- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 关于我们
01-IRF典型配置举例
本章节下载: 01-IRF典型配置举例 (1.78 MB)
目 录
6 管理用以太网口配置ARP MAD典型配置举例(管理功能和MAD功能配置在同一接口)
7 管理用以太网口配置BFD MAD典型配置举例(管理功能和MAD功能配置在不同接口)
10.5.1 搭建IRF(配置Device C和Device D加入IRF)
10.5.2 搭建IRF(配置原IRF和IRF-C合并成IRF)
本文介绍了如何搭建IRF以及在IRF上配置链路聚合和路由功能。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文档假设您已了解IRF特性。
S6850和S9850系列交换机不但可以与本系列内的交换机建立IRF,而且这两个系列的设备之间也能够建立IRF。
S6805系列交换机只能与同系列的设备组成IRF。
S6825系列交换机只能与同系列的设备组成IRF。
S9820-64H交换机仅能与相同型号的交换机之间建立IRF。
S6860系列交换机支持相同系列的交换机建立IRF。
S6800系列交换机仅支持相同分组内的交换机之间建立IRF。分组情况如下:
S6800-54HF、S6800-54HT、S6800-2C-FC,以及产品代码为LS-6800-32Q-H1、LS-6800-54QF-H3、LS-6800-54QT-H3、LS-6800-2C-H1、LS-6800-4C-H1的这一组机型之间支持建立IRF。
产品代码为LS-6800-32Q、LS-6800-2C、LS-6800-4C的这一组机型之间支持建立IRF。
S6800系列交换机中,产品代码为LS-6800-54QF-H5的机型不能与其他型号的机型建立IRF。
IRF中所有成员设备的软件版本必须相同,如果有软件版本不同的设备要加入IRF,请确保IRF的启动文件同步加载功能处于开启状态。
S6850&S9850系列交换机支持通过以下端口建立IRF物理连接:
· QSFP+口工作在40G速率
· QSFP28口(除了LSWM18CQMSEC接口模块扩展卡上的端口)工作在40G或100G速率。LSWM18CQMSEC接口模块扩展卡上的端口不支持做IRF物理端口。
S6805、S6825系列交换机可以通过QSFP28口提供40G/100G IRF物理连接。
S6805、S6825、S6850、S9850系列交换机不支持1G/10G/25G/50G IRF物理连接。
S9820-64H交换机支持通过前面板上的QSFP28口建立100G速率IRF物理连接。QSFP28口工作于40G速率时不支持用于IRF连接,QSFP28口拆分的10G口或25G口不支持用于IRF连接。
S6800系列交换机能够通过10GBase-T以太网口、SFP+口、QSFP+口、QSFP+口拆分的10GE接口或QSFP28口提供10GE/40GE/100GE速率的IRF物理连接。
S6860系列交换机能够通过10GBase-T以太网口、SFP+口、QSFP+口、QSFP+口拆分的10GE接口或QSFP28口提供10GE/40GE/100GE速率的IRF物理连接。有关QSFP28口的使用方式请参见“二层技术-以太网交换配置指导”中的“以太网接口”。
S6860设备编号最大的六个QSFP+端口作为40G端口使用,并且用作IRF物理端口时:
建议两端设备都使用前四个QSFP+端口,或者都使用后两个QSFP+端口,此方式可以使用光模块/光缆连接IRF物理端口,也可以使用电缆连接IRF物理端口。
如果一端设备使用前四个QSFP+端口,另一端设备使用后两个QSFP+端口,请使用光模块/光缆连接IRF物理端口。
LSWM18CQMSEC接口模块扩展卡上的端口不支持做IRF物理端口。
对于S6800、S6860系列交换机,部分设备或接口模块扩展卡的QSFP+口、QSFP28口不支持拆分功能,具体请参见对应产品系列的安装手册。
S6805、S6825、S6850、S9850系列交换机支持使用QSFP28光模块及光纤、QSFP28光缆、QSFP28电缆、QSFP+光模块及光纤、QSFP+光缆或QSFP+电缆连接IRF物理端口,不支持使用QSFP28 to SFP28和QSFP+ to SFP+电缆连接IRF物理端口。
在S6850和S9850系列交换机上,使用QSFP+电缆连接IRF物理端口时需要注意:
· 链路两端需要都是固定端口或者都是接口模块扩展卡上的端口,不支持固定端口和接口模块模块扩展卡上的端口之间连接。
· 接口模块扩展卡上的端口作IRF物理端口时,两端必须使用同一款型的接口模块扩展卡。
· S6850-2C后面板的固定QSFP28口使用QSFP+电缆进行IRF连接时,对端也必须为S6850-2C后面板的固定QSFP28口。
S9820-64H交换机支持使用QSFP28光模块及光纤、QSFP28光缆、QSFP28电缆建立100G速率的IRF物理连接,不支持40G/25G/10G IRF物理连接。
对于S6800、S6860系列交换机,不同类型IRF物理端口需要采用不同的模块或线缆进行连接:
10Gbase-T以太网端口:使用6A类及以上双绞线进行连接。
SFP+口:使用SFP+光模块及光纤或SFP+线缆进行连接。
SFP28口:使用SFP28光模块及光纤或SFP28线缆进行连接。
QSFP+口:使用QSFP+光模块及光纤或QSFP+线缆进行连接。
QSFP28口:使用QSFP28光模块及光纤、QSFP28线缆、QSFP+光模块及光纤或QSFP+线缆进行连接。
其中双绞线、SFP+/SFP28/QSFP+/QSFP28线缆长度较短,性能和稳定性高,适用于机房内部短距离的IRF连接;而SFP+/SFP28/QSFP+/QSFP28光模块和光纤的组合则更加灵活,可以用于较远距离的IRF连接。
使用QSFP+电缆连接IRF物理端口时需要注意:
· 链路两端需要都是固定端口或者都是接口模块扩展卡上的端口,不支持固定端口和接口模块模块扩展卡上的端口之间连接。
· 接口模块扩展卡上的端口作IRF物理端口时,两端必须使用同一款型的接口模块扩展卡。
关于光模块或线缆的具体型号,请参见产品安装手册。
· 有关光模块和电缆的详细介绍,请参见《H3C光模块手册》。
· H3C光模块和电缆的种类随着时间变化有更新的可能性,所以,若您需要准确的模块种类信息,请咨询H3C公司市场人员或技术支援人员。
在S6850和S9850系列交换机上,使用40G QSFP+电缆进行IRF连接的IRF设备不支持进行ISSU升级。需要进行ISSU升级时,可以将IRF连接更换为100G的光模块/光缆/电缆连接或40G光模块/光缆连接。有关ISSU的详细介绍,请参见“基础配置指导”中的“ISSU”。
本设备上与IRF-Port1口绑定的IRF物理端口只能和邻居成员设备IRF-Port2口上绑定的IRF物理端口相连,本设备上与IRF-Port2口绑定的IRF物理端口只能和邻居成员设备IRF-Port1口上绑定的IRF物理端口相连,如图1所示。否则,不能形成IRF。
一个IRF端口可以与一个或多个IRF物理端口绑定,以提高IRF链路的带宽以及可靠性。在本系列交换机上,一个IRF端口最多可以与8个IRF物理端口绑定。
图1 IRF物理连接示意图
以太网接口作为IRF物理端口与IRF端口绑定后,只支持配置以下命令:
· 接口基本配置命令,包括shutdown和description命令。有关这些命令的详细介绍,请参见“二层技术-以太网交换命令参考”中的“以太网接口”。
· 配置接口统计信息的时间间隔命令,flow-interval命令。有关该命令的详细介绍,请参见“二层技术-以太网交换命令参考”中的“以太网接口”。
· PFC功能命令,包括priority-flow-control和priority-flow-control no-drop dot1p命令。有关这些命令的详细介绍,请参见“二层技术-以太网交换命令参考”中的“以太网接口”。
· 链路震荡保护功能命令,port link-flap protect enable命令。为了避免IRF物理链路震荡影响IRF系统稳定性,IRF物理端口缺省开启本功能(本功能在IRF物理端口的开启状态不受全局链路震荡保护功能开启状态影响)。当IRF物理链路在检查时间间隔内震荡次数超过阈值,设备将打印提示信息,但不会关闭IRF物理端口。有关该命令的更多介绍,请参见“二层技术-以太网交换命令参考”中的“以太网接口”。
· MAC配置命令,包括mac-address static source-check enable命令。在VXLAN/EVPN组网中,为了保证跨成员设备的三层报文的正常转发,请在每个IRF物理端口下配置undo mac-address static source-check enable命令。有关命令的详细介绍,请参见“二层技术-以太网交换命令参考”中的“MAC地址表”。
· LLDP功能命令,包括lldp admin-status、lldp check-change-interval、lldp enable、lldp encapsulation snap、lldp notification remote-change enable和lldp tlv-enable。有关这些命令的详细介绍,请参见“二层技术-以太网交换命令参考”中的“LLDP”。
· 将端口加入业务环回组,port service-loopback group命令,但配置后端口与IRF端口绑定的配置将被清除。当IRF端口只绑定了一个物理端口时请勿进行此配置,以免IRF分裂。有关该命令的详细介绍,请参见“二层技术-以太网交换命令参考”中的“业务环回组”。
· 将端口配置为远程源镜像反射端口,mirroring-group reflector-port命令,但配置后端口与IRF端口绑定的配置将被清除。当IRF端口只绑定了一个物理端口时请勿进行此配置,以免IRF分裂。有关该命令的详细介绍,请参见“网络管理和监控命令参考”中的“镜像”。
IRF成员设备根据接收和发送报文的端口以及IRF的当前拓扑,来判断报文发送后是否会产生环路。如果判断结果为会产生环路,设备将在环路路径的发送端口处将报文丢弃。该方式会造成大量广播报文在IRF物理端口上被丢弃,此为正常现象。在使用SNMP工具监测设备端口的收发报文记录时,取消对IRF物理端口的监测,可以避免收到大量丢弃报文的告警信息。
在组成IRF的所有设备上,系统工作模式的配置(通过system-working-mode命令配置)必须相同,否则这些设备将无法组成IRF。关于系统工作模式的介绍,请参见“基础配置指导”中的“设备管理”。
在组成IRF的所有设备上,硬件资源模式的配置(通过hardware-resource switch-mode命令配置)必须相同,否则这些设备将无法组成IRF。关于硬件资源模式的介绍,请参见“基础配置指导”中的“设备管理”。
在组成IRF的所有设备上,以下路由相关配置必须相同,否则这些设备将无法组成IRF。
· 等价路由模式(通过ecmp mode命令配置)。
· 前缀大于64位的IPv6路由功能(通过hardware-resource routing-mode ipv6-128命令配置)。
关于上述功能的详细介绍,请参见“三层技术-IP路由配置指导”中的“IP路由基础”。
在组成IRF的所有设备上,OpenFlow的无丢包模式开启状态必须一致(通过openflow lossless enable命令配置),否则这些设备将无法组成IRF。有关OpenFlow无丢包模式的详细介绍,请参见“OpenFlow配置指导”中的“OpenFlow”。
对于S6805、S6825、S6850、S9850系列交换机和S6800、S6860系列交换机,在组成IRF的所有设备上,VXLAN硬件资源模式的配置(通过hardware-resource vxlan命令配置)必须相同,否则这些设备将无法组成IRF。关于VXLAN硬件资源模式的介绍,请参见“VXLAN配置指导”。
对于S6800、S6860系列交换机,请确保IRF中各成员设备上安装的特性License一致,否则,可能会导致这些License对应的特性不能正常运行。
以下IRF相关配置不支持配置回滚:
· 配置成员设备的描述信息(irf member description)
· 配置IRF中成员设备的优先级(irf member priority)
· 配置IRF端口与IRF物理端口的绑定关系(port group interface)
有关配置回滚的详细介绍,请参见“基础配置指导”中的“配置文件”。
某数据中心搭建的组网如图2所示,使用本系列产品作为每个机柜的ToR(Top of Rack)接入设备,将服务器和存储设备接入网络。现要求使用图2所示的两个机柜上的四台本系列产品,通过IRF技术组成具备高密度接入能力和高可靠性的接入层,并使用LACP MAD功能及时发现和处理IRF的分裂事件。
为完成组网需求,我们将配置分为以下三部分进行:
· 搭建IRF的配置
· LACP MAD配置
· 基础网络连通性配置
|
产品 |
软件版本 |
|
S6805系列 |
不支持 |
|
S6825系列 |
不支持 |
|
S6850系列 |
不支持 |
|
S9850系列 |
不支持 |
|
S9820-64H |
不支持 |
|
S9820-8C |
不支持 |
|
S6800系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S6860系列 |
不支持 |
|
S6826系列 |
不支持 |
|
S9826系列 |
不支持 |
· IRF的连接拓扑可以为环形或链形。为进一步提高IRF的可靠性,本例中我们采用环形拓扑来组建IRF,建议您在有条件的情况下使用环形拓扑。
· IRF链路主要用于传输跨物理设备的业务流量,建议使用比接入终端的端口更高的速率来实现IRF连接。本例中将一个IRF端口与两个物理端口绑定形成聚合IRF物理端口,提高传输速率的同时还能够提供IRF链路的高可靠性,物理连接的形态如图3所示。
· 为区分IRF中的各成员设备,我们需要为四台设备分配成员编号。本例中以四台设备从左至右的成员编号分别为1、2、3、4为例。
· IRF中包括一台主设备和多台从设备,主设备可以通过默认选举规则选举产生,也可以通过设置优先级来手工指定。本例中我们通过设置优先级来指定设备DeviceA为主设备。
图3 IRF物理连接示意图
表1 IRF物理端口
|
IRF端口 |
IRF物理端口 |
|
|
DeviceA |
IRF-port1 |
FortyGigE1/0/51 |
|
FortyGigE1/0/52 |
||
|
IRF-port2 |
FortyGigE1/0/53 |
|
|
FortyGigE1/0/54 |
||
|
DeviceB |
IRF-port1 |
FortyGigE2/0/51 |
|
FortyGigE2/0/52 |
||
|
IRF-port2 |
FortyGigE2/0/53 |
|
|
FortyGigE2/0/54 |
||
|
DeviceC |
IRF-port1 |
FortyGigE3/0/51 |
|
FortyGigE3/0/52 |
||
|
IRF-port2 |
FortyGigE3/0/53 |
|
|
FortyGigE3/0/54 |
||
|
DeviceD |
IRF-port1 |
FortyGigE4/0/51 |
|
FortyGigE4/0/52 |
||
|
IRF-port2 |
FortyGigE4/0/53 |
|
|
FortyGigE4/0/54 |
缺省情况下,所有设备上端口编号的第一维均为1,表示设备成员编号。在对成员设备修改编号后,端口编号会随之改变,表1列出的是修改后的编号。
(1) 配置Device A
# 将用作IRF物理端口的FortyGigE1/0/51~FortyGigE1/0/54的手工关闭。使用端口批量配置功能可以更快速的完成配置。
<DeviceA> system-view
[DeviceA] interface range fortygige 1/0/51 to fortygige 1/0/54
[DeviceA-if-range] shutdown
[DeviceA-if-range] quit
# 创建IRF端口1,与端口FortyGigE1/0/51和FortyGigE1/0/52绑定。
[DeviceA] irf-port 1/1
[DeviceA-irf-port1/1] port group interface fortygige 1/0/51
[DeviceA-irf-port1/1] port group interface fortygige 1/0/52
[DeviceA-irf-port1/1] quit
# 创建IRF端口2,与端口FortyGigE1/0/53和FortyGigE1/0/54绑定。
[DeviceA] irf-port 1/2
[DeviceA-irf-port1/2] port group interface fortygige 1/0/53
[DeviceA-irf-port1/2] port group interface fortygige 1/0/54
[DeviceA-irf-port1/2] quit
# 开启FortyGigE1/0/51~FortyGigE1/0/54端口。
[DeviceA] interface range fortygige 1/0/51 to fortygige 1/0/54
[DeviceA-if-range] undo shutdown
[DeviceA-if-range] quit
# 配置Device A的成员优先级为31,以保证其成为IRF中的主设备。
[DeviceA] irf member 1 priority 31
# 将当前配置保存到下次启动配置文件。
[DeviceA] quit
<DeviceA> save
# 激活IRF端口的配置。
<DeviceA> system-view
[DeviceA] irf-port-configuration active
(2) 配置Device B
# 配置Device B的成员编号为2,并重启设备使配置生效。
<DeviceB> system-view
[DeviceB] irf member 1 renumber 2
Renumbering the member ID may result in configuration change or loss. Continue? [Y/N]:y
[DeviceB] quit
<DeviceB> reboot
# 将用作IRF物理端口的FortyGigE2/0/51~FortyGigE2/0/54的手工关闭。使用端口批量配置功能可以更快速的完成配置。
<DeviceB> system-view
[DeviceB] interface range fortygige 2/0/51 to fortygige 2/0/54
[DeviceB-if-range] shutdown
[DeviceB-if-range] quit
# 创建IRF端口1,与端口FortyGigE2/0/51和FortyGigE2/0/52绑定。
[DeviceB] irf-port 2/1
[DeviceB-irf-port2/1] port group interface fortygige 2/0/51
[DeviceB-irf-port2/1] port group interface fortygige 2/0/52
[DeviceB-irf-port2/1] quit
# 创建IRF端口2,与端口FortyGigE2/0/53和FortyGigE2/0/54绑定。
[DeviceB] irf-port 2/2
[DeviceB-irf-port2/2] port group interface fortygige 2/0/53
[DeviceB-irf-port2/2] port group interface fortygige 2/0/54
[DeviceB-irf-port2/2] quit
# 开启FortyGigE2/0/51~FortyGigE2/0/54端口。
[DeviceB] interface range fortygige 2/0/51 to fortygige 2/0/54
[DeviceB-if-range] undo shutdown
[DeviceB-if-range] quit
# 将当前配置保存到下次启动配置文件。
[DeviceB] quit
<DeviceB> save
# 参照图3连接DeviceB和DeviceA。
# 激活IRF端口的配置。
<DeviceB> system-view
[DeviceB] irf-port-configuration active
# 系统会提示发生IRF合并,由于DeviceB的IRF优先级为缺省值1,低于DeviceA,因此会在竞选中失败而自动重启,重启后两台设备形成一个IRF。
(3) 配置Device C
# 配置Device C的成员编号为3,并重启设备使配置生效。
<DeviceC> system-view
[DeviceC] irf member 1 renumber 3
Renumbering the member ID may result in configuration change or loss. Continue? [Y/N]:y
[DeviceC] quit
<DeviceC> reboot
# 将用作IRF物理端口的FortyGigE3/0/51~FortyGigE3/0/54的手工关闭。使用端口批量配置功能可以更快速的完成配置。
<DeviceC> system-view
[DeviceC] interface range fortygige 3/0/51 to fortygige 3/0/54
[DeviceC-if-range] shutdown
[DeviceC-if-range] quit
# 创建IRF端口1,与端口FortyGigE3/0/51和FortyGigE3/0/52绑定。
[DeviceC] irf-port 3/1
[DeviceC-irf-port3/1] port group interface fortygige 3/0/51
[DeviceC-irf-port3/1] port group interface fortygige 3/0/52
[DeviceC-irf-port3/1] quit
# 创建IRF端口2,与端口FortyGigE3/0/53和FortyGigE3/0/54绑定。
[DeviceC] irf-port 3/2
[DeviceC-irf-port3/2] port group interface fortygige 3/0/53
[DeviceC-irf-port3/2] port group interface fortygige 3/0/54
[DeviceC-irf-port3/2] quit
# 开启FortyGigE3/0/51~FortyGigE3/0/54端口。
[DeviceC] interface range fortygige 3/0/51 to fortygige 3/0/54
[DeviceC-if-range] undo shutdown
[DeviceC-if-range] quit
# 将当前配置保存到下次启动配置文件。
[DeviceC] quit
<DeviceC> save
# 参照图3连接DeviceC和DeviceB。
# 激活IRF端口的配置。
<DeviceC> system-view
[DeviceC] irf-port-configuration active
# 系统会提示发生IRF合并,DeviceC会自动重启,重启后作为从设备加入由DeviceA和DeviceB组成的IRF。
(4) 配置Device D
# 配置Device D的成员编号为4,并重启设备使配置生效。
<DeviceD> system-view
[DeviceD] irf member 1 renumber 4
Renumbering the member ID may result in configuration change or loss. Continue? [Y/N]:y
[DeviceD] quit
<DeviceD> reboot
# 将用作IRF物理端口的FortyGigE4/0/51~FortyGigE4/0/54的手工关闭。使用端口批量配置功能可以更快速的完成配置。
<DeviceD> system-view
[DeviceD] interface range fortygige 4/0/51 to fortygige 4/0/54
[DeviceD-if-range] shutdown
[DeviceD-if-range] quit
# 创建IRF端口1,与端口FortyGigE4/0/51和FortyGigE4/0/52绑定。
[DeviceD] irf-port 4/1
[DeviceD-irf-port4/1] port group interface fortygige 4/0/51
[DeviceD-irf-port4/1] port group interface fortygige 4/0/52
[DeviceD-irf-port4/1] quit
# 创建IRF端口2,与端口FortyGigE4/0/53和FortyGigE4/0/54绑定。
[DeviceD] irf-port 4/2
[DeviceD-irf-port4/2] port group interface fortygige 4/0/53
[DeviceD-irf-port4/2] port group interface fortygige 4/0/54
[DeviceD-irf-port4/2] quit
# 开启FortyGigE4/0/51~FortyGigE4/0/54端口。
[DeviceD] interface range fortygige 4/0/51 to fortygige 4/0/54
[DeviceD-if-range] undo shutdown
[DeviceD-if-range] quit
# 将当前配置保存到下次启动配置文件。
[DeviceD] quit
<DeviceD> save
# 参照图3连接DeviceD和DeviceC。
# 激活IRF端口的配置。
<DeviceD> system-view
[DeviceD] irf-port-configuration active
# 系统会提示发生IRF合并,DeviceD会自动重启,重启后作为从设备加入由DeviceA、DeviceB和DeviceC组成的IRF。
# IRF建立完成后,命令行的提示符将变为DeviceA的主机名,即“DeviceA”。为便于辨认,将IRF的主机名修改为IRF。
<DeviceA> system-view
[DeviceA] sysname IRF
[IRF]
所有设备都配置完成后,网络中将形成一个包含四台成员设备的IRF,效果如图4所示。从组网中其它设备的角度来看,IRF是一台普通的实体网络设备。从整体网络拓扑来看,接入层已经形成一台具有高密度接入能力的设备,所有机柜中的服务器和存储设备均使用同一台设备接入网络。
图4 IRF搭建完成后的组网示意图
在数据中心组网中,为了实现更简单的拓扑结构,一般在接入层和汇聚层均采用IRF技术进行整合。本例中假设汇聚层的四台框式设备已经建立IRF。
· LACP MAD检测方式需要通过一台支持LACP协议的中间设备来进行,在本例中,我们可以在汇聚层IRF和接入层IRF上同时开启LACP MAD功能,使两个IRF相互作为中间设备,完成各自的LACP MAD检测。
· 在两个IRF设备之间配置LACP MAD检测时,需要为每个IRF配置不同的域编号。
· 在实际连接时,为保证上行带宽,建议使用更快速的端口实现上行聚合连接,本例中使用40GE端口进行上行连接。
接入层的设备上行物理连接的示意图如图5所示。
图5 LACP MAD组网连接图
实际使用中,您也可以在汇聚层和接入层IRF的所有成员设备间建立全连接,以实现更高的可靠性。所有的上行链路在拓扑上都被视为一条上行聚合链路。
按图5的方式连接之后,每个IRF都将对方识别为一台LACP MAD的中间设备,并且本IRF中的每台成员设备都与对端IRF存在物理连接,满足LACP MAD的组网条件。LACP MAD的逻辑示意图请参见图6。
图6 LACP MAD逻辑连接示意图
LACP MAD必须在动态聚合接口上应用才能生效。
(1) 配置接入层IRF
# 设置IRF域编号为1。
<IRF> system-view
[IRF] irf domain 1
# 创建一个动态聚合接口,编号为2,并使能LACP MAD检测功能。
[IRF] interface bridge-aggregation 2
[IRF-Bridge-Aggregation2] link-aggregation mode dynamic
[IRF-Bridge-Aggregation2] mad enable
You need to assign a domain ID (range: 0-4294967295)
[Current domain is: 1]:
The assigned domain ID is: 1
[IRF-Bridge-Aggregation2] quit
# 为方便进行聚合组的配置,可以使用接口批量配置功能。使用名称为lacp的端口批量配置组, 将所有上行接口加入动态聚合接口2中。
为端口批量配置组命名可以方便后期再对上行端口进行批量配置,直接输入名称即可进入端口批量配置视图。
[IRF] interface range name lacp interface FortyGigE 1/0/49 to FortyGigE 1/0/50 FortyGigE 2/0/49 to FortyGigE 2/0/50 FortyGigE 3/0/49 to FortyGigE 3/0/50 FortyGigE 4/0/49 to FortyGigE 4/0/50
[IRF-if-range-lacp] port link-aggregation group 2
[IRF-if-range-lacp] quit
(2) 配置汇聚层IRF
# 设置IRF域编号为2。
<Sysname> system-view
[Sysname] irf domain 2
# 创建一个动态聚合接口,编号为2,并使能LACP MAD检测功能。
[Sysname] interface bridge-aggregation 2
[Sysname-Bridge-Aggregation2] link-aggregation mode dynamic
[Sysname-Bridge-Aggregation2] mad enable
You need to assign a domain ID (range: 0-4294967295)
[Current domain is: 2]:
The assigned domain ID is: 2
[Sysname-Bridge-Aggregation2] quit
# 将所有下行接口加入动态聚合接口2中。
[Sysname] interface fortygige 1/2/0/1
[Sysname-FortyGigE1/2/0/1] port link-aggregation group 2
[Sysname-FortyGigE1/2/0/1] quit
[Sysname] interface fortygige 1/3/0/1
[Sysname-FortyGigE1/3/0/1] port link-aggregation group 2
[Sysname-FortyGigE1/3/0/1] quit
[Sysname] interface fortygige 2/3/0/1
[Sysname-FortyGigE2/3/0/1] port link-aggregation group 2
[Sysname-FortyGigE2/3/0/1] quit
[Sysname] interface fortygige 2/4/0/2
[Sysname-FortyGigE2/4/0/2] port link-aggregation group 2
[Sysname-FortyGigE2/4/0/2] quit
[Sysname] interface fortygige 3/4/0/1
[Sysname-FortyGigE3/4/0/1] port link-aggregation group 2
[Sysname-FortyGigE3/4/0/1] quit
[Sysname] interface fortygige 3/3/0/2
[Sysname-FortyGigE3/3/0/2] port link-aggregation group 2
[Sysname-FortyGigE3/3/0/2] quit
[Sysname] interface fortygige 4/2/0/1
[Sysname-FortyGigE4/2/0/1] port link-aggregation group 2
[Sysname-FortyGigE4/2/0/1] quit
[Sysname] interface fortygige 4/3/0/1
[Sysname-FortyGigE4/3/0/1] port link-aggregation group 2
[Sysname-FortyGigE4/3/0/1] quit
· 本例中IRF工作在二层环境下,因此网络连通性配置以聚合链路功能为主。
· 在完成LACP MAD的配置后,上行的聚合组主要配置已经完成,只需要再配置允许通过的业务VLAN即可。
· 为提高可靠性,每个机柜中的服务器和存储设备都将以双上行的形式连接到本机柜中的两台ToR交换机上,并且将两条上行链路进行聚合。因此在接入层IRF中,需要将连接每台终端设备的两个端口也配置为一个聚合组。
此处仅以一台属于VLAN10内的服务器为例进行连接示意,其它终端设备请参照此方式进行连接。
(1) 配置接入层IRF
# 创建VLAN10。
<IRF> system-view
[IRF] vlan 10
# 创建一个动态聚合接口3。
[IRF] interface bridge-aggregation 3
[IRF-Bridge-Aggregation3] link-aggregation mode dynamic
[IRF-Bridge-Aggregation3] quit
# 在聚合接口中添加成员端口Ten-GigabitEthernet1/0/10。
[IRF] interface ten-gigabitethernet 1/0/10
[IRF-Ten-GigabitEthernet1/0/10] port link-aggregation group 3
[IRF-Ten-GigabitEthernet1/0/10] quit
# 在聚合接口中添加成员端口Ten-GigabitEthernet2/0/10。
[IRF] interface ten-gigabitethernet 2/0/10
[IRF-GigabitEthernet2/0/10] port link-aggregation group 3
[IRF-GigabitEthernet2/0/10] quit
# 将聚合接口3加入VLAN10。
[IRF] interface bridge-aggregation 3
[IRF-Bridge-Aggregation3] port access vlan 10
[IRF-Bridge-Aggregation3] quit
# 配置上行聚合接口2为Trunk类型,并允许VLAN10通过。
[IRF] interface bridge-aggregation 2
[IRF-Bridge-Aggregation2] port link-type trunk
[IRF-Bridge-Aggregation2] port trunk permit vlan 10
[IRF-Bridge-Aggregation2] quit
# 将当前配置保存到下次启动配置文件。
[IRF] save
(2) 配置汇聚层IRF
# 创建VLAN10。
<Sysname> system-view
[Sysname] vlan 10
# 配置下行聚合接口2为Trunk类型,并允许VLAN10通过。
[Sysname] interface bridge-aggregation 2
[Sysname-Bridge-Aggregation2] port link-type trunk
[Sysname-Bridge-Aggregation2] port trunk permit vlan 10
[Sysname-Bridge-Aggregation2] quit
# 在接入层IRF上,使用display irf命令查看当前IRF的信息。
<Sysname> display irf
MemberID Role Priority CPU-Mac Description
*+1 Master 31 00e0-fc0f-8c02 ---
2 Standby 1 00e0-fc0f-8c03 ---
3 Standby 1 00e0-fc0f-8c04 ---
4 Standby 1 00e0-fc0f-8c05 ---
--------------------------------------------------
* indicates the device is the master.
