01 04 M LAG Configuration

CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 4 M-LAG Configuration
4 M-LAG Configuration
4.1 Overview of M-LAG

4.2 Understanding M-LAG
4.3 Application Scenarios for M-LAG
4.4 Summary of M-LAG Configuration Tasks
4.5 Licensing Requirements and Limitations for M-LAG
4.6 Configuring M-LAG Through the Root Bridge
4.7 Configuring M-LAG Through V-STP (Recommended)
4.8 Maintaining M-LAG
4.9 Configuration Examples for M-LAG
4.10 M-LAG Technical Topics
4.1 Overview of M-LAG

Definition
Multichassis Link Aggregation Group (M-LAG) implements link aggregation
among multiple devices. In a dual-active system shown in Figure 4-1, one device
is connected to two devices through M-LAG to achieve device-level link reliability.
Figure 4-1 M-LAG network
M-LAG
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 178

Switches
Purpose
As an inter-device link aggregation technology, M-LAG increases link bandwidth,
improves link reliability, and implements load balancing. It has the following
advantages:
● High reliability
M-LAG protects link reliability for entire devices.
● Simplified network and configuration
M-LAG is a horizontal virtualization technology that virtualizes two dual-
homed devices into one device. M-LAG prevents loops on a Layer 2 network
and implements redundancy. M-LAG greatly simplifies the network and
configuration.
● Independent upgrade
Two devices can be upgraded independently. This prevents service interruption
when either device is upgrading.
Reference
● M-LAG Best Practices: CloudEngine Series Switches M-LAG Technical Topics
● Video: CloudEngine Series Switch M-LAG Feature Introduction
4.2 Understanding M-LAG
4.2.1 Basic Concepts

In Figure 4-2, the user-side device (switch or host) connects to SwitchA and
SwitchB through M-LAG to constitute a dual-active system. SwitchA and SwitchB
then forward traffic together to ensure network reliability.

Switches
Figure 4-2 Basic M-LAG topology
Network
Dual-Active
Detection
Packets
peer-link
SwitchA SwitchB
M-LAG
M-LAG M-LAG
member member
interface interface
Switch
Dual-active
system
Table 4-1 describes basic concepts of M-LAG.
Table 4-1 Basic concepts of M-LAG

Concept Description
Dynamic Fabric A DFS group is used for pairing between M-LAG

Service (DFS) group devices. M-LAG devices use the DFS group protocol to
synchronize information such as the interface status
and entries.
DFS master device The device is configured with M-LAG and is in master
state. It is also called the M-LAG master device.
DFS backup device The device is configured with M-LAG and is in backup
state. It is also called the M-LAG backup device.
NOTE
A DFS group consists of a master device and a backup device.
Under normal circumstances, both the master and backup
devices forward service traffic and their forwarding behaviors
are the same. The master and backup devices have different
forwarding behaviors only when a fault occurs.

Switches
Concept Description
Dual-Active Detection A DAD link is used for M-LAG master and backup
(DAD) link devices to exchange DAD packets at Layer 3.
NOTE
Under normal circumstances, the DAD link does not
participate in any traffic forwarding behaviors in the M-LAG. It
is only used to detect whether two master devices exist when
a fault occurs. The DAD link can be an external link, for
example, if the M-LAG is connected to an IP network and the
two member devices can communicate through the IP
network, the link that enables communication between the
member devices can function as the DAD link. An independent
link that provides Layer 3 reachability can also be configured
as the DAD link, for example, a link between management
interfaces of the member devices can function as the DAD
link.
Peer-link interface Peer-link interfaces are at both ends of a peer-link.
Peer-link A peer-link is between two directly connected devices

and has link aggregation configured. It is used to
exchange negotiation packets and transmit part of
traffic. After an interface is configured as a peer-link
interface, other services cannot be configured on the
interface.
To improve the peer-link reliability, you are advised to
use multiple links for aggregation.
HB DFS master device The device negotiates to the master state through the
heartbeat link.
NOTE
Under normal circumstances, the HB DFS master/backup
status negotiation through heartbeat packets does not affect
traffic forwarding behaviors in the M-LAG. It is used only in
secondary fault rectification scenarios. If faults on the original
DFS master device are rectified and the peer-link fault persists,
the corresponding interfaces on the backup device are
triggered to enter the Error-Down state based on the HB DFS
master/backup status. This mechanism prevents abnormal
traffic forwarding in the scenario where two master devices
exist and improves device reliability.
HB DFS backup device The device negotiates to the backup state through the
heartbeat link.
NOTE
Under normal circumstances, the HB DFS master/backup
status negotiation through heartbeat packets does not affect
traffic forwarding behaviors in the M-LAG. It is used only in
secondary fault rectification scenarios. If faults on the original
DFS master device are rectified and the peer-link fault persists,
the corresponding interfaces on the backup device are
triggered to enter the Error-Down state based on the HB DFS
master/backup status. This mechanism prevents abnormal
traffic forwarding in the scenario where two master devices
exist and improves device reliability.

Switches
Concept Description
M-LAG member M-LAG member interfaces are the Eth-Trunks on M-

interface LAG master and backup devices that are connected to
the user-side host or switch.
To improve the reliability, you are advised to configure
link aggregation in LACP mode.
M-LAG member interfaces also work in master/backup
mode. When the local and remote member interfaces
synchronize information, the interface that changes
from Down to Up first becomes the master M-LAG
member interface, and the other interface becomes the
backup M-LAG member interface.
NOTE
The master and backup M-LAG member interfaces have
different forwarding behaviors only when the M-LAG forwards
multicast traffic.
4.2.2 Information Exchange Principles

The dual-active system that is set up based on M-LAG provides device-level
reliability. Figure 4-3 shows the M-LAG establishment process. The process
includes the following stages:
Figure 4-3 M-LAG establishment
Network
DAD link
SwitchA SwitchB
peer-link
M-LAG establishment
DFS group Hello packet

DFS group device
information packet
M-LAG device
information packet
M-LAG synchronization
packet

Switches
1. DFS group pairing

After two M-LAG devices are configured, they send DFS group Hello packets
to each other through the peer-link. When receiving Hello packets from the
remote device, the local device checks whether the DFS group ID in the
packets is the same as that of the local device. If the DFS group IDs are the
same, DFS group pairing of the two devices is successful.
2. DFS group master/backup negotiation
After the pairing is successful, the two devices send DFS group device
information packets to each other. The devices determine the DFS group
master and backup status based on the DFS group priorities and system MAC
addresses carried in the packets.
SwitchB is used as an example. When receiving packets from SwitchA, SwitchB
checks and records information about SwitchA, and compares its DFS group
priority with that of SwitchA. If SwitchA has a higher DFS group priority than
SwitchB, SwitchA is the DFS master device and SwitchB is the DFS backup
device. If SwitchA and SwitchB have the same DFS group priority, the device
with a smaller MAC address functions as the DFS master device.
NOTE
A DFS group consists of a master device and a backup device. Under normal
circumstances, both the master and backup devices forward service traffic and their
forwarding behaviors are the same. The master and backup devices have different
forwarding behaviors only when a fault occurs.
3. Master/backup negotiation of M-LAG member interfaces
After DFS group master/backup negotiation is successful, the two devices
send M-LAG device information packets carrying configuration information of
M-LAG member interfaces to each other through the peer-link. After member
interface information is synchronized, master and backup M-LAG member
interfaces are determined.
When the local and remote member interfaces synchronize information, the
interface that changes from Down to Up first becomes the master M-LAG
member interface, and the other interface becomes the backup M-LAG
member interface. By default, revertive switching is not performed between
the master and backup interfaces. That is, if the device where the original
master M-LAG member interface resides recovers from a failure, the original
backup interface that becomes the master interface remains in master state,
and the original master interface that recovers from a failure is still in backup
state. The master/backup negotiation mechanism of M-LAG member
interfaces differs from that of the DFS group.
NOTE
The master and backup M-LAG member interfaces have different forwarding behaviors
only when the M-LAG forwards multicast traffic.
4. DAD
After M-LAG master and backup devices are negotiated, the two devices send
M-LAG DAD packets at an interval of 1s through the DAD link. If a device
detects that the peer-link fails, it sends three DAD packets at an interval of
100 ms to accelerate detection. If both devices can receive packets from each
other, the dual-active system starts to work.
Under normal circumstances, the DAD link does not participate in any traffic
forwarding behaviors in the M-LAG. It is only used to detect whether two

Switches
master devices exist when the DFS group pairing or peer-link fails. Therefore,
the M-LAG still works properly even if DAD fails. The DAD link can be an
external link, for example, if the M-LAG is connected to an IP network and
the two member devices can communicate through the IP network, the link
that enables communication between the member devices can function as the
DAD link. An independent link that provides Layer 3 reachability can also be
configured as the DAD link, for example, a link between management
interfaces of the member devices can function as the DAD link.
– The DAD link is deployed between management interfaces. Management
interface IP addresses bound to the DFS group must be reachable to each
other, and VPN instances are bound to management interfaces to ensure
that DAD packets and service packets are separated.
– The DAD link is deployed on a service network, and the IP address bound
to the DFS group must be reachable at Layer 3. If peer-link interfaces
establish a routing neighbor relationship, DAD packets on the service
network are transmitted through the peer-link using the optimal route. If
the peer-link fails, DAD packets are transmitted to the remote device
through the suboptimal path during route convergence, and the DAD
time is 0.5s or 1s longer.
NOTE
In V200R005C10 and later versions, two devices send DAD packets at the specified
interval immediately after the heartbeat link is Up. In secondary fault rectification
scenarios where enhanced DAD for secondary faults is enabled, faults on the original
DFS master or backup device are rectified and the peer-link fault persists. If the local
and remote devices' IP addresses are bound to the DFS group, M-LAG devices
negotiate the HB DFS master/backup status based on the DFS information carried in
DAD packets, and the corresponding interfaces on the HB DFS backup device are
triggered to enter the Error-Down state, preventing abnormal traffic forwarding in the
scenario where two master devices exist.
5. M-LAG information synchronization
When working properly, the two devices send M-LAG synchronization packets
through the peer-link to synchronize information with each other in real time.
M-LAG synchronization packets include MAC address entries, ARP entries, STP
and VRRP packets information. The devices also send the status of M-LAG
member interfaces. In this way, traffic forwarding is not affected when any
device fails, ensuring that normal services are not interrupted.
NOTE
For the CE6870EI, CE6875EI, and CE5880EI, after a VLANIF or VBDIF interface is
configured on an M-LAG member device, the real MAC address of the VLANIF or
VBDIF interface is synchronized to the peer device through the M-LAG synchronization
channel and delivered as a dynamic MAC address.
Table 4-2 M-LAG synchronization packet information
Type Description
MAC MAC address entry synchronization
ARP ARP packet synchronization
ND ND packet synchronization

Switches
Type Description
STP STP status synchronization
Others Information such as the status of an

M-LAG member interface
4.2.3 M-LAG Loop Prevention Mechanism

M-LAG has a loop prevention mechanism that helps construct a loop-free
network. Figure 4-4 shows how M-LAG constructs a loop-free network. Unicast
traffic from the access device or network-side to M-LAG devices is forwarded
through the local device preferentially, and the peer-link does not transmit data
traffic under normal circumstances. When traffic is broadcast to the remote M-
LAG device through the peer-link, unidirectional traffic isolation is configured
between the peer-link and M-LAG member interface. That is, traffic received
through the peer-link is not forwarded through the M-LAG member interface, and
therefore no loop occurs. This is the unidirectional isolation mechanism of M-LAG.
Figure 4-4 Traffic forwarding when an M-LAG is connected to a Layer 2 network
Ethernet
Network
DAD link
peer-link
Unicast traffic from an

access-side device
Unicast traffic from a
network-side device
Broadcast traffic
Unidirectional Blocked
isolation interface

Switches
Unidirectional Isolation Mechanism

Prerequisites for the Mechanism to Take Effect
When M-LAG master and backup devices are negotiated, the system checks
whether the access device is dual-homed to the M-LAG using M-LAG
synchronization packets.
● If the access device is dual-homed to the M-LAG, the two M-LAG devices
deliver the unidirectional isolation configuration of the corresponding M-LAG
member interface to isolate traffic from peer-link interfaces to M-LAG
member interfaces.
NOTE
Unidirectional isolation in the M-LAG loop prevention mechanism takes effect for
Layer 2 traffic (including unicast, multicast, and broadcast traffic) and Layer 3
multicast traffic, and does not take effect for Layer 3 unicast traffic.If the access device
is single-homed to the M-LAG, the M-LAG does not deliver the unidirectional isolation
configuration of the corresponding M-LAG member interface.
● If the access device is single-homed to the M-LAG, the M-LAG does not
deliver the unidirectional isolation configuration of the corresponding M-LAG
member interface.
Implementation Principles
In Figure 4-5, a device is dual-homed to an M-LAG. M-LAG devices deliver the
global ACL configuration in the following sequence:
● Rule 1: Layer 3 unicast packets with a peer-link interface as the source
interface and an M-LAG member interface as the destination interface are
allowed to pass through.
● Rule 2: All packets with a peer-link interface as the source interface and an
M-LAG member interface as the destination interface are rejected.
M-LAG devices use the ACL rule group to implement unidirectional isolation
between peer-link interfaces and M-LAG member interfaces. Flooding traffic such
as broadcast traffic from a peer-link interface to an M-LAG member interface is
isolated. When an M-LAG device detects that the local M-LAG member interface is
in Down state, the device sends M-LAG synchronization packets through the peer-
link to instruct the remote device to revoke the automatically delivered
unidirectional isolation ACL rule group of the corresponding M-LAG member
interface.

Switches
Figure 4-5 M-LAG unidirectional isolation

DAD link
peer-link
Broadcast Unidirectional
traffic isolation
4.2.4 M-LAG Consistency Check

The M-LAG is a dual-active system composed of two devices. It is a horizontal
virtualization technology that virtualizes two devices into one device (a Layer 2
logical node). The logical topology is clear, and some configurations of two
devices in the M-LAG must be consistent. If some configurations of two devices in
the M-LAG are inconsistent, the M-LAG may fail to work or a loop may occur.
When the M-LAG is applied to an enterprise data center network, if the
configuration of two devices in the M-LAG is manually performed or compared,
the efficiency is low and there are many potential risks of incorrect configurations.
To address the preceding issues, Huawei proposes M-LAG consistency check. The
M-LAG mechanism provides the configuration consistency check to request the
configuration of each module. Based on the comparison result after M-LAG
consistency check is enabled, you can adjust the configurations of devices in the
M-LAG to prevent problems such as network loops or data loss.
The M-LAG configuration falls into two types: key configuration (Type 1) and
common configuration (Type 2), as described in Table 4-3. Two M-LAG
consistency check modes are available: strict and loose.
● Key configuration (Type 1): If the configurations of two devices in the M-LAG
are inconsistent, problems may occur, for example, loops may occur or
packets are discarded for a long period of time though the M-LAG status is
normal.
In strict mode, if the key configuration of two devices in the M-LAG is
inconsistent, member interfaces on the M-LAG backup device enter the Error-
Down state and the alarm about key configuration inconsistency is generated.
In loose mode, if the key configuration of two devices in the M-LAG is
inconsistent, the alarm about key and common configuration inconsistency is
generated.
● Common configuration (Type 2): If the configurations of two devices in the
M-LAG are inconsistent, the M-LAG status may be abnormal. Compared with
the key configuration, the common configuration problem can be easily
detected and has less impact on the live network.

Switches
Regardless of the mode, if the following common configuration of two

devices in the M-LAG is inconsistent, the alarm about key and common
configuration inconsistency is generated.
Table 4-3 M-LAG consistency check list

View Configuration Type
System view Whether STP is enabled Type 1
STP working mode
Whether BPDU
protection is enabled
Mapping between VLANs

and MSTIs
NOTE
The device checks the
mapping between VLANs
and MSTIs in STP process
0.
M-LAG member Whether STP is enabled

interface view
Whether root protection
is enabled
LACP mode
System view VLAN configuration Type 2
Static MAC address

entries
● Static MAC address
entry in which the
interface is an M-LAG
member interface
entry of a VXLAN
tunnel
Aging time of dynamic

MAC address entries

Switches
Static ARP entries

● Short static ARP
entries
● Long static ARP
entries
– If outbound
interfaces are
specified in static
ARP entries, only
the static ARP
entries in which
the outbound
interfaces are M-
LAG member
interfaces are
checked.
– If the VLANs to
which static ARP
entries belong are
specified, the VLAN
IDs are compared.
– If outbound
interfaces and the
VLANs to which
static ARP entries
belong are
specified, the static
ARP entries in
which the
outbound
interfaces are M-
LAG member
interfaces and the
VLAN IDs are
compared.
– Static ARP entry of
an IPv4 VXLAN
tunnel

Switches

NOTE
The switch cannot check
short static ARP entries of
a specified VPN instance. If
the outbound interface of
a long static ARP entry is
an M-LAG member
interface and is bound to a
VPN instance or the
VLANIF interface
corresponding to the VLAN
to which the outbound
interface belongs is bound
to a VPN instance, the
switch cannot check the
static ARP entry.

ARP entries
Bridge Domain (BD)

configuration
● BD ID
● VNI associated with
the BD
VBDIF interface
configuration
● BD ID
● IPv4 address
● IPv6 address
● VRRP4 group
● MAC address
● Status
NOTE
The device only checks the
virtual MAC address by
default.
For the IPv6 address and
VRRP4 configuration, the
consistency check only
take effect when the
VBDIF interface is up. If the
VBDIF interface is down,
the preceding
configurations do not take
effect on the interface.

Switches
VLANIF interface
configuration
● VLAN ID
● IPv4 address
● IPv6 address
● VRRP4 group
● VRRP6 group
● MAC address
● Status
NOTE
default.
VLANIF interface is up. If
the VLANIF interface is
down, the preceding
M-LAG member STP priority

interface view
VLAN ID
Parameters
Number of member
interfaces of the Eth-
Trunk to which an M-
LAG member interface
belongs
NOTE
Only the numbers of
member interfaces of Eth-
Trunks are compared. The
physical Up/Down status
or bandwidth of member
interfaces is not checked.
4.2.5 Traffic Forwarding When an M-LAG Works Properly

An M-LAG dual-active system starts to work after it is established successfully. The
M-LAG master and backup devices load balance traffic and their forwarding
behaviors are the same. The following describes how an M-LAG forwards traffic
when it works properly.

