Why are some protocol packets fail to be transparently transmitted after the multicast drop-unknown command is configured on an S series switch

4

After the multicast drop-unknown command is configured on a switch, the switch forwards packets with destination MAC and IP addresses as multicast addresses according to the multicast forwarding table. If a packet matches no multicast forwarding entry, the switch considers it as an unknown multicast packet and drops it.
Some protocol packets, such as OSPF packets, VRRP packets, and IPv6 RA messages, use reserved group addresses as destination MAC and IP addresses and match no multicast forwarding entry. If the switch is configured to drop unknown multicast packets using the multicast drop-known command, the switch drops these protocol packets.
Therefore, do not use the multicast drop-unknown command in a VLAN if the switch needs to transparently transmit protocol packets with reserved group addresses.

Other related questions:
How do I configure trunk interface of S series switch
Example for configuring a VLAN for a trunk interface For S series switches (except S1700 switches): A trunk interface can connect other switches and can join multiple VLANs. The interface is added to the PVID VLAN in untagged mode and to other VLANs in tagged mode. [HUAWEI]vlan batch 2 3 //Create a VLAN. [HUAWEI]interface gigabitethernet 0/0/3 [HUAWEI-GigabitEthernet0/0/3]port link-type trunk //Sets the link type of the interface to trunk. [HUAWEI-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 to 10 //Add the interface to VLANs 2 to 10. [HUAWEI-GigabitEthernet0/0/3]port trunk pvid vlan 2 //(Optional) Specify VLAN 2 as the default VLAN (default value: VLAN 1).

How to configure Layer 2 transparent transmission of 802.1x authentication packets on an S series switch
An extensible authentication protocol (EAP) packet in 802.1x authentication is a bridge protocol data unit (BPDU). By default, S series switches do not perform Layer 2 forwarding for BPDUs. If a Layer 2 switch exists between an 802.1x authentication-enabled device and a user, Layer 2 transparent transmission must be configured on the switch. Otherwise, EAP packets sent by the user cannot reach the authentication device and the user cannot pass authentication The following describes different methods of configuring Layer 2 transparent transmission of 802.1x authentication packets on a fixed switch and a modular switch: - Assume that the Layer 2 fixed switch connects to the upstream device through GE0/0/1, and connects to users through GE0/0/2. [HUAWEI] l2protocol-tunnel user-defined-protocol dot1x protocol-mac 0180-c200-0003 group-mac 0100-0000-0002 [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] l2protocol-tunnel user-defined-protocol dot1x enable [HUAWEI-GigabitEthernet0/0/1] bpdu enable [HUAWEI-GigabitEthernet0/0/1] quit [HUAWEI] interface gigabitethernet 0/0/2 [HUAWEI-GigabitEthernet0/0/2] l2protocol-tunnel user-defined-protocol dot1x enable [HUAWEI-GigabitEthernet0/0/2] bpdu enable [HUAWEI-GigabitEthernet0/0/2] quit - Assume that the Layer 2 modular switch connects to the upstream device through GE1/0/1, and connects to users through GE1/0/2. [HUAWEI] l2protocol-tunnel user-defined-protocol dot1x protocol-mac 0180-c200-0003 group-mac 0100-0000-0002 [HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] l2protocol-tunnel user-defined-protocol dot1x enable [HUAWEI-GigabitEthernet1/0/1] bpdu bridge enable [HUAWEI-GigabitEthernet1/0/1] quit [HUAWEI] interface gigabitethernet 1/0/2 [HUAWEI-GigabitEthernet1/0/2] l2protocol-tunnel user-defined-protocol dot1x enable [HUAWEI-GigabitEthernet1/0/2] bpdu bridge enable [HUAWEI-GigabitEthernet1/0/2] quit Note that you cannot set the group-mac parameter to the following addresses: - Reserved multicast MAC addresses: 0180-C200-0000 to 0180-C200-002F - Special multicast MAC addresses: 0100-0CCC-CCCC and 0100-0CCC-CCCD - Destination MAC address of Smart Link packets: 010F-E200-0004 - Multicast MAC addresses used on the switch.

Layer 2 transparent transmission mechanism for 802.1x protocol packets on S series switches
For S series switches (except the S1700), the Layer 2 transparent transmission mechanism for 802.1 protocol packets is as follows: 1. When an 802.1x protocol packet reaches the ingress node, the switch changes the multicast destination MAC address of the packet to a specified multicast MAC address. 2. After the MAC address of an 802.1x protocol packet is changed, the switch does not send the packet to the CPU for processing but directly forwards the packet on the Layer 2 network based on the configuration. 3. When the 802.1x protocol packet reaches the egress node, the switch restores the multicast destination MAC address of the packet to the standard multicast destination MAC address based on the mapping between the specified multicast destination MAC address and the 802.1x protocol configured on the switch.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top