Skip to content
AsterNOS Logo AsterNOS

Ethernet Switching

Section titled “Link Aggregation Configuration”
Section titled “show link-aggregation summary”

[Command]

show link-aggregation summary

[Purpose]

Display LAG configuration information

[View]

System view

[Use Cases]

sonic# show link-aggregation summary
Flags: A - active, I - inactive, Up - up, Dw - Down, N/A - not available,
S - selected, D - deselected, * - not synced
No. Team Dev Protocol Ports
----- --------------- ----------- -------------
0001 PortChannel0001 LACP(A)(Dw) Ethernet1(D)
0002 PortChannel0002 LACP(A)(Dw) Ethernet2(D)

Description of the show link-aggregation summary command output

Parameter Description
Team Dev Link aggregation group name
Protocol

Link aggregation group type:

  • LOADBALANCE: Static Link Aggregation Group

  • LACP: Dynamic Link Aggregation Group

  • Dynamic Link Aggregation Group States:

  • A (active): Indicates that the interface is in a normal and usable state.

  • I (inactive): Indicates that the current interface is not available for use.

Link Aggregation Group States:

  • Up: When at least one member interface in the aggregation group is in the UP state, and there are selected member interfaces in the dynamic link aggregation group. This allows for normal traffic forwarding.

  • Dw (Down): When there are no member interfaces in the UP state within the link aggregation group, or there are no selected member interfaces in the dynamic link aggregation group. This results in the inability to forward traffic.
Ports

Member Interface Physical States:

  • Up: The interface's physical state is UP.

  • Dw (Down): The interface's physical state is Down.

  • Member Interface States in LACP Mode:

  • S (selected): Indicates that this member interface is in a selected state.

  • D (deselected): Indicates that this member interface is not selected.

  • * (not-synced): When the port link is in the UP state but is in a suspended state due to factors such as the remote end not enabling LACP or inconsistent port attributes negotiated through messages.
Section titled “interface link-aggregation lag-id”

[Command]

interface link-aggregation lag-id

no interface link-aggregation lag-id

[Purpose]

Add aggregation groups

[Parameter]

lag-id Aggregate group id, range 1-9999

[View]

System configuration view

[Use Cases]

sonic# configure terminal
sonic(config)# interface link-aggregation 3
sonic(config-lagif-3)# show this
!
interface link-aggregation 3
Section titled “link-aggregation-group lag-id [port-priority port-priority]”

[Command]

link-aggregation-group lag-id [port-priority port-priority]

no link-aggregation-group lag-id

[Purpose]

Add member ports to an aggregation group

[Parameter]

lag-id Aggregate group id

port-priority Interface priority, range 0-65535, default 255

[View]

Interface view

[Usage Scenario]

Configuring interface priority is done to differentiate between different interfaces on the same device. Interfaces with higher priority will be selected as active interfaces.

If interface priority is not configured, the active interfaces will be selected based on the interface numbers, with lower-numbered interfaces having higher priority.

[Notes]

  • Port-priority is used for setting the priority of device ports. Ports with higher priority will be selected as active ports. This parameter is typically used to configure the priority of multiple ports within a Link Aggregation Group (LAG) to enable fast failover to backup links in case of a link failure.

  • Lacp-key is used for setting the key value for the device’s Link Aggregation Control Protocol (LACP). Ports with the same key value will be considered part of the same aggregation group. When multiple ports in a LAG need to be controlled using LACP, they should have the same key value assigned to be recognized as part of the same aggregation group.

  • Lacp-portid is used to set the port ID for the LACP protocol, which identifies each port within a Link Aggregation Group (LAG). When multiple ports in a LAG need to be controlled using LACP, each port should be assigned a unique port ID for correct identification and control.

[Use Cases]

sonic# configure terminal
sonic(config)# interface ethernet 1
sonic(config-if-1)# link-aggregation-group 1
sonic(config-if-1)# link-aggregation-group 1 port-priority 500
sonic# show link-aggregation summary
Flags: A - active, I - inactive, Up - up, Dw - Down, N/A - not available,
S - selected, D - deselected, * - not synced
No. Team Dev Protocol Ports
----- --------------- ----------- ---------------------------
0001 PortChannel0001 LACP(A)(Dw) Ethernet1(D) Ethernet2(D)
0002 PortChannel0002 LACP(A)(Dw) Ethernet3(D)

mode {dynamic|static}

Section titled “mode {dynamic|static}”

[Command]

mode {dynamic|static}

[Purpose]

Configure the mode of the LAG

[View]

Lagif view

[Usage Scenario]

The device currently supports two types of operating modes:

Dynamic LACP Mode: In this mode, the device can achieve both load balancing and redundant backup functions. Additionally, it can automatically detect and add member ports to the Link Aggregation Group (LAG). This mode is suitable for scenarios where you want the device to manage LAGs automatically.

Default Static Mode: In this mode, LAG creation and the addition of member interfaces are entirely configured manually. This means that you have full control over which interfaces are part of the LAG and how they are configured. This mode is typically used when you want to configure LAGs and their members manually according to specific requirements.

[Use Cases]

sonic# configure terminal
sonic(config)# interface link-aggregation 3
sonic(config-lagif-3)# mode dynamic
Please enter 'commit' to make lacp and mode command take effert
sonic(config-lagif-3)# commit
sonic(config-lagif-3)# show this
!
interface link-aggregation 3
mode dynamic

lacp system-priority system-priority

Section titled “lacp system-priority system-priority”

[Command]

lacp system-priority system-priority

[Purpose]

Configure the sys_prio in the portchannel port lacp attribute

[Parameter]

system-priority system-priority, in the range 0-65535

[View]

Lagif view

[Usage Scenario]

Configuring the system priority is done to differentiate between the local device’s priority and the remote device’s priority in a Link Aggregation Group (LAG). The device with the higher system priority will be selected as the active side of the LAG, and the selection of active interfaces will be based on the active side’s interfaces.

When system priorities are not configured, the local and remote devices will be selected as the active side based on the system IDs. The device with the smaller system ID will become the active side. By default, the system ID is set to the system’s MAC address.

[Use Cases]

sonic# configure terminal
sonic(config)# interface link-aggregation 3
sonic (config-lagif-3)# lacp system-priority 100
sonic (config-lagif-3)# show this
!
interface link-aggregation 3
lacp system-priority 100
mode dynamic

lacp system-id mac_address

Section titled “lacp system-id mac_address”

[Command]

lacp system-id mac_address

no lacp system-id

[Purpose]

Configure the sys_id in the portchannel port LACP attribute

[Parameter]

mac_address system-id, non-all-0 mac address

[View]

Lagif view

[Usage Scenario]

The System ID is used to identify devices in the LACP (Link Aggregation Control Protocol) protocol. By default, the System ID is set to the system’s MAC address. When the system priority is not configured, the devices’ priority is determined based on the System ID’s size. Smaller System IDs are given higher priority.

