree as
determined by the Spanning Tree Protocol as executed by
this node. This value is used as the Root Identifier
parameter in all Configuration Bridge PDUs originated by
this node.
314725-E Rev 00
Table 30 STG Status fields (continued)
Field Description
RootCost The cost of the path to the root as seen from this bridge.
RootPort The port number of the port that offers the lowest cost path
from this bridge to the root bridge.
MaxAge The maximum age of Spanning Tree Protocol information
learned from the network on any port before it is discarded,
in units of hundredths of a second. This is the actual value
that this bridge is currently using.
HelloTime The amount of time in hundredths of a second between
transmission of config BPDUs by this node on any port
when it is the root of the spanning tree. The default value is
200 (2 seconds).
HoldTime The time interval in hundredths of a second during which
no more than two configuration bridge PDUs shall be
transmitted by this node. The default value is 100
(1 second).
ForwardDelay The time interval in hundredths of a second that controls
how fast a port changes its spanning state when moving
toward the Forwarding state. The value determines how
long the port stays in each of the Listening and Learning
states, which precede the Forwarding state. This value is
also used when a topology change is detected and is under
way, to age all dynamic entries in the Forwarding Database.
Note that this value is the one this bridge is currently using,
in contrast to StgBridgeForwardDelay, which is the value
that this bridge and all others would use if this bridge
becomes the root. The default value is 1500 (15 seconds).
Viewing STG ports
Use the Ports tab to view the status of ports for each STG that is associated with
the network.
To view STG ports:
2 Click the Ports tab.
The Ports tab appears(Figure 92). For parameter descriptions, see “STG Ports
tab fields” on page 222.

Figure 92 STG—Ports tab
Table 31 describes the STG—Ports tab fields.
Table 31 STG Ports tab fields
Field Description
Port The port number of the port for which this entry contains Spanning
Tree Protocol management information.
StgId The STG identifier assigned to this port.
Priority The value of the priority field which is contained in the first octet of
the Port ID. The other octet of the Port ID is given by the value of
rcStgPort.
Note: Although port priority values can range from 0 to 255, on the
Ethernet Routing Switch 8600, only the following values are used: 0,
16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, 240.
314725-E Rev 00
Table 31 STG Ports tab fields (continued)
Field Description
State The current state of the port as defined by the application of the
Spanning Tree Protocol:
disabled
blocking
listening
learning
forwarding
broken
This state controls what action a port takes on reception of the
frame. If the bridge has detected a port that is malfunctioning, it
places that port into the broken state. For ports that are disabled,
this object has a value of disable.
EnableStp The STP state of the port.
Enabled—BPDUs are processed in accordance with STP.
Disabled—The port stays in a forwarding state, received BPDUs are
dropped and not processed, and no BPDU is generated.
FastStart When this flag is set, the port is moved straight to the forwarding
state upon being enabled.
true (enables FastStart for the port)
false (default, disables FastStart for the port)
Note: This setting is contrary to that specified in the IEEE 802.1d
standard for Spanning Tree Protocol (STP), in which a port enters
the blocking state following the initialization of the bridging device or
from the disabled state when the port is enabled through
configuration.
PathCost The contribution of this port to the path cost of paths toward the
spanning tree root that includes this port. The 802.1d-1990 protocol
recommends that the default value of this parameter be inversely
proportion to the speed of the attached LAN.
DesignatedRoot The unique bridge identifier of the bridge recorded as the root in the
configuration BPDUs transmitted by the designated bridge for the
segment to which the port is attached.
DesignatedCost The path cost of the designated port of the segment connected to
this port. This value is compared to the Root Path Cost field in
received bridge PDUs.
DesignatedBridge The bridge identifier of the bridge that this port considers to be the
designated bridge for this port’s segment.
DesignatedPort The port identifier of the port on the designated bridge for this port
segment.

Table 31 STG Ports tab fields (continued)
Field Description
ForwardTransitions The number of times this port has transitioned from the learning
state to the forwarding state.
ChangeDetection The change detection setting (true or false) for this port. Can only
be configured on access ports. If you enable change detection on
an MLT with access ports, the setting is automatically applied to all
ports in the MLT.
Enabling STP on a port
To enable STP for a port:
The Ports tab appears (Figure 92 on page 222).
3 Click in the EnableStp field for the port you want to enable.
A menu appears.
4 From the menu, choose true.

The EnableStp setting changes.
5 Click Apply.
STP is enabled for the port.
Deleting an STG
Note: The deleting an STG procedure applies to Ethernet Routing

Switch 8600 modules only.
To delete an STG:
314725-E Rev 00
The STG box appears (Figure 87 on page 213).

2 Click the STG that you want to delete.
3 Click Delete.
Note: All VLANs must be deleted from an STG before you can remove
the STG.
Configuring STG topology change detection
To configure topology change detection on a port:
The Ports tab appears (Figure 92 on page 222).
3 Double-click the ChangeDetection field for a port.
The menu of change detection settings appears.
4 From the menu, choose one of the following:

• To enable change detection on the port, choose true.
• To disable change detection on the port, choose false.
5 Click Apply.
Change detection is configured for the port.
For more information about change detection, see “Spanning Tree Protocol
topology change detection” on page 70.

Configuring Multiple Spanning Tree Protocol

Multiple Spanning Tree Protocol (MSTP) allows you to configure multiple
instances of RSTP on the same switch. For more information about MSTP, see
“Rapid Spanning Tree Protocol and Multiple Spanning Tree Protocol” on page 73.
To configure MSTP, you must first enable it.
For more information about enabling MSTP, see “Choosing the spanning tree
mode” on page 211.
This section contains the following topics:
• “Configuring MSTP globally”

• “Configuring CIST ports for MSTP” on page 230
• “Viewing statistics for the CIST ports” on page 233
• “Configuring MSTI bridges for MSTP” on page 235
• “Configuring MSTI ports for MSTP” on page 236
• “Viewing MSTI port statistics” on page 238
Configuring MSTP globally
To configure MSTP globally:
MSTP.
The MSTP—Globals tab appears (Figure 93 on page 227).
314725-E Rev 00
Figure 93 MSTP—Globals
2 Edit desired fields to configure MSTP.

3 Click Apply.

Table 32 describes the MSTP—Globals tab fields.
Table 32 MSTP—Globals fields
Field Description
PathCostDefaultType The version of the spanning tree default path costs to be used
by this bridge. A value of 8021d1998 denotes the use of the 16
bit default path costs from IEEE 802.1d-1998. A value of
stp8021t2001 denotes the use of the 32 bit default path costs
from IEEE 802.1t.
TxHoldCount The value used by the port transmit state machine to limit the
maximum transmission rate.
MaxHopCount Indicates the maximum hop count. The granularity of this timer
is specified to be 1 second. An agent can return a bad value
error if you attempt to set a value which is not a whole number
of seconds.
NoOfInstancesSupport Indicates the maximum number of spanning tree instances
ed supported.
MstpUpCount The number of times the MSTP module was enabled. A trap is
generated on the occurrence of this event.
MstpDownCount The number of times the MSTP module was disabled. A trap is
ForceProtocolVersion The version of Spanning Tree Protocol the bridge currently
runs. stpCompatible indicates that the Spanning Tree Protocol
as specified in IEEE 802.1d is in use; rstp indicates that the
Rapid Spanning Tree Protocol as specified in IEEE 802.1w is in
use; and mstp indicates that the Multiple Spanning Tree
Protocol as specified in IEEE 802.1s is in use.
BrgAddress The MAC address used by this bridge when it must be referred
to in a unique fashion. Nortel recommends that this be the
numerically smallest MAC address of all ports that belong to
this bridge. When concatenated with MstCistBridgePriority or
MstBridgePriority, a unique bridge identifier is formed which is
used in the Spanning Tree Protocol.
Root The bridge identifier of the root of the common spanning tree as
determined by the Spanning Tree Protocol by this node. This
value is used as the CIST root identifier parameter in all
configuration bridge PDUs originated by this node.
RegionalRoot The bridge identifier of the root of the multiple spanning tree
region as determined by the Spanning Tree Protocol as
executed by this node. This value is used as the CIST regional
root identifier parameter in all configuration bridge PDUs
originated by this node.
314725-E Rev 00
Table 32 MSTP—Globals fields (continued)
Field Description
RootCost The cost of the path to the CIST root from this bridge.
RegionalRootCost The cost of the path to the CIST regional root from this bridge.
RootPort The port number of the port which offers the lowest path cost
from this bridge to the CIST root bridge.
BridgePriority The value of the writable portion of the bridge identifier
comprising of the first two octets. The values you enter for
bridge priority must be in steps of 4096.
BridgeMaxAge The value that all bridges use for MaxAge when this bridge acts
as the root. The granularity of this timer is specified to be
1 second. An agent can return a bad value error if you attempt
to set a value which is not a whole number of seconds. The
default is 2000.
BridgeForwardDelay The value that all bridges use for forward delay when this bridge
acts as the root. Note that 802.1d specifies that the range for
this parameter is related to the value of BridgeMaxAge. The
granularity of this timer is specified to be 1 second. An agent
can return a bad value error if you attempt to set a value which
is not a whole number of seconds. The default is 1500.
HoldTime This time value determines the interval length during which no
more than two configuration bridge PDUs can be transmitted by
this node, in units of hundredths of a second.
learned from the network on any port before it is discarded, in
units of hundredths of a second. This is the value that this
bridge currently uses.
ForwardDelay This time value, measured in units of hundredths of a second,
controls how fast a port changes its spanning state when
moving towards the forwarding state. The value determines how
long the port stays in a particular state before moving to the
next state.
TimeSinceTopology The time (in hundredths of a second) since the TcWhile Timer
Change for any port in this bridge was non-zero for Common Spanning
Tree.
TopChanges The number of times that there was at least one non-zero
TcWhile Timer on this bridge for Common Spanning Tree.
NewRootBridgeCount The number of times this bridge has detected a root bridge
change for Common Spanning Tree. A trap is generated on the
occurrence of this event.
RegionName The name for the region configuration. By default the region
name is equal to the bridge MAC Address.
RegionVersion Version of the MST region.

Table 32 MSTP—Globals fields (continued)
Field Description
ConfigIdSel The configuration identifier format selector used by the bridge.

This has a fixed value of 0 to indicate RegionName,
RegionVersions are specified as in the standard.
ConfigDigest The configured MD5 digest value for this region, which must be
16 octets long.
RegionConfigChange The number of times a region configuration identifier change
Count was detected. A trap is generated on the occurrence of this
event.
Configuring CIST ports for MSTP
To configure Common and Internal Spanning Tree (CIST) ports for MSTP:
1 In Device Manager, go to VLAN > Spanning Tree > MSTP.

The MSTP box appears.
2 In the MSTP box, click the CIST Port tab.
The MSTP—CIST Port tab appears (Figure 94 on page 231).
314725-E Rev 00
Figure 94 MSTP—CIST Port tab
3 Use the fields in the CIST Port box to configure the MSTP.
4 Click Apply.

The MSTP—CIST Port tab contains per-port information that is common to all
bridge and spanning tree instances. Table 33 describes the CIST Port fields.
Table 33 CIST Port fields
Field Description
Port The port number of the port for which this entry contains spanning
tree information
PathCost The contribution of this port to the path cost of paths towards the
CIST root which includes this port.
Priority The four most significant bits of the port identifier of the spanning
tree instance can be modified by setting the CistPortPriority value.
The values that are set for port priority must be in steps of 16.
Note: Although port priority values can range from 0 to 255, on the
Ethernet Routing Switch 8600, only the following values are used: 0,
16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, 240.
DesignatedRoot The unique bridge identifier of the bridge recorded as the CIST root
in the configuration BPDUs transmitted.
DesignatedCost The path cost of the designated port of the segment which connects
to this port.
DesignatedBridge The unique bridge identifier of the bridge which this port considers
to be the designated bridge for the port’s segment.
segment.
RegionalRoot The unique bridge identifier of the bridge recorded as the CIST
regional root identifier in the configuration BPDUs transmitted.
RegionalPathCost The contribution of this port to the path cost of paths towards the
CIST regional root which include this port.
ProtocolMigration Indicates the protocol migration state of this port. When operating in
RSTP or MSTP mode, writing true to this object forces this port to
transmit MSTP BPDUs without instance information. Any other
operation on this object has no effect and it returns false when read.
AdminEdgeStatus The administrative value of the Edge Port parameter. A value of true
indicates that this port is an edge-port, and a value of false indicates
that this port is a non-edge-port.
OperEdgeStatus The operational value of the Edge Port parameter. The object is
initialized to the value of AdminEdgeStatus and is set false on
reception of a BPDU.
314725-E Rev 00
Table 33 CIST Port fields (continued)
Field Description
AdminP2P The administrative point-to-point status of the LAN segment

attached to this port. A value of forceTrue indicates that this port is
treated as if it connects to a point-to-point link. A value of forceFalse
indicates that this port is treated as having a shared media
connection. A value of auto indicates that this port is considered to
have a point-to-point link if it is an aggregator and all of its members
are aggregatable, or if the MAC entity is configured for full duplex
operation, either through auto-negotiation or by management
means.
OperP2P The operational point-to-point status of the LAN segment attached
to this port. It indicates whether a port is considered to have a
point-to-point connection or not. The value is determined by
management or by auto-detection as described in the AdminP2P
object.
HelloTime The amount of time between the transmission of configuration
bridge PDUs by this node on this port in units of hundredths of a
second.
OperVersion This indicates whether the port is operationally in the MSTP mode,
the RSTP mode, or the STP-compatible mode, that is, whether the
port transmits MST BPDUs, RST BPDUs or Config/TCN BPDUs.
EffectivePortState The effective operational state of the port for CIST. This is true only
when the port is operationally UP at the interface and protocol levels
for CIST. This is set to false for all other conditions.
State Current state of the port as defined by the common spanning tree
protocol. It can be disabled, discarding, learning, or forwarding.
ForcePortState Current state of the port, which can be changed to either Disabled
or Enabled for the base spanning tree instance.
SelectedPortRole Selected port role of the port for this spanning tree instance.
CurrentPortRole Current port role of the port for this spanning tree instance.
Viewing statistics for the CIST ports
You can view statistics for the CIST ports. To view statistics:

2 In the MSTP box, click the CIST Port tab.
The MSTP—CIST Port tab appears.

3 Click on a port, and then click Graph.

The CIST Port Stats window appears (Figure 95).
Figure 95 CIST Port Stats
Table 34 describes the statistics given in Figure 95.
Table 34 CIST Port Stats fields
Field Description
ForwardTransitions Number of times this port has transitioned to the

forwarding state.
RxMstBpduCount Number of MSTP BPDUs received on this port.
RxRstBpduCount Number of RSTP BPDUs received on this port.
RxConfigBpduCount Number of configuration BPDUs received on this port.
RxTcnBpduCount Number of TCN BPDUs received on this port.
TxMstBpduCount Number of MSTP BPDUs transmitted from this port.
TxRstBpduCount Number of RSTP BPDUs transmitted from this port.
TxConfigBpduCount Number of configuration BPDUs transmitted from this port.
TxTcnBpduCount Number of TCN BPDUs transmitted from this port.
314725-E Rev 00
Table 34 CIST Port Stats fields
Field Description
InvalidMstBpduRxCount Number of Invalid MSTP BPDUs received on this port.

InvalidRstBpduRxCount Number of Invalid RSTP BPDUs received on this port.
InvalidConfigBpduRxCount Number of invalid configuration BPDUs received on this
port.
InvalidTcnBpduRxCount Number of invalid TCN BPDUs received on this port.The
number of times this port has migrated from one STP
protocol version to another. The relevant protocols are
STP-Compatible and RSTP/MSTP. A trap is generated on
the occurrence of this event.
ProtocolMigrationCount The number of times this port has migrated from one STP
STP-Compatible and RSTP. A trap is generated on the
Configuring MSTI bridges for MSTP
To configure Multiple Spanning Tree Instance (MSTI) bridges:

2 In the MSTP box, click the MSTI Bridges tab.
The MSTP—MSTI Bridges tab appears (Figure 96). (MSTI bridge instances
are generated by the switch after you create a VLAN in MSTP mode).
Figure 96 MSTP—MSTI Bridges tab
3 Use the fields in the MSTI Bridges box to configure the MSTP.
4 Click Apply.

Table 35 describes the fields given in Figure 96.
Table 35 MSTI Bridges fields
Field Description
Instance Spanning tree instance to which this information belongs

Regional Root MSTI regional root identifier value for the instance. This value is
used as the MSTI regional root identifier parameter in all
configuration bridge PDUs originated by this node.
Priority The writable portion of the MSTI bridge identifier comprising of
the first two octets. The values that are set for bridge priority
must be in steps of 4096.
Root Cost The cost of the path to the MSTI regional root as seen by this
bridge.
Root Port The port number of the port which offers the lowest path cost
from this bridge to the MSTI region root bridge.
Change for any port in this bridge was non-zero for this spanning tree
instance.
TcWhile Timer on this bridge for this spanning tree instance.
NewRootCount The number of times this bridge has detected a root bridge
change for this spanning tree instance. A trap is generated on
the occurrence of this event.
InstanceUpcount The number of times a new spanning tree instance was created.
A trap is generated on the occurrence of this event.
InstanceDownCount The number of times a spanning tree instance was deleted. A
trap is generated on the occurrence of this event.
Configuring MSTI ports for MSTP
To configure MSTI ports, do the following:

2 In the MSTP box, click the MSTI Port tab.
The MSTI Port tab appears (Figure 97 on page 237). (Port members selected
on the VLAN > Basic tab appear in the MSTI Port tab).
314725-E Rev 00
Figure 97 MSTP—MSTI Port tab
3 Use the fields in the MSTI Port box to configure the MSTP.
4 Click Apply.
Table 36 describes the MSTP—MSTI Port fields.
Table 36 MSTP—MSTI Port fields
Field Description
Port The port number of the port for which this entry contains spanning
tree information.
BridgeInstance Spanning tree instance to which the information belongs.
MSTI root which includes this port.
Priority The four most significant bits of the port identifier for a given
spanning tree instance can be modified independently for each
spanning tree instance supported by the bridge. The values set for
port priority must be in steps of 16.
DesignatedRoot The unique bridge identifier of the bridge recorded as the MSTI
regional root in the configuration BPDUs transmitted.
to be the designated bridge for the port segment.
segment.
State Current state of the port as defined by the MSTP. A port which is in
forwarding state in one instance can be in discarding (blocking)
state in another instance.
ForcePortState Current state of the port which can be changed to either disabled or
enabled for the specific spanning tree instance.
this port.

Table 36 MSTP—MSTI Port fields (continued)
Field Description
CurrentPortRole Current port role of the port for this spanning tree instance.
EffectivePortState The effective operational state of the port for specific instance. This
is true when the port is operationally up at the interface and protocol
levels for the specific instance. This is set to false at all other times.
Viewing MSTI port statistics
You can view statistics for the MSTI Ports. To view statistics:

2 In the MSTP box, click the MSTI Port tab.
The MSTP—MSTI Port tab appears (Figure 97 on page 237).
3 Click on a port, and then click Graph.
The MSTI Port Stats window appears (Figure 98 on page 239).
314725-E Rev 00
Figure 98 MSTI Port.BridgeInstance
Table 37 describes the MSTI Port Stats parameters.
Table 37 MSTI Port Stats
Field Description
ForwardTransitions Number of times this port has transitioned to the forwarding state for
this specific instance.
ReceivedBPDUs Number of BPDUs received by this port for this spanning tree
instance.
TransmittedBPDUs Number of BPDUs transmitted on this port for this spanning tree
instance.
InvalidBPDUsRcvd Number of invalid BPDUs received on this port for this spanning tree
instance.

Configuring Rapid Spanning Tree Protocol

Rapid Spanning Tree Protocol (RSTP) reduces the recovery time after a network
breakdown. For more information about RSTP, see “Rapid Spanning Tree
Protocol and Multiple Spanning Tree Protocol” on page 73.
To configure RSTP, you must first enable it.
For more information about enabling RSTP, see “Choosing the spanning tree
mode” on page 211.
This section contains the following topics:
• “Configuring RSTP globally”

• “Configuring RSTP ports” on page 243
• “Viewing RSTP status” on page 245
• “Viewing statistics for RSTP Status” on page 246
Configuring RSTP globally
To configure RSTP globally:
RSTP.
The RSTP—Globals tab appears (Figure 99 on page 241).
314725-E Rev 00
Figure 99 RSTP—Globals
2 Edit the desired fields.

3 Click Apply.

Table 38 describes the RSTP—Globals tab fields.
Table 38 RSTP—Globals fields
Field Description
PathCostDefault The version of the spanning tree default path costs that are
used by this bridge. A value of 8021d1998 indicates the use of
the 16 bit default path costs from IEEE Std. 802.1d-1998. A
value of stp8021t2001 indicates the use of the 32 bit default
path costs from IEEE Std. 802.1t.
TxHoldCount The value used by the port transmit state machine to limit the
maximum transmission rate.
Version The version of Spanning Tree Protocol the bridge currently
runs. The value stpCompatible indicates that the Spanning Tree
Protocol as specified in IEEE 802.1d is in use; rstp indicates
that the Rapid Spanning Tree Protocol as specified in IEEE
802.1w is in use.
EnableStp Indicates whether the spanning tree protocol is active in this
STG.
Priority The value of the priority field.
BridgeMaxAge The value that all bridges use for MaxAge when this bridge acts
as the root.
BridgeHelloTime The value that all bridges use for HelloTime when this bridge
acts as the root.
BridgeForwardDelay The value that all bridges use for forward delay when this bridge
acts as the root.
DesignatedRoot The unique bridge identifier of the bridge recorded as the root in
the configuration BPDUs transmitted by the designated bridge
for the segment to which the port is attached.
RootCost The cost of the path to the root from this bridge.
RootPort The port number of the port which offers the lowest cost path
from this bridge to the root bridge.
learned from the network on any port before it is discarded, in
units of hundredths of a second.
HelloTime The amount of time between the transmission of configuration
bridge PDUs by this node on any port when it is the root of the
spanning tree (or trying to become the root), in units of
hundredths of a second.
314725-E Rev 00
Table 38 RSTP—Globals fields (continued)
Field Description
ForwardDelay This time value, measured in units of hundredths of a second,

controls how fast a port changes its spanning state when
moving towards the forwarding state. The value determines how
long the port stays in each of the listening and learning states,
which precede the forwarding state. This value is also used
when a topology change is detected, and is underway, to age all
dynamic entries in the forwarding database.
RstpUpCount The number of times the RSTP module was enabled. A trap is
RstpDownCount The number of times the RSTP module was disabled. A trap is
NewRootIdCount The number of times this bridge detected a root identifier
change. A trap is generated on the occurrence of this event.
Change for any port in this bridge was non-zero for Common Spanning
Tree.
TcWhile Timer on this bridge for Common Spanning Tree.
Configuring RSTP ports
To configure ports for RSTP, do the following:
RSTP.
The RSTP—Globals tab appears.
2 In the RSTP box, click the RSTP Ports tab.
The RSTP Ports tab appears (Figure 100 on page 244).

Figure 100 RSTP—RSTP Ports tab
3 Use the fields in the RSTP Ports box to configure the RSTP ports.
4 Click Apply.
Table 39 describes the fields for RSTP—RSTP Ports.
Table 39 RSTP—RSTP Ports tab fields
Field Description
Port A unique value, greater than zero, indicating the port number.
Priority The value of the priority field.
root which includes this port.
ProtocolMigration When operating in RSTP mode, writing true to this object forces this
port to transmit RSTP BPDUs. Any other operation on this object
has no effect and it returns false when read.
AdminEdgePort The administrative value of the Edge Port parameter. A value of true
indicates that this port is an edge-port and a value of false indicates
that this port is a non-edge-port.
OperEdgePort The operational value of the Edge Port parameter. The object is
initialized to the value of AdminEdgePort and is set false on
reception of a BPDU.
314725-E Rev 00
Table 39 RSTP—RSTP Ports tab fields (continued)
Field Description
AdminPointToPoint The administrative point-to-point status of the LAN segment

attached to this port. A value of forceTrue indicates that this port is
treated as if it is connected to a point-to-point link. A value of
forceFalse indicates that this port is treated as having a shared
media connection. A value of auto indicates that this port is
considered to have a point-to-point link if it is an aggregator and all
of its members are aggregatable, or if the MAC entity is configured
for full duplex operation, either through auto-negotiation or by
management means.
OperPointToPoint The operational point-to-point status of the LAN segment attached
to this port. It indicates whether a port is considered to have a
point-to-point connection or not. The value is determined by
management or by auto-detection, as described in the
AdminPointToPoint object.
EnableStp Indicates whether Spanning Tree Protocol is active in this STG.
DesignatedRoot The unique bridge identifier of the bridge recorded as the root in the
configuration BPDUs transmitted by the designated bridge for the
segment to which the port is attached.
this port. This value is compared to the Root Path Cost field in
received bridge PDUs.
to be the Designated Bridge for the port segment.
DesignatedPort The port identifier of the port on the designated bridge for this port's
segment.
ForwardTransitions Number of times this port has transitioned to the forwarding state for
this specific instance.
Viewing RSTP status
To view RSTP status:
RSTP.
The RSTP—Globals tab appears.
2 Click the RSTP Status tab.
The RSTP Status box appears (Figure 101 on page 246).

Figure 101 RSTP Status tab
Table 40 describes the RSTP—RSTP Status tab fields.
Table 40 RSTP—RSTP Status fields
Field Description
Port A unique value, greater than zero, indicating the port number.
State The current state of the port as defined by application of the
Spanning Tree Protocol. This state controls what action a port
takes on reception of a frame.
Role This indicates the current port role assumed by this port.
OperVersion This indicates whether the port is operationally in the RSTP or
STP-compatible mode, that is, whether the port transmits RSTP
BPDUs or Config/TCN BPDUs.
EffectivePortState The effective operational state of the port. This object is set to
true when the port is operationally up in the Interface Manager,
and Force Port State for this port and the specified port state is
enabled. Otherwise, this object is set to false.
Viewing statistics for RSTP Status
You can view statistics for RSTP Status. To view statistics:
RSTP > RSTP Status.
2 In the RSTP Status tab, select a port, and then click Graph.
The RSTP Port—RSTP Stats window appears (Figure 102 on page 247).
314725-E Rev 00
Figure 102 RSTP Port—RSTP Stats
Table 41 describes the statistics shown in Figure 102.
Table 41 RSTP Port—RSTP Stats fields
Field Description
RxRstBpduCount The number of RSTP BPDUs that were received on this port.
RxConfigBpduCount The number of configuration BPDUs that were received on
this port.
RxTcnBpduCount The number of TCN BPDUs that were received on this port.
TxRstBpduCount The number of RSTP BPDUs that were transmitted by this
port.
TxConfigBpduCount The number of Config BPDUs that were transmitted by this
port.
TxTcnBpduCount The number of TCN BPDUs that were transmitted by this port.
InvalidRstBpduRxCount The number of invalid RSTP BPDUs that were received on
this port. A trap is generated on the occurrence of this event.
InvalidConfigBpduRx The number of invalid configuration BPDUs that were received
Count on this port. A trap is generated on the occurrence of this
event.

Table 41 RSTP Port—RSTP Stats fields (continued)
Field Description
InvalidTcnBpduRxCount The number of invalid TCN BPDUs that were received on this
port. A trap is generated on the occurrence of this event.
ProtocolMigrationCount The number of times this port has migrated from one STP
STP-Compatible and RSTP. A trap is generated on the
314725-E Rev 00
249
Chapter 5
Configuring link aggregation using Device
Manager
This chapter describes how to configure link aggregation in your network. For
conceptual information about link aggregation, see “Link aggregation (MLT,
SMLT, LACP, VLACP)” on page 78.
Topic Page
Configuring link aggregation 249

Configuring Split Multilink Trunking 276
Configuring Simple Loop Prevention Protocol 290
Configuring link aggregation

This section describes how to configure and manage link aggregation, including
LACP, VLACP, and multilink trunking. This section includes the following topics:
• “Configuring LACP globally” on page 250

• “Configuring VLACP globally” on page 252
• “Adding a MultiLink/LACP trunk” on page 253
• “Adding ports to a multilink trunk” on page 258
• “Viewing multilink trunk interface statistics” on page 259
• “Viewing multilink trunk Ethernet error statistics” on page 261
• “Managing LACP information” on page 265
• “Configuring a port for LACP” on page 267
• “Configuring a port for Virtual LACP” on page 271

250 Chapter 5 Configuring link aggregation using Device Manager
• “Viewing LACP statistics” on page 273
Note: Standby mode for aggregation groups of larger than eight ports is
not supported in the current release.
Configuring LACP globally
The main purpose of LACP is to manage switch ports and their port memberships
to form link aggregation groups (LAG). LACP can dynamically add or remove
LAG ports, depending on their availability and states.
Note: LACP does not support jumbo frames on the Ethernet Routing
Switch 8600 v4.1
To configure Link Aggregation Control Protocol (LACP) globally:
1 From the Device Manager menu bar, choose VLAN > MLT/LACP.
The MLT_LACP—LACP Global tab appears (Figure 103 on page 251).
314725-E Rev 00
Chapter 5 Configuring link aggregation using Device Manager 251
Figure 103 MLT_LACP—LACP Global tab
2 To enable LACP globally, select Enable.

3 Edit the remaining boxes as desired, or retain the default values.
Table 42 defines the MLT_LACP—LACP Global tab fields.
Note: Configuration changes to the LACP timers are not reflected

restarted globally or on a port. This ensures consistency with peer
switches.
4 Click Apply.
Table 42 MLT_LACP—LACP Global tab fields
Field Description
Enable Globally enable or disable LACP.

SystemPriority Sets the system priority to all the LACP enabled
aggregators and ports.

Table 42 MLT_LACP—LACP Global tab fields (continued)
Field Description
FastPeriodicTime Specifies the number of milliseconds between periodic

transmissions using short timeouts. Sets this value to all
LACP enabled ports.
FastPeriodicTimeOper The operating value of the fast periodic timer on the port.
SlowPeriodicTime Specifies the number of milliseconds between periodic
transmissions using long timeouts. Sets this value to all
LACP enabled ports.
SlowPeriodicTimeOper The operating value of the slow periodic timer on the port.
AggrWaitTimeOper The operating value of the aggregate wait timer on the
port.
AggrWaitTime Specifies the number of milliseconds to delay aggregation
to allow multiple links to aggregate simultaneously.
TimeoutScale Sets the value used to calculate timeout time from the
periodic time. Sets this value to all LACP enabled ports.
The range is 2 to 10.
TimeoutScaleOper The operating value of the timeout scale on the port.
SmltSysId LACP system ID for split multilink trunks.
Configuring VLACP globally
failure, and the port is disabled.
Note: VLACP does not support jumbo frames on the Ethernet Routing
Switch 8600 v4.1
To configure Virtual LACP (VLACP) globally:
The MLT_LACP box appears (Figure 103 on page 251).
2 Click the VLACP Global tab.
314725-E Rev 00
The MLT_LACP—VLACP Global tab appears (Figure 104).
Figure 104 VLACP Global
3 Select VlacpEnable. If selected, VLACP is enabled globally.

4 Click Apply.
Adding a MultiLink/LACP trunk
To add a MultiLink/LACP trunk:
The MLT_LACP, LACP Global tab appears (Figure 103 on page 251).
2 Click the MultiLink/LACP Trunks tab.

The MultiLink/LACP Trunks tab appears (Figure 105 on page 254),
displaying multilink trunk information.

Figure 105 MLT_LACP—MultiLink/LACP Trunks
3 In the MultiLink/LACP Trunks box, click Insert.

The MLT_LACP, Insert Multilink/LACP Trunks box (Figure 106 on
page 255) appears.
314725-E Rev 00
Figure 106 MLT_LACP, Insert MultiLink/LACP Trunks box
4 In the Id text box, type the ID number for the multilink trunk.
5 In the SvlanPortType text box, select normal, uni, or nni.
6 In the PortType section, select access or trunk.
7 In the Name text box, type a name for the multilink trunk, or accept the
default name.
8 Select member ports and VLANs for this MLT/LACP trunk:
a In the PortMembers box, click the ellipsis (...), select the desired ports in
the MltPortMembers box that appears, and then click Ok.
b In the VlanIds box, click the ellipsis (...), select the desired VLANs in the
VlanIds box that appears, and then click Ok.
9 In the MltType section, select normalMLT, istMLT, or splitMLT.
For information about configuring SMLT, see “Adding a MLT-based SMLT”
on page 276.
• If splitMLT is chosen, in the SmltID box, enter the SMLT ID number.

10 In the Multicast Distribution box, select enable or disable.
Note: Multicast distribution over MLT is supported only on Ethernet

Routing Switch 8600 E, M, and R modules. For detailed information
about configuring multicast distribution over MLT, see Configuring IP
Multicast Routing Protocols.
11 Select or clear NtStgEnable.

12 In the Aggregatable box, select enable or disable.
13 Click Insert.
The MLT is added to the MultiLink/LACP Trunks tab in the MLT_LACP box.
Table 43 defines the MultiLink/LACP Trunks tab fields.
Table 43 MultiLink/LACP Trunks tab fields
Field Description
Id A value that uniquely identifies the multilink trunk.

SvlanPortType Sets multilink trunk port type:
• normal (default)
• uni (user-to-network interface)
You must configure ports to which you want to provide
VLAN transparency as UNI ports. UNI ports can only
belong to one SVLAN. When you designate a port as a
UNI port, the DiscardTaggedFrames parameter is
automatically configured (Edit > Port > General >
VLAN). This prevents traffic from leaking to other
VLANs.
• nni (network-to-network interface)
NNI ports interconnect the switches in the core
network, drop untagged frames on ingress, and insert
the SVLAN tag at the egress. When you configure an
NNI port, the DiscardUnTaggedFrames parameter is
automatically configured (Edit > Port > General >
VLAN).
PortType Sets access or trunk port.
Note: When the aggregatable field is set to enable, this
field becomes read-only.
Name The name given to the multilink trunk.
314725-E Rev 00
Table 43 MultiLink/LACP Trunks tab fields (continued)
Field Description
PortMembers The ports assigned to the multilink trunk.

MLT is supported on 10Base-T, 100Base-TX,
100Base-FX, and Gigabit Ethernet ports. All ports in an
multilink trunk must be of the same media type (copper or
fiber) and have the same settings for speed and duplex. All
untagged ports must belong to the same spanning tree
group.
For Ethernet Routing Switch 8600 modules, up to eight
same-type ports can belong to a single multilink trunk.
VlanIds The VLANs to which the ports belong.
MltType Editable field for specifying the type of multilink trunk:
• normalMLT
• istMLT
• splitMLT
RunningType Split MLT running type.
SmltId The split multilink trunk ID assigned to both ends of the
split trunk.
Note: The corresponding split multilink trunks between
aggregation switches must have the same SMLT ID.
IfIndex Interface index.
Multicast Distribution The multicast distribution state on MLT ports:
• enabled
• disabled (default)
Multicast distribution must also be configured on the
chassis (Edit > Chassis > Mcast MLT Distribution). For
more information, see Configuring IP Routing Multicast
Protocols.
Note: Multicast distribution over MLT is supported only on
Ethernet Routing Switch 8600 E, M, and R modules.
ClearLinkAggregate Clear link aggregate is equivalent to disabling and
re-enabling aggregatable on the MLT.
NtStgEnable Specifies if this multilink trunk is operating in Nortel Mode
or in Cisco Mode.
• true—Nortel mode
• false—Cisco mode

Table 43 MultiLink/LACP Trunks tab fields (continued)
Field Description
DesignatedPort Indicates the designated port for the MLT.

Aggregatable Specifies if link aggregation is enabled or disabled.
AggOperState Link aggregation state on a MLT.
AggTimeofLastOperChange The time value since the interface entered its current
operational state.
Adding ports to a multilink trunk
To add ports to an existing multilink trunk:
The MLT_LACP, LACP Global tab appears.
The MultiLink/LACP Trunks tab appears (Figure 105 on page 254).
3 Click Insert.
The MLT_LACP, Insert MultiLink/LACP Trunks box (Figure 106 on
page 255) appears.
4 Double-click in the PortMembers box for the multilink trunk to which you
are adding ports.
The MltPortMembers box (Figure 107 on page 259) appears, showing the
ports currently assigned for the selected multilink trunk. Available ports are
editable.
314725-E Rev 00
Figure 107 MltPortMembers box
5 In the MltPortMembers box, click the port numbers to be added, or click All
to add all ports to the multilink trunk.
• For Ethernet Routing Switch 8600 modules, up to eight ports can belong
to a single multilink trunk.
6 Click Ok.
The MltPortMembers box closes. The port numbers are added to the selected
multilink trunk on the MultiLink/LACP Trunks tab in the MLT_LACP box.
7 Click Apply.
The ports are added to the multilink trunk.
Viewing multilink trunk interface statistics
To view multilink trunk interface statistics:
The MLT_LACP—LACP Global tab appears (Figure 103 on page 251).
3 Select a multilink trunk.

4 Click Graph.

The Statistics, MLT—Interface tab appears (Figure 108), displaying interface

statistics for the selected multilink trunk.
Figure 108 Statistics, MLT—Interface tab
Table 44 defines the fields on the Interface tab.
Table 44 Statistics, MLT—Interface tab fields
Field Description
InOctets The total number of octets received on the multilink trunk

interface, including framing characters.
OutOctets The total number of octets transmitted out of the multilink trunk
interface, including framing characters.
InUcastPkts The number of packets delivered by this multilink trunk to higher
level protocols that were not addressed to a multicast or
broadcast address at this sublayer.
OutUcastPkts The number of packets that higher level protocols requested be
transmitted that were not addressed to a multicast address at this
multilink trunk. This total number includes those packets
discarded or unsent.
InMulticastPkt The number of packets delivered to this multilink trunk that were
addressed to a multicast address at this sublayer. For a MAC
layer protocol, this number includes both Group and Functional
addresses.
314725-E Rev 00
Table 44 Statistics, MLT—Interface tab fields (continued)
Field Description
OutMulticast The total number of packets that higher-level protocols requested

be transmitted, and that were addressed to a multicast address at
this multilink trunk, including those that were discarded or not
sent. For a MAC layer protocol, this number includes both Group
and Functional addresses.
InBroadcastPkt The number of packets delivered to this multilink trunk that were
addressed to a broadcast address at this sublayer.
OutBroadcast The total number of packets that higher-level protocols requested
be transmitted, and that were addressed to a broadcast address
at this multilink trunk, including those that were discarded or not
sent.
Viewing multilink trunk Ethernet error statistics
To view multilink trunk Ethernet error statistics:
3 Select a multilink trunk, and then click Graph.

The Statistics, MLT box appears (Figure 108 on page 260).
4 Click the Ethernet Errors tab.
The Ethernet Errors tab (Figure 109 on page 262) appears, displaying
statistics.

Figure 109 Statistics, MLT—Ethernet Errors tab
Table 45 on page 263 lists and defines the fields on the Ethernet Errors tab.
314725-E Rev 00
Table 45 Statistics, MLT—Ethernet Errors tab fields
Field Description
AlignmentErrors A count of frames received on a particular multilink trunk that

are not an integral number of octets in length and do not
pass the FCS check. The count represented by an instance
of this object increments when the alignmentError status is
returned by the MAC service to the LLC (or other MAC user).
Received frames for which multiple error conditions occur
are, according to the conventions of IEEE 802.3 Layer
Management, counted exclusively according to the error
status presented to the LLC.
FCSErrors A count of frames received on a multilink trunk that are an
integral number of octets in length but do not pass the Frame
Check Sequence (FCS) check. The count represented by an
instance of this object increments when the
FrameCheckError status is returned by the MAC service to
the LLC (or other MAC user). Received frames for which
multiple error conditions occur are, according to the
conventions of IEEE 802.3 Layer Management, counted
exclusively according to the error status presented to the
LLC.
IMacTransmitError A count of frames for which transmission on a particular
multilink trunk fails due to an internal MAC sublayer transmit
error. A frame is only counted by an instance of this object if it
is not counted by the corresponding instance of either the
LateCollisions object, the ExcessiveCollisions object, or the
CarrierSenseErrors object.
IMacReceiveError A count of frames for which reception on a particular multilink
trunk fails due to an internal MAC sublayer receive error. A
frame is only counted by an instance of this object if it is not
counted by the corresponding instance of either the
FrameTooLongs object, the AlignmentErrors object, or the
FCSErrors object.
The precise meaning of the count represented by an
instance of this object is implementation specific. In
particular, an instance of this object can represent a count of
receive errors on a particular interface that are not otherwise
counted.
CarrierSenseError The number of times that the carrier sense condition was lost
or never asserted when attempting to transmit a frame on a
particular multilink trunk. The count represented by an
instance of this object increments at most once per
transmission attempt, even if the carrier sense condition
fluctuates during a transmission attempt.

