14-Cluster Management Configuration
Chapters Download (270.72 KB)
Table of Contents
1 Cluster Management Configuration
Cluster Configuration Task List
Configuring the Management Device
Enabling NDP Globally and for Specific Ports
Enabling NTDP Globally and for Specific Ports
Manually Collecting Topology Information
Enabling Management VLAN Auto-negotiation
Configuring Communication Between the Management Device and the Member Devices Within a Cluster
Configuring Cluster Management Protocol Packets
Configuring the Member Devices
Manually Collecting Topology Information
Deleting a Member Device from a Cluster
Configuring Access Between the Management Device and Its Member Devices
Adding a Candidate Device to a Cluster
Configuring Advanced Cluster Functions
Configuring Topology Management
Configuring Interaction for a Cluster
SNMP Configuration Synchronization Function
Configuring Web User Accounts in Batches
Displaying and Maintaining Cluster Management
Cluster Management Configuration Example
When configuring cluster management, go to these sections for information you are interested in:
l Cluster Configuration Task List
l Configuring the Management Device
l Configuring the Member Devices
l Configuring Access Between the Management Device and Its Member Devices
l Adding a Candidate Device to a Cluster
l Configuring Advanced Cluster Functions
l Displaying and Maintaining Cluster Management
l Cluster Management Configuration Example
Along with the growth of networks, a great number of access devices are needed at network borders. Management for these devices is very complicated; moreover, each device needs an IP address and thus wastes IP address resources. Problems can be solved by cluster, which is a group of network devices. Cluster management is to implement management of large numbers of distributed network devices. Cluster management offers the following advantages:
l Saving public IP address resource
l Simplifying configuration and management tasks. By configuring a public IP address on one device, you can configure and manage a group of devices without the trouble of logging in to each device separately.
l Providing topology discovery and display function, which is useful for network monitoring and debugging
l Allowing simultaneous software upgrading and parameter configuration on multiple devices, free of topology and distance limitations
The devices in a cluster play different roles according to their different functions and status. You can specify the following three roles for the devices:
l Management device (Administrator): The device providing management interfaces for all devices in a cluster and the only device configured with a public IP address. You can specify one and only one management device for a cluster. Any configuration, management, and monitoring of the other devices in a cluster can only be implemented through the management device. When a device is specified as the management device, it collects related information to discover and define candidate devices.
l Member device (Member): A device managed by the management device in a cluster.
l Candidate device (Candidate): A device that does not belong to any cluster but can be added to a cluster. Different from a member device, its topology information has been collected by the management device but it has not been added to the cluster.
Figure 1-1 Network diagram for a cluster
As shown in Figure 1-1, the device configured with a public IP address and performing the management function is the management device, the other managed devices are member devices, and the device that does not belong to any cluster but can be added to a cluster is a candidate device. The management device and the member devices form the cluster.
Figure 1-2 Role change in a cluster
As shown in Figure 1-2, a device in a cluster changes its role according to the following rules:
l A candidate device becomes a management device when you create a cluster on it. A management device becomes a candidate device only after the cluster is removed.
l A candidate device becomes a member device after being added to a cluster. A member device becomes a candidate device after it is removed from the cluster.
Cluster management is implemented through HW Group Management Protocol version 2 (HGMPv2), which consists of the following three protocols:
l Neighbor Discovery Protocol (NDP)
l Neighbor Topology Discovery Protocol (NTDP)
l Cluster
A cluster configures and manages the devices in it through the above three protocols. Cluster management involves topology information collection and the establishment and maintenance of a cluster. Topology information collection and cluster maintenance are independent from each other, with the former starting before the cluster is created:
l All devices use NDP to collect the information of the directly connected neighbors, including their software version, host name, MAC address and port number.
l The management device uses NTDP to collect the information of the devices within user-specified hops and the topology information of all devices and specify the candidate devices of the cluster.
l The management device adds or deletes a member device and modifies cluster management configuration according to the candidate device information collected through NTDP.