+ indicates the device through which the user logs in.
The Bridge MAC of the IRF is: 0cda-414a-859b
Auto upgrade : yes
Mac persistent : 6 min
Domain ID : 1
通过上述信息,可以看到IRF中已经包含四台设备。
# 使用display irf topology命令查看IRF连接拓扑。
<Sysname> display irf topology
Topology Info
-------------------------------------------------------------------------
IRF-Port1 IRF-Port2
MemberID Link neighbor Link neighbor Belong To
1 UP 2 UP 4 0cda-414a-859b
2 UP 3 UP 1 0cda-414a-859b
3 UP 4 UP 2 0cda-414a-859b
4 UP 1 UP 3 0cda-414a-859b
通过上述信息,可以确认IRF实际拓扑形态符合组网需求。
# 任选一台服务器(以图7中ServerA为例),以汇聚层IRF的IP地址(以10.153.116.111为例)为目标进行ping操作。
C:\Users>ping 10.153.116.111 –t
# 将接入层IRF连接服务器的聚合组3中Ten-GigabitEthernet1/0/10端口shutdown。
[IRF] interface ten-gigabitethernet 1/0/10
[IRF-Ten-GigabitEthernet1/0/10] shutdown
[IRF-Ten-GigabitEthernet1/0/10] quit
# 在ServerA上查看,ping操作出现短暂中断后仍然可以继续返回连通信息。
Pinging 10.153.116.111 with 32 bytes of data:
Reply from 10.153.116.111: bytes=32 time<1ms TTL=128
Reply from 10.153.116.111: bytes=32 time<1ms TTL=128
Request timed out.
Reply from 10.153.116.111: bytes=32 time<1ms TTL=128
Reply from 10.153.116.111: bytes=32 time<1ms TTL=128
# 将接入层IRF连接汇聚层IRF的聚合组2中FortyGigE1/0/49和FortyGigE1/0/50端口同时shutdown,使ServerA不能通过DeviceA接入汇聚层。
[IRF] interface range FortyGigE 1/0/49 FortyGigE 1/0/50
[IRF-if-range] shutdown
# 在ServerA上查看,ping操作出现短暂中断后仍然可以继续返回连通信息。
Pinging 10.153.116.111 with 32 bytes of data:
Reply from 10.153.116.111: bytes=32 time<1ms TTL=128
Reply from 10.153.116.111: bytes=32 time<1ms TTL=128
Request timed out.
Reply from 10.153.116.111: bytes=32 time<1ms TTL=128
Reply from 10.153.116.111: bytes=32 time<1ms TTL=128
以上信息表示,ServerA已经通过DeviceB接入汇聚层。
断开任意两台ToR交换机之间的两条IRF物理链路,IRF仍能正常工作,没有分裂。
由于本例中的IRF使用环形拓扑,因此当一条IRF链路出现故障后,IRF拓扑将变为链型,不会发生分裂。现在将DeviceB和DeviceC,以及DeviceA和DeviceD之间的物理连接均断开,IRF将分裂为两个IRF,两个IRF内的成员分别如图8所示。
图8 IRF分裂示意图
# 发生分裂时,系统将输出IRF链路状态错误提示,以及成员设备失效提示,IRF1的输出信息为:
%Jan 1 05:19:10:176 2018 H3C STM/3/STM_LINK_STATUS_DOWN: IRF port 2 is down.
%Jan 1 05:19:10:184 2018 H3C IFNET/3/PHY_UPDOWN: FortyGigE1/0/53 link status is down.
%Jan 1 05:19:10:184 2018 H3C IFNET/3/PHY_UPDOWN: FortyGigE1/0/54 link status is down.
%Jan 1 05:19:10:176 2018 H3C STM/3/STM_LINK_STATUS_DOWN: IRF port 1 is down.
%Jan 1 05:19:10:184 2018 H3C IFNET/3/PHY_UPDOWN: FortyGigE2/0/51 link status is down.
%Jan 1 05:19:10:184 2018 H3C IFNET/3/PHY_UPDOWN: FortyGigE2/0/52 link status is down.
%Jan 1 05:19:10:186 2018 H3C DEV/3/BOARD_REMOVED: Board is removed from Slot 3, type is MAIN_BOARD_TYPE_54QT.
%Jan 1 05:19:10:186 2018 H3C DEV/3/BOARD_REMOVED: Board is removed from Slot 4, type is MAIN_BOARD_TYPE_54QT.
# 同时在IRF2上也会提示信息,可以看到在分裂初始阶段,IRF2认为IRF1已经失效,自身成为主设备,但是很快通过LACP MAD功能发现网络中存在多个配置相同的IRF。由于IRF2的主设备编号较大,因此在MAD冲突后将变为Recovery状态,关闭所有端口。
%Jan 1 05:53:20:784 2018 H3C HA/5/HA_STANDBY_TO_MASTER: Standby board in slot 3 changes to master.
%Jan 1 05:53:20:831 2018 H3C DEV/3/BOARD_REMOVED: Board is removed from Slot 1, type is MAIN_BOARD_TYPE_54QT.
%Jan 1 05:53:20:831 2018 H3C DEV/3/BOARD_REMOVED: Board is removed from Slot 2, type is MAIN_BOARD_TYPE_54QT.
%Jan 1 05:53:20:860 2018 H3C DEV/1/MAD_DETECT: Multi-active devices detected, please fix it.
%Jan 1 05:53:20:886 2018 H3C IFNET/3/PHY_UPDOWN: M-GigabitEthernet0/0/0 link status is down.
%Jan 1 05:53:20:887 2018 H3C IFNET/5/LINK_UPDOWN: Line protocol on the interface M-GigabitEthernet0/0/0 is down.
%Jan 1 05:53:20:912 2018 H3C IFNET/3/PHY_UPDOWN: FortyGigE3/0/49 link status is down.
%Jan 1 05:53:20:914 2018 H3C IFNET/5/LINK_UPDOWN: Line protocol on the interface FortyGigE3/0/49 is down.
%Jan 1 05:53:20:912 2018 H3C IFNET/3/PHY_UPDOWN: FortyGigE3/0/50 link status is down.
%Jan 1 05:53:20:914 2018 H3C IFNET/5/LINK_UPDOWN: Line protocol on the interface FortyGigE3/0/49 is down.
%Jan 1 05:53:20:912 2018 H3C IFNET/3/PHY_UPDOWN: FortyGigE4/0/49 link status is down.
%Jan 1 05:53:20:914 2018 H3C IFNET/5/LINK_UPDOWN: Line protocol on the interface FortyGigE3/0/49 is down.
%Jan 1 05:53:20:912 2018 H3C IFNET/3/PHY_UPDOWN: FortyGigE4/0/50 link status is down.
%Jan 1 05:53:20:914 2018 H3C IFNET/5/LINK_UPDOWN: Line protocol on the interface FortyGigE3/0/49 is down.
# 如果此时IRF1也发生了故障,您可以登录到DeviceC或DeviceD的Console口,使用mad restore命令先将IRF2恢复为Active状态,启动被关闭的接口。
<Sysname> system-view
[Sysname] mad restore
This command will restore the device from multi-active conflict state. Continue? [Y/N]:y
Restoring from multi-active conflict state, please wait...
[Sysname]
%Jan 1 05:24:41:249 2018 H3C IFNET/3/PHY_UPDOWN: Ten-GigabitEthernet2/0/10 link status is up.
%Jan 1 05:24:41:249 2018 H3C IFNET/5/LINK_UPDOWN: Line protocol on the interface Ten-GigabitEthernet2/0/10 is up.
%Jan 1 05:24:41:325 2018 H3C IFNET/3/PHY_UPDOWN: FortyGigE2/0/49 link status is up.
%Jan 1 05:24:41:325 2018 H3C IFNET/3/PHY_UPDOWN: FortyGigE2/0/50 link status is up.
%Jan 1 05:24:46:266 2018 H3C IFNET/3/PHY_UPDOWN: M-GigabitEthernet0/0/0 link status is up.
%Jan 1 05:24:46:268 2018 H3C IFNET/5/LINK_UPDOWN: Line protocol on the interface M-GigabitEthernet0/0/0 is up.
通过以上信息可以得知,IRF2已经恢复在网络中的功能,此时您可以修复IRF1以及及IRF链路。
当IRF1上任意一条与IRF2相连的链路完成修复后,IRF1上将输出IRF端口状态恢复及出现IRF合并的提示信息。
%Jan 1 05:29:06:913 2018 H3C IFNET/3/PHY_UPDOWN: FortyGigE1/0/53 link status is up.
%Jan 1 05:29:06:914 2018 H3C IFNET/5/LINK_UPDOWN: Line protocol on the interface FortyGigE1/0/53 is up.
%Jan 1 05:29:06:913 2018 H3C IFNET/3/PHY_UPDOWN: FortyGigE1/0/54 link status is up.
%Jan 1 05:29:06:914 2018 H3C IFNET/5/LINK_UPDOWN: Line protocol on the interface FortyGigE1/0/54 is up.
%Jan 1 05:29:07:106 2018 H3C STM/6/STM_LINK_STATUS_UP: IRF port 2 is up.
%Jan 1 05:29:07:810 2018 H3C STM/4/STM_LINK_RECOVERY: Merge occurs.
# 此时IRF2将自动重启,重启后两台设备再次形成IRF。
# 通过display irf命令的显示信息,可以看到IRF系统已经恢复。
<Sysname> display irf
MemberID Role Priority CPU-Mac Description
*+1 Master 31 00e0-fc0f-8c02 ---
2 Standby 1 00e0-fc0f-8c03 ---
3 Standby 1 00e0-fc0f-8c04 ---
4 Standby 1 00e0-fc0f-8c05 ---
--------------------------------------------------
* indicates the device is the master.
+ indicates the device through which the user logs in.
The Bridge MAC of the IRF is: 0cda-414a-859b
Auto upgrade : yes
Mac persistent : 6 min
Domain ID : 1
· 接入层IRF的配置
#
sysname IRF
#
irf domain 1
irf member 1 priority 31
#
vlan 10
#
irf-port 1/1
port group interface FortyGigE1/0/51
port group interface FortyGigE1/0/52
#
irf-port 1/2
port group interface FortyGigE1/0/53
port group interface FortyGigE1/0/54
#
irf-port 2/1
port group interface FortyGigE2/0/51
port group interface FortyGigE2/0/52
#
irf-port 2/2
port group interface FortyGigE2/0/53
port group interface FortyGigE2/0/54
#
irf-port 3/1
port group interface FortyGigE3/0/51
port group interface FortyGigE3/0/52
#
irf-port 3/2
port group interface FortyGigE3/0/53
port group interface FortyGigE3/0/54
#
irf-port 4/1
port group interface FortyGigE4/0/51
port group interface FortyGigE4/0/52
#
irf-port 4/2
port group interface FortyGigE4/0/53
port group interface FortyGigE4/0/54
#
interface Bridge-Aggregation2
port link-type trunk
port trunk permit vlan 1 10
link-aggregation mode dynamic
mad enable
#
interface Bridge-Aggregation3
port access vlan 10
link-aggregation mode dynamic
#
interface FortyGigE1/0/49
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10
port link-aggregation group 2
#
interface FortyGigE1/0/50
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10
port link-aggregation group 2
#
interface FortyGigE2/0/49
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10
port link-aggregation group 2
#
interface FortyGigE2/0/50
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10
port link-aggregation group 2
#
interface FortyGigE3/0/49
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10
port link-aggregation group 2
#
interface FortyGigE3/0/50
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10
port link-aggregation group 2
#
interface FortyGigE4/0/49
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10
port link-aggregation group 2
#
interface FortyGigE4/0/50
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10
port link-aggregation group 2
#
interface Ten-GigabitEthernet1/0/10
port link-mode bridge
port access vlan 10
port link-aggregation group 3
#
interface Ten-GigabitEthernet2/0/10
port link-mode bridge
port access vlan 10
port link-aggregation group 3
· 汇聚层IRF的配置
#
irf domain 2
#
vlan 10
#
interface Bridge-Aggregation2
port link-type trunk
port trunk permit vlan 1 10
link-aggregation mode dynamic
mad enable
#
interface FortyGigE1/2/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10
port link-aggregation group 2
#
interface FortyGigE1/3/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10
port link-aggregation group 2
#
interface FortyGigE2/3/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10
port link-aggregation group 2
#
interface FortyGigE2/4/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10
port link-aggregation group 2
#
interface FortyGigE3/3/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10
port link-aggregation group 2
#
interface FortyGigE3/4/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10
port link-aggregation group 2
#
interface FortyGigE4/2/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10
port link-aggregation group 2
#
interface FortyGigE4/3/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10
port link-aggregation group 2
某企业网络搭建的组网图如图9所示,接入层交换机通过上行接口将业务终端的数据转发至汇聚层设备,由汇聚层设备将终端对外网的访问数据通过路由转发至核心层设备,再发送至外网。核心层设备目前运行OSPF路由协议。现要求使用四台本系列设备,使用IRF技术搭建具备高性能路由转发能力和高可靠性的汇聚层网关。
为完成组网需求,我们将配置分为以下三部分进行:
· 搭建IRF的配置
· BFD MAD配置
· 基础网络连通性配置
表2 适用产品及版本
|
产品 |
软件版本 |
|
S6805系列 |
不支持 |
|
S6825系列 |
不支持 |
|
S6850系列 |
不支持 |
|
S9850系列 |
不支持 |
|
S9820-64H |
不支持 |
|
S9820-8C |
不支持 |
|
S6800系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S6860系列 |
不支持 |
|
S6826系列 |
不支持 |
|
S9826系列 |
不支持 |
· IRF的连接拓扑可以为环形或链形。为进一步提高IRF的可靠性,本例中我们采用环形拓扑来组建IRF,建议您在有条件的情况下使用环形拓扑。
· IRF链路主要用于传输跨物理设备的业务流量,建议使用比接入终端的端口更高的速率来实现IRF连接。本例中将一个IRF端口与两个物理端口绑定形成聚合IRF物理端口,提高传输速率的同时还能够提供IRF链路的高可靠性,物理连接的形态如图10所示。
· 为区分IRF中的各成员设备,我们需要为四台设备分配成员编号。本例中以四台设备从左至右的成员编号分别为1、2、3、4为例。
· IRF中包括一台主设备和多台从设备,主设备可以通过默认选举规则选举产生,也可以通过设置优先级来手工指定。本例中我们通过设置优先级来指定设备DeviceA为主设备。
图10 IRF物理连接示意图
表2 IRF物理端口
|
设备 |
IRF端口 |
IRF物理端口 |
|
DeviceA |
IRF-port1 |
FortyGigE1/0/51 |
|
FortyGigE1/0/52 |
||
|
IRF-port2 |
FortyGigE1/0/53 |
|
|
FortyGigE1/0/54 |
||
|
DeviceB |
IRF-port1 |
FortyGigE2/0/51 |
|
FortyGigE2/0/52 |
||
|
IRF-port2 |
FortyGigE2/0/53 |
|
|
FortyGigE2/0/54 |
||
|
DeviceC |
IRF-port1 |
FortyGigE3/0/51 |
|
FortyGigE3/0/52 |
||
|
IRF-port2 |
FortyGigE3/0/53 |
|
|
FortyGigE3/0/54 |
||
|
DeviceD |
IRF-port1 |
FortyGigE4/0/51 |
|
FortyGigE4/0/52 |
||
|
IRF-port2 |
FortyGigE4/0/53 |
|
|
FortyGigE4/0/54 |
缺省情况下,所有设备上端口编号的第一维均为1,表示设备成员编号。在对成员设备修改编号后,端口编号会随之改变,表2列出的是修改后的编号。
(1) 配置Device A
# 将用作IRF物理端口的FortyGigE1/0/51~FortyGigE1/0/54的手工关闭。使用端口批量配置功能可以更快速的完成配置。
<DeviceA> system-view
[DeviceA] interface range fortygige 1/0/51 to fortygige 1/0/54
[DeviceA-if-range] shutdown
[DeviceA-if-range] quit
# 创建IRF端口1,与端口FortyGigE1/0/51和FortyGigE1/0/52绑定。
[DeviceA] irf-port 1/1
[DeviceA-irf-port1/1] port group interface fortygige 1/0/51
[DeviceA-irf-port1/1] port group interface fortygige 1/0/52
[DeviceA-irf-port1/1] quit
# 创建IRF端口2,与端口FortyGigE1/0/53和FortyGigE1/0/54绑定。
[DeviceA] irf-port 1/2
[DeviceA-irf-port1/2] port group interface fortygige 1/0/53
[DeviceA-irf-port1/2] port group interface fortygige 1/0/54
[DeviceA-irf-port1/2] quit
# 开启FortyGigE1/0/51~FortyGigE1/0/54端口。
[DeviceA] interface range fortygige 1/0/51 to fortygige 1/0/54
[DeviceA-if-range] undo shutdown
[DeviceA-if-range] quit
# 配置Device A的成员优先级为31,以保证其成为IRF中的主设备。
[DeviceA] irf member 1 priority 31
# 将当前配置保存到下次启动配置文件。
[DeviceA] quit
<DeviceA> save
# 激活IRF端口的配置。
<DeviceA> system-view
[DeviceA] irf-port-configuration active
(2) 配置Device B
# 配置Device B的成员编号为2,并重启设备使配置生效。
<DeviceB> system-view
[DeviceB] irf member 1 renumber 2
Renumbering the member ID may result in configuration change or loss. Continue? [Y/N]:y
[DeviceB] quit
<DeviceB> reboot
# 将用作IRF物理端口的FortyGigE2/0/51~FortyGigE2/0/54的手工关闭。使用端口批量配置功能可以更快速的完成配置。
<DeviceB> system-view
[DeviceB] interface range fortygige 2/0/51 to fortygige 2/0/54
[DeviceB-if-range] shutdown
[DeviceB-if-range] quit
# 创建IRF端口1,与端口FortyGigE2/0/51和FortyGigE2/0/52绑定。
[DeviceB] irf-port 2/1
[DeviceB-irf-port2/1] port group interface fortygige 2/0/51
[DeviceB-irf-port2/1] port group interface fortygige 2/0/52
[DeviceB-irf-port2/1] quit
# 创建IRF端口2,与端口FortyGigE2/0/53和FortyGigE2/0/54绑定。
[DeviceB] irf-port 2/2
[DeviceB-irf-port2/2] port group interface fortygige 2/0/53
[DeviceB-irf-port2/2] port group interface fortygige 2/0/54
[DeviceB-irf-port2/2] quit
# 开启FortyGigE2/0/51~FortyGigE2/0/54端口。
[DeviceB] interface range fortygige 2/0/51 to fortygige 2/0/54
[DeviceB-if-range] undo shutdown
[DeviceB-if-range] quit
# 将当前配置保存到下次启动配置文件。
[DeviceB] quit
<DeviceB> save
# 参照图10连接DeviceB和DeviceA。
# 激活IRF端口的配置。
<DeviceB> system-view
[DeviceB] irf-port-configuration active
# 系统会提示发生IRF合并,由于DeviceB的IRF优先级为缺省值1,低于DeviceA,因此会在竞选中失败而自动重启,重启后两台设备形成一个IRF。
(3) 配置Device C
# 配置Device C的成员编号为3,并重启设备使配置生效。
<DeviceC> system-view
[DeviceC] irf member 1 renumber 3
Renumbering the member ID may result in configuration change or loss. Continue? [Y/N]:y
[DeviceC] quit
<DeviceC> reboot
# 将用作IRF物理端口的FortyGigE3/0/51~FortyGigE3/0/54的手工关闭。使用端口批量配置功能可以更快速的完成配置。
<DeviceC> system-view
[DeviceC] interface range fortygige 3/0/51 to fortygige 3/0/54
[DeviceC-if-range] shutdown
[DeviceC-if-range] quit
# 创建IRF端口1,与端口FortyGigE3/0/51和FortyGigE3/0/52绑定。
[DeviceC] irf-port 3/1
[DeviceC-irf-port3/1] port group interface fortygige 3/0/51
[DeviceC-irf-port3/1] port group interface fortygige 3/0/52
[DeviceC-irf-port3/1] quit
# 创建IRF端口2,与端口FortyGigE3/0/53和FortyGigE3/0/54绑定。
[DeviceC] irf-port 3/2
[DeviceC-irf-port3/2] port group interface fortygige 3/0/53
[DeviceC-irf-port3/2] port group interface fortygige 3/0/54
[DeviceC-irf-port3/2] quit
# 开启FortyGigE3/0/51~FortyGigE3/0/54端口。
[DeviceC] interface range fortygige 3/0/51 to fortygige 3/0/54
[DeviceC-if-range] undo shutdown
[DeviceC-if-range] quit
# 将当前配置保存到下次启动配置文件。
[DeviceC] quit
<DeviceC> save