Switches
Unicast Traffic Forwarding

Unicast traffic forwarding includes Layer 2 known unicast traffic forwarding and
Layer 3 unicast traffic forwarding.
In Figure 4-6, an access device is dual-homed to an M-LAG dual-active system

and known unicast traffic is forwarded as follows:
For north-south unicast traffic from the M-LAG access side, M-LAG member
devices forward the traffic together after receiving it from the access device
through aggregated links in load balancing mode. M-LAG master and backup
devices forward received north-south unicast traffic to the network side based on
the routing table.
For east-west unicast traffic, when the M-LAG dual-active system is set up and
there is no single-homing interface, Layer 2 traffic is preferentially forwarded
through the local M-LAG device, and Layer 3 traffic is forwarded through dual-
active gateways. Layer 2 and Layer 3 east-west unicast traffic is not forwarded
through the peer-link and is directly forwarded to corresponding member
interfaces by M-LAG master and backup devices.
Figure 4-6 Known unicast traffic forwarding through an M-LAG
Network
DAD link
Peer-link
North-south unicast traffic

from an M-LAG member
interface
North-south unicast traffic

from a non-M-LAG member
interface
East-west unicast traffic

Switches
Multicast Traffic Forwarding

● M-LAG Connecting to a Layer 2 Network
If an M-LAG is connected to an upstream Layer 2 network, traffic from the
Layer 2 network to the M-LAG can only be sent to one device in the M-LAG;
otherwise, a loop may occur. In Figure 4-7, assume that the M-LAG uplink
interface on the right M-LAG member device is blocked by STP.
When ServerB functions as a multicast source and ServerA functions as a
multicast group member, both M-LAG master and backup devices can forward
multicast traffic. When receiving traffic from the network side, the receiving
device directly forwards the traffic to the local M-LAG member interface. If
the local M-LAG member interface fails, multicast traffic is forwarded through
the peer-link to the M-LAG member interface on the other M-LAG device for
transmission, as shown in Figure 4-8.
When ServerA functions as a multicast source and ServerB functions as a
multicast group member, traffic from the multicast source is load balanced to
M-LAG master and backup devices. Because the uplink interface on the right
M-LAG device is blocked, the outbound interface of multicast traffic is the
peer-link interface.
Figure 4-7 Multicast traffic forwarding when an M-LAG is connected to a

Layer 2 network
Multicast
source Receiver
ServerB ServerB
Ethernet Ethernet
Network Network
DAD link DAD link

Peer-link Peer-link
ServerA Receiver Multicast

ServerA
source
Multicast traffic forwarding from

a network-side multicast source Blocked interface
an access-side multicast source

Switches

Layer 2 network and an M-LAG member interface fails
Multicast Multicast
ServerB ServerB
source source
Ethernet Ethernet
Network Network
DAD link DAD link

Peer-link Peer-link
ServerA Receiver ServerA Receiver

a network-side multicast source Blocked interface
Downlink
Multicast traffic forwarding when
failure
the local member interface fails
If an M-LAG is connected to an upstream Layer 3 network, M-LAG member
devices need to support Layer 2 and Layer 3 multicast. In Figure 4-9, an
access device is dual-homed to an M-LAG dual-active system and multicast
traffic is forwarded as follows:
When ServerB functions as a multicast source and ServerA functions as a
multicast group member, both M-LAG master and backup devices divert
traffic from the multicast source, query the local multicast forwarding table,
and load balance the traffic to the multicast group member based on the
following rules:
– If the last digit of the multicast group address is an odd number (for
example, 225.1.1.1, FF1E::1, or FF1E::B), the M-LAG device where the
master M-LAG member interface resides forwards the traffic to the
multicast group member.
– If the last digit of the multicast group address is an even number (for
example, 225.1.1.2, FF1E::2, or FF1E::A), the M-LAG device where the
backup M-LAG member interface resides forwards the traffic to the
multicast group member.

Switches
NOTE
In versions earlier than V200R003C00, only the M-LAG device where the master M-
LAG member interface resides forwards multicast traffic to the multicast group
member. In V200R003C00 and later versions, both devices where the master and
backup M-LAG member interfaces reside can forward multicast traffic to the multicast
group member to implement load balancing. If the two M-LAG devices run different
versions, the multicast traffic forwarding rule is subject to the device running the
earlier version.
In V200R003C00 and later versions, for the CE6870EI and CE6875EI, an M-LAG
consisting of standalone switches or stacks supports IPv6 Layer 3 multicast, and an M-
LAG consisting of other models does not support IPv6 Layer 3 multicast.
When ServerA functions as a multicast source and ServerB functions as a
multicast group member, traffic sent by the multicast source is load balanced
to M-LAG master and backup devices. After receiving the traffic, M-LAG
master and backup devices query the local multicast forwarding table and
forward the traffic.

Layer 3 network
Multicast
Receiver
source
ServerB ServerB
IP IP
Network Network
DAD link Backup DAD link

Master Peer-link Peer-link
Master
Multicast
ServerA Receiver ServerA source
Independent Layer 3 link

Multicast traffic Multicast traffic
forwarding from a forwarding from an
network-side multicast access-side multicast
source source
According to multicast traffic forwarding in the preceding figure, an

independent Layer 3 link needs to be configured between M-LAG devices
when the M-LAG forwards multicast traffic, which is different from unicast
traffic forwarding. The reason is that only one uplink exists at the network
side when a fault occurs, and the independent Layer 3 link deployed between
M-LAG master and backup devices can transmit multicast packets. In Figure

Switches
4-10, the network-side link is connected to the M-LAG backup device.

Multicast packets forwarded through a peer-link interface cannot be
forwarded to the specified M-LAG member interface because of unidirectional
isolation, and multicast packets in which the last digit of the multicast group
address is an odd number cannot be forwarded to the M-LAG device where
the master M-LAG member interface resides through the peer-link. Therefore,
the multicast packets can only be forwarded to the M-LAG device through the
independent Layer 3 link.
Figure 4-10 Multicast traffic forwarding when an M-LAG is single-homed to a

Layer 3 network
Multicast
S-2
source
IP
Network
DAD link
Master Backup
Peer-link
S-1 Receiver
Link failure
a network-side multicast source
Independent Layer 3 link
Broadcast Traffic Forwarding

If an M-LAG is connected to an upstream Layer 2 network, traffic from the
Layer 2 network to the M-LAG can only be sent to one device in the M-LAG;
otherwise, a loop may occur. The following uses traffic forwarding on an M-
LAG master device as an example. In Figure 4-11, assume that the M-LAG
uplink interface on the right M-LAG member device is blocked by STP. After
receiving broadcast traffic, the M-LAG master device forwards the traffic to
each next hop. When the traffic reaches the M-LAG backup device, the traffic
is not forwarded to S-1 because of the unidirectional isolation mechanism
between peer-link interfaces and M-LAG member interfaces.

Switches
Figure 4-11 Broadcast traffic forwarding when an M-LAG is connected to a

Layer 2 network
Ethernet
Network
DAD link
Peer-link
Master Backup
S-1 S-2
Blocked interface
Unidirectional isolation
Access-side broadcast traffic
Network-side broadcast traffic

The following uses traffic forwarding on an M-LAG backup device as an
example. In Figure 4-12, the M-LAG backup device forwards received
broadcast traffic to each next hop. When the traffic reaches the M-LAG
master device, the traffic is not forwarded to S-1 because of the unidirectional
isolation mechanism between peer-link interfaces and M-LAG member
interfaces.

Switches
Figure 4-12 Broadcast traffic forwarding when an M-LAG is connected to a

Layer 3 network
IP
Network
DAD link
Peer-link
Master Backup
S-1 S-2
Unidirectional isolation
Broadcast traffic sent by S-1

Broadcast traffic sent by S-2
4.2.6 Traffic Forwarding in M-LAG Failure Scenarios

M-LAG technology improves link reliability from card-level to device-level. If a
fault (link, device, or peer-link fault) occurs, M-LAG ensures that normal services
are not affected. The following describes how M-LAG ensures proper service
running when a fault occurs.

Switches
Uplink Failure
Figure 4-13 Uplink failure
Network Network
Uplink failure
DAD link Backup DAD link Backup

Master
Peer-link Master
Peer-link
S-1 S-1
DAD packets are generally transmitted through the DAD link between
management interfaces. Therefore, DAD between M-LAG master and backup
devices is not affected when an uplink fails. The dual-active system is not affected,
and M-LAG master and backup devices still properly forward traffic. In Figure
4-13, traffic passing the M-LAG master device is forwarded through the peer-link
because the uplink of the M-LAG master device fails.
If the DAD link is on a service network and the faulty uplink is the DAD link, the
M-LAG works properly without being affected. If the peer-link also fails, DAD
cannot be performed and packet loss occurs.

Switches
Downlink Failure
Figure 4-14 Downlink failure
Network Network
Downlink
failure
DAD link Backup DAD link

Master Master
Peer-link Peer-link Backup
S-1 S-1
If a downlink M-LAG member interface fails, the DFS group master and backup
states do not change. However, if the faulty M-LAG member interface is in master
state, the backup M-LAG member interface changes to master state, and traffic is
switched to the corresponding link for transmission. The link of the faulty M-LAG
member interface goes Down, and the dual-homing networking changes to
single-homing networking. The MAC address of the faulty M-LAG member
interface is changed to that of the peer-link interface in corresponding entries.
After the faulty M-LAG member interface recovers, the status of M-LAG member
interfaces is not changed. The backup M-LAG member interface that changes to
the master M-LAG member interface remains in master state, and the original
master M-LAG member interface is in backup state after the fault is rectified. You
can run the display dfs-group dfs-group-id node node-id m-lag command to
view the status of an M-LAG member interface.
Assume that a multicast source is at the network side and a multicast group
member is at the access side. If the M-LAG member interface on the M-LAG
master device fails, the device instructs the remote device to update multicast
entries through M-LAG synchronization packets. M-LAG master and backup
devices do not load balance traffic depending on whether the last digit of the
multicast group address is an odd or even number, and all multicast traffic is
forwarded by the M-LAG backup device on which the M-LAG member interface is
Up. If the M-LAG member interface on the M-LAG backup device fails, multicast
traffic is forwarded similarly.

Switches
M-LAG Master Device Failure
Figure 4-15 M-LAG master device failure
Network Network
M-LAG master
device failure
DAD link Backup DAD link Master

Master Master
Peer-link Peer-link Backup
S-1 S-1
If the M-LAG master device fails, the M-LAG backup device becomes the master
device and continues to forward traffic, and its Eth-Trunk link is still in Up state.
The Eth-Trunk link of the M-LAG master device goes Down, and the dual-homing
networking changes to single-homing networking.
If the M-LAG backup device fails, the M-LAG master and backup status remains
unchanged, and the Eth-Trunk link of the M-LAG backup device goes Down. The
Eth-Trunk link of the M-LAG master device is still in Up state and continues to
forward traffic. The dual-homing networking changes to single-homing
networking.
When a faulty M-LAG member device recovers, the peer-link goes Up first, and the
two M-LAG member devices renegotiate their master and backup roles. After the
negotiation succeeds, the M-LAG member interface on the faulty M-LAG member
device goes Up and traffic is load balanced. Both the M-LAG master and backup
devices retain their original roles after recovering from a fault.

Switches
Peer-Link Failure
Figure 4-16 Peer-link failure
Network Network
Peer-link failure
Master Peer-link Master Peer-link
S-1 S-1
Faulty link
Error-Down interface
If the peer-link fails but the DAD heartbeat status is normal when M-LAG is used
for dual-homing access on a common Ethernet, VXLAN, or IP network, interfaces
excluding the logical interface, management interface, peer-link interface, and
stack interface on the M-LAG backup device enter the Error-Down state by
default. If the peer-link fails but the DAD heartbeat status is normal when M-LAG
is used for dual-homing access on a TRILL network, the M-LAG member interface
on the M-LAG backup device enters the Error-Down state.
When the faulty peer-link recovers, the M-LAG member interface in the Error-
Down state automatically restores to the Up state after 240s by default, and the
other interfaces in the Error-Down state automatically restore to the Up state
immediately.
You can run the dual-active detection error-down mode routing-switch
command to configure logical interfaces to enter the Error-Down state when the
peer-link fails but the DAD heartbeat status is normal in an M-LAG scenario. If the
peer-link fails but the DAD heartbeat status is normal when M-LAG is used for
dual-homing access on a VXLAN or IP network, the VLANIF interface, VBDIF
interface, loopback interface, and M-LAG member interface on the M-LAG backup
device enter the Error-Down state.

Switches
NOTE
After logical interfaces are configured to change to Error-Down state when the peer-link
fails but the DAD heartbeat status is normal in an M-LAG, if a faulty peer-link interface in
the M-LAG recovers, the devices restore VLANIF interfaces, VBDIF interfaces, and loopback
interfaces to Up state 6 seconds after DFS group pairing succeeds to ensure that ARP entry
synchronization on a large number of VLANIF interfaces is normal. If a delay after which
the Layer 3 protocol status of the interface changes to Up is configured, the delay after
which VLANIF interfaces, VBDIF interfaces, and loopback interfaces go Up is the configured
delay plus 6 seconds.
You can run the m-lag unpaired-port suspend and m-lag unpaired-port
reserved commands to flexibly configure whether an interface enters the Error-
Down state when the peer-link fails but the DAD heartbeat status is normal in an
M-LAG scenario. Table 4-4 describes the interfaces in the Error-Down state when
the peer-link fails, the DAD heartbeat status is normal, and the following functions
are configured.
Table 4-4 Interfaces in the Error-Down state when the peer-link fails but the DAD
heartbeat status is normal
Device Configuration M-LAG Access to a Common
Ethernet, VXLAN, or IP Network
Default scenario Interfaces excluding the logical

interface, management interface, peer-
link interface, and stack interface are
in the Error-Down state.
Suspend function enabled only Only the M-LAG member interface

and the interface configured with this
function are in the Error-Down state.
Reserved function enabled only Interfaces excluding the interface

configured with this function, logical
interface, management interface, peer-
link interface, and stack interface are
in the Error-Down state.
Suspend and reserved functions Only the M-LAG member interface

configured and the interface configured with the
suspend function are in the Error-
Down state.

Switches
M-LAG Secondary Faults (Peer-Link and M-LAG Faults)
Figure 4-17 Networking when enhanced DAD for secondary faults is enabled
1 Network Network 2
Peer-link failure
Master Peer-link Master Peer-link
S-1 ter S-1

G mas re
A u
M-L ice fail
d e v
3 4
Network Network
Enhanced DAD
for secondary
faults
Backup Master
DAD link DAD link
Master Peer-link Master Peer-link Backup
S-1 S-1
Faulty link
Interface in Error-
Down state
As shown in scenario 2 in Figure 4-17, if the peer-link fails but the DAD heartbeat
status is normal when M-LAG is used for dual-homing access, some interfaces on
the DFS backup device enter the Error-Down state. In this case, the DFS master
device continues to work. If the DFS master device cannot work because it is
powered off or it restarts due to a fault, both the DFS master and backup devices
cannot forward traffic, as shown in scenario 3 in Figure 4-17.

Switches
In this scenario, enhanced DAD for secondary faults ensures nonstop forwarding
when secondary faults occur, meeting reliability requirements. As shown in Figure
4-17, this function is used to describe different fault phases and triggered
behaviors.
1. Peer-link failure: If the peer-link fails but the DAD heartbeat status is normal,
some interfaces (for details, see Peer-Link Failure) on the DFS backup device
are triggered to enter the Error-Down state. The DFS master device continues
to work.
2. DFS master device failure: If the peer-link fails and the DFS master device
cannot work because it is powered off or it restarts because of a fault, the M-
LAG master and backup devices cannot forward traffic and services are
interrupted.
3. Enhanced DAD for secondary faults enabled: If enhanced DAD for secondary
faults is enabled, the DFS backup device can detect that the DFS master
device fails through the DAD mechanism (because it does not receive any
heartbeat packets from the master device within a certain period). The
backup device then becomes the DFS master device, restores the interfaces in
Error-Down state to the Up state, and forwards traffic.
4. Secondary fault rectification scenario: Faults on the original DFS master
device are rectified and the peer-link failure persists.
– If the LACP M-LAG system ID is switched to the LACP system ID of the
local device within a certain period, the access device selects only one of
the uplinks as the active link during LACP negotiation. The actual traffic
forwarding is normal.
– If the default LACP M-LAG system ID is used, that is, it is not switched,
two M-LAG devices use the same system ID to negotiate with the access
device. Therefore, links to both devices can be selected as the active link.
In this scenario, because the peer-link failure persists, M-LAG devices
cannot synchronize information such as the priority and system MAC
address of each other. As a result, two M-LAG master devices exist, and
multicast traffic forwarding may be abnormal. In this case, as shown in
Figure 4-18, the HB DFS master/backup status is negotiated through
heartbeat packets carrying necessary information for DFS group master/
backup negotiation (such as the DFS group priority and system MAC
address). Some interfaces (for details, see Peer-Link Failure) on the HB
DFS backup device are triggered to enter the Error-Down state. The HB
DFS master device continues to work.
NOTE
If secondary faults occur on the DFS backup device after the peer-link fails, traffic
forwarding is not affected. The DFS master device continues to forward traffic.

Switches
Figure 4-18 Networking when secondary faults are rectified

4
5
Faulty device recovers Network
Network
& peer-link fault
persists
DAD link DFS: DAD link

Master HB DFS: HB DFS:
Backup Master
DFS: Peer-link
Master Peer-link Backup
S-1 S-1
Faulty link DAD packets

Interface in Error-
Down state
4.3 Application Scenarios for M-LAG

M-LAG mainly applies to scenarios where a server or switch is dual-homed to an
Ethernet, Transparent Interconnection of Lots of Links (TRILL), Virtual eXtensible
Local Area Network (VXLAN), or IP network. It provides load balancing and
backup. M-LAG falls into single-level M-LAG and multi-level M-LAG.
Single-level M-LAG
● Connecting a switch in dual-homing mode
As shown in Figure 4-19, to ensure reliability, a switch is connected to a
network to implement link redundancy. MSTP can be deployed to implement
redundancy, but the link use efficiency is low and many bandwidth resources
are wasted. To implement redundancy and improve the link use efficiency,
deploy M-LAG between SwitchA and SwitchB so that the switch can be dual-
homed to SwitchA and SwitchB. SwitchA and SwitchB load balance traffic.
When one device fails, traffic can be rapidly switched to the other device to
ensure nonstop service transmission.

