Chapter 1 Stack
A stack is a management domain formed by a
group of Ethernet switches interconnected through their stack ports. A stack
contains a main switch and multiple slave switches.
Logically, you can consider a stack a
single device and manage all the switches in a stack through the main switch.
You can configure multiple Ethernet
switches interconnected through their stack ports to form a stack by performing
configurations on one of the switches. In this case, the switch becomes the main
switch of the stack.
You can perform the following operations on
a main switch:
l
Configuring an IP address pool for the stack
l
Creating the stack
l
Switching to slave switch view
Before creating a stack, you need to configure
an IP address pool for the stack on the main switch. When adding a switch to a
stack, the main switch picks an IP address from the IP address pool and assigns
the IP address to it automatically.
After a stack is created, the main switch
automatically adds the switches that connected to its stack ports to the stack.
If a stack port connection is disconnected, the corresponding slave switch quits
the stack automatically.
All the switches in a stack except the main
switch are slave switches.
You can configure a slave switch in a stack
on the main switch.
The following are the phases undergone when
a stack is created.
l
Connect the intended main switch and slave
switches through stack modules and dedicated stack cables. (Refer to H3C S3100
Series Ethernet Switches Installation Manual for the information about
stack modules and stack cables.)
l
Configure the IP address pool for the stack and
enable the stack function. The main switch then automatically adds the switches
connected to its stack ports to the stack.
l
When adding a switch joins in a stack, the main
switch automatically assigns an IP address to it.
l
The main switch automatically adds any switches
that are newly connected to the stack through their stack ports to the stack.
The main switch configuration includes:
l
Configuring the IP Address
Pool and Creating the Stack
l
Maintaining Slave Switches
Follow these steps to configure the IP
address pool and creating the stack:
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Configure an IP address pool for a stack
|
stacking ip-pool from-ip-address ip-address-number [
ip-mask ]
|
Required
from-ip-address:
Start address of the IP address pool.
ip-address-number:
Number of the IP addresses in the IP addresses pool. A pool contains 16
addresses by default.
ip-mask:
Mask of the IP address pool.
By default, the IP addresses pool is not
configured.
|
|
Create a stack
|
stacking enable
|
Required
|
Remove the IP
address configured for the existing Layer 3 interface first if you want to
cancel the stack-related configuration, otherwise, IP address conflicts may
occur.
As for the stack-related configurations
performed on a main switch, note that:
l
After a stack is created, the main switch
automatically adds the switches connected to its stack ports to the stack.
l
If a stack port connection is disconnected, the corresponding
slave switch quits the stack automatically.
l
The IP address pool of an existing stack cannot
be modified.
l
To add a switch to a stack successfully, make
sure the IP address pool contains at least one unoccupied IP address.
l
Make sure the IP addresses in the IP address
pool of a stack are successive so that they can be assigned successively. For
example, the IP addresses in an IP address pool with its start IP address
something like 223.255.255.254 are not successive. In this case, errors may occur
when adding a switch to the stack.
l
IP addresses in the IP address pool of a stack
must be of the same network segment. For example, the 1.1.255.254 is not a
qualified start address for a stack IP address pool.
l
If the IP address of the management VLAN
interface of the main switch (or a slave switch) is not of the same network segment
as that of the stack address pool, the main switch (or the slave switch)
automatically removes the existing IP address and picks a new one from the stack
address pool as its IP address.
l
Since both stack and cluster use the management
VLAN and only one VLAN interface is available on the S3100 switch, stack and
cluster must share the same management VLAN if you want to configure stack
within a cluster.
After creating a stack, you can switch to
slave switch view from the main switch to configure slave switches.
|
Operation
|
Command
|
Description
|
|
Switch to slave switch view
|
stacking number
|
Required
Number: Serial
number of the slave switch to be accessed.
You can switch from the user view of the
main switch to that of the slave switch without changing the user level.
|
You can quit slave switch view after slave
switch configuration.
|
Operation
|
Command
|
Description
|
|
Quit slave switch view
|
quit
|
You can quit slave switch view only by
executing this command in user view of a slave switch.
|
If you enable the stack function on a
stack-supporting device, the device will send join-in requests to the connected
stack ports of all the switches connected with the device. This may cause
switches not expecting to join in the stack to join in the stack automatically,
affecting network stability.