NDP is used to discover the information about directly connected neighbors, including the device name, software version, and connecting port of the adjacent devices. NDP works in the following ways:
l A device running NDP periodically sends NDP packets to its neighbors. An NDP packet carries NDP information (including the device name, software version, and connecting port, etc.) and the holdtime, which indicates how long the receiving devices will keep the NDP information. At the same time, the device also receives (but does not forward) the NDP packets from its neighbors.
l A device running NDP stores and maintains an NDP table. The device creates an entry in the NDP table for each neighbor. If a new neighbor is found, meaning the device receives an NDP packet sent by the neighbor for the first time, the device adds an entry in the NDP table. If the NDP information carried in the NDP packet is different from the stored information, the corresponding entry and holdtime in the NDP table are updated; otherwise, only the holdtime of the entry is updated. If no NDP information from the neighbor is received when the holdtime times out, the corresponding entry is removed from the NDP table.
NDP runs on the data link layer, and therefore supports different network layer protocols.
NTDP provides information required for cluster management; it collects topology information about the devices within the specified hop count. Based on the neighbor information stored in the neighbor table maintained by NDP, NTDP on the management device advertises NTDP topology collection requests to collect the NDP information of all the devices in a specific network range as well as the connection information of all its neighbors. The information collected will be used by the management device or the network management software to implement required functions.
When a member device detects a change on its neighbors through its NDP table, it informs the management device through handshake packets. Then the management device triggers its NTDP to collect specific topology information, so that its NTDP can discover topology changes timely.
The management device collects topology information periodically. You can also administratively launch a topology information collection. The process of topology information collection is as follows:
l The management device periodically sends NTDP topology collection request from the NTDP-enabled ports.
l Upon receiving the request, the device sends NTDP topology collection response to the management device, copies this response packet on the NTDP-enabled port and sends it to the adjacent device. Topology collection response includes the basic information of the NDP-enabled device and NDP information of all adjacent devices.
l The adjacent device performs the same operation until the NTDP topology collection request is sent to all the devices within specified hops.
When the NTDP topology collection request is advertised in the network, large numbers of network devices receive the NTDP topology collection request and send NTDP topology collection response at the same time, which may cause congestion and the management device busyness. To avoid such case, the following methods can be used to control the speed of the NTDP topology collection request advertisement:
l Upon receiving an NTDP topology collection request, each device does not forward it, instead, it waits for a period of time and then forwards the NTDP topology collection request on the first NTDP-enabled port.
l On the same device, except the first port, each NTDP-enabled port waits for a period of time and then forwards the NTDP topology collection request after its prior port forwards the NTDP topology collection request.
1) Adding a candidate device to a cluster
You should specify the management device before creating a cluster. The management device discovers and defines a candidate device through NDP and NTDP protocols. The candidate device can be automatically or manually added to the cluster.
After the candidate device is added to the cluster, it can obtain the member number assigned by the management device and the private IP address used for cluster management.
2) Communication within a cluster
In a cluster the management device communicates with its member devices by sending handshake packets to maintain connection between them. The management/member device state change is shown in Figure 1-3.
Figure 1-3 Management/member device state change
l After a cluster is created, a candidate device is added to the cluster and becomes a member device, the management device saves the state information of its member device and identifies it as Active. And the member device also saves its state information and identifies itself as Active.
l After a cluster is created, its management device and member devices begin to send handshake packets. Upon receiving the handshake packets from the other side, the management device or a member device simply remains its state as Active, without sending a response.
l If the management device does not receive the handshake packets from a member device in an interval three times of the interval to send handshake packets, it changes the status of the member device from Active to Connect. Likewise, if a member device fails to receive the handshake packets from the management device in an interval three times of the interval to send handshake packets, the status of itself will also be changed from Active to Connect.
l If this management device, in information holdtime, receives the handshake or management packets from its member device which is in Connect state, it changes the state of its member device to Active; otherwise, it changes the state of its member device to Disconnect, in which case the management device considers its member device disconnected. If this member device, which is in Connect state, receives handshake or management packets from the management device in information holdtime, it changes its state to Active; otherwise, it changes its state to Disconnect.
l If the communication between the management device and a member device is recovered, the member device which is in Disconnect state will be added to the cluster. After that, the state of the member device locally and on the management device will be changed to Active.