Table 45 Statistics, MLT—Ethernet Errors tab fields (continued)
Field Description
FrameTooLong A count of frames received on a particular multilink trunk that

exceeds the maximum permitted frame size. The count
represented by an instance of this object increments when
the frameTooLong status is returned by the MAC service to
the LLC (or other MAC user). Received frames for which
multiple error conditions occur are, according to the
conventions of IEEE 802.3 Layer Management, counted
exclusively according to the error status presented to the LLC.
SQETestError A count of times that the SQE test error message is
generated by the PLS sublayer for a particular multilink trunk.
The SQE test error message is defined in section 7.2.2.2.4 of
ANSI/IEEE 802.3-1985.
DeferredTransmiss A count of frames for which the first transmission attempt on
a particular multilink trunk is delayed because the medium is
busy. The count represented by an instance of this object
does not include frames involved in collisions.
SingleCollFrames A count of successfully transmitted frames on a particular
multilink trunk for which transmission is inhibited by exactly
one collision. A frame that is counted by an instance of this
object is also counted by the corresponding instance of either
the ifOutUcastPkts object, the ifOutMulticastPkts object, or
the ifOutBroadcastPkts object, and is not counted by the
corresponding instance of the MultipleCollisionFrames
object.
MultipleCollFrames A count of successfully transmitted frames on a particular
multilink trunk for which transmission is inhibited by more
than one collision. A frame that is counted by an instance of
this object is also counted by the corresponding instance of
either the ifOutUcastPkts object, the ifOutMulticastPkts
object, or the ifOutBroadcastPkts object, and is not counted
by the corresponding instance of the SingleCollisionFrames
object.
LateCollisions The number of times that a collision is detected on a
particular multilink trunk later than 512 bit-times into the
transmission of a packet; 512 corresponds to 51.2
microseconds on a 10 Mb/s system. A (late) collision
included in a count represented by an instance of this object
is also considered as a (generic) collision for purposes of
other collision-related statistics.
ExcessiveCollis A count of frames for which transmission on a particular
multilink trunk fails due to excessive collisions.
314725-E Rev 00
Managing LACP information
Note: Standby mode for aggregation groups of larger than eight ports is
not supported in the current release.
To manage LACP information:
The MLT_LACP, LACP Global tab appears (Figure 103 on page 251).
2 Click the LACP tab.

The LACP tab appears (Figure 110), displaying multilink trunk information.
Figure 110 MLT_LACP—LACP tab
Table 46 defines the LACP tab fields.
3 Click on the fields to edit them. Some fields cannot be edited, as noted in
Table 46.
4 Click Apply.
Table 46 MLT_LACP—LACP tab fields
Field Description
Index The unique identifier allocated to this aggregator by the

local system. This attribute identifies an aggregator
instance among the subordinate managed objects of the
containing object. This value is read-only.
MACAddress The six octet read-only value carrying the individual MAC
address assigned to the aggregator.

Table 46 MLT_LACP—LACP tab fields (continued)
Field Description
ActorSystemPriority The two octet read-write value indicating the priority value
associated with the actor's system ID.
ActorSystemID The six octet read-write MAC address value used as a
unique identifier for the system that contains this
aggregator.
Note: From the perspective of the link aggregation
mechanisms, only a single combination of actor system ID
and system priority are considered, and no distinction is
made between the values of these parameters for an
aggregator and the ports that are associated with it; that is,
the protocol is described in terms of the operation of
aggregation within a single system. However, the managed
objects provided for the aggregator and the port both allow
management of these parameters. The result of this is to
permit a single piece of equipment to be configured by
management to contain more than one system from the
point of view of the operation of link aggregation. This can
be of particular use in the configuration of equipment that
has limited aggregation capability.
AggregateOrIndividual A read-only value indicating whether the aggregator
represents an aggregate (true) or an individual link (false)
ActorAdminKey The current administrative value of the key for the
aggregator. The administrative key value can differ from
the operational key value. This is a 16 bit read-write value.
The meaning of particular key values is of local
significance.
ActorOperKey The current operational value of the key for the aggregator.
The administrative key value can differ from the
operational key value. This is a 16 bit read-only value. The
meaning of particular key values is of local significance.
PartnerSystemID The six octet read-only MAC address value consisting of
the unique identifier for the current protocol partner of this
aggregator. A value of zero indicates that there is no
known partner. If the aggregation is manually configured,
this system ID value is a value assigned by the local
system.
PartnerSystemPriority The two octet read-only value that indicates the priority
value associated with the partner system ID. If the
aggregation is manually configured, this system priority
value is a value assigned by the local System.
PartnerOperKey The current operational value of the key for the aggregator
current protocol partner. This is a 16 bit read-only value. If
the aggregation is manually configured, this key value is a
value assigned by the local system.
314725-E Rev 00
Configuring a port for LACP
To configure a port for LACP:
1 Select a port.
The Port—Interface tab appears.

The Port—LACP tab appears (Figure 111), displaying multilink trunk
information.
Figure 111 Port—LACP tab
Table 47 on page 268 defines the Port—LACP tab fields.
4 Select AdminEnable.
5 Edit the remaining boxes as desired.

6 Click Apply.
Table 47 Port—LACP tab fields
Field Description
AdminEnable Sets the enabled status for LACP for the port.
OperEnable Indicates the operational status of LACP for the port.
FastPeriodicTime Specifies the number of milliseconds between periodic
transmissions using short timeouts. Set this value to all
LACP enabled ports.
FastPeriodicTimeOper The operating value of the fast periodic timer on the port.
SlowPeriodicTime Specifies the number of milliseconds between periodic
transmissions using long timeouts. Set this value to all
LACP enabled ports.
SlowPeriodicTimeOper The operating value of the slow periodic timer on the port.
AggrWaitTime Specifies the number of milliseconds to delay aggregation
to allow multiple links to aggregate simultaneously.
AggrWaitTimeOper The operating value of the aggregate wait timer on the
port.
periodic time. Set this value to all LACP enabled ports.
TimeoutScaleOper The operating value of the timeout scale on the port.
ActorSystemPriority The two octet read-write value indicating the priority value
associated with the actor system ID.
ActorSystemID The six octet read-write MAC address value used as a
unique identifier for the system that contains this
aggregator.
Note: From the perspective of the link aggregation
mechanisms, only a single combination of actor system ID
and system priority are considered, and no distinction is
made between the values of these parameters for an
aggregator and the ports that are associated with it; that is,
the protocol is described in terms of the operation of
aggregation within a single system. However, the managed
objects provided for the aggregator and the port both allow
management of these parameters. The result of this is to
permit a single piece of equipment to be configured by
management to contain more than one system from the
point of view of the operation of link aggregation. This can
be of particular use in the configuration of equipment that
has limited aggregation capability.
314725-E Rev 00
Table 47 Port—LACP tab fields (continued)
Field Description
ActorAdminKey The current administrative value of the key for the

aggregator. The administrative key value can differ from
the operational key value. This is a 16-bit read-write value.
The meaning of particular key values is of local
significance.
ActorOperKey The current operational value of the key for the aggregator.
The administrative key value can differ from the
operational key value. This is a 16-bit read-only value. The
meaning of particular key values is of local significance.
SelectedAggID The identifier value of the aggregator that this aggregation
port has currently selected. Zero indicates that the
aggregation port has not selected an aggregator, either
because it is in the process of detaching from an
aggregator or because there is no suitable aggregator
available for it to select. This value is read-only.
AttachedAggID The identifier value of the aggregator to which this
aggregation port is currently attached. Zero indicates that
the aggregation port is not currently attached to an
aggregator. This value is read-only.
ActorPort The port number locally assigned to the aggregation port.
The port number is communicated in LACPDUs as the
Actor_Port. This value is read-only.
ActorPortPriority The priority value assigned to this aggregation port. This
16-bit value is read-write.
ActorAdminState A string of eight bits, corresponding to the administrative
values as transmitted by the actor in LACPDUs. The
values are:
• the first bit corresponds to bit 0 of Actor_State
(LACP_Activity)
• the second bit corresponds to bit 1 (LACP_Timeout)
• the third bit corresponds to bit 2 (Aggregation)
• the fourth bit corresponds to bit 3 (Synchronization)
• the fifth bit corresponds to bit 4 (Collecting)
• the sixth bit corresponds to bit 5 (Distributing)
• the seventh bit corresponds to bit 6 (Defaulted)
• the eighth bit corresponds to bit 7 (Expired)
These values allow administrative control over the values
of LACP_Activity, LACP_Timeout and aggregation. This
attribute value is read-write.
ActorOperState A string of eight bits, corresponding to the current
operational values of Actor_State as transmitted by the
actor in LACPDUs. This attribute value is read-only.

Field Description
PartnerAdminSystemPriority The current administrative value of the port number for the
protocol Partner. This is a 16 bit read-write value. The
assigned value is used, along with the value of
PartnerAdminSystemPriority, PartnerAdminSystemID,
PartnerAdminKey, and PartnerAdminPortPriority, to
achieve manually configured aggregation.
PartnerOperSystemPriority A two octet read-only value indicating the operational value
of priority associated with the partner system ID. The value
of this attribute can contain the manually configured value
carried in PartnerAdminSystemPriority if there is no
protocol partner.
PartnerAdminSystemID A six octet read-write MAC address value representing the
administrative value of the aggregation port protocol
partner's system ID. The assigned value is used, along
with the value of PartnerAdminSystemPriority,
PartnerAdminKey, PartnerAdminPort, and
PartnerAdminPortPriority, to achieve manually configured
aggregation.
PartnerOperSystemID A six octet read-only MAC address value representing the
current value of the aggregation port's protocol partner
system ID. A value of zero indicates that there is no known
protocol partner. The value of this attribute can contain the
manually configured value carried in
PartnerAdminSystemID if there is no protocol partner.
PartnerAdminKey The current administrative value of the key for the protocol
partner. This is a 16 bit read-write value. The assigned
value is used, along with the value of
PartnerAdminPort, and PartnerAdminPortPriority, to
PartnerOperKey The current operational value of the key for the aggregator
current protocol partner. This is a 16-bit read-only value. If
the aggregation is manually configured, this key value is a
value assigned by the local system.
PartnerAdminPort The current administrative value of the port number for the
protocol partner. This is a 16 bit read-write value. The
PartnerAdminKey, and PartnerAdminPortPriority, to
314725-E Rev 00
Field Description
PartnerOperPort The operational port number assigned to this aggregation

port by the aggregation port's protocol partner. The value
of this attribute can contain the manually configured value
carried in AggPortPartnerAdminPort if there is no protocol
partner. This 16 bit value is read-only.
PartnerAdminPortPriority The current administrative value of the port priority for the
protocol Partner. This is a 16 bit read-write value. The
PartnerAdminKey, and PartnerAdminPort, to achieve
manually configured aggregation.
PartnerOperPortPriority The priority value assigned to this aggregation port by the
partner. The value of this attribute can contain the
manually configured value carried in
PartnerAdminPortPriority if there is no protocol Partner.
This 16 bit value is read-only.
PartnerAdminState A string of 8 bits, corresponding to the current
administrative value of Actor_State for the protocol partner.
This attribute value is read-write. The assigned value is
used to achieve manually configured aggregation.
PartnerOperState A string of eight bits, corresponding to the current values of
Actor_State in the most recently received LACPDU
transmitted by the protocol Partner. In the absence of an
active protocol partner, this value can reflect the manually
configured value PartnerAdminState. This attribute value is
read-only.
Configuring a port for Virtual LACP
VLACP is an extension to LACP which you can use to detect end-to-end failure.
To configure a port for VLACP:
1 Select a port.
The Port—Interface tab appears.
3 Click the VLACP tab.

The Port—VLACP tab appears (Figure 112 on page 272).

Figure 112 Port—VLACP tab
Table 48 defines the Port—VLACP tab fields.
4 Select AdminEnable.
5 Edit the remaining fields as desired.
6 Click Apply.
Table 48 Port—VLACP tab fields
Field Description
AdminEnable Sets the enabled status for VLACP for the port.
OperEnable Indicates the operational status of VLACP for the port.
FastPeriodicTimer Specifies the number of milliseconds between periodic
transmissions using short timeouts. Sets this value to all
VLACP enabled ports.
SlowPeriodicTimer Specifies the number of milliseconds between periodic
transmissions using long timeouts. Set this value to all
VLACP enabled ports.
Timeout The timeout control value. It is long or short timeout.
314725-E Rev 00
Table 48 Port—VLACP tab fields (continued)
Field Description
periodic time. Sets this value to all VLACP enabled ports.
Timeout = PeriodicTime * TimeoutScale. The range is from
2 to 10.
EtherType The VLACP protocol identification. The ID is in
hexadecimal.
EtherMacAddress The multicast MAC address exclusively used for
VLACPDUs.
PortState Specifies the VLACP port state.
Viewing LACP statistics
To view LACP statistics for a particular port:
1 Select a port.
2 From the Device Manager menu bar, choose Graph > Port.
The Graph Port—Interface tab appears (Figure 113 on page 274).

Figure 113 Graph Port—Interface tab

The LACP tab appears (Figure 114), displaying LACP statistics.
Figure 114 Graph Port—LACP tab
4 You can change the Poll Interval if desired.
314725-E Rev 00
Table 49 defines the Graph Port—LACP tab fields.
Table 49 Graph Port—LACP tab fields
Field Description
LACPDUsRx The number of valid link aggregation control protocol data

units (LACPDU) received on this aggregation port.
MarkerPDUsRx The number of valid marker PDUs received on this
aggregation port.
MarkerResponsePDUsRx The number of valid marker response PDUs received on
this aggregation port.
UnknownRx The number of frames received that either:
• carry Slow Protocols Ethernet type values, but contain
an unknown PDU.
• are addressed to the Slow Protocols group MAC
Address, but do not carry the Slow Protocols Ethernet
Type.
IllegalRx The number of frames received that carry the Slow
Protocols Ethernet Type value (43B.4), but contain a badly
formed PDU or an illegal value of Protocol Subtype
(43B.4).
LACPDUsTx The number of LACPDUs transmitted on this aggregation
port.
MarkerPDUsTx The number of marker PDUs transmitted on this
aggregation port.
MarkerResponsePDUsTx The number of marker response PDUs transmitted on this
aggregation port.

Configuring Split Multilink Trunking

This section describes how to use Device Manager to configure Split MultiLink
Trunking (SMLT) and includes the following topics:
• “Adding a MLT-based SMLT”

• “Viewing MLT-based SMLTs” on page 278
• “Adding ports to an MLT-based SMLT” on page 279
• “Configuring an IST multilink trunk” on page 280
• “Viewing IST statistics” on page 283
• “Configuring a single port split multilink trunk” on page 286
• “Viewing Single Port SMLTs” on page 288
• “Deleting a Single Port SMLT” on page 289
Adding a MLT-based SMLT
If you are configuring SMLT, you do not need to create a multilink trunk before
creating an SMLT. You can create an SMLT by selecting the multilink trunk type
as split multilink trunk and then specifying an SMLT ID.
To add an MLT-based split multilink trunk:
3 Click Insert.
The MultiLink/LACP, Insert MultiLink/LACP Trunks box (Figure 106 on
page 255) appears.
314725-E Rev 00
4 In the Id box, the next available MLT ID is displayed. You can use this ID or
type an available MLT ID number.
5 In the SvlanPortType box, select normal.
6 In the PortType box, select Access or Trunk.
7 In the Name box, type a name to identify the MLT-based split multilink trunk
port.
The MltPortMembers box appears, displaying the available ports.
9 Click the ports you want to include in the MLT-based split multilink trunk.
• For Ethernet Routing Switch 8600 modules, up to eight same-type ports
can belong to a multilink trunk.
10 Click Ok.
The MltPortMembers box closes and the ports are added to the PortMembers
box on the Insert MultiLink Trunks tab.
11 In the VlanIds box, click the ellipsis (...).

The VlanIds box appears, displaying the available VLANs.
12 Select the VLAN IDs for the MLT-based split multilink trunk port, and then
click Ok.
The VlanIds box closes and the VLANs are added to the VlanIds box in the
MLT, Insert Trunks box.
13 In the MltType box, select splitMLT.

The SmltId box becomes editable.
14 In the SmltId box, type an unused SMLT ID.
Note: The corresponding split multilink trunks between aggregation

switches must have matching SMLT IDs. The same ID number must be
used on both switches.
To view the SMLT IDs currently in use on the switch, see “Viewing Single
Port SMLTs” on page 288.

15 Click Insert.
The Insert MultiLink/LACP Trunks box closes, and the new MLT-based split
multilink trunk appears in the MultiLink/LACP Trunks tab.
16 On the MultiLink/LACP Trunks tab, click Close.

The MLT-based split multilink trunk is added.
Viewing MLT-based SMLTs
To view the MLT-based split multilink trunks configured on your switch:
1 From the menu bar, choose VLAN > SMLT.

The SMLT box appears (Figure 121 on page 288).
2 Click the SMLT Info tab.

The SMLT Info tab appears with all the configured MLT-based split multilink
trunks displayed (Figure 115 on page 279).
314725-E Rev 00
Figure 115 SMLT—SMLT Info tab
Table 50 describes the fields on the SMLT Info tab.
Table 50 SMLT Info tab fields
Field Description
Id Read-only field displaying the MLT ID for this split multilink

trunk.
SmltId The MLT-based split multilink trunk ID number.
MltType Editable field for specifying the type of multilink trunk:
• normalMLT
• istMLT
• splitMLT
RunningType Read-only field displaying the MLT operational type:
• normalMLT
• istMLT
• splitMLT
Adding ports to an MLT-based SMLT
To add ports to an existing MLT-based split multilink trunk:
The LACP Global tab appears (Figure 103 on page 251).


3 Double-click the PortMembers box for the MLT-based split multilink trunk
to which you are adding ports.
The MltPortMembers box (Figure 107 on page 259) appears for the specified
SMLT ID. Available ports are editable.
4 Select the port numbers to be added, or click All to select all ports.
• For Ethernet Routing Switch 8600 modules, up to eight same-type ports
can belong to a single multilink trunk.
5 Click Ok.
The MltPortMembers box closes and the ports are added to the Port Members
box on the MultiLink Trunks tab.
6 On the MultiLink/LACP Trunks tab, click Apply.

The ports are added to the MLT-based split multilink trunk.
Configuring an IST multilink trunk
To configure an IST multilink trunk:

3 Click Insert.
The MLT_LACP, Insert Multilink/LACP Trunks box (Figure 106 on
page 255) appears.
4 In the PortMembers box for the IST multilink trunk, click the ellipsis (...).
The MltPortMembers box appears, displaying the available ports.
5 Click the ports you want to include in the IST multilink trunk.
314725-E Rev 00
6 Click Ok.
The MltPortMembers box closes and the ports are added to the PortMembers
box for the IST multilink trunk in the Insert MultiLink Trunks tab.
7 In the MltType box, select istMLT.

8 In the PortType box, select trunk.
9 Configure the remaining boxes as required.
10 Click Insert.
The IST MLT box appears (Figure 116).
Figure 116 IST MLT
11 Enter the peer IP address and the VLAN ID.

12 Select enable, then click Apply.
The IST is added to the MLT_LACP box.
13 Disable CP-Limit on the port using the CLI command:
config ethernet <slot/port> cp-limit disable
The IST multilink trunk is configured. For more information, see ““CP Limit
and SMLT interswitch trunking” on page 112 and “Configuring CP-Limit for
an IST” on page 459.

Table 51 describes the IST multilink trunk fields.
Table 51 Ist multilink trunk fields
Field Description
PeerIp IST multilink trunk peer IP address.

VlanId An IST VLAN ID number.
SessionEnable Enable/disable IST functionality.
Editing an IST
To edit an existing IST, use the following procedure.
1 In Device Manager, go to VLAN > MLT/LACP > MultiLink/LACP

Trunks.
2 In the MLT_LACP box, select the IST.
3 Click IstMlt.
The IST MLT box (Figure 117) appears. For field definitions, see Table 51 on
page 282.
Figure 117 IST MLT
4 In the PeerIp box, enter the peer IP address.

5 In the VlanId box, enter a VLAN ID.
314725-E Rev 00
6 In the SessionEnable box, select either enable or disable.

7 Click Apply.
The IST MLT box closes and the changes are applied.
Viewing IST statistics

To view IST statistics on an interface:
2 Click the Ist/SMLT Stats tab.

The Ist/SMLT Stats tab appears (Figure 118 on page 284).

Figure 118 Ist/SMLT Stats tab
Table 52 describes the Ist/SMLT statistics.
Table 52 MLT_LACP—Ist/SMLT Stats tab fields
Field Description
SmltIstDownCnt The number of IST down messages.

SmltHelloTxMsgCnt The number of hello messages transmitted.
SmltHelloRxMsgCnt The number of hello messages received.
SmltLearnMacAddrTxMsgCnt The number of learn MAC address messages
transmitted.
SmltLearnMacAddrRxMsgCnt The number of learn MAC address messages
received.
314725-E Rev 00
Table 52 MLT_LACP—Ist/SMLT Stats tab fields (continued)
Field Description
SmltMacAddrAgeOutTxMsgCnt The number of MAC address aging out messages

transmitted.
SmltMacAddrAgeOutRxMsgCnt The number of MAC address aging out messages
received.
SmltMacAddrAgeExpTxMsgCnt The number of MAC address age expired messages
transmitted.
SmltMacAddrAgeExpRxMsgCnt The number of MAC address age expired messages
received.
SmltStgInfoTxMsgCnt The number of SMLT STG info messages transmitted.
SmltStgInfoRxMsgCnt The number of SMLT STG info messages received.
SmltDelMacAddrTxMsgCnt The number of deleted MAC address messages
transmitted.
SmltDelMacAddrRxMsgCnt The number of deleted MAC address messages
received.
SmltSmltDownTxMsgCnt The number of SMLT down messages transmitted.
SmltSmltDownRxMsgCnt The number of SMLT down messages received.
SmltSmltUpTxMsgCnt The number of SMLT up messages transmitted.
SmltSmltUpRxMsgCnt The number of SMLT up messages received.
SmltSendMacTblTxMsgCnt The number of send MAC table messages
transmitted.
SmltSendMacTblRxMsgCnt The number of send MAC table messages received.
SmltIgmpTxMsgCnt The number of IGMP messages transmitted.
SmltIgmpRxMsgCnt The number of IGMP messages received.
SmltPortDownTxMsgCnt The number of port down messages transmitted.
SmltPortDownRxMsgCnt The number of port down messages received.
SmltReqMacTblTxMsgCnt The number of request MAC table messages
transmitted.
SmltReqMacTblRx MsgCnt The number of request MAC table messages
received.
SmltRxUnknownMsgTypeCnt The number of unknown SMLT messages received.

Configuring a single port split multilink trunk
Ports that are already configured as MLT or MLT-based split multilink trunks
cannot be configured as a single port split multilink trunk. You must first remove
the split trunk and then reconfigure the ports as a single port split multilink trunk.
LACP is supported on single port split multilink trunks.
To configure a single port split multilink trunk:
1 From the Device Manager main window, select the port.

3 Click the SMLT tab.

The Port—SMLT tab (Figure 119) appears.
Note: The SMLT tab indicates if this port is already configured as MLT
or MLT-based SMLT. If so, you cannot configure Single Port SMLT.
Figure 119 Port—SMLT tab
4 Click Insert.
The Insert SMLT box appears (Figure 120 on page 287).
314725-E Rev 00
Figure 120 Port, Insert SMLT
5 In the SmltId box, enter an unused SMLT ID number.

To view the SMLT IDs that are already in use on your switch, see “Viewing
Single Port SMLTs” on page 288.
6 Click Insert.
A warning message appears, informing you that the spanning tree protocol
has been disabled while configuring the port with SMLT.
7 Click Ok.
The Insert SMLT box closes and the ID is entered.
Table 53 Port SMLT tab fields
Field Description
Port The slot/port number for the port.

MltId Read-only field, displaying one of the following:
• A value of 1 to 32 (or 128 for R modules in R mode)
indicates that the port is part of an multilink trunk, and
Single Port SMLT cannot be configured on this port.
• A value of 0 indicates that no multilink trunk is assigned,
and the port can be configured for Single Port SMLT.
SmltId The split multilink trunk ID.
• A read-only field indicates the port Single Port SMLT ID
assignment.
• A blank field indicates the port is not configured for Single
Port SMLT. Find an unused SMLT ID by viewing the
currently used IDs. See “Viewing Single Port SMLTs” on
page 288.

Viewing Single Port SMLTs
To view the single port split multilink trunks configured on your switch:
➨ From the menu bar, choose VLAN > SMLT.
The SMLT box appears, and shows the single port split multilink trunks
currently configured on your switch (Figure 121).
Figure 121 SMLT—Single Port SMLT
Table 54 describes the fields on the Single Port SMLT tab.
Table 54 SMLT—Single Port SMLT tab fields
Field Description
Port Read-only field that shows the port interface index number.
SmltId The ID number of the single port split multilink trunk.
RunningType Read-only field that shows the port operational type:
• normalMLT
• istMLT
• splitMLT
314725-E Rev 00
Deleting a Single Port SMLT
To delete a single port split multilink trunk:
1 From the Device Manager main window, select the port.

3 Click the SMLT tab.

The Port—SMLT tab (Figure 122) appears, displaying the Single Port SMLT
ID.
Figure 122 Deleting a Single Port SMLT
4 Select the single port split multilink trunk.

The single port split multilink trunk is highlighted.
5 Click Delete, and then click Close.

The single port split multilink trunk is deleted.

Configuring Simple Loop Prevention Protocol

Simple Loop Prevention Protocol (SLPP) is used at the edge of a network to
prevent loops in a SMLT network if Spanning Tree is not used.
This section describes how to configure Simple Loop Prevention Protocol (SLPP),
and includes the following topics:
• “Configuring SLPP globally”

• “Configuring the SLPP by VLAN” on page 291
• “Configuring the SLPP by port” on page 293
Switch 8600 v4.1
Configuring SLPP globally
To configure Simple Loop Prevention Protocol (SLPP) globally:
1 From the Device Manager menu bar, select VLAN > SLPP.
The Slpp box appears with the Global tag open (Figure 123).
Figure 123 SLPP—Global
Table 55 on page 291 describes the fields on the SLPP Global tab fields.
314725-E Rev 00
2 Select GlobalEnable.
3 In the TransmissionInterval box, enter a value for the time interval for loop
detection.
4 In the EtherType box, enter the SLPP protocol value as a hexadecimal
number.
5 Click Apply.
Table 55 SLPP—Global tab fields
Field Description
GlobalEnable Globally enables or disables SLPP.

TransmissionInterval Sets the interval (in seconds) for which loop detection occurs.
The range is 500 to 5000 s, and the default is 500 s.
Ether Type Specifies the SLPP protocol identification. This value is
expressed in hexadecimal.
Configuring the SLPP by VLAN

The Slpp box appears with the Global tag open (Figure 123 on page 290).
2 Click the VLANS tab.

The VLANS tab appears (Figure 124).
Figure 124 Slpp—VLANS tab
3 Click Insert.
The Slpp, Insert VLANS box appears (Figure 125 on page 292).

Figure 125 Slpp, Insert VLANS
Table 56 on page 293 describes the Slpp, Insert VLANS tab fields.
4 Click the VlanID ellipsis (...).

The VlanId box appears (Figure 126).
Figure 126 Slpp—Insert VlanId
5 Select the desired VLAN ID.

6 Click Ok.
7 Select SlppEnable.
8 Click Insert.
314725-E Rev 00
The ID and status of the selected VLAN appears in the Slpp—VLANS box
(Figure 124 on page 291).
Table 56 SLPP, Insert VLANS fields
Field Description
VlanId Specifies the VLAN.

SlppEnable Enables SLPP on the selected VLAN. The SLPP packet
transmission and reception process is active only when the
SLPP operation is enabled. When the SLPP operation is
disabled, no SLPP packet is sent, and any received SLPP
packet is discarded.
Configuring the SLPP by port
To configure SLPP by port:
The Slpp box appears with the Global tag open (Figure 123 on page 290).

The Slpp—Ports tab appears displaying all available ports (Figure 127 on
page 294).

Figure 127 Slpp—Ports tab
3 Click the SlppEnable box for the desired port and select true to enable SLPP.
4 Click Apply.
The ID and status of selected VLAN appears in the Slpp—VLANS dialog box
Table 57 describes the Slpp, Ports tab fields.
Table 57 Slpp—Ports tab fields
Field Description
IfIndex Specifies the interface index number for a port.

PktRxThreshold Specifies the threshold for packet reception from 1 to 20. After
a port reaches the packet threshold, it is disabled.
SlppEnable Enables SLPP on the selected IfIndex.
IncomingVlanId VLAN ID of the classified packet on a port disabled by
SLPP.
SrcNodeType Specifies the source node type of the received SLPP packet.
314725-E Rev 00

314725-E Rev 00
297
Chapter 6
Configuring multiple DSAP and SSAP using
Device Manager
With the Ethernet Routing Switch 8600, you can configure multiple DSAPs or
SSAPs for SNA or user-defined VLAN types. The base implementation of the
SNA VLAN allows SNA 802.2 traffic to be classified into a SNA VLAN based on
a 0x04 destination SAP or 0x04 source SAP. Some applications require changing
these classifications to DSAP or SSAP.
You can support any user-defined VLANs with multiple SSAPs and DSAPs. For
example, you can add 31 additional protocol IDs or DSAP/SSAP values, for a
total of 32, when you create a SNA 802.2 VLAN or a user-defined VLAN, or
when you reconfigure a SNA 802.2 VLAN or a user-defined VLAN.
Note: Hardware record usage increases considerably when you configure

multiple DSAPs or SSAPs for SNA or user-defined VLAN types. For
more information, see “Design aspects” on page 298.
This chapter describes how to configure multiple DSAPs and SSAPs per VLAN
and includes the following topics:
Topic Page
Design aspects 298

Configuring multiple DSAPs and SSAPs per VLAN 300

298 Chapter 6 Configuring multiple DSAP and SSAP using Device Manager
Design aspects
You can configure multiple DSAPs or SSAPs for SNA or user-defined VLAN
types using the CLI or Device Manager. Regardless of your configuration tool,
you must first create the SNA or user-defined VLAN, and then add the DSAPs or
SSAPs for this VLAN.
For user-defined VLANs, DSAP/SSAP additions can only be applied to VLANs

created without any specific encapsulation type or to VLANs with an
encapsulation type of LLC. The addition of DSAP/SSAP is not allowed on
user-defined VLANs created with an encapsulation type of Ethernet-ii or SNAP.
For each SNA802.2 VLAN, including 31 additional DSAP/SSAP values, 256

records are created, including:
• 8 IEEE VLAN records

• 31 * 8 = 248 protocol ID records.
In this case the default 0x04 records is always created on the switch.
For each user-defined VLAN created with no encapsulation specified, a total of

280 records are created, including:

• 3 * 8 = 24 protocol ID records for the base protocol ID (specified during
VLAN creation). One record of each type—LLC, Ethernet-ii and SNAP—is
created in this case.
• 31 * 8 = 248 protocol ID records for the additional DSAP/SSAP added
For each user-defined VLAN created with encapsulation set to LLC, 264
hardware records are created, including:

VLAN creation). Only the LLC record is created in this case.
314725-E Rev 00
Chapter 6 Configuring multiple DSAP and SSAP using Device Manager 299
Nortel does not recommend using more than 10 of the user-defined VLANs,
including 32 DSAP/SSAP values, due to the extensive hardware record usage
which can affect overall system scalability.
You can check for hardware record availability by executing the CLI command
show/sys/record-reservation.
There is only one SNA VLAN allowed on an individual port. DSAP/SSAP values
can be configured provided they are not the same as the reserved values listed (see
Table 58).
An exception is 0x0800, which can be configured with the encapsulation set to

Logical Link Control (LLC).
Table 58 DSAP/SSAP values
Protocol name Etype DSAP SSAP OUI PID
IP_ii 0x0800
ARP_ii 0x0806
RARP_ii 0x8035
IPX(old)_ii 0x8137
IPX_ii 0x8138
IPX(old)_SNAP 0x00000 0x813
IPX_SNAP 0 7
0x00000 0x813
0
8
IPX_802.3 0xE0 0xE0
IPX_802.3 0xFF 0xFF
APPLE_ii 0x809B
0X80F 0x809
APPLE_SNAP 3 0x08000 B
7 0x80F
3
DEC_LAT 0x6004

Table 58 DSAP/SSAP values (continued)
DEC_ELSE 0x6000
-
0x6003
0x6005
-
0x6009
DEC_BPDU 0x8038
SNA_ii 0x80D5
SNA_LLC 0x04 XX
XX 0x04
NetBIOS 0xF0 XX
XX 0xF0
XNS 0x0600
XNS_comp 0x0807
Configuring multiple DSAPs and SSAPs per VLAN

This procedure assumes you have already created a user-defined or an sna802.2
VLAN. See “Configuring policy-based VLANs” on page 145 for information
about adding a policy-based VLAN.
To configure multiple DSAPs and SSAPS per VLAN:
1 Go to VLAN > VLANs.

The VLAN—Basic tab appears.
2 Click the Advanced tab.
The VLAN—Advanced tab appears (see Figure 128 on page 301).
314725-E Rev 00
Chapter 6 Configuring multiple DSAP and SSAP using Device Manager 301
Figure 128 VLAN—Advanced tab
3 Select the VLAN to which you wish to add a DSAP, and click DSAP/SSAP.
The VLAN—DSAP/SSAP VLAN box appears (Figure 129).
Figure 129 VLAN—DSAP/SSAP VLAN
4 Click Insert.
The DSAP/SSAP, VLAN, Insert DSAP/SSAP box appears (Figure 130).
Figure 130 DSAP/SSAP, VLAN, Insert DSAP/SSAP
5 Enter a DSAP/SSAP value in hexadecimal form, and then click Insert.

6 Repeat steps 5 to 6 for as many DSAP/SSAPs as you require.
314725-E Rev 00
303
Chapter 7
Configuring and managing VLANs using the CLI
This chapter describes how to configure and manage VLANs using the command
line interface (CLI), and includes the following topics:
Topic Page
Roadmap of VLAN commands 303

Configuring and managing a VLAN 308
Using the VLAN show commands 333
Using the show ports commands for VLANs 358
Using the VLAN IP commands 362
For conceptual information about VLANs, see “VLANs” on page 37.
Roadmap of VLAN commands

The following roadmap lists the VLAN commands and their parameters. Use this
list as a quick reference or click on any entry for more information.
Command Parameter
config vlan <vid> create info
byIDS <sid> [name <value>] [color
<value>]
byipsubnet <sid> <ipaddr/mask> [
name <value>] [color <value>]

304 Chapter 7 Configuring and managing VLANs using the CLI
Command Parameter
byipsubnet-mstprstp <instance-id>
<ipaddr|mask> [name <value>] [color
<value>]
byport <sid> [name <value>] [color
<value>]
byport-mstprstp <instance-id> [name
<value>] [color <value>]
[naap-vlan] [firewall-vlan]
[firewall-peering-vlan]
byprotocol <sid>
<ip|ipx802dot3|ipx802dot2|ipxSnap|i
pxEthernet2|appleTalk|declat|decOth
er|sna802dot2|snaEthernet2|netBios|
xns|vines|ipV6|usrDefined|rarp|PPPo
E> [<pid>] [name <value>] [color
<value>] [encap <value>]
byprotocol-mstprstp <instance-id>
<ip|ipx802dot3|ipx802dot2|ipxSnap|i
pxEthernet2|appleTalk|decLat|decOth
er|sna802dot2|snaEthernet2|netBios|
xns|vines|ipV6|usrDefined|rarp|PPPo
E> [<pid>] [name <value>] [color
<value>] [encap <value>]
bysrcmac <sid> [name <value>]
[color <value>]
bysrcmac-mstprstp <instance-id>
[name <value>] [color <value>]
bysvlan <sid> [name <value>]
[color <value>]
bysvlan-mstprstp <instance-id>
forIDS <sid> [name <value>]
[color <value>]
forIDS-mstprstp <instance-id> [name
<value>] [color <value>]
config vlan <vid> info

action <action choice>
add-mlt <integer>
314725-E Rev 00
Chapter 7 Configuring and managing VLANs using the CLI 305
Command Parameter
addDsapSsap <DSAP/SSAP values>
removeDsapSsap <DSAP/SSAP values>
agetime <integer>
delete
qos-level <integer>
name <vname>
config vlan <vid> fdb-entry info

aging-time <seconds>
flush
monitor <mac> status <value>
<true|false>
qos-level <mac> status <value>
<0..7>
sync
config vlan <vid> fdb-filter info

add <mac> port <value> [qos
<value>]
pcap <mac> <enable|disable>
remove <mac>
config vlan <vid> fdb-filter info

notallowfrom
add <mac> port <value>
[<srcOnly|dstOnly|Both>]
remove <mac> port <value>
[<srcOnly|dstOnly|Both>]
config vlan <vid> fdb-static info
add <mac> port <value> [qos
<value>]
remove <mac>

Command Parameter
config vlan <vid> ports info

add <ports> [member <value>]
remove <ports> [member <value>]
ospf-passive <true|false> <ports>
config vlan <vid> srcmac info

add <macaddr>
remove <macaddr>
config vlan <vid> ip info

create <ipaddr|mask> [mac_offset
<value>]
delete <ipaddr>
Rvs-Path-Chk <enable|disable> [mode
<value>]
config vlan <vid> ip info

nlb-unicast-mode
<enable|disable>
config sys set flag

enhanced-operational-mode true
false
config ethernet <port> loop-detect action

<enable|disable> <port-down|vlan-block|mac-discard>
arp-detect <enable|disable>
config ether <ports>
auto-recover-port <enable|disable>
config ethernet <port number>
action clearLoopDetectAlarm
314725-E Rev 00
Command Parameter
config ethernet <port number> info
config mac-flap-time-limit
<10..5000 milliseconds>
show ports info loop-detected port
<port number>
show sys link-flap-detect
general-info
show ports info loop-detected port
<port number>
show vlan info all [<vid>] [port

<value>] [by <value>]
show vlan info advance [<vid>]
[port <value>]
show vlan info arp [<vid>] [port
<value>]
show vlan info basic [<vid>] [port
<value>]
show vlan info brouter-port [port
<value>]
show vlan info fdb-entry [<vid>]
[mac <value>] [port <value>]
show vlan info fdb-filter [<vid>]
show vlan info fdb-static [<vid>]
show vlan info igmp [<vid>] [port
<value>]
show vlan info ip [<vid>] [port
<value>]
show vlan info ports [<vid>] [port
<value>]
show vlan info srcmac [<vid>] [port
<value>]

Command Parameter
show ports info all [vlan <value>]
[port <value>] [by <value>]
show ports info vlans [vlan
<value>] [port <value>]
Configuring and managing a VLAN

To create VLANs, add or remove ports in the VLAN, set priority, change a VLAN
name, or perform other operations, use the VLAN configuration commands. You
can also configure reverse path checking, loop detection, Enhanced Operation
mode, and other features using the CLI. In all VLAN commands in this section,
vid is the VLAN ID.
This section includes the following procedures:
• “Creating a VLAN”
• “Performing general VLAN operations” on page 313
• “Configuring VLAN parameters in the forwarding database” on page 316
• “Limiting MAC learning” on page 321
• “Adding or removing VLAN ports” on page 323
• “Adding or removing VLAN source MAC addresses” on page 324
• “Configuring NLB unicast support on an IP interface” on page 325
• “Configuring Untagging Default VLAN on a Tagged Port” on page 325
• “Configuring Enhanced Operation mode” on page 326
• “Configuring VLAN Loop Detection” on page 327
• “Configuring spoof detection for a VLAN” on page 332
Creating a VLAN
To create a VLAN, use the following command:
config vlan <vid> create
314725-E Rev 00
You can specify the type of VLAN and assign an IP address to the VLAN using
this command. The required parameter vid is the VLAN ID. VLAN 1 is the
default VLAN.
This command includes the following parameters:

followed by:
info Shows information about the type of the specified
VLAN.
byIDS <sid> [name Creates a VLAN for IDS.
<value>] [color <sid> is spanning tree ID 1 to 64.
<value>]
name <value> is the name of the vlan from 0 to
64 characters.
color <value> is the color of the VLAN (0 to
32). The color attribute is used by Optivity software
to display the VLAN.
byipsubnet <sid> <ipaddr/ Creates an IP subnet-based VLAN.
mask> [ name <value>] • sid is a spanning tree group ID.
[color <value>]
• ipaddr/mask is the IP address and mask
{a.b.c.d/x | a.b.c.d/x.x.x.x | default}.
• name <value> is the name of the VLAN
from 0 to 20 characters.
• color <value> is the color of the VLAN
(0 to 32). The color attribute is used by Optivity
software to display the VLAN.
This command is available only for the Ethernet
byipsubnet-mstprstp Creates a VLAN by IP subnet.
<instance-id> • <instance-id> is the instance ID from 0 to
<ipaddr|mask> [name 63.
<value>] [color • <ipaddr/mask> is the subnet address or
<value>] mask {a.b.c.d/x | a.b.c.d/x.x.x.x | default}.
• name <value> is the name of the VLAN.
from 0 to 32. The color attribute is used by
Optivity software to display the VLAN.