# 参照图10连接DeviceC和DeviceB。
# 激活IRF端口的配置。
<DeviceC> system-view
[DeviceC] irf-port-configuration active
# 系统会提示发生IRF合并,DeviceC会自动重启,重启后作为从设备加入由DeviceA和DeviceB组成的IRF。
(4) 配置Device D
# 配置Device D的成员编号为4,并重启设备使配置生效。
<DeviceD> system-view
[DeviceD] irf member 1 renumber 4
Renumbering the member ID may result in configuration change or loss. Continue? [Y/N]:y
[DeviceD] quit
<DeviceD> reboot
# 将用作IRF物理端口的FortyGigE4/0/51~FortyGigE4/0/54的手工关闭。使用端口批量配置功能可以更快速的完成配置。
<DeviceD> system-view
[DeviceD] interface range fortygige 4/0/51 to fortygige 4/0/54
[DeviceD-if-range] shutdown
[DeviceD-if-range] quit
# 创建IRF端口1,与端口FortyGigE4/0/51和FortyGigE4/0/52绑定。
[DeviceD] irf-port 4/1
[DeviceD-irf-port4/1] port group interface fortygige 4/0/51
[DeviceD-irf-port4/1] port group interface fortygige 4/0/52
[DeviceD-irf-port4/1] quit
# 创建IRF端口2,与端口FortyGigE4/0/53和FortyGigE4/0/54绑定。
[DeviceD] irf-port 4/2
[DeviceD-irf-port4/2] port group interface fortygige 4/0/53
[DeviceD-irf-port4/2] port group interface fortygige 4/0/54
[DeviceD-irf-port4/2] quit
# 开启FortyGigE4/0/51~FortyGigE4/0/54端口。
[DeviceD] interface range fortygige 4/0/51 to fortygige 4/0/54
[DeviceD-if-range] undo shutdown
[DeviceD-if-range] quit
# 将当前配置保存到下次启动配置文件。
[DeviceD] quit
<DeviceD> save
# 参照图10连接DeviceD和DeviceC。
# 激活IRF端口的配置。
<DeviceD> system-view
[DeviceD] irf-port-configuration active
# 系统会提示发生IRF合并,DeviceD会自动重启,重启后作为从设备加入由DeviceA、DeviceB和DeviceC组成的IRF。
# IRF建立完成后,命令行的提示符将变为DeviceA的主机名,即“DeviceA”。为便于辨认,将IRF的主机名修改为IRF。
<DeviceA> system-view
[DeviceA] sysname IRF
[IRF]
所有设备都配置完成后,网络中将形成一个包含四台成员设备的IRF,效果如图11所示。从组网中其它设备的角度来看,IRF是一台普通的实体网络设备。从整体网络拓扑来看,汇聚层已经形成一台高端口密度的独立设备。
图11 IRF搭建完成后的组网示意图
BFD MAD检测需要使用独立的检测链路,可以通过以下方式建立检测链路:
· 在成员设备较少的情况下,可以使用成员设备间全连接的方式。
· 在成员设备较多时,需要使用中间设备,并在每台成员设备与中间设备之间建立物理连接。
本例中我们利用一台接入层交换机作为中间设备来实现BFD MAD检测。
中间设备用于透传BFD协议报文,协助IRF中的成员设备进行MAD检测,因此只需要保证BFD MAD检测链路上的所有端口都处于同一个VLAN内即可,且该VLAN应为BFD MAD专用,不能包含除BFD MAD检测链路之外的其它链路。
图12 BFD MAD组网连接图
在IRF设备上:
· 使能了BFD MAD检测功能的VLAN接口以及对应VLAN内的端口上不支持包括ARP和LACP在内的所有的二层或三层协议应用。
· 如果网络中存在多个IRF,在配置BFD MAD时,各IRF必须使用不同的VLAN作为BFD MAD检测专用VLAN。
· 不允许在Vlan-interface1接口上使能BFD MAD检测功能。
· BFD MAD检测功能与生成树功能互斥,在使能了BFD MAD检测功能的三层接口对应VLAN内的端口上,请不要使能生成树协议。
· 在用于BFD MAD检测的接口下必须使用mad ip address命令配置MAD IP地址,而不要配置其它IP地址(包括使用ip address命令配置的普通IP地址、VRRP虚拟IP地址等),以免影响MAD检测功能。
· 为保证MAD检测功能正常运行,请不要将MAD IP地址配置为设备上已经使用的IP地址。
在中间设备上:
· BFD MAD检测链路上的端口必须属于同一VLAN,且该VLAN内不能包含其它端口。
· 为保证BFD MAD检测功能正常运行,BFD MAD检测链路上的端口请不要配置其它功能,建议在缺省配置的基础上进行配置。
(1) IRF上的配置
# 创建VLAN 1000,并将用于BFD MAD检测的所有端口(包括Ten-GigabitEthernet1/0/1、Ten-GigabitEthernet2/0/1、Ten-GigabitEthernet3/0/1和Ten-GigabitEthernet4/0/1)加入VLAN中。
<IRF> system-view
[IRF] vlan 1000
[IRF-vlan1000] port ten-gigabitethernet 1/0/1 ten-gigabitethernet 2/0/1 ten-gigabitethernet 3/0/1 ten-gigabitethernet 4/0/1
[IRF-vlan3] quit
# 创建VLAN接口1000,并配置MAD IP地址,本例中选用未使用的网段192.168.2.0/24的地址作为MAD IP地址。
[IRF] interface vlan-interface 1000
[IRF-Vlan-interface1000] mad bfd enable
[IRF-Vlan-interface1000] mad ip address 192.168.2.1 24 member 1
[IRF-Vlan-interface1000] mad ip address 192.168.2.2 24 member 2
[IRF-Vlan-interface1000] mad ip address 192.168.2.3 24 member 3
[IRF-Vlan-interface1000] mad ip address 192.168.2.4 24 member 4
[IRF-Vlan-interface1000] quit
# 因为BFD MAD和生成树功能互斥,所以在用于BFD MAD检测的端口上关闭生成树协议。
[IRF] interface ten-gigabitethernet 1/0/1
[IRF-Ten-GigabitEthernet-1/0/1] undo stp enable
[IRF-Ten-GigabitEthernet-1/0/1] quit
[IRF] interface ten-gigabitethernet 2/0/1
[IRF-Ten-GigabitEthernet-2/0/1] undo stp enable
[IRF-Ten-GigabitEthernet-2/0/1] quit
[IRF] interface ten-gigabitethernet 3/0/1
[IRF-Ten-GigabitEthernet-3/0/1] undo stp enable
[IRF-Ten-GigabitEthernet-3/0/1] quit
[IRF] interface ten-gigabitethernet 4/0/1
[IRF-Ten-GigabitEthernet-4/0/1] undo stp enable
[IRF-Ten-GigabitEthernet-4/0/1] quit
(2) 中间设备上的配置
# 创建VLAN 1000,并将用于BFD MAD检测的所有端口(包括GigabitEthernet1/0/1、GigabitEthernet1/0/2、GigabitEthernet1/0/3和GigabitEthernet1/0/4)加入VLAN中。
<Sysname> system-view
[Sysname] vlan 1000
[Sysname-vlan1000] port gigabitethernet 1/0/1 gigabitethernet 1/0/2 gigabitethernet 1/0/3 gigabitethernet 1/0/4
[Sysname-vlan3] quit
本例中以部门B和部门C为例介绍网络基础连通性配置,其它部门可参照此方式进行配置。
· 本例中IRF工作在三层环境下,因此网络基础连通性配置包括与上下行设备的链路连接配置以及路由协议配置。
· 在完成IRF的搭建后,对于下行设备,可以将上行链路连接到IRF的多台成员设备上形成聚合组;而IRF也可以将自己的上行聚合链路的成员端口分布到不同的成员设备上,以提高网络的整体可靠性。
· IRF作为网关设备,需要将连接接入层设备和核心层设备的链路加入不同的VLAN,并配置VLAN接口及IP地址,最终通过OSPF实现路由信息的收集。
在本例中,核心层两台设备分别具有连接到外网的线路,IRF与上下行设备的连接和接口IP规划如图13所示。
由于IRF在网络拓扑中相当于一台独立设备,因此在组网示意图中,使用单台设备表示IRF。
|
设备 |
聚合接口 |
成员端口 |
所属VLAN |
接口IP地址 |
|
RouterA |
Agg40 |
Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/3 Ten-GigabitEthernet1/0/4 |
VLAN40 |
10.214.50.2/30 |
|
Agg42 |
Ten-GigabitEthernet1/0/5 Ten-GigabitEthernet1/0/6 |
VLAN42 |
10.214.50.9/30 |
|
|
RouterB |
Agg41 |
Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/3 Ten-GigabitEthernet1/0/4 |
VLAN41 |
10.214.50.6/30 |
|
Agg42 |
Ten-GigabitEthernet1/0/5 Ten-GigabitEthernet1/0/6 |
VLAN42 |
10.214.50.10/30 |
|
|
IRF |
Agg10 |
Ten-GigabitEthernet1/0/10 Ten-GigabitEthernet2/0/10 Ten-GigabitEthernet3/0/10 Ten-GigabitEthernet4/0/10 |
VLAN10 |
10.214.10.1/24 |
|
Agg20 |
Ten-GigabitEthernet1/0/11 Ten-GigabitEthernet2/0/11 Ten-GigabitEthernet3/0/11 Ten-GigabitEthernet4/0/11 |
VLAN20 |
10.214.20.1/24 |
|
|
Agg40 |
Ten-GigabitEthernet1/0/13 Ten-GigabitEthernet2/0/13 Ten-GigabitEthernet3/0/13 Ten-GigabitEthernet4/0/13 |
VLAN40 |
10.214.50.1/30 |
|
|
Agg41 |
Ten-GigabitEthernet1/0/14 Ten-GigabitEthernet2/0/14 Ten-GigabitEthernet3/0/14 Ten-GigabitEthernet4/0/14 |
VLAN41 |
10.214.50.5/30 |
|
|
DeviceE |
Agg10 |
Ten-GigabitEthernet1/0/49 Ten-GigabitEthernet1/0/50 Ten-GigabitEthernet1/0/51 Ten-GigabitEthernet1/0/52 |
VLAN10 |
- |
|
DeviceF |
Agg20 |
Ten-GigabitEthernet1/0/49 Ten-GigabitEthernet1/0/50 Ten-GigabitEthernet1/0/51 Ten-GigabitEthernet1/0/52 |
VLAN20
|
- |
· 为提高链路聚合的灵活性,本例中均以动态聚合链路为例进行介绍。
· 核心层设备RouterA和RouterB连接外网的接口和IP地址配置此处省略。
(1) 配置RouterA
# 创建VLAN40和VLAN42。
<RouterA> system-view
[RouterA] vlan 40
[RouterA-vlan40] quit
[RouterA] vlan 42
[RouterA-vlan42] quit
# 创建一个动态聚合接口40。
[RouterA] interface bridge-aggregation 40
[RouterA-Bridge-Aggregation40] link-aggregation mode dynamic
[RouterA-Bridge-Aggregation40] quit
# 在聚合接口中添加成员端口Ten-GigabitEthernet1/0/1、Ten-GigabitEthernet1/0/2、Ten-GigabitEthernet1/0/3和Ten-GigabitEthernet1/0/4。
[RouterA] interface ten-gigabitethernet 1/0/1
[RouterA-Ten-GigabitEthernet1/0/1] port link-aggregation group 40
[RouterA-Ten-GigabitEthernet1/0/1] quit
[RouterA] interface ten-gigabitethernet 1/0/2
[RouterA-Ten-GigabitEthernet1/0/2] port link-aggregation group 40
[RouterA-Ten-GigabitEthernet1/0/2] quit
[RouterA] interface ten-gigabitethernet 1/0/3
[RouterA-Ten-GigabitEthernet1/0/3] port link-aggregation group 40
[RouterA-Ten-GigabitEthernet1/0/3] quit
[RouterA] interface ten-gigabitethernet 1/0/4
[RouterA-Ten-GigabitEthernet1/0/4] port link-aggregation group 40
[RouterA-Ten-GigabitEthernet1/0/4] quit
# 将聚合接口40加入VLAN40。
[RouterA] interface bridge-aggregation 40
[RouterA-Bridge-Aggregation40] port access vlan 40
# 创建一个动态聚合接口42。
[RouterA] interface bridge-aggregation 42
[RouterA-Bridge-Aggregation42] link-aggregation mode dynamic
[RouterA-Bridge-Aggregation42] quit
# 在聚合接口中添加成员端口Ten-GigabitEthernet1/0/5、Ten-GigabitEthernet1/0/6。
[RouterA] interface ten-gigabitethernet 1/0/5
[RouterA-Ten-GigabitEthernet1/0/5] port link-aggregation group 42
[RouterA-Ten-GigabitEthernet1/0/5] quit
[RouterA] interface ten-gigabitethernet 1/0/6
[RouterA-Ten-GigabitEthernet1/0/6] port link-aggregation group 42
[RouterA-Ten-GigabitEthernet1/0/6] quit
# 将聚合接口42加入VLAN42。
[RouterA] interface bridge-aggregation 42
[RouterA-Bridge-Aggregation42] port access vlan 42
[RouterA-Bridge-Aggregation42] quit
# 为VLAN40和VLAN42创建VLAN接口,并配置IP地址。
[RouterA] interface vlan-interface 40
[RouterA-Vlan-interface40] ip address 10.214.50.2 30
[RouterA-Vlan-interface40] quit
[RouterA] interface vlan-interface 42
[RouterA-Vlan-interface42] ip address 10.214.50.9 30
[RouterA-Vlan-interface42] quit
# 配置OSPF,发布本地三个直连网段。
[RouterA] ospf
[RouterA-ospf-1] import-route direct
[RouterA-ospf-1] area 0
[RouterA-ospf-1-area-0.0.0.0] network 10.214.60.0 0.0.0.3
[RouterA-ospf-1-area-0.0.0.0] network 10.214.50.0 0.0.0.3
[RouterA-ospf-1-area-0.0.0.0] network 10.214.50.8 0.0.0.3
[RouterA-ospf-1-area-0.0.0.0] quit
[RouterA-ospf-1] quit
(2) 配置RouterB
# 创建VLAN41、VLAN42。
<RouterB> system-view
[RouterB] vlan 41 to 42
# 创建一个动态聚合接口41。
[RouterB] interface bridge-aggregation 41
[RouterB-Bridge-Aggregation41] link-aggregation mode dynamic
[RouterB-Bridge-Aggregation41] quit
# 在聚合接口中添加成员端口Ten-GigabitEthernet1/0/1、Ten-GigabitEthernet1/0/2、Ten-GigabitEthernet1/0/3和Ten-GigabitEthernet1/0/4。
[RouterB] interface ten-gigabitethernet 1/0/1
[RouterB-Ten-GigabitEthernet1/0/1] port link-aggregation group 41
[RouterB-Ten-GigabitEthernet1/0/1] quit
[RouterB] interface ten-gigabitethernet 1/0/2
[RouterB-Ten-GigabitEthernet1/0/2] port link-aggregation group 41
[RouterB-Ten-GigabitEthernet1/0/2] quit
[RouterB] interface ten-gigabitethernet 1/0/3
[RouterB-Ten-GigabitEthernet1/0/3] port link-aggregation group 41
[RouterB-Ten-GigabitEthernet1/0/3] quit
[RouterB] interface ten-gigabitethernet 1/0/4
[RouterB-Ten-GigabitEthernet1/0/4] port link-aggregation group 41
[RouterB-Ten-GigabitEthernet1/0/4] quit
# 将聚合接口41加入VLAN41。
[RouterB] interface bridge-aggregation 41
[RouterB-Bridge-Aggregation41] port access vlan 41
[RouterB-Bridge-Aggregation41] quit
# 创建一个动态聚合接口42。
[RouterB] interface bridge-aggregation 42
[RouterB-Bridge-Aggregation42] link-aggregation mode dynamic
[RouterB-Bridge-Aggregation42] port access vlan 42
[RouterB-Bridge-Aggregation42] quit
# 在聚合接口中添加成员端口Ten-GigabitEthernet1/0/5、Ten-GigabitEthernet1/0/6。
[RouterB] interface ten-gigabitethernet 1/0/5
[RouterB-Ten-GigabitEthernet1/0/5] port link-aggregation group 42
[RouterB-Ten-GigabitEthernet1/0/5] quit
[RouterB] interface ten-gigabitethernet 1/0/6
[RouterB-Ten-GigabitEthernet1/0/6] port link-aggregation group 42
[RouterB-Ten-GigabitEthernet1/0/6] quit
# 将聚合接口42加入VLAN42。
[RouterB] interface bridge-aggregation 42
[RouterB-Bridge-Aggregation42] port access vlan 42
[RouterB-Bridge-Aggregation42] quit
# 为VLAN41和VLAN42创建VLAN接口,并配置IP地址。
[RouterB] interface vlan-interface 41
[RouterB-Vlan-interface41] ip address 10.214.50.6 30
[RouterB-Vlan-interface41] quit
[RouterB] interface vlan-interface 42
[RouterB-Vlan-interface42] ip address 10.214.50.10 30
[RouterB-Vlan-interface42] quit
# 配置OSPF,发布本地三个直连网段。
[RouterB] ospf
[RouterB-ospf-1] import-route direct
[RouterB-ospf-1] area 0
[RouterB-ospf-1-area-0.0.0.0] network 10.214.70.0 0.0.0.3
[RouterB-ospf-1-area-0.0.0.0] network 10.214.50.0 0.0.0.3
[RouterB-ospf-1-area-0.0.0.0] network 10.214.50.8 0.0.0.3
[RouterB-ospf-1-area-0.0.0.0] quit
[RouterB-ospf-1] quit
(3) 配置IRF
# 创建VLAN10、VLAN20、VLAN40、VLAN41。
<IRF> system-view
[IRF] vlan 10
[IRF-vlan10] quit
[IRF] vlan 20
[IRF-vlan20] quit
[IRF] vlan 40
[IRF-vlan40] quit
[IRF] vlan 41
[IRF-vlan41] quit
# 创建一个动态聚合接口10。
[IRF] interface bridge-aggregation 10
[IRF-Bridge-Aggregation10] link-aggregation mode dynamic
[IRF-Bridge-Aggregation10] quit
# 在聚合接口中添加成员端口,包括Ten-GigabitEthernet1/0/10、Ten-GigabitEthernet2/0/10、Ten-GigabitEthernet3/0/10、Ten-GigabitEthernet4/0/10。
[IRF] interface ten-gigabitethernet 1/0/10
[IRF-Ten-GigabitEthernet1/0/10] port link-aggregation group 10
[IRF-Ten-GigabitEthernet1/0/10] quit
[IRF] interface ten-gigabitethernet 2/0/10
[IRF-Ten-GigabitEthernet2/0/10] port link-aggregation group 10
[IRF-Ten-GigabitEthernet2/0/10] quit
[IRF] interface ten-gigabitethernet 3/0/10
[IRF-Ten-GigabitEthernet3/0/10] port link-aggregation group 10
[IRF-Ten-GigabitEthernet3/0/10] quit
[IRF] interface ten-gigabitethernet 4/0/10
[IRF-Ten-GigabitEthernet4/0/10] port link-aggregation group 10
[IRF-Ten-GigabitEthernet4/0/10] quit
# 将聚合接口10加入VLAN10。
[IRF] interface bridge-aggregation 10
[IRF-Bridge-Aggregation10] port access vlan 10
[IRF-Bridge-Aggregation10] quit
# 请按图13下方表格中的内容配置聚合接口20、40、41,并将聚合组加入相应VLAN,以及在聚合组中加入相应的端口,配置过程不再赘述。
# 为VLAN10、VLAN20、VLAN40、VLAN41创建VLAN接口,并配置IP地址。
[IRF] interface vlan-interface 10
[IRF-Vlan-interface10] ip address 10.214.10.1 24
[IRF-Vlan-interface10] quit
[IRF] interface vlan-interface 20
[IRF-Vlan-interface20] ip address 10.214.20.1 24
[IRF-Vlan-interface20] quit
[IRF] interface vlan-interface 40
[IRF-Vlan-interface40] ip address 10.214.50.1 30
[IRF-Vlan-interface40] quit
[IRF] interface vlan-interface 41
[IRF-Vlan-interface41] ip address 10.214.50.5 30
[IRF-Vlan-interface41] quit
# 配置OSPF,发布本地所有直连网段。
[IRF] ospf
[IRF-ospf-1] import-route direct
[IRF-ospf-1] area 0
[IRF-ospf-1-area-0.0.0.0] network 10.214.10.0 0.0.0.255
[IRF-ospf-1-area-0.0.0.0] network 10.214.20.0 0.0.0.255
[IRF-ospf-1-area-0.0.0.0] network 10.214.50.0 0.0.0.3
[IRF-ospf-1-area-0.0.0.0] network 10.214.50.4 0.0.0.3
[IRF-ospf-1-area-0.0.0.0] quit
[IRF-ospf-1] quit
# 将当前配置保存到下次启动配置文件。
[IRF] save
(4) 配置DeviceE
# 创建一个动态聚合接口10。
[DeviceE] interface bridge-aggregation 10
[DeviceE-Bridge-Aggregation10] link-aggregation mode dynamic
[DeviceE-Bridge-Aggregation10] quit
# 在聚合接口中添加成员端口Ten-GigabitEthernet1/0/49、Ten-GigabitEthernet1/0/50、Ten-GigabitEthernet1/0/51和Ten-GigabitEthernet1/0/52。
[DeviceE] interface ten-gigabitethernet 1/0/49
[DeviceE-Ten-GigabitEthernet1/0/49] port link-aggregation group 10
[DeviceE-Ten-GigabitEthernet1/0/49] quit
[DeviceE] interface ten-gigabitethernet 1/0/50
[DeviceE-Ten-GigabitEthernet1/0/50] port link-aggregation group 10
[DeviceE-Ten-GigabitEthernet1/0/50] quit
[DeviceE] interface ten-gigabitethernet 1/0/51
[DeviceE-Ten-GigabitEthernet1/0/51] port link-aggregation group 10
[DeviceE-Ten-GigabitEthernet1/0/51] quit
[DeviceE] interface ten-gigabitethernet 1/0/52
[DeviceE-Ten-GigabitEthernet1/0/52] port link-aggregation group 10
[DeviceE-Ten-GigabitEthernet1/0/52] quit
# DeviceF的配置与DeviceE相似,请按照图13下方表格中的内容创建聚合接口并向聚合组中加入相应的端口,配置过程此处省略。
# 使用display irf命令查看当前IRF的信息。
<Sysname> display irf
MemberID Role Priority CPU-Mac Description
*+1 Master 31 00e0-fc0f-8c02 ---
2 Standby 1 00e0-fc0f-8c03 ---
3 Standby 1 00e0-fc0f-8c04 ---
4 Standby 1 00e0-fc0f-8c05 ---
--------------------------------------------------
* indicates the device is the master.