[Use Cases]

sonic# configure terminal
sonic(config)# interface link-aggregation 3
sonic (config-lagif-3)# lacp system-id 00:a0:23:12:23:53
sonic (config-lagif-3)# show this
!
interface link-aggregation 3
commit
lacp system-id 00:a0:23:12:23:53
mode dynamic

lacp fast-rate

Section titled “lacp fast-rate”

[Command]

lacp fast-rate

no lacp fast-rate

[Purpose]

Enable the fast_rate attribute of LACP

[View]

Lagif view

[Usage Scenario]

This configuration will make your local device consider a link as down if it doesn’t receive LACP packets from the remote device within a short period, which is usually around 3 seconds.

[Use Cases]

sonic# configure terminal
sonic(config)# interface link-aggregation 3
sonic (config-lagif-3)# lacp fast-rate
sonic (config-lagif-3)# show this
!
interface link-aggregation 3
lacp fast-rate
mode dynamic

lacp fallback

Section titled “lacp fallback”

[Command]

lacp fallback

no lacp fallback

[Purpose]

Enable the fallback attribute of LACP

[Usage Scenario]

This command is used to enable the fast negotiation mode for the Link Aggregation Control Protocol (LACP). In this mode, the LACP protocol quickly renegotiates the link aggregation group in the event of a link failure, ensuring a fast recovery of the link aggregation group. Typically, LACP protocol link aggregation groups take some time to renegotiate, and if a link failure occurs, the reconfiguration process may lead to network interruption or delays, impacting the reliability and performance of the network. By using this command, the dynamic link aggregation group can be kept in the UP (active) state at all times, providing continuous and reliable network connectivity..

[Use Cases]

sonic# configure terminal
sonic(config)# interface link-aggregation 3
sonic (config-lagif-3)# lacp fallback
sonic (config-lagif-3)# show this
!
interface link-aggregation 3
lacp fallback
mode dynamic

MC-LAG Configuration

Section titled “MC-LAG Configuration”

show mclag state

Section titled “show mclag state”

[Command]

show mclag state

[Purpose]

View information about MC-LAG

[View]

System view

[Use Cases]

sonic# show mclag state
The MCLAG's keepalive is: ERROR
MCLAG info sync is: incomplete
Domain id: 1
MCLAG session Channel: None
VRF Name: default
consistency Check Action: idle
Local Ip: 30.30.30.2
Peer Ip: 30.30.30.3
Peer Link Interface: Ethernet25
Keepalive time: 1
sesssion Timeout : 3
Peer Link Mac: 00:11:24:1a:1b:62
Admin Role: None
Role: Active
MCLAG Interface:
Loglevel: NOTICE

show mclag consistency_check_result

Section titled “show mclag consistency_check_result”

[Command]

show mclag consistency check result

[Purpose]

View the results of the membership consistency check

[View]

System view

[Usage Scenario]

MCLAG (Multi-Chassis Link Aggregation Group) consists of two devices that together form a dual-active system. These two MCLAG devices are logically virtualized as a single device, creating a unified Layer 2 logical node. This also means that certain configurations on both ends of the MCLAG need to be consistent; otherwise, it could lead to issues such as MCLAG not functioning correctly or creating loops in the network.

[Use Cases]

sonic# show mclag consistency_check_result
-----------------------------------------------------------------------------------------
ifname mode(lacp/static) fast-rate fallback trunk_mode allowed_vlan
-----------------------------------------------------------------------------------------
PortChannel0020 Failed Failed Failed Pass Pass

show interface errdown

Section titled “show interface errdown”

[Command]

show interface errdown

[Purpose]

View the status of interfaces that have been forcibly shut down due to Duplicate Address Detection (DAD) disconnection.

[View]

System view

[Use Cases]

sonic# show interface errdown
Interface Status
----------- --------
Ethernet1 up
Ethernet2 up
Ethernet3 up
Ethernet4 down
Ethernet5 up
Ethernet6 up

mclag domain number

Section titled “mclag domain number”

[Command]

mclag domain number

no mclag domain number

[Purpose]

Configure the MCLAG domain

[Parameter]

number The range of value

[View]

System configuration view

[Usage Scenario]

All MC-LAG related configurations must be based on the MC-LAG domain. Each device can only be configured with one MC-LAG domain.

[Notes]

Please note that for a successful MC-LAG connection between two devices, the MC-LAG domains on both ends must match.

[Use Cases]

sonic(config)# mclag domain 1
sonic(mclag-domain)#
Section titled “peer-link {ethernet|link-aggregation} name”

[Command]

peer-link {ethernet|link-aggregation} name

no peer-link

[Purpose]

Specify the peer-link interface

[Parameter]

name Interface name

[View]

MC-LAG view

[Usage Scenario]

The Peer-link link is a directly connected link between two devices in a deployed MC-LAG setup. It is used for exchanging protocol messages and transmitting some traffic to ensure the proper functioning of the MC-LAG.

Typically, the peer-link interface is configured in trunk mode and allows all VLANs belonging to the MC-LAG domain’s member aggregated ports to pass through.

[Use Cases]

sonic(config)# mclag domain 1
sonic(mclag-domain)# peer-link ethernet 10

peer-address A.B.C.D

Section titled “peer-address A.B.C.D”

[Command]

peer-address A.B.C.D

no peer-address

[Purpose]

Configure the IP address of the heartbeat packet of the peer device

[View]

MC-LAG View

[Use Cases]

sonic(config)# mclag domain 1
sonic(mclag-domain)# peer-address 10.10.1.1

local-address A.B.C.D

Section titled “local-address A.B.C.D”

[Command]

local-address A.B.C.D

no local-address

[Purpose]

Configure the IPv4 address bound to the current domain

[View]

MC-LAG View

[Use Cases]

sonic(config)# mclag domain 1
sonic(mclag-domain)# local address 10.10.1.1

heartbeat-interval number

Section titled “heartbeat-interval number”

[Command]

heartbeat-interval number

[Purpose]

Configure the transmission interval of MC-LAG Keep alive packets

[Parameter]

number Value range: 1-60, unit: s

[View]

MC-LAG View

[Usage Scenario]

In the context of MC-LAG, if the remote MC-LAG device doesn’t receive Keepalive messages from the local MC-LAG device within the specified timeout period, it will consider the remote MC-LAG device as being in a “down” state.