followed by:
byport <sid> [name Creates a port-based VLAN.
<value>] [color • <sid> is the spanning tree group ID from 1 to
<value>] 64 characters.
• name <value> is the name of the VLAN
byport-mstprstp Creates a VLAN by port.
<instance-id> [name • <instance-id> is the instance ID from 0 to
<value>] [color 63.
<value>] [naap-vlan] • name <value> is the name of the VLAN.
[firewall-vlan] • color <value> is the color of the VLAN from
[firewall-peering-vlan] 0 to 32.
• naap-vlan marks the VLAN as a NAAP
VLAN.
• firewall-vlan marks the VLAN as a
firewall VLAN.
• firewall-peering-vlan marks the
VLAN as a firewall peering VLAN.
byprotocol <sid> Creates a protocol-based VLAN.
<ip|ipx802dot3|ipx802do • <sid> is spanning tree ID.
t2|ipxSnap|ipxEthernet2
|appleTalk|declat|decOt • ip|ipx802dot3|ipx802dot2|ipxSnap|i
her|sna802dot2|snaEther pxEthernet2|appleTalk|decLat|dec
net2|netBios|xns|vines| Other|sna802dot2|snaEthernet2|ne
ipV6|usrDefined|rarp|PP tBios|xns|vines|ipV6|usrDefined|
PoE> rarp|PPPoE specifies the protocol.
[<pid>] [name <value>] • pid is a user-defined protocol ID number in
[color <value>] [encap hexadecimal.
<value>] • name <value> is the name of the VLAN
• encap <value> is the frame encapsulation
method.
314725-E Rev 00

followed by:
byprotocol-mstprstp Creates a VLAN by protocol.
<instance-id> • <instance-id> is the instance ID.
<ip|ipx802dot3|ipx802do
t2|ipxSnap|ipxEthernet2 • <ip|ipx802dot3|ipx802dot2|ipxSnap|ip
|appleTalk|decLat|decOt xEthernet2|appleTalk|decLat|decOt
her|sna802dot2|snaEther her|sna802dot2|snaEthernet2|netBi
net2|netBios|xns|vines| os|xns|vines|ipV6|usrDefined|rarp|P
ipV6|usrDefined|rarp|PP PPoE> is the protocol ID.
PoE> [<pid>] [name • <pid> is the user-defined PID number.
<value>] [color • name <value> is the name of the VLAN
<value>] [encap from 0 to 64 characters.
<value>] • color <value> is the color of the VLAN
with the values ethernet-ii, llc, or snap.
bysrcmac <sid> Creates a VLAN by source MAC address.
[name <value>] • <sid> is the spanning tree ID from 1 to 64.
[color <value>] • name <value> is the name of the VLAN
bysrcmac-mstprstp Creates a VLAN by source MAC address
<value>] [color 63.
<value>] • name <value> is the name of the VLAN from
0 to 64 characters.
bysvlan <sid> Creates an sVLAN.
[color <value>]
• name <value> is the name of the sVLAN


followed by:
bysvlan-mstprstp Creates an sVLAN.
<value>] [color 63.
<value>]
• name <value> is the name of the sVLAN.
• color <value> is the color of the sVLAN
forIDS <sid> Creates a VLAN for IDS.
[color <value>] • name <value> is the name of the VLAN
forIDS-mstprstp Creates a VLAN for IDS
<value>] [color 63.
<value>] • name <value> is the name of the VLAN from
0 to 64 characters.
Figure 131 on page 313 shows sample output for the config vlan create
info command.
314725-E Rev 00
Figure 131 Config vlan create info command output

ERS-8606:5# config vlan 1 create info
Sub-Context: clear config dump monitor show test trace wsm asfm sam
Current Context:
byport :
sid - 1
name - Default
color - 0 (white)
Performing general VLAN operations
To perform general VLAN operations, such a setting a Quality of Service (QoS)

level for the VLAN or adding or changing the name of a VLAN, use the following
command:
config vlan <vid>
In all VLAN commands, vid is the VLAN ID.
This command includes the following options:
config vlan <vid>

followed by:
info Shows characteristics of the specified VLAN
action <action choice> Flushes a table or triggers an RIP update.
• <action choice> is {none|
flushMacFdb|flushArp|flushIp|
flushDynMemb|all|flushSnoopMemb|
triggerRipUpdate|flushSenders| flushSnoopMRtr}.
To flush all tables, use all.
add-mlt <integer> Adds an MLT to a VLAN.
• <integer> is the MLT ID.
addDsapSsap <DSAP/SSAP Adds DSAP/SSAP to SNA/USR defined VLANs.
values> • DSAP/SSAP values for SNA and user defined
VLANs (0x0..0xffff).

config vlan <vid>

followed by:
removeDsapSsap <DSAP/ Removes DSAP/SSAP to SNA/USR defined VLANs.
SSAP values> • DSAP/SSAP values for SNA and user-defined
VLANs (0x0..0xffff).
agetime <integer> Sets the VLAN aging time in seconds.
delete Deletes a VLAN.
qos-level <integer> Sets a Quality of Service level for a VLAN.
• <integer> is the QoS level.
Note: QoS level 7 is reserved for network control
traffic.
name <vname> Changes the name of a VLAN.
• <vname> is a string of length 0 to 20 characters.
Figure 132 shows sample output for the config vlan info command.
Figure 132 Config vlan info command output

ERS-8606:5# config vlan 1 info
Current Context:
action : N/A
add-mlt :
addDsapSsap :
removeDsapSsap : N/A
agetime : N/A
delete : N/A
qoslevel : 1
name : Default
Security-vlan-type : none
Cluster : 0
ERS-8606:5#
314725-E Rev 00
The following configuration example uses the config vlan commands to:
• Add a DSAP to SNA/USR VLANs

• Delete a VLAN
After configuring the parameters, use the info command to show a summary of
the results.
ERS-8606:5/config/vlan/10# addDsapSsap 0x0808

ERS-8606:5/config/vlan/10# info
Sub-Context: create fdb-entry fdb-filter fdb-static ip ipx ports srcmac
static-mcastmac
Current Context:
action : N/A
add-mlt :
addDsapSsap : 0x000c,0x0808
agetime : 600
delete : N/A
qoslevel : 1
name : VLAN-1000
ERS-8606:5/config/vlan/10# removeDsapSsap 0x0808

Sub-Context: create fdb-entry fdb-filter fdb-static ip ipx ports srcmac
static-mcastmac
Current Context:
action : N/A
add-mlt :
addDsapSsap : 0x000c
agetime : 600
delete : N/A
qoslevel : 1
name : VLAN-1000

Configuring VLAN parameters in the forwarding database
• “Configuring or modifying VLAN entries in the forwarding database” on

page 316
• “Configuring VLAN filter members” on page 317
• “Setting or modifying parameters of VLAN not allowed filter member” on
page 318
• “Configuring VLAN static member parameters” on page 320
Configuring or modifying VLAN entries in the forwarding

database
To configure or modify VLAN entries in the forwarding database, enter the

following command:
config vlan <vid> fdb-entry

followed by:
info Shows current level parameter settings and next level
directories.
aging-time <seconds> Sets the forwarding database aging timer.
• <seconds> indicates the timeout period in
seconds.
flush Flushes forwarding database.
monitor <mac> status Sets forwarding database monitor parameters.
<value> <true|false> • <mac> indicates the MAC address.
• status <value> allows you to view the
current status of the forwarding database
according to one of the following choices:
{other|invalid|learned|self|mgmt}.
• <true|false> enables or disables the monitor.
314725-E Rev 00

followed by:
qos-level <mac> status Sets a QoS level for a VLAN.
<value> <0..7> • <mac> indicates the MAC address.
• status <value> is the forwarding database
status according to one of the following choices:
{other|invalid|learned|self|mgmt}.
• <0..7> sets the QoS level.
traffic.
sync Synchronizes the switch forwarding database with the
forwarding database of the other aggregation switch.
Configuring VLAN filter members
To configure VLAN filter members, enter the following command:
config vlan <vid> fdb-filter
The config vlan <vid> fdb-filter command includes the following

options:
config vlan <vid> fdb-filter

followed by:
directories.
add <mac> port <value> Adds a filter member to a VLAN bridge.
[qos <value>] • <mac> indicates the MAC address.
• port <value> indicates the port (slot/port)
number.
• qos <value> is the QoS level.
traffic.
pcap <mac> Enables or disables the Packet Capture Tool (PCAP).
<enable|disable> • <mac> indicates the MAC address.
For more information about PCAP, see Using the
Packet Capture Tool.
remove <mac> Removes a filter member from a VLAN bridge.
• <mac> indicates the MAC address.

The following configuration example uses the config vlan fdb-filter

commands to:
• Add a filter member to the VLAN bridge

• Remove a filter member from a VLAN bridge
the results.
ERS-8606:5/config/vlan/10/fdb-filter# add 2:2:2:2:2:2 port 1/1

ERS-8606:5/config/vlan/10/fdb-filter# info
Sub-Context: notallowfrom
Current Context:
add :
mac - 02:02:02:02:02:02
port - 1/1
Pcap - Disable
remove : N/A
ERS-8606:5/config/vlan/10/fdb-filter# remove 2:2:2:2:2:2

ERS-8606:5/config/vlan/10/fdb-filter# info
Sub-Context: notallowfrom
Current Context:
add :
remove : N/A
Setting or modifying parameters of VLAN not allowed filter

member
To set or modify VLAN not allowed filter member parameters, enter the following
command:
config vlan <vid> fdb-filter notallowfrom
314725-E Rev 00
config vlan <vid> fdb-filter notallowfrom

followed by:
directories.
add <mac> port <value> Adds a not allowed filter member to a VLAN bridge.
[<srcOnly|dstOnly|Both • <mac> indicates the MAC address.
>] • <value> indicates the port (slot/port) number.
• <srcOnly}dstOnly|Both> is optional to set
a mask.
remove <mac> port Removes a not allowed filter member from a VLAN
<value> bridge.
[<srcOnly|dstOnly|Both • <mac> indicates the MAC address.
>] • <value> indicates the port (slot/port) number.
• <srcOnly}dstOnly|Both> is optional to set
a mask.
The following configuration example uses the config vlan fdb-filter

notallowfrom commands to:
• Add a not allowed filter member to a VLAN bridge

• Remove a not allowed filter member to a VLAN bridge

the results.
ERS-8606:5/config/vlan/10/fdb-filter# notallowfrom
ERS-8606:5/config/vlan/10/fdb-filter/notallowfrom# add 2:2:2:2:2:2 port 1/2 Both
ERS-8606:5/config/vlan/1000/fdb-filter/notallowfrom# info
Sub-Context:
Current Context:
add :
mac - 02:02:02:02:02:02
Dest Discard set - 1/2
Src Discard set - 1/2
remove : N/A
ERS-8606:5/config/vlan/10/fdb-filter/notallowfrom# remove 2:2:2:2:2:2 port 1/2

srcOnly
ERS-8606:5/config/vlan/10/fdb-filter/notallowfrom# info
Sub-Context:
Current Context:
add :
mac - 02:02:02:02:02:02
Dest Discard set - 1/2
Src Discard set -
remove : N/A
Configuring VLAN static member parameters
To configure VLAN static member parameters, enter the following command:
config vlan <vid> fdb-static
314725-E Rev 00
config vlan <vid> fdb-static

followed by:
directories.
add <mac> port <value> Adds a static member to a VLAN bridge.
[qos <value>] • <mac> indicates the MAC address.
• port <value> indicates the port (slot/port)
number.
• qos <value> is the QoS level.
traffic.
remove <mac> Removes a static member from a VLAN bridge.
• <mac> indicates the MAC address.
Limiting MAC learning
This feature allows you to limit the number of forwarding database entries learned
on a particular port to a user-specified value. After the number of learned
forwarding database entries reaches the maximum limit, packets with unknown
source MAC addresses are dropped by the hardware. If the count drops below a
configured minimum value due to forwarding database aging, learning is
reenabled on the port. Users can configure various actions—logging, sending
traps, and disabling the port—when the number of forwarding database entries
reaches the configured maximum limit.
The following CLI commands are implemented for this feature:
config ethernet <ports> limit-fdb-learning fdbprotect

<enable|disable>
This command enables or disables the feature on the specified ports. The default
value is disable.
config ethernet <ports> limit-fdb-learning max-mac-count

<value>

This command sets the maximum limit of forwarding database entries

(fdb-entries) that can be learned on the specified ports. The default value is 1024.
config ethernet <ports> limit-fdb-learning min-mac-count

<value>
This command sets the minimum limit of fdb-entries at which fdb-learning will be
reenabled on the specified ports. The default value is 512.
config ethernet <ports> limit-fdb-learning info
This command shows the configuration information related to the feature.
config ethernet <ports> limit-fdb-learning

violation-log-trap <enable|disable>
This command enables or disables logging to syslog file and trap generation when
a maximum limit is reached. The default value is disable.
config ethernet <ports> limit-fdb-learning

violation-down-port <enable|disable>
This command enables or disables the action taken on the ports in the event of a
violation. The default value is disable.
There is no Device Manager support for this feature in this release.
Note: To change max-mac-count or min-mac-count when the feature is

already enabled, flush the fdb-entries on the particular port using the
command config ether <ports> action flushMacFdb.
314725-E Rev 00
Adding or removing VLAN ports
To add or remove ports in the VLAN, enter the following command:
config vlan <vid> ports
config vlan <vid> ports

followed by:
info Shows member status of the ports in the VLAN
add <ports> Adds one or more ports to an existing VLAN.
[member <value>] • <ports> is the port list.
• member <value> is the port member type. It
can be portmember (always a member),
static (sometimes a member), or
notallowed (never a member).
remove <ports> [member Removes ports from a VLAN but does not delete the
<value>] VLAN.
• <ports> is the port list.
• member <value> is the port member type.
It can be portmember (always a member),
static (sometimes a member), or
notallowed (never a member).
ospf-passive Enables or disables the OSPF passive port.
<true|false> <ports> • <true|false> enables or disables the OSPF
port.
• <ports> is the port list.
Figure 133 on page 324 shows sample output for the config vlan ports
info command.

Figure 133 Config vlan ports info command output

ERS-8606:5# config vlan 1 ports info
Current Context:
add :
portmember - 2/1-2/8,4/1-4/30
activemember - 2/1-2/8,4/1-4/30
staticmember -
notallowtojoin -
remove : N/A
ospf-passive-port -
ERS-8606:5#
Adding or removing VLAN source MAC addresses

To add or remove VLAN source MAC addresses, enter the following command:
config vlan <vid> srcmac
config vlan <vid> srcmac

followed by:
directories.
add <macaddr> Adds a source MAC address to a VLAN.
• <macaddr> is the MAC address to be added.
remove <macaddr> Removes a source MAC address from a VLAN.
• <macaddr> is the MAC address to be removed.
314725-E Rev 00
Configuring NLB unicast support on an IP interface
You can use Microsoft Network Load Balancer (NLB) to share workload among
multiple clustering servers. To enable or disable Network Load Balancer (NLB)
unicast support, use the following command:
config vlan <vid> ip nlb-unicast-mode
config vlan <vid> ip nlb-unicast-mode

followed by:
directories.
<enable|disable> Enables or disables unicast mode.
The default value is disable. For more information about NLB unicast support, see
“Flooding for Microsoft NLB clustering systems in unicast mode” on page 63.
Configuring Untagging Default VLAN on a Tagged Port

packets originating from a PC from the tagged packets originating from a IP
phone.
The following command enables the Untagging Default VLAN on a Tagged Port
feature:
config ethernet <ports> untag-port-default-vlan

<enable|disable>
where <ports> is the port of list of ports in slot/port format.

Configuring Enhanced Operation mode
Enhanced Operation mode enables the Ethernet Routing Switch 8600 to support
more VLANs. With MLT, you can create a maximum of 1 980 VLANs (1 972
with R modules in the chassis). With SMLT, the limit is 989 VLANs. For more
information about enhanced operation concepts, see “MultiLink trunking and
VLAN scalability” on page 56.
To configure enhanced operation for 1 980 VLANs on the Ethernet Routing

Switch 8600, use the following command:
config sys set flag enhanced-operational-mode
Note: You must save the configuration and reset the switch before the
change takes effect.
The config sys set flag enhanced-operational-mode command

includes the following options:
config sys set flag enhanced-operational-mode

followed by:
true Enables Enhanced Operation mode to support 1 980 VLANs for the system.
false Disables Enhanced Operation mode for the system.
Configuration example: configuring support for 1 980 VLANs
This configuration example uses the preceding commands to configure support for
up to 1980 VLANs. Figure 134 on page 327 shows sample output for these
configuration commands.
314725-E Rev 00
Figure 134 Configuration example for supporting 1980 VLANs command output
ERS-8610:5# config sys set flag enhanced-operational-mode true
WARNING:The change made will take effect only after

the configuration is saved and the full chassis is rebooted.
ERS-8610:5# config sys set flag info
Current Context:
m-mode: (false) -> false

enhanced-operational-mode: (false) -> true
vlan-optimization-mode: (false) -> false
global-filter-ordering: (false) -> false
r-mode: (false) -> false
multicast-check-packet: (true) -> true
ERS-8610:5# config sys set flag r-mode ?

enable disable RSP memory (256K) mode - effect after reboot
Required parameters:
<true|false> = Enable/Disable RSP memory mode {false|true}
Command syntax:
r-mode <true|false>
ERS-8610:5#
Configuring VLAN Loop Detection
For information about the Loop Detection feature, see “VLAN Loop Detection”
on page 65. See “SMLT triangle with loop detection configuration example” on
page 508 for a CLI loop detection configuration example.

To enable or disable loop detection, enter the CLI command:
config ethernet <port> loop-detect <enable|disable>
The config ethernet <port> loop-detect command includes the

following options:
config ethernet <port> loop-detect <enable|disable>

followed by:
action Specifies the loop detect action to be taken.
<port-down|vlan-block| • port-down shuts down the port upon detecting
mac-discard> a flapping MAC address (an address that is
enabled and disabled repeatedly).
• vlan-block shuts down the VLAN upon
detecting a flapping MAC address
• mac-discard
arp-detect The ARP-Detect feature is used for IP configured
<enable|disable> interfaces for ARP packets. This feature should be
enabled (in addition to loop detection) on routed
interfaces.
The MAC flap time limit is configured by using the mac-flap-time-limit

command. Note that this interval should be staggered between a pair of SMLT
switches. By default, the mac-flap-time-limit is set to 500 milliseconds.
config mac-flap-time-limit <10..5000 milliseconds>
To view the current flap time settings, enter the following command:
config info
To view link-flap-detection information, enter the following command:
show sys link-flap-detect general-info
Figure 135 on page 329 shows sample output for these commands.
314725-E Rev 00
Figure 135 Config and show sys link-flap-detect command output
ERS-8610:6# config ethernet 1/15 loop-detect enable action port-down

ERS-8610:6# config mac-flap-time-limit 1600
ERS-8610:6# config info
Current Context:
setdate : N/A
mac-flap-time-limit : 1600
auto-recover-delay : 15
ERS-8610:6# show sys link-flap-detect general-info
Auto Port Down : enable

Send Trap : enable
Interval : 60
Frequency : 10
ERS-8610:6#
To display the results of loop detection in any VLAN, enter the CLI command:
show ports info loop-detected port <port number>
To verify whether the loop detection feature is enabled or disabled on the port,
enter the CLI command:
config ethernet <port number> info
The CLI command to enable or disable auto-recovery on individual ports is as

follows:
config ether <ports> auto-recover-port <enable|disable>
The default value is disable.
The CLI command to set the recovery timer on a port is as follows:
config auto-recover-delay <seconds>

The range is 5 to 3600 seconds, and the default value is 30 seconds.
To clear loop detection alarms, enter the CLI command:
config ethernet <port number> action clearLoopDetectAlarm
Figure 136 on page 331 shows sample CLI output using the loop detect
commands.
314725-E Rev 00
Figure 136 Sample configuration using the loop-detect commands.

ERS-8610:6# show ports info loop-detected port 1/15
=========================================================================
Port Loop-Detect
=========================================================================
PORT VLAN MAC LOOP DETECT SMLT REMOTE
ACTION
------------------------------------------------------------------------
1/15 3510 00:00:5e:00:01:01 PORT-DOWN false
4/16 3510 00:00:5e:00:01:01 PORT-DOWN false
ERS-8610:6# config ether 1/15 auto-recover-port enable

ERS-8610:6# config auto-recover-delay 15
ERS-8610:6# config ethernet 1/15 action clearLoopDetectAlarm
ERS-8610:6# config ethernet 1/15 info
Current Context:
Port 1/15 :
lock : false
block-traffic : false
name :
auto-negotiate : true
enable-diffserv : false
access-diffserv : false
qos-level : 1
routing : enable
unknown-mac-discard : disable
high-secure : false
default-vlan-id : 1
untag-port-default-vlan : disable
tagged-frames-discard : disable
perform-tagging : disable
svlan-porttype : normal
untagged-frames-discard : disable
loop-detect : enable action port-down arp-detect disable
state : up
linktrap : enable
alias :
multicast-bandwidth-limit : disabled
broadcast-bandwidth-limit : disabled
tx-flow-control : disabled
sffd : disabled
cp-limit : enabled multicast-limit 10000 broadcast-limit 10000
shape : disabled
802.1p-override : disable
slpp-rx : disabled
auto-recover-port : enable
ext-cp-limit : None threshold-util-rate 50
ERS-8610:6#

Loop detection warning messages
The following log message and trap is generated when MAC address discarding is
set due to loop-detect:
MAC has been disabled due to MAC <xx:xx:xx:xx:xx:xx>

flapping more than <n> times in <t> milliseconds from
<port-number> to <port-number>.
The following log message and trap is generated when a port, which has been
disabled due to CP-Limit or link-flap, is auto-recovered:
port <port-num> re-enabled by auto recovery
The following log message and trap is generated when a port which has been
disabled due to the loop detection feature is auto-recovered:
Loop detect action <action> cleared on port <port-num> by

auto recovery
Configuring spoof detection for a VLAN
A port can be configured to prevent IP spoofing by using the following CLI

commands. For more information about this feature, see “Prevention of IP
spoofing within a VLAN” on page 64.
To enable or disable spoof detection, enter the following command:
config ethernet <ports> spoof-detect <enable|disable>
To enable or disable auto-recovery on a port use the command:
config ethernet <ports> auto-recover-port <enable|disable>
Note: If you are using SMLT, be sure to configure spoof detection on

both SMLT aggregation switches to avoid connectivity issues.
314725-E Rev 00
Warning: Enabling the spoof detection feature requires you to reboot the
switch.
Using the VLAN show commands

To obtain configuration information about all VLANs on the switch or specified
VLANs, use the show vlan commands.
• “Displaying general VLAN information”

• “Displaying forwarding database information” on page 347
• “Displaying forwarding database filters” on page 348
• “Displaying database status, MAC address, and QoS levels” on page 349
• “Displaying additional parameters” on page 350
• “Displaying ARP configurations” on page 351
• “Displaying VLAN information” on page 352
• “Displaying brouter port information” on page 353
• “Displaying IGMP switch operation information” on page 354
• “Displaying VLAN routing (IP) configuration” on page 355
• “Displaying port member status” on page 356
• “Displaying source MAC addresses” on page 357
Displaying general VLAN information

To display all general information about the VLANs on the switch or a specified
VLAN, enter the following command:
show vlan info all [<vid>] [port <value>] [by <value>]
where:
<vid> is the VLAN ID from 1 to 4092,

port <value> is the port or range of ports,
by <value> is the group ID.

Figure 137 on page 334 shows sample output of this command.
Figure 137 Show vlan info all command output

ERS-8606:5/show/vlan/info# all
=============================================================================
Vlan Basic
=============================================================================
VLAN STG
ID NAME TYPE ID PROTOCOLID SUBNETADDR SUBNETMASK
-----------------------------------------------------------------------------
1 Default byPort 1 none N/A N/A
13 VLAN-13 byPort 1 none N/A N/A
=============================================================================
Vlan Port
=============================================================================
VLAN PORT ACTIVE STATIC NOT_ALLOW
ID MEMBER MEMBER MEMBER MEMBER
-----------------------------------------------------------------------------
1 1/1,1/5-1/8,2/1- 1/1,1/5-1/8,2/1-
2/8,4/1-4/16,4/18- 2/8,4/1-4/16,4/18-
4/30 4/30
13 4/17 4/17
=============================================================================
Vlan ATM VPort
=============================================================================
VLAN ID PORT NUM PVC LIST
-----------------------------------------------------------------------------
--More-- (q = quit)
Table 59 shows the field descriptions for this command.
Table 59 Show vlan info all parameters
Field Description
Vlan Basic
VLAN ID Indicates the VLAN ID.
314725-E Rev 00
Table 59 Show vlan info all parameters (continued)
Field Description
NAME Indicates the administrator assigned name to the VLAN.

TYPE Indicates the type of VLAN, distinguished according to the policy
used to define its port membership. Options include:
byPort—VLAN by Port
byIpSubnet—VLAN by IP subnet
byProtocolId—VLAN by protocol ID
bySrcMac—VLAN by source MAC address
byDstMcast—VLAN by destination multicast
bySvlan—VLAN by stacked VLAN
byIds—VLAN by IDS VLAN
STG ID Indicates the Spanning Tree Group (STG) used by this VLAN to
determine the state of its ports. If this VLAN is not associated with
any STG, it is zero.
PROTOCOLID Indicates the protocol identifier of this VLAN. For other VLAN
types it has the value of none. Options include:
none
ip
ipx802dot3
ipx802dot2
ipxSnap
ipxEthernet2
appleTalk
decLat
decOther
sna802dot2
snaEthernet2
netBios
xns
vines
ipV6
usrDefined
rarp
pPPoE
SUBNETADDR Indicates the IP subnet address of this VLAN. For other VLAN
types it has the value of 0.0.0.0.
SUBNETMASK Indicates the IP subnet mask of this VLAN. For other VLAN types
it has the value of 0.0.0.0.

Field Description
Vlan Port
PORT MEMBER Indicates the set of ports that are members (static or dynamic) of
this VLAN.
ACTIVE MEMBER Indicates the The set of ports that are currently active in this
VLAN. Active ports include all static ports and any dynamic ports
where the VLAN policy was met.
STATIC MEMBER Indicates the The set of ports that are static members of this
VLAN. A static member of a VLAN is always active and is never
aged out.
NOT_ALLOW Indicates the The set of ports that are not allowed to become
MEMBER members of this VLAN.
Vlan ATM Port
PORT NUM Indicates the port number.
PVC LIST Indicates the PVC list.
Ospf Passive Port Members
VLAN Indicates the VLAN ID.
PORT NUM Indicates the VLAN port number for the passive OSPF interface.
Vlan Advance
NAME Indicates the name assigned to the VLAN.
IF INDEX Indicates the interface index.
QOS LVL Indicates the QoS level packets carried in this VLAN for
processing.
AGING TIME Indicates the timeout period (in seconds) used for aging out
dynamic members of this VLAN. This field is only relevant for
policy-based VLANs.
MAC ADDRESS Indicates the MAC address assigned to the virtual router interface
of this VLAN. This field is meaningful only if VlanRoutingEnable is
equal to true.
314725-E Rev 00
Field Description
ACTION Inidciates VLAN related actions. Options include:

none—none of the following
flushMacFdb—flush MAC forwarding table
flushArp—flush ARP table
flushIp—flush IP route table
flushDynMemb(—flush dynamic members
all—flush all tables
flushSnoopMemb—flush IGMP snoop members
triggerRipUpdate—manually trigger RIP update
flushSnoopMRtr—flush snoop multicast router
RESULT Indicates the result from the last VLAN action. Options include:
none
inProgress
success
fail
USER DEFINEPED Indicates the encapsulation type for user defined protocol-based
ENCAP VLANs. This is not meaningful for other types of VLANs.
Vlan Arp
DOPROXY Indicates if ARP proxy responses are enabled or disabled on the
specified interface.
DORESP Indicates if the sending of ARP responses is enabled or disabled
on the specified interface.
NLB-UNIAST-MODE Indicates the mode for NLB-unicast.
Vlan Fdb
STATUS Indicates the status of FDB forwarding on the VLAN.
equal to true.
INTERFACE Indicates the interface.
MONITOR Indicates whether monitoring is performed on this unicast MAC
address. If monitoring is enabled, any packet received with a
matching destination MAC address is forwarded to the port
configured to receive monitor traffic.

Field Description
processing.
SMLT REMOTE Indicates the MAC address for remote learnt, either local or
remote.
Vlan Filter
STATUS Indicates the status of the VLAN filter.
equal to true.
PORT Indicates the port number.
processing.
PCAP Indicates the status of PCAP on the filter.
DEST_DISCARD Indicates a set of ports. Traffic arriving on any of the specified
SET ports from this MAC address.
SRC_DISCARD SET Indicates a set of ports. Traffic arriving on any of the specified
ports is not forwarded to this MAC address.
Vlan Static
STATUS Indicates the status of the static VLAN.
equal to true.
PORT Indicates the port number.
MONITOR Indicates whether monitoring is performed on this unicast MAC
address. If monitoring is enabled, any packet received with a
matching destination MAC address is forwarded to the port
configured to receive monitor traffic.
processing.
IDS Vlan Info
MAC LEARNING Indicates the type of MAC learning.
DISABLED PORTS Indicates the disabled port numbers.
314725-E Rev 00
Field Description
Vlan Ip
IP ADDRESS Indicates the IP subnet address of this VLAN. This value is
meaningful only if the VLAN type is set to IP subnet. For other
VLAN types, it has the value of 0.0.0.0.
NET MASK Indicates the IP subnet mask of this VLAN. This value is
meaningful only if the VLAN type is set to IP subnet. For other
VLAN types it has the value of 0.0.0.0.
BCASTADDR Indicates the IP broadcast address format used on this interface.
FORMAT
REASM MAXSIZE Indicates the size of the largest IP datagram that this entity can
reassemble from incoming IP fragmented datagrams received on
this interface.
ADVERTISE Indicates whether the VLAN state change is notified to Layer 3 or
WHEN_DOWN not, provided the VLAN is configured as a routable interface. A
VLAN is considered to be up if at least one member of the
port-based VLAN has link up, or at least one port member of the
policy-based has an entry in the MGID or at least one static
member of the policy-based VLAN has link up. Otherwise, a VLAN
is considered to be down. If the value is true then the interface
state change does not notify to Layer 3. (that is, it always stays
up). If the value is false then the VLAN state change is notified to
Layer 3 so that IP related status reflects the routable interface
state.
DIRECTED Indicates the status of directed broadcast.
BROADCAST
RPC Indicates the status of RPC.
RPC MODE Indicates the RPC mode type.
Vlan Dhcp
VLAN ID Indicates the VLAN ID number
IF INDEX Indicates the interface index number. Numbers 1 to 256 are ports;
numbers above 257 are VLANs.
ENABLE Indicates if DHCP is enabled on the port.
MAX HOP Indicates the maximum number of hops a DHCP packet can take
from the source device to the destination device (that is, DHCP
client to DHCP server)

Field Description
MIN SEC Indicates the minimum number of seconds to wait between

receiving a DHCP packet and actually forwarding the DHCP
packet to the destination device. A value of zero indicates
forwarding should be done immediately without any delay.
MODE Indicates what type of DHCP packets this interface should
support. A value of none results in all incoming DHCP and
BOOTP packets to be dropped. Options include none, bootp,
dhcp, and both.
ALWAYS BCAST Indicates if DHCP reply packets are broadcast to the DHCP client
on this interface.
Vlan Ospf
VLAN ID Indicates the VLAN
ENABLE Indicates the status of OSPF configured on the port.
HELLO INTERVAL Indicates the length of time, in seconds (1 to FFFF) between the
Hello packets that the router sends on the interface.
RTRDEAD INTERVAL Indicates the number of seconds (1 to FFFF) that router Hello
packets have not been seen before neighbors declare the router
down.
DESIGRTR Indicates the priority of this interface. Used in multiaccess
PRIORITY networks. This field is used in the designated router election
algorithm. The value 0 indicates the router is not eligible to
become the designated router on this particular network. In the
event of a tie in this value, routers use their router id as a tie
breaker. The default is 1.
METRIC Indicates the metric for this type of service (TOS) on this interface.
The value of the TOS metric is (10^9 / interface speed). The
default is 1.
FFFF—There is no route for this TOS.
POS/IPCP links—defaults to 0.
0—The interface speed is used as the metric value when the state
of the interface is up.
AUTHTYPE Indicates the type of authentication required for the interface.
none—No authentication required.
simple password—All OSPF updates received by the interface
must contain the authentication key specified in the interface
AuthKey field.
MD5 authentication—All OSPF updates received by the interface
must contain the MD5 key.
314725-E Rev 00
Field Description
AUTHKEY Indicates the key (up to 8 characters) required when simple

password authentication is specified in the interface AuthType
field.
INTF Indicates the interface type.
AREA ID Indicates the area where the host is found. By default, the area
that is submitting the OSPF interface is in 0.0.0.0.
Vlan Rip
PORT NUM Indicates the ports on the VLAN.
ENABLE Indicates the status of RIP on the port.s for a VLAN
DEFAULT SUPPLY Indicates if the default route must be advertised out this interface.
Note: The default route is advertised only if it exists in the routing
table.
DEFAULT LISTEN Indicates if the default route must be learned on this interface
when advertised by another router connected to the interface.
TRIGGERED Indicates the status of the RIP triggered update on the interface.
UPDATE
AUTOAGG ENABLE Indicates the status of auto aggregation on the interface.
SUPPLY Indicates the status of advertising RIP routes through the
interface.
LISTEN Indicates the status of RIP reception on the interface.
POISON Indicates the status of poison reverse on the interface. If disabled,
split horizon is invoked, meaning that IP routes learned from an
immediate neighbor are not advertised back to the neighbor from
which the routes were learned.
If enabled, the RIP update sent to a neighbor from which a route is
learned is poisoned with a metric of 16. In this manner, the route
entry is not passed along to the neighbor, because historically 16
is infinity in terms of hops on a network. The default is disable.
Vlan Vrrp
VRRP ID Indicates the number which, along with an interface index
(ifIndex), serves to uniquely identify a virtual router on a given
VRRP router. A set of one or more associated addresses is
assigned to a VRID.
IP ADDR Indicates the assigned IP addresses that a virtual router is
responsible for backing up.

Field Description
VIRTUAL MAC ADDR Indicates the virtual MAC address of the virtual router. This is
derived as follows: 00-00-5E-00-01-<VRID> where the first three
octets consist of the Internet Assigned Numbers Authority’s
(IANA) Organizationally Unique Identifier (OUI), the next two
octets indicate the address block of the VRRP protocol, and the
remaining octets consist of the VRID.
Vlan Vrrp Extended
VID Indicates the VLAN ID.
STATE Indicates the current state of the virtual router. Options include:
initialize—waiting for a startup event
backup—monitoring the state/availability of the master router
master—forwarding IP addresses associated with this virtual
router.
CONTROL Indicates the virtual router function. Setting the value to enabled
transitions the state of the router from initialize to backup. Setting
the value to disabled, transitions the router from master or backup
to initialize.
PRIORITY Indicates the priority for the virtual router (for example, master
election) with respect to other virtual routers that are backing up a
one or more associated IP addresses. Higher values imply higher
priority.
A priority of 0, although not possible to set, indicates that this
router has ceased to participate in VRRP and a backup virtual
router should transition to become a new master.
A priority of 255 is used for the router that owns the associated IP
addresses.
MASTER IPDDR Indicates the master router real (primary) IP address. This is the
IP address listed as the source in VRRP advertisement last
received by this virtual router.
ADVERTISE Indicates the time interval, in seconds, between sending
INTERVAL advertisement messages. Only the master router sends VRRP
advertisements.
CRITICAL IPADDR Indicates the IP address of the interface that causes a shutdown
event.
HOLDDOWN_TIME Indicates the amount of time (in seconds) to wait before
preempting the current VRRP master.
ACTION Indicates the trigger for an action on this VRRP interface. Options
include none and preemptHoldDownTimer.
314725-E Rev 00
Field Description
CRITICAL IP Indicates the if an user-defined critical IP address is enabled. No

ENABLE indicates the use the default IP address (0.0.0.0). there is no
effect if an user-defined IP address does not exist.
BACKUP MASTER Indicates the state of designating a backup master router.
BACKUP MASTER Indicates the state of the backup master router.
STATE
FAST ADV INTERVAL Indicates the faster advertisement interval, in milliseconds,
between sending advertisement messages. When the faster
advertisement interval enable is checked, the faster
advertisement interval is being used instead of the regular
advertisement interval
FAST ADV ENABLE Indicates if the faster advertisement interval status.
Vlan Ip Igmp
QUERY INTVL Indicates the interval (in seconds) between IGMP Host-Query
packets transmitted on this interface.
QUERY MAX RESP Indicates the interval (in seconds) for the maximum query
response time advertised in IGMPv2 queries on this interface.
Smaller values allow a router to prune groups faster.
ROBUST Indicates the tuning for the expected packet loss on a subnet. If a
subnet is expected to be lossy, the Robustness variable can be
increased. IGMP is robust to (Robustness - 1) packet losses.
VERSION Indicates the version of IGMP that is running on this interface.
This object configures a router capable of running either value.
For IGMP to function correctly, all routers on a LAN must be
configured to run the same version of IGMP on that LAN.
LAST MEMB QUERY Indicates the max response in a group specific query.
PROXY SNOOP Indicates the status of IGMP proxy snoop on the VLAN.
ENABLE
SNOOP ENABLE Indicates the status of IGMP snooping on the VLAN.
SSM SNOOP Indicates the status of SSM IGMP snooping on the VLAN.
ENABLE
FAST LEAVE Indicates the status of fast leave.
ENABLE
FAST LEAVE PORTS Indicates the ports that have fast leave enabled.
Vlan Ip Dvmrp
IF Indicates the ifIndex value of the interface for which DVMRP is
enabled.

Field Description
ADDR Indicates the IP address this system uses as a source address on

this interface.
METRIC Indicates the distance metric for this interface used to calculate
distance vectors.
OPERSTAT Indicates the current operational state of this DVMRP interface.
DEFAULT LISTEN Indicates whether the switch can learn DVMRP default routes over
this interface.
DEFAULT SUPPLY Indicates the whether the switch should supply DVMRP default
routes over this interface.
DEFAULT METRIC Indicates the cost of the DVMRP default route that this interface
generates and supplies when it is configured to supply default
route.
ADVERTISE SELF Indicates whether the switch can advertise this local network.
IN-POLICY Indicates the DVMRP accept policy name configured on this
interface.
OUT-POLICY Indicates the DVMRP announce policy name configured on this
interface.
INTF TYPE Indicates the type of this DVMRP interface, whether it uses a
tunnel, source routing, a physical interface for which there is a a
querier, or a physical interface for which there is not a querier
(subnet).
Vlan Ip Icmp Route Discovery
ADV_ADDRESS Indicates the advertisement address to which the route discovery
advertisements transmitted on this interface.
ADV_FLAG Indicates the flag to indicate whether or not the address is to be
advertised on this interface.
LIFETIME Indicates the value to be placed in the lifetime field of router
Advertisements sent from the interface.
MAX_INT Indicates the maximum time allowed between sending router
Advertisements from this interface.
MIN_INT Indicates the minimum time allowed between sending router
Advertisements from this interface.
PREF_LEVEL Indicates the preferability of the router address as a default router
Vlan Ipx
VLAN-ID Indicates the VLAN ID.
314725-E Rev 00
Field Description
VLAN-TYPE Indicates the type of VLAN, distinguished according to the policy

used to define its port membership. Options include:
byPort—VLAN by Port
byIpSubnet—VLAN by IP subnet
byProtocolId—VLAN by protocol ID
bySrcMac—VLAN by source MAC address
byDstMcast—VLAN by destination multicast
bySvlan—VLAN by stacked VLAN
byIds—VLAN by IDS VLAN
IPXNET Indicates the IPX network address.
ENCAPSULATION Indicates the IPX encapsulation format. It is only relevant if the
VLAN is port-based.
ROUTING Indicates the IPX routing protocol. Options include none or RIP.
Manual Edit Mac
MAC ADDRESS Indicates the MAC address that is learned on the port.
PORTS Indicates the allowed ports that can learn this MAC address.
Autolearn Mac
MAC ADDRESS Indicates the MAC address that is automatically learned on the
port.
PORT Indicates the allowed ports that can automatically learn this MAC
address.
Vlan Ip Pim
VLAN-ID Identifies the VLAN.
PIM-ENABLE The state of PIM on the VLAN.
MODE The configured mode of this VLAN. The valid modes are SSM and
Sparse.
HELLOINT Indicates how long to wait (in seconds) before the PIM switch
sends out the next hello message to neighboring switches. The
default hello interval is 30 seconds.
JPINT Indicates how long to wait (in seconds) before the PIM switch
sends out the next join/prune message to its upstream neighbors.
The default join/prune interval is 60 seconds.
CBSR PREF The preference for this local interface to become a candidate
BSR. The Candidate BSR with the highest BSR-priority and
address is referred to as the preferred BSR. The default is -1,
which indicates that the current interface is not a candidate BSR.

Field Description
INTF TYPE Indicates whether the PIM interface is active or passive.

Vlan Ip Pgm
VLAN-ID Identifies the VLAN.
ENABLE Shows whether PGM is enabled or disabled on this interface.
STATE Indicates the current state (up or down) of PGM.
NAK_RE_XMIT Specifies how long to wait for an NCF (in milliseconds) before
INTERVAL retransmitting the NAK (negative acknowledgement). The default
is 1 000 milliseconds.
MAX_NAK_RE Specifies the maximum number of NAK retransmission packets
XMIT_COUNT allowed per second.
NAK_RDATA Specifies how long to wait for RDATA (in milliseconds) after
INTERVAL receiving an NCF.
NAK_ELIMINATE Specifies the length of time (in milliseconds) during where a
INTERVAL network element (NE) eliminates duplicate NAKs. When this
interval expires, the NE suspends NAK elimination until the first
duplicate arrives. After this NAK is forwarded, the NE again
eliminates duplicate NAKs for the specified interval. This
parameter must be less than the
NAK_RDATA INTERVAL.
Vlan Mcastmac
MAC ADDRESS Indicates the MAC address.
PORT LIST Indicates the list of ports.
MLT GROUPS Indicates the MLT groups.
Vlan Firewall
ID Indicates the VLAN ID.
NAME Indicates the VLAN name assigned by the user.
FIREWALL TYPE Indicates the firewall VLAN type for port-based VLANs. Options
include:
none(
naap
enforceable
peering
CLUSTER ID Indicates the firewall cluster ID.
314725-E Rev 00
Displaying forwarding database information
To display forwarding database information for the specified VLAN, enter the
following command:
show vlan info fdb-entry [<vid>] [mac <value>] [port

<value>]
where:
<vid> is the VLAN ID from 1 to 4 092.
port <port-list> is the port or range of ports in slot/port format.
mac <value> is the MAC address.
The <vid>, port, and mac are optional parameters.
Figure 138 shows sample output for the show vlan info fdb-entry
command.
Figure 138 Show vlan info fdb-entry command output
ERS-8606:5# show vlan info fdb-entry 1
=============================================================================
Vlan Fdb
=============================================================================
VLAN MAC QOS SMLT
-----------------------------------------------------------------------------
1 learned 00:00:50:0d:6b:82 Port-2/7 false 1 false
1 out of 1 entries in all fdb(s) displayed.
ERS-8606:5#
See the appropriate section in Table 59 on page 334 for an explanation of each
heading in the previous figure.