+ indicates the device through which the user logs in.
The Bridge MAC of the IRF is: 0cda-414a-859b
Auto upgrade : yes
Mac persistent : 6 min
Domain ID : 0
通过上述信息,可以看到IRF中已经包含四台设备。
# 使用display irf topology命令查看IRF连接拓扑。
<Sysname> display irf topology
Topology Info
-------------------------------------------------------------------------
IRF-Port1 IRF-Port2
MemberID Link neighbor Link neighbor Belong To
1 UP 2 UP 4 0cda-414a-859b
2 UP 3 UP 1 0cda-414a-859b
3 UP 4 UP 2 0cda-414a-859b
4 UP 1 UP 3 0cda-414a-859b
通过上述信息,可以确认IRF实际拓扑形态符合组网需求。
在IRF上执行display ip routing-table命令查看路由表内容。
<Sysname> display ip routing-table
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost NextHop Interface
10.214.10.0/24 Direct 0 0 10.214.10.1 Vlan10
10.214.10.1/32 Direct 0 0 127.0.0.1 InLoop0
10.214.20.0/24 Direct 0 0 10.214.20.1 Vlan20
10.214.20.1/32 Direct 0 0 127.0.0.1 InLoop0
10.214.50.0/30 Direct 0 0 10.214.50.1 Vlan40
10.214.50.1/32 Direct 0 0 127.0.0.1 InLoop0
10.214.50.4/30 Direct 0 0 10.214.50.5 Vlan41
10.214.50.5/32 Direct 0 0 127.0.0.1 InLoop0
10.214.50.8/30 OSPF 10 2 10.214.50.2 Vlan40
10.214.60.0/30 OSPF 10 2 10.214.50.2 Vlan40
10.214.70.0/30 OSPF 10 2 10.214.50.6 Vlan41
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
通过以上信息,可以判断IRF已经学习到核心路由器对外网接口的路由信息。
# 从服务器群中任意挑选一台Server,以RouterA的10.214.50.2地址为目标进行ping操作。
C:\Users>ping 10.214.50.2 –t
# 将IRF连接RouterA的聚合组40中Ten-GigabitEthernet1/0/13端口shutdown。
[IRF] interface ten-gigabitethernet 1/0/13
[IRF-Ten-GigabitEthernet1/0/13] shutdown
[IRF-Ten-GigabitEthernet1/0/13] quit
# 在Server上查看,ping操作出现个别长延时回复后很快恢复正常速度的回复。
Pinging 10.214.50.2 with 32 bytes of data:
Reply from 10.214.50.2: bytes=32 time=8ms TTL=127
Reply from 10.214.50.2: bytes=32 time=7ms TTL=127
Reply from 10.214.50.2: bytes=32 time=2ms TTL=127
Reply from 10.214.50.2: bytes=32 time=278ms TTL=127
Reply from 10.214.50.2: bytes=32 time=7ms TTL=127
断开任意两台成员设备之间的两条IRF物理链路,IRF仍能正常工作,没有分裂。
由于本例中的IRF使用环形拓扑,因此当一条IRF链路出现故障后,IRF拓扑将变为链型,不会发生分裂。现在将DeviceB和DeviceC,以及DeviceA和DeviceD之间的物理连接均断开,IRF将分裂为两个IRF,两个IRF内的成员分别如图14所示。
图14 IRF分裂示意图
# 发生分裂时,系统将输出IRF链路状态错误提示,以及单板失效提示,以IRF1的输出信息为例。
%Jan 1 05:19:10:176 2018 H3C STM/3/STM_LINK_STATUS_DOWN: IRF port 2 is down.
%Jan 1 05:19:10:184 2018 H3C IFNET/3/PHY_UPDOWN: FortyGigE1/0/53 link status is down.
%Jan 1 05:19:10:184 2018 H3C IFNET/3/PHY_UPDOWN: FortyGigE1/0/54 link status is down.
%Jan 1 05:19:10:176 2018 H3C STM/3/STM_LINK_STATUS_DOWN: IRF port 1 is down.
%Jan 1 05:19:10:184 2018 H3C IFNET/3/PHY_UPDOWN: FortyGigE2/0/51 link status is down.
%Jan 1 05:19:10:184 2018 H3C IFNET/3/PHY_UPDOWN: FortyGigE2/0/52 link status is down.
%Jan 1 05:19:10:186 2018 H3C DEV/3/BOARD_REMOVED: Board is removed from Slot 3, type is MAIN_BOARD_TYPE_54QT.
%Jan 1 05:19:10:186 2018 H3C DEV/3/BOARD_REMOVED: Board is removed from Slot 4, type is MAIN_BOARD_TYPE_54QT.
%Jan 1 00:40:22:534 2018 H3C BFD/5/BFD_CHANGE_FSM: Sess[192.168.2.1/192.168.2.3, LD/RD:33/33, Interface:Vlan1000, SessType:Ctrl, LinkType:INET], Sta: DOWN->INIT, Diag: 0
%Jan 1 00:40:22:791 2018 H3C BFD/5/BFD_CHANGE_FSM: Sess[192.168.2.1/192.168.2.3, LD/RD:33/33, Interface:Vlan1000, SessType:Ctrl, LinkType:INET], Sta: INIT->UP, Diag: 0
%Jan 1 00:40:27:962 2018 H3C BFD/5/BFD_CHANGE_FSM: Sess[192.168.2.1/192.168.2.3, LD/RD:33/33, Interface:Vlan1000, SessType:Ctrl, LinkType:INET], Sta: UP->DOWN, Diag: 1
可以看到,由于IRF分裂后,IRF2中的DeviceC成为主设备,DeviceC上配置的MAD IP地址开始生效,从而使DeviceA和DeviceC之间成功建立BFD MAD会话。IRF通过BFD MAD会话的状态变为UP判断出网络中发生了IRF分裂。由于IRF2的Master设备编号较大,因此在MAD冲突后将变为Recovery状态,关闭了除保留端口之外的所有端口,因此BFD MAD会话也随之快速关闭。
# 登录DeviceC查看IRF2的MAD状态,可以看到IRF2处于Recovery状态。
<Sysname> display mad verbose
Multi-active recovery state: Yes
Excluded ports(user-configured):
Excluded ports(system-configured):
IRF physical interfaces:
FortyGigE3/0/51
FortyGigE3/0/52
FortyGigE3/0/53
FortyGigE3/0/54
FortyGigE4/0/51
FortyGigE4/0/52
FortyGigE4/0/53
FortyGigE4/0/54
BFD MAD interfaces:
Ten-GigabitEthernet3/0/1
Ten-GigabitEthernet4/0/1
Vlan-interface1000
MAD ARP disabled.
MAD ND disabled.
MAD LACP disabled.
MAD BFD enabled interface: Vlan-interface1000
MAD status : Normal
Member ID MAD IP address Neighbor MAD status
3 192.168.2.3/24 4 Normal
4 192.168.2.4/24 3 Normal
# 此时需要您修复IRF链路,在其中一条IRF物理链路修复后,IRF1上会提示出现IRF合并现象,IRF2此时将自动重启。
%Jan 1 00:52:25:555 2018 H3C IFNET/3/PHY_UPDOWN: FortyGigE1/0/54 link status is up.
%Jan 1 00:52:25:555 2018 H3C IFNET/5/LINK_UPDOWN: Line protocol on the interface FortyGigE1/0/54 is up.
%Jan 1 00:52:25:717 2018 H3C STM/6/STM_LINK_STATUS_UP: IRF port 2 is up.
%Jan 1 00:52:26:257 2018 H3C STM/4/STM_LINK_RECOVERY: Merge occurs.
%Jan 1 00:52:30:834 2018 H3C STM/3/STM_LINK_STATUS_DOWN: IRF port 2 is down.
%Jan 1 00:52:30:835 2018 H3C IFNET/3/PHY_UPDOWN: FortyGigE1/0/54 link status is down.
%Jan 1 00:52:30:836 2018 H3C IFNET/5/LINK_UPDOWN: Line protocol on the interface FortyGigE1/0/54 is down.
# 待DeviceC和DeviceD重启完成后,IRF2将加入IRF1,您可以通过display irf topology命令显示IRF拓扑信息。
<Sysname> display irf topology
Topology Info
-------------------------------------------------------------------------
IRF-Port1 IRF-Port2
MemberID Link neighbor Link neighbor Belong To
1 UP 2 UP 4 0cda-414a-859b
2 UP 3 UP 1 0cda-414a-859b
3 UP 4 UP 2 0cda-414a-859b
4 UP 1 UP 3 0cda-414a-859b
可以看到IRF已经恢复。
· IRF的配置文件:
#
vlan 10
#
vlan 20
#
vlan 40
#
vlan 41
#
vlan 1000
#
irf-port 1/1
port group interface FortyGigE1/0/51
port group interface FortyGigE1/0/52
#
irf-port 1/2
port group interface FortyGigE1/0/53
port group interface FortyGigE1/0/54
#
irf-port 2/1
port group interface FortyGigE2/0/51
port group interface FortyGigE2/0/52
#
irf-port 2/2
port group interface FortyGigE2/0/53
port group interface FortyGigE2/0/54
#
irf-port 3/1
port group interface FortyGigE3/0/51
port group interface FortyGigE3/0/52
#
irf-port 3/2
port group interface FortyGigE3/0/53
port group interface FortyGigE3/0/54
#
irf-port 4/1
port group interface FortyGigE4/0/51
port group interface FortyGigE4/0/52
#
irf-port 4/2
port group interface FortyGigE4/0/53
port group interface FortyGigE4/0/54
#
interface Bridge-Aggregation10
port access vlan 10
link-aggregation mode dynamic
#
interface Bridge-Aggregation20
port access vlan 20
link-aggregation mode dynamic
#
interface Bridge-Aggregation40
port access vlan 40
link-aggregation mode dynamic
#
interface Bridge-Aggregation41
port access vlan 41
link-aggregation mode dynamic
#
interface Vlan-interface10
ip address 10.214.10.1 255.255.255.0
#
interface Vlan-interface20
ip address 10.214.20.1 255.255.255.0
#
interface Vlan-interface40
ip address 10.214.50.1 255.255.255.252
#
interface Vlan-interface41
ip address 10.214.50.5 255.255.255.252
#
interface Vlan-interface1000
mad bfd enable
mad ip address 192.168.2.1 255.255.255.0 member 1
mad ip address 192.168.2.2 255.255.255.0 member 2
mad ip address 192.168.2.3 255.255.255.0 member 3
mad ip address 192.168.2.4 255.255.255.0 member 4
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
undo stp enable
port access vlan 1000
#
interface Ten-GigabitEthernet1/0/10
port link-mode bridge
port access vlan 10
port link-aggregation group 10
#
interface Ten-GigabitEthernet1/0/11
port link-mode bridge
port access vlan 20
port link-aggregation group 20
#
interface Ten-GigabitEthernet1/0/13
port link-mode bridge
port access vlan 40
port link-aggregation group 40
#
interface Ten-GigabitEthernet1/0/14
port link-mode bridge
port access vlan 41
port link-aggregation group 41
#
interface Ten-GigabitEthernet2/0/1
port link-mode bridge
undo stp enable
port access vlan 1000
#
interface Ten-GigabitEthernet2/0/10
port link-mode bridge
port access vlan 10
port link-aggregation group 10
#
interface Ten-GigabitEthernet2/0/11
port link-mode bridge
port access vlan 20
port link-aggregation group 20
#
interface Ten-GigabitEthernet2/0/13
port link-mode bridge
port access vlan 40
port link-aggregation group 40
#
interface Ten-GigabitEthernet2/0/14
port link-mode bridge
port access vlan 41
port link-aggregation group 41
#
interface Ten-GigabitEthernet3/0/1
port link-mode bridge
undo stp enable
port access vlan 1000
#
interface Ten-GigabitEthernet3/0/10
port link-mode bridge
port access vlan 10
port link-aggregation group 10
#
interface Ten-GigabitEthernet3/0/11
port link-mode bridge
port access vlan 20
port link-aggregation group 20
#
interface Ten-GigabitEthernet3/0/13
port link-mode bridge
port access vlan 40
port link-aggregation group 40
#
interface Ten-GigabitEthernet3/0/14
port link-mode bridge
port access vlan 41
port link-aggregation group 41
#
interface Ten-GigabitEthernet4/0/1
port link-mode bridge
undo stp enable
port access vlan 1000
#
interface Ten-GigabitEthernet4/0/10
port link-mode bridge
port access vlan 10
port link-aggregation group 10
#
interface Ten-GigabitEthernet4/0/11
port link-mode bridge
port access vlan 20
port link-aggregation group 20
#
interface Ten-GigabitEthernet4/0/13
port link-mode bridge
port access vlan 40
port link-aggregation group 40
#
interface Ten-GigabitEthernet4/0/14
port link-mode bridge
port access vlan 41
port link-aggregation group 41
#
ospf 1
area 0.0.0.0
network 10.214.10.0 0.0.0.255
network 10.214.20.0 0.0.0.255
network 10.214.50.0 0.0.0.3
network 10.214.50.4 0.0.0.3
· Device E的配置文件:
#
vlan 1000
#
interface Bridge-Aggregation10
link-aggregation mode dynamic
#
interface GigabitEthernet1/0/1
port link-mode bridge
port access vlan 1000
#
interface GigabitEthernet1/0/2
port link-mode bridge
port access vlan 1000
#
interface GigabitEthernet1/0/3
port link-mode bridge
port access vlan 1000
#
interface GigabitEthernet1/0/4
port link-mode bridge
port access vlan 1000
#
interface Ten-GigabitEthernet1/0/49
port link-mode bridge
port link-aggregation group 10
#
interface Ten-GigabitEthernet1/0/50
port link-mode bridge
port link-aggregation group 10
#
interface Ten-GigabitEthernet1/0/51
port link-mode bridge
port link-aggregation group 10
#
interface Ten-GigabitEthernet1/0/52
port link-mode bridge
port link-aggregation group 10
· Device F的配置文件:
#
interface Bridge-Aggregation20
link-aggregation mode dynamic
#
interface Ten-GigabitEthernet1/0/49
port link-mode bridge
port link-aggregation group 20
#
interface Ten-GigabitEthernet1/0/50
port link-mode bridge
port link-aggregation group 20
#
interface Ten-GigabitEthernet1/0/51
port link-mode bridge
port link-aggregation group 20
#
interface Ten-GigabitEthernet1/0/52
port link-mode bridge
port link-aggregation group 20
· Router A的配置文件:
#
vlan 40
#
vlan 42
#
interface Bridge-Aggregation40
port access vlan 40
link-aggregation mode dynamic
#
interface Bridge-Aggregation42
port access vlan 42
link-aggregation mode dynamic
#
interface Vlan-interface40
ip address 10.214.50.2 255.255.255.252
#
interface Vlan-interface42
ip address 10.214.50.9 255.255.255.252
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 40
port link-aggregation group 40
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 40
port link-aggregation group 40
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 40
port link-aggregation group 40
#
interface Ten-GigabitEthernet1/0/4
port link-mode bridge
port access vlan 40
port link-aggregation group 40
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 42
port link-aggregation group 42
#
interface Ten-GigabitEthernet1/0/6
port link-mode bridge
port access vlan 42
port link-aggregation group 42
#
ospf 1
area 0.0.0.0
network 10.214.60.0 0.0.0.3
network 10.214.50.0 0.0.0.3
network 10.214.50.8 0.0.0.3
· Router B的配置文件:
#
vlan 41
#
vlan 42
#
interface Bridge-Aggregation41
port access vlan 41
link-aggregation mode dynamic
#
interface Bridge-Aggregation42
port access vlan 42
link-aggregation mode dynamic
#
interface Vlan-interface41
ip address 10.214.50.6 255.255.255.252
#
interface Vlan-interface42
ip address 10.214.50.10 255.255.255.252
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 41
port link-aggregation group 41
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 41
port link-aggregation group 41
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 41
port link-aggregation group 41
#
interface Ten-GigabitEthernet1/0/4
port link-mode bridge
port access vlan 41
port link-aggregation group 41
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 42
port link-aggregation group 42
#
interface Ten-GigabitEthernet1/0/6
port link-mode bridge
port access vlan 42
port link-aggregation group 42
#
ospf 1
area 0.0.0.0
network 10.214.70.0 0.0.0.3
network 10.214.50.0 0.0.0.3
network 10.214.50.8 0.0.0.3
本章介绍使用管理用以太网口配置ARP MAD,同时不影响网络管理功能使用的配置举例。并且,IRF分裂后,用户可以分别登录到分裂出的IRF上以便进行故障修复。
本举例也适用于ND MAD。仅MAD部分采用相应的配置方法即可。MAD的详细配置方法请参考配置指导。
表3 适用产品及版本
|
产品 |
软件版本 |
|
S6805系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S6825系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S6850系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S9850系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S9820-64H |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S9820-8C |
不支持 |
|
S6800系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S6860系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S6826系列 |
不支持 |
|
S9826系列 |
不支持 |
如图15所示,Device A和Device B组成IRF。现要求:
· 使用管理用以太网口M-GigabitEthernet0/0/0配置ARP MAD进行分裂检测,同时不影响网络管理功能的使用;
· IRF主备倒换后,管理员登录用的IP地址不能变化;
· IRF分裂后,允许管理员分别登录到分裂出的成员设备上以进行故障恢复。
图15 管理用以太网口配置ARP MAD典型配置举例
主设备管理用以太网接口需要进行如下IP地址配置:
· 使用ip address ip-address { mask-length | mask }命令配置IRF的管理用IP地址。IRF未分裂时请通过此地址登录IRF。IRF发生主备倒换时不影响管理员通过此地址登录IRF。
· 使用ip address ip-address { mask-length | mask } irf-member member-id命令分别配置各成员设备的IP地址。IRF分裂后,管理员可以通过成员设备的IP地址分别登录到分裂出的成员设备上以进行故障恢复。
搭建ARP MAD组网时:
· 请将IRF中所有成员设备的管理用以太网口连接到同一台中间设备的普通以太网端口上。
· 在中间设备上,请创建专用于ARP MAD检测的VLAN,并将用于ARP MAD检测的物理接口添加到该VLAN中。
· 如果中间设备是一个IRF系统,则必须通过配置确保其IRF域编号与被检测的IRF系统不同。
配置IRF成员设备的IP地址时请注意:
· 同一个管理用以太网接口下配置的所有IRF成员设备的管理用以太网接口地址必须处于同一网段,不同的管理用以太网接口下配置的IRF成员设备的管理用以太网接口地址不能在同一网段。
· 当IRF正常工作时,只有主设备的管理用以太网接口地址生效,从设备的管理用以太网接口地址不生效。如果从设备管理用以太网接口地址与网络中其他设备地址冲突,并不会打印冲突信息,所以需要用户保证配置的管理用以太网接口地址不会冲突。
IRF分裂后,由于分裂出的IRF的管理用以太网接口上均存在ip address ip-address { mask-length | mask }命令配置的IP地址,设备会上报地址冲突,但不影响管理员使用ip address ip-address { mask-length | mask } irf-member member-id命令配置的IP地址分别登录分裂出的IRF设备。
(1) 配置Device A
# 将用作IRF物理端口的Ten-GigabitEthernet1/0/1~Ten-GigabitEthernet1/0/2的手工关闭。使用端口批量配置功能可以更快速的完成配置。
<DeviceA> system-view
[DeviceA] interface range ten-gigabitethernet 1/0/1 to ten-gigabitethernet 1/0/2
[DeviceA-if-range] shutdown
[DeviceA-if-range] quit
# 创建IRF端口2,与端口Ten-GigabitEthernet1/0/1和Ten-GigabitEthernet1/0/2绑定。
[DeviceA] irf-port 1/2
[DeviceA-irf-port1/2] port group interface ten-gigabitethernet 1/0/1
[DeviceA-irf-port1/2] port group interface ten-gigabitethernet 1/0/2
[DeviceA-irf-port1/2] quit
# 开启Ten-GigabitEthernet1/0/1~Ten-GigabitEthernet1/0/2端口。
[DeviceA] interface range ten-gigabitethernet 1/0/1 to ten-gigabitethernet 1/0/2
[DeviceA-if-range] undo shutdown
[DeviceA-if-range] quit
# 将当前配置保存到下次启动配置文件。
[DeviceA] quit
<DeviceA> save
# 激活IRF端口的配置。
<DeviceA> system-view
[DeviceA] irf-port-configuration active
(2) 配置Device B
# 配置Device B的成员编号为2,并重启设备使配置生效。
<DeviceB> system-view
[DeviceB] irf member 1 renumber 2
Renumbering the member ID may result in configuration change or loss. Continue? [Y/N]:y
[DeviceB] quit
<DeviceB> reboot
# 将用作IRF物理端口的Ten-GigabitEthernet2/0/1~Ten-GigabitEthernet2/0/2的手工关闭。使用端口批量配置功能可以更快速的完成配置。
<DeviceB> system-view
[DeviceB] interface range ten-gigabitethernet 2/0/1 to ten-gigabitethernet 2/0/2
[DeviceB-if-range] shutdown
[DeviceB-if-range] quit
# 创建IRF端口1,与端口Ten-GigabitEthernet2/0/1和Ten-GigabitEthernet2/0/2绑定。
[DeviceB] irf-port 2/1
[DeviceB-irf-port2/1] port group interface ten-gigabitethernet 2/0/1
[DeviceB-irf-port2/1] port group interface ten-gigabitethernet 2/0/2
[DeviceB-irf-port2/1] quit
# 开启Ten-GigabitEthernet2/0/1~Ten-GigabitEthernet2/0/2端口。
[DeviceB] interface range ten-gigabitethernet 2/0/1 to ten-gigabitethernet 2/0/2
[DeviceB-if-range] undo shutdown
[DeviceB-if-range] quit
# 将当前配置保存到下次启动配置文件。
[DeviceB] quit
<DeviceB> save
# 参照6.2.2 图15连接DeviceB和DeviceA。
# 激活IRF端口的配置。
<DeviceB> system-view
[DeviceB] irf-port-configuration active
# 系统会提示发生IRF合并,竞选失败的设备重启后两台设备形成一个IRF。
# 在M-GigabitEthernet0/0/0接口上,配置IRF正常工作时,管理员登录IRF使用的IP地址192.168.1.1。
<IRF> system-view
[IRF] interface m-gigabitethernet 0/0/0
[IRF-M-GigabitEthernet0/0/0] ip address 192.168.1.1 24
# 在M-GigabitEthernet0/0/0接口上,分别配置IRF成员设备1和成员设备2的IP地址为192.168.1.101/24和192.168.1.102/24。如果IRF分裂,管理员可以使用192.168.1.101和192.168.1.102分别登录到成员设备1和成员设备2上。
[IRF-M-GigabitEthernet0/0/0] ip address 192.168.1.101 24 irf-member 1
[IRF-M-GigabitEthernet0/0/0] ip address 192.168.1.102 24 irf-member 2
[IRF-M-GigabitEthernet0/0/0] quit
# 配置M-GigabitEthernet0/0/0为MAD保留接口,以使IRF分裂后M-GigabitEthernet0/0/0不会被MAD功能关闭。
[IRF] mad exclude interface m-gigabitethernet 0/0/0
(1) 配置IRF
# IRF的桥MAC保留时间配置为立即改变。
[IRF] undo irf mac-address persistent
# 配置IRF域编号为1。
# 开启管理用以太网接口M-GigabitEthernet0/0/0的ARP MAD检测功能。
[IRF-M-GigabitEthernet0/0/0] mad arp enable
You need to assign a domain ID (range: 0-4294967295)