Switches
Figure 4-19 Connecting a switch in dual-homing mode
Ethernet/IP/
TRILL/VXLAN
Network
peer-link
Switch A Switch B
M-LAG
Switch
Server 1 Server 2
● Connecting a server in dual-homing mode

As shown in Figure 4-20, to ensure reliability, a server is often connected to a
network through link aggregation. If the device connected to the server fails,
services are interrupted. To prevent this problem, a server can connect to a
network through M-LAG. That is, deploy M-LAG between SwitchA and
SwitchB and connect the server to SwitchA and SwitchB. SwitchA and SwitchB
load balance traffic. When one device fails, traffic can be rapidly switched to
the other device to ensure nonstop service transmission.
NOTE
The configuration of dual homing a server is the same as common link aggregation
configuration. Ensure that the server and switches use the same link aggregation mode.
The LACP mode at both ends is recommended.

Switches
Figure 4-20 Connecting a server in dual-homing mode
Ethernet/IP/
TRILL/VXLAN
Network
peer-link
Switch A Switch B
M-LAG
Server
Multi-level M-LAG
As shown in Figure 4-21, after M-LAG is deployed between SwitchA and SwitchB,
M-LAG is deployed between SwitchC and SwitchD. The two M-LAGs are
connected. This deployment simplifies networking and allows more servers to be
connected to the network in dual-homing mode. Before deploying multi-level M-
LAG, configure Virtual Spanning Tree Protocol (V-STP).
Figure 4-21 Networking of multi-level M-LAG
Network
Peer-link
SwitchC SwitchD
Peer-link
SwitchA SwitchB
Server

Switches
4.4 Summary of M-LAG Configuration Tasks

You can perform the following M-LAG configurations according to the actual
networking.
Table 4-5 M-LAG configuration tasks

Mode Description Task Configura
tion Notes
Root bridge When the root 1. 4.6.1 Configuring the ● Configu

bridge mode is used Root Bridge and Bridge re the
to configure M-LAG, ID M-LAG
the M-LAG master 2. 4.6.2 Configuring a DFS master
and backup devices Group and
must be used as backup
root bridges and 3. 4.6.3 Configuring M-LAG devices
configured with the Consistency Check as root
same bridge ID on 4. 4.6.4 Configuring an bridges
the STP network so Interface as a Peer-link and
that the two devices Interface configu
are simulated into re the
one root bridge. The 5. 4.6.5 Configuring an M- same
M-LAG master and LAG Member Interface bridge
backup devices are 6. 4.6.6 (Optional) ID for
not affected by the Configuring the Dual- them.
network topology Active Gateway ● STP
change on the Layer 7. 4.6.7 (Optional) must
2 network. Configuring the Interface be
Status When the Peer- disable
Link Fails d on
the
8. 4.6.8 (Optional) Enabling
peer-
Enhanced M-LAG Layer 3
link
Forwarding in an IPv6
interfac
Scenario
e.

Switches
Mode Description Task Configura

tion Notes
V-STP V-STP virtualizes the 1. 4.7.1 Configuring V-STP You must

(recommen M-LAG master and 2. 4.7.2 Configuring a DFS enable STP
ded) backup devices Group on the
enabled with STP peer-link
into one device to 3. 4.7.4 Configuring M-LAG interface
perform STP Consistency Check and
calculation. 4. 4.7.5 Configuring an configure
Interface as a Peer-link global V-
Interface STP.
5. 4.7.6 Configuring an M-
LAG Member Interface
6. 4.7.7 (Optional)
Configuring the Dual-
Active Gateway
7. 4.7.8 (Optional)
Configuring the Interface
Status When the Peer-
Link Fails
8. 4.7.9 (Optional) Enabling
Enhanced M-LAG Layer 3
Forwarding in an IPv6
Scenario
NOTE
● When the root bridge mode is used, two devices that constitute an M-LAG must function as
root bridges on a Layer 2 network and do not support M-LAG cascading in the root bridge
mode.
● When the V-STP mode is used, two devices that constitute an M-LAG can choose not to
function as root bridges on a Layer 2 network. The networking is flexible and the two
devices support M-LAG cascading. V-STP is recommended because it can eliminate loops
caused by incorrect M-LAG configurations or connections.
4.5 Licensing Requirements and Limitations for M-LAG

Involved Network Elements
Other network elements are not required.
License Requirements
M-LAG is a basic function of the switch, and as such is controlled by the license
for basic software functions. The license for basic software functions has been
loaded and activated before delivery. You do not need to manually activate it.

Switches
Version Requirements
Table 4-6 Products and minimum version supporting M-LAG

Product Minimum Version Required
CE8868EI V200R005C10
CE8861EI V200R005C10
CE8860EI V100R006C00
CE8850-32CQ-EI V200R002C50
CE8850-64CQ-EI V200R005C00
CE7850EI V100R005C10
CE7855EI V200R001C00
CE6810EI V100R005C10
CE6810LI V100R005C10
CE6850EI V100R005C10
CE6850HI/CE6850U-HI/ V100R005C10
CE6851HI
CE6855HI V200R001C00
CE6856HI V200R002C50
CE6857EI V200R005C10
CE6860EI V200R002C50
CE6865EI V200R005C00
CE6870-24S6CQ-EI/ V200R001C00
CE6870-48S6CQ-EI
CE6870-48T6CQ-EI V200R002C50
CE6875EI V200R003C00
CE6880EI V200R005C00
CE5880EI V200R005C10
CE5810EI V100R005C10
CE5850EI V100R005C10
CE5850HI V100R005C10
CE5855EI V100R005C10

Switches
NOTE
For details about the mapping between software versions and switch models, see the
Hardware Query Tool.
Feature Dependencies and Limitations

Limitations on M-LAG Establishment
● During M-LAG setup, you must use optical modules or copper transceiver
modules that are certified for Huawei data center switches. If high-speed
cables or active optical cables (AOCs) are used, you must purchase cables
from Huawei. Optical or copper transceiver modules that are not certified for
Huawei Ethernet switches, and cables not purchased from Huawei cannot
ensure transmission reliability and may affect service stability. Huawei is not
liable for any problem caused by the use of optical or copper modules that
are not certified for Huawei data center switches, or cables not purchased
from Huawei, and will not fix such problems.
● The two devices that constitute an M-LAG must use the same model. If one
end is an SVF, the other end must be an SVF. If one end is a CloudEngine
8800, 7800, 6800, and 5800 series switches, the other end must be a
CloudEngine 8800, 7800, 6800, and 5800 series switches. It is recommended
that devices at both ends use the same model and version.
Limitations on Configuring the Root Bridge and V-STP
● The two devices that constitute an M-LAG need to be configured with the
root bridge and bridge ID or V-STP. They are virtualized into one device for
STP calculation to prevent loops.
● When the root bridge mode is used to configure M-LAG, the two devices that
constitute an M-LAG must use the same bridge ID and the highest root
priority so that the devices function as the root nodes.
● When the switch used as the root bridge is configured with M-LAG, the switch
does not support STP multi-process. When the switch is configured with both
V-STP and M-LAG, the switch does not support the MSTP mode or STP multi-
process in versions earlier than V200R002C50; the switch does not support the
MSTP mode but supports the STP multi-process in V200R002C50 and later
versions.
● In V-STP scenarios, configure M-LAG and connect cables according to the
following sequence:
a. Configure V-STP.
b. Configure a DFS group and peer-link interfaces.
c. Use a cable to connect peer-link interfaces of M-LAG master and backup
devices.
d. Configure M-LAG member interfaces and use cables to connect M-LAG
master and backup devices and the user-side host or switching device.
Limitations on Configuring M-LAG Consistency Check
● To ensure that traffic is forwarded normally, the configurations of M-LAG

interfaces with the same M-LAG ID on the master and backup devices must
be consistent.

Switches
● If the M-LAG consistency check mode is set to strict mode and the system
detects that type 1 configurations of the two M-LAG devices are inconsistent,
contact the device administrator to immediately adjust the configurations and
not restart the devices. If type 1 configurations are inconsistent, member
interfaces on the M-LAG backup device enter the Error-Down state and the
alarm about type 1 configuration inconsistency is generated.
If the administrator does not adjust the configurations and restarts the M-
LAG master device, interfaces on the M-LAG backup device may enter the
Error-Down state because of type 1 configuration inconsistency during re-
negotiation between M-LAG devices when the master device is recovering. In
this case, M-LAG member interfaces on the M-LAG master device go Up after
a delay. As a result, both the M-LAG master and backup devices fail to
forward traffic, and services are interrupted.
If M-LAG configuration consistency check is disabled and type 1 and type 2
configurations of M-LAG master and backup devices are inconsistent, traffic
forwarding may be abnormal. You are advised to manually adjust
configurations of M-LAG master and backup devices to ensure that they have
consistent type 1 and type 2 configurations, and enable M-LAG configuration
consistency check.
● If the system software of M-LAG member switches is upgraded from a version
earlier than V200R003C00 to V200R019C10 or a later version, the M-LAG
configuration consistency check fails during the upgrade. If the system
software of M-LAG member switches is upgraded from a version between
V200R003C00 and V200R005C10 to V200R019C10 or a later version, the M-
LAG configuration consistency check is not supported during the upgrade.
After the upgrade is complete, the M-LAG configuration consistency check is
performed.
Limitations on Configuring Dual-Active Gateways
● When the two devices that constitute an M-LAG function as gateways and
servers are single-homed or dual-homed to the two devices, pay attention to
the following points:
– (Recommended) Select the access mode in which the same IP and MAC
addresses are configured for VLANIF and VBDIF interfaces. This mode is
supported in V100R006C00 and later versions. In V200R002C50 and
earlier versions, if the same IP and MAC addresses are configured on two
VLANIF or VBDIF interfaces, the IP and MAC address conflict alarm
hwEthernetARPMACIPConflict is generated. It is normal that this alarm is
generated in this scenario. You can ignore this alarm. To mask this alarm,
run the undo snmp-agent trap enable feature-name arp trap-name
hwethernetarpmacipconflict command to disable the alarm function
for this conflict. After the alarm function for this conflict is disabled, you
cannot detect loops on the network through alarms, and user services
may be interrupted. Exercise caution when performing this operation. In
V200R003C00SPC810 and later versions, if the same IP and MAC
addresses are configured on two VLANIF and VBDIF interfaces, the
conflict alarm is not generated.
– In a data center, if M-LAG dual-active gateways need to be deployed, you
are advised to deploy them by configuring IP addresses and virtual MAC
addresses of VLANIF/VBDIF interfaces, not by configuring VRRP.

Switches
– Configure the M-LAG dual-active gateway in VRRP mode. The gateway

needs to be configured with the same MAC address, otherwise it will
cause failure to learn ARP and continuous traffic loss
● In V200R002C50 and earlier versions, when devices are dual-homed to
gateways through M-LAG, the M-LAG master and backup devices are
configured with many Layer 2 sub-interfaces, and optical interfaces on the M-
LAG master and backup devices are connected to copper transceiver modules,
restarting the M-LAG master or backup device may cause packet loss for a
long time. In this case, you are advised to manually switch traffic to the other
M-LAG device and upgrade and restart the original M-LAG device.
● In an M-LAG single-homing scenario where enhanced M-LAG Layer 3
forwarding is enabled, if VLANIF or VBDIF interfaces on both M-LAG member
devices are configured with different IP addresses, no virtual MAC address can
be configured for the VLANIF or VBDIF interfaces.
Limitations on Configuring DAD
● When configuring an independent dual-active detection link, you are advised

to use main interfaces to establish the dual-active detection link. If a VLANIF
interface is used, ensure that the peer-link interface does not allow packets
from the VLAN to pass through. Otherwise, a loop or MAC address flapping
occurs.
Limitations on Configuring the Peer-Link
● When member interfaces of a peer-link are deployed on the same card, a

fault of the card causes a peer-link fault. To improve reliability, it is
recommended that member interfaces of the peer-link be deployed on
different cards.
Limitations in Fault Scenarios
● When M-LAG faults occur, the convergence performance of Layer 3 traffic is

in direct proportion to the ARP entries learned on the switch and interface. If
there are many ARP entries, the convergence performance is low.
● To prevent STP flapping caused by device restart and peer-link faults and
ensure switching performance, you are advised to set the delay in reporting
the Up event to be at least 30s on the M-LAG interface, peer-link interface,
and other service interfaces. By default, the delay for an M-LAG interface to
report the Up state is 120s in V200R005C00 and earlier versions, and 240s in
V200R005C10 and later versions.
● After a switch restarts or a card resets, the physical status of an interface
changes to Up, but the upper-layer protocol modules do not meet forwarding
requirements, resulting in packet loss. To ensure switching performance, by
default, the delay for an M-LAG interface to report the Up state is 120s in
V200R005C00 and earlier versions, and 240s in V200R005C10 and later
versions. If a delay after which the Layer 3 protocol status changes to Up is
configured on a VLANIF interface, ensure that the delay for an M-LAG
member interface to report the Up event is longer than the delay configured
on the VLANIF interface. Otherwise, triggering of learning for ND entries that
fail to be synchronized depends on ND Miss messages.
● A static MAC address can be configured for an M-LAG member interface in
V200R002C50 and later versions. When the M-LAG member interface fails,

Switches
the MAC address of the faulty M-LAG member interface is changed to that of
a peer-link interface in corresponding entries.
● In V200R005C10 and earlier versions, if a static ARP entry with a specified M-
LAG member interface as the outbound interface is configured in an M-LAG
dual-homing scenario, the outbound interface of the ARP entry cannot be
changed to a peer-link interface when the M-LAG member interface fails. As a
result, traffic cannot be forwarded. Therefore, do not configure a static ARP
entry with a specified M-LAG member interface as the outbound interface in
an M-LAG dual-homing scenario.
● In V200R005C00 and earlier versions, if a static IPv6 neighbor entry with a
specified M-LAG member interface as the outbound interface is configured in
an M-LAG dual-homing scenario, the outbound interface of the entry cannot
be changed to a peer-link interface when the M-LAG member interface fails.
As a result, traffic cannot be forwarded. Therefore, do not configure a static
IPv6 neighbor entry with a specified M-LAG member interface as the
outbound interface in an M-LAG dual-homing scenario. In V200R005C10, you
can enable enhanced M-LAG Layer 3 forwarding on switches except the
CE6810LI, CE5880EI, and CE6880EI to apply for backup FRR resources for all
ND entries with M-LAG member interfaces as outbound interfaces. The
outbound interfaces can be changed to peer-link interfaces to establish active
and standby paths for traffic forwarding. However, FRR resources applied for
static IPv6 peer relationship entries are not released when the M-LAG
member interface goes Down and the corresponding VLANIF interface is still
Up. As a result, the corresponding system resources are not released.
● If an access device is dual-homed to M-LAG master and backup devices
through Layer 2 sub-interfaces and one Layer 2 sub-interface is Down, north-
south traffic cannot be forwarded through the peer-link because of the M-
LAG unidirectional isolation mechanism, resulting in packet loss. In the M-LAG
unidirectional isolation mechanism, if a device is dual-homed to the M-LAG in
active-active mode through main interfaces, all packets excluding Layer 3
known unicast packets from a peer-link interface to an M-LAG member
interface are isolated.
● After logical interfaces are configured to change to Error-Down state when
the peer-link fails but the DAD heartbeat status is normal in an M-LAG, if a
faulty peer-link interface in the M-LAG recovers, the devices restore VLANIF
interfaces, VBDIF interfaces, and loopback interfaces to Up state 6 seconds
after DFS group pairing succeeds to ensure that ARP entry synchronization on
a large number of VLANIF interfaces is normal. If a delay after which the
Layer 3 protocol status of the interface changes to Up is configured, the delay
after which VLANIF interfaces, VBDIF interfaces, and loopback interfaces go
Up is the configured delay plus 6s.
Limitations on Interconnection with an M-LAG
● In M-LAG scenarios, when the switch connects to the Network Attached
Storage (NAS) device or a load balancer, the NAS device or load balancer (for
example, F5 load balancer enabled with Auto Last Hop) does not send an ARP
request message to learn the gateway's MAC address. Instead, the NAS device
or load balancer analyzes data flows from the gateway and uses the source
MAC address in data flows received first as the gateway's MAC address. In this
case, the same MAC address needs to be configured on VLANIF interfaces of
the two switches (switches excluding the CE6870EI and CE6875EI) that
constitute an M-LAG; otherwise, the NAS device or load balancer may fail to

Switches
forward traffic due to the unidirectional isolation mechanism between the

peer-link and M-LAG member interface.
Configuration Notes When M-LAG Is Deployed with Other Services
When M-LAG needs to be configured with multiple other services, some services
may fail to be delivered because of insufficient ACL resources. For services that can
be configured together with M-LAG, see "Using CSS/M-LAG with Other Services"
in CloudEngine Series Switches ACL Technical Special Topic.
The support for service features by M-LAG and the device is similar, but there are
differences which are described in Table 4-7.
Table 4-7 Constraints when M-LAG is used with other features

Feature Configuration Note
Stack Switches can set up a stack, and the stack then can be
used to establish an M-LAG as an independent device.
SVF Switches can set up an SVF system, and the SVF system
then can be used to establish an M-LAG as an independent
device. In an SVF system, M-LAG member interfaces must
be on spine or leaf switches. The interfaces cannot be on
both spine and leaf switches.
VBST M-LAG and VBST cannot be configured together.
QinQ and VLAN The M-LAG is accessed through VLAN mapping and VLAN
Mapping stacking. Layer 3 services, including ARP, ND, and ICMP are
not supported.
CFM M-LAG and CFM cannot be configured together.
GVRP GVRP and M-LAG cannot be configured on an Eth-Trunk

together.
DHCP ● The two devices that constitute an M-LAG cannot be

configured with DHCP snooping.
● The DHCP relay function must be configured on the
two devices that constitute an M-LAG.
● The DHCP server function must be configured on the
two devices that constitute an M-LAG, and addresses in
the address pools of the two devices cannot overlap.

Switches
IP unicast routing ● The two devices that constitute an M-LAG cannot set
up routing neighbor relationships with the devices to be
accessed.
● If two member devices in an M-LAG need to establish a
neighbor relationship, you are advised to manually
configure router IDs on the two M-LAG devices. If the
devices automatically obtain router IDs, the neighbor
relationship may fail to be established due to a router
ID conflict.
● M-LAG member devices function as active-active
gateways. An independent link between M-LAG
member devices is used as the best-effort link and
OSPF is configured. M-LAG member devices import the
direct route of a downstream server connected to the
M-LAG and advertise the route to each other. IP FRR is
configured, and the direct route is specified as the
primary link and the dynamic OSPF route is specified as
the backup link. When a network-side device sends
traffic to the server, the traffic is transmitted along the
backup path on the M-LAG gateways because there is
no ARP entry for the primary link. As a result, a loop
occurs between the M-LAG member devices and the
network-side device cannot access the server. In this
case, you can run the ip ip-prefix ip-prefix-name
[ index index-number ] { permit | deny } ipv4-address
mask-length [ match-network ] [ greater-equal
greater-equal-value ] [ less-equal less-equal-value ]
command on the M-LAG gateways to configure an
OSPF routing policy to permit all routes excluding the
direct route.

