Login
- Table of Contents
-
- H3C S3600 Series Ethernet Switches Operation Manual-Release 1510(V1.04)
- 00-1Cover
- 00-2Product Overview
- 01-CLI Operation
- 02-Login Operation
- 03-Configuration File Management Operation
- 04-VLAN Operation
- 05-IP Address and Performance Configuration Operation
- 06-Management VLAN Operation
- 07-Voice VLAN Operation
- 08-GVRP Operation
- 09-Port Basic Configuration Operation
- 10-Link Aggregation Operation
- 11-Port Isolation Operation
- 12-Port Security-Port Binding Operation
- 13-DLDP Operation
- 14-MAC Address Table Operation
- 15-Auto Detect Operation
- 16-MSTP Operation
- 17-Routing Protocol Operation
- 18-Multicast Operation
- 19-802.1x Operation
- 20-AAA-RADIUS-HWTACACS-EAD Operation
- 21-VRRP Operation
- 22-Centralized MAC Address Authentication Operation
- 23-ARP Operation
- 24-DHCP Operation
- 25-ACL Operation
- 26-QoS-QoS Profile Operation
- 27-Web Cache Redirection Operation
- 28-Mirroring Operation
- 29-IRF Fabric Operation
- 30-Cluster Operation
- 31-PoE-PoE Profile Operation
- 32-UDP Helper Operation
- 33-SNMP-RMON Operation
- 34-NTP Operation
- 35-SSH Terminal Service Operation
- 36-File System Management Operation
- 37-FTP and TFTP Operation
- 38-Information Center Operation
- 39-System Maintenance and Debugging Operation
- 40-VLAN-VPN Operation
- 41-HWPing Operation
- 42-DNS Operation
- 43-Access Management Operation
- 44-Appendix
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 29-IRF Fabric Operation | 185 KB |
Table of Contents
Chapter 1 IRF Fabric Configuration
1.1.2 Introduction to RMON on IRF
1.2 Peer Fabric Port Detection
1.2.1 Introduction to the Peer Fabric Port Detection Function
1.2.2 Work Flow of the Peer Fabric Port Detection Function
1.2.3 Prompt Information and Solution
1.3.1 Introduction to IRF Fabric Configuration
1.3.2 Specifying the VLAN Used to Form an IRF Fabric
1.3.3 Setting a Unit ID for a Switch
1.3.4 Specifying the Fabric Port of a Switch
1.3.5 Assigning a Unit Name to a Switch
1.3.6 Assigning an IRF Fabric Name to a Switch
1.3.7 Setting the IRF Fabric Authentication Mode
1.4 Displaying and Debugging IRF Fabric
1.5 IRF Fabric Configuration Example
Chapter 1 IRF Fabric Configuration
1.1 Overview
1.1.1 Introduction to IRF
Several IRF (intelligent resilient framework) supported switches of the same model can be interconnected to form a fabric, in which each switch is a unit. The ports used to interconnect all the units are called fabric ports, and the other ports that are used to connect the fabric to users are called user ports. In this way, you can increase ports and switching capability by adding devices to the fabric. In addition, reliability of the system will be improved because the devices within the fabric can backup each other. This feature brings you many advantages:
l Realizes unified management of multiple devices. Only one connection and one IP address are required to manage the entire fabric. Therefore, management cost is reduced.
l Enables you to purchase devices on demand and expand network capacity smoothly. Protects your investment to the full extent during network upgrade.
l Ensures high reliability by N+1 redundancy, avoids single point failure, and lessens service interruption.
You can manage and maintain fabric topology with the Fabric Topology Management (FTM) function. FTM on each unit exchanges information with other units, including unit ID, fabric name, and the authentication mode between units, by using a special kind of protocol packets. It manages and maintains fabric topology according to the acquired information. For example, when a new device is connected to a fabric, FTM will determine whether it should establish a new fabric with the device according to the obtained information.
l The S3600-SI series switches only support basic IRF fabric feature, that is, DDM (distributed device management) function.
l The S3600-EI series switches support enhanced IRF fabric feature, including DDM, DRR (distributed resilient routing) and DLA (distributed link aggregation).