[Current domain ID is: 1]:
The assigned domain ID is: 1
[IRF-M-GigabitEthernet0/0/0] quit
# 将当前配置保存到下次启动配置文件。
[IRF] save
# 创建VLAN 100,并将端口GigabitEthernet1/0/1~GigabitEthernet1/0/2加入VLAN 100中,用于转发ARP MAD报文。
[DeviceC] vlan 100
[DeviceC-vlan100] port gigabitethernet 1/0/1 to gigabitethernet 1/0/4
[DeviceC-vlan100] quit
(1) 断开Device A和Device B之间的IRF物理链路后,可以分别使用192.168.1.101和192.168.1.102登录到Device A和Device B上。
(2) 在Device A和Device B上分别执行display mad verbose命令,可以看到一台设备Multi-active recovery state为Yes,使用display interface brief命令可以看到这台设备所有的端口处于down状态(除了IRF物理端口和管理用以太网接口M-GigabitEthernet0/0/0)。另一台设备Multi-active recovery state为No,正常工作。
· IRF的配置文件:
#
irf-port 1/2
port group interface Ten-GigabitEthernet1/0/1
port group interface Ten-GigabitEthernet1/0/2
#
irf-port 2/1
port group interface Ten-GigabitEthernet2/0/1
port group interface Ten-GigabitEthernet2/0/2
#
irf domain 1
undo irf mac-address persistent
#
interface M-GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
ip address 192.168.1.101 255.255.255.0 irf-member 1
ip address 192.168.1.102 255.255.255.0 irf-member 2
mad arp enable
#
mad exclude interface M-GigabitEthernet0/0/0
#
· Device C的配置文件:
#
vlan 100
#
GigabitEthernet 1/0/1
port access vlan 100
#
Gigabitethernet 1/0/2
port access vlan 100
#
本章介绍双管理用以太网接口设备,一个管理用以太网口配置BFD MAD,另一个管理用以太网口承担网络管理功能的配置举例。并且,IRF分裂后,用户可以分别登录到分裂出的IRF上以便进行故障修复。
本举例也适用于ARP MAD和ND MAD。仅MAD部分采用相应的配置方法即可。MAD的详细配置方法请参考配置指导。
表4 适用产品及版本
|
产品 |
软件版本 |
|
S6805系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S6825系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S6850系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S9850系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S9820-64H |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S9820-8C |
不支持 |
|
S6800系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S6860系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S6826系列 |
不支持 |
|
S9826系列 |
不支持 |
如6.2.2 图15所示,Device A和Device B组成IRF。现要求:
· 使用管理用以太网口M-GigabitEthernet0/0/0接入管理网络;
· 使用管理用以太网口M-GigabitEthernet0/0/1配置BFD MAD进行分裂检测;
· IRF主备倒换后,管理员登录用的IP地址不能变化;
· IRF分裂后,允许管理员分别登录到分裂出的成员设备上以进行故障恢复。
图16 管理用以太网口配置BFD MAD典型配置举例
主设备管理用以太网接口M-GigabitEthernet0/0/0需要进行如下IP地址配置:
· 使用ip address ip-address { mask-length | mask }命令配置IRF的管理用IP地址。IRF未分裂时请通过此地址登录IRF。IRF发生主备倒换时不影响管理员通过此地址登录IRF。
· 使用ip address ip-address { mask-length | mask } irf-member member-id命令分别配置各成员设备的IP地址。IRF分裂后,管理员可以通过成员设备的IP地址分别登录到分裂出的成员设备上以进行故障恢复。
配置IRF成员设备的IP地址时请注意:
· 同一个管理用以太网接口下配置的所有IRF成员设备的管理用以太网接口地址必须处于同一网段,不同的管理用以太网接口下配置的IRF成员设备的管理用以太网接口地址不能在同一网段。
· 当IRF正常工作时,只有主设备的管理用以太网接口地址生效,从设备的管理用以太网接口地址不生效。如果从设备管理用以太网接口地址与网络中其他设备地址冲突,并不会打印冲突信息,所以需要用户保证配置的管理用以太网接口地址不会冲突。
IRF分裂后,由于分裂出的IRF的管理用以太网接口上均存在ip address ip-address { mask-length | mask }命令配置的IP地址,设备会上报地址冲突,但不影响管理员使用ip address ip-address { mask-length | mask } irf-member member-id命令配置的IP地址分别登录分裂出的IRF设备。
配置BFD MAD时请注意,
· 请确保中间设备上BFD MAD检测VLAN中仅包含用于BFD MAD检测的端口。
· 在用于BFD MAD检测的接口下必须使用mad ip address命令配置MAD IP地址,而不要配置其它IP地址(包括使用ip address命令配置的普通IP地址、VRRP虚拟IP地址等),以免影响MAD检测功能。请为不同成员设备配置同一网段内的不同MAD IP地址。
(1) 配置Device A
# 将用作IRF物理端口的Ten-GigabitEthernet1/0/1~Ten-GigabitEthernet1/0/2的手工关闭。使用端口批量配置功能可以更快速的完成配置。
<DeviceA> system-view
[DeviceA] interface range ten-gigabitethernet 1/0/1 to ten-gigabitethernet 1/0/2
[DeviceA-if-range] shutdown
[DeviceA-if-range] quit
# 创建IRF端口2,与端口HundredGigE1/025和Ten-GigabitEthernet1/0/2绑定。
[DeviceA] irf-port 1/2
[DeviceA-irf-port1/2] port group interface ten-gigabitethernet 1/0/1
[DeviceA-irf-port1/2] port group interface ten-gigabitethernet 1/0/2
[DeviceA-irf-port1/2] quit
# 开启Ten-GigabitEthernet1/0/1~Ten-GigabitEthernet1/0/2端口。
[DeviceA] interface range ten-gigabitethernet 1/0/1 to ten-gigabitethernet 1/0/2
[DeviceA-if-range] undo shutdown
[DeviceA-if-range] quit
# 将当前配置保存到下次启动配置文件。
[DeviceA] quit
<DeviceA> save
# 激活IRF端口的配置。
<DeviceA> system-view
[DeviceA] irf-port-configuration active
(2) 配置Device B
# 配置Device B的成员编号为2,并重启设备使配置生效。
<DeviceB> system-view
[DeviceB] irf member 1 renumber 2
Renumbering the member ID may result in configuration change or loss. Continue? [Y/N]:y
[DeviceB] quit
<DeviceB> reboot
# 将用作IRF物理端口的Ten-GigabitEthernet2/0/1~Ten-GigabitEthernet2/0/2的手工关闭。使用端口批量配置功能可以更快速的完成配置。
<DeviceB> system-view
[DeviceB] interface range ten-gigabitethernet 2/0/1 to ten-gigabitethernet 2/0/2
[DeviceB-if-range] shutdown
[DeviceB-if-range] quit
# 创建IRF端口1,与端口Ten-GigabitEthernet2/0/1和Ten-GigabitEthernet2/0/2绑定。
[DeviceB] irf-port 2/1
[DeviceB-irf-port2/1] port group interface ten-gigabitethernet 2/0/1
[DeviceB-irf-port2/1] port group interface ten-gigabitethernet 2/0/2
[DeviceB-irf-port2/1] quit
# 开启Ten-GigabitEthernet2/0/1~Ten-GigabitEthernet2/0/2端口。
[DeviceB] interface range ten-gigabitethernet 2/0/1 to ten-gigabitethernet 2/0/2
[DeviceB-if-range] undo shutdown
[DeviceB-if-range] quit
# 将当前配置保存到下次启动配置文件。
[DeviceB] quit
<DeviceB> save
# 参照6.2.2 图15连接DeviceB和DeviceA。
# 激活IRF端口的配置。
<DeviceB> system-view
[DeviceB] irf-port-configuration active
# 系统会提示发生IRF合并,竞选失败的设备重启后两台设备形成一个IRF。
# 在M-GigabitEthernet0/0/0接口上,配置IRF正常工作时,管理员登录IRF使用的IP地址192.168.1.1。
<IRF> system-view
[IRF] interface m-gigabitethernet 0/0/0
[IRF-M-GigabitEthernet0/0/0] ip address 192.168.1.1 24
# 在M-GigabitEthernet0/0/0接口上,分别配置IRF成员设备1和成员设备2的IP地址为192.168.1.101/24和192.168.1.102/24。如果IRF分裂,管理员可以使用192.168.1.101和192.168.1.102分别登录到成员设备1和成员设备2上。
[IRF-M-GigabitEthernet0/0/0] ip address 192.168.1.101 24 irf-member 1
[IRF-M-GigabitEthernet0/0/0] ip address 192.168.1.102 24 irf-member 2
[IRF-M-GigabitEthernet0/0/0] quit
# 配置IRF成员设备的管理用以太网接口M-GigabitEthernet0/0/0为MAD保留接口,以使IRF分裂后M-GigabitEthernet0/0/0不会被MAD功能关闭。
[IRF] mad exclude interface m-gigabitethernet 0/0/0
(1) 配置IRF
# 配置管理用以太网接口M-GigabitEthernet0/0/1的MAD IP地址。
[IRF] interface m-gigabitethernet 0/0/1
[IRF-M-GigabitEthernet0/0/1] mad ip address 192.168.2.1 24 member 1
[IRF-M-GigabitEthernet0/0/1] mad ip address 192.168.2.2 24 member 2
# 开启管理用以太网接口M-GigabitEthernet0/0/1的BFD MAD检测功能。
[IRF-M-GigabitEthernet0/0/1] mad bfd enable
[IRF-M-GigabitEthernet0/0/0] quit
# 将当前配置保存到下次启动配置文件。
[IRF] save
(2) 配置中间设备Device C
# 创建VLAN 100,并将端口GigabitEthernet1/0/1~GigabitEthernet1/0/2加入VLAN 100中,用于转发BFD MAD报文。
[DeviceC] vlan 100
[DeviceC-vlan100] port gigabitethernet 1/0/1 to gigabitethernet 1/0/4
[DeviceC-vlan100] quit
(1) 断开Device A和Device B之间的IRF物理链路后,可以分别使用192.168.1.101和192.168.1.102登录到Device A和Device B上。
(2) 在Device A和Device B上分别执行display mad verbose命令,可以看到一台设备Multi-active recovery state为Yes,使用display interface brief命令可以看到这台设备所有的端口处于down状态(除了IRF物理端口和管理用以太网接口M-GigabitEthernet0/0/0、M-GigabitEthernet0/0/1)。另一台设备Multi-active recovery state为No,正常工作。
· IRF的配置文件:
#
irf-port 1/2
port group interface Ten-GigabitEthernet1/0/1
port group interface Ten-GigabitEthernet1/0/2
#
irf-port 2/1
port group interface Ten-GigabitEthernet2/0/1
port group interface Ten-GigabitEthernet2/0/2
#
interface M-GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
ip address 192.168.1.101 255.255.255.0 irf-member 1
ip address 192.168.1.102 255.255.255.0 irf-member 2
#
interface M-GigabitEthernet0/0/1
mad bfd enable
mad ip address 192.168.2.1 255.255.255.0 member 1
mad ip address 192.168.2.2 255.255.255.0 member 2
#
mad exclude interface M-GigabitEthernet0/0/0
#
· Device C的配置文件:
#
vlan 100
#
GigabitEthernet 1/0/1
port access vlan 100
#
Gigabitethernet 1/0/2
port access vlan 100
#
表5 适用产品及版本
|
产品 |
软件版本 |
|
S6805系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S6825系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S6850系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S9850系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S9820-64H |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S9820-8C |
不支持 |
|
S6800系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S6860系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S6826系列 |
不支持 |
|
S9826系列 |
不支持 |
· 如图17所示,Device A为公司的核心设备,但由于公司网络规模日益增大,汇聚层SW设备扩展至N台,Device A单台设备的转发能力已无法达到公司网络的需求。为了拓展核心设备的转发能力,又尽量不改变现有网络。现公司希望增加Device B,与Device A组成IRF,来满足当前网络的需求。
· IRF的上行设备(Router A和Router B)为公司网络的出口路由器;IRF的下行交换机(SW 1、SW 2等)为各个服务器集群的汇聚层设备。
图17 IRF典型配置组网图
|
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
|
Router A |
Vlan-int30 |
172.24.2.2/24 |
Router B |
Vlan-int30 |
172.24.2.3/24 |
|
|
Vlan-int40 |
172.24.40.2/24 |
|
Vlan-int41 |
172.24.41.3/24 |
|
|
Vlan-int50 |
172.24.1.2/24 |
|
Vlan-int50 |
172.24.4.3/24 |
|
IRF |
Vlan-int10 |
172.24.10.254/24 |
|
|
|
|
|
Vlan-int20 |
172.24.20.254/24 |
|
|
|
|
|
Vlan-int40 |
172.24.40.254/24 |
|
|
|
|
|
Vlan-int41 |
172.24.41.254/24 |
|
|
|
· 为避免成员设备的单点故障影响到正常的业务转发,可在IRF中配置跨框聚合端口进行业务转发。
· 为尽量降低IRF分裂对业务造成的影响,可在IRF中配置LACP MAD检测。LACP MAD检测只需在一个聚合组中配置即可,其他聚合组中无需配置。LACP MAD检测使用的中间设备必须为H3C的交换机设备且使用的软件版本必须能够识别、处理携带了ActiveID值的LACPDU协议报文,在本例中使用SW 1作为LACP MAD检测的中间设备。
(1) 根据8.2 图17选定IRF物理端口并关闭这些端口
<DeviceA> system-view
[DeviceA] interface range ten-gigabitethernet 1/1/1 to ten-gigabitethernet 1/1/2
[DeviceA-if-range] shutdown
[DeviceA-if-range] quit
(2) 配置IRF端口1/2,并将它与物理端口Ten-GigabitEthernet 1/1/1和Ten-GigabitEthernet 1/1/2绑定
[DeviceA] irf-port 1/2
[DeviceA-irf-port1/2] port group interface ten-gigabitethernet 1/1/1
[DeviceA-irf-port1/2] port group interface ten-gigabitethernet 1/1/2
[DeviceA-irf-port1/2] quit
(3) 开启IRF物理端口,并保存配置
[DeviceA] interface range ten-gigabitethernet 1/1/1 to ten-gigabitethernet 1/1/2
[DeviceA-if-range] undo shutdown
[DeviceA-if-range] quit
[DeviceA] save
(4) 激活IRF端口下的配置
[DeviceA] irf-port-configuration active
(1) 将Device B的成员编号配置为2,并重启设备使新编号生效
<DeviceB> system-view
[DeviceB] irf member 1 renumber 2
Renumbering the member ID may result in configuration change or loss. Continue?[
Y/N]:y
[DeviceB] quit
<DeviceB> reboot
(2) 根据8.2 图17选定IRF物理端口并关闭这些端口
<DeviceB> system-view
[DeviceB] interface range ten-gigabitethernet 2/1/1 to ten-gigabitethernet 2/1/2
[DeviceB-if-range] shutdown
[DeviceB-if-range] quit
(3) 配置IRF端口2/1,并将它与物理端口Ten-GigabitEthernet 2/1/1和Ten-GigabitEthernet 2/1/2绑定
[DeviceB] irf-port 2/1
[DeviceB-irf-port2/1] port group interface ten-gigabitethernet 2/1/1
[DeviceB-irf-port2/1] port group interface ten-gigabitethernet 2/1/2
[DeviceB-irf-port2/1] quit
(4) 开启IRF物理端口,并保存配置
[DeviceB] interface range ten-gigabitethernet 2/1/1 to ten-gigabitethernet 2/1/2
[DeviceB-if-range] undo shutdown
[DeviceB-if-range] quit
[DeviceB] save
(5) 参照8.2 图17和端口连接表连接Device B和Device A之间的IRF端口,激活IRF端口下的配置
[DeviceB] irf-port-configuration active
在前面配置完成并重新启动后,IRF已经组建完成,此时可以进行各个业务模块的配置。IRF形成之后,可以从任何一台成员设备登录进行配置,设备名称缺省为Master的名称(此例中为Device A)。
# 创建连接接入层交换机SW 1的动态聚合组,编号为1,并使能LACP MAD检测功能。
<DeviceA> system-view
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] link-aggregation mode dynamic
[DeviceA-Bridge-Aggregation1] mad enable
You need to assign a domain ID (range: 0-4294967295)
[Current domain is: 0]:
The assigned domain ID is: 0
[DeviceA-Bridge-Aggregation1] quit
# 配置连接SW 1的端口加入聚合组1。
[DeviceA] interface ten-gigabitethernet 1/1/3
[DeviceA-Ten-GigabitEthernet1/1/3] port link-aggregation group 1
[DeviceA-Ten-GigabitEthernet1/1/3] quit
[DeviceA] interface ten-gigabitethernet 2/1/3
[DeviceA-Ten-GigabitEthernet2/1/3] port link-aggregation group 1
[DeviceA-Ten-GigabitEthernet2/1/3] quit
# 创建连接接入层交换机SW 2的聚合组,编号为2。
[DeviceA] interface bridge-aggregation 2
[DeviceA-Bridge-Aggregation2] quit
# 配置连接SW 2的端口加入聚合组2。
[DeviceA] interface ten-gigabitethernet 1/1/4
[DeviceA-Ten-GigabitEthernet1/1/4] port link-aggregation group 2
[DeviceA-Ten-GigabitEthernet1/1/4] quit
[DeviceA] interface ten-gigabitethernet 2/1/4
[DeviceA-Ten-GigabitEthernet2/1/4] port link-aggregation group 2
[DeviceA-Ten-GigabitEthernet2/1/4] quit
# 配置与SW 1之间通过Vlan-interface 10连接。
[DeviceA] vlan 10
[DeviceA-vlan10] quit
[DeviceA] interface vlan-interface 10
[DeviceA-Vlan-interface10] ip address 172.24.10.254 24
[DeviceA-Vlan-interface10] quit
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] port link-type trunk
[DeviceA-Bridge-Aggregation1] undo port trunk permit vlan 1
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 10
[DeviceA-Bridge-Aggregation1] quit
# 配置与SW 2之间通过Vlan-interface 20连接。
[DeviceA] vlan 20
[DeviceA-vlan20] quit
[DeviceA] interface vlan-interface 20
[DeviceA-Vlan-interface20] ip address 172.24.20.254 24
[DeviceA-Vlan-interface20] quit
[DeviceA] interface bridge-aggregation 2
[DeviceA-Bridge-Aggregation2] port link-type trunk
[DeviceA-Bridge-Aggregation2] undo port trunk permit vlan 1
[DeviceA-Bridge-Aggregation2] port trunk permit vlan 20
[DeviceA-Bridge-Aggregation2] quit
# 创建连接IRF的动态聚合组,编号为1,该聚合组同时用于IRF的LACP MAD检测。
<SW1> system-view
[SW1] interface bridge-aggregation 1
[SW1-Bridge-Aggregation1] link-aggregation mode dynamic
[SW1-Bridge-Aggregation1] quit
# 配置连接IRF的端口加入聚合组1。
[SW1] interface ten-gigabitethernet 1/1/1
[SW1-Ten-GigabitEthernet1/1/1] port link-aggregation group 1
[SW1-Ten-GigabitEthernet1/1/1] quit
[SW1] interface ten-gigabitethernet 1/1/2
[SW1-Ten-GigabitEthernet1/1/2] port link-aggregation group 1
[SW1-Ten-GigabitEthernet1/1/2] quit
# 接入设备SW1上创建所有VLAN。
[SW1] vlan all
# 配置与IRF连接的端口。
[SW1] interface bridge-aggregation 1
[SW1-Bridge-Aggregation1] port link-type trunk
[SW1-Bridge-Aggregation1] undo port trunk permit vlan 1
[SW1-Bridge-Aggregation1] port trunk permit vlan 10
[SW1-Bridge-Aggregation1] quit
# 配置连接服务器的端口Ten-GigabitEthernet3/0/1。
[SW1] interface ten-gigabitethernet 1/2/1
[SW1-Ten-GigabitEthernet1/2/1] port link-type trunk
[SW1-Ten-GigabitEthernet1/2/1] port trunk permit vlan all
[SW1-Ten-GigabitEthernet1/2/1] undo port trunk permit vlan 1
[SW1-Ten-GigabitEthernet1/2/1] quit
# 创建连接IRF的聚合组,编号为1。
<SW2> system-view
[SW2] interface bridge-aggregation 1
[SW2-Bridge-Aggregation1] quit
# 配置连接IRF的端口加入聚合组1。
[SW2] interface ten-gigabitethernet 1/1/1
[SW2-Ten-GigabitEthernet1/1/1] port link-aggregation group 1
[SW2-Ten-GigabitEthernet1/1/1] quit
[SW2] interface ten-gigabitethernet 1/1/2
[SW2-Ten-GigabitEthernet1/1/2] port link-aggregation group 1
[SW2-Ten-GigabitEthernet1/1/2] quit
# 接入设备SW 2上创建所有VLAN。
[SW2] vlan all
# 配置与IRF连接的端口。
[SW2] interface bridge-aggregation 1
[SW2-Bridge-Aggregation1] port link-type trunk
[SW2-Bridge-Aggregation1] undo port trunk permit vlan 1
[SW2-Bridge-Aggregation1] port trunk permit vlan 20
[SW2-Bridge-Aggregation1] quit
# 配置连接服务器的端口。
[SW2] interface ten-gigabitethernet 1/2/1
[SW2-Ten-GigabitEthernet1/2/1] port link-type trunk
[SW2-Ten-GigabitEthernet1/2/1] port trunk permit vlan all
[SW2-Ten-GigabitEthernet1/2/1] undo port trunk permit vlan 1
[SW2-Ten-GigabitEthernet1/2/1] quit
# 创建连接出口路由器Router A的聚合组,编号为1023。
[DeviceA] interface bridge-aggregation 1023
[DeviceA-Bridge-Aggregation1023] quit
# 配置连接Router A的端口加入聚合组1023。
[DeviceA] interface ten-gigabitethernet 1/1/7
[DeviceA-Ten-GigabitEthernet1/1/7] port link-aggregation group 1023
[DeviceA-Ten-GigabitEthernet1/1/7] quit
[DeviceA] interface ten-gigabitethernet 2/1/7
[DeviceA-Ten-GigabitEthernet2/1/7] port link-aggregation group 1023
[DeviceA-Ten-GigabitEthernet2/1/7] quit
# 配置与Router A之间通过Vlan-interface40连接。
[DeviceA] vlan 40
[DeviceA-vlan40] quit
[DeviceA] interface vlan-interface 40
[DeviceA-Vlan-interface40] ip address 172.24.40.254 24
[DeviceA-Vlan-interface40] quit
[DeviceA] interface bridge-aggregation 1023
[DeviceA-Bridge-Aggregation1023] port access vlan 40
[DeviceA-Bridge-Aggregation1023] quit
# 创建连接出口路由器Router B的聚合组,编号为1024。
[DeviceA] interface bridge-aggregation 1024
[DeviceA-Bridge-Aggregation1024] quit
# 配置连接Router B的端口加入聚合组1024。
[DeviceA] interface ten-gigabitethernet 1/1/8
[DeviceA-Ten-GigabitEthernet1/1/8] port link-aggregation group 1024
[DeviceA-Ten-GigabitEthernet1/1/8] quit
[DeviceA] interface ten-gigabitethernet 2/1/8
[DeviceA-Ten-GigabitEthernet2/1/8] port link-aggregation group 1024
[DeviceA-Ten-GigabitEthernet2/1/8] quit
# 配置与Router B之间通过Vlan-interface41连接。
[DeviceA] vlan 41
[DeviceA-vlan41] quit
[DeviceA] interface vlan-interface 41
[DeviceA-Vlan-interface41] ip address 172.24.41.254 24
[DeviceA-Vlan-interface41] quit
[DeviceA] interface bridge-aggregation 1024
[DeviceA-Bridge-Aggregation1024] port access vlan 41
[DeviceA-Bridge-Aggregation1024] quit
# 配置IRF与出口路由器之间运行OSPF路由协议。
[DeviceA] ospf
[DeviceA-ospf-1] import-route direct
[DeviceA-ospf-1] area 0
[DeviceA-ospf-1-area-0.0.0.0] network 172.24.40.0 0.0.0.255
[DeviceA-ospf-1-area-0.0.0.0] network 172.24.41.0 0.0.0.255
[DeviceA-ospf-1-area-0.0.0.0] quit
[DeviceA-ospf-1] quit
出口路由器配置本用例只描述与IRF连接的部分,外网使用何种路由协议不予描述。
# 创建连接IRF的聚合组,编号为1。
<RouterA> system-view
[RouterA] interface bridge-aggregation 1
[RouterA-Bridge-Aggregation1] quit
# 配置连接IRF的端口加入聚合组1。
[RouterA] interface ten-gigabitethernet 4/0/1
[RouterA-Ten-GigabitEthernet4/0/1] port link-mode bridge
[RouterA-Ten-GigabitEthernet4/0/1] port link-aggregation group 1
[RouterA-Ten-GigabitEthernet4/0/1] quit
[RouterA] interface ten-gigabitethernet 2/0/1
[RouterA-Ten-GigabitEthernet2/0/1] port link-mode bridge
[RouterA-Ten-GigabitEthernet2/0/1] port link-aggregation group 1
[RouterA-Ten-GigabitEthernet2/0/1] quit
# 配置与IRF之间通过Vlan-interface 40连接。
[RouterA] vlan 40