Displaying forwarding database filters
To display the forwarding database filters for the specified VLAN, enter the
following command:
show vlan info fdb-filter [<vid>] [mac <value>] [port

<value>]
where:
The display includes the VLAN ID, the status, the VLAN MAC address, and the
ports from which the VLAN is not allowed to receive frames.
Figure 139 shows sample output for the show vlan info fdb-filter
command.
Figure 139 Show vlan info fdb-filter command output
ERS-8610:5# show vlan info fdb-filter 1

=====================================================================
Vlan Filter
=====================================================================
VLAN MAC QOS DEST_DISCARD
SRC_DISCARD
ID STATUS ADDRESS PORT LEVEL PCAP SET
SET
---------------------------------------------------------------------
1 permanent 00:13:83:89:22:03 8/7 1 Enable
ERS-8610:5#
314725-E Rev 00
Displaying database status, MAC address, and QoS levels
To display the static forwarding database status, the VLAN MAC address, and the
QoS level for the specified VLAN, enter the following command:
show vlan info fdb-static [<vid>] [mac <value>] [port

<value>]
where:
Figure 140 shows sample output for the show vlan info fdb-static
command.
Figure 140 Show vlan info fdb-static command output
ERS-8606:5:# show vlan info fdb-static 1
============================================================================
Vlan Static
============================================================================
VLAN MAC QOS
ID STATUS ADDRESS PORT MONITOR LEVEL
----------------------------------------------------------------------------
1 learned 08:12:20:38:4e:76 1/1 1/2 7
ERS-8606:5

Displaying additional parameters
To display additional parameters for the specified VLAN or all VLANs, enter the
following command:
show vlan info advance [<vid>] [port <value>]
where:
vid is the VLAN ID from 1 to 4 092,
port <value> is the port or range of ports.
Entering a vid or port <value> is optional. When you enter a vid or port
<value>, the command shows information for the specified VLAN or port.
Without the vid or port <value>, the command shows information for all the
configured VLANs.
All zeros in the MAC ADDRESS column indicate that there is no IP address
associated with that VLAN.
Figure 141 on page 351 shows sample output for the show vlan info
advance command.
314725-E Rev 00
Figure 141 Show vlan info advance command output
ERS-8610:5# show vlan info advance
=============================================================================
Vlan Advance
=============================================================================
VLAN IF QOS AGING MAC USER
ID NAME INDEX LVL TIME ADDRESS ACTION RESULT DEFINEPID E
NCAP
------------------------------------------------------------------------------
1 Default 2049 1 0 00:00:00:00:00:00 none none 0x0000
2 VLAN-2 2051 1 0 00:12:83:89:22:01 none none 0x0000
3 VLAN-3 2052 1 0 00:00:00:00:00:00 none none 0x0000
100 100 2054 1 0 00:00:00:00:00:00 none none 0x0000
3999 VLAN-3999 2053 1 0 00:00:00:00:00:00 none none 0x0000
VLAN
ID DSAP/SSAP
------------------------------------------------------------------------------
1
2
3
100
3999
ERS-8610:5#
Displaying ARP configurations
To display the Address Resolution Protocol (ARP) configuration for all VLANs or
the specified VLAN, enter the following command:
show vlan info arp [<vid>] [port <value>]

where:
configured VLANs.
Figure 142 shows sample output for the show vlan info arp command.
Figure 142 Show vlan info arp command output
ERS-8610:5# show vlan info arp 1
==============================================================
Vlan Arp
==============================================================
VLAN ID DOPROXY DORESP NLB-UNIAST-MODE
--------------------------------------------------------------
1 false true false
Displaying VLAN information
To display the basic configuration for all VLANs or a specified VLAN, enter the
following command:
show vlan info basic [<vid>] [port <value>]
where:
configured VLANs.
314725-E Rev 00
Figure 143 shows sample output for the show vlan info basic command.
Figure 143 Show vlan info basic command output

ERS-8606:5# show vlan info basic
==============================================================================
Vlan Basic
==============================================================================
VLAN STG
------------------------------------------------------------------------------
1 Default byPort 1 none N/A N/A
4093 VLAN-4093 byPort 64 none N/A N/A
Displaying brouter port information
To display the brouter port VLAN information for all VLANs on the switch or for
the specified VLAN, enter the following command:
show vlan info brouter-port [port <value>]
where:
port <value> is the portlist {slot/port[-slot/port][,...]}. Entering a value is
optional. When you enter a value, the command shows information for the
specified port. Without the value, the command shows information for all the
configured VLANs.
This command is available only for the Ethernet Routing Switch 8600.
Figure 144 on page 354 shows sample output for the show vlan info
brouter-port command.

Figure 144 Show vlan info brouter-port command output

ERS-8606:5# show vlan info brouter-port port 1/1
Vlan Id Port
======= ====
2090 1/1
ERS-8606:5#
Displaying IGMP switch operation information
To display information about IGMP operation in the switch, enter the following
command:
show vlan info igmp [<vid>] [port <value>]
where:
configured VLANs.
314725-E Rev 00
Figure 145 shows sample output for the show vlan info igmp command.
Figure 145 Show vlan info igmp command output
ERS-8606:5# show vlan info igmp 1
=============================================================================
Vlan Ip Igmp
=============================================================================
VLAN QUERY QUERY ROBUST VERSION LAST PROXY SNOOP SSM FAST FAST
ID INTVL MAX MEMB SNOOP ENABLE SNOOP LEAVE LEAVE
RESP QUERY ENABLE ENABLE ENABLE PORTS
-----------------------------------------------------------------------------
1 125 100 2 2 10 false false false false
ERS-8606:5#
Displaying VLAN routing (IP) configuration
To display the routing (IP) configuration for all VLANs on the switch or for the
specified VLAN, enter the following command:
show vlan info ip [<vid>] [port <value>]
where:
configured VLANs.

Figure 146 shows sample output for the show vlan info ip command.
Figure 146 Show vlan info ip command output

ERS-8606:5# show vlan info ip
=============================================================================
Vlan Ip
=============================================================================
VLAN IP NET BCASTADDR REASM ADVERTISE DIRECTED
ID ADDRESS MASK FORMAT MAXSIZE WHEN_DOWN BROADCAST
-----------------------------------------------------------------------------
1 192.32.253.1 255.255.255.0 ones 1500 disable enable
ERS-8606:5#
Displaying port member status
To display the port member status for all VLANs on the switch or for the specified
VLAN, enter the following command:
show vlan info ports [<vid>] [port <value>]
where:
configured VLANs.
A port can be an active member, a static member, or a not-allowed member.
314725-E Rev 00
Figure 147 shows sample output for the show vlan info ports command.
Figure 147 Show vlan info ports command output
ERS-8606:5# show vlan info ports
=============================================================================
Vlan Port
=============================================================================
-----------------------------------------------------------------------------
1 2/1-2/8,4/1-4/30 2/1-2/8,4/1-4/30
=============================================================================
Vlan ATM VPort
=============================================================================
-----------------------------------------------------------------------------
=============================================================================
Ospf Passive Port Members
=============================================================================
VLAN PORT NUM
-----------------------------------------------------------------------------
1
ERS-8606:5#
Displaying source MAC addresses
To display the source MAC address for any source MAC-based VLANs on the
switch, or for the specified VLAN, if it is source MAC-based, enter the following
command:
show vlan info srcmac [<vid>] [port <value>]

where:
configured VLANs.
Figure 148 shows sample output for the show vlan info srcmac command.
Figure 148 Show vlan info srcmac command output
ERS-8606:5# show vlan info srcmac
============================================================================
Vlan Srcmac
============================================================================
VLAN_ID MAC_ADDRESS
1 00:13:83:89:22:03
2 00:00:00:00:00:00
ERS-8606:5#
Using the show ports commands for VLANs

To obtain configuration port information about all VLANs on the switch or
specified VLANs, use the show ports commands.
• “Displaying port tagging information” on page 359

• “Displaying all port VLAN information” on page 360
314725-E Rev 00
Displaying port tagging information
To display VLAN port tagging information, enter the following command:
show ports info vlans [vlan <value>] [port <value>]
where:
vlan <value> is the VLAN ID from 1 to 4092,

Entering a vlan <value> or port <value> is optional. When you enter a

vlan <value> or port <value>, the command shows information for the
specified VLAN or port. Without the vlan <value> or port <value>, the
command shows information for all the configured VLANs.
Figure 149 shows sample output for this command.
Figure 149 Show ports info vlan command output
ERS-8603:3/show/ports/info# vlans
===============================================================
Port Vlans
===============================================================
PORT DISCARD DISCARD DEFAULT VLAN PORT UNTAG
NUM TAGGING TAGFRAM UNTAGFRAM VLANID IDS TYPE DEFVLAN
---------------------------------------------------------------
1/1 disable false false 1 1 normal disable
Table 60 shows the field descriptions for this command.
Table 60 Show ports info vlan parameters
Field Description
PORT NUM Indicates the port and slot number.

TAGGING Indicates the state of ingress and egress tagging on the port.

Table 60 Show ports info vlan parameters (continued)
Field Description
DISCARD TAGFRAM Indicates the state of how to process tagged frames received
on this access port. When the flag is set, these frames are
discarded by the forwarding process. When the flag is reset,
these frames are processed normally. This only applies when
the port is a trunk port.
DISCARD UNTAGFRAM Indicates the state of how to process untagged frames
received on this trunk port. When the flag is set, these frames
are discarded by the forwarding process. When the flag is
reset, these frames are assigned to the default VLAN ID
specified by Default VlanId. This only applies when the port is
a trunk port.
DEFAULT VLANID Indicates the VLAN ID assigned to untagged frames received
on this trunk port. This only applies when the port is a trunk
port.
VLAN IDS Indicates the VLANs assigned to this port.
PORT TYPE Indicates the type of port: normal, UNI, or NNI.
UNTAG DEFVLAN Indicates the status of egress tagging on the default VLAN
port.
Displaying all port VLAN information
To display all port VLAN information, enter the following command:
show ports info all [vlan <value>] [port <value>] [by

<value>]
where:
vlan <value> is the VLAN ID from 1 to 4092

port <value> is the port or range of ports
by <value> is the group ID.
Entering a vlan <value>, port <value> or by <value> is optional.

When you enter a vlan <value>, port <value> or by <value>, the
command shows information for the specified VLAN, port, or group ID. Without
optional parameters, the command shows information for all the configured
VLANs.
314725-E Rev 00
Figure 150 Show ports info port all command output
ERS-8610:5# show ports info all port 1/1
=============================================================================
Port Interface
=============================================================================
PORT LINK PORT PHYSICAL STATUS
NUM INDEX DESCRIPTION TRAP LOCK MTU ADDRESS ADMIN OPERATE
-----------------------------------------------------------------------------
1/1 64 1000BaseTX true false 1950 00:12:83:89:20:00 up down
=============================================================================
Port Name
=============================================================================
PORT OPERATE OPERATE OPERATE
NUM NAME DESCRIPTION STATUS DUPLX SPEED VLAN
-----------------------------------------------------------------------------
1/1 1000BaseTX down half 0 Access
=============================================================================
Port Config
=============================================================================
PORT AUTO SFFD ADMIN OPERATE DIFF-SERV QOS BLOCK MLT

VENDOR DUAL SMLT ADMIN OPERATE AUTO
NUM TYPE NEG. DUPLX SPD DUPLX SPD EN TYPE LVL TFR ID
NAME CONN ID ROUTING ROUTING RECOVER
-----------------------------------------------------------------------------
1/1 1000BaseTX true false half 10 0 fals core 1 false 0
N/A 0 Enable Disable Disable
=============================================================================
Port State
=============================================================================
PORT NUM ADMINSTATUS PORTSTATE REASON DATE
-----------------------------------------------------------------------------
1/1 up down -- 03/13/06 22:31:41
=============================================================================
Port Arp
=============================================================================

Table 59 on page 334 shows the field descriptions for this command.
Using the VLAN IP commands

The VLAN IP commands described in this section are general routing commands
for the VLAN. Other VLAN commands are included in the sections of this
manual that describe commands used with a specific protocol or feature.
Assigning an IP address to a VLAN
To assign an IP address to a VLAN, use the following command:
config vlan <vid> ip
where:
vid is the VLAN ID from 1 to 4 092. Entering a vid is optional. When you
enter a vid, the command shows information for the specified VLAN. Without
the vid, the command shows information for all the configured VLANs.

followed by:
directories.
create <ipaddr|mask> Assigns an IP address and subnet mask to the VLAN.
[mac_offset <value>] • <ipaddr|mask> is the IP address and mask
{a.b.c.d}.
• mac_offset <value> is a user-assigned
MAC address. This MAC address is in place of the
default MAC address.
314725-E Rev 00

followed by:
delete <ipaddr> Deletes the specified VLAN address.
Rvs-Path-Chk Enables or disables reverse path checking.
<enable|disable> [mode • <enable|disable> enables or disables
<value>] reverse path checking.
• mode <value> is the mode for reverse path
checking—exist-only or strict.
See Configuring and Managing Security for more
information about Reverse Path Checking.
Figure 151 shows sample output for the config vlan ip info command.
Figure 151 Config vlan ip info command output
ERS-8603:3/config/vlan/1/ip# info
Sub-Context: arp-response dhcp-relay directed-broadcast dvmrp igmp ospf pim
pgm proxy rip route-discovery rsmlt vrrp
Current Context:
create : 10.1.1.1/255.255.255.0 mac_offset 1
delete : N/A

314725-E Rev 00
365
Chapter 8
Configuring sVLANs using the CLI
The stacked VLAN (sVLAN) protocol transparently transports packets through an

sVLAN domain by adding an additional 4-byte header to each packet.
This section describes how to configure sVLANs using the command line
interface (CLI) and includes the following topics:
Topic Page
Roadmap of sVLAN commands 366

Overview of sVLAN CLI configuration 367
Creating an sVLAN 368
Setting the Ethertype and switch level 370
Showing Ethertype and switch level information 371
Setting the sVLAN port type 373
Creating an sVLAN STG 376
For conceptual information about sVLANs, see “Stacked VLANs” on page 59.

366 Chapter 8 Configuring sVLANs using the CLI
Roadmap of sVLAN commands

The following roadmap lists the VLAN commands and their parameters. Use this
list as a quick reference or click on any entry for more information.
Command Parameter
config svlan info
ether-type level <value>
<ethertype>
level <level>
show svlan info ether-type

show svlan info active-level
config ethernet <ports> info

svlan-porttype <normal|uni|nni>
config stg <sid> info

add ports <value>
create [<ports>] [vlan <value>]
[mac <value>] [type <value>] [ntstg
<value>]
delete
forward-delay <timeval>
group-stp <enable|disable>
hello-interval <timeval>
max-age <timeval>
priority <number>
remove ports <value>
trap-stp <enable|disable>
config stg <sid> add ports <ports>
314725-E Rev 00
Chapter 8 Configuring sVLANs using the CLI 367
Command Parameter
config vlan <vid> create bysvlan <sid> [name <value>] [color
<value>]
bysvlan-mstprstp <instance-id>
Overview of sVLAN CLI configuration

Follow these steps to create an sVLAN using the CLI:
Note: You must follow these steps in sequence to configure an sVLAN.
1 Set the sVLAN switch level to 1 or higher.

For more information, see “Setting the Ethertype and switch level” on
page 370.
2 Configure user-to-network interface (UNI) and network-to-network-interface

(NNI) ports.
For more information, see “Setting the sVLAN port type” on page 373.
3 Create a spanning tree group (STG) of type sVLAN and set the tagged BPDU
address as different from the standardized BPDU address.
For more information, see “Creating an sVLAN STG” on page 376.
4 Add UNI or NNI ports to the STG.

For more information, see “Adding UNI or NNI ports to the STG” on
page 378.
5 Create a VLAN of type sVLAN within the STG created in Step 3 and add
ports to it.
For more information, see “Creating an sVLAN” on page 368.

Creating an sVLAN
To create a VLAN of type sVLAN, use the following command:
This command allows you to specify the type of VLAN. The required parameter
vid is the VLAN ID. VLAN 1 is the default VLAN.

followed by:
bysvlan <sid> [name Creates an sVLAN.
<value>] [color • <sid> is spanning tree ID.
<value>]
• name <value> is the name of the VLAN from
0 to 20 characters.
• color <value> is the color of the VLAN (0 to
32). The color attribute is used by Optivity software
to display the VLAN.
bysvlan-mstprstp Creates an sVLAN.
<value>] [color 63.
<value>]
• name <value> is the name of the sVLAN.
• color <value> is the color of the sVLAN from
0 to 32. The color attribute is used by Optivity
Figure 152 on page 369 shows sample output for the config vlan info
command.
314725-E Rev 00
Figure 152 Config vlan info command output

ERS-8606:5/config/vlan/2# create bysvlan 2 name SVLAN2 color 11
Sub-Context: clear config dump monitor show test trace wsm asfm
sam
Current Context:
action : N/A
add-mlt :
addDsapSsap :
agetime : N/A
delete : N/A
qoslevel : 1
name : SVLAN2
Security-vlan-type : none
Cluster : 0
Figure 153 on page 370 uses all the commands required to create an sVLAN.
Note: You must enter the commands in sequence.

Figure 153 Sample command output for creating an sVLAN
ERS-8606:5# config svlan level 3

ERS-8606:5# config ethernet 2/1 svlan-porttype uni
warning: Ports 2/1 may be removed from all the Vlans and Stgs. Do you want to
continue? (y/n) ? y
ERS-8606:5# config stg 9 create mac 01:90:c2:00:00:00 type stgsvlan
ERS-8606:5# config vlan 1476 create bysvlan 9 name SVLAN2 color 11
ERS-8606:5# config stg 9 add ports 2/3
ERS-8606:5#
Setting the Ethertype and switch level

To set the Ethertype and switch level, use the following command:
config svlan
For sVLAN configurations, you must set the switch level to 1 or higher.
The config svlan command includes the following parameters:
config svlan
followed by:
info Shows current configuration information for an sVLAN
(Figure 154).
ether-type level Sets an sVLAN tag for a switch level.
<value> <ethertype> • <value> is an integer value in the range of 1 to
7.
• <ethertype> is a hex value in the range of
0x5dd to 0xffff.
level <level> Specifies the switch level associated with this sVLAN.
• <level> is an integer value in the range of 0 to
7. Level 0 (normal port) 802.1Q frames are
classified into port-based VLANs.
Level 1 to 7: any frame type is transparently switched
and an additional Ethertype 4 bytes is added.
The default level is 0.
314725-E Rev 00
Figure 154 shows the config svlan info command output.
Figure 154 Config svlan info command output
ERS-8606:5# config svlan info
Current Context:
LEVEL ETHER-TYPE
0 0x8100
1 0x8020
2 0x8030
3 0x8040
4 0x8050
5 0x8060
6 0x8070
7 0x8080
Active-Level = 0
ERS-8606:5
Showing Ethertype and switch level information

To display sVLAN Ethertype and level information, use the following commands:
show svlan info ether-type

show svlan info active-level

Figure 155 shows sample output for the show svlan info ether-type and
active-level commands.
Figure 155 Show svlan info command output
ERS-8610:5# show svlan info ether-type
===========================================================================
Stacked Vlan Ether Type
===========================================================================
LEVEL ETHER-TYPE
---------------------------------------------------------------------------
0 0x8100
1 0x8020
2 0x8030
3 0x8040
4 0x8050
5 0x8060
6 0x8070
7 0x8080
ERS-8610:5# show svlan info active-level

Active-Level = 0
ERS-8610:5#
Table 61 describes the fields for this command.
Table 61 Show svlan info ether-type parameters
Field Description
LEVEL Indicates the value that identifies the switch level associated with this
entry.
ETHER-TYPE Indicates the ether type value used for sVLAN tagging.
314725-E Rev 00
Setting the sVLAN port type

You must set the sVLAN port type to sVLAN UNI or sVLAN NNI.
To set the sVLAN port type, use the following command:
config ethernet <ports> svlan-porttype <normal|uni|nni>
Note: Because each OctaPID can support up to eight ports, you must
designate all ports within an OctaPID as either normal or sVLAN (that
is, the ports can be all Normal or a combination of UNI/NNI within the
Octapid, which can be up to eight ports). See Appendix A, “Tap and
OctaPID assignment (Release 3.x feature set) and “Configuring sVLANs
using the CLI” on page 365.
The warning shown in Figure 156 appears.
Figure 156 sVLAN-porttype warning
ERS-8606:5# config svlan level 1

ERS-8606:5# config ethernet 10/12 svlan-porttype uni
warning: Ports 10/9-10/16 may be removed from all the Vlans and
Stgs. Do you want to continue? (y/n) ? y
ERS-8606:5#
When you configure a UNI port in the CLI, the tagged-frames-discard parameter
is automatically enabled. Similarly, when you configure an NNI port in the CLI,
the untagged-frames-discard parameter is automatically enabled.
The
config ethernet <ports>

command includes the following parameters:
config ethernet <ports>

followed by:
info Shows the current port settings (Figure 157).
svlan-porttype Sets the port type for the sVLAN to normal,
<normal|uni|nni> user-to-network interface (UNI), or network-to-network
interface (NNI). The default is normal.
Figure 157 shows sample output for the config ethernet <ports> info
command.
314725-E Rev 00
Figure 157 Config ethernet <ports> info command output

ERS-8606:5/config/ethernet/4/1# info
Sub-Context: eapol fw-isd ip ipv6 ipx lacp limit-fdb-learning

mroute-limit multimedia pcap remote-mirroring smlt stg
unknown-mac-discard vlacp
Current Context:
Port 4/1 :
lock : false
block-traffic : false
name :
auto-negotiate : true
enable-diffserv : false
access-diffserv : false
qos-level : 1
routing : enable
unknown-mac-discard : disable
high-secure : false
default-vlan-id : 1
untag-port-default-vlan : disable
tagged-frames-discard : disable
untagged-frames-discard : disable
loop-detect : disable action port-down
arp-detect disable
state : up
linktrap : enable
multicast-bandwidth-limit : disabled
broadcast-bandwidth-limit : disabled
tx-flow-control : disabled
sffd : disabled
cp-limit : enabled multicast-limit 10000
broadcast-limit 10000
shape : disabled
802.1p-override : disable
auto-recover-port : disable
ext-cp-limit : None threshold-util-rate 50
ERS-8606:5#

Creating an sVLAN STG

To set a tagged bridge protocol data unit (BPDU) address different from the
standardized BPDU address and create an sVLAN STG, use the following
command:
config stg <sid>
The config stg <sid> command configures parameters for a specified

spanning tree group, where <sid> is the spanning tree group ID.
The config stg <sid> command includes the following parameters:
config stg <sid>

followed by:
info Shows current configuration information.
add ports <value> Adds ports for the STG.
• <value> is the port list.
create [<ports>] [vlan Creates a new STG.
<value>] [mac <value>] • <ports> specifies one or more ports.
[type <value>] [ntstg • vlan <value> is the tagged BPDU
<value>] VLAN ID. If a VLAN spans multiple
switches, it must be within the same STG
across all switches.
• mac <value> is the tagged BPDU
MAC address.
• type <value> sets the STG to
normal or sVLAN. Choices are
stgsvlan or stgnormal.
• ntstg <value> enables or disables
NTSTG. Choices are enable or
disable.
delete Deletes an STG.
forward-delay <timeval> Bridges forward delay time for the STG.
• <timeval> is the number in hundredths
of a second.
group-stp <enable|disable> Enables or disables STP for a specific STG.
hello-interval <timeval> Bridge hello time for the STG.
of a second.
314725-E Rev 00
config stg <sid>

followed by:
max-age <timeval> Bridges maximum age time for the STG.
of a second.
priority <number> Bridges priority for the STG.
• <number> is the priority number.
remove ports <value> Removes ports for the STG.
• <value> is the port list.
trap-stp <enable|disable> Enables or disables STP traps for a specific
STG.
Figure 158 on page 378 shows sample output for the config stg info
command.

Figure 158 Config stg info command output
ERS-8606:5# config stg 1 info
Current Context:
add ports : 2/1-2/8,4/1-4/30

create : 1
delete : N/A
forward-delay : 1500
group-stp : true
hello-interval : 200
max-age : 2000
priority : 32768
remove ports : N/A
trap-stp : true
type : normal
nt-stg : enable
ERS-8606:5#
Adding UNI or NNI ports to the STG
To add UNI or NNI ports to the STG, use the following command:
config stg <sid> add ports <ports>
The config stg <sid> command configures parameters for a specified

spanning tree group, where <sid> is the spanning tree group ID.
The config stg <sid> command includes the following options:
config stg <sid>

followed by:
add ports <ports> Adds ports to a STG.
• <ports> specifies one or more ports.
314725-E Rev 00
379
Chapter 9
Configuring STGs using the CLI
You can set up spanning tree groups (STG) by using the spanning tree group
commands. You can set parameters for a group and for ports in that group. You
can also enable or disable the Spanning Tree Protocol in an STG.
The Ethernet Routing Switch 8600 modules support up to 64 STGs in a switch.
This section includes information about configuring STG and its parameters by
using the appropriate commands and includes the following topics:
Topic Page
Roadmap of spanning tree commands 380

Configuring the spanning tree protocol mode 384
Configuring Spanning Tree Protocol 385
Configuring Rapid Spanning Tree Protocol 403
Configuring Multiple Spanning Tree Protocol 413
For conceptual information about spanning tree protocols, see “Spanning tree
protocols” on page 66.

380 Chapter 9 Configuring STGs using the CLI
Roadmap of spanning tree commands

The following roadmap lists all spanning tree commands and their parameters.
Use this list as a quick reference or click on any entry for more information:
Command Parameter
config bootconfig flags
spanning-tree-mode
<rstp|mstp|default>
config rstp info

force version <stp-compatible|rstp>
forward-delay <number>
hello-time <number>
max-age <number>
pathcost-type <16-bit|32-bit>
priority <number>
tx-holdcount <number>
show rstp config

show rstp stats
show rstp status
show ports info rstp config [vlan

show ports info rstp config [vlan
show ports info rstp stats [vlan
show ports info rstp role port
<portlist>
314725-E Rev 00
Chapter 9 Configuring STGs using the CLI 381
Command Parameter
config eth <portlist> rstp info
edge-port <true|false>
p2p <forcetrue|forcefalse|auto>
pathcost <value>
priority <value>
protocol-migration <true|false>
stp <enable|disable>
config mstp info

pathcost-type <16-bit|32-bit>
hop count <number>
tx-holdcount <number>
config mstp region info
name <string>
revision <number>
config-id-sel <number>
config mstp cist info
force-version
<stp-compatible|rstp|mstp>
forward-delay <number>
max-age <number>
priority <number>
config mstp msti <instid> info
priority
show mstp config
show mstp instance <instid>
show mstp stats
show mstp status

Command Parameter
show ports info mstp cistinfo [vlan <value>] [port
<value>]
mstiinfo [vlan <value>] [port
<value>]
ciststat [vlan <value>] [port
<value>]
mstistat [vlan <value>] [port
<value>]
cistrole [vlan <value>] [port
<value>]
mstirole [vlan <value>] [port
<value>]
config eth <portlist> mstp cist info

edge-port <true|false>
forceportstate <enable|disable>
hello-time <value>
p2p <forcetrue|forcefalse|
protocol-migration <true|false>
priority <value>
pathcost <number>
config eth <portlist> mstp msti info

<instid>
priority <value>
pathcost <value>
forceport state <enable|disable>
config stg <sid> info

add ports <ports>
create [<ports>] [vlan <value>]
[mac <value>] [type <value>] [ntstg
<value>]
314725-E Rev 00
Command Parameter
delete
forward-delay <timeval>
hello-interval <timeval>
max-age <timeval>
priority <number>
remove ports <value>
trap-stp <enable|disable>
config ethernet <ports> stg <sid> info

change-detection <enable|disable>
faststart <enable|disable>
pathcost <intval>
priority <intval>
stp <enable|disable>
faststart <enable|disable>
show stg show-all
show stg info config <sid>
show stg info status <sid>
show ports info stg main [vlan

show ports info stg extended [vlan
show ports stats stg <ports>

Configuring the spanning tree protocol mode

There are three spanning tree protocol modes on the Ethernet Routing Switch
8600: Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol
(MSTP), and Legacy (Spanning Tree Protocol). To set the spanning tree mode of
the switch, use the following command:
config bootconfig flags spanning-tree-mode

<rstp|mstp|default>
where:
rstp|mstp|default are the Spanning Tree modes RSTP, MSTP, and Legacy.
The default is Legacy.
Note: To change the spanning tree mode, you must use the commands
save bootconfig to save the boot configuration and boot to reboot
the switch. You must start a new session on the switch.
Figure 159 shows sample command line output for changing the spanning tree
mode to RSTP.
Figure 159 Spanning tree mode commands

ERS-8606:5# config bootconfig flags spanning-tree-mode rstp
Warning: Please save boot configuration and reboot the switch
for this to take effect.
ERS-8606:5# save boot
Save bootconfig to file /flash/boot.cfg successful.
ERS-8606:5# boot
Are you sure you want to re-boot the switch (y/n) ? y
The config bootconfig flags spanning-tree-mode command is in the

CLI Global configuration mode.
314725-E Rev 00
Configuring Spanning Tree Protocol

The operation of the Spanning Tree Protocol (STP) is defined in the IEEE 802.1d
standard. The STP detects and eliminates logical loops in a bridged or switched
network. When multiple paths exist, the spanning tree algorithm configures the
network so that a bridge or switch uses only the most efficient path. If that path
fails, the protocol automatically reconfigures the network and makes another path
active, which sustains network operations.
Spanning Tree Protocol is the default spanning tree protocol used by the Ethernet
Routing Switch 8600. This section includes the following topics:
• “Configuring spanning tree group parameters”

• “Configuring STG port parameters” on page 387
• “Configuring topology change detection” on page 389
• “Using the show STG commands” on page 392
Configuring spanning tree group parameters
To configure parameters for a specified spanning tree group, enter the following
command:
config stg <sid>
where:
sid is the spanning tree group ID.
config stg <sid>

followed by:
info Shows characteristics of the spanning tree group.
add ports <ports> Adds port to a spanning tree group.
• <ports> specifies one or more slot/port
numbers.
Ports can not be added to the STG if they are:
• configured as Single Port SMLT
• configured as members of another STG

config stg <sid>

followed by:
create [<ports>] [vlan Creates a new spanning tree group.
<value>] [mac <value>] • <ports> specifies one or more slot/port
[type <value>] [ntstg numbers.
<value>] Note: Ports cannot be added to the STG if
configured as Single Port SMLT, or as a member of
another STG.
• vlan <value> is the VLAN ID. If a VLAN
spans multiple switches, it must be within the
same STG across all switches.
• mac <value> is the MAC address.
• type <value> is the type of STG. Choices
are stgnormal or stgsvlan.
• ntstg <value> enables or disables STP.
Choices are enable or disable.
delete Deletes the specified spanning tree group.
forward-delay <timeval> Sets the bridge forward delay time in hundredths of
a second. The default is 1500 (15 seconds).
group-stp Enables or disables the Spanning Tree Protocol on
<enable|disable> the specified spanning tree group.
hello-interval <timeval> Sets the bridge hello time in hundredths of a

second. The default is 200 (2 seconds).
max-age <timeval> Sets the bridge maximum age time in hundredths
of a second. The default is 2000 (20 seconds).
priority <number> Sets the bridge priority number.
• <number> is between 0 and 65535.
remove ports <value> Removes ports from a spanning tree group.
• <value> is the specified port.
trap-stp Enables or disables the Spanning Tree Protocol
<enable|disable> trap for the specified spanning tree group.
Note: Disabling the Spanning Tree Protocol can reduce CPU overhead
slightly. However, unless you are using the switch in a simple network
with little possibility of looping, Nortel recommends that you leave the
Spanning Tree Protocol enabled.
314725-E Rev 00
Figure 160 shows sample output for the config stg info command.
Figure 160 Config stg info command output
ERS-8606:5# config stg 1 info
Current Context:
add ports : 2/1-2/8,4/1-4/30

create : 1
delete : N/A
group-stp : true
hello-interval : 200
max-age : 2000
priority : 32768
remove ports : N/A
trap-stp : true
type : normal
nt-stg : enable
ERS-8606:5#
Configuring STG port parameters
Ports must have tagging enabled to belong to multiple spanning tree groups.
Note: Nortel recommends that you enable FastStart as an alternative to

disabling Spanning Tree Protocol on an individual port. The Spanning
Tree Protocol is currently not supported on SMLT/IST ports, and must be
disabled.
To configure spanning tree group port parameters, enter the following command:
config ethernet <ports> stg <sid>

where:
<ports> is the slot/port you want to add to the STG.
<sid> is the spanning tree group ID.
config ethernet <ports> stg <sid>

followed by:
info Shows current settings for the port spanning
tree group.
faststart <enable|disable> Enables or disables the FastStart feature. When
FastStart is enabled, the port goes through the
normal listening and learning states before
forwarding, but the hold time for these states is
the bridge hello timer (2 seconds by default)
instead of the bridge forward delay timer (15
seconds by default).
change-detection Enables or disables topology change detection
<enable|disable> for the specified spanning tree. The default is
enable.
pathcost <intval> Sets the contribution of this port to the path
cost.
• <intval> is the cost (1 to 65535).
priority <intval> Sets the priority of this port.
• <intval> is the priority (0 to 255).
Note: Although port priority values can range
from 0 to 255, only the following values are
used: 0, 16, 32, 48, 64, 80, 96, 112, 128, 144,
160, 176, 192, 208, 224, 240
stp <enable|disable> Enables or disables the Spanning Tree
Protocol.
Note: Spanning Tree Protocol must be disabled
on SMLT or IST ports.
To display the current settings for the spanning tree group, use the following
command:
314725-E Rev 00
where:
Figure 161 Config ethernet <slot/port> stg <sid> info command output
ERS-8606:5# config ethernet 4/1 stg 1 info
sam
Current Context:
Port 4/1 :
change-detection : enable
faststart : disable
pathcost : 100
priority : 128
stp : enable
ERS-8606:5#
Configuring topology change detection
Change detection is enabled by default. With change detection enabled, when a

topology change occurs, a trap is sent containing the MAC address of the STG
sending the topology change notification (TCN), the port number, and the STG
ID. You can use this information to identify the device. For more information
about change detection, see “Spanning Tree Protocol topology change detection”
on page 70.
To configure topology change detection, use the following command:
config ethernet <ports> stg <sid> change-detection

<enable|disable>

where:
If you enable change detection on an MLT with access ports, the setting is
automatically applied to all ports in the MLT.
Querying the change detection setting
To query the change detection setting, use the following command:
where:
Figure 161 on page 389 shows sample output for this command.
The show ports info stg main command (Figure 162 on page 391) also
shows the change detection setting.
314725-E Rev 00
Figure 162 Show ports info stg main command output
ERS-8606:5# show ports info stg main
==========================================================================
Port Stg
==========================================================================
ENABLE FORWARD CHANGE
SID PORT_NUM PRIO STATE STP FASTSTART PATHCOST TRANSITION DETECTION
--------------------------------------------------------------------------
1 2/1 128 forwarding false false 1 0 false
1 4/1 128 disabled true false 100 0 true
ERS-8606:5#
Table 62 explains the field parameters for this command.
Table 62 Show ports info stg main parameters
Field Description
SID Indicates the STG identifier this port is assigned to.

PORT_NUM Indicates the port number and slot.
PRIO Indicates the value of the priority field that is contained in the
first (in network byte order) octet of the (two octet long) port
ID.

Table 62 Show ports info stg main parameters (continued)
Field Description
STATE Indicates the port current state as defined by the application

of the Spanning Tree Protocol. This state controls what action
a port takes on reception of a frame. If the bridge has
detected a port that is malfunctioning it places that port into
the broken state. Options include:
• disabled
• blocking
• listening
• learning
• forwarding
• broken
ENABLE STP Indicates that the Spanning Tree Protocol is active in this
STG.
FASTSTART Indicates that the port is moved straight to the forwarding
state upon being enabled.
PATHCOST Indicates the contribution of this port to the path cost of paths
towards the spanning tree root which includes this port.
802.1d-1990 recommends that the default value of this
parameter be inversely proportional to the speed of the
attached LAN.
FORWARD TRANSITION Indicates the number of times this port has transitioned from
the learning state to the forwarding state.
CHANGE DETECTION Indicates if topology change notifications are sent for the port.
Using the show STG commands
To display the status of spanning tree on the switch or on a port, use the show
stg commands.
This section includes information on show commands:
• “Displaying all STG information” on page 393

• “Displaying STG configurations” on page 397
• “Displaying STG status” on page 398
• “Displaying basic STG information” on page 398
• “Displaying additional STG information” on page 399
• “Displaying STG statistics counters” on page 401
314725-E Rev 00
Displaying all STG information
To display all spanning tree group information, enter the following command:
show stg show-all
The command uses the syntax:
show stg show-all file <value>
where:
<value> is the filename to which the output will be redirected.

Figure 163 Show stg show-all sample output

SJ-ERS-8610:6/show/stg# show-all
# show stg info config
==================================================================
Stg Config
==================================================================
STG BRIDGE BRIDGE FORWARD ENABLE STPTRAP
ID PRIORITY MAX_AGE HELLO_TIME DELAY STP TRAP NT-STG
------------------------------------------------------------------
1 32768 2000 200 1500 true true enable
STG TAGGBPDU TAGGBPDU STG PORT

ID ADDRESS VLAN_ID TYPE MEMBER
------------------------------------------------------------------
1 01:80:c2:00:00:00 0 normal 1/1-1/48,7/1-7/3,8/1-8/8
Total number of STGs : 1
# show stg info status
==================================================================
Stg Status
==================================================================
STG BRIDGE NUM PROTOCOL TOP
ID ADDRESS PORTS SPECIFICATION CHANGES
------------------------------------------------------------------
1 00:12:83:89:20:01 59 ieee8021d 0
STG DESIGNATED ROOT ROOT MAX HELLO HOLD FORWARD

ID ROOT COST PORT AGE TIME TIME DELAY
------------------------------------------------------------------
1 80:00:00:12:83:89:20:01 0 cpp 2000 200 100 1500
Table 63 explains the field headings for this command output.
Table 63 Show stg show-all parameters
Field Description
Stg Config
STG ID Indicates the STG identifier.
314725-E Rev 00
Table 63 Show stg show-all parameters (continued)
Field Description
PRIORITY Indicates the value of the priority field that is contained in the
first (in network byte order) octet of the two octet long port ID.
BRIDGE MAX_AGE Indicates the value that all bridges use for the bridge
maximum age when this bridge acts as the root.
BRIDGE HELLO_TIME Indicates the value that all bridges use for the bridge hello
timer when this bridge acts as the root.
FORWARD DELAY Indicates the value that all bridges use for forward delay when
this bridge acts as the root. This time value, measured in
units of hundredths of a second, controls how fast a port
changes its spanning state when moving towards the
forwarding state. The value determines how long the port
stays in each of the listening and learning states, which
precede the forwarding state. This value is also used, when a
topology change is detected and is underway, to age all
ENABLE STP Indicates that the Spanning Tree Protocol is active in this
STG.
STPTRAP TRAP Indicates the traps relating to the Spanning Tree Protocol
which are sent for this STG.
NT-STG Indicates the whether this STG is operating in Nortel mode or
in Cisco mode.
• enable—Nortel mode
• disable—Cisco mode
Stg Status
BRIDGE ADDRESS Indicates the MAC address used by this bridge when it must
be referred to in a unique fashion. Nortel recommends that
this be the numerically smallest MAC address of all the ports
that belong to this bridge.
NUM PORTS Indicates the number of ports controlled by this bridging
entity.
PROTOCOL Indicates the version of the Spanning Tree Protocol that is
SPECIFICATION used. The value decLb100 indicates the DEC LAN bridge 100
Spanning Tree protocol. IEEE 802.1d implementations will
return ieee8021d.
TOP CHANGES Indicates the total number of topology changes detected by
this bridge since the management entity was last reset or
initialized.

Table 63 Show stg show-all parameters (continued)
Field Description
DESIGNATED ROOT Indicates the bridge identifier of the root of the spanning tree
as determined by the Spanning Tree Protocol as executed by
this node. This value is used as the root identifier parameter
in all configuration Bridge PDUs originated by this node.
ROOT COST Indicates the cost of the path to the root as seen from this
bridge.
ROOT PORT Indicates the port number of the port that offers the lowest
cost path from this bridge to the root bridge.
MAX AGE Indicates the maximum age of Spanning Tree Protocol
information learned from the network on any port before it is
discarded, in units of hundredths of a second. This is the
actual value that this bridge is currently using.
HELLO TIME Indicates the amount of time between the transmission of
configuration bridge PDUs by this node on any port when it is
the root of the spanning tree or trying to become so, in units
of hundredths of a second. This is the actual value that this
bridge is currently using.
HOLD TIME Indicates the interval length during which no more than two
configuration bridge PDUs are transmitted by this node, in
units of hundredths of a second.
FORWARD DELAY Indicates the how fast (in hundredths of a second) a port
changes its spanning state when moving towards the
Forwarding state. The value determines how long the port
stays in each of the listening and learning states, which
precede the forwarding state. This value is also used, when a
topology change is detected and is underway, to age all
Note: This value is the one that this bridge is currently using,
in contrast to the bridge forward delay which is the value that
this bridge and all others would start using if this bridge were
to become the root.
314725-E Rev 00
Displaying STG configurations
To display the spanning tree group configuration for the switch or for the specified
spanning tree group, enter the following command:
The command syntax is:
where:
Figure 164 shows sample output for the show stg info config command.
Figure 164 Show stg info config command output
ERS-8606:5# show stg info config
==============================================================================
Stg Config
==============================================================================
STG BRIDGE BRIDGE FORWARD ENABLE STPTRAP
ID PRIORITY MAX_AGE HELLO_TIME DELAY STP TRAP NT-STG
------------------------------------------------------------------------------
1 32768 2000 200 1500 true true enable
STG TAGGBPDU TAGGBPDU STG PORT

ID ADDRESS VLAN_ID TYPE MEMBER
------------------------------------------------------------------------------
1 01:80:c2:00:00:00 0 normal 2/1-2/8,4/1-4/30
ERS-8606#
See Table 63 on page 394 for descriptions of the parameters for this command.