You can configure the stack-port function
on the stack ports that are connected with other switches to choose whether to
send join-in requests to the switches, so as to prevent the switches that do
not belong to the local stack from joining in.
Follow these steps to configure the stack
port function:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enter port view
|
interface interface-type
interface-number
|
—
|
|
Enable the stack-port function on the
stack port
|
stack-port enable
|
Required
Enabled by default.
After a switch joins in a stack or
becomes the master switch of a stack, the switch will send/forward stack
join-in requests through this stack port.
|
Just make sure the slave switch is
connected to the main switch through the stack ports. No configuration is
needed.
|
Operation
|
Command
|
Description
|
|
Display the stack status information on
the main switch
|
display stacking [ members ]
|
Optional
The display command can be
executed in any view.
When executed without the members
keyword specified, this command displays the main switch and the number of
switches in the stack.
When being executed with the members
keyword specified, this command displays the member information of the stack,
including stack number, device name, MAC addresses and status of the main
switch/slave switches.
|
|
Display the stack status information on a
slave switch
|
display stacking
|
Optional
The display command can be
executed in any view.
The displayed information indicates that
the local switch is a slave switch. The information such as stack number of
the local switch, and the MAC address of the main switch in the stack is also
displayed.
|
I. Network requirements
Connect Switch A, Switch B and Switch C
with each other through their stack ports to form a stack, in which Switch A
acts as the main switch, while Switches B and C act as slave switches.
Configure Switches B and Switch C through Switch
A.
Figure 1-1 Network
diagram for stack configuration
# Configure the IP address pool for the
stack on Switch A.
<Sysname> system-view
[Sysname] stacking ip-pool
129.10.1.15 3
# Create the stack on switch A.
[Sysname] stacking enable
[stack_0.Sysname] quit
<stack_0.Sysname>
# Display the information about the stack
on switch A.
<stack_0.Sysname> display
stacking
Main device for stack.
Total members:3
Management-vlan:1(default vlan)
# Display the information about the stack
members on switch A.
<stack_0.Sysname> display
stacking members
Member number: 0
Name:stack_0.Sysname
Device: S3100
MAC Address:000f-e20f-c43a
Member status:Admin
IP: 129.10.1.15 /16
Member number: 1
Name:stack_1.Sysname
Device: S3100
MAC Address: 000f-e200-3130
Member status:Up
IP: 129.10.1.16/16
Member number: 2
Name:stack_2.Sysname
Device: S3100
MAC Address: 000f-e200-3135
Member status:Up
IP: 129.10.1.17/16
# Switch to Switch B (a slave switch).
<stack_0.Sysname> stacking 1
<stack_1.Sysname>
# Display the information about the stack on
switch B.
<stack_1.Sysname> display
stacking
Slave device for stack.
Member number:1
Management-vlan:1(default vlan)
Main device mac address:
000f-e20f-c43a
# Switch back to Switch A.
<stack_1.Sysname> quit
<stack_0.Sysname>
# Switch to Switch C (a slave switch).
<stack_0.Sysname> stacking 2
<stack_2.Sysname>
# Switch back to Switch A.
<stack_2.Sysname> quit
<stack_0.Sysname>
A cluster contains a group of switches. Through
cluster management, you can manage multiple geographically dispersed in a
centralized way.
Cluster management is implemented through Huawei
group management protocol (HGMP). HGMP version 2 (HGMPv2) is used at present.
A switch in a cluster plays one of the
following three roles:
l
Management device
l
Member device
l
Candidate device
A cluster comprises of a management device
and multiple member devices. To manage the devices in a cluster, you need only
to configure an external IP address for the management switch. Cluster
management enables you to configure and manage remote devices in batches,
reducing the workload of the network configuration. Normally, there is no need
to configure external IP addresses for member devices.
Figure 2-1 illustrates a cluster
implementation.
Figure 2-1 A cluster implementation
HGMP V2 has the following advantages:
l
It eases the configuration and management of multiple
switches: You just need to configure a public IP address for the management
device instead of for all the devices in the cluster; and then you can configure
and manage all the member devices through the management device without the
need to log onto them one by one.
l
It provides the topology discovery and display function,
which assists in monitoring and maintaining the network.
l
It allows you to configure and upgrade multiple
switches at the same time.
l
It enables you to manage your remotely devices
conveniently regardless of network topology and physical distance.
l
It saves IP address resource.