Switches
IPv4 multicast In versions earlier than V100R006C00, M-LAG does not

support IPv4 Layer 3 multicast.
An M-LAG set up with standalone switches, stack systems,
or SVF systems supports IPv4 Layer 3 multicast in
V100R006C00 and later versions. Pay attention to the
following points:
● In addition to the peer-link, there must be a direct Layer
3 link between the M-LAG master and backup devices.
STP must be disabled on the interfaces at both ends of
the Layer 3 link.
● The M-LAG master and backup devices must have the
same multicast configuration.
● On the M-LAG master and backup devices, PIM-SM and
IGMP must be enabled on all the VLANIF interfaces that
need to run Layer 3 multicast services, and IGMP
snooping must be enabled in the corresponding VLANs.
● The PIM silent function must be configured on the user-
side interfaces of the M-LAG master and backup
devices.
● If the Layer 3 link is established on a VLANIF interface
of the M-LAG master and backup devices, the VLANIF
interface must run the PIM protocol, and the
corresponding VLAN cannot be allowed on the peer-
link.
● If the peer-link is selected as the optimal link to the RP
or multicast source by the unicast routing protocol,
multicast traffic with the peer-link interface as the
outbound interface may fail to be forwarded. To prevent
this problem, ensure that the Layer 3 link between the
M-LAG master and backup devices has a route cost less
than or equal to the route cost of the peer-link, so that
the Layer 3 link is selected as the optimal route by the
unicast routing protocol.
On the network when the Receiver is dual-homed to an
M-LAG:
● Only the master M-LAG member interface forwards
multicast traffic to the Receiver in versions earlier than
V200R003C00.
● Both the master and backup M-LAG member interfaces
forward multicast traffic to the Receiver, implementing
load sharing in V200R003C00 and later versions. The M-
LAG master and backup devices share load according to
the following rule: If the last decimal number of the
multicast group address is an odd number, such as the
address 225.1.1.1, the master M-LAG member interface
forwards the multicast traffic. If the last decimal
number of the multicast group address is an even

Switches
number, such as the address 225.1.1.2, the backup M-

LAG member interface forwards the multicast traffic.
● If the M-LAG master and backup devices run different
versions, the multicast traffic forwarding rule is subject
to the device running the earlier version.

Switches
IPv6 multicast In versions earlier than V200R003C00, M-LAG does not

support IPv6 Layer 3 multicast.
An M-LAG set up with standalone switches or stack
systems on the CE6870EI and CE6875EI supports IPv6
Layer 3 multicast, and other models do not support IPv6
Layer 3 multicastin V200R003C00 and later versions. Pay
attention to the following points:
● In addition to the peer-link, there must be a direct Layer
3 link between the M-LAG master and backup devices.
STP must be disabled on the interfaces at both ends of
the Layer 3 link.
● The M-LAG master and backup devices must have the
same multicast configuration.
● On the M-LAG master and backup devices, PIM-SM
(IPv6) and MLD must be enabled on all the VLANIF
interfaces that need to run Layer 3 multicast services,
and MLD snooping must be enabled in the
corresponding VLANs.
● The PIM silent (IPv6) function must be configured on
the user-side interfaces of the M-LAG master and
backup devices.
● If the Layer 3 link is established on a VLANIF interface
of the M-LAG master and backup devices, the VLANIF
interface must run the PIM (IPv6) protocol, and the
corresponding VLAN cannot be allowed on the peer-
link.
● If the peer-link is selected as the optimal link to the RP
or multicast source by the unicast routing protocol,
multicast traffic with the peer-link interface as the
outbound interface may fail to be forwarded. To prevent
this problem, ensure that the Layer 3 link between the
M-LAG master and backup devices has a route cost less
than or equal to the route cost of the peer-link, so that
the Layer 3 link is selected as the optimal route by the
unicast routing protocol.
If the Receiver is dual-homed to an M-LAG in
V200R003C00 and later versions:
Both the master and backup M-LAG member interfaces
forward multicast traffic to the Receiver, implementing
load sharing. The M-LAG master and backup devices share
load according to the following rule: If the last
hexadecimal number of the multicast group address is an
odd number, such as the addresses FF1E::1 and FF1E::B, the
master M-LAG member interface forwards the multicast
traffic. If the last hexadecimal number of the multicast
group address is an even number, such as the addresses
FF1E::2 and FF1E::A, the backup M-LAG member interface
forwards the multicast traffic.

Switches
FCoE The M-LAG function is not available if FSB and FCF or FSB
and NPV coexist on the device.
IPSG The two devices that constitute an M-LAG cannot be

configured with IPSG.
VPLS The two devices that constitute an M-LAG cannot be

configured as PE devices.
MPLS/L3VPN For devices that support MPLS and L3VPN, MPLS and
L3VPN cannot be configured on M-LAG member
interfaces.

Switches
VXLAN ● In versions earlier than V200R003C00, Layer 2 sub-

interfaces that use the QinQ traffic encapsulation type
cannot be configured with M-LAG together. In
V200R003C00 and later versions, M-LAG can be
configured with termination QinQ Layer 2 sub-
interfaces and cannot be configured with transparent
transmission QinQ Layer 2 sub-interfaces.
● A switch configured with M-LAG does not support
segment VXLAN for Layer 2 DCI.
● In V200R019C10 and earlier versions, for the CE5880EI
and CE6880EI, the function of configuring a VXLAN
tunnel over an IPv6 underlay network and the M-LAG
function are mutually exclusive and cannot be deployed
on the same switch.
● When VXLAN dual-active access is configured and the
gateways work in loopback mode in a distributed
gateway scenario, the NVE interfaces of different M-
LAG systems on the network must be configured with
different MAC addresses. For example, if devices A and
B establish M-LAG system 1 and devices C and D
establish M-LAG system 2, the NVE interfaces of M-LAG
systems 1 and 2 must be configured with different MAC
addresses.
● If active-active gateways are configured on VBDIF
interfaces when a switch is connected to a VXLAN
network, the VRRP or VRRP6 mode cannot be used.
● Currently, M-LAG member devices synchronize packets
through UDP. The default UDP port number is 1025,
which is different from the UDP port number
configured for the all-active gateway neighbor in the
DFS group view. If the two UDP port numbers conflict,
you can run the source ip ip-address [ vpn-instance
vpn-instance-name ] [ peer peer-ip-address [ udp-port
port-number ] ] or source ipv6 ipv6-address [ vpn-
instance vpn-instance-name ] [ peer peer-ipv6-address
[ udp-port port-number ] ] command to change the
UDP port number bound to the DFS group, or run the
udp port port-number command to change the UDP
port number configured for the all-active gateway
neighbor.
Storm control You are not advised to configure storm control for
multicast packets on physical member interfaces of a peer-
link. Otherwise, M-LAG synchronization packets may be
suppressed, resulting in abnormal forwarding of data
packets in the M-LAG system.

Switches
Port security ● After port security is configured on a port, dynamic

MAC addresses learned by the port are changed to
secure dynamic MAC addresses or sticky MAC
addresses. Secure dynamic MAC addresses and sticky
MAC addresses are static MAC addresses and cannot be
synchronized through peer-link interfaces on the two
M-LAG member devices.
● When port security is configured on the M-LAG
interfaces through which a device is dual-homed, the
secure dynamic MAC addresses or sticky MAC addresses
on the two M-LAG member devices may be different.
BFD ● Only the CE6857EI, CE6865EI, CE8861EI, and CE8868EI

can establish BFD sessions with connected devices
through M-LAG member interfaces.
● If a device establishes a BFD session with a connected
device through the M-LAG member interface, and the
two M-LAG member devices synchronize BFD protocol
packets through peer-link interfaces, BFD protocol
packets enter the interface queue with the priority of 6
for forwarding. If service packets enter the interface
queue with the priority of 7 for forwarding and the
interface uses the default PQ scheduling mode, the BFD
session flaps because BFD protocol packets are
discarded when the service packets arrive at the
interface at the 100% output link rate within a period
of time. If other protocol packets are forwarded through
peer-link interfaces, the packets may also be discarded
due to the scheduling priority problem.
Ping and tracert When an M-LAG member device pings or tracerts an

access device, the ping or tracert fails. In V200R019C10
and later versions, an M-LAG member device can ping an
access device, but a tracert may still fail.
4.6 Configuring M-LAG Through the Root Bridge

When the root bridge mode is used to configure M-LAG, the M-LAG master and
backup devices must be used as root bridges and configured with the same bridge
ID on the STP network so that the two devices are simulated into one root bridge.
The M-LAG master and backup devices are not affected by the network topology
change on the Layer 2 network.

Switches
4.6.1 Configuring the Root Bridge and Bridge ID
Context
When the root bridge mode is used to configure M-LAG, the M-LAG master and
backup devices must be used as root bridges and configured with the same bridge
ID on the STP network so that the two devices are simulated into one root bridge.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run stp [ instance instance-id ] root primary
The device is configured as the root bridge.
By default, a switch does not function as the root bridge of any spanning tree.
After the configuration is complete, the priority of the device is 0 and cannot be
changed.
If instance is not specified, the device is the root bridge in instance 0.
Step 3 Run stp bridge-address mac-address
The MAC address of the device that participates in spanning tree calculation is
specified.
By default, the device's MAC address is the bridge MAC address of the device that
participates in spanning tree calculation. You are advised to use the smaller MAC
address of the M-LAG master and slave device as the bridge MAC address for
spanning tree calculation.
Step 4 Run commit
The configuration is committed.
----End
4.6.2 Configuring a DFS Group
Context
A Dynamic Fabric Service (DFS) group is used for device pairing. A DFS group
needs to be bound to an IP address so that DFS master and backup devices can
exchange Dual-Active Detection (DAD) packets. The bound IP address is used for
communication with the remote end.
When a device is dual-homed to PEs on an Ethernet, a VXLAN, or an IP network,

you need to bind the DFS group to an IP address. Ensure that IP addresses have
been configured for Layer 3 interfaces on the two PEs and the two PEs can
communicate. If the device is connected to a VPN network, you also need to bind
the DFS group to a VPN instance. Ensure that the VPN instance has been created
on the device.

Switches
Procedure
Step 2 Run dfs-group dfs-group-id
A DFS group is created and its view is displayed, or the view of an existing DFS
group is displayed.
Step 3 Bind the DFS group to an IP address based on the actual scenario.
bind the DFS group to an IP address. Run either of the following commands. The
commands cannot be configured simultaneously.
● Run source ip ip-address [ vpn-instance vpn-instance-name ] [ peer peer-ip-
address [ udp-port port-number ] ]
The DFS group is bound to an IPv4 address and a VPN instance.
● Run source ipv6 ipv6-address [ vpn-instance vpn-instance-name ] [ peer
peer-ipv6-address [ udp-port port-number ] ]
Assume that the heartbeat IP address and UDP port number of the peer device are
specified when the heartbeat IP address for communication bound to a DFS group
is configured. When the configuration takes effect, the two M-LAG devices
immediately start to send and receive heartbeat packets and negotiate the HB
DFS master/backup status. In scenarios where enhanced DAD for secondary faults
is enabled, if faults on the original DFS master device are rectified and the peer-
link fault persists, the corresponding interfaces on the backup device are triggered
to enter the Error-Down state based on the HB DFS master/backup status. This
mechanism prevents abnormal traffic forwarding in the scenario where two
master devices exist and improves device reliability.
Step 4 (Optional) Run priority priority
The priority of the DFS group is set.
The priority of a DFS group is used for master/backup negotiation between two
devices. A larger value indicates a higher priority of the device. The device with a
higher priority is the master device.
If the priorities of two devices are the same, the device with a smaller MAC
address is the master device.
By default, the priority of a DFS group is 100.
Step 5 (Optional) Run m-lag up-delay value [ auto-recovery interval interval-time ]
The delay for the M-LAG member interface to report the Up event is set.
To ensure the revertive switching performance, the default delay for the M-LAG
member interface to report the Up event is 240s, and the automatic recovery
interval is not configured in scenarios such as switch restart, card reset, or peer-
link fault recovery.
Step 6 (Optional) Run set lacp system-id switch-delay { switch-delay-time |
immediately }

Switches
The delay in switching the LACP M-LAG system ID is set.

By default, the LACP M-LAG system ID is not switched. The immediately
parameter indicates that the LACP M-LAG system ID is switched immediately.
When the value of the switch-delay-time parameter is 0, the LACP M-LAG system
ID is not switched.
Step 7 (Optional) Run authentication-mode hmac-sha256 password password
The authentication mode and password of DFS group synchronization packets are
configured.
By default, the authentication mode of DFS group synchronization packets is not
configured.
Step 8 (Optional) Run dfs-master led enable
The stack status indicator is enabled to display the DFS group master and backup
status.
By default, the stack status indicator does not display the DFS group master and
backup status.
After the stack status indicator is enabled to display the DFS group master and
backup status, the stack status indicator on the DFS master device is steady on
and that on the DFS backup device is off.
Step 9 (Optional) Run dual-active detection error-down { delay delay-time | disable }
The action of changing interfaces excluding the management interface, peer-link
interface, and stack interface on the backup device to Error-Down state when the
peer-link fails but the DAD heartbeat status is normal is disabled or delayed.
By default, interfaces excluding the management interface, peer-link interface, and
stack interface on the backup device change to Error-Down state when the peer-
link fails but the DAD heartbeat status is normal.
When an access device is single-homed to M-LAG master and backup devices
using Layer 3 access mode, traffic forwarding on the backup device is not affected
in a dual-active scenario where the peer-link fails but the DAD heartbeat status is
normal. To prevent packet loss, you can run the dual-active detection error-
down command to disable or delay the action of changing interfaces excluding
the management interface, peer-link interface, and stack interface on the backup
device to Error-Down state when the peer-link fails but the DAD heartbeat status
is normal.
When an access device is connected to M-LAG master and backup devices using
M-LAG dual-homing access mode or Layer 2 access mode, you cannot disable or
delay the Error-Down action.
Step 10 (Optional) Run dual-active detection enhanced enable
Enhanced DAD for secondary faults is enabled.
On a dual-homing network where M-LAG is deployed, when the peer-link fails but
the DAD status is normal, some interfaces on the DFS backup device enter the
Error-Down state. In this case, the DFS master device continues to work. When the
DFS master device cannot work because it is powered off or it restarts, the M-LAG
master and backup devices cannot forward traffic.

Switches
In this case, enhanced DAD for secondary faults can be enabled. When the peer-
link fails and secondary faults occur, the DFS backup device detects the fault on
the DFS master device and restores the interfaces in Error-Down state to forward
traffic. This ensures nonstop transmission when secondary faults occur.
If the peer-link fault persists after secondary faults are rectified, two master
devices may exist. It is recommended that you specify the IP address of the peer
device when configuring the IP address bound to the DFS group. In this case, if the
peer-link fault persists after the faulty device recovers, the corresponding
interfaces on the HB DFS backup device are triggered to enter the Error-Down
state, preventing abnormal traffic forwarding in the scenario where two master
devices exist.
Step 11 (Optional) Run dual-active detection error-down mode routing-switch
Logical interfaces are configured to enter the Error-Down state when the peer-link
fails but the DAD status is normal in an M-LAG scenario.
By default, logical interfaces are not triggered to enter the Error-Down state when
the peer-link fails but the DAD status is normal in an M-LAG scenario. On a dual-
homing TRILL network where M-LAG is deployed, when the peer-link fails but the
DAD status is normal, the M-LAG interface on the backup device enters the Error-
Down state. On a dual-homing Ethernet or IP network where M-LAG is deployed,
when the peer-link fails but the DAD status is normal, physical interfaces except
the logical interface, interface configured with m-lag unpaired-port reserved,
management interface, peer-link interface, and stack interface on the backup
device all enter the Error-Down state.
On the IP or VXLAN network where M-LAG is deployed, when the dual-active

detection error-down mode routing-switch command is used, only VLANIF
interfaces, VBDIF interfaces, loopback interfaces, and M-LAG member interfaces
are triggered to enter the Error-Down state.
NOTE
Step 12 (Optional) Run peer-link mac-address remain enable
The system is configured not to trigger the remote M-LAG device to delete the
corresponding MAC address on the peer-link interface under certain conditions.
By default, the system triggers the remote M-LAG device to delete the
Step 13 Run commit
----End

Switches
4.6.3 Configuring M-LAG Consistency Check
Prerequisites
The DFS group between two devices in the M-LAG has been paired successfully
and the master and backup states have been negotiated.
Context
normal.

generated.


STP working mode
Whether BPDU

and MSTIs
NOTE
0.

interface view

Switches

is enabled
LACP mode
Static MAC address

entries
entry in which the
member interface
entry of a VXLAN
tunnel

MAC address entries

Switches
Static ARP entries

entries
● Long static ARP
entries
– If outbound
interfaces are
specified in static
ARP entries, only
the static ARP
entries in which
the outbound
interfaces are M-
LAG member
interfaces are
checked.
– If the VLANs to
which static ARP
entries belong are
specified, the VLAN
IDs are compared.
– If outbound
interfaces and the
VLANs to which
static ARP entries
belong are
ARP entries in
which the
outbound
interfaces are M-
LAG member
interfaces and the
VLAN IDs are
compared.
an IPv4 VXLAN
tunnel

Switches

NOTE
an M-LAG member
VPN instance or the
VLANIF interface
static ARP entry.