Displaying STG status
To display the spanning tree group status for the specified spanning tree group or
all STGs, enter the following command:
show stg info status <sid>
where:
Figure 165 shows sample output for the show stg info status command.
Figure 165 Show stg info status command output
ERS-8606:5# show stg info status
=============================================================================
Stg Status
=============================================================================
STG BRIDGE NUM PROTOCOL TOP
ID ADDRESS PORTS SPECIFICATION CHANGES
-----------------------------------------------------------------------------
1 00:80:2d:c0:90:01 38 ieee8021d 75
STG DESIGNATED ROOT ROOT MAX HELLO HOLD FORWARD

ID ROOT COST PORT AGE TIME TIME DELAY
-----------------------------------------------------------------------------
1 80:00:00:80:2d:c0:90:01 0 cpp 2000 200 100 1500

ERS-8606:5#
Displaying basic STG information
To display basic spanning tree group information about one or more specified
ports or about all ports, enter the following command:
show ports info stg main [vlan <value>] [port <value>]
314725-E Rev 00
where:
vlan <value> is the VLAN ID from 1 to 4 092,

(For more information about the show ports info stg extended command,
see “Displaying basic STG information” on page 398.)
Figure 166 shows sample output for the show ports info stg main
command.
Figure 166 Show ports info stg main command output
ERS-8606:5# show ports info stg main 4/1
==============================================================================
Port Stg
==============================================================================
ENABLE FORWARD CHANGE
SID PORT_NUM PRIO STATE STP FASTSTART PATHCOST TRANSITION DETECTION
------------------------------------------------------------------------------
ERS-8606:5#
Displaying additional STG information
To display additional spanning tree group information about the specified port or
about all ports, enter the following command:
show ports info stg extended [vlan <value>] [port <value>]

where:
vlan <value> is the VLAN ID from 1 to 4 092,

This information is less often used in switch monitoring than the information
obtained with the show ports info stg main command (page 398).
Figure 167 shows sample output for the show ports info stg extended
command.
Figure 167 Show ports info stg extended command output
ERS-8606:5# show ports info stg extended
=============================================================================
Port Stg Extended
=============================================================================
----------------------DESIGNATED----------------
SID PORT_NUM ROOT COST BRIDGE PORT
-----------------------------------------------------------------------------
1 2/1 80:00:00:80:2d:c0:90:01 0 80:00:00:80:2d:c0:90:01 80:80
1 2/2 80:00:00:80:2d:c0:90:01 0 80:00:00:80:2d:c0:90:01 80:81
1 2/3 80:00:00:80:2d:c0:90:01 0 80:00:00:80:2d:c0:90:01 80:82
Table 64 explains the parameters for this command.
Table 64 Show ports info stg extended parameters
Field Description

314725-E Rev 00
Table 64 Show ports info stg extended parameters (continued)
Field Description
DESIGNATED ROOT Indicates the bridge identifier of the root of the spanning tree
as determined by the Spanning Tree Protocol as executed by
this node. This value is used as the root identifier parameter
in all configuration bridge PDUs originated by this node.
DESIGNATED ROOT Indicates the cost of the path to the root as seen from this
COST bridge.
DESIGNATED BRIDGE Indicates the MAC address used by this bridge when it must
ADDRESS be referred to in a unique fashion. Nortel recommends that
this be the numerically smallest MAC address of all the ports
that belong to this bridge.
DESIGNATED ROOT Indicates the port number of the port that offers the lowest
PORT cost path from this bridge to the root bridge.
Displaying STG statistics counters
To display statistics counters for spanning tree groups on all ports or the specified
port, enter the following command:
show ports stats stg <ports>
where:
<ports> is the port or list of ports.
Figure 168 on page 402 shows sample output for the show ports stats stg
command.

Figure 168 Show ports stats stg command (partial output)

ERS-8606:5# show ports stats stg
==============================================================================
Port Stats Stg
==============================================================================
PORT IN_CONFIG IN_TCN IN_BAD OUT_CONFIG OUT_TCN
NUM BPDU BPDU BPDU BPDU BPDU
------------------------------------------------------------------------------
2/1 0 0 0 0 0
2/2 0 0 0 0 0
2/3 0 0 0 0 0
Table 65 explains the parameters for this command.
Table 65 Show ports stats stg extended parameters
Field Description

IN_CONFIG BPDU Indicates the number of configuration BPUs received by this
port.
IN_TCN BPDU Indicates the number of topology change notification BPUs
received by this port.
IN_BAD BPDU Indicates the number of bad BPUs received by this port.
OUT_CONFIG BPDU Indicates the number of Config BPUs transmitted by this port.
OUT_TCN BPDU Indicates the number of topology change notification BPUs
transmitted by this port.
314725-E Rev 00

Rapid Spanning Tree Protocol (RSTP) reduces the recovery time after a network
breakdown. For more information about MSTP, see “Rapid Spanning Tree
Protocol and Multiple Spanning Tree Protocol” on page 73.
This section describes the following topics:
• “Configuring Rapid Spanning Tree Protocol”

• “Showing RSTP config” on page 404
• “Showing RSTP stats” on page 405
• “Showing RSTP status” on page 406
• “Showing ports info RSTP config” on page 407
• “Showing ports info RSTP stats” on page 408
• “Showing ports info RSTP config” on page 410
• “Showing ports info RSTP role” on page 411
• “Configuring Ethernet RSTP” on page 412
To set the Rapid Spanning Tree Protocol (RSTP) parameters for the bridge, use
the following command:
config rstp
The config rstp command is in the CLI Global configuration mode.
Note: If you use the force version command to change the STP
version to MSTP or RSTP, you must reconfigure the Root Path Cost
parameter. It does not return to the default value when the version is
changed; instead, its value is changed to 65535.

config rstp
followed by:
directories.
force version Sets the RSTP bridge version; default is rstp.
<stp-compatible|rstp>
forward-delay <number> Sets the RSTP forward delay for the bridge from 400
to 3000 hundredths of a second.
group-stp Enables or disables RSTP for a specific STG.
<enable|disable>
hello-time <number> Sets the RSTP hello time delay for the bridge from
100 to 1000 hundredths of a second.
max-age <number> Sets the RSTP maximum age time for the bridge from
600 to 4000 hundredths of a second.
pathcost-type Sets the RSTP default pathcost version; default is 32
<16-bit|32-bit> bits.
priority <number> Sets the RSTP bridge priority from 0 to 61440 in steps
of 4096.
tx-holdcount <number> Sets the RSTP Transmit Hold Count from 1 to 10;
default is 3.
Showing RSTP config
To display the Rapid Spanning Tree Protocol (RSTP) configuration details, use
show rstp config
The show rstp config command is in the CLI Global configuration mode.
Figure 169 on page 405 shows sample output for the show rstp config
command.
314725-E Rev 00
Figure 169 Show rstp config command

ERS-8606:5# show rstp config
============================================================
RSTP Configuration
============================================================
Rstp Module Status : Enabled
Prority : 32768 (0x8000)
Stp Version : rstp Mode
Bridge Max Age : 20 seconds
Bridge Hello Time : 2 seconds
Bridge Forward Delay Time : 15 seconds
Tx Hold Count : 3
PathCost Default Type : 32-bit
ERS-8606:5#
Showing RSTP stats
To show RSTP statistics, use the following command:
show rstp stats
The show rstp stats command is in the CLI Global configuration mode.
Figure 170 on page 406 shows sample output for the show rstp stats
command.

Figure 170 Show rstp stats command
ERS-8606:5# show rstp stats
============================================================
RSTP Statistics
============================================================
Rstp UP Count : 1
Rstp Down Count : 0
Count of Root Bridge Changes : 0
Stp Time since Topology change: 487 seconds
Total No. of topology changes : 2
ERS-8606:5#
Showing RSTP status
To display the Rapid Spanning Tree Protocol (RSTP) related status information
for the selected bridge, use the following command:
show rstp status
This command is in the CLI Global configuration mode.
Figure 171 on page 407 shows sample output for the show rstp status
command.
314725-E Rev 00
Figure 171 Show rstp status command

ERS-8606:5# show rstp status
============================================================
RSTP Status Information
============================================================
Designated Root : 80:00:00:80:2d:c0:90:01
Stp Root Cost : 0
Stp Root Port : cpp
Stp Max Age : 20 seconds
Stp Hello Time : 2 seconds
Stp Forward Delay Time : 15 seconds
ERS-8606:5#
Showing ports info RSTP config
To display the Rapid Spanning Tree Protocol (RSTP) related port level
configuration details, use the following command:
show ports info rstp config [vlan <value>] [port <value>]
where:
vlan <value> is the VLAN ID, and
port <value> is a port or list of ports.
This command is in the CLI Global configuration mode.
Figure 172 on page 408 shows sample output for the show ports info rstp
config command.

Figure 172 Show ports info rstp config command output
ERS-8606:5# show ports info rstp config
============================================================
RSTP Port Configurations
============================================================
Port Number : 2/1
Port Priority : 128 (0x80)
Port PathCost : 20000
Port Protocol Migration : False
Port Admin Edge Status : False
Port Oper Edge Status : False
Port Admin P2P Status : Auto
Port Oper P2P Status : False
Port Oper Protocol Version : Rstp
Showing ports info RSTP stats
To display the Rapid Spanning Tree Protocol (RSTP) related port level statistics
show ports info rstp stats [vlan <value>] [port <value>]
where:
The show ports info rstp stats command is in the CLI Global
configuration mode.
stats command.
314725-E Rev 00
Figure 173 Show ports info rstp stats command

ERS-8606:5# show ports info rstp stats
=============================================================
RSTP Port Statistics
=============================================================
Port Number : 2/1
Number of Fwd Transitions : 1
Rx RST BPDUs Count : 0
Rx Config BPDU Count : 0
Rx TCN BPDU Count : 0
Tx RST BPDUs Count : 737
Tx Config BPDU Count : 0
Tx TCN BPDU Count : 0
Invalid RST BPDUs Rx Count : 0
Invalid Config BPDU Rx Count : 0
Invalid TCN BPDU Rx Count : 0
Protocol Migration Count : 0
Showing ports info RSTP status
To display the Rapid Spanning Tree Protocol (RSTP) related status information
for a selected port use the following command:
show ports info rstp status [vlan <value>] [port <value>]
where:
The show ports info rstp status command is in the CLI Global
configuration mode.
status command.

Figure 174 Show ports info rstp status command

ERS-8606:5# show ports info rstp status
==============================================================
RSTP Port Status
(Port Priority Vector)
==============================================================
Port Number : 2/1
Port Designated Root : 80:00:00:80:2d:c0:90:01
Port Designated Cost : 0
Port Designated Bridge : 80:00:00:80:2d:c0:90:01
Port Designated Port : 80:80
Showing ports info RSTP config
To display the Rapid Spanning Tree Protocol (RSTP) related configuration

information for the selected port use the following command:
show ports info rstp config [vlan <value>] [port <value>]
where:
The show ports info rstp config command is in the CLI Global
configuration mode.
config command.
314725-E Rev 00
Figure 175 Show ports info rstp config command

ERS-8610:5# show ports info rstp config
==============================================================
RSTP Port Configurations
==============================================================
Port Number : 1/1
Port Priority : 128 (0x80)
Port PathCost : 200000000
Port Protocol Migration : False
Port Admin Edge Status : False
Port Oper Edge Status : False
Port Admin P2P Status : Auto
Port Oper P2P Status : False
Port Oper Protocol Version : Rstp
ERS-8610:5#
Showing ports info RSTP role
To display the RSTP role, use the following command:
show ports info rstp role port <portlist>
where:
<portlist> is the port list.
The show ports info rstp role command is in the CLI Interface
configuration mode.
Figure 176 on page 412 shows the output for the show ports info rstp
command.

Figure 176 Show ports info rstp role command

ERS-8606:5# show ports info rstp role
=============================================================
RSTP Port Roles and States
=============================================================
Port-Index Port-Role Port-State PortSTPStatus PortOperStatus

-------------------------------------------------------------
2/1 Designated Forwarding Disabled Enabled
4/1 Disabled Discarding Enabled Disabled
Configuring Ethernet RSTP
To set RSTP parameters for the port, use the following command:
config eth <portlist> rstp
The config eth rstp info command is in the CLI Global configuration
mode.

followed by:
directories.
edge-port <true|false> Sets the RSTP edge port parameter for the port.
p2p Sets the Ethernet RSTP point-to-point parameter for
<forcetrue|forcefalse| the port.
auto>
314725-E Rev 00

followed by:
pathcost <value> Sets the RSTP path cost parameter for the port from 1
to 20 000 000.
priority <value> Sets the Ethernet RSTP priority parameter for the
port. The priority ranges from 0 to 240 in steps of 16
(0, 16, 32....240).
protocol-migration Sets the Ethernet RSTP protocol-migration parameter
<true|false> for the port.
stp <enable|disable> Enables or disables STP on the port.

Multiple Spanning Tree Protocol (MSTP) allows you to configure multiple
instances of RSTP on the same switch. For more information about MSTP, see
“Rapid Spanning Tree Protocol and Multiple Spanning Tree Protocol” on page 73.
This section describes the following topics:
• “Configuring Multiple Spanning Tree Protocol” on page 414

• “Configuring MSTP region” on page 414
• “Configuring MSTP CIST” on page 415
• “Configuring MSTP MSTI” on page 416
• “Showing MSTP configurations” on page 417
• “Showing MSTP instance information” on page 418
• “Showing MSTP stats” on page 419
• “Showing MSTP status” on page 420
• “Showing MSTP port information” on page 421

To set the Multiple Spanning Tree Protocol (MSTP) configuration version, use the
following command.
config mstp
The config mstp command is in the CLI Global configuration mode.
config mstp
followed by:
directories.
pathcost-type Sets the MSTP default path cost version; default is 32
<16-bit|32-bit> bits.
hop count <number> Sets the MSTP hop count. The range is
400 to 4000 hundredths of a second; default is 2000.
tx-holdcount <number> Sets the MSTP Transmit Hold Count. The range is
1 to 10; the default is 3.
Figure 177 shows sample output for the config mstp info command.
Figure 177 Config mstp info command

ERS-8606:5# config mstp info
hop-count : 2000
pathcost-type : 32-bit
tx-holdcount : 3
ERS-8606:5#
Configuring MSTP region
To configure the MSTP region, use the following command:
config mstp region
314725-E Rev 00
The config mstp region command is in the CLI Global configuration mode.
config mstp region

followed by:
directories.
name <string> Sets the MSTP configuration name.
• <string> is from 1 to 32 characters.
revision <number> Sets the MSTP region revision number
• <number> is between 0 and 65 535.
config-id-sel <number> Sets the MSTP region configuration ID number.
• <number> is between 0 and 255.
Figure 178 shows sample output for the config mstp region commands.
Figure 178 Config mstp region command
ERS-8610:6# config mstp region name mstp-region-1

ERS-8610:6# config mstp region config-id-sel 250
ERS-8610:6# config mstp region revision 12
ERS-8610:6# config mstp region info
config-id-sel : 250
region-name : mstp-region-1
revision : 12
ERS-8610:6#
Configuring MSTP CIST
To configure the MSTP Common and Internal Spanning Tree (CIST) parameters,
config mstp cist

config mstp cist

followed by:
info Shows current level parameter settings and next
level directories.
force-version Sets the CIST version.
<stp-compatible|rstp|mstp>
forward-delay <number> Sets the CIST forward delay from 400 to 3000
hundredths of a second; default is 1500.
max-age <number> Sets the CIST maximum age time from 600 to
4000 hundredths of a second for the bridge; the
default is 2000. The step size is in hundreds.
priority <number> Sets the CIST bridge priority from 0 to 61 440 in
steps of 4096; the default is 32 768.
Figure 179 shows sample output of these commands.
Figure 179 Config mstp cist command

ERS-8610:5# config mstp cist max-age 650
ERS-8610:5# config mstp cist priority 4096
ERS-8610:5# config mstp cist info
force-version : mstp
max-age : 600
priority : 4096 (0x1000)
ERS-8610:5#
Configuring MSTP MSTI
To set the Multiple Spanning Tree Instance (MSTI) configuration version, use the
following command:
config mstp msti <instid>
where <instid> is the instance ID.
The config mstp msti command is in the CLI Instance configuration mode.
314725-E Rev 00
This command uses the following options:
config mstp msti <instid>

followed by:
directories.
priority Sets the MSTP bridge priority. Allowed values are
4096, 8192, 12 288, 16 384, 20 480, 24 576, 28 672,
32 768, 36 864, 40 960, 45 056, 49 152, 53 248,
57 344, 61 440.
Figure 180 shows configuration information for this command.
Figure 180 Config mstp msti command

ERS-8606:5# config mstp msti ?
Sub-Context:
Current Context:
info
priority <number>
ERS-8606:5#
Showing MSTP configurations
To display the Multiple Spanning Tree Protocol (MSTP) related bridge-level

VLAN and region information, use the following command:
show mstp config
The show mstp config command is in the CLI Global configuration mode.

Figure 181 Show mstp config.

RS-8606:5# show mstp config
==============================================================
MSTP Configurations
==============================================================
Mstp Module Status : Enabled
Number of Msti Supported : 64
Cist Bridge priority : 32768 (0x8000)
Stp Version : Mstp Mode
Cist Bridge Max Age : 20 seconds
Cist Bridge Forward Delay : 15 seconds
Tx Hold Count : 3
PathCost Default Type : 32-bit
Max Hop Count : 2000
Msti Config Id Selector : 0
Msti Region Name : 00:80:2d:c0:90:01
Msti Region Version : 0
Msti Config Digest :
ac:36:17:7f:50:28:3c:d4:b8:38:21:d8:ab:26:de:62
ERS-8606:5#
Showing MSTP instance information
To show the MSTP instance-specific bridge and VLAN information, use the
following command:
show mstp instance <instid>
where:
<instid> is the instance ID.
314725-E Rev 00
Figure 182 Show mstp instance command

ERS-8606:5# show mstp inst 5
==============================================================
MSTP Instance Status
==============================================================
Instance Id : 5
Msti Bridge Regional Root : 80:00:00:03:4b:4f:d0:01
Msti Bridge Priority : 32768 (0x8000)
Msti Root Cost : 0
Msti Root Port : cpp
Msti Instance Vlan Mapped : 5
Msti Instance Vlan Mapped2k :
ERS-8606:5#
Showing MSTP stats
To display the MSTP related bridge-level statistics, use the following command:
show mstp stats
The show mstp stats command is in the CLI Global configuration mode.

Figure 183 Show mstp stats

ERS-8606:5# show mstp stats
=============================================================
MSTP Bridge Statistics
=============================================================
Mstp UP Count : 1
Mstp Down Count : 0
Region Config Change Count : 3
Time since topology change : 0 seconds
Topology change count : 0
New Root Bridge Count : 1
ERS-8606:5#
Showing MSTP status
To display the MSTP related status information known by the selected bridge, use
show mstp status
The show mstp status command is in the CLI Global configuration mode.
314725-E Rev 00
Figure 184 Show mstp status command

RS-8606:5# show mstp status
===============================================================
MSTP Status
===============================================================
---------------------------------------------------------------
Bridge Address : 00:80:2d:c0:90:01
Cist Root : 80:00:00:80:2d:c0:90:01
Cist Regional Root : 80:00:00:80:2d:c0:90:01
Cist Root Port : cpp
Cist Root Cost : 0
Cist Regional Root Cost : 0
Cist Instance Vlan Mapped : 1-1024
Cist Instance Vlan Mapped2k : 1025-2048
Cist Max Age : 20 seconds
Cist Forward Delay : 15 seconds
ERS-8606:5#
Showing MSTP port information
To display the MSTP, CIST port, and MSTI port information maintained by every
port of the Common Spanning Tree, use the following command:
show ports info mstp

show ports info mstp

followed by:
cistinfo [vlan <value>] Shows port CIST configuration.
[port <value>] • vlan <value> specifies the VLAN IDs.
• port <value> specifies the portlist.
mstiinfo [vlan <value>] Shows port MSTI configuration.
ciststat [vlan <value>] Shows statistics for CIST port.
mstistat [vlan <value>] Shows port MSTI stats.
cistrole [vlan <value>] Shows port CIST port role.
mstirole [vlan <value>] Shows port MSTI port role.
Note: External and internal path costs are displayed incorrectly in the
show ports info CLI output for the CIST and MST.
314725-E Rev 00
Figure 185 Show ports info mstp cistinfo command output

ERS-8606:5/show/ports/info/mstp# cistinfo
==============================================================
MSTP Cist Port Information
(Port Priority Vector)
==============================================================
Port Number : 2/1
Cist Port Priority : 128 (0x80)
Cist Port Designated Root : 80:00:00:80:2d:c0:90:01
Cist Port Designated Cost : 0
Cist Port Designated Bridge : 80:00:00:80:2d:c0:90:01
Cist Port Designated Port : 80:80
Cist Port Regional Root : 80:00:00:80:2d:c0:90:01
Cist Port Regional PathCost : 0
Cist Port Protocol Migration : False
Cist Port Admin Edge Status : False
Cist Port Oper Edge Status : False
Cist Port Admin P2P Status : Auto
Cist Port Oper P2P Status : True
Cist Port Hello Time : 2
Cist Port Oper Proto-Version : Mstp
Port Number : 2/2
Cist Port Priority : 128 (0x80)
Cist Port Designated Root : 80:00:00:80:2d:c0:90:01
Cist Port Designated Cost : 0
Cist Port Designated Bridge : 80:00:00:80:2d:c0:90:01
Cist Port Designated Port : 80:81
Cist Port Regional Root : 80:00:00:80:2d:c0:90:01
Cist Port Regional PathCost : 0
Cist Port Protocol Migration : False
Cist Port Admin Edge Status : False
Cist Port Oper Edge Status : False
Cist Port Admin P2P Status : Auto
Cist Port Oper P2P Status : True
Cist Port Hello Time : 2
Cist Port Oper Proto-Version : Mstp

Configuring Ethernet MSTP CIST
To configure the Ethernet MSTP CIST parameters for a port, use the following
command:
config eth <portlist> mstp cist
where:
<portlist> is the port list.
The config eth mstp cist command is in the CLI Global configuration
mode.
config eth <portlist> mstp cist

followed by:
level directories.
edge-port <true|false> Sets the MSTP edge port parameter for the port.
forceportstate Set forceportstate for a port.
<enable|disable>
hello-time <value> Sets the hello time for a port from 100 to 1000
hundredths of a second.
p2p <forcetrue|forcefalse| Sets the Ethernet MSTP CIST point-to-point
parameter for the port.
auto>
protocol-migration Sets the Ethernet MSTP CIST protocol-migration
<true|false> parameter for the port.
priority <value> Sets the Ethernet MSTP CIST priority parameter

for the port. The priority must be set in steps of
16 within the range of 0 to 240.
pathcost <number> Sets the MSTP path cost parameter for the port.
314725-E Rev 00
Configuring Ethernet MSTP MSTI
To configure the Ethernet MSTP MSTI parameters on a port, use the following
command:
config eth <portlist> mstp msti <instid>
where:
<portlist> is the port list, and
<instid> is the instance ID.
The config eth mstp msti command is in the CLI Global configuration
mode.
config eth <portlist> mstp msti <instid>

followed by:
level directories.
priority <value> Sets the Ethernet MSTP MSTI priority parameter
for the port.
pathcost <value> Sets the MSTP MSTI path cost parameter for the
port.
forceport state Sets the MSTP MSTI force port state parameter
<enable|disable> for the port.

314725-E Rev 00
427
Chapter 10
Configuring link aggregation using the CLI
This section describes the link aggregation commands.
Note: For conceptual information about link aggregation, see “Link

aggregation (MLT, SMLT, LACP, VLACP)” on page 78.
Topic Page
Roadmap of link aggregation commands 428

Configuring link aggregation 433
Using the MLT and SMLT show commands 463
Troubleshooting SMLT problems 473
Global MAC filtering 477
Configuring Simple Loop Prevention Protocol 478

428 Chapter 10 Configuring link aggregation using the CLI
Roadmap of link aggregation commands

The following roadmap lists the commands used for configuring link aggregation.
Command Parameter
config mlt <mid> info
create
cp-limit <enable|disable>
[multicast-limit <value>]
[broadcast-limit <value>]
delete
mcast-distribution <enable|disable>
name <string>
perform-tagging <enable|disable>
svlan-porttype <uni|nni|normal>
ntstg <enable|disable>
config mlt <mid> add info
ports <ports>
vlan <vid>
config mlt <mid> remove info
ports <ports>
vlan <vid>
config lacp info

enable
disable
aggr-wait-time <milliseconds>
system-priority <integer>
smlt-sys-id <BaseMac>
fast-periodic-time <milliseconds>
slow-periodic-time <milliseconds>
timeout-scale <integer>
314725-E Rev 00
Chapter 10 Configuring link aggregation using the CLI 429
Command Parameter
config mlt <mlt id> lacp info

enable
disable
clear-link-aggrgate
key <integer>
config <port-type> <slot|port> lacp

info
enable
disable
aggr-wait-time <milliseconds>
key <integer>
aggregation <true|false>
mode <active|passive>
partner-key <int>
partner-port <int>
partner-port-priority <int>
partner-state <hex>
partner-system-id <mac>
partner-system-priority <int>
port-priority <integer>
port-priority <integer>
timeout <long|short>

Command Parameter
show lacp info

show ports info lacp all [vlan <value>] [port <value>]
actor-admin [vlan <value>] [port
<value>]
actor-oper [vlan <value>] [port
<value>]
partner-admin [vlan <value>] [port
<value>]
partner-oper [vlan <value>] [port
<value>]
extension [vlan <value>] [port
<value>]
show ports stats lacp [port

<value>]
show mlt lacp info <ifindex>
config <port-type> <slot|port>

vlacp info
enable
disable
timeout <long|short>
ethertype <integer>
macaddress <mac>
show ports info vlacp [vlan

314725-E Rev 00
Command Parameter
config vlacp info
enable
disable
config mlt <mid> smlt info

create smlt-id <value>
delete
config mlt <mid> ist info
create ip <value> vlan-id <value>
delete
disable
enable
config ethernet <slot/port> <enable|disable>

cp-limit
multicast-limit <value>
broadcast-limit <value>
config ethernet <port> smlt info

<smltid>
create
delete
config sys set smlt-on-single-cp

<enable|disable> [timer <value>]
show mlt show-all [file <value>]

show mlt error collision [<mid>]
show mlt error main [<mid>]
show mlt info [<mid>]
show mlt ist info

Command Parameter
show mlt stats [<mid>]
show ports info smlt [vlan <value>]
[port <value>]
show ports info config [vlan
show smlt info [<mid>]
config fdb fdb-filter info

add <mac>
remove <mac>
config slpp info

etherType <pid>
remove <vid>
add <vid>
operation <enable|disable>
tx-interval <integer>
config ethernet <portlist> slpp info
packet-rx-threshold <integer>
packet-rx <enable|disable>
show slpp info
314725-E Rev 00
Configuring link aggregation

This section includes configuration commands for the following topics:
• “Link aggregation commands”

• “Adding ports to a link aggregation group” on page 435
• “Removing ports from a link aggregation group” on page 437
• “Global LACP commands” on page 438
• “Aggregator configuration commands” on page 440
• “Port configuration commands” on page 441
• “LACP show commands” on page 443
• “Configuring VLACP on a port” on page 451
• “Globally enabling or disabling VLACP” on page 454
• “Creating a split multilink trunk from an existing multilink trunk” on
page 455
• “Creating an interswitch trunk” on page 456
• “Creating a single port split multilink trunk” on page 460
• “Configuring SMLT-on-Single-CPU” on page 462
Link aggregation commands
To set up multilink trunks on the switch, enter the following command:
config mlt <mid>
where:
<mid> is the multilink trunk ID.

The required parameter mid specifies the link aggregation ID.
config mlt <mid>

followed by:
info Shows current settings for the specified link
aggregation group.
create Creates a link aggregation group.
cp-limit <enable|disable> Sets the control packet rate limit.
[multicast-limit <value>] • <enable|disable> = Enables or
[broadcast-limit <value>] disables control packet rate limit. To reenable
the ports, issue the command config
ethernet slot/port state
disable, and then enable.
• multicast-limit <value> is the
multicast control frame rate.
• broadcast-limit <value> is the
broadcast frame rate.
delete Deletes a link aggregation group.
mcast-distribution Enables or disables multicast distribution per link
<enable|disable> aggregation group. Multicast distribution is
disabled by default. For detailed information
about commands used to configure multicast
distribution over link aggregation, see
Configuring IP Routing Multicast Protocols.
name <string> Names a link aggregation group.
• <string> is the name, from 0 to 20
characters.
perform-tagging Enables or disables tagging on a link
<enable|disable> aggregation port.
svlan-porttype Sets the port type to normal, uni, or nni.

<uni|nni|normal>
ntstg <enable|disable> Enables or disables NTSTG.
Figure 186 on page 435 shows sample output for the config mlt info
command.
314725-E Rev 00
Figure 186 Config mlt info command output
ERS-8606:5/config# mlt 3 info
Sub-Context: atm atmcard bootconfig cli cluster diag r-module ethernet fdb
filter ip ipv6 ipx lacp log mlt naap ntp pos poscard qos radius rmon slot
snmp-server snmp-v3 stg svlan sys vlacp vlan web-server
Current Context:
create : 3
delete : N/A
mcast-distribution : disable
name : MLT-3
nt-stg : enable
portmember :
cp-limit : port status MC-limit BC-limit
ERS-8606:5/config#
Adding ports to a link aggregation group
To add ports to a link aggregation group, and add an existing VLAN to a link
aggregation configuration, enter the following command:
config mlt <mid> add
where:

config mlt <mid> add

followed by:
info Shows ports and VLANs added to the link
aggregation group.
ports <ports> Adds ports to the link aggregation group.
• <ports> is the port number or a list of
ports you want to add to the link aggregation
group.
Note: If the port you are configuring already has
an SMLT ID on it, you cannot add it to the link
aggregation group.
vlan <vid> Adds an existing VLAN to the link aggregation
group.
• <vid> is the VLAN ID or a list of VLAN IDs
you want to add to the link aggregation
group. The range is 1 to 4093.
The following configuration example uses the config mlt commands to:
• Add ports to link aggregation group

• Add an existing VLAN to the link aggregation group
the results.
ERS-8600:5#/config/mlt/1# add port 1/1-1/7,1/9

ERS-8600:5#/config/mlt/1# add vlan 1-8,10
ERS-8600:5#/config/mlt/1# info
Sub-Context:
Current Context:
ports : 1/1-1/7,1/9
vlan : 1-8,10
314725-E Rev 00
Removing ports from a link aggregation group
To remove ports from a multilink trunk and remove a VLAN from a multilink
trunk configuration, enter the following command:
config mlt <mid> remove
where:
config mlt <mid> remove

followed by:
info Shows the ports and VLANs removed from the
multilink trunk.
ports <ports> Removes ports from the multilink trunk.
• <ports> is the port number or a list of
ports you want to remove from the multilink
trunk.
vlan <vid> Removes a VLAN from the multilink trunk.
• <vid> is the VLAN ID or a list of VLAN IDs
you want to remove from the link aggregation
group. The range is 1 to 4093 VLANs.
The following configuration example uses the config mlt <mid> remove
command to:
• remove ports from a link aggregation group

• remove an existing VLAN from a link aggregation group

After configuration, use the info command to view the results:
ERS-8600:5#/config/mlt/1# info
Sub-Context:
Current Context:
ports: 1/1-1/7,1/9
vlan: 1-8,10
ERS-8600:5#/config/mlt/1/add# remove
ERS-8600:5#/config/mlt/1/remove# ports 1/1-1/7,1/9
ERR-8600:5#/config/mlt/1/remove# vlan 1-8,10
ERS-8600:5#/config/mlt/1/remove# info
Sub-Context:
Current Context:
ports :
vlan :
Global LACP commands
LACP can be enabled or disabled globally. When the LACP system priority is set
globally, it applies to all LACP-enabled aggregators and ports. When LACP is
enabled on an aggregator or a port, it will use the global system priority value.
Caution: Changes to LACP made at the global level override and reset
all port level settings.
Note: Standby mode for LACP aggregation groups of larger than eight
ports is not supported in the current release.
Note: LACP does not support jumbo frames on the Ethernet Routing
Switch 8600 v4.1
LACP can be described in terms of link aggregation operations within a single

system. You can configure a single piece of equipment such that it contains more
than one system (from the point of view of the link aggregation operation).
The basic command syntax is:
config lacp
314725-E Rev 00
config lacp
followed by:
directories.
enable Enables LACP globally.
disable Disables LACP globally.
aggr-wait-time Sets the aggregator wait time in milliseconds.
<milliseconds>
system-priority Sets LACP system priority globally.
<integer> • <integer> is the system priority value within
the range of 0 to 65535.
smlt-sys-id <BaseMac> Sets the LACP SMLT system ID globally.
• <BaseMac> is the MAC address in the format
{0x00:0x00:0x00:0x00:0x00:0x00}.
fast-periodic-time Sets the fast periodic time globally.
<milliseconds> • <milliseconds> is the fast periodic time
value.
slow-periodic-time Sets the slow periodic time globally.
<milliseconds> • <milliseconds> is the slow periodic time
value.
timeout-scale Sets a timeout scale globally.
<integer> • <integer> is the timeout scale value from 2 to
10.
Note: Configuration changes to LACP timers are not reflected

restarted globally or on a port. This ensures consistency with peer
switches.

Aggregator configuration commands
When LACP is enabled globally on a multilink trunk, that multilink trunk is

associated with an aggregator and used for link aggregation. When LACP is
disabled on a multilink trunk, this multilink trunk functions as a legacy multilink
trunk. Using the command clear-link-aggrgate is equivalent to disabling
and reenabling LACP on the multilink trunk.
You can attach ports to an aggregator only if their system priorities are the same;
otherwise, they are considered to be operating in two different switches. You can
attach ports to an aggregator only if their keys are the same.
The basic command syntax is:
config mlt <mlt id> lacp
where:
<mlt id> is the multilink trunk ID.
config mlt <mlt id> lacp

followed by:
directories.
enable Enables LACP for a specific multilink trunk.
disable Disables LACP for a specific multilink trunk.
clear-link-aggrgate Clears link aggregation information for a specific
multilink trunk.
key <integer> Sets LACP aggregator key for a specific multilink
trunk.
• <integer> is the LACP actor admin key.
system-priority Sets LACP system priority for a specific multilink
<integer> trunk.
• <integer> is the system priority within the
range 0 to 65 535.
314725-E Rev 00
Port configuration commands
Caution: Changes made at the global level override and reset all port
level settings.
You can enable or disable LACP on selected ports. A port can operate in active or
passive mode. You can configure LACP to use long timeout or short timeout. A
port can be configured to be an individual link or an aggregateable link. All the
timers are configurable, however, when you change a timer, ensure that you restart
LACP either globally, or on the port, for the changes to be consistent across the
link. The basic command syntax is:
config <port-type> <slot|port> lacp
where:
<port-type> is Ethernet (eth) or Packet over SONET (pos); and
<slot|port> is the slot and port number.
config <port-type> <slot/port> lacp

followed by:
level directories.
enable Enables LACP for a specific port type.
disable Disables LACP for a specific port type.
aggr-wait-time Sets the aggregation wait time (in milliseconds) for
<milliseconds> a specific port type.
fast-periodic-time Sets the fast periodic time (in milliseconds) for a

<milliseconds> specific port type.
key <integer> Sets LACP aggregation key for a specific port type.
You can use a default key only for individual ports
aggregation Sets individual port or aggregatable for a specific
<true|false> port type.
• true sets port as aggregatable.
• false sets port as individual.
mode <active|passive> Sets the mode as active or passive for a specific
port type.


followed by:
partner-key <int> Sets the port partner administration key value.
• <int> is the LACP partner administrative key;
an integer value in the range of 0 and 65 535.
partner-port <int> Sets the port partner administration port value.
• <int> is the LACP partner’s administrative
port; an integer value in the range of 0 and
65 535.
partner-port-priority Sets the port partner administration port priority
<int> value.
• <int> is the LACP partner administrative port
priority; an integer value in the range of 0 and
65 535.
partner-state <hex> Sets the port partner administration state.
• <hex> is the LACP partner administrative state
bitmap (Exp, Def, Dis, Col, Syn, Agg, Time, Act).
Example:
• Activity = true
• Aggregating = true
• val = 00000101 (0x05) {0x0..0xff}
partner-system-id <mac> Sets the port partner administration system ID.
• <mac> is the LACP partner administrative
system ID MAC address in the format:
0x00:0x00:0x00:0x00:0x00:0x00.
partner-system-priority Sets the port partner administration system priority
<int> value.
• <int> is the LACP partner administrative
system priority; an integer value in the range of
0 and 65 535.
port-priority <integer> Sets the LACP port priority to specific port type. The
default value is 32 768.
• <integer> is the port priority value; an
integer value in the range of 0 and 65 535.
slow-periodic-time Sets the slow periodic time (in milliseconds) for a
system-priority Sets system priority for a specific port-type.

<integer> • <integer> is the system priority value within
the range of 0 to 65 535.
314725-E Rev 00

followed by:
timeout <long|short> Sets the timeout value to either long or short for a
specific port type.
timeout-scale <integer> Sets a timeout scale for a specific port type. The
default value is 3, and the range is 2 to 10.
LACP show commands
This section describes show commands you can use to display LACP information.
Displaying global LACP configuration information
To display global LACP configuration information, enter the following command:
show lacp info
Figure 187 on page 444 shows the output for the show lacp info command.

Figure 187 Show lacp info
ERS-8610:5# show lacp info

===================================================================
Lacp Global Information
===================================================================
SystemId: 00:12:83:89:20:00
SmltSystemId: 00:00:00:00:00:00
Lacp: enable
system-priority: 32768
timeout-admin: 3
fast-periodic-time-admin: 1000
slow-periodic-time-admin: 30000
aggr-wait-time-admin: 2000
timeout-oper: 3
fast-periodic-time-oper: 1000
slow-periodic-time-oper: 30000
aggr-wait-time-oper: 2000
ERS-8610:5#
Displaying LACP configuration information
To display LACP configuration information, enter the following command:
show ports info lacp
The show ports info lacp command also includes the following options:

followed by:
actor-admin [vlan <value>] Shows port LACP actor administrative
[port <value>] information.
• vlan <value> is the VLAN ID.
• port <value> is the port or port list.
actor-oper [vlan <value>] Shows port LACP actor operational information.
[port <value>] • vlan <value> is the VLAN ID.
all [vlan <value>] [port Shows all port LACP information.
<value>] • vlan <value> is the VLAN ID.
314725-E Rev 00

followed by:
partner-admin [vlan Shows port LACP partner administrative
<value>] [port <value>] information.
partner-oper [vlan Shows port LACP partner operational
<value>] [port <value>] information.
extension [vlan <value>] Shows port LACP timer information.
[port <value>] • vlan <value> is the VLAN ID.
Figure 188 on page 446 shows some of the output for this command. When the
all parameter is used, LACP information is given for each field described in the
show ports info lacp table.

Figure 188 Show ports info lacp all
ERS-8610:5# show ports info lacp all
=========================================================================
Actor Admin
=========================================================================
INDEX SYS SYS KEY PORT PORT STATE
PRIO ID PRIO
-------------------------------------------------------------------------
1/1 32768 00:12:83:89:20:00 1088 0x40 32768 act long indi
1/2 32768 00:12:83:89:20:00 1089 0x41 32768 act long indi
1/3 32768 00:12:83:89:20:00 1090 0x42 32768 act long indi
1/4 32768 00:12:83:89:20:00 1091 0x43 32768 act long indi
1/5 32768 00:12:83:89:20:00 1092 0x44 32768 act long indi
1/6 32768 00:12:83:89:20:00 1093 0x45 32768 act long indi
1/7 32768 00:12:83:89:20:00 1094 0x46 32768 act long indi
1/8 32768 00:12:83:89:20:00 1095 0x47 32768 act long indi
1/9 32768 00:12:83:89:20:00 1096 0x48 32768 act long indi
1/10 32768 00:12:83:89:20:00 1097 0x49 32768 act long indi
1/11 32768 00:12:83:89:20:00 1098 0x4a 32768 act long indi
1/12 32768 00:12:83:89:20:00 1099 0x4b 32768 act long indi
1/13 32768 00:12:83:89:20:00 1100 0x4c 32768 act long indi
1/14 32768 00:12:83:89:20:00 1101 0x4d 32768 act long indi
1/15 32768 00:12:83:89:20:00 1102 0x4e 32768 act long indi
1/16 32768 00:12:83:89:20:00 1103 0x4f 32768 act long indi
--More-- (q = quit)
Displaying LACP statistics information per port
To display LACP statistics information per port, enter the following command:
show ports stats lacp [port <value>]
where:
port <value> is the port list.
Figure 189 on page 447 shows the output for the show ports stats lacp
command, and Table 66 on page 447 describes the information given in the CLI
output.
314725-E Rev 00
Figure 189 Show ports stats lacp
ERS-8610:5# show ports stats lacp

=========================================================================
Port Stats Lacp
=========================================================================
PORT TX RX TX RX TX RX
RX RX
NUM LACPDU LACPDU MARKERPDU MARKERPDU MARKERRESPPDU
MARKERRESPPDU
UNKNOWN ILLEGAL
------------------------------------------------------------------------
ERS-8610:5#
Table 66 Show ports stats lacp field descriptions
Field Description
PORT NUM Specifies the port number.