The switches in a cluster play different
roles according to their functions and status. You can specify the role a switch
plays. A switch in a cluster can also switch to other roles under specific
conditions.
As mentioned above, the three cluster roles
are management device, member device, and candidate device.
Table 2-1
Description on cluster roles
|
Role
|
Configuration
|
Function
|
|
Management device
|
Configured with a external IP address
|
l
Provides an interface for managing all the switches
in a cluster
l
Manages member devices through command
redirection, that is, it forwards the commands intended for specific member
devices.
l
Discovers neighbors, collects the information
about network topology, manages and maintains the cluster. Management device
also supports FTP server and SNMP host proxy.
l
Processes the commands issued by users through
the public network
|
|
Member device
|
Normally, a member device is not assigned
an external IP address
|
l
Members of a cluster
l
Discovers the information about its neighbors,
processes the commands forwarded by the management device, and reports log.
The member devices of a luster are under the management of the management
device.
|
|
Candidate
device
|
Normally, a
candidate device is not assigned an external IP address
|
Candidate
device refers to the devices that do not belong to any clusters but are cluster-capable.
|
Figure 2-2 illustrates the state machine
of cluster role.
Figure 2-2 State machine of cluster role
l
A candidate device becomes a management device
when you create a cluster on it. Note that a cluster must have one (and only
one) management device. On becoming a management device, the device collects
network topology information and tries to discover and determine candidate
devices, which can then be added to the cluster through configurations.
l
A candidate device becomes a member device after
being added to a cluster.
l
A member device becomes a candidate device after
it is removed from the cluster.
l
A management device becomes a candidate device
only after the cluster is removed.
After you create a
cluster on an S3100 switch, the switch collects the network topology
information periodically and adds the candidate switches it finds to the
cluster. The interval for a management device to collect network topology
information is determined by the NTDP timer. If you do not want the candidate switches
to be added to a cluster automatically, you can set the topology collection
interval to 0 by using the ntdp timer command. In this case, the switch
does not collect network topology information periodically.
HGMPv2 consists of the following three protocols:
l
Neighbor discovery protocol (NDP)
l
Neighbor topology discovery protocol (NTDP)
l
Cluster
A cluster configures and manages the devices
in it through the above three protocols.
Cluster management involves topology
information collection and the establishment/maintenance of a cluster. Topology
information collection and cluster establishment/maintenance are independent
from each other. The former, as described below, starts before a cluster is established.
l
All devices use NDP to collect the information about
their neighbors, including software version, host name, MAC address, and port name.
l
The management device uses NTDP to collect the
information about the devices within specific hops and the topology information
about the devices. It also determines the candidate devices according to the
information collected.
l
The management device adds the candidate devices
to the cluster or removes member devices from the cluster according to the
candidate device information collected through NTDP.
I. Introduction to NDP
NDP is a protocol used to discover adjacent
devices and provide information about them. NDP operates on the data link
layer, and therefore it supports different network layer protocols.
NDP is able to discover directly connected
neighbors and provide the following neighbor information: device type,
software/hardware version, and connecting port. In addition, it may provide the
following neighbor information: device ID, port full/half duplex mode, product
version, the Boot ROM version and so on.
l
An NDP-enabled device maintains an NDP neighbor
table. Each entry in the NDP table can automatically ages out. You can also
clear the current NDP information manually to have neighbor information
collected again.
l
An NDP-enabled device regularly broadcasts NDP
packet through all its active ports. An NDP packet carries a holdtime field,
which indicates how long the receiving devices will keep the NDP packet data. The
receiving devices store the information carried in the NDP packet into the NDP
table but do not forward the NDP packet. When they receive another NDP packet,
if the information carried in the packet is different from the stored one, the
corresponding entry in the NDP table is updated, otherwise only the holdtime of
the entry is updated.
NTDP is a protocol used to collect network topology information.
NTDP provides information required for cluster management: it collects topology
information about the switches within the specified hop count, so as to provide
the information of which devices can be added to a cluster.
Based on the neighbor information stored in
the neighbor table maintained by NDP, NTDP on the management device advertises
NTDP topology collection requests to collect the NDP information of each device
in a specific network range as well as the connection information of all its
neighbors. The information collected will be used by the management device or
the network management software to implement required functions.