[RouterA-vlan40] quit
[RouterA] interface vlan-interface 40
[RouterA-Vlan-interface40] ip address 172.24.40.2 24
[RouterA-Vlan-interface40] quit
[RouterA] interface bridge-aggregation 1
[RouterA-Bridge-Aggregation1] port access vlan 40
[RouterA-Bridge-Aggregation1] quit
# 配置与RouterB之间通过Vlan-interface 30连接。
[RouterA] vlan 30
[RouterA-vlan30] quit
[RouterA] interface vlan-interface 30
[RouterA-Vlan-interface30] ip address 172.24.2.2 24
[RouterA-Vlan-interface30] quit
[RouterA] interface bridge-aggregation 2
[RouterA-Bridge-Aggregation2] port link-type access
[RouterA-Bridge-Aggregation2] port access vlan 30
[RouterA-Bridge-Aggregation2] quit
[RouterA] interface bridge-aggregation 2
[RouterA-Bridge-Aggregation2] quit
[RouterA] interface ten-gigabitethernet 4/0/2
[RouterA-Ten-GigabitEthernet4/0/2] port link-mode bridge
[RouterA-Ten-GigabitEthernet4/0/2] port link-aggregation group 2
[RouterA-Ten-GigabitEthernet4/0/2] quit
[RouterA] interface ten-gigabitethernet 2/0/2
[RouterA-Ten-GigabitEthernet2/0/2] port link-mode bridge
[RouterA-Ten-GigabitEthernet2/0/2] port link-aggregation group 2
[RouterA-Ten-GigabitEthernet2/0/2] quit
# 配置Router A通过Vlan-interface 50连接外网。
[RouterA] vlan 50
[RouterA-vlan50] quit
[RouterA] interface vlan-interface 50
[RouterA-Vlan-interface50] ip address 172.24.1.2 24
[RouterA-Vlan-interface50] quit
[RouterA] interface ten-gigabitethernet 4/0/3
[RouterA-Ten-GigabitEthernet4/0/3] port link-mode bridge
[RouterA-Ten-GigabitEthernet4/0/3] port access vlan 50
[RouterA-Ten-GigabitEthernet4/0/3] quit
# 配置Router A与IRF之间运行OSPF路由协议。
[RouterA] ospf
[RouterA-ospf-1] import-route direct
[RouterA-ospf-1] area 0
[RouterA-ospf-1-area-0.0.0.0] network 172.24.40.0 0.0.0.255
[RouterA-ospf-1-area-0.0.0.0] network 172.24.2.0 0.0.0.255
[RouterA-ospf-1-area-0.0.0.0] quit
[RouterA-ospf-1] quit
# 配置与IRF之间通过Vlan-interface 41连接。
<RouterB> system-view
[RouterB] vlan 41
[RouterB-vlan41] quit
[RouterB] interface vlan-interface 41
[RouterB-Vlan-interface41] ip address 172.24.41.3 24
[RouterB-Vlan-interface41] quit
[RouterB] interface bridge-aggregation 1
[RouterB-Bridge-Aggregation1] port access vlan 41
[RouterB-Bridge-Aggregation1] quit
[RouterB] interface bridge-aggregation 1
[RouterB-Bridge-Aggregation1] quit
[RouterB] interface ten-gigabitethernet 4/0/1
[RouterB-Ten-GigabitEthernet4/0/1] port link-mode bridge
[RouterB-Ten-GigabitEthernet4/0/1] port link-aggregation group 1
[RouterB-Ten-GigabitEthernet4/0/1] quit
[RouterB] interface ten-gigabitethernet 2/0/1
[RouterB-Ten-GigabitEthernet2/0/1] port link-mode bridge
[RouterB-Ten-GigabitEthernet2/0/1] port link-aggregation group 1
[RouterB-Ten-GigabitEthernet2/0/1] quit
# 配置与Router A之间通过Vlan-interface 30连接。
[RouterB] vlan 30
[RouterB-vlan30] quit
[RouterB] interface vlan-interface 30
[RouterB-Vlan-interface30] ip address 172.24.2.3 24
[RouterB-Vlan-interface30] quit
[RouterB] interface bridge-aggregation 2
[RouterB-Bridge-Aggregation2] port link-type access
[RouterB-Bridge-Aggregation2] port access vlan 30
[RouterB-Bridge-Aggregation2] quit
[RouterB] interface ten-gigabitethernet 4/0/2
[RouterB-Ten-GigabitEthernet4/0/2] port link-aggregation group 2
[RouterB-Ten-GigabitEthernet4/0/2] quit
[RouterB] interface ten-gigabitethernet 2/0/2
[RouterB-Ten-GigabitEthernet2/0/2] port link-aggregation group 2
[RouterB-Ten-GigabitEthernet2/0/2] quit
# 配置Router B通过Vlan-interface 50连接外网。
[RouterB] vlan 50
[RouterB-vlan50] quit
[RouterB] interface vlan-interface 50
[RouterB-Vlan-interface50] ip address 172.24.4.3 24
[RouterB-Vlan-interface50] quit
[RouterB] interface ten-gigabitethernet 4/0/3
[RouterB-Ten-GigabitEthernet4/0/3] port link-mode bridge
[RouterB-Ten-GigabitEthernet4/0/3] port access vlan 50
[RouterB-Ten-GigabitEthernet4/0/3] quit
# 配置Router B与IRF之间运行OSPF路由协议。
[RouterB] ospf
[RouterB-ospf-1] import-route direct
[RouterB-ospf-1] area 0
[RouterB-ospf-1-area-0.0.0.0] network 172.24.41.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.0] network 172.24.2.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.0] quit
[RouterB-ospf-1] quit
(1) 验证IRF建立成功
[DeviceA] display irf
MemberID Role Priority CPU-Mac Description
*+1 Master 1 00e0-fc0f-8c02 ---
2 Standby 1 00e0-fc0f-8c03 ---
--------------------------------------------------
* indicates the device is the master.
+ indicates the device through which the user logs in.
The Bridge MAC of the IRF is: 3822-d60f-2800
Auto upgrade : yes
Mac persistent : always
Domain ID : 0
从命令行的显示看,当前两台设备IRF成功建立。
(2) 验证跨框聚合有链路备份的作用
从serverGroup 1任意挑选一台PC ping外网IP,关闭IRF的上行端口Ten-GigabitEthernet 1/1/8,出现短暂中断后仍然可以ping通外网。
C:\Users>ping 202.108.22.5 –t
正在 Ping 202.108.22.5 具有 32 字节的数据:
来自 202.108.22.5 的回复: 字节=32 时间=1ms TTL=122
来自 202.108.22.5 的回复: 字节=32 时间=13ms TTL=122
来自 202.108.22.5 的回复: 字节=32 时间<1ms TTL=122
请求超时。
来自 202.108.22.5 的回复: 字节=32 时间<1ms TTL=122
来自 202.108.22.5 的回复: 字节=32 时间<1ms TTL=122
来自 202.108.22.5 的回复: 字节=32 时间<1ms TTL=122
重新开启端口Ten-GigabitEthernet 1/1/8,持续ping,将另外一个上行端口Ten-GigabitEthernet 2/1/8关闭,出现短暂中断后仍然可以ping通外网。
C:\Users>ping 202.108.22.5 –t
正在 Ping 202.108.22.5 具有 32 字节的数据:
来自 202.108.22.5 的回复: 字节=32 时间=1ms TTL=122
来自 202.108.22.5 的回复: 字节=32 时间=13ms TTL=122
来自 202.108.22.5 的回复: 字节=32 时间<1ms TTL=122
请求超时。
来自 202.108.22.5 的回复: 字节=32 时间<1ms TTL=122
来自 202.108.22.5 的回复: 字节=32 时间<1ms TTL=122
来自 202.108.22.5 的回复: 字节=32 时间<1ms TTL=122
(3) 验证IRF物理链路的冗余备份
断开IRF物理链路中的任意一条,IRF仍能正常工作、没有分裂。
· IRF:
#
irf mac-address persistent always
irf auto-update enable
undo irf link-delay
irf member 1 priority 1
irf member 2 priority 1
#
ospf 1
import-route direct
area 0.0.0.0
network 172.24.40.0 0.0.0.255
network 172.24.41.0 0.0.0.255
#
vlan 10
#
vlan 20
#
vlan 40
#
vlan 41
#
irf-port 1/2
port group interface Ten-GigabitEthernet1/1/1 mode enhanced
port group interface Ten-GigabitEthernet1/1/2 mode enhanced
#
irf-port 2/1
port group interface Ten-GigabitEthernet2/1/1 mode enhanced
port group interface Ten-GigabitEthernet2/1/2 mode enhanced
#
interface bridge-aggregation 1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
link-aggregation mode dynamic
mad enable
#
interface bridge-aggregation 2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
#
interface bridge-aggregation 1023
port access vlan 40
#
interface bridge-aggregation 1024
port access vlan 41
#
interface vlan-interface 10
ip address 172.24.10.254 255.255.255.0
#
interface vlan-interface 20
ip address 172.24.20.254 255.255.255.0
#
interface vlan-interface 40
ip address 172.24.40.254 255.255.255.0
#
interface vlan-interface 41
ip address 172.24.41.254 255.255.255.0
#
interface Ten-GigabitEthernet 1/1/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port link-aggregation group 1
#
interface Ten-GigabitEthernet 1/1/4
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
port link-aggregation group 2
#
interface Ten-GigabitEthernet 1/1/7
port link-mode bridge
port access vlan 40
port link-aggregation group 1023
#
interface Ten-GigabitEthernet 1/1/8
port link-mode bridge
port access vlan 41
port link-aggregation group 1024
#
interface Ten-GigabitEthernet 2/1/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port link-aggregation group 1
#
interface Ten-GigabitEthernet 2/1/4
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
port link-aggregation group 2
#
interface Ten-GigabitEthernet 2/1/7
port link-mode bridge
port access vlan 40
port link-aggregation group 1023
#
interface Ten-GigabitEthernet 2/1/8
port link-mode bridge
port access vlan 41
port link-aggregation group 1024
#
· SW1:
#
vlan 1
#
vlan 2 to 4094
#
interface bridge-aggregation 1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
link-aggregation mode dynamic
#
interface Ten-GigabitEthernet 1/1/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port link-aggregation group 1
#
interface Ten-GigabitEthernet 1/1/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port link-aggregation group 1
#
interface Ten-GigabitEthernet 1/2/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
#
· SW2:
#
vlan 1
#
vlan 2 to 4094
#
interface bridge-aggregation 1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
#
interface Ten-GigabitEthernet 1/1/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
port link-aggregation group 1
#
interface Ten-GigabitEthernet 1/1/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
port link-aggregation group 1
#
interface Ten-GigabitEthernet 1/2/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
#
· RouterA:
#
ospf 1
import-route direct
area 0.0.0.0
network 172.24.2.0 0.0.0.255
network 172.24.40.0 0.0.0.255
#
vlan 30
#
vlan 40
#
vlan 50
#
interface bridge-aggregation 1
port access vlan 40
#
interface bridge-aggregation 2
port access vlan 30
#
interface vlan-interface 30
ip address 172.24.2.2 255.255.255.0
#
interface vlan-interface 40
ip address 172.24.40.2 255.255.255.0
#
interface vlan-interface 50
ip address 172.24.1.2 255.255.255.0
#
interface Ten-GigabitEthernet 2/0/1
port link-mode bridge
port access vlan 40
port link-aggregation group 1
#
interface Ten-GigabitEthernet 2/0/2
port link-mode bridge
port access vlan 30
port link-aggregation group 2
#
interface Ten-GigabitEthernet 4/0/1
port link-mode bridge
port access vlan 40
port link-aggregation group 1
#
interface Ten-GigabitEthernet 4/0/2
port link-mode bridge
port access vlan 30
port link-aggregation group 2
#
interface Ten-GigabitEthernet 4/0/3
port link-mode bridge
port access vlan 50
#
· RouterB:
#
ospf 1
import-route direct
area 0.0.0.0
network 172.24.2.0 0.0.0.255
network 172.24.41.0 0.0.0.255
#
vlan 30
#
vlan 41
#
vlan 50
#
interface bridge-aggregation 1
port access vlan 41
#
interface bridge-aggregation 2
port access vlan 30
#
interface vlan-interface 30
ip address 172.24.2.3 255.255.255.0
#
interface vlan-interface 41
ip address 172.24.41.3 255.255.255.0
#
interface vlan-interface 50
ip address 172.24.4.3 255.255.255.0
#
interface Ten-GigabitEthernet 2/0/1
port link-mode bridge
port access vlan 41
port link-aggregation group 1
#
interface Ten-GigabitEthernet 2/0/2
port link-mode bridge
port access vlan 30
port link-aggregation group 2
#
interface Ten-GigabitEthernet 4/0/1
port link-mode bridge
port access vlan 41
port link-aggregation group 1
#
interface Ten-GigabitEthernet 4/0/2
port link-mode bridge
port access vlan 30
port link-aggregation group 2
#
interface Ten-GigabitEthernet 4/0/3
port link-mode bridge
port access vlan 50
#
表6 适用产品及版本
|
产品 |
软件版本 |
|
S6805系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S6825系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S6850系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S9850系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S9820-64H |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S9820-8C |
不支持 |
|
S6800系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S6860系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S6826系列 |
不支持 |
|
S9826系列 |
不支持 |
· 如图18所示,由于网络规模迅速扩大,汇聚层SW设备扩展至N台,当前中心设备Device A的转发能力已经不能满足需求。现在需要另增三台设备,组成一个四框IRF才能满足当前网络的转发需求。
· 升级到四框IRF设备后,必须保证即使IRF中有N台设备发生故障(1≤N≤3),RouterA与汇聚层交换机(如:SW1,SW2等)之间通信也不能中断。
图18 四台成员设备的IRF典型配置组网图(采用LACP MAD)
表3 IP地址配置信息
|
设备 |
接口 |
IP地址 |
|
RouterA |
Vlan-interface41 |
172.24.41.2/24 |
|
Vlan-interface50 |
172.24.1.2/24 |
|
|
IRF |
Vlan-interface41 |
172.24.41.254/24 |
|
Vlan-interface10 |
172.24.10.254/24 |
|
|
Vlan-interface20 |
172.24.20.254/24 |
|
|
… |
… |
|
|
Vlan-interfaceN |
172.24.N.254/24 |
表4 IRF设备互联信息
|
设备 |
IRF端口 |
对端IRF端口 |
IRF成员端口 |
|
Device A |
irf-port 1/1 |
irf-port 4/2 |
XGE1/2/2 |
|
Device A |
irf-port 1/2 |
irf-port 2/1 |
XGE1/2/1 |
|
Device B |
irf-port 2/1 |
irf-port 1/2 |
XGE2/2/1 |
|
Device B |
irf-port 2/2 |
irf-port 3/1 |
XGE2/2/2 |
|
Device C |
irf-port 3/1 |
irf-port 2/2 |
XGE3/2/2 |
|
Device C |
irf-port 3/2 |
irf-port 4/1 |
XGE3/2/1 |
|
Device D |
irf-port 4/1 |
irf-port 3/2 |
XGE4/2/1 |
|
Device D |
irf-port 4/2 |
irf-port 1/1 |
XGE4/2/2 |
表5 IRF设备的上下行互联信息
|
IRF的对端设备 |
接口 |
所属vlan |
所属聚合组 |
|
下行连SW2 |
XGE1/3/1 |
Vlan 13(BFD MAD) |
|
|
下行连SW2 |
XGE2/3/1 |
Vlan 13(BFD MAD) |
|
|
下行连SW2 |
XGE3/3/1 |
Vlan 13(BFD MAD) |
|
|
下行连SW2 |
XGE4/3/1 |
Vlan 13(BFD MAD) |
|
|
下行连SW1 |
XGE1/3/3 |
Vlan 10 |
Bridge-aggregation 1(LACP MAD) |
|
下行连SW1 |
XGE2/3/3 |
Vlan 10 |
Bridge-aggregation 1(LACP MAD) |
|
下行连SW1 |
XGE3/3/3 |
Vlan 10 |
Bridge-aggregation 1(LACP MAD) |
|
下行连SW1 |
XGE4/3/3 |
Vlan 10 |
Bridge-aggregation 1(LACP MAD) |
|
下行连SW2 |
XGE1/3/4 |
Vlan 20 |
Bridge-aggregation 2 |
|
下行连SW2 |
XGE2/3/4 |
Vlan 20 |
Bridge-aggregation 2 |
|
下行连SW2 |
XGE3/3/4 |
Vlan 20 |
Bridge-aggregation 2 |
|
下行连SW2 |
XGE4/3/4 |
Vlan 20 |
Bridge-aggregation 2 |
|
上行连Router A |
XGE1/3/8 |
Vlan 41 |
Bridge-aggregation 1024 |
|
上行连Router A |
XGE2/3/8 |
Vlan 41 |
Bridge-aggregation 1024 |
|
上行连Router A |
XGE3/3/8 |
Vlan 41 |
Bridge-aggregation 1024 |
|
上行连Router A |
XGE4/3/8 |
Vlan 41 |
Bridge-aggregation 1024 |
表6 SW1设备的上下行互联信息
|
SW1的对端设备 |
接口 |
所属vlan |
所属聚合组 |
|
下行连服务组 |
XGE1/3/1 |
Vlan 10 |
|
|
上行连IRF |
XGE1/2/21 |
Vlan 10 |
Bridge-aggregation 1(LACP MAD) |
|
上行连IRF |
XGE1/2/22 |
Vlan 10 |
Bridge-aggregation 1(LACP MAD) |
|
上行连IRF |
XGE1/2/23 |
Vlan 10 |
Bridge-aggregation 1(LACP MAD) |
|
上行连IRF |
XGE1/2/24 |
Vlan 10 |
Bridge-aggregation 1(LACP MAD) |
表7 SW2设备的上下行互联信息
|
SW2的对端设备 |
接口 |
所属vlan |
所属聚合组 |
|
下行连服务组 |
XGE1/3/1 |
Vlan 20 |
|
|
上行连IRF |
XGE1/2/21 |
Vlan 20 |
Bridge-aggregation 1 |
|
上行连IRF |
XGE1/2/22 |
Vlan 20 |
Bridge-aggregation 1 |
|
上行连IRF |
XGE1/2/23 |
Vlan 20 |
Bridge-aggregation 1 |
|
上行连IRF |
XGE1/2/24 |
Vlan 20 |
Bridge-aggregation 1 |
|
上行连IRF |
XGE1/2/41 |
Vlan 13(BFD MAD) |
|
|
上行连IRF |
XGE1/2/42 |
Vlan 13(BFD MAD) |
|
|
上行连IRF |
XGE1/2/43 |
Vlan 13(BFD MAD) |
|
|
上行连IRF |
XGE1/2/44 |
Vlan 13(BFD MAD) |
|
表8 Router A设备的上下行互联信息
|
Router A的对端设备 |
接口 |
所属vlan |
所属聚合组 |
|
下行连IRF |
XGE2/0/1 |
Vlan 41 |
Bridge-aggregation 1 |
|
下行连IRF |
XGE2/0/2 |
Vlan 41 |
Bridge-aggregation 1 |
|
下行连IRF |
XGE2/0/3 |
Vlan 41 |
Bridge-aggregation 1 |
|
下行连IRF |
XGE2/0/4 |
Vlan 41 |
Bridge-aggregation 1 |
|
上行连外网 |
XGE2/0/2 |
Vlan 50 |
|
· 为避免成员设备的单点故障影响到正常的业务转发,可在IRF中配置跨框聚合端口进行业务转发。
· LACP MAD检测只需在一个聚合组中配置即可,其他聚合组中无需配置。LACP MAD检测使用的二层交换机必须为H3C的交换机设备且使用的软件版本必须能够识别、处理携带了ActiveID值的LACPDU协议报文,在本例中使用SW 1作为LACP MAD检测的中间设备。
本举例在xxxx版本上进行配置和验证。
(1) 根据表4选定IRF物理端口并关闭这些端口
<DeviceA> system-view
[DeviceA] interface range ten-gigabitethernet 1/2/1 to ten-gigabitethernet 1/2/2
[DeviceA-if-range] shutdown
[DeviceA-if-range] quit
(2) 配置IRF端口1/1,并将它与物理端口Ten-GigabitEthernet1/2/2
[DeviceA] irf-port 1/1
[DeviceA-irf-port1/1] port group interface ten-gigabitethernet 1/2/2
[DeviceA-irf-port1/1] quit
(3) 配置IRF端口1/2,并将它与物理端口Ten-GigabitEthernet1/2/1
[DeviceA] irf-port 1/2
[DeviceA-irf-port1/2] port group interface ten-gigabitethernet 1/2/1
[DeviceA-irf-port1/2] quit
(4) 开启IRF物理端口,并保存配置
[DeviceA] interface range ten-gigabitethernet 1/2/1 to ten-gigabitethernet 1/2/2
[DeviceA-if-range] undo shutdown
[DeviceA-if-range] quit
[DeviceA] save
(5) 激活IRF端口下的配置
[DeviceA] irf-port-configuration active
(1) 将Device B的成员编号配置为2,并重启设备使新编号生效
<DeviceB> system-view
[DeviceB] irf member 1 renumber 2
Renumbering the member ID may result in configuration change or loss. Continue? [Y/N]:y
[DeviceB] quit
<DeviceB> reboot
(2) 根据表4选定IRF物理端口并关闭这些端口
<DeviceB> system-view
[DeviceB] interface range ten-gigabitethernet 2/2/1 to ten-gigabitethernet 2/2/2
[DeviceB-if-range] shutdown
[DeviceB-if-range] quit
(3) 配置IRF端口2/1,并将它与物理端口Ten-GigabitEthernet2/2/1绑定
[DeviceB] irf-port 2/1
[DeviceB-irf-port2/1] port group interface ten-gigabitethernet 2/2/1
[DeviceB-irf-port2/1] quit
(4) 配置IRF端口2/2,并将它与物理端口Ten-GigabitEthernet2/2/2绑定
[DeviceB] irf-port 2/2
[DeviceB-irf-port2/2] port group interface ten-gigabitethernet 2/2/2
[DeviceB-irf-port2/2] quit
(5) 开启IRF物理端口,并保存配置
[DeviceB] interface range ten-gigabitethernet 2/2/1 to ten-gigabitethernet 2/2/2
[DeviceB-if-range] undo shutdown
[DeviceB-if-range] quit
[DeviceB] save
(6) 参照图18和端口连接表连接Device B和Device A之间的IRF端口,激活IRF端口下的配置
[DeviceB] irf-port-configuration active
(1) 将Device C的成员编号配置为3,并重启设备使新编号生效
<DeviceC> system-view
[DeviceC] irf member 1 renumber 3
Renumbering the member ID may result in configuration change or loss. Continue? [Y/N]:y
[DeviceC] quit
<DeviceC> reboot
(2) 根据表4选定IRF物理端口并关闭这些端口
<DeviceC> system-view
[DeviceC] interface range ten-gigabitethernet 3/2/1 to ten-gigabitethernet 3/2/2
[DeviceC-if-range] shutdown
[DeviceC-if-range] quit
(3) 配置IRF端口3/1,并将它与物理端口Ten-GigabitEthernet3/2/2绑定
[DeviceC] irf-port 3/1
[DeviceC-irf-port3/1] port group interface ten-gigabitethernet 3/2/2
[DeviceC-irf-port3/1] quit
(4) 配置IRF端口3/2,并将它与物理端口Ten-GigabitEthernet3/2/1绑定
[DeviceC] irf-port 3/2
[DeviceC-irf-port3/2] port group interface ten-gigabitethernet 3/2/1
[DeviceC-irf-port3/2] quit
(5) 开启IRF物理端口,并保存配置
[DeviceC] interface range ten-gigabitethernet 3/2/1 to ten-gigabitethernet 3/2/2
[DeviceC-if-range] undo shutdown
[DeviceC-if-range] quit
[DeviceC] save
(6) 参照图18和端口连接表连接Device C和Device B之间的IRF端口,激活IRF端口下的配置