ARP entries
Bridge Domain (BD)

configuration
● BD ID
the BD
VBDIF interface
configuration
● BD ID
● IPv4 address
● IPv6 address
● VRRP4 group
● MAC address
● Status
NOTE
default.
the preceding

Switches
VLANIF interface
configuration
● VLAN ID
● IPv4 address
● IPv6 address
● VRRP4 group
● VRRP6 group
● MAC address
● Status
NOTE
default.
down, the preceding

interface view
VLAN ID
Parameters
Number of member
belongs
NOTE
Only the numbers of
Procedure
● Configure M-LAG consistency check.
a. Run system-view
b. Run dfs-group dfs-group-id

Switches
A DFS group is created and its view is displayed, or the view of an

existing DFS group is displayed.
c. Run consistency-check enable mode { strict | loose }
M-LAG consistency check is enabled and a check mode is specified.
By default, M-LAG consistency check is disabled.
d. Run commit
● Check the M-LAG consistency check status and configuration of devices in the
M-LAG.
– Run the display dfs-group command to check the M-LAG consistency
check result.
– Run the display dfs-group consistency-check { global | interface m-lag
m-lag-id | static-arp | static-mac } command to check the configuration
of M-LAG master and backup devices.
– Run the display dfs-group consistency-check status command to
display the running status of M-LAG consistency check.
----End
Exception Handling
● In loose mode, if the key or common configuration of two devices in the M-
LAG is inconsistent, either of the following alarms is triggered:
"ETRUNK_1.3.6.1.4.1.2011.5.25.178.8.2.1 hwMLagConsistencyCheckType1" and
"ETRUNK_1.3.6.1.4.1.2011.5.25.178.8.2.3 hwMLagConsistencyCheckType2".
When the configuration of two devices in the M-LAG is adjusted, M-LAG
consistency check is successful and the alarm is cleared.
● In strict mode, if the key configuration of two devices in the M-LAG is
Down state and the alarm about key configuration inconsistency is generated:
The device records the status of an interface as Error-Down when it detects
that a fault occurs. The interface in Error-Down state cannot receive or send
packets and the interface indicator is off. You can run the display error-down
recovery command to check information about all interfaces in Error-Down
state on the device.
When the interface enters the Error-Down state, adjust the configuration of
M-LAG master and backup devices. You are not advised to manually restore
the interface or run the error-down auto-recovery cause m-lag interval
interval-value command in the system view to enable the interface to go Up
automatically. Otherwise, excess packets, packet loss, or forwarding failure
may occur. Exercise caution when you perform the preceding operation.
If the M-LAG consistency check mode is set to strict mode and the system
it is recommended that the device administrator immediately adjust the
configurations, and it is not recommended that the device administrator
restart the devices. If type 1 configurations are inconsistent, member

Switches
----End
4.6.4 Configuring an Interface as a Peer-link Interface
Context
A peer-link is a direct aggregated link between two devices configured with M-
LAG. It is used to exchange protocol packets and transmit some traffic, and
ensures normal running of M-LAG.
Prerequisites
The direct link between two devices configured with M-LAG has been configured
as an aggregated link.
Procedure
Step 2 Run interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
Step 3 Run trunkport interface-type { interface-number1 [ to interface-number2 ] } &<1-

n>
A member interface is added to the Eth-Trunk.
When you add member interfaces to an Eth-Trunk in a batch, if one interface

cannot be added to the Eth-Trunk, all subsequent interfaces in the batch cannot
be added to the Eth-Trunk, either.
NOTE
For the CE5810EI, the value of n is 8. For the CE5880EI and CE6880EI, the value of n is 64. For
other models, the value of n depends on the assign forward eth-trunk mode command.
Step 4 Run mode lacp-static
The Eth-Trunk is configured to work in static LACP mode.
By default, an Eth-Trunk works in manual load balancing mode. To ensure M-LAG

reliability, you are advised to configure the Eth-Trunk to work in static LACP mode.

Switches
Step 5 Run undo stp enable

STP is disabled on the interface.
By default, STP is enabled on an interface.
NOTE
STP needs to be disabled because two devices need to be simulated into one STP root bridge
and the directly connected interface cannot be blocked.
Step 6 Run peer-link peer-link-id

The interface is configured as a peer-link interface.
By default, no interface is configured as a peer-link interface.
● An interface configured as a peer-link interface joins all VLANs by default.
● An interface configured as a peer-link interface cannot be configured with any
service.
● If the ERPS control VLAN, TRILL carrier VLAN, Super-VLAN, or FCoE VLAN
needs to be configured, perform Step 7 to remove the peer-link interface
from the control VLAN, carrier VLAN, Super-VLAN, or FCoE VLAN. Otherwise,
the control VLAN, carrier VLAN, Super-VLAN, or FCoE VLAN cannot be
configured.
● If the network-side VLANIF interface is configured, perform Step 7 to remove
the peer-link interface from the VLAN. Otherwise, heartbeat detection may
take ineffective.
Step 7 (Optional) Run port vlan exclude { { vlan-id1 [ to vlan-id2 ] } &<1-10> }
The VLANs not allowed by the peer-link interface are specified.
By default, no allowed VLAN is specified on a peer-link interface.
Step 8 Run commit
----End
4.6.5 Configuring an M-LAG Member Interface

Prerequisites
The links between a user-side device and two devices configured with M-LAG have
been configured as aggregated links. To improve reliability and prevent incorrect
configurations or loops during M-LAG configuration, you are advised to configure
Procedure
● When the Eth-Trunk works in manual load balancing mode, perform the
following operations.
a. Run system-view

Switches
b. Run interface eth-trunk trunk-id

c. Run trunkport interface-type { interface-number1 [ to interface-
number2 ] } &<1-n>
When you add member interfaces to an Eth-Trunk in a batch, if one
interface cannot be added to the Eth-Trunk, all subsequent interfaces in
the batch cannot be added to the Eth-Trunk, either.
NOTE
For the CE5810EI, the value of n is 8. For the CE5880EI and CE6880EI, the value of n
is 64. For other models, the value of n depends on the assign forward eth-trunk
mode command.
d. Run dfs-group dfs-group-id m-lag m-lag-id
The Eth-Trunk is bound to a DFS group, that is, the Eth-Trunk is
configured as an M-LAG member interface.
NOTE
The two devices configured with M-LAG must use the same M-LAG ID.
e. Run commit
● (Recommended) When the Eth-Trunk works in LACP mode, perform the
a. Run system-view
number2 ] } &<1-n>
NOTE
mode command.

d. Run mode { lacp-static | lacp-dynamic }
The Eth-Trunk is configured to work in LACP mode.
e. Run dfs-group dfs-group-id m-lag m-lag-id

Switches
NOTE
f. (Optional) Configure the LACP M-LAG system priority and system ID.
▪ Run the quit command to exit from the Eth-Trunk interface view.
NOTE
After the DFS pairing succeeds in V200R001C00 and later versions, the
master device automatically synchronizes its LACP M-LAG system priority
and system ID to the backup device. The M-LAG member interface of the
backup device uses the synchronized LACP M-LAG system priority and
system ID to perform LACP negotiation. You do not need to manually
configure the LACP M-LAG system priority and system ID.
▪ Run the lacp m-lag priority priority command to set the LACP M-
LAG system priority.
The default LACP M-LAG system priority is 32768.
○ The LACP M-LAG system priority is valid for the M-LAG
composed of an Eth-Trunk in LACP mode, whereas the LACP
system priority configured by the lacp priority command is valid
for an Eth-Trunk in LACP mode.
○ The LACP M-LAG system priority configured in the Eth-Trunk
interface view takes effect only on the Eth-Trunk. When DFS
pairing succeeds, the M-LAG master device does not synchronize
the LACP M-LAG system priority of the Eth-Trunk to the M-LAG
backup device. Therefore, the LACP M-LAG system priority of an
Eth-Trunk must be configured on both the M-LAG master and
backup devices and be the same.
▪ Run the lacp m-lag system-id mac-address command to set the

LACP M-LAG system ID.
By default, the LACP M-LAG system ID in the system view is the MAC
address of the Ethernet interface on the MPU.
○ The LACP M-LAG system ID is valid for the M-LAG composed of
an Eth-Trunk in LACP mode.
○ The LACP M-LAG system ID configured in the Eth-Trunk
the LACP M-LAG system ID of the Eth-Trunk to the M-LAG
backup device. Therefore, the LACP M-LAG system ID of an Eth-
Trunk must be configured on both the M-LAG master and
○ You are advised to use the smaller MAC address on the M-LAG
master and backup devices as the LACP M-LAG system ID.
g. Run commit
----End

Switches
4.6.6 (Optional) Configuring the Dual-Active Gateway

Prerequisites
The M-LAG member interface has been added to the corresponding VLAN, or the
Layer 2 sub-interface of the Eth-Trunk to which the M-LAG member interface
belongs has been added to the corresponding BD.
Context
On a dual-homing IP or VXLAN network, both the M-LAG master and backup
devices need to function as Layer 3 gateways. In this case, VLANIF/VBDIF
interfaces corresponding to M-LAG member interfaces must have the same IP
address and MAC address. You can configure the same IP address and run the
mac-address command to configure the same virtual MAC address for the
VLANIF/VBDIF interfaces.
Procedure
● Configure an IP address and a MAC address for a VLANIF/VBDIF interface to
implement dual-active gateway.
a. Run system-view
b. Run interface { vlanif vlan-id | vbdif bd-id }
The VLANIF or VBDIF interface view is displayed.
c. Configure an IP address for the interface:
▪ On IPv4 networks, run ip address ip-address { mask | mask-length }

[ sub ]
An IPv4 address is configured for the VLANIF/VBDIF interface.
▪ On IPv6 networks, perform the following operations:

1) Run ipv6 enable
IPv6 is enabled for the VLANIF/VBDIF interface.
2) Run ipv6 address { ipv6-address prefix-length | ipv6-address/
prefix-length }
Or run ipv6 address { ipv6-address prefix-length | ipv6-address/
prefix-length } eui-64
A global unicast address is configured for the VLANIF/VBDIF
interface.
An IP address is assigned to the VLANIF/VBDIF interface.
By default, no IP address is configured for an interface.
VLANIF/VBDIF interfaces corresponding to M-LAG member interfaces of
M-LAG master and backup devices must be configured with the same IP
address.
d. Run mac-address (VLANIF interface view) mac-address
Or run mac-address (VBDIF interface view) mac-address

Switches
A virtual MAC address is configured for the VLANIF/VBDIF interface.

By default, the MAC address of a VLANIF/VBDIF interface must be the
same as the system MAC address.
M-LAG master and backup devices must be configured with the same
virtual MAC address.
e. (Optional) Run protocol up-delay-time time-value
The delay before the Layer 3 protocol status of an interface can go Up is
set.
By default, the delay before the Layer 3 protocol status of a VLANIF
interface can go Up is 1s. When there are many ARP entries, the delay is
increased.
When the faulty device or peer-link recovers, many ARP entries need to
be synchronized in a batch. You can configure the delay so that the
protocol status of the interface goes Up after ARP entries are
synchronized. This prevents protocol packets from being discarded,
reduces the packet loss during link recovery, and improves convergence
performance.
NOTE
After a switch restarts or a card resets, the physical status of an interface

requirements, resulting in packet loss. To ensure the revertive switching
performance, the default delay for an M-LAG member interface to report the Up
event is 240 seconds. If a delay after which the Layer 3 protocol status changes
to Up is configured on a VLANIF interface, ensure that the delay for an M-LAG
member interface to report the Up event is longer than the delay configured on
the VLANIF interface. Otherwise, triggering of learning for ND entries that fail to
be synchronized depends on ND Miss messages.
f. Run commit
● NOTE
a.
----End

Switches
4.6.7 (Optional) Configuring the Interface Status When the

Peer-Link Fails
Context
On a dual-homing Ethernet, VXLAN, or IP network where M-LAG is deployed,
when the peer-link fails but the DAD status is normal, interfaces except the
device all enter the Error-Down state. When the faulty peer-link is restored, the M-
LAG interface in Error-Down state goes Up after 240 seconds by default and other
interfaces in Error-Down state go Up automatically.
In practice, uplink interfaces running routing protocols or DAD-enabled heartbeat

interfaces should not enter the Error-Down state. You can configure the interface
whether to enter the Error-Down state according to the actual situation.
Table 4-9 describes the Error-Down state of interfaces when the peer-link fails but
the DAD status is normal.
Table 4-9 Error-Down state of interfaces when the peer-link fails but the DAD
status is normal
Device Configuration Ethernet, VXLAN, or IP Network

Where M-LAG Is Deployed
Default setting Interfaces except the management

interface, peer-link interface, and stack
interface on the backup device all
enter the Error-Down state.
Device where m-lag unpaired-port Only the M-LAG member interface

suspend is configured and the interface configured with m-
lag unpaired-port suspend are in
Error-Down state.
Device where m-lag unpaired-port Interfaces except the interface

reserved is configured configured with m-lag unpaired-port
reserved, management interface,
peer-link interface, and stack interface
on the backup device all enter the
Error-Down state.
Device where both m-lag unpaired- Only the M-LAG member interface
port suspend and m-lag unpaired- and the interface configured with m-
port reserved are configured lag unpaired-port suspend are in
Error-Down state.
Procedure

Switches
Step 2 Run interface interface-type interface-number

The interface view is displayed.
Step 3 Run m-lag unpaired-port reserved
The interface is configured not to enter the Error-Down state when the peer-link
fails but the DAD status is normal.
● You can configure m-lag unpaired-port suspend on other interfaces of the
backup device so that the specified interface is configured to automatically
enter the Error-Down state when the peer-link fails but the DAD status is
normal.
● You are advised to configure this command on interfaces of both the M-LAG
master and slave devices, so the Error-Down state of interfaces is consistent
after an active/standby switchover of the M-LAG master and backup devices.
● This command cannot be configured on the peer-link interface and M-LAG
member interfaces.
Step 4 Run commit
----End
4.6.8 (Optional) Enabling Enhanced M-LAG Layer 3

Forwarding in an IPv6 Scenario
Context
To speed up convergence when an M-LAG member interface fails in an IPv6
scenario, you can enable enhanced M-LAG Layer 3 forwarding so that backup FRR
resources are requested for all ND entries with M-LAG member interfaces as
outbound interfaces. Active and standby paths are established for traffic
forwarding on downlink outbound interfaces. If an M-LAG member interface fails,
the outbound interface can be quickly changed to a peer-link interface.
NOTE
CE6810LI, CE5880EI, and CE6880EI switches do not support enhanced M-LAG Layer 3
forwarding in an IPv6 scenario.
Procedure
Step 2 Run m-lag forward layer-3 enhanced enable
Enhanced M-LAG Layer 3 forwarding is enabled in an IPv6 scenario.
By default, enhanced M-LAG Layer 3 forwarding is disabled in an IPv6 scenario.
After enhanced M-LAG Layer 3 forwarding is enabled in an IPv6 scenario, backup
FRR resources are requested for all ND entries with M-LAG member interfaces as
outbound interfaces. The outbound interfaces can be changed to peer-link

Switches
interfaces to establish active and standby paths for traffic forwarding. If the FEI
side detects that an M-LAG member interface fails, dual-homing networking is
changed to single-homing networking. The next hop in the corresponding ND
entry is changed from the M-LAG member interface to the peer-link interface. This
improves the switchover performance when faults occur.
NOTE
● After enhanced M-LAG Layer 3 forwarding is enabled in an IPv6 scenario, the active and
standby paths may fail to be delivered due to increased next-hop resource consumption.
As a result, packet loss occurs.
● After enhanced M-LAG Layer 3 forwarding is enabled in an IPv6 scenario, the TTL value
decreases by 1 on the M-LAG master and backup devices because packets are forwarded
inside the M-LAG.
● After enhanced M-LAG Layer 3 forwarding is enabled, you need to configure an Eth-
Trunk interface to clear all the learned ND entries when the Eth-Trunk joining in or
being removed from M-LAG. This prevents the upper-layer protocol module from
detecting the waste of FRR resources caused by the change of M-LAG member
interfaces.
● After enhanced M-LAG Layer 3 forwarding is enabled, you can disable this function only
after 300s. After enhanced M-LAG Layer 3 forwarding is disabled, you can enable this
function only after 300s.
Step 3 Run commit

----End
4.6.9 Verifying the Configuration of M-LAG Configured

Through the Root Bridge
Procedure
● Run the display dfs-group dfs-group-id [ node node-id m-lag [ brief ] |
peer-link ] command to check M-LAG information.
----End
Follow-up Procedure
After M-LAG is configured, if the peer-link fails but the heartbeat status is normal,
some interfaces on the backup device will enter the Error-Down state. The device
records the status of an interface as Error-Down when it detects that a fault
occurs. The interface in Error-Down state cannot receive or send packets and the
interface indicator is off. You can run the display error-down recovery command
to check information about all interfaces in Error-Down state on the device.
When M-LAG is used for dual-homing to an Ethernet, VXLAN network, or IP
network and the peer-link fails but the heartbeat is normal, all physical interfaces
except the management interface, peer-link interface, and stack interface on the
backup device will enter the error-down state. When the peer-link recovers, the M-
LAG interface in Error-Down state becomes Up after 240 seconds by default, and
the physical interfaces in Error-Down state are restored to Up state.
When the interface enters the Error-Down state, locate the cause. You are not
advised to manually restore the interface or run the error-down auto-recovery

Switches
cause m-lag interval interval-value command in the system view to enable the
interface to go Up automatically. Otherwise, packet loss or forwarding failure may
occur. Exercise caution when you perform the preceding operation.
4.7 Configuring M-LAG Through V-STP

(Recommended)
V-STP virtualizes the M-LAG master and backup devices enabled with STP into one
device to perform STP calculation.
4.7.1 Configuring V-STP
Context
Virtual Spanning Tree Protocol (V-STP) is a Layer 2 topology management feature
and virtualizes two STP-enabled devices into one device to perform STP
calculation.
STP can detect the M-LAG master or backup status. After V-STP is enabled on the
M-LAG master and backup devices and M-LAG master/backup negotiation is
successful, two devices are virtualized into one device for port role calculation and
fast convergence. STP needs to synchronize the bridge information and instance
priority of the M-LAG master and backup devices. After M-LAG master/backup
negotiation is successful, the backup device uses the bridge MAC address and
instance priority that is synchronized from the master device for STP calculation
and packet transmission. This ensures STP parameter calculation on the virtualized
device.
V-STP can be only applicable to M-LAG networking. It can be used in multi-level

M-LAG interconnection scenarios and scenarios where devices in the M-LAG
function as non-root-bridges.
When configuring V-STP, ensure that the STP/RSTP timer settings on the two
devices that constitute an M-LAG be the same. Otherwise, network flapping may
occur.
Procedure
Step 2 Run stp mode { stp | rstp }
The switch is configured to work in STP or RSTP mode.
By default, the switch works in MSTP mode.
V-STP does not support the MSTP mode, and supports multi-process. By default,
an MSTP process works in MSTP mode. Currently, only STP and RSTP modes are
supported in V-STP scenarios. The MSTP process therefore must be configured to
work in STP or RSTP mode in V-STP scenarios.