When a member device detects a change on
its neighbors through its NDP table, it informs the management device through
handshake packets, and the management device triggers its NTDP to perform
specific topology collection, so that its NTDP can discover topology changes
timely.
The management device collects the topology
information periodically. You can also launch an operation of topology
information collection by executing related commands. The process of topology
information collection is as follows.
l
The management device sends NTDP topology
collection requests periodically through its NTDP-enabled ports.
l
Upon receiving an NTDP topology collection request,
the device returns a NTDP topology collection response to the management device
and forwards the request to its neighbor devices through its NTDP-enable ports.
The topology collection response packet contains the information about the
local device and the NDP information about all the neighbor devices.
l
The neighbor devices perform the same operation
until the NTDP topology collection request is propagated to all the devices
within the specified hops.
When an NTDP topology collection request is
propagated in the network, it is received and forwarded by large numbers of
network devices, which may cause network congestion and the management device
busy processing of the NTDP topology collection responses. To avoid such cases,
the following methods can be used to control the NTDP topology collection
request advertisement speed.
l
Configuring the devices not to forward the NTDP
topology collection request immediately after they receive an NTDP topology
collection request. That is, configure the devices to wait for a period before
they forward the NTDP topology collection request.
l
Configuring each NTDP-enabled port on a device
to forward an NTDP topology collection request after a specific period since
the previous port on the device forwards the NTDP topology collection request.
l
To implement NTDP, you need to enable NTDP both globally
and on specific ports on the management device, and configure NTDP parameters.
l
On member/candidate devices, you only need to
enable NTDP globally and on specific ports.
l
Member and candidate devices adopt the NTDP
settings of the management device.
III. Introduction to Cluster
A cluster must have one and only one
management device. Note the following when creating a
cluster:
l
You need to designate a management device for
the cluster. The management device of a cluster is the portal of the cluster.
That is, any operations from outside the network intended for the member
devices of the cluster, such as accessing, configuring, managing, and
monitoring, can only be implemented through the management device.
l
The management device of the cluster recognizes
and controls all the member devices in the cluster, no matter where they are
located in the network and how they are connected.
l
The management device collects topology
information about all member/candidate devices to provide useful information
for you to establish the cluster.
l
By collecting NDP/NTDP information, the
management device learns network topology, so as to manage and monitor network devices.
l
Before performing any cluster-related configuration
task, you need to enable the cluster function first.
On the management device, you need to enable the cluster function
and configure cluster parameters. On the member/candidate devices, however, you
only need to enable the cluster function so that they can be managed by the
management device.
IV. Cluster maintenance
1)
Adding a candidate device to a cluster
To create a cluster, you need to determine
the device to operate as the management device first. The management device
discovers and determines candidate devices through NDP and NTDP, and adds them
to the cluster. You can also add candidate devices to a cluster manually.
After a candidate device is added to a
cluster, the management device assigns a member number and a private IP address
(used for cluster management) to it.
2)
Communications within a cluster
In a cluster, the management device maintains
the connections to the member devices through handshake packets. Figure 2-3
illustrates the state machine of the connection between the management device and
a member device.
Figure 2-3 State machine of the
connection between the management device and a member device
l
After a cluster is created and a candidate
device is added to the cluster as a member device, both the management device and
the member device store the state information of the member device and mark the
member device as Active.
l
The management device and the member devices exchange
handshake packets periodically. Note that the handshake packets exchanged keep
the states of the member devices to be Active and are not responded.
l
If the management device does not receive a
handshake packet from a member device after a period three times of the
interval to send handshake packets, it changes the state of the member device
from Active to Connect. Likewise, if a member device fails to receive a
handshake packet from the management device after a period three times of the
interval to send handshake packets, the state of the member device will also be
changed from Active to Connect.
l
If the management device receives a handshake packet
or management packet from a member device that is in Connect state within the
information holdtime, it changes the state of the member device to Active;
otherwise, it changes the state of the member device (in Connect state) to Disconnect,
in which case the management device considers the member device disconnected. Likewise,
if this member device, which is in Connect state, receives a handshake packet or
management packet from the management device within the information holdtime,
it changes its state to Active; otherwise, it changes its state to Disconnect.
l
If the connection between the management device
and a member device in Disconnect state is recovered, the member device will be
added to the cluster again. After that, the state of the member device will turn
to Active both locally and on the management device.