1.1.2 Introduction to RMON on IRF
The RMON configurations of the devices in a fabric are the same. The RMON configuration performed on a device of a fabric will be automatically synchronized to all devices in the fabric if the configuration does not conflict with that of other devices in the fabric.
If you configure the same entry in the same RMON group for devices of a fabric to be different values, the value of the RMON group entry will be the one configured by the device with the smallest Unit ID when the devices are synchronized. Such a mechanism eliminates configuration conflicts between the devices in a fabric.
After the configurations are consistent, you can collect RMON history and statistics of any unit from any switch in the fabric.
1.2 Peer Fabric Port Detection
1.2.1 Introduction to the Peer Fabric Port Detection Function
As the basis of the IRF function, the fabric topology management (FTM) module manages and maintains the entire topology of a fabric. The FTM module also implements the peer fabric port detection function.
A device can join a fabric only when the following conditions are met.
l The number of the existing devices in the fabric does not reach the maximum number of devices allowed by the fabric.
l The fabric names of the device and the existing devices in the fabric are the same.
l The software version of the device is the same as that of the existing devices in the fabric.
l The device passes the security authentication if security authentication is enabled in the fabric.
1.2.2 Work Flow of the Peer Fabric Port Detection Function
After a switch is powered on, the FTM module releases device information of the switch through the fabric ports. The device information includes Unit ID, CPU MAC, device type ID, fabric port information, and all fabric configuration information. The device information is released in the form of discovery packet (DISC). A new device can join a fabric only when its DISC packets pass the authentication performed by the existing devices in the fabric.
l If a fabric port of a switch is connected to a non-fabric port, the switch will not receive DISC packets from the peer. In this case, the switch cannot join the fabric.
l If the switch can receive DISC packets sent by the peer, the FTM module determines whether peer sending ports correspond to local receiving ports according to information in the packet. That is, if a DISC packet received by the left port of the switch is sent by the right port of the peer device, the packet is regarded legal. Otherwise, the packet is regarded illegal and is discarded.
l If the maximum number of devices allowed by the fabric is reached, the devices in the fabric do not send DISC packets and discard the received DISC packets. This prevents new devices from joining the fabric.
l After receiving a DISC packet from a directly connected device, a device in a fabric checks whether the device information (that is, the Fabric name and software version) contained in the packet and that of its own are the same. If not, the received DISC packet is illegal and will be discarded.
l If authentication is enabled in the fabric, the current device in the fabric authenticates received packets sent by new directly connected devices. Packets that fail to pass the authentication will be discarded.
1.2.3 Prompt Information and Solution
I. Normal
If the port displays “normal”, it indicates the fabric operates properly.
II. Temporary
If the port displays “temporary”, it indicates the port status is changing.
III. Redundance port
If the port displays “redundance port”, it indicates the port is the redundant port in a fabric ring topology.
& Note:
The “normal”, “temporary” and “redundance port” information does not mean a device or a fabric operates improperly. No measure is needed for any of these three types of information.
IV. Connection error
Analysis: The port matching errors (as listed in Table 1-1) may occur if a switch prompts the “connection error” message.
Solution: Take the measures listed in Table 1-1 accordingly.
Table 1-1 Connection error type and solution
|
Error type |
Solution |
|
Two fabric ports of the same device (that is, the right port and the left port) are connected. |
Pull out one end of the cable and connect it to a fabric port of another switch. |
|
The left and right fabric ports of two devices are not connected in a crossed way. |
Connect the left and right ports of two devices in a crossed way. |
|
A fabric port of the local switch is connected to a non-fabric port, or is connected to a fabric port that does not have fabric port function enabled. |
Check the types of the two interconnected ports on two sides. Make sure a fabric port is only connected to ports of the same type and the fabric ports on both sides are enabled with the fabric port function. |
V. Reached max units
Analysis: The “reached max units” message indicates that the maximum number of units allowed by the current fabric is reached. You will fail to add new devices to the fabric in this case.