[DeviceC] irf-port-configuration active
(1) 将Device D的成员编号配置为4,并重启设备使新编号生效
<DeviceD> system-view
[DeviceD] irf member 1 renumber 4
Renumbering the member ID may result in configuration change or loss. Continue? [Y/N]:y
[DeviceD] quit
<DeviceD> reboot
(2) 根据表4选定IRF物理端口并关闭这些端口
<DeviceD> system-view
[DeviceD] interface range ten-gigabitethernet 4/2/1 to ten-gigabitethernet 4/2/2
[DeviceD-if-range] shutdown
[DeviceD-if-range] quit
(3) 配置IRF端口4/1,并将它与物理端口Ten-GigabitEthernet4/2/1绑定
[DeviceD] irf-port 4/1
[DeviceD-irf-port4/1] port group interface ten-gigabitethernet 4/2/1
[DeviceD-irf-port4/1] quit
(4) 配置IRF端口4/2,并将它与物理端口Ten-GigabitEthernet4/2/2绑定
[DeviceD] irf-port 4/2
[DeviceD-irf-port4/2] port group interface ten-gigabitethernet 4/2/2
[DeviceD-irf-port4/2] quit
(5) 开启IRF物理端口,并保存配置
[DeviceD] interface range ten-gigabitethernet 4/2/1 to ten-gigabitethernet 4/2/2
[DeviceD-if-range] undo shutdown
[DeviceD-if-range] quit
[DeviceD] save
(6) 参照图18和端口连接表连接Device D和Device A、Device D和Device C之间的IRF端口,激活IRF端口下的配置
[DeviceD] irf-port-configuration active
在前面配置完成并重新启动后,IRF已经组建完成,此时可以进行各个业务模块的配置。IRF形成之后,可以从任何一台成员设备登录进行配置,设备名称缺省为Master的名称(此例中为Device A)。
# 创建连接接入层交换机SW 1的动态聚合组,编号为1,并使能LACP MAD检测功能。
<DeviceA> system-view
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] link-aggregation mode dynamic
[DeviceA-Bridge-Aggregation1] mad enable
You need to assign a domain ID (range: 0-4294967295)
[Current domain is: 0]:
The assigned domain ID is: 0
[DeviceA-Bridge-Aggregation1] quit
# 使用接口批量配置功能配置连接SW 1的端口加入聚合组1。
[DeviceA] interface range ten-gigabitethernet 1/3/3 ten-gigabitethernet 2/3/3 ten-gigabitethernet 3/3/3 ten-gigabitethernet 4/3/3
[DeviceA-if-range] port link-aggregation group 1
[DeviceA-if-range] quit
# 创建连接接入层交换机SW 2的聚合组,编号为2。
[DeviceA] interface bridge-aggregation 2
[DeviceA-Bridge-Aggregation2] quit
# 使用接口批量配置功能配置连接SW 2的端口加入聚合组2。
[DeviceA] interface range ten-gigabitethernet 1/3/4 ten-gigabitethernet 2/3/4 ten-gigabitethernet 3/3/4 ten-gigabitethernet 4/3/4
[DeviceA-if-range] port link-aggregation group 2
[DeviceA-if-range] quit
# 配置与SW 1之间通过Vlan-interface 10连接。
[DeviceA] vlan 10
[DeviceA-vlan10] quit
[DeviceA] interface vlan-interface 10
[DeviceA-Vlan-interface10] ip address 172.24.10.254 24
[DeviceA-Vlan-interface10] quit
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] port link-type trunk
[DeviceA-Bridge-Aggregation1] undo port trunk permit vlan 1
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 10
[DeviceA-Bridge-Aggregation1] quit
# 配置与SW 2之间通过Vlan-interface 20连接。
[DeviceA] vlan 20
[DeviceA-vlan20] quit
[DeviceA] interface vlan-interface 20
[DeviceA-Vlan-interface20] ip address 172.24.20.254 24
[DeviceA-Vlan-interface20] quit
[DeviceA] interface bridge-aggregation 2
[DeviceA-Bridge-Aggregation2] port link-type trunk
[DeviceA-Bridge-Aggregation2] undo port trunk permit vlan 1
[DeviceA-Bridge-Aggregation2] port trunk permit vlan 20
[DeviceA-Bridge-Aggregation2] quit
# 创建连接IRF的动态聚合组,编号为1,该聚合组同时用于IRF的LACP MAD检测。
<SW1> system-view
[SW1] interface bridge-aggregation 1
[SW1-Bridge-Aggregation1] link-aggregation mode dynamic
[SW1-Bridge-Aggregation1] quit
# 使用接口批量配置功能配置连接IRF的端口加入聚合组1。
[SW1] interface range ten-gigabitethernet 1/2/21 to ten-gigabitethernet 1/2/24
[SW1-if-range] port link-aggregation group 1
[SW1-if-range] quit
# 接入设备SW1上创建所有VLAN。
[SW1] vlan all
# 配置与IRF连接的端口。
[SW1] interface bridge-aggregation 1
[SW1-Bridge-Aggregation1] port link-type trunk
[SW1-Bridge-Aggregation1] undo port trunk permit vlan 1
[SW1-Bridge-Aggregation1] port trunk permit vlan 10
[SW1-Bridge-Aggregation1] quit
# 配置连接服务器的端口Ten-GigabitEthernet1/3/1。
[SW1] interface ten-gigabitethernet 1/3/1
[SW1-Ten-GigabitEthernet1/3/1] port link-type trunk
[SW1-Ten-GigabitEthernet1/3/1] port trunk permit vlan all
[SW1-Ten-GigabitEthernet1/3/1] undo port trunk permit vlan 1
[SW1-Ten-GigabitEthernet1/3/1] quit
# 创建连接IRF的聚合组,编号为1。
<SW2> system-view
[SW2] interface bridge-aggregation 1
[SW2-Bridge-Aggregation1] quit
# 使用接口批量配置功能配置连接IRF的端口加入聚合组1。
[SW2] interface range ten-gigabitethernet 1/2/21 to ten-gigabitethernet 1/2/24
[SW2-if-range] port link-aggregation group 1
[SW2-if-range] quit
# 接入设备SW 2上创建所有VLAN。
[SW2] vlan all
# 配置与IRF连接的端口。
[SW2] interface bridge-aggregation 1
[SW2-Bridge-Aggregation1] port link-type trunk
[SW2-Bridge-Aggregation1] undo port trunk permit vlan 1
[SW2-Bridge-Aggregation1] port trunk permit vlan 20
[SW2-Bridge-Aggregation1] quit
# 配置连接服务器的端口Ten-GigabitEthernet1/3/1。
[SW2] interface ten-gigabitethernet 1/3/1
[SW2-Ten-GigabitEthernet1/3/1] port link-type trunk
[SW2-Ten-GigabitEthernet1/3/1] port trunk permit vlan all
[SW2-Ten-GigabitEthernet1/3/1] undo port trunk permit vlan 1
[SW2-Ten-GigabitEthernet1/3/1] quit
# 创建连接出口路由器Router A的聚合组,编号为1024。
[DeviceA] interface bridge-aggregation 1024
[DeviceA-Bridge-Aggregation1024] quit
# 使用接口批量配置功能配置连接Router A的端口加入聚合组1024。
[DeviceA] interface range ten-gigabitethernet 1/3/8 ten-gigabitethernet 2/3/8 ten-gigabitethernet 3/3/8 ten-gigabitethernet 4/3/8
[DeviceA-if-range] port link-aggregation group 1024
[DeviceA-if-range] quit
# 配置与Router A之间通过Vlan-interface41连接。
[DeviceA] vlan 41
[DeviceA-vlan41] quit
[DeviceA] interface vlan-interface 41
[DeviceA-Vlan-interface41] ip address 172.24.41.254 24
[DeviceA-Vlan-interface41] quit
[DeviceA] interface bridge-aggregation 1024
[DeviceA-Bridge-Aggregation1024] port access vlan 41
[DeviceA-Bridge-Aggregation1024] quit
# 配置IRF与出口路由器之间运行OSPF路由协议。
[DeviceA] interface loopback 0
[DeviceA-LoopBack0] ip address 172.24.254.1 255.255.255.255
[DeviceA-LoopBack0] quit
[DeviceA] ospf 1 router-id 172.24.254.1
[DeviceA-ospf-1] import-route direct
[DeviceA-ospf-1] area 0
[DeviceA-ospf-1-area-0.0.0.0] network 172.24.41.0 0.0.0.255
[DeviceA-ospf-1-area-0.0.0.0] quit
[DeviceA-ospf-1] quit
出口路由器配置本用例只描述与IRF连接的部分,外网使用何种路由协议不予描述。
# 创建连接IRF的聚合组,编号为1。
<RouterA> system-view
[RouterA] interface bridge-aggregation 1
[RouterA-Bridge-Aggregation1] quit
# 配置连接IRF的端口加入聚合组1。
[RouterA] interface range ten-gigabitethernet 2/0/1 to interface ten-gigabitethernet 2/0/4
[RouterA-if-range] port link-aggregation group 1
[RouterA-if-range] quit
# 配置与IRF之间通过Vlan-interface 41连接。
[RouterA] vlan 41
[RouterA-vlan41] quit
[RouterA] interface vlan-interface 41
[RouterA-Vlan-interface41] ip address 172.24.41.2 24
[RouterA-Vlan-interface41] quit
[RouterA] interface bridge-aggregation 1
[RouterA-Bridge-Aggregation1] port access vlan 41
[RouterA-Bridge-Aggregation1] quit
# 配置Router A通过Vlan-interface 50连接外网。
[RouterA] vlan 50
[RouterA-vlan50] quit
[RouterA] interface vlan-interface 50
[RouterA-Vlan-interface50] ip address 172.24.1.2 24
[RouterA-Vlan-interface50] quit
[RouterA] interface ten-gigabitethernet 4/0/3
[RouterA-Ten-GigabitEthernet4/0/3] port link-mode bridge
[RouterA-Ten-GigabitEthernet4/0/3] port access vlan 50
[RouterA-Ten-GigabitEthernet4/0/3] quit
# 配置Router A与IRF之间运行OSPF路由协议。
[RouterA] interface loopback 0
[RouterA-LoopBack0] ip addresss 172.24.254.2 255.255.255.255
[RouterA-LoopBack0] quit
[RouterA] ospf 1 router-id 172.24.254.2
[RouterA-ospf-1] import-route direct
[RouterA-ospf-1] area 0
[RouterA-ospf-1-area-0.0.0.0] network 172.24.41.0 0.0.0.255
[RouterA-ospf-1-area-0.0.0.0] quit
[RouterA-ospf-1] quit
(1) 验证IRF是否建立成功
# 使用display irf topology命令查看八个IRF口都是UP状态,说明四台设备建立IRF成功。
<DeviceA> display irf topology
Topology Info
-------------------------------------------------------------------------
IRF-Port1 IRF-Port2
MemberID Link neighbor Link neighbor Belong To
1 UP 4 UP 2 00e0-fc0f-8c08
4 UP 3 UP 1 00e0-fc0f-8c08
3 UP 2 UP 4 00e0-fc0f-8c08
2 UP 1 UP 3 00e0-fc0f-8c08
(2) 验证跨框聚合链路备份功能
# 从serverGroup 1任意挑选一台PC ping外网IP,同时关闭IRF的上行端口Ten-GigabitEthernet 1/3/8。
[DeviceA] interface ten-gigabitethernet 1/3/8
[DeviceA-Ten-GigabitEthernet1/3/8] shutdown
仍然可以ping通外网。
# 重新开启IRF的上行端口Ten-GigabitEthernet 1/3/8端口,持续ping外网IP。
[DeviceA-Ten-GigabitEthernet1/3/8] undo shutdown
[DeviceA-Ten-GigabitEthernet1/3/8] quit
# 关闭IRF的另一个上行端口Ten-GigabitEthernet 2/3/8。
[DeviceA] interface ten-gigabitethernet 2/3/8
[DeviceA-Ten-GigabitEthernet2/3/8] shutdown
仍然可以ping通外网。
· IRF:
#
irf mac-address persistent always
irf auto-update enable
undo irf link-delay
irf member 1 priority 1
irf member 2 priority 1
irf member 3 priority 1
irf member 4 priority 1
#
ospf 1 router-id 172.24.254.1
import-route direct
area 0.0.0.0
network 172.24.41.0 0.0.0.255
#
vlan 10
#
vlan 20
#
vlan 41
#
irf-port 1/1
port group interface Ten-GigabitEthernet1/2/2 mode enhanced
#
irf-port 1/2
port group interface Ten-GigabitEthernet1/2/1 mode enhanced
#
irf-port 2/1
port group interface Ten-GigabitEthernet2/2/1 mode enhanced
#
irf-port 2/2
port group interface Ten-GigabitEthernet2/2/2 mode enhanced
#
irf-port 3/1
port group interface Ten-GigabitEthernet3/2/2 mode enhanced
#
irf-port 3/2
port group interface Ten-GigabitEthernet3/2/1 mode enhanced
#
irf-port 4/1
port group interface Ten-GigabitEthernet4/2/1 mode enhanced
#
irf-port 4/2
port group interface Ten-GigabitEthernet4/2/2 mode enhanced
#
interface bridge-aggregation 1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
mad enable
link-aggregation mode dynamic
#
interface bridge-aggregation 2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
#
interface bridge-aggregation 1024
port access vlan 41
#
interface loopback 0
ip address 172.24.254.1 255.255.255.255
#
interface vlan-interface 10
ip address 172.24.10.254 24
#
interface vlan-interface 20
ip address 172.24.20.254 24
#
interface vlan-interface 41
ip address 172.24.41.254 24
#
interface Ten-GigabitEthernet 1/3/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port link-aggregation group 1
#
interface Ten-GigabitEthernet 1/3/4
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
port link-aggregation group 2
#
interface Ten-GigabitEthernet 1/3/8
port link-mode bridge
port access vlan 41
port link-aggregation group 1024
#
interface Ten-GigabitEthernet 2/3/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port link-aggregation group 1
#
interface Ten-GigabitEthernet 2/3/4
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
port link-aggregation group 2
#
interface Ten-GigabitEthernet 2/3/8
port link-mode bridge
port access vlan 41
port link-aggregation group 1024
#
interface Ten-GigabitEthernet 3/3/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port link-aggregation group 1
#
interface Ten-GigabitEthernet 3/3/4
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
port link-aggregation group 2
#
interface Ten-GigabitEthernet 3/3/8
port link-mode bridge
port access vlan 41
port link-aggregation group 1024
#
interface Ten-GigabitEthernet 4/3/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port link-aggregation group 1
#
interface Ten-GigabitEthernet 4/3/4
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
port link-aggregation group 2
#
interface Ten-GigabitEthernet 4/3/8
port link-mode bridge
port access vlan 41
port link-aggregation group 1024
#
· SW1:
#
vlan 1
#
vlan 2 to 4094
#
interface Ten-GigabitEthernet 1/3/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
#
interface bridge-aggregation 1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
link-aggregation mode dynamic
#
interface Ten-GigabitEthernet 1/2/21
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port link-aggregation group 1
#
interface Ten-GigabitEthernet 1/2/22
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port link-aggregation group 1
#
interface Ten-GigabitEthernet 1/2/23
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port link-aggregation group 1
#
interface Ten-GigabitEthernet 1/2/24
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port link-aggregation group 1
#
· SW2:
#
vlan 1
#
vlan 2 to 4094
#
interface Ten-GigabitEthernet 1/3/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
#
interface bridge-aggregation 1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
#
interface Ten-GigabitEthernet 1/2/21
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
port link-aggregation group 1
#
interface Ten-GigabitEthernet 1/2/22
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
port link-aggregation group 1
#
interface Ten-GigabitEthernet 1/2/23
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
port link-aggregation group 1
#
interface Ten-GigabitEthernet 1/2/24
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
port link-aggregation group 1
#
· RouterA:
#
ospf 1 router-id 172.24.254.2
import-route direct
area 0.0.0.0
network 172.24.41.0 0.0.0.255
#
vlan 41
#
vlan 50
#
interface bridge-aggregation 1
port access vlan 41
#
interface loopback 0
ip address 172.24.254.2 255.255.255.255
#
interface vlan-interface 41
ip address 172.24.41.2 24
#
interface vlan-interface 50
ip address 172.24.1.2 24
#
interface Ten-GigabitEthernet 2/0/1
port link-mode bridge
port access vlan 41
port link-aggregation group 1
#
interface Ten-GigabitEthernet 2/0/2
port link-mode bridge
port access vlan 41
port link-aggregation group 1
#
interface Ten-GigabitEthernet 2/0/3
port link-mode bridge
port access vlan 41
port link-aggregation group 1
#
interface Ten-GigabitEthernet 2/0/4
port link-mode bridge
port access vlan 41
port link-aggregation group 1
#
interface Ten-GigabitEthernet 2/0/12
port link-mode bridge
port access vlan 50
#
表7 适用产品及版本
|
产品 |
软件版本 |
|
S6805系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S6825系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S6850系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S9850系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S9820-64H |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S9820-8C |
不支持 |
|
S6800系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S6860系列 |
Release 6710Pxx版本,Release 6715及以上版本 |
|
S6826系列 |
不支持 |
|
S9826系列 |
不支持 |
由于网络规模迅速扩大,汇聚层SW设备扩展至N台,当前中心设备Device A和Device B组成IRF的转发能力已经不能满足需求。现在需要在保留原有设备的基础上完成扩容,满足当前网络的转发需求。采用的升级方案为:扩大汇聚层设备的IRF规模,升级成四框IRF来满足当前网络的转发需求,如图21所示。
图19 升级之前组网图(两个IRF成员设备)
图20 升级过程组网图(新增两个成员设备Device C和Device D)
IP地址配置信息及设备间的互联端口信息请参见8 两台成员设备的IRF配置举例。
· 为避免成员设备的单点故障影响到正常的业务转发,在IRF中配置跨框聚合端口进行业务转发。
· 为尽量降低IRF分裂对业务造成的影响,可在IRF中配置BFD MAD检测。检测速度较快,组网形式灵活,对于中间设备没有要求,但是会占用额外的三层接口。
BFD MAD与STP功能互斥,因此需要在用于BFD MAD检测的接口上关闭STP功能。
· 如果新加入的DeviceC和DeviceD还未组建IRF,搭建四框IRF的配置步骤请参考10.5.1 搭建IRF(配置Device C和Device D加入IRF);
· 如果新加入的DeviceC和DeviceD已经组成了另一个IRF(假设名称为IRF-C),搭建四框IRF的配置步骤请参考10.5.2 搭建IRF(配置原IRF和IRF-C合并成IRF)。
由于Device A和Device B已经组成了IRF,所以只需将Device C和Device D加入IRF即可。
(1) 根据表4选定连接Device C和Device D的IRF物理端口并关闭这些端口
<DeviceA> system-view
[DeviceA] interface ten-gigabitethernet 1/2/2
[DeviceA-Ten-GigabitEthernet1/2/2] shutdown
[DeviceA-Ten-GigabitEthernet1/2/2] quit
[DeviceA] interface ten-gigabitEthernet 2/2/2
[DeviceA-Ten-GigabitEthernet2/2/2] undo shutdown
[DeviceA-Ten-GigabitEthernet2/2/2] quit
(2) 配置IRF端口1/1,并将它与物理端口Ten-GigabitEthernet1/2/2绑定
[DeviceA] irf-port 1/1
[DeviceA-irf-port1/1] port group interface ten-gigabitethernet 1/2/2
[DeviceA-irf-port1/1] quit
(3) 配置IRF端口2/2,并将它与物理端口Ten-GigabitEthernet2/2/2绑定
[DeviceA] irf-port 2/2
[DeviceA-irf-port2/2] port group interface ten-gigabitethernet2/2/2
[DeviceA-irf-port2/2] quit
(4) 开启IRF物理端口,并保存配置
[DeviceA] interface ten-gigabitethernet 1/2/2
[DeviceA-Ten-GigabitEthernet1/2/2] undo shutdown
[DeviceA-Ten-GigabitEthernet1/2/2] quit
[DeviceA] interface ten-gigabitEthernet 2/2/2
[DeviceA-Ten-GigabitEthernet2/2/2] undo shutdown
[DeviceA-Ten-GigabitEthernet2/2/2] quit
[DeviceA] save
(5) 激活IRF端口下的配置
[DeviceA] irf-port-configuration active
(1) 将Device C的成员编号配置为3,并重启设备使新编号生效
<DeviceC> system-view
[DeviceC] irf member 1 renumber 3
Renumbering the member ID may result in configuration change or loss. Continue? [Y/N]:y
[DeviceC] quit
<DeviceC> reboot
(2) 根据表4选定IRF物理端口并关闭这些端口
<DeviceC> system-view
[DeviceC] interface range ten-gigabitethernet 3/2/1 to ten-gigabitethernet 3/2/2
[DeviceC-if-range] shutdown
[DeviceC-if-range] quit
(3) 配置IRF端口3/1,并将它与物理端口Ten-GigabitEthernet3/2/2绑定
[DeviceC] irf-port 3/1
[DeviceC-irf-port3/1] port group interface ten-gigabitethernet 3/2/2
[DeviceC-irf-port3/1] quit
(4) 配置IRF端口3/2,并将它与物理端口Ten-GigabitEthernet3/2/1绑定
[DeviceC] irf-port 3/2
[DeviceC-irf-port3/2] port group interface ten-gigabitethernet 3/2/1
[DeviceC-irf-port3/2] quit
(5) 开启IRF物理端口,并保存配置
[DeviceC] interface range ten-gigabitethernet 3/2/1 to ten-gigabitethernet 3/2/2
[DeviceC-if-range] undo shutdown
[DeviceC-if-range] quit
[DeviceC] save
(6) 参照10.2 图21和端口连接表连接Device B和Device C之间的IRF端口,激活IRF端口下的配置
[DeviceC] irf-port-configuration active
(1) 将Device D的成员编号配置为4,并重启设备使新编号生效
<DeviceD> system-view
[DeviceD] irf member 1 renumber 4
Renumbering the member ID may result in configuration change or loss. Continue? [Y/N]:y
[DeviceD] quit
<DeviceD> reboot
(2) 根据表4选定IRF物理端口并关闭这些端口
<DeviceD> system-view
[DeviceD] interface range ten-gigabitethernet 4/2/1 to ten-gigabitethernet 4/2/2
[DeviceD-if-range] shutdown
[DeviceD-if-range] quit
(3) 配置IRF端口4/1,并将它与物理端口Ten-GigabitEthernet4/2/1绑定
[DeviceD] irf-port 4/1
[DeviceD-irf-port4/1] port group interface ten-gigabitethernet 4/2/1