The management VLAN is a VLAN used for communication in a cluster; it limits the cluster management range. Through configuration of the management VLAN, the following functions can be implemented:
l Management packets (including NDP, NTDP and handshake packets) are restricted within the management VLAN, therefore isolated from other packets, which enhances security.
l The management device and the member devices communicate with each other through the management VLAN.
For a cluster to work normally, you must set the packets from the management VLAN to pass the ports connecting the management device and the member/candidate devices (including the cascade ports). Therefore:
l If the packets from the management VLAN cannot pass a port, the device connected with the port cannot be added to the cluster. Therefore, if the ports (including the cascade ports) connecting the management device and the member/candidate devices prohibit the packets from the management VLAN, you can set the packets from the management VLAN to pass the ports on candidate devices with the management VLAN auto-negotiation function.
l Only when the default VLAN ID of the cascade ports and the ports connecting the management device and the member/candidate devices is that of the management VLAN can you set the packets without tags from the management VLAN to pass the ports; otherwise, only the packets with tags from the management VLAN can pass the ports.
l If a candidate device is connected to a management device through another candidate device, the ports between the two candidate devices are cascade ports.
l For information about VLAN, refer to VLAN Configuration in the Access Volume.
You cannot configure both cluster management and stack management functions for the device. For details of the stack management function, refer to Stack Management Configuration in the System Volume.
Before configuring a cluster, you need to determine the roles and functions the devices play. You also need to configure the related functions, preparing for the communication between devices within the cluster.
Complete these tasks to configure a cluster:
|
Task |
Remarks |
|
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Required |
||
|
Required |
||
|
Configuring Communication Between the Management Device and the Member Devices Within a Cluster |
Optional |
|
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Configuring Access Between the Management Device and Its Member Devices |
Optional |
|
|
Optional |
||
|
Optional |
||
|
Optional |
||
l Disabling the NDP and NTDP functions on the management device and member devices after a cluster is created will not cause the cluster to be dismissed, but will influence the normal operation of the cluster.
l If the routing table of the management device is full when a cluster is established, that is, entries with the destination address as a candidate device cannot be added to the routing table, all candidate devices will be added to and removed from the cluster repeatedly.
l If the routing table of a candidate device is full when the candidate device is added to a cluster, that is, the entry with the destination address as the management device cannot be added to the routing table, the candidate device will be added to and removed from the cluster repeatedly.
For NDP to work normally, you must enable NTDP both globally and on specific ports.
Follow these steps to enable NDP globally and for specific ports:
|
To do… |
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enable NDP globally |
ndp enable |
Optional Enabled by default. |
|
|
Enable the NDP feature for the port(s) |
In system view |
ndp enable interfaceinterface-list |
Use either command By default, NDP is enabled globally and also on all ports. |
|
In Ethernet interface view or Layer 2 aggregate interface view |
interface interface-type interface-number |
||
|
ndp enable |
|||
You are recommended to disable NDP on the port which connects with the devices that do not need to join the cluster, preventing the management device from adding the device which needs not to join the cluster and collecting the topology information of this device.
A port enabled with NDP periodically sends NDP packets to its neighbors. If no NDP information from the neighbor is received when the holdtime times out, the corresponding entry is removed from the NDP table.
Follow these steps to configure NDP parameters:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the interval for sending NDP packets |
ndp timer hello hello-time |
Optional 60 seconds by default. |
|
Configure the period for the receiving device to keep the NDP packets |
ndp timer aging aging-time |
Optional 180 seconds by default. |
The time for the receiving device to hold NDP packets cannot be shorter than the interval for sending NDP packets; otherwise, the NDP table may become instable.
For NTDP to work normally, you must enable NTDP both globally and on specific ports.
Follow these steps to enable NTDP globally and for specific ports:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable NTDP globally |
ntdp enable |
Optional Enabled by default |
|
Enter Ethernet interface view or Layer 2 aggregate interface view |
interface interface-type interface-number |
— |
|
Enable NTDP for the port |
ntdp enable |
Optional NTDP is enabled on all ports by default. |
You are recommended to disable NTDP on the port which connects with the devices that do not need to join the cluster, preventing the management device from adding the device which needs not to join the cluster and collecting the topology information of this device.