TX LACPDU The number of LACPDUs transmitted on this aggregation
port.
RX LACPDU The number of valid link aggregation control protocol data
units (LACPDU) received on this aggregation port.
TX MARKER PDU The number of marker PDUs transmitted on this
aggregation port.
RX MARKER PDU The number of valid marker PDUs received on this
aggregation port.
TX MARKERRESPPDU The number of marker response PDUs transmitted on this
aggregation port.
RX MARKERRESPPDU The number of valid marker response PDUs received on
this aggregation port.
RX UNKNOWN The number of frames received that either:
• carry Slow Protocols Ethernet type values, but contain
an unknown PDU.
• are addressed to the Slow Protocols group MAC
Address, but do not carry the Slow Protocols Ethernet
Type.
RX ILLEGAL The number of frames received that carry the Slow
Protocols Ethernet Type value (43B.4), but contain a badly
formed PDU or an illegal value of Protocol Subtype
(43B.4).

Displaying LACP configuration information per aggregator
To display LACP configuration information per aggregator, enter the following

command:
show mlt lacp info <ifindex>
where:
<ifindex> is the interface index from 64 to 4351.
Figure 190 on page 449 shows the output for the show mlt lacp command.
314725-E Rev 00
Figure 190 Show mlt lacp
ERS-8606:6# show mlt lacp info 64
=========================================================================
LACP Aggrgator Information
=========================================================================
MAC COLLECTOR AGGR PORT
MLTID IFINDEX ADDR MAXDELAY ORINDI MEMBERS
-------------------------------------------------------------------------
0 64 00:00:00:00:00:00 32768 indi
-------------------------------------------------------------------------
OPER OPERLAST
MLTID IFINDEX STATE CHANGE
-------------------------------------------------------------------------
-------------------------------------------------------------------------
ACTOR ACTOR ACTOR ACTOR
MLTID IFINDEX SYSPRIO SYSID ADMINKEY OPERKEY
-------------------------------------------------------------------------
0 64 32768 00:80:2d:c1:34:00 1 1
-------------------------------------------------------------------------
PARTNER PARTNER PARTNER
MLTID IFINDEX SYSPRIO SYSID OPERKEY
-------------------------------------------------------------------------
0 64 0 00:00:00:00:00:00 0
ERS-8606:6#
You can also use the following command:
show mlt lacp info
Figure 191 on page 450 shows the output for the show mlt lacp info command.

Figure 191 Show mlt lacp info
ERS-8606:6# show mlt lacp info
========================================================================
LACP Aggrgator Information
========================================================================
MAC COLLECTOR AGGR PORT
MLTID IFINDEX ADDR MAXDELAY ORINDI MEMBERS
------------------------------------------------------------------------
1 4096 00:00:00:00:00:00 32768 aggr
0 64 00:00:00:00:00:00 32768 indi
0 65 00:00:00:00:00:00 32768 indi
0 66 00:00:00:00:00:00 32768 indi
0 67 00:00:00:00:00:00 32768 indi
0 73 00:00:00:00:00:00 32768 indi
------------------------------------------------------------------------
OPER OPERLAST
MLTID IFINDEX STATE CHANGE
------------------------------------------------------------------------
1 4096 down 0 day(s), 00:00:00
------------------------------------------------------------------------
ACTOR ACTOR ACTOR ACTOR
MLTID IFINDEX SYSPRIO SYSID ADMINKEY OPERKEY
------------------------------------------------------------------------
1 4096 32768 00:80:2d:c1:34:00 1 1
0 64 32768 00:80:2d:c1:34:00 1 1
0 65 32768 00:80:2d:c1:34:00 1 1
0 66 32768 00:80:2d:c1:34:00 1 1
0 67 32768 00:80:2d:c1:34:00 1 1
0 73 32768 00:80:2d:c1:34:00 1 1
------------------------------------------------------------------------
PARTNER PARTNER PARTNER
MLTID IFINDEX SYSPRIO SYSID OPERKEY
------------------------------------------------------------------------
1 4096 0 00:00:00:00:00:00 0
0 64 0 00:00:00:00:00:00 0
0 65 0 00:00:00:00:00:00 0
0 66 0 00:00:00:00:00:00 0
0 67 0 00:00:00:00:00:00 0
0 73 0 00:00:00:00:00:00 0
ERS-8606:6#
314725-E Rev 00
Configuring VLACP on a port
failure, and the port is disabled.
Caution: Changes made at the global level override and reset all port
level settings.
Note: VLACP does not support jumbo frames on the Ethernet Routing
Switch 8600 v4.1
Use the following command to configure VLACP on a port:
config <port-type> <slot|port> vlacp
where:
<port-type> is Ethernet or Packet over SONET (PoS); and
<slot|port> is the slot and port number.

followed by:
directories.
enable Enables VLACP for a specific port type.
disable Disables VLACP for a specific port type.
fast-periodic-time Sets the fast periodic time (in milliseconds) for a
slow-periodic-time Sets the slow periodic time (in milliseconds) for a



followed by:
timeout <long|short> Sets the port to use the long or short timeout:
• long sets the port to use the timeout-scale value
multiplied by the slow-periodic-time.
• short sets the port to use the timeout-scale
value multiplied by the fast-periodic-time.
For example, if you set the timeout-scale value to 3,
and the fast-periodic-time to 400 ms, the timer will
expire within 1000 to 1200 ms.
timeout-scale Sets a timeout scale for a specific port-type (where
<integer> timeout-scale = periodic-time * timeout-scale). The
default value is 3.
• <integer> is the timeout scale, an integer
value in the range 2 to 10.
ethertype <integer> Sets the VLACP protocol identification for this port.
• <integer> is the ethertype value, an integer
value in the range of 1 and 65 535.
macaddress <mac> Sets the multicast MAC address used for the
VLACPDU.
• <mac> is the MAC address in the following
format: 0x00:0x00:0x00:0x00:0x00:0x00
Displaying the VLACP port configuration
Enter the following command to display the port VLACP configuration:
show ports info vlacp [vlan <value>] [port <value>]
where:
vlan <value> specifies the VLAN ID, and
port <value> specifies the port or port list.
Figure 192 on page 453 shows the output for the show ports info vlacp
command.
314725-E Rev 00
Figure 192 Show ports info vlacp
ERS-8606:6# show ports info vlacp port 1/1
=========================================================================
VLACP Information
=========================================================================
INDEX ADMIN OPER PORT FAST SLOW TIMEOUT TIMEOUT ETHER MAC
ENABLED ENABLED STATE TIME TIME TIME SCALE TYPE ADDR
-------------------------------------------------------------------------
1/1 false false DOWN 200 30000 long 3 8103
01:80:c2:0
0:11:00
ERS-8606:6#
You can also use the following command:
show ports info vlacp
to show information for all ports. Figure 193 on page 454 shows the output for the
show ports info vlacp command.

Figure 193 Show ports info vlacp all
ERS-8610:5# show ports info vlacp
=============================================================================
VLACP Information
=============================================================================
INDEX ADMIN OPER PORT FAST SLOW TIMEOUT TIMEOUT ETHER MAC
ENABLED ENABLED STATE TIME TIME TIME SCALE TYPE ADDR
-----------------------------------------------------------------------------
1/1 false false DOWN 200 30000 long 3 8103 01:80:c2:0
0:11:00
0:11:00
0:11:00
0:11:00
0:11:00
Globally enabling or disabling VLACP
Caution: Changes you make at the global level override and reset all port
level settings.
To globally enable or disable VLACP on the chassis, use the following command:
config vlacp
config vlacp
followed by:
directories.
314725-E Rev 00
config vlacp
followed by:
enable Enables VLACP globally.
disable Disables VLACP globally.
Creating a split multilink trunk from an existing multilink

trunk

To create a split multilink trunk from an existing multilink trunk, enter the
following command:
config mlt <mid> smlt
where:
<mid> is the MLT ID.
Note: Before you can create a split multilink trunk, you must first create
a multilink trunk (see “Link aggregation commands” on page 433).

config mlt <mid> smlt

followed by:
info Shows ports and VLANs added to the multilink
trunk.
create smlt-id <value> Creates a split multilink trunk from an existing
multilink trunk.
• <value> is an integer value with a range of
1 to 32 (1 to 256 for R modules in R mode).
The value must match the peer switch
SMLT-ID.
Note: If the SMLT ID already exists on a single
port split multilink trunk, you cannot assign it to
an MLT-based split multilink trunk.
delete Deletes an existing split multilink trunk.
Creating an interswitch trunk
To create an interswitch trunk from an existing multilink trunk, enter the

following command:
config mlt <mid> ist
where:
314725-E Rev 00
config mlt <mid> ist

followed by:
level directories.
create ip <value> vlan-id Creates an interswitch trunk from an existing
<value> multilink trunk (see “Creating an interswitch
trunk from an existing multilink trunk” on
page 457).
• ip <value> is a peer IP address
• vlan-id <value> is an integer value.
Note: The peer IP address is the IP address of
the IST VLAN on the other aggregation switch.
delete Deletes an existing IST.
Note: You must disable an IST before you can
delete it.
disable Disables an existing IST.
enable Enables an existing IST.
Creating an interswitch trunk from an existing multilink trunk
To create an interswitch trunk from an existing multilink trunk, enter the

following command:
config mlt <mlt-id> ist create ip <value> vlan-id <value>
where:
<mlt-id> is the MLT ID;
ip <value> is the IP address of the peer switch; and
vlan-id <value> is the VLAN ID.
An interswitch trunk is enabled when you first create it.
The peer IP address is the IP address of the InterSwitch Trunking (IST) VLAN on
the peer aggregation switch. A VLAN created on the redundant aggregation
switch must also be created on the second aggregation switch. The interswitch
trunk treats the two switches as a single switch. To allow the two switches to
communicate, you must assign an IP address to both VLANs.

For example:
switch A switch B
VLAN 20 VLAN 20
10.1.1.1. / <--------IST-- 10.1.1.2 /24 *
24 ------>
* Same subnet, same VLAN.
Figure 194 shows sample output for the config mlt ist create ip
vlan-id command, followed by the info command.
Figure 194 Config mlt ist create ip vlan-id command output
ERS-8606:5/config/mlt/1/ist# create ip 10.1.1.1 vlan-id 1

ERS-8606:5/config/mlt/1/ist# info
Sub-Context:
Current Context:
Enable: false
vlan-id: 1
ip: 10.1.1.1
Enabling and disabling an interswitch trunk
To enable and disable the interswitch trunk, enter the following command:
config mlt <mlt-id> ist <enable|disable>
where:
<mlt-id> is the MLT ID.
Figure 195 on page 459 shows sample output for the config mlt ist enable
and config mlt ist disable commands. It includes the system warning
that appears when you disable the IST.
314725-E Rev 00
Figure 195 Config mlt ist enable/disable command output
ERS-8606:5/config/mlt/1/ist# enable
ERS-8606:5/config/mlt/1/ist# disable
WARNING : Disabling IST may cause a loop in the network!

Do you really want to DISABLE IST? (yes/no?)
Configuring CP-Limit for an IST
The CP-Limit feature is disabled by default on all IST ports. It can be enabled on
the port under any of the following conditions:
• if the port is removed from the interswitch trunk

• if the interswitch trunk is deleted
• if the interswitch trunk is converted to a normal multilink trunk
Nortel recommends that you disable CP-Limit on IST links. For more
information, see “About CP-Limit and SMLT IST” on page 64.
To configure CP-Limit for the interswitch trunk, enter the following command:
config ethernet <slot/port> cp-limit
where:
<slot/port> specifies the slot or port.

followed by:
<enable|disable> Enables or disables control packet rate limit
(CP-Limit). The default setting is enabled.
If you want to reenable CP-Limit on a port, you
must first disable the port and then reenable it
(config ethernet <slot/port>
state <disable|enable>).


followed by:
multicast-limit <value> Sets the multicast control frame packet per
second rate (1000 to 100 000).
broadcast-limit <value> Sets the broadcast frame packet per second
rate (1000 to 100 000).
For information about viewing current CP-Limit status for an IST multilink trunk,
see Figure 186 on page 435.
Deleting an interswitch trunk
To delete the interswitch trunk, enter the following command:
config mlt <mlt-id> ist delete
where:
<mlt-id> is the MLT ID.
You must disable the interswitch trunk before deleting it (see “Enabling and
disabling an interswitch trunk” on page 458).
Creating a single port split multilink trunk
To create a single port split multilink trunk, enter the following command:
config ethernet <port> smlt <smltid>
where:
<port> is the port number, and
<smltid> is the MLT ID.

followed by:
info Shows the port SMLT information.
314725-E Rev 00

followed by:
create Creates a single port split multilink trunk.
delete Deletes a single port split multilink trunk.
You cannot use SMLT on brouter ports. LACP is supported on single port split
multilink trunks. For more information about single port split multilink trunking,
see “Single Port SMLT” on page 119.
Configuration example: single port split multilink trunk
The configuration example shown in Figure 196 on page 462 uses the commands
described previously to create a single port split multilink trunk on port 4/5. The
switch automatically disables spanning tree protocol on the port after it is
configured for SMLT.
the results.

Figure 196 Configuration example: Single Port SMLT
ERS-8606:5# config ethernet 4/5 smlt 1

ERS-8606:5/config/ethernet/4/5/smlt/1# create
INFO : The spanning tree protocol has been disabled on this port
while configuring the port with SMLT
ERS-8606:5/config/ethernet/4/5/smlt/1# info
Sub-Context:
Current Context:
Port 4/5 :
create : 1
delete : N/A
Oper Status : normal
ERS-8606:5
Configuring SMLT-on-Single-CPU
To support SMLT on an aggregation switch with a single CPU, enter the following
command:
config sys set smlt-on-single-cp <enable|disable> [timer

<value>]
where:
enable enables the SMLT-on-Single-CPU feature;
disable disables the SMLT-on-Single-CPU feature;
timer <value> sets the SMLT-on-Single-CPU feature timeout value.
The timeout value determines when the Input/Output (I/O) modules port link
status goes down after the single CPU becomes non-operational. The parameter is
a numerical value in the range 1 to 3. If not set, the default value (3) is used. A
timer value of 1 relates to approximately 3 seconds of detection time and a timer
value of 3 relates to approximately 9 seconds of detection time.
314725-E Rev 00
Using the MLT and SMLT show commands

To display information and statistics about MLT operation in the switch, use the
show mlt commands.
This section includes information on show commands:
• “Displaying all multilink trunk information”

• “Displaying information about collision errors” on page 467
• “Displaying information about Ethernet errors” on page 467
• “Displaying multilink trunk status” on page 468
• “Displaying interswitch trunk status” on page 469
• “Displaying split multilink trunk status” on page 470
• “Displaying all ports configured for single port split multilink trunk” on
page 471
• “Displaying a port configured for Single Port SMLT” on page 471
• “Displaying MLT statistics” on page 472
Displaying all multilink trunk information
The show mlt show-all command shows all multilink trunk information.
The command uses the syntax:
show mlt show-all [file <value>]
where <value> is the filename to which the output will be directed.
Figure 197 on page 464, Figure 198 on page 465, and Figure 199 on page 466
show sample output for this command.

Figure 197 Show mlt show-all sample output
ERS-8606:5# show mlt show-all
# show mlt error collision

================================================================================
Mlt Collision Error
================================================================================
MLT -----------------COLLISIONS------------
ID SINGLE MULTIPLE LATE EXCESSIVE
--------------------------------------------------------------------------------
3 0 0 0 0
# show mlt error main

================================================================================
Mlt Ethernet Error
================================================================================
MLT ALIGN FCS IMAC IMAC CARRIER FRAMES SQETEST DEFER
ID ERROR ERROR TRNSMIT RECEIVE SENSE TOOLONG ERROR TRNSMSS
--------------------------------------------------------------------------------
3 0 0 0 0 0 0 0 0
show mlt info

================================================================================
Mlt Info
================================================================================
PORT SVLAN MLT MLT PORT VLAN
MLTID IFINDEX NAME TYPE TYPE ADMIN CURRENT MEMBERS IDS
--------------------------------------------------------------------------------
3 4098 MLT-3 access normal norm norm
MULTICAST DESIGNATED LACP LACP

MLTID IFINDEX DISTRIBUTION NT-STG PORTS ADMIN OPER
--------------------------------------------------------------------------------
3 4098 disable enable null disable down
ERS-8610:6# show mlt ist info
==========================================================================
Mlt IST Info
==========================================================================
MLT IP VLAN ENABLE IST
ID ADDRESS ID IST STATUS
--------------------------------------------------------------------------
2 131.202.7.2 4095 false down
ERS-8610:6## show mlt ist stat
314725-E Rev 00
Figure 198 Show mlt show-all sample output (continued)
#show mlt ist stat
================================================================================
Mlt IST Message Statistics
================================================================================
PROTOCOL MESSAGE COUNT
--------------------------------------------------------------------------------
Ist Down : 0
Hello Sent : 0
Hello Recv : 0
Learn MAC Address Sent : 0
Learn MAC Address Recv : 0
MAC Address AgeOut Sent : 0
MAC Address AgeOut Recv : 0
MAC Address Expired Sent : 0
Delete Mac Address Sent : 0
Delete Mac Address Recv : 0
Smlt Down Sent : 0
Smlt Down Recv : 0
Smlt Up Sent : 0
Smlt Up Recv : 0
Send MAC Address Sent : 0
Send MAC Address Recv : 0
IGMP Sent : 0
IGMP Recv : 0
Port Down Sent : 0
Port Down Recv : 0
Request MAC Table Sent : 0
Request MAC Table Recv : 0
Unknown Msg Type Recv : 0

Figure 199 Show mlt show-all sample output (continued)

# show mlt smlt info
============================================================================
Mlt SMLT Info
============================================================================
MLT SMLT ADMIN CURRENT
ID ID TYPE TYPE
----------------------------------------------------------------------------
2 27 smlt norm
# show mlt stats
============================================================================
Mlt Interface
============================================================================
ID IN-OCTETS OUT-OCTETS IN-UNICST OUT-UNICST
----------------------------------------------------------------------------
1 0 0 0 0
2 0 0 0 0
3 0 0 0 0
ID IN-MULTICST OUT-MULTICST IN-BROADCST OUT-BROADCST MT

----------------------------------------------------------------------------
1 0 0 0 0 E
2 0 0 0 0 E
3 0 0 0 0 E
NOTE 1: MT - MLT Type, P - POS, E - Ethernet, A - ATM

NOTE 2: Broadcast & Multicast values are not applicable for MLT POS ports.
NOTE 3: ATM link out-bound statistics are available in aggregate form only
as show in OUT UNICST/OUT MULTICST/OUT BROADCST
8610:5#
314725-E Rev 00
Displaying information about collision errors
To display information about collision errors in the specified multilink trunk, or

for all multilink trunks, enter the following command:
show mlt error collision [<mid>]
where:
Figure 200 shows sample output for the show mlt error collision
command.
Figure 200 Show mlt error collision command output

ERS-8606:5# show mlt error collision
===============================================================
Mlt Collision Error
===============================================================
MLT -----------------COLLISIONS------------
ID SINGLE MULTIPLE LATE EXCESSIVE
---------------------------------------------------------------
3 0 0 0 0
ERS-8606:5#
Displaying information about Ethernet errors
To display information about the types of Ethernet errors sent and received by the
specified multilink trunk or all multilink trunks, enter the following command:
show mlt error main [<mid>]
where:
Figure 201 on page 468 shows sample output for the show mlt error main
command. The IMAC columns refer to internal MAC address errors.

Figure 201 Show mlt error main command output

ERS-8606:5# show mlt error main
=============================================================================
Mlt Ethernet Error
=============================================================================
MLT ALIGN FCS IMAC IMAC CARRIER FRAMES SQETEST DEFER
ID ERROR ERROR TRNSMIT RECEIVE SENSE TOOLONG ERROR TRNSMSS
-----------------------------------------------------------------------------
31 0 0 0 0 0 0 0 0
32 0 0 0 0 0 0 0 0
Displaying multilink trunk status
To display the status of MultiLink Trunking for the switch or for the specified
multilink trunk ID, enter the following command:
show mlt info [<mid>]
where:
Figure 202 on page 469 shows sample output for the show mlt info command.
314725-E Rev 00
Figure 202 Show mlt info command output
ERS-8606:5# show mlt info
================================================================================
Mlt Info
================================================================================
--------------------------------------------------------------------------------
3 4098 MLT-3 access normal norm norm

--------------------------------------------------------------------------------
3 4098 disable enable null disable down
ERS-8606:5#
Displaying interswitch trunk status
To display the status of interswitch trunking for the switch or for the specified
show mlt ist info
Figure 203 shows sample output for the show mlt ist info command.
Figure 203 Show mlt ist info command output
=========================================================================
Mlt IST Info
=========================================================================
-------------------------------------------------------------------------
2 131.202.7.2 4095 false down
ERS-8610:6#

Displaying split multilink trunk status
To display split multilink trunk status for the switch or for a specific SMLT ID,
enter the following command:
show smlt info [<mid>]
where:
The switch shows both MLT-based split multilink trunk information and single
port split multilink trunk information.
Figure 204 shows output from a sample show smlt info command.
Figure 204 Show smlt info command output

ERS-8606:5# show smlt info 1
===========================================================================
Mlt SMLT Info
===========================================================================
ID ID TYPE TYPE
---------------------------------------------------------------------------
===========================================================================
Port SMLT Info
===========================================================================
PORT SMLT ADMIN CURRENT
NUM ID TYPE TYPE
---------------------------------------------------------------------------
4/5 1 smlt normal
ERS-8606:5#
314725-E Rev 00
Displaying all ports configured for single port split multilink

trunk
To view all ports currently configured for single port split multilink trunk, enter
show ports info smlt [vlan <value>] [port <value>]
where:
The VLAN ID and the port are optional parameters.
Figure 205 shows the output from a sample show ports info smlt command.
Figure 205 Show ports info smlt command output

ERS-8606:5# show ports info smlt
=============================================================================
SMLT Info
=============================================================================
PORT SMLT ADMIN CURRENT
NUM ID TYPE TYPE
-----------------------------------------------------------------------------
4/5 1 smlt normal
ERS-8606:5#
Displaying a port configured for Single Port SMLT

To view a port configured for Single Port SMLT, enter the following command:
show ports info config [vlan <value>] [port <value>]
where:

Figure 206 shows output from a sample show ports info config command.
Figure 206 Show ports info config command output
ERS-8606:5# show ports info config 4/1
============================================================================
Port Config
============================================================================
PORT AUTO SFFD ADMIN OPERATE DIFF-SERV QOS MLT VENDOR DUAL SMLT ADMIN OPERATE
NUM TYPE NEG. DUPLX SPD DUPLX SPD EN TYPE LVL ID NAME CONN ID ROUTING
ROUTING
-----------------------------------------------------------------------------
4/1 100BaseTX true false half 10 0 fals core 1 0 0 Enable Disable
Displaying MLT statistics
To display MultiLink Trunking statistics for the switch or for the specified
show mlt stats [<mid>]
where:
Figure 207 on page 473 shows sample output for the show mlt stats
command.
314725-E Rev 00
Figure 207 Show mlt stats command output
ERS-8606:5# show mlt stats
================================================================================
Mlt Interface
================================================================================
ID IN-OCTETS OUT-OCTETS IN-UNICST OUT-UNICST
--------------------------------------------------------------------------------
3 4411520 1782784 0 0
ID IN-MULTICST OUT-MULTICST IN-BROADCST OUT-BROADCST MT

--------------------------------------------------------------------------------
3 68930 27856 0 0 E
NOTE 1: MT - MLT Type, P - POS, E - Ethernet, A - ATM

NOTE 2: Broadcast & Multicast values are not applicable for MLT POS ports.
NOTE 3: ATM link out-bound statistics are available in aggregate form only
as show in OUT UNICST/OUT MULTICST/OUT BROADCST
ERS-8606:5#
Troubleshooting SMLT problems

This section provides procedures for troubleshooting IST problems and
single-user problems.
The following topics are included:
• “Troubleshooting IST problems” on page 474

• “Troubleshooting problems with a single user” on page 476

Troubleshooting IST problems
To troubleshoot SMLT IST problems:
1 Enter the show mlt ist stat command to display the IST message count.
(Figure 208).
Figure 208 Show mlt ist stat command output

ERS-8606:5# show mlt ist stat
==============================================================
==============================================================
--------------------------------------------------------------
Ist Down : 0
Hello Sent : 5
Hello Recv : 3
Smlt Down Sent : 6
Smlt Down Recv : 0
Smlt Up Sent : 0
Smlt Up Recv : 0
IGMP Sent : 0
IGMP Recv : 0
Port Down Sent : 0
Port Down Recv : 0
ERS-8606:5#
2 Enter the show mlt info command to display all the multilink trunks in the
switch, their admin-type, running type, ports, and VLANs (Figure 202 on
page 469).
314725-E Rev 00
3 Check to ensure that IST is operational by using the show mlt ist info
command (Figure 209).
Figure 209 Show mlt ist info command output

===============================================================
Mlt IST Info
===============================================================
---------------------------------------------------------------
2 131.202.7.2 4095 false down
ERS-8610:6#
4 If IST is not operational, check to ensure that:

a The correct VLAN ID exists on either side of the interswitch trunk
b The IST configuration contains the correct local and peer IP addresses
5 If IST is operational, check that the SMLT port is operating by using the show
mlt smlt info command (Figure 210).
a If the SMLT status is SMLT, the status is correct.
Figure 210 Show mlt smlt info command output

ERS-8610:6# show mlt smlt info
===============================================================
Mlt SMLT Info
===============================================================
ID ID TYPE TYPE
---------------------------------------------------------------
3 12 smlt norm
ERS-8610:6#
b If the SMLT status is NORMAL, the link is running in a normal (single)

mode and not SMLT mode. The reasons for this can be as follows:
— the remote split multilink trunk link is not operational

— the ID is not configured on the other switch. To determine this, check

to see whether the SMLT IDs match
— the IST is not operational
Troubleshooting problems with a single user

To determine if only a single user is affected, check the VLAN FDB tables on
both IST switches using the show vlan info fdb-entry <vlan-id>
command. Both FDB tables should be synchronized.
The command shows whether:
• The MAC address is learned on the local SMLT port (that is, SMLT REMOTE
flag is false). See Figure 211 on page 476.
or
• The MAC address is learned through IST from a remote SMLT port (that is,
the SMLT REMOTE flag is true).
The FDB table entry for the client connected to the user access switch must
specify the learned split multilink trunk port as INTERFACE in both IST
switches.
Figure 211 Show vlan info fdb-entry command output

ERS-8606:5# show vlan info fdb-entry 1
===============================================================
Vlan Fdb
===============================================================
VLAN MAC QOS SMLT
---------------------------------------------------------------
1 learned 00:00:50:0d:6b:82 Port-2/7 false 1 false
1 out of 1 entries in all fdb(s) displayed.
ERS-8606:5#
314725-E Rev 00
Global MAC filtering

You can globally configure MAC filtering to disallow bridging or routing of any
packets transmitted or received from specified MAC addresses on any VLAN.
To globally filter MAC addresses, use the following command:
config fdb fdb-filter
config fdb fdb-filter

followed by:
info Show current level parameter settings and next
level directories.
add <mac> Adds a global FDB filter.
• <mac> is the MAC address to filter.
Enter the MAC address in the following format
{0x00:0x00:0x00:0x00:0x00:0x00}.
remove <mac> Removes a global FDB filter.
• <mac> is the MAC address to filter.
Enter the MAC address in the following format
{0x00:0x00:0x00:0x00:0x00:0x00}.
Figure 212 on page 477 show an example of the config fdb fdb-filter
info command output.
Figure 212 Config fdb fdb-filter info command output

ERS-8606:5/config/fdb/fdb-filter# info
add :
mac - 00:11:22:23:43:21
remove : N/A
Figure 213 on page 478 shows an example of the show fdb fdb-filter
command output:

Figure 213 Show fdb fdb-filter command output

ERS-8606:5# show fdb fdb-filter
===============================================
Global Fdb Filter
===============================================
MAC ADDRESS
-----------------------------------------------
00:11:11:11:11:11
00:e0:16:70:93:0f
00:e0:7b:bf:cc:00
Configuring Simple Loop Prevention Protocol

Logical loops can occur in SMLT networks because of misconfigurations, switch
problems, or because MLT is not operating correctly. You can detect loops with
Simple Loop Prevention Protocol (SLPP). For more information about SLPP, see
“Simple Loop Prevention Protocol” on page 130.
The following topics are included:
• “Configuring SLPP on a port” on page 480

• “Showing SLPP information” on page 481
• “Showing SLPP port information” on page 482
Switch 8600 v4.1
To configure Simple Loop Prevention Protocol, use the following command:
config slpp
314725-E Rev 00
This command has the following options:
config slpp
followed by:
add <vid> Adds a VLAN to a SLPP transmission list.

• <vid> is the ID of the VLAN.
etherType <pid> Specifies the SLPP PDU Ether type.
• <pid> is the SLPP protocol ID in
hexadecimal format.
remove <vid> Removes a VLAN from a SLPP transmission list.
• <vid> is the ID of the VLAN.
level directories.
operation <enable|disable> Enables or disables the SLPP operation.
Note: The SLPP packets transmit and receive
process is active only when the SLPP operation
is enabled. When the SLPP operation is
disabled, no SLPP packet is sent out, and any
received SLPP packet is discarded.
tx-interval <integer> Sets the SLPP packet transmit interval.
• <integer> is the SLPP packet transmit
interval.
The range is 500 to 5000 s, and the default is
500 s.
Figure 214 on page 480 shows how to display the SLPP transmission list and
operation state.

Figure 214 Config slpp slpp info command

ERS-8606:5# config slpp info
Sub-Context: clear config dump monitor show test trace wsm

asfm sam
Current Context:
add : 1
etherType (hex) : 0x8104
operation : disabled
tx-interval : 500
ERS-8606:5#
Configuring SLPP on a port
To configure SLPP on a port, use the following command:
config ethernet <portlist> slpp
where:
portlist is the slot/port.
config ethernet <portlist> slpp

followed by:
packet-rx <enable|disable> Enables or disables SLPP packet reception on

the listed ports
packet-rx-threshold Specifies the SLPP reception threshold on the
<integer> ports. The threshold is an integer.

level directories.
The packet reception threshold specifies how many SLPP packets are received by
the port before it is administratively disabled. Figure 215 on page 481 shows how
to display the SLPP state on a port:
314725-E Rev 00
Figure 215 Config ethernet command
ERS-8606:5# config ethernet 4/1-4/2 slpp info
sam
Current Context:
Port 4/1 :
packet-rx : disable
packet-rx-threshold : 1
Port 4/2 :
packet-rx : disable
packet-rx-threshold : 1
ERS-8606:5#
Showing SLPP information
To show SLPP information, use the following command:
show slpp info
Figure 216 shows SLPP information.
Figure 216 Show slpp info command

ERS-8606:5# show slpp info

asfm sam
Current Context:

operation : enabled
tx-interval : 500
vlan : 1,2,5
ERS-8606:5#
For an SLPP configuration example, see “Single Port SMLT with SLPP
configuration example” on page 505.

Showing SLPP port information
To show SLPP port information, use the following command:
show ports info slpp [port <value>]
where port <value> is the port list.
Figure 217 shows SLPP information, and Table 67 describes the fields.
Figure 217 Show ports info slpp command

ERS-8603:3# show ports info slpp
=============================================================
Port Interface
=============================================================
PORT PKT-RX PKT-RX INCOMING SLPP PDU

NUM THRESHOLD VLAN ID ORIGINATOR
-------------------------------------------------------------
1/1 enabled 15
1/4 enabled 1
1/5 enabled 1
1/20 enabled 1
ERS-8603:3#
Table 67 Show ports info slpp field descriptions
Field Description
PORT NUM Specifies the port number.

PKT-RX Specifies if SLPP is enabled or disabled.
PKT-RX THRESHOLD Specifies the threshold for packet reception as a range of 1
to 20. After the port reaches the packet threshold, it shuts
down.
INCOMING VLAN ID VLAN ID of the classified packet on a port disabled by
SLPP.
SLPP PDU ORIGINATOR Specifies the originator of the SLPP PDU.
314725-E Rev 00
483
Chapter 11
Configuring multiple DSAP and SSAP using the
CLI
Release 3.5 introduced a feature used for the configuration of multiple DSAPs or
SSAPs for SNA or user-defined VLAN types.
The base implementation of the SNA VLAN allows SNA 802.2 traffic to be
classified into a SNA VLAN based on a 0x04 destination SAP or 0x04 source
SAP. Some applications require changing these classifications to DSAP and to
SSAP. The newly introduced feature allows this configuration and extends to
support any user-defined VLANs with multiple SSAPs and DSAPs.
Using this feature, you can add 31 additional protocol IDs or DSAP/SSAP values
(for a total of 32) when you create or reconfigure a SNA 802.2 VLAN or a
user-defined VLAN.
Note: Hardware record usage increases considerably using this feature

(see “Design aspects” on page 484).
This section includes the following sections:
Topic Page
Design aspects 484

Configuring multiple DSAP and SSAP with the CLI 487

484 Chapter 11 Configuring multiple DSAP and SSAP using the CLI
Design aspects
You can configure this feature using the CLI or Device Manager. You must first
create the SNA or user-defined VLAN, then add the DSAPs or SSAPs for this
VLAN.
For user-defined VLANs, DSAP/SSAP, additions can only be applied to VLANs

created without any specific encapsulation type, or to VLANs with an
encapsulation type of LLC. The addition of DSAP/SSAP is not allowed on
user-defined VLANs created with an encapsulation type of Ethernet-ii or SNAP.
For each SNA 802.2 VLAN (which includes the 31 additional DSAP/SSAP
values), 256 records are created, including:

• 31 * 8 = 248 protocol ID records
In this case, the default 0x04 record is always created on the switch.
For each user-defined VLAN created with no encapsulation specified, a total of

280 records are created, including:

VLAN creation). One record of each type—LLC, Ethernet-ii and SNAP—is
created in this case.
For each user-defined VLAN created with encapsulation set to LLC, 264
hardware records are created, including:

VLAN creation). Only the LLC record is created in this case.
Nortel does not recommend using more than 10 of the user-defined VLANs,
including 32 DSAP/SSAP values, due to the extensive hardware record usage
which can affect overall system scalability.
314725-E Rev 00
Chapter 11 Configuring multiple DSAP and SSAP using the CLI 485
You can check for hardware record availability by executing the CLI command
show/sys/record-reservation.
There is only one SNA VLAN allowed on an individual port. DSAP/SSAPs

values can be configured, provided they are not the same as the reserved values
listed in Table 68. An exception is 0x0800, which can be configured with
encapsulation set to LLC.
Table 68 Reserved values for configuring SNA or user-defined VLANs
IP_ii 0x0800
ARP_ii 0x0806
RARP_ii 0x8035
IPX(old)_ii 0x8137
IPX_ii 0x8138
IPX(old)_SNAP 0x00000 0x813
IPX_SNAP 0 7
0x00000 0x813
0
8
IPX_802.3 0xE0 0xE0
IPX_802.3 0xFF 0xFF
APPLE_ii 0x809B
0X80F 0x809
APPLE_SNAP 3 0x08000 B
7 0x80F
3
DEC_LAT 0x6004
DEC_ELSE 0x6000
-
0x6003
0x6005
-
0x6009
DEC_BPDU 0x8038
SNA_ii 0x80D5

Table 68 Reserved values for configuring SNA or user-defined VLANs
SNA_LLC 0x04 XX
XX 0x04
NetBIOS 0xF0 XX
XX 0xF0
XNS 0x0600
XNS_comp 0x0807
314725-E Rev 00
Configuring multiple DSAP and SSAP with the CLI

The CLI command syntax you can use to create a protocol-based VLAN is shown
in the following table.

followed by:
byprotocol <sid> Creates a protocol-based VLAN.
<ip|ipx802dot3|ipx802dot2|ipxSnap|i • <sid> is the spanning tree ID.
pxEthernet2|appleTalk|declat|decOth
er|sna802dot2|snaEthernet2|netBios| • <ip|ipx802dot3|ipx802dot2|ipxSnap|
xns|vines|ipV6|usrDefined|rarp|PPPo ipxEthernet2|appleTalk|decLat|de
E>[<pid>] [name <value>] [color cOther|sna802dot2|snaEthernet2|n
<value>] [encap <value>] etBios|xns|vines|ipV6|usrDefined
|rarp|PPPoE> specifies the protocol.
• <pid> is a user-defined protocol ID number in
hexadecimal.
0 to 20 characters.
method.
byprotocol-mstprstp <instance-id> Creates a VLAN by protocol.
<ip|ipx802dot3|ipx802dot2|ipxSnap|i • <instance-id> is the instance ID.
pxEthernet2|appleTalk|decLat|decOth
er|sna802dot2|snaEthernet2|netBios| • <ip|ipx802dot3|ipx802dot2|ipxSnap|
xns|vines|ipV6|usrDefined|rarp|PPPo ipxEthernet2|appleTalk|decLat|de
E> [<pid>] [name <value>] [color cOther|sna802dot2|snaEthernet2|n
<value>] [encap <value>] etBios|xns|vines|ipV6|usrDefined
|rarp|PPPoE> is the protocol ID.
• <pid> is the user-defined PID number in
hexadecimal.
0 to 64 characters.
with the values ethernet-ii, llc, or snap.

You can add or remove DSAP or SSAP to or from the VLAN if byprotocol is
sna802dot2 or usrDefined. Use the commands addDsapSsap and
removeDsapSsap. For more information about these commands, see
“Performing general VLAN operations” on page 313.
addDsapSsap <value> specifies the DSAP/SSAP values (values are in

hexadecimal)
removeDsapSsap <value> specifies the DSAP/SSAP values} (values are in

hexadecimal)
32 entries are allowed for sna802dot2 or usrDefined VLANs.
Example
ERS-8610:5/config/vlan/2# addDsapSsap 000fff
This adds DsapSsap 000fff to the SNA VLAN 2. This example assumes that
VLAN 2 has already been created.
Figure 218 on page 489 shows the CLI commands which create VLAN 17, and
add DDAP/SSAP 000fff to the VLAN.
314725-E Rev 00
Figure 218 Config vlan create byprotocol commands

ERS-8610:5# config vlan 17 create byprotocol 1 sna802dot2 name kevvlan color
3
ERS-8610:5# config vlan 17 addDsapSsap 000fff
ERS-8610:5# show vlan info all 17
===========================================================================
Vlan Basic
===========================================================================
VLAN STG
---------------------------------------------------------------------------
17 kevvlan byProtocolId 1 sna802dot2 N/A N/A
===========================================================================
Vlan Port
===========================================================================
---------------------------------------------------------------------------
17
===========================================================================
Vlan ATM VPort
===========================================================================

314725-E Rev 00
491
Chapter 12
Device Manager configuration examples
This chapter provides examples of common link aggregation configuration tasks

using Device Manager.
• For conceptual information about VLANs and link aggregation, see

Chapter 1, “Layer 2 operational concepts,” on page 37.
• For Device Manager link aggregation configuration information, see
Chapter 5, “Configuring link aggregation using Device Manager,” on page
249.
Topic Page
LACP point to point LAG configuration example 491

SMLT and LACP configuration example 495
Single Port SMLT and LACP configuration example 500
LACP point to point LAG configuration example

Use this procedure to configure a link aggregation group (LAG) between two
Ethernet Routing Switch 8600 devices with 4 link members. VLANs 10 and 20
are tagged across the LAG. Assume the following parameters: LACP key = 1,
MLT ID = 1.VLAN 10 and 20 have already been created; ports 1/1 to 1/4 are
tagging-enabled and are members of VLAN 10 and 20; and both switches are
mirror images of each other. Figure 219 on page 492 shows the network topology.

492 Chapter 12 Device Manager configuration examples
Figure 219 Point to point LAG
1 In Device Manager, go to VLAN > MLT/LCAP.

The MLT_LACP box appears (Figure 220).
Figure 220 MLT LCAP
2 On the LACP Global tab, ensure that Enable is selected.

Accept the default values for the other parameters.
314725-E Rev 00
Chapter 12 Device Manager configuration examples 493
3 Click Apply.
4 Click the Multilink/LACP Trunks tab.
The Multilink/LACP Trunks box appears.
5 Click Insert.
The MLT_LACP, Insert Multilink/LACP Trunks box appears (Figure 221).
Figure 221 Insert Multilink/LACP Trunks
6 Configure parameters as shown in Figure 221.

7 Click Insert.
8 Go to VLAN > MLT/LACP > LACP.

Figure 222 MLT_LACP tab
9 Change the ActorAdminKey for the multilink trunk; this key must match the
key on ports 1/1 to 1/4. Set ActorAdminKey to 1.
10 On each of ports 1/1 to 1/4, three fields must be changed in the order given:
a Click on the LAG port, and right-click.
b Select Edit General > LACP (see Figure 223 on page 495).
c Set ActorAdminKey equal to 1 and then click Apply.
d Set ActorAdminState to aggregation and then click Apply.
e Select AdminEnable and then click Apply.
314725-E Rev 00
Figure 223 Port LACP configuration
SMLT and LACP configuration example

The Ethernet Routing Switch 8600 fully supports the IEEE 802.3ad Link
Aggregation Control Protocol. LACP is supported on MLT and DMLT links and
extends to a pair of SMLT switches.
With this extension, the Ethernet Routing Switch 8600 provides a standardized
external link aggregation interface to third party vendor IEEE 802.3ad
implementations. With previous software versions, interoperability was provided
through a static configuration; now a dynamic link aggregation mechanism is
provided.