To ensure the proper operation of MC-LAG, it’s crucial that the Keepalive message sending intervals are configured consistently on both the local and remote MC-LAG devices. Failing to do so may result in abnormal functionality.

[Notes]

A critical consideration is that the Keepalive message interval should be set to less than one-third of the session timeout duration. The session timeout duration should be a multiple of the Keepalive message interval. This ensures that Keepalive messages are sent frequently enough to detect failures promptly while allowing for some tolerance in case of network delays.

[Use Cases]

sonic(config)# mclag domain 1
sonic(mclag-domain)# heartbeat-interval 3

session-timeout number

Section titled “session-timeout number”

[Command]

session-timeout number

[Purpose]

Configure the MC-LAG session timeout period

[Parameter]

number Value range: 3-3600, unit: s

[View]

MC-LAG view

[Usage Scenario]

In certain scenarios, if Keep Alive messages are not received continuously within the specified timeout period, the device will determine that the Peer-Link link is malfunctioning.

[Notes]

Please note the following considerations: The interval between sending Keep Alive messages should be less than one-third of the session timeout period, and the session timeout period must be a multiple of the Keep Alive message interval. This configuration ensures that Keep Alive messages are sent frequently enough to detect faults promptly while providing some fault tolerance in cases of network latency.

[Use Cases]

sonic(config)# mclag domain 1
sonic(mclag-domain)# session-timeout 9

member lag ID

Section titled “member lag ID”

[Command]

member lag ID

no member lag ID

[Purpose]

Add member ports for MC-LAG

[View]

MC-LAG view

[Notes]

This command removes a member port

[Use Cases]

sonic(config)# mclag domain 1
sonic(mclag-domain)# member lag 9

backup-channel vlan ID

Section titled “backup-channel vlan ID”

[Command]

backup-channel vlan ID

[Purpose]

Configure the backup link for peer-link

[View]

MC-LAG view

[Usage Scenario]

In the event of a peer-link link failure, configuring a backup link ensures that the network environment remains unaffected. This configuration allows MC-LAG to continue functioning normally even when the peer-link link is down.

[Notes]

In the event of a peer-link link failure, the member interfaces of the specified VLAN on the backup-channel will be switched to serve as backup links

[Use Cases]

sonic(config)# mclag domain 1
sonic(mclag-domain)# backup-channel vlan 10

consistency-check-action {idle|default|graceful}

Section titled “consistency-check-action {idle|default|graceful}”

[Command]

consistency-check-action {idle|default|graceful}

[Purpose]

Enable the M-LAG configuration consistency check function and specify the check mode

[Parameter]

ParameterDescription
idleOnly check for consistency, do not make movements
defaultCheck whether the member interface is consistent and shutdown is inconsistent
gracefulCheck whether it is consistent, only the shutdown role is a member port of the standby device

[View]

MC-LAG view

[Use Cases]

sonic(config)# mclag domain 1
sonic(mclag-domain)# consistency-check-action idle

dad local-address A.B.C.D

Section titled “dad local-address A.B.C.D”

[Command]

dad local-address A.B.C.D

no dad local-address

[Purpose]

Configure the source IP address for DAD heartbeat packets

[View]

MC-LAG view

[Usage Scenario]

In the MC-LAG scenario, devices on both ends of the MC-LAG use the IP address configured by this command to send and receive heartbeat packets. When a Peer-link link failure is detected, the standby device negotiated by the MC-LAG has its interface states (excluding management and loopback interfaces) set to down.

[Notes]

The IP address specified by this command needs to be the IP address of either the loopback interface or the management interface

[Use Cases]

sonic(config)# mclag domain 1
sonic(mclag-domain)# dad local-address 10.1.1.1

dad peer-address A.B.C.D

Section titled “dad peer-address A.B.C.D”

[Command]

dad peer-address A.B.C.D

no dad peer-address

[Purpose]

Configure the destination IP address for DAD heartbeat packets

[View]

MC-LAG view

[Notes]

It is necessary to ensure that the configured local-address and peer-address are reachable at the Layer 3 level.

[Use Cases]

sonic(config)# mclag domain 1
sonic(mclag-domain)# dad peer-address 10.1.15.1

dad detection-delay time

Section titled “dad detection-delay time”

[Command]

dad detection-delay time

no dad detection-delay

[Purpose]

Configure the Error Down delay time

[View]

MC-LAG view

[Notes]

When a Peer-link failure occurs but Duplicate Address Detection (DAD) detection is normal, the backup device will trigger an Error Down after the configured delay time to prevent session flapping.

[Use Cases]

sonic(config)# mclag domain 1
sonic(mclag-domain)# dad detection-delay 10

dad recovery-delay mlag time

Section titled “dad recovery-delay mlag time”

[Command]

dad recovery-delay mlag time

no dad recovery-delay mlag

[Purpose]

Configure the Error Down recovery delay time

[View]

MC-LAG view

[Notes]

After the Peer-link failure is restored, the Error Down state of the MC-LAG member LAGs will be restored after the configured delay time to prevent session flapping.

[Use Cases]

sonic(config)# mclag domain 1
sonic(mclag-domain)# dad recovery-delay mlag 10

dad recovery-delay non-mlag time

Section titled “dad recovery-delay non-mlag time”

[Command]

dad recovery-delay non-mlag time

no dad recovery-delay non-mlag

[Purpose]

Configure the Error Down recovery delay time

[View]

MC-LAG view

[Notes]

After the restoration of a Peer-link failure, the Error Down state of non-MC-LAG member interfaces will be recovered after the configured delay time to prevent session flapping.

[Use Cases]

sonic(config)# mclag domain 1
sonic(mclag-domain)# dad recovery-delay non-mlag 10

dad vrf vrf-name

Section titled “dad vrf vrf-name”

[Command]

dad vrf vrf-name

no dad vrf

[Purpose]

Specify the VRF to which the DAD packets belong

[View]

MC-LAG view

[Notes]

When using the management network interface as the source for DAD packets, and the management network interface is designated as the MGMT VRF, use this command to specify that the source of DAD is the MGMT VRF.

[Use Cases]

sonic(config)# mclag domain 1
sonic(mclag-domain)# dad vrf mgmt.