Solution: Remove the new device or existing devices in the fabric.
& Note:
Up to eight devices can be in an IRF fabric at a time.
VI. Different system name
Analysis: The “different system name” message indicates the fabric name of the device directly connected to the switch and the existing fabric name of the fabric are not the same. Only the devices with the same fabric name can form a Fabric.
Solution: Configure the fabric name of the new device to be that of the fabric.
VII. Different product version
Analysis: The “different product version” message indicates the software version of the directly connected device and that of the current device are not the same. A device can join a fabric only when its software version is identical to that of the fabric.
Solution: Make sure the software version of the new device is the same as that of the fabric.
VIII. Auth failure
Analysis: The “auth failure” message indicates error occurs when the switch authenticates a directly connected device. The error may occur if the IRF fabric authentication modes configured for both devices are not the same, or the password configured does not match.
Solution: Make sure the IRF fabric authentication modes and the passwords configured for both devices are the same.
1.3 IRF Fabric Configuration
1.3.1 Introduction to IRF Fabric Configuration
FTM provides user interfaces. You can configure VLAN, unit IDs, fabric name, and the authentication mode between units by using a related command.
Table 1-2 Configure an IRF Fabric
|
Task |
Description |
Related section |
|
Specify the VALN used to form the IRF fabric |
Required |
Section 1.3.2 “Specifying the VLAN Used to Form an IRF Fabric” |
|
Set and save the unit ID for a switch |
Optional |
Section 1.3.3 “Setting a Unit ID for a Switch” |
|
Specify the fabric ports for a switch |
Required |
Section 1.3.4 “Specifying the Fabric Port of a Switch” |
|
Set the unit name for a switch |
Optional |
Section 1.3.5 “Assigning a Unit Name to a Switch” |
|
Set a name for the IRF fabric |
Required |
|
|
Set the authentication mode for the IRF fabric |
Optional |
1.3.2 Specifying the VLAN Used to Form an IRF Fabric
Table 1-3 Specify the VLAN used to form an IRF fabric
|
Operation |
Command |
Description |
|
Enter system view |
system-view |
— |
|
Specify the VLAN used to form the IRF fabric |
ftm fabric-vlan vlan-id |
Required By default, the VLAN used to form the IRF fabric is VLAN 4093 |
Caution:
You cannot specify an existing VLAN to form an IRF fabric; otherwise, your configuration fails.
1.3.3 Setting a Unit ID for a Switch
On the switches that support automatic numbering, FTM will automatically number the switches to constitute an IRF fabric, so that each switch has a unique unit ID in the fabric. You can use the command in the following table to set unit IDs for switches. Make sure to set different unit IDs for different switches in an IRF fabric. Otherwise, FTM will automatically number the switches with the same unit ID.
Table 1-4 Set a unit ID for a switch
|
Operation |
Command |
Description |
|
Enter system view |
System-view |
— |
|
Set a unit ID for the switch |
change self-unit to { unit-id | auto-numbering } |
Optional By default, the unit ID of a switch that belongs to no IRF fabric is 1. The unit ID of a switch belonging to an IRF fabric is assigned by FTM. Unit ID ranges from 1 to 8. |
If you do not enable the fabric port, you cannot change the unit ID of the local switch.
After an IRF fabric is established, you can use the following command to change the unit IDs of the switches in the IRF fabric.
Table 1-5 Set a unit ID to a new value
|
Operation |
Command |
Description |
|
Enter system view |
system-view |
— |
|
Set a unit ID to a new value |
change unit-id unit-id1 to { unit-id2 | auto-numbering } |
Optional |
& Note:
l Unit IDs in an IRF fabric are not always arranged in order of 1 to 8.
l Unit IDs of an IRF fabric can be inconsecutive.
After you change the unit ID of switches, the following operations are performed.
l If the modified unit ID does not exist in the IRF fabric, the system sets its priority to 5 and saves it in the unit Flash memory.
l If the modified unit ID is an existing one, the system prompt you to confirm if you really want to change the unit ID. If you choose to change, the existing unit ID is replaced and the priority is set to 5. Then you can use the fabric save-unit-id command to save the modified unit ID into the unit Flash memory and clear the information about the existing one.
l If auto-numbering is selected, the system sets the unit priority to 10. You can use the fabric save-unit-id command to save the modified unit ID into the unit Flash memory and clear the information about the existing one.
& Note:
Priority is the reference for FTM module to perform automatic numbering. The value of priority can be 5 or 10. A smaller value represents a higher priority. Priority 5 means the switch adopts manual numbering, and priority 10 means the switch adopts automatic numbering.
After the configuration of numbering, you can use the following command in the table to save the local unit ID in the unit Flash memory. When you restart the switch, it can load the unit ID configuration automatically.
Table 1-6 Save the unit ID of each unit in the IRF fabric
|
Operation |
Command |
Description |
|
Save the unit ID of each unit in the IRF fabric |
fabric save-unit-id |
Optional |
1.3.4 Specifying the Fabric Port of a Switch
The fabric port of an S3600 series Ethernet switch has the following features:
l An S3600 series Ethernet switch has four GigabitEthernet ports that can be used as fabric ports. The four ports fall into two groups according to the port number. GigabitEthernet1/1/1 and GigabitEthernet1/1/2 form the first group, and GigabitEthernet1/1/3 and GigabitEhternet1/1/4 form the second group.
l Only one group of ports can be the fabric ports at a time. GigabitEthernet1/1/1 and GigabitEthernet1/1/3 are the UP standby fabric port of their respective group. GigabitEthernet1/1/2 and GigabitEthernet1/1/4 are the DOWN standby fabric port of their respective group.
l The system has no restriction on the fabric port group. That is, if the local end uses the fabric port in the first group, it can connect to the fabric port in either the first or the second group of the peer end. As long as meeting the conditions introduced in section 1.2.1 , the switches can establish an IRF fabric connection successfully.
You can use the fabric port command to enable a fabric port. At the same time, the group where this fabric port resides becomes the fabric port group, and the other port in the group will be automatically enabled with fabric port feature. For example, after the fabric port GigabitEthernet1/1/1 enable command is executed, port GigabitEthernet1/1/1 becomes the UP fabric port. At the same time, the first group becomes the fabric port group, and the other port GigabitEthernet1/1/2 in the first group becomes DOWN fabric port automatically.
You can specify a port as a fabric port by executing the command in Table 1-7.
Table 1-7 Specify a fabric port
|
Operation |
Command |
Description |
|
Enter system view |
system-view |
— |
|
Specify the fabric port of a switch |
fabric-port interface-type interface-number enable |
Optional |
& Note:
l Establishing an IRF system requires a high consistency of the configuration of each device. Hence, before you enable the fabric port, do not perform any configuration for the port, and do not enable some functions that affect the IRF (such as TACACAS and VLAN-VPN) for other ports or globally. Otherwise, you cannot enable the fabric port. For detailed restrictions refer to the error information output by devices.
l When you have enabled fabric port function for a fabric port group, if you need to change the fabric port group, you must disable the fabric function of the current fabric port group before you execute the enable command on another group. Otherwise, the system will prompt that the current fabric port group is in use, you cannot change the fabric port group.
l As shutting down a fabric port directly may cause the fabric being removed and error messages, do not perform such operations.
l To remove a fabric, you can simply remove the cables used to form the fabric or disable fabric using the undo fabric-port enable command.
l You can shut down/bring up a port after you disable the fabric feature on the port.
1.3.5 Assigning a Unit Name to a Switch
You can assign a unit name to a switch by performing the operations listed in Table 1-8.
Table 1-8 Assign a unit name to a switch
|
Operation |
Command |
Description |
|
Enter system view |
System-view |
— |
|
Assign a unit name to a switch |
set unit unit-id name unit-name |
Required |
1.3.6 Assigning an IRF Fabric Name to a Switch
Only the switches with the same IRF fabric name can form an IRF fabric.
Table 1-9 Assign a fabric name to a switch
|
Operation |
Command |
Description |
|
Enter system view |
System-view |
— |
|
Assign a fabric name to the switch |
sysname sysname |
Optional By default, the IRF fabric name is H3C. |
1.3.7 Setting the IRF Fabric Authentication Mode
Only the switches with the same IRF fabric authentication mode can form an IRF fabric.
Table 1-10 Set the IRF fabric authentication mode for a switch
|
Operation |
Command |
Description |
|
Enter system view |
System-view |
— |
|
Set the IRF fabric authentication mode for the switch |
irf-fabric authentication-mode { simple password | md5 key } |
Optional By default, no authentication mode is set on a switch. |
& Note:
When an IRF fabric operates normally, you can regard the whole fabric as a single device and perform configuration on it. Multiple switches constitute an IRF fabric. Therefore, data transmission and simultaneous program execution among the switches may cause the IRF fabric in a busy situation. When you configure the IRF fabric, you may receive a prompt “Fabric system is busy, please try later…” which indicates the fabric system does not perform your configuration properly. In this case, you need to verify your previous configuration or perform your configuration again.
1.4 Displaying and Debugging IRF Fabric
Following completion of the above configuration, you can execute the display command in any view to view device management and verify the settings. And you can execute the reset command to clear the FTM statistics.
Table 1-11 Display and debug FTM
|
Operation |
Command |
Description |
|
Display the information about an IRF fabric |
display irf-fabric [ port | status ] |
These commands can be executed in any view. |
|
Display the topology information of an IRF fabric |
display ftm { information | topology-database } |
|
|
Display RMON statistics of a specified unit in an IRF fabric |
display rmon statistics unit unit-id |
|
|
Display RMON history data of a specified unit in an IRF fabric |
display rmon history unit unit-id |
|
|
Clear the FTM statistics |
reset ftm statistics |
Execute this command in user view |
1.5 IRF Fabric Configuration Example
1.5.1 Network Requirements
Configure unit ID, unit name, IRF fabric name, and authentication mode for four switches to enable them to form an IRF fabric.
The configuration details are as follows:
l Unit IDs: 1, 2, 3, 4
l Unit names: unit 1, unit 2, unit 3, unit 4
l Fabric name: hello
l Authentication mode: simple password
l Password: welcome
1.5.2 Network Diagram
Figure 1-2 Network diagram for forming an IRF fabric
1.5.3 Configuration Procedure
1) Configure Switch A.
# Configure the unit ID as 1.
<H3C> system-view
[H3C] change unit-id 1 to 1
# Configure the unit name as unit 1.
[H3C] set unit 1 name unit1
# Configure the fabric name as hello.
[H3C] sysname hello
# Configure the authentication mode as simple password and the password as welcome.
[hello] irf-fabric authentication-mode simple welcome
2) Configure Switch B.
# Configure the unit ID as 2.
<H3C> system-view
[H3C] change unit-id 1 to 2
# Configure the unit name as unit 2.
[H3C] set unit 1 name unit2
# Configure the fabric name as hello.
[H3C] sysname hello
# Configure the authentication mode as simple password and the password as welcome.
[hello] irf-fabric authentication-mode simple welcome
Configurations on Switch C and Switch D are similar with the above configurations.