[DeviceD-irf-port4/1] quit
(4) 配置IRF端口4/2,并将它与物理端口Ten-GigabitEthernet4/2/2绑定
[DeviceD] irf-port 4/2
[DeviceD-irf-port4/2] port group interface ten-gigabitethernet 4/2/2
[DeviceD-irf-port4/2] quit
(5) 开启IRF物理端口,并保存配置
[DeviceD] interface range ten-gigabitethernet 4/2/1 to ten-gigabitethernet 4/2/2
[DeviceD-if-range] undo shutdown
[DeviceD-if-range] quit
[DeviceD] save
(6) 参照10.2 图21和端口连接表连接Device D和Device A、Device D和Device C之间的IRF端口,激活IRF端口下的配置
[DeviceD] irf-port-configuration active
(1) 根据表4选定连接Device C和Device D的IRF物理端口并关闭这些端口
<DeviceA> system-view
[DeviceA] interface ten-gigabitethernet 1/2/2
[DeviceA-Ten-GigabitEthernet1/2/2] shutdown
[DeviceA-Ten-GigabitEthernet1/2/2] quit
[DeviceA] interface ten-gigabitethernet 2/2/2
[DeviceA-Ten-GigabitEthernet2/2/2] shutdown
[DeviceA-Ten-GigabitEthernet2/2/2] quit
(2) 配置IRF端口1/1,并将它与物理端口Ten-GigabitEthernet1/2/2
[DeviceA] irf-port 1/1
[DeviceA-irf-port1/1] port group interface ten-gigabitethernet 1/2/2
[DeviceA-irf-port1/1] quit
(3) 配置IRF端口2/2,并将它与物理端口Ten-GigabitEthernet2/2/2
[DeviceA] irf-port 2/2
[DeviceA-irf-port2/2] port group interface ten-gigabitethernet2/2/2
[DeviceA-irf-port2/2] quit
(4) 开启IRF物理端口,并保存配置
[DeviceA] interface ten-gigabitethernet 1/2/2
[DeviceA-Ten-GigabitEthernet1/2/2] undo shutdown
[DeviceA-Ten-GigabitEthernet1/2/2] quit
[DeviceA] interface ten-gigabitethernet 2/2/2
[DeviceA-Ten-GigabitEthernet2/2/2] undo shutdown
[DeviceA-Ten-GigabitEthernet2/2/2] quit
[DeviceA] save
(5) 激活IRF端口下的配置
[DeviceA] irf-port-configuration active
(1) 设置IRF-C的成员编号
<DeviceC> system-view
[DeviceC] irf member 1 renumber 3
Renumbering the member ID may result in configuration change or loss. Continue?[
Y/N]y
[DeviceC] irf member 2 renumber 4
Renumbering the member ID may result in configuration change or loss. Continue?[
Y/N]y
(2) 保存当前配置并重启,使新的成员编号生效
[DeviceC] quit
<DeviceC> reboot
(3) 根据表4选定连接Device C和Device D的IRF物理端口并关闭这些端口
<DeviceC> system-view
[DeviceC] interface ten-gigabitethernet 3/2/2
[DeviceC-Ten-GigabitEthernet3/2/2] shutdown
[DeviceC-Ten-GigabitEthernet3/2/2] quit
[DeviceC] interface ten-gigabitethernet 4/2/2
[DeviceC-Ten-GigabitEthernet4/2/2] shutdown
[DeviceC-Ten-GigabitEthernet4/2/2] quit
(4) 配置IRF端口3/1,并将它与物理端口Ten-GigabitEthernet3/2/2
[DeviceC] irf-port 3/1
[DeviceC-irf-port3/1] port group interface ten-gigabitethernet 3/2/2
[DeviceC-irf-port3/1] quit
(5) 配置IRF端口4/2与物理端口Ten-GigabitEthernet 4/2/2绑定
[DeviceC] irf-port 4/2
[DeviceC-irf-port4/2] port group interface ten-gigabitethernet4/2/2
[DeviceC-irf-port4/2] quit
(6) 开启IRF物理端口,并保存配置
[DeviceC] interface ten-gigabitethernet 3/2/2
[DeviceC-Ten-GigabitEthernet3/2/2] undo shutdown
[DeviceC-Ten-GigabitEthernet3/2/2] quit
[DeviceC] interface ten-gigabitethernet 4/2/2
[DeviceC-Ten-GigabitEthernet4/2/2] undo shutdown
[DeviceC-Ten-GigabitEthernet4/2/2] quit
[DevicC] save
(7) 参照10.2 图21和端口连接表连接Device D和Device A、Device B和Device C之间的IRF端口,激活IRF端口下的配置
[DeviceC] irf-port-configuration active
在前面配置完成并重新启动后,IRF已经形成,此时可以进行各个业务模块的配置。IRF形成之后,可以从任何一台成员设备登录进行配置,设备名称缺省为Master的名称(此例中为DeviceA)。
使能BFD MAD检测时,要求MAD VLAN上不能配置其他业务。
# 更改IRF链路down延迟上报时间为0秒。
<DeviceA> system-view
[DeviceA] irf link-delay 0
# 在IRF上创建Vlan-interface 13用于BFD MAD 检测。[DeviceA] vlan 13
[DeviceA-vlan13] quit
[DeviceA] interface vlan-interface 13
[DeviceA-Vlan-interface13] mad bfd enable
[DeviceA-Vlan-interface13] mad ip address 172.1.1.1 24 member 1
[DeviceA-Vlan-interface13] mad ip address 172.1.1.2 24 member 2
[DeviceA-Vlan-interface13] mad ip address 172.1.1.3 24 member 3
[DeviceA-Vlan-interface13] mad ip address 172.1.1.4 24 member 4
[DeviceA-Vlan-interface13] undo shutdown
[DeviceA-Vlan-interface13] quit
# 配置IRF连接SW 2的二层以太网接口加入VLAN 13,并取消接口上的STP功能。
[DeviceA] interface range ten-gigabitEthernet 1/3/1 ten-gigabitEthernet 2/3/1 ten-gigabitEthernet 3/3/1 ten-gigabitEthernet 4/3/1
[DeviceA-if-range] undo stp enable
[DeviceA-if-range] port access vlan 13
[DeviceA-if-range] quit
在本例中,为方便理解,我们取消了升级之前IRF设备上的所有业务配置。但是在实际使用中,部分在升级之前已经部署的业务可以无需再重新配置了(例如端口IP地址等)。
# 创建连接接入层交换机SW 1的聚合组,编号为1。
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] quit
# 使用接口批量配置功能配置连接SW 1的端口加入聚合组1。
[DeviceA] interface range ten-gigabitEthernet 1/3/3 ten-gigabitEthernet 2/3/3 ten-gigabitEthernet 3/3/3 ten-gigabitEthernet 4/3/3
[DeviceA-if-range] port link-aggregation group 1
[DeviceA-if-range] quit
# 创建连接接入层交换机SW 2的聚合组,编号为2。
[DeviceA] interface bridge-aggregation 2
[DeviceA-Bridge-Aggregation2] quit
# 使用接口批量配置功能配置连接SW 2的端口加入聚合组2。
[DeviceA] interface range ten-gigabitEthernet 1/3/4 ten-gigabitEthernet 2/3/4 ten-gigabitEthernet 3/3/4 ten-gigabitEthernet 4/3/4
[DeviceA-if-range] port link-aggregation group 2
[DeviceA-if-range] quit
# 配置与SW 1之间通过Vlan-interface 10连接。
[DeviceA] vlan 10
[DeviceA-vlan10] quit
[DeviceA] interface vlan-interface 10
[DeviceA-Vlan-interface10] ip address 172.24.10.254 24
[DeviceA-Vlan-interface10] quit
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] port link-type trunk
[DeviceA-Bridge-Aggregation1] undo port trunk permit vlan 1
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 10
[DeviceA-Bridge-Aggregation1] quit
# 配置与SW 2之间通过Vlan-interface 20连接。
[DeviceA] vlan 20
[DeviceA-vlan20] quit
[DeviceA] interface vlan-interface 20
[DeviceA-Vlan-interface20] ip address 172.24.20.254 24
[DeviceA-Vlan-interface20] quit
[DeviceA] interface bridge-aggregation 2
[DeviceA-Bridge-Aggregation2] port link-type trunk
[DeviceA-Bridge-Aggregation2] undo port trunk permit vlan 1
[DeviceA-Bridge-Aggregation2] port trunk permit vlan 20
[DeviceA-Bridge-Aggregation2] quit
# 创建连接IRF的聚合组,编号为1。
<SW1> system-view
[SW1] interface bridge-aggregation 1
[SW1-Bridge-Aggregation1] quit
# 使用接口批量配置功能配置连接IRF的端口加入聚合组1。
[SW1] interface range ten-gigabitethernet 1/2/21 to ten-gigabitethernet 1/2/24
[SW1-if-range] port link-aggregation group 1
[SW1-if-range] quit
# 接入设备SW1上创建所有VLAN。
[SW1] vlan all
# 配置与IRF连接的端口。
[SW1] interface bridge-aggregation 1
[SW1-Bridge-Aggregation1] port link-type trunk
[SW1-Bridge-Aggregation1] undo port trunk permit vlan 1
[SW1-Bridge-Aggregation1] port trunk permit vlan 10
[SW1-Bridge-Aggregation1] quit
# 配置连接服务器的端口Ten-GigabitEthernet1/3/1。
[SW1] interface ten-gigabitethernet 1/3/1
[SW1-Ten-GigabitEthernet1/3/1] port link-type trunk
[SW1-Ten-GigabitEthernet1/3/1] port trunk permit vlan all
[SW1-Ten-GigabitEthernet1/3/1] undo port trunk permit vlan 1
[SW1-Ten-GigabitEthernet1/3/1] quit
# 创建连接IRF的聚合组,编号为1。
<SW2> system-view
[SW2] interface bridge-aggregation 1
[SW2-Bridge-Aggregation1] quit
# 使用接口批量配置功能配置连接IRF的端口加入聚合组1。
[SW2] interface range ten-gigabitethernet 1/2/21 to ten-gigabitethernet 1/2/24
[SW2-if-range] port link-aggregation group 1
[SW2-if-range] quit
# 接入设备SW 2上创建所有VLAN。
[SW2] vlan all
# 配置与IRF连接的端口。
[SW2] interface bridge-aggregation 1
[SW2-Bridge-Aggregation1] port link-type trunk
[SW2-Bridge-Aggregation1] undo port trunk permit vlan 1
[SW2-Bridge-Aggregation1] port trunk permit vlan 20
[SW2-Bridge-Aggregation1] quit
# 配置连接服务器的端口。
[SW2] interface ten-gigabitethernet 1/3/1
[SW2-Ten-GigabitEthernet1/3/1] port link-type trunk
[SW2-Ten-GigabitEthernet1/3/1] port trunk permit vlan all
[SW2-Ten-GigabitEthernet1/3/1] undo port trunk permit vlan 1
[SW2-Ten-GigabitEthernet1/3/1] quit
# 配置与IRF连接用于BFD MAD的端口。
[SW2] interface range ten-gigabitethernet 1/2/41 to ten-gigabitethernet 1/2/44
[SW2-if-range] port access vlan 13
[SW2-if-range] quit
# 创建连接出口路由器Router A的聚合组,编号为1024。
[DeviceA] interface bridge-aggregation 1024
[DeviceA-Bridge-Aggregation1024] quit
# 使用接口批量配置功能配置连接Router A的端口加入聚合组1024。
[DeviceA] interface range ten-gigabitethernet 1/3/8 ten-gigabitethernet 2/3/8 ten-gigabitethernet 3/3/8 ten-gigabitethernet 4/3/8
[DeviceA-if-range] port link-aggregation group 1024
[DeviceA-if-range] quit
# 配置与Router A之间通过Vlan-interface41连接。
[DeviceA] vlan 41
[DeviceA-vlan41] quit
[DeviceA] interface vlan-interface 41
[DeviceA-Vlan-interface41] ip address 172.24.41.254 24
[DeviceA-Vlan-interface41] quit
[DeviceA] interface bridge-aggregation 1024
[DeviceA-Bridge-Aggregation1024] port access vlan 41
[DeviceA-Bridge-Aggregation1024] quit
# 配置IRF与出口路由器之间运行OSPF路由协议。
[DeviceA] interface loopback 0
[DeviceA-LoopBack0] ip address 172.24.254.1 255.255.255.255
[DeviceA-LoopBack0] quit
[DeviceA] ospf 1 router-id 172.24.254.1
[DeviceA-ospf-1] import-route direct
[DeviceA-ospf-1] area 0
[DeviceA-ospf-1-area-0.0.0.0] network 172.24.41.0 0.0.0.255
[DeviceA-ospf-1-area-0.0.0.0] quit
[DeviceA-ospf-1] quit
出口路由器配置本用例只描述与IRF连接的部分,外网使用何种路由协议不予描述。
# 创建连接IRF的聚合组,编号为1。
<RouterA> system-view
[RouterA] interface bridge-aggregation 1
[RouterA-Bridge-Aggregation1] quit
# 配置连接IRF的端口加入聚合组1。
[RouterA] interface range ten-gigabitethernet 2/0/1 to interface ten-gigabitethernet 2/0/4
[RouterA-if-range] port link-aggregation group 1
[RouterA-if-range] quit
# 配置与IRF之间通过Vlan-interface 41连接。
[RouterA] vlan 41
[RouterA-vlan41] quit
[RouterA] interface vlan-interface 41
[RouterA-Vlan-interface41] ip address 172.24.41.2 24
[RouterA-Vlan-interface41] quit
[RouterA] interface bridge-aggregation 1
[RouterA-Bridge-Aggregation1] port access vlan 41
[RouterA-Bridge-Aggregation1] quit
# 配置Router A通过Vlan-interface 50连接外网。
[RouterA] vlan 50
[RouterA-vlan50] quit
[RouterA] interface vlan-interface 50
[RouterA-Vlan-interface50] ip address 172.24.1.2 24
[RouterA-Vlan-interface50] quit
[RouterA] interface ten-gigabitethernet 4/0/3
[RouterA-Ten-GigabitEthernet4/0/3] port link-mode bridge
[RouterA-Ten-GigabitEthernet4/0/3] port access vlan 50
[RouterA-Ten-GigabitEthernet4/0/3] quit
# 配置Router A与IRF之间运行OSPF路由协议。
[RouterA] interface loopback 0
[RouterA-LoopBack0] ip addresss 172.24.254.2 255.255.255.255
[RouterA-LoopBack0] quit
[RouterA] ospf 1 router-id 172.24.254.2
[RouterA-ospf-1] import-route direct
[RouterA-ospf-1] area 0
[RouterA-ospf-1-area-0.0.0.0] network 172.24.41.0 0.0.0.255
[RouterA-ospf-1-area-0.0.0.0] quit
[RouterA-ospf-1] quit
(1) 验证IRF是否建立成功
# 使用display irf topology命令查看八个IRF口都是UP状态,说明四台设备建立IRF成功。
<DeviceA> display irf topology
Topology Info
-------------------------------------------------------------------------
IRF-Port1 IRF-Port2
MemberID Link neighbor Link neighbor Belong To
1 UP 4 UP 2 00e0-fc0f-8c08
4 UP 3 UP 1 00e0-fc0f-8c08
3 UP 2 UP 4 00e0-fc0f-8c08
2 UP 1 UP 3 00e0-fc0f-8c08
(2) 验证跨框聚合链路备份功能
# 从serverGroup 1任意挑选一台PC ping外网IP,同时将IRF连接出口路由器的Ten-GigabitEthernet 1/3/8端口shutdown。
[DeviceA] interface ten-gigabitethernet 1/3/8
[DeviceA-Ten-GigabitEthernet1/3/8] shutdown
仍然可以ping通外网。
# 重新使Ten-GigabitEthernet 1/3/8端口状态UP,持续ping外网IP。
[DeviceA-Ten-GigabitEthernet1/3/8] undo shutdown
[DeviceA-Ten-GigabitEthernet1/3/8] quit
# 关闭IRF的另外一个上行端口Ten-GigabitEthernet 2/3/8。
[DeviceA] interface ten-gigabitethernet 2/3/8
[DeviceA-Ten-GigabitEthernet2/3/8] shutdown
仍然可以ping通外网。
· IRF:
#
irf mac-address persistent always
irf auto-update enable
irf link-delay 0
irf member 1 priority 1
irf member 2 priority 1
irf member 3 priority 1
irf member 4 priority 1
#
ospf 1 router-id 172.24.254.1
import-route direct
area 0.0.0.0
network 172.24.41.0 0.0.0.255
#
vlan 10
#
vlan 20
#
vlan 13
#
vlan 41
#
irf-port 1/1
port group interface Ten-GigabitEthernet1/2/2 mode enhanced
#
irf-port 1/2
port group interface Ten-GigabitEthernet1/2/1 mode enhanced
#
irf-port 2/1
port group interface Ten-GigabitEthernet2/2/1 mode enhanced
#
irf-port 2/2
port group interface Ten-GigabitEthernet2/2/2 mode enhanced
#
irf-port 3/1
port group interface Ten-GigabitEthernet3/2/2 mode enhanced
#
irf-port 3/2
port group interface Ten-GigabitEthernet3/2/1 mode enhanced
#
irf-port 4/1
port group interface Ten-GigabitEthernet4/2/1 mode enhanced
#
irf-port 4/2
port group interface Ten-GigabitEthernet4/2/2 mode enhanced
#
interface bridge-aggregation 1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
link-aggregation mode dynamic
#
interface bridge-aggregation 2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
#
interface bridge-aggregation 1024
port access vlan 41
#
interface loopback 0
ip address 172.24.254.1 255.255.255.255
#
interface vlan-interface 10
ip address 172.24.10.254 24
#
interface vlan-interface13
mad bfd enable
mad ip address 1.1.1.1 255.255.255.0 member 1
mad ip address 1.1.1.2 255.255.255.0 member 2
mad ip address 1.1.1.3 255.255.255.0 member 3
mad ip address 1.1.1.4 255.255.255.0 member 4
#
interface vlan-interface 20
ip address 172.24.20.254 24
#
interface vlan-interface 41
ip address 172.24.41.254 24
#
interface Ten-GigabitEthernet 1/3/1
port link-mode bridge
port access vlan 13
undo stp enable
#
interface Ten-GigabitEthernet 1/3/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port link-aggregation group 1
#
interface Ten-GigabitEthernet 1/3/4
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
port link-aggregation group 2
#
interface Ten-GigabitEthernet 1/3/8
port link-mode bridge
port access vlan 41
port link-aggregation group 1024
#
interface Ten-GigabitEthernet 2/3/1
port link-mode bridge
port access vlan 13
undo stp enable
#
interface Ten-GigabitEthernet 2/3/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port link-aggregation group 1
#
interface Ten-GigabitEthernet 2/3/4
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
port link-aggregation group 2
#
interface Ten-GigabitEthernet 2/3/8
port link-mode bridge
port access vlan 41
port link-aggregation group 1024
#
interface Ten-GigabitEthernet 3/3/1
port link-mode bridge
port access vlan 13
undo stp enable
#
interface Ten-GigabitEthernet 3/3/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port link-aggregation group 1
#
interface Ten-GigabitEthernet 3/3/4
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
port link-aggregation group 2
#
interface Ten-GigabitEthernet 3/3/8
port link-mode bridge
port access vlan 41
port link-aggregation group 1024
#
interface Ten-GigabitEthernet 4/3/1
port link-mode bridge
port access vlan 13
undo stp enable
#
interface Ten-GigabitEthernet 4/3/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port link-aggregation group 1
#
interface Ten-GigabitEthernet 4/3/4
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
port link-aggregation group 2
#
interface Ten-GigabitEthernet 4/3/8
port link-mode bridge
port access vlan 41
port link-aggregation group 1024
#
· SW1:
#
vlan 1
#
vlan 2 to 4094
#
interface bridge-aggregation 1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
link-aggregation mode dynamic
#
interface Ten-GigabitEthernet 1/3/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
#
interface Ten-GigabitEthernet 1/2/21
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port link-aggregation group 1
#
interface Ten-GigabitEthernet 1/2/22
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port link-aggregation group 1
#
interface Ten-GigabitEthernet 1/2/23
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port link-aggregation group 1
#
interface Ten-GigabitEthernet 1/2/24
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port link-aggregation group 1
#
· SW2:
#
vlan 1
#
vlan 2 to 4094
#
interface bridge-aggregation 1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
#
interface Ten-GigabitEthernet 1/3/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
#
interface Ten-GigabitEthernet 1/2/21
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
port link-aggregation group 1
#
interface Ten-GigabitEthernet 1/2/22
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
port link-aggregation group 1
#
interface Ten-GigabitEthernet 1/2/23
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
port link-aggregation group 1
#
interface Ten-GigabitEthernet 1/2/24
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
port link-aggregation group 1
#
interface Ten-GigabitEthernet 1/2/41
port link-mode bridge
port access vlan 13
#
interface Ten-GigabitEthernet 1/2/42
port link-mode bridge
port access vlan 13
#
interface Ten-GigabitEthernet 1/2/43
port link-mode bridge
port access vlan 13
#
interface Ten-GigabitEthernet 1/2/44
port link-mode bridge
port access vlan 13
#
· RouterA:
#
ospf 1 router-id 172.24.254.2
import-route direct
area 0.0.0.0
network 172.24.41.0 0.0.0.255
#
vlan 41
#
vlan 50
#
interface bridge-aggregation 1
port access vlan 41
#
interface loopback 0
ip address 172.24.254.2 255.255.255.255
#
interface vlan-interface 41
ip address 172.24.41.2 24
#
interface vlan-interface 50
ip address 172.24.1.2 24
#
interface Ten-GigabitEthernet 2/0/1
port link-mode bridge
port access vlan 41
port link-aggregation group 1
#
interface Ten-GigabitEthernet 2/0/2
port link-mode bridge
port access vlan 41
port link-aggregation group 1
#
interface Ten-GigabitEthernet 2/0/3
port link-mode bridge
port access vlan 41
port link-aggregation group 1
#
interface Ten-GigabitEthernet 2/0/4
port link-mode bridge
port access vlan 41
port link-aggregation group 1
#
interface Ten-GigabitEthernet 2/0/12
port link-mode bridge
port access vlan 50
#
请参考对应产品和版本的如下手册:
· 基础配置指导
· 基础配置命令参考
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