By configuring the maximum hops for collecting topology information, you can get topology information of the devices in a specified range, thus avoiding unlimited topology collection.
After the interval for collecting topology information is configured, the device collects the topology information at this interval.
To avoid network congestion caused by large amounts of topology responses received in short periods:
l Upon receiving an NTDP topology collection request, a device does not forward it, instead, it waits for a period of time and then forwards the NTDP topology collection request on its first NTDP-enabled port.
l On the same device, except the first port, each NTDP-enabled port waits for a period of time and then forwards the NTDP topology collection request after the previous port forwards the NTDP topology collection request.
Follow these steps to configure NTDP parameters:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the maximum hops for topology collection |
ntdp hop hop-value |
Optional 3 by default. |
|
Configure the interval to collect topology information |
ntdp timer interval |
Optional 1 minute by default. |
|
Configure the delay to forward topology-collection request packets on the first port |
ntdp timer hop-delay delay-time |
Optional 200 ms by default. |
|
Configure the port delay to forward topology collection request on other ports |
ntdp timer port-delay delay-time |
Optional 20 ms by default. |
The two delay values should be configured on the topology collecting device. A topology collection request sent by the topology collecting device carries the two delay values, and a device that receives the request forwards the request according to the delays.
The management device collects topology information periodically after a cluster is created. In addition, you can configure to manually initiate topology information collection, thus managing and monitoring the device on real time, regardless of whether a cluster is created.
Follow these steps to configure to manually collect topology information:
|
To do… |
Use the command… |
Remarks |
|
Manually collect topology information |
ntdp explore |
Required |
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable the cluster function globally |
cluster enable |
Optional Enabled by default. |
Before establishing a cluster, you need to specify the management VLAN, and you cannot modify the management VLAN after a device is added to the cluster.
In addition, you need to configure a private IP address pool for the devices to be added to the cluster on the device to be configured as the management device before establishing a cluster. Meanwhile, the IP addresses of the VLAN interfaces of the management device and member devices cannot be in the same network segment as that of the cluster address pool; otherwise, the cluster cannot work normally. When a candidate device is added to a cluster, the management device assigns it a private IP address for it to communicate with other devices in the cluster.
You can establish a cluster in two ways: manually and automatically. With the latter, you can establish a cluster according to the prompt information. The system:
1) Prompts you to enter a name for the cluster you want to establish;
2) Lists all the candidate devices within your predefined hop count;
3) Starts to automatically add them to the cluster.
You can press Ctrl+C anytime during the adding process to exit the cluster auto-establishment process. However, this will only stop adding new devices into the cluster, and devices already added into the cluster are not removed.
Follow these steps to manually establish a cluster:
|
To do… |
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Specify the management VLAN |
management-vlan vlan-id |
Optional By default, VLAN 1 is the management VLAN. |
|
|
Enter cluster view |
cluster |
— |
|
|
Configure the private IP address range for member devices |
ip-pool ip-address { mask | mask-length } |
Required Not configured by default. |
|
|
Establish a cluster |
Manually establish a cluster |
build cluster-name |
Required Use either approach By default, the device is not the management device. |
|
Automatically establish a cluster |
auto-build [ recover ] |
||
The management VLAN limits the cluster management range. If the device discovered by the management device does not belong to the management VLAN, meaning the cascade ports and the ports connecting with the management device do not allow the packets from the management VLAN to pass, and the new device cannot be added to the cluster. Through the configuration of the management VLAN auto-negotiation function, the cascade ports and the ports directly connected to the management device can be automatically added to the management VLAN.
Follow these steps to configure management VLAN auto-negotiation:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter cluster view |
cluster |
— |
|
Enable management VLAN auto-negotiation |
management-vlan synchronization enable |
Required Disabled by default. |
In a cluster, the management device and member devices communicate by sending handshake packets to maintain connection between them. You can configure interval of sending handshake packets and the holdtime of a device on the management device. This configuration applies to all member devices within the cluster. For a member device in Connect state:
l If the management device does not receive handshake packets from a member device within the holdtime, it changes the state of the member device to Disconnect. When the communication is recovered, the member device needs to be re-added to the cluster (this process is automatically performed).
l If the management device receives handshake packets from the member device within the holdtime, the state of the member device remains Active.