LLDP Configuration

Section titled “LLDP Configuration”

show lldp neighbors

Section titled “show lldp neighbors”

[Command]

show lldp neighbors interface-name

show lldp table

[Purpose]

Show LLDP neighbors

[Parameter]

interface-name Interface name

[View]

System view

[Use Cases]

sonic# show lldp neighbors
-------------------------------------------------------------------------------
LLDP neighbors:
-------------------------------------------------------------------------------
Interface: Ethernet1, via: LLDP, RID: 78, Time: 0 day, 08:17:51
Chassis:
ChassisID: local 60:eb:5a:01:1c:eb
SysName: Leaf-4-SZ
SysDescr: CX204Y-48GT-M-AC Debian GNU/Linux 9 (stretch) 5.10.34-103 aarch64
MgmtIP: 172.18.0.1
MgmtIface: 10
MgmtIP: fe80::9013:e0ff:fe83:e51e
MgmtIface: 6
Capability: Bridge, on
Capability: Router, on
Port:
PortID: ifname Ethernet16
PortDescr: Ethernet16
TTL: 8
MFS: 9216
PMD autoneg: supported: no, enabled: no
MAU oper type: 10BaseTFD - UTP MAU, full duplex mode
VLAN: 202, pvid: yes vlan202
VLAN: 4094, pvid: no vlan4094
-------------------------------------------------------------------------------

show lldp ports med-policy

Section titled “show lldp ports med-policy”

[Command]

show lldp ports med-policy

[Purpose]

Display interface LLDP MED configuration policy

[View]

System view

[Use Cases]

sonic# show lldp ports med-policy
+------------+---------------+--------+----------+------------+--------+
| Ports | application | vlan | tagged | priority | dscp |
+============+===============+========+==========+============+========+
| Ethernet20 | voice | 20 | NA | NA | NA |
+------------+---------------+--------+----------+------------+--------+

lldp enable

Section titled “lldp enable”

[Command]

lldp enable

no lldp enable

[Purpose]

Enable LLDP

[View]

System configuration view

[Use Cases]

sonic(config)# lldp enable

lldp mgmt-ip A.B.C.D

Section titled “lldp mgmt-ip A.B.C.D”

[Command]

lldp mgmt-ip A.B.C.D

[Purpose]

Configure the management IP address of LLDP

[View]

System configuration view

[Usage Scenario]

Configuring a management address is useful for clearly identifying a device, aiding in network topology mapping, and facilitating network management. When there’s a need to advertise a specific management address to neighbors, this command is used for configuration.

[Notes]

The management address is carried in the Management Address TLV field of LLDP packets, uniquely identifying a device. By default, it is set to the IP address of the management interface. If the management interface address is not configured, it will default to the Docker container’s internal address.

[Use Cases]

sonic(config)# lldp mgmt-ip 10.1.0.15

lldp port-id-subtype

Section titled “lldp port-id-subtype”

[Command]

lldp port-id-subtype {macaddress|ifname}

[Purpose]

Configure the interface ID type of LLDP

[Parameter]

macaddress MAC Address

ifname Interface Name

[View]

System configuration view

[Usage Scenario]

In the LLDP table, the interface IP used in the mode is the device’s interface name. To clearly identify interconnected devices, you can configure the interface ID type as a MAC address.

By default, the interface ID type is set to “ifname.”.

[Use Cases]

sonic(config)# lldp port-id-subtype macaddress

VLAN Configuration

Section titled “VLAN Configuration”

VLAN(Virtual Local Area Network)The commands for creating, deleting and adding members are shown in the table.

show vlan summary

Section titled “show vlan summary”

[Command]

show vlan summary

[Purpose]

Display VLAN summary information

[View]

System view

[Use Cases]

sonic# show vlan summary
+-----------+----------------+-----------+----------------+---------------------+
| VLAN ID | IP Address | Ports | Port Tagging | DHCP Helper Address |
+===========+================+===========+================+=====================+
| 1000 | 192.168.0.1/21 | Ethernet0 | untagged | 192.0.0.1 |
| | | Ethernet1 | untagged | 192.0.0.2 |
| | | Ethernet2 | untagged | 192.0.0.3 |
| | | Ethernet3 | untagged | 192.0.0.4 |
+-----------+----------------+-----------+----------------+---------------------+
| 1200 | | | | |

Description of the show vlan summary command output

ParameterDescription
VLAN IDVLAN ID
IP addressIP address for SVI interface
PortsVLAN member interface
Port TaggingVLAN member interface properties
DHCP Helper AddressIf the device has DHCP relay enabled and this VLAN is added as a downlink interface to a DHCP instance, then this section displays the DHCP Server IP address for that instance.

show vlan vid vlan-id

Section titled “show vlan vid vlan-id”

[Command]

show vlan vid vlan-id

show vlan all

[Purpose]

Display VLAN specific information

[View]

System view

[Use Cases]

sonic# show vlan vid 300
VLAN ID: 300
Route interface:
Name: VLAN 300
Tagged ports:
Untagged ports:
Ethernet1
MAC-learning: enable

show vlan mac-trigger [vlan-id vlan-id]

Section titled “show vlan mac-trigger [vlan-id vlan-id]”

[Command]

show vlan mac-trigger [vlan-id vlan-id]

[Purpose]

Show all VLAN mac-trigger details

[View]

System view

[Use Cases]

sonic# show vlan mac-trigger
+----------+----------+
| VLANID | STATUS |
+==========+==========+
| 10 | enabled |
+----------+----------+
sonic# show vlan mac-trigger vlan-id 10
+----------+----------+
| VLANID | STATUS |
+==========+==========+
| 10 | enabled |
+----------+----------+

vlan vlan-id

Section titled “vlan vlan-id”

[Command]

vlan vlan-id

no vlan vlan-id

[Purpose]

Create VLAN

[Parameter]

vlan-id vid(1-4094)

[View]

System configuration view

[Use Cases]

sonic# configure terminal
sonic(config)# vlan 300
sonic(config-vlan-300)# show this
!
vlan 300

switchport {trunk|access} vlan vlan-id

Section titled “switchport {trunk|access} vlan vlan-id”

[Command]

switchport {trunk|access} vlan vlan-id

[Purpose]

Add interface to VLAN

[Parameter]

trunk Add interface to VLAN with trunk mode

access Add interface to VLAN with access mode

[View]

Interface view

[Usage Scenario]

Frames sent by user hosts are untagged, and frames received by the interface from the peer device may be tagged. Therefore, the device should be configured with different modes when adding interfaces to VLANs, depending on the actual use case.

[Notes]

Access Mode: An interface can only be added to one VLAN in access mode. When an interface is added to a VLAN in access mode, as an incoming interface, it can receive frames without VLAN tags or with VLAN IDs equal to the access value. As an outgoing interface, it compares the VLAN tag carried by the frame with the access value. If they are equal, it strips the VLAN tag from the frame; if they are not equal, it takes no action.