Besides, handshake packets are also used by
member devices to inform the management device of topology changes.
Additionally, on the management device, you
can configure the FTP server, TFTP server, logging host and SNMP host to be
shared by the whole cluster. When a member device in the cluster communicates
with an external server, the member device first transmits data to the
management device, which then forwards the data to the external server. The
management device serves as the default shared FTP server when no shared FTP server
is configured for the cluster.
V. Management VLAN
Management VLAN limits the range of cluster
management. Through management VLAN configuration, the following functions can
be implemented:
l
Enabling the management packets (including NDP
packets, NTDP packets, and handshake packets) to be transmitted in the
management VLAN only, through which the management packets are isolated from
other packets and network security is improved.
l
Enabling the management device and the member
devices to communicate with each other in the management VLAN.
Cluster management requires the packets of
the management VLAN be permitted on ports connecting the management device and
the member/candidate devices. Therefore:
l
If the packets of management VLAN are not permitted
on a candidate device port connecting to the management device, the candidate
device cannot be added to the cluster. In this case, you can enable the packets
of the management VLAN to be permitted on the port through the management VLAN
auto-negotiation function.
l
Packets of the management VLAN can be exchanged
between the management device and a member device/candidate device without
carrying VLAN tags only when the default VLAN ID of both the two ports
connecting the management device and the member/candidate device is the
management VLAN. If the VLAN IDs of the both sides are not that of the
management VLAN, packets of the management VLAN need to be tagged.
l
By default, the management VLAN interface is
used as the network management interface.
l
There is only one network management interface
on a management device; any newly configured network management interface will overwrite
the old one.
VI. Tracing a device in a cluster
In practice, you need to implement the
following in a cluster sometimes:
l
Know whether there is a loop in the cluster
l
Locate which port on which switch initiates a
network attack
l
Determine the port and switch that a MAC address
corresponds to
l
Locate which switch in the cluster has a fault
l
Check whether a link in the cluster and the devices
on the link comply with the original plan
In these situations, you can use the tracemac
command to trace a device in the cluster by specifying a destination MAC
address or IP address.
The procedures are as follows:
1)
Determine whether the destination MAC address or
destination IP address is used to trace a device in the cluster
l
If you use the tracemac command to trace
the device by its MAC address, the switch will query its MAC address table
according to the MAC address and VLAN ID in the command to find out the port
connected with the downstream switch.
l
If you use the tracemac command to trace
the device by its IP address, the switch will query the corresponding ARP entry
of the IP address to find out the corresponding MAC address and VLAN ID, and
thus find out the port connected with the downstream switch.
2)
After finding out the port connected with the
downstream switch, the switch will send a multicast packet with the VLAN ID and
specified hops to the port. Upon receiving the packet, the downstream switch
compares its own MAC address with the destination MAC address carried in the
multicast packet:
l
If the two MAC addresses are the same, the
downstream switch sends a response to the switch sending the tracemac
command, indicating the success of the tracemac command.
l
If the two MAC addresses are different, the
downstream switch will query the port connected with its downstream switch
based on the MAC address and VLAN ID, and then forward the packet to its
downstream switch. If within the specified hops, a switch with the specified
destination MAC address is found, this switch sends a response to the switch
sending the tracemac command, indicating the success of the tracemac
command. If no switch with the specified destination MAC address (or IP
address) is found, the multicast packet will not be forwarded to the downstream
any more.
l
If the queried IP address has a corresponding
ARP entry, but the MAC address entry corresponding to the IP address does not
exist, the trace of the device fails.
l
To trace a specific device using the tracemac
command, make sure that all the devices passed support the tracemac
function.
l
To trace a specific device in a management VLAN
using the tracemac command, make sure that all the devices passed are
within the same management VLAN as the device to be traced.
Before configuring a cluster, you need to determine
the roles and functions the switches play. You also need to configure the
related functions, preparing for the communication between devices within the
cluster.
Complete the following tasks to configure cluster:
I. Management device configuration
tasks
Complete the following tasks to configure
management device:
To reduce the risk of being attacked by malicious users against
opened socket and enhance switch security, the S3100 series Ethernet switches
provide the following functions, so that a cluster socket is opened only when
it is needed:
l
Opening UDP por