Follow these steps to configure communication between the management device and the member devices within a cluster:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter cluster view |
cluster |
— |
|
Configure the interval to send handshake packets |
timer interval |
Optional 10 seconds by default |
|
Configure the holdtime of a device |
holdtime hold-time |
Optional 60 seconds by default |
By default, the destination MAC address of cluster management protocol packets (including NDP, NTDP and HABP packets) is a multicast MAC address 0180-C200-000A, which IEEE reserved for later use. Since some devices cannot forward the multicast packets with the destination MAC address of 0180-C200-000A, cluster management packets cannot traverse these devices. For a cluster to work normally in this case, you can modify the destination MAC address of a cluster management protocol packet without changing the current networking.
The management device periodically sends MAC address negotiation broadcast packets to advertise the destination MAC address of the cluster management protocol packets.
Follow these steps to configure the destination MAC address of the cluster management protocol packets:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter cluster view |
cluster |
— |
|
Configure the destination MAC address for cluster management protocol packets |
cluster-mac mac-address |
Required The destination MAC address is 0180-C200-000A by default. |
|
Configure the interval to send MAC address negotiation broadcast packets |
cluster-mac syn-interval interval |
Optional One minute by default. |
When you configure the destination MAC address for cluster management protocol packets:
l If the interval for sending MAC address negotiation broadcast packets is 0, the system automatically sets it to 1 minute.
l If the interval for sending MAC address negotiation broadcast packets is not 0, the interval remains unchanged.
You can manually add a candidate device to a cluster, or remove a member device from a cluster.
If a member device needs to be rebooted for software upgrade or configuration update, you can remotely reboot it through the management device.
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter cluster view |
cluster |
— |
|
Add a candidate device to the cluster |
add-member [ member-number ] mac-address mac-address [ password password ] |
Required |
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter cluster view |
cluster |
— |
|
Remove a member device from the cluster |
delete-member member-number [ to-black-list ] |
Required |
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter cluster view |
cluster |
— |
|
Reboot a specified member device |
reboot member { member-number | mac-address mac-address } [ eraseflash ] |
Required |
Refer to Enabling NDP Globally and for Specific Ports.
Refer to Enabling NTDP Globally and for Specific Ports.
Refer to Manually Collecting Topology Information.
Refer to Enabling the Cluster Function.
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter cluster view |
cluster |
— |
|
Delete a member device from the cluster |
undo administrator-address |
Required |
After having successfully configured NDP, NTDP and cluster, you can configure, manage and monitor the member devices through the management device. You can manage member devices in a cluster through switching from the operation interface of the management device to that of a member device or configure the management device by switching from the operation interface of a member device to that of the management device.
Follow these steps to configure access between member devices of a cluster:
|
To do… |
Use the command… |
Remarks |
|
Switch from the operation interface of the management device to that of a member device |
cluster switch-to { member-number | mac-address mac-address } |
Required |
|
Switch from the operation interface of a member device to that of the management device |
cluster switch-to administrator |
Required |
Telnet connection is used in the switching between the management device and a member device. Note the following when switching between them:
l Authentication is required when you switch from a member device to the management device. The switching fails if authentication is not passed. Your user level is allocated according to the predefined level by the management device if authentication is passed.
l When a candidate device is added to a cluster and becomes a member device, its level 3 password will be automatically synchronized to the management device. Therefore, after a cluster is established, it is not recommended to modify the super password of any member (including the management device and member devices) of the cluster; otherwise, the switching may fail because of an authentication failure.
l If the member specified in this command does not exist, the system prompts error when you execute the command; if the switching succeeds, your user level on the management device is retained.
l If the Telnet users on the device to be logged in reach the maximum number, the switching fails.
l To prevent resource waste, avoid ring switching when configuring access between cluster members. For example, if you switch from the operation interface of the management device to that of a member device and then need to switch back to that of the management device, use the quit command to end the switching, but not the cluster switch-to administrator command to switch to the operation interface of the management device.