Trunk Mode: An interface can be added to multiple VLANs in trunk mode, indicating that it allows traffic to pass through without modifying the VLAN tag on the frame.

A physical interface can be added to different VLANs in both access and trunk modes.

[Use Cases]

sonic(config)# interface ethernet 1
sonic(config-if-1)# switchport access vlan 10

vlan-group vlan-id-vlan-id

Section titled “vlan-group vlan-id-vlan-id”

[Command]

vlan-group vlan-id-vlan-id

[Purpose]

Bulk create VLANs and enter VLAN configuration view

[Parameter]

vlan-id-vlan-id Specify the VLAN range

[View]

System configuration view

[Usage Scenario]

When there is a need to configure a large number of VLANs with similar properties, this command allows entering the VLAN creation process and VLAN configuration view for modifying the configuration of these VLANs.

[Use Cases]

sonic(config)# vlan-group 10-20,30,40

broadcast {flood|drop}

Section titled “broadcast {flood|drop}”

[Command]

broadcast {flood|drop}

[Purpose]

Configure broadcast function handling

[Parameter]

flood Broadcast packets within a VLAN

drop Drop broadcast packets

[View]

VLAN view

[Usage Scenario]

Broadcast forwarding is a method of sending a data packet to all devices within the same VLAN. It can be used for sending ARP requests, DHCP requests, and similar functions. In a VLAN, whether broadcast packets are forwarded can be configured on the switch.

[Use Cases]

sonic# configure terminal
sonic(config)# vlan 40
sonic(config-vlan-40)# broadcast drop

unknown-uni {flood|drop}

Section titled “unknown-uni {flood|drop}”

[Command]

unknown-uni {flood|drop}

[Purpose]

Configure the processing of unknown unicast packets

[Parameter]

flood Broadcast packets within a VLAN

drop Drop unknown unicast packets

[View]

VLAN view

[Usage Scenario]

Unknown unicast refers to unicast data packets for which the switch cannot determine the VLAN in which the destination MAC address resides. If a VLAN needs to receive unknown unicast data, it can be configured in unknown unicast forwarding mode. If a VLAN does not need to forward unknown unicast data packets within it, it can be configured in discard mode.

[Use Cases]

sonic# configure terminal
sonic(config)# vlan 40
sonic(config-vlan-40)# unknown-uni drop

mac-trigger enable

Section titled “mac-trigger enable”

[Command]

mac-trigger enable

no mac-trigger enable

[Purpose]

Enable the vlan mac-trigger function

[View]

VLAN view

[Usage Scenario]

This function is used in the fast migration scenario. The first packet sent by a terminal when migrating to a new device may not be an ARP/ND packet and cannot trigger the ARP/ND learning function. After enabling this command, when the MAC address of the terminal does not exist in the MAC address table on the device, the device can trigger mac-trigger to learn the neighbor table entry when it receives an IP packet from the terminal to complete the online operation of the terminal. Usually used in combination with DHCP Snooping and other features to ensure security.

[Use Cases]

sonic# configure terminal
sonic(config)# vlan 40
sonic(config-vlan-40)# mac-trigger enable

MAC Configuration

Section titled “MAC Configuration”

show mac-flapping config

Section titled “show mac-flapping config”

[Command]

show mac-flapping config

[Purpose]

View the configuration information of MAC address flapping detection function

[View]

System view

[Use Cases]

sonic# show mac-flapping config
+---------+---------+---------+------------+-----------+
| VLAN | LEVEL | AGING | ACTION | ENABLED |
+=========+=========+=========+============+===========+
| Vlan400 | 10 | 600 | error_down | true |
+---------+---------+---------+------------+-----------+

show mac-flapping status

Section titled “show mac-flapping status”

[Command]

show mac-flapping status

[Purpose]

View records of MAC address flapping

[View]

System view

[Use Cases]

sonic# show mac-flapping status
+---------+-------------------+---------+--------------+-------------+
| VLAN | MAC | TIMES | LASTUPDATE | ERRORDOWN |
+=========+===================+=========+==============+=============+
| Vlan400 | 00:00:01:01:02:01 | 3 | Ethernet1 | No |
+---------+-------------------+---------+--------------+-------------+

Description of the show mac-flapping status command output

ParameterDescription
VLANVLANs undergoing migration
MACMigrated MAC addresses
TIMESNumber of migrations for a MAC address
LASTUPDATEInterface of the last migration
ERRORDOWNWhether the interface is shut down

show mac-address [interface-type interface-name]

Section titled “show mac-address [interface-type interface-name]”

[Command]

show mac-address [interface-type interface-name]

[Purpose]

Display MAC table

[Parameter]

interface-type Interface type, optional ethernet, link-aggregation

interface-name Interface name

[View]

System view

[Use Cases]

sonic# show mac-address
No. Vlan MacAddress Port Type
----- ------ ----------------- --------- -------
1 100 60:EB:5A:01:6C:99 Ethernet2 Dynamic
Total number of entries 1

show mac-limit

Section titled “show mac-limit”

[Command]

show mac-limit [{port interface-name | vlan id}]

[Purpose]

View the configured limit on the number of MAC address learning entries

[View]

System view

[Use Cases]

sonic# show mac-limit
Interface Mac-limit
----------- -----------
Vlan800 1000

clear mac-address

Section titled “clear mac-address”

[Command]

clear mac-address [{ethernet|link-aggregation} interface] [vlan id] [{dynamic}]

[Purpose]

Empty the MAC table

[Parameter]

interface Interface name

id VLAN ID, range 1-4094

[View]

System view

[Usage Scenario]

The MAC address table space on a device is limited. When the MAC address table becomes full, it cannot learn new MAC address entries until the aging time expires. This can lead to new users having to broadcast their packets, wasting network resources. In such cases, this command can be used to remove unnecessary MAC address entries from the table.

[Use Cases]

sonic# clear mac-address dynamic
Flush dynamic FDB.

mac-address static

Section titled “mac-address static”

[Command]

mac-address static HH:HH:HH:HH:HH:HH vlan vlan-id interface-type interface-name

no mac address static HH:HH:HH:HH:HH:HH vlan vlan-id

[Purpose]

Configure static MAC

[Parameter]

HH:HH:HH:HH:HH:HH MAC address

interface-type Interface type, optional ethernet, link-aggregation

interface-name Interface name

vlan-id VLAN ID,range 1-4094

[View]

System configuration view

[Usage Scenario]

Manually configuring static MAC address entries is typically done to enhance security. Network administrators can manually add specific MAC address entries to the MAC address table, binding user devices to interfaces, in order to prevent unauthorized users from accessing data.