Switches
Step 3 (Optional) Run stp bridge-address mac-address

The bridge MAC address used in spanning tree participation is configured.
By default, the switch's MAC address is the bridge MAC address of the switch that
participates in spanning tree calculation.
To prevent STP network flapping caused by switch restart or DFS active/standby
switchover and ensure revertive switching performance, you are advised to set a
larger bridge MAC address for the switch in DFS backup state when the M-LAG
master and backup devices have the same priority.
Step 4 Run stp v-stp enable
V-STP is enabled on an M-LAG device.
By default, V-STP is disabled on an M-LAG device.
Step 5 Run commit
----End
4.7.2 Configuring a DFS Group

Context
A Dynamic Fabric Service (DFS) group is used for device pairing. A DFS group
needs to be bound to an IP address so that DFS master and backup devices can
exchange Dual-Active Detection (DAD) packets. The bound IP address is used for
communication with the remote end.
you need to bind the DFS group to an IP address. Ensure that IP addresses have
been configured for Layer 3 interfaces on the two PEs and the two PEs can
communicate. If the device is connected to a VPN network, you also need to bind
the DFS group to a VPN instance. Ensure that the VPN instance has been created
on the device.
Procedure
Step 2 Run dfs-group dfs-group-id
A DFS group is created and its view is displayed, or the view of an existing DFS
group is displayed.
Step 3 Bind the DFS group to an IP address based on the actual scenario.
bind the DFS group to an IP address. Run either of the following commands. The
commands cannot be configured simultaneously.
● Run source ip ip-address [ vpn-instance vpn-instance-name ] [ peer peer-ip-
address [ udp-port port-number ] ]

Switches

● Run source ipv6 ipv6-address [ vpn-instance vpn-instance-name ] [ peer
peer-ipv6-address [ udp-port port-number ] ]
Assume that the heartbeat IP address and UDP port number of the peer device are
specified when the heartbeat IP address for communication bound to a DFS group
is configured. When the configuration takes effect, the two M-LAG devices
immediately start to send and receive heartbeat packets and negotiate the HB
DFS master/backup status. In scenarios where enhanced DAD for secondary faults
is enabled, if faults on the original DFS master device are rectified and the peer-
link fault persists, the corresponding interfaces on the backup device are triggered
to enter the Error-Down state based on the HB DFS master/backup status. This
mechanism prevents abnormal traffic forwarding in the scenario where two
master devices exist and improves device reliability.
Step 4 (Optional) Run priority priority
The priority of the DFS group is set.
The priority of a DFS group is used for master/backup negotiation between two
devices. A larger value indicates a higher priority of the device. The device with a
higher priority is the master device.
If the priorities of two devices are the same, the device with a smaller MAC
address is the master device.
By default, the priority of a DFS group is 100.
Step 5 (Optional) Run m-lag up-delay value [ auto-recovery interval interval-time ]
The delay for the M-LAG member interface to report the Up event is set.
To ensure the revertive switching performance, the default delay for the M-LAG
member interface to report the Up event is 240s, and the automatic recovery
interval is not configured in scenarios such as switch restart, card reset, or peer-
link fault recovery.
Step 6 (Optional) Run set lacp system-id switch-delay { switch-delay-time |

immediately }
The delay in switching the LACP M-LAG system ID is set.
By default, the LACP M-LAG system ID is not switched. The immediately

parameter indicates that the LACP M-LAG system ID is switched immediately.
When the value of the switch-delay-time parameter is 0, the LACP M-LAG system
ID is not switched.
Step 7 (Optional) Run authentication-mode hmac-sha256 password password
The authentication mode and password of DFS group synchronization packets are
configured.
By default, the authentication mode of DFS group synchronization packets is not

configured.
Step 8 (Optional) Run dfs-master led enable

Switches
The stack status indicator is enabled to display the DFS group master and backup
status.
By default, the stack status indicator does not display the DFS group master and
backup status.
After the stack status indicator is enabled to display the DFS group master and
backup status, the stack status indicator on the DFS master device is steady on
and that on the DFS backup device is off.
Step 9 (Optional) Run dual-active detection error-down { delay delay-time | disable }
The action of changing interfaces excluding the management interface, peer-link

interface, and stack interface on the backup device to Error-Down state when the
peer-link fails but the DAD heartbeat status is normal is disabled or delayed.
By default, interfaces excluding the management interface, peer-link interface, and

stack interface on the backup device change to Error-Down state when the peer-
link fails but the DAD heartbeat status is normal.
When an access device is single-homed to M-LAG master and backup devices

using Layer 3 access mode, traffic forwarding on the backup device is not affected
in a dual-active scenario where the peer-link fails but the DAD heartbeat status is
normal. To prevent packet loss, you can run the dual-active detection error-
down command to disable or delay the action of changing interfaces excluding
the management interface, peer-link interface, and stack interface on the backup
device to Error-Down state when the peer-link fails but the DAD heartbeat status
is normal.
When an access device is connected to M-LAG master and backup devices using
M-LAG dual-homing access mode or Layer 2 access mode, you cannot disable or
delay the Error-Down action.
Step 10 (Optional) Run dual-active detection enhanced enable
Enhanced DAD for secondary faults is enabled.
On a dual-homing network where M-LAG is deployed, when the peer-link fails but
the DAD status is normal, some interfaces on the DFS backup device enter the
Error-Down state. In this case, the DFS master device continues to work. When the
DFS master device cannot work because it is powered off or it restarts, the M-LAG
master and backup devices cannot forward traffic.
In this case, enhanced DAD for secondary faults can be enabled. When the peer-
link fails and secondary faults occur, the DFS backup device detects the fault on
the DFS master device and restores the interfaces in Error-Down state to forward
traffic. This ensures nonstop transmission when secondary faults occur.
If the peer-link fault persists after secondary faults are rectified, two master
devices may exist. It is recommended that you specify the IP address of the peer
device when configuring the IP address bound to the DFS group. In this case, if the
peer-link fault persists after the faulty device recovers, the corresponding
interfaces on the HB DFS backup device are triggered to enter the Error-Down
state, preventing abnormal traffic forwarding in the scenario where two master
devices exist.
Step 11 (Optional) Run dual-active detection error-down mode routing-switch

Switches
Logical interfaces are configured to enter the Error-Down state when the peer-link
fails but the DAD status is normal in an M-LAG scenario.
By default, logical interfaces are not triggered to enter the Error-Down state when
the peer-link fails but the DAD status is normal in an M-LAG scenario. On a dual-
homing TRILL network where M-LAG is deployed, when the peer-link fails but the
DAD status is normal, the M-LAG interface on the backup device enters the Error-
Down state. On a dual-homing Ethernet or IP network where M-LAG is deployed,
when the peer-link fails but the DAD status is normal, physical interfaces except
the logical interface, interface configured with m-lag unpaired-port reserved,
device all enter the Error-Down state.
On the IP or VXLAN network where M-LAG is deployed, when the dual-active
detection error-down mode routing-switch command is used, only VLANIF
interfaces, VBDIF interfaces, loopback interfaces, and M-LAG member interfaces
are triggered to enter the Error-Down state.
NOTE
Step 12 (Optional) Run peer-link mac-address remain enable

The system is configured not to trigger the remote M-LAG device to delete the
By default, the system triggers the remote M-LAG device to delete the
Step 13 Run commit
----End
4.7.3 (Optional) Configuring STP Multi-Process

Context
STP multi-process is used for independent calculation of spanning trees between
M-LAG access devices. After STP multi-process is enabled, some M-LAG member
interfaces on M-LAG devices can be managed in each process. Devices perform
STP calculation based on processes, and the interfaces that are not in processes do
not participate in STP calculation of processes. This speeds up STP convergence.
NOTE
STP multi-process must be configured simultaneously on M-LAG master and backup

devices, including the number of processes, process ID, and the status of STP. Otherwise, the
V-STP function cannot be used.

Switches
Procedure
Step 2 Run stp process process-id
An STP process is created and the STP process view is displayed.
Step 3 Run stp mode { stp | rstp }
The working mode of the STP process is configured.
By default, the working mode of an STP process is MSTP. V-STP does not support
the MSTP mode, so the V-STP mode needs to switch to STP or RSTP. When a
switch starts, the default STP process with the ID of 0 exists. STP configurations in
the system view and interface view belong to STP process 0.
Step 4 Run stp enable
MSTP of the STP process is enabled.
By default, STP in a process is disabled.
Step 5 Run commit
----End
4.7.4 Configuring M-LAG Consistency Check

Prerequisites
The DFS group between two devices in the M-LAG has been paired successfully
and the master and backup states have been negotiated.
Context
normal.
generated.

Switches


STP working mode
Whether BPDU

and MSTIs
NOTE
0.

interface view
is enabled
LACP mode
Static MAC address

entries
entry in which the
member interface
entry of a VXLAN
tunnel

MAC address entries

Switches
Static ARP entries

entries
● Long static ARP
entries
– If outbound
interfaces are
specified in static
ARP entries, only
the static ARP
entries in which
the outbound
interfaces are M-
LAG member
interfaces are
checked.
– If the VLANs to
which static ARP
entries belong are
specified, the VLAN
IDs are compared.
– If outbound
interfaces and the
VLANs to which
static ARP entries
belong are
ARP entries in
which the
outbound
interfaces are M-
LAG member
interfaces and the
VLAN IDs are
compared.
an IPv4 VXLAN
tunnel

Switches

NOTE
an M-LAG member
VPN instance or the
VLANIF interface
static ARP entry.

ARP entries
Bridge Domain (BD)

configuration
● BD ID
the BD
VBDIF interface
configuration
● BD ID
● IPv4 address
● IPv6 address
● VRRP4 group
● MAC address
● Status
NOTE
default.
the preceding

Switches
VLANIF interface
configuration
● VLAN ID
● IPv4 address
● IPv6 address
● VRRP4 group
● VRRP6 group
● MAC address
● Status
NOTE
default.
down, the preceding

interface view
VLAN ID
Parameters
Number of member
belongs
NOTE
Only the numbers of
Procedure
● Configure M-LAG consistency check.
a. Run system-view
b. Run dfs-group dfs-group-id

Switches
A DFS group is created and its view is displayed, or the view of an

existing DFS group is displayed.
c. Run consistency-check enable mode { strict | loose }
M-LAG consistency check is enabled and a check mode is specified.
By default, M-LAG consistency check is disabled.
d. Run commit
● Check the M-LAG consistency check status and configuration of devices in the
M-LAG.
– Run the display dfs-group command to check the M-LAG consistency
check result.
– Run the display dfs-group consistency-check { global | interface m-lag
m-lag-id | static-arp | static-mac } command to check the configuration
of M-LAG master and backup devices.
– Run the display dfs-group consistency-check status command to
display the running status of M-LAG consistency check.
----End
Exception Handling
● In loose mode, if the key or common configuration of two devices in the M-
LAG is inconsistent, either of the following alarms is triggered:
"ETRUNK_1.3.6.1.4.1.2011.5.25.178.8.2.1 hwMLagConsistencyCheckType1" and
When the configuration of two devices in the M-LAG is adjusted, M-LAG
consistency check is successful and the alarm is cleared.
● In strict mode, if the key configuration of two devices in the M-LAG is
Down state and the alarm about key configuration inconsistency is generated:
The device records the status of an interface as Error-Down when it detects
that a fault occurs. The interface in Error-Down state cannot receive or send
packets and the interface indicator is off. You can run the display error-down
recovery command to check information about all interfaces in Error-Down
state on the device.
When the interface enters the Error-Down state, adjust the configuration of
M-LAG master and backup devices. You are not advised to manually restore
the interface or run the error-down auto-recovery cause m-lag interval
interval-value command in the system view to enable the interface to go Up
automatically. Otherwise, excess packets, packet loss, or forwarding failure
may occur. Exercise caution when you perform the preceding operation.
If the M-LAG consistency check mode is set to strict mode and the system
it is recommended that the device administrator immediately adjust the
configurations, and it is not recommended that the device administrator
restart the devices. If type 1 configurations are inconsistent, member

Switches
----End
4.7.5 Configuring an Interface as a Peer-link Interface
Context
A peer-link is a direct aggregated link between two devices configured with M-
LAG. It is used to exchange protocol packets and transmit some traffic, and
ensures normal running of M-LAG.
Prerequisites
The direct link between two devices configured with M-LAG has been configured
as an aggregated link.
Procedure
Step 2 Run interface eth-trunk trunk-id
Step 3 Run trunkport interface-type { interface-number1 [ to interface-number2 ] } &<1-

n>
When you add member interfaces to an Eth-Trunk in a batch, if one interface

cannot be added to the Eth-Trunk, all subsequent interfaces in the batch cannot
be added to the Eth-Trunk, either.
NOTE
For the CE5810EI, the value of n is 8. For the CE5880EI and CE6880EI, the value of n is 64. For
other models, the value of n depends on the assign forward eth-trunk mode command.
Step 4 Run mode lacp-static
The Eth-Trunk is configured to work in static LACP mode.
By default, an Eth-Trunk works in manual load balancing mode. To ensure M-LAG

reliability, you are advised to configure the Eth-Trunk to work in static LACP mode.

Switches
Step 5 Run stp enable

STP is enabled on the interface.
By default, STP is enabled on an interface.
Step 6 (Optional) Run stp binding process process-id1 [ to process-id2 ] link-share
The peer-link is configured in link-share mode and the port is added to multiple
STP processes to complete STP calculation.
Step 7 Run peer-link peer-link-id
The interface is configured as a peer-link interface.
By default, no interface is configured as a peer-link interface.
● An interface configured as a peer-link interface joins all VLANs by default.
● An interface configured as a peer-link interface cannot be configured with any
service.
● If the ERPS control VLAN, TRILL carrier VLAN, Super-VLAN, or FCoE VLAN
needs to be configured, perform Step 7 to remove the peer-link interface
from the control VLAN, carrier VLAN, Super-VLAN, or FCoE VLAN. Otherwise,
the control VLAN, carrier VLAN, Super-VLAN, or FCoE VLAN cannot be
configured.
● If the network-side VLANIF interface is configured, perform Step 7 to remove
the peer-link interface from the VLAN. Otherwise, heartbeat detection may
take ineffective.
Step 8 (Optional) Run port vlan exclude { { vlan-id1 [ to vlan-id2 ] } &<1-10> }
The VLANs not allowed by the peer-link interface are specified.
By default, no allowed VLAN is specified on a peer-link interface.
Step 9 Run commit
----End
4.7.6 Configuring an M-LAG Member Interface

Prerequisites
The links between a user-side device and two devices configured with M-LAG have
been configured as aggregated links. To improve reliability and prevent incorrect
configurations or loops during M-LAG configuration, you are advised to configure
Procedure
● When the Eth-Trunk works in manual load balancing mode, perform the
a. Run system-view

Switches

number2 ] } &<1-n>
NOTE
mode command.
d. Run dfs-group dfs-group-id m-lag m-lag-id
NOTE
e. (Optional) Run stp binding process process-id
The port is added to the specified MSTP process.
After STP multi-process is enabled, some M-LAG member interfaces on
M-LAG devices can be managed in each process. Devices perform STP
calculation based on processes, and the interfaces that are not in
processes do not participate in STP calculation of processes. The M-LAG
member port is added to the specified MSTP process.
▪ When M-LAG member interfaces in different processes belong to the

same BD and the peer-link interface is faulty, loops may occur. To
address this issue, assign M-LAG member interfaces in different
processes to different BDs.
▪ Run the shutdown command to disable an interface and services are

not configured before the process of M-LAG member interfaces
switching. Run the undo shutdown command to enable an interface
and services are configured after the process of M-LAG member
interfaces switching.
f. Run commit
● (Recommended) When the Eth-Trunk works in LACP mode, perform the
a. Run system-view

Switches

number2 ] } &<1-n>
NOTE
mode command.

d. Run mode { lacp-static | lacp-dynamic }
The Eth-Trunk is configured to work in LACP mode.
e. Run dfs-group dfs-group-id m-lag m-lag-id
NOTE
f. (Optional) Run stp binding process process-id
The port connected to the access link is added to the specified MSTP
process.
After STP multi-process is enabled, some M-LAG member interfaces on
M-LAG devices can be managed in each process. Devices perform STP
calculation based on processes, and the interfaces that are not in
processes do not participate in STP calculation of processes. The M-LAG
member port is added to the specified MSTP process.
▪ When M-LAG member interfaces in different processes belong to the

same BD and the peer-link interface is faulty, loops may occur. To
address this issue, assign M-LAG member interfaces in different
processes to different BDs.
▪ Run the command shutdown to disable an interface and services are

not configured before the process of M-LAG member interfaces
switching. Run the command undo shutdown to enable an interface
and services are configured after the process of M-LAG member
interfaces switching.
g. (Optional) Configure the LACP M-LAG system priority and system ID.
▪ Run the quit command to exit from the Eth-Trunk interface view.
NOTE
After the DFS pairing succeeds in V200R001C00 and later versions, the
master device automatically synchronizes its LACP M-LAG system priority
and system ID to the backup device. The M-LAG member interface of the
backup device uses the synchronized LACP M-LAG system priority and
system ID to perform LACP negotiation. You do not need to manually
configure the LACP M-LAG system priority and system ID.

Switches
▪ Run the lacp m-lag priority priority command to set the LACP M-
LAG system priority.
The default LACP M-LAG system priority is 32768.
○ The LACP M-LAG system priority is valid for the M-LAG
composed of an Eth-Trunk in LACP mode, whereas the LACP
system priority configured by the lacp priority command is valid
for an Eth-Trunk in LACP mode.
○ The LACP M-LAG system priority configured in the Eth-Trunk
the LACP M-LAG system priority of the Eth-Trunk to the M-LAG
backup device. Therefore, the LACP M-LAG system priority of an
Eth-Trunk must be configured on both the M-LAG master and
▪ Run the lacp m-lag system-id mac-address command to set the

LACP M-LAG system ID.
By default, the LACP M-LAG system ID in the system view is the MAC
address of the Ethernet interface on the MPU.
○ The LACP M-LAG system ID is valid for the M-LAG composed of
an Eth-Trunk in LACP mode.
○ The LACP M-LAG system ID configured in the Eth-Trunk
the LACP M-LAG system ID of the Eth-Trunk to the M-LAG
backup device. Therefore, the LACP M-LAG system ID of an Eth-
Trunk must be configured on both the M-LAG master and
○ You are advised to use the smaller MAC address on the M-LAG
master and backup devices as the LACP M-LAG system ID.
h. Run commit
----End
4.7.7 (Optional) Configuring the Dual-Active Gateway
Prerequisites
The M-LAG member interface has been added to the corresponding VLAN, or the
Layer 2 sub-interface of the Eth-Trunk to which the M-LAG member interface
belongs has been added to the corresponding BD.
Context
On a dual-homing IP or VXLAN network, both the M-LAG master and backup
devices need to function as Layer 3 gateways. In this case, VLANIF/VBDIF
interfaces corresponding to M-LAG member interfaces must have the same IP
address and MAC address. You can configure the same IP address and run the

Switches
mac-address command to configure the same virtual MAC address for the
VLANIF/VBDIF interfaces.
Procedure
● Configure an IP address and a MAC address for a VLANIF/VBDIF interface to
implement dual-active gateway.
a. Run system-view

b. Run interface { vlanif vlan-id | vbdif bd-id }
The VLANIF or VBDIF interface view is displayed.

c. Configure an IP address for the interface:
▪ On IPv4 networks, run ip address ip-address { mask | mask-length }

[ sub ]
An IPv4 address is configured for the VLANIF/VBDIF interface.
▪ On IPv6 networks, perform the following operations:

1) Run ipv6 enable
IPv6 is enabled for the VLANIF/VBDIF interface.
2) Run ipv6 address { ipv6-address prefix-length | ipv6-address/
prefix-length }
Or run ipv6 address { ipv6-address prefix-length | ipv6-address/
prefix-length } eui-64
A global unicast address is configured for the VLANIF/VBDIF
interface.
An IP address is assigned to the VLANIF/VBDIF interface.
By default, no IP address is configured for an interface.