Follow these steps to add a candidate device to a cluster:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter cluster view |
cluster |
— |
|
Add a candidate device to the cluster |
administrator-address mac-address name name |
Required |
This section covers these topics:
l Configuring Topology Management
l Configuring Interaction for a Cluster
The concepts of blacklist and whitelist are used for topology management. An administrator can diagnose the network by comparing the current topology (namely, the information of a node and its neighbors in the cluster) and the standard topology.
l Topology management whitelist (standard topology): A whitelist is a list of topology information that has been confirmed by the administrator as correct. You can get the information of a node and its neighbors from the current topology. Based on the information, you can manage and maintain the whitelist by adding, deleting or modifying a node.
l Topology management blacklist: Devices in a blacklist are not allowed to join a cluster. A blacklist contains the MAC addresses of devices. If a blacklisted device is connected to a network through another device not included in the blacklist, the MAC address and access port of the latter are also included in the blacklist. The candidate devices in a blacklist can be added to a cluster only if the administrator manually removes them from the list.
The whitelist and blacklist are mutually exclusive. A whitelist member cannot be a blacklist member, and vice versa. However, a topology node can belong to neither the whitelist nor the blacklist. Nodes of this type are usually newly added nodes, whose identities are to be confirmed by the administrator.
You can back up and restore the whitelist in the following two ways:
l Backing them up on the FTP server shared by the cluster. You can manually restore the whitelist and blacklist from the FTP server.
l Backing them up in the Flash of the management device. When the management device restarts, the whitelist and blacklist will be automatically restored from the Flash. When a cluster is re-established, you can choose whether to restore the whitelist and blacklist from the Flash automatically, or you can manually restore them from the Flash of the management device.
Follow these steps to configure cluster topology management:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter cluster view |
cluster |
— |
|
Add a device to the blacklist |
black-list add-mac mac-address |
Optional |
|
Remove a device from the blacklist |
black-list delete-mac { all | mac-address } |
Optional |
|
Confirm the current topology and save it as the standard topology |
topology accept { all [ save-to { ftp-server | local-flash } ] | mac-address mac-address | member-id member-number } |
Optional |
|
Save the standard topology to the FTP server or the local Flash |
topology save-to { ftp-server | local-flash } |
Optional |
|
Restore the standard topology information |
topology restore-from { ftp-server | local-flash } |
Optional |
After establishing a cluster, you can configure FTP/TFTP server, NM host and log host for the cluster on the management device.
l After you configure an FTP/TFTP server for a cluster, the members in the cluster access the FTP/TFTP server configured through the management device.
l After you configure a log host for a cluster, all the log information of the members in the cluster will be output to the configured log host in the following way: first, the member devices send their log information to the management device, which then converts the addresses of log information and sends them to the log host.
l After you configure an NM host for a cluster, the member devices in the cluster send their Trap messages to the shared SNMP NM host through the management device.
If the port of an access NM device (including FTP/TFTP server, NM host and log host) does not allow the packets from the management VLAN to pass, the NM device cannot manage the devices in a cluster through the management device. In this case, on the management device, you need to configure the VLAN interface of the access NM device (including FTP/TFTP server, NM host and log host) as the NM interface.
Follow these steps to configure the interaction for a cluster:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter cluster view |
cluster |
— |
|
Configure the FTP server shared by the cluster |
ftp-server ip-address [ user-name username password { simple | cipher } password ] |
Required By default, no FTP server is configured for a cluster. |
|
Configure the TFTP server shared by the cluster |
tftp-server ip-address |
Required By default, no TFTP server is configured for a cluster. |
|
Configure the log host shared by the member devices in the cluster |
logging-host ip-address |
Required By default, no log host is configured for a cluster. |
|
Configure the SNMP NM host shared by the cluster |
snmp-host ip-address [ community-string read string1 write string2 ] |
Required By default, no SNMP host is configured. |
|
Configure the NM interface of the management device |
nm-interface vlan-interface interface-name |
Optional |
To isolate management protocol packets of a cluster from packets outside the cluster, you are recommended to configure to prohibit packets from the management VLAN from passing the ports that connect the management device with the devices outside the cluster and configure the NM interface for the management device.