[Notes]

If a dynamic MAC address table entry exists in the MAC address table with the same static MAC address, the added static MAC address table entry will automatically overwrite the dynamic MAC address table entry.

[Use Cases]

sonic# configure terminal
sonic(config)# mac-address static 00:aa:aa:aa:aa:aa vlan 4 ethernet 1

mac-address blackhole HH:HH:HH:HH:HH:HH vlan vlan-id

Section titled “mac-address blackhole HH:HH:HH:HH:HH:HH vlan vlan-id”

[Command]

mac-address blackhole HH:HH:HH:HH:HH:HH vlan vlan-id

no mac-address blackhole HH:HH:HH:HH:HH:HH vlan vlan-id

[Purpose]

Configuring the blackhole MAC

[Parameter]

HH:HH:HH:HH:HH:HH MAC address

vlan-id VLAN ID,range 1-4094

[View]

System configuration view

[Usage Scenario]

To prevent hackers from using MAC address attacks on user devices or networks, you can configure the MAC addresses of untrusted users as blackhole MAC addresses. When the device receives a packet with a destination MAC address or source MAC address that matches a blackhole MAC address, it will simply discard the packet. This helps enhance network security.

[Use Cases]

sonic# configure terminal
sonic(config)# mac-address blackhole aa:bb:bb:bb:bb:bb vlan 5

mac-address timer {aging seconds|no-aging}

Section titled “mac-address timer {aging seconds|no-aging}”

[Command]

mac-address timer {aging seconds|no-aging}

[Purpose]

Configure MAC aging time

[Parameter]

aging seconds Aging time, in seconds, default aging time is 600s, range 30s-7200s

no-aging No aging MAC table entries

[View]

System configuration view

[Usage Scenario]

As network topology evolves, devices will learn an increasing number of MAC addresses. To prevent the MAC address table from growing excessively, it’s essential to use this command to set an appropriate aging time for dynamic MAC table entries. This helps in timely removal of obsolete MAC address entries from the table, preventing it from becoming too large.

[Notes]

MAC table entry aging time is a parameter that affects the switch MAC self-learning. Dynamic MAC table entries that exceed the aging time are automatically deleted, and the device relearns the MAC and builds a new MAC table entry. Static MAC table entries are not affected by the aging time.

[Use Cases]

sonic# configure terminal
sonic(config)# mac-address timer aging 3600
sonic(config)# mac-address timer no-aging

mac-flapping detect enable

Section titled “mac-flapping detect enable”

[Command]

mac-flapping detect enable

no mac-flapping detect enable

[Purpose]

Enable the MAC address flapping suppression function

[View]

VLAN view

[Usage Scenario]

MAC address drifting refers to a situation where a MAC address learned on one interface of a device is also learned on another interface within the same VLAN, with the later-learned MAC address entry overwriting the original entry. When this feature is enabled, if MAC address drifting occurs, the device will generate warning logs. Additionally, user can use the mac-flapping detect-action error-down configuration to forcibly shut down physical interfaces experiencing MAC address drifting.

MAC address drifting can occur due to the following reasons:

  • The presence of network loops.

  • Malicious attacks by unauthorized users within the network.

[Use Cases]

sonic(config)# vlan 400
sonic(config-vlan-400)# mac-flapping detect enable

mac-flapping detect-action error-down

Section titled “mac-flapping detect-action error-down”

[Command]

mac-flapping detect-action error-down

no mac-flapping detect-action error-down

[Purpose]

Configure the processing action of the interface after the MAC address flapping is to shutdown the interface

[View]

VLAN view

[Usage Scenario]

After configuring MAC address flapping actions for a VLAN, if the system detects that a MAC address has drifted more times within the duration specified by the mac-flapping detect-aging command than the number configured with the mac-flapping detect-level command, the system will forcibly shut down the interface where the MAC address was last learned.

[Notes]

By default, the interface is not automatically restored after shutdown, and needs to be manually restored by the administrator after specifying the shutdown command and then executing the no shutdown command.

[Use Cases]

sonic(config)# vlan 400
sonic(config-vlan-400)# mac-flapping detect-action error-down

mac-flapping detect-aging

Section titled “mac-flapping detect-aging”

[Command]

mac-flapping detect-aging time

[Purpose]

Configure the aging time of MAC address flapping table entries

[Parameter]

time Value range: 10-7200, unit: s

[View]

VLAN view

[Use Cases]

sonic(config)# vlan 400
sonic(config-vlan-400)# mac-flapping detect-aging 100

mac-flapping detect-level

Section titled “mac-flapping detect-level”

[Command]

mac-flapping detect-level level

[Purpose]

Configure the number of times MAC address flapping is detected in a VLAN

[Parameter]

level Value range: 5 - 500

[View]

VLAN view

[Usage Scenario]

A flapping is considered to have occurred when the MAC address has migrated more than the configured number of flapping detections within the flapping aging time.

[Use Cases]

sonic(config)# vlan 400
sonic(config-vlan-400)# mac-flapping detect-level 10

mac-limit

Section titled “mac-limit”

[Command]

mac-limit value

no mac-limit

[Purpose]

Configure MAC address learning entry limit

[Parameter]

value Value range: 1-32000

[View]

VLAN view, Interface view

[Usage Scenario]

To control the number of access users or prevent MAC address table attacks, you can limit the number of MAC addresses that a switch is allowed to learn. This helps control the number of access users and enhances network security.

[Notes]

When the number of MAC address table entries reaches the limit, the new MAC address will not be learned

[Use Cases]

sonic(config)# vlan 400
sonic(config-vlan-400)# mac-limit 1000

Interface Isolation Group Configuration

Section titled “Interface Isolation Group Configuration”

show port-isolate-group [group-id group_id]

Section titled “show port-isolate-group [group-id group_id]”

[Command]

show port-isolate-group [group-id group_id]

[Purpose]

View the configured interface isolation group information

[Parameter]

group-id Interface isolation group ID, range: 1~128

[View]

System view

[Use Cases]

sonic# show port-isolate-group group-id 1
+------------+------------+--------+
| Group ID | Interface | Mode |
+============+============+========+
| 1 | Ethernet1 | L2 |
| | Ethernet2 | |
| | Ethernet3 | |
| | Ethernet4 | |
| | Ethernet5 | |
+------------+------------+--------+

port-isolate-group group_id

Section titled “port-isolate-group group_id”

[Command]

port-isolate-group group_id

no port-isolate-group group_id

[Purpose]

Create interface isolation groups

[Parameter]

group_id Interface isolation group ID, range: 1~128

[View]

System configuration view

[Usage Scenario]

The isolation feature refers to isolating and forwarding broadcast, multicast, and unicast packets among interfaces within the same isolation group. When combined with other business functions, it can implement a more secure network architecture and greatly reduce the occurrence of broadcast storms.