M-LAG master and backup devices must be configured with the same IP
address.
d. Run mac-address (VLANIF interface view) mac-address
Or run mac-address (VBDIF interface view) mac-address
A virtual MAC address is configured for the VLANIF/VBDIF interface.
By default, the MAC address of a VLANIF/VBDIF interface must be the

same as the system MAC address.

M-LAG master and backup devices must be configured with the same
virtual MAC address.
e. (Optional) Run protocol up-delay-time time-value
The delay before the Layer 3 protocol status of an interface can go Up is

set.

Switches
By default, the delay before the Layer 3 protocol status of a VLANIF

interface can go Up is 1s. When there are many ARP entries, the delay is
increased.
When the faulty device or peer-link recovers, many ARP entries need to
be synchronized in a batch. You can configure the delay so that the
protocol status of the interface goes Up after ARP entries are
synchronized. This prevents protocol packets from being discarded,
reduces the packet loss during link recovery, and improves convergence
performance.
NOTE

f. Run commit
● NOTE
a.
----End
4.7.8 (Optional) Configuring the Interface Status When the

Peer-Link Fails
Context
On a dual-homing Ethernet, VXLAN, or IP network where M-LAG is deployed,
when the peer-link fails but the DAD status is normal, interfaces except the
device all enter the Error-Down state. When the faulty peer-link is restored, the M-
LAG interface in Error-Down state goes Up after 240 seconds by default and other
interfaces in Error-Down state go Up automatically.
In practice, uplink interfaces running routing protocols or DAD-enabled heartbeat
interfaces should not enter the Error-Down state. You can configure the interface
whether to enter the Error-Down state according to the actual situation.
Table 4-11 describes the Error-Down state of interfaces when the peer-link fails
but the DAD status is normal.

Switches
Table 4-11 Error-Down state of interfaces when the peer-link fails but the DAD
status is normal
Device Configuration Ethernet, VXLAN, or IP Network

Where M-LAG Is Deployed
Default setting Interfaces except the management

interface, peer-link interface, and stack
interface on the backup device all
enter the Error-Down state.
Device where m-lag unpaired-port Only the M-LAG member interface

suspend is configured and the interface configured with m-
lag unpaired-port suspend are in
Error-Down state.
Device where m-lag unpaired-port Interfaces except the interface

reserved is configured configured with m-lag unpaired-port
reserved, management interface,
peer-link interface, and stack interface
on the backup device all enter the
Error-Down state.
Device where both m-lag unpaired- Only the M-LAG member interface
port suspend and m-lag unpaired- and the interface configured with m-
port reserved are configured lag unpaired-port suspend are in
Error-Down state.
Procedure
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run m-lag unpaired-port reserved
The interface is configured not to enter the Error-Down state when the peer-link
fails but the DAD status is normal.
● You can configure m-lag unpaired-port suspend on other interfaces of the

backup device so that the specified interface is configured to automatically
enter the Error-Down state when the peer-link fails but the DAD status is
normal.
● You are advised to configure this command on interfaces of both the M-LAG
master and slave devices, so the Error-Down state of interfaces is consistent
after an active/standby switchover of the M-LAG master and backup devices.
● This command cannot be configured on the peer-link interface and M-LAG
member interfaces.
Step 4 Run commit

Switches
----End
4.7.9 (Optional) Enabling Enhanced M-LAG Layer 3

Forwarding in an IPv6 Scenario
Context
To speed up convergence when an M-LAG member interface fails in an IPv6
scenario, you can enable enhanced M-LAG Layer 3 forwarding so that backup FRR
resources are requested for all ND entries with M-LAG member interfaces as
outbound interfaces. Active and standby paths are established for traffic
forwarding on downlink outbound interfaces. If an M-LAG member interface fails,
the outbound interface can be quickly changed to a peer-link interface.
NOTE
CE6810LI, CE5880EI, and CE6880EI switches do not support enhanced M-LAG Layer 3
forwarding in an IPv6 scenario.
Procedure
Step 2 Run m-lag forward layer-3 enhanced enable
Enhanced M-LAG Layer 3 forwarding is enabled in an IPv6 scenario.
By default, enhanced M-LAG Layer 3 forwarding is disabled in an IPv6 scenario.
After enhanced M-LAG Layer 3 forwarding is enabled in an IPv6 scenario, backup
FRR resources are requested for all ND entries with M-LAG member interfaces as
outbound interfaces. The outbound interfaces can be changed to peer-link
interfaces to establish active and standby paths for traffic forwarding. If the FEI
side detects that an M-LAG member interface fails, dual-homing networking is
changed to single-homing networking. The next hop in the corresponding ND
entry is changed from the M-LAG member interface to the peer-link interface. This
improves the switchover performance when faults occur.

Switches
NOTE
● After enhanced M-LAG Layer 3 forwarding is enabled in an IPv6 scenario, the active and
standby paths may fail to be delivered due to increased next-hop resource consumption.
As a result, packet loss occurs.
● After enhanced M-LAG Layer 3 forwarding is enabled in an IPv6 scenario, the TTL value
decreases by 1 on the M-LAG master and backup devices because packets are forwarded
inside the M-LAG.
● After enhanced M-LAG Layer 3 forwarding is enabled, you need to configure an Eth-
Trunk interface to clear all the learned ND entries when the Eth-Trunk joining in or
being removed from M-LAG. This prevents the upper-layer protocol module from
detecting the waste of FRR resources caused by the change of M-LAG member
interfaces.
● After enhanced M-LAG Layer 3 forwarding is enabled, you can disable this function only
after 300s. After enhanced M-LAG Layer 3 forwarding is disabled, you can enable this
function only after 300s.
Step 3 Run commit

----End
4.7.10 Verifying the Configuration of M-LAG Configured

Through V-STP
Procedure
● Run the display dfs-group dfs-group-id [ node node-id m-lag [ brief ] |
peer-link ] command to check M-LAG information.
● Run the display stp [ process process-id ] v-stp command to check the V-STP
status and statistics.
----End
Follow-up Procedure
After M-LAG is configured, if the peer-link fails but the heartbeat status is normal,
some interfaces on the backup device will enter the Error-Down state. The device
records the status of an interface as Error-Down when it detects that a fault
occurs. The interface in Error-Down state cannot receive or send packets and the
interface indicator is off. You can run the display error-down recovery command
to check information about all interfaces in Error-Down state on the device.
When M-LAG is used for dual-homing to an Ethernet, VXLAN network, or IP
network and the peer-link fails but the heartbeat is normal, all physical interfaces
except the management interface, peer-link interface, and stack interface on the
backup device will enter the error-down state. When the peer-link recovers, the M-
LAG interface in Error-Down state becomes Up after 2 minutes by default, and the
physical interfaces in Error-Down state are restored to Up state.
When the interface enters the Error-Down state, locate the cause. You are not
advised to manually restore the interface or run the error-down auto-recovery
cause m-lag interval interval-value command in the system view to enable the
interface to go Up automatically. Otherwise, packet loss or forwarding failure may
occur. Exercise caution when you perform the preceding operation.

Switches
4.8 Maintaining M-LAG
4.8.1 Monitoring the M-LAG Operating Status
Context
During M-LAG operating status monitoring, you can check causes for fault
locating if an M-LAG fault occurs.
Procedure
Step 1 Run the display m-lag troubleshooting [ history ]command to check causes for
the M-LAG faults.
This command can display the causes of a maximum of 100 recent faults at most.
----End
4.8.2 Clearing M-LAG Historical Fault Event Information
Context
Before you check causes of M-LAG faults within a certain period, clear the existing
historical fault event information on the device.
NOTE
The historical fault event information about M-LAG faults cannot be restored after being
cleared. Confirm your operation before clearing the historical fault event information.
Procedure
● Run the reset m-lag troubleshooting history command in the user view to
clear historical fault event information about M-LAG faults.
----End
4.9 Configuration Examples for M-LAG

This section only provides configuration examples for individual features. For
details about multi-feature configuration examples, feature-specific configuration
examples, interoperation examples, protocol or hardware replacement examples,
and industry application examples, see the Typical Configuration Examples.
4.9.1 Example for Deploying M-LAG to Connect the Device to

an Ethernet Network in Dual-Homing Mode Through the Root
Bridge

Switches
Networking Requirements
As shown in Figure 4-22, a server is dual-homed to an Ethernet network through
M-LAG. The customer requires high service reliability. Link aggregation between
the server and devices only achieves link-level reliability, and a fault on a device
may cause service interruption. M-LAG can be configured. When devices work
properly, links load balance traffic and a fault of any device does not affect
services. High service reliability is therefore ensured. On an Ethernet network, the
blocked interface cannot transmit heartbeat packets of M-LAG master and backup
devices; therefore, a DFS group is configured and bound to the IP address of the
management interface to ensure that heartbeat packets of M-LAG master and
backup devices can be transmitted normally.
Figure 4-22 Networking for dual-homing the M-LAG to a common Ethernet

network
Ethernet
Network
SwitchC SwitchD
10GE1/0/1 10GE1/0/2
10GE1/0/2 10GE1/0/1
Peer-link 1
10GE1/0/1 10GE1/0/2 10GE1/0/2 10GE1/0/1
10GE1/0/3 10GE1/0/3
SwitchA SwitchB
10GE1/0/4 10GE1/0/4
10GE1/0/6 10GE1/0/5 10GE1/0/5 10GE1/0/6
Server
Configuration Roadmap
1. Configure SwitchA and SwitchB as the root bridge and configure the same
bridge ID to ensure that M-LAG master and backup devices are used as root
bridges.
2. Configure IP addresses for management interfaces on SwitchA and SwitchB to
ensure Layer 3 connectivity and transmission of heartbeat packets of M-LAG
master and backup devices.
3. Configure M-LAG on SwitchA and SwitchB so that the server is dual-homed to
SwitchA and SwitchB.
4. Create VLANIF interfaces on SwitchC and SwitchD and configure IP addresses
for the VLANIF interfaces. Create VRRP groups on the VLANIF interfaces and
configure VRRP groups as gateways of M-LAG master and backup devices.

Switches
Procedure
Step 1 Configure SwitchA and SwitchB as root bridges and configure the same bridge ID
for them.
NOTE
If the two devices that constitute an M-LAG connect to downstream switching devices, you must
configure root protection.
# Configure SwitchA.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[*HUAWEI] commit
[~SwitchA] stp root primary
[*SwitchA] stp bridge-address 39-39-39
[*SwitchA] interface eth-trunk 1
[*SwitchA-Eth-Trunk1] trunkport 10ge 1/0/5
[*SwitchA-Eth-Trunk1] stp edged-port enable
[*SwitchA-Eth-Trunk1] commit
[~SwitchA-Eth-Trunk1] quit
# Configure SwitchB.
[~HUAWEI] sysname SwitchB
[*HUAWEI] commit
[~SwitchB] stp root primary
[*SwitchB] stp bridge-address 39-39-39
[*SwitchB] interface eth-trunk 1
[*SwitchB-Eth-Trunk1] trunkport 10ge 1/0/5
[*SwitchB-Eth-Trunk1] stp edged-port enable
[*SwitchB-Eth-Trunk1] commit
[~SwitchB-Eth-Trunk1] quit
Step 2 Configure IP addresses for management interfaces on SwitchA and SwitchB.

[~SwitchA] interface meth 0/0/0
[~SwitchA-MEth0/0/0] ip address 10.1.1.1 24
[*SwitchA-MEth0/0/0] quit
[*SwitchA] commit
[~SwitchB] interface meth 0/0/0
[~SwitchB-MEth0/0/0] ip address 10.1.1.2 24
[*SwitchB-MEth0/0/0] quit
[*SwitchB] commit
Step 3 Create a DFS group and bind IP addresses of management interfaces to the DFS
group on SwitchA and SwitchB.
Configure IP addresses for management interfaces on SwitchA and SwitchB to
ensure Layer 3 connectivity.
[~SwitchA] dfs-group 1
[*SwitchA-dfs-group-1] source ip 10.1.1.1
[*SwitchA-dfs-group-1] priority 150
[*SwitchA-dfs-group-1] quit
[*SwitchA] commit

Switches
[~SwitchB] dfs-group 1
[*SwitchB-dfs-group-1] source ip 10.1.1.2
[*SwitchB-dfs-group-1] priority 120
[*SwitchB-dfs-group-1] quit
[*SwitchB] commit
Step 4 Configure the link between SwitchA and SwitchB as a peer-link.

[~SwitchA] interface eth-trunk 0
[*SwitchA-Eth-Trunk0] undo stp enable
[*SwitchA-Eth-Trunk0] mode lacp-static
[*SwitchA-Eth-Trunk0] peer-link 1
[*SwitchA-Eth-Trunk0] quit
[*SwitchA] commit
[~SwitchB] interface eth-trunk 0
[*SwitchB-Eth-Trunk0] undo stp enable
[*SwitchB-Eth-Trunk0] mode lacp-static
[*SwitchB-Eth-Trunk0] peer-link 1
[*SwitchB-Eth-Trunk0] quit
[*SwitchB] commit
Step 5 Add Eth-Trunks that connect SwitchA and SwitchB to the server to VLAN 11 and
bind the Eth-Trunks to the DFS group.
The uplink interface of the server connected to the switch needs to be bound to
an aggregation link, and the link aggregation modes on the server and switch
must be consistent.
[~SwitchA] vlan batch 11
[*SwitchA-Eth-Trunk1] mode lacp-dynamic
[*SwitchA-Eth-Trunk1] port link-type access
[*SwitchA-Eth-Trunk1] port default vlan 11
[*SwitchA-Eth-Trunk1] dfs-group 1 m-lag 1
[*SwitchA] commit
[~SwitchB] vlan batch 11
[*SwitchB-Eth-Trunk1] mode lacp-dynamic
[*SwitchB-Eth-Trunk1] port link-type access
[*SwitchB-Eth-Trunk1] port default vlan 11
[*SwitchB-Eth-Trunk1] dfs-group 1 m-lag 1
[*SwitchB] commit
Step 6 Configure the links between SwitchA and SwitchC and between SwitchB and
SwitchD as aggregated links, and configure interface types and allowed VLANs.
[~SwitchA] interface eth-trunk 2

Switches
[*SwitchA-Eth-Trunk2] port link-type trunk

[*SwitchA-Eth-Trunk2] port trunk allow-pass vlan 11
[*SwitchA] commit
[~SwitchB] interface eth-trunk 2
[*SwitchB-Eth-Trunk2] port link-type trunk
[*SwitchB-Eth-Trunk2] port trunk allow-pass vlan 11
[*SwitchB] commit
# Configure SwitchC.
[~HUAWEI] sysname SwitchC
[*HUAWEI] commit
[~SwitchC] vlan batch 11
[*SwitchC] interface eth-trunk 2
[*SwitchC-Eth-Trunk2] mode lacp-static
[*SwitchC-Eth-Trunk2] port link-type trunk
[*SwitchC-Eth-Trunk2] port trunk allow-pass vlan 11
[*SwitchC-Eth-Trunk2] trunkport 10ge 1/0/1
[*SwitchC-Eth-Trunk2] trunkport 10ge 1/0/2
[*SwitchC-Eth-Trunk2] quit
[*SwitchC] commit
# Configure SwitchD.
[~HUAWEI] sysname SwitchD
[*HUAWEI] commit
[~SwitchD] vlan batch 11
[*SwitchD] interface eth-trunk 2
[*SwitchD-Eth-Trunk2] mode lacp-static
[*SwitchD-Eth-Trunk2] port link-type trunk
[*SwitchD-Eth-Trunk2] port trunk allow-pass vlan 11
[*SwitchD-Eth-Trunk2] trunkport 10ge 1/0/1
[*SwitchD-Eth-Trunk2] trunkport 10ge 1/0/2
[*SwitchD-Eth-Trunk2] quit
[*SwitchD] commit
Step 7 Create VLANIF interfaces on SwitchC and SwitchD and configure IP addresses for
the VLANIF interfaces. Create VRRP groups on the VLANIF interfaces.
# Configure VRRP group 1 on SwitchC and set the priority of SwitchC to 120.
[~SwitchC] interface vlanif 11
[*SwitchC-Vlanif11] ip address 10.2.1.1 24
[*SwitchC-Vlanif11] vrrp vrid 1 virtual-ip 10.2.1.111
[*SwitchC-Vlanif11] vrrp vrid 1 priority 120
[*SwitchC-Vlanif11] quit
[*SwitchC] commit
# Configure VRRP group 1 on SwitchD. SwitchD uses default priority 100.

[~SwitchD] interface vlanif 11
[*SwitchD-Vlanif11] ip address 10.2.1.2 24
[*SwitchD-Vlanif11] vrrp vrid 1 virtual-ip 10.2.1.111
[*SwitchD-Vlanif11] quit
[*SwitchD] commit
Step 8 Verify the configuration.

Switches
● Run the display dfs-group command to check M-LAG information.