SNMP configuration synchronization function facilitates management of a cluster, with which you can perform SNMP-related configurations on the management device and synchronize them to the member devices on the whitelist. This operation is equal to configuring multiple member devices at one time, simplifying the configuration process. Follow these steps to configure the SNMP configuration synchronization function:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter cluster view |
cluster |
— |
|
Configure the SNMP community name shared by a cluster |
cluster-snmp-agent community { read | write } community-name [ mib-view view-name ] |
Required |
|
Configure the SNMPv3 group shared by a cluster |
cluster-snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] |
Required |
|
Create or update information of the MIB view shared by a cluster |
cluster-snmp-agent mib-view included view-name oid-tree |
Required By default, the name of the MIB view shared by a cluster is ViewDefault and a cluster can access the ISO subtree. |
|
Add a user for the SNMPv3 group shared by a cluster |
cluster-snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha } auth-password ] [ privacy-mode des56 priv-password ] |
Required |
l The SNMP-related configurations are retained when a cluster is dismissed or the member devices are removed from the whitelist.
l For information about SNMP, refer to SNMP Configuration in the System Volume.
Configuring Web user accounts in batches enables you to configure on the management device the username and password used to log in to the devices (including the management device and member devices) within a cluster through Web and synchronize the configurations to the member devices in the whitelist. This operation is equal to performing the configurations on the member devices. You need to enter your username and password when you log in to the devices (including the management device and member devices) in a cluster through Web.
Follow these steps to configure Web user accounts in batches:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter cluster view |
cluster |
— |
|
Configure Web user accounts in batches |
cluster-local-user user-name password { cipher | simple } password |
Required |
If a cluster is dismissed or the member devices are removed from the whitelist, the configurations of Web user accounts are still retained.
|
To do… |
Use the command… |
Remarks |
|
Display NDP configuration information |
display ndp [ interface interface-list ] |
Available in any view |
|
Display NTDP configuration information |
display ntdp |
|
|
Display the device information collected through NTDP |
display ntdp device-list [ verbose ] |
|
|
Display the detailed NTDP information of a specified device |
display ntdp single-device mac-address mac-address |
|
|
Display information of the cluster to which the current device belongs |
display cluster |
|
|
Display the standard topology information |
display cluster base-topology [ mac-address mac-address | member-id member-number ] |
|
|
Display the current blacklist of the cluster |
display cluster black-list |
|
|
Display the information of candidate devices |
display cluster candidates [ mac-address mac-address | verbose ] |
|
|
Display the current topology information |
display cluster current-topology [ mac-address mac-address [ to-mac-address mac-address ] | member-id member-number [ to-member-id member-number ] ] |
|
|
Display members in a cluster |
display cluster members [ member-number | verbose ] |
|
|
Clear NDP statistics |
reset ndp statistics [ interface interface-list ] |
Available in user view |
You can view the cluster status through not only the command lines, but also the seven-segment display on the front panel of the device to judge the role of the device in the cluster, as described in the following table:
Table 1-1 Seven-segment display description
|
Mark |
Status |
Description |
|
|
System LED (SYS) status |
Seven-segment display status |
||
|
Unit |
Steady green |
The LED displays C.
|
The current device is the administrator in the cluster. |
|
The LED displays S.
|
The current device is a member of the cluster. |
||
|
The LED displays c.
|
The current device is a candidate of the cluster. |
||
l Three switches form cluster abc, whose management VLAN is VLAN 10. In the cluster, Switch B serves as the management device (Administrator), whose network management interface is VLAN-interface 2; Switch A and Switch C are the member devices (Member).
l All the devices in the cluster use the same FTP server and TFTP server on host 63.172.55.1/24, and use the same SNMP NMS and log services on host IP address: 69.172.55.4/24.
l Add the device whose MAC address is 000f-e201-0013 to the blacklist.
Figure 1-4 Network diagram for cluster management configuration
1) Configure the member device Switch A
# Enable NDP globally and for port GigabitEthernet 1/0/1.
<SwitchA> system-view
[SwitchA] ndp enable
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] ndp enable
[SwitchA-GigabitEthernet1/0/1] quit
# Enable NTDP globally and for port GigabitEthernet 1/0/1.
[SwitchA] ntdp enable
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] ntdp enable
[SwitchA-GigabitEthernet1/0/1] quit
# Enable the cluster function.
[SwitchA] cluster enable
2) Configure the member device Switch C
As the configurations of the member devices are the same, the configuration procedure of Switch C is omitted here.