[Use Cases]

sonic(config)# port-isolate-group 1

port-isolate group_id

Section titled “port-isolate group_id”

[Command]

port-isolate group_id

no port-isolate group_id

[Purpose]

Enables Layer 2 broadcast isolation of the interface

[View]

Interface view

[Use Cases]

sonic(config)# port-isolate-group 1
sonic(config)# port-group ethernet 1-10
sonic(config-port-group-1-10)# port-isolate 1

STP Configuration

Section titled “STP Configuration”

show stp mstp

Section titled “show stp mstp”

[Command]

show stp mstp

[Purpose]

View spanning tree status

[View]

System view

[Use Cases]

sonic# show stp mstp

show stp stpid stp-instance-id

Section titled “show stp stpid stp-instance-id”

[Command]

show stp stpid stp-instance-id

[Purpose]

View spanning tree status of interfaces under the specified STP instance

[View]

System view

[Use Cases]

sonic# show stp stpid 1

show stp stpid stp-instance-id [ethernet ethernet-id | link-aggregation lag-id]

Section titled “show stp stpid stp-instance-id [ethernet ethernet-id | link-aggregation lag-id]”

[Command]

show stp stpid stp-instance-id [ethernet ethernet-id | link-aggregation lag-id]

[Purpose]

View the spanning tree status of a specific interface in a particular STP instance.

[View]

System view

[Use Cases]

sonic# show stp stpid 1 ethernet 5

show stp bind

Section titled “show stp bind”

[Command]

show stp mstp

[Purpose]

Check the binding relationship between the specified STP instance and the VLAN.

[View]

System view

[Usage Scenario]

After configuring the mapping between instances and VLANs on the device, you can execute this command to view the mapping. By default, all VLANs are bound to instance 0 unless mapped separately.

[Use Cases]

sonic# show stp bind

stp enable mstp

Section titled “stp enable mstp”

[Command]

stp enable mstp

no stp enable mstp

[Purpose]

Enable MSTP mode

[View]

System configuration view

[Usage Scenario]

In complex Layer 2 networks, in order to prevent loops or break loops, the Spanning Tree Protocol (STP) can be deployed on switching devices. The role of MSTP is to prevent packets from continuously circulating and looping in a circular network, thereby avoiding performance degradation caused by devices repeatedly receiving the same packets. MSTP works by selecting the best path and blocking the remaining paths to ensure that there are no redundant paths and loops in the network. This improves network reliability and stability.

[Use Cases]

sonic(config)# stp enable mstp

stp bind vlan

Section titled “stp bind vlan”

[Command]

stp bind vlan vlan-id stp-id

no stp bind vlan vlan-id

[Purpose]

Bind VLAN with STP instances

[Parameter]

vlan-id VLAN ID, the range of value: 1-4094

stp-id STP ID, the range of value: 0-255

[View]

System configuration view

[Usage Scenario]

After allowing the STP-enabled switching device to start up normally, the STP-related configuration for the current VLAN defaults to STP instance with ID 0. If you need to achieve business isolation for various access VLANs through multiple processes, you can use this command to add the VLAN where the access link is located to a specified STP instance.

[Use Cases]

sonic(config)# stp bind vlan 400 1

stp forward-delay

Section titled “stp forward-delay”

[Command]

stp forward-delay time

[Purpose]

Configure the forward delay time of the device

[Parameter]

time Value range: 4-30, unit: s

[View]

System configuration view

[Usage Scenario]

When the network topology changes, due to the time it takes for new BPDU configuration messages to propagate throughout the network, ports that should have been blocked may not have been blocked in time, and previously blocked ports should no longer be blocked. This can potentially create a temporary loop. To avoid temporary loops caused by this situation, you can configure the Forward Delay timer to set a delay period, during which all ports will be temporarily blocked.

[Notes]

The port is temporarily blocked during the delay time set by the Forward Delay timer.

When configuring the Hello Time, Forward Delay and Max Age values, the configured values should satisfy the following relationships to ensure that the spanning tree algorithm of the entire network works effectively, otherwise the network will frequently oscillate.

2 × (Forward Delay -1.0 s) ≥ Max Age

Max Age ≥ 2 × (Hello Time + 1.0 s)

[Use Cases]

sonic(config)# stp forward-delay 5

stp hello

Section titled “stp hello”

[Command]

stp hello time

[Purpose]

Configure the time interval for the device to send BPDUs

[Parameter]

time Value range: 1-10, unit: s

[View]

System configuration view

[Usage Scenario]

In a network running Spanning Tree Protocol (STP), switches periodically send Bridge Protocol Data Units (BPDUs) to other devices in the same spanning tree to maintain the stability of the spanning tree. By executing this command, user can set the interval for sending BPDUs to maintain the stability of the network’s topology.

[Use Cases]

sonic(config)# stp hello 5

stp max-age

Section titled “stp max-age”

[Command]

stp max age time

[Purpose]

Specify the aging time of BPDUs on the device

[Parameter]

time Value range: 10-1000000, unit: s

[View]

System configuration view

[Notes]

The device will determine whether the BPDU received from the upstream device times out based on the Max Age time of the port. If the BPDU times out, the device will age out the BPDU and block the port receiving the BPDU at the same time, and issue the BPDU with itself as the root bridge.

[Use Cases]

sonic(config)# stp max-age 20

stp instance

Section titled “stp instance”

[Command]

stp instance id

no stp instance id

[Purpose]

Create STP instances

[Parameter]

id Value range: 1-255

[View]

System configuration view

[Usage Scenario]

MSTP divides a switched network into multiple domains, each forming multiple spanning trees within the domain. The spanning trees are independent of each other. As long as two switches have the same MSTP domain name and the same mapping between spanning trees and VLANs, they belong to the same domain.

[Use Cases]

sonic(config)# stp instance 1
sonic(config-stp-1)#

stp name

Section titled “stp name”

[Command]

stp name name

[Purpose]

Configure the STP instance name

[View]

System configuration view

[Usage Scenario]

MSTP divides a switched network into multiple domains, each forming multiple spanning trees within the domain. The spanning trees are independent of each other. As long as two switches have the same MSTP domain name and the same mapping between spanning trees and VLANs, they belong to the same domain.