# Check information about the M-LAG with DFS group 1.
[~SwitchA] display dfs-group 1 m-lag
* : Local node
Heart beat state : OK
Node 1 *
Dfs-Group ID : 1
Priority : 150
Address : ip address 10.1.1.1
State : Master
Causation :-
System ID : 0025-9e95-7c31
SysName : SwitchA
Version : V100R006C00
Device Type : CE6850EI
Node 2
Dfs-Group ID : 1
Priority : 120
State : Backup
Causation :-
System ID : 0025-9e95-7c11
SysName : SwitchB
# Check M-LAG information on SwitchA.
[~SwitchA] display dfs-group 1 node 1 m-lag brief
* - Local node
M-Lag ID Interface Port State Status Consistency-check

1 Eth-Trunk 1 Up active(*)-active --
Failed reason:
1 -- Relationship between vlan and port is inconsistent
2 -- STP configuration under the port is inconsistent
3 -- STP port priority configuration is inconsistent
4 -- LACP mode of M-LAG is inconsistent
5 -- M-LAG configuration is inconsistent
6 -- The number of M-LAG members is inconsistent
# Check M-LAG information on SwitchB.
* - Local node
M-Lag ID Interface Port State Status Consistency-check

1 Eth-Trunk 1 Up active-active(*) --
Failed reason:
1 -- Relationship between vlan and port is inconsistent
2 -- STP configuration under the port is inconsistent
3 -- STP port priority configuration is inconsistent
4 -- LACP mode of M-LAG is inconsistent
5 -- M-LAG configuration is inconsistent
6 -- The number of M-LAG members is inconsistent
In the preceding command outputs, the value of Heart beat state is OK,
indicating that the heartbeat is normal. SwitchA is used as Node 1, its priority
is 150, and its status is Master. SwitchB is used as Node 2, its priority is 120,
and its status is Backup. The value of Causation is -, and the values of Port
State of Node 1 and Node 2 are both Up, and the M-LAG status of Node 1
and Node 2 is both active, indicating that the M-LAG configuration is correct.
● Run the display vrrp command on SwitchC and SwitchD. You can see that
SwitchC is in Master state and SwitchD is in Backup state.

Switches
[~SwitchC] display vrrp verbose

Vlanif11 | Virtual Router 1
State : Master
Virtual IP : 10.2.1.111
Master IP : 10.2.1.1
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 0s Remain : --
TimerRun : 1s
TimerConfig : 1s
Auth Type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config Type : Normal
Create Time : 2020-01-30 11:39:18
Last Change Time : 2020-02-04 11:38:58
[~SwitchD] display vrrp verbose
Vlanif11 | Virtual Router 1
State : Backup
Virtual IP : 10.2.1.111
Master IP : 10.2.1.1
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0s Remain : --
TimerRun : 1s
TimerConfig : 1s
Auth Type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config Type : Normal
Create Time : 2020-01-30 11:39:18
Last Change Time : 2020-02-04 11:38:58
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
dfs-group 1
priority 150
source ip 10.1.1.1
#
vlan batch 11
#
stp bridge-address 0039-0039-0039
stp instance 0 root primary
#
interface MEth0/0/0
ip address 10.1.1.1 255.255.255.0
#
interface Eth-Trunk0
stp disable
mode lacp-static
peer-link 1
#
port default vlan 11
stp edged-port enable
mode lacp-dynamic
dfs-group 1 m-lag 1
#
port link-type trunk

Switches
port trunk allow-pass vlan 11

mode lacp-static
#
interface 10GE1/0/1
eth-trunk 2
#
interface 10GE1/0/2
eth-trunk 2
#
interface 10GE1/0/3
eth-trunk 0
#
interface 10GE1/0/4
eth-trunk 0
#
interface 10GE1/0/5
eth-trunk 1
#
interface 10GE1/0/6
eth-trunk 1
#
return
● SwitchB configuration file
#
sysname SwitchB
#
dfs-group 1
priority 120
source ip 10.1.1.2
#
vlan batch 11
#
stp instance 0 root primary
#
interface MEth0/0/0
ip address 10.1.1.2 255.255.255.0
#
stp disable
mode lacp-static
peer-link 1
#
port default vlan 11
stp edged-port enable
mode lacp-dynamic
dfs-group 1 m-lag 1
#
mode lacp-static
#
interface 10GE1/0/1
eth-trunk 2
#
interface 10GE1/0/2
eth-trunk 2
#
interface 10GE1/0/3
eth-trunk 0
#
interface 10GE1/0/4
eth-trunk 0
#
interface 10GE1/0/5
eth-trunk 1
#

Switches
interface 10GE1/0/6
eth-trunk 1
#
return
● SwitchC configuration file
#
sysname SwitchC
#
vlan batch 11
#
interface Vlanif11
ip address 10.2.1.1 255.255.255.0
vrrp vrid 1 virtual-ip 10.2.1.111
vrrp vrid 1 priority 120
#
mode lacp-static
#
interface 10GE1/0/1
eth-trunk 2
#
interface 10GE1/0/2
eth-trunk 2
#
return
● SwitchD configuration file
#
sysname SwitchD
#
vlan batch 11
#
interface Vlanif11
ip address 10.2.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.2.1.111
#
mode lacp-static
#
interface 10GE1/0/1
eth-trunk 2
#
interface 10GE1/0/2
eth-trunk 2
#
return
4.9.2 Example for Dual-Homing a Switch to an IP Network

Through V-STP
Networking Requirements
As shown in Figure 4-23, the switch is dual-homed to the IP network through M-
LAG. The requirements are as follows:
● When one access link fails, traffic can be fast switched to the other link to
ensure reliability.
● The load balancing mode can be used to forward traffic to make full use of
bandwidth and ensure that two links are in active state.

Switches
Figure 4-23 Dual-homing to an IP network through M-LAG
IP
Network
SwitchC
10GE1/0/1 10GE1/0/2
10GE1/0/1 Peer-link 1 10GE1/0/1

10GE1/0/5 10GE1/0/5
SwitchA SwitchB
10GE1/0/4 10GE1/0/4
10GE1/0/2 10GE1/0/3 10GE1/0/3 10GE1/0/2
10GE1/0/1~1/0/4
Switch
Configuration Roadmap
The configuration roadmap is as follows:
1. On the switch, bind the uplink interface to an Eth-Trunk.

2. Configure the V-STP, DFS group, peer-link, and M-LAG interface on SwitchA
and SwitchB.
3. On SwitchA and SwitchB, configure an IP address and a MAC address for a
VLANIF interface to implement dual-active gateway of access devices.
4. Configure OSPF on SwitchA, SwitchB, and SwitchC to ensure Layer 3
connectivity.
NOTE
In a V-STP scenario, to prevent a port from being blocked due to the spanning tree
calculation result, configure the main interface to implement Layer 3 connectivity or
disable the spanning tree protocol on the IP network.
5. On SwitchA and SwitchB, associate uplink and downlink interfaces with the
Monitor Link group to prevent a user-side traffic forwarding failure and traffic
loss due to the uplink fault.
Procedure
Step 1 On the switch, bind the uplink interface to an Eth-Trunk.
# Configure the switch.

Switches
[~HUAWEI] sysname Switch
[*HUAWEI] commit
[~Switch] vlan batch 11
[*Switch] interface eth-trunk 20
[*Switch-Eth-Trunk20] mode lacp-static
[*Switch-Eth-Trunk20] port link-type trunk
[*Switch-Eth-Trunk20] port trunk allow-pass vlan 11
[*Switch-Eth-Trunk20] trunkport 10ge 1/0/1 to 1/0/4
[*Switch-Eth-Trunk20] quit
[*Switch] commit
Step 2 Configure the V-STP, DFS group, peer-link, and M-LAG interface on SwitchA and
SwitchB.
[~HUAWEI] sysname SwitchA
[*HUAWEI] commit
[~SwitchA] stp mode rstp
[~SwitchA] stp bridge-address 1-1-1
[*SwitchA] stp v-stp enable
[*SwitchA] interface loopback 0
[*SwitchA-LoopBack0] ip address 10.1.1.1 32
[*SwitchA-LoopBack0] quit
[*SwitchA] dfs-group 1
[*SwitchA-dfs-group-1] source ip 10.1.1.1
[*SwitchA-dfs-group-1] priority 150
[*SwitchA-dfs-group-1] quit
[*SwitchA-Eth-Trunk1] peer-link 1
[*SwitchA] vlan batch 11
[*SwitchA-Eth-Trunk10] port link-type trunk
[*SwitchA-Eth-Trunk10] port trunk allow-pass vlan 11
[*SwitchA-Eth-Trunk10] dfs-group 1 m-lag 1
[*SwitchA] commit
[~HUAWEI] sysname SwitchB
[*HUAWEI] commit
[~SwitchB] stp mode rstp
[~SwitchB] stp bridge-address 1-1-1
[*SwitchB] stp v-stp enable
[*SwitchB] interface loopback 0
[*SwitchB-LoopBack0] ip address 10.1.1.2 32
[*SwitchB-LoopBack0] quit
[*SwitchB] dfs-group 1
[*SwitchB-dfs-group-1] source ip 10.1.1.2
[*SwitchB-dfs-group-1] priority 120
[*SwitchB-dfs-group-1] quit
[*SwitchB-Eth-Trunk1] peer-link 1
[*SwitchB] vlan batch 11

Switches

[*SwitchB-Eth-Trunk10] port link-type trunk
[*SwitchB-Eth-Trunk10] port trunk allow-pass vlan 11
[*SwitchB-Eth-Trunk10] dfs-group 1 m-lag 1
[*SwitchB] commit
Step 3 On SwitchA and SwitchB, configure an IP address and a MAC address for a VLANIF
interface to implement dual-active gateway of access devices.
VLANIF interfaces corresponding to M-LAG member interfaces of M-LAG master
and backup devices must be configured with the same IP address and MAC
address so that M-LAG devices use the same IP address and virtual MAC address.
[~SwitchA] interface vlanif 11
[*SwitchA-Vlanif11] ip address 10.2.1.1 24
[*SwitchA-Vlanif11] mac-address 0000-5e00-0101
[*SwitchA-Vlanif11] quit
[*SwitchA] commit
[~SwitchB] interface vlanif 11
[*SwitchB-Vlanif11] ip address 10.2.1.1 24
[*SwitchB-Vlanif11] mac-address 0000-5e00-0101
[*SwitchB-Vlanif11] quit
[*SwitchB] commit
Step 4 Configure OSPF on SwitchA, SwitchB, and SwitchC to ensure Layer 3 connectivity.
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] undo portswitch
[*SwitchA-10GE1/0/1] ip address 10.3.1.1 24
[*SwitchA-10GE1/0/1] quit
[*SwitchA] ospf 1
[*SwitchA-ospf-1] area 0
[*SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.0
[*SwitchA-ospf-1-area-0.0.0.0] quit
[*SwitchA-ospf-1] quit
[*SwitchA] commit
[~SwitchB] interface 10ge 1/0/1
[~SwitchB-10GE1/0/1] undo portswitch
[*SwitchB-10GE1/0/1] ip address 10.4.1.1 24
[*SwitchB-10GE1/0/1] quit
[*SwitchB] ospf 1
[*SwitchB-ospf-1] area 0
[*SwitchB-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.0
[*SwitchB-ospf-1-area-0.0.0.0] quit
[*SwitchB-ospf-1] quit
[*SwitchB] commit
# Configure SwitchC.
[~HUAWEI] sysname SwitchC
[*HUAWEI] commit
[~SwitchC] interface 10ge 1/0/1
[~SwitchC-10GE1/0/1] undo portswitch
[*SwitchC-10GE1/0/1] ip address 10.3.1.2 24

Switches
[*SwitchC-10GE1/0/1] quit
[*SwitchC] interface 10ge 1/0/2
[*SwitchC-10GE1/0/2] undo portswitch
[*SwitchC-10GE1/0/2] ip address 10.4.1.2 24
[*SwitchC-10GE1/0/2] quit
[*SwitchC] ospf 1
[*SwitchC-ospf-1] area 0
[*SwitchC-ospf-1-area-0.0.0.0] network 10.3.1.0 0.0.0.255
[*SwitchC-ospf-1-area-0.0.0.0] network 10.4.1.0 0.0.0.255
[*SwitchC-ospf-1-area-0.0.0.0] quit
[*SwitchC-ospf-1] quit
Step 5 On SwitchA and SwitchB, associate uplink and downlink interfaces with the
Monitor Link group.
[~SwitchA] monitor-link group 1
[*SwitchA-mtlk-group1] port 10ge 1/0/1 uplink
[*SwitchA-mtlk-group1] port eth-trunk 10 downlink 1
[*SwitchA-mtlk-group1] quit
[*SwitchA] commit
[~SwitchB] monitor-link group 1
[*SwitchB-mtlk-group1] port 10ge 1/0/1 uplink
[*SwitchB-mtlk-group1] port eth-trunk 10 downlink 1
[*SwitchB-mtlk-group1] quit
[*SwitchB] commit
Step 6 Verify the configuration.
Run the display dfs-group command to check M-LAG information.
# Check information about the M-LAG with DFS group 1.

[~SwitchA] display dfs-group 1 m-lag
* : Local node
Heart beat state : OK
Node 1 *
Dfs-Group ID : 1
Priority : 150
State : Master
Causation :-
System ID : 0025-9e95-7c31
SysName : SwitchA
Node 2
Dfs-Group ID : 1
Priority : 120
State : Backup
Causation :-
System ID : 0025-9e95-7c11
SysName : SwitchB
# Check M-LAG information on SwitchA.

* - Local node
M-Lag ID Interface Port State Status

1 Eth-Trunk 10 Up active(*)-active
# Check M-LAG information on SwitchB.

Switches
[~SwitchB] display dfs-group 1 node 2 m-lag brief

* - Local node
M-Lag ID Interface Port State Status

1 Eth-Trunk 10 Up active-active(*)
In the preceding command outputs, the value of Heart beat state is OK,
indicating that the heartbeat is normal. SwitchA is used as Node 1, its priority is
150, and its status is Master. SwitchB is used as Node 2, its priority is 120, and its
status is Backup. The value of Causation is -, the values of Port State of Node 1
and Node 2 are both Up, and the M-LAG status of both Node 1 and Node 2 is
active, indicating that the M-LAG configuration is correct.
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
dfs-group 1
priority 150
source ip 10.1.1.1
#
vlan batch 11
#
stp mode rstp
stp v-stp enable
#
interface Vlanif11
ip address 10.2.1.1 255.255.255.0
mac-address 0000-5e00-0101
#
mode lacp-static
peer-link 1
#
mode lacp-static
dfs-group 1 m-lag 1
#
interface 10GE1/0/1
undo portswitch
ip address 10.3.1.1 255.255.255.0
#
interface 10GE1/0/2
eth-trunk 10
#
interface 10GE1/0/3
eth-trunk 10
#
interface 10GE1/0/4
eth-trunk 1
#
interface 10GE1/0/5
eth-trunk 1
#
interface LoopBack0
ip address 10.1.1.1 255.255.255.255
#
monitor-link group 1
port 10GE1/0/1 uplink
port Eth-Trunk10 downlink 1

Switches
#
ospf 1
area 0.0.0.0
network 10.1.1.1 0.0.0.0
network 10.2.1.0 0.0.0.255
network 10.3.1.0 0.0.0.255
#
return
● SwitchB configuration file

#
sysname SwitchB
#
dfs-group 1
priority 120
source ip 10.1.1.2
#
vlan batch 11
#
stp mode rstp
stp v-stp enable
#
interface Vlanif11
ip address 10.2.1.1 255.255.255.0
mac-address 0000-5e00-0101
#
mode lacp-static
peer-link 1
#
mode lacp-static
dfs-group 1 m-lag 1
#
interface 10GE1/0/1
undo portswitch
ip address 10.4.1.1 255.255.255.0
#
interface 10GE1/0/2
eth-trunk 10
#
interface 10GE1/0/3
eth-trunk 10
#
interface 10GE1/0/4
eth-trunk 1
#
interface 10GE1/0/5
eth-trunk 1
#
interface LoopBack0
ip address 10.1.1.2 255.255.255.255
#
monitor-link group 1
port 10GE1/0/1 uplink
port Eth-Trunk10 downlink 1
#
ospf 1
area 0.0.0.0
network 10.1.1.2 0.0.0.0
network 10.2.1.0 0.0.0.255
network 10.4.1.0 0.0.0.255
#
return
● SwitchC configuration file

Switches
#
sysname SwitchC
#
interface 10GE1/0/1
undo portswitch
ip address 10.3.1.2 255.255.255.0
#
interface 10GE1/0/2
undo portswitch
ip address 10.4.1.2 255.255.255.0
#
ospf 1
area 0.0.0.0
network 10.3.1.0 0.0.0.255
network 10.4.1.0 0.0.0.255
#
return
● Switch configuration file

#
sysname Switch
#
vlan batch 11
#
mode lacp-static
#
interface 10GE1/0/1
eth-trunk 20
#
interface 10GE1/0/2
eth-trunk 20
#
interface 10GE1/0/3
eth-trunk 20
#
interface 10GE1/0/4
eth-trunk 20
#
return
4.10 M-LAG Technical Topics

The preceding sections describe only the configuration procedure and examples of
M-LAG. For recommended M-LAG deployment models and configuration
suggestions in more multi-feature scenarios, see M-LAG Technical Topics.

01 04 M LAG Configuration

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

01 04 M LAG Configuration

Uploaded by

Copyright:

Available Formats

CloudEngine 8800, 7800, 6800, and 5800 Series

4.1 Overview of M-LAG

4.1 Overview of M-LAG

Figure 4-1 M-LAG network

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 178

4.2 Understanding M-LAG

4.2.1 Basic Concepts

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 179

Figure 4-2 Basic M-LAG topology

Table 4-1 describes basic concepts of M-LAG.

Table 4-1 Basic concepts of M-LAG

Dynamic Fabric A DFS group is used for pairing between M-LAG

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 180

Peer-link interface Peer-link interfaces are at both ends of a peer-link.

Peer-link A peer-link is between two directly connected devices

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 181

M-LAG member M-LAG member interfaces are the Eth-Trunks on M-

4.2.2 Information Exchange Principles

Figure 4-3 M-LAG establishment

DFS group Hello packet

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 182

1. DFS group pairing

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 183

Table 4-2 M-LAG synchronization packet information

MAC MAC address entry synchronization

ARP ARP packet synchronization

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 184

STP STP status synchronization

Others Information such as the status of an

4.2.3 M-LAG Loop Prevention Mechanism

Figure 4-4 Traffic forwarding when an M-LAG is connected to a Layer 2 network

Unicast traffic from an

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 185

Unidirectional Isolation Mechanism

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 186

Figure 4-5 M-LAG unidirectional isolation

4.2.4 M-LAG Consistency Check

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 187

Regardless of the mode, if the following common configuration of two

Table 4-3 M-LAG consistency check list

System view Whether STP is enabled Type 1

STP working mode

Mapping between VLANs

M-LAG member Whether STP is enabled

System view VLAN configuration Type 2

Static MAC address

Aging time of dynamic

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 188

View Configuration Type

Static ARP entries

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 189

View Configuration Type

Aging time of dynamic

Bridge Domain (BD)

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 190

View Configuration Type

M-LAG member STP priority

4.2.5 Traffic Forwarding When an M-LAG Works Properly

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 191

Unicast Traffic Forwarding

In Figure 4-6, an access device is dual-homed to an M-LAG dual-active system

Figure 4-6 Known unicast traffic forwarding through an M-LAG

North-south unicast traffic

North-south unicast traffic