In this example, ERS 8600C is used as the SMLT client; any switch that supports
LACP can be used as an LACP-enabled SMLT client.
Note: Do not use 802.3ad on the interswitch trunk. The LACP keys on
the SMLT core switches must match (ERS 8600 A, ERS 8600 B).
Figure 224 shows the network topology.
Figure 224 SMLT and LACP configuration example
Assume the following:
• The interswitch trunk has already been created.

• User VLAN 100 has already been created on all three switches with the port
membership as described in Figure 224 on page 496.
• ERS 8600 C is already configured as described in “LACP point to point LAG
configuration example” on page 491, but instead uses ports 1/10 to 1/13. The
LACP key on this switch does not need to match that of the SMLT core
switches.
314725-E Rev 00
• The LACP key on both ERS 8600 A and ERS 8600 B must match.
The following configuration can be performed on both SMLT core switches.
1 Using Device Manager, go to VLAN > MLT/LACP.

2 On the LACP Global tab, ensure that Enable is selected.
Accept the default values for the other parameters.
3 Click Apply.
4 Click the Multilink/LACP Trunks tab.
The Multilink/LACP Trunks box appears.
5 Click Insert.
The MLT_LACP, Insert Multilink/LACP Trunks box appears (Figure 225 on
page 498).

Figure 225 Insert Multilink/LACP Trunks box
6 Configure the parameters as shown in Figure 225.

7 Click Insert.
Figure 226 on page 499 shows how the port information appears after this
step. (To view this information, go to VLAN > MLT/LACP > Multilink/LACP
Trunks.)
314725-E Rev 00
Figure 226 MLT LACP information
8 Go to VLAN > MLT/LACP > LACP.

The MLT_LACP box appears.
9 Change the ActorAdminKey to 1; this is the same key number that will be
applied to ports 1/10 and 1/11 (Figure 227).
Figure 227 MLT_LACP—LACP tab
10 On each LAG port, three fields must be changed in the order given:
a Click on the LAG port, and right-click.
b Select Edit General > LACP.
c Set ActorAdminKey equal to 1 and then click Apply.
d Set ActorAdminState to aggregation and then click Apply.
e Select AdminEnable and then click Apply.

Single Port SMLT and LACP configuration example

The Single Port SMLT behaves like an MLT-based SMLT and can coexist with
SMLTs in the same system; however, an SMLT ID can belong to either an
MLT-SMLT or a Single Port SMLT per chassis.With Single Port SMLT, you can
scale the number of split multilink trunks on a switch to a maximum number of
available ports.
This example highlights the steps used to configure Single Port SMLT using
LACP to create the LAG. Any LACP-enabled device can be used as the LACP
client. Figure 228 shows the network topology.
Figure 228 Network topology for Single Port SMLT example
Assume the following:
• The interswitch trunk has already been created as shown in Figure 228.
• User VLAN 10 has already been created on all three switches with the port
membership described in Figure 228.
314725-E Rev 00
• The ERS8600C is configured using the same steps as described in “LACP

point to point LAG configuration example” on page 491, but instead uses
ports 1/1 to 1/2. The LACP key does not need to match that of the SMLT core
switches.
• The LACP keys on both ERS8600A and ERS8600B must match.
The following configuration must be performed on both SMLT core switches:
1 In Device Manager, select the port to be configured and right-click.

2 Select Edit General > SMLT.
The Port box appears (Figure 229).
Figure 229 Port box
3 Click Insert.
The Insert SMLT box appears (Figure 230 on page 502).

Figure 230 Insert SMLT
4 Insert a new SMLT group ID. The ID must match on all ports on both SMLT
core switches.
5 Click Insert.
6 Click the LACP tab and enable LACP by selecting the AdminEnable check
box (Figure 231).
Figure 231 LACP enable
7 Click Apply.
314725-E Rev 00
503
Chapter 13
CLI configuration examples
This chapter provides examples of common link aggregation configuration tasks,

including the command line interface (CLI) commands you use to create the
configuration.
• For conceptual information about VLANs and link aggregation, see

Chapter 1, “Layer 2 operational concepts,” on page 37.
• For information about the commands used in these examples, see:
— Chapter 7, “Configuring and managing VLANs using the CLI,” on page
303
— Chapter 9, “Configuring STGs using the CLI,” on page 379
— Chapter 10, “Configuring link aggregation using the CLI,” on page 427
Topic Page
MultiLink Trunking configuration example 504

Single Port SMLT with SLPP configuration example 505
SMLT triangle with loop detection configuration example 508
Square SMLT configuration example 514
Full mesh SMLT configuration example 518
SMLT and VRRP configuration example 522
SMLT and multicast configuration example 525
Triangle SMLT and LACP configuration example 526
Single Port SMLT and LACP configuration example 528
SLPP, VRRP BackupMaster, and SMLT configuration example 532
Ping Snoop configuration example 540
LACP point to point LAG configuration example 541

504 Chapter 13 CLI configuration examples
Topic (continued) Page
Enabling VLACP on Ethernet links configuration example 543

Per-VLAN Spanning Tree Plus (PVST+) configuration examples 544
Rapid Spanning Tree Protocol configuration example 554
Multiple Spanning Tree Protocol configuration example 559
MultiLink Trunking configuration example

This configuration example shows how to create a multilink trunk and a VLAN
(VLAN 100) between two Ethernet Routing Switch 8600 devices. The network is
used to carry user traffic (Figure 232).
Figure 232 MLT within a VLAN
The following sections provide step-by-step procedures that show how to

configure switch S1 and S2 for this example.
Configuring S1
1 Create VLAN 100:
ERS-8606:5# config vlan 100 create byport 1
2 Create multilink trunk10:
ERS-8606:5# config mlt 10 create
ERS-8606:5# config mlt 10 add ports 1/1,1/2,2/1,2/2
ERS-8606:5# config mlt 10 add vlan 100
314725-E Rev 00
Chapter 13 CLI configuration examples 505
Configuring S2
1 Create VLAN 100:
2 Create multilink trunk 10:
ERS-8606:5# config mlt 10 add ports 1/1,1/2,2/1,2/2
Single Port SMLT with SLPP configuration example

The single port Split MultiLink Trunking (SMLT) design is similar to the triangle
SMLT design. The only difference is that only a single port from each InterSwitch
Trunking (IST) switch goes to the access server. Figure 233 shows the network
topology.

Figure 233 Single Port SMLT
Configuring ERS8600B
1 Configure VLANs:
ERS8600-B:5# config vlan 1900 create byport 1
ERS8600-B:5# config vlan 10 create byport 1
2 Enable SLPP and add VLAN 10:
ERS8600-B:5# config slpp add 10
ERS8600-B:5# config slpp operation enable
3 Configure MLT 5 used for the IST link and add the IST VLAN:
ERS8600-B:5# config mlt 5 create
ERS8600-B:5# config mlt 5 add ports 2/1,3/1
ERS8600-B:5# config vlan 1900 add-mlt 5
4 Configure the IP address and interswitch trunk. The IP address points to the
partner interswitch trunk node:
ERS8600-B:5# config vlan 1900 ip create 1.1.1.1/30
ERS8600-B:5# config mlt 5 ist create ip 1.1.1.2 vlan-id 1900
314725-E Rev 00
5 Configure Single Port SMLT:

ERS8600-B:5# config ether 1/1 smlt 1 create
6 Enable SLPP packet reception on port 1/1:
ERS8600-B:5# config ethernet 1/1 slpp packet-rx enable
Configuring ERS8600C
1 Configure VLANs:
ERS8600-C:5# config vlan 1900 create byport 1
ERS8600-C:5# config vlan 10 create byport 1
2 Enable SLPP:
ERS8600-C:5# config slpp add 10
ERS8600-C:5# config slpp operation enable
3 Configure MLT. VLAN 10 must be spanned across the interswitch trunk
(MLT-5):
ERS-8606:5# config mlt 5 add ports 2/1,3/1
4 Configure IP address and IST. The IP address points to the partner IST node:
ERS-8606:5# config vlan 1900 ip create 1.1.1.2/30
ERS-8606:5# config mlt 5 ist create ip 1.1.1.1 vlan-id 1900
5 Configure Single Port SMLT:
ERS-8606:5# config ether 1/1 smlt 1 create
6 Enable SLPP packet reception on port 1/1, and set the threshold to 1:
ERS8600-C:5# config ethernet 1/1 slpp packet-rx enable
ERS8610-C:5# config ethernet 1/1 slpp packet-rx-threshold 1
To view the status of all SMLT ports, and show SLPP configuration information,
use the following commands:
ERS8610-B:5# show port info smlt port 1/1

ERS8610-B:5# show slpp info
ERS8610-B:5# show ports info slpp port 1/1
ERS8600-B:5# show log file tail

If port 1/1 is disabled on either ERS8600B or ERS8600C because either switch

received its own SLPP-PDU, a message is logged and a trap will be used.
SMLT triangle with loop detection configuration example

This configuration example shows how to create an SMLT triangle using three
Ethernet Routing Switch 8600 devices and a VLAN (VLAN 10), which is used to
carry user traffic (Figure 234). The following configuration example is based on a
three node network where ERS8600A is the SMLT client. Although only one port
is used to connect to the SMLT client from each SMLT aggregation switch in this
example, up to 8 total links can be used to carry traffic between the two.
Figure 234 SMLT triangle configuration example

configure switches ERS8600A, ERS8600B, and ERS8600C for this example. The
procedure configures:
314725-E Rev 00
• VLAN 1900 for the IST VLAN using MLT ID = 5

• VLAN 10 to the SMLT VLAN using MLT ID = 1
• SLPP packet receive threshold on ERS8600B (default) and ERS8600C (5)
1 Configure VLANs:
ERS-8606-B:5# config vlan 1900 create byport 1
ERS-8606-B:5# config vlan 10 create byport 1
2 Configure MLT 5 used for the IST link and add the IST VLAN. Disable the
CP-Limit for ports 2/1 and 3/1:
ERS-8606-B:5# config mlt 5 create
ERS-8606-B:5# config mlt 5 add ports 2/1,3/1
ERS-8606-B:5# config ether 2/1,3/1 cp-limit disable
ERS-8606-B:5# config vlan 1900 add-mlt 5
3 Configure the IST IP address and create the interswitch trunk using MLT 5.
The IP address is the IP address of the remote partner IST node.
ERS-8606-B:5# config vlan 1900 ip create 1.1.1.1/30
ERS-8606-B:5# config mlt 5 ist create ip 1.1.1.2 vlan-id 1900
4 Configure the SMLT link:
ERS-8606-B:5# config mlt 1 create
ERS-8606-B:5# config mlt 1 perform-tagging enable
ERS-8606-B:5# config mlt 1 add ports 1/1
ERS-8606-B:5# config mlt 1 smlt create smlt-id 1
5 Add VLAN 10 to the interswitch trunk and SMLT VLANs:
6 Enable loop detection on port 1/1. By default, the action will be set to
portdown. This can be verified by using the show config module port or
config ethernet 1/1 info command. The loop detect timers should be
staggered between the ERS8600B and ERS8600C: change the default
mac-flap-time-limit from the default setting of 500 ms to 700 ms.
ERS-8606-B:5# config ethernet 1/1 loop-detect enable
ERS-8606-B:5# config mac-flap-time-limit 700

1 Configure VLANs:
ERS-8606-C:5# config vlan 1900 create byport 1
ERS-8606-C:5# config vlan 10 create byport 1
2 Configure MLT 5 used for the IST link and add the IST VLAN. Disable
CP-Limit for ports 2/1 and 3/1.
ERS-8606-C:5# config mlt 5 create
ERS-8606-C:5# config mlt 5 add ports 2/1,3/1
ERS-8606-C:5# config ether 2/1,3/1 cp-limit disable
ERS-8606-C:5# config vlan 1900 add-mlt 5
3 Configure the IST IP address and create the interswitch trunk using MLT 5.
The IP address used is the IP address of the remote partner IST node.
ERS-8606-C:5# config vlan 1900 ip create 1.1.1.2/30
ERS-8606-C:5# config mlt 5 create ip 1.1.1.1 vlan-id 1900
4 Configure the SMLT link:
ERS-8606-C:5# config mlt 1 create
ERS-8606-C:5# config mlt 1 perform-tagging enable
ERS-8606-C:5# config mlt 1 add ports 1/1
ERS-8606-C:5# config mlt 1 smlt create smlt-id 1
5 Add VLAN 10 to the IST and SMLT VLANs:
6 Enable loop detection on port 1/1:
ERS-8606-C:5# config ethernet 1/1 loop-detect enable
Configuring ERS8600A
1 Configure VLAN 10:
ERS-8606-A:5# config vlan 10 create byport 1
ERS-8606-A:5# config vlan 10 ports add 2/1-2/5
2 Configure the MLT link:
ERS-8606-A:5# config mlt 1 create
ERS-8606-A:5# config mlt 1 perform-tagging enable
ERS-8606-A:5# config mlt 1 add ports 1/1,1/2
ERS-8606-A:5# config vlan 10 add-mlt 1
314725-E Rev 00
3 Enable Spanning Tree fast start on ports 2/1 to 2/5:

ERS-8606-A:5# config ethernet 2/1-2/5 stg 1 faststart enable
Verifying network operations
Figure 235 to Figure 238 on page 514 show commands you can use to verify that
the network is operating correctly.
Figure 235 Show mlt info output

ERS8600-C:5# show mlt info
=============================================================================
Mlt Info
=============================================================================
1 4096 MLT-1 trunk normal smlt smlt 1/1 10
5 4100 MLT-5 trunk normal ist ist 2/1-2/2 1900 10
=============================================================================
Mlt Info
=============================================================================
-----------------------------------------------------------------------------
1 4096 MLT-1 trunk normal smlt smlt 1/1 10
5 4100 MLT-5 trunk normal ist ist 2/1-2/2 10 1900

-----------------------------------------------------------------------------
1 4096 disable enable 1/1 disable down
5 4100 disable enable 2/1-2/2 disable down
The MLT CURRENT status for MLT-5 is ist. If this status is norm then the IST is
not active; there may be a misconfiguration or the links are not active. The current
MLT mode is smlt. If there is a misconfiguration or a link down in the network,
the value of MLT CURRENT would be norm.

Figure 236 Show mlt commands

ERS8600-C:5# show mlt ist info
=======================================================
Mlt IST Info
=======================================================
-------------------------------------------------------
5 1.1.1.1 1900 true up
ERS8600-C:5# show mlt ist stat

=========================================================
=========================================================
---------------------------------------------------------
Ist Down : 0
Hello Sent : 63480
Hello Recv : 63447
Smlt Down Sent : 0
Smlt Down Recv : 0
Smlt Up Sent : 2
Smlt Up Recv : 2
IGMP Sent : 0
IGMP Recv : 0
Port Down Sent : 0
Port Down Recv : 1
314725-E Rev 00
Figure 237 Show mlt commands, part 2

ERS8600-C:5# show mlt ist info
=======================================================
Mlt IST Info
=======================================================
-------------------------------------------------------
5 1.1.1.1 1900 true up
ERS8600-C:5# show mlt ist stat

=========================================================
=========================================================
---------------------------------------------------------
Ist Down : 0
Hello Sent : 63480
Hello Recv : 63447
Smlt Down Sent : 0
Smlt Down Recv : 0
Smlt Up Sent : 2
Smlt Up Recv : 2
IGMP Sent : 0
IGMP Recv : 0
Port Down Sent : 0
Port Down Recv : 1
ERS8600-B:5# show mlt smlt info

============================================
Mlt SMLT Info
============================================
ID ID TYPE TYPE
--------------------------------------------
1 1 smlt smlt

Loop Detection
Suppose a loop is formed between ERS8600A, ERS8600B, and ERS8600C. The

commands shown in Figure 238 on page 514 show commands you can use to
display the MAC address that is looping.
Figure 238 Loop detection commands

ERS8600-C:5# show ports info loop-detected vlan 10
=============================================================================
Port Loop-Detect
=============================================================================
PORT VLAN MAC LOOP DETECT SMLT REMOTE
ACTION
-----------------------------------------------------------------------------
1/1 10 00:00:02:00:00:01 PORT-DOWN false
ERS8600-C:5# show log file tail
CPU5 [02/17/06 15:16:28] SNMP INFO Smlt Link Down Trap(SmltId=10)

CPU5 [02/17/06 15:16:28] MLT INFO SMLT 1 DOWN
CPU5 [02/17/06 15:16:28] SNMP INFO Port 1/1 is a trunk port
CPU5 [02/17/06 15:16:28] SNMP INFO Link Down(1/1) due to loop detect
CPU5 [02/17/06 15:16:28] SNMP INFO Loop detected on port 1/1.Port is disabled
Square SMLT configuration example

The main rule for a square configuration (see Figure 239 on page 515) is that the
IST pairs, ERS8600A and D, and B and C, each must have matching SMLT IDs.
However, these IDs can differ between the two IST pairs. The initial configuration
creates the IST links between A and B, and C and D. Note that the IST IP
addresses differ; Nortel recommends that you use a different subnet for the IST IP
addresses between the pairs.
314725-E Rev 00
Figure 239 Square SMLT

1 Disable CP-Limit on IST ports:
ERS-8606:5# config ether 2/1,3/1 cp-limit disable
2 Configure VLANs:
(MLT-5):
4 Configure the IP address and IST. The IP address points to the partner IST
node:
5 Configure SMLT. The SMLT ID must be identical for each IST pair:
ERS-8606:5# config mlt 1 smlt create smlt-id 1
ERS-8606:5# config mlt 1 add ports 1/1
2 Configure VLANs:
(MLT-5):
314725-E Rev 00
2 Configure VLANs:
(MLT-5):
Configuring ERS8600D

2 Configure VLANs:
(MLT-5):
Use the show mlt info and the show smlt info commands to verify the
status of the multilink trunks.
Full mesh SMLT configuration example

The full mesh SMLT design is similar to the square SMLT, except more links are
added to fully mesh the four nodes (see Figure 240 on page 519). As with the
square configuration, it is imperative that all links within the SMLT group contain
the same SMLT ID, however, this ID need not be the same between each IST pair.
314725-E Rev 00
Figure 240 Full mesh SMLT

2 Configure VLANs:
(MLT-5):
2 Configure VLANs:
(MLT-5):
314725-E Rev 00
2 Configure VLANs:
(MLT-5):
4 Configure the IP address and IST. The IP address points to the partner
interswitch trunk node:
Configuring ERS8600D

2 Configure VLANs:
3 Configure MLT. VLAN 10 must be spanned across the IST (MLT-5):
5 Configure SMLT. The SMLT ID must be identical for each interswitch trunk
pair:
Use the show mlt info and the show smlt info commands to verify the
status of the multilink trunks.
SMLT and VRRP configuration example

In cases in which the Ethernet Routing Switch is providing the next-hop gateway,
and is in Virtual Router Redundancy Protocol (VRRP) mode, the Ethernet
Routing Switch can provide additional VRRP benefits. In this example (see
Figure 241 on page 523), ERS8600A is acting solely as a Layer 2 switch, with a
single VLAN 10 configured. The server in this example has a next-hop gateway
configured for the VRRP IP.
314725-E Rev 00
Figure 241 Network topology for SMLT and VRRP
2 Configure VLANs:
(MLT-5):
4 Configure IP address and IST. The IP address points to the partner IST node.

5 Configure SMLT. The SMLT ID must be identical on both nodes:

6 VRRP configuration. These commands add the VRRP virtual IP address of
10.10.10.1 to VLAN 10 with BackupMaster enabled so that both ERS8600B
and ERS8600C can respond to ARP.
ERS-8606:5# config vlan 10 ip vrrp 1 address 10.10.10.1
ERS-8606:5# config vlan 10 ip vrrp 1 backup-master enable
ERS-8606:5# config vlan 10 ip vrrp 1 holddown-timer 60
ERS-8606:5# config vlan 10 ip vrrp 1 enable
2 Configure VLANs:
(MLT-5):
4 Configure IP address and IST. The IP address points to the partner IST node.
5 Configure SMLT. The SMLT ID must be identical on both nodes:
314725-E Rev 00
6 VRRP configuration. These commands add the VRRP virtual IP address of

10.10.10.1 to VLAN 10 with BackupMaster enabled so that both ERS8600B
and ERS8600C can respond to ARP.
ERS-8606:5# config vlan 10 ip vrrp 1 address 10.10.10.1
ERS-8606:5# config vlan 10 ip vrrp 1 backup-master enable
ERS-8606:5# config vlan 10 ip vrrp 1 holddown-timer 65
ERS-8606:5# config vlan 10 ip vrrp 1 enable
1 Configure MLT on A:
The status of VRRP can be seen using the command show ip vrrp info.
SMLT and multicast configuration example

Use the following steps to configure multicast distribution over a MLT group:
1 Configure multicast distribution globally:

ERS-8606:5# config sys mcast-mlt-distribution enable
2 Configure multicast distribution on each MLT group:
ERS-8606:5# config mlt 1 mcast-distribution enable
The default settings allow all sources and groups to be distributed over MLT
(when enabled). Distribution can be controlled by controlling the source/group
masks:
ERS-8606:5# config sys mcast-mlt-distribution grp-mask

0.0.0.255
ERS-8606:5# config sys mcast-mlt-distribution src-mask
0.0.255.255

Triangle SMLT and LACP configuration example

This configuration example shows how to build and configure a triangle SMLT
network using LACP to enable the dynamic set up of SMLT links (Figure 242).
Figure 242 SMLT and IEEE 802.3ad configuration example

configure switch S1, S2, and S3 for this example.
Configuring S1
1 Create IST VLAN 1900:
ERS-8606:5# config mlt 5 perform-tagging enable
314725-E Rev 00
2 Create the SMLT VLAN and add ports:

ERS-8606:5# config vlan 100 ports add 3/1,3/2
ERS-8606:5# config vlan 100 add-mlt 5
3 Configure LACP on ports:
ERS-8606:5# config ether 3/1,3/2 lacp key 10
ERS-8606:5# config ether 3/1,3/2 lacp aggregation true
ERS-8606:5# config ether 3/1,3/2 lacp enable
4 Create SMLT and configure LACP. Ensure keys match port and keys are same
for both SMLT aggregation switches:
ERS-8606:5# config mlt 10 lacp key 10
ERS-8606:5# config mlt 10 lacp enable
ERS-8606:5# config ether 3/1,3/2 discard-untagged-frames
enable
Configuring S2
1 Create IST VLAN 1900:
2 Create the SMLT VLAN and add ports:
ERS-8606:5# config vlan 100 ports add 3/1,3/2
ERS-8606:5# config vlan 100 add-mlt 5
ERS-8606:5# config ether 3/1,3/2 lacp key 10
ERS-8606:5# config ether 3/1,3/2 lacp aggregation true
ERS-8606:5# config ether 3/1,3/2 lacp enable

4 Create SMLT and configure LACP. Ensure keys match: port and keys must be
the same for both SMLT aggregation switches:
ERS-8606:5# config ether 3/1,3/2 discard-untagged-frames
enable
Configuring S3
1 Create VLAN 100 and add ports:
ERS-8606:5# config vlan 100 ports add 3/1-3/4
ERS-8606:5# config ether 3/1-3/4 lacp key 20
ERS-8606:5# config ether 3/1-3/4 lacp aggregation true
ERS-8606:5# config ether 3/1-3/4 lacp enable
3 Create MLT 10 and configure LACP. Ensure keys match: port and keys must
be the same for both SMLT aggregation switches:
ERS-8606:5# config ether 3/1-3/4 discard-untagged-frames
enable
Single Port SMLT and LACP configuration example

The single port split multilink trunk behaves just like an MLT-based SMLT and
can coexist with SMLTs in the same system; however, an SMLT ID can belong to
either an MLT-SMLT or a single port split multilink trunk per chassis. With Single
Port SMLT, you can scale the number of split multilink trunks on a switch to a
maximum number of available ports.
314725-E Rev 00
When SMLT is enabled on a port, its key becomes default and aggregation
becomes true. The selection logic selects the default aggregator for the SMLT
port. When SMLT is disabled on a port, aggregation becomes false. This example
highlights the steps in configuring Single Port SMLT using LACP to create the
LAG. Although an Ethernet Routing Switch 8600 is used for the SMLT client, any
LACP enabled device can be used.
Figure 243 on page 530 shows the network topology for this configuration
example.

Figure 243 Network topology
1 To create the interswitch trunk, enter the following commands:
ERS-8606:5# conf vlan 1900 create byport 1
ERS-8606:5# conf mlt 5 create
ERS-8606:5# conf mlt 5 add ports 1/1,2/1
ERS-8606:5# conf mlt 5 perform-tagging enable
ERS-8606:5# conf mlt 5 add vlan 1900
ERS-8606:5# conf vlan 1900 ip create 1.1.1.1/30
ERS-8606:5# conf mlt 5 ist create ip 1.1.1.2 vlan-id 1900
2 To create the user VLAN, enter the following commands:
ERS-8606:5# conf vlan 10 ports add 1/10
3 To create the single port split multilink trunk, enter the following command:
ERS-8606:5# conf ether 1/10 smlt 1 create
314725-E Rev 00
4 To enable LACP on each port, enter the following command. No key is

required. The default key is used:
ERS-8606:5# conf ether 1/10 lacp enable
1 To create the interswitch trunk, enter the following commands:
ERS-8606:5# conf mlt 5 add ports 1/1,2/1
ERS-8606:5# conf mlt 5 perform-tagging enable
ERS-8606:5# conf mlt 5 add vlan 1900
ERS-8606:5# conf vlan 1900 ip create 1.1.1.2/30
ERS-8606:5# conf mlt 5 ist create ip 1.1.1.1 vlan-id 1900
2 To create the user VLAN, enter the following commands:
ERS-8606:5# conf vlan 10 ports add 1/10
3 To create the single port split multilink trunk, enter the following command:
ERS-8606:5# conf ether 1/10 smlt 1 create
ERS-8606:5# conf ether 1/10 lacp enable
1 To create the multilink trunk, enter the following commands:
ERS-8606:5# conf mlt 10 lacp key 10
ERS-8606:5# conf mlt 10 lacp enable
2 To create the user VLAN and add ports, enter the following commands:
ERS-8606:5# conf vlan 10 ports add 1/1-1/2
3 To configure LACP on the ports, enter the following commands:
ERS-8606:5# conf ether 1/1-1/2 lacp key 10
ERS-8606:5# conf ether 1/1-1/2 lacp aggregation true


ERS-8606:5# conf ether 1/1-1/2 lacp enable
SLPP, VRRP BackupMaster, and SMLT configuration

example
In this configuration example, a SMLT with ID 2 is configured on ERS8600A and
ERS8600B with a VRRPBackupMaster, as illustrated in Figure 244 on page 533.
Simple Loop Prevention Protocol (SLPP) is used to detect loops in the network.
The edge switch, ERS3510, is configured for IP routing with a trunk VLAN 260
(which has an IP address of 10.1.4.5/20). Port members 21 to 24 on ERS3510 are
added to an access MLT. Under normal operations, traffic can flow over any trunk
ports from 21 to 24 on the ERS3510.
314725-E Rev 00
Figure 244 SLPP example network
Because the trunk VLAN is not tagged, if the ERS3510 switch is replaced with a
factory default switch or if the MLT configuration is not enabled or defective, this
causes a loop in the SMLT core. To detect this loop, configure SLPP on
ERS8600B to shut down all SMLT ports. This occurs if ERS8600B receives
SLPP-PDUs on port 7/15 or 7/16.
The following procedure configures SLPP on the network shown in Figure 244.
To configure the ERS8600A, ERS8600B, and the ERS3510, see Figure 250 on
page 537 to Figure 252 on page 539 at the end of this section.
To configure SLPP on the ERS8600B, do the following:
1 Enable SLPP and add VLAN 260. To do this, enter the following commands:
ERS8600-B:6# config slpp add 260
ERS8600-B:6# config slpp operation enable
2 Enable SLPP on port 7/15 and 7/16:
ERS8600-B:6# config ethernet 7/15,7/16 slpp packet-rx enable

3 View the SLPP configuration on ERS8600B to ensure SLPP is configured

correctly. To view the SLPP configuration, enter the following command:
a ERS8600-B:6# show slpp
Figure 245 Show slpp results

ERS-8600-B:6# show slpp

asfm sam
Current Context:

operation : enabled
tx-interval : 500
vlan : 260
ERS-8600-B:6#
b ERS8600-B:6# show ports info slpp port 7/15,7/16
Figure 246 Show ports info

ERS-8600-B:6# show ports info slpp port 7/15,7/16
================================================
Port Interface
================================================
PORT PKT-RX PKT-RX
NUM THRESHOLD
------------------------------------------------
7/15 enabled 1
7/16 enabled 1
4 If MLT is broken on the ERS3510 switch, the following commands can be

used to check which ports belonging to SMLT 2 are down. If something is
broken on the ERS3510 switch, SLPP disables all SMLT ports. Use the
following command:
ERS-8600-B:6# show port info interface port 7/15,7/16
314725-E Rev 00
Figure 247 Show ports info interface port

ERS-8600-B:6# show ports info interface port 7/15,7/16
==========================================================================
Port Interface
==========================================================================
PORT LINK PORT PHYSICAL STATUS
NUM INDEX DESCRIPTION TRAP LOCK MTU ADDRESS ADMIN
OPERATE
--------------------------------------------------------------------------
7/15 462 GbicSx true false 1950 00:e0:7b:bc:21:14 down down
7/16 463 GbicSx true false 1950 00:e0:7b:bc:21:15 down down
ERS-8600-B:6#
If logging to the local interface is enabled, you should see messages indicating
that SLPP caused the SMLT 2 port to go down. Use the following command:
Figure 248 Show log file tail for ERS8600B after port disabled
CPU5 [01/25/06 12:54:42] SNMP INFO Smlt Link Down Trap(SmltId=2)
CPU5 [01/25/06 12:54:42] SNMP INFO Slpp port down(SlppRxPort = 463,
SlppRxVlan =260, SlppIncomingVlanId = 260, SlppSrcMacAddress =
00:e0:7b:bc:20:00)
CPU5 [01/25/06 12:54:42] MLT INFO SMLT 2 DOWN
CPU5 [01/25/06 12:54:42] SNMP INFO Port 7/16 is an access port
CPU5 [01/25/06 12:54:42] SNMP INFO Link Down(7/16)
CPU5 [01/25/06 12:54:42] SNMP INFO Port 7/15 is an access port
CPU5 [01/25/06 12:54:42] SNMP INFO Link Down(7/15)
CPU5 [01/25/06 12:54:42] SW WARNING slppRx: SLERS packet received Rx-Vlan
260, Rx
-Port 7/16, PDU-Vlan 260, SRC-Mac 00:e0:7b:bc:20:00
5 If the MLT problem is corrected on the ERS3510 switch, you must re-enable
all SMLT ports on ERS8600A and ERS8600B. Use the commands shown in

Figure 249 Enabling SMLT and show log file tail after port enabled
ERS8600-B:6# config ethernet 7/15,7/16 state enable
ERS8600-A:6# config ethernet 4/15,4/16 state enable
CPU5 [01/25/06 12:59:50] SNMP INFO Smlt Link Up Trap(SmltId=2)

CPU5 [01/25/06 12:59:50] MLT INFO SMLT 2 UP
CPU5 [01/25/06 12:59:16] SNMP INFO Link Up(7/16)
CPU5 [01/25/06 12:59:15] SNMP INFO Link Up(7/15)
The following figures contain the CLI commands used to configure the network of
314725-E Rev 00
Figure 250 Commands to configure the 8600A MLT, VLAN, ports

## MLT CONFIGURATION
#
mlt 2 create
mlt 2 add ports 4/15-4/16
mlt 2 smlt create smlt-id 2
mlt 5 create
mlt 5 add ports 2/1,3/1
mlt 5 perform-tagging enable
mlt 5 ist create ip 2.1.1.2 vlan-id 1900
mlt 5 ist enable
# VLAN CONFIGURATION
vlan 260 create byport 1 color 2

vlan 260 add-mlt 2
vlan 260 add-mlt 5
vlan 260 ports add 2/1,3/1,4/15-4/16 member portmember
vlan 260 ip create 10.1.4.2/255.255.255.240 mac_offset 6
vlan 260 ip ospf interface-type passive
vlan 260 ip ospf enable
vlan 260 ip vrrp 5 address 10.1.4.1
vlan 260 ip vrrp 5 backup-master enable
vlan 260 ip vrrp 5 fast-adv-enable enable
vlan 260 ip vrrp 5 enable
vlan 1900 create byport 1
vlan 1900 add-mlt 5
vlan 1900 ports add 2/1,3/1 member portmember
# PORT CONFIGURATION - PHASE II
ethernet 2/1 default-vlan-id 1900

ethernet 2/1 stg 1 stp disable
# OSPF CONFIGURATION
#
ip ospf admin-state enable
ip ospf enable

Figure 251 Commands to configure the 8600B MLT, VLAN, ports

# MLT CONFIGURATION
#
mlt 2 create
mlt 2 add ports 7/15-7/16
mlt 2 smlt create smlt-id 2
mlt 5 create
mlt 5 add ports 2/1,3/1
mlt 5 perform-tagging enable
mlt 5 ist create ip 2.1.1.2 vlan-id 1900
mlt 5 ist enable
#
vlan 260 create byport 1 color 2

vlan 260 add-mlt 2
vlan 260 add-mlt 5
vlan 260 ports add 2/1,3/1,7/15-7/16 member portmember
vlan 260 ip ospf interface-type passive
vlan 260 ip ospf enable
vlan 260 ip vrrp 5 address 10.1.4.1
vlan 260 ip vrrp 5 backup-master enable
vlan 260 ip vrrp 5 fast-adv-enable enable
vlan 260 ip vrrp 5 enable
vlan 1900 add-mlt 5
vlan 1900 ports add 2/1,3/1 member portmember
# PORT CONFIGURATION - PHASE II

# OSPF CONFIGURATION
ip ospf admin-state enable

ip ospf enable
314725-E Rev 00
Figure 252 Commands used to configure the ERS 3510 VLAN

! *** VLAN ***
!
auto-pvid
vlan name 1 "VLAN #1"
vlan create 99 name "Voice_VLAN" type port
vlan create 200 name "Data_VLAN" type port
vlan create 260 name "Trunk" type port
vlan ports 1-4 tagging unTagAll filter-untagged-frame disable
filter-unregiste
red-frames disable priority 0
vlan ports 5-11 tagging unTagPvidOnly filter-untagged-frame disable
filter-unr
egistered-frames disable priority 0
vlan ports 12-24 tagging unTagAll filter-untagged-frame disable
filter-unregis
tered-frames disable priority 0
vlan members 1 NONE
vlan members 99 1,5-11
vlan members 200 5-11
vlan members 260 21-24
vlan ports 1 pvid 99
vlan ports 2-4 pvid 1
vlan igmp unknown-mcast-no-flood disable
vlan mgmt 1
!
! *** STP ***
!
spanning-tree stp 1 priority 8000
spanning-tree stp 1 hello-time 2
spanning-tree stp 1 max-age 20
spanning-tree stp 1 forward-time 15
spanning-tree stp 1 tagged-bpdu disable tagged-bpdu-vid 4001
spanning-tree stp 1 multicast-address 01:80:c2:00:00:00
interface FastEthernet ALL
spanning-tree port 1-24 learning disable
exit
spanning-tree stp 1 add-vlan 1
interface FastEthernet ALL
exit

Ping Snoop configuration example

You can use the Ping Snoop feature to troubleshoot MultiLink Trunk (MLT) and
Split MultiLink Trunk (SMLT) networks. This feature displays the route that IP
traffic takes over an MLT or SMLT path. Ping Snoop enables a filter that copies
Internet Control Message Protocol (ICMP) messages to the CPU. The CPU then
monitors the ICMP stream. The console displays the port that is used for each IP
traffic flow from source to destination station. There is no mechanism to prevent
line rate ICMP traffic from going to the CPU as a result of enabling Ping Snoop.
For more information about configuring Ping Snoop, including instructions for
Device Manager and CLI for both legacy and R modules, see Using Diagnostic
Tools.
Note: If you have an R module installed in the Ethernet Routing Switch

8600 and wish to configure Ping Snoop, you must use an ACL filter
option. For more information about the ACL filter, see Configuring QoS
and Filtering for Ethernet Routing Switch 8600 R Modules.
Configuring Ping Snoop

1 Create the Ping Snoop filter. Create a filter to capture ICMP packets from the
30.30.30.0 network to another device in the same network. (You can also
configure a filter for single addresses by using a 32 bit mask 30.30.30.10/32
or 30.30.30.3/32.):
ERS-8606:5# config diag ping-snoop create src-ip 30.30.30.0/
24 dst-ip 30.30.30.0/24
2 Add ports to filter:
ERS-8606:5# config diag ping-snoop add-port 1/47
3 Enable Ping Snoop:
ERS-8606:5# config diag ping-snoop enable true
314725-E Rev 00
This is a sample output:
ICMP Request received on port 1/47 with Src=30.30.30.10

Dst=30.30.30.3
Dst=30.30.30.3
Dst=30.30.30.3
Dst=30.30.30.3
By adding all the MLT/SMLT ports to this filter on a per-switch basis, the user can
determine the exact path that traffic takes.
LACP point to point LAG configuration example

This configuration example shows how to configure and enable a point-to-point
link aggregation group (LAG) using LACP (Figure 253).
Note: You must configure all aggregatable ports in MLT 10 to use the
same key used for MLT 10.
Figure 253 LACP configuration example

configure switch S1 and S2 for the example shown in Figure 253.

Configuring S1
1 Create VLAN 100 and add ports to the VLAN:
ERS-8606:5# config vlan 100 ports add 1/1-1/2,2/1-2/2
2 Configure LACP on S1 switch ports:
ERS-8606:5# config ether 1/1-1/2,2/1-2/2 lacp key 10
ERS-8606:5# config ether 1/1-1/2,2/1-2/2 lacp aggregation
true
ERS-8606:5# config ether 1/1-1/2,2/1-2/2 lacp enable
3 Create MLT 10 and configure LACP. Ensure the LACP key is the same as that
configured in step 2:
Configuring S2
1 Create VLAN 100 and add ports to the VLAN:
ERS-8606:5# config vlan 100 ports add 1/1-1/2,2/1-2/2
2 Configure LACP on S2 switch ports:
ERS-8606:5# config ether 1/1-1/2,2/1-2/2 lacp key 10
ERS-8606:5# config ether 1/1-1/2,2/1-2/2 lacp aggregation
true
ERS-8606:5# config ether 1/1-1/2,2/1-2/2 lacp enable
3 Create MLT 10 and configure LACP. Ensure the LACP key is the same as that
configured in step 2:
314725-E Rev 00
Enabling VLACP on Ethernet links configuration example

This configuration example shows how to enable VLACP on Ethernet links to
ensure that link failures are propagated through the service provider optical
network (Figure 254).
Figure 254 Enabling VLACP on Ethernet links configuration example

configure switch S1, and S2 for this example.
Configuring S1
1 Configure MLT 10 and add VLAN 100:
2 Enable VLACP on both Ethernet ports:
ERS-8606:5# config ethernet 3/1-3/2 vlacp enable
Configuring S2
1 Configure MLT 10 and add VLAN 100:


2 Enable VLACP on both Ethernet ports:
ERS-8606:5# config ethernet 3/1-3/2 vlacp enable
Per-VLAN Spanning Tree Plus (PVST+) configuration

examples
PVST+ is an extension of the Cisco System PVST with support for IEEE 802.1Q
standard, and is the default spanning tree protocol used on Cisco System switches.
PVST+ uses a separate spanning tree instance for each configured VLAN and
supports the IEEE 802.1Q STP across IEEE 802.1Q regions.
When you configure PVST+, it uses, by default, IEEE 802.1Q single STP BPDUs
on VLAN 1 and PVST+ BPDUs for other VLANs. This allows a PVST+ switch
to connect to a switch using IEEE 802.1Q spanning tree as a tunnel for PVST+.
PVST+ BPDUs are tunneled across the 802.1Q VLAN region as multicast data.
The single STP is addressed to the well-known STP MAC address

01-80-C2-00-00-00. The PVST+ BPDUs for other VLANs are addressed to
multicast address 01-00-0C-CC-CC-CD.
PVST+ can be used to load balance the VLANs by changing the VLAN bridge
priority.
For conceptual information about PVST+, refer to “Per-VLAN spanning tree” on

page 71.
• “Configuring PVST+ on an Ethernet Routing Switch 8600”

• “Configuration example—basic PVST+ setup” on page 545
Configuring PVST+ on an Ethernet Routing Switch 8600
You can configure a PVST+ instance under the Ethernet Routing Switch 8600
spanning tree group (STG) level for each VLAN that connects to a Cisco System
switch running PVST+.
314725-E Rev 00
Use the following commands to configure PVST+ on the Ethernet Routing Switch
8600:
ERS-8606:5# config stg <1-64> create <ports> vlan <1-4094>

ntstg disable
The ntstg parameter is enabled by default, which provides the default group STP
operation. When you set the ntstg parameter to disable, PVST+ is enabled for this
particular VLAN.
To view spanning tree forwarding state, enter the following command:
ERS-8606:5# show ports info stg main <port number>
To view the spanning tree configuration, enter the following command:
ERS-8606:5# show stg info config
To view the spanning tree status, enter the following command:
ERS-8606:5# show stg info status
Configuration example—basic PVST+ setup
Figure 255 on page 546 shows a basic configuration example in which a single
Ethernet Routing Switch 8600 is using PVST+ to connect to two Cisco Systems
switches.

configure PVST+ on Ethernet Routing Switch 8600 S1 for this example.