[Use Cases]

sonic(config)# stp name test

port interface-name priority value

Section titled “port interface-name priority value”

[Command]

port interface-name priority value

[Purpose]

Configure the priority of the interface in the spanning tree calculation

[Parameter]

value Value range: 0-15

[View]

STP View

[Usage Scenario]

For switch device ports, the size of their port priority identifier (PID) may affect whether they are elected as designated ports. During the spanning tree calculation, ports with smaller PIDs will be elected as designated ports.

[Notes]

When port priority changes, the spanning tree will recompute the port roles and perform state transitions.

[Use Cases]

sonic(config)# stp instance 1
sonic(config-stp-1)# port 1 priority 3

priority

Section titled “priority”

[Command]

priority value

[Purpose]

Configure the priority of the device in the specified instance

[Parameter]

value Value range: 0-15

[View]

STP View

[Notes]

The priority of a device is a crucial factor in the spanning tree calculation, and the priority of a switch device can impact the election of the root bridge. A device with a lower priority value has a higher likelihood of being elected as the root bridge.

[Use Cases]

sonic(config)# stp instance 1
sonic(config-stp-1)# priority 3
Section titled “link-aggregation id priority value”

[Command]

link-aggregation id priority value

[Purpose]

Configure the priority of the LAG port in the specified instance.

[Parameter]

value Value range: 0-15

[Use Cases]

sonic(config)# stp instance 0
sonic(config-stp-0)# link-aggregation 1 priority 3

stp bpdu-filter enable

Section titled “stp bpdu-filter enable”

[Command]

stp bpdu-filter enable

no stp bpdu-filter enable

[Purpose]

Configure the current port as a BPDU filter port

[View]

Interface view

[Usage Scenario]

In a Layer 2 network running the Spanning Tree Protocol, ports connected to end devices do not need to participate in the spanning tree calculation. Involving these ports in the calculation can affect the convergence speed of the network topology. Configure this command on edge devices to make edge ports not process or send BPDU packets. This port will then be a BPDU filter port.

[Use Cases]

sonic(config)# interface ethernet 1
sonic(config-if-1)# stp bpdu-filter enable

stp bpdu-guard enable

Section titled “stp bpdu-guard enable”

[Command]

stp bpdu-guard enable

no stp bpdu-guard enable

[Purpose]

Configure edge port protection

[View]

Interface view

[Usage Scenario]

In Layer 2 networks running Spanning Tree Protocol, ports connected to end-user devices don’t need to participate in Spanning Tree calculations. Their participation can slow down network topology convergence. When malicious users send malicious BPDU (Bridge Protocol Data Unit) packets as part of an attack, it can cause network instability and disrupt user traffic. By configuring BPDU protection on edge ports, if an edge port receives a BPDU packet, the port will be forcibly shut down.

[Notes]

After an interface is shut down due to receiving a BPDU, user need to manually execute the no shutdown command to restore it.

[Use Cases]

sonic(config)# interface ethernet 1
sonic(config-if-1)# stp bpdu-guard enable

QinQ Configuration

Section titled “QinQ Configuration”

show interface vlan-stack

Section titled “show interface vlan-stack”

[Command]

show interface vlan-stack

[Purpose]

View the VLAN stack function configuration of the interface

[View]

System view

[Use Cases]

sonic# show interface vlan-stack
Name Vlan Stack_vlan Remark_8021p Remark_tc Mode
--------- ------ ------------ -------------- ----------- ------
Ethernet1 100 101 NULL NULL tagged
Ethernet1 300 101 NULL NULL tagged
Ethernet1 400 101 NULL NULL tagged

show interface qinq protocol [interface-name]

Section titled “show interface qinq protocol [interface-name]”

[Command]

show interface qinq protocol [interface_name]

[Purpose]

View the qinq protocol configuration of the interface

[View]

System view

[Use Cases]

sonic# show interface qinq protocol 1
Name Protocol
--------- ----------
Ethernet1 0x88A8

qinq enable

Section titled “qinq enable”

[Command]

qinq enable

[Purpose]

Enable basic QinQ functionality on the interface

[View]

Interface view

[Usage Scenario]

When the port enable switch is activated, all traffic entering the device from this port will be tagged with an additional layer corresponding to the Port VLAN ID (PVID). If the packet does not have a VLAN tag, it will be encapsulated with a layer corresponding to the PVID VLAN. If the packet already carries a VLAN tag, an additional layer corresponding to the PVID VLAN will be added.

[Use Cases]

sonic(config)# interface ethernet 1
sonic(config-if-1)# qinq enable

vlan-stack {tagged|untagged} vlan-id stack-id [remark-dot1p value] [remark-tc value]

Section titled “vlan-stack {tagged|untagged} vlan-id stack-id [remark-dot1p value] [remark-tc value]”

[Command]

vlan-stack {tagged|untagged} vlan-id stack-id [remark-dot1p value] [remark-tc value]

no vlan-stack untagged

no vlan-stack tagged {all|vlan-id}

[Purpose]

Configure the VLAN stack function of the interface

[Parameter]

ParameterDescription
taggedInterface received messages with VLAN tag need to be overlaid as a two-layer VLAN
untaggedInterface receives messages without VLAN tags that require stacking two layer VLANs
vlan-idVLAN ID of interface received with VLAN tag packets or inner VLAN ID after QinQ encapsulation of packets without VLAN tag
stack-idSpecify the outer VLAN tag after stacking
remark-dot1p valueModify the 802.1p priority of the outer VLAN tag
remrak-tc valueModify the priority of packets for local processing

[View]

Interface view

[Usage Scenario]

VLAN Stacking is a Layer 2 technology that allows the encapsulation of user packets with an outer VLAN tag based on the user’s VLAN ID. This helps differentiate between different users’ packets.

[Notes]

To enable VLAN stacking, it should be configured in the inbound direction.

If incoming packets are already VLAN-tagged, ensure that the TPID (Tag Protocol Identifier) used for the outer VLAN tag is different from the TPID configured on the interface.

If user need to remove the outer VLAN tag, the interface should join the stacked VLAN with an untagged mode.

If user don’t need to remove the outer VLAN tag, the interface should join the stacked VLAN with a tagged mode.

[Use Cases]

sonic(config)# interface ethernet 1
sonic(config-if-1)# qinq protocol 0x88a8
sonic(config-if-1)# switchport access vlan 101
sonic(config-if-1)# vlan-stack tagged 100 101 remark-dot1p 4 remark-tc 4