3) Configure the management device Switch B
# Enable NDP globally and for ports GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3.
<SwitchB> system-view
[SwitchB] ndp enable
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] ndp enable
[SwitchB-GigabitEthernet1/0/2] quit
[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] ndp enable
[SwitchB-GigabitEthernet1/0/3] quit
# Configure the period for the receiving device to keep NDP packets as 200 seconds.
[SwitchB] ndp timer aging 200
# Configure the interval to send NDP packets as 70 seconds.
[SwitchB] ndp timer hello 70
# Enable NTDP globally and for ports GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3.
[SwitchB] ntdp enable
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] ntdp enable
[SwitchB-GigabitEthernet1/0/2] quit
[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] ntdp enable
[SwitchB-GigabitEthernet1/0/3] quit
# Configure the hop count to collect topology as 2.
[SwitchB] ntdp hop 2
# Configure the delay to forward topology-collection request packets on the first port as 150 ms.
[SwitchB] ntdp timer hop-delay 150
# Configure the delay to forward topology-collection request packets on the first port as 15 ms.
[SwitchB] ntdp timer port-delay 15
# Configure the interval to collect topology information as 3 minutes.
[SwitchB] ntdp timer 3
# Configure the management VLAN of the cluster as VLAN 10.
[SwitchB] vlan 10
[SwitchB-vlan10] quit
[SwitchB] management-vlan 10
# Configure ports GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 as Trunk ports and allow packets from the management VLAN to pass.
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-GigabitEthernet1/0/2] port trunk permit vlan 10
[SwitchB-GigabitEthernet1/0/2] quit
[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] port link-type trunk
[SwitchB-GigabitEthernet1/0/3] port trunk permit vlan 10
[SwitchB-GigabitEthernet1/0/3] quit
# Enable the cluster function.
[SwitchB] cluster enable
# Configure a private IP address range for the member devices, which is from 172.16.0.1 to 172.16.0.7.
[SwitchB] cluster
[SwitchB-cluster] ip-pool 172.16.0.1 255.255.255.248
# Configure the current device as the management device, and establish a cluster named abc.
[SwitchB-cluster] build abc
Restore topology from local flash file,for there is no base topology.
(Please confirm in 30 seconds, default No). (Y/N)
N
# Enable management VLAN auto-negotiation.
[abc_0.SwitchB-cluster] management-vlan synchronization enable
# Configure the holdtime of the member device information as 100 seconds.
[abc_0.SwitchB-cluster] holdtime 100
# Configure the interval to send handshake packets as 10 seconds.
[abc_0.SwitchB-cluster] timer 10
# Configure the FTP Server, TFTP Server, Log host and SNMP host for the cluster.
[abc_0.SwitchB-cluster] ftp-server 63.172.55.1
[abc_0.SwitchB-cluster] tftp-server 63.172.55.1
[abc_0.SwitchB-cluster] logging-host 69.172.55.4
[abc_0.SwitchB-cluster] snmp-host 69.172.55.4
# Add the device whose MAC address is 000f-e201-0013 to the blacklist.
[abc_0.SwitchB-cluster] black-list add-mac 000f-e201-0013
[abc_0.SwitchB-cluster] quit
# Add port GigabitEthernet 1/0/1 to VLAN 2, and configure the IP address of VLAN-interface 2.
[abc_0.SwitchB] vlan 2
[abc_0.SwitchB-vlan2] port gigabitethernet 1/0/1
[abc_0.SwitchB] quit
[abc_0.SwitchB] interface vlan-interface 2
[abc_0.SwitchB-Vlan-interface2] ip address 163.172.55.1 24
[abc_0.SwitchB-Vlan-interface2] quit
# Configure VLAN-interface 2 as the network management interface.
[abc_0.SwitchB] cluster
[abc_0.SwitchB-cluster] nm-interface vlan-interface 2