Figure 255 Basic setup configuration example
Configuring Ethernet Routing Switch 8600 S1

1 Configure ports 1/20 and 1/30 with VLAN tagging:
ERS-8606:5# config ethernet 1/20,1/30 perform-tagging enable
2 Configure a PVST+ STG instance for each VLAN:
ERS-8606:5# config stg 20 create 1/5,1/20,1/30 vlan 100
ntstg disable
ntstg disable
ntstg disable
3 Create VLAN 100:
ERS-8606:5# config vlan 100 ports add 1/5,1/20,1/30
4 Create VLAN 101:
5 Create VLAN 102:
314725-E Rev 00
Configuring Cisco C2950 switches S2 and S3
By default, PVST+ is enabled on the switches. The only configuration

requirement is for you to add the VLANs (through the VLAN database), and then
add the ports to each VLAN:
version 12.1
!
interface FastEthernet0/17
switchport access vlan 100
switchport mode access
no ip address
!
no ip address
!
no ip address
!
switchport trunk allowed vlan 100-102
switchport mode trunk
no ip address
!
switchport trunk allowed vlan 100-102
switchport mode trunk
no ip address
!
Configuration example—load balancing with the Ethernet

Routing Switch 8600 as a distribution switch
This configuration example shows how to perform load balancing with the
Ethernet Routing Switch 8600 (S1 and S2) acting as a distribution switch, and the
Cisco C2950 switch (S3) acting as an access switch (Figure 256 on page 548).

Figure 256 Load balancing configuration example
This configuration example shows how to complete the following tasks:
• Configure the Cisco C2950 switch as an access switch.

• Configure the Ethernet Routing Switch 8600 (S1 and S2) as distribution
switches.
• Forward all even number VLANs from C2950-A (S3) to Ethernet Routing
Switch 8600 S1. Forwarding is accomplished by configuring the STG bridge
priority. By default, all STG groups have a bridge priority of 32768. To
increase the STG priority, you can lower the STG priority to a lower value for
all even number VLANs (for this example, use 4096).
• Forward all odd number VLANs from C2950-A (S3) to Ethernet Routing
Switch 8600 S2.
To increase the STG priority, you can lower the STG priority to a lower value
for all odd number VLANs (for this example, use 4096).
For the configuration files used for Ethernet Routing Switch 8600s S1 and S2
in this configuration example, see “Configuration files for S1 and S2” on
page 550.
The following sections provide step-by-step procedures that show how to perform
load balancing with the Ethernet Routing Switch 8600 (S1 and S2) as distribution
switches, and the Cisco C2950 switch (S3) as an access switch for this example.
314725-E Rev 00

ERS-8606:5# config stg 20 create 1/5,1/20,2/1 vlan 100 ntstg
disable
disable
disable
3 Configure bridge priority for each even number VLAN STG group:
ERS-8606:5# config stg 20 priority 4096
4 Create VLAN 100:
5 Create VLAN 101:
6 Create VLAN 102:

disable
disable
disable

3 Configure bridge priority for each odd number VLAN STG group:
4 Create VLAN 100:
5 Create VLAN 101:
ERS-8606:5# config vlan 101 ports add 1/6,1/20, 2/1
6 Create VLAN 102:
ERS-8606:5# config vlan 102 ports add 1/7,1/20, 2/1
Configuration files for S1 and S2
The following sections provide the configuration files used for Ethernet Routing
Switch 8600 S1 and S2 in the configuration example shown Figure 256 on
page 548.
S1 configuration file
#
# PORT CONFIGURATION - PHASE I
#
ethernet 1/20 perform-tagging enable
#
# STG CONFIGURATION
#
stg 20 create vlan 100 mac 01:00:0c:cc:cc:cd ntstg disable
stg 20 add ports 1/5,1/20,2/1
stg 20 priority 4096
stg 21 add ports 1/6,1/20,2/1
stg 22 add ports 1/7,1/20,2/1
#
#
314725-E Rev 00
vlan 100 ports remove 1/1-1/4,1/6-1/19,1/21-1/48,2/2-2/8,3/1-3/8

member portmember
vlan 100 ports add 1/5,1/20,2/1 member portmember
member portmember
member portmember
S2 configuration file
#
# PORT CONFIGURATION - PHASE I
#
# STG CONFIGURATION
#
stg 20 add ports 1/5,1/20,2/1
stg 21 add ports 1/6,1/20,2/1
stg 22 add ports 1/7,1/20,2/1
#
#
member portmember
member portmember
member portmember

Configuration example—load balancing with the Cisco

System switch as a distribution switch
This configuration example shows how to perform load balancing with the Cisco
C2950 switches (S2 and S3) as distribution switches, and the Ethernet Routing
Switch 8600 (S1) as an access switch (see Figure 255 on page 546).
This configuration example shows how to complete the following tasks:
• Configure the Ethernet Routing Switch 8600 (S1) as an access switch.

• Configure Cisco C2950 switches (S2 and S3) as distribution switches.
• Forward all even number VLANs from Ethernet Routing Switch 8600 (S1) to
Cisco C2950 switch S2.
• Forward all odd number VLANs from Ethernet Routing Switch 8600 (S1) to
Cisco C2950 switch S3.
To load balance traffic in this manner, you can configure the Cisco C2950 switch
S2 as the root for all even number VLANs and the Cisco C2950 switch S3 as the
root for all odd number VLANs.
To do this, enter the following commands:
1 Configure C2950 S2 as the root from all even number VLANs:

Cat2950-A(config)# spanning-tree vlan 100 root primary
Cat2950-A(config)# spanning-tree vlan 102 root primary
2 Configure C2950 S3 as the root for all odd number VLANs:
Cat2950-B(config)# spanning-tree vlan 101 root primary
(The Cisco System root command changes the bridge priority to 24576.)
314725-E Rev 00
Cisco Systems default spanning tree settings
The section shows the default PVST+ settings used with Cisco Systems switches.
Feature Default Value
VLAN 1 All ports assigned to VLAN 1

Enable state PVST+ enabled for all VLANs
Bridge priority 32768
Port priority 32
Port cost • Gigabit Ethernet: 4
• Fast Ethernet: 19
• Ethernet: 100
Port VLAN priority Same as port priority, but configurable on a per-VLAN
basis in PVST+.
Port VLAN cost Same as port cost, but configurable on a per-VLAN basis in
PVST+.
Bridge Priority 0, 4096, 8192, 12 288, 16 384, 20480, 28 672, 32 768,
36 864, 40960, 45 056, 49 152, 53 248, 57 344, or 61 440.
Setting the PVST+ bridge ID priority

• The bridge ID priority is the priority of a VLAN when the switch is in
PVST+ mode.
• When the switch is in PVST+ mode without MAC address reduction enabled,
you can enter a bridge priority value between 0 and 65535. The bridge priority
value you enter also becomes the VLAN bridge ID priority for that VLAN.
• When the switch is in PVST+ mode with MAC address reduction enabled,
you can enter one of 16 bridge priority values: 0, 4096, 8192, 12 288, 16 384,
20 480, 24 576, 28 672, 32 768, 36 864, 40 960, 45 056, 49 152, 53 248,
57 344, or 61 440.
• The bridge priority is combined with the system ID extension (that is, the ID
of the VLAN) to create the bridge ID priority for the VLAN.

Rapid Spanning Tree Protocol configuration example

In this configuration example, you can accomplish the following:
• Configure the bridge priority as shown in Figure 257 on page 555. This
configuration results in traffic flow as shown with the dashed lines because B1
becomes the RSTP root bridge. If B1 fails, then B2 becomes the root bridge
based on priority settings.
• Set the bridge port priory on B1 such that the Gigabit Ethernet (GbE) interface
2/1 is used.
314725-E Rev 00
Figure 257 RSTP topology

Configuring ERS8600 B1
To configure switch B1:
1 Set the switch to use RSTP mode. This requires you to save the configuration
and boot the switch. Enter the following commands:
ERS8600-B1:6# config bootconfig flags spanning-tree-mode
rstp
ERS8600-B1:6# save bootconfig
ERS8600-B1:6# boot -y
2 Add VLAN 3. Enter the following commands:
ERS8600-B1:6# config vlan 3 create byport-mstprstp 0
ERS8600-B1:6# config vlan 3 ports add 2/1,2/2,2/4,2/5,1/15
3 Change the RSTP bridge priority. Enter the following command:
ERS8600-B1:6# config rstp priority 4096
4 Configure port 1/15 as an RSTP edge port:
ERS8600-B1:6# config ethernet 1/15 rstp edge-port true
5 Configure port 2/1 with a RSTP port priority of 16 so that it is used as the
RSTP root path:
ERS8600-B1:6# config ethernet 2/1 rstp priority 16
1 Set the switch to use RSTP mode. This requires you to save the configuration
rstp
2 Add VLAN 3. Enter the following commands:
3 Change the RSTP bridge priority. Enter the following command:
ERS8600-B2:6# config rstp priority 8192
4 Configure port 3/15 as an RSTP edge port:
ERS8600-B2:6## config ethernet 3/15 rstp edge-port true
314725-E Rev 00
1 Set the switch to use RSTP mode. Enter the following command:
ERS1624G-B3:4# config stp version rstp
2 Change the RSTP bridge priority:
ERS1624G-B3:4# config stp priority 12288
3 Add VLAN 3:
ERS1624G-B3:4# create vlan 3 vid 3 type port
ERS1624G-B3:4# config vlan 3 add untagged 1,3,5,7,10
4 Configure ports 1 and 3 for 1 Gbps full duplex to be compatible with the ES
GbE interfaces:
ERS1624G-B3:4# config ports 1,3 speed 1000_full
1 Set the switch to use RSTP mode. Enter the following command:
ERS1612G-B4:4# config stp version rstp
2 Change RSTP bridge priority:
ERS1612G-B4:4# config stp priority 16384
3 Add VLAN 3
ERS1612G-B4:4# config vlan 3 add untagged 1,3,5,7,10
GbE interfaces:
Configuring ES 470 B5
By default, with BOSS 3.5, Auto-PVID is enabled. Auto-PVID will automatically

assign the VLAN PVID to all port members.
Note: If you disable Auto-PVID, you will have to assign the PVID to
each VLAN port member by using the command vlan ports <port
list> pvid <1-4094>

1 Change spanning tree operating mode to RSTP and reboot the switch:
ES470_48(config)# spanning-tree op-mode rstp
ES470_48(config)# boot
Reboot the unit(s) (y/n) ? y
2 Add VLAN 3:
ES470_48(config)# vlan create 3 type port
ES470_48(config)# vlan members add 3 15,47,48
3 Remove VLAN port members from the default VLAN:
ES470_48(config)# vlan members remove 1 15,47,48
Note: When you use RSTP, if you remove a port from the default
VLAN prior to configuring VLAN 3, the STP participation is disabled
for that port. In this case, you must enable STP participation for each
removed port. This can be avoided if you remove ports from the default
VLAN (VLAN 1) after VLAN 3 is created.
If you first remove the port(s) from VLAN 1, RSTP can be enabled again
by using the following commands: interface fastEthernet
<port> spanning-tree rstp learning enable and
spanning-tree rstp learning enable

ES470_48(config)# spanning-tree rstp priority 5000
Note: The bridge priority value is in hexadecimal. 20480 in decimal

equals 5000 in hexadecimal.
5 Configure port 15 as a RSTP edge port:

ES470_48(config)# interface fastEthernet 15
ES470_48(config-if)# spanning-tree rstp edge-port true
Configuring ES470 B6
1 Change spanning tree operating mode to RSTP and reboot the switch:
ES470_48(config)# spanning-tree op-mode rstp
314725-E Rev 00
2 Add VLAN 3:
ES470_48(config)# spanning-tree rstp priority 6000
5 Configure port 15 as a RSTP edge port:
ES470_48(config)# interface fastEthernet 15
ES470_48(config-if)# spanning-tree rstp edge-port true
Multiple Spanning Tree Protocol configuration example

The following section gives an example using MSTP. The topology is given in
Figure 258 on page 560. This network has the following parameters:

Figure 258 Multiple spanning tree topology
• Switches B1 and B2 are in multiple spanning tree region 2.

• B1 is configured so that it becomes the CIST root; it has the lowest CIST
priority of 4096.
• B2 is configured so that it becomes the CIST backup; it has the next highest
CIST priority of 8192.
• There are two MSTI instances; MSTI 1 for VLAN 3 and MSTI 2 for VLAN 4.
• B1 GbE interface 2/2 is configured with a MSTI 2 priority of 16, while B2
GbE interface 4/1 is configured with a MSTI 1 priority of 16. This results in
VLAN load balancing.
• Switches B3, B4, B5, and B6 are in multiple spanning tree region 1.
314725-E Rev 00
• B3 is configured so that it becomes the CIST regional root; it has a CIST

priority of 12288. B4 becomes the backup CIST regional root; it has a priority
of 16384.
• There are two MSTI instances; MSTI 1 for VLAN 3, and MSTI 2 for VLAN
4.
• B4 is configured so that it is the MSTI root for VLAN 3 and the backup MSTI
root for VLAN 4. Configure the MSTI priority for MSTI 1 to 4096, and the
MSTI priority for MSTI 2 to 8192.
• B3 is configured so that it is the MSTI root for VLAN 4 and the backup MSTI
root for VLAN 3. Configure the MSTI priority for MSTI 1 to 8192, and the
MSTI priority for MSTI 2 to 4096.
1 Set the switch to use MSTP mode. This requires you to save the configuration
mstp
2 Configure the MSTP region:
ERS8600-B1:6# config mstp region config-id-sel 2
ERS8600-B1:6# config mstp region name region2
ERS8600-B1:6# config mstp region revision 1
3 Configure GbE ports 2/1, 2/2, 2/4, and 2/4 as tagged ports:
ERS8600-B1:6# config ethernet 2/1,2/2,2/4,2/5
perform-tagging enable
4 Add VLAN 3:
5 Add VLAN 4:
6 Change the MSTP CIST bridge priority:
ERS8600-B1:6# config mstp cist priority 4096

7 Configure the MSTP 2 priority:

ERS8600-B1:6# config ethernet 2/2 mstp msti 2 priority 16
8 Configure ports 1/15 and 1/16 as a MSTP edge ports:
ERS8600-B1:6# config ethernet 1/15,1/16 mstp cist edge-port
true
1 Set the switch to use MSTP mode. This requires you to save the configuration
mstp
2 Configure MSTP region:
ERS8600-B2:6# config mstp region config-id-sel 2
ERS8600-B2:6# config mstp region name region2
ERS8600-B2:6# config mstp region revision 1
3 Configure GbE ports 4/1, 4/2, 4/4, and 4/5 as tagged ports:
ERS8600-B2:6# config ethernet 4/1,4/2,4/4,4/5 perform-tagging
enable
4 Add VLAN 3:
5 Add VLAN 4:
6 Change the MSTP CIST bridge priority:
ERS8600-B2:6# config mstp cist priority 8192
7 Configure the MSTP 1 priority:
ERS8600-B2:6# config ethernet 4/1 mstp msti 1 priority 16
8 Configure ports as MSTP edge ports:
ERS8600-B2:6# config ethernet 3/15,3/16 mstp cist edge-port
true
314725-E Rev 00
1 Enable the MSTP mode:
ERS1624G-B3:4# config stp version mstp
2 Change MSTP bridge priority:
ERS1624G-B3:4# config stp instance_id 0 priority 12288
3 Add VLAN 3:
ERS1624G-B3:4# config vlan 3 add untagged 10
ERS1624G-B3:4# config vlan 3 add tagged 1,3,5,7
4 Add VLAN 4:
GbE interfaces:
6 Configure the MSTP region and revision:
ERS1624G-B3:4# config stp region name region1
ERS1624G-B3:4# config stp region mstconfigidsel 1
ERS1624G-B3:4# config stp region revision 1
7 Add MSTI 1, change the MSTI priority, and add VLAN 3:
ERS1624G-B3:4# create stp instance_id 1
ERS1624G-B3:4# config stp_vlan instance_id 1 add 3
1 Enable MSTP mode:
ERS1624G-B4:4# config stp version mstp
2 Change MSTP bridge priority:

3 Add VLAN 3:
4 Add VLAN 4:
GbE interfaces:
6 Configure the MSTP region and version:
ERS1624G-B4:4# config stp region name region1
ERS1624G-B4:4# config stp region mstconfigidsel 1
ERS1624G-B4:4# config stp region revision 1
1 Change spanning tree operation mode to MSTP and reboot the switch:
ES470_48(config)# spanning-tree op-mode mstp
2 Add tagging:
ES470_48(config)# vlan ports 47,48 tagging tagall
3 Add VLAN 3 and members:
314725-E Rev 00
4 Remove VLAN port member from the default VLAN:

5 Add VLAN 4 and port members:
ES470_48(config)# vlan members remove 1 16
ES470_48(config)# spanning-tree mstp region config-id-sel 1
region-name region1 region-version 1
8 Add MSTP MSTI 1 and add VLAN 3:
ES470_48(config)# spanning-tree mstp msti 1
ES470_48(config)# spanning-tree mstp msti 1 add-vlan 3
Note: If an error message appears stating that you cannot modify

settings and nontagged ports cannot span multiple STPGs, then ensure
that all appropriate ports have tagging enabled. In this example, this
applies to ports 47 and 48.
10 Configure ports 6 and 7 as MSTP edge ports:

ES470_48(config)# interface fastEthernet 15,16
ES470_48(config-if)# spanning-tree mstp edge-port true
1 Change spanning tree operation mode to MSTP and reboot the switch:
ES470_48(config)# spanning-tree op-mode mstp
2 Add tagging:
ES470_48(config)# vlan ports 47,48 tagging tagall


ES470_48(config)# vlan members remove 1 16
ES470_48(config)# spanning-tree mstp region config-id-sel 1
region-name region1 region-version 1
10 Configure ports 6 and 7 as MSTP edge ports:
ES470_48(config)# interface fastEthernet 15,16
ES470_48(config-if)# spanning-tree mstp edge-port true
314725-E Rev 00
567
Appendix A
Tap and OctaPID assignment (Release 3.x feature
set)
The switch fabric in the Ethernet Routing Switch 8600 module has nine switching
taps, one for each of the eight I/O slots (1 to 4 and 7 to 10), and one for the CPU
slots (5 and 6). Taps 0 to 7 map to the eight I/O slots and can support up to eight
OctaPIDs. Each OctaPID can support up to eight ports.
In the Ethernet Routing Switch 8600, a physical port number is 10 bits long and
has the following format:
9 6 5 3 2 0
+-----+----+----+
| | | |
+-----+----+----+
bits 9–6: Tap number (0–15)
bits 5–3: OctaPID number (0–7)
bits 2–0: MAC port number (0–7)
The tap number bits and the OctaPID number bits combined (bits 9–3) are usually
referred to as the OctaPID ID.

568 Appendix A Tap and OctaPID assignment (Release 3.x feature set)
Table 69 lists the module types that are currently available, along with the
associated OctaPID ID assignments for each module.
Table 69 Available module types and OctapPID ID assignments
OctaPID ID
Module type Port type
assignment
8608GBE and 8608GBM Modules 1000BASE-SX Table 70 next

1000BASE-LX
1000BASE-ZX
1000BASE-XD
8608GTE and 8608GTM Modules 1000BASE-T Table 70 next
8608SXE Module 1000BASE-SX Table 70 next
8616SXE Module 1000BASE-SX Table 71 on page 569
8624FXE Module 100BASE-FX Table 72 on page 570
8632TXE and 8632TXM Modules 10BASE-T/100BASE-TX Table 73 on page 570
1000BASE-SX
1000BASE-LX
1000BASE-ZX
1000BASE-XD
8648TXE and 8648TXM Modules 10/100 Mb/s Table 74 on page 570
8672ATME and 8672ATMM OC-3c MDA Table 75 on page 571
Modules
OC-12c MDA
DS3
8681XLR Module 10GBASE-LR Table 76 on page 571
8681XLW Module 10GBASE-LW Table 77 on page 572
8683POSM Module OC-3c MDA Table 78 on page 572
OC-12c MDA
314725-E Rev 00
Appendix A Tap and OctaPID assignment (Release 3.x feature set) 569
Table 70 describes the OctaPID ID and port assignments for the 8608GBE,
8608GBM, 8608GTE, 8608GTM, and 8608SXE modules.
Table 70 8608GBE/8608GBM/8608GTE/8608GTM/8608SXE modules
OctaPID ID assignment Port assignment
OctaPID ID: 0 Port 1

Table 71 describes the OctaPID ID and port assignments for the 8616SXE
Module.
Table 71 8616SXE module
OctaPID ID: 0 Ports 1 and 2


Table 72 describes the OctaPID ID and port assignments for the 8624FXE
Module.
Table 72 8624FXE module
OctaPID ID: 0 Ports 1 through 8

Table 73 describes the OctaPID ID and port assignments for the 8632TXE and
8632TXM modules.
Table 73 8632TXE and 8632TZM modules

– –
– –
OctaPID ID: 6 Port 33 (GBIC port)
OctaPID ID: 7 Port 34 (GBIC port)
Table 74 describes the OctaPID ID and port assignments for the 8648TXE and
8648TXM Modules.
Table 74 8648TXE and 8648TXM modules

– –
– –
314725-E Rev 00
Appendix A Tap and OctaPID assignment (Release 3.x feature set) 571
Table 74 8648TXE and 8648TXM modules (continued)

Table 75 describes the OctaPID ID and port assignments for the 8672ATME and
8672ATMM Modules.
Table 75 8672ATME and 8672ATMM modules
OctaPID ID: 0 • Ports 1 through 4 (with OC-3c MDA)

• Port 1 (with OC-12c MDA)
• Ports 1 through 2 (with DS-3 MDA)
OctaPID ID: 1 • Ports 5 through 8 (with OC-3c MDA)
• Ports 5 through 6 (with DS-3 MDA)
OctaPID ID: 2 Not used
Table 76 describes the OctaPID ID and port assignments for the 8681XLR
Module.
Table 76 8681XLR module

OctaPID ID: 1
OctaPID ID: 2
OctaPID ID: 3
OctaPID ID: 4
OctaPID ID: 5
OctaPID ID: 6
OctaPID ID: 7

Table 77 describes the OctaPID ID and port assignments for the 8681XLW
Module.
Table 77 8681XLW module

OctaPID ID: 1
OctaPID ID: 2
OctaPID ID: 3
OctaPID ID: 4
OctaPID ID: 5
OctaPID ID: 6
OctaPID ID: 7
Table 78 describes the OctaPID ID and port assignments for the 8683POSM
Module.
Table 78 8683POSM module
OctaPID ID: 0 • Ports 1 and 2 (with OC-3c MDA)

314725-E Rev 00
573
Glossary
aggregation switch
A switch that aggregates multiple user access switches and provides core
connections.
boundary port
A bridge port that attaches a multiple spanning tree bridge to a LAN that is
not in the same region.
Common and Internal Spanning Tree (CIST)
The single spanning tree calculated by STP and RSTP together with the
logical continuation of that connectivity through MST bridges and regions,
calculated by MSTP to ensure that all LANs in the bridged LAN are simply
and fully connected.
Common Spanning Tree (CST)
The single spanning tree calculated by STP, RSTP, and MSTP to connect
multiple spanning tree regions.
Internal spanning tree (IST)
An internal spanning tree that operates in a given multiple spanning tree

region. Within a multiple spanning tree region, multiple spanning instances
can be configured. Instance 0 within a region is known as the Internal
Spanning Tree (IST).
Interswitch trunk
A parallel point to point link that connects two aggregation switches together.
The two aggregation switches use this channel to share information so that
they can operate as a single logical switch. There can be only one interswitch
trunk per SMLT aggregation switch.

574 Glossary
Interswitch Trunking (IST)
A method of link aggregation that allows two aggregation switches to

connect. The two aggregation switches use this channel to share information
so that they can operate as a single logical switch. There can be only one
interswitch trunk per SMLT aggregation switch.
MultiLink Trunking (MLT)
MultiLink trunking is a method of link aggregation that allows multiple

Ethernet trunks to be aggregated together to provide a single logical trunk. A
multilink trunk provides the combined bandwidth of the multiple links, as
well as the physical layer protection against the failure of any single link.
Multiple Spanning Tree Instance (MSTI)
One of a number of spanning trees calculated by MSTP within a multiple

spanning tree region. The instance provides a fully connected active topology
for frames classified as belonging to a VLAN that is mapped to the MSTI by
the MST configuration table used by the multiple spanning tree bridges of the
MST region.
MST bridge
A bridge capable of supporting the CST, and one or more MSTIs, and of
selectively mapping frames classified in any given VLAN to the CST or a
given MSTI.
MST region
A set of LANs and MST bridges, physically connected via ports on those
MST bridges, where each LAN CIST designated bridge is an MST bridge.
Each port is either the designated port on one of the LANs, or else a
non-designated port of an MST bridge that is connected to one of the LANs.
The port MCID matches the MCID of the designated bridge of that LAN.
peer IP address
The IP address of the neighbor IST switch VLAN that is chosen for
configuring the interswitch trunk. Note that the peer IP address is the IP
address of the IST VLAN on the other aggregation switch. You need only
configure one VLAN with an IP address for the IST protocol to work. All
other VLANs on the interswitch trunk do not require an IP address if you
choose not to have VLAN routing enabled.
314725-E Rev 00
Glossary 575
Single Port SMLT
A multilink trunk where one or both ends are split between two aggregation
switches; however only one port can be configured on each aggregation
switch per SMLT ID.
Single Spanning Tree (SST) bridge
A bridge capable of supporting only a single spanning tree: the CST. The SST
may be supported by the Spanning Tree Protocol (STP) defined in IEEE
802.1d-1998, or by the Rapid Spanning Tree Protocol (RSTP), defined in
IEEE 802.1w-2001.
SMLT aggregation switches
The two switches that share an IST link.

Typically, one or more switches that connect to multiple wiring closet
switches, edge switches or CPE devices, usually within a single building.
SMLT client
A switch located at the edge of the network, such as in a wiring closet or CPE.
An SMLT client switch must be able to perform link aggregation (such as
with MLT or some other compatible method) but does not require any SMLT
intelligence.
SMLT ID
The identification number used to specify the corresponding pair of SMLT

links. This number is identified between the two aggregation switches and
must be paired on each aggregation switch.
SMLT set
Two SMLT aggregation switches and their directly connected SMLT clients.
SMLT square
A pair of SMLT aggregation switches connected as SMLT clients to another

pair of SMLT aggregation switches.
SMLT triangle
A configuration where an SMLT client and the two aggregation switches form
a triangle.

576 Glossary
Spanning tree
A simply and fully connected active topology formed from the arbitrary
physical topology of connected bridged LAN components by relaying frames
through selected bridge ports. The STP parameters and states are used and
exchanged to facilitate the calculation of that active topology and to control
the bridge relay function.
Spanning tree group
A collection of ports in one spanning tree instance.

Split multilink trunk
A multilink trunk where one or both ends are split between two aggregation
switches, thus forming what is typically referred to as an SMLT triangle or
SMLT square.
user access switch
A switch located at the edge of the network. End stations typically connect
directly to a user access switch.
314725-E Rev 00
577
Index
A config ethernet commands

cp-limit 459
acronyms 31 info 375
ActiveMembers field 137 stg 387
AgingTime field 157, 162 config mlt commands
algorithm, MLT traffic distribution 80 config mlt add 435
config mlt ist 456
AlignmentErrors field 263
config mlt remove 437
auto-recovery 329 config mlt smlt 455
options 433
B config stg commands
baby giant frames 48 config stg 376
create mac 378
BackupMaster 129
info 378
BridgeAddress field 220 options 385
BridgeForwardDelay field 216 sid 378
BridgeHelloTime field 216 config vlan commands
BridgeMaxAge field 216 info 369
ip 362
bridging
options 313
MAC-layer 64, 185
viewing filters 186 configuration
VLAN 177 advanced VLAN features 160
direct broadcast on a VLAN 175
brouter port, description 54
Enhanced Operation mode 326
MultiLink Trunks 253
C protocol-based VLAN 147
CarrierSenseErrors field 263 single port SMLT 461
source IP subnet-based VLAN 146
change detection source MAC-address based VLAN 154
about 70 source MAC-based VLAN 158
configure (CLI) 389 spanning tree group 213
configure (DM) 225
rules 70 configuring SMLT
config mlt ist commands
collision errors, MLT 467 delete 460
Color field 136 enable/disable 458

578 Index
config mlt ist, create ip vlan-id 457 FrameTooLongs field 264

configuring SMLT using DM 276
adding an SMLT 276 G
adding ports to an SMLT 279
configuring an IST MLT 281 Global MAC filtering 64, 189
viewing IST statistics 283
control packet rate limit 112, 459 H
CP-Limit 112, 459 HelloTime field 221
HoldTime field 221
D
DeferredTransmissions field 264 I
DesignatedBridge field 223 Id field 256
DesignatedCost field 223 IEEE, 802.1Q tagging 48
DesignatedPort field 223 IfIndex field 161
DesignatedRoot field 220, 223 InBroadcastPkt field 261
directed broadcast 175 InMulticastPkts field 260
Displaying defined VLANs 135 InOctets field 260
InternalMacReceiveErrors field 263
E InternalMacTransmitErrors field 263
EnableStp field 216, 223 Inter-switch trunk (IST)
about 112
Enhanced Operation mode 55, 56, 58, 191, 326
configure (CLI) 456
about 56
configure (DM) 281
configure (CLI) 326
configure (DM) 191 InUcastPkts field 260
Ethernet errors 467 IP commands, configure 326
ExcessiveCollisions field 264 IP routing
IP protocol-based VLAN 52
multicast 47
F source IP subnet-based VLAN 52
FastStart field 223 source MAC-based VLAN 52
FastStart, enabling 388 unicast 46
FCSErrors field 263 IP spoofing 64
FdbAging 178 IP subnet-based VLAN, creating 309
flap time limit 328 IPX routing
802.2-RAW 52
ForwardDelay field 221
802.3-SNAP 52
forwarding database, flushing 180 port-based VLANs 53
ForwardTransitions field 224 protocol-based VLANs 53
314725-E Rev 00
Index 579
IST MACAddress, auto-learned 172

about 112 MAC-layer bridging 64, 185
about CP-Limit and 112
MaxAge field 221
aggregation switch processes 112
configure (CLI) 456 MLT
configure (DM) 281 BPDUs 90
connectivity recommendations 112 client/server configuration 89
disabling CP-Limit for 459 description 83
single point of failure 112 distributing multicast flow over 83
distribution algorithm 84
Ist MLT dialog box 282
E-module support 83
Ist/SMLT Stats tab field descriptions 284 IEEE 802.1Q tagging 82
Ist/SMLT tab 284 media type 82
ISTs 111 port aggregation 79
rules 82
show all (CLI) 463
L span modules 83
LACP 94, 250 STP 82
configure using Device Manager 250 supported media 82
configuring a port using device manager 267, switch-to-server configuration 89
271 traffic distribution algorithm 80
viewing information in Device Manager 265 MltType field 257, 279
viewing statisticst using device manager 273 Monitor field 180, 185
LACP and MLT 97 MSTI Bridges, configuring 235
LACP and Routing 98 MSTP 73, 211
LACP and SMLT 98 MSTP CIST port, viewing statistics 233
LACP and spanning tree interaction 100 MSTP CIST Ports, configuring 230
LACP Keys 99 MSTP MSTI Bridges, configuring 235
LACP Priority 98 MSTP MSTI port statistics, viewing 238
LACPDU Timers 99 MSTP MSTI Ports, configuring 236
LateCollisions field 264 MSTP, configuring globally 226
LCAP modes 100 multicast
limiting MAC learning 321 E-module support for MLT 83
loop detection 65, 173, 327 flow distribution over MLT 83
flow distribution over MLT traffic redistribution
86
M MLT distribution algorithm 84
MAC address auto-learning 170 Multicast Distribution field, MultiLink Trunks 257
MAC filters 64, 186 MultiLink Trunk dialog box 259
MAC level security 46 MultiLink Trunking. See MLT
MacAddress field 162, 179, 185, 189

580 Index
multinetting 46 Port Members field 217

Multiple Spanning Tree Protocol, configuration port mirroring
example 559 OctaPID ID and port assignments 568
MultipleCollisionFrames field 264 port-based VLAN
about 39, 138
N create (CLI) 310
create (DM) 138
Name field 136, 256 PortMembers field 137, 257
Network Load Balancer unicast support 325 PortType field 256
NewEnhancedOperMode field 192 PPPoE protocol-based VLAN, about 43
NNI ports 62 Priority field 216, 222
add to STG (CLI) 378
configure (CLI) 373 Protocol Identifier. See PID
configure (DM) 202 protocol-based VLAN
nontagged ports 49 about 41
create (CLI) 310, 487
NotAllowToJoin field 137 create (DM) 147
NumPorts field 220 ProtocolId field 137
ProtocolSpecification field 220
O publications
OctaPID hard copy 34
ID description 567
on UNI and NNI ports 60, 205, 373
port mirroring assignment 568
Q
Tap and OctaPID assignment 567 QoS (quality of service) level, setting 314
OutBroadcast field 261 QosLevel field 163
OutMulticast field 261
OutOctets field 260 R
OutUcastPkts field 260 Rapid Spanning Tree Protocol, configuration
example 554
P rate limit, control packet 112, 459
PathCost field 223 Result field 163
PID RIP update, triggering 313
DSAP value 44 RootCost field 221
Ethernet SNAP 44 RootPort field 221
Ethernet type 2 44
RSMLT 106, 130, 276, 455
invalid for user-defined protocol VLAN 45, 151
RSTP 73, 211
port commands
config ethernet info 375 RSTP convergence time 78
Port field 185, 189, 222 RSTP Edge port 75
314725-E Rev 00
Index 581
RSTP ForceVersion 73 configure using Device Manger 290

RSTP Ports, configuring 243 single port SMLT
RSTP Status statistics 246 about 119
create (CLI) 460
RSTP Status, configuring 245
delete (DM) 289
RSTP, configuring globally 240 view all ports (CLI) 471
view one port (CLI) 471
S SingleCollisionFrames field 264
sample command output SMLT
config mlt ist create ip vlan-id 458 advantages 107
config mlt ist enable/disable 459 reroutes failures quickly 108
show mlt commands transparent and interoperable solution 108
error collision 467 configuration example 111
error main 467 end station configuration example 114
info 468, 469 IST 112, 573, 574
show-all 463 peer IP address 574
stats 472 recommendations for IST connectivity 112
single point of failure elimination 108
show ports commands single port
info about 119
stg extended 399 create (CLI) 460
stg main 398 delete (DM) 289
stats, stg 401 view all ports (CLI) 471
show stg commands view one port (CLI) 471
info config 397 STP convergence resolution 108
info status 398 traffic flow examples 114
show-all 393 troubleshooting
show vlan info commands IST problems 474
advance 350 single user problems 476
all 333 VRRP enhancement 128
arp 351 SMLT and VRRP 128
basic 352 SMLT Full-Mesh 124
brouter-port 353
fdb-entry 347, 476 SMLT Square 123
fdb-filter 348 SMLT square 98
fdb-static 349 SMLT Triangle 122
ip 355 SMLT, Single port 121
ports 356
srcmac 357 SmltId field 257
Simple Loop Protection Protocol SMLT-on-Single-CPU 118
configure by port using Device Manger 293 source IP-subnet-based VLAN 146
configure by VLAN using Device Manger 291 source MAC-address based VLAN 158
configure globally using Device Manger 290

582 Index
source MAC-based VLAN 154 MLT (CLI) 472

source MAC-based VLAN, creating 311 MLT (DM) 259, 261
spanning tree Status field 180, 185
bridge forward delay 216 STG commands
bridge hello time 216 configure 378
bridge priority 216 configure ports 387
enable/disable STP fields 216 show 401
enabling SNMP traps 216 show-all 393
port group membership 217 StgId field 137, 222
spanning tree group. See STG commands STGs. See spanning tree groups
spanning tree groups STP 67
changing 217 blocking state 68
creating 213 bridge forward delay timer 69
deleting 217 bridge hello timer 69
editing 217 bridge protocol data units (BPDUs) 68
limitations 70 disabling 68
viewing status 219 enabling 68
with VLANs 70 IEEE 802.1D standard 67, 385
Spanning Tree Protocol multiple spanning tree groups 67
configuring topology change detection 389 spanning tree algorithm 67, 385
querying the change detection setting 390 Spanning Tree FastStart 69
Spanning Tree Protocol. See STP spanning tree groups 67, 213
tagged BPDUs 68
Split MultiLink Trunking 107
topology change detection
SQETestErrors field 264 about 70
stacked VLANs configure (CLI) 389
about 59 configure (DM) 225
configure Ethertype and switch level (CLI) 370 rules 70
configure Ethertype and switch level (DM) 200 StpTrapEnable field 216
configure port type (CLI) 373
SubnetAddr field 137
configure port type (DM) 202
configure STG (CLI) 376 SubnetMask field 137
configure STG (DM) 207 sVLAN
create (CLI) 368 about 59
create (DM) 196 configure Ethertype and switch level (CLI) 370
levels 60 configure Ethertype and switch level (DM) 200
rules 60 configure port type (CLI) 373
specifications 60 configure port type (DM) 202
UNI and NNI ports 62 configure STG (CLI) 376
State field 223 configure STG (DM) 207
create (CLI) 368
StaticMembers field 137
create (DM) 196
statistics levels 60
314725-E Rev 00
Index 583
rules 60 V
specifications 60
UNI and NNI ports 62 viewing static forwarding information 183
SvlanPortType field, MLT 256 VLACP 101, 252
VLAN
coordinated across multiple switches 48
T default 53
table, flushing 313 enabling tagging 54
tagged port 49 ID 48, 54
IP routing 52
TaggedBpduAddress field 216
IPX protocol 42
TaggedBpduVlanID field 217 IPX routing 52
tagging, on MLT ports 434 multiplex traffic 49
Tap and OctaPID assignment 567 overview 37
policy-based 40
technical publications 34
port-based 39, 138
TimeSinceTopologyChange field 220 potential member 40
TopChanges field 220 protocol-based 41
topology change detection rules 54, 56
about 70 source IP subnet-based 46
configure (CLI) 389 source MAC-based 45
configure (DM) 225 spanning multiple switches 38
rules 70 tagged port 54
tagging 48
traffic distribution algorithm, MLT 80
timing out 40
transit network 55 untagged port 54
VLAN commands
U configure 308
UNI ports 62 configure IP 362
add to STG (CLI) 378 show 333, 358
configure (CLI) 373 show IP 355
configure (DM) 202 VLAN Operation Action field 163
Untagging Default VLAN on a Tagged Port 169, VlanId field 136
325 VlanIds field 257
user-defined protocol-based VLAN VLANs
about 44 bridging 177
create (CLI) 310, 487 configuring advanced VLAN features 160
UserDefinedPid field 163 direct broadcast 175
UserPriority field 163 displaying 135
in spanning tree groups 70
managing 158
protocol-based 147
source IP-subnet-based 146

584 Index
source MAC-address based 154, 158

VRRP backup master 129
314725-E Rev 00

Manual 8600-4.1

Enviado por

Dados do documento

Descrição original:

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Manual 8600-4.1

Enviado por

Direitos autorais:

Formatos disponíveis

Part No.

4655 Great America Parkway

Configuring VLANs, Spanning

Copyright © 2006 Nortel Networks. All Rights Reserved.

Restricted rights legend

Nortel software license agreement

Configuring VLANs, Spanning Tree, and Link Aggregation

Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

How to get help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Finding the latest updates on the Nortel web site . . . . . . . . . . . . . . . . . . . . . . . . . 35

Configuring VLANs, Spanning Tree, and Link Aggregation

VLAN virtual router interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

MLT traffic distribution algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Configuring VLANs, Spanning Tree, and Link Aggregation

Simple Loop Prevention Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Displaying defined VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Configuring a MAC-layer bridge filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

Stacked VLAN configuration overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

Choosing the spanning tree mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Configuring VLANs, Spanning Tree, and Link Aggregation

Viewing statistics for RSTP Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

Configuring link aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Design aspects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

Roadmap of VLAN commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

Configuring VLANs, Spanning Tree, and Link Aggregation

Using the VLAN IP commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

Roadmap of sVLAN commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366

Roadmap of spanning tree commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380

Showing ports info RSTP config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407

Roadmap of link aggregation commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428

Configuring VLANs, Spanning Tree, and Link Aggregation

Displaying the VLACP port configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 452

Design aspects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484

LACP point to point LAG configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491

MultiLink Trunking configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504

Configuring VLANs, Spanning Tree, and Link Aggregation

Tap and OctaPID assignment (Release 3.x feature set) . . . . . . . . . . . . . . 567

Figure 1 Port-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Configuring VLANs, Spanning Tree, and Link Aggregation

Figure 30 SMLT square topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Figure 65 Bridge, VLAN—Insert Static box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

Configuring VLANs, Spanning Tree, and Link Aggregation

Figure 100 RSTP—RSTP Ports tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

Configuring VLANs, Spanning Tree, and Link Aggregation

Figure 170 Show rstp stats command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406

Figure 205 Show ports info smlt command output . . . . . . . . . . . . . . . . . . . . . . . . . . 471

Configuring VLANs, Spanning Tree, and Link Aggregation

Figure 240 Full mesh SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519

Table 1 Port membership types for policy-based VLANs . . . . . . . . . . . . . . . . . . . 41

Configuring VLANs, Spanning Tree, and Link Aggregation

Table 30 STG Status fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

Table 65 Show ports stats stg extended parameters . . . . . . . . . . . . . . . . . . . . . . 402

Configuring VLANs, Spanning Tree, and Link Aggregation

Before you begin

• Basic knowledge of networks, Ethernet bridging, and IP routing

Configuring VLANs, Spanning Tree, and Link Aggregation

This guide uses the following text conventions:

italic text Indicates new terms, book titles, and variables in

This guide uses the following acronyms:

ARP Address Resolution Protocol

Configuring VLANs, Spanning Tree, and Link Aggregation

DSAP Destination Service Access